📄 dot11rsnlib.c
字号:
(pKsl->uniDecryptIndex != DOT11_KEYINDEX_NONE) && (pKsl->uniDecryptIndex >= DOT11_MAX_DEFAULT_KEY)) { if (pDot11->hdd->hwEncryptionKeyDel(pDot11, pKsl->uniDecryptIndex) != OK) { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnSecIeNegotiate: Unable to free key " "%d\n", pKsl->uniEncryptIndex, 0,0,0,0,0)); } pKsl->uniDecryptIndex = DOT11_KEYINDEX_NONE; } if ((pKsl->uniEncryptIndex != DOT11_KEYINDEX_NONE) && (pKsl->uniEncryptIndex >= DOT11_MAX_DEFAULT_KEY)) { if (pDot11->hdd->hwEncryptionKeyDel(pDot11, pKsl->uniEncryptIndex) != OK) { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnSecIeNegotiate: Unable to free key " "%d\n", pKsl->uniEncryptIndex, 0,0,0,0,0)); } pKsl->uniEncryptIndex = DOT11_KEYINDEX_NONE; pKsl->uniDecryptIndex = DOT11_KEYINDEX_NONE; } } pKsl->uniEncryptType = DOT11_KEY_TYPE_WEP40; } else { /* First, if the previous type was AES or TKIP, we need to delete the keys */ if ((pKsl->uniEncryptType == DOT11_KEY_TYPE_TKIP) || (pKsl->uniEncryptType == DOT11_KEY_TYPE_AES)) { /* Remove any existing unicast keys */ if ((pKsl->uniDecryptIndex != pKsl->uniEncryptIndex) && (pKsl->uniDecryptIndex != DOT11_KEYINDEX_NONE) && (pKsl->uniDecryptIndex >= DOT11_MAX_DEFAULT_KEY)) { if (pDot11->hdd->hwEncryptionKeyDel(pDot11, pKsl->uniDecryptIndex) != OK) { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnSecIeNegotiate: Unable to free key " "%d\n", pKsl->uniEncryptIndex, 0,0,0,0,0)); } pKsl->uniDecryptIndex = DOT11_KEYINDEX_NONE; } if ((pKsl->uniEncryptIndex != DOT11_KEYINDEX_NONE) && (pKsl->uniEncryptIndex >= DOT11_MAX_DEFAULT_KEY)) { if (pDot11->hdd->hwEncryptionKeyDel(pDot11, pKsl->uniEncryptIndex) != OK) { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnSecIeNegotiate: Unable to free key " "%d\n", pKsl->uniEncryptIndex, 0,0,0,0,0)); } pKsl->uniDecryptIndex = DOT11_KEYINDEX_NONE; pKsl->uniEncryptIndex = DOT11_KEYINDEX_NONE; } } pKsl->uniEncryptType = DOT11_KEY_TYPE_NONE; } /* The intersection of the authentication policies is used to determine the available policies. From that list, 802.1X authentication is given priority over PSK mode. */ working = pKsl->authPol & pKsl->pBss->authPol; if ((working & DOT11_AUTHPOL_8021X) != 0) { pKsl->negAuthPol = DOT11_AUTHPOL_8021X; } else if ((working & DOT11_AUTHPOL_PSK) != 0) { pKsl->negAuthPol = DOT11_AUTHPOL_PSK; } else { pKsl->negAuthPol = DOT11_AUTHPOL_NONE; } return OK; }/****************************************************************************** dot11RsnGroupPolicyRecalc - Recalculate the current group cipher** This function is called in response to a change in the supported security* policies or the supported cipher types. It recalculates the group* cipher for an AP. In a station, this routine performs a check that* the group cipher sent by the AP is still supported by the current policies.