/drivers/net/wireless/tiwlan1251/common/src/core/rsn/admCtrlWpa2.c
C | 2029 lines | 1291 code | 286 blank | 452 comment | 169 complexity | dcc3da453cc77bc6660bbb1bb34d78a4 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.0, AGPL-1.0
Large files files are truncated, but you can click here to view the full file
- /****************************************************************************
- **+-----------------------------------------------------------------------+**
- **| |**
- **| Copyright(c) 1998 - 2008 Texas Instruments. All rights reserved. |**
- **| All rights reserved. |**
- **| |**
- **| Redistribution and use in source and binary forms, with or without |**
- **| modification, are permitted provided that the following conditions |**
- **| are met: |**
- **| |**
- **| * Redistributions of source code must retain the above copyright |**
- **| notice, this list of conditions and the following disclaimer. |**
- **| * Redistributions in binary form must reproduce the above copyright |**
- **| notice, this list of conditions and the following disclaimer in |**
- **| the documentation and/or other materials provided with the |**
- **| distribution. |**
- **| * Neither the name Texas Instruments nor the names of its |**
- **| contributors may be used to endorse or promote products derived |**
- **| from this software without specific prior written permission. |**
- **| |**
- **| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |**
- **| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |**
- **| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |**
- **| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |**
- **| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |**
- **| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |**
- **| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |**
- **| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |**
- **| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |**
- **| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |**
- **| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |**
- **| |**
- **+-----------------------------------------------------------------------+**
- ****************************************************************************/
- /** \file admCtrlWpa2.c
- * \brief WPA2 Admission control methods
- *
- * \see admCtrl.h
- */
- #include "osApi.h"
- #include "utils.h"
- #include "paramOut.h"
- #include "paramIn.h"
- #include "mlmeApi.h"
- #include "802_11Defs.h"
- #include "DataCtrl_Api.h"
- #include "report.h"
- /*
- #include "fsm.h"
- #include "utils.h"
- */
- #include "rsn.h"
- #include "admCtrl.h"
- #include "admCtrlWpa2.h"
- #include "osDot11.h"
- #include "siteMgrApi.h"
- #include "EvHandler.h"
- #include "admCtrl.h"
- #ifdef EXC_MODULE_INCLUDED
- #include "admCtrlWpa.h"
- #include "admCtrlExc.h"
- #include "excMngr.h"
- #endif
- /* Constants */
- #define MAX_NETWORK_MODE 2
- #define MAX_WPA2_CIPHER_SUITE 6
- #define PMKID_CAND_LIST_MEMBUFF_SIZE (2*sizeof(UINT32) + (sizeof(OS_802_11_PMKID_CANDIDATE) * PMKID_MAX_NUMBER))
- #define PMKID_MIN_BUFFER_SIZE 2*sizeof(UINT32) + MAC_ADDR_LEN + PMKID_VALUE_SIZE
- #define TI_WLAN_COPY_UINT16_UNALIGNED(addr, val) {\
- *((UINT8 *) &(addr)) = (UINT8)(val & 0x00FF); \
- *((UINT8 *) &(addr) + 1) = (UINT8)((val & 0xFF00) >> 8);}
- /* Enumerations */
- /* Typedefs */
- /* Structures */
- /* External data definitions */
- /* Local functions definitions */
- /* Global variables */
- static UINT8 wpa2IeOuiIe[3] = { 0x00, 0x0f, 0xac};
- /**************************************************************/
- /* reduce stack usage (admCtrlWpa_setSite)*/
- /**************************************************************/
- static paramInfo_t param;
- static whalParamInfo_t whalParam;
- static wpa2IeData_t wpa2DataIE;
- /**************************************************************/
- static BOOL broadcastCipherSuiteValidity[MAX_NETWORK_MODE][MAX_WPA2_CIPHER_SUITE]=
- {
- /* RSN_IBSS */ {
- /* NONE */ FALSE,
- /* WEP40 */ FALSE,
- /* TKIP */ TRUE,
- /* AES_WRAP */ FALSE,
- /* AES_CCMP */ TRUE,
- /* WEP104 */ FALSE},
- /* RSN_INFRASTRUCTURE */ {
- /* NONE */ FALSE,
- /* WEP */ TRUE,
- /* TKIP */ TRUE,
- /* AES_WRAP */ FALSE,
- /* AES_CCMP */ TRUE,
- /* WEP104 */ TRUE}
- };
- /** WPA2 admission table. Used to verify admission parameters to an AP */
- /* table parameters:
- Max unicast cipher in the IE
- Max broadcast cipher in the IE
- Encryption status
- */
- typedef struct
- {
- TI_STATUS status;
- cipherSuite_e unicast;
- cipherSuite_e broadcast;
- UINT8 evaluation;
- } admCtrlWpa2_validity_t;
- static admCtrlWpa2_validity_t admCtrlWpa2_validityTable[MAX_WPA2_CIPHER_SUITE][MAX_WPA2_CIPHER_SUITE][MAX_WPA2_CIPHER_SUITE] =
- {
- /* AP unicast NONE */ {
- /* AP multicast NONE */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP40 */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP40 */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP40 */ { OK, RSN_CIPHER_NONE, RSN_CIPHER_WEP ,1},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ OK, RSN_CIPHER_NONE, RSN_CIPHER_WEP104 ,1}},
- /* AP multicast TKIP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { OK, RSN_CIPHER_NONE, RSN_CIPHER_TKIP ,2},
