1 /** @file keyMgmtsta_rom.c
2 *
3 * @brief This file defines key management function for sta
4 *
5 * Copyright (C) 2014-2017, Marvell International Ltd.
6 *
7 * This software file (the "File") is distributed by Marvell International
8 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
9 * (the "License"). You may use, redistribute and/or modify this File in
10 * accordance with the terms and conditions of the License, a copy of which
11 * is available by writing to the Free Software Foundation, Inc.,
12 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
13 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
14 *
15 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
17 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
18 * this warranty disclaimer.
19 */
20
21 /******************************************************
22 Change log:
23 03/07/2014: Initial version
24 ******************************************************/
25 #include "wltypes.h"
26 #include "IEEE_types.h"
27 #include "hostsa_ext_def.h"
28 #include "authenticator.h"
29
30 #include "keyMgmtSta_rom.h"
31 #include "pmkCache_rom.h"
32 #include "crypt_new_rom.h"
33 #include "rc4_rom.h"
34 #include "aes_cmac_rom.h"
35 #include "sha1.h"
36 #include "md5.h"
37 #include "mrvl_sha256_crypto.h"
38 #include "wl_macros.h"
39
40 #define MIC_ERROR_QUIET_TIME_INTERVAL 60000000 /* 60 sec */
41 #define MIC_ERROR_CHECK_TIME_INTERVAL 60000000
42
43 void
supplicantSetAssocRsn_internal(phostsa_private priv,RSNConfig_t * pRsnConfig,SecurityParams_t * pSecurityParams,SecurityMode_t wpaType,Cipher_t * pMcstCipher,Cipher_t * pUcstCipher,AkmSuite_t * pAkm,IEEEtypes_RSNCapability_t * pRsnCap,Cipher_t * pGrpMgmtCipher)44 supplicantSetAssocRsn_internal(phostsa_private priv, RSNConfig_t *pRsnConfig,
45 SecurityParams_t *pSecurityParams,
46 SecurityMode_t wpaType,
47 Cipher_t *pMcstCipher,
48 Cipher_t *pUcstCipher,
49 AkmSuite_t *pAkm,
50 IEEEtypes_RSNCapability_t *pRsnCap,
51 Cipher_t *pGrpMgmtCipher)
52 {
53 hostsa_util_fns *util_fns = &priv->util_fns;
54 memset(util_fns, &pRsnConfig->wpaType,
55 0x00, sizeof(pRsnConfig->wpaType));
56 memset(util_fns, &pRsnConfig->ucstCipher,
57 0x00, sizeof(pRsnConfig->ucstCipher));
58 memset(util_fns, &pRsnConfig->mcstCipher,
59 0x00, sizeof(pRsnConfig->mcstCipher));
60
61 pRsnConfig->pmkidValid = 0;
62 pRsnConfig->rsnCapValid = 0;
63 pRsnConfig->grpMgmtCipherValid = 0;
64 pRsnConfig->rsvd = 0;
65
66 if (pSecurityParams->wpaType.wpa2 && wpaType.wpa2) {
67 /* encryption mode is WPA2 */
68 memcpy(util_fns, &pRsnConfig->AKM, (UINT8 *)pAkm,
69 sizeof(pRsnConfig->AKM));
70
71 pRsnConfig->wpaType.wpa2 = 1;
72
73 if (pRsnCap) {
74 pRsnConfig->rsnCapValid = 1;
75 memcpy(util_fns, &pRsnConfig->rsnCap, pRsnCap,
76 sizeof(pRsnConfig->rsnCap));
77 }
78
79 if (pGrpMgmtCipher) {
80 pRsnConfig->grpMgmtCipherValid = 1;
81 memcpy(util_fns, &pRsnConfig->grpMgmtCipher,
82 pGrpMgmtCipher,
83 sizeof(pRsnConfig->grpMgmtCipher));
84 }
85 } else if (pSecurityParams->wpaType.wpaNone && wpaType.wpaNone) {
86 memcpy(util_fns, &pRsnConfig->AKM,
87 wpa_oui_none, sizeof(pRsnConfig->AKM));
88
89 /* encryption mode is WPA None */
90 pRsnConfig->wpaType.wpaNone = 1;
91
92 if (pSecurityParams->mcstCipher.ccmp && pMcstCipher->ccmp) {
93 pRsnConfig->mcstCipher.ccmp = 1;
94 } else {
95 pRsnConfig->mcstCipher.tkip = 1;
96 }
97 } else if (pSecurityParams->wpaType.wpa && wpaType.wpa) {
98 /* encryption mode is WPA */
99 memcpy(util_fns, &pRsnConfig->AKM, (UINT8 *)pAkm,
100 sizeof(pRsnConfig->AKM));
101
102 pRsnConfig->wpaType.wpa = 1;
103 } else if (pSecurityParams->wpaType.noRsn) {
104 /* No encryption */
105 pRsnConfig->wpaType.noRsn = 1;
106 }
107
108 if (pRsnConfig->wpaType.wpa || pRsnConfig->wpaType.wpa2) {
109 if (pSecurityParams->ucstCipher.ccmp && pUcstCipher->ccmp) {
110 pRsnConfig->ucstCipher.ccmp = 1;
111 } else {
112 pRsnConfig->ucstCipher.tkip = 1;
113 }
114
115 if (pSecurityParams->mcstCipher.ccmp && pMcstCipher->ccmp) {
116 pRsnConfig->mcstCipher.ccmp = 1;
117 } else if (pSecurityParams->mcstCipher.tkip &&
118 pMcstCipher->tkip) {
119 pRsnConfig->mcstCipher.tkip = 1;
120 } else if (pSecurityParams->mcstCipher.wep104 &&
121 pMcstCipher->wep104) {
122 pRsnConfig->mcstCipher.wep104 = 1;
123 } else {
124 pRsnConfig->mcstCipher.wep40 = 1;
125 }
126 }
127
128 }
129
130 UINT16
keyMgmtFormatWpaRsnIe_internal(phostsa_private priv,RSNConfig_t * pRsnConfig,UINT8 * pos,IEEEtypes_MacAddr_t * pBssid,IEEEtypes_MacAddr_t * pStaAddr,UINT8 * pPmkid,BOOLEAN addPmkid)131 keyMgmtFormatWpaRsnIe_internal(phostsa_private priv, RSNConfig_t *pRsnConfig,
132 UINT8 *pos,
133 IEEEtypes_MacAddr_t *pBssid,
134 IEEEtypes_MacAddr_t *pStaAddr,
135 UINT8 *pPmkid, BOOLEAN addPmkid)
136 {
137 hostsa_util_fns *util_fns = &priv->util_fns;
138 IEEEtypes_WPAElement_t *pWpaIe = (IEEEtypes_WPAElement_t *)pos;
139 IEEEtypes_RSNElement_t *pRsnIe = (IEEEtypes_RSNElement_t *)pos;
140
141 UINT32 ieSize = 0;
142 #if 0 //!defined(REMOVE_PATCH_HOOKS)
143 UINT16 ptr_val;
144
145 if (keyMgmtFormatWpaRsnIe_internal_hook(pRsnConfig,
146 pos,
147 pBssid,
148 pStaAddr,
149 pPmkid, addPmkid, &ptr_val)) {
150 return ptr_val;
151 }
152 #endif
153
154 if (pRsnConfig->wpaType.wpa2) {
155 /* encryption mode is WPA2 */
