Re: WEP on wi(4) [was: Re: LOR wlan0 wi0]

From: Sam Leffler <sam_at_errno.com>
Date: Tue, 01 Sep 2009 08:29:53 -0700
John Nielsen wrote:
> On Sunday 09 August 2009 01:27:07 am Sam Leffler wrote:
>>> Sam Leffler <sam_at_errno.com> wrote:
>> I can confirm WEP is broken on wi in sta mode (and probably ap mode). 
>> I found at least two bugs but couldn't get it to work so am going to
>> leave it as an errata for 8.0.  But what's truly odd is that WPA works
>> fine despite a bug that should've caused it to not work.  I knew WPA
>> worked which is probably why I ignored WEP (noone in their right mind 
>> uses WEP when WPA is available :-)).
> 
> So for us wrong-minded people with wi(4) hardware that lacks WPA support 
> is it better to stick with 7.x for now? Any patches available or a rough 
> ETA? Is there a specific set of 8-CURRENT commits before which WEP is 
> known (or strongly suspected) to work? Anything others can do to help 
> besides ask annoying questions? (Sadly I'm not quite enough of a kernel 
> hacker to adopt maintainership of wi.)

Attached is what I came up with when the problem was identified.  As you 
can see it's incomplete.  I have no time to work on it more so someone 
else will need to follow through.

Given the cost of a replacement wireless card is <US$20 I cannot imagine 
why anyone would not just replace it.

	Sam

attached mail follows:


The attached patch tries to fix WEP support in wi.  Presently WEP does 
not work for two reasons:

1. wi_start_locked does not mask the PRIVACY bit from the header flags 
when finding the direction to extract mac addresses to reconstruct the 
802.3 frame.  Why this does not break WPA also is beyond me.

2. wi marks all tx encrypted frames WI_TXCNTL_NOCRYPT but tries to use 
h/w WEP support for cards that support it.  I've deleted the h/w crypto 
support and just do the work in s/w.

But the above does not fix WEP and I don't see why.  If you've got any 
ideas it'd be nice to fix this.  Otherwise if you can review what I've 
done it'd be appreciated.  I can submit just #1 to re as that's 
definitely correct.

	Sam

Index: if_wivar.h
===================================================================
--- if_wivar.h	(revision 196086)
+++ if_wivar.h	(working copy)
_at__at_ -113,7 +113,6 _at__at_
 
 	int			sc_porttype;
 	u_int16_t		sc_portnum;
-	u_int16_t		sc_encryption;
 	u_int16_t		sc_monitor_port;
 
 	/* RSSI interpretation */
Index: if_wi.c
===================================================================
--- if_wi.c	(revision 196086)
+++ if_wi.c	(working copy)
_at__at_ -137,7 +137,6 _at__at_
 static void wi_info_intr(struct wi_softc *);
 
 static int  wi_write_txrate(struct wi_softc *, struct ieee80211vap *);
-static int  wi_write_wep(struct wi_softc *, struct ieee80211vap *);
 static int  wi_write_multi(struct wi_softc *);
 static void wi_update_mcast(struct ifnet *);
 static void wi_update_promisc(struct ifnet *);
_at__at_ -417,15 +416,6 _at__at_
 		sc->sc_dbm_offset = WI_PRISM_DBM_OFFSET;
 		break;
 	}
-
-	/*
-	 * Find out if we support WEP on this card.
-	 */
-	buflen = sizeof(val);
-	if (wi_read_rid(sc, WI_RID_WEP_AVAIL, &val, &buflen) == 0 &&
-	    val != htole16(0))
-		ic->ic_cryptocaps |= IEEE80211_CRYPTO_WEP;
-
 	/* Find supported rates. */
 	buflen = sizeof(ratebuf);
 	rs = &ic->ic_sup_rates[IEEE80211_MODE_11B];
_at__at_ -842,12 +832,6 _at__at_
 		wi_write_val(sc, WI_RID_OWN_CHNL,
 		    ieee80211_chan2ieee(ic, bss->ni_chan));
 
