1 /* 2 * admCtrlWpa.c 3 * 4 * Copyright(c) 1998 - 2009 Texas Instruments. All rights reserved. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * * Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * * Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * * Neither the name Texas Instruments nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 /** \file admCtrl.c 35 * \brief Admission control API implimentation 36 * 37 * \see admCtrl.h 38 */ 39 40 /**************************************************************************** 41 * * 42 * MODULE: Admission Control * 43 * PURPOSE: Admission Control Module API * 44 * * 45 ****************************************************************************/ 46 47 #define __FILE_ID__ FILE_ID_19 48 #include "osApi.h" 49 #include "paramOut.h" 50 #include "mlmeApi.h" 51 #include "802_11Defs.h" 52 #include "DataCtrl_Api.h" 53 #include "report.h" 54 #include "rsn.h" 55 #include "admCtrl.h" 56 #include "admCtrlWpa.h" 57 #include "admCtrlWpa2.h" 58 #ifdef XCC_MODULE_INCLUDED 59 #include "admCtrlXCC.h" 60 #include "XCCMngr.h" 61 #endif 62 #include "siteMgrApi.h" 63 #include "TWDriver.h" 64 65 /* Constants */ 66 #define MAX_NETWORK_MODE 2 67 #define MAX_WPA_CIPHER_SUITE 7 68 69 70 71 /* Enumerations */ 72 73 /* Typedefs */ 74 75 /* Structures */ 76 77 /* External data definitions */ 78 79 /* Local functions definitions */ 80 81 /* Global variables */ 82 83 static TI_UINT8 wpaIeOuiIe[3] = { 0x00, 0x50, 0xf2}; 84 85 static TI_BOOL broadcastCipherSuiteValidity[MAX_NETWORK_MODE][MAX_WPA_CIPHER_SUITE]= 86 { 87 /* RSN_IBSS */ { 88 /* NONE */ TI_FALSE, 89 /* WEP40 */ TI_FALSE, 90 /* TKIP */ TI_TRUE, 91 /* AES_WRAP */ TI_TRUE, 92 /* AES_CCMP */ TI_TRUE, 93 /* WEP104 */ TI_FALSE, 94 /* CKIP */ TI_FALSE}, 95 96 /* RSN_INFRASTRUCTURE */ { 97 /* NONE */ TI_FALSE, 98 /* WEP */ TI_TRUE, 99 /* TKIP */ TI_TRUE, 100 /* AES_WRAP */ TI_TRUE, 101 /* AES_CCMP */ TI_TRUE, 102 /* WEP104 */ TI_TRUE, 103 /* CKIP */ TI_TRUE} 104 }; 105 106 /** WPA admission table. Used to verify admission parameters to an AP */ 107 /* table parameters: 108 Max unicast cipher in the IE 109 Max broadcast cipher in the IE 110 Encryption status 111 */ 112 typedef struct 113 { 114 TI_STATUS status; 115 ECipherSuite unicast; 116 ECipherSuite broadcast; 117 TI_UINT8 evaluation; 118 } admCtrlWpa_validity_t; 119 120 static admCtrlWpa_validity_t admCtrlWpa_validityTable[MAX_WPA_CIPHER_SUITE][MAX_WPA_CIPHER_SUITE][MAX_WPA_CIPHER_SUITE] = 121 { 122 /* AP unicast NONE */ { 123 /* AP multicast NONE */ { 124 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 125 /* STA WEP40 */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 126 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 127 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 128 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 129 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 130 /* AP multicast WEP40 */ { 131 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 132 /* STA WEP40 */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP ,1}, 133 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 134 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 135 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 136 /* STA WEP104 */{ TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP104 ,1}}, 137 /* AP multicast TKIP */ { 138 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 139 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 140 /* STA TKIP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_TKIP ,2}, 141 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 142 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 143 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 144 /* AP multicast WRAP */ { 145 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 146 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 147 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 148 /* STA WRAP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_AES_WRAP ,3}, 149 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 150 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 151 /* AP multicast CCMP */ { 152 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 153 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 154 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 155 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 156 /* STA CCMP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_AES_CCMP ,3}, 157 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 158 /* AP multicast WEP104 */ { 159 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 160 /* STA WEP40 */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP ,1}, 161 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 162 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 163 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 164 /* STA WEP104 */{ TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP104 ,1}}}, 165 /* AP unicast WEP */ { 166 /* AP multicast NONE */ { 167 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 168 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 169 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 170 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 171 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 172 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 173 /* AP multicast WEP */ { 174 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 175 /* STA WEP */ { TI_OK, TWD_CIPHER_WEP, TWD_CIPHER_WEP ,1}, 176 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 177 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 178 /* STA CCMP */ { TI_OK, TWD_CIPHER_WEP, TWD_CIPHER_WEP ,1}, 179 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 180 /* AP multicast TKIP */ { 181 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 182 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 183 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 