search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MOXA linux-2.6.x / linux-2.6.9-uc0 from sdlinux-moxaart.tgz
[linux-2.6.9-moxart.git] / drivers / net / wireless / rtlink / wpa.c
blob0c49935bb82f2c7aa89a60e980214c204a878449
1 /*************************************************************************
2 * Ralink Tech Inc. *
3 * 4F, No. 2 Technology 5th Rd. *
4 * Science-based Industrial Park *
5 * Hsin-chu, Taiwan, R.O.C. *
6 * *
7 * (c) Copyright 2002, Ralink Technology, Inc. *
8 * *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
13 * *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
18 * *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program; if not, write to the *
21 * Free Software Foundation, Inc., *
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 * *
24 ************************************************************************
25
26 Module Name:
27 wpa.c
28
29 Abstract:
30
31 Revision History:
32 Who When What
33 -------- ---------- ----------------------------------------------
34 Jan Lee 03-07-22 Initial
35 Paul Lin 03-11-28 Modify for supplicant
36 */
37 #include "rt_config.h"
38
39 UCHAR CipherWpaPskTkip[] = {
40 0xDD, 0x16, // RSN IE
41 0x00, 0x50, 0xf2, 0x01, // oui
42 0x01, 0x00, // Version
43 0x00, 0x50, 0xf2, 0x02, // Multicast
44 0x01, 0x00, // Number of unicast
45 0x00, 0x50, 0xf2, 0x02, // unicast
46 0x01, 0x00, // number of authentication method
47 0x00, 0x50, 0xf2, 0x02 // authentication
48 };
49 UCHAR CipherWpaPskTkipLen = (sizeof(CipherWpaPskTkip) / sizeof(UCHAR));
50
51 UCHAR CipherWpaPskAes[] = {
52 0xDD, 0x16, // RSN IE
53 0x00, 0x50, 0xf2, 0x01, // oui
54 0x01, 0x00, // Version
55 0x00, 0x50, 0xf2, 0x04, // Multicast
56 0x01, 0x00, // Number of unicast
57 0x00, 0x50, 0xf2, 0x04, // unicast
58 0x01, 0x00, // number of authentication method
59 0x00, 0x50, 0xf2, 0x02 // authentication
60 };
61 UCHAR CipherWpaPskAesLen = (sizeof(CipherWpaPskAes) / sizeof(UCHAR));
62
63 /*
64 ========================================================================
65
66 Routine Description:
67 Classify WPA EAP message type
68
69 Arguments:
70 EAPType Value of EAP message type
71 MsgType Internal Message definition for MLME state machine
72
73 Return Value:
74 TRUE Found appropriate message type
75 FALSE No appropriate message type
76
77 Note:
78 All these constants are defined in wpa.h
79 For supplicant, there is only EAPOL Key message avaliable
80
81 ========================================================================
82 */
83 BOOLEAN WpaMsgTypeSubst(
84 IN UCHAR EAPType,
85 OUT ULONG *MsgType)
86 {
87 switch (EAPType)
88 {
89 case EAPPacket:
90 *MsgType = EAP_MSG_TYPE_EAPPacket;
91 break;
92 case EAPOLStart:
93 *MsgType = EAP_MSG_TYPE_EAPOLStart;
94 break;
95 case EAPOLLogoff:
96 *MsgType = EAP_MSG_TYPE_EAPOLLogoff;
97 break;
98 case EAPOLKey:
99 *MsgType = EAP_MSG_TYPE_EAPOLKey;
100 break;
101 case EAPOLASFAlert:
102 *MsgType = EAP_MSG_TYPE_EAPOLASFAlert;
103 break;
104 default:
105 DBGPRINT(RT_DEBUG_INFO, "WpaMsgTypeSubst : return FALSE; \n");
106 return FALSE;
107 }
108 return TRUE;
109 }
110
111 /*
112 ==========================================================================
113 Description:
114 association state machine init, including state transition and timer init
115 Parameters:
116 S - pointer to the association state machine
117 ==========================================================================
118 */
119 VOID WpaPskStateMachineInit(
120 IN PRTMP_ADAPTER pAd,
121 IN STATE_MACHINE *S,
122 OUT STATE_MACHINE_FUNC Trans[])
123 {
124 StateMachineInit(S, (STATE_MACHINE_FUNC*)Trans, MAX_WPA_PSK_STATE, MAX_WPA_PSK_MSG, (STATE_MACHINE_FUNC)Drop, WPA_PSK_IDLE, WPA_MACHINE_BASE);
125 StateMachineSetAction(S, WPA_PSK_IDLE, EAP_MSG_TYPE_EAPOLKey, (STATE_MACHINE_FUNC)WpaEAPOLKeyAction);
126 }
127
128 /*
129 ==========================================================================
130 Description:
131 This is state machine function.
132 When receiving EAPOL packets which is for 802.1x key management.
133 Use both in WPA, and WPAPSK case.
134 In this function, further dispatch to different functions according to the received packet. 3 categories are :
135 1. normal 4-way pairwisekey and 2-way groupkey handshake
136 2. MIC error (Countermeasures attack) report packet from STA.
137 3. Request for pairwise/group key update from STA
138 Return:
139 ==========================================================================
140 */
141 VOID WpaEAPOLKeyAction(
142 IN PRTMP_ADAPTER pAdapter,
143 IN MLME_QUEUE_ELEM *Elem)
144 {
145 INT MsgType;
146 UCHAR ZeroReplay[LEN_KEY_DESC_REPLAY];
147 PKEY_DESCRIPTER pKeyDesc;
148
149 DBGPRINT(RT_DEBUG_TRACE, "-----> WpaEAPOLKeyAction\n");
150 // Get 802.11 header first
151 pKeyDesc = (PKEY_DESCRIPTER) &Elem->Msg[(LENGTH_802_11 + LENGTH_802_1_H + LENGTH_EAPOL_H)];
152
153 #ifdef BIG_ENDIAN
154 *(USHORT *)((UCHAR *)pKeyDesc+1) = SWAP16(*(USHORT *)((UCHAR *)pKeyDesc+1));
155 #endif
156 // Sanity check, this should only happen in WPA-PSK mode
157 if (pAdapter->PortCfg.AuthMode != Ndis802_11AuthModeWPAPSK)
158 return;
159
160 // 0. Debug print all bit information
161 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key Description Version %d\n", pKeyDesc->KeyInfo.KeyDescVer);
162 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key Type %d\n", pKeyDesc->KeyInfo.KeyType);
163 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key Index %d\n", pKeyDesc->KeyInfo.KeyIndex);
164 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Install %d\n", pKeyDesc->KeyInfo.Install);
165 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key Ack %d\n", pKeyDesc->KeyInfo.KeyAck);
166 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Key MIC %d\n", pKeyDesc->KeyInfo.KeyMic);
167 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Secure %d\n", pKeyDesc->KeyInfo.Secure);
168 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Error %d\n", pKeyDesc->KeyInfo.Error);
169 DBGPRINT(RT_DEBUG_INFO, "KeyInfo Request %d\n", pKeyDesc->KeyInfo.Request);
170 DBGPRINT(RT_DEBUG_INFO, "KeyInfo DL %d\n", pKeyDesc->KeyInfo.DL);
171
172 // 1. Check EAPOL frame version and type
173 if ((Elem->Msg[LENGTH_802_11+LENGTH_802_1_H] != EAPOL_VER) || (pKeyDesc->Type != RSN_KEY_DESC))
174 {
175 DBGPRINT(RT_DEBUG_ERROR, " Key descripter does not match with WPA rule \n");
176 return;
177 }
178
179 // 2.Check Version for AES & TKIP
180 if ((pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled) && (pKeyDesc->KeyInfo.KeyDescVer != DESC_TYPE_AES))
181 {
182 DBGPRINT(RT_DEBUG_ERROR, " Key descripter version not match AES \n");
183 return;
184 }
185 else if ((pAdapter->PortCfg.WepStatus == Ndis802_11Encryption2Enabled) && (pKeyDesc->KeyInfo.KeyDescVer != DESC_TYPE_TKIP))
186 {
187 DBGPRINT(RT_DEBUG_ERROR, " Key descripter version not match TKIP \n");
188 return;
189 }
190
191 // First validate replay counter, only accept message with larger replay counter
192 // Let equal pass, some AP start with all zero replay counter
193 NdisZeroMemory(ZeroReplay, LEN_KEY_DESC_REPLAY);
194 if ((RTMPCompareMemory(pKeyDesc->ReplayCounter, pAdapter->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY) != 1) &&
195 (RTMPCompareMemory(pKeyDesc->ReplayCounter, ZeroReplay, LEN_KEY_DESC_REPLAY) != 0))
196 return;
197
198 // Classify message Type, either pairwise message 1, 3, or group message 1 for supplicant
199 MsgType = EAPOL_MSG_INVALID;
200 if ((pKeyDesc->KeyInfo.KeyType == 1) &&
201 (pKeyDesc->KeyInfo.KeyIndex == 0) &&
202 (pKeyDesc->KeyInfo.KeyAck == 1) &&
203 (pKeyDesc->KeyInfo.KeyMic == 0) &&
204 (pKeyDesc->KeyInfo.Secure == 0) &&
205 (pKeyDesc->KeyInfo.Error == 0) &&
206 (pKeyDesc->KeyInfo.Request == 0))
207 {
208 MsgType = EAPOL_PAIR_MSG_1;
209 DBGPRINT(RT_DEBUG_TRACE, "Receive EAPOL Key Pairwise Message 1\n");
210 }
211 else if ((pKeyDesc->KeyInfo.KeyType == 1) &&
212 (pKeyDesc->KeyInfo.KeyIndex == 0) &&
213 (pKeyDesc->KeyInfo.KeyAck == 1) &&
214 (pKeyDesc->KeyInfo.KeyMic == 1) &&
215 (pKeyDesc->KeyInfo.Secure == 0) &&
216 (pKeyDesc->KeyInfo.Error == 0) &&
217 (pKeyDesc->KeyInfo.Request == 0))
218 {
219 MsgType = EAPOL_PAIR_MSG_3;
220 DBGPRINT(RT_DEBUG_TRACE, "Receive EAPOL Key Pairwise Message 3\n");
221 }
222 else if ((pKeyDesc->KeyInfo.KeyType == 0) &&
223 (pKeyDesc->KeyInfo.KeyIndex != 0) &&
224 (pKeyDesc->KeyInfo.KeyAck == 1) &&
225 (pKeyDesc->KeyInfo.KeyMic == 1) &&
226 (pKeyDesc->KeyInfo.Secure == 1) &&
227 (pKeyDesc->KeyInfo.Error == 0) &&
228 (pKeyDesc->KeyInfo.Request == 0))
229 {
230 MsgType = EAPOL_GROUP_MSG_1;
231 DBGPRINT(RT_DEBUG_TRACE, "Receive EAPOL Key Group Message 1\n");
232 }
233 else
234 DBGPRINT(RT_DEBUG_TRACE, "Receive INVALID EAPOL Key Message\n");
235
236 #ifdef BIG_ENDIAN
237 *(USHORT *)((UCHAR *)pKeyDesc+1) = SWAP16(*(USHORT *)((UCHAR *)pKeyDesc+1));
238 #endif
239
240 // We will assume link is up (assoc suceess and port not secured).
241 // All state has to be able to process message from previous state
242 switch (pAdapter->PortCfg.WpaState)
243 {
244 case SS_START:
245 if (MsgType == EAPOL_PAIR_MSG_1)
246 {
247 WpaPairMsg1Action(pAdapter, Elem);
248 pAdapter->PortCfg.WpaState = SS_WAIT_MSG_3;
249 }
250 break;
251
252 case SS_WAIT_MSG_3:
253 if (MsgType == EAPOL_PAIR_MSG_1)
254 {
255 WpaPairMsg1Action(pAdapter, Elem);
256 pAdapter->PortCfg.WpaState = SS_WAIT_MSG_3;
257 }
258 else if (MsgType == EAPOL_PAIR_MSG_3)
259 {
260 WpaPairMsg3Action(pAdapter, Elem);
261 pAdapter->PortCfg.WpaState = SS_WAIT_GROUP;
262 }
263 break;
264
265 case SS_WAIT_GROUP: // When doing group key exchange
266 case SS_FINISH: // This happened when update group key
267 if (MsgType == EAPOL_PAIR_MSG_1)
268 {
269 WpaPairMsg1Action(pAdapter, Elem);
270 pAdapter->PortCfg.WpaState = SS_WAIT_MSG_3;
271 // Reset port secured variable
272 pAdapter->PortCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
273 }
274 else if (MsgType == EAPOL_PAIR_MSG_3)
275 {
276 WpaPairMsg3Action(pAdapter, Elem);
277 pAdapter->PortCfg.WpaState = SS_WAIT_GROUP;
278 // Reset port secured variable
279 pAdapter->PortCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
280 }
281 else if (MsgType == EAPOL_GROUP_MSG_1)
282 {
283 WpaGroupMsg1Action(pAdapter, Elem);
284 pAdapter->PortCfg.WpaState = SS_FINISH;
285 }
286 break;
287
288 default:
289 break;
290 }
291
292 DBGPRINT(RT_DEBUG_TRACE, "<----- WpaEAPOLKeyAction\n");
293 }
294
295 /*
296 ========================================================================
297
298 Routine Description:
299 Process Pairwise key 4-way handshaking
300
301 Arguments:
302 pAdapter Pointer to our adapter
303 Elem Message body
304
305 Return Value:
306 None
307
308 Note:
309
310 ========================================================================
311 */
312 VOID WpaPairMsg1Action(
313 IN PRTMP_ADAPTER pAdapter,
314 IN MLME_QUEUE_ELEM *Elem)
315 {
316 PHEADER_802_11 pHeader;
317 UCHAR PTK[80];
318 UCHAR *OutBuffer = NULL;
319 HEADER_802_11 Header_802_11;
320 NDIS_STATUS NStatus;
321 UCHAR AckRate = RATE_2;
322 USHORT AckDuration = 0;
323 ULONG FrameLen = 0;
324 UCHAR EAPHEAD[8] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00,0x88,0x8e};
325 PEAPOL_PACKET pMsg1;
326 EAPOL_PACKET Packet;
327 UCHAR Mic[16];
328
329 DBGPRINT(RT_DEBUG_TRACE, "WpaPairMsg1Action ----->\n");
330
331 pHeader = (PHEADER_802_11) Elem->Msg;
332
333 // Save Data Length to pDesc for receiving packet, then put in outgoing frame Data Len fields.
334 pMsg1 = (PEAPOL_PACKET) &Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
335
336 // Process message 1 from authenticator
337 // Key must be Pairwise key, already verified at callee.
338 // 1. Save Replay counter, it will use to verify message 3 and construct message 2
339 NdisMoveMemory(pAdapter->PortCfg.ReplayCounter, pMsg1->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
340
341 // 2. Save ANonce
342 NdisMoveMemory(pAdapter->PortCfg.ANonce, pMsg1->KeyDesc.KeyNonce, LEN_KEY_DESC_NONCE);
343
344 // TSNonce <--- SNonce
345 // Generate random SNonce
346 GenRandom(pAdapter, pAdapter->PortCfg.SNonce);
347
348 // TPTK <--- Calc PTK(ANonce, TSNonce)
349 WpaCountPTK(pAdapter->PortCfg.PskKey.Key,
350 pAdapter->PortCfg.ANonce,
351 pAdapter->PortCfg.Bssid.Octet,
352 pAdapter->PortCfg.SNonce,
353 pAdapter->CurrentAddress,
354 PTK,
355 LEN_PTK);
356
357 // Save key to PTK entry
358 NdisMoveMemory(pAdapter->PortCfg.PTK, PTK, LEN_PTK);
359
360 // =====================================
361 // Use Priority Ring & MiniportMMRequest
362 // =====================================
363 pAdapter->Sequence = ((pAdapter->Sequence) + 1) & (MAX_SEQ_NUMBER);
364 WpaMacHeaderInit(pAdapter, &Header_802_11, 0, &pAdapter->PortCfg.Bssid);
365
366 // ACK size is 14 include CRC, and its rate is based on real time information
367 AckRate = pAdapter->PortCfg.ExpectedACKRate[pAdapter->PortCfg.TxRate];
368 AckDuration = RTMPCalcDuration(pAdapter, AckRate, 14);
369 Header_802_11.Controlhead.Duration = pAdapter->PortCfg.Dsifs + AckDuration;
370
371 // Zero message 2 body
372 NdisZeroMemory(&Packet, sizeof(Packet));
373 Packet.Version = EAPOL_VER;
374 Packet.Type = EAPOLKey;
375 //
376 // Message 2 as EAPOL-Key(0,1,0,0,0,P,0,SNonce,MIC,RSN IE)
377 //
378 Packet.KeyDesc.Type = RSN_KEY_DESC;
379 // 1. Key descriptor version and appropriate RSN IE
380 if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
381 {
382 Packet.KeyDesc.KeyInfo.KeyDescVer = 2;
383 Packet.KeyDesc.KeyDataLen[1] = CipherWpaPskAesLen;
384 NdisMoveMemory(Packet.KeyDesc.KeyData, CipherWpaPskAes, CipherWpaPskAesLen);
385 }
386 else // TKIP
387 {
388 Packet.KeyDesc.KeyInfo.KeyDescVer = 1;
389 Packet.KeyDesc.KeyDataLen[1] = CipherWpaPskTkipLen;
390 NdisMoveMemory(Packet.KeyDesc.KeyData, CipherWpaPskTkip, CipherWpaPskTkipLen);
391 }
392 // Update packet length after decide Key data payload
393 Packet.Len[1] = sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE + Packet.KeyDesc.KeyDataLen[1];
394
395 // 2. Key Type PeerKey
396 Packet.KeyDesc.KeyInfo.KeyType = 1;
397
398 // 3. KeyMic field presented
399 Packet.KeyDesc.KeyInfo.KeyMic = 1;
400
401 // 4. Fill SNonce
402 NdisMoveMemory(Packet.KeyDesc.KeyNonce, pAdapter->PortCfg.SNonce, LEN_KEY_DESC_NONCE);
403
404 // 5. Key Replay Count
405 NdisMoveMemory(Packet.KeyDesc.ReplayCounter, pAdapter->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY);
406
407 #ifdef BIG_ENDIAN
408 *(USHORT *)(&(Packet.KeyDesc.KeyInfo)) = SWAP16(*(USHORT *)(&(Packet.KeyDesc.KeyInfo)));
409 #endif
410
411 // Send EAPOL(0, 1, 0, 0, 0, K, 0, TSNonce, 0, MIC(TPTK), 0)
412 // Out buffer for transmitting message 2
413 NStatus = MlmeAllocateMemory(pAdapter, (PVOID)&OutBuffer); //Get an unused nonpaged memory
414 if (NStatus != NDIS_STATUS_SUCCESS)
415 return;
416
417 // Prepare EAPOL frame for MIC calculation
418 // Be careful, only EAPOL frame is counted for MIC calculation
419 MakeOutgoingFrame(OutBuffer, &FrameLen,
420 Packet.Len[1] + 4, &Packet,
421 END_OF_ARGS);
422
423 // 5. Prepare and Fill MIC value
424 NdisZeroMemory(Mic, sizeof(Mic));
425 if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
426 {
427 // AES
428 UCHAR digest[80];
429
430 HMAC_SHA1(OutBuffer, FrameLen, PTK, LEN_EAP_MICK, digest);
431 NdisMoveMemory(Mic, digest, LEN_KEY_DESC_MIC);
432 }
433 else
434 {
435 INT i;
436 DBGPRINT(RT_DEBUG_INFO, " PMK = ");
437 for (i = 0; i < 16; i++)
438 DBGPRINT(RT_DEBUG_INFO, "%2x-", pAdapter->PortCfg.PskKey.Key[i]);
439
440 DBGPRINT(RT_DEBUG_INFO, "\n PTK = ");
441 for (i = 0; i < 64; i++)
442 DBGPRINT(RT_DEBUG_INFO, "%2x-", pAdapter->PortCfg.PTK[i]);
443 DBGPRINT(RT_DEBUG_INFO, "\n FrameLen = %d\n", FrameLen);
444
445 hmac_md5(PTK, LEN_EAP_MICK, OutBuffer, FrameLen, Mic);
446 }
447 NdisMoveMemory(Packet.KeyDesc.KeyMic, Mic, LEN_KEY_DESC_MIC);
448
449 FrameLen = 0;
450 // Make Transmitting frame
451 MakeOutgoingFrame(OutBuffer, &FrameLen, sizeof(MACHDR), &Header_802_11,
452 sizeof(EAPHEAD), EAPHEAD,
453 Packet.Len[1] + 4, &Packet,
454 END_OF_ARGS);
455
456 // Send using priority queue
457 MiniportMMRequest(pAdapter, OutBuffer, FrameLen);
458
459 DBGPRINT(RT_DEBUG_TRACE, "WpaPairMsg1Action <-----\n");
460 }
461
462 /*
463 ========================================================================
464
465 Routine Description:
466 Process Pairwise key 4-way handshaking
467
468 Arguments:
469 pAdapter Pointer to our adapter
470 Elem Message body
471
472 Return Value:
473 None
474
475 Note:
476
477 ========================================================================
478 */
479 VOID WpaPairMsg3Action(
480 IN PRTMP_ADAPTER pAdapter,
481 IN MLME_QUEUE_ELEM *Elem)
482 {
483 PHEADER_802_11 pHeader;
484 UCHAR *OutBuffer = NULL;
485 HEADER_802_11 Header_802_11;
486 NDIS_STATUS NStatus;
487 UCHAR AckRate = RATE_2;
488 USHORT AckDuration = 0;
489 ULONG FrameLen = 0;
490 UCHAR EAPHEAD[8] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00,0x88,0x8e};
491 EAPOL_PACKET Packet;
492 PEAPOL_PACKET pMsg3;
493 PUCHAR pTmp;
494 UCHAR Mic[16], OldMic[16];
495 NDIS_802_11_KEY PeerKey;
496
497
498 DBGPRINT(RT_DEBUG_TRACE, "WpaPairMsg3Action ----->\n");
499
500 pHeader = (PHEADER_802_11) Elem->Msg;
501
502 // Process message 3 frame.
503 pMsg3 = (PEAPOL_PACKET) &Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
504
505 #ifdef BIG_ENDIAN
506 *(USHORT *)(&(pMsg3->KeyDesc.KeyInfo)) = SWAP16(*(USHORT *)(&(pMsg3->KeyDesc.KeyInfo)));
507 #endif
508
509 // 1. Verify RSN IE & cipher type match
510 if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
511 {
512 if (pMsg3->KeyDesc.KeyInfo.KeyDescVer != 2)
513 return;
514 pTmp = (PUCHAR) &CipherWpaPskAes;
515 }
516 else // TKIP
517 {
518 if (pMsg3->KeyDesc.KeyInfo.KeyDescVer != 1)
519 return;
520 pTmp = (PUCHAR) &CipherWpaPskTkip;
521 }
522
523 // Fix compatibility issue, when AP append nonsense data after auth mode with different size.
