![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to sec80211.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / net / 80211|
Return to sec80211.c CVS log | Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / net / 80211 |
1.1 ! root 1: /* ! 2: * Copyright (c) 2009 Joshua Oreman <[email protected]>. ! 3: * ! 4: * This program is free software; you can redistribute it and/or ! 5: * modify it under the terms of the GNU General Public License as ! 6: * published by the Free Software Foundation; either version 2 of the ! 7: * License, or any later version. ! 8: * ! 9: * This program is distributed in the hope that it will be useful, but ! 10: * WITHOUT ANY WARRANTY; without even the implied warranty of ! 11: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ! 12: * General Public License for more details. ! 13: * ! 14: * You should have received a copy of the GNU General Public License ! 15: * along with this program; if not, write to the Free Software ! 16: * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ! 17: */ ! 18: ! 19: FILE_LICENCE ( GPL2_OR_LATER ); ! 20: ! 21: #include <stdlib.h> ! 22: #include <string.h> ! 23: #include <errno.h> ! 24: #include <ipxe/ieee80211.h> ! 25: #include <ipxe/net80211.h> ! 26: #include <ipxe/sec80211.h> ! 27: ! 28: /** @file ! 29: * ! 30: * General secured-network routines required whenever any secure ! 31: * network support at all is compiled in. This involves things like ! 32: * installing keys, determining the type of security used by a probed ! 33: * network, and some small helper functions that take advantage of ! 34: * static data in this file. ! 35: */ ! 36: ! 37: /* Unsupported cryptosystem error numbers */ ! 38: #define ENOTSUP_WEP __einfo_error ( EINFO_ENOTSUP_WEP ) ! 39: #define EINFO_ENOTSUP_WEP __einfo_uniqify ( EINFO_ENOTSUP, \ ! 40: ( 0x10 | NET80211_CRYPT_WEP ), "WEP not supported" ) ! 41: #define ENOTSUP_TKIP __einfo_error ( EINFO_ENOTSUP_TKIP ) ! 42: #define EINFO_ENOTSUP_TKIP __einfo_uniqify ( EINFO_ENOTSUP, \ ! 43: ( 0x10 | NET80211_CRYPT_TKIP ), "TKIP not supported" ) ! 44: #define ENOTSUP_CCMP __einfo_error ( EINFO_ENOTSUP_CCMP ) ! 45: #define EINFO_ENOTSUP_CCMP __einfo_uniqify ( EINFO_ENOTSUP, \ ! 46: ( 0x10 | NET80211_CRYPT_CCMP ), "CCMP not supported" ) ! 47: #define ENOTSUP_CRYPT( crypt ) \ ! 48: EUNIQ ( ENOTSUP, ( 0x10 | (crypt) ), \ ! 49: ENOTSUP_WEP, ENOTSUP_TKIP, ENOTSUP_CCMP ) ! 50: ! 51: /** Mapping from net80211 crypto/secprot types to RSN OUI descriptors */ ! 52: struct descriptor_map { ! 53: /** Value of net80211_crypto_alg or net80211_security_proto */ ! 54: u32 net80211_type; ! 55: ! 56: /** OUI+type in appropriate byte order, masked to exclude vendor */ ! 57: u32 oui_type; ! 58: }; ! 59: ! 60: /** Magic number in @a oui_type showing end of list */ ! 61: #define END_MAGIC 0xFFFFFFFF ! 62: ! 63: /** Mapping between net80211 cryptosystems and 802.11i cipher IDs */ ! 64: static struct descriptor_map rsn_cipher_map[] = { ! 65: { .net80211_type = NET80211_CRYPT_WEP, ! 66: .oui_type = IEEE80211_RSN_CTYPE_WEP40 }, ! 67: ! 68: { .net80211_type = NET80211_CRYPT_WEP, ! 69: .oui_type = IEEE80211_RSN_CTYPE_WEP104 }, ! 70: ! 71: { .net80211_type = NET80211_CRYPT_TKIP, ! 72: .oui_type = IEEE80211_RSN_CTYPE_TKIP }, ! 73: ! 74: { .net80211_type = NET80211_CRYPT_CCMP, ! 75: .oui_type = IEEE80211_RSN_CTYPE_CCMP }, ! 76: ! 77: { .net80211_type = NET80211_CRYPT_UNKNOWN, ! 78: .oui_type = END_MAGIC }, ! 79: }; ! 80: ! 81: /** Mapping between net80211 handshakers and 802.11i AKM IDs */ ! 82: static struct descriptor_map rsn_akm_map[] = { ! 83: { .net80211_type = NET80211_SECPROT_EAP, ! 