- /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WRAP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WRAP */ { OK, RSN_CIPHER_NONE, RSN_CIPHER_AES_WRAP ,3},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast CCMP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { OK, RSN_CIPHER_NONE, RSN_CIPHER_AES_CCMP ,3},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP104 */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP40 */ { OK, RSN_CIPHER_NONE, RSN_CIPHER_WEP ,1},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ OK, RSN_CIPHER_NONE, RSN_CIPHER_WEP104 ,1}}},
- /* AP unicast WEP */ {
- /* AP multicast NONE */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast TKIP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WRAP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast CCMP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP104 */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}},
- /* AP unicast TKIP */ {
- /* AP multicast NONE */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { OK, RSN_CIPHER_TKIP, RSN_CIPHER_WEP ,4},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast TKIP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { OK, RSN_CIPHER_TKIP, RSN_CIPHER_TKIP ,7},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WRAP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast CCMP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP104 */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { OK, RSN_CIPHER_TKIP, RSN_CIPHER_WEP104 ,4},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}},
- /* AP unicast AES_WRAP */ {
- /* AP multicast NONE */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP40 */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { OK, RSN_CIPHER_AES_WRAP, RSN_CIPHER_WEP ,5},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast TKIP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { OK, RSN_CIPHER_AES_WRAP, RSN_CIPHER_TKIP ,6},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WRAP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { OK, RSN_CIPHER_AES_WRAP, RSN_CIPHER_AES_WRAP ,8},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast CCMP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP104 */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { OK, RSN_CIPHER_AES_WRAP, RSN_CIPHER_WEP104 ,5},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}},
- /* AP unicast AES_CCMP */ {
- /* AP multicast NONE */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { OK, RSN_CIPHER_AES_CCMP, RSN_CIPHER_WEP ,5},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast TKIP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { OK, RSN_CIPHER_AES_CCMP, RSN_CIPHER_TKIP ,6},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { OK, RSN_CIPHER_AES_CCMP, RSN_CIPHER_TKIP ,6},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WRAP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast CCMP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { OK, RSN_CIPHER_AES_CCMP, RSN_CIPHER_AES_CCMP ,6},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { OK, RSN_CIPHER_AES_CCMP, RSN_CIPHER_AES_CCMP ,8},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { OK, RSN_CIPHER_AES_CCMP, RSN_CIPHER_WEP104 ,5},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}},
- /* AP unicast WEP104 */ {
- /* AP multicast NONE */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast TKIP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WRAP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast CCMP */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}},
- /* AP multicast WEP104 */ {
- /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0},
- /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}}
- };
- /* PMKID cache */
- /* static wpa2_pmkid_cache_t wpa2_pmkid_cache; */
- /* Function prototypes */
- TI_STATUS admCtrlWpa2_parseIe(admCtrl_t *pAdmCtrl, UINT8 *pWpa2Ie, wpa2IeData_t *pWpa2Data);
- UINT16 admCtrlWpa2_buildCapabilities(admCtrl_t *pAdmCtrl);
- UINT32 admCtrlWpa2_parseSuiteVal(admCtrl_t *pAdmCtrl, UINT8* suiteVal, UINT32 maxVal, UINT32 unknownVal);
- TI_STATUS admCtrlWpa2_checkCipherSuiteValidity(cipherSuite_e unicastSuite, cipherSuite_e broadcastSuite, cipherSuite_e encryptionStatus);
- TI_STATUS admCtrlWpa2_getCipherSuiteMetric (admCtrl_t *pAdmCtrl, wpa2IeData_t *pWpa2Data, UINT32 *metric,
- cipherSuite_e *uSuite, cipherSuite_e *bSuite);
- TI_STATUS admCtrlWpa2_DynamicConfig(admCtrl_t *pAdmCtrl, rsn_paeConfig_t *pPaeConfig);
- TI_STATUS admCtrlWpa2_resetPMKIDCache(admCtrl_t *pAdmCtrl);
- /*TI_STATUS admCtrlWpa2_sendPMKIDCandListAfterDelay(admCtrl_t * pAdmCtrl, UINT32 delay);*/
- TI_STATUS admCtrlWpa2_getPMKIDList(admCtrl_t * pAdmCtrl,OS_802_11_PMKID *pmkidList);
- TI_STATUS admCtrlWpa2_setPMKIDList(admCtrl_t * pAdmCtrl, OS_802_11_PMKID *pmkidList);
- TI_STATUS admCtrlWpa2_addPMKID(admCtrl_t * pAdmCtrl, macAddress_t * pBSSID, pmkidValue_t pmkID);
- TI_STATUS admCtrlWpa2_findPMKID(admCtrl_t * pAdmCtrl, macAddress_t *pBSSID,
- pmkidValue_t *pPMKID, UINT8 *cacheIndex);
- static BOOL admCtrlWpa2_getPreAuthStatus(admCtrl_t *pAdmCtrl, macAddress_t *givenAP, UINT8 *cacheIndex);
- static TI_STATUS admCtrlWpa2_startPreAuth(admCtrl_t *pAdmCtrl, bssidList4PreAuth_t *pBssidList);
- static void admCtrlWpa2_buildAndSendPMKIDCandList(TI_HANDLE hHandle, bssidList4PreAuth_t *apList);
- static TI_STATUS admCtrlWpa2_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, BOOL *wpa_802_1x_AkmExists);
- /**
- *
- * admCtrlWpa_config - Configure EXC admission control.
