/* * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * File: dpc.c * * Purpose: handle dpc rx functions * * Author: Lyndon Chen * * Date: May 20, 2003 * * Functions: * device_receive_frame - Rcv 802.11 frame function * s_bAPModeRxCtl- AP Rcv frame filer Ctl. * s_bAPModeRxData- AP Rcv data frame handle * s_bHandleRxEncryption- Rcv decrypted data via on-fly * s_bHostWepRxEncryption- Rcv encrypted data via host * s_byGetRateIdx- get rate index * s_vGetDASA- get data offset * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 * * Revision History: * */ #include "device.h" #include "rxtx.h" #include "tether.h" #include "card.h" #include "bssdb.h" #include "mac.h" #include "baseband.h" #include "michael.h" #include "tkip.h" #include "tcrc.h" #include "wctl.h" #include "hostap.h" #include "rf.h" #include "iowpa.h" #include "aes_ccmp.h" #include "datarate.h" #include "usbpipe.h" /*--------------------- Static Definitions -------------------------*/ /*--------------------- Static Classes ----------------------------*/ /*--------------------- Static Variables --------------------------*/ //static int msglevel =MSG_LEVEL_DEBUG; static int msglevel =MSG_LEVEL_INFO; const BYTE acbyRxRate[MAX_RATE] = {2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; /*--------------------- Static Functions --------------------------*/ /*--------------------- Static Definitions -------------------------*/ /*--------------------- Static Functions --------------------------*/ static BYTE s_byGetRateIdx(BYTE byRate); static void s_vGetDASA( PBYTE pbyRxBufferAddr, unsigned int *pcbHeaderSize, PSEthernetHeader psEthHeader ); static void s_vProcessRxMACHeader ( PSDevice pDevice, PBYTE pbyRxBufferAddr, unsigned int cbPacketSize, BOOL bIsWEP, BOOL bExtIV, unsigned int *pcbHeadSize ); static BOOL s_bAPModeRxCtl( PSDevice pDevice, PBYTE pbyFrame, signed int iSANodeIndex ); static BOOL s_bAPModeRxData ( PSDevice pDevice, struct sk_buff *skb, unsigned int FrameSize, unsigned int cbHeaderOffset, signed int iSANodeIndex, signed int iDANodeIndex ); static BOOL s_bHandleRxEncryption( PSDevice pDevice, PBYTE pbyFrame, unsigned int FrameSize, PBYTE pbyRsr, PBYTE pbyNewRsr, PSKeyItem * pKeyOut, int * pbExtIV, PWORD pwRxTSC15_0, PDWORD pdwRxTSC47_16 ); static BOOL s_bHostWepRxEncryption( PSDevice pDevice, PBYTE pbyFrame, unsigned int FrameSize, PBYTE pbyRsr, BOOL bOnFly, PSKeyItem pKey, PBYTE pbyNewRsr, int * pbExtIV, PWORD pwRxTSC15_0, PDWORD pdwRxTSC47_16 ); /*--------------------- Export Variables --------------------------*/ /*+ * * Description: * Translate Rcv 802.11 header to 802.3 header with Rx buffer * * Parameters: * In: * pDevice * dwRxBufferAddr - Address of Rcv Buffer * cbPacketSize - Rcv Packet size * bIsWEP - If Rcv with WEP * Out: * pcbHeaderSize - 802.11 header size * * Return Value: None * -*/ static void s_vProcessRxMACHeader ( PSDevice pDevice, PBYTE pbyRxBufferAddr, unsigned int cbPacketSize, BOOL bIsWEP, BOOL bExtIV, unsigned int *pcbHeadSize ) { PBYTE pbyRxBuffer; unsigned int cbHeaderSize = 0; PWORD pwType; PS802_11Header pMACHeader; int ii; pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); s_vGetDASA((PBYTE)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); if (bIsWEP) { if (bExtIV) { // strip IV&ExtIV , add 8 byte cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); } else { // strip IV , add 4 byte cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); } } else { cbHeaderSize += WLAN_HDR_ADDR3_LEN; }; pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_Bridgetunnel[0])) { cbHeaderSize += 6; } else if (!compare_ether_addr(pbyRxBuffer, &pDevice->abySNAP_RFC1042[0])) { cbHeaderSize += 6; pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); if ((*pwType == cpu_to_le16(ETH_P_IPX)) || (*pwType == cpu_to_le16(0xF380))) { cbHeaderSize -= 8; pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); if (bIsWEP) { if (bExtIV) { *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV } else { *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV } } else { *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); } } } else { cbHeaderSize -= 2; pwType = (PWORD) (pbyRxBufferAddr + cbHeaderSize); if (bIsWEP) { if (bExtIV) { *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV } else { *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV } } else { *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); } } cbHeaderSize -= (ETH_ALEN * 2); pbyRxBuffer = (PBYTE) (pbyRxBufferAddr + cbHeaderSize); for (ii = 0; ii < ETH_ALEN; ii++) *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; for (ii = 0; ii < ETH_ALEN; ii++) *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; *pcbHeadSize = cbHeaderSize; } static BYTE s_byGetRateIdx(BYTE byRate) { BYTE byRateIdx; for (byRateIdx = 0; byRateIdx <MAX_RATE ; byRateIdx++) { if (acbyRxRate[byRateIdx%MAX_RATE] == byRate) return byRateIdx; } return 0; } static void s_vGetDASA ( PBYTE pbyRxBufferAddr, unsigned int *pcbHeaderSize, PSEthernetHeader psEthHeader ) { unsigned int cbHeaderSize = 0; PS802_11Header pMACHeader; int ii; pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { if (pMACHeader->wFrameCtl & FC_FROMDS) { for (ii = 0; ii < ETH_ALEN; ii++) { psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; } } else { /* IBSS mode */ for (ii = 0; ii < ETH_ALEN; ii++) { psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; } } } else { /* Is AP mode.. */ if (pMACHeader->wFrameCtl & FC_FROMDS) { for (ii = 0; ii < ETH_ALEN; ii++) { psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; cbHeaderSize += 6; } } else { for (ii = 0; ii < ETH_ALEN; ii++) { psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; } } }; *pcbHeaderSize = cbHeaderSize; } BOOL RXbBulkInProcessData ( PSDevice pDevice, PRCB pRCB, unsigned long BytesToIndicate ) { struct net_device_stats* pStats=&pDevice->stats; struct sk_buff* skb; PSMgmtObject pMgmt = &(pDevice->sMgmtObj); PSRxMgmtPacket pRxPacket = &(pMgmt->sRxPacket); PS802_11Header p802_11Header; PBYTE pbyRsr; PBYTE pbyNewRsr; PBYTE pbyRSSI; PQWORD pqwTSFTime; PBYTE pbyFrame; BOOL bDeFragRx = FALSE; unsigned int cbHeaderOffset; unsigned int FrameSize; WORD wEtherType = 0; signed int iSANodeIndex = -1; signed int iDANodeIndex = -1; unsigned int ii; unsigned int cbIVOffset; PBYTE pbyRxSts; PBYTE pbyRxRate; PBYTE pbySQ; PBYTE pby3SQ; unsigned int cbHeaderSize; PSKeyItem pKey = NULL; WORD wRxTSC15_0 = 0; DWORD dwRxTSC47_16 = 0; SKeyItem STempKey; // 802.11h RPI /* signed long ldBm = 0; */ BOOL bIsWEP = FALSE; BOOL bExtIV = FALSE; DWORD dwWbkStatus; PRCB pRCBIndicate = pRCB; PBYTE pbyDAddress; PWORD pwPLCP_Length; BYTE abyVaildRate[MAX_RATE] = {2,4,11,22,12,18,24,36,48,72,96,108}; WORD wPLCPwithPadding; PS802_11Header pMACHeader; BOOL bRxeapol_key = FALSE; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- RXbBulkInProcessData---\n"); skb = pRCB->skb; //[31:16]RcvByteCount ( not include 4-byte Status ) dwWbkStatus = *( (PDWORD)(skb->data) ); FrameSize = (unsigned int)(dwWbkStatus >> 16); FrameSize += 4; if (BytesToIndicate != FrameSize) { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---------- WRONG Length 1 \n"); return FALSE; } if ((BytesToIndicate > 2372) || (BytesToIndicate <= 40)) { // Frame Size error drop this packet. DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "---------- WRONG Length 2\n"); return FALSE; } pbyDAddress = (PBYTE)(skb->data); pbyRxSts = pbyDAddress+4; pbyRxRate = pbyDAddress+5; //real Frame Size = USBFrameSize -4WbkStatus - 4RxStatus - 8TSF - 4RSR - 4SQ3 - ?Padding //if SQ3 the range is 24~27, if no SQ3 the range is 20~23 //real Frame size in PLCPLength field. pwPLCP_Length = (PWORD) (pbyDAddress + 6); //Fix hardware bug => PLCP_Length error if ( ((BytesToIndicate - (*pwPLCP_Length)) > 27) || ((BytesToIndicate - (*pwPLCP_Length)) < 24) || (BytesToIndicate < (*pwPLCP_Length)) ) { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong PLCP Length %x\n", (int) *pwPLCP_Length); ASSERT(0); return FALSE; } for ( ii=RATE_1M;ii<MAX_RATE;ii++) { if ( *pbyRxRate == abyVaildRate[ii] ) { break; } } if ( ii==MAX_RATE ) { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Wrong RxRate %x\n",(int) *pbyRxRate); return FALSE; } wPLCPwithPadding = ( (*pwPLCP_Length / 4) + ( (*pwPLCP_Length % 4) ? 1:0 ) ) *4; pqwTSFTime = (PQWORD) (pbyDAddress + 8 + wPLCPwithPadding); if(pDevice->byBBType == BB_TYPE_11G) { pby3SQ = pbyDAddress + 8 + wPLCPwithPadding + 12; pbySQ = pby3SQ; } else { pbySQ = pbyDAddress + 8 + wPLCPwithPadding + 8; pby3SQ = pbySQ; } pbyNewRsr = pbyDAddress + 8 + wPLCPwithPadding + 9; pbyRSSI = pbyDAddress + 8 + wPLCPwithPadding + 10; pbyRsr = pbyDAddress + 8 + wPLCPwithPadding + 11; FrameSize = *pwPLCP_Length; pbyFrame = pbyDAddress + 8; // update receive statistic counter STAvUpdateRDStatCounter(&pDevice->scStatistic, *pbyRsr, *pbyNewRsr, *pbyRxSts, *pbyRxRate, pbyFrame, FrameSize ); pMACHeader = (PS802_11Header) pbyFrame; //mike add: to judge if current AP is activated? if ((pMgmt->eCurrMode == WMAC_MODE_STANDBY) || (pMgmt->eCurrMode == WMAC_MODE_ESS_STA)) { if (pMgmt->sNodeDBTable[0].bActive) { if (!compare_ether_addr(pMgmt->abyCurrBSSID, pMACHeader->abyAddr2)) { if (pMgmt->sNodeDBTable[0].uInActiveCount != 0) pMgmt->sNodeDBTable[0].uInActiveCount = 0; } } } if (!is_multicast_ether_addr(pMACHeader->abyAddr1) && !is_broadcast_ether_addr(pMACHeader->abyAddr1)) { if ( WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header) pbyFrame) ) { pDevice->s802_11Counter.FrameDuplicateCount++; return FALSE; } if (compare_ether_addr(pDevice->abyCurrentNetAddr, pMACHeader->abyAddr1)) { return FALSE; } } // Use for TKIP MIC s_vGetDASA(pbyFrame, &cbHeaderSize, &pDevice->sRxEthHeader); if (!compare_ether_addr((PBYTE)&(pDevice->sRxEthHeader.abySrcAddr[0]), pDevice->abyCurrentNetAddr)) return FALSE; if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { p802_11Header = (PS802_11Header) (pbyFrame); // get SA NodeIndex if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(p802_11Header->abyAddr2), &iSANodeIndex)) { pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; } } } if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex) == TRUE) { return FALSE; } } if (IS_FC_WEP(pbyFrame)) { BOOL bRxDecryOK = FALSE; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"rx WEP pkt\n"); bIsWEP = TRUE; if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { pKey = &STempKey; pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; memcpy(pKey->abyKey, &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], pKey->uKeyLength ); bRxDecryOK = s_bHostWepRxEncryption(pDevice, pbyFrame, FrameSize, pbyRsr, pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, pKey, pbyNewRsr, &bExtIV, &wRxTSC15_0, &dwRxTSC47_16); } else { bRxDecryOK = s_bHandleRxEncryption(pDevice, pbyFrame, FrameSize, pbyRsr, pbyNewRsr, &pKey, &bExtIV, &wRxTSC15_0, &dwRxTSC47_16); } if (bRxDecryOK) { if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV Fail\n"); if ( (pMgmt->eAuthenMode == WMAC_AUTH_WPA) || (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { pDevice->s802_11Counter.TKIPICVErrors++; } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) { pDevice->s802_11Counter.CCMPDecryptErrors++; } else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_WEP)) { // pDevice->s802_11Counter.WEPICVErrorCount.QuadPart++; } } return FALSE; } } else { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"WEP Func Fail\n"); return FALSE; } if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) FrameSize -= 8; // Message Integrity Code else FrameSize -= 4; // 4 is ICV } // // RX OK // /* remove the FCS/CRC length */ FrameSize -= ETH_FCS_LEN; if ( !(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) && // unicast address (IS_FRAGMENT_PKT((pbyFrame))) ) { // defragment bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header) (pbyFrame), FrameSize, bIsWEP, bExtIV); pDevice->s802_11Counter.ReceivedFragmentCount++; if (bDeFragRx) { // defrag complete // TODO skb, pbyFrame skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; pbyFrame = skb->data + 8; } else { return FALSE; } } // // Management & Control frame Handle // if ((IS_TYPE_DATA((pbyFrame))) == FALSE) { // Handle Control & Manage Frame if (IS_TYPE_MGMT((pbyFrame))) { PBYTE pbyData1; PBYTE pbyData2; pRxPacket = &(pRCB->sMngPacket); pRxPacket->p80211Header = (PUWLAN_80211HDR)(pbyFrame); pRxPacket->cbMPDULen = FrameSize; pRxPacket->uRSSI = *pbyRSSI; pRxPacket->bySQ = *pbySQ; HIDWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(HIDWORD(*pqwTSFTime)); LODWORD(pRxPacket->qwLocalTSF) = cpu_to_le32(LODWORD(*pqwTSFTime)); if (bIsWEP) { // strip IV pbyData1 = WLAN_HDR_A3_DATA_PTR(pbyFrame); pbyData2 = WLAN_HDR_A3_DATA_PTR(pbyFrame) + 4; for (ii = 0; ii < (FrameSize - 4); ii++) { *pbyData1 = *pbyData2; pbyData1++; pbyData2++; } } pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); if ( *pbyRxSts == 0 ) { //Discard beacon packet which channel is 0 if ( (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_BEACON) || (WLAN_GET_FC_FSTYPE((pRxPacket->p80211Header->sA3.wFrameCtl)) == WLAN_FSTYPE_PROBERESP) ) { return TRUE; } } pRxPacket->byRxChannel = (*pbyRxSts) >> 2; // hostap Deamon handle 802.11 management if (pDevice->bEnableHostapd) { skb->dev = pDevice->apdev; //skb->data += 4; //skb->tail += 4; skb->data += 8; skb->tail += 8; skb_put(skb, FrameSize); skb_reset_mac_header(skb); skb->pkt_type = PACKET_OTHERHOST; skb->protocol = htons(ETH_P_802_2); memset(skb->cb, 0, sizeof(skb->cb)); netif_rx(skb); return TRUE; } // // Insert the RCB in the Recv Mng list // EnqueueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList, pRCBIndicate); pDevice->NumRecvMngList++; if ( bDeFragRx == FALSE) { pRCB->Ref++; } if (pDevice->bIsRxMngWorkItemQueued == FALSE) { pDevice->bIsRxMngWorkItemQueued = TRUE; tasklet_schedule(&pDevice->RxMngWorkItem); } } else { // Control Frame }; return FALSE; } else { if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. if ( !