184 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 185 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 186 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 187 /* AP multicast WRAP */ { 188 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 189 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 190 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 191 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 192 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 193 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 194 /* AP multicast CCMP */ { 195 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 196 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 197 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 198 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 199 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 200 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 201 /* AP multicast WEP104 */ { 202 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 203 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 204 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 205 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 206 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 207 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}}, 208 /* AP unicast TKIP */ { 209 /* AP multicast NONE */ { 210 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 211 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 212 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 213 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 214 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 215 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 216 /* AP multicast WEP */ { 217 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 218 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 219 /* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_WEP ,4}, 220 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 221 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 222 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 223 /* AP multicast TKIP */ { 224 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 225 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 226 /* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_TKIP ,7}, 227 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 228 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 229 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 230 /* AP multicast WRAP */ { 231 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 232 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 233 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 234 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 235 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 236 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 237 /* AP multicast CCMP */ { 238 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 239 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 240 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 241 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 242 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 243 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 244 /* AP multicast WEP104 */ { 245 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 246 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 247 /* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_WEP104 ,4}, 248 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 249 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 250 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}}, 251 /* AP unicast AES_WRAP */ { 252 /* AP multicast NONE */ { 253 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 254 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 255 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 256 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 257 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 258 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 259 /* AP multicast WEP40 */ { 260 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 261 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 262 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 263 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_WEP ,5}, 264 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 265 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 266 /* AP multicast TKIP */ { 267 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 268 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 269 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 270 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_TKIP ,6}, 271 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 272 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 273 /* AP multicast WRAP */ { 274 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 275 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 276 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 277 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_AES_WRAP ,8}, 278 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 279 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 280 /* AP multicast CCMP */ { 281 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 282 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 283 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 284 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 285 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 286 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 287 /* AP multicast WEP104 */ { 288 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 289 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 290 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 291 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_WEP104 ,5}, 292 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 293 