1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39#include "../rt_config.h"
40
41
42
43UCHAR OUI_WPA_NONE_AKM[4] = {0x00, 0x50, 0xF2, 0x00};
44UCHAR OUI_WPA_VERSION[4] = {0x00, 0x50, 0xF2, 0x01};
45UCHAR OUI_WPA_WEP40[4] = {0x00, 0x50, 0xF2, 0x01};
46UCHAR OUI_WPA_TKIP[4] = {0x00, 0x50, 0xF2, 0x02};
47UCHAR OUI_WPA_CCMP[4] = {0x00, 0x50, 0xF2, 0x04};
48UCHAR OUI_WPA_WEP104[4] = {0x00, 0x50, 0xF2, 0x05};
49UCHAR OUI_WPA_8021X_AKM[4] = {0x00, 0x50, 0xF2, 0x01};
50UCHAR OUI_WPA_PSK_AKM[4] = {0x00, 0x50, 0xF2, 0x02};
51
52UCHAR OUI_WPA2_WEP40[4] = {0x00, 0x0F, 0xAC, 0x01};
53UCHAR OUI_WPA2_TKIP[4] = {0x00, 0x0F, 0xAC, 0x02};
54UCHAR OUI_WPA2_CCMP[4] = {0x00, 0x0F, 0xAC, 0x04};
55UCHAR OUI_WPA2_8021X_AKM[4] = {0x00, 0x0F, 0xAC, 0x01};
56UCHAR OUI_WPA2_PSK_AKM[4] = {0x00, 0x0F, 0xAC, 0x02};
57UCHAR OUI_WPA2_WEP104[4] = {0x00, 0x0F, 0xAC, 0x05};
58
59
60
61static VOID ConstructEapolKeyData(
62 IN PMAC_TABLE_ENTRY pEntry,
63 IN UCHAR GroupKeyWepStatus,
64 IN UCHAR keyDescVer,
65 IN UCHAR MsgType,
66 IN UCHAR DefaultKeyIdx,
67 IN UCHAR *GTK,
68 IN UCHAR *RSNIE,
69 IN UCHAR RSNIE_LEN,
70 OUT PEAPOL_PACKET pMsg);
71
72static VOID CalculateMIC(
73 IN UCHAR KeyDescVer,
74 IN UCHAR *PTK,
75 OUT PEAPOL_PACKET pMsg);
76
77static VOID WpaEAPPacketAction(
78 IN PRTMP_ADAPTER pAd,
79 IN MLME_QUEUE_ELEM *Elem);
80
81static VOID WpaEAPOLASFAlertAction(
82 IN PRTMP_ADAPTER pAd,
83 IN MLME_QUEUE_ELEM *Elem);
84
85static VOID WpaEAPOLLogoffAction(
86 IN PRTMP_ADAPTER pAd,
87 IN MLME_QUEUE_ELEM *Elem);
88
89static VOID WpaEAPOLStartAction(
90 IN PRTMP_ADAPTER pAd,
91 IN MLME_QUEUE_ELEM *Elem);
92
93static VOID WpaEAPOLKeyAction(
94 IN PRTMP_ADAPTER pAd,
95 IN MLME_QUEUE_ELEM *Elem);
96
97
98
99
100
101
102
103
104
105VOID WpaStateMachineInit(
106 IN PRTMP_ADAPTER pAd,
107 IN STATE_MACHINE *S,
108 OUT STATE_MACHINE_FUNC Trans[])
109{
110 StateMachineInit(S, (STATE_MACHINE_FUNC *)Trans, MAX_WPA_PTK_STATE, MAX_WPA_MSG, (STATE_MACHINE_FUNC)Drop, WPA_PTK, WPA_MACHINE_BASE);
111
112 StateMachineSetAction(S, WPA_PTK, MT2_EAPPacket, (STATE_MACHINE_FUNC)WpaEAPPacketAction);
113 StateMachineSetAction(S, WPA_PTK, MT2_EAPOLStart, (STATE_MACHINE_FUNC)WpaEAPOLStartAction);
114 StateMachineSetAction(S, WPA_PTK, MT2_EAPOLLogoff, (STATE_MACHINE_FUNC)WpaEAPOLLogoffAction);
115 StateMachineSetAction(S, WPA_PTK, MT2_EAPOLKey, (STATE_MACHINE_FUNC)WpaEAPOLKeyAction);
116 StateMachineSetAction(S, WPA_PTK, MT2_EAPOLASFAlert, (STATE_MACHINE_FUNC)WpaEAPOLASFAlertAction);
117}
118
119
120
121
122
123
124
125
126
127
128VOID WpaEAPPacketAction(
129 IN PRTMP_ADAPTER pAd,
130 IN MLME_QUEUE_ELEM *Elem)
131{
132}
133
134VOID WpaEAPOLASFAlertAction(
135 IN PRTMP_ADAPTER pAd,
136 IN MLME_QUEUE_ELEM *Elem)
137{
138}
139
140VOID WpaEAPOLLogoffAction(
141 IN PRTMP_ADAPTER pAd,
142 IN MLME_QUEUE_ELEM *Elem)
143{
144}
145
146
147
148
149
150
151
152
153VOID WpaEAPOLStartAction(
154 IN PRTMP_ADAPTER pAd,
155 IN MLME_QUEUE_ELEM *Elem)
156{
157 MAC_TABLE_ENTRY *pEntry;
158 PHEADER_802_11 pHeader;
159
160 DBGPRINT(RT_DEBUG_TRACE, ("WpaEAPOLStartAction ===> \n"));
161
162 pHeader = (PHEADER_802_11)Elem->Msg;
163
164
165 if (Elem->MsgLen == 6)
166 pEntry = MacTableLookup(pAd, Elem->Msg);
167 else
168 {
169 pEntry = MacTableLookup(pAd, pHeader->Addr2);
170 }
171
172 if (pEntry)
173 {
174 DBGPRINT(RT_DEBUG_TRACE, (" PortSecured(%d), WpaState(%d), AuthMode(%d), PMKID_CacheIdx(%d) \n", pEntry->PortSecured, pEntry->WpaState, pEntry->AuthMode, pEntry->PMKID_CacheIdx));
175
176 if ((pEntry->PortSecured == WPA_802_1X_PORT_NOT_SECURED)
177 && (pEntry->WpaState < AS_PTKSTART)
178 && ((pEntry->AuthMode == Ndis802_11AuthModeWPAPSK) || (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK) || ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) && (pEntry->PMKID_CacheIdx != ENTRY_NOT_FOUND))))
179 {
180 pEntry->PrivacyFilter = Ndis802_11PrivFilter8021xWEP;
181 pEntry->WpaState = AS_INITPSK;
182 pEntry->PortSecured = WPA_802_1X_PORT_NOT_SECURED;
183 NdisZeroMemory(pEntry->R_Counter, sizeof(pEntry->R_Counter));
184 pEntry->ReTryCounter = PEER_MSG1_RETRY_TIMER_CTR;
185
186 WPAStart4WayHS(pAd, pEntry, PEER_MSG1_RETRY_EXEC_INTV);
187 }
188 }
189}
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204VOID WpaEAPOLKeyAction(
205 IN PRTMP_ADAPTER pAd,
206 IN MLME_QUEUE_ELEM *Elem)
207{
208 MAC_TABLE_ENTRY *pEntry;
209 PHEADER_802_11 pHeader;
210 PEAPOL_PACKET pEapol_packet;
211 KEY_INFO peerKeyInfo;
212
213 DBGPRINT(RT_DEBUG_TRACE, ("WpaEAPOLKeyAction ===>\n"));
214
215 pHeader = (PHEADER_802_11)Elem->Msg;
216 pEapol_packet = (PEAPOL_PACKET)&Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
217
218 NdisZeroMemory((PUCHAR)&peerKeyInfo, sizeof(peerKeyInfo));
219 NdisMoveMemory((PUCHAR)&peerKeyInfo, (PUCHAR)&pEapol_packet->KeyDesc.KeyInfo, sizeof(KEY_INFO));
220
221 hex_dump("Received Eapol frame", (unsigned char *)pEapol_packet, (Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H));
222
223 *((USHORT *)&peerKeyInfo) = cpu2le16(*((USHORT *)&peerKeyInfo));
224
225 do
226 {
227 pEntry = MacTableLookup(pAd, pHeader->Addr2);
228
229 if (!pEntry || ((!pEntry->ValidAsCLI) && (!pEntry->ValidAsApCli)))
230 break;
231
232 if (pEntry->AuthMode < Ndis802_11AuthModeWPA)
233 break;
234
235 DBGPRINT(RT_DEBUG_TRACE, ("Receive EAPoL-Key frame from STA %02X-%02X-%02X-%02X-%02X-%02X\n", PRINT_MAC(pEntry->Addr)));
236
237 if (((pEapol_packet->ProVer != EAPOL_VER) && (pEapol_packet->ProVer != EAPOL_VER2)) ||
238 ((pEapol_packet->KeyDesc.Type != WPA1_KEY_DESC) && (pEapol_packet->KeyDesc.Type != WPA2_KEY_DESC)))
239 {
240 DBGPRINT(RT_DEBUG_ERROR, ("Key descripter does not match with WPA rule\n"));
241 break;
242 }
243
244
245
246 if ((pEntry->WepStatus == Ndis802_11Encryption2Enabled) && (peerKeyInfo.KeyDescVer != DESC_TYPE_TKIP))
247 {
248 DBGPRINT(RT_DEBUG_ERROR, ("Key descripter version not match(TKIP) \n"));
249 break;
250 }
251
252
253 else if ((pEntry->WepStatus == Ndis802_11Encryption3Enabled) && (peerKeyInfo.KeyDescVer != DESC_TYPE_AES))
254 {
255 DBGPRINT(RT_DEBUG_ERROR, ("Key descripter version not match(AES) \n"));
256 break;
257 }
258
259
260 if ((pEntry->Sst == SST_ASSOC) && (pEntry->WpaState >= AS_INITPSK))
261 {
262
263
264
265
266 if (peerKeyInfo.KeyAck == 1)
267 {
268
269
270
271 if ((peerKeyInfo.Secure == 0) && (peerKeyInfo.Request == 0) &&
272 (peerKeyInfo.Error == 0) && (peerKeyInfo.KeyType == PAIRWISEKEY))
273 {
274
275
276
277
278 if (peerKeyInfo.KeyMic == 0)
279 PeerPairMsg1Action(pAd, pEntry, Elem);
280 else
281 PeerPairMsg3Action(pAd, pEntry, Elem);
282 }
283 else if ((peerKeyInfo.Secure == 1) &&
284 (peerKeyInfo.KeyMic == 1) &&
285 (peerKeyInfo.Request == 0) &&
286 (peerKeyInfo.Error == 0))
287 {
288
289
290
291
292 if (peerKeyInfo.KeyType == PAIRWISEKEY)
293 PeerPairMsg3Action(pAd, pEntry, Elem);
294 else
295 PeerGroupMsg1Action(pAd, pEntry, Elem);
296 }
297 }
298 else
299 {
300
301
302 if ((peerKeyInfo.Request == 0) &&
303 (peerKeyInfo.Error == 0) &&
304 (peerKeyInfo.KeyMic == 1))
305 {
306 if (peerKeyInfo.Secure == 0 && peerKeyInfo.KeyType == PAIRWISEKEY)
307 {
308
309
310
311 if (CONV_ARRARY_TO_UINT16(pEapol_packet->KeyDesc.KeyDataLen) == 0)
312 {
313 PeerPairMsg4Action(pAd, pEntry, Elem);
314 }
315 else
316 {
317 PeerPairMsg2Action(pAd, pEntry, Elem);
318 }
319 }
320 else if (peerKeyInfo.Secure == 1 && peerKeyInfo.KeyType == PAIRWISEKEY)
321 {
322
323
324 PeerPairMsg4Action(pAd, pEntry, Elem);
325 }
326 else if (peerKeyInfo.Secure == 1 && peerKeyInfo.KeyType == GROUPKEY)
327 {
328
329
330 PeerGroupMsg2Action(pAd, pEntry, &Elem->Msg[LENGTH_802_11], (Elem->MsgLen - LENGTH_802_11));
331 }
332 }
333 }
334 }
335 }while(FALSE);
336}
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358VOID RTMPToWirelessSta(
359 IN PRTMP_ADAPTER pAd,
360 IN PMAC_TABLE_ENTRY pEntry,
361 IN PUCHAR pHeader802_3,
362 IN UINT HdrLen,
363 IN PUCHAR pData,
364 IN UINT DataLen,
365 IN BOOLEAN bClearFrame)
366{
367 PNDIS_PACKET pPacket;
368 NDIS_STATUS Status;
369
370 if ((!pEntry) || ((!pEntry->ValidAsCLI) && (!pEntry->ValidAsApCli)))
371 return;
372
373 do {
374
375 Status = RTMPAllocateNdisPacket(pAd, &pPacket, pHeader802_3, HdrLen, pData, DataLen);
376 if (Status != NDIS_STATUS_SUCCESS)
377 break;
378
379
380 if (bClearFrame)
381 RTMP_SET_PACKET_CLEAR_EAP_FRAME(pPacket, 1);
382 else
383 RTMP_SET_PACKET_CLEAR_EAP_FRAME(pPacket, 0);
384 {
385 RTMP_SET_PACKET_SOURCE(pPacket, PKTSRC_NDIS);
386
387 RTMP_SET_PACKET_NET_DEVICE_MBSSID(pPacket, MAIN_MBSSID);
388 if(pEntry->apidx != 0)
