[802.11] Add core support for detecting and using encrypted networks

Signed-off-by: Marty Connor <mdc@etherboot.org>

4 files changed, 376 insertions, 144 deletions

diff --git a/src/include/gpxe/errfile.h b/src/include/gpxe/errfile.h
index 5231c14bd..8d4545eb4 100644
--- a/src/include/gpxe/errfile.h
+++ b/src/include/gpxe/errfile.h
@@ -158,6 +158,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #define ERRFILE_ib_mi			( ERRFILE_NET | 0x00200000 )
 #define ERRFILE_ib_cmrc			( ERRFILE_NET | 0x00210000 )
 #define ERRFILE_ib_srp			( ERRFILE_NET | 0x00220000 )
+#define ERRFILE_sec80211		( ERRFILE_NET | 0x00230000 )
 
 #define ERRFILE_image		      ( ERRFILE_IMAGE | 0x00000000 )
 #define ERRFILE_elf		      ( ERRFILE_IMAGE | 0x00010000 )
diff --git a/src/include/gpxe/ieee80211.h b/src/include/gpxe/ieee80211.h
index 0403f9294..e5b10c304 100644
--- a/src/include/gpxe/ieee80211.h
+++ b/src/include/gpxe/ieee80211.h
@@ -2,6 +2,7 @@
 #define _GPXE_IEEE80211_H
 
 #include <gpxe/if_ether.h>	/* for ETH_ALEN */
+#include <endian.h>
 
 /** @file
  * Constants and data structures defined in IEEE 802.11, subsetted
@@ -779,10 +780,9 @@ struct ieee80211_ie_erp_info {
  *
  * Showing once again a striking clarity of design, the IEEE folks put
  * dynamically-sized data in the middle of this structure. As such,
- * the below structure definition is only a guideline; the
- * @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER, and
- * @c IEEE80211_RSN_AUTHTYPE macros should be used to access any
- * data.
+ * the below structure definition only works for IEs we create
+ * ourselves, which always have one pairwise cipher and one AKM;
+ * received IEs should be parsed piecemeal.
  *
  * Also inspired was IEEE's choice of 16-bit fields to count the
  * number of 4-byte elements in a structure with a maximum length of
@@ -790,11 +790,9 @@ struct ieee80211_ie_erp_info {
  *
  * Many fields reference a cipher or authentication-type ID; this is a
  * three-byte OUI followed by one byte identifying the cipher with
- * respect to that OUI. For all standard ciphers the OUI is 00:0F:AC.
- *
- * The authentication types referenced in this structure have nothing
- * to do with 802.11 authentication frames or the @c algorithm field
- * within them.
+ * respect to that OUI. For all standard ciphers the OUI is 00:0F:AC,
+ * except in old-style WPA IEs encapsulated in vendor-specific IEs,
+ * where it's 00:50:F2.
  */
 struct ieee80211_ie_rsn {
 	/** Information element ID */
@@ -807,21 +805,21 @@ struct ieee80211_ie_rsn {
 	u16 version;
 
 	/** Cipher ID for the cipher used in multicast/broadcast frames */
-	u8 group_cipher[4];
+	u32 group_cipher;
 
 	/** Number of unicast ciphers supported */
 	u16 pairwise_count;
 
 	/** List of cipher IDs for supported unicast frame ciphers */
-	u8 pairwise_cipher[4];
+	u32 pairwise_cipher[1];
 
 	/** Number of authentication types supported */
 	u16 akm_count;
 
 	/** List of authentication type IDs for supported types */
-	u8 akm_list[4];
+	u32 akm_list[1];
 
-	/** Security capabilities field. */
+	/** Security capabilities field (RSN only) */
 	u16 rsn_capab;
 
 	/** Number of PMKIDs included (present only in association frames) */
@@ -834,140 +832,69 @@ struct ieee80211_ie_rsn {
 /** Information element ID for Robust Security Network information element */
 #define IEEE80211_IE_RSN	48
 
