/*
==========================================================================
Description:
==========================================================================
*/
static VOID ApCliPeerAuthRspAtSeq4Action(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
BOOLEAN Cancelled;
UCHAR Addr2[MAC_ADDR_LEN];
USHORT Alg, Seq, Status;
CHAR ChlgText[CIPHER_TEXT_LEN];
APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg;
USHORT ifIndex = (USHORT)(Elem->Priv);
PULONG pCurrState = NULL;
#ifdef MAC_REPEATER_SUPPORT
UCHAR CliIdx = 0xFF;
#endif /* MAC_REPEATER_SUPPORT */
if ((ifIndex >= MAX_APCLI_NUM)
#ifdef MAC_REPEATER_SUPPORT
&& (ifIndex < 64)
#endif /* MAC_REPEATER_SUPPORT */
)
return;
#ifdef MAC_REPEATER_SUPPORT
if (ifIndex >= 64)
{
CliIdx = ((ifIndex - 64) % 16);
ifIndex = ((ifIndex - 64) / 16);
pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].AuthCurrState;
}
else
#endif /* MAC_REPEATER_SUPPORT */
pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AuthCurrState;
if(PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, ChlgText))
{
if(MAC_ADDR_EQUAL(pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Bssid, Addr2) && Seq == 4)
{
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
{
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Repeater Cli Receive AUTH_RSP seq#4 to me\n"));
RTMPCancelTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, &Cancelled);
}
else
#endif /* MAC_REPEATER_SUPPORT */
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - Receive AUTH_RSP seq#4 to me\n"));
RTMPCancelTimer(&pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.ApCliAuthTimer, &Cancelled);
}
ApCliCtrlMsg.Status = MLME_SUCCESS;
if(Status != MLME_SUCCESS)
{
ApCliCtrlMsg.Status = Status;
}
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.CliIdx = CliIdx;
ApCliCtrlMsg.BssIdx = ifIndex;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
*pCurrState = APCLI_AUTH_REQ_IDLE;
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
}
} else
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI - PeerAuthRspAtSeq4Action() sanity check fail\n"));
}
return;
}
/*
==========================================================================
Description:
==========================================================================
*/
static VOID ApCliPeerAuthRspAtSeq2Action(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
BOOLEAN Cancelled;
UCHAR Addr2[MAC_ADDR_LEN];
USHORT Seq, Status, Alg;
USHORT RemoteStatus;
UCHAR iv_hdr[LEN_WEP_IV_HDR];
/* UCHAR ChlgText[CIPHER_TEXT_LEN]; */
UCHAR *ChlgText = NULL;
UCHAR CyperChlgText[CIPHER_TEXT_LEN + 8 + 8];
ULONG c_len = 0;
HEADER_802_11 AuthHdr;
NDIS_STATUS NState;
PUCHAR pOutBuffer = NULL;
ULONG FrameLen = 0;
APCLI_CTRL_MSG_STRUCT ApCliCtrlMsg;
UCHAR ChallengeIe = IE_CHALLENGE_TEXT;
UCHAR len_challengeText = CIPHER_TEXT_LEN;
USHORT ifIndex = (USHORT)(Elem->Priv);
PULONG pCurrState = NULL;
#ifdef MAC_REPEATER_SUPPORT
UCHAR CliIdx = 0xFF;
#endif /* MAC_REPEATER_SUPPORT */
if ((ifIndex >= MAX_APCLI_NUM)
#ifdef MAC_REPEATER_SUPPORT
&& (ifIndex < 64)
#endif /* MAC_REPEATER_SUPPORT */
)
return;
#ifdef MAC_REPEATER_SUPPORT
if (ifIndex >= 64)
{
CliIdx = ((ifIndex - 64) % 16);
ifIndex = ((ifIndex - 64) / 16);
pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].AuthCurrState;
}
else
#endif /* MAC_REPEATER_SUPPORT */
pCurrState = &pAd->ApCfg.ApCliTab[ifIndex].AuthCurrState;
/* allocate memory */
os_alloc_mem(NULL, (UCHAR **)&ChlgText, CIPHER_TEXT_LEN);
if (ChlgText == NULL)
{
DBGPRINT(RT_DEBUG_ERROR, ("%s: Allocate memory fail!!!\n", __FUNCTION__));
return;
}
if(PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, (CHAR *) ChlgText))
{
if(MAC_ADDR_EQUAL(pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Bssid, Addr2) && Seq == 2)
{
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
{
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Repeater Cli Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status));
RTMPCancelTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, &Cancelled);
}
else
#endif /* MAC_REPEATER_SUPPORT */
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status));
RTMPCancelTimer(&pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.ApCliAuthTimer, &Cancelled);
}
if(Status == MLME_SUCCESS)
{
if(pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Alg == Ndis802_11AuthModeOpen)
{
*pCurrState = APCLI_AUTH_REQ_IDLE;
ApCliCtrlMsg.Status= MLME_SUCCESS;
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.CliIdx = CliIdx;
ApCliCtrlMsg.BssIdx = ifIndex;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
}
else
{
PCIPHER_KEY pKey;
UINT default_key = pAd->ApCfg.ApCliTab[ifIndex].DefaultKeyId;
pKey = &pAd->ApCfg.ApCliTab[ifIndex].SharedKey[default_key];
/* 2. shared key, need to be challenged */
Seq++;
RemoteStatus = MLME_SUCCESS;
/* allocate and send out AuthRsp frame */
NState = MlmeAllocateMemory(pAd, &pOutBuffer);
if(NState != NDIS_STATUS_SUCCESS)
{
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - ApCliPeerAuthRspAtSeq2Action allocate memory fail\n"));
*pCurrState = APCLI_AUTH_REQ_IDLE;
ApCliCtrlMsg.Status= MLME_FAIL_NO_RESOURCE;
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.CliIdx = CliIdx;
ApCliCtrlMsg.BssIdx = ifIndex;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
goto LabelOK;
}
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Repeater Cli Send AUTH request seq#3...\n"));
else
#endif /* MAC_REPEATER_SUPPORT */
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send AUTH request seq#3...\n"));
ApCliMgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.Bssid, ifIndex);
AuthHdr.FC.Wep = 1;
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
COPY_MAC_ADDR(AuthHdr.Addr2, pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].CurrentAddress);
#endif /* MAC_REPEATER_SUPPORT */
/* Encrypt challenge text & auth information */
/* TSC increment */
INC_TX_TSC(pKey->TxTsc, LEN_WEP_TSC);
/* Construct the 4-bytes WEP IV header */
RTMPConstructWEPIVHdr(default_key, pKey->TxTsc, iv_hdr);
Alg = cpu2le16(*(USHORT *)&Alg);
Seq = cpu2le16(*(USHORT *)&Seq);
RemoteStatus= cpu2le16(*(USHORT *)&RemoteStatus);
/* Construct message text */
MakeOutgoingFrame(CyperChlgText, &c_len,
2, &Alg,
2, &Seq,
2, &RemoteStatus,
1, &ChallengeIe,
1, &len_challengeText,
len_challengeText, ChlgText,
END_OF_ARGS);
if (RTMPSoftEncryptWEP(pAd,
iv_hdr,
pKey,
CyperChlgText,
c_len) == FALSE)
{
DBGPRINT(RT_DEBUG_TRACE, ("AUTH - ApCliPeerAuthRspAtSeq2Action allocate memory fail\n"));
*pCurrState = APCLI_AUTH_REQ_IDLE;
ApCliCtrlMsg.Status= MLME_FAIL_NO_RESOURCE;
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.BssIdx = ifIndex;
ApCliCtrlMsg.CliIdx = CliIdx;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
goto LabelOK;
}
/* Update the total length for 4-bytes ICV */
c_len += LEN_ICV;
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof(HEADER_802_11), &AuthHdr,