524 // We should qualify this kind of RSN as acceptable
525 if (!NdisEqualMemory((PUCHAR) &pMsg3->KeyDesc.KeyData[2], pTmp + 2, CipherWpaPskTkipLen - 2))
526 {
527 DBGPRINT(RT_DEBUG_ERROR, " RSN IE mismatched msg 3 of 4-way handshake!!!!!!!!!! \n");
528 return;
529 }
530 else
531 DBGPRINT(RT_DEBUG_TRACE, " RSN IE matched in msg 3 of 4-way handshake!!!!!!!!!! \n");
532
533 #ifdef BIG_ENDIAN
534 *(USHORT *)(&(pMsg3->KeyDesc.KeyInfo)) = SWAP16(*(USHORT *)(&(pMsg3->KeyDesc.KeyInfo)));
535 #endif
536
537 // 2. Check MIC value
538 // Save the MIC and replace with zero
539 NdisMoveMemory(OldMic, pMsg3->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
540 NdisZeroMemory(pMsg3->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
541 if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
542 {
543 // AES
544 UCHAR digest[80];
545
546 HMAC_SHA1((PUCHAR) pMsg3, pMsg3->Len[1] + 4, pAdapter->PortCfg.PTK, LEN_EAP_MICK, digest);
547 NdisMoveMemory(Mic, digest, LEN_KEY_DESC_MIC);
548 }
549 else
550 {
551 hmac_md5(pAdapter->PortCfg.PTK, LEN_EAP_MICK, (PUCHAR) pMsg3, pMsg3->Len[1] + 4, Mic);
552 }
553
554 if (!NdisEqualMemory(OldMic, Mic, LEN_KEY_DESC_MIC))
555 {
556 DBGPRINT(RT_DEBUG_ERROR, " MIC Different in msg 3 of 4-way handshake!!!!!!!!!! \n");
557 return;
558 }
559 else
560 DBGPRINT(RT_DEBUG_TRACE, " MIC VALID in msg 3 of 4-way handshake!!!!!!!!!! \n");
561
562 // 3. Check Replay Counter, it has to be larger than last one. No need to be exact one larger
563 if (RTMPCompareMemory(pMsg3->KeyDesc.ReplayCounter, pAdapter->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY) != 1)
564 return;
565
566 // Update new replay counter
567 NdisMoveMemory(pAdapter->PortCfg.ReplayCounter, pMsg3->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
568
569 // 4. Double check ANonce
570 if (!NdisEqualMemory(pAdapter->PortCfg.ANonce, pMsg3->KeyDesc.KeyNonce, LEN_KEY_DESC_NONCE))
571 return;
572
573 // 5. Construct Message 4
574 // =====================================
575 // Use Priority Ring & MiniportMMRequest
576 // =====================================
577 pAdapter->Sequence = ((pAdapter->Sequence) + 1) & (MAX_SEQ_NUMBER);
578 WpaMacHeaderInit(pAdapter, &Header_802_11, 0, &pAdapter->PortCfg.Bssid);
579
580 // ACK size is 14 include CRC, and its rate is based on real time information
581 AckRate = pAdapter->PortCfg.ExpectedACKRate[pAdapter->PortCfg.TxRate];
582 AckDuration = RTMPCalcDuration(pAdapter, AckRate, 14);
583 Header_802_11.Controlhead.Duration = pAdapter->PortCfg.Dsifs + AckDuration;
584
585 // Zero message 4 body
586 NdisZeroMemory(&Packet, sizeof(Packet));
587 Packet.Version = EAPOL_VER;
588 Packet.Type = EAPOLKey;
589 Packet.Len[1] = sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE; // No data field
590
591 //
592 // Message 4 as EAPOL-Key(0,1,0,0,0,P,0,0,MIC,0)
593 //
594 Packet.KeyDesc.Type = RSN_KEY_DESC;
595
596 #ifdef BIG_ENDIAN
597 *(USHORT *)(&(pMsg3->KeyDesc.KeyInfo)) = SWAP16(*(USHORT *)(&(pMsg3->KeyDesc.KeyInfo)));
598 #endif
599
600 // Key descriptor version and appropriate RSN IE
601 Packet.KeyDesc.KeyInfo.KeyDescVer = pMsg3->KeyDesc.KeyInfo.KeyDescVer;
602
603 // Key Type PeerKey
604 Packet.KeyDesc.KeyInfo.KeyType = 1;
605
606 // KeyMic field presented
607 Packet.KeyDesc.KeyInfo.KeyMic = 1;
608
609 // Key Replay count
610 NdisMoveMemory(Packet.KeyDesc.ReplayCounter, pMsg3->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
611 #ifdef BIG_ENDIAN
612 *(USHORT *)&Packet.KeyDesc.KeyInfo = SWAP16(*(USHORT *)&Packet.KeyDesc.KeyInfo);
613 #endif
614
615 // Out buffer for transmitting message 4
616 NStatus = MlmeAllocateMemory(pAdapter, (PVOID)&OutBuffer); //Get an unused nonpaged memory
617 if (NStatus != NDIS_STATUS_SUCCESS)
618 return;
619
620 // Prepare EAPOL frame for MIC calculation
621 // Be careful, only EAPOL frame is counted for MIC calculation
622 MakeOutgoingFrame(OutBuffer, &FrameLen,
623 Packet.Len[1] + 4, &Packet,
624 END_OF_ARGS);
625
626 // Prepare and Fill MIC value
627 NdisZeroMemory(Mic, sizeof(Mic));
628 if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
629 {
630 // AES
631 UCHAR digest[80];
632
633 HMAC_SHA1(OutBuffer, FrameLen, pAdapter->PortCfg.PTK, LEN_EAP_MICK, digest);
634 NdisMoveMemory(Mic, digest, LEN_KEY_DESC_MIC);
635 }
636 else
637 {
638 hmac_md5(pAdapter->PortCfg.PTK, LEN_EAP_MICK, OutBuffer, FrameLen, Mic);
639 }
640 NdisMoveMemory(Packet.KeyDesc.KeyMic, Mic, LEN_KEY_DESC_MIC);
641
642 FrameLen = 0;
643
644 // Make Transmitting frame
645 MakeOutgoingFrame(OutBuffer, &FrameLen, sizeof(MACHDR), &Header_802_11,
646 sizeof(EAPHEAD), EAPHEAD,
647 Packet.Len[1] + 4, &Packet,
648 END_OF_ARGS);
649
650 // 6. Send Message 4 to authenticator
651 // Send using priority queue
652 MiniportMMRequest(pAdapter, OutBuffer, FrameLen);
653
654 // 7. Update PTK
655 NdisZeroMemory(&PeerKey, sizeof(PeerKey));
656 PeerKey.Length = sizeof(PeerKey);
657 PeerKey.KeyIndex = 0xe0000000;
658 PeerKey.KeyLength = 16;
659 NdisMoveMemory(PeerKey.BSSID, pAdapter->PortCfg.Bssid.Octet, 6);
660 NdisMoveMemory(&PeerKey.KeyRSC, pMsg3->KeyDesc.KeyRsc, LEN_KEY_DESC_RSC);
661 NdisMoveMemory(PeerKey.KeyMaterial, &pAdapter->PortCfg.PTK[32], 32);
662 // Call Add peer key function
663 RTMPWPAAddKeyProc(pAdapter, &PeerKey);
664
665 DBGPRINT(RT_DEBUG_TRACE, "WpaPairMsg3Action <-----\n");
666 }
667
668
669 /*
670 ========================================================================
671
672 Routine Description:
673 Process Group key 2-way handshaking
674
675 Arguments:
676 pAdapter Pointer to our adapter
677 Elem Message body
678
679 Return Value:
680 None
681
682 Note:
683
684 ========================================================================
685 */
686 VOID WpaGroupMsg1Action(
687 IN PRTMP_ADAPTER pAdapter,
688 IN MLME_QUEUE_ELEM *Elem)
689 {
690 PHEADER_802_11 pHeader;
691 UCHAR *OutBuffer = NULL;
692 HEADER_802_11 Header_802_11;
693 NDIS_STATUS NStatus;
694 UCHAR AckRate = RATE_2;
695 USHORT AckDuration = 0;
696 ULONG FrameLen = 0;
697 UCHAR EAPHEAD[8] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00,0x88,0x8e};
698 EAPOL_PACKET Packet;
699 PEAPOL_PACKET pGroup;
700 UCHAR Mic[16], OldMic[16];
701 UCHAR GTK[32], Key[32];
702 NDIS_802_11_KEY GroupKey;
703
704
705 DBGPRINT(RT_DEBUG_TRACE, "WpaGroupMsg1Action ----->\n");
706
707 pHeader = (PHEADER_802_11) Elem->Msg;
708
709 // Process Group message 1 frame.
