sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-22 21:11:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

[802.11] Add core support for detecting and using encrypted networks

Browse Source 
Signed-off-by: Marty Connor <mdc@etherboot.org>
This commit is contained in:
Joshua Oreman
2009-08-07 22:03:30 -07:00
committed by Marty Connor
parent 8d08da3a99
commit dd8a3e2e70
6 changed files with 1130 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/include/gpxe/errfile.h
View File

@@ -158,6 +158,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
#define ERRFILE_ib_mi ( ERRFILE_NET | 0x00200000 )
#define ERRFILE_ib_cmrc ( ERRFILE_NET | 0x00210000 )
#define ERRFILE_ib_srp ( ERRFILE_NET | 0x00220000 )
#define ERRFILE_sec80211 ( ERRFILE_NET | 0x00230000 )
#define ERRFILE_image ( ERRFILE_IMAGE | 0x00000000 )
#define ERRFILE_elf ( ERRFILE_IMAGE | 0x00010000 )

232
src/include/gpxe/ieee80211.h
View File

@@ -2,6 +2,7 @@
#define _GPXE_IEEE80211_H
#include <gpxe/if_ether.h> /* for ETH_ALEN */
#include <endian.h>
/** @file
* Constants and data structures defined in IEEE 802.11, subsetted
@@ -779,10 +780,9 @@ struct ieee80211_ie_erp_info {
*
* Showing once again a striking clarity of design, the IEEE folks put
* dynamically-sized data in the middle of this structure. As such,
* the below structure definition is only a guideline; the
* @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER, and
* @c IEEE80211_RSN_AUTHTYPE macros should be used to access any
* data.
* the below structure definition only works for IEs we create
* ourselves, which always have one pairwise cipher and one AKM;
* received IEs should be parsed piecemeal.
*
* Also inspired was IEEE's choice of 16-bit fields to count the
* number of 4-byte elements in a structure with a maximum length of
@@ -790,11 +790,9 @@ struct ieee80211_ie_erp_info {
*
* Many fields reference a cipher or authentication-type ID; this is a
* three-byte OUI followed by one byte identifying the cipher with
* respect to that OUI. For all standard ciphers the OUI is 00:0F:AC.
*
* The authentication types referenced in this structure have nothing
* to do with 802.11 authentication frames or the @c algorithm field
* within them.
* respect to that OUI. For all standard ciphers the OUI is 00:0F:AC,
* except in old-style WPA IEs encapsulated in vendor-specific IEs,
* where it's 00:50:F2.
*/
struct ieee80211_ie_rsn {
/** Information element ID */
@@ -807,21 +805,21 @@ struct ieee80211_ie_rsn {
u16 version;
/** Cipher ID for the cipher used in multicast/broadcast frames */
u8 group_cipher[4];
u32 group_cipher;
/** Number of unicast ciphers supported */
u16 pairwise_count;
/** List of cipher IDs for supported unicast frame ciphers */
u8 pairwise_cipher[4];
u32 pairwise_cipher[1];
/** Number of authentication types supported */
u16 akm_count;
/** List of authentication type IDs for supported types */
u8 akm_list[4];
u32 akm_list[1];
/** Security capabilities field. */
/** Security capabilities field (RSN only) */
u16 rsn_capab;
/** Number of PMKIDs included (present only in association frames) */
@@ -834,140 +832,69 @@ struct ieee80211_ie_rsn {
/** Information element ID for Robust Security Network information element */
#define IEEE80211_IE_RSN 48
/** OUI for standard ciphers in RSN information element */
#define IEEE80211_RSN_OUI "\x00\x0F\xAC"
/** Extract RSN IE version field */
#define IEEE80211_RSN_FIELD_version( rsnp ) ( (rsnp)->version )
/** Extract RSN IE group_cipher field */
#define IEEE80211_RSN_FIELD_group_cipher( rsnp ) ( (rsnp)->group_cipher )
/** Extract RSN IE pairwise_count field */
#define IEEE80211_RSN_FIELD_pairwise_count( rsnp ) ( (rsnp)->pairwise_count )
/** Extract RSN IE akm_count field */
#define IEEE80211_RSN_FIELD_akm_count( rsnp ) \
( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
4*( ( rsnp )->pairwise_count - 1 ) ) )->akm_count )
/** Extract RSN IE rsn_capab field */
#define IEEE80211_RSN_FIELD_rsn_capab( rsnp ) \
( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
4*( ( rsnp )->pairwise_count - 1 ) + \
4*( ( rsnp )->akm_count - 1 ) ) )->rsn_capab )
/** Extract RSN IE pmkid_count field */
#define IEEE80211_RSN_FIELD_pmkid_count( rsnp ) \
( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
4*( ( rsnp )->pairwise_count - 1 ) + \
4*( ( rsnp )->akm_count - 1 ) ) )->pmkid_count )
/** Extract field from RSN information element
*
* @v rsnp Pointer to RSN information element
* @v field Name of field to extract
* @ret val Lvalue of the requested field
*
* You must fill the fields of the structure in order for this to work
* properly.
