iPXE
|
General secured-network routines required whenever any secure network support at all is compiled in. More...
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <ipxe/ieee80211.h>
#include <ipxe/net80211.h>
#include <ipxe/sec80211.h>
Go to the source code of this file.
Data Structures | |
struct | descriptor_map |
Mapping from net80211 crypto/secprot types to RSN OUI descriptors. More... | |
Macros | |
#define | ENOTSUP_WEP __einfo_error ( EINFO_ENOTSUP_WEP ) |
#define | EINFO_ENOTSUP_WEP |
#define | ENOTSUP_TKIP __einfo_error ( EINFO_ENOTSUP_TKIP ) |
#define | EINFO_ENOTSUP_TKIP |
#define | ENOTSUP_CCMP __einfo_error ( EINFO_ENOTSUP_CCMP ) |
#define | EINFO_ENOTSUP_CCMP |
#define | ENOTSUP_CRYPT(crypt) |
#define | END_MAGIC 0xFFFFFFFF |
Magic number in oui_type showing end of list. More... | |
Functions | |
FILE_LICENCE (GPL2_OR_LATER) | |
int | sec80211_install (struct net80211_crypto **which, enum net80211_crypto_alg crypt, const void *key, int len, const void *rsc) |
Install 802.11 cryptosystem. More... | |
static struct descriptor_map * | rsn_pick_desc (u8 **rsnp, u8 *rsn_end, struct descriptor_map *map, void *tbl_start, void *tbl_end) |
Determine net80211 crypto or handshaking type value to return for RSN info. More... | |
u8 * | sec80211_find_rsn (union ieee80211_ie *ie, void *ie_end, int *is_rsn, u8 **end) |
Find the RSN or WPA information element in the provided beacon frame. More... | |
int | sec80211_detect_ie (int is_rsn, u8 *start, u8 *end, enum net80211_security_proto *secprot, enum net80211_crypto_alg *crypt) |
Detect crypto and AKM types from RSN information element. More... | |
int | sec80211_detect (struct io_buffer *iob, enum net80211_security_proto *secprot, enum net80211_crypto_alg *crypt) |
Detect the cryptosystem and handshaking protocol used by an 802.11 network. More... | |
static u32 | rsn_get_desc (unsigned id, int rsnie, struct descriptor_map *map) |
Determine RSN descriptor for specified net80211 ID. More... | |
u32 | sec80211_rsn_get_crypto_desc (enum net80211_crypto_alg crypt, int rsnie) |
Determine RSN descriptor for specified net80211 cryptosystem number. More... | |
u32 | sec80211_rsn_get_akm_desc (enum net80211_security_proto secprot, int rsnie) |
Determine RSN descriptor for specified net80211 handshaker number. More... | |
enum net80211_crypto_alg | sec80211_rsn_get_net80211_crypt (u32 desc) |
Determine net80211 cryptosystem number from RSN descriptor. More... | |
Variables | |
static struct descriptor_map | rsn_cipher_map [] |
Mapping between net80211 cryptosystems and 802.11i cipher IDs. More... | |
static struct descriptor_map | rsn_akm_map [] |
Mapping between net80211 handshakers and 802.11i AKM IDs. More... | |
General secured-network routines required whenever any secure network support at all is compiled in.
This involves things like installing keys, determining the type of security used by a probed network, and some small helper functions that take advantage of static data in this file.
Definition in file sec80211.c.
#define ENOTSUP_WEP __einfo_error ( EINFO_ENOTSUP_WEP ) |
Definition at line 39 of file sec80211.c.
#define EINFO_ENOTSUP_WEP |
Definition at line 40 of file sec80211.c.
#define ENOTSUP_TKIP __einfo_error ( EINFO_ENOTSUP_TKIP ) |
Definition at line 42 of file sec80211.c.
#define EINFO_ENOTSUP_TKIP |
Definition at line 43 of file sec80211.c.
#define ENOTSUP_CCMP __einfo_error ( EINFO_ENOTSUP_CCMP ) |
Definition at line 45 of file sec80211.c.
#define EINFO_ENOTSUP_CCMP |
Definition at line 46 of file sec80211.c.
#define ENOTSUP_CRYPT | ( | crypt | ) |
Definition at line 48 of file sec80211.c.
#define END_MAGIC 0xFFFFFFFF |
Magic number in oui_type showing end of list.
