1/* 2 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc. 3 * All rights reserved. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * File: dpc.c 20 * 21 * Purpose: handle dpc rx functions 22 * 23 * Author: Lyndon Chen 24 * 25 * Date: May 20, 2003 26 * 27 * Functions: 28 * device_receive_frame - Rcv 802.11 frame function 29 * s_bAPModeRxCtl- AP Rcv frame filer Ctl. 30 * s_bAPModeRxData- AP Rcv data frame handle 31 * s_bHandleRxEncryption- Rcv decrypted data via on-fly 32 * s_bHostWepRxEncryption- Rcv encrypted data via host 33 * s_byGetRateIdx- get rate index 34 * s_vGetDASA- get data offset 35 * s_vProcessRxMACHeader- Rcv 802.11 and translate to 802.3 36 * 37 * Revision History: 38 * 39 */ 40 41#include "device.h" 42#include "rxtx.h" 43#include "tether.h" 44#include "card.h" 45#include "bssdb.h" 46#include "mac.h" 47#include "baseband.h" 48#include "michael.h" 49#include "tkip.h" 50#include "tcrc.h" 51#include "wctl.h" 52#include "wroute.h" 53#include "hostap.h" 54#include "rf.h" 55#include "iowpa.h" 56#include "aes_ccmp.h" 57#include "dpc.h" 58 59/*--------------------- Static Definitions -------------------------*/ 60 61/*--------------------- Static Classes ----------------------------*/ 62 63/*--------------------- Static Variables --------------------------*/ 64static const unsigned char acbyRxRate[MAX_RATE] = 65{2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108}; 66 67/*--------------------- Static Functions --------------------------*/ 68 69/*--------------------- Static Definitions -------------------------*/ 70 71/*--------------------- Static Functions --------------------------*/ 72 73static unsigned char s_byGetRateIdx(unsigned char byRate); 74 75static void 76s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 77 PSEthernetHeader psEthHeader); 78 79static void 80s_vProcessRxMACHeader(struct vnt_private *pDevice, unsigned char *pbyRxBufferAddr, 81 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV, 82 unsigned int *pcbHeadSize); 83 84static bool s_bAPModeRxCtl( 85 struct vnt_private *pDevice, 86 unsigned char *pbyFrame, 87 int iSANodeIndex 88); 89 90static bool s_bAPModeRxData( 91 struct vnt_private *pDevice, 92 struct sk_buff *skb, 93 unsigned int FrameSize, 94 unsigned int cbHeaderOffset, 95 int iSANodeIndex, 96 int iDANodeIndex 97); 98 99static bool s_bHandleRxEncryption( 100 struct vnt_private *pDevice, 101 unsigned char *pbyFrame, 102 unsigned int FrameSize, 103 unsigned char *pbyRsr, 104 unsigned char *pbyNewRsr, 105 PSKeyItem *pKeyOut, 106 bool *pbExtIV, 107 unsigned short *pwRxTSC15_0, 108 unsigned long *pdwRxTSC47_16 109); 110 111static bool s_bHostWepRxEncryption( 112 113 struct vnt_private *pDevice, 114 unsigned char *pbyFrame, 115 unsigned int FrameSize, 116 unsigned char *pbyRsr, 117 bool bOnFly, 118 PSKeyItem pKey, 119 unsigned char *pbyNewRsr, 120 bool *pbExtIV, 121 unsigned short *pwRxTSC15_0, 122 unsigned long *pdwRxTSC47_16 123 124); 125 126/*--------------------- Export Variables --------------------------*/ 127 128/*+ 129 * 130 * Description: 131 * Translate Rcv 802.11 header to 802.3 header with Rx buffer 132 * 133 * Parameters: 134 * In: 135 * pDevice 136 * dwRxBufferAddr - Address of Rcv Buffer 137 * cbPacketSize - Rcv Packet size 138 * bIsWEP - If Rcv with WEP 139 * Out: 140 * pcbHeaderSize - 802.11 header size 141 * 142 * Return Value: None 143 * 144 -*/ 145static void 146s_vProcessRxMACHeader(struct vnt_private *pDevice, 147 unsigned char *pbyRxBufferAddr, 148 unsigned int cbPacketSize, bool bIsWEP, bool bExtIV, 149 unsigned int *pcbHeadSize) 150{ 151 unsigned char *pbyRxBuffer; 152 unsigned int cbHeaderSize = 0; 153 unsigned short *pwType; 154 PS802_11Header pMACHeader; 155 int ii; 156 157 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 158 159 s_vGetDASA((unsigned char *)pMACHeader, &cbHeaderSize, &pDevice->sRxEthHeader); 160 161 if (bIsWEP) { 162 if (bExtIV) { 163 // strip IV&ExtIV , add 8 byte 164 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 8); 165 } else { 166 // strip IV , add 4 byte 167 cbHeaderSize += (WLAN_HDR_ADDR3_LEN + 4); 168 } 169 } else { 170 cbHeaderSize += WLAN_HDR_ADDR3_LEN; 171 } 172 173 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize); 174 if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_Bridgetunnel)) { 175 cbHeaderSize += 6; 176 } else if (ether_addr_equal(pbyRxBuffer, pDevice->abySNAP_RFC1042)) { 177 cbHeaderSize += 6; 178 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 179 if ((*pwType != TYPE_PKT_IPX) && (*pwType != cpu_to_le16(0xF380))) { 180 } else { 181 cbHeaderSize -= 8; 182 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 183 if (bIsWEP) { 184 if (bExtIV) 185 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 186 else 187 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 188 189 } else { 190 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 191 } 192 } 193 } else { 194 cbHeaderSize -= 2; 195 pwType = (unsigned short *)(pbyRxBufferAddr + cbHeaderSize); 196 if (bIsWEP) { 197 if (bExtIV) 198 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 8); // 8 is IV&ExtIV 199 else 200 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN - 4); // 4 is IV 201 202 } else { 203 *pwType = htons(cbPacketSize - WLAN_HDR_ADDR3_LEN); 204 } 205 } 206 207 cbHeaderSize -= (ETH_ALEN * 2); 208 pbyRxBuffer = (unsigned char *)(pbyRxBufferAddr + cbHeaderSize); 209 for (ii = 0; ii < ETH_ALEN; ii++) 210 *pbyRxBuffer++ = pDevice->sRxEthHeader.abyDstAddr[ii]; 211 for (ii = 0; ii < ETH_ALEN; ii++) 212 *pbyRxBuffer++ = pDevice->sRxEthHeader.abySrcAddr[ii]; 213 214 *pcbHeadSize = cbHeaderSize; 215} 216 217static unsigned char s_byGetRateIdx(unsigned char byRate) 218{ 219 unsigned char byRateIdx; 220 221 for (byRateIdx = 0; byRateIdx < MAX_RATE; byRateIdx++) { 222 if (acbyRxRate[byRateIdx % MAX_RATE] == byRate) 223 return byRateIdx; 224 } 225 226 return 0; 227} 228 229static void 230s_vGetDASA(unsigned char *pbyRxBufferAddr, unsigned int *pcbHeaderSize, 231 PSEthernetHeader psEthHeader) 232{ 233 unsigned int cbHeaderSize = 0; 234 PS802_11Header pMACHeader; 235 int ii; 236 237 pMACHeader = (PS802_11Header) (pbyRxBufferAddr + cbHeaderSize); 238 239 if ((pMACHeader->wFrameCtl & FC_TODS) == 0) { 240 if (pMACHeader->wFrameCtl & FC_FROMDS) { 241 for (ii = 0; ii < ETH_ALEN; ii++) { 242 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 243 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr3[ii]; 244 } 245 } else { 246 // IBSS mode 247 for (ii = 0; ii < ETH_ALEN; ii++) { 248 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr1[ii]; 249 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 250 } 251 } 252 } else { 253 // Is AP mode.. 254 if (pMACHeader->wFrameCtl & FC_FROMDS) { 255 for (ii = 0; ii < ETH_ALEN; ii++) { 256 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 257 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr4[ii]; 258 cbHeaderSize += 6; 259 } 260 } else { 261 for (ii = 0; ii < ETH_ALEN; ii++) { 262 psEthHeader->abyDstAddr[ii] = pMACHeader->abyAddr3[ii]; 263 psEthHeader->abySrcAddr[ii] = pMACHeader->abyAddr2[ii]; 264 } 265 } 266 } 267 *pcbHeaderSize = cbHeaderSize; 268} 269 270bool 271device_receive_frame( 272 struct vnt_private *pDevice, 273 PSRxDesc pCurrRD 274) 275{ 276 PDEVICE_RD_INFO pRDInfo = pCurrRD->pRDInfo; 277 struct net_device_stats *pStats = &pDevice->dev->stats; 278 struct sk_buff *skb; 279 PSMgmtObject pMgmt = pDevice->pMgmt; 280 PSRxMgmtPacket pRxPacket = &(pDevice->pMgmt->sRxPacket); 281 PS802_11Header p802_11Header; 282 unsigned char *pbyRsr; 283 unsigned char *pbyNewRsr; 284 unsigned char *pbyRSSI; 285 __le64 *pqwTSFTime; 286 unsigned short *pwFrameSize; 287 unsigned char *pbyFrame; 288 bool bDeFragRx = false; 289 bool bIsWEP = false; 290 unsigned int cbHeaderOffset; 291 unsigned int FrameSize; 292 unsigned short wEtherType = 0; 293 int iSANodeIndex = -1; 294 int iDANodeIndex = -1; 295 unsigned int ii; 296 unsigned int cbIVOffset; 297 bool bExtIV = false; 298 unsigned char *pbyRxSts; 299 unsigned char *pbyRxRate; 300 unsigned char *pbySQ; 301 unsigned int cbHeaderSize; 302 PSKeyItem pKey = NULL; 303 unsigned short wRxTSC15_0 = 0; 304 unsigned long dwRxTSC47_16 = 0; 305 SKeyItem STempKey; 306 // 802.11h RPI 307 unsigned long dwDuration = 0; 308 long ldBm = 0; 309 long ldBmThreshold = 0; 310 PS802_11Header pMACHeader; 311 bool bRxeapol_key = false; 312 313 skb = pRDInfo->skb; 314 315 pci_unmap_single(pDevice->pcid, pRDInfo->skb_dma, 316 pDevice->rx_buf_sz, PCI_DMA_FROMDEVICE); 317 318 pwFrameSize = (unsigned short *)(skb->data + 2); 319 FrameSize = cpu_to_le16(pCurrRD->m_rd1RD1.wReqCount) - cpu_to_le16(pCurrRD->m_rd0RD0.wResCount); 320 321 // Max: 2312Payload + 30HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 322 // Min (ACK): 10HD +4CRC + 2Padding + 4Len + 8TSF + 4RSR 323 if ((FrameSize > 2364) || (FrameSize <= 32)) { 324 // Frame Size error drop this packet. 325 pr_debug("---------- WRONG Length 1\n"); 326 return false; 327 } 328 329 pbyRxSts = (unsigned char *)(skb->data); 330 pbyRxRate = (unsigned char *)(skb->data + 1); 331 pbyRsr = (unsigned char *)(skb->data + FrameSize - 1); 332 pbyRSSI = (unsigned char *)(skb->data + FrameSize - 2); 333 pbyNewRsr = (unsigned char *)(skb->data + FrameSize - 3); 334 pbySQ = (unsigned char *)(skb->data + FrameSize - 4); 335 pqwTSFTime = (__le64 *)(skb->data + FrameSize - 12); 336 pbyFrame = (unsigned char *)(skb->data + 4); 337 338 // get packet size 339 FrameSize = cpu_to_le16(*pwFrameSize); 340 341 if ((FrameSize > 2346)|(FrameSize < 14)) { // Max: 2312Payload + 30HD +4CRC 342 // Min: 14 bytes ACK 343 pr_debug("---------- WRONG Length 2\n"); 344 return false; 345 } 346 347 // update receive statistic counter 348 STAvUpdateRDStatCounter(&pDevice->scStatistic, 349 *pbyRsr, 350 *pbyNewRsr, 351 *pbyRxRate, 352 pbyFrame, 353 FrameSize); 354 355 pMACHeader = (PS802_11Header)((unsigned char *)(skb->data) + 8); 356 357 if (pDevice->bMeasureInProgress) { 358 if ((*pbyRsr & RSR_CRCOK) != 0) 359 pDevice->byBasicMap |= 0x01; 360 361 dwDuration = (FrameSize << 4); 362 dwDuration /= acbyRxRate[*pbyRxRate%MAX_RATE]; 363 if (*pbyRxRate <= RATE_11M) { 364 if (*pbyRxSts & 0x01) { 365 // long preamble 366 dwDuration += 192; 367 } else { 368 // short preamble 369 dwDuration += 96; 370 } 371 } else { 372 dwDuration += 16; 373 } 374 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 375 ldBmThreshold = -57; 376 for (ii = 7; ii > 0;) { 377 if (ldBm > ldBmThreshold) 378 break; 379 380 ldBmThreshold -= 5; 381 ii--; 382 } 383 pDevice->dwRPIs[ii] += dwDuration; 384 return false; 385 } 386 387 if (!is_multicast_ether_addr(pbyFrame)) { 388 if (WCTLbIsDuplicate(&(pDevice->sDupRxCache), (PS802_11Header)(skb->data + 4))) { 389 pDevice->s802_11Counter.FrameDuplicateCount++; 390 return false; 391 } 392 } 393 394 // Use for TKIP MIC 395 s_vGetDASA(skb->data+4, &cbHeaderSize, &pDevice->sRxEthHeader); 396 397 // filter packet send from myself 398 if (ether_addr_equal(pDevice->sRxEthHeader.abySrcAddr, 399 pDevice->abyCurrentNetAddr)) 400 return false; 401 402 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) || (pMgmt->eCurrMode == WMAC_MODE_IBSS_STA)) { 403 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 404 p802_11Header = (PS802_11Header)(pbyFrame); 405 // get SA NodeIndex 406 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(p802_11Header->abyAddr2), &iSANodeIndex)) { 407 pMgmt->sNodeDBTable[iSANodeIndex].ulLastRxJiffer = jiffies; 408 pMgmt->sNodeDBTable[iSANodeIndex].uInActiveCount = 0; 409 } 410 } 411 } 412 413 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 414 if (s_bAPModeRxCtl(pDevice, pbyFrame, iSANodeIndex)) 415 return false; 416 } 417 418 if (IS_FC_WEP(pbyFrame)) { 419 bool bRxDecryOK = false; 420 421 pr_debug("rx WEP pkt\n"); 422 bIsWEP = true; 423 if ((pDevice->bEnableHostWEP) && (iSANodeIndex >= 0)) { 424 pKey = &STempKey; 425 pKey->byCipherSuite = pMgmt->sNodeDBTable[iSANodeIndex].byCipherSuite; 426 pKey->dwKeyIndex = pMgmt->sNodeDBTable[iSANodeIndex].dwKeyIndex; 427 pKey->uKeyLength = pMgmt->sNodeDBTable[iSANodeIndex].uWepKeyLength; 428 pKey->dwTSC47_16 = pMgmt->sNodeDBTable[iSANodeIndex].dwTSC47_16; 429 pKey->wTSC15_0 = pMgmt->sNodeDBTable[iSANodeIndex].wTSC15_0; 430 memcpy(pKey->abyKey, 431 &pMgmt->sNodeDBTable[iSANodeIndex].abyWepKey[0], 432 pKey->uKeyLength 433); 434 435 bRxDecryOK = s_bHostWepRxEncryption(pDevice, 436 pbyFrame, 437 FrameSize, 438 pbyRsr, 439 pMgmt->sNodeDBTable[iSANodeIndex].bOnFly, 440 pKey, 441 pbyNewRsr, 442 &bExtIV, 443 &wRxTSC15_0, 444 &dwRxTSC47_16); 445 } else { 446 bRxDecryOK = s_bHandleRxEncryption(pDevice, 447 pbyFrame, 448 FrameSize, 449 pbyRsr, 450 pbyNewRsr, 451 &pKey, 452 &bExtIV, 453 &wRxTSC15_0, 454 &dwRxTSC47_16); 455 } 456 457 if (bRxDecryOK) { 458 if ((*pbyNewRsr & NEWRSR_DECRYPTOK) == 0) { 459 pr_debug("ICV Fail\n"); 460 if ((pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 461 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 462 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 463 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 464 (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 465 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) 466 pDevice->s802_11Counter.TKIPICVErrors++; 467 else if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 468 pDevice->s802_11Counter.CCMPDecryptErrors++; 469 } 470 return false; 471 } 472 } else { 473 pr_debug("WEP Func Fail\n"); 474 return false; 475 } 476 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_CCMP)) 477 FrameSize -= 8; // Message Integrity Code 478 else 479 FrameSize -= 4; // 4 is ICV 480 } 481 482 // 483 // RX OK 484 // 485 //remove the CRC length 486 FrameSize -= ETH_FCS_LEN; 487 488 if ((!(*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI))) && // unicast address 489 (IS_FRAGMENT_PKT((skb->data+4))) 490) { 491 // defragment 492 bDeFragRx = WCTLbHandleFragment(pDevice, (PS802_11Header)(skb->data+4), FrameSize, bIsWEP, bExtIV); 493 pDevice->s802_11Counter.ReceivedFragmentCount++; 494 if (bDeFragRx) { 495 // defrag complete 496 skb = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].skb; 497 FrameSize = pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx].cbFrameLength; 498 499 } else { 500 return false; 501 } 502 } 503 504// Management & Control frame Handle 505 if ((IS_TYPE_DATA((skb->data+4))) == false) { 506 // Handle Control & Manage Frame 507 508 if (IS_TYPE_MGMT((skb->data+4))) { 509 unsigned char *pbyData1; 510 unsigned char *pbyData2; 511 512 pRxPacket->p80211Header = (PUWLAN_80211HDR)(skb->data+4); 513 pRxPacket->cbMPDULen = FrameSize; 514 pRxPacket->uRSSI = *pbyRSSI; 515 pRxPacket->bySQ = *pbySQ; 516 pRxPacket->qwLocalTSF = le64_to_cpu(*pqwTSFTime); 517 if (bIsWEP) { 518 // strip IV 519 pbyData1 = WLAN_HDR_A3_DATA_PTR(skb->data+4); 520 pbyData2 = WLAN_HDR_A3_DATA_PTR(skb->data+4) + 4; 521 for (ii = 0; ii < (FrameSize - 4); ii++) { 522 *pbyData1 = *pbyData2; 523 pbyData1++; 524 pbyData2++; 525 } 526 } 527 pRxPacket->byRxRate = s_byGetRateIdx(*pbyRxRate); 528 pRxPacket->byRxChannel = (*pbyRxSts) >> 2; 529 530 vMgrRxManagePacket((void *)pDevice, pDevice->pMgmt, pRxPacket); 531 532 // hostap Deamon handle 802.11 management 533 if (pDevice->bEnableHostapd) { 534 skb->dev = pDevice->apdev; 535 skb->data += 4; 536 skb->tail += 4; 537 skb_put(skb, FrameSize); 538 skb_reset_mac_header(skb); 539 skb->pkt_type = PACKET_OTHERHOST; 540 skb->protocol = htons(ETH_P_802_2); 541 memset(skb->cb, 0, sizeof(skb->cb)); 542 netif_rx(skb); 543 return true; 544 } 545 } 546 547 return false; 548 } else { 549 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 550 //In AP mode, hw only check addr1(BSSID or RA) if equal to local MAC. 551 if (!