Starting with Prism firmware version 1.6.3, HostAP supports an

enhanced security mode whereby the SSID can be hidden from snoopers.
Ok deraadt@

5 files changed, 36 insertions, 8 deletions

diff --git a/sbin/wicontrol/wicontrol.8 b/sbin/wicontrol/wicontrol.8
index ec2ded404d9..88d458a3355 100644
--- a/sbin/wicontrol/wicontrol.8
+++ b/sbin/wicontrol/wicontrol.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: wicontrol.8,v 1.47 2003/06/03 13:16:09 jmc Exp $
+.\"	$OpenBSD: wicontrol.8,v 1.48 2004/03/18 16:16:11 millert Exp $
 .\"
 .\" Copyright (c) 1997, 1998, 1999
 .\"	Bill Paul <wpaul@ctr.columbia.edu> All rights reserved.
@@ -59,6 +59,7 @@
 .Op Fl f Ar frequency
 .Op Fl A Ar 1|2|3
 .Op Fl D Ar 0|1|2
+.Op Fl E Ar 0|1|2|3
 .Op Fl F Ar 0|1
 .Op Fl M Ar 0|1
 .Op Fl P Ar 0|1
@@ -334,6 +335,16 @@ with the best reception.
 .El
 .Pp
 The default is 0 (Autoselect).
+.It Fl E Ar 0|1|2|3
+[Prism only] Sets the enhanced security mode.
+A value of 0 disables enhanced security mode.
+A value of 1 hides the SSID name in beacon frames
+(defeats passive AP scanning).
+A value of 2 prevents responses to probe packets with an unspecified SSID.
+A value of 3 enables both enhanced security modes.
+This option is only available on Prism cards with station firmware >= 1.6.3
+and is really only useful in HostAP mode.
+The default is 0.
 .It Fl F Ar 0|1
 [Prism2 only]
 Enable or disable processing of 802.11b frames.
diff --git a/sbin/wicontrol/wicontrol.c b/sbin/wicontrol/wicontrol.c
index 8bb530954ef..0d8894e7190 100644
--- a/sbin/wicontrol/wicontrol.c
+++ b/sbin/wicontrol/wicontrol.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: wicontrol.c,v 1.47 2003/07/29 18:38:36 deraadt Exp $	*/
+/*	$OpenBSD: wicontrol.c,v 1.48 2004/03/18 16:16:11 millert Exp $	*/
 
 /*
  * Copyright (c) 1997, 1998, 1999
@@ -69,7 +69,7 @@
 static const char copyright[] = "@(#) Copyright (c) 1997, 1998, 1999\
 	Bill Paul. All rights reserved.";
 static const char rcsid[] =
-	"@(#) $OpenBSD: wicontrol.c,v 1.47 2003/07/29 18:38:36 deraadt Exp $";
+	"@(#) $OpenBSD: wicontrol.c,v 1.48 2004/03/18 16:16:11 millert Exp $";
 #endif
 
 void wi_getval(char *, struct wi_req *);
@@ -597,6 +597,7 @@ struct wi_table wi_table[] = {
 	{ WI_RID_SYSTEM_SCALE, WI_WORDS, "Access point density:\t\t\t" },
 	{ WI_RID_PM_ENABLED, WI_BOOL, "Power Management:\t\t\t" },
 	{ WI_RID_MAX_SLEEP, WI_WORDS, "Max sleep time:\t\t\t\t" },
+	{ WI_RID_CNF_ENH_SECURITY, WI_WORDS, "Enhanced Security mode:\t\t\t" },
 	{ WI_RID_PRISM2, WI_WORDS, "Intersil Prism2-based card:\t\t" },
 	{ WI_RID_STA_IDENTITY, WI_CARDINFO, "Card info:\t\t\t\t" },
 	{ 0, NULL }
@@ -844,6 +845,7 @@ struct wi_func wi_opt[] = {
 	{ 'x', wi_setword, WI_FRID_CRYPTO_ALG, NULL },
 	{ 'A', wi_setword, WI_RID_CNFAUTHMODE, NULL },
 	{ 'D', wi_setword, WI_RID_SYMBOL_DIVERSITY, NULL },
+	{ 'E', wi_setword, WI_RID_CNF_ENH_SECURITY, NULL },
 	{ 'M', wi_setword, WI_RID_MICROWAVE_OVEN, NULL },
 	{ 'P', wi_setword, WI_RID_PM_ENABLED, NULL },
 	{ 'R', wi_setword, WI_RID_ROAMING_MODE, NULL },
@@ -876,7 +878,7 @@ main(int argc, char *argv[])
 	}
 