*/
#define IEEE80211_RSN_FIELD( rsnp, field ) \
IEEE80211_RSN_FIELD_ ## field ( rsnp )
/** Get pointer to pairwise cipher from RSN information element
*
* @v rsnp Pointer to RSN information element
* @v cipher Index of pairwise cipher to extract
* @ret ptr Pointer to requested cipher
*/
#define IEEE80211_RSN_CIPHER( rsnp, cipher ) \
( ( rsnp )->pairwise_cipher + 4 * ( cipher ) )
/** Get pointer to authentication type from RSN information element
*
* @v rsnp Pointer to RSN information element
* @v akm Index of authentication type to extract
* @ret ptr Pointer to requested authentication type
*
* The @c pairwise_count field must be correct.
*/
#define IEEE80211_RSN_AUTHTYPE( rsnp, akm ) \
( ( rsnp )->akm_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + 4 * ( akm ) )
/** Get pointer to PMKID from RSN information element
*
* @v rsnp Pointer to RSN information element
* @v idx Index of PMKID to extract
* @ret ptr Pointer to requested PMKID
*
* The @c pairwise_count and @c akm_count fields must be correct.
*/
#define IEEE80211_RSN_PMKID( rsnp, idx ) \
( ( rsnp )->pmkid_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + \
4 * ( ( rsnp )->akm_count - 1 ) + 16 * ( idx ) )
/** Verify size of RSN information element
*
* @v rsnp Pointer to RSN information element
* @ret ok TRUE if count fields are consistent with length field
*
* It is important to drop any RSN IE that does not pass this function
* before using the @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER,
* and @c IEEE80211_RSN_AUTHTYPE macros, to avoid potential security
* compromise due to a malformed RSN IE.
*
* This function does not consider the possibility of some PMKIDs
* included in the RSN IE, because PMKIDs are only included in RSN IEs
* sent in association request frames, and we should never receive an
* association request frame. An RSN IE that includes PMKIDs will
* always fail this check.
*/
static inline int ieee80211_rsn_check ( struct ieee80211_ie_rsn *rsnp ) {
if ( rsnp->len < 12 + 4 * rsnp->pairwise_count )
return 0;
return ( rsnp->len == 12 + 4 * ( rsnp->pairwise_count +
IEEE80211_RSN_FIELD ( rsnp, akm_count ) ) );
}
/** Calculate necessary size of RSN information element
*
* @v npair Number of pairwise ciphers supported
* @v nauth Number of authentication types supported
* @v npmkid Number of PMKIDs to include
* @ret size Necessary size of RSN IE, including header bytes
* @v is_rsn If TRUE, calculate RSN IE size; if FALSE, calculate WPA IE size
* @ret size Necessary size of IE, including header bytes
*/
static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid ) {
return 16 + 4 * ( npair + nauth ) + 16 * npmkid;
static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid,
int rsn_ie ) {
return 16 + 4 * ( npair + nauth ) + 16 * npmkid - 4 * ! rsn_ie;
}
/** Make OUI plus type byte into 32-bit integer for easy comparison */
#if __BYTE_ORDER == __BIG_ENDIAN
#define _MKOUI( a, b, c, t ) \
( ( ( a ) << 24 ) | ( ( b ) << 16 ) | ( ( c ) << 8 ) | ( d ) )
#define OUI_ORG_MASK 0xFFFFFF00
#define OUI_TYPE_MASK 0x000000FF
#else
#define _MKOUI( a, b, c, t ) \
( ( ( t ) << 24 ) | ( ( c ) << 16 ) | ( ( b ) << 8 ) | ( a ) )
#define OUI_ORG_MASK 0x00FFFFFF
#define OUI_TYPE_MASK 0xFF000000
#endif
/** Organization part for OUIs in standard RSN IE */
#define IEEE80211_RSN_OUI _MKOUI ( 0x00, 0x0F, 0xAC, 0 )
/** Organization part for OUIs in old WPA IE */
#define IEEE80211_WPA_OUI _MKOUI ( 0x00, 0x50, 0xF2, 0 )
/** Old vendor-type WPA IE OUI type + subtype */
#define IEEE80211_WPA_OUI_VEN _MKOUI ( 0x00, 0x50, 0xF2, 0x01 )
/** 802.11 RSN IE: expected version number */
#define IEEE80211_RSN_VERSION 1
/** 802.11 RSN IE: fourth byte of cipher type for 40-bit WEP */
#define IEEE80211_RSN_CTYPE_WEP40 1
/** 802.11 RSN IE: cipher type for 40-bit WEP */
#define IEEE80211_RSN_CTYPE_WEP40 _MKOUI ( 0, 0, 0, 0x01 )
/** 802.11 RSN IE: fourth byte of cipher type for 104-bit WEP */
#define IEEE80211_RSN_CTYPE_WEP104 5
/** 802.11 RSN IE: cipher type for 104-bit WEP */
#define IEEE80211_RSN_CTYPE_WEP104 _MKOUI ( 0, 0, 0, 0x05 )
/** 802.11 RSN IE: fourth byte of cipher type for TKIP ("WPA") */
#define IEEE80211_RSN_CTYPE_TKIP 2
/** 802.11 RSN IE: cipher type for TKIP ("WPA") */
#define IEEE80211_RSN_CTYPE_TKIP _MKOUI ( 0, 0, 0, 0x02 )
/** 802.11 RSN IE: fourth byte of cipher type for CCMP ("WPA2") */
#define IEEE80211_RSN_CTYPE_CCMP 4
/** 802.11 RSN IE: cipher type for CCMP ("WPA2") */
#define IEEE80211_RSN_CTYPE_CCMP _MKOUI ( 0, 0, 0, 0x04 )
/** 802.11 RSN IE: fourth byte of cipher type for "use group"
/** 802.11 RSN IE: cipher type for "use group"
*
* This can only appear as a pairwise cipher, and means unicast frames
* should be encrypted in the same way as broadcast/multicast frames.
*/
#define IEEE80211_RSN_CTYPE_USEGROUP 0
#define IEEE80211_RSN_CTYPE_USEGROUP _MKOUI ( 0, 0, 0, 0x00 )
/** 802.11 RSN IE: fourth byte of auth method type for using an 802.1X server */
#define IEEE80211_RSN_ATYPE_8021X 1
/** 802.11 RSN IE: auth method type for using an 802.1X server */
#define IEEE80211_RSN_ATYPE_8021X _MKOUI ( 0, 0, 0, 0x01 )
/** 802.11 RSN IE: fourth byte of auth method type for using a pre-shared key */
#define IEEE80211_RSN_ATYPE_PSK 2
/** 802.11 RSN IE: auth method type for using a pre-shared key */
#define IEEE80211_RSN_ATYPE_PSK _MKOUI ( 0, 0, 0, 0x02 )
/** 802.11 RSN IE capabilities: AP supports pre-authentication */
#define IEEE80211_RSN_CAPAB_PREAUTH 0x001
@@ -997,6 +924,42 @@ static inline size_t ieee80211_rsn_size ( int npair, int nauth, int npmkid ) {
#define IEEE80211_RSN_CAPAB_PEERKEY 0x200
/** 802.11 RSN IE capabilities: One replay counter
*
* This should be AND'ed with @c IEEE80211_RSN_CAPAB_PTKSA_REPLAY or
* @c IEEE80211_RSN_CAPAB_GTKSA_REPLAY (or both) to produce a value
* which can be OR'ed into the capabilities field.
*/
#define IEEE80211_RSN_1_CTR 0x000
/** 802.11 RSN IE capabilities: Two replay counters */
#define IEEE80211_RSN_2_CTR 0x014
/** 802.11 RSN IE capabilities: Four replay counters */
#define IEEE80211_RSN_4_CTR 0x028
/** 802.11 RSN IE capabilities: 16 replay counters */
#define IEEE80211_RSN_16_CTR 0x03C
/** 802.11 Vendor Specific information element
*
* One often sees the RSN IE masquerading as vendor-specific on
* devices that were produced prior to 802.11i (the WPA amendment)
* being finalized.
