Date: Sat, 25 Nov 2000 13:29:08 -0800 (PST) From: Doug Ambrisko <ambrisko@whistle.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/23097: Enhance WEP some more including ability to set transmit key Message-ID: <200011252129.NAA40273@whistle.com>
next in thread | raw e-mail | index | archive | help
>Number: 23097
>Category: bin
>Synopsis: Enhance WEP some more including ability to set transmit key
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 25 13:40:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Doug Ambrisko
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
Whistle
>Environment:
-current
>Description:
This smoothes out some issues with WEP, adds an example for setting it up
in the man page.
With thanks to Dave Cornejo <dave@dogwood.com> for his patches and
the method to set the transmit key.
This also includes Dave's patches to the headers since he has better info
(the documentation I have is incorrect with some definitions).
>How-To-Repeat:
>Fix:
Index: sys/dev/an/if_aironet_ieee.h
===================================================================
RCS file: /cvs/freebsd/src/sys/dev/an/if_aironet_ieee.h,v
retrieving revision 1.2
diff -c -r1.2 if_aironet_ieee.h
*** if_aironet_ieee.h 2000/11/13 23:04:12 1.2
--- if_aironet_ieee.h 2000/11/25 21:24:23
***************
*** 368,376 ****
#define AN_AUTHTYPE_NONE 0x0000
#define AN_AUTHTYPE_OPEN 0x0001
#define AN_AUTHTYPE_SHAREDKEY 0x0002
- #define AN_AUTHTYPE_EXCLUDE_UNENCRYPTED 0x0004
#define AN_AUTHTYPE_MASK 0x00ff
#define AN_AUTHTYPE_ENABLE 0x0100
#define AN_PSAVE_NONE 0x0000
#define AN_PSAVE_CAM 0x0001
--- 368,377 ----
#define AN_AUTHTYPE_NONE 0x0000
#define AN_AUTHTYPE_OPEN 0x0001
#define AN_AUTHTYPE_SHAREDKEY 0x0002
#define AN_AUTHTYPE_MASK 0x00ff
#define AN_AUTHTYPE_ENABLE 0x0100
+ #define AN_AUTHTYPE_PRIVACY_IN_USE 0x0100
+ #define AN_AUTHTYPE_ALLOW_UNENCRYPTED 0x0200
#define AN_PSAVE_NONE 0x0000
#define AN_PSAVE_CAM 0x0001
Index: sys/dev/an/if_anreg.h
===================================================================
RCS file: /cvs/freebsd/src/sys/dev/an/if_anreg.h,v
retrieving revision 1.3
diff -c -r1.3 if_anreg.h
*** if_anreg.h 2000/11/13 23:04:12 1.3
--- if_anreg.h 2000/11/25 21:24:23
***************
*** 320,326 ****
#define AN_AUTHTYPE_NONE 0x0000
#define AN_AUTHTYPE_OPEN 0x0001
#define AN_AUTHTYPE_SHAREDKEY 0x0002
! #define AN_AUTHTYPE_EXCLUDE_UNENCRYPTED 0x0004
#define AN_PSAVE_NONE 0x0000
#define AN_PSAVE_CAM 0x0001
--- 320,328 ----
#define AN_AUTHTYPE_NONE 0x0000
#define AN_AUTHTYPE_OPEN 0x0001
#define AN_AUTHTYPE_SHAREDKEY 0x0002
! #define AN_AUTHTYPE_PRIVACY_IN_USE 0x0100
! #define AN_AUTHTYPE_ALLOW_UNENCRYPTED 0x0200
!
#define AN_PSAVE_NONE 0x0000
#define AN_PSAVE_CAM 0x0001
Index: usr.sbin/ancontrol/ancontrol.8
===================================================================
RCS file: /cvs/freebsd/src/usr.sbin/ancontrol/ancontrol.8,v
retrieving revision 1.6
diff -c -r1.6 ancontrol.8
*** ancontrol.8 2000/11/13 23:04:16 1.6
--- ancontrol.8 2000/11/25 21:24:23
***************
*** 64,73 ****
.Op v Ar 0|1
.Fl d Ar 0|1|2|3
.Nm ancontrol
! .Fl i Ar iface Fl e Ar 0|1
.Nm ancontrol
.Fl i Ar iface
! .Op Fl v Ar 0|1
.Fl k Ar key
.Nm ancontrol
.Fl i Ar iface
--- 64,73 ----
.Op v Ar 0|1
.Fl d Ar 0|1|2|3
.Nm ancontrol
! .Fl i Ar iface Fl e Ar 0|1|2|4
.Nm ancontrol
.Fl i Ar iface
! .Op Fl v Ar 0|1|2|3|4|5|6|7
.Fl k Ar key
.Nm ancontrol
.Fl i Ar iface
***************
*** 245,260 ****
sets the receive diversity and
.Ar 1
sets the transmit diversity.
! .It Fl i Ar iface "[ -v 0|1 ]" Fl k Ar key
! Set the WEP key. For 40 bit prefix 10 hex character with 0x.