-/** OUI for standard ciphers in RSN information element */
-#define  IEEE80211_RSN_OUI	"\x00\x0F\xAC"
-
-/** Extract RSN IE version field */
-#define  IEEE80211_RSN_FIELD_version( rsnp ) ( (rsnp)->version )
-
-/** Extract RSN IE group_cipher field */
-#define  IEEE80211_RSN_FIELD_group_cipher( rsnp ) ( (rsnp)->group_cipher )
-
-/** Extract RSN IE pairwise_count field */
-#define  IEEE80211_RSN_FIELD_pairwise_count( rsnp ) ( (rsnp)->pairwise_count )
-
-/** Extract RSN IE akm_count field */
-#define  IEEE80211_RSN_FIELD_akm_count( rsnp )			\
-	( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
-		4*( ( rsnp )->pairwise_count - 1 ) ) )->akm_count )
-
-/** Extract RSN IE rsn_capab field */
-#define  IEEE80211_RSN_FIELD_rsn_capab( rsnp )			\
-	( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
-		4*( ( rsnp )->pairwise_count - 1 ) +		\
-		4*( ( rsnp )->akm_count - 1 ) ) )->rsn_capab )
-
-/** Extract RSN IE pmkid_count field */
-#define  IEEE80211_RSN_FIELD_pmkid_count( rsnp )		\
-	( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
-		4*( ( rsnp )->pairwise_count - 1 ) +		\
-		4*( ( rsnp )->akm_count - 1 ) ) )->pmkid_count )
-
-/** Extract field from RSN information element
- *
- * @v rsnp	Pointer to RSN information element
- * @v field	Name of field to extract
- * @ret val	Lvalue of the requested field
- *
- * You must fill the fields of the structure in order for this to work
- * properly.
- */
-#define  IEEE80211_RSN_FIELD( rsnp, field )	\
-	IEEE80211_RSN_FIELD_ ## field ( rsnp )
-
-/** Get pointer to pairwise cipher from RSN information element
- *
- * @v rsnp	Pointer to RSN information element
- * @v cipher	Index of pairwise cipher to extract
- * @ret ptr	Pointer to requested cipher
- */
-#define  IEEE80211_RSN_CIPHER( rsnp, cipher )	\
-	( ( rsnp )->pairwise_cipher + 4 * ( cipher ) )
-
-/** Get pointer to authentication type from RSN information element
- *
- * @v rsnp	Pointer to RSN information element
- * @v akm	Index of authentication type to extract
- * @ret ptr	Pointer to requested authentication type
- *
- * The @c pairwise_count field must be correct.
- */
-#define  IEEE80211_RSN_AUTHTYPE( rsnp, akm )	\
-    ( ( rsnp )->akm_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + 4 * ( akm ) )
-
-/** Get pointer to PMKID from RSN information element
- *
- * @v rsnp	Pointer to RSN information element
- * @v idx	Index of PMKID to extract
- * @ret ptr	Pointer to requested PMKID
- *
- * The @c pairwise_count and @c akm_count fields must be correct.
- */
-#define  IEEE80211_RSN_PMKID( rsnp, idx )	\
-	( ( rsnp )->pmkid_list + 4 * ( ( rsnp )->pairwise_count - 1 ) +	\
-			4 * ( ( rsnp )->akm_count - 1 ) + 16 * ( idx ) )
-
-/** Verify size of RSN information element
- *
- * @v rsnp	Pointer to RSN information element
- * @ret ok	TRUE if count fields are consistent with length field
- *
- * It is important to drop any RSN IE that does not pass this function
- * before using the @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER,
- * and @c IEEE80211_RSN_AUTHTYPE macros, to avoid potential security
- * compromise due to a malformed RSN IE.
- *
- * This function does not consider the possibility of some PMKIDs
- * included in the RSN IE, because PMKIDs are only included in RSN IEs
- * sent in association request frames, and we should never receive an
- * association request frame. An RSN IE that includes PMKIDs will
- * always fail this check.
- */
-static inline int ieee80211_rsn_check ( struct ieee80211_ie_rsn *rsnp ) {
-	if ( rsnp->len < 12 + 4 * rsnp->pairwise_count )
-		return 0;
-	return ( rsnp->len == 12 + 4 * ( rsnp->pairwise_count +
-				IEEE80211_RSN_FIELD ( rsnp, akm_count ) ) );
-}
-
 /** Calculate necessary size of RSN information element
  *
  * @v npair	Number of pairwise ciphers supported
  * @v nauth	Number of authentication types supported
  * @v npmkid	Number of PMKIDs to include
- * @ret size	Necessary size of RSN IE, including header bytes
+ * @v is_rsn	If TRUE, calculate RSN IE size; if FALSE, calculate WPA IE size
+ * @ret size	Necessary size of IE, including header bytes
  */
-static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid ) {
-	return 16 + 4 * ( npair + nauth ) + 16 * npmkid;
+static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid,
+					  int rsn_ie ) {
+	return 16 + 4 * ( npair + nauth ) + 16 * npmkid - 4 * ! rsn_ie;
 }
 