710 pGroup = (PEAPOL_PACKET) &Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
711
712 // 1. Verify Replay counter
713 // Check Replay Counter, it has to be larger than last one. No need to be exact one larger
714 if (RTMPCompareMemory(pGroup->KeyDesc.ReplayCounter, pAdapter->PortCfg.ReplayCounter, LEN_KEY_DESC_REPLAY) != 1)
715 return;
716
717 // Update new replay counter
718 NdisMoveMemory(pAdapter->PortCfg.ReplayCounter, pGroup->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
719
720 // 2. Verify MIC is valid
721 // Save the MIC and replace with zero
722 NdisMoveMemory(OldMic, pGroup->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
723 NdisZeroMemory(pGroup->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
724 if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
725 {
726 // AES
727 UCHAR digest[80];
728
729 HMAC_SHA1((PUCHAR) pGroup, pGroup->Len[1] + 4, pAdapter->PortCfg.PTK, LEN_EAP_MICK, digest);
730 NdisMoveMemory(Mic, digest, LEN_KEY_DESC_MIC);
731 }
732 else
733 {
734 hmac_md5(pAdapter->PortCfg.PTK, LEN_EAP_MICK, (PUCHAR) pGroup, pGroup->Len[1] + 4, Mic);
735 }
736
737 if (!NdisEqualMemory(OldMic, Mic, LEN_KEY_DESC_MIC))
738 {
739 DBGPRINT(RT_DEBUG_ERROR, " MIC Different in group msg 1 of 2-way handshake!!!!!!!!!! \n");
740 return;
741 }
742 else
743 DBGPRINT(RT_DEBUG_TRACE, " MIC VALID in group msg 1 of 2-way handshake!!!!!!!!!! \n");
744
745 #ifdef BIG_ENDIAN
746 *(USHORT *)(&(pGroup->KeyDesc.KeyInfo)) = SWAP16(*(USHORT *)(&(pGroup->KeyDesc.KeyInfo)));
747 #endif
748
749 // 3. Decrypt GTK from Key Data
750 if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
751 {
752 if (pGroup->KeyDesc.KeyInfo.KeyDescVer != 2)
753 return;
754 // Decrypt AES GTK
755 AES_GTK_KEY_UNWRAP(&pAdapter->PortCfg.PTK[16], GTK, pGroup->KeyDesc.KeyData);
756 }
757 else // TKIP
758 {
759 INT i;
760
761 if (pGroup->KeyDesc.KeyInfo.KeyDescVer != 1)
762 return;
763 // Decrypt TKIP GTK
764 // Construct 32 bytes RC4 Key
765 NdisMoveMemory(Key, pGroup->KeyDesc.KeyIv, 16);
766 NdisMoveMemory(&Key[16], &pAdapter->PortCfg.PTK[16], 16);
767 ARCFOUR_INIT(&pAdapter->PrivateInfo.WEPCONTEXT, Key, 32);
768 //discard first 256 bytes
769 for (i = 0; i < 256; i++)
770 ARCFOUR_BYTE(&pAdapter->PrivateInfo.WEPCONTEXT);
771 // Decrypt GTK. Becareful, there is no ICV to check the result is correct or not
772 ARCFOUR_DECRYPT(&pAdapter->PrivateInfo.WEPCONTEXT, GTK, pGroup->KeyDesc.KeyData, 32);
773 }
774
775 // 4. Construct Group Message 2
776 pAdapter->Sequence = ((pAdapter->Sequence) + 1) & (MAX_SEQ_NUMBER);
777 WpaMacHeaderInit(pAdapter, &Header_802_11, 1, &pAdapter->PortCfg.Bssid);
778
779 // ACK size is 14 include CRC, and its rate is based on real time information
780 AckRate = pAdapter->PortCfg.ExpectedACKRate[pAdapter->PortCfg.TxRate];
781 AckDuration = RTMPCalcDuration(pAdapter, AckRate, 14);
782 Header_802_11.Controlhead.Duration = pAdapter->PortCfg.Dsifs + AckDuration;
783
784 // Zero Group message 1 body
785 NdisZeroMemory(&Packet, sizeof(Packet));
786 Packet.Version = EAPOL_VER;
787 Packet.Type = EAPOLKey;
788 Packet.Len[1] = sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE; // No data field
789
790 //
791 // Group Message 2 as EAPOL-Key(1,0,0,0,G,0,0,MIC,0)
792 //
793 Packet.KeyDesc.Type = RSN_KEY_DESC;
794
795 // Key descriptor version and appropriate RSN IE
796 Packet.KeyDesc.KeyInfo.KeyDescVer = pGroup->KeyDesc.KeyInfo.KeyDescVer;
797
798 // Key Type Group key
799 Packet.KeyDesc.KeyInfo.KeyType = 0;
800
801 // KeyMic field presented
802 Packet.KeyDesc.KeyInfo.KeyMic = 1;
803
804 // Secure bit is 1
805 Packet.KeyDesc.KeyInfo.Secure = 1;
806
807 // Key Replay count
808 NdisMoveMemory(Packet.KeyDesc.ReplayCounter, pGroup->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
809
810 #ifdef BIG_ENDIAN
811 *(USHORT *)(&(Packet.KeyDesc.KeyInfo)) = SWAP16(*(USHORT *)(&(Packet.KeyDesc.KeyInfo)));
812 #endif
813
814 // Out buffer for transmitting group message 2
815 NStatus = MlmeAllocateMemory(pAdapter, (PVOID)&OutBuffer); //Get an unused nonpaged memory
816 if (NStatus != NDIS_STATUS_SUCCESS)
817 return;
818
819 // Prepare EAPOL frame for MIC calculation
820 // Be careful, only EAPOL frame is counted for MIC calculation
821 MakeOutgoingFrame(OutBuffer, &FrameLen,
822 Packet.Len[1] + 4, &Packet,
823 END_OF_ARGS);
824
825 // Prepare and Fill MIC value
826 NdisZeroMemory(Mic, sizeof(Mic));
827 if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
828 {
829 // AES
830 UCHAR digest[80];
831
832 HMAC_SHA1(OutBuffer, FrameLen, pAdapter->PortCfg.PTK, LEN_EAP_MICK, digest);
833 NdisMoveMemory(Mic, digest, LEN_KEY_DESC_MIC);
834 }
835 else
836 {
837 INT i;
838 DBGPRINT(RT_DEBUG_INFO, "PTK = ");
839 for (i = 0; i < 64; i++)
840 DBGPRINT(RT_DEBUG_INFO, "%2x-", pAdapter->PortCfg.PTK[i]);
841 DBGPRINT(RT_DEBUG_INFO, "\n FrameLen = %d\n", FrameLen);
842
843 hmac_md5(pAdapter->PortCfg.PTK, LEN_EAP_MICK, OutBuffer, FrameLen, Mic);
844 }
845 NdisMoveMemory(Packet.KeyDesc.KeyMic, Mic, LEN_KEY_DESC_MIC);
846
847 FrameLen = 0;
848 // Make Transmitting frame
849 MakeOutgoingFrame(OutBuffer, &FrameLen, sizeof(MACHDR), &Header_802_11,
850 sizeof(EAPHEAD), EAPHEAD,
851 Packet.Len[1] + 4, &Packet,
852 END_OF_ARGS);
853
854 // 5. Copy frame to Tx ring and prepare for encryption
855 WpaHardEncrypt(pAdapter, OutBuffer, FrameLen);
856
857 // 6 Free allocated memory
858 MlmeFreeMemory(pAdapter, OutBuffer);
859
860 // 6. Update GTK
861 NdisZeroMemory(&GroupKey, sizeof(GroupKey));
862 GroupKey.Length = sizeof(GroupKey);
863 GroupKey.KeyIndex = 0x20000000 | pGroup->KeyDesc.KeyInfo.KeyIndex;
864 GroupKey.KeyLength = 16;
865 NdisMoveMemory(GroupKey.BSSID, pAdapter->PortCfg.Bssid.Octet, 6);
866 NdisMoveMemory(GroupKey.KeyMaterial, GTK, 32);
867 // Call Add peer key function
868 RTMPWPAAddKeyProc(pAdapter, &GroupKey);
869
870 DBGPRINT(RT_DEBUG_TRACE, "WpaGroupMsg1Action <-----\n");
871 }
872 /*
873 ========================================================================
874
875 Routine Description:
876 Init WPA MAC header
877
878 Arguments:
879 pAdapter Pointer to our adapter
880
881 Return Value:
882 None
883
884 Note:
885
886 ========================================================================
887 */
888 VOID WpaMacHeaderInit(
889 IN PRTMP_ADAPTER pAd,
890 IN OUT PHEADER_802_11 Hdr,
891 IN UCHAR wep,
892 IN PMACADDR pAddr1)
893 {
894 NdisZeroMemory(Hdr, sizeof(HEADER_802_11));
895 Hdr->Controlhead.Frame.Type = BTYPE_DATA;
896 Hdr->Controlhead.Frame.ToDs = 1;
897 if (wep == 1)
898 Hdr->Controlhead.Frame.Wep = 1;
899
900 // Addr1: DA, Addr2: BSSID, Addr3: SA
901 COPY_MAC_ADDR(&Hdr->Controlhead.Addr1, pAddr1);
902 COPY_MAC_ADDR(&Hdr->Controlhead.Addr2, &pAd->CurrentAddress);
903 COPY_MAC_ADDR(&Hdr->Addr3, &pAd->PortCfg.Bssid);
904 Hdr->Sequence = pAd->Sequence;
905 }
906
907 /*
908 ========================================================================
909
910 Routine Description:
911 Copy frame from waiting queue into relative ring buffer and set
912 appropriate ASIC register to kick hardware encryption before really
913 sent out to air.
