cardif_linux_wext.c

Linux上的802.1x 的supplicant的实现。很多supplicant程序都是基于它开发的

      // Otherwise, make sure we don't have an IE set.
      memset(wpaie, 0x00, sizeof(wpaie));
      if (cardif_linux_wext_set_wpa_ie(intdata, (unsigned char *)wpaie, 0) < 0)
	{
	  debug_printf(DEBUG_NORMAL, "Couldn't clear WPA IE on device %s!\n",
		       intdata->intName);
	}
    }
#endif

  return XENONE;
}

/*************************************************************************
 *
 * Set values for IWAUTH.
 *
 *************************************************************************/
int cardif_linux_wext_set_iwauth(struct interface_data *intdata,
				 int setting, uint32_t value, 
				 char *setting_name)
{
#if WIRELESS_EXT > 17
  struct iwreq wrq;
  struct lin_sock_data *sockData;

  if (!xsup_assert((intdata != NULL), "intdata != NULL", FALSE))
    return XEMALLOC;

  sockData = intdata->sockData;

  xsup_assert((sockData != NULL), "sockData != NULL", TRUE);

  memset(&wrq, 0x00, sizeof(wrq));
  Strncpy((char *)&wrq.ifr_name, intdata->intName, sizeof(wrq.ifr_name));

  wrq.u.param.flags = setting & IW_AUTH_INDEX;
  wrq.u.param.value = value;

  if (ioctl(sockData->sockInt, SIOCSIWAUTH, &wrq) < 0)
    {
      if (errno != ENOTSUP)
	{
	  if (xsup_assert((setting_name != NULL), "setting_name != NULL",
			  FALSE))
	    {
	      debug_printf(DEBUG_NORMAL, "Error changing setting for '%s'! "
			   "It is possible that your driver does not support "
			   "the needed functionality.\n", setting_name);
	      debug_printf(DEBUG_NORMAL, "Error was (%d) : %s\n", errno,
			   strerror(errno));
	    }
	  return -1;
	}
    }
#endif
  return XENONE;
}

int cardif_linux_wext_unencrypted_eapol(struct interface_data *intdata,
					int state)
{
#if WIRELESS_EXT > 17
  struct lin_sock_data *sockData;

  if (!xsup_assert((intdata != NULL), "intdata != NULL", FALSE))
    return XEMALLOC;

  sockData = intdata->sockData;

  xsup_assert((sockData != NULL), "sockData != NULL", TRUE);

  return cardif_linux_wext_set_iwauth(intdata, IW_AUTH_RX_UNENCRYPTED_EAPOL,
				      state, "RX unencrypted EAPoL");
#endif
  return XENONE;
}



/***********************************************************************
 *
 * Convert our cipher designator to something that will be understood by
 * the linux wireless extensions.
 *
 ***********************************************************************/
int cardif_linux_wext_iw_cipher(int cipher)
{
#if WIRELESS_EXT > 17
  switch (cipher)
    {
    case CIPHER_NONE:
      return 0;
      break;

    case CIPHER_WEP40:
      return IW_AUTH_CIPHER_WEP40;
      break;

    case CIPHER_TKIP:
      return IW_AUTH_CIPHER_TKIP;
      break;

    case CIPHER_WRAP:
      debug_printf(DEBUG_NORMAL, "WRAP is not supported!\n");
      return -1;
      break;

    case CIPHER_CCMP:
      return IW_AUTH_CIPHER_CCMP;
      break;
      
    case CIPHER_WEP104:
      return IW_AUTH_CIPHER_WEP104;
      break;

    default:
      debug_printf(DEBUG_NORMAL, "Unknown cipher value of %d!\n", cipher);
      return -1;
      break;
    }
#else
  return -1;
#endif
}

/*********************************************************************
 *
 * Set all of the card settings that are needed in order to complete an
 * association, so that we can begin the authentication.
 *
 *********************************************************************/
void cardif_linux_wext_associate(struct interface_data *intdata)
{
  uint8_t *bssid;
#if WIRELESS_EXT > 17
  int len = 0, akm = 0;
  uint32_t cipher;
  uint8_t wpaie[255];
#endif
  struct config_network *network_data;
  struct config_globals *globals;

  if (!xsup_assert((intdata != NULL), "intdata != NULL", FALSE))
    return;

  network_data = config_get_network_config();

  if (!xsup_assert((network_data != NULL), "network_data != NULL", FALSE))
    return;

