2 *************************************************************************
4 * 5F., No.36, Taiyuan St., Jhubei City,
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 *************************************************************************
34 -------- ---------- ----------------------------------------------
35 John 2004-9-3 porting from RT2500
37 #include "../rt_config.h"
40 ==========================================================================
42 authenticate state machine init, including state transition and timer init
44 Sm - pointer to the auth state machine
46 The state machine looks like this
48 AUTH_REQ_IDLE AUTH_WAIT_SEQ2 AUTH_WAIT_SEQ4
49 MT2_MLME_AUTH_REQ mlme_auth_req_action invalid_state_when_auth invalid_state_when_auth
50 MT2_PEER_AUTH_EVEN drop peer_auth_even_at_seq2_action peer_auth_even_at_seq4_action
51 MT2_AUTH_TIMEOUT Drop auth_timeout_action auth_timeout_action
55 ==========================================================================
58 void AuthStateMachineInit(
61 OUT STATE_MACHINE_FUNC Trans[])
63 StateMachineInit(Sm, Trans, MAX_AUTH_STATE, MAX_AUTH_MSG, (STATE_MACHINE_FUNC)Drop, AUTH_REQ_IDLE, AUTH_MACHINE_BASE);
66 StateMachineSetAction(Sm, AUTH_REQ_IDLE, MT2_MLME_AUTH_REQ, (STATE_MACHINE_FUNC)MlmeAuthReqAction);
69 StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_MLME_AUTH_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAuth);
70 StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_PEER_AUTH_EVEN, (STATE_MACHINE_FUNC)PeerAuthRspAtSeq2Action);
71 StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_AUTH_TIMEOUT, (STATE_MACHINE_FUNC)AuthTimeoutAction);
74 StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_MLME_AUTH_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAuth);
75 StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_PEER_AUTH_EVEN, (STATE_MACHINE_FUNC)PeerAuthRspAtSeq4Action);
76 StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_AUTH_TIMEOUT, (STATE_MACHINE_FUNC)AuthTimeoutAction);
78 RTMPInitTimer(pAd, &pAd->MlmeAux.AuthTimer, GET_TIMER_FUNCTION(AuthTimeout), pAd, FALSE);
82 ==========================================================================
84 function to be executed at timer thread when auth timer expires
88 ==========================================================================
91 IN PVOID SystemSpecific1,
92 IN PVOID FunctionContext,
93 IN PVOID SystemSpecific2,
94 IN PVOID SystemSpecific3)
96 RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
98 DBGPRINT(RT_DEBUG_TRACE,("AUTH - AuthTimeout\n"));
100 // Do nothing if the driver is starting halt state.
101 // This might happen when timer already been fired before cancel timer with mlmehalt
102 if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
105 // send a de-auth to reset AP's state machine (Patch AP-Dir635)
106 if (pAd->Mlme.AuthMachine.CurrState == AUTH_WAIT_SEQ2)
107 Cls2errAction(pAd, pAd->MlmeAux.Bssid);
110 MlmeEnqueue(pAd, AUTH_STATE_MACHINE, MT2_AUTH_TIMEOUT, 0, NULL);
111 RTMP_MLME_HANDLER(pAd);
116 ==========================================================================
119 IRQL = DISPATCH_LEVEL
121 ==========================================================================
123 VOID MlmeAuthReqAction(
124 IN PRTMP_ADAPTER pAd,
125 IN MLME_QUEUE_ELEM *Elem)
127 if (AUTH_ReqSend(pAd, Elem, &pAd->MlmeAux.AuthTimer, "AUTH", 1, NULL, 0))
128 pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ2;
133 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
134 Status = MLME_INVALID_FORMAT;
135 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
140 ==========================================================================
143 IRQL = DISPATCH_LEVEL
145 ==========================================================================
147 VOID PeerAuthRspAtSeq2Action(
148 IN PRTMP_ADAPTER pAd,
149 IN MLME_QUEUE_ELEM *Elem)
151 UCHAR Addr2[MAC_ADDR_LEN];
152 USHORT Seq, Status, RemoteStatus, Alg;
153 UCHAR ChlgText[CIPHER_TEXT_LEN];
154 UCHAR CyperChlgText[CIPHER_TEXT_LEN + 8 + 8];
156 HEADER_802_11 AuthHdr;
157 BOOLEAN TimerCancelled;
158 PUCHAR pOutBuffer = NULL;
163 if (PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, (PCHAR)ChlgText))
165 if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 2)
167 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status));
168 RTMPCancelTimer(&pAd->MlmeAux.AuthTimer, &TimerCancelled);
170 if (Status == MLME_SUCCESS)