(*pbyRsr & RSR_BSSIDOK)) { 552 if (bDeFragRx) { 553 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 554 pr_err("%s: can not alloc more frag bufs\n", 555 pDevice->dev->name); 556 } 557 } 558 return false; 559 } 560 } else { 561 // discard DATA packet while not associate || BSSID error 562 if (!pDevice->bLinkPass || !(*pbyRsr & RSR_BSSIDOK)) { 563 if (bDeFragRx) { 564 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 565 pr_err("%s: can not alloc more frag bufs\n", 566 pDevice->dev->name); 567 } 568 } 569 return false; 570 } 571 //mike add:station mode check eapol-key challenge---> 572 { 573 unsigned char Protocol_Version; //802.1x Authentication 574 unsigned char Packet_Type; //802.1x Authentication 575 576 if (bIsWEP) 577 cbIVOffset = 8; 578 else 579 cbIVOffset = 0; 580 wEtherType = (skb->data[cbIVOffset + 8 + 24 + 6] << 8) | 581 skb->data[cbIVOffset + 8 + 24 + 6 + 1]; 582 Protocol_Version = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1]; 583 Packet_Type = skb->data[cbIVOffset + 8 + 24 + 6 + 1 + 1 + 1]; 584 if (wEtherType == ETH_P_PAE) { //Protocol Type in LLC-Header 585 if (((Protocol_Version == 1) || (Protocol_Version == 2)) && 586 (Packet_Type == 3)) { //802.1x OR eapol-key challenge frame receive 587 bRxeapol_key = true; 588 } 589 } 590 } 591 //mike add:station mode check eapol-key challenge<--- 592 } 593 } 594 595// Data frame Handle 596 597 if (pDevice->bEnablePSMode) { 598 if (!IS_FC_MOREDATA((skb->data+4))) { 599 if (pDevice->pMgmt->bInTIMWake == true) 600 pDevice->pMgmt->bInTIMWake = false; 601 } 602 } 603 604 // Now it only supports 802.11g Infrastructure Mode, and support rate must up to 54 Mbps 605 if (pDevice->bDiversityEnable && (FrameSize > 50) && 606 (pDevice->op_mode == NL80211_IFTYPE_STATION) && 607 pDevice->bLinkPass) { 608 BBvAntennaDiversity(pDevice, s_byGetRateIdx(*pbyRxRate), 0); 609 } 610 611 if (pDevice->byLocalID != REV_ID_VT3253_B1) 612 pDevice->uCurrRSSI = *pbyRSSI; 613 614 pDevice->byCurrSQ = *pbySQ; 615 616 if ((*pbyRSSI != 0) && 617 (pMgmt->pCurrBSS != NULL)) { 618 RFvRSSITodBm(pDevice, *pbyRSSI, &ldBm); 619 // Monitor if RSSI is too strong. 620 pMgmt->pCurrBSS->byRSSIStatCnt++; 621 pMgmt->pCurrBSS->byRSSIStatCnt %= RSSI_STAT_COUNT; 622 pMgmt->pCurrBSS->ldBmAverage[pMgmt->pCurrBSS->byRSSIStatCnt] = ldBm; 623 for (ii = 0; ii < RSSI_STAT_COUNT; ii++) 624 if (pMgmt->pCurrBSS->ldBmAverage[ii] != 0) 625 pMgmt->pCurrBSS->ldBmMAX = max(pMgmt->pCurrBSS->ldBmAverage[ii], ldBm); 626 627 } 628 629 // ----------------------------------------------- 630 631 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_AP) && pDevice->bEnable8021x) { 632 unsigned char abyMacHdr[24]; 633 634 // Only 802.1x packet incoming allowed 635 if (bIsWEP) 636 cbIVOffset = 8; 637 else 638 cbIVOffset = 0; 639 wEtherType = (skb->data[cbIVOffset + 4 + 24 + 6] << 8) | 640 skb->data[cbIVOffset + 4 + 24 + 6 + 1]; 641 642 pr_debug("wEtherType = %04x\n", wEtherType); 643 if (wEtherType == ETH_P_PAE) { 644 skb->dev = pDevice->apdev; 645 646 if (bIsWEP) { 647 // strip IV header(8) 648 memcpy(&abyMacHdr[0], (skb->data + 4), 24); 649 memcpy((skb->data + 4 + cbIVOffset), &abyMacHdr[0], 24); 650 } 651 skb->data += (cbIVOffset + 4); 652 skb->tail += (cbIVOffset + 4); 653 skb_put(skb, FrameSize); 654 skb_reset_mac_header(skb); 655 656 skb->pkt_type = PACKET_OTHERHOST; 657 skb->protocol = htons(ETH_P_802_2); 658 memset(skb->cb, 0, sizeof(skb->cb)); 659 netif_rx(skb); 660 return true; 661 662 } 663 // check if 802.1x authorized 664 if (!(pMgmt->sNodeDBTable[iSANodeIndex].dwFlags & WLAN_STA_AUTHORIZED)) 665 return false; 666 } 667 668 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 669 if (bIsWEP) 670 FrameSize -= 8; //MIC 671 } 672 673 //-------------------------------------------------------------------------------- 674 // Soft MIC 675 if ((pKey != NULL) && (pKey->byCipherSuite == KEY_CTL_TKIP)) { 676 if (bIsWEP) { 677 __le32 *pdwMIC_L; 678 __le32 *pdwMIC_R; 679 __le32 dwMIC_Priority; 680 __le32 dwMICKey0 = 0, dwMICKey1 = 0; 681 u32 dwLocalMIC_L = 0; 682 u32 dwLocalMIC_R = 0; 683 viawget_wpa_header *wpahdr; 684 685 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 686 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[24])); 687 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[28])); 688 } else { 689 if (pDevice->pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) { 690 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[16])); 691 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[20])); 692 } else if ((pKey->dwKeyIndex & BIT28) == 0) { 693 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[16])); 694 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[20])); 695 } else { 696 dwMICKey0 = cpu_to_le32(*(u32 *)(&pKey->abyKey[24])); 697 dwMICKey1 = cpu_to_le32(*(u32 *)(&pKey->abyKey[28])); 698 } 699 } 700 701 MIC_vInit(dwMICKey0, dwMICKey1); 702 MIC_vAppend((unsigned char *)&(pDevice->sRxEthHeader.abyDstAddr[0]), 12); 703 dwMIC_Priority = 0; 704 MIC_vAppend((unsigned char *)&dwMIC_Priority, 4); 705 // 4 is Rcv buffer header, 24 is MAC Header, and 8 is IV and Ext IV. 706 MIC_vAppend((unsigned char *)(skb->data + 4 + WLAN_HDR_ADDR3_LEN + 8), 707 FrameSize - WLAN_HDR_ADDR3_LEN - 8); 708 MIC_vGetMIC(&dwLocalMIC_L, &dwLocalMIC_R); 709 MIC_vUnInit(); 710 711 pdwMIC_L = (__le32 *)(skb->data + 4 + FrameSize); 712 pdwMIC_R = (__le32 *)(skb->data + 4 + FrameSize + 4); 713 714 if ((le32_to_cpu(*pdwMIC_L) != dwLocalMIC_L) || 715 (le32_to_cpu(*pdwMIC_R) != dwLocalMIC_R) || 716 pDevice->bRxMICFail) { 717 pr_debug("MIC comparison is fail!\n"); 718 pDevice->bRxMICFail = false; 719 pDevice->s802_11Counter.TKIPLocalMICFailures++; 720 if (bDeFragRx) { 721 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 722 pr_err("%s: can not alloc more frag bufs\n", 723 pDevice->dev->name); 724 } 725 } 726 //2008-0409-07, <Add> by Einsn Liu 727#ifdef WPA_SUPPLICANT_DRIVER_WEXT_SUPPORT 728 //send event to wpa_supplicant 729 { 730 union iwreq_data wrqu; 731 struct iw_michaelmicfailure ev; 732 int keyidx = pbyFrame[cbHeaderSize+3] >> 6; //top two-bits 733 734 memset(&ev, 0, sizeof(ev)); 735 ev.flags = keyidx & IW_MICFAILURE_KEY_ID; 736 if ((pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 737 (pMgmt->eCurrState == WMAC_STATE_ASSOC) && 738 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 739 ev.flags |= IW_MICFAILURE_PAIRWISE; 740 } else { 741 ev.flags |= IW_MICFAILURE_GROUP; 742 } 743 744 ev.src_addr.sa_family = ARPHRD_ETHER; 745 memcpy(ev.src_addr.sa_data, pMACHeader->abyAddr2, ETH_ALEN); 746 memset(&wrqu, 0, sizeof(wrqu)); 747 wrqu.data.length = sizeof(ev); 748 wireless_send_event(pDevice->dev, IWEVMICHAELMICFAILURE, &wrqu, (char *)&ev); 749 750 } 751#endif 752 753 if ((pDevice->bWPADEVUp) && (pDevice->skb != NULL)) { 754 wpahdr = (viawget_wpa_header *)pDevice->skb->data; 755 if ((pDevice->pMgmt->eCurrMode == WMAC_MODE_ESS_STA) && 756 (pDevice->pMgmt->eCurrState == WMAC_STATE_ASSOC) && 757 (*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) { 758 wpahdr->type = VIAWGET_PTK_MIC_MSG; 759 } else { 760 wpahdr->type = VIAWGET_GTK_MIC_MSG; 761 } 762 wpahdr->resp_ie_len = 0; 763 wpahdr->req_ie_len = 0; 764 skb_put(pDevice->skb, sizeof(viawget_wpa_header)); 765 pDevice->skb->dev = pDevice->wpadev; 766 skb_reset_mac_header(pDevice->skb); 767 pDevice->skb->pkt_type = PACKET_HOST; 768 pDevice->skb->protocol = htons(ETH_P_802_2); 769 memset(pDevice->skb->cb, 0, sizeof(pDevice->skb->cb)); 770 netif_rx(pDevice->skb); 771 pDevice->skb = dev_alloc_skb((int)pDevice->rx_buf_sz); 772 } 773 774 return false; 775 776 } 777 } 778 } //---end of SOFT MIC----------------------------------------------------------------------- 779 780 // ++++++++++ Reply Counter Check +++++++++++++ 781 782 if ((pKey != NULL) && ((pKey->byCipherSuite == KEY_CTL_TKIP) || 783 (pKey->byCipherSuite == KEY_CTL_CCMP))) { 784 if (bIsWEP) { 785 unsigned short wLocalTSC15_0 = 0; 786 unsigned long dwLocalTSC47_16 = 0; 787 unsigned long long RSC = 0; 788 // endian issues 789 RSC = *((unsigned long long *)&(pKey->KeyRSC)); 790 wLocalTSC15_0 = (unsigned short)RSC; 791 dwLocalTSC47_16 = (unsigned long)(RSC>>16); 792 793 RSC = dwRxTSC47_16; 794 RSC <<= 16; 795 RSC += wRxTSC15_0; 796 pKey->KeyRSC = RSC; 797 798 if ((pDevice->sMgmtObj.eCurrMode == WMAC_MODE_ESS_STA) && 799 (pDevice->sMgmtObj.eCurrState == WMAC_STATE_ASSOC)) { 800 // check RSC 801 if ((wRxTSC15_0 < wLocalTSC15_0) && 802 (dwRxTSC47_16 <= dwLocalTSC47_16) && 803 !((dwRxTSC47_16 == 0) && (dwLocalTSC47_16 == 0xFFFFFFFF))) { 804 pr_debug("TSC is illegal~~!\n "); 805 if (pKey->byCipherSuite == KEY_CTL_TKIP) 806 pDevice->s802_11Counter.TKIPReplays++; 807 else 808 pDevice->s802_11Counter.CCMPReplays++; 809 810 if (bDeFragRx) { 811 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 812 pr_err("%s: can not alloc more frag bufs\n", 813 pDevice->dev->name); 814 } 815 } 816 return false; 817 } 818 } 819 } 820 } // ----- End of Reply Counter Check -------------------------- 821 822 s_vProcessRxMACHeader(pDevice, (unsigned char *)(skb->data+4), FrameSize, bIsWEP, bExtIV, &cbHeaderOffset); 823 FrameSize -= cbHeaderOffset; 824 cbHeaderOffset += 4; // 4 is Rcv buffer header 825 826 // Null data, framesize = 14 827 if (FrameSize < 15) 828 return false; 829 830 if (pMgmt->eCurrMode == WMAC_MODE_ESS_AP) { 831 if (!s_bAPModeRxData(pDevice, 