/* ========================================================================== Description: IRQL = DISPATCH_LEVEL ========================================================================== */ VOID FT_OTA_PeerAuthRspAction( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { UCHAR Addr2[MAC_ADDR_LEN]; USHORT Seq, Status, Alg; BOOLEAN TimerCancelled; PUCHAR pOutBuffer = NULL; NDIS_STATUS NStatus; ULONG FrameLen = 0; UINT8 ptk_len; UCHAR EleID; MAC_TABLE_ENTRY *pEntry = NULL; if (PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, NULL)) { if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && (Alg == AUTH_MODE_FT) && (Seq == 2)) { MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("FT_OTA_AUTH - Receive FT_OTA_AUTH_RSP to me (Alg=%d, Status=%d)\n", Alg, Status)); RTMPCancelTimer(&pAd->MlmeAux.FtOtaAuthTimer, &TimerCancelled); pAd->StaCfg.Dot11RCommInfo.FtRspSuccess = FT_OTA_RESPONSE; if ((Status == MLME_SUCCESS) && (PeerFtAuthRspSanity(pAd, Addr2, Elem->Msg, Elem->MsgLen, pEntry) == TRUE)) { MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("%s : Ready to derive PMK \n", __FUNCTION__)); pEntry = &pAd->MacTab.Content[MCAST_WCID]; NdisMoveMemory(pEntry->SNonce, pAd->MlmeAux.FtIeInfo.SNonce, 32); /* Get ANonce from authentication-response */ NdisMoveMemory(pEntry->ANonce, pAd->MlmeAux.FtIeInfo.ANonce, 32); FT_DerivePMKR1(pAd->StaCfg.Dot11RCommInfo.PMKR0, pAd->StaCfg.Dot11RCommInfo.PMKR0Name, pAd->MlmeAux.Bssid, pAd->CurrentAddress, pEntry->FT_PMK_R1, pEntry->FT_PMK_R1_NAME); if (pEntry->WepStatus == Ndis802_11TKIPEnable) ptk_len = 32+32; else ptk_len = 32+16; /* Derive FT PTK and PTK-NAME */ FT_DerivePTK(pEntry->FT_PMK_R1, pEntry->FT_PMK_R1_NAME, pEntry->ANonce, pEntry->SNonce, pAd->MlmeAux.Bssid, pAd->CurrentAddress, ptk_len, pEntry->PTK, pEntry->PTK_NAME); if ((pAd->MlmeAux.MdIeInfo.FtCapPlc.field.RsrReqCap == FALSE) || (pAd->StaCfg.Dot11RCommInfo.bSupportResource == FALSE)) { /* AP doesn't support resource request or Station doesn't want to do resource request */ pAd->Mlme.FtOtaAuthMachine.CurrState = FT_OTA_AUTH_REQ_IDLE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0); } else { NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */ if(NStatus != NDIS_STATUS_SUCCESS) { MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("FT_OTA_AUTH - FT_OTA_MlmeAuthReqAction allocate memory failed\n")); pAd->Mlme.FtOtaAuthMachine.CurrState = FT_OTA_AUTH_REQ_IDLE; Status = MLME_FAIL_NO_RESOURCE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0); return; } /* Send Auth Confirm */ /* RSNIE */ if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA) { FT_ConstructAuthReqInRsn(pAd, pOutBuffer, &FrameLen); } /* MDIE */ FT_InsertMdIE(pAd, pOutBuffer, &FrameLen, pAd->MlmeAux.MdIeInfo.MdId, pAd->MlmeAux.MdIeInfo.FtCapPlc); /* RIC-Request */ EleID = IE_FT_RIC_DATA; AUTH_ReqSend(pAd, Elem, &pAd->MlmeAux.FtOtaAuthTimer, "FT_OTA_AUTH", 3, pOutBuffer, FrameLen); MlmeFreeMemory(pAd, pOutBuffer); pAd->Mlme.FtOtaAuthMachine.CurrState = FT_OTA_AUTH_WAIT_ACK; } } else { pAd->StaCfg.AuthFailReason = Status; COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2); pAd->Mlme.FtOtaAuthMachine.CurrState = FT_OTA_AUTH_REQ_IDLE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0); } } } else { MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("AUTH - PeerAuthSanity() sanity check fail\n")); } }