+/** Make OUI plus type byte into 32-bit integer for easy comparison */
+#if __BYTE_ORDER == __BIG_ENDIAN
+#define _MKOUI( a, b, c, t )	\
+		( ( ( a ) << 24 ) | ( ( b ) << 16 ) | ( ( c ) << 8 ) | ( d ) )
+#define  OUI_ORG_MASK		0xFFFFFF00
+#define  OUI_TYPE_MASK		0x000000FF
+#else
+#define _MKOUI( a, b, c, t )	\
+		( ( ( t ) << 24 ) | ( ( c ) << 16 ) | ( ( b ) << 8 ) | ( a ) )
+#define  OUI_ORG_MASK		0x00FFFFFF
+#define  OUI_TYPE_MASK		0xFF000000
+#endif
+
+/** Organization part for OUIs in standard RSN IE */
+#define  IEEE80211_RSN_OUI	_MKOUI ( 0x00, 0x0F, 0xAC, 0 )
+
+/** Organization part for OUIs in old WPA IE */
+#define  IEEE80211_WPA_OUI	_MKOUI ( 0x00, 0x50, 0xF2, 0 )
+
+/** Old vendor-type WPA IE OUI type + subtype */
+#define  IEEE80211_WPA_OUI_VEN	_MKOUI ( 0x00, 0x50, 0xF2, 0x01 )
+
+
 /** 802.11 RSN IE: expected version number */
 #define  IEEE80211_RSN_VERSION		1
 
-/** 802.11 RSN IE: fourth byte of cipher type for 40-bit WEP */
-#define  IEEE80211_RSN_CTYPE_WEP40	1
+/** 802.11 RSN IE: cipher type for 40-bit WEP */
+#define  IEEE80211_RSN_CTYPE_WEP40	_MKOUI ( 0, 0, 0, 0x01 )
 
-/** 802.11 RSN IE: fourth byte of cipher type for 104-bit WEP */
-#define  IEEE80211_RSN_CTYPE_WEP104	5
+/** 802.11 RSN IE: cipher type for 104-bit WEP */
+#define  IEEE80211_RSN_CTYPE_WEP104	_MKOUI ( 0, 0, 0, 0x05 )
 
-/** 802.11 RSN IE: fourth byte of cipher type for TKIP ("WPA") */
-#define  IEEE80211_RSN_CTYPE_TKIP	2
+/** 802.11 RSN IE: cipher type for TKIP ("WPA") */
+#define  IEEE80211_RSN_CTYPE_TKIP	_MKOUI ( 0, 0, 0, 0x02 )
 
-/** 802.11 RSN IE: fourth byte of cipher type for CCMP ("WPA2") */
-#define  IEEE80211_RSN_CTYPE_CCMP	4
+/** 802.11 RSN IE: cipher type for CCMP ("WPA2") */
+#define  IEEE80211_RSN_CTYPE_CCMP	_MKOUI ( 0, 0, 0, 0x04 )
 
-/** 802.11 RSN IE: fourth byte of cipher type for "use group"
+/** 802.11 RSN IE: cipher type for "use group"
  *
  * This can only appear as a pairwise cipher, and means unicast frames
  * should be encrypted in the same way as broadcast/multicast frames.
  */
-#define  IEEE80211_RSN_CTYPE_USEGROUP	0
+#define  IEEE80211_RSN_CTYPE_USEGROUP	_MKOUI ( 0, 0, 0, 0x00 )
 
-/** 802.11 RSN IE: fourth byte of auth method type for using an 802.1X server */
-#define  IEEE80211_RSN_ATYPE_8021X	1
+/** 802.11 RSN IE: auth method type for using an 802.1X server */
+#define  IEEE80211_RSN_ATYPE_8021X	_MKOUI ( 0, 0, 0, 0x01 )
 