389 RTMP_SET_PACKET_NET_DEVICE_MBSSID(pPacket, pEntry->apidx);
390
391 RTMP_SET_PACKET_WCID(pPacket, (UCHAR)pEntry->Aid);
392 RTMP_SET_PACKET_MOREDATA(pPacket, FALSE);
393 }
394
395#ifdef CONFIG_STA_SUPPORT
396 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
397 {
398
399 Status = STASendPacket(pAd, pPacket);
400 if (Status == NDIS_STATUS_SUCCESS)
401 {
402 UCHAR Index;
403
404
405
406
407
408
409 if((!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS)) &&
410 (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS)))
411 {
412 for(Index = 0; Index < 5; Index ++)
413 if(pAd->TxSwQueue[Index].Number > 0)
414 RTMPDeQueuePacket(pAd, FALSE, Index, MAX_TX_PROCESS);
415 }
416 }
417 }
418#endif
419
420 } while (FALSE);
421}
422
423
424
425
426
427
428
429
430
431
432VOID WPAStart4WayHS(
433 IN PRTMP_ADAPTER pAd,
434 IN MAC_TABLE_ENTRY *pEntry,
435 IN ULONG TimeInterval)
436{
437 UCHAR Header802_3[14];
438 EAPOL_PACKET EAPOLPKT;
439 PUINT8 pBssid = NULL;
440 UCHAR group_cipher = Ndis802_11WEPDisabled;
441
442 DBGPRINT(RT_DEBUG_TRACE, ("===> WPAStart4WayHS\n"));
443
444 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS | fRTMP_ADAPTER_HALT_IN_PROGRESS))
445 {
446 DBGPRINT(RT_DEBUG_ERROR, ("[ERROR]WPAStart4WayHS : The interface is closed...\n"));
447 return;
448 }
449
450
451 if (pBssid == NULL)
452 {
453 DBGPRINT(RT_DEBUG_ERROR, ("[ERROR]WPAStart4WayHS : No corresponding Authenticator.\n"));
454 return;
455 }
456
457
458 if ((pEntry->WpaState > AS_PTKSTART) || (pEntry->WpaState < AS_INITPMK))
459 {
460 DBGPRINT(RT_DEBUG_ERROR, ("[ERROR]WPAStart4WayHS : Not expect calling\n"));
461 return;
462 }
463
464
465
466 ADD_ONE_To_64BIT_VAR(pEntry->R_Counter);
467
468
469 GenRandom(pAd, (UCHAR *)pBssid, pEntry->ANonce);
470
471
472
473 NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
474 ConstructEapolMsg(pEntry,
475 group_cipher,
476 EAPOL_PAIR_MSG_1,
477 0,
478 pEntry->ANonce,
479 NULL,
480 NULL,
481 NULL,
482 0,
483 &EAPOLPKT);
484
485
486
487 MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pBssid, EAPOL);
488 RTMPToWirelessSta(pAd, pEntry, Header802_3,
489 LENGTH_802_3, (PUCHAR)&EAPOLPKT,
490 CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4,
491 (pEntry->PortSecured == WPA_802_1X_PORT_SECURED) ? FALSE : TRUE);
492
493
494 RTMPModTimer(&pEntry->RetryTimer, TimeInterval);
495
496
497 pEntry->WpaState = AS_PTKSTART;
498
499 DBGPRINT(RT_DEBUG_TRACE, ("<=== WPAStart4WayHS: send Msg1 of 4-way \n"));
500
501}
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520VOID PeerPairMsg1Action(
521 IN PRTMP_ADAPTER pAd,
522 IN MAC_TABLE_ENTRY *pEntry,
523 IN MLME_QUEUE_ELEM *Elem)
524{
525 UCHAR PTK[80];
526 UCHAR Header802_3[14];
527 PEAPOL_PACKET pMsg1;
528 UINT MsgLen;
529 EAPOL_PACKET EAPOLPKT;
530 PUINT8 pCurrentAddr = NULL;
531 PUINT8 pmk_ptr = NULL;
532 UCHAR group_cipher = Ndis802_11WEPDisabled;
533 PUINT8 rsnie_ptr = NULL;
534 UCHAR rsnie_len = 0;
535
536 DBGPRINT(RT_DEBUG_TRACE, ("===> PeerPairMsg1Action \n"));
537
538 if ((!pEntry) || ((!pEntry->ValidAsCLI) && (!pEntry->ValidAsApCli)))
539 return;
540
541 if (Elem->MsgLen < (LENGTH_802_11 + LENGTH_802_1_H + LENGTH_EAPOL_H + sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE - 2))
542 return;
543
544#ifdef CONFIG_STA_SUPPORT
545 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
546 {
547 pCurrentAddr = pAd->CurrentAddress;
548 pmk_ptr = pAd->StaCfg.PMK;
549 group_cipher = pAd->StaCfg.GroupCipher;
550 rsnie_ptr = pAd->StaCfg.RSN_IE;
551 rsnie_len = pAd->StaCfg.RSNIE_Len;
552 }
553#endif
554
555
556 pMsg1 = (PEAPOL_PACKET) &Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
557 MsgLen = Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H;
558
559
560 if (PeerWpaMessageSanity(pAd, pMsg1, MsgLen, EAPOL_PAIR_MSG_1, pEntry) == FALSE)
561 return;
562
563
564 NdisMoveMemory(pEntry->R_Counter, pMsg1->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
565
566
567 NdisMoveMemory(pEntry->ANonce, pMsg1->KeyDesc.KeyNonce, LEN_KEY_DESC_NONCE);
568
569
570 GenRandom(pAd, (UCHAR *)pCurrentAddr, pEntry->SNonce);
571
572 {
573
574 WpaDerivePTK(pAd,
575 pmk_ptr,
576 pEntry->ANonce,
577 pEntry->Addr,
578 pEntry->SNonce,
579 pCurrentAddr,
580 PTK,
581 LEN_PTK);
582
583
584 NdisMoveMemory(pEntry->PTK, PTK, LEN_PTK);
585 }
586
587
588 pEntry->WpaState = AS_PTKINIT_NEGOTIATING;
589
590
591
592 NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
593 ConstructEapolMsg(pEntry,
594 group_cipher,
595 EAPOL_PAIR_MSG_2,
596 0,
597 pEntry->SNonce,
598 NULL,
599 NULL,
600 (UCHAR *)rsnie_ptr,
601 rsnie_len,
602 &EAPOLPKT);
603
604
605 MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pCurrentAddr, EAPOL);
606
607 RTMPToWirelessSta(pAd, pEntry,
608 Header802_3, sizeof(Header802_3), (PUCHAR)&EAPOLPKT,
609 CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4, TRUE);
610
611 DBGPRINT(RT_DEBUG_TRACE, ("<=== PeerPairMsg1Action: send Msg2 of 4-way \n"));
612}
613
614
615
616
617
618
619
620
621
622VOID PeerPairMsg2Action(
623 IN PRTMP_ADAPTER pAd,
624 IN MAC_TABLE_ENTRY *pEntry,
625 IN MLME_QUEUE_ELEM *Elem)
626{
627 UCHAR PTK[80];
628 BOOLEAN Cancelled;
629 PHEADER_802_11 pHeader;
630 EAPOL_PACKET EAPOLPKT;
631 PEAPOL_PACKET pMsg2;
632 UINT MsgLen;
633 UCHAR Header802_3[LENGTH_802_3];
634 UCHAR TxTsc[6];
635 PUINT8 pBssid = NULL;
636 PUINT8 pmk_ptr = NULL;
637 PUINT8 gtk_ptr = NULL;
638 UCHAR default_key = 0;
639 UCHAR group_cipher = Ndis802_11WEPDisabled;
640 PUINT8 rsnie_ptr = NULL;
641 UCHAR rsnie_len = 0;
642
643 DBGPRINT(RT_DEBUG_TRACE, ("===> PeerPairMsg2Action \n"));
644
645 if ((!pEntry) || (!pEntry->ValidAsCLI))
646 return;
647
648 if (Elem->MsgLen < (LENGTH_802_11 + LENGTH_802_1_H + LENGTH_EAPOL_H + sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE - 2))
649 return;
650
651
652 if (pEntry->WpaState < AS_PTKSTART)
653 return;
654
655
656
657
658 pHeader = (PHEADER_802_11)Elem->Msg;
659
660
661 pMsg2 = (PEAPOL_PACKET)&Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
662 MsgLen = Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H;
663
664
665 NdisMoveMemory(pEntry->SNonce, pMsg2->KeyDesc.KeyNonce, LEN_KEY_DESC_NONCE);
666
667 {
668
669 WpaDerivePTK(pAd,
670 (UCHAR *)pmk_ptr,
671 pEntry->ANonce,
672 (UCHAR *)pBssid,
673 pEntry->SNonce,
674 pEntry->Addr,
675 PTK,
676 LEN_PTK);
677
678 NdisMoveMemory(pEntry->PTK, PTK, LEN_PTK);
679 }
680
681
682 if (PeerWpaMessageSanity(pAd, pMsg2, MsgLen, EAPOL_PAIR_MSG_2, pEntry) == FALSE)
683 return;
684
685 do
686 {
687
688 RTMPCancelTimer(&pEntry->RetryTimer, &Cancelled);
689
690
691 pEntry->WpaState = AS_PTKINIT_NEGOTIATING;
692
693
694 ADD_ONE_To_64BIT_VAR(pEntry->R_Counter);
695
696
697 NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
698 ConstructEapolMsg(pEntry,
699 group_cipher,
700 EAPOL_PAIR_MSG_3,
701 default_key,
702 pEntry->ANonce,
703 TxTsc,
704 (UCHAR *)gtk_ptr,
705 (UCHAR *)rsnie_ptr,
706 rsnie_len,
707 &EAPOLPKT);
708
709
710 MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pBssid, EAPOL);
711 RTMPToWirelessSta(pAd, pEntry, Header802_3, LENGTH_802_3,
712 (PUCHAR)&EAPOLPKT,
713 CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4,
714 (pEntry->PortSecured == WPA_802_1X_PORT_SECURED) ? FALSE : TRUE);
715
716 pEntry->ReTryCounter = PEER_MSG3_RETRY_TIMER_CTR;
717 RTMPSetTimer(&pEntry->RetryTimer, PEER_MSG3_RETRY_EXEC_INTV);
718
719
720 pEntry->WpaState = AS_PTKINIT_NEGOTIATING;
721 }while(FALSE);
722
723 DBGPRINT(RT_DEBUG_TRACE, ("<=== PeerPairMsg2Action: send Msg3 of 4-way \n"));
724}
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743VOID PeerPairMsg3Action(
744 IN PRTMP_ADAPTER pAd,
745 IN MAC_TABLE_ENTRY *pEntry,
746 IN MLME_QUEUE_ELEM *Elem)
747{
748 PHEADER_802_11 pHeader;
749 UCHAR Header802_3[14];
750 EAPOL_PACKET EAPOLPKT;
751 PEAPOL_PACKET pMsg3;
752 UINT MsgLen;
753 PUINT8 pCurrentAddr = NULL;
754 UCHAR group_cipher = Ndis802_11WEPDisabled;
755
756 DBGPRINT(RT_DEBUG_TRACE, ("===> PeerPairMsg3Action \n"));
757
758 if ((!pEntry) || ((!pEntry->ValidAsCLI) && (!pEntry->ValidAsApCli)))
759 return;
760
761 if (Elem->MsgLen < (LENGTH_802_11 + LENGTH_802_1_H + LENGTH_EAPOL_H + sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE - 2))
762 return;
763
764#ifdef CONFIG_STA_SUPPORT
765 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
766 {
767 pCurrentAddr = pAd->CurrentAddress;
768 group_cipher = pAd->StaCfg.GroupCipher;
769
770 }
771#endif
772
773
774 pHeader = (PHEADER_802_11) Elem->Msg;
775 pMsg3 = (PEAPOL_PACKET) &Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
