/*
 * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
 * All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *
 * File: wpa.c
 *
 * Purpose: Handles the Basic Service Set & Node Database functions
 *
 * Functions:
 *      WPA_ParseRSN - Parse RSN IE.
 *
 * Revision History:
 *
 * Author: Kyle Hsu
 *
 * Date: July 14, 2003
 *
 */

#include "ttype.h"
#include "tmacro.h"
#include "tether.h"
#include "device.h"
#include "80211hdr.h"
#include "bssdb.h"
#include "wmgr.h"
#include "wpa.h"
#include "80211mgr.h"

/*---------------------  Static Variables  --------------------------*/
static int msglevel = MSG_LEVEL_INFO;

static const unsigned char abyOUI00[4] = { 0x00, 0x50, 0xf2, 0x00 };
static const unsigned char abyOUI01[4] = { 0x00, 0x50, 0xf2, 0x01 };
static const unsigned char abyOUI02[4] = { 0x00, 0x50, 0xf2, 0x02 };
static const unsigned char abyOUI03[4] = { 0x00, 0x50, 0xf2, 0x03 };
static const unsigned char abyOUI04[4] = { 0x00, 0x50, 0xf2, 0x04 };
static const unsigned char abyOUI05[4] = { 0x00, 0x50, 0xf2, 0x05 };

/*+
 *
 * Description:
 *    Clear RSN information in BSSList.
 *
 * Parameters:
 *  In:
 *      pBSSList - BSS list.
 *  Out:
 *      none
 *
 * Return Value: none.
 *
 -*/

void
WPA_ClearRSN(
	PKnownBSS        pBSSList
)
{
	int ii;
	pBSSList->byGKType = WPA_TKIP;
	for (ii = 0; ii < 4; ii++)
		pBSSList->abyPKType[ii] = WPA_TKIP;
	pBSSList->wPKCount = 0;
	for (ii = 0; ii < 4; ii++)
		pBSSList->abyAuthType[ii] = WPA_AUTH_IEEE802_1X;
	pBSSList->wAuthCount = 0;
	pBSSList->byDefaultK_as_PK = 0;
	pBSSList->byReplayIdx = 0;
	pBSSList->sRSNCapObj.bRSNCapExist = false;
	pBSSList->sRSNCapObj.wRSNCap = 0;
	pBSSList->bWPAValid = false;
}

/*+
 *
 * Description:
 *    Parse RSN IE.
 *
 * Parameters:
 *  In:
 *      pBSSList - BSS list.
 *      pRSN - Pointer to the RSN IE.
 *  Out:
 *      none
 *
 * Return Value: none.
 *
 -*/
void
WPA_ParseRSN(
	PKnownBSS        pBSSList,
	PWLAN_IE_RSN_EXT pRSN
)
{
	PWLAN_IE_RSN_AUTH  pIE_RSN_Auth = NULL;
	int                i, j, m, n = 0;
	unsigned char *pbyCaps;

	WPA_ClearRSN(pBSSList);

	DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "WPA_ParseRSN: [%d]\n", pRSN->len);

	// information element header makes sense
	if ((pRSN->len >= 6) // oui1(4)+ver(2)
	    && (pRSN->byElementID == WLAN_EID_RSN_WPA) && !memcmp(pRSN->abyOUI, abyOUI01, 4)
	    && (pRSN->wVersion == 1)) {
		DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "Legal RSN\n");
		// update each variable if pRSN is long enough to contain the variable
		if (pRSN->len >= 10) //oui1(4)+ver(2)+GKSuite(4)
		{
			if (!memcmp(pRSN->abyMulticast, abyOUI01, 4))
				pBSSList->byGKType = WPA_WEP40;
			else if (!memcmp(pRSN->abyMulticast, abyOUI02, 4))
				pBSSList->byGKType = WPA_TKIP;
			else if (!memcmp(pRSN->abyMulticast, abyOUI03, 4))
				pBSSList->byGKType = WPA_AESWRAP;
			else if (!memcmp(pRSN->abyMulticast, abyOUI04, 4))
				pBSSList->byGKType = WPA_AESCCMP;
			else if (!memcmp(pRSN->abyMulticast, abyOUI05, 4))
				pBSSList->byGKType = WPA_WEP104;
			else
				// any vendor checks here
				pBSSList->byGKType = WPA_NONE;

			DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "byGKType: %x\n", pBSSList->byGKType);
		}

		if (pRSN->len >= 12) //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)
		{
			j = 0;
			DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wPKCount: %d, sizeof(pBSSList->abyPKType): %zu\n", pRSN->wPKCount, sizeof(pBSSList->abyPKType));
			for (i = 0; (i < pRSN->wPKCount) && (j < ARRAY_SIZE(pBSSList->abyPKType)); i++) {
				if (pRSN->len >= 12+i*4+4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*i)
					if (!memcmp(pRSN->PKSList[i].abyOUI, abyOUI00, 4))
						pBSSList->abyPKType[j++] = WPA_NONE;
					else if (!memcmp(pRSN->PKSList[i].abyOUI, abyOUI02, 4))
						pBSSList->abyPKType[j++] = WPA_TKIP;
					else if (!memcmp(pRSN->PKSList[i].abyOUI, abyOUI03, 4))
						pBSSList->abyPKType[j++] = WPA_AESWRAP;
					else if (!memcmp(pRSN->PKSList[i].abyOUI, abyOUI04, 4))
						pBSSList->abyPKType[j++] = WPA_AESCCMP;
					else
						// any vendor checks here
						;
				} else
					break;
				//DBG_PRN_GRP14(("abyPKType[%d]: %X\n", j-1, pBSSList->abyPKType[j-1]));
			} //for
			pBSSList->wPKCount = (unsigned short)j;
			DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wPKCount: %d\n", pBSSList->wPKCount);
		}