914
915 Arguments:
916 pAdapter Pointer to our adapter
917 PNDIS_PACKET Pointer to outgoing Ndis frame
918 NumberOfFrag Number of fragment required
919
920 Return Value:
921 None
922
923 Note:
924
925 ========================================================================
926 */
927 VOID WpaHardEncrypt(
928 IN PRTMP_ADAPTER pAdapter,
929 IN PUCHAR pPacket,
930 IN ULONG Len)
931 {
932 UCHAR FrameGap;
933 PUCHAR pDest;
934 PUCHAR pSrc;
935 UCHAR CipherAlg = CIPHER_NONE;
936 PTXD_STRUC pTxD;
937 #ifdef BIG_ENDIAN
938 TXD_STRUC TxD;
939 PTXD_STRUC pDestTxD;
940 PUCHAR pOriginDest;
941 #endif
942 ULONG Iv16;
943 ULONG Iv32;
944 PWPA_KEY pWpaKey = NULL;
945 UCHAR RetryMode = SHORT_RETRY;
946 static UCHAR Priority[4] = {"\x00\x00\x00\x00"};
947 INT idx;
948 PHEADER_802_11 pHeader;
949 ULONG IrqFlags;
950
951 // Make sure Tx ring resource won't be used by other threads
952 NdisAcquireSpinLock(&pAdapter->TxRingLock, IrqFlags);
953
954 FrameGap = IFS_BACKOFF; // Default frame gap mode
955
956 // outgoing frame always wakeup PHY to prevent frame lost and
957 // turn off PSM bit to improve performance
958 if (pAdapter->PortCfg.Psm == PWR_SAVE)
959 {
960 MlmeSetPsmBit(pAdapter, PWR_ACTIVE);
961 }
962 AsicForceWakeup(pAdapter);
963
964 pAdapter->TxRing[pAdapter->CurEncryptIndex].FrameType = BTYPE_DATA;
965
966 pSrc = pPacket; // Point to start of MSDU
967
968 #if 0
969 pWpaKey = (PWPA_KEY) &pAdapter->PortCfg.PairwiseKey[0];
970 pWpaKey->Type = PAIRWISE_KEY;
971 #else
972 pHeader = (PHEADER_802_11) pSrc;
973
974 for (idx = 0; idx < PAIRWISE_KEY_NO; idx++)
975 {
976 if ((NdisEqualMemory(&pHeader->Controlhead.Addr1, pAdapter->PortCfg.PairwiseKey[idx].BssId, 6)) &&
977 (pAdapter->PortCfg.PairwiseKey[idx].KeyLen != 0))
978 {
979 pWpaKey = (PWPA_KEY) &pAdapter->PortCfg.PairwiseKey[idx];
980 pWpaKey->Type = PAIRWISE_KEY;
981 DBGPRINT(RT_DEBUG_TRACE, "WpaHardEncrypt:(U) Tx Use Pairwise Key(%d)\n", idx);
982 break;
983 }
984 }
985 #endif
986
987 if (pWpaKey == NULL)
988 {
989 // No pairwise key, this should not happen
990 DBGPRINT(RT_DEBUG_ERROR, "WpaHardEncrypt: No pairwise key!!!!!!!!!!!\n");
991 NdisReleaseSpinLock(&pAdapter->TxRingLock, IrqFlags);
992 return;
993 }
994
995 // Get the Tx Ring descriptor & Dma Buffer address
996 pDest = (PUCHAR) pAdapter->TxRing[pAdapter->CurEncryptIndex].va_data_addr;
997 #ifndef BIG_ENDIAN
998 pTxD = (PTXD_STRUC) pAdapter->TxRing[pAdapter->CurEncryptIndex].va_addr;
999 #else
1000 pOriginDest = pDest;
1001 pDestTxD = (PTXD_STRUC) pAdapter->TxRing[pAdapter->CurEncryptIndex].va_addr;
1002 TxD = *pDestTxD;
1003 pTxD = &TxD;
1004 RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
1005 #endif
1006
1007 if ((pTxD->Owner == DESC_OWN_NIC) || (pTxD->CipherOwn == DESC_OWN_NIC))
1008 {
1009 // Descriptor owned by NIC. No descriptor avaliable
1010 // This should not happen since caller guaranteed.
1011 // Make sure to release Tx ring resource
1012 DBGPRINT(RT_DEBUG_ERROR, "WpaHardEncrypt: Descriptor owned by NIC. No descriptor avaliable!!!!!!!!!!!\n");
1013 pAdapter->RalinkCounters.TxRingErrCount++;
1014 NdisReleaseSpinLock(&pAdapter->TxRingLock, IrqFlags);
1015 return;
1016 }
1017 if (pTxD->Valid == TRUE)
1018 {
1019 // Ndis packet of last round did not cleared.
1020 // This should not happen since caller guaranteed.
1021 // Make sure to release Tx ring resource
1022 pTxD->Valid = FALSE;
1023
1024 #ifdef BIG_ENDIAN
1025 RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
1026 *pDestTxD = TxD;
1027 #endif
1028 DBGPRINT(RT_DEBUG_ERROR, "WpaHardEncrypt: Ndis packet of last round did not cleared!!!!!!!!!!!\n");
1029 pAdapter->RalinkCounters.TxRingErrCount++;
1030 NdisReleaseSpinLock(&pAdapter->TxRingLock, IrqFlags);
1031 return;
1032 }
1033
1034 // Copy whole frame to Tx ring buffer
1035 NdisMoveMemory(pDest, pPacket, Len);
1036 pDest += Len;
1037
1038 if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption2Enabled)
1039 {
1040 INT i;
1041
1042 i = 0;
1043 // Prepare 8 bytes TKIP encapsulation for MPDU
1044 {
1045 TKIP_IV tkipIv;
1046
1047 tkipIv.IV16.field.rc0 = *(pWpaKey->TxTsc + 1);
1048 tkipIv.IV16.field.rc1 = (tkipIv.IV16.field.rc0 | 0x20) & 0x7f;
1049 tkipIv.IV16.field.rc2 = *pWpaKey->TxTsc;
1050
1051 tkipIv.IV16.field.Rsvd = 0;
1052 tkipIv.IV16.field.ExtIV = 1; // 0: non-extended IV, 1: an extended IV
1053 tkipIv.IV16.field.KeyID = 0;
1054
1055 //tkipIv.IV32 = *(PULONG)(pWpaKey->TxTsc + 2);
1056 NdisMoveMemory(&tkipIv.IV32, &pWpaKey->TxTsc[2], 4);
1057
1058 #ifdef BIG_ENDIAN
1059 pTxD->Iv = SWAP32(tkipIv.IV16.word);
1060 #else
1061 pTxD->Iv = tkipIv.IV16.word;
1062 #endif
1063
1064 *((PUCHAR) &pTxD->Eiv) = *((PUCHAR) &tkipIv.IV32 + 3);
1065 *((PUCHAR) &pTxD->Eiv + 1) = *((PUCHAR) &tkipIv.IV32 + 2);
1066 *((PUCHAR) &pTxD->Eiv + 2) = *((PUCHAR) &tkipIv.IV32 + 1);
1067 *((PUCHAR) &pTxD->Eiv + 3) = *((PUCHAR) &tkipIv.IV32);
1068 }
1069
1070 // Increase TxTsc value for next transmission
1071 while (++pWpaKey->TxTsc[i] == 0x0)
1072 {
1073 i++;
1074 if (i == 6)
1075 break;
1076 }
1077
1078 // Set IV offset
1079 pTxD->IvOffset = LENGTH_802_11;
1080
1081 // Copy TKey
1082 NdisMoveMemory(pTxD->Key, pWpaKey->Key, 16);
1083
1084 // Set Cipher suite
1085 CipherAlg = CIPHER_TKIP;
1086
1087 // Calculate MIC value
1088 // Init MIC value calculation and reset the message
1089 pAdapter->PrivateInfo.Tx.L = RTMPTkipGetUInt32(pWpaKey->TxMic);
1090 pAdapter->PrivateInfo.Tx.R = RTMPTkipGetUInt32(pWpaKey->TxMic + 4);
1091 pAdapter->PrivateInfo.Tx.nBytesInM = 0;
1092 pAdapter->PrivateInfo.Tx.M = 0;
1093
1094 // DA & SA field
1095 RTMPTkipAppend(&pAdapter->PrivateInfo.Tx, pSrc + 4, 12);
1096
1097 // Priority + 3 bytes of 0
1098 RTMPTkipAppend(&pAdapter->PrivateInfo.Tx, Priority, 4);
1099
1100 pSrc += LENGTH_802_11;
1101 RTMPTkipAppend(&pAdapter->PrivateInfo.Tx, pSrc, Len - LENGTH_802_11);
1102 RTMPTkipGetMIC(&pAdapter->PrivateInfo.Tx);
1103 // Append MIC
1104 NdisMoveMemory(pDest, pAdapter->PrivateInfo.Tx.MIC, 8);
1105 Len += 8;
1106 // IV + EIV + ICV which ASIC added after encryption done
1107 Len += 12;
1108 }
1109 else if (pAdapter->PortCfg.WepStatus == Ndis802_11Encryption3Enabled)
1110 {
1111 INT i;
1112 PUCHAR pTmp;
1113
1114 i = 0;
1115 pTmp = (PUCHAR) &Iv16;
1116 *pTmp = pWpaKey->TxTsc[0];
1117 *(pTmp + 1) = pWpaKey->TxTsc[1];
1118 *(pTmp + 2) = 0;
1119 *(pTmp + 3) = 0x20;
1120
1121 Iv32 = *(PULONG)(&pWpaKey->TxTsc[2]);
1122
1123 // Increase TxTsc value for next transmission
1124 while (++pWpaKey->TxTsc[i] == 0x0)
1125 {
1126 i++;
1127 if (i == 6)
1128 break;
1129 }
1130
1131 // Copy IV
1132 NdisMoveMemory(&pTxD->Iv, &Iv16, 4);
1133
1134 // Copy EIV
1135 NdisMoveMemory(&pTxD->Eiv, &Iv32, 4);
1136
1137 // Set IV offset
1138 pTxD->IvOffset = LENGTH_802_11;
1139
1140 // Copy TKey
1141 NdisMoveMemory(pTxD->Key, pWpaKey->Key, 16);
1142
1143 // Set Cipher suite
1144 CipherAlg = CIPHER_AES;
1145
1146 // IV + EIV + HW MIC
1147 Len += 16;
1148 }
1149
1150 #ifdef BIG_ENDIAN
1151 RTMPFrameEndianChange(pAdapter, pOriginDest, DIR_WRITE, FALSE);
1152 RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
1153 *pDestTxD = TxD;
1154 pTxD = pDestTxD;
1155 #endif
1156
1157 RTMPWriteTxDescriptor(pTxD, TRUE, CipherAlg, TRUE, FALSE, FALSE, RetryMode, FrameGap,
1158 pAdapter->PortCfg.TxRate, 4, Len, pAdapter->PortCfg.TxPreambleInUsed, 0);
1159
1160 // Increase & maintain Tx Ring Index
1161 pAdapter->CurEncryptIndex++;
1162 if (pAdapter->CurEncryptIndex >= TX_RING_SIZE)
1163 {
1164 pAdapter->CurEncryptIndex = 0;
1165 }
1166 pAdapter->RalinkCounters.EncryptCount++;
1167
1168 // Kick Encrypt Control Register at the end of all ring buffer preparation
1169 RTMP_IO_WRITE32(pAdapter, SECCSR1, 0x1);
1170
1171 // Make sure to release Tx ring resource
1172 NdisReleaseSpinLock(&pAdapter->TxRingLock, IrqFlags);
1173 }
1174
1175 /*
1176 ========================================================================
1177
1178 Routine Description:
1179 SHA1 function
1180
1181 Arguments:
1182
1183 Return Value:
1184
1185 Note:
1186
1187 ========================================================================
1188 */
1189 VOID HMAC_SHA1(
1190 IN UCHAR *text,
1191 IN UINT text_len,
1192 IN UCHAR *key,
1193 IN UINT key_len,
1194 IN UCHAR *digest)
1195 {
1196 SHA_CTX context;
1197 UCHAR k_ipad[65]; /* inner padding - key XORd with ipad */
1198 UCHAR k_opad[65]; /* outer padding - key XORd with opad */
1199 INT i;
1200
1201 // if key is longer than 64 bytes reset it to key=SHA1(key)
1202 if (key_len > 64)
1203 {
1204 SHA_CTX tctx;
1205 SHAInit(&tctx);
1206 SHAUpdate(&tctx, key, key_len);
1207 SHAFinal(&tctx, key);
1208 key_len = 20;
1209 }
1210 NdisZeroMemory(k_ipad, sizeof(k_ipad));
1211 NdisZeroMemory(k_opad, sizeof(k_opad));
1212 NdisMoveMemory(k_ipad, key, key_len);
1213 NdisMoveMemory(k_opad, key, key_len);
1214
1215 // XOR key with ipad and opad values
1216 for (i = 0; i < 64; i++)
1217 {
1218 k_ipad[i] ^= 0x36;
1219 k_opad[i] ^= 0x5c;
1220 }
1221
1222 // perform inner SHA1
1223 SHAInit(&context); /* init context for 1st pass */
1224 SHAUpdate(&context, k_ipad, 64); /* start with inner pad */
1225 SHAUpdate(&context, text, text_len); /* then text of datagram */
1226 SHAFinal(&context, digest); /* finish up 1st pass */
1227
1228 //perform outer SHA1