(*pbyRsr & RSR_BSSIDOK)) { if (bDeFragRx) { if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", pDevice->dev->name); } } return FALSE; } } else { // discard DATA packet while not associate || BSSID error if ((pDevice->bLinkPass == FALSE) || !(*pbyRsr & RSR_BSSIDOK)) { if (bDeFragRx) { if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", pDevice->dev->name); } } return FALSE; } //mike add:station mode check eapol-key challenge---> { BYTE Protocol_Version; //802.1x Authentication BYTE Packet_Type; //802.1x Authentication BYTE Descriptor_type; WORD Key_info; if (bIsWEP) cbIVOffset = 8; else cbIVOffset = 0; wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | skb->data[cbIVOffset + 8 + 24 + 6 + 1]; Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1]; Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1]; if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header if(((Protocol_Version==1) ||(Protocol_Version==2)) && (Packet_Type==3)) { //802.1x OR eapol-key challenge frame receive bRxeapol_key = TRUE; Descriptor_type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2]; Key_info = (skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+1]<<8) |skb->data[cbIVOffset + 8 + 24 + 6 + 1 +1+1+1+2+2] ; if(Descriptor_type==2) { //RSN // printk("WPA2_Rx_eapol-key_info<-----:%x\n",Key_info); } else if(Descriptor_type==254) { // printk("WPA_Rx_eapol-key_info<-----:%x\n",Key_info); } } } } //mike add:station mode check eapol-key challenge<--- } } // Data frame Handle if (pDevice->bEnablePSMode) { if (IS_FC_MOREDATA((pbyFrame))) { if (*pbyRsr & RSR_ADDROK) { //PSbSendPSPOLL((PSDevice)pDevice); } } else { if (pMgmt->bInTIMWake == TRUE) { pMgmt->bInTIMWake = FALSE; } } } // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps if (pDevice->bDiversityEnable && (FrameSize>50) && (pDevice->eOPMode == OP_MODE_INFRASTRUCTURE) && (pDevice->bLinkPass == TRUE)) { BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); } // ++++++++ For BaseBand Algorithm +++++++++++++++ pDevice->uCurrRSSI = *pbyRSSI; pDevice->byCurrSQ = *pbySQ; // todo /* if ((*pbyRSSI != 0) && (pMgmt->pCurrBSS!=NULL)) { RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); // Moniter if RSSI is too strong. pMgmt->pCurrBSS->byRSSIStatCnt++; pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; for (ii = 0; ii < RSSI_STAT_COUNT; ii++) { if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) { pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); } } } */ // ----------------------------------------------- if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && (pDevice->bEnable8021x == TRUE)){ BYTE abyMacHdr[24]; // Only 802.1x packet incoming allowed if (bIsWEP) cbIVOffset = 8; else cbIVOffset = 0; wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | skb->data[cbIVOffset + 8 + 24 + 6 + 1]; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"wEtherType = %04x \n", wEtherType); if (wEtherType == ETH_P_PAE) { skb->dev = pDevice->apdev; if (bIsWEP == TRUE) { // strip IV header(8) memcpy(&abyMacHdr[0], (skb->data + 8), 24); memcpy((skb->data + 8 + cbIVOffset), &abyMacHdr[0], 24); } skb->data += (cbIVOffset + 8); skb->tail += (cbIVOffset + 8); skb_put(skb, FrameSize); skb_reset_mac_header(skb); skb->pkt_type = PACKET_OTHERHOST; skb->protocol = htons(ETH_P_802_2); memset(skb->cb, 0, sizeof(skb->cb)); netif_rx(skb); return TRUE; } // check if 802.1x authorized if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) return FALSE; } if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { if (bIsWEP) { FrameSize -= 8; //MIC } } //-------------------------------------------------------------------------------- // Soft MIC if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { if (bIsWEP) { PDWORD pdwMIC_L; PDWORD pdwMIC_R; DWORD dwMIC_Priority; DWORD dwMICKey0 = 0, dwMICKey1 = 0; DWORD dwLocalMIC_L = 0; DWORD dwLocalMIC_R = 0; viawget_wpa_header *wpahdr; if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); } else { if (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); } else if ((pKey->dwKeyIndex & BIT28) == 0) { dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[16])); dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[20])); } else { dwMICKey0 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[24])); dwMICKey1 = cpu_to_le32(*(PDWORD)(&pKey->abyKey[28])); } } MIC_vInit(dwMICKey0, dwMICKey1); MIC_vAppend((PBYTE)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); dwMIC_Priority = 0; MIC_vAppend((PBYTE)&dwMIC_Priority, 4); // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. MIC_vAppend((PBYTE)(skb->data + 8 + WLAN_HDR_ADDR3_LEN + 8), FrameSize - WLAN_HDR_ADDR3_LEN - 8); MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); MIC_vUnInit(); pdwMIC_L = (PDWORD)(skb->data + 8 + FrameSize); pdwMIC_R = (PDWORD)(skb->data + 8 + FrameSize + 4); if ((cpu_to_le32(*pdwMIC_L) != dwLocalMIC_L) || (cpu_to_le32(*pdwMIC_R) != dwLocalMIC_R) || (pDevice->bRxMICFail == TRUE)) { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC comparison is fail!