1 /*
2 * admCtrlWpa.c
3 *
4 * Copyright(c) 1998 - 2010 Texas Instruments. All rights reserved.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 * * Neither the name Texas Instruments nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 /** \file admCtrl.c
35 * \brief Admission control API implimentation
36 *
37 * \see admCtrl.h
38 */
39
40 /****************************************************************************
41 * *
42 * MODULE: Admission Control *
43 * PURPOSE: Admission Control Module API *
44 * *
45 ****************************************************************************/
46
47 #define __FILE_ID__ FILE_ID_19
48 #include "osApi.h"
49 #include "paramOut.h"
50 #include "mlmeApi.h"
51 #include "802_11Defs.h"
52 #include "DataCtrl_Api.h"
53 #include "report.h"
54 #include "rsn.h"
55 #include "admCtrl.h"
56 #include "admCtrlWpa.h"
57 #include "admCtrlWpa2.h"
58 #ifdef XCC_MODULE_INCLUDED
59 #include "admCtrlXCC.h"
60 #include "XCCMngr.h"
61 #endif
62 #include "siteMgrApi.h"
63 #include "TWDriver.h"
64
65 /* Constants */
66 #define MAX_NETWORK_MODE 2
67 #define MAX_WPA_CIPHER_SUITE 7
68
69
70
71 /* Enumerations */
72
73 /* Typedefs */
74
75 /* Structures */
76
77 /* External data definitions */
78
79 /* Local functions definitions */
80
81 /* Global variables */
82
83 static TI_UINT8 wpaIeOuiIe[3] = { 0x00, 0x50, 0xf2};
84
85 static TI_BOOL broadcastCipherSuiteValidity[MAX_NETWORK_MODE][MAX_WPA_CIPHER_SUITE]=
86 {
87 /* RSN_IBSS */ {
88 /* NONE */ TI_FALSE,
89 /* WEP40 */ TI_FALSE,
90 /* TKIP */ TI_TRUE,
91 /* AES_WRAP */ TI_TRUE,
92 /* AES_CCMP */ TI_TRUE,
93 /* WEP104 */ TI_FALSE,
94 /* CKIP */ TI_FALSE},
95
96 /* RSN_INFRASTRUCTURE */ {
97 /* NONE */ TI_FALSE,
98 /* WEP */ TI_TRUE,
99 /* TKIP */ TI_TRUE,
100 /* AES_WRAP */ TI_TRUE,
101 /* AES_CCMP */ TI_TRUE,
102 /* WEP104 */ TI_TRUE,
103 /* CKIP */ TI_TRUE}
104 };
105
106 /** WPA admission table. Used to verify admission parameters to an AP */
107 /* table parameters:
108 Max unicast cipher in the IE
109 Max broadcast cipher in the IE
110 Encryption status
111 */
112 typedef struct
113 {
114 TI_STATUS status;
115 ECipherSuite unicast;
116 ECipherSuite broadcast;
117 TI_UINT8 evaluation;
118 } admCtrlWpa_validity_t;
119
120 static admCtrlWpa_validity_t admCtrlWpa_validityTable[MAX_WPA_CIPHER_SUITE][MAX_WPA_CIPHER_SUITE][MAX_WPA_CIPHER_SUITE] =
121 {
122 /* AP unicast NONE */ {
123 /* AP multicast NONE */ {
124 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
125 /* STA WEP40 */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
126 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
127 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
128 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
129 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
130 /* AP multicast WEP40 */ {
131 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
132 /* STA WEP40 */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP ,1},
133 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
134 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
135 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
136 /* STA WEP104 */{ TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP104 ,1}},
137 /* AP multicast TKIP */ {
138 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
139 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
140 /* STA TKIP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_TKIP ,2},
141 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
142 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
143 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
144 /* AP multicast WRAP */ {
145 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
146 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
147 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
148 /* STA WRAP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_AES_WRAP ,3},
149 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
150 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
151 /* AP multicast CCMP */ {
152 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
153 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
154 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
155 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
156 /* STA CCMP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_AES_CCMP ,3},
157 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
158 /* AP multicast WEP104 */ {
159 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
160 /* STA WEP40 */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP ,1},
161 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
162 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
163 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
164 /* STA WEP104 */{ TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP104 ,1}}},
165 /* AP unicast WEP */ {
166 /* AP multicast NONE */ {
167 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
168 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
169 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
170 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
171 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
172 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
173 /* AP multicast WEP */ {
174 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
175 /* STA WEP */ { TI_OK, TWD_CIPHER_WEP, TWD_CIPHER_WEP ,1},
176 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
177 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
178 /* STA CCMP */ { TI_OK, TWD_CIPHER_WEP, TWD_CIPHER_WEP ,1},
179 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
180 /* AP multicast TKIP */ {
181 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
182 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
183 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
184 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
185 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
186 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
187 /* AP multicast WRAP */ {
188 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
189 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
190 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
191 /* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
192 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
193 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
194 /* AP multicast CCMP */ {
195 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
196 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
197 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
198 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
199 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
200 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
201 /* AP multicast WEP104 */ {
202 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
203 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
204 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
205 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
206 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
207 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}},
208 /* AP unicast TKIP */ {
209 /* AP multicast NONE */ {
210 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
211 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
212 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
213 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
214 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
215 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
216 /* AP multicast WEP */ {
217 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
218 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
219 /* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_WEP ,4},
220 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
221 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
222 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
223 /* AP multicast TKIP */ {
224 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
225 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
226 /* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_TKIP ,7},
227 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
228 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
229 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
230 /* AP multicast WRAP */ {
231 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
232 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
233 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
234 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
235 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
236 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
237 /* AP multicast CCMP */ {
238 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
239 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
240 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
241 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
242 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
243 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
244 /* AP multicast WEP104 */ {
245 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
246 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
247 /* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_WEP104 ,4},
248 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
249 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
250 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}},
251 /* AP unicast AES_WRAP */ {
252 /* AP multicast NONE */ {
253 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
254 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
255 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
256 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
257 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
258 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
259 /* AP multicast WEP40 */ {
260 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
261 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
262 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
263 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_WEP ,5},
264 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
265 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