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}}, 294 /* AP unicast AES_CCMP */ { 295 /* AP multicast NONE */ { 296 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 297 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 298 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 299 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 300 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 301 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 302 /* AP multicast WEP */ { 303 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 304 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 305 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 306 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 307 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_WEP ,5}, 308 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 309 /* AP multicast TKIP */ { 310 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 311 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 312 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 313 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 314 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_TKIP ,6}, 315 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 316 /* AP multicast WRAP */ { 317 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 318 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 319 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 320 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 321 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 322 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 323 /* AP multicast CCMP */ { 324 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 325 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 326 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 327 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 328 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_AES_CCMP ,7}, 329 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 330 /* AP multicast WEP */ { 331 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 332 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 333 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 334 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 335 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_WEP104 ,5}, 336 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}}, 337 /* AP unicast WEP104 */ { 338 /* AP multicast NONE */ { 339 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 340 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 341 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 342 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 343 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 344 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 345 /* AP multicast WEP */ { 346 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 347 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 348 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 349 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 350 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 351 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 352 /* AP multicast TKIP */ { 353 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 354 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 355 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 356 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 357 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 358 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 359 /* AP multicast WRAP */ { 360 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 361 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 362 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 363 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 364 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 365 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 366 /* AP multicast CCMP */ { 367 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 368 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 369 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 370 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 371 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 372 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 373 /* AP multicast WEP104 */ { 374 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 375 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 376 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 377 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 378 /* STA CCMP */ { TI_OK, TWD_CIPHER_WEP104, TWD_CIPHER_WEP104 ,1}, 379 /* STA WEP104 */{ TI_OK, TWD_CIPHER_WEP104, TWD_CIPHER_WEP104 ,1}}} 380 381 382 }; 383 384 /* Function prototypes */ 385 TI_STATUS admCtrlWpa_parseIe(admCtrl_t *pAdmCtrl, TI_UINT8 *pWpaIe, wpaIeData_t *pWpaData); 386 TI_UINT16 admCtrlWpa_buildCapabilities(TI_UINT16 replayCnt); 387 TI_UINT32 admCtrlWpa_parseSuiteVal(admCtrl_t *pAdmCtrl, TI_UINT8* suiteVal,wpaIeData_t *pWpaData,TI_UINT32 maxVal); 388 TI_STATUS admCtrlWpa_checkCipherSuiteValidity (ECipherSuite unicastSuite, ECipherSuite broadcastSuite, ECipherSuite encryptionStatus); 389 static TI_STATUS admCtrlWpa_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, TI_BOOL *wpa_802_1x_AkmExists); 390 391 392 /** 393 * 394 * admCtrlWpa_config - Configure XCC admission control. 395 * 396 * \b Description: 397 * 398 * Configure XCC admission control. 399 * 400 * \b ARGS: 401 * 402 * I - pAdmCtrl - context \n 403 * 404 * \b RETURNS: 405 * 406 * TI_OK on success, TI_NOK on failure. 