VOID FT_OTD_PeerRspAtSeq2Action( IN PRTMP_ADAPTER pAd, IN MLME_QUEUE_ELEM *Elem) { UCHAR TargetAddr[MAC_ADDR_LEN]; USHORT Status; BOOLEAN TimerCancelled; ULONG BssIdx = 0; FT_FTIE FtIe; FT_MDIE MdIe; PFRAME_802_11 pFrame = (PFRAME_802_11) Elem->Msg; MLME_ASSOC_REQ_STRUCT AssocReq; UCHAR BBPValue = 0; DBGPRINT(RT_DEBUG_TRACE, ("FT_OTD_ACTION - PeerFtRspAtSeq2Action MlmeAux.Bssid = %02x:%02x:%02x:%02x:%02x:%02x\n", PRINT_MAC(pAd->MlmeAux.Bssid))); if (PeerFtRspSanity (pAd, Elem->Msg, Elem->MsgLen, TargetAddr, &FtIe, &MdIe, &Status)) { if (MAC_ADDR_EQUAL(pAd->CommonCfg.Bssid, pFrame->Hdr.Addr2)) { DBGPRINT(RT_DEBUG_TRACE, ("FT_OTD_ACTION - Receive FT_RSP seq#2 to me ( Status=%d)\n", Status)); RTMPCancelTimer(&pAd->MlmeAux.FtOtdActTimer, &TimerCancelled); if (Status == MLME_SUCCESS) { UINT8 ptk_len; PMAC_TABLE_ENTRY pEntry = &pAd->MacTab.Content[MCAST_WCID]; NdisMoveMemory(pEntry->SNonce, FtIe.SNonce, 32); /* Get ANonce from authentication-response */ NdisMoveMemory(pEntry->ANonce, FtIe.ANonce, 32); hex_dump("anonce", pEntry->ANonce, 32); hex_dump("snonce", pEntry->SNonce, 32); FT_DerivePMKR1(pAd->StaCfg.Dot11RCommInfo.PMKR0, pAd->StaCfg.Dot11RCommInfo.PMKR0Name, TargetAddr, /*pAd->MlmeAux.Bssid, */ pAd->CurrentAddress, pEntry->FT_PMK_R1, pEntry->FT_PMK_R1_NAME); if (pEntry->WepStatus == Ndis802_11TKIPEnable) ptk_len = 32 + 32; else ptk_len = 32 + 16; /* Derive FT PTK and PTK-NAME */ FT_DerivePTK(pEntry->FT_PMK_R1, pEntry->FT_PMK_R1_NAME, pEntry->ANonce, pEntry->SNonce, TargetAddr, /*pAd->MlmeAux.Bssid, */ pAd->CurrentAddress, ptk_len, pEntry->PTK, pEntry->PTK_NAME); /* How to know there is resource request session now ???????? */ if ((pAd->StaCfg.Dot11RCommInfo.bSupportResource) && (pAd->MlmeAux.MdIeInfo.FtCapPlc.field.RsrReqCap)) { /* Prepare to send FT Confirm packet. */ DBGPRINT(RT_DEBUG_TRACE, ("FT_OTD_ACTION - Receive FT_RSP seq#2 to me, Prepare to send FT Confirm. \n")); pAd->Mlme.FtOtdActMachine.CurrState = FT_OTD_WAIT_SEQ4; } else { BSS_ENTRY *pBss = NULL; /* Doesn't need to send FT Confirm packet. */ DBGPRINT(RT_DEBUG_TRACE, ("FT_OTD_ACTION - Receive FT_RSP seq#2 to me, Prepare to send Reassoc. \n")); pAd->StaCfg.Dot11RCommInfo.FtRspSuccess = FT_OTD_RESPONSE; pAd->Mlme.FtOtdActMachine.CurrState = FT_OTD_IDLE; RTMPMoveMemory(pAd->MlmeAux.Bssid, TargetAddr, MAC_ADDR_LEN); /* find the desired BSS in the latest SCAN result table search 2.4G band first */ BssIdx = BssTableSearch(&pAd->ScanTab, TargetAddr, 1); /* search 5G band, if AP does not exist in 2.4G band */ if (BssIdx == BSS_NOT_FOUND) BssIdx = BssTableSearch(&pAd->ScanTab, TargetAddr, 36); if (BssIdx == BSS_NOT_FOUND) { DBGPRINT(RT_DEBUG_TRACE, ("FT_OTD_ACTION - BSSID not found. reply NDIS_STATUS_NOT_ACCEPTED\n")); pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE; return; } pBss = &pAd->ScanTab.BssEntry[BssIdx]; pAd->MlmeAux.Channel = pBss->Channel; pAd->MlmeAux.CentralChannel = pBss->CentralChannel; RTMPZeroMemory(pAd->MlmeAux.ExtRate, MAX_LEN_OF_SUPPORTED_RATES); RTMPZeroMemory(pAd->MlmeAux.SupRate, MAX_LEN_OF_SUPPORTED_RATES); pAd->MlmeAux.ExtRateLen = pBss->ExtRateLen; RTMPMoveMemory(pAd->MlmeAux.ExtRate, pBss->ExtRate, pBss->ExtRateLen); pAd->MlmeAux.SupRateLen = pBss->SupRateLen; RTMPMoveMemory(pAd->MlmeAux.SupRate, pBss->SupRate, pBss->SupRateLen); RTMPZeroMemory(pAd->MlmeAux.Ssid, MAX_LEN_OF_SSID); pAd->MlmeAux.SsidLen = pBss->SsidLen; RTMPMoveMemory(pAd->MlmeAux.Ssid, pBss->Ssid, pBss->SsidLen); /* StaActive.SupportedHtPhy.MCSSet stores Peer AP's 11n Rx capability */ if (pBss->HtCapabilityLen) { RTMPMoveMemory(pAd->StaActive.SupportedPhyInfo.MCSSet, pBss->HtCapability.MCSSet, 16); } else { NdisZeroMemory(pAd->StaActive.SupportedPhyInfo.MCSSet, 16); } bbp_set_bw(pAd, BW_20); AsicSwitchChannel(pAd, pAd->MlmeAux.Channel, FALSE); AsicLockChannel(pAd, pAd->MlmeAux.Channel); RTMPUpdateMlmeRate(pAd); AssocParmFill(pAd, &AssocReq, pAd->MlmeAux.Bssid, pAd->MlmeAux.CapabilityInfo, ASSOC_TIMEOUT, pAd->StaCfg.DefaultListenCount); MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_REASSOC_REQ, sizeof (MLME_ASSOC_REQ_STRUCT), &AssocReq, 0); pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_REASSOC; } } else { pAd->StaCfg.AuthFailReason = Status; COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, pFrame->Hdr.Addr2); pAd->Mlme.FtOtdActMachine.CurrState = FT_OTD_IDLE; MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_FT_OTD_CONF, 2, &Status, 0); } } } else { DBGPRINT(RT_DEBUG_TRACE, ("FT_OTD_ACTION - PeerFtRspSanity() sanity check fail\n")); } }