1 /* 2 * admCtrlWpa.c 3 * 4 * Copyright(c) 1998 - 2010 Texas Instruments. All rights reserved. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * * Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * * Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * * Neither the name Texas Instruments nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 /** \file admCtrl.c 35 * \brief Admission control API implimentation 36 * 37 * \see admCtrl.h 38 */ 39 40 /**************************************************************************** 41 * * 42 * MODULE: Admission Control * 43 * PURPOSE: Admission Control Module API * 44 * * 45 ****************************************************************************/ 46 47 #define __FILE_ID__ FILE_ID_19 48 #include "osApi.h" 49 #include "paramOut.h" 50 #include "mlmeApi.h" 51 #include "802_11Defs.h" 52 #include "DataCtrl_Api.h" 53 #include "report.h" 54 #include "rsn.h" 55 #include "admCtrl.h" 56 #include "admCtrlWpa.h" 57 #include "admCtrlWpa2.h" 58 #ifdef XCC_MODULE_INCLUDED 59 #include "admCtrlXCC.h" 60 #include "XCCMngr.h" 61 #endif 62 #include "siteMgrApi.h" 63 #include "TWDriver.h" 64 65 /* Constants */ 66 #define MAX_NETWORK_MODE 2 67 #define MAX_WPA_CIPHER_SUITE 7 68 69 70 71 /* Enumerations */ 72 73 /* Typedefs */ 74 75 /* Structures */ 76 77 /* External data definitions */ 78 79 /* Local functions definitions */ 80 81 /* Global variables */ 82 83 static TI_UINT8 wpaIeOuiIe[3] = { 0x00, 0x50, 0xf2}; 84 85 static TI_BOOL broadcastCipherSuiteValidity[MAX_NETWORK_MODE][MAX_WPA_CIPHER_SUITE]= 86 { 87 /* RSN_IBSS */ { 88 /* NONE */ TI_FALSE, 89 /* WEP40 */ TI_FALSE, 90 /* TKIP */ TI_TRUE, 91 /* AES_WRAP */ TI_TRUE, 92 /* AES_CCMP */ TI_TRUE, 93 /* WEP104 */ TI_FALSE, 94 /* CKIP */ TI_FALSE}, 95 96 /* RSN_INFRASTRUCTURE */ { 97 /* NONE */ TI_FALSE, 98 /* WEP */ TI_TRUE, 99 /* TKIP */ TI_TRUE, 100 /* AES_WRAP */ TI_TRUE, 101 /* AES_CCMP */ TI_TRUE, 102 /* WEP104 */ TI_TRUE, 103 /* CKIP */ TI_TRUE} 104 }; 105 106 /** WPA admission table. Used to verify admission parameters to an AP */ 107 /* table parameters: 108 Max unicast cipher in the IE 109 Max broadcast cipher in the IE 110 Encryption status 111 */ 112 typedef struct 113 { 114 TI_STATUS status; 115 ECipherSuite unicast; 116 ECipherSuite broadcast; 117 TI_UINT8 evaluation; 118 } admCtrlWpa_validity_t; 119 120 static admCtrlWpa_validity_t admCtrlWpa_validityTable[MAX_WPA_CIPHER_SUITE][MAX_WPA_CIPHER_SUITE][MAX_WPA_CIPHER_SUITE] = 121 { 122 /* AP unicast NONE */ { 123 /* AP multicast NONE */ { 124 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 125 /* STA WEP40 */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 126 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 127 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 128 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 129 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 130 /* AP multicast WEP40 */ { 131 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 132 /* STA WEP40 */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP ,1}, 133 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 134 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 135 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 136 /* STA WEP104 */{ TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP104 ,1}}, 137 /* AP multicast TKIP */ { 138 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 139 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 140 /* STA TKIP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_TKIP ,2}, 141 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 142 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 143 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 144 /* AP multicast WRAP */ { 145 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 146 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 147 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 148 /* STA WRAP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_AES_WRAP ,3}, 149 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 150 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 151 /* AP multicast CCMP */ { 152 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 153 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 154 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 155 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 156 /* STA CCMP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_AES_CCMP ,3}, 157 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 158 /* AP multicast WEP104 */ { 159 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 160 /* STA WEP40 */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP ,1}, 161 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 162 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 163 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 164 /* STA WEP104 */{ TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP104 ,1}}}, 165 /* AP unicast WEP */ { 166 /* AP multicast NONE */ { 167 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 168 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 169 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 170 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 171 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 172 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 173 /* AP multicast WEP */ { 174 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 175 /* STA WEP */ { TI_OK, TWD_CIPHER_WEP, TWD_CIPHER_WEP ,1}, 176 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 177 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 178 /* STA CCMP */ { TI_OK, TWD_CIPHER_WEP, TWD_CIPHER_WEP ,1}, 179 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 180 /* AP multicast TKIP */ { 181 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 182 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 183 