\n"); pDevice->bRxMICFail = FALSE; //pDevice->s802_11Counter.TKIPLocalMICFailures.QuadPart++; pDevice->s802_11Counter.TKIPLocalMICFailures++; if (bDeFragRx) { if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", pDevice->dev->name); } } #ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT //send event to wpa_supplicant //if(pDevice->bWPASuppWextEnabled == TRUE) { union iwreq_data wrqu; struct iw_michaelmicfailure ev; int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits memset(&ev, 0, sizeof(ev)); ev.flags = keyidx & IW_MICFAILURE_KEY_ID; if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && (pMgmt->eCurrState == WMAC_STATE_ASSOC) && (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { ev.flags |= IW_MICFAILURE_PAIRWISE; } else { ev.flags |= IW_MICFAILURE_GROUP; } ev.src_addr.sa_family = ARPHRD_ETHER; memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); memset(&wrqu, 0, sizeof(wrqu)); wrqu.data.length = sizeof(ev); PRINT_K("wireless_send_event--->IWEVMICHAELMICFAILURE\n"); wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); } #endif if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { wpahdr = (viawget_wpa_header *)pDevice->skb->data; if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && (pMgmt->eCurrState == WMAC_STATE_ASSOC) && (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR; wpahdr->type = VIAWGET_PTK_MIC_MSG; } else { //s802_11_Status.Flags = NDIS_802_11_AUTH_REQUEST_GROUP_ERROR; wpahdr->type = VIAWGET_GTK_MIC_MSG; } wpahdr->resp_ie_len = 0; wpahdr->req_ie_len = 0; skb_put(pDevice->skb, sizeof(viawget_wpa_header)); pDevice->skb->dev = pDevice->wpadev; skb_reset_mac_header(pDevice->skb); pDevice->skb->pkt_type = PACKET_HOST; pDevice->skb->protocol = htons(ETH_P_802_2); memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); netif_rx(pDevice->skb); pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); } return FALSE; } } } //---end of SOFT MIC----------------------------------------------------------------------- // ++++++++++ Reply Counter Check +++++++++++++ if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || (pKey->byCipherSuite == KEY_CTL_CCMP))) { if (bIsWEP) { WORD wLocalTSC15_0 = 0; DWORD dwLocalTSC47_16 = 0; unsigned long long RSC = 0; // endian issues RSC = *((unsigned long long *) &(pKey->KeyRSC)); wLocalTSC15_0 = (WORD) RSC; dwLocalTSC47_16 = (DWORD) (RSC>>16); RSC = dwRxTSC47_16; RSC <<= 16; RSC += wRxTSC15_0; memcpy(&(pKey->KeyRSC), &RSC, sizeof(QWORD)); if ( (pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { // check RSC if ( (wRxTSC15_0 < wLocalTSC15_0) && (dwRxTSC47_16 <= dwLocalTSC47_16) && !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC is illegal~~!\n "); if (pKey->byCipherSuite == KEY_CTL_TKIP) //pDevice->s802_11Counter.TKIPReplays.QuadPart++; pDevice->s802_11Counter.TKIPReplays++; else //pDevice->s802_11Counter.CCMPReplays.QuadPart++; pDevice->s802_11Counter.CCMPReplays++; if (bDeFragRx) { if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", pDevice->dev->name); } } return FALSE; } } } } // ----- End of Reply Counter Check -------------------------- s_vProcessRxMACHeader(pDevice, (PBYTE)(skb->data+8), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); FrameSize -= cbHeaderOffset; cbHeaderOffset += 8; // 8 is Rcv buffer header // Null data, framesize = 12 if (FrameSize < 12) return FALSE; if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { if (s_bAPModeRxData(pDevice, skb, FrameSize, cbHeaderOffset, iSANodeIndex, iDANodeIndex ) == FALSE) { if (bDeFragRx) { if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", pDevice->dev->name); } } return FALSE; } } skb->data += cbHeaderOffset; skb->tail += cbHeaderOffset; skb_put(skb, FrameSize); skb->protocol=eth_type_trans(skb, skb->dev); skb->ip_summed=CHECKSUM_NONE; pStats->rx_bytes +=skb->len; pStats->rx_packets++; netif_rx(skb); if (bDeFragRx) { if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR "%s: can not alloc more frag bufs\n", pDevice->dev->name); } return FALSE; } return