wpa.c

r73模块的无线网卡在Linux下的驱动程序

/***************************************************************************
 * RT2x00 SourceForge Project - http://rt2x00.serialmonkey.com             *
 *                                                                         *
 *   This program is free software; you can redistribute it and/or modify  *
 *   it under the terms of the GNU General Public License as published by  *
 *   the Free Software Foundation; either version 2 of the License, or     *
 *   (at your option) any later version.                                   *
 *                                                                         *
 *   This program is distributed in the hope that it will be useful,       *
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
 *   GNU General Public License for more details.                          *
 *                                                                         *
 *   You should have received a copy of the GNU General Public License     *
 *   along with this program; if not, write to the                         *
 *   Free Software Foundation, Inc.,                                       *
 *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
 *                                                                         *
 *   Licensed under the GNU GPL                                            *
 *   Original code supplied under license from RaLink Inc, 2004.           *
 ***************************************************************************/

/***************************************************************************
 *	Module Name:	wpa.c
 *
 *	Abstract:
 *
 *	Revision History:
 *	Who		When		What
 *	--------	----------	-----------------------------
 *	Jan Lee		03-07-22	Initial
 *	Paul Lin	03-11-28	Modify for supplicant
 *
 ***************************************************************************/

#include "rt_config.h"


UCHAR	CipherWpaPskTkip[] = {
		0xDD, 0x16,				// RSN IE
		0x00, 0x50, 0xf2, 0x01,	// oui
		0x01, 0x00,				// Version
		0x00, 0x50, 0xf2, 0x02,	// Multicast
		0x01, 0x00,				// Number of unicast
		0x00, 0x50, 0xf2, 0x02,	// unicast
		0x01, 0x00,				// number of authentication method
		0x00, 0x50, 0xf2, 0x02	// authentication
		};
UCHAR	CipherWpaPskTkipLen = (sizeof(CipherWpaPskTkip) / sizeof(UCHAR));

UCHAR	CipherWpaPskAes[] = {
		0xDD, 0x16, 			// RSN IE
		0x00, 0x50, 0xf2, 0x01,	// oui
		0x01, 0x00,				// Version
		0x00, 0x50, 0xf2, 0x04,	// Multicast
		0x01, 0x00,				// Number of unicast
		0x00, 0x50, 0xf2, 0x04,	// unicast
		0x01, 0x00,				// number of authentication method
		0x00, 0x50, 0xf2, 0x02	// authentication
		};
UCHAR	CipherWpaPskAesLen = (sizeof(CipherWpaPskAes) / sizeof(UCHAR));

extern UCHAR    CipherWpa2Template[];
extern UCHAR    CipherWpa2TemplateLen;

#define     WPARSNIE    0xdd
#define     WPA2RSNIE   0x30


/*
	========================================================================

	Routine Description:
		Classify WPA EAP message type

	Arguments:
		EAPType		Value of EAP message type
		MsgType		Internal Message definition for MLME state machine

	Return Value:
		TRUE		Found appropriate message type
		FALSE		No appropriate message type

	Note:
		All these constants are defined in wpa.h
		For supplicant, there is only EAPOL Key message avaliable

	========================================================================
*/
BOOLEAN WpaMsgTypeSubst(
	IN	UCHAR	EAPType,
	OUT	ULONG	*MsgType)
{
	switch (EAPType)
	{
		case EAPPacket:
			*MsgType = MT2_EAPPacket;
			break;
		case EAPOLStart:
			*MsgType = MT2_EAPOLStart;
			break;
		case EAPOLLogoff:
			*MsgType = MT2_EAPOLLogoff;
			break;
		case EAPOLKey:
			*MsgType = MT2_EAPOLKey;
			break;
		case EAPOLASFAlert:
			*MsgType = MT2_EAPOLASFAlert;
			break;
		default:
			DBGPRINT(RT_DEBUG_INFO, "WpaMsgTypeSubst : return FALSE; \n");
			return FALSE;
	}
	return TRUE;
}

/*
	==========================================================================
	Description:
		association	state machine init,	including state	transition and timer init
	Parameters:
		S -	pointer	to the association state machine
	==========================================================================
 */
VOID    WpaPskStateMachineInit(
	IN	PRTMP_ADAPTER	pAd,
	IN	STATE_MACHINE *S,
	OUT	STATE_MACHINE_FUNC Trans[])
{
	StateMachineInit(S,	(STATE_MACHINE_FUNC*)Trans, MAX_WPA_PSK_STATE, MAX_WPA_PSK_MSG, (STATE_MACHINE_FUNC)Drop, WPA_PSK_IDLE, WPA_MACHINE_BASE);
	StateMachineSetAction(S, WPA_PSK_IDLE, MT2_EAPOLKey, (STATE_MACHINE_FUNC)WpaEAPOLKeyAction);
}