** RETURNS: New cipher type, or DOT11_KEY_TYPE_NONE for error** ERRNO: N/A*/LOCAL UINT32 dot11RsnGroupPolicyRecalc ( DOT11_FW * pDot11, /* Pointer to 802.11 Framework */ DOT11_KSL_ENTRY * pKsl, /* Current association */ DOT11_BSS * pBss /* BSS to recalc for */ ) { UINT32 newGroupCipher = DOT11_KEY_TYPE_NONE; /* Invalidate the existing key */ pBss->gtkValid = FALSE; /* A shortcut exit if encryption is disabled. There's no point trying any further */ if ((pBss->ciphPol == DOT11_CIPHPOL_NONE) || (pBss->secPol == DOT11_SECPOL_NONE)) { if ((pBss->multiEncryptType == DOT11_KEY_TYPE_NONE) || (pBss->multiEncryptType == DOT11_KEY_TYPE_TKIP) || (pBss->multiEncryptType == DOT11_KEY_TYPE_AES)) { if (pBss->multiDecryptIndex != (UINT8)DOT11_KEYINDEX_NONE) { pDot11->hdd->hwEncryptionKeyDel(pDot11, pBss->multiDecryptIndex); } if (pBss->multiEncryptIndex != DOT11_KEYINDEX_NONE) { pDot11->hdd->hwEncryptionKeyDel(pDot11, pBss->multiEncryptIndex); } pBss->multiEncryptType = DOT11_KEY_TYPE_NONE; pBss->multiEncryptIndex = DOT11_KEYINDEX_NONE; pBss->multiDecryptIndex = DOT11_KEYINDEX_NONE; } return DOT11_KEY_TYPE_NONE; } /* If this is a station, use the information in the KSL entry */ if (pDot11->dot11Mode == DOT11_MODE_ESS) { if ((pKsl == NULL) || (pKsl->groupPol == DOT11_CIPHPOL_NONE)) { return DOT11_KEY_TYPE_NONE; } /* First, verify that the current group cipher is still in the list of supported ciphers */ if ((pBss->ciphPol & pKsl->groupPol) == 0) { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnGroupPolicyRecalc: Group cipher is no longer " " in the allowed cipher suites\n", 0, 0, 0, 0, 0, 0)); return DOT11_KEY_TYPE_NONE; } /* Next, check if the group ciper is allowed by the security policy */ if ((pKsl->groupPol == DOT11_KEY_TYPE_WEP40) || (pKsl->groupPol == DOT11_KEY_TYPE_WEP104)) { /* WEP keys are only allowed if TSN are allowed */ if ((pBss->secPol & DOT11_SECPOL_TSN) == 0) { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnGroupPolicyRecalc: Group cipher of WEP" " must have TSN as a sec policy\n", 0, 0, 0, 0, 0, 0)); return DOT11_KEY_TYPE_NONE; } } else if (pKsl->groupPol == DOT11_KEY_TYPE_TKIP) { /* TKIP keys are only allowed if either WPA or 11i are allowed */ if (((pBss->secPol & DOT11_SECPOL_WPA) == 0) && ((pBss->secPol & DOT11_SECPOL_11i) == 0)) { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnGroupPolicyRecalc: Group cipher of TKIP" " must have WPA or 802.11i as a sec policy\n", 0, 0, 0, 0, 0, 0)); return DOT11_KEY_TYPE_NONE; } } else if (pKsl->groupPol == DOT11_KEY_TYPE_AES) { /* AES keys are only allowed if 11i or 11i is allowed */ if (((pBss->secPol & DOT11_SECPOL_WPA) == 0) && ((pBss->secPol & DOT11_SECPOL_11i) == 0)) { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnGroupPolicyRecalc: Group cipher of AES" " must have 802.11i as a sec policy\n", 0, 0, 0, 0, 0, 0)); return DOT11_KEY_TYPE_NONE; } } else { return DOT11_KEY_TYPE_NONE; } /* If we got this far then the station must be OK */ newGroupCipher = pKsl->groupPol; } else if (pDot11->dot11Mode == DOT11_MODE_AP) { /* Just recalculate the group cipher type. This is defined as the "least secure" of the supported rates, so that any supported station will be able to decode it. */ if (((pBss->secPol & DOT11_SECPOL_TSN) != 0) && ((pBss->ciphPol & DOT11_CIPHPOL_WEP40) != 0)) { newGroupCipher = DOT11_KEY_TYPE_WEP40; } else if (((pBss->secPol & DOT11_SECPOL_TSN) != 0) && ((pBss->ciphPol & DOT11_CIPHPOL_WEP104) != 0)) { newGroupCipher = DOT11_KEY_TYPE_WEP104; } else if ((((pBss->secPol & DOT11_SECPOL_WPA) != 0) || ((pBss->secPol & DOT11_SECPOL_11i) != 0)) && ((pBss->ciphPol & DOT11_CIPHPOL_TKIP) != 0)) { newGroupCipher = DOT11_KEY_TYPE_TKIP; } else if ((((pBss->secPol & DOT11_SECPOL_WPA) != 0) || ((pBss->secPol & DOT11_SECPOL_11i) != 0)) && ((pBss->ciphPol & DOT11_CIPHPOL_AES) != 0)) { newGroupCipher = DOT11_KEY_TYPE_AES; } else { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnGroupPolicyRecalc: No compatible group ciper" "\n", 0, 0, 0, 0, 0, 0)); newGroupCipher = DOT11_KEY_TYPE_NONE; } } else { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnGroupPolicyRecalc: This routine should only be" " called in ESS and AP mode\n", 0, 0, 0, 0, 0, 0)); return DOT11_KEY_TYPE_NONE; } DOT11_LOG(DOT11_DEBUG_INFO, DOT11_AREA_RSN, ("dot11RsnGroupPolicyRecalc: New group cipher is %d\n" , newGroupCipher, 0, 0, 0, 0, 0)); return newGroupCipher; }/****************************************************************************** dot11RsnBitCount - Counts the number of bits ** This routine is optimized for a small number of bits set, since it counts* "1"s . To optimize for a large number of bits set, invert the operations* to count zeros.** RETURNS: Number of bits set in the number.** ERRNO: N/A*/LOCAL UINT32 dot11RsnBitCount ( UINT32 x /* Integer to count the bits in */ ) { int numBits = 0; while (x != 0) { x &= x - 1; numBits ++; } return numBits; }/****************************************************************************** dot11EapolPktReceive - Receive processor for an EAPOL-Key packet** This routine is called by the dpe when it receives an EAPOL-Key packet.* Instead of passing the packet to MUX and then to the 802.1X module, it comes* straight here, allowing the 802.11 solution to work without the 802.1X* module in PSK mode.** RETURNS: OR or ERROR. Packet is consumed regardless.** ERRNO: N/A*/LOCAL STATUS dot11RsnEapolPktReceive ( DOT11_FW * pDot11, /* Pointer to device structure */ M_BLK_ID pMblk ) { DOT11_EAPOL_KEY_PKT * pEapol; DOT11_KSL_ENTRY * pKsl; UINT16 keyInfo; STATUS status = OK; DOT11_LOG(DOT11_DEBUG_INFO, DOT11_AREA_RSN, ("dot11RsnEapolPktReceive: Called\n", 0, 0, 0, 0, 0, 0)); /* Get the source address at offset DOT11_ADDR_LEN and look it up in the KSL. If there's no record or the record isn't valid then */ if ((pKsl = pDot11->sme->ksl.lookup(pDot11, (UINT8 *)(pMblk->mBlkHdr.mData + DOT11_ADDR_LEN))) == NULL) { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnEapolPktReceive: No KSL record found for " DOT11_MAC_ADDR_STR "\n", DOT11_MAC_ADDR(pMblk->mBlkHdr.mData + DOT11_ADDR_LEN))); netMblkClChainFree(pMblk); return ERROR; } /* Get the KSL Lock */ if (pDot11->sme->ksl.lock(pDot11) != OK) { DOT11_LOG(DOT11_DEBUG_ERROR, DOT11_AREA_RSN, ("dot11RsnEapolPktReceive: Cannot get KSL lock \n", 0,0,0,0,0,0)); netMblkClChainFree(pMblk); return ERROR; }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -