Modify

Opened 9 years ago

Closed 9 years ago

Last modified 8 years ago

#4687 closed defect (fixed)

[PATCH] broadcom mode=sta support PSK+AES

Reported by: rian Owned by: florian
Priority: normal Milestone: Kamikaze 8.09.1
Component: packages Version:
Keywords: wlc broadcom clientmode aes Cc:

Description

Kamikaze r14417 (8.4.1) does not allow client mode to operate with encryption mode PSK with just AES. Parsing of /etc/config/wireless assumes PSK is only used with just TKIP.

Applying the patch below allows the use of the config line

option 'encryption' 'psk+aes'

which passes the correct options to nas. File changed (broadcom.sh) is provided by package "wlc".

root@OpenWrt:/etc/config# diff -urN /lib/wifi/broadcom.sh.orig /lib/wifi/broadcom.sh
--- /lib/wifi/broadcom.sh.orig Fri Feb 6 04:24:02 2009
+++ /lib/wifi/broadcom.sh Fri Feb 6 04:22:00 2009
@@ -198,6 +198,7 @@

case "$enc" in

wpa*+wpa2*|WPA*+WPA2*|*psk+*psk2|*PSK+*PSK2) auth=132; wsec=6;;
wpa2*|WPA2*|*PSK2|*psk2) auth=128; wsec=4;;

+ *aes|*AES) auth=4; wsec=4;;

*) auth=4; wsec=2;;

esac
eval "${vif}_key=\"\$key\""

Attachments (1)

broadcom_nas_wpa_combinations.patch (2.2 KB) - added by wberrier@… 8 years ago.
Patch that applies against trunk

Download all attachments as: .zip

Change History (5)

comment:1 Changed 9 years ago by florian

  • Milestone changed from Kamikaze to Kamikaze 8.09.1
  • Owner changed from developers to florian
  • Status changed from new to assigned

comment:2 Changed 9 years ago by florian

  • Resolution set to fixed
  • Status changed from assigned to closed

Applied in [15894], thanks !

comment:3 Changed 8 years ago by wberrier@…

If I understand correctly, this still doesn't allow some combinations, correct?

auth,wsec table (implemented in broadcom.sh):

4,2: psk/tkip
4,4: psk/aes
4,6: psk/tkip+aes (currently unsupported)

128,2: psk2/tkip (currently unsupported)
128,4: psk2/aes
128,6: psk2/tkip+aes (currently unsupported)

132,2: psk+psk2/tkip (currently unsupported)
132,4: psk+psk2/aes (currently unsupported)
132,6: psk+psk2/tkip+aes

------------------

2,2: wpa/tkip
2,4: wpa/aes (currently unsupported)
2,6: wpa/tkip+aes (currently unsupported)

64,2: wpa2/tkip (currently unsupported)
64,4: wpa2/aes
64,6: wpa2/tkip+aes (currently unsupported)

66,2: psk+psk2/tkip (currently unsupported)
66,4: psk+psk2/aes (currently unsupported)
66,6: psk+psk2/tkip+aes

The above values can be verified from here:

http://nuwiki.openwrt.org/oldwiki/OpenWrtDocs/nas

A more comprehensive fix was posted here:

http://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg00693.html

This fix seems especially relevant considering the news these last few months about the wpa/tkip vulnerabilities:

http://hardware.slashdot.org/story/09/08/27/180249/WPA-Encryption-Cracked-In-60-Seconds

Changed 8 years ago by wberrier@…

Patch that applies against trunk

comment:4 Changed 8 years ago by wberrier@…

Note, it turns out that using the "|" character in a config option as mentioned in:

http://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg00693.html

does not work unless you enclose the value in quotes. (It looks like it's interpreted as a shell pipe char when reading the value, so it tries to execute the command.)

So instead, I used the ":" character, which worked wonderfully. Or, you can use the "|" char but enclose the value in quotes in /etc/config/wireless.

Example:

option encryption psk+psk2:aes

option encryption "psk+psk2|aes"

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.