/*
	==========================================================================
	Description:
		This is	state machine function.
		When receiving EAPOL packets which is  for 802.1x key management.
		Use	both in	WPA, and WPAPSK	case.
		In this	function, further dispatch to different	functions according	to the received	packet.
		3 categories are :
		  1.  normal 4-way pairwisekey and 2-way groupkey handshake
		  2.  MIC error	(Countermeasures attack)  report packet	from STA.
		  3.  Request for pairwise/group key update	from STA
	Return:
	==========================================================================
*/
VOID    WpaEAPOLKeyAction(
	IN	PRTMP_ADAPTER	pAd,
	IN	MLME_QUEUE_ELEM	*Elem)
{
	INT				MsgType = EAPOL_MSG_INVALID;
	PKEY_DESCRIPTER	pKeyDesc;
    PHEADER_802_11  pHeader; //red
    UCHAR			ZeroReplay[LEN_KEY_DESC_REPLAY];

	DBGPRINT(RT_DEBUG_TRACE, "-----> WpaEAPOLKeyAction\n");

    pHeader = (PHEADER_802_11) Elem->Msg;

	// Get 802.11 header first
    pKeyDesc = (PKEY_DESCRIPTER) &Elem->Msg[(LENGTH_802_11 + LENGTH_802_1_H + LENGTH_EAPOL_H)];

#ifdef BIG_ENDIAN
    // pMsg->KeyDesc.KeyInfo and pKeyDesc->KeyInfo both point to the same addr.
    // Thus, it only needs swap once.
{
		USHORT	tmpKeyinfo;

		memcpy(&tmpKeyinfo, &pKeyDesc->KeyInfo, sizeof(USHORT));
		tmpKeyinfo = SWAP16(tmpKeyinfo);
		memcpy(&pKeyDesc->KeyInfo, &tmpKeyinfo, sizeof(USHORT));
}
//	    *(USHORT *)((UCHAR *)pKeyDesc+1) = SWAP16(*(USHORT *)((UCHAR *)pKeyDesc+1));
#endif

	// Sanity check, this should only happen in WPA(2)-PSK mode
	// 0. Debug print all bit information
	DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key Description Version %d\n", pKeyDesc->KeyInfo.KeyDescVer);
	DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key Type %d\n", pKeyDesc->KeyInfo.KeyType);
	DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key Index %d\n", pKeyDesc->KeyInfo.KeyIndex);
	DBGPRINT(RT_DEBUG_INFO, "KeyInfo Install %d\n", pKeyDesc->KeyInfo.Install);
	DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key Ack %d\n", pKeyDesc->KeyInfo.KeyAck);
	DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key MIC %d\n", pKeyDesc->KeyInfo.KeyMic);
	DBGPRINT(RT_DEBUG_INFO, "KeyInfo Secure %d\n", pKeyDesc->KeyInfo.Secure);
	DBGPRINT(RT_DEBUG_INFO, "KeyInfo Error %d\n", pKeyDesc->KeyInfo.Error);
	DBGPRINT(RT_DEBUG_INFO, "KeyInfo Request %d\n", pKeyDesc->KeyInfo.Request);
	DBGPRINT(RT_DEBUG_INFO, "KeyInfo EKD_DL %d\n", pKeyDesc->KeyInfo.EKD_DL);

	pAd->EAPOLVer = Elem->Msg[LENGTH_802_11+LENGTH_802_1_H];
	// 1. Check EAPOL frame version and type
    if (pAd->PortCfg.AuthMode == Ndis802_11AuthModeWPAPSK)
    {
        if (((pAd->EAPOLVer != 1) && (pAd->EAPOLVer != 2)) || (pKeyDesc->Type != WPA1_KEY_DESC))
	    {
		    DBGPRINT(RT_DEBUG_ERROR, "	 Key descripter	does not match with	WPA1 rule \n");
		    return;
	    }
    }
    else if (pAd->PortCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)
    {
        // pass (Version != EAPOL_VER)
        if (pKeyDesc->Type != WPA2_KEY_DESC)
        {
            DBGPRINT(RT_DEBUG_ERROR, "   Key descripter does not match with WPA2 rule \n");
            return;
        }
    }

    // First validate replay counter, only accept message with larger replay counter
	// Let equal pass, some AP start with all zero replay counter
	memset(ZeroReplay, 0, LEN_KEY_DESC_REPLAY);
	if ((RTMPCompareMemory(pKeyDesc->ReplayCounter, pAd->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY) != 1) &&
		(RTMPCompareMemory(pKeyDesc->ReplayCounter, ZeroReplay, LEN_KEY_DESC_REPLAY) != 0))
    {
        DBGPRINT(RT_DEBUG_ERROR, "   ReplayCounter not match   \n");
		return;
    }


