Date: Tue, 12 Sep 2000 21:26:37 -0700 (PDT) From: brooks@one-eyed-alien.net To: FreeBSD-gnats-submit@freebsd.org Subject: bin/21245: [PATCH] wicontrol(8)'s WEP key support is buggy/non-standard Message-ID: <200009130426.e8D4QbQ01128@minya.>
next in thread | raw e-mail | index | archive | help
>Number: 21245
>Category: bin
>Synopsis: [PATCH] wicontrol(8)'s WEP key support is buggy/non-standard
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 12 21:40:02 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Brooks Davis
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
The Aerospace Corporation
>Environment:
FreeBSD minya 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Tue Sep 12 17:56:11 PDT 2000 root@minya:/usr/obj/usr/src/sys/MINYA i386
>Description:
wicontrol's WEP support has a number of minor bugs in it due to coding
errors and apparent misunderstandings of WEP. They include:
a) So called, 128-bit crypto uses 13 byte (104-bit) keys. Saying cards
support 40 and 128-bit crypto is a misnomer perpetuated by marketing
people. 40-bit crypto actually encrypts with 64-bit RC4 on each packet,
but the key is 40-bits long. 128-bit crypto encrypts packets with
128-bit RC4, but uses a 104-bit key so to compare apples to apples cards
really support 64/128 or 40/104. The manpage and the code have been
cleaned up to reflect that fact that keys come in 0, 5, and 13 byte
lengths and the code now enforces this just like the Windows interface
does for this an the Cisco Aironet cards.
b) You couldn't enter 13 byte keys via the hex format because they were
longer then 14 bytes in string format.
c) The output of the keys was unreable if they were non-printable.
Printable keys (as defined by isprint) are now printed in like
before, but non-printable keys are printed in hex.
>How-To-Repeat:
b) Try to set a key like 0x12345678901234567890123456.
wicontrol -i wi0 -k 0x12345678901234567890123456
c) Try to set and read back a hex key like 0x0123456789.
wicontrol -i wi0 -k 0x0123456789
wicontrol -i wi0
>Fix:
Apply this patch. It has been tested in infrastucture mode with a Cisco
Aironet 340 series Access Point and a Lucent Gold card.
Index: wicontrol.8
===================================================================
RCS file: /home/ncvs/src/usr.sbin/wicontrol/wicontrol.8,v
retrieving revision 1.15
diff -u -r1.15 wicontrol.8
--- wicontrol.8 2000/07/26 12:50:35 1.15
+++ wicontrol.8 2000/09/13 04:06:15
@@ -238,14 +238,10 @@
digits (i.e. "0x1234512345"). For
WaveLAN Turbo Silver cards, the key is restricted to 40 bits, hence
the key can be either a 5 character text string or 10 hex digits.
-For WaveLAN Turbo Gold cards, the key can be up to 128 bits,
-which means the key can be specified as either a 16 character text
-string or 32 hex digits.
-.Pp
-Note: currently, the field in the structure used to program the key
-into the NIC is only 14 bytes long, not 16.
-I'm not sure how this is
-supposed to allow 128 bits of key info for the gold cards.
+For WaveLAN Turbo Gold cards, the key can also be 104 bits,
+which means the key can be specified as either a 13 character text
+string or 26 hex digits in addition to the formats supported by the
+Silver cards.
.It Fl i Ar iface Fl T Ar 1|2|3|4
Specify which of the four WEP encryption keys will be used to
encrypt transmitted packets.
Index: wicontrol.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/wicontrol/wicontrol.c,v
retrieving revision 1.10
diff -u -r1.10 wicontrol.c
--- wicontrol.c 2000/06/18 23:45:17 1.10
+++ wicontrol.c 2000/09/13 04:01:01
@@ -49,6 +49,7 @@
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
+#include <ctype.h>
#include <errno.h>
#include <err.h>
@@ -282,6 +283,7 @@
char *key;
int idx;
{
+ int keylen;
struct wi_req wreq;
struct wi_ltv_keys *keys;
struct wi_key *k;
@@ -301,9 +303,17 @@
wi_getval(iface, &wreq);
keys = (struct wi_ltv_keys *)&wreq;
- if (strlen(key) > 14) {
- err(1, "encryption key must be no "
- "more than 14 characters long");
+ keylen = strlen(key);
+ if (key[0] == '0' && (key[1] == 'x' || key[1] == 'X')) {
+ if(keylen != 2 && keylen != 12 && keylen != 28) {
+ err(1, "encryption key must be 0, 10, or 26 "
+ "hex digits long");
+ }
+ } else {
+ if (keylen != 0 && keylen != 5 && keylen != 13) {
+ err(1, "encryption key must be 0, 5, or 13 "
+ "bytes long");
+ }
}
if (idx > 3)
@@ -323,6 +333,7 @@
struct wi_req *wreq;
{
int i, j;
+ int isprintable;
struct wi_key *k;
struct wi_ltv_keys *keys;
char *ptr;
@@ -332,12 +343,24 @@
for (i = 0; i < 4; i++) {
k = &keys->wi_keys[i];
ptr = (char *)k->wi_keydat;
+ isprintable = 1;
for (j = 0; j < k->wi_keylen; j++) {
- if (ptr[i] == '\0')
- ptr[i] = ' ';
+ if (!isprint(ptr[j])) {
+ isprintable = 0;
+ break;
+ }
+ }
+ if(isprintable) {
+ ptr[j] = '\0';
+ printf("[ %s ]", ptr);
+ } else {
+ printf("[ 0x");
+ for (j = 0; j < k->wi_keylen; j++) {
+ printf("%02x", ptr[j] & 0xFF);
+ }
+ printf(" ]");
+
}
- ptr[j] = '\0';
- printf("[ %s ]", ptr);
}
return;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009130426.e8D4QbQ01128>