- *
- * \b Description:
- *
- * Configure EXC admission control.
- *
- * \b ARGS:
- *
- * I - pAdmCtrl - context \n
- *
- * \b RETURNS:
- *
- * OK on success, NOK on failure.
- *
- * \sa
- */
- TI_STATUS admCtrlWpa2_config(admCtrl_t *pAdmCtrl)
- {
- TI_STATUS status;
- rsn_paeConfig_t paeConfig;
- /* check and set admission control default parameters */
- pAdmCtrl->authSuite = RSN_AUTH_OPEN;
- if (pAdmCtrl->unicastSuite == RSN_CIPHER_NONE)
- {
- pAdmCtrl->unicastSuite = RSN_CIPHER_AES_CCMP;
- }
- if (pAdmCtrl->broadcastSuite == RSN_CIPHER_NONE)
- {
- pAdmCtrl->broadcastSuite = RSN_CIPHER_AES_CCMP;
- }
- /* set callback functions (API) */
- pAdmCtrl->getInfoElement = admCtrlWpa2_getInfoElement;
- pAdmCtrl->setSite = admCtrlWpa2_setSite;
- pAdmCtrl->evalSite = admCtrlWpa2_evalSite;
- pAdmCtrl->getPmkidList = admCtrlWpa2_getPMKIDList;
- pAdmCtrl->setPmkidList = admCtrlWpa2_setPMKIDList;
- pAdmCtrl->resetPmkidList = admCtrlWpa2_resetPMKIDCache;
- pAdmCtrl->getPreAuthStatus = admCtrlWpa2_getPreAuthStatus;
- pAdmCtrl->startPreAuth = admCtrlWpa2_startPreAuth;
- pAdmCtrl->get802_1x_AkmExists = admCtrlWpa2_get802_1x_AkmExists;
- /* set key management suite (AKMP) */
- switch (pAdmCtrl->externalAuthMode)
- {
- case RSN_EXT_AUTH_MODE_WPA2:
- case RSN_EXT_AUTH_MODE_WPA2PSK:
- pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X;
- break;
- case RSN_EXT_AUTH_MODE_WPANONE:
- pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE;
- /* Not supported */
- default:
- return NOK;
- }
- paeConfig.authProtocol = pAdmCtrl->externalAuthMode;
- paeConfig.unicastSuite = pAdmCtrl->unicastSuite;
- paeConfig.broadcastSuite = pAdmCtrl->broadcastSuite;
- paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite;
- /* set default PAE configuration */
- status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig);
- return status;
- }
- /**
- *
- * admCtrlWpa2_getInfoElement - Get the current information element.
- *
- * \b Description:
- *
- * Get the current information element.
- *
- * \b ARGS:
- *
- * I - pAdmCtrl - context \n
- * I - pIe - IE buffer \n
- * I - pLength - length of IE \n
- *
- * \b RETURNS:
- *
- * OK on success, NOK on failure.
- *
- * \sa
- */
- TI_STATUS admCtrlWpa2_getInfoElement(admCtrl_t *pAdmCtrl, UINT8 *pIe, UINT8 *pLength)
- {
- wpa2IePacket_t *pWpa2IePacket;
- UINT8 length = 0;
- macAddress_t assocBssid;
- paramInfo_t param;
- pmkidValue_t pmkId;
- TI_STATUS status;
- UINT8 index;
- #ifdef FOUR_ALIGNMENT
- UINT16 tempInt;
- #endif
- if (pIe==NULL)
- {
- *pLength = 0;
- return NOK;
- }
- /* check Group suite validity */
- if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][pAdmCtrl->broadcastSuite])
- {
- *pLength = 0;
- return NOK;
- }
- /* Init Wpa2 IE (RSN IE) */
- pWpa2IePacket = (wpa2IePacket_t*)pIe;
- os_memoryZero(pAdmCtrl->hOs, pWpa2IePacket, sizeof(wpa2IePacket_t));
- /* Fill the element ID */
- pWpa2IePacket->elementid = RSN_IE_ID;
- #ifndef FOUR_ALIGNMENT
- pWpa2IePacket->version = ENDIAN_HANDLE_WORD(WPA2_OUI_MAX_VERSION);
- #else
- /* required for WinCe, when the pointer is not even */
- tempInt = ENDIAN_HANDLE_WORD(WPA2_OUI_MAX_VERSION);
- os_memoryCopy(pAdmCtrl->hOs, (UINT8 *)&pWpa2IePacket->version, &tempInt, sizeof(pWpa2IePacket->version));
- #endif
- length += 2;
- /* build group suite */
- os_memoryCopy(pAdmCtrl->hOs, (void *)pWpa2IePacket->groupSuite, wpa2IeOuiIe, 3);
- pWpa2IePacket->groupSuite[3] = (UINT8)pAdmCtrl->pRsn->paeConfig.broadcastSuite;
- length += 4;
- /* build pairwise suite - we always send only one pairwise suite */
- #ifndef FOUR_ALIGNMENT
- pWpa2IePacket->pairwiseSuiteCnt = ENDIAN_HANDLE_WORD(0x0001);
- #else
- /* required for WinCe, when the pointer is not even */
- tempInt = ENDIAN_HANDLE_WORD(0x0001);
- os_memoryCopy(pAdmCtrl->hOs, (UINT8 *)&pWpa2IePacket->pairwiseSuiteCnt, &tempInt, sizeof(pWpa2IePacket->pairwiseSuiteCnt));