-/** 802.11 RSN IE: fourth byte of auth method type for using a pre-shared key */
-#define  IEEE80211_RSN_ATYPE_PSK	2
+/** 802.11 RSN IE: auth method type for using a pre-shared key */
+#define  IEEE80211_RSN_ATYPE_PSK	_MKOUI ( 0, 0, 0, 0x02 )
 
 /** 802.11 RSN IE capabilities: AP supports pre-authentication */
 #define  IEEE80211_RSN_CAPAB_PREAUTH	0x001
@@ -997,6 +924,42 @@ static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid ) {
 #define  IEEE80211_RSN_CAPAB_PEERKEY	0x200
 
 
+/** 802.11 RSN IE capabilities: One replay counter
+ *
+ * This should be AND'ed with @c IEEE80211_RSN_CAPAB_PTKSA_REPLAY or
+ * @c IEEE80211_RSN_CAPAB_GTKSA_REPLAY (or both) to produce a value
+ * which can be OR'ed into the capabilities field.
+ */
+#define IEEE80211_RSN_1_CTR		0x000
+
+/** 802.11 RSN IE capabilities: Two replay counters */
+#define IEEE80211_RSN_2_CTR		0x014
+
+/** 802.11 RSN IE capabilities: Four replay counters */
+#define IEEE80211_RSN_4_CTR		0x028
+
+/** 802.11 RSN IE capabilities: 16 replay counters */
+#define IEEE80211_RSN_16_CTR		0x03C
+
+
+/** 802.11 Vendor Specific information element
+ *
+ * One often sees the RSN IE masquerading as vendor-specific on
+ * devices that were produced prior to 802.11i (the WPA amendment)
+ * being finalized.
+ */
+struct ieee80211_ie_vendor {
+	u8 id;			/**< Vendor-specific ID: 221 */
+	u8 len;			/**< Vendor-specific length: variable */
+	u32 oui;		/**< OUI and vendor-specific type byte */
+	u8 data[0];		/**< Vendor-specific data */
+} __attribute__ ((packed));
+
+/** Information element ID for Vendor Specific information element */
+#define IEEE80211_IE_VENDOR	221
+
+
+
 
 /** Any 802.11 information element
  *
@@ -1034,8 +997,23 @@ union ieee80211_ie
 
 	/** Security information */
 	struct ieee80211_ie_rsn rsn;
+
+	/** Vendor-specific */
+	struct ieee80211_ie_vendor vendor;
 };
 
+/** Check that 802.11 information element is bounded by buffer
+ *
+ * @v ie	Information element
+ * @v end	End of buffer in which information element is stored
+ * @ret ok	TRUE if the IE is completely contained within the buffer
+ */
+static inline int ieee80211_ie_bound ( union ieee80211_ie *ie, void *end )
+{
+	void *iep = ie;
+	return ( iep + 2 <= end && iep + 2 + ie->len <= end );
+}
+
 /** Advance to next 802.11 information element
  *
  * @v ie	Current information element pointer
@@ -1055,7 +1033,7 @@ static inline union ieee80211_ie * ieee80211_next_ie ( union ieee80211_ie *ie,
 	if ( ! end )
 		return next_ie;
 
-	if ( next_ie_byte < end && next_ie_byte + next_ie->len <= end )
+	if ( ieee80211_ie_bound ( next_ie, end ) )
 		return next_ie;
 
 	return NULL;
diff --git a/src/include/gpxe/net80211.h b/src/include/gpxe/net80211.h
index d924941f2..027e091c3 100644
--- a/src/include/gpxe/net80211.h
+++ b/src/include/gpxe/net80211.h
@@ -119,6 +119,9 @@ enum net80211_security_proto {
 	 * in the same 4-way handshake as the PSK method.
 	 */
 	NET80211_SECPROT_EAP = 2,
+
+	/** Dummy value used when the handshaking type can't be detected */
+	NET80211_SECPROT_UNKNOWN = 3,
 };
 
 
@@ -169,6 +172,9 @@ enum net80211_crypto_alg {
 	 * against WEP and minor success against TKIP fail.
 	 */
 	NET80211_CRYPT_CCMP = 3,
+
+	/** Dummy value used when the cryptosystem can't be detected */
+	NET80211_CRYPT_UNKNOWN = 4,
 };
 
 
@@ -539,37 +545,171 @@ struct net80211_frag_cache
 	struct io_buffer *iob[16];
 };
 
-/** Interface to an 802.11 cryptographic algorithm
+
+/** Interface to an 802.11 security handshaking protocol
+ *
+ * Security handshaking protocols handle parsing a user-specified key
+ * into a suitable input to the encryption algorithm, and for WPA and
+ * better systems, manage performing whatever authentication with the
+ * network is necessary.
  *
- * Cryptographic algorithms define a net80211_crypto structure
- * statically, using a gPXE linker table to make it available to the
- * 802.11 layer. When the algorithm needs to be used, the 802.11 code
- * will allocate a copy of the static definition plus whatever space
- * the algorithm has requested for private state, and point
- * net80211_device::crypto at it.
+ * At all times when any method in this structure is called with a
+ * net80211_device argument @a dev, a dynamically allocated copy of
+ * the handshaker structure itself with space for the requested amount
+ * of private data may be accessed as @c dev->handshaker. The
+ * structure will not be modified, and will only be freed during
+ * reassociation and device closing after the @a stop method has been
+ * called.
+ */
+struct net80211_handshaker
+{
+	/** The security handshaking protocol implemented */
+	enum net80211_security_proto protocol;
+
+	/** Initialize security handshaking protocol
+	 *
+	 * @v dev	802.11 device
+	 * @ret rc	Return status code
+	 *
+	 * This method is expected to access @c netX/key or other
+	 * applicable settings to determine the parameters for
+	 * handshaking. If no handshaking is required, it should call
+	 * sec80211_install() with the cryptosystem and key that are
+	 * to be used, and @c start and @c step should be set to @c
+	 * NULL.
+	 *
+	 * This is always called just before association is performed,
+	 * but after its parameters have been set; in particular, you
+	 * may rely on the contents of the @a essid field in @a dev.
+	 */
+	int ( * init ) ( struct net80211_device *dev );
+
+	/** Start handshaking
+	 *
+	 * @v dev	802.11 device
+	 * @ret rc	Return status code
+	 *
+	 * This method is expected to set up internal state so that
+	 * packets sent immediately after association, before @a step
+	 * can be called, will be handled appropriately.
+	 *
+	 * This is always called just before association is attempted.
+	 */
+	int ( * start ) ( struct net80211_device *dev );
+
+	/** Process handshaking state
+	 *
+	 * @v dev	802.11 device
+	 * @ret rc	Return status code, or positive if done
+	 *
+	 * This method is expected to perform as much progress on the
+	 * protocol it implements as is possible without blocking. It
+	 * should return 0 if it wishes to be called again, a negative
+	 * return status code on error, or a positive value if
+	 * handshaking is complete. In the case of a positive return,
+	 * net80211_crypto_install() must have been called.
+	 *
+	 * If handshaking may require further action (e.g. an AP that
+	 * might decide to rekey), handlers must be installed by this
+	 * function that will act without further calls to @a step.
+	 */
+	int ( * step ) ( struct net80211_device *dev );
+
+	/** Change cryptographic key based on setting
+	 *
+	 * @v dev	802.11 device
+	 * @ret rc	Return status code
+	 *
+	 * This method is called whenever the @c netX/key setting
+	 * @e may have been changed. It is expected to determine
+	 * whether it did in fact change, and if so, to install the
+	 * new key using net80211_crypto_install(). If it is not
+	 * possible to do this immediately, this method should return
+	 * an error; in that case the 802.11 stack will reassociate,
+	 * following the usual init/start/step sequence.
+	 *
+	 * This method is only relevant when it is possible to
+	 * associate successfully with an incorrect key. When it is
+	 * not, a failed association will be retried until the user
+	 * changes the key setting, and a successful association will
+	 * not be dropped due to such a change. When association with
+	 * an incorrect key is impossible, this function should return
+	 * 0 after performing no action.
+	 */
+	int ( * change_key ) ( struct net80211_device *dev );
+
+	/** Stop security handshaking handlers
+	 *
+	 * @v dev	802.11 device
+	 *
+	 * This method is called just before freeing a security
+	 * handshaker; it could, for example, delete a process that @a
+	 * start had created to manage the security of the connection.
+	 * If not needed it may be set to NULL.
+	 */
+	void ( * stop ) ( struct net80211_device *dev );
+
+	/** Amount of private data requested
+	 *
+	 * Before @c init is called for the first time, this structure's
+	 * @c priv pointer will point to this many bytes of allocated
+	 * data, where the allocation will be performed separately for
+	 * each net80211_device.
+	 */
+	int priv_len;
+
+	/** Whether @a start has been called
+	 *
+	 * Reset to 0 after @a stop is called.
+	 */
+	int started;
+
+	/** Pointer to private data
+	 *
+	 * In initializing this structure statically for a linker
+	 * table, set this to NULL.
+	 */
+	void *priv;
+};
+
+#define NET80211_HANDSHAKERS __table ( struct net80211_handshaker, \
+				       "net80211_handshakers" )
+#define __net80211_handshaker __table_entry ( NET80211_HANDSHAKERS, 01 )
+
+
+/** Interface to an 802.11 cryptosystem
+ *
+ * Cryptosystems define a net80211_crypto structure statically, using
+ * a gPXE linker table to make it available to the 802.11 layer. When
+ * the cryptosystem needs to be used, the 802.11 code will allocate a
+ * copy of the static definition plus whatever space the algorithm has
+ * requested for private state, and point net80211_device::crypto or
+ * net80211_device::gcrypto at it.
  */
 struct net80211_crypto
 {
 	/** The cryptographic algorithm implemented */
 	enum net80211_crypto_alg algorithm;
 