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 184 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 185 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 186 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 187 /* AP multicast WRAP */ { 188 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 189 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 190 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 191 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 192 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 193 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 194 /* AP multicast CCMP */ { 195 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 196 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 197 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 198 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 199 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 200 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 201 /* AP multicast WEP104 */ { 202 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 203 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 204 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 205 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 206 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 207 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}}, 208 /* AP unicast TKIP */ { 209 /* AP multicast NONE */ { 210 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 211 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 212 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 213 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 214 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 215 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 216 /* AP multicast WEP */ { 217 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 218 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 219 /* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_WEP ,4}, 220 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 221 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 222 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 223 /* AP multicast TKIP */ { 224 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 225 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 226 /* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_TKIP ,7}, 227 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 228 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 229 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 230 /* AP multicast WRAP */ { 231 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 232 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 233 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 234 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 235 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 236 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 237 /* AP multicast CCMP */ { 238 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 239 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 240 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 241 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 242 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 243 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 244 /* AP multicast WEP104 */ { 245 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 246 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 247 /* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_WEP104 ,4}, 248 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 249 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 250 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}}, 251 /* AP unicast AES_WRAP */ { 252 /* AP multicast NONE */ { 253 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 254 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 255 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 256 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 257 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 258 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 259 /* AP multicast WEP40 */ { 260 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 261 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 262 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 263 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_WEP ,5}, 264 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 265 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 266 /* AP multicast TKIP */ { 267 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 268 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 269 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 270 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_TKIP ,6}, 271 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 272 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 273 /* AP multicast WRAP */ { 274 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 275 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 276 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 277 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_AES_WRAP ,8}, 278 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 279 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 280 /* AP multicast CCMP */ { 281 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 282 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 283 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 284 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 285 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 286 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 287 /* AP multicast WEP104 */ { 288 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 289 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 290 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 291 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_WEP104 ,5}, 292 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 293 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}}, 294 /* AP unicast AES_CCMP */ { 295 /* AP multicast NONE */ { 296 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 297 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 298 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 299 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 300 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 301 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 302 /* AP multicast WEP */ { 303 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 304 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 305 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 306 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 307 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_WEP ,5}, 308 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 309 /* AP multicast TKIP */ { 310 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 311 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 312 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 313 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 314 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_TKIP ,6}, 315 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 316 /* AP multicast WRAP */ { 317 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 318 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 319 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 320 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 321 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 322 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 323 /* AP multicast CCMP */ { 324 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 325 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 326 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 327 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 328 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_AES_CCMP ,7}, 329 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 330 /* AP multicast WEP */ { 331 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 332 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 333 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 334 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 335 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_WEP104 ,5}, 336 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}}, 337 /* AP unicast WEP104 */ { 338 /* AP multicast NONE */ { 339 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 340 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 341 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 342 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 343 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 344 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 345 /* AP multicast WEP */ { 346 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 347 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 348 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 349 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 350 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 351 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 352 /* AP multicast TKIP */ { 353 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 354 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 355 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 356 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 357 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 358 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 359 /* AP multicast WRAP */ { 360 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 361 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 362 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 363 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 364 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 365 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 366 /* AP multicast CCMP */ { 367 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 368 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 369 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 370 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 371 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 372 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}, 373 /* AP multicast WEP104 */ { 374 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 375 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 376 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 377 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}, 378 /* STA CCMP */ { TI_OK, TWD_CIPHER_WEP104, TWD_CIPHER_WEP104 ,1}, 379 /* STA WEP104 */{ TI_OK, TWD_CIPHER_WEP104, TWD_CIPHER_WEP104 ,1}}} 380 381 382 }; 383 384 /* Function prototypes */ 385 TI_STATUS admCtrlWpa_parseIe(admCtrl_t *pAdmCtrl, TI_UINT8 *pWpaIe, wpaIeData_t *pWpaData); 386 TI_UINT16 admCtrlWpa_buildCapabilities(TI_UINT16 replayCnt); 387 TI_UINT32 admCtrlWpa_parseSuiteVal(admCtrl_t *pAdmCtrl, TI_UINT8* suiteVal,wpaIeData_t *pWpaData,TI_UINT32 maxVal); 388 TI_STATUS admCtrlWpa_checkCipherSuiteValidity (ECipherSuite unicastSuite, ECipherSuite broadcastSuite, ECipherSuite encryptionStatus); 389 static TI_STATUS admCtrlWpa_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, TI_BOOL *wpa_802_1x_AkmExists); 390 391 392 /** 393 * 394 * admCtrlWpa_config - Configure XCC admission control. 395 * 396 * \b Description: 397 * 398 * Configure XCC admission control. 399 * 400 * \b ARGS: 401 * 402 * I - pAdmCtrl - context \n 403 * 404 * \b RETURNS: 405 * 406 * TI_OK on success, TI_NOK on failure. 