1 /*
2 * keyParserExternal.c
3 *
4 * Copyright(c) 1998 - 2009 Texas Instruments. All rights reserved.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 * * Neither the name Texas Instruments nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 /** \file keyParserExternal.c
35 * \brief External key parser implementation.
36 *
37 * \see keyParser.h
38 */
39
40 /****************************************************************************
41 * *
42 * MODULE: External Key Parser *
43 * PURPOSE: EAP parser implementation *
44 * *
45 ****************************************************************************/
46
47 #define __FILE_ID__ FILE_ID_34
48 #include "tidef.h"
49 #include "osApi.h"
50 #include "report.h"
51
52 #include "keyTypes.h"
53
54 #include "keyParser.h"
55 #include "keyParserExternal.h"
56 #include "mainKeysSm.h"
57 #include "mainSecSm.h"
58 #include "admCtrl.h"
59
60 #include "unicastKeySM.h"
61 #include "broadcastKeySM.h"
62 #include "DataCtrl_Api.h"
63
64 #define CKIP_KEY_LEN 16
65 #define TKIP_KEY_LEN 32
66 #define AES_KEY_LEN 16
67
68
69 /**
70 *
71 * Function - Init KEY Parser module.
72 *
73 * \b Description:
74 *
75 * Called by RSN Manager.
76 * Registers the function 'rsn_keyParserRecv()' at the distributor to receive KEY frames upon receiving a KEY_RECV event.
77 *
78 * \b ARGS:
79 *
80 *
81 * \b RETURNS:
82 *
83 * TI_STATUS - 0 on success, any other value on failure.
84 *
85 */
86
keyParserExternal_config(struct _keyParser_t * pKeyParser)87 TI_STATUS keyParserExternal_config(struct _keyParser_t *pKeyParser)
88 {
89 pKeyParser->recv = keyParserExternal_recv;
90 pKeyParser->replayReset = keyParser_nop;
91 pKeyParser->remove = keyParserExternal_remove;
92 return TI_OK;
93 }
94
95
96 /**
97 *
98 * keyParserExternal_recv
99 *
100 * \b Description:
101 *
102 * External key Parser receive function:
103 * - Called by NDIS (Windows) upon receiving an External Key.
104 * - Filters the following keys:
105 * - Keys with invalid key index
106 * - Keys with invalid MAC address
107 *
108 * \b ARGS:
109 *
110 * I - pKeyParser - Pointer to the keyParser context \n
111 * I - pKeyData - A pointer to the Key Data. \n
112 * I - keyDataLen - The Key Data length. \n
113 *
114 * \b RETURNS:
115 *
116 * TI_OK on success, TI_NOK otherwise.
117 *
118 */
119
keyParserExternal_recv(struct _keyParser_t * pKeyParser,TI_UINT8 * pKeyData,TI_UINT32 keyDataLen)120 TI_STATUS keyParserExternal_recv(struct _keyParser_t *pKeyParser,
121 TI_UINT8 *pKeyData, TI_UINT32 keyDataLen)
122 {
123 TI_STATUS status;
124 OS_802_11_KEY *pKeyDesc;
125 encodedKeyMaterial_t encodedKeyMaterial;
126 paramInfo_t macParam;
127 TI_BOOL macEqual2Associated=TI_FALSE;
128 TI_BOOL macIsBroadcast=TI_FALSE;
129 TI_BOOL wepKey = TI_FALSE;
130 TI_UINT8 broadcastMacAddr[MAC_ADDR_LEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
131 TI_UINT8 nullMacAddr[MAC_ADDR_LEN] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
132 TI_UINT8 keyBuffer[MAC_ADDR_LEN+KEY_RSC_LEN+MAX_EXT_KEY_DATA_LENGTH];
