diff options
| author | Patrick Wildt <patrick@cvs.openbsd.org> | 2017-10-16 22:27:17 +0000 |
|---|---|---|
| committer | Patrick Wildt <patrick@cvs.openbsd.org> | 2017-10-16 22:27:17 +0000 |
| commit | d8fb00155b598f98f15e4baeeb6aa99c5d1b05f5 (patch) | |
| tree | b5dd3b2d7a1e0a6e6f34825351341bfb6a29fd03 /sys/dev | |
| parent | 8c6acb85b0608d3e9f36ff280d2789b3e51aa982 (diff) | |
Allow a more fine grained control about which ciphers to use.
Diffstat (limited to 'sys/dev')
| -rw-r--r-- | sys/dev/ic/bwfm.c | 35 | ||||
| -rw-r--r-- | sys/dev/ic/bwfmreg.h | 4 |
2 files changed, 31 insertions, 8 deletions
diff --git a/sys/dev/ic/bwfm.c b/sys/dev/ic/bwfm.c index 1354ab5d058..5b5301504e0 100644 --- a/sys/dev/ic/bwfm.c +++ b/sys/dev/ic/bwfm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bwfm.c,v 1.4 2017/10/16 21:59:30 patrick Exp $ */ +/* $OpenBSD: bwfm.c,v 1.5 2017/10/16 22:27:16 patrick Exp $ */ /* * Copyright (c) 2010-2016 Broadcom Corporation * Copyright (c) 2016,2017 Patrick Wildt <patrick@blueri.se> @@ -336,6 +336,8 @@ bwfm_init(struct ifnet *ifp) */ if (ic->ic_flags & IEEE80211_F_PSK) { struct bwfm_wsec_pmk pmk; + uint32_t wsec = 0; + uint32_t wpa = 0; int i; pmk.key_len = htole16(sizeof(ic->ic_psk) << 1); @@ -346,15 +348,36 @@ bwfm_init(struct ifnet *ifp) bwfm_fwvar_cmd_set_data(sc, BWFM_C_SET_WSEC_PMK, &pmk, sizeof(pmk)); - bwfm_fwvar_var_set_int(sc, "wpa_auth", BWFM_WPA_AUTH_WPA2_PSK); - bwfm_fwvar_var_set_int(sc, "wsec", - BWFM_WSEC_TKIP | BWFM_WSEC_AES); - bwfm_fwvar_var_set_int(sc, "auth", BWFM_AUTH_OPEN); + if (ic->ic_rsnprotos & IEEE80211_PROTO_WPA) { + if (ic->ic_rsnakms & IEEE80211_AKM_PSK) + wpa |= BWFM_WPA_AUTH_WPA_PSK; + if (ic->ic_rsnakms & IEEE80211_AKM_8021X) + wpa |= BWFM_WPA_AUTH_WPA_UNSPECIFIED; + } + if (ic->ic_rsnprotos & IEEE80211_PROTO_RSN) { + if (ic->ic_rsnakms & IEEE80211_AKM_PSK) + wpa |= BWFM_WPA_AUTH_WPA2_PSK; + if (ic->ic_rsnakms & IEEE80211_AKM_SHA256_PSK) + wpa |= BWFM_WPA_AUTH_WPA2_PSK_SHA256; + if (ic->ic_rsnakms & IEEE80211_AKM_8021X) + wpa |= BWFM_WPA_AUTH_WPA2_UNSPECIFIED; + if (ic->ic_rsnakms & IEEE80211_AKM_SHA256_8021X) + wpa |= BWFM_WPA_AUTH_WPA2_1X_SHA256; + } + if (ic->ic_rsnciphers & IEEE80211_WPA_CIPHER_TKIP || + ic->ic_rsngroupcipher & IEEE80211_WPA_CIPHER_TKIP) + wsec |= BWFM_WSEC_TKIP; + if (ic->ic_rsnciphers & IEEE80211_WPA_CIPHER_CCMP || + ic->ic_rsngroupcipher & IEEE80211_WPA_CIPHER_CCMP) + wsec |= BWFM_WSEC_AES; + + bwfm_fwvar_var_set_int(sc, "wpa_auth", wpa); + bwfm_fwvar_var_set_int(sc, "wsec", wsec); } else { bwfm_fwvar_var_set_int(sc, "wpa_auth", BWFM_WPA_AUTH_DISABLED); bwfm_fwvar_var_set_int(sc, "wsec", BWFM_WSEC_NONE); - bwfm_fwvar_var_set_int(sc, "auth", BWFM_AUTH_OPEN); } + bwfm_fwvar_var_set_int(sc, "auth", BWFM_AUTH_OPEN); bwfm_fwvar_var_set_int(sc, "mfp", BWFM_MFP_NONE); if (ic->ic_des_esslen && ic->ic_des_esslen < BWFM_MAX_SSID_LEN) { diff --git a/sys/dev/ic/bwfmreg.h b/sys/dev/ic/bwfmreg.h index f81d3dd1494..57057e73c1a 100644 --- a/sys/dev/ic/bwfmreg.h +++ b/sys/dev/ic/bwfmreg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bwfmreg.h,v 1.3 2017/10/16 21:10:28 patrick Exp $ */ +/* $OpenBSD: bwfmreg.h,v 1.4 2017/10/16 22:27:16 patrick Exp $ */ /* * Copyright (c) 2010-2016 Broadcom Corporation * Copyright (c) 2016,2017 Patrick Wildt <patrick@blueri.se> @@ -144,7 +144,7 @@ #define BWFM_MFP_REQUIRED 2 #define BWFM_WPA_AUTH_DISABLED (0 << 0) #define BWFM_WPA_AUTH_NONE (1 << 0) -#define BWFM_WPA_AUTH_UNSPECIFIED (1 << 1) +#define BWFM_WPA_AUTH_WPA_UNSPECIFIED (1 << 1) #define BWFM_WPA_AUTH_WPA_PSK (1 << 2) #define BWFM_WPA_AUTH_WPA2_UNSPECIFIED (1 << 6) #define BWFM_WPA_AUTH_WPA2_PSK (1 << 7) |