		m = pRSN->wPKCount;
		DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "m: %d\n", m);
		DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "14+m*4: %d\n", 14+m*4);

		if (pRSN->len >= 14+m*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)
			// overlay IE_RSN_Auth structure into correct place
			pIE_RSN_Auth = (PWLAN_IE_RSN_AUTH) pRSN->PKSList[m].abyOUI;
			j = 0;
			DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wAuthCount: %d, sizeof(pBSSList->abyAuthType): %zu\n",
				pIE_RSN_Auth->wAuthCount, sizeof(pBSSList->abyAuthType));
			for (i = 0; (i < pIE_RSN_Auth->wAuthCount) && (j < ARRAY_SIZE(pBSSList->abyAuthType)); i++) {
				if (pRSN->len >= 14+4+(m+i)*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)+AKS(4*i)
					if (!memcmp(pIE_RSN_Auth->AuthKSList[i].abyOUI, abyOUI01, 4))
						pBSSList->abyAuthType[j++] = WPA_AUTH_IEEE802_1X;
					else if (!memcmp(pIE_RSN_Auth->AuthKSList[i].abyOUI, abyOUI02, 4))
						pBSSList->abyAuthType[j++] = WPA_AUTH_PSK;
					else
						// any vendor checks here
						;
				} else
					break;
				//DBG_PRN_GRP14(("abyAuthType[%d]: %X\n", j-1, pBSSList->abyAuthType[j-1]));
			}
			if (j > 0)
				pBSSList->wAuthCount = (unsigned short)j;
			DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "wAuthCount: %d\n", pBSSList->wAuthCount);
		}

		if (pIE_RSN_Auth != NULL) {
			n = pIE_RSN_Auth->wAuthCount;

			DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "n: %d\n", n);
			DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "14+4+(m+n)*4: %d\n", 14+4+(m+n)*4);

			if (pRSN->len+2 >= 14+4+(m+n)*4) { //oui1(4)+ver(2)+GKS(4)+PKSCnt(2)+PKS(4*m)+AKC(2)+AKS(4*n)+Cap(2)
				pbyCaps = (unsigned char *)pIE_RSN_Auth->AuthKSList[n].abyOUI;
				pBSSList->byDefaultK_as_PK = (*pbyCaps) & WPA_GROUPFLAG;
				pBSSList->byReplayIdx = 2 << ((*pbyCaps >> WPA_REPLAYBITSSHIFT) & WPA_REPLAYBITS);
				pBSSList->sRSNCapObj.bRSNCapExist = true;
				pBSSList->sRSNCapObj.wRSNCap = *(unsigned short *)pbyCaps;
				//DBG_PRN_GRP14(("pbyCaps: %X\n", *pbyCaps));
				//DBG_PRN_GRP14(("byDefaultK_as_PK: %X\n", pBSSList->byDefaultK_as_PK));
				//DBG_PRN_GRP14(("byReplayIdx: %X\n", pBSSList->byReplayIdx));
			}
		}
		pBSSList->bWPAValid = true;
	}
}

/*+
 *
 * Description:
 *    Search RSN information in BSSList.
 *
 * Parameters:
 *  In:
 *      byCmd    - Search type
 *      byEncrypt- Encrypt Type
 *      pBSSList - BSS list
 *  Out:
 *      none
 *
 * Return Value: none.
 *
 -*/
bool
WPA_SearchRSN(
	unsigned char byCmd,
	unsigned char byEncrypt,
	PKnownBSS        pBSSList
)
{
	int ii;
	unsigned char byPKType = WPA_NONE;

	if (!pBSSList->bWPAValid)
		return false;

	switch (byCmd) {
	case 0:

		if (byEncrypt != pBSSList->byGKType)
			return false;

		if (pBSSList->wPKCount > 0) {
			for (ii = 0; ii < pBSSList->wPKCount; ii++) {
				if (pBSSList->abyPKType[ii] == WPA_AESCCMP)
					byPKType = WPA_AESCCMP;
				else if ((pBSSList->abyPKType[ii] == WPA_TKIP) && (byPKType != WPA_AESCCMP))
					byPKType = WPA_TKIP;
				else if ((pBSSList->abyPKType[ii] == WPA_WEP40) && (byPKType != WPA_AESCCMP) && (byPKType != WPA_TKIP))
					byPKType = WPA_WEP40;
				else if ((pBSSList->abyPKType[ii] == WPA_WEP104) && (byPKType != WPA_AESCCMP) && (byPKType != WPA_TKIP))
					byPKType = WPA_WEP104;
			}
			if (byEncrypt != byPKType)
				return false;
		}
		return true;
		break;

	default:
		break;
	}
	return false;
}

/*+
 *
 * Description:
 *    Check if RSN IE makes sense.
 *
 * Parameters:
 *  In:
 *      pRSN - Pointer to the RSN IE.
 *  Out:
 *      none
 *
 * Return Value: none.
 *
 -*/
bool
WPAb_Is_RSN(
	PWLAN_IE_RSN_EXT pRSN
)
{
	if (pRSN == NULL)
		return false;

	if ((pRSN->len >= 6) && // oui1(4)+ver(2)
	    (pRSN->byElementID == WLAN_EID_RSN_WPA) &&  !memcmp(pRSN->abyOUI, abyOUI01, 4) &&
	    (pRSN->wVersion == 1)) {
		return true;
	} else
		return false;
}