int parse_cmd(int *argc_p, char ***argv_p, __u32 len, int type, __u32 retain,
struct m_pedit_sel *sel, struct m_pedit_key *tkey)
{
__u32 mask[4] = { 0 };
__u32 val[4] = { 0 };
__u32 *m = &mask[0];
__u32 *v = &val[0];
__u32 o = 0xFF;
int res = -1;
int argc = *argc_p;
char **argv = *argv_p;
if (argc <= 0)
return -1;
if (pedit_debug)
printf("parse_cmd argc %d %s offset %d length %d\n",
argc, *argv, tkey->off, len);
if (len == 2)
o = 0xFFFF;
if (len == 4)
o = 0xFFFFFFFF;
if (matches(*argv, "invert") == 0) {
*v = *m = o;
} else if (matches(*argv, "set") == 0 ||
matches(*argv, "add") == 0) {
if (matches(*argv, "add") == 0)
tkey->cmd = TCA_PEDIT_KEY_EX_CMD_ADD;
if (!sel->extended && tkey->cmd) {
fprintf(stderr,
"Non extended mode. only 'set' command is supported\n");
return -1;
}
NEXT_ARG();
if (parse_val(&argc, &argv, val, type))
return -1;
} else if (matches(*argv, "preserve") == 0) {
retain = 0;
} else {
if (matches(*argv, "clear") != 0)
return -1;
}
argc--;
argv++;
if (argc && matches(*argv, "retain") == 0) {
NEXT_ARG();
if (parse_val(&argc, &argv, &retain, TU32))
return -1;
argc--;
argv++;
}
if (len > 4 && retain != ~0) {
fprintf(stderr,
"retain is not supported for fields longer the 32 bits\n");
return -1;
}
if (type == TMAC) {
res = pack_mac(sel, tkey, (__u8 *)val);
goto done;
}
if (type == TIPV6) {
res = pack_ipv6(sel, tkey, val);
goto done;
}
tkey->val = *v;
tkey->mask = *m;
if (type == TIPV4)
tkey->val = ntohl(tkey->val);
if (len == 1) {
res = pack_key8(retain, sel, tkey);
goto done;
}
if (len == 2) {
res = pack_key16(retain, sel, tkey);
goto done;
}
if (len == 4) {
res = pack_key32(retain, sel, tkey);
goto done;
}
return -1;
done:
if (pedit_debug)
printf("parse_cmd done argc %d %s offset %d length %d\n",
argc, *argv, tkey->off, len);
*argc_p = argc;
*argv_p = argv;
return res;
}
/*构造组播通告分组*/
static short pack_msk_announcement(struct auth_sta_info_t *sta_info,
u8 *sendto_asue, u8 stakey_flag,
BOOL if_multi_rekey)
{
u8 *hmac_data = NULL;
u8 *hmac_tar_data =NULL;
u8 used_key = sta_info->usksa.dynamic_key_used;;
u8 iv[16] = {0,};
wai_fixdata_flag flag ;
packet_head head;
u16 offset = 0;
u16 hmac_data_len = 0;
apdata_info *pap = sta_info->pap;
memset((u8 *)&flag, 0, 1);
memset((u8 *)&head, 0, sizeof(packet_head));
head.version = VERSIONNOW;
head.type = WAI;
head.sub_type = MSK_ANNOUNCE;
head.reserved = RESERVEDDEF;
head.data_len = 0x0000;
head.frame_sc = 0x00;
head.flag = 0x00;
head.group_sc = sta_info->ae_group_sc;
switch(stakey_flag) {
case 0:/*bit5-0,bit6-0*/
flag &= 0x9F ;/*10011111*/
break;
case 1:/*bit5-0,bit6-1*/
flag &= 0xDF ;/*11011111*/
break;
case 2:/*bit5-1,bit6-0*/
flag &= 0xBF ;/*10111111*/
break;
case 3:/*bit5-1,bit6-1*/
flag &= 0xFF ;/*11111111*/
break;
default:
break;
}
sta_info->flag &= 0x9F;/*0x9F:10011111*//*先将5和6位清零*/
sta_info->flag |= flag & 0x60;/*0x60:01100000*//*bit5:stakey-session bit6:stakey-del*/
offset = c_pack_packet_head(&head,sendto_asue,offset,FROM_MT_LEN);
offset = c_pack_byte((u8)flag, sendto_asue, offset, FROM_MT_LEN);
offset = c_pack_byte((u8)pap->msksa.mskid, sendto_asue, offset, FROM_MT_LEN);
offset = c_pack_byte((u8)sta_info->usksa.dynamic_key_used, sendto_asue, offset, FROM_MT_LEN);
offset = pack_mac(pap->macaddr, sendto_asue, offset);
offset = pack_mac(sta_info->mac, sendto_asue, offset);
if(if_multi_rekey == FALSE)
{
offset = c_pack_16bytes(sta_info->gsn, sendto_asue, offset, FROM_MT_LEN);
}
else{
u8 gsn[16] = {0x5c,0x36,0x5c,0x36,0x5c,0x36,0x5c,0x36,
0x5c,0x36,0x5c,0x36,0x5c,0x36,0x5c,0x36}; /*组播数据序号*/
offset = c_pack_16bytes(gsn, sendto_asue, offset, FROM_MT_LEN);
}
offset = c_pack_dword((u32)pap->gnonce[0], sendto_asue, offset, FROM_MT_LEN);
offset = c_pack_dword((u32)pap->gnonce[1], sendto_asue, offset, FROM_MT_LEN);
offset = c_pack_dword((u32)pap->gnonce[2], sendto_asue, offset, FROM_MT_LEN);
offset = c_pack_dword((u32)pap->gnonce[3], sendto_asue, offset, FROM_MT_LEN);
*(sendto_asue + offset) = MSK_LEN;/*密钥通告数据长度*/
offset += 1;
/*加密组播密钥*/
memcpy(iv, (u8 *)pap->gnonce, MSK_LEN);
htonl_buffer(iv, MSK_LEN);
wpi_encrypt(iv, pap->msksa.msk, MSK_LEN,
sta_info->usksa.usk[used_key].kek,
sendto_asue+offset);
offset += MSK_LEN;
/*计算MIC*/
hmac_data = sendto_asue+sizeof(packet_head);
hmac_data_len = offset - sizeof(packet_head);
hmac_tar_data = (unsigned char *)sendto_asue + offset;
hmac_sha256(hmac_data, hmac_data_len,
sta_info->usksa.usk[used_key].mck, PAIRKEY_LEN,
hmac_tar_data, HMAC_LEN);
offset += HMAC_LEN;
set_packet_data_len(sendto_asue,offset);
return offset;
}
/*单播Rekey中的单播密钥协商请求*/
void usk_rekey_handle(struct auth_sta_info_t *sta_info)
{
int sendtoMT_len = 0;
int sendlen = 0;
u16 offset= 0;
u8 sendto_asue[FROM_MT_LEN];
u8 keyid;
session_key_neg_request dynamic_sessionkey;
struct ethhdr eh;
wai_fixdata_flag flag;
packet_head head;
assert(sta_info);
memset(&dynamic_sessionkey, 0,sizeof(session_key_neg_request));
memcpy(eh.h_dest, sta_info->mac, ETH_ALEN);
sta_info->status = MT_SESSIONKEYING;
/*设置uskid*/
sta_info->usksa.dynamic_key_used = sta_info->usksa.uskid;
sta_info->usksa.uskid =sta_info->usksa.uskid^0x01;
keyid = sta_info->usksa.uskid;
DPrintf("[WAPID]: STA("MACSTR") valid keyid = %d\n", MAC2STR(sta_info->mac), keyid);
sta_info->usksa.usk[keyid].valid_flag = 0;/*invalid*/
/*构造单播密钥协商请求包头*/
memset((u8 *)&head, 0, sizeof(packet_head));
head.version = VERSIONNOW;
head.type = WAI;
head.sub_type = USK_NEG_REQUEST;
head.reserved = RESERVEDDEF;
head.data_len = 0x0000;
head.frame_sc = 0x00;
head.flag = 0x00;
head.group_sc = sta_info->ae_group_sc;
/*确定使用哪个uskid,使用当前无效的那个,经过协商
后使之有效,而另一个成为无效*/
memset((u8 *)&flag, 0, 1);
/*设置USK更新标识*/
flag = WAI_FLAG_USK_UPDATE;
/*打包包头*/
offset = c_pack_packet_head(&head, sendto_asue, offset, FROM_MT_LEN);
/*打包标志*/
offset = c_pack_byte( flag, sendto_asue, offset, FROM_MT_LEN);
/*打包bkid*/
offset = c_pack_16bytes((u8 *)&sta_info->bksa.bkid, sendto_asue, offset, FROM_MT_LEN);
/*打包uskid*/
offset = c_pack_byte((u8)sta_info->usksa.uskid, sendto_asue, offset, FROM_MT_LEN);
/*打包addid*/
offset = pack_mac(sta_info->pap->macaddr, sendto_asue, offset);