776 MsgLen = Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H;
777
778
779 if (PeerWpaMessageSanity(pAd, pMsg3, MsgLen, EAPOL_PAIR_MSG_3, pEntry) == FALSE)
780 return;
781
782
783 NdisMoveMemory(pEntry->R_Counter, pMsg3->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
784
785
786 if (!NdisEqualMemory(pEntry->ANonce, pMsg3->KeyDesc.KeyNonce, LEN_KEY_DESC_NONCE))
787 {
788 return;
789 }
790
791
792 NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
793 ConstructEapolMsg(pEntry,
794 group_cipher,
795 EAPOL_PAIR_MSG_4,
796 0,
797 NULL,
798 NULL,
799 NULL,
800 NULL,
801 0,
802 &EAPOLPKT);
803
804
805 pEntry->WpaState = AS_PTKINITDONE;
806
807
808#ifdef CONFIG_STA_SUPPORT
809 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
810 {
811 PCIPHER_KEY pSharedKey;
812
813 pSharedKey = &pAd->SharedKey[BSS0][0];
814
815 NdisMoveMemory(pAd->StaCfg.PTK, pEntry->PTK, LEN_PTK);
816
817
818 NdisZeroMemory(pSharedKey, sizeof(CIPHER_KEY));
819 pSharedKey->KeyLen = LEN_TKIP_EK;
820 NdisMoveMemory(pSharedKey->Key, &pAd->StaCfg.PTK[32], LEN_TKIP_EK);
821 NdisMoveMemory(pSharedKey->RxMic, &pAd->StaCfg.PTK[48], LEN_TKIP_RXMICK);
822 NdisMoveMemory(pSharedKey->TxMic, &pAd->StaCfg.PTK[48+LEN_TKIP_RXMICK], LEN_TKIP_TXMICK);
823
824
825 if (pAd->StaCfg.PairCipher == Ndis802_11Encryption2Enabled)
826 pSharedKey->CipherAlg = CIPHER_TKIP;
827 else if (pAd->StaCfg.PairCipher == Ndis802_11Encryption3Enabled)
828 pSharedKey->CipherAlg = CIPHER_AES;
829 else
830 pSharedKey->CipherAlg = CIPHER_NONE;
831
832
833 pEntry = &pAd->MacTab.Content[BSSID_WCID];
834 NdisMoveMemory(pEntry->PairwiseKey.Key, &pAd->StaCfg.PTK[32], LEN_TKIP_EK);
835 NdisMoveMemory(pEntry->PairwiseKey.RxMic, &pAd->StaCfg.PTK[48], LEN_TKIP_RXMICK);
836 NdisMoveMemory(pEntry->PairwiseKey.TxMic, &pAd->StaCfg.PTK[48+LEN_TKIP_RXMICK], LEN_TKIP_TXMICK);
837 pEntry->PairwiseKey.CipherAlg = pSharedKey->CipherAlg;
838
839
840 AsicAddSharedKeyEntry(pAd,
841 BSS0,
842 0,
843 pSharedKey->CipherAlg,
844 pSharedKey->Key,
845 pSharedKey->TxMic,
846 pSharedKey->RxMic);
847
848
849 RTMPAddWcidAttributeEntry(pAd,
850 BSS0,
851 0,
852 pSharedKey->CipherAlg,
853 pEntry);
854
855 }
856#endif
857
858
859 if (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK ||
860 pEntry->AuthMode == Ndis802_11AuthModeWPA2)
861 {
862 pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
863 pEntry->PrivacyFilter = Ndis802_11PrivFilterAcceptAll;
864
865#ifdef CONFIG_STA_SUPPORT
866 STA_PORT_SECURED(pAd);
867
868 pAd->IndicateMediaState = NdisMediaStateConnected;
869#endif
870 DBGPRINT(RT_DEBUG_TRACE, ("PeerPairMsg3Action: AuthMode(%s) PairwiseCipher(%s) GroupCipher(%s) \n",
871 GetAuthMode(pEntry->AuthMode),
872 GetEncryptType(pEntry->WepStatus),
873 GetEncryptType(group_cipher)));
874 }
875 else
876 {
877 }
878
879
880 MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pCurrentAddr, EAPOL);
881 RTMPToWirelessSta(pAd, pEntry,
882 Header802_3, sizeof(Header802_3),
883 (PUCHAR)&EAPOLPKT,
884 CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4, TRUE);
885
886 DBGPRINT(RT_DEBUG_TRACE, ("<=== PeerPairMsg3Action: send Msg4 of 4-way \n"));
887}
888
889
890
891
892
893
894
895
896
897VOID PeerPairMsg4Action(
898 IN PRTMP_ADAPTER pAd,
899 IN MAC_TABLE_ENTRY *pEntry,
900 IN MLME_QUEUE_ELEM *Elem)
901{
902 PEAPOL_PACKET pMsg4;
903 PHEADER_802_11 pHeader;
904 UINT MsgLen;
905 BOOLEAN Cancelled;
906 UCHAR group_cipher = Ndis802_11WEPDisabled;
907
908 DBGPRINT(RT_DEBUG_TRACE, ("===> PeerPairMsg4Action\n"));
909
910 do
911 {
912 if ((!pEntry) || (!pEntry->ValidAsCLI))
913 break;
914
915 if (Elem->MsgLen < (LENGTH_802_11 + LENGTH_802_1_H + LENGTH_EAPOL_H + sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE - 2 ) )
916 break;
917
918 if (pEntry->WpaState < AS_PTKINIT_NEGOTIATING)
919 break;
920
921
922
923 pHeader = (PHEADER_802_11)Elem->Msg;
924
925
926 pMsg4 = (PEAPOL_PACKET)&Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
927 MsgLen = Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H;
928
929
930 if (PeerWpaMessageSanity(pAd, pMsg4, MsgLen, EAPOL_PAIR_MSG_4, pEntry) == FALSE)
931 break;
932
933
934 NdisZeroMemory(&pEntry->PairwiseKey, sizeof(CIPHER_KEY));
935
936
937 AsicUpdateWCIDIVEIV(pAd, pEntry->Aid, 1, 0);
938
939 pEntry->PairwiseKey.KeyLen = LEN_TKIP_EK;
940 NdisMoveMemory(pEntry->PairwiseKey.Key, &pEntry->PTK[32], LEN_TKIP_EK);
941 NdisMoveMemory(pEntry->PairwiseKey.RxMic, &pEntry->PTK[TKIP_AP_RXMICK_OFFSET], LEN_TKIP_RXMICK);
942 NdisMoveMemory(pEntry->PairwiseKey.TxMic, &pEntry->PTK[TKIP_AP_TXMICK_OFFSET], LEN_TKIP_TXMICK);
943
944
945 {
946 pEntry->PairwiseKey.CipherAlg = CIPHER_NONE;
947 if (pEntry->WepStatus == Ndis802_11Encryption2Enabled)
948 pEntry->PairwiseKey.CipherAlg = CIPHER_TKIP;
949 else if (pEntry->WepStatus == Ndis802_11Encryption3Enabled)
950 pEntry->PairwiseKey.CipherAlg = CIPHER_AES;
951
952
953 AsicAddPairwiseKeyEntry(
954 pAd,
955 pEntry->Addr,
956 (UCHAR)pEntry->Aid,
957 &pEntry->PairwiseKey);
958
959
960 RTMPAddWcidAttributeEntry(
961 pAd,
962 pEntry->apidx,
963 0,
964 pEntry->PairwiseKey.CipherAlg,
965 pEntry);
966 }
967
968
969 pEntry->PrivacyFilter = Ndis802_11PrivFilterAcceptAll;
970 pEntry->WpaState = AS_PTKINITDONE;
971 pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
972
973
974 if (pEntry->AuthMode == Ndis802_11AuthModeWPA2 ||
975 pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK)
976 {
977 pEntry->GTKState = REKEY_ESTABLISHED;
978 RTMPCancelTimer(&pEntry->RetryTimer, &Cancelled);
979
980
981
982 if (pAd->CommonCfg.bWirelessEvent)
983 RTMPSendWirelessEvent(pAd, IW_SET_KEY_DONE_WPA2_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
984
985 DBGPRINT(RT_DEBUG_OFF, ("AP SETKEYS DONE - WPA2, AuthMode(%d)=%s, WepStatus(%d)=%s, GroupWepStatus(%d)=%s\n\n",
986 pEntry->AuthMode, GetAuthMode(pEntry->AuthMode),
987 pEntry->WepStatus, GetEncryptType(pEntry->WepStatus),
988 group_cipher,
989 GetEncryptType(group_cipher)));
990 }
991 else
992 {
993
994 WPAStart2WayGroupHS(pAd, pEntry);
995
996 pEntry->ReTryCounter = GROUP_MSG1_RETRY_TIMER_CTR;
997 RTMPModTimer(&pEntry->RetryTimer, PEER_MSG3_RETRY_EXEC_INTV);
998 }
999 }while(FALSE);
1000
1001}
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011VOID WPAStart2WayGroupHS(
1012 IN PRTMP_ADAPTER pAd,
1013 IN MAC_TABLE_ENTRY *pEntry)
1014{
1015 UCHAR Header802_3[14];
1016 UCHAR TxTsc[6];
1017 EAPOL_PACKET EAPOLPKT;
1018 UCHAR group_cipher = Ndis802_11WEPDisabled;
1019 UCHAR default_key = 0;
1020 PUINT8 gnonce_ptr = NULL;
1021 PUINT8 gtk_ptr = NULL;
1022 PUINT8 pBssid = NULL;
1023
1024 DBGPRINT(RT_DEBUG_TRACE, ("===> WPAStart2WayGroupHS\n"));
1025
1026 if ((!pEntry) || (!pEntry->ValidAsCLI))
1027 return;
1028
1029
1030 do
1031 {
1032
1033 ADD_ONE_To_64BIT_VAR(pEntry->R_Counter);
1034
1035
1036 NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
1037 ConstructEapolMsg(pEntry,
1038 group_cipher,
1039 EAPOL_GROUP_MSG_1,
1040 default_key,
1041 (UCHAR *)gnonce_ptr,
1042 TxTsc,
1043 (UCHAR *)gtk_ptr,
1044 NULL,
1045 0,
1046 &EAPOLPKT);
1047
1048
1049 MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pBssid, EAPOL);
1050 RTMPToWirelessSta(pAd, pEntry,
1051 Header802_3, LENGTH_802_3,
1052 (PUCHAR)&EAPOLPKT,
1053 CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4, FALSE);
1054
1055
1056
1057 }while (FALSE);
1058
1059 DBGPRINT(RT_DEBUG_TRACE, ("<=== WPAStart2WayGroupHS : send out Group Message 1 \n"));
1060
1061 return;
1062}
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081VOID PeerGroupMsg1Action(
1082 IN PRTMP_ADAPTER pAd,
1083 IN MAC_TABLE_ENTRY *pEntry,
1084 IN MLME_QUEUE_ELEM *Elem)
1085{
1086 UCHAR Header802_3[14];
1087 EAPOL_PACKET EAPOLPKT;
1088 PEAPOL_PACKET pGroup;
1089 UINT MsgLen;
1090 BOOLEAN Cancelled;
1091 UCHAR default_key = 0;
1092 UCHAR group_cipher = Ndis802_11WEPDisabled;
1093 PUINT8 pCurrentAddr = NULL;
1094
1095 DBGPRINT(RT_DEBUG_TRACE, ("===> PeerGroupMsg1Action \n"));
1096
1097 if ((!pEntry) || ((!pEntry->ValidAsCLI) && (!pEntry->ValidAsApCli)))
1098 return;
1099
1100#ifdef CONFIG_STA_SUPPORT
1101 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
1102 {
1103 pCurrentAddr = pAd->CurrentAddress;
1104 group_cipher = pAd->StaCfg.GroupCipher;
1105 default_key = pAd->StaCfg.DefaultKeyId;
1106 }
1107#endif
1108
1109
1110 pGroup = (PEAPOL_PACKET) &Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
1111 MsgLen = Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H;
1112
1113