TRUE; } static BOOL s_bAPModeRxCtl ( PSDevice pDevice, PBYTE pbyFrame, signed int iSANodeIndex ) { PS802_11Header p802_11Header; CMD_STATUS Status; PSMgmtObject pMgmt = &(pDevice->sMgmtObj); if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { p802_11Header = (PS802_11Header) (pbyFrame); if (!IS_TYPE_MGMT(pbyFrame)) { // Data & PS-Poll packet // check frame class if (iSANodeIndex > 0) { // frame class 3 fliter & checking if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { // send deauth notification // reason = (6) class 2 received from nonauth sta vMgrDeAuthenBeginSta(pDevice, pMgmt, (PBYTE)(p802_11Header->abyAddr2), (WLAN_MGMT_REASON_CLASS2_NONAUTH), &Status ); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 1\n"); return TRUE; } if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { // send deassoc notification // reason = (7) class 3 received from nonassoc sta vMgrDisassocBeginSta(pDevice, pMgmt, (PBYTE)(p802_11Header->abyAddr2), (WLAN_MGMT_REASON_CLASS3_NONASSOC), &Status ); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDisassocBeginSta 2\n"); return TRUE; } if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { // delcare received ps-poll event if (IS_CTL_PSPOLL(pbyFrame)) { pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; bScheduleCommand((void *) pDevice, WLAN_CMD_RX_PSPOLL, NULL); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 1\n"); } else { // check Data PS state // if PW bit off, send out all PS bufferring packets. if (!IS_FC_POWERMGT(pbyFrame)) { pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; bScheduleCommand((void *) pDevice, WLAN_CMD_RX_PSPOLL, NULL); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 2\n"); } } } else { if (IS_FC_POWERMGT(pbyFrame)) { pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = TRUE; // Once if STA in PS state, enable multicast bufferring pMgmt->sNodeDBTable[0].bPSEnable = TRUE; } else { // clear all pending PS frame. if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = FALSE; pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = TRUE; bScheduleCommand((void *) pDevice, WLAN_CMD_RX_PSPOLL, NULL); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: WLAN_CMD_RX_PSPOLL 3\n"); } } } } else { vMgrDeAuthenBeginSta(pDevice, pMgmt, (PBYTE)(p802_11Header->abyAddr2), (WLAN_MGMT_REASON_CLASS2_NONAUTH), &Status ); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: send vMgrDeAuthenBeginSta 3\n"); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "BSSID:%pM\n", p802_11Header->abyAddr3); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR2:%pM\n", p802_11Header->abyAddr2); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "ADDR1:%pM\n", p802_11Header->abyAddr1); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "dpc: wFrameCtl= %x\n", p802_11Header->wFrameCtl ); return TRUE; } } } return FALSE; } static BOOL s_bHandleRxEncryption ( PSDevice pDevice, PBYTE pbyFrame, unsigned int FrameSize, PBYTE pbyRsr, PBYTE pbyNewRsr, PSKeyItem * pKeyOut, int * pbExtIV, PWORD pwRxTSC15_0, PDWORD pdwRxTSC47_16 ) { unsigned int PayloadLen = FrameSize; PBYTE pbyIV; BYTE byKeyIdx; PSKeyItem pKey = NULL; BYTE byDecMode = KEY_CTL_WEP; PSMgmtObject pMgmt = &(pDevice->sMgmtObj); *pwRxTSC15_0 = 0; *pdwRxTSC47_16 = 0; pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { pbyIV += 6; // 6 is 802.11 address4 PayloadLen -= 6; } byKeyIdx = (*(pbyIV+3) & 0xc0); byKeyIdx >>= 6; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && (pMgmt->byCSSPK != KEY_CTL_NONE)) { // unicast pkt use pairwise key DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt\n"); if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == TRUE) { if (pMgmt->byCSSPK == KEY_CTL_TKIP) byDecMode = KEY_CTL_TKIP; else if (pMgmt->byCSSPK == KEY_CTL_CCMP) byDecMode = KEY_CTL_CCMP; } DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"unicast pkt: %d, %p\n", byDecMode, pKey); } else { // use group key KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); if (pMgmt->byCSSGK == KEY_CTL_TKIP) byDecMode = KEY_CTL_TKIP; else if (pMgmt->byCSSGK == KEY_CTL_CCMP) byDecMode = KEY_CTL_CCMP; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"group pkt: %d, %d, %p\n", byKeyIdx, byDecMode, pKey); } } // our WEP only support Default Key if (pKey == NULL) { // use default group key KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); if (pMgmt->byCSSGK == KEY_CTL_TKIP) byDecMode = KEY_CTL_TKIP; else if (pMgmt->byCSSGK == KEY_CTL_CCMP) byDecMode = KEY_CTL_CCMP; } *pKeyOut = pKey; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); if (pKey == NULL) { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey == NULL\n"); if (byDecMode == KEY_CTL_WEP) { // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; } else if (pDevice->bLinkPass == TRUE) { // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; } return FALSE; } if (byDecMode != pKey->byCipherSuite) { if (byDecMode == KEY_CTL_WEP) { // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; } else if (pDevice->bLinkPass == TRUE) { // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; } *pKeyOut = NULL; return FALSE; } if (byDecMode == KEY_CTL_WEP) { // handle WEP if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE)) { // Software WEP // 1. 