1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38#include "../rt_config.h"
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59void AuthStateMachineInit(struct rt_rtmp_adapter *pAd,
60 struct rt_state_machine *Sm, OUT STATE_MACHINE_FUNC Trans[])
61{
62 StateMachineInit(Sm, Trans, MAX_AUTH_STATE, MAX_AUTH_MSG,
63 (STATE_MACHINE_FUNC) Drop, AUTH_REQ_IDLE,
64 AUTH_MACHINE_BASE);
65
66
67 StateMachineSetAction(Sm, AUTH_REQ_IDLE, MT2_MLME_AUTH_REQ,
68 (STATE_MACHINE_FUNC) MlmeAuthReqAction);
69
70
71 StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_MLME_AUTH_REQ,
72 (STATE_MACHINE_FUNC) InvalidStateWhenAuth);
73 StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_PEER_AUTH_EVEN,
74 (STATE_MACHINE_FUNC) PeerAuthRspAtSeq2Action);
75 StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_AUTH_TIMEOUT,
76 (STATE_MACHINE_FUNC) AuthTimeoutAction);
77
78
79 StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_MLME_AUTH_REQ,
80 (STATE_MACHINE_FUNC) InvalidStateWhenAuth);
81 StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_PEER_AUTH_EVEN,
82 (STATE_MACHINE_FUNC) PeerAuthRspAtSeq4Action);
83 StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_AUTH_TIMEOUT,
84 (STATE_MACHINE_FUNC) AuthTimeoutAction);
85
86 RTMPInitTimer(pAd, &pAd->MlmeAux.AuthTimer,
87 GET_TIMER_FUNCTION(AuthTimeout), pAd, FALSE);
88}
89
90
91
92
93
94
95
96
97
98
99void AuthTimeout(void *SystemSpecific1,
100 void *FunctionContext,
101 void *SystemSpecific2, void *SystemSpecific3)
102{
103 struct rt_rtmp_adapter *pAd = (struct rt_rtmp_adapter *)FunctionContext;
104
105 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - AuthTimeout\n"));
106
107
108
109 if (RTMP_TEST_FLAG
110 (pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
111 return;
112
113
114 if (pAd->Mlme.AuthMachine.CurrState == AUTH_WAIT_SEQ2)
115 Cls2errAction(pAd, pAd->MlmeAux.Bssid);
116
117 MlmeEnqueue(pAd, AUTH_STATE_MACHINE, MT2_AUTH_TIMEOUT, 0, NULL);
118 RTMP_MLME_HANDLER(pAd);
119}
120
121
122
123
124
125
126
127
128
129void MlmeAuthReqAction(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
130{
131 if (AUTH_ReqSend
132 (pAd, Elem, &pAd->MlmeAux.AuthTimer, "AUTH", 1, NULL, 0))
133 pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ2;
134 else {
135 u16 Status;
136
137 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
138 Status = MLME_INVALID_FORMAT;
139 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2,
140 &Status);
141 }
142}
143
144
145
146
147
148
149
150
151
152void PeerAuthRspAtSeq2Action(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
153{
154 u8 Addr2[MAC_ADDR_LEN];
155 u16 Seq, Status, RemoteStatus, Alg;
156 u8 ChlgText[CIPHER_TEXT_LEN];
157 u8 CyperChlgText[CIPHER_TEXT_LEN + 8 + 8];
158 u8 Element[2];
159 struct rt_header_802_11 AuthHdr;
160 BOOLEAN TimerCancelled;
161 u8 *pOutBuffer = NULL;
162 int NStatus;
163 unsigned long FrameLen = 0;
164 u16 Status2;
165
166 if (PeerAuthSanity
167 (pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status,
168 (char *)ChlgText)) {
169 if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 2) {
170 DBGPRINT(RT_DEBUG_TRACE,
171 ("AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n",
172 Alg, Status));
173 RTMPCancelTimer(&pAd->MlmeAux.AuthTimer,
174 &TimerCancelled);
175
176 if (Status == MLME_SUCCESS) {
177
178 if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen) {
179 pAd->Mlme.AuthMachine.CurrState =
180 AUTH_REQ_IDLE;
181 MlmeEnqueue(pAd,
182 MLME_CNTL_STATE_MACHINE,
183 MT2_AUTH_CONF, 2, &Status);
184 } else {
185
186 Seq++;
187 RemoteStatus = MLME_SUCCESS;
188
189
190 NStatus =
191 MlmeAllocateMemory(pAd,
192 &pOutBuffer);
193 if (NStatus != NDIS_STATUS_SUCCESS) {
194 DBGPRINT(RT_DEBUG_TRACE,
195 ("AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n"));
196 pAd->Mlme.AuthMachine.