! For 128 bit prefix 26 hex character with 0x.
! Supports 4 keys, use even numbers are permanet and odd number
! are temporary keys for example "-v 1" sets the first temporary key.
! .It Fl i Ar iface Fl K Ar 0|1|2|4
Set authorization type. Use 0 for none, 1 for "Open",
! 2 for "Shared Key", 4 for "Exclude unencrypted".
! .It Fl i Ar iface Fl W Ar 0|1
! Enable WEP. Use 1 to enable, 0 for disable.
.It Fl i Ar iface Fl j Ar netjoin timeout
Set the ad-hoc network join timeout.
When a station is first activated
--- 245,263 ----
sets the receive diversity and
.Ar 1
sets the transmit diversity.
! .It Fl i Ar iface Fl e Ar 0|1|2|3
! Set the transmit key to use.
! .It Fl i Ar iface "[ -v 0|1|2|3|4|5|6|7 ]" Fl k Ar key
! Set the WEP key. For 40 bit prefix 10 hex character with 0x.
! For 128 bit prefix 26 hex character with 0x. Use "" as the key
! to erase the key. Supports 4 keys, use even numbers are permanent
! and odd number are temporary keys for example "-v 1" sets the first
! temporary key.
! .It Fl i Ar iface Fl K Ar 0|1|2
Set authorization type. Use 0 for none, 1 for "Open",
! 2 for "Shared Key".
! .It Fl i Ar iface Fl W Ar 0|1|2
! Enable WEP. Use 0 for no WEP, 1 to enable full WEP, 2 for mixed cell.
.It Fl i Ar iface Fl j Ar netjoin timeout
Set the ad-hoc network join timeout.
When a station is first activated
***************
*** 372,377 ****
--- 375,390 ----
The default is 2312.
.It Fl h
Prints a list of available options and sample usage.
+ .El
+ .Sh EXAMPLES
+ .Pp
+ .Dl ancontrol -i an0 -v 0 -k 0x12345678901234567890123456
+ .Dl ancontrol -i an0 -K 2
+ .Dl ancontrol -i an0 -W 1
+ .Dl ancontrol -i an0 -e 0
+ .Pp
+ Sets a WEP key 0, enables "Shared Key" authentication, enables full WEP
+ and uses transmit key 0.
.El
.Sh SEE ALSO
.Xr an 4 ,
Index: usr.sbin/ancontrol/ancontrol.c
===================================================================
RCS file: /cvs/freebsd/src/usr.sbin/ancontrol/ancontrol.c,v
retrieving revision 1.6
diff -c -r1.6 ancontrol.c
*** ancontrol.c 2000/11/13 23:04:16 1.6
--- ancontrol.c 2000/11/25 21:24:23
***************
*** 121,126 ****
--- 121,127 ----
#define ACT_ENABLE_WEP 33
#define ACT_SET_KEY_TYPE 34
#define ACT_SET_KEYS 35
+ #define ACT_ENABLE_TX_KEY 36
static void an_getval(iface, areq)
char *iface;
***************
*** 688,695 ****
printf("\nAuthentication timeout:\t\t\t");
an_printwords(&cfg->an_auth_timeout, 1);
printf("\nWEP enabled:\t\t\t\t[ ");
! if (cfg->an_authtype & AN_AUTHTYPE_ENABLE)
! printf("yes");
else
printf("no");
printf(" ]");
--- 689,701 ----
printf("\nAuthentication timeout:\t\t\t");
an_printwords(&cfg->an_auth_timeout, 1);
printf("\nWEP enabled:\t\t\t\t[ ");
! if (cfg->an_authtype & AN_AUTHTYPE_PRIVACY_IN_USE)
! {
! if (cfg->an_authtype & AN_AUTHTYPE_ALLOW_UNENCRYPTED)
! printf("mixed cell");
! else
! printf("full");
! }
else
printf("no");
printf(" ]");
***************
*** 700,707 ****
printf("open");
if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_SHAREDKEY)
printf("shared key");
- if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_EXCLUDE_UNENCRYPTED)
- printf("exclude unencrypted");
printf(" ]");
printf("\nAssociation timeout:\t\t\t");
an_printwords(&cfg->an_assoc_timeout, 1);
--- 706,711 ----
***************
*** 807,815 ****
fprintf(stderr, "\t%s -i iface -b val (set beacon period)\n", p);
fprintf(stderr, "\t%s -i iface [-v 0|1] -d val (set diversity)\n", p);
fprintf(stderr, "\t%s -i iface -j val (set netjoin timeout)\n", p);
fprintf(stderr, "\t%s -i iface [-v 0|1|2|3|4|5|6|7] -k key (set key)\n", p);