84: .oui_type = IEEE80211_RSN_ATYPE_8021X }, ! 85: ! 86: { .net80211_type = NET80211_SECPROT_PSK, ! 87: .oui_type = IEEE80211_RSN_ATYPE_PSK }, ! 88: ! 89: { .net80211_type = NET80211_SECPROT_UNKNOWN, ! 90: .oui_type = END_MAGIC }, ! 91: }; ! 92: ! 93: ! 94: /** ! 95: * Install 802.11 cryptosystem ! 96: * ! 97: * @v which Pointer to the cryptosystem structure to install in ! 98: * @v crypt Cryptosystem ID number ! 99: * @v key Encryption key to use ! 100: * @v len Length of encryption key ! 101: * @v rsc Initial receive sequence counter, if applicable ! 102: * @ret rc Return status code ! 103: * ! 104: * The encryption key will not be accessed via the provided pointer ! 105: * after this function returns, so you may keep it on the stack. ! 106: * ! 107: * @a which must point to either @c dev->crypto (for the normal case ! 108: * of installing a unicast cryptosystem) or @c dev->gcrypto (to ! 109: * install a cryptosystem that will be used only for decrypting ! 110: * group-source frames). ! 111: */ ! 112: int sec80211_install ( struct net80211_crypto **which, ! 113: enum net80211_crypto_alg crypt, ! 114: const void *key, int len, const void *rsc ) ! 115: { ! 116: struct net80211_crypto *crypto = *which; ! 117: struct net80211_crypto *tbl_crypto; ! 118: ! 119: /* Remove old crypto if it exists */ ! 120: free ( *which ); ! 121: *which = NULL; ! 122: ! 123: if ( crypt == NET80211_CRYPT_NONE ) { ! 124: DBG ( "802.11-Sec not installing null cryptography\n" ); ! 125: return 0; ! 126: } ! 127: ! 128: /* Find cryptosystem to use */ ! 129: for_each_table_entry ( tbl_crypto, NET80211_CRYPTOS ) { ! 130: if ( tbl_crypto->algorithm == crypt ) { ! 131: crypto = zalloc ( sizeof ( *crypto ) + ! 132: tbl_crypto->priv_len ); ! 133: if ( ! crypto ) { ! 134: DBG ( "802.11-Sec out of memory\n" ); ! 135: return -ENOMEM; ! 136: } ! 137: ! 138: memcpy ( crypto, tbl_crypto, sizeof ( *crypto ) ); ! 139: crypto->priv = ( ( void * ) crypto + ! 140: sizeof ( *crypto ) ); ! 141: break; ! 142: } ! 143: } ! 144: ! 145: if ( ! crypto ) { ! 146: DBG ( "802.11-Sec no support for cryptosystem %d\n", crypt ); ! 147: return -ENOTSUP_CRYPT ( crypt ); ! 148: } ! 149: ! 150: *which = crypto; ! 151: ! 152: DBG ( "802.11-Sec installing cryptosystem %d as %p with key of " ! 153: "length %d\n", crypt, crypto, len ); ! 154: ! 155: return crypto->init ( crypto, key, len, rsc ); ! 156: } ! 157: ! 158: ! 159: /** ! 160: * Determine net80211 crypto or handshaking type value to return for RSN info ! 161: * ! 162: * @v rsnp Pointer to next descriptor count field in RSN IE ! 163: * @v rsn_end Pointer to end of RSN IE ! 164: * @v map Descriptor map to use ! 165: * @v tbl_start Start of linker table to examine for iPXE support ! 166: * @v tbl_end End of linker table to examine for iPXE support ! 167: * @ret rsnp Updated to point to first byte after descriptors ! 168: * @ret map_ent Descriptor map entry of translation to use ! 169: * ! 170: * The entries in the linker table must be either net80211_crypto or ! 171: * net80211_handshaker structures, and @a tbl_stride must be set to ! 172: * sizeof() the appropriate one. ! 173: * ! 174: * This function expects @a rsnp to point at a two-byte descriptor ! 175: * count followed by a list of four-byte cipher or AKM descriptors; it ! 176: * will return @c NULL if the input packet is malformed, and otherwise ! 177: * set @a rsnp to the first byte it has not looked at. It will return ! 178: * the first cipher in the list that is supported by the current build ! 179: * of iPXE, or the first of all if none are supported. ! 180: * ! 