cf2a85db66
* fix(hardware): constant-time HMAC sync-beacon tag compare (ADR-157 §B4) AuthenticatedBeacon::verify compared the 8-byte HMAC-SHA256 tag with `self.hmac_tag == expected`, which short-circuits on the first differing byte and leaks, via verification latency, how many leading bytes a forged tag matched — a byte-by-byte tag-recovery oracle (~256·N trials vs 256^N). Replace with a hand-rolled branch-free `constant_time_tag_eq`: XOR-accumulate every byte difference into a single u8 with no early exit, compare to zero once. `#[inline(never)]` + `core::hint::black_box(diff)` resist the optimizer reintroducing a short-circuit or a non-constant-time memcmp; length mismatch returns false without inspecting contents. No new dependency — ADR-157 had deferred this only to avoid the `subtle` crate; a fixed 8-byte compare needs none. Test (hard gate): tag_compare_is_constant_time_shape — equal / first-differ / last-differ / all-differ / length-mismatch + end-to-end verify() last-byte tamper. Proven to fail on a last-byte-skipping constant-time bug. A coarse timing smoke check (tag_compare_timing_invariance_smoke) is #[ignore]d to avoid CI flakiness. Grade MEASURED (constant-time construction). ADR-157 §8 §B4 → RESOLVED. wifi-densepose-hardware: 164 passed / 0 failed. Co-Authored-By: claude-flow <ruv@ruv.net> * feat(wifiscan): MEASURE native wlanapi.dll vs netsh throughput (ADR-157 §5 #4) ADR-157 §5 #4 recorded the native wlanapi.dll multi-BSSID fast path as "asserted but NOT implemented; live scanner is the ~2 Hz netsh shim". Audit finding: that status is stale — wlanapi_native::scan_native already implements the real WlanOpenHandle → WlanEnumInterfaces → WlanGetNetworkBssList → WlanFreeMemory/WlanCloseHandle FFI (handle cleanup on all exits, length-bounded buffer walks, #[cfg(windows)] with typed Unsupported off-Windows), and WlanApiScanner::scan_instrumented already wires it native-first with a netsh fallback. The missing piece was an honest MEASUREMENT. Add benchmark_backend(backend, window): drives one specific backend over a fixed wall-clock window so netsh is timed independently (the existing benchmark() picks native-first and so never measures netsh on a box where native works). Returns None for an unavailable native path (honest negative, not a fabricated number). MEASURED on this box (Intel Wi-Fi 7 BE201 320MHz, 2026-06-13), 10 s window: native 21.42 Hz vs netsh 3.84 Hz = 5.57× (mean 5.0 BSSIDs/scan each). native-only run: 18.0 Hz. 50/50 back-to-back native scans, no handle leak. A real positive result — NOT a fabricated 10×. Achieved 21.4 Hz is in the asserted >2 Hz regime, below the asserted 10–20 Hz upper bound. Tests (live-WLAN, #[ignore] for CI, RUN here): measure_native_vs_netsh_throughput, native_scans_dont_leak_handles, measure_native_scan_rate. Non-ignored pin native_scan_runs_real_ffi_on_windows (pre-existing) stays green. wifi-densepose-wifiscan: 94 passed / 0 failed. ADR-157 §5 #4 + §8 → MEASURED (was ACCEPTED-FUTURE / CLAIMED-unmeasured). Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|---|---|---|
| .. | ||
| benches | ||
| src | ||
| tests | ||
| Cargo.toml | ||
| README.md | ||
README.md
wifi-densepose-hardware
Hardware interface abstractions for WiFi CSI sensors (ESP32, Intel 5300, Atheros).
Overview
wifi-densepose-hardware provides platform-agnostic parsers for WiFi CSI data from multiple
hardware sources. All parsing operates on byte buffers with no C FFI or hardware dependencies at
compile time, making the crate fully portable and deterministic -- the same bytes in always produce
the same parsed output.
Features
- ESP32 binary parser -- Parses ADR-018 binary CSI frames streamed over UDP from ESP32 and ESP32-S3 devices.
- UDP aggregator -- Receives and aggregates CSI frames from multiple ESP32 nodes (ADR-018 Layer 2). Provided as a standalone binary.
- Bridge -- Converts hardware
CsiFrameinto theCsiDataformat expected by the detection pipeline (ADR-018 Layer 3). - No mock data -- Parsers either parse real bytes or return explicit
ParseErrorvalues. There are no synthetic fallbacks. - Pure byte-buffer parsing -- No FFI to ESP-IDF or kernel modules. Safe to compile and test on any platform.
Feature flags
| Flag | Default | Description |
|---|---|---|
std |
yes | Standard library support |
esp32 |
no | ESP32 serial CSI frame parsing |
intel5300 |
no | Intel 5300 CSI Tool log parsing |
linux-wifi |
no | Linux WiFi interface for commodity sensing |
Quick Start
use wifi_densepose_hardware::{CsiFrame, Esp32CsiParser, ParseError};
// Parse ESP32 CSI data from raw UDP bytes
let raw_bytes: &[u8] = &[/* ADR-018 binary frame */];
match Esp32CsiParser::parse_frame(raw_bytes) {
Ok((frame, consumed)) => {
println!("Parsed {} subcarriers ({} bytes)",
frame.subcarrier_count(), consumed);
let (amplitudes, phases) = frame.to_amplitude_phase();
// Feed into detection pipeline...
}
Err(ParseError::InsufficientData { needed, got }) => {
eprintln!("Need {} bytes, got {}", needed, got);
}
Err(e) => eprintln!("Parse error: {}", e),
}
Architecture
wifi-densepose-hardware/src/
lib.rs -- Re-exports: CsiFrame, Esp32CsiParser, ParseError, CsiData
csi_frame.rs -- CsiFrame, CsiMetadata, SubcarrierData, Bandwidth, AntennaConfig
esp32_parser.rs -- Esp32CsiParser (ADR-018 binary protocol)
error.rs -- ParseError
bridge.rs -- CsiData bridge to detection pipeline
aggregator/ -- UDP multi-node frame aggregator (binary)
Related Crates
| Crate | Role |
|---|---|
wifi-densepose-core |
Foundation types (CsiFrame definitions) |
wifi-densepose-signal |
Consumes parsed CSI data for processing |
wifi-densepose-mat |
Uses hardware adapters for disaster detection |
wifi-densepose-vitals |
Vital sign extraction from parsed frames |
License
MIT OR Apache-2.0