! fprintf(stderr, "\t%s -i iface -K 0|1|2|4 (set auth type 2=shared secret)\n", p);
! fprintf(stderr, "\t%s -i iface -W 0|1 (enable WEP)\n", p);
fprintf(stderr, "\t%s -i iface -l val (set station name)\n", p);
fprintf(stderr, "\t%s -i iface -m val (set MAC address)\n", p);
fprintf(stderr, "\t%s -i iface [-v 1|2|3] -n SSID "
--- 811,820 ----
fprintf(stderr, "\t%s -i iface -b val (set beacon period)\n", p);
fprintf(stderr, "\t%s -i iface [-v 0|1] -d val (set diversity)\n", p);
fprintf(stderr, "\t%s -i iface -j val (set netjoin timeout)\n", p);
+ fprintf(stderr, "\t%s -i iface -e 0|1|2|3 (enable transmit key)\n", p);
fprintf(stderr, "\t%s -i iface [-v 0|1|2|3|4|5|6|7] -k key (set key)\n", p);
! fprintf(stderr, "\t%s -i iface -K 0|1|2 (no auth/open/shared secret)\n", p);
! fprintf(stderr, "\t%s -i iface -W 0|1|2 (no WEP/full WEP/mixed cell)\n", p);
fprintf(stderr, "\t%s -i iface -l val (set station name)\n", p);
fprintf(stderr, "\t%s -i iface -m val (set MAC address)\n", p);
fprintf(stderr, "\t%s -i iface [-v 1|2|3] -n SSID "
***************
*** 934,941 ****
bcopy((char *)addr, (char *)&cfg->an_macaddr, ETHER_ADDR_LEN);
break;
case ACT_ENABLE_WEP:
! cfg->an_authtype = (cfg->an_authtype & AN_AUTHTYPE_MASK)
! | atoi(arg) * AN_AUTHTYPE_ENABLE;
break;
case ACT_SET_KEY_TYPE:
cfg->an_authtype = (cfg->an_authtype & ~AN_AUTHTYPE_MASK)
--- 939,961 ----
bcopy((char *)addr, (char *)&cfg->an_macaddr, ETHER_ADDR_LEN);
break;
case ACT_ENABLE_WEP:
! switch (atoi (arg)) {
! case 0:
! /* no WEP */
! cfg->an_authtype &= ~(AN_AUTHTYPE_PRIVACY_IN_USE
! | AN_AUTHTYPE_ALLOW_UNENCRYPTED);
! break;
! case 1:
! /* full WEP */
! cfg->an_authtype |= AN_AUTHTYPE_PRIVACY_IN_USE;
! cfg->an_authtype &= ~AN_AUTHTYPE_ALLOW_UNENCRYPTED;
! break;
! case 2:
! /* mixed cell */
! cfg->an_authtype = AN_AUTHTYPE_PRIVACY_IN_USE
! | AN_AUTHTYPE_ALLOW_UNENCRYPTED;
! break;
! }
break;
case ACT_SET_KEY_TYPE:
cfg->an_authtype = (cfg->an_authtype & ~AN_AUTHTYPE_MASK)
***************
*** 1232,1237 ****
--- 1252,1286 ----
return;
}
+ static void an_enable_tx_key(iface, arg)
+ char *iface;
+ char *arg;
+ {
+ struct an_req areq;
+ struct an_ltv_key *k;
+
+ bzero((char *)&areq, sizeof(areq));
+ k = (struct an_ltv_key *)&areq;
+
+ /* From a Cisco engineer write the transmit key to use in the
+ first MAC, index is FFFF*/
+ k->kindex=0xffff;
+ k->klen=0;
+
+ k->mac[0]=atoi(arg);
+ k->mac[1]=0;
+ k->mac[2]=0;
+ k->mac[3]=0;
+ k->mac[4]=0;
+ k->mac[5]=0;
+
+ areq.an_len = sizeof(struct an_ltv_key);
+ areq.an_type = AN_RID_WEP_PERM;
+ an_setval(iface, &areq);
+
+ return;
+ }
+
int main(argc, argv)
int argc;
char *argv[];
***************
*** 1257,1263 ****
opterr = 1;
while ((ch = getopt(argc, argv,
! "ANISCTht:a:o:s:n:v:d:j:b:c:r:p:w:m:l:k:K:W:QZ")) != -1) {
switch(ch) {
case 'Z':
#ifdef ANCACHE
--- 1306,1312 ----
opterr = 1;
while ((ch = getopt(argc, argv,
! "ANISCTht:a:e:o:s:n:v:d:j:b:c:r:p:w:m:l:k:K:W:QZ")) != -1) {
switch(ch) {
case 'Z':
#ifdef ANCACHE
***************
*** 1404,1409 ****
--- 1453,1462 ----
act = ACT_SET_KEYS;
key = optarg;
break;
+ case 'e':
+ act = ACT_ENABLE_TX_KEY;
+ arg = optarg;
+ break;
case 'q':
act = ACT_SET_RTS_RETRYLIM;
arg = optarg;
***************
*** 1469,1474 ****
--- 1522,1530 ----
#endif
case ACT_SET_KEYS:
an_setkeys(iface, key, modifier);
+ break;
+ case ACT_ENABLE_TX_KEY:
+ an_enable_tx_key(iface, arg);
break;
default:
an_setconfig(iface, act, arg);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011252129.NAA40273>