summaryrefslogtreecommitdiff
path: root/gpxe/src/net/80211
diff options
context:
space:
mode:
authorH. Peter Anvin <hpa@zytor.com>2016-02-09 18:08:47 -0800
committerH. Peter Anvin <hpa@zytor.com>2016-02-09 18:08:47 -0800
commitf2f897a1762fab84d2905f32b1c15dd7b42abb56 (patch)
treea38f51d3f1fcbf44afddb4736d549c12eaf491be /gpxe/src/net/80211
parent72d2959272b4616f17a97667e6dfa9d06bf109a3 (diff)
downloadsyslinux-f2f897a1762fab84d2905f32b1c15dd7b42abb56.tar.gz
gpxe: delete long since obsolete snapshot of gPXE
gPXE has been deprecated in favor of iPXE for many, many years now. It is much better than users get it directly from the iPXE project, since we should no longer need any special modifications for Syslinux use. Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Diffstat (limited to 'gpxe/src/net/80211')
-rw-r--r--gpxe/src/net/80211/net80211.c2829
-rw-r--r--gpxe/src/net/80211/rc80211.c371
-rw-r--r--gpxe/src/net/80211/sec80211.c503
-rw-r--r--gpxe/src/net/80211/wep.c303
-rw-r--r--gpxe/src/net/80211/wpa.c973
-rw-r--r--gpxe/src/net/80211/wpa_ccmp.c528
-rw-r--r--gpxe/src/net/80211/wpa_psk.c125
-rw-r--r--gpxe/src/net/80211/wpa_tkip.c586
8 files changed, 0 insertions, 6218 deletions
diff --git a/gpxe/src/net/80211/net80211.c b/gpxe/src/net/80211/net80211.c
deleted file mode 100644
index 1c54597f..00000000
--- a/gpxe/src/net/80211/net80211.c
+++ /dev/null
@@ -1,2829 +0,0 @@
-/*
- * The gPXE 802.11 MAC layer.
- *
- * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-FILE_LICENCE ( GPL2_OR_LATER );
-
-#include <string.h>
-#include <byteswap.h>
-#include <stdlib.h>
-#include <gpxe/settings.h>
-#include <gpxe/if_arp.h>
-#include <gpxe/ethernet.h>
-#include <gpxe/ieee80211.h>
-#include <gpxe/netdevice.h>
-#include <gpxe/net80211.h>
-#include <gpxe/sec80211.h>
-#include <gpxe/timer.h>
-#include <gpxe/nap.h>
-#include <unistd.h>
-#include <errno.h>
-
-/** @file
- *
- * 802.11 device management
- */
-
-/* Disambiguate the EINVAL's a bit */
-#define EINVAL_PKT_TOO_SHORT ( EINVAL | EUNIQ_01 )
-#define EINVAL_PKT_VERSION ( EINVAL | EUNIQ_02 )
-#define EINVAL_PKT_NOT_DATA ( EINVAL | EUNIQ_03 )
-#define EINVAL_PKT_NOT_FROMDS ( EINVAL | EUNIQ_04 )
-#define EINVAL_PKT_LLC_HEADER ( EINVAL | EUNIQ_05 )
-#define EINVAL_CRYPTO_REQUEST ( EINVAL | EUNIQ_06 )
-#define EINVAL_ACTIVE_SCAN ( EINVAL | EUNIQ_07 )
-
-/*
- * 802.11 error codes: The AP can give us a status code explaining why
- * authentication failed, or a reason code explaining why we were
- * deauthenticated/disassociated. These codes range from 0-63 (the
- * field is 16 bits wide, but only up to 45 or so are defined yet; we
- * allow up to 63 for extensibility). This is encoded into an error
- * code as such:
- *
- * status & 0x1f goes here --vv--
- * Status code 0-31: ECONNREFUSED | EUNIQ_(status & 0x1f) (0e1a6038)
- * Status code 32-63: EHOSTUNREACH | EUNIQ_(status & 0x1f) (171a6011)
- * Reason code 0-31: ECONNRESET | EUNIQ_(reason & 0x1f) (0f1a6039)
- * Reason code 32-63: ENETRESET | EUNIQ_(reason & 0x1f) (271a6001)
- *
- * The POSIX error codes more or less convey the appropriate message
- * (status codes occur when we can't associate at all, reason codes
- * when we lose association unexpectedly) and let us extract the
- * complete 802.11 error code from the rc value.
- */
-
-/** Make return status code from 802.11 status code */
-#define E80211_STATUS( stat ) ( ((stat & 0x20)? EHOSTUNREACH : ECONNREFUSED) \
- | ((stat & 0x1f) << 8) )
-
-/** Make return status code from 802.11 reason code */
-#define E80211_REASON( reas ) ( ((reas & 0x20)? ENETRESET : ECONNRESET) \
- | ((reas & 0x1f) << 8) )
-
-
-/** List of 802.11 devices */
-static struct list_head net80211_devices = LIST_HEAD_INIT ( net80211_devices );
-
-/** Set of device operations that does nothing */
-static struct net80211_device_operations net80211_null_ops;
-
-/** Information associated with a received management packet
- *
- * This is used to keep beacon signal strengths in a parallel queue to
- * the beacons themselves.
- */
-struct net80211_rx_info {
- int signal;
- struct list_head list;
-};
-
-/** Context for a probe operation */
-struct net80211_probe_ctx {
- /** 802.11 device to probe on */
- struct net80211_device *dev;
-
- /** Value of keep_mgmt before probe was started */
- int old_keep_mgmt;
-
- /** If scanning actively, pointer to probe packet to send */
- struct io_buffer *probe;
-
- /** If non-"", the ESSID to limit ourselves to */
- const char *essid;
-
- /** Time probe was started */
- u32 ticks_start;
-
- /** Time last useful beacon was received */
- u32 ticks_beacon;
-
- /** Time channel was last changed */
- u32 ticks_channel;
-
- /** Time to stay on each channel */
- u32 hop_time;
-
- /** Channels to hop by when changing channel */
- int hop_step;
-
- /** List of best beacons for each network found so far */
- struct list_head *beacons;
-};
-
-/** Context for the association task */
-struct net80211_assoc_ctx {
- /** Next authentication method to try using */
- int method;
-
- /** Time (in ticks) of the last sent association-related packet */
- int last_packet;
-
- /** Number of times we have tried sending it */
- int times_tried;
-};
-
-/**
- * @defgroup net80211_netdev Network device interface functions
- * @{
- */
-static int net80211_netdev_open ( struct net_device *netdev );
-static void net80211_netdev_close ( struct net_device *netdev );
-static int net80211_netdev_transmit ( struct net_device *netdev,
- struct io_buffer *iobuf );
-static void net80211_netdev_poll ( struct net_device *netdev );
-static void net80211_netdev_irq ( struct net_device *netdev, int enable );
-/** @} */
-
-/**
- * @defgroup net80211_linklayer 802.11 link-layer protocol functions
- * @{
- */
-static int net80211_ll_push ( struct net_device *netdev,
- struct io_buffer *iobuf, const void *ll_dest,
- const void *ll_source, uint16_t net_proto );
-static int net80211_ll_pull ( struct net_device *netdev,
- struct io_buffer *iobuf, const void **ll_dest,
- const void **ll_source, uint16_t * net_proto );
-/** @} */
-
-/**
- * @defgroup net80211_help 802.11 helper functions
- * @{
- */
-static void net80211_add_channels ( struct net80211_device *dev, int start,
- int len, int txpower );
-static void net80211_filter_hw_channels ( struct net80211_device *dev );
-static void net80211_set_rtscts_rate ( struct net80211_device *dev );
-static int net80211_process_capab ( struct net80211_device *dev,
- u16 capab );
-static int net80211_process_ie ( struct net80211_device *dev,
- union ieee80211_ie *ie, void *ie_end );
-static union ieee80211_ie *
-net80211_marshal_request_info ( struct net80211_device *dev,
- union ieee80211_ie *ie );
-/** @} */
-
-/**
- * @defgroup net80211_assoc_ll 802.11 association handling functions
- * @{
- */
-static void net80211_step_associate ( struct process *proc );
-static void net80211_handle_auth ( struct net80211_device *dev,
- struct io_buffer *iob );
-static void net80211_handle_assoc_reply ( struct net80211_device *dev,
- struct io_buffer *iob );
-static int net80211_send_disassoc ( struct net80211_device *dev, int reason,
- int deauth );
-static void net80211_handle_mgmt ( struct net80211_device *dev,
- struct io_buffer *iob, int signal );
-/** @} */
-
-/**
- * @defgroup net80211_frag 802.11 fragment handling functions
- * @{
- */
-static void net80211_free_frags ( struct net80211_device *dev, int fcid );
-static struct io_buffer *net80211_accum_frags ( struct net80211_device *dev,
- int fcid, int nfrags, int size );
-static void net80211_rx_frag ( struct net80211_device *dev,
- struct io_buffer *iob, int signal );
-/** @} */
-
-/**
- * @defgroup net80211_settings 802.11 settings handlers
- * @{
- */
-static int net80211_check_settings_update ( void );
-
-/** 802.11 settings applicator
- *
- * When the SSID is changed, this will cause any open devices to
- * re-associate; when the encryption key is changed, we similarly
- * update their state.
- */
-struct settings_applicator net80211_applicator __settings_applicator = {
- .apply = net80211_check_settings_update,
-};
-
-/** The network name to associate with
- *
- * If this is blank, we scan for all networks and use the one with the
- * greatest signal strength.
- */
-struct setting net80211_ssid_setting __setting = {
- .name = "ssid",
- .description = "802.11 SSID (network name)",
- .type = &setting_type_string,
-};
-
-/** Whether to use active scanning
- *
- * In order to associate with a hidden SSID, it's necessary to use an
- * active scan (send probe packets). If this setting is nonzero, an
- * active scan on the 2.4GHz band will be used to associate.
- */
-struct setting net80211_active_setting __setting = {
- .name = "active-scan",
- .description = "Use an active scan during 802.11 association",
- .type = &setting_type_int8,
-};
-
-/** The cryptographic key to use
- *
- * For hex WEP keys, as is common, this must be entered using the
- * normal gPXE method for entering hex settings; an ASCII string of
- * hex characters will not behave as expected.
- */
-struct setting net80211_key_setting __setting = {
- .name = "key",
- .description = "Encryption key for protected 802.11 networks",
- .type = &setting_type_string,
-};
-
-/** @} */
-
-
-/* ---------- net_device wrapper ---------- */
-
-/**
- * Open 802.11 device and start association
- *
- * @v netdev Wrapping network device
- * @ret rc Return status code
- *
- * This sets up a default conservative set of channels for probing,
- * and starts the auto-association task unless the @c
- * NET80211_NO_ASSOC flag is set in the wrapped 802.11 device's @c
- * state field.
- */
-static int net80211_netdev_open ( struct net_device *netdev )
-{
- struct net80211_device *dev = netdev->priv;
- int rc = 0;
-
- if ( dev->op == &net80211_null_ops )
- return -EFAULT;
-
- if ( dev->op->open )
- rc = dev->op->open ( dev );
-
- if ( rc < 0 )
- return rc;
-
- if ( ! ( dev->state & NET80211_NO_ASSOC ) )
- net80211_autoassociate ( dev );
-
- return 0;
-}
-
-/**
- * Close 802.11 device
- *
- * @v netdev Wrapping network device.
- *
- * If the association task is running, this will stop it.
- */
-static void net80211_netdev_close ( struct net_device *netdev )
-{
- struct net80211_device *dev = netdev->priv;
-
- if ( dev->state & NET80211_WORKING )
- process_del ( &dev->proc_assoc );
-
- /* Send disassociation frame to AP, to be polite */
- if ( dev->state & NET80211_ASSOCIATED )
- net80211_send_disassoc ( dev, IEEE80211_REASON_LEAVING, 0 );
-
- if ( dev->handshaker && dev->handshaker->stop &&
- dev->handshaker->started )
- dev->handshaker->stop ( dev );
-
- free ( dev->crypto );
- free ( dev->handshaker );
- dev->crypto = NULL;
- dev->handshaker = NULL;
-
- netdev_link_down ( netdev );
- dev->state = 0;
-
- if ( dev->op->close )
- dev->op->close ( dev );
-}
-
-/**
- * Transmit packet on 802.11 device
- *
- * @v netdev Wrapping network device
- * @v iobuf I/O buffer
- * @ret rc Return status code
- *
- * If encryption is enabled for the currently associated network, the
- * packet will be encrypted prior to transmission.
- */
-static int net80211_netdev_transmit ( struct net_device *netdev,
- struct io_buffer *iobuf )
-{
- struct net80211_device *dev = netdev->priv;
- struct ieee80211_frame *hdr = iobuf->data;
- int rc = -ENOSYS;
-
- if ( dev->crypto && ! ( hdr->fc & IEEE80211_FC_PROTECTED ) &&
- ( ( hdr->fc & IEEE80211_FC_TYPE ) == IEEE80211_TYPE_DATA ) ) {
- struct io_buffer *niob = dev->crypto->encrypt ( dev->crypto,
- iobuf );
- if ( ! niob )
- return -ENOMEM; /* only reason encryption could fail */
-
- /* Free the non-encrypted iob */
- netdev_tx_complete ( netdev, iobuf );
-
- /* Transmit the encrypted iob; the Protected flag is
- set, so we won't recurse into here again */
- netdev_tx ( netdev, niob );
-
- /* Don't transmit the freed packet */
- return 0;
- }
-
- if ( dev->op->transmit )
- rc = dev->op->transmit ( dev, iobuf );
-
- return rc;
-}
-
-/**
- * Poll 802.11 device for received packets and completed transmissions
- *
- * @v netdev Wrapping network device
- */
-static void net80211_netdev_poll ( struct net_device *netdev )
-{
- struct net80211_device *dev = netdev->priv;
-
- if ( dev->op->poll )
- dev->op->poll ( dev );
-}
-
-/**
- * Enable or disable interrupts for 802.11 device
- *
- * @v netdev Wrapping network device
- * @v enable Whether to enable interrupts
- */
-static void net80211_netdev_irq ( struct net_device *netdev, int enable )
-{
- struct net80211_device *dev = netdev->priv;
-
- if ( dev->op->irq )
- dev->op->irq ( dev, enable );
-}
-
-/** Network device operations for a wrapped 802.11 device */
-static struct net_device_operations net80211_netdev_ops = {
- .open = net80211_netdev_open,
- .close = net80211_netdev_close,
- .transmit = net80211_netdev_transmit,
- .poll = net80211_netdev_poll,
- .irq = net80211_netdev_irq,
-};
-
-
-/* ---------- 802.11 link-layer protocol ---------- */
-
-/** 802.11 broadcast MAC address */
-static u8 net80211_ll_broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-
-/**
- * Determine whether a transmission rate uses ERP/OFDM
- *
- * @v rate Rate in 100 kbps units
- * @ret is_erp TRUE if the rate is an ERP/OFDM rate
- *
- * 802.11b supports rates of 1.0, 2.0, 5.5, and 11.0 Mbps; any other
- * rate than these on the 2.4GHz spectrum is an ERP (802.11g) rate.
- */
-static inline int net80211_rate_is_erp ( u16 rate )
-{
- if ( rate == 10 || rate == 20 || rate == 55 || rate == 110 )
- return 0;
- return 1;
-}
-
-
-/**
- * Calculate one frame's contribution to 802.11 duration field
- *
- * @v dev 802.11 device
- * @v bytes Amount of data to calculate duration for
- * @ret dur Duration field in microseconds
- *
- * To avoid multiple stations attempting to transmit at once, 802.11
- * provides that every packet shall include a duration field
- * specifying a length of time for which the wireless medium will be
- * reserved after it is transmitted. The duration is measured in
- * microseconds and is calculated with respect to the current
- * physical-layer parameters of the 802.11 device.
- *
- * For an unfragmented data or management frame, or the last fragment
- * of a fragmented frame, the duration captures only the 10 data bytes
- * of one ACK; call once with bytes = 10.
- *
- * For a fragment of a data or management rame that will be followed
- * by more fragments, the duration captures an ACK, the following
- * fragment, and its ACK; add the results of three calls, two with
- * bytes = 10 and one with bytes set to the next fragment's size.
- *
- * For an RTS control frame, the duration captures the responding CTS,
- * the frame being sent, and its ACK; add the results of three calls,
- * two with bytes = 10 and one with bytes set to the next frame's size
- * (assuming unfragmented).
- *
- * For a CTS-to-self control frame, the duration captures the frame
- * being protected and its ACK; add the results of two calls, one with
- * bytes = 10 and one with bytes set to the next frame's size.
- *
- * No other frame types are currently supported by gPXE.
- */
-u16 net80211_duration ( struct net80211_device *dev, int bytes, u16 rate )
-{
- struct net80211_channel *chan = &dev->channels[dev->channel];
- u32 kbps = rate * 100;
-
- if ( chan->band == NET80211_BAND_5GHZ || net80211_rate_is_erp ( rate ) ) {
- /* OFDM encoding (802.11a/g) */
- int bits_per_symbol = ( kbps * 4 ) / 1000; /* 4us/symbol */
- int bits = 22 + ( bytes << 3 ); /* 22-bit PLCP */
- int symbols = ( bits + bits_per_symbol - 1 ) / bits_per_symbol;
-
- return 16 + 20 + ( symbols * 4 ); /* 16us SIFS, 20us preamble */
- } else {
- /* CCK encoding (802.11b) */
- int phy_time = 144 + 48; /* preamble + PLCP */
- int bits = bytes << 3;
- int data_time = ( bits * 1000 + kbps - 1 ) / kbps;
-
- if ( dev->phy_flags & NET80211_PHY_USE_SHORT_PREAMBLE )
- phy_time >>= 1;
-
- return 10 + phy_time + data_time; /* 10us SIFS */
- }
-}
-
-/**
- * Add 802.11 link-layer header
- *
- * @v netdev Wrapping network device
- * @v iobuf I/O buffer
- * @v ll_dest Link-layer destination address
- * @v ll_source Link-layer source address
- * @v net_proto Network-layer protocol, in network byte order
- * @ret rc Return status code
- *
- * This adds both the 802.11 frame header and the 802.2 LLC/SNAP
- * header used on data packets.
- *
- * We also check here for state of the link that would make it invalid
- * to send a data packet; every data packet must pass through here,
- * and no non-data packet (e.g. management frame) should.
- */
-static int net80211_ll_push ( struct net_device *netdev,
- struct io_buffer *iobuf, const void *ll_dest,
- const void *ll_source, uint16_t net_proto )
-{
- struct net80211_device *dev = netdev->priv;
- struct ieee80211_frame *hdr = iob_push ( iobuf,
- IEEE80211_LLC_HEADER_LEN +
- IEEE80211_TYP_FRAME_HEADER_LEN );
- struct ieee80211_llc_snap_header *lhdr =
- ( void * ) hdr + IEEE80211_TYP_FRAME_HEADER_LEN;
-
- /* We can't send data packets if we're not associated. */
- if ( ! ( dev->state & NET80211_ASSOCIATED ) ) {
- if ( dev->assoc_rc )
- return dev->assoc_rc;
- return -ENETUNREACH;
- }
-
- hdr->fc = IEEE80211_THIS_VERSION | IEEE80211_TYPE_DATA |
- IEEE80211_STYPE_DATA | IEEE80211_FC_TODS;
-
- /* We don't send fragmented frames, so duration is the time
- for an SIFS + 10-byte ACK. */
- hdr->duration = net80211_duration ( dev, 10, dev->rates[dev->rate] );
-
- memcpy ( hdr->addr1, dev->bssid, ETH_ALEN );
- memcpy ( hdr->addr2, ll_source, ETH_ALEN );
- memcpy ( hdr->addr3, ll_dest, ETH_ALEN );
-
- hdr->seq = IEEE80211_MAKESEQ ( ++dev->last_tx_seqnr, 0 );
-
- lhdr->dsap = IEEE80211_LLC_DSAP;
- lhdr->ssap = IEEE80211_LLC_SSAP;
- lhdr->ctrl = IEEE80211_LLC_CTRL;
- memset ( lhdr->oui, 0x00, 3 );
- lhdr->ethertype = net_proto;
-
- return 0;
-}
-
-/**
- * Remove 802.11 link-layer header
- *
- * @v netdev Wrapping network device
- * @v iobuf I/O buffer
- * @ret ll_dest Link-layer destination address
- * @ret ll_source Link-layer source
- * @ret net_proto Network-layer protocol, in network byte order
- * @ret rc Return status code
- *
- * This expects and removes both the 802.11 frame header and the 802.2
- * LLC/SNAP header that are used on data packets.
- */
-static int net80211_ll_pull ( struct net_device *netdev __unused,
- struct io_buffer *iobuf,
- const void **ll_dest, const void **ll_source,
- uint16_t * net_proto )
-{
- struct ieee80211_frame *hdr = iobuf->data;
- struct ieee80211_llc_snap_header *lhdr =
- ( void * ) hdr + IEEE80211_TYP_FRAME_HEADER_LEN;
-
- /* Bunch of sanity checks */
- if ( iob_len ( iobuf ) < IEEE80211_TYP_FRAME_HEADER_LEN +
- IEEE80211_LLC_HEADER_LEN ) {
- DBGC ( netdev->priv, "802.11 %p packet too short (%zd bytes)\n",
- netdev->priv, iob_len ( iobuf ) );
- return -EINVAL_PKT_TOO_SHORT;
- }
-
- if ( ( hdr->fc & IEEE80211_FC_VERSION ) != IEEE80211_THIS_VERSION ) {
- DBGC ( netdev->priv, "802.11 %p packet invalid version %04x\n",
- netdev->priv, hdr->fc & IEEE80211_FC_VERSION );
- return -EINVAL_PKT_VERSION;
- }
-
- if ( ( hdr->fc & IEEE80211_FC_TYPE ) != IEEE80211_TYPE_DATA ||
- ( hdr->fc & IEEE80211_FC_SUBTYPE ) != IEEE80211_STYPE_DATA ) {
- DBGC ( netdev->priv, "802.11 %p packet not data/data (fc=%04x)\n",
- netdev->priv, hdr->fc );
- return -EINVAL_PKT_NOT_DATA;
- }
-
- if ( ( hdr->fc & ( IEEE80211_FC_TODS | IEEE80211_FC_FROMDS ) ) !=
- IEEE80211_FC_FROMDS ) {
- DBGC ( netdev->priv, "802.11 %p packet not from DS (fc=%04x)\n",
- netdev->priv, hdr->fc );
- return -EINVAL_PKT_NOT_FROMDS;
- }
-
- if ( lhdr->dsap != IEEE80211_LLC_DSAP || lhdr->ssap != IEEE80211_LLC_SSAP ||
- lhdr->ctrl != IEEE80211_LLC_CTRL || lhdr->oui[0] || lhdr->oui[1] ||
- lhdr->oui[2] ) {
- DBGC ( netdev->priv, "802.11 %p LLC header is not plain EtherType "
- "encapsulator: %02x->%02x [%02x] %02x:%02x:%02x %04x\n",
- netdev->priv, lhdr->dsap, lhdr->ssap, lhdr->ctrl,
- lhdr->oui[0], lhdr->oui[1], lhdr->oui[2], lhdr->ethertype );
- return -EINVAL_PKT_LLC_HEADER;
- }
-
- iob_pull ( iobuf, sizeof ( *hdr ) + sizeof ( *lhdr ) );
-
- *ll_dest = hdr->addr1;
- *ll_source = hdr->addr3;
- *net_proto = lhdr->ethertype;
- return 0;
-}
-
-/** 802.11 link-layer protocol */
-static struct ll_protocol net80211_ll_protocol __ll_protocol = {
- .name = "802.11",
- .push = net80211_ll_push,
- .pull = net80211_ll_pull,
- .init_addr = eth_init_addr,
- .ntoa = eth_ntoa,
- .mc_hash = eth_mc_hash,
- .eth_addr = eth_eth_addr,
- .ll_proto = htons ( ARPHRD_ETHER ), /* "encapsulated Ethernet" */
- .hw_addr_len = ETH_ALEN,
- .ll_addr_len = ETH_ALEN,
- .ll_header_len = IEEE80211_TYP_FRAME_HEADER_LEN +
- IEEE80211_LLC_HEADER_LEN,
-};
-
-
-/* ---------- 802.11 network management API ---------- */
-
-/**
- * Get 802.11 device from wrapping network device
- *
- * @v netdev Wrapping network device
- * @ret dev 802.11 device wrapped by network device, or NULL
- *
- * Returns NULL if the network device does not wrap an 802.11 device.
- */
-struct net80211_device * net80211_get ( struct net_device *netdev )
-{
- struct net80211_device *dev;
-
- list_for_each_entry ( dev, &net80211_devices, list ) {
- if ( netdev->priv == dev )
- return netdev->priv;
- }
-
- return NULL;
-}
-
-/**
- * Set state of 802.11 device keeping management frames
- *
- * @v dev 802.11 device
- * @v enable Whether to keep management frames
- * @ret oldenab Whether management frames were enabled before this call
- *
- * If enable is TRUE, beacon, probe, and action frames will be kept
- * and may be retrieved by calling net80211_mgmt_dequeue().
- */
-int net80211_keep_mgmt ( struct net80211_device *dev, int enable )
-{
- int oldenab = dev->keep_mgmt;
-
- dev->keep_mgmt = enable;
- return oldenab;
-}
-
-/**
- * Get 802.11 management frame
- *
- * @v dev 802.11 device
- * @ret signal Signal strength of returned management frame
- * @ret iob I/O buffer, or NULL if no management frame is queued
- *
- * Frames will only be returned by this function if
- * net80211_keep_mgmt() has been previously called with enable set to
- * TRUE.
- *
- * The calling function takes ownership of the returned I/O buffer.
- */
-struct io_buffer * net80211_mgmt_dequeue ( struct net80211_device *dev,
- int *signal )
-{
- struct io_buffer *iobuf;
- struct net80211_rx_info *rxi;
-
- list_for_each_entry ( rxi, &dev->mgmt_info_queue, list ) {
- list_del ( &rxi->list );
- if ( signal )
- *signal = rxi->signal;
- free ( rxi );
-
- list_for_each_entry ( iobuf, &dev->mgmt_queue, list ) {
- list_del ( &iobuf->list );
- return iobuf;
- }
- assert ( 0 );
- }
-
- return NULL;
-}
-
-/**
- * Transmit 802.11 management frame
- *
- * @v dev 802.11 device
- * @v fc Frame Control flags for management frame
- * @v dest Destination access point
- * @v iob I/O buffer
- * @ret rc Return status code
- *
- * The @a fc argument must contain at least an IEEE 802.11 management
- * subtype number (e.g. IEEE80211_STYPE_PROBE_REQ). If it contains
- * IEEE80211_FC_PROTECTED, the frame will be encrypted prior to
- * transmission.
- *
- * It is required that @a iob have at least 24 bytes of headroom
- * reserved before its data start.
