1 /** \file admCtrl.c 2 * \brief Admission control API implimentation 3 * 4 * \see admCtrl.h 5 */ 6 /**************************************************************************** 7 **+-----------------------------------------------------------------------+** 8 **| |** 9 **| Copyright(c) 1998 - 2008 Texas Instruments. All rights reserved. |** 10 **| All rights reserved. |** 11 **| |** 12 **| Redistribution and use in source and binary forms, with or without |** 13 **| modification, are permitted provided that the following conditions |** 14 **| are met: |** 15 **| |** 16 **| * Redistributions of source code must retain the above copyright |** 17 **| notice, this list of conditions and the following disclaimer. |** 18 **| * Redistributions in binary form must reproduce the above copyright |** 19 **| notice, this list of conditions and the following disclaimer in |** 20 **| the documentation and/or other materials provided with the |** 21 **| distribution. |** 22 **| * Neither the name Texas Instruments nor the names of its |** 23 **| contributors may be used to endorse or promote products derived |** 24 **| from this software without specific prior written permission. |** 25 **| |** 26 **| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |** 27 **| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |** 28 **| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |** 29 **| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |** 30 **| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |** 31 **| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |** 32 **| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |** 33 **| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |** 34 **| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |** 35 **| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |** 36 **| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |** 37 **| |** 38 **+-----------------------------------------------------------------------+** 39 ****************************************************************************/ 40 41 /**************************************************************************** 42 * * 43 * MODULE: Admission Control * 44 * PURPOSE: Admission Control Module API * 45 * * 46 ****************************************************************************/ 47 48 #include "osApi.h" 49 50 #include "utils.h" 51 #include "paramOut.h" 52 #include "paramIn.h" 53 #include "mlmeApi.h" 54 #include "802_11Defs.h" 55 #include "DataCtrl_Api.h" 56 #include "report.h" 57 58 #include "utils.h" 59 60 #include "rsn.h" 61 #include "admCtrl.h" 62 #include "admCtrlWpa.h" 63 #include "admCtrlWpa2.h" 64 65 66 #ifdef EXC_MODULE_INCLUDED 67 #include "admCtrlExc.h" 68 #include "excMngr.h" 69 #endif 70 71 /* Constants */ 72 #define MAX_NETWORK_MODE 2 73 #define MAX_WPA_CIPHER_SUITE 7 74 75 76 /**************************************************************/ 77 /* reduce stack usage (admCtrlWpa_setSite)*/ 78 /**************************************************************/ 79 static paramInfo_t param; 80 static whalParamInfo_t whalParam; 81 static wpaIeData_t gWpaDataIE; 82 /**************************************************************/ 83 84 85 86 /* Enumerations */ 87 88 /* Typedefs */ 89 90 /* Structures */ 91 92 /* External data definitions */ 93 94 /* Local functions definitions */ 95 96 /* Global variables */ 97 98 static UINT8 wpaIeOuiIe[3] = { 0x00, 0x50, 0xf2}; 99 100 static BOOL broadcastCipherSuiteValidity[MAX_NETWORK_MODE][MAX_WPA_CIPHER_SUITE]= 101 { 102 /* RSN_IBSS */ { 103 /* NONE */ FALSE, 104 /* WEP40 */ FALSE, 105 /* TKIP */ TRUE, 106 /* AES_WRAP */ TRUE, 107 /* AES_CCMP */ TRUE, 108 /* WEP104 */ FALSE, 109 /* CKIP */ FALSE}, 110 111 /* RSN_INFRASTRUCTURE */ { 112 /* NONE */ FALSE, 113 /* WEP */ TRUE, 114 /* TKIP */ TRUE, 115 /* AES_WRAP */ TRUE, 116 /* AES_CCMP */ TRUE, 117 /* WEP104 */ TRUE, 118 /* CKIP */ TRUE} 119 }; 120 121 /** WPA admission table. Used to verify admission parameters to an AP */ 122 /* table parameters: 123 Max unicast cipher in the IE 124 Max broadcast cipher in the IE 125 Encryption status 126 */ 127 typedef struct 128 { 129 TI_STATUS status; 130 cipherSuite_e unicast; 131 cipherSuite_e broadcast; 132 UINT8 evaluation; 133 } admCtrlWpa_validity_t; 134 135 static admCtrlWpa_validity_t admCtrlWpa_validityTable[MAX_WPA_CIPHER_SUITE][MAX_WPA_CIPHER_SUITE][MAX_WPA_CIPHER_SUITE] = 136 { 137 /* AP unicast NONE */ { 138 /* AP multicast NONE */ { 139 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 140 /* STA WEP40 */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 141 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 142 /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 143 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 144 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 145 /* AP multicast WEP40 */ { 146 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 147 /* STA WEP40 */ { OK, RSN_CIPHER_NONE, RSN_CIPHER_WEP ,1}, 148 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 149 /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 150 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 151 /* STA WEP104 */{ OK, RSN_CIPHER_NONE, RSN_CIPHER_WEP104 ,1}}, 152 /* AP multicast TKIP */ { 153 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 154 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 155 /* STA TKIP */ { OK, RSN_CIPHER_NONE, RSN_CIPHER_TKIP ,2}, 156 /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 157 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 158 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 159 /* AP multicast WRAP */ { 160 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 161 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 162 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 163 /* STA WRAP */ { OK, RSN_CIPHER_NONE, RSN_CIPHER_AES_WRAP ,3}, 