/*
 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
 * All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *
 * File: wpa2.c
 *
 * Purpose: Handles the Basic Service Set & Node Database functions
 *
 * Functions:
 *
 * Revision History:
 *
 * Author: Yiching Chen
 *
 * Date: Oct. 4, 2004
 *
 */

#include "wpa2.h"
#include "device.h"
#include "wmgr.h"

/*---------------------  Static Definitions -------------------------*/
static int msglevel = MSG_LEVEL_INFO;
//static int          msglevel                =MSG_LEVEL_DEBUG;
/*---------------------  Static Classes  ----------------------------*/

/*---------------------  Static Variables  --------------------------*/

const unsigned char abyOUIGK[4]      = { 0x00, 0x0F, 0xAC, 0x00 };
const unsigned char abyOUIWEP40[4]   = { 0x00, 0x0F, 0xAC, 0x01 };
const unsigned char abyOUIWEP104[4]  = { 0x00, 0x0F, 0xAC, 0x05 };
const unsigned char abyOUITKIP[4]    = { 0x00, 0x0F, 0xAC, 0x02 };
const unsigned char abyOUICCMP[4]    = { 0x00, 0x0F, 0xAC, 0x04 };

const unsigned char abyOUI8021X[4]   = { 0x00, 0x0F, 0xAC, 0x01 };
const unsigned char abyOUIPSK[4]     = { 0x00, 0x0F, 0xAC, 0x02 };

/*---------------------  Static Functions  --------------------------*/

/*---------------------  Export Variables  --------------------------*/

/*---------------------  Export Functions  --------------------------*/

/*+
 *
 * Description:
 *    Clear RSN information in BSSList.
 *
 * Parameters:
 *  In:
 *      pBSSNode - BSS list.
 *  Out:
 *      none
 *
 * Return Value: none.
 *
 -*/
void
WPA2_ClearRSN(
	PKnownBSS        pBSSNode
)
{
	int ii;

	pBSSNode->bWPA2Valid = false;

	pBSSNode->byCSSGK = WLAN_11i_CSS_CCMP;
	for (ii = 0; ii < 4; ii++)
		pBSSNode->abyCSSPK[ii] = WLAN_11i_CSS_CCMP;
	pBSSNode->wCSSPKCount = 1;
	for (ii = 0; ii < 4; ii++)
		pBSSNode->abyAKMSSAuthType[ii] = WLAN_11i_AKMSS_802_1X;
	pBSSNode->wAKMSSAuthCount = 1;
	pBSSNode->sRSNCapObj.bRSNCapExist = false;
	pBSSNode->sRSNCapObj.wRSNCap = 0;
}

/*+
 *
 * Description:
 *    Parse RSN IE.
 *
 * Parameters:
 *  In:
 *      pBSSNode - BSS list.
 *      pRSN - Pointer to the RSN IE.
 *  Out:
 *      none
 *
 * Return Value: none.
 *
 -*/
void
WPA2vParseRSN(
	PKnownBSS        pBSSNode,
	PWLAN_IE_RSN     pRSN
)
{
	int                 i, j;
	unsigned short m = 0, n = 0;
	unsigned char *pbyOUI;
	bool bUseGK = false;

	DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "WPA2_ParseRSN: [%d]\n", pRSN->len);

	WPA2_ClearRSN(pBSSNode);

	if (pRSN->len == 2) { // ver(2)
		if ((pRSN->byElementID == WLAN_EID_RSN) && (pRSN->wVersion == 1)) {
			pBSSNode->bWPA2Valid = true;
		}
		return;
	}

	if (pRSN->len < 6) { // ver(2) + GK(4)
		// invalid CSS, P802.11i/D10.0, p31
		return;
	}

	// information element header makes sense
	if ((pRSN->byElementID == WLAN_EID_RSN) &&
	    (pRSN->wVersion == 1)) {
		DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Legal 802.11i RSN\n");

		pbyOUI = &(pRSN->abyRSN[0]);
		if (!memcmp(pbyOUI, abyOUIWEP40, 4))
			pBSSNode->byCSSGK = WLAN_11i_CSS_WEP40;
		else if (!memcmp(pbyOUI, abyOUITKIP, 4))
			pBSSNode->byCSSGK = WLAN_11i_CSS_TKIP;
		else if (!memcmp(pbyOUI, abyOUICCMP, 4))
			pBSSNode->byCSSGK = WLAN_11i_CSS_CCMP;
		else if (!memcmp(pbyOUI, abyOUIWEP104, 4))
			pBSSNode->byCSSGK = WLAN_11i_CSS_WEP104;
		else if (!memcmp(pbyOUI, abyOUIGK, 4)) {
			// invalid CSS, P802.11i/D10.0, p32
			return;
		} else
			// any vendor checks here
			pBSSNode->byCSSGK = WLAN_11i_CSS_UNKNOWN;

		DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "802.11i CSS: %X\n", pBSSNode->byCSSGK);

		if (pRSN->len == 6) {
			pBSSNode->bWPA2Valid = true;
			return;
		}

		if (pRSN->len >= 8) { // ver(2) + GK(4) + PK count(2)
			pBSSNode->wCSSPKCount = *((unsigned short *)&(pRSN->abyRSN[4]));
			j = 0;
			pbyOUI = &(pRSN->abyRSN[6]);

			for (i = 0; (i < pBSSNode->wCSSPKCount) && (j < sizeof(pBSSNode->abyCSSPK)/sizeof(unsigned char)); i++) {
				if (pRSN->len >= 8+i*4+4) { // ver(2)+GK(4)+PKCnt(2)+PKS(4*i)
					if (!memcmp(pbyOUI, abyOUIGK, 4)) {
						pBSSNode->abyCSSPK[j++] = WLAN_11i_CSS_USE_GROUP;
						bUseGK = true;
					} else if (!memcmp(pbyOUI, abyOUIWEP40, 4)) {
						// Invalid CSS, continue to parsing
					} else if (!memcmp(pbyOUI, abyOUITKIP, 4)) {
						if (pBSSNode->byCSSGK != WLAN_11i_CSS_CCMP)
							pBSSNode->abyCSSPK[j++] = WLAN_11i_CSS_TKIP;
						else
							; // Invalid CSS, continue to parsing
					} else if (!memcmp(pbyOUI, abyOUICCMP, 4)) {
						pBSSNode->abyCSSPK[j++] = WLAN_11i_CSS_CCMP;
					} else if (!memcmp(pbyOUI, abyOUIWEP104, 4)) {
						// Invalid CSS, continue to parsing
					} else {
						// any vendor checks here
						pBSSNode->abyCSSPK[j++] = WLAN_11i_CSS_UNKNOWN;
					}
					pbyOUI += 4;
					DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "abyCSSPK[%d]: %X\n", j-1, pBSSNode->abyCSSPK[j-1]);
				} else
					break;
			} //for

			if (bUseGK == true) {
				if (j != 1) {
					// invalid CSS, This should be only PK CSS.
					return;
				}
				if (pBSSNode->byCSSGK == WLAN_11i_CSS_CCMP) {
					// invalid CSS, If CCMP is enable , PK can't be CSSGK.
					return;
				}
			}
			if ((pBSSNode->wCSSPKCount != 0) && (j == 0)) {
				// invalid CSS, No valid PK.
				return;
			}
			pBSSNode->wCSSPKCount = (unsigned short)j;
			DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wCSSPKCount: %d\n", pBSSNode->wCSSPKCount);
		}

		m = *((unsigned short *)&(pRSN->abyRSN[4]));

		if (pRSN->len >= 10+m*4) { // ver(2) + GK(4) + PK count(2) + PKS(4*m) + AKMSS count(2)
			pBSSNode->wAKMSSAuthCount = *((unsigned short *)&(pRSN->abyRSN[6+4*m]));
			j = 0;
			pbyOUI = &(pRSN->abyRSN[8+4*m]);
			for (i = 0; (i < pBSSNode->wAKMSSAuthCount) && (j < sizeof(pBSSNode->abyAKMSSAuthType)/sizeof(unsigned char)); i++) {
				if (pRSN->len >= 10+(m+i)*4+4) { // ver(2)+GK(4)+PKCnt(2)+PKS(4*m)+AKMSS(2)+AKS(4*i)
					if (!memcmp(pbyOUI, abyOUI8021X, 4))
						pBSSNode->abyAKMSSAuthType[j++] = WLAN_11i_AKMSS_802_1X;
					else if (!memcmp(pbyOUI, abyOUIPSK, 4))
						pBSSNode->abyAKMSSAuthType[j++] = WLAN_11i_AKMSS_PSK;
					else
						// any vendor checks here
						pBSSNode->abyAKMSSAuthType[j++] = WLAN_11i_AKMSS_UNKNOWN;
					DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "abyAKMSSAuthType[%d]: %X\n", j-1, pBSSNode->abyAKMSSAuthType[j-1]);
				} else
					break;
			}
			pBSSNode->wAKMSSAuthCount = (unsigned short)j;
			DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wAKMSSAuthCount: %d\n", pBSSNode->wAKMSSAuthCount);

			n = *((unsigned short *)&(pRSN->abyRSN[6+4*m]));
			if (pRSN->len >= 12 + 4 * m + 4 * n) { // ver(2)+GK(4)+PKCnt(2)+PKS(4*m)+AKMSSCnt(2)+AKMSS(4*n)+Cap(2)
				pBSSNode->sRSNCapObj.bRSNCapExist = true;
				pBSSNode->sRSNCapObj.wRSNCap = *((unsigned short *)&(pRSN->abyRSN[8+4*m+4*n]));
			}
		}
		//ignore PMKID lists bcs only (Re)Assocrequest has this field
		pBSSNode->bWPA2Valid = true;
	}
}