/*
====================================================================
        WPAPSK2     WPAPSK2         WPAPSK2     WPAPSK2
======================================================================
*/
    if (pAd->PortCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)
    {
        if ((pKeyDesc->KeyInfo.KeyType == 1) &&
            (pKeyDesc->KeyInfo.EKD_DL == 0) &&
            (pKeyDesc->KeyInfo.KeyAck == 1) &&
            (pKeyDesc->KeyInfo.KeyMic == 0) &&
            (pKeyDesc->KeyInfo.Secure == 0) &&
            (pKeyDesc->KeyInfo.Error == 0) &&
            (pKeyDesc->KeyInfo.Request == 0))
        {
            MsgType = EAPOL_PAIR_MSG_1;
            DBGPRINT(RT_DEBUG_ERROR, "Receive EAPOL Key Pairwise Message 1\n");
        }
        else if ((pKeyDesc->KeyInfo.KeyType == 1) &&
                (pKeyDesc->KeyInfo.EKD_DL  == 1) &&
                (pKeyDesc->KeyInfo.KeyAck == 1) &&
                (pKeyDesc->KeyInfo.KeyMic == 1) &&
                (pKeyDesc->KeyInfo.Secure == 1) &&
                (pKeyDesc->KeyInfo.Error == 0) &&
                (pKeyDesc->KeyInfo.Request == 0))
        {
            MsgType = EAPOL_PAIR_MSG_3;
            DBGPRINT(RT_DEBUG_ERROR, "Receive EAPOL Key Pairwise Message 3\n");
        }
        else if ((pKeyDesc->KeyInfo.KeyType == 0) &&
                (pKeyDesc->KeyInfo.EKD_DL == 1) &&
                (pKeyDesc->KeyInfo.KeyAck == 1) &&
                (pKeyDesc->KeyInfo.KeyMic == 1) &&
                (pKeyDesc->KeyInfo.Secure == 1) &&
                (pKeyDesc->KeyInfo.Error == 0) &&
                (pKeyDesc->KeyInfo.Request == 0))
        {
            MsgType = EAPOL_GROUP_MSG_1;
            DBGPRINT(RT_DEBUG_ERROR, "Receive EAPOL Key Group Message 1\n");
        }

#ifdef BIG_ENDIAN
        // recovery original byte order, before forward Elem to another routine
{
        USHORT	tmpKeyinfo;

        memcpy(&tmpKeyinfo, &pKeyDesc->KeyInfo, sizeof(USHORT));
        tmpKeyinfo = SWAP16(tmpKeyinfo);
	    memcpy(&pKeyDesc->KeyInfo, &tmpKeyinfo, sizeof(USHORT));
}
//	    *(USHORT *)((UCHAR *)pKeyDesc+1) = SWAP16(*(USHORT *)((UCHAR *)pKeyDesc+1));
#endif

        // We will assume link is up (assoc suceess and port not secured).
        // All state has to be able to process message from previous state
        switch (pAd->PortCfg.WpaState)
        {
            case SS_START:
                if (MsgType == EAPOL_PAIR_MSG_1)
                {
                    Wpa2PairMsg1Action(pAd, Elem);
                    pAd->PortCfg.WpaState = SS_WAIT_MSG_3;
                }
                break;

			case SS_WAIT_MSG_3:
			    if (MsgType == EAPOL_PAIR_MSG_1)
			    {
			        Wpa2PairMsg1Action(pAd, Elem);
			        pAd->PortCfg.WpaState = SS_WAIT_MSG_3;
			    }
			    else if (MsgType == EAPOL_PAIR_MSG_3)
			    {
			        Wpa2PairMsg3Action(pAd, Elem);
			        pAd->PortCfg.WpaState = SS_WAIT_GROUP;
			    }
			    break;

			case SS_WAIT_GROUP:     // When doing group key exchange
			case SS_FINISH:         // This happened when update group key
			    if (MsgType == EAPOL_PAIR_MSG_1)
			    {
			        Wpa2PairMsg1Action(pAd, Elem);
			        pAd->PortCfg.WpaState = SS_WAIT_MSG_3;
			        // Reset port secured variable
			        pAd->PortCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
			    }
			    else if (MsgType == EAPOL_PAIR_MSG_3)
			    {
			        Wpa2PairMsg3Action(pAd, Elem);
			        pAd->PortCfg.WpaState = SS_WAIT_GROUP;
			        // Reset port secured variable
			        pAd->PortCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
			    }
			    else if (MsgType == EAPOL_GROUP_MSG_1)
			    {
			        WpaGroupMsg1Action(pAd, Elem);
			        pAd->PortCfg.WpaState = SS_FINISH;
			    }
			    break;

