diff options
Diffstat (limited to 'src/include/gpxe/ieee80211.h')
-rw-r--r-- | src/include/gpxe/ieee80211.h | 232 |
1 files changed, 105 insertions, 127 deletions
diff --git a/src/include/gpxe/ieee80211.h b/src/include/gpxe/ieee80211.h index 0403f929..e5b10c30 100644 --- a/src/include/gpxe/ieee80211.h +++ b/src/include/gpxe/ieee80211.h @@ -2,6 +2,7 @@ #define _GPXE_IEEE80211_H #include <gpxe/if_ether.h> /* for ETH_ALEN */ +#include <endian.h> /** @file * Constants and data structures defined in IEEE 802.11, subsetted @@ -779,10 +780,9 @@ struct ieee80211_ie_erp_info { * * Showing once again a striking clarity of design, the IEEE folks put * dynamically-sized data in the middle of this structure. As such, - * the below structure definition is only a guideline; the - * @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER, and - * @c IEEE80211_RSN_AUTHTYPE macros should be used to access any - * data. + * the below structure definition only works for IEs we create + * ourselves, which always have one pairwise cipher and one AKM; + * received IEs should be parsed piecemeal. * * Also inspired was IEEE's choice of 16-bit fields to count the * number of 4-byte elements in a structure with a maximum length of @@ -790,11 +790,9 @@ struct ieee80211_ie_erp_info { * * Many fields reference a cipher or authentication-type ID; this is a * three-byte OUI followed by one byte identifying the cipher with - * respect to that OUI. For all standard ciphers the OUI is 00:0F:AC. - * - * The authentication types referenced in this structure have nothing - * to do with 802.11 authentication frames or the @c algorithm field - * within them. + * respect to that OUI. For all standard ciphers the OUI is 00:0F:AC, + * except in old-style WPA IEs encapsulated in vendor-specific IEs, + * where it's 00:50:F2. */ struct ieee80211_ie_rsn { /** Information element ID */ @@ -807,21 +805,21 @@ struct ieee80211_ie_rsn { u16 version; /** Cipher ID for the cipher used in multicast/broadcast frames */ - u8 group_cipher[4]; + u32 group_cipher; /** Number of unicast ciphers supported */ u16 pairwise_count; /** List of cipher IDs for supported unicast frame ciphers */ - u8 pairwise_cipher[4]; + u32 pairwise_cipher[1]; /** Number of authentication types supported */ u16 akm_count; /** List of authentication type IDs for supported types */ - u8 akm_list[4]; + u32 akm_list[1]; - /** Security capabilities field. */ + /** Security capabilities field (RSN only) */ u16 rsn_capab; /** Number of PMKIDs included (present only in association frames) */ @@ -834,140 +832,69 @@ struct ieee80211_ie_rsn { /** Information element ID for Robust Security Network information element */ #define IEEE80211_IE_RSN 48 -/** OUI for standard ciphers in RSN information element */ -#define IEEE80211_RSN_OUI "\x00\x0F\xAC" - -/** Extract RSN IE version field */ -#define IEEE80211_RSN_FIELD_version( rsnp ) ( (rsnp)->version ) - -/** Extract RSN IE group_cipher field */ -#define IEEE80211_RSN_FIELD_group_cipher( rsnp ) ( (rsnp)->group_cipher ) - -/** Extract RSN IE pairwise_count field */ -#define IEEE80211_RSN_FIELD_pairwise_count( rsnp ) ( (rsnp)->pairwise_count ) - -/** Extract RSN IE akm_count field */ -#define IEEE80211_RSN_FIELD_akm_count( rsnp ) \ - ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \ - 4*( ( rsnp )->pairwise_count - 1 ) ) )->akm_count ) - -/** Extract RSN IE rsn_capab field */ -#define IEEE80211_RSN_FIELD_rsn_capab( rsnp ) \ - ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \ - 4*( ( rsnp )->pairwise_count - 1 ) + \ - 4*( ( rsnp )->akm_count - 1 ) ) )->rsn_capab ) - -/** Extract RSN IE pmkid_count field */ -#define IEEE80211_RSN_FIELD_pmkid_count( rsnp ) \ - ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \ - 4*( ( rsnp )->pairwise_count - 1 ) + \ - 4*( ( rsnp )->akm_count - 1 ) ) )->pmkid_count ) - -/** Extract field from RSN information element - * - * @v rsnp Pointer to RSN information element - * @v field Name of field to extract - * @ret