-	/** Initialize cryptographic algorithm using a given key
+	/** Initialize cryptosystem using a given key
 	 *
-	 * @v crypto	802.11 cryptographic algorithm
+	 * @v crypto	802.11 cryptosystem
 	 * @v key	Pointer to key bytes
 	 * @v keylen	Number of key bytes
+	 * @v rsc	Initial receive sequence counter, if applicable
 	 * @ret rc	Return status code
 	 *
 	 * This method is passed the communication key provided by the
 	 * security handshake handler, which will already be in the
-	 * low-level form required.
+	 * low-level form required. It may not store a pointer to the
+	 * key after returning; it must copy it to its private storage.
 	 */
-	int ( * initialize ) ( struct net80211_crypto *crypto, u8 *key,
-			       int keylen );
+	int ( * init ) ( struct net80211_crypto *crypto, const void *key,
+			 int keylen, const void *rsc );
 
-	/** Encrypt a frame using the cryptographic algorithm
+	/** Encrypt a frame using the cryptosystem
 	 *
-	 * @v crypto	802.11 cryptographic algorithm
+	 * @v crypto	802.11 cryptosystem
 	 * @v iob	I/O buffer
 	 * @ret eiob	Newly allocated I/O buffer with encrypted packet
 	 *
@@ -593,9 +733,9 @@ struct net80211_crypto
 	struct io_buffer * ( * encrypt ) ( struct net80211_crypto *crypto,
 					   struct io_buffer *iob );
 
-	/** Decrypt a frame using the cryptographic algorithm
+	/** Decrypt a frame using the cryptosystem
 	 *
-	 * @v crypto	802.11 cryptographic algorithm
+	 * @v crypto	802.11 cryptosystem
 	 * @v eiob	Encrypted I/O buffer
 	 * @ret iob	Newly allocated I/O buffer with decrypted packet
 	 *
@@ -626,6 +766,9 @@ struct net80211_crypto
 	void *priv;
 };
 
+#define NET80211_CRYPTOS __table ( struct net80211_crypto, "net80211_cryptos" )
+#define __net80211_crypto __table_entry ( NET80211_CRYPTOS, 01 )
+
 
 struct net80211_probe_ctx;
 struct net80211_assoc_ctx;
@@ -732,6 +875,9 @@ struct net80211_device
 		struct net80211_assoc_ctx *assoc;
 	} ctx;
 
+	/** Security handshaker being used */
+	struct net80211_handshaker *handshaker;
+
 	/** State of our association to the network
 	 *
 	 * Since the association process happens asynchronously, it's
@@ -777,14 +923,33 @@ struct net80211_device
 	/** Return status code associated with @c state */
 	int assoc_rc;
 
