1 /*
2  * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
3  * All rights reserved.
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License along
16  * with this program; if not, write to the Free Software Foundation, Inc.,
17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  *
20  * File: wpa.c
21  *
22  * Purpose: Handles the Basic Service Set & Node Database functions
23  *
24  * Functions:
25  *      WPA_ParseRSN - Parse RSN IE.
26  *
27  * Revision History:
28  *
29  * Author: Kyle Hsu
30  *
31  * Date: July 14, 2003
32  *
33  */
34 
35 #include "ttype.h"
36 #include "tmacro.h"
37 #include "tether.h"
38 #include "device.h"
39 #include "80211hdr.h"
40 #include "bssdb.h"
41 #include "wmgr.h"
42 #include "wpa.h"
43 #include "80211mgr.h"
44 
45 /*---------------------  Static Variables  --------------------------*/
46 static int          msglevel                =MSG_LEVEL_INFO;
47 
48 const unsigned char abyOUI00[4] = { 0x00, 0x50, 0xf2, 0x00 };
49 const unsigned char abyOUI01[4] = { 0x00, 0x50, 0xf2, 0x01 };
50 const unsigned char abyOUI02[4] = { 0x00, 0x50, 0xf2, 0x02 };
51 const unsigned char abyOUI03[4] = { 0x00, 0x50, 0xf2, 0x03 };
52 const unsigned char abyOUI04[4] = { 0x00, 0x50, 0xf2, 0x04 };
53 const unsigned char abyOUI05[4] = { 0x00, 0x50, 0xf2, 0x05 };
54 
55 
56 /*+
57  *
58  * Description:
59  *    Clear RSN information in BSSList.
60  *
61  * Parameters:
62  *  In:
63  *      pBSSList - BSS list.
64  *  Out:
65  *      none
66  *
67  * Return Value: none.
68  *
69 -*/
70 
71 void
WPA_ClearRSN(PKnownBSS pBSSList)72 WPA_ClearRSN (
73     PKnownBSS        pBSSList
74     )
75 {
76     int ii;
77     pBSSList->byGKType = WPA_TKIP;
78     for (ii=0; ii < 4; ii ++)
79         pBSSList->abyPKType[ii] = WPA_TKIP;
80     pBSSList->wPKCount = 0;
81     for (ii=0; ii < 4; ii ++)
82         pBSSList->abyAuthType[ii] = WPA_AUTH_IEEE802_1X;
83     pBSSList->wAuthCount = 0;
84     pBSSList->byDefaultK_as_PK = 0;
85     pBSSList->byReplayIdx = 0;
86     pBSSList->sRSNCapObj.bRSNCapExist = false;
87     pBSSList->sRSNCapObj.wRSNCap = 0;
88     pBSSList->bWPAValid = false;
89 }
90 
91 
92 /*+
93  *
94  * Description:
95  *    Parse RSN IE.
96  *
97  * Parameters:
98  *  In:
99  *      pBSSList - BSS list.
100  *      pRSN - Pointer to the RSN IE.
101  *  Out:
102  *      none
103  *
104  * Return Value: none.
