/*
* admCtrlWpa.c
*
* Copyright(c) 1998 - 2010 Texas Instruments. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name Texas Instruments nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/** \file admCtrl.c
* \brief Admission control API implimentation
*
* \see admCtrl.h
*/
/****************************************************************************
* *
* MODULE: Admission Control *
* PURPOSE: Admission Control Module API *
* *
****************************************************************************/
#define __FILE_ID__ FILE_ID_19
#include "osApi.h"
#include "paramOut.h"
#include "mlmeApi.h"
#include "802_11Defs.h"
#include "DataCtrl_Api.h"
#include "report.h"
#include "rsn.h"
#include "admCtrl.h"
#include "admCtrlWpa.h"
#include "admCtrlWpa2.h"
#ifdef XCC_MODULE_INCLUDED
#include "admCtrlXCC.h"
#include "XCCMngr.h"
#endif
#include "siteMgrApi.h"
#include "TWDriver.h"
/* Constants */
#define MAX_NETWORK_MODE 2
#define MAX_WPA_CIPHER_SUITE 7
/* Enumerations */
/* Typedefs */
/* Structures */
/* External data definitions */
/* Local functions definitions */
/* Global variables */
static TI_UINT8 wpaIeOuiIe[3] = { 0x00, 0x50, 0xf2};
static TI_BOOL broadcastCipherSuiteValidity[MAX_NETWORK_MODE][MAX_WPA_CIPHER_SUITE]=
{
/* RSN_IBSS */ {
/* NONE */ TI_FALSE,
/* WEP40 */ TI_FALSE,
/* TKIP */ TI_TRUE,
/* AES_WRAP */ TI_TRUE,
/* AES_CCMP */ TI_TRUE,
/* WEP104 */ TI_FALSE,
/* CKIP */ TI_FALSE},
/* RSN_INFRASTRUCTURE */ {
/* NONE */ TI_FALSE,
/* WEP */ TI_TRUE,
/* TKIP */ TI_TRUE,
/* AES_WRAP */ TI_TRUE,
/* AES_CCMP */ TI_TRUE,
/* WEP104 */ TI_TRUE,
/* CKIP */ TI_TRUE}
};
/** WPA admission table. Used to verify admission parameters to an AP */
/* table parameters:
Max unicast cipher in the IE
Max broadcast cipher in the IE
Encryption status
*/
typedef struct
{
TI_STATUS status;
ECipherSuite unicast;
ECipherSuite broadcast;
TI_UINT8 evaluation;
} admCtrlWpa_validity_t;
static admCtrlWpa_validity_t admCtrlWpa_validityTable[MAX_WPA_CIPHER_SUITE][MAX_WPA_CIPHER_SUITE][MAX_WPA_CIPHER_SUITE] =
{
/* AP unicast NONE */ {
/* AP multicast NONE */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP40 */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP40 */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP40 */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP ,1},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP104 ,1}},
/* AP multicast TKIP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_TKIP ,2},
/* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WRAP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WRAP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_AES_WRAP ,3},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast CCMP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_AES_CCMP ,3},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP104 */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP40 */ { TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP ,1},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_OK, TWD_CIPHER_NONE, TWD_CIPHER_WEP104 ,1}}},
/* AP unicast WEP */ {
/* AP multicast NONE */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_OK, TWD_CIPHER_WEP, TWD_CIPHER_WEP ,1},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_OK, TWD_CIPHER_WEP, TWD_CIPHER_WEP ,1},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast TKIP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WRAP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WRAP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast CCMP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP104 */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}},
/* AP unicast TKIP */ {
/* AP multicast NONE */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_WEP ,4},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast TKIP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_TKIP ,7},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WRAP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast CCMP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP104 */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_OK, TWD_CIPHER_TKIP, TWD_CIPHER_WEP104 ,4},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}},
/* AP unicast AES_WRAP */ {
/* AP multicast NONE */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP40 */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_WEP ,5},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast TKIP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_TKIP ,6},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WRAP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_AES_WRAP ,8},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast CCMP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP104 */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_OK, TWD_CIPHER_AES_WRAP, TWD_CIPHER_WEP104 ,5},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}},
/* AP unicast AES_CCMP */ {
/* AP multicast NONE */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_WEP ,5},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast TKIP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_TKIP ,6},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WRAP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast CCMP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_AES_CCMP ,7},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_OK, TWD_CIPHER_AES_CCMP, TWD_CIPHER_WEP104 ,5},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}}},
/* AP unicast WEP104 */ {
/* AP multicast NONE */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast TKIP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WRAP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast CCMP */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP104 */{ TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0}},
/* AP multicast WEP104 */ {
/* STA NONE */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA WEP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA TKIP */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA AES */ { TI_NOK, TWD_CIPHER_NONE, TWD_CIPHER_NONE ,0},
/* STA CCMP */ { TI_OK, TWD_CIPHER_WEP104, TWD_CIPHER_WEP104 ,1},
/* STA WEP104 */{ TI_OK, TWD_CIPHER_WEP104, TWD_CIPHER_WEP104 ,1}}}
};
/* Function prototypes */
TI_STATUS admCtrlWpa_parseIe(admCtrl_t *pAdmCtrl, TI_UINT8 *pWpaIe, wpaIeData_t *pWpaData);
TI_UINT16 admCtrlWpa_buildCapabilities(TI_UINT16 replayCnt);
TI_UINT32 admCtrlWpa_parseSuiteVal(admCtrl_t *pAdmCtrl, TI_UINT8* suiteVal,wpaIeData_t *pWpaData,TI_UINT32 maxVal);
TI_STATUS admCtrlWpa_checkCipherSuiteValidity (ECipherSuite unicastSuite, ECipherSuite broadcastSuite, ECipherSuite encryptionStatus);
static TI_STATUS admCtrlWpa_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, TI_BOOL *wpa_802_1x_AkmExists);
/**
*
* admCtrlWpa_config - Configure XCC admission control.
*
* \b Description:
*
* Configure XCC admission control.
*
* \b ARGS:
*
* I - pAdmCtrl - context \n
*
* \b RETURNS:
*
* TI_OK on success, TI_NOK on failure.
*
* \sa
*/
TI_STATUS admCtrlWpa_config(admCtrl_t *pAdmCtrl)
{
TI_STATUS status;
TRsnPaeConfig paeConfig;
/* check and set admission control default parameters */
pAdmCtrl->authSuite = RSN_AUTH_OPEN;
if (pAdmCtrl->unicastSuite == TWD_CIPHER_NONE)
{
pAdmCtrl->unicastSuite = TWD_CIPHER_TKIP;
}
if (pAdmCtrl->broadcastSuite == TWD_CIPHER_NONE)
{
pAdmCtrl->broadcastSuite = TWD_CIPHER_TKIP;
}
/* set callback functions (API) */
pAdmCtrl->getInfoElement = admCtrlWpa_getInfoElement;
pAdmCtrl->setSite = admCtrlWpa_setSite;
pAdmCtrl->evalSite = admCtrlWpa_evalSite;
pAdmCtrl->getPmkidList = admCtrl_nullGetPMKIDlist;
pAdmCtrl->setPmkidList = admCtrl_nullSetPMKIDlist;
pAdmCtrl->resetPmkidList = admCtrl_resetPMKIDlist;
pAdmCtrl->getPreAuthStatus = admCtrl_nullGetPreAuthStatus;
pAdmCtrl->startPreAuth = admCtrl_nullStartPreAuth;
pAdmCtrl->get802_1x_AkmExists = admCtrlWpa_get802_1x_AkmExists;
/* set cipher suite */
switch (pAdmCtrl->externalAuthMode)
{
case RSN_EXT_AUTH_MODE_WPA:
case RSN_EXT_AUTH_MODE_WPAPSK:
/* The cipher suite should be set by the External source via
the Encryption field*/
pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X;
break;
case RSN_EXT_AUTH_MODE_WPANONE:
pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE;
/* Not supported */
default:
return TI_NOK;
}
paeConfig.authProtocol = pAdmCtrl->externalAuthMode;
paeConfig.unicastSuite = pAdmCtrl->unicastSuite;
paeConfig.broadcastSuite = pAdmCtrl->broadcastSuite;
paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite;
/* set default PAE configuration */
status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig);
return status;
}
TI_STATUS admCtrlWpa_dynamicConfig(admCtrl_t *pAdmCtrl,wpaIeData_t *pWpaData)
{
TI_STATUS status;
TRsnPaeConfig paeConfig;
/* set callback functions (API) */
pAdmCtrl->getInfoElement = admCtrlWpa_getInfoElement;
switch (pAdmCtrl->externalAuthMode)
{
case RSN_EXT_AUTH_MODE_WPA:
case RSN_EXT_AUTH_MODE_WPAPSK:
/* The cipher suite should be set by the External source via
the Encryption field*/
pAdmCtrl->keyMngSuite = RSN_KEY_MNG_802_1X;
break;
case RSN_EXT_AUTH_MODE_WPANONE:
pAdmCtrl->keyMngSuite = RSN_KEY_MNG_NONE;
/* Not supported */
default:
return TI_NOK;
}
paeConfig.authProtocol = pAdmCtrl->externalAuthMode;
paeConfig.unicastSuite = pWpaData->unicastSuite[0];
paeConfig.broadcastSuite = pWpaData->broadcastSuite;
paeConfig.keyExchangeProtocol = pAdmCtrl->keyMngSuite;
/* set default PAE configuration */
status = pAdmCtrl->pRsn->setPaeConfig(pAdmCtrl->pRsn, &paeConfig);
return status;
}
/**
*
* admCtrlWpa_getInfoElement - Get the current information element.
*
* \b Description:
*
* Get the current information element.
*
* \b ARGS:
*
* I - pAdmCtrl - context \n
* I - pIe - IE buffer \n
* I - pLength - length of IE \n
*
* \b RETURNS:
*
* TI_OK on success, TI_NOK on failure.
*
* \sa
*/
TI_STATUS admCtrlWpa_getInfoElement(admCtrl_t *pAdmCtrl, TI_UINT8 *pIe, TI_UINT32 *pLength)
{
wpaIePacket_t localWpaPkt;
wpaIePacket_t *pWpaIePacket;
TI_UINT8 length;
TI_UINT16 tempInt;
TIWLN_SIMPLE_CONFIG_MODE wscMode;
/* Get Simple-Config state */
siteMgr_getParamWSC(pAdmCtrl->pRsn->hSiteMgr, &wscMode); /* SITE_MGR_SIMPLE_CONFIG_MODE */
if (pIe==NULL)
{
*pLength = 0;
return TI_NOK;
}
if ((wscMode != TIWLN_SIMPLE_CONFIG_OFF) &&
(pAdmCtrl->broadcastSuite == TWD_CIPHER_NONE) &&
(pAdmCtrl->unicastSuite == TWD_CIPHER_NONE))
{
*pLength = 0;
return TI_NOK;
}
/* Check validity of WPA IE */
if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][pAdmCtrl->broadcastSuite])
{ /* check Group suite validity */
*pLength = 0;
return TI_NOK;
}
if (pAdmCtrl->unicastSuite == TWD_CIPHER_WEP)
{ /* check pairwise suite validity */
*pLength = 0;
return TI_NOK;
}
/* Build Wpa IE */
pWpaIePacket = &localWpaPkt;
os_memoryZero(pAdmCtrl->hOs, pWpaIePacket, sizeof(wpaIePacket_t));
pWpaIePacket->elementid= WPA_IE_ID;
os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->oui, wpaIeOuiIe, 3);
pWpaIePacket->ouiType = WPA_OUI_DEF_TYPE;
tempInt = WPA_OUI_MAX_VERSION;
COPY_WLAN_WORD(&pWpaIePacket->version, &tempInt);
length = sizeof(wpaIePacket_t)-2;
/* check defaults */
if (pAdmCtrl->replayCnt==1)
{
length -= 2; /* 2: capabilities + 4: keyMng suite, 2: keyMng count*/
#if 0 /* The following was removed since there are APs which do no accept
the default WPA IE */
if (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA)
{
length -= 6; /* 2: capabilities + 4: keyMng suite, 2: keyMng count*/
if (pAdmCtrl->unicastSuite == TWD_CIPHER_TKIP)
{
length -= 6; /* 4: unicast suite, 2: unicast count */
if (pAdmCtrl->broadcastSuite == TWD_CIPHER_TKIP)
{
length -= 4; /* broadcast suite */
}
}
}
#endif
}
pWpaIePacket->length = length;
*pLength = length+2;
if (length>=WPA_IE_MIN_DEFAULT_LENGTH)
{ /* build Capabilities */
pWpaIePacket->capabilities = ENDIAN_HANDLE_WORD(admCtrlWpa_buildCapabilities(pAdmCtrl->replayCnt));
}
if (length>=WPA_IE_MIN_KEY_MNG_SUITE_LENGTH(1))
{
/* build keyMng suite */
tempInt = 0x0001;
COPY_WLAN_WORD(&pWpaIePacket->authKeyMngSuiteCnt, &tempInt);
os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->authKeyMngSuite, wpaIeOuiIe, 3);
switch (pAdmCtrl->externalAuthMode)
{
case RSN_EXT_AUTH_MODE_OPEN:
case RSN_EXT_AUTH_MODE_SHARED_KEY:
case RSN_EXT_AUTH_MODE_AUTO_SWITCH:
pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_NONE;
break;
case RSN_EXT_AUTH_MODE_WPA:
{
#ifdef XCC_MODULE_INCLUDED
TI_UINT8 akmSuite[DOT11_OUI_LEN];
if (admCtrlXCC_getCckmAkm(pAdmCtrl, akmSuite))
{
os_memoryCopy(pAdmCtrl->hOs, (void*)pWpaIePacket->authKeyMngSuite, akmSuite, DOT11_OUI_LEN);
}
else
#endif
{
pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_801_1X;
}
}
break;
case RSN_EXT_AUTH_MODE_WPAPSK:
pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_PSK_801_1X;
break;
default:
pWpaIePacket->authKeyMngSuite[3] = WPA_IE_KEY_MNG_NONE;
break;
}
}
if (length>=WPA_IE_MIN_PAIRWISE_SUITE_LENGTH)
{
#ifdef XCC_MODULE_INCLUDED
if ((pAdmCtrl->pRsn->paeConfig.unicastSuite==TWD_CIPHER_CKIP) ||
(pAdmCtrl->pRsn->paeConfig.broadcastSuite==TWD_CIPHER_CKIP))
{
admCtrlXCC_getWpaCipherInfo(pAdmCtrl,pWpaIePacket);
}
else
#endif
{
/* build pairwise suite */
tempInt = 0x0001;
COPY_WLAN_WORD(&pWpaIePacket->pairwiseSuiteCnt, &tempInt);
os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->pairwiseSuite, wpaIeOuiIe, 3);
pWpaIePacket->pairwiseSuite[3] = (TI_UINT8)pAdmCtrl->pRsn->paeConfig.unicastSuite;
if (length>=WPA_IE_GROUP_SUITE_LENGTH)
{ /* build group suite */
os_memoryCopy(pAdmCtrl->hOs, (void *)pWpaIePacket->groupSuite, wpaIeOuiIe, 3);
pWpaIePacket->groupSuite[3] = (TI_UINT8)pAdmCtrl->pRsn->paeConfig.broadcastSuite;
}
}
}
os_memoryCopy(pAdmCtrl->hOs, (TI_UINT8*)pIe, (TI_UINT8*)pWpaIePacket, sizeof(wpaIePacket_t));
return TI_OK;
}
/**
*
* admCtrlWpa_setSite - Set current primary site parameters for registration.
*
* \b Description:
*
* Set current primary site parameters for registration.
*
* \b ARGS:
*
* I - pAdmCtrl - context \n
* I - pRsnData - site's RSN data \n
* O - pAssocIe - result IE of evaluation \n
* O - pAssocIeLen - length of result IE of evaluation \n
*
* \b RETURNS:
*
* TI_OK on site is aproved, TI_NOK on site is rejected.
*
* \sa
*/
TI_STATUS admCtrlWpa_setSite(admCtrl_t *pAdmCtrl, TRsnData *pRsnData, TI_UINT8 *pAssocIe, TI_UINT8 *pAssocIeLen)
{
TI_STATUS status;
paramInfo_t *pParam;
TTwdParamInfo tTwdParam;
wpaIeData_t wpaData;
ECipherSuite encryptionStatus;
admCtrlWpa_validity_t *pAdmCtrlWpa_validity=NULL;
TI_UINT8 *pWpaIe;
TI_UINT8 index;
*pAssocIeLen = 0;
if (pRsnData==NULL)
{
return TI_NOK;
}
pParam = (paramInfo_t *)os_memoryAlloc(pAdmCtrl->hOs, sizeof(paramInfo_t));
if (!pParam)
{
return TI_NOK;
}
if (pRsnData->pIe==NULL)
{
/* configure the MLME module with the 802.11 OPEN authentication suite,
THe MLME will configure later the authentication module */
pParam->paramType = MLME_LEGACY_TYPE_PARAM;
pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM;
status = mlme_setParam(pAdmCtrl->hMlme, pParam);
goto adm_ctrl_wpa_end;
}
#ifdef XCC_MODULE_INCLUDED
/* Check if Aironet IE exists */
admCtrlXCC_setExtendedParams(pAdmCtrl, pRsnData);
#endif /*XCC_MODULE_INCLUDED*/
/* Check if any-WPA mode is supported and WPA2 info elem is presented */
/* If yes - perform WPA2 set site procedure */
if(pAdmCtrl->WPAMixedModeEnable && pAdmCtrl->WPAPromoteFlags)
{
if((admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, RSN_IE_ID)== TI_OK) &&
(pWpaIe != NULL))
{
status = admCtrlWpa2_setSite(pAdmCtrl, pRsnData, pAssocIe, pAssocIeLen);
if(status == TI_OK)
goto adm_ctrl_wpa_end;
}
}
status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, WPA_IE_ID);
if (status != TI_OK)
{
goto adm_ctrl_wpa_end;
}
status = admCtrlWpa_parseIe(pAdmCtrl, pWpaIe, &wpaData);
if (status != TI_OK)
{
goto adm_ctrl_wpa_end;
}
if ((wpaData.unicastSuite[0]>=MAX_WPA_CIPHER_SUITE) ||
(wpaData.broadcastSuite>=MAX_WPA_CIPHER_SUITE) ||
(pAdmCtrl->unicastSuite>=MAX_WPA_CIPHER_SUITE))
{
status = TI_NOK;
goto adm_ctrl_wpa_end;
}
pAdmCtrl->encrInSw = wpaData.XCCKp;
pAdmCtrl->micInSw = wpaData.XCCMic;
/*Because ckip is a proprietary encryption for Cisco then a different validity check is needed */
if(wpaData.broadcastSuite == TWD_CIPHER_CKIP || wpaData.unicastSuite[0] == TWD_CIPHER_CKIP)
{
pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus);
/*Funk supplicant can support CCKM only if it configures the driver to TKIP encryption. */
if (encryptionStatus != TWD_CIPHER_TKIP) {
status = TI_NOK;
goto adm_ctrl_wpa_end;
}
if (pAdmCtrl->encrInSw)
pAdmCtrl->XCCSupport = TI_TRUE;
}
else
{
/* Check validity of Group suite */
if (!broadcastCipherSuiteValidity[pAdmCtrl->networkMode][wpaData.broadcastSuite])
{ /* check Group suite validity */
status = TI_NOK;
goto adm_ctrl_wpa_end;
}
pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus);
for (index=0; index<wpaData.unicastSuiteCnt; index++)
{
pAdmCtrlWpa_validity = &admCtrlWpa_validityTable[wpaData.unicastSuite[index]][wpaData.broadcastSuite][encryptionStatus];
if (pAdmCtrlWpa_validity->status ==TI_OK)
{
break;
}
}
if (pAdmCtrlWpa_validity->status != TI_OK)
{
status = pAdmCtrlWpa_validity->status;
goto adm_ctrl_wpa_end;
}
/* set cipher suites */
wpaData.unicastSuite[0] = pAdmCtrlWpa_validity->unicast ;/*wpaData.unicastSuite[0];*/
wpaData.broadcastSuite = pAdmCtrlWpa_validity->broadcast; /*wpaData.broadcastSuite;*/
}
/* set external auth mode according to the key Mng Suite */
switch (wpaData.KeyMngSuite[0])
{
case WPA_IE_KEY_MNG_NONE:
pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_OPEN;
break;
case WPA_IE_KEY_MNG_801_1X:
#ifdef XCC_MODULE_INCLUDED
case WPA_IE_KEY_MNG_CCKM:
#endif
pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPA;
break;
case WPA_IE_KEY_MNG_PSK_801_1X:
#if 0 /* code will remain here until the WSC spec will be closed*/
if ((wpaData.KeyMngSuiteCnt > 1) && (wpaData.KeyMngSuite[1] == WPA_IE_KEY_MNG_801_1X))
{
/*WLAN_OS_REPORT (("Overriding for simple-config - setting external auth to MODE WPA\n"));*/
/*pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPA;*/
}
else
{
/*pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_WPAPSK;*/
}
#endif
break;
default:
pAdmCtrl->externalAuthMode = RSN_EXT_AUTH_MODE_OPEN;
break;
}
#ifdef XCC_MODULE_INCLUDED
pParam->paramType = XCC_CCKM_EXISTS;
pParam->content.XCCCckmExists = (wpaData.KeyMngSuite[0]==WPA_IE_KEY_MNG_CCKM) ? TI_TRUE : TI_FALSE;
XCCMngr_setParam(pAdmCtrl->hXCCMngr, pParam);
#endif
/* set replay counter */
pAdmCtrl->replayCnt = wpaData.replayCounters;
*pAssocIeLen = pRsnData->ieLen;
if (pAssocIe != NULL)
{
os_memoryCopy(pAdmCtrl->hOs, pAssocIe, &wpaData, sizeof(wpaIeData_t));
}
/* Now we configure the MLME module with the 802.11 legacy authentication suite,
THe MLME will configure later the authentication module */
pParam->paramType = MLME_LEGACY_TYPE_PARAM;
#ifdef XCC_MODULE_INCLUDED
if (pAdmCtrl->networkEapMode!=OS_XCC_NETWORK_EAP_OFF)
{
pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_RESERVED1;
}
else
#endif
{
pParam->content.mlmeLegacyAuthType = AUTH_LEGACY_OPEN_SYSTEM;
}
status = mlme_setParam(pAdmCtrl->hMlme, pParam);
if (status != TI_OK)
{
goto adm_ctrl_wpa_end;
}
pParam->paramType = RX_DATA_EAPOL_DESTINATION_PARAM;
pParam->content.rxDataEapolDestination = OS_ABS_LAYER;
status = rxData_setParam(pAdmCtrl->hRx, pParam);
if (status != TI_OK)
{
goto adm_ctrl_wpa_end;
}
/* Configure privacy status in HAL so that HW is prepared to recieve keys */
tTwdParam.paramType = TWD_RSN_SECURITY_MODE_PARAM_ID;
tTwdParam.content.rsnEncryptionStatus = (ECipherSuite)wpaData.unicastSuite[0];
status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam);
if (status != TI_OK)
{
goto adm_ctrl_wpa_end;
}
#ifdef XCC_MODULE_INCLUDED
/* set MIC and KP in HAL */
tTwdParam.paramType = TWD_RSN_XCC_SW_ENC_ENABLE_PARAM_ID;
tTwdParam.content.rsnXCCSwEncFlag = wpaData.XCCKp;
status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam);
if (status != TI_OK)
{
goto adm_ctrl_wpa_end;
}
tTwdParam.paramType = TWD_RSN_XCC_MIC_FIELD_ENABLE_PARAM_ID;
tTwdParam.content.rsnXCCMicFieldFlag = wpaData.XCCMic;
status = TWD_SetParam(pAdmCtrl->pRsn->hTWD, &tTwdParam);
if (status != TI_OK)
{
goto adm_ctrl_wpa_end;
}
#endif /*XCC_MODULE_INCLUDED*/
/* re-config PAE */
status = admCtrlWpa_dynamicConfig(pAdmCtrl,&wpaData);
if (status != TI_OK)
{
goto adm_ctrl_wpa_end;
}
adm_ctrl_wpa_end:
os_memoryFree(pAdmCtrl->hOs, pParam, sizeof(paramInfo_t));
return status;
}
/**
*
* admCtrlWpa_evalSite - Evaluate site for registration.
*
* \b Description:
*
* evaluate site RSN capabilities against the station's cap.
