diff --git a/src/include/gpxe/errfile.h b/src/include/gpxe/errfile.h index 5231c14b..8d4545eb 100644 --- a/src/include/gpxe/errfile.h +++ b/src/include/gpxe/errfile.h @@ -158,6 +158,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); #define ERRFILE_ib_mi ( ERRFILE_NET | 0x00200000 ) #define ERRFILE_ib_cmrc ( ERRFILE_NET | 0x00210000 ) #define ERRFILE_ib_srp ( ERRFILE_NET | 0x00220000 ) +#define ERRFILE_sec80211 ( ERRFILE_NET | 0x00230000 ) #define ERRFILE_image ( ERRFILE_IMAGE | 0x00000000 ) #define ERRFILE_elf ( ERRFILE_IMAGE | 0x00010000 ) diff --git a/src/include/gpxe/ieee80211.h b/src/include/gpxe/ieee80211.h index 0403f929..e5b10c30 100644 --- a/src/include/gpxe/ieee80211.h +++ b/src/include/gpxe/ieee80211.h @@ -2,6 +2,7 @@ #define _GPXE_IEEE80211_H #include /* for ETH_ALEN */ +#include /** @file * Constants and data structures defined in IEEE 802.11, subsetted @@ -779,10 +780,9 @@ struct ieee80211_ie_erp_info { * * Showing once again a striking clarity of design, the IEEE folks put * dynamically-sized data in the middle of this structure. As such, - * the below structure definition is only a guideline; the - * @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER, and - * @c IEEE80211_RSN_AUTHTYPE macros should be used to access any - * data. + * the below structure definition only works for IEs we create + * ourselves, which always have one pairwise cipher and one AKM; + * received IEs should be parsed piecemeal. * * Also inspired was IEEE's choice of 16-bit fields to count the * number of 4-byte elements in a structure with a maximum length of @@ -790,11 +790,9 @@ struct ieee80211_ie_erp_info { * * Many fields reference a cipher or authentication-type ID; this is a * three-byte OUI followed by one byte identifying the cipher with - * respect to that OUI. For all standard ciphers the OUI is 00:0F:AC. - * - * The authentication types referenced in this structure have nothing - * to do with 802.11 authentication frames or the @c algorithm field - * within them. + * respect to that OUI. For all standard ciphers the OUI is 00:0F:AC, + * except in old-style WPA IEs encapsulated in vendor-specific IEs, + * where it's 00:50:F2. */ struct ieee80211_ie_rsn { /** Information element ID */ @@ -807,21 +805,21 @@ struct ieee80211_ie_rsn { u16 version; /** Cipher ID for the cipher used in multicast/broadcast frames */ - u8 group_cipher[4]; + u32 group_cipher; /** Number of unicast ciphers supported */ u16 pairwise_count; /** List of cipher IDs for supported unicast frame ciphers */ - u8 pairwise_cipher[4]; + u32 pairwise_cipher[1]; /** Number of authentication types supported */ u16 akm_count; /** List of authentication type IDs for supported types */ - u8 akm_list[4]; + u32 akm_list[1]; - /** Security capabilities field. */ + /** Security capabilities field (RSN only) */ u16 rsn_capab; /** Number of PMKIDs included (present only in association frames) */ @@ -834,140 +832,69 @@ struct ieee80211_ie_rsn { /** Information element ID for Robust Security Network information element */ #define IEEE80211_IE_RSN 48 -/** OUI for standard ciphers in RSN information element */ -#define IEEE80211_RSN_OUI "\x00\x0F\xAC" - -/** Extract RSN IE version field */ -#define IEEE80211_RSN_FIELD_version( rsnp ) ( (rsnp)->version ) - -/** Extract RSN IE group_cipher field */ -#define IEEE80211_RSN_FIELD_group_cipher( rsnp ) ( (rsnp)->group_cipher ) - -/** Extract RSN IE pairwise_count field */ -#define IEEE80211_RSN_FIELD_pairwise_count( rsnp ) ( (rsnp)->pairwise_count ) - -/** Extract RSN IE akm_count field */ -#define IEEE80211_RSN_FIELD_akm_count( rsnp ) \ - ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \ - 4*( ( rsnp )->pairwise_count - 1 ) ) )->akm_count ) - -/** Extract RSN IE rsn_capab field */ -#define IEEE80211_RSN_FIELD_rsn_capab( rsnp ) \ - ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \ - 4*( ( rsnp )->pairwise_count - 1 ) + \ - 4*( ( rsnp )->akm_count - 1 ) ) )->rsn_capab ) - -/** Extract RSN IE pmkid_count field */ -#define IEEE80211_RSN_FIELD_pmkid_count( rsnp ) \ - ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \ - 4*( ( rsnp )->pairwise_count - 1 ) + \ - 4*( ( rsnp )->akm_count - 1 ) ) )->pmkid_count ) - -/** Extract field from RSN information element - * - * @v rsnp Pointer to RSN information element - * @v field Name of field to extract - * @ret val Lvalue of the requested field - * - * You must fill the fields of the structure in order for this to work - * properly. - */ -#define IEEE80211_RSN_FIELD( rsnp, field ) \ - IEEE80211_RSN_FIELD_ ## field ( rsnp ) - -/** Get pointer to pairwise cipher from RSN information element - * - * @v rsnp Pointer to RSN information element - * @v cipher Index of pairwise cipher to extract - * @ret ptr Pointer to requested cipher - */ -#define IEEE80211_RSN_CIPHER( rsnp, cipher ) \ - ( ( rsnp )->pairwise_cipher + 4 * ( cipher ) ) - -/** Get pointer to authentication type from RSN information element - * - * @v rsnp Pointer to RSN information element - * @v akm Index of authentication type to extract - * @ret ptr Pointer to requested authentication type - * - * The @c pairwise_count field must be correct. - */ -#define IEEE80211_RSN_AUTHTYPE( rsnp, akm ) \ - ( ( rsnp )->akm_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + 4 * ( akm ) ) - -/** Get pointer to PMKID from RSN information element - * - * @v rsnp Pointer to RSN information element - * @v idx Index of PMKID to extract - * @ret ptr Pointer to requested PMKID - * - * The @c pairwise_count and @c akm_count fields must be correct. - */ -#define IEEE80211_RSN_PMKID( rsnp, idx ) \ - ( ( rsnp )->pmkid_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + \ - 4 * ( ( rsnp )->akm_count - 1 ) + 16 * ( idx ) ) - -/** Verify size of RSN information element - * - * @v rsnp Pointer to RSN information element - * @ret ok TRUE if count fields are consistent with length field - * - * It is important to drop any RSN IE that does not pass this function - * before using the @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER, - * and @c IEEE80211_RSN_AUTHTYPE macros, to avoid potential security - * compromise due to a malformed RSN IE. - * - * This function does not consider the possibility of some PMKIDs - * included in the RSN IE, because PMKIDs are only included in RSN IEs - * sent in association request frames, and we should never receive an - * association request frame. An RSN IE that includes PMKIDs will - * always fail this check. - */ -static inline int ieee80211_rsn_check ( struct ieee80211_ie_rsn *rsnp ) { - if ( rsnp->len < 12 + 4 * rsnp->pairwise_count ) - return 0; - return ( rsnp->len == 12 + 4 * ( rsnp->pairwise_count + - IEEE80211_RSN_FIELD ( rsnp, akm_count ) ) ); -} - /** Calculate necessary size of RSN information element * * @v npair Number of pairwise ciphers supported * @v nauth Number of authentication types supported * @v npmkid Number of PMKIDs to include - * @ret size Necessary size of RSN IE, including header bytes + * @v is_rsn If TRUE, calculate RSN IE