407 * 408 * \sa 409 */ 410 TI_STATUS admCtrlWpa_config(admCtrl_t *pAdmCtrl) 411 { 412 TI_STATUS status; 413 TRsnPaeConfig paeConfig; 414 415 /* check and set admission control default parameters */ 416 pAdmCtrl->authSuite = RSN_AUTH_OPEN; 417 if (pAdmCtrl->unicastSuite == TWD_CIPHER_NONE) 418 { 419 pAdmCtrl->unicastSuite = TWD_CIPHER_TKIP; 420 } 421 if (pAdmCtrl->broadcastSuite == TWD_CIPHER_NONE) 422 { 423 pAdmCtrl->broadcastSuite = TWD_CIPHER_TKIP; 424 } 425 426 /* set callback functions (API) */ 427 pAdmCtrl->getInfoElement = admCtrlWpa_getInfoElement; 428 pAdmCtrl->setSite = admCtrlWpa_setSite; 429 pAdmCtrl->evalSite = admCtrlWpa_evalSite; 430 431 pAdmCtrl->getPmkidList = admCtrl_nullGetPMKIDlist; 432 pAdmCtrl->setPmkidList = admCtrl_nullSetPMKIDlist; 433 pAdmCtrl->resetPmkidList = admCtrl_resetPMKIDlist; 434 pAdmCtrl->getPreAuthStatus = admCtrl_nullGetPreAuthStatus; 435 pAdmCtrl->startPreAuth = admCtrl_nullStartPreAuth; 436 pAdmCtrl->get802_1x_AkmExists = admCtrlWpa_get802_1x_AkmExists; 437 438 /* set cipher suite */ 439 switch (pAdmCtrl->externalAuthMode) 440 { 441 case RSN_EXT_AUTH_MODE_WPA: 442 case RSN_EXT_AUTH_MODE_WPAPSK: 443 /* The cipher suite should be set by the External source via 444 the Encryption field*/ 445 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X; 446 break; 447 case RSN_EXT_AUTH_MODE_WPANONE: 448 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE; 449 /* Not supported */ 450 default: 451 return TI_NOK; 452 } 453 454 455 paeConfig.authProtocol = pAdmCtrl->externalAuthMode; 456 paeConfig.unicastSuite = pAdmCtrl->unicastSuite; 457 paeConfig.broadcastSuite = pAdmCtrl->broadcastSuite; 458 paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite; 459 /* set default PAE configuration */ 460 status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig); 461 462 return status; 463 } 464 465 466 467 468 TI_STATUS admCtrlWpa_dynamicConfig(admCtrl_t *pAdmCtrl,wpaIeData_t *pWpaData) 469 { 470 TI_STATUS status; 471 TRsnPaeConfig paeConfig; 472 473 474 /* set callback functions (API) */ 475 pAdmCtrl->getInfoElement = admCtrlWpa_getInfoElement; 476 477 switch (pAdmCtrl->externalAuthMode) 478 { 479 case RSN_EXT_AUTH_MODE_WPA: 480 case RSN_EXT_AUTH_MODE_WPAPSK: 481 /* The cipher suite should be set by the External source via 482 the Encryption field*/ 483 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X; 484 break; 485 case RSN_EXT_AUTH_MODE_WPANONE: 486 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE; 487 /* Not supported */ 488 default: 489 return TI_NOK; 490 } 491 492 493 paeConfig.authProtocol = pAdmCtrl->externalAuthMode; 494 paeConfig.unicastSuite = pWpaData->unicastSuite[0]; 495 paeConfig.broadcastSuite = pWpaData->broadcastSuite; 496 paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite; 497 /* set default PAE configuration */ 498 status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig); 499 500 return status; 501 } 502 503 /** 504 * 505 * admCtrlWpa_getInfoElement - Get the current information element. 506 * 507 * \b Description: 508 * 509 * Get the current information element. 510 * 511 * \b ARGS: 512 * 513 * I - pAdmCtrl - context \n 514 * I - pIe - IE buffer \n 515 * I - pLength - length of IE \n 516 * 517 * \b RETURNS: 518 * 519 * TI_OK on success, TI_NOK on failure. 520 * 521 * \sa 522 */ 523 524 TI_STATUS admCtrlWpa_getInfoElement(admCtrl_t *pAdmCtrl, TI_UINT8 *pIe, TI_UINT32 *pLength) 525 { 526 wpaIePacket_t localWpaPkt; 527 wpaIePacket_t *pWpaIePacket; 528 TI_UINT8 length; 529 TI_UINT16 tempInt; 530 TIWLN_SIMPLE_CONFIG_MODE wscMode; 531 532 /* Get Simple-Config state */ 533 siteMgr_getParamWSC(pAdmCtrl->pRsn->hSiteMgr, &wscMode); /* SITE_MGR_SIMPLE_CONFIG_MODE */ 534 535 if (pIe==NULL) 536 { 537 *pLength = 0; 538 return TI_NOK; 539 } 540 541 if ((wscMode != TIWLN_SIMPLE_CONFIG_OFF) && 542 (pAdmCtrl->broadcastSuite == TWD_CIPHER_NONE) && 543 (pAdmCtrl->unicastSuite == TWD_CIPHER_NONE)) 544 { 545 *pLength = 0; 546 return TI_NOK; 547 } 548 549 /* Check validity of WPA IE */ 550 if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][pAdmCtrl->broadcastSuite]) 551 { /* check Group suite validity */ 552 *pLength = 0; 553 return TI_NOK; 554 } 555 556 557 if (pAdmCtrl->unicastSuite == TWD_CIPHER_WEP) 558 { /* check pairwise suite validity */ 559 *pLength = 0; 560 return TI_NOK; 561 } 562 563 /* Build Wpa IE */ 564 pWpaIePacket = &localWpaPkt; 565 os_memoryZero(pAdmCtrl->hOs, pWpaIePacket, sizeof(wpaIePacket_t)); 566 pWpaIePacket->elementid= WPA_IE_ID; 567 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->oui, wpaIeOuiIe, 3); 568 pWpaIePacket->ouiType = WPA_OUI_DEF_TYPE; 569 570 tempInt = WPA_OUI_MAX_VERSION; 571 COPY_WLAN_WORD(&pWpaIePacket->version, &tempInt); 572 573 length = sizeof(wpaIePacket_t)-2; 574 575 /* check defaults */ 576 if (pAdmCtrl->replayCnt==1) 577 { 578 length -= 2; /* 2: capabilities + 4: keyMng suite, 2: keyMng count*/ 579 #if 0 /* The following was removed since there are APs which do no accept 580 the default WPA IE */ 581 if (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA) 582 { 583 length -= 6; /* 2: capabilities + 4: keyMng suite, 2: keyMng count*/ 584 if (pAdmCtrl->unicastSuite == TWD_CIPHER_TKIP) 585 { 586 length -= 6; /* 4: unicast suite, 2: unicast count */ 587 if (pAdmCtrl->broadcastSuite == TWD_CIPHER_TKIP) 588 { 589 length -= 4; /* broadcast suite */ 590 } 591 } 592 } 593 #endif 594 } 595 596 pWpaIePacket->length = length; 597 *pLength = length+2; 598 599 if (length>=WPA_IE_MIN_DEFAULT_LENGTH) 600 { /* build Capabilities */ 601 pWpaIePacket->capabilities = ENDIAN_HANDLE_WORD(admCtrlWpa_buildCapabilities(pAdmCtrl->replayCnt)); 602 } 603 604 if (length>=WPA_IE_MIN_KEY_MNG_SUITE_LENGTH(1)) 605 { 606 /* build keyMng suite */ 607 608 tempInt = 0x0001; 609 COPY_WLAN_WORD(&pWpaIePacket->authKeyMngSuiteCnt, &tempInt); 610 611 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->authKeyMngSuite, wpaIeOuiIe, 3); 612 613 switch (pAdmCtrl->externalAuthMode) 614 { 615 case RSN_EXT_AUTH_MODE_OPEN: 616 case RSN_EXT_AUTH_MODE_SHARED_KEY: 617 case RSN_EXT_AUTH_MODE_AUTO_SWITCH: 618 