832 skb, 833 FrameSize, 834 cbHeaderOffset, 835 iSANodeIndex, 836 iDANodeIndex 837)) { 838 if (bDeFragRx) { 839 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 840 pr_err("%s: can not alloc more frag bufs\n", 841 pDevice->dev->name); 842 } 843 } 844 return false; 845 } 846 } 847 848 skb->data += cbHeaderOffset; 849 skb->tail += cbHeaderOffset; 850 skb_put(skb, FrameSize); 851 skb->protocol = eth_type_trans(skb, skb->dev); 852 853 //drop frame not met IEEE 802.3 854 855 skb->ip_summed = CHECKSUM_NONE; 856 pStats->rx_bytes += skb->len; 857 pStats->rx_packets++; 858 netif_rx(skb); 859 860 if (bDeFragRx) { 861 if (!device_alloc_frag_buf(pDevice, &pDevice->sRxDFCB[pDevice->uCurrentDFCBIdx])) { 862 pr_err("%s: can not alloc more frag bufs\n", 863 pDevice->dev->name); 864 } 865 return false; 866 } 867 868 return true; 869} 870 871static bool s_bAPModeRxCtl( 872 struct vnt_private *pDevice, 873 unsigned char *pbyFrame, 874 int iSANodeIndex 875) 876{ 877 PS802_11Header p802_11Header; 878 CMD_STATUS Status; 879 PSMgmtObject pMgmt = pDevice->pMgmt; 880 881 if (IS_CTL_PSPOLL(pbyFrame) || !IS_TYPE_CONTROL(pbyFrame)) { 882 p802_11Header = (PS802_11Header)(pbyFrame); 883 if (!IS_TYPE_MGMT(pbyFrame)) { 884 // Data & PS-Poll packet 885 // check frame class 886 if (iSANodeIndex > 0) { 887 // frame class 3 fliter & checking 888 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_AUTH) { 889 // send deauth notification 890 // reason = (6) class 2 received from nonauth sta 891 vMgrDeAuthenBeginSta(pDevice, 892 pMgmt, 893 (unsigned char *)(p802_11Header->abyAddr2), 894 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 895 &Status 896); 897 pr_debug("dpc: send vMgrDeAuthenBeginSta 1\n"); 898 return true; 899 } 900 if (pMgmt->sNodeDBTable[iSANodeIndex].eNodeState < NODE_ASSOC) { 901 // send deassoc notification 902 // reason = (7) class 3 received from nonassoc sta 903 vMgrDisassocBeginSta(pDevice, 904 pMgmt, 905 (unsigned char *)(p802_11Header->abyAddr2), 906 (WLAN_MGMT_REASON_CLASS3_NONASSOC), 907 &Status 908); 909 pr_debug("dpc: send vMgrDisassocBeginSta 2\n"); 910 return true; 911 } 912 913 if (pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable) { 914 // delcare received ps-poll event 915 if (IS_CTL_PSPOLL(pbyFrame)) { 916 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 917 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 918 pr_debug("dpc: WLAN_CMD_RX_PSPOLL 1\n"); 919 } else { 920 // check Data PS state 921 // if PW bit off, send out all PS bufferring packets. 922 if (!IS_FC_POWERMGT(pbyFrame)) { 923 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; 924 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 925 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 926 pr_debug("dpc: WLAN_CMD_RX_PSPOLL 2\n"); 927 } 928 } 929 } else { 930 if (IS_FC_POWERMGT(pbyFrame)) { 931 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = true; 932 // Once if STA in PS state, enable multicast bufferring 933 pMgmt->sNodeDBTable[0].bPSEnable = true; 934 } else { 935 // clear all pending PS frame. 936 if (pMgmt->sNodeDBTable[iSANodeIndex].wEnQueueCnt > 0) { 937 pMgmt->sNodeDBTable[iSANodeIndex].bPSEnable = false; 938 pMgmt->sNodeDBTable[iSANodeIndex].bRxPSPoll = true; 939 bScheduleCommand((void *)pDevice, WLAN_CMD_RX_PSPOLL, NULL); 940 pr_debug("dpc: WLAN_CMD_RX_PSPOLL 3\n"); 941 942 } 943 } 944 } 945 } else { 946 vMgrDeAuthenBeginSta(pDevice, 947 pMgmt, 948 (unsigned char *)(p802_11Header->abyAddr2), 949 (WLAN_MGMT_REASON_CLASS2_NONAUTH), 950 &Status 951); 952 pr_debug("dpc: send vMgrDeAuthenBeginSta 3\n"); 953 pr_debug("BSSID:%pM\n", 954 p802_11Header->abyAddr3); 955 pr_debug("ADDR2:%pM\n", 956 p802_11Header->abyAddr2); 957 pr_debug("ADDR1:%pM\n", 958 p802_11Header->abyAddr1); 959 pr_debug("dpc: wFrameCtl= %x\n", 960 p802_11Header->wFrameCtl); 961 VNSvInPortB(pDevice->PortOffset + MAC_REG_RCR, &(pDevice->byRxMode)); 962 pr_debug("dpc:pDevice->byRxMode = %x\n", 963 pDevice->byRxMode); 964 return true; 965 } 966 } 967 } 968 return false; 969} 970 971static bool s_bHandleRxEncryption( 972 struct vnt_private *pDevice, 973 unsigned char *pbyFrame, 974 unsigned int FrameSize, 975 unsigned char *pbyRsr, 976 unsigned char *pbyNewRsr, 977 PSKeyItem *pKeyOut, 978 bool *pbExtIV, 979 unsigned short *pwRxTSC15_0, 980 unsigned long *pdwRxTSC47_16 981) 982{ 983 unsigned int PayloadLen = FrameSize; 984 unsigned char *pbyIV; 985 unsigned char byKeyIdx; 986 PSKeyItem pKey = NULL; 987 unsigned char byDecMode = KEY_CTL_WEP; 988 PSMgmtObject pMgmt = pDevice->pMgmt; 989 990 *pwRxTSC15_0 = 0; 991 *pdwRxTSC47_16 = 0; 992 993 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 994 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 995 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) { 996 pbyIV += 6; // 6 is 802.11 address4 997 PayloadLen -= 6; 998 } 999 byKeyIdx = (*(pbyIV+3) & 0xc0); 1000 byKeyIdx >>= 6; 1001 pr_debug("\nKeyIdx: %d\n", byKeyIdx); 1002 1003 if ((pMgmt->eAuthenMode == WMAC_AUTH_WPA) || 1004 (pMgmt->eAuthenMode == WMAC_AUTH_WPAPSK) || 1005 (pMgmt->eAuthenMode == WMAC_AUTH_WPANONE) || 1006 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2) || 1007 (pMgmt->eAuthenMode == WMAC_AUTH_WPA2PSK)) { 1008 if (((*pbyRsr & (RSR_ADDRBROAD | RSR_ADDRMULTI)) == 0) && 1009 (pDevice->pMgmt->byCSSPK != KEY_CTL_NONE)) { 1010 // unicast pkt use pairwise key 1011 pr_debug("unicast pkt\n"); 1012 if (KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, 0xFFFFFFFF, &pKey) == true) { 1013 if (pDevice->pMgmt->byCSSPK == KEY_CTL_TKIP) 1014 byDecMode = KEY_CTL_TKIP; 1015 else if (pDevice->pMgmt->byCSSPK == KEY_CTL_CCMP) 1016 byDecMode = KEY_CTL_CCMP; 1017 } 1018 pr_debug("unicast pkt: %d, %p\n", byDecMode, pKey); 1019 } else { 1020 // use group key 1021 KeybGetKey(&(pDevice->sKey), pDevice->abyBSSID, byKeyIdx, &pKey); 1022 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1023 byDecMode = KEY_CTL_TKIP; 1024 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1025 byDecMode = KEY_CTL_CCMP; 1026 pr_debug("group pkt: %d, %d, %p\n", 1027 byKeyIdx, byDecMode, pKey); 1028 } 1029 } 1030 // our WEP only support Default Key 1031 if (pKey == NULL) { 1032 // use default group key 1033 KeybGetKey(&(pDevice->sKey), pDevice->abyBroadcastAddr, byKeyIdx, &pKey); 1034 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1035 byDecMode = KEY_CTL_TKIP; 1036 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1037 byDecMode = KEY_CTL_CCMP; 1038 } 1039 *pKeyOut = pKey; 1040 1041 pr_debug("AES:%d %d %d\n", 1042 pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1043 1044 if (pKey == NULL) { 1045 pr_debug("pKey == NULL\n"); 1046 1047 return false; 1048 } 1049 if (byDecMode != pKey->byCipherSuite) { 1050 1051 *pKeyOut = NULL; 1052 return false; 1053 } 1054 if (byDecMode == KEY_CTL_WEP) { 1055 // handle WEP 1056 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1057 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true)) { 1058 // Software WEP 1059 // 1. 3253A 1060 // 2. WEP 256 1061 1062 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1063 memcpy(pDevice->abyPRNG, pbyIV, 3); 1064 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1065 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1066 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1067 1068 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) 1069 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1070 1071 } 1072 } else if ((byDecMode == KEY_CTL_TKIP) || 1073 (byDecMode == KEY_CTL_CCMP)) { 1074 // TKIP/AES 1075 1076 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1077 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1078 pr_debug("ExtIV: %lx\n", *pdwRxTSC47_16); 1079 if (byDecMode == KEY_CTL_TKIP) 1080 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV + 2), *pbyIV)); 1081 else 1082 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1083 1084 pr_debug("TSC0_15: %x\n", *pwRxTSC15_0); 1085 1086 if ((byDecMode == KEY_CTL_TKIP) && 1087 (pDevice->byLocalID <= REV_ID_VT3253_A1)) { 1088 // Software TKIP 1089 // 1. 3253 A 1090 PS802_11Header pMACHeader = (PS802_11Header)(pbyFrame); 1091 1092 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1093 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1094 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1095 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1096 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1097 pr_debug("ICV OK!\n"); 1098 } else { 1099 pr_debug("ICV FAIL!!!\n"); 1100 pr_debug("PayloadLen = %d\n", PayloadLen); 1101 } 1102 } 1103 }// end of TKIP/AES 1104 1105 if ((*(pbyIV+3) & 0x20) != 0) 1106 *pbExtIV = true; 1107 return true; 1108} 1109 1110static bool s_bHostWepRxEncryption( 1111 struct vnt_private *pDevice, 1112 unsigned char *pbyFrame, 1113 unsigned int FrameSize, 1114 unsigned char *pbyRsr, 1115 bool bOnFly, 1116 PSKeyItem pKey, 1117 unsigned char *pbyNewRsr, 1118 bool *pbExtIV, 1119 unsigned short *pwRxTSC15_0, 1120 unsigned long *pdwRxTSC47_16 1121) 1122{ 1123 unsigned int PayloadLen = FrameSize; 1124 unsigned char *pbyIV; 1125 unsigned char byKeyIdx; 1126 unsigned char byDecMode = KEY_CTL_WEP; 1127 PS802_11Header pMACHeader; 1128 1129 *pwRxTSC15_0 = 0; 1130 *pdwRxTSC47_16 = 0; 1131 1132 pbyIV = pbyFrame + WLAN_HDR_ADDR3_LEN; 1133 if (WLAN_GET_FC_TODS(*(unsigned short *)pbyFrame) && 1134 WLAN_GET_FC_FROMDS(*(unsigned short *)pbyFrame)) { 1135 pbyIV += 6; // 6 is 802.11 address4 1136 PayloadLen -= 6; 1137 } 1138 byKeyIdx = (*(pbyIV+3) & 0xc0); 1139 byKeyIdx >>= 6; 1140 pr_debug("\nKeyIdx: %d\n", byKeyIdx); 1141 1142 if (pDevice->pMgmt->byCSSGK == KEY_CTL_TKIP) 1143 byDecMode = KEY_CTL_TKIP; 1144 else if (pDevice->pMgmt->byCSSGK == KEY_CTL_CCMP) 1145 byDecMode = KEY_CTL_CCMP; 1146 1147 pr_debug("AES:%d %d %d\n", 1148 pDevice->pMgmt->byCSSPK, pDevice->pMgmt->byCSSGK, byDecMode); 1149 1150 if (byDecMode != pKey->byCipherSuite) 1151 return false; 1152 1153 if (byDecMode == KEY_CTL_WEP) { 1154 // handle WEP 1155 pr_debug("byDecMode == KEY_CTL_WEP\n"); 1156 1157 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || 1158 (((PSKeyTable)(pKey->pvKeyTable))->bSoftWEP == true) || 1159 !bOnFly) { 1160 // Software WEP 1161 // 1. 