Initial import of qemu-2.4.1HEADmaster

8 files changed, 6182 insertions, 0 deletions

diff --git a/roms/ipxe/src/net/80211/net80211.c b/roms/ipxe/src/net/80211/net80211.c
new file mode 100644
index 00000000..43494452
--- /dev/null
+++ b/roms/ipxe/src/net/80211/net80211.c
@@ -0,0 +1,2828 @@
+/*
+ * The iPXE 802.11 MAC layer.
+ *
+ * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <string.h>
+#include <byteswap.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <ipxe/settings.h>
+#include <ipxe/if_arp.h>
+#include <ipxe/ethernet.h>
+#include <ipxe/ieee80211.h>
+#include <ipxe/netdevice.h>
+#include <ipxe/net80211.h>
+#include <ipxe/sec80211.h>
+#include <ipxe/timer.h>
+#include <ipxe/nap.h>
+#include <ipxe/errortab.h>
+#include <ipxe/net80211_err.h>
+
+/** @file
+ *
+ * 802.11 device management
+ */
+
+/** List of 802.11 devices */
+static struct list_head net80211_devices = LIST_HEAD_INIT ( net80211_devices );
+
+/** Set of device operations that does nothing */
+static struct net80211_device_operations net80211_null_ops;
+
+/** Information associated with a received management packet
+ *
+ * This is used to keep beacon signal strengths in a parallel queue to
+ * the beacons themselves.
+ */
+struct net80211_rx_info {
+	int signal;
+	struct list_head list;
+};
+
+/** Context for a probe operation */
+struct net80211_probe_ctx {
+	/** 802.11 device to probe on */
+	struct net80211_device *dev;
+
+	/** Value of keep_mgmt before probe was started */
+	int old_keep_mgmt;
+
+	/** If scanning actively, pointer to probe packet to send */
+	struct io_buffer *probe;
+
+	/** If non-"", the ESSID to limit ourselves to */
+	const char *essid;
+
+	/** Time probe was started */
+	u32 ticks_start;
+
+	/** Time last useful beacon was received */
+	u32 ticks_beacon;
+
+	/** Time channel was last changed */
+	u32 ticks_channel;
+
+	/** Time to stay on each channel */
+	u32 hop_time;
+
+	/** Channels to hop by when changing channel */
+	int hop_step;
+
+	/** List of best beacons for each network found so far */
+	struct list_head *beacons;
+};
+
+/** Context for the association task */
+struct net80211_assoc_ctx {
+	/** Next authentication method to try using */
+	int method;
+
+	/** Time (in ticks) of the last sent association-related packet */
+	int last_packet;
+
+	/** Number of times we have tried sending it */
+	int times_tried;
+};
+
+/**
+ * Detect secure 802.11 network when security support is not available
+ *
+ * @return -ENOTSUP, always.
+ */
+__weak int sec80211_detect ( struct io_buffer *iob __unused,
+			     enum net80211_security_proto *secprot __unused,
+			     enum net80211_crypto_alg *crypt __unused ) {
+	return -ENOTSUP;
+}
+
+/**
+ * @defgroup net80211_netdev Network device interface functions
+ * @{
+ */
+static int net80211_netdev_open ( struct net_device *netdev );
+static void net80211_netdev_close ( struct net_device *netdev );
+static int net80211_netdev_transmit ( struct net_device *netdev,
+				      struct io_buffer *iobuf );
+static void net80211_netdev_poll ( struct net_device *netdev );
+static void net80211_netdev_irq ( struct net_device *netdev, int enable );
+/** @} */
+
+/**
+ * @defgroup net80211_linklayer 802.11 link-layer protocol functions
+ * @{
+ */
+static int net80211_ll_push ( struct net_device *netdev,
+			      struct io_buffer *iobuf, const void *ll_dest,
+			      const void *ll_source, uint16_t net_proto );
+static int net80211_ll_pull ( struct net_device *netdev,
+			      struct io_buffer *iobuf, const void **ll_dest,
+			      const void **ll_source, uint16_t * net_proto,
+			      unsigned int *flags );
+/** @} */
+
+/**
+ * @defgroup net80211_help 802.11 helper functions
+ * @{
+ */
+static void net80211_add_channels ( struct net80211_device *dev, int start,
+				    int len, int txpower );
+static void net80211_filter_hw_channels ( struct net80211_device *dev );
+static void net80211_set_rtscts_rate ( struct net80211_device *dev );
+static int net80211_process_capab ( struct net80211_device *dev,
+				    u16 capab );
+static int net80211_process_ie ( struct net80211_device *dev,
+				 union ieee80211_ie *ie, void *ie_end );
+static union ieee80211_ie *
+net80211_marshal_request_info ( struct net80211_device *dev,
+				union ieee80211_ie *ie );
+/** @} */
+
+/**
+ * @defgroup net80211_assoc_ll 802.11 association handling functions
+ * @{
+ */
+static void net80211_step_associate ( struct net80211_device *dev );
+static void net80211_handle_auth ( struct net80211_device *dev,
+				   struct io_buffer *iob );
+static void net80211_handle_assoc_reply ( struct net80211_device *dev,
+					  struct io_buffer *iob );
+static int net80211_send_disassoc ( struct net80211_device *dev, int reason,
+				    int deauth );
+static void net80211_handle_mgmt ( struct net80211_device *dev,
+				   struct io_buffer *iob, int signal );
+/** @} */
+
+/**
+ * @defgroup net80211_frag 802.11 fragment handling functions
+ * @{
+ */
+static void net80211_free_frags ( struct net80211_device *dev, int fcid );
+static struct io_buffer *net80211_accum_frags ( struct net80211_device *dev,
+						int fcid, int nfrags, int size );
+static void net80211_rx_frag ( struct net80211_device *dev,
+			       struct io_buffer *iob, int signal );
+/** @} */
+
+/**
+ * @defgroup net80211_settings 802.11 settings handlers
+ * @{
+ */
+static int net80211_check_settings_update ( void );
+
+/** 802.11 settings applicator
+ *
+ * When the SSID is changed, this will cause any open devices to
+ * re-associate; when the encryption key is changed, we similarly
+ * update their state.
+ */
+struct settings_applicator net80211_applicator __settings_applicator = {
+	.apply = net80211_check_settings_update,
+};
+
+/** The network name to associate with
+ *
+ * If this is blank, we scan for all networks and use the one with the
+ * greatest signal strength.
+ */
+const struct setting net80211_ssid_setting __setting ( SETTING_NETDEV_EXTRA,
+						       ssid ) = {
+	.name = "ssid",
+	.description = "Wireless SSID",
+	.type = &setting_type_string,
+};
+
+/** Whether to use active scanning
+ *
+ * In order to associate with a hidden SSID, it's necessary to use an
+ * active scan (send probe packets). If this setting is nonzero, an
+ * active scan on the 2.4GHz band will be used to associate.
+ */
+const struct setting net80211_active_setting __setting ( SETTING_NETDEV_EXTRA,
+							 active-scan ) = {
+	.name = "active-scan",
+	.description = "Actively scan for wireless networks",
+	.type = &setting_type_int8,
+};
+
+/** The cryptographic key to use
+ *
+ * For hex WEP keys, as is common, this must be entered using the
+ * normal iPXE method for entering hex settings; an ASCII string of
+ * hex characters will not behave as expected.
+ */
+const struct setting net80211_key_setting __setting ( SETTING_NETDEV_EXTRA,
+						      key ) = {
+	.name = "key",
+	.description = "Wireless encryption key",
+	.type = &setting_type_string,
+};
+
+/** @} */
+
+
+/* ---------- net_device wrapper ---------- */
+
+/**
+ * Open 802.11 device and start association
+ *
+ * @v netdev	Wrapping network device
+ * @ret rc	Return status code
+ *
+ * This sets up a default conservative set of channels for probing,
+ * and starts the auto-association task unless the @c
+ * NET80211_NO_ASSOC flag is set in the wrapped 802.11 device's @c
+ * state field.
+ */
+static int net80211_netdev_open ( struct net_device *netdev )
+{
+	struct net80211_device *dev = netdev->priv;
+	int rc = 0;
+
+	if ( dev->op == &net80211_null_ops )
+		return -EFAULT;
+
+	if ( dev->op->open )
+		rc = dev->op->open ( dev );
+
+	if ( rc < 0 )
+		return rc;
+
+	if ( ! ( dev->state & NET80211_NO_ASSOC ) )
+		net80211_autoassociate ( dev );
+
+	return 0;
+}
+
+/**
+ * Close 802.11 device
+ *
+ * @v netdev	Wrapping network device.
+ *
+ * If the association task is running, this will stop it.
+ */
+static void net80211_netdev_close ( struct net_device *netdev )
+{
+	struct net80211_device *dev = netdev->priv;
+
+	if ( dev->state & NET80211_WORKING )
+		process_del ( &dev->proc_assoc );
+
+	/* Send disassociation frame to AP, to be polite */
+	if ( dev->state & NET80211_ASSOCIATED )
+		net80211_send_disassoc ( dev, IEEE80211_REASON_LEAVING, 0 );
+
+	if ( dev->handshaker && dev->handshaker->stop &&
+	     dev->handshaker->started )
+		dev->handshaker->stop ( dev );
+
+	free ( dev->crypto );
+	free ( dev->handshaker );
+	dev->crypto = NULL;
+	dev->handshaker = NULL;
+
+	netdev_link_down ( netdev );
+	dev->state = 0;
+
+	if ( dev->op->close )
+		dev->op->close ( dev );
+}
+
+/**
+ * Transmit packet on 802.11 device
+ *
+ * @v netdev	Wrapping network device
+ * @v iobuf	I/O buffer
+ * @ret rc	Return status code
+ *
+ * If encryption is enabled for the currently associated network, the
+ * packet will be encrypted prior to transmission.
+ */
+static int net80211_netdev_transmit ( struct net_device *netdev,
+				      struct io_buffer *iobuf )
+{
+	struct net80211_device *dev = netdev->priv;
+	struct ieee80211_frame *hdr = iobuf->data;
+	int rc = -ENOSYS;
+
+	if ( dev->crypto && ! ( hdr->fc & IEEE80211_FC_PROTECTED ) &&
+	     ( ( hdr->fc & IEEE80211_FC_TYPE ) == IEEE80211_TYPE_DATA ) ) {
+		struct io_buffer *niob = dev->crypto->encrypt ( dev->crypto,
+								iobuf );
+		if ( ! niob )
+			return -ENOMEM;	/* only reason encryption could fail */
+
+		/* Free the non-encrypted iob */
+		netdev_tx_complete ( netdev, iobuf );
+
+		/* Transmit the encrypted iob; the Protected flag is
+		   set, so we won't recurse into here again */
+		netdev_tx ( netdev, niob );
+
+		/* Don't transmit the freed packet */
+		return 0;
+	}
+
+	if ( dev->op->transmit )
+		rc = dev->op->transmit ( dev, iobuf );
+
+	return rc;
+}
+
+/**
+ * Poll 802.11 device for received packets and completed transmissions
+ *
+ * @v netdev	Wrapping network device
+ */
+static void net80211_netdev_poll ( struct net_device *netdev )
+{
+	struct net80211_device *dev = netdev->priv;
+
+	if ( dev->op->poll )
+		dev->op->poll ( dev );
+}
+
+/**
+ * Enable or disable interrupts for 802.11 device
+ *
+ * @v netdev	Wrapping network device
+ * @v enable	Whether to enable interrupts
+ */
+static void net80211_netdev_irq ( struct net_device *netdev, int enable )
+{
+	struct net80211_device *dev = netdev->priv;
+
+	if ( dev->op->irq )
+		dev->op->irq ( dev, enable );
+}
+
+/** Network device operations for a wrapped 802.11 device */
+static struct net_device_operations net80211_netdev_ops = {
+	.open = net80211_netdev_open,
+	.close = net80211_netdev_close,
+	.transmit = net80211_netdev_transmit,
+	.poll = net80211_netdev_poll,
+	.irq = net80211_netdev_irq,
+};
+
+
+/* ---------- 802.11 link-layer protocol ---------- */
+
+/**
+ * Determine whether a transmission rate uses ERP/OFDM
+ *
+ * @v rate	Rate in 100 kbps units
+ * @ret is_erp	TRUE if the rate is an ERP/OFDM rate
+ *
+ * 802.11b supports rates of 1.0, 2.0, 5.5, and 11.0 Mbps; any other
+ * rate than these on the 2.4GHz spectrum is an ERP (802.11g) rate.
+ */
+static inline int net80211_rate_is_erp ( u16 rate )
+{
+	if ( rate == 10 || rate == 20 || rate == 55 || rate == 110 )
+		return 0;
+	return 1;
+}
+
+
+/**
+ * Calculate one frame's contribution to 802.11 duration field
+ *
+ * @v dev	802.11 device
+ * @v bytes	Amount of data to calculate duration for
+ * @ret dur	Duration field in microseconds
+ *
+ * To avoid multiple stations attempting to transmit at once, 802.11
+ * provides that every packet shall include a duration field
+ * specifying a length of time for which the wireless medium will be
+ * reserved after it is transmitted. The duration is measured in
+ * microseconds and is calculated with respect to the current
+ * physical-layer parameters of the 802.11 device.
+ *
+ * For an unfragmented data or management frame, or the last fragment
+ * of a fragmented frame, the duration captures only the 10 data bytes
+ * of one ACK; call once with bytes = 10.
+ *
+ * For a fragment of a data or management rame that will be followed
+ * by more fragments, the duration captures an ACK, the following
+ * fragment, and its ACK; add the results of three calls, two with
+ * bytes = 10 and one with bytes set to the next fragment's size.
+ *
+ * For an RTS control frame, the duration captures the responding CTS,
+ * the frame being sent, and its ACK; add the results of three calls,
+ * two with bytes = 10 and one with bytes set to the next frame's size
+ * (assuming unfragmented).
+ *
+ * For a CTS-to-self control frame, the duration captures the frame
+ * being protected and its ACK; add the results of two calls, one with
+ * bytes = 10 and one with bytes set to the next frame's size.
+ *
+ * No other frame types are currently supported by iPXE.
+ */
+u16 net80211_duration ( struct net80211_device *dev, int bytes, u16 rate )
+{
+	struct net80211_channel *chan = &dev->channels[dev->channel];
+	u32 kbps = rate * 100;
+
+	if ( chan->band == NET80211_BAND_5GHZ || net80211_rate_is_erp ( rate ) ) {
+		/* OFDM encoding (802.11a/g) */
+		int bits_per_symbol = ( kbps * 4 ) / 1000;	/* 4us/symbol */
+		int bits = 22 + ( bytes << 3 );	/* 22-bit PLCP */
+		int symbols = ( bits + bits_per_symbol - 1 ) / bits_per_symbol;
+
+		return 16 + 20 + ( symbols * 4 ); /* 16us SIFS, 20us preamble */
+	} else {
+		/* CCK encoding (802.11b) */
+		int phy_time = 144 + 48;	/* preamble + PLCP */
+		int bits = bytes << 3;
+		int data_time = ( bits * 1000 + kbps - 1 ) / kbps;
+
+		if ( dev->phy_flags & NET80211_PHY_USE_SHORT_PREAMBLE )
+			phy_time >>= 1;
+
+		return 10 + phy_time + data_time; /* 10us SIFS */
+	}
+}
+
+/**
+ * Add 802.11 link-layer header
+ *
+ * @v netdev		Wrapping network device
+ * @v iobuf		I/O buffer
+ * @v ll_dest		Link-layer destination address
+ * @v ll_source		Link-layer source address
+ * @v net_proto		Network-layer protocol, in network byte order
+ * @ret rc		Return status code
+ *
+ * This adds both the 802.11 frame header and the 802.2 LLC/SNAP
+ * header used on data packets.
+ *
+ * We also check here for state of the link that would make it invalid
+ * to send a data packet; every data packet must pass through here,
+ * and no non-data packet (e.g. management frame) should.
