/*
*************************************************************************
* Ralink Tech Inc.
* 5F., No.36, Taiyuan St., Jhubei City,
* Hsinchu County 302,
* Taiwan, R.O.C.
*
* (c) Copyright 2002-2007, Ralink Technology, Inc.
*
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
* *
*************************************************************************
Module Name:
wpa.c
Abstract:
Revision History:
Who When What
-------- ---------- ----------------------------------------------
Jan Lee 03-07-22 Initial
Paul Lin 03-11-28 Modify for supplicant
*/
#include "../rt_config.h"
void inc_byte_array(UCHAR *counter, int len);
/*
========================================================================
Routine Description:
Process MIC error indication and record MIC error timer.
Arguments:
pAd Pointer to our adapter
pWpaKey Pointer to the WPA key structure
Return Value:
None
IRQL = DISPATCH_LEVEL
Note:
========================================================================
*/
VOID RTMPReportMicError(
IN PRTMP_ADAPTER pAd,
IN PCIPHER_KEY pWpaKey)
{
ULONG Now;
UCHAR unicastKey = (pWpaKey->Type == PAIRWISE_KEY ? 1:0);
// Record Last MIC error time and count
NdisGetSystemUpTime(&Now);
if (pAd->StaCfg.MicErrCnt == 0)
{
pAd->StaCfg.MicErrCnt++;
pAd->StaCfg.LastMicErrorTime = Now;
NdisZeroMemory(pAd->StaCfg.ReplayCounter, 8);
}
else if (pAd->StaCfg.MicErrCnt == 1)
{
if ((pAd->StaCfg.LastMicErrorTime + (60 * OS_HZ)) < Now)
{
// Update Last MIC error time, this did not violate two MIC errors within 60 seconds
pAd->StaCfg.LastMicErrorTime = Now;
}
else
{
if (pAd->CommonCfg.bWirelessEvent)
RTMPSendWirelessEvent(pAd, IW_COUNTER_MEASURES_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
pAd->StaCfg.LastMicErrorTime = Now;
// Violate MIC error counts, MIC countermeasures kicks in
pAd->StaCfg.MicErrCnt++;
// We shall block all reception
// We shall clean all Tx ring and disassoicate from AP after next EAPOL frame
//
// No necessary to clean all Tx ring, on RTMPHardTransmit will stop sending non-802.1X EAPOL packets
// if pAd->StaCfg.MicErrCnt greater than 2.
//
// RTMPRingCleanUp(pAd, QID_AC_BK);
// RTMPRingCleanUp(pAd, QID_AC_BE);
// RTMPRingCleanUp(pAd, QID_AC_VI);
// RTMPRingCleanUp(pAd, QID_AC_VO);
// RTMPRingCleanUp(pAd, QID_HCCA);
}
}
else
{
// MIC error count >= 2
// This should not happen
;
}
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
OID_802_11_MIC_FAILURE_REPORT_FRAME,
1,
&unicastKey);
if (pAd->StaCfg.MicErrCnt == 2)
{
RTMPSetTimer(&pAd->StaCfg.WpaDisassocAndBlockAssocTimer, 100);
}
}
#define LENGTH_EAP_H 4
// If the received frame is EAP-Packet ,find out its EAP-Code (Request(0x01), Response(0x02), Success(0x03), Failure(0x04)).
INT WpaCheckEapCode(
IN PRTMP_ADAPTER pAd,
IN PUCHAR pFrame,
IN USHORT FrameLen,
IN USHORT OffSet)
{
PUCHAR pData;
INT result = 0;
if( FrameLen < OffSet + LENGTH_EAPOL_H + LENGTH_EAP_H )
return result;
pData = pFrame + OffSet; // skip offset bytes
if(*(pData+1) == EAPPacket) // 802.1x header - Packet Type
{
result = *(pData+4); // EAP header - Code
}
return result;
}
VOID WpaSendMicFailureToWpaSupplicant(
IN PRTMP_ADAPTER pAd,
IN BOOLEAN bUnicast)