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_NONE; 619 break; 620 case RSN_EXT_AUTH_MODE_WPA: 621 { 622 #ifdef XCC_MODULE_INCLUDED 623 TI_UINT8 akmSuite[DOT11_OUI_LEN]; 624 625 if (admCtrlXCC_getCckmAkm(pAdmCtrl, akmSuite)) 626 { 627 os_memoryCopy(pAdmCtrl->hOs, (void*)pWpaIePacket->authKeyMngSuite, akmSuite, DOT11_OUI_LEN); 628 } 629 else 630 #endif 631 { 632 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_801_1X; 633 } 634 } 635 636 break; 637 638 case RSN_EXT_AUTH_MODE_WPAPSK: 639 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_PSK_801_1X; 640 break; 641 default: 642 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_NONE; 643 break; 644 } 645 646 } 647 648 649 if (length>=WPA_IE_MIN_PAIRWISE_SUITE_LENGTH) 650 { 651 652 #ifdef XCC_MODULE_INCLUDED 653 if ((pAdmCtrl->pRsn->paeConfig.unicastSuite==TWD_CIPHER_CKIP) || 654 (pAdmCtrl->pRsn->paeConfig.broadcastSuite==TWD_CIPHER_CKIP)) 655 { 656 admCtrlXCC_getWpaCipherInfo(pAdmCtrl,pWpaIePacket); 657 } 658 else 659 #endif 660 { 661 662 /* build pairwise suite */ 663 664 tempInt = 0x0001; 665 COPY_WLAN_WORD(&pWpaIePacket->pairwiseSuiteCnt, &tempInt); 666 667 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->pairwiseSuite, wpaIeOuiIe, 3); 668 pWpaIePacket->pairwiseSuite[3] = (TI_UINT8)pAdmCtrl->pRsn->paeConfig.unicastSuite; 669 670 if (length>=WPA_IE_GROUP_SUITE_LENGTH) 671 { /* build group suite */ 672 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->groupSuite, wpaIeOuiIe, 3); 673 pWpaIePacket->groupSuite[3] = (TI_UINT8)pAdmCtrl->pRsn->paeConfig.broadcastSuite; 674 } 675 } 676 } 677 os_memoryCopy(pAdmCtrl->hOs, (TI_UINT8*)pIe, (TI_UINT8*)pWpaIePacket, sizeof(wpaIePacket_t)); 678 return TI_OK; 679 680 } 681 /** 682 * 683 * admCtrlWpa_setSite - Set current primary site parameters for registration. 684 * 685 * \b Description: 686 * 687 * Set current primary site parameters for registration. 688 * 689 * \b ARGS: 690 * 691 * I - pAdmCtrl - context \n 692 * I - pRsnData - site's RSN data \n 693 * O - pAssocIe - result IE of evaluation \n 694 * O - pAssocIeLen - length of result IE of evaluation \n 695 * 696 * \b RETURNS: 697 * 698 * TI_OK on site is aproved, TI_NOK on site is rejected. 699 * 700 * \sa 701 */ 702 TI_STATUS admCtrlWpa_setSite(admCtrl_t *pAdmCtrl, TRsnData *pRsnData, TI_UINT8 *pAssocIe, TI_UINT8 *pAssocIeLen) 703 { 704 TI_STATUS status; 705 paramInfo_t *pParam; 706 TTwdParamInfo tTwdParam; 707 wpaIeData_t wpaData; 708 ECipherSuite encryptionStatus; 709 admCtrlWpa_validity_t *pAdmCtrlWpa_validity=NULL; 710 TI_UINT8 *pWpaIe; 711 TI_UINT8 index; 712 713 *pAssocIeLen = 0; 714 715 if (pRsnData==NULL) 716 { 717 return TI_NOK; 718 } 719 720 pParam = (paramInfo_t *)os_memoryAlloc(pAdmCtrl->hOs, sizeof(paramInfo_t)); 721 if (!pParam) 722 { 723 return TI_NOK; 724 } 725 726 if (pRsnData->pIe==NULL) 727 { 728 /* configure the MLME module with the 802.11 OPEN authentication suite, 729 THe MLME will configure later the authentication module */ 730 pParam->paramType = MLME_LEGACY_TYPE_PARAM; 731 pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM; 732 status = mlme_setParam(pAdmCtrl->hMlme, pParam); 733 goto adm_ctrl_wpa_end; 734 } 735 736 #ifdef XCC_MODULE_INCLUDED 737 /* Check if Aironet IE exists */ 738 admCtrlXCC_setExtendedParams(pAdmCtrl, pRsnData); 739 #endif /*XCC_MODULE_INCLUDED*/ 740 741 /* Check if any-WPA mode is supported and WPA2 info elem is presented */ 742 /* If yes - perform WPA2 set site procedure */ 743 if(pAdmCtrl->WPAMixedModeEnable && pAdmCtrl->WPAPromoteFlags) 744 { 745 if((admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, RSN_IE_ID)== TI_OK) && 746 (pWpaIe != NULL)) 747 { 748 status = admCtrlWpa2_setSite(pAdmCtrl, pRsnData, pAssocIe, pAssocIeLen); 749 if(status == TI_OK) 750 goto adm_ctrl_wpa_end; 751 } 752 } 753 754 status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, WPA_IE_ID); 755 if (status != TI_OK) 756 { 757 goto adm_ctrl_wpa_end; 758 } 759 status = admCtrlWpa_parseIe(pAdmCtrl, pWpaIe, &wpaData); 760 if (status != TI_OK) 761 { 762 goto adm_ctrl_wpa_end; 763 } 764 if ((wpaData.unicastSuite[0]>=MAX_WPA_CIPHER_SUITE) || 765 (wpaData.broadcastSuite>=MAX_WPA_CIPHER_SUITE) || 766 (pAdmCtrl->unicastSuite>=MAX_WPA_CIPHER_SUITE)) 767 { 768 status = TI_NOK; 769 goto adm_ctrl_wpa_end; 770 } 771 772 pAdmCtrl->encrInSw = wpaData.XCCKp; 773 pAdmCtrl->micInSw = wpaData.XCCMic; 774 775 /*Because ckip is a proprietary encryption for Cisco then a different validity check is needed */ 776 if(wpaData.broadcastSuite == TWD_CIPHER_CKIP || wpaData.unicastSuite[0] == TWD_CIPHER_CKIP) 777 { 778 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 779 /*Funk supplicant can support CCKM only if it configures the driver to TKIP encryption. */ 780 if (encryptionStatus != TWD_CIPHER_TKIP) { 781 status = TI_NOK; 782 goto adm_ctrl_wpa_end; 783 } 784 if (pAdmCtrl->encrInSw) 785 pAdmCtrl->XCCSupport = TI_TRUE; 786 } 787 else 788 { 789 /* Check validity of Group suite */ 790 if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][wpaData.broadcastSuite]) 791 { /* check Group suite validity */ 792 status = TI_NOK; 793 goto adm_ctrl_wpa_end; 794 } 795 796 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 797 for (index=0; index<wpaData.unicastSuiteCnt; index++) 798 { 799 pAdmCtrlWpa_validity = &admCtrlWpa_validityTable[wpaData.unicastSuite[index]][wpaData.broadcastSuite][encryptionStatus]; 800 if (pAdmCtrlWpa_validity->status ==TI_OK) 801 { 802 break; 803 } 804 } 805 806 if (pAdmCtrlWpa_validity->status != TI_OK) 807 { 808 status = pAdmCtrlWpa_validity->status; 809 goto adm_ctrl_wpa_end; 810 } 811 812 /* set cipher suites */ 813 wpaData.unicastSuite[0] = pAdmCtrlWpa_validity->unicast ;/*wpaData.unicastSuite[0];*/ 814 wpaData.broadcastSuite = pAdmCtrlWpa_validity->broadcast; /*wpaData.broadcastSuite;*/ 815 } 816 /* set external auth mode according to the key Mng Suite */ 817 switch (wpaData.KeyMngSuite[0]) 818 { 819 