133
134
135 if (pKeyData == NULL)
136 {
137 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: NULL KEY Data\n");
138 return TI_NOK;
139 }
140
141 pKeyDesc = (OS_802_11_KEY*)pKeyData;
142
143 /* copy the key data, mac address and RSC */
144 MAC_COPY (keyBuffer, pKeyDesc->BSSID);
145 /* configure keyRSC value (if needed) */
146 if (pKeyDesc->KeyIndex & EXT_KEY_RSC_KEY_MASK)
147 { /* set key recieve sequence counter */
148 os_memoryCopy(pKeyParser->hOs, &keyBuffer[MAC_ADDR_LEN], (TI_UINT8*)&(pKeyDesc->KeyRSC), KEY_RSC_LEN);
149 }
150 else
151 {
152 os_memoryZero(pKeyParser->hOs, &keyBuffer[MAC_ADDR_LEN], KEY_RSC_LEN);
153 }
154
155 /* check type and validity of keys */
156 /* check MAC Address validity */
157 macParam.paramType = CTRL_DATA_CURRENT_BSSID_PARAM;
158 status = ctrlData_getParam(pKeyParser->hCtrlData, &macParam);
159
160 if (status != TI_OK)
161 {
162 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: Cannot get MAC address !!!\n");
163 return TI_NOK;
164 }
165
166 /* check key length */
167 if((pKeyDesc->KeyLength != WEP_KEY_LEN_40) &&
168 (pKeyDesc->KeyLength != WEP_KEY_LEN_104) &&
169 (pKeyDesc->KeyLength != WEP_KEY_LEN_232) &&
170 (pKeyDesc->KeyLength != CKIP_KEY_LEN) &&
171 (pKeyDesc->KeyLength != TKIP_KEY_LEN) &&
172 (pKeyDesc->KeyLength != AES_KEY_LEN) )
173
174 {
175 TRACE1(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: Incorrect key length - %d \n", pKeyDesc->KeyLength);
176 return TI_NOK;
177 }
178 if (MAC_EQUAL(macParam.content.ctrlDataCurrentBSSID, pKeyDesc->BSSID))
179 {
180 macEqual2Associated = TI_TRUE;
181 }
182 if (MAC_EQUAL (pKeyDesc->BSSID, broadcastMacAddr))
183 {
184 macIsBroadcast = TI_TRUE;
185 }
186 if ((pKeyDesc->KeyLength == WEP_KEY_LEN_40) ||
187 (pKeyDesc->KeyLength == WEP_KEY_LEN_104) ||
188 (pKeyDesc->KeyLength == WEP_KEY_LEN_232))
189 { /* In Add WEP the MAC address is nulled, since it's irrelevant */
190 macEqual2Associated = TI_TRUE;
191 wepKey = TI_TRUE;
192 }
193
194 if (pKeyDesc->KeyIndex & EXT_KEY_SUPP_AUTHENTICATOR_MASK)
195 { /* The key is being set by an Authenticator - not allowed in IBSS mode */
196 if (pKeyParser->pParent->pParent->pParent->pAdmCtrl->networkMode == RSN_IBSS)
197 { /* in IBSS only Broadcast MAC is allowed */
198 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: Authenticator set key in IBSS mode !!!\n");
199 return TI_NOK;
200 }
201
202 }
203
204 if (pKeyDesc->KeyIndex & EXT_KEY_REMAIN_BITS_MASK)
205 { /* the reamining bits in the key index are not 0 (when they should be) */
206 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: Key index bits 8-27 should be 0 !!!\n");
207 return TI_NOK;
208 }
209
210 encodedKeyMaterial.pData = (char *) keyBuffer;
211 /* Check key length according to the cipher suite - TKIP, etc...??? */
212 if (wepKey)
213 {
214 if (!((pKeyDesc->KeyLength == WEP_KEY_LEN_40) || (pKeyDesc->KeyLength == WEP_KEY_LEN_104)
215 || (pKeyDesc->KeyLength == WEP_KEY_LEN_232)))
216 { /*Invalid key length*/
