Date: Sat, 25 Nov 2000 13:29:08 -0800 (PST) From: Doug Ambrisko <ambrisko@whistle.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/23097: Enhance WEP some more including ability to set transmit key Message-ID: <200011252129.NAA40273@whistle.com>
next in thread | raw e-mail | index | archive | help
>Number: 23097 >Category: bin >Synopsis: Enhance WEP some more including ability to set transmit key >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Nov 25 13:40:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Doug Ambrisko >Release: FreeBSD 5.0-CURRENT i386 >Organization: Whistle >Environment: -current >Description: This smoothes out some issues with WEP, adds an example for setting it up in the man page. With thanks to Dave Cornejo <dave@dogwood.com> for his patches and the method to set the transmit key. This also includes Dave's patches to the headers since he has better info (the documentation I have is incorrect with some definitions). >How-To-Repeat: >Fix: Index: sys/dev/an/if_aironet_ieee.h =================================================================== RCS file: /cvs/freebsd/src/sys/dev/an/if_aironet_ieee.h,v retrieving revision 1.2 diff -c -r1.2 if_aironet_ieee.h *** if_aironet_ieee.h 2000/11/13 23:04:12 1.2 --- if_aironet_ieee.h 2000/11/25 21:24:23 *************** *** 368,376 **** #define AN_AUTHTYPE_NONE 0x0000 #define AN_AUTHTYPE_OPEN 0x0001 #define AN_AUTHTYPE_SHAREDKEY 0x0002 - #define AN_AUTHTYPE_EXCLUDE_UNENCRYPTED 0x0004 #define AN_AUTHTYPE_MASK 0x00ff #define AN_AUTHTYPE_ENABLE 0x0100 #define AN_PSAVE_NONE 0x0000 #define AN_PSAVE_CAM 0x0001 --- 368,377 ---- #define AN_AUTHTYPE_NONE 0x0000 #define AN_AUTHTYPE_OPEN 0x0001 #define AN_AUTHTYPE_SHAREDKEY 0x0002 #define AN_AUTHTYPE_MASK 0x00ff #define AN_AUTHTYPE_ENABLE 0x0100 + #define AN_AUTHTYPE_PRIVACY_IN_USE 0x0100 + #define AN_AUTHTYPE_ALLOW_UNENCRYPTED 0x0200 #define AN_PSAVE_NONE 0x0000 #define AN_PSAVE_CAM 0x0001 Index: sys/dev/an/if_anreg.h =================================================================== RCS file: /cvs/freebsd/src/sys/dev/an/if_anreg.h,v retrieving revision 1.3 diff -c -r1.3 if_anreg.h *** if_anreg.h 2000/11/13 23:04:12 1.3 --- if_anreg.h 2000/11/25 21:24:23 *************** *** 320,326 **** #define AN_AUTHTYPE_NONE 0x0000 #define AN_AUTHTYPE_OPEN 0x0001 #define AN_AUTHTYPE_SHAREDKEY 0x0002 ! #define AN_AUTHTYPE_EXCLUDE_UNENCRYPTED 0x0004 #define AN_PSAVE_NONE 0x0000 #define AN_PSAVE_CAM 0x0001 --- 320,328 ---- #define AN_AUTHTYPE_NONE 0x0000 #define AN_AUTHTYPE_OPEN 0x0001 #define AN_AUTHTYPE_SHAREDKEY 0x0002 ! #define AN_AUTHTYPE_PRIVACY_IN_USE 0x0100 ! #define AN_AUTHTYPE_ALLOW_UNENCRYPTED 0x0200 ! #define AN_PSAVE_NONE 0x0000 #define AN_PSAVE_CAM 0x0001 Index: usr.sbin/ancontrol/ancontrol.8 =================================================================== RCS file: /cvs/freebsd/src/usr.sbin/ancontrol/ancontrol.8,v retrieving revision 1.6 diff -c -r1.6 ancontrol.8 *** ancontrol.8 2000/11/13 23:04:16 1.6 --- ancontrol.8 2000/11/25 21:24:23 *************** *** 64,73 **** .Op v Ar 0|1 .Fl d Ar 0|1|2|3 .Nm ancontrol ! .Fl i Ar iface Fl e Ar 0|1 .Nm ancontrol .Fl i Ar iface ! .Op Fl v Ar 0|1 .Fl k Ar key .Nm ancontrol .Fl i Ar iface --- 64,73 ---- .Op v Ar 0|1 .Fl d Ar 0|1|2|3 .Nm ancontrol ! .Fl i Ar iface Fl e Ar 0|1|2|4 .Nm ancontrol .Fl i Ar iface ! .Op Fl v Ar 0|1|2|3|4|5|6|7 .Fl k Ar key .Nm ancontrol .Fl i Ar iface *************** *** 245,260 **** sets the receive diversity and .Ar 1 sets the transmit diversity. ! .It Fl i Ar iface "[ -v 0|1 ]" Fl k Ar key ! Set the WEP key. For 40 bit prefix 10 hex character with 0x. ! For 128 bit prefix 26 hex character with 0x. ! Supports 4 keys, use even numbers are permanet and odd number ! are temporary keys for example "-v 1" sets the first temporary key. ! .It Fl i Ar iface Fl K Ar 0|1|2|4 Set authorization type. Use 0 for none, 1 for "Open", ! 