266 /* AP multicast TKIP */ {
267 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
268 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
269 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
270 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_TKIP ,6},
271 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
272 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
273 /* AP multicast WRAP */ {
274 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
275 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
276 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
277 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_AES_WRAP ,8},
278 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
279 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
280 /* AP multicast CCMP */ {
281 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
282 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
283 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
284 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
285 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
286 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
287 /* AP multicast WEP104 */ {
288 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
289 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
290 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
291 /* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_WEP104 ,5},
292 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
293 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}},
294 /* AP unicast AES_CCMP */ {
295 /* AP multicast NONE */ {
296 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
297 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
298 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
299 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
300 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
301 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
302 /* AP multicast WEP */ {
303 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
304 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
305 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
306 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
307 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_WEP ,5},
308 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
309 /* AP multicast TKIP */ {
310 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
311 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
312 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
313 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
314 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_TKIP ,6},
315 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
316 /* AP multicast WRAP */ {
317 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
318 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
319 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
320 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
321 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
322 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
323 /* AP multicast CCMP */ {
324 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
325 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
326 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
327 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
328 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_AES_CCMP ,7},
329 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
330 /* AP multicast WEP */ {
331 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
332 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
333 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
334 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
335 /* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_WEP104 ,5},
336 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}},
337 /* AP unicast WEP104 */ {
338 /* AP multicast NONE */ {
339 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
340 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
341 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
342 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
343 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
344 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
345 /* AP multicast WEP */ {
346 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
347 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
348 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
349 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
350 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
351 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
352 /* AP multicast TKIP */ {
353 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
354 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
355 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
356 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
357 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
358 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
359 /* AP multicast WRAP */ {
360 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
361 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
362 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
363 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
364 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
365 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
366 /* AP multicast CCMP */ {
367 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
368 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
369 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
370 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
371 /* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
372 /* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
373 /* AP multicast WEP104 */ {
374 /* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
375 /* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
376 /* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
377 /* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
378 /* STA CCMP */ { TI_OK, TWD_CIPHER_WEP104, TWD_CIPHER_WEP104 ,1},
379 /* STA WEP104 */{ TI_OK, TWD_CIPHER_WEP104, TWD_CIPHER_WEP104 ,1}}}
380
381
382 };
383
384 /* Function prototypes */
385 TI_STATUS admCtrlWpa_parseIe(admCtrl_t *pAdmCtrl, TI_UINT8 *pWpaIe, wpaIeData_t *pWpaData);
386 TI_UINT16 admCtrlWpa_buildCapabilities(TI_UINT16 replayCnt);
387 TI_UINT32 admCtrlWpa_parseSuiteVal(admCtrl_t *pAdmCtrl, TI_UINT8* suiteVal,wpaIeData_t *pWpaData,TI_UINT32 maxVal);
388 TI_STATUS admCtrlWpa_checkCipherSuiteValidity (ECipherSuite unicastSuite, ECipherSuite broadcastSuite, ECipherSuite encryptionStatus);
389 static TI_STATUS admCtrlWpa_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, TI_BOOL *wpa_802_1x_AkmExists);
390
391
392 /**
393 *
394 * admCtrlWpa_config - Configure XCC admission control.
395 *
396 * \b Description:
397 *
398 * Configure XCC admission control.
399 *
400 * \b ARGS:
401 *
402 * I - pAdmCtrl - context \n
403 *
404 * \b RETURNS:
405 *
406 * TI_OK on success, TI_NOK on failure.
407 *
408 * \sa
409 */
admCtrlWpa_config(admCtrl_t * pAdmCtrl)410 TI_STATUS admCtrlWpa_config(admCtrl_t *pAdmCtrl)
411 {
412 TI_STATUS status;
413 TRsnPaeConfig paeConfig;
414
415 /* check and set admission control default parameters */
416 pAdmCtrl->authSuite = RSN_AUTH_OPEN;
417 if (pAdmCtrl->unicastSuite == TWD_CIPHER_NONE)
418 {
419 pAdmCtrl->unicastSuite = TWD_CIPHER_TKIP;
420 }
421 if (pAdmCtrl->broadcastSuite == TWD_CIPHER_NONE)
422 {
423 pAdmCtrl->broadcastSuite = TWD_CIPHER_TKIP;
424 }
425
426 /* set callback functions (API) */
427 pAdmCtrl->getInfoElement = admCtrlWpa_getInfoElement;
428 pAdmCtrl->setSite = admCtrlWpa_setSite;
429 pAdmCtrl->evalSite = admCtrlWpa_evalSite;
430
431 pAdmCtrl->getPmkidList = admCtrl_nullGetPMKIDlist;
432 pAdmCtrl->setPmkidList = admCtrl_nullSetPMKIDlist;
433 pAdmCtrl->resetPmkidList = admCtrl_resetPMKIDlist;
434 pAdmCtrl->getPreAuthStatus = admCtrl_nullGetPreAuthStatus;
435 pAdmCtrl->startPreAuth = admCtrl_nullStartPreAuth;
436 pAdmCtrl->get802_1x_AkmExists = admCtrlWpa_get802_1x_AkmExists;
437
438 /* set cipher suite */
439 switch (pAdmCtrl->externalAuthMode)
440 {
441 case RSN_EXT_AUTH_MODE_WPA:
442 case RSN_EXT_AUTH_MODE_WPAPSK:
443 /* The cipher suite should be set by the External source via
444 the Encryption field*/
445 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X;
446 break;
447 case RSN_EXT_AUTH_MODE_WPANONE:
448 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE;
449 /* Not supported */
450 default:
451 return TI_NOK;
452 }
453
454
455 paeConfig.authProtocol = pAdmCtrl->externalAuthMode;
456 paeConfig.unicastSuite = pAdmCtrl->unicastSuite;
457 paeConfig.broadcastSuite = pAdmCtrl->broadcastSuite;
458 paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite;
459 /* set default PAE configuration */
460 status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig);
461
462 return status;
463 }
464
465
466
467
admCtrlWpa_dynamicConfig(admCtrl_t * pAdmCtrl,wpaIeData_t * pWpaData)468 TI_STATUS admCtrlWpa_dynamicConfig(admCtrl_t *pAdmCtrl,wpaIeData_t *pWpaData)
469 {
470 TI_STATUS status;
471 TRsnPaeConfig paeConfig;
472
473
474 /* set callback functions (API) */
475 pAdmCtrl->getInfoElement = admCtrlWpa_getInfoElement;
476
477 switch (pAdmCtrl->externalAuthMode)
478 {
479 case RSN_EXT_AUTH_MODE_WPA:
480 case RSN_EXT_AUTH_MODE_WPAPSK:
481 /* The cipher suite should be set by the External source via
482 the Encryption field*/
483 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X;
484 break;
485 case RSN_EXT_AUTH_MODE_WPANONE:
486 pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE;
487 /* Not supported */
488 default:
489 return TI_NOK;
490 }
491
492
493 paeConfig.authProtocol = pAdmCtrl->externalAuthMode;
494 paeConfig.unicastSuite = pWpaData->unicastSuite[0];
495 paeConfig.broadcastSuite = pWpaData->broadcastSuite;
496 paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite;
497 /* set default PAE configuration */
498 status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig);
499
500 return status;
501 }
502
503 /**
504 *
505 * admCtrlWpa_getInfoElement - Get the current information element.
