dot11rsnlib.c

PNE 3.3 wlan source code, running at more than vxworks6.x version

/* dot11RsnLib.c - Implements muxLoad, etc for Wireless Framework */

/* 
 * Copyright (c) 2004-2006 Wind River Systems, Inc. 
 *
 * The right to copy, distribute, modify or otherwise make use 
 * of this software may be licensed only pursuant to the terms 
 * of an applicable Wind River license agreement. 
 */

/* 
Modification History
--------------------
02r,14mar06,rb  Fix for SPR 118997 - AP crash when sta in PM
02q,14mar06,rb  Fix to SPR 118968: WPA AP gives wrong multicast key to stations
02p,27jan06,rb  Fix problem with SPR 117213 negotiations
02o,26jan06,rb  Fix for SPR 117213: Cannot use WPA2.0 and AES
02n,20jan06,rb  SPR 117078 - Large numbers of WPA/RSN stations reassociate too
                 often
02m,21dec05,rb  Further fix to SPR 115951 - Broadcom interoperability issues
02l,19dec05,rb  Merge in fix for SPR 114589 - SECURE bit not properly
                 implemented
02k,12dec05,rb  Fix to SPR 115951 - Broadcom interoperability issues
02u,28feb06,rb  Merge from 2.1.2 bug fix branch
02t,27feb06,rb  Changes from code inspection
02s,17feb06,rb  Code cleanup and warning removal
02r,11nov05,rb  Added mSSID feature
02q,31oct05,rb  Fix for SPR 114589 - WPA/WPA2 station is disconnected right
                 after connection with third party AP
02p,19oct05,rb  Change default crypto provider to take advantage of hardware
                 crypto when present
02o,28sep05,rb  Update header comments and copyright
02n,23sep05,rb  Fix to B0174 - Station does not completely leave WPA/RSN mode
02m,23sep05,rb  Fix for B0171 - AP keyslot corruption
02l,19sep05,rb  Fix for SPR 110278 - STA locked out of AP resets in middle 4way
02k,24aug05,rb  Tweak the user authentication callback to call when WPA auth.
                 is complete
02j,02aug05,rb  Fix for bug B0068 - Replay counter check failed
02i,29jul05,rb  Fix to improper setting of group cipher in TSN
02h,21jul05,rb  Fix to problem with fourway handshake timers firing
                 erratically
02g,23jun05,rb  Merge back Cyclops changes
02f,10jun05,rb  Added fourway timer and passphrase caching
02h,13jun05,rb  Fix for bug B0398 - Station cannot connect when using TSN &
                 RSN
02g,10jun05,rb  A further fix for customer issues with B0526
02f,08jun05,rb  Fix for bug B0526 -  Wireless Ethernet Driver doesn't reject
                 invalid WPA packets
02e,18may05,rb  Fix for bug B0367 - TSN does not work on station
02d,27apr05,rb  Added handshake statistics
02c,27apr05,rb  Updated routines with APIGEN tags
02b,26apr05,rb  Further fix to B0257
02a,22apr05,rb  Changed to new authCallback.
01z,15apr05,rb  Added PMK debugging statement
01y,14apr05,rb  Fix for B0206 - reAuthentication fails, PMK is out of Sync
01x,12apr05,rb  Fix minor synchronization issue
01w,29mar05,rb  Fix for B0166: MIC check failed messages when
                 re-authenticating (dot1x)
01v,24mar05,rb  Coverity code changes
01u,23mar05,rb  Fix for supplicant re-auth problems
01t,21mar05,rb  Fix for bug B0153 - 802.1X Reauth problem
01s,09mar05,rb  Only send group keys to stations that completed 4-way
                 handshake
01r,08mar05,rb  Fixed bug in 4wayA
01q,08mar05,rb  Demoted logMsgs and removed warning
01p,03mar05,rb  Code review changes
01o,17feb05,rb  Fixed Cheetah compile errors
01n,03feb05,rb  Use CCI_MAJOR_VER to check for correct CCI version
01m,01feb05,rb  Improved stability of handshake in a high-noise environment
01l,31jan05,dxb  Added fix to check for the latest CCI library.
01k,28jan05,rb  Fix bug preventing group rekeying
01j,25jan05,rb  Fixed coverity bugs
01i,20jan05,rb  Added new security statistics, MIC countermeasures
01h,12jan05,rb  Fix for bug B0028 - Connectivity problems with Proxim AP
01g,07jan05,rb  Added 802.1X Authentication
01f,06jan05,rb  Added code to initialize CCI library if not already done so
01e,04jan05,rb  Added support for 802.1X Authentication
01d,04jan05,rb  Fixed compatability problems with WlanNetworkG
01c,21dec04,rb  Added 802.11i/AES support
01b,20dec04,rb  Improved TSN Handling
01a,03nov04,rb  Initial version
*/

/*
DESCRIPTION

This module contains routines for managing a RSNA - Robust Security Network
Association.  WPA will also be accepted and generated by this module in the 
interests of backwards compatability.

This module is called by the mode-specific SME receive routines when a packet
containing a RSN or WPA IE is processed.  The information in that packet is
stored in the DOT11_KSL_ENTRY.  When the mode-specific SME module is generating
a packet that should contain RSN/WPA IEs, it should call this module to provide
the IEs.

This module is also responsible for the maintenance of the key hierarchy.


SEE ALSO
Wind River Wireless Security 2.0 High Level Design Document
Wind River Wireless Ethernet Driver 2.0 High Level Design Document

\NOMANUAL

*/

#include <vxWorks.h>
#include <endLib.h>
#include <stdio.h>
#include <tickLib.h>
#include <muxLib.h>
#include <in.h>
#include "drv/wlan/dot11Lib.h"
#include "drv/wlan/dot11TimerLib.h"
#include "drv/wlan/dot11RsnLib.h"

#include <wrn/cci/cci.h>

/* Check if the correct version of CCI is present, if not, replace 
dot11RsnInit() with a dummy function that just prints an error. */
#if ((defined (CCI_MAJOR_VER)) && (CCI_MAJOR_VER >= 3))

const UINT8 dot11RsnAesKwIv[DOT11_AESKW_IV_LEN] = {0xa6,0xa6,0xa6,0xa6,
                                                   0xa6,0xa6,0xa6,0xa6};

/* Forward Declarations */

LOCAL STATUS dot11RsnFree(DOT11_FW *  pDot11);
LOCAL INT32 dot11RsnIeCreate(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                          DOT11_BSS * pBss, UINT8 * buffer, int type);
LOCAL STATUS dot11RsnSecIeProcess(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                               UINT8 * buffer);
LOCAL STATUS dot11RsnSecIeNegotiate(DOT11_FW * pDot11,DOT11_KSL_ENTRY * pKsl);
LOCAL UINT32 dot11RsnGroupPolicyRecalc(DOT11_FW * pDot11, 
                                       DOT11_KSL_ENTRY * pKsl,
                                       DOT11_BSS * pBss);

LOCAL UINT32 dot11RsnBitCount(UINT32 x);
LOCAL STATUS dot11RsnEapolPktReceive(DOT11_FW * pDot11, M_BLK_ID pMblk);

LOCAL STATUS dot11RsnPrf(UINT8 * key, int keyLen, UINT8 * prefix, 
                         int prefixLen, UINT8 * data, int dataLen, int n, 
                         UINT8 * outbuf );

LOCAL STATUS dot11RsnPskSet(DOT11_FW * pDot11, const UINT8 * pKey);
LOCAL STATUS dot11RsnPmkSet(DOT11_FW * pDot11, const UINT8 * pKey);
LOCAL STATUS dot11RsnPassphraseSet(DOT11_FW * pDot11, const char * passphrase);

LOCAL STATUS dot11RsnFourwayStart(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl);

LOCAL VOID dot11RsnNonceGenerate( UINT8 * buffer);
LOCAL STATUS dot11RsnKeyDataEncrypt(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                                    UINT8 * data, UINT32 * dataLen, UINT8 * iv,
                                    UINT32 keyInfo, BOOL encrypt);
LOCAL STATUS dot11RsnKeyMicCalc(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                                DOT11_EAPOL_KEY_PKT * pEapol);
LOCAL STATUS dot11RsnEapolPktSend(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                                  UINT32  infoSecure, UINT32  micPresent, 
                                  UINT32 ackReq, UINT32 install, 
                                  UINT32 encrypted, UINT32 error, UINT32 req,
                                  UINT32  keyType, UINT8 * pKeyRsc, 
                                  UINT8 * pNonce, UINT8 * pRsnIe,
                                  UINT8 * pGtk, UINT32  gtkNum, 
                                  UINT8 * otherData, UINT32  otherDataLen);