Definition at line 62 of file sec80211.c.
FILE_LICENCE | ( | GPL2_OR_LATER | ) |
int sec80211_install | ( | struct net80211_crypto ** | which, |
enum net80211_crypto_alg | crypt, | ||
const void * | key, | ||
int | len, | ||
const void * | rsc | ||
) |
Install 802.11 cryptosystem.
which | Pointer to the cryptosystem structure to install in |
crypt | Cryptosystem ID number |
key | Encryption key to use |
len | Length of encryption key |
rsc | Initial receive sequence counter, if applicable |
rc | Return status code |
The encryption key will not be accessed via the provided pointer after this function returns, so you may keep it on the stack.
which must point to either dev->crypto
(for the normal case of installing a unicast cryptosystem) or dev->gcrypto
(to install a cryptosystem that will be used only for decrypting group-source frames).
Definition at line 113 of file sec80211.c.
References net80211_crypto::algorithm, DBG, ENOMEM, ENOTSUP_CRYPT, for_each_table_entry, free, net80211_crypto::init, key, len, memcpy(), NET80211_CRYPT_NONE, NET80211_CRYPTOS, NULL, net80211_crypto::priv, net80211_crypto::priv_len, rsc, and zalloc().
Referenced by trivial_init(), wpa_install_gtk(), and wpa_install_ptk().
|
static |
Determine net80211 crypto or handshaking type value to return for RSN info.
rsnp | Pointer to next descriptor count field in RSN IE |
rsn_end | Pointer to end of RSN IE |
map | Descriptor map to use |
tbl_start | Start of linker table to examine for iPXE support |
tbl_end | End of linker table to examine for iPXE support |
rsnp | Updated to point to first byte after descriptors |
map_ent | Descriptor map entry of translation to use |
The entries in the linker table must be either net80211_crypto or net80211_handshaker structures, and tbl_stride must be set to sizeof() the appropriate one.
This function expects rsnp to point at a two-byte descriptor count followed by a list of four-byte cipher or AKM descriptors; it will return NULL
if the input packet is malformed, and otherwise set rsnp to the first byte it has not looked at. It will return the first cipher in the list that is supported by the current build of iPXE, or the first of all if none are supported.
We play rather fast and loose with type checking, because this function is only called from two well-defined places in the RSN-checking code. Don't try to use it for anything else.
Definition at line 186 of file sec80211.c.
References if(), map, NULL, ok, oui_type, return, and rsn_cipher_map.
Referenced by sec80211_detect_ie().
u8* sec80211_find_rsn | ( | union ieee80211_ie * | ie, |
void * | ie_end, | ||
int * | is_rsn, | ||
u8 ** | end | ||
) |
Find the RSN or WPA information element in the provided beacon frame.
ie | Pointer to first information element to check |
ie_end | Pointer to end of information element space |
is_rsn | TRUE if returned IE is RSN, FALSE if it's WPA |
end | Pointer to byte immediately after last byte of data |
data | Pointer to first byte of data (the ‘version’ field) |
If both an RSN and a WPA information element are found, this function will return the first one seen, which by ordering rules should always prefer the newer RSN IE.
If no RSN or WPA infomration element is found, returns NULL
and leaves is_rsn and end in an undefined state.
This function will not return a pointer to an information element that states it extends past the tail of the io_buffer, or whose version field is incorrect.
Definition at line 283 of file sec80211.c.
References DBG, end, ieee80211_ie_bound(), IEEE80211_IE_RSN, IEEE80211_IE_VENDOR, ieee80211_next_ie(), IEEE80211_RSN_VERSION, IEEE80211_WPA_OUI_VEN, and NULL.
Referenced by sec80211_detect(), wpa_handle_3_of_4(), wpa_make_rsn_ie(), and wpa_start().
int sec80211_detect_ie | ( | int | is_rsn, |
u8 * | start, | ||
u8 * | end, | ||
enum net80211_security_proto * | secprot, | ||
enum net80211_crypto_alg * | crypt | ||
) |
Detect crypto and AKM types from RSN information element.
is_rsn | If TRUE, IE is a new-style RSN information element |
start | Pointer to first byte of version field |
end | Pointer to first byte not in the RSN IE |
secprot | Security handshaking protocol used by network |
crypt | Cryptosystem used by network |
rc | Return status code |
If the IE cannot be parsed, returns an error indication and leaves secprot and crypt unchanged.