+ */
+static int net80211_ll_push ( struct net_device *netdev,
+			      struct io_buffer *iobuf, const void *ll_dest,
+			      const void *ll_source, uint16_t net_proto )
+{
+	struct net80211_device *dev = netdev->priv;
+	struct ieee80211_frame *hdr = iob_push ( iobuf,
+						 IEEE80211_LLC_HEADER_LEN +
+						 IEEE80211_TYP_FRAME_HEADER_LEN );
+	struct ieee80211_llc_snap_header *lhdr =
+		( void * ) hdr + IEEE80211_TYP_FRAME_HEADER_LEN;
+
+	/* We can't send data packets if we're not associated. */
+	if ( ! ( dev->state & NET80211_ASSOCIATED ) ) {
+		if ( dev->assoc_rc )
+			return dev->assoc_rc;
+		return -ENETUNREACH;
+	}
+
+	hdr->fc = IEEE80211_THIS_VERSION | IEEE80211_TYPE_DATA |
+	    IEEE80211_STYPE_DATA | IEEE80211_FC_TODS;
+
+	/* We don't send fragmented frames, so duration is the time
+	   for an SIFS + 10-byte ACK. */
+	hdr->duration = net80211_duration ( dev, 10, dev->rates[dev->rate] );
+
+	memcpy ( hdr->addr1, dev->bssid, ETH_ALEN );
+	memcpy ( hdr->addr2, ll_source, ETH_ALEN );
+	memcpy ( hdr->addr3, ll_dest, ETH_ALEN );
+
+	hdr->seq = IEEE80211_MAKESEQ ( ++dev->last_tx_seqnr, 0 );
+
+	lhdr->dsap = IEEE80211_LLC_DSAP;
+	lhdr->ssap = IEEE80211_LLC_SSAP;
+	lhdr->ctrl = IEEE80211_LLC_CTRL;
+	memset ( lhdr->oui, 0x00, 3 );
+	lhdr->ethertype = net_proto;
+
+	return 0;
+}
+
+/**
+ * Remove 802.11 link-layer header
+ *
+ * @v netdev		Wrapping network device
+ * @v iobuf		I/O buffer
+ * @ret ll_dest		Link-layer destination address
+ * @ret ll_source	Link-layer source
+ * @ret net_proto	Network-layer protocol, in network byte order
+ * @ret flags		Packet flags
+ * @ret rc		Return status code
+ *
+ * This expects and removes both the 802.11 frame header and the 802.2
+ * LLC/SNAP header that are used on data packets.
+ */
+static int net80211_ll_pull ( struct net_device *netdev __unused,
+			      struct io_buffer *iobuf,
+			      const void **ll_dest, const void **ll_source,
+			      uint16_t * net_proto, unsigned int *flags )
+{
+	struct ieee80211_frame *hdr = iobuf->data;
+	struct ieee80211_llc_snap_header *lhdr =
+		( void * ) hdr + IEEE80211_TYP_FRAME_HEADER_LEN;
+
+	/* Bunch of sanity checks */
+	if ( iob_len ( iobuf ) < IEEE80211_TYP_FRAME_HEADER_LEN +
+	     IEEE80211_LLC_HEADER_LEN ) {
+		DBGC ( netdev->priv, "802.11 %p packet too short (%zd bytes)\n",
+		       netdev->priv, iob_len ( iobuf ) );
+		return -EINVAL_PKT_TOO_SHORT;
+	}
+
+	if ( ( hdr->fc & IEEE80211_FC_VERSION ) != IEEE80211_THIS_VERSION ) {
+		DBGC ( netdev->priv, "802.11 %p packet invalid version %04x\n",
+		       netdev->priv, hdr->fc & IEEE80211_FC_VERSION );
+		return -EINVAL_PKT_VERSION;
+	}
+
+	if ( ( hdr->fc & IEEE80211_FC_TYPE ) != IEEE80211_TYPE_DATA ||
+	     ( hdr->fc & IEEE80211_FC_SUBTYPE ) != IEEE80211_STYPE_DATA ) {
+		DBGC ( netdev->priv, "802.11 %p packet not data/data (fc=%04x)\n",
+		       netdev->priv, hdr->fc );
+		return -EINVAL_PKT_NOT_DATA;
+	}
+
+	if ( ( hdr->fc & ( IEEE80211_FC_TODS | IEEE80211_FC_FROMDS ) ) !=
+	     IEEE80211_FC_FROMDS ) {
+		DBGC ( netdev->priv, "802.11 %p packet not from DS (fc=%04x)\n",
+		       netdev->priv, hdr->fc );
+		return -EINVAL_PKT_NOT_FROMDS;
+	}
+
+	if ( lhdr->dsap != IEEE80211_LLC_DSAP || lhdr->ssap != IEEE80211_LLC_SSAP ||
+	     lhdr->ctrl != IEEE80211_LLC_CTRL || lhdr->oui[0] || lhdr->oui[1] ||
+	     lhdr->oui[2] ) {
+		DBGC ( netdev->priv, "802.11 %p LLC header is not plain EtherType "
+		       "encapsulator: %02x->%02x [%02x] %02x:%02x:%02x %04x\n",
+		       netdev->priv, lhdr->dsap, lhdr->ssap, lhdr->ctrl,
+		       lhdr->oui[0], lhdr->oui[1], lhdr->oui[2], lhdr->ethertype );
+		return -EINVAL_PKT_LLC_HEADER;
+	}
+
+	iob_pull ( iobuf, sizeof ( *hdr ) + sizeof ( *lhdr ) );
+
+	*ll_dest = hdr->addr1;
+	*ll_source = hdr->addr3;
+	*net_proto = lhdr->ethertype;
+	*flags = ( ( is_multicast_ether_addr ( hdr->addr1 ) ?
+		     LL_MULTICAST : 0 ) |
+		   ( is_broadcast_ether_addr ( hdr->addr1 ) ?
+		     LL_BROADCAST : 0 ) );
+	return 0;
+}
+
+/** 802.11 link-layer protocol */
+static struct ll_protocol net80211_ll_protocol __ll_protocol = {
+	.name = "802.11",
+	.push = net80211_ll_push,
+	.pull = net80211_ll_pull,
+	.init_addr = eth_init_addr,
+	.ntoa = eth_ntoa,
+	.mc_hash = eth_mc_hash,
+	.eth_addr = eth_eth_addr,
+	.eui64 = eth_eui64,
+	.ll_proto = htons ( ARPHRD_ETHER ),	/* "encapsulated Ethernet" */
+	.hw_addr_len = ETH_ALEN,
+	.ll_addr_len = ETH_ALEN,
+	.ll_header_len = IEEE80211_TYP_FRAME_HEADER_LEN +
+				IEEE80211_LLC_HEADER_LEN,
+};
+
+
+/* ---------- 802.11 network management API ---------- */
+
+/**
+ * Get 802.11 device from wrapping network device
+ *
+ * @v netdev	Wrapping network device
+ * @ret dev	802.11 device wrapped by network device, or NULL
+ *
+ * Returns NULL if the network device does not wrap an 802.11 device.
+ */
+struct net80211_device * net80211_get ( struct net_device *netdev )
+{
+	struct net80211_device *dev;
+
+	list_for_each_entry ( dev, &net80211_devices, list ) {
+		if ( netdev->priv == dev )
+			return netdev->priv;
+	}
+
+	return NULL;
+}
+
+/**
+ * Set state of 802.11 device keeping management frames
+ *
+ * @v dev	802.11 device
+ * @v enable	Whether to keep management frames
+ * @ret oldenab	Whether management frames were enabled before this call
+ *
+ * If enable is TRUE, beacon, probe, and action frames will be kept
+ * and may be retrieved by calling net80211_mgmt_dequeue().
+ */
+int net80211_keep_mgmt ( struct net80211_device *dev, int enable )
+{
+	int oldenab = dev->keep_mgmt;
+
+	dev->keep_mgmt = enable;
+	return oldenab;
+}
+
+/**
+ * Get 802.11 management frame
+ *
+ * @v dev	802.11 device
+ * @ret signal	Signal strength of returned management frame
+ * @ret iob	I/O buffer, or NULL if no management frame is queued
+ *
+ * Frames will only be returned by this function if
+ * net80211_keep_mgmt() has been previously called with enable set to
+ * TRUE.
+ *
+ * The calling function takes ownership of the returned I/O buffer.
+ */
+struct io_buffer * net80211_mgmt_dequeue ( struct net80211_device *dev,
+					   int *signal )
+{
+	struct io_buffer *iobuf;
+	struct net80211_rx_info *rxi;
+
+	list_for_each_entry ( rxi, &dev->mgmt_info_queue, list ) {
+		list_del ( &rxi->list );
+		if ( signal )
+			*signal = rxi->signal;
+		free ( rxi );
+
+		assert ( ! list_empty ( &dev->mgmt_queue ) );
+		iobuf = list_first_entry ( &dev->mgmt_queue, struct io_buffer,
+					   list );
+		list_del ( &iobuf->list );
+		return iobuf;
+	}
+
+	return NULL;
+}
+
+/**
+ * Transmit 802.11 management frame
+ *
+ * @v dev	802.11 device
+ * @v fc	Frame Control flags for management frame
+ * @v dest	Destination access point
+ * @v iob	I/O buffer
+ * @ret rc	Return status code
+ *
+ * The @a fc argument must contain at least an IEEE 802.11 management
+ * subtype number (e.g. IEEE80211_STYPE_PROBE_REQ). If it contains
+ * IEEE80211_FC_PROTECTED, the frame will be encrypted prior to
+ * transmission.
+ *
+ * It is required that @a iob have at least 24 bytes of headroom
+ * reserved before its data start.
+ */
+int net80211_tx_mgmt ( struct net80211_device *dev, u16 fc, u8 dest[6],
+		       struct io_buffer *iob )
+{
+	struct ieee80211_frame *hdr = iob_push ( iob,
+						 IEEE80211_TYP_FRAME_HEADER_LEN );
+
+	hdr->fc = IEEE80211_THIS_VERSION | IEEE80211_TYPE_MGMT |
+	    ( fc & ~IEEE80211_FC_PROTECTED );
+	hdr->duration = net80211_duration ( dev, 10, dev->rates[dev->rate] );
+	hdr->seq = IEEE80211_MAKESEQ ( ++dev->last_tx_seqnr, 0 );
+
+	memcpy ( hdr->addr1, dest, ETH_ALEN );	/* DA = RA */
+	memcpy ( hdr->addr2, dev->netdev->ll_addr, ETH_ALEN );	/* SA = TA */
+	memcpy ( hdr->addr3, dest, ETH_ALEN );	/* BSSID */
+
+	if ( fc & IEEE80211_FC_PROTECTED ) {
+		if ( ! dev->crypto )
+			return -EINVAL_CRYPTO_REQUEST;
+
+		struct io_buffer *eiob = dev->crypto->encrypt ( dev->crypto,
+								iob );
+		free_iob ( iob );
+		iob = eiob;
+	}
+
+	return netdev_tx ( dev->netdev, iob );
+}
+
+
+/* ---------- Driver API ---------- */
+
+/** 802.11 association process descriptor */
+static struct process_descriptor net80211_process_desc =
+	PROC_DESC ( struct net80211_device, proc_assoc,
+		    net80211_step_associate );
+
+/**
+ * Allocate 802.11 device
+ *
+ * @v priv_size		Size of driver-private allocation area
+ * @ret dev		Newly allocated 802.11 device
+ *
+ * This function allocates a net_device with space in its private area
+ * for both the net80211_device it will wrap and the driver-private
+ * data space requested. It initializes the link-layer-specific parts
+ * of the net_device, and links the net80211_device to the net_device
+ * appropriately.
+ */
+struct net80211_device * net80211_alloc ( size_t priv_size )
+{
+	struct net80211_device *dev;
+	struct net_device *netdev =
+		alloc_netdev ( sizeof ( *dev ) + priv_size );
+
+	if ( ! netdev )
+		return NULL;
+
+	netdev->ll_protocol = &net80211_ll_protocol;
+	netdev->ll_broadcast = eth_broadcast;
+	netdev->max_pkt_len = IEEE80211_MAX_DATA_LEN;
+	netdev_init ( netdev, &net80211_netdev_ops );
+
+	dev = netdev->priv;
+	dev->netdev = netdev;
+	dev->priv = ( u8 * ) dev + sizeof ( *dev );
+	dev->op = &net80211_null_ops;
+
+	process_init_stopped ( &dev->proc_assoc, &net80211_process_desc,
+			       &netdev->refcnt );
+	INIT_LIST_HEAD ( &dev->mgmt_queue );
+	INIT_LIST_HEAD ( &dev->mgmt_info_queue );
+
+	return dev;
+}
+
+/**
+ * Register 802.11 device with network stack
+ *
+ * @v dev	802.11 device
+ * @v ops	802.11 device operations
+ * @v hw	802.11 hardware information
+ *
+ * This also registers the wrapping net_device with the higher network
+ * layers.
+ */
+int net80211_register ( struct net80211_device *dev,
+			struct net80211_device_operations *ops,
+			struct net80211_hw_info *hw )
+{
+	dev->op = ops;
+	dev->hw = malloc ( sizeof ( *hw ) );
+	if ( ! dev->hw )
+		return -ENOMEM;
+
+	memcpy ( dev->hw, hw, sizeof ( *hw ) );
+	memcpy ( dev->netdev->hw_addr, hw->hwaddr, ETH_ALEN );
+
+	/* Set some sensible channel defaults for driver's open() function */
+	memcpy ( dev->channels, dev->hw->channels,
+		 NET80211_MAX_CHANNELS * sizeof ( dev->channels[0] ) );
+	dev->channel = 0;
+
+	list_add_tail ( &dev->list, &net80211_devices );
+	return register_netdev ( dev->netdev );
+}
+
+/**
+ * Unregister 802.11 device from network stack
+ *
+ * @v dev	802.11 device
+ *
+ * After this call, the device operations are cleared so that they
+ * will not be called.
+ */
+void net80211_unregister ( struct net80211_device *dev )
+{
+	unregister_netdev ( dev->netdev );
+	list_del ( &dev->list );
+	dev->op = &net80211_null_ops;
+}
+
+/**
+ * Free 802.11 device
+ *
+ * @v dev	802.11 device
+ *
+ * The device should be unregistered before this function is called.
+ */
+void net80211_free ( struct net80211_device *dev )
+{
+	free ( dev->hw );
+	rc80211_free ( dev->rctl );
+	netdev_nullify ( dev->netdev );
+	netdev_put ( dev->netdev );
+}
+
+
+/* ---------- 802.11 network management workhorse code ---------- */
+
+/**
+ * Set state of 802.11 device
+ *
+ * @v dev	802.11 device
+ * @v clear	Bitmask of flags to clear
+ * @v set	Bitmask of flags to set
+ * @v status	Status or reason code for most recent operation
+ *
+ * If @a status represents a reason code, it should be OR'ed with
+ * NET80211_IS_REASON.
+ *
+ * Clearing authentication also clears association; clearing
+ * association also clears security handshaking state. Clearing
+ * association removes the link-up flag from the wrapping net_device,
+ * but setting it does not automatically set the flag; that is left to
+ * the judgment of higher-level code.
+ */
+static inline void net80211_set_state ( struct net80211_device *dev,
+					short clear, short set,
+					u16 status )
+{
+	/* The conditions in this function are deliberately formulated
+	   to be decidable at compile-time in most cases. Since clear
+	   and set are generally passed as constants, the body of this
+	   function can be reduced down to a few statements by the
+	   compiler. */
+
+	const int statmsk = NET80211_STATUS_MASK | NET80211_IS_REASON;
+
+	if ( clear & NET80211_PROBED )
+		clear |= NET80211_AUTHENTICATED;
+
+	if ( clear & NET80211_AUTHENTICATED )
+		clear |= NET80211_ASSOCIATED;
+
+	if ( clear & NET80211_ASSOCIATED )
+		clear |= NET80211_CRYPTO_SYNCED;
+
+	dev->state = ( dev->state & ~clear ) | set;
+	dev->state = ( dev->state & ~statmsk ) | ( status & statmsk );
+
+	if ( clear & NET80211_ASSOCIATED )
+		netdev_link_down ( dev->netdev );
+
+	if ( ( clear | set ) & NET80211_ASSOCIATED )
+		dev->op->config ( dev, NET80211_CFG_ASSOC );
+
+	if ( status != 0 ) {
+		if ( status & NET80211_IS_REASON )
+			dev->assoc_rc = -E80211_REASON ( status );
+		else
+			dev->assoc_rc = -E80211_STATUS ( status );
+		netdev_link_err ( dev->netdev, dev->assoc_rc );
+	}
+}
+
+/**
+ * Add channels to 802.11 device
+ *
+ * @v dev	802.11 device
+ * @v start	First channel number to add
+ * @v len	Number of channels to add
+ * @v txpower	TX power (dBm) to allow on added channels
+ *
+ * To replace the current list of channels instead of adding to it,
+ * set the nr_channels field of the 802.11 device to 0 before calling
+ * this function.
+ */
+static void net80211_add_channels ( struct net80211_device *dev, int start,
+				    int len, int txpower )
+{
+	int i, chan = start;
+
+	for ( i = dev->nr_channels; len-- && i < NET80211_MAX_CHANNELS; i++ ) {
+		dev->channels[i].channel_nr = chan;
+		dev->channels[i].maxpower = txpower;
+		dev->channels[i].hw_value = 0;
+
+		if ( chan >= 1 && chan <= 14 ) {
+			dev->channels[i].band = NET80211_BAND_2GHZ;
+			if ( chan == 14 )
+				dev->channels[i].center_freq = 2484;
+			else
+				dev->channels[i].center_freq = 2407 + 5 * chan;
+			chan++;
+		} else {
+			dev->channels[i].band = NET80211_BAND_5GHZ;
+			dev->channels[i].center_freq = 5000 + 5 * chan;
+			chan += 4;
+		}
+	}
+
+	dev->nr_channels = i;
+}
+
+/**
+ * Filter 802.11 device channels for hardware capabilities
+ *
+ * @v dev	802.11 device
+ *
+ * Hardware may support fewer channels than regulatory restrictions
+ * allow; this function filters out channels in dev->channels that are
+ * not supported by the hardware list in dev->hwinfo. It also copies
+ * over the net80211_channel::hw_value and limits maximum TX power
+ * appropriately.
+ *
+ * Channels are matched based on center frequency, ignoring band and
+ * channel number.
+ *
+ * If the driver specifies no supported channels, the effect will be
+ * as though all were supported.
+ */
+static void net80211_filter_hw_channels ( struct net80211_device *dev )
+{
+	int delta = 0, i = 0;
+	int old_freq = dev->channels[dev->channel].center_freq;
+	struct net80211_channel *chan, *hwchan;
+
+	if ( ! dev->hw->nr_channels )
+		return;
+
+	dev->channel = 0;
+	for ( chan = dev->channels; chan < dev->channels + dev->nr_channels;
+	      chan++, i++ ) {
+		int ok = 0;
+		for ( hwchan = dev->hw->channels;
+		      hwchan < dev->hw->channels + dev->hw->nr_channels;
+		      hwchan++ ) {
+			if ( hwchan->center_freq == chan->center_freq ) {
+				ok = 1;
+				break;
+			}
+		}
+
+		if ( ! ok )
+			delta++;
+		else {
+			chan->hw_value = hwchan->hw_value;
+			if ( hwchan->maxpower != 0 &&
+			     chan->maxpower > hwchan->maxpower )
+				chan->maxpower = hwchan->maxpower;
+			if ( old_freq == chan->center_freq )
+				dev->channel = i - delta;
+			if ( delta )
+				chan[-delta] = *chan;
+		}
+	}
+
+	dev->nr_channels -= delta;
+
+	if ( dev->channels[dev->channel].center_freq != old_freq )
+		dev->op->config ( dev, NET80211_CFG_CHANNEL );
+}
+
+/**
+ * Update 802.11 device state to reflect received capabilities field
+ *
+ * @v dev	802.11 device
+ * @v capab	Capabilities field in beacon, probe, or association frame
+ * @ret rc	Return status code
+ */
+static int net80211_process_capab ( struct net80211_device *dev,
+				    u16 capab )
+{
+	u16 old_phy = dev->phy_flags;
+
+	if ( ( capab & ( IEEE80211_CAPAB_MANAGED | IEEE80211_CAPAB_ADHOC ) ) !=
+	     IEEE80211_CAPAB_MANAGED ) {
+		DBGC ( dev, "802.11 %p cannot handle IBSS network\n", dev );
+		return -ENOSYS;
+	}
+
+	dev->phy_flags &= ~( NET80211_PHY_USE_SHORT_PREAMBLE |
+			     NET80211_PHY_USE_SHORT_SLOT );
+
+	if ( capab & IEEE80211_CAPAB_SHORT_PMBL )
+		dev->phy_flags |= NET80211_PHY_USE_SHORT_PREAMBLE;
+
+	if ( capab & IEEE80211_CAPAB_SHORT_SLOT )
+		dev->phy_flags |= NET80211_PHY_USE_SHORT_SLOT;
+
+	if ( old_phy != dev->phy_flags )
+		dev->op->config ( dev, NET80211_CFG_PHY_PARAMS );
+
+	return 0;
+}
+
+/**
+ * Update 802.11 device state to reflect received information elements
+ *
+ * @v dev	802.11 device
+ * @v ie	Pointer to first information element
+ * @v ie_end	Pointer to tail of packet I/O buffer
+ * @ret rc	Return status code
+ */
+static int net80211_process_ie ( struct net80211_device *dev,
+				 union ieee80211_ie *ie, void *ie_end )
+{
+	u16 old_rate = dev->rates[dev->rate];
+	u16 old_phy = dev->phy_flags;
+	int have_rates = 0, i;
+	int ds_channel = 0;
+	int changed = 0;
+	int band = dev->channels[dev->channel].band;
+
+	if ( ! ieee80211_ie_bound ( ie, ie_end ) )
+		return 0;
+
+	for ( ; ie; ie = ieee80211_next_ie ( ie, ie_end ) ) {
+		switch ( ie->id ) {
+		case IEEE80211_IE_SSID:
+			if ( ie->len <= 32 ) {
+				memcpy ( dev->essid, ie->ssid, ie->len );
+				dev->essid[ie->len] = 0;
+			}
+			break;
+
+		case IEEE80211_IE_RATES:
+		case IEEE80211_IE_EXT_RATES:
+			if ( ! have_rates ) {
+				dev->nr_rates = 0;
+				dev->basic_rates = 0;
+				have_rates = 1;
+			}
+			for ( i = 0; i < ie->len &&
+			      dev->nr_rates < NET80211_MAX_RATES; i++ ) {
+				u8 rid = ie->rates[i];
+				u16 rate = ( rid & 0x7f ) * 5;
+
+				if ( rid & 0x80 )
+					dev->basic_rates |=
+						( 1 << dev->nr_rates );
+
+				dev->rates[dev->nr_rates++] = rate;
+			}
+
+			break;
+
+		case IEEE80211_IE_DS_PARAM:
+			if ( dev->channel < dev->nr_channels && ds_channel ==
+			     dev->channels[dev->channel].channel_nr )
+				break;
+			ds_channel = ie->ds_param.current_channel;
+			net80211_change_channel ( dev, ds_channel );
+			break;
+
+		case IEEE80211_IE_COUNTRY:
+			dev->nr_channels = 0;
+
+			DBGC ( dev, "802.11 %p setting country regulations "
+			       "for %c%c\n", dev, ie->country.name[0],
+			       ie->country.name[1] );
+			for ( i = 0; i < ( ie->len - 3 ) / 3; i++ ) {
+				union ieee80211_ie_country_triplet *t =
+					&ie->country.triplet[i];
+				if ( t->first > 200 ) {
+					DBGC ( dev, "802.11 %p ignoring regulatory "
+					       "extension information\n", dev );
+				} else {
+					net80211_add_channels ( dev,
+							t->band.first_channel,
+							t->band.nr_channels,
+							t->band.max_txpower );
+				}
+			}
+			net80211_filter_hw_channels ( dev );
+			break;
+
+		case IEEE80211_IE_ERP_INFO:
+			dev->phy_flags &= ~( NET80211_PHY_USE_PROTECTION |
+					     NET80211_PHY_USE_SHORT_PREAMBLE );
+			if ( ie->erp_info & IEEE80211_ERP_USE_PROTECTION )
+				dev->phy_flags |= NET80211_PHY_USE_PROTECTION;
+			if ( ! ( ie->erp_info & IEEE80211_ERP_BARKER_LONG ) )
+				dev->phy_flags |= NET80211_PHY_USE_SHORT_PREAMBLE;
+			break;
+		}
+	}
+
+	if ( have_rates ) {
+		/* Allow only those rates that are also supported by
+		   the hardware. */
+		int delta = 0, j;
+
+		dev->rate = 0;
+		for ( i = 0; i < dev->nr_rates; i++ ) {
+			int ok = 0;
+			for ( j = 0; j < dev->hw->nr_rates[band]; j++ ) {
+				if ( dev->hw->rates[band][j] == dev->rates[i] ){
+					ok = 1;
+					break;
+				}
+			}
+
+			if ( ! ok )
+				delta++;
+			else {
+				dev->rates[i - delta] = dev->rates[i];
+				if ( old_rate == dev->rates[i] )
+					dev->rate = i - delta;
+			}
+		}
+
+		dev->nr_rates -= delta;
+
+		/* Sort available rates - sorted subclumps tend to already
+		   exist, so insertion sort works well. */
+		for ( i = 1; i < dev->nr_rates; i++ ) {
+			u16 rate = dev->rates[i];
+			u32 tmp, br, mask;
+
+			for ( j = i - 1; j >= 0 && dev->rates[j] >= rate; j-- )
+				dev->rates[j + 1] = dev->rates[j];
+			dev->rates[j + 1] = rate;
+
+			/* Adjust basic_rates to match by rotating the
+			   bits from bit j+1 to bit i left one position. */
+			mask = ( ( 1 << i ) - 1 ) & ~( ( 1 << ( j + 1 ) ) - 1 );
+			br = dev->basic_rates;
+			tmp = br & ( 1 << i );
+			br = ( br & ~( mask | tmp ) ) | ( ( br & mask ) << 1 );
+			br |= ( tmp >> ( i - j - 1 ) );
+			dev->basic_rates = br;
+		}
+
+		net80211_set_rtscts_rate ( dev );
+
+		if ( dev->rates[dev->rate] != old_rate )
+			changed |= NET80211_CFG_RATE;
+	}
+
+	if ( dev->hw->flags & NET80211_HW_NO_SHORT_PREAMBLE )
+		dev->phy_flags &= ~NET80211_PHY_USE_SHORT_PREAMBLE;
+	if ( dev->hw->flags & NET80211_HW_NO_SHORT_SLOT )
+		dev->phy_flags &= ~NET80211_PHY_USE_SHORT_SLOT;
+
+	if ( old_phy != dev->phy_flags )
+		changed |= NET80211_CFG_PHY_PARAMS;
+
+	if ( changed )
+		dev->op->config ( dev, changed );
+
+	return 0;
+}
+
+/**
+ * Create information elements for outgoing probe or association packet
+ *
+ * @v dev		802.11 device
+ * @v ie		Pointer to start of information element area
+ * @ret next_ie		Pointer to first byte after added information elements
+ */
+static union ieee80211_ie *
+net80211_marshal_request_info ( struct net80211_device *dev,
+				union ieee80211_ie *ie )
+{
+	int i;
+
+	ie->id = IEEE80211_IE_SSID;
+	ie->len = strlen ( dev->essid );
+	memcpy ( ie->ssid, dev->essid, ie->len );
+
+	ie = ieee80211_next_ie ( ie, NULL );
+
+	ie->id = IEEE80211_IE_RATES;
+	ie->len = dev->nr_rates;
+	if ( ie->len > 8 )
+		ie->len = 8;
+
+	for ( i = 0; i < ie->len; i++ ) {
+		ie->rates[i] = dev->rates[i] / 5;
+		if ( dev->basic_rates & ( 1 << i ) )
+			ie->rates[i] |= 0x80;
+	}
+
+	ie = ieee80211_next_ie ( ie, NULL );
+
+	if ( dev->rsn_ie && dev->rsn_ie->id == IEEE80211_IE_RSN ) {
+		memcpy ( ie, dev->rsn_ie, dev->rsn_ie->len + 2 );
+		ie = ieee80211_next_ie ( ie, NULL );
+	}
+
+	if ( dev->nr_rates > 8 ) {
+		/* 802.11 requires we use an Extended Basic Rates IE
+		   for the rates beyond the eighth. */
+
+		ie->id = IEEE80211_IE_EXT_RATES;
+		ie->len = dev->nr_rates - 8;
+
+		for ( ; i < dev->nr_rates; i++ ) {
+			ie->rates[i - 8] = dev->rates[i] / 5;
+			if ( dev->basic_rates & ( 1 << i ) )
+				ie->rates[i - 8] |= 0x80;
+		}
+
+		ie = ieee80211_next_ie ( ie, NULL );
+	}
+
+	if ( dev->rsn_ie && dev->rsn_ie->id == IEEE80211_IE_VENDOR ) {
+		memcpy ( ie, dev->rsn_ie, dev->rsn_ie->len + 2 );
+		ie = ieee80211_next_ie ( ie, NULL );
+	}
+
+	return ie;
+}
+
+/** Seconds to wait after finding a network, to possibly find better APs for it
+ *
+ * This is used when a specific SSID to scan for is specified.
+ */
+#define NET80211_PROBE_GATHER    1
+
+/** Seconds to wait after finding a network, to possibly find other networks
+ *
+ * This is used when an empty SSID is specified, to scan for all
+ * networks.
+ */
+#define NET80211_PROBE_GATHER_ALL 2
+
+/** Seconds to allow a probe to take if no network has been found */
+#define NET80211_PROBE_TIMEOUT   6
+
+/**
+ * Begin probe of 802.11 networks
+ *
+ * @v dev	802.11 device
+ * @v essid	SSID to probe for, or "" to accept any (may not be NULL)
+ * @v active	Whether to use active scanning
+ * @ret ctx	Probe context
+ *
+ * Active scanning may only be used on channels 1-11 in the 2.4GHz
+ * band, due to iPXE's lack of a complete regulatory database. If
+ * active scanning is used, probe packets will be sent on each
+ * channel; this can allow association with hidden-SSID networks if
+ * the SSID is properly specified.
+ *
+ * A @c NULL return indicates an out-of-memory condition.
+ *
+ * The returned context must be periodically passed to
+ * net80211_probe_step() until that function returns zero.
+ */
+struct net80211_probe_ctx * net80211_probe_start ( struct net80211_device *dev,
+						   const char *essid,
+						   int active )
+{
+	struct net80211_probe_ctx *ctx = zalloc ( sizeof ( *ctx ) );
+
+	if ( ! ctx )
+		return NULL;
+
+	assert ( netdev_is_open ( dev->netdev ) );
+
+	ctx->dev = dev;
+	ctx->old_keep_mgmt = net80211_keep_mgmt ( dev, 1 );
+	ctx->essid = essid;
+	if ( dev->essid != ctx->essid )
+		strcpy ( dev->essid, ctx->essid );
+
+	if ( active ) {
+		struct ieee80211_probe_req *probe_req;
+		union ieee80211_ie *ie;
+
+		ctx->probe = alloc_iob ( 128 );
+		iob_reserve ( ctx->probe, IEEE80211_TYP_FRAME_HEADER_LEN );
+		probe_req = ctx->probe->data;
+
+		ie = net80211_marshal_request_info ( dev,
+						     probe_req->info_element );
+
+		iob_put ( ctx->probe, ( void * ) ie - ctx->probe->data );
+	}
+
+	ctx->ticks_start = currticks();
+	ctx->ticks_beacon = 0;
+	ctx->ticks_channel = currticks();
+	ctx->hop_time = ticks_per_sec() / ( active ? 2 : 6 );
+
+	/*
+	 * Channels on 2.4GHz overlap, and the most commonly used
+	 * are 1, 6, and 11. We'll get a result faster if we check
+	 * every 5 channels, but in order to hit all of them the
+	 * number of channels must be relatively prime to 5. If it's
+	 * not, tweak the hop.
+	 */
+	ctx->hop_step = 5;
+	while ( dev->nr_channels % ctx->hop_step == 0 && ctx->hop_step > 1 )
+		ctx->hop_step--;
+
+	ctx->beacons = malloc ( sizeof ( *ctx->beacons ) );
+	INIT_LIST_HEAD ( ctx->beacons );
+
+	dev->channel = 0;
+	dev->op->config ( dev, NET80211_CFG_CHANNEL );
+
+	return ctx;
+}
+
+/**
+ * Continue probe of 802.11 networks
+ *
+ * @v ctx	Probe context returned by net80211_probe_start()
+ * @ret rc	Probe status
+ *
+ * The return code will be 0 if the probe is still going on (and this
+ * function should be called again), a positive number if the probe
+ * completed successfully, or a negative error code if the probe
+ * failed for that reason.
