📄 dpc.c
字号:
PSKeyItem pKey = NULL;
BYTE byDecMode = KEY_CTL_WEP;
PSMgmtObject pMgmt = pDevice->pMgmt;
*pwRxTSC15_0 = 0;
*pdwRxTSC47_16 = 0;
pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
pbyIV += 6; // 6 is 802.11 address4
PayloadLen -= 6;
}
byKeyIdx = (*(pbyIV+3) & 0xc0);
byKeyIdx >>= 6;
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) ||
(pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) ||
(pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) ||
(pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
(pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) {
if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) &&
(pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) {
// unicast pkt use pairwise key
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n");
if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) {
if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP)
byDecMode = KEY_CTL_TKIP;
else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP)
byDecMode = KEY_CTL_CCMP;
}
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey);
} else {
// use group key
KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey);
if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
byDecMode = KEY_CTL_TKIP;
else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
byDecMode = KEY_CTL_CCMP;
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey);
}
}
// our WEP only support Default Key
if (pKey == NULL) {
// use default group key
KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey);
if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
byDecMode = KEY_CTL_TKIP;
else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
byDecMode = KEY_CTL_CCMP;
}
*pKeyOut = pKey;
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
if (pKey == NULL) {
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n");
if (byDecMode == KEY_CTL_WEP) {
// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
} else if (pDevice->bLinkPass == TRUE) {
// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
}
return FALSE;
}
if (byDecMode != pKey->byCipherSuite) {
if (byDecMode == KEY_CTL_WEP) {
// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
} else if (pDevice->bLinkPass == TRUE) {
// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
}
*pKeyOut = NULL;
return FALSE;
}
if (byDecMode == KEY_CTL_WEP) {
// handle WEP
if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
(((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) {
// Software WEP
// 1. 3253A
// 2. WEP 256
PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
*pbyNewRsr |= NEWRSR_DECRYPTOK;
}
}
} else if ((byDecMode == KEY_CTL_TKIP) ||
(byDecMode == KEY_CTL_CCMP)) {
// TKIP/AES
PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
*pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
if (byDecMode == KEY_CTL_TKIP) {
*pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
} else {
*pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
}
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
if ((byDecMode == KEY_CTL_TKIP) &&
(pDevice->byLocalID <= REV_ID_VT3253_A1)) {
// Software TKIP
// 1. 3253 A
PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame);
TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
*pbyNewRsr |= NEWRSR_DECRYPTOK;
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
} else {
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
}
}
}// end of TKIP/AES
if ((*(pbyIV+3) & 0x20) != 0)
*pbExtIV = TRUE;
return TRUE;
}
static BOOL s_bHostWepRxEncryption (
IN PSDevice pDevice,
IN PBYTE pbyFrame,
IN UINT FrameSize,
IN PBYTE pbyRsr,
IN BOOL bOnFly,
IN PSKeyItem pKey,
OUT PBYTE pbyNewRsr,
OUT PBOOL pbExtIV,
OUT PWORD pwRxTSC15_0,
OUT PDWORD pdwRxTSC47_16
)
{
UINT PayloadLen = FrameSize;
PBYTE pbyIV;
BYTE byKeyIdx;
BYTE byDecMode = KEY_CTL_WEP;
PS802_11Header pMACHeader;
*pwRxTSC15_0 = 0;
*pdwRxTSC47_16 = 0;
pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN;
if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) &&
WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) {
pbyIV += 6; // 6 is 802.11 address4
PayloadLen -= 6;
}
byKeyIdx = (*(pbyIV+3) & 0xc0);
byKeyIdx >>= 6;
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx);
if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP)
byDecMode = KEY_CTL_TKIP;
else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP)
byDecMode = KEY_CTL_CCMP;
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode);
if (byDecMode != pKey->byCipherSuite) {
if (byDecMode == KEY_CTL_WEP) {
// pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++;
} else if (pDevice->bLinkPass == TRUE) {
// pDevice->s802_11Counter.DecryptFailureCount.QuadPart++;
}
return FALSE;
}
if (byDecMode == KEY_CTL_WEP) {
// handle WEP
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n");
if ((pDevice->byLocalID <= REV_ID_VT3253_A1) ||
(((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) ||
(bOnFly == FALSE)) {
// Software WEP
// 1. 3253A
// 2. WEP 256
// 3. NotOnFly
PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc
MEMvCopy(pDevice->abyPRNG, pbyIV, 3);
MEMvCopy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength);
rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3);
rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen);
if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) {
*pbyNewRsr |= NEWRSR_DECRYPTOK;
}
}
} else if ((byDecMode == KEY_CTL_TKIP) ||
(byDecMode == KEY_CTL_CCMP)) {
// TKIP/AES
PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc
*pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4));
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16);
if (byDecMode == KEY_CTL_TKIP) {
*pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV));
} else {
*pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV);
}
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0);
if (byDecMode == KEY_CTL_TKIP) {
if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) {
// Software TKIP
// 1. 3253 A
// 2. NotOnFly
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n");
pMACHeader = (PS802_11Header) (pbyFrame);
TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG);
rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN);
rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen);
if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) {
*pbyNewRsr |= NEWRSR_DECRYPTOK;
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n");
} else {
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n");
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen);
}
}
}
if (byDecMode == KEY_CTL_CCMP) {
if (bOnFly == FALSE) {
// Software CCMP
// NotOnFly
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n");
if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) {
*pbyNewRsr |= NEWRSR_DECRYPTOK;
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n");
} else {
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n");
}
}
}
}// end of TKIP/AES
if ((*(pbyIV+3) & 0x20) != 0)
*pbExtIV = TRUE;
return TRUE;
}
#ifdef PRIVATE_OBJ
static BOOL s_bAPModeRxData (
IN PSDevice pDevice,
IN ref_sk_buff* skb,
IN UINT FrameSize,
IN UINT cbHeaderOffset,
IN INT iSANodeIndex,
IN INT iDANodeIndex
)
#else
static BOOL s_bAPModeRxData (
IN PSDevice pDevice,
IN struct sk_buff* skb,
IN UINT FrameSize,
IN UINT cbHeaderOffset,
IN INT iSANodeIndex,
IN INT iDANodeIndex
)
#endif
{
PSMgmtObject pMgmt = pDevice->pMgmt;
BOOL bRelayAndForward = FALSE;
BOOL bRelayOnly = FALSE;
BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80};
WORD wAID;
#ifdef PRIVATE_OBJ
struct sk_buff* tmp_skb;
ref_sk_buff s_ref_skb;
ref_sk_buff* skbcpy = &s_ref_skb;
#else
struct sk_buff* skbcpy = NULL;
#endif
if (FrameSize > CB_MAX_BUF_SIZE)
return FALSE;
// check DA
if(IS_MULTICAST_ADDRESS((PBYTE)(skb->data+cbHeaderOffset))) {
if (pMgmt->sNodeDBTable[0].bPSEnable) {
#ifdef PRIVATE_OBJ
tmp_skb = dev_alloc_skb((int)pDevice->rx_buf_sz);
skbcpy = &s_ref_skb;
ref_skb_remap(pDevice->dev, skbcpy, tmp_skb);
#else
skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz);
#endif
// if any node in PS mode, buffer packet until DTIM.
if (skbcpy == NULL) {
DEVICE_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n");
}
else {
skbcpy->dev = pDevice->dev;
#ifdef PRIVATE_OBJ
*(skbcpy->len) = FrameSize;
memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy->skb);
#else
skbcpy->len = FrameSize;
memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize);
skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy);
#endif
pMgmt->sNodeDBTable[0].wEnQueueCnt++;
// set tx map
pMgmt->abyPSTxMap[0] |= byMask[0];
}
}
else {
bRelayAndForward = TRUE;
}
}
else {
// check if relay
if (BSSDBbIsSTAInNodeDB(pMgmt, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) {
if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) {
if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) {
// queue this skb until next PS tx, and then release.
#ifdef PRIVATE_OBJ
ref_skb_add_offset(skb->skb, cbHeaderOffset);
skb_put(skb->skb, FrameSize);
skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb->skb);
#else
skb->data += cbHeaderOffset;
skb->tail += cbHeaderOffset;
skb_put(skb, FrameSize);
skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb);
#endif
pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++;
wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID;
pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7];
DEVICE_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n",
iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]);
return TRUE;
}
else {
bRelayOnly = TRUE;
}
}
};
}
if (bRelayOnly || bRelayAndForward) {
// relay this packet right now
if (bRelayAndForward)
iDANodeIndex = 0;
if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) {
ROUTEbRelay(pDevice, (PBYTE)(skb->data + cbHeaderOffset), FrameSize, (UINT)iDANodeIndex);
}
if (bRelayOnly)
return FALSE;
}
// none associate, don't forward
if (pDevice->uAssocCount == 0)
return FALSE;
return TRUE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -