2 *************************************************************************
4 * 5F., No.36, Taiyuan St., Jhubei City,
8 * (c) Copyright 2002-2007, Ralink Technology, Inc.
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 2 of the License, or *
13 * (at your option) any later version. *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the *
22 * Free Software Foundation, Inc., *
23 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 *************************************************************************
34 -------- ---------- ----------------------------------------------
35 John 2004-9-3 porting from RT2500
37 #include "../rt_config.h"
40 ==========================================================================
42 authenticate state machine init, including state transition and timer init
44 Sm - pointer to the auth state machine
46 The state machine looks like this
48 AUTH_REQ_IDLE AUTH_WAIT_SEQ2 AUTH_WAIT_SEQ4
49 MT2_MLME_AUTH_REQ mlme_auth_req_action invalid_state_when_auth invalid_state_when_auth
50 MT2_PEER_AUTH_EVEN drop peer_auth_even_at_seq2_action peer_auth_even_at_seq4_action
51 MT2_AUTH_TIMEOUT Drop auth_timeout_action auth_timeout_action
55 ==========================================================================
58 void AuthStateMachineInit(struct rt_rtmp_adapter *pAd,
59 struct rt_state_machine *Sm, OUT STATE_MACHINE_FUNC Trans[])
61 StateMachineInit(Sm, Trans, MAX_AUTH_STATE, MAX_AUTH_MSG,
62 (STATE_MACHINE_FUNC) Drop, AUTH_REQ_IDLE,
65 /* the first column */
66 StateMachineSetAction(Sm, AUTH_REQ_IDLE, MT2_MLME_AUTH_REQ,
67 (STATE_MACHINE_FUNC) MlmeAuthReqAction);
69 /* the second column */
70 StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_MLME_AUTH_REQ,
71 (STATE_MACHINE_FUNC) InvalidStateWhenAuth);
72 StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_PEER_AUTH_EVEN,
73 (STATE_MACHINE_FUNC) PeerAuthRspAtSeq2Action);
74 StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_AUTH_TIMEOUT,
75 (STATE_MACHINE_FUNC) AuthTimeoutAction);
77 /* the third column */
78 StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_MLME_AUTH_REQ,
79 (STATE_MACHINE_FUNC) InvalidStateWhenAuth);
80 StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_PEER_AUTH_EVEN,
81 (STATE_MACHINE_FUNC) PeerAuthRspAtSeq4Action);
82 StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_AUTH_TIMEOUT,
83 (STATE_MACHINE_FUNC) AuthTimeoutAction);
85 RTMPInitTimer(pAd, &pAd->MlmeAux.AuthTimer,
86 GET_TIMER_FUNCTION(AuthTimeout), pAd, FALSE);
90 ==========================================================================
92 function to be executed at timer thread when auth timer expires
96 ==========================================================================
98 void AuthTimeout(void *SystemSpecific1,
99 void *FunctionContext,
100 void *SystemSpecific2, void *SystemSpecific3)
102 struct rt_rtmp_adapter *pAd = (struct rt_rtmp_adapter *)FunctionContext;
104 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - AuthTimeout\n"));
106 /* Do nothing if the driver is starting halt state. */
107 /* This might happen when timer already been fired before cancel timer with mlmehalt */
109 (pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
112 /* send a de-auth to reset AP's state machine (Patch AP-Dir635) */
113 if (pAd->Mlme.AuthMachine.CurrState == AUTH_WAIT_SEQ2)
114 Cls2errAction(pAd, pAd->MlmeAux.Bssid);
116 MlmeEnqueue(pAd, AUTH_STATE_MACHINE, MT2_AUTH_TIMEOUT, 0, NULL);
117 RTMP_MLME_HANDLER(pAd);
121 ==========================================================================
124 IRQL = DISPATCH_LEVEL
126 ==========================================================================
128 void MlmeAuthReqAction(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
131 (pAd, Elem, &pAd->MlmeAux.AuthTimer, "AUTH", 1, NULL, 0))
132 pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ2;
136 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
137 Status = MLME_INVALID_FORMAT;
138 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2,
144 ==========================================================================
147 IRQL = DISPATCH_LEVEL
149 ==========================================================================
151 void PeerAuthRspAtSeq2Action(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
153 u8 Addr2[MAC_ADDR_LEN];
154 u16 Seq, Status, RemoteStatus, Alg;
155 u8 ChlgText[CIPHER_TEXT_LEN];
156 u8 CyperChlgText[CIPHER_TEXT_LEN + 8 + 8];
158 struct rt_header_802_11 AuthHdr;
159 BOOLEAN TimerCancelled;
160 u8 *pOutBuffer = NULL;
162 unsigned long FrameLen = 0;
166 (pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status,
168 if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 2) {
169 DBGPRINT(RT_DEBUG_TRACE,
170 ("AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n",
172 RTMPCancelTimer(&pAd->MlmeAux.AuthTimer,
175 if (Status == MLME_SUCCESS) {
176 /* Authentication Mode "LEAP" has allow for CCX 1.X */
177 if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen) {
178 pAd->Mlme.AuthMachine.CurrState =
181 MLME_CNTL_STATE_MACHINE,
182 MT2_AUTH_CONF, 2, &Status);
184 /* 2. shared key, need to be challenged */
186 RemoteStatus = MLME_SUCCESS;
188 /* Get an unused nonpaged memory */
190 MlmeAllocateMemory(pAd,
192 if (NStatus != NDIS_STATUS_SUCCESS) {
193 DBGPRINT(RT_DEBUG_TRACE,
194 ("AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n"));
195 pAd->Mlme.AuthMachine.
196 CurrState = AUTH_REQ_IDLE;
197 Status2 = MLME_FAIL_NO_RESOURCE;
199 MLME_CNTL_STATE_MACHINE,
205 DBGPRINT(RT_DEBUG_TRACE,
206 ("AUTH - Send AUTH request seq#3...\n"));
207 MgtMacHeaderInit(pAd, &AuthHdr,
208 SUBTYPE_AUTH, 0, Addr2,
211 /* Encrypt challenge text & auth information */
212 RTMPInitWepEngine(pAd,
214 SharedKey[BSS0][pAd->
221 SharedKey[BSS0][pAd->
227 Alg = cpu2le16(*(u16 *) & Alg);
228 Seq = cpu2le16(*(u16 *) & Seq);
233 RTMPEncryptData(pAd, (u8 *)& Alg,
234 CyperChlgText + 4, 2);
235 RTMPEncryptData(pAd, (u8 *)& Seq,
236 CyperChlgText + 6, 2);
238 (u8 *)& RemoteStatus,
239 CyperChlgText + 8, 2);
242 RTMPEncryptData(pAd, Element,
243 CyperChlgText + 10, 2);
244 RTMPEncryptData(pAd, ChlgText,
247 RTMPSetICV(pAd, CyperChlgText + 140);
248 MakeOutgoingFrame(pOutBuffer, &FrameLen,
249 sizeof(struct rt_header_802_11),
251 CIPHER_TEXT_LEN + 16,
254 MiniportMMRequest(pAd, 0, pOutBuffer,
256 MlmeFreeMemory(pAd, pOutBuffer);
258 RTMPSetTimer(&pAd->MlmeAux.AuthTimer,
260 pAd->Mlme.AuthMachine.CurrState =
264 pAd->StaCfg.AuthFailReason = Status;
265 COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
266 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
267 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE,
268 MT2_AUTH_CONF, 2, &Status);
272 DBGPRINT(RT_DEBUG_TRACE,
273 ("AUTH - PeerAuthSanity() sanity check fail\n"));
278 ==========================================================================
281 IRQL = DISPATCH_LEVEL
283 ==========================================================================
285 void PeerAuthRspAtSeq4Action(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
287 u8 Addr2[MAC_ADDR_LEN];
288 u16 Alg, Seq, Status;
289 char ChlgText[CIPHER_TEXT_LEN];
290 BOOLEAN TimerCancelled;
293 (pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status,
295 if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 4) {
296 DBGPRINT(RT_DEBUG_TRACE,
297 ("AUTH - Receive AUTH_RSP seq#4 to me\n"));
298 RTMPCancelTimer(&pAd->MlmeAux.AuthTimer,
301 if (Status != MLME_SUCCESS) {
302 pAd->StaCfg.AuthFailReason = Status;
303 COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
306 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
307 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF,
311 DBGPRINT(RT_DEBUG_TRACE,
312 ("AUTH - PeerAuthRspAtSeq4Action() sanity check fail\n"));
317 ==========================================================================
320 IRQL = DISPATCH_LEVEL
322 ==========================================================================
324 void MlmeDeauthReqAction(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
326 struct rt_mlme_deauth_req *pInfo;
327 struct rt_header_802_11 DeauthHdr;
328 u8 *pOutBuffer = NULL;
330 unsigned long FrameLen = 0;
333 pInfo = (struct rt_mlme_deauth_req *)Elem->Msg;
335 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */
336 if (NStatus != NDIS_STATUS_SUCCESS) {
337 DBGPRINT(RT_DEBUG_TRACE,
338 ("AUTH - MlmeDeauthReqAction() allocate memory fail\n"));
339 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
340 Status = MLME_FAIL_NO_RESOURCE;
341 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2,
346 DBGPRINT(RT_DEBUG_TRACE,
347 ("AUTH - Send DE-AUTH request (Reason=%d)...\n",
349 MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pInfo->Addr,
351 MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(struct rt_header_802_11),
352 &DeauthHdr, 2, &pInfo->Reason, END_OF_ARGS);
353 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
354 MlmeFreeMemory(pAd, pOutBuffer);
356 pAd->StaCfg.DeauthReason = pInfo->Reason;
357 COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pInfo->Addr);
358 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
359 Status = MLME_SUCCESS;
360 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status);
362 /* send wireless event - for deauthentication */
363 if (pAd->CommonCfg.bWirelessEvent)
364 RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG,
365 pAd->MacTab.Content[BSSID_WCID].Addr,
370 ==========================================================================
373 IRQL = DISPATCH_LEVEL
375 ==========================================================================
377 void AuthTimeoutAction(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
380 DBGPRINT(RT_DEBUG_TRACE, ("AUTH - AuthTimeoutAction\n"));
381 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
382 Status = MLME_REJ_TIMEOUT;
383 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
387 ==========================================================================
390 IRQL = DISPATCH_LEVEL
392 ==========================================================================
394 void InvalidStateWhenAuth(struct rt_rtmp_adapter *pAd, struct rt_mlme_queue_elem *Elem)
397 DBGPRINT(RT_DEBUG_TRACE,
398 ("AUTH - InvalidStateWhenAuth (state=%ld), reset AUTH state machine\n",
399 pAd->Mlme.AuthMachine.CurrState));
400 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
401 Status = MLME_STATE_MACHINE_REJECT;
402 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
406 ==========================================================================
410 This action should never trigger AUTH state transition, therefore we
411 separate it from AUTH state machine, and make it as a standalone service
413 IRQL = DISPATCH_LEVEL
415 ==========================================================================
417 void Cls2errAction(struct rt_rtmp_adapter *pAd, u8 *pAddr)
419 struct rt_header_802_11 DeauthHdr;
420 u8 *pOutBuffer = NULL;
422 unsigned long FrameLen = 0;
423 u16 Reason = REASON_CLS2ERR;
425 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */
426 if (NStatus != NDIS_STATUS_SUCCESS)
429 DBGPRINT(RT_DEBUG_TRACE,
430 ("AUTH - Class 2 error, Send DEAUTH frame...\n"));
431 MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pAddr,
433 MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(struct rt_header_802_11),
434 &DeauthHdr, 2, &Reason, END_OF_ARGS);
435 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
436 MlmeFreeMemory(pAd, pOutBuffer);
438 pAd->StaCfg.DeauthReason = Reason;
439 COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pAddr);
442 BOOLEAN AUTH_ReqSend(struct rt_rtmp_adapter *pAd,
443 struct rt_mlme_queue_elem *pElem,
444 struct rt_ralink_timer *pAuthTimer,
447 u8 *pNewElement, unsigned long ElementLen)
449 u16 Alg, Seq, Status;
451 unsigned long Timeout;
452 struct rt_header_802_11 AuthHdr;
453 BOOLEAN TimerCancelled;
455 u8 *pOutBuffer = NULL;
456 unsigned long FrameLen = 0, tmp = 0;
458 /* Block all authentication request durning WPA block period */
459 if (pAd->StaCfg.bBlockAssoc == TRUE) {
460 DBGPRINT(RT_DEBUG_TRACE,
461 ("%s - Block Auth request durning WPA block period!\n",
463 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
464 Status = MLME_STATE_MACHINE_REJECT;
465 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2,
468 if (MlmeAuthReqSanity
469 (pAd, pElem->Msg, pElem->MsgLen, Addr, &Timeout, &Alg)) {
471 RTMPCancelTimer(pAuthTimer, &TimerCancelled);
473 COPY_MAC_ADDR(pAd->MlmeAux.Bssid, Addr);
474 pAd->MlmeAux.Alg = Alg;
476 Status = MLME_SUCCESS;
478 NStatus = MlmeAllocateMemory(pAd, &pOutBuffer); /*Get an unused nonpaged memory */
479 if (NStatus != NDIS_STATUS_SUCCESS) {
480 DBGPRINT(RT_DEBUG_TRACE,
481 ("%s - MlmeAuthReqAction(Alg:%d) allocate memory failed\n",
483 pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
484 Status = MLME_FAIL_NO_RESOURCE;
485 MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF,
490 DBGPRINT(RT_DEBUG_TRACE,
491 ("%s - Send AUTH request seq#1 (Alg=%d)...\n", pSMName,
493 MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr,
495 MakeOutgoingFrame(pOutBuffer, &FrameLen, sizeof(struct rt_header_802_11),
496 &AuthHdr, 2, &Alg, 2, &Seq, 2, &Status,
499 if (pNewElement && ElementLen) {
500 MakeOutgoingFrame(pOutBuffer + FrameLen, &tmp,
501 ElementLen, pNewElement, END_OF_ARGS);
505 MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
506 MlmeFreeMemory(pAd, pOutBuffer);
508 RTMPSetTimer(pAuthTimer, Timeout);
511 DBGPRINT_ERR(("%s - MlmeAuthReqAction() sanity check failed\n",