LOCAL STATUS dot11Rsn4WayAProcess(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                                  DOT11_EAPOL_KEY_PKT * pEapol);
LOCAL STATUS dot11Rsn4WayBProcess(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                                  DOT11_EAPOL_KEY_PKT * pEapol);
LOCAL STATUS dot11Rsn4WayCProcess(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                                  DOT11_EAPOL_KEY_PKT * pEapol);
LOCAL STATUS dot11Rsn4WayDProcess(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                                  DOT11_EAPOL_KEY_PKT * pEapol);

LOCAL STATUS dot11RsnPwKeyGenerate(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl);

LOCAL STATUS dot11RsnGtkRecalc(DOT11_FW * pDot11);

LOCAL STATUS dot11RsnGroup1Process(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                                  DOT11_EAPOL_KEY_PKT * pEapol);
LOCAL STATUS dot11RsnGroup2Process(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                                  DOT11_EAPOL_KEY_PKT * pEapol);
LOCAL STATUS dot11RsnFourwayMsgTimeout(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl);
LOCAL STATUS dot11RsnGroupTimeout(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl);
LOCAL STATUS dot11RsnGroupRekey(DOT11_FW * pDot11);

LOCAL STATUS dot11RsnMicFailureProcess(DOT11_FW * pDot11, UINT8 * srcAddr);
LOCAL STATUS dot11RsnMicReenable(DOT11_FW *, DOT11_BSS *);
LOCAL STATUS dot11RsnEapolReqProcess(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                                     DOT11_EAPOL_KEY_PKT * pEapol);
LOCAL STATUS dot11RsnFourwayTimeout(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl);
LOCAL STATUS dot11RsnDeauth(DOT11_FW * pDot11, DOT11_KSL_ENTRY * pKsl,
                            UINT16 reason);

/* Lookup tables for conversions between IEEE cipher values and our own 
bitmapped values. */
LOCAL const UINT8 dot11RsnCiphToSuite[] =
    {
    0,                         /* 0 */
    DOT11_RSN_SUITE_WEP40,     /* 1 */
    DOT11_RSN_SUITE_WEP104,    /* 2 */
    0,                         /* 3 */
    DOT11_RSN_SUITE_TKIP,      /* 4 */
    0,                         /* 5 */
    0,                         /* 6 */
    0,                         /* 7 */
    DOT11_RSN_SUITE_AES        /* 8 */
    };

LOCAL const UINT8 dot11RsnSuiteToCiph[] =
    {
    0,
    DOT11_CIPHPOL_WEP40, 
    DOT11_CIPHPOL_TKIP, 
    0,
    DOT11_CIPHPOL_AES, 
    DOT11_CIPHPOL_WEP104, 
    };


/****************************************************************************
*
* dot11RsnInit - Prepares the DOT11_RSN_OBJ structure for operation
*
*
* RETURNS: OK, or ERROR
*
* ERRNO: N/A
*
* NOMANUAL
*/
STATUS dot11RsnInit
    (
    DOT11_FW *  pDot11           /* Pointer to device structure */
    )
    {
    UINT8 cciSeed[sizeof(DOT11_FW) + sizeof(UINT32)];
    cci_st cciStatus;
    int i;
    /* The RSN_OBJ is a static member of the SME_OBJ, so there is no need to
    allocate memory for the object */

    /* Fill in the function pointers */
    pDot11->sme->rsn.free = dot11RsnFree;
    pDot11->sme->rsn.rsnIeCreate = dot11RsnIeCreate;
    pDot11->sme->rsn.ieProcess = dot11RsnSecIeProcess;
    pDot11->sme->rsn.groupPolicyRecalc = dot11RsnGroupPolicyRecalc;
    pDot11->sme->rsn.eapolPktReceive = dot11RsnEapolPktReceive;
    
    pDot11->sme->rsn.pmkSet = dot11RsnPmkSet;
    pDot11->sme->rsn.pskSet = dot11RsnPskSet;
    pDot11->sme->rsn.passphraseSet = dot11RsnPassphraseSet;

    pDot11->sme->rsn.fourwayStart = dot11RsnFourwayStart;
    pDot11->sme->rsn.gtkRecalc = dot11RsnGtkRecalc;
    pDot11->sme->rsn.micFailureProcess = dot11RsnMicFailureProcess;
    pDot11->sme->rsn.fourwayTimeout = dot11RsnFourwayTimeout;
    