- */
-int net80211_tx_mgmt ( struct net80211_device *dev, u16 fc, u8 dest[6],
- struct io_buffer *iob )
-{
- struct ieee80211_frame *hdr = iob_push ( iob,
- IEEE80211_TYP_FRAME_HEADER_LEN );
-
- hdr->fc = IEEE80211_THIS_VERSION | IEEE80211_TYPE_MGMT |
- ( fc & ~IEEE80211_FC_PROTECTED );
- hdr->duration = net80211_duration ( dev, 10, dev->rates[dev->rate] );
- hdr->seq = IEEE80211_MAKESEQ ( ++dev->last_tx_seqnr, 0 );
-
- memcpy ( hdr->addr1, dest, ETH_ALEN ); /* DA = RA */
- memcpy ( hdr->addr2, dev->netdev->ll_addr, ETH_ALEN ); /* SA = TA */
- memcpy ( hdr->addr3, dest, ETH_ALEN ); /* BSSID */
-
- if ( fc & IEEE80211_FC_PROTECTED ) {
- if ( ! dev->crypto )
- return -EINVAL_CRYPTO_REQUEST;
-
- struct io_buffer *eiob = dev->crypto->encrypt ( dev->crypto,
- iob );
- free_iob ( iob );
- iob = eiob;
- }
-
- return netdev_tx ( dev->netdev, iob );
-}
-
-
-/* ---------- Driver API ---------- */
-
-/**
- * Allocate 802.11 device
- *
- * @v priv_size Size of driver-private allocation area
- * @ret dev Newly allocated 802.11 device
- *
- * This function allocates a net_device with space in its private area
- * for both the net80211_device it will wrap and the driver-private
- * data space requested. It initializes the link-layer-specific parts
- * of the net_device, and links the net80211_device to the net_device
- * appropriately.
- */
-struct net80211_device * net80211_alloc ( size_t priv_size )
-{
- struct net80211_device *dev;
- struct net_device *netdev =
- alloc_netdev ( sizeof ( *dev ) + priv_size );
-
- if ( ! netdev )
- return NULL;
-
- netdev->ll_protocol = &net80211_ll_protocol;
- netdev->ll_broadcast = net80211_ll_broadcast;
- netdev->max_pkt_len = IEEE80211_MAX_DATA_LEN;
- netdev_init ( netdev, &net80211_netdev_ops );
-
- dev = netdev->priv;
- dev->netdev = netdev;
- dev->priv = ( u8 * ) dev + sizeof ( *dev );
- dev->op = &net80211_null_ops;
-
- process_init_stopped ( &dev->proc_assoc, net80211_step_associate,
- &netdev->refcnt );
- INIT_LIST_HEAD ( &dev->mgmt_queue );
- INIT_LIST_HEAD ( &dev->mgmt_info_queue );
-
- return dev;
-}
-
-/**
- * Register 802.11 device with network stack
- *
- * @v dev 802.11 device
- * @v ops 802.11 device operations
- * @v hw 802.11 hardware information
- *
- * This also registers the wrapping net_device with the higher network
- * layers.
- */
-int net80211_register ( struct net80211_device *dev,
- struct net80211_device_operations *ops,
- struct net80211_hw_info *hw )
-{
- dev->op = ops;
- dev->hw = malloc ( sizeof ( *hw ) );
- if ( ! dev->hw )
- return -ENOMEM;
-
- memcpy ( dev->hw, hw, sizeof ( *hw ) );
- memcpy ( dev->netdev->hw_addr, hw->hwaddr, ETH_ALEN );
-
- /* Set some sensible channel defaults for driver's open() function */
- memcpy ( dev->channels, dev->hw->channels,
- NET80211_MAX_CHANNELS * sizeof ( dev->channels[0] ) );
- dev->channel = 0;
-
- list_add_tail ( &dev->list, &net80211_devices );
- return register_netdev ( dev->netdev );
-}
-
-/**
- * Unregister 802.11 device from network stack
- *
- * @v dev 802.11 device
- *
- * After this call, the device operations are cleared so that they
- * will not be called.
- */
-void net80211_unregister ( struct net80211_device *dev )
-{
- unregister_netdev ( dev->netdev );
- list_del ( &dev->list );
- dev->op = &net80211_null_ops;
-}
-
-/**
- * Free 802.11 device
- *
- * @v dev 802.11 device
- *
- * The device should be unregistered before this function is called.
- */
-void net80211_free ( struct net80211_device *dev )
-{
- free ( dev->hw );
- rc80211_free ( dev->rctl );
- netdev_nullify ( dev->netdev );
- netdev_put ( dev->netdev );
-}
-
-
-/* ---------- 802.11 network management workhorse code ---------- */
-
-/**
- * Set state of 802.11 device
- *
- * @v dev 802.11 device
- * @v clear Bitmask of flags to clear
- * @v set Bitmask of flags to set
- * @v status Status or reason code for most recent operation
- *
- * If @a status represents a reason code, it should be OR'ed with
- * NET80211_IS_REASON.
- *
- * Clearing authentication also clears association; clearing
- * association also clears security handshaking state. Clearing
- * association removes the link-up flag from the wrapping net_device,
- * but setting it does not automatically set the flag; that is left to
- * the judgment of higher-level code.
- */
-static inline void net80211_set_state ( struct net80211_device *dev,
- short clear, short set,
- u16 status )
-{
- /* The conditions in this function are deliberately formulated
- to be decidable at compile-time in most cases. Since clear
- and set are generally passed as constants, the body of this
- function can be reduced down to a few statements by the
- compiler. */
-
- const int statmsk = NET80211_STATUS_MASK | NET80211_IS_REASON;
-
- if ( clear & NET80211_PROBED )
- clear |= NET80211_AUTHENTICATED;
-
- if ( clear & NET80211_AUTHENTICATED )
- clear |= NET80211_ASSOCIATED;
-
- if ( clear & NET80211_ASSOCIATED )
- clear |= NET80211_CRYPTO_SYNCED;
-
- dev->state = ( dev->state & ~clear ) | set;
- dev->state = ( dev->state & ~statmsk ) | ( status & statmsk );
-
- if ( clear & NET80211_ASSOCIATED )
- netdev_link_down ( dev->netdev );
-
- if ( ( clear | set ) & NET80211_ASSOCIATED )
- dev->op->config ( dev, NET80211_CFG_ASSOC );
-
- if ( status != 0 ) {
- if ( status & NET80211_IS_REASON )
- dev->assoc_rc = -E80211_REASON ( status );
- else
- dev->assoc_rc = -E80211_STATUS ( status );
- netdev_link_err ( dev->netdev, dev->assoc_rc );
- }
-}
-
-/**
- * Add channels to 802.11 device
- *
- * @v dev 802.11 device
- * @v start First channel number to add
- * @v len Number of channels to add
- * @v txpower TX power (dBm) to allow on added channels
- *
- * To replace the current list of channels instead of adding to it,
- * set the nr_channels field of the 802.11 device to 0 before calling
- * this function.
- */
-static void net80211_add_channels ( struct net80211_device *dev, int start,
- int len, int txpower )
-{
- int i, chan = start;
-
- for ( i = dev->nr_channels; len-- && i < NET80211_MAX_CHANNELS; i++ ) {
- dev->channels[i].channel_nr = chan;
- dev->channels[i].maxpower = txpower;
- dev->channels[i].hw_value = 0;
-
- if ( chan >= 1 && chan <= 14 ) {
- dev->channels[i].band = NET80211_BAND_2GHZ;
- if ( chan == 14 )
- dev->channels[i].center_freq = 2484;
- else
- dev->channels[i].center_freq = 2407 + 5 * chan;
- chan++;
- } else {
- dev->channels[i].band = NET80211_BAND_5GHZ;
- dev->channels[i].center_freq = 5000 + 5 * chan;
- chan += 4;
- }
- }
-
- dev->nr_channels = i;
-}
-
-/**
- * Filter 802.11 device channels for hardware capabilities
- *
- * @v dev 802.11 device
- *
- * Hardware may support fewer channels than regulatory restrictions
- * allow; this function filters out channels in dev->channels that are
- * not supported by the hardware list in dev->hwinfo. It also copies
- * over the net80211_channel::hw_value and limits maximum TX power
- * appropriately.
- *
- * Channels are matched based on center frequency, ignoring band and
- * channel number.
- *
- * If the driver specifies no supported channels, the effect will be
- * as though all were supported.
- */
-static void net80211_filter_hw_channels ( struct net80211_device *dev )
-{
- int delta = 0, i = 0;
- int old_freq = dev->channels[dev->channel].center_freq;
- struct net80211_channel *chan, *hwchan;
-
- if ( ! dev->hw->nr_channels )
- return;
-
- dev->channel = 0;
- for ( chan = dev->channels; chan < dev->channels + dev->nr_channels;
- chan++, i++ ) {
- int ok = 0;
- for ( hwchan = dev->hw->channels;
- hwchan < dev->hw->channels + dev->hw->nr_channels;
- hwchan++ ) {
- if ( hwchan->center_freq == chan->center_freq ) {
- ok = 1;
- break;
- }
- }
-
- if ( ! ok )
- delta++;
- else {
- chan->hw_value = hwchan->hw_value;
- if ( hwchan->maxpower != 0 &&
- chan->maxpower > hwchan->maxpower )
- chan->maxpower = hwchan->maxpower;
- if ( old_freq == chan->center_freq )
- dev->channel = i - delta;
- if ( delta )
- chan[-delta] = *chan;
- }
- }
-
- dev->nr_channels -= delta;
-
- if ( dev->channels[dev->channel].center_freq != old_freq )
- dev->op->config ( dev, NET80211_CFG_CHANNEL );
-}
-
-/**
- * Update 802.11 device state to reflect received capabilities field
- *
- * @v dev 802.11 device
- * @v capab Capabilities field in beacon, probe, or association frame
- * @ret rc Return status code
- */
-static int net80211_process_capab ( struct net80211_device *dev,
- u16 capab )
-{
- u16 old_phy = dev->phy_flags;
-
- if ( ( capab & ( IEEE80211_CAPAB_MANAGED | IEEE80211_CAPAB_ADHOC ) ) !=
- IEEE80211_CAPAB_MANAGED ) {
- DBGC ( dev, "802.11 %p cannot handle IBSS network\n", dev );
- return -ENOSYS;
- }
-
- dev->phy_flags &= ~( NET80211_PHY_USE_SHORT_PREAMBLE |
- NET80211_PHY_USE_SHORT_SLOT );
-
- if ( capab & IEEE80211_CAPAB_SHORT_PMBL )
- dev->phy_flags |= NET80211_PHY_USE_SHORT_PREAMBLE;
-
- if ( capab & IEEE80211_CAPAB_SHORT_SLOT )
- dev->phy_flags |= NET80211_PHY_USE_SHORT_SLOT;
-
- if ( old_phy != dev->phy_flags )
- dev->op->config ( dev, NET80211_CFG_PHY_PARAMS );
-
- return 0;
-}
-
-/**
- * Update 802.11 device state to reflect received information elements
- *
- * @v dev 802.11 device
- * @v ie Pointer to first information element
- * @v ie_end Pointer to tail of packet I/O buffer
- * @ret rc Return status code
- */
-static int net80211_process_ie ( struct net80211_device *dev,
- union ieee80211_ie *ie, void *ie_end )
-{
- u16 old_rate = dev->rates[dev->rate];
- u16 old_phy = dev->phy_flags;
- int have_rates = 0, i;
- int ds_channel = 0;
- int changed = 0;
- int band = dev->channels[dev->channel].band;
-
- if ( ! ieee80211_ie_bound ( ie, ie_end ) )
- return 0;
-
- for ( ; ie; ie = ieee80211_next_ie ( ie, ie_end ) ) {
- switch ( ie->id ) {
- case IEEE80211_IE_SSID:
- if ( ie->len <= 32 ) {
- memcpy ( dev->essid, ie->ssid, ie->len );
- dev->essid[ie->len] = 0;
- }
- break;
-
- case IEEE80211_IE_RATES:
- case IEEE80211_IE_EXT_RATES:
- if ( ! have_rates ) {
- dev->nr_rates = 0;
- dev->basic_rates = 0;
- have_rates = 1;
- }
- for ( i = 0; i < ie->len &&
- dev->nr_rates < NET80211_MAX_RATES; i++ ) {
- u8 rid = ie->rates[i];
- u16 rate = ( rid & 0x7f ) * 5;
-
- if ( rid & 0x80 )
- dev->basic_rates |=
- ( 1 << dev->nr_rates );
-
- dev->rates[dev->nr_rates++] = rate;
- }
-
- break;
-
- case IEEE80211_IE_DS_PARAM:
- if ( dev->channel < dev->nr_channels && ds_channel ==
- dev->channels[dev->channel].channel_nr )
- break;
- ds_channel = ie->ds_param.current_channel;
- net80211_change_channel ( dev, ds_channel );
- break;
-
- case IEEE80211_IE_COUNTRY:
- dev->nr_channels = 0;
-
- DBGC ( dev, "802.11 %p setting country regulations "
- "for %c%c\n", dev, ie->country.name[0],
- ie->country.name[1] );
- for ( i = 0; i < ( ie->len - 3 ) / 3; i++ ) {
- union ieee80211_ie_country_triplet *t =
- &ie->country.triplet[i];
- if ( t->first > 200 ) {
- DBGC ( dev, "802.11 %p ignoring regulatory "
- "extension information\n", dev );
- } else {
- net80211_add_channels ( dev,
- t->band.first_channel,
- t->band.nr_channels,
- t->band.max_txpower );
- }
- }
- net80211_filter_hw_channels ( dev );
- break;
-
- case IEEE80211_IE_ERP_INFO:
- dev->phy_flags &= ~( NET80211_PHY_USE_PROTECTION |
- NET80211_PHY_USE_SHORT_PREAMBLE );
- if ( ie->erp_info & IEEE80211_ERP_USE_PROTECTION )
- dev->phy_flags |= NET80211_PHY_USE_PROTECTION;
- if ( ! ( ie->erp_info & IEEE80211_ERP_BARKER_LONG ) )
- dev->phy_flags |= NET80211_PHY_USE_SHORT_PREAMBLE;
- break;
- }
- }
-
- if ( have_rates ) {
- /* Allow only those rates that are also supported by
- the hardware. */
- int delta = 0, j;
-
- dev->rate = 0;
- for ( i = 0; i < dev->nr_rates; i++ ) {
- int ok = 0;
- for ( j = 0; j < dev->hw->nr_rates[band]; j++ ) {
- if ( dev->hw->rates[band][j] == dev->rates[i] ){
- ok = 1;
- break;
- }
- }
-
- if ( ! ok )
- delta++;
- else {
- dev->rates[i - delta] = dev->rates[i];
- if ( old_rate == dev->rates[i] )
- dev->rate = i - delta;
- }
- }
-
- dev->nr_rates -= delta;
-
- /* Sort available rates - sorted subclumps tend to already
- exist, so insertion sort works well. */
- for ( i = 1; i < dev->nr_rates; i++ ) {
- u16 rate = dev->rates[i];
- u32 tmp, br, mask;
-
- for ( j = i - 1; j >= 0 && dev->rates[j] >= rate; j-- )
- dev->rates[j + 1] = dev->rates[j];
- dev->rates[j + 1] = rate;
-
- /* Adjust basic_rates to match by rotating the
- bits from bit j+1 to bit i left one position. */
- mask = ( ( 1 << i ) - 1 ) & ~( ( 1 << ( j + 1 ) ) - 1 );
- br = dev->basic_rates;
- tmp = br & ( 1 << i );
- br = ( br & ~( mask | tmp ) ) | ( ( br & mask ) << 1 );
- br |= ( tmp >> ( i - j - 1 ) );
- dev->basic_rates = br;
- }
-
- net80211_set_rtscts_rate ( dev );
-
- if ( dev->rates[dev->rate] != old_rate )
- changed |= NET80211_CFG_RATE;
- }
-
- if ( dev->hw->flags & NET80211_HW_NO_SHORT_PREAMBLE )
- dev->phy_flags &= ~NET80211_PHY_USE_SHORT_PREAMBLE;
- if ( dev->hw->flags & NET80211_HW_NO_SHORT_SLOT )
- dev->phy_flags &= ~NET80211_PHY_USE_SHORT_SLOT;
-
- if ( old_phy != dev->phy_flags )
- changed |= NET80211_CFG_PHY_PARAMS;
-
- if ( changed )
- dev->op->config ( dev, changed );
-
- return 0;
-}
-
-/**
- * Create information elements for outgoing probe or association packet
- *
- * @v dev 802.11 device
- * @v ie Pointer to start of information element area
- * @ret next_ie Pointer to first byte after added information elements
- */
-static union ieee80211_ie *
-net80211_marshal_request_info ( struct net80211_device *dev,
- union ieee80211_ie *ie )
-{
- int i;
-
- ie->id = IEEE80211_IE_SSID;
- ie->len = strlen ( dev->essid );
- memcpy ( ie->ssid, dev->essid, ie->len );
-
- ie = ieee80211_next_ie ( ie, NULL );
-
- ie->id = IEEE80211_IE_RATES;
- ie->len = dev->nr_rates;
- if ( ie->len > 8 )
- ie->len = 8;
-
- for ( i = 0; i < ie->len; i++ ) {
- ie->rates[i] = dev->rates[i] / 5;
- if ( dev->basic_rates & ( 1 << i ) )
- ie->rates[i] |= 0x80;
- }
-
- ie = ieee80211_next_ie ( ie, NULL );
-
- if ( dev->rsn_ie && dev->rsn_ie->id == IEEE80211_IE_RSN ) {
- memcpy ( ie, dev->rsn_ie, dev->rsn_ie->len + 2 );
- ie = ieee80211_next_ie ( ie, NULL );
- }
-
- if ( dev->nr_rates > 8 ) {
- /* 802.11 requires we use an Extended Basic Rates IE
- for the rates beyond the eighth. */
-
- ie->id = IEEE80211_IE_EXT_RATES;
- ie->len = dev->nr_rates - 8;
-
- for ( ; i < dev->nr_rates; i++ ) {
- ie->rates[i - 8] = dev->rates[i] / 5;
- if ( dev->basic_rates & ( 1 << i ) )
- ie->rates[i - 8] |= 0x80;
- }
-
- ie = ieee80211_next_ie ( ie, NULL );
- }
-
- if ( dev->rsn_ie && dev->rsn_ie->id == IEEE80211_IE_VENDOR ) {
- memcpy ( ie, dev->rsn_ie, dev->rsn_ie->len + 2 );
- ie = ieee80211_next_ie ( ie, NULL );
- }
-
- return ie;
-}
-
-/** Seconds to wait after finding a network, to possibly find better APs for it
- *
- * This is used when a specific SSID to scan for is specified.
- */
-#define NET80211_PROBE_GATHER 1
-
-/** Seconds to wait after finding a network, to possibly find other networks
- *
- * This is used when an empty SSID is specified, to scan for all
- * networks.
- */
-#define NET80211_PROBE_GATHER_ALL 2
-
-/** Seconds to allow a probe to take if no network has been found */
-#define NET80211_PROBE_TIMEOUT 6
-
-/**
- * Begin probe of 802.11 networks
- *
- * @v dev 802.11 device
- * @v essid SSID to probe for, or "" to accept any (may not be NULL)
- * @v active Whether to use active scanning
- * @ret ctx Probe context
- *
- * Active scanning may only be used on channels 1-11 in the 2.4GHz
- * band, due to gPXE's lack of a complete regulatory database. If
- * active scanning is used, probe packets will be sent on each
- * channel; this can allow association with hidden-SSID networks if
- * the SSID is properly specified.
- *
- * A @c NULL return indicates an out-of-memory condition.
- *
- * The returned context must be periodically passed to
- * net80211_probe_step() until that function returns zero.
- */
-struct net80211_probe_ctx * net80211_probe_start ( struct net80211_device *dev,
- const char *essid,
- int active )
-{
- struct net80211_probe_ctx *ctx = zalloc ( sizeof ( *ctx ) );
-
- if ( ! ctx )
- return NULL;
-
- assert ( dev->netdev->state & NETDEV_OPEN );
-
- ctx->dev = dev;
- ctx->old_keep_mgmt = net80211_keep_mgmt ( dev, 1 );
- ctx->essid = essid;
- if ( dev->essid != ctx->essid )
- strcpy ( dev->essid, ctx->essid );
-
- if ( active ) {
- struct ieee80211_probe_req *probe_req;
- union ieee80211_ie *ie;
-
- ctx->probe = alloc_iob ( 128 );
- iob_reserve ( ctx->probe, IEEE80211_TYP_FRAME_HEADER_LEN );
- probe_req = ctx->probe->data;
-
- ie = net80211_marshal_request_info ( dev,
- probe_req->info_element );
-
- iob_put ( ctx->probe, ( void * ) ie - ctx->probe->data );
- }
-
- ctx->ticks_start = currticks();
- ctx->ticks_beacon = 0;
- ctx->ticks_channel = currticks();
- ctx->hop_time = ticks_per_sec() / ( active ? 2 : 6 );
-
- /*
- * Channels on 2.4GHz overlap, and the most commonly used
- * are 1, 6, and 11. We'll get a result faster if we check
- * every 5 channels, but in order to hit all of them the
- * number of channels must be relatively prime to 5. If it's
- * not, tweak the hop.
- */
- ctx->hop_step = 5;
- while ( dev->nr_channels % ctx->hop_step == 0 && ctx->hop_step > 1 )
- ctx->hop_step--;
-
- ctx->beacons = malloc ( sizeof ( *ctx->beacons ) );
- INIT_LIST_HEAD ( ctx->beacons );
-
- dev->channel = 0;
- dev->op->config ( dev, NET80211_CFG_CHANNEL );
-
- return ctx;
-}
-
-/**
- * Continue probe of 802.11 networks
- *
- * @v ctx Probe context returned by net80211_probe_start()
- * @ret rc Probe status
- *
- * The return code will be 0 if the probe is still going on (and this
- * function should be called again), a positive number if the probe
- * completed successfully, or a negative error code if the probe
- * failed for that reason.
- *
- * Whether the probe succeeded or failed, you must call
- * net80211_probe_finish_all() or net80211_probe_finish_best()
- * (depending on whether you want information on all networks or just
- * the best-signal one) in order to release the probe context. A
- * failed probe may still have acquired some valid data.
- */
-int net80211_probe_step ( struct net80211_probe_ctx *ctx )
-{
- struct net80211_device *dev = ctx->dev;
- u32 start_timeout = NET80211_PROBE_TIMEOUT * ticks_per_sec();
- u32 gather_timeout = ticks_per_sec();
- u32 now = currticks();
- struct io_buffer *iob;
- int signal;
- int rc;
- char ssid[IEEE80211_MAX_SSID_LEN + 1];
-
- gather_timeout *= ( ctx->essid[0] ? NET80211_PROBE_GATHER :
- NET80211_PROBE_GATHER_ALL );
-
- /* Time out if necessary */
- if ( now >= ctx->ticks_start + start_timeout )
- return list_empty ( ctx->beacons ) ? -ETIMEDOUT : +1;
-
- if ( ctx->ticks_beacon > 0 && now >= ctx->ticks_start + gather_timeout )
- return +1;
-
- /* Change channels if necessary */
- if ( now >= ctx->ticks_channel + ctx->hop_time ) {
- dev->channel = ( dev->channel + ctx->hop_step )
- % dev->nr_channels;
- dev->op->config ( dev, NET80211_CFG_CHANNEL );
- udelay ( dev->hw->channel_change_time );
-
- ctx->ticks_channel = now;
-
- if ( ctx->probe ) {
- struct io_buffer *siob = ctx->probe; /* to send */
-
- /* make a copy for future use */
- iob = alloc_iob ( siob->tail - siob->head );
- iob_reserve ( iob, iob_headroom ( siob ) );
- memcpy ( iob_put ( iob, iob_len ( siob ) ),
- siob->data, iob_len ( siob ) );
-
- ctx->probe = iob;
- rc = net80211_tx_mgmt ( dev, IEEE80211_STYPE_PROBE_REQ,
- net80211_ll_broadcast,
- iob_disown ( siob ) );
- if ( rc ) {
- DBGC ( dev, "802.11 %p send probe failed: "
- "%s\n", dev, strerror ( rc ) );
- return rc;
- }
- }
- }
-
- /* Check for new management packets */
- while ( ( iob = net80211_mgmt_dequeue ( dev, &signal ) ) != NULL ) {
- struct ieee80211_frame *hdr;
- struct ieee80211_beacon *beacon;
- union ieee80211_ie *ie;
- struct net80211_wlan *wlan;
- u16 type;
-
- hdr = iob->data;
- type = hdr->fc & IEEE80211_FC_SUBTYPE;
- beacon = ( struct ieee80211_beacon * ) hdr->data;
-
- if ( type != IEEE80211_STYPE_BEACON &&
- type != IEEE80211_STYPE_PROBE_RESP ) {
- DBGC2 ( dev, "802.11 %p probe: non-beacon\n", dev );
- goto drop;
- }
-
- if ( ( void * ) beacon->info_element >= iob->tail ) {
- DBGC ( dev, "802.11 %p probe: beacon with no IEs\n",
- dev );
- goto drop;
- }
-
- ie = beacon->info_element;
-
- if ( ! ieee80211_ie_bound ( ie, iob->tail ) )
- ie = NULL;
-
- while ( ie && ie->id != IEEE80211_IE_SSID )
- ie = ieee80211_next_ie ( ie, iob->tail );
-
- if ( ! ie ) {
- DBGC ( dev, "802.11 %p probe: beacon with no SSID\n",
- dev );
- goto drop;
- }
-
- memcpy ( ssid, ie->ssid, ie->len );
- ssid[ie->len] = 0;
-
- if ( ctx->essid[0] && strcmp ( ctx->essid, ssid ) != 0 ) {
- DBGC2 ( dev, "802.11 %p probe: beacon with wrong SSID "
- "(%s)\n", dev, ssid );
- goto drop;
- }
-
- /* See if we've got an entry for this network */
- list_for_each_entry ( wlan, ctx->beacons, list ) {
- if ( strcmp ( wlan->essid, ssid ) != 0 )
- continue;
-
- if ( signal < wlan->signal ) {
- DBGC2 ( dev, "802.11 %p probe: beacon for %s "
- "(%s) with weaker signal %d\n", dev,
- ssid, eth_ntoa ( hdr->addr3 ), signal );
- goto drop;
- }
-
- goto fill;
- }
-
- /* No entry yet - make one */
- wlan = zalloc ( sizeof ( *wlan ) );
- strcpy ( wlan->essid, ssid );
- list_add_tail ( &wlan->list, ctx->beacons );
-
- /* Whether we're using an old entry or a new one, fill
- it with new data. */
- fill:
- memcpy ( wlan->bssid, hdr->addr3, ETH_ALEN );
- wlan->signal = signal;
- wlan->channel = dev->channels[dev->channel].channel_nr;
-
- /* Copy this I/O buffer into a new wlan->beacon; the
- * iob we've got probably came from the device driver
- * and may have the full 2.4k allocation, which we
- * don't want to keep around wasting memory.