407 * 408 * \sa 409 */ 410 TI_STATUS admCtrlWpa_config(admCtrl_t *pAdmCtrl) 411 { 412 TI_STATUS status; 413 TRsnPaeConfig paeConfig; 414 415 /* check and set admission control default parameters */ 416 pAdmCtrl->authSuite = RSN_AUTH_OPEN; 417 if (pAdmCtrl->unicastSuite == TWD_CIPHER_NONE) 418 { 419 pAdmCtrl->unicastSuite = TWD_CIPHER_TKIP; 420 } 421 if (pAdmCtrl->broadcastSuite == TWD_CIPHER_NONE) 422 { 423 pAdmCtrl->broadcastSuite = TWD_CIPHER_TKIP; 424 } 425 426 /* set callback functions (API) */ 427 pAdmCtrl->getInfoElement = admCtrlWpa_getInfoElement; 428 pAdmCtrl->setSite = admCtrlWpa_setSite; 429 pAdmCtrl->evalSite = admCtrlWpa_evalSite; 430 431 pAdmCtrl->getPmkidList = admCtrl_nullGetPMKIDlist; 432 pAdmCtrl->setPmkidList = admCtrl_nullSetPMKIDlist; 433 pAdmCtrl->resetPmkidList = admCtrl_resetPMKIDlist; 434 pAdmCtrl->getPreAuthStatus = admCtrl_nullGetPreAuthStatus; 435 pAdmCtrl->startPreAuth = admCtrl_nullStartPreAuth; 436 pAdmCtrl->get802_1x_AkmExists = admCtrlWpa_get802_1x_AkmExists; 437 438 /* set cipher suite */ 439 switch (pAdmCtrl->externalAuthMode) 440 { 441 case RSN_EXT_AUTH_MODE_WPA: 442 case RSN_EXT_AUTH_MODE_WPAPSK: 443 /* The cipher suite should be set by the External source via 444 the Encryption field*/ 445 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X; 446 break; 447 case RSN_EXT_AUTH_MODE_WPANONE: 448 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE; 449 /* Not supported */ 450 default: 451 return TI_NOK; 452 } 453 454 455 paeConfig.authProtocol = pAdmCtrl->externalAuthMode; 456 paeConfig.unicastSuite = pAdmCtrl->unicastSuite; 457 paeConfig.broadcastSuite = pAdmCtrl->broadcastSuite; 458 paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite; 459 /* set default PAE configuration */ 460 status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig); 461 462 return status; 463 } 464 465 466 467 468 TI_STATUS admCtrlWpa_dynamicConfig(admCtrl_t *pAdmCtrl,wpaIeData_t *pWpaData) 469 { 470 TI_STATUS status; 471 TRsnPaeConfig paeConfig; 472 473 474 /* set callback functions (API) */ 475 pAdmCtrl->getInfoElement = admCtrlWpa_getInfoElement; 476 477 switch (pAdmCtrl->externalAuthMode) 478 { 479 case RSN_EXT_AUTH_MODE_WPA: 480 case RSN_EXT_AUTH_MODE_WPAPSK: 481 /* The cipher suite should be set by the External source via 482 the Encryption field*/ 483 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X; 484 break; 485 case RSN_EXT_AUTH_MODE_WPANONE: 486 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE; 487 /* Not supported */ 488 default: 489 return TI_NOK; 490 } 491 492 493 paeConfig.authProtocol = pAdmCtrl->externalAuthMode; 494 paeConfig.unicastSuite = pWpaData->unicastSuite[0]; 495 paeConfig.broadcastSuite = pWpaData->broadcastSuite; 496 paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite; 497 /* set default PAE configuration */ 498 status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig); 499 500 return status; 501 } 502 503 /** 504 * 505 * admCtrlWpa_getInfoElement - Get the current information element. 506 * 507 * \b Description: 508 * 509 * Get the current information element. 510 * 511 * \b ARGS: 512 * 513 * I - pAdmCtrl - context \n 514 * I - pIe - IE buffer \n 515 * I - pLength - length of IE \n 516 * 517 * \b RETURNS: 518 * 519 * TI_OK on success, TI_NOK on failure. 520 * 521 * \sa 522 */ 523 524 TI_STATUS admCtrlWpa_getInfoElement(admCtrl_t *pAdmCtrl, TI_UINT8 *pIe, TI_UINT32 *pLength) 525 { 526 wpaIePacket_t localWpaPkt; 527 wpaIePacket_t *pWpaIePacket; 528 TI_UINT8 length; 529 TI_UINT16 tempInt; 530 TI_STATUS status; 531 TIWLN_SIMPLE_CONFIG_MODE wscMode; 532 533 /* Get Simple-Config state */ 534 status = siteMgr_getParamWSC(pAdmCtrl->pRsn->hSiteMgr, &wscMode); /* SITE_MGR_SIMPLE_CONFIG_MODE */ 535 536 if (pIe==NULL) 537 { 538 *pLength = 0; 539 return TI_NOK; 540 } 541 542 if ((wscMode != TIWLN_SIMPLE_CONFIG_OFF) && 543 (pAdmCtrl->broadcastSuite == TWD_CIPHER_NONE) && 544 (pAdmCtrl->unicastSuite == TWD_CIPHER_NONE)) 545 { 546 *pLength = 0; 547 return TI_OK; 548 } 549 550 /* Check validity of WPA IE */ 551 if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][pAdmCtrl->broadcastSuite]) 552 { /* check Group suite validity */ 553 *pLength = 0; 554 return TI_NOK; 555 } 556 557 558 if (pAdmCtrl->unicastSuite == TWD_CIPHER_WEP) 559 { /* check pairwise suite validity */ 560 *pLength = 0; 561 return TI_NOK; 562 } 563 564 /* Build Wpa IE */ 565 pWpaIePacket = &localWpaPkt; 566 os_memoryZero(pAdmCtrl->hOs, pWpaIePacket, sizeof(wpaIePacket_t)); 567 pWpaIePacket->elementid= WPA_IE_ID; 568 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->oui, wpaIeOuiIe, 3); 569 pWpaIePacket->ouiType = WPA_OUI_DEF_TYPE; 570 571 tempInt = WPA_OUI_MAX_VERSION; 572 COPY_WLAN_WORD(&pWpaIePacket->version, &tempInt); 573 574 length = sizeof(wpaIePacket_t)-2; 575 576 /* check defaults */ 577 if (pAdmCtrl->replayCnt==1) 578 { 579 length -= 2; /* 2: capabilities + 4: keyMng suite, 2: keyMng count*/ 580 #if 0 /* The following was removed since there are APs which do no accept 581 the default WPA IE */ 582 if (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA) 583 { 584 length -= 6; /* 2: capabilities + 4: keyMng suite, 2: keyMng count*/ 585 if (pAdmCtrl->unicastSuite == TWD_CIPHER_TKIP) 586 { 587 length -= 6; /* 4: unicast suite, 2: unicast count */ 588 if (pAdmCtrl->broadcastSuite == TWD_CIPHER_TKIP) 589 { 590 length -= 4; /* broadcast suite */ 591 } 592 } 593 } 594 #endif 595 } 596 597 pWpaIePacket->length = length; 598 *pLength = length+2; 599 600 if (length>=WPA_IE_MIN_DEFAULT_LENGTH) 601 { /* build Capabilities */ 602 pWpaIePacket->capabilities = ENDIAN_HANDLE_WORD(admCtrlWpa_buildCapabilities(pAdmCtrl->replayCnt)); 603 } 604 605 if (length>=WPA_IE_MIN_KEY_MNG_SUITE_LENGTH(1)) 606 { 607 /* build keyMng suite */ 608 609 tempInt = 0x0001; 610 COPY_WLAN_WORD(&pWpaIePacket->authKeyMngSuiteCnt, &tempInt); 611 612 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->authKeyMngSuite, wpaIeOuiIe, 3); 613 614 switch (pAdmCtrl->externalAuthMode) 615 { 616 case RSN_EXT_AUTH_MODE_OPEN: 617 case RSN_EXT_AUTH_MODE_SHARED_KEY: 618 case RSN_EXT_AUTH_MODE_AUTO_SWITCH: 619 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_NONE; 620 break; 621 case RSN_EXT_AUTH_MODE_WPA: 622 { 623 #ifdef XCC_MODULE_INCLUDED 624 TI_UINT8 akmSuite[DOT11_OUI_LEN+1]; 625 626 