+ *
+ * Whether the probe succeeded or failed, you must call
+ * net80211_probe_finish_all() or net80211_probe_finish_best()
+ * (depending on whether you want information on all networks or just
+ * the best-signal one) in order to release the probe context. A
+ * failed probe may still have acquired some valid data.
+ */
+int net80211_probe_step ( struct net80211_probe_ctx *ctx )
+{
+	struct net80211_device *dev = ctx->dev;
+	u32 start_timeout = NET80211_PROBE_TIMEOUT * ticks_per_sec();
+	u32 gather_timeout = ticks_per_sec();
+	u32 now = currticks();
+	struct io_buffer *iob;
+	int signal;
+	int rc;
+	char ssid[IEEE80211_MAX_SSID_LEN + 1];
+
+	gather_timeout *= ( ctx->essid[0] ? NET80211_PROBE_GATHER :
+			    NET80211_PROBE_GATHER_ALL );
+
+	/* Time out if necessary */
+	if ( now >= ctx->ticks_start + start_timeout )
+		return list_empty ( ctx->beacons ) ? -ETIMEDOUT : +1;
+
+	if ( ctx->ticks_beacon > 0 && now >= ctx->ticks_start + gather_timeout )
+		return +1;
+
+	/* Change channels if necessary */
+	if ( now >= ctx->ticks_channel + ctx->hop_time ) {
+		dev->channel = ( dev->channel + ctx->hop_step )
+			% dev->nr_channels;
+		dev->op->config ( dev, NET80211_CFG_CHANNEL );
+		udelay ( dev->hw->channel_change_time );
+
+		ctx->ticks_channel = now;
+
+		if ( ctx->probe ) {
+			struct io_buffer *siob = ctx->probe; /* to send */
+
+			/* make a copy for future use */
+			iob = alloc_iob ( siob->tail - siob->head );
+			iob_reserve ( iob, iob_headroom ( siob ) );
+			memcpy ( iob_put ( iob, iob_len ( siob ) ),
+				 siob->data, iob_len ( siob ) );
+
+			ctx->probe = iob;
+			rc = net80211_tx_mgmt ( dev, IEEE80211_STYPE_PROBE_REQ,
+						eth_broadcast,
+						iob_disown ( siob ) );
+			if ( rc ) {
+				DBGC ( dev, "802.11 %p send probe failed: "
+				       "%s\n", dev, strerror ( rc ) );
+				return rc;
+			}
+		}
+	}
+
+	/* Check for new management packets */
+	while ( ( iob = net80211_mgmt_dequeue ( dev, &signal ) ) != NULL ) {
+		struct ieee80211_frame *hdr;
+		struct ieee80211_beacon *beacon;
+		union ieee80211_ie *ie;
+		struct net80211_wlan *wlan;
+		u16 type;
+
+		hdr = iob->data;
+		type = hdr->fc & IEEE80211_FC_SUBTYPE;
+		beacon = ( struct ieee80211_beacon * ) hdr->data;
+
+		if ( type != IEEE80211_STYPE_BEACON &&
+		     type != IEEE80211_STYPE_PROBE_RESP ) {
+			DBGC2 ( dev, "802.11 %p probe: non-beacon\n", dev );
+			goto drop;
+		}
+
+		if ( ( void * ) beacon->info_element >= iob->tail ) {
+			DBGC ( dev, "802.11 %p probe: beacon with no IEs\n",
+			       dev );
+			goto drop;
+		}
+
+		ie = beacon->info_element;
+
+		if ( ! ieee80211_ie_bound ( ie, iob->tail ) )
+			ie = NULL;
+
+		while ( ie && ie->id != IEEE80211_IE_SSID )
+			ie = ieee80211_next_ie ( ie, iob->tail );
+
+		if ( ! ie ) {
+			DBGC ( dev, "802.11 %p probe: beacon with no SSID\n",
+			       dev );
+			goto drop;
+		}
+
+		memcpy ( ssid, ie->ssid, ie->len );
+		ssid[ie->len] = 0;
+
+		if ( ctx->essid[0] && strcmp ( ctx->essid, ssid ) != 0 ) {
+			DBGC2 ( dev, "802.11 %p probe: beacon with wrong SSID "
+				"(%s)\n", dev, ssid );
+			goto drop;
+		}
+
+		/* See if we've got an entry for this network */
+		list_for_each_entry ( wlan, ctx->beacons, list ) {
+			if ( strcmp ( wlan->essid, ssid ) != 0 )
+				continue;
+
+			if ( signal < wlan->signal ) {
+				DBGC2 ( dev, "802.11 %p probe: beacon for %s "
+					"(%s) with weaker signal %d\n", dev,
+					ssid, eth_ntoa ( hdr->addr3 ), signal );
+				goto drop;
+			}
+
+			goto fill;
+		}
+
+		/* No entry yet - make one */
+		wlan = zalloc ( sizeof ( *wlan ) );
+		strcpy ( wlan->essid, ssid );
+		list_add_tail ( &wlan->list, ctx->beacons );
+
+		/* Whether we're using an old entry or a new one, fill
+		   it with new data. */
+	fill:
+		memcpy ( wlan->bssid, hdr->addr3, ETH_ALEN );
+		wlan->signal = signal;
+		wlan->channel = dev->channels[dev->channel].channel_nr;
+
+		/* Copy this I/O buffer into a new wlan->beacon; the
+		 * iob we've got probably came from the device driver
+		 * and may have the full 2.4k allocation, which we
+		 * don't want to keep around wasting memory.
+		 */
+		free_iob ( wlan->beacon );
+		wlan->beacon = alloc_iob ( iob_len ( iob ) );
+		memcpy ( iob_put ( wlan->beacon, iob_len ( iob ) ),
+			 iob->data, iob_len ( iob ) );
+
+		if ( ( rc = sec80211_detect ( wlan->beacon, &wlan->handshaking,
+					      &wlan->crypto ) ) == -ENOTSUP ) {
+			struct ieee80211_beacon *beacon =
+				( struct ieee80211_beacon * ) hdr->data;
+
+			if ( beacon->capability & IEEE80211_CAPAB_PRIVACY ) {
+				DBG ( "802.11 %p probe: secured network %s but "
+				      "encryption support not compiled in\n",
+				      dev, wlan->essid );
+				wlan->handshaking = NET80211_SECPROT_UNKNOWN;
+				wlan->crypto = NET80211_CRYPT_UNKNOWN;
+			} else {
+				wlan->handshaking = NET80211_SECPROT_NONE;
+				wlan->crypto = NET80211_CRYPT_NONE;
+			}
+		} else if ( rc != 0 ) {
+			DBGC ( dev, "802.11 %p probe warning: network "
+			       "%s with unidentifiable security "
+			       "settings: %s\n", dev, wlan->essid,
+			       strerror ( rc ) );
+		}
+
+		ctx->ticks_beacon = now;
+
+		DBGC2 ( dev, "802.11 %p probe: good beacon for %s (%s)\n",
+			dev, wlan->essid, eth_ntoa ( wlan->bssid ) );
+
+	drop:
+		free_iob ( iob );
+	}
+
+	return 0;
+}
+
+
+/**
+ * Finish probe of 802.11 networks, returning best-signal network found
+ *
+ * @v ctx	Probe context
+ * @ret wlan	Best-signal network found, or @c NULL if none were found
+ *
+ * If net80211_probe_start() was called with a particular SSID
+ * parameter as filter, only a network with that SSID (matching
+ * case-sensitively) can be returned from this function.
+ */
+struct net80211_wlan *
+net80211_probe_finish_best ( struct net80211_probe_ctx *ctx )
+{
+	struct net80211_wlan *best = NULL, *wlan;
+
+	if ( ! ctx )
+		return NULL;
+
+	list_for_each_entry ( wlan, ctx->beacons, list ) {
+		if ( ! best || best->signal < wlan->signal )
+			best = wlan;
+	}
+
+	if ( best )
+		list_del ( &best->list );
+	else
+		DBGC ( ctx->dev, "802.11 %p probe: found nothing for '%s'\n",
+		       ctx->dev, ctx->essid );
+
+	net80211_free_wlanlist ( ctx->beacons );
+
+	net80211_keep_mgmt ( ctx->dev, ctx->old_keep_mgmt );
+
+	if ( ctx->probe )
+		free_iob ( ctx->probe );
+
+	free ( ctx );
+
+	return best;
+}
+
+
+/**
+ * Finish probe of 802.11 networks, returning all networks found
+ *
+ * @v ctx	Probe context
+ * @ret list	List of net80211_wlan detailing networks found
+ *
+ * If net80211_probe_start() was called with a particular SSID
+ * parameter as filter, this will always return either an empty or a
+ * one-element list.
+ */
+struct list_head *net80211_probe_finish_all ( struct net80211_probe_ctx *ctx )
+{
+	struct list_head *beacons = ctx->beacons;
+
+	if ( ! ctx )
+		return NULL;
+
+	net80211_keep_mgmt ( ctx->dev, ctx->old_keep_mgmt );
+
+	if ( ctx->probe )
+		free_iob ( ctx->probe );
+
+	free ( ctx );
+
+	return beacons;
+}
+
+
+/**
+ * Free WLAN structure
+ *
+ * @v wlan	WLAN structure to free
+ */
+void net80211_free_wlan ( struct net80211_wlan *wlan )
+{
+	if ( wlan ) {
+		free_iob ( wlan->beacon );
+		free ( wlan );
+	}
+}
+
+
+/**
+ * Free list of WLAN structures
+ *
+ * @v list	List of WLAN structures to free
+ */
+void net80211_free_wlanlist ( struct list_head *list )
+{
+	struct net80211_wlan *wlan, *tmp;
+
+	if ( ! list )
+		return;
+
+	list_for_each_entry_safe ( wlan, tmp, list, list ) {
+		list_del ( &wlan->list );
+		net80211_free_wlan ( wlan );
+	}
+
+	free ( list );
+}
+
+
+/** Number of ticks to wait for replies to association management frames */
+#define ASSOC_TIMEOUT	TICKS_PER_SEC
+
+/** Number of times to try sending a particular association management frame */
+#define ASSOC_RETRIES	2
+
+/**
+ * Step 802.11 association process
+ *
+ * @v dev	802.11 device
+ */
+static void net80211_step_associate ( struct net80211_device *dev )
+{
+	int rc = 0;
+	int status = dev->state & NET80211_STATUS_MASK;
+
+	/*
+	 * We use a sort of state machine implemented using bits in
+	 * the dev->state variable. At each call, we take the
+	 * logically first step that has not yet succeeded; either it
+	 * has not been tried yet, it's being retried, or it failed.
+	 * If it failed, we return an error indication; otherwise we
+	 * perform the step. If it succeeds, RX handling code will set
+	 * the appropriate status bit for us.
+	 *
+	 * Probe works a bit differently, since we have to step it
+	 * on every call instead of waiting for a packet to arrive
+	 * that will set the completion bit for us.
+	 */
+
+	/* If we're waiting for a reply, check for timeout condition */
+	if ( dev->state & NET80211_WAITING ) {
+		/* Sanity check */
+		if ( ! dev->associating )
+			return;
+
+		if ( currticks() - dev->ctx.assoc->last_packet > ASSOC_TIMEOUT ) {
+			/* Timed out - fail if too many retries, or retry */
+			dev->ctx.assoc->times_tried++;
+			if ( ++dev->ctx.assoc->times_tried > ASSOC_RETRIES ) {
+				rc = -ETIMEDOUT;
+				goto fail;
+			}
+		} else {
+			/* Didn't time out - let it keep going */
+			return;
+		}
+	} else {
+		if ( dev->state & NET80211_PROBED )
+			dev->ctx.assoc->times_tried = 0;
+	}
+
+	if ( ! ( dev->state & NET80211_PROBED ) ) {
+		/* state: probe */
+
+		if ( ! dev->ctx.probe ) {
+			/* start probe */
+			int active = fetch_intz_setting ( NULL,
+						&net80211_active_setting );
+			int band = dev->hw->bands;
+
+			if ( active )
+				band &= ~NET80211_BAND_BIT_5GHZ;
+
+			rc = net80211_prepare_probe ( dev, band, active );
+			if ( rc )
+				goto fail;
+
+			dev->ctx.probe = net80211_probe_start ( dev, dev->essid,
+								active );
+			if ( ! dev->ctx.probe ) {
+				dev->assoc_rc = -ENOMEM;
+				goto fail;
+			}
+		}
+
+		rc = net80211_probe_step ( dev->ctx.probe );
+		if ( ! rc ) {
+			return;	/* still going */
+		}
+
+		dev->associating = net80211_probe_finish_best ( dev->ctx.probe );
+		dev->ctx.probe = NULL;
+		if ( ! dev->associating ) {
+			if ( rc > 0 ) /* "successful" probe found nothing */
+				rc = -ETIMEDOUT;
+			goto fail;
+		}
+
+		/* If we probed using a broadcast SSID, record that
+		   fact for the settings applicator before we clobber
+		   it with the specific SSID we've chosen. */
+		if ( ! dev->essid[0] )
+			dev->state |= NET80211_AUTO_SSID;
+
+		DBGC ( dev, "802.11 %p found network %s (%s)\n", dev,
+		       dev->associating->essid,
+		       eth_ntoa ( dev->associating->bssid ) );
+
+		dev->ctx.assoc = zalloc ( sizeof ( *dev->ctx.assoc ) );
+		if ( ! dev->ctx.assoc ) {
+			rc = -ENOMEM;
+			goto fail;
+		}
+
+		dev->state |= NET80211_PROBED;
+		dev->ctx.assoc->method = IEEE80211_AUTH_OPEN_SYSTEM;
+
+		return;
+	}
+
+	/* Record time of sending the packet we're about to send, for timeout */
+	dev->ctx.assoc->last_packet = currticks();
+
+	if ( ! ( dev->state & NET80211_AUTHENTICATED ) ) {
+		/* state: prepare and authenticate */
+
+		if ( status != IEEE80211_STATUS_SUCCESS ) {
+			/* we tried authenticating already, but failed */
+			int method = dev->ctx.assoc->method;
+
+			if ( method == IEEE80211_AUTH_OPEN_SYSTEM &&
+			     ( status == IEEE80211_STATUS_AUTH_CHALL_INVALID ||
+			       status == IEEE80211_STATUS_AUTH_ALGO_UNSUPP ) ) {
+				/* Maybe this network uses Shared Key? */
+				dev->ctx.assoc->method =
+					IEEE80211_AUTH_SHARED_KEY;
+			} else {
+				goto fail;
+			}
+		}
+
+		DBGC ( dev, "802.11 %p authenticating with method %d\n", dev,
+		       dev->ctx.assoc->method );
+
+		rc = net80211_prepare_assoc ( dev, dev->associating );
+		if ( rc )
+			goto fail;
+
+		rc = net80211_send_auth ( dev, dev->associating,
+					  dev->ctx.assoc->method );
+		if ( rc )
+			goto fail;
+
+		return;
+	}
+
+	if ( ! ( dev->state & NET80211_ASSOCIATED ) ) {
+		/* state: associate */
+
+		if ( status != IEEE80211_STATUS_SUCCESS )
+			goto fail;
+
+		DBGC ( dev, "802.11 %p associating\n", dev );
+
+		if ( dev->handshaker && dev->handshaker->start &&
+		     ! dev->handshaker->started ) {
+			rc = dev->handshaker->start ( dev );
+			if ( rc < 0 )
+				goto fail;
+			dev->handshaker->started = 1;
+		}
+
+		rc = net80211_send_assoc ( dev, dev->associating );
+		if ( rc )
+			goto fail;
+
+		return;
+	}
+
+	if ( ! ( dev->state & NET80211_CRYPTO_SYNCED ) ) {
+		/* state: crypto sync */
+		DBGC ( dev, "802.11 %p security handshaking\n", dev );
+
+		if ( ! dev->handshaker || ! dev->handshaker->step ) {
+			dev->state |= NET80211_CRYPTO_SYNCED;
+			return;
+		}
+
+		rc = dev->handshaker->step ( dev );
+
+		if ( rc < 0 ) {
+			/* Only record the returned error if we're
+			   still marked as associated, because an
+			   asynchronous error will have already been
+			   reported to net80211_deauthenticate() and
+			   assoc_rc thereby set. */
+			if ( dev->state & NET80211_ASSOCIATED )
+				dev->assoc_rc = rc;
+			rc = 0;
+			goto fail;
+		}
+
+		if ( rc > 0 ) {
+			dev->assoc_rc = 0;
+			dev->state |= NET80211_CRYPTO_SYNCED;
+		}
+		return;
+	}
+
+	/* state: done! */
+	netdev_link_up ( dev->netdev );
+	dev->assoc_rc = 0;
+	dev->state &= ~NET80211_WORKING;
+
+	free ( dev->ctx.assoc );
+	dev->ctx.assoc = NULL;
+
+	net80211_free_wlan ( dev->associating );
+	dev->associating = NULL;
+
+	dev->rctl = rc80211_init ( dev );
+
+	process_del ( &dev->proc_assoc );
+
+	DBGC ( dev, "802.11 %p associated with %s (%s)\n", dev,
+	       dev->essid, eth_ntoa ( dev->bssid ) );
+
+	return;
+
+ fail:
+	dev->state &= ~( NET80211_WORKING | NET80211_WAITING );
+	if ( rc )
+		dev->assoc_rc = rc;
+
+	netdev_link_err ( dev->netdev, dev->assoc_rc );
+
+	/* We never reach here from the middle of a probe, so we don't
+	   need to worry about freeing dev->ctx.probe. */
+
+	if ( dev->state & NET80211_PROBED ) {
+		free ( dev->ctx.assoc );
+		dev->ctx.assoc = NULL;
+	}
+
+	net80211_free_wlan ( dev->associating );
+	dev->associating = NULL;
+
+	process_del ( &dev->proc_assoc );
+
+	DBGC ( dev, "802.11 %p association failed (state=%04x): "
+	       "%s\n", dev, dev->state, strerror ( dev->assoc_rc ) );
+
+	/* Try it again: */
+	net80211_autoassociate ( dev );
+}
+
+/**
+ * Check for 802.11 SSID or key updates
+ *
+ * This acts as a settings applicator; if the user changes netX/ssid,
+ * and netX is currently open, the association task will be invoked
+ * again. If the user changes the encryption key, the current security
+ * handshaker will be asked to update its state to match; if that is
+ * impossible without reassociation, we reassociate.
+ */
+static int net80211_check_settings_update ( void )
+{
+	struct net80211_device *dev;
+	char ssid[IEEE80211_MAX_SSID_LEN + 1];
+	int key_reassoc;
+
+	list_for_each_entry ( dev, &net80211_devices, list ) {
+		if ( ! netdev_is_open ( dev->netdev ) )
+			continue;
+
+		key_reassoc = 0;
+		if ( dev->handshaker && dev->handshaker->change_key &&
+		     dev->handshaker->change_key ( dev ) < 0 )
+			key_reassoc = 1;
+
+		fetch_string_setting ( netdev_settings ( dev->netdev ),
+				       &net80211_ssid_setting, ssid,
+				       IEEE80211_MAX_SSID_LEN + 1 );
+
+		if ( key_reassoc ||
+		     ( ! ( ! ssid[0] && ( dev->state & NET80211_AUTO_SSID ) ) &&
+		       strcmp ( ssid, dev->essid ) != 0 ) ) {
+			DBGC ( dev, "802.11 %p updating association: "
+			       "%s -> %s\n", dev, dev->essid, ssid );
+			net80211_autoassociate ( dev );
+		}
+	}
+
+	return 0;
+}
+
+/**
+ * Start 802.11 association process
+ *
+ * @v dev	802.11 device
+ *
+ * If the association process is running, it will be restarted.
+ */
+void net80211_autoassociate ( struct net80211_device *dev )
+{
+	if ( ! ( dev->state & NET80211_WORKING ) ) {
+		DBGC2 ( dev, "802.11 %p spawning association process\n", dev );
+		process_add ( &dev->proc_assoc );
+	} else {
+		DBGC2 ( dev, "802.11 %p restarting association\n", dev );
+	}
+
+	/* Clean up everything an earlier association process might
+	   have been in the middle of using */
+	if ( dev->associating )
+		net80211_free_wlan ( dev->associating );
+
+	if ( ! ( dev->state & NET80211_PROBED ) )
+		net80211_free_wlan (
+			net80211_probe_finish_best ( dev->ctx.probe ) );
+	else
+		free ( dev->ctx.assoc );
+
+	/* Reset to a clean state */
+	fetch_string_setting ( netdev_settings ( dev->netdev ),
+			       &net80211_ssid_setting, dev->essid,
+			       IEEE80211_MAX_SSID_LEN + 1 );
+	dev->ctx.probe = NULL;
+	dev->associating = NULL;
+	dev->assoc_rc = 0;
+	net80211_set_state ( dev, NET80211_PROBED, NET80211_WORKING, 0 );
+}
+
+/**
+ * Pick TX rate for RTS/CTS packets based on data rate
+ *
+ * @v dev	802.11 device
+ *
+ * The RTS/CTS rate is the fastest TX rate marked as "basic" that is
+ * not faster than the data rate.
+ */
+static void net80211_set_rtscts_rate ( struct net80211_device *dev )
+{
+	u16 datarate = dev->rates[dev->rate];
+	u16 rtsrate = 0;
+	int rts_idx = -1;
+	int i;
+
+	for ( i = 0; i < dev->nr_rates; i++ ) {
+		u16 rate = dev->rates[i];
+
+		if ( ! ( dev->basic_rates & ( 1 << i ) ) || rate > datarate )
+			continue;
+
+		if ( rate > rtsrate ) {
+			rtsrate = rate;
+			rts_idx = i;
+		}
+	}
+
+	/* If this is in initialization, we might not have any basic
+	   rates; just use the first data rate in that case. */
+	if ( rts_idx < 0 )
+		rts_idx = 0;
+
+	dev->rtscts_rate = rts_idx;
+}
+
+/**
+ * Set data transmission rate for 802.11 device
+ *
+ * @v dev	802.11 device
+ * @v rate	Rate to set, as index into @c dev->rates array
+ */
+void net80211_set_rate_idx ( struct net80211_device *dev, int rate )
+{
+	assert ( netdev_is_open ( dev->netdev ) );
+
+	if ( rate >= 0 && rate < dev->nr_rates && rate != dev->rate ) {
+		DBGC2 ( dev, "802.11 %p changing rate from %d->%d Mbps\n",
+			dev, dev->rates[dev->rate] / 10,
+			dev->rates[rate] / 10 );
+
+		dev->rate = rate;
+		net80211_set_rtscts_rate ( dev );
+		dev->op->config ( dev, NET80211_CFG_RATE );
+	}
+}
+
+/**
+ * Configure 802.11 device to transmit on a certain channel
+ *
+ * @v dev	802.11 device
+ * @v channel	Channel number (1-11 for 2.4GHz) to transmit on
+ */
+int net80211_change_channel ( struct net80211_device *dev, int channel )
+{
+	int i, oldchan = dev->channel;
+
+	assert ( netdev_is_open ( dev->netdev ) );
+
+	for ( i = 0; i < dev->nr_channels; i++ ) {
+		if ( dev->channels[i].channel_nr == channel ) {
+			dev->channel = i;
+			break;
+		}
+	}
+
+	if ( i == dev->nr_channels )
+		return -ENOENT;
+
+	if ( i != oldchan )
+		return dev->op->config ( dev, NET80211_CFG_CHANNEL );
+
+	return 0;
+}
+
+/**
+ * Prepare 802.11 device channel and rate set for scanning
+ *
+ * @v dev	802.11 device
+ * @v band	RF band(s) on which to prepare for scanning
+ * @v active	Whether the scanning will be active
+ * @ret rc	Return status code
+ */
+int net80211_prepare_probe ( struct net80211_device *dev, int band,
+			     int active )
+{
+	assert ( netdev_is_open ( dev->netdev ) );
+
+	if ( active && ( band & NET80211_BAND_BIT_5GHZ ) ) {
+		DBGC ( dev, "802.11 %p cannot perform active scanning on "
+		       "5GHz band\n", dev );
+		return -EINVAL_ACTIVE_SCAN;
+	}
+
+	if ( band == 0 ) {
+		/* This can happen for a 5GHz-only card with 5GHz
+		   scanning masked out by an active request. */
+		DBGC ( dev, "802.11 %p asked to prepare for scanning nothing\n",
+		       dev );
+		return -EINVAL_ACTIVE_SCAN;
+	}
+
+	dev->nr_channels = 0;
+
+	if ( active )
+		net80211_add_channels ( dev, 1, 11, NET80211_REG_TXPOWER );
+	else {
+		if ( band & NET80211_BAND_BIT_2GHZ )
+			net80211_add_channels ( dev, 1, 14,
+						NET80211_REG_TXPOWER );
+		if ( band & NET80211_BAND_BIT_5GHZ )
+			net80211_add_channels ( dev, 36, 8,
+						NET80211_REG_TXPOWER );
+	}
+
+	net80211_filter_hw_channels ( dev );
+
+	/* Use channel 1 for now */
+	dev->channel = 0;
+	dev->op->config ( dev, NET80211_CFG_CHANNEL );
+
+	/* Always do active probes at lowest (presumably first) speed */
+	dev->rate = 0;
+	dev->nr_rates = 1;
+	dev->rates[0] = dev->hw->rates[dev->channels[0].band][0];
+	dev->op->config ( dev, NET80211_CFG_RATE );
+
+	return 0;
+}
+
+/**
+ * Prepare 802.11 device channel and rate set for communication
+ *
+ * @v dev	802.11 device
+ * @v wlan	WLAN to prepare for communication with
+ * @ret rc	Return status code
+ */
+int net80211_prepare_assoc ( struct net80211_device *dev,
+			     struct net80211_wlan *wlan )
+{
+	struct ieee80211_frame *hdr = wlan->beacon->data;
+	struct ieee80211_beacon *beacon =
+		( struct ieee80211_beacon * ) hdr->data;
+	struct net80211_handshaker *handshaker;
+	int rc;
+
+	assert ( netdev_is_open ( dev->netdev ) );
+
+	net80211_set_state ( dev, NET80211_ASSOCIATED, 0, 0 );
+	memcpy ( dev->bssid, wlan->bssid, ETH_ALEN );
+	strcpy ( dev->essid, wlan->essid );
+
+	free ( dev->rsn_ie );
+	dev->rsn_ie = NULL;
+
+	dev->last_beacon_timestamp = beacon->timestamp;
+	dev->tx_beacon_interval = 1024 * beacon->beacon_interval;
+
+	/* Barring an IE that tells us the channel outright, assume
+	   the channel we heard this AP best on is the channel it's
+	   communicating on. */
+	net80211_change_channel ( dev, wlan->channel );
+
+	rc = net80211_process_capab ( dev, beacon->capability );
+	if ( rc )
+		return rc;
+
+	rc = net80211_process_ie ( dev, beacon->info_element,
+				   wlan->beacon->tail );
+	if ( rc )
+		return rc;
+
+	/* Associate at the lowest rate so we know it'll get through */
+	dev->rate = 0;
+	dev->op->config ( dev, NET80211_CFG_RATE );
+
+	/* Free old handshaker and crypto, if they exist */
+	if ( dev->handshaker && dev->handshaker->stop &&
+	     dev->handshaker->started )
+		dev->handshaker->stop ( dev );
+	free ( dev->handshaker );
+	dev->handshaker = NULL;
+	free ( dev->crypto );
+	free ( dev->gcrypto );
+	dev->crypto = dev->gcrypto = NULL;
+
+	/* Find new security handshaker to use */
+	for_each_table_entry ( handshaker, NET80211_HANDSHAKERS ) {
+		if ( handshaker->protocol == wlan->handshaking ) {
+			dev->handshaker = zalloc ( sizeof ( *handshaker ) +
+						   handshaker->priv_len );
+			if ( ! dev->handshaker )
+				return -ENOMEM;
+
+			memcpy ( dev->handshaker, handshaker,
+				 sizeof ( *handshaker ) );
+			dev->handshaker->priv = ( ( void * ) dev->handshaker +
+						  sizeof ( *handshaker ) );
+			break;
+		}
+	}
+
+	if ( ( wlan->handshaking != NET80211_SECPROT_NONE ) &&
+	     ! dev->handshaker ) {
+		DBGC ( dev, "802.11 %p no support for handshaking scheme %d\n",
+		       dev, wlan->handshaking );
+		return -( ENOTSUP | ( wlan->handshaking << 8 ) );
+	}
+
+	/* Initialize security handshaker */
+	if ( dev->handshaker ) {
+		rc = dev->handshaker->init ( dev );
+		if ( rc < 0 )
+			return rc;
+	}
+
+	return 0;
+}
+
+/**
+ * Send 802.11 initial authentication frame
+ *
+ * @v dev	802.11 device
+ * @v wlan	WLAN to authenticate with
+ * @v method	Authentication method
+ * @ret rc	Return status code
+ *
+ * @a method may be 0 for Open System authentication or 1 for Shared
+ * Key authentication. Open System provides no security in association
+ * whatsoever, relying on encryption for confidentiality, but Shared
+ * Key actively introduces security problems and is very rarely used.
+ */
+int net80211_send_auth ( struct net80211_device *dev,
+			 struct net80211_wlan *wlan, int method )
+{
+	struct io_buffer *iob = alloc_iob ( 64 );
+	struct ieee80211_auth *auth;
+
+	net80211_set_state ( dev, 0, NET80211_WAITING, 0 );
+	iob_reserve ( iob, IEEE80211_TYP_FRAME_HEADER_LEN );
+	auth = iob_put ( iob, sizeof ( *auth ) );
+	auth->algorithm = method;
+	auth->tx_seq = 1;
+	auth->status = 0;
+
+	return net80211_tx_mgmt ( dev, IEEE80211_STYPE_AUTH, wlan->bssid, iob );
+}
+
+/**
+ * Handle receipt of 802.11 authentication frame
+ *
+ * @v dev	802.11 device
+ * @v iob	I/O buffer
+ *
+ * If the authentication method being used is Shared Key, and the
+ * frame that was received included challenge text, the frame is
+ * encrypted using the cryptosystem currently in effect and sent back
+ * to the AP to complete the authentication.
+ */
+static void net80211_handle_auth ( struct net80211_device *dev,
+				   struct io_buffer *iob )
+{
+	struct ieee80211_frame *hdr = iob->data;
+	struct ieee80211_auth *auth =
+	    ( struct ieee80211_auth * ) hdr->data;
+
+	if ( auth->tx_seq & 1 ) {
+		DBGC ( dev, "802.11 %p authentication received improperly "
+		       "directed frame (seq. %d)\n", dev, auth->tx_seq );
+		net80211_set_state ( dev, NET80211_WAITING, 0,
+				     IEEE80211_STATUS_FAILURE );
+		return;
+	}
+
+	if ( auth->status != IEEE80211_STATUS_SUCCESS ) {
+		DBGC ( dev, "802.11 %p authentication failed: status %d\n",
+		       dev, auth->status );
+		net80211_set_state ( dev, NET80211_WAITING, 0,
+				     auth->status );
+		return;
+	}
+
+	if ( auth->algorithm == IEEE80211_AUTH_SHARED_KEY && ! dev->crypto ) {
+		DBGC ( dev, "802.11 %p can't perform shared-key authentication "
+		       "without a cryptosystem\n", dev );
+		net80211_set_state ( dev, NET80211_WAITING, 0,
+				     IEEE80211_STATUS_FAILURE );
+		return;
+	}
+
+	if ( auth->algorithm == IEEE80211_AUTH_SHARED_KEY &&
+	     auth->tx_seq == 2 ) {
+		/* Since the iob we got is going to be freed as soon
+		   as we return, we can do some in-place
+		   modification. */
+		auth->tx_seq = 3;
+		auth->status = 0;
+
+		memcpy ( hdr->addr2, hdr->addr1, ETH_ALEN );
+		memcpy ( hdr->addr1, hdr->addr3, ETH_ALEN );
+
+		netdev_tx ( dev->netdev,
+			    dev->crypto->encrypt ( dev->crypto, iob ) );
+		return;
+	}
+
+	net80211_set_state ( dev, NET80211_WAITING, NET80211_AUTHENTICATED,
+			     IEEE80211_STATUS_SUCCESS );
+
+	return;
+}
+
+/**
+ * Send 802.11 association frame
+ *
+ * @v dev	802.11 device
+ * @v wlan	WLAN to associate with
+ * @ret rc	Return status code
+ */
+int net80211_send_assoc ( struct net80211_device *dev,
+			  struct net80211_wlan *wlan )
+{
+	struct io_buffer *iob = alloc_iob ( 128 );
+	struct ieee80211_assoc_req *assoc;
+	union ieee80211_ie *ie;
+
+	net80211_set_state ( dev, 0, NET80211_WAITING, 0 );
+
+	iob_reserve ( iob, IEEE80211_TYP_FRAME_HEADER_LEN );
+	assoc = iob->data;
+
+	assoc->capability = IEEE80211_CAPAB_MANAGED;
+	if ( ! ( dev->hw->flags & NET80211_HW_NO_SHORT_PREAMBLE ) )
+		assoc->capability |= IEEE80211_CAPAB_SHORT_PMBL;
+	if ( ! ( dev->hw->flags & NET80211_HW_NO_SHORT_SLOT ) )
+		assoc->capability |= IEEE80211_CAPAB_SHORT_SLOT;
+	if ( wlan->crypto )
+		assoc->capability |= IEEE80211_CAPAB_PRIVACY;
+
+	assoc->listen_interval = 1;
+
+	ie = net80211_marshal_request_info ( dev, assoc->info_element );
+
+	DBGP ( "802.11 %p about to send association request:\n", dev );
+	DBGP_HD ( iob->data, ( void * ) ie - iob->data );
+
+	iob_put ( iob, ( void * ) ie - iob->data );
+
+	return net80211_tx_mgmt ( dev, IEEE80211_STYPE_ASSOC_REQ,
+				  wlan->bssid, iob );
+}
+
+/**
+ * Handle receipt of 802.11 association reply frame
+ *
+ * @v dev	802.11 device
+ * @v iob	I/O buffer
+ */
+static void net80211_handle_assoc_reply ( struct net80211_device *dev,
+					  struct io_buffer *iob )
+{
+	struct ieee80211_frame *hdr = iob->data;
+	struct ieee80211_assoc_resp *assoc =
+		( struct ieee80211_assoc_resp * ) hdr->data;
+
+	net80211_process_capab ( dev, assoc->capability );
+	net80211_process_ie ( dev, assoc->info_element, iob->tail );
+
+	if ( assoc->status != IEEE80211_STATUS_SUCCESS ) {
+		DBGC ( dev, "802.11 %p association failed: status %d\n",
+		       dev, assoc->status );
+		net80211_set_state ( dev, NET80211_WAITING, 0,
+				     assoc->status );
+		return;
+	}
+
+	/* ESSID was filled before the association request was sent */
+	memcpy ( dev->bssid, hdr->addr3, ETH_ALEN );
+	dev->aid = assoc->aid;
+
+	net80211_set_state ( dev, NET80211_WAITING, NET80211_ASSOCIATED,
+			     IEEE80211_STATUS_SUCCESS );
+}
+
+
+/**
+ * Send 802.11 disassociation frame
+ *
+ * @v dev	802.11 device
+ * @v reason	Reason for disassociation
+ * @v deauth	If TRUE, send deauthentication instead of disassociation
+ * @ret rc	Return status code
+ */
+static int net80211_send_disassoc ( struct net80211_device *dev, int reason,
+				    int deauth )
+{
+	struct io_buffer *iob = alloc_iob ( 64 );
+	struct ieee80211_disassoc *disassoc;
+
+	if ( ! ( dev->state & NET80211_ASSOCIATED ) )
+		return -EINVAL;
+
+	net80211_set_state ( dev, NET80211_ASSOCIATED, 0, 0 );
+	iob_reserve ( iob, IEEE80211_TYP_FRAME_HEADER_LEN );
+	disassoc = iob_put ( iob, sizeof ( *disassoc ) );
+	disassoc->reason = reason;
+
+	return net80211_tx_mgmt ( dev, deauth ? IEEE80211_STYPE_DEAUTH :
+				  IEEE80211_STYPE_DISASSOC, dev->bssid, iob );
+}
+
+
+/**
+ * Deauthenticate from current network and try again
+ *
+ * @v dev	802.11 device
+ * @v rc	Return status code indicating reason
+ *
+ * The deauthentication will be sent using an 802.11 "unspecified
+ * reason", as is common, but @a rc will be set as a link-up
+ * error to aid the user in debugging.
+ */
+void net80211_deauthenticate ( struct net80211_device *dev, int rc )
+{
+	net80211_send_disassoc ( dev, IEEE80211_REASON_UNSPECIFIED, 1 );
+	dev->assoc_rc = rc;
+	netdev_link_err ( dev->netdev, rc );
+
+	net80211_autoassociate ( dev );
+}
+
+
+/** Smoothing factor (1-7) for link quality calculation */
+#define LQ_SMOOTH	7
+
+/**
+ * Update link quality information based on received beacon
+ *
+ * @v dev	802.11 device
+ * @v iob	I/O buffer containing beacon
+ * @ret rc	Return status code
+ */
+static void net80211_update_link_quality ( struct net80211_device *dev,
+					   struct io_buffer *iob )
+{
+	struct ieee80211_frame *hdr = iob->data;
+	struct ieee80211_beacon *beacon;
+	u32 dt, rxi;
+
+	if ( ! ( dev->state & NET80211_ASSOCIATED ) )
+		return;
+
+	beacon = ( struct ieee80211_beacon * ) hdr->data;
+	dt = ( u32 ) ( beacon->timestamp - dev->last_beacon_timestamp );
+	rxi = dev->rx_beacon_interval;
+
+	rxi = ( LQ_SMOOTH * rxi ) + ( ( 8 - LQ_SMOOTH ) * dt );
+	dev->rx_beacon_interval = rxi >> 3;
+
+	dev->last_beacon_timestamp = beacon->timestamp;
+}
+
+
+/**
+ * Handle receipt of 802.11 management frame
+ *
+ * @v dev	802.11 device
+ * @v iob	I/O buffer
+ * @v signal	Signal strength of received frame
+ */
+static void net80211_handle_mgmt ( struct net80211_device *dev,
+				   struct io_buffer *iob, int signal )
+{
+	struct ieee80211_frame *hdr = iob->data;
+	struct ieee80211_disassoc *disassoc;
+	u16 stype = hdr->fc & IEEE80211_FC_SUBTYPE;
+	int keep = 0;
+	int is_deauth = ( stype == IEEE80211_STYPE_DEAUTH );
+
+	if ( ( hdr->fc & IEEE80211_FC_TYPE ) != IEEE80211_TYPE_MGMT ) {
+		free_iob ( iob );
+		return;		/* only handle management frames */
+	}
+
+	switch ( stype ) {
+		/* We reconnect on deauthentication and disassociation. */
+	case IEEE80211_STYPE_DEAUTH:
+	case IEEE80211_STYPE_DISASSOC:
+		disassoc = ( struct ieee80211_disassoc * ) hdr->data;
+		net80211_set_state ( dev, is_deauth ? NET80211_AUTHENTICATED :
+				     NET80211_ASSOCIATED, 0,
+				     NET80211_IS_REASON | disassoc->reason );
+		DBGC ( dev, "802.11 %p %s: reason %d\n",
+		       dev, is_deauth ? "deauthenticated" : "disassociated",
+		       disassoc->reason );
+
+		/* Try to reassociate, in case it's transient. */
+		net80211_autoassociate ( dev );
+
+		break;
+
+		/* We handle authentication and association. */
+	case IEEE80211_STYPE_AUTH:
+		if ( ! ( dev->state & NET80211_AUTHENTICATED ) )
+			net80211_handle_auth ( dev, iob );
+		break;
+
+	case IEEE80211_STYPE_ASSOC_RESP:
+	case IEEE80211_STYPE_REASSOC_RESP:
+		if ( ! ( dev->state & NET80211_ASSOCIATED ) )
+			net80211_handle_assoc_reply ( dev, iob );
+		break;
+
+		/* We pass probes and beacons onto network scanning
+		   code. Pass actions for future extensibility. */
+	case IEEE80211_STYPE_BEACON:
+		net80211_update_link_quality ( dev, iob );
+		/* fall through */
+	case IEEE80211_STYPE_PROBE_RESP:
+	case IEEE80211_STYPE_ACTION:
+		if ( dev->keep_mgmt ) {
+			struct net80211_rx_info *rxinf;
+			rxinf = zalloc ( sizeof ( *rxinf ) );
+			if ( ! rxinf ) {
+				DBGC ( dev, "802.11 %p out of memory\n", dev );
+				break;
+			}
+			rxinf->signal = signal;
+			list_add_tail ( &iob->list, &dev->mgmt_queue );
+			list_add_tail ( &rxinf->list, &dev->mgmt_info_queue );
+			keep = 1;
+		}
+		break;
+
+	case IEEE80211_STYPE_PROBE_REQ:
+		/* Some nodes send these broadcast. Ignore them. */
+		break;
+
+	case IEEE80211_STYPE_ASSOC_REQ:
+	case IEEE80211_STYPE_REASSOC_REQ:
+		/* We should never receive these, only send them. */
+		DBGC ( dev, "802.11 %p received strange management request "
+		       "(%04x)\n", dev, stype );
+		break;
+
+	default:
+		DBGC ( dev, "802.11 %p received unimplemented management "
+		       "packet (%04x)\n", dev, stype );
+		break;
+	}
+
+	if ( ! keep )
+		free_iob ( iob );
+}
+
+/* ---------- Packet handling functions ---------- */
+
+/**
+ * Free buffers used by 802.11 fragment cache entry
+ *
+ * @v dev	802.11 device
+ * @v fcid	Fragment cache entry index
+ *
+ * After this function, the referenced entry will be marked unused.
+ */
+static void net80211_free_frags ( struct net80211_device *dev, int fcid )
+{
+	int j;
+	struct net80211_frag_cache *frag = &dev->frags[fcid];
+
+	for ( j = 0; j < 16; j++ ) {
+		if ( frag->iob[j] ) {
+			free_iob ( frag->iob[j] );
+			frag->iob[j] = NULL;
+		}
+	}
+
+	frag->seqnr = 0;
+	frag->start_ticks = 0;
+	frag->in_use = 0;
+}
+
+/**
+ * Accumulate 802.11 fragments into one I/O buffer
+ *
+ * @v dev	802.11 device
+ * @v fcid	Fragment cache entry index
+ * @v nfrags	Number of fragments received
+ * @v size	Sum of sizes of all fragments, including headers
+ * @ret iob	I/O buffer containing reassembled packet
+ *
+ * This function does not free the fragment buffers.
+ */
+static struct io_buffer *net80211_accum_frags ( struct net80211_device *dev,
+						int fcid, int nfrags, int size )
+{
+	struct net80211_frag_cache *frag = &dev->frags[fcid];
+	int hdrsize = IEEE80211_TYP_FRAME_HEADER_LEN;
+	int nsize = size - hdrsize * ( nfrags - 1 );
+	int i;
+
+	struct io_buffer *niob = alloc_iob ( nsize );
+	struct ieee80211_frame *hdr;
+
+	/* Add the header from the first one... */
+	memcpy ( iob_put ( niob, hdrsize ), frag->iob[0]->data, hdrsize );
+
+	/* ... and all the data from all of them. */
+	for ( i = 0; i < nfrags; i++ ) {
+		int len = iob_len ( frag->iob[i] ) - hdrsize;
+		memcpy ( iob_put ( niob, len ),
+			 frag->iob[i]->data + hdrsize, len );
+	}
+
+	/* Turn off the fragment bit. */
+	hdr = niob->data;
+	hdr->fc &= ~IEEE80211_FC_MORE_FRAG;
+
+	return niob;
+}
+
+/**
+ * Handle receipt of 802.11 fragment
+ *
+ * @v dev	802.11 device
+ * @v iob	I/O buffer containing fragment
+ * @v signal	Signal strength with which fragment was received
+ */
+static void net80211_rx_frag ( struct net80211_device *dev,
+			       struct io_buffer *iob, int signal )
+{
+	struct ieee80211_frame *hdr = iob->data;
+	int fragnr = IEEE80211_FRAG ( hdr->seq );
+
+	if ( fragnr == 0 && ( hdr->fc & IEEE80211_FC_MORE_FRAG ) ) {
+		/* start a frag cache entry */
+		int i, newest = -1;
+		u32 curr_ticks = currticks(), newest_ticks = 0;
+		u32 timeout = ticks_per_sec() * NET80211_FRAG_TIMEOUT;
+
+		for ( i = 0; i < NET80211_NR_CONCURRENT_FRAGS; i++ ) {
+			if ( dev->frags[i].in_use == 0 )
+				break;
+
+			if ( dev->frags[i].start_ticks + timeout >=
+			     curr_ticks ) {
+				net80211_free_frags ( dev, i );
+				break;
+			}
+
+			if ( dev->frags[i].start_ticks > newest_ticks ) {
+				newest = i;
+				newest_ticks = dev->frags[i].start_ticks;
+			}
+		}
+
+		/* If we're being sent more concurrent fragmented
+		   packets than we can handle, drop the newest so the
+		   older ones have time to complete. */
+		if ( i == NET80211_NR_CONCURRENT_FRAGS ) {
+			i = newest;
+			net80211_free_frags ( dev, i );
+		}
+
+		dev->frags[i].in_use = 1;
+		dev->frags[i].seqnr = IEEE80211_SEQNR ( hdr->seq );
+		dev->frags[i].start_ticks = currticks();
+		dev->frags[i].iob[0] = iob;
+		return;
+	} else {
+		int i;
+		for ( i = 0; i < NET80211_NR_CONCURRENT_FRAGS; i++ ) {
+			if ( dev->frags[i].in_use && dev->frags[i].seqnr ==
+			     IEEE80211_SEQNR ( hdr->seq ) )
+				break;
+		}
+		if ( i == NET80211_NR_CONCURRENT_FRAGS ) {
+			/* Drop non-first not-in-cache fragments */
+			DBGC ( dev, "802.11 %p dropped fragment fc=%04x "
+			       "seq=%04x\n", dev, hdr->fc, hdr->seq );
+			free_iob ( iob );
+			return;
+		}
+
+		dev->frags[i].iob[fragnr] = iob;
+
+		if ( ! ( hdr->fc & IEEE80211_FC_MORE_FRAG ) ) {
+			int j, size = 0;
+			for ( j = 0; j < fragnr; j++ ) {
+				size += iob_len ( dev->frags[i].iob[j] );
+				if ( dev->frags[i].iob[j] == NULL )
+					break;
+			}
+			if ( j == fragnr ) {
+				/* We've got everything */
+				struct io_buffer *niob =
+				    net80211_accum_frags ( dev, i, fragnr,
+							   size );
+				net80211_free_frags ( dev, i );
+				net80211_rx ( dev, niob, signal, 0 );
+			} else {
+				DBGC ( dev, "802.11 %p dropping fragmented "
+				       "packet due to out-of-order arrival, "
+				       "fc=%04x seq=%04x\n", dev, hdr->fc,
+				       hdr->seq );
+				net80211_free_frags ( dev, i );
+			}
+		}
+	}
+}
+
+/**
+ * Handle receipt of 802.11 frame
+ *
+ * @v dev	802.11 device
+ * @v iob	I/O buffer
+ * @v signal	Received signal strength
+ * @v rate	Bitrate at which frame was received, in 100 kbps units
+ *
+ * If the rate or signal is unknown, 0 should be passed.