- */
- free_iob ( wlan->beacon );
- wlan->beacon = alloc_iob ( iob_len ( iob ) );
- memcpy ( iob_put ( wlan->beacon, iob_len ( iob ) ),
- iob->data, iob_len ( iob ) );
-
- if ( ( rc = sec80211_detect ( wlan->beacon, &wlan->handshaking,
- &wlan->crypto ) ) == -ENOTSUP ) {
- struct ieee80211_beacon *beacon =
- ( struct ieee80211_beacon * ) hdr->data;
-
- if ( beacon->capability & IEEE80211_CAPAB_PRIVACY ) {
- DBG ( "802.11 %p probe: secured network %s but "
- "encryption support not compiled in\n",
- dev, wlan->essid );
- wlan->handshaking = NET80211_SECPROT_UNKNOWN;
- wlan->crypto = NET80211_CRYPT_UNKNOWN;
- } else {
- wlan->handshaking = NET80211_SECPROT_NONE;
- wlan->crypto = NET80211_CRYPT_NONE;
- }
- } else if ( rc != 0 ) {
- DBGC ( dev, "802.11 %p probe warning: network "
- "%s with unidentifiable security "
- "settings: %s\n", dev, wlan->essid,
- strerror ( rc ) );
- }
-
- ctx->ticks_beacon = now;
-
- DBGC2 ( dev, "802.11 %p probe: good beacon for %s (%s)\n",
- dev, wlan->essid, eth_ntoa ( wlan->bssid ) );
-
- drop:
- free_iob ( iob );
- }
-
- return 0;
-}
-
-
-/**
- * Finish probe of 802.11 networks, returning best-signal network found
- *
- * @v ctx Probe context
- * @ret wlan Best-signal network found, or @c NULL if none were found
- *
- * If net80211_probe_start() was called with a particular SSID
- * parameter as filter, only a network with that SSID (matching
- * case-sensitively) can be returned from this function.
- */
-struct net80211_wlan *
-net80211_probe_finish_best ( struct net80211_probe_ctx *ctx )
-{
- struct net80211_wlan *best = NULL, *wlan;
-
- if ( ! ctx )
- return NULL;
-
- list_for_each_entry ( wlan, ctx->beacons, list ) {
- if ( ! best || best->signal < wlan->signal )
- best = wlan;
- }
-
- if ( best )
- list_del ( &best->list );
- else
- DBGC ( ctx->dev, "802.11 %p probe: found nothing for '%s'\n",
- ctx->dev, ctx->essid );
-
- net80211_free_wlanlist ( ctx->beacons );
-
- net80211_keep_mgmt ( ctx->dev, ctx->old_keep_mgmt );
-
- if ( ctx->probe )
- free_iob ( ctx->probe );
-
- free ( ctx );
-
- return best;
-}
-
-
-/**
- * Finish probe of 802.11 networks, returning all networks found
- *
- * @v ctx Probe context
- * @ret list List of net80211_wlan detailing networks found
- *
- * If net80211_probe_start() was called with a particular SSID
- * parameter as filter, this will always return either an empty or a
- * one-element list.
- */
-struct list_head *net80211_probe_finish_all ( struct net80211_probe_ctx *ctx )
-{
- struct list_head *beacons = ctx->beacons;
-
- if ( ! ctx )
- return NULL;
-
- net80211_keep_mgmt ( ctx->dev, ctx->old_keep_mgmt );
-
- if ( ctx->probe )
- free_iob ( ctx->probe );
-
- free ( ctx );
-
- return beacons;
-}
-
-
-/**
- * Free WLAN structure
- *
- * @v wlan WLAN structure to free
- */
-void net80211_free_wlan ( struct net80211_wlan *wlan )
-{
- if ( wlan ) {
- free_iob ( wlan->beacon );
- free ( wlan );
- }
-}
-
-
-/**
- * Free list of WLAN structures
- *
- * @v list List of WLAN structures to free
- */
-void net80211_free_wlanlist ( struct list_head *list )
-{
- struct net80211_wlan *wlan, *tmp;
-
- if ( ! list )
- return;
-
- list_for_each_entry_safe ( wlan, tmp, list, list ) {
- list_del ( &wlan->list );
- net80211_free_wlan ( wlan );
- }
-
- free ( list );
-}
-
-
-/** Number of ticks to wait for replies to association management frames */
-#define ASSOC_TIMEOUT TICKS_PER_SEC
-
-/** Number of times to try sending a particular association management frame */
-#define ASSOC_RETRIES 2
-
-/**
- * Step 802.11 association process
- *
- * @v proc Association process
- */
-static void net80211_step_associate ( struct process *proc )
-{
- struct net80211_device *dev =
- container_of ( proc, struct net80211_device, proc_assoc );
- int rc = 0;
- int status = dev->state & NET80211_STATUS_MASK;
-
- /*
- * We use a sort of state machine implemented using bits in
- * the dev->state variable. At each call, we take the
- * logically first step that has not yet succeeded; either it
- * has not been tried yet, it's being retried, or it failed.
- * If it failed, we return an error indication; otherwise we
- * perform the step. If it succeeds, RX handling code will set
- * the appropriate status bit for us.
- *
- * Probe works a bit differently, since we have to step it
- * on every call instead of waiting for a packet to arrive
- * that will set the completion bit for us.
- */
-
- /* If we're waiting for a reply, check for timeout condition */
- if ( dev->state & NET80211_WAITING ) {
- /* Sanity check */
- if ( ! dev->associating )
- return;
-
- if ( currticks() - dev->ctx.assoc->last_packet > ASSOC_TIMEOUT ) {
- /* Timed out - fail if too many retries, or retry */
- dev->ctx.assoc->times_tried++;
- if ( ++dev->ctx.assoc->times_tried > ASSOC_RETRIES ) {
- rc = -ETIMEDOUT;
- goto fail;
- }
- } else {
- /* Didn't time out - let it keep going */
- return;
- }
- } else {
- if ( dev->state & NET80211_PROBED )
- dev->ctx.assoc->times_tried = 0;
- }
-
- if ( ! ( dev->state & NET80211_PROBED ) ) {
- /* state: probe */
-
- if ( ! dev->ctx.probe ) {
- /* start probe */
- int active = fetch_intz_setting ( NULL,
- &net80211_active_setting );
- int band = dev->hw->bands;
-
- if ( active )
- band &= ~NET80211_BAND_BIT_5GHZ;
-
- rc = net80211_prepare_probe ( dev, band, active );
- if ( rc )
- goto fail;
-
- dev->ctx.probe = net80211_probe_start ( dev, dev->essid,
- active );
- if ( ! dev->ctx.probe ) {
- dev->assoc_rc = -ENOMEM;
- goto fail;
- }
- }
-
- rc = net80211_probe_step ( dev->ctx.probe );
- if ( ! rc ) {
- return; /* still going */
- }
-
- dev->associating = net80211_probe_finish_best ( dev->ctx.probe );
- dev->ctx.probe = NULL;
- if ( ! dev->associating ) {
- if ( rc > 0 ) /* "successful" probe found nothing */
- rc = -ETIMEDOUT;
- goto fail;
- }
-
- /* If we probed using a broadcast SSID, record that
- fact for the settings applicator before we clobber
- it with the specific SSID we've chosen. */
- if ( ! dev->essid[0] )
- dev->state |= NET80211_AUTO_SSID;
-
- DBGC ( dev, "802.11 %p found network %s (%s)\n", dev,
- dev->associating->essid,
- eth_ntoa ( dev->associating->bssid ) );
-
- dev->ctx.assoc = zalloc ( sizeof ( *dev->ctx.assoc ) );
- if ( ! dev->ctx.assoc ) {
- rc = -ENOMEM;
- goto fail;
- }
-
- dev->state |= NET80211_PROBED;
- dev->ctx.assoc->method = IEEE80211_AUTH_OPEN_SYSTEM;
-
- return;
- }
-
- /* Record time of sending the packet we're about to send, for timeout */
- dev->ctx.assoc->last_packet = currticks();
-
- if ( ! ( dev->state & NET80211_AUTHENTICATED ) ) {
- /* state: prepare and authenticate */
-
- if ( status != IEEE80211_STATUS_SUCCESS ) {
- /* we tried authenticating already, but failed */
- int method = dev->ctx.assoc->method;
-
- if ( method == IEEE80211_AUTH_OPEN_SYSTEM &&
- ( status == IEEE80211_STATUS_AUTH_CHALL_INVALID ||
- status == IEEE80211_STATUS_AUTH_ALGO_UNSUPP ) ) {
- /* Maybe this network uses Shared Key? */
- dev->ctx.assoc->method =
- IEEE80211_AUTH_SHARED_KEY;
- } else {
- goto fail;
- }
- }
-
- DBGC ( dev, "802.11 %p authenticating with method %d\n", dev,
- dev->ctx.assoc->method );
-
- rc = net80211_prepare_assoc ( dev, dev->associating );
- if ( rc )
- goto fail;
-
- rc = net80211_send_auth ( dev, dev->associating,
- dev->ctx.assoc->method );
- if ( rc )
- goto fail;
-
- return;
- }
-
- if ( ! ( dev->state & NET80211_ASSOCIATED ) ) {
- /* state: associate */
-
- if ( status != IEEE80211_STATUS_SUCCESS )
- goto fail;
-
- DBGC ( dev, "802.11 %p associating\n", dev );
-
- if ( dev->handshaker && dev->handshaker->start &&
- ! dev->handshaker->started ) {
- rc = dev->handshaker->start ( dev );
- if ( rc < 0 )
- goto fail;
- dev->handshaker->started = 1;
- }
-
- rc = net80211_send_assoc ( dev, dev->associating );
- if ( rc )
- goto fail;
-
- return;
- }
-
- if ( ! ( dev->state & NET80211_CRYPTO_SYNCED ) ) {
- /* state: crypto sync */
- DBGC ( dev, "802.11 %p security handshaking\n", dev );
-
- if ( ! dev->handshaker || ! dev->handshaker->step ) {
- dev->state |= NET80211_CRYPTO_SYNCED;
- return;
- }
-
- rc = dev->handshaker->step ( dev );
-
- if ( rc < 0 ) {
- /* Only record the returned error if we're
- still marked as associated, because an
- asynchronous error will have already been
- reported to net80211_deauthenticate() and
- assoc_rc thereby set. */
- if ( dev->state & NET80211_ASSOCIATED )
- dev->assoc_rc = rc;
- rc = 0;
- goto fail;
- }
-
- if ( rc > 0 ) {
- dev->assoc_rc = 0;
- dev->state |= NET80211_CRYPTO_SYNCED;
- }
- return;
- }
-
- /* state: done! */
- netdev_link_up ( dev->netdev );
- dev->assoc_rc = 0;
- dev->state &= ~NET80211_WORKING;
-
- free ( dev->ctx.assoc );
- dev->ctx.assoc = NULL;
-
- net80211_free_wlan ( dev->associating );
- dev->associating = NULL;
-
- dev->rctl = rc80211_init ( dev );
-
- process_del ( proc );
-
- DBGC ( dev, "802.11 %p associated with %s (%s)\n", dev,
- dev->essid, eth_ntoa ( dev->bssid ) );
-
- return;
-
- fail:
- dev->state &= ~( NET80211_WORKING | NET80211_WAITING );
- if ( rc )
- dev->assoc_rc = rc;
-
- netdev_link_err ( dev->netdev, dev->assoc_rc );
-
- /* We never reach here from the middle of a probe, so we don't
- need to worry about freeing dev->ctx.probe. */
-
- if ( dev->state & NET80211_PROBED ) {
- free ( dev->ctx.assoc );
- dev->ctx.assoc = NULL;
- }
-
- net80211_free_wlan ( dev->associating );
- dev->associating = NULL;
-
- process_del ( proc );
-
- DBGC ( dev, "802.11 %p association failed (state=%04x): "
- "%s\n", dev, dev->state, strerror ( dev->assoc_rc ) );
-
- /* Try it again: */
- net80211_autoassociate ( dev );
-}
-
-/**
- * Check for 802.11 SSID or key updates
- *
- * This acts as a settings applicator; if the user changes netX/ssid,
- * and netX is currently open, the association task will be invoked
- * again. If the user changes the encryption key, the current security
- * handshaker will be asked to update its state to match; if that is
- * impossible without reassociation, we reassociate.
- */
-static int net80211_check_settings_update ( void )
-{
- struct net80211_device *dev;
- char ssid[IEEE80211_MAX_SSID_LEN + 1];
- int key_reassoc;
-
- list_for_each_entry ( dev, &net80211_devices, list ) {
- if ( ! ( dev->netdev->state & NETDEV_OPEN ) )
- continue;
-
- key_reassoc = 0;
- if ( dev->handshaker && dev->handshaker->change_key &&
- dev->handshaker->change_key ( dev ) < 0 )
- key_reassoc = 1;
-
- fetch_string_setting ( netdev_settings ( dev->netdev ),
- &net80211_ssid_setting, ssid,
- IEEE80211_MAX_SSID_LEN + 1 );
-
- if ( key_reassoc ||
- ( ! ( ! ssid[0] && ( dev->state & NET80211_AUTO_SSID ) ) &&
- strcmp ( ssid, dev->essid ) != 0 ) ) {
- DBGC ( dev, "802.11 %p updating association: "
- "%s -> %s\n", dev, dev->essid, ssid );
- net80211_autoassociate ( dev );
- }
- }
-
- return 0;
-}
-
-/**
- * Start 802.11 association process
- *
- * @v dev 802.11 device
- *
- * If the association process is running, it will be restarted.
- */
-void net80211_autoassociate ( struct net80211_device *dev )
-{
- if ( ! ( dev->state & NET80211_WORKING ) ) {
- DBGC2 ( dev, "802.11 %p spawning association process\n", dev );
- process_add ( &dev->proc_assoc );
- } else {
- DBGC2 ( dev, "802.11 %p restarting association\n", dev );
- }
-
- /* Clean up everything an earlier association process might
- have been in the middle of using */
- if ( dev->associating )
- net80211_free_wlan ( dev->associating );
-
- if ( ! ( dev->state & NET80211_PROBED ) )
- net80211_free_wlan (
- net80211_probe_finish_best ( dev->ctx.probe ) );
- else
- free ( dev->ctx.assoc );
-
- /* Reset to a clean state */
- fetch_string_setting ( netdev_settings ( dev->netdev ),
- &net80211_ssid_setting, dev->essid,
- IEEE80211_MAX_SSID_LEN + 1 );
- dev->ctx.probe = NULL;
- dev->associating = NULL;
- dev->assoc_rc = 0;
- net80211_set_state ( dev, NET80211_PROBED, NET80211_WORKING, 0 );
-}
-
-/**
- * Pick TX rate for RTS/CTS packets based on data rate
- *
- * @v dev 802.11 device
- *
- * The RTS/CTS rate is the fastest TX rate marked as "basic" that is
- * not faster than the data rate.
- */
-static void net80211_set_rtscts_rate ( struct net80211_device *dev )
-{
- u16 datarate = dev->rates[dev->rate];
- u16 rtsrate = 0;
- int rts_idx = -1;
- int i;
-
- for ( i = 0; i < dev->nr_rates; i++ ) {
- u16 rate = dev->rates[i];
-
- if ( ! ( dev->basic_rates & ( 1 << i ) ) || rate > datarate )
- continue;
-
- if ( rate > rtsrate ) {
- rtsrate = rate;
- rts_idx = i;
- }
- }
-
- /* If this is in initialization, we might not have any basic
- rates; just use the first data rate in that case. */
- if ( rts_idx < 0 )
- rts_idx = 0;
-
- dev->rtscts_rate = rts_idx;
-}
-
-/**
- * Set data transmission rate for 802.11 device
- *
- * @v dev 802.11 device
- * @v rate Rate to set, as index into @c dev->rates array
- */
-void net80211_set_rate_idx ( struct net80211_device *dev, int rate )
-{
- assert ( dev->netdev->state & NETDEV_OPEN );
-
- if ( rate >= 0 && rate < dev->nr_rates && rate != dev->rate ) {
- DBGC2 ( dev, "802.11 %p changing rate from %d->%d Mbps\n",
- dev, dev->rates[dev->rate] / 10,
- dev->rates[rate] / 10 );
-
- dev->rate = rate;
- net80211_set_rtscts_rate ( dev );
- dev->op->config ( dev, NET80211_CFG_RATE );
- }
-}
-
-/**
- * Configure 802.11 device to transmit on a certain channel
- *
- * @v dev 802.11 device
- * @v channel Channel number (1-11 for 2.4GHz) to transmit on
- */
-int net80211_change_channel ( struct net80211_device *dev, int channel )
-{
- int i, oldchan = dev->channel;
-
- assert ( dev->netdev->state & NETDEV_OPEN );
-
- for ( i = 0; i < dev->nr_channels; i++ ) {
- if ( dev->channels[i].channel_nr == channel ) {
- dev->channel = i;
- break;
- }
- }
-
- if ( i == dev->nr_channels )
- return -ENOENT;
-
- if ( i != oldchan )
- return dev->op->config ( dev, NET80211_CFG_CHANNEL );
-
- return 0;
-}
-
-/**
- * Prepare 802.11 device channel and rate set for scanning
- *
- * @v dev 802.11 device
- * @v band RF band(s) on which to prepare for scanning
- * @v active Whether the scanning will be active
- * @ret rc Return status code
- */
-int net80211_prepare_probe ( struct net80211_device *dev, int band,
- int active )
-{
- assert ( dev->netdev->state & NETDEV_OPEN );
-
- if ( active && ( band & NET80211_BAND_BIT_5GHZ ) ) {
- DBGC ( dev, "802.11 %p cannot perform active scanning on "
- "5GHz band\n", dev );
- return -EINVAL_ACTIVE_SCAN;
- }
-
- if ( band == 0 ) {
- /* This can happen for a 5GHz-only card with 5GHz
- scanning masked out by an active request. */
- DBGC ( dev, "802.11 %p asked to prepare for scanning nothing\n",
- dev );
- return -EINVAL_ACTIVE_SCAN;
- }
-
- dev->nr_channels = 0;
-
- if ( active )
- net80211_add_channels ( dev, 1, 11, NET80211_REG_TXPOWER );
- else {
- if ( band & NET80211_BAND_BIT_2GHZ )
- net80211_add_channels ( dev, 1, 14,
- NET80211_REG_TXPOWER );
- if ( band & NET80211_BAND_BIT_5GHZ )
- net80211_add_channels ( dev, 36, 8,
- NET80211_REG_TXPOWER );
- }
-
- net80211_filter_hw_channels ( dev );
-
- /* Use channel 1 for now */
- dev->channel = 0;
- dev->op->config ( dev, NET80211_CFG_CHANNEL );
-
- /* Always do active probes at lowest (presumably first) speed */
- dev->rate = 0;
- dev->nr_rates = 1;
- dev->rates[0] = dev->hw->rates[dev->channels[0].band][0];
- dev->op->config ( dev, NET80211_CFG_RATE );
-
- return 0;
-}
-
-/**
- * Prepare 802.11 device channel and rate set for communication
- *
- * @v dev 802.11 device
- * @v wlan WLAN to prepare for communication with
- * @ret rc Return status code
- */
-int net80211_prepare_assoc ( struct net80211_device *dev,
- struct net80211_wlan *wlan )
-{
- struct ieee80211_frame *hdr = wlan->beacon->data;
- struct ieee80211_beacon *beacon =
- ( struct ieee80211_beacon * ) hdr->data;
- struct net80211_handshaker *handshaker;
- int rc;
-
- assert ( dev->netdev->state & NETDEV_OPEN );
-
- net80211_set_state ( dev, NET80211_ASSOCIATED, 0, 0 );
- memcpy ( dev->bssid, wlan->bssid, ETH_ALEN );
- strcpy ( dev->essid, wlan->essid );
-
- free ( dev->rsn_ie );
- dev->rsn_ie = NULL;
-
- dev->last_beacon_timestamp = beacon->timestamp;
- dev->tx_beacon_interval = 1024 * beacon->beacon_interval;
-
- /* Barring an IE that tells us the channel outright, assume
- the channel we heard this AP best on is the channel it's
- communicating on. */
- net80211_change_channel ( dev, wlan->channel );
-
- rc = net80211_process_capab ( dev, beacon->capability );
- if ( rc )
- return rc;
-
- rc = net80211_process_ie ( dev, beacon->info_element,
- wlan->beacon->tail );
- if ( rc )
- return rc;
-
- /* Associate at the lowest rate so we know it'll get through */
- dev->rate = 0;
- dev->op->config ( dev, NET80211_CFG_RATE );
-
- /* Free old handshaker and crypto, if they exist */
- if ( dev->handshaker && dev->handshaker->stop &&
- dev->handshaker->started )
- dev->handshaker->stop ( dev );
- free ( dev->handshaker );
- dev->handshaker = NULL;
- free ( dev->crypto );
- free ( dev->gcrypto );
- dev->crypto = dev->gcrypto = NULL;
-
- /* Find new security handshaker to use */
- for_each_table_entry ( handshaker, NET80211_HANDSHAKERS ) {
- if ( handshaker->protocol == wlan->handshaking ) {
- dev->handshaker = zalloc ( sizeof ( *handshaker ) +
- handshaker->priv_len );
- if ( ! dev->handshaker )
- return -ENOMEM;
-
- memcpy ( dev->handshaker, handshaker,
- sizeof ( *handshaker ) );
- dev->handshaker->priv = ( ( void * ) dev->handshaker +
- sizeof ( *handshaker ) );
- break;
- }
- }
-
- if ( ( wlan->handshaking != NET80211_SECPROT_NONE ) &&
- ! dev->handshaker ) {
- DBGC ( dev, "802.11 %p no support for handshaking scheme %d\n",
- dev, wlan->handshaking );
- return -( ENOTSUP | ( wlan->handshaking << 8 ) );
- }
-
- /* Initialize security handshaker */
- if ( dev->handshaker ) {
- rc = dev->handshaker->init ( dev );
- if ( rc < 0 )
- return rc;
- }
-
- return 0;
-}
-
-/**
- * Send 802.11 initial authentication frame
- *
- * @v dev 802.11 device
- * @v wlan WLAN to authenticate with
- * @v method Authentication method
- * @ret rc Return status code
- *
- * @a method may be 0 for Open System authentication or 1 for Shared
- * Key authentication. Open System provides no security in association
- * whatsoever, relying on encryption for confidentiality, but Shared
- * Key actively introduces security problems and is very rarely used.
- */
-int net80211_send_auth ( struct net80211_device *dev,
- struct net80211_wlan *wlan, int method )
-{
- struct io_buffer *iob = alloc_iob ( 64 );
- struct ieee80211_auth *auth;
-
- net80211_set_state ( dev, 0, NET80211_WAITING, 0 );
- iob_reserve ( iob, IEEE80211_TYP_FRAME_HEADER_LEN );
- auth = iob_put ( iob, sizeof ( *auth ) );
- auth->algorithm = method;
- auth->tx_seq = 1;
- auth->status = 0;
-
- return net80211_tx_mgmt ( dev, IEEE80211_STYPE_AUTH, wlan->bssid, iob );
-}
-
-/**
- * Handle receipt of 802.11 authentication frame
- *
- * @v dev 802.11 device
- * @v iob I/O buffer
- *
- * If the authentication method being used is Shared Key, and the
- * frame that was received included challenge text, the frame is
- * encrypted using the cryptosystem currently in effect and sent back
- * to the AP to complete the authentication.
- */
-static void net80211_handle_auth ( struct net80211_device *dev,
- struct io_buffer *iob )
-{
- struct ieee80211_frame *hdr = iob->data;
- struct ieee80211_auth *auth =
- ( struct ieee80211_auth * ) hdr->data;
-
- if ( auth->tx_seq & 1 ) {
- DBGC ( dev, "802.11 %p authentication received improperly "
- "directed frame (seq. %d)\n", dev, auth->tx_seq );
- net80211_set_state ( dev, NET80211_WAITING, 0,
- IEEE80211_STATUS_FAILURE );
- return;
- }
-
- if ( auth->status != IEEE80211_STATUS_SUCCESS ) {
- DBGC ( dev, "802.11 %p authentication failed: status %d\n",
- dev, auth->status );
- net80211_set_state ( dev, NET80211_WAITING, 0,
- auth->status );
- return;
- }
-
- if ( auth->algorithm == IEEE80211_AUTH_SHARED_KEY && ! dev->crypto ) {
- DBGC ( dev, "802.11 %p can't perform shared-key authentication "
- "without a cryptosystem\n", dev );
- net80211_set_state ( dev, NET80211_WAITING, 0,
- IEEE80211_STATUS_FAILURE );
- return;
- }
-
- if ( auth->algorithm == IEEE80211_AUTH_SHARED_KEY &&
- auth->tx_seq == 2 ) {
- /* Since the iob we got is going to be freed as soon
- as we return, we can do some in-place
- modification. */
- auth->tx_seq = 3;
- auth->status = 0;
-
- memcpy ( hdr->addr2, hdr->addr1, ETH_ALEN );
- memcpy ( hdr->addr1, hdr->addr3, ETH_ALEN );
-
- netdev_tx ( dev->netdev,
- dev->crypto->encrypt ( dev->crypto, iob ) );
- return;
- }
-
- net80211_set_state ( dev, NET80211_WAITING, NET80211_AUTHENTICATED,
- IEEE80211_STATUS_SUCCESS );
-
- return;
-}
-
-/**
- * Send 802.11 association frame
- *
- * @v dev 802.11 device
- * @v wlan WLAN to associate with
- * @ret rc Return status code
- */
-int net80211_send_assoc ( struct net80211_device *dev,
- struct net80211_wlan *wlan )
-{
- struct io_buffer *iob = alloc_iob ( 128 );
- struct ieee80211_assoc_req *assoc;
- union ieee80211_ie *ie;
-
- net80211_set_state ( dev, 0, NET80211_WAITING, 0 );
-
- iob_reserve ( iob, IEEE80211_TYP_FRAME_HEADER_LEN );
- assoc = iob->data;
-
- assoc->capability = IEEE80211_CAPAB_MANAGED;
- if ( ! ( dev->hw->flags & NET80211_HW_NO_SHORT_PREAMBLE ) )
- assoc->capability |= IEEE80211_CAPAB_SHORT_PMBL;
- if ( ! ( dev->hw->flags & NET80211_HW_NO_SHORT_SLOT ) )
- assoc->capability |= IEEE80211_CAPAB_SHORT_SLOT;
- if ( wlan->crypto )
- assoc->capability |= IEEE80211_CAPAB_PRIVACY;
-
- assoc->listen_interval = 1;
-
- ie = net80211_marshal_request_info ( dev, assoc->info_element );
-
- DBGP ( "802.11 %p about to send association request:\n", dev );
- DBGP_HD ( iob->data, ( void * ) ie - iob->data );
-
- iob_put ( iob, ( void * ) ie - iob->data );
-
- return net80211_tx_mgmt ( dev, IEEE80211_STYPE_ASSOC_REQ,
- wlan->bssid, iob );
-}
-
-/**
- * Handle receipt of 802.11 association reply frame
- *
- * @v dev 802.11 device
- * @v iob I/O buffer
- */
-static void net80211_handle_assoc_reply ( struct net80211_device *dev,
- struct io_buffer *iob )
-{
- struct ieee80211_frame *hdr = iob->data;
- struct ieee80211_assoc_resp *assoc =
- ( struct ieee80211_assoc_resp * ) hdr->data;
-
- net80211_process_capab ( dev, assoc->capability );
- net80211_process_ie ( dev, assoc->info_element, iob->tail );
-
- if ( assoc->status != IEEE80211_STATUS_SUCCESS ) {
- DBGC ( dev, "802.11 %p association failed: status %d\n",
- dev, assoc->status );
- net80211_set_state ( dev, NET80211_WAITING, 0,
- assoc->status );
- return;
- }
-
- /* ESSID was filled before the association request was sent */
- memcpy ( dev->bssid, hdr->addr3, ETH_ALEN );
- dev->aid = assoc->aid;
-
- net80211_set_state ( dev, NET80211_WAITING, NET80211_ASSOCIATED,
- IEEE80211_STATUS_SUCCESS );
-}
-
-
-/**
- * Send 802.11 disassociation frame
- *
- * @v dev 802.11 device
- * @v reason Reason for disassociation
- * @v deauth If TRUE, send deauthentication instead of disassociation
- * @ret rc Return status code
- */
-static int net80211_send_disassoc ( struct net80211_device *dev, int reason,
- int deauth )
-{
- struct io_buffer *iob = alloc_iob ( 64 );
- struct ieee80211_disassoc *disassoc;
-
- if ( ! ( dev->state & NET80211_ASSOCIATED ) )
- return -EINVAL;
-
- net80211_set_state ( dev, NET80211_ASSOCIATED, 0, 0 );
- iob_reserve ( iob, IEEE80211_TYP_FRAME_HEADER_LEN );
- disassoc = iob_put ( iob, sizeof ( *disassoc ) );
- disassoc->reason = reason;
-
- return net80211_tx_mgmt ( dev, deauth ? IEEE80211_STYPE_DEAUTH :
- IEEE80211_STYPE_DISASSOC, dev->bssid, iob );
-}
-
-
-/**
- * Deauthenticate from current network and try again
- *
- * @v dev 802.11 device
- * @v rc Return status code indicating reason
- *
- * The deauthentication will be sent using an 802.11 "unspecified
- * reason", as is common, but @a rc will be set as a link-up
- * error to aid the user in debugging.
