summaryrefslogtreecommitdiffstats
path: root/src/include/gpxe/ieee80211.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/gpxe/ieee80211.h')
-rw-r--r--src/include/gpxe/ieee80211.h232
1 files changed, 105 insertions, 127 deletions
diff --git a/src/include/gpxe/ieee80211.h b/src/include/gpxe/ieee80211.h
index 0403f929..e5b10c30 100644
--- a/src/include/gpxe/ieee80211.h
+++ b/src/include/gpxe/ieee80211.h
@@ -2,6 +2,7 @@
#define _GPXE_IEEE80211_H
#include <gpxe/if_ether.h> /* for ETH_ALEN */
+#include <endian.h>
/** @file
* Constants and data structures defined in IEEE 802.11, subsetted
@@ -779,10 +780,9 @@ struct ieee80211_ie_erp_info {
*
* Showing once again a striking clarity of design, the IEEE folks put
* dynamically-sized data in the middle of this structure. As such,
- * the below structure definition is only a guideline; the
- * @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER, and
- * @c IEEE80211_RSN_AUTHTYPE macros should be used to access any
- * data.
+ * the below structure definition only works for IEs we create
+ * ourselves, which always have one pairwise cipher and one AKM;
+ * received IEs should be parsed piecemeal.
*
* Also inspired was IEEE's choice of 16-bit fields to count the
* number of 4-byte elements in a structure with a maximum length of
@@ -790,11 +790,9 @@ struct ieee80211_ie_erp_info {
*
* Many fields reference a cipher or authentication-type ID; this is a
* three-byte OUI followed by one byte identifying the cipher with
- * respect to that OUI. For all standard ciphers the OUI is 00:0F:AC.
- *
- * The authentication types referenced in this structure have nothing
- * to do with 802.11 authentication frames or the @c algorithm field
- * within them.
+ * respect to that OUI. For all standard ciphers the OUI is 00:0F:AC,
+ * except in old-style WPA IEs encapsulated in vendor-specific IEs,
+ * where it's 00:50:F2.
*/
struct ieee80211_ie_rsn {
/** Information element ID */
@@ -807,21 +805,21 @@ struct ieee80211_ie_rsn {
u16 version;
/** Cipher ID for the cipher used in multicast/broadcast frames */
- u8 group_cipher[4];
+ u32 group_cipher;
/** Number of unicast ciphers supported */
u16 pairwise_count;
/** List of cipher IDs for supported unicast frame ciphers */
- u8 pairwise_cipher[4];
+ u32 pairwise_cipher[1];
/** Number of authentication types supported */
u16 akm_count;
/** List of authentication type IDs for supported types */
- u8 akm_list[4];
+ u32 akm_list[1];
- /** Security capabilities field. */
+ /** Security capabilities field (RSN only) */
u16 rsn_capab;
/** Number of PMKIDs included (present only in association frames) */
@@ -834,140 +832,69 @@ struct ieee80211_ie_rsn {
/** Information element ID for Robust Security Network information element */
#define IEEE80211_IE_RSN 48
-/** OUI for standard ciphers in RSN information element */
-#define IEEE80211_RSN_OUI "\x00\x0F\xAC"
-
-/** Extract RSN IE version field */
-#define IEEE80211_RSN_FIELD_version( rsnp ) ( (rsnp)->version )
-
-/** Extract RSN IE group_cipher field */
-#define IEEE80211_RSN_FIELD_group_cipher( rsnp ) ( (rsnp)->group_cipher )
-
-/** Extract RSN IE pairwise_count field */
-#define IEEE80211_RSN_FIELD_pairwise_count( rsnp ) ( (rsnp)->pairwise_count )
-
-/** Extract RSN IE akm_count field */
-#define IEEE80211_RSN_FIELD_akm_count( rsnp ) \
- ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
- 4*( ( rsnp )->pairwise_count - 1 ) ) )->akm_count )
-
-/** Extract RSN IE rsn_capab field */
-#define IEEE80211_RSN_FIELD_rsn_capab( rsnp ) \
- ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
- 4*( ( rsnp )->pairwise_count - 1 ) + \
- 4*( ( rsnp )->akm_count - 1 ) ) )->rsn_capab )
-
-/** Extract RSN IE pmkid_count field */
-#define IEEE80211_RSN_FIELD_pmkid_count( rsnp ) \
- ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
- 4*( ( rsnp )->pairwise_count - 1 ) + \
- 4*( ( rsnp )->akm_count - 1 ) ) )->pmkid_count )
-
-/** Extract field from RSN information element
- *
- * @v rsnp Pointer to RSN information element
- * @v field Name of field to extract
- * @ret val Lvalue of the requested field
- *
- * You must fill the fields of the structure in order for this to work
- * properly.