+ */
+void net80211_rx ( struct net80211_device *dev, struct io_buffer *iob,
+		   int signal, u16 rate )
+{
+	struct ieee80211_frame *hdr = iob->data;
+	u16 type = hdr->fc & IEEE80211_FC_TYPE;
+	if ( ( hdr->fc & IEEE80211_FC_VERSION ) != IEEE80211_THIS_VERSION )
+		goto drop;	/* drop invalid-version packets */
+
+	if ( type == IEEE80211_TYPE_CTRL )
+		goto drop;	/* we don't handle control packets,
+				   the hardware does */
+
+	if ( dev->last_rx_seq == hdr->seq )
+		goto drop;	/* avoid duplicate packet */
+	dev->last_rx_seq = hdr->seq;
+
+	if ( dev->hw->flags & NET80211_HW_RX_HAS_FCS ) {
+		/* discard the FCS */
+		iob_unput ( iob, 4 );
+	}
+
+	/* Only decrypt packets from our BSSID, to avoid spurious errors */
+	if ( ( hdr->fc & IEEE80211_FC_PROTECTED ) &&
+	     ! memcmp ( hdr->addr2, dev->bssid, ETH_ALEN ) ) {
+		/* Decrypt packet; record and drop if it fails */
+		struct io_buffer *niob;
+		struct net80211_crypto *crypto = dev->crypto;
+
+		if ( ! dev->crypto ) {
+			DBGC ( dev, "802.11 %p cannot decrypt packet "
+			       "without a cryptosystem\n", dev );
+			goto drop_crypt;
+		}
+
+		if ( ( hdr->addr1[0] & 1 ) && dev->gcrypto ) {
+			/* Use group decryption if needed */
+			crypto = dev->gcrypto;
+		}
+
+		niob = crypto->decrypt ( crypto, iob );
+		if ( ! niob ) {
+			DBGC ( dev, "802.11 %p decryption error\n", dev );
+			goto drop_crypt;
+		}
+		free_iob ( iob );
+		iob = niob;
+		hdr = iob->data;
+	}
+
+	dev->last_signal = signal;
+
+	/* Fragments go into the frag cache or get dropped. */
+	if ( IEEE80211_FRAG ( hdr->seq ) != 0
+	     || ( hdr->fc & IEEE80211_FC_MORE_FRAG ) ) {
+		net80211_rx_frag ( dev, iob, signal );
+		return;
+	}
+
+	/* Management frames get handled, enqueued, or dropped. */
+	if ( type == IEEE80211_TYPE_MGMT ) {
+		net80211_handle_mgmt ( dev, iob, signal );
+		return;
+	}
+
+	/* Data frames get dropped or sent to the net_device. */
+	if ( ( hdr->fc & IEEE80211_FC_SUBTYPE ) != IEEE80211_STYPE_DATA )
+		goto drop;	/* drop QoS, CFP, or null data packets */
+
+	/* Update rate-control algorithm */
+	if ( dev->rctl )
+		rc80211_update_rx ( dev, hdr->fc & IEEE80211_FC_RETRY, rate );
+
+	/* Pass packet onward */
+	if ( dev->state & NET80211_ASSOCIATED ) {
+		netdev_rx ( dev->netdev, iob );
+		return;
+	}
+
+	/* No association? Drop it. */
+	goto drop;
+
+ drop_crypt:
+	netdev_rx_err ( dev->netdev, NULL, EINVAL_CRYPTO_REQUEST );
+ drop:
+	DBGC2 ( dev, "802.11 %p dropped packet fc=%04x seq=%04x\n", dev,
+		hdr->fc, hdr->seq );
+	free_iob ( iob );
+	return;
+}
+
+/** Indicate an error in receiving a packet
+ *
+ * @v dev	802.11 device
+ * @v iob	I/O buffer with received packet, or NULL
+ * @v rc	Error code
+ *
+ * This logs the error with the wrapping net_device, and frees iob if
+ * it is passed.
+ */
+void net80211_rx_err ( struct net80211_device *dev,
+		       struct io_buffer *iob, int rc )
+{
+	netdev_rx_err ( dev->netdev, iob, rc );
+}
+
+/** Indicate the completed transmission of a packet
+ *
+ * @v dev	802.11 device
+ * @v iob	I/O buffer of transmitted packet
+ * @v retries	Number of times this packet was retransmitted
+ * @v rc	Error code, or 0 for success
+ *
+ * This logs an error with the wrapping net_device if one occurred,
+ * and removes and frees the I/O buffer from its TX queue. The
+ * provided retry information is used to tune our transmission rate.
+ *
+ * If the packet did not need to be retransmitted because it was
+ * properly ACKed the first time, @a retries should be 0.
+ */
+void net80211_tx_complete ( struct net80211_device *dev,
+			    struct io_buffer *iob, int retries, int rc )
+{
+	/* Update rate-control algorithm */
+	if ( dev->rctl )
+		rc80211_update_tx ( dev, retries, rc );
+
+	/* Pass completion onward */
+	netdev_tx_complete_err ( dev->netdev, iob, rc );
+}
+
+/** Common 802.11 errors */
+struct errortab common_wireless_errors[] __errortab = {
+	__einfo_errortab ( EINFO_EINVAL_CRYPTO_REQUEST ),
+	__einfo_errortab ( EINFO_ECONNRESET_UNSPECIFIED ),
+	__einfo_errortab ( EINFO_ECONNRESET_INACTIVITY ),
+	__einfo_errortab ( EINFO_ECONNRESET_4WAY_TIMEOUT ),
+	__einfo_errortab ( EINFO_ECONNRESET_8021X_FAILURE ),
+	__einfo_errortab ( EINFO_ECONNREFUSED_FAILURE ),
+	__einfo_errortab ( EINFO_ECONNREFUSED_ASSOC_DENIED ),
+	__einfo_errortab ( EINFO_ECONNREFUSED_AUTH_ALGO_UNSUPP ),
+};
diff --git a/roms/ipxe/src/net/80211/rc80211.c b/roms/ipxe/src/net/80211/rc80211.c
new file mode 100644
index 00000000..eea3bc90
--- /dev/null
+++ b/roms/ipxe/src/net/80211/rc80211.c
@@ -0,0 +1,372 @@
+/*
+ * Simple 802.11 rate-control algorithm for iPXE.
+ *
+ * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <stdlib.h>
+#include <ipxe/net80211.h>
+
+/**
+ * @file
+ *
+ * Simple 802.11 rate-control algorithm
+ */
+
+/** @page rc80211 Rate control philosophy
+ *
+ * We want to maximize our transmission speed, to the extent that we
+ * can do that without dropping undue numbers of packets. We also
+ * don't want to take up very much code space, so our algorithm has to
+ * be pretty simple
+ *
+ * When we receive a packet, we know what rate it was transmitted at,
+ * and whether it had to be retransmitted to get to us.
+ *
+ * When we send a packet, we hear back how many times it had to be
+ * retried to get through, and whether it got through at all.
+ *
+ * Indications of TX success are more reliable than RX success, but RX
+ * information helps us know where to start.
+ *
+ * To handle all of this, we keep for each rate and each direction (TX
+ * and RX separately) some state information for the most recent
+ * packets on that rate and the number of packets for which we have
+ * information. The state is a 32-bit unsigned integer in which two
+ * bits represent a packet: 11 if it went through well, 10 if it went
+ * through with one retry, 01 if it went through with more than one
+ * retry, or 00 if it didn't go through at all. We define the
+ * "goodness" for a particular (rate, direction) combination as the
+ * sum of all the 2-bit fields, times 33, divided by the number of
+ * 2-bit fields containing valid information (16 except when we're
+ * starting out). The number produced is between 0 and 99; we use -1
+ * for rates with less than 4 RX packets or 1 TX, as an indicator that
+ * we do not have enough information to rely on them.
+ *
+ * In deciding which rates are best, we find the weighted average of
+ * TX and RX goodness, where the weighting is by number of packets
+ * with data and TX packets are worth 4 times as much as RX packets.
+ * The weighted average is called "net goodness" and is also a number
+ * between 0 and 99.  If 3 consecutive packets fail transmission
+ * outright, we automatically ratchet down the rate; otherwise, we
+ * switch to the best rate whenever the current rate's goodness falls
+ * below some threshold, and try increasing our rate when the goodness
+ * is very high.
+ *
+ * This system is optimized for iPXE's style of usage. Because normal
+ * operation always involves receiving something, we'll make our way
+ * to the best rate pretty quickly. We tend to follow the lead of the
+ * sending AP in choosing rates, but we won't use rates for long that
+ * don't work well for us in transmission. We assume iPXE won't be
+ * running for long enough that rate patterns will change much, so we
+ * don't have to keep time counters or the like.  And if this doesn't
+ * work well in practice there are many ways it could be tweaked.
+ *
+ * To avoid staying at 1Mbps for a long time, we don't track any
+ * transmitted packets until we've set our rate based on received
+ * packets.
+ */
+
+/** Two-bit packet status indicator for a packet with no retries */
+#define RC_PKT_OK		0x3
+
+/** Two-bit packet status indicator for a packet with one retry */
+#define RC_PKT_RETRIED_ONCE	0x2
+
+/** Two-bit packet status indicator for a TX packet with multiple retries
+ *
+ * It is not possible to tell whether an RX packet had one or multiple
+ * retries; we rely instead on the fact that failed RX packets won't
+ * get to us at all, so if we receive a lot of RX packets on a certain
+ * rate it must be pretty good.
+ */
+#define RC_PKT_RETRIED_MULTI	0x1
+
+/** Two-bit packet status indicator for a TX packet that was never ACKed
+ *
+ * It is not possible to tell whether an RX packet was setn if it
+ * didn't get through to us, but if we don't see one we won't increase
+ * the goodness for its rate. This asymmetry is part of why TX packets
+ * are weighted much more heavily than RX.
+ */
+#define RC_PKT_FAILED		0x0
+
+/** Number of times to weight TX packets more heavily than RX packets */
+#define RC_TX_FACTOR		4
+
+/** Number of consecutive failed TX packets that cause an automatic rate drop */
+#define RC_TX_EMERG_FAIL	3
+
+/** Minimum net goodness below which we will search for a better rate */
+#define RC_GOODNESS_MIN		85
+
+/** Maximum net goodness above which we will try to increase our rate */
+#define RC_GOODNESS_MAX		95
+
+/** Minimum (num RX + @c RC_TX_FACTOR * num TX) to use a certain rate */
+#define RC_UNCERTAINTY_THRESH	4
+
+/** TX direction */
+#define TX	0
+
+/** RX direction */
+#define RX	1
+
+/** A rate control context */
+struct rc80211_ctx
+{
+	/** Goodness state for each rate, TX and RX */
+	u32 goodness[2][NET80211_MAX_RATES];
+
+	/** Number of packets recorded for each rate */
+	u8 count[2][NET80211_MAX_RATES];
+
+	/** Indication of whether we've set the device rate yet */
+	int started;
+
+	/** Counter of all packets sent and received */
+	int packets;
+};
+
+/**
+ * Initialize rate-control algorithm
+ *
+ * @v dev	802.11 device
+ * @ret ctx	Rate-control context, to be stored in @c dev->rctl
+ */
+struct rc80211_ctx * rc80211_init ( struct net80211_device *dev __unused )
+{
+	struct rc80211_ctx *ret = zalloc ( sizeof ( *ret ) );
+	return ret;
+}
+
+/**
+ * Calculate net goodness for a certain rate
+ *
+ * @v ctx	Rate-control context
+ * @v rate_idx	Index of rate to calculate net goodness for
+ */
+static int rc80211_calc_net_goodness ( struct rc80211_ctx *ctx,
+				       int rate_idx )
+{
+	int sum[2], num[2], dir, pkt;
+
+	for ( dir = 0; dir < 2; dir++ ) {
+		u32 good = ctx->goodness[dir][rate_idx];
+
+		num[dir] = ctx->count[dir][rate_idx];
+		sum[dir] = 0;
+
+		for ( pkt = 0; pkt < num[dir]; pkt++ )
+			sum[dir] += ( good >> ( 2 * pkt ) ) & 0x3;
+	}
+
+	if ( ( num[TX] * RC_TX_FACTOR + num[RX] ) < RC_UNCERTAINTY_THRESH )
+		return -1;
+
+	return ( 33 * ( sum[TX] * RC_TX_FACTOR + sum[RX] ) /
+		      ( num[TX] * RC_TX_FACTOR + num[RX] ) );
+}
+
+/**
+ * Determine the best rate to switch to and return it
+ *
+ * @v dev		802.11 device
+ * @ret rate_idx	Index of the best rate to switch to
+ */
+static int rc80211_pick_best ( struct net80211_device *dev )
+{
+	struct rc80211_ctx *ctx = dev->rctl;
+	int best_net_good = 0, best_rate = -1, i;
+
+	for ( i = 0; i < dev->nr_rates; i++ ) {
+		int net_good = rc80211_calc_net_goodness ( ctx, i );
+
+		if ( net_good > best_net_good ||
+		     ( best_net_good > RC_GOODNESS_MIN &&
+		       net_good > RC_GOODNESS_MIN ) ) {
+			best_net_good = net_good;
+			best_rate = i;
+		}
+	}
+
+	if ( best_rate >= 0 ) {
+		int old_good = rc80211_calc_net_goodness ( ctx, dev->rate );
+		if ( old_good != best_net_good )
+			DBGC ( ctx, "802.11 RC %p switching from goodness "
+			       "%d to %d\n", ctx, old_good, best_net_good );
+
+		ctx->started = 1;
+		return best_rate;
+	}
+
+	return dev->rate;
+}
+
+/**
+ * Set 802.11 device rate
+ *
+ * @v dev	802.11 device
+ * @v rate_idx	Index of rate to switch to
+ *
+ * This is a thin wrapper around net80211_set_rate_idx to insert a
+ * debugging message where appropriate.
+ */
+static inline void rc80211_set_rate ( struct net80211_device *dev,
+				      int rate_idx )
+{
+	DBGC ( dev->rctl, "802.11 RC %p changing rate %d->%d Mbps\n", dev->rctl,
+	       dev->rates[dev->rate] / 10, dev->rates[rate_idx] / 10 );
+
+	net80211_set_rate_idx ( dev, rate_idx );
+}
+
+/**
+ * Check rate-control state and change rate if necessary
+ *
+ * @v dev	802.11 device
+ */
+static void rc80211_maybe_set_new ( struct net80211_device *dev )
+{
+	struct rc80211_ctx *ctx = dev->rctl;
+	int net_good;
+
+	net_good = rc80211_calc_net_goodness ( ctx, dev->rate );
+
+	if ( ! ctx->started ) {
+		rc80211_set_rate ( dev, rc80211_pick_best ( dev ) );
+		return;
+	}
+
+	if ( net_good < 0 )	/* insufficient data */
+		return;
+
+	if ( net_good > RC_GOODNESS_MAX && dev->rate + 1 < dev->nr_rates ) {
+		int higher = rc80211_calc_net_goodness ( ctx, dev->rate + 1 );
+		if ( higher > net_good || higher < 0 )
+			rc80211_set_rate ( dev, dev->rate + 1 );
+		else
+			rc80211_set_rate ( dev, rc80211_pick_best ( dev ) );
+	}
+
+	if ( net_good < RC_GOODNESS_MIN ) {
+		rc80211_set_rate ( dev, rc80211_pick_best ( dev ) );
+	}
+}
+
+/**
+ * Update rate-control state
+ *
+ * @v dev		802.11 device
+ * @v direction		One of the direction constants TX or RX
+ * @v rate_idx		Index of rate at which packet was sent or received
+ * @v retries		Number of times packet was retried before success
+ * @v failed		If nonzero, the packet failed to get through
+ */
+static void rc80211_update ( struct net80211_device *dev, int direction,
+			     int rate_idx, int retries, int failed )
+{
+	struct rc80211_ctx *ctx = dev->rctl;
+	u32 goodness = ctx->goodness[direction][rate_idx];
+
+	if ( ctx->count[direction][rate_idx] < 16 )
+		ctx->count[direction][rate_idx]++;
+
+	goodness <<= 2;
+	if ( failed )
+		goodness |= RC_PKT_FAILED;
+	else if ( retries > 1 )
+		goodness |= RC_PKT_RETRIED_MULTI;
+	else if ( retries )
+		goodness |= RC_PKT_RETRIED_ONCE;
+	else
+		goodness |= RC_PKT_OK;
+
+	ctx->goodness[direction][rate_idx] = goodness;
+
+	ctx->packets++;
+
+	rc80211_maybe_set_new ( dev );
+}
+
+/**
+ * Update rate-control state for transmitted packet
+ *
+ * @v dev	802.11 device
+ * @v retries	Number of times packet was transmitted before success
+ * @v rc	Return status code for transmission
+ */
+void rc80211_update_tx ( struct net80211_device *dev, int retries, int rc )
+{
+	struct rc80211_ctx *ctx = dev->rctl;
+
+	if ( ! ctx->started )
+		return;
+
+	rc80211_update ( dev, TX, dev->rate, retries, rc );
+
+	/* Check if the last RC_TX_EMERG_FAIL packets have all failed */
+	if ( ! ( ctx->goodness[TX][dev->rate] &
+		 ( ( 1 << ( 2 * RC_TX_EMERG_FAIL ) ) - 1 ) ) ) {
+		if ( dev->rate == 0 )
+			DBGC ( dev->rctl, "802.11 RC %p saw %d consecutive "
+			       "failed TX, but cannot lower rate any further\n",
+			       dev->rctl, RC_TX_EMERG_FAIL );
+		else {
+			DBGC ( dev->rctl, "802.11 RC %p lowering rate (%d->%d "
+			       "Mbps) due to %d consecutive TX failures\n",
+			       dev->rctl, dev->rates[dev->rate] / 10,
+			       dev->rates[dev->rate - 1] / 10,
+			       RC_TX_EMERG_FAIL );
+
+			rc80211_set_rate ( dev, dev->rate - 1 );
+		}
+	}
+}
+
+/**
+ * Update rate-control state for received packet
+ *
+ * @v dev	802.11 device
+ * @v retry	Whether the received packet had been retransmitted
+ * @v rate	Rate at which packet was received, in 100 kbps units
+ */
+void rc80211_update_rx ( struct net80211_device *dev, int retry, u16 rate )
+{
+	int ridx;
+
+	for ( ridx = 0; ridx < dev->nr_rates && dev->rates[ridx] != rate;
+	      ridx++ )
+		;
+	if ( ridx >= dev->nr_rates )
+		return;		/* couldn't find the rate */
+
+	rc80211_update ( dev, RX, ridx, retry, 0 );
+}
+
+/**
+ * Free rate-control context
+ *
+ * @v ctx	Rate-control context
+ */
+void rc80211_free ( struct rc80211_ctx *ctx )
+{
+	free ( ctx );
+}
diff --git a/roms/ipxe/src/net/80211/sec80211.c b/roms/ipxe/src/net/80211/sec80211.c
new file mode 100644
index 00000000..d1bc75e9
--- /dev/null
+++ b/roms/ipxe/src/net/80211/sec80211.c
@@ -0,0 +1,518 @@
+/*
+ * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <ipxe/ieee80211.h>
+#include <ipxe/net80211.h>
+#include <ipxe/sec80211.h>
+
+/** @file
+ *
+ * General secured-network routines required whenever any secure
+ * network support at all is compiled in. This involves things like
+ * installing keys, determining the type of security used by a probed
+ * network, and some small helper functions that take advantage of
+ * static data in this file.