			default:
			    break;
        }
    }

///*
//====================================================================
//          WPAPSK          WPAPSK          WPAPSK          WPAPSK
//======================================================================
//*/
	// Classify message Type, either pairwise message 1, 3, or group message 1 for supplicant
    else if (pAd->PortCfg.AuthMode == Ndis802_11AuthModeWPAPSK)
    {
	    if ((pKeyDesc->KeyInfo.KeyType == 1) &&
		    (pKeyDesc->KeyInfo.KeyIndex == 0) &&
		    (pKeyDesc->KeyInfo.KeyAck == 1) &&
		    (pKeyDesc->KeyInfo.KeyMic == 0) &&
		    (pKeyDesc->KeyInfo.Secure == 0) &&
		    (pKeyDesc->KeyInfo.Error == 0) &&
		    (pKeyDesc->KeyInfo.Request == 0))
	    {
		    MsgType = EAPOL_PAIR_MSG_1;
		    DBGPRINT(RT_DEBUG_TRACE, "Receive EAPOL Key Pairwise Message 1\n");
	    }
	    else if ((pKeyDesc->KeyInfo.KeyType == 1) &&
		    (pKeyDesc->KeyInfo.KeyIndex == 0) &&
		    (pKeyDesc->KeyInfo.KeyAck == 1) &&
		    (pKeyDesc->KeyInfo.KeyMic == 1) &&
		    (pKeyDesc->KeyInfo.Secure == 0) &&
		    (pKeyDesc->KeyInfo.Error == 0) &&
		    (pKeyDesc->KeyInfo.Request == 0))
	    {
		    MsgType = EAPOL_PAIR_MSG_3;
		    DBGPRINT(RT_DEBUG_TRACE, "Receive EAPOL Key Pairwise Message 3\n");
	    }
	    else if ((pKeyDesc->KeyInfo.KeyType == 0) &&
		    (pKeyDesc->KeyInfo.KeyIndex != 0) &&
		    (pKeyDesc->KeyInfo.KeyAck == 1) &&
		    (pKeyDesc->KeyInfo.KeyMic == 1) &&
		    (pKeyDesc->KeyInfo.Secure == 1) &&
		    (pKeyDesc->KeyInfo.Error == 0) &&
		    (pKeyDesc->KeyInfo.Request == 0))
	    {
		    MsgType = EAPOL_GROUP_MSG_1;
		    DBGPRINT(RT_DEBUG_TRACE, "Receive EAPOL Key Group Message 1\n");
	    }

#ifdef BIG_ENDIAN
        // recovery original byte order, before forward Elem to another routine
{
	    USHORT	tmpKeyinfo;

	    memcpy(&tmpKeyinfo, &pKeyDesc->KeyInfo, sizeof(USHORT));
	    tmpKeyinfo = SWAP16(tmpKeyinfo);
	    memcpy(&pKeyDesc->KeyInfo, &tmpKeyinfo, sizeof(USHORT));
}
//	    *(USHORT *)((UCHAR *)pKeyDesc+1) = SWAP16(*(USHORT *)((UCHAR *)pKeyDesc+1));
#endif

	    // We will assume link is up (assoc suceess and port not secured).
	    // All state has to be able to process message from previous state
	    switch (pAd->PortCfg.WpaState)
	    {
		    case SS_START:
			    if (MsgType == EAPOL_PAIR_MSG_1)
			    {
				    WpaPairMsg1Action(pAd, Elem);
				    pAd->PortCfg.WpaState = SS_WAIT_MSG_3;
			    }
			    break;

		    case SS_WAIT_MSG_3:
			    if (MsgType == EAPOL_PAIR_MSG_1)
			    {
				    WpaPairMsg1Action(pAd, Elem);
				    pAd->PortCfg.WpaState = SS_WAIT_MSG_3;
			    }
			    else if (MsgType == EAPOL_PAIR_MSG_3)
			    {
				    WpaPairMsg3Action(pAd, Elem);
				    pAd->PortCfg.WpaState = SS_WAIT_GROUP;
			    }
			    break;

		    case SS_WAIT_GROUP:		// When doing group key exchange
		    case SS_FINISH:			// This happened when update group key
			    if (MsgType == EAPOL_PAIR_MSG_1)
			    {
				    WpaPairMsg1Action(pAd, Elem);
				    pAd->PortCfg.WpaState = SS_WAIT_MSG_3;
				    // Reset port secured variable
				    pAd->PortCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
			    }
			    else if (MsgType == EAPOL_PAIR_MSG_3)
			    {
				    WpaPairMsg3Action(pAd, Elem);
				    pAd->PortCfg.WpaState = SS_WAIT_GROUP;
				    // Reset port secured variable
				    pAd->PortCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
			    }
			    else if (MsgType == EAPOL_GROUP_MSG_1)
			    {