d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes to the Aironet driver to clear up some WEP issues.

Browse Source 
"Security notes" section to the man page added by me.

PR:		23097
Submitted by:	Doug Ambrisko <ambrisko@whistle.com>
This commit is contained in:
archie 2000-12-08 19:02:35 +00:00
parent d8dc54d7fc
commit cbb790a99e
3 changed files with 211 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
usr.sbin/ancontrol/Makefile
View File

@ -5,6 +5,6 @@ SRCS= ancontrol.c
MAN8= ancontrol.8
CFLAGS+= -I${.CURDIR}/../../sys -DANCACHE
CFLAGS+= -I${.CURDIR}/../../sys -DANCACHE -Wall
.include <bsd.prog.mk>

145
usr.sbin/ancontrol/ancontrol.8
View File

@ -37,65 +37,65 @@
.Nm ancontrol
.Nd configure Aironet 4500/4800 devices
.Sh SYNOPSIS
.Nm
.Nm ancontrol
.Fl i Ar iface Fl A
.Nm
.Nm ancontrol
.Fl i Ar iface Fl N
.Nm
.Nm ancontrol
.Fl i Ar iface Fl S
.Nm
.Nm ancontrol
.Fl i Ar iface Fl I
.Nm
.Nm ancontrol
.Fl i Ar iface Fl T
.Nm
.Nm ancontrol
.Fl i Ar iface Fl C
.Nm
.Nm ancontrol
.Fl i Ar iface Fl t Ar 0|1|2|3|4
.Nm
.Nm ancontrol
.Fl i Ar iface Fl s Ar 0|1|2|3
.Nm
.Nm ancontrol
.Fl i Ar iface
.Op Fl v Ar 1|2|3|4
.Fl a Ar AP
.Nm
.Nm ancontrol
.Fl i Ar iface Fl b Ar beacon period
.Nm
.Fl i Ar iface
.Op v Ar 0|1
.Fl d Ar 0|1|2|3
.Nm
.Fl i Ar iface Fl e Ar 0|1
.Nm
.Nm ancontrol
.Fl i Ar iface
.Op Fl v Ar 0|1
.Fl d Ar 0|1|2|3
.Nm ancontrol
.Fl i Ar iface Fl e Ar 0|1|2|4
.Nm ancontrol
.Fl i Ar iface
.Op Fl v Ar 0|1|2|3|4|5|6|7
.Fl k Ar key
.Nm
.Nm ancontrol
.Fl i Ar iface
.Fl K Ar mode
.Nm
.Nm ancontrol
.Fl i Ar iface
.Fl W Ar mode
.Nm
.Nm ancontrol
.Fl i Ar iface Fl j Ar netjoin timeout
.Nm
.Nm ancontrol
.Fl i Ar iface Fl l Ar station name
.Nm
.Nm ancontrol
.Fl i Ar iface Fl m Ar mac address
.Nm
.Nm ancontrol
.Fl i Ar iface
.Op Fl v Ar 1|2|3
.Fl n Ar SSID
.Nm
.Nm ancontrol
.Fl i Ar iface Fl o Ar 0|1
.Nm
.Nm ancontrol
.Fl i Ar iface Fl p Ar tx power
.Nm
.Nm ancontrol
.Fl i Ar iface Fl c Ar channel number
.Nm
.Nm ancontrol
.Fl i Ar iface Fl f Ar fragmentation threshold
.Nm
.Nm ancontrol
.Fl i Ar iface Fl r Ar RTS threshold
.Nm
.Nm ancontrol
.Fl h
.Sh DESCRIPTION
The
@ -106,7 +106,7 @@ devices via the
driver.
Most of the parameters that can be changed relate to the
IEEE 802.11 protocol which the Aironet cards implement.
This includes
This includes such things as
the station name, whether the station is operating in ad-hoc (point
to point) or infrastructure mode, and the network name of a service
set to join.
@ -122,11 +122,19 @@ argument given to
should be the logical interface name associated with the Aironet
device (an0, an1, etc...). If one isn't specified the device an0 will
be assumed.
.Pp
The
.Nm
command is not designed to support the combination of arguments from different
.Sy SYNOPSIS
lines in a single
.Nm
invocation, and such combinations are not recommended.
.Sh OPTIONS
The options are as follows:
.Bl -tag -width Fl
.It Fl i Ar iface Fl A
Display the prefered access point list.
Display the preferred access point list.
The AP list can be used by
stations to specify the MAC address of access points with which it
wishes to associate.
@ -199,7 +207,11 @@ Valid selections are as follows:
.Pp
Note that for IBSS (ad-hoc) mode, only PSP mode is supported, and only
if the ATIM window is non-zero.
.It Fl i Ar iface "[-v 1|2|3|4]" Fl a Ar AP
.It Xo
.Fl i Ar iface [
.Fl v Ar 1|2|3|4 ]
.Fl a Ar AP
.Xc
Set prefered access point.
The
.Ar AP
@ -220,7 +232,11 @@ Set the ad-hoc mode beacon period.
The becon period is specified in