181: * We play rather fast and loose with type checking, because this ! 182: * function is only called from two well-defined places in the ! 183: * RSN-checking code. Don't try to use it for anything else. ! 184: */ ! 185: static struct descriptor_map * rsn_pick_desc ( u8 **rsnp, u8 *rsn_end, ! 186: struct descriptor_map *map, ! 187: void *tbl_start, void *tbl_end ) ! 188: { ! 189: int ndesc; ! 190: int ok = 0; ! 191: struct descriptor_map *map_ent, *map_ret = NULL; ! 192: u8 *rsn = *rsnp; ! 193: void *tblp; ! 194: size_t tbl_stride = ( map == rsn_cipher_map ? ! 195: sizeof ( struct net80211_crypto ) : ! 196: sizeof ( struct net80211_handshaker ) ); ! 197: ! 198: if ( map != rsn_cipher_map && map != rsn_akm_map ) ! 199: return NULL; ! 200: ! 201: /* Determine which types we support */ ! 202: for ( tblp = tbl_start; tblp < tbl_end; tblp += tbl_stride ) { ! 203: struct net80211_crypto *crypto = tblp; ! 204: struct net80211_handshaker *hs = tblp; ! 205: ! 206: if ( map == rsn_cipher_map ) ! 207: ok |= ( 1 << crypto->algorithm ); ! 208: else ! 209: ok |= ( 1 << hs->protocol ); ! 210: } ! 211: ! 212: /* RSN sanity checks */ ! 213: if ( rsn + 2 > rsn_end ) { ! 214: DBG ( "RSN detect: malformed descriptor count\n" ); ! 215: return NULL; ! 216: } ! 217: ! 218: ndesc = *( u16 * ) rsn; ! 219: rsn += 2; ! 220: ! 221: if ( ! ndesc ) { ! 222: DBG ( "RSN detect: no descriptors\n" ); ! 223: return NULL; ! 224: } ! 225: ! 226: /* Determine which net80211 crypto types are listed */ ! 227: while ( ndesc-- ) { ! 228: u32 desc; ! 229: ! 230: if ( rsn + 4 > rsn_end ) { ! 231: DBG ( "RSN detect: malformed descriptor (%d left)\n", ! 232: ndesc ); ! 233: return NULL; ! 234: } ! 235: ! 236: desc = *( u32 * ) rsn; ! 237: rsn += 4; ! 238: ! 239: for ( map_ent = map; map_ent->oui_type != END_MAGIC; map_ent++ ) ! 240: if ( map_ent->oui_type == ( desc & OUI_TYPE_MASK ) ) ! 241: break; ! 242: ! 243: /* Use first cipher as a fallback */ ! 244: if ( ! map_ret ) ! 245: map_ret = map_ent; ! 246: ! 247: /* Once we find one we support, use it */ ! 248: if ( ok & ( 1 << map_ent->net80211_type ) ) { ! 249: map_ret = map_ent; ! 250: break; ! 251: } ! 252: } ! 253: ! 254: if ( ndesc > 0 ) ! 255: rsn += 4 * ndesc; ! 256: ! 257: *rsnp = rsn; ! 258: return map_ret; ! 259: } ! 260: ! 261: ! 262: /** ! 263: * Find the RSN or WPA information element in the provided beacon frame ! 264: * ! 265: * @v ie Pointer to first information element to check ! 266: * @v ie_end Pointer to end of information element space ! 267: * @ret is_rsn TRUE if returned IE is RSN, FALSE if it's WPA ! 268: * @ret end Pointer to byte immediately after last byte of data ! 269: * @ret data Pointer to first byte of data (the `version' field) ! 270: * ! 271: * If both an RSN and a WPA information element are found, this ! 272: * function will return the first one seen, which by ordering rules ! 273: * should always prefer the newer RSN IE. ! 274: * ! 275: * If no RSN or WPA infomration element is found, returns @c NULL and ! 276: * leaves @a is_rsn and @a end in an undefined state. ! 277: * ! 278: * This function will not return a pointer to an information element ! 279: * that states it extends past the tail of the io_buffer, or whose @a ! 280: * version field is incorrect. ! 281: */ ! 282: u8 * sec80211_find_rsn ( union ieee80211_ie *ie, void *ie_end, ! 283: int *is_rsn, u8 **end ) ! 284: { ! 285: u8 *rsn = NULL; ! 286: ! 287: if ( ! ieee80211_ie_bound ( ie, ie_end ) ) ! 288: return NULL; ! 289: ! 290: while ( ie ) { ! 291: if ( ie->id == IEEE80211_IE_VENDOR && ! 292: ie->vendor.oui == IEEE80211_WPA_OUI_VEN ) { ! 