Forest Bond | 5449c68 | 2009-04-25 10:30:44 -0400 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. |
| 3 | * All rights reserved. |
| 4 | * |
| 5 | * This program is free software; you can redistribute it and/or modify |
| 6 | * it under the terms of the GNU General Public License as published by |
| 7 | * the Free Software Foundation; either version 2 of the License, or |
| 8 | * (at your option) any later version. |
| 9 | * |
| 10 | * This program is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | * GNU General Public License for more details. |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License along |
| 16 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 18 | * |
| 19 | * |
| 20 | * File: wpa2.c |
| 21 | * |
| 22 | * Purpose: Handles the Basic Service Set & Node Database functions |
| 23 | * |
| 24 | * Functions: |
| 25 | * |
| 26 | * Revision History: |
| 27 | * |
| 28 | * Author: Yiching Chen |
| 29 | * |
| 30 | * Date: Oct. 4, 2004 |
| 31 | * |
| 32 | */ |
| 33 | #if !defined(__WPA2_H__) |
| 34 | #include "wpa2.h" |
| 35 | #endif |
| 36 | #if !defined(__UMEM_H__) |
| 37 | #include "umem.h" |
| 38 | #endif |
| 39 | #if !defined(__DEVICE_H__) |
| 40 | #include "device.h" |
| 41 | #endif |
| 42 | #if !defined(__WMGR_H__) |
| 43 | #include "wmgr.h" |
| 44 | #endif |
| 45 | |
| 46 | |
| 47 | /*--------------------- Static Definitions -------------------------*/ |
| 48 | static int msglevel =MSG_LEVEL_INFO; |
| 49 | //static int msglevel =MSG_LEVEL_DEBUG; |
| 50 | /*--------------------- Static Classes ----------------------------*/ |
| 51 | |
| 52 | /*--------------------- Static Variables --------------------------*/ |
| 53 | |
| 54 | const BYTE abyOUIGK[4] = { 0x00, 0x0F, 0xAC, 0x00 }; |
| 55 | const BYTE abyOUIWEP40[4] = { 0x00, 0x0F, 0xAC, 0x01 }; |
| 56 | const BYTE abyOUIWEP104[4] = { 0x00, 0x0F, 0xAC, 0x05 }; |
| 57 | const BYTE abyOUITKIP[4] = { 0x00, 0x0F, 0xAC, 0x02 }; |
| 58 | const BYTE abyOUICCMP[4] = { 0x00, 0x0F, 0xAC, 0x04 }; |
| 59 | |
| 60 | const BYTE abyOUI8021X[4] = { 0x00, 0x0F, 0xAC, 0x01 }; |
| 61 | const BYTE abyOUIPSK[4] = { 0x00, 0x0F, 0xAC, 0x02 }; |
| 62 | |
| 63 | |
| 64 | /*--------------------- Static Functions --------------------------*/ |
| 65 | |
| 66 | /*--------------------- Export Variables --------------------------*/ |
| 67 | |
| 68 | /*--------------------- Export Functions --------------------------*/ |
| 69 | |
| 70 | /*+ |
| 71 | * |
| 72 | * Description: |
| 73 | * Clear RSN information in BSSList. |
| 74 | * |
| 75 | * Parameters: |
| 76 | * In: |
| 77 | * pBSSNode - BSS list. |
| 78 | * Out: |
| 79 | * none |
| 80 | * |
| 81 | * Return Value: none. |
