Re: Making promisc mode work with WPA encryption?

[Maxim Levitsky <maximlevitsky@gmail.com>]

On Tue, 2009-04-07 at 19:17 +0300, Jouni Malinen wrote:
> On Tue, Apr 07, 2009 at 03:15:52AM +0300, Maxim Levitsky wrote:
> 
> > But I could arrange small program that listens to device in monitor or
> > maybe even just promisc mode, and records WPA handshakes. For every
> > handshake it could install the key in kernel driver, so it would use it
> > for decryption, and show the traffic on device in promisc mode. Is it
> > possible to do today? I guess not.
> 
> No, and I don't see why this should ever end up in the kernel.. It is
> better done in userspace for such a special case. The key configuration
> interface does not support configuring different keys based on the
> receiver address and most hardware acceleration designs would not
> support matching the key in this way, so the standard mechanism used for
> decrypting packets to the STA in normal case does not really suit this
> type of need.
> 
I mostly agree.
But then maybe its better not to show unencryped frames at all on
promisc interface?


> > All this program has to know is the PSK.
> > (I could even arrange WPA supplicant to do this job - it knows all keys
> > already)
> 
> Sure, you could figure out the PTK for each STA when using WPA-Personal
> (but not so for WPA-Enterprise/EAP), but that is only one part of the
> task. The problem comes from decrypting packets that were not designed
> to be decrypted (unicast frames to other STAs).
Exactly. this why I thought it would be nice if kernel could do that and
present a virtual promisc mode.
Userspace helper could do all the job figuring the keys, and kernel
would just use keys to decrypt the traffic.
I could even hack the wpa_supplicant on all systems that belong to my
network to exchange the keys.


Anyway, thanks,
	Best regards,
		Maxim Levitsky