From owner-freebsd-bugs Sat Nov 25 13:40:20 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 6DA3337B4E5 for ; Sat, 25 Nov 2000 13:40:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id NAA66107; Sat, 25 Nov 2000 13:40:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from alpo.whistle.com (s206m1.whistle.com [207.76.206.1]) by hub.freebsd.org (Postfix) with ESMTP id 01A1137B4CF for ; Sat, 25 Nov 2000 13:35:03 -0800 (PST) Received: from whistle.com (crab.whistle.com [207.76.205.112]) by alpo.whistle.com (8.9.1a/8.9.1) with ESMTP id NAA84031 for ; Sat, 25 Nov 2000 13:34:57 -0800 (PST) Received: (from ambrisko@localhost) by whistle.com (8.9.3/8.9.1) id NAA40273; Sat, 25 Nov 2000 13:29:08 -0800 (PST) (envelope-from ambrisko) Message-Id: <200011252129.NAA40273@whistle.com> Date: Sat, 25 Nov 2000 13:29:08 -0800 (PST) From: Doug Ambrisko Reply-To: ambrisko@whistle.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/23097: Enhance WEP some more including ability to set transmit key Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 23097 >Category: bin >Synopsis: Enhance WEP some more including ability to set transmit key >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Nov 25 13:40:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Doug Ambrisko >Release: FreeBSD 5.0-CURRENT i386 >Organization: Whistle >Environment: -current >Description: This smoothes out some issues with WEP, adds an example for setting it up in the man page. With thanks to Dave Cornejo for his patches and the method to set the transmit key. This also includes Dave's patches to the headers since he has better info (the documentation I have is incorrect with some definitions). >How-To-Repeat: >Fix: Index: sys/dev/an/if_aironet_ieee.h =================================================================== RCS file: /cvs/freebsd/src/sys/dev/an/if_aironet_ieee.h,v retrieving revision 1.2 diff -c -r1.2 if_aironet_ieee.h *** if_aironet_ieee.h 2000/11/13 23:04:12 1.2 --- if_aironet_ieee.h 2000/11/25 21:24:23 *************** *** 368,376 **** #define AN_AUTHTYPE_NONE 0x0000 #define AN_AUTHTYPE_OPEN 0x0001 #define AN_AUTHTYPE_SHAREDKEY 0x0002 - #define AN_AUTHTYPE_EXCLUDE_UNENCRYPTED 0x0004 #define AN_AUTHTYPE_MASK 0x00ff #define AN_AUTHTYPE_ENABLE 0x0100 #define AN_PSAVE_NONE 0x0000 #define AN_PSAVE_CAM 0x0001 --- 368,377 ---- #define AN_AUTHTYPE_NONE 0x0000 #define AN_AUTHTYPE_OPEN 0x0001 #define AN_AUTHTYPE_SHAREDKEY 0x0002 #define AN_AUTHTYPE_MASK 0x00ff #define AN_AUTHTYPE_ENABLE 0x0100 + #define AN_AUTHTYPE_PRIVACY_IN_USE 0x0100 + #define AN_AUTHTYPE_ALLOW_UNENCRYPTED 0x0200 #define AN_PSAVE_NONE 0x0000 #define AN_PSAVE_CAM 0x0001 Index: sys/dev/an/if_anreg.h =================================================================== RCS file: /cvs/freebsd/src/sys/dev/an/if_anreg.h,v retrieving revision 