- #endif
- length += 2;
- os_memoryCopy(pAdmCtrl->hOs, (void *)pWpa2IePacket->pairwiseSuite, wpa2IeOuiIe, 3);
- pWpa2IePacket->pairwiseSuite[3] = (UINT8)pAdmCtrl->pRsn->paeConfig.unicastSuite;
- length += 4;
-
- /* build keyMng suite - we always send only one key mgmt suite*/
- #ifndef FOUR_ALIGNMENT
- pWpa2IePacket->authKeyMngSuiteCnt = ENDIAN_HANDLE_WORD(0x0001);
- #else
- /* required for WinCe, when the pointer is not even */
- tempInt = ENDIAN_HANDLE_WORD(0x0001);
- os_memoryCopy(pAdmCtrl->hOs, (UINT8 *)&pWpa2IePacket->authKeyMngSuiteCnt, &tempInt, sizeof(pWpa2IePacket->authKeyMngSuiteCnt));
- #endif
-
- length += 2;
- os_memoryCopy(pAdmCtrl->hOs, (void *)pWpa2IePacket->authKeyMngSuite, wpa2IeOuiIe, 3);
-
- switch (pAdmCtrl->externalAuthMode)
- {
- case RSN_EXT_AUTH_MODE_OPEN:
- case RSN_EXT_AUTH_MODE_SHARED_KEY:
- case RSN_EXT_AUTH_MODE_AUTO_SWITCH:
- pWpa2IePacket->authKeyMngSuite[3] = WPA2_IE_KEY_MNG_NONE;
- break;
- case RSN_EXT_AUTH_MODE_WPA2:
- case RSN_EXT_AUTH_MODE_WPA: /* for Any-WPA/WPA-Mixed mode */
- {
- #ifdef EXC_MODULE_INCLUDED
- UINT8 akmSuite[DOT11_OUI_LEN+1];
- if (admCtrlExc_getCckmAkm(pAdmCtrl, akmSuite))
- {
- os_memoryCopy(pAdmCtrl->hOs, (PVOID)pWpa2IePacket->authKeyMngSuite, akmSuite, DOT11_OUI_LEN+1);
- }
- else
- #endif
- {
- pWpa2IePacket->authKeyMngSuite[3] = WPA2_IE_KEY_MNG_801_1X;
- }
- }
- break;
- case RSN_EXT_AUTH_MODE_WPA2PSK:
- case RSN_EXT_AUTH_MODE_WPAPSK:
- pWpa2IePacket->authKeyMngSuite[3] = WPA2_IE_KEY_MNG_PSK_801_1X;
- break;
- default:
- pWpa2IePacket->authKeyMngSuite[3] = WPA2_IE_KEY_MNG_NONE;
- break;
- }
- length += 4;
-
- /* build Capabilities */
- #ifndef FOUR_ALIGNMENT
- pWpa2IePacket->capabilities = ENDIAN_HANDLE_WORD(admCtrlWpa2_buildCapabilities(pAdmCtrl));
- #else
- /* required for WinCe, when the pointer is not even */
- tempInt = ENDIAN_HANDLE_WORD(admCtrlWpa2_buildCapabilities(pAdmCtrl));
- os_memoryCopy(pAdmCtrl->hOs, (UINT8 *)&pWpa2IePacket->capabilities, &tempInt, sizeof(pWpa2IePacket->capabilities));
- #endif
-
- length += 2;
- /* build PMKID list: we support no more than 1 PMKSA per AP, */
- /* so no more than 1 PMKID can be sent in the RSN IE */
- if(pAdmCtrl->preAuthSupport &&
- (pAdmCtrl->pRsn->paeConfig.authProtocol == RSN_EXT_AUTH_MODE_WPA2))
- {
- /* Init value of PMKID count is 0 */
- #ifndef FOUR_ALIGNMENT
- pWpa2IePacket->pmkIdCnt = ENDIAN_HANDLE_WORD(0);
- #else
- /* required for WinCe, when the pointer is not even */
- tempInt = ENDIAN_HANDLE_WORD(0);
- os_memoryCopy(pAdmCtrl->hOs, (UINT8 *)&pWpa2IePacket->pmkIdCnt, &tempInt, sizeof(pWpa2IePacket->pmkIdCnt));
- #endif
-
- length += 2;
- param.paramType = CTRL_DATA_CURRENT_BSSID_PARAM;
- status = ctrlData_getParam(pAdmCtrl->pRsn->hCtrlData, ¶m);
- assocBssid = param.content.ctrlDataCurrentBSSID;
- WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("admCtrlWpa2_getInfoElement - find PMKID \n"));
- status = admCtrlWpa2_findPMKID(pAdmCtrl, &assocBssid, &pmkId, &index);
- if(status == OK)
- {
- WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("admCtrlWpa2_getInfoElement - PMKID was found! \n"));
- #ifndef FOUR_ALIGNMENT
- pWpa2IePacket->pmkIdCnt = ENDIAN_HANDLE_WORD(1);
- #else
- /* required for WinCe, when the pointer is not even */
- tempInt = ENDIAN_HANDLE_WORD(1);
- os_memoryCopy(pAdmCtrl->hOs, (UINT8 *)&pWpa2IePacket->pmkIdCnt, &tempInt, sizeof(pWpa2IePacket->pmkIdCnt));
- #endif
- os_memoryCopy(pAdmCtrl->hOs, (UINT8 *)pWpa2IePacket->pmkId,
- (UINT8 *)pmkId, PMKID_VALUE_SIZE);
- length += PMKID_VALUE_SIZE;
- }
- }
- pWpa2IePacket->length = length; /* RSN IE length without IEid and length field */
- *pLength = length+2; /* The whole length of the RSN IE */
- WLAN_REPORT_HEX_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG,
- pIe, *pLength);
- return OK;
- }
- /**
- *
- * admCtrlWpa2_setSite - Set current primary site parameters for registration.