1229 SHAInit(&context); /* init context for 2nd pass */
1230 SHAUpdate(&context, k_opad, 64); /* start with outer pad */
1231 SHAUpdate(&context, digest, 20); /* then results of 1st hash */
1232 SHAFinal(&context, digest); /* finish up 2nd pass */
1233 }
1234
1235 /*
1236 ========================================================================
1237
1238 Routine Description:
1239 PRF function
1240
1241 Arguments:
1242
1243 Return Value:
1244
1245 Note:
1246 802.1i Annex F.9
1247
1248 ========================================================================
1249 */
1250 VOID PRF(
1251 IN UCHAR *key,
1252 IN INT key_len,
1253 IN UCHAR *prefix,
1254 IN INT prefix_len,
1255 IN UCHAR *data,
1256 IN INT data_len,
1257 OUT UCHAR *output,
1258 IN INT len)
1259 {
1260 INT i;
1261 UCHAR input[1024];
1262 INT currentindex = 0;
1263 INT total_len;
1264
1265 NdisMoveMemory(input, prefix, prefix_len);
1266 input[prefix_len] = 0;
1267 NdisMoveMemory(&input[prefix_len + 1], data, data_len);
1268 total_len = prefix_len + 1 + data_len;
1269 input[total_len] = 0;
1270 total_len++;
1271 for (i = 0; i < (len + 19) / 20; i++)
1272 {
1273 HMAC_SHA1(input, total_len, key, key_len, &output[currentindex]);
1274 currentindex += 20;
1275 input[total_len - 1]++;
1276 }
1277 }
1278
1279 /*
1280 ========================================================================
1281
1282 Routine Description:
1283 Count TPTK from PMK
1284
1285 Arguments:
1286
1287 Return Value:
1288 Output Store the TPTK
1289
1290 Note:
1291
1292 ========================================================================
1293 */
1294 VOID WpaCountPTK(
1295 IN UCHAR *PMK,
1296 IN UCHAR *ANonce,
1297 IN UCHAR *AA,
1298 IN UCHAR *SNonce,
1299 IN UCHAR *SA,
1300 OUT UCHAR *output,
1301 IN UINT len)
1302 {
1303 UCHAR concatenation[76];
1304 UINT CurrPos = 0;
1305 UCHAR temp[32];
1306 UCHAR Prefix[] = {'P', 'a', 'i', 'r', 'w', 'i', 's', 'e', ' ', 'k', 'e', 'y', ' ',
1307 'e', 'x', 'p', 'a', 'n', 's', 'i', 'o', 'n'};
1308
1309 NdisZeroMemory(temp, sizeof(temp));
1310
1311 // Get smaller address
1312 if (RTMPCompareMemory(SA, AA, 6) == 1)
1313 NdisMoveMemory(concatenation, AA, 6);
1314 else
1315 NdisMoveMemory(concatenation, SA, 6);
1316 CurrPos += 6;
1317
1318 // Get larger address
1319 if (RTMPCompareMemory(SA, AA, 6) == 1)
1320 NdisMoveMemory(&concatenation[CurrPos], SA, 6);
1321 else
1322 NdisMoveMemory(&concatenation[CurrPos], AA, 6);
1323 CurrPos += 6;
1324
1325 // Get smaller address
1326 if (RTMPCompareMemory(ANonce, SNonce, 32) == 1)
1327 NdisMoveMemory(&concatenation[CurrPos], SNonce, 32);
1328 else
1329 NdisMoveMemory(&concatenation[CurrPos], ANonce, 32);
1330 CurrPos += 32;
1331
1332 // Get larger address
1333 if (RTMPCompareMemory(ANonce, SNonce, 32) == 1)
1334 NdisMoveMemory(&concatenation[CurrPos], ANonce, 32);
1335 else
1336 NdisMoveMemory(&concatenation[CurrPos], SNonce, 32);
1337 CurrPos += 32;
1338
1339 PRF(PMK, LEN_MASTER_KEY, Prefix, 22, concatenation, 76 , output, len);
1340 }
1341
1342 /*
1343 ========================================================================
1344
1345 Routine Description:
1346 Misc function to Generate random number
1347
1348 Arguments:
1349
1350 Return Value:
1351
1352 Note:
1353 802.1i Annex F.9
1354
1355 ========================================================================
1356 */
1357 VOID GenRandom(
1358 IN PRTMP_ADAPTER pAd,
1359 OUT UCHAR *random)
1360 {
1361 INT i, curr;
1362 UCHAR local[80], KeyCounter[32];
1363 UCHAR result[80];
1364 ULONG CurrentTime;
1365 UCHAR prefix[] = {'I', 'n', 'i', 't', ' ', 'C', 'o', 'u', 'n', 't', 'e', 'r'};
1366
1367 NdisZeroMemory(result, 80);
1368 NdisZeroMemory(local, 80);
1369 NdisZeroMemory(KeyCounter, 32);
1370 NdisMoveMemory(local, pAd->CurrentAddress, ETH_LENGTH_OF_ADDRESS);
1371
1372 for (i = 0; i < 32; i++)
1373 {
1374 curr = ETH_LENGTH_OF_ADDRESS;
1375 CurrentTime = jiffies;
1376 NdisMoveMemory(local, pAd->CurrentAddress, ETH_LENGTH_OF_ADDRESS);
1377 curr += ETH_LENGTH_OF_ADDRESS;
1378 NdisMoveMemory(&local[curr], &CurrentTime, sizeof(CurrentTime));
1379 curr += sizeof(CurrentTime);
1380 NdisMoveMemory(&local[curr], result, 32);
1381 curr += 32;
1382 NdisMoveMemory(&local[curr], &i, 2);
1383 curr += 2;
1384 PRF(KeyCounter, 32, prefix,12, local, curr, result, 32);
1385 }
1386 NdisMoveMemory(random, result, 32);
1387 }
1388
1389 /*
1390 ========================================================================
1391
1392 Routine Description:
1393 Misc function to decrypt AES body
1394
1395 Arguments:
1396
1397 Return Value:
1398
1399 Note:
1400 This function references to RFC 3394 for aes key unwrap algorithm.
1401
1402 ========================================================================
1403 */
1404 VOID AES_GTK_KEY_UNWRAP(
1405 IN UCHAR *key,
1406 OUT UCHAR *plaintext,
1407 IN UCHAR *ciphertext)
1408 {
1409 UCHAR A[8], BIN[16], BOUT[16];
1410 UCHAR R1[8],R2[8];
1411 UCHAR xor;
1412 INT num_blocks = 2;
1413 INT j;
1414 aes_context aesctx;
1415
1416 // Initialize
1417 // A = C[0]
1418 NdisMoveMemory(A, ciphertext, 8);
1419 // R1 = C1
1420 NdisMoveMemory(R1, &ciphertext[8], 8);
1421 // R2 = C2
1422 NdisMoveMemory(R2, &ciphertext[16], 8);
1423
1424 aes_set_key(&aesctx, key, 128);
1425
1426 for (j = 5; j >= 0; j--)
1427 {
1428 xor = num_blocks * j + 2;
1429 NdisMoveMemory(BIN, A, 8);
1430 BIN[7] = A[7] ^ xor;
1431 NdisMoveMemory(&BIN[8], R2, 8);
1432 aes_decrypt(&aesctx, BIN, BOUT);
1433 NdisMoveMemory(A, &BOUT[0], 8);
1434 NdisMoveMemory(R2, &BOUT[8], 8);
1435
1436 xor = num_blocks * j + 1;
1437 NdisMoveMemory(BIN, A, 8);
1438 BIN[7] = A[7] ^ xor;
1439 NdisMoveMemory(&BIN[8], R1, 8);
1440 aes_decrypt(&aesctx, BIN, BOUT);
1441 NdisMoveMemory(A, &BOUT[0], 8);
1442 NdisMoveMemory(R1, &BOUT[8], 8);
1443 }
1444
1445 // OUTPUT
1446 NdisMoveMemory(&plaintext[0], R1, 8);
1447 NdisMoveMemory(&plaintext[8], R2, 8);
1448 }
MOXA 2.6.9 from sdlinux-moxaart.tgz