105  *
106 -*/
107 void
WPA_ParseRSN(PKnownBSS pBSSList,PWLAN_IE_RSN_EXT pRSN)108 WPA_ParseRSN (
109     PKnownBSS        pBSSList,
110     PWLAN_IE_RSN_EXT pRSN
111     )
112 {
113     PWLAN_IE_RSN_AUTH  pIE_RSN_Auth = NULL;
114     int                i, j, m, n = 0;
115     unsigned char *pbyCaps;
116 
117     WPA_ClearRSN(pBSSList);
118 
119     DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WPA_ParseRSN: [%d]\n", pRSN->len);
120 
121     // information element header makes sense
122     if ((pRSN->len >= 6) // oui1(4)+ver(2)
123          && (pRSN->byElementID == WLAN_EID_RSN_WPA) &&  !memcmp(pRSN->abyOUI, abyOUI01, 4)
124          && (pRSN->wVersion == 1)) {
125 
126         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Legal RSN\n");
127         // update each variable if pRSN is long enough to contain the variable
128         if (pRSN->len >= 10) //oui1(4)+ver(2)+GKSuite(4)
129         {
130             if ( !memcmp(pRSN->abyMulticast, abyOUI01, 4))
131                 pBSSList->byGKType = WPA_WEP40;
132             else if ( !memcmp(pRSN->abyMulticast, abyOUI02, 4))
133                 pBSSList->byGKType = WPA_TKIP;
134             else if ( !memcmp(pRSN->abyMulticast, abyOUI03, 4))
135                 pBSSList->byGKType = WPA_AESWRAP;
136             else if ( !memcmp(pRSN->abyMulticast, abyOUI04, 4))
137                 pBSSList->byGKType = WPA_AESCCMP;
138             else if ( !memcmp(pRSN->abyMulticast, abyOUI05, 4))
139                 pBSSList->byGKType = WPA_WEP104;
140             else
141                 // any vendor checks here
142                 pBSSList->byGKType = WPA_NONE;
143 
144             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byGKType: %x\n", pBSSList->byGKType);
145         }
146 
147         if (pRSN->len >= 12) //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)
148         {
149             j = 0;
150             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wPKCount: %d, sizeof(pBSSList->abyPKType): %zu\n", pRSN->wPKCount, sizeof(pBSSList->abyPKType));
151             for(i = 0; (i < pRSN->wPKCount) && (j < sizeof(pBSSList->abyPKType)/sizeof(unsigned char)); i++) {
152                 if(pRSN->len >= 12+i*4+4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*i)
153                     if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI00, 4))
154                         pBSSList->abyPKType[j++] = WPA_NONE;
155                     else if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI02, 4))
156                         pBSSList->abyPKType[j++] = WPA_TKIP;
157                     else if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI03, 4))
158                         pBSSList->abyPKType[j++] = WPA_AESWRAP;
159                     else if ( !memcmp(pRSN->PKSList[i].abyOUI, abyOUI04, 4))
160                         pBSSList->abyPKType[j++] = WPA_AESCCMP;
161                     else
162                         // any vendor checks here
163                         ;
164                 }
165                 else
166                     break;
167                 //DBG_PRN_GRP14(("abyPKType[%d]: %X\n", j-1, pBSSList->abyPKType[j-1]));
168             } //for
169             pBSSList->wPKCount = (unsigned short)j;
170             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wPKCount: %d\n", pBSSList->wPKCount);
171         }
172 
173         m = pRSN->wPKCount;
174         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"m: %d\n", m);
175         DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"14+m*4: %d\n", 14+m*4);
176 
177         if (pRSN->len >= 14+m*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)
178             // overlay IE_RSN_Auth structure into correct place
179             pIE_RSN_Auth = (PWLAN_IE_RSN_AUTH) pRSN->PKSList[m].abyOUI;
180             j = 0;
181             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wAuthCount: %d, sizeof(pBSSList->abyAuthType): %zu\n",
182                           pIE_RSN_Auth->wAuthCount, sizeof(pBSSList->abyAuthType));
183             for(i = 0; (i < pIE_RSN_Auth->wAuthCount) && (j < sizeof(pBSSList->abyAuthType)/sizeof(unsigned char)); i++) {
184                 if(pRSN->len >= 14+4+(m+i)*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)+AKS(4*i)
185                     if ( !memcmp(pIE_RSN_Auth->AuthKSList[i].abyOUI, abyOUI01, 4))
186                         pBSSList->abyAuthType[j++] = WPA_AUTH_IEEE802_1X;
187                     else if ( !memcmp(pIE_RSN_Auth->AuthKSList[i].abyOUI, abyOUI02, 4))
188                         pBSSList->abyAuthType[j++] = WPA_AUTH_PSK;
189                     else
190                     // any vendor checks here
191                     ;
192                 }
193                 else
194                     break;
195                 //DBG_PRN_GRP14(("abyAuthType[%d]: %X\n", j-1, pBSSList->abyAuthType[j-1]));
196             }
197             if(j > 0)
198                 pBSSList->wAuthCount = (unsigned short)j;
199             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wAuthCount: %d\n", pBSSList->wAuthCount);
200         }
201 
202         if (pIE_RSN_Auth != NULL) {
203 
204             n = pIE_RSN_Auth->wAuthCount;
205 
206             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"n: %d\n", n);
207             DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"14+4+(m+n)*4: %d\n", 14+4+(m+n)*4);
208 
209             if(pRSN->len+2 >= 14+4+(m+n)*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)+AKS(4*n)+Cap(2)
210                 pbyCaps = (unsigned char *)pIE_RSN_Auth->AuthKSList[n].abyOUI;
211                 pBSSList->byDefaultK_as_PK = (*pbyCaps) & WPA_GROUPFLAG;
212                 pBSSList->byReplayIdx = 2 << ((*pbyCaps >> WPA_REPLAYBITSSHIFT) & WPA_REPLAYBITS);
213                 pBSSList->sRSNCapObj.bRSNCapExist = true;
214                 pBSSList->sRSNCapObj.wRSNCap = *(unsigned short *)pbyCaps;
215                 //DBG_PRN_GRP14(("pbyCaps: %X\n", *pbyCaps));
216                 //DBG_PRN_GRP14(("byDefaultK_as_PK: %X\n", pBSSList->byDefaultK_as_PK));
217                 //DBG_PRN_GRP14(("byReplayIdx: %X\n", pBSSList->byReplayIdx));
218             }
219         }
220         pBSSList->bWPAValid = true;
221     }
222 }
223 
224 /*+
225  *
226  * Description:
227  *    Search RSN information in BSSList.
