Author: wmb Date: Thu Dec 22 03:17:46 2011 New Revision: 2780 URL: http://tracker.coreboot.org/trac/openfirmware/changeset/2780
Log: WiFi - Fixed a problem that made WEP authentication not work when the access point is set for WEP open authentication mode instead of WEP shared key mode. Shared key mode used to be the norm, but open is now believed to be somewhat better, eliminating a WEP-key recovery attack on the challenge phase of the shared-mode authentication protocol.
Modified: dev/libertas.fth ofw/wifi/eapol.fth
Modified: dev/libertas.fth ============================================================================== --- dev/libertas.fth Thu Dec 22 03:17:42 2011 (r2779) +++ dev/libertas.fth Thu Dec 22 03:17:46 2011 (r2780) @@ -1404,6 +1404,12 @@ #rates +xw \ len common-rates #rates +x$ \ common supported data rates
+ ktype kt-wep = if + h# 11f +xw + 2 +xw + auth-mode +xw + then + \ RSN (WPA2) ktype kt-wpa2 = if /x \ Save beginning offset @@ -1443,7 +1449,15 @@ finish-cmd outbuf-wait if false exit then
respbuf >fw-data 2 + le-w@ ?dup if \ This is the IEEE Status Code - ." Failed to associate: " u. cr + dup d# 13 = ktype kt-wep = and if ( status ) + \ Retry, toggling the WEP authentication between shared (1) and open (0) + 1 auth-mode - set-auth-mode ( status ) + ?set-wep + set-mac-control + drop ( ) + else ( status ) + ." Failed to associate: " u. cr ( ) + then ( ) false else respbuf >fw-data 4 + le-w@ to assoc-id @@ -1471,7 +1485,7 @@ then ( ch ssid$ target-mac$ ) ?set-wep \ Set WEP keys again, if ktype is WEP set-mac-control - 2dup authenticate ( ch ssid$ target-mac$ ) +\ 2dup authenticate ( ch ssid$ target-mac$ ) d# 10 0 do ( ch ssid$ target-mac$ ) 4 pick 4 pick 4 pick 4 pick 4 pick ( ch ssid$ target-mac$ ch ssid$ target-mac$ ) bss-type bss-type-managed = if (associate) else (join) then ( ch ssid$ target-mac$ ok? )
Modified: ofw/wifi/eapol.fth ============================================================================== --- ofw/wifi/eapol.fth Thu Dec 22 03:17:42 2011 (r2779) +++ ofw/wifi/eapol.fth Thu Dec 22 03:17:46 2011 (r2780) @@ -735,7 +735,11 @@ disable-rsn disable-wep endof - kt-wep of am-shared set-auth-mode + kt-wep of am-open set-auth-mode + \ Open authentication is best for WEP because it prevents attacks + \ on the authentication challenge that can lead to key recovery. + \ If open authentication fails, the driver can retry the association + \ attempt with shared key mode. wifi-wep4$ wifi-wep3$ wifi-wep2$ wifi-wep1$ wifi-wep-idx set-wep disable-rsn endof