- */
-#define IEEE80211_RSN_FIELD( rsnp, field ) \
- IEEE80211_RSN_FIELD_ ## field ( rsnp )
-
-/** Get pointer to pairwise cipher from RSN information element
- *
- * @v rsnp Pointer to RSN information element
- * @v cipher Index of pairwise cipher to extract
- * @ret ptr Pointer to requested cipher
- */
-#define IEEE80211_RSN_CIPHER( rsnp, cipher ) \
- ( ( rsnp )->pairwise_cipher + 4 * ( cipher ) )
-
-/** Get pointer to authentication type from RSN information element
- *
- * @v rsnp Pointer to RSN information element
- * @v akm Index of authentication type to extract
- * @ret ptr Pointer to requested authentication type
- *
- * The @c pairwise_count field must be correct.
- */
-#define IEEE80211_RSN_AUTHTYPE( rsnp, akm ) \
- ( ( rsnp )->akm_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + 4 * ( akm ) )
-
-/** Get pointer to PMKID from RSN information element
- *
- * @v rsnp Pointer to RSN information element
- * @v idx Index of PMKID to extract
- * @ret ptr Pointer to requested PMKID
- *
- * The @c pairwise_count and @c akm_count fields must be correct.
- */
-#define IEEE80211_RSN_PMKID( rsnp, idx ) \
- ( ( rsnp )->pmkid_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + \
- 4 * ( ( rsnp )->akm_count - 1 ) + 16 * ( idx ) )
-
-/** Verify size of RSN information element
- *
- * @v rsnp Pointer to RSN information element
- * @ret ok TRUE if count fields are consistent with length field
- *
- * It is important to drop any RSN IE that does not pass this function
- * before using the @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER,
- * and @c IEEE80211_RSN_AUTHTYPE macros, to avoid potential security
- * compromise due to a malformed RSN IE.
- *
- * This function does not consider the possibility of some PMKIDs
- * included in the RSN IE, because PMKIDs are only included in RSN IEs
- * sent in association request frames, and we should never receive an
- * association request frame. An RSN IE that includes PMKIDs will
- * always fail this check.
- */
-static inline int ieee80211_rsn_check ( struct ieee80211_ie_rsn *rsnp ) {
- if ( rsnp->len < 12 + 4 * rsnp->pairwise_count )
- return 0;
- return ( rsnp->len == 12 + 4 * ( rsnp->pairwise_count +
- IEEE80211_RSN_FIELD ( rsnp, akm_count ) ) );
-}
-
/** Calculate necessary size of RSN information element
*
* @v npair Number of pairwise ciphers supported
* @v nauth Number of authentication types supported
* @v npmkid Number of PMKIDs to include
- * @ret size Necessary size of RSN IE, including header bytes
+ * @v is_rsn If TRUE, calculate RSN IE size; if FALSE, calculate WPA IE size
+ * @ret size Necessary size of IE, including header bytes
*/
-static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid ) {
- return 16 + 4 * ( npair + nauth ) + 16 * npmkid;
+static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid,
+ int rsn_ie ) {
+ return 16 + 4 * ( npair + nauth ) + 16 * npmkid - 4 * ! rsn_ie;
}
+/** Make OUI plus type byte into 32-bit integer for easy comparison */
+#if __BYTE_ORDER == __BIG_ENDIAN
+#define _MKOUI( a, b, c, t ) \
+ ( ( ( a ) << 24 ) | ( ( b ) << 16 ) | ( ( c ) << 8 ) | ( d ) )
+#define OUI_ORG_MASK 0xFFFFFF00
+#define OUI_TYPE_MASK 0x000000FF
+#else
+#define _MKOUI( a, b, c, t ) \
+ ( ( ( t ) << 24 ) | ( ( c ) << 16 ) | ( ( b ) << 8 ) | ( a ) )
+#define OUI_ORG_MASK 0x00FFFFFF
+#define OUI_TYPE_MASK 0xFF000000
+#endif
+
+/** Organization part for OUIs in standard RSN IE */
+#define IEEE80211_RSN_OUI _MKOUI ( 0x00, 0x0F, 0xAC, 0 )
+
+/** Organization part for OUIs in old WPA IE */
+#define IEEE80211_WPA_OUI _MKOUI ( 0x00, 0x50, 0xF2, 0 )
+
+/** Old vendor-type WPA IE OUI type + subtype */
+#define IEEE80211_WPA_OUI_VEN _MKOUI ( 0x00, 0x50, 0xF2, 0x01 )
+
+
/** 802.11 RSN IE: expected version number */
#define IEEE80211_RSN_VERSION 1
-/** 802.11 RSN IE: fourth byte of cipher type for 40-bit WEP */
-#define IEEE80211_RSN_CTYPE_WEP40 1
+/** 802.11 RSN IE: cipher type for 40-bit WEP */
+#define IEEE80211_RSN_CTYPE_WEP40 _MKOUI ( 0, 0, 0, 0x01 )
-/** 802.11 RSN IE: fourth byte of cipher type for 104-bit WEP */
-#define IEEE80211_RSN_CTYPE_WEP104 5
+/** 802.11 RSN IE: cipher type for 104-bit WEP */
+#define IEEE80211_RSN_CTYPE_WEP104 _MKOUI ( 0, 0, 0, 0x05 )
-/** 802.11 RSN IE: fourth byte of cipher type for TKIP ("WPA") */
-#define IEEE80211_RSN_CTYPE_TKIP 2
+/** 802.11 RSN IE: cipher type for TKIP ("WPA") */
+#define IEEE80211_RSN_CTYPE_TKIP _MKOUI ( 0, 0, 0, 0x02 )
-/** 802.11 RSN IE: fourth byte of cipher type for CCMP ("WPA2") */
-#define IEEE80211_RSN_CTYPE_CCMP 4
+/** 802.11 RSN IE: cipher type for CCMP ("WPA2") */
+#define IEEE80211_RSN_CTYPE_CCMP _MKOUI ( 0, 0, 0, 0x04 )
-/** 802.11 RSN IE: fourth byte of cipher type for "use group"
+/** 802.11 RSN IE: cipher type for "use group"
*
* This can only appear as a pairwise cipher, and means unicast frames
* should be encrypted in the same way as broadcast/multicast frames.
