1 /*
2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3 * All rights reserved.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 *
20 * File: wpa.c
21 *
22 * Purpose: Handles the Basic Service Set & Node Database functions
23 *
24 * Functions:
25 * WPA_ParseRSN - Parse RSN IE.
26 *
27 * Revision History:
28 *
29 * Author: Kyle Hsu
30 *
31 * Date: July 14, 2003
32 *
33 */
34
35 #include "ttype.h"
36 #include "tmacro.h"
37 #include "tether.h"
38 #include "device.h"
39 #include "80211hdr.h"
40 #include "bssdb.h"
41 #include "wmgr.h"
42 #include "wpa.h"
43 #include "80211mgr.h"
44
45 /*--------------------- Static Variables --------------------------*/
46 static int msglevel =MSG_LEVEL_INFO;
47
48 const unsigned char abyOUI00[4] = { 0x00, 0x50, 0xf2, 0x00 };
49 const unsigned char abyOUI01[4] = { 0x00, 0x50, 0xf2, 0x01 };
50 const unsigned char abyOUI02[4] = { 0x00, 0x50, 0xf2, 0x02 };
51 const unsigned char abyOUI03[4] = { 0x00, 0x50, 0xf2, 0x03 };
52 const unsigned char abyOUI04[4] = { 0x00, 0x50, 0xf2, 0x04 };
53 const unsigned char abyOUI05[4] = { 0x00, 0x50, 0xf2, 0x05 };
54
55
56 /*+
57 *
58 * Description:
59 * Clear RSN information in BSSList.
60 *
61 * Parameters:
62 * In:
63 * pBSSList - BSS list.
64 * Out:
65 * none
66 *
67 * Return Value: none.
68 *
69 -*/
70
71 void
WPA_ClearRSN(PKnownBSS pBSSList)72 WPA_ClearRSN (
73 PKnownBSS pBSSList
74 )
75 {
76 int ii;
77 pBSSList->byGKType = WPA_TKIP;
78 for (ii=0; ii < 4; ii ++)
79 pBSSList->abyPKType[ii] = WPA_TKIP;
80 pBSSList->wPKCount = 0;
81 for (ii=0; ii < 4; ii ++)
82 pBSSList->abyAuthType[ii] = WPA_AUTH_IEEE802_1X;
83 pBSSList->wAuthCount = 0;
84 pBSSList->byDefaultK_as_PK = 0;
85 pBSSList->byReplayIdx = 0;
86 pBSSList->sRSNCapObj.bRSNCapExist = false;
87 pBSSList->sRSNCapObj.wRSNCap = 0;
88 pBSSList->bWPAValid = false;
89 }
90
91
92 /*+
93 *
94 * Description:
95 * Parse RSN IE.
96 *
97 * Parameters:
98 * In:
99 * pBSSList - BSS list.
100 * pRSN - Pointer to the RSN IE.
101 * Out:
102 * none
103 *
104 * Return Value: none.