156 pRsnIe->ElementId = ELEM_ID_RSN;
157 pRsnIe->Len = (sizeof(pRsnIe->Ver)
158 + sizeof(pRsnIe->GrpKeyCipher)
159 + sizeof(pRsnIe->PwsKeyCnt)
160 + sizeof(pRsnIe->PwsKeyCipherList)
161 + sizeof(pRsnIe->AuthKeyCnt)
162 + sizeof(pRsnIe->AuthKeyList));
163
164 memcpy(util_fns, (void *)pRsnIe->AuthKeyList,
165 &pRsnConfig->AKM, sizeof(pRsnIe->AuthKeyList));
166
167 pRsnIe->Ver = 1;
168
169 pRsnIe->PwsKeyCnt = 1;
170 pRsnIe->AuthKeyCnt = 1;
171
172 if (pRsnConfig->ucstCipher.ccmp) {
173 /* unicast cipher is aes */
174 memcpy(util_fns, (void *)pRsnIe->PwsKeyCipherList,
175 wpa2_oui04, sizeof(pRsnIe->PwsKeyCipherList));
176 } else {
177 /* if not AES the TKIP */
178 memcpy(util_fns, (void *)pRsnIe->PwsKeyCipherList,
179 wpa2_oui02, sizeof(pRsnIe->PwsKeyCipherList));
180 }
181
182 if (pRsnConfig->mcstCipher.ccmp) {
183 /* multicast cipher is aes */
184 memcpy(util_fns, (void *)pRsnIe->GrpKeyCipher,
185 wpa2_oui04, sizeof(pRsnIe->GrpKeyCipher));
186 } else if (pRsnConfig->mcstCipher.tkip) {
187 /* multicast cipher is tkip */
188 memcpy(util_fns, (void *)pRsnIe->GrpKeyCipher,
189 wpa2_oui02, sizeof(pRsnIe->GrpKeyCipher));
190 } else if (pRsnConfig->mcstCipher.wep104) {
191 /* multicast cipher is WEP 104 */
192 memcpy(util_fns, (void *)pRsnIe->GrpKeyCipher,
193 wpa2_oui05, sizeof(pRsnIe->GrpKeyCipher));
194 } else {
195 /* multicast cipher is WEP 40 */
196 memcpy(util_fns, (void *)pRsnIe->GrpKeyCipher,
197 wpa2_oui01, sizeof(pRsnIe->GrpKeyCipher));
198 }
199 if (addPmkid && ((!pRsnConfig->pmkidValid && pBssid) || pPmkid)) {
200 if (pPmkid) {
201 memcpy(util_fns, pRsnConfig->PMKID, pPmkid,
202 sizeof(pRsnConfig->PMKID));
203 pRsnConfig->pmkidValid = TRUE;
204 } else {
205 pRsnConfig->pmkidValid =
206 supplicantGetPmkid(priv, pBssid,
207 pStaAddr,
208 &pRsnConfig->AKM,
209 pRsnConfig->PMKID);
210 }
211 }
212
213 if (pRsnConfig->rsnCapValid
214 || pRsnConfig->pmkidValid
215 || pRsnConfig->grpMgmtCipherValid) {
216 memcpy(util_fns, &pRsnIe->RsnCap,
217 &pRsnConfig->rsnCap, sizeof(pRsnIe->RsnCap));
218
219 pRsnIe->Len += sizeof(pRsnIe->RsnCap);
220 }
221
222 if (pRsnConfig->pmkidValid || pRsnConfig->grpMgmtCipherValid) {
223 pRsnIe->PMKIDCnt = 0;
224 pRsnIe->Len += sizeof(pRsnIe->PMKIDCnt);
225
226 if (pRsnConfig->pmkidValid) {
227 /* Add PMKID to the RSN if not an EAPOL msg */
228 pRsnIe->PMKIDCnt = 1;
229
230 memcpy(util_fns, (UINT8 *)pRsnIe->PMKIDList,
231 pRsnConfig->PMKID,
232 sizeof(pRsnIe->PMKIDList));
233
234 pRsnIe->Len += sizeof(pRsnIe->PMKIDList);
235 }
236 }
237
238 if (pRsnConfig->grpMgmtCipherValid) {
239 memcpy(util_fns, pRsnIe->GrpMgmtCipher,
240 &pRsnConfig->grpMgmtCipher,
241 sizeof(pRsnIe->GrpMgmtCipher));
242
243 pRsnIe->Len += sizeof(pRsnIe->GrpMgmtCipher);
244 }
245
246 ieSize = sizeof(pRsnIe->ElementId) + sizeof(pRsnIe->Len);
247 ieSize += pRsnIe->Len;
248 } else if (pRsnConfig->wpaType.wpaNone || pRsnConfig->wpaType.wpa) {
249 /* encryption mode is WPA */
250 pWpaIe->ElementId = ELEM_ID_VENDOR_SPECIFIC;
251 pWpaIe->Len = (sizeof(IEEEtypes_WPAElement_t)
252 - sizeof(pWpaIe->ElementId)
253 - sizeof(pWpaIe->Len));
254
255 memcpy(util_fns, pWpaIe->OuiType, wpa_oui01,
256 sizeof(pWpaIe->OuiType));
257
258 pWpaIe->Ver = 1;
259
260 pWpaIe->PwsKeyCnt = 1;
261 pWpaIe->AuthKeyCnt = 1;
262
263 memcpy(util_fns, (void *)pWpaIe->AuthKeyList,
264 &pRsnConfig->AKM, sizeof(pWpaIe->AuthKeyList));
265
266 if (pRsnConfig->wpaType.wpaNone) {
267 memcpy(util_fns, (void *)pWpaIe->PwsKeyCipherList,
268 wpa_oui_none, sizeof(pWpaIe->PwsKeyCipherList));
269
270 if (pRsnConfig->mcstCipher.tkip) {
271 /* multicast cipher is tkip */
272 memcpy(util_fns, (void *)pWpaIe->GrpKeyCipher,
273 wpa_oui02, sizeof(pWpaIe->GrpKeyCipher));
274 } else if (pRsnConfig->mcstCipher.ccmp) {
275 /* multicast cipher is aes */
276 memcpy(util_fns, (void *)pWpaIe->GrpKeyCipher,
277 wpa_oui04, sizeof(pWpaIe->GrpKeyCipher));
278 }
279 } else {
280 if (pRsnConfig->ucstCipher.ccmp) {
281 /* unicast cipher is aes */
282 memcpy(util_fns,
283 (void *)pWpaIe->PwsKeyCipherList,
284 wpa_oui04,
285 sizeof(pWpaIe->PwsKeyCipherList));
286 } else {
287 /* unicast cipher is tkip */
288 memcpy(util_fns,
289 (void *)pWpaIe->PwsKeyCipherList,
290 wpa_oui02,
291 sizeof(pWpaIe->PwsKeyCipherList));
292 }
293
294 if (pRsnConfig->mcstCipher.ccmp) {
295 /* multicast cipher is aes */
296 memcpy(util_fns, (void *)pWpaIe->GrpKeyCipher,
297 wpa_oui04, sizeof(pWpaIe->GrpKeyCipher));
298 } else if (pRsnConfig->mcstCipher.tkip) {
299 /* multicast cipher is tkip */
300 memcpy(util_fns, (void *)pWpaIe->GrpKeyCipher,
301 wpa_oui02, sizeof(pWpaIe->GrpKeyCipher));
302 } else if (pRsnConfig->mcstCipher.wep104) {
303 /* multicast cipher is wep 104 */
304 memcpy(util_fns, (void *)pWpaIe->GrpKeyCipher,
305 wpa_oui05, sizeof(pWpaIe->GrpKeyCipher));
306 } else {
307 /* multicast cipher is wep 40 */
308 memcpy(util_fns, (void *)pWpaIe->GrpKeyCipher,
309 wpa_oui01, sizeof(pWpaIe->GrpKeyCipher));
310 }
311 }
312
313 ieSize = sizeof(pWpaIe->ElementId) + sizeof(pWpaIe->Len);
314 ieSize += pWpaIe->Len;
315 }
316
317 return ieSize;
318 }
319
320 void
install_wpa_none_keys_internal(phostsa_private priv,key_MgtMaterial_t * pKeyMgtData,UINT8 * pPMK,UINT8 type,UINT8 unicast)321 install_wpa_none_keys_internal(phostsa_private priv,
322 key_MgtMaterial_t *pKeyMgtData, UINT8 *pPMK,
323 UINT8 type, UINT8 unicast)
324 {
325 hostsa_util_fns *util_fns = &priv->util_fns;
326
327 #if 0 //!defined(REMOVE_PATCH_HOOKS)
328 if (install_wpa_none_keys_internal_hook(pKeyMgtData,
329 pPMK, type, unicast)) {
330 return;
331 }
332 #endif
333
334 memset(util_fns, (void *)pKeyMgtData, 0, sizeof(key_MgtMaterial_t));
335
336 if (unicast) {
337 pKeyMgtData->keyInfo = (KEY_INFO_MULTICAST | KEY_INFO_ENABLED);
338 } else {
339 pKeyMgtData->keyInfo = (KEY_INFO_UNICAST | KEY_INFO_ENABLED);
340 }
341
342 if (type) {
343 memcpy(util_fns, (UINT8 *)pKeyMgtData->keyEncypt.AES.key, pPMK,
344 16);
345 pKeyMgtData->keyType = KEY_TYPE_AES;
346 pKeyMgtData->keyLen = WPA_AES_KEY_LEN;
347 } else {
348 memcpy(util_fns, (UINT8 *)pKeyMgtData->keyEncypt.TKIP.key, pPMK,
349 16);
350 pPMK += 16;
351 pKeyMgtData->keyType = KEY_TYPE_TKIP;
352
353 /* in WPA none the TX & RX MIC key is the same */
354 memcpy(util_fns, (UINT8 *)pKeyMgtData->keyEncypt.TKIP.txMicKey,
355 pPMK, 8);
356 memcpy(util_fns, (UINT8 *)pKeyMgtData->keyEncypt.TKIP.rxMicKey,
357 pPMK, 8);
358
359 pKeyMgtData->keyLen = WPA_TKIP_KEY_LEN;
360 }
361
362 }
363
364 UINT16
keyMgmtGetKeySize_internal(RSNConfig_t * pRsnConfig,UINT8 isPairwise)365 keyMgmtGetKeySize_internal(RSNConfig_t *pRsnConfig, UINT8 isPairwise)
366 {
367 /* default to TKIP key size */
368 UINT16 retval = 32;
369
370 #if 0 //!defined(REMOVE_PATCH_HOOKS)
371 if (keyMgmtGetKeySize_internal_hook(pRsnConfig, isPairwise, &retval)) {
372 return retval;
373 }
374 #endif
375
376 if (isPairwise) {
377 if (pRsnConfig->ucstCipher.ccmp) {
378 retval = 16;
379 }
380 } else {
381 if (pRsnConfig->mcstCipher.ccmp) {
382 retval = 16;
383 } else if (pRsnConfig->mcstCipher.wep104) {
384 retval = 13;
385 } else if (pRsnConfig->mcstCipher.wep40) {
386 retval = 5;
387 }
388 }
389 return retval;
390 }
391
392 //#if defined(PSK_SUPPLICANT) || defined (WPA_NONE)
393 void
supplicantGenerateSha1Pmkid(phostsa_private priv,UINT8 * pPMK,IEEEtypes_MacAddr_t * pBssid,IEEEtypes_MacAddr_t * pSta,UINT8 * pPMKID)394 supplicantGenerateSha1Pmkid(phostsa_private priv, UINT8 *pPMK,
395 IEEEtypes_MacAddr_t *pBssid,
396 IEEEtypes_MacAddr_t *pSta, UINT8 *pPMKID)
397 {
398 char pmkidString[] = "PMK Name";
399 void *pText[3];
400
401 int len[3] = { 8, 6, 6 };
402
403 pText[0] = pmkidString;
404 pText[1] = pBssid;
405 pText[2] = pSta;
406
407 Mrvl_hmac_sha1((void *)priv, (UINT8 **)pText, len, 3, pPMK, 32, /* PMK size is always 32 bytes */
408 pPMKID, 16);
409 }
410
411 int
isApReplayCounterFresh(phostsa_private priv,keyMgmtInfoSta_t * pKeyMgmtInfoSta,UINT8 * pRxReplayCount)412 isApReplayCounterFresh(phostsa_private priv, keyMgmtInfoSta_t *pKeyMgmtInfoSta,
413 UINT8 *pRxReplayCount)
414 {
415 hostsa_util_fns *util_fns = &priv->util_fns;
416 UINT32 tmpHi;
417 UINT32 tmpLo;
418 UINT32 rxCountHi;
419 UINT32 rxCountLo;
420
421 /* initialize the value as stale */
422 int retVal = 0;
423
424 memcpy(util_fns, &tmpHi, pRxReplayCount, 4);
425 memcpy(util_fns, &tmpLo, pRxReplayCount + 4, 4);
426
427 rxCountHi = ntohl(tmpHi);
428 rxCountLo = ntohl(tmpLo);
429
430 /* check hi dword first */
431 if (rxCountHi > pKeyMgmtInfoSta->apCounterHi) {
432 retVal = 1;
433 } else if (rxCountHi == pKeyMgmtInfoSta->apCounterHi) {
434 /* hi dword is equal, check lo dword */
435 if (rxCountLo > pKeyMgmtInfoSta->apCounterLo) {
436 retVal = 1;
437 } else if (rxCountLo == pKeyMgmtInfoSta->apCounterLo) {
438
439 /* Counters are equal. Check special case of zero. */
440 if ((rxCountHi == 0) && (rxCountLo == 0)) {
441 if (!pKeyMgmtInfoSta->apCounterZeroDone) {
442 retVal = 1;
443 }
444 }
445 }
446 }
447
448 return retVal;
449 }
450
451 void
updateApReplayCounter(phostsa_private priv,keyMgmtInfoSta_t * pKeyMgmtStaInfo,UINT8 * pRxReplayCount)452 updateApReplayCounter(phostsa_private priv, keyMgmtInfoSta_t *pKeyMgmtStaInfo,
453 UINT8 *pRxReplayCount)
454 {
455 hostsa_util_fns *util_fns = &priv->util_fns;
456 UINT32 tmpHi;
457 UINT32 tmpLo;
458 UINT32 rxCountHi;
459 UINT32 rxCountLo;
460
461 memcpy(util_fns, &tmpHi, pRxReplayCount, 4);
462 memcpy(util_fns, &tmpLo, pRxReplayCount + 4, 4);
463
464 rxCountHi = ntohl(tmpHi);
465 rxCountLo = ntohl(tmpLo);
466
467 pKeyMgmtStaInfo->apCounterHi = rxCountHi;
468 pKeyMgmtStaInfo->apCounterLo = rxCountLo;
469
470 if ((rxCountHi == 0) && (rxCountLo == 0)) {
471 pKeyMgmtStaInfo->apCounterZeroDone = 1;
472 }
473 }
474
475 void
FillKeyMaterialStruct_internal(phostsa_private priv,key_MgtMaterial_t * pKeyMgtData,UINT16 key_len,UINT8 isPairwise,KeyData_t * pKey)476 FillKeyMaterialStruct_internal(phostsa_private priv,
477 key_MgtMaterial_t *pKeyMgtData, UINT16 key_len,
478 UINT8 isPairwise, KeyData_t *pKey)
479 {
480 hostsa_util_fns *util_fns = &priv->util_fns;
481 UINT8 keyInfo;
482
483 #if 0 //!defined(REMOVE_PATCH_HOOKS)
484 if (FillKeyMaterialStruct_internal_hook(pKeyMgtData,
485 key_len, isPairwise, pKey)) {
486 return;
487 }
488 #endif
489
490 /* Update key material */
491 memset(util_fns, (void *)pKeyMgtData, 0x00, sizeof(key_MgtMaterial_t));
492
493 /* check the key type is pairwise */
494 if (isPairwise) {
495 keyInfo = KEY_INFO_UNICAST;
496 } else {