172 // Authentication Mode "LEAP" has allow for CCX 1.X
173 if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen)
175 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
176 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
180 // 2. shared key, need to be challenged
182 RemoteStatus = MLME_SUCCESS;
184 // Get an unused nonpaged memory
185 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
186 if(NStatus != NDIS_STATUS_SUCCESS)
188 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n"));
189 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
190 Status2 = MLME_FAIL_NO_RESOURCE;
191 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status2);
195 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send AUTH request seq#3...\n"));
196 MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->MlmeAux.Bssid);
198 // Encrypt challenge text & auth information
201 pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].Key,
202 pAd->StaCfg.DefaultKeyId,
203 pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].KeyLen,
206 Alg = cpu2le16(*(USHORT *)&Alg);
207 Seq = cpu2le16(*(USHORT *)&Seq);
208 RemoteStatus= cpu2le16(*(USHORT *)&RemoteStatus);
210 RTMPEncryptData(pAd, (PUCHAR) &Alg, CyperChlgText + 4, 2);
211 RTMPEncryptData(pAd, (PUCHAR) &Seq, CyperChlgText + 6, 2);
212 RTMPEncryptData(pAd, (PUCHAR) &RemoteStatus, CyperChlgText + 8, 2);
215 RTMPEncryptData(pAd, Element, CyperChlgText + 10, 2);
216 RTMPEncryptData(pAd, ChlgText, CyperChlgText + 12, 128);
217 RTMPSetICV(pAd, CyperChlgText + 140);
218 MakeOutgoingFrame(pOutBuffer, &FrameLen,
219 sizeof(HEADER_802_11), &AuthHdr,
220 CIPHER_TEXT_LEN + 16, CyperChlgText,
222 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
223 MlmeFreeMemory(pAd, pOutBuffer);
225 RTMPSetTimer(&pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT);
226 pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ4;
231 pAd->StaCfg.AuthFailReason = Status;
232 COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
233 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
234 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
240 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthSanity() sanity check fail\n"));
245 ==========================================================================
248 IRQL = DISPATCH_LEVEL
250 ==========================================================================
252 VOID PeerAuthRspAtSeq4Action(
253 IN PRTMP_ADAPTER pAd,
254 IN MLME_QUEUE_ELEM *Elem)
256 UCHAR Addr2[MAC_ADDR_LEN];
257 USHORT Alg, Seq, Status;
258 CHAR ChlgText[CIPHER_TEXT_LEN];
259 BOOLEAN TimerCancelled;
261 if(PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, ChlgText))
263 if(MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 4)
265 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Receive AUTH_RSP seq#4 to me\n"));
266 RTMPCancelTimer(&pAd->MlmeAux.AuthTimer, &TimerCancelled);
268 if (Status != MLME_SUCCESS)
270 pAd->StaCfg.AuthFailReason = Status;
271 COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
274 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
275 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
280 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthRspAtSeq4Action() sanity check fail\n"));
285 ==========================================================================
288 IRQL = DISPATCH_LEVEL
290 ==========================================================================
292 VOID MlmeDeauthReqAction(
293 IN PRTMP_ADAPTER pAd,
294 IN MLME_QUEUE_ELEM *Elem)
296 MLME_DEAUTH_REQ_STRUCT *pInfo;
297 HEADER_802_11 DeauthHdr;
298 PUCHAR pOutBuffer = NULL;
303 pInfo = (MLME_DEAUTH_REQ_STRUCT *)Elem->Msg;
305 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
306 if (NStatus != NDIS_STATUS_SUCCESS)
308 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - MlmeDeauthReqAction() allocate memory fail\n"));
309 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
310 Status = MLME_FAIL_NO_RESOURCE;
311 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status);
315 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send DE-AUTH request (Reason=%d)...\n", pInfo->Reason));
316 MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pInfo->Addr, pAd->MlmeAux.Bssid);
317 MakeOutgoingFrame(pOutBuffer, &FrameLen,
318 sizeof(HEADER_802_11),&DeauthHdr,
321 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
322 MlmeFreeMemory(pAd, pOutBuffer);