| 82 | * |
| 83 | -*/ |
| 84 | VOID |
| 85 | WPA2_ClearRSN ( |
| 86 | IN PKnownBSS pBSSNode |
| 87 | ) |
| 88 | { |
| 89 | int ii; |
| 90 | |
| 91 | pBSSNode->bWPA2Valid = FALSE; |
| 92 | |
| 93 | pBSSNode->byCSSGK = WLAN_11i_CSS_CCMP; |
| 94 | for (ii=0; ii < 4; ii ++) |
| 95 | pBSSNode->abyCSSPK[ii] = WLAN_11i_CSS_CCMP; |
| 96 | pBSSNode->wCSSPKCount = 1; |
| 97 | for (ii=0; ii < 4; ii ++) |
| 98 | pBSSNode->abyAKMSSAuthType[ii] = WLAN_11i_AKMSS_802_1X; |
| 99 | pBSSNode->wAKMSSAuthCount = 1; |
| 100 | pBSSNode->sRSNCapObj.bRSNCapExist = FALSE; |
| 101 | pBSSNode->sRSNCapObj.wRSNCap = 0; |
| 102 | } |
| 103 | |
| 104 | /*+ |
| 105 | * |
| 106 | * Description: |
| 107 | * Parse RSN IE. |
| 108 | * |
| 109 | * Parameters: |
| 110 | * In: |
| 111 | * pBSSNode - BSS list. |
| 112 | * pRSN - Pointer to the RSN IE. |
| 113 | * Out: |
| 114 | * none |
| 115 | * |
| 116 | * Return Value: none. |
| 117 | * |
| 118 | -*/ |
| 119 | VOID |
| 120 | WPA2vParseRSN ( |
| 121 | IN PKnownBSS pBSSNode, |
| 122 | IN PWLAN_IE_RSN pRSN |
| 123 | ) |
| 124 | { |
| 125 | int i, j; |
| 126 | WORD m = 0, n = 0; |
| 127 | PBYTE pbyOUI; |
| 128 | BOOL bUseGK = FALSE; |
| 129 | |
| 130 | DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WPA2_ParseRSN: [%d]\n", pRSN->len); |
| 131 | |
| 132 | WPA2_ClearRSN(pBSSNode); |
| 133 | |
| 134 | if (pRSN->len == 2) { // ver(2) |
| 135 | if ((pRSN->byElementID == WLAN_EID_RSN) && (pRSN->wVersion == 1)) { |
| 136 | pBSSNode->bWPA2Valid = TRUE; |
| 137 | } |
| 138 | return; |
| 139 | } |
| 140 | |
| 141 | if (pRSN->len < 6) { // ver(2) + GK(4) |
| 142 | // invalid CSS, P802.11i/D10.0, p31 |
| 143 | return; |
| 144 | } |
| 145 | |
| 146 | // information element header makes sense |
| 147 | if ((pRSN->byElementID == WLAN_EID_RSN) && |
| 148 | (pRSN->wVersion == 1)) { |
| 149 | |
| 150 | DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Legal 802.11i RSN\n"); |
| 151 | |
| 152 | pbyOUI = &(pRSN->abyRSN[0]); |
| 153 | if (MEMEqualMemory(pbyOUI, abyOUIWEP40, 4)) |
| 154 | pBSSNode->byCSSGK = WLAN_11i_CSS_WEP40; |
| 155 | else if (MEMEqualMemory(pbyOUI, abyOUITKIP, 4)) |
| 156 | pBSSNode->byCSSGK = WLAN_11i_CSS_TKIP; |
| 157 | else if (MEMEqualMemory(pbyOUI, abyOUICCMP, 4)) |
| 158 | pBSSNode->byCSSGK = WLAN_11i_CSS_CCMP; |
| 159 | else if (MEMEqualMemory(pbyOUI, abyOUIWEP104, 4)) |
| 160 | pBSSNode->byCSSGK = WLAN_11i_CSS_WEP104; |
| 161 | else if (MEMEqualMemory(pbyOUI, abyOUIGK, 4)) { |
| 162 | // invalid CSS, P802.11i/D10.0, p32 |
| 163 | return; |
| 164 | } else |
| 165 | // any vendor checks here |
| 166 | pBSSNode->byCSSGK = WLAN_11i_CSS_UNKNOWN; |
| 167 | |