164 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 165 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 166 /* AP multicast CCMP */ { 167 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 168 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 169 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 170 /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 171 /* STA CCMP */ { OK, RSN_CIPHER_NONE, RSN_CIPHER_AES_CCMP ,3}, 172 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 173 /* AP multicast WEP104 */ { 174 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 175 /* STA WEP40 */ { OK, RSN_CIPHER_NONE, RSN_CIPHER_WEP ,1}, 176 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 177 /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 178 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 179 /* STA WEP104 */{ OK, RSN_CIPHER_NONE, RSN_CIPHER_WEP104 ,1}}}, 180 /* AP unicast WEP */ { 181 /* AP multicast NONE */ { 182 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 183 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 184 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 185 /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 186 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 187 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 188 /* AP multicast WEP */ { 189 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 190 /* STA WEP */ { OK, RSN_CIPHER_WEP, RSN_CIPHER_WEP ,1}, 191 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 192 /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 193 /* STA CCMP */ { OK, RSN_CIPHER_WEP, RSN_CIPHER_WEP ,1}, 194 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 195 /* AP multicast TKIP */ { 196 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 197 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 198 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 199 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 200 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 201 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 202 /* AP multicast WRAP */ { 203 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 204 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 205 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 206 /* STA WRAP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 207 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 208 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 209 /* AP multicast CCMP */ { 210 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 211 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 212 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 213 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 214 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 215 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 216 /* AP multicast WEP104 */ { 217 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 218 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 219 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 220 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 221 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 222 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}}, 223 /* AP unicast TKIP */ { 224 /* AP multicast NONE */ { 225 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 226 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 227 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 228 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 229 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 230 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 231 /* AP multicast WEP */ { 232 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 233 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 234 /* STA TKIP */ { OK, RSN_CIPHER_TKIP, RSN_CIPHER_WEP ,4}, 235 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 236 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 237 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 238 /* AP multicast TKIP */ { 239 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 240 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 241 /* STA TKIP */ { OK, RSN_CIPHER_TKIP, RSN_CIPHER_TKIP ,7}, 242 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 243 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 244 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 245 /* AP multicast WRAP */ { 246 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 247 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 248 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 249 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 250 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 251 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 252 /* AP multicast CCMP */ { 253 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 254 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 255 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 256 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 257 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 258 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 259 /* AP multicast WEP104 */ { 260 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 261 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 262 /* STA TKIP */ { OK, RSN_CIPHER_TKIP, RSN_CIPHER_WEP104 ,4}, 263 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 264 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 265 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}}, 266 /* AP unicast AES_WRAP */ { 267 /* AP multicast NONE */ { 268 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 269 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 270 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 271 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 272 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 