497 keyInfo = KEY_INFO_MULTICAST;
498 }
499
500 if (key_len == (UINT16)WPA_AES_KEY_LEN) {
501 /* AES */
502 pKeyMgtData->keyType = KEY_TYPE_AES;
503 pKeyMgtData->keyInfo = keyInfo | KEY_INFO_ENABLED;
504
505 memcpy(util_fns, (UINT8 *)pKeyMgtData->keyEncypt.AES.key,
506 pKey->Key, key_len);
507
508 } else if (key_len == WPA_TKIP_KEY_LEN) {
509 pKeyMgtData->keyType = KEY_TYPE_TKIP;
510 pKeyMgtData->keyInfo = keyInfo | KEY_INFO_ENABLED;
511
512 memcpy(util_fns, (UINT8 *)pKeyMgtData->keyEncypt.TKIP.key,
513 pKey->Key, TK_SIZE);
514 memcpy(util_fns, (UINT8 *)pKeyMgtData->keyEncypt.TKIP.txMicKey,
515 pKey->TxMICKey, 8);
516 memcpy(util_fns, (UINT8 *)pKeyMgtData->keyEncypt.TKIP.rxMicKey,
517 pKey->RxMICKey, 8);
518 } else if (key_len == WPA_WEP104_KEY_LEN ||
519 key_len == WPA_WEP40_KEY_LEN) {
520 pKeyMgtData->keyType = KEY_TYPE_WEP;
521 pKeyMgtData->keyInfo = keyInfo | KEY_INFO_ENABLED;
522
523 if (isPairwise) {
524 pKeyMgtData->keyEncypt.WEP.keyIndex = 0;
525 pKeyMgtData->keyEncypt.WEP.isDefaultTx = 1;
526 } else {
527 /* use the Key index provided */
528 pKeyMgtData->keyEncypt.WEP.keyIndex = pKey->KeyIndex;
529 pKeyMgtData->keyEncypt.WEP.isDefaultTx = 0;
530 }
531 memcpy(util_fns, (UINT8 *)(pKeyMgtData->keyEncypt.WEP.key),
532 pKey->Key, key_len);
533 } else {
534 /* Key length does not match
535 ** don't send down anything
536 */
537 return;
538 }
539
540 pKeyMgtData->keyLen = key_len;
541 }
542
543 //#endif
544
545 /*
546 ** This function checks if the given element pointer parameter
547 ** is a KDE or not (returns NULL)
548 */
549 KDE_t *
parseKeyKDE(phostsa_private priv,IEEEtypes_InfoElementHdr_t * pIe)550 parseKeyKDE(phostsa_private priv, IEEEtypes_InfoElementHdr_t *pIe)
551 {
552 hostsa_util_fns *util_fns = &priv->util_fns;
553 KDE_t *pKde = NULL;
554
555 if (pIe->ElementId == ELEM_ID_VENDOR_SPECIFIC) {
556 pKde = (KDE_t *)pIe;
557
558 if (pKde->length > sizeof(KDE_t) &&
559 !memcmp(util_fns, (void *)pKde->OUI, kde_oui,
560 sizeof(kde_oui))) {
561 return pKde;
562 }
563 }
564
565 return NULL;
566
567 }
568
569 /* This function searches KDE_DATA_TYPE_XXX in KDE. We can collect all such
570 ** KDE_DATA_TYPE_XXX in one pass, however, there seems not much benefit
571 ** as in general there would not be many KDE_DATA_TYPE_XXX present.
572 ** Returns NULL, when KDE_DATA_TYPE_XXX not found.
573 */
574
575 KDE_t *
parseKeyKDE_DataType(phostsa_private priv,UINT8 * pData,SINT32 dataLen,IEEEtypes_KDEDataType_e KDEDataType)576 parseKeyKDE_DataType(phostsa_private priv, UINT8 *pData,
577 SINT32 dataLen, IEEEtypes_KDEDataType_e KDEDataType)
578 {
579
580 IEEEtypes_InfoElementHdr_t *pIe;
581 KDE_t *pKde;
582 #if 0 //!defined(REMOVE_PATCH_HOOKS)
583 UINT32 ptr_val;
584
585 if (parseKeyKDE_DataType_hook(pData, dataLen, KDEDataType, &ptr_val)) {
586 return (KDE_t *)ptr_val;
587 }
588 #endif
589
590 if (pData == NULL) {
591 return NULL;
592 }
593
594 while (dataLen > (SINT32)sizeof(IEEEtypes_InfoElementHdr_t)) {
595 pIe = (IEEEtypes_InfoElementHdr_t *)pData;
596
597 if (pIe->ElementId == ELEM_ID_VENDOR_SPECIFIC) {
598 pKde = parseKeyKDE(priv, pIe);
599
600 if ((pKde != NULL) && (pKde->dataType == KDEDataType)) {
601 return pKde;
602 } else if (pIe->Len == 0) {
603 /* the rest is padding, so adjust the length
604 ** to stop the processing loop
605 */
606 dataLen = sizeof(IEEEtypes_InfoElementHdr_t);
607 }
608 }
609
610 dataLen -= (pIe->Len + sizeof(IEEEtypes_InfoElementHdr_t));
611 pData += (pIe->Len + sizeof(IEEEtypes_InfoElementHdr_t));
612 }
613
614 return NULL;
615 }
616
617 KDE_t *
parseKeyDataGTK(phostsa_private priv,UINT8 * pKey,UINT16 len,KeyData_t * pGRKey)618 parseKeyDataGTK(phostsa_private priv, UINT8 *pKey, UINT16 len,
619 KeyData_t *pGRKey)
620 {
621 hostsa_util_fns *util_fns = &priv->util_fns;
622 GTK_KDE_t *pGtk;
623 KDE_t *pKde;
624 #if 0 //!defined(REMOVE_PATCH_HOOKS)
625 UINT32 ptr_val;
626
627 if (parseKeyDataGTK_hook(pKey, len, pGRKey, &ptr_val)) {
628 return (KDE_t *)ptr_val;
629 }
630 #endif
631
632 /* parse KDE GTK */
633 pKde = parseKeyKDE_DataType(priv, pKey, len, KDE_DATA_TYPE_GTK);
634
635 if (pKde) {
636 /* GTK KDE */
637 pGtk = (GTK_KDE_t *)pKde->data;
638
639 /* The KDE overhead is 6 bytes */
640 memcpy(util_fns, pGRKey->Key, (void *)pGtk->GTK,
641 pKde->length - 6);
642
643 /* save the group key index */
644 pGRKey->KeyIndex = pGtk->KeyID;
645 }
646
647 return pKde;
648 }
649
650 void
KeyMgmtSta_ApplyKEK(phostsa_private priv,EAPOL_KeyMsg_t * pKeyMsg,KeyData_t * pGRKey,UINT8 * EAPOL_Encr_Key)651 KeyMgmtSta_ApplyKEK(phostsa_private priv, EAPOL_KeyMsg_t *pKeyMsg,
652 KeyData_t *pGRKey, UINT8 *EAPOL_Encr_Key)
653 {
654 #if 0
655 #if !defined(REMOVE_PATCH_HOOKS)
656 if (KeyMgmtSta_ApplyKEK_hook(pKeyMsg, pGRKey, EAPOL_Encr_Key)) {
657 return;
658 }
659 #endif
660 #endif
661 pGRKey->TxIV16 = pKeyMsg->key_RSC[1] << 8;
662 pGRKey->TxIV16 |= pKeyMsg->key_RSC[0];
663 pGRKey->TxIV32 = 0xFFFFFFFF;
664
665 pKeyMsg->key_material_len = ntohs(pKeyMsg->key_material_len) & 0xFFFF;
666
667 switch (pKeyMsg->key_info.KeyDescriptorVersion) {
668 /*
669 ** Key Descriptor Version 2 or 3: AES key wrap, defined in IETF
670 ** RFC 3394, shall be used to encrypt the Key Data field using
671 ** the KEK field from the derived PTK.