217 TRACE1(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "WEP_KEY_PARSER: ERROR: Invalid Key length: %d !!!\n", pKeyDesc->KeyLength);
218 return TI_NOK;
219 }
220
221 os_memoryCopy(pKeyParser->hOs, &keyBuffer[0], pKeyDesc->KeyMaterial, pKeyDesc->KeyLength);
222 if (MAC_EQUAL (nullMacAddr, pKeyDesc->BSSID))
223 {
224 macIsBroadcast = TI_TRUE;
225 }
226
227 encodedKeyMaterial.keyLen = pKeyDesc->KeyLength;
228 }
229 else /* this is TKIP or CKIP */
230 {
231 if ((pKeyDesc->KeyLength == CKIP_KEY_LEN) && (pKeyParser->pPaeConfig->unicastSuite == TWD_CIPHER_CKIP))
232 {
233 os_memoryCopy(pKeyParser->hOs, &keyBuffer[0], pKeyDesc->KeyMaterial, pKeyDesc->KeyLength);
234 encodedKeyMaterial.keyLen = pKeyDesc->KeyLength;
235 }
236 else
237 {
238 os_memoryCopy(pKeyParser->hOs,
239 &keyBuffer[MAC_ADDR_LEN+KEY_RSC_LEN],
240 pKeyDesc->KeyMaterial,
241 pKeyDesc->KeyLength);
242
243 encodedKeyMaterial.keyLen = MAC_ADDR_LEN+KEY_RSC_LEN+pKeyDesc->KeyLength;
244 }
245 }
246
247 encodedKeyMaterial.keyId = pKeyDesc->KeyIndex;
248
249 TRACE2(pKeyParser->hReport, REPORT_SEVERITY_INFORMATION, "EXT_KEY_PARSER: Key received keyId=%x, keyLen=%d \n", pKeyDesc->KeyIndex, pKeyDesc->KeyLength );
250
251 if (pKeyDesc->KeyIndex & EXT_KEY_PAIRWISE_GROUP_MASK)
252 { /* Pairwise key */
253 /* check that the lower 8 bits of the key index are 0 */
254 if (!wepKey && (pKeyDesc->KeyIndex & 0xff))
255 {
256 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_WARNING, "EXT_KEY_PARSER: ERROR: Pairwise key must have index 0 !!!\n");
257 return TI_NOK;
258 }
259
260 if (macIsBroadcast)
261 {
262 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: Broadcast MAC address for unicast !!!\n");
263 return TI_NOK;
264 }
265 if (pKeyDesc->KeyIndex & EXT_KEY_TRANSMIT_MASK)
266 { /* tx only pairwase key */
267 /* set unicast keys */
268 if (pKeyParser->pUcastKey->recvSuccess!=NULL)
269 {
270 status = pKeyParser->pUcastKey->recvSuccess(pKeyParser->pUcastKey, &encodedKeyMaterial);
271 }
272 } else {
273 /* recieve only pairwase keys are not allowed */
274 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: recieve only pairwase keys are not allowed !!!\n");
275 return TI_NOK;
276 }
277
278 }
279 else
280 { /* set broadcast keys */
281 if (!macIsBroadcast)
282 { /* not broadcast MAC */
283 if (pKeyParser->pParent->pParent->pParent->pAdmCtrl->networkMode == RSN_IBSS)
284 { /* in IBSS only Broadcast MAC is allowed */
285 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: not broadcast MAC in IBSS mode !!!\n");
286 return TI_NOK;
287 }
288 else if (!macEqual2Associated)
289 { /* ESS mode and MAC is different than the associated one */
290 /* save the key for later */
291 status = TI_OK; /* pKeyParser->pBcastKey->saveKey(pKeyParser->pBcastKey, &encodedKey);*/
292 }
293 else
294 { /* MAC is equal to the associated one - configure immediately */
295 if (!wepKey)
296 {
297 MAC_COPY (keyBuffer, broadcastMacAddr);
298 }
299 if (pKeyParser->pBcastKey->recvSuccess!=NULL)
300 {
301 status = pKeyParser->pBcastKey->recvSuccess(pKeyParser->pBcastKey, &encodedKeyMaterial);