- *
- * \b Description:
- *
- * Set current primary site parameters for registration.
- *
- * \b ARGS:
- *
- * I - pAdmCtrl - context \n
- * I - pRsnData - site's RSN data \n
- * O - pAssocIe - result IE of evaluation \n
- * O - pAssocIeLen - length of result IE of evaluation \n
- *
- * \b RETURNS:
- *
- * OK on site is aproved, NOK on site is rejected.
- *
- * \sa
- */
- TI_STATUS admCtrlWpa2_setSite(admCtrl_t *pAdmCtrl, rsnData_t *pRsnData, UINT8 *pAssocIe, UINT8 *pAssocIeLen)
- {
- TI_STATUS status;
- rsn_paeConfig_t paeConfig;
- UINT8 *pWpa2Ie;
- cipherSuite_e uSuite, bSuite;
- *pAssocIeLen = 0;
- if (pRsnData==NULL)
- {
- return NOK;
- }
- if (pRsnData->pIe==NULL)
- {
- /* configure the MLME module with the 802.11 OPEN authentication suite,
- THe MLME will configure later the authentication module */
- param.paramType = MLME_LEGACY_TYPE_PARAM;
- param.content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM;
- status = mlme_setParam(pAdmCtrl->hMlme, ¶m);
- if (status != OK)
- {
- return status;
- }
- return OK;
- }
- #ifdef EXC_MODULE_INCLUDED
- /* Clean MIC and KP flags in the HAL. */
- /* It is needed if the previous privacy mode was EXC */
- whalParam.paramType = HAL_CTRL_RSN_EXC_SW_ENC_ENABLE_PARAM;
- whalParam.content.rsnExcSwEncFlag = FALSE;
- status = whalCtrl_SetParam(pAdmCtrl->pRsn->hWhalCtrl, &whalParam);
- whalParam.paramType = HAL_CTRL_RSN_EXC_MIC_FIELD_ENABLE_PARAM;
- whalParam.content.rsnExcMicFieldFlag = FALSE;
- status = whalCtrl_SetParam(pAdmCtrl->pRsn->hWhalCtrl, &whalParam);
- /* Check if Aironet IE exists */
- admCtrlExc_setExtendedParams(pAdmCtrl, pRsnData);
- #endif /*EXC_MODULE_INCLUDED*/
-
- status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpa2Ie, RSN_IE_ID);
- if (status != OK)
- {
- return status;
- }
- WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("admCtrlWpa2_setSite: RSN_IE=\n"));
- WLAN_REPORT_HEX_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG, pRsnData->pIe, pRsnData->ieLen);
- status = admCtrlWpa2_parseIe(pAdmCtrl, pWpa2Ie, &wpa2DataIE);
- if (status != OK)
- {
- return status;
- }
- if ((wpa2DataIE.unicastSuite[0]>=MAX_WPA2_CIPHER_SUITE) ||
- (wpa2DataIE.broadcastSuite>=MAX_WPA2_CIPHER_SUITE) ||
- (pAdmCtrl->unicastSuite>=MAX_WPA2_CIPHER_SUITE))
- {
- return NOK;
- }
- /* Check validity of Group suite */
- if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][wpa2DataIE.broadcastSuite])
- { /* check Group suite validity */
- return NOK;
- }
-
- if(admCtrlWpa2_getCipherSuiteMetric (pAdmCtrl, &wpa2DataIE, NULL, &uSuite, &bSuite) != OK)
- return NOK;
- /* set replay counter */
- pAdmCtrl->replayCnt = wpa2DataIE.ptkReplayCounters;
- *pAssocIeLen = pRsnData->ieLen;
- if (pAssocIe != NULL)
- {
- os_memoryCopy(pAdmCtrl->hOs, pAssocIe, &wpa2DataIE, sizeof(wpa2IeData_t));
- }
- /* re-config PAE with updated unicast and broadcast suite values */
- /* If STA works in WpaMixed mode/AnyWpa mode, set PAE auth. mode to WPA2 */
- paeConfig.authProtocol = pAdmCtrl->externalAuthMode;
- if(pAdmCtrl->WPAPromoteFlags)
- {
- if(pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA)
- paeConfig.authProtocol = RSN_EXT_AUTH_MODE_WPA2;
- if(pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPAPSK)
- paeConfig.authProtocol = RSN_EXT_AUTH_MODE_WPA2PSK;
- }
- #ifdef EXC_MODULE_INCLUDED
- param.paramType = EXC_CCKM_EXISTS;
- param.content.excCckmExists = (wpa2Data.KeyMngSuite[0]==WPA2_IE_KEY_MNG_CCKM) ? TRUE : FALSE;
- excMngr_setParam(pAdmCtrl->hExcMngr, ¶m);
- #endif
- paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite;
- paeConfig.unicastSuite = uSuite; /* Updated value */
- paeConfig.broadcastSuite = bSuite; /* Updated value */
- status = admCtrlWpa2_DynamicConfig(pAdmCtrl, &paeConfig);
- if (status != OK)
- {
- return status;
- }
- /* Now we configure the MLME module with the 802.11 legacy authentication suite,
- THe MLME will configure later the authentication module */
- param.paramType = MLME_LEGACY_TYPE_PARAM;
- #ifdef EXC_MODULE_INCLUDED
- if (pAdmCtrl->networkEapMode!=OS_EXC_NETWORK_EAP_OFF)
- {
- param.content.mlmeLegacyAuthType = AUTH_LEGACY_RESERVED1;
- }
- else
- #endif
- {
- param.content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM;
- }
- status = mlme_setParam(pAdmCtrl->hMlme, ¶m);