size; if FALSE, calculate WPA IE size + * @ret size Necessary size of IE, including header bytes */ -static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid ) { - return 16 + 4 * ( npair + nauth ) + 16 * npmkid; +static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid, + int rsn_ie ) { + return 16 + 4 * ( npair + nauth ) + 16 * npmkid - 4 * ! rsn_ie; } +/** Make OUI plus type byte into 32-bit integer for easy comparison */ +#if __BYTE_ORDER == __BIG_ENDIAN +#define _MKOUI( a, b, c, t ) \ + ( ( ( a ) << 24 ) | ( ( b ) << 16 ) | ( ( c ) << 8 ) | ( d ) ) +#define OUI_ORG_MASK 0xFFFFFF00 +#define OUI_TYPE_MASK 0x000000FF +#else +#define _MKOUI( a, b, c, t ) \ + ( ( ( t ) << 24 ) | ( ( c ) << 16 ) | ( ( b ) << 8 ) | ( a ) ) +#define OUI_ORG_MASK 0x00FFFFFF +#define OUI_TYPE_MASK 0xFF000000 +#endif + +/** Organization part for OUIs in standard RSN IE */ +#define IEEE80211_RSN_OUI _MKOUI ( 0x00, 0x0F, 0xAC, 0 ) + +/** Organization part for OUIs in old WPA IE */ +#define IEEE80211_WPA_OUI _MKOUI ( 0x00, 0x50, 0xF2, 0 ) + +/** Old vendor-type WPA IE OUI type + subtype */ +#define IEEE80211_WPA_OUI_VEN _MKOUI ( 0x00, 0x50, 0xF2, 0x01 ) + + /** 802.11 RSN IE: expected version number */ #define IEEE80211_RSN_VERSION 1 -/** 802.11 RSN IE: fourth byte of cipher type for 40-bit WEP */ -#define IEEE80211_RSN_CTYPE_WEP40 1 +/** 802.11 RSN IE: cipher type for 40-bit WEP */ +#define IEEE80211_RSN_CTYPE_WEP40 _MKOUI ( 0, 0, 0, 0x01 ) -/** 802.11 RSN IE: fourth byte of cipher type for 104-bit WEP */ -#define IEEE80211_RSN_CTYPE_WEP104 5 +/** 802.11 RSN IE: cipher type for 104-bit WEP */ +#define IEEE80211_RSN_CTYPE_WEP104 _MKOUI ( 0, 0, 0, 0x05 ) -/** 802.11 RSN IE: fourth byte of cipher type for TKIP ("WPA") */ -#define IEEE80211_RSN_CTYPE_TKIP 2 +/** 802.11 RSN IE: cipher type for TKIP ("WPA") */ +#define IEEE80211_RSN_CTYPE_TKIP _MKOUI ( 0, 0, 0, 0x02 ) -/** 802.11 RSN IE: fourth byte of cipher type for CCMP ("WPA2") */ -#define IEEE80211_RSN_CTYPE_CCMP 4 +/** 802.11 RSN IE: cipher type for CCMP ("WPA2") */ +#define IEEE80211_RSN_CTYPE_CCMP _MKOUI ( 0, 0, 0, 0x04 ) -/** 802.11 RSN IE: fourth byte of cipher type for "use group" +/** 802.11 RSN IE: cipher type for "use group" * * This can only appear as a pairwise cipher, and means unicast frames * should be encrypted in the same way as broadcast/multicast frames. */ -#define IEEE80211_RSN_CTYPE_USEGROUP 0 +#define IEEE80211_RSN_CTYPE_USEGROUP _MKOUI ( 0, 0, 0, 0x00 ) -/** 802.11 RSN IE: fourth byte of auth method type for using an 802.1X server */ -#define IEEE80211_RSN_ATYPE_8021X 1 +/** 802.11 RSN IE: auth method type for using an 802.1X server */ +#define IEEE80211_RSN_ATYPE_8021X _MKOUI ( 0, 0, 0, 0x01 ) -/** 802.11 RSN IE: fourth byte of auth method type for using a pre-shared key */ -#define IEEE80211_RSN_ATYPE_PSK 2 +/** 802.11 RSN IE: auth method type for using a pre-shared key */ +#define IEEE80211_RSN_ATYPE_PSK _MKOUI ( 0, 0, 0, 0x02 ) /** 802.11 RSN IE capabilities: AP supports pre-authentication */ #define IEEE80211_RSN_CAPAB_PREAUTH 0x001 @@ -997,6 +924,42 @@ static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid ) { #define IEEE80211_RSN_CAPAB_PEERKEY 0x200 +/** 802.11 RSN IE capabilities: One replay counter + * + * This should be AND'ed with @c IEEE80211_RSN_CAPAB_PTKSA_REPLAY or + * @c IEEE80211_RSN_CAPAB_GTKSA_REPLAY (or both) to produce a value + * which can be OR'ed into the capabilities field. + */ +#define IEEE80211_RSN_1_CTR 0x000 + +/** 802.11 RSN IE capabilities: Two replay counters */ +#define IEEE80211_RSN_2_CTR 0x014 + +/** 802.11 RSN IE capabilities: Four replay counters */ +#define IEEE80211_RSN_4_CTR 0x028 + +/** 802.11 RSN IE capabilities: 16 replay counters */ +#define IEEE80211_RSN_16_CTR 0x03C + + +/** 802.11 Vendor Specific information element + * + * One often sees the RSN IE masquerading as vendor-specific on + * devices that were produced prior to 802.11i (the WPA amendment) + * being finalized. + */ +struct ieee80211_ie_vendor { + u8 id; /**< Vendor-specific ID: 221 */ + u8 len; /**< Vendor-specific length: variable */ + u32 oui; /**< OUI and vendor-specific type byte */ + u8 data[0]; /**< Vendor-specific data */ +} __attribute__ ((packed)); + +/** Information element ID for Vendor Specific information element */ +#define IEEE80211_IE_VENDOR 221 + + + /** Any 802.11 information element * @@ -1034,8 +997,23 @@ union ieee80211_ie /** Security information */ struct ieee80211_ie_rsn rsn; + + /** Vendor-specific */ + struct ieee80211_ie_vendor vendor; }; +/** Check that 802.11 information element is bounded by buffer + * + * @v ie Information element + * @v end End of buffer in which information element is stored + * @ret ok TRUE if the IE is completely contained within the buffer + */ +static inline int ieee80211_ie_bound ( union ieee80211_ie *ie, void *end ) +{ + void *iep = ie; + return ( iep + 2 <= end && iep + 2 + ie->len <= end ); +} + /** Advance to next 802.11 information element * * @v ie Current information element pointer @@ -1055,7 +1033,7 @@ static inline union ieee80211_ie * ieee80211_next_ie ( union ieee80211_ie *ie, if ( ! end ) return next_ie; - if ( next_ie_byte < end && next_ie_byte + next_ie->len <= end ) + if ( ieee80211_ie_bound ( next_ie, end ) ) return next_ie; return NULL; diff --git a/src/include/gpxe/net80211.h b/src/include/gpxe/net80211.h index d924941f..027e091c 100644 --- a/src/include/gpxe/net80211.h +++ b/src/include/gpxe/net80211.h @@ -119,6 +119,9 @@ enum net80211_security_proto { * in the same 4-way handshake as the PSK method. */ NET80211_SECPROT_EAP = 2, + + /** Dummy value used when the handshaking type can't be detected */ + NET80211_SECPROT_UNKNOWN = 3, }; @@ -169,6 +172,9 @@ enum net80211_crypto_alg { * against WEP and minor success against TKIP fail. */ NET80211_CRYPT_CCMP = 3, + + /** Dummy value used when the cryptosystem can't be detected */ + NET80211_CRYPT_UNKNOWN = 4, }; @@ -539,37 +545,171 @@ struct net80211_frag_cache struct io_buffer *iob[16]; }; -/** Interface to an 802.11 cryptographic algorithm + +/** Interface to an 802.11 security handshaking protocol * - * Cryptographic algorithms define a net80211_crypto structure - * statically, using a gPXE linker table to make it available to the - * 802.11 layer. When the algorithm needs to be used, the 802.11 code - * will allocate a copy of the static definition plus whatever space - * the algorithm has requested for private state, and point - * net80211_device::crypto at it. + * Security handshaking protocols handle parsing a user-specified key + * into a suitable input to the encryption algorithm, and for WPA and + * better systems, manage performing whatever authentication with the + * network is necessary. + * + * At all times when any method in this structure is called with a + * net80211_device argument @a dev, a dynamically allocated copy of + * the handshaker structure itself with space for the requested amount + * of private data may be accessed as @c dev->handshaker. The + * structure will not be