* If the BSS type is infrastructure, the station matches the site only if it's WEP status is same as the site
* In IBSS, it does not matter
*
* \b ARGS:
*
* I - pAdmCtrl - Context \n
* I - pRsnData - site's RSN data \n
* O - pEvaluation - Result of evaluation \n
*
* \b RETURNS:
*
* TI_OK
*
* \sa
*/
TI_STATUS admCtrlWpa_evalSite(admCtrl_t *pAdmCtrl, TRsnData *pRsnData, TRsnSiteParams *pRsnSiteParams, TI_UINT32 *pEvaluation)
{
TI_STATUS status;
wpaIeData_t wpaData;
admCtrlWpa_validity_t admCtrlWpa_validity;
ECipherSuite encryptionStatus;
TIWLN_SIMPLE_CONFIG_MODE wscMode;
TI_UINT8 *pWpaIe;
TI_UINT8 index;
/* Get Simple-Config state */
status = siteMgr_getParamWSC(pAdmCtrl->pRsn->hSiteMgr, &wscMode); /* SITE_MGR_SIMPLE_CONFIG_MODE */
*pEvaluation = 0;
if (pRsnData==NULL)
{
return TI_NOK;
}
if ((pRsnData->pIe==NULL) && (wscMode == TIWLN_SIMPLE_CONFIG_OFF))
{
return TI_NOK;
}
if (pRsnSiteParams->bssType != BSS_INFRASTRUCTURE)
{
return TI_NOK;
}
/* Set initial values for admCtrlWpa_validity as none*/
admCtrlWpa_validity = admCtrlWpa_validityTable[TWD_CIPHER_NONE][TWD_CIPHER_NONE][TWD_CIPHER_NONE];
/* Check if WPA-any mode is supported and WPA2 info elem is presented */
/* If yes - perform WPA2 site evaluation */
if(pAdmCtrl->WPAMixedModeEnable && pAdmCtrl->WPAPromoteFlags)
{
if((admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, RSN_IE_ID)== TI_OK) &&
(pWpaIe != NULL))
{
status = admCtrlWpa2_evalSite(pAdmCtrl, pRsnData, pRsnSiteParams, pEvaluation);
if(status == TI_OK)
return status;
}
}
status = admCtrl_parseIe(pAdmCtrl, pRsnData, &pWpaIe, WPA_IE_ID);
if ((status != TI_OK) && (wscMode == TIWLN_SIMPLE_CONFIG_OFF))
{
return status;
}
/* If found WPA Information Element */
if (pWpaIe != NULL)
{
status = admCtrlWpa_parseIe(pAdmCtrl, pWpaIe, &wpaData);
if (status != TI_OK)
{
return status;
}
/* check keyMngSuite validity */
switch (wpaData.KeyMngSuite[0])
{
case WPA_IE_KEY_MNG_NONE:
TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_NONE\n");
status = (pAdmCtrl->externalAuthMode <= RSN_EXT_AUTH_MODE_AUTO_SWITCH) ? TI_OK : TI_NOK;
break;
case WPA_IE_KEY_MNG_801_1X:
#ifdef XCC_MODULE_INCLUDED
case WPA_IE_KEY_MNG_CCKM:
/* CCKM is allowed only in 802.1x auth */
#endif
TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_801_1X\n");
status = (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA) ? TI_OK : TI_NOK;
break;
case WPA_IE_KEY_MNG_PSK_801_1X:
TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: KeyMngSuite[0]=WPA_IE_KEY_MNG_PSK_801_1X\n");
status = ((pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPAPSK) ||
(wscMode && (pAdmCtrl->externalAuthMode == RSN_EXT_AUTH_MODE_WPA))) ? TI_OK : TI_NOK;
break;
default:
status = TI_NOK;
break;
}
TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "admCtrlWpa_evalSite: pAdmCtrl->externalAuthMode = %d, Status = %d\n",pAdmCtrl->externalAuthMode,status);
if (status != TI_OK)
{
return status;
}
/*Because ckip is a proprietary encryption for Cisco then a different validity check is needed */
if(wpaData.broadcastSuite == TWD_CIPHER_CKIP || wpaData.unicastSuite[0] == TWD_CIPHER_CKIP)
{
pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus);
if (encryptionStatus != TWD_CIPHER_TKIP)
return TI_NOK;
}
else
{
/* Check cipher suite validity */
pAdmCtrl->getCipherSuite(pAdmCtrl, &encryptionStatus);
for (index=0; index<wpaData.unicastSuiteCnt; index++)
{
admCtrlWpa_validity = admCtrlWpa_validityTable[wpaData.unicastSuite[index]][wpaData.broadcastSuite][encryptionStatus];
if (admCtrlWpa_validity.status ==TI_OK)
{
break;
}
}
if (admCtrlWpa_validity.status!=TI_OK)
{
return admCtrlWpa_validity.status;
}
wpaData.broadcastSuite = admCtrlWpa_validity.broadcast;
wpaData.unicastSuite[0] = admCtrlWpa_validity.unicast;
*pEvaluation = admCtrlWpa_validity.evaluation;
}
/* Check privacy bit if not in mixed mode */
if (!pAdmCtrl->mixedMode)
{ /* There's no mixed mode, so make sure that the privacy Bit matches the privacy mode*/
if (((pRsnData->privacy) && (wpaData.unicastSuite[0]==TWD_CIPHER_NONE)) ||
((!pRsnData->privacy) && (wpaData.unicastSuite[0]>TWD_CIPHER_NONE)))
{
*pEvaluation = 0;
}
}
}
else
{
TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "didn't find WPA IE\n");
if (wscMode == TIWLN_SIMPLE_CONFIG_OFF)
return TI_NOK;
TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "metric is 1\n");
*pEvaluation = 1;
pAdmCtrl->broadcastSuite = TWD_CIPHER_NONE;
pAdmCtrl->unicastSuite = TWD_CIPHER_NONE;
}
/* always return TI_OK */
return TI_OK;
}
/**
*
* admCtrlWpa_parseIe - Parse an WPA information element.
*
* \b Description:
*
* Parse an WPA information element.
* Builds a structure of the unicast adn broadcast cihper suites,
* the key management suite and the capabilities.
*
* \b ARGS:
*
* I - pAdmCtrl - pointer to admCtrl context
* I - pWpaIe - pointer to WPA IE buffer \n
* O - pWpaData - capabilities structure
*
*
* \b RETURNS:
*
* TI_OK on success, TI_NOK on failure.