- if (status != OK)
- {
- return status;
- }
- param.paramType = RX_DATA_EAPOL_DESTINATION_PARAM;
- param.content.rxDataEapolDestination = OS_ABS_LAYER;
- status = rxData_setParam(pAdmCtrl->hRx, ¶m);
- if (status != OK)
- {
- return status;
- }
- /* Configure privacy status in HAL so that HW is prepared to recieve keys */
- whalParam.paramType = HAL_CTRL_RSN_SECURITY_MODE_PARAM;
- whalParam.content.rsnEncryptionStatus = (halCtrl_CipherSuite_e)paeConfig.unicastSuite;
- status = whalCtrl_SetParam(pAdmCtrl->pRsn->hWhalCtrl, &whalParam);
- return status;
- }
- /**
- *
- * admCtrlWpa_evalSite - Evaluate site for registration.
- *
- * \b Description:
- *
- * evaluate site RSN capabilities against the station's cap.
- * If the BSS type is infrastructure, the station matches the site only if it's WEP status is same as the site
- * In IBSS, it does not matter
- *
- * \b ARGS:
- *
- * I - pAdmCtrl - Context \n
- * I - pRsnData - site's RSN data \n
- * O - pEvaluation - Result of evaluation \n
- *
- * \b RETURNS:
- *
- * OK
- *
- * \sa
- */
- TI_STATUS admCtrlWpa2_evalSite(admCtrl_t *pAdmCtrl, rsnData_t *pRsnData, bssType_e bssType, UINT32 *pEvaluation)
- {
- TI_STATUS status;
- wpa2IeData_t wpa2Data;
- UINT8 *pWpa2Ie;
- cipherSuite_e uSuite, bSuite;
- UINT8 i = 0;
- *pEvaluation = 0;
- if (pRsnData==NULL)
- {
- return NOK;
- }
- if (pRsnData->pIe==NULL)
- {
- return NOK;
- }
-
- if (bssType != BSS_INFRASTRUCTURE)
- {
- return NOK;
- }
- status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpa2Ie, RSN_IE_ID);
- if (status != OK)
- {
- return status;
- }
- WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("admCtrlWpa2_evalSite, IE=\n"));
- WLAN_REPORT_HEX_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG, pRsnData->pIe, pRsnData->ieLen);
- status = admCtrlWpa2_parseIe(pAdmCtrl, pWpa2Ie, &wpa2Data);
- if (status != OK)
- {
- return status;
- }
- /* check keyMngSuite validity */
- status = NOK;
- for(i = 0;
- (i < wpa2Data.KeyMngSuiteCnt) &&(i<MAX_WPA2_KEY_MNG_SUITES)&& (status != OK);
- i++)
- {
- switch (wpa2Data.KeyMngSuite[i])
- {
- case WPA2_IE_KEY_MNG_NONE:
- status = (pAdmCtrl->externalAuthMode <= RSN_EXT_AUTH_MODE_AUTO_SWITCH) ? OK : NOK;
- break;
- case WPA2_IE_KEY_MNG_801_1X:
- #ifdef EXC_MODULE_INCLUDED
- case WPA2_IE_KEY_MNG_CCKM:
- /* CCKM is allowed only in 802.1x auth */
- #endif
- if(!pAdmCtrl->WPAPromoteFlags)
- status = (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA2) ? OK : NOK;
- else
- /* Any-WPA mode is supported */
- status = ((pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA2) ||
- (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA)) ? OK : NOK;
- break;
- case WPA2_IE_KEY_MNG_PSK_801_1X:
- if(!pAdmCtrl->WPAPromoteFlags)
- status = (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA2PSK) ? OK : NOK;
- else
- /* Any-WPA mode is supported */
- status = ((pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA2PSK) ||
- (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPAPSK)) ? OK : NOK;
- break;
- default:
- WLAN_REPORT_ERROR(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("admCtrlWpa2_evalSite, default, wpa2Data.KeyMngSuite[i]=%d \n",wpa2Data.KeyMngSuite[i]));
- status = NOK;
- break;
- }
- }
- if (status != OK)
- {
- WLAN_REPORT_ERROR(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("admCtrlWpa2_evalSite, status=%d, externalAuthMode=%d, WPAPromoteFlags=%d \n",
- status, pAdmCtrl->externalAuthMode,
- pAdmCtrl->WPAPromoteFlags));
- return status;
- }
- /* Check cipher suite validity */
- if(admCtrlWpa2_getCipherSuiteMetric(pAdmCtrl, &wpa2Data, pEvaluation, &uSuite, &bSuite) != OK)
- return NOK;
- /* Check privacy bit if not in mixed mode */
- if (!pAdmCtrl->mixedMode)
- { /* There's no mixed mode, so make sure that the privacy Bit matches the privacy mode*/
- if (((pRsnData->privacy) && (uSuite == RSN_CIPHER_NONE)) ||
- ((!pRsnData->privacy) && (uSuite > RSN_CIPHER_NONE)))
- {
- *pEvaluation = 0;
- WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("admCtrlWpa2_evalSite, mixedMode is FALSE, privacy=%d, uSuite=%d\n",
- pRsnData->privacy, uSuite));
- return NOK;
- }
- }
- /* always return OK */
- return OK;
- }
- /**
- *
- * admCtrlWpa2_parseIe - Parse an WPA information element.