273 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 274 /* AP multicast WEP40 */ { 275 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 276 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 277 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 278 /* STA AES */ { OK, RSN_CIPHER_AES_WRAP, RSN_CIPHER_WEP ,5}, 279 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 280 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 281 /* AP multicast TKIP */ { 282 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 283 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 284 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 285 /* STA AES */ { OK, RSN_CIPHER_AES_WRAP, RSN_CIPHER_TKIP ,6}, 286 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 287 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 288 /* AP multicast WRAP */ { 289 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 290 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 291 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 292 /* STA AES */ { OK, RSN_CIPHER_AES_WRAP, RSN_CIPHER_AES_WRAP ,8}, 293 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 294 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 295 /* AP multicast CCMP */ { 296 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 297 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 298 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 299 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 300 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 301 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 302 /* AP multicast WEP104 */ { 303 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 304 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 305 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 306 /* STA AES */ { OK, RSN_CIPHER_AES_WRAP, RSN_CIPHER_WEP104 ,5}, 307 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 308 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}}, 309 /* AP unicast AES_CCMP */ { 310 /* AP multicast NONE */ { 311 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 312 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 313 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 314 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 315 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 316 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 317 /* AP multicast WEP */ { 318 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 319 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 320 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 321 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 322 /* STA CCMP */ { OK, RSN_CIPHER_AES_CCMP, RSN_CIPHER_WEP ,5}, 323 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 324 /* AP multicast TKIP */ { 325 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 326 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 327 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 328 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 329 /* STA CCMP */ { OK, RSN_CIPHER_AES_CCMP, RSN_CIPHER_TKIP ,6}, 330 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 331 /* AP multicast WRAP */ { 332 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 333 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 334 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 335 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 336 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 337 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 338 /* AP multicast CCMP */ { 339 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 340 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 341 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 342 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 343 /* STA CCMP */ { OK, RSN_CIPHER_AES_CCMP, RSN_CIPHER_AES_CCMP ,7}, 344 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 345 /* AP multicast WEP */ { 346 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 347 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 348 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 349 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 350 /* STA CCMP */ { OK, RSN_CIPHER_AES_CCMP, RSN_CIPHER_WEP104 ,5}, 351 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}}, 352 /* AP unicast WEP104 */ { 353 /* AP multicast NONE */ { 354 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 355 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 356 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 357 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 358 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 359 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 360 /* AP multicast WEP */ { 361 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 362 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 363 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 364 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 365 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 366 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 367 /* AP multicast TKIP */ { 368 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 369 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 370 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 371 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 372 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 373 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 374 /* AP multicast WRAP */ { 375 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 376 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 377 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 378 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 379 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 380 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 