506 *
507 * \b Description:
508 *
509 * Get the current information element.
510 *
511 * \b ARGS:
512 *
513 * I - pAdmCtrl - context \n
514 * I - pIe - IE buffer \n
515 * I - pLength - length of IE \n
516 *
517 * \b RETURNS:
518 *
519 * TI_OK on success, TI_NOK on failure.
520 *
521 * \sa
522 */
523
admCtrlWpa_getInfoElement(admCtrl_t * pAdmCtrl,TI_UINT8 * pIe,TI_UINT32 * pLength)524 TI_STATUS admCtrlWpa_getInfoElement(admCtrl_t *pAdmCtrl, TI_UINT8 *pIe, TI_UINT32 *pLength)
525 {
526 wpaIePacket_t localWpaPkt;
527 wpaIePacket_t *pWpaIePacket;
528 TI_UINT8 length;
529 TI_UINT16 tempInt;
530 TIWLN_SIMPLE_CONFIG_MODE wscMode;
531
532 /* Get Simple-Config state */
533 siteMgr_getParamWSC(pAdmCtrl->pRsn->hSiteMgr, &wscMode); /* SITE_MGR_SIMPLE_CONFIG_MODE */
534
535 if (pIe==NULL)
536 {
537 *pLength = 0;
538 return TI_NOK;
539 }
540
541 if ((wscMode != TIWLN_SIMPLE_CONFIG_OFF) &&
542 (pAdmCtrl->broadcastSuite == TWD_CIPHER_NONE) &&
543 (pAdmCtrl->unicastSuite == TWD_CIPHER_NONE))
544 {
545 *pLength = 0;
546 return TI_NOK;
547 }
548
549 /* Check validity of WPA IE */
550 if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][pAdmCtrl->broadcastSuite])
551 { /* check Group suite validity */
552 *pLength = 0;
553 return TI_NOK;
554 }
555
556
557 if (pAdmCtrl->unicastSuite == TWD_CIPHER_WEP)
558 { /* check pairwise suite validity */
559 *pLength = 0;
560 return TI_NOK;
561 }
562
563 /* Build Wpa IE */
564 pWpaIePacket = &localWpaPkt;
565 os_memoryZero(pAdmCtrl->hOs, pWpaIePacket, sizeof(wpaIePacket_t));
566 pWpaIePacket->elementid= WPA_IE_ID;
567 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->oui, wpaIeOuiIe, 3);
568 pWpaIePacket->ouiType = WPA_OUI_DEF_TYPE;
569
570 tempInt = WPA_OUI_MAX_VERSION;
571 COPY_WLAN_WORD(&pWpaIePacket->version, &tempInt);
572
573 length = sizeof(wpaIePacket_t)-2;
574
575 /* check defaults */
576 if (pAdmCtrl->replayCnt==1)
577 {
578 length -= 2; /* 2: capabilities + 4: keyMng suite, 2: keyMng count*/
579 #if 0 /* The following was removed since there are APs which do no accept
580 the default WPA IE */
581 if (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA)
582 {
583 length -= 6; /* 2: capabilities + 4: keyMng suite, 2: keyMng count*/
584 if (pAdmCtrl->unicastSuite == TWD_CIPHER_TKIP)
585 {
586 length -= 6; /* 4: unicast suite, 2: unicast count */
587 if (pAdmCtrl->broadcastSuite == TWD_CIPHER_TKIP)
588 {
589 length -= 4; /* broadcast suite */
590 }
591 }
592 }
593 #endif
594 }
595
596 pWpaIePacket->length = length;
597 *pLength = length+2;
598
599 if (length>=WPA_IE_MIN_DEFAULT_LENGTH)
600 { /* build Capabilities */
601 pWpaIePacket->capabilities = ENDIAN_HANDLE_WORD(admCtrlWpa_buildCapabilities(pAdmCtrl->replayCnt));
602 }
603
604 if (length>=WPA_IE_MIN_KEY_MNG_SUITE_LENGTH(1))
605 {
606 /* build keyMng suite */
607
608 tempInt = 0x0001;
609 COPY_WLAN_WORD(&pWpaIePacket->authKeyMngSuiteCnt, &tempInt);
610
611 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->authKeyMngSuite, wpaIeOuiIe, 3);
612
613 switch (pAdmCtrl->externalAuthMode)
614 {
615 case RSN_EXT_AUTH_MODE_OPEN:
616 case RSN_EXT_AUTH_MODE_SHARED_KEY:
617 case RSN_EXT_AUTH_MODE_AUTO_SWITCH:
618 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_NONE;
619 break;
620 case RSN_EXT_AUTH_MODE_WPA:
621 {
622 #ifdef XCC_MODULE_INCLUDED
623 TI_UINT8 akmSuite[DOT11_OUI_LEN];
624
625 if (admCtrlXCC_getCckmAkm(pAdmCtrl, akmSuite))
626 {
627 os_memoryCopy(pAdmCtrl->hOs, (void*)pWpaIePacket->authKeyMngSuite, akmSuite, DOT11_OUI_LEN);
628 }
629 else
630 #endif
631 {
632 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_801_1X;
633 }
634 }
635
636 break;
637
638 case RSN_EXT_AUTH_MODE_WPAPSK:
639 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_PSK_801_1X;
640 break;
641 default:
642 pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_NONE;
643 break;
644 }
645
646 }
647
648
649 if (length>=WPA_IE_MIN_PAIRWISE_SUITE_LENGTH)
650 {
651
652 #ifdef XCC_MODULE_INCLUDED
653 if ((pAdmCtrl->pRsn->paeConfig.unicastSuite==TWD_CIPHER_CKIP) ||
654 (pAdmCtrl->pRsn->paeConfig.broadcastSuite==TWD_CIPHER_CKIP))
655 {
656 admCtrlXCC_getWpaCipherInfo(pAdmCtrl,pWpaIePacket);
657 }
658 else
659 #endif
660 {
661
662 /* build pairwise suite */
663
664 tempInt = 0x0001;
665 COPY_WLAN_WORD(&pWpaIePacket->pairwiseSuiteCnt, &tempInt);
666
667 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->pairwiseSuite, wpaIeOuiIe, 3);
668 pWpaIePacket->pairwiseSuite[3] = (TI_UINT8)pAdmCtrl->pRsn->paeConfig.unicastSuite;
669
670 if (length>=WPA_IE_GROUP_SUITE_LENGTH)
671 { /* build group suite */
672 os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->groupSuite, wpaIeOuiIe, 3);
673 pWpaIePacket->groupSuite[3] = (TI_UINT8)pAdmCtrl->pRsn->paeConfig.broadcastSuite;
674 }
675 }
676 }
677 os_memoryCopy(pAdmCtrl->hOs, (TI_UINT8*)pIe, (TI_UINT8*)pWpaIePacket, sizeof(wpaIePacket_t));
678 return TI_OK;
679
680 }
681 /**
682 *
683 * admCtrlWpa_setSite - Set current primary site parameters for registration.
684 *
685 * \b Description:
686 *
687 * Set current primary site parameters for registration.
688 *
689 * \b ARGS:
690 *
691 * I - pAdmCtrl - context \n
692 * I - pRsnData - site's RSN data \n
693 * O - pAssocIe - result IE of evaluation \n
694 * O - pAssocIeLen - length of result IE of evaluation \n
695 *
696 * \b RETURNS:
697 *
698 * TI_OK on site is aproved, TI_NOK on site is rejected.
699 *
700 * \sa
701 */
admCtrlWpa_setSite(admCtrl_t * pAdmCtrl,TRsnData * pRsnData,TI_UINT8 * pAssocIe,TI_UINT8 * pAssocIeLen)702 TI_STATUS admCtrlWpa_setSite(admCtrl_t *pAdmCtrl, TRsnData *pRsnData, TI_UINT8 *pAssocIe, TI_UINT8 *pAssocIeLen)
703 {
704 TI_STATUS status;
705 paramInfo_t *pParam;
706 TTwdParamInfo tTwdParam;
707 wpaIeData_t wpaData;
708 ECipherSuite encryptionStatus;
709 admCtrlWpa_validity_t *pAdmCtrlWpa_validity=NULL;
710 TI_UINT8 *pWpaIe;
711 TI_UINT8 index;
712
713 *pAssocIeLen = 0;
714
715 if (pRsnData==NULL)
716 {
717 return TI_NOK;
718 }
719
720 pParam = (paramInfo_t *)os_memoryAlloc(pAdmCtrl->hOs, sizeof(paramInfo_t));
721 if (!pParam)
722 {
723 return TI_NOK;
724 }
725
726 if (pRsnData->pIe==NULL)
727 {
728 /* configure the MLME module with the 802.11 OPEN authentication suite,
729 THe MLME will configure later the authentication module */
730 pParam->paramType = MLME_LEGACY_TYPE_PARAM;
731 pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM;
732 status = mlme_setParam(pAdmCtrl->hMlme, pParam);
733 goto adm_ctrl_wpa_end;
734 }
735
736 #ifdef XCC_MODULE_INCLUDED
737 /* Check if Aironet IE exists */
738 admCtrlXCC_setExtendedParams(pAdmCtrl, pRsnData);
739 #endif /*XCC_MODULE_INCLUDED*/
740
741 /* Check if any-WPA mode is supported and WPA2 info elem is presented */
742 /* If yes - perform WPA2 set site procedure */
743 if(pAdmCtrl->WPAMixedModeEnable && pAdmCtrl->WPAPromoteFlags)
744 {
745 if((admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, RSN_IE_ID)== TI_OK) &&
746 (pWpaIe != NULL))
747 {
748 status = admCtrlWpa2_setSite(pAdmCtrl, pRsnData, pAssocIe, pAssocIeLen);
749 if(status == TI_OK)
750 goto adm_ctrl_wpa_end;
751 }
752 }
753
754 status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, WPA_IE_ID);
755 if (status != TI_OK)
756 {
757 goto adm_ctrl_wpa_end;
758 }
759 status = admCtrlWpa_parseIe(pAdmCtrl, pWpaIe, &wpaData);
760 if (status != TI_OK)
761 {
762 goto adm_ctrl_wpa_end;
763 }
764 if ((wpaData.unicastSuite[0]>=MAX_WPA_CIPHER_SUITE) ||
765 (wpaData.broadcastSuite>=MAX_WPA_CIPHER_SUITE) ||
766 (pAdmCtrl->unicastSuite>=MAX_WPA_CIPHER_SUITE))
767 {
768 status = TI_NOK;
769 goto adm_ctrl_wpa_end;
770 }
771
772 pAdmCtrl->encrInSw = wpaData.XCCKp;
773 pAdmCtrl->micInSw = wpaData.XCCMic;
774
775 /*Because ckip is a proprietary encryption for Cisco then a different validity check is needed */
776 if(wpaData.broadcastSuite == TWD_CIPHER_CKIP || wpaData.unicastSuite[0] == TWD_CIPHER_CKIP)
777 {
778 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus);
779 /*Funk supplicant can support CCKM only if it configures the driver to TKIP encryption. */
780 if (encryptionStatus != TWD_CIPHER_TKIP) {
781 status = TI_NOK;
782 goto adm_ctrl_wpa_end;
783 }
784 if (pAdmCtrl->encrInSw)
785 pAdmCtrl->XCCSupport = TI_TRUE;
786 }
787 else
788 {
789 /* Check validity of Group suite */
790 if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][wpaData.broadcastSuite])
791 { /* check Group suite validity */
792 status = TI_NOK;
793 goto adm_ctrl_wpa_end;
794 }
795
796 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus);
797 for (index=0; index<wpaData.unicastSuiteCnt; index++)
798 {
799 pAdmCtrlWpa_validity = &admCtrlWpa_validityTable[wpaData.unicastSuite[index]][wpaData.broadcastSuite][encryptionStatus];
800 if (pAdmCtrlWpa_validity->status ==TI_OK)
801 {
802 break;
803 }
804 }
805
806 if (pAdmCtrlWpa_validity->status != TI_OK)
807 {
808 status = pAdmCtrlWpa_validity->status;
809 goto adm_ctrl_wpa_end;
810 }