LEN_WEP_IV_HDR, iv_hdr,
c_len, CyperChlgText,
END_OF_ARGS);
MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
#ifdef MAC_REPEATER_SUPPORT
if (CliIdx != 0xFF)
RTMPSetTimer(&pAd->ApCfg.ApCliTab[ifIndex].RepeaterCli[CliIdx].ApCliAuthTimer, AUTH_TIMEOUT);
else
#endif /* MAC_REPEATER_SUPPORT */
RTMPSetTimer(&pAd->ApCfg.ApCliTab[ifIndex].ApCliMlmeAux.ApCliAuthTimer, AUTH_TIMEOUT);
*pCurrState = APCLI_AUTH_WAIT_SEQ4;
}
}
else
{
*pCurrState = APCLI_AUTH_REQ_IDLE;
#ifdef MAC_REPEATER_SUPPORT
ApCliCtrlMsg.CliIdx = CliIdx;
ApCliCtrlMsg.BssIdx = ifIndex;
ifIndex = (USHORT)(Elem->Priv);
#endif /* MAC_REPEATER_SUPPORT */
ApCliCtrlMsg.Status= Status;
MlmeEnqueue(pAd, APCLI_CTRL_STATE_MACHINE, APCLI_CTRL_AUTH_RSP,
sizeof(APCLI_CTRL_MSG_STRUCT), &ApCliCtrlMsg, ifIndex);
}
}
}
else
{
DBGPRINT(RT_DEBUG_TRACE, ("APCLI AUTH - PeerAuthSanity() sanity check fail\n"));
}
LabelOK:
if (pOutBuffer != NULL)
MlmeFreeMemory(pAd, pOutBuffer);
if (ChlgText != NULL)
os_free_mem(NULL, ChlgText);
return;
}
/*
==========================================================================
Description:
IRQL = DISPATCH_LEVEL
==========================================================================
*/
VOID FT_OTA_PeerAuthRspAction(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
UCHAR Addr2[MAC_ADDR_LEN];
USHORT Seq, Status, Alg;
BOOLEAN TimerCancelled;
PUCHAR pOutBuffer = NULL;
NDIS_STATUS NStatus;
ULONG FrameLen = 0;
UINT8 ptk_len;
UCHAR EleID;
MAC_TABLE_ENTRY *pEntry = NULL;
if (PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, NULL))
{
if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) &&
(Alg == AUTH_MODE_FT) &&
(Seq == 2))
{
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("FT_OTA_AUTH - Receive FT_OTA_AUTH_RSP to me (Alg=%d, Status=%d)\n", Alg, Status));
RTMPCancelTimer(&pAd->MlmeAux.FtOtaAuthTimer, &TimerCancelled);
pAd->StaCfg.Dot11RCommInfo.FtRspSuccess = FT_OTA_RESPONSE;
if ((Status == MLME_SUCCESS) &&
(PeerFtAuthRspSanity(pAd, Addr2, Elem->Msg, Elem->MsgLen, pEntry) == TRUE))
{
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("%s : Ready to derive PMK \n", __FUNCTION__));
pEntry = &pAd->MacTab.Content[MCAST_WCID];
NdisMoveMemory(pEntry->SNonce, pAd->MlmeAux.FtIeInfo.SNonce, 32);
/* Get ANonce from authentication-response */
NdisMoveMemory(pEntry->ANonce, pAd->MlmeAux.FtIeInfo.ANonce, 32);
FT_DerivePMKR1(pAd->StaCfg.Dot11RCommInfo.PMKR0,
pAd->StaCfg.Dot11RCommInfo.PMKR0Name,
pAd->MlmeAux.Bssid,
pAd->CurrentAddress,
pEntry->FT_PMK_R1,
pEntry->FT_PMK_R1_NAME);
if (pEntry->WepStatus == Ndis802_11TKIPEnable)
ptk_len = 32+32;
else
ptk_len = 32+16;
/* Derive FT PTK and PTK-NAME */
FT_DerivePTK(pEntry->FT_PMK_R1,
pEntry->FT_PMK_R1_NAME,
pEntry->ANonce,
pEntry->SNonce,
pAd->MlmeAux.Bssid,
pAd->CurrentAddress,
ptk_len,
pEntry->PTK,
pEntry->PTK_NAME);
if ((pAd->MlmeAux.MdIeInfo.FtCapPlc.field.RsrReqCap == FALSE) ||
(pAd->StaCfg.Dot11RCommInfo.bSupportResource == FALSE))
{
/*
AP doesn't support resource request or
Station doesn't want to do resource request
*/
pAd->Mlme.FtOtaAuthMachine.CurrState = FT_OTA_AUTH_REQ_IDLE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0);
}
else
{
NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */
if(NStatus != NDIS_STATUS_SUCCESS)
{
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("FT_OTA_AUTH - FT_OTA_MlmeAuthReqAction allocate memory failed\n"));
pAd->Mlme.FtOtaAuthMachine.CurrState = FT_OTA_AUTH_REQ_IDLE;
Status = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0);