if (admCtrlXCC_getCckmAkm(pAdmCtrl, akmSuite)) 627 { 628 os_memoryCopy(pAdmCtrl->hOs, (void*)pWpaIePacket->authKeyMngSuite, akmSuite, DOT11_OUI_LEN+1); 629 } 630 else 631 #endif 632 { 633 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_801_1X; 634 } 635 } 636 637 break; 638 639 case RSN_EXT_AUTH_MODE_WPAPSK: 640 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_PSK_801_1X; 641 break; 642 default: 643 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_NONE; 644 break; 645 } 646 647 } 648 649 650 if (length>=WPA_IE_MIN_PAIRWISE_SUITE_LENGTH) 651 { 652 653 #ifdef XCC_MODULE_INCLUDED 654 if ((pAdmCtrl->pRsn->paeConfig.unicastSuite==TWD_CIPHER_CKIP) || 655 (pAdmCtrl->pRsn->paeConfig.broadcastSuite==TWD_CIPHER_CKIP)) 656 { 657 admCtrlXCC_getWpaCipherInfo(pAdmCtrl,pWpaIePacket); 658 } 659 else 660 #endif 661 { 662 663 /* build pairwise suite */ 664 665 tempInt = 0x0001; 666 COPY_WLAN_WORD(&pWpaIePacket->pairwiseSuiteCnt, &tempInt); 667 668 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->pairwiseSuite, wpaIeOuiIe, 3); 669 pWpaIePacket->pairwiseSuite[3] = (TI_UINT8)pAdmCtrl->pRsn->paeConfig.unicastSuite; 670 671 if (length>=WPA_IE_GROUP_SUITE_LENGTH) 672 { /* build group suite */ 673 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->groupSuite, wpaIeOuiIe, 3); 674 pWpaIePacket->groupSuite[3] = (TI_UINT8)pAdmCtrl->pRsn->paeConfig.broadcastSuite; 675 } 676 } 677 } 678 os_memoryCopy(pAdmCtrl->hOs, (TI_UINT8*)pIe, (TI_UINT8*)pWpaIePacket, sizeof(wpaIePacket_t)); 679 return TI_OK; 680 681 } 682 /** 683 * 684 * admCtrlWpa_setSite - Set current primary site parameters for registration. 685 * 686 * \b Description: 687 * 688 * Set current primary site parameters for registration. 689 * 690 * \b ARGS: 691 * 692 * I - pAdmCtrl - context \n 693 * I - pRsnData - site's RSN data \n 694 * O - pAssocIe - result IE of evaluation \n 695 * O - pAssocIeLen - length of result IE of evaluation \n 696 * 697 * \b RETURNS: 698 * 699 * TI_OK on site is aproved, TI_NOK on site is rejected. 700 * 701 * \sa 702 */ 703 TI_STATUS admCtrlWpa_setSite(admCtrl_t *pAdmCtrl, TRsnData *pRsnData, TI_UINT8 *pAssocIe, TI_UINT8 *pAssocIeLen) 704 { 705 TI_STATUS status; 706 paramInfo_t *pParam; 707 TTwdParamInfo tTwdParam; 708 wpaIeData_t wpaData; 709 ECipherSuite encryptionStatus; 710 admCtrlWpa_validity_t *pAdmCtrlWpa_validity=NULL; 711 TI_UINT8 *pWpaIe; 712 TI_UINT8 index; 713 714 *pAssocIeLen = 0; 715 716 if (pRsnData==NULL) 717 { 718 return TI_NOK; 719 } 720 721 pParam = (paramInfo_t *)os_memoryAlloc(pAdmCtrl->hOs, sizeof(paramInfo_t)); 722 if (!pParam) 723 return TI_NOK; 724 725 if (pRsnData->pIe==NULL) 726 { 727 /* configure the MLME module with the 802.11 OPEN authentication suite, 728 THe MLME will configure later the authentication module */ 729 pParam->paramType = MLME_LEGACY_TYPE_PARAM; 730 pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM; 731 status = mlme_setParam(pAdmCtrl->hMlme, pParam); 732 goto adm_ctrl_wpa_end; 733 } 734 735 #ifdef XCC_MODULE_INCLUDED 736 /* Check if Aironet IE exists */ 737 admCtrlXCC_setExtendedParams(pAdmCtrl, pRsnData); 738 #endif /*XCC_MODULE_INCLUDED*/ 739 740 /* Check if any-WPA mode is supported and WPA2 info elem is presented */ 741 /* If yes - perform WPA2 set site procedure */ 742 if(pAdmCtrl->WPAMixedModeEnable && pAdmCtrl->WPAPromoteFlags) 743 { 744 if((admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, RSN_IE_ID)== TI_OK) && 745 (pWpaIe != NULL)) 746 { 747 status = admCtrlWpa2_setSite(pAdmCtrl, pRsnData, pAssocIe, pAssocIeLen); 748 if(status == TI_OK) 749 goto adm_ctrl_wpa_end; 750 } 751 } 752 753 status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, WPA_IE_ID); 754 if (status != TI_OK) 755 { 756 goto adm_ctrl_wpa_end; 757 } 758 status = admCtrlWpa_parseIe(pAdmCtrl, pWpaIe, &wpaData); 759 if (status != TI_OK) 760 { 761 goto adm_ctrl_wpa_end; 762 } 763 if ((wpaData.unicastSuite[0]>=MAX_WPA_CIPHER_SUITE) || 764 (wpaData.broadcastSuite>=MAX_WPA_CIPHER_SUITE) || 765 (pAdmCtrl->unicastSuite>=MAX_WPA_CIPHER_SUITE)) 766 { 767 status = TI_NOK; 768 goto adm_ctrl_wpa_end; 769 } 770 771 pAdmCtrl->encrInSw = wpaData.XCCKp; 772 pAdmCtrl->micInSw = wpaData.XCCMic; 773 774 /*Because ckip is a proprietary encryption for Cisco then a different validity check is needed */ 775 if(wpaData.broadcastSuite == TWD_CIPHER_CKIP || wpaData.unicastSuite[0] == TWD_CIPHER_CKIP) 776 { 777 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 778 /*Funk supplicant can support CCKM only if it configures the driver to TKIP encryption. */ 779 if (encryptionStatus != TWD_CIPHER_TKIP) { 780 status = TI_NOK; 781 goto adm_ctrl_wpa_end; 782 } 783 if (pAdmCtrl->encrInSw) 784 pAdmCtrl->XCCSupport = TI_TRUE; 785 } 786 else 787 { 788 /* Check validity of Group suite */ 789 if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][wpaData.broadcastSuite]) 790 { /* check Group suite validity */ 791 status = TI_NOK; 792 goto adm_ctrl_wpa_end; 793 } 794 795 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 796 for (index=0; index<wpaData.unicastSuiteCnt; index++) 797 { 798 pAdmCtrlWpa_validity = &admCtrlWpa_validityTable[wpaData.unicastSuite[index]][wpaData.broadcastSuite][encryptionStatus]; 799 if (pAdmCtrlWpa_validity->status ==TI_OK) 800 { 801 break; 802 } 803 } 804 805 if (pAdmCtrlWpa_validity->status != TI_OK) 806 { 807 status = pAdmCtrlWpa_validity->status; 808 goto adm_ctrl_wpa_end; 809 } 810 811 /* set cipher suites */ 812 wpaData.unicastSuite[0] = pAdmCtrlWpa_validity->unicast ;/*wpaData.unicastSuite[0];*/ 813 wpaData.broadcastSuite = pAdmCtrlWpa_validity->broadcast; /*wpaData.broadcastSuite;*/ 814 } 815 /* set external auth mode according to the key Mng Suite */ 816 switch (wpaData.KeyMngSuite[0]) 817 { 818 case WPA_IE_KEY_MNG_NONE: 819 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_OPEN; 820 break; 821 case WPA_IE_KEY_MNG_801_1X: 822 #ifdef XCC_MODULE_INCLUDED 823 case WPA_IE_KEY_MNG_CCKM: 824 #endif 825 