381 /* AP multicast CCMP */ { 382 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 383 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 384 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 385 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 386 /* STA CCMP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 387 /* STA WEP104 */{ NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}}, 388 /* AP multicast WEP104 */ { 389 /* STA NONE */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 390 /* STA WEP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 391 /* STA TKIP */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 392 /* STA AES */ { NOK, RSN_CIPHER_NONE, RSN_CIPHER_NONE ,0}, 393 /* STA CCMP */ { OK, RSN_CIPHER_WEP104, RSN_CIPHER_WEP104 ,1}, 394 /* STA WEP104 */{ OK, RSN_CIPHER_WEP104, RSN_CIPHER_WEP104 ,1}}} 395 396 397 }; 398 399 /* Function prototypes */ 400 TI_STATUS admCtrlWpa_parseIe(admCtrl_t *pAdmCtrl, UINT8 *pWpaIe, wpaIeData_t *pWpaData); 401 UINT16 admCtrlWpa_buildCapabilities(UINT16 replayCnt); 402 UINT32 admCtrlWpa_parseSuiteVal(admCtrl_t *pAdmCtrl, UINT8* suiteVal,wpaIeData_t *pWpaData,UINT32 maxVal); 403 TI_STATUS admCtrlWpa_checkCipherSuiteValidity (cipherSuite_e unicastSuite, cipherSuite_e broadcastSuite, cipherSuite_e encryptionStatus); 404 static TI_STATUS admCtrlWpa_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, BOOL *wpa_802_1x_AkmExists); 405 406 407 /** 408 * 409 * admCtrlWpa_config - Configure EXC admission control. 410 * 411 * \b Description: 412 * 413 * Configure EXC admission control. 414 * 415 * \b ARGS: 416 * 417 * I - pAdmCtrl - context \n 418 * 419 * \b RETURNS: 420 * 421 * OK on success, NOK on failure. 422 * 423 * \sa 424 */ 425 TI_STATUS admCtrlWpa_config(admCtrl_t *pAdmCtrl) 426 { 427 TI_STATUS status; 428 rsn_paeConfig_t paeConfig; 429 430 /* check and set admission control default parameters */ 431 pAdmCtrl->authSuite = RSN_AUTH_OPEN; 432 if (pAdmCtrl->unicastSuite == RSN_CIPHER_NONE) 433 { 434 pAdmCtrl->unicastSuite = RSN_CIPHER_TKIP; 435 } 436 if (pAdmCtrl->broadcastSuite == RSN_CIPHER_NONE) 437 { 438 pAdmCtrl->broadcastSuite = RSN_CIPHER_TKIP; 439 } 440 441 /* set callback functions (API) */ 442 pAdmCtrl->getInfoElement = admCtrlWpa_getInfoElement; 443 pAdmCtrl->setSite = admCtrlWpa_setSite; 444 pAdmCtrl->evalSite = admCtrlWpa_evalSite; 445 446 pAdmCtrl->getPmkidList = admCtrl_nullGetPMKIDlist; 447 pAdmCtrl->setPmkidList = admCtrl_nullSetPMKIDlist; 448 pAdmCtrl->resetPmkidList = admCtrl_resetPMKIDlist; 449 pAdmCtrl->getPreAuthStatus = admCtrl_nullGetPreAuthStatus; 450 pAdmCtrl->startPreAuth = admCtrl_nullStartPreAuth; 451 pAdmCtrl->get802_1x_AkmExists = admCtrlWpa_get802_1x_AkmExists; 452 453 /* set cipher suite */ 454 switch (pAdmCtrl->externalAuthMode) 455 { 456 case RSN_EXT_AUTH_MODE_WPA: 457 case RSN_EXT_AUTH_MODE_WPAPSK: 458 /* The cipher suite should be set by the External source via 459 the Encryption field*/ 460 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X; 461 break; 462 case RSN_EXT_AUTH_MODE_WPANONE: 463 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE; 464 /* Not supported */ 465 default: 466 return NOK; 467 } 468 469 470 paeConfig.authProtocol = pAdmCtrl->externalAuthMode; 471 paeConfig.unicastSuite = pAdmCtrl->unicastSuite; 472 paeConfig.broadcastSuite = pAdmCtrl->broadcastSuite; 473 paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite; 474 /* set default PAE configuration */ 475 status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig); 476 477 return status; 478 } 479 480 481 482 483 TI_STATUS admCtrlWpa_dynamicConfig(admCtrl_t *pAdmCtrl,wpaIeData_t *pWpaData) 484 { 485 TI_STATUS status; 486 rsn_paeConfig_t paeConfig; 487 488 489 /* set callback functions (API) */ 490 pAdmCtrl->getInfoElement = admCtrlWpa_getInfoElement; 491 492 switch (pAdmCtrl->externalAuthMode) 493 { 494 case RSN_EXT_AUTH_MODE_WPA: 495 case RSN_EXT_AUTH_MODE_WPAPSK: 496 /* The cipher suite should be set by the External source via 497 the Encryption field*/ 498 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X; 499 break; 500 case RSN_EXT_AUTH_MODE_WPANONE: 501 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE; 502 /* Not supported */ 503 default: 504 return NOK; 505 } 506 507 508 paeConfig.authProtocol = pAdmCtrl->externalAuthMode; 509 paeConfig.unicastSuite = pWpaData->unicastSuite[0]; 510 paeConfig.broadcastSuite = pWpaData->broadcastSuite; 511 paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite; 512 /* set default PAE configuration */ 513 status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig); 514 515 return status; 516 } 517 518 /** 519 * 520 * admCtrlWpa_getInfoElement - Get the current information element. 521 * 522 * \b Description: 523 * 524 * Get the current information element. 525 * 526 * \b ARGS: 527 * 528 * I - pAdmCtrl - context \n 529 * I - pIe - IE buffer \n 530 * I - pLength - length of IE \n 531 * 532 * \b RETURNS: 533 * 534 * OK on success, NOK on failure. 