*
* \sa
*/
TI_STATUS admCtrlWpa_parseIe(admCtrl_t *pAdmCtrl, TI_UINT8 *pWpaIe, wpaIeData_t *pWpaData)
{
wpaIePacket_t *wpaIePacket = (wpaIePacket_t*)pWpaIe;
TI_UINT8 *curWpaIe;
TI_UINT8 curLength = WPA_IE_MIN_LENGTH;
TRACE0(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: DEBUG: admCtrlWpa_parseIe\n\n");
if ((pWpaData == NULL) || (pWpaIe == NULL))
{
return TI_NOK;
}
if ((wpaIePacket->length < WPA_IE_MIN_LENGTH) ||
(wpaIePacket->elementid != WPA_IE_ID) ||
(wpaIePacket->ouiType > WPA_OUI_MAX_TYPE) || (ENDIAN_HANDLE_WORD(wpaIePacket->version) > WPA_OUI_MAX_VERSION) ||
(os_memoryCompare(pAdmCtrl->hOs, (TI_UINT8*)wpaIePacket->oui, wpaIeOuiIe, 3)))
{
TRACE7(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_ParseIe Error: length=0x%x, elementid=0x%x, ouiType=0x%x, version=0x%x, oui=0x%x, 0x%x, 0x%x\n", wpaIePacket->length,wpaIePacket->elementid, wpaIePacket->ouiType, wpaIePacket->version, wpaIePacket->oui[0], wpaIePacket->oui[1],wpaIePacket->oui[2]);
return TI_NOK;
}
/* Set default values */
pWpaData->broadcastSuite = TWD_CIPHER_TKIP;
pWpaData->unicastSuiteCnt = 1;
pWpaData->unicastSuite[0] = TWD_CIPHER_TKIP;
pWpaData->KeyMngSuiteCnt = 1;
pWpaData->KeyMngSuite[0] = (ERsnKeyMngSuite)WPA_IE_KEY_MNG_801_1X;
pWpaData->bcastForUnicatst = 1;
pWpaData->replayCounters = 1;
pWpaData->XCCKp = TI_FALSE;
pWpaData->XCCMic = TI_FALSE;
/* Group Suite */
if (wpaIePacket->length >= WPA_IE_GROUP_SUITE_LENGTH)
{
pWpaData->broadcastSuite = (ECipherSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, (TI_UINT8 *)wpaIePacket->groupSuite,pWpaData,TWD_CIPHER_WEP104);
curLength = WPA_IE_GROUP_SUITE_LENGTH;
TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: GroupSuite%x, broadcast %x \n", wpaIePacket->groupSuite[3], pWpaData->broadcastSuite);
} else
{
return TI_OK;
}
/* Unicast Suite */
if (wpaIePacket->length >= WPA_IE_MIN_PAIRWISE_SUITE_LENGTH)
{
TI_UINT16 pairWiseSuiteCnt = ENDIAN_HANDLE_WORD(wpaIePacket->pairwiseSuiteCnt);
TI_BOOL cipherSuite[MAX_WPA_UNICAST_SUITES]={TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE, TI_FALSE , TI_FALSE};
TI_INT32 index, unicastSuiteIndex=0;
curWpaIe = (TI_UINT8*)&(wpaIePacket->pairwiseSuite);
for (index=0; (index<pairWiseSuiteCnt) && (wpaIePacket->length >= (WPA_IE_MIN_PAIRWISE_SUITE_LENGTH+(index+1)*4)); index++)
{
ECipherSuite curCipherSuite;
curCipherSuite = (ECipherSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, curWpaIe,pWpaData,TWD_CIPHER_WEP104);
TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: pairwiseSuite %x , unicast %x \n", curWpaIe[3], curCipherSuite);
if ((curCipherSuite!=TWD_CIPHER_UNKNOWN) && (curCipherSuite<MAX_WPA_UNICAST_SUITES))
{
cipherSuite[curCipherSuite] = TI_TRUE;
}
curWpaIe +=4;
}
for (index=MAX_WPA_UNICAST_SUITES-1; index>=0; index--)
{
if (cipherSuite[index])
{
pWpaData->unicastSuite[unicastSuiteIndex] = (ECipherSuite)index;
TRACE1(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: unicast %x \n", pWpaData->unicastSuite[unicastSuiteIndex]);
unicastSuiteIndex++;
}
}
pWpaData->unicastSuiteCnt = unicastSuiteIndex;
curLength = WPA_IE_MIN_KEY_MNG_SUITE_LENGTH(pairWiseSuiteCnt);
} else
{
return TI_OK;
}
/* KeyMng Suite */
if (wpaIePacket->length >= curLength)
{
TI_UINT16 keyMngSuiteCnt = ENDIAN_HANDLE_WORD(*curWpaIe);
TI_UINT16 index;
ERsnKeyMngSuite maxKeyMngSuite = (ERsnKeyMngSuite)WPA_IE_KEY_MNG_NONE;
/* Include all AP key management supported suites in the wpaData structure */
pWpaData->KeyMngSuiteCnt = keyMngSuiteCnt;
curWpaIe +=2;
pAdmCtrl->wpaAkmExists = TI_FALSE;
for (index=0; (index<keyMngSuiteCnt) && (wpaIePacket->length >= (curLength+index*4)); index++)
{