105 *
106 -*/
107 void
WPA_ParseRSN(PKnownBSS pBSSList,PWLAN_IE_RSN_EXT pRSN)108 WPA_ParseRSN (
109 PKnownBSS pBSSList,
110 PWLAN_IE_RSN_EXT pRSN
111 )
112 {
113 PWLAN_IE_RSN_AUTH pIE_RSN_Auth = NULL;
114 int i, j, m, n = 0;
115 unsigned char *pbyCaps;
116
117 WPA_ClearRSN(pBSSList);
118
119 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WPA_ParseRSN: [%d]\n", pRSN->len);
120
121 // information element header makes sense
122 if ((pRSN->len >= 6) // oui1(4)+ver(2)
123 && (pRSN->byElementID == WLAN_EID_RSN_WPA) && !memcmp(pRSN->abyOUI, abyOUI01, 4)
124 && (pRSN->wVersion == 1)) {
125
126 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Legal RSN\n");
127 // update each variable if pRSN is long enough to contain the variable
128 if (pRSN->len >= 10) //oui1(4)+ver(2)+GKSuite(4)
129 {
130 if ( !memcmp(pRSN->abyMulticast, abyOUI01, 4))
131 pBSSList->byGKType = WPA_WEP40;
132 else if ( !memcmp(pRSN->abyMulticast, abyOUI02, 4))
133 pBSSList->byGKType = WPA_TKIP;
134 else if ( !memcmp(pRSN->abyMulticast, abyOUI03, 4))
135 pBSSList->byGKType = WPA_AESWRAP;
136 else if ( !memcmp(pRSN->abyMulticast, abyOUI04, 4))
137 pBSSList->byGKType = WPA_AESCCMP;
138 else if ( !memcmp(pRSN->abyMulticast, abyOUI05, 4))
139 pBSSList->byGKType = WPA_WEP104;
140 else
141 // any vendor checks here
142 pBSSList->byGKType = WPA_NONE;
143
144 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byGKType: %x\n", pBSSList->byGKType);
145 }
146
147 if (pRSN->len >= 12) //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)
148 {
149 j = 0;
150 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wPKCount: %d, sizeof(pBSSList->abyPKType): %zu\n", pRSN->wPKCount, sizeof(pBSSList->abyPKType));
151 for(i = 0; (i < pRSN->wPKCount) && (j < sizeof(pBSSList->abyPKType)/sizeof(unsigned char)); i++) {
152 if(pRSN->len >= 12+i*4+4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*i)
153 if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI00, 4))
154 pBSSList->abyPKType[j++] = WPA_NONE;
155 else if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI02, 4))
156 pBSSList->abyPKType[j++] = WPA_TKIP;
157 else if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI03, 4))
158 pBSSList->abyPKType[j++] = WPA_AESWRAP;
159 else if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI04, 4))
160 pBSSList->abyPKType[j++] = WPA_AESCCMP;
161 else
162 // any vendor checks here
163 ;
164 }
165 else
166 break;
167 //DBG_PRN_GRP14(("abyPKType[%d]: %X\n", j-1, pBSSList->abyPKType[j-1]));
168 } //for
169 pBSSList->wPKCount = (unsigned short)j;
170 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wPKCount: %d\n", pBSSList->wPKCount);
171 }
172
173 m = pRSN->wPKCount;
174 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"m: %d\n", m);
175 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"14+m*4: %d\n", 14+m*4);
176
177 if (pRSN->len >= 14+m*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)
178 // overlay IE_RSN_Auth structure into correct place
179 pIE_RSN_Auth = (PWLAN_IE_RSN_AUTH) pRSN->PKSList[m].abyOUI;
180 j = 0;
181 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wAuthCount: %d, sizeof(pBSSList->abyAuthType): %zu\n",
182 pIE_RSN_Auth->wAuthCount, sizeof(pBSSList->abyAuthType));
183 for(i = 0; (i < pIE_RSN_Auth->wAuthCount) && (j < sizeof(pBSSList->abyAuthType)/sizeof(unsigned char)); i++) {
184 if(pRSN->len >= 14+4+(m+i)*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)+AKS(4*i)
185 if ( !memcmp(pIE_RSN_Auth->AuthKSList[i].abyOUI, abyOUI01, 4))
186 pBSSList->abyAuthType[j++] = WPA_AUTH_IEEE802_1X;
187 else if ( !memcmp(pIE_RSN_Auth->AuthKSList[i].abyOUI, abyOUI02, 4))
188 pBSSList->abyAuthType[j++] = WPA_AUTH_PSK;
189 else
190 // any vendor checks here
191 ;
192 }
193 else
194 break;
195 //DBG_PRN_GRP14(("abyAuthType[%d]: %X\n", j-1, pBSSList->abyAuthType[j-1]));
196 }
197 if(j > 0)
198 pBSSList->wAuthCount = (unsigned short)j;
199 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wAuthCount: %d\n", pBSSList->wAuthCount);
200 }
201
202 if (pIE_RSN_Auth != NULL) {
203
204 n = pIE_RSN_Auth->wAuthCount;
205
206 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"n: %d\n", n);
207 DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"14+4+(m+n)*4: %d\n", 14+4+(m+n)*4);
208
209 if(pRSN->len+2 >= 14+4+(m+n)*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)+AKS(4*n)+Cap(2)
210 pbyCaps = (unsigned char *)pIE_RSN_Auth->AuthKSList[n].abyOUI;
211 pBSSList->byDefaultK_as_PK = (*pbyCaps) & WPA_GROUPFLAG;
212 pBSSList->byReplayIdx = 2 << ((*pbyCaps >> WPA_REPLAYBITSSHIFT) & WPA_REPLAYBITS);
213 pBSSList->sRSNCapObj.bRSNCapExist = true;
214 pBSSList->sRSNCapObj.wRSNCap = *(unsigned short *)pbyCaps;
215 //DBG_PRN_GRP14(("pbyCaps: %X\n", *pbyCaps));
216 //DBG_PRN_GRP14(("byDefaultK_as_PK: %X\n", pBSSList->byDefaultK_as_PK));
217 //DBG_PRN_GRP14(("byReplayIdx: %X\n", pBSSList->byReplayIdx));
218 }
219 }
220 pBSSList->bWPAValid = true;
221 }
222 }
223
224 /*+
225 *
226 * Description:
227 * Search RSN information in BSSList.