- *
- * \b Description:
- *
- * Parse an WPA information element.
- * Builds a structure of the unicast adn broadcast cihper suites,
- * the key management suite and the capabilities.
- *
- * \b ARGS:
- *
- * I - pAdmCtrl - pointer to admCtrl context
- * I - pWpa2Ie - pointer to WPA IE (RSN IE) buffer \n
- * O - pWpa2Data - WPA2 IE (RSN IE) structure after parsing
- *
- *
- * \b RETURNS:
- *
- * OK on success, NOK on failure.
- *
- * \sa
- */
- TI_STATUS admCtrlWpa2_parseIe(admCtrl_t *pAdmCtrl, UINT8 *pWpa2Ie, wpa2IeData_t *pWpa2Data)
- {
- dot11_RSN_t *wpa2Ie = (dot11_RSN_t *)pWpa2Ie;
- UINT16 temp2bytes, capabilities;
- UINT16 KeyMngSuiteCntTemp=0;
- UINT8 dataOffset = 0, i = 0, j = 0, curKeyMngSuite = 0;
- cipherSuite_e curCipherSuite = RSN_CIPHER_NONE;
- WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("Wpa2_IE: DEBUG: admCtrlWpa2_parseIe\n\n"));
- if ((pWpa2Data == NULL) || (pWpa2Ie == NULL))
- {
- return NOK;
- }
- /* get Version value from the info element */
- temp2bytes = ENDIAN_HANDLE_WORD(*wpa2Ie->rsnIeData);
- dataOffset += 2;
- /* Check the header fields and the version */
- if((wpa2Ie->hdr.eleId != RSN_IE_ID) || (wpa2Ie->hdr.eleLen < WPA2_IE_MIN_LENGTH) ||
- (temp2bytes != WPA2_OUI_MAX_VERSION))
- {
- WLAN_REPORT_ERROR(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("Wpa2_ParseIe Error: length=0x%x, elementid=0x%x, version=0x%x\n",
- wpa2Ie->hdr.eleLen,wpa2Ie->hdr.eleId,temp2bytes));
- return NOK;
- }
- /* Set default values */
- os_memoryZero(pAdmCtrl->hOs, pWpa2Data, sizeof(wpa2IeData_t));
- pWpa2Data->broadcastSuite = RSN_CIPHER_AES_CCMP;
- pWpa2Data->unicastSuiteCnt = 1;
- pWpa2Data->unicastSuite[0] = RSN_CIPHER_AES_CCMP;
- pWpa2Data->KeyMngSuiteCnt = 1;
- pWpa2Data->KeyMngSuite[0] = WPA2_IE_KEY_MNG_801_1X;
- /* If we've reached the end of the received RSN IE */
- if(wpa2Ie->hdr.eleLen < WPA2_IE_GROUP_SUITE_LENGTH)
- return OK;
-
- /* Processing of Group Suite field - 4 bytes*/
- pWpa2Data->broadcastSuite = (cipherSuite_e)admCtrlWpa2_parseSuiteVal(pAdmCtrl, (UINT8 *)wpa2Ie->rsnIeData + dataOffset,
- RSN_CIPHER_WEP104, RSN_CIPHER_UNKNOWN);
- dataOffset +=4;
- WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("Wpa2_IE: GroupSuite %x \n", pWpa2Data->broadcastSuite));
- /* Processing of Pairwise (Unicast) Cipher Suite - 2 bytes counter and list of 4-byte entries */
- if(wpa2Ie->hdr.eleLen < WPA2_IE_MIN_PAIRWISE_SUITE_LENGTH)
- return OK;
- pWpa2Data->unicastSuiteCnt = ENDIAN_HANDLE_WORD(*(wpa2Ie->rsnIeData + dataOffset));
- dataOffset += 2;
- if(pWpa2Data->unicastSuiteCnt > UNICAST_CIPHER_MAXNO_IN_RSNIE)
- {
- /* something wrong in the RSN IE */
- WLAN_REPORT_ERROR(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("Wpa2_ParseIe Error: Pairwise cipher suite count is %d \n", pWpa2Data->unicastSuiteCnt));
- return NOK;
- }
- /* Get unicast cipher suites */
- for(i = 0; i < pWpa2Data->unicastSuiteCnt; i++)
- {
- curCipherSuite = (cipherSuite_e)admCtrlWpa2_parseSuiteVal(pAdmCtrl, (UINT8 *)wpa2Ie->rsnIeData + dataOffset,
- RSN_CIPHER_WEP104, RSN_CIPHER_UNKNOWN);
- if(curCipherSuite == RSN_CIPHER_NONE)