modified, and will only be freed during + * reassociation and device closing after the @a stop method has been + * called. + */ +struct net80211_handshaker +{ + /** The security handshaking protocol implemented */ + enum net80211_security_proto protocol; + + /** Initialize security handshaking protocol + * + * @v dev 802.11 device + * @ret rc Return status code + * + * This method is expected to access @c netX/key or other + * applicable settings to determine the parameters for + * handshaking. If no handshaking is required, it should call + * sec80211_install() with the cryptosystem and key that are + * to be used, and @c start and @c step should be set to @c + * NULL. + * + * This is always called just before association is performed, + * but after its parameters have been set; in particular, you + * may rely on the contents of the @a essid field in @a dev. + */ + int ( * init ) ( struct net80211_device *dev ); + + /** Start handshaking + * + * @v dev 802.11 device + * @ret rc Return status code + * + * This method is expected to set up internal state so that + * packets sent immediately after association, before @a step + * can be called, will be handled appropriately. + * + * This is always called just before association is attempted. + */ + int ( * start ) ( struct net80211_device *dev ); + + /** Process handshaking state + * + * @v dev 802.11 device + * @ret rc Return status code, or positive if done + * + * This method is expected to perform as much progress on the + * protocol it implements as is possible without blocking. It + * should return 0 if it wishes to be called again, a negative + * return status code on error, or a positive value if + * handshaking is complete. In the case of a positive return, + * net80211_crypto_install() must have been called. + * + * If handshaking may require further action (e.g. an AP that + * might decide to rekey), handlers must be installed by this + * function that will act without further calls to @a step. + */ + int ( * step ) ( struct net80211_device *dev ); + + /** Change cryptographic key based on setting + * + * @v dev 802.11 device + * @ret rc Return status code + * + * This method is called whenever the @c netX/key setting + * @e may have been changed. It is expected to determine + * whether it did in fact change, and if so, to install the + * new key using net80211_crypto_install(). If it is not + * possible to do this immediately, this method should return + * an error; in that case the 802.11 stack will reassociate, + * following the usual init/start/step sequence. + * + * This method is only relevant when it is possible to + * associate successfully with an incorrect key. When it is + * not, a failed association will be retried until the user + * changes the key setting, and a successful association will + * not be dropped due to such a change. When association with + * an incorrect key is impossible, this function should return + * 0 after performing no action. + */ + int ( * change_key ) ( struct net80211_device *dev ); + + /** Stop security handshaking handlers + * + * @v dev 802.11 device + * + * This method is called just before freeing a security + * handshaker; it could, for example, delete a process that @a + * start had created to manage the security of the connection. + * If not needed it may be set to NULL. + */ + void ( * stop ) ( struct net80211_device *dev ); + + /** Amount of private data requested + * + * Before @c init is called for the first time, this structure's + * @c priv pointer will point to this many bytes of allocated + * data, where the allocation will be performed separately for + * each net80211_device. + */ + int priv_len; + + /** Whether @a start has been called + * + * Reset to 0 after @a stop is called. + */ + int started; + + /** Pointer to private data + * + * In initializing this structure statically for a linker + * table, set this to NULL. + */ + void *priv; +}; + +#define NET80211_HANDSHAKERS __table ( struct net80211_handshaker, \ + "net80211_handshakers" ) +#define __net80211_handshaker __table_entry ( NET80211_HANDSHAKERS, 01 ) + + +/** Interface to an 802.11 cryptosystem + * + * Cryptosystems define a net80211_crypto structure statically, using + * a gPXE linker table to make it available to the 802.11 layer. When + * the cryptosystem needs to be used, the 802.11 code will allocate a + * copy of the static definition plus whatever space the algorithm has + * requested for private state, and point net80211_device::crypto or + * net80211_device::gcrypto at it. */ struct net80211_crypto { /** The cryptographic algorithm implemented */ enum net80211_crypto_alg algorithm; - /** Initialize cryptographic algorithm using a given key + /** Initialize cryptosystem using a given key * - * @v crypto 802.11 cryptographic algorithm + * @v crypto 802.11 cryptosystem * @v key Pointer to key bytes * @v keylen Number of key bytes + * @v rsc Initial receive sequence counter, if applicable * @ret rc Return status code * * This method is passed the communication key provided by the * security handshake handler, which will already be in the - * low-level form required. + * low-level form required. It may not store a pointer to the + * key after returning; it must copy it to its private storage. */ - int ( * initialize ) ( struct net80211_crypto *crypto, u8 *key, - int keylen ); + int ( * init ) ( struct net80211_crypto *crypto, const void *key, + int keylen, const void *rsc ); - /** Encrypt a frame using the cryptographic algorithm + /** Encrypt a frame using the cryptosystem * - * @v crypto 802.11 cryptographic algorithm + * @v crypto 802.11 cryptosystem * @v iob I/O buffer * @ret eiob Newly allocated I/O buffer with encrypted packet * @@ -593,9 +733,9 @@ struct net80211_crypto struct io_buffer * ( * encrypt ) ( struct net80211_crypto *crypto, struct io_buffer *iob ); - /** Decrypt a frame using the cryptographic algorithm + /** Decrypt a frame using the cryptosystem * - * @v crypto 802.11 cryptographic algorithm + * @v crypto 802.11 cryptosystem * @v eiob Encrypted I/O buffer * @ret iob Newly allocated I/O buffer with decrypted packet * @@ -626,6 +766,9 @@ struct net80211_crypto void *priv; }; +#define NET80211_CRYPTOS __table ( struct net80211_crypto, "net80211_cryptos" ) +#define __net80211_crypto __table_entry ( NET80211_CRYPTOS, 01 ) + struct net80211_probe_ctx; struct net80211_assoc_ctx; @@ -732,6 +875,9 @@ struct net80211_device struct net80211_assoc_ctx *assoc; } ctx; + /** Security handshaker being used */ + struct net80211_handshaker *handshaker; + /** State of our association to the network * * Since the association process happens asynchronously, it's @@ -777,14 +923,33 @@ struct net80211_device /** Return status code associated with @c state */ int assoc_rc; + /** RSN or WPA information element to include with association + * + * If set to @c NULL, none will be included. It is expected + * that this will be set by the @a init function of a security + * handshaker if it is needed. + */ + union