2014年6月2日 星期一

Verify private-public key pair

Compare an MD5 hash of the modulus using these commands:
Certificate: openssl x509 -noout -modulus -in server.crt | openssl md5
Private Key: openssl rsa -noout -modulus -in server.key | openssl md5
CSR: openssl req -noout -modulus -in server.csr | openssl md5
If the hashes match, then those two files go together.

reference link:
http://stackoverflow.com/questions/274560/how-do-you-test-a-public-private-keypair

2014年5月20日 星期二

openssl encryption/decryption application

Say, we have one certificate key and one private key in hand, test.pem and test.key respectively.

[encrypt a file using private key]
openssl rsautl -encrypt -inkey /tmp/test.key -in /tmp/file.txt -out /tmp/file.ssl

[encrypt a file using certificate]
openssl rsautl -encrypt -certin -inkey /tmp/test.pem -in /tmp/file.txt -out /tmp/file.ssl

[decrypt a encrypted file using private key]
openssl rsautl -decrypt -inkey /tmp/test.key -in /tmp/file.ssl -out /tmp/file.ori

[encrypt a file using password]
openssl enc -aes-256-cbc -salt -pass pass:edison -in test.key -out test.key.enc
or
openssl rsa -in test.key -des -passout pass:edison -out test.key.enc

[decrypt a encrypted file using password]
openssl enc -aes-256-cbc -d -pass pass:edison -in test.key.enc -out test.key.ori
or
openssl rsa -in test.key.enc -passin pass:edison -out test.key.dec

2014年5月19日 星期一

Wi-Fi extender can not get DHCP IP issue

This issue happened while doing a Atheros Wi-Fi extender project. It looks like a layer 2 issue and QCM FAE also indicates that we need to implement a NAT-like table but for layer 2 to trick the AP that these are packets from one of its clients instead of a remote device. But we captured packets from TL-WR710N using omnipeak and found that there's no NAT trick done by it and the only difference is that whatever packets forwarded by it for DHCP packets are set with broadcast flag in bootp data. The flag is set from 0 to 0x8000. But doing the same modification in our QCM product does not make things better. It even affects the original working DHCP behavior in our QCM product itself. After setting the bootp broadcast, even the QCM product itself can not get IP offer.
Guess what ? The direction is correct, and the solution is right, but lacks of something vital... Yes, a wrong UDP checksum ! Whatever you made a change to a payload, be sure to check the payload correctness using tools like Wireshark or Ethereal. Omnipeak won't do the trick for you though. Using csum_tcpudp_magic() and csum_partial() to recalculate the checksum and stuff it back to the UDP checksum. Bang ! Everything works !

2014年5月7日 星期三

Atheros wlan module note

- set athx mac address
ath_vap_create(), if_ath.c

- send packets out of vap sta to home ap
ieee80211_send_setup(), ieee80211_mgmt.c

- send packets out between vaps(vap ap->sta)
ieee80211_ibss2ap_header() in ieee80211_encap_80211(), ieee80211_output.c

- receive packets for both vap ap and sta
ieee80211_aponly.c

2014年2月20日 星期四

Porting QCA953x to official openwrt source tree (kamikaze)

Steps:
1. Create qca953x folder under target/linux/. Use existing atheros folder as the example.
2. Do the patch between original 2.6.31 and the version Vendor provided. Put the patch file under target/linux/qca953x/patches.
3. List out missing folders and files and put them under target/linux/qca953x/files accordingly.
4. Copy over the .config file in the vendor kernel to target/linux/qca953x/config-default
5. include/target.mk
    Take out "+" in the kconfig.pl command
6. Because 2.6.31 does not have asm-mips at its usual path, additional CFLAGS path amendment is needed. The desired header files are located at arch/mips/include/asm.
    - package/bridge-utils/002-brctl_cflags.patch and 001-libbridge_cflags.patch (CFLAGS)
       Add $(KERNEL_HEADERS)/arch/mips/include
    - rule.mk (TARGET_CFLAGS)
      Add -I$(BUILD_DIR_BASE)/linux-$(BOARD)/linux-$(LINUX_VERSION)/arch/mips/include -I$(BUILD_DIR_TOOLCHAIN)/linux/arch/mips/include
    - Add "mknod ttyS0 c 4 64" in package/base-files/etc/preinit if using ttyS0 as the console device node.

Note:
If ever want to...
1. Add gcc ? Check out toolchain/gcc/Config.version and Config.in
2. Avoid root exclusion ? Check out include/prereq-build.mk

2014年1月15日 星期三

Enable ping response in Win7

Control Panel --> System and security --> Windows Firewall --> Advanced settings --> Inbound rules --> New rule --> custom rule

in Protocol and ports: Protocol: ICMPv4 
on the same panel go to customize, choose "Specific ICMP types", check the box "echo request"

Reference link
http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/how-to-enable-ping-response-in-windows-7/5aff5f8d-f138-4c9a-8646-5b3a99f1cae6