| blob | c5aa1183f30d2c014edb2705dc9910a5b9371d73 |
1 /*
2 * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 */
21 #include <stdlib.h>
22 #include <string.h>
23 #include <errno.h>
24 #include <gpxe/ieee80211.h>
25 #include <gpxe/net80211.h>
26 #include <gpxe/sec80211.h>
28 /** @file
29 *
30 * General secured-network routines required whenever any secure
31 * network support at all is compiled in. This involves things like
32 * installing keys, determining the type of security used by a probed
33 * network, and some small helper functions that take advantage of
34 * static data in this file.
35 */
37 /** Mapping from net80211 crypto/secprot types to RSN OUI descriptors */
39 /** Value of net80211_crypto_alg or net80211_security_proto */
40 u32 net80211_type;
42 /** OUI+type in appropriate byte order, masked to exclude vendor */
43 u32 oui_type;
44 };
46 /** Magic number in @a oui_type showing end of list */
47 #define END_MAGIC 0xFFFFFFFF
49 /** Mapping between net80211 cryptosystems and 802.11i cipher IDs */
65 };
67 /** Mapping between net80211 handshakers and 802.11i AKM IDs */
77 };
80 /**
81 * Install 802.11 cryptosystem
82 *
83 * @v which Pointer to the cryptosystem structure to install in
84 * @v crypt Cryptosystem ID number
85 * @v key Encryption key to use
86 * @v len Length of encryption key
87 * @v rsc Initial receive sequence counter, if applicable
88 * @ret rc Return status code
89 *
90 * The encryption key will not be accessed via the provided pointer
91 * after this function returns, so you may keep it on the stack.
92 *
93 * @a which must point to either @c dev->crypto (for the normal case
94 * of installing a unicast cryptosystem) or @c dev->gcrypto (to
95 * install a cryptosystem that will be used only for decrypting
96 * group-source frames).
97 */
101 {
105 /* Remove old crypto if it exists */
112 }
114 /* Find cryptosystem to use */
122 }
128 }
129 }
134 }
142 }
145 /**
146 * Determine net80211 crypto or handshaking type value to return for RSN info
147 *
148 * @v rsnp Pointer to next descriptor count field in RSN IE
149 * @v rsn_end Pointer to end of RSN IE
150 * @v map Descriptor map to use
151 * @v tbl_start Start of linker table to examine for gPXE support
152 * @v tbl_end End of linker table to examine for gPXE support
153 * @ret rsnp Updated to point to first byte after descriptors
154 * @ret map_ent Descriptor map entry of translation to use
155 *
156 * The entries in the linker table must be either net80211_crypto or
157 * net80211_handshaker structures, and @a tbl_stride must be set to
158 * sizeof() the appropriate one.
159 *
160 * This function expects @a rsnp to point at a two-byte descriptor
161 * count followed by a list of four-byte cipher or AKM descriptors; it
162 * will return @c NULL if the input packet is malformed, and otherwise
163 * set @a rsnp to the first byte it has not looked at. It will return
164 * the first cipher in the list that is supported by the current build
165 * of gPXE, or the first of all if none are supported.
166 *
167 * We play rather fast and loose with type checking, because this
168 * function is only called from two well-defined places in the
169 * RSN-checking code. Don't try to use it for anything else.
170 */
174 {
187 /* Determine which types we support */
194 else
196 }
198 /* RSN sanity checks */
202 }
210 }
212 /* Determine which net80211 crypto types are listed */
214 u32 desc;
218 ndesc );
220 }
229 /* Use first cipher as a fallback */
233 /* Once we find one we support, use it */
237 }
238 }
245 }
248 /**
249 * Find the RSN or WPA information element in the provided beacon frame
250 *
251 * @v ie Pointer to first information element to check
252 * @v ie_end Pointer to end of information element space
253 * @ret is_rsn TRUE if returned IE is RSN, FALSE if it's WPA
254 * @ret end Pointer to byte immediately after last byte of data
255 * @ret data Pointer to first byte of data (the `version' field)
256 *
257 * If both an RSN and a WPA information element are found, this
258 * function will return the first one seen, which by ordering rules
259 * should always prefer the newer RSN IE.
260 *
261 * If no RSN or WPA infomration element is found, returns @c NULL and
262 * leaves @a is_rsn and @a end in an undefined state.
263 *
264 * This function will not return a pointer to an information element
265 * that states it extends past the tail of the io_buffer, or whose @a
266 * version field is incorrect.
267 */
270 {
288 }
295 }
301 }
306 }
309 }
312 /**
313 * Detect crypto and AKM types from RSN information element
314 *
315 * @v is_rsn If TRUE, IE is a new-style RSN information element
316 * @v start Pointer to first byte of @a version field
317 * @v end Pointer to first byte not in the RSN IE
318 * @ret secprot Security handshaking protocol used by network
319 * @ret crypt Cryptosystem used by network
320 * @ret rc Return status code
321 *
322 * If the IE cannot be parsed, returns an error indication and leaves
323 * @a secprot and @a crypt unchanged.
324 */
328 {
334 /* Set some defaults */
344 /* Pick crypto algorithm */
356 /* Pick handshaking algorithm */
365 done:
371 invalid_rsn:
374 }
377 /**
378 * Detect the cryptosystem and handshaking protocol used by an 802.11 network
379 *
380 * @v iob I/O buffer containing beacon frame
381 * @ret secprot Security handshaking protocol used by network
382 * @ret crypt Cryptosystem used by network
383 * @ret rc Return status code
384 *
385 * This function uses weak linkage, as it must be called from generic
386 * contexts but should only be linked in if some encryption is
387 * supported; you must test its address against @c NULL before calling
388 * it. If it does not exist, any network with the PRIVACY bit set in
389 * beacon->capab should be considered unknown.
390 */
394 {
404 /* Find RSN or WPA IE */
407 /* No security IE at all; either WEP or no security. */
412 else
416 }
418 /* Determine type of security */
423 /* If we get here, the RSN IE was invalid */
430 }
433 /**
434 * Determine RSN descriptor for specified net80211 ID
435 *
436 * @v id net80211 ID value
437 * @v rsnie Whether to return a new-format (RSN IE) descriptor
438 * @v map Map to use in translation
439 * @ret desc RSN descriptor, or 0 on error
440 *
441 * If @a rsnie is false, returns an old-format (WPA vendor IE)
442 * descriptor.
443 */
445 {
451 }
454 }
456 /**
457 * Determine RSN descriptor for specified net80211 cryptosystem number
458 *
459 * @v crypt Cryptosystem number
460 * @v rsnie Whether to return a new-format (RSN IE) descriptor
461 * @ret desc RSN descriptor
462 *
463 * If @a rsnie is false, returns an old-format (WPA vendor IE)
464 * descriptor.
465 */
467 {
469 }
471 /**
472 * Determine RSN descriptor for specified net80211 handshaker number
473 *
474 * @v secprot Handshaker number
475 * @v rsnie Whether to return a new-format (RSN IE) descriptor
476 * @ret desc RSN descriptor
477 *
478 * If @a rsnie is false, returns an old-format (WPA vendor IE)
479 * descriptor.
480 */
483 {
485 }
487 /**
488 * Determine net80211 cryptosystem number from RSN descriptor
489 *
490 * @v desc RSN descriptor
491 * @ret crypt net80211 cryptosystem enumeration value
492 */
494 {
500 }
503 }