1114 if (PeerWpaMessageSanity(pAd, pGroup, MsgLen, EAPOL_GROUP_MSG_1, pEntry) == FALSE)
1115 return;
1116
1117
1118 RTMPCancelTimer(&pEntry->RetryTimer, &Cancelled);
1119
1120
1121 NdisMoveMemory(pEntry->R_Counter, pGroup->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
1122
1123
1124 NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
1125 ConstructEapolMsg(pEntry,
1126 group_cipher,
1127 EAPOL_GROUP_MSG_2,
1128 default_key,
1129 NULL,
1130 NULL,
1131 NULL,
1132 NULL,
1133 0,
1134 &EAPOLPKT);
1135
1136
1137 pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
1138 pEntry->PrivacyFilter = Ndis802_11PrivFilterAcceptAll;
1139
1140#ifdef CONFIG_STA_SUPPORT
1141 STA_PORT_SECURED(pAd);
1142
1143 pAd->IndicateMediaState = NdisMediaStateConnected;
1144#endif
1145
1146 DBGPRINT(RT_DEBUG_TRACE, ("PeerGroupMsg1Action: AuthMode(%s) PairwiseCipher(%s) GroupCipher(%s) \n",
1147 GetAuthMode(pEntry->AuthMode),
1148 GetEncryptType(pEntry->WepStatus),
1149 GetEncryptType(group_cipher)));
1150
1151
1152 MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pCurrentAddr, EAPOL);
1153 RTMPToWirelessSta(pAd, pEntry,
1154 Header802_3, sizeof(Header802_3),
1155 (PUCHAR)&EAPOLPKT,
1156 CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4, FALSE);
1157
1158 DBGPRINT(RT_DEBUG_TRACE, ("<=== PeerGroupMsg1Action: sned group message 2\n"));
1159}
1160
1161
1162
1163
1164
1165
1166
1167
1168VOID PeerGroupMsg2Action(
1169 IN PRTMP_ADAPTER pAd,
1170 IN MAC_TABLE_ENTRY *pEntry,
1171 IN VOID *Msg,
1172 IN UINT MsgLen)
1173{
1174 UINT Len;
1175 PUCHAR pData;
1176 BOOLEAN Cancelled;
1177 PEAPOL_PACKET pMsg2;
1178 UCHAR group_cipher = Ndis802_11WEPDisabled;
1179
1180 DBGPRINT(RT_DEBUG_TRACE, ("===> PeerGroupMsg2Action \n"));
1181
1182 do
1183 {
1184 if ((!pEntry) || (!pEntry->ValidAsCLI))
1185 break;
1186
1187 if (MsgLen < (LENGTH_802_1_H + LENGTH_EAPOL_H + sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE - 2))
1188 break;
1189
1190 if (pEntry->WpaState != AS_PTKINITDONE)
1191 break;
1192
1193
1194 pData = (PUCHAR)Msg;
1195 pMsg2 = (PEAPOL_PACKET) (pData + LENGTH_802_1_H);
1196 Len = MsgLen - LENGTH_802_1_H;
1197
1198
1199 if (PeerWpaMessageSanity(pAd, pMsg2, Len, EAPOL_GROUP_MSG_2, pEntry) == FALSE)
1200 break;
1201
1202
1203
1204 RTMPCancelTimer(&pEntry->RetryTimer, &Cancelled);
1205 pEntry->GTKState = REKEY_ESTABLISHED;
1206
1207 if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) || (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK))
1208 {
1209
1210 if (pAd->CommonCfg.bWirelessEvent)
1211 RTMPSendWirelessEvent(pAd, IW_SET_KEY_DONE_WPA2_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
1212
1213 DBGPRINT(RT_DEBUG_OFF, ("AP SETKEYS DONE - WPA2, AuthMode(%d)=%s, WepStatus(%d)=%s, GroupWepStatus(%d)=%s\n\n",
1214 pEntry->AuthMode, GetAuthMode(pEntry->AuthMode),
1215 pEntry->WepStatus, GetEncryptType(pEntry->WepStatus),
1216 group_cipher, GetEncryptType(group_cipher)));
1217 }
1218 else
1219 {
1220
1221 if (pAd->CommonCfg.bWirelessEvent)
1222 RTMPSendWirelessEvent(pAd, IW_SET_KEY_DONE_WPA1_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
1223
1224 DBGPRINT(RT_DEBUG_OFF, ("AP SETKEYS DONE - WPA1, AuthMode(%d)=%s, WepStatus(%d)=%s, GroupWepStatus(%d)=%s\n\n",
1225 pEntry->AuthMode, GetAuthMode(pEntry->AuthMode),
1226 pEntry->WepStatus, GetEncryptType(pEntry->WepStatus),
1227 group_cipher, GetEncryptType(group_cipher)));
1228 }
1229 }while(FALSE);
1230}
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254BOOLEAN WpaMsgTypeSubst(
1255 IN UCHAR EAPType,
1256 OUT INT *MsgType)
1257{
1258 switch (EAPType)
1259 {
1260 case EAPPacket:
1261 *MsgType = MT2_EAPPacket;
1262 break;
1263 case EAPOLStart:
1264 *MsgType = MT2_EAPOLStart;
1265 break;
1266 case EAPOLLogoff:
1267 *MsgType = MT2_EAPOLLogoff;
1268 break;
1269 case EAPOLKey:
1270 *MsgType = MT2_EAPOLKey;
1271 break;
1272 case EAPOLASFAlert:
1273 *MsgType = MT2_EAPOLASFAlert;
1274 break;
1275 default:
1276 return FALSE;
1277 }
1278 return TRUE;
1279}
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308VOID PRF(
1309 IN UCHAR *key,
1310 IN INT key_len,
1311 IN UCHAR *prefix,
1312 IN INT prefix_len,
1313 IN UCHAR *data,
1314 IN INT data_len,
1315 OUT UCHAR *output,
1316 IN INT len)
1317{
1318 INT i;
1319 UCHAR *input;
1320 INT currentindex = 0;
1321 INT total_len;
1322
1323
1324 os_alloc_mem(NULL, (PUCHAR *)&input, 1024);
1325
1326 if (input == NULL)
1327 {
1328 DBGPRINT(RT_DEBUG_ERROR, ("!!!PRF: no memory!!!\n"));
1329 return;
1330 }
1331
1332
1333 NdisMoveMemory(input, prefix, prefix_len);
1334
1335
1336 input[prefix_len] = 0;
1337
1338
1339 NdisMoveMemory(&input[prefix_len + 1], data, data_len);
1340 total_len = prefix_len + 1 + data_len;
1341
1342
1343
1344 input[total_len] = 0;
1345 total_len++;
1346
1347
1348
1349 for (i = 0; i < (len + 19) / 20; i++)
1350 {
1351 HMAC_SHA1(key, key_len, input, total_len, &output[currentindex], SHA1_DIGEST_SIZE);
1352 currentindex += 20;
1353
1354
1355 input[total_len - 1]++;
1356 }
1357 os_free_mem(NULL, input);
1358}
1359
1360
1361
1362
1363
1364
1365
1366
1367static void F(char *password, unsigned char *ssid, int ssidlength, int iterations, int count, unsigned char *output)
1368{
1369 unsigned char digest[36], digest1[SHA1_DIGEST_SIZE];
1370 int i, j;
1371
1372
1373 memcpy(digest, ssid, ssidlength);
1374 digest[ssidlength] = (unsigned char)((count>>24) & 0xff);
1375 digest[ssidlength+1] = (unsigned char)((count>>16) & 0xff);
1376 digest[ssidlength+2] = (unsigned char)((count>>8) & 0xff);
1377 digest[ssidlength+3] = (unsigned char)(count & 0xff);
1378 HMAC_SHA1((unsigned char*) password, (int) strlen(password), digest, ssidlength+4, digest1, SHA1_DIGEST_SIZE);
1379
1380
1381 memcpy(output, digest1, SHA1_DIGEST_SIZE);
1382
1383 for (i = 1; i < iterations; i++)
1384 {
1385
1386 HMAC_SHA1((unsigned char*) password, (int) strlen(password), digest1, SHA1_DIGEST_SIZE, digest, SHA1_DIGEST_SIZE);
1387 memcpy(digest1, digest, SHA1_DIGEST_SIZE);
1388
1389
1390 for (j = 0; j < SHA1_DIGEST_SIZE; j++)
1391 {
1392 output[j] ^= digest[j];
1393 }
1394 }
1395}
1396
1397
1398
1399
1400
1401
1402
1403int PasswordHash(PSTRING password, PUCHAR ssid, INT ssidlength, PUCHAR output)
1404{
1405 if ((strlen(password) > 63) || (ssidlength > 32))
1406 return 0;
1407
1408 F(password, ssid, ssidlength, 4096, 1, output);
1409 F(password, ssid, ssidlength, 4096, 2, &output[SHA1_DIGEST_SIZE]);
1410 return 1;
1411}
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439VOID WpaDerivePTK(
1440 IN PRTMP_ADAPTER pAd,
1441 IN UCHAR *PMK,
1442 IN UCHAR *ANonce,
1443 IN UCHAR *AA,
1444 IN UCHAR *SNonce,
1445 IN UCHAR *SA,
1446 OUT UCHAR *output,
1447 IN UINT len)
1448{
1449 UCHAR concatenation[76];
1450 UINT CurrPos = 0;
1451 UCHAR temp[32];
1452 UCHAR Prefix[] = {'P', 'a', 'i', 'r', 'w', 'i', 's', 'e', ' ', 'k', 'e', 'y', ' ',
1453 'e', 'x', 'p', 'a', 'n', 's', 'i', 'o', 'n'};
1454
1455
1456 NdisZeroMemory(temp, sizeof(temp));
1457 NdisZeroMemory(concatenation, 76);
1458
1459
1460 if (RTMPCompareMemory(SA, AA, 6) == 1)
1461 NdisMoveMemory(concatenation, AA, 6);
1462 else
1463 NdisMoveMemory(concatenation, SA, 6);
1464 CurrPos += 6;
1465
1466
1467 if (RTMPCompareMemory(SA, AA, 6) == 1)
1468 NdisMoveMemory(&concatenation[CurrPos], SA, 6);
1469 else
1470 NdisMoveMemory(&concatenation[CurrPos], AA, 6);
1471
1472
1473
1474 NdisMoveMemory(temp, &concatenation[CurrPos], MAC_ADDR_LEN);
1475 CurrPos += 6;
1476
1477
1478 if (RTMPCompareMemory(ANonce, SNonce, 32) == 0)
1479 NdisMoveMemory(&concatenation[CurrPos], temp, 32);
1480 else if (RTMPCompareMemory(ANonce, SNonce, 32) == 1)
1481 NdisMoveMemory(&concatenation[CurrPos], SNonce, 32);
1482 else
1483 NdisMoveMemory(&concatenation[CurrPos], ANonce, 32);
1484 CurrPos += 32;
1485
1486
1487 if (RTMPCompareMemory(ANonce, SNonce, 32) == 0)
1488 NdisMoveMemory(&concatenation[CurrPos], temp, 32);
1489 else if (RTMPCompareMemory(ANonce, SNonce, 32) == 1)
1490 NdisMoveMemory(&concatenation[CurrPos], ANonce, 32);
1491 else
1492 NdisMoveMemory(&concatenation[CurrPos], SNonce, 32);
1493 CurrPos += 32;
1494
1495 hex_dump("concatenation=", concatenation, 76);
1496
1497
1498 PRF(PMK, LEN_MASTER_KEY, Prefix, 22, concatenation, 76, output, len);
1499
1500}
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519VOID GenRandom(
1520 IN PRTMP_ADAPTER pAd,
1521 IN UCHAR *macAddr,
1522 OUT UCHAR *random)
1523{
1524 INT i, curr;
1525 UCHAR local[80], KeyCounter[32];
1526 UCHAR result[80];
1527 ULONG CurrentTime;