ieee80211_ie *rsn_ie; + /* ---------- Parameters of currently associated network ---------- */ - /** 802.11 cryptographic algorithm for our current network + /** 802.11 cryptosystem for our current network * * For an open network, this will be set to NULL. */ struct net80211_crypto *crypto; + /** 802.11 cryptosystem for multicast and broadcast frames + * + * If this is NULL, the cryptosystem used for receiving + * unicast frames will also be used for receiving multicast + * and broadcast frames. Transmitted multicast and broadcast + * frames are always sent unicast to the AP, who multicasts + * them on our behalf; thus they always use the unicast + * cryptosystem. + */ + struct net80211_crypto *gcrypto; + /** MAC address of the access point most recently associated */ u8 bssid[ETH_ALEN]; @@ -927,6 +1092,10 @@ struct net80211_wlan }; +/** 802.11 encryption key setting */ +extern struct setting net80211_key_setting __setting; + + /** * @defgroup net80211_probe 802.11 network location API * @{ @@ -974,6 +1143,7 @@ int net80211_send_auth ( struct net80211_device *dev, struct net80211_wlan *wlan, int method ); int net80211_send_assoc ( struct net80211_device *dev, struct net80211_wlan *wlan ); +void net80211_deauthenticate ( struct net80211_device *dev, int rc ); /** @} */ diff --git a/src/include/gpxe/sec80211.h b/src/include/gpxe/sec80211.h new file mode 100644 index 00000000..502ebf7d --- /dev/null +++ b/src/include/gpxe/sec80211.h @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2009 Joshua Oreman . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _GPXE_SEC80211_H +#define _GPXE_SEC80211_H + +FILE_LICENCE ( GPL2_OR_LATER ); + +#include +#include + +/** @file + * + * Definitions for general secured-network routines. + * + * Any function in this file which may be referenced by code which is + * not exclusive to encryption-enabled builds (e.g. sec80211_detect(), + * which is called by net80211_probe_step() to fill the net80211_wlan + * structure's security fields) must be declared as a weak symbol, + * using an inline interface similar to that used for + * sec80211_detect() below. This prevents secure network support from + * bloating general builds by any more than a few tiny hooks to call + * crypto functions when crypto structures are non-NULL. + */ + +int _sec80211_detect ( struct io_buffer *iob, + enum net80211_security_proto *secprot, + enum net80211_crypto_alg *crypt ) + __attribute__ (( weak )); + + +/** + * Inline safety wrapper for _sec80211_detect() + * + * @v iob I/O buffer containing beacon frame + * @ret secprot Security handshaking protocol used by network + * @ret crypt Cryptosystem used by network + * @ret rc Return status code + * + * This function transparently calls _sec80211_detect() if the file + * containing it was compiled in, or returns an error indication of + * @c -ENOTSUP if not. + */ +static inline int sec80211_detect ( struct io_buffer *iob, + enum net80211_security_proto *secprot, + enum net80211_crypto_alg *crypt ) { + if ( _sec80211_detect ) + return _sec80211_detect ( iob, secprot, crypt ); + return -ENOTSUP; +} + +int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end, + enum net80211_security_proto *secprot, + enum net80211_crypto_alg *crypt ); +u8 * sec80211_find_rsn ( union ieee80211_ie *ie, void *ie_end, + int *is_rsn, u8 **end ); + +int sec80211_install ( struct net80211_crypto **which, + enum net80211_crypto_alg crypt, + const void *key, int len, const void *rsc ); + +u32 sec80211_rsn_get_crypto_desc ( enum net80211_crypto_alg crypt, int rsnie ); +u32 sec80211_rsn_get_akm_desc ( enum net80211_security_proto secprot, + int rsnie ); +enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt ( u32 desc ); + +#endif /* _GPXE_SEC80211_H */ + diff --git a/src/net/80211/net80211.c b/src/net/80211/net80211.c index c3d9fc61..aa141968 100644 --- a/src/net/80211/net80211.c +++ b/src/net/80211/net80211.c @@ -29,6 +29,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); #include #include #include +#include #include #include #include @@ -188,7 +189,8 @@ static void net80211_handle_auth ( struct net80211_device *dev, struct io_buffer *iob ); static void net80211_handle_assoc_reply ( struct net80211_device *dev, struct io_buffer *iob ); -static int net80211_send_disassoc ( struct net80211_device *dev, int reason ); +static int net80211_send_disassoc ( struct net80211_device *dev, int reason, + int deauth ); static void net80211_handle_mgmt ( struct net80211_device *dev, struct io_buffer *iob, int signal ); /** @} */ @@ -208,15 +210,16 @@ static void net80211_rx_frag ( struct net80211_device *dev, * @defgroup net80211_settings 802.11 settings handlers * @{ */ -static int net80211_check_ssid_update ( void ); +static int net80211_check_settings_update ( void ); /** 802.11 settings applicator * * When the SSID is changed, this will cause any open devices to - * re-associate. + * re-associate; when the encryption key is changed, we similarly + * update their state. */ -struct settings_applicator net80211_ssid_applicator __settings_applicator = { - .apply = net80211_check_ssid_update, +struct settings_applicator net80211_applicator __settings_applicator = { + .apply = net80211_check_settings_update, }; /** The network name to associate with @@ -242,6 +245,18 @@ struct setting net80211_active_setting __setting = { .type = &setting_type_int8, }; +/** The cryptographic key to use + * + * For hex WEP keys, as is common, this must be entered using the + * normal gPXE method for entering hex settings; an ASCII string of + * hex characters will not behave as expected. + */ +struct setting net80211_key_setting __setting = { + .name = "key", + .description = "Encryption key for protected 802.11 networks", + .type = &setting_type_string, +}; + /** @} */ @@ -294,7 +309,16 @@ static void net80211_netdev_close ( struct net_device *netdev ) /* Send disassociation frame to AP, to be polite */ if ( dev->state & NET80211_ASSOCIATED ) - net80211_send_disassoc ( dev, IEEE80211_REASON_LEAVING ); + net80211_send_disassoc ( dev, IEEE80211_REASON_LEAVING, 0 ); + + if ( dev->handshaker && dev->handshaker->stop && + dev->handshaker->started ) + dev->handshaker->stop ( dev ); + + free ( dev->crypto ); + free ( dev->handshaker ); + dev->crypto = NULL; + dev->handshaker = NULL; netdev_link_down ( netdev ); dev->state = 0; @@ -317,16 +341,25 @@ static int net80211_netdev_transmit ( struct net_device *netdev, struct io_buffer *iobuf ) { struct net80211_device *dev = netdev->priv; + struct ieee80211_frame *hdr = iobuf->data; int rc = -ENOSYS; - if ( dev->crypto ) { + if ( dev->crypto && ! ( hdr->fc & IEEE80211_FC_PROTECTED ) && + ( ( hdr->fc & IEEE80211_FC_TYPE ) == IEEE80211_TYPE_DATA ) ) { struct io_buffer *niob = dev->crypto->encrypt ( dev->crypto, iobuf ); if ( ! niob ) return -ENOMEM; /* only reason encryption could fail */ - free_iob ( iobuf ); - iobuf = niob; + /* Free the non-encrypted iob */ + netdev_tx_complete ( netdev, iobuf ); + + /* Transmit the encrypted iob; the Protected