case WPA_IE_KEY_MNG_NONE: 820 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_OPEN; 821 break; 822 case WPA_IE_KEY_MNG_801_1X: 823 #ifdef XCC_MODULE_INCLUDED 824 case WPA_IE_KEY_MNG_CCKM: 825 #endif 826 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPA; 827 break; 828 case WPA_IE_KEY_MNG_PSK_801_1X: 829 #if 0 /* code will remain here until the WSC spec will be closed*/ 830 if ((wpaData.KeyMngSuiteCnt > 1) && (wpaData.KeyMngSuite[1] == WPA_IE_KEY_MNG_801_1X)) 831 { 832 /*WLAN_OS_REPORT (("Overriding for simple-config - setting external auth to MODE WPA\n"));*/ 833 /*pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPA;*/ 834 } 835 else 836 { 837 /*pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPAPSK;*/ 838 } 839 #endif 840 break; 841 default: 842 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_OPEN; 843 break; 844 } 845 846 847 #ifdef XCC_MODULE_INCLUDED 848 pParam->paramType = XCC_CCKM_EXISTS; 849 pParam->content.XCCCckmExists = (wpaData.KeyMngSuite[0]==WPA_IE_KEY_MNG_CCKM) ? TI_TRUE : TI_FALSE; 850 XCCMngr_setParam(pAdmCtrl->hXCCMngr, pParam); 851 #endif 852 /* set replay counter */ 853 pAdmCtrl->replayCnt = wpaData.replayCounters; 854 855 *pAssocIeLen = pRsnData->ieLen; 856 if (pAssocIe != NULL) 857 { 858 os_memoryCopy(pAdmCtrl->hOs, pAssocIe, &wpaData, sizeof(wpaIeData_t)); 859 } 860 861 862 /* Now we configure the MLME module with the 802.11 legacy authentication suite, 863 THe MLME will configure later the authentication module */ 864 pParam->paramType = MLME_LEGACY_TYPE_PARAM; 865 #ifdef XCC_MODULE_INCLUDED 866 if (pAdmCtrl->networkEapMode!=OS_XCC_NETWORK_EAP_OFF) 867 { 868 pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_RESERVED1; 869 } 870 else 871 #endif 872 { 873 pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM; 874 } 875 876 877 status = mlme_setParam(pAdmCtrl->hMlme, pParam); 878 if (status != TI_OK) 879 { 880 goto adm_ctrl_wpa_end; 881 } 882 883 pParam->paramType = RX_DATA_EAPOL_DESTINATION_PARAM; 884 pParam->content.rxDataEapolDestination = OS_ABS_LAYER; 885 status = rxData_setParam(pAdmCtrl->hRx, pParam); 886 if (status != TI_OK) 887 { 888 goto adm_ctrl_wpa_end; 889 } 890 891 /* Configure privacy status in HAL so that HW is prepared to recieve keys */ 892 tTwdParam.paramType = TWD_RSN_SECURITY_MODE_PARAM_ID; 893 tTwdParam.content.rsnEncryptionStatus = (ECipherSuite)wpaData.unicastSuite[0]; 894 status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam); 895 if (status != TI_OK) 896 { 897 goto adm_ctrl_wpa_end; 898 } 899 900 #ifdef XCC_MODULE_INCLUDED 901 902 /* set MIC and KP in HAL */ 903 tTwdParam.paramType = TWD_RSN_XCC_SW_ENC_ENABLE_PARAM_ID; 904 tTwdParam.content.rsnXCCSwEncFlag = wpaData.XCCKp; 905 status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam); 906 if (status != TI_OK) 907 { 908 goto adm_ctrl_wpa_end; 909 } 910 tTwdParam.paramType = TWD_RSN_XCC_MIC_FIELD_ENABLE_PARAM_ID; 911 tTwdParam.content.rsnXCCMicFieldFlag = wpaData.XCCMic; 912 status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam); 913 914 if (status != TI_OK) 915 { 916 goto adm_ctrl_wpa_end; 917 } 918 #endif /*XCC_MODULE_INCLUDED*/ 919 920 /* re-config PAE */ 921 status = admCtrlWpa_dynamicConfig(pAdmCtrl,&wpaData); 922 if (status != TI_OK) 923 { 924 goto adm_ctrl_wpa_end; 925 } 926 adm_ctrl_wpa_end: 927 os_memoryFree(pAdmCtrl->hOs, pParam, sizeof(paramInfo_t)); 928 return status; 929 } 930 931 /** 932 * 933 * admCtrlWpa_evalSite - Evaluate site for registration. 934 * 935 * \b Description: 936 * 937 * evaluate site RSN capabilities against the station's cap. 938 * If the BSS type is infrastructure, the station matches the site only if it's WEP status is same as the site 939 * In IBSS, it does not matter 940 * 941 * \b ARGS: 942 * 943 * I - pAdmCtrl - Context \n 944 * I - pRsnData - site's RSN data \n 945 * O - pEvaluation - Result of evaluation \n 946 * 947 * \b RETURNS: 948 * 949 * TI_OK 950 * 951 * \sa 952 */ 953 TI_STATUS admCtrlWpa_evalSite(admCtrl_t *pAdmCtrl, TRsnData *pRsnData, TRsnSiteParams *pRsnSiteParams, TI_UINT32 *pEvaluation) 954 { 955 TI_STATUS status; 956 wpaIeData_t wpaData; 957 admCtrlWpa_validity_t admCtrlWpa_validity; 958 ECipherSuite encryptionStatus; 959 TIWLN_SIMPLE_CONFIG_MODE wscMode; 960 TI_UINT8 *pWpaIe; 961 TI_UINT8 index; 962 963 /* Get Simple-Config state */ 964 status = siteMgr_getParamWSC(pAdmCtrl->pRsn->hSiteMgr, &wscMode); /* SITE_MGR_SIMPLE_CONFIG_MODE */ 965 966 *pEvaluation = 0; 967 968 if (pRsnData==NULL) 969 { 970 return TI_NOK; 971 } 972 if ((pRsnData->pIe==NULL) && (wscMode == TIWLN_SIMPLE_CONFIG_OFF)) 973 { 974 return TI_NOK; 975 } 976 977 if (pRsnSiteParams->bssType != BSS_INFRASTRUCTURE) 978 { 979 return TI_NOK; 980 } 981 982 /* Set initial values for admCtrlWpa_validity as none*/ 983 admCtrlWpa_validity = admCtrlWpa_validityTable[TWD_CIPHER_NONE][TWD_CIPHER_NONE][TWD_CIPHER_NONE]; 984 985 /* Check if WPA-any mode is supported and WPA2 info elem is presented */ 986 /* If yes - perform WPA2 site evaluation */ 987 if(pAdmCtrl->WPAMixedModeEnable && pAdmCtrl->WPAPromoteFlags) 988 { 989 if((admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, RSN_IE_ID)== TI_OK) && 990 (pWpaIe != NULL)) 991 { 992 status = admCtrlWpa2_evalSite(pAdmCtrl, pRsnData, pRsnSiteParams, pEvaluation); 993 if(status == TI_OK) 994 return status; 995 } 996 } 997 998 status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, WPA_IE_ID); 999 if ((status != TI_OK) && (wscMode == TIWLN_SIMPLE_CONFIG_OFF)) 1000 { 1001 return status; 1002 } 1003 /* If found WPA Information Element */ 1004 if (pWpaIe != NULL) 1005 { 1006 status = admCtrlWpa_parseIe(pAdmCtrl, pWpaIe, &wpaData); 1007 if (status != TI_OK) 1008 { 1009 return status; 1010 } 1011 1012 /* check keyMngSuite validity */ 1013 switch (wpaData.KeyMngSuite[0]) 1014 { 1015 case WPA_IE_KEY_MNG_NONE: 1016 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_NONE\n"); 1017 status = (pAdmCtrl->externalAuthMode <= RSN_EXT_AUTH_MODE_AUTO_SWITCH) ? TI_OK : TI_NOK; 1018 break; 1019 case WPA_IE_KEY_MNG_801_1X: 1020 #ifdef XCC_MODULE_INCLUDED 1021 case WPA_IE_KEY_MNG_CCKM: 1022 /* CCKM is allowed only in 802.1x auth */ 1023 #endif 1024 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_801_1X\n"); 1025 status = (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA) ? TI_OK : TI_NOK; 1026 break; 1027 case WPA_IE_KEY_MNG_PSK_801_1X: 1028 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_PSK_801_1X\n"); 1029 status = ((pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPAPSK) || 1030 (wscMode && (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA))) ? TI_OK : TI_NOK; 1031 break; 1032 default: 1033 status = TI_NOK; 1034 break; 1035 } 1036 1037 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: pAdmCtrl->externalAuthMode = %d, Status = %d\n",pAdmCtrl->externalAuthMode,status); 1038 1039 if (status != TI_OK) 1040 { 1041 return status; 1042 } 1043 1044 /*Because ckip is a proprietary encryption for Cisco then a different validity check is needed */ 1045 if(wpaData.broadcastSuite == TWD_CIPHER_CKIP || wpaData.unicastSuite[0] == TWD_CIPHER_CKIP) 1046 { 1047 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 1048 if (encryptionStatus != TWD_CIPHER_TKIP) 1049 return TI_NOK; 1050 } 1051 else 1052 { 1053 /* Check cipher suite validity */ 1054 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus); 1055 for (index=0; index<wpaData.unicastSuiteCnt; index++) 1056 { 1057 admCtrlWpa_validity = admCtrlWpa_validityTable[wpaData.unicastSuite[index]][wpaData.broadcastSuite][encryptionStatus]; 1058 if (admCtrlWpa_validity.status ==TI_OK) 1059 { 1060 break; 1061 } 1062 } 1063 1064 if (admCtrlWpa_validity.status!=TI_OK) 1065 { 1066 return admCtrlWpa_validity.status; 1067 } 1068 1069 wpaData.broadcastSuite = admCtrlWpa_validity.broadcast; 1070 wpaData.unicastSuite[0] = admCtrlWpa_validity.unicast; 1071 *pEvaluation = admCtrlWpa_validity.evaluation; 1072 } 1073 1074 /* Check privacy bit if not in mixed mode */ 1075 if (!pAdmCtrl->mixedMode) 1076 { /* There's no mixed mode, so make sure that the privacy Bit matches the privacy mode*/ 1077 if (((pRsnData->privacy) && (wpaData.unicastSuite[0]==TWD_CIPHER_NONE)) || 1078 ((!pRsnData->privacy) && (wpaData.unicastSuite[0]>TWD_CIPHER_NONE))) 1079 { 1080 *pEvaluation = 0; 1081 } 1082 } 1083 1084 } 1085 else 1086 { 1087 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "didn't find WPA IE\n"); 1088 if (wscMode == TIWLN_SIMPLE_CONFIG_OFF) 1089 return TI_NOK; 1090 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "metric is 1\n"); 1091 *pEvaluation = 1; 1092 pAdmCtrl->broadcastSuite = TWD_CIPHER_NONE; 1093 pAdmCtrl->unicastSuite = TWD_CIPHER_NONE; 1094 } 1095 1096 /* always return TI_OK */ 1097 return TI_OK; 1098 } 1099 1100 1101 /** 1102 * 1103 * admCtrlWpa_parseIe - Parse an WPA information element. 1104 * 1105 * \b Description: 1106 * 1107 * Parse an WPA information element. 1108 * Builds a structure of the unicast adn broadcast cihper suites, 1109 * the key management suite and the capabilities. 1110 * 1111 * \b ARGS: 1112 * 1113 * I - pAdmCtrl - pointer to admCtrl context 1114 * I - pWpaIe - pointer to WPA IE buffer \n 1115 * O - pWpaData - capabilities structure 1116 * 1117 * 1118 * \b RETURNS: 1119 * 1120 * TI_OK on success, TI_NOK on failure. 1121 * 1122 * \sa 1123 */ 1124 TI_STATUS admCtrlWpa_parseIe(admCtrl_t *pAdmCtrl, TI_UINT8 *pWpaIe, wpaIeData_t *pWpaData) 1125 { 1126 1127 wpaIePacket_t *wpaIePacket = (wpaIePacket_t*)pWpaIe; 1128 TI_UINT8 *curWpaIe; 1129 TI_UINT8 curLength = WPA_IE_MIN_LENGTH; 1130 1131 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: DEBUG: admCtrlWpa_parseIe\n\n"); 1132 1133 if ((pWpaData == NULL) || (pWpaIe == NULL)) 1134 { 1135 return TI_NOK; 1136 } 1137 1138 if ((wpaIePacket->length < WPA_IE_MIN_LENGTH) || 1139 (wpaIePacket->elementid != WPA_IE_ID) || 1140 (wpaIePacket->ouiType > WPA_OUI_MAX_TYPE) || (ENDIAN_HANDLE_WORD(wpaIePacket->version) > WPA_OUI_MAX_VERSION) || 1141 (os_memoryCompare(pAdmCtrl->hOs, (TI_UINT8*)wpaIePacket->oui, wpaIeOuiIe, 3))) 1142 { 1143 TRACE7(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_ParseIe Error: length=0x%x, elementid=0x%x, ouiType=0x%x, version=0x%x, oui=0x%x, 0x%x, 0x%x\n", wpaIePacket->length,wpaIePacket->elementid, wpaIePacket->ouiType, wpaIePacket->version, wpaIePacket->oui[0], wpaIePacket->oui[1],wpaIePacket->oui[2]); 1144 1145 return TI_NOK; 1146 } 1147 /* Set default values */ 1148 pWpaData->broadcastSuite = TWD_CIPHER_TKIP; 1149 pWpaData->unicastSuiteCnt = 1; 1150 pWpaData->unicastSuite[0] = TWD_CIPHER_TKIP; 1151 pWpaData->KeyMngSuiteCnt = 1; 1152 pWpaData->KeyMngSuite[0] = (ERsnKeyMngSuite)WPA_IE_KEY_MNG_801_1X; 1153 pWpaData->bcastForUnicatst = 1; 1154 pWpaData->replayCounters = 1; 1155 1156 pWpaData->XCCKp = TI_FALSE; 1157 pWpaData->XCCMic = TI_FALSE; 1158 1159 1160 /* Group Suite */ 1161 if (wpaIePacket->length >= WPA_IE_GROUP_SUITE_LENGTH) 1162 { 1163 pWpaData->broadcastSuite = (ECipherSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, (TI_UINT8 *)wpaIePacket->groupSuite,pWpaData,TWD_CIPHER_WEP104); 1164 curLength = WPA_IE_GROUP_SUITE_LENGTH; 1165 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: GroupSuite%x, broadcast %x \n", wpaIePacket->groupSuite[3], pWpaData->broadcastSuite); 1166 } else 1167 { 1168 return TI_OK; 1169 } 1170 /* Unicast Suite */ 1171 if (wpaIePacket->length >= WPA_IE_MIN_PAIRWISE_SUITE_LENGTH) 1172 { 1173 TI_UINT16 pairWiseSuiteCnt = ENDIAN_HANDLE_WORD(wpaIePacket->pairwiseSuiteCnt); 1174 TI_BOOL cipherSuite[MAX_WPA_UNICAST_SUITES]={TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE , TI_FALSE}; 1175 TI_INT32 index, unicastSuiteIndex=0; 1176 1177 curWpaIe = (TI_UINT8*)&(wpaIePacket->pairwiseSuite); 1178 for (index=0; (index<pairWiseSuiteCnt) && (wpaIePacket->length >= (WPA_IE_MIN_PAIRWISE_SUITE_LENGTH+(index+1)*4)); index++) 1179 { 1180 ECipherSuite curCipherSuite; 1181 1182 curCipherSuite = (ECipherSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, curWpaIe,pWpaData,TWD_CIPHER_WEP104); 1183 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: pairwiseSuite %x , unicast %x \n", curWpaIe[3], curCipherSuite); 1184 1185 if ((curCipherSuite!