2 for "Shared Key", 4 for "Exclude unencrypted". ! .It Fl i Ar iface Fl W Ar 0|1 ! Enable WEP. Use 1 to enable, 0 for disable. .It Fl i Ar iface Fl j Ar netjoin timeout Set the ad-hoc network join timeout. When a station is first activated --- 245,263 ---- sets the receive diversity and .Ar 1 sets the transmit diversity. ! .It Fl i Ar iface Fl e Ar 0|1|2|3 ! Set the transmit key to use. ! .It Fl i Ar iface "[ -v 0|1|2|3|4|5|6|7 ]" Fl k Ar key ! Set the WEP key. For 40 bit prefix 10 hex character with 0x. ! For 128 bit prefix 26 hex character with 0x. Use "" as the key ! to erase the key. Supports 4 keys, use even numbers are permanent ! and odd number are temporary keys for example "-v 1" sets the first ! temporary key. ! .It Fl i Ar iface Fl K Ar 0|1|2 Set authorization type. Use 0 for none, 1 for "Open", ! 2 for "Shared Key". ! .It Fl i Ar iface Fl W Ar 0|1|2 ! Enable WEP. Use 0 for no WEP, 1 to enable full WEP, 2 for mixed cell. .It Fl i Ar iface Fl j Ar netjoin timeout Set the ad-hoc network join timeout. When a station is first activated *************** *** 372,377 **** --- 375,390 ---- The default is 2312. .It Fl h Prints a list of available options and sample usage. + .El + .Sh EXAMPLES + .Pp + .Dl ancontrol -i an0 -v 0 -k 0x12345678901234567890123456 + .Dl ancontrol -i an0 -K 2 + .Dl ancontrol -i an0 -W 1 + .Dl ancontrol -i an0 -e 0 + .Pp + Sets a WEP key 0, enables "Shared Key" authentication, enables full WEP + and uses transmit key 0. .El .Sh SEE ALSO .Xr an 4 , Index: usr.sbin/ancontrol/ancontrol.c =================================================================== RCS file: /cvs/freebsd/src/usr.sbin/ancontrol/ancontrol.c,v retrieving revision 1.6 diff -c -r1.6 ancontrol.c *** ancontrol.c 2000/11/13 23:04:16 1.6 --- ancontrol.c 2000/11/25 21:24:23 *************** *** 121,126 **** --- 121,127 ---- #define ACT_ENABLE_WEP 33 #define ACT_SET_KEY_TYPE 34 #define ACT_SET_KEYS 35 + #define ACT_ENABLE_TX_KEY 36 static void an_getval(iface, areq) char *iface; *************** *** 688,695 **** printf("\nAuthentication timeout:\t\t\t"); an_printwords(&cfg->an_auth_timeout, 1); printf("\nWEP enabled:\t\t\t\t[ "); ! if (cfg->an_authtype & AN_AUTHTYPE_ENABLE) ! printf("yes"); else printf("no"); printf(" ]"); --- 689,701 ---- printf("\nAuthentication timeout:\t\t\t"); an_printwords(&cfg->an_auth_timeout, 1); printf("\nWEP enabled:\t\t\t\t[ "); ! if (cfg->an_authtype & AN_AUTHTYPE_PRIVACY_IN_USE) ! { ! if (cfg->an_authtype & AN_AUTHTYPE_ALLOW_UNENCRYPTED) ! printf("mixed cell"); ! else ! printf("full"); ! } else printf("no"); printf(" ]"); *************** *** 700,707 **** printf("open"); if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_SHAREDKEY) printf("shared key"); - if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_EXCLUDE_UNENCRYPTED) - printf("exclude unencrypted"); printf(" ]"); printf("\nAssociation timeout:\t\t\t"); an_printwords(&cfg->an_assoc_timeout, 1); --- 706,711 ---- *************** *** 807,815 **** fprintf(stderr, "\t%s -i iface -b val (set beacon period)\n", p); fprintf(stderr, "\t%s -i iface [-v 0|1] -d val (set diversity)\n", p); fprintf(stderr, "\t%s -i iface -j val (set netjoin timeout)\n", p); fprintf(stderr, "\t%s -i iface [-v 0|1|2|3|4|5|6|7] -k key (set key)\n", p); ! fprintf(stderr, "\t%s -i iface -K 0|1|2|4 (set auth type 2=shared secret)\n", p); ! fprintf(stderr, "\t%s -i iface -W 0|1 (enable WEP)\n", p); fprintf(stderr, "\t%s -i iface -l val (set station name)\n", p); fprintf(stderr, "\t%s -i iface -m val (set MAC address)\n", p); fprintf(stderr, "\t%s -i iface [-v 1|2|3] -n SSID " --- 811,820 ---- fprintf(stderr, "\t%s -i iface -b val (set beacon period)\n", p); fprintf(stderr, "\t%s -i iface [-v 0|1] -d val (set diversity)\n", p); fprintf(stderr, "\t%s -i iface -j val (set netjoin timeout)\n", p); + fprintf(stderr, "\t%s -i iface -e 0|1|2|3 (enable transmit key)\n", p); fprintf(stderr, "\t%s -i iface [-v 0|1|2|3|4|5|6|7] -k key (set key)\n", p); ! fprintf(stderr, "\t%s -i iface -K 0|1|2 (no auth/open/shared secret)\n", p); ! fprintf(stderr, "\t%s -i iface -W 0|1|2 (no WEP/full WEP/mixed cell)\n", p); fprintf(stderr, "\t%s -i iface -l val (set station name)\n", p); fprintf(stderr, "\t%s -i iface -m val (set MAC address)\n", p); fprintf(stderr, "\t%s -i iface [-v 1|2|3] -n SSID " *************** *** 934,941 **** bcopy((char *)addr, (char *)&cfg->an_macaddr, ETHER_ADDR_LEN); break; case ACT_ENABLE_WEP: ! cfg->an_authtype = (cfg->an_authtype & AN_AUTHTYPE_MASK) ! | atoi(arg) * AN_AUTHTYPE_ENABLE; break; case ACT_SET_KEY_TYPE: cfg->an_authtype = (cfg->an_authtype & ~AN_AUTHTYPE_MASK) --- 939,961 ---- bcopy((char *)addr, (char *)&cfg->an_macaddr, ETHER_ADDR_LEN); break; case ACT_ENABLE_WEP: ! switch (atoi (arg)) { ! case 0: ! /* no WEP */ ! cfg->an_authtype &= ~(AN_AUTHTYPE_PRIVACY_IN_USE ! | AN_AUTHTYPE_ALLOW_UNENCRYPTED); ! break; ! case 1: ! /* full WEP */ ! cfg->an_authtype |= AN_AUTHTYPE_PRIVACY_IN_USE; ! cfg->an_authtype &= ~AN_AUTHTYPE_ALLOW_UNENCRYPTED; ! break; ! case 2: ! /* mixed cell */ ! cfg->an_authtype = AN_AUTHTYPE_PRIVACY_IN_USE ! | AN_AUTHTYPE_ALLOW_UNENCRYPTED; ! break; ! } break; case ACT_SET_KEY_TYPE: cfg->an_authtype = (cfg->an_authtype & ~AN_AUTHTYPE_MASK) *************** *** 1232,1237 **** --- 1252,1286 ---- return; } + static void an_enable_tx_key(iface, arg) + char *iface; + char *arg; + { + struct an_req areq; + struct an_ltv_key *k; + + bzero((char *)&areq, sizeof(areq)); + k = (struct an_ltv_key *)&areq; + + /* From a Cisco engineer write the transmit key to use in the + first MAC, index is FFFF*/ + k->kindex=0xffff; + k->klen=0; + + k->mac[0]=atoi(arg); + k->mac[1]=0; + k->mac[2]=0; + k->mac[3]=0; + k->mac[4]=0; + k->mac[5]=0; + + areq.an_len = sizeof(struct an_ltv_key); + areq.an_type = AN_RID_WEP_PERM; + an_setval(iface, &areq); + + return; + } + int main(argc, argv) int argc; char *argv[]; *************** *** 1257,1263 **** opterr = 1; while ((ch = getopt(argc, argv, ! "ANISCTht:a:o:s:n:v:d:j:b:c:r:p:w:m:l:k:K:W:QZ")) != -1) { switch(ch) { case 'Z': #ifdef ANCACHE --- 1306,1312 ---- opterr = 1; while ((ch = getopt(argc, argv, ! "ANISCTht:a:e:o:s:n:v:d:j:b:c:r:p:w:m:l:k:K:W:QZ")) != -1) { switch(ch) { case 'Z': #ifdef ANCACHE *************** *** 1404,1409 **** --- 1453,1462 ---- act = ACT_SET_KEYS; key = optarg; break; + case 'e': + act = ACT_ENABLE_TX_KEY; + arg = optarg; + break; case 'q': act = ACT_SET_RTS_RETRYLIM; arg = optarg; *************** *** 1469,1474 **** --- 1522,1530 ---- #endif case ACT_SET_KEYS: an_setkeys(iface, key, modifier); + break; + case ACT_ENABLE_TX_KEY: + an_enable_tx_key(iface, arg); break; default: an_setconfig(iface, act, arg); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011252129.NAA40273>