535 * 536 * \sa 537 */ 538 539 TI_STATUS admCtrlWpa_getInfoElement(admCtrl_t *pAdmCtrl, UINT8 *pIe, UINT8 *pLength) 540 { 541 wpaIePacket_t localWpaPkt; 542 wpaIePacket_t *pWpaIePacket; 543 UINT8 length; 544 #ifdef FOUR_ALIGNMENT 545 UINT16 tempInt; 546 #endif 547 548 if (pIe==NULL) 549 { 550 *pLength = 0; 551 return NOK; 552 } 553 554 555 /* Check validity of WPA IE */ 556 if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][pAdmCtrl->broadcastSuite]) 557 { /* check Group suite validity */ 558 *pLength = 0; 559 return NOK; 560 } 561 562 563 if (pAdmCtrl->unicastSuite == RSN_CIPHER_WEP) 564 { /* check pairwise suite validity */ 565 *pLength = 0; 566 return NOK; 567 } 568 569 /* Build Wpa IE */ 570 pWpaIePacket = &localWpaPkt; 571 os_memoryZero(pAdmCtrl->hOs, pWpaIePacket, sizeof(wpaIePacket_t)); 572 pWpaIePacket->elementid= WPA_IE_ID; 573 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->oui, wpaIeOuiIe, 3); 574 pWpaIePacket->ouiType = WPA_OUI_DEF_TYPE; 575 #ifndef FOUR_ALIGNMENT 576 pWpaIePacket->version = ENDIAN_HANDLE_WORD(WPA_OUI_MAX_VERSION); 577 #else 578 /* required for WinCe, when the pointer is not even */ 579 tempInt = ENDIAN_HANDLE_WORD(WPA_OUI_MAX_VERSION); 580 os_memoryCopy(pAdmCtrl->hOs, (UINT8*)&pWpaIePacket->version, &tempInt, sizeof(pWpaIePacket->version)); 581 #endif 582 583 584 length = sizeof(wpaIePacket_t)-2; 585 /* check defaults */ 586 if (pAdmCtrl->replayCnt==1) 587 { 588 length -= 2; /* 2: capabilities + 4: keyMng suite, 2: keyMng count*/ 589 #if 0 /* The following was removed since there are APs which do no accept 590 the default WPA IE */ 591 if (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA) 592 { 593 length -= 6; /* 2: capabilities + 4: keyMng suite, 2: keyMng count*/ 594 if (pAdmCtrl->unicastSuite == RSN_CIPHER_TKIP) 595 { 596 length -= 6; /* 4: unicast suite, 2: unicast count */ 597 if (pAdmCtrl->broadcastSuite == RSN_CIPHER_TKIP) 598 { 599 length -= 4; /* broadcast suite */ 600 } 601 } 602 } 603 #endif 604 } 605 pWpaIePacket->length = length; 606 *pLength = length+2; 607 608 609 610 if (length>=WPA_IE_MIN_DEFAULT_LENGTH) 611 { /* build Capabilities */ 612 pWpaIePacket->capabilities = ENDIAN_HANDLE_WORD(admCtrlWpa_buildCapabilities(pAdmCtrl->replayCnt)); 613 } 614 615 if (length>=WPA_IE_MIN_KEY_MNG_SUITE_LENGTH(1)) 616 { 617 /* build keyMng suite */ 618 #ifndef FOUR_ALIGNMENT 619 pWpaIePacket->authKeyMngSuiteCnt = ENDIAN_HANDLE_WORD(0x0001); 620 #else 621 /* required for WinCe, when the pointer is not even */ 622 tempInt = ENDIAN_HANDLE_WORD(0x0001); 623 os_memoryCopy (pAdmCtrl->hOs,(UINT8*)&pWpaIePacket->authKeyMngSuiteCnt, &tempInt, sizeof(pWpaIePacket->authKeyMngSuiteCnt)); 624 #endif 625 626 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->authKeyMngSuite, wpaIeOuiIe, 3); 627 628 switch (pAdmCtrl->externalAuthMode) 629 { 630 case RSN_EXT_AUTH_MODE_OPEN: 631 case RSN_EXT_AUTH_MODE_SHARED_KEY: 632 case RSN_EXT_AUTH_MODE_AUTO_SWITCH: 633 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_NONE; 634 break; 635 case RSN_EXT_AUTH_MODE_WPA: 636 { 637 #ifdef EXC_MODULE_INCLUDED 638 UINT8 akmSuite[DOT11_OUI_LEN+1]; 639 640 if (admCtrlExc_getCckmAkm(pAdmCtrl, akmSuite)) 641 { 642 os_memoryCopy(pAdmCtrl->hOs, (PVOID)pWpaIePacket->authKeyMngSuite, akmSuite, DOT11_OUI_LEN+1); 643 } 644 else 645 #endif 646 { 647 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_801_1X; 648 } 649 } 650 651 break; 652 653 case RSN_EXT_AUTH_MODE_WPAPSK: 654 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_PSK_801_1X; 655 break; 656 default: 657 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_NONE; 658 break; 659 } 660 661 } 662 663 664 if (length>=WPA_IE_MIN_PAIRWISE_SUITE_LENGTH) 665 { 666 667 #ifdef EXC_MODULE_INCLUDED 668 if ((pAdmCtrl->pRsn->paeConfig.unicastSuite==RSN_CIPHER_CKIP) || (pAdmCtrl->pRsn->paeConfig.broadcastSuite==RSN_CIPHER_CKIP)) 669 { 670 admCtrlExc_getWpaCipherInfo(pAdmCtrl,pWpaIePacket); 671 } 672 else 673 #endif 674 { 675 676 /* build pairwise suite */ 677 #ifndef FOUR_ALIGNMENT 678 pWpaIePacket->pairwiseSuiteCnt = ENDIAN_HANDLE_WORD(0x0001); 679 #else 680 /* required for WinCe, when the pointer is not even */ 681 tempInt = ENDIAN_HANDLE_WORD(0x0001); 682 os_memoryCopy (pAdmCtrl->hOs,(UINT8*)&pWpaIePacket->pairwiseSuiteCnt, &tempInt, sizeof(pWpaIePacket->pairwiseSuiteCnt)); 683 #endif 684 685 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->pairwiseSuite, wpaIeOuiIe, 3); 686 pWpaIePacket->pairwiseSuite[3] = (UINT8)pAdmCtrl->pRsn->paeConfig.unicastSuite; 687 688 if (length>=WPA_IE_GROUP_SUITE_LENGTH) 689 { /* build group suite */ 690 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->groupSuite, wpaIeOuiIe, 3); 691 pWpaIePacket->groupSuite[3] = (UINT8)pAdmCtrl->pRsn->paeConfig.broadcastSuite; 692 } 693 } 694 } 695 os_memoryCopy(pAdmCtrl->hOs, (UINT8*)pIe, (UINT8*)pWpaIePacket, sizeof(wpaIePacket_t)); 696 return OK; 697 698 } 699 /** 700 * 701 * admCtrlWpa_setSite - Set current primary site parameters for registration. 702 * 703 * \b Description: 704 * 705 * Set current primary site parameters for registration. 706 * 707 * \b ARGS: 708 * 709 * I - pAdmCtrl - context \n 710 * I - pRsnData - site's RSN data \n 711 * O - pAssocIe - result IE of evaluation \n 712 * O - pAssocIeLen - length of result IE of evaluation \n 713 * 714 * \b RETURNS: 715 * 716 * OK on site is aproved, NOK on site is rejected. 717 * 718 * \sa 719 */ 720 TI_STATUS admCtrlWpa_setSite(admCtrl_t *pAdmCtrl, rsnData_t *pRsnData, UINT8 *pAssocIe, UINT8 *pAssocIeLen) 721 { 722 TI_STATUS status; 723 cipherSuite_e encryptionStatus; 724 admCtrlWpa_validity_t *pAdmCtrlWpa_validity=NULL; 725 UINT8 *pWpaIe; 726 UINT8 index; 727 728 *pAssocIeLen = 0; 729 730 if (pRsnData==NULL) 731 { 732 return NOK; 733 } 734 if (pRsnData->pIe==NULL) 735 { 736 /* configure the MLME module with the 802.11 OPEN authentication suite, 737 THe MLME will configure later the authentication module */ 738 param.paramType = MLME_LEGACY_TYPE_PARAM; 739 param.content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM; 740 status = mlme_setParam(pAdmCtrl->hMlme, ¶m); 741 if (status != OK) 742 { 743 return status; 744 } 745 746 return OK; 747 } 748 749 #ifdef EXC_MODULE_INCLUDED 750 /* Check if Aironet IE exists */ 751 admCtrlExc_setExtendedParams(pAdmCtrl, pRsnData); 752 #endif /*EXC_MODULE_INCLUDED*/ 753 754 /* Check if any-WPA mode is supported and WPA2 info elem is presented */ 755 /* If yes - perform WPA2 set site procedure */ 756 if(pAdmCtrl->WPAMixedModeEnable && pAdmCtrl->WPAPromoteFlags) 757 { 758 if((admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, RSN_IE_ID)== OK) && 759 (pWpaIe != NULL)) 760 { 761 status = admCtrlWpa2_setSite(pAdmCtrl, pRsnData, pAssocIe, pAssocIeLen); 762 if(status == OK) 763 return