/*+
 *
 * Description:
 *    Set WPA IEs
 *
 * Parameters:
 *  In:
 *      pMgmtHandle - Pointer to management object
 *  Out:
 *      pRSNIEs     - Pointer to the RSN IE to set.
 *
 * Return Value: length of IEs.
 *
 -*/
unsigned int
WPA2uSetIEs(
	void *pMgmtHandle,
	PWLAN_IE_RSN pRSNIEs
)
{
	PSMgmtObject    pMgmt = (PSMgmtObject) pMgmtHandle;
	unsigned char *pbyBuffer = NULL;
	unsigned int ii = 0;
	unsigned short *pwPMKID = NULL;

	if (pRSNIEs == NULL) {
		return 0;
	}
	if (((pMgmt->eAuthenMode == WMAC_AUTH_WPA2) ||
	     (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) &&
	    (pMgmt->pCurrBSS != NULL)) {
		/* WPA2 IE */
		pbyBuffer = (unsigned char *)pRSNIEs;
		pRSNIEs->byElementID = WLAN_EID_RSN;
		pRSNIEs->len = 6; //Version(2)+GK(4)
		pRSNIEs->wVersion = 1;
		//Group Key Cipher Suite
		pRSNIEs->abyRSN[0] = 0x00;
		pRSNIEs->abyRSN[1] = 0x0F;
		pRSNIEs->abyRSN[2] = 0xAC;
		if (pMgmt->byCSSGK == KEY_CTL_WEP) {
			pRSNIEs->abyRSN[3] = pMgmt->pCurrBSS->byCSSGK;
		} else if (pMgmt->byCSSGK == KEY_CTL_TKIP) {
			pRSNIEs->abyRSN[3] = WLAN_11i_CSS_TKIP;
		} else if (pMgmt->byCSSGK == KEY_CTL_CCMP) {
			pRSNIEs->abyRSN[3] = WLAN_11i_CSS_CCMP;
		} else {
			pRSNIEs->abyRSN[3] = WLAN_11i_CSS_UNKNOWN;
		}

		// Pairwise Key Cipher Suite
		pRSNIEs->abyRSN[4] = 1;
		pRSNIEs->abyRSN[5] = 0;
		pRSNIEs->abyRSN[6] = 0x00;
		pRSNIEs->abyRSN[7] = 0x0F;
		pRSNIEs->abyRSN[8] = 0xAC;
		if (pMgmt->byCSSPK == KEY_CTL_TKIP) {
			pRSNIEs->abyRSN[9] = WLAN_11i_CSS_TKIP;
		} else if (pMgmt->byCSSPK == KEY_CTL_CCMP) {
			pRSNIEs->abyRSN[9] = WLAN_11i_CSS_CCMP;
		} else if (pMgmt->byCSSPK == KEY_CTL_NONE) {
			pRSNIEs->abyRSN[9] = WLAN_11i_CSS_USE_GROUP;
		} else {
			pRSNIEs->abyRSN[9] = WLAN_11i_CSS_UNKNOWN;
		}
		pRSNIEs->len += 6;

		// Auth Key Management Suite
		pRSNIEs->abyRSN[10] = 1;
		pRSNIEs->abyRSN[11] = 0;
		pRSNIEs->abyRSN[12] = 0x00;
		pRSNIEs->abyRSN[13] = 0x0F;
		pRSNIEs->abyRSN[14] = 0xAC;
		if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK) {
			pRSNIEs->abyRSN[15] = WLAN_11i_AKMSS_PSK;
		} else if (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) {
			pRSNIEs->abyRSN[15] = WLAN_11i_AKMSS_802_1X;
		} else {
			pRSNIEs->abyRSN[15] = WLAN_11i_AKMSS_UNKNOWN;
		}
		pRSNIEs->len += 6;

		// RSN Capabilities
		if (pMgmt->pCurrBSS->sRSNCapObj.bRSNCapExist == true) {
			memcpy(&pRSNIEs->abyRSN[16], &pMgmt->pCurrBSS->sRSNCapObj.wRSNCap, 2);
		} else {
			pRSNIEs->abyRSN[16] = 0;
			pRSNIEs->abyRSN[17] = 0;
		}
		pRSNIEs->len += 2;

		if ((pMgmt->gsPMKIDCache.BSSIDInfoCount > 0) &&
		    (pMgmt->bRoaming == true) &&
		    (pMgmt->eAuthenMode == WMAC_AUTH_WPA2)) {
			// RSN PMKID
			pwPMKID = (unsigned short *)(&pRSNIEs->abyRSN[18]);  // Point to PMKID count
			*pwPMKID = 0;                               // Initialize PMKID count
			pbyBuffer = &pRSNIEs->abyRSN[20];           // Point to PMKID list
			for (ii = 0; ii < pMgmt->gsPMKIDCache.BSSIDInfoCount; ii++) {
				if (!memcmp(&pMgmt->gsPMKIDCache.BSSIDInfo[ii].abyBSSID[0], pMgmt->abyCurrBSSID, ETH_ALEN)) {
					(*pwPMKID)++;
					memcpy(pbyBuffer, pMgmt->gsPMKIDCache.BSSIDInfo[ii].abyPMKID, 16);
					pbyBuffer += 16;
				}
			}
			if (*pwPMKID != 0) {
				pRSNIEs->len += (2 + (*pwPMKID)*16);
			} else {
				pbyBuffer = &pRSNIEs->abyRSN[18];
			}
		}
		return pRSNIEs->len + WLAN_IEHDR_LEN;
	}
	return 0;
}