1.3 diff -c -r1.3 if_anreg.h *** if_anreg.h 2000/11/13 23:04:12 1.3 --- if_anreg.h 2000/11/25 21:24:23 *************** *** 320,326 **** #define AN_AUTHTYPE_NONE 0x0000 #define AN_AUTHTYPE_OPEN 0x0001 #define AN_AUTHTYPE_SHAREDKEY 0x0002 ! #define AN_AUTHTYPE_EXCLUDE_UNENCRYPTED 0x0004 #define AN_PSAVE_NONE 0x0000 #define AN_PSAVE_CAM 0x0001 --- 320,328 ---- #define AN_AUTHTYPE_NONE 0x0000 #define AN_AUTHTYPE_OPEN 0x0001 #define AN_AUTHTYPE_SHAREDKEY 0x0002 ! #define AN_AUTHTYPE_PRIVACY_IN_USE 0x0100 ! #define AN_AUTHTYPE_ALLOW_UNENCRYPTED 0x0200 ! #define AN_PSAVE_NONE 0x0000 #define AN_PSAVE_CAM 0x0001 Index: usr.sbin/ancontrol/ancontrol.8 =================================================================== RCS file: /cvs/freebsd/src/usr.sbin/ancontrol/ancontrol.8,v retrieving revision 1.6 diff -c -r1.6 ancontrol.8 *** ancontrol.8 2000/11/13 23:04:16 1.6 --- ancontrol.8 2000/11/25 21:24:23 *************** *** 64,73 **** .Op v Ar 0|1 .Fl d Ar 0|1|2|3 .Nm ancontrol ! .Fl i Ar iface Fl e Ar 0|1 .Nm ancontrol .Fl i Ar iface ! .Op Fl v Ar 0|1 .Fl k Ar key .Nm ancontrol .Fl i Ar iface --- 64,73 ---- .Op v Ar 0|1 .Fl d Ar 0|1|2|3 .Nm ancontrol ! .Fl i Ar iface Fl e Ar 0|1|2|4 .Nm ancontrol .Fl i Ar iface ! .Op Fl v Ar 0|1|2|3|4|5|6|7 .Fl k Ar key .Nm ancontrol .Fl i Ar iface *************** *** 245,260 **** sets the receive diversity and .Ar 1 sets the transmit diversity. ! .It Fl i Ar iface "[ -v 0|1 ]" Fl k Ar key ! Set the WEP key. For 40 bit prefix 10 hex character with 0x. ! For 128 bit prefix 26 hex character with 0x. ! Supports 4 keys, use even numbers are permanet and odd number ! are temporary keys for example "-v 1" sets the first temporary key. ! .It Fl i Ar iface Fl K Ar 0|1|2|4 Set authorization type. Use 0 for none, 1 for "Open", ! 2 for "Shared Key", 4 for "Exclude unencrypted". ! .It Fl i Ar iface Fl W Ar 0|1 ! Enable WEP. Use 1 to enable, 0 for disable. .It Fl i Ar iface Fl j Ar netjoin timeout Set the ad-hoc network join timeout. When a station is first activated --- 245,263 ---- sets the receive diversity and .Ar 1 sets the transmit diversity. ! .It Fl i Ar iface Fl e Ar 0|1|2|3 ! Set the transmit key to use. ! .It Fl i Ar iface "[ -v 0|1|2|3|4|5|6|7 ]" Fl k Ar key ! Set the WEP key. For 40 bit prefix 10 hex character with 0x. ! For 128 bit prefix 26 hex character with 0x. Use "" as the key ! to erase the key. Supports 4 keys, use even numbers are permanent ! and odd number are temporary keys for example "-v 1" sets the first ! temporary key. ! .It Fl i Ar iface Fl K Ar 0|1|2 Set authorization type. Use 0 for none, 1 for "Open", ! 