3253A // 2. WEP 256 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc memcpy(pDevice->abyPRNG, pbyIV, 3); memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { *pbyNewRsr |= NEWRSR_DECRYPTOK; } } } else if ((byDecMode == KEY_CTL_TKIP) || (byDecMode == KEY_CTL_CCMP)) { // TKIP/AES PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); if (byDecMode == KEY_CTL_TKIP) { *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); } else { *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); } DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); if ((byDecMode == KEY_CTL_TKIP) && (pDevice->byLocalID <= REV_ID_VT3253_A1)) { // Software TKIP // 1. 3253 A PS802_11Header pMACHeader = (PS802_11Header) (pbyFrame); TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { *pbyNewRsr |= NEWRSR_DECRYPTOK; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); } else { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); } } }// end of TKIP/AES if ((*(pbyIV+3) & 0x20) != 0) *pbExtIV = TRUE; return TRUE; } static BOOL s_bHostWepRxEncryption ( PSDevice pDevice, PBYTE pbyFrame, unsigned int FrameSize, PBYTE pbyRsr, BOOL bOnFly, PSKeyItem pKey, PBYTE pbyNewRsr, int * pbExtIV, PWORD pwRxTSC15_0, PDWORD pdwRxTSC47_16 ) { PSMgmtObject pMgmt = &(pDevice->sMgmtObj); unsigned int PayloadLen = FrameSize; PBYTE pbyIV; BYTE byKeyIdx; BYTE byDecMode = KEY_CTL_WEP; PS802_11Header pMACHeader; *pwRxTSC15_0 = 0; *pdwRxTSC47_16 = 0; pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; if ( WLAN_GET_FC_TODS(*(PWORD)pbyFrame) && WLAN_GET_FC_FROMDS(*(PWORD)pbyFrame) ) { pbyIV += 6; // 6 is 802.11 address4 PayloadLen -= 6; } byKeyIdx = (*(pbyIV+3) & 0xc0); byKeyIdx >>= 6; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\nKeyIdx: %d\n", byKeyIdx); if (pMgmt->byCSSGK == KEY_CTL_TKIP) byDecMode = KEY_CTL_TKIP; else if (pMgmt->byCSSGK == KEY_CTL_CCMP) byDecMode = KEY_CTL_CCMP; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"AES:%d %d %d\n", pMgmt->byCSSPK, pMgmt->byCSSGK, byDecMode); if (byDecMode != pKey->byCipherSuite) { if (byDecMode == KEY_CTL_WEP) { // pDevice->s802_11Counter.WEPUndecryptableCount.QuadPart++; } else if (pDevice->bLinkPass == TRUE) { // pDevice->s802_11Counter.DecryptFailureCount.QuadPart++; } return FALSE; } if (byDecMode == KEY_CTL_WEP) { // handle WEP DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"byDecMode == KEY_CTL_WEP \n"); if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == TRUE) || (bOnFly == FALSE)) { // Software WEP // 1. 3253A // 2. WEP 256 // 3. NotOnFly PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc memcpy(pDevice->abyPRNG, pbyIV, 3); memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) { *pbyNewRsr |= NEWRSR_DECRYPTOK; } } } else if ((byDecMode == KEY_CTL_TKIP) || (byDecMode == KEY_CTL_CCMP)) { // TKIP/AES PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); if (byDecMode == KEY_CTL_TKIP) { *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); } else { *pwRxTSC15_0 = cpu_to_le16(*(PWORD)pbyIV); } DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"TSC0_15: %x\n", *pwRxTSC15_0); if (byDecMode == KEY_CTL_TKIP) { if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || (bOnFly == FALSE)) { // Software TKIP // 1. 3253 A // 2. NotOnFly DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_TKIP \n"); pMACHeader = (PS802_11Header) (pbyFrame); TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { *pbyNewRsr |= NEWRSR_DECRYPTOK; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV OK!\n"); } else { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ICV FAIL!!!\n"); DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"PayloadLen = %d\n", PayloadLen); } } } if (byDecMode == KEY_CTL_CCMP) { if (bOnFly == FALSE) { // Software CCMP // NotOnFly DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"soft KEY_CTL_CCMP\n"); if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { *pbyNewRsr |= NEWRSR_DECRYPTOK; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC compare OK!