[commit] r2780 - dev ofw/wifi - openfirmware

22 Dec 2011

Author: wmb
Date: Thu Dec 22 03:17:46 2011
New Revision: 2780
URL: http://tracker.coreboot.org/trac/openfirmware/changeset/2780
Log:
WiFi - Fixed a problem that made WEP authentication not work when the access point is set for WEP open authentication mode instead of WEP shared key mode.  Shared key mode used to be the norm, but open is now believed to be somewhat better, eliminating a WEP-key recovery attack on the challenge phase of the shared-mode authentication protocol.
Modified:
   dev/libertas.fth
   ofw/wifi/eapol.fth
Modified: dev/libertas.fth
==============================================================================

--- dev/libertas.fth	Thu Dec 22 03:17:42 2011	(r2779)
+++ dev/libertas.fth	Thu Dec 22 03:17:46 2011	(r2780)
@@ -1404,6 +1404,12 @@
    #rates +xw				\ len
    common-rates #rates +x$		\ common supported data rates
+   ktype kt-wep =  if
+      h# 11f    +xw
+      2         +xw
+      auth-mode +xw
+   then
+
    \ RSN (WPA2)
    ktype kt-wpa2 =  if
       /x 				\ Save beginning offset
@@ -1443,7 +1449,15 @@
    finish-cmd outbuf-wait  if  false exit  then
respbuf >fw-data 2 + le-w@ ?dup  if \ This is the IEEE Status Code
-      ." Failed to associate: " u. cr
+      dup d# 13 =  ktype kt-wep =  and  if  ( status )
+         \ Retry, toggling the WEP authentication between shared (1) and open (0)
+         1 auth-mode -  set-auth-mode                           ( status )
+         ?set-wep
+	 set-mac-control
+         drop                                                   ( )
+      else                                                      ( status )
+         ." Failed to associate: " u. cr                        ( )
+      then                                                      ( )
       false
    else
       respbuf >fw-data 4 + le-w@ to assoc-id
@@ -1471,7 +1485,7 @@
    then                             ( ch ssid$ target-mac$ )
    ?set-wep				\ Set WEP keys again, if ktype is WEP
    set-mac-control
-   2dup authenticate                ( ch ssid$ target-mac$ )
+\  2dup authenticate                ( ch ssid$ target-mac$ )
    d# 10 0 do                       ( ch ssid$ target-mac$ )
       4 pick  4 pick  4 pick  4 pick  4 pick  ( ch ssid$ target-mac$  ch ssid$ target-mac$ )
       bss-type bss-type-managed =  if  (associate)  else  (join)  then  ( ch ssid$ target-mac$ ok? )
Modified: ofw/wifi/eapol.fth
==============================================================================
--- ofw/wifi/eapol.fth	Thu Dec 22 03:17:42 2011	(r2779)
+++ ofw/wifi/eapol.fth	Thu Dec 22 03:17:46 2011	(r2780)
@@ -735,7 +735,11 @@
                    disable-rsn
                    disable-wep
                    endof
-      kt-wep   of  am-shared set-auth-mode
+      kt-wep   of  am-open set-auth-mode
+                   \ Open authentication is best for WEP because it prevents attacks
+                   \ on the authentication challenge that can lead to key recovery.
+	           \ If open authentication fails, the driver can retry the association
+	           \ attempt with shared key mode.
                    wifi-wep4$ wifi-wep3$ wifi-wep2$ wifi-wep1$ wifi-wep-idx set-wep
    	   disable-rsn
                    endof

    