 	while ((ch = getopt(argc, argv,
-	    "a:c:d:e:f:hi:k:lm:n:op:q:r:s:t:v:x:A:D:F:LM:S:P:R:T:")) != -1) {
+	    "a:c:d:e:f:hi:k:lm:n:op:q:r:s:t:v:x:A:D:E:F:LM:S:P:R:T:")) != -1) {
 		for (p = 0; ch && wi_opt[p].key; p++)
 			if (ch == wi_opt[p].key) {
 				if (ch == 'p' && !isdigit(*optarg))
diff --git a/sys/dev/ic/if_wi.c b/sys/dev/ic/if_wi.c
index fbf0ff0097b..4e62eb80a5d 100644
--- a/sys/dev/ic/if_wi.c
+++ b/sys/dev/ic/if_wi.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_wi.c,v 1.107 2004/03/15 21:50:26 millert Exp $	*/
+/*	$OpenBSD: if_wi.c,v 1.108 2004/03/18 16:16:10 millert Exp $	*/
 
 /*
  * Copyright (c) 1997, 1998, 1999
@@ -126,7 +126,7 @@ u_int32_t	widebug = WIDEBUG;
 
 #if !defined(lint) && !defined(__OpenBSD__)
 static const char rcsid[] =
-	"$OpenBSD: if_wi.c,v 1.107 2004/03/15 21:50:26 millert Exp $";
+	"$OpenBSD: if_wi.c,v 1.108 2004/03/18 16:16:10 millert Exp $";
 #endif	/* lint */
 
 #ifdef foo
@@ -301,6 +301,8 @@ wi_attach(struct wi_softc *sc, struct wi_funcs *funcs)
 			sc->wi_flags |= WI_FLAGS_HAS_IBSS;
 			sc->wi_flags |= WI_FLAGS_HAS_CREATE_IBSS;
 		}
+		if (sc->sc_sta_firmware_ver >= 10603)
+			sc->wi_flags |= WI_FLAGS_HAS_ENH_SECURITY;
 		sc->wi_ibss_port = htole16(0);
 		break;
 	case WI_SYMBOL:
@@ -1516,6 +1518,9 @@ wi_setdef(sc, wreq)
 	case WI_RID_SYMBOL_DIVERSITY:
 		sc->wi_diversity = letoh16(wreq->wi_val[0]);
 		break;
+	case WI_RID_CNF_ENH_SECURITY:
+		sc->wi_enh_security = letoh16(wreq->wi_val[0]);
+		break;
 	case WI_RID_ENCRYPTION:
 		sc->wi_use_wep = letoh16(wreq->wi_val[0]);
 		break;
@@ -1751,6 +1756,7 @@ wi_ioctl(ifp, command, data)
 		case WI_RID_CREATE_IBSS:
 		case WI_RID_MICROWAVE_OVEN:
 		case WI_RID_OWN_SSID:
+		case WI_RID_CNF_ENH_SECURITY:
 			/*
 			 * Check for features that may not be supported
 			 * (must be just before default case).
@@ -1763,6 +1769,8 @@ wi_ioctl(ifp, command, data)
 			    !(sc->wi_flags & WI_FLAGS_HAS_CREATE_IBSS)) ||
 			    (wreq.wi_type == WI_RID_MICROWAVE_OVEN &&
 			    !(sc->wi_flags & WI_FLAGS_HAS_MOR)) ||
+			    (wreq.wi_type == WI_RID_CNF_ENH_SECURITY &&
+			    !(sc->wi_flags & WI_FLAGS_HAS_ENH_SECURITY)) ||
 			    (wreq.wi_type == WI_RID_OWN_SSID &&
 			    wreq.wi_len != 0))
 				break;
@@ -1905,6 +1913,10 @@ wi_init_io(sc)
 	/* Power Management Max Sleep */
 	WI_SETVAL(WI_RID_MAX_SLEEP, sc->wi_max_sleep);
 