status; 764 } 765 } 766 767 status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, WPA_IE_ID); 768 if (status != OK) 769 { 770 return status; 771 } 772 status = admCtrlWpa_parseIe(pAdmCtrl, pWpaIe, &gWpaDataIE); 773 if (status != OK) 774 { 775 return status; 776 } 777 if ((gWpaDataIE.unicastSuite[0]>=MAX_WPA_CIPHER_SUITE) || 778 (gWpaDataIE.broadcastSuite>=MAX_WPA_CIPHER_SUITE) || 779 (pAdmCtrl->unicastSuite>=MAX_WPA_CIPHER_SUITE)) 780 { 781 return NOK; 782 } 783 784 pAdmCtrl->encrInSw = gWpaDataIE.excKp; 785 pAdmCtrl->micInSw = gWpaDataIE.excMic; 786 787 /*Because ckip is a proprietary encryption for Cisco then a different validity check is needed */ 788 if(gWpaDataIE.broadcastSuite == RSN_CIPHER_CKIP || gWpaDataIE.unicastSuite[0] == RSN_CIPHER_CKIP) 789 { 790 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 791 /*Funk supplicant can support CCKM only if it configures the driver to TKIP encryption. */ 792 if (encryptionStatus != RSN_CIPHER_TKIP) 793 return NOK; 794 if (pAdmCtrl->encrInSw) 795 pAdmCtrl->excSupport = TRUE; 796 } 797 else 798 { 799 /* Check validity of Group suite */ 800 if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][gWpaDataIE.broadcastSuite]) 801 { /* check Group suite validity */ 802 return NOK; 803 } 804 805 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 806 for (index=0; index<gWpaDataIE.unicastSuiteCnt; index++) 807 { 808 pAdmCtrlWpa_validity = &admCtrlWpa_validityTable[gWpaDataIE.unicastSuite[index]][gWpaDataIE.broadcastSuite][encryptionStatus]; 809 if (pAdmCtrlWpa_validity->status ==OK) 810 { 811 break; 812 } 813 } 814 815 if (pAdmCtrlWpa_validity->status !=OK) 816 { 817 return pAdmCtrlWpa_validity->status; 818 } 819 820 /* set cipher suites */ 821 gWpaDataIE.unicastSuite[0] = pAdmCtrlWpa_validity->unicast ;/*wpaData.unicastSuite[0];*/ 822 gWpaDataIE.broadcastSuite = pAdmCtrlWpa_validity->broadcast; /*wpaData.broadcastSuite;*/ 823 } 824 /* set external auth mode according to the key Mng Suite */ 825 switch (gWpaDataIE.KeyMngSuite[0]) 826 { 827 case WPA_IE_KEY_MNG_NONE: 828 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_OPEN; 829 break; 830 case WPA_IE_KEY_MNG_801_1X: 831 #ifdef EXC_MODULE_INCLUDED 832 case WPA_IE_KEY_MNG_CCKM: 833 #endif 834 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPA; 835 break; 836 case WPA_IE_KEY_MNG_PSK_801_1X: 837 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPAPSK; 838 break; 839 default: 840 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_OPEN; 841 break; 842 } 843 844 845 846 #ifdef EXC_MODULE_INCLUDED 847 param.paramType = EXC_CCKM_EXISTS; 848 param.content.excCckmExists = (gWpaDataIE.KeyMngSuite[0]==WPA_IE_KEY_MNG_CCKM) ? TRUE : FALSE; 849 excMngr_setParam(pAdmCtrl->hExcMngr, ¶m); 850 #endif 851 /* set replay counter */ 852 pAdmCtrl->replayCnt = gWpaDataIE.replayCounters; 853 854 *pAssocIeLen = pRsnData->ieLen; 855 if (pAssocIe != NULL) 856 { 857 os_memoryCopy(pAdmCtrl->hOs, pAssocIe, &gWpaDataIE, sizeof(wpaIeData_t)); 858 } 859 860 861 /* Now we configure the MLME module with the 802.11 legacy authentication suite, 862 THe MLME will configure later the authentication module */ 863 param.paramType = MLME_LEGACY_TYPE_PARAM; 864 #ifdef EXC_MODULE_INCLUDED 865 if (pAdmCtrl->networkEapMode!=OS_EXC_NETWORK_EAP_OFF) 866 { 867 param.content.mlmeLegacyAuthType = AUTH_LEGACY_RESERVED1; 868 } 869 else 870 #endif 871 { 872 param.content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM; 873 } 874 875 876 status = mlme_setParam(pAdmCtrl->hMlme, ¶m); 877 if (status != OK) 878 { 879 return status; 880 } 881 882 param.paramType = RX_DATA_EAPOL_DESTINATION_PARAM; 883 param.content.rxDataEapolDestination = OS_ABS_LAYER; 884 status = rxData_setParam(pAdmCtrl->hRx, ¶m); 885 if (status != OK) 886 { 887 return status; 888 } 889 890 /* Configure privacy status in HAL so that HW is prepared to recieve keys */ 891 whalParam.paramType = HAL_CTRL_RSN_SECURITY_MODE_PARAM; 892 whalParam.content.rsnEncryptionStatus = (halCtrl_CipherSuite_e)gWpaDataIE.unicastSuite[0]; 893 status = whalCtrl_SetParam(pAdmCtrl->pRsn->hWhalCtrl, &whalParam); 894 if (status != OK) 895 { 896 return status; 897 } 898 899 #ifdef EXC_MODULE_INCLUDED 900 901 /* set MIC and KP in HAL */ 902 whalParam.paramType = HAL_CTRL_RSN_EXC_SW_ENC_ENABLE_PARAM; 903 whalParam.content.rsnExcSwEncFlag = gWpaDataIE.excKp; 904 status = whalCtrl_SetParam(pAdmCtrl->pRsn->hWhalCtrl, &whalParam); 905 if (status != OK) 906 { 907 return status; 908 } 909 whalParam.paramType = HAL_CTRL_RSN_EXC_MIC_FIELD_ENABLE_PARAM; 910 whalParam.content.rsnExcMicFieldFlag = gWpaDataIE.excMic; 911 status = whalCtrl_SetParam(pAdmCtrl->pRsn->hWhalCtrl, &whalParam); 912 913 if (status != OK) 914 { 915 return status; 916 } 917 #endif /*EXC_MODULE_INCLUDED*/ 918 919 /* re-config PAE */ 920 status = admCtrlWpa_dynamicConfig(pAdmCtrl,&gWpaDataIE); 921 if (status != OK) 922 { 923 return status; 924 } 925 926 927 return status; 928 } 929 930 /** 931 * 932 * admCtrlWpa_evalSite - Evaluate site for registration. 