From owner-freebsd-bugs Tue Sep 12 21:40:14 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A0EBC37B43C for ; Tue, 12 Sep 2000 21:40:02 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id VAA19294; Tue, 12 Sep 2000 21:40:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from minya.sea.one-eyed-alien.net (sense-brooks-236.oz.net [216.39.168.236]) by hub.freebsd.org (Postfix) with ESMTP id 85D5E37B42C for ; Tue, 12 Sep 2000 21:38:02 -0700 (PDT) Received: (from brooks@localhost) by minya. (8.11.0/8.11.0) id e8D4QbQ01128; Tue, 12 Sep 2000 21:26:37 -0700 (PDT) (envelope-from brooks) Message-Id: <200009130426.e8D4QbQ01128@minya.> Date: Tue, 12 Sep 2000 21:26:37 -0700 (PDT) From: brooks@one-eyed-alien.net Reply-To: brooks@one-eyed-alien.net To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/21245: [PATCH] wicontrol(8)'s WEP key support is buggy/non-standard Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 21245 >Category: bin >Synopsis: [PATCH] wicontrol(8)'s WEP key support is buggy/non-standard >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 12 21:40:02 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Brooks Davis >Release: FreeBSD 5.0-CURRENT i386 >Organization: The Aerospace Corporation >Environment: FreeBSD minya 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Tue Sep 12 17:56:11 PDT 2000 root@minya:/usr/obj/usr/src/sys/MINYA i386 >Description: wicontrol's WEP support has a number of minor bugs in it due to coding errors and apparent misunderstandings of WEP. They include: a) So called, 128-bit crypto uses 13 byte (104-bit) keys. Saying cards support 40 and 128-bit crypto is a misnomer perpetuated by marketing people. 40-bit crypto actually encrypts with 64-bit RC4 on each packet, but the key is 40-bits long. 128-bit crypto encrypts packets with 128-bit RC4, but uses a 104-bit key so to compare apples to apples cards really support 64/128 or 40/104. The manpage and the code have been cleaned up to reflect that fact that keys come in 0, 5, and 13 byte lengths and the code now enforces this just like the Windows interface does for this an the Cisco Aironet cards. b) You couldn't enter 13 byte keys via the hex format because they were longer then 14 bytes in string format. c) The output of the keys was unreable if they were non-printable. Printable keys (as defined by isprint) are now printed in like before, but non-printable keys are printed in hex. >How-To-Repeat: b) Try to set a key like 0x12345678901234567890123456. wicontrol -i wi0 -k 0x12345678901234567890123456 c) Try to set and read back a hex key like 0x0123456789. wicontrol -i wi0 -k 0x0123456789 wicontrol -i wi0 >Fix: Apply this patch. It has been tested in infrastucture mode with a Cisco Aironet 340 series Access Point and a Lucent Gold card. Index: wicontrol.8 =================================================================== RCS file: /home/ncvs/src/usr.sbin/wicontrol/wicontrol.8,v retrieving revision 1.15 diff -u -r1.15 wicontrol.8 --- wicontrol.8 2000/07/26 12:50:35 1.15 +++ wicontrol.8 2000/09/13 04:06:15 @@ -238,14 +238,10 @@ digits (i.e. "0x1234512345"). For WaveLAN Turbo Silver cards, the key is restricted to 40 bits, hence the key can be either a 5 character text string or 10 hex digits. -For WaveLAN Turbo Gold cards, the key can be up to 128 bits, -which means the key can be specified as either a 16 character text -string or 32 hex digits. -.Pp -Note: currently, the field in the structure used to program the key -into the NIC is only 14 bytes long, not 16. -I'm not sure how this is -supposed to allow 128 bits of key info for the gold cards. +For WaveLAN Turbo Gold cards, the key can also be 104 bits, +which means the key can be specified as either a 13 character text +string or 26 hex digits in addition to the formats supported by the +Silver cards. .It Fl i Ar iface Fl T Ar 1|2|3|4 Specify which of the four WEP encryption keys will be used to encrypt transmitted packets. Index: wicontrol.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/wicontrol/wicontrol.c,v retrieving revision 1.10 diff -u -r1.10 wicontrol.c --- wicontrol.c 2000/06/18 23:45:17 1.10 +++ wicontrol.c 2000/09/13 04:01:01 @@ -49,6 +49,7 @@ #include #include #include +#include #include #include @@ -282,6 +283,7 @@ char *key; int idx; { + int keylen; struct wi_req wreq; struct wi_ltv_keys *keys; struct wi_key *k; @@ -301,9 +303,17 @@ wi_getval(iface, &wreq); keys = (struct wi_ltv_keys *)&wreq; - if (strlen(key) > 14) { - err(1, "encryption key must be no " - "more than 14 characters long"); + keylen = strlen(key); + if (key[0] == '0' && (key[1] == 'x' || key[1] == 'X')) { + if(keylen != 2 && keylen != 12 && keylen != 28) { + err(1, "encryption key must be 0, 10, or 26 " + "hex digits long"); + } + } else { + if (keylen != 0 && keylen != 5 && keylen != 13) { + err(1, "encryption key must be 0, 5, or 13 " + "bytes long"); + } } if (idx > 3) @@ -323,6 +333,7 @@ struct wi_req *wreq; { int i, j; + int isprintable; struct wi_key *k; struct wi_ltv_keys *keys; char *ptr; @@ -332,12 +343,24 @@ for (i = 0; i < 4; i++) { k = &keys->wi_keys[i]; ptr = (char *)k->wi_keydat; + isprintable = 1; for (j = 0; j < k->wi_keylen; j++) { - if (ptr[i] == '\0') - ptr[i] = ' '; + if (!isprint(ptr[j])) { + isprintable = 0; + break; + } + } + if(isprintable) { + ptr[j] = '\0'; + printf("[ %s ]", ptr); + } else { + printf("[ 0x"); + for (j = 0; j < k->wi_keylen; j++) { + printf("%02x", ptr[j] & 0xFF); + } + printf(" ]"); + } - ptr[j] = '\0'; - printf("[ %s ]", ptr); } return; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message