diff options
Diffstat (limited to 'qemu/roms/ipxe/src/net/80211')
-rw-r--r-- | qemu/roms/ipxe/src/net/80211/net80211.c | 2838 | ||||
-rw-r--r-- | qemu/roms/ipxe/src/net/80211/rc80211.c | 372 | ||||
-rw-r--r-- | qemu/roms/ipxe/src/net/80211/sec80211.c | 518 | ||||
-rw-r--r-- | qemu/roms/ipxe/src/net/80211/wep.c | 304 | ||||
-rw-r--r-- | qemu/roms/ipxe/src/net/80211/wpa.c | 916 | ||||
-rw-r--r-- | qemu/roms/ipxe/src/net/80211/wpa_ccmp.c | 530 | ||||
-rw-r--r-- | qemu/roms/ipxe/src/net/80211/wpa_psk.c | 127 | ||||
-rw-r--r-- | qemu/roms/ipxe/src/net/80211/wpa_tkip.c | 588 |
8 files changed, 0 insertions, 6193 deletions
diff --git a/qemu/roms/ipxe/src/net/80211/net80211.c b/qemu/roms/ipxe/src/net/80211/net80211.c deleted file mode 100644 index d4970ad5c..000000000 --- a/qemu/roms/ipxe/src/net/80211/net80211.c +++ /dev/null @@ -1,2838 +0,0 @@ -/* - * The iPXE 802.11 MAC layer. - * - * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -FILE_LICENCE ( GPL2_OR_LATER ); - -#include <string.h> -#include <byteswap.h> -#include <stdlib.h> -#include <unistd.h> -#include <errno.h> -#include <ipxe/settings.h> -#include <ipxe/if_arp.h> -#include <ipxe/ethernet.h> -#include <ipxe/ieee80211.h> -#include <ipxe/netdevice.h> -#include <ipxe/net80211.h> -#include <ipxe/sec80211.h> -#include <ipxe/timer.h> -#include <ipxe/nap.h> -#include <ipxe/errortab.h> -#include <ipxe/net80211_err.h> - -/** @file - * - * 802.11 device management - */ - -/** List of 802.11 devices */ -static struct list_head net80211_devices = LIST_HEAD_INIT ( net80211_devices ); - -/** Set of device operations that does nothing */ -static struct net80211_device_operations net80211_null_ops; - -/** Information associated with a received management packet - * - * This is used to keep beacon signal strengths in a parallel queue to - * the beacons themselves. - */ -struct net80211_rx_info { - int signal; - struct list_head list; -}; - -/** Context for a probe operation */ -struct net80211_probe_ctx { - /** 802.11 device to probe on */ - struct net80211_device *dev; - - /** Value of keep_mgmt before probe was started */ - int old_keep_mgmt; - - /** If scanning actively, pointer to probe packet to send */ - struct io_buffer *probe; - - /** If non-"", the ESSID to limit ourselves to */ - const char *essid; - - /** Time probe was started */ - u32 ticks_start; - - /** Time last useful beacon was received */ - u32 ticks_beacon; - - /** Time channel was last changed */ - u32 ticks_channel; - - /** Time to stay on each channel */ - u32 hop_time; - - /** Channels to hop by when changing channel */ - int hop_step; - - /** List of best beacons for each network found so far */ - struct list_head *beacons; -}; - -/** Context for the association task */ -struct net80211_assoc_ctx { - /** Next authentication method to try using */ - int method; - - /** Time (in ticks) of the last sent association-related packet */ - int last_packet; - - /** Number of times we have tried sending it */ - int times_tried; -}; - -/** - * Detect secure 802.11 network when security support is not available - * - * @return -ENOTSUP, always. - */ -__weak int sec80211_detect ( struct io_buffer *iob __unused, - enum net80211_security_proto *secprot __unused, - enum net80211_crypto_alg *crypt __unused ) { - return -ENOTSUP; -} - -/** - * @defgroup net80211_netdev Network device interface functions - * @{ - */ -static int net80211_netdev_open ( struct net_device *netdev ); -static void net80211_netdev_close ( struct net_device *netdev ); -static int net80211_netdev_transmit ( struct net_device *netdev, - struct io_buffer *iobuf ); -static void net80211_netdev_poll ( struct net_device *netdev ); -static void net80211_netdev_irq ( struct net_device *netdev, int enable ); -/** @} */ - -/** - * @defgroup net80211_linklayer 802.11 link-layer protocol functions - * @{ - */ -static int net80211_ll_push ( struct net_device *netdev, - struct io_buffer *iobuf, const void *ll_dest, - const void *ll_source, uint16_t net_proto ); -static int net80211_ll_pull ( struct net_device *netdev, - struct io_buffer *iobuf, const void **ll_dest, - const void **ll_source, uint16_t * net_proto, - unsigned int *flags ); -/** @} */ - -/** - * @defgroup net80211_help 802.11 helper functions - * @{ - */ -static void net80211_add_channels ( struct net80211_device *dev, int start, - int len, int txpower ); -static void net80211_filter_hw_channels ( struct net80211_device *dev ); -static void net80211_set_rtscts_rate ( struct net80211_device *dev ); -static int net80211_process_capab ( struct net80211_device *dev, - u16 capab ); -static int net80211_process_ie ( struct net80211_device *dev, - union ieee80211_ie *ie, void *ie_end ); -static union ieee80211_ie * -net80211_marshal_request_info ( struct net80211_device *dev, - union ieee80211_ie *ie ); -/** @} */ - -/** - * @defgroup net80211_assoc_ll 802.11 association handling functions - * @{ - */ -static void net80211_step_associate ( struct net80211_device *dev ); -static void net80211_handle_auth ( struct net80211_device *dev, - struct io_buffer *iob ); -static void net80211_handle_assoc_reply ( struct net80211_device *dev, - struct io_buffer *iob ); -static int net80211_send_disassoc ( struct net80211_device *dev, int reason, - int deauth ); -static void net80211_handle_mgmt ( struct net80211_device *dev, - struct io_buffer *iob, int signal ); -/** @} */ - -/** - * @defgroup net80211_frag 802.11 fragment handling functions - * @{ - */ -static void net80211_free_frags ( struct net80211_device *dev, int fcid ); -static struct io_buffer *net80211_accum_frags ( struct net80211_device *dev, - int fcid, int nfrags, int size ); -static void net80211_rx_frag ( struct net80211_device *dev, - struct io_buffer *iob, int signal ); -/** @} */ - -/** - * @defgroup net80211_settings 802.11 settings handlers - * @{ - */ -static int net80211_check_settings_update ( void ); - -/** 802.11 settings applicator - * - * When the SSID is changed, this will cause any open devices to - * re-associate; when the encryption key is changed, we similarly - * update their state. - */ -struct settings_applicator net80211_applicator __settings_applicator = { - .apply = net80211_check_settings_update, -}; - -/** The network name to associate with - * - * If this is blank, we scan for all networks and use the one with the - * greatest signal strength. - */ -const struct setting net80211_ssid_setting __setting ( SETTING_NETDEV_EXTRA, - ssid ) = { - .name = "ssid", - .description = "Wireless SSID", - .type = &setting_type_string, -}; - -/** Whether to use active scanning - * - * In order to associate with a hidden SSID, it's necessary to use an - * active scan (send probe packets). If this setting is nonzero, an - * active scan on the 2.4GHz band will be used to associate. - */ -const struct setting net80211_active_setting __setting ( SETTING_NETDEV_EXTRA, - active-scan ) = { - .name = "active-scan", - .description = "Actively scan for wireless networks", - .type = &setting_type_int8, -}; - -/** The cryptographic key to use - * - * For hex WEP keys, as is common, this must be entered using the - * normal iPXE method for entering hex settings; an ASCII string of - * hex characters will not behave as expected. - */ -const struct setting net80211_key_setting __setting ( SETTING_NETDEV_EXTRA, - key ) = { - .name = "key", - .description = "Wireless encryption key", - .type = &setting_type_string, -}; - -/** @} */ - - -/* ---------- net_device wrapper ---------- */ - -/** - * Open 802.11 device and start association - * - * @v netdev Wrapping network device - * @ret rc Return status code - * - * This sets up a default conservative set of channels for probing, - * and starts the auto-association task unless the @c - * NET80211_NO_ASSOC flag is set in the wrapped 802.11 device's @c - * state field. - */ -static int net80211_netdev_open ( struct net_device *netdev ) -{ - struct net80211_device *dev = netdev->priv; - int rc = 0; - - if ( dev->op == &net80211_null_ops ) - return -EFAULT; - - if ( dev->op->open ) - rc = dev->op->open ( dev ); - - if ( rc < 0 ) - return rc; - - if ( ! ( dev->state & NET80211_NO_ASSOC ) ) - net80211_autoassociate ( dev ); - - return 0; -} - -/** - * Close 802.11 device - * - * @v netdev Wrapping network device. - * - * If the association task is running, this will stop it. - */ -static void net80211_netdev_close ( struct net_device *netdev ) -{ - struct net80211_device *dev = netdev->priv; - - if ( dev->state & NET80211_WORKING ) - process_del ( &dev->proc_assoc ); - - /* Send disassociation frame to AP, to be polite */ - if ( dev->state & NET80211_ASSOCIATED ) - net80211_send_disassoc ( dev, IEEE80211_REASON_LEAVING, 0 ); - - if ( dev->handshaker && dev->handshaker->stop && - dev->handshaker->started ) - dev->handshaker->stop ( dev ); - - free ( dev->crypto ); - free ( dev->handshaker ); - dev->crypto = NULL; - dev->handshaker = NULL; - - netdev_link_down ( netdev ); - dev->state = 0; - - if ( dev->op->close ) - dev->op->close ( dev ); -} - -/** - * Transmit packet on 802.11 device - * - * @v netdev Wrapping network device - * @v iobuf I/O buffer - * @ret rc Return status code - * - * If encryption is enabled for the currently associated network, the - * packet will be encrypted prior to transmission. - */ -static int net80211_netdev_transmit ( struct net_device *netdev, - struct io_buffer *iobuf ) -{ - struct net80211_device *dev = netdev->priv; - struct ieee80211_frame *hdr = iobuf->data; - int rc = -ENOSYS; - - if ( dev->crypto && ! ( hdr->fc & IEEE80211_FC_PROTECTED ) && - ( ( hdr->fc & IEEE80211_FC_TYPE ) == IEEE80211_TYPE_DATA ) ) { - struct io_buffer *niob = dev->crypto->encrypt ( dev->crypto, - iobuf ); - if ( ! niob ) - return -ENOMEM; /* only reason encryption could fail */ - - /* Free the non-encrypted iob */ - netdev_tx_complete ( netdev, iobuf ); - - /* Transmit the encrypted iob; the Protected flag is - set, so we won't recurse into here again */ - netdev_tx ( netdev, niob ); - - /* Don't transmit the freed packet */ - return 0; - } - - if ( dev->op->transmit ) - rc = dev->op->transmit ( dev, iobuf ); - - return rc; -} - -/** - * Poll 802.11 device for received packets and completed transmissions - * - * @v netdev Wrapping network device - */ -static void net80211_netdev_poll ( struct net_device *netdev ) -{ - struct net80211_device *dev = netdev->priv; - - if ( dev->op->poll ) - dev->op->poll ( dev ); -} - -/** - * Enable or disable interrupts for 802.11 device - * - * @v netdev Wrapping network device - * @v enable Whether to enable interrupts - */ -static void net80211_netdev_irq ( struct net_device *netdev, int enable ) -{ - struct net80211_device *dev = netdev->priv; - - if ( dev->op->irq ) - dev->op->irq ( dev, enable ); -} - -/** Network device operations for a wrapped 802.11 device */ -static struct net_device_operations net80211_netdev_ops = { - .open = net80211_netdev_open, - .close = net80211_netdev_close, - .transmit = net80211_netdev_transmit, - .poll = net80211_netdev_poll, - .irq = net80211_netdev_irq, -}; - - -/* ---------- 802.11 link-layer protocol ---------- */ - -/** - * Determine whether a transmission rate uses ERP/OFDM - * - * @v rate Rate in 100 kbps units - * @ret is_erp TRUE if the rate is an ERP/OFDM rate - * - * 802.11b supports rates of 1.0, 2.0, 5.5, and 11.0 Mbps; any other - * rate than these on the 2.4GHz spectrum is an ERP (802.11g) rate. - */ -static inline int net80211_rate_is_erp ( u16 rate ) -{ - if ( rate == 10 || rate == 20 || rate == 55 || rate == 110 ) - return 0; - return 1; -} - - -/** - * Calculate one frame's contribution to 802.11 duration field - * - * @v dev 802.11 device - * @v bytes Amount of data to calculate duration for - * @ret dur Duration field in microseconds - * - * To avoid multiple stations attempting to transmit at once, 802.11 - * provides that every packet shall include a duration field - * specifying a length of time for which the wireless medium will be - * reserved after it is transmitted. The duration is measured in - * microseconds and is calculated with respect to the current - * physical-layer parameters of the 802.11 device. - * - * For an unfragmented data or management frame, or the last fragment - * of a fragmented frame, the duration captures only the 10 data bytes - * of one ACK; call once with bytes = 10. - * - * For a fragment of a data or management rame that will be followed - * by more fragments, the duration captures an ACK, the following - * fragment, and its ACK; add the results of three calls, two with - * bytes = 10 and one with bytes set to the next fragment's size. - * - * For an RTS control frame, the duration captures the responding CTS, - * the frame being sent, and its ACK; add the results of three calls, - * two with bytes = 10 and one with bytes set to the next frame's size - * (assuming unfragmented). - * - * For a CTS-to-self control frame, the duration captures the frame - * being protected and its ACK; add the results of two calls, one with - * bytes = 10 and one with bytes set to the next frame's size. - * - * No other frame types are currently supported by iPXE. - */ -u16 net80211_duration ( struct net80211_device *dev, int bytes, u16 rate ) -{ - struct net80211_channel *chan = &dev->channels[dev->channel]; - u32 kbps = rate * 100; - - if ( chan->band == NET80211_BAND_5GHZ || net80211_rate_is_erp ( rate ) ) { - /* OFDM encoding (802.11a/g) */ - int bits_per_symbol = ( kbps * 4 ) / 1000; /* 4us/symbol */ - int bits = 22 + ( bytes << 3 ); /* 22-bit PLCP */ - int symbols = ( bits + bits_per_symbol - 1 ) / bits_per_symbol; - - return 16 + 20 + ( symbols * 4 ); /* 16us SIFS, 20us preamble */ - } else { - /* CCK encoding (802.11b) */ - int phy_time = 144 + 48; /* preamble + PLCP */ - int bits = bytes << 3; - int data_time = ( bits * 1000 + kbps - 1 ) / kbps; - - if ( dev->phy_flags & NET80211_PHY_USE_SHORT_PREAMBLE ) - phy_time >>= 1; - - return 10 + phy_time + data_time; /* 10us SIFS */ - } -} - -/** - * Add 802.11 link-layer header - * - * @v netdev Wrapping network device - * @v iobuf I/O buffer - * @v ll_dest Link-layer destination address - * @v ll_source Link-layer source address - * @v net_proto Network-layer protocol, in network byte order - * @ret rc Return status code - * - * This adds both the 802.11 frame header and the 802.2 LLC/SNAP - * header used on data packets. - * - * We also check here for state of the link that would make it invalid - * to send a data packet; every data packet must pass through here, - * and no non-data packet (e.g. management frame) should. - */ -static int net80211_ll_push ( struct net_device *netdev, - struct io_buffer *iobuf, const void *ll_dest, - const void *ll_source, uint16_t net_proto ) -{ - struct net80211_device *dev = netdev->priv; - struct ieee80211_frame *hdr = iob_push ( iobuf, - IEEE80211_LLC_HEADER_LEN + - IEEE80211_TYP_FRAME_HEADER_LEN ); - struct ieee80211_llc_snap_header *lhdr = - ( void * ) hdr + IEEE80211_TYP_FRAME_HEADER_LEN; - - /* We can't send data packets if we're not associated. */ - if ( ! ( dev->state & NET80211_ASSOCIATED ) ) { - if ( dev->assoc_rc ) - return dev->assoc_rc; - return -ENETUNREACH; - } - - hdr->fc = IEEE80211_THIS_VERSION | IEEE80211_TYPE_DATA | - IEEE80211_STYPE_DATA | IEEE80211_FC_TODS; - - /* We don't send fragmented frames, so duration is the time - for an SIFS + 10-byte ACK. */ - hdr->duration = net80211_duration ( dev, 10, dev->rates[dev->rate] ); - - memcpy ( hdr->addr1, dev->bssid, ETH_ALEN ); - memcpy ( hdr->addr2, ll_source, ETH_ALEN ); - memcpy ( hdr->addr3, ll_dest, ETH_ALEN ); - - hdr->seq = IEEE80211_MAKESEQ ( ++dev->last_tx_seqnr, 0 ); - - lhdr->dsap = IEEE80211_LLC_DSAP; - lhdr->ssap = IEEE80211_LLC_SSAP; - lhdr->ctrl = IEEE80211_LLC_CTRL; - memset ( lhdr->oui, 0x00, 3 ); - lhdr->ethertype = net_proto; - - return 0; -} - -/** - * Remove 802.11 link-layer header - * - * @v netdev Wrapping network device - * @v iobuf I/O buffer - * @ret ll_dest Link-layer destination address - * @ret ll_source Link-layer source - * @ret net_proto Network-layer protocol, in network byte order - * @ret flags Packet flags - * @ret rc Return status code - * - * This expects and removes both the 802.11 frame header and the 802.2 - * LLC/SNAP header that are used on data packets. - */ -static int net80211_ll_pull ( struct net_device *netdev __unused, - struct io_buffer *iobuf, - const void **ll_dest, const void **ll_source, - uint16_t * net_proto, unsigned int *flags ) -{ - struct ieee80211_frame *hdr = iobuf->data; - struct ieee80211_llc_snap_header *lhdr = - ( void * ) hdr + IEEE80211_TYP_FRAME_HEADER_LEN; - - /* Bunch of sanity checks */ - if ( iob_len ( iobuf ) < IEEE80211_TYP_FRAME_HEADER_LEN + - IEEE80211_LLC_HEADER_LEN ) { - DBGC ( netdev->priv, "802.11 %p packet too short (%zd bytes)\n", - netdev->priv, iob_len ( iobuf ) ); - return -EINVAL_PKT_TOO_SHORT; - } - - if ( ( hdr->fc & IEEE80211_FC_VERSION ) != IEEE80211_THIS_VERSION ) { - DBGC ( netdev->priv, "802.11 %p packet invalid version %04x\n", - netdev->priv, hdr->fc & IEEE80211_FC_VERSION ); - return -EINVAL_PKT_VERSION; - } - - if ( ( hdr->fc & IEEE80211_FC_TYPE ) != IEEE80211_TYPE_DATA || - ( hdr->fc & IEEE80211_FC_SUBTYPE ) != IEEE80211_STYPE_DATA ) { - DBGC ( netdev->priv, "802.11 %p packet not data/data (fc=%04x)\n", - netdev->priv, hdr->fc ); - return -EINVAL_PKT_NOT_DATA; - } - - if ( ( hdr->fc & ( IEEE80211_FC_TODS | IEEE80211_FC_FROMDS ) ) != - IEEE80211_FC_FROMDS ) { - DBGC ( netdev->priv, "802.11 %p packet not from DS (fc=%04x)\n", - netdev->priv, hdr->fc ); - return -EINVAL_PKT_NOT_FROMDS; - } - - if ( lhdr->dsap != IEEE80211_LLC_DSAP || lhdr->ssap != IEEE80211_LLC_SSAP || - lhdr->ctrl != IEEE80211_LLC_CTRL || lhdr->oui[0] || lhdr->oui[1] || - lhdr->oui[2] ) { - DBGC ( netdev->priv, "802.11 %p LLC header is not plain EtherType " - "encapsulator: %02x->%02x [%02x] %02x:%02x:%02x %04x\n", - netdev->priv, lhdr->dsap, lhdr->ssap, lhdr->ctrl, - lhdr->oui[0], lhdr->oui[1], lhdr->oui[2], lhdr->ethertype ); - return -EINVAL_PKT_LLC_HEADER; - } - - iob_pull ( iobuf, sizeof ( *hdr ) + sizeof ( *lhdr ) ); - - *ll_dest = hdr->addr1; - *ll_source = hdr->addr3; - *net_proto = lhdr->ethertype; - *flags = ( ( is_multicast_ether_addr ( hdr->addr1 ) ? - LL_MULTICAST : 0 ) | - ( is_broadcast_ether_addr ( hdr->addr1 ) ? - LL_BROADCAST : 0 ) ); - return 0; -} - -/** 802.11 link-layer protocol */ -static struct ll_protocol net80211_ll_protocol __ll_protocol = { - .name = "802.11", - .push = net80211_ll_push, - .pull = net80211_ll_pull, - .init_addr = eth_init_addr, - .ntoa = eth_ntoa, - .mc_hash = eth_mc_hash, - .eth_addr = eth_eth_addr, - .eui64 = eth_eui64, - .ll_proto = htons ( ARPHRD_ETHER ), /* "encapsulated Ethernet" */ - .hw_addr_len = ETH_ALEN, - .ll_addr_len = ETH_ALEN, - .ll_header_len = IEEE80211_TYP_FRAME_HEADER_LEN + - IEEE80211_LLC_HEADER_LEN, -}; - - -/* ---------- 802.11 network management API ---------- */ - -/** - * Get 802.11 device from wrapping network device - * - * @v netdev Wrapping network device - * @ret dev 802.11 device wrapped by network device, or NULL - * - * Returns NULL if the network device does not wrap an 802.11 device. - */ -struct net80211_device * net80211_get ( struct net_device *netdev ) -{ - struct net80211_device *dev; - - list_for_each_entry ( dev, &net80211_devices, list ) { - if ( netdev->priv == dev ) - return netdev->priv; - } - - return NULL; -} - -/** - * Set state of 802.11 device keeping management frames - * - * @v dev 802.11 device - * @v enable Whether to keep management frames - * @ret oldenab Whether management frames were enabled before this call - * - * If enable is TRUE, beacon, probe, and action frames will be kept - * and may be retrieved by calling net80211_mgmt_dequeue(). - */ -int net80211_keep_mgmt ( struct net80211_device *dev, int enable ) -{ - int oldenab = dev->keep_mgmt; - - dev->keep_mgmt = enable; - return oldenab; -} - -/** - * Get 802.11 management frame - * - * @v dev 802.11 device - * @ret signal Signal strength of returned management frame - * @ret iob I/O buffer, or NULL if no management frame is queued - * - * Frames will only be returned by this function if - * net80211_keep_mgmt() has been previously called with enable set to - * TRUE. - * - * The calling function takes ownership of the returned I/O buffer. - */ -struct io_buffer * net80211_mgmt_dequeue ( struct net80211_device *dev, - int *signal ) -{ - struct io_buffer *iobuf; - struct net80211_rx_info *rxi; - - list_for_each_entry ( rxi, &dev->mgmt_info_queue, list ) { - list_del ( &rxi->list ); - if ( signal ) - *signal = rxi->signal; - free ( rxi ); - - assert ( ! list_empty ( &dev->mgmt_queue ) ); - iobuf = list_first_entry ( &dev->mgmt_queue, struct io_buffer, - list ); - list_del ( &iobuf->list ); - return iobuf; - } - - return NULL; -} - -/** - * Transmit 802.11 management frame - * - * @v dev 802.11 device - * @v fc Frame Control flags for management frame - * @v dest Destination access point - * @v iob I/O buffer - * @ret rc Return status code - * - * The @a fc argument must contain at least an IEEE 802.11 management - * subtype number (e.g. IEEE80211_STYPE_PROBE_REQ). If it contains - * IEEE80211_FC_PROTECTED, the frame will be encrypted prior to - * transmission. - * - * It is required that @a iob have at least 24 bytes of headroom - * reserved before its data start. - */ -int net80211_tx_mgmt ( struct net80211_device *dev, u16 fc, u8 dest[6], - struct io_buffer *iob ) -{ - struct ieee80211_frame *hdr = iob_push ( iob, - IEEE80211_TYP_FRAME_HEADER_LEN ); - - hdr->fc = IEEE80211_THIS_VERSION | IEEE80211_TYPE_MGMT | - ( fc & ~IEEE80211_FC_PROTECTED ); - hdr->duration = net80211_duration ( dev, 10, dev->rates[dev->rate] ); - hdr->seq = IEEE80211_MAKESEQ ( ++dev->last_tx_seqnr, 0 ); - - memcpy ( hdr->addr1, dest, ETH_ALEN ); /* DA = RA */ - memcpy ( hdr->addr2, dev->netdev->ll_addr, ETH_ALEN ); /* SA = TA */ - memcpy ( hdr->addr3, dest, ETH_ALEN ); /* BSSID */ - - if ( fc & IEEE80211_FC_PROTECTED ) { - if ( ! dev->crypto ) - return -EINVAL_CRYPTO_REQUEST; - - struct io_buffer *eiob = dev->crypto->encrypt ( dev->crypto, - iob ); - free_iob ( iob ); - iob = eiob; - } - - return netdev_tx ( dev->netdev, iob ); -} - - -/* ---------- Driver API ---------- */ - -/** 802.11 association process descriptor */ -static struct process_descriptor net80211_process_desc = - PROC_DESC ( struct net80211_device, proc_assoc, - net80211_step_associate ); - -/** - * Allocate 802.11 device - * - * @v priv_size Size of driver-private allocation area - * @ret dev Newly allocated 802.11 device - * - * This function allocates a net_device with space in its private area - * for both the net80211_device it will wrap and the driver-private - * data space requested. It initializes the link-layer-specific parts - * of the net_device, and links the net80211_device to the net_device - * appropriately. - */ -struct net80211_device * net80211_alloc ( size_t priv_size ) -{ - struct net80211_device *dev; - struct net_device *netdev = - alloc_netdev ( sizeof ( *dev ) + priv_size ); - - if ( ! netdev ) - return NULL; - - netdev->ll_protocol = &net80211_ll_protocol; - netdev->ll_broadcast = eth_broadcast; - netdev->max_pkt_len = IEEE80211_MAX_DATA_LEN; - netdev_init ( netdev, &net80211_netdev_ops ); - - dev = netdev->priv; - dev->netdev = netdev; - dev->priv = ( u8 * ) dev + sizeof ( *dev ); - dev->op = &net80211_null_ops; - - process_init_stopped ( &dev->proc_assoc, &net80211_process_desc, - &netdev->refcnt ); - INIT_LIST_HEAD ( &dev->mgmt_queue ); - INIT_LIST_HEAD ( &dev->mgmt_info_queue ); - - return dev; -} - -/** - * Register 802.11 device with network stack - * - * @v dev 802.11 device - * @v ops 802.11 device operations - * @v hw 802.11 hardware information - * - * This also registers the wrapping net_device with the higher network - * layers. - */ -int net80211_register ( struct net80211_device *dev, - struct net80211_device_operations *ops, - struct net80211_hw_info *hw ) -{ - dev->op = ops; - dev->hw = malloc ( sizeof ( *hw ) ); - if ( ! dev->hw ) - return -ENOMEM; - - memcpy ( dev->hw, hw, sizeof ( *hw ) ); - memcpy ( dev->netdev->hw_addr, hw->hwaddr, ETH_ALEN ); - - /* Set some sensible channel defaults for driver's open() function */ - memcpy ( dev->channels, dev->hw->channels, - NET80211_MAX_CHANNELS * sizeof ( dev->channels[0] ) ); - dev->channel = 0; - - /* Mark device as not supporting interrupts, if applicable */ - if ( ! ops->irq ) - dev->netdev->state |= NETDEV_IRQ_UNSUPPORTED; - - list_add_tail ( &dev->list, &net80211_devices ); - return register_netdev ( dev->netdev ); -} - -/** - * Unregister 802.11 device from network stack - * - * @v dev 802.11 device - * - * After this call, the device operations are cleared so that they - * will not be called. - */ -void net80211_unregister ( struct net80211_device *dev ) -{ - unregister_netdev ( dev->netdev ); - list_del ( &dev->list ); - dev->op = &net80211_null_ops; -} - -/** - * Free 802.11 device - * - * @v dev 802.11 device - * - * The device should be unregistered before this function is called. - */ -void net80211_free ( struct net80211_device *dev ) -{ - free ( dev->hw ); - rc80211_free ( dev->rctl ); - netdev_nullify ( dev->netdev ); - netdev_put ( dev->netdev ); -} - - -/* ---------- 802.11 network management workhorse code ---------- */ - -/** - * Set state of 802.11 device - * - * @v dev 802.11 device - * @v clear Bitmask of flags to clear - * @v set Bitmask of flags to set - * @v status Status or reason code for most recent operation - * - * If @a status represents a reason code, it should be OR'ed with - * NET80211_IS_REASON. - * - * Clearing authentication also clears association; clearing - * association also clears security handshaking state. Clearing - * association removes the link-up flag from the wrapping net_device, - * but setting it does not automatically set the flag; that is left to - * the judgment of higher-level code. - */ -static inline void net80211_set_state ( struct net80211_device *dev, - short clear, short set, - u16 status ) -{ - /* The conditions in this function are deliberately formulated - to be decidable at compile-time in most cases. Since clear - and set are generally passed as constants, the body of this - function can be reduced down to a few statements by the - compiler. */ - - const int statmsk = NET80211_STATUS_MASK | NET80211_IS_REASON; - - if ( clear & NET80211_PROBED ) - clear |= NET80211_AUTHENTICATED; - - if ( clear & NET80211_AUTHENTICATED ) - clear |= NET80211_ASSOCIATED; - - if ( clear & NET80211_ASSOCIATED ) - clear |= NET80211_CRYPTO_SYNCED; - - dev->state = ( dev->state & ~clear ) | set; - dev->state = ( dev->state & ~statmsk ) | ( status & statmsk ); - - if ( clear & NET80211_ASSOCIATED ) - netdev_link_down ( dev->netdev ); - - if ( ( clear | set ) & NET80211_ASSOCIATED ) - dev->op->config ( dev, NET80211_CFG_ASSOC ); - - if ( status != 0 ) { - if ( status & NET80211_IS_REASON ) - dev->assoc_rc = -E80211_REASON ( status ); - else - dev->assoc_rc = -E80211_STATUS ( status ); - netdev_link_err ( dev->netdev, dev->assoc_rc ); - } -} - -/** - * Add channels to 802.11 device - * - * @v dev 802.11 device - * @v start First channel number to add - * @v len Number of channels to add - * @v txpower TX power (dBm) to allow on added channels - * - * To replace the current list of channels instead of adding to it, - * set the nr_channels field of the 802.11 device to 0 before calling - * this function. - */ -static void net80211_add_channels ( struct net80211_device *dev, int start, - int len, int txpower ) -{ - int i, chan = start; - - for ( i = dev->nr_channels; len-- && i < NET80211_MAX_CHANNELS; i++ ) { - dev->channels[i].channel_nr = chan; - dev->channels[i].maxpower = txpower; - dev->channels[i].hw_value = 0; - - if ( chan >= 1 && chan <= 14 ) { - dev->channels[i].band = NET80211_BAND_2GHZ; - if ( chan == 14 ) - dev->channels[i].center_freq = 2484; - else - dev->channels[i].center_freq = 2407 + 5 * chan; - chan++; - } else { - dev->channels[i].band = NET80211_BAND_5GHZ; - dev->channels[i].center_freq = 5000 + 5 * chan; - chan += 4; - } - } - - dev->nr_channels = i; -} - -/** - * Filter 802.11 device channels for hardware capabilities - * - * @v dev 802.11 device - * - * Hardware may support fewer channels than regulatory restrictions - * allow; this function filters out channels in dev->channels that are - * not supported by the hardware list in dev->hwinfo. It also copies - * over the net80211_channel::hw_value and limits maximum TX power - * appropriately. - * - * Channels are matched based on center frequency, ignoring band and - * channel number. - * - * If the driver specifies no supported channels, the effect will be - * as though all were supported. - */ -static void net80211_filter_hw_channels ( struct net80211_device *dev ) -{ - int delta = 0, i = 0; - int old_freq = dev->channels[dev->channel].center_freq; - struct net80211_channel *chan, *hwchan; - - if ( ! dev->hw->nr_channels ) - return; - - dev->channel = 0; - for ( chan = dev->channels; chan < dev->channels + dev->nr_channels; - chan++, i++ ) { - int ok = 0; - for ( hwchan = dev->hw->channels; - hwchan < dev->hw->channels + dev->hw->nr_channels; - hwchan++ ) { - if ( hwchan->center_freq == chan->center_freq ) { - ok = 1; - break; - } - } - - if ( ! ok ) - delta++; - else { - chan->hw_value = hwchan->hw_value; - if ( hwchan->maxpower != 0 && - chan->maxpower > hwchan->maxpower ) - chan->maxpower = hwchan->maxpower; - if ( old_freq == chan->center_freq ) - dev->channel = i - delta; - if ( delta ) - chan[-delta] = *chan; - } - } - - dev->nr_channels -= delta; - - if ( dev->channels[dev->channel].center_freq != old_freq ) - dev->op->config ( dev, NET80211_CFG_CHANNEL ); -} - -/** - * Update 802.11 device state to reflect received capabilities field - * - * @v dev 802.11 device - * @v capab Capabilities field in beacon, probe, or association frame - * @ret rc Return status code - */ -static int net80211_process_capab ( struct net80211_device *dev, - u16 capab ) -{ - u16 old_phy = dev->phy_flags; - - if ( ( capab & ( IEEE80211_CAPAB_MANAGED | IEEE80211_CAPAB_ADHOC ) ) != - IEEE80211_CAPAB_MANAGED ) { - DBGC ( dev, "802.11 %p cannot handle IBSS network\n", dev ); - return -ENOSYS; - } - - dev->phy_flags &= ~( NET80211_PHY_USE_SHORT_PREAMBLE | - NET80211_PHY_USE_SHORT_SLOT ); - - if ( capab & IEEE80211_CAPAB_SHORT_PMBL ) - dev->phy_flags |= NET80211_PHY_USE_SHORT_PREAMBLE; - - if ( capab & IEEE80211_CAPAB_SHORT_SLOT ) - dev->phy_flags |= NET80211_PHY_USE_SHORT_SLOT; - - if ( old_phy != dev->phy_flags ) - dev->op->config ( dev, NET80211_CFG_PHY_PARAMS ); - - return 0; -} - -/** - * Update 802.11 device state to reflect received information elements - * - * @v dev 802.11 device - * @v ie Pointer to first information element - * @v ie_end Pointer to tail of packet I/O buffer - * @ret rc Return status code - */ -static int net80211_process_ie ( struct net80211_device *dev, - union ieee80211_ie *ie, void *ie_end ) -{ - u16 old_rate = dev->rates[dev->rate]; - u16 old_phy = dev->phy_flags; - int have_rates = 0, i; - int ds_channel = 0; - int changed = 0; - int band = dev->channels[dev->channel].band; - - if ( ! ieee80211_ie_bound ( ie, ie_end ) ) - return 0; - - for ( ; ie; ie = ieee80211_next_ie ( ie, ie_end ) ) { - switch ( ie->id ) { - case IEEE80211_IE_SSID: - if ( ie->len <= 32 ) { - memcpy ( dev->essid, ie->ssid, ie->len ); - dev->essid[ie->len] = 0; - } - break; - - case IEEE80211_IE_RATES: - case IEEE80211_IE_EXT_RATES: - if ( ! have_rates ) { - dev->nr_rates = 0; - dev->basic_rates = 0; - have_rates = 1; - } - for ( i = 0; i < ie->len && - dev->nr_rates < NET80211_MAX_RATES; i++ ) { - u8 rid = ie->rates[i]; - u16 rate = ( rid & 0x7f ) * 5; - - if ( rid & 0x80 ) - dev->basic_rates |= - ( 1 << dev->nr_rates ); - - dev->rates[dev->nr_rates++] = rate; - } - - break; - - case IEEE80211_IE_DS_PARAM: - if ( dev->channel < dev->nr_channels && ds_channel == - dev->channels[dev->channel].channel_nr ) - break; - ds_channel = ie->ds_param.current_channel; - net80211_change_channel ( dev, ds_channel ); - break; - - case IEEE80211_IE_COUNTRY: - dev->nr_channels = 0; - - DBGC ( dev, "802.11 %p setting country regulations " - "for %c%c\n", dev, ie->country.name[0], - ie->country.name[1] ); - for ( i = 0; i < ( ie->len - 3 ) / 3; i++ ) { - union ieee80211_ie_country_triplet *t = - &ie->country.triplet[i]; - if ( t->first > 200 ) { - DBGC ( dev, "802.11 %p ignoring regulatory " - "extension information\n", dev ); - } else { - net80211_add_channels ( dev, - t->band.first_channel, - t->band.nr_channels, - t->band.max_txpower ); - } - } - net80211_filter_hw_channels ( dev ); - break; - - case IEEE80211_IE_ERP_INFO: - dev->phy_flags &= ~( NET80211_PHY_USE_PROTECTION | - NET80211_PHY_USE_SHORT_PREAMBLE ); - if ( ie->erp_info & IEEE80211_ERP_USE_PROTECTION ) - dev->phy_flags |= NET80211_PHY_USE_PROTECTION; - if ( ! ( ie->erp_info & IEEE80211_ERP_BARKER_LONG ) ) - dev->phy_flags |= NET80211_PHY_USE_SHORT_PREAMBLE; - break; - } - } - - if ( have_rates ) { - /* Allow only those rates that are also supported by - the hardware. */ - int delta = 0, j; - - dev->rate = 0; - for ( i = 0; i < dev->nr_rates; i++ ) { - int ok = 0; - for ( j = 0; j < dev->hw->nr_rates[band]; j++ ) { - if ( dev->hw->rates[band][j] == dev->rates[i] ){ - ok = 1; - break; - } - } - - if ( ! ok ) - delta++; - else { - dev->rates[i - delta] = dev->rates[i]; - if ( old_rate == dev->rates[i] ) - dev->rate = i - delta; - } - } - - dev->nr_rates -= delta; - - /* Sort available rates - sorted subclumps tend to already - exist, so insertion sort works well. */ - for ( i = 1; i < dev->nr_rates; i++ ) { - u16 rate = dev->rates[i]; - u32 tmp, br, mask; - - for ( j = i - 1; j >= 0 && dev->rates[j] >= rate; j-- ) - dev->rates[j + 1] = dev->rates[j]; - dev->rates[j + 1] = rate; - - /* Adjust basic_rates to match by rotating the - bits from bit j+1 to bit i left one position. */ - mask = ( ( 1 << i ) - 1 ) & ~( ( 1 << ( j + 1 ) ) - 1 ); - br = dev->basic_rates; - tmp = br & ( 1 << i ); - br = ( br & ~( mask | tmp ) ) | ( ( br & mask ) << 1 ); - br |= ( tmp >> ( i - j - 1 ) ); - dev->basic_rates = br; - } - - net80211_set_rtscts_rate ( dev ); - - if ( dev->rates[dev->rate] != old_rate ) - changed |= NET80211_CFG_RATE; - } - - if ( dev->hw->flags & NET80211_HW_NO_SHORT_PREAMBLE ) - dev->phy_flags &= ~NET80211_PHY_USE_SHORT_PREAMBLE; - if ( dev->hw->flags & NET80211_HW_NO_SHORT_SLOT ) - dev->phy_flags &= ~NET80211_PHY_USE_SHORT_SLOT; - - if ( old_phy != dev->phy_flags ) - changed |= NET80211_CFG_PHY_PARAMS; - - if ( changed ) - dev->op->config ( dev, changed ); - - return 0; -} - -/** - * Create information elements for outgoing probe or association packet - * - * @v dev 802.11 device - * @v ie Pointer to start of information element area - * @ret next_ie Pointer to first byte after added information elements - */ -static union ieee80211_ie * -net80211_marshal_request_info ( struct net80211_device *dev, - union ieee80211_ie *ie ) -{ - int i; - - ie->id = IEEE80211_IE_SSID; - ie->len = strlen ( dev->essid ); - memcpy ( ie->ssid, dev->essid, ie->len ); - - ie = ieee80211_next_ie ( ie, NULL ); - - ie->id = IEEE80211_IE_RATES; - ie->len = dev->nr_rates; - if ( ie->len > 8 ) - ie->len = 8; - - for ( i = 0; i < ie->len; i++ ) { - ie->rates[i] = dev->rates[i] / 5; - if ( dev->basic_rates & ( 1 << i ) ) - ie->rates[i] |= 0x80; - } - - ie = ieee80211_next_ie ( ie, NULL ); - - if ( dev->rsn_ie && dev->rsn_ie->id == IEEE80211_IE_RSN ) { - memcpy ( ie, dev->rsn_ie, dev->rsn_ie->len + 2 ); - ie = ieee80211_next_ie ( ie, NULL ); - } - - if ( dev->nr_rates > 8 ) { - /* 802.11 requires we use an Extended Basic Rates IE - for the rates beyond the eighth. */ - - ie->id = IEEE80211_IE_EXT_RATES; - ie->len = dev->nr_rates - 8; - - for ( ; i < dev->nr_rates; i++ ) { - ie->rates[i - 8] = dev->rates[i] / 5; - if ( dev->basic_rates & ( 1 << i ) ) - ie->rates[i - 8] |= 0x80; - } - - ie = ieee80211_next_ie ( ie, NULL ); - } - - if ( dev->rsn_ie && dev->rsn_ie->id == IEEE80211_IE_VENDOR ) { - memcpy ( ie, dev->rsn_ie, dev->rsn_ie->len + 2 ); - ie = ieee80211_next_ie ( ie, NULL ); - } - - return ie; -} - -/** Seconds to wait after finding a network, to possibly find better APs for it - * - * This is used when a specific SSID to scan for is specified. - */ -#define NET80211_PROBE_GATHER 1 - -/** Seconds to wait after finding a network, to possibly find other networks - * - * This is used when an empty SSID is specified, to scan for all - * networks. - */ -#define NET80211_PROBE_GATHER_ALL 2 - -/** Seconds to allow a probe to take if no network has been found */ -#define NET80211_PROBE_TIMEOUT 6 - -/** - * Begin probe of 802.11 networks - * - * @v dev 802.11 device - * @v essid SSID to probe for, or "" to accept any (may not be NULL) - * @v active Whether to use active scanning - * @ret ctx Probe context - * - * Active scanning may only be used on channels 1-11 in the 2.4GHz - * band, due to iPXE's lack of a complete regulatory database. If - * active scanning is used, probe packets will be sent on each - * channel; this can allow association with hidden-SSID networks if - * the SSID is properly specified. - * - * A @c NULL return indicates an out-of-memory condition. - * - * The returned context must be periodically passed to - * net80211_probe_step() until that function returns zero. - */ -struct net80211_probe_ctx * net80211_probe_start ( struct net80211_device *dev, - const char *essid, - int active ) -{ - struct net80211_probe_ctx *ctx = zalloc ( sizeof ( *ctx ) ); - - if ( ! ctx ) - return NULL; - - assert ( netdev_is_open ( dev->netdev ) ); - - ctx->dev = dev; - ctx->old_keep_mgmt = net80211_keep_mgmt ( dev, 1 ); - ctx->essid = essid; - if ( dev->essid != ctx->essid ) - strcpy ( dev->essid, ctx->essid ); - - if ( active ) { - struct ieee80211_probe_req *probe_req; - union ieee80211_ie *ie; - - ctx->probe = alloc_iob ( 128 ); - iob_reserve ( ctx->probe, IEEE80211_TYP_FRAME_HEADER_LEN ); - probe_req = ctx->probe->data; - - ie = net80211_marshal_request_info ( dev, - probe_req->info_element ); - - iob_put ( ctx->probe, ( void * ) ie - ctx->probe->data ); - } - - ctx->ticks_start = currticks(); - ctx->ticks_beacon = 0; - ctx->ticks_channel = currticks(); - ctx->hop_time = ticks_per_sec() / ( active ? 2 : 6 ); - - /* - * Channels on 2.4GHz overlap, and the most commonly used - * are 1, 6, and 11. We'll get a result faster if we check - * every 5 channels, but in order to hit all of them the - * number of channels must be relatively prime to 5. If it's - * not, tweak the hop. - */ - ctx->hop_step = 5; - while ( dev->nr_channels % ctx->hop_step == 0 && ctx->hop_step > 1 ) - ctx->hop_step--; - - ctx->beacons = malloc ( sizeof ( *ctx->beacons ) ); - INIT_LIST_HEAD ( ctx->beacons ); - - dev->channel = 0; - dev->op->config ( dev, NET80211_CFG_CHANNEL ); - - return ctx; -} - -/** - * Continue probe of 802.11 networks - * - * @v ctx Probe context returned by net80211_probe_start() - * @ret rc Probe status - * - * The return code will be 0 if the probe is still going on (and this - * function should be called again), a positive number if the probe - * completed successfully, or a negative error code if the probe - * failed for that reason. - * - * Whether the probe succeeded or failed, you must call - * net80211_probe_finish_all() or net80211_probe_finish_best() - * (depending on whether you want information on all networks or just - * the best-signal one) in order to release the probe context. A - * failed probe may still have acquired some valid data. - */ -int net80211_probe_step ( struct net80211_probe_ctx *ctx ) -{ - struct net80211_device *dev = ctx->dev; - u32 start_timeout = NET80211_PROBE_TIMEOUT * ticks_per_sec(); - u32 gather_timeout = ticks_per_sec(); - u32 now = currticks(); - struct io_buffer *iob; - int signal; - int rc; - char ssid[IEEE80211_MAX_SSID_LEN + 1]; - - gather_timeout *= ( ctx->essid[0] ? NET80211_PROBE_GATHER : - NET80211_PROBE_GATHER_ALL ); - - /* Time out if necessary */ - if ( now >= ctx->ticks_start + start_timeout ) - return list_empty ( ctx->beacons ) ? -ETIMEDOUT : +1; - - if ( ctx->ticks_beacon > 0 && now >= ctx->ticks_start + gather_timeout ) - return +1; - - /* Change channels if necessary */ - if ( now >= ctx->ticks_channel + ctx->hop_time ) { - dev->channel = ( dev->channel + ctx->hop_step ) - % dev->nr_channels; - dev->op->config ( dev, NET80211_CFG_CHANNEL ); - udelay ( dev->hw->channel_change_time ); - - ctx->ticks_channel = now; - - if ( ctx->probe ) { - struct io_buffer *siob = ctx->probe; /* to send */ - - /* make a copy for future use */ - iob = alloc_iob ( siob->tail - siob->head ); - iob_reserve ( iob, iob_headroom ( siob ) ); - memcpy ( iob_put ( iob, iob_len ( siob ) ), - siob->data, iob_len ( siob ) ); - - ctx->probe = iob; - rc = net80211_tx_mgmt ( dev, IEEE80211_STYPE_PROBE_REQ, - eth_broadcast, - iob_disown ( siob ) ); - if ( rc ) { - DBGC ( dev, "802.11 %p send probe failed: " - "%s\n", dev, strerror ( rc ) ); - return rc; - } - } - } - - /* Check for new management packets */ - while ( ( iob = net80211_mgmt_dequeue ( dev, &signal ) ) != NULL ) { - struct ieee80211_frame *hdr; - struct ieee80211_beacon *beacon; - union ieee80211_ie *ie; - struct net80211_wlan *wlan; - u16 type; - - hdr = iob->data; - type = hdr->fc & IEEE80211_FC_SUBTYPE; - beacon = ( struct ieee80211_beacon * ) hdr->data; - - if ( type != IEEE80211_STYPE_BEACON && - type != IEEE80211_STYPE_PROBE_RESP ) { - DBGC2 ( dev, "802.11 %p probe: non-beacon\n", dev ); - goto drop; - } - - if ( ( void * ) beacon->info_element >= iob->tail ) { - DBGC ( dev, "802.11 %p probe: beacon with no IEs\n", - dev ); - goto drop; - } - - ie = beacon->info_element; - - if ( ! ieee80211_ie_bound ( ie, iob->tail ) ) - ie = NULL; - - while ( ie && ie->id != IEEE80211_IE_SSID ) - ie = ieee80211_next_ie ( ie, iob->tail ); - - if ( ! ie ) { - DBGC ( dev, "802.11 %p probe: beacon with no SSID\n", - dev ); - goto drop; - } - - memcpy ( ssid, ie->ssid, ie->len ); - ssid[ie->len] = 0; - - if ( ctx->essid[0] && strcmp ( ctx->essid, ssid ) != 0 ) { - DBGC2 ( dev, "802.11 %p probe: beacon with wrong SSID " - "(%s)\n", dev, ssid ); - goto drop; - } - - /* See if we've got an entry for this network */ - list_for_each_entry ( wlan, ctx->beacons, list ) { - if ( strcmp ( wlan->essid, ssid ) != 0 ) - continue; - - if ( signal < wlan->signal ) { - DBGC2 ( dev, "802.11 %p probe: beacon for %s " - "(%s) with weaker signal %d\n", dev, - ssid, eth_ntoa ( hdr->addr3 ), signal ); - goto drop; - } - - goto fill; - } - - /* No entry yet - make one */ - wlan = zalloc ( sizeof ( *wlan ) ); - strcpy ( wlan->essid, ssid ); - list_add_tail ( &wlan->list, ctx->beacons ); - - /* Whether we're using an old entry or a new one, fill - it with new data. */ - fill: - memcpy ( wlan->bssid, hdr->addr3, ETH_ALEN ); - wlan->signal = signal; - wlan->channel = dev->channels[dev->channel].channel_nr; - - /* Copy this I/O buffer into a new wlan->beacon; the - * iob we've got probably came from the device driver - * and may have the full 2.4k allocation, which we - * don't want to keep around wasting memory. - */ - free_iob ( wlan->beacon ); - wlan->beacon = alloc_iob ( iob_len ( iob ) ); - memcpy ( iob_put ( wlan->beacon, iob_len ( iob ) ), - iob->data, iob_len ( iob ) ); - - if ( ( rc = sec80211_detect ( wlan->beacon, &wlan->handshaking, - &wlan->crypto ) ) == -ENOTSUP ) { - struct ieee80211_beacon *beacon = - ( struct ieee80211_beacon * ) hdr->data; - - if ( beacon->capability & IEEE80211_CAPAB_PRIVACY ) { - DBG ( "802.11 %p probe: secured network %s but " - "encryption support not compiled in\n", - dev, wlan->essid ); - wlan->handshaking = NET80211_SECPROT_UNKNOWN; - wlan->crypto = NET80211_CRYPT_UNKNOWN; - } else { - wlan->handshaking = NET80211_SECPROT_NONE; - wlan->crypto = NET80211_CRYPT_NONE; - } - } else if ( rc != 0 ) { - DBGC ( dev, "802.11 %p probe warning: network " - "%s with unidentifiable security " - "settings: %s\n", dev, wlan->essid, - strerror ( rc ) ); - } - - ctx->ticks_beacon = now; - - DBGC2 ( dev, "802.11 %p probe: good beacon for %s (%s)\n", - dev, wlan->essid, eth_ntoa ( wlan->bssid ) ); - - drop: - free_iob ( iob ); - } - - return 0; -} - - -/** - * Finish probe of 802.11 networks, returning best-signal network found - * - * @v ctx Probe context - * @ret wlan Best-signal network found, or @c NULL if none were found - * - * If net80211_probe_start() was called with a particular SSID - * parameter as filter, only a network with that SSID (matching - * case-sensitively) can be returned from this function. - */ -struct net80211_wlan * -net80211_probe_finish_best ( struct net80211_probe_ctx *ctx ) -{ - struct net80211_wlan *best = NULL, *wlan; - - if ( ! ctx ) - return NULL; - - list_for_each_entry ( wlan, ctx->beacons, list ) { - if ( ! best || best->signal < wlan->signal ) - best = wlan; - } - - if ( best ) - list_del ( &best->list ); - else - DBGC ( ctx->dev, "802.11 %p probe: found nothing for '%s'\n", - ctx->dev, ctx->essid ); - - net80211_free_wlanlist ( ctx->beacons ); - - net80211_keep_mgmt ( ctx->dev, ctx->old_keep_mgmt ); - - if ( ctx->probe ) - free_iob ( ctx->probe ); - - free ( ctx ); - - return best; -} - - -/** - * Finish probe of 802.11 networks, returning all networks found - * - * @v ctx Probe context - * @ret list List of net80211_wlan detailing networks found - * - * If net80211_probe_start() was called with a particular SSID - * parameter as filter, this will always return either an empty or a - * one-element list. - */ -struct list_head *net80211_probe_finish_all ( struct net80211_probe_ctx *ctx ) -{ - struct list_head *beacons = ctx->beacons; - - if ( ! ctx ) - return NULL; - - net80211_keep_mgmt ( ctx->dev, ctx->old_keep_mgmt ); - - if ( ctx->probe ) - free_iob ( ctx->probe ); - - free ( ctx ); - - return beacons; -} - - -/** - * Free WLAN structure - * - * @v wlan WLAN structure to free - */ -void net80211_free_wlan ( struct net80211_wlan *wlan ) -{ - if ( wlan ) { - free_iob ( wlan->beacon ); - free ( wlan ); - } -} - - -/** - * Free list of WLAN structures - * - * @v list List of WLAN structures to free - */ -void net80211_free_wlanlist ( struct list_head *list ) -{ - struct net80211_wlan *wlan, *tmp; - - if ( ! list ) - return; - - list_for_each_entry_safe ( wlan, tmp, list, list ) { - list_del ( &wlan->list ); - net80211_free_wlan ( wlan ); - } - - free ( list ); -} - - -/** Number of ticks to wait for replies to association management frames */ -#define ASSOC_TIMEOUT TICKS_PER_SEC - -/** Number of times to try sending a particular association management frame */ -#define ASSOC_RETRIES 2 - -/** - * Step 802.11 association process - * - * @v dev 802.11 device - */ -static void net80211_step_associate ( struct net80211_device *dev ) -{ - int rc = 0; - int status = dev->state & NET80211_STATUS_MASK; - - /* - * We use a sort of state machine implemented using bits in - * the dev->state variable. At each call, we take the - * logically first step that has not yet succeeded; either it - * has not been tried yet, it's being retried, or it failed. - * If it failed, we return an error indication; otherwise we - * perform the step. If it succeeds, RX handling code will set - * the appropriate status bit for us. - * - * Probe works a bit differently, since we have to step it - * on every call instead of waiting for a packet to arrive - * that will set the completion bit for us. - */ - - /* If we're waiting for a reply, check for timeout condition */ - if ( dev->state & NET80211_WAITING ) { - /* Sanity check */ - if ( ! dev->associating ) - return; - - if ( currticks() - dev->ctx.assoc->last_packet > ASSOC_TIMEOUT ) { - /* Timed out - fail if too many retries, or retry */ - dev->ctx.assoc->times_tried++; - if ( ++dev->ctx.assoc->times_tried > ASSOC_RETRIES ) { - rc = -ETIMEDOUT; - goto fail; - } - } else { - /* Didn't time out - let it keep going */ - return; - } - } else { - if ( dev->state & NET80211_PROBED ) - dev->ctx.assoc->times_tried = 0; - } - - if ( ! ( dev->state & NET80211_PROBED ) ) { - /* state: probe */ - - if ( ! dev->ctx.probe ) { - /* start probe */ - int active = fetch_intz_setting ( NULL, - &net80211_active_setting ); - int band = dev->hw->bands; - - if ( active ) - band &= ~NET80211_BAND_BIT_5GHZ; - - rc = net80211_prepare_probe ( dev, band, active ); - if ( rc ) - goto fail; - - dev->ctx.probe = net80211_probe_start ( dev, dev->essid, - active ); - if ( ! dev->ctx.probe ) { - dev->assoc_rc = -ENOMEM; - goto fail; - } - } - - rc = net80211_probe_step ( dev->ctx.probe ); - if ( ! rc ) { - return; /* still going */ - } - - dev->associating = net80211_probe_finish_best ( dev->ctx.probe ); - dev->ctx.probe = NULL; - if ( ! dev->associating ) { - if ( rc > 0 ) /* "successful" probe found nothing */ - rc = -ETIMEDOUT; - goto fail; - } - - /* If we probed using a broadcast SSID, record that - fact for the settings applicator before we clobber - it with the specific SSID we've chosen. */ - if ( ! dev->essid[0] ) - dev->state |= NET80211_AUTO_SSID; - - DBGC ( dev, "802.11 %p found network %s (%s)\n", dev, - dev->associating->essid, - eth_ntoa ( dev->associating->bssid ) ); - - dev->ctx.assoc = zalloc ( sizeof ( *dev->ctx.assoc ) ); - if ( ! dev->ctx.assoc ) { - rc = -ENOMEM; - goto fail; - } - - dev->state |= NET80211_PROBED; - dev->ctx.assoc->method = IEEE80211_AUTH_OPEN_SYSTEM; - - return; - } - - /* Record time of sending the packet we're about to send, for timeout */ - dev->ctx.assoc->last_packet = currticks(); - - if ( ! ( dev->state & NET80211_AUTHENTICATED ) ) { - /* state: prepare and authenticate */ - - if ( status != IEEE80211_STATUS_SUCCESS ) { - /* we tried authenticating already, but failed */ - int method = dev->ctx.assoc->method; - - if ( method == IEEE80211_AUTH_OPEN_SYSTEM && - ( status == IEEE80211_STATUS_AUTH_CHALL_INVALID || - status == IEEE80211_STATUS_AUTH_ALGO_UNSUPP ) ) { - /* Maybe this network uses Shared Key? */ - dev->ctx.assoc->method = - IEEE80211_AUTH_SHARED_KEY; - } else { - goto fail; - } - } - - DBGC ( dev, "802.11 %p authenticating with method %d\n", dev, - dev->ctx.assoc->method ); - - rc = net80211_prepare_assoc ( dev, dev->associating ); - if ( rc ) - goto fail; - - rc = net80211_send_auth ( dev, dev->associating, - dev->ctx.assoc->method ); - if ( rc ) - goto fail; - - return; - } - - if ( ! ( dev->state & NET80211_ASSOCIATED ) ) { - /* state: associate */ - - if ( status != IEEE80211_STATUS_SUCCESS ) - goto fail; - - DBGC ( dev, "802.11 %p associating\n", dev ); - - if ( dev->handshaker && dev->handshaker->start && - ! dev->handshaker->started ) { - rc = dev->handshaker->start ( dev ); - if ( rc < 0 ) - goto fail; - dev->handshaker->started = 1; - } - - rc = net80211_send_assoc ( dev, dev->associating ); - if ( rc ) - goto fail; - - return; - } - - if ( ! ( dev->state & NET80211_CRYPTO_SYNCED ) ) { - /* state: crypto sync */ - DBGC ( dev, "802.11 %p security handshaking\n", dev ); - - if ( ! dev->handshaker || ! dev->handshaker->step ) { - dev->state |= NET80211_CRYPTO_SYNCED; - return; - } - - rc = dev->handshaker->step ( dev ); - - if ( rc < 0 ) { - /* Only record the returned error if we're - still marked as associated, because an - asynchronous error will have already been - reported to net80211_deauthenticate() and - assoc_rc thereby set. */ - if ( dev->state & NET80211_ASSOCIATED ) - dev->assoc_rc = rc; - rc = 0; - goto fail; - } - - if ( rc > 0 ) { - dev->assoc_rc = 0; - dev->state |= NET80211_CRYPTO_SYNCED; - } - return; - } - - /* state: done! */ - netdev_link_up ( dev->netdev ); - dev->assoc_rc = 0; - dev->state &= ~NET80211_WORKING; - - free ( dev->ctx.assoc ); - dev->ctx.assoc = NULL; - - net80211_free_wlan ( dev->associating ); - dev->associating = NULL; - - dev->rctl = rc80211_init ( dev ); - - process_del ( &dev->proc_assoc ); - - DBGC ( dev, "802.11 %p associated with %s (%s)\n", dev, - dev->essid, eth_ntoa ( dev->bssid ) ); - - return; - - fail: - dev->state &= ~( NET80211_WORKING | NET80211_WAITING ); - if ( rc ) - dev->assoc_rc = rc; - - netdev_link_err ( dev->netdev, dev->assoc_rc ); - - /* We never reach here from the middle of a probe, so we don't - need to worry about freeing dev->ctx.probe. */ - - if ( dev->state & NET80211_PROBED ) { - free ( dev->ctx.assoc ); - dev->ctx.assoc = NULL; - } - - net80211_free_wlan ( dev->associating ); - dev->associating = NULL; - - process_del ( &dev->proc_assoc ); - - DBGC ( dev, "802.11 %p association failed (state=%04x): " - "%s\n", dev, dev->state, strerror ( dev->assoc_rc ) ); - - /* Try it again: */ - net80211_autoassociate ( dev ); -} - -/** - * Check for 802.11 SSID or key updates - * - * This acts as a settings applicator; if the user changes netX/ssid, - * and netX is currently open, the association task will be invoked - * again. If the user changes the encryption key, the current security - * handshaker will be asked to update its state to match; if that is - * impossible without reassociation, we reassociate. - */ -static int net80211_check_settings_update ( void ) -{ - struct net80211_device *dev; - char ssid[IEEE80211_MAX_SSID_LEN + 1]; - int key_reassoc; - - list_for_each_entry ( dev, &net80211_devices, list ) { - if ( ! netdev_is_open ( dev->netdev ) ) - continue; - - key_reassoc = 0; - if ( dev->handshaker && dev->handshaker->change_key && - dev->handshaker->change_key ( dev ) < 0 ) - key_reassoc = 1; - - fetch_string_setting ( netdev_settings ( dev->netdev ), - &net80211_ssid_setting, ssid, - IEEE80211_MAX_SSID_LEN + 1 ); - - if ( key_reassoc || - ( ! ( ! ssid[0] && ( dev->state & NET80211_AUTO_SSID ) ) && - strcmp ( ssid, dev->essid ) != 0 ) ) { - DBGC ( dev, "802.11 %p updating association: " - "%s -> %s\n", dev, dev->essid, ssid ); - net80211_autoassociate ( dev ); - } - } - - return 0; -} - -/** - * Start 802.11 association process - * - * @v dev 802.11 device - * - * If the association process is running, it will be restarted. - */ -void net80211_autoassociate ( struct net80211_device *dev ) -{ - if ( ! ( dev->state & NET80211_WORKING ) ) { - DBGC2 ( dev, "802.11 %p spawning association process\n", dev ); - process_add ( &dev->proc_assoc ); - } else { - DBGC2 ( dev, "802.11 %p restarting association\n", dev ); - } - - /* Clean up everything an earlier association process might - have been in the middle of using */ - if ( dev->associating ) - net80211_free_wlan ( dev->associating ); - - if ( ! ( dev->state & NET80211_PROBED ) ) - net80211_free_wlan ( - net80211_probe_finish_best ( dev->ctx.probe ) ); - else - free ( dev->ctx.assoc ); - - /* Reset to a clean state */ - fetch_string_setting ( netdev_settings ( dev->netdev ), - &net80211_ssid_setting, dev->essid, - IEEE80211_MAX_SSID_LEN + 1 ); - dev->ctx.probe = NULL; - dev->associating = NULL; - dev->assoc_rc = 0; - net80211_set_state ( dev, NET80211_PROBED, NET80211_WORKING, 0 ); -} - -/** - * Pick TX rate for RTS/CTS packets based on data rate - * - * @v dev 802.11 device - * - * The RTS/CTS rate is the fastest TX rate marked as "basic" that is - * not faster than the data rate. - */ -static void net80211_set_rtscts_rate ( struct net80211_device *dev ) -{ - u16 datarate = dev->rates[dev->rate]; - u16 rtsrate = 0; - int rts_idx = -1; - int i; - - for ( i = 0; i < dev->nr_rates; i++ ) { - u16 rate = dev->rates[i]; - - if ( ! ( dev->basic_rates & ( 1 << i ) ) || rate > datarate ) - continue; - - if ( rate > rtsrate ) { - rtsrate = rate; - rts_idx = i; - } - } - - /* If this is in initialization, we might not have any basic - rates; just use the first data rate in that case. */ - if ( rts_idx < 0 ) - rts_idx = 0; - - dev->rtscts_rate = rts_idx; -} - -/** - * Set data transmission rate for 802.11 device - * - * @v dev 802.11 device - * @v rate Rate to set, as index into @c dev->rates array - */ -void net80211_set_rate_idx ( struct net80211_device *dev, int rate ) -{ - assert ( netdev_is_open ( dev->netdev ) ); - - if ( rate >= 0 && rate < dev->nr_rates && rate != dev->rate ) { - DBGC2 ( dev, "802.11 %p changing rate from %d->%d Mbps\n", - dev, dev->rates[dev->rate] / 10, - dev->rates[rate] / 10 ); - - dev->rate = rate; - net80211_set_rtscts_rate ( dev ); - dev->op->config ( dev, NET80211_CFG_RATE ); - } -} - -/** - * Configure 802.11 device to transmit on a certain channel - * - * @v dev 802.11 device - * @v channel Channel number (1-11 for 2.4GHz) to transmit on - */ -int net80211_change_channel ( struct net80211_device *dev, int channel ) -{ - int i, oldchan = dev->channel; - - assert ( netdev_is_open ( dev->netdev ) ); - - for ( i = 0; i < dev->nr_channels; i++ ) { - if ( dev->channels[i].channel_nr == channel ) { - dev->channel = i; - break; - } - } - - if ( i == dev->nr_channels ) - return -ENOENT; - - if ( i != oldchan ) - return dev->op->config ( dev, NET80211_CFG_CHANNEL ); - - return 0; -} - -/** - * Prepare 802.11 device channel and rate set for scanning - * - * @v dev 802.11 device - * @v band RF band(s) on which to prepare for scanning - * @v active Whether the scanning will be active - * @ret rc Return status code - */ -int net80211_prepare_probe ( struct net80211_device *dev, int band, - int active ) -{ - assert ( netdev_is_open ( dev->netdev ) ); - - if ( active && ( band & NET80211_BAND_BIT_5GHZ ) ) { - DBGC ( dev, "802.11 %p cannot perform active scanning on " - "5GHz band\n", dev ); - return -EINVAL_ACTIVE_SCAN; - } - - if ( band == 0 ) { - /* This can happen for a 5GHz-only card with 5GHz - scanning masked out by an active request. */ - DBGC ( dev, "802.11 %p asked to prepare for scanning nothing\n", - dev ); - return -EINVAL_ACTIVE_SCAN; - } - - dev->nr_channels = 0; - - if ( active ) - net80211_add_channels ( dev, 1, 11, NET80211_REG_TXPOWER ); - else { - if ( band & NET80211_BAND_BIT_2GHZ ) - net80211_add_channels ( dev, 1, 14, - NET80211_REG_TXPOWER ); - if ( band & NET80211_BAND_BIT_5GHZ ) - net80211_add_channels ( dev, 36, 8, - NET80211_REG_TXPOWER ); - } - - net80211_filter_hw_channels ( dev ); - - /* Use channel 1 for now */ - dev->channel = 0; - dev->op->config ( dev, NET80211_CFG_CHANNEL ); - - /* Always do active probes at lowest (presumably first) speed */ - dev->rate = 0; - dev->nr_rates = 1; - dev->rates[0] = dev->hw->rates[dev->channels[0].band][0]; - dev->op->config ( dev, NET80211_CFG_RATE ); - - return 0; -} - -/** - * Prepare 802.11 device channel and rate set for communication - * - * @v dev 802.11 device - * @v wlan WLAN to prepare for communication with - * @ret rc Return status code - */ -int net80211_prepare_assoc ( struct net80211_device *dev, - struct net80211_wlan *wlan ) -{ - struct ieee80211_frame *hdr = wlan->beacon->data; - struct ieee80211_beacon *beacon = - ( struct ieee80211_beacon * ) hdr->data; - struct net80211_handshaker *handshaker; - int rc; - - assert ( netdev_is_open ( dev->netdev ) ); - - net80211_set_state ( dev, NET80211_ASSOCIATED, 0, 0 ); - memcpy ( dev->bssid, wlan->bssid, ETH_ALEN ); - strcpy ( dev->essid, wlan->essid ); - - free ( dev->rsn_ie ); - dev->rsn_ie = NULL; - - dev->last_beacon_timestamp = beacon->timestamp; - dev->tx_beacon_interval = 1024 * beacon->beacon_interval; - - /* Barring an IE that tells us the channel outright, assume - the channel we heard this AP best on is the channel it's - communicating on. */ - net80211_change_channel ( dev, wlan->channel ); - - rc = net80211_process_capab ( dev, beacon->capability ); - if ( rc ) - return rc; - - rc = net80211_process_ie ( dev, beacon->info_element, - wlan->beacon->tail ); - if ( rc ) - return rc; - - /* Associate at the lowest rate so we know it'll get through */ - dev->rate = 0; - dev->op->config ( dev, NET80211_CFG_RATE ); - - /* Free old handshaker and crypto, if they exist */ - if ( dev->handshaker && dev->handshaker->stop && - dev->handshaker->started ) - dev->handshaker->stop ( dev ); - free ( dev->handshaker ); - dev->handshaker = NULL; - free ( dev->crypto ); - free ( dev->gcrypto ); - dev->crypto = dev->gcrypto = NULL; - - /* Find new security handshaker to use */ - for_each_table_entry ( handshaker, NET80211_HANDSHAKERS ) { - if ( handshaker->protocol == wlan->handshaking ) { - dev->handshaker = zalloc ( sizeof ( *handshaker ) + - handshaker->priv_len ); - if ( ! dev->handshaker ) - return -ENOMEM; - - memcpy ( dev->handshaker, handshaker, - sizeof ( *handshaker ) ); - dev->handshaker->priv = ( ( void * ) dev->handshaker + - sizeof ( *handshaker ) ); - break; - } - } - - if ( ( wlan->handshaking != NET80211_SECPROT_NONE ) && - ! dev->handshaker ) { - DBGC ( dev, "802.11 %p no support for handshaking scheme %d\n", - dev, wlan->handshaking ); - return -( ENOTSUP | ( wlan->handshaking << 8 ) ); - } - - /* Initialize security handshaker */ - if ( dev->handshaker ) { - rc = dev->handshaker->init ( dev ); - if ( rc < 0 ) - return rc; - } - - return 0; -} - -/** - * Send 802.11 initial authentication frame - * - * @v dev 802.11 device - * @v wlan WLAN to authenticate with - * @v method Authentication method - * @ret rc Return status code - * - * @a method may be 0 for Open System authentication or 1 for Shared - * Key authentication. Open System provides no security in association - * whatsoever, relying on encryption for confidentiality, but Shared - * Key actively introduces security problems and is very rarely used. - */ -int net80211_send_auth ( struct net80211_device *dev, - struct net80211_wlan *wlan, int method ) -{ - struct io_buffer *iob = alloc_iob ( 64 ); - struct ieee80211_auth *auth; - - net80211_set_state ( dev, 0, NET80211_WAITING, 0 ); - iob_reserve ( iob, IEEE80211_TYP_FRAME_HEADER_LEN ); - auth = iob_put ( iob, sizeof ( *auth ) ); - auth->algorithm = method; - auth->tx_seq = 1; - auth->status = 0; - - return net80211_tx_mgmt ( dev, IEEE80211_STYPE_AUTH, wlan->bssid, iob ); -} - -/** - * Handle receipt of 802.11 authentication frame - * - * @v dev 802.11 device - * @v iob I/O buffer - * - * If the authentication method being used is Shared Key, and the - * frame that was received included challenge text, the frame is - * encrypted using the cryptosystem currently in effect and sent back - * to the AP to complete the authentication. - */ -static void net80211_handle_auth ( struct net80211_device *dev, - struct io_buffer *iob ) -{ - struct ieee80211_frame *hdr = iob->data; - struct ieee80211_auth *auth = - ( struct ieee80211_auth * ) hdr->data; - - if ( auth->tx_seq & 1 ) { - DBGC ( dev, "802.11 %p authentication received improperly " - "directed frame (seq. %d)\n", dev, auth->tx_seq ); - net80211_set_state ( dev, NET80211_WAITING, 0, - IEEE80211_STATUS_FAILURE ); - return; - } - - if ( auth->status != IEEE80211_STATUS_SUCCESS ) { - DBGC ( dev, "802.11 %p authentication failed: status %d\n", - dev, auth->status ); - net80211_set_state ( dev, NET80211_WAITING, 0, - auth->status ); - return; - } - - if ( auth->algorithm == IEEE80211_AUTH_SHARED_KEY && ! dev->crypto ) { - DBGC ( dev, "802.11 %p can't perform shared-key authentication " - "without a cryptosystem\n", dev ); - net80211_set_state ( dev, NET80211_WAITING, 0, - IEEE80211_STATUS_FAILURE ); - return; - } - - if ( auth->algorithm == IEEE80211_AUTH_SHARED_KEY && - auth->tx_seq == 2 ) { - /* Since the iob we got is going to be freed as soon - as we return, we can do some in-place - modification. */ - auth->tx_seq = 3; - auth->status = 0; - - memcpy ( hdr->addr2, hdr->addr1, ETH_ALEN ); - memcpy ( hdr->addr1, hdr->addr3, ETH_ALEN ); - - netdev_tx ( dev->netdev, - dev->crypto->encrypt ( dev->crypto, iob ) ); - return; - } - - net80211_set_state ( dev, NET80211_WAITING, NET80211_AUTHENTICATED, - IEEE80211_STATUS_SUCCESS ); - - return; -} - -/** - * Send 802.11 association frame - * - * @v dev 802.11 device - * @v wlan WLAN to associate with - * @ret rc Return status code - */ -int net80211_send_assoc ( struct net80211_device *dev, - struct net80211_wlan *wlan ) -{ - struct io_buffer *iob = alloc_iob ( 128 ); - struct ieee80211_assoc_req *assoc; - union ieee80211_ie *ie; - - net80211_set_state ( dev, 0, NET80211_WAITING, 0 ); - - iob_reserve ( iob, IEEE80211_TYP_FRAME_HEADER_LEN ); - assoc = iob->data; - - assoc->capability = IEEE80211_CAPAB_MANAGED; - if ( ! ( dev->hw->flags & NET80211_HW_NO_SHORT_PREAMBLE ) ) - assoc->capability |= IEEE80211_CAPAB_SHORT_PMBL; - if ( ! ( dev->hw->flags & NET80211_HW_NO_SHORT_SLOT ) ) - assoc->capability |= IEEE80211_CAPAB_SHORT_SLOT; - if ( wlan->crypto ) - assoc->capability |= IEEE80211_CAPAB_PRIVACY; - - assoc->listen_interval = 1; - - ie = net80211_marshal_request_info ( dev, assoc->info_element ); - - DBGP ( "802.11 %p about to send association request:\n", dev ); - DBGP_HD ( iob->data, ( void * ) ie - iob->data ); - - iob_put ( iob, ( void * ) ie - iob->data ); - - return net80211_tx_mgmt ( dev, IEEE80211_STYPE_ASSOC_REQ, - wlan->bssid, iob ); -} - -/** - * Handle receipt of 802.11 association reply frame - * - * @v dev 802.11 device - * @v iob I/O buffer - */ -static void net80211_handle_assoc_reply ( struct net80211_device *dev, - struct io_buffer *iob ) -{ - struct ieee80211_frame *hdr = iob->data; - struct ieee80211_assoc_resp *assoc = - ( struct ieee80211_assoc_resp * ) hdr->data; - - net80211_process_capab ( dev, assoc->capability ); - net80211_process_ie ( dev, assoc->info_element, iob->tail ); - - if ( assoc->status != IEEE80211_STATUS_SUCCESS ) { - DBGC ( dev, "802.11 %p association failed: status %d\n", - dev, assoc->status ); - net80211_set_state ( dev, NET80211_WAITING, 0, - assoc->status ); - return; - } - - /* ESSID was filled before the association request was sent */ - memcpy ( dev->bssid, hdr->addr3, ETH_ALEN ); - dev->aid = assoc->aid; - - net80211_set_state ( dev, NET80211_WAITING, NET80211_ASSOCIATED, - IEEE80211_STATUS_SUCCESS ); -} - - -/** - * Send 802.11 disassociation frame - * - * @v dev 802.11 device - * @v reason Reason for disassociation - * @v deauth If TRUE, send deauthentication instead of disassociation - * @ret rc Return status code - */ -static int net80211_send_disassoc ( struct net80211_device *dev, int reason, - int deauth ) -{ - struct io_buffer *iob = alloc_iob ( 64 ); - struct ieee80211_disassoc *disassoc; - - if ( ! ( dev->state & NET80211_ASSOCIATED ) ) - return -EINVAL; - - net80211_set_state ( dev, NET80211_ASSOCIATED, 0, 0 ); - iob_reserve ( iob, IEEE80211_TYP_FRAME_HEADER_LEN ); - disassoc = iob_put ( iob, sizeof ( *disassoc ) ); - disassoc->reason = reason; - - return net80211_tx_mgmt ( dev, deauth ? IEEE80211_STYPE_DEAUTH : - IEEE80211_STYPE_DISASSOC, dev->bssid, iob ); -} - - -/** - * Deauthenticate from current network and try again - * - * @v dev 802.11 device - * @v rc Return status code indicating reason - * - * The deauthentication will be sent using an 802.11 "unspecified - * reason", as is common, but @a rc will be set as a link-up - * error to aid the user in debugging. - */ -void net80211_deauthenticate ( struct net80211_device *dev, int rc ) -{ - net80211_send_disassoc ( dev, IEEE80211_REASON_UNSPECIFIED, 1 ); - dev->assoc_rc = rc; - netdev_link_err ( dev->netdev, rc ); - - net80211_autoassociate ( dev ); -} - - -/** Smoothing factor (1-7) for link quality calculation */ -#define LQ_SMOOTH 7 - -/** - * Update link quality information based on received beacon - * - * @v dev 802.11 device - * @v iob I/O buffer containing beacon - * @ret rc Return status code - */ -static void net80211_update_link_quality ( struct net80211_device *dev, - struct io_buffer *iob ) -{ - struct ieee80211_frame *hdr = iob->data; - struct ieee80211_beacon *beacon; - u32 dt, rxi; - - if ( ! ( dev->state & NET80211_ASSOCIATED ) ) - return; - - beacon = ( struct ieee80211_beacon * ) hdr->data; - dt = ( u32 ) ( beacon->timestamp - dev->last_beacon_timestamp ); - rxi = dev->rx_beacon_interval; - - rxi = ( LQ_SMOOTH * rxi ) + ( ( 8 - LQ_SMOOTH ) * dt ); - dev->rx_beacon_interval = rxi >> 3; - - dev->last_beacon_timestamp = beacon->timestamp; -} - - -/** - * Handle receipt of 802.11 management frame - * - * @v dev 802.11 device - * @v iob I/O buffer - * @v signal Signal strength of received frame - */ -static void net80211_handle_mgmt ( struct net80211_device *dev, - struct io_buffer *iob, int signal ) -{ - struct ieee80211_frame *hdr = iob->data; - struct ieee80211_disassoc *disassoc; - u16 stype = hdr->fc & IEEE80211_FC_SUBTYPE; - int keep = 0; - int is_deauth = ( stype == IEEE80211_STYPE_DEAUTH ); - - if ( ( hdr->fc & IEEE80211_FC_TYPE ) != IEEE80211_TYPE_MGMT ) { - free_iob ( iob ); - return; /* only handle management frames */ - } - - switch ( stype ) { - /* We reconnect on deauthentication and disassociation. */ - case IEEE80211_STYPE_DEAUTH: - case IEEE80211_STYPE_DISASSOC: - disassoc = ( struct ieee80211_disassoc * ) hdr->data; - net80211_set_state ( dev, is_deauth ? NET80211_AUTHENTICATED : - NET80211_ASSOCIATED, 0, - NET80211_IS_REASON | disassoc->reason ); - DBGC ( dev, "802.11 %p %s: reason %d\n", - dev, is_deauth ? "deauthenticated" : "disassociated", - disassoc->reason ); - - /* Try to reassociate, in case it's transient. */ - net80211_autoassociate ( dev ); - - break; - - /* We handle authentication and association. */ - case IEEE80211_STYPE_AUTH: - if ( ! ( dev->state & NET80211_AUTHENTICATED ) ) - net80211_handle_auth ( dev, iob ); - break; - - case IEEE80211_STYPE_ASSOC_RESP: - case IEEE80211_STYPE_REASSOC_RESP: - if ( ! ( dev->state & NET80211_ASSOCIATED ) ) - net80211_handle_assoc_reply ( dev, iob ); - break; - - /* We pass probes and beacons onto network scanning - code. Pass actions for future extensibility. */ - case IEEE80211_STYPE_BEACON: - net80211_update_link_quality ( dev, iob ); - /* fall through */ - case IEEE80211_STYPE_PROBE_RESP: - case IEEE80211_STYPE_ACTION: - if ( dev->keep_mgmt ) { - struct net80211_rx_info *rxinf; - rxinf = zalloc ( sizeof ( *rxinf ) ); - if ( ! rxinf ) { - DBGC ( dev, "802.11 %p out of memory\n", dev ); - break; - } - rxinf->signal = signal; - list_add_tail ( &iob->list, &dev->mgmt_queue ); - list_add_tail ( &rxinf->list, &dev->mgmt_info_queue ); - keep = 1; - } - break; - - case IEEE80211_STYPE_PROBE_REQ: - /* Some nodes send these broadcast. Ignore them. */ - break; - - case IEEE80211_STYPE_ASSOC_REQ: - case IEEE80211_STYPE_REASSOC_REQ: - /* We should never receive these, only send them. */ - DBGC ( dev, "802.11 %p received strange management request " - "(%04x)\n", dev, stype ); - break; - - default: - DBGC ( dev, "802.11 %p received unimplemented management " - "packet (%04x)\n", dev, stype ); - break; - } - - if ( ! keep ) - free_iob ( iob ); -} - -/* ---------- Packet handling functions ---------- */ - -/** - * Free buffers used by 802.11 fragment cache entry - * - * @v dev 802.11 device - * @v fcid Fragment cache entry index - * - * After this function, the referenced entry will be marked unused. - */ -static void net80211_free_frags ( struct net80211_device *dev, int fcid ) -{ - int j; - struct net80211_frag_cache *frag = &dev->frags[fcid]; - - for ( j = 0; j < 16; j++ ) { - if ( frag->iob[j] ) { - free_iob ( frag->iob[j] ); - frag->iob[j] = NULL; - } - } - - frag->seqnr = 0; - frag->start_ticks = 0; - frag->in_use = 0; -} - -/** - * Accumulate 802.11 fragments into one I/O buffer - * - * @v dev 802.11 device - * @v fcid Fragment cache entry index - * @v nfrags Number of fragments received - * @v size Sum of sizes of all fragments, including headers - * @ret iob I/O buffer containing reassembled packet - * - * This function does not free the fragment buffers. - */ -static struct io_buffer *net80211_accum_frags ( struct net80211_device *dev, - int fcid, int nfrags, int size ) -{ - struct net80211_frag_cache *frag = &dev->frags[fcid]; - int hdrsize = IEEE80211_TYP_FRAME_HEADER_LEN; - int nsize = size - hdrsize * ( nfrags - 1 ); - int i; - - struct io_buffer *niob = alloc_iob ( nsize ); - struct ieee80211_frame *hdr; - - /* Add the header from the first one... */ - memcpy ( iob_put ( niob, hdrsize ), frag->iob[0]->data, hdrsize ); - - /* ... and all the data from all of them. */ - for ( i = 0; i < nfrags; i++ ) { - int len = iob_len ( frag->iob[i] ) - hdrsize; - memcpy ( iob_put ( niob, len ), - frag->iob[i]->data + hdrsize, len ); - } - - /* Turn off the fragment bit. */ - hdr = niob->data; - hdr->fc &= ~IEEE80211_FC_MORE_FRAG; - - return niob; -} - -/** - * Handle receipt of 802.11 fragment - * - * @v dev 802.11 device - * @v iob I/O buffer containing fragment - * @v signal Signal strength with which fragment was received - */ -static void net80211_rx_frag ( struct net80211_device *dev, - struct io_buffer *iob, int signal ) -{ - struct ieee80211_frame *hdr = iob->data; - int fragnr = IEEE80211_FRAG ( hdr->seq ); - - if ( fragnr == 0 && ( hdr->fc & IEEE80211_FC_MORE_FRAG ) ) { - /* start a frag cache entry */ - int i, newest = -1; - u32 curr_ticks = currticks(), newest_ticks = 0; - u32 timeout = ticks_per_sec() * NET80211_FRAG_TIMEOUT; - - for ( i = 0; i < NET80211_NR_CONCURRENT_FRAGS; i++ ) { - if ( dev->frags[i].in_use == 0 ) - break; - - if ( dev->frags[i].start_ticks + timeout >= - curr_ticks ) { - net80211_free_frags ( dev, i ); - break; - } - - if ( dev->frags[i].start_ticks > newest_ticks ) { - newest = i; - newest_ticks = dev->frags[i].start_ticks; - } - } - - /* If we're being sent more concurrent fragmented - packets than we can handle, drop the newest so the - older ones have time to complete. */ - if ( i == NET80211_NR_CONCURRENT_FRAGS ) { - i = newest; - net80211_free_frags ( dev, i ); - } - - dev->frags[i].in_use = 1; - dev->frags[i].seqnr = IEEE80211_SEQNR ( hdr->seq ); - dev->frags[i].start_ticks = currticks(); - dev->frags[i].iob[0] = iob; - return; - } else { - int i; - for ( i = 0; i < NET80211_NR_CONCURRENT_FRAGS; i++ ) { - if ( dev->frags[i].in_use && dev->frags[i].seqnr == - IEEE80211_SEQNR ( hdr->seq ) ) - break; - } - if ( i == NET80211_NR_CONCURRENT_FRAGS ) { - /* Drop non-first not-in-cache fragments */ - DBGC ( dev, "802.11 %p dropped fragment fc=%04x " - "seq=%04x\n", dev, hdr->fc, hdr->seq ); - free_iob ( iob ); - return; - } - - dev->frags[i].iob[fragnr] = iob; - - if ( ! ( hdr->fc & IEEE80211_FC_MORE_FRAG ) ) { - int j, size = 0; - for ( j = 0; j < fragnr; j++ ) { - size += iob_len ( dev->frags[i].iob[j] ); - if ( dev->frags[i].iob[j] == NULL ) - break; - } - if ( j == fragnr ) { - /* We've got everything */ - struct io_buffer *niob = - net80211_accum_frags ( dev, i, fragnr, - size ); - net80211_free_frags ( dev, i ); - net80211_rx ( dev, niob, signal, 0 ); - } else { - DBGC ( dev, "802.11 %p dropping fragmented " - "packet due to out-of-order arrival, " - "fc=%04x seq=%04x\n", dev, hdr->fc, - hdr->seq ); - net80211_free_frags ( dev, i ); - } - } - } -} - -/** - * Handle receipt of 802.11 frame - * - * @v dev 802.11 device - * @v iob I/O buffer - * @v signal Received signal strength - * @v rate Bitrate at which frame was received, in 100 kbps units - * - * If the rate or signal is unknown, 0 should be passed. - */ -void net80211_rx ( struct net80211_device *dev, struct io_buffer *iob, - int signal, u16 rate ) -{ - struct ieee80211_frame *hdr = iob->data; - u16 type = hdr->fc & IEEE80211_FC_TYPE; - if ( ( hdr->fc & IEEE80211_FC_VERSION ) != IEEE80211_THIS_VERSION ) - goto drop; /* drop invalid-version packets */ - - if ( type == IEEE80211_TYPE_CTRL ) - goto drop; /* we don't handle control packets, - the hardware does */ - - if ( dev->last_rx_seq == hdr->seq ) - goto drop; /* avoid duplicate packet */ - dev->last_rx_seq = hdr->seq; - - if ( dev->hw->flags & NET80211_HW_RX_HAS_FCS ) { - /* discard the FCS */ - iob_unput ( iob, 4 ); - } - - /* Only decrypt packets from our BSSID, to avoid spurious errors */ - if ( ( hdr->fc & IEEE80211_FC_PROTECTED ) && - ! memcmp ( hdr->addr2, dev->bssid, ETH_ALEN ) ) { - /* Decrypt packet; record and drop if it fails */ - struct io_buffer *niob; - struct net80211_crypto *crypto = dev->crypto; - - if ( ! dev->crypto ) { - DBGC ( dev, "802.11 %p cannot decrypt packet " - "without a cryptosystem\n", dev ); - goto drop_crypt; - } - - if ( ( hdr->addr1[0] & 1 ) && dev->gcrypto ) { - /* Use group decryption if needed */ - crypto = dev->gcrypto; - } - - niob = crypto->decrypt ( crypto, iob ); - if ( ! niob ) { - DBGC ( dev, "802.11 %p decryption error\n", dev ); - goto drop_crypt; - } - free_iob ( iob ); - iob = niob; - hdr = iob->data; - } - - dev->last_signal = signal; - - /* Fragments go into the frag cache or get dropped. */ - if ( IEEE80211_FRAG ( hdr->seq ) != 0 - || ( hdr->fc & IEEE80211_FC_MORE_FRAG ) ) { - net80211_rx_frag ( dev, iob, signal ); - return; - } - - /* Management frames get handled, enqueued, or dropped. */ - if ( type == IEEE80211_TYPE_MGMT ) { - net80211_handle_mgmt ( dev, iob, signal ); - return; - } - - /* Data frames get dropped or sent to the net_device. */ - if ( ( hdr->fc & IEEE80211_FC_SUBTYPE ) != IEEE80211_STYPE_DATA ) - goto drop; /* drop QoS, CFP, or null data packets */ - - /* Update rate-control algorithm */ - if ( dev->rctl ) - rc80211_update_rx ( dev, hdr->fc & IEEE80211_FC_RETRY, rate ); - - /* Pass packet onward */ - if ( dev->state & NET80211_ASSOCIATED ) { - netdev_rx ( dev->netdev, iob ); - return; - } - - /* No association? Drop it. */ - goto drop; - - drop_crypt: - netdev_rx_err ( dev->netdev, NULL, EINVAL_CRYPTO_REQUEST ); - drop: - DBGC2 ( dev, "802.11 %p dropped packet fc=%04x seq=%04x\n", dev, - hdr->fc, hdr->seq ); - free_iob ( iob ); - return; -} - -/** Indicate an error in receiving a packet - * - * @v dev 802.11 device - * @v iob I/O buffer with received packet, or NULL - * @v rc Error code - * - * This logs the error with the wrapping net_device, and frees iob if - * it is passed. - */ -void net80211_rx_err ( struct net80211_device *dev, - struct io_buffer *iob, int rc ) -{ - netdev_rx_err ( dev->netdev, iob, rc ); -} - -/** Indicate the completed transmission of a packet - * - * @v dev 802.11 device - * @v iob I/O buffer of transmitted packet - * @v retries Number of times this packet was retransmitted - * @v rc Error code, or 0 for success - * - * This logs an error with the wrapping net_device if one occurred, - * and removes and frees the I/O buffer from its TX queue. The - * provided retry information is used to tune our transmission rate. - * - * If the packet did not need to be retransmitted because it was - * properly ACKed the first time, @a retries should be 0. - */ -void net80211_tx_complete ( struct net80211_device *dev, - struct io_buffer *iob, int retries, int rc ) -{ - /* Update rate-control algorithm */ - if ( dev->rctl ) - rc80211_update_tx ( dev, retries, rc ); - - /* Pass completion onward */ - netdev_tx_complete_err ( dev->netdev, iob, rc ); -} - -/** Common 802.11 errors */ -struct errortab common_wireless_errors[] __errortab = { - __einfo_errortab ( EINFO_EINVAL_CRYPTO_REQUEST ), - __einfo_errortab ( EINFO_ECONNRESET_UNSPECIFIED ), - __einfo_errortab ( EINFO_ECONNRESET_INACTIVITY ), - __einfo_errortab ( EINFO_ECONNRESET_4WAY_TIMEOUT ), - __einfo_errortab ( EINFO_ECONNRESET_8021X_FAILURE ), - __einfo_errortab ( EINFO_ECONNREFUSED_FAILURE ), - __einfo_errortab ( EINFO_ECONNREFUSED_ASSOC_DENIED ), - __einfo_errortab ( EINFO_ECONNREFUSED_AUTH_ALGO_UNSUPP ), -}; - -/* Drag in objects via net80211_ll_protocol */ -REQUIRING_SYMBOL ( net80211_ll_protocol ); - -/* Drag in 802.11 configuration */ -REQUIRE_OBJECT ( config_net80211 ); diff --git a/qemu/roms/ipxe/src/net/80211/rc80211.c b/qemu/roms/ipxe/src/net/80211/rc80211.c deleted file mode 100644 index eea3bc908..000000000 --- a/qemu/roms/ipxe/src/net/80211/rc80211.c +++ /dev/null @@ -1,372 +0,0 @@ -/* - * Simple 802.11 rate-control algorithm for iPXE. - * - * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -FILE_LICENCE ( GPL2_OR_LATER ); - -#include <stdlib.h> -#include <ipxe/net80211.h> - -/** - * @file - * - * Simple 802.11 rate-control algorithm - */ - -/** @page rc80211 Rate control philosophy - * - * We want to maximize our transmission speed, to the extent that we - * can do that without dropping undue numbers of packets. We also - * don't want to take up very much code space, so our algorithm has to - * be pretty simple - * - * When we receive a packet, we know what rate it was transmitted at, - * and whether it had to be retransmitted to get to us. - * - * When we send a packet, we hear back how many times it had to be - * retried to get through, and whether it got through at all. - * - * Indications of TX success are more reliable than RX success, but RX - * information helps us know where to start. - * - * To handle all of this, we keep for each rate and each direction (TX - * and RX separately) some state information for the most recent - * packets on that rate and the number of packets for which we have - * information. The state is a 32-bit unsigned integer in which two - * bits represent a packet: 11 if it went through well, 10 if it went - * through with one retry, 01 if it went through with more than one - * retry, or 00 if it didn't go through at all. We define the - * "goodness" for a particular (rate, direction) combination as the - * sum of all the 2-bit fields, times 33, divided by the number of - * 2-bit fields containing valid information (16 except when we're - * starting out). The number produced is between 0 and 99; we use -1 - * for rates with less than 4 RX packets or 1 TX, as an indicator that - * we do not have enough information to rely on them. - * - * In deciding which rates are best, we find the weighted average of - * TX and RX goodness, where the weighting is by number of packets - * with data and TX packets are worth 4 times as much as RX packets. - * The weighted average is called "net goodness" and is also a number - * between 0 and 99. If 3 consecutive packets fail transmission - * outright, we automatically ratchet down the rate; otherwise, we - * switch to the best rate whenever the current rate's goodness falls - * below some threshold, and try increasing our rate when the goodness - * is very high. - * - * This system is optimized for iPXE's style of usage. Because normal - * operation always involves receiving something, we'll make our way - * to the best rate pretty quickly. We tend to follow the lead of the - * sending AP in choosing rates, but we won't use rates for long that - * don't work well for us in transmission. We assume iPXE won't be - * running for long enough that rate patterns will change much, so we - * don't have to keep time counters or the like. And if this doesn't - * work well in practice there are many ways it could be tweaked. - * - * To avoid staying at 1Mbps for a long time, we don't track any - * transmitted packets until we've set our rate based on received - * packets. - */ - -/** Two-bit packet status indicator for a packet with no retries */ -#define RC_PKT_OK 0x3 - -/** Two-bit packet status indicator for a packet with one retry */ -#define RC_PKT_RETRIED_ONCE 0x2 - -/** Two-bit packet status indicator for a TX packet with multiple retries - * - * It is not possible to tell whether an RX packet had one or multiple - * retries; we rely instead on the fact that failed RX packets won't - * get to us at all, so if we receive a lot of RX packets on a certain - * rate it must be pretty good. - */ -#define RC_PKT_RETRIED_MULTI 0x1 - -/** Two-bit packet status indicator for a TX packet that was never ACKed - * - * It is not possible to tell whether an RX packet was setn if it - * didn't get through to us, but if we don't see one we won't increase - * the goodness for its rate. This asymmetry is part of why TX packets - * are weighted much more heavily than RX. - */ -#define RC_PKT_FAILED 0x0 - -/** Number of times to weight TX packets more heavily than RX packets */ -#define RC_TX_FACTOR 4 - -/** Number of consecutive failed TX packets that cause an automatic rate drop */ -#define RC_TX_EMERG_FAIL 3 - -/** Minimum net goodness below which we will search for a better rate */ -#define RC_GOODNESS_MIN 85 - -/** Maximum net goodness above which we will try to increase our rate */ -#define RC_GOODNESS_MAX 95 - -/** Minimum (num RX + @c RC_TX_FACTOR * num TX) to use a certain rate */ -#define RC_UNCERTAINTY_THRESH 4 - -/** TX direction */ -#define TX 0 - -/** RX direction */ -#define RX 1 - -/** A rate control context */ -struct rc80211_ctx -{ - /** Goodness state for each rate, TX and RX */ - u32 goodness[2][NET80211_MAX_RATES]; - - /** Number of packets recorded for each rate */ - u8 count[2][NET80211_MAX_RATES]; - - /** Indication of whether we've set the device rate yet */ - int started; - - /** Counter of all packets sent and received */ - int packets; -}; - -/** - * Initialize rate-control algorithm - * - * @v dev 802.11 device - * @ret ctx Rate-control context, to be stored in @c dev->rctl - */ -struct rc80211_ctx * rc80211_init ( struct net80211_device *dev __unused ) -{ - struct rc80211_ctx *ret = zalloc ( sizeof ( *ret ) ); - return ret; -} - -/** - * Calculate net goodness for a certain rate - * - * @v ctx Rate-control context - * @v rate_idx Index of rate to calculate net goodness for - */ -static int rc80211_calc_net_goodness ( struct rc80211_ctx *ctx, - int rate_idx ) -{ - int sum[2], num[2], dir, pkt; - - for ( dir = 0; dir < 2; dir++ ) { - u32 good = ctx->goodness[dir][rate_idx]; - - num[dir] = ctx->count[dir][rate_idx]; - sum[dir] = 0; - - for ( pkt = 0; pkt < num[dir]; pkt++ ) - sum[dir] += ( good >> ( 2 * pkt ) ) & 0x3; - } - - if ( ( num[TX] * RC_TX_FACTOR + num[RX] ) < RC_UNCERTAINTY_THRESH ) - return -1; - - return ( 33 * ( sum[TX] * RC_TX_FACTOR + sum[RX] ) / - ( num[TX] * RC_TX_FACTOR + num[RX] ) ); -} - -/** - * Determine the best rate to switch to and return it - * - * @v dev 802.11 device - * @ret rate_idx Index of the best rate to switch to - */ -static int rc80211_pick_best ( struct net80211_device *dev ) -{ - struct rc80211_ctx *ctx = dev->rctl; - int best_net_good = 0, best_rate = -1, i; - - for ( i = 0; i < dev->nr_rates; i++ ) { - int net_good = rc80211_calc_net_goodness ( ctx, i ); - - if ( net_good > best_net_good || - ( best_net_good > RC_GOODNESS_MIN && - net_good > RC_GOODNESS_MIN ) ) { - best_net_good = net_good; - best_rate = i; - } - } - - if ( best_rate >= 0 ) { - int old_good = rc80211_calc_net_goodness ( ctx, dev->rate ); - if ( old_good != best_net_good ) - DBGC ( ctx, "802.11 RC %p switching from goodness " - "%d to %d\n", ctx, old_good, best_net_good ); - - ctx->started = 1; - return best_rate; - } - - return dev->rate; -} - -/** - * Set 802.11 device rate - * - * @v dev 802.11 device - * @v rate_idx Index of rate to switch to - * - * This is a thin wrapper around net80211_set_rate_idx to insert a - * debugging message where appropriate. - */ -static inline void rc80211_set_rate ( struct net80211_device *dev, - int rate_idx ) -{ - DBGC ( dev->rctl, "802.11 RC %p changing rate %d->%d Mbps\n", dev->rctl, - dev->rates[dev->rate] / 10, dev->rates[rate_idx] / 10 ); - - net80211_set_rate_idx ( dev, rate_idx ); -} - -/** - * Check rate-control state and change rate if necessary - * - * @v dev 802.11 device - */ -static void rc80211_maybe_set_new ( struct net80211_device *dev ) -{ - struct rc80211_ctx *ctx = dev->rctl; - int net_good; - - net_good = rc80211_calc_net_goodness ( ctx, dev->rate ); - - if ( ! ctx->started ) { - rc80211_set_rate ( dev, rc80211_pick_best ( dev ) ); - return; - } - - if ( net_good < 0 ) /* insufficient data */ - return; - - if ( net_good > RC_GOODNESS_MAX && dev->rate + 1 < dev->nr_rates ) { - int higher = rc80211_calc_net_goodness ( ctx, dev->rate + 1 ); - if ( higher > net_good || higher < 0 ) - rc80211_set_rate ( dev, dev->rate + 1 ); - else - rc80211_set_rate ( dev, rc80211_pick_best ( dev ) ); - } - - if ( net_good < RC_GOODNESS_MIN ) { - rc80211_set_rate ( dev, rc80211_pick_best ( dev ) ); - } -} - -/** - * Update rate-control state - * - * @v dev 802.11 device - * @v direction One of the direction constants TX or RX - * @v rate_idx Index of rate at which packet was sent or received - * @v retries Number of times packet was retried before success - * @v failed If nonzero, the packet failed to get through - */ -static void rc80211_update ( struct net80211_device *dev, int direction, - int rate_idx, int retries, int failed ) -{ - struct rc80211_ctx *ctx = dev->rctl; - u32 goodness = ctx->goodness[direction][rate_idx]; - - if ( ctx->count[direction][rate_idx] < 16 ) - ctx->count[direction][rate_idx]++; - - goodness <<= 2; - if ( failed ) - goodness |= RC_PKT_FAILED; - else if ( retries > 1 ) - goodness |= RC_PKT_RETRIED_MULTI; - else if ( retries ) - goodness |= RC_PKT_RETRIED_ONCE; - else - goodness |= RC_PKT_OK; - - ctx->goodness[direction][rate_idx] = goodness; - - ctx->packets++; - - rc80211_maybe_set_new ( dev ); -} - -/** - * Update rate-control state for transmitted packet - * - * @v dev 802.11 device - * @v retries Number of times packet was transmitted before success - * @v rc Return status code for transmission - */ -void rc80211_update_tx ( struct net80211_device *dev, int retries, int rc ) -{ - struct rc80211_ctx *ctx = dev->rctl; - - if ( ! ctx->started ) - return; - - rc80211_update ( dev, TX, dev->rate, retries, rc ); - - /* Check if the last RC_TX_EMERG_FAIL packets have all failed */ - if ( ! ( ctx->goodness[TX][dev->rate] & - ( ( 1 << ( 2 * RC_TX_EMERG_FAIL ) ) - 1 ) ) ) { - if ( dev->rate == 0 ) - DBGC ( dev->rctl, "802.11 RC %p saw %d consecutive " - "failed TX, but cannot lower rate any further\n", - dev->rctl, RC_TX_EMERG_FAIL ); - else { - DBGC ( dev->rctl, "802.11 RC %p lowering rate (%d->%d " - "Mbps) due to %d consecutive TX failures\n", - dev->rctl, dev->rates[dev->rate] / 10, - dev->rates[dev->rate - 1] / 10, - RC_TX_EMERG_FAIL ); - - rc80211_set_rate ( dev, dev->rate - 1 ); - } - } -} - -/** - * Update rate-control state for received packet - * - * @v dev 802.11 device - * @v retry Whether the received packet had been retransmitted - * @v rate Rate at which packet was received, in 100 kbps units - */ -void rc80211_update_rx ( struct net80211_device *dev, int retry, u16 rate ) -{ - int ridx; - - for ( ridx = 0; ridx < dev->nr_rates && dev->rates[ridx] != rate; - ridx++ ) - ; - if ( ridx >= dev->nr_rates ) - return; /* couldn't find the rate */ - - rc80211_update ( dev, RX, ridx, retry, 0 ); -} - -/** - * Free rate-control context - * - * @v ctx Rate-control context - */ -void rc80211_free ( struct rc80211_ctx *ctx ) -{ - free ( ctx ); -} diff --git a/qemu/roms/ipxe/src/net/80211/sec80211.c b/qemu/roms/ipxe/src/net/80211/sec80211.c deleted file mode 100644 index d1bc75e90..000000000 --- a/qemu/roms/ipxe/src/net/80211/sec80211.c +++ /dev/null @@ -1,518 +0,0 @@ -/* - * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -FILE_LICENCE ( GPL2_OR_LATER ); - -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <ipxe/ieee80211.h> -#include <ipxe/net80211.h> -#include <ipxe/sec80211.h> - -/** @file - * - * General secured-network routines required whenever any secure - * network support at all is compiled in. This involves things like - * installing keys, determining the type of security used by a probed - * network, and some small helper functions that take advantage of - * static data in this file. - */ - -/* Unsupported cryptosystem error numbers */ -#define ENOTSUP_WEP __einfo_error ( EINFO_ENOTSUP_WEP ) -#define EINFO_ENOTSUP_WEP __einfo_uniqify ( EINFO_ENOTSUP, \ - ( 0x10 | NET80211_CRYPT_WEP ), "WEP not supported" ) -#define ENOTSUP_TKIP __einfo_error ( EINFO_ENOTSUP_TKIP ) -#define EINFO_ENOTSUP_TKIP __einfo_uniqify ( EINFO_ENOTSUP, \ - ( 0x10 | NET80211_CRYPT_TKIP ), "TKIP not supported" ) -#define ENOTSUP_CCMP __einfo_error ( EINFO_ENOTSUP_CCMP ) -#define EINFO_ENOTSUP_CCMP __einfo_uniqify ( EINFO_ENOTSUP, \ - ( 0x10 | NET80211_CRYPT_CCMP ), "CCMP not supported" ) -#define ENOTSUP_CRYPT( crypt ) \ - EUNIQ ( EINFO_ENOTSUP, ( 0x10 | (crypt) ), \ - ENOTSUP_WEP, ENOTSUP_TKIP, ENOTSUP_CCMP ) - -/** Mapping from net80211 crypto/secprot types to RSN OUI descriptors */ -struct descriptor_map { - /** Value of net80211_crypto_alg or net80211_security_proto */ - u32 net80211_type; - - /** OUI+type in appropriate byte order, masked to exclude vendor */ - u32 oui_type; -}; - -/** Magic number in @a oui_type showing end of list */ -#define END_MAGIC 0xFFFFFFFF - -/** Mapping between net80211 cryptosystems and 802.11i cipher IDs */ -static struct descriptor_map rsn_cipher_map[] = { - { .net80211_type = NET80211_CRYPT_WEP, - .oui_type = IEEE80211_RSN_CTYPE_WEP40 }, - - { .net80211_type = NET80211_CRYPT_WEP, - .oui_type = IEEE80211_RSN_CTYPE_WEP104 }, - - { .net80211_type = NET80211_CRYPT_TKIP, - .oui_type = IEEE80211_RSN_CTYPE_TKIP }, - - { .net80211_type = NET80211_CRYPT_CCMP, - .oui_type = IEEE80211_RSN_CTYPE_CCMP }, - - { .net80211_type = NET80211_CRYPT_UNKNOWN, - .oui_type = END_MAGIC }, -}; - -/** Mapping between net80211 handshakers and 802.11i AKM IDs */ -static struct descriptor_map rsn_akm_map[] = { - { .net80211_type = NET80211_SECPROT_EAP, - .oui_type = IEEE80211_RSN_ATYPE_8021X }, - - { .net80211_type = NET80211_SECPROT_PSK, - .oui_type = IEEE80211_RSN_ATYPE_PSK }, - - { .net80211_type = NET80211_SECPROT_UNKNOWN, - .oui_type = END_MAGIC }, -}; - - -/** - * Install 802.11 cryptosystem - * - * @v which Pointer to the cryptosystem structure to install in - * @v crypt Cryptosystem ID number - * @v key Encryption key to use - * @v len Length of encryption key - * @v rsc Initial receive sequence counter, if applicable - * @ret rc Return status code - * - * The encryption key will not be accessed via the provided pointer - * after this function returns, so you may keep it on the stack. - * - * @a which must point to either @c dev->crypto (for the normal case - * of installing a unicast cryptosystem) or @c dev->gcrypto (to - * install a cryptosystem that will be used only for decrypting - * group-source frames). - */ -int sec80211_install ( struct net80211_crypto **which, - enum net80211_crypto_alg crypt, - const void *key, int len, const void *rsc ) -{ - struct net80211_crypto *crypto = *which; - struct net80211_crypto *tbl_crypto; - - /* Remove old crypto if it exists */ - free ( *which ); - *which = NULL; - - if ( crypt == NET80211_CRYPT_NONE ) { - DBG ( "802.11-Sec not installing null cryptography\n" ); - return 0; - } - - /* Find cryptosystem to use */ - for_each_table_entry ( tbl_crypto, NET80211_CRYPTOS ) { - if ( tbl_crypto->algorithm == crypt ) { - crypto = zalloc ( sizeof ( *crypto ) + - tbl_crypto->priv_len ); - if ( ! crypto ) { - DBG ( "802.11-Sec out of memory\n" ); - return -ENOMEM; - } - - memcpy ( crypto, tbl_crypto, sizeof ( *crypto ) ); - crypto->priv = ( ( void * ) crypto + - sizeof ( *crypto ) ); - break; - } - } - - if ( ! crypto ) { - DBG ( "802.11-Sec no support for cryptosystem %d\n", crypt ); - return -ENOTSUP_CRYPT ( crypt ); - } - - *which = crypto; - - DBG ( "802.11-Sec installing cryptosystem %d as %p with key of " - "length %d\n", crypt, crypto, len ); - - return crypto->init ( crypto, key, len, rsc ); -} - - -/** - * Determine net80211 crypto or handshaking type value to return for RSN info - * - * @v rsnp Pointer to next descriptor count field in RSN IE - * @v rsn_end Pointer to end of RSN IE - * @v map Descriptor map to use - * @v tbl_start Start of linker table to examine for iPXE support - * @v tbl_end End of linker table to examine for iPXE support - * @ret rsnp Updated to point to first byte after descriptors - * @ret map_ent Descriptor map entry of translation to use - * - * The entries in the linker table must be either net80211_crypto or - * net80211_handshaker structures, and @a tbl_stride must be set to - * sizeof() the appropriate one. - * - * This function expects @a rsnp to point at a two-byte descriptor - * count followed by a list of four-byte cipher or AKM descriptors; it - * will return @c NULL if the input packet is malformed, and otherwise - * set @a rsnp to the first byte it has not looked at. It will return - * the first cipher in the list that is supported by the current build - * of iPXE, or the first of all if none are supported. - * - * We play rather fast and loose with type checking, because this - * function is only called from two well-defined places in the - * RSN-checking code. Don't try to use it for anything else. - */ -static struct descriptor_map * rsn_pick_desc ( u8 **rsnp, u8 *rsn_end, - struct descriptor_map *map, - void *tbl_start, void *tbl_end ) -{ - int ndesc; - int ok = 0; - struct descriptor_map *map_ent, *map_ret = NULL; - u8 *rsn = *rsnp; - void *tblp; - size_t tbl_stride = ( map == rsn_cipher_map ? - sizeof ( struct net80211_crypto ) : - sizeof ( struct net80211_handshaker ) ); - - if ( map != rsn_cipher_map && map != rsn_akm_map ) - return NULL; - - /* Determine which types we support */ - for ( tblp = tbl_start; tblp < tbl_end; tblp += tbl_stride ) { - struct net80211_crypto *crypto = tblp; - struct net80211_handshaker *hs = tblp; - - if ( map == rsn_cipher_map ) - ok |= ( 1 << crypto->algorithm ); - else - ok |= ( 1 << hs->protocol ); - } - - /* RSN sanity checks */ - if ( rsn + 2 > rsn_end ) { - DBG ( "RSN detect: malformed descriptor count\n" ); - return NULL; - } - - ndesc = *( u16 * ) rsn; - rsn += 2; - - if ( ! ndesc ) { - DBG ( "RSN detect: no descriptors\n" ); - return NULL; - } - - /* Determine which net80211 crypto types are listed */ - while ( ndesc-- ) { - u32 desc; - - if ( rsn + 4 > rsn_end ) { - DBG ( "RSN detect: malformed descriptor (%d left)\n", - ndesc ); - return NULL; - } - - desc = *( u32 * ) rsn; - rsn += 4; - - for ( map_ent = map; map_ent->oui_type != END_MAGIC; map_ent++ ) - if ( map_ent->oui_type == ( desc & OUI_TYPE_MASK ) ) - break; - - /* Use first cipher as a fallback */ - if ( ! map_ret ) - map_ret = map_ent; - - /* Once we find one we support, use it */ - if ( ok & ( 1 << map_ent->net80211_type ) ) { - map_ret = map_ent; - break; - } - } - - if ( ndesc > 0 ) - rsn += 4 * ndesc; - - *rsnp = rsn; - return map_ret; -} - - -/** - * Find the RSN or WPA information element in the provided beacon frame - * - * @v ie Pointer to first information element to check - * @v ie_end Pointer to end of information element space - * @ret is_rsn TRUE if returned IE is RSN, FALSE if it's WPA - * @ret end Pointer to byte immediately after last byte of data - * @ret data Pointer to first byte of data (the `version' field) - * - * If both an RSN and a WPA information element are found, this - * function will return the first one seen, which by ordering rules - * should always prefer the newer RSN IE. - * - * If no RSN or WPA infomration element is found, returns @c NULL and - * leaves @a is_rsn and @a end in an undefined state. - * - * This function will not return a pointer to an information element - * that states it extends past the tail of the io_buffer, or whose @a - * version field is incorrect. - */ -u8 * sec80211_find_rsn ( union ieee80211_ie *ie, void *ie_end, - int *is_rsn, u8 **end ) -{ - u8 *rsn = NULL; - - if ( ! ieee80211_ie_bound ( ie, ie_end ) ) - return NULL; - - while ( ie ) { - if ( ie->id == IEEE80211_IE_VENDOR && - ie->vendor.oui == IEEE80211_WPA_OUI_VEN ) { - DBG ( "RSN detect: old-style WPA IE found\n" ); - rsn = &ie->vendor.data[0]; - *end = rsn + ie->len - 4; - *is_rsn = 0; - } else if ( ie->id == IEEE80211_IE_RSN ) { - DBG ( "RSN detect: 802.11i RSN IE found\n" ); - rsn = ( u8 * ) &ie->rsn.version; - *end = rsn + ie->len; - *is_rsn = 1; - } - - if ( rsn && ( *end > ( u8 * ) ie_end || rsn >= *end || - *( u16 * ) rsn != IEEE80211_RSN_VERSION ) ) { - DBG ( "RSN detect: malformed RSN IE or unknown " - "version, keep trying\n" ); - rsn = NULL; - } - - if ( rsn ) - break; - - ie = ieee80211_next_ie ( ie, ie_end ); - } - - if ( ! ie ) { - DBG ( "RSN detect: no RSN IE found\n" ); - return NULL; - } - - return rsn; -} - - -/** - * Detect crypto and AKM types from RSN information element - * - * @v is_rsn If TRUE, IE is a new-style RSN information element - * @v start Pointer to first byte of @a version field - * @v end Pointer to first byte not in the RSN IE - * @ret secprot Security handshaking protocol used by network - * @ret crypt Cryptosystem used by network - * @ret rc Return status code - * - * If the IE cannot be parsed, returns an error indication and leaves - * @a secprot and @a crypt unchanged. - */ -int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end, - enum net80211_security_proto *secprot, - enum net80211_crypto_alg *crypt ) -{ - enum net80211_security_proto sp; - enum net80211_crypto_alg cr; - struct descriptor_map *map; - u8 *rsn = start; - - /* Set some defaults */ - cr = ( is_rsn ? NET80211_CRYPT_CCMP : NET80211_CRYPT_TKIP ); - sp = NET80211_SECPROT_EAP; - - rsn += 2; /* version - already checked */ - rsn += 4; /* group cipher - we don't use it here */ - - if ( rsn >= end ) - goto done; - - /* Pick crypto algorithm */ - map = rsn_pick_desc ( &rsn, end, rsn_cipher_map, - table_start ( NET80211_CRYPTOS ), - table_end ( NET80211_CRYPTOS ) ); - if ( ! map ) - goto invalid_rsn; - - cr = map->net80211_type; - - if ( rsn >= end ) - goto done; - - /* Pick handshaking algorithm */ - map = rsn_pick_desc ( &rsn, end, rsn_akm_map, - table_start ( NET80211_HANDSHAKERS ), - table_end ( NET80211_HANDSHAKERS ) ); - if ( ! map ) - goto invalid_rsn; - - sp = map->net80211_type; - - done: - DBG ( "RSN detect: OK, crypto type %d, secprot type %d\n", cr, sp ); - *secprot = sp; - *crypt = cr; - return 0; - - invalid_rsn: - DBG ( "RSN detect: invalid RSN IE\n" ); - return -EINVAL; -} - - -/** - * Detect the cryptosystem and handshaking protocol used by an 802.11 network - * - * @v iob I/O buffer containing beacon frame - * @ret secprot Security handshaking protocol used by network - * @ret crypt Cryptosystem used by network - * @ret rc Return status code - * - * This function uses weak linkage, as it must be called from generic - * contexts but should only be linked in if some encryption is - * supported; you must test its address against @c NULL before calling - * it. If it does not exist, any network with the PRIVACY bit set in - * beacon->capab should be considered unknown. - */ -int sec80211_detect ( struct io_buffer *iob, - enum net80211_security_proto *secprot, - enum net80211_crypto_alg *crypt ) -{ - struct ieee80211_frame *hdr = iob->data; - struct ieee80211_beacon *beacon = - ( struct ieee80211_beacon * ) hdr->data; - u8 *rsn, *rsn_end; - int is_rsn, rc; - - *crypt = NET80211_CRYPT_UNKNOWN; - *secprot = NET80211_SECPROT_UNKNOWN; - - /* Find RSN or WPA IE */ - if ( ! ( rsn = sec80211_find_rsn ( beacon->info_element, iob->tail, - &is_rsn, &rsn_end ) ) ) { - /* No security IE at all; either WEP or no security. */ - *secprot = NET80211_SECPROT_NONE; - - if ( beacon->capability & IEEE80211_CAPAB_PRIVACY ) - *crypt = NET80211_CRYPT_WEP; - else - *crypt = NET80211_CRYPT_NONE; - - return 0; - } - - /* Determine type of security */ - if ( ( rc = sec80211_detect_ie ( is_rsn, rsn, rsn_end, secprot, - crypt ) ) == 0 ) - return 0; - - /* If we get here, the RSN IE was invalid */ - - *crypt = NET80211_CRYPT_UNKNOWN; - *secprot = NET80211_SECPROT_UNKNOWN; - DBG ( "Failed to handle RSN IE:\n" ); - DBG_HD ( rsn, rsn_end - rsn ); - return rc; -} - - -/** - * Determine RSN descriptor for specified net80211 ID - * - * @v id net80211 ID value - * @v rsnie Whether to return a new-format (RSN IE) descriptor - * @v map Map to use in translation - * @ret desc RSN descriptor, or 0 on error - * - * If @a rsnie is false, returns an old-format (WPA vendor IE) - * descriptor. - */ -static u32 rsn_get_desc ( unsigned id, int rsnie, struct descriptor_map *map ) -{ - u32 vendor = ( rsnie ? IEEE80211_RSN_OUI : IEEE80211_WPA_OUI ); - - for ( ; map->oui_type != END_MAGIC; map++ ) { - if ( map->net80211_type == id ) - return map->oui_type | vendor; - } - - return 0; -} - -/** - * Determine RSN descriptor for specified net80211 cryptosystem number - * - * @v crypt Cryptosystem number - * @v rsnie Whether to return a new-format (RSN IE) descriptor - * @ret desc RSN descriptor - * - * If @a rsnie is false, returns an old-format (WPA vendor IE) - * descriptor. - */ -u32 sec80211_rsn_get_crypto_desc ( enum net80211_crypto_alg crypt, int rsnie ) -{ - return rsn_get_desc ( crypt, rsnie, rsn_cipher_map ); -} - -/** - * Determine RSN descriptor for specified net80211 handshaker number - * - * @v secprot Handshaker number - * @v rsnie Whether to return a new-format (RSN IE) descriptor - * @ret desc RSN descriptor - * - * If @a rsnie is false, returns an old-format (WPA vendor IE) - * descriptor. - */ -u32 sec80211_rsn_get_akm_desc ( enum net80211_security_proto secprot, - int rsnie ) -{ - return rsn_get_desc ( secprot, rsnie, rsn_akm_map ); -} - -/** - * Determine net80211 cryptosystem number from RSN descriptor - * - * @v desc RSN descriptor - * @ret crypt net80211 cryptosystem enumeration value - */ -enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt ( u32 desc ) -{ - struct descriptor_map *map = rsn_cipher_map; - - for ( ; map->oui_type != END_MAGIC; map++ ) { - if ( map->oui_type == ( desc & OUI_TYPE_MASK ) ) - break; - } - - return map->net80211_type; -} diff --git a/qemu/roms/ipxe/src/net/80211/wep.c b/qemu/roms/ipxe/src/net/80211/wep.c deleted file mode 100644 index e22ac8998..000000000 --- a/qemu/roms/ipxe/src/net/80211/wep.c +++ /dev/null @@ -1,304 +0,0 @@ -/* - * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -FILE_LICENCE ( GPL2_OR_LATER ); - -#include <ipxe/net80211.h> -#include <ipxe/sec80211.h> -#include <ipxe/crypto.h> -#include <ipxe/arc4.h> -#include <ipxe/crc32.