offset = pack_mac(sta_info->mac, sendto_asue, offset);
/*打包AE的挑战*/
offset = c_pack_32bytes(sta_info->ae_nonce, sendto_asue, offset, FROM_MT_LEN);
/*设置包的长度*/
set_packet_data_len(sendto_asue,offset);
sendtoMT_len = offset;
/*设置重发缓存区*/
set_table_item(sta_info, SENDTO_STA, 1, sendto_asue, sendtoMT_len, USK_NEG_REQUEST);
/*设置STA状态*/
if(sta_info->status == MT_GROUPNOTICEING)
sta_info->status = MT_SESSIONGROUPING;
/*set used key id to avoid collision,that is when we send dynamic session require,
and send group notice before we receive dynamic session response, we firstly
receive dynamic session response later, at the same time we change dynamic session key,
and check key, secondly receive group notice response in which we check data with raw check
key ,not the one we changed*/
/*发送数据*/
DPrintf("[WAPID]:: USK rekey start, Send '%s' to STA("MACSTR") \n", wai_subtype_info[USK_NEG_REQUEST], MAC2STR(sta_info->mac));
sendlen = send_rs_data(sendto_asue, sendtoMT_len, &eh, sta_info->pap);
if(sendlen != sendtoMT_len)
{
DPrintf("error at %s :%d\n", __func__, __LINE__);
return;
}
sta_info->ae_group_sc+= 1;
sta_info->rekeying = 1;
return;
}
/*单播密钥协商确认分组*/
void usk_negotiation_confirmation(struct auth_sta_info_t *sta_info)
{
struct ethhdr eh;
apdata_info *pap =NULL;
wai_fixdata_flag flag;
packet_head head;
u16 offset= 0;
int sendtoMT_len = 0;
int sendlen = 0;
u8 sendto_asue[FROM_MT_LEN];
u8 dynamic_key_used = 0;
u8 mic[20];
u8 wie_len = 0;
if((!sta_info) ||(!sta_info->pap)){
DPrintf("error at %s :%d\n", __func__, __LINE__);
return ;
}
pap = sta_info->pap;
dynamic_key_used = sta_info->usksa.dynamic_key_used;
memset((u8 *)&head, 0, sizeof(packet_head));
memcpy(eh.h_dest, sta_info->mac, ETH_ALEN);
/*构造包头*/
head.version = VERSIONNOW;
head.type = WAI;
head.sub_type= USK_NEG_CONFIRM;
head.reserved = RESERVEDDEF;
head.data_len = 0x0000;
head.frame_sc = 0x00;
head.flag = 0x00;
head.group_sc = sta_info->ae_group_sc;
memset((u8 *)&flag, 0, 1);
flag = sta_info->flag & WAI_FLAG_USK_UPDATE;
/*打包包头*/
offset = c_pack_packet_head(&head, sendto_asue, offset, FROM_MT_LEN);
/*打包标志*/
offset = c_pack_byte((u8)flag, sendto_asue, offset, FROM_MT_LEN);
/*打包bkid*/
offset = c_pack_16bytes((u8 *)&sta_info->bksa.bkid, sendto_asue, offset, FROM_MT_LEN);
/*打包有效的uskid*/
offset = c_pack_byte(dynamic_key_used, sendto_asue, offset, FROM_MT_LEN);
/*打包addid*/
offset = pack_mac((u8 *)&pap->macaddr, sendto_asue, offset);
offset = pack_mac(sta_info->mac, sendto_asue, offset);
/*打包ASUE的挑战*/
offset = c_pack_32bytes(sta_info->asue_nonce, sendto_asue, offset, FROM_MT_LEN);
/*打包AE的WIE*/
wie_len =*( pap->wie_ae + 1);
memcpy(sendto_asue + offset, pap->wie_ae, wie_len + 2);
offset += wie_len + 2;
/*计算MIC*/
hmac_sha256(sendto_asue + sizeof(packet_head), offset - sizeof(packet_head),
sta_info->usksa.usk[dynamic_key_used].mck, PAIRKEY_LEN, mic, HMAC_LEN);
memcpy(sendto_asue + offset, mic, HMAC_LEN);
offset += HMAC_LEN;
/*设置包长度*/
set_packet_data_len(sendto_asue,offset);
assert(offset != PACK_ERROR);
sendtoMT_len = offset;