- */
-void net80211_deauthenticate ( struct net80211_device *dev, int rc )
-{
- net80211_send_disassoc ( dev, IEEE80211_REASON_UNSPECIFIED, 1 );
- dev->assoc_rc = rc;
- netdev_link_err ( dev->netdev, rc );
-
- net80211_autoassociate ( dev );
-}
-
-
-/** Smoothing factor (1-7) for link quality calculation */
-#define LQ_SMOOTH 7
-
-/**
- * Update link quality information based on received beacon
- *
- * @v dev 802.11 device
- * @v iob I/O buffer containing beacon
- * @ret rc Return status code
- */
-static void net80211_update_link_quality ( struct net80211_device *dev,
- struct io_buffer *iob )
-{
- struct ieee80211_frame *hdr = iob->data;
- struct ieee80211_beacon *beacon;
- u32 dt, rxi;
-
- if ( ! ( dev->state & NET80211_ASSOCIATED ) )
- return;
-
- beacon = ( struct ieee80211_beacon * ) hdr->data;
- dt = ( u32 ) ( beacon->timestamp - dev->last_beacon_timestamp );
- rxi = dev->rx_beacon_interval;
-
- rxi = ( LQ_SMOOTH * rxi ) + ( ( 8 - LQ_SMOOTH ) * dt );
- dev->rx_beacon_interval = rxi >> 3;
-
- dev->last_beacon_timestamp = beacon->timestamp;
-}
-
-
-/**
- * Handle receipt of 802.11 management frame
- *
- * @v dev 802.11 device
- * @v iob I/O buffer
- * @v signal Signal strength of received frame
- */
-static void net80211_handle_mgmt ( struct net80211_device *dev,
- struct io_buffer *iob, int signal )
-{
- struct ieee80211_frame *hdr = iob->data;
- struct ieee80211_disassoc *disassoc;
- u16 stype = hdr->fc & IEEE80211_FC_SUBTYPE;
- int keep = 0;
- int is_deauth = ( stype == IEEE80211_STYPE_DEAUTH );
-
- if ( ( hdr->fc & IEEE80211_FC_TYPE ) != IEEE80211_TYPE_MGMT ) {
- free_iob ( iob );
- return; /* only handle management frames */
- }
-
- switch ( stype ) {
- /* We reconnect on deauthentication and disassociation. */
- case IEEE80211_STYPE_DEAUTH:
- case IEEE80211_STYPE_DISASSOC:
- disassoc = ( struct ieee80211_disassoc * ) hdr->data;
- net80211_set_state ( dev, is_deauth ? NET80211_AUTHENTICATED :
- NET80211_ASSOCIATED, 0,
- NET80211_IS_REASON | disassoc->reason );
- DBGC ( dev, "802.11 %p %s: reason %d\n",
- dev, is_deauth ? "deauthenticated" : "disassociated",
- disassoc->reason );
-
- /* Try to reassociate, in case it's transient. */
- net80211_autoassociate ( dev );
-
- break;
-
- /* We handle authentication and association. */
- case IEEE80211_STYPE_AUTH:
- if ( ! ( dev->state & NET80211_AUTHENTICATED ) )
- net80211_handle_auth ( dev, iob );
- break;
-
- case IEEE80211_STYPE_ASSOC_RESP:
- case IEEE80211_STYPE_REASSOC_RESP:
- if ( ! ( dev->state & NET80211_ASSOCIATED ) )
- net80211_handle_assoc_reply ( dev, iob );
- break;
-
- /* We pass probes and beacons onto network scanning
- code. Pass actions for future extensibility. */
- case IEEE80211_STYPE_BEACON:
- net80211_update_link_quality ( dev, iob );
- /* fall through */
- case IEEE80211_STYPE_PROBE_RESP:
- case IEEE80211_STYPE_ACTION:
- if ( dev->keep_mgmt ) {
- struct net80211_rx_info *rxinf;
- rxinf = zalloc ( sizeof ( *rxinf ) );
- if ( ! rxinf ) {
- DBGC ( dev, "802.11 %p out of memory\n", dev );
- break;
- }
- rxinf->signal = signal;
- list_add_tail ( &iob->list, &dev->mgmt_queue );
- list_add_tail ( &rxinf->list, &dev->mgmt_info_queue );
- keep = 1;
- }
- break;
-
- case IEEE80211_STYPE_PROBE_REQ:
- /* Some nodes send these broadcast. Ignore them. */
- break;
-
- case IEEE80211_STYPE_ASSOC_REQ:
- case IEEE80211_STYPE_REASSOC_REQ:
- /* We should never receive these, only send them. */
- DBGC ( dev, "802.11 %p received strange management request "
- "(%04x)\n", dev, stype );
- break;
-
- default:
- DBGC ( dev, "802.11 %p received unimplemented management "
- "packet (%04x)\n", dev, stype );
- break;
- }
-
- if ( ! keep )
- free_iob ( iob );
-}
-
-/* ---------- Packet handling functions ---------- */
-
-/**
- * Free buffers used by 802.11 fragment cache entry
- *
- * @v dev 802.11 device
- * @v fcid Fragment cache entry index
- *
- * After this function, the referenced entry will be marked unused.
- */
-static void net80211_free_frags ( struct net80211_device *dev, int fcid )
-{
- int j;
- struct net80211_frag_cache *frag = &dev->frags[fcid];
-
- for ( j = 0; j < 16; j++ ) {
- if ( frag->iob[j] ) {
- free_iob ( frag->iob[j] );
- frag->iob[j] = NULL;
- }
- }
-
- frag->seqnr = 0;
- frag->start_ticks = 0;
- frag->in_use = 0;
-}
-
-/**
- * Accumulate 802.11 fragments into one I/O buffer
- *
- * @v dev 802.11 device
- * @v fcid Fragment cache entry index
- * @v nfrags Number of fragments received
- * @v size Sum of sizes of all fragments, including headers
- * @ret iob I/O buffer containing reassembled packet
- *
- * This function does not free the fragment buffers.
- */
-static struct io_buffer *net80211_accum_frags ( struct net80211_device *dev,
- int fcid, int nfrags, int size )
-{
- struct net80211_frag_cache *frag = &dev->frags[fcid];
- int hdrsize = IEEE80211_TYP_FRAME_HEADER_LEN;
- int nsize = size - hdrsize * ( nfrags - 1 );
- int i;
-
- struct io_buffer *niob = alloc_iob ( nsize );
- struct ieee80211_frame *hdr;
-
- /* Add the header from the first one... */
- memcpy ( iob_put ( niob, hdrsize ), frag->iob[0]->data, hdrsize );
-
- /* ... and all the data from all of them. */
- for ( i = 0; i < nfrags; i++ ) {
- int len = iob_len ( frag->iob[i] ) - hdrsize;
- memcpy ( iob_put ( niob, len ),
- frag->iob[i]->data + hdrsize, len );
- }
-
- /* Turn off the fragment bit. */
- hdr = niob->data;
- hdr->fc &= ~IEEE80211_FC_MORE_FRAG;
-
- return niob;
-}
-
-/**
- * Handle receipt of 802.11 fragment
- *
- * @v dev 802.11 device
- * @v iob I/O buffer containing fragment
- * @v signal Signal strength with which fragment was received
- */
-static void net80211_rx_frag ( struct net80211_device *dev,
- struct io_buffer *iob, int signal )
-{
- struct ieee80211_frame *hdr = iob->data;
- int fragnr = IEEE80211_FRAG ( hdr->seq );
-
- if ( fragnr == 0 && ( hdr->fc & IEEE80211_FC_MORE_FRAG ) ) {
- /* start a frag cache entry */
- int i, newest = -1;
- u32 curr_ticks = currticks(), newest_ticks = 0;
- u32 timeout = ticks_per_sec() * NET80211_FRAG_TIMEOUT;
-
- for ( i = 0; i < NET80211_NR_CONCURRENT_FRAGS; i++ ) {
- if ( dev->frags[i].in_use == 0 )
- break;
-
- if ( dev->frags[i].start_ticks + timeout >=
- curr_ticks ) {
- net80211_free_frags ( dev, i );
- break;
- }
-
- if ( dev->frags[i].start_ticks > newest_ticks ) {
- newest = i;
- newest_ticks = dev->frags[i].start_ticks;
- }
- }
-
- /* If we're being sent more concurrent fragmented
- packets than we can handle, drop the newest so the
- older ones have time to complete. */
- if ( i == NET80211_NR_CONCURRENT_FRAGS ) {
- i = newest;
- net80211_free_frags ( dev, i );
- }
-
- dev->frags[i].in_use = 1;
- dev->frags[i].seqnr = IEEE80211_SEQNR ( hdr->seq );
- dev->frags[i].start_ticks = currticks();
- dev->frags[i].iob[0] = iob;
- return;
- } else {
- int i;
- for ( i = 0; i < NET80211_NR_CONCURRENT_FRAGS; i++ ) {
- if ( dev->frags[i].in_use && dev->frags[i].seqnr ==
- IEEE80211_SEQNR ( hdr->seq ) )
- break;
- }
- if ( i == NET80211_NR_CONCURRENT_FRAGS ) {
- /* Drop non-first not-in-cache fragments */
- DBGC ( dev, "802.11 %p dropped fragment fc=%04x "
- "seq=%04x\n", dev, hdr->fc, hdr->seq );
- free_iob ( iob );
- return;
- }
-
- dev->frags[i].iob[fragnr] = iob;
-
- if ( ! ( hdr->fc & IEEE80211_FC_MORE_FRAG ) ) {
- int j, size = 0;
- for ( j = 0; j < fragnr; j++ ) {
- size += iob_len ( dev->frags[i].iob[j] );
- if ( dev->frags[i].iob[j] == NULL )
- break;
- }
- if ( j == fragnr ) {
- /* We've got everything */
- struct io_buffer *niob =
- net80211_accum_frags ( dev, i, fragnr,
- size );
- net80211_free_frags ( dev, i );
- net80211_rx ( dev, niob, signal, 0 );
- } else {
- DBGC ( dev, "802.11 %p dropping fragmented "
- "packet due to out-of-order arrival, "
- "fc=%04x seq=%04x\n", dev, hdr->fc,
- hdr->seq );
- net80211_free_frags ( dev, i );
- }
- }
- }
-}
-
-/**
- * Handle receipt of 802.11 frame
- *
- * @v dev 802.11 device
- * @v iob I/O buffer
- * @v signal Received signal strength
- * @v rate Bitrate at which frame was received, in 100 kbps units
- *
- * If the rate or signal is unknown, 0 should be passed.
- */
-void net80211_rx ( struct net80211_device *dev, struct io_buffer *iob,
- int signal, u16 rate )
-{
- struct ieee80211_frame *hdr = iob->data;
- u16 type = hdr->fc & IEEE80211_FC_TYPE;
- if ( ( hdr->fc & IEEE80211_FC_VERSION ) != IEEE80211_THIS_VERSION )
- goto drop; /* drop invalid-version packets */
-
- if ( type == IEEE80211_TYPE_CTRL )
- goto drop; /* we don't handle control packets,
- the hardware does */
-
- if ( dev->last_rx_seq == hdr->seq )
- goto drop; /* avoid duplicate packet */
- dev->last_rx_seq = hdr->seq;
-
- if ( dev->hw->flags & NET80211_HW_RX_HAS_FCS ) {
- /* discard the FCS */
- iob_unput ( iob, 4 );
- }
-
- /* Only decrypt packets from our BSSID, to avoid spurious errors */
- if ( ( hdr->fc & IEEE80211_FC_PROTECTED ) &&
- ! memcmp ( hdr->addr2, dev->bssid, ETH_ALEN ) ) {
- /* Decrypt packet; record and drop if it fails */
- struct io_buffer *niob;
- struct net80211_crypto *crypto = dev->crypto;
-
- if ( ! dev->crypto ) {
- DBGC ( dev, "802.11 %p cannot decrypt packet "
- "without a cryptosystem\n", dev );
- goto drop_crypt;
- }
-
- if ( ( hdr->addr1[0] & 1 ) && dev->gcrypto ) {
- /* Use group decryption if needed */
- crypto = dev->gcrypto;
- }
-
- niob = crypto->decrypt ( crypto, iob );
- if ( ! niob ) {
- DBGC ( dev, "802.11 %p decryption error\n", dev );
- goto drop_crypt;
- }
- free_iob ( iob );
- iob = niob;
- }
-
- dev->last_signal = signal;
-
- /* Fragments go into the frag cache or get dropped. */
- if ( IEEE80211_FRAG ( hdr->seq ) != 0
- || ( hdr->fc & IEEE80211_FC_MORE_FRAG ) ) {
- net80211_rx_frag ( dev, iob, signal );
- return;
- }
-
- /* Management frames get handled, enqueued, or dropped. */
- if ( type == IEEE80211_TYPE_MGMT ) {
- net80211_handle_mgmt ( dev, iob, signal );
- return;
- }
-
- /* Data frames get dropped or sent to the net_device. */
- if ( ( hdr->fc & IEEE80211_FC_SUBTYPE ) != IEEE80211_STYPE_DATA )
- goto drop; /* drop QoS, CFP, or null data packets */
-
- /* Update rate-control algorithm */
- if ( dev->rctl )
- rc80211_update_rx ( dev, hdr->fc & IEEE80211_FC_RETRY, rate );
-
- /* Pass packet onward */
- if ( dev->state & NET80211_ASSOCIATED ) {
- netdev_rx ( dev->netdev, iob );
- return;
- }
-
- /* No association? Drop it. */
- goto drop;
-
- drop_crypt:
- netdev_rx_err ( dev->netdev, NULL, EINVAL_CRYPTO_REQUEST );
- drop:
- DBGC2 ( dev, "802.11 %p dropped packet fc=%04x seq=%04x\n", dev,
- hdr->fc, hdr->seq );
- free_iob ( iob );
- return;
-}
-
-/** Indicate an error in receiving a packet
- *
- * @v dev 802.11 device
- * @v iob I/O buffer with received packet, or NULL
- * @v rc Error code
- *
- * This logs the error with the wrapping net_device, and frees iob if
- * it is passed.
- */
-void net80211_rx_err ( struct net80211_device *dev,
- struct io_buffer *iob, int rc )
-{
- netdev_rx_err ( dev->netdev, iob, rc );
-}
-
-/** Indicate the completed transmission of a packet
- *
- * @v dev 802.11 device
- * @v iob I/O buffer of transmitted packet
- * @v retries Number of times this packet was retransmitted
- * @v rc Error code, or 0 for success
- *
- * This logs an error with the wrapping net_device if one occurred,
- * and removes and frees the I/O buffer from its TX queue. The
- * provided retry information is used to tune our transmission rate.
- *
- * If the packet did not need to be retransmitted because it was
- * properly ACKed the first time, @a retries should be 0.
- */
-void net80211_tx_complete ( struct net80211_device *dev,
- struct io_buffer *iob, int retries, int rc )
-{
- /* Update rate-control algorithm */
- if ( dev->rctl )
- rc80211_update_tx ( dev, retries, rc );
-
- /* Pass completion onward */
- netdev_tx_complete_err ( dev->netdev, iob, rc );
-}
diff --git a/gpxe/src/net/80211/rc80211.c b/gpxe/src/net/80211/rc80211.c
deleted file mode 100644
index 5bd19143..00000000
--- a/gpxe/src/net/80211/rc80211.c
+++ /dev/null
@@ -1,371 +0,0 @@
-/*
- * Simple 802.11 rate-control algorithm for gPXE.
- *
- * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-FILE_LICENCE ( GPL2_OR_LATER );
-
-#include <stdlib.h>
-#include <gpxe/net80211.h>
-
-/**
- * @file
- *
- * Simple 802.11 rate-control algorithm
- */
-
-/** @page rc80211 Rate control philosophy
- *
- * We want to maximize our transmission speed, to the extent that we
- * can do that without dropping undue numbers of packets. We also
- * don't want to take up very much code space, so our algorithm has to
- * be pretty simple
- *
- * When we receive a packet, we know what rate it was transmitted at,
- * and whether it had to be retransmitted to get to us.
- *
- * When we send a packet, we hear back how many times it had to be
- * retried to get through, and whether it got through at all.
- *
- * Indications of TX success are more reliable than RX success, but RX
- * information helps us know where to start.
- *
- * To handle all of this, we keep for each rate and each direction (TX
- * and RX separately) some state information for the most recent
- * packets on that rate and the number of packets for which we have
- * information. The state is a 32-bit unsigned integer in which two
- * bits represent a packet: 11 if it went through well, 10 if it went
- * through with one retry, 01 if it went through with more than one
- * retry, or 00 if it didn't go through at all. We define the
- * "goodness" for a particular (rate, direction) combination as the
- * sum of all the 2-bit fields, times 33, divided by the number of
- * 2-bit fields containing valid information (16 except when we're
- * starting out). The number produced is between 0 and 99; we use -1
- * for rates with less than 4 RX packets or 1 TX, as an indicator that
- * we do not have enough information to rely on them.
- *
- * In deciding which rates are best, we find the weighted average of
- * TX and RX goodness, where the weighting is by number of packets
- * with data and TX packets are worth 4 times as much as RX packets.
- * The weighted average is called "net goodness" and is also a number
- * between 0 and 99. If 3 consecutive packets fail transmission
- * outright, we automatically ratchet down the rate; otherwise, we
- * switch to the best rate whenever the current rate's goodness falls
- * below some threshold, and try increasing our rate when the goodness
- * is very high.
- *
- * This system is optimized for gPXE's style of usage. Because normal
- * operation always involves receiving something, we'll make our way
- * to the best rate pretty quickly. We tend to follow the lead of the
- * sending AP in choosing rates, but we won't use rates for long that
- * don't work well for us in transmission. We assume gPXE won't be
- * running for long enough that rate patterns will change much, so we
- * don't have to keep time counters or the like. And if this doesn't
- * work well in practice there are many ways it could be tweaked.
- *
- * To avoid staying at 1Mbps for a long time, we don't track any
- * transmitted packets until we've set our rate based on received
- * packets.
- */
-
-/** Two-bit packet status indicator for a packet with no retries */
-#define RC_PKT_OK 0x3
-
-/** Two-bit packet status indicator for a packet with one retry */
-#define RC_PKT_RETRIED_ONCE 0x2
-
-/** Two-bit packet status indicator for a TX packet with multiple retries
- *
- * It is not possible to tell whether an RX packet had one or multiple
- * retries; we rely instead on the fact that failed RX packets won't
- * get to us at all, so if we receive a lot of RX packets on a certain
- * rate it must be pretty good.
- */
-#define RC_PKT_RETRIED_MULTI 0x1
-
-/** Two-bit packet status indicator for a TX packet that was never ACKed
- *
- * It is not possible to tell whether an RX packet was setn if it
- * didn't get through to us, but if we don't see one we won't increase
- * the goodness for its rate. This asymmetry is part of why TX packets
- * are weighted much more heavily than RX.
- */
-#define RC_PKT_FAILED 0x0
-
-/** Number of times to weight TX packets more heavily than RX packets */
-#define RC_TX_FACTOR 4
-
-/** Number of consecutive failed TX packets that cause an automatic rate drop */
-#define RC_TX_EMERG_FAIL 3
-
-/** Minimum net goodness below which we will search for a better rate */
-#define RC_GOODNESS_MIN 85
-
-/** Maximum net goodness above which we will try to increase our rate */
-#define RC_GOODNESS_MAX 95
-
-/** Minimum (num RX + @c RC_TX_FACTOR * num TX) to use a certain rate */
-#define RC_UNCERTAINTY_THRESH 4
-
-/** TX direction */
-#define TX 0
-
-/** RX direction */
-#define RX 1
-
-/** A rate control context */
-struct rc80211_ctx
-{
- /** Goodness state for each rate, TX and RX */
- u32 goodness[2][NET80211_MAX_RATES];
-
- /** Number of packets recorded for each rate */
- u8 count[2][NET80211_MAX_RATES];
-
- /** Indication of whether we've set the device rate yet */
- int started;
-
- /** Counter of all packets sent and received */
- int packets;
-};
-
-/**
- * Initialize rate-control algorithm
- *
- * @v dev 802.11 device
- * @ret ctx Rate-control context, to be stored in @c dev->rctl
- */
-struct rc80211_ctx * rc80211_init ( struct net80211_device *dev __unused )
-{
- struct rc80211_ctx *ret = zalloc ( sizeof ( *ret ) );
- return ret;
-}
-
-/**
- * Calculate net goodness for a certain rate
- *
- * @v ctx Rate-control context
- * @v rate_idx Index of rate to calculate net goodness for
- */
-static int rc80211_calc_net_goodness ( struct rc80211_ctx *ctx,
- int rate_idx )
-{
- int sum[2], num[2], dir, pkt;
-
- for ( dir = 0; dir < 2; dir++ ) {
- u32 good = ctx->goodness[dir][rate_idx];
-
- num[dir] = ctx->count[dir][rate_idx];
- sum[dir] = 0;
-
- for ( pkt = 0; pkt < num[dir]; pkt++ )
- sum[dir] += ( good >> ( 2 * pkt ) ) & 0x3;
- }
-
- if ( ( num[TX] * RC_TX_FACTOR + num[RX] ) < RC_UNCERTAINTY_THRESH )
- return -1;
-
- return ( 33 * ( sum[TX] * RC_TX_FACTOR + sum[RX] ) /
- ( num[TX] * RC_TX_FACTOR + num[RX] ) );
-}
-
-/**
- * Determine the best rate to switch to and return it
- *
- * @v dev 802.11 device
- * @ret rate_idx Index of the best rate to switch to
- */
-static int rc80211_pick_best ( struct net80211_device *dev )
-{
- struct rc80211_ctx *ctx = dev->rctl;
- int best_net_good = 0, best_rate = -1, i;
-
- for ( i = 0; i < dev->nr_rates; i++ ) {
- int net_good = rc80211_calc_net_goodness ( ctx, i );
-
- if ( net_good > best_net_good ||
- ( best_net_good > RC_GOODNESS_MIN &&
- net_good > RC_GOODNESS_MIN ) ) {
- best_net_good = net_good;
- best_rate = i;
- }
- }
-
- if ( best_rate >= 0 ) {
- int old_good = rc80211_calc_net_goodness ( ctx, dev->rate );
- if ( old_good != best_net_good )
- DBGC ( ctx, "802.11 RC %p switching from goodness "
- "%d to %d\n", ctx, old_good, best_net_good );
-
- ctx->started = 1;
- return best_rate;
- }
-
- return dev->rate;
-}
-
-/**
- * Set 802.11 device rate
- *
- * @v dev 802.11 device
- * @v rate_idx Index of rate to switch to
- *
- * This is a thin wrapper around net80211_set_rate_idx to insert a
- * debugging message where appropriate.