*/
-#define IEEE80211_RSN_CTYPE_USEGROUP 0
+#define IEEE80211_RSN_CTYPE_USEGROUP _MKOUI ( 0, 0, 0, 0x00 )
-/** 802.11 RSN IE: fourth byte of auth method type for using an 802.1X server */
-#define IEEE80211_RSN_ATYPE_8021X 1
+/** 802.11 RSN IE: auth method type for using an 802.1X server */
+#define IEEE80211_RSN_ATYPE_8021X _MKOUI ( 0, 0, 0, 0x01 )
-/** 802.11 RSN IE: fourth byte of auth method type for using a pre-shared key */
-#define IEEE80211_RSN_ATYPE_PSK 2
+/** 802.11 RSN IE: auth method type for using a pre-shared key */
+#define IEEE80211_RSN_ATYPE_PSK _MKOUI ( 0, 0, 0, 0x02 )
/** 802.11 RSN IE capabilities: AP supports pre-authentication */
#define IEEE80211_RSN_CAPAB_PREAUTH 0x001
@@ -997,6 +924,42 @@ static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid ) {
#define IEEE80211_RSN_CAPAB_PEERKEY 0x200
+/** 802.11 RSN IE capabilities: One replay counter
+ *
+ * This should be AND'ed with @c IEEE80211_RSN_CAPAB_PTKSA_REPLAY or
+ * @c IEEE80211_RSN_CAPAB_GTKSA_REPLAY (or both) to produce a value
+ * which can be OR'ed into the capabilities field.
+ */
+#define IEEE80211_RSN_1_CTR 0x000
+
+/** 802.11 RSN IE capabilities: Two replay counters */
+#define IEEE80211_RSN_2_CTR 0x014
+
+/** 802.11 RSN IE capabilities: Four replay counters */
+#define IEEE80211_RSN_4_CTR 0x028
+
+/** 802.11 RSN IE capabilities: 16 replay counters */
+#define IEEE80211_RSN_16_CTR 0x03C
+
+
+/** 802.11 Vendor Specific information element
+ *
+ * One often sees the RSN IE masquerading as vendor-specific on
+ * devices that were produced prior to 802.11i (the WPA amendment)
+ * being finalized.
+ */
+struct ieee80211_ie_vendor {
+ u8 id; /**< Vendor-specific ID: 221 */
+ u8 len; /**< Vendor-specific length: variable */
+ u32 oui; /**< OUI and vendor-specific type byte */
+ u8 data[0]; /**< Vendor-specific data */
+} __attribute__ ((packed));
+
+/** Information element ID for Vendor Specific information element */
+#define IEEE80211_IE_VENDOR 221
+
+
+
/** Any 802.11 information element
*
@@ -1034,8 +997,23 @@ union ieee80211_ie
/** Security information */
struct ieee80211_ie_rsn rsn;
+
+ /** Vendor-specific */
+ struct ieee80211_ie_vendor vendor;
};
+/** Check that 802.11 information element is bounded by buffer
+ *
+ * @v ie Information element
+ * @v end End of buffer in which information element is stored
+ * @ret ok TRUE if the IE is completely contained within the buffer
+ */
+static inline int ieee80211_ie_bound ( union ieee80211_ie *ie, void *end )
+{
+ void *iep = ie;
+ return ( iep + 2 <= end && iep + 2 + ie->len <= end );
+}
+
/** Advance to next 802.11 information element
*
* @v ie Current information element pointer
@@ -1055,7 +1033,7 @@ static inline union ieee80211_ie * ieee80211_next_ie ( union ieee80211_ie *ie,
if ( ! end )
return next_ie;
- if ( next_ie_byte < end && next_ie_byte + next_ie->len <= end )
+ if ( ieee80211_ie_bound ( next_ie, end ) )
return next_ie;
return NULL;