811
812 /* set cipher suites */
813 wpaData.unicastSuite[0] = pAdmCtrlWpa_validity->unicast ;/*wpaData.unicastSuite[0];*/
814 wpaData.broadcastSuite = pAdmCtrlWpa_validity->broadcast; /*wpaData.broadcastSuite;*/
815 }
816 /* set external auth mode according to the key Mng Suite */
817 switch (wpaData.KeyMngSuite[0])
818 {
819 case WPA_IE_KEY_MNG_NONE:
820 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_OPEN;
821 break;
822 case WPA_IE_KEY_MNG_801_1X:
823 #ifdef XCC_MODULE_INCLUDED
824 case WPA_IE_KEY_MNG_CCKM:
825 #endif
826 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPA;
827 break;
828 case WPA_IE_KEY_MNG_PSK_801_1X:
829 #if 0 /* code will remain here until the WSC spec will be closed*/
830 if ((wpaData.KeyMngSuiteCnt > 1) && (wpaData.KeyMngSuite[1] == WPA_IE_KEY_MNG_801_1X))
831 {
832 /*WLAN_OS_REPORT (("Overriding for simple-config - setting external auth to MODE WPA\n"));*/
833 /*pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPA;*/
834 }
835 else
836 {
837 /*pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPAPSK;*/
838 }
839 #endif
840 break;
841 default:
842 pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_OPEN;
843 break;
844 }
845
846
847 #ifdef XCC_MODULE_INCLUDED
848 pParam->paramType = XCC_CCKM_EXISTS;
849 pParam->content.XCCCckmExists = (wpaData.KeyMngSuite[0]==WPA_IE_KEY_MNG_CCKM) ? TI_TRUE : TI_FALSE;
850 XCCMngr_setParam(pAdmCtrl->hXCCMngr, pParam);
851 #endif
852 /* set replay counter */
853 pAdmCtrl->replayCnt = wpaData.replayCounters;
854
855 *pAssocIeLen = pRsnData->ieLen;
856 if (pAssocIe != NULL)
857 {
858 os_memoryCopy(pAdmCtrl->hOs, pAssocIe, &wpaData, sizeof(wpaIeData_t));
859 }
860
861
862 /* Now we configure the MLME module with the 802.11 legacy authentication suite,
863 THe MLME will configure later the authentication module */
864 pParam->paramType = MLME_LEGACY_TYPE_PARAM;
865 #ifdef XCC_MODULE_INCLUDED
866 if (pAdmCtrl->networkEapMode!=OS_XCC_NETWORK_EAP_OFF)
867 {
868 pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_RESERVED1;
869 }
870 else
871 #endif
872 {
873 pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM;
874 }
875
876
877 status = mlme_setParam(pAdmCtrl->hMlme, pParam);
878 if (status != TI_OK)
879 {
880 goto adm_ctrl_wpa_end;
881 }
882
883 pParam->paramType = RX_DATA_EAPOL_DESTINATION_PARAM;
884 pParam->content.rxDataEapolDestination = OS_ABS_LAYER;
885 status = rxData_setParam(pAdmCtrl->hRx, pParam);
886 if (status != TI_OK)
887 {
888 goto adm_ctrl_wpa_end;
889 }
890
891 /* Configure privacy status in HAL so that HW is prepared to recieve keys */
892 tTwdParam.paramType = TWD_RSN_SECURITY_MODE_PARAM_ID;
893 tTwdParam.content.rsnEncryptionStatus = (ECipherSuite)wpaData.unicastSuite[0];
894 status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam);
895 if (status != TI_OK)
896 {
897 goto adm_ctrl_wpa_end;
898 }
899
900 #ifdef XCC_MODULE_INCLUDED
901
902 /* set MIC and KP in HAL */
903 tTwdParam.paramType = TWD_RSN_XCC_SW_ENC_ENABLE_PARAM_ID;
904 tTwdParam.content.rsnXCCSwEncFlag = wpaData.XCCKp;
905 status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam);
906 if (status != TI_OK)
907 {
908 goto adm_ctrl_wpa_end;
909 }
910 tTwdParam.paramType = TWD_RSN_XCC_MIC_FIELD_ENABLE_PARAM_ID;
911 tTwdParam.content.rsnXCCMicFieldFlag = wpaData.XCCMic;
912 status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam);
913
914 if (status != TI_OK)
915 {
916 goto adm_ctrl_wpa_end;
917 }
918 #endif /*XCC_MODULE_INCLUDED*/
919
920 /* re-config PAE */
921 status = admCtrlWpa_dynamicConfig(pAdmCtrl,&wpaData);
922 if (status != TI_OK)
923 {
924 goto adm_ctrl_wpa_end;
925 }
926 adm_ctrl_wpa_end:
927 os_memoryFree(pAdmCtrl->hOs, pParam, sizeof(paramInfo_t));
928 return status;
929 }
930
931 /**
932 *
933 * admCtrlWpa_evalSite - Evaluate site for registration.
934 *
935 * \b Description:
936 *
937 * evaluate site RSN capabilities against the station's cap.