| 168 | DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"802.11i CSS: %X\n", pBSSNode->byCSSGK); |
| 169 | |
| 170 | if (pRSN->len == 6) { |
| 171 | pBSSNode->bWPA2Valid = TRUE; |
| 172 | return; |
| 173 | } |
| 174 | |
| 175 | if (pRSN->len >= 8) { // ver(2) + GK(4) + PK count(2) |
| 176 | pBSSNode->wCSSPKCount = *((PWORD) &(pRSN->abyRSN[4])); |
| 177 | j = 0; |
| 178 | pbyOUI = &(pRSN->abyRSN[6]); |
| 179 | |
| 180 | for (i = 0; (i < pBSSNode->wCSSPKCount) && (j < sizeof(pBSSNode->abyCSSPK)/sizeof(BYTE)); i++) { |
| 181 | |
| 182 | if (pRSN->len >= 8+i*4+4) { // ver(2)+GK(4)+PKCnt(2)+PKS(4*i) |
| 183 | if (MEMEqualMemory(pbyOUI, abyOUIGK, 4)) { |
| 184 | pBSSNode->abyCSSPK[j++] = WLAN_11i_CSS_USE_GROUP; |
| 185 | bUseGK = TRUE; |
| 186 | } else if (MEMEqualMemory(pbyOUI, abyOUIWEP40, 4)) { |
| 187 | // Invialid CSS, continue to parsing |
| 188 | } else if (MEMEqualMemory(pbyOUI, abyOUITKIP, 4)) { |
| 189 | if (pBSSNode->byCSSGK != WLAN_11i_CSS_CCMP) |
| 190 | pBSSNode->abyCSSPK[j++] = WLAN_11i_CSS_TKIP; |
| 191 | else |
| 192 | ; // Invialid CSS, continue to parsing |
| 193 | } else if (MEMEqualMemory(pbyOUI, abyOUICCMP, 4)) { |
| 194 | pBSSNode->abyCSSPK[j++] = WLAN_11i_CSS_CCMP; |
| 195 | } else if (MEMEqualMemory(pbyOUI, abyOUIWEP104, 4)) { |
| 196 | // Invialid CSS, continue to parsing |
| 197 | } else { |
| 198 | // any vendor checks here |
| 199 | pBSSNode->abyCSSPK[j++] = WLAN_11i_CSS_UNKNOWN; |
| 200 | } |
| 201 | pbyOUI += 4; |
| 202 | DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"abyCSSPK[%d]: %X\n", j-1, pBSSNode->abyCSSPK[j-1]); |
| 203 | } else |
| 204 | break; |
| 205 | } //for |
| 206 | |
| 207 | if (bUseGK == TRUE) { |
| 208 | if (j != 1) { |
| 209 | // invalid CSS, This should be only PK CSS. |
| 210 | return; |
| 211 | } |
| 212 | if (pBSSNode->byCSSGK == WLAN_11i_CSS_CCMP) { |
| 213 | // invalid CSS, If CCMP is enable , PK can't be CSSGK. |
| 214 | return; |
| 215 | } |
| 216 | } |
| 217 | if ((pBSSNode->wCSSPKCount != 0) && (j == 0)) { |
| 218 | // invalid CSS, No valid PK. |
| 219 | return; |
| 220 | } |
| 221 | pBSSNode->wCSSPKCount = (WORD)j; |
| 222 | DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wCSSPKCount: %d\n", pBSSNode->wCSSPKCount); |
| 223 | } |
| 224 | |
| 225 | m = *((PWORD) &(pRSN->abyRSN[4])); |
| 226 | |
| 227 | if (pRSN->len >= 10+m*4) { // ver(2) + GK(4) + PK count(2) + PKS(4*m) + AKMSS count(2) |
| 228 | pBSSNode->wAKMSSAuthCount = *((PWORD) &(pRSN->abyRSN[6+4*m]));; |
| 229 | j = 0; |
| 230 | pbyOUI = &(pRSN->abyRSN[8+4*m]); |
| 231 | for (i = 0; (i < pBSSNode->wAKMSSAuthCount) && (j < sizeof(pBSSNode->abyAKMSSAuthType)/sizeof(BYTE)); i++) { |
| 232 | if (pRSN->len >= 10+(m+i)*4+4) { // ver(2)+GK(4)+PKCnt(2)+PKS(4*m)+AKMSS(2)+AKS(4*i) |