Definition at line 340 of file sec80211.c.
References cr, DBG, done, EINVAL, end, map, NET80211_CRYPT_CCMP, NET80211_CRYPT_TKIP, NET80211_CRYPTOS, NET80211_HANDSHAKERS, NET80211_SECPROT_EAP, rsn_akm_map, rsn_cipher_map, rsn_pick_desc(), sp, start, table_end, and table_start.
Referenced by sec80211_detect(), and wpa_handle_3_of_4().
int sec80211_detect | ( | struct io_buffer * | iob, |
enum net80211_security_proto * | secprot, | ||
enum net80211_crypto_alg * | crypt | ||
) |
Detect the cryptosystem and handshaking protocol used by an 802.11 network.
iob | I/O buffer containing beacon frame |
secprot | Security handshaking protocol used by network |
crypt | Cryptosystem used by network |
rc | Return status code |
This function uses weak linkage, as it must be called from generic contexts but should only be linked in if some encryption is supported; you must test its address against NULL
before calling it. If it does not exist, any network with the PRIVACY bit set in beacon->capab should be considered unknown.
Definition at line 406 of file sec80211.c.
References io_buffer::data, DBG, DBG_HD, hdr, ieee80211_beacon, IEEE80211_CAPAB_PRIVACY, if(), NET80211_CRYPT_NONE, NET80211_CRYPT_UNKNOWN, NET80211_CRYPT_WEP, NET80211_SECPROT_NONE, NET80211_SECPROT_UNKNOWN, rc, sec80211_detect_ie(), sec80211_find_rsn(), and io_buffer::tail.
|
static |
Determine RSN descriptor for specified net80211 ID.
id | net80211 ID value |
rsnie | Whether to return a new-format (RSN IE) descriptor |
map | Map to use in translation |
desc | RSN descriptor, or 0 on error |
If rsnie is false, returns an old-format (WPA vendor IE) descriptor.
Definition at line 459 of file sec80211.c.
References END_MAGIC, IEEE80211_RSN_OUI, IEEE80211_WPA_OUI, map, and vendor.
Referenced by sec80211_rsn_get_akm_desc(), and sec80211_rsn_get_crypto_desc().
u32 sec80211_rsn_get_crypto_desc | ( | enum net80211_crypto_alg | crypt, |
int | rsnie | ||
) |
Determine RSN descriptor for specified net80211 cryptosystem number.
crypt | Cryptosystem number |
rsnie | Whether to return a new-format (RSN IE) descriptor |
desc | RSN descriptor |
If rsnie is false, returns an old-format (WPA vendor IE) descriptor.
Definition at line 481 of file sec80211.c.
References rsn_cipher_map, and rsn_get_desc().
Referenced by wpa_make_rsn_ie().
u32 sec80211_rsn_get_akm_desc | ( | enum net80211_security_proto | secprot, |
int | rsnie | ||
) |
Determine RSN descriptor for specified net80211 handshaker number.
secprot | Handshaker number |
rsnie | Whether to return a new-format (RSN IE) descriptor |
desc | RSN descriptor |
If rsnie is false, returns an old-format (WPA vendor IE) descriptor.
Definition at line 496 of file sec80211.c.
References rsn_akm_map, and rsn_get_desc().
Referenced by wpa_make_rsn_ie().
enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt | ( | u32 | desc | ) |
Determine net80211 cryptosystem number from RSN descriptor.
desc | RSN descriptor |
crypt | net80211 cryptosystem enumeration value |
Definition at line 508 of file sec80211.c.
References desc, END_MAGIC, map, OUI_TYPE_MASK, and rsn_cipher_map.
Referenced by wpa_handle_3_of_4(), and wpa_make_rsn_ie().
|
static |
Mapping between net80211 cryptosystems and 802.11i cipher IDs.
Definition at line 65 of file sec80211.c.
Referenced by rsn_pick_desc(), sec80211_detect_ie(), sec80211_rsn_get_crypto_desc(), and sec80211_rsn_get_net80211_crypt().
|
static |
Mapping between net80211 handshakers and 802.11i AKM IDs.
Definition at line 83 of file sec80211.c.
Referenced by sec80211_detect_ie(), and sec80211_rsn_get_akm_desc().