=TWD_CIPHER_UNKNOWN) && (curCipherSuite<MAX_WPA_UNICAST_SUITES)) 1186 { 1187 cipherSuite[curCipherSuite] = TI_TRUE; 1188 } 1189 curWpaIe +=4; 1190 } 1191 for (index=MAX_WPA_UNICAST_SUITES-1; index>=0; index--) 1192 { 1193 if (cipherSuite[index]) 1194 { 1195 pWpaData->unicastSuite[unicastSuiteIndex] = (ECipherSuite)index; 1196 TRACE1(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: unicast %x \n", pWpaData->unicastSuite[unicastSuiteIndex]); 1197 unicastSuiteIndex++; 1198 } 1199 } 1200 pWpaData->unicastSuiteCnt = unicastSuiteIndex; 1201 curLength = WPA_IE_MIN_KEY_MNG_SUITE_LENGTH(pairWiseSuiteCnt); 1202 1203 } else 1204 { 1205 return TI_OK; 1206 } 1207 /* KeyMng Suite */ 1208 if (wpaIePacket->length >= curLength) 1209 { 1210 TI_UINT16 keyMngSuiteCnt = ENDIAN_HANDLE_WORD(*curWpaIe); 1211 TI_UINT16 index; 1212 ERsnKeyMngSuite maxKeyMngSuite = (ERsnKeyMngSuite)WPA_IE_KEY_MNG_NONE; 1213 1214 /* Include all AP key management supported suites in the wpaData structure */ 1215 pWpaData->KeyMngSuiteCnt = keyMngSuiteCnt; 1216 1217 curWpaIe +=2; 1218 pAdmCtrl->wpaAkmExists = TI_FALSE; 1219 for (index=0; (index<keyMngSuiteCnt) && (wpaIePacket->length >= (curLength+index*4)); index++) 1220 { 1221 ERsnKeyMngSuite curKeyMngSuite; 1222 1223 #ifdef XCC_MODULE_INCLUDED 1224 curKeyMngSuite = (ERsnKeyMngSuite)admCtrlXCC_parseCckmSuiteVal(pAdmCtrl, curWpaIe); 1225 if (curKeyMngSuite == WPA_IE_KEY_MNG_CCKM) 1226 { /* CCKM is the maximum AKM */ 1227 maxKeyMngSuite = curKeyMngSuite; 1228 } 1229 else 1230 #endif 1231 { 1232 curKeyMngSuite = (ERsnKeyMngSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, curWpaIe,pWpaData,WPA_IE_KEY_MNG_PSK_801_1X); 1233 } 1234 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: authKeyMng %x , keyMng %x \n", curWpaIe[3], curKeyMngSuite); 1235 1236 if ((curKeyMngSuite>maxKeyMngSuite) && (curKeyMngSuite!=WPA_IE_KEY_MNG_NA) 1237 && (curKeyMngSuite!=WPA_IE_KEY_MNG_CCKM)) 1238 { 1239 maxKeyMngSuite = curKeyMngSuite; 1240 } 1241 if (curKeyMngSuite==WPA_IE_KEY_MNG_801_1X) 1242 { /* If 2 AKM exist, save also the second priority */ 1243 pAdmCtrl->wpaAkmExists = TI_TRUE; 1244 } 1245 1246 curWpaIe +=4; 1247 1248 /* Include all AP key management supported suites in the wpaData structure */ 1249 if ((index+1) < MAX_WPA_KEY_MNG_SUITES) 1250 pWpaData->KeyMngSuite[index+1] = curKeyMngSuite; 1251 1252 } 1253 pWpaData->KeyMngSuite[0] = maxKeyMngSuite; 1254 curLength += (index-1)*4; 1255 TRACE1(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: keyMng %x \n", pWpaData->KeyMngSuite[0]); 1256 1257 } else 1258 { 1259 return TI_OK; 1260 } 1261 /* Parse capabilities */ 1262 if (wpaIePacket->length >= (curLength+2)) 1263 { 1264 TI_UINT16 capabilities = ENDIAN_HANDLE_WORD(*((TI_UINT16 *)curWpaIe)); 1265 1266 pWpaData->bcastForUnicatst = (capabilities & WPA_GROUP_4_UNICAST_CAPABILITY_MASK) >> WPA_REPLAY_GROUP4UNI_CAPABILITY_SHIFT; 1267 pWpaData->replayCounters = (capabilities & WPA_REPLAY_COUNTERS_CAPABILITY_MASK) >> WPA_REPLAY_COUNTERS_CAPABILITY_SHIFT; 1268 switch (pWpaData->replayCounters) 1269 { 1270 case 0: pWpaData->replayCounters=1; 1271 break; 1272 case 1: pWpaData->replayCounters=2; 1273 break; 1274 case 2: pWpaData->replayCounters=4; 1275 break; 1276 case 3: pWpaData->replayCounters=16; 1277 break; 1278 default: pWpaData->replayCounters=0; 1279 break; 1280 } 1281 TRACE3(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: capabilities %x, bcastForUnicatst %x, replayCounters %x\n", capabilities, pWpaData->bcastForUnicatst, pWpaData->replayCounters); 1282 1283 } 1284 1285 1286 return TI_OK; 1287 1288 } 1289 1290 1291 TI_UINT16 admCtrlWpa_buildCapabilities(TI_UINT16 replayCnt) 1292 { 1293 TI_UINT16 capabilities=0; 1294 /* Bit1: group key for unicast */ 1295 capabilities = 0; 1296 capabilities = capabilities << WPA_REPLAY_GROUP4UNI_CAPABILITY_SHIFT; 1297 /* Bits 2&3: Replay counter */ 1298 switch (replayCnt) 1299 { 1300 case 1: replayCnt=0; 1301 break; 1302 case 2: replayCnt=1; 1303 break; 1304 case 4: replayCnt=2; 1305 break; 1306 case 16: replayCnt=3; 1307 break; 1308 default: replayCnt=0; 1309 break; 1310 } 1311 1312 capabilities |= replayCnt << WPA_REPLAY_COUNTERS_CAPABILITY_SHIFT; 1313 return capabilities; 1314 1315 } 1316 1317 1318 TI_UINT32 admCtrlWpa_parseSuiteVal(admCtrl_t *pAdmCtrl, TI_UINT8* suiteVal, wpaIeData_t *pWpaData, TI_UINT32 maxVal) 1319 { 1320 TI_UINT32 suite; 1321 1322 if ((pAdmCtrl==NULL) || (suiteVal==NULL)) 1323 { 1324 return TWD_CIPHER_UNKNOWN; 1325 } 1326 if (!os_memoryCompare(pAdmCtrl->hOs, suiteVal, wpaIeOuiIe, 3)) 1327 { 1328 suite = (ECipherSuite)((suiteVal[3]<=maxVal) ? suiteVal[3] : TWD_CIPHER_UNKNOWN); 1329 } else 1330 { 1331 #ifdef XCC_MODULE_INCLUDED 1332 suite = admCtrlXCC_WpaParseSuiteVal(pAdmCtrl,suiteVal,pWpaData); 1333 #else 1334 suite = TWD_CIPHER_UNKNOWN; 1335 #endif 1336 } 1337 return suite; 1338 } 1339 1340 1341 TI_STATUS admCtrlWpa_checkCipherSuiteValidity (ECipherSuite unicastSuite, ECipherSuite broadcastSuite, ECipherSuite encryptionStatus) 1342 { 1343 ECipherSuite maxCipher; 1344 1345 maxCipher = (unicastSuite>=broadcastSuite) ? unicastSuite : broadcastSuite ; 1346 if (maxCipher != encryptionStatus) 1347 { 1348 return TI_NOK; 1349 } 1350 if ((unicastSuite != TWD_CIPHER_NONE) && (broadcastSuite>unicastSuite)) 1351 { 1352 return TI_NOK; 1353 } 1354 return TI_OK; 1355 } 1356 1357 static TI_STATUS admCtrlWpa_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, TI_BOOL *wpa_802_1x_AkmExists) 1358 { 1359 *wpa_802_1x_AkmExists = pAdmCtrl->wpaAkmExists; 1360 return TI_OK; 1361 } 1362 1363 1364 1365