val Lvalue of the requested field - * - * You must fill the fields of the structure in order for this to work - * properly. - */ -#define IEEE80211_RSN_FIELD( rsnp, field ) \ - IEEE80211_RSN_FIELD_ ## field ( rsnp ) - -/** Get pointer to pairwise cipher from RSN information element - * - * @v rsnp Pointer to RSN information element - * @v cipher Index of pairwise cipher to extract - * @ret ptr Pointer to requested cipher - */ -#define IEEE80211_RSN_CIPHER( rsnp, cipher ) \ - ( ( rsnp )->pairwise_cipher + 4 * ( cipher ) ) - -/** Get pointer to authentication type from RSN information element - * - * @v rsnp Pointer to RSN information element - * @v akm Index of authentication type to extract - * @ret ptr Pointer to requested authentication type - * - * The @c pairwise_count field must be correct. - */ -#define IEEE80211_RSN_AUTHTYPE( rsnp, akm ) \ - ( ( rsnp )->akm_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + 4 * ( akm ) ) - -/** Get pointer to PMKID from RSN information element - * - * @v rsnp Pointer to RSN information element - * @v idx Index of PMKID to extract - * @ret ptr Pointer to requested PMKID - * - * The @c pairwise_count and @c akm_count fields must be correct. - */ -#define IEEE80211_RSN_PMKID( rsnp, idx ) \ - ( ( rsnp )->pmkid_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + \ - 4 * ( ( rsnp )->akm_count - 1 ) + 16 * ( idx ) ) - -/** Verify size of RSN information element - * - * @v rsnp Pointer to RSN information element - * @ret ok TRUE if count fields are consistent with length field - * - * It is important to drop any RSN IE that does not pass this function - * before using the @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER, - * and @c IEEE80211_RSN_AUTHTYPE macros, to avoid potential security - * compromise due to a malformed RSN IE. - * - * This function does not consider the possibility of some PMKIDs - * included in the RSN IE, because PMKIDs are only included in RSN IEs - * sent in association request frames, and we should never receive an - * association request frame. An RSN IE that includes PMKIDs will - * always fail this check. - */ -static inline int ieee80211_rsn_check ( struct ieee80211_ie_rsn *rsnp ) { - if ( rsnp->len < 12 + 4 * rsnp->pairwise_count ) - return 0; - return ( rsnp->len == 12 + 4 * ( rsnp->pairwise_count + - IEEE80211_RSN_FIELD ( rsnp, akm_count ) ) ); -} - /** Calculate necessary size of RSN information element * * @v npair Number of pairwise ciphers supported * @v nauth Number of authentication types supported * @v npmkid Number of PMKIDs to include - * @ret size Necessary size of RSN IE, including header bytes + * @v is_rsn If TRUE, calculate RSN IE size; if FALSE, calculate WPA IE size + * @ret size Necessary size of IE, including header bytes */ -static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid ) { - return 16 + 4 * ( npair + nauth ) + 16 * npmkid; +static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid, + int rsn_ie ) { + return 16 + 4 * ( npair + nauth ) + 16 * npmkid - 4 * ! rsn_ie; } +/** Make OUI plus type byte into 32-bit integer for easy comparison */ +#if __BYTE_ORDER == __BIG_ENDIAN +#define _MKOUI( a, b, c, t ) \ + ( ( ( a ) << 24 ) | ( ( b ) << 16 ) | ( ( c ) << 8 ) | ( d ) ) +#define OUI_ORG_MASK 0xFFFFFF00 +#define OUI_TYPE_MASK 0x000000FF +#else +#define _MKOUI( a, b, c, t ) \ + ( ( ( t ) << 24 ) | ( ( c ) << 16 ) | ( ( b ) << 8 ) | ( a ) ) +#define OUI_ORG_MASK 0x00FFFFFF +#define OUI_TYPE_MASK 0xFF000000 +#endif + +/** Organization part for OUIs in standard RSN IE */ +#define IEEE80211_RSN_OUI _MKOUI ( 0x00, 0x0F, 0xAC, 0 ) + +/** Organization part for OUIs in old WPA IE */ +#define IEEE80211_WPA_OUI _MKOUI ( 0x00, 0x50, 0xF2, 0 ) + +/** Old vendor-type WPA IE OUI type + subtype */ +#define IEEE80211_WPA_OUI_VEN _MKOUI ( 0x00, 0x50, 0xF2, 0x01 ) + + /** 802.11 RSN IE: expected version number */ #define IEEE80211_RSN_VERSION 1 -/** 802.11 RSN IE: fourth byte of cipher type for 40-bit WEP */ -#define IEEE80211_RSN_CTYPE_WEP40 1 +/** 802.11 RSN IE: cipher type for 40-bit WEP */ +#define IEEE80211_RSN_CTYPE_WEP40 _MKOUI ( 0, 0, 0, 0x01 ) -/** 802.11 RSN IE: fourth byte of cipher type for 104-bit WEP */ -#define IEEE80211_RSN_CTYPE_WEP104 5 +/** 802.11 RSN IE: cipher type for 104-bit WEP */ +#define IEEE80211_RSN_CTYPE_WEP104 _MKOUI ( 0, 0, 0, 0x05 ) -/** 802.11 RSN IE: fourth byte of cipher type for TKIP ("WPA") */ -#define IEEE80211_RSN_CTYPE_TKIP 2 +/** 802.11 RSN IE: cipher type for TKIP ("WPA") */ +#define IEEE80211_RSN_CTYPE_TKIP _MKOUI ( 0, 0, 0, 0x02 ) -/** 802.11 RSN IE: fourth byte of cipher type for CCMP ("WPA2") */ -#define IEEE80211_RSN_CTYPE_CCMP 4 +/** 802.11 RSN IE: cipher type for CCMP ("WPA2") */ +#define IEEE80211_RSN_CTYPE_CCMP _MKOUI ( 0, 0, 0, 0x04 ) -/** 802.11 RSN IE: fourth byte of cipher type for "use group" +/** 802.11 RSN IE: cipher type for "use group" * * This can only appear as a pairwise cipher, and means unicast frames * should be encrypted in the same way as broadcast/multicast frames. */ -#define IEEE80211_RSN_CTYPE_USEGROUP 0 +#define IEEE80211_RSN_CTYPE_USEGROUP _MKOUI ( 0, 0, 0, 0x00 ) -/** 802.11 RSN IE: fourth byte of auth method type for using an 802.1X server */ -#define IEEE80211_RSN_ATYPE_8021X 1 +/** 802.11 RSN IE: auth method type for using an 802.1X server */ +#define IEEE80211_RSN_ATYPE_8021X _MKOUI ( 0, 0, 0, 0x01 ) -/** 802.11 RSN IE: fourth byte of auth method type for using a pre-shared key */ -#define IEEE80211_RSN_ATYPE_PSK 2 +/** 802.11 RSN IE: auth method type for using a pre-shared key */ +#define IEEE80211_RSN_ATYPE_PSK _MKOUI ( 0, 0, 0, 0x02 ) /** 802.11 RSN IE capabilities: AP supports pre-authentication */ #define IEEE80211_RSN_CAPAB_PREAUTH 0x001 @@ -997,6 +924,42 @@ static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid ) { #define IEEE80211_RSN_CAPAB_PEERKEY 0x200 +/** 802.11 RSN IE capabilities: One replay counter + * + * This should be AND'ed with @c IEEE80211_RSN_CAPAB_PTKSA_REPLAY or + * @c IEEE80211_RSN_CAPAB_GTKSA_REPLAY (or both) to produce a value + * which can be OR'ed into the capabilities field. + */ +#define IEEE80211_RSN_1_CTR 0x000 + +/** 802.11 RSN IE capabilities: Two replay counters */ +#define IEEE80211_RSN_2_CTR 0x014 + +/** 802.11 RSN IE capabilities: Four replay counters */ +#define IEEE80211_RSN_4_CTR 0x028 + +/** 802.11 RSN IE capabilities: 16 replay counters */ +#define IEEE80211_RSN_16_CTR 0x03C + + +/** 802.11 Vendor Specific information element + * + * One often sees the RSN IE masquerading as vendor-specific on + * devices that were produced prior to 802.11i (the WPA amendment) + * being finalized. + */ +struct ieee80211_ie_vendor { + u8 id; /**< Vendor-specific ID: 221 */ + u8 len; /**< Vendor-specific length: variable */ + u32 oui; /**< OUI and vendor-specific type byte */ + u8 data[0]; /**< Vendor-specific data */ +} __attribute__ ((packed)); + +/** Information element ID for Vendor Specific information element */ +#define IEEE80211_IE_VENDOR 221 + + + /** Any 802.11 information element * @@ -1034,8 +997,23 @@ union ieee80211_ie /** Security information */ struct ieee80211_ie_rsn rsn; + + /** Vendor-specific */ + struct ieee80211_ie_vendor vendor; }; +/** Check that 802.11 information element is bounded by buffer + * + * @v ie Information element + * @v end End of buffer in which information element is stored + * @ret ok TRUE if the IE is completely contained within the buffer + */ +static inline int ieee80211_ie_bound ( union ieee80211_ie *ie, void *end ) +{ + void *iep = ie; + return ( iep + 2 <= end && iep + 2 + ie->len <= end ); +} + /** Advance to next 802.11 information element * * @v ie Current information element pointer @@ -1055,7 +1033,7 @@ static inline union ieee80211_ie * ieee80211_next_ie ( union ieee80211_ie *ie, if ( ! end ) return next_ie; - if ( next_ie_byte < end && next_ie_byte + next_ie->len <= end ) + if ( ieee80211_ie_bound ( next_ie, end ) ) return next_ie; return NULL; |