return;
}
/* Send Auth Confirm */
/* RSNIE */
if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
{
FT_ConstructAuthReqInRsn(pAd, pOutBuffer, &FrameLen);
}
/* MDIE */
FT_InsertMdIE(pAd,
pOutBuffer,
&FrameLen,
pAd->MlmeAux.MdIeInfo.MdId,
pAd->MlmeAux.MdIeInfo.FtCapPlc);
/* RIC-Request */
EleID = IE_FT_RIC_DATA;
AUTH_ReqSend(pAd, Elem, &pAd->MlmeAux.FtOtaAuthTimer, "FT_OTA_AUTH", 3, pOutBuffer, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
pAd->Mlme.FtOtaAuthMachine.CurrState = FT_OTA_AUTH_WAIT_ACK;
}
}
else
{
pAd->StaCfg.AuthFailReason = Status;
COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
pAd->Mlme.FtOtaAuthMachine.CurrState = FT_OTA_AUTH_REQ_IDLE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status, 0);
}
}
}
else
{
MTWF_LOG(DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_TRACE, ("AUTH - PeerAuthSanity() sanity check fail\n"));
}
}
/*
==========================================================================
Description:
==========================================================================
*/
VOID PeerAuthRspAtSeq2Action(
IN PRTMP_ADAPTER pAd,
IN MLME_QUEUE_ELEM *Elem)
{
UCHAR Addr2[MAC_ADDR_LEN];
USHORT Seq, Status, RemoteStatus, Alg;
UCHAR ChlgText[CIPHER_TEXT_LEN];
UCHAR CyperChlgText[CIPHER_TEXT_LEN + 8 + 8];
UCHAR Element[2];
HEADER_802_11 AuthHdr;
PUCHAR pOutBuffer = NULL;
ULONG FrameLen = 0;
USHORT Status2;
USHORT NStatus;
if (PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, ChlgText))
{
if (MAC_ADDR_EQUAL(&pAd->MlmeAux.Bssid, Addr2) && Seq == 2)
{
DBGPRINT(RT_DEBUG_TRACE, "AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status);
RTMPCancelTimer(&pAd->MlmeAux.AuthTimer);
if (Status == MLME_SUCCESS)
{
if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen)
{
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
}
else
{
// 2. shared key, need to be challenged
Seq++;
RemoteStatus = MLME_SUCCESS;
// allocate and send out AuthRsp frame
NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer); //Get an unused nonpaged memory
if (NStatus != NDIS_STATUS_SUCCESS)
{
DBGPRINT(RT_DEBUG_TRACE, "AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n");
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status2 = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status2);
return;
}
DBGPRINT(RT_DEBUG_TRACE, "AUTH - Send AUTH request seq#3...\n");
MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->MlmeAux.Bssid);
AuthHdr.FC.Wep = 1;
// Encrypt challenge text & auth information
RTMPInitWepEngine(
pAd,
pAd->SharedKey[pAd->PortCfg.DefaultKeyId].Key,
pAd->PortCfg.DefaultKeyId,
pAd->SharedKey[pAd->PortCfg.DefaultKeyId].KeyLen,
CyperChlgText);
#ifdef BIG_ENDIAN
Alg = SWAP16(*(USHORT *)&Alg);
Seq = SWAP16(*(USHORT *)&Seq);
RemoteStatus= SWAP16(*(USHORT *)&RemoteStatus);
#endif
RTMPEncryptData(pAd, (PUCHAR) &Alg, CyperChlgText + 4, 2);
RTMPEncryptData(pAd, (PUCHAR) &Seq, CyperChlgText + 6, 2);
RTMPEncryptData(pAd, (PUCHAR) &RemoteStatus, CyperChlgText + 8, 2);
Element[0] = 16;
Element[1] = 128;
RTMPEncryptData(pAd, Element, CyperChlgText + 10, 2);
RTMPEncryptData(pAd, ChlgText, CyperChlgText + 12, 128);
RTMPSetICV(pAd, CyperChlgText + 140);
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof(HEADER_802_11), &AuthHdr,
CIPHER_TEXT_LEN + 16, CyperChlgText,
END_OF_ARGS);
MiniportMMRequest(pAd, pOutBuffer, FrameLen);
RTMPSetTimer(pAd, &pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT);
pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ4;
}
}
else
{
pAd->PortCfg.AuthFailReason = Status;
COPY_MAC_ADDR(pAd->PortCfg.AuthFailSta, Addr2);
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
}
}
}
else
{
DBGPRINT(RT_DEBUG_TRACE, "AUTH - PeerAuthSanity() sanity check fail\n");
}
}
/*
==========================================================================
Description:
IRQL = DISPATCH_LEVEL
==========================================================================
*/
VOID PeerAuthRspAtSeq2Action(RTMP_ADAPTER *pAd, MLME_QUEUE_ELEM * Elem)
{
UCHAR Addr2[MAC_ADDR_LEN];
USHORT Seq, Status, RemoteStatus, Alg;
UCHAR iv_hdr[4];
UCHAR *ChlgText = NULL;
UCHAR *CyperChlgText = NULL;
ULONG c_len = 0;
HEADER_802_11 AuthHdr;
BOOLEAN TimerCancelled;
PUCHAR pOutBuffer = NULL;
NDIS_STATUS NStatus;
ULONG FrameLen = 0;
USHORT Status2;
UCHAR ChallengeIe = IE_CHALLENGE_TEXT;
UCHAR len_challengeText = CIPHER_TEXT_LEN;
os_alloc_mem(NULL, (UCHAR **) & ChlgText, CIPHER_TEXT_LEN);
if (ChlgText == NULL) {
DBGPRINT(RT_DEBUG_ERROR, ("%s: alloc mem fail\n", __FUNCTION__));
return;
}
os_alloc_mem(NULL, (UCHAR **) & CyperChlgText, CIPHER_TEXT_LEN + 8 + 8);
if (CyperChlgText == NULL) {
DBGPRINT(RT_DEBUG_ERROR,
("%s: CyperChlgText Allocate memory fail!!!\n",
__FUNCTION__));
os_free_mem(NULL, ChlgText);
return;
}
if (PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, (PCHAR)ChlgText)) {
if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 2) {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n",
Alg, Status));
RTMPCancelTimer(&pAd->MlmeAux.AuthTimer, &TimerCancelled);
if (Status == MLME_SUCCESS) {
/* Authentication Mode "LEAP" has allow for CCX 1.X */
if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen) {
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2, &Status,
0);
} else {
struct wifi_dev *wdev = &pAd->StaCfg.wdev;
/* 2. shared key, need to be challenged */
Seq++;
RemoteStatus = MLME_SUCCESS;
/* Get an unused nonpaged memory */
NStatus =
MlmeAllocateMemory(pAd,
&pOutBuffer);
if (NStatus != NDIS_STATUS_SUCCESS) {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n"));
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status2 = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2,
&Status2, 0);
goto LabelOK;
}
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - Send AUTH request seq#3...\n"));
MgtMacHeaderInit(pAd, &AuthHdr,
SUBTYPE_AUTH, 0, Addr2,
pAd->CurrentAddress,
pAd->MlmeAux.Bssid);
AuthHdr.FC.Wep = 1;
/* TSC increment */
INC_TX_TSC(pAd->SharedKey[BSS0][wdev->DefaultKeyId].TxTsc, LEN_WEP_TSC);
/* Construct the 4-bytes WEP IV header */
RTMPConstructWEPIVHdr(wdev->DefaultKeyId,
pAd->SharedKey[BSS0][wdev->DefaultKeyId].TxTsc, iv_hdr);
Alg = cpu2le16(*(USHORT *) & Alg);
Seq = cpu2le16(*(USHORT *) & Seq);
RemoteStatus = cpu2le16(*(USHORT *) &RemoteStatus);
/* Construct message text */
MakeOutgoingFrame(CyperChlgText, &c_len,
2, &Alg,
2, &Seq,
2, &RemoteStatus,
1, &ChallengeIe,
1, &len_challengeText,
len_challengeText,
ChlgText,
END_OF_ARGS);
if (RTMPSoftEncryptWEP(pAd,
iv_hdr,
&pAd->SharedKey[BSS0][wdev->DefaultKeyId],
CyperChlgText, c_len) == FALSE) {
MlmeFreeMemory(pAd, pOutBuffer);
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
Status2 = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2,
&Status2, 0);
goto LabelOK;
}
/* Update the total length for 4-bytes ICV */
c_len += LEN_ICV;
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof
(HEADER_802_11),
&AuthHdr,
LEN_WEP_IV_HDR,
iv_hdr, c_len,
CyperChlgText,
END_OF_ARGS);
MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
RTMPSetTimer(&pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT);
pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ4;
}
} else {
pAd->StaCfg.AuthFailReason = Status;
COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2, &Status, 0);
}
}
} else {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - PeerAuthSanity() sanity check fail\n"));
}
LabelOK:
if (ChlgText != NULL)
os_free_mem(NULL, ChlgText);
if (CyperChlgText != NULL)
os_free_mem(NULL, CyperChlgText);
return;
}
void PeerAuthRspAtSeq2Action(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
{
u8 Addr2[MAC_ADDR_LEN];
u16 Seq, Status, RemoteStatus, Alg;
u8 ChlgText[CIPHER_TEXT_LEN];
u8 CyperChlgText[CIPHER_TEXT_LEN + 8 + 8];
u8 Element[2];
struct rt_header_802_11 AuthHdr;
BOOLEAN TimerCancelled;
u8 *pOutBuffer = NULL;
int NStatus;
unsigned long FrameLen = 0;
u16 Status2;
if (PeerAuthSanity
(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status,
(char *)ChlgText)) {
if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 2) {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n",
Alg, Status));
RTMPCancelTimer(&pAd->MlmeAux.AuthTimer,
&TimerCancelled);
if (Status == MLME_SUCCESS) {
/* Authentication Mode "LEAP" has allow for CCX 1.X */
if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen) {
pAd->Mlme.AuthMachine.CurrState =
AUTH_REQ_IDLE;
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2, &Status);
} else {
/* 2. shared key, need to be challenged */
Seq++;
RemoteStatus = MLME_SUCCESS;
/* Get an unused nonpaged memory */
NStatus =
MlmeAllocateMemory(pAd,
&pOutBuffer);
if (NStatus != NDIS_STATUS_SUCCESS) {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n"));
pAd->Mlme.AuthMachine.
CurrState = AUTH_REQ_IDLE;
Status2 = MLME_FAIL_NO_RESOURCE;
MlmeEnqueue(pAd,
MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2,
&Status2);
return;
}
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - Send AUTH request seq#3...\n"));
MgtMacHeaderInit(pAd, &AuthHdr,
SUBTYPE_AUTH, 0, Addr2,
pAd->MlmeAux.Bssid);
AuthHdr.FC.Wep = 1;
/* Encrypt challenge text & auth information */
RTMPInitWepEngine(pAd,
pAd->
SharedKey[BSS0][pAd->
StaCfg.
DefaultKeyId].
Key,
pAd->StaCfg.
DefaultKeyId,
pAd->
SharedKey[BSS0][pAd->
StaCfg.
DefaultKeyId].
KeyLen,
CyperChlgText);
Alg = cpu2le16(*(u16 *) & Alg);
Seq = cpu2le16(*(u16 *) & Seq);
RemoteStatus =
cpu2le16(*(u16 *) &
RemoteStatus);
RTMPEncryptData(pAd, (u8 *)& Alg,
CyperChlgText + 4, 2);
RTMPEncryptData(pAd, (u8 *)& Seq,
CyperChlgText + 6, 2);
RTMPEncryptData(pAd,
(u8 *)& RemoteStatus,
CyperChlgText + 8, 2);
Element[0] = 16;
Element[1] = 128;
RTMPEncryptData(pAd, Element,
CyperChlgText + 10, 2);
RTMPEncryptData(pAd, ChlgText,
CyperChlgText + 12,
128);
RTMPSetICV(pAd, CyperChlgText + 140);
MakeOutgoingFrame(pOutBuffer, &FrameLen,
sizeof(struct rt_header_802_11),
&AuthHdr,
CIPHER_TEXT_LEN + 16,
CyperChlgText,
END_OF_ARGS);
MiniportMMRequest(pAd, 0, pOutBuffer,
FrameLen);
MlmeFreeMemory(pAd, pOutBuffer);
RTMPSetTimer(&pAd->MlmeAux.AuthTimer,
AUTH_TIMEOUT);
pAd->Mlme.AuthMachine.CurrState =
AUTH_WAIT_SEQ4;
}
} else {
pAd->StaCfg.AuthFailReason = Status;
COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE,
MT2_AUTH_CONF, 2, &Status);
}
}
} else {
DBGPRINT(RT_DEBUG_TRACE,
("AUTH - PeerAuthSanity() sanity check fail\n"));
}
}