#if WIRELESS_EXT > 17
  if (cardif_linux_wext_set_iwauth(intdata, IW_AUTH_80211_AUTH_ALG,
                                   IW_AUTH_ALG_OPEN_SYSTEM, "802.11 auth."
                                   " alg to open") < 0)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't set 802.11 auth. alg to open.\n");
    }

  if (cardif_linux_wext_set_iwauth(intdata, IW_AUTH_DROP_UNENCRYPTED,
                                   TRUE, "drop unencrypted data") < 0)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't enable dropping of unencrypted"
                   " data!\n");
    }
#endif

  if (config_ssid_get_ssid_abilities() & RSN_IE)
    {
#if WIRELESS_EXT > 17
      cardif_linux_wext_get_wpa2_ie(intdata, (char *) wpaie, &len);
      if (cardif_linux_wext_set_iwauth(intdata, IW_AUTH_WPA_VERSION,
				       IW_AUTH_WPA_VERSION_WPA2,
				       "WPA version") < 0)
	{
	  debug_printf(DEBUG_NORMAL, "Couldn't set WPA version!\n");
	}
      network_data->wpa_group_crypt = wpa2_get_group_crypt(intdata);
      network_data->wpa_pairwise_crypt = wpa2_get_pairwise_crypt(intdata);
#endif
    } else if (config_ssid_get_ssid_abilities() & WPA_IE)
      {
#if WIRELESS_EXT > 17
	cardif_linux_wext_get_wpa_ie(intdata, (char *) wpaie, &len);
	if (cardif_linux_wext_set_iwauth(intdata, IW_AUTH_WPA_VERSION,
					 IW_AUTH_WPA_VERSION_WPA,
					 "WPA2 version") < 0)
	  {
	    debug_printf(DEBUG_NORMAL, "Couldn't set WPA2 version!\n");
	  }
	network_data->wpa_group_crypt = wpa_get_group_crypt(intdata);
	network_data->wpa_pairwise_crypt = wpa_get_pairwise_crypt(intdata);
#endif
      }

#if WIRELESS_EXT > 17
  if (cardif_linux_wext_set_wpa_ie(intdata, wpaie, len) < 0)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't set WPA IE on device %s!\n",
		   intdata->intName);
    }
  
  // For drivers that require something other than just setting a
  // WPA IE, we will set the components for the IE instead.
  cipher = cardif_linux_wext_iw_cipher(network_data->wpa_pairwise_crypt);
  if (cardif_linux_wext_set_iwauth(intdata, IW_AUTH_CIPHER_PAIRWISE,
				   cipher, "pairwise cipher") < 0)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't set pairwise cipher to %d.\n",
		   cipher);
    }
  
  cipher = cardif_linux_wext_iw_cipher(network_data->wpa_group_crypt);
  if (cardif_linux_wext_set_iwauth(intdata, IW_AUTH_CIPHER_GROUP,
				   cipher, "group cipher") < 0)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't set group cipher to %d.\n",
		   cipher);
    }
  
  if (network_data->methods->method_num != WPA_PSK)
    {
      akm = IW_AUTH_KEY_MGMT_802_1X;
    } else {
      akm = IW_AUTH_KEY_MGMT_PSK;
    }
  
  if (cardif_linux_wext_set_iwauth(intdata, IW_AUTH_KEY_MGMT, akm,
				   "Authenticated Key Management Suite") 
      < 0)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't set Authenticated Key "
		   "Management Suite.\n");
    }

  if (cardif_linux_wext_set_iwauth(intdata, IW_AUTH_PRIVACY_INVOKED,
				   TRUE, "Privacy Invoked") < 0)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't invoke privacy!\n");
    }

  if (cardif_linux_wext_set_iwauth(intdata, IW_AUTH_RX_UNENCRYPTED_EAPOL,
                                   TRUE, "RX unencrypted EAPoL") < 0)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't enable RX of unencrypted"
                   " EAPoL.\n");
    }

#endif

  cardif_linux_wext_set_ssid(intdata, intdata->cur_essid);

  bssid = config_ssid_get_mac();
  if (bssid != NULL)
    {
      debug_printf(DEBUG_INT, "Dest. BSSID : ");
      debug_hex_printf(DEBUG_INT, bssid, 6);
    }

  globals = config_get_globals();

  if ((!globals) || (!TEST_FLAG(globals->flags, CONFIG_GLOBALS_FIRMWARE_ROAM)))
    {
      cardif_linux_wext_set_bssid(intdata, bssid);
    }
  
  if ((intdata->wpa_ie == NULL) && (intdata->rsn_ie == NULL))
    {
      // We need to set up the card to allow unencrypted EAPoL frames.
      cardif_linux_wext_unencrypted_eapol(intdata, TRUE);
    }
  
  return;
}

int cardif_linux_wext_countermeasures(struct interface_data *intdata,
				      char endis)
{
#if WIRELESS_EXT > 17
  struct lin_sock_data *sockData;

  if (!xsup_assert((intdata != NULL), "intdata != NULL", FALSE))
    return XEMALLOC;

  sockData = intdata->sockData;

  xsup_assert((sockData != NULL), "sockData != NULL", TRUE);

  return cardif_linux_wext_set_iwauth(intdata, IW_AUTH_TKIP_COUNTERMEASURES, 
				      endis,
				      "enable/disable TKIP countermeasures");
#endif
  return XENONE;
}