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPA; 826 break; 827 case WPA_IE_KEY_MNG_PSK_801_1X: 828 #if 0 /* code will remain here until the WSC spec will be closed*/ 829 if ((wpaData.KeyMngSuiteCnt > 1) && (wpaData.KeyMngSuite[1] == WPA_IE_KEY_MNG_801_1X)) 830 { 831 /*WLAN_OS_REPORT (("Overriding for simple-config - setting external auth to MODE WPA\n"));*/ 832 /*pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPA;*/ 833 } 834 else 835 { 836 /*pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPAPSK;*/ 837 } 838 #endif 839 break; 840 default: 841 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_OPEN; 842 break; 843 } 844 845 846 #ifdef XCC_MODULE_INCLUDED 847 pParam->paramType = XCC_CCKM_EXISTS; 848 pParam->content.XCCCckmExists = (wpaData.KeyMngSuite[0]==WPA_IE_KEY_MNG_CCKM) ? TI_TRUE : TI_FALSE; 849 XCCMngr_setParam(pAdmCtrl->hXCCMngr, pParam); 850 #endif 851 /* set replay counter */ 852 pAdmCtrl->replayCnt = wpaData.replayCounters; 853 854 *pAssocIeLen = pRsnData->ieLen; 855 if (pAssocIe != NULL) 856 { 857 os_memoryCopy(pAdmCtrl->hOs, pAssocIe, &wpaData, sizeof(wpaIeData_t)); 858 } 859 860 861 /* Now we configure the MLME module with the 802.11 legacy authentication suite, 862 THe MLME will configure later the authentication module */ 863 pParam->paramType = MLME_LEGACY_TYPE_PARAM; 864 #ifdef XCC_MODULE_INCLUDED 865 if (pAdmCtrl->networkEapMode!=OS_XCC_NETWORK_EAP_OFF) 866 { 867 pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_RESERVED1; 868 } 869 else 870 #endif 871 { 872 pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM; 873 } 874 875 876 status = mlme_setParam(pAdmCtrl->hMlme, pParam); 877 if (status != TI_OK) 878 { 879 goto adm_ctrl_wpa_end; 880 } 881 882 pParam->paramType = RX_DATA_EAPOL_DESTINATION_PARAM; 883 pParam->content.rxDataEapolDestination = OS_ABS_LAYER; 884 status = rxData_setParam(pAdmCtrl->hRx, pParam); 885 if (status != TI_OK) 886 { 887 goto adm_ctrl_wpa_end; 888 } 889 890 /* Configure privacy status in HAL so that HW is prepared to recieve keys */ 891 tTwdParam.paramType = TWD_RSN_SECURITY_MODE_PARAM_ID; 892 tTwdParam.content.rsnEncryptionStatus = (ECipherSuite)wpaData.unicastSuite[0]; 893 status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam); 894 if (status != TI_OK) 895 { 896 goto adm_ctrl_wpa_end; 897 } 898 899 #ifdef XCC_MODULE_INCLUDED 900 901 /* set MIC and KP in HAL */ 902 tTwdParam.paramType = TWD_RSN_XCC_SW_ENC_ENABLE_PARAM_ID; 903 tTwdParam.content.rsnXCCSwEncFlag = wpaData.XCCKp; 904 status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam); 905 if (status != TI_OK) 906 { 907 goto adm_ctrl_wpa_end; 908 } 909 tTwdParam.paramType = TWD_RSN_XCC_MIC_FIELD_ENABLE_PARAM_ID; 910 tTwdParam.content.rsnXCCMicFieldFlag = wpaData.XCCMic; 911 status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam); 912 913 if (status != TI_OK) 914 { 915 goto adm_ctrl_wpa_end; 916 } 917 #endif /*XCC_MODULE_INCLUDED*/ 918 919 /* re-config PAE */ 920 status = admCtrlWpa_dynamicConfig(pAdmCtrl,&wpaData); 921 if (status != TI_OK) 922 { 923 goto adm_ctrl_wpa_end; 924 } 925 adm_ctrl_wpa_end: 926 os_memoryFree(pAdmCtrl->hOs, pParam, sizeof(paramInfo_t)); 927 return status; 928 } 929 930 /** 931 * 932 * admCtrlWpa_evalSite - Evaluate site for registration. 933 * 934 * \b Description: 935 * 936 * evaluate site RSN capabilities against the station's cap. 937 * If the BSS type is infrastructure, the station matches the site only if it's WEP status is same as the site 938 * In IBSS, it does not matter 939 * 940 * \b ARGS: 941 * 942 * I - pAdmCtrl - Context \n 943 * I - pRsnData - site's RSN data \n 944 * O - pEvaluation - Result of evaluation \n 945 * 946 * \b RETURNS: 947 * 948 * TI_OK 949 * 950 * \sa 951 */ 952 TI_STATUS admCtrlWpa_evalSite(admCtrl_t *pAdmCtrl, TRsnData *pRsnData, TRsnSiteParams *pRsnSiteParams, TI_UINT32 *pEvaluation) 953 { 954 TI_STATUS status; 955 wpaIeData_t wpaData; 956 admCtrlWpa_validity_t admCtrlWpa_validity; 957 ECipherSuite encryptionStatus; 958 TIWLN_SIMPLE_CONFIG_MODE wscMode; 959 TI_UINT8 *pWpaIe; 960 TI_UINT8 index; 961 962 /* Get Simple-Config state */ 963 status = siteMgr_getParamWSC(pAdmCtrl->pRsn->hSiteMgr, &wscMode); /* SITE_MGR_SIMPLE_CONFIG_MODE */ 964 965 *pEvaluation = 0; 966 967 if (pRsnData==NULL) 968 { 969 return TI_NOK; 970 } 971 if ((pRsnData->pIe==NULL) && (wscMode == TIWLN_SIMPLE_CONFIG_OFF)) 972 { 973 return TI_NOK; 974 } 975 976 if (pRsnSiteParams->bssType != BSS_INFRASTRUCTURE) 977 { 978 return TI_NOK; 979 } 980 981 /* Set initial values for admCtrlWpa_validity as none*/ 982 admCtrlWpa_validity = admCtrlWpa_validityTable[TWD_CIPHER_NONE][TWD_CIPHER_NONE][TWD_CIPHER_NONE]; 983 984 /* Check if WPA-any mode is supported and WPA2 info elem is presented */ 985 /* If yes - perform WPA2 site evaluation */ 986 if(pAdmCtrl->WPAMixedModeEnable && pAdmCtrl->WPAPromoteFlags) 987 { 988 if((admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, RSN_IE_ID)== TI_OK) && 989 (pWpaIe != NULL)) 990 { 991 status = admCtrlWpa2_evalSite(pAdmCtrl, pRsnData, pRsnSiteParams, pEvaluation); 992 if(status == TI_OK) 993 return status; 994 } 995 } 996 997 status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, WPA_IE_ID); 998 if ((status != TI_OK) && (wscMode == TIWLN_SIMPLE_CONFIG_OFF)) 999 { 1000 return status; 1001 } 1002 /* If found WPA Information Element */ 1003 if (pWpaIe != NULL) 1004 { 1005 status = admCtrlWpa_parseIe(pAdmCtrl, pWpaIe, &wpaData); 1006 if (status != TI_OK) 1007 { 1008 return status; 1009 } 1010 1011 /* check keyMngSuite validity */ 1012 switch (wpaData.KeyMngSuite[0]) 1013 { 1014 case WPA_IE_KEY_MNG_NONE: 1015 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_NONE\n"); 1016 status = (pAdmCtrl->externalAuthMode <= RSN_EXT_AUTH_MODE_AUTO_SWITCH) ? TI_OK : TI_NOK; 1017 break; 1018 case WPA_IE_KEY_MNG_801_1X: 1019 #ifdef XCC_MODULE_INCLUDED 1020 case WPA_IE_KEY_MNG_CCKM: 1021 /* CCKM is allowed only in 802.1x auth */ 1022 #endif 1023 