672 */
673 case 3:
674 case 2:
675 /* CCMP */
676 MRVL_AesUnWrap(EAPOL_Encr_Key,
677 2,
678 pKeyMsg->key_material_len / 8 - 1,
679 (UINT8 *)pKeyMsg->key_data,
680 NULL, (UINT8 *)pKeyMsg->key_data);
681
682 /* AES key wrap has 8 extra bytes that come out
683 ** due to the default IV
684 */
685 pKeyMsg->key_material_len -= 8;
686 break;
687
688 /*
689 ** Key Descriptor Version 1: ARC4 is used to encrypt the Key Data
690 ** field using the KEK field from the derived PTK
691 */
692 default:
693 case 1:
694 /* TKIP or WEP */
695 /* Skip the first 256 bytes of the RC4 Stream */
696 RC4_Encrypt((void *)priv, EAPOL_Encr_Key,
697 (UINT8 *)pKeyMsg->EAPOL_key_IV,
698 sizeof(pKeyMsg->EAPOL_key_IV),
699 (UINT8 *)pKeyMsg->key_data,
700 pKeyMsg->key_material_len, 256);
701 break;
702 }
703
704 }
705
706 /*
707 ** Verifies the received EAPOL frame during 4-way handshake or
708 ** group key handshake
709 */
710 BOOLEAN
KeyMgmtSta_IsRxEAPOLValid(phostsa_private priv,keyMgmtInfoSta_t * pKeyMgmtInfoSta,EAPOL_KeyMsg_t * pKeyMsg)711 KeyMgmtSta_IsRxEAPOLValid(phostsa_private priv,
712 keyMgmtInfoSta_t *pKeyMgmtInfoSta,
713 EAPOL_KeyMsg_t *pKeyMsg)
714 {
715 hostsa_util_fns *util_fns = &priv->util_fns;
716
717 #if 0 //!defined(REMOVE_PATCH_HOOKS)
718 BOOLEAN ptr_val;
719
720 if (KeyMgmtSta_IsRxEAPOLValid_hook(pKeyMgmtInfoSta, pKeyMsg, &ptr_val)) {
721 return ptr_val;
722 }
723 #endif
724
725 if (!pKeyMgmtInfoSta || !pKeyMsg) {
726 PRINTM(MERROR, "KeyMgmtSta_IsRxEAPOLValid input not valid\n");
727 return FALSE;
728 }
729
730 if (!isApReplayCounterFresh
731 (priv, pKeyMgmtInfoSta, (UINT8 *)pKeyMsg->replay_cnt)) {
732 PRINTM(MERROR,
733 "KeyMgmtSta_IsRxEAPOLValid isApReplayCounterFresh Fail\n");
734 return FALSE;
735 }
736
737 /* Check if we have to verify MIC */
738
739 if (pKeyMsg->key_info.KeyMIC) {
740 /* We have to verify MIC, if keyType is 1 it's the 3rd message in
741 4-way handshake, in that case verify ANonce.
742 */
743
744 if ((pKeyMsg->key_info.KeyType == 1) &&
745 memcmp(util_fns, (UINT8 *)&pKeyMsg->key_nonce,
746 (UINT8 *)pKeyMgmtInfoSta->ANonce, NONCE_SIZE) != 0) {
747 /* Dropping the packet, return some error msg. */
748 PRINTM(MERROR,
749 "KeyMgmtSta_IsRxEAPOLValid Nonce check Fail\n");
750 return FALSE;
751 }
752
753 if (!IsEAPOL_MICValid
754 (priv, pKeyMsg, pKeyMgmtInfoSta->EAPOL_MIC_Key)) {
755 /* MIC failed */
756 PRINTM(MERROR,
757 "KeyMgmtSta_IsRxEAPOLValid MIC check Fail\n");
758 return FALSE;
759 }
760
761 }
762 return TRUE;
763
764 }
765
766 /*
767 ** This function populates EAPOL frame fileds that are common
768 ** to message 2, 4 of 4-way handshake and group key hadshake
769 ** message 2.
770 ** Any of these fields in general should not change, and if needed
771 ** can be overwritten in the caller function.
772 */
773 void
KeyMgmtSta_PrepareEAPOLFrame(phostsa_private priv,EAPOL_KeyMsg_Tx_t * pTxEapol,EAPOL_KeyMsg_t * pRxEapol,t_u8 * da,t_u8 * sa,UINT8 * pSNonce)774 KeyMgmtSta_PrepareEAPOLFrame(phostsa_private priv, EAPOL_KeyMsg_Tx_t *pTxEapol,
775 EAPOL_KeyMsg_t *pRxEapol,
776 t_u8 *da, t_u8 *sa, UINT8 *pSNonce)
777 {
778 hostsa_util_fns *util_fns = &priv->util_fns;
779
780 if (!pTxEapol || !pRxEapol) {
781 return;
782 }
783 memset(util_fns, (UINT8 *)pTxEapol, 0x00, sizeof(EAPOL_KeyMsg_Tx_t));
784
785 formEAPOLEthHdr(priv, pTxEapol, da, sa);
786
787 pTxEapol->keyMsg.desc_type = pRxEapol->desc_type;
788 pTxEapol->keyMsg.key_info.KeyType = pRxEapol->key_info.KeyType;
789 pTxEapol->keyMsg.key_info.KeyMIC = 1;
790 pTxEapol->keyMsg.key_info.Secure = pRxEapol->key_info.Secure;
791 pTxEapol->keyMsg.replay_cnt[0] = pRxEapol->replay_cnt[0];
792 pTxEapol->keyMsg.replay_cnt[1] = pRxEapol->replay_cnt[1];
793
794 pTxEapol->keyMsg.key_info.KeyDescriptorVersion
795 = pRxEapol->key_info.KeyDescriptorVersion;
796
797 // Only for 4-w handshake message 2.