3253A 1162 // 2. WEP 256 1163 // 3. NotOnFly 1164 1165 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 4 + 4); // 24 is 802.11 header,4 is IV, 4 is crc 1166 memcpy(pDevice->abyPRNG, pbyIV, 3); 1167 memcpy(pDevice->abyPRNG + 3, pKey->abyKey, pKey->uKeyLength); 1168 rc4_init(&pDevice->SBox, pDevice->abyPRNG, pKey->uKeyLength + 3); 1169 rc4_encrypt(&pDevice->SBox, pbyIV+4, pbyIV+4, PayloadLen); 1170 1171 if (ETHbIsBufferCrc32Ok(pbyIV+4, PayloadLen)) 1172 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1173 1174 } 1175 } else if ((byDecMode == KEY_CTL_TKIP) || 1176 (byDecMode == KEY_CTL_CCMP)) { 1177 // TKIP/AES 1178 1179 PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc 1180 *pdwRxTSC47_16 = cpu_to_le32(*(unsigned long *)(pbyIV + 4)); 1181 pr_debug("ExtIV: %lx\n", *pdwRxTSC47_16); 1182 1183 if (byDecMode == KEY_CTL_TKIP) 1184 *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); 1185 else 1186 *pwRxTSC15_0 = cpu_to_le16(*(unsigned short *)pbyIV); 1187 1188 pr_debug("TSC0_15: %x\n", *pwRxTSC15_0); 1189 1190 if (byDecMode == KEY_CTL_TKIP) { 1191 if ((pDevice->byLocalID <= REV_ID_VT3253_A1) || !bOnFly) { 1192 // Software TKIP 1193 // 1. 3253 A 1194 // 2. NotOnFly 1195 pr_debug("soft KEY_CTL_TKIP\n"); 1196 pMACHeader = (PS802_11Header)(pbyFrame); 1197 TKIPvMixKey(pKey->abyKey, pMACHeader->abyAddr2, *pwRxTSC15_0, *pdwRxTSC47_16, pDevice->abyPRNG); 1198 rc4_init(&pDevice->SBox, pDevice->abyPRNG, TKIP_KEY_LEN); 1199 rc4_encrypt(&pDevice->SBox, pbyIV+8, pbyIV+8, PayloadLen); 1200 if (ETHbIsBufferCrc32Ok(pbyIV+8, PayloadLen)) { 1201 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1202 pr_debug("ICV OK!\n"); 1203 } else { 1204 pr_debug("ICV FAIL!!!\n"); 1205 pr_debug("PayloadLen = %d\n", 1206 PayloadLen); 1207 } 1208 } 1209 } 1210 1211 if (byDecMode == KEY_CTL_CCMP) { 1212 if (!bOnFly) { 1213 // Software CCMP 1214 // NotOnFly 1215 pr_debug("soft KEY_CTL_CCMP\n"); 1216 if (AESbGenCCMP(pKey->abyKey, pbyFrame, FrameSize)) { 1217 *pbyNewRsr |= NEWRSR_DECRYPTOK; 1218 pr_debug("CCMP MIC compare OK!\n"); 1219 } else { 1220 pr_debug("CCMP MIC fail!\n"); 1221 } 1222 } 1223 } 1224 1225 }// end of TKIP/AES 1226 1227 if ((*(pbyIV+3) & 0x20) != 0) 1228 *pbExtIV = true; 1229 return true; 1230} 1231 1232static bool s_bAPModeRxData( 1233 struct vnt_private *pDevice, 1234 struct sk_buff *skb, 1235 unsigned int FrameSize, 1236 unsigned int cbHeaderOffset, 1237 int iSANodeIndex, 1238 int iDANodeIndex 1239) 1240{ 1241 PSMgmtObject pMgmt = pDevice->pMgmt; 1242 bool bRelayAndForward = false; 1243 bool bRelayOnly = false; 1244 unsigned char byMask[8] = {1, 2, 4, 8, 0x10, 0x20, 0x40, 0x80}; 1245 unsigned short wAID; 1246 1247 struct sk_buff *skbcpy = NULL; 1248 1249 if (FrameSize > CB_MAX_BUF_SIZE) 1250 return false; 1251 // check DA 1252 if (is_multicast_ether_addr((unsigned char *)(skb->data+cbHeaderOffset))) { 1253 if (pMgmt->sNodeDBTable[0].bPSEnable) { 1254 skbcpy = dev_alloc_skb((int)pDevice->rx_buf_sz); 1255 1256 // if any node in PS mode, buffer packet until DTIM. 1257 if (skbcpy == NULL) { 1258 pr_info("relay multicast no skb available\n"); 1259 } else { 1260 skbcpy->dev = pDevice->dev; 1261 skbcpy->len = FrameSize; 1262 memcpy(skbcpy->data, skb->data+cbHeaderOffset, FrameSize); 1263 skb_queue_tail(&(pMgmt->sNodeDBTable[0].sTxPSQueue), skbcpy); 1264 1265 pMgmt->sNodeDBTable[0].wEnQueueCnt++; 1266 // set tx map 1267 pMgmt->abyPSTxMap[0] |= byMask[0]; 1268 } 1269 } else { 1270 bRelayAndForward = true; 1271 } 1272 } else { 1273 // check if relay 1274 if (BSSDBbIsSTAInNodeDB(pMgmt, (unsigned char *)(skb->data+cbHeaderOffset), &iDANodeIndex)) { 1275 if (pMgmt->sNodeDBTable[iDANodeIndex].eNodeState >= NODE_ASSOC) { 1276 if (pMgmt->sNodeDBTable[iDANodeIndex].bPSEnable) { 1277 // queue this skb until next PS tx, and then release. 1278 1279 skb->data += cbHeaderOffset; 1280 skb->tail += cbHeaderOffset; 1281 skb_put(skb, FrameSize); 1282 skb_queue_tail(&pMgmt->sNodeDBTable[iDANodeIndex].sTxPSQueue, skb); 1283 pMgmt->sNodeDBTable[iDANodeIndex].wEnQueueCnt++; 1284 wAID = pMgmt->sNodeDBTable[iDANodeIndex].wAID; 1285 pMgmt->abyPSTxMap[wAID >> 3] |= byMask[wAID & 7]; 1286 pr_debug("relay: index= %d, pMgmt->abyPSTxMap[%d]= %d\n", 1287 iDANodeIndex, (wAID >> 3), 1288 pMgmt->abyPSTxMap[wAID >> 3]); 1289 return true; 1290 } else { 1291 bRelayOnly = true; 1292 } 1293 } 1294 } 1295 } 1296 1297 if (bRelayOnly || bRelayAndForward) { 1298 // relay this packet right now 1299 if (bRelayAndForward) 1300 iDANodeIndex = 0; 1301 1302 if ((pDevice->uAssocCount > 1) && (iDANodeIndex >= 0)) 1303 ROUTEbRelay(pDevice, (unsigned char *)(skb->data + cbHeaderOffset), FrameSize, (unsigned int)iDANodeIndex); 1304 1305 if (bRelayOnly) 1306 return false; 1307 } 1308 // none associate, don't forward 1309 if (pDevice->uAssocCount == 0) 1310 return false; 1311 1312 return true; 1313} 1314