| 233 | if (MEMEqualMemory(pbyOUI, abyOUI8021X, 4)) |
| 234 | pBSSNode->abyAKMSSAuthType[j++] = WLAN_11i_AKMSS_802_1X; |
| 235 | else if (MEMEqualMemory(pbyOUI, abyOUIPSK, 4)) |
| 236 | pBSSNode->abyAKMSSAuthType[j++] = WLAN_11i_AKMSS_PSK; |
| 237 | else |
| 238 | // any vendor checks here |
| 239 | pBSSNode->abyAKMSSAuthType[j++] = WLAN_11i_AKMSS_UNKNOWN; |
| 240 | DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"abyAKMSSAuthType[%d]: %X\n", j-1, pBSSNode->abyAKMSSAuthType[j-1]); |
| 241 | } else |
| 242 | break; |
| 243 | } |
| 244 | pBSSNode->wAKMSSAuthCount = (WORD)j; |
| 245 | DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wAKMSSAuthCount: %d\n", pBSSNode->wAKMSSAuthCount); |
| 246 | |
| 247 | n = *((PWORD) &(pRSN->abyRSN[6+4*m]));; |
| 248 | if (pRSN->len >= 12+4*m+4*n) { // ver(2)+GK(4)+PKCnt(2)+PKS(4*m)+AKMSSCnt(2)+AKMSS(4*n)+Cap(2) |
| 249 | pBSSNode->sRSNCapObj.bRSNCapExist = TRUE; |
| 250 | pBSSNode->sRSNCapObj.wRSNCap = *((PWORD) &(pRSN->abyRSN[8+4*m+4*n])); |
| 251 | } |
| 252 | } |
| 253 | //ignore PMKID lists bcs only (Re)Assocrequest has this field |
| 254 | pBSSNode->bWPA2Valid = TRUE; |
| 255 | } |
| 256 | } |
| 257 | |
| 258 | |
| 259 | /*+ |
| 260 | * |
| 261 | * Description: |
| 262 | * Set WPA IEs |
| 263 | * |
| 264 | * Parameters: |
| 265 | * In: |
| 266 | * pMgmtHandle - Pointer to management object |
| 267 | * Out: |
| 268 | * pRSNIEs - Pointer to the RSN IE to set. |
| 269 | * |
| 270 | * Return Value: length of IEs. |
| 271 | * |
| 272 | -*/ |
| 273 | UINT |
| 274 | WPA2uSetIEs( |
| 275 | IN PVOID pMgmtHandle, |
| 276 | OUT PWLAN_IE_RSN pRSNIEs |
| 277 | ) |
| 278 | { |
| 279 | PSMgmtObject pMgmt = (PSMgmtObject) pMgmtHandle; |
| 280 | PBYTE pbyBuffer = NULL; |
| 281 | UINT ii = 0; |
| 282 | PWORD pwPMKID = NULL; |
| 283 | |
| 284 | if (pRSNIEs == NULL) { |
| 285 | return(0); |
| 286 | } |
| 287 | if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || |
| 288 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) && |
| 289 | (pMgmt->pCurrBSS != NULL)) { |
| 290 | /* WPA2 IE */ |
| 291 | pbyBuffer = (PBYTE) pRSNIEs; |
| 292 | pRSNIEs->byElementID = WLAN_EID_RSN; |
| 293 | pRSNIEs->len = 6; //Version(2)+GK(4) |
| 294 | pRSNIEs->wVersion = 1; |
| 295 | //Group Key Cipher Suite |
| 296 | pRSNIEs->abyRSN[0] = 0x00; |
| 297 | pRSNIEs->abyRSN[1] = 0x0F; |
| 298 | pRSNIEs->abyRSN[2] = 0xAC; |
| 299 | if (pMgmt->byCSSGK == KEY_CTL_WEP) { |
| 300 | pRSNIEs->abyRSN[3] = pMgmt->pCurrBSS->byCSSGK; |
| 301 | } else if (pMgmt->byCSSGK == KEY_CTL_TKIP) { |
| 302 | pRSNIEs->abyRSN[3] = WLAN_11i_CSS_TKIP; |
| 303 | } else if (pMgmt->byCSSGK == KEY_CTL_CCMP) { |