302 }
303 }
304 }
305 else
306 { /* MAC is broadcast - configure immediately */
307 if (!wepKey)
308 {
309 MAC_COPY (keyBuffer, broadcastMacAddr);
310 }
311
312 /* set broadcast key */
313 if (pKeyParser->pBcastKey->recvSuccess!=NULL)
314 {
315 status = pKeyParser->pBcastKey->recvSuccess(pKeyParser->pBcastKey, &encodedKeyMaterial);
316 }
317
318 if (pKeyDesc->KeyIndex & EXT_KEY_TRANSMIT_MASK)
319 { /* Group key used to transmit */
320 /* set as unicast key as well */
321 if (pKeyParser->pUcastKey->recvSuccess!=NULL)
322 {
323 status = pKeyParser->pUcastKey->recvSuccess(pKeyParser->pUcastKey, &encodedKeyMaterial);
324 }
325 }
326 }
327 }
328
329 return status;
330 }
331
332
333
334
keyParserExternal_remove(struct _keyParser_t * pKeyParser,TI_UINT8 * pKeyData,TI_UINT32 keyDataLen)335 TI_STATUS keyParserExternal_remove(struct _keyParser_t *pKeyParser, TI_UINT8 *pKeyData, TI_UINT32 keyDataLen)
336 {
337 TI_STATUS status;
338 OS_802_11_KEY *pKeyDesc;
339 paramInfo_t macParam;
340 encodedKeyMaterial_t encodedKeyMaterial;
341 TI_UINT8 broadcastMacAddr[MAC_ADDR_LEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
342 TI_UINT8 keyBuffer[MAC_ADDR_LEN+KEY_RSC_LEN+MAX_EXT_KEY_DATA_LENGTH];
343
344 if (pKeyData == NULL)
345 {
346 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: NULL KEY Data\n");
347 return TI_NOK;
348 }
349
350 pKeyDesc = (OS_802_11_KEY*)pKeyData;
351
352 if (pKeyDesc->KeyIndex & EXT_KEY_TRANSMIT_MASK)
353 { /* Bit 31 should always be zero */
354 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: Remove TX bit in key index can't be 1\n");
355 return TI_NOK;
356 }
357 if (pKeyDesc->KeyIndex & EXT_KEY_REMAIN_BITS_MASK)
358 { /* Bits 8-29 should always be zero */
359 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: Remove none zero key index\n");
360 return TI_NOK;
361 }
362
363 encodedKeyMaterial.keyId = pKeyDesc->KeyIndex;
364 encodedKeyMaterial.keyLen = 0;
365 encodedKeyMaterial.pData = (char *) keyBuffer;
366
367 if (pKeyDesc->KeyIndex & EXT_KEY_PAIRWISE_GROUP_MASK)
368 { /* delete all pairwise keys or for the current BSSID */
369 if (!MAC_EQUAL(pKeyDesc->BSSID, broadcastMacAddr))
370 {
371 MAC_COPY (keyBuffer, pKeyDesc->BSSID);
372 }
373 else
374 {
375 macParam.paramType = CTRL_DATA_CURRENT_BSSID_PARAM;
376 status = ctrlData_getParam(pKeyParser->hCtrlData, &macParam);
377 if (status != TI_OK)
378 {
379 TRACE0(pKeyParser->hReport, REPORT_SEVERITY_ERROR, "EXT_KEY_PARSER: ERROR: Cannot get MAC address !!!\n");
380 return TI_NOK;
381 }
382
383 MAC_COPY (keyBuffer, macParam.content.ctrlDataCurrentBSSID);
384 }
385
386 status = pKeyParser->pUcastKey->pKeyDerive->remove(pKeyParser->pUcastKey->pKeyDerive, &encodedKeyMaterial);
387 }
388 else
389 { /* delete all group keys or for the current BSSID */
390 MAC_COPY (keyBuffer, broadcastMacAddr);
391 status = pKeyParser->pBcastKey->pKeyDerive->remove(pKeyParser->pUcastKey->pKeyDerive, &encodedKeyMaterial);
392 }
393
394 return status;
395 }
396