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> - -/** @file - * - * The WEP wireless encryption method (insecure!) - * - * The data field in a WEP-encrypted packet contains a 3-byte - * initialisation vector, one-byte Key ID field (only the bottom two - * bits are ever used), encrypted data, and a 4-byte encrypted CRC of - * the plaintext data, called the ICV. To decrypt it, the IV is - * prepended to the shared key and the data stream (including ICV) is - * run through the ARC4 stream cipher; if the ICV matches a CRC32 - * calculated on the plaintext, the packet is valid. - * - * For efficiency and code-size reasons, this file assumes it is - * running on a little-endian machine. - */ - -/** Length of WEP initialisation vector */ -#define WEP_IV_LEN 3 - -/** Length of WEP key ID byte */ -#define WEP_KID_LEN 1 - -/** Length of WEP ICV checksum */ -#define WEP_ICV_LEN 4 - -/** Maximum length of WEP key */ -#define WEP_MAX_KEY 16 - -/** Amount of data placed before the encrypted bytes */ -#define WEP_HEADER_LEN 4 - -/** Amount of data placed after the encrypted bytes */ -#define WEP_TRAILER_LEN 4 - -/** Total WEP overhead bytes */ -#define WEP_OVERHEAD 8 - -/** Context for WEP encryption and decryption */ -struct wep_ctx -{ - /** Encoded WEP key - * - * The actual key bytes are stored beginning at offset 3, to - * leave room for easily inserting the IV before a particular - * operation. - */ - u8 key[WEP_IV_LEN + WEP_MAX_KEY]; - - /** Length of WEP key (not including IV bytes) */ - int keylen; - - /** ARC4 context */ - struct arc4_ctx arc4; -}; - -/** - * Initialize WEP algorithm - * - * @v crypto 802.11 cryptographic algorithm - * @v key WEP key to use - * @v keylen Length of WEP key - * @v rsc Initial receive sequence counter (unused) - * @ret rc Return status code - * - * Standard key lengths are 5 and 13 bytes; 16-byte keys are - * occasionally supported as an extension to the standard. - */ -static int wep_init ( struct net80211_crypto *crypto, const void *key, - int keylen, const void *rsc __unused ) -{ - struct wep_ctx *ctx = crypto->priv; - - ctx->keylen = ( keylen > WEP_MAX_KEY ? WEP_MAX_KEY : keylen ); - memcpy ( ctx->key + WEP_IV_LEN, key, ctx->keylen ); - - return 0; -} - -/** - * Encrypt packet using WEP - * - * @v crypto 802.11 cryptographic algorithm - * @v iob I/O buffer of plaintext packet - * @ret eiob Newly allocated I/O buffer for encrypted packet, or NULL - * - * If memory allocation fails, @c NULL is returned. - */ -static struct io_buffer * wep_encrypt ( struct net80211_crypto *crypto, - struct io_buffer *iob ) -{ - struct wep_ctx *ctx = crypto->priv; - struct io_buffer *eiob; - struct ieee80211_frame *hdr; - const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN; - int datalen = iob_len ( iob ) - hdrlen; - int newlen = hdrlen + datalen + WEP_OVERHEAD; - u32 iv, icv; - - eiob = alloc_iob ( newlen ); - if ( ! eiob ) - return NULL; - - memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen ); - hdr = eiob->data; - hdr->fc |= IEEE80211_FC_PROTECTED; - - /* Calculate IV, put it in the header (with key ID byte = 0), and - set it up at the start of the encryption key. */ - iv = random() & 0xffffff; /* IV in bottom 3 bytes, top byte = KID = 0 */ - memcpy ( iob_put ( eiob, WEP_HEADER_LEN ), &iv, WEP_HEADER_LEN ); - memcpy ( ctx->key, &iv, WEP_IV_LEN ); - - /* Encrypt the data using RC4 */ - cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key, - ctx->keylen + WEP_IV_LEN ); - cipher_encrypt ( &arc4_algorithm, &ctx->arc4, iob->data + hdrlen, - iob_put ( eiob, datalen ), datalen ); - - /* Add ICV */ - icv = ~crc32_le ( ~0, iob->data + hdrlen, datalen ); - cipher_encrypt ( &arc4_algorithm, &ctx->arc4, &icv, - iob_put ( eiob, WEP_ICV_LEN ), WEP_ICV_LEN ); - - return eiob; -} - -/** - * Decrypt packet using WEP - * - * @v crypto 802.11 cryptographic algorithm - * @v eiob I/O buffer of encrypted packet - * @ret iob Newly allocated I/O buffer for plaintext packet, or NULL - * - * If a consistency check for the decryption fails (usually indicating - * an invalid key), @c NULL is returned. - */ -static struct io_buffer * wep_decrypt ( struct net80211_crypto *crypto, - struct io_buffer *eiob ) -{ - struct wep_ctx *ctx = crypto->priv; - struct io_buffer *iob; - struct ieee80211_frame *hdr; - const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN; - int datalen = iob_len ( eiob ) - hdrlen - WEP_OVERHEAD; - int newlen = hdrlen + datalen; - u32 iv, icv, crc; - - iob = alloc_iob ( newlen ); - if ( ! iob ) - return NULL; - - memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen ); - hdr = iob->data; - hdr->fc &= ~IEEE80211_FC_PROTECTED; - - /* Strip off IV and use it to initialize cryptosystem */ - memcpy ( &iv, eiob->data + hdrlen, 4 ); - iv &= 0xffffff; /* ignore key ID byte */ - memcpy ( ctx->key, &iv, WEP_IV_LEN ); - - /* Decrypt the data using RC4 */ - cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key, - ctx->keylen + WEP_IV_LEN ); - cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen + - WEP_HEADER_LEN, iob_put ( iob, datalen ), datalen ); - - /* Strip off ICV and verify it */ - cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen + - WEP_HEADER_LEN + datalen, &icv, WEP_ICV_LEN ); - crc = ~crc32_le ( ~0, iob->data + hdrlen, datalen ); - if ( crc != icv ) { - DBGC ( crypto, "WEP %p CRC mismatch: expect %08x, get %08x\n", - crypto, icv, crc ); - free_iob ( iob ); - return NULL; - } - return iob; -} - -/** WEP cryptosystem for 802.11 */ -struct net80211_crypto wep_crypto __net80211_crypto = { - .algorithm = NET80211_CRYPT_WEP, - .init = wep_init, - .encrypt = wep_encrypt, - .decrypt = wep_decrypt, - .priv_len = sizeof ( struct wep_ctx ), -}; - -/** - * Initialize trivial 802.11 security handshaker - * - * @v dev 802.11 device - * @v ctx Security handshaker - * - * This simply fetches a WEP key from netX/key, and if it exists, - * installs WEP cryptography on the 802.11 device. No real handshaking - * is performed. - */ -static int trivial_init ( struct net80211_device *dev ) -{ - u8 key[WEP_MAX_KEY]; /* support up to 128-bit keys */ - int len; - int rc; - - if ( dev->associating && - dev->associating->crypto == NET80211_CRYPT_NONE ) - return 0; /* no crypto? OK. */ - - len = fetch_raw_setting ( netdev_settings ( dev->netdev ), - &net80211_key_setting, key, WEP_MAX_KEY ); - - if ( len <= 0 ) { - DBGC ( dev, "802.11 %p cannot do WEP without a key\n", dev ); - return -EACCES; - } - - /* Full 128-bit keys are a nonstandard extension, but they're - utterly trivial to support, so we do. */ - if ( len != 5 && len != 13 && len != 16 ) { - DBGC ( dev, "802.11 %p invalid WEP key length %d\n", - dev, len ); - return -EINVAL; - } - - DBGC ( dev, "802.11 %p installing %d-bit WEP\n", dev, len * 8 ); - - rc = sec80211_install ( &dev->crypto, NET80211_CRYPT_WEP, key, len, - NULL ); - if ( rc < 0 ) - return rc; - - return 0; -} - -/** - * Check for key change on trivial 802.11 security handshaker - * - * @v dev 802.11 device - * @v ctx Security handshaker - */ -static int trivial_change_key ( struct net80211_device *dev ) -{ - u8 key[WEP_MAX_KEY]; - int len; - int change = 0; - - /* If going from WEP to clear, or something else to WEP, reassociate. */ - if ( ! dev->crypto || ( dev->crypto->init != wep_init ) ) - change ^= 1; - - len = fetch_raw_setting ( netdev_settings ( dev->netdev ), - &net80211_key_setting, key, WEP_MAX_KEY ); - if ( len <= 0 ) - change ^= 1; - - /* Changing crypto type => return nonzero to reassociate. */ - if ( change ) - return -EINVAL; - - /* Going from no crypto to still no crypto => nothing to do. */ - if ( len <= 0 ) - return 0; - - /* Otherwise, reinitialise WEP with new key. */ - return wep_init ( dev->crypto, key, len, NULL ); -} - -/** Trivial 802.11 security handshaker */ -struct net80211_handshaker trivial_handshaker __net80211_handshaker = { - .protocol = NET80211_SECPROT_NONE, - .init = trivial_init, - .change_key = trivial_change_key, - .priv_len = 0, -}; diff --git a/qemu/roms/ipxe/src/net/80211/wpa.c b/qemu/roms/ipxe/src/net/80211/wpa.c deleted file mode 100644 index 77f66d825..000000000 --- a/qemu/roms/ipxe/src/net/80211/wpa.c +++ /dev/null @@ -1,916 +0,0 @@ -/* - * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -FILE_LICENCE ( GPL2_OR_LATER ); - -#include <ipxe/net80211.h> -#include <ipxe/sec80211.h> -#include <ipxe/wpa.h> -#include <ipxe/eapol.h> -#include <ipxe/crypto.h> -#include <ipxe/arc4.h> -#include <ipxe/crc32.h> -#include <ipxe/sha1.h> -#include <ipxe/hmac.h> -#include <ipxe/list.h> -#include <ipxe/ethernet.h> -#include <ipxe/rbg.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <byteswap.h> - -/** @file - * - * Handler for the aspects of WPA handshaking that are independent of - * 802.1X/PSK or TKIP/CCMP; this mostly involves the 4-Way Handshake. - */ - -/** List of WPA contexts in active use. */ -struct list_head wpa_contexts = LIST_HEAD_INIT ( wpa_contexts ); - - -/** - * Return an error code and deauthenticate - * - * @v ctx WPA common context - * @v rc Return status code - * @ret rc The passed return status code - */ -static int wpa_fail ( struct wpa_common_ctx *ctx, int rc ) -{ - net80211_deauthenticate ( ctx->dev, rc ); - return rc; -} - - -/** - * Find a cryptosystem handler structure from a crypto ID - * - * @v crypt Cryptosystem ID - * @ret crypto Cryptosystem handler structure - * - * If support for @a crypt is not compiled in to iPXE, or if @a crypt - * is NET80211_CRYPT_UNKNOWN, returns @c NULL. - */ -static struct net80211_crypto * -wpa_find_cryptosystem ( enum net80211_crypto_alg crypt ) -{ - struct net80211_crypto *crypto; - - for_each_table_entry ( crypto, NET80211_CRYPTOS ) { - if ( crypto->algorithm == crypt ) - return crypto; - } - - return NULL; -} - - -/** - * Find WPA key integrity and encryption handler from key version field - * - * @v ver Version bits of EAPOL-Key info field - * @ret kie Key integrity and encryption handler - */ -struct wpa_kie * wpa_find_kie ( int version ) -{ - struct wpa_kie *kie; - - for_each_table_entry ( kie, WPA_KIES ) { - if ( kie->version == version ) - return kie; - } - - return NULL; -} - - -/** - * Construct RSN or WPA information element - * - * @v dev 802.11 device - * @ret ie_ret RSN or WPA information element - * @ret rc Return status code - * - * This function allocates, fills, and returns a RSN or WPA - * information element suitable for including in an association - * request frame to the network identified by @c dev->associating. - * If it is impossible to construct an information element consistent - * with iPXE's capabilities that is compatible with that network, or - * if none should be sent because that network's beacon included no - * security information, returns an error indication and leaves - * @a ie_ret unchanged. - * - * The returned IE will be of the same type (RSN or WPA) as was - * included in the beacon for the network it is destined for. - */ -int wpa_make_rsn_ie ( struct net80211_device *dev, union ieee80211_ie **ie_ret ) -{ - u8 *rsn, *rsn_end; - int is_rsn; - u32 group_cipher; - enum net80211_crypto_alg gcrypt; - int ie_len; - u8 *iep; - struct ieee80211_ie_rsn *ie; - struct ieee80211_frame *hdr; - struct ieee80211_beacon *beacon; - - if ( ! dev->associating ) { - DBG ( "WPA: Can't make RSN IE for a non-associating device\n" ); - return -EINVAL; - } - - hdr = dev->associating->beacon->data; - beacon = ( struct ieee80211_beacon * ) hdr->data; - rsn = sec80211_find_rsn ( beacon->info_element, - dev->associating->beacon->tail, &is_rsn, - &rsn_end ); - if ( ! rsn ) { - DBG ( "WPA: Can't make RSN IE when we didn't get one\n" ); - return -EINVAL; - } - - rsn += 2; /* skip version */ - group_cipher = *( u32 * ) rsn; - gcrypt = sec80211_rsn_get_net80211_crypt ( group_cipher ); - - if ( ! wpa_find_cryptosystem ( gcrypt ) || - ! wpa_find_cryptosystem ( dev->associating->crypto ) ) { - DBG ( "WPA: No support for (GC:%d, PC:%d)\n", - gcrypt, dev->associating->crypto ); - return -ENOTSUP; - } - - /* Everything looks good - make our IE. */ - - /* WPA IEs need 4 more bytes for the OUI+type */ - ie_len = ieee80211_rsn_size ( 1, 1, 0, is_rsn ) + ( 4 * ! is_rsn ); - iep = malloc ( ie_len ); - if ( ! iep ) - return -ENOMEM; - - *ie_ret = ( union ieee80211_ie * ) iep; - - /* Store ID and length bytes. */ - *iep++ = ( is_rsn ? IEEE80211_IE_RSN : IEEE80211_IE_VENDOR ); - *iep++ = ie_len - 2; - - /* Store OUI+type for WPA IEs. */ - if ( ! is_rsn ) { - *( u32 * ) iep = IEEE80211_WPA_OUI_VEN; - iep += 4; - } - - /* If this is a WPA IE, the id and len bytes in the - ieee80211_ie_rsn structure will not be valid, but by doing - the cast we can fill all the other fields much more - readily. */ - - ie = ( struct ieee80211_ie_rsn * ) ( iep - 2 ); - ie->version = IEEE80211_RSN_VERSION; - ie->group_cipher = group_cipher; - ie->pairwise_count = 1; - ie->pairwise_cipher[0] = - sec80211_rsn_get_crypto_desc ( dev->associating->crypto, - is_rsn ); - ie->akm_count = 1; - ie->akm_list[0] = - sec80211_rsn_get_akm_desc ( dev->associating->handshaking, - is_rsn ); - if ( is_rsn ) { - ie->rsn_capab = 0; - ie->pmkid_count = 0; - } - - return 0; -} - - -/** - * Set up generic WPA support to handle 4-Way Handshake - * - * @v dev 802.11 device - * @v ctx WPA common context - * @v pmk Pairwise Master Key to use for session - * @v pmk_len Length of PMK, almost always 32 - * @ret rc Return status code - */ -int wpa_start ( struct net80211_device *dev, struct wpa_common_ctx *ctx, - const void *pmk, size_t pmk_len ) -{ - struct io_buffer *iob; - struct ieee80211_frame *hdr; - struct ieee80211_beacon *beacon; - u8 *ap_rsn_ie = NULL, *ap_rsn_ie_end; - - if ( ! dev->rsn_ie || ! dev->associating ) - return -EINVAL; - - ctx->dev = dev; - memcpy ( ctx->pmk, pmk, ctx->pmk_len = pmk_len ); - ctx->state = WPA_READY; - ctx->replay = ~0ULL; - - iob = dev->associating->beacon; - hdr = iob->data; - beacon = ( struct ieee80211_beacon * ) hdr->data; - ap_rsn_ie = sec80211_find_rsn ( beacon->info_element, iob->tail, - &ctx->ap_rsn_is_rsn, &ap_rsn_ie_end ); - if ( ap_rsn_ie ) { - ctx->ap_rsn_ie = malloc ( ap_rsn_ie_end - ap_rsn_ie ); - if ( ! ctx->ap_rsn_ie ) - return -ENOMEM; - memcpy ( ctx->ap_rsn_ie, ap_rsn_ie, ap_rsn_ie_end - ap_rsn_ie ); - ctx->ap_rsn_ie_len = ap_rsn_ie_end - ap_rsn_ie; - } else { - return -ENOENT; - } - - ctx->crypt = dev->associating->crypto; - ctx->gcrypt = NET80211_CRYPT_UNKNOWN; - - list_add_tail ( &ctx->list, &wpa_contexts ); - return 0; -} - - -/** - * Disable handling of received WPA handshake frames - * - * @v dev 802.11 device - */ -void wpa_stop ( struct net80211_device *dev ) -{ - struct wpa_common_ctx *ctx, *tmp; - - list_for_each_entry_safe ( ctx, tmp, &wpa_contexts, list ) { - if ( ctx->dev == dev ) { - free ( ctx->ap_rsn_ie ); - ctx->ap_rsn_ie = NULL; - list_del ( &ctx->list ); - } - } -} - - -/** - * Derive pairwise transient key - * - * @v ctx WPA common context - */ -static void wpa_derive_ptk ( struct wpa_common_ctx *ctx ) -{ - struct { - u8 mac1[ETH_ALEN]; - u8 mac2[ETH_ALEN]; - u8 nonce1[WPA_NONCE_LEN]; - u8 nonce2[WPA_NONCE_LEN]; - } __attribute__ (( packed )) ptk_data; - - /* The addresses and nonces are stored in numerical order (!) */ - - if ( memcmp ( ctx->dev->netdev->ll_addr, ctx->dev->bssid, - ETH_ALEN ) < 0 ) { - memcpy ( ptk_data.mac1, ctx->dev->netdev->ll_addr, ETH_ALEN ); - memcpy ( ptk_data.mac2, ctx->dev->bssid, ETH_ALEN ); - } else { - memcpy ( ptk_data.mac1, ctx->dev->bssid, ETH_ALEN ); - memcpy ( ptk_data.mac2, ctx->dev->netdev->ll_addr, ETH_ALEN ); - } - - if ( memcmp ( ctx->Anonce, ctx->Snonce, WPA_NONCE_LEN ) < 0 ) { - memcpy ( ptk_data.nonce1, ctx->Anonce, WPA_NONCE_LEN ); - memcpy ( ptk_data.nonce2, ctx->Snonce, WPA_NONCE_LEN ); - } else { - memcpy ( ptk_data.nonce1, ctx->Snonce, WPA_NONCE_LEN ); - memcpy ( ptk_data.nonce2, ctx->Anonce, WPA_NONCE_LEN ); - } - - DBGC2 ( ctx, "WPA %p A1 %s, A2 %s\n", ctx, eth_ntoa ( ptk_data.mac1 ), - eth_ntoa ( ptk_data.mac2 ) ); - DBGC2 ( ctx, "WPA %p Nonce1, Nonce2:\n", ctx ); - DBGC2_HD ( ctx, ptk_data.nonce1, WPA_NONCE_LEN ); - DBGC2_HD ( ctx, ptk_data.nonce2, WPA_NONCE_LEN ); - - prf_sha1 ( ctx->pmk, ctx->pmk_len, - "Pairwise key expansion", - &ptk_data, sizeof ( ptk_data ), - &ctx->ptk, sizeof ( ctx->ptk ) ); - - DBGC2 ( ctx, "WPA %p PTK:\n", ctx ); - DBGC2_HD ( ctx, &ctx->ptk, sizeof ( ctx->ptk ) ); -} - - -/** - * Install pairwise transient key - * - * @v ctx WPA common context - * @v len Key length (16 for CCMP, 32 for TKIP) - * @ret rc Return status code - */ -static inline int wpa_install_ptk ( struct wpa_common_ctx *ctx, int len ) -{ - DBGC ( ctx, "WPA %p: installing %d-byte pairwise transient key\n", - ctx, len ); - DBGC2_HD ( ctx, &ctx->ptk.tk, len ); - - return sec80211_install ( &ctx->dev->crypto, ctx->crypt, - &ctx->ptk.tk, len, NULL ); -} - -/** - * Install group transient key - * - * @v ctx WPA common context - * @v len Key length (16 for CCMP, 32 for TKIP) - * @v rsc Receive sequence counter field in EAPOL-Key packet - * @ret rc Return status code - */ -static inline int wpa_install_gtk ( struct wpa_common_ctx *ctx, int len, - const void *rsc ) -{ - DBGC ( ctx, "WPA %p: installing %d-byte group transient key\n", - ctx, len ); - DBGC2_HD ( ctx, &ctx->gtk.tk, len ); - - return sec80211_install ( &ctx->dev->gcrypto, ctx->gcrypt, - &ctx->gtk.tk, len, rsc ); -} - -/** - * Search for group transient key, and install it if found - * - * @v ctx WPA common context - * @v ie Pointer to first IE in key data field - * @v ie_end Pointer to first byte not in key data field - * @v rsc Receive sequence counter field in EAPOL-Key packet - * @ret rc Return status code - */ -static int wpa_maybe_install_gtk ( struct wpa_common_ctx *ctx, - union ieee80211_ie *ie, void *ie_end, - const void *rsc ) -{ - struct wpa_kde *kde; - - if ( ! ieee80211_ie_bound ( ie, ie_end ) ) - return -ENOENT; - - while ( ie ) { - if ( ie->id == IEEE80211_IE_VENDOR && - ie->vendor.oui == WPA_KDE_GTK ) - break; - - ie = ieee80211_next_ie ( ie, ie_end ); - } - - if ( ! ie ) - return -ENOENT; - - if ( ie->len - 6u > sizeof ( ctx->gtk.tk ) ) { - DBGC ( ctx, "WPA %p: GTK KDE is too long (%d bytes, max %zd)\n", - ctx, ie->len - 4, sizeof ( ctx->gtk.tk ) ); - return -EINVAL; - } - - /* XXX We ignore key ID for now. */ - kde = ( struct wpa_kde * ) ie; - memcpy ( &ctx->gtk.tk, &kde->gtk_encap.gtk, kde->len - 6 ); - - return wpa_install_gtk ( ctx, kde->len - 6, rsc ); -} - - -/** - * Allocate I/O buffer for construction of outgoing EAPOL-Key frame - * - * @v kdlen Maximum number of bytes in the Key Data field - * @ret iob Newly allocated I/O buffer - * - * The returned buffer will have space reserved for the link-layer and - * EAPOL headers, and will have @c iob->tail pointing to the start of - * the Key Data field. Thus, it is necessary to use iob_put() in - * filling the Key Data. - */ -static struct io_buffer * wpa_alloc_frame ( int kdlen ) -{ - struct io_buffer *ret = alloc_iob ( sizeof ( struct eapol_key_pkt ) + - kdlen + EAPOL_HDR_LEN + - MAX_LL_HEADER_LEN ); - if ( ! ret ) - return NULL; - - iob_reserve ( ret, MAX_LL_HEADER_LEN + EAPOL_HDR_LEN ); - memset ( iob_put ( ret, sizeof ( struct eapol_key_pkt ) ), 0, - sizeof ( struct eapol_key_pkt ) ); - - return ret; -} - - -/** - * Send EAPOL-Key packet - * - * @v iob I/O buffer, with sufficient headroom for headers - * @v dev 802.11 device - * @v kie Key integrity and encryption handler - * @v is_rsn If TRUE, handshake uses new RSN format - * @ret rc Return status code - * - * If a KIE is specified, the MIC will be filled in before transmission. - */ -static int wpa_send_eapol ( struct io_buffer *iob, struct wpa_common_ctx *ctx, - struct wpa_kie *kie ) -{ - struct eapol_key_pkt *pkt = iob->data; - struct eapol_frame *eapol = iob_push ( iob, EAPOL_HDR_LEN ); - - pkt->info = htons ( pkt->info ); - pkt->keysize = htons ( pkt->keysize ); - pkt->datalen = htons ( pkt->datalen ); - pkt->replay = cpu_to_be64 ( pkt->replay ); - eapol->version = EAPOL_THIS_VERSION; - eapol->type = EAPOL_TYPE_KEY; - eapol->length = htons ( iob->tail - iob->data - sizeof ( *eapol ) ); - - memset ( pkt->mic, 0, sizeof ( pkt->mic ) ); - if ( kie ) - kie->mic ( &ctx->ptk.kck, eapol, EAPOL_HDR_LEN + - sizeof ( *pkt ) + ntohs ( pkt->datalen ), - pkt->mic ); - - return net_tx ( iob, ctx->dev->netdev, &eapol_protocol, - ctx->dev->bssid, ctx->dev->netdev->ll_addr ); -} - - -/** - * Send second frame in 4-Way Handshake - * - * @v ctx WPA common context - * @v pkt First frame, to which this is a reply - * @v is_rsn If TRUE, handshake uses new RSN format - * @v kie Key integrity and encryption handler - * @ret rc Return status code - */ -static int wpa_send_2_of_4 ( struct wpa_common_ctx *ctx, - struct eapol_key_pkt *pkt, int is_rsn, - struct wpa_kie *kie ) -{ - struct io_buffer *iob = wpa_alloc_frame ( ctx->dev->rsn_ie->len + 2 ); - struct eapol_key_pkt *npkt; - - if ( ! iob ) - return -ENOMEM; - - npkt = iob->data; - memcpy ( npkt, pkt, sizeof ( *pkt ) ); - npkt->info &= ~EAPOL_KEY_INFO_KEY_ACK; - npkt->info |= EAPOL_KEY_INFO_KEY_MIC; - if ( is_rsn ) - npkt->keysize = 0; - memcpy ( npkt->nonce, ctx->Snonce, sizeof ( npkt->nonce ) ); - npkt->datalen = ctx->dev->rsn_ie->len + 2; - memcpy ( iob_put ( iob, npkt->datalen ), ctx->dev->rsn_ie, - npkt->datalen ); - - DBGC ( ctx, "WPA %p: sending 2/4\n", ctx ); - - return wpa_send_eapol ( iob, ctx, kie ); -} - - -/** - * Handle receipt of first frame in 4-Way Handshake - * - * @v ctx WPA common context - * @v pkt EAPOL-Key packet - * @v is_rsn If TRUE, frame uses new RSN format - * @v kie Key integrity and encryption handler - * @ret rc Return status code - */ -static int wpa_handle_1_of_4 ( struct wpa_common_ctx *ctx, - struct eapol_key_pkt *pkt, int is_rsn, - struct wpa_kie *kie ) -{ - if ( ctx->state == WPA_WAITING ) - return -EINVAL; - - ctx->state = WPA_WORKING; - memcpy ( ctx->Anonce, pkt->nonce, sizeof ( ctx->Anonce ) ); - if ( ! ctx->have_Snonce ) { - rbg_generate ( NULL, 0, 0, ctx->Snonce, - sizeof ( ctx->Snonce ) ); - ctx->have_Snonce = 1; - } - - DBGC ( ctx, "WPA %p: received 1/4, looks OK\n", ctx ); - - wpa_derive_ptk ( ctx ); - - return wpa_send_2_of_4 ( ctx, pkt, is_rsn, kie ); -} - - -/** - * Send fourth frame in 4-Way Handshake, or second in Group Key Handshake - * - * @v ctx WPA common context - * @v pkt EAPOL-Key packet for frame to which we're replying - * @v is_rsn If TRUE, frame uses new RSN format - * @v kie Key integrity and encryption handler - * @ret rc Return status code - */ -static int wpa_send_final ( struct wpa_common_ctx *ctx, - struct eapol_key_pkt *pkt, int is_rsn, - struct wpa_kie *kie ) -{ - struct io_buffer *iob = wpa_alloc_frame ( 0 ); - struct eapol_key_pkt *npkt; - - if ( ! iob ) - return -ENOMEM; - - npkt = iob->data; - memcpy ( npkt, pkt, sizeof ( *pkt ) ); - npkt->info &= ~( EAPOL_KEY_INFO_KEY_ACK | EAPOL_KEY_INFO_INSTALL | - EAPOL_KEY_INFO_KEY_ENC ); - if ( is_rsn ) - npkt->keysize = 0; - memset ( npkt->nonce, 0, sizeof ( npkt->nonce ) ); - memset ( npkt->iv, 0, sizeof ( npkt->iv ) ); - npkt->datalen = 0; - - if ( npkt->info & EAPOL_KEY_INFO_TYPE ) - DBGC ( ctx, "WPA %p: sending 4/4\n", ctx ); - else - DBGC ( ctx, "WPA %p: sending 2/2\n", ctx ); - - return wpa_send_eapol ( iob, ctx, kie ); - -} - - -/** - * Handle receipt of third frame in 4-Way Handshake - * - * @v ctx WPA common context - * @v pkt EAPOL-Key packet - * @v is_rsn If TRUE, frame uses new RSN format - * @v kie Key integrity and encryption handler - * @ret rc Return status code - */ -static int wpa_handle_3_of_4 ( struct wpa_common_ctx *ctx, - struct eapol_key_pkt *pkt, int is_rsn, - struct wpa_kie *kie ) -{ - int rc; - u8 *this_rsn, *this_rsn_end; - u8 *new_rsn, *new_rsn_end; - int this_is_rsn, new_is_rsn; - - if ( ctx->state == WPA_WAITING ) - return -EINVAL; - - ctx->state = WPA_WORKING; - - /* Check nonce */ - if ( memcmp ( ctx->Anonce, pkt->nonce, WPA_NONCE_LEN ) != 0 ) { - DBGC ( ctx, "WPA %p ALERT: nonce mismatch in 3/4\n", ctx ); - return wpa_fail ( ctx, -EACCES ); - } - - /* Check RSN IE */ - this_rsn = sec80211_find_rsn ( ( union ieee80211_ie * ) pkt->data, - pkt->data + pkt->datalen, - &this_is_rsn, &this_rsn_end ); - if ( this_rsn ) - new_rsn = sec80211_find_rsn ( ( union ieee80211_ie * ) - this_rsn_end, - pkt->data + pkt->datalen, - &new_is_rsn, &new_rsn_end ); - else - new_rsn = NULL; - - if ( ! ctx->ap_rsn_ie || ! this_rsn || - ctx->ap_rsn_ie_len != ( this_rsn_end - this_rsn ) || - ctx->ap_rsn_is_rsn != this_is_rsn || - memcmp ( ctx->ap_rsn_ie, this_rsn, ctx->ap_rsn_ie_len ) != 0 ) { - DBGC ( ctx, "WPA %p ALERT: RSN mismatch in 3/4\n", ctx ); - DBGC2 ( ctx, "WPA %p RSNs (in 3/4, in beacon):\n", ctx ); - DBGC2_HD ( ctx, this_rsn, this_rsn_end - this_rsn ); - DBGC2_HD ( ctx, ctx->ap_rsn_ie, ctx->ap_rsn_ie_len ); - return wpa_fail ( ctx, -EACCES ); - } - - /* Don't switch if they just supplied both styles of IE - simultaneously; we need two RSN IEs or two WPA IEs to - switch ciphers. They'll be immediately consecutive because - of ordering guarantees. */ - if ( new_rsn && this_is_rsn == new_is_rsn ) { - struct net80211_wlan *assoc = ctx->dev->associating; - DBGC ( ctx, "WPA %p: accommodating bait-and-switch tactics\n", - ctx ); - DBGC2 ( ctx, "WPA %p RSNs (in 3/4+beacon, new in 3/4):\n", - ctx ); - DBGC2_HD ( ctx, this_rsn, this_rsn_end - this_rsn ); - DBGC2_HD ( ctx, new_rsn, new_rsn_end - new_rsn ); - - if ( ( rc = sec80211_detect_ie ( new_is_rsn, new_rsn, - new_rsn_end, - &assoc->handshaking, - &assoc->crypto ) ) != 0 ) - DBGC ( ctx, "WPA %p: bait-and-switch invalid, staying " - "with original request\n", ctx ); - } else { - new_rsn = this_rsn; - new_is_rsn = this_is_rsn; - new_rsn_end = this_rsn_end; - } - - /* Grab group cryptosystem ID */ - ctx->gcrypt = sec80211_rsn_get_net80211_crypt ( *( u32 * ) - ( new_rsn + 2 ) ); - - /* Check for a GTK, if info field is encrypted */ - if ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) { - rc = wpa_maybe_install_gtk ( ctx, - ( union ieee80211_ie * ) pkt->data, - pkt->data + pkt->datalen, - pkt->rsc ); - if ( rc < 0 ) { - DBGC ( ctx, "WPA %p did not install GTK in 3/4: %s\n", - ctx, strerror ( rc ) ); - if ( rc != -ENOENT ) - return wpa_fail ( ctx, rc ); - } - } - - DBGC ( ctx, "WPA %p: received 3/4, looks OK\n", ctx ); - - /* Send final message */ - rc = wpa_send_final ( ctx, pkt, is_rsn, kie ); - if ( rc < 0 ) - return wpa_fail ( ctx, rc ); - - /* Install PTK */ - rc = wpa_install_ptk ( ctx, pkt->keysize ); - if ( rc < 0 ) { - DBGC ( ctx, "WPA %p failed to install PTK: %s\n", ctx, - strerror ( rc ) ); - return wpa_fail ( ctx, rc ); - } - - /* Mark us as needing a new Snonce if we rekey */ - ctx->have_Snonce = 0; - - /* Done! */ - ctx->state = WPA_SUCCESS; - return 0; -} - - -/** - * Handle receipt of first frame in Group Key Handshake - * - * @v ctx WPA common context - * @v pkt EAPOL-Key packet - * @v is_rsn If TRUE, frame uses new RSN format - * @v kie Key integrity and encryption handler - * @ret rc Return status code - */ -static int wpa_handle_1_of_2 ( struct wpa_common_ctx *ctx, - struct eapol_key_pkt *pkt, int is_rsn, - struct wpa_kie *kie ) -{ - int rc; - - /* - * WPA and RSN do this completely differently. - * - * The idea of encoding the GTK (or PMKID, or various other - * things) into a KDE that looks like an information element - * is an RSN innovation; old WPA code never encapsulates - * things like that. If it looks like an info element, it - * really is (for the WPA IE check in frames 2/4 and 3/4). The - * "key data encrypted" bit in the info field is also specific - * to RSN. - * - * So from an old WPA host, 3/4 does not contain an - * encapsulated GTK. The first frame of the GK handshake - * contains it, encrypted, but without a KDE wrapper, and with - * the key ID field (which iPXE doesn't use) shoved away in - * the reserved bits in the info field, and the TxRx bit - * stealing the Install bit's spot. - */ - - if ( is_rsn && ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) ) { - rc = wpa_maybe_install_gtk ( ctx, - ( union ieee80211_ie * ) pkt->data, - pkt->data + pkt->datalen, - pkt->rsc ); - if ( rc < 0 ) { - DBGC ( ctx, "WPA %p: failed to install GTK in 1/2: " - "%s\n", ctx, strerror ( rc ) ); - return wpa_fail ( ctx, rc ); - } - } else { - rc = kie->decrypt ( &ctx->ptk.kek, pkt->iv, pkt->data, - &pkt->datalen ); - if ( rc < 0 ) { - DBGC ( ctx, "WPA %p: failed to decrypt GTK: %s\n", - ctx, strerror ( rc ) ); - return rc; /* non-fatal */ - } - if ( pkt->datalen > sizeof ( ctx->gtk.tk ) ) { - DBGC ( ctx, "WPA %p: too much GTK data (%d > %zd)\n", - ctx, pkt->datalen, sizeof ( ctx->gtk.tk ) ); - return wpa_fail ( ctx, -EINVAL ); - } - - memcpy ( &ctx->gtk.tk, pkt->data, pkt->datalen ); - wpa_install_gtk ( ctx, pkt->datalen, pkt->rsc ); - } - - DBGC ( ctx, "WPA %p: received 1/2, looks OK\n", ctx ); - - return wpa_send_final ( ctx, pkt, is_rsn, kie ); -} - - -/** - * Handle receipt of EAPOL-Key frame for WPA - * - * @v iob I/O buffer - * @v netdev Network device - * @v ll_dest Link-layer destination address - * @v ll_source Source link-layer address - */ -static int eapol_key_rx ( struct io_buffer *iob, struct net_device *netdev, - const void *ll_dest __unused, - const void *ll_source ) -{ - struct net80211_device *dev = net80211_get ( netdev ); - struct eapol_key_pkt *pkt = iob->data; - int is_rsn, found_ctx; - struct wpa_common_ctx *ctx; - int rc = 0; - struct wpa_kie *kie; - u8 their_mic[16], our_mic[16]; - - if ( pkt->type != EAPOL_KEY_TYPE_WPA && - pkt->type != EAPOL_KEY_TYPE_RSN ) { - DBG ( "EAPOL-Key: packet not of 802.11 type\n" ); - rc = -EINVAL; - goto drop; - } - - is_rsn = ( pkt->type == EAPOL_KEY_TYPE_RSN ); - - if ( ! dev ) { - DBG ( "EAPOL-Key: packet not from 802.11\n" ); - rc = -EINVAL; - goto drop; - } - - if ( memcmp ( dev->bssid, ll_source, ETH_ALEN ) != 0 ) { - DBG ( "EAPOL-Key: packet not from associated AP\n" ); - rc = -EINVAL; - goto drop; - } - - if ( ! ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_KEY_ACK ) ) { - DBG ( "EAPOL-Key: packet sent in wrong direction\n" ); - rc = -EINVAL; - goto drop; - } - - found_ctx = 0; - list_for_each_entry ( ctx, &wpa_contexts, list ) { - if ( ctx->dev == dev ) { - found_ctx = 1; - break; - } - } - - if ( ! found_ctx ) { - DBG ( "EAPOL-Key: no WPA context to handle packet for %p\n", - dev ); - rc = -ENOENT; - goto drop; - } - - if ( ( void * ) ( pkt + 1 ) + ntohs ( pkt->datalen ) > iob->tail ) { - DBGC ( ctx, "WPA %p: packet truncated (has %zd extra bytes, " - "states %d)\n", ctx, iob->tail - ( void * ) ( pkt + 1 ), - ntohs ( pkt->datalen ) ); - rc = -EINVAL; - goto drop; - } - - /* Get a handle on key integrity/encryption handler */ - kie = wpa_find_kie ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_VERSION ); - if ( ! kie ) { - DBGC ( ctx, "WPA %p: no support for packet version %d\n", ctx, - ntohs ( pkt->info ) & EAPOL_KEY_INFO_VERSION ); - rc = wpa_fail ( ctx, -ENOTSUP ); - goto drop; - } - - /* Check MIC */ - if ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_KEY_MIC ) { - memcpy ( their_mic, pkt->mic, sizeof ( pkt->mic ) ); - memset ( pkt->mic, 0, sizeof ( pkt->mic ) ); - kie->mic ( &ctx->ptk.kck, ( void * ) pkt - EAPOL_HDR_LEN, - EAPOL_HDR_LEN + sizeof ( *pkt ) + - ntohs ( pkt->datalen ), our_mic ); - DBGC2 ( ctx, "WPA %p MIC comparison (theirs, ours):\n", ctx ); - DBGC2_HD ( ctx, their_mic, 16 ); - DBGC2_HD ( ctx, our_mic, 16 ); - if ( memcmp ( their_mic, our_mic, sizeof ( pkt->mic ) ) != 0 ) { - DBGC ( ctx, "WPA %p: EAPOL MIC failure\n", ctx ); - goto drop; - } - } - - /* Fix byte order to local */ - pkt->info = ntohs ( pkt->info ); - pkt->keysize = ntohs ( pkt->keysize ); - pkt->datalen = ntohs ( pkt->datalen ); - pkt->replay = be64_to_cpu ( pkt->replay ); - - /* Check replay counter */ - if ( ctx->replay != ~0ULL && ctx->replay >= pkt->replay ) { - DBGC ( ctx, "WPA %p ALERT: Replay detected! " - "(%08x:%08x >= %08x:%08x)\n", ctx, - ( u32 ) ( ctx->replay >> 32 ), ( u32 ) ctx->replay, - ( u32 ) ( pkt->replay >> 32 ), ( u32 ) pkt->replay ); - rc = 0; /* ignore without error */ - goto drop; - } - ctx->replay = pkt->replay; - - /* Decrypt key data */ - if ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) { - rc = kie->decrypt ( &ctx->ptk.kek, pkt->iv, pkt->data, - &pkt->datalen ); - if ( rc < 0 ) { - DBGC ( ctx, "WPA %p: failed to decrypt packet: %s\n", - ctx, strerror ( rc ) ); - goto drop; - } - } - - /* Hand it off to appropriate handler */ - switch ( pkt->info & ( EAPOL_KEY_INFO_TYPE | - EAPOL_KEY_INFO_KEY_MIC ) ) { - case EAPOL_KEY_TYPE_PTK: - rc = wpa_handle_1_of_4 ( ctx, pkt, is_rsn, kie ); - break; - - case EAPOL_KEY_TYPE_PTK | EAPOL_KEY_INFO_KEY_MIC: - rc = wpa_handle_3_of_4 ( ctx, pkt, is_rsn, kie ); - break; - - case EAPOL_KEY_TYPE_GTK | EAPOL_KEY_INFO_KEY_MIC: - rc = wpa_handle_1_of_2 ( ctx, pkt, is_rsn, kie ); - break; - - default: - DBGC ( ctx, "WPA %p: Invalid combination of key flags %04x\n", - ctx, pkt->info ); - rc = -EINVAL; - break; - } - - drop: - free_iob ( iob ); - return rc; -} - -struct eapol_handler eapol_key_handler __eapol_handler = { - .type = EAPOL_TYPE_KEY, - .rx = eapol_key_rx, -}; - -/* WPA always needs EAPOL in order to be useful */ -REQUIRING_SYMBOL ( eapol_key_handler ); -REQUIRE_OBJECT ( eapol ); diff --git a/qemu/roms/ipxe/src/net/80211/wpa_ccmp.c b/qemu/roms/ipxe/src/net/80211/wpa_ccmp.c deleted file mode 100644 index a073c6a3c..000000000 --- a/qemu/roms/ipxe/src/net/80211/wpa_ccmp.c +++ /dev/null @@ -1,530 +0,0 @@ -/* - * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -FILE_LICENCE ( GPL2_OR_LATER ); - -#include <string.h> -#include <ipxe/net80211.h> -#include <ipxe/crypto.h> -#include <ipxe/hmac.h> -#include <ipxe/sha1.h> -#include <ipxe/aes.h> -#include <ipxe/wpa.h> -#include <byteswap.h> -#include <errno.h> - -/** @file - * - * Backend for WPA using the CCMP encryption method - */ - -/** Context for CCMP encryption and decryption */ -struct ccmp_ctx -{ - /** AES context - only ever used for encryption */ - u8 aes_ctx[AES_CTX_SIZE]; - - /** Most recently sent packet number */ - u64 tx_seq; - - /** Most recently received packet number */ - u64 rx_seq; -}; - -/** Header structure at the beginning of CCMP frame data */ -struct ccmp_head -{ - u8 pn_lo[2]; /**< Bytes 0 and 1 of packet number */ - u8 _rsvd; /**< Reserved byte */ - u8 kid; /**< Key ID and ExtIV byte */ - u8 pn_hi[4]; /**< Bytes 2-5 (2 first) of packet number */ -} __attribute__ (( packed )); - - -/** CCMP header overhead */ -#define CCMP_HEAD_LEN 8 - -/** CCMP MIC trailer overhead */ -#define CCMP_MIC_LEN 8 - -/** CCMP nonce length */ -#define CCMP_NONCE_LEN 13 - -/** CCMP nonce structure */ -struct ccmp_nonce -{ - u8 prio; /**< Packet priority, 0 for non-QoS */ - u8 a2[ETH_ALEN]; /**< Address 2 from packet header (sender) */ - u8 pn[6]; /**< Packet number */ -} __attribute__ (( packed )); - -/** CCMP additional authentication data length (for non-QoS, non-WDS frames) */ -#define CCMP_AAD_LEN 22 - -/** CCMP additional authentication data structure */ -struct ccmp_aad -{ - u16 fc; /**< Frame Control field */ - u8 a1[6]; /**< Address 1 */ - u8 a2[6]; /**< Address 2 */ - u8 a3[6]; /**< Address 3 */ - u16 seq; /**< Sequence Control field */ - /* Address 4 and QoS Control are included if present */ -} __attribute__ (( packed )); - -/** Mask for Frame Control field in AAD */ -#define CCMP_AAD_FC_MASK 0xC38F - -/** Mask for Sequence Control field in AAD */ -#define CCMP_AAD_SEQ_MASK 0x000F - - -/** - * Convert 6-byte LSB packet number to 64-bit integer - * - * @v pn Pointer to 6-byte packet number - * @ret v 64-bit integer value of @a pn - */ -static u64 pn_to_u64 ( const u8 *pn ) -{ - int i; - u64 ret = 0; - - for ( i = 5; i >= 0; i-- ) { - ret <<= 8; - ret |= pn[i]; - } - - return ret; -} - -/** - * Convert 64-bit integer to 6-byte packet number - * - * @v v 64-bit integer - * @v msb If TRUE, reverse the output PN to be in MSB order - * @ret pn 6-byte packet number - * - * The PN is stored in LSB order in the packet header and in MSB order - * in the nonce. WHYYYYY? - */ -static void u64_to_pn ( u64 v, u8 *pn, int msb ) -{ - int i; - u8 *pnp = pn + ( msb ? 5 : 0 ); - int delta = ( msb ? -1 : +1 ); - - for ( i = 0; i < 6; i++ ) { - *pnp = v & 0xFF; - pnp += delta; - v >>= 8; - } -} - -/** Value for @a msb argument of u64_to_pn() for MSB output */ -#define PN_MSB 1 - -/** Value for @a msb argument of u64_to_pn() for LSB output */ -#define PN_LSB 0 - - - -/** - * Initialise CCMP state and install key - * - * @v crypto CCMP cryptosystem structure - * @v key Pointer to 16-byte temporal key to install - * @v keylen Length of key (16 bytes) - * @v rsc Initial receive sequence counter - */ -static int ccmp_init ( struct net80211_crypto *crypto, const void *key, - int keylen, const void *rsc ) -{ - struct ccmp_ctx *ctx = crypto->priv; - - if ( keylen != 16 ) - return -EINVAL; - - if ( rsc ) - ctx->rx_seq = pn_to_u64 ( rsc ); - - cipher_setkey ( &aes_algorithm, ctx->aes_ctx, key, keylen ); - - return 0; -} - - -/** - * Encrypt or decrypt data stream using AES in Counter mode - * - * @v ctx CCMP cryptosystem context - * @v nonce Nonce value, 13 bytes - * @v srcv Data to encrypt or decrypt - * @v len Number of bytes pointed to by @a src - * @v msrcv MIC value to encrypt or decrypt (may be NULL) - * @ret destv Encrypted or decrypted data - * @ret mdestv Encrypted or decrypted MIC value - * - * This assumes CCMP parameters of L=2 and M=8. The algorithm is - * defined in RFC 3610. - */ -static void ccmp_ctr_xor ( struct ccmp_ctx *ctx, const void *nonce, - const void *srcv, void *destv, int len, - const void *msrcv, void *mdestv ) -{ - u8 A[16], S[16]; - u16 ctr; - int i; - const u8 *src = srcv, *msrc = msrcv; - u8 *dest = destv, *mdest = mdestv; - - A[0] = 0x01; /* flags, L' = L - 1 = 1, other bits rsvd */ - memcpy ( A + 1, nonce, CCMP_NONCE_LEN ); - - if ( msrcv ) { - A[14] = A[15] = 0; - - cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, A, S, 16 ); - - for ( i = 0; i < 8; i++ ) { - *mdest++ = *msrc++ ^ S[i]; - } - } - - for ( ctr = 1 ;; ctr++ ) { - A[14] = ctr >> 8; - A[15] = ctr & 0xFF; - - cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, A, S, 16 ); - - for ( i = 0; i < len && i < 16; i++ ) - *dest++ = *src++ ^ S[i]; - - if ( len <= 16 ) - break; /* we're done */ - - len -= 16; - } -} - - -/** - * Advance one block in CBC-MAC calculation - * - * @v aes_ctx AES encryption context with key set - * @v B Cleartext block to incorporate (16 bytes) - * @v X Previous ciphertext block (16 bytes) - * @ret B Clobbered - * @ret X New ciphertext block (16 bytes) - * - * This function does X := E[key] ( X ^ B ). - */ -static void ccmp_feed_cbc_mac ( void *aes_ctx, u8 *B, u8 *X ) -{ - int i; - for ( i = 0; i < 16; i++ ) - B[i] ^= X[i]; - cipher_encrypt ( &aes_algorithm, aes_ctx, B, X, 16 ); -} - - -/** - * Calculate MIC on plaintext data using CBC-MAC - * - * @v ctx CCMP cryptosystem context - * @v nonce Nonce value, 13 bytes - * @v data Data to calculate MIC over - * @v datalen Length of @a data - * @v aad Additional authentication data, for MIC but not encryption - * @ret mic MIC value (unencrypted), 8 bytes - * - * @a aadlen is assumed to be 22 bytes long, as it always is for - * 802.11 use when transmitting non-QoS, not-between-APs frames (the - * only type we deal with). - */ -static void ccmp_cbc_mac ( struct ccmp_ctx *ctx, const void *nonce, - const void *data, u16 datalen, - const void *aad, void *mic ) -{ - u8 X[16], B[16]; - - /* Zeroth block: flags, nonce, length */ - - /* Rsv AAD - M'- - L'- - * 0 1 0 1 1 0 0 1 for an 8-byte MAC and 2-byte message length - */ - B[0] = 0x59; - memcpy ( B + 1, nonce, CCMP_NONCE_LEN ); - B[14] = datalen >> 8; - B[15] = datalen & 0xFF; - - cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, B, X, 16 ); - - /* First block: AAD length field and 14 bytes of AAD */ - B[0] = 0; - B[1] = CCMP_AAD_LEN; - memcpy ( B + 2, aad, 14 ); - - ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X ); - - /* Second block: Remaining 8 bytes of AAD, 8 bytes zero pad */ - memcpy ( B, aad + 14, 8 ); - memset ( B + 8, 0, 8 ); - - ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X ); - - /* Message blocks */ - while ( datalen ) { - if ( datalen >= 16 ) { - memcpy ( B, data, 16 ); - datalen -= 16; - } else { - memcpy ( B, data, datalen ); - memset ( B + datalen, 0, 16 - datalen ); - datalen = 0; - } - - ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X ); - - data += 16; - } - - /* Get MIC from final value of X */ - memcpy ( mic, X, 8 ); -} - - -/** - * Encapsulate and encrypt a packet using CCMP - * - * @v crypto CCMP cryptosystem - * @v iob I/O buffer containing cleartext packet - * @ret eiob I/O buffer containing encrypted packet - */ -struct io_buffer * ccmp_encrypt ( struct net80211_crypto *crypto, - struct io_buffer *iob ) -{ - struct ccmp_ctx *ctx = crypto->priv; - struct ieee80211_frame *hdr = iob->data; - struct io_buffer *eiob; - const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN; - int datalen = iob_len ( iob ) - hdrlen; - struct ccmp_head head; - struct ccmp_nonce nonce; - struct ccmp_aad aad; - u8 mic[8], tx_pn[6]; - void *edata, *emic; - - ctx->tx_seq++; - u64_to_pn ( ctx->tx_seq, tx_pn, PN_LSB ); - - /* Allocate memory */ - eiob = alloc_iob ( iob_len ( iob ) + CCMP_HEAD_LEN + CCMP_MIC_LEN ); - if ( ! eiob ) - return NULL; - - /* Copy frame header */ - memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen ); - hdr = eiob->data; - hdr->fc |= IEEE80211_FC_PROTECTED; - - /* Fill in packet number and extended IV */ - memcpy ( head.pn_lo, tx_pn, 2 ); - memcpy ( head.pn_hi, tx_pn + 2, 4 ); - head.kid = 0x20; /* have Extended IV, key ID 0 */ - head._rsvd = 0; - memcpy ( iob_put ( eiob, sizeof ( head ) ), &head, sizeof ( head ) ); - - /* Form nonce */ - nonce.prio = 0; - memcpy ( nonce.a2, hdr->addr2, ETH_ALEN ); - u64_to_pn ( ctx->tx_seq, nonce.pn, PN_MSB ); - - /* Form additional authentication data */ - aad.fc = hdr->fc & CCMP_AAD_FC_MASK; - memcpy ( aad.a1, hdr->addr1, 3 * ETH_ALEN ); /* all 3 at once */ - aad.seq = hdr->seq & CCMP_AAD_SEQ_MASK; - - /* Calculate MIC over the data */ - ccmp_cbc_mac ( ctx, &nonce, iob->data + hdrlen, datalen, &aad, mic ); - - /* Copy and encrypt data and MIC */ - edata = iob_put ( eiob, datalen ); - emic = iob_put ( eiob, CCMP_MIC_LEN ); - ccmp_ctr_xor ( ctx, &nonce, - iob->data + hdrlen, edata, datalen, - mic, emic ); - - /* Done! */ - DBGC2 ( ctx, "WPA-CCMP %p: encrypted packet %p -> %p\n", ctx, - iob, eiob ); - - return eiob; -} - -/** - * Decrypt a packet using CCMP - * - * @v crypto CCMP cryptosystem - * @v eiob I/O buffer containing encrypted packet - * @ret iob I/O buffer containing cleartext packet - */ -static struct io_buffer * ccmp_decrypt ( struct net80211_crypto *crypto, - struct io_buffer *eiob ) -{ - struct ccmp_ctx *ctx = crypto->priv; - struct ieee80211_frame *hdr; - struct io_buffer *iob; - const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN; - int datalen = iob_len ( eiob ) - hdrlen - CCMP_HEAD_LEN - CCMP_MIC_LEN; - struct ccmp_head *head; - struct ccmp_nonce nonce; - struct ccmp_aad aad; - u8 rx_pn[6], their_mic[8], our_mic[8]; - - iob = alloc_iob ( hdrlen + datalen ); - if ( ! iob ) - return NULL; - - /* Copy frame header */ - memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen ); - hdr = iob->data; - hdr->fc &= ~IEEE80211_FC_PROTECTED; - - /* Check and update RX packet number */ - head = eiob->data + hdrlen; - memcpy ( rx_pn, head->pn_lo, 2 ); - memcpy ( rx_pn + 2, head->pn_hi, 4 ); - - if ( pn_to_u64 ( rx_pn ) <= ctx->rx_seq ) { - DBGC ( ctx, "WPA-CCMP %p: packet received out of order " - "(%012llx <= %012llx)\n", ctx, pn_to_u64 ( rx_pn ), - ctx->rx_seq ); - free_iob ( iob ); - return NULL; - } - - ctx->rx_seq = pn_to_u64 ( rx_pn ); - DBGC2 ( ctx, "WPA-CCMP %p: RX packet number %012llx\n", ctx, ctx->rx_seq ); - - /* Form nonce */ - nonce.prio = 0; - memcpy ( nonce.a2, hdr->addr2, ETH_ALEN ); - u64_to_pn ( ctx->rx_seq, nonce.pn, PN_MSB ); - - /* Form additional authentication data */ - aad.fc = ( hdr->fc & CCMP_AAD_FC_MASK ) | IEEE80211_FC_PROTECTED; - memcpy ( aad.a1, hdr->addr1, 3 * ETH_ALEN ); /* all 3 at once */ - aad.seq = hdr->seq & CCMP_AAD_SEQ_MASK; - - /* Copy-decrypt data and MIC */ - ccmp_ctr_xor ( ctx, &nonce, eiob->data + hdrlen + sizeof ( *head ), - iob_put ( iob, datalen ), datalen, - eiob->tail - CCMP_MIC_LEN, their_mic ); - - /* Check MIC */ - ccmp_cbc_mac ( ctx, &nonce, iob->data + hdrlen, datalen, &aad, - our_mic ); - - if ( memcmp ( their_mic, our_mic, CCMP_MIC_LEN ) != 0 ) { - DBGC2 ( ctx, "WPA-CCMP %p: MIC failure\n", ctx ); - free_iob ( iob ); - return NULL; - } - - DBGC2 ( ctx, "WPA-CCMP %p: decrypted packet %p -> %p\n", ctx, - eiob, iob ); - - return iob; -} - - -/** CCMP cryptosystem */ -struct net80211_crypto ccmp_crypto __net80211_crypto = { - .algorithm = NET80211_CRYPT_CCMP, - .init = ccmp_init, - .encrypt = ccmp_encrypt, - .decrypt = ccmp_decrypt, - .priv_len = sizeof ( struct ccmp_ctx ), -}; - - - - -/** - * Calculate HMAC-SHA1 MIC for EAPOL-Key frame - * - * @v kck Key Confirmation Key, 16 bytes - * @v msg Message to calculate MIC over - * @v len Number of bytes to calculate MIC over - * @ret mic Calculated MIC, 16 bytes long - */ -static void ccmp_kie_mic ( const void *kck, const void *msg, size_t len, - void *mic ) -{ - u8 sha1_ctx[SHA1_CTX_SIZE]; - u8 kckb[16]; - u8 hash[SHA1_DIGEST_SIZE]; - size_t kck_len = 16; - - memcpy ( kckb, kck, kck_len ); - - hmac_init ( &sha1_algorithm, sha1_ctx, kckb, &kck_len ); - hmac_update ( &sha1_algorithm, sha1_ctx, msg, len ); - hmac_final ( &sha1_algorithm, sha1_ctx, kckb, &kck_len, hash ); - - memcpy ( mic, hash, 16 ); -} - -/** - * Decrypt key data in EAPOL-Key frame - * - * @v kek Key Encryption Key, 16 bytes - * @v iv Initialisation vector, 16 bytes (unused) - * @v msg Message to decrypt - * @v len Length of message - * @ret msg Decrypted message in place of original - * @ret len Adjusted downward for 8 bytes of overhead - * @ret rc Return status code - * - * The returned message may still contain padding of 0xDD followed by - * zero or more 0x00 octets. It is impossible to remove the padding - * without parsing the IEs in the packet (another design decision that - * tends to make one question the 802.11i committee's intelligence...) - */ -static int ccmp_kie_decrypt ( const void *kek, const void *iv __unused, - void *msg, u16 *len ) -{ - if ( *len % 8 != 0 ) - return -EINVAL; - - if ( aes_unwrap ( kek, msg, msg, *len / 8 - 1 ) != 0 ) - return -EINVAL; - - *len -= 8; - - return 0; -} - -/** CCMP-style key integrity and encryption handler */ -struct wpa_kie ccmp_kie __wpa_kie = { - .version = EAPOL_KEY_VERSION_WPA2, - .mic = ccmp_kie_mic, - .decrypt = ccmp_kie_decrypt, -}; diff --git a/qemu/roms/ipxe/src/net/80211/wpa_psk.c b/qemu/roms/ipxe/src/net/80211/wpa_psk.c deleted file mode 100644 index 71190b139..000000000 --- a/qemu/roms/ipxe/src/net/80211/wpa_psk.