1528 UCHAR prefix[] = {'I', 'n', 'i', 't', ' ', 'C', 'o', 'u', 'n', 't', 'e', 'r'};
1529
1530
1531 NdisZeroMemory(result, 80);
1532 NdisZeroMemory(local, 80);
1533 NdisZeroMemory(KeyCounter, 32);
1534
1535 for (i = 0; i < 32; i++)
1536 {
1537
1538 COPY_MAC_ADDR(local, macAddr);
1539 curr = MAC_ADDR_LEN;
1540
1541
1542 NdisGetSystemUpTime(&CurrentTime);
1543 NdisMoveMemory(&local[curr], &CurrentTime, sizeof(CurrentTime));
1544 curr += sizeof(CurrentTime);
1545
1546
1547 NdisMoveMemory(&local[curr], result, 32);
1548 curr += 32;
1549
1550
1551 NdisMoveMemory(&local[curr], &i, 2);
1552 curr += 2;
1553
1554
1555 PRF(KeyCounter, 32, prefix,12, local, curr, result, 32);
1556 }
1557
1558 NdisMoveMemory(random, result, 32);
1559}
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581static VOID RTMPMakeRsnIeCipher(
1582 IN PRTMP_ADAPTER pAd,
1583 IN UCHAR ElementID,
1584 IN UINT WepStatus,
1585 IN BOOLEAN bMixCipher,
1586 IN UCHAR FlexibleCipher,
1587 OUT PUCHAR pRsnIe,
1588 OUT UCHAR *rsn_len)
1589{
1590 UCHAR PairwiseCnt;
1591
1592 *rsn_len = 0;
1593
1594
1595 if (ElementID == Wpa2Ie)
1596 {
1597 RSNIE2 *pRsnie_cipher = (RSNIE2*)pRsnIe;
1598
1599
1600 pRsnie_cipher->version = 1;
1601
1602 switch (WepStatus)
1603 {
1604
1605 case Ndis802_11Encryption2Enabled:
1606 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_TKIP, 4);
1607 pRsnie_cipher->ucount = 1;
1608 NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA2_TKIP, 4);
1609 *rsn_len = sizeof(RSNIE2);
1610 break;
1611
1612
1613 case Ndis802_11Encryption3Enabled:
1614 if (bMixCipher)
1615 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_TKIP, 4);
1616 else
1617 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_CCMP, 4);
1618 pRsnie_cipher->ucount = 1;
1619 NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA2_CCMP, 4);
1620 *rsn_len = sizeof(RSNIE2);
1621 break;
1622
1623
1624 case Ndis802_11Encryption4Enabled:
1625 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_TKIP, 4);
1626
1627 PairwiseCnt = 1;
1628
1629 if (MIX_CIPHER_WPA2_TKIP_ON(FlexibleCipher))
1630 {
1631 NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA2_TKIP, 4);
1632
1633 if (MIX_CIPHER_WPA2_AES_ON(FlexibleCipher))
1634 {
1635 NdisMoveMemory(pRsnie_cipher->ucast[0].oui + 4, OUI_WPA2_CCMP, 4);
1636 PairwiseCnt = 2;
1637 }
1638 }
1639 else
1640 {
1641
1642 NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA2_CCMP, 4);
1643 }
1644
1645 pRsnie_cipher->ucount = PairwiseCnt;
1646 *rsn_len = sizeof(RSNIE2) + (4 * (PairwiseCnt - 1));
1647 break;
1648 }
1649
1650#ifdef CONFIG_STA_SUPPORT
1651 if ((pAd->OpMode == OPMODE_STA) &&
1652 (pAd->StaCfg.GroupCipher != Ndis802_11Encryption2Enabled) &&
1653 (pAd->StaCfg.GroupCipher != Ndis802_11Encryption3Enabled))
1654 {
1655 UINT GroupCipher = pAd->StaCfg.GroupCipher;
1656 switch(GroupCipher)
1657 {
1658 case Ndis802_11GroupWEP40Enabled:
1659 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_WEP40, 4);
1660 break;
1661 case Ndis802_11GroupWEP104Enabled:
1662 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_WEP104, 4);
1663 break;
1664 }
1665 }
1666#endif
1667
1668
1669 pRsnie_cipher->version = cpu2le16(pRsnie_cipher->version);
1670 pRsnie_cipher->ucount = cpu2le16(pRsnie_cipher->ucount);
1671 }
1672 else
1673 {
1674 RSNIE *pRsnie_cipher = (RSNIE*)pRsnIe;
1675
1676
1677 NdisMoveMemory(pRsnie_cipher->oui, OUI_WPA_VERSION, 4);
1678 pRsnie_cipher->version = 1;
1679
1680 switch (WepStatus)
1681 {
1682
1683 case Ndis802_11Encryption2Enabled:
1684 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_TKIP, 4);
1685 pRsnie_cipher->ucount = 1;
1686 NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA_TKIP, 4);
1687 *rsn_len = sizeof(RSNIE);
1688 break;
1689
1690
1691 case Ndis802_11Encryption3Enabled:
1692 if (bMixCipher)
1693 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_TKIP, 4);
1694 else
1695 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_CCMP, 4);
1696 pRsnie_cipher->ucount = 1;
1697 NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA_CCMP, 4);
1698 *rsn_len = sizeof(RSNIE);
1699 break;
1700
1701
1702 case Ndis802_11Encryption4Enabled:
1703 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_TKIP, 4);
1704
1705 PairwiseCnt = 1;
1706
1707 if (MIX_CIPHER_WPA_TKIP_ON(FlexibleCipher))
1708 {
1709 NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA_TKIP, 4);
1710
1711 if (MIX_CIPHER_WPA_AES_ON(FlexibleCipher))
1712 {
1713 NdisMoveMemory(pRsnie_cipher->ucast[0].oui + 4, OUI_WPA_CCMP, 4);
1714 PairwiseCnt = 2;
1715 }
1716 }
1717 else
1718 {
1719
1720 NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA_CCMP, 4);
1721 }
1722
1723 pRsnie_cipher->ucount = PairwiseCnt;
1724 *rsn_len = sizeof(RSNIE) + (4 * (PairwiseCnt - 1));
1725 break;
1726 }
1727
1728#ifdef CONFIG_STA_SUPPORT
1729 if ((pAd->OpMode == OPMODE_STA) &&
1730 (pAd->StaCfg.GroupCipher != Ndis802_11Encryption2Enabled) &&
1731 (pAd->StaCfg.GroupCipher != Ndis802_11Encryption3Enabled))
1732 {
1733 UINT GroupCipher = pAd->StaCfg.GroupCipher;
1734 switch(GroupCipher)
1735 {
1736 case Ndis802_11GroupWEP40Enabled:
1737 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_WEP40, 4);
1738 break;
1739 case Ndis802_11GroupWEP104Enabled:
1740 NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_WEP104, 4);
1741 break;
1742 }
1743 }
1744#endif
1745
1746
1747 pRsnie_cipher->version = cpu2le16(pRsnie_cipher->version);
1748 pRsnie_cipher->ucount = cpu2le16(pRsnie_cipher->ucount);
1749 }
1750}
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771static VOID RTMPMakeRsnIeAKM(
1772 IN PRTMP_ADAPTER pAd,
1773 IN UCHAR ElementID,
1774 IN UINT AuthMode,
1775 IN UCHAR apidx,
1776 OUT PUCHAR pRsnIe,
1777 OUT UCHAR *rsn_len)
1778{
1779 RSNIE_AUTH *pRsnie_auth;
1780 UCHAR AkmCnt = 1;
1781
1782 pRsnie_auth = (RSNIE_AUTH*)(pRsnIe + (*rsn_len));
1783
1784
1785 if (ElementID == Wpa2Ie)
1786 {
1787
1788 switch (AuthMode)
1789 {
1790 case Ndis802_11AuthModeWPA2:
1791 case Ndis802_11AuthModeWPA1WPA2:
1792 NdisMoveMemory(pRsnie_auth->auth[0].oui, OUI_WPA2_8021X_AKM, 4);
1793 break;
1794
1795 case Ndis802_11AuthModeWPA2PSK:
1796 case Ndis802_11AuthModeWPA1PSKWPA2PSK:
1797 NdisMoveMemory(pRsnie_auth->auth[0].oui, OUI_WPA2_PSK_AKM, 4);
1798 break;
1799 default:
1800 AkmCnt = 0;
1801 break;
1802
1803 }
1804 }
1805 else
1806 {
1807 switch (AuthMode)
1808 {
1809 case Ndis802_11AuthModeWPA:
1810 case Ndis802_11AuthModeWPA1WPA2:
1811 NdisMoveMemory(pRsnie_auth->auth[0].oui, OUI_WPA_8021X_AKM, 4);
1812 break;
1813
1814 case Ndis802_11AuthModeWPAPSK:
1815 case Ndis802_11AuthModeWPA1PSKWPA2PSK:
1816 NdisMoveMemory(pRsnie_auth->auth[0].oui, OUI_WPA_PSK_AKM, 4);
1817 break;
1818
1819 case Ndis802_11AuthModeWPANone:
1820 NdisMoveMemory(pRsnie_auth->auth[0].oui, OUI_WPA_NONE_AKM, 4);
1821 break;
1822 default:
1823 AkmCnt = 0;
1824 break;
1825 }
1826 }
1827
1828 pRsnie_auth->acount = AkmCnt;
1829 pRsnie_auth->acount = cpu2le16(pRsnie_auth->acount);
1830
1831
1832 (*rsn_len) += (sizeof(RSNIE_AUTH) + (4 * (AkmCnt - 1)));
1833
1834}
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854static VOID RTMPMakeRsnIeCap(
1855 IN PRTMP_ADAPTER pAd,
1856 IN UCHAR ElementID,
1857 IN UCHAR apidx,
1858 OUT PUCHAR pRsnIe,
1859 OUT UCHAR *rsn_len)
1860{
1861 RSN_CAPABILITIES *pRSN_Cap;
1862
1863
1864 if (ElementID == WpaIe)
1865 return;
1866
1867 pRSN_Cap = (RSN_CAPABILITIES*)(pRsnIe + (*rsn_len));
1868
1869
1870 pRSN_Cap->word = cpu2le16(pRSN_Cap->word);
1871
1872 (*rsn_len) += sizeof(RSN_CAPABILITIES);
1873
1874}
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895VOID RTMPMakeRSNIE(
1896 IN PRTMP_ADAPTER pAd,
1897 IN UINT AuthMode,
1898 IN UINT WepStatus,
1899 IN UCHAR apidx)
1900{
1901 PUCHAR pRsnIe = NULL;
1902 UCHAR *rsnielen_cur_p = 0;
1903 UCHAR *rsnielen_ex_cur_p = 0;
1904 UCHAR PrimaryRsnie;
1905 BOOLEAN bMixCipher = FALSE;
1906 UCHAR p_offset;
1907 WPA_MIX_PAIR_CIPHER FlexibleCipher = WPA_TKIPAES_WPA2_TKIPAES;
1908
1909 rsnielen_cur_p = NULL;
1910 rsnielen_ex_cur_p = NULL;
1911
1912 {
1913#ifdef CONFIG_STA_SUPPORT
1914 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
1915 {
1916#ifdef WPA_SUPPLICANT_SUPPORT
1917 if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
1918 {
1919 if (AuthMode < Ndis802_11AuthModeWPA)
1920 return;
1921 }
1922 else
1923#endif
1924 {
1925
1926
1927 if ((AuthMode != Ndis802_11AuthModeWPAPSK) &&
1928 (AuthMode != Ndis802_11AuthModeWPA2PSK) &&
1929 (AuthMode != Ndis802_11AuthModeWPANone)
1930 )
1931 return;
1932 }
1933
1934 DBGPRINT(RT_DEBUG_TRACE,("==> RTMPMakeRSNIE(STA)\n"));