- */
-static inline void rc80211_set_rate ( struct net80211_device *dev,
- int rate_idx )
-{
- DBGC ( dev->rctl, "802.11 RC %p changing rate %d->%d Mbps\n", dev->rctl,
- dev->rates[dev->rate] / 10, dev->rates[rate_idx] / 10 );
-
- net80211_set_rate_idx ( dev, rate_idx );
-}
-
-/**
- * Check rate-control state and change rate if necessary
- *
- * @v dev 802.11 device
- */
-static void rc80211_maybe_set_new ( struct net80211_device *dev )
-{
- struct rc80211_ctx *ctx = dev->rctl;
- int net_good;
-
- net_good = rc80211_calc_net_goodness ( ctx, dev->rate );
-
- if ( ! ctx->started ) {
- rc80211_set_rate ( dev, rc80211_pick_best ( dev ) );
- return;
- }
-
- if ( net_good < 0 ) /* insufficient data */
- return;
-
- if ( net_good > RC_GOODNESS_MAX && dev->rate + 1 < dev->nr_rates ) {
- int higher = rc80211_calc_net_goodness ( ctx, dev->rate + 1 );
- if ( higher > net_good || higher < 0 )
- rc80211_set_rate ( dev, dev->rate + 1 );
- else
- rc80211_set_rate ( dev, rc80211_pick_best ( dev ) );
- }
-
- if ( net_good < RC_GOODNESS_MIN ) {
- rc80211_set_rate ( dev, rc80211_pick_best ( dev ) );
- }
-}
-
-/**
- * Update rate-control state
- *
- * @v dev 802.11 device
- * @v direction One of the direction constants TX or RX
- * @v rate_idx Index of rate at which packet was sent or received
- * @v retries Number of times packet was retried before success
- * @v failed If nonzero, the packet failed to get through
- */
-static void rc80211_update ( struct net80211_device *dev, int direction,
- int rate_idx, int retries, int failed )
-{
- struct rc80211_ctx *ctx = dev->rctl;
- u32 goodness = ctx->goodness[direction][rate_idx];
-
- if ( ctx->count[direction][rate_idx] < 16 )
- ctx->count[direction][rate_idx]++;
-
- goodness <<= 2;
- if ( failed )
- goodness |= RC_PKT_FAILED;
- else if ( retries > 1 )
- goodness |= RC_PKT_RETRIED_MULTI;
- else if ( retries )
- goodness |= RC_PKT_RETRIED_ONCE;
- else
- goodness |= RC_PKT_OK;
-
- ctx->goodness[direction][rate_idx] = goodness;
-
- ctx->packets++;
-
- rc80211_maybe_set_new ( dev );
-}
-
-/**
- * Update rate-control state for transmitted packet
- *
- * @v dev 802.11 device
- * @v retries Number of times packet was transmitted before success
- * @v rc Return status code for transmission
- */
-void rc80211_update_tx ( struct net80211_device *dev, int retries, int rc )
-{
- struct rc80211_ctx *ctx = dev->rctl;
-
- if ( ! ctx->started )
- return;
-
- rc80211_update ( dev, TX, dev->rate, retries, rc );
-
- /* Check if the last RC_TX_EMERG_FAIL packets have all failed */
- if ( ! ( ctx->goodness[TX][dev->rate] &
- ( ( 1 << ( 2 * RC_TX_EMERG_FAIL ) ) - 1 ) ) ) {
- if ( dev->rate == 0 )
- DBGC ( dev->rctl, "802.11 RC %p saw %d consecutive "
- "failed TX, but cannot lower rate any further\n",
- dev->rctl, RC_TX_EMERG_FAIL );
- else {
- DBGC ( dev->rctl, "802.11 RC %p lowering rate (%d->%d "
- "Mbps) due to %d consecutive TX failures\n",
- dev->rctl, dev->rates[dev->rate] / 10,
- dev->rates[dev->rate - 1] / 10,
- RC_TX_EMERG_FAIL );
-
- rc80211_set_rate ( dev, dev->rate - 1 );
- }
- }
-}
-
-/**
- * Update rate-control state for received packet
- *
- * @v dev 802.11 device
- * @v retry Whether the received packet had been retransmitted
- * @v rate Rate at which packet was received, in 100 kbps units
- */
-void rc80211_update_rx ( struct net80211_device *dev, int retry, u16 rate )
-{
- int ridx;
-
- for ( ridx = 0; ridx < dev->nr_rates && dev->rates[ridx] != rate;
- ridx++ )
- ;
- if ( ridx >= dev->nr_rates )
- return; /* couldn't find the rate */
-
- rc80211_update ( dev, RX, ridx, retry, 0 );
-}
-
-/**
- * Free rate-control context
- *
- * @v ctx Rate-control context
- */
-void rc80211_free ( struct rc80211_ctx *ctx )
-{
- free ( ctx );
-}
diff --git a/gpxe/src/net/80211/sec80211.c b/gpxe/src/net/80211/sec80211.c
deleted file mode 100644
index c5aa1183..00000000
--- a/gpxe/src/net/80211/sec80211.c
+++ /dev/null
@@ -1,503 +0,0 @@
-/*
- * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-FILE_LICENCE ( GPL2_OR_LATER );
-
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <gpxe/ieee80211.h>
-#include <gpxe/net80211.h>
-#include <gpxe/sec80211.h>
-
-/** @file
- *
- * General secured-network routines required whenever any secure
- * network support at all is compiled in. This involves things like
- * installing keys, determining the type of security used by a probed
- * network, and some small helper functions that take advantage of
- * static data in this file.
- */
-
-/** Mapping from net80211 crypto/secprot types to RSN OUI descriptors */
-struct descriptor_map {
- /** Value of net80211_crypto_alg or net80211_security_proto */
- u32 net80211_type;
-
- /** OUI+type in appropriate byte order, masked to exclude vendor */
- u32 oui_type;
-};
-
-/** Magic number in @a oui_type showing end of list */
-#define END_MAGIC 0xFFFFFFFF
-
-/** Mapping between net80211 cryptosystems and 802.11i cipher IDs */
-static struct descriptor_map rsn_cipher_map[] = {
- { .net80211_type = NET80211_CRYPT_WEP,
- .oui_type = IEEE80211_RSN_CTYPE_WEP40 },
-
- { .net80211_type = NET80211_CRYPT_WEP,
- .oui_type = IEEE80211_RSN_CTYPE_WEP104 },
-
- { .net80211_type = NET80211_CRYPT_TKIP,
- .oui_type = IEEE80211_RSN_CTYPE_TKIP },
-
- { .net80211_type = NET80211_CRYPT_CCMP,
- .oui_type = IEEE80211_RSN_CTYPE_CCMP },
-
- { .net80211_type = NET80211_CRYPT_UNKNOWN,
- .oui_type = END_MAGIC },
-};
-
-/** Mapping between net80211 handshakers and 802.11i AKM IDs */
-static struct descriptor_map rsn_akm_map[] = {
- { .net80211_type = NET80211_SECPROT_EAP,
- .oui_type = IEEE80211_RSN_ATYPE_8021X },
-
- { .net80211_type = NET80211_SECPROT_PSK,
- .oui_type = IEEE80211_RSN_ATYPE_PSK },
-
- { .net80211_type = NET80211_SECPROT_UNKNOWN,
- .oui_type = END_MAGIC },
-};
-
-
-/**
- * Install 802.11 cryptosystem
- *
- * @v which Pointer to the cryptosystem structure to install in
- * @v crypt Cryptosystem ID number
- * @v key Encryption key to use
- * @v len Length of encryption key
- * @v rsc Initial receive sequence counter, if applicable
- * @ret rc Return status code
- *
- * The encryption key will not be accessed via the provided pointer
- * after this function returns, so you may keep it on the stack.
- *
- * @a which must point to either @c dev->crypto (for the normal case
- * of installing a unicast cryptosystem) or @c dev->gcrypto (to
- * install a cryptosystem that will be used only for decrypting
- * group-source frames).
- */
-int sec80211_install ( struct net80211_crypto **which,
- enum net80211_crypto_alg crypt,
- const void *key, int len, const void *rsc )
-{
- struct net80211_crypto *crypto = *which;
- struct net80211_crypto *tbl_crypto;
-
- /* Remove old crypto if it exists */
- free ( *which );
- *which = NULL;
-
- if ( crypt == NET80211_CRYPT_NONE ) {
- DBG ( "802.11-Sec not installing null cryptography\n" );
- return 0;
- }
-
- /* Find cryptosystem to use */
- for_each_table_entry ( tbl_crypto, NET80211_CRYPTOS ) {
- if ( tbl_crypto->algorithm == crypt ) {
- crypto = zalloc ( sizeof ( *crypto ) +
- tbl_crypto->priv_len );
- if ( ! crypto ) {
- DBG ( "802.11-Sec out of memory\n" );
- return -ENOMEM;
- }
-
- memcpy ( crypto, tbl_crypto, sizeof ( *crypto ) );
- crypto->priv = ( ( void * ) crypto +
- sizeof ( *crypto ) );
- break;
- }
- }
-
- if ( ! crypto ) {
- DBG ( "802.11-Sec no support for cryptosystem %d\n", crypt );
- return -( ENOTSUP | EUNIQ_10 | ( crypt << 8 ) );
- }
-
- *which = crypto;
-
- DBG ( "802.11-Sec installing cryptosystem %d as %p with key of "
- "length %d\n", crypt, crypto, len );
-
- return crypto->init ( crypto, key, len, rsc );
-}
-
-
-/**
- * Determine net80211 crypto or handshaking type value to return for RSN info
- *
- * @v rsnp Pointer to next descriptor count field in RSN IE
- * @v rsn_end Pointer to end of RSN IE
- * @v map Descriptor map to use
- * @v tbl_start Start of linker table to examine for gPXE support
- * @v tbl_end End of linker table to examine for gPXE support
- * @ret rsnp Updated to point to first byte after descriptors
- * @ret map_ent Descriptor map entry of translation to use
- *
- * The entries in the linker table must be either net80211_crypto or
- * net80211_handshaker structures, and @a tbl_stride must be set to
- * sizeof() the appropriate one.
- *
- * This function expects @a rsnp to point at a two-byte descriptor
- * count followed by a list of four-byte cipher or AKM descriptors; it
- * will return @c NULL if the input packet is malformed, and otherwise
- * set @a rsnp to the first byte it has not looked at. It will return
- * the first cipher in the list that is supported by the current build
- * of gPXE, or the first of all if none are supported.
- *
- * We play rather fast and loose with type checking, because this
- * function is only called from two well-defined places in the
- * RSN-checking code. Don't try to use it for anything else.
- */
-static struct descriptor_map * rsn_pick_desc ( u8 **rsnp, u8 *rsn_end,
- struct descriptor_map *map,
- void *tbl_start, void *tbl_end )
-{
- int ndesc;
- int ok = 0;
- struct descriptor_map *map_ent, *map_ret = NULL;
- u8 *rsn = *rsnp;
- void *tblp;
- size_t tbl_stride = ( map == rsn_cipher_map ?
- sizeof ( struct net80211_crypto ) :
- sizeof ( struct net80211_handshaker ) );
-
- if ( map != rsn_cipher_map && map != rsn_akm_map )
- return NULL;
-
- /* Determine which types we support */
- for ( tblp = tbl_start; tblp < tbl_end; tblp += tbl_stride ) {
- struct net80211_crypto *crypto = tblp;
- struct net80211_handshaker *hs = tblp;
-
- if ( map == rsn_cipher_map )
- ok |= ( 1 << crypto->algorithm );
- else
- ok |= ( 1 << hs->protocol );
- }
-
- /* RSN sanity checks */
- if ( rsn + 2 > rsn_end ) {
- DBG ( "RSN detect: malformed descriptor count\n" );
- return NULL;
- }
-
- ndesc = *( u16 * ) rsn;
- rsn += 2;
-
- if ( ! ndesc ) {
- DBG ( "RSN detect: no descriptors\n" );
- return NULL;
- }
-
- /* Determine which net80211 crypto types are listed */
- while ( ndesc-- ) {
- u32 desc;
-
- if ( rsn + 4 > rsn_end ) {
- DBG ( "RSN detect: malformed descriptor (%d left)\n",
- ndesc );
- return NULL;
- }
-
- desc = *( u32 * ) rsn;
- rsn += 4;
-
- for ( map_ent = map; map_ent->oui_type != END_MAGIC; map_ent++ )
- if ( map_ent->oui_type == ( desc & OUI_TYPE_MASK ) )
- break;
-
- /* Use first cipher as a fallback */
- if ( ! map_ret )
- map_ret = map_ent;
-
- /* Once we find one we support, use it */
- if ( ok & ( 1 << map_ent->net80211_type ) ) {
- map_ret = map_ent;
- break;
- }
- }
-
- if ( ndesc > 0 )
- rsn += 4 * ndesc;
-
- *rsnp = rsn;
- return map_ret;
-}
-
-
-/**
- * Find the RSN or WPA information element in the provided beacon frame
- *
- * @v ie Pointer to first information element to check
- * @v ie_end Pointer to end of information element space
- * @ret is_rsn TRUE if returned IE is RSN, FALSE if it's WPA
- * @ret end Pointer to byte immediately after last byte of data
- * @ret data Pointer to first byte of data (the `version' field)
- *
- * If both an RSN and a WPA information element are found, this
- * function will return the first one seen, which by ordering rules
- * should always prefer the newer RSN IE.
- *
- * If no RSN or WPA infomration element is found, returns @c NULL and
- * leaves @a is_rsn and @a end in an undefined state.
- *
- * This function will not return a pointer to an information element
- * that states it extends past the tail of the io_buffer, or whose @a
- * version field is incorrect.
- */
-u8 * sec80211_find_rsn ( union ieee80211_ie *ie, void *ie_end,
- int *is_rsn, u8 **end )
-{
- u8 *rsn = NULL;
-
- if ( ! ieee80211_ie_bound ( ie, ie_end ) )
- return NULL;
-
- while ( ie ) {
- if ( ie->id == IEEE80211_IE_VENDOR &&
- ie->vendor.oui == IEEE80211_WPA_OUI_VEN ) {
- DBG ( "RSN detect: old-style WPA IE found\n" );
- rsn = &ie->vendor.data[0];
- *end = rsn + ie->len - 4;
- *is_rsn = 0;
- } else if ( ie->id == IEEE80211_IE_RSN ) {
- DBG ( "RSN detect: 802.11i RSN IE found\n" );
- rsn = ( u8 * ) &ie->rsn.version;
- *end = rsn + ie->len;
- *is_rsn = 1;
- }
-
- if ( rsn && ( *end > ( u8 * ) ie_end || rsn >= *end ||
- *( u16 * ) rsn != IEEE80211_RSN_VERSION ) ) {
- DBG ( "RSN detect: malformed RSN IE or unknown "
- "version, keep trying\n" );
- rsn = NULL;
- }
-
- if ( rsn )
- break;
-
- ie = ieee80211_next_ie ( ie, ie_end );
- }
-
- if ( ! ie ) {
- DBG ( "RSN detect: no RSN IE found\n" );
- return NULL;
- }
-
- return rsn;
-}
-
-
-/**
- * Detect crypto and AKM types from RSN information element
- *
- * @v is_rsn If TRUE, IE is a new-style RSN information element
- * @v start Pointer to first byte of @a version field
- * @v end Pointer to first byte not in the RSN IE
- * @ret secprot Security handshaking protocol used by network
- * @ret crypt Cryptosystem used by network
- * @ret rc Return status code
- *
- * If the IE cannot be parsed, returns an error indication and leaves
- * @a secprot and @a crypt unchanged.
- */
-int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end,
- enum net80211_security_proto *secprot,
- enum net80211_crypto_alg *crypt )
-{
- enum net80211_security_proto sp;
- enum net80211_crypto_alg cr;
- struct descriptor_map *map;
- u8 *rsn = start;
-
- /* Set some defaults */
- cr = ( is_rsn ? NET80211_CRYPT_CCMP : NET80211_CRYPT_TKIP );
- sp = NET80211_SECPROT_EAP;
-
- rsn += 2; /* version - already checked */
- rsn += 4; /* group cipher - we don't use it here */
-
- if ( rsn >= end )
- goto done;
-
- /* Pick crypto algorithm */
- map = rsn_pick_desc ( &rsn, end, rsn_cipher_map,
- table_start ( NET80211_CRYPTOS ),
- table_end ( NET80211_CRYPTOS ) );
- if ( ! map )
- goto invalid_rsn;
-
- cr = map->net80211_type;
-
- if ( rsn >= end )
- goto done;
-
- /* Pick handshaking algorithm */
- map = rsn_pick_desc ( &rsn, end, rsn_akm_map,
- table_start ( NET80211_HANDSHAKERS ),
- table_end ( NET80211_HANDSHAKERS ) );
- if ( ! map )
- goto invalid_rsn;
-
- sp = map->net80211_type;
-
- done:
- DBG ( "RSN detect: OK, crypto type %d, secprot type %d\n", cr, sp );
- *secprot = sp;
- *crypt = cr;
- return 0;
-
- invalid_rsn:
- DBG ( "RSN detect: invalid RSN IE\n" );
- return -EINVAL;
-}
-
-
-/**
- * Detect the cryptosystem and handshaking protocol used by an 802.11 network
- *
- * @v iob I/O buffer containing beacon frame
- * @ret secprot Security handshaking protocol used by network
- * @ret crypt Cryptosystem used by network
- * @ret rc Return status code
- *
- * This function uses weak linkage, as it must be called from generic
- * contexts but should only be linked in if some encryption is
- * supported; you must test its address against @c NULL before calling
- * it. If it does not exist, any network with the PRIVACY bit set in
- * beacon->capab should be considered unknown.
- */
-int _sec80211_detect ( struct io_buffer *iob,
- enum net80211_security_proto *secprot,
- enum net80211_crypto_alg *crypt )
-{
- struct ieee80211_frame *hdr = iob->data;
- struct ieee80211_beacon *beacon =
- ( struct ieee80211_beacon * ) hdr->data;
- u8 *rsn, *rsn_end;
- int is_rsn, rc;
-
- *crypt = NET80211_CRYPT_UNKNOWN;
- *secprot = NET80211_SECPROT_UNKNOWN;
-
- /* Find RSN or WPA IE */
- if ( ! ( rsn = sec80211_find_rsn ( beacon->info_element, iob->tail,
- &is_rsn, &rsn_end ) ) ) {
- /* No security IE at all; either WEP or no security. */
- *secprot = NET80211_SECPROT_NONE;
-
- if ( beacon->capability & IEEE80211_CAPAB_PRIVACY )
- *crypt = NET80211_CRYPT_WEP;
- else
- *crypt = NET80211_CRYPT_NONE;
-
- return 0;
- }
-
- /* Determine type of security */
- if ( ( rc = sec80211_detect_ie ( is_rsn, rsn, rsn_end, secprot,
- crypt ) ) == 0 )
- return 0;
-
- /* If we get here, the RSN IE was invalid */
-
- *crypt = NET80211_CRYPT_UNKNOWN;
- *secprot = NET80211_SECPROT_UNKNOWN;
- DBG ( "Failed to handle RSN IE:\n" );
- DBG_HD ( rsn, rsn_end - rsn );
- return rc;
-}
-
-
-/**
- * Determine RSN descriptor for specified net80211 ID
- *
- * @v id net80211 ID value
- * @v rsnie Whether to return a new-format (RSN IE) descriptor
- * @v map Map to use in translation
- * @ret desc RSN descriptor, or 0 on error
- *
- * If @a rsnie is false, returns an old-format (WPA vendor IE)
- * descriptor.
- */
-static u32 rsn_get_desc ( unsigned id, int rsnie, struct descriptor_map *map )
-{
- u32 vendor = ( rsnie ? IEEE80211_RSN_OUI : IEEE80211_WPA_OUI );
-
- for ( ; map->oui_type != END_MAGIC; map++ ) {
- if ( map->net80211_type == id )
- return map->oui_type | vendor;
- }
-
- return 0;
-}
-
-/**
- * Determine RSN descriptor for specified net80211 cryptosystem number
- *
- * @v crypt Cryptosystem number
- * @v rsnie Whether to return a new-format (RSN IE) descriptor
- * @ret desc RSN descriptor
- *
- * If @a rsnie is false, returns an old-format (WPA vendor IE)
- * descriptor.
- */
-u32 sec80211_rsn_get_crypto_desc ( enum net80211_crypto_alg crypt, int rsnie )
-{
- return rsn_get_desc ( crypt, rsnie, rsn_cipher_map );
-}
-
-/**
- * Determine RSN descriptor for specified net80211 handshaker number
- *
- * @v secprot Handshaker number
- * @v rsnie Whether to return a new-format (RSN IE) descriptor
- * @ret desc RSN descriptor
- *
- * If @a rsnie is false, returns an old-format (WPA vendor IE)
- * descriptor.
- */
-u32 sec80211_rsn_get_akm_desc ( enum net80211_security_proto secprot,
- int rsnie )
-{
- return rsn_get_desc ( secprot, rsnie, rsn_akm_map );
-}
-
-/**
- * Determine net80211 cryptosystem number from RSN descriptor
- *
- * @v desc RSN descriptor
- * @ret crypt net80211 cryptosystem enumeration value
- */
-enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt ( u32 desc )
-{
- struct descriptor_map *map = rsn_cipher_map;
-
- for ( ; map->oui_type != END_MAGIC; map++ ) {
- if ( map->oui_type == ( desc & OUI_TYPE_MASK ) )
- break;
- }
-
- return map->net80211_type;
-}
diff --git a/gpxe/src/net/80211/wep.c b/gpxe/src/net/80211/wep.c
deleted file mode 100644
index 1c37e0c3..00000000
--- a/gpxe/src/net/80211/wep.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
- * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-FILE_LICENCE ( GPL2_OR_LATER );
-
-#include <gpxe/net80211.h>
-#include <gpxe/sec80211.h>
-#include <gpxe/crypto.h>
-#include <gpxe/arc4.h>
-#include <gpxe/crc32.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-
-/** @file
- *
- * The WEP wireless encryption method (insecure!)
- *
- * The data field in a WEP-encrypted packet contains a 3-byte
- * initialisation vector, one-byte Key ID field (only the bottom two
- * bits are ever used), encrypted data, and a 4-byte encrypted CRC of
- * the plaintext data, called the ICV. To decrypt it, the IV is
- * prepended to the shared key and the data stream (including ICV) is
- * run through the ARC4 stream cipher; if the ICV matches a CRC32
- * calculated on the plaintext, the packet is valid.
- *
- * For efficiency and code-size reasons, this file assumes it is
- * running on a little-endian machine.
- */
-
-/** Length of WEP initialisation vector */
-#define WEP_IV_LEN 3
-
-/** Length of WEP key ID byte */
-#define WEP_KID_LEN 1
-
-/** Length of WEP ICV checksum */
-#define WEP_ICV_LEN 4
-
-/** Maximum length of WEP key */
-#define WEP_MAX_KEY 16
-
-/** Amount of data placed before the encrypted bytes */
-#define WEP_HEADER_LEN 4
-
-/** Amount of data placed after the encrypted bytes */
-#define WEP_TRAILER_LEN 4
-
-/** Total WEP overhead bytes */
-#define WEP_OVERHEAD 8
-
-/** Context for WEP encryption and decryption */
-struct wep_ctx
-{
- /** Encoded WEP key
- *
- * The actual key bytes are stored beginning at offset 3, to
- * leave room for easily inserting the IV before a particular
- * operation.
- */
- u8 key[WEP_IV_LEN + WEP_MAX_KEY];
-
- /** Length of WEP key (not including IV bytes) */
- int keylen;
-
- /** ARC4 context */
- struct arc4_ctx arc4;
-};
-
-/**
- * Initialize WEP algorithm
- *
- * @v crypto 802.11 cryptographic algorithm
- * @v key WEP key to use
- * @v keylen Length of WEP key
- * @v rsc Initial receive sequence counter (unused)
- * @ret rc Return status code
- *
- * Standard key lengths are 5 and 13 bytes; 16-byte keys are
- * occasionally supported as an extension to the standard.
- */
-static int wep_init ( struct net80211_crypto *crypto, const void *key,
- int keylen, const void *rsc __unused )
-{
- struct wep_ctx *ctx = crypto->priv;
-
- ctx->keylen = ( keylen > WEP_MAX_KEY ? WEP_MAX_KEY : keylen );
- memcpy ( ctx->key + WEP_IV_LEN, key, ctx->keylen );
-
- return 0;
-}
-
-/**
- * Encrypt packet using WEP
- *
- * @v crypto 802.11 cryptographic algorithm
- * @v iob I/O buffer of plaintext packet
- * @ret eiob Newly allocated I/O buffer for encrypted packet, or NULL
- *
- * If memory allocation fails, @c NULL is returned.
- */
-static struct io_buffer * wep_encrypt ( struct net80211_crypto *crypto,
- struct io_buffer *iob )
-{
- struct wep_ctx *ctx = crypto->priv;
- struct io_buffer *eiob;
- struct ieee80211_frame *hdr;
- const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
- int datalen = iob_len ( iob ) - hdrlen;
- int newlen = hdrlen + datalen + WEP_OVERHEAD;
- u32 iv, icv;
-
- eiob = alloc_iob ( newlen );
- if ( ! eiob )
- return NULL;
-
- memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
- hdr = eiob->data;
- hdr->fc |= IEEE80211_FC_PROTECTED;
-
- /* Calculate IV, put it in the header (with key ID byte = 0), and
- set it up at the start of the encryption key. */
- iv = random() & 0xffffff; /* IV in bottom 3 bytes, top byte = KID = 0 */
- memcpy ( iob_put ( eiob, WEP_HEADER_LEN ), &iv, WEP_HEADER_LEN );
- memcpy ( ctx->key, &iv, WEP_IV_LEN );
-
- /* Encrypt the data using RC4 */
- cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key,
- ctx->keylen + WEP_IV_LEN );
- cipher_encrypt ( &arc4_algorithm, &ctx->arc4, iob->data + hdrlen,
- iob_put ( eiob, datalen ), datalen );
-
- /* Add ICV */
- icv = ~crc32_le ( ~0, iob->data + hdrlen, datalen );
- cipher_encrypt ( &arc4_algorithm, &ctx->arc4, &icv,
- iob_put ( eiob, WEP_ICV_LEN ), WEP_ICV_LEN );
-
- return eiob;
-}
-
-/**
- * Decrypt packet using WEP
- *
- * @v crypto 802.11 cryptographic algorithm
- * @v eiob I/O buffer of encrypted packet
- * @ret iob Newly allocated I/O buffer for plaintext packet, or NULL
- *
- * If a consistency check for the decryption fails (usually indicating
- * an invalid key), @c NULL is returned.
- */
-static struct io_buffer * wep_decrypt ( struct net80211_crypto *crypto,
- struct io_buffer *eiob )
-{
- struct wep_ctx *ctx = crypto->priv;
- struct io_buffer *iob;
- struct ieee80211_frame *hdr;
- const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
- int datalen = iob_len ( eiob ) - hdrlen - WEP_OVERHEAD;
- int newlen = hdrlen + datalen;
- u32 iv, icv, crc;
-
- iob = alloc_iob ( newlen );
- if ( ! iob )
- return NULL;
-
- memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
- hdr = iob->data;
- hdr->fc &= ~IEEE80211_FC_PROTECTED;
-
- /* Strip off IV and use it to initialize cryptosystem */
- memcpy ( &iv, eiob->data + hdrlen, 4 );
- iv &= 0xffffff; /* ignore key ID byte */
- memcpy ( ctx->key, &iv, WEP_IV_LEN );
-
- /* Decrypt the data using RC4 */
- cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key,
- ctx->keylen + WEP_IV_LEN );
- cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen +
- WEP_HEADER_LEN, iob_put ( iob, datalen ), datalen );
-
- /* Strip off ICV and verify it */
- cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen +
- WEP_HEADER_LEN + datalen, &icv, WEP_ICV_LEN );
- crc = ~crc32_le ( ~0, iob->data + hdrlen, datalen );
- if ( crc != icv ) {
- DBGC ( crypto, "WEP %p CRC mismatch: expect %08x, get %08x\n",
- crypto, icv, crc );
- free_iob ( iob );
- return NULL;
- }
- return iob;
-}
-
-/** WEP cryptosystem for 802.11 */
-struct net80211_crypto wep_crypto __net80211_crypto = {
- .algorithm = NET80211_CRYPT_WEP,
- .init = wep_init,
- .encrypt = wep_encrypt,
- .decrypt = wep_decrypt,
- .priv_len = sizeof ( struct wep_ctx ),
-};
-
-/**
- * Initialize trivial 802.11 security handshaker
- *
- * @v dev 802.11 device
- * @v ctx Security handshaker
- *
- * This simply fetches a WEP key from netX/key, and if it exists,
- * installs WEP cryptography on the 802.11 device. No real handshaking
- * is performed.