*/
struct ieee80211_ie_vendor {
u8 id; /**< Vendor-specific ID: 221 */
u8 len; /**< Vendor-specific length: variable */
u32 oui; /**< OUI and vendor-specific type byte */
u8 data[0]; /**< Vendor-specific data */
} __attribute__ ((packed));
/** Information element ID for Vendor Specific information element */
#define IEEE80211_IE_VENDOR 221
/** Any 802.11 information element
*
@@ -1034,8 +997,23 @@ union ieee80211_ie
/** Security information */
struct ieee80211_ie_rsn rsn;
/** Vendor-specific */
struct ieee80211_ie_vendor vendor;
};
/** Check that 802.11 information element is bounded by buffer
*
* @v ie Information element
* @v end End of buffer in which information element is stored
* @ret ok TRUE if the IE is completely contained within the buffer
*/
static inline int ieee80211_ie_bound ( union ieee80211_ie *ie, void *end )
{
void *iep = ie;
return ( iep + 2 <= end && iep + 2 + ie->len <= end );
}
/** Advance to next 802.11 information element
*
* @v ie Current information element pointer
@@ -1055,7 +1033,7 @@ static inline union ieee80211_ie * ieee80211_next_ie ( union ieee80211_ie *ie,
if ( ! end )
return next_ie;
if ( next_ie_byte < end && next_ie_byte + next_ie->len <= end )
if ( ieee80211_ie_bound ( next_ie, end ) )
return next_ie;
return NULL;

204
src/include/gpxe/net80211.h
View File

@@ -119,6 +119,9 @@ enum net80211_security_proto {
* in the same 4-way handshake as the PSK method.
*/
NET80211_SECPROT_EAP = 2,
/** Dummy value used when the handshaking type can't be detected */
NET80211_SECPROT_UNKNOWN = 3,
};
@@ -169,6 +172,9 @@ enum net80211_crypto_alg {
* against WEP and minor success against TKIP fail.
*/
NET80211_CRYPT_CCMP = 3,
/** Dummy value used when the cryptosystem can't be detected */
NET80211_CRYPT_UNKNOWN = 4,
};
@@ -539,37 +545,171 @@ struct net80211_frag_cache
struct io_buffer *iob[16];
};
/** Interface to an 802.11 cryptographic algorithm
/** Interface to an 802.11 security handshaking protocol
*
* Cryptographic algorithms define a net80211_crypto structure
* statically, using a gPXE linker table to make it available to the
* 802.11 layer. When the algorithm needs to be used, the 802.11 code
* will allocate a copy of the static definition plus whatever space
* the algorithm has requested for private state, and point
* net80211_device::crypto at it.
* Security handshaking protocols handle parsing a user-specified key
* into a suitable input to the encryption algorithm, and for WPA and
* better systems, manage performing whatever authentication with the
* network is necessary.
*
* At all times when any method in this structure is called with a
* net80211_device argument @a dev, a dynamically allocated copy of
* the handshaker structure itself with space for the requested amount
* of private data may be accessed as @c dev->handshaker. The
* structure will not be modified, and will only be freed during
* reassociation and device closing after the @a stop method has been
* called.
*/
struct net80211_handshaker
{
/** The security handshaking protocol implemented */
enum net80211_security_proto protocol;
/** Initialize security handshaking protocol
*
* @v dev 802.11 device
* @ret rc Return status code
*
* This method is expected to access @c netX/key or other
* applicable settings to determine the parameters for
* handshaking. If no handshaking is required, it should call
* sec80211_install() with the cryptosystem and key that are
* to be used, and @c start and @c step should be set to @c
* NULL.
*
* This is always called just before association is performed,
* but after its parameters have been set; in particular, you
* may rely on the contents of the @a essid field in @a dev.
*/
int ( * init ) ( struct net80211_device *dev );
/** Start handshaking
*
* @v dev 802.11 device
* @ret rc Return status code
*
* This method is expected to set up internal state so that
* packets sent immediately after association, before @a step
* can be called, will be handled appropriately.
*
* This is always called just before association is attempted.
*/
int ( * start ) ( struct net80211_device *dev );
/** Process handshaking state
*
* @v dev 802.11 device
* @ret rc Return status code, or positive if done
*
* This method is expected to perform as much progress on the
* protocol it implements as is possible without blocking. It
* should return 0 if it wishes to be called again, a negative
* return status code on error, or a positive value if
* handshaking is complete. In the case of a positive return,
* net80211_crypto_install() must have been called.