ERsnKeyMngSuite curKeyMngSuite;
#ifdef XCC_MODULE_INCLUDED
curKeyMngSuite = (ERsnKeyMngSuite)admCtrlXCC_parseCckmSuiteVal(pAdmCtrl, curWpaIe);
if (curKeyMngSuite == WPA_IE_KEY_MNG_CCKM)
{ /* CCKM is the maximum AKM */
maxKeyMngSuite = curKeyMngSuite;
}
else
#endif
{
curKeyMngSuite = (ERsnKeyMngSuite)admCtrlWpa_parseSuiteVal(pAdmCtrl, curWpaIe,pWpaData,WPA_IE_KEY_MNG_PSK_801_1X);
}
TRACE2(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: authKeyMng %x , keyMng %x \n", curWpaIe[3], curKeyMngSuite);
if ((curKeyMngSuite>maxKeyMngSuite) && (curKeyMngSuite!=WPA_IE_KEY_MNG_NA)
&& (curKeyMngSuite!=WPA_IE_KEY_MNG_CCKM))
{
maxKeyMngSuite = curKeyMngSuite;
}
if (curKeyMngSuite==WPA_IE_KEY_MNG_801_1X)
{ /* If 2 AKM exist, save also the second priority */
pAdmCtrl->wpaAkmExists = TI_TRUE;
}
curWpaIe +=4;
/* Include all AP key management supported suites in the wpaData structure */
if ((index+1) < MAX_WPA_KEY_MNG_SUITES)
pWpaData->KeyMngSuite[index+1] = curKeyMngSuite;
}
pWpaData->KeyMngSuite[0] = maxKeyMngSuite;
curLength += (index-1)*4;
TRACE1(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: keyMng %x \n", pWpaData->KeyMngSuite[0]);
} else
{
return TI_OK;
}
/* Parse capabilities */
if (wpaIePacket->length >= (curLength+2))
{
TI_UINT16 capabilities = ENDIAN_HANDLE_WORD(*((TI_UINT16 *)curWpaIe));
pWpaData->bcastForUnicatst = (capabilities & WPA_GROUP_4_UNICAST_CAPABILITY_MASK) >> WPA_REPLAY_GROUP4UNI_CAPABILITY_SHIFT;
pWpaData->replayCounters = (capabilities & WPA_REPLAY_COUNTERS_CAPABILITY_MASK) >> WPA_REPLAY_COUNTERS_CAPABILITY_SHIFT;
switch (pWpaData->replayCounters)
{
case 0: pWpaData->replayCounters=1;
break;
case 1: pWpaData->replayCounters=2;
break;
case 2: pWpaData->replayCounters=4;
break;
case 3: pWpaData->replayCounters=16;
break;
default: pWpaData->replayCounters=0;
break;
}
TRACE3(pAdmCtrl->hReport, REPORT_SEVERITY_INFORMATION, "Wpa_IE: capabilities %x, bcastForUnicatst %x, replayCounters %x\n", capabilities, pWpaData->bcastForUnicatst, pWpaData->replayCounters);
}
return TI_OK;
}
TI_UINT16 admCtrlWpa_buildCapabilities(TI_UINT16 replayCnt)
{
TI_UINT16 capabilities=0;
/* Bit1: group key for unicast */
capabilities = 0;
capabilities = capabilities << WPA_REPLAY_GROUP4UNI_CAPABILITY_SHIFT;
/* Bits 2&3: Replay counter */
switch (replayCnt)
{
case 1: replayCnt=0;
break;
case 2: replayCnt=1;
break;
case 4: replayCnt=2;
break;
case 16: replayCnt=3;
break;
default: replayCnt=0;
break;
}
capabilities |= replayCnt << WPA_REPLAY_COUNTERS_CAPABILITY_SHIFT;
return capabilities;
}
TI_UINT32 admCtrlWpa_parseSuiteVal(admCtrl_t *pAdmCtrl, TI_UINT8* suiteVal, wpaIeData_t *pWpaData, TI_UINT32 maxVal)
{
TI_UINT32 suite;
if ((pAdmCtrl==NULL) || (suiteVal==NULL))
{
return TWD_CIPHER_UNKNOWN;
}
if (!os_memoryCompare(pAdmCtrl->hOs, suiteVal, wpaIeOuiIe, 3))
{
suite = (ECipherSuite)((suiteVal[3]<=maxVal) ? suiteVal[3] : TWD_CIPHER_UNKNOWN);
} else
{
#ifdef XCC_MODULE_INCLUDED
suite = admCtrlXCC_WpaParseSuiteVal(pAdmCtrl,suiteVal,pWpaData);
#else
suite = TWD_CIPHER_UNKNOWN;
#endif
}
return suite;
}
TI_STATUS admCtrlWpa_checkCipherSuiteValidity (ECipherSuite unicastSuite, ECipherSuite broadcastSuite, ECipherSuite encryptionStatus)
{
ECipherSuite maxCipher;
maxCipher = (unicastSuite>=broadcastSuite) ? unicastSuite : broadcastSuite ;
if (maxCipher != encryptionStatus)
{
return TI_NOK;
}
if ((unicastSuite != TWD_CIPHER_NONE) && (broadcastSuite>unicastSuite))
{
return TI_NOK;
}
return TI_OK;
}
static TI_STATUS admCtrlWpa_get802_1x_AkmExists (admCtrl_t *pAdmCtrl, TI_BOOL *wpa_802_1x_AkmExists)
{
*wpa_802_1x_AkmExists = pAdmCtrl->wpaAkmExists;
return TI_OK;
}