- */
-static int trivial_init ( struct net80211_device *dev )
-{
- u8 key[WEP_MAX_KEY]; /* support up to 128-bit keys */
- int len;
- int rc;
-
- if ( dev->associating &&
- dev->associating->crypto == NET80211_CRYPT_NONE )
- return 0; /* no crypto? OK. */
-
- len = fetch_setting ( netdev_settings ( dev->netdev ),
- &net80211_key_setting, key, WEP_MAX_KEY );
-
- if ( len <= 0 ) {
- DBGC ( dev, "802.11 %p cannot do WEP without a key\n", dev );
- return -EACCES;
- }
-
- /* Full 128-bit keys are a nonstandard extension, but they're
- utterly trivial to support, so we do. */
- if ( len != 5 && len != 13 && len != 16 ) {
- DBGC ( dev, "802.11 %p invalid WEP key length %d\n",
- dev, len );
- return -EINVAL;
- }
-
- DBGC ( dev, "802.11 %p installing %d-bit WEP\n", dev, len * 8 );
-
- rc = sec80211_install ( &dev->crypto, NET80211_CRYPT_WEP, key, len,
- NULL );
- if ( rc < 0 )
- return rc;
-
- return 0;
-}
-
-/**
- * Check for key change on trivial 802.11 security handshaker
- *
- * @v dev 802.11 device
- * @v ctx Security handshaker
- */
-static int trivial_change_key ( struct net80211_device *dev )
-{
- u8 key[WEP_MAX_KEY];
- int len;
- int change = 0;
-
- /* If going from WEP to clear, or something else to WEP, reassociate. */
- if ( ! dev->crypto || ( dev->crypto->init != wep_init ) )
- change ^= 1;
-
- len = fetch_setting ( netdev_settings ( dev->netdev ),
- &net80211_key_setting, key, WEP_MAX_KEY );
- if ( len <= 0 )
- change ^= 1;
-
- /* Changing crypto type => return nonzero to reassociate. */
- if ( change )
- return -EINVAL;
-
- /* Going from no crypto to still no crypto => nothing to do. */
- if ( len <= 0 )
- return 0;
-
- /* Otherwise, reinitialise WEP with new key. */
- return wep_init ( dev->crypto, key, len, NULL );
-}
-
-/** Trivial 802.11 security handshaker */
-struct net80211_handshaker trivial_handshaker __net80211_handshaker = {
- .protocol = NET80211_SECPROT_NONE,
- .init = trivial_init,
- .change_key = trivial_change_key,
- .priv_len = 0,
-};
diff --git a/gpxe/src/net/80211/wpa.c b/gpxe/src/net/80211/wpa.c
deleted file mode 100644
index 9bac8fe7..00000000
--- a/gpxe/src/net/80211/wpa.c
+++ /dev/null
@@ -1,973 +0,0 @@
-/*
- * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-FILE_LICENCE ( GPL2_OR_LATER );
-
-#include <gpxe/net80211.h>
-#include <gpxe/sec80211.h>
-#include <gpxe/wpa.h>
-#include <gpxe/eapol.h>
-#include <gpxe/crypto.h>
-#include <gpxe/arc4.h>
-#include <gpxe/crc32.h>
-#include <gpxe/sha1.h>
-#include <gpxe/hmac.h>
-#include <gpxe/list.h>
-#include <gpxe/ethernet.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-
-/** @file
- *
- * Handler for the aspects of WPA handshaking that are independent of
- * 802.1X/PSK or TKIP/CCMP; this mostly involves the 4-Way Handshake.
- */
-
-/** List of WPA contexts in active use. */
-struct list_head wpa_contexts = LIST_HEAD_INIT ( wpa_contexts );
-
-
-/**
- * Return an error code and deauthenticate
- *
- * @v ctx WPA common context
- * @v rc Return status code
- * @ret rc The passed return status code
- */
-static int wpa_fail ( struct wpa_common_ctx *ctx, int rc )
-{
- net80211_deauthenticate ( ctx->dev, rc );
- return rc;
-}
-
-
-/**
- * Find a cryptosystem handler structure from a crypto ID
- *
- * @v crypt Cryptosystem ID
- * @ret crypto Cryptosystem handler structure
- *
- * If support for @a crypt is not compiled in to gPXE, or if @a crypt
- * is NET80211_CRYPT_UNKNOWN, returns @c NULL.
- */
-static struct net80211_crypto *
-wpa_find_cryptosystem ( enum net80211_crypto_alg crypt )
-{
- struct net80211_crypto *crypto;
-
- for_each_table_entry ( crypto, NET80211_CRYPTOS ) {
- if ( crypto->algorithm == crypt )
- return crypto;
- }
-
- return NULL;
-}
-
-
-/**
- * Find WPA key integrity and encryption handler from key version field
- *
- * @v ver Version bits of EAPOL-Key info field
- * @ret kie Key integrity and encryption handler
- */
-struct wpa_kie * wpa_find_kie ( int version )
-{
- struct wpa_kie *kie;
-
- for_each_table_entry ( kie, WPA_KIES ) {
- if ( kie->version == version )
- return kie;
- }
-
- return NULL;
-}
-
-
-/**
- * Construct RSN or WPA information element
- *
- * @v dev 802.11 device
- * @ret ie_ret RSN or WPA information element
- * @ret rc Return status code
- *
- * This function allocates, fills, and returns a RSN or WPA
- * information element suitable for including in an association
- * request frame to the network identified by @c dev->associating.
- * If it is impossible to construct an information element consistent
- * with gPXE's capabilities that is compatible with that network, or
- * if none should be sent because that network's beacon included no
- * security information, returns an error indication and leaves
- * @a ie_ret unchanged.
- *
- * The returned IE will be of the same type (RSN or WPA) as was
- * included in the beacon for the network it is destined for.
- */
-int wpa_make_rsn_ie ( struct net80211_device *dev, union ieee80211_ie **ie_ret )
-{
- u8 *rsn, *rsn_end;
- int is_rsn;
- u32 group_cipher;
- enum net80211_crypto_alg gcrypt;
- int ie_len;
- u8 *iep;
- struct ieee80211_ie_rsn *ie;
- struct ieee80211_frame *hdr;
- struct ieee80211_beacon *beacon;
-
- if ( ! dev->associating ) {
- DBG ( "WPA: Can't make RSN IE for a non-associating device\n" );
- return -EINVAL;
- }
-
- hdr = dev->associating->beacon->data;
- beacon = ( struct ieee80211_beacon * ) hdr->data;
- rsn = sec80211_find_rsn ( beacon->info_element,
- dev->associating->beacon->tail, &is_rsn,
- &rsn_end );
- if ( ! rsn ) {
- DBG ( "WPA: Can't make RSN IE when we didn't get one\n" );
- return -EINVAL;
- }
-
- rsn += 2; /* skip version */
- group_cipher = *( u32 * ) rsn;
- gcrypt = sec80211_rsn_get_net80211_crypt ( group_cipher );
-
- if ( ! wpa_find_cryptosystem ( gcrypt ) ||
- ! wpa_find_cryptosystem ( dev->associating->crypto ) ) {
- DBG ( "WPA: No support for (GC:%d, PC:%d)\n",
- gcrypt, dev->associating->crypto );
- return -ENOTSUP;
- }
-
- /* Everything looks good - make our IE. */
-
- /* WPA IEs need 4 more bytes for the OUI+type */
- ie_len = ieee80211_rsn_size ( 1, 1, 0, is_rsn ) + ( 4 * ! is_rsn );
- iep = malloc ( ie_len );
- if ( ! iep )
- return -ENOMEM;
-
- *ie_ret = ( union ieee80211_ie * ) iep;
-
- /* Store ID and length bytes. */
- *iep++ = ( is_rsn ? IEEE80211_IE_RSN : IEEE80211_IE_VENDOR );
- *iep++ = ie_len - 2;
-
- /* Store OUI+type for WPA IEs. */
- if ( ! is_rsn ) {
- *( u32 * ) iep = IEEE80211_WPA_OUI_VEN;
- iep += 4;
- }
-
- /* If this is a WPA IE, the id and len bytes in the
- ieee80211_ie_rsn structure will not be valid, but by doing
- the cast we can fill all the other fields much more
- readily. */
-
- ie = ( struct ieee80211_ie_rsn * ) ( iep - 2 );
- ie->version = IEEE80211_RSN_VERSION;
- ie->group_cipher = group_cipher;
- ie->pairwise_count = 1;
- ie->pairwise_cipher[0] =
- sec80211_rsn_get_crypto_desc ( dev->associating->crypto,
- is_rsn );
- ie->akm_count = 1;
- ie->akm_list[0] =
- sec80211_rsn_get_akm_desc ( dev->associating->handshaking,
- is_rsn );
- if ( is_rsn ) {
- ie->rsn_capab = 0;
- ie->pmkid_count = 0;
- }
-
- return 0;
-}
-
-
-/**
- * Set up generic WPA support to handle 4-Way Handshake
- *
- * @v dev 802.11 device
- * @v ctx WPA common context
- * @v pmk Pairwise Master Key to use for session
- * @v pmk_len Length of PMK, almost always 32
- * @ret rc Return status code
- */
-int wpa_start ( struct net80211_device *dev, struct wpa_common_ctx *ctx,
- const void *pmk, size_t pmk_len )
-{
- struct io_buffer *iob;
- struct ieee80211_frame *hdr;
- struct ieee80211_beacon *beacon;
- u8 *ap_rsn_ie = NULL, *ap_rsn_ie_end;
-
- if ( ! dev->rsn_ie || ! dev->associating )
- return -EINVAL;
-
- ctx->dev = dev;
- memcpy ( ctx->pmk, pmk, ctx->pmk_len = pmk_len );
- ctx->state = WPA_READY;
- ctx->replay = ~0ULL;
-
- iob = dev->associating->beacon;
- hdr = iob->data;
- beacon = ( struct ieee80211_beacon * ) hdr->data;
- ap_rsn_ie = sec80211_find_rsn ( beacon->info_element, iob->tail,
- &ctx->ap_rsn_is_rsn, &ap_rsn_ie_end );
- if ( ap_rsn_ie ) {
- ctx->ap_rsn_ie = malloc ( ap_rsn_ie_end - ap_rsn_ie );
- if ( ! ctx->ap_rsn_ie )
- return -ENOMEM;
- memcpy ( ctx->ap_rsn_ie, ap_rsn_ie, ap_rsn_ie_end - ap_rsn_ie );
- ctx->ap_rsn_ie_len = ap_rsn_ie_end - ap_rsn_ie;
- } else {
- return -ENOENT;
- }
-
- ctx->crypt = dev->associating->crypto;
- ctx->gcrypt = NET80211_CRYPT_UNKNOWN;
-
- list_add_tail ( &ctx->list, &wpa_contexts );
- return 0;
-}
-
-
-/**
- * Disable handling of received WPA handshake frames
- *
- * @v dev 802.11 device
- */
-void wpa_stop ( struct net80211_device *dev )
-{
- struct wpa_common_ctx *ctx, *tmp;
-
- list_for_each_entry_safe ( ctx, tmp, &wpa_contexts, list ) {
- if ( ctx->dev == dev ) {
- free ( ctx->ap_rsn_ie );
- ctx->ap_rsn_ie = NULL;
- list_del ( &ctx->list );
- }
- }
-}
-
-
-/**
- * Check PMKID consistency
- *
- * @v ctx WPA common context
- * @v pmkid PMKID to check against (16 bytes long)
- * @ret rc Zero if they match, or a negative error code if not
- */
-int wpa_check_pmkid ( struct wpa_common_ctx *ctx, const u8 *pmkid )
-{
- u8 sha1_ctx[SHA1_CTX_SIZE];
- u8 my_pmkid[SHA1_SIZE];
- u8 pmk[ctx->pmk_len];
- size_t pmk_len;
- struct {
- char name[8];
- u8 aa[ETH_ALEN];
- u8 spa[ETH_ALEN];
- } __attribute__ (( packed )) pmkid_data;
-
- memcpy ( pmk, ctx->pmk, ctx->pmk_len );
- pmk_len = ctx->pmk_len;
-
- memcpy ( pmkid_data.name, "PMK Name", 8 );
- memcpy ( pmkid_data.aa, ctx->dev->bssid, ETH_ALEN );
- memcpy ( pmkid_data.spa, ctx->dev->netdev->ll_addr, ETH_ALEN );
-
- hmac_init ( &sha1_algorithm, sha1_ctx, pmk, &pmk_len );
- hmac_update ( &sha1_algorithm, sha1_ctx, &pmkid_data,
- sizeof ( pmkid_data ) );
- hmac_final ( &sha1_algorithm, sha1_ctx, pmk, &pmk_len, my_pmkid );
-
- if ( memcmp ( my_pmkid, pmkid, WPA_PMKID_LEN ) != 0 )
- return -EACCES;
-
- return 0;
-}
-
-
-/**
- * Derive pairwise transient key
- *
- * @v ctx WPA common context
- */
-static void wpa_derive_ptk ( struct wpa_common_ctx *ctx )
-{
- struct {
- u8 mac1[ETH_ALEN];
- u8 mac2[ETH_ALEN];
- u8 nonce1[WPA_NONCE_LEN];
- u8 nonce2[WPA_NONCE_LEN];
- } __attribute__ (( packed )) ptk_data;
-
- /* The addresses and nonces are stored in numerical order (!) */
-
- if ( memcmp ( ctx->dev->netdev->ll_addr, ctx->dev->bssid,
- ETH_ALEN ) < 0 ) {
- memcpy ( ptk_data.mac1, ctx->dev->netdev->ll_addr, ETH_ALEN );
- memcpy ( ptk_data.mac2, ctx->dev->bssid, ETH_ALEN );
- } else {
- memcpy ( ptk_data.mac1, ctx->dev->bssid, ETH_ALEN );
- memcpy ( ptk_data.mac2, ctx->dev->netdev->ll_addr, ETH_ALEN );
- }
-
- if ( memcmp ( ctx->Anonce, ctx->Snonce, WPA_NONCE_LEN ) < 0 ) {
- memcpy ( ptk_data.nonce1, ctx->Anonce, WPA_NONCE_LEN );
- memcpy ( ptk_data.nonce2, ctx->Snonce, WPA_NONCE_LEN );
- } else {
- memcpy ( ptk_data.nonce1, ctx->Snonce, WPA_NONCE_LEN );
- memcpy ( ptk_data.nonce2, ctx->Anonce, WPA_NONCE_LEN );
- }
-
- DBGC2 ( ctx, "WPA %p A1 %s, A2 %s\n", ctx, eth_ntoa ( ptk_data.mac1 ),
- eth_ntoa ( ptk_data.mac2 ) );
- DBGC2 ( ctx, "WPA %p Nonce1, Nonce2:\n", ctx );
- DBGC2_HD ( ctx, ptk_data.nonce1, WPA_NONCE_LEN );
- DBGC2_HD ( ctx, ptk_data.nonce2, WPA_NONCE_LEN );
-
- prf_sha1 ( ctx->pmk, ctx->pmk_len,
- "Pairwise key expansion",
- &ptk_data, sizeof ( ptk_data ),
- &ctx->ptk, sizeof ( ctx->ptk ) );
-
- DBGC2 ( ctx, "WPA %p PTK:\n", ctx );
- DBGC2_HD ( ctx, &ctx->ptk, sizeof ( ctx->ptk ) );
-}
-
-
-/**
- * Install pairwise transient key
- *
- * @v ctx WPA common context
- * @v len Key length (16 for CCMP, 32 for TKIP)
- * @ret rc Return status code
- */
-static inline int wpa_install_ptk ( struct wpa_common_ctx *ctx, int len )
-{
- DBGC ( ctx, "WPA %p: installing %d-byte pairwise transient key\n",
- ctx, len );
- DBGC2_HD ( ctx, &ctx->ptk.tk, len );
-
- return sec80211_install ( &ctx->dev->crypto, ctx->crypt,
- &ctx->ptk.tk, len, NULL );
-}
-
-/**
- * Install group transient key
- *
- * @v ctx WPA common context
- * @v len Key length (16 for CCMP, 32 for TKIP)
- * @v rsc Receive sequence counter field in EAPOL-Key packet
- * @ret rc Return status code
- */
-static inline int wpa_install_gtk ( struct wpa_common_ctx *ctx, int len,
- const void *rsc )
-{
- DBGC ( ctx, "WPA %p: installing %d-byte group transient key\n",
- ctx, len );
- DBGC2_HD ( ctx, &ctx->gtk.tk, len );
-
- return sec80211_install ( &ctx->dev->gcrypto, ctx->gcrypt,
- &ctx->gtk.tk, len, rsc );
-}
-
-/**
- * Search for group transient key, and install it if found
- *
- * @v ctx WPA common context
- * @v ie Pointer to first IE in key data field
- * @v ie_end Pointer to first byte not in key data field
- * @v rsc Receive sequence counter field in EAPOL-Key packet
- * @ret rc Return status code
- */
-static int wpa_maybe_install_gtk ( struct wpa_common_ctx *ctx,
- union ieee80211_ie *ie, void *ie_end,
- const void *rsc )
-{
- struct wpa_kde *kde;
-
- if ( ! ieee80211_ie_bound ( ie, ie_end ) )
- return -ENOENT;
-
- while ( ie ) {
- if ( ie->id == IEEE80211_IE_VENDOR &&
- ie->vendor.oui == WPA_KDE_GTK )
- break;
-
- ie = ieee80211_next_ie ( ie, ie_end );
- }
-
- if ( ! ie )
- return -ENOENT;
-
- if ( ie->len - 6u > sizeof ( ctx->gtk.tk ) ) {
- DBGC ( ctx, "WPA %p: GTK KDE is too long (%d bytes, max %d)\n",
- ctx, ie->len - 4, sizeof ( ctx->gtk.tk ) );
- return -EINVAL;
- }
-
- /* XXX We ignore key ID for now. */
- kde = ( struct wpa_kde * ) ie;
- memcpy ( &ctx->gtk.tk, &kde->gtk_encap.gtk, kde->len - 6 );
-
- return wpa_install_gtk ( ctx, kde->len - 6, rsc );
-}
-
-
-/**
- * Allocate I/O buffer for construction of outgoing EAPOL-Key frame
- *
- * @v kdlen Maximum number of bytes in the Key Data field
- * @ret iob Newly allocated I/O buffer
- *
- * The returned buffer will have space reserved for the link-layer and
- * EAPOL headers, and will have @c iob->tail pointing to the start of
- * the Key Data field. Thus, it is necessary to use iob_put() in
- * filling the Key Data.
- */
-static struct io_buffer * wpa_alloc_frame ( int kdlen )
-{
- struct io_buffer *ret = alloc_iob ( sizeof ( struct eapol_key_pkt ) +
- kdlen + EAPOL_HDR_LEN +
- MAX_LL_HEADER_LEN );
- if ( ! ret )
- return NULL;
-
- iob_reserve ( ret, MAX_LL_HEADER_LEN + EAPOL_HDR_LEN );
- memset ( iob_put ( ret, sizeof ( struct eapol_key_pkt ) ), 0,
- sizeof ( struct eapol_key_pkt ) );
-
- return ret;
-}
-
-
-/**
- * Send EAPOL-Key packet
- *
- * @v iob I/O buffer, with sufficient headroom for headers
- * @v dev 802.11 device
- * @v kie Key integrity and encryption handler
- * @v is_rsn If TRUE, handshake uses new RSN format
- * @ret rc Return status code
- *
- * If a KIE is specified, the MIC will be filled in before transmission.
- */
-static int wpa_send_eapol ( struct io_buffer *iob, struct wpa_common_ctx *ctx,
- struct wpa_kie *kie )
-{
- struct eapol_key_pkt *pkt = iob->data;
- struct eapol_frame *eapol = iob_push ( iob, EAPOL_HDR_LEN );
-
- pkt->info = htons ( pkt->info );
- pkt->keysize = htons ( pkt->keysize );
- pkt->datalen = htons ( pkt->datalen );
- pkt->replay = cpu_to_be64 ( pkt->replay );
- eapol->version = EAPOL_THIS_VERSION;
- eapol->type = EAPOL_TYPE_KEY;
- eapol->length = htons ( iob->tail - iob->data - sizeof ( *eapol ) );
-
- memset ( pkt->mic, 0, sizeof ( pkt->mic ) );
- if ( kie )
- kie->mic ( &ctx->ptk.kck, eapol, EAPOL_HDR_LEN +
- sizeof ( *pkt ) + ntohs ( pkt->datalen ),
- pkt->mic );
-
- return net_tx ( iob, ctx->dev->netdev, &eapol_protocol,
- ctx->dev->bssid );
-}
-
-
-/**
- * Send second frame in 4-Way Handshake
- *
- * @v ctx WPA common context
- * @v pkt First frame, to which this is a reply
- * @v is_rsn If TRUE, handshake uses new RSN format
- * @v kie Key integrity and encryption handler
- * @ret rc Return status code
- */
-static int wpa_send_2_of_4 ( struct wpa_common_ctx *ctx,
- struct eapol_key_pkt *pkt, int is_rsn,
- struct wpa_kie *kie )
-{
- struct io_buffer *iob = wpa_alloc_frame ( ctx->dev->rsn_ie->len + 2 );
- struct eapol_key_pkt *npkt;
-
- if ( ! iob )
- return -ENOMEM;
-
- npkt = iob->data;
- memcpy ( npkt, pkt, sizeof ( *pkt ) );
- npkt->info &= ~EAPOL_KEY_INFO_KEY_ACK;
- npkt->info |= EAPOL_KEY_INFO_KEY_MIC;
- if ( is_rsn )
- npkt->keysize = 0;
- memcpy ( npkt->nonce, ctx->Snonce, sizeof ( npkt->nonce ) );
- npkt->datalen = ctx->dev->rsn_ie->len + 2;
- memcpy ( iob_put ( iob, npkt->datalen ), ctx->dev->rsn_ie,
- npkt->datalen );
-
- DBGC ( ctx, "WPA %p: sending 2/4\n", ctx );
-
- return wpa_send_eapol ( iob, ctx, kie );
-}
-
-
-/**
- * Handle receipt of first frame in 4-Way Handshake
- *
- * @v ctx WPA common context
- * @v pkt EAPOL-Key packet
- * @v is_rsn If TRUE, frame uses new RSN format
- * @v kie Key integrity and encryption handler
- * @ret rc Return status code
- */
-static int wpa_handle_1_of_4 ( struct wpa_common_ctx *ctx,
- struct eapol_key_pkt *pkt, int is_rsn,
- struct wpa_kie *kie )
-{
- int rc;
-
- if ( ctx->state == WPA_WAITING )
- return -EINVAL;
-
- ctx->state = WPA_WORKING;
- memcpy ( ctx->Anonce, pkt->nonce, sizeof ( ctx->Anonce ) );
- if ( ! ctx->have_Snonce ) {
- get_random_bytes ( ctx->Snonce, sizeof ( ctx->Snonce ) );
- ctx->have_Snonce = 1;
- }
-
- if ( is_rsn && pkt->datalen ) {
- union ieee80211_ie *ie = ( union ieee80211_ie * ) pkt->data;
- void *ie_end = pkt->data + pkt->datalen;
-
- if ( ! ieee80211_ie_bound ( ie, ie_end ) ) {
- DBGC ( ctx, "WPA %p: malformed PMKID KDE\n", ctx );
- return wpa_fail ( ctx, -EINVAL );
- }
-
- while ( ie ) {
- if ( ie->id == IEEE80211_IE_VENDOR &&
- ie->vendor.oui == WPA_KDE_PMKID ) {
- rc = wpa_check_pmkid ( ctx, ie->vendor.data );
- if ( rc < 0 ) {
- DBGC ( ctx, "WPA %p ALERT: PMKID "
- "mismatch in 1/4\n", ctx );
- return wpa_fail ( ctx, rc );
- }
- }
-
- ie = ieee80211_next_ie ( ie, ie_end );
- }
- }
-
- DBGC ( ctx, "WPA %p: received 1/4, looks OK\n", ctx );
-
- wpa_derive_ptk ( ctx );
-
- return wpa_send_2_of_4 ( ctx, pkt, is_rsn, kie );
-}
-
-
-/**
- * Send fourth frame in 4-Way Handshake, or second in Group Key Handshake
- *
- * @v ctx WPA common context
- * @v pkt EAPOL-Key packet for frame to which we're replying
- * @v is_rsn If TRUE, frame uses new RSN format
- * @v kie Key integrity and encryption handler
- * @ret rc Return status code
- */
-static int wpa_send_final ( struct wpa_common_ctx *ctx,
- struct eapol_key_pkt *pkt, int is_rsn,
- struct wpa_kie *kie )
-{
- struct io_buffer *iob = wpa_alloc_frame ( 0 );
- struct eapol_key_pkt *npkt;
-
- if ( ! iob )
- return -ENOMEM;
-
- npkt = iob->data;
- memcpy ( npkt, pkt, sizeof ( *pkt ) );
- npkt->info &= ~( EAPOL_KEY_INFO_KEY_ACK | EAPOL_KEY_INFO_INSTALL |
- EAPOL_KEY_INFO_KEY_ENC );
- if ( is_rsn )
- npkt->keysize = 0;
- memset ( npkt->nonce, 0, sizeof ( npkt->nonce ) );
- memset ( npkt->iv, 0, sizeof ( npkt->iv ) );
- npkt->datalen = 0;
-
- if ( npkt->info & EAPOL_KEY_INFO_TYPE )
- DBGC ( ctx, "WPA %p: sending 4/4\n", ctx );
- else
- DBGC ( ctx, "WPA %p: sending 2/2\n", ctx );
-
- return wpa_send_eapol ( iob, ctx, kie );
-
-}
-
-
-/**
- * Handle receipt of third frame in 4-Way Handshake
- *
- * @v ctx WPA common context
- * @v pkt EAPOL-Key packet
- * @v is_rsn If TRUE, frame uses new RSN format
- * @v kie Key integrity and encryption handler
- * @ret rc Return status code
- */
-static int wpa_handle_3_of_4 ( struct wpa_common_ctx *ctx,
- struct eapol_key_pkt *pkt, int is_rsn,
- struct wpa_kie *kie )
-{
- int rc;
- u8 *this_rsn, *this_rsn_end;
- u8 *new_rsn, *new_rsn_end;
- int this_is_rsn, new_is_rsn;
-
- if ( ctx->state == WPA_WAITING )
- return -EINVAL;
-
- ctx->state = WPA_WORKING;
-
- /* Check nonce */
- if ( memcmp ( ctx->Anonce, pkt->nonce, WPA_NONCE_LEN ) != 0 ) {
- DBGC ( ctx, "WPA %p ALERT: nonce mismatch in 3/4\n", ctx );
- return wpa_fail ( ctx, -EACCES );
- }
-
- /* Check RSN IE */
- this_rsn = sec80211_find_rsn ( ( union ieee80211_ie * ) pkt->data,
- pkt->data + pkt->datalen,
- &this_is_rsn, &this_rsn_end );
- if ( this_rsn )
- new_rsn = sec80211_find_rsn ( ( union ieee80211_ie * )
- this_rsn_end,
- pkt->data + pkt->datalen,
- &new_is_rsn, &new_rsn_end );
- else
- new_rsn = NULL;
-
- if ( ! ctx->ap_rsn_ie || ! this_rsn ||
- ctx->ap_rsn_ie_len != ( this_rsn_end - this_rsn ) ||
- ctx->ap_rsn_is_rsn != this_is_rsn ||
- memcmp ( ctx->ap_rsn_ie, this_rsn, ctx->ap_rsn_ie_len ) != 0 ) {
- DBGC ( ctx, "WPA %p ALERT: RSN mismatch in 3/4\n", ctx );
- DBGC2 ( ctx, "WPA %p RSNs (in 3/4, in beacon):\n", ctx );
- DBGC2_HD ( ctx, this_rsn, this_rsn_end - this_rsn );
- DBGC2_HD ( ctx, ctx->ap_rsn_ie, ctx->ap_rsn_ie_len );
- return wpa_fail ( ctx, -EACCES );
- }
-
- /* Don't switch if they just supplied both styles of IE
- simultaneously; we need two RSN IEs or two WPA IEs to
- switch ciphers. They'll be immediately consecutive because
- of ordering guarantees. */
- if ( new_rsn && this_is_rsn == new_is_rsn ) {
- struct net80211_wlan *assoc = ctx->dev->associating;
- DBGC ( ctx, "WPA %p: accommodating bait-and-switch tactics\n",
- ctx );
- DBGC2 ( ctx, "WPA %p RSNs (in 3/4+beacon, new in 3/4):\n",
- ctx );
- DBGC2_HD ( ctx, this_rsn, this_rsn_end - this_rsn );
- DBGC2_HD ( ctx, new_rsn, new_rsn_end - new_rsn );
-
- if ( ( rc = sec80211_detect_ie ( new_is_rsn, new_rsn,
- new_rsn_end,
- &assoc->handshaking,
- &assoc->crypto ) ) != 0 )
- DBGC ( ctx, "WPA %p: bait-and-switch invalid, staying "
- "with original request\n", ctx );
- } else {
- new_rsn = this_rsn;
- new_is_rsn = this_is_rsn;
- new_rsn_end = this_rsn_end;
- }
-
- /* Grab group cryptosystem ID */
- ctx->gcrypt = sec80211_rsn_get_net80211_crypt ( *( u32 * )
- ( new_rsn + 2 ) );
-
- /* Check for a GTK, if info field is encrypted */
- if ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) {
- rc = wpa_maybe_install_gtk ( ctx,
- ( union ieee80211_ie * ) pkt->data,
- pkt->data + pkt->datalen,
- pkt->rsc );
- if ( rc < 0 ) {
- DBGC ( ctx, "WPA %p did not install GTK in 3/4: %s\n",
- ctx, strerror ( rc ) );
- if ( rc != -ENOENT )
- return wpa_fail ( ctx, rc );
- }
- }
-
- DBGC ( ctx, "WPA %p: received 3/4, looks OK\n", ctx );
-
- /* Send final message */
- rc = wpa_send_final ( ctx, pkt, is_rsn, kie );
- if ( rc < 0 )
- return wpa_fail ( ctx, rc );
-
- /* Install PTK */
- rc = wpa_install_ptk ( ctx, pkt->keysize );
- if ( rc < 0 ) {
- DBGC ( ctx, "WPA %p failed to install PTK: %s\n", ctx,
- strerror ( rc ) );
- return wpa_fail ( ctx, rc );
- }
-
- /* Mark us as needing a new Snonce if we rekey */
- ctx->have_Snonce = 0;
-
- /* Done! */
- ctx->state = WPA_SUCCESS;
- return 0;
-}
-
-
-/**
- * Handle receipt of first frame in Group Key Handshake
- *
- * @v ctx WPA common context
- * @v pkt EAPOL-Key packet
- * @v is_rsn If TRUE, frame uses new RSN format
- * @v kie Key integrity and encryption handler
- * @ret rc Return status code
- */
-static int wpa_handle_1_of_2 ( struct wpa_common_ctx *ctx,
- struct eapol_key_pkt *pkt, int is_rsn,
- struct wpa_kie *kie )
-{
- int rc;
-
- /*
- * WPA and RSN do this completely differently.