+	/* Set Enhanced Security if supported. */
+	if (sc->wi_flags & WI_FLAGS_HAS_ENH_SECURITY)
+		WI_SETVAL(WI_RID_CNF_ENH_SECURITY, sc->wi_enh_security);
+
 	/* Set Roaming Mode unless this is a Symbol card. */
 	if (sc->wi_flags & WI_FLAGS_HAS_ROAMING)
 		WI_SETVAL(WI_RID_ROAMING_MODE, sc->wi_roaming);
diff --git a/sys/dev/ic/if_wi_ieee.h b/sys/dev/ic/if_wi_ieee.h
index 7f4b37990dc..bceff9eea84 100644
--- a/sys/dev/ic/if_wi_ieee.h
+++ b/sys/dev/ic/if_wi_ieee.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_wi_ieee.h,v 1.21 2004/03/05 20:39:48 millert Exp $	*/
+/*	$OpenBSD: if_wi_ieee.h,v 1.22 2004/03/18 16:16:10 millert Exp $	*/
 
 /*
  * Copyright (c) 1997, 1998, 1999
@@ -238,6 +238,7 @@ struct wi_counters {
 #define	WI_RID_SYMBOL_KEYLENGTH	0xFC2B
 #define	WI_RID_ROAMING_MODE	0xFC2D /* Roaming mode (1:firm,3:disable) */
 #define WI_RID_CUR_BEACON_INT	0xFC33 /* beacon xmit time for BSS creation */
+#define	WI_RID_CNF_ENH_SECURITY	0xFC43 /* hide SSID name (prism fw >= 1.6.3) */
 #define	WI_RID_CNF_DBM_ADJUST	0xFC46 /* Get DBM adjustment factor */
 #define	WI_RID_SYMBOL_PREAMBLE	0xFC8C /* Enable/disable short preamble */
 #define	WI_RID_P2_SHORT_PREAMBLE	0xFCB0 /* Short preamble support */
diff --git a/sys/dev/ic/if_wivar.h b/sys/dev/ic/if_wivar.h
index 568a8134929..cdc35f6aa6f 100644
--- a/sys/dev/ic/if_wivar.h
+++ b/sys/dev/ic/if_wivar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_wivar.h,v 1.23 2004/03/02 21:59:29 millert Exp $	*/
+/*	$OpenBSD: if_wivar.h,v 1.24 2004/03/18 16:16:10 millert Exp $	*/
 
 /*
  * Copyright (c) 1997, 1998, 1999
@@ -79,6 +79,7 @@ struct wi_softc	{
 	struct ieee80211_nwid	wi_ibss_name;
 
 	int			wi_use_wep;
+	int			wi_enh_security;
 	int			wi_crypto_algorithm;
 	int			wi_tx_key;
 	struct wi_ltv_keys	wi_keys;
@@ -135,6 +136,7 @@ struct wi_softc	{
 #define WI_FLAGS_HAS_HOSTAP		0x0100
 #define WI_FLAGS_BUS_PCMCIA		0x0200
 #define WI_FLAGS_BUS_USB		0x0400
+#define WI_FLAGS_HAS_ENH_SECURITY	0x0800
 
 #define WI_PRT_FMT "%s"
 #define WI_PRT_ARG(sc)	(sc)->sc_dev.dv_xname