1935
1936
1937 pAd->StaCfg.RSNIE_Len = 0;
1938 NdisZeroMemory(pAd->StaCfg.RSN_IE, MAX_LEN_OF_RSNIE);
1939
1940
1941 rsnielen_cur_p = &pAd->StaCfg.RSNIE_Len;
1942 pRsnIe = pAd->StaCfg.RSN_IE;
1943
1944 bMixCipher = pAd->StaCfg.bMixCipher;
1945 }
1946#endif
1947 }
1948
1949
1950 if ((AuthMode == Ndis802_11AuthModeWPA) ||
1951 (AuthMode == Ndis802_11AuthModeWPAPSK) ||
1952 (AuthMode == Ndis802_11AuthModeWPANone) ||
1953 (AuthMode == Ndis802_11AuthModeWPA1WPA2) ||
1954 (AuthMode == Ndis802_11AuthModeWPA1PSKWPA2PSK))
1955 PrimaryRsnie = WpaIe;
1956 else
1957 PrimaryRsnie = Wpa2Ie;
1958
1959 {
1960
1961
1962 RTMPMakeRsnIeCipher(pAd, PrimaryRsnie, WepStatus, bMixCipher, FlexibleCipher, pRsnIe, &p_offset);
1963
1964
1965 RTMPMakeRsnIeAKM(pAd, PrimaryRsnie, AuthMode, apidx, pRsnIe, &p_offset);
1966
1967
1968 RTMPMakeRsnIeCap(pAd, PrimaryRsnie, apidx, pRsnIe, &p_offset);
1969 }
1970
1971
1972 *rsnielen_cur_p = p_offset;
1973
1974 hex_dump("The primary RSNIE", pRsnIe, (*rsnielen_cur_p));
1975
1976
1977}
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996BOOLEAN RTMPCheckWPAframe(
1997 IN PRTMP_ADAPTER pAd,
1998 IN PMAC_TABLE_ENTRY pEntry,
1999 IN PUCHAR pData,
2000 IN ULONG DataByteCount,
2001 IN UCHAR FromWhichBSSID)
2002{
2003 ULONG Body_len;
2004 BOOLEAN Cancelled;
2005
2006
2007 if(DataByteCount < (LENGTH_802_1_H + LENGTH_EAPOL_H))
2008 return FALSE;
2009
2010
2011
2012 if (NdisEqualMemory(SNAP_802_1H, pData, 6) ||
2013
2014 NdisEqualMemory(SNAP_BRIDGE_TUNNEL, pData, 6))
2015 {
2016 pData += 6;
2017 }
2018
2019 if (NdisEqualMemory(EAPOL, pData, 2))
2020
2021 {
2022 pData += 2;
2023 }
2024 else
2025 return FALSE;
2026
2027 switch (*(pData+1))
2028 {
2029 case EAPPacket:
2030 Body_len = (*(pData+2)<<8) | (*(pData+3));
2031 DBGPRINT(RT_DEBUG_TRACE, ("Receive EAP-Packet frame, TYPE = 0, Length = %ld\n", Body_len));
2032 break;
2033 case EAPOLStart:
2034 DBGPRINT(RT_DEBUG_TRACE, ("Receive EAPOL-Start frame, TYPE = 1 \n"));
2035 if (pEntry->EnqueueEapolStartTimerRunning != EAPOL_START_DISABLE)
2036 {
2037 DBGPRINT(RT_DEBUG_TRACE, ("Cancel the EnqueueEapolStartTimerRunning \n"));
2038 RTMPCancelTimer(&pEntry->EnqueueStartForPSKTimer, &Cancelled);
2039 pEntry->EnqueueEapolStartTimerRunning = EAPOL_START_DISABLE;
2040 }
2041 break;
2042 case EAPOLLogoff:
2043 DBGPRINT(RT_DEBUG_TRACE, ("Receive EAPOLLogoff frame, TYPE = 2 \n"));
2044 break;
2045 case EAPOLKey:
2046 Body_len = (*(pData+2)<<8) | (*(pData+3));
2047 DBGPRINT(RT_DEBUG_TRACE, ("Receive EAPOL-Key frame, TYPE = 3, Length = %ld\n", Body_len));
2048 break;
2049 case EAPOLASFAlert:
2050 DBGPRINT(RT_DEBUG_TRACE, ("Receive EAPOLASFAlert frame, TYPE = 4 \n"));
2051 break;
2052 default:
2053 return FALSE;
2054
2055 }
2056 return TRUE;
2057}
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077PSTRING GetEapolMsgType(CHAR msg)
2078{
2079 if(msg == EAPOL_PAIR_MSG_1)
2080 return "Pairwise Message 1";
2081 else if(msg == EAPOL_PAIR_MSG_2)
2082 return "Pairwise Message 2";
2083 else if(msg == EAPOL_PAIR_MSG_3)
2084 return "Pairwise Message 3";
2085 else if(msg == EAPOL_PAIR_MSG_4)
2086 return "Pairwise Message 4";
2087 else if(msg == EAPOL_GROUP_MSG_1)
2088 return "Group Message 1";
2089 else if(msg == EAPOL_GROUP_MSG_2)
2090 return "Group Message 2";
2091 else
2092 return "Invalid Message";
2093}
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109BOOLEAN RTMPCheckRSNIE(
2110 IN PRTMP_ADAPTER pAd,
2111 IN PUCHAR pData,
2112 IN UCHAR DataLen,
2113 IN MAC_TABLE_ENTRY *pEntry,
2114 OUT UCHAR *Offset)
2115{
2116 PUCHAR pVIE;
2117 UCHAR len;
2118 PEID_STRUCT pEid;
2119 BOOLEAN result = FALSE;
2120
2121 pVIE = pData;
2122 len = DataLen;
2123 *Offset = 0;
2124
2125 while (len > sizeof(RSNIE2))
2126 {
2127 pEid = (PEID_STRUCT) pVIE;
2128
2129 if ((pEid->Eid == IE_WPA) && (NdisEqualMemory(pEid->Octet, WPA_OUI, 4)))
2130 {
2131 if ((pEntry->AuthMode == Ndis802_11AuthModeWPA || pEntry->AuthMode == Ndis802_11AuthModeWPAPSK) &&
2132 (NdisEqualMemory(pVIE, pEntry->RSN_IE, pEntry->RSNIE_Len)) &&
2133 (pEntry->RSNIE_Len == (pEid->Len + 2)))
2134 {
2135 result = TRUE;
2136 }
2137
2138 *Offset += (pEid->Len + 2);
2139 }
2140
2141 else if ((pEid->Eid == IE_RSN) && (NdisEqualMemory(pEid->Octet + 2, RSN_OUI, 3)))
2142 {
2143 if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2 || pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK) &&
2144 (pEid->Eid == pEntry->RSN_IE[0]) &&
2145 ((pEid->Len + 2) >= pEntry->RSNIE_Len) &&
2146 (NdisEqualMemory(pEid->Octet, &pEntry->RSN_IE[2], pEntry->RSNIE_Len - 2)))
2147 {
2148
2149 result = TRUE;
2150 }
2151
2152 *Offset += (pEid->Len + 2);
2153 }
2154 else
2155 {
2156 break;
2157 }
2158
2159 pVIE += (pEid->Len + 2);
2160 len -= (pEid->Len + 2);
2161 }
2162
2163
2164 return result;
2165
2166}
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185BOOLEAN RTMPParseEapolKeyData(
2186 IN PRTMP_ADAPTER pAd,
2187 IN PUCHAR pKeyData,
2188 IN UCHAR KeyDataLen,
2189 IN UCHAR GroupKeyIndex,
2190 IN UCHAR MsgType,
2191 IN BOOLEAN bWPA2,
2192 IN MAC_TABLE_ENTRY *pEntry)
2193{
2194 PKDE_ENCAP pKDE = NULL;
2195 PUCHAR pMyKeyData = pKeyData;
2196 UCHAR KeyDataLength = KeyDataLen;
2197 UCHAR GTKLEN = 0;
2198 UCHAR DefaultIdx = 0;
2199 UCHAR skip_offset;
2200
2201
2202 if (MsgType == EAPOL_PAIR_MSG_2 || MsgType == EAPOL_PAIR_MSG_3)
2203 {
2204
2205 if (!RTMPCheckRSNIE(pAd, pKeyData, KeyDataLen, pEntry, &skip_offset))
2206 {
2207
2208 if (pAd->CommonCfg.bWirelessEvent)
2209 RTMPSendWirelessEvent(pAd, IW_RSNIE_DIFF_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
2210
2211 DBGPRINT(RT_DEBUG_ERROR, ("RSN_IE Different in msg %d of 4-way handshake!\n", MsgType));
2212 hex_dump("Receive RSN_IE ", pKeyData, KeyDataLen);
2213 hex_dump("Desired RSN_IE ", pEntry->RSN_IE, pEntry->RSNIE_Len);
2214
2215 return FALSE;
2216 }
2217 else
2218 {
2219 if (bWPA2 && MsgType == EAPOL_PAIR_MSG_3)
2220 {
2221 WpaShowAllsuite(pMyKeyData, skip_offset);
2222
2223
2224 pMyKeyData += skip_offset;
2225 KeyDataLength -= skip_offset;
2226 DBGPRINT(RT_DEBUG_TRACE, ("RTMPParseEapolKeyData ==> WPA2/WPA2PSK RSN IE matched in Msg 3, Length(%d) \n", skip_offset));
2227 }
2228 else
2229 return TRUE;
2230 }
2231 }
2232
2233 DBGPRINT(RT_DEBUG_TRACE,("RTMPParseEapolKeyData ==> KeyDataLength %d without RSN_IE \n", KeyDataLength));
2234
2235
2236
2237
2238 if (bWPA2 && (MsgType == EAPOL_PAIR_MSG_3 || MsgType == EAPOL_GROUP_MSG_1))
2239 {
2240 if (KeyDataLength >= 8)
2241 {
2242 pKDE = (PKDE_ENCAP) pMyKeyData;
2243
2244
2245 DefaultIdx = pKDE->GTKEncap.Kid;
2246
2247
2248 if (KeyDataLength < (pKDE->Len + 2))
2249 {
2250 DBGPRINT(RT_DEBUG_ERROR, ("ERROR: The len from KDE is too short \n"));
2251 return FALSE;
2252 }
2253
2254
2255 GTKLEN = pKDE->Len -6;
2256 if (GTKLEN < LEN_AES_KEY)
2257 {
2258 DBGPRINT(RT_DEBUG_ERROR, ("ERROR: GTK Key length is too short (%d) \n", GTKLEN));
2259 return FALSE;
2260 }
2261
2262 }
2263 else
2264 {
2265 DBGPRINT(RT_DEBUG_ERROR, ("ERROR: KDE format length is too short \n"));
2266 return FALSE;
2267 }
2268
2269 DBGPRINT(RT_DEBUG_TRACE, ("GTK in KDE format ,DefaultKeyID=%d, KeyLen=%d \n", DefaultIdx, GTKLEN));
2270
2271 pMyKeyData += 8;
2272 KeyDataLength -= 8;
2273
2274 }
2275 else if (!bWPA2 && MsgType == EAPOL_GROUP_MSG_1)
2276 {
2277 DefaultIdx = GroupKeyIndex;
2278 DBGPRINT(RT_DEBUG_TRACE, ("GTK DefaultKeyID=%d \n", DefaultIdx));
2279 }
2280
2281
2282 if (DefaultIdx < 1 || DefaultIdx > 3)
2283 {
2284 DBGPRINT(RT_DEBUG_ERROR, ("ERROR: GTK Key index(%d) is invalid in %s %s \n", DefaultIdx, ((bWPA2) ? "WPA2" : "WPA"), GetEapolMsgType(MsgType)));
2285 return FALSE;
2286 }
2287
2288
2289#ifdef CONFIG_STA_SUPPORT
2290 IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
2291 {
2292 PCIPHER_KEY pSharedKey;
2293
2294
2295 NdisMoveMemory(pAd->StaCfg.GTK, pMyKeyData, 32);
2296 pAd->StaCfg.DefaultKeyId = DefaultIdx;
2297
2298 pSharedKey = &pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId];
2299
2300
2301 NdisZeroMemory(pSharedKey, sizeof(CIPHER_KEY));
2302 pSharedKey->KeyLen = LEN_TKIP_EK;
2303 NdisMoveMemory(pSharedKey->Key, pAd->StaCfg.GTK, LEN_TKIP_EK);
2304 NdisMoveMemory(pSharedKey->RxMic, &pAd->StaCfg.GTK[16], LEN_TKIP_RXMICK);
2305 NdisMoveMemory(pSharedKey->TxMic, &pAd->StaCfg.GTK[24], LEN_TKIP_TXMICK);
2306
2307
2308 pSharedKey->CipherAlg = CIPHER_NONE;
2309 if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption2Enabled)
2310 pSharedKey->CipherAlg = CIPHER_TKIP;
2311 else if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption3Enabled)