228 *
229 * Parameters:
230 * In:
231 * byCmd - Search type
232 * byEncrypt- Encrcypt Type
233 * pBSSList - BSS list
234 * Out:
235 * none
236 *
237 * Return Value: none.
238 *
239 -*/
240 bool
WPA_SearchRSN(unsigned char byCmd,unsigned char byEncrypt,PKnownBSS pBSSList)241 WPA_SearchRSN (
242 unsigned char byCmd,
243 unsigned char byEncrypt,
244 PKnownBSS pBSSList
245 )
246 {
247 int ii;
248 unsigned char byPKType = WPA_NONE;
249
250 if (pBSSList->bWPAValid == false)
251 return false;
252
253 switch(byCmd) {
254 case 0:
255
256 if (byEncrypt != pBSSList->byGKType)
257 return false;
258
259 if (pBSSList->wPKCount > 0) {
260 for (ii = 0; ii < pBSSList->wPKCount; ii ++) {
261 if (pBSSList->abyPKType[ii] == WPA_AESCCMP)
262 byPKType = WPA_AESCCMP;
263 else if ((pBSSList->abyPKType[ii] == WPA_TKIP) && (byPKType != WPA_AESCCMP))
264 byPKType = WPA_TKIP;
265 else if ((pBSSList->abyPKType[ii] == WPA_WEP40) && (byPKType != WPA_AESCCMP) && (byPKType != WPA_TKIP))
266 byPKType = WPA_WEP40;
267 else if ((pBSSList->abyPKType[ii] == WPA_WEP104) && (byPKType != WPA_AESCCMP) && (byPKType != WPA_TKIP))
268 byPKType = WPA_WEP104;
269 }
270 if (byEncrypt != byPKType)
271 return false;
272 }
273 return true;
274 // if (pBSSList->wAuthCount > 0)
275 // for (ii=0; ii < pBSSList->wAuthCount; ii ++)
276 // if (byAuth == pBSSList->abyAuthType[ii])
277 // break;
278 break;
279
280 default:
281 break;
282 }
283 return false;
284 }
285
286 /*+
287 *
288 * Description:
289 * Check if RSN IE makes sense.
290 *
291 * Parameters:
292 * In:
293 * pRSN - Pointer to the RSN IE.
294 * Out:
295 * none
296 *
297 * Return Value: none.
298 *
299 -*/
300 bool
WPAb_Is_RSN(PWLAN_IE_RSN_EXT pRSN)301 WPAb_Is_RSN (
302 PWLAN_IE_RSN_EXT pRSN
303 )
304 {
305 if (pRSN == NULL)
306 return false;
307
308 if ((pRSN->len >= 6) && // oui1(4)+ver(2)
309 (pRSN->byElementID == WLAN_EID_RSN_WPA) && !memcmp(pRSN->abyOUI, abyOUI01, 4) &&
310 (pRSN->wVersion == 1)) {
311 return true;
312 }
313 else
314 return false;
315 }
316
317