- *
- * The idea of encoding the GTK (or PMKID, or various other
- * things) into a KDE that looks like an information element
- * is an RSN innovation; old WPA code never encapsulates
- * things like that. If it looks like an info element, it
- * really is (for the WPA IE check in frames 2/4 and 3/4). The
- * "key data encrypted" bit in the info field is also specific
- * to RSN.
- *
- * So from an old WPA host, 3/4 does not contain an
- * encapsulated GTK. The first frame of the GK handshake
- * contains it, encrypted, but without a KDE wrapper, and with
- * the key ID field (which gPXE doesn't use) shoved away in
- * the reserved bits in the info field, and the TxRx bit
- * stealing the Install bit's spot.
- */
-
- if ( is_rsn && ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) ) {
- rc = wpa_maybe_install_gtk ( ctx,
- ( union ieee80211_ie * ) pkt->data,
- pkt->data + pkt->datalen,
- pkt->rsc );
- if ( rc < 0 ) {
- DBGC ( ctx, "WPA %p: failed to install GTK in 1/2: "
- "%s\n", ctx, strerror ( rc ) );
- return wpa_fail ( ctx, rc );
- }
- } else {
- rc = kie->decrypt ( &ctx->ptk.kek, pkt->iv, pkt->data,
- &pkt->datalen );
- if ( rc < 0 ) {
- DBGC ( ctx, "WPA %p: failed to decrypt GTK: %s\n",
- ctx, strerror ( rc ) );
- return rc; /* non-fatal */
- }
- if ( pkt->datalen > sizeof ( ctx->gtk.tk ) ) {
- DBGC ( ctx, "WPA %p: too much GTK data (%d > %d)\n",
- ctx, pkt->datalen, sizeof ( ctx->gtk.tk ) );
- return wpa_fail ( ctx, -EINVAL );
- }
-
- memcpy ( &ctx->gtk.tk, pkt->data, pkt->datalen );
- wpa_install_gtk ( ctx, pkt->datalen, pkt->rsc );
- }
-
- DBGC ( ctx, "WPA %p: received 1/2, looks OK\n", ctx );
-
- return wpa_send_final ( ctx, pkt, is_rsn, kie );
-}
-
-
-/**
- * Handle receipt of EAPOL-Key frame for WPA
- *
- * @v iob I/O buffer
- * @v netdev Network device
- * @v ll_source Source link-layer address
- */
-static int eapol_key_rx ( struct io_buffer *iob, struct net_device *netdev,
- const void *ll_source )
-{
- struct net80211_device *dev = net80211_get ( netdev );
- struct eapol_key_pkt *pkt = iob->data;
- int is_rsn, found_ctx;
- struct wpa_common_ctx *ctx;
- int rc = 0;
- struct wpa_kie *kie;
- u8 their_mic[16], our_mic[16];
-
- if ( pkt->type != EAPOL_KEY_TYPE_WPA &&
- pkt->type != EAPOL_KEY_TYPE_RSN ) {
- DBG ( "EAPOL-Key: packet not of 802.11 type\n" );
- rc = -EINVAL;
- goto drop;
- }
-
- is_rsn = ( pkt->type == EAPOL_KEY_TYPE_RSN );
-
- if ( ! dev ) {
- DBG ( "EAPOL-Key: packet not from 802.11\n" );
- rc = -EINVAL;
- goto drop;
- }
-
- if ( memcmp ( dev->bssid, ll_source, ETH_ALEN ) != 0 ) {
- DBG ( "EAPOL-Key: packet not from associated AP\n" );
- rc = -EINVAL;
- goto drop;
- }
-
- if ( ! ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_KEY_ACK ) ) {
- DBG ( "EAPOL-Key: packet sent in wrong direction\n" );
- rc = -EINVAL;
- goto drop;
- }
-
- found_ctx = 0;
- list_for_each_entry ( ctx, &wpa_contexts, list ) {
- if ( ctx->dev == dev ) {
- found_ctx = 1;
- break;
- }
- }
-
- if ( ! found_ctx ) {
- DBG ( "EAPOL-Key: no WPA context to handle packet for %p\n",
- dev );
- rc = -ENOENT;
- goto drop;
- }
-
- if ( ( void * ) ( pkt + 1 ) + ntohs ( pkt->datalen ) > iob->tail ) {
- DBGC ( ctx, "WPA %p: packet truncated (has %d extra bytes, "
- "states %d)\n", ctx, iob->tail - ( void * ) ( pkt + 1 ),
- ntohs ( pkt->datalen ) );
- rc = -EINVAL;
- goto drop;
- }
-
- /* Get a handle on key integrity/encryption handler */
- kie = wpa_find_kie ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_VERSION );
- if ( ! kie ) {
- DBGC ( ctx, "WPA %p: no support for packet version %d\n", ctx,
- ntohs ( pkt->info ) & EAPOL_KEY_INFO_VERSION );
- rc = wpa_fail ( ctx, -ENOTSUP );
- goto drop;
- }
-
- /* Check MIC */
- if ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_KEY_MIC ) {
- memcpy ( their_mic, pkt->mic, sizeof ( pkt->mic ) );
- memset ( pkt->mic, 0, sizeof ( pkt->mic ) );
- kie->mic ( &ctx->ptk.kck, ( void * ) pkt - EAPOL_HDR_LEN,
- EAPOL_HDR_LEN + sizeof ( *pkt ) +
- ntohs ( pkt->datalen ), our_mic );
- DBGC2 ( ctx, "WPA %p MIC comparison (theirs, ours):\n", ctx );
- DBGC2_HD ( ctx, their_mic, 16 );
- DBGC2_HD ( ctx, our_mic, 16 );
- if ( memcmp ( their_mic, our_mic, sizeof ( pkt->mic ) ) != 0 ) {
- DBGC ( ctx, "WPA %p: EAPOL MIC failure\n", ctx );
- goto drop;
- }
- }
-
- /* Fix byte order to local */
- pkt->info = ntohs ( pkt->info );
- pkt->keysize = ntohs ( pkt->keysize );
- pkt->datalen = ntohs ( pkt->datalen );
- pkt->replay = be64_to_cpu ( pkt->replay );
-
- /* Check replay counter */
- if ( ctx->replay != ~0ULL && ctx->replay >= pkt->replay ) {
- DBGC ( ctx, "WPA %p ALERT: Replay detected! "
- "(%08x:%08x >= %08x:%08x)\n", ctx,
- ( u32 ) ( ctx->replay >> 32 ), ( u32 ) ctx->replay,
- ( u32 ) ( pkt->replay >> 32 ), ( u32 ) pkt->replay );
- rc = 0; /* ignore without error */
- goto drop;
- }
- ctx->replay = pkt->replay;
-
- /* Decrypt key data */
- if ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) {
- rc = kie->decrypt ( &ctx->ptk.kek, pkt->iv, pkt->data,
- &pkt->datalen );
- if ( rc < 0 ) {
- DBGC ( ctx, "WPA %p: failed to decrypt packet: %s\n",
- ctx, strerror ( rc ) );
- goto drop;
- }
- }
-
- /* Hand it off to appropriate handler */
- switch ( pkt->info & ( EAPOL_KEY_INFO_TYPE |
- EAPOL_KEY_INFO_KEY_MIC ) ) {
- case EAPOL_KEY_TYPE_PTK:
- rc = wpa_handle_1_of_4 ( ctx, pkt, is_rsn, kie );
- break;
-
- case EAPOL_KEY_TYPE_PTK | EAPOL_KEY_INFO_KEY_MIC:
- rc = wpa_handle_3_of_4 ( ctx, pkt, is_rsn, kie );
- break;
-
- case EAPOL_KEY_TYPE_GTK | EAPOL_KEY_INFO_KEY_MIC:
- rc = wpa_handle_1_of_2 ( ctx, pkt, is_rsn, kie );
- break;
-
- default:
- DBGC ( ctx, "WPA %p: Invalid combination of key flags %04x\n",
- ctx, pkt->info );
- rc = -EINVAL;
- break;
- }
-
- drop:
- free_iob ( iob );
- return rc;
-}
-
-struct eapol_handler eapol_key_handler __eapol_handler = {
- .type = EAPOL_TYPE_KEY,
- .rx = eapol_key_rx,
-};
-
-/* WPA always needs EAPOL in order to be useful */
-REQUIRE_OBJECT ( eapol );
diff --git a/gpxe/src/net/80211/wpa_ccmp.c b/gpxe/src/net/80211/wpa_ccmp.c
deleted file mode 100644
index 08b1e17b..00000000
--- a/gpxe/src/net/80211/wpa_ccmp.c
+++ /dev/null
@@ -1,528 +0,0 @@
-/*
- * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-FILE_LICENCE ( GPL2_OR_LATER );
-
-#include <gpxe/net80211.h>
-#include <gpxe/crypto.h>
-#include <gpxe/hmac.h>
-#include <gpxe/sha1.h>
-#include <gpxe/aes.h>
-#include <gpxe/wpa.h>
-#include <byteswap.h>
-#include <errno.h>
-
-/** @file
- *
- * Backend for WPA using the CCMP encryption method
- */
-
-/** Context for CCMP encryption and decryption */
-struct ccmp_ctx
-{
- /** AES context - only ever used for encryption */
- u8 aes_ctx[AES_CTX_SIZE];
-
- /** Most recently sent packet number */
- u64 tx_seq;
-
- /** Most recently received packet number */
- u64 rx_seq;
-};
-
-/** Header structure at the beginning of CCMP frame data */
-struct ccmp_head
-{
- u8 pn_lo[2]; /**< Bytes 0 and 1 of packet number */
- u8 _rsvd; /**< Reserved byte */
- u8 kid; /**< Key ID and ExtIV byte */
- u8 pn_hi[4]; /**< Bytes 2-5 (2 first) of packet number */
-} __attribute__ (( packed ));
-
-
-/** CCMP header overhead */
-#define CCMP_HEAD_LEN 8
-
-/** CCMP MIC trailer overhead */
-#define CCMP_MIC_LEN 8
-
-/** CCMP nonce length */
-#define CCMP_NONCE_LEN 13
-
-/** CCMP nonce structure */
-struct ccmp_nonce
-{
- u8 prio; /**< Packet priority, 0 for non-QoS */
- u8 a2[ETH_ALEN]; /**< Address 2 from packet header (sender) */
- u8 pn[6]; /**< Packet number */
-} __attribute__ (( packed ));
-
-/** CCMP additional authentication data length (for non-QoS, non-WDS frames) */
-#define CCMP_AAD_LEN 22
-
-/** CCMP additional authentication data structure */
-struct ccmp_aad
-{
- u16 fc; /**< Frame Control field */
- u8 a1[6]; /**< Address 1 */
- u8 a2[6]; /**< Address 2 */
- u8 a3[6]; /**< Address 3 */
- u16 seq; /**< Sequence Control field */
- /* Address 4 and QoS Control are included if present */
-} __attribute__ (( packed ));
-
-/** Mask for Frame Control field in AAD */
-#define CCMP_AAD_FC_MASK 0xC38F
-
-/** Mask for Sequence Control field in AAD */
-#define CCMP_AAD_SEQ_MASK 0x000F
-
-
-/**
- * Convert 6-byte LSB packet number to 64-bit integer
- *
- * @v pn Pointer to 6-byte packet number
- * @ret v 64-bit integer value of @a pn
- */
-static u64 pn_to_u64 ( const u8 *pn )
-{
- int i;
- u64 ret = 0;
-
- for ( i = 5; i >= 0; i-- ) {
- ret <<= 8;
- ret |= pn[i];
- }
-
- return ret;
-}
-
-/**
- * Convert 64-bit integer to 6-byte packet number
- *
- * @v v 64-bit integer
- * @v msb If TRUE, reverse the output PN to be in MSB order
- * @ret pn 6-byte packet number
- *
- * The PN is stored in LSB order in the packet header and in MSB order
- * in the nonce. WHYYYYY?
- */
-static void u64_to_pn ( u64 v, u8 *pn, int msb )
-{
- int i;
- u8 *pnp = pn + ( msb ? 5 : 0 );
- int delta = ( msb ? -1 : +1 );
-
- for ( i = 0; i < 6; i++ ) {
- *pnp = v & 0xFF;
- pnp += delta;
- v >>= 8;
- }
-}
-
-/** Value for @a msb argument of u64_to_pn() for MSB output */
-#define PN_MSB 1
-
-/** Value for @a msb argument of u64_to_pn() for LSB output */
-#define PN_LSB 0
-
-
-
-/**
- * Initialise CCMP state and install key
- *
- * @v crypto CCMP cryptosystem structure
- * @v key Pointer to 16-byte temporal key to install
- * @v keylen Length of key (16 bytes)
- * @v rsc Initial receive sequence counter
- */
-static int ccmp_init ( struct net80211_crypto *crypto, const void *key,
- int keylen, const void *rsc )
-{
- struct ccmp_ctx *ctx = crypto->priv;
-
- if ( keylen != 16 )
- return -EINVAL;
-
- if ( rsc )
- ctx->rx_seq = pn_to_u64 ( rsc );
-
- cipher_setkey ( &aes_algorithm, ctx->aes_ctx, key, keylen );
-
- return 0;
-}
-
-
-/**
- * Encrypt or decrypt data stream using AES in Counter mode
- *
- * @v ctx CCMP cryptosystem context
- * @v nonce Nonce value, 13 bytes
- * @v srcv Data to encrypt or decrypt
- * @v len Number of bytes pointed to by @a src
- * @v msrcv MIC value to encrypt or decrypt (may be NULL)
- * @ret destv Encrypted or decrypted data
- * @ret mdestv Encrypted or decrypted MIC value
- *
- * This assumes CCMP parameters of L=2 and M=8. The algorithm is
- * defined in RFC 3610.
- */
-static void ccmp_ctr_xor ( struct ccmp_ctx *ctx, const void *nonce,
- const void *srcv, void *destv, int len,
- const void *msrcv, void *mdestv )
-{
- u8 A[16], S[16];
- u16 ctr;
- int i;
- const u8 *src = srcv, *msrc = msrcv;
- u8 *dest = destv, *mdest = mdestv;
-
- A[0] = 0x01; /* flags, L' = L - 1 = 1, other bits rsvd */
- memcpy ( A + 1, nonce, CCMP_NONCE_LEN );
-
- if ( msrcv ) {
- A[14] = A[15] = 0;
-
- cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, A, S, 16 );
-
- for ( i = 0; i < 8; i++ ) {
- *mdest++ = *msrc++ ^ S[i];
- }
- }
-
- for ( ctr = 1 ;; ctr++ ) {
- A[14] = ctr >> 8;
- A[15] = ctr & 0xFF;
-
- cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, A, S, 16 );
-
- for ( i = 0; i < len && i < 16; i++ )
- *dest++ = *src++ ^ S[i];
-
- if ( len <= 16 )
- break; /* we're done */
-
- len -= 16;
- }
-}
-
-
-/**
- * Advance one block in CBC-MAC calculation
- *
- * @v aes_ctx AES encryption context with key set
- * @v B Cleartext block to incorporate (16 bytes)
- * @v X Previous ciphertext block (16 bytes)
- * @ret B Clobbered
- * @ret X New ciphertext block (16 bytes)
- *
- * This function does X := E[key] ( X ^ B ).
- */
-static void ccmp_feed_cbc_mac ( void *aes_ctx, u8 *B, u8 *X )
-{
- int i;
- for ( i = 0; i < 16; i++ )
- B[i] ^= X[i];
- cipher_encrypt ( &aes_algorithm, aes_ctx, B, X, 16 );
-}
-
-
-/**
- * Calculate MIC on plaintext data using CBC-MAC
- *
- * @v ctx CCMP cryptosystem context
- * @v nonce Nonce value, 13 bytes
- * @v data Data to calculate MIC over
- * @v datalen Length of @a data
- * @v aad Additional authentication data, for MIC but not encryption
- * @ret mic MIC value (unencrypted), 8 bytes
- *
- * @a aadlen is assumed to be 22 bytes long, as it always is for
- * 802.11 use when transmitting non-QoS, not-between-APs frames (the
- * only type we deal with).
- */
-static void ccmp_cbc_mac ( struct ccmp_ctx *ctx, const void *nonce,
- const void *data, u16 datalen,
- const void *aad, void *mic )
-{
- u8 X[16], B[16];
-
- /* Zeroth block: flags, nonce, length */
-
- /* Rsv AAD - M'- - L'-
- * 0 1 0 1 1 0 0 1 for an 8-byte MAC and 2-byte message length
- */
- B[0] = 0x59;
- memcpy ( B + 1, nonce, CCMP_NONCE_LEN );
- B[14] = datalen >> 8;
- B[15] = datalen & 0xFF;
-
- cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, B, X, 16 );
-
- /* First block: AAD length field and 14 bytes of AAD */
- B[0] = 0;
- B[1] = CCMP_AAD_LEN;
- memcpy ( B + 2, aad, 14 );
-
- ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
-
- /* Second block: Remaining 8 bytes of AAD, 8 bytes zero pad */
- memcpy ( B, aad + 14, 8 );
- memset ( B + 8, 0, 8 );
-
- ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
-
- /* Message blocks */
- while ( datalen ) {
- if ( datalen >= 16 ) {
- memcpy ( B, data, 16 );
- datalen -= 16;
- } else {
- memcpy ( B, data, datalen );
- memset ( B + datalen, 0, 16 - datalen );
- datalen = 0;
- }
-
- ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
-
- data += 16;
- }
-
- /* Get MIC from final value of X */
- memcpy ( mic, X, 8 );
-}
-
-
-/**
- * Encapsulate and encrypt a packet using CCMP
- *
- * @v crypto CCMP cryptosystem
- * @v iob I/O buffer containing cleartext packet
- * @ret eiob I/O buffer containing encrypted packet
- */
-struct io_buffer * ccmp_encrypt ( struct net80211_crypto *crypto,
- struct io_buffer *iob )
-{
- struct ccmp_ctx *ctx = crypto->priv;
- struct ieee80211_frame *hdr = iob->data;
- struct io_buffer *eiob;
- const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
- int datalen = iob_len ( iob ) - hdrlen;
- struct ccmp_head head;
- struct ccmp_nonce nonce;
- struct ccmp_aad aad;
- u8 mic[8], tx_pn[6];
- void *edata, *emic;
-
- ctx->tx_seq++;
- u64_to_pn ( ctx->tx_seq, tx_pn, PN_LSB );
-
- /* Allocate memory */
- eiob = alloc_iob ( iob_len ( iob ) + CCMP_HEAD_LEN + CCMP_MIC_LEN );
- if ( ! eiob )
- return NULL;
-
- /* Copy frame header */
- memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
- hdr = eiob->data;
- hdr->fc |= IEEE80211_FC_PROTECTED;
-
- /* Fill in packet number and extended IV */
- memcpy ( head.pn_lo, tx_pn, 2 );
- memcpy ( head.pn_hi, tx_pn + 2, 4 );
- head.kid = 0x20; /* have Extended IV, key ID 0 */
- head._rsvd = 0;
- memcpy ( iob_put ( eiob, sizeof ( head ) ), &head, sizeof ( head ) );
-
- /* Form nonce */
- nonce.prio = 0;
- memcpy ( nonce.a2, hdr->addr2, ETH_ALEN );
- u64_to_pn ( ctx->tx_seq, nonce.pn, PN_MSB );
-
- /* Form additional authentication data */
- aad.fc = hdr->fc & CCMP_AAD_FC_MASK;
- memcpy ( aad.a1, hdr->addr1, 3 * ETH_ALEN ); /* all 3 at once */
- aad.seq = hdr->seq & CCMP_AAD_SEQ_MASK;
-
- /* Calculate MIC over the data */
- ccmp_cbc_mac ( ctx, &nonce, iob->data + hdrlen, datalen, &aad, mic );
-
- /* Copy and encrypt data and MIC */
- edata = iob_put ( eiob, datalen );
- emic = iob_put ( eiob, CCMP_MIC_LEN );
- ccmp_ctr_xor ( ctx, &nonce,
- iob->data + hdrlen, edata, datalen,
- mic, emic );
-
- /* Done! */
- DBGC2 ( ctx, "WPA-CCMP %p: encrypted packet %p -> %p\n", ctx,
- iob, eiob );
-
- return eiob;
-}
-
-/**
- * Decrypt a packet using CCMP
- *
- * @v crypto CCMP cryptosystem
- * @v eiob I/O buffer containing encrypted packet
- * @ret iob I/O buffer containing cleartext packet
- */
-static struct io_buffer * ccmp_decrypt ( struct net80211_crypto *crypto,
- struct io_buffer *eiob )
-{
- struct ccmp_ctx *ctx = crypto->priv;
- struct ieee80211_frame *hdr;
- struct io_buffer *iob;
- const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
- int datalen = iob_len ( eiob ) - hdrlen - CCMP_HEAD_LEN - CCMP_MIC_LEN;
- struct ccmp_head *head;
- struct ccmp_nonce nonce;
- struct ccmp_aad aad;
- u8 rx_pn[6], their_mic[8], our_mic[8];
-
- iob = alloc_iob ( hdrlen + datalen );
- if ( ! iob )
- return NULL;
-
- /* Copy frame header */
- memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
- hdr = iob->data;
- hdr->fc &= ~IEEE80211_FC_PROTECTED;
-
- /* Check and update RX packet number */
- head = eiob->data + hdrlen;
- memcpy ( rx_pn, head->pn_lo, 2 );
- memcpy ( rx_pn + 2, head->pn_hi, 4 );
-
- if ( pn_to_u64 ( rx_pn ) <= ctx->rx_seq ) {
- DBGC ( ctx, "WPA-CCMP %p: packet received out of order "
- "(%012llx <= %012llx)\n", ctx, pn_to_u64 ( rx_pn ),
- ctx->rx_seq );
- free_iob ( iob );
- return NULL;
- }
-
- ctx->rx_seq = pn_to_u64 ( rx_pn );
- DBGC2 ( ctx, "WPA-CCMP %p: RX packet number %012llx\n", ctx, ctx->rx_seq );
-
- /* Form nonce */
- nonce.prio = 0;
- memcpy ( nonce.a2, hdr->addr2, ETH_ALEN );
- u64_to_pn ( ctx->rx_seq, nonce.pn, PN_MSB );
-
- /* Form additional authentication data */
- aad.fc = ( hdr->fc & CCMP_AAD_FC_MASK ) | IEEE80211_FC_PROTECTED;
- memcpy ( aad.a1, hdr->addr1, 3 * ETH_ALEN ); /* all 3 at once */
- aad.seq = hdr->seq & CCMP_AAD_SEQ_MASK;
-
- /* Copy-decrypt data and MIC */
- ccmp_ctr_xor ( ctx, &nonce, eiob->data + hdrlen + sizeof ( *head ),
- iob_put ( iob, datalen ), datalen,
- eiob->tail - CCMP_MIC_LEN, their_mic );
-
- /* Check MIC */
- ccmp_cbc_mac ( ctx, &nonce, iob->data + hdrlen, datalen, &aad,
- our_mic );
-
- if ( memcmp ( their_mic, our_mic, CCMP_MIC_LEN ) != 0 ) {
- DBGC2 ( ctx, "WPA-CCMP %p: MIC failure\n", ctx );
- free_iob ( iob );
- return NULL;
- }
-
- DBGC2 ( ctx, "WPA-CCMP %p: decrypted packet %p -> %p\n", ctx,
- eiob, iob );
-
- return iob;
-}
-
-
-/** CCMP cryptosystem */
-struct net80211_crypto ccmp_crypto __net80211_crypto = {
- .algorithm = NET80211_CRYPT_CCMP,
- .init = ccmp_init,
- .encrypt = ccmp_encrypt,
- .decrypt = ccmp_decrypt,
- .priv_len = sizeof ( struct ccmp_ctx ),
-};
-
-
-
-
-/**
- * Calculate HMAC-SHA1 MIC for EAPOL-Key frame
- *
- * @v kck Key Confirmation Key, 16 bytes
- * @v msg Message to calculate MIC over
- * @v len Number of bytes to calculate MIC over
- * @ret mic Calculated MIC, 16 bytes long
- */
-static void ccmp_kie_mic ( const void *kck, const void *msg, size_t len,
- void *mic )
-{
- u8 sha1_ctx[SHA1_CTX_SIZE];
- u8 kckb[16];
- u8 hash[SHA1_SIZE];
- size_t kck_len = 16;
-
- memcpy ( kckb, kck, kck_len );
-
- hmac_init ( &sha1_algorithm, sha1_ctx, kckb, &kck_len );
- hmac_update ( &sha1_algorithm, sha1_ctx, msg, len );
- hmac_final ( &sha1_algorithm, sha1_ctx, kckb, &kck_len, hash );
-
- memcpy ( mic, hash, 16 );
-}
-
-/**
- * Decrypt key data in EAPOL-Key frame
- *
- * @v kek Key Encryption Key, 16 bytes
- * @v iv Initialisation vector, 16 bytes (unused)
- * @v msg Message to decrypt
- * @v len Length of message
- * @ret msg Decrypted message in place of original
- * @ret len Adjusted downward for 8 bytes of overhead
- * @ret rc Return status code
- *
- * The returned message may still contain padding of 0xDD followed by
- * zero or more 0x00 octets. It is impossible to remove the padding
- * without parsing the IEs in the packet (another design decision that
- * tends to make one question the 802.11i committee's intelligence...)