197 CurrState = AUTH_REQ_IDLE;
198 Status2 = MLME_FAIL_NO_RESOURCE;
199 MlmeEnqueue(pAd,
200 MLME_CNTL_STATE_MACHINE,
201 MT2_AUTH_CONF, 2,
202 &Status2);
203 return;
204 }
205
206 DBGPRINT(RT_DEBUG_TRACE,
207 ("AUTH - Send AUTH request seq#3...\n"));
208 MgtMacHeaderInit(pAd, &AuthHdr,
209 SUBTYPE_AUTH, 0, Addr2,
210 pAd->MlmeAux.Bssid);
211 AuthHdr.FC.Wep = 1;
212
213 RTMPInitWepEngine(pAd,
214 pAd->
215 SharedKey[BSS0][pAd->
216 StaCfg.
217 DefaultKeyId].
218 Key,
219 pAd->StaCfg.
220 DefaultKeyId,
221 pAd->
222 SharedKey[BSS0][pAd->
223 StaCfg.
224 DefaultKeyId].
225 KeyLen,
226 CyperChlgText);
227
228 Alg = cpu2le16(*(u16 *) & Alg);
229 Seq = cpu2le16(*(u16 *) & Seq);
230 RemoteStatus =
231 cpu2le16(*(u16 *) &
232 RemoteStatus);
233
234 RTMPEncryptData(pAd, (u8 *)& Alg,
235 CyperChlgText + 4, 2);
236 RTMPEncryptData(pAd, (u8 *)& Seq,
237 CyperChlgText + 6, 2);
238 RTMPEncryptData(pAd,
239 (u8 *)& RemoteStatus,
240 CyperChlgText + 8, 2);
241 Element[0] = 16;
242 Element[1] = 128;
243 RTMPEncryptData(pAd, Element,
244 CyperChlgText + 10, 2);
245 RTMPEncryptData(pAd, ChlgText,
246 CyperChlgText + 12,
247 128);
248 RTMPSetICV(pAd, CyperChlgText + 140);
249 MakeOutgoingFrame(pOutBuffer, &FrameLen,
250 sizeof(struct rt_header_802_11),
251 &AuthHdr,
252 CIPHER_TEXT_LEN + 16,
253 CyperChlgText,
254 END_OF_ARGS);
255 MiniportMMRequest(pAd, 0, pOutBuffer,
256 FrameLen);
257 MlmeFreeMemory(pAd, pOutBuffer);
258
259 RTMPSetTimer(&pAd->MlmeAux.AuthTimer,
260 AUTH_TIMEOUT);
261 pAd->Mlme.AuthMachine.CurrState =
262 AUTH_WAIT_SEQ4;
263 }
264 } else {
265 pAd->StaCfg.AuthFailReason = Status;
266 COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
267 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
268 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE,
269 MT2_AUTH_CONF, 2, &Status);
270 }
271 }
272 } else {
273 DBGPRINT(RT_DEBUG_TRACE,
274 ("AUTH - PeerAuthSanity() sanity check fail\n"));
275 }
276}
277
278
279
280
281
282
283
284
285
286void PeerAuthRspAtSeq4Action(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
287{
288 u8 Addr2[MAC_ADDR_LEN];
289 u16 Alg, Seq, Status;
290 char ChlgText[CIPHER_TEXT_LEN];
291 BOOLEAN TimerCancelled;
292
293 if (PeerAuthSanity
294 (pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status,
295 ChlgText)) {
296 if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 4) {
297 DBGPRINT(RT_DEBUG_TRACE,
298 ("AUTH - Receive AUTH_RSP seq#4 to me\n"));
299 RTMPCancelTimer(&pAd->MlmeAux.AuthTimer,
300 &TimerCancelled);
301
302 if (Status != MLME_SUCCESS) {
303 pAd->StaCfg.AuthFailReason = Status;
304 COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
305 }
306
307 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
308 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF,
309 2, &Status);
310 }
311 } else {
312 DBGPRINT(RT_DEBUG_TRACE,
313 ("AUTH - PeerAuthRspAtSeq4Action() sanity check fail\n"));
314 }
315}
316
317
318
319
320
321
322
323
324
325void MlmeDeauthReqAction(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
326{
327 struct rt_mlme_deauth_req *pInfo;
328 struct rt_header_802_11 DeauthHdr;
329 u8 *pOutBuffer = NULL;
330 int NStatus;
331 unsigned long FrameLen = 0;
332 u16 Status;
333
334 pInfo = (struct rt_mlme_deauth_req *)Elem->Msg;
335
336 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
337 if (NStatus != NDIS_STATUS_SUCCESS) {
338 DBGPRINT(RT_DEBUG_TRACE,
339 ("AUTH - MlmeDeauthReqAction() allocate memory fail\n"));
340 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
341 Status = MLME_FAIL_NO_RESOURCE;
342 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2,
343 &Status);
344 return;
345 }
346
347 DBGPRINT(RT_DEBUG_TRACE,
348 ("AUTH - Send DE-AUTH request (Reason=%d)...\n",
349 pInfo->Reason));
350 MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pInfo->Addr,
351 pAd->MlmeAux.Bssid);
352 MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(struct rt_header_802_11),
353 &DeauthHdr, 2, &pInfo->Reason, END_OF_ARGS);
354 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
355 MlmeFreeMemory(pAd, pOutBuffer);
356
357 pAd->StaCfg.DeauthReason = pInfo->Reason;
358 COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pInfo->Addr);
359 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