933 * 934 * \b Description: 935 * 936 * evaluate site RSN capabilities against the station's cap. 937 * If the BSS type is infrastructure, the station matches the site only if it's WEP status is same as the site 938 * In IBSS, it does not matter 939 * 940 * \b ARGS: 941 * 942 * I - pAdmCtrl - Context \n 943 * I - pRsnData - site's RSN data \n 944 * O - pEvaluation - Result of evaluation \n 945 * 946 * \b RETURNS: 947 * 948 * OK 949 * 950 * \sa 951 */ 952 TI_STATUS admCtrlWpa_evalSite(admCtrl_t *pAdmCtrl, rsnData_t *pRsnData, bssType_e bssType, UINT32 *pEvaluation) 953 { 954 TI_STATUS status; 955 wpaIeData_t wpaData; 956 admCtrlWpa_validity_t admCtrlWpa_validity; 957 cipherSuite_e encryptionStatus; 958 UINT8 *pWpaIe; 959 UINT8 index; 960 961 *pEvaluation = 0; 962 963 if (pRsnData==NULL) 964 { 965 return NOK; 966 } 967 if (pRsnData->pIe==NULL) 968 { 969 return NOK; 970 } 971 972 if (bssType != BSS_INFRASTRUCTURE) 973 { 974 return NOK; 975 } 976 977 /* Set initial values for admCtrlWpa_validity as none*/ 978 admCtrlWpa_validity = admCtrlWpa_validityTable[RSN_CIPHER_NONE][RSN_CIPHER_NONE][RSN_CIPHER_NONE]; 979 980 /* Check if WPA-any mode is supported and WPA2 info elem is presented */ 981 /* If yes - perform WPA2 site evaluation */ 982 if(pAdmCtrl->WPAMixedModeEnable && pAdmCtrl->WPAPromoteFlags) 983 { 984 if((admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, RSN_IE_ID)== OK) && 985 (pWpaIe != NULL)) 986 { 987 status = admCtrlWpa2_evalSite(pAdmCtrl, pRsnData, bssType, pEvaluation); 988 if(status == OK) 989 return status; 990 } 991 } 992 993 status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, WPA_IE_ID); 994 if (status != OK) 995 { 996 return status; 997 } 998 status = admCtrlWpa_parseIe(pAdmCtrl, pWpaIe, &wpaData); 999 if (status != OK) 1000 { 1001 return status; 1002 } 1003 1004 /* check keyMngSuite validity */ 1005 switch (wpaData.KeyMngSuite[0]) 1006 { 1007 case WPA_IE_KEY_MNG_NONE: 1008 status = (pAdmCtrl->externalAuthMode <= RSN_EXT_AUTH_MODE_AUTO_SWITCH) ? OK : NOK; 1009 break; 1010 case WPA_IE_KEY_MNG_801_1X: 1011 #ifdef EXC_MODULE_INCLUDED 1012 case WPA_IE_KEY_MNG_CCKM: 1013 /* CCKM is allowed only in 802.1x auth */ 1014 #endif 1015 status = (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA) ? OK : NOK; 1016 break; 1017 case WPA_IE_KEY_MNG_PSK_801_1X: 1018 status = (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPAPSK) ? OK : NOK; 1019 break; 1020 default: 1021 status = NOK; 1022 break; 1023 } 1024 if (status != OK) 1025 { 1026 return status; 1027 } 1028 1029 /*Because ckip is a proprietary encryption for Cisco then a different validity check is needed */ 1030 if(wpaData.broadcastSuite == RSN_CIPHER_CKIP || wpaData.unicastSuite[0] == RSN_CIPHER_CKIP) 1031 { 1032 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 1033 if (encryptionStatus != RSN_CIPHER_TKIP) 1034 return NOK; 1035 } 1036 else 1037 { 1038 /* Check cipher suite validity */ 1039 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 1040 for (index=0; index<wpaData.unicastSuiteCnt; index++) 1041 { 1042 admCtrlWpa_validity = admCtrlWpa_validityTable[wpaData.unicastSuite[index]][wpaData.broadcastSuite][encryptionStatus]; 1043 if (admCtrlWpa_validity.status ==OK) 1044 { 1045 break; 1046 } 1047 } 1048 1049 if (admCtrlWpa_validity.status!=OK) 1050 { 1051 return admCtrlWpa_validity.status; 1052 } 1053 1054 wpaData.broadcastSuite = admCtrlWpa_validity.broadcast; 1055 wpaData.unicastSuite[0] = admCtrlWpa_validity.unicast; 1056 *pEvaluation = admCtrlWpa_validity.evaluation; 1057 } 1058 1059 /* Check privacy bit if not in mixed mode */ 1060 if (!pAdmCtrl->mixedMode) 1061 { /* There's no mixed mode, so make sure that the privacy Bit matches the privacy mode*/ 1062 if (((pRsnData->privacy) && (wpaData.unicastSuite[0]==RSN_CIPHER_NONE)) || 1063 ((!pRsnData->privacy) && (wpaData.unicastSuite[0]>RSN_CIPHER_NONE))) 1064 { 1065 *pEvaluation = 0; 1066 } 1067 } 1068 1069 /* always return OK */ 1070 return OK; 1071 } 1072 1073 1074 /** 1075 * 1076 * admCtrlWpa_parseIe - Parse an WPA information element. 1077 * 1078 * \b Description: 1079 * 1080 * Parse an WPA information element. 1081 * Builds a structure of the unicast adn broadcast cihper suites, 1082 * the key management suite and the capabilities. 1083 * 1084 * \b ARGS: 1085 * 1086 * I - pAdmCtrl - pointer to admCtrl context 1087 * I - pWpaIe - pointer to WPA IE buffer \n 1088 * O - pWpaData - capabilities structure 1089 * 1090 * 1091 * \b RETURNS: 1092 * 1093 * OK on success, NOK on failure. 1094 * 1095 * \sa 1096 */ 1097 TI_STATUS admCtrlWpa_parseIe(admCtrl_t *pAdmCtrl, UINT8 *pWpaIe, wpaIeData_t *pWpaData) 1098 { 1099 1100 wpaIePacket_t *wpaIePacket = (wpaIePacket_t*)pWpaIe; 1101 UINT8 *curWpaIe; 1102 UINT8 curLength = WPA_IE_MIN_LENGTH; 1103 1104 WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG, 1105 ("Wpa_IE: DEBUG: admCtrlWpa_parseIe\n\n")); 1106 1107 if ((pWpaData == NULL) || (pWpaIe == NULL)) 1108 { 1109 return NOK; 1110 } 1111 1112 if ((wpaIePacket->length < WPA_IE_MIN_LENGTH) || 1113 (wpaIePacket->elementid != WPA_IE_ID) || 1114 (wpaIePacket->ouiType > WPA_OUI_MAX_TYPE) || (ENDIAN_HANDLE_WORD(wpaIePacket->version) > WPA_OUI_MAX_VERSION) || 1115 (os_memoryCompare(pAdmCtrl->hOs, (PUINT8)wpaIePacket->oui, wpaIeOuiIe, 3))) 1116 { 1117 WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG, 1118 ("Wpa_ParseIe Error: length=0x%x, elementid=0x%x, ouiType=0x%x, version=0x%x, oui=0x%x, 0x%x, 0x%x\n", 1119 wpaIePacket->length,wpaIePacket->elementid, 1120 wpaIePacket->ouiType, wpaIePacket->version, 1121 wpaIePacket->oui[0], wpaIePacket->oui[1],wpaIePacket->oui[2])); 1122 1123 return NOK; 1124 } 1125 /* Set default values */ 1126 pWpaData->broadcastSuite = RSN_CIPHER_TKIP; 1127 pWpaData->unicastSuiteCnt = 1; 1128 pWpaData->unicastSuite[0] = RSN_CIPHER_TKIP; 1129 pWpaData->KeyMngSuiteCnt = 1; 1130 pWpaData->KeyMngSuite[0] = (rsn_keyMngSuite_e)WPA_IE_KEY_MNG_801_1X; 1131 pWpaData->bcastForUnicatst = 1; 1132 pWpaData->replayCounters = 1; 1133 1134 pWpaData->excKp = FALSE; 1135 pWpaData->excMic = FALSE; 1136 1137 1138 /* Group Suite */ 1139 if (wpaIePacket->length >= WPA_IE_GROUP_SUITE_LENGTH) 1140 { 1141 pWpaData->broadcastSuite = (cipherSuite_e)admCtrlWpa_parseSuiteVal(pAdmCtrl, (UINT8 *)wpaIePacket->groupSuite,pWpaData,RSN_CIPHER_WEP104); 1142 curLength = WPA_IE_GROUP_SUITE_LENGTH; 1143 WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG, 1144 ("Wpa_IE: GroupSuite%x, broadcast %x \n", 1145 wpaIePacket->groupSuite[3], pWpaData->broadcastSuite)); 1146 } else 1147 { 1148 return OK; 1149 } 1150 /* Unicast Suite */ 1151 if (wpaIePacket->length >= WPA_IE_MIN_PAIRWISE_SUITE_LENGTH) 1152 { 1153 UINT16 pairWiseSuiteCnt = ENDIAN_HANDLE_WORD(wpaIePacket->pairwiseSuiteCnt); 1154 BOOL cipherSuite[MAX_WPA_UNICAST_SUITES]={FALSE, FALSE, FALSE, FALSE, FALSE, FALSE , FALSE}; 1155 INT32 index, unicastSuiteIndex=0; 1156 1157 curWpaIe = (UINT8*)&(wpaIePacket->pairwiseSuite); 1158 for (index=0; (index<pairWiseSuiteCnt) && (wpaIePacket->length >= (WPA_IE_MIN_PAIRWISE_SUITE_LENGTH+(index+1)*4)); index++) 1159 { 1160 cipherSuite_e curCipherSuite; 1161 1162 curCipherSuite = (cipherSuite_e)admCtrlWpa_parseSuiteVal(pAdmCtrl, curWpaIe,pWpaData,RSN_CIPHER_WEP104); 1163 WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG, 1164 ("Wpa_IE: pairwiseSuite %x , unicast %x \n", 1165 curWpaIe[3], curCipherSuite)); 1166 1167 if ((curCipherSuite!