2 for "Shared Key". ! .It Fl i Ar iface Fl W Ar 0|1|2 ! Enable WEP. Use 0 for no WEP, 1 to enable full WEP, 2 for mixed cell. .It Fl i Ar iface Fl j Ar netjoin timeout Set the ad-hoc network join timeout. When a station is first activated *************** *** 372,377 **** --- 375,390 ---- The default is 2312. .It Fl h Prints a list of available options and sample usage. + .El + .Sh EXAMPLES + .Pp + .Dl ancontrol -i an0 -v 0 -k 0x12345678901234567890123456 + .Dl ancontrol -i an0 -K 2 + .Dl ancontrol -i an0 -W 1 + .Dl ancontrol -i an0 -e 0 + .Pp + Sets a WEP key 0, enables "Shared Key" authentication, enables full WEP + and uses transmit key 0. .El .Sh SEE ALSO .Xr an 4 , Index: usr.sbin/ancontrol/ancontrol.c =================================================================== RCS file: /cvs/freebsd/src/usr.sbin/ancontrol/ancontrol.c,v retrieving revision 1.6 diff -c -r1.6 ancontrol.c *** ancontrol.c 2000/11/13 23:04:16 1.6 --- ancontrol.c 2000/11/25 21:24:23 *************** *** 121,126 **** --- 121,127 ---- #define ACT_ENABLE_WEP 33 #define ACT_SET_KEY_TYPE 34 #define ACT_SET_KEYS 35 + #define ACT_ENABLE_TX_KEY 36 static void an_getval(iface, areq) char *iface; *************** *** 688,695 **** printf("\nAuthentication timeout:\t\t\t"); an_printwords(&cfg->an_auth_timeout, 1); printf("\nWEP enabled:\t\t\t\t[ "); ! if (cfg->an_authtype & AN_AUTHTYPE_ENABLE) ! printf("yes"); else printf("no"); printf(" ]"); --- 689,701 ---- printf("\nAuthentication timeout:\t\t\t"); an_printwords(&cfg->an_auth_timeout, 1); printf("\nWEP enabled:\t\t\t\t[ "); ! if (cfg->an_authtype & AN_AUTHTYPE_PRIVACY_IN_USE) ! { ! if (cfg->an_authtype & AN_AUTHTYPE_ALLOW_UNENCRYPTED) ! printf("mixed cell"); ! else ! printf("full"); ! } else printf("no"); printf(" ]"); *************** *** 700,707 **** printf("open"); if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_SHAREDKEY) printf("shared key"); - if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_EXCLUDE_UNENCRYPTED) - printf("exclude unencrypted"); printf(" ]"); printf("\nAssociation timeout:\t\t\t"); an_printwords(&cfg->an_assoc_timeout, 1); --- 706,711 ---- *************** *** 807,815 **** fprintf(stderr, "\t%s -i iface -b val (set beacon period)\n", p); fprintf(stderr, "\t%s -i iface [-v 0|1] -d val (set diversity)\n", p); fprintf(stderr, "\t%s -i iface -j val (set netjoin timeout)\n", p); fprintf(stderr, "\t%s -i iface [-v 0|1|2|3|4|5|6|7] -k key (set key)\n", p); ! fprintf(stderr, "\t%s -i iface -K 0|1|2|4 (set auth type 2=shared secret)\n", p); ! fprintf(stderr, "\t%s -i iface -W 0|1 (enable WEP)\n", p); fprintf(stderr, "\t%s -i iface -l val (set station name)\n", p); fprintf(stderr, "\t%s -i iface -m val (set MAC address)\n", p); fprintf(stderr, "\t%s -i iface [-v 1|2|3] -n SSID " --- 811,820 ---- fprintf(stderr, "\t%s -i iface -b val (set beacon period)\n", p); fprintf(stderr, "\t%s -i iface [-v 0|1] -d val (set diversity)\n", p); fprintf(stderr, "\t%s -i iface -j val (set netjoin timeout)\n", p); + fprintf(stderr, "\t%s -i iface -e 0|1|2|3 (enable transmit