293: DBG ( "RSN detect: old-style WPA IE found\n" ); ! 294: rsn = &ie->vendor.data[0]; ! 295: *end = rsn + ie->len - 4; ! 296: *is_rsn = 0; ! 297: } else if ( ie->id == IEEE80211_IE_RSN ) { ! 298: DBG ( "RSN detect: 802.11i RSN IE found\n" ); ! 299: rsn = ( u8 * ) &ie->rsn.version; ! 300: *end = rsn + ie->len; ! 301: *is_rsn = 1; ! 302: } ! 303: ! 304: if ( rsn && ( *end > ( u8 * ) ie_end || rsn >= *end || ! 305: *( u16 * ) rsn != IEEE80211_RSN_VERSION ) ) { ! 306: DBG ( "RSN detect: malformed RSN IE or unknown " ! 307: "version, keep trying\n" ); ! 308: rsn = NULL; ! 309: } ! 310: ! 311: if ( rsn ) ! 312: break; ! 313: ! 314: ie = ieee80211_next_ie ( ie, ie_end ); ! 315: } ! 316: ! 317: if ( ! ie ) { ! 318: DBG ( "RSN detect: no RSN IE found\n" ); ! 319: return NULL; ! 320: } ! 321: ! 322: return rsn; ! 323: } ! 324: ! 325: ! 326: /** ! 327: * Detect crypto and AKM types from RSN information element ! 328: * ! 329: * @v is_rsn If TRUE, IE is a new-style RSN information element ! 330: * @v start Pointer to first byte of @a version field ! 331: * @v end Pointer to first byte not in the RSN IE ! 332: * @ret secprot Security handshaking protocol used by network ! 333: * @ret crypt Cryptosystem used by network ! 334: * @ret rc Return status code ! 335: * ! 336: * If the IE cannot be parsed, returns an error indication and leaves ! 337: * @a secprot and @a crypt unchanged. ! 338: */ ! 339: int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end, ! 340: enum net80211_security_proto *secprot, ! 341: enum net80211_crypto_alg *crypt ) ! 342: { ! 343: enum net80211_security_proto sp; ! 344: enum net80211_crypto_alg cr; ! 345: struct descriptor_map *map; ! 346: u8 *rsn = start; ! 347: ! 348: /* Set some defaults */ ! 349: cr = ( is_rsn ? NET80211_CRYPT_CCMP : NET80211_CRYPT_TKIP ); ! 350: sp = NET80211_SECPROT_EAP; ! 351: ! 352: rsn += 2; /* version - already checked */ ! 353: rsn += 4; /* group cipher - we don't use it here */ ! 354: ! 355: if ( rsn >= end ) ! 356: goto done; ! 357: ! 358: /* Pick crypto algorithm */ ! 359: map = rsn_pick_desc ( &rsn, end, rsn_cipher_map, ! 360: table_start ( NET80211_CRYPTOS ), ! 361: table_end ( NET80211_CRYPTOS ) ); ! 362: if ( ! map ) ! 363: goto invalid_rsn; ! 364: ! 365: cr = map->net80211_type; ! 366: ! 367: if ( rsn >= end ) ! 368: goto done; ! 369: ! 370: /* Pick handshaking algorithm */ ! 371: map = rsn_pick_desc ( &rsn, end, rsn_akm_map, ! 372: table_start ( NET80211_HANDSHAKERS ), ! 373: table_end ( NET80211_HANDSHAKERS ) ); ! 374: if ( ! map ) ! 375: goto invalid_rsn; ! 376: ! 377: sp = map->net80211_type; ! 378: ! 379: done: ! 380: DBG ( "RSN detect: OK, crypto type %d, secprot type %d\n", cr, sp ); ! 381: *secprot = sp; ! 382: *crypt = cr; ! 383: return 0; ! 384: ! 385: invalid_rsn: ! 386: DBG ( "RSN detect: invalid RSN IE\n" ); ! 387: return -EINVAL; ! 388: } ! 389: ! 390: ! 391: /** ! 392: * Detect the cryptosystem and handshaking protocol used by an 802.11 network ! 393: * ! 394: * @v iob I/O buffer containing beacon frame ! 395: * @ret secprot Security handshaking protocol used by network ! 396: * @ret crypt Cryptosystem used by network ! 397: * @ret rc Return status code ! 398: * ! 399: * This function uses weak linkage, as it must be called from generic ! 400: * contexts but should only be linked in if some encryption is ! 401: * supported; you must test its address against @c NULL before calling ! 402: * it. If it does not exist, any network with the PRIVACY bit set in ! 403: * beacon->capab should be considered unknown. ! 404: */ ! 405: int sec80211_detect ( struct io_buffer *iob, ! 