938 * If the BSS type is infrastructure, the station matches the site only if it's WEP status is same as the site
939 * In IBSS, it does not matter
940 *
941 * \b ARGS:
942 *
943 * I - pAdmCtrl - Context \n
944 * I - pRsnData - site's RSN data \n
945 * O - pEvaluation - Result of evaluation \n
946 *
947 * \b RETURNS:
948 *
949 * TI_OK
950 *
951 * \sa
952 */
admCtrlWpa_evalSite(admCtrl_t * pAdmCtrl,TRsnData * pRsnData,TRsnSiteParams * pRsnSiteParams,TI_UINT32 * pEvaluation)953 TI_STATUS admCtrlWpa_evalSite(admCtrl_t *pAdmCtrl, TRsnData *pRsnData, TRsnSiteParams *pRsnSiteParams, TI_UINT32 *pEvaluation)
954 {
955 TI_STATUS status;
956 wpaIeData_t wpaData;
957 admCtrlWpa_validity_t admCtrlWpa_validity;
958 ECipherSuite encryptionStatus;
959 TIWLN_SIMPLE_CONFIG_MODE wscMode;
960 TI_UINT8 *pWpaIe;
961 TI_UINT8 index;
962
963 /* Get Simple-Config state */
964 status = siteMgr_getParamWSC(pAdmCtrl->pRsn->hSiteMgr, &wscMode); /* SITE_MGR_SIMPLE_CONFIG_MODE */
965
966 *pEvaluation = 0;
967
968 if (pRsnData==NULL)
969 {
970 return TI_NOK;
971 }
972 if ((pRsnData->pIe==NULL) && (wscMode == TIWLN_SIMPLE_CONFIG_OFF))
973 {
974 return TI_NOK;
975 }
976
977 if (pRsnSiteParams->bssType != BSS_INFRASTRUCTURE)
978 {
979 return TI_NOK;
980 }
981
982 /* Set initial values for admCtrlWpa_validity as none*/
983 admCtrlWpa_validity = admCtrlWpa_validityTable[TWD_CIPHER_NONE][TWD_CIPHER_NONE][TWD_CIPHER_NONE];
984
985 /* Check if WPA-any mode is supported and WPA2 info elem is presented */
986 /* If yes - perform WPA2 site evaluation */
987 if(pAdmCtrl->WPAMixedModeEnable && pAdmCtrl->WPAPromoteFlags)
988 {
989 if((admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, RSN_IE_ID)== TI_OK) &&
990 (pWpaIe != NULL))
991 {
992 status = admCtrlWpa2_evalSite(pAdmCtrl, pRsnData, pRsnSiteParams, pEvaluation);
993 if(status == TI_OK)
994 return status;
995 }
996 }
997
998 status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, WPA_IE_ID);
999 if ((status != TI_OK) && (wscMode == TIWLN_SIMPLE_CONFIG_OFF))
1000 {
1001 return status;
1002 }
1003 /* If found WPA Information Element */
1004 if (pWpaIe != NULL)
1005 {
1006 status = admCtrlWpa_parseIe(pAdmCtrl, pWpaIe, &wpaData);
1007 if (status != TI_OK)
1008 {
1009 return status;
1010 }
1011
1012 /* check keyMngSuite validity */
1013 switch (wpaData.KeyMngSuite[0])
1014 {
1015 case WPA_IE_KEY_MNG_NONE:
1016 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_NONE\n");
1017 status = (pAdmCtrl->externalAuthMode <= RSN_EXT_AUTH_MODE_AUTO_SWITCH) ? TI_OK : TI_NOK;
1018 break;
1019 case WPA_IE_KEY_MNG_801_1X:
1020 #ifdef XCC_MODULE_INCLUDED
1021 case WPA_IE_KEY_MNG_CCKM:
1022 /* CCKM is allowed only in 802.1x auth */
1023 #endif
1024 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_801_1X\n");
1025 status = (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA) ? TI_OK : TI_NOK;
1026 break;
1027 case WPA_IE_KEY_MNG_PSK_801_1X:
1028 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_PSK_801_1X\n");
1029 status = ((pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPAPSK) ||
1030 (wscMode && (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA))) ? TI_OK : TI_NOK;
1031 break;
1032 default:
1033 status = TI_NOK;
1034 break;
1035 }
1036
1037 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: pAdmCtrl->externalAuthMode = %d, Status = %d\n",pAdmCtrl->externalAuthMode,status);
1038
1039 if (status != TI_OK)
1040 {
1041 return status;
1042 }
1043
1044 /*Because ckip is a proprietary encryption for Cisco then a different validity check is needed */
1045 if(wpaData.broadcastSuite == TWD_CIPHER_CKIP || wpaData.unicastSuite[0] == TWD_CIPHER_CKIP)
1046 {
1047 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus);
1048 if (encryptionStatus != TWD_CIPHER_TKIP)
1049 return TI_NOK;
1050 }
1051 else
1052 {
1053 /* Check cipher suite validity */
1054 pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus);
1055 for (index=0; index<wpaData.unicastSuiteCnt; index++)
1056 {
1057 admCtrlWpa_validity = admCtrlWpa_validityTable[wpaData.unicastSuite[index]][wpaData.broadcastSuite][encryptionStatus];
1058 if (admCtrlWpa_validity.status ==TI_OK)
1059 {
1060 break;
1061 }
1062 }
1063
1064 if (admCtrlWpa_validity.status!=TI_OK)
1065 {
1066 return admCtrlWpa_validity.status;
1067 }
1068
1069 wpaData.broadcastSuite = admCtrlWpa_validity.broadcast;
1070 wpaData.unicastSuite[0] = admCtrlWpa_validity.unicast;
1071 *pEvaluation = admCtrlWpa_validity.evaluation;
1072 }
1073
1074 /* Check privacy bit if not in mixed mode */
1075 if (!pAdmCtrl->mixedMode)
1076 { /* There's no mixed mode, so make sure that the privacy Bit matches the privacy mode*/
1077 if (((pRsnData->privacy) && (wpaData.unicastSuite[0]==TWD_CIPHER_NONE)) ||
1078 ((!pRsnData->privacy) && (wpaData.unicastSuite[0]>TWD_CIPHER_NONE)))
1079 {
1080 *pEvaluation = 0;
1081 }
1082 }
1083
1084 }
1085 else
1086 {
1087 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "didn't find WPA IE\n");
1088 if (wscMode == TIWLN_SIMPLE_CONFIG_OFF)
1089 return TI_NOK;
1090 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "metric is 1\n");
1091 *pEvaluation = 1;
1092 pAdmCtrl->broadcastSuite = TWD_CIPHER_NONE;
1093 pAdmCtrl->unicastSuite = TWD_CIPHER_NONE;
1094 }
1095
1096 /* always return TI_OK */
1097 return TI_OK;
1098 }
1099
1100
1101 /**
1102 *
1103 * admCtrlWpa_parseIe - Parse an WPA information element.
1104 *
1105 * \b Description:
1106 *
1107 * Parse an WPA information element.
1108 * Builds a structure of the unicast adn broadcast cihper suites,
1109 * the key management suite and the capabilities.
1110 *
1111 * \b ARGS:
1112 *
1113 * I - pAdmCtrl - pointer to admCtrl context
1114 * I - pWpaIe - pointer to WPA IE buffer \n
1115 * O - pWpaData - capabilities structure
1116 *
1117 *
1118 * \b RETURNS:
1119 *
1120 * TI_OK on success, TI_NOK on failure.