flag is + set, so we won't recurse into here again */ + netdev_tx ( netdev, niob ); + + /* Don't transmit the freed packet */ + return 0; } if ( dev->op->transmit ) @@ -482,7 +515,7 @@ static int net80211_ll_push ( struct net_device *netdev, ( void * ) hdr + IEEE80211_TYP_FRAME_HEADER_LEN; /* We can't send data packets if we're not associated. */ - if ( ! netdev_link_ok ( netdev ) ) { + if ( ! ( dev->state & NET80211_ASSOCIATED ) ) { if ( dev->assoc_rc ) return dev->assoc_rc; return -ENETUNREACH; @@ -1032,7 +1065,7 @@ static int net80211_process_ie ( struct net80211_device *dev, int changed = 0; int band = dev->channels[dev->channel].band; - if ( ( void * ) ie >= ie_end ) + if ( ! ieee80211_ie_bound ( ie, ie_end ) ) return 0; for ( ; ie; ie = ieee80211_next_ie ( ie, ie_end ) ) { @@ -1103,10 +1136,6 @@ static int net80211_process_ie ( struct net80211_device *dev, if ( ! ( ie->erp_info & IEEE80211_ERP_BARKER_LONG ) ) dev->phy_flags |= NET80211_PHY_USE_SHORT_PREAMBLE; break; - - case IEEE80211_IE_RSN: - /* XXX need to implement WPA stuff */ - break; } } @@ -1140,10 +1169,20 @@ static int net80211_process_ie ( struct net80211_device *dev, exist, so insertion sort works well. */ for ( i = 1; i < dev->nr_rates; i++ ) { u16 rate = dev->rates[i]; + u32 tmp, br, mask; for ( j = i - 1; j >= 0 && dev->rates[j] >= rate; j-- ) dev->rates[j + 1] = dev->rates[j]; dev->rates[j + 1] = rate; + + /* Adjust basic_rates to match by rotating the + bits from bit j+1 to bit i left one position. */ + mask = ( ( 1 << i ) - 1 ) & ~( ( 1 << ( j + 1 ) ) - 1 ); + br = dev->basic_rates; + tmp = br & ( 1 << i ); + br = ( br & ~( mask | tmp ) ) | ( ( br & mask ) << 1 ); + br |= ( tmp >> ( i - j - 1 ) ); + dev->basic_rates = br; } net80211_set_rtscts_rate ( dev ); @@ -1187,28 +1226,42 @@ net80211_marshal_request_info ( struct net80211_device *dev, ie->id = IEEE80211_IE_RATES; ie->len = dev->nr_rates; + if ( ie->len > 8 ) + ie->len = 8; + for ( i = 0; i < ie->len; i++ ) { ie->rates[i] = dev->rates[i] / 5; if ( dev->basic_rates & ( 1 << i ) ) ie->rates[i] |= 0x80; } - if ( ie->len > 8 ) { - /* 802.11 requires we use an Extended Basic Rates IE - for the rates beyond the eighth. */ - int rates = ie->len; - - memmove ( ( void * ) ie + 2 + 8 + 2, ( void * ) ie + 2 + 8, - rates - 8 ); - ie->len = 8; + ie = ieee80211_next_ie ( ie, NULL ); + if ( dev->rsn_ie && dev->rsn_ie->id == IEEE80211_IE_RSN ) { + memcpy ( ie, dev->rsn_ie, dev->rsn_ie->len + 2 ); ie = ieee80211_next_ie ( ie, NULL ); - - ie->id = IEEE80211_IE_EXT_RATES; - ie->len = rates - 8; } - ie = ieee80211_next_ie ( ie, NULL ); + if ( dev->nr_rates > 8 ) { + /* 802.11 requires we use an Extended Basic Rates IE + for the rates beyond the eighth. */ + + ie->id = IEEE80211_IE_EXT_RATES; + ie->len = dev->nr_rates - 8; + + for ( ; i < dev->nr_rates; i++ ) { + ie->rates[i - 8] = dev->rates[i] / 5; + if ( dev->basic_rates & ( 1 << i ) ) + ie->rates[i - 8] |= 0x80; + } + + ie = ieee80211_next_ie ( ie, NULL ); + } + + if ( dev->rsn_ie && dev->rsn_ie->id == IEEE80211_IE_VENDOR ) { + memcpy ( ie, dev->rsn_ie, dev->rsn_ie->len + 2 ); + ie = ieee80211_next_ie ( ie, NULL ); + } return ie; } @@ -1275,13 +1328,6 @@ struct net80211_probe_ctx * net80211_probe_start ( struct net80211_device *dev, ie = net80211_marshal_request_info ( dev, probe_req->info_element ); - ie->id = IEEE80211_IE_REQUEST; - ie->len = 3; - ie->request[0] = IEEE80211_IE_COUNTRY; - ie->request[1] = IEEE80211_IE_ERP_INFO; - ie->request[2] = IEEE80211_IE_RSN; - - ie = ieee80211_next_ie ( ie, NULL ); iob_put ( ctx->probe, ( void * ) ie - ctx->probe->data ); } @@ -1404,6 +1450,10 @@ int net80211_probe_step ( struct net80211_probe_ctx *ctx ) } ie = beacon->info_element; + + if ( ! ieee80211_ie_bound ( ie, iob->tail ) ) + ie = NULL; + while ( ie && ie->id != IEEE80211_IE_SSID ) ie = ieee80211_next_ie ( ie, iob->tail ); @@ -1459,10 +1509,27 @@ int net80211_probe_step ( struct net80211_probe_ctx *ctx ) memcpy ( iob_put ( wlan->beacon, iob_len ( iob ) ), iob->data, iob_len ( iob ) ); - /* XXX actually check capab and RSN ie to - figure this out */ - wlan->handshaking = NET80211_SECPROT_NONE; - wlan->crypto = NET80211_CRYPT_NONE; + if ( ( rc = sec80211_detect ( wlan->beacon, &wlan->handshaking, + &wlan->crypto ) ) == -ENOTSUP ) { + struct ieee80211_beacon *beacon = + ( struct ieee80211_beacon * ) hdr->data; + + if ( beacon->capability & IEEE80211_CAPAB_PRIVACY ) { + DBG ( "802.11 %p probe: secured network %s but " + "encryption support not compiled in\n", + dev, wlan->essid ); + wlan->handshaking = NET80211_SECPROT_UNKNOWN; + wlan->crypto = NET80211_CRYPT_UNKNOWN; + } else { + wlan->handshaking = NET80211_SECPROT_NONE; + wlan->crypto = NET80211_CRYPT_NONE; + } + } else if ( rc != 0 ) { + DBGC ( dev, "802.11 %p probe warning: network " + "%s with unidentifiable security " + "settings: %s\n", dev, wlan->essid, + strerror ( rc ) ); + } ctx->ticks_beacon = now; @@ -1739,6 +1806,14 @@ static void net80211_step_associate ( struct process *proc ) DBGC ( dev, "802.11 %p associating\n", dev ); + if ( dev->handshaker && dev->handshaker->start && + ! dev->handshaker->started ) { + rc = dev->handshaker->start ( dev ); + if ( rc < 0 ) + goto fail; + dev->handshaker->started = 1; + } + rc = net80211_send_assoc ( dev, dev->associating ); if ( rc ) goto fail; @@ -1750,9 +1825,29 @@ static void net80211_step_associate ( struct process *proc ) /* state: crypto sync */ DBGC ( dev, "802.11 %p security handshaking\n", dev ); - dev->state |= NET80211_CRYPTO_SYNCED; - /* XXX need to actually do something here once we - support WPA */ + if ( ! dev->handshaker || ! dev->handshaker->step ) { + dev->state |= NET80211_CRYPTO_SYNCED; + return; + } + + rc = dev->handshaker->step ( dev ); + + if ( rc < 0 ) { + /* Only record the returned error if we're + still marked as associated, because an + asynchronous error will have already been + reported to net80211_deauthenticate() and + assoc_rc thereby set. */ + if ( dev->state & NET80211_ASSOCIATED ) + dev->assoc_rc = rc; + rc = 0; + goto fail; + } + + if ( rc > 0 ) { + dev->assoc_rc = 0; + dev->state |= NET80211_CRYPTO_SYNCED; + } return; } @@ -1804,27 +1899,36 @@ static void net80211_step_associate ( struct process *proc ) } /** - * Check for 802.11 SSID updates + * Check for 802.11 SSID or key updates * * This acts as a settings applicator; if the user changes netX/ssid, * and netX is currently open, the association task will be invoked - * again. + * again. If the user changes the encryption key, the current security + * handshaker will be asked to update its state to match; if that is + * impossible without reassociation, we reassociate. */ -static int net80211_check_ssid_update ( void ) +static int net80211_check_settings_update ( void ) { struct net80211_device *dev; char ssid[IEEE80211_MAX_SSID_LEN + 1]; + int key_reassoc; list_for_each_entry ( dev, &net80211_devices, list ) { if ( ! ( dev->netdev->state & NETDEV_OPEN ) ) continue; + key_reassoc = 0; + if ( dev->handshaker && dev->handshaker->change_key && + dev->handshaker->change_key ( dev ) < 0 ) + key_reassoc = 1; + fetch_string_setting ( netdev_settings ( dev->netdev ), &net80211_ssid_setting, ssid, IEEE80211_MAX_SSID_LEN + 1 ); - if ( strcmp ( ssid, dev->essid ) != 0 && - ! ( ! ssid[0] && ( dev->state & NET80211_AUTO_SSID ) ) ) { + if ( key_reassoc || + ( ! ( ! ssid[0] && ( dev->state & NET80211_AUTO_SSID ) ) && + strcmp ( ssid, dev->essid ) != 0 ) ) { DBGC ( dev, "802.11 %p updating association: " "%s -> %s\n", dev, dev->essid, ssid ); net80211_autoassociate ( dev ); @@ -1846,6 +1950,8 @@ void net80211_autoassociate ( struct net80211_device *dev ) if ( ! ( dev->state & NET80211_WORKING ) ) { DBGC2 ( dev, "802.11 %p spawning association process\n", dev ); process_add ( &dev->proc_assoc ); + } else { + DBGC2 ( dev, "802.11 %p restarting association\n", dev ); } /* Clean up everything an earlier association process might @@ -1865,6 +1971,7 @@ void net80211_autoassociate ( struct net80211_device *dev ) IEEE80211_MAX_SSID_LEN + 1 ); dev->ctx.probe = NULL; dev->associating = NULL; + dev->assoc_rc = 0; net80211_set_state ( dev, NET80211_PROBED, NET80211_WORKING, 0 ); } @@ -2020,6 +2127,7 @@ int net80211_prepare_assoc ( struct net80211_device *dev, struct ieee80211_frame *hdr = wlan->beacon->data; struct ieee80211_beacon *beacon = ( struct ieee80211_beacon * ) hdr->data; + struct net80211_handshaker *handshaker; int rc; assert ( dev->netdev->state & NETDEV_OPEN ); @@ -2028,11 +2136,12 @@ int net80211_prepare_assoc ( struct net80211_device *dev, memcpy ( dev->bssid, wlan->bssid, ETH_ALEN ); strcpy ( dev->essid, wlan->essid ); + free ( dev->rsn_ie ); + dev->rsn_ie = NULL; + dev->last_beacon_timestamp = beacon->timestamp; dev->tx_beacon_interval = 1024 * beacon->beacon_interval; - /* XXX do crypto setup here */ - /* Barring an IE that tells us the channel outright, assume the channel we heard this AP best on is the channel it's communicating on. */ @@ -2051,6 +2160,46 @@ int net80211_prepare_assoc ( struct net80211_device *dev, dev->rate = 0; dev->op->config ( dev, NET80211_CFG_RATE ); + /* Free old handshaker and crypto, if they exist */ + if ( dev->handshaker && dev->handshaker->stop && + dev->handshaker->started ) + dev->handshaker->stop ( dev ); + free ( dev->handshaker ); + dev->handshaker = NULL; + free ( dev->crypto ); + free ( dev->gcrypto ); + dev->crypto = dev->gcrypto = NULL; + + /* Find new security handshaker to use */ + for_each_table_entry ( handshaker, NET80211_HANDSHAKERS ) { + if ( handshaker->protocol == wlan->handshaking ) { + dev->handshaker = zalloc ( sizeof ( *handshaker ) + + handshaker->priv_len ); + if ( ! dev->handshaker ) + return -ENOMEM; + + memcpy ( dev->handshaker, handshaker, + sizeof ( *handshaker ) ); + dev->handshaker->priv = ( ( void * ) dev->handshaker + + sizeof ( *handshaker ) ); + break; + } + } + + if ( ( wlan->handshaking != NET80211_SECPROT_NONE ) && + ! dev->handshaker ) { + DBGC ( dev, "802.11 %p no support for handshaking scheme %d\n", + dev, wlan->handshaking ); + return -( ENOTSUP | ( wlan->handshaking << 8 ) ); + } + + /* Initialize security handshaker */ + if ( dev->handshaker ) { + rc = dev->handshaker->init ( dev ); + if ( rc < 0 ) + return rc; + } + return 0; } @@ -2091,8 +2240,8 @@ int net80211_send_auth ( struct net80211_device *dev, * * If the authentication method being used is Shared Key, and the * frame that was received included challenge text, the frame is - * encrypted using the cryptographic algorithm currently in effect and - * sent back to the AP to complete the authentication. + * encrypted using the cryptosystem currently in effect and sent back + * to the AP to complete the authentication. */ static void net80211_handle_auth ( struct net80211_device *dev, struct io_buffer *iob ) @@ -2181,8 +2330,6 @@ int net80211_send_assoc ( struct net80211_device *dev, DBGP ( "802.11 %p about to send association request:\n", dev ); DBGP_HD ( iob->data, ( void * ) ie - iob->data ); - /* XXX add RSN ie for WPA support */ - iob_put ( iob, ( void * ) ie - iob->data ); return net80211_tx_mgmt ( dev, IEEE80211_STYPE_ASSOC_REQ, @@ -2227,9 +2374,11 @@ static void net80211_handle_assoc_reply ( struct net80211_device *dev, * * @v dev 802.11 device * @v reason Reason for disassociation + * @v deauth If TRUE, send deauthentication instead of disassociation * @ret rc Return status code */ -static int net80211_send_disassoc ( struct net80211_device *dev, int reason ) +static int net80211_send_disassoc ( struct net80211_device *dev, int reason, + int deauth ) { struct io_buffer *iob = alloc_iob ( 64 ); struct ieee80211_disassoc *disassoc; @@ -2242,8 +2391,28 @@ static int net80211_send_disassoc ( struct net80211_device *dev, int reason ) disassoc = iob_put ( iob, sizeof ( *disassoc ) ); disassoc->reason = reason; - return net80211_tx_mgmt ( dev, IEEE80211_STYPE_DISASSOC, dev->bssid, - iob ); + return net80211_tx_mgmt ( dev, deauth ? IEEE80211_STYPE_DEAUTH : + IEEE80211_STYPE_DISASSOC, dev->bssid, iob ); +} + + +/** + * Deauthenticate from current network and try again + * + * @v dev 802.11 device + * @v rc Return status code indicating reason + * + * The deauthentication will be sent using an 802.11 "unspecified + * reason", as is common, but @a rc will be set as a link-up + * error to aid the user in debugging. + */ +void net80211_deauthenticate ( struct net80211_device *dev, int rc ) +{ + net80211_send_disassoc ( dev, IEEE80211_REASON_UNSPECIFIED, 1 ); + dev->assoc_rc = rc; + netdev_link_err ( dev->netdev, rc ); + + net80211_autoassociate ( dev ); } @@ -2557,14 +2726,29 @@ void net80211_rx ( struct net80211_device *dev, struct io_buffer *iob, iob_unput ( iob, 4 ); } - if ( hdr->fc & IEEE80211_FC_PROTECTED ) { + /* Only decrypt packets from our BSSID, to avoid spurious errors */ + if ( ( hdr->fc & IEEE80211_FC_PROTECTED ) && + ! memcmp ( hdr->addr2, dev->bssid, ETH_ALEN ) ) { + /* Decrypt packet; record and drop if it fails */ struct io_buffer *niob; - if ( ! dev->crypto ) - goto drop; /* can't decrypt packets on an open network */ + struct net80211_crypto *crypto = dev->crypto; - niob = dev->crypto->decrypt ( dev->crypto, iob ); - if ( ! niob ) - goto drop; /* drop failed decryption */ + if ( ! dev->crypto ) { + DBGC ( dev, "802.11 %p cannot decrypt packet " + "without a cryptosystem\n", dev ); + goto drop_crypt; + } + + if ( ( hdr->addr1[0] & 1 ) && dev->gcrypto ) { + /* Use group decryption if needed */ + crypto = dev->gcrypto; + } + + niob = crypto->decrypt ( crypto, iob ); + if ( ! niob ) { + DBGC ( dev, "802.11 %p decryption error\n", dev ); + goto drop_crypt; + } free_iob ( iob ); iob = niob; } @@ -2593,11 +2777,16 @@ void net80211_rx ( struct net80211_device *dev, struct io_buffer *iob, rc80211_update_rx ( dev, hdr->fc & IEEE80211_FC_RETRY, rate ); /* Pass packet onward */ - if ( netdev_link_ok ( dev->netdev ) ) { + if ( dev->state & NET80211_ASSOCIATED ) { netdev_rx ( dev->netdev, iob ); return; } + /* No association? Drop it. */ + goto drop; + + drop_crypt: + netdev_rx_err ( dev->netdev, NULL, EINVAL_CRYPTO_REQUEST ); drop: DBGC2 ( dev, "802.11 %p dropped packet fc=%04x seq=%04x\n", dev, hdr->fc, hdr->seq ); diff --git a/src/net/80211/sec80211.c b/src/net/80211/sec80211.c new file mode 100644 index 00000000..c5aa1183 --- /dev/null +++ b/src/net/80211/sec80211.c @@ -0,0 +1,503 @@ +/* + * Copyright (c) 2009 Joshua Oreman . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +FILE_LICENCE ( GPL2_OR_LATER ); + +#include +#include +#include +#include +#include +#include + +/** @file + * + * General secured-network routines required whenever any secure + * network support at all is compiled in. This involves things like + * installing keys, determining the type of security used by a probed + * network, and some small helper functions that take advantage of + * static data in this file. + */ + +/** Mapping from net80211 crypto/secprot types to RSN OUI descriptors */ +struct descriptor_map { + /** Value of net80211_crypto_alg or net80211_security_proto */ + u32 net80211_type; + + /** OUI+type in appropriate byte order, masked to exclude vendor */ + u32 oui_type; +}; + +/** Magic number in @a oui_type showing end of list */ +#define END_MAGIC 0xFFFFFFFF + +/** Mapping between net80211 cryptosystems and 802.11i cipher IDs */ +static struct descriptor_map rsn_cipher_map[] = { + { .net80211_type = NET80211_CRYPT_WEP, + .oui_type = IEEE80211_RSN_CTYPE_WEP40 }, + + { .net80211_type = NET80211_CRYPT_WEP, + .oui_type = IEEE80211_RSN_CTYPE_WEP104 }, + + { .net80211_type = NET80211_CRYPT_TKIP, + .oui_type = IEEE80211_RSN_CTYPE_TKIP }, + + { .net80211_type = NET80211_CRYPT_CCMP, + .oui_type = IEEE80211_RSN_CTYPE_CCMP }, + + { .net80211_type = NET80211_CRYPT_UNKNOWN, + .oui_type = END_MAGIC }, +}; + +/** Mapping between net80211 handshakers and 802.11i AKM IDs */ +static struct descriptor_map rsn_akm_map[] = { + { .net80211_type = NET80211_SECPROT_EAP, + .oui_type = IEEE80211_RSN_ATYPE_8021X }, + + { .net80211_type = NET80211_SECPROT_PSK, + .oui_type = IEEE80211_RSN_ATYPE_PSK }, + + { .net80211_type = NET80211_SECPROT_UNKNOWN, + .oui_type = END_MAGIC }, +}; + + +/** + * Install 802.11 cryptosystem + * + * @v which Pointer to the cryptosystem structure to install in + * @v crypt Cryptosystem ID number + * @v key Encryption key to use + * @v len Length of encryption key + * @v rsc Initial receive sequence counter, if applicable + * @ret rc Return status code + * + * The encryption key will not be accessed via the provided pointer + * after this function returns, so you may keep it on the stack. + * + * @a which must point to either @c dev->crypto (for the normal case + * of installing a unicast cryptosystem) or @c dev->gcrypto (to + * install a cryptosystem that will be used only for decrypting + * group-source frames). + */ +int sec80211_install ( struct net80211_crypto **which, + enum net80211_crypto_alg crypt, + const void *key, int len, const void *rsc ) +{ + struct net80211_crypto *crypto = *which; + struct net80211_crypto *tbl_crypto; + + /* Remove old crypto if it exists */ + free ( *which ); + *which = NULL; + + if ( crypt == NET80211_CRYPT_NONE ) { + DBG ( "802.11-Sec not installing null cryptography\n" ); + return 0; + } + + /* Find cryptosystem to use */ + for_each_table_entry ( tbl_crypto, NET80211_CRYPTOS ) { + if ( tbl_crypto->algorithm == crypt ) { + crypto = zalloc ( sizeof ( *crypto ) + + tbl_crypto->priv_len ); + if ( ! crypto ) { + DBG ( "802.11-Sec out of memory\n" ); + return -ENOMEM; + } + + memcpy ( crypto, tbl_crypto, sizeof ( *crypto ) ); + crypto->priv = ( ( void * ) crypto + + sizeof ( *crypto ) ); + break; + } + } + + if ( ! crypto ) { + DBG ( "802.11-Sec no support for cryptosystem %d\n", crypt ); + return -( ENOTSUP | EUNIQ_10 | ( crypt << 8 ) ); + } + + *which = crypto; + + DBG ( "802.11-Sec installing cryptosystem %d as %p with key of " + "length %d\n", crypt, crypto, len ); + + return crypto->init ( crypto, key, len, rsc ); +} + + +/** + * Determine net80211 crypto or handshaking type value to return for RSN info + * + * @v rsnp Pointer to next descriptor count field in RSN IE + * @v rsn_end Pointer to end of RSN IE + * @v map Descriptor map to use + * @v tbl_start Start of linker table to examine for gPXE support + * @v tbl_end End of linker table to examine for gPXE support + * @ret rsnp Updated to point to first byte after descriptors + * @ret map_ent Descriptor map entry of translation to use + * + * The entries in the linker table must be either net80211_crypto or + * net80211_handshaker structures, and @a tbl_stride must be set to + * sizeof() the appropriate one. + * + * This function expects @a rsnp to point at a two-byte descriptor + * count followed by a list of four-byte cipher or AKM descriptors; it + * will return @c NULL if the input packet is malformed, and otherwise + * set @a rsnp to the first byte it has not looked at. It will return + * the first cipher in the list that is supported by the current build + * of gPXE, or the first of all if none are supported. + * + * We play rather fast and loose with type checking, because this + * function is only called from two well-defined places in the + * RSN-checking code. Don't try to use it for anything else. + */ +static struct descriptor_map * rsn_pick_desc ( u8 **rsnp, u8 *rsn_end, + struct descriptor_map *map, + void *tbl_start, void *tbl_end ) +{ + int ndesc; + int ok = 0; + struct descriptor_map *map_ent, *map_ret = NULL; + u8 *rsn = *rsnp; + void *tblp; + size_t tbl_stride = ( map == rsn_cipher_map ? + sizeof ( struct net80211_crypto ) : + sizeof ( struct net80211_handshaker ) ); + + if ( map != rsn_cipher_map && map != rsn_akm_map ) + return NULL; + + /* Determine which types we support */ + for ( tblp = tbl_start; tblp < tbl_end; tblp += tbl_stride ) { + struct net80211_crypto *crypto = tblp; + struct net80211_handshaker *hs = tblp; + + if ( map == rsn_cipher_map ) + ok |= ( 1 << crypto->algorithm ); + else + ok |= ( 1 << hs->protocol ); + } + + /* RSN sanity checks */ + if ( rsn + 2 > rsn_end ) { + DBG ( "RSN detect: malformed descriptor count\n" ); + return NULL; + } + + ndesc = *( u16 * ) rsn; + rsn += 2; + + if ( ! ndesc ) { + DBG ( "RSN detect: no descriptors\n" ); + return NULL; + } + + /* Determine which net80211 crypto types are listed */ + while ( ndesc-- ) { + u32 desc; + + if ( rsn + 4 > rsn_end ) { + DBG ( "RSN detect: malformed descriptor (%d left)\n", + ndesc ); + return NULL; + } + + desc = *( u32 * ) rsn; + rsn += 4; + + for ( map_ent = map; map_ent->oui_type != END_MAGIC; map_ent++ ) + if ( map_ent->oui_type == ( desc & OUI_TYPE_MASK ) ) + break; + + /* Use first cipher as a fallback */ + if ( ! map_ret ) + map_ret = map_ent; + + /* Once we find one we support, use it */ + if ( ok & ( 1 << map_ent->net80211_type ) ) { + map_ret = map_ent; + break; + } + } + + if ( ndesc > 0 ) + rsn += 4 * ndesc; + + *rsnp = rsn; + return map_ret; +} + + +/** + * Find the RSN or WPA information element in the provided beacon frame + * + * @v ie Pointer to first information element