{
char custom[IW_CUSTOM_MAX] = {0};
sprintf(custom, "MLME-MICHAELMICFAILURE.indication");
if(bUnicast)
sprintf(custom, "%s unicast", custom);
RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, -1, NULL, (PUCHAR)custom, strlen(custom));
return;
}
VOID WpaMicFailureReportFrame(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
PUCHAR pOutBuffer = NULL;
UCHAR Header802_3[14];
ULONG FrameLen = 0;
EAPOL_PACKET Packet;
UCHAR Mic[16];
BOOLEAN bUnicast;
DBGPRINT(RT_DEBUG_TRACE, ("WpaMicFailureReportFrame ----->\n"));
bUnicast = (Elem->Msg[0] == 1 ? TRUE:FALSE);
pAd->Sequence = ((pAd->Sequence) + 1) & (MAX_SEQ_NUMBER);
// init 802.3 header and Fill Packet
MAKE_802_3_HEADER(Header802_3, pAd->CommonCfg.Bssid, pAd->CurrentAddress, EAPOL);
NdisZeroMemory(&Packet, sizeof(Packet));
Packet.ProVer = EAPOL_VER;
Packet.ProType = EAPOLKey;
Packet.KeyDesc.Type = WPA1_KEY_DESC;
// Request field presented
Packet.KeyDesc.KeyInfo.Request = 1;
if(pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled)
{
Packet.KeyDesc.KeyInfo.KeyDescVer = 2;
}
else // TKIP
{
Packet.KeyDesc.KeyInfo.KeyDescVer = 1;
}
Packet.KeyDesc.KeyInfo.KeyType = (bUnicast ? PAIRWISEKEY : GROUPKEY);
// KeyMic field presented
Packet.KeyDesc.KeyInfo.KeyMic = 1;
// Error field presented
Packet.KeyDesc.KeyInfo.Error = 1;
// Update packet length after decide Key data payload
SET_UINT16_TO_ARRARY(Packet.Body_Len, LEN_EAPOL_KEY_MSG)
// Key Replay Count
NdisMoveMemory(Packet.KeyDesc.ReplayCounter, pAd->StaCfg.ReplayCounter, LEN_KEY_DESC_REPLAY);
inc_byte_array(pAd->StaCfg.ReplayCounter, 8);
// Convert to little-endian format.
*((USHORT *)&Packet.KeyDesc.KeyInfo) = cpu2le16(*((USHORT *)&Packet.KeyDesc.KeyInfo));
MlmeAllocateMemory(pAd, (PUCHAR *)&pOutBuffer); // allocate memory
if(pOutBuffer == NULL)
{
return;
}
// Prepare EAPOL frame for MIC calculation
// Be careful, only EAPOL frame is counted for MIC calculation
MakeOutgoingFrame(pOutBuffer, &FrameLen,
CONV_ARRARY_TO_UINT16(Packet.Body_Len) + 4, &Packet,
END_OF_ARGS);
// Prepare and Fill MIC value
NdisZeroMemory(Mic, sizeof(Mic));
if(pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled)
{ // AES
UCHAR digest[20] = {0};
HMAC_SHA1(pAd->StaCfg.PTK, LEN_EAP_MICK, pOutBuffer, FrameLen, digest, SHA1_DIGEST_SIZE);
NdisMoveMemory(Mic, digest, LEN_KEY_DESC_MIC);
}
else
{ // TKIP
HMAC_MD5(pAd->StaCfg.PTK, LEN_EAP_MICK, pOutBuffer, FrameLen, Mic, MD5_DIGEST_SIZE);
}
NdisMoveMemory(Packet.KeyDesc.KeyMic, Mic, LEN_KEY_DESC_MIC);
// copy frame to Tx ring and send MIC failure report frame to authenticator
RTMPToWirelessSta(pAd, &pAd->MacTab.Content[BSSID_WCID],
Header802_3, LENGTH_802_3,
(PUCHAR)&Packet,
CONV_ARRARY_TO_UINT16(Packet.Body_Len) + 4, FALSE);
MlmeFreeMemory(pAd, (PUCHAR)pOutBuffer);
DBGPRINT(RT_DEBUG_TRACE, ("WpaMicFailureReportFrame <-----\n"));
}
/** from wpa_supplicant
* inc_byte_array - Increment arbitrary length byte array by one
* @counter: Pointer to byte array
* @len: Length of the counter in bytes
*
* This function increments the last byte of the counter by one and continues
* rolling over to more significant bytes if the byte was incremented from
* 0xff to 0x00.