- curCipherSuite = pWpa2Data->broadcastSuite;
- pWpa2Data->unicastSuite[i] = curCipherSuite;
- dataOffset +=4;
- WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("Wpa_IE: unicast suite %x \n", curCipherSuite));
- }
- /* Sort all the unicast suites supported by the AP in the decreasing order */
- /* (so the best cipher suite will be the first) */
- if(pWpa2Data->unicastSuiteCnt > 1)
- {
- for(i = 0; i < (pWpa2Data->unicastSuiteCnt -1); i ++)
- {
- for(j = 0; j < i; j ++)
- {
- if(pWpa2Data->unicastSuite[j] > pWpa2Data->unicastSuite[j + 1])
- {
- curCipherSuite = pWpa2Data->unicastSuite[j];
- pWpa2Data->unicastSuite[j] = pWpa2Data->unicastSuite[j+1];
- pWpa2Data->unicastSuite[j+1] = curCipherSuite;
- }
- }
- }
- }
- /* If we've reached the end of the received RSN IE */
- if (wpa2Ie->hdr.eleLen == dataOffset)
- return OK;
- /* KeyMng Suite */
- /* pWpa2Data->KeyMngSuiteCnt = ENDIAN_HANDLE_WORD(*((UINT16 *)(wpa2Ie->rsnIeData + dataOffset))); */
- /*Fixing unaligned half word access */
- COPY_UNALIGNED_WORD(&KeyMngSuiteCntTemp,((UINT16 *)(wpa2Ie->rsnIeData + dataOffset)));
- KeyMngSuiteCntTemp = ENDIAN_HANDLE_WORD(KeyMngSuiteCntTemp);
- TI_WLAN_COPY_UINT16_UNALIGNED(pWpa2Data->KeyMngSuiteCnt, KeyMngSuiteCntTemp);
- dataOffset += 2;
- pAdmCtrl->wpaAkmExists = FALSE;
- for(i = 0; i < pWpa2Data->KeyMngSuiteCnt; i++)
- {
- #ifdef EXC_MODULE_INCLUDED
- curKeyMngSuite = admCtrlExc_parseCckmSuiteVal4Wpa2(pAdmCtrl, (UINT8 *)(wpa2Ie->rsnIeData + dataOffset));
- if (curKeyMngSuite == WPA2_IE_KEY_MNG_CCKM)
- { /* CCKM is the maximum AKM */
- pWpa2Data->KeyMngSuite[i] = curKeyMngSuite;
- }
- else
- #endif
- {
- curKeyMngSuite = admCtrlWpa2_parseSuiteVal(pAdmCtrl, (UINT8 *)wpa2Ie->rsnIeData + dataOffset,
- WPA2_IE_KEY_MNG_PSK_801_1X, WPA2_IE_KEY_MNG_NA);
- }
- WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG,
- ("Wpa2_IE: authKeyMng %x \n", curKeyMngSuite));
- if ((curKeyMngSuite != WPA2_IE_KEY_MNG_NA) &&
- (curKeyMngSuite != WPA2_IE_KEY_MNG_CCKM))
- {
- pWpa2Data->KeyMngSuite[i] = curKeyMngSuite;
- }
- if (curKeyMngSuite==WPA2_IE_KEY_MNG_801_1X)
- { /* If 2 AKM exist, save also the second priority */
- pAdmCtrl->wpaAkmExists = TRUE;
- }
- dataOffset += 4;
- }
- /* If we've reached the end of the received RSN IE */
- if (wpa2Ie->hdr.eleLen == dataOffset)
- return OK;
- /* Parse capabilities */
- /* capabilities = ENDIAN_HANDLE_WORD(*((UINT16 *)(wpa2Ie->rsnIeData + dataOffset))); */
- /* Fixing unaligned half word access */
- COPY_UNALIGNED_WORD(&capabilities,((UINT16 *)(wpa2Ie->rsnIeData + dataOffset)));
- capabilities = ENDIAN_HANDLE_WORD(capabilities);
- pWpa2Data->bcastForUnicatst = (UINT8)(capabilities & WPA2_GROUP_4_UNICAST_CAPABILITY_MASK)>>
- WPA2_GROUP_4_UNICAST_CAPABILITY_SHIFT;
- pWpa2Data->ptkReplayCounters = (UINT8)(capabilities & WPA2_PTK_REPLAY_COUNTERS_CAPABILITY_MASK)>>
- WPA2_PTK_REPLAY_COUNTERS_CAPABILITY_SHIFT;
- switch (pWpa2Data->ptkReplayCounters)
- {
- case 0: pWpa2Data->ptkReplayCounters=1;
- break;
- case 1: pWpa2Data->ptkReplayCounters=2;
- br…
Large files files are truncated, but you can click here to view the full file