milliseconds.
The default is 100ms.
.It Fl i Ar iface "-v 0|1" Fl d Ar 0|1|2|3
.It Xo
.Fl i Ar iface [
.Fl v Ar 0|1 ]
.Fl d Ar 0|1|2|3
.Xc
Select the antenna diversity.
Aironet devices can be configured with up
to two antennas, and transmit and receive diversity can be configured
@ -245,16 +261,30 @@ option: selection
sets the receive diversity and
.Ar 1
sets the transmit diversity.
.It Fl i Ar iface "[ -v 0|1 ]" Fl k Ar key
Set the WEP key. For 40 bit prefix 10 hex character with 0x.
For 128 bit prefix 26 hex character with 0x.
Supports 4 keys, use even numbers are permanet and odd number
are temporary keys for example "-v 1" sets the first temporary key.
.It Fl i Ar iface Fl K Ar 0|1|2|4
.It Fl i Ar iface Fl e Ar 0|1|2|3
Set the transmit WEP key to use.
Note that until this command is issued, the device will use the
last key programmed. The transmit key is stored in NVRAM. Currently
set transmit key can be checked via "-C" option.
.It Xo
.Fl i Ar iface [
.Fl v Ar 0|1|2|3|4|5|6|7 ]
.Fl k Ar key
.Xc
Set a WEP key. For 40 bit prefix 10 hex character with 0x.
For 128 bit prefix 26 hex character with 0x. Use "" as the key
to erase the key. Supports 4 keys; even numbers are for permanent keys
and odd number are for temporary keys.
For example, "-v 1" sets the first temporary key.
(A "permanent" key is stored in NVRAM; a "temporary" key is not.)
Note that the device will use the most recently-programmed key by default.
Currently set keys can be checked via "-C" option, only the sizes of the
keys are returned.
.It Fl i Ar iface Fl K Ar 0|1|2
Set authorization type. Use 0 for none, 1 for "Open",
2 for "Shared Key", 4 for "Exclude unencrypted".
.It Fl i Ar iface Fl W Ar 0|1
Enable WEP. Use 1 to enable, 0 for disable.
2 for "Shared Key".
.It Fl i Ar iface Fl W Ar 0|1|2
Enable WEP. Use 0 for no WEP, 1 to enable full WEP, 2 for mixed cell.
.It Fl i Ar iface Fl j Ar netjoin timeout
Set the ad-hoc network join timeout.
When a station is first activated
@ -282,7 +312,11 @@ is specified as a series of six hexadecimal values separated by colons,
e.g.: 00:60:1d:12:34:56.
This programs the new address into the card
and updates the interface as well.
.It Fl i Ar iface "[-v 1|2|3]" Fl n Ar SSID
.It Xo
.Fl i Ar iface [
.Fl v Ar 1|2|3 ]
.Fl n Ar SSID
.Xc
Set the desired SSID (network name). There are three SSIDs which allows
the NIC to work with access points at several locations without needing
to be reconfigured.
@ -373,6 +407,31 @@ The default is 2312.
.It Fl h
Prints a list of available options and sample usage.
.El
.Sh SECURITY NOTES
WEP ("wired equivalent privacy") is based on the RC4 algorithm,
using a 24 bit initialization vector.
.Pp
RC4 is supposedly vunerable to certain known plaintext attacks,
especially with 40 bit keys.
So the security of WEP in part depends on how much known plaintext
is transmitted.
.Pp
Because of this, although counter-intuitive, using "shared key"
authentication (which involves sending known plaintext) is less
secure than using "open" authentication when WEP is enabled.
.Pp
Devices may alternate among all of the configured WEP keys when
tranmitting packets.
Therefore, all configured keys (up to four) must agree.
.Sh EXAMPLES
.Pp
.Dl ancontrol -i an0 -v 0 -k 0x12345678901234567890123456
.Dl ancontrol -i an0 -K 2
.Dl ancontrol -i an0 -W 1
.Dl ancontrol -i an0 -e 0
.Pp
Sets a WEP key 0, enables "Shared Key" authentication, enables full WEP
and uses transmit key 0.
.Sh SEE ALSO
.Xr an 4 ,
.Xr ifconfig 8