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_801_1X\n"); 1024 status = (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA) ? TI_OK : TI_NOK; 1025 break; 1026 case WPA_IE_KEY_MNG_PSK_801_1X: 1027 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_PSK_801_1X\n"); 1028 status = ((pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPAPSK) || 1029 (wscMode && (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA))) ? TI_OK : TI_NOK; 1030 break; 1031 default: 1032 status = TI_NOK; 1033 break; 1034 } 1035 1036 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: pAdmCtrl->externalAuthMode = %d, Status = %d\n",pAdmCtrl->externalAuthMode,status); 1037 1038 if (status != TI_OK) 1039 { 1040 return status; 1041 } 1042 1043 /*Because ckip is a proprietary encryption for Cisco then a different validity check is needed */ 1044 if(wpaData.broadcastSuite == TWD_CIPHER_CKIP || wpaData.unicastSuite[0] == TWD_CIPHER_CKIP) 1045 { 1046 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 1047 if (encryptionStatus != TWD_CIPHER_TKIP) 1048 return TI_NOK; 1049 } 1050 else 1051 { 1052 /* Check cipher suite validity */ 1053 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 1054 for (index=0; index<wpaData.unicastSuiteCnt; index++) 1055 { 1056 admCtrlWpa_validity = admCtrlWpa_validityTable[wpaData.unicastSuite[index]][wpaData.broadcastSuite][encryptionStatus]; 1057 if (admCtrlWpa_validity.status ==TI_OK) 1058 { 1059 break; 1060 } 1061 } 1062 1063 if (admCtrlWpa_validity.status!=TI_OK) 1064 { 1065 return admCtrlWpa_validity.status; 1066 } 1067 1068 wpaData.broadcastSuite = admCtrlWpa_validity.broadcast; 1069 wpaData.unicastSuite[0] = admCtrlWpa_validity.unicast; 1070 *pEvaluation = admCtrlWpa_validity.evaluation; 1071 } 1072 1073 if ((encryptionStatus == TWD_CIPHER_TKIP) && (pRsnSiteParams->pHTCapabilities->tHdr[0] != TI_FALSE) && (pRsnSiteParams->pHTInfo->tHdr[0] != TI_FALSE)) 1074 { 1075 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION,"Dismiss AP - HT with TKIP is not valid"); 1076 return TI_NOK; /* if the encyption is TKIP and the site does support HT(11n) the site can not be a candidate */ 1077 } 1078 1079 /* Check privacy bit if not in mixed mode */ 1080 if (!pAdmCtrl->mixedMode) 1081 { /* There's no mixed mode, so make sure that the privacy Bit matches the privacy mode*/ 1082 if (((pRsnData->privacy) && (wpaData.unicastSuite[0]==TWD_CIPHER_NONE)) || 1083 ((!pRsnData->privacy) && (wpaData.unicastSuite[0]>TWD_CIPHER_NONE))) 1084 { 1085 *pEvaluation = 0; 1086 } 1087 } 1088 1089 } 1090 else 1091 { 1092 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "didn't find WPA IE\n"); 1093 if (wscMode == TIWLN_SIMPLE_CONFIG_OFF) 1094 return TI_NOK; 1095 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "metric is 1\n"); 1096 *pEvaluation = 1; 1097 pAdmCtrl->broadcastSuite = TWD_CIPHER_NONE; 1098 pAdmCtrl->unicastSuite = TWD_CIPHER_NONE; 1099 } 1100 1101 /* always return TI_OK */ 1102 return TI_OK; 1103 } 1104 1105 1106 /** 1107 * 1108 * admCtrlWpa_parseIe - Parse an WPA information element. 1109 * 1110 * \b Description: 1111 * 1112 * Parse an WPA information element. 1113 * Builds a structure of the unicast adn broadcast cihper suites, 1114 * the key management suite and the capabilities. 1115 * 1116 * \b ARGS: 1117 * 1118 * I - pAdmCtrl - pointer to admCtrl context 1119 * I - pWpaIe - pointer to WPA IE buffer \n 1120 * O - pWpaData - capabilities structure 1121 * 1122 * 1123 * \b RETURNS: 1124 * 1125 * TI_OK on success, TI_NOK on failure. 1126 * 1127 * \sa 1128 */ 1129 TI_STATUS admCtrlWpa_parseIe(admCtrl_t *pAdmCtrl, TI_UINT8 *pWpaIe, wpaIeData_t *pWpaData) 1130 { 1131 1132 wpaIePacket_t *wpaIePacket = (wpaIePacket_t*)pWpaIe; 1133 TI_UINT8 *curWpaIe; 1134 TI_UINT8 curLength = WPA_IE_MIN_LENGTH; 1135 1136 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: DEBUG: admCtrlWpa_parseIe\n\n"); 1137 1138 if ((pWpaData == NULL) || (pWpaIe == NULL)) 1139 { 1140 return TI_NOK; 1141 } 1142 1143 if ((wpaIePacket->length < WPA_IE_MIN_LENGTH) || 1144 (wpaIePacket->elementid != WPA_IE_ID) || 1145 (wpaIePacket->ouiType > WPA_OUI_MAX_TYPE) || (ENDIAN_HANDLE_WORD(wpaIePacket->version) > WPA_OUI_MAX_VERSION) || 1146 (os_memoryCompare(pAdmCtrl->hOs, (TI_UINT8*)wpaIePacket->oui, wpaIeOuiIe, 3))) 1147 { 1148 TRACE7(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_ParseIe Error: length=0x%x, elementid=0x%x, ouiType=0x%x, version=0x%x, oui=0x%x, 0x%x, 0x%x\n", wpaIePacket->length,wpaIePacket->elementid, wpaIePacket->ouiType, wpaIePacket->version, wpaIePacket->oui[0], wpaIePacket->oui[1],wpaIePacket->oui[2]); 1149 1150 return TI_NOK; 1151 } 1152 /* Set default values */ 1153 pWpaData->broadcastSuite = TWD_CIPHER_TKIP; 1154 pWpaData->unicastSuiteCnt = 1; 1155 pWpaData->unicastSuite[0] = TWD_CIPHER_TKIP; 1156 pWpaData->KeyMngSuiteCnt = 1; 1157 pWpaData->KeyMngSuite[0] = (ERsnKeyMngSuite)WPA_IE_KEY_MNG_801_1X; 1158 pWpaData->bcastForUnicatst = 1; 1159 pWpaData->replayCounters = 1; 1160 1161 pWpaData->XCCKp = TI_FALSE; 1162 pWpaData->XCCMic = TI_FALSE; 1163 1164 1165 /* Group Suite */ 1166 if (wpaIePacket->length >= WPA_IE_GROUP_SUITE_LENGTH) 1167 { 1168 pWpaData->broadcastSuite = (ECipherSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, (TI_UINT8 *)wpaIePacket->groupSuite,pWpaData,TWD_CIPHER_WEP104); 1169 curLength = WPA_IE_GROUP_SUITE_LENGTH; 1170 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: GroupSuite%x, broadcast %x \n", wpaIePacket->groupSuite[3], pWpaData->broadcastSuite); 1171 } else 1172 { 1173 return TI_OK; 1174 } 1175 /* Unicast Suite */ 1176 if (wpaIePacket->length >= WPA_IE_MIN_PAIRWISE_SUITE_LENGTH) 1177 { 1178 TI_UINT16 pairWiseSuiteCnt = ENDIAN_HANDLE_WORD(wpaIePacket->pairwiseSuiteCnt); 1179 TI_BOOL cipherSuite[MAX_WPA_UNICAST_SUITES]={TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE , TI_FALSE}; 1180 TI_INT32 index, unicastSuiteIndex=0; 1181 1182 curWpaIe = (TI_UINT8*)&(wpaIePacket->pairwiseSuite); 1183 for (index=0; (index<pairWiseSuiteCnt) && (wpaIePacket->length >= (WPA_IE_MIN_PAIRWISE_SUITE_LENGTH+(index+1)*4)); index++) 1184 { 1185 ECipherSuite curCipherSuite; 1186 1187 curCipherSuite = (ECipherSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, curWpaIe,pWpaData,TWD_CIPHER_WEP104); 1188 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: pairwiseSuite %x , unicast %x \n", curWpaIe[3], curCipherSuite); 1189 1190 if ((curCipherSuite!