798 if (pSNonce) {
799 memcpy(util_fns, (UINT8 *)pTxEapol->keyMsg.key_nonce, pSNonce,
800 NONCE_SIZE);
801 }
802 }
803
804 void
KeyMgmtSta_PrepareEAPOLMicErrFrame(phostsa_private priv,EAPOL_KeyMsg_Tx_t * pTxEapol,BOOLEAN isUnicast,IEEEtypes_MacAddr_t * da,IEEEtypes_MacAddr_t * sa,keyMgmtInfoSta_t * pKeyMgmtInfoSta)805 KeyMgmtSta_PrepareEAPOLMicErrFrame(phostsa_private priv,
806 EAPOL_KeyMsg_Tx_t *pTxEapol,
807 BOOLEAN isUnicast, IEEEtypes_MacAddr_t *da,
808 IEEEtypes_MacAddr_t *sa,
809 keyMgmtInfoSta_t *pKeyMgmtInfoSta)
810 {
811 hostsa_util_fns *util_fns = &priv->util_fns;
812
813 if (!pTxEapol || !pKeyMgmtInfoSta) {
814 return;
815 }
816
817 memset(util_fns, (UINT8 *)pTxEapol, 0x00, sizeof(EAPOL_KeyMsg_Tx_t));
818
819 formEAPOLEthHdr(priv, pTxEapol, (t_u8 *)da, (t_u8 *)sa);
820
821 pTxEapol->keyMsg.key_info.KeyType = isUnicast;
822 pTxEapol->keyMsg.key_info.KeyMIC = 1;
823 pTxEapol->keyMsg.key_info.Secure = 1;
824 pTxEapol->keyMsg.key_info.Error = 1;
825 pTxEapol->keyMsg.key_info.Request = 1;
826 pTxEapol->keyMsg.replay_cnt[0] = htonl(pKeyMgmtInfoSta->staCounterHi);
827 pTxEapol->keyMsg.replay_cnt[1] = htonl(pKeyMgmtInfoSta->staCounterLo);
828
829 }
830
831 BOOLEAN
supplicantAkmIsWpaWpa2(phostsa_private priv,AkmSuite_t * pAkm)832 supplicantAkmIsWpaWpa2(phostsa_private priv, AkmSuite_t *pAkm)
833 {
834 hostsa_util_fns *util_fns = &priv->util_fns;
835
836 if (!memcmp(util_fns, pAkm->akmOui, wpa_oui, sizeof(wpa_oui)) ||
837 !memcmp(util_fns, pAkm->akmOui, kde_oui, sizeof(kde_oui))) {
838 return TRUE;
839 }
840
841 return FALSE;
842 }
843
844 BOOLEAN
supplicantAkmIsWpa2(phostsa_private priv,AkmSuite_t * pAkm)845 supplicantAkmIsWpa2(phostsa_private priv, AkmSuite_t *pAkm)
846 {
847 hostsa_util_fns *util_fns = &priv->util_fns;
848
849 if (memcmp(util_fns, pAkm->akmOui, kde_oui, sizeof(kde_oui)) == 0) {
850 return TRUE;
851 }
852
853 return FALSE;
854 }
855
856 BOOLEAN
supplicantAkmIsWpaWpa2Psk(phostsa_private priv,AkmSuite_t * pAkm)857 supplicantAkmIsWpaWpa2Psk(phostsa_private priv, AkmSuite_t *pAkm)
858 {
859 if (supplicantAkmIsWpaWpa2(priv, pAkm)) {
860 return ((pAkm->akmType == AKM_PSK) ||
861 (pAkm->akmType == AKM_SHA256_PSK) ||
862 (pAkm->akmType == AKM_FT_PSK));
863 }
864
865 return FALSE;
866 }
867
868 BOOLEAN
supplicantAkmUsesKdf(phostsa_private priv,AkmSuite_t * pAkm)869 supplicantAkmUsesKdf(phostsa_private priv, AkmSuite_t *pAkm)
870 {
871 if (supplicantAkmIsWpa2(priv, pAkm)) {
872 if ((pAkm->akmType == AKM_SHA256_PSK) ||
873 (pAkm->akmType == AKM_SHA256_1X) ||
874 (pAkm->akmType == AKM_FT_PSK) ||
875 (pAkm->akmType == AKM_FT_1X)) {
876 return TRUE;
877 }
878 }
879
880 return FALSE;
881 }
882
883 BOOLEAN
supplicantAkmWpa2Ft(phostsa_private priv,AkmSuite_t * pAkm)884 supplicantAkmWpa2Ft(phostsa_private priv, AkmSuite_t *pAkm)
885 {
886 if (supplicantAkmIsWpa2(priv, pAkm)) {
887 if ((pAkm->akmType == AKM_FT_PSK) ||
888 (pAkm->akmType == AKM_FT_1X)) {
889 return TRUE;
890 }
891 }
892
893 return FALSE;
894 }
895
896 BOOLEAN
supplicantAkmUsesSha256Pmkid(phostsa_private priv,AkmSuite_t * pAkm)897 supplicantAkmUsesSha256Pmkid(phostsa_private priv, AkmSuite_t *pAkm)
898 {
899 if (supplicantAkmIsWpa2(priv, pAkm)) {
900 if ((pAkm->akmType == AKM_SHA256_PSK) ||
901 (pAkm->akmType == AKM_SHA256_1X)) {
902 return TRUE;
903 }
904 }
905
906 return FALSE;
907 }
908
909 void
supplicantGenerateSha256Pmkid(phostsa_private priv,UINT8 * pPMK,IEEEtypes_MacAddr_t * pBssid,IEEEtypes_MacAddr_t * pSta,UINT8 * pPMKID)910 supplicantGenerateSha256Pmkid(phostsa_private priv, UINT8 *pPMK,
911 IEEEtypes_MacAddr_t *pBssid,
912 IEEEtypes_MacAddr_t *pSta, UINT8 *pPMKID)
913 {
914 hostsa_util_fns *util_fns = &priv->util_fns;
915 UINT8 *pOutput;
916 UINT8 *vectors[3];
917 size_t vectLen[NELEMENTS(vectors)];
918 UINT8 buf[500] = { 0 };
919
920 pOutput = (UINT8 *)buf;
921
922 /*
923 ** PMKID = Truncate-128(SHA-256("PMK Name" || AA || SPA)
924 */
925 vectors[0] = (UINT8 *)"PMK Name";
926 vectLen[0] = 8; /* strlen("PMK Name") */
927
928 vectors[1] = (UINT8 *)pBssid;
929 vectLen[1] = sizeof(IEEEtypes_MacAddr_t);
930
931 vectors[2] = (UINT8 *)pSta;
932 vectLen[2] = sizeof(IEEEtypes_MacAddr_t);
933
934 mrvl_sha256_crypto_vector((void *)priv, NELEMENTS(vectors), vectors,
935 vectLen, pOutput);
936
937 memcpy(util_fns, pPMKID, pOutput, PMKID_LEN);
938
939 }
940
941 BOOLEAN
supplicantGetPmkid(phostsa_private priv,IEEEtypes_MacAddr_t * pBssid,IEEEtypes_MacAddr_t * pStaAddr,AkmSuite_t * pAkm,UINT8 * pPMKID)942 supplicantGetPmkid(phostsa_private priv, IEEEtypes_MacAddr_t *pBssid,
943 IEEEtypes_MacAddr_t *pStaAddr,
944 AkmSuite_t *pAkm, UINT8 *pPMKID)
945 {
946 BOOLEAN retval;
947 UINT8 *pPMK;
948
949 retval = FALSE;
950
951 if (!supplicantAkmIsWpaWpa2Psk(priv, pAkm)) {
952 pPMK = pmkCacheFindPMK((void *)priv, pBssid);
953
954 /* found the PMK so generate the PMKID */
955 if (pPMK) {
956 if (supplicantAkmUsesSha256Pmkid(priv, pAkm)) {
957 supplicantGenerateSha256Pmkid(priv, pPMK,
958 pBssid, pStaAddr,
959 pPMKID);
960 } else {
961 supplicantGenerateSha1Pmkid(priv, pPMK, pBssid,
962 pStaAddr, pPMKID);
963 }
964
965 retval = TRUE;
966 }
967 }
968
969 return retval;
970 }
971
972 EAPOL_KeyMsg_t *
GetKeyMsgNonceFromEAPOL(phostsa_private priv,mlan_buffer * pmbuf,keyMgmtInfoSta_t * pKeyMgmtInfoSta)973 GetKeyMsgNonceFromEAPOL(phostsa_private priv, mlan_buffer *pmbuf,
974 keyMgmtInfoSta_t *pKeyMgmtInfoSta)
975 {
976 hostsa_util_fns *util_fns = &priv->util_fns;
977 EAPOL_KeyMsg_t *pKeyMsg =
978 (EAPOL_KeyMsg_t *)(pmbuf->pbuf + pmbuf->data_offset +
979 sizeof(ether_hdr_t));;
980
981 if (!KeyMgmtSta_IsRxEAPOLValid(priv, pKeyMgmtInfoSta, pKeyMsg)) {
982 PRINTM(MERROR, "KeyMgmtSta_IsRxEAPOLValid Fail\n");
983 return NULL;
984 }
985 /* Generate Nonce if this is first PWK Message */
986 if (pKeyMsg->key_info.KeyMIC == 0) {
987 memcpy(util_fns, pKeyMgmtInfoSta->ANonce,