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -FILE_LICENCE ( GPL2_OR_LATER ); - -#include <string.h> -#include <ipxe/net80211.h> -#include <ipxe/sha1.h> -#include <ipxe/wpa.h> -#include <errno.h> - -/** @file - * - * Frontend for WPA using a pre-shared key. - */ - -/** - * Initialise WPA-PSK state - * - * @v dev 802.11 device - * @ret rc Return status code - */ -static int wpa_psk_init ( struct net80211_device *dev ) -{ - return wpa_make_rsn_ie ( dev, &dev->rsn_ie ); -} - -/** - * Start WPA-PSK authentication - * - * @v dev 802.11 device - * @ret rc Return status code - */ -static int wpa_psk_start ( struct net80211_device *dev ) -{ - char passphrase[64+1]; - u8 pmk[WPA_PMK_LEN]; - int len; - struct wpa_common_ctx *ctx = dev->handshaker->priv; - - len = fetch_string_setting ( netdev_settings ( dev->netdev ), - &net80211_key_setting, passphrase, - 64 + 1 ); - - if ( len <= 0 ) { - DBGC ( ctx, "WPA-PSK %p: no passphrase provided!\n", ctx ); - net80211_deauthenticate ( dev, -EACCES ); - return -EACCES; - } - - pbkdf2_sha1 ( passphrase, len, dev->essid, strlen ( dev->essid ), - 4096, pmk, WPA_PMK_LEN ); - - DBGC ( ctx, "WPA-PSK %p: derived PMK from passphrase `%s':\n", ctx, - passphrase ); - DBGC_HD ( ctx, pmk, WPA_PMK_LEN ); - - return wpa_start ( dev, ctx, pmk, WPA_PMK_LEN ); -} - -/** - * Step WPA-PSK authentication - * - * @v dev 802.11 device - * @ret rc Return status code - */ -static int wpa_psk_step ( struct net80211_device *dev ) -{ - struct wpa_common_ctx *ctx = dev->handshaker->priv; - - switch ( ctx->state ) { - case WPA_SUCCESS: - return 1; - case WPA_FAILURE: - return -EACCES; - default: - return 0; - } -} - -/** - * Do-nothing function; you can't change a WPA key post-authentication - * - * @v dev 802.11 device - * @ret rc Return status code - */ -static int wpa_psk_no_change_key ( struct net80211_device *dev __unused ) -{ - return 0; -} - -/** - * Disable handling of received WPA authentication frames - * - * @v dev 802.11 device - */ -static void wpa_psk_stop ( struct net80211_device *dev ) -{ - wpa_stop ( dev ); -} - -/** WPA-PSK security handshaker */ -struct net80211_handshaker wpa_psk_handshaker __net80211_handshaker = { - .protocol = NET80211_SECPROT_PSK, - .init = wpa_psk_init, - .start = wpa_psk_start, - .step = wpa_psk_step, - .change_key = wpa_psk_no_change_key, - .stop = wpa_psk_stop, - .priv_len = sizeof ( struct wpa_common_ctx ), -}; diff --git a/qemu/roms/ipxe/src/net/80211/wpa_tkip.c b/qemu/roms/ipxe/src/net/80211/wpa_tkip.c deleted file mode 100644 index 3b1934b59..000000000 --- a/qemu/roms/ipxe/src/net/80211/wpa_tkip.c +++ /dev/null @@ -1,588 +0,0 @@ -/* - * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -FILE_LICENCE ( GPL2_OR_LATER ); - -#include <string.h> -#include <ipxe/net80211.h> -#include <ipxe/crypto.h> -#include <ipxe/hmac.h> -#include <ipxe/sha1.h> -#include <ipxe/md5.h> -#include <ipxe/crc32.h> -#include <ipxe/arc4.h> -#include <ipxe/wpa.h> -#include <byteswap.h> -#include <errno.h> - -/** @file - * - * Backend for WPA using the TKIP encryption standard. - */ - -/** Context for one direction of TKIP, either encryption or decryption */ -struct tkip_dir_ctx -{ - /** High 32 bits of last sequence counter value used */ - u32 tsc_hi; - - /** Low 32 bits of last sequence counter value used */ - u16 tsc_lo; - - /** MAC address used to derive TTAK */ - u8 mac[ETH_ALEN]; - - /** If TRUE, TTAK is valid */ - u16 ttak_ok; - - /** TKIP-mixed transmit address and key, depends on tsc_hi and MAC */ - u16 ttak[5]; -}; - -/** Context for TKIP encryption and decryption */ -struct tkip_ctx -{ - /** Temporal key to use */ - struct tkip_tk tk; - - /** State for encryption */ - struct tkip_dir_ctx enc; - - /** State for decryption */ - struct tkip_dir_ctx dec; -}; - -/** Header structure at the beginning of TKIP frame data */ -struct tkip_head -{ - u8 tsc1; /**< High byte of low 16 bits of TSC */ - u8 seed1; /**< Second byte of WEP seed */ - u8 tsc0; /**< Low byte of TSC */ - u8 kid; /**< Key ID and ExtIV byte */ - u32 tsc_hi; /**< High 32 bits of TSC, as an ExtIV */ -} __attribute__ (( packed )); - - -/** TKIP header overhead (IV + KID + ExtIV) */ -#define TKIP_HEAD_LEN 8 - -/** TKIP trailer overhead (MIC + ICV) [assumes unfragmented] */ -#define TKIP_FOOT_LEN 12 - -/** TKIP MIC length */ -#define TKIP_MIC_LEN 8 - -/** TKIP ICV length */ -#define TKIP_ICV_LEN 4 - - -/** TKIP S-box */ -static const u16 Sbox[256] = { - 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, - 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A, - 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B, - 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B, - 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F, - 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F, - 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5, - 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F, - 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB, - 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397, - 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED, - 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A, - 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194, - 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3, - 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104, - 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D, - 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39, - 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695, - 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83, - 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76, - 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4, - 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B, - 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0, - 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018, - 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751, - 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85, - 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12, - 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9, - 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7, - 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A, - 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8, - 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, -}; - -/** - * Perform S-box mapping on a 16-bit value - * - * @v v Value to perform S-box mapping on - * @ret Sv S-box mapped value - */ -static inline u16 S ( u16 v ) -{ - return Sbox[v & 0xFF] ^ bswap_16 ( Sbox[v >> 8] ); -} - -/** - * Rotate 16-bit value right - * - * @v v Value to rotate - * @v bits Number of bits to rotate by - * @ret rotv Rotated value - */ -static inline u16 ror16 ( u16 v, int bits ) -{ - return ( v >> bits ) | ( v << ( 16 - bits ) ); -} - -/** - * Rotate 32-bit value right - * - * @v v Value to rotate - * @v bits Number of bits to rotate by - * @ret rotv Rotated value - */ -static inline u32 ror32 ( u32 v, int bits ) -{ - return ( v >> bits ) | ( v << ( 32 - bits ) ); -} - -/** - * Rotate 32-bit value left - * - * @v v Value to rotate - * @v bits Number of bits to rotate by - * @ret rotv Rotated value - */ -static inline u32 rol32 ( u32 v, int bits ) -{ - return ( v << bits ) | ( v >> ( 32 - bits ) ); -} - - -/** - * Initialise TKIP state and install key - * - * @v crypto TKIP cryptosystem structure - * @v key Pointer to tkip_tk to install - * @v keylen Length of key (32 bytes) - * @v rsc Initial receive sequence counter - */ -static int tkip_init ( struct net80211_crypto *crypto, const void *key, - int keylen, const void *rsc ) -{ - struct tkip_ctx *ctx = crypto->priv; - const u8 *rscb = rsc; - - if ( keylen != sizeof ( ctx->tk ) ) - return -EINVAL; - - if ( rscb ) { - ctx->dec.tsc_lo = ( rscb[1] << 8 ) | rscb[0]; - ctx->dec.tsc_hi = ( ( rscb[5] << 24 ) | ( rscb[4] << 16 ) | - ( rscb[3] << 8 ) | rscb[2] ); - } - - memcpy ( &ctx->tk, key, sizeof ( ctx->tk ) ); - - return 0; -} - -/** - * Perform TKIP key mixing, phase 1 - * - * @v dctx TKIP directional context - * @v tk TKIP temporal key - * @v mac MAC address of transmitter - * - * This recomputes the TTAK in @a dctx if necessary, and sets - * @c dctx->ttak_ok. - */ -static void tkip_mix_1 ( struct tkip_dir_ctx *dctx, struct tkip_tk *tk, u8 *mac ) -{ - int i, j; - - if ( dctx->ttak_ok && ! memcmp ( mac, dctx->mac, ETH_ALEN ) ) - return; - - memcpy ( dctx->mac, mac, ETH_ALEN ); - - dctx->ttak[0] = dctx->tsc_hi & 0xFFFF; - dctx->ttak[1] = dctx->tsc_hi >> 16; - dctx->ttak[2] = ( mac[1] << 8 ) | mac[0]; - dctx->ttak[3] = ( mac[3] << 8 ) | mac[2]; - dctx->ttak[4] = ( mac[5] << 8 ) | mac[4]; - - for ( i = 0; i < 8; i++ ) { - j = 2 * ( i & 1 ); - - dctx->ttak[0] += S ( dctx->ttak[4] ^ ( ( tk->key[1 + j] << 8 ) | - tk->key[0 + j] ) ); - dctx->ttak[1] += S ( dctx->ttak[0] ^ ( ( tk->key[5 + j] << 8 ) | - tk->key[4 + j] ) ); - dctx->ttak[2] += S ( dctx->ttak[1] ^ ( ( tk->key[9 + j] << 8 ) | - tk->key[8 + j] ) ); - dctx->ttak[3] += S ( dctx->ttak[2] ^ ( ( tk->key[13+ j] << 8 ) | - tk->key[12+ j] ) ); - dctx->ttak[4] += S ( dctx->ttak[3] ^ ( ( tk->key[1 + j] << 8 ) | - tk->key[0 + j] ) ) + i; - } - - dctx->ttak_ok = 1; -} - -/** - * Perform TKIP key mixing, phase 2 - * - * @v dctx TKIP directional context - * @v tk TKIP temporal key - * @ret key ARC4 key, 16 bytes long - */ -static void tkip_mix_2 ( struct tkip_dir_ctx *dctx, struct tkip_tk *tk, - void *key ) -{ - u8 *kb = key; - u16 ppk[6]; - int i; - - memcpy ( ppk, dctx->ttak, sizeof ( dctx->ttak ) ); - ppk[5] = dctx->ttak[4] + dctx->tsc_lo; - - ppk[0] += S ( ppk[5] ^ ( ( tk->key[1] << 8 ) | tk->key[0] ) ); - ppk[1] += S ( ppk[0] ^ ( ( tk->key[3] << 8 ) | tk->key[2] ) ); - ppk[2] += S ( ppk[1] ^ ( ( tk->key[5] << 8 ) | tk->key[4] ) ); - ppk[3] += S ( ppk[2] ^ ( ( tk->key[7] << 8 ) | tk->key[6] ) ); - ppk[4] += S ( ppk[3] ^ ( ( tk->key[9] << 8 ) | tk->key[8] ) ); - ppk[5] += S ( ppk[4] ^ ( ( tk->key[11] << 8 ) | tk->key[10] ) ); - - ppk[0] += ror16 ( ppk[5] ^ ( ( tk->key[13] << 8 ) | tk->key[12] ), 1 ); - ppk[1] += ror16 ( ppk[0] ^ ( ( tk->key[15] << 8 ) | tk->key[14] ), 1 ); - ppk[2] += ror16 ( ppk[1], 1 ); - ppk[3] += ror16 ( ppk[2], 1 ); - ppk[4] += ror16 ( ppk[3], 1 ); - ppk[5] += ror16 ( ppk[4], 1 ); - - kb[0] = dctx->tsc_lo >> 8; - kb[1] = ( ( dctx->tsc_lo >> 8 ) | 0x20 ) & 0x7F; - kb[2] = dctx->tsc_lo & 0xFF; - kb[3] = ( ( ppk[5] ^ ( ( tk->key[1] << 8 ) | tk->key[0] ) ) >> 1 ) - & 0xFF; - - for ( i = 0; i < 6; i++ ) { - kb[4 + 2*i] = ppk[i] & 0xFF; - kb[5 + 2*i] = ppk[i] >> 8; - } -} - -/** - * Update Michael message integrity code based on next 32-bit word of data - * - * @v V Michael code state (two 32-bit words) - * @v word Next 32-bit word of data - */ -static void tkip_feed_michael ( u32 *V, u32 word ) -{ - V[0] ^= word; - V[1] ^= rol32 ( V[0], 17 ); - V[0] += V[1]; - V[1] ^= ( ( V[0] & 0xFF00FF00 ) >> 8 ) | ( ( V[0] & 0x00FF00FF ) << 8 ); - V[0] += V[1]; - V[1] ^= rol32 ( V[0], 3 ); - V[0] += V[1]; - V[1] ^= ror32 ( V[0], 2 ); - V[0] += V[1]; -} - -/** - * Calculate Michael message integrity code - * - * @v key MIC key to use (8 bytes) - * @v da Destination link-layer address - * @v sa Source link-layer address - * @v data Start of data to calculate over - * @v len Length of header + data - * @ret mic Calculated Michael MIC (8 bytes) - */ -static void tkip_michael ( const void *key, const void *da, const void *sa, - const void *data, size_t len, void *mic ) -{ - u32 V[2]; /* V[0] = "l", V[1] = "r" in 802.11 */ - union { - u8 byte[12]; - u32 word[3]; - } cap; - const u8 *ptr = data; - const u8 *end = ptr + len; - int i; - - memcpy ( V, key, sizeof ( V ) ); - V[0] = le32_to_cpu ( V[0] ); - V[1] = le32_to_cpu ( V[1] ); - - /* Feed in header (we assume non-QoS, so Priority = 0) */ - memcpy ( &cap.byte[0], da, ETH_ALEN ); - memcpy ( &cap.byte[6], sa, ETH_ALEN ); - tkip_feed_michael ( V, le32_to_cpu ( cap.word[0] ) ); - tkip_feed_michael ( V, le32_to_cpu ( cap.word[1] ) ); - tkip_feed_michael ( V, le32_to_cpu ( cap.word[2] ) ); - tkip_feed_michael ( V, 0 ); - - /* Feed in data */ - while ( ptr + 4 <= end ) { - tkip_feed_michael ( V, le32_to_cpu ( *( u32 * ) ptr ) ); - ptr += 4; - } - - /* Add unaligned part and padding */ - for ( i = 0; ptr < end; i++ ) - cap.byte[i] = *ptr++; - cap.byte[i++] = 0x5a; - for ( ; i < 8; i++ ) - cap.byte[i] = 0; - - /* Feed in padding */ - tkip_feed_michael ( V, le32_to_cpu ( cap.word[0] ) ); - tkip_feed_michael ( V, le32_to_cpu ( cap.word[1] ) ); - - /* Output MIC */ - V[0] = cpu_to_le32 ( V[0] ); - V[1] = cpu_to_le32 ( V[1] ); - memcpy ( mic, V, sizeof ( V ) ); -} - -/** - * Encrypt a packet using TKIP - * - * @v crypto TKIP cryptosystem - * @v iob I/O buffer containing cleartext packet - * @ret eiob I/O buffer containing encrypted packet - */ -static struct io_buffer * tkip_encrypt ( struct net80211_crypto *crypto, - struct io_buffer *iob ) -{ - struct tkip_ctx *ctx = crypto->priv; - struct ieee80211_frame *hdr = iob->data; - struct io_buffer *eiob; - struct arc4_ctx arc4; - u8 key[16]; - struct tkip_head head; - u8 mic[8]; - u32 icv; - const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN; - int datalen = iob_len ( iob ) - hdrlen; - - ctx->enc.tsc_lo++; - if ( ctx->enc.tsc_lo == 0 ) { - ctx->enc.tsc_hi++; - ctx->enc.ttak_ok = 0; - } - - tkip_mix_1 ( &ctx->enc, &ctx->tk, hdr->addr2 ); - tkip_mix_2 ( &ctx->enc, &ctx->tk, key ); - - eiob = alloc_iob ( iob_len ( iob ) + TKIP_HEAD_LEN + TKIP_FOOT_LEN ); - if ( ! eiob ) - return NULL; - - /* Copy frame header */ - memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen ); - hdr = eiob->data; - hdr->fc |= IEEE80211_FC_PROTECTED; - - /* Fill in IV and key ID byte, and extended IV */ - memcpy ( &head, key, 3 ); - head.kid = 0x20; /* have Extended IV, key ID 0 */ - head.tsc_hi = cpu_to_le32 ( ctx->enc.tsc_hi ); - memcpy ( iob_put ( eiob, sizeof ( head ) ), &head, sizeof ( head ) ); - - /* Copy and encrypt the data */ - cipher_setkey ( &arc4_algorithm, &arc4, key, 16 ); - cipher_encrypt ( &arc4_algorithm, &arc4, iob->data + hdrlen, - iob_put ( eiob, datalen ), datalen ); - - /* Add MIC */ - hdr = iob->data; - tkip_michael ( &ctx->tk.mic.tx, hdr->addr3, hdr->addr2, - iob->data + hdrlen, datalen, mic ); - cipher_encrypt ( &arc4_algorithm, &arc4, mic, - iob_put ( eiob, sizeof ( mic ) ), sizeof ( mic ) ); - - /* Add ICV */ - icv = crc32_le ( ~0, iob->data + hdrlen, datalen ); - icv = crc32_le ( icv, mic, sizeof ( mic ) ); - icv = cpu_to_le32 ( ~icv ); - cipher_encrypt ( &arc4_algorithm, &arc4, &icv, - iob_put ( eiob, TKIP_ICV_LEN ), TKIP_ICV_LEN ); - - DBGC2 ( ctx, "WPA-TKIP %p: encrypted packet %p -> %p\n", ctx, - iob, eiob ); - - return eiob; -} - -/** - * Decrypt a packet using TKIP - * - * @v crypto TKIP cryptosystem - * @v eiob I/O buffer containing encrypted packet - * @ret iob I/O buffer containing cleartext packet - */ -static struct io_buffer * tkip_decrypt ( struct net80211_crypto *crypto, - struct io_buffer *eiob ) -{ - struct tkip_ctx *ctx = crypto->priv; - struct ieee80211_frame *hdr; - struct io_buffer *iob; - const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN; - int datalen = iob_len ( eiob ) - hdrlen - TKIP_HEAD_LEN - TKIP_FOOT_LEN; - struct tkip_head *head; - struct arc4_ctx arc4; - u16 rx_tsc_lo; - u8 key[16]; - u8 mic[8]; - u32 icv, crc; - - iob = alloc_iob ( hdrlen + datalen + TKIP_FOOT_LEN ); - if ( ! iob ) - return NULL; - - /* Copy frame header */ - memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen ); - hdr = iob->data; - hdr->fc &= ~IEEE80211_FC_PROTECTED; - - /* Check and update TSC */ - head = eiob->data + hdrlen; - rx_tsc_lo = ( head->tsc1 << 8 ) | head->tsc0; - - if ( head->tsc_hi < ctx->dec.tsc_hi || - ( head->tsc_hi == ctx->dec.tsc_hi && - rx_tsc_lo <= ctx->dec.tsc_lo ) ) { - DBGC ( ctx, "WPA-TKIP %p: packet received out of order " - "(%08x:%04x <= %08x:%04x)\n", ctx, head->tsc_hi, - rx_tsc_lo, ctx->dec.tsc_hi, ctx->dec.tsc_lo ); - free_iob ( iob ); - return NULL; - } - ctx->dec.tsc_lo = rx_tsc_lo; - if ( ctx->dec.tsc_hi != head->tsc_hi ) { - ctx->dec.ttak_ok = 0; - ctx->dec.tsc_hi = head->tsc_hi; - } - - /* Calculate key */ - tkip_mix_1 ( &ctx->dec, &ctx->tk, hdr->addr2 ); - tkip_mix_2 ( &ctx->dec, &ctx->tk, key ); - - /* Copy-decrypt data, MIC, ICV */ - cipher_setkey ( &arc4_algorithm, &arc4, key, 16 ); - cipher_decrypt ( &arc4_algorithm, &arc4, - eiob->data + hdrlen + TKIP_HEAD_LEN, - iob_put ( iob, datalen ), datalen + TKIP_FOOT_LEN ); - - /* Check ICV */ - icv = le32_to_cpu ( *( u32 * ) ( iob->tail + TKIP_MIC_LEN ) ); - crc = ~crc32_le ( ~0, iob->data + hdrlen, datalen + TKIP_MIC_LEN ); - if ( crc != icv ) { - DBGC ( ctx, "WPA-TKIP %p CRC mismatch: expect %08x, get %08x\n", - ctx, icv, crc ); - free_iob ( iob ); - return NULL; - } - - /* Check MIC */ - tkip_michael ( &ctx->tk.mic.rx, hdr->addr1, hdr->addr3, - iob->data + hdrlen, datalen, mic ); - if ( memcmp ( mic, iob->tail, TKIP_MIC_LEN ) != 0 ) { - DBGC ( ctx, "WPA-TKIP %p ALERT! MIC failure\n", ctx ); - /* XXX we should do the countermeasures here */ - free_iob ( iob ); - return NULL; - } - - DBGC2 ( ctx, "WPA-TKIP %p: decrypted packet %p -> %p\n", ctx, - eiob, iob ); - - return iob; -} - -/** TKIP cryptosystem */ -struct net80211_crypto tkip_crypto __net80211_crypto = { - .algorithm = NET80211_CRYPT_TKIP, - .init = tkip_init, - .encrypt = tkip_encrypt, - .decrypt = tkip_decrypt, - .priv_len = sizeof ( struct tkip_ctx ), -}; - - - - -/** - * Calculate HMAC-MD5 MIC for EAPOL-Key frame - * - * @v kck Key Confirmation Key, 16 bytes - * @v msg Message to calculate MIC over - * @v len Number of bytes to calculate MIC over - * @ret mic Calculated MIC, 16 bytes long - */ -static void tkip_kie_mic ( const void *kck, const void *msg, size_t len, - void *mic ) -{ - uint8_t ctx[MD5_CTX_SIZE]; - u8 kckb[16]; - size_t kck_len = 16; - - memcpy ( kckb, kck, kck_len ); - - hmac_init ( &md5_algorithm, ctx, kckb, &kck_len ); - hmac_update ( &md5_algorithm, ctx, msg, len ); - hmac_final ( &md5_algorithm, ctx, kckb, &kck_len, mic ); -} - -/** - * Decrypt key data in EAPOL-Key frame - * - * @v kek Key Encryption Key, 16 bytes - * @v iv Initialisation vector, 16 bytes - * @v msg Message to decrypt - * @v len Length of message - * @ret msg Decrypted message in place of original - * @ret len Unchanged - * @ret rc Always 0 for success - */ -static int tkip_kie_decrypt ( const void *kek, const void *iv, - void *msg, u16 *len ) -{ - u8 key[32]; - memcpy ( key, iv, 16 ); - memcpy ( key + 16, kek, 16 ); - - arc4_skip ( key, 32, 256, msg, msg, *len ); - - return 0; -} - - -/** TKIP-style key integrity and encryption handler */ -struct wpa_kie tkip_kie __wpa_kie = { - .version = EAPOL_KEY_VERSION_WPA, - .mic = tkip_kie_mic, - .decrypt = tkip_kie_decrypt, -}; |