    /* Initialize the MIC failure counter to a negative value so that failures early 
    after initialization don't report as a double failure */
    pDot11->sme->rsn.lastMicFailure =  -(DOT11_MIC_FAILURE_TIME);
    pDot11->sme->rsn.micLockoutTimer = 0;
    pDot11->sme->rsn.micLockout = FALSE;
    bzero((char *)pDot11->sme->rsn.micLockoutAddr, DOT11_ADDR_LEN);

    /* Set the group re-key time to one minute */
    pDot11->dpe->groupRekeyTime = DOT11_GROUP_REKEY_TIME;

    /* Initialize the CCI libraries if not already done . . . */
	cciStatus = cciLibInit();
    if((cciStatus != S_cciLib_SUCCESS) &&
       (cciStatus != S_cciLib_LIB_ALREADY_INITIALIZED))
        {
        DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_INIT, 
                  ("dot11RsnInit: Error %d Initializing CCI library\n",
                   cciStatus,0,0,0,0,0));
		return(ERROR);
        }

    /* Load only the parts of the CCI library we need, if supported */
    CCI_NATIVE_ALGORITHM(CCI_CIPHER_AESKW);
    CCI_NATIVE_ALGORITHM(CCI_HMAC_SHA1);
    CCI_NATIVE_ALGORITHM(CCI_HMAC_MD5);
    CCI_NATIVE_ALGORITHM(CCI_CIPHER_RC4TKIP);
	CCI_NATIVE_ALGORITHM(CCI_RNG_GENERIC);
	CCI_NATIVE_ALGORITHM(CCI_RNG_SEED);

    /* Use a combination of the system time and the current contents of the 
    device structure (which includes things like the SSID and the macAddress)
    to initialize the CCI library.  This isn't totally random given the nature
    of embedded systems, but it is as close as we can get for now */
    *(UINT32*)&cciSeed[0] = tickGet();
    bcopy((char *)pDot11, (char *)&cciSeed[sizeof(UINT32)], sizeof(DOT11_FW));
        
    if ((cciStatus = cciRandSeed(CCI_APP_PROVIDER_ID, cciSeed, 
                                 sizeof(cciSeed))) != CCI_SUCCESS)
        {
        DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_INIT, 
                  ("dot11RsnInit: Error %d initializing CCI RAND\n",
                   cciStatus,0,0,0,0,0));

        return ERROR;
        }
    
    if (strlen(pDot11->sme->bss[0].rsnPassphrase) != 0)
        {
        if (pDot11->sme->rsn.passphraseSet(pDot11, 
                         (const char *)pDot11->sme->bss[0].rsnPassphrase) != OK)
            {
            DOT11_LOG(DOT11_DEBUG_INFO, DOT11_AREA_RSN,
                      ("dot11RsnInit: Error setting PSK using passphrase"
                       " \"%s\"\n", (int)pDot11->sme->bss[0].rsnPassphrase,0, 0, 0, 0, 0));
            }
        }

    /* Fix for bug B0257 - need to have encryption enabled when in RSN mode */
    if (pDot11->sme->bss[0].secPol != DOT11_SECPOL_NONE)
        {
        /* Get the least of the cipher policies */
        for (i=1; i<DOT11_CIPHPOL_MAX; i<<=1)
            {
            if ((pDot11->sme->bss[0].ciphPol & (1<<i)) != 0)
                {
                pDot11->sme->bss[0].multiEncryptType = 1 << i;
                break; /* for loop */
                }
            }
        }
    
    /* Start the first group re-key timer, even though we don't have any 
    stations */
    if ((pDot11->dot11Mode == DOT11_MODE_AP) &&
        (pDot11->dpe->groupRekeyTime != 0))
        {
        pDot11->dpe->groupRekeyTimer = 
            dot11TimerAdd(pDot11->dpe->groupRekeyTime, 
                          (FUNCPTR)dot11RsnGroupRekey, (int)pDot11, 
                          (int)NULL);
        }

    return OK;
    }

/****************************************************************************
*