*
* If handshaking may require further action (e.g. an AP that
* might decide to rekey), handlers must be installed by this
* function that will act without further calls to @a step.
*/
int ( * step ) ( struct net80211_device *dev );
/** Change cryptographic key based on setting
*
* @v dev 802.11 device
* @ret rc Return status code
*
* This method is called whenever the @c netX/key setting
* @e may have been changed. It is expected to determine
* whether it did in fact change, and if so, to install the
* new key using net80211_crypto_install(). If it is not
* possible to do this immediately, this method should return
* an error; in that case the 802.11 stack will reassociate,
* following the usual init/start/step sequence.
*
* This method is only relevant when it is possible to
* associate successfully with an incorrect key. When it is
* not, a failed association will be retried until the user
* changes the key setting, and a successful association will
* not be dropped due to such a change. When association with
* an incorrect key is impossible, this function should return
* 0 after performing no action.
*/
int ( * change_key ) ( struct net80211_device *dev );
/** Stop security handshaking handlers
*
* @v dev 802.11 device
*
* This method is called just before freeing a security
* handshaker; it could, for example, delete a process that @a
* start had created to manage the security of the connection.
* If not needed it may be set to NULL.
*/
void ( * stop ) ( struct net80211_device *dev );
/** Amount of private data requested
*
* Before @c init is called for the first time, this structure's
* @c priv pointer will point to this many bytes of allocated
* data, where the allocation will be performed separately for
* each net80211_device.
*/
int priv_len;
/** Whether @a start has been called
*
* Reset to 0 after @a stop is called.
*/
int started;
/** Pointer to private data
*
* In initializing this structure statically for a linker
* table, set this to NULL.
*/
void *priv;
};
#define NET80211_HANDSHAKERS __table ( struct net80211_handshaker, \
"net80211_handshakers" )
#define __net80211_handshaker __table_entry ( NET80211_HANDSHAKERS, 01 )
/** Interface to an 802.11 cryptosystem
*
* Cryptosystems define a net80211_crypto structure statically, using
* a gPXE linker table to make it available to the 802.11 layer. When
* the cryptosystem needs to be used, the 802.11 code will allocate a
* copy of the static definition plus whatever space the algorithm has
* requested for private state, and point net80211_device::crypto or
* net80211_device::gcrypto at it.
*/
struct net80211_crypto
{
/** The cryptographic algorithm implemented */
enum net80211_crypto_alg algorithm;
/** Initialize cryptographic algorithm using a given key
/** Initialize cryptosystem using a given key
*
* @v crypto 802.11 cryptographic algorithm
* @v crypto 802.11 cryptosystem
* @v key Pointer to key bytes
* @v keylen Number of key bytes
* @v rsc Initial receive sequence counter, if applicable
* @ret rc Return status code
*
* This method is passed the communication key provided by the
* security handshake handler, which will already be in the
* low-level form required.
* low-level form required. It may not store a pointer to the
* key after returning; it must copy it to its private storage.
*/
int ( * initialize ) ( struct net80211_crypto *crypto, u8 *key,
int keylen );
int ( * init ) ( struct net80211_crypto *crypto, const void *key,
int keylen, const void *rsc );
/** Encrypt a frame using the cryptographic algorithm
/** Encrypt a frame using the cryptosystem
*
* @v crypto 802.11 cryptographic algorithm
* @v crypto 802.11 cryptosystem
* @v iob I/O buffer
* @ret eiob Newly allocated I/O buffer with encrypted packet
*
@@ -593,9 +733,9 @@ struct net80211_crypto
struct io_buffer * ( * encrypt ) ( struct net80211_crypto *crypto,
struct io_buffer *iob );
/** Decrypt a frame using the cryptographic algorithm
/** Decrypt a frame using the cryptosystem
*
* @v crypto 802.11 cryptographic algorithm
* @v crypto 802.11 cryptosystem
* @v eiob Encrypted I/O buffer
* @ret iob Newly allocated I/O buffer with decrypted packet
*
@@ -626,6 +766,9 @@ struct net80211_crypto
void *priv;
};
#define NET80211_CRYPTOS __table ( struct net80211_crypto, "net80211_cryptos" )
#define __net80211_crypto __table_entry ( NET80211_CRYPTOS, 01 )
struct net80211_probe_ctx;
struct net80211_assoc_ctx;
@@ -732,6 +875,9 @@ struct net80211_device
struct net80211_assoc_ctx *assoc;
} ctx;
/** Security handshaker being used */
struct net80211_handshaker *handshaker;
/** State of our association to the network
*
* Since the association process happens asynchronously, it's
@@ -777,14 +923,33 @@ struct net80211_device
/** Return status code associated with @c state */
int assoc_rc;
/** RSN or WPA information element to include with association
*
* If set to @c NULL, none will be included. It is expected
* that this will be set by the @a init function of a security
* handshaker if it is needed.