2312 pSharedKey->CipherAlg = CIPHER_AES;
2313 else if (pAd->StaCfg.GroupCipher == Ndis802_11GroupWEP40Enabled)
2314 pSharedKey->CipherAlg = CIPHER_WEP64;
2315 else if (pAd->StaCfg.GroupCipher == Ndis802_11GroupWEP104Enabled)
2316 pSharedKey->CipherAlg = CIPHER_WEP128;
2317
2318
2319
2320 AsicAddSharedKeyEntry(pAd,
2321 BSS0,
2322 pAd->StaCfg.DefaultKeyId,
2323 pSharedKey->CipherAlg,
2324 pSharedKey->Key,
2325 pSharedKey->TxMic,
2326 pSharedKey->RxMic);
2327
2328
2329 RTMPAddWcidAttributeEntry(pAd,
2330 BSS0,
2331 pAd->StaCfg.DefaultKeyId,
2332 pSharedKey->CipherAlg,
2333 NULL);
2334 }
2335#endif
2336
2337 return TRUE;
2338
2339}
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390VOID ConstructEapolMsg(
2391 IN PMAC_TABLE_ENTRY pEntry,
2392 IN UCHAR GroupKeyWepStatus,
2393 IN UCHAR MsgType,
2394 IN UCHAR DefaultKeyIdx,
2395 IN UCHAR *KeyNonce,
2396 IN UCHAR *TxRSC,
2397 IN UCHAR *GTK,
2398 IN UCHAR *RSNIE,
2399 IN UCHAR RSNIE_Len,
2400 OUT PEAPOL_PACKET pMsg)
2401{
2402 BOOLEAN bWPA2 = FALSE;
2403 UCHAR KeyDescVer;
2404
2405
2406 if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) ||
2407 (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK))
2408 bWPA2 = TRUE;
2409
2410
2411 pMsg->ProVer = EAPOL_VER;
2412 pMsg->ProType = EAPOLKey;
2413
2414
2415 SET_UINT16_TO_ARRARY(pMsg->Body_Len, LEN_EAPOL_KEY_MSG);
2416
2417
2418 if (bWPA2)
2419 pMsg->KeyDesc.Type = WPA2_KEY_DESC;
2420 else
2421 pMsg->KeyDesc.Type = WPA1_KEY_DESC;
2422
2423
2424 {
2425
2426
2427 KeyDescVer = (((pEntry->WepStatus == Ndis802_11Encryption3Enabled) ||
2428 (GroupKeyWepStatus == Ndis802_11Encryption3Enabled)) ? (DESC_TYPE_AES) : (DESC_TYPE_TKIP));
2429 }
2430
2431 pMsg->KeyDesc.KeyInfo.KeyDescVer = KeyDescVer;
2432
2433
2434 if (MsgType >= EAPOL_GROUP_MSG_1)
2435 pMsg->KeyDesc.KeyInfo.KeyType = GROUPKEY;
2436 else
2437 pMsg->KeyDesc.KeyInfo.KeyType = PAIRWISEKEY;
2438
2439
2440 if (!bWPA2 && (MsgType >= EAPOL_GROUP_MSG_1))
2441 pMsg->KeyDesc.KeyInfo.KeyIndex = DefaultKeyIdx;
2442
2443 if (MsgType == EAPOL_PAIR_MSG_3)
2444 pMsg->KeyDesc.KeyInfo.Install = 1;
2445
2446 if ((MsgType == EAPOL_PAIR_MSG_1) || (MsgType == EAPOL_PAIR_MSG_3) || (MsgType == EAPOL_GROUP_MSG_1))
2447 pMsg->KeyDesc.KeyInfo.KeyAck = 1;
2448
2449 if (MsgType != EAPOL_PAIR_MSG_1)
2450 pMsg->KeyDesc.KeyInfo.KeyMic = 1;
2451
2452 if ((bWPA2 && (MsgType >= EAPOL_PAIR_MSG_3)) ||
2453 (!bWPA2 && (MsgType >= EAPOL_GROUP_MSG_1)))
2454 {
2455 pMsg->KeyDesc.KeyInfo.Secure = 1;
2456 }
2457
2458 if (bWPA2 && ((MsgType == EAPOL_PAIR_MSG_3) ||
2459 (MsgType == EAPOL_GROUP_MSG_1)))
2460 {
2461 pMsg->KeyDesc.KeyInfo.EKD_DL = 1;
2462 }
2463
2464
2465 *(USHORT *)(&pMsg->KeyDesc.KeyInfo) = cpu2le16(*(USHORT *)(&pMsg->KeyDesc.KeyInfo));
2466
2467
2468 {
2469 if (MsgType >= EAPOL_GROUP_MSG_1)
2470 {
2471
2472 pMsg->KeyDesc.KeyLength[1] = ((GroupKeyWepStatus == Ndis802_11Encryption2Enabled) ? TKIP_GTK_LENGTH : LEN_AES_KEY);
2473 }
2474 else
2475 {
2476
2477 pMsg->KeyDesc.KeyLength[1] = ((pEntry->WepStatus == Ndis802_11Encryption2Enabled) ? LEN_TKIP_KEY : LEN_AES_KEY);
2478 }
2479 }
2480
2481
2482 NdisMoveMemory(pMsg->KeyDesc.ReplayCounter, pEntry->R_Counter, LEN_KEY_DESC_REPLAY);
2483
2484
2485
2486
2487
2488 if ((MsgType <= EAPOL_PAIR_MSG_3) || ((!bWPA2 && (MsgType == EAPOL_GROUP_MSG_1))))
2489 NdisMoveMemory(pMsg->KeyDesc.KeyNonce, KeyNonce, LEN_KEY_DESC_NONCE);
2490
2491
2492 if (!bWPA2 && (MsgType == EAPOL_GROUP_MSG_1))
2493 {
2494
2495 NdisMoveMemory(pMsg->KeyDesc.KeyIv, &KeyNonce[16], LEN_KEY_DESC_IV);
2496 pMsg->KeyDesc.KeyIv[15] += 2;
2497 }
2498
2499
2500
2501 if ((MsgType == EAPOL_PAIR_MSG_3 && bWPA2) || (MsgType == EAPOL_GROUP_MSG_1))
2502 {
2503 NdisMoveMemory(pMsg->KeyDesc.KeyRsc, TxRSC, 6);
2504 }
2505
2506
2507 NdisZeroMemory(pMsg->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
2508
2509 ConstructEapolKeyData(pEntry,
2510 GroupKeyWepStatus,
2511 KeyDescVer,
2512 MsgType,
2513 DefaultKeyIdx,
2514 GTK,
2515 RSNIE,
2516 RSNIE_Len,
2517 pMsg);
2518
2519
2520 if (MsgType != EAPOL_PAIR_MSG_1)
2521 {
2522 CalculateMIC(KeyDescVer, pEntry->PTK, pMsg);
2523 }
2524
2525 DBGPRINT(RT_DEBUG_TRACE, ("===> ConstructEapolMsg for %s %s\n", ((bWPA2) ? "WPA2" : "WPA"), GetEapolMsgType(MsgType)));
2526 DBGPRINT(RT_DEBUG_TRACE, (" Body length = %d \n", CONV_ARRARY_TO_UINT16(pMsg->Body_Len)));
2527 DBGPRINT(RT_DEBUG_TRACE, (" Key length = %d \n", CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyLength)));
2528
2529
2530}
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549VOID ConstructEapolKeyData(
2550 IN PMAC_TABLE_ENTRY pEntry,
2551 IN UCHAR GroupKeyWepStatus,
2552 IN UCHAR keyDescVer,
2553 IN UCHAR MsgType,
2554 IN UCHAR DefaultKeyIdx,
2555 IN UCHAR *GTK,
2556 IN UCHAR *RSNIE,
2557 IN UCHAR RSNIE_LEN,
2558 OUT PEAPOL_PACKET pMsg)
2559{
2560 UCHAR *mpool, *Key_Data, *Rc4GTK;
2561 UCHAR ekey[(LEN_KEY_DESC_IV+LEN_EAP_EK)];
2562 ULONG data_offset;
2563 BOOLEAN bWPA2Capable = FALSE;
2564 PRTMP_ADAPTER pAd = pEntry->pAd;
2565 BOOLEAN GTK_Included = FALSE;
2566
2567
2568 if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) ||
2569 (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK))
2570 bWPA2Capable = TRUE;
2571
2572 if (MsgType == EAPOL_PAIR_MSG_1 ||
2573 MsgType == EAPOL_PAIR_MSG_4 ||
2574 MsgType == EAPOL_GROUP_MSG_2)
2575 return;
2576
2577
2578 os_alloc_mem(NULL, (PUCHAR *)&mpool, 1500);
2579
2580 if (mpool == NULL)
2581 return;
2582
2583
2584 Rc4GTK = (UCHAR *) ROUND_UP(mpool, 4);
2585
2586 Key_Data = (UCHAR *) ROUND_UP(Rc4GTK + 512, 4);
2587
2588 NdisZeroMemory(Key_Data, 512);
2589 SET_UINT16_TO_ARRARY(pMsg->KeyDesc.KeyDataLen, 0);
2590 data_offset = 0;
2591
2592
2593 if (RSNIE_LEN && ((MsgType == EAPOL_PAIR_MSG_2) || (MsgType == EAPOL_PAIR_MSG_3)))
2594 {
2595 PUINT8 pmkid_ptr = NULL;
2596 UINT8 pmkid_len = 0;
2597
2598
2599 RTMPInsertRSNIE(&Key_Data[data_offset],
2600 (PULONG)&data_offset,
2601 RSNIE,
2602 RSNIE_LEN,
2603 pmkid_ptr,
2604 pmkid_len);
2605 }
2606
2607
2608
2609 if (bWPA2Capable && ((MsgType == EAPOL_PAIR_MSG_3) || (MsgType == EAPOL_GROUP_MSG_1)))
2610 {
2611
2612 Key_Data[data_offset + 0] = 0xDD;
2613
2614 if (GroupKeyWepStatus == Ndis802_11Encryption3Enabled)
2615 {
2616 Key_Data[data_offset + 1] = 0x16;
2617 }
2618 else
2619 {
2620 Key_Data[data_offset + 1] = 0x26;
2621 }
2622
2623 Key_Data[data_offset + 2] = 0x00;
2624 Key_Data[data_offset + 3] = 0x0F;
2625 Key_Data[data_offset + 4] = 0xAC;
2626 Key_Data[data_offset + 5] = 0x01;
2627
2628
2629 Key_Data[data_offset + 6] = (DefaultKeyIdx & 0x03);
2630 Key_Data[data_offset + 7] = 0x00;
2631
2632 data_offset += 8;
2633 }
2634
2635
2636
2637
2638 if ((MsgType == EAPOL_PAIR_MSG_3 && bWPA2Capable) || (MsgType == EAPOL_GROUP_MSG_1))
2639 {
2640
2641 if (GroupKeyWepStatus == Ndis802_11Encryption3Enabled)
2642 {
2643 NdisMoveMemory(&Key_Data[data_offset], GTK, LEN_AES_KEY);
2644 data_offset += LEN_AES_KEY;
2645 }
2646 else
2647 {
2648 NdisMoveMemory(&Key_Data[data_offset], GTK, TKIP_GTK_LENGTH);
2649 data_offset += TKIP_GTK_LENGTH;
2650 }
2651
2652 GTK_Included = TRUE;
2653 }
2654
2655
2656
2657
2658 if (GTK_Included)
2659 {
2660
2661
2662 if (
2663 (keyDescVer == DESC_TYPE_AES))
2664 {
2665 UCHAR remainder = 0;
2666 UCHAR pad_len = 0;
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676 if ((remainder = data_offset & 0x07) != 0)
2677 {
2678 INT i;
2679
2680 pad_len = (8 - remainder);
2681 Key_Data[data_offset] = 0xDD;
2682 for (i = 1; i < pad_len; i++)
2683 Key_Data[data_offset + i] = 0;
2684
2685 data_offset += pad_len;
2686 }
2687
2688 AES_GTK_KEY_WRAP(&pEntry->PTK[16], Key_Data, data_offset, Rc4GTK);
2689
2690 data_offset += 8;
2691 }
2692 else
2693 {
2694
2695
2696
2697
2698
2699 pAd->PrivateInfo.FCSCRC32 = PPPINITFCS32;
2700
2701
2702 NdisMoveMemory(ekey, pMsg->KeyDesc.KeyIv, LEN_KEY_DESC_IV);
2703 NdisMoveMemory(&ekey[LEN_KEY_DESC_IV], &pEntry->PTK[16], LEN_EAP_EK);
2704 ARCFOUR_INIT(&pAd->PrivateInfo.WEPCONTEXT, ekey, sizeof(ekey));
2705 pAd->PrivateInfo.FCSCRC32 = RTMP_CALC_FCS32(pAd->PrivateInfo.FCSCRC32, Key_Data, data_offset);
2706 WPAARCFOUR_ENCRYPT(&pAd->PrivateInfo.WEPCONTEXT, Rc4GTK, Key_Data, data_offset);
2707 }
2708
2709 NdisMoveMemory(pMsg->KeyDesc.KeyData, Rc4GTK, data_offset);
2710 }
2711 else
2712 {
2713 NdisMoveMemory(pMsg->KeyDesc.KeyData, Key_Data, data_offset);
2714 }
2715
2716
2717 SET_UINT16_TO_ARRARY(pMsg->KeyDesc.KeyDataLen, data_offset);
2718 INC_UINT16_TO_ARRARY(pMsg->Body_Len, data_offset);
2719
2720 os_free_mem(NULL, mpool);