228  *
229  * Parameters:
230  *  In:
231  *      byCmd    - Search type
232  *      byEncrypt- Encrcypt Type
233  *      pBSSList - BSS list
234  *  Out:
235  *      none
236  *
237  * Return Value: none.
238  *
239 -*/
240 bool
WPA_SearchRSN(unsigned char byCmd,unsigned char byEncrypt,PKnownBSS pBSSList)241 WPA_SearchRSN (
242     unsigned char byCmd,
243     unsigned char byEncrypt,
244     PKnownBSS        pBSSList
245     )
246 {
247     int ii;
248     unsigned char byPKType = WPA_NONE;
249 
250     if (pBSSList->bWPAValid == false)
251         return false;
252 
253     switch(byCmd) {
254     case 0:
255 
256         if (byEncrypt != pBSSList->byGKType)
257             return false;
258 
259         if (pBSSList->wPKCount > 0) {
260             for (ii = 0; ii < pBSSList->wPKCount; ii ++) {
261                 if (pBSSList->abyPKType[ii] == WPA_AESCCMP)
262                     byPKType = WPA_AESCCMP;
263                 else if ((pBSSList->abyPKType[ii] == WPA_TKIP) && (byPKType != WPA_AESCCMP))
264                      byPKType = WPA_TKIP;
265                 else if ((pBSSList->abyPKType[ii] == WPA_WEP40) && (byPKType != WPA_AESCCMP) && (byPKType != WPA_TKIP))
266                      byPKType = WPA_WEP40;
267                 else if ((pBSSList->abyPKType[ii] == WPA_WEP104) && (byPKType != WPA_AESCCMP) && (byPKType != WPA_TKIP))
268                      byPKType = WPA_WEP104;
269             }
270             if (byEncrypt != byPKType)
271                 return false;
272         }
273         return true;
274 //        if (pBSSList->wAuthCount > 0)
275 //            for (ii=0; ii < pBSSList->wAuthCount; ii ++)
276 //                if (byAuth == pBSSList->abyAuthType[ii])
277 //                    break;
278         break;
279 
280     default:
281         break;
282     }
283     return false;
284 }
285 
286 /*+
287  *
288  * Description:
289  *    Check if RSN IE makes sense.
290  *
291  * Parameters:
292  *  In:
293  *      pRSN - Pointer to the RSN IE.
294  *  Out:
295  *      none
296  *
297  * Return Value: none.
298  *
299 -*/
300 bool
WPAb_Is_RSN(PWLAN_IE_RSN_EXT pRSN)301 WPAb_Is_RSN (
302     PWLAN_IE_RSN_EXT pRSN
303     )
304 {
305     if (pRSN == NULL)
306         return false;
307 
308     if ((pRSN->len >= 6) && // oui1(4)+ver(2)
309         (pRSN->byElementID == WLAN_EID_RSN_WPA) &&  !memcmp(pRSN->abyOUI, abyOUI01, 4) &&
310         (pRSN->wVersion == 1)) {
311         return true;
312     }
313     else
314         return false;
315 }
316 
317