988 pKeyMsg->key_nonce, NONCE_SIZE);
989
990 supplicantGenerateRand(priv, pKeyMgmtInfoSta->SNonce,
991 NONCE_SIZE);
992 }
993 return pKeyMsg;
994 }
995
996 #ifndef WAR_ROM_BUG50312_SIMUL_INFRA_WFD
997 EAPOL_KeyMsg_t *
ProcessRxEAPOL_PwkMsg3(phostsa_private priv,mlan_buffer * pmbuf,keyMgmtInfoSta_t * pKeyMgmtInfoSta)998 ProcessRxEAPOL_PwkMsg3(phostsa_private priv, mlan_buffer *pmbuf,
999 keyMgmtInfoSta_t *pKeyMgmtInfoSta)
1000 {
1001 hostsa_util_fns *util_fns = &priv->util_fns;
1002
1003 EAPOL_KeyMsg_t *pKeyMsg;
1004
1005 pKeyMsg = GetKeyMsgNonceFromEAPOL(priv, pmbuf, pKeyMgmtInfoSta);
1006 if (!pKeyMsg) {
1007 PRINTM(MERROR, "ProcessRxEAPOL_PwkMsg3 pKeyMsg is NULL\n");
1008 return NULL;
1009 }
1010 pKeyMgmtInfoSta->newPWKey.TxIV16 = 1;
1011 pKeyMgmtInfoSta->newPWKey.TxIV32 = 0;
1012
1013 /* look for group key once the pairwise has been plumbed */
1014 if (pKeyMsg->key_info.EncryptedKeyData) {
1015 /* I think the timer stop should be moved later on
1016 in case ramHook_Process_CCX_MFP_11r returns
1017 FALSE
1018 */
1019
1020 // microTimerStop(pKeyMgmtInfoSta->rsnTimer);
1021 util_fns->moal_stop_timer(util_fns->pmoal_handle,
1022 pKeyMgmtInfoSta->rsnTimer);
1023 //pKeyMgmtInfoSta->rsnTimer = 0;
1024
1025 KeyMgmtSta_ApplyKEK(priv, pKeyMsg,
1026 &pKeyMgmtInfoSta->GRKey,
1027 pKeyMgmtInfoSta->EAPOL_Encr_Key);
1028 #if 0
1029 if (ramHook_keyMgmtProcessMsgExt(pKeyMgmtInfoSta, pKeyMsg) ==
1030 FALSE) {
1031 return NULL;
1032 }
1033 #endif
1034 parseKeyDataGTK(priv, pKeyMsg->key_data,
1035 pKeyMsg->key_material_len,
1036 &pKeyMgmtInfoSta->GRKey);
1037
1038 }
1039 return pKeyMsg;
1040 }
1041 #endif
1042
1043 #ifndef WAR_ROM_BUG50312_SIMUL_INFRA_WFD
1044 EAPOL_KeyMsg_t *
ProcessRxEAPOL_GrpMsg1(phostsa_private priv,mlan_buffer * pmbuf,keyMgmtInfoSta_t * pKeyMgmtInfoSta)1045 ProcessRxEAPOL_GrpMsg1(phostsa_private priv, mlan_buffer *pmbuf,
1046 keyMgmtInfoSta_t *pKeyMgmtInfoSta)
1047 {
1048 hostsa_util_fns *util_fns = &priv->util_fns;
1049 EAPOL_KeyMsg_t *pKeyMsg;
1050 KeyData_t GRKey;
1051 pKeyMsg = GetKeyMsgNonceFromEAPOL(priv, pmbuf, pKeyMgmtInfoSta);
1052 if (!pKeyMsg) {
1053 return NULL;
1054 }
1055
1056 KeyMgmtSta_ApplyKEK(priv, pKeyMsg,
1057 &pKeyMgmtInfoSta->GRKey,
1058 pKeyMgmtInfoSta->EAPOL_Encr_Key);
1059
1060 pKeyMgmtInfoSta->RSNDataTrafficEnabled = 1;
1061 //microTimerStop(pKeyMgmtInfoSta->rsnTimer);
1062 util_fns->moal_stop_timer(util_fns->pmoal_handle,
1063 pKeyMgmtInfoSta->rsnTimer);
1064 //pKeyMgmtInfoSta->rsnTimer = 0;
1065
1066 /* Decrypt the group key */
1067 if (pKeyMsg->desc_type == 2) {
1068 /* WPA2 */
1069 /* handle it according to 802.11i GTK frame format */
1070 parseKeyDataGTK(priv, pKeyMsg->key_data,
1071 pKeyMsg->key_material_len, &GRKey);
1072 /* Not install same GTK */
1073 if (!memcmp
1074 (util_fns, pKeyMgmtInfoSta->GRKey.Key, GRKey.Key,
1075 TK_SIZE)) {
1076 priv->gtk_installed = 1;
1077 } else {
1078 memcpy(util_fns, &pKeyMgmtInfoSta->GRKey, &GRKey,
1079 sizeof(KeyData_t));
1080 pKeyMgmtInfoSta->GRKey.TxIV16 = GRKey.TxIV16;
1081 pKeyMgmtInfoSta->GRKey.TxIV32 = 0xFFFFFFFF;
1082 priv->gtk_installed = 0;
1083 }
1084 #if 0
1085 if (ramHook_keyMgmtProcessMsgExt(pKeyMgmtInfoSta, pKeyMsg) ==
1086 FALSE) {
1087 return NULL;
1088 }
1089 #endif
1090 } else {
1091 /* WPA or Dynamic WEP */
1092 if (!memcmp
1093 (util_fns, pKeyMgmtInfoSta->GRKey.Key, pKeyMsg->key_data,
1094 pKeyMsg->key_material_len)) {
1095 priv->gtk_installed = 1;
1096 } else {
1097 memcpy(util_fns, pKeyMgmtInfoSta->GRKey.Key,
1098 pKeyMsg->key_data, pKeyMsg->key_material_len);
1099
1100 pKeyMgmtInfoSta->GRKey.KeyIndex =
1101 pKeyMsg->key_info.KeyIndex;
1102 }
1103 }
1104
1105 return pKeyMsg;
1106 }
1107 #endif
1108
1109 void
KeyMgmtResetCounter(keyMgmtInfoSta_t * pKeyMgmtInfo)1110 KeyMgmtResetCounter(keyMgmtInfoSta_t *pKeyMgmtInfo)
1111 {
1112 if (pKeyMgmtInfo) {
1113 pKeyMgmtInfo->staCounterHi = 0;
1114 pKeyMgmtInfo->staCounterLo = 0;
1115 }
1116 }
1117
1118 /*
1119 ** This code executes when the MIC failure timer timesout
1120 */
1121 void
MicErrTimerExp_Sta(t_void * context)1122 MicErrTimerExp_Sta(t_void *context)
1123 {
1124 phostsa_private psapriv = (phostsa_private)context;
1125 keyMgmtInfoSta_t *pKeyMgmtInfo = &psapriv->suppData->keyMgmtInfoSta;
1126
1127 if (pKeyMgmtInfo) {
1128 //if (pKeyMgmtInfo->micTimer == timerId)
1129 {
1130 if (pKeyMgmtInfo->sta_MIC_Error.status
1131 == SECOND_MIC_FAIL_IN_60_SEC) {
1132 //ramHook_keyMgmtSendTkipQuietOver(data);
1133 }
1134
1135 pKeyMgmtInfo->sta_MIC_Error.status = NO_MIC_FAILURE;
1136 pKeyMgmtInfo->sta_MIC_Error.disableStaAsso = 0;
1137 }
1138
1139 pKeyMgmtInfo->micTimer = 0;
1140 }
1141 }
1142
1143 void
DeauthDelayTimerExp_Sta(t_void * context)1144 DeauthDelayTimerExp_Sta(t_void *context)
1145 {
1146 phostsa_private psapriv = (phostsa_private)context;
1147 keyMgmtInfoSta_t *pKeyMgmtInfoSta = &psapriv->suppData->keyMgmtInfoSta;
1148
1149 if (pKeyMgmtInfoSta) {
1150 //if (pKeyMgmtInfoSta->deauthDelayTimer == timerId)
1151 {
1152 if (pKeyMgmtInfoSta->sta_MIC_Error.status
1153 == SECOND_MIC_FAIL_IN_60_SEC) {
1154 //ramHook_keyMgmtSendDeauth(psapriv,
1155 // IEEEtypes_REASON_MIC_FAILURE);
1156 keyMgmtSendDeauth2Peer(psapriv,
1157 IEEEtypes_REASON_MIC_FAILURE);
1158 }
1159 }
1160
1161 pKeyMgmtInfoSta->deauthDelayTimer = 0;
1162 }
1163 }
1164
1165 /*
1166 ** Key Management timeout handler
1167 */
1168 void
keyMgmtStaRsnSecuredTimeoutHandler(t_void * context)1169 keyMgmtStaRsnSecuredTimeoutHandler(t_void *context)
1170 {
1171 phostsa_private psapriv = (phostsa_private)context;
1172 keyMgmtInfoSta_t *pKeyMgmtInfoSta = &psapriv->suppData->keyMgmtInfoSta;
1173
1174 if (pKeyMgmtInfoSta) {
1175 //if (pKeyMgmtInfoSta->rsnTimer == timerId)
1176 {
1177 if (pKeyMgmtInfoSta->RSNSecured == FALSE) {
1178 /* Clear timer before calling the timeout so the rsnTimer
1179 ** can't be cancelled during the sme state clearing.