1121 *
1122 * \sa
1123 */
admCtrlWpa_parseIe(admCtrl_t * pAdmCtrl,TI_UINT8 * pWpaIe,wpaIeData_t * pWpaData)1124 TI_STATUS admCtrlWpa_parseIe(admCtrl_t *pAdmCtrl, TI_UINT8 *pWpaIe, wpaIeData_t *pWpaData)
1125 {
1126
1127 wpaIePacket_t *wpaIePacket = (wpaIePacket_t*)pWpaIe;
1128 TI_UINT8 *curWpaIe;
1129 TI_UINT8 curLength = WPA_IE_MIN_LENGTH;
1130
1131 TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: DEBUG: admCtrlWpa_parseIe\n\n");
1132
1133 if ((pWpaData == NULL) || (pWpaIe == NULL))
1134 {
1135 return TI_NOK;
1136 }
1137
1138 if ((wpaIePacket->length < WPA_IE_MIN_LENGTH) ||
1139 (wpaIePacket->elementid != WPA_IE_ID) ||
1140 (wpaIePacket->ouiType > WPA_OUI_MAX_TYPE) || (ENDIAN_HANDLE_WORD(wpaIePacket->version) > WPA_OUI_MAX_VERSION) ||
1141 (os_memoryCompare(pAdmCtrl->hOs, (TI_UINT8*)wpaIePacket->oui, wpaIeOuiIe, 3)))
1142 {
1143 TRACE7(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_ParseIe Error: length=0x%x, elementid=0x%x, ouiType=0x%x, version=0x%x, oui=0x%x, 0x%x, 0x%x\n", wpaIePacket->length,wpaIePacket->elementid, wpaIePacket->ouiType, wpaIePacket->version, wpaIePacket->oui[0], wpaIePacket->oui[1],wpaIePacket->oui[2]);
1144
1145 return TI_NOK;
1146 }
1147 /* Set default values */
1148 pWpaData->broadcastSuite = TWD_CIPHER_TKIP;
1149 pWpaData->unicastSuiteCnt = 1;
1150 pWpaData->unicastSuite[0] = TWD_CIPHER_TKIP;
1151 pWpaData->KeyMngSuiteCnt = 1;
1152 pWpaData->KeyMngSuite[0] = (ERsnKeyMngSuite)WPA_IE_KEY_MNG_801_1X;
1153 pWpaData->bcastForUnicatst = 1;
1154 pWpaData->replayCounters = 1;
1155
1156 pWpaData->XCCKp = TI_FALSE;
1157 pWpaData->XCCMic = TI_FALSE;
1158
1159
1160 /* Group Suite */
1161 if (wpaIePacket->length >= WPA_IE_GROUP_SUITE_LENGTH)
1162 {
1163 pWpaData->broadcastSuite = (ECipherSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, (TI_UINT8 *)wpaIePacket->groupSuite,pWpaData,TWD_CIPHER_WEP104);
1164 curLength = WPA_IE_GROUP_SUITE_LENGTH;
1165 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: GroupSuite%x, broadcast %x \n", wpaIePacket->groupSuite[3], pWpaData->broadcastSuite);
1166 } else
1167 {
1168 return TI_OK;
1169 }
1170 /* Unicast Suite */
1171 if (wpaIePacket->length >= WPA_IE_MIN_PAIRWISE_SUITE_LENGTH)
1172 {
1173 TI_UINT16 pairWiseSuiteCnt = ENDIAN_HANDLE_WORD(wpaIePacket->pairwiseSuiteCnt);
1174 TI_BOOL cipherSuite[MAX_WPA_UNICAST_SUITES]={TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE , TI_FALSE};
1175 TI_INT32 index, unicastSuiteIndex=0;
1176
1177 curWpaIe = (TI_UINT8*)&(wpaIePacket->pairwiseSuite);
1178 for (index=0; (index<pairWiseSuiteCnt) && (wpaIePacket->length >= (WPA_IE_MIN_PAIRWISE_SUITE_LENGTH+(index+1)*4)); index++)
1179 {
1180 ECipherSuite curCipherSuite;
1181
1182 curCipherSuite = (ECipherSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, curWpaIe,pWpaData,TWD_CIPHER_WEP104);
1183 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: pairwiseSuite %x , unicast %x \n", curWpaIe[3], curCipherSuite);
1184
1185 if ((curCipherSuite!=TWD_CIPHER_UNKNOWN) && (curCipherSuite<MAX_WPA_UNICAST_SUITES))
1186 {
1187 cipherSuite[curCipherSuite] = TI_TRUE;
1188 }
1189 curWpaIe +=4;
1190 }
1191 for (index=MAX_WPA_UNICAST_SUITES-1; index>=0; index--)
1192 {
1193 if (cipherSuite[index])
1194 {
1195 pWpaData->unicastSuite[unicastSuiteIndex] = (ECipherSuite)index;
1196 TRACE1(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: unicast %x \n", pWpaData->unicastSuite[unicastSuiteIndex]);
1197 unicastSuiteIndex++;
1198 }
1199 }
1200 pWpaData->unicastSuiteCnt = unicastSuiteIndex;
1201 curLength = WPA_IE_MIN_KEY_MNG_SUITE_LENGTH(pairWiseSuiteCnt);
1202
1203 } else
1204 {
1205 return TI_OK;
1206 }
1207 /* KeyMng Suite */
1208 if (wpaIePacket->length >= curLength)
1209 {
1210 TI_UINT16 keyMngSuiteCnt = ENDIAN_HANDLE_WORD(*curWpaIe);
1211 TI_UINT16 index;
1212 ERsnKeyMngSuite maxKeyMngSuite = (ERsnKeyMngSuite)WPA_IE_KEY_MNG_NONE;
1213
1214 /* Include all AP key management supported suites in the wpaData structure */
1215 pWpaData->KeyMngSuiteCnt = keyMngSuiteCnt;
1216
1217 curWpaIe +=2;
1218 pAdmCtrl->wpaAkmExists = TI_FALSE;
1219 for (index=0; (index<keyMngSuiteCnt) && (wpaIePacket->length >= (curLength+index*4)); index++)
1220 {
1221 ERsnKeyMngSuite curKeyMngSuite;
1222
1223 #ifdef XCC_MODULE_INCLUDED
1224 curKeyMngSuite = (ERsnKeyMngSuite)admCtrlXCC_parseCckmSuiteVal(pAdmCtrl, curWpaIe);
1225 if (curKeyMngSuite == WPA_IE_KEY_MNG_CCKM)
1226 { /* CCKM is the maximum AKM */
1227 maxKeyMngSuite = curKeyMngSuite;
