1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * 20 * File: wpa.c 21 * 22 * Purpose: Handles the Basic Service Set & Node Database functions 23 * 24 * Functions: 25 * WPA_ParseRSN - Parse RSN IE. 26 * 27 * Revision History: 28 * 29 * Author: Kyle Hsu 30 * 31 * Date: July 14, 2003 32 * 33 */ 34 35#include "ttype.h" 36#include "tmacro.h" 37#include "tether.h" 38#include "device.h" 39#include "80211hdr.h" 40#include "bssdb.h" 41#include "wmgr.h" 42#include "wpa.h" 43#include "80211mgr.h" 44 45/*--------------------- Static Variables --------------------------*/ 46static int msglevel =MSG_LEVEL_INFO; 47 48const BYTE abyOUI00[4] = { 0x00, 0x50, 0xf2, 0x00 }; 49const BYTE abyOUI01[4] = { 0x00, 0x50, 0xf2, 0x01 }; 50const BYTE abyOUI02[4] = { 0x00, 0x50, 0xf2, 0x02 }; 51const BYTE abyOUI03[4] = { 0x00, 0x50, 0xf2, 0x03 }; 52const BYTE abyOUI04[4] = { 0x00, 0x50, 0xf2, 0x04 }; 53const BYTE abyOUI05[4] = { 0x00, 0x50, 0xf2, 0x05 }; 54 55 56/*+ 57 * 58 * Description: 59 * Clear RSN information in BSSList. 60 * 61 * Parameters: 62 * In: 63 * pBSSList - BSS list. 64 * Out: 65 * none 66 * 67 * Return Value: none. 68 * 69-*/ 70 71void 72WPA_ClearRSN ( 73 PKnownBSS pBSSList 74 ) 75{ 76 int ii; 77 pBSSList->byGKType = WPA_TKIP; 78 for (ii=0; ii < 4; ii ++) 79 pBSSList->abyPKType[ii] = WPA_TKIP; 80 pBSSList->wPKCount = 0; 81 for (ii=0; ii < 4; ii ++) 82 pBSSList->abyAuthType[ii] = WPA_AUTH_IEEE802_1X; 83 pBSSList->wAuthCount = 0; 84 pBSSList->byDefaultK_as_PK = 0; 85 pBSSList->byReplayIdx = 0; 86 pBSSList->sRSNCapObj.bRSNCapExist = FALSE; 87 pBSSList->sRSNCapObj.wRSNCap = 0; 88 pBSSList->bWPAValid = FALSE; 89} 90 91 92/*+ 93 * 94 * Description: 95 * Parse RSN IE. 96 * 97 * Parameters: 98 * In: 99 * pBSSList - BSS list. 100 * pRSN - Pointer to the RSN IE. 101 * Out: 102 * none 103 * 104 * Return Value: none. 105 * 106-*/ 107void 108WPA_ParseRSN ( 109 PKnownBSS pBSSList, 110 PWLAN_IE_RSN_EXT pRSN 111 ) 112{ 113 PWLAN_IE_RSN_AUTH pIE_RSN_Auth = NULL; 114 int i, j, m, n = 0; 115 PBYTE pbyCaps; 116 117 WPA_ClearRSN(pBSSList); 118 119 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WPA_ParseRSN: [%d]\n", pRSN->len); 120 121 // information element header makes sense 122 if ((pRSN->len >= 6) // oui1(4)+ver(2) 123 && (pRSN->byElementID == WLAN_EID_RSN_WPA) && !memcmp(pRSN->abyOUI, abyOUI01, 4) 124 && (pRSN->wVersion == 1)) { 125 126 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Legal RSN\n"); 127 // update each variable if pRSN is long enough to contain the variable 128 if (pRSN->len >= 10) //oui1(4)+ver(2)+GKSuite(4) 129 { 130 if ( !memcmp(pRSN->abyMulticast, abyOUI01, 4)) 131 pBSSList->byGKType = WPA_WEP40; 132 else if ( !memcmp(pRSN->abyMulticast, abyOUI02, 4)) 133 pBSSList->byGKType = WPA_TKIP; 134 else if ( !memcmp(pRSN->abyMulticast, abyOUI03, 4)) 135 pBSSList->byGKType = WPA_AESWRAP; 136 else