*/
union ieee80211_ie *rsn_ie;
/* ---------- Parameters of currently associated network ---------- */
/** 802.11 cryptographic algorithm for our current network
/** 802.11 cryptosystem for our current network
*
* For an open network, this will be set to NULL.
*/
struct net80211_crypto *crypto;
/** 802.11 cryptosystem for multicast and broadcast frames
*
* If this is NULL, the cryptosystem used for receiving
* unicast frames will also be used for receiving multicast
* and broadcast frames. Transmitted multicast and broadcast
* frames are always sent unicast to the AP, who multicasts
* them on our behalf; thus they always use the unicast
* cryptosystem.
*/
struct net80211_crypto *gcrypto;
/** MAC address of the access point most recently associated */
u8 bssid[ETH_ALEN];
@@ -927,6 +1092,10 @@ struct net80211_wlan
};
/** 802.11 encryption key setting */
extern struct setting net80211_key_setting __setting;
/**
* @defgroup net80211_probe 802.11 network location API
* @{
@@ -974,6 +1143,7 @@ int net80211_send_auth ( struct net80211_device *dev,
struct net80211_wlan *wlan, int method );
int net80211_send_assoc ( struct net80211_device *dev,
struct net80211_wlan *wlan );
void net80211_deauthenticate ( struct net80211_device *dev, int rc );
/** @} */

83
src/include/gpxe/sec80211.h Normal file
View File

@@ -0,0 +1,83 @@
/*
* Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifndef _GPXE_SEC80211_H
#define _GPXE_SEC80211_H
FILE_LICENCE ( GPL2_OR_LATER );
#include <gpxe/net80211.h>
#include <errno.h>
/** @file
*
* Definitions for general secured-network routines.
*
* Any function in this file which may be referenced by code which is
* not exclusive to encryption-enabled builds (e.g. sec80211_detect(),
* which is called by net80211_probe_step() to fill the net80211_wlan
* structure's security fields) must be declared as a weak symbol,
* using an inline interface similar to that used for
* sec80211_detect() below. This prevents secure network support from
* bloating general builds by any more than a few tiny hooks to call
* crypto functions when crypto structures are non-NULL.
*/
int _sec80211_detect ( struct io_buffer *iob,
enum net80211_security_proto *secprot,
enum net80211_crypto_alg *crypt )
__attribute__ (( weak ));
/**
* Inline safety wrapper for _sec80211_detect()
*
* @v iob I/O buffer containing beacon frame
* @ret secprot Security handshaking protocol used by network
* @ret crypt Cryptosystem used by network
* @ret rc Return status code
*
* This function transparently calls _sec80211_detect() if the file
* containing it was compiled in, or returns an error indication of
* @c -ENOTSUP if not.
*/
static inline int sec80211_detect ( struct io_buffer *iob,
enum net80211_security_proto *secprot,
enum net80211_crypto_alg *crypt ) {
if ( _sec80211_detect )
return _sec80211_detect ( iob, secprot, crypt );
return -ENOTSUP;
}
int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end,
enum net80211_security_proto *secprot,
enum net80211_crypto_alg *crypt );
u8 * sec80211_find_rsn ( union ieee80211_ie *ie, void *ie_end,
int *is_rsn, u8 **end );
int sec80211_install ( struct net80211_crypto **which,
enum net80211_crypto_alg crypt,
const void *key, int len, const void *rsc );
u32 sec80211_rsn_get_crypto_desc ( enum net80211_crypto_alg crypt, int rsnie );
u32 sec80211_rsn_get_akm_desc ( enum net80211_security_proto secprot,
int rsnie );
enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt ( u32 desc );
#endif /* _GPXE_SEC80211_H */