1228 }
1229 else
1230 #endif
1231 {
1232 curKeyMngSuite = (ERsnKeyMngSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, curWpaIe,pWpaData,WPA_IE_KEY_MNG_PSK_801_1X);
1233 }
1234 TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: authKeyMng %x , keyMng %x \n", curWpaIe[3], curKeyMngSuite);
1235
1236 if ((curKeyMngSuite>maxKeyMngSuite) && (curKeyMngSuite!=WPA_IE_KEY_MNG_NA)
1237 && (curKeyMngSuite!=WPA_IE_KEY_MNG_CCKM))
1238 {
1239 maxKeyMngSuite = curKeyMngSuite;
1240 }
1241 if (curKeyMngSuite==WPA_IE_KEY_MNG_801_1X)
1242 { /* If 2 AKM exist, save also the second priority */
1243 pAdmCtrl->wpaAkmExists = TI_TRUE;
1244 }
1245
1246 curWpaIe +=4;
1247
1248 /* Include all AP key management supported suites in the wpaData structure */
1249 if ((index+1) < MAX_WPA_KEY_MNG_SUITES)
1250 pWpaData->KeyMngSuite[index+1] = curKeyMngSuite;
1251
1252 }
1253 pWpaData->KeyMngSuite[0] = maxKeyMngSuite;
1254 curLength += (index-1)*4;
1255 TRACE1(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: keyMng %x \n", pWpaData->KeyMngSuite[0]);
1256
1257 } else
1258 {
1259 return TI_OK;
1260 }
1261 /* Parse capabilities */
1262 if (wpaIePacket->length >= (curLength+2))
1263 {
1264 TI_UINT16 capabilities = ENDIAN_HANDLE_WORD(*((TI_UINT16 *)curWpaIe));
1265
1266 pWpaData->bcastForUnicatst = (capabilities & WPA_GROUP_4_UNICAST_CAPABILITY_MASK) >> WPA_REPLAY_GROUP4UNI_CAPABILITY_SHIFT;
1267 pWpaData->replayCounters = (capabilities & WPA_REPLAY_COUNTERS_CAPABILITY_MASK) >> WPA_REPLAY_COUNTERS_CAPABILITY_SHIFT;
1268 switch (pWpaData->replayCounters)
1269 {
1270 case 0: pWpaData->replayCounters=1;
1271 break;
1272 case 1: pWpaData->replayCounters=2;
1273 break;
1274 case 2: pWpaData->replayCounters=4;
1275 break;
1276 case 3: pWpaData->replayCounters=16;
1277 break;
1278 default: pWpaData->replayCounters=0;
1279 break;
1280 }
1281 TRACE3(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: capabilities %x, bcastForUnicatst %x, replayCounters %x\n", capabilities, pWpaData->bcastForUnicatst, pWpaData->replayCounters);
1282
1283 }
1284
1285
1286 return TI_OK;
1287
1288 }
1289
1290
admCtrlWpa_buildCapabilities(TI_UINT16 replayCnt)1291 TI_UINT16 admCtrlWpa_buildCapabilities(TI_UINT16 replayCnt)
1292 {
1293 TI_UINT16 capabilities=0;
1294 /* Bit1: group key for unicast */
1295 capabilities = 0;
1296 capabilities = capabilities << WPA_REPLAY_GROUP4UNI_CAPABILITY_SHIFT;
1297 /* Bits 2&3: Replay counter */
1298 switch (replayCnt)
1299 {
1300 case 1: replayCnt=0;
1301 break;
1302 case 2: replayCnt=1;
1303 break;
1304 case 4: replayCnt=2;
1305 break;
1306 case 16: replayCnt=3;
1307 break;
1308 default: replayCnt=0;
1309 break;
1310 }
1311
1312 capabilities |= replayCnt << WPA_REPLAY_COUNTERS_CAPABILITY_SHIFT;
1313 return capabilities;
1314
1315 }
1316
1317
admCtrlWpa_parseSuiteVal(admCtrl_t * pAdmCtrl,TI_UINT8 * suiteVal,wpaIeData_t * pWpaData,TI_UINT32 maxVal)1318 TI_UINT32 admCtrlWpa_parseSuiteVal(admCtrl_t *pAdmCtrl, TI_UINT8* suiteVal, wpaIeData_t *pWpaData, TI_UINT32 maxVal)
1319 {
1320 TI_UINT32 suite;
1321
1322 if ((pAdmCtrl==NULL) || (suiteVal==NULL))
1323 {
1324 return TWD_CIPHER_UNKNOWN;
1325 }
1326 if (!os_memoryCompare(pAdmCtrl->hOs, suiteVal, wpaIeOuiIe, 3))
1327 {
1328 suite = (ECipherSuite)((suiteVal[3]<=maxVal) ? suiteVal[3] : TWD_CIPHER_UNKNOWN);
1329 } else
1330 {
1331 #ifdef XCC_MODULE_INCLUDED
1332 suite = admCtrlXCC_WpaParseSuiteVal(pAdmCtrl,suiteVal,pWpaData);
1333 #else
1334 suite = TWD_CIPHER_UNKNOWN;
1335 #endif
1336 }
1337 return suite;
1338 }
1339
1340
admCtrlWpa_checkCipherSuiteValidity(ECipherSuite unicastSuite,ECipherSuite broadcastSuite,ECipherSuite encryptionStatus)1341 TI_STATUS admCtrlWpa_checkCipherSuiteValidity (ECipherSuite unicastSuite, ECipherSuite broadcastSuite, ECipherSuite encryptionStatus)
1342 {
1343 ECipherSuite maxCipher;
1344
1345 maxCipher = (unicastSuite>=broadcastSuite) ? unicastSuite : broadcastSuite ;
1346 if (maxCipher != encryptionStatus)
1347 {
1348 return TI_NOK;
1349 }
1350 if ((unicastSuite != TWD_CIPHER_NONE) && (broadcastSuite>unicastSuite))
1351 {
1352 return TI_NOK;
1353 }
1354 return TI_OK;
1355 }
1356
admCtrlWpa_get802_1x_AkmExists(admCtrl_t * pAdmCtrl,TI_BOOL * wpa_802_1x_AkmExists)1357 static TI_STATUS admCtrlWpa_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, TI_BOOL *wpa_802_1x_AkmExists)
1358 {
1359 *wpa_802_1x_AkmExists = pAdmCtrl->wpaAkmExists;
1360 return TI_OK;
1361 }
1362
1363
1364
1365