1180 ** (caused timer re-entrancy failure).
1181 */
1182 //pKeyMgmtInfoSta->rsnTimer = 0;
1183 //ramHook_keyMgmtSendDeauth(
1184 // psapriv,
1185 // IEEEtypes_REASON_4WAY_HANDSHK_TIMEOUT);
1186 keyMgmtSendDeauth2Peer(psapriv,
1187 IEEEtypes_REASON_4WAY_HANDSHK_TIMEOUT);
1188 }
1189 }
1190 //pKeyMgmtInfoSta->rsnTimer = 0;
1191 }
1192 }
1193
1194 void
keyMgmtSta_StartSession_internal(phostsa_private priv,keyMgmtInfoSta_t * pKeyMgmtInfoSta,UINT32 expiry,UINT8 flags)1195 keyMgmtSta_StartSession_internal(phostsa_private priv,
1196 keyMgmtInfoSta_t *pKeyMgmtInfoSta,
1197 //MicroTimerCallback_t callback,
1198 UINT32 expiry, UINT8 flags)
1199 {
1200 hostsa_util_fns *util_fns = &priv->util_fns;
1201
1202 if (!pKeyMgmtInfoSta->sta_MIC_Error.disableStaAsso) {
1203 //microTimerStop(pKeyMgmtInfoSta->rsnTimer);
1204 util_fns->moal_stop_timer(util_fns->pmoal_handle,
1205 pKeyMgmtInfoSta->rsnTimer);
1206 //pKeyMgmtInfoSta->rsnTimer = 0;
1207 //microTimerStart(callback,
1208 // (UINT32)pKeyMgmtInfoSta,
1209 // expiry,
1210 // &pKeyMgmtInfoSta->rsnTimer,
1211 // flags);
1212 util_fns->moal_start_timer(util_fns->pmoal_handle,
1213 pKeyMgmtInfoSta->rsnTimer, MFALSE,
1214 expiry);
1215 }
1216
1217 /* reset the authenticator replay counter */
1218 pKeyMgmtInfoSta->apCounterLo = 0;
1219 pKeyMgmtInfoSta->apCounterHi = 0;
1220 pKeyMgmtInfoSta->apCounterZeroDone = 0;
1221 }
1222
1223 void
KeyMgmtSta_handleMICDeauthTimer(keyMgmtInfoSta_t * pKeyMgmtInfoSta,MicroTimerCallback_t callback,UINT32 expiry,UINT8 flags)1224 KeyMgmtSta_handleMICDeauthTimer(keyMgmtInfoSta_t *pKeyMgmtInfoSta,
1225 MicroTimerCallback_t callback,
1226 UINT32 expiry, UINT8 flags)
1227 {
1228 #if 0
1229 microTimerStop(pKeyMgmtInfoSta->deauthDelayTimer);
1230
1231 microTimerStart(callback,
1232 (UINT32)pKeyMgmtInfoSta,
1233 expiry, &pKeyMgmtInfoSta->deauthDelayTimer, flags);
1234 #endif
1235 }
1236
1237 #ifndef WAR_ROM_BUG57216_QUIET_TIME_INTERVAL
1238 /* This function assumes that argument state would be either
1239 NO_MIC_FAILURE or FIRST_MIC_FAIL_IN_60_SEC
1240 It must not be called with state othe than these two
1241 */
1242 void
KeyMgmtSta_handleMICErr(MIC_Fail_State_e state,keyMgmtInfoSta_t * pKeyMgmtInfoSta,MicroTimerCallback_t callback,UINT8 flags)1243 KeyMgmtSta_handleMICErr(MIC_Fail_State_e state,
1244 keyMgmtInfoSta_t *pKeyMgmtInfoSta,
1245 MicroTimerCallback_t callback, UINT8 flags)
1246 {
1247 UINT32 expiry;
1248 // UINT32 int_save = tx_interrupt_control(TX_INT_DISABLE);
1249
1250 if (state == NO_MIC_FAILURE) {
1251 /* First MIC failure */
1252 pKeyMgmtInfoSta->sta_MIC_Error.status =
1253 FIRST_MIC_FAIL_IN_60_SEC;
1254 expiry = MIC_ERROR_CHECK_TIME_INTERVAL;
1255 } else {
1256 /* Received 2 MIC failures within 60 sec. Do deauth from AP */
1257 pKeyMgmtInfoSta->sta_MIC_Error.disableStaAsso = 1;
1258 pKeyMgmtInfoSta->sta_MIC_Error.status =
1259 SECOND_MIC_FAIL_IN_60_SEC;
1260 pKeyMgmtInfoSta->apCounterHi = 0;
1261 pKeyMgmtInfoSta->apCounterLo = 0;
1262 expiry = MIC_ERROR_QUIET_TIME_INTERVAL;
1263 }
1264 // tx_interrupt_control(int_save);
1265 #if 0
1266 microTimerStop(pKeyMgmtInfoSta->micTimer);
1267
1268 microTimerStart(callback,
1269 (UINT32)pKeyMgmtInfoSta,
1270 expiry, &pKeyMgmtInfoSta->micTimer, flags);
1271 #endif
1272 }
1273 #endif
1274
1275 /*
1276 ** Initialize the Key Mgmt session
1277 */
1278 void
KeyMgmtSta_InitSession(phostsa_private priv,keyMgmtInfoSta_t * pKeyMgmtInfoSta)1279 KeyMgmtSta_InitSession(phostsa_private priv, keyMgmtInfoSta_t *pKeyMgmtInfoSta)
1280 {
1281 hostsa_util_fns *util_fns = &priv->util_fns;
1282
1283 pKeyMgmtInfoSta->RSNDataTrafficEnabled = FALSE;
1284 pKeyMgmtInfoSta->RSNSecured = FALSE;
1285 pKeyMgmtInfoSta->pRxDecryptKey = NULL;
1286 pKeyMgmtInfoSta->pwkHandshakeComplete = FALSE;
1287
1288 if (!pKeyMgmtInfoSta->sta_MIC_Error.disableStaAsso) {
1289 // microTimerStop(pKeyMgmtInfoSta->micTimer);
1290 pKeyMgmtInfoSta->micTimer = 0;
1291 // microTimerStop(pKeyMgmtInfoSta->deauthDelayTimer);
1292 pKeyMgmtInfoSta->deauthDelayTimer = 0;
1293 }
1294 // microTimerStop(pKeyMgmtInfoSta->rsnTimer);
1295 util_fns->moal_stop_timer(util_fns->pmoal_handle,
1296 pKeyMgmtInfoSta->rsnTimer);
1297
1298 //pKeyMgmtInfoSta->rsnTimer = 0;
1299 }
1300