aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/staging/rt2860/common/cmm_sanity.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/staging/rt2860/common/cmm_sanity.c')
-rw-r--r--drivers/staging/rt2860/common/cmm_sanity.c184
1 files changed, 0 insertions, 184 deletions
diff --git a/drivers/staging/rt2860/common/cmm_sanity.c b/drivers/staging/rt2860/common/cmm_sanity.c
index 843e44e41abe..85855f7f38cb 100644
--- a/drivers/staging/rt2860/common/cmm_sanity.c
+++ b/drivers/staging/rt2860/common/cmm_sanity.c
@@ -1052,187 +1052,3 @@ NDIS_802_11_NETWORK_TYPE NetworkTypeInUseSanity(
return NetWorkType;
}
-
-/*
- ==========================================================================
- Description:
- WPA message sanity check
- Return:
- TRUE if all parameters are OK, FALSE otherwise
- ==========================================================================
- */
-BOOLEAN PeerWpaMessageSanity(
- IN PRTMP_ADAPTER pAd,
- IN PEAPOL_PACKET pMsg,
- IN ULONG MsgLen,
- IN UCHAR MsgType,
- IN MAC_TABLE_ENTRY *pEntry)
-{
- UCHAR mic[LEN_KEY_DESC_MIC], digest[80], KEYDATA[MAX_LEN_OF_RSNIE];
- BOOLEAN bReplayDiff = FALSE;
- BOOLEAN bWPA2 = FALSE;
- KEY_INFO EapolKeyInfo;
- UCHAR GroupKeyIndex = 0;
-
-
- NdisZeroMemory(mic, sizeof(mic));
- NdisZeroMemory(digest, sizeof(digest));
- NdisZeroMemory(KEYDATA, sizeof(KEYDATA));
- NdisZeroMemory((PUCHAR)&EapolKeyInfo, sizeof(EapolKeyInfo));
-
- NdisMoveMemory((PUCHAR)&EapolKeyInfo, (PUCHAR)&pMsg->KeyDesc.KeyInfo, sizeof(KEY_INFO));
-
- *((USHORT *)&EapolKeyInfo) = cpu2le16(*((USHORT *)&EapolKeyInfo));
-
- // Choose WPA2 or not
- if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) || (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK))
- bWPA2 = TRUE;
-
- // 0. Check MsgType
- if ((MsgType > EAPOL_GROUP_MSG_2) || (MsgType < EAPOL_PAIR_MSG_1))
- {
- DBGPRINT(RT_DEBUG_ERROR, ("The message type is invalid(%d)! \n", MsgType));
- return FALSE;
- }
-
- // 1. Replay counter check
- if (MsgType == EAPOL_PAIR_MSG_1 || MsgType == EAPOL_PAIR_MSG_3 || MsgType == EAPOL_GROUP_MSG_1) // For supplicant
- {
- // First validate replay counter, only accept message with larger replay counter.
- // Let equal pass, some AP start with all zero replay counter
- UCHAR ZeroReplay[LEN_KEY_DESC_REPLAY];
-
- NdisZeroMemory(ZeroReplay, LEN_KEY_DESC_REPLAY);
- if ((RTMPCompareMemory(pMsg->KeyDesc.ReplayCounter, pEntry->R_Counter, LEN_KEY_DESC_REPLAY) != 1) &&
- (RTMPCompareMemory(pMsg->KeyDesc.ReplayCounter, ZeroReplay, LEN_KEY_DESC_REPLAY) != 0))
- {
- bReplayDiff = TRUE;
- }
- }
- else if (MsgType == EAPOL_PAIR_MSG_2 || MsgType == EAPOL_PAIR_MSG_4 || MsgType == EAPOL_GROUP_MSG_2) // For authenticator
- {
- // check Replay Counter coresponds to MSG from authenticator, otherwise discard
- if (!NdisEqualMemory(pMsg->KeyDesc.ReplayCounter, pEntry->R_Counter, LEN_KEY_DESC_REPLAY))
- {
- bReplayDiff = TRUE;
- }
- }
-
- // Replay Counter different condition
- if (bReplayDiff)
- {
- // send wireless event - for replay counter different
- if (pAd->CommonCfg.bWirelessEvent)
- RTMPSendWirelessEvent(pAd, IW_REPLAY_COUNTER_DIFF_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
-
- if (MsgType < EAPOL_GROUP_MSG_1)
- {
- DBGPRINT(RT_DEBUG_ERROR, ("Replay Counter Different in pairwise msg %d of 4-way handshake!\n", MsgType));
- }
- else
- {
- DBGPRINT(RT_DEBUG_ERROR, ("Replay Counter Different in group msg %d of 2-way handshake!\n", (MsgType - EAPOL_PAIR_MSG_4)));
- }
-
- hex_dump("Receive replay counter ", pMsg->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
- hex_dump("Current replay counter ", pEntry->R_Counter, LEN_KEY_DESC_REPLAY);
- return FALSE;
- }
-
- // 2. Verify MIC except Pairwise Msg1
- if (MsgType != EAPOL_PAIR_MSG_1)
- {
- UCHAR rcvd_mic[LEN_KEY_DESC_MIC];
-
- // Record the received MIC for check later
- NdisMoveMemory(rcvd_mic, pMsg->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
- NdisZeroMemory(pMsg->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
-
- if (pEntry->WepStatus == Ndis802_11Encryption2Enabled) // TKIP
- {
- hmac_md5(pEntry->PTK, LEN_EAP_MICK, (PUCHAR)pMsg, MsgLen, mic);
- }
- else if (pEntry->WepStatus == Ndis802_11Encryption3Enabled) // AES
- {
- HMAC_SHA1((PUCHAR)pMsg, MsgLen, pEntry->PTK, LEN_EAP_MICK, digest);
- NdisMoveMemory(mic, digest, LEN_KEY_DESC_MIC);
- }
-
- if (!NdisEqualMemory(rcvd_mic, mic, LEN_KEY_DESC_MIC))
- {
- // send wireless event - for MIC different
- if (pAd->CommonCfg.bWirelessEvent)
- RTMPSendWirelessEvent(pAd, IW_MIC_DIFF_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
-
- if (MsgType < EAPOL_GROUP_MSG_1)
- {
- DBGPRINT(RT_DEBUG_ERROR, ("MIC Different in pairwise msg %d of 4-way handshake!\n", MsgType));
- }
- else
- {
- DBGPRINT(RT_DEBUG_ERROR, ("MIC Different in group msg %d of 2-way handshake!\n", (MsgType - EAPOL_PAIR_MSG_4)));
- }
-
- hex_dump("Received MIC", rcvd_mic, LEN_KEY_DESC_MIC);
- hex_dump("Desired MIC", mic, LEN_KEY_DESC_MIC);
-
- return FALSE;
- }
- }
-
- // Extract the context of the Key Data field if it exist
- // The field in pairwise_msg_2_WPA1(WPA2) & pairwise_msg_3_WPA1 is un-encrypted.
- // The field in group_msg_1_WPA1(WPA2) & pairwise_msg_3_WPA2 is encrypted.
- if (pMsg->KeyDesc.KeyDataLen[1] > 0)
- {
- // Decrypt this field
- if ((MsgType == EAPOL_PAIR_MSG_3 && bWPA2) || (MsgType == EAPOL_GROUP_MSG_1))
- {
- if(pEntry->WepStatus == Ndis802_11Encryption3Enabled)
- {
- // AES
- AES_GTK_KEY_UNWRAP(&pEntry->PTK[16], KEYDATA, pMsg->KeyDesc.KeyDataLen[1],pMsg->KeyDesc.KeyData);
- }
- else
- {
- INT i;
- UCHAR Key[32];
- // Decrypt TKIP GTK
- // Construct 32 bytes RC4 Key
- NdisMoveMemory(Key, pMsg->KeyDesc.KeyIv, 16);
- NdisMoveMemory(&Key[16], &pEntry->PTK[16], 16);
- ARCFOUR_INIT(&pAd->PrivateInfo.WEPCONTEXT, Key, 32);
- //discard first 256 bytes
- for(i = 0; i < 256; i++)
- ARCFOUR_BYTE(&pAd->PrivateInfo.WEPCONTEXT);
- // Decrypt GTK. Becareful, there is no ICV to check the result is correct or not
- ARCFOUR_DECRYPT(&pAd->PrivateInfo.WEPCONTEXT, KEYDATA, pMsg->KeyDesc.KeyData, pMsg->KeyDesc.KeyDataLen[1]);
- }
-
- if (!bWPA2 && (MsgType == EAPOL_GROUP_MSG_1))
- GroupKeyIndex = EapolKeyInfo.KeyIndex;
-
- }
- else if ((MsgType == EAPOL_PAIR_MSG_2) || (MsgType == EAPOL_PAIR_MSG_3 && !bWPA2))
- {
- NdisMoveMemory(KEYDATA, pMsg->KeyDesc.KeyData, pMsg->KeyDesc.KeyDataLen[1]);
- }
- else
- {
-
- return TRUE;
- }
-
- // Parse Key Data field to
- // 1. verify RSN IE for pairwise_msg_2_WPA1(WPA2) ,pairwise_msg_3_WPA1(WPA2)
- // 2. verify KDE format for pairwise_msg_3_WPA2, group_msg_1_WPA2
- // 3. update shared key for pairwise_msg_3_WPA2, group_msg_1_WPA1(WPA2)
- if (!RTMPParseEapolKeyData(pAd, KEYDATA, pMsg->KeyDesc.KeyDataLen[1], GroupKeyIndex, MsgType, bWPA2, pEntry))
- {
- return FALSE;
- }
- }
-
- return TRUE;
-
-}
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.