- */
-static int ccmp_kie_decrypt ( const void *kek, const void *iv __unused,
- void *msg, u16 *len )
-{
- if ( *len % 8 != 0 )
- return -EINVAL;
-
- if ( aes_unwrap ( kek, msg, msg, *len / 8 - 1 ) != 0 )
- return -EINVAL;
-
- *len -= 8;
-
- return 0;
-}
-
-/** CCMP-style key integrity and encryption handler */
-struct wpa_kie ccmp_kie __wpa_kie = {
- .version = EAPOL_KEY_VERSION_WPA2,
- .mic = ccmp_kie_mic,
- .decrypt = ccmp_kie_decrypt,
-};
diff --git a/gpxe/src/net/80211/wpa_psk.c b/gpxe/src/net/80211/wpa_psk.c
deleted file mode 100644
index e7521682..00000000
--- a/gpxe/src/net/80211/wpa_psk.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-FILE_LICENCE ( GPL2_OR_LATER );
-
-#include <gpxe/net80211.h>
-#include <gpxe/sha1.h>
-#include <gpxe/wpa.h>
-#include <errno.h>
-
-/** @file
- *
- * Frontend for WPA using a pre-shared key.
- */
-
-/**
- * Initialise WPA-PSK state
- *
- * @v dev 802.11 device
- * @ret rc Return status code
- */
-static int wpa_psk_init ( struct net80211_device *dev )
-{
- return wpa_make_rsn_ie ( dev, &dev->rsn_ie );
-}
-
-/**
- * Start WPA-PSK authentication
- *
- * @v dev 802.11 device
- * @ret rc Return status code
- */
-static int wpa_psk_start ( struct net80211_device *dev )
-{
- char passphrase[64+1];
- u8 pmk[WPA_PMK_LEN];
- int len;
- struct wpa_common_ctx *ctx = dev->handshaker->priv;
-
- len = fetch_string_setting ( netdev_settings ( dev->netdev ),
- &net80211_key_setting, passphrase,
- 64 + 1 );
-
- if ( len <= 0 ) {
- DBGC ( ctx, "WPA-PSK %p: no passphrase provided!\n", ctx );
- net80211_deauthenticate ( dev, -EACCES );
- return -EACCES;
- }
-
- pbkdf2_sha1 ( passphrase, len, dev->essid, strlen ( dev->essid ),
- 4096, pmk, WPA_PMK_LEN );
-
- DBGC ( ctx, "WPA-PSK %p: derived PMK from passphrase `%s':\n", ctx,
- passphrase );
- DBGC_HD ( ctx, pmk, WPA_PMK_LEN );
-
- return wpa_start ( dev, ctx, pmk, WPA_PMK_LEN );
-}
-
-/**
- * Step WPA-PSK authentication
- *
- * @v dev 802.11 device
- * @ret rc Return status code
- */
-static int wpa_psk_step ( struct net80211_device *dev )
-{
- struct wpa_common_ctx *ctx = dev->handshaker->priv;
-
- switch ( ctx->state ) {
- case WPA_SUCCESS:
- return 1;
- case WPA_FAILURE:
- return -EACCES;
- default:
- return 0;
- }
-}
-
-/**
- * Do-nothing function; you can't change a WPA key post-authentication
- *
- * @v dev 802.11 device
- * @ret rc Return status code
- */
-static int wpa_psk_no_change_key ( struct net80211_device *dev __unused )
-{
- return 0;
-}
-
-/**
- * Disable handling of received WPA authentication frames
- *
- * @v dev 802.11 device
- */
-static void wpa_psk_stop ( struct net80211_device *dev )
-{
- wpa_stop ( dev );
-}
-
-/** WPA-PSK security handshaker */
-struct net80211_handshaker wpa_psk_handshaker __net80211_handshaker = {
- .protocol = NET80211_SECPROT_PSK,
- .init = wpa_psk_init,
- .start = wpa_psk_start,
- .step = wpa_psk_step,
- .change_key = wpa_psk_no_change_key,
- .stop = wpa_psk_stop,
- .priv_len = sizeof ( struct wpa_common_ctx ),
-};
diff --git a/gpxe/src/net/80211/wpa_tkip.c b/gpxe/src/net/80211/wpa_tkip.c
deleted file mode 100644
index 0cb697fa..00000000
--- a/gpxe/src/net/80211/wpa_tkip.c
+++ /dev/null
@@ -1,586 +0,0 @@
-/*
- * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-FILE_LICENCE ( GPL2_OR_LATER );
-
-#include <gpxe/net80211.h>
-#include <gpxe/crypto.h>
-#include <gpxe/hmac.h>
-#include <gpxe/sha1.h>
-#include <gpxe/md5.h>
-#include <gpxe/crc32.h>
-#include <gpxe/arc4.h>
-#include <gpxe/wpa.h>
-#include <byteswap.h>
-#include <errno.h>
-
-/** @file
- *
- * Backend for WPA using the TKIP encryption standard.
- */
-
-/** Context for one direction of TKIP, either encryption or decryption */
-struct tkip_dir_ctx
-{
- /** High 32 bits of last sequence counter value used */
- u32 tsc_hi;
-
- /** Low 32 bits of last sequence counter value used */
- u16 tsc_lo;
-
- /** MAC address used to derive TTAK */
- u8 mac[ETH_ALEN];
-
- /** If TRUE, TTAK is valid */
- u16 ttak_ok;
-
- /** TKIP-mixed transmit address and key, depends on tsc_hi and MAC */
- u16 ttak[5];
-};
-
-/** Context for TKIP encryption and decryption */
-struct tkip_ctx
-{
- /** Temporal key to use */
- struct tkip_tk tk;
-
- /** State for encryption */
- struct tkip_dir_ctx enc;
-
- /** State for decryption */
- struct tkip_dir_ctx dec;
-};
-
-/** Header structure at the beginning of TKIP frame data */
-struct tkip_head
-{
- u8 tsc1; /**< High byte of low 16 bits of TSC */
- u8 seed1; /**< Second byte of WEP seed */
- u8 tsc0; /**< Low byte of TSC */
- u8 kid; /**< Key ID and ExtIV byte */
- u32 tsc_hi; /**< High 32 bits of TSC, as an ExtIV */
-} __attribute__ (( packed ));
-
-
-/** TKIP header overhead (IV + KID + ExtIV) */
-#define TKIP_HEAD_LEN 8
-
-/** TKIP trailer overhead (MIC + ICV) [assumes unfragmented] */
-#define TKIP_FOOT_LEN 12
-
-/** TKIP MIC length */
-#define TKIP_MIC_LEN 8
-
-/** TKIP ICV length */
-#define TKIP_ICV_LEN 4
-
-
-/** TKIP S-box */
-static const u16 Sbox[256] = {
- 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
- 0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
- 0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
- 0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
- 0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
- 0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
- 0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
- 0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
- 0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
- 0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
- 0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
- 0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
- 0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
- 0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
- 0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
- 0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
- 0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
- 0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
- 0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
- 0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
- 0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
- 0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
- 0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
- 0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
- 0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
- 0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
- 0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
- 0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
- 0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
- 0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
- 0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
- 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
-};
-
-/**
- * Perform S-box mapping on a 16-bit value
- *
- * @v v Value to perform S-box mapping on
- * @ret Sv S-box mapped value
- */
-static inline u16 S ( u16 v )
-{
- return Sbox[v & 0xFF] ^ swap16 ( Sbox[v >> 8] );
-}
-
-/**
- * Rotate 16-bit value right
- *
- * @v v Value to rotate
- * @v bits Number of bits to rotate by
- * @ret rotv Rotated value
- */
-static inline u16 ror16 ( u16 v, int bits )
-{
- return ( v >> bits ) | ( v << ( 16 - bits ) );
-}
-
-/**
- * Rotate 32-bit value right
- *
- * @v v Value to rotate
- * @v bits Number of bits to rotate by
- * @ret rotv Rotated value
- */
-static inline u32 ror32 ( u32 v, int bits )
-{
- return ( v >> bits ) | ( v << ( 32 - bits ) );
-}
-
-/**
- * Rotate 32-bit value left
- *
- * @v v Value to rotate
- * @v bits Number of bits to rotate by
- * @ret rotv Rotated value
- */
-static inline u32 rol32 ( u32 v, int bits )
-{
- return ( v << bits ) | ( v >> ( 32 - bits ) );
-}
-
-
-/**
- * Initialise TKIP state and install key
- *
- * @v crypto TKIP cryptosystem structure
- * @v key Pointer to tkip_tk to install
- * @v keylen Length of key (32 bytes)
- * @v rsc Initial receive sequence counter
- */
-static int tkip_init ( struct net80211_crypto *crypto, const void *key,
- int keylen, const void *rsc )
-{
- struct tkip_ctx *ctx = crypto->priv;
- const u8 *rscb = rsc;
-
- if ( keylen != sizeof ( ctx->tk ) )
- return -EINVAL;
-
- if ( rscb ) {
- ctx->dec.tsc_lo = ( rscb[1] << 8 ) | rscb[0];
- ctx->dec.tsc_hi = ( ( rscb[5] << 24 ) | ( rscb[4] << 16 ) |
- ( rscb[3] << 8 ) | rscb[2] );
- }
-
- memcpy ( &ctx->tk, key, sizeof ( ctx->tk ) );
-
- return 0;
-}
-
-/**
- * Perform TKIP key mixing, phase 1
- *
- * @v dctx TKIP directional context
- * @v tk TKIP temporal key
- * @v mac MAC address of transmitter
- *
- * This recomputes the TTAK in @a dctx if necessary, and sets
- * @c dctx->ttak_ok.
- */
-static void tkip_mix_1 ( struct tkip_dir_ctx *dctx, struct tkip_tk *tk, u8 *mac )
-{
- int i, j;
-
- if ( dctx->ttak_ok && ! memcmp ( mac, dctx->mac, ETH_ALEN ) )
- return;
-
- memcpy ( dctx->mac, mac, ETH_ALEN );
-
- dctx->ttak[0] = dctx->tsc_hi & 0xFFFF;
- dctx->ttak[1] = dctx->tsc_hi >> 16;
- dctx->ttak[2] = ( mac[1] << 8 ) | mac[0];
- dctx->ttak[3] = ( mac[3] << 8 ) | mac[2];
- dctx->ttak[4] = ( mac[5] << 8 ) | mac[4];
-
- for ( i = 0; i < 8; i++ ) {
- j = 2 * ( i & 1 );
-
- dctx->ttak[0] += S ( dctx->ttak[4] ^ ( ( tk->key[1 + j] << 8 ) |
- tk->key[0 + j] ) );
- dctx->ttak[1] += S ( dctx->ttak[0] ^ ( ( tk->key[5 + j] << 8 ) |
- tk->key[4 + j] ) );
- dctx->ttak[2] += S ( dctx->ttak[1] ^ ( ( tk->key[9 + j] << 8 ) |
- tk->key[8 + j] ) );
- dctx->ttak[3] += S ( dctx->ttak[2] ^ ( ( tk->key[13+ j] << 8 ) |
- tk->key[12+ j] ) );
- dctx->ttak[4] += S ( dctx->ttak[3] ^ ( ( tk->key[1 + j] << 8 ) |
- tk->key[0 + j] ) ) + i;
- }
-
- dctx->ttak_ok = 1;
-}
-
-/**
- * Perform TKIP key mixing, phase 2
- *
- * @v dctx TKIP directional context
- * @v tk TKIP temporal key
- * @ret key ARC4 key, 16 bytes long
- */
-static void tkip_mix_2 ( struct tkip_dir_ctx *dctx, struct tkip_tk *tk,
- void *key )
-{
- u8 *kb = key;
- u16 ppk[6];
- int i;
-
- memcpy ( ppk, dctx->ttak, sizeof ( dctx->ttak ) );
- ppk[5] = dctx->ttak[4] + dctx->tsc_lo;
-
- ppk[0] += S ( ppk[5] ^ ( ( tk->key[1] << 8 ) | tk->key[0] ) );
- ppk[1] += S ( ppk[0] ^ ( ( tk->key[3] << 8 ) | tk->key[2] ) );
- ppk[2] += S ( ppk[1] ^ ( ( tk->key[5] << 8 ) | tk->key[4] ) );
- ppk[3] += S ( ppk[2] ^ ( ( tk->key[7] << 8 ) | tk->key[6] ) );
- ppk[4] += S ( ppk[3] ^ ( ( tk->key[9] << 8 ) | tk->key[8] ) );
- ppk[5] += S ( ppk[4] ^ ( ( tk->key[11] << 8 ) | tk->key[10] ) );
-
- ppk[0] += ror16 ( ppk[5] ^ ( ( tk->key[13] << 8 ) | tk->key[12] ), 1 );
- ppk[1] += ror16 ( ppk[0] ^ ( ( tk->key[15] << 8 ) | tk->key[14] ), 1 );
- ppk[2] += ror16 ( ppk[1], 1 );
- ppk[3] += ror16 ( ppk[2], 1 );
- ppk[4] += ror16 ( ppk[3], 1 );
- ppk[5] += ror16 ( ppk[4], 1 );
-
- kb[0] = dctx->tsc_lo >> 8;
- kb[1] = ( ( dctx->tsc_lo >> 8 ) | 0x20 ) & 0x7F;
- kb[2] = dctx->tsc_lo & 0xFF;
- kb[3] = ( ( ppk[5] ^ ( ( tk->key[1] << 8 ) | tk->key[0] ) ) >> 1 )
- & 0xFF;
-
- for ( i = 0; i < 6; i++ ) {
- kb[4 + 2*i] = ppk[i] & 0xFF;
- kb[5 + 2*i] = ppk[i] >> 8;
- }
-}
-
-/**
- * Update Michael message integrity code based on next 32-bit word of data
- *
- * @v V Michael code state (two 32-bit words)
- * @v word Next 32-bit word of data
- */
-static void tkip_feed_michael ( u32 *V, u32 word )
-{
- V[0] ^= word;
- V[1] ^= rol32 ( V[0], 17 );
- V[0] += V[1];
- V[1] ^= ( ( V[0] & 0xFF00FF00 ) >> 8 ) | ( ( V[0] & 0x00FF00FF ) << 8 );
- V[0] += V[1];
- V[1] ^= rol32 ( V[0], 3 );
- V[0] += V[1];
- V[1] ^= ror32 ( V[0], 2 );
- V[0] += V[1];
-}
-
-/**
- * Calculate Michael message integrity code
- *
- * @v key MIC key to use (8 bytes)
- * @v da Destination link-layer address
- * @v sa Source link-layer address
- * @v data Start of data to calculate over
- * @v len Length of header + data
- * @ret mic Calculated Michael MIC (8 bytes)
- */
-static void tkip_michael ( const void *key, const void *da, const void *sa,
- const void *data, size_t len, void *mic )
-{
- u32 V[2]; /* V[0] = "l", V[1] = "r" in 802.11 */
- union {
- u8 byte[12];
- u32 word[3];
- } cap;
- const u8 *ptr = data;
- const u8 *end = ptr + len;
- int i;
-
- memcpy ( V, key, sizeof ( V ) );
- V[0] = le32_to_cpu ( V[0] );
- V[1] = le32_to_cpu ( V[1] );
-
- /* Feed in header (we assume non-QoS, so Priority = 0) */
- memcpy ( &cap.byte[0], da, ETH_ALEN );
- memcpy ( &cap.byte[6], sa, ETH_ALEN );
- tkip_feed_michael ( V, le32_to_cpu ( cap.word[0] ) );
- tkip_feed_michael ( V, le32_to_cpu ( cap.word[1] ) );
- tkip_feed_michael ( V, le32_to_cpu ( cap.word[2] ) );
- tkip_feed_michael ( V, 0 );
-
- /* Feed in data */
- while ( ptr + 4 <= end ) {
- tkip_feed_michael ( V, le32_to_cpu ( *( u32 * ) ptr ) );
- ptr += 4;
- }
-
- /* Add unaligned part and padding */
- for ( i = 0; ptr < end; i++ )
- cap.byte[i] = *ptr++;
- cap.byte[i++] = 0x5a;
- for ( ; i < 8; i++ )
- cap.byte[i] = 0;
-
- /* Feed in padding */
- tkip_feed_michael ( V, le32_to_cpu ( cap.word[0] ) );
- tkip_feed_michael ( V, le32_to_cpu ( cap.word[1] ) );
-
- /* Output MIC */
- V[0] = cpu_to_le32 ( V[0] );
- V[1] = cpu_to_le32 ( V[1] );
- memcpy ( mic, V, sizeof ( V ) );
-}
-
-/**
- * Encrypt a packet using TKIP
- *
- * @v crypto TKIP cryptosystem
- * @v iob I/O buffer containing cleartext packet
- * @ret eiob I/O buffer containing encrypted packet
- */
-static struct io_buffer * tkip_encrypt ( struct net80211_crypto *crypto,
- struct io_buffer *iob )
-{
- struct tkip_ctx *ctx = crypto->priv;
- struct ieee80211_frame *hdr = iob->data;
- struct io_buffer *eiob;
- struct arc4_ctx arc4;
- u8 key[16];
- struct tkip_head head;
- u8 mic[8];
- u32 icv;
- const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
- int datalen = iob_len ( iob ) - hdrlen;
-
- ctx->enc.tsc_lo++;
- if ( ctx->enc.tsc_lo == 0 ) {
- ctx->enc.tsc_hi++;
- ctx->enc.ttak_ok = 0;
- }
-
- tkip_mix_1 ( &ctx->enc, &ctx->tk, hdr->addr2 );
- tkip_mix_2 ( &ctx->enc, &ctx->tk, key );
-
- eiob = alloc_iob ( iob_len ( iob ) + TKIP_HEAD_LEN + TKIP_FOOT_LEN );
- if ( ! eiob )
- return NULL;
-
- /* Copy frame header */
- memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
- hdr = eiob->data;
- hdr->fc |= IEEE80211_FC_PROTECTED;
-
- /* Fill in IV and key ID byte, and extended IV */
- memcpy ( &head, key, 3 );
- head.kid = 0x20; /* have Extended IV, key ID 0 */
- head.tsc_hi = cpu_to_le32 ( ctx->enc.tsc_hi );
- memcpy ( iob_put ( eiob, sizeof ( head ) ), &head, sizeof ( head ) );
-
- /* Copy and encrypt the data */
- cipher_setkey ( &arc4_algorithm, &arc4, key, 16 );
- cipher_encrypt ( &arc4_algorithm, &arc4, iob->data + hdrlen,
- iob_put ( eiob, datalen ), datalen );
-
- /* Add MIC */
- hdr = iob->data;
- tkip_michael ( &ctx->tk.mic.tx, hdr->addr3, hdr->addr2,
- iob->data + hdrlen, datalen, mic );
- cipher_encrypt ( &arc4_algorithm, &arc4, mic,
- iob_put ( eiob, sizeof ( mic ) ), sizeof ( mic ) );
-
- /* Add ICV */
- icv = crc32_le ( ~0, iob->data + hdrlen, datalen );
- icv = crc32_le ( icv, mic, sizeof ( mic ) );
- icv = cpu_to_le32 ( ~icv );
- cipher_encrypt ( &arc4_algorithm, &arc4, &icv,
- iob_put ( eiob, TKIP_ICV_LEN ), TKIP_ICV_LEN );
-
- DBGC2 ( ctx, "WPA-TKIP %p: encrypted packet %p -> %p\n", ctx,
- iob, eiob );
-
- return eiob;
-}
-
-/**
- * Decrypt a packet using TKIP
- *
- * @v crypto TKIP cryptosystem
- * @v eiob I/O buffer containing encrypted packet
- * @ret iob I/O buffer containing cleartext packet
- */
-static struct io_buffer * tkip_decrypt ( struct net80211_crypto *crypto,
- struct io_buffer *eiob )
-{
- struct tkip_ctx *ctx = crypto->priv;
- struct ieee80211_frame *hdr;
- struct io_buffer *iob;
- const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
- int datalen = iob_len ( eiob ) - hdrlen - TKIP_HEAD_LEN - TKIP_FOOT_LEN;
- struct tkip_head *head;
- struct arc4_ctx arc4;
- u16 rx_tsc_lo;
- u8 key[16];
- u8 mic[8];
- u32 icv, crc;
-
- iob = alloc_iob ( hdrlen + datalen + TKIP_FOOT_LEN );
- if ( ! iob )
- return NULL;
-
- /* Copy frame header */
- memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
- hdr = iob->data;
- hdr->fc &= ~IEEE80211_FC_PROTECTED;
-
- /* Check and update TSC */
- head = eiob->data + hdrlen;
- rx_tsc_lo = ( head->tsc1 << 8 ) | head->tsc0;
-
- if ( head->tsc_hi < ctx->dec.tsc_hi ||
- ( head->tsc_hi == ctx->dec.tsc_hi &&
- rx_tsc_lo <= ctx->dec.tsc_lo ) ) {
- DBGC ( ctx, "WPA-TKIP %p: packet received out of order "
- "(%08x:%04x <= %08x:%04x)\n", ctx, head->tsc_hi,
- rx_tsc_lo, ctx->dec.tsc_hi, ctx->dec.tsc_lo );
- free_iob ( iob );
- return NULL;
- }
- ctx->dec.tsc_lo = rx_tsc_lo;
- if ( ctx->dec.tsc_hi != head->tsc_hi ) {
- ctx->dec.ttak_ok = 0;
- ctx->dec.tsc_hi = head->tsc_hi;
- }
-
- /* Calculate key */
- tkip_mix_1 ( &ctx->dec, &ctx->tk, hdr->addr2 );
- tkip_mix_2 ( &ctx->dec, &ctx->tk, key );
-
- /* Copy-decrypt data, MIC, ICV */
- cipher_setkey ( &arc4_algorithm, &arc4, key, 16 );
- cipher_decrypt ( &arc4_algorithm, &arc4,
- eiob->data + hdrlen + TKIP_HEAD_LEN,
- iob_put ( iob, datalen ), datalen + TKIP_FOOT_LEN );
-
- /* Check ICV */
- icv = le32_to_cpu ( *( u32 * ) ( iob->tail + TKIP_MIC_LEN ) );
- crc = ~crc32_le ( ~0, iob->data + hdrlen, datalen + TKIP_MIC_LEN );
- if ( crc != icv ) {
- DBGC ( ctx, "WPA-TKIP %p CRC mismatch: expect %08x, get %08x\n",
- ctx, icv, crc );
- free_iob ( iob );
- return NULL;
- }
-
- /* Check MIC */
- tkip_michael ( &ctx->tk.mic.rx, hdr->addr1, hdr->addr3,
- iob->data + hdrlen, datalen, mic );
- if ( memcmp ( mic, iob->tail, TKIP_MIC_LEN ) != 0 ) {
- DBGC ( ctx, "WPA-TKIP %p ALERT! MIC failure\n", ctx );
- /* XXX we should do the countermeasures here */
- free_iob ( iob );
- return NULL;
- }
-
- DBGC2 ( ctx, "WPA-TKIP %p: decrypted packet %p -> %p\n", ctx,
- eiob, iob );
-
- return iob;
-}
-
-/** TKIP cryptosystem */
-struct net80211_crypto tkip_crypto __net80211_crypto = {
- .algorithm = NET80211_CRYPT_TKIP,
- .init = tkip_init,
- .encrypt = tkip_encrypt,
- .decrypt = tkip_decrypt,
- .priv_len = sizeof ( struct tkip_ctx ),
-};
-
-
-
-
-/**
- * Calculate HMAC-MD5 MIC for EAPOL-Key frame
- *
- * @v kck Key Confirmation Key, 16 bytes
- * @v msg Message to calculate MIC over
- * @v len Number of bytes to calculate MIC over
- * @ret mic Calculated MIC, 16 bytes long
- */
-static void tkip_kie_mic ( const void *kck, const void *msg, size_t len,
- void *mic )
-{
- struct md5_ctx md5;
- u8 kckb[16];
- size_t kck_len = 16;
-
- memcpy ( kckb, kck, kck_len );
-
- hmac_init ( &md5_algorithm, &md5, kckb, &kck_len );
- hmac_update ( &md5_algorithm, &md5, msg, len );
- hmac_final ( &md5_algorithm, &md5, kckb, &kck_len, mic );
-}
-
-/**
- * Decrypt key data in EAPOL-Key frame
- *
- * @v kek Key Encryption Key, 16 bytes
- * @v iv Initialisation vector, 16 bytes
- * @v msg Message to decrypt
- * @v len Length of message
- * @ret msg Decrypted message in place of original
- * @ret len Unchanged
- * @ret rc Always 0 for success
- */
-static int tkip_kie_decrypt ( const void *kek, const void *iv,
- void *msg, u16 *len )
-{
- u8 key[32];
- memcpy ( key, iv, 16 );
- memcpy ( key + 16, kek, 16 );
-
- arc4_skip ( key, 32, 256, msg, msg, *len );
-
- return 0;
-}
-
-
-/** TKIP-style key integrity and encryption handler */
-struct wpa_kie tkip_kie __wpa_kie = {
- .version = EAPOL_KEY_VERSION_WPA,
- .mic = tkip_kie_mic,
- .decrypt = tkip_kie_decrypt,
-};
View Lorry Controller Status