key)\n", p); fprintf(stderr, "\t%s -i iface [-v 0|1|2|3|4|5|6|7] -k key (set key)\n", p); ! fprintf(stderr, "\t%s -i iface -K 0|1|2 (no auth/open/shared secret)\n", p); ! fprintf(stderr, "\t%s -i iface -W 0|1|2 (no WEP/full WEP/mixed cell)\n", p); fprintf(stderr, "\t%s -i iface -l val (set station name)\n", p); fprintf(stderr, "\t%s -i iface -m val (set MAC address)\n", p); fprintf(stderr, "\t%s -i iface [-v 1|2|3] -n SSID " *************** *** 934,941 **** bcopy((char *)addr, (char *)&cfg->an_macaddr, ETHER_ADDR_LEN); break; case ACT_ENABLE_WEP: ! cfg->an_authtype = (cfg->an_authtype & AN_AUTHTYPE_MASK) ! | atoi(arg) * AN_AUTHTYPE_ENABLE; break; case ACT_SET_KEY_TYPE: cfg->an_authtype = (cfg->an_authtype & ~AN_AUTHTYPE_MASK) --- 939,961 ---- bcopy((char *)addr, (char *)&cfg->an_macaddr, ETHER_ADDR_LEN); break; case ACT_ENABLE_WEP: ! switch (atoi (arg)) { ! case 0: ! /* no WEP */ ! cfg->an_authtype &= ~(AN_AUTHTYPE_PRIVACY_IN_USE ! | AN_AUTHTYPE_ALLOW_UNENCRYPTED); ! break; ! case 1: ! /* full WEP */ ! cfg->an_authtype |= AN_AUTHTYPE_PRIVACY_IN_USE; ! cfg->an_authtype &= ~AN_AUTHTYPE_ALLOW_UNENCRYPTED; ! break; ! case 2: ! /* mixed cell */ ! cfg->an_authtype = AN_AUTHTYPE_PRIVACY_IN_USE ! | AN_AUTHTYPE_ALLOW_UNENCRYPTED; ! break; ! } break; case ACT_SET_KEY_TYPE: cfg->an_authtype = (cfg->an_authtype & ~AN_AUTHTYPE_MASK) *************** *** 1232,1237 **** --- 1252,1286 ---- return; } + static void an_enable_tx_key(iface, arg) + char *iface; + char *arg; + { + struct an_req areq; + struct an_ltv_key *k; + + bzero((char *)&areq, sizeof(areq)); + k = (struct an_ltv_key *)&areq; + + /* From a Cisco engineer write the transmit key to use in the + first MAC, index is FFFF*/ + k->kindex=0xffff; + k->klen=0; + + k->mac[0]=atoi(arg); + k->mac[1]=0; + k->mac[2]=0; + k->mac[3]=0; + k->mac[4]=0; + k->mac[5]=0; + + areq.an_len = sizeof(struct an_ltv_key); + areq.an_type = AN_RID_WEP_PERM; + an_setval(iface, &areq); + + return; + } + int main(argc, argv) int argc; char *argv[]; *************** *** 1257,1263 **** opterr = 1; while ((ch = getopt(argc, argv, ! "ANISCTht:a:o:s:n:v:d:j:b:c:r:p:w:m:l:k:K:W:QZ")) != -1) { switch(ch) { case 'Z': #ifdef ANCACHE --- 1306,1312 ---- opterr = 1; while ((ch = getopt(argc, argv, ! "ANISCTht:a:e:o:s:n:v:d:j:b:c:r:p:w:m:l:k:K:W:QZ")) != -1) { switch(ch) { case 'Z': #ifdef ANCACHE *************** *** 1404,1409 **** --- 1453,1462 ---- act = ACT_SET_KEYS; key = optarg; break; + case 'e': + act = ACT_ENABLE_TX_KEY; + arg = optarg; + break; case 'q': act = ACT_SET_RTS_RETRYLIM; arg = optarg; *************** *** 1469,1474 **** --- 1522,1530 ---- #endif case ACT_SET_KEYS: an_setkeys(iface, key, modifier); + break; + case ACT_ENABLE_TX_KEY: + an_enable_tx_key(iface, arg); break; default: an_setconfig(iface, act, arg); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message