if ( !memcmp(pRSN->abyMulticast, abyOUI04, 4)) 137 pBSSList->byGKType = WPA_AESCCMP; 138 else if ( !memcmp(pRSN->abyMulticast, abyOUI05, 4)) 139 pBSSList->byGKType = WPA_WEP104; 140 else 141 // any vendor checks here 142 pBSSList->byGKType = WPA_NONE; 143 144 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byGKType: %x\n", pBSSList->byGKType); 145 } 146 147 if (pRSN->len >= 12) //oui1(4)+ver(2)+GKS(4)+PKSCnt(2) 148 { 149 j = 0; 150 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wPKCount: %d, sizeof(pBSSList->abyPKType): %zu\n", pRSN->wPKCount, sizeof(pBSSList->abyPKType)); 151 for (i = 0; (i < pRSN->wPKCount) && 152 (j < sizeof(pBSSList->abyPKType)/sizeof(BYTE)); i++) { 153 if(pRSN->len >= 12+i*4+4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*i) 154 if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI00, 4)) 155 pBSSList->abyPKType[j++] = WPA_NONE; 156 else if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI02, 4)) 157 pBSSList->abyPKType[j++] = WPA_TKIP; 158 else if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI03, 4)) 159 pBSSList->abyPKType[j++] = WPA_AESWRAP; 160 else if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI04, 4)) 161 pBSSList->abyPKType[j++] = WPA_AESCCMP; 162 else 163 // any vendor checks here 164 ; 165 } 166 else 167 break; 168 //DBG_PRN_GRP14(("abyPKType[%d]: %X\n", j-1, pBSSList->abyPKType[j-1])); 169 } //for 170 pBSSList->wPKCount = (WORD)j; 171 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wPKCount: %d\n", pBSSList->wPKCount); 172 } 173 174 m = pRSN->wPKCount; 175 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"m: %d\n", m); 176 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"14+m*4: %d\n", 14+m*4); 177 178 if (pRSN->len >= 14+m*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2) 179 // overlay IE_RSN_Auth structure into correct place 180 pIE_RSN_Auth = (PWLAN_IE_RSN_AUTH) pRSN->PKSList[m].abyOUI; 181 j = 0; 182 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wAuthCount: %d, sizeof(pBSSList->abyAuthType): %zu\n", 183 pIE_RSN_Auth->wAuthCount, sizeof(pBSSList->abyAuthType)); 184 for (i = 0; (i < pIE_RSN_Auth->wAuthCount) && 185 (j < sizeof(pBSSList->abyAuthType)/sizeof(BYTE)); i++) { 186 if(pRSN->len >= 14+4+(m+i)*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)+AKS(4*i) 187 if ( !memcmp(pIE_RSN_Auth->AuthKSList[i].abyOUI, abyOUI01, 4)) 188 pBSSList->abyAuthType[j++] = WPA_AUTH_IEEE802_1X; 189 else if ( !memcmp(pIE_RSN_Auth->AuthKSList[i].abyOUI, abyOUI02, 4)) 190 pBSSList->abyAuthType[j++] = WPA_AUTH_PSK; 191 else 192 // any vendor checks here 193 ; 194 } 195 else 196 break; 197 //DBG_PRN_GRP14(("abyAuthType[%d]: %X\n", j-1, pBSSList->abyAuthType[j-1])); 198 } 199 if(j > 0) 200 pBSSList->wAuthCount = (WORD)j; 201 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wAuthCount: %d\n", pBSSList->wAuthCount); 