360 Status = MLME_SUCCESS;
361 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status);
362
363
364 if (pAd->CommonCfg.bWirelessEvent)
365 RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG,
366 pAd->MacTab.Content[BSSID_WCID].Addr,
367 BSS0, 0);
368}
369
370
371
372
373
374
375
376
377
378void AuthTimeoutAction(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
379{
380 u16 Status;
381 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - AuthTimeoutAction\n"));
382 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
383 Status = MLME_REJ_TIMEOUT;
384 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
385}
386
387
388
389
390
391
392
393
394
395void InvalidStateWhenAuth(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
396{
397 u16 Status;
398 DBGPRINT(RT_DEBUG_TRACE,
399 ("AUTH - InvalidStateWhenAuth (state=%ld), reset AUTH state machine\n",
400 pAd->Mlme.AuthMachine.CurrState));
401 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
402 Status = MLME_STATE_MACHINE_REJECT;
403 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
404}
405
406
407
408
409
410
411
412
413
414
415
416
417
418void Cls2errAction(struct rt_rtmp_adapter *pAd, u8 *pAddr)
419{
420 struct rt_header_802_11 DeauthHdr;
421 u8 *pOutBuffer = NULL;
422 int NStatus;
423 unsigned long FrameLen = 0;
424 u16 Reason = REASON_CLS2ERR;
425
426 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
427 if (NStatus != NDIS_STATUS_SUCCESS)
428 return;
429
430 DBGPRINT(RT_DEBUG_TRACE,
431 ("AUTH - Class 2 error, Send DEAUTH frame...\n"));
432 MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pAddr,
433 pAd->MlmeAux.Bssid);
434 MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(struct rt_header_802_11),
435 &DeauthHdr, 2, &Reason, END_OF_ARGS);
436 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
437 MlmeFreeMemory(pAd, pOutBuffer);
438
439 pAd->StaCfg.DeauthReason = Reason;
440 COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pAddr);
441}
442
443BOOLEAN AUTH_ReqSend(struct rt_rtmp_adapter *pAd,
444 struct rt_mlme_queue_elem *pElem,
445 struct rt_ralink_timer *pAuthTimer,
446 char *pSMName,
447 u16 SeqNo,
448 u8 *pNewElement, unsigned long ElementLen)
449{
450 u16 Alg, Seq, Status;
451 u8 Addr[6];
452 unsigned long Timeout;
453 struct rt_header_802_11 AuthHdr;
454 BOOLEAN TimerCancelled;
455 int NStatus;
456 u8 *pOutBuffer = NULL;
457 unsigned long FrameLen = 0, tmp = 0;
458
459
460 if (pAd->StaCfg.bBlockAssoc == TRUE) {
461 DBGPRINT(RT_DEBUG_TRACE,
462 ("%s - Block Auth request during WPA block period!\n",
463 pSMName));
464 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
465 Status = MLME_STATE_MACHINE_REJECT;
466 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2,
467 &Status);
468 } else
469 if (MlmeAuthReqSanity
470 (pAd, pElem->Msg, pElem->MsgLen, Addr, &Timeout, &Alg)) {
471
472 RTMPCancelTimer(pAuthTimer, &TimerCancelled);
473
474 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, Addr);
475 pAd->MlmeAux.Alg = Alg;
476 Seq = SeqNo;
477 Status = MLME_SUCCESS;
478
479 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
480 if (NStatus != NDIS_STATUS_SUCCESS) {
481 DBGPRINT(RT_DEBUG_TRACE,
482 ("%s - MlmeAuthReqAction(Alg:%d) allocate memory failed\n",
483 pSMName, Alg));
484 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
485 Status = MLME_FAIL_NO_RESOURCE;
486 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF,
487 2, &Status);
488 return FALSE;
489 }
490
491 DBGPRINT(RT_DEBUG_TRACE,
492 ("%s - Send AUTH request seq#1 (Alg=%d)...\n", pSMName,
493 Alg));
494 MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr,
495 pAd->MlmeAux.Bssid);
496 MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(struct rt_header_802_11),
497 &AuthHdr, 2, &Alg, 2, &Seq, 2, &Status,
498 END_OF_ARGS);
499
500 if (pNewElement && ElementLen) {
501 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
502 ElementLen, pNewElement, END_OF_ARGS);
503 FrameLen += tmp;
504 }
505
506 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
507 MlmeFreeMemory(pAd, pOutBuffer);
508
509 RTMPSetTimer(pAuthTimer, Timeout);
510 return TRUE;
511 } else {
512 DBGPRINT_ERR("%s - MlmeAuthReqAction() sanity check failed\n", pSMName);
513 return FALSE;
514 }
515
516 return TRUE;
517}
518