+	/** RSN or WPA information element to include with association
+	 *
+	 * If set to @c NULL, none will be included. It is expected
+	 * that this will be set by the @a init function of a security
+	 * handshaker if it is needed.
+	 */
+	union ieee80211_ie *rsn_ie;
+
 	/* ---------- Parameters of currently associated network ---------- */
 
-	/** 802.11 cryptographic algorithm for our current network
+	/** 802.11 cryptosystem for our current network
 	 *
 	 * For an open network, this will be set to NULL.
 	 */
 	struct net80211_crypto *crypto;
 
+	/** 802.11 cryptosystem for multicast and broadcast frames
+	 *
+	 * If this is NULL, the cryptosystem used for receiving
+	 * unicast frames will also be used for receiving multicast
+	 * and broadcast frames. Transmitted multicast and broadcast
+	 * frames are always sent unicast to the AP, who multicasts
+	 * them on our behalf; thus they always use the unicast
+	 * cryptosystem.
+	 */
+	struct net80211_crypto *gcrypto;
+
 	/** MAC address of the access point most recently associated */
 	u8 bssid[ETH_ALEN];
 
@@ -927,6 +1092,10 @@ struct net80211_wlan
 };
 
 
+/** 802.11 encryption key setting */
+extern struct setting net80211_key_setting __setting;
+
+
 /**
  * @defgroup net80211_probe 802.11 network location API
  * @{
@@ -974,6 +1143,7 @@ int net80211_send_auth ( struct net80211_device *dev,
 			 struct net80211_wlan *wlan, int method );
 int net80211_send_assoc ( struct net80211_device *dev,
 			  struct net80211_wlan *wlan );
+void net80211_deauthenticate ( struct net80211_device *dev, int rc );
 /** @} */
 
 
diff --git a/src/include/gpxe/sec80211.h b/src/include/gpxe/sec80211.h
new file mode 100644
index 000000000..502ebf7d7
--- /dev/null
+++ b/src/include/gpxe/sec80211.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#ifndef _GPXE_SEC80211_H
+#define _GPXE_SEC80211_H
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <gpxe/net80211.h>
+#include <errno.h>
+
+/** @file
+ *
+ * Definitions for general secured-network routines.
+ *
+ * Any function in this file which may be referenced by code which is
+ * not exclusive to encryption-enabled builds (e.g. sec80211_detect(),
+ * which is called by net80211_probe_step() to fill the net80211_wlan
+ * structure's security fields) must be declared as a weak symbol,
+ * using an inline interface similar to that used for
+ * sec80211_detect() below. This prevents secure network support from
+ * bloating general builds by any more than a few tiny hooks to call
+ * crypto functions when crypto structures are non-NULL.
+ */
+
+int _sec80211_detect ( struct io_buffer *iob,
+		       enum net80211_security_proto *secprot,
+		       enum net80211_crypto_alg *crypt )
+	__attribute__ (( weak ));
+
+
+/**
+ * Inline safety wrapper for _sec80211_detect()
+ *
+ * @v iob	I/O buffer containing beacon frame
+ * @ret secprot	Security handshaking protocol used by network
+ * @ret crypt	Cryptosystem used by network
+ * @ret rc	Return status code
+ *
+ * This function transparently calls _sec80211_detect() if the file
+ * containing it was compiled in, or returns an error indication of
+ * @c -ENOTSUP if not.
+ */
+static inline int sec80211_detect ( struct io_buffer *iob,
+				    enum net80211_security_proto *secprot,
+				    enum net80211_crypto_alg *crypt ) {
+	if ( _sec80211_detect )
+		return _sec80211_detect ( iob, secprot, crypt );
+	return -ENOTSUP;
+}
+
+int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end,
+			 enum net80211_security_proto *secprot,
+			 enum net80211_crypto_alg *crypt );
+u8 * sec80211_find_rsn ( union ieee80211_ie *ie, void *ie_end,
+			 int *is_rsn, u8 **end );
+
+int sec80211_install ( struct net80211_crypto **which,
+		       enum net80211_crypto_alg crypt,
+		       const void *key, int len, const void *rsc );
+
+u32 sec80211_rsn_get_crypto_desc ( enum net80211_crypto_alg crypt, int rsnie );
+u32 sec80211_rsn_get_akm_desc ( enum net80211_security_proto secprot,
+				int rsnie );
+enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt ( u32 desc );
+
+#endif /* _GPXE_SEC80211_H */
+