| 304 | pRSNIEs->abyRSN[3] = WLAN_11i_CSS_CCMP; |
| 305 | } else { |
| 306 | pRSNIEs->abyRSN[3] = WLAN_11i_CSS_UNKNOWN; |
| 307 | } |
| 308 | |
| 309 | // Pairwise Key Cipher Suite |
| 310 | pRSNIEs->abyRSN[4] = 1; |
| 311 | pRSNIEs->abyRSN[5] = 0; |
| 312 | pRSNIEs->abyRSN[6] = 0x00; |
| 313 | pRSNIEs->abyRSN[7] = 0x0F; |
| 314 | pRSNIEs->abyRSN[8] = 0xAC; |
| 315 | if (pMgmt->byCSSPK == KEY_CTL_TKIP) { |
| 316 | pRSNIEs->abyRSN[9] = WLAN_11i_CSS_TKIP; |
| 317 | } else if (pMgmt->byCSSPK == KEY_CTL_CCMP) { |
| 318 | pRSNIEs->abyRSN[9] = WLAN_11i_CSS_CCMP; |
| 319 | } else if (pMgmt->byCSSPK == KEY_CTL_NONE) { |
| 320 | pRSNIEs->abyRSN[9] = WLAN_11i_CSS_USE_GROUP; |
| 321 | } else { |
| 322 | pRSNIEs->abyRSN[9] = WLAN_11i_CSS_UNKNOWN; |
| 323 | } |
| 324 | pRSNIEs->len += 6; |
| 325 | |
| 326 | // Auth Key Management Suite |
| 327 | pRSNIEs->abyRSN[10] = 1; |
| 328 | pRSNIEs->abyRSN[11] = 0; |
| 329 | pRSNIEs->abyRSN[12] = 0x00; |
| 330 | pRSNIEs->abyRSN[13] = 0x0F; |
| 331 | pRSNIEs->abyRSN[14] = 0xAC; |
| 332 | if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK) { |
| 333 | pRSNIEs->abyRSN[15] = WLAN_11i_AKMSS_PSK; |
| 334 | } else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) { |
| 335 | pRSNIEs->abyRSN[15] = WLAN_11i_AKMSS_802_1X; |
| 336 | } else { |
| 337 | pRSNIEs->abyRSN[15] = WLAN_11i_AKMSS_UNKNOWN; |
| 338 | } |
| 339 | pRSNIEs->len +=6; |
| 340 | |
| 341 | // RSN Capabilites |
| 342 | if (pMgmt->pCurrBSS->sRSNCapObj.bRSNCapExist == TRUE) { |
| 343 | MEMvCopy(&pRSNIEs->abyRSN[16], &pMgmt->pCurrBSS->sRSNCapObj.wRSNCap, 2); |
| 344 | } else { |
| 345 | pRSNIEs->abyRSN[16] = 0; |
| 346 | pRSNIEs->abyRSN[17] = 0; |
| 347 | } |
| 348 | pRSNIEs->len +=2; |
| 349 | |
| 350 | if ((pMgmt->gsPMKIDCache.BSSIDInfoCount > 0) && |
| 351 | (pMgmt->bRoaming == TRUE) && |
| 352 | (pMgmt->eAuthenMode == WMAC_AUTH_WPA2)) { |
| 353 | // RSN PMKID |
| 354 | pwPMKID = (PWORD)(&pRSNIEs->abyRSN[18]); // Point to PMKID count |
| 355 | *pwPMKID = 0; // Initialize PMKID count |
| 356 | pbyBuffer = &pRSNIEs->abyRSN[20]; // Point to PMKID list |
| 357 | for (ii = 0; ii < pMgmt->gsPMKIDCache.BSSIDInfoCount; ii++) { |
| 358 | if (MEMEqualMemory(&pMgmt->gsPMKIDCache.BSSIDInfo[ii].abyBSSID[0], pMgmt->abyCurrBSSID, U_ETHER_ADDR_LEN)) { |
| 359 | (*pwPMKID) ++; |
| 360 | MEMvCopy(pbyBuffer, pMgmt->gsPMKIDCache.BSSIDInfo[ii].abyPMKID, 16); |
| 361 | pbyBuffer += 16; |
| 362 | } |
| 363 | } |
| 364 | if (*pwPMKID != 0) { |
| 365 | pRSNIEs->len += (2 + (*pwPMKID)*16); |
| 366 | } else { |
| 367 | pbyBuffer = &pRSNIEs->abyRSN[18]; |
| 368 | } |
| 369 | } |
| 370 | return(pRSNIEs->len + WLAN_IEHDR_LEN); |
| 371 | } |
| 372 | return(0); |
| 373 | } |