=RSN_CIPHER_UNKNOWN) && (curCipherSuite<MAX_WPA_UNICAST_SUITES)) 1168 { 1169 cipherSuite[curCipherSuite] = TRUE; 1170 } 1171 curWpaIe +=4; 1172 } 1173 for (index=MAX_WPA_UNICAST_SUITES-1; index>=0; index--) 1174 { 1175 if (cipherSuite[index]) 1176 { 1177 pWpaData->unicastSuite[unicastSuiteIndex] = (cipherSuite_e)index; 1178 WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG, 1179 ("Wpa_IE: unicast %x \n", pWpaData->unicastSuite[unicastSuiteIndex])); 1180 unicastSuiteIndex++; 1181 } 1182 } 1183 pWpaData->unicastSuiteCnt = unicastSuiteIndex; 1184 curLength = WPA_IE_MIN_KEY_MNG_SUITE_LENGTH(pairWiseSuiteCnt); 1185 1186 } else 1187 { 1188 return OK; 1189 } 1190 /* KeyMng Suite */ 1191 if (wpaIePacket->length >= curLength) 1192 { 1193 UINT16 keyMngSuiteCnt = ENDIAN_HANDLE_WORD(*curWpaIe); 1194 UINT16 index; 1195 rsn_keyMngSuite_e maxKeyMngSuite = (rsn_keyMngSuite_e)WPA_IE_KEY_MNG_NONE; 1196 1197 curWpaIe +=2; 1198 pAdmCtrl->wpaAkmExists = FALSE; 1199 for (index=0; (index<keyMngSuiteCnt) && (wpaIePacket->length >= (curLength+index*4)); index++) 1200 { 1201 rsn_keyMngSuite_e curKeyMngSuite; 1202 1203 #ifdef EXC_MODULE_INCLUDED 1204 curKeyMngSuite = (rsn_keyMngSuite_e)admCtrlExc_parseCckmSuiteVal(pAdmCtrl, curWpaIe); 1205 if (curKeyMngSuite == WPA_IE_KEY_MNG_CCKM) 1206 { /* CCKM is the maximum AKM */ 1207 maxKeyMngSuite = curKeyMngSuite; 1208 } 1209 else 1210 #endif 1211 { 1212 curKeyMngSuite = (rsn_keyMngSuite_e)admCtrlWpa_parseSuiteVal(pAdmCtrl, curWpaIe,pWpaData,WPA_IE_KEY_MNG_PSK_801_1X); 1213 } 1214 WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG, 1215 ("Wpa_IE: authKeyMng %x , keyMng %x \n", 1216 curWpaIe[3], curKeyMngSuite)); 1217 1218 if ((curKeyMngSuite>maxKeyMngSuite) && (curKeyMngSuite!=WPA_IE_KEY_MNG_NA) 1219 && (curKeyMngSuite!=WPA_IE_KEY_MNG_CCKM)) 1220 { 1221 maxKeyMngSuite = curKeyMngSuite; 1222 } 1223 if (curKeyMngSuite==WPA_IE_KEY_MNG_801_1X) 1224 { /* If 2 AKM exist, save also the second priority */ 1225 pAdmCtrl->wpaAkmExists = TRUE; 1226 } 1227 1228 curWpaIe +=4; 1229 } 1230 pWpaData->KeyMngSuite[0] = maxKeyMngSuite; 1231 curLength += (index-1)*4; 1232 WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG, 1233 ("Wpa_IE: keyMng %x \n", pWpaData->KeyMngSuite[0])); 1234 1235 } else 1236 { 1237 return OK; 1238 } 1239 /* Parse capabilities */ 1240 if (wpaIePacket->length >= (curLength+2)) 1241 { 1242 UINT16 capabilities = ENDIAN_HANDLE_WORD(*((UINT16 *)curWpaIe)); 1243 1244 pWpaData->bcastForUnicatst = (capabilities & WPA_GROUP_4_UNICAST_CAPABILITY_MASK) >> WPA_REPLAY_GROUP4UNI_CAPABILITY_SHIFT; 1245 pWpaData->replayCounters = (capabilities & WPA_REPLAY_COUNTERS_CAPABILITY_MASK) >> WPA_REPLAY_COUNTERS_CAPABILITY_SHIFT; 1246 switch (pWpaData->replayCounters) 1247 { 1248 case 0: pWpaData->replayCounters=1; 1249 break; 1250 case 1: pWpaData->replayCounters=2; 1251 break; 1252 case 2: pWpaData->replayCounters=4; 1253 break; 1254 case 3: pWpaData->replayCounters=16; 1255 break; 1256 default: pWpaData->replayCounters=0; 1257 break; 1258 } 1259 WLAN_REPORT_INFORMATION(pAdmCtrl->hReport, RSN_MODULE_LOG, 1260 ("Wpa_IE: capabilities %x, bcastForUnicatst %x, replayCounters %x\n", 1261 capabilities, pWpaData->bcastForUnicatst, pWpaData->replayCounters)); 1262 1263 } 1264 1265 1266 return OK; 1267 1268 } 1269 1270 1271 UINT16 admCtrlWpa_buildCapabilities(UINT16 replayCnt) 1272 { 1273 UINT16 capabilities=0; 1274 /* Bit1: group key for unicast */ 1275 capabilities = 0; 1276 capabilities = capabilities << WPA_REPLAY_GROUP4UNI_CAPABILITY_SHIFT; 1277 /* Bits 2&3: Replay counter */ 1278 switch (replayCnt) 1279 { 1280 case 1: replayCnt=0; 1281 break; 1282 case 2: replayCnt=1; 1283 break; 1284 case 4: replayCnt=2; 1285 break; 1286 case 16: replayCnt=3; 1287 break; 1288 default: replayCnt=0; 1289 break; 1290 } 1291 1292 capabilities |= replayCnt << WPA_REPLAY_COUNTERS_CAPABILITY_SHIFT; 1293 return capabilities; 1294 1295 } 1296 1297 1298 UINT32 admCtrlWpa_parseSuiteVal(admCtrl_t *pAdmCtrl, UINT8* suiteVal, wpaIeData_t *pWpaData, UINT32 maxVal) 1299 { 1300 UINT32 suite; 1301 1302 if ((pAdmCtrl==NULL) || (suiteVal==NULL)) 1303 { 1304 return RSN_CIPHER_UNKNOWN; 1305 } 1306 if (!os_memoryCompare(pAdmCtrl->hOs, suiteVal, wpaIeOuiIe, 3)) 1307 { 1308 suite = (cipherSuite_e)((suiteVal[3]<=maxVal) ? suiteVal[3] : RSN_CIPHER_UNKNOWN); 1309 } else 1310 { 1311 #ifdef EXC_MODULE_INCLUDED 1312 suite = admCtrlExc_WpaParseSuiteVal(pAdmCtrl,suiteVal,pWpaData); 1313 #else 1314 suite = RSN_CIPHER_UNKNOWN; 1315 #endif 1316 } 1317 return suite; 1318 } 1319 1320 1321 TI_STATUS admCtrlWpa_checkCipherSuiteValidity (cipherSuite_e unicastSuite, cipherSuite_e broadcastSuite, cipherSuite_e encryptionStatus) 1322 { 1323 cipherSuite_e maxCipher; 1324 1325 maxCipher = (unicastSuite>=broadcastSuite) ? unicastSuite : broadcastSuite ; 1326 if (maxCipher != encryptionStatus) 1327 { 1328 return NOK; 1329 } 1330 if ((unicastSuite != RSN_CIPHER_NONE) && (broadcastSuite>unicastSuite)) 1331 { 1332 return NOK; 1333 } 1334 return OK; 1335 } 1336 1337 static TI_STATUS admCtrlWpa_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, BOOL *wpa_802_1x_AkmExists) 1338 { 1339 *wpa_802_1x_AkmExists = pAdmCtrl->wpaAkmExists; 1340 return OK; 1341 } 1342 1343 1344 1345