=TWD_CIPHER_UNKNOWN) && (curCipherSuite<MAX_WPA_UNICAST_SUITES)) 1191 { 1192 cipherSuite[curCipherSuite] = TI_TRUE; 1193 } 1194 curWpaIe +=4; 1195 } 1196 for (index=MAX_WPA_UNICAST_SUITES-1; index>=0; index--) 1197 { 1198 if (cipherSuite[index]) 1199 { 1200 pWpaData->unicastSuite[unicastSuiteIndex] = (ECipherSuite)index; 1201 TRACE1(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: unicast %x \n", pWpaData->unicastSuite[unicastSuiteIndex]); 1202 unicastSuiteIndex++; 1203 } 1204 } 1205 pWpaData->unicastSuiteCnt = unicastSuiteIndex; 1206 curLength = WPA_IE_MIN_KEY_MNG_SUITE_LENGTH(pairWiseSuiteCnt); 1207 1208 } else 1209 { 1210 return TI_OK; 1211 } 1212 /* KeyMng Suite */ 1213 if (wpaIePacket->length >= curLength) 1214 { 1215 TI_UINT16 keyMngSuiteCnt = ENDIAN_HANDLE_WORD(*curWpaIe); 1216 TI_UINT16 index; 1217 ERsnKeyMngSuite maxKeyMngSuite = WPA_IE_KEY_MNG_NONE; 1218 1219 /* Include all AP key management supported suites in the wpaData structure */ 1220 pWpaData->KeyMngSuiteCnt = keyMngSuiteCnt; 1221 1222 curWpaIe +=2; 1223 pAdmCtrl->wpaAkmExists = TI_FALSE; 1224 for (index=0; (index<keyMngSuiteCnt) && (wpaIePacket->length >= (curLength+index*4)); index++) 1225 { 1226 ERsnKeyMngSuite curKeyMngSuite; 1227 1228 #ifdef XCC_MODULE_INCLUDED 1229 curKeyMngSuite = (ERsnKeyMngSuite)admCtrlXCC_parseCckmSuiteVal(pAdmCtrl, curWpaIe); 1230 if (curKeyMngSuite == WPA_IE_KEY_MNG_CCKM) 1231 { /* CCKM is the maximum AKM */ 1232 maxKeyMngSuite = curKeyMngSuite; 1233 } 1234 else 1235 #endif 1236 { 1237 curKeyMngSuite = (ERsnKeyMngSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, curWpaIe,pWpaData,WPA_IE_KEY_MNG_PSK_801_1X); 1238 } 1239 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: authKeyMng %x , keyMng %x \n", curWpaIe[3], curKeyMngSuite); 1240 1241 if ((curKeyMngSuite>maxKeyMngSuite) && (curKeyMngSuite!=WPA_IE_KEY_MNG_NA) 1242 && (curKeyMngSuite!=WPA_IE_KEY_MNG_CCKM)) 1243 { 1244 maxKeyMngSuite = curKeyMngSuite; 1245 } 1246 if (curKeyMngSuite==WPA_IE_KEY_MNG_801_1X) 1247 { /* If 2 AKM exist, save also the second priority */ 1248 pAdmCtrl->wpaAkmExists = TI_TRUE; 1249 } 1250 1251 curWpaIe +=4; 1252 1253 /* Include all AP key management supported suites in the wpaData structure */ 1254 if ((index+1) < MAX_WPA_KEY_MNG_SUITES) 1255 pWpaData->KeyMngSuite[index+1] = curKeyMngSuite; 1256 1257 } 1258 pWpaData->KeyMngSuite[0] = maxKeyMngSuite; 1259 curLength += (index-1)*4; 1260 TRACE1(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: keyMng %x \n", pWpaData->KeyMngSuite[0]); 1261 1262 } else 1263 { 1264 return TI_OK; 1265 } 1266 /* Parse capabilities */ 1267 if (wpaIePacket->length >= (curLength+2)) 1268 { 1269 TI_UINT16 capabilities = ENDIAN_HANDLE_WORD(*((TI_UINT16 *)curWpaIe)); 1270 1271 pWpaData->bcastForUnicatst = (capabilities & WPA_GROUP_4_UNICAST_CAPABILITY_MASK) >> WPA_REPLAY_GROUP4UNI_CAPABILITY_SHIFT; 1272 pWpaData->replayCounters = (capabilities & WPA_REPLAY_COUNTERS_CAPABILITY_MASK) >> WPA_REPLAY_COUNTERS_CAPABILITY_SHIFT; 1273 switch (pWpaData->replayCounters) 1274 { 1275 case 0: pWpaData->replayCounters=1; 1276 break; 1277 case 1: pWpaData->replayCounters=2; 1278 break; 1279 case 2: pWpaData->replayCounters=4; 1280 break; 1281 case 3: pWpaData->replayCounters=16; 1282 break; 1283 default: pWpaData->replayCounters=0; 1284 break; 1285 } 1286 TRACE3(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: capabilities %x, bcastForUnicatst %x, replayCounters %x\n", capabilities, pWpaData->bcastForUnicatst, pWpaData->replayCounters); 1287 1288 } 1289 1290 1291 return TI_OK; 1292 1293 } 1294 1295 1296 TI_UINT16 admCtrlWpa_buildCapabilities(TI_UINT16 replayCnt) 1297 { 1298 TI_UINT16 capabilities=0; 1299 /* Bit1: group key for unicast */ 1300 capabilities = 0; 1301 capabilities = capabilities << WPA_REPLAY_GROUP4UNI_CAPABILITY_SHIFT; 1302 /* Bits 2&3: Replay counter */ 1303 switch (replayCnt) 1304 { 1305 case 1: replayCnt=0; 1306 break; 1307 case 2: replayCnt=1; 1308 break; 1309 case 4: replayCnt=2; 1310 break; 1311 case 16: replayCnt=3; 1312 break; 1313 default: replayCnt=0; 1314 break; 1315 } 1316 1317 capabilities |= replayCnt << WPA_REPLAY_COUNTERS_CAPABILITY_SHIFT; 1318 return capabilities; 1319 1320 } 1321 1322 1323 TI_UINT32 admCtrlWpa_parseSuiteVal(admCtrl_t *pAdmCtrl, TI_UINT8* suiteVal, wpaIeData_t *pWpaData, TI_UINT32 maxVal) 1324 { 1325 TI_UINT32 suite; 1326 1327 if ((pAdmCtrl==NULL) || (suiteVal==NULL)) 1328 { 1329 return TWD_CIPHER_UNKNOWN; 1330 } 1331 if (!os_memoryCompare(pAdmCtrl->hOs, suiteVal, wpaIeOuiIe, 3)) 1332 { 1333 suite = (ECipherSuite)((suiteVal[3]<=maxVal) ? suiteVal[3] : TWD_CIPHER_UNKNOWN); 1334 } else 1335 { 1336 #ifdef XCC_MODULE_INCLUDED 1337 suite = admCtrlXCC_WpaParseSuiteVal(pAdmCtrl,suiteVal,pWpaData); 1338 #else 1339 suite = TWD_CIPHER_UNKNOWN; 1340 #endif 1341 } 1342 return suite; 1343 } 1344 1345 1346 TI_STATUS admCtrlWpa_checkCipherSuiteValidity (ECipherSuite unicastSuite, ECipherSuite broadcastSuite, ECipherSuite encryptionStatus) 1347 { 1348 ECipherSuite maxCipher; 1349 1350 maxCipher = (unicastSuite>=broadcastSuite) ? unicastSuite : broadcastSuite ; 1351 if (maxCipher != encryptionStatus) 1352 { 1353 return TI_NOK; 1354 } 1355 if ((unicastSuite != TWD_CIPHER_NONE) && (broadcastSuite>unicastSuite)) 1356 { 1357 return TI_NOK; 1358 } 1359 return TI_OK; 1360 } 1361 1362 static TI_STATUS admCtrlWpa_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, TI_BOOL *wpa_802_1x_AkmExists) 1363 { 1364 *wpa_802_1x_AkmExists = pAdmCtrl->wpaAkmExists; 1365 return TI_OK; 1366 } 1367 1368 1369 1370