202 } 203 204 if (pIE_RSN_Auth != NULL) { 205 206 n = pIE_RSN_Auth->wAuthCount; 207 208 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"n: %d\n", n); 209 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"14+4+(m+n)*4: %d\n", 14+4+(m+n)*4); 210 211 if(pRSN->len+2 >= 14+4+(m+n)*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)+AKS(4*n)+Cap(2) 212 pbyCaps = (PBYTE)pIE_RSN_Auth->AuthKSList[n].abyOUI; 213 pBSSList->byDefaultK_as_PK = (*pbyCaps) & WPA_GROUPFLAG; 214 pBSSList->byReplayIdx = 2 << ((*pbyCaps >> WPA_REPLAYBITSSHIFT) & WPA_REPLAYBITS); 215 pBSSList->sRSNCapObj.bRSNCapExist = TRUE; 216 pBSSList->sRSNCapObj.wRSNCap = *(PWORD)pbyCaps; 217 //DBG_PRN_GRP14(("pbyCaps: %X\n", *pbyCaps)); 218 //DBG_PRN_GRP14(("byDefaultK_as_PK: %X\n", pBSSList->byDefaultK_as_PK)); 219 //DBG_PRN_GRP14(("byReplayIdx: %X\n", pBSSList->byReplayIdx)); 220 } 221 } 222 pBSSList->bWPAValid = TRUE; 223 } 224} 225 226/*+ 227 * 228 * Description: 229 * Search RSN information in BSSList. 230 * 231 * Parameters: 232 * In: 233 * byCmd - Search type 234 * byEncrypt- Encrcypt Type 235 * pBSSList - BSS list 236 * Out: 237 * none 238 * 239 * Return Value: none. 240 * 241-*/ 242BOOL 243WPA_SearchRSN ( 244 BYTE byCmd, 245 BYTE byEncrypt, 246 PKnownBSS pBSSList 247 ) 248{ 249 int ii; 250 BYTE byPKType = WPA_NONE; 251 252 if (pBSSList->bWPAValid == FALSE) 253 return FALSE; 254 255 switch(byCmd) { 256 case 0: 257 258 if (byEncrypt != pBSSList->byGKType) 259 return FALSE; 260 261 if (pBSSList->wPKCount > 0) { 262 for (ii = 0; ii < pBSSList->wPKCount; ii ++) { 263 if (pBSSList->abyPKType[ii] == WPA_AESCCMP) 264 byPKType = WPA_AESCCMP; 265 else if ((pBSSList->abyPKType[ii] == WPA_TKIP) && (byPKType != WPA_AESCCMP)) 266 byPKType = WPA_TKIP; 267 else if ((pBSSList->abyPKType[ii] == WPA_WEP40) && (byPKType != WPA_AESCCMP) && (byPKType != WPA_TKIP)) 268 byPKType = WPA_WEP40; 269 else if ((pBSSList->abyPKType[ii] == WPA_WEP104) && (byPKType != WPA_AESCCMP) && (byPKType != WPA_TKIP)) 270 byPKType = WPA_WEP104; 271 } 272 if (byEncrypt != byPKType) 273 return FALSE; 274 } 275 return TRUE; 276// if (pBSSList->wAuthCount > 0) 277// for (ii=0; ii < pBSSList->wAuthCount; ii ++) 278// if (byAuth == pBSSList->abyAuthType[ii]) 279// break; 280 break; 281 282 default: 283 break; 284 } 285 return FALSE; 286} 287 288/*+ 289 * 290 * Description: 291 * Check if RSN IE makes sense. 292 * 293 * Parameters: 294 * In: 295 * pRSN - Pointer to the RSN IE. 296 * Out: 297 * none 298 * 299 * Return Value: none. 300 * 301-*/ 302BOOL 303WPAb_Is_RSN ( 304 PWLAN_IE_RSN_EXT pRSN 305 ) 306{ 307 if (pRSN == NULL) 308 return FALSE; 309 310 if ((pRSN->len >= 6) && // oui1(4)+ver(2) 311 (pRSN->byElementID == WLAN_EID_RSN_WPA) && !memcmp(pRSN->abyOUI, abyOUI01, 4) && 312 (pRSN->wVersion == 1)) { 313 return TRUE; 314 } 315 else 316 return FALSE; 317} 318