/*清除重发缓冲区*/
set_table_item(sta_info, SENDTO_STA, 1, sendto_asue, sendtoMT_len, USK_NEG_CONFIRM);
//auth_table[asue_no].status = MT_SESSIONGROUPING;
/*set used key id to avoid collision,that is when we send dynamic session require,
and send group notice before we receive dynamic session response, we firstly
receive dynamic session response later, at the same time we change dynamic session key,
and check key, secondly receive group notice response in which we check data with raw check
key ,not the one we changed*/
/*发数据*/
DPrintf("[WAPID]:: Send '%s' to STA("MACSTR")\n", wai_subtype_info[USK_NEG_CONFIRM], MAC2STR(sta_info->mac));
DPrintf("[WAPID]:: USK negotiation completed!\n");
sendlen = send_rs_data(sendto_asue, sendtoMT_len, &eh, pap);
if(sendlen != sendtoMT_len)
{
DPrintf("error at %s :%d\n", __func__, __LINE__);
return;
}
sta_info->ae_group_sc += 1;
return;
}/*==========================end============================*/
/*单播密钥协商请求*/
void usk_negotiation_req(struct auth_sta_info_t *sta_info)
{
int sendtoMT_len = 0;
int sendlen = 0;
int i;
big_data data_buff;
u16 offset= 0;
struct ethhdr eh;
wai_fixdata_flag flag;
packet_head head;
u8 sendto_asue[FROM_MT_LEN];
apdata_info *pap = sta_info->pap;
memcpy(eh.h_dest, sta_info->mac, ETH_ALEN);
memset(&data_buff, 0, sizeof(big_data));
/*创建单播密钥请求报文*/
memset((u8 *)&head, 0, sizeof(packet_head));
head.version = VERSIONNOW;
head.type = WAI;
head.sub_type= USK_NEG_REQUEST;
head.reserved = RESERVEDDEF;
head.data_len = 0x0000;
head.frame_sc = 0x00;
head.flag = 0x00;
head.group_sc = sta_info->ae_group_sc;
/*确定使用哪个uskid,使用当前无效的那个,经过协商
后使之有效,而另一个成为无效*/
for(i = 0; i < 2; i++)
{
if(sta_info->usksa.usk[i].valid_flag == 0 /*invalid*/)
sta_info->usksa.uskid = i;
}
memset((u8 *)&flag, 0, 1); /*bit4 = 0*/
sta_info->flag &= 0xEF;/*0xEF:11101111*//*先将4位清零*/
sta_info->flag |= flag & WAI_FLAG_USK_UPDATE;/*0x10:00010000*//*bit4:usk_update*/
offset = c_pack_packet_head(&head, sendto_asue, offset, FROM_MT_LEN);
offset = c_pack_byte((u8) flag, sendto_asue, offset, FROM_MT_LEN);
offset = c_pack_16bytes(sta_info->bksa.bkid, sendto_asue, offset, FROM_MT_LEN);
offset = c_pack_byte((u8)sta_info->usksa.uskid , sendto_asue, offset, FROM_MT_LEN);
offset = pack_mac(pap->macaddr, sendto_asue, offset);
offset = pack_mac(sta_info->mac, sendto_asue, offset);
get_random(sta_info->ae_nonce, CHALLENGE_LEN);
offset = c_pack_32bytes(sta_info->ae_nonce, sendto_asue, offset, FROM_MT_LEN);
set_packet_data_len(sendto_asue,offset);
sendtoMT_len = offset;
/*设置重发缓冲区*/
set_table_item(sta_info, SENDTO_STA, 1, sendto_asue, sendtoMT_len, USK_NEG_REQUEST);
DPrintf("[WAPID]:: Send '%s' to STA("MACSTR")\n", wai_subtype_info[USK_NEG_REQUEST], MAC2STR(sta_info->mac));
wapi_hex_dump("Data", sendto_asue, sendtoMT_len);
sendlen = send_rs_data(sendto_asue, sendtoMT_len, &eh, pap);
if(sendlen != sendtoMT_len)
{
DPrintf("error at %s :%d\n", __func__, __LINE__);
return;
}
sta_info->ae_group_sc += 1;/*分组序号+1*/
sta_info->status = MT_WAITING_SESSION;/*设置asue状态*/
return;
}