\n"); } else { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"CCMP MIC fail!\n"); } } } }// end of TKIP/AES if ((*(pbyIV+3) & 0x20) != 0) *pbExtIV = TRUE; return TRUE; } static BOOL s_bAPModeRxData ( PSDevice pDevice, struct sk_buff *skb, unsigned int FrameSize, unsigned int cbHeaderOffset, signed int iSANodeIndex, signed int iDANodeIndex ) { PSMgmtObject pMgmt = &(pDevice->sMgmtObj); BOOL bRelayAndForward = FALSE; BOOL bRelayOnly = FALSE; BYTE byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; WORD wAID; struct sk_buff* skbcpy = NULL; if (FrameSize > CB_MAX_BUF_SIZE) return FALSE; // check DA if (is_multicast_ether_addr((PBYTE)(skb->data+cbHeaderOffset))) { if (pMgmt->sNodeDBTable[0].bPSEnable) { skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); // if any node in PS mode, buffer packet until DTIM. if (skbcpy == NULL) { DBG_PRT(MSG_LEVEL_NOTICE, KERN_INFO "relay multicast no skb available \n"); } else { skbcpy->dev = pDevice->dev; skbcpy->len = FrameSize; memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); pMgmt->sNodeDBTable[0].wEnQueueCnt++; // set tx map pMgmt->abyPSTxMap[0] |= byMask[0]; } } else { bRelayAndForward = TRUE; } } else { // check if relay if (BSSbIsSTAInNodeDB(pDevice, (PBYTE)(skb->data+cbHeaderOffset), &iDANodeIndex)) { if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { // queue this skb until next PS tx, and then release. skb->data += cbHeaderOffset; skb->tail += cbHeaderOffset; skb_put(skb, FrameSize); skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", iDANodeIndex, (wAID >> 3), pMgmt->abyPSTxMap[wAID >> 3]); return TRUE; } else { bRelayOnly = TRUE; } } } } if (bRelayOnly || bRelayAndForward) { // relay this packet right now if (bRelayAndForward) iDANodeIndex = 0; if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) { bRelayPacketSend(pDevice, (PBYTE) (skb->data + cbHeaderOffset), FrameSize, (unsigned int) iDANodeIndex); } if (bRelayOnly) return FALSE; } // none associate, don't forward if (pDevice->uAssocCount == 0) return FALSE; return TRUE; } void RXvWorkItem(void *Context) { PSDevice pDevice = (PSDevice) Context; int ntStatus; PRCB pRCB=NULL; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Polling Thread\n"); spin_lock_irq(&pDevice->lock); while ((pDevice->Flags & fMP_POST_READS) && MP_IS_READY(pDevice) && (pDevice->NumRecvFreeList != 0) ) { pRCB = pDevice->FirstRecvFreeList; pDevice->NumRecvFreeList--; ASSERT(pRCB);// cannot be NULL DequeueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList); ntStatus = PIPEnsBulkInUsbRead(pDevice, pRCB); } pDevice->bIsRxWorkItemQueued = FALSE; spin_unlock_irq(&pDevice->lock); } void RXvFreeRCB( PRCB pRCB, BOOL bReAllocSkb ) { PSDevice pDevice = (PSDevice)pRCB->pDevice; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->RXvFreeRCB\n"); ASSERT(!pRCB->Ref); // should be 0 ASSERT(pRCB->pDevice); // shouldn't be NULL if (bReAllocSkb == TRUE) { pRCB->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); // todo error handling if (pRCB->skb == NULL) { DBG_PRT(MSG_LEVEL_ERR,KERN_ERR" Failed to re-alloc rx skb\n"); }else { pRCB->skb->dev = pDevice->dev; } } // // Insert the RCB back in the Recv free list // EnqueueRCB(pDevice->FirstRecvFreeList, pDevice->LastRecvFreeList, pRCB); pDevice->NumRecvFreeList++; if ((pDevice->Flags & fMP_POST_READS) && MP_IS_READY(pDevice) && (pDevice->bIsRxWorkItemQueued == FALSE) ) { pDevice->bIsRxWorkItemQueued = TRUE; tasklet_schedule(&pDevice->ReadWorkItem); } DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"<----RXFreeRCB %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList); } void RXvMngWorkItem(void *Context) { PSDevice pDevice = (PSDevice) Context; PRCB pRCB=NULL; PSRxMgmtPacket pRxPacket; BOOL bReAllocSkb = FALSE; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"---->Rx Mng Thread\n"); spin_lock_irq(&pDevice->lock); while (pDevice->NumRecvMngList!=0) { pRCB = pDevice->FirstRecvMngList; pDevice->NumRecvMngList--; DequeueRCB(pDevice->FirstRecvMngList, pDevice->LastRecvMngList); if(!pRCB){ break; } ASSERT(pRCB);// cannot be NULL pRxPacket = &(pRCB->sMngPacket); vMgrRxManagePacket((void *) pDevice, &(pDevice->sMgmtObj), pRxPacket); pRCB->Ref--; if(pRCB->Ref == 0) { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"RxvFreeMng %d %d\n",pDevice->NumRecvFreeList, pDevice->NumRecvMngList); RXvFreeRCB(pRCB, bReAllocSkb); } else { DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Rx Mng Only we have the right to free RCB\n"); } } pDevice->bIsRxMngWorkItemQueued = FALSE; spin_unlock_irq(&pDevice->lock); }