/***************************************************************************** 函 数 名 : hmac_protection_lsigtxop_check 功能描述 : 查询是否可以使用lsigtxop保护 输入参数 : pst_mac_vap : mac vap结构体指针 输出参数 : 无 返 回 值 : oal_bool_enum : 0: 不可以使用lsig txop保护 1: 可以使用lsig txop保护 调用函数 : 被调函数 : 修改历史 : 1.日 期 : 2014年4月18日 作 者 : c00260463 修改内容 : 新生成函数 *****************************************************************************/ OAL_STATIC oal_bool_enum hmac_protection_lsigtxop_check(mac_vap_stru *pst_mac_vap) { mac_user_stru *pst_mac_user; /*如果不是11n站点,则不支持lsigtxop保护*/ if ((WLAN_HT_MODE != pst_mac_vap->en_protocol) && (WLAN_HT_ONLY_MODE != pst_mac_vap->en_protocol) && (WLAN_HT_11G_MODE != pst_mac_vap->en_protocol)) { return OAL_FALSE; } if (WLAN_VAP_MODE_BSS_STA == pst_mac_vap->en_vap_mode) { pst_mac_user = (mac_user_stru *)mac_res_get_mac_user(pst_mac_vap->uc_assoc_vap_id); /*user保存的是AP的信息*/ if (OAL_PTR_NULL == pst_mac_user) { return OAL_FALSE; } } /*lint -e644*/ /*BSS 中所有站点都支持Lsig txop protection, 则使用Lsig txop protection机制,开销小, AP和STA采用不同的判断*/ if (((WLAN_VAP_MODE_BSS_AP == pst_mac_vap->en_vap_mode) && (OAL_TRUE == mac_mib_get_LsigTxopFullProtectionActivated(pst_mac_vap))) ||((WLAN_VAP_MODE_BSS_STA == pst_mac_vap->en_vap_mode) && (OAL_TRUE == pst_mac_user->st_ht_hdl.bit_lsig_txop_protection_full_support))) { return OAL_TRUE; } else { return OAL_FALSE; } /*lint +e644*/ }
OAL_STATIC oal_uint32 dmac_bip_decrypto(dmac_vap_stru *pst_dmac_vap, oal_netbuf_stru *pst_netbuf) { wlan_priv_key_param_stru *pst_pmf_igtk; mac_user_stru *pst_multi_user; oal_uint8 uc_pmf_igtk_keyid = 0xff; wlan_mib_Dot11RSNAStatsEntry_stru *pst_mib_rsna_status; dmac_rx_ctl_stru *pst_rx_ctl; oal_uint32 ul_relt; wlan_pmf_cap_status_uint8 en_pmf_cap; if (OAL_TRUE != dmac_11w_check_multicast_mgmt(pst_netbuf)) { return OAL_SUCC; } /* 获取帧头信息 */ pst_rx_ctl = (dmac_rx_ctl_stru *)oal_netbuf_cb(pst_netbuf); /* 获取包含 重放 & CMAC解密失败 的统计mib指针 */ pst_mib_rsna_status = (pst_dmac_vap->st_vap_base_info.pst_mib_info->ast_wlan_mib_rsna_status) + (pst_rx_ctl->st_rx_info.us_ta_user_idx); /* 判断vap的pmf能力 */ ul_relt = dmac_11w_get_pmf_cap(&pst_dmac_vap->st_vap_base_info,&en_pmf_cap); if (OAL_SUCC != ul_relt) { return OAL_FAIL; } pst_multi_user = mac_res_get_mac_user(pst_dmac_vap->st_vap_base_info.us_multi_user_idx); if (OAL_PTR_NULL == pst_multi_user) { return OAL_PTR_NULL; } /* 强健组播管理帧解密 */ if ((WLAN_VAP_MODE_BSS_STA == pst_dmac_vap->st_vap_base_info.en_vap_mode) && (OAL_TRUE == dmac_11w_check_vap_pmf_cap(pst_dmac_vap,en_pmf_cap))) { /* 获取igtk信息 */ uc_pmf_igtk_keyid = pst_multi_user->st_key_info.uc_igtk_key_index; pst_pmf_igtk = &(pst_multi_user->st_key_info.ast_key[uc_pmf_igtk_keyid]); /* 管理帧解密 */ ul_relt = oal_crypto_bip_demic(uc_pmf_igtk_keyid, pst_pmf_igtk->auc_key, pst_pmf_igtk->auc_seq, pst_netbuf, &pst_mib_rsna_status->ul_dot11RSNAStatsCMACReplays, &pst_mib_rsna_status->ul_dot11RSNAStatsCMACICVErrors); if(OAL_SUCC != ul_relt) { OAM_ERROR_LOG1(pst_dmac_vap->st_vap_base_info.uc_vap_id, OAM_SF_PMF, "{dmac_bip_decrypto::oal_crypto_bip_demic failed[%d].}", ul_relt); return OAL_ERR_CODE_PMF_BIP_DECRIPTO_FAIL; } } return OAL_SUCC; }