-		/* Configure WEP. */
-		if (ic->ic_cryptocaps & IEEE80211_CRYPTO_WEP)
-			wi_write_wep(sc, vap);
-		else
-			sc->sc_encryption = 0;
-
 		if ((sc->sc_flags & WI_FLAGS_HAS_WPASUPPORT) &&
 		    (vap->iv_flags & IEEE80211_F_WPA)) {
 			wi_write_val(sc, WI_RID_WPA_HANDLING, 1);
_at__at_ -932,12 +916,6 _at__at_
 
 		wi_write_val(sc, WI_RID_PROMISC, 0);
 
-		/* Configure WEP. */
-		if (ic->ic_cryptocaps & IEEE80211_CRYPTO_WEP)
-			wi_write_wep(sc, vap);
-		else
-			sc->sc_encryption = 0;
-
 		wi_enable(sc);		/* enable port */
 		WI_UNLOCK(sc);
 	}
_at__at_ -976,7 +954,7 _at__at_
 
 		/* reconstruct 802.3 header */
 		wh = mtod(m0, struct ieee80211_frame *);
-		switch (wh->i_fc[1]) {
+		switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
 		case IEEE80211_FC1_DIR_TODS:
 			IEEE80211_ADDR_COPY(frmhdr.wi_ehdr.ether_shost,
 			    wh->i_addr2);
_at__at_ -1739,71 +1717,6 _at__at_
 }
 
 static int
-wi_write_wep(struct wi_softc *sc, struct ieee80211vap *vap)
-{
-	int error = 0;
-	int i, keylen;
-	u_int16_t val;
-	struct wi_key wkey[IEEE80211_WEP_NKID];
-
-	switch (sc->sc_firmware_type) {
-	case WI_LUCENT:
-		val = (vap->iv_flags & IEEE80211_F_PRIVACY) ? 1 : 0;
-		error = wi_write_val(sc, WI_RID_ENCRYPTION, val);
-		if (error)
-			break;
-		if ((vap->iv_flags & IEEE80211_F_PRIVACY) == 0)
-			break;
-		error = wi_write_val(sc, WI_RID_TX_CRYPT_KEY, vap->iv_def_txkey);
-		if (error)
-			break;
-		memset(wkey, 0, sizeof(wkey));
-		for (i = 0; i < IEEE80211_WEP_NKID; i++) {
-			keylen = vap->iv_nw_keys[i].wk_keylen;
-			wkey[i].wi_keylen = htole16(keylen);
-			memcpy(wkey[i].wi_keydat, vap->iv_nw_keys[i].wk_key,
-			    keylen);
-		}
-		error = wi_write_rid(sc, WI_RID_DEFLT_CRYPT_KEYS,
-		    wkey, sizeof(wkey));
-		sc->sc_encryption = 0;
-		break;
-
-	case WI_INTERSIL:
-		val = HOST_ENCRYPT | HOST_DECRYPT;
-		if (vap->iv_flags & IEEE80211_F_PRIVACY) {
-			/*
-			 * ONLY HWB3163 EVAL-CARD Firmware version
-			 * less than 0.8 variant2
-			 *
-			 *   If promiscuous mode disable, Prism2 chip
-			 *  does not work with WEP .
-			 * It is under investigation for details.
-			 * (ichiro_at_netbsd.org)
-			 */
-			if (sc->sc_sta_firmware_ver < 802 ) {
-				/* firm ver < 0.8 variant 2 */
-				wi_write_val(sc, WI_RID_PROMISC, 1);
-			}
-			wi_write_val(sc, WI_RID_CNFAUTHMODE,
-			    vap->iv_bss->ni_authmode);
-			val |= PRIVACY_INVOKED;
-		} else {
-			wi_write_val(sc, WI_RID_CNFAUTHMODE, IEEE80211_AUTH_OPEN);
-		}
-		error = wi_write_val(sc, WI_RID_P2_ENCRYPTION, val);
-		if (error)
-			break;
-		sc->sc_encryption = val;
-		if ((val & PRIVACY_INVOKED) == 0)
-			break;
-		error = wi_write_val(sc, WI_RID_P2_TX_CRYPT_KEY, vap->iv_def_txkey);
-		break;
-	}
-	return error;
-}
-
-static int
 wi_cmd(struct wi_softc *sc, int cmd, int val0, int val1, int val2)
 {
 	int i, s = 0;
Received on Tue Sep 01 2009 - 13:29:55 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:54 UTC