117
usr.sbin/ancontrol/ancontrol.c
View File

@ -76,6 +76,7 @@ static void an_setconfig __P((char *, int, void *));
static void an_setssid __P((char *, int, void *));
static void an_setap __P((char *, int, void *));
static void an_setspeed __P((char *, int, void *));
static void an_readkeyinfo __P((char *));
#ifdef ANCACHE
static void an_zerocache __P((char *));
static void an_readcache __P((char *));
@ -121,6 +122,7 @@ int main __P((int, char **));
#define ACT_ENABLE_WEP 33
#define ACT_SET_KEY_TYPE 34
#define ACT_SET_KEYS 35
#define ACT_ENABLE_TX_KEY 36
static void an_getval(iface, areq)
char *iface;
@ -688,8 +690,13 @@ static void an_dumpconfig(iface)
printf("\nAuthentication timeout:\t\t\t");
an_printwords(&cfg->an_auth_timeout, 1);
printf("\nWEP enabled:\t\t\t\t[ ");
if (cfg->an_authtype & AN_AUTHTYPE_ENABLE)
printf("yes");
if (cfg->an_authtype & AN_AUTHTYPE_PRIVACY_IN_USE)
{
if (cfg->an_authtype & AN_AUTHTYPE_ALLOW_UNENCRYPTED)
printf("mixed cell");
else
printf("full");
}
else
printf("no");
printf(" ]");
@ -700,8 +707,6 @@ static void an_dumpconfig(iface)
printf("open");
if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_SHAREDKEY)
printf("shared key");
if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_EXCLUDE_UNENCRYPTED)
printf("exclude unencrypted");
printf(" ]");
printf("\nAssociation timeout:\t\t\t");
an_printwords(&cfg->an_assoc_timeout, 1);
@ -787,6 +792,8 @@ static void an_dumpconfig(iface)
an_printwords(&cfg->an_arl_delay, 1);
printf("\n");
printf("\n");
an_readkeyinfo(iface);
return;
}
@ -807,9 +814,10 @@ static void usage(p)
fprintf(stderr, "\t%s -i iface -b val (set beacon period)\n", p);
fprintf(stderr, "\t%s -i iface [-v 0|1] -d val (set diversity)\n", p);
fprintf(stderr, "\t%s -i iface -j val (set netjoin timeout)\n", p);
fprintf(stderr, "\t%s -i iface -e 0|1|2|3 (enable transmit key)\n", p);
fprintf(stderr, "\t%s -i iface [-v 0|1|2|3|4|5|6|7] -k key (set key)\n", p);
fprintf(stderr, "\t%s -i iface -K 0|1|2|4 (set auth type 2=shared secret)\n", p);
fprintf(stderr, "\t%s -i iface -W 0|1 (enable WEP)\n", p);
fprintf(stderr, "\t%s -i iface -K 0|1|2 (no auth/open/shared secret)\n", p);
fprintf(stderr, "\t%s -i iface -W 0|1|2 (no WEP/full WEP/mixed cell)\n", p);
fprintf(stderr, "\t%s -i iface -l val (set station name)\n", p);
fprintf(stderr, "\t%s -i iface -m val (set MAC address)\n", p);
fprintf(stderr, "\t%s -i iface [-v 1|2|3] -n SSID "
@ -934,8 +942,23 @@ static void an_setconfig(iface, act, arg)
bcopy((char *)addr, (char *)&cfg->an_macaddr, ETHER_ADDR_LEN);
break;
case ACT_ENABLE_WEP:
cfg->an_authtype = (cfg->an_authtype & AN_AUTHTYPE_MASK)
| atoi(arg) * AN_AUTHTYPE_ENABLE;
switch (atoi (arg)) {
case 0:
/* no WEP */
cfg->an_authtype &= ~(AN_AUTHTYPE_PRIVACY_IN_USE
| AN_AUTHTYPE_ALLOW_UNENCRYPTED);
break;
case 1:
/* full WEP */
cfg->an_authtype |= AN_AUTHTYPE_PRIVACY_IN_USE;
cfg->an_authtype &= ~AN_AUTHTYPE_ALLOW_UNENCRYPTED;
break;
case 2:
/* mixed cell */
cfg->an_authtype = AN_AUTHTYPE_PRIVACY_IN_USE
| AN_AUTHTYPE_ALLOW_UNENCRYPTED;
break;
}
break;
case ACT_SET_KEY_TYPE:
cfg->an_authtype = (cfg->an_authtype & ~AN_AUTHTYPE_MASK)
@ -1232,6 +1255,75 @@ static void an_setkeys(iface, key, keytype)
return;
}
static void an_readkeyinfo(iface)
char *iface;
{
struct an_req areq;
struct an_ltv_key *k;
int i;
bzero((char *)&areq, sizeof(areq));
k = (struct an_ltv_key *)&areq;
printf("WEP Key status:\n");
areq.an_type = AN_RID_WEP_TEMP; /* read first key */
for(i=0; i<4; i++){
areq.an_len = sizeof(struct an_ltv_key);
an_getval(iface, &areq);
switch (k->klen){
case 0:
printf("\tKey %d is unset\n",i);
break;
case 5:
printf("\tKey %d is set 40 bits\n",i);
break;
case 13:
printf("\tKey %d is set 128 bits\n",i);
break;
default:
printf("\tWEP Key %d has an unknown size %d\n",
i, k->klen);
}
areq.an_type = AN_RID_WEP_PERM; /* read next key */
}
k->kindex = 0xffff;
areq.an_len = sizeof(struct an_ltv_key);
an_getval(iface, &areq);
printf("\tThe active transmit key is %d\n", k->mac[0]);
return;
}
static void an_enable_tx_key(iface, arg)
char *iface;
char *arg;
{
struct an_req areq;
struct an_ltv_key *k;
bzero((char *)&areq, sizeof(areq));
k = (struct an_ltv_key *)&areq;
/* From a Cisco engineer write the transmit key to use in the
first MAC, index is FFFF*/
k->kindex=0xffff;
k->klen=0;
k->mac[0]=atoi(arg);
k->mac[1]=0;
k->mac[2]=0;
k->mac[3]=0;
k->mac[4]=0;
k->mac[5]=0;
areq.an_len = sizeof(struct an_ltv_key);
areq.an_type = AN_RID_WEP_PERM;
an_setval(iface, &areq);
return;
}
int main(argc, argv)
int argc;
char *argv[];
@ -1257,7 +1349,7 @@ int main(argc, argv)
opterr = 1;
while ((ch = getopt(argc, argv,
"ANISCTht:a:o:s:n:v:d:j:b:c:r:p:w:m:l:k:K:W:QZ")) != -1) {
"ANISCTht:a:e:o:s:n:v:d:j:b:c:r:p:w:m:l:k:K:W:QZ")) != -1) {
switch(ch) {
case 'Z':
#ifdef ANCACHE
@ -1404,6 +1496,10 @@ int main(argc, argv)
act = ACT_SET_KEYS;
key = optarg;
break;
case 'e':
act = ACT_ENABLE_TX_KEY;
arg = optarg;
break;
case 'q':
act = ACT_SET_RTS_RETRYLIM;
arg = optarg;
@ -1470,6 +1566,9 @@ int main(argc, argv)
case ACT_SET_KEYS:
an_setkeys(iface, key, modifier);
break;
case ACT_ENABLE_TX_KEY:
an_enable_tx_key(iface, arg);
break;
default:
an_setconfig(iface, act, arg);
break;