324 pAd->StaCfg.DeauthReason = pInfo->Reason;
325 COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pInfo->Addr);
326 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
327 Status = MLME_SUCCESS;
328 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status);
330 // send wireless event - for deauthentication
331 if (pAd->CommonCfg.bWirelessEvent)
332 RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
336 ==========================================================================
339 IRQL = DISPATCH_LEVEL
341 ==========================================================================
343 VOID AuthTimeoutAction(
344 IN PRTMP_ADAPTER pAd,
345 IN MLME_QUEUE_ELEM *Elem)
348 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - AuthTimeoutAction\n"));
349 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
350 Status = MLME_REJ_TIMEOUT;
351 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
355 ==========================================================================
358 IRQL = DISPATCH_LEVEL
360 ==========================================================================
362 VOID InvalidStateWhenAuth(
363 IN PRTMP_ADAPTER pAd,
364 IN MLME_QUEUE_ELEM *Elem)
367 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - InvalidStateWhenAuth (state=%ld), reset AUTH state machine\n", pAd->Mlme.AuthMachine.CurrState));
368 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
369 Status = MLME_STATE_MACHINE_REJECT;
370 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
374 ==========================================================================
378 This action should never trigger AUTH state transition, therefore we
379 separate it from AUTH state machine, and make it as a standalone service
381 IRQL = DISPATCH_LEVEL
383 ==========================================================================
386 IN PRTMP_ADAPTER pAd,
389 HEADER_802_11 DeauthHdr;
390 PUCHAR pOutBuffer = NULL;
393 USHORT Reason = REASON_CLS2ERR;
395 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
396 if (NStatus != NDIS_STATUS_SUCCESS)
399 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Class 2 error, Send DEAUTH frame...\n"));
400 MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pAddr, pAd->MlmeAux.Bssid);
401 MakeOutgoingFrame(pOutBuffer, &FrameLen,
402 sizeof(HEADER_802_11),&DeauthHdr,
405 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
406 MlmeFreeMemory(pAd, pOutBuffer);
408 pAd->StaCfg.DeauthReason = Reason;
409 COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pAddr);
412 BOOLEAN AUTH_ReqSend(
413 IN PRTMP_ADAPTER pAd,
414 IN PMLME_QUEUE_ELEM pElem,
415 IN PRALINK_TIMER_STRUCT pAuthTimer,
418 IN PUCHAR pNewElement,
421 USHORT Alg, Seq, Status;
424 HEADER_802_11 AuthHdr;
425 BOOLEAN TimerCancelled;
427 PUCHAR pOutBuffer = NULL;
428 ULONG FrameLen = 0, tmp = 0;
430 // Block all authentication request durning WPA block period
431 if (pAd->StaCfg.bBlockAssoc == TRUE)
433 DBGPRINT(RT_DEBUG_TRACE, ("%s - Block Auth request durning WPA block period!\n", pSMName));
434 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
435 Status = MLME_STATE_MACHINE_REJECT;
436 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
438 else if(MlmeAuthReqSanity(pAd, pElem->Msg, pElem->MsgLen, Addr, &Timeout, &Alg))
441 RTMPCancelTimer(pAuthTimer, &TimerCancelled);
443 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, Addr);
444 pAd->MlmeAux.Alg = Alg;
446 Status = MLME_SUCCESS;
448 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); //Get an unused nonpaged memory
449 if(NStatus != NDIS_STATUS_SUCCESS)
451 DBGPRINT(RT_DEBUG_TRACE, ("%s - MlmeAuthReqAction(Alg:%d) allocate memory failed\n", pSMName, Alg));
452 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
453 Status = MLME_FAIL_NO_RESOURCE;
454 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
458 DBGPRINT(RT_DEBUG_TRACE, ("%s - Send AUTH request seq#1 (Alg=%d)...\n", pSMName, Alg));
459 MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr, pAd->MlmeAux.Bssid);
460 MakeOutgoingFrame(pOutBuffer, &FrameLen,
461 sizeof(HEADER_802_11),&AuthHdr,
467 if (pNewElement && ElementLen)
469 MakeOutgoingFrame(pOutBuffer+FrameLen, &tmp,
470 ElementLen, pNewElement,
475 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
476 MlmeFreeMemory(pAd, pOutBuffer);
478 RTMPSetTimer(pAuthTimer, Timeout);
483 DBGPRINT_ERR(("%s - MlmeAuthReqAction() sanity check failed\n", pSMName));