int cardif_linux_wext_drop_unencrypted(struct interface_data *intdata,
				       char endis)
{
#if WIRELESS_EXT > 17
  struct lin_sock_data *sockData;

  if (!xsup_assert((intdata != NULL), "intdata != NULL", FALSE))
    return XEMALLOC;

  sockData = intdata->sockData;

  xsup_assert((sockData != NULL), "sockData != NULL", TRUE);

  return cardif_linux_wext_set_iwauth(intdata, IW_AUTH_DROP_UNENCRYPTED,
				      endis, "drop unencrypted frames");
#endif
  return XENONE;
}

void cardif_linux_wext_enc_capabilities(struct interface_data *intdata)
{
#if WIRELESS_EXT > 17
  struct iwreq wrq;
  struct lin_sock_data *sockData;
  struct iw_range *range;
  char buffer[sizeof(struct iw_range) * 2];
  int i;

  if (!xsup_assert((intdata != NULL), "intdata != NULL", FALSE))
    return;

  sockData = intdata->sockData;

  xsup_assert((sockData != NULL), "sockData != NULL", TRUE);

  intdata->enc_capa = 0;

  memset(&wrq, 0x00, sizeof(wrq));
  Strncpy((char *)&wrq.ifr_name, intdata->intName, sizeof(wrq.ifr_name));

  wrq.u.data.pointer = (caddr_t) buffer;
  wrq.u.data.length = sizeof(buffer);
  wrq.u.data.flags = 0;

  if (!xsup_assert((sockData->sockInt > 0), "sockData->sockInt > 0", FALSE))
    return;

  if (ioctl(sockData->sockInt, SIOCGIWRANGE, &wrq) < 0)
    {
      debug_printf(DEBUG_NORMAL, "Couldn't get encryption capabilites!\n");
      return;
    }

  // Otherwise, determine what we have.
  range = (struct iw_range *)buffer;

  for (i=0; i<range->num_encoding_sizes; i++)
    {
      if (range->encoding_size[i] == 5) intdata->enc_capa |= DOES_WEP40;
      if (range->encoding_size[i] == 13) intdata->enc_capa |= DOES_WEP104;
    }

  if (range->enc_capa & IW_ENC_CAPA_WPA) intdata->enc_capa |= DOES_WPA;
  if (range->enc_capa & IW_ENC_CAPA_WPA2) intdata->enc_capa |= DOES_WPA2;
  if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
    intdata->enc_capa |= DOES_TKIP;
  if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
    intdata->enc_capa |= DOES_CCMP;
#else
  debug_printf(DEBUG_NORMAL, "You need wireless extensions > 17 in order to"
	       " support detection of encryption methods.\n");
  intdata->enc_capa = 0;
#endif
}

int cardif_linux_wext_delete_key(struct interface_data *intdata, int key_idx,
				 int set_tx)
{
#if WIRELESS_EXT > 17
  char seq[6] = {0x00,0x00,0x00,0x00,0x00,0x00};

  if (!xsup_assert((intdata != NULL), "intdata != NULL", FALSE))
    return XEMALLOC;

  return cardif_linux_wext_set_key_ext(intdata, IW_ENCODE_ALG_NONE, NULL,
				       key_idx, set_tx, seq, 6, NULL, 0);
#else
  debug_printf(DEBUG_NORMAL, "%s : Not supported by WE(%d)!\n", __FUNCTION__,
	       WIRELESS_EXT);
#endif
  return XENONE;
}


struct cardif_funcs cardif_linux_wext_driver = {
  .scan = cardif_linux_wext_scan,
  .disassociate = cardif_linux_wext_disassociate,
  .set_wep_key = cardif_linux_wext_set_WEP_key,
  .set_tkip_key = cardif_linux_wext_set_tkip_key,
  .set_ccmp_key = cardif_linux_wext_set_ccmp_key,
  .delete_key = cardif_linux_wext_delete_key,
  .associate = cardif_linux_wext_associate,
  .get_ssid = cardif_linux_wext_get_ssid,
  .get_bssid = cardif_linux_wext_get_bssid,
  .wpa_state = cardif_linux_wext_wpa_state,
  .wpa = cardif_linux_wext_wpa,
  .wep_associate = cardif_linux_wext_wep_associate,
  .countermeasures = cardif_linux_wext_countermeasures,
  .drop_unencrypted = cardif_linux_wext_drop_unencrypted,
  .get_wpa_ie = cardif_linux_wext_get_wpa_ie,
  .get_wpa2_ie = cardif_linux_wext_get_wpa2_ie,
  .enc_disable = cardif_linux_wext_enc_disable,
  .enc_capabilities = cardif_linux_wext_enc_capabilities,
  .setbssid = cardif_linux_wext_set_bssid,
  .set_operstate = cardif_linux_rtnetlink_set_operstate,
  .set_linkmode = cardif_linux_rtnetlink_set_linkmode,
};


#endif