406: enum net80211_security_proto *secprot, ! 407: enum net80211_crypto_alg *crypt ) ! 408: { ! 409: struct ieee80211_frame *hdr = iob->data; ! 410: struct ieee80211_beacon *beacon = ! 411: ( struct ieee80211_beacon * ) hdr->data; ! 412: u8 *rsn, *rsn_end; ! 413: int is_rsn, rc; ! 414: ! 415: *crypt = NET80211_CRYPT_UNKNOWN; ! 416: *secprot = NET80211_SECPROT_UNKNOWN; ! 417: ! 418: /* Find RSN or WPA IE */ ! 419: if ( ! ( rsn = sec80211_find_rsn ( beacon->info_element, iob->tail, ! 420: &is_rsn, &rsn_end ) ) ) { ! 421: /* No security IE at all; either WEP or no security. */ ! 422: *secprot = NET80211_SECPROT_NONE; ! 423: ! 424: if ( beacon->capability & IEEE80211_CAPAB_PRIVACY ) ! 425: *crypt = NET80211_CRYPT_WEP; ! 426: else ! 427: *crypt = NET80211_CRYPT_NONE; ! 428: ! 429: return 0; ! 430: } ! 431: ! 432: /* Determine type of security */ ! 433: if ( ( rc = sec80211_detect_ie ( is_rsn, rsn, rsn_end, secprot, ! 434: crypt ) ) == 0 ) ! 435: return 0; ! 436: ! 437: /* If we get here, the RSN IE was invalid */ ! 438: ! 439: *crypt = NET80211_CRYPT_UNKNOWN; ! 440: *secprot = NET80211_SECPROT_UNKNOWN; ! 441: DBG ( "Failed to handle RSN IE:\n" ); ! 442: DBG_HD ( rsn, rsn_end - rsn ); ! 443: return rc; ! 444: } ! 445: ! 446: ! 447: /** ! 448: * Determine RSN descriptor for specified net80211 ID ! 449: * ! 450: * @v id net80211 ID value ! 451: * @v rsnie Whether to return a new-format (RSN IE) descriptor ! 452: * @v map Map to use in translation ! 453: * @ret desc RSN descriptor, or 0 on error ! 454: * ! 455: * If @a rsnie is false, returns an old-format (WPA vendor IE) ! 456: * descriptor. ! 457: */ ! 458: static u32 rsn_get_desc ( unsigned id, int rsnie, struct descriptor_map *map ) ! 459: { ! 460: u32 vendor = ( rsnie ? IEEE80211_RSN_OUI : IEEE80211_WPA_OUI ); ! 461: ! 462: for ( ; map->oui_type != END_MAGIC; map++ ) { ! 463: if ( map->net80211_type == id ) ! 464: return map->oui_type | vendor; ! 465: } ! 466: ! 467: return 0; ! 468: } ! 469: ! 470: /** ! 471: * Determine RSN descriptor for specified net80211 cryptosystem number ! 472: * ! 473: * @v crypt Cryptosystem number ! 474: * @v rsnie Whether to return a new-format (RSN IE) descriptor ! 475: * @ret desc RSN descriptor ! 476: * ! 477: * If @a rsnie is false, returns an old-format (WPA vendor IE) ! 478: * descriptor. ! 479: */ ! 480: u32 sec80211_rsn_get_crypto_desc ( enum net80211_crypto_alg crypt, int rsnie ) ! 481: { ! 482: return rsn_get_desc ( crypt, rsnie, rsn_cipher_map ); ! 483: } ! 484: ! 485: /** ! 486: * Determine RSN descriptor for specified net80211 handshaker number ! 487: * ! 488: * @v secprot Handshaker number ! 489: * @v rsnie Whether to return a new-format (RSN IE) descriptor ! 490: * @ret desc RSN descriptor ! 491: * ! 492: * If @a rsnie is false, returns an old-format (WPA vendor IE) ! 493: * descriptor. ! 494: */ ! 495: u32 sec80211_rsn_get_akm_desc ( enum net80211_security_proto secprot, ! 496: int rsnie ) ! 497: { ! 498: return rsn_get_desc ( secprot, rsnie, rsn_akm_map ); ! 499: } ! 500: ! 501: /** ! 502: * Determine net80211 cryptosystem number from RSN descriptor ! 503: * ! 504: * @v desc RSN descriptor ! 505: * @ret crypt net80211 cryptosystem enumeration value ! 506: */ ! 507: enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt ( u32 desc ) ! 508: { ! 509: struct descriptor_map *map = rsn_cipher_map; ! 510: ! 511: for ( ; map->oui_type != END_MAGIC; map++ ) { ! 512: if ( map->oui_type == ( desc & OUI_TYPE_MASK ) ) ! 513: break; ! 514: } ! 515: ! 516: return map->net80211_type; ! 517: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.