*/
void inc_byte_array(UCHAR *counter, int len)
{
int pos = len - 1;
while (pos >= 0) {
counter[pos]++;
if (counter[pos] != 0)
break;
pos--;
}
}
VOID WpaDisassocApAndBlockAssoc(
IN PVOID SystemSpecific1,
IN PVOID FunctionContext,
IN PVOID SystemSpecific2,
IN PVOID SystemSpecific3)
{
RTMP_ADAPTER *pAd = (PRTMP_ADAPTER)FunctionContext;
MLME_DISASSOC_REQ_STRUCT DisassocReq;
// disassoc from current AP first
DBGPRINT(RT_DEBUG_TRACE, ("RTMPReportMicError - disassociate with current AP after sending second continuous EAPOL frame\n"));
DisassocParmFill(pAd, &DisassocReq, pAd->CommonCfg.Bssid, REASON_MIC_FAILURE);
MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_DISASSOC_REQ, sizeof(MLME_DISASSOC_REQ_STRUCT), &DisassocReq);
pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_DISASSOC;
pAd->StaCfg.bBlockAssoc = TRUE;
}
VOID WpaStaPairwiseKeySetting(
IN PRTMP_ADAPTER pAd)
{
PCIPHER_KEY pSharedKey;
PMAC_TABLE_ENTRY pEntry;
pEntry = &pAd->MacTab.Content[BSSID_WCID];
// Pairwise key shall use key#0
pSharedKey = &pAd->SharedKey[BSS0][0];
NdisMoveMemory(pAd->StaCfg.PTK, pEntry->PTK, LEN_PTK);
// Prepare pair-wise key information into shared key table
NdisZeroMemory(pSharedKey, sizeof(CIPHER_KEY));
pSharedKey->KeyLen = LEN_TKIP_EK;
NdisMoveMemory(pSharedKey->Key, &pAd->StaCfg.PTK[32], LEN_TKIP_EK);
NdisMoveMemory(pSharedKey->RxMic, &pAd->StaCfg.PTK[48], LEN_TKIP_RXMICK);
NdisMoveMemory(pSharedKey->TxMic, &pAd->StaCfg.PTK[48+LEN_TKIP_RXMICK], LEN_TKIP_TXMICK);
// Decide its ChiperAlg
if (pAd->StaCfg.PairCipher == Ndis802_11Encryption2Enabled)
pSharedKey->CipherAlg = CIPHER_TKIP;
else if (pAd->StaCfg.PairCipher == Ndis802_11Encryption3Enabled)
pSharedKey->CipherAlg = CIPHER_AES;
else
pSharedKey->CipherAlg = CIPHER_NONE;
// Update these related information to MAC_TABLE_ENTRY
NdisMoveMemory(pEntry->PairwiseKey.Key, &pAd->StaCfg.PTK[32], LEN_TKIP_EK);
NdisMoveMemory(pEntry->PairwiseKey.RxMic, &pAd->StaCfg.PTK[48], LEN_TKIP_RXMICK);
NdisMoveMemory(pEntry->PairwiseKey.TxMic, &pAd->StaCfg.PTK[48+LEN_TKIP_RXMICK], LEN_TKIP_TXMICK);
pEntry->PairwiseKey.CipherAlg = pSharedKey->CipherAlg;
// Update pairwise key information to ASIC Shared Key Table
AsicAddSharedKeyEntry(pAd,
BSS0,
0,
pSharedKey->CipherAlg,
pSharedKey->Key,
pSharedKey->TxMic,
pSharedKey->RxMic);
// Update ASIC WCID attribute table and IVEIV table
RTMPAddWcidAttributeEntry(pAd,
BSS0,
0,
pSharedKey->CipherAlg,
pEntry);
STA_PORT_SECURED(pAd);
pAd->IndicateMediaState = NdisMediaStateConnected;
DBGPRINT(RT_DEBUG_TRACE, ("%s : AID(%d) port secured\n", __func__, pEntry->Aid));
}
VOID WpaStaGroupKeySetting(
IN PRTMP_ADAPTER pAd)
{
PCIPHER_KEY pSharedKey;
pSharedKey = &pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId];
// Prepare pair-wise key information into shared key table
NdisZeroMemory(pSharedKey, sizeof(CIPHER_KEY));
pSharedKey->KeyLen = LEN_TKIP_EK;
NdisMoveMemory(pSharedKey->Key, pAd->StaCfg.GTK, LEN_TKIP_EK);
NdisMoveMemory(pSharedKey->RxMic, &pAd->StaCfg.GTK[16], LEN_TKIP_RXMICK);
NdisMoveMemory(pSharedKey->TxMic, &pAd->StaCfg.GTK[24], LEN_TKIP_TXMICK);
// Update Shared Key CipherAlg
pSharedKey->CipherAlg = CIPHER_NONE;
if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption2Enabled)
pSharedKey->CipherAlg = CIPHER_TKIP;
else if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption3Enabled)
pSharedKey->CipherAlg = CIPHER_AES;
else if (pAd->StaCfg.GroupCipher == Ndis802_11GroupWEP40Enabled)
pSharedKey->CipherAlg = CIPHER_WEP64;
else if (pAd->StaCfg.GroupCipher == Ndis802_11GroupWEP104Enabled)
pSharedKey->CipherAlg = CIPHER_WEP128;
// Update group key information to ASIC Shared Key Table
AsicAddSharedKeyEntry(pAd,
BSS0,
pAd->StaCfg.DefaultKeyId,
pSharedKey->CipherAlg,
pSharedKey->Key,
pSharedKey->TxMic,
pSharedKey->RxMic);
// Update ASIC WCID attribute table and IVEIV table
RTMPAddWcidAttributeEntry(pAd,
BSS0,
pAd->StaCfg.DefaultKeyId,
pSharedKey->CipherAlg,
NULL);
}