oal_uint32 dmac_bip_crypto(dmac_vap_stru *pst_dmac_vap, oal_netbuf_stru *pst_netbuf_mgmt, wlan_security_txop_params_stru *pst_security, oal_uint16 *pus_len) { #if(_PRE_WLAN_FEATURE_PMF == _PRE_PMF_HW_CCMP_SW_BIP) wlan_priv_key_param_stru *pst_pmf_igtk; #endif mac_user_stru *pst_multi_user; oal_uint8 uc_pmf_igtk_keyid; oal_uint32 ul_relt; wlan_pmf_cap_status_uint8 en_pmf_cap; /* 判断vap的pmf能力 */ ul_relt = dmac_11w_get_pmf_cap(&pst_dmac_vap->st_vap_base_info,&en_pmf_cap); if (OAL_SUCC != ul_relt) { return OAL_ERR_CODE_PMF_VAP_CAP_FAIL; } pst_multi_user = mac_res_get_mac_user(pst_dmac_vap->st_vap_base_info.us_multi_user_idx); if (OAL_PTR_NULL == pst_multi_user) { return OAL_PTR_NULL; } /* 判断是否需要加密的组播/广播 强健管理帧 */ if ((OAL_TRUE == dmac_11w_check_multicast_mgmt(pst_netbuf_mgmt)) && (OAL_TRUE == dmac_11w_check_vap_pmf_cap(pst_dmac_vap,en_pmf_cap))) { uc_pmf_igtk_keyid = pst_multi_user->st_key_info.uc_igtk_key_index; oal_netbuf_set_len(pst_netbuf_mgmt, *pus_len); #if(_PRE_WLAN_FEATURE_PMF == _PRE_PMF_HW_CCMP_BIP) pst_security->en_cipher_protocol_type = WLAN_80211_CIPHER_SUITE_BIP; pst_security->uc_cipher_key_id = uc_pmf_igtk_keyid; #else pst_pmf_igtk = &pst_multi_user->st_key_info.ast_key[uc_pmf_igtk_keyid]; pst_security->en_cipher_protocol_type = WLAN_80211_CIPHER_SUITE_NO_ENCRYP; /* 11w组播管理帧加密 */ ul_relt = oal_crypto_bip_enmic(uc_pmf_igtk_keyid, pst_pmf_igtk->auc_key, pst_pmf_igtk->auc_seq, pst_netbuf_mgmt, pus_len); if(OAL_SUCC != ul_relt) { OAM_ERROR_LOG1(pst_dmac_vap->st_vap_base_info.uc_vap_id, OAM_SF_PMF, "{dmac_bip_crypto::oal_crypto_bip_enmic failed[%d].}", ul_relt); return OAL_ERR_CODE_PMF_BIP_CRIPTO_FAIL; } #endif } return OAL_SUCC; }
OAL_STATIC oal_bool_enum_uint8 dmac_11w_check_vap_pmf_cap(dmac_vap_stru *pst_dmac_vap, wlan_pmf_cap_status_uint8 en_pmf_cap) { mac_user_stru *pst_multi_user; pst_multi_user = mac_res_get_mac_user(pst_dmac_vap->st_vap_base_info.us_multi_user_idx); if (OAL_PTR_NULL == pst_multi_user) { return OAL_PTR_NULL; } /* 具备pmf管理帧加密的前提条件: 1) mib项打开:RSN Active mib 2) 能力支持 :user 支持pmf 3) igtk存在 :用于广播Robust mgmt加密 */ if ((OAL_TRUE == mac_mib_get_dot11RSNAActivated(&pst_dmac_vap->st_vap_base_info)) && ( MAC_PMF_DISABLED != en_pmf_cap) && (OAL_SUCC == dmac_check_igtk_exist(pst_multi_user->st_key_info.uc_igtk_key_index))) { return OAL_TRUE; } return OAL_FALSE; }