to check + * @v ie_end Pointer to end of information element space + * @ret is_rsn TRUE if returned IE is RSN, FALSE if it's WPA + * @ret end Pointer to byte immediately after last byte of data + * @ret data Pointer to first byte of data (the `version' field) + * + * If both an RSN and a WPA information element are found, this + * function will return the first one seen, which by ordering rules + * should always prefer the newer RSN IE. + * + * If no RSN or WPA infomration element is found, returns @c NULL and + * leaves @a is_rsn and @a end in an undefined state. + * + * This function will not return a pointer to an information element + * that states it extends past the tail of the io_buffer, or whose @a + * version field is incorrect. + */ +u8 * sec80211_find_rsn ( union ieee80211_ie *ie, void *ie_end, + int *is_rsn, u8 **end ) +{ + u8 *rsn = NULL; + + if ( ! ieee80211_ie_bound ( ie, ie_end ) ) + return NULL; + + while ( ie ) { + if ( ie->id == IEEE80211_IE_VENDOR && + ie->vendor.oui == IEEE80211_WPA_OUI_VEN ) { + DBG ( "RSN detect: old-style WPA IE found\n" ); + rsn = &ie->vendor.data[0]; + *end = rsn + ie->len - 4; + *is_rsn = 0; + } else if ( ie->id == IEEE80211_IE_RSN ) { + DBG ( "RSN detect: 802.11i RSN IE found\n" ); + rsn = ( u8 * ) &ie->rsn.version; + *end = rsn + ie->len; + *is_rsn = 1; + } + + if ( rsn && ( *end > ( u8 * ) ie_end || rsn >= *end || + *( u16 * ) rsn != IEEE80211_RSN_VERSION ) ) { + DBG ( "RSN detect: malformed RSN IE or unknown " + "version, keep trying\n" ); + rsn = NULL; + } + + if ( rsn ) + break; + + ie = ieee80211_next_ie ( ie, ie_end ); + } + + if ( ! ie ) { + DBG ( "RSN detect: no RSN IE found\n" ); + return NULL; + } + + return rsn; +} + + +/** + * Detect crypto and AKM types from RSN information element + * + * @v is_rsn If TRUE, IE is a new-style RSN information element + * @v start Pointer to first byte of @a version field + * @v end Pointer to first byte not in the RSN IE + * @ret secprot Security handshaking protocol used by network + * @ret crypt Cryptosystem used by network + * @ret rc Return status code + * + * If the IE cannot be parsed, returns an error indication and leaves + * @a secprot and @a crypt unchanged. + */ +int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end, + enum net80211_security_proto *secprot, + enum net80211_crypto_alg *crypt ) +{ + enum net80211_security_proto sp; + enum net80211_crypto_alg cr; + struct descriptor_map *map; + u8 *rsn = start; + + /* Set some defaults */ + cr = ( is_rsn ? NET80211_CRYPT_CCMP : NET80211_CRYPT_TKIP ); + sp = NET80211_SECPROT_EAP; + + rsn += 2; /* version - already checked */ + rsn += 4; /* group cipher - we don't use it here */ + + if ( rsn >= end ) + goto done; + + /* Pick crypto algorithm */ + map = rsn_pick_desc ( &rsn, end, rsn_cipher_map, + table_start ( NET80211_CRYPTOS ), + table_end ( NET80211_CRYPTOS ) ); + if ( ! map ) + goto invalid_rsn; + + cr = map->net80211_type; + + if ( rsn >= end ) + goto done; + + /* Pick handshaking algorithm */ + map = rsn_pick_desc ( &rsn, end, rsn_akm_map, + table_start ( NET80211_HANDSHAKERS ), + table_end ( NET80211_HANDSHAKERS ) ); + if ( ! map ) + goto invalid_rsn; + + sp = map->net80211_type; + + done: + DBG ( "RSN detect: OK, crypto type %d, secprot type %d\n", cr, sp ); + *secprot = sp; + *crypt = cr; + return 0; + + invalid_rsn: + DBG ( "RSN detect: invalid RSN IE\n" ); + return -EINVAL; +} + + +/** + * Detect the cryptosystem and handshaking protocol used by an 802.11 network + * + * @v iob I/O buffer containing beacon frame + * @ret secprot Security handshaking protocol used by network + * @ret crypt Cryptosystem used by network + * @ret rc Return status code + * + * This function uses weak linkage, as it must be called from generic + * contexts but should only be linked in if some encryption is + * supported; you must test its address against @c NULL before calling + * it. If it does not exist, any network with the PRIVACY bit set in + * beacon->capab should be considered unknown. + */ +int _sec80211_detect ( struct io_buffer *iob, + enum net80211_security_proto *secprot, + enum net80211_crypto_alg *crypt ) +{ + struct ieee80211_frame *hdr = iob->data; + struct ieee80211_beacon *beacon = + ( struct ieee80211_beacon * ) hdr->data; + u8 *rsn, *rsn_end; + int is_rsn, rc; + + *crypt = NET80211_CRYPT_UNKNOWN; + *secprot = NET80211_SECPROT_UNKNOWN; + + /* Find RSN or WPA IE */ + if ( ! ( rsn = sec80211_find_rsn ( beacon->info_element, iob->tail, + &is_rsn, &rsn_end ) ) ) { + /* No security IE at all; either WEP or no security. */ + *secprot = NET80211_SECPROT_NONE; + + if ( beacon->capability & IEEE80211_CAPAB_PRIVACY ) + *crypt = NET80211_CRYPT_WEP; + else + *crypt = NET80211_CRYPT_NONE; + + return 0; + } + + /* Determine type of security */ + if ( ( rc = sec80211_detect_ie ( is_rsn, rsn, rsn_end, secprot, + crypt ) ) == 0 ) + return 0; + + /* If we get here, the RSN IE was invalid */ + + *crypt = NET80211_CRYPT_UNKNOWN; + *secprot = NET80211_SECPROT_UNKNOWN; + DBG ( "Failed to handle RSN IE:\n" ); + DBG_HD ( rsn, rsn_end - rsn ); + return rc; +} + + +/** + * Determine RSN descriptor for specified net80211 ID + * + * @v id net80211 ID value + * @v rsnie Whether to return a new-format (RSN IE) descriptor + * @v map Map to use in translation + * @ret desc RSN descriptor, or 0 on error + * + * If @a rsnie is false, returns an old-format (WPA vendor IE) + * descriptor. + */ +static u32 rsn_get_desc ( unsigned id, int rsnie, struct descriptor_map *map ) +{ + u32 vendor = ( rsnie ? IEEE80211_RSN_OUI : IEEE80211_WPA_OUI ); + + for ( ; map->oui_type != END_MAGIC; map++ ) { + if ( map->net80211_type == id ) + return map->oui_type | vendor; + } + + return 0; +} + +/** + * Determine RSN descriptor for specified net80211 cryptosystem number + * + * @v crypt Cryptosystem number + * @v rsnie Whether to return a new-format (RSN IE) descriptor + * @ret desc RSN descriptor + * + * If @a rsnie is false, returns an old-format (WPA vendor IE) + * descriptor. + */ +u32 sec80211_rsn_get_crypto_desc ( enum net80211_crypto_alg crypt, int rsnie ) +{ + return rsn_get_desc ( crypt, rsnie, rsn_cipher_map ); +} + +/** + * Determine RSN descriptor for specified net80211 handshaker number + * + * @v secprot Handshaker number + * @v rsnie Whether to return a new-format (RSN IE) descriptor + * @ret desc RSN descriptor + * + * If @a rsnie is false, returns an old-format (WPA vendor IE) + * descriptor. + */ +u32 sec80211_rsn_get_akm_desc ( enum net80211_security_proto secprot, + int rsnie ) +{ + return rsn_get_desc ( secprot, rsnie, rsn_akm_map ); +} + +/** + * Determine net80211 cryptosystem number from RSN descriptor + * + * @v desc RSN descriptor + * @ret crypt net80211 cryptosystem enumeration value + */ +enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt ( u32 desc ) +{ + struct descriptor_map *map = rsn_cipher_map; + + for ( ; map->oui_type != END_MAGIC; map++ ) { + if ( map->oui_type == ( desc & OUI_TYPE_MASK ) ) + break; + } + + return map->net80211_type; +}