2721
2722}
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740static VOID CalculateMIC(
2741 IN UCHAR KeyDescVer,
2742 IN UCHAR *PTK,
2743 OUT PEAPOL_PACKET pMsg)
2744{
2745 UCHAR *OutBuffer;
2746 ULONG FrameLen = 0;
2747 UCHAR mic[LEN_KEY_DESC_MIC];
2748 UCHAR digest[80];
2749
2750
2751 os_alloc_mem(NULL, (PUCHAR *)&OutBuffer, 512);
2752
2753 if (OutBuffer == NULL)
2754 {
2755 DBGPRINT(RT_DEBUG_ERROR, ("!!!CalculateMIC: no memory!!!\n"));
2756 return;
2757 }
2758
2759
2760 MakeOutgoingFrame(OutBuffer, &FrameLen,
2761 CONV_ARRARY_TO_UINT16(pMsg->Body_Len) + 4, pMsg,
2762 END_OF_ARGS);
2763
2764 NdisZeroMemory(mic, sizeof(mic));
2765
2766
2767 if (KeyDescVer == DESC_TYPE_AES)
2768 {
2769 HMAC_SHA1(PTK, LEN_EAP_MICK, OutBuffer, FrameLen, digest, SHA1_DIGEST_SIZE);
2770 NdisMoveMemory(mic, digest, LEN_KEY_DESC_MIC);
2771 }
2772 else
2773 {
2774 HMAC_MD5(PTK, LEN_EAP_MICK, OutBuffer, FrameLen, mic, MD5_DIGEST_SIZE);
2775 }
2776
2777
2778 NdisMoveMemory(pMsg->KeyDesc.KeyMic, mic, LEN_KEY_DESC_MIC);
2779
2780 os_free_mem(NULL, OutBuffer);
2781}
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799NDIS_STATUS RTMPSoftDecryptBroadCastData(
2800 IN PRTMP_ADAPTER pAd,
2801 IN RX_BLK *pRxBlk,
2802 IN NDIS_802_11_ENCRYPTION_STATUS GroupCipher,
2803 IN PCIPHER_KEY pShard_key)
2804{
2805 PRXWI_STRUC pRxWI = pRxBlk->pRxWI;
2806
2807
2808
2809
2810 if (GroupCipher == Ndis802_11Encryption1Enabled)
2811 {
2812 if (RTMPSoftDecryptWEP(pAd, pRxBlk->pData, pRxWI->MPDUtotalByteCount, pShard_key))
2813 {
2814
2815
2816 pRxWI->MPDUtotalByteCount -= 8;
2817 }
2818 else
2819 {
2820 DBGPRINT(RT_DEBUG_ERROR, ("ERROR : Software decrypt WEP data fails.\n"));
2821
2822 return NDIS_STATUS_FAILURE;
2823 }
2824 }
2825
2826 else if (GroupCipher == Ndis802_11Encryption2Enabled)
2827 {
2828 if (RTMPSoftDecryptTKIP(pAd, pRxBlk->pData, pRxWI->MPDUtotalByteCount, 0, pShard_key))
2829 {
2830
2831
2832 pRxWI->MPDUtotalByteCount -= 20;
2833 }
2834 else
2835 {
2836 DBGPRINT(RT_DEBUG_ERROR, ("ERROR : RTMPSoftDecryptTKIP Failed\n"));
2837
2838 return NDIS_STATUS_FAILURE;
2839 }
2840 }
2841
2842 else if (GroupCipher == Ndis802_11Encryption3Enabled)
2843 {
2844 if (RTMPSoftDecryptAES(pAd, pRxBlk->pData, pRxWI->MPDUtotalByteCount , pShard_key))
2845 {
2846
2847
2848 pRxWI->MPDUtotalByteCount -= 16;
2849 }
2850 else
2851 {
2852 DBGPRINT(RT_DEBUG_ERROR, ("ERROR : RTMPSoftDecryptAES Failed\n"));
2853
2854 return NDIS_STATUS_FAILURE;
2855 }
2856 }
2857 else
2858 {
2859
2860 return NDIS_STATUS_FAILURE;
2861 }
2862
2863 return NDIS_STATUS_SUCCESS;
2864
2865}
2866
2867
2868PUINT8 GetSuiteFromRSNIE(
2869 IN PUINT8 rsnie,
2870 IN UINT rsnie_len,
2871 IN UINT8 type,
2872 OUT UINT8 *count)
2873{
2874 PEID_STRUCT pEid;
2875 INT len;
2876 PUINT8 pBuf;
2877 INT offset = 0;
2878 PRSNIE_AUTH pAkm;
2879 UINT16 acount;
2880 BOOLEAN isWPA2 = FALSE;
2881
2882 pEid = (PEID_STRUCT)rsnie;
2883 len = rsnie_len - 2;
2884 pBuf = (PUINT8)&pEid->Octet[0];
2885
2886
2887
2888
2889 *count = 0;
2890
2891
2892 if ((len <= 0) || (pEid->Len != len))
2893 {
2894 DBGPRINT_ERR(("%s : The length is invalid\n", __FUNCTION__));
2895 return NULL;
2896 }
2897
2898
2899 if (pEid->Eid == IE_WPA)
2900 {
2901 PRSNIE pRsnie = (PRSNIE)pBuf;
2902 UINT16 ucount;
2903
2904 if (len < sizeof(RSNIE))
2905 {
2906 DBGPRINT_ERR(("%s : The length is too short for WPA\n", __FUNCTION__));
2907 return NULL;
2908 }
2909
2910
2911 ucount = cpu2le16(pRsnie->ucount);
2912 if (ucount > 2)
2913 {
2914 DBGPRINT_ERR(("%s : The count(%d) of pairwise cipher is invlaid\n",
2915 __FUNCTION__, ucount));
2916 return NULL;
2917 }
2918
2919
2920 if (type == GROUP_SUITE)
2921 {
2922 *count = 1;
2923 return pRsnie->mcast;
2924 }
2925
2926 else if (type == PAIRWISE_SUITE)
2927 {
2928 DBGPRINT(RT_DEBUG_TRACE, ("%s : The count of pairwise cipher is %d\n",
2929 __FUNCTION__, ucount));
2930 *count = ucount;
2931 return pRsnie->ucast[0].oui;
2932 }
2933
2934 offset = sizeof(RSNIE) + (4 * (ucount - 1));
2935
2936 }
2937 else if (pEid->Eid == IE_RSN)
2938 {
2939 PRSNIE2 pRsnie = (PRSNIE2)pBuf;
2940 UINT16 ucount;
2941
2942 isWPA2 = TRUE;
2943
2944 if (len < sizeof(RSNIE2))
2945 {
2946 DBGPRINT_ERR(("%s : The length is too short for WPA2\n", __FUNCTION__));
2947 return NULL;
2948 }
2949
2950
2951 ucount = cpu2le16(pRsnie->ucount);
2952 if (ucount > 2)
2953 {
2954 DBGPRINT_ERR(("%s : The count(%d) of pairwise cipher is invlaid\n",
2955 __FUNCTION__, ucount));
2956 return NULL;
2957 }
2958
2959
2960 if (type == GROUP_SUITE)
2961 {
2962 *count = 1;
2963 return pRsnie->mcast;
2964 }
2965
2966 else if (type == PAIRWISE_SUITE)
2967 {
2968 DBGPRINT(RT_DEBUG_TRACE, ("%s : The count of pairwise cipher is %d\n",
2969 __FUNCTION__, ucount));
2970 *count = ucount;
2971 return pRsnie->ucast[0].oui;
2972 }
2973
2974 offset = sizeof(RSNIE2) + (4 * (ucount - 1));
2975
2976 }
2977 else
2978 {
2979 DBGPRINT_ERR(("%s : Unknown IE (%d)\n", __FUNCTION__, pEid->Eid));
2980 return NULL;
2981 }
2982
2983
2984 pBuf += offset;
2985 len -= offset;
2986
2987 if (len < sizeof(RSNIE_AUTH))
2988 {
2989 DBGPRINT_ERR(("%s : The length of RSNIE is too short\n", __FUNCTION__));
2990 return NULL;
2991 }
2992
2993
2994 pAkm = (PRSNIE_AUTH)pBuf;
2995
2996
2997 acount = cpu2le16(pAkm->acount);
2998 if (acount > 2)
2999 {
3000 DBGPRINT_ERR(("%s : The count(%d) of AKM is invlaid\n",
3001 __FUNCTION__, acount));
3002 return NULL;
3003 }
3004
3005
3006 if (type == AKM_SUITE)
3007 {
3008 DBGPRINT(RT_DEBUG_TRACE, ("%s : The count of AKM is %d\n",
3009 __FUNCTION__, acount));
3010 *count = acount;
3011 return pAkm->auth[0].oui;
3012 }
3013 offset = sizeof(RSNIE_AUTH) + (4 * (acount - 1));
3014
3015 pBuf += offset;
3016 len -= offset;
3017
3018
3019 if (len >= (sizeof(RSN_CAPABILITIES) + 2 + LEN_PMKID))
3020 {
3021
3022 pBuf += (sizeof(RSN_CAPABILITIES) + 2);
3023 len -= (sizeof(RSN_CAPABILITIES) + 2);
3024
3025
3026 if (type == PMKID_LIST)
3027 {
3028 *count = 1;
3029 return pBuf;
3030 }
3031 }
3032 else
3033 {
3034 DBGPRINT_ERR(("%s : it can't get any more information beyond AKM \n", __FUNCTION__));
3035 return NULL;
3036 }
3037
3038 *count = 0;
3039
3040 return NULL;
3041
3042}
3043
3044VOID WpaShowAllsuite(
3045 IN PUINT8 rsnie,
3046 IN UINT rsnie_len)
3047{
3048 PUINT8 pSuite = NULL;
3049 UINT8 count;
3050
3051 hex_dump("RSNIE", rsnie, rsnie_len);
3052
3053
3054 if ((pSuite = GetSuiteFromRSNIE(rsnie, rsnie_len, GROUP_SUITE, &count)) != NULL)
3055 {
3056 hex_dump("group cipher", pSuite, 4*count);
3057 }
3058
3059
3060 if ((pSuite = GetSuiteFromRSNIE(rsnie, rsnie_len, PAIRWISE_SUITE, &count)) != NULL)
3061 {
3062 hex_dump("pairwise cipher", pSuite, 4*count);
3063 }
3064
3065
3066 if ((pSuite = GetSuiteFromRSNIE(rsnie, rsnie_len, AKM_SUITE, &count)) != NULL)
3067 {
3068 hex_dump("AKM suite", pSuite, 4*count);
3069 }
3070
3071
3072 if ((pSuite = GetSuiteFromRSNIE(rsnie, rsnie_len, PMKID_LIST, &count)) != NULL)
3073 {
3074 hex_dump("PMKID", pSuite, LEN_PMKID);
3075 }
3076
3077}
3078
3079VOID RTMPInsertRSNIE(
3080 IN PUCHAR pFrameBuf,
3081 OUT PULONG pFrameLen,
3082 IN PUINT8 rsnie_ptr,
3083 IN UINT8 rsnie_len,
3084 IN PUINT8 pmkid_ptr,
3085 IN UINT8 pmkid_len)
3086{
3087 PUCHAR pTmpBuf;
3088 ULONG TempLen = 0;
3089 UINT8 extra_len = 0;
3090 UINT16 pmk_count = 0;
3091 UCHAR ie_num;
3092 UINT8 total_len = 0;
3093 UCHAR WPA2_OUI[3]={0x00,0x0F,0xAC};
3094
3095 pTmpBuf = pFrameBuf;
3096
3097
3098 if (pmkid_len > 0 && ((pmkid_len & 0x0f) == 0))
3099 {
3100 extra_len = sizeof(UINT16) + pmkid_len;
3101
3102 pmk_count = (pmkid_len >> 4);
3103 pmk_count = cpu2le16(pmk_count);
3104 }
3105 else
3106 {
3107 DBGPRINT(RT_DEBUG_WARN, ("%s : The length is PMKID-List is invalid (%d), so don't insert it.\n",
3108 __FUNCTION__, pmkid_len));
3109 }
3110
3111 if (rsnie_len != 0)
3112 {
3113 ie_num = IE_WPA;
3114 total_len = rsnie_len;
3115
3116 if (NdisEqualMemory(rsnie_ptr + 2, WPA2_OUI, sizeof(WPA2_OUI)))
3117 {
3118 ie_num = IE_RSN;
3119 total_len += extra_len;
3120 }
3121
3122
3123 MakeOutgoingFrame(pTmpBuf, &TempLen,
3124 1, &ie_num,
3125 1, &total_len,
3126 rsnie_len, rsnie_ptr,
3127 END_OF_ARGS);
3128
3129 pTmpBuf += TempLen;
3130 *pFrameLen = *pFrameLen + TempLen;
3131
3132 if (ie_num == IE_RSN)
3133 {
3134
3135 if (extra_len > 0)
3136 {
3137 MakeOutgoingFrame(pTmpBuf, &TempLen,
3138 2, &pmk_count,
3139 pmkid_len, pmkid_ptr,
3140 END_OF_ARGS);
3141
3142 pTmpBuf += TempLen;
3143 *pFrameLen = *pFrameLen + TempLen;
3144 }
3145 }
3146 }
3147
3148 return;
3149}
3150