+ */
+
+/* Unsupported cryptosystem error numbers */
+#define ENOTSUP_WEP __einfo_error ( EINFO_ENOTSUP_WEP )
+#define EINFO_ENOTSUP_WEP __einfo_uniqify ( EINFO_ENOTSUP, \
+	( 0x10 | NET80211_CRYPT_WEP ), "WEP not supported" )
+#define ENOTSUP_TKIP __einfo_error ( EINFO_ENOTSUP_TKIP )
+#define EINFO_ENOTSUP_TKIP __einfo_uniqify ( EINFO_ENOTSUP, \
+	( 0x10 | NET80211_CRYPT_TKIP ), "TKIP not supported" )
+#define ENOTSUP_CCMP __einfo_error ( EINFO_ENOTSUP_CCMP )
+#define EINFO_ENOTSUP_CCMP __einfo_uniqify ( EINFO_ENOTSUP, \
+	( 0x10 | NET80211_CRYPT_CCMP ), "CCMP not supported" )
+#define ENOTSUP_CRYPT( crypt )			   \
+	EUNIQ ( EINFO_ENOTSUP, ( 0x10 | (crypt) ), \
+		ENOTSUP_WEP, ENOTSUP_TKIP, ENOTSUP_CCMP )
+
+/** Mapping from net80211 crypto/secprot types to RSN OUI descriptors */
+struct descriptor_map {
+	/** Value of net80211_crypto_alg or net80211_security_proto */
+	u32 net80211_type;
+
+	/** OUI+type in appropriate byte order, masked to exclude vendor */
+	u32 oui_type;
+};
+
+/** Magic number in @a oui_type showing end of list */
+#define END_MAGIC	0xFFFFFFFF
+
+/** Mapping between net80211 cryptosystems and 802.11i cipher IDs */
+static struct descriptor_map rsn_cipher_map[] = {
+	{ .net80211_type = NET80211_CRYPT_WEP,
+	  .oui_type = IEEE80211_RSN_CTYPE_WEP40 },
+
+	{ .net80211_type = NET80211_CRYPT_WEP,
+	  .oui_type = IEEE80211_RSN_CTYPE_WEP104 },
+
+	{ .net80211_type = NET80211_CRYPT_TKIP,
+	  .oui_type = IEEE80211_RSN_CTYPE_TKIP },
+
+	{ .net80211_type = NET80211_CRYPT_CCMP,
+	  .oui_type = IEEE80211_RSN_CTYPE_CCMP },
+
+	{ .net80211_type = NET80211_CRYPT_UNKNOWN,
+	  .oui_type = END_MAGIC },
+};
+
+/** Mapping between net80211 handshakers and 802.11i AKM IDs */
+static struct descriptor_map rsn_akm_map[] = {
+	{ .net80211_type = NET80211_SECPROT_EAP,
+	  .oui_type = IEEE80211_RSN_ATYPE_8021X },
+
+	{ .net80211_type = NET80211_SECPROT_PSK,
+	  .oui_type = IEEE80211_RSN_ATYPE_PSK },
+
+	{ .net80211_type = NET80211_SECPROT_UNKNOWN,
+	  .oui_type = END_MAGIC },
+};
+
+
+/**
+ * Install 802.11 cryptosystem
+ *
+ * @v which	Pointer to the cryptosystem structure to install in
+ * @v crypt	Cryptosystem ID number
+ * @v key	Encryption key to use
+ * @v len	Length of encryption key
+ * @v rsc	Initial receive sequence counter, if applicable
+ * @ret rc	Return status code
+ *
+ * The encryption key will not be accessed via the provided pointer
+ * after this function returns, so you may keep it on the stack.
+ *
+ * @a which must point to either @c dev->crypto (for the normal case
+ * of installing a unicast cryptosystem) or @c dev->gcrypto (to
+ * install a cryptosystem that will be used only for decrypting
+ * group-source frames).
+ */
+int sec80211_install ( struct net80211_crypto **which,
+		       enum net80211_crypto_alg crypt,
+		       const void *key, int len, const void *rsc )
+{
+	struct net80211_crypto *crypto = *which;
+	struct net80211_crypto *tbl_crypto;
+
+	/* Remove old crypto if it exists */
+	free ( *which );
+	*which = NULL;
+
+	if ( crypt == NET80211_CRYPT_NONE ) {
+		DBG ( "802.11-Sec not installing null cryptography\n" );
+		return 0;
+	}
+
+	/* Find cryptosystem to use */
+	for_each_table_entry ( tbl_crypto, NET80211_CRYPTOS ) {
+		if ( tbl_crypto->algorithm == crypt ) {
+			crypto = zalloc ( sizeof ( *crypto ) +
+					  tbl_crypto->priv_len );
+			if ( ! crypto ) {
+				DBG ( "802.11-Sec out of memory\n" );
+				return -ENOMEM;
+			}
+
+			memcpy ( crypto, tbl_crypto, sizeof ( *crypto ) );
+			crypto->priv = ( ( void * ) crypto +
+					 sizeof ( *crypto ) );
+			break;
+		}
+	}
+
+	if ( ! crypto ) {
+		DBG ( "802.11-Sec no support for cryptosystem %d\n", crypt );
+		return -ENOTSUP_CRYPT ( crypt );
+	}
+
+	*which = crypto;
+
+	DBG ( "802.11-Sec installing cryptosystem %d as %p with key of "
+	      "length %d\n", crypt, crypto, len );
+
+	return crypto->init ( crypto, key, len, rsc );
+}
+
+
+/**
+ * Determine net80211 crypto or handshaking type value to return for RSN info
+ *
+ * @v rsnp		Pointer to next descriptor count field in RSN IE
+ * @v rsn_end		Pointer to end of RSN IE
+ * @v map		Descriptor map to use
+ * @v tbl_start		Start of linker table to examine for iPXE support
+ * @v tbl_end		End of linker table to examine for iPXE support
+ * @ret rsnp		Updated to point to first byte after descriptors
+ * @ret map_ent		Descriptor map entry of translation to use
+ *
+ * The entries in the linker table must be either net80211_crypto or
+ * net80211_handshaker structures, and @a tbl_stride must be set to
+ * sizeof() the appropriate one.
+ *
+ * This function expects @a rsnp to point at a two-byte descriptor
+ * count followed by a list of four-byte cipher or AKM descriptors; it
+ * will return @c NULL if the input packet is malformed, and otherwise
+ * set @a rsnp to the first byte it has not looked at. It will return
+ * the first cipher in the list that is supported by the current build
+ * of iPXE, or the first of all if none are supported.
+ *
+ * We play rather fast and loose with type checking, because this
+ * function is only called from two well-defined places in the
+ * RSN-checking code. Don't try to use it for anything else.
+ */
+static struct descriptor_map * rsn_pick_desc ( u8 **rsnp, u8 *rsn_end,
+					       struct descriptor_map *map,
+					       void *tbl_start, void *tbl_end )
+{
+	int ndesc;
+	int ok = 0;
+	struct descriptor_map *map_ent, *map_ret = NULL;
+	u8 *rsn = *rsnp;
+	void *tblp;
+	size_t tbl_stride = ( map == rsn_cipher_map ?
+			      sizeof ( struct net80211_crypto ) :
+			      sizeof ( struct net80211_handshaker ) );
+
+	if ( map != rsn_cipher_map && map != rsn_akm_map )
+		return NULL;
+
+	/* Determine which types we support */
+	for ( tblp = tbl_start; tblp < tbl_end; tblp += tbl_stride ) {
+		struct net80211_crypto *crypto = tblp;
+		struct net80211_handshaker *hs = tblp;
+
+		if ( map == rsn_cipher_map )
+			ok |= ( 1 << crypto->algorithm );
+		else
+			ok |= ( 1 << hs->protocol );
+	}
+
+	/* RSN sanity checks */
+	if ( rsn + 2 > rsn_end ) {
+		DBG ( "RSN detect: malformed descriptor count\n" );
+		return NULL;
+	}
+
+	ndesc = *( u16 * ) rsn;
+	rsn += 2;
+
+	if ( ! ndesc ) {
+		DBG ( "RSN detect: no descriptors\n" );
+		return NULL;
+	}
+
+	/* Determine which net80211 crypto types are listed */
+	while ( ndesc-- ) {
+		u32 desc;
+
+		if ( rsn + 4 > rsn_end ) {
+			DBG ( "RSN detect: malformed descriptor (%d left)\n",
+			      ndesc );
+			return NULL;
+		}
+
+		desc = *( u32 * ) rsn;
+		rsn += 4;
+
+		for ( map_ent = map; map_ent->oui_type != END_MAGIC; map_ent++ )
+			if ( map_ent->oui_type == ( desc & OUI_TYPE_MASK ) )
+				break;
+
+		/* Use first cipher as a fallback */
+		if ( ! map_ret )
+			map_ret = map_ent;
+
+		/* Once we find one we support, use it */
+		if ( ok & ( 1 << map_ent->net80211_type ) ) {
+			map_ret = map_ent;
+			break;
+		}
+	}
+
+	if ( ndesc > 0 )
+		rsn += 4 * ndesc;
+
+	*rsnp = rsn;
+	return map_ret;
+}
+
+
+/**
+ * Find the RSN or WPA information element in the provided beacon frame
+ *
+ * @v ie	Pointer to first information element to check
+ * @v ie_end	Pointer to end of information element space
+ * @ret is_rsn	TRUE if returned IE is RSN, FALSE if it's WPA
+ * @ret end	Pointer to byte immediately after last byte of data
+ * @ret data	Pointer to first byte of data (the `version' field)
+ *
+ * If both an RSN and a WPA information element are found, this
+ * function will return the first one seen, which by ordering rules
+ * should always prefer the newer RSN IE.
+ *
+ * If no RSN or WPA infomration element is found, returns @c NULL and
+ * leaves @a is_rsn and @a end in an undefined state.
+ *
+ * This function will not return a pointer to an information element
+ * that states it extends past the tail of the io_buffer, or whose @a
+ * version field is incorrect.
+ */
+u8 * sec80211_find_rsn ( union ieee80211_ie *ie, void *ie_end,
+			 int *is_rsn, u8 **end )
+{
+	u8 *rsn = NULL;
+
+	if ( ! ieee80211_ie_bound ( ie, ie_end ) )
+		return NULL;
+
+	while ( ie ) {
+		if ( ie->id == IEEE80211_IE_VENDOR &&
+		     ie->vendor.oui == IEEE80211_WPA_OUI_VEN ) {
+			DBG ( "RSN detect: old-style WPA IE found\n" );
+			rsn = &ie->vendor.data[0];
+			*end = rsn + ie->len - 4;
+			*is_rsn = 0;
+		} else if ( ie->id == IEEE80211_IE_RSN ) {
+			DBG ( "RSN detect: 802.11i RSN IE found\n" );
+			rsn = ( u8 * ) &ie->rsn.version;
+			*end = rsn + ie->len;
+			*is_rsn = 1;
+		}
+
+		if ( rsn && ( *end > ( u8 * ) ie_end || rsn >= *end ||
+			      *( u16 * ) rsn != IEEE80211_RSN_VERSION ) ) {
+			DBG ( "RSN detect: malformed RSN IE or unknown "
+			      "version, keep trying\n" );
+			rsn = NULL;
+		}
+
+		if ( rsn )
+			break;
+
+		ie = ieee80211_next_ie ( ie, ie_end );
+	}
+
+	if ( ! ie ) {
+		DBG ( "RSN detect: no RSN IE found\n" );
+		return NULL;
+	}
+
+	return rsn;
+}
+
+
+/**
+ * Detect crypto and AKM types from RSN information element
+ *
+ * @v is_rsn	If TRUE, IE is a new-style RSN information element
+ * @v start	Pointer to first byte of @a version field
+ * @v end	Pointer to first byte not in the RSN IE
+ * @ret secprot	Security handshaking protocol used by network
+ * @ret crypt	Cryptosystem used by network
+ * @ret rc	Return status code
+ *
+ * If the IE cannot be parsed, returns an error indication and leaves
+ * @a secprot and @a crypt unchanged.
+ */
+int sec80211_detect_ie ( int is_rsn, u8 *start, u8 *end,
+			 enum net80211_security_proto *secprot,
+			 enum net80211_crypto_alg *crypt )
+{
+	enum net80211_security_proto sp;
+	enum net80211_crypto_alg cr;
+	struct descriptor_map *map;
+	u8 *rsn = start;
+
+	/* Set some defaults */
+	cr = ( is_rsn ? NET80211_CRYPT_CCMP : NET80211_CRYPT_TKIP );
+	sp = NET80211_SECPROT_EAP;
+
+	rsn += 2;		/* version - already checked */
+	rsn += 4;		/* group cipher - we don't use it here */
+
+	if ( rsn >= end )
+		goto done;
+
+	/* Pick crypto algorithm */
+	map = rsn_pick_desc ( &rsn, end, rsn_cipher_map,
+			      table_start ( NET80211_CRYPTOS ),
+			      table_end ( NET80211_CRYPTOS ) );
+	if ( ! map )
+		goto invalid_rsn;
+
+	cr = map->net80211_type;
+
+	if ( rsn >= end )
+		goto done;
+
+	/* Pick handshaking algorithm */
+	map = rsn_pick_desc ( &rsn, end, rsn_akm_map,
+			      table_start ( NET80211_HANDSHAKERS ),
+			      table_end ( NET80211_HANDSHAKERS ) );
+	if ( ! map )
+		goto invalid_rsn;
+
+	sp = map->net80211_type;
+
+ done:
+	DBG ( "RSN detect: OK, crypto type %d, secprot type %d\n", cr, sp );
+	*secprot = sp;
+	*crypt = cr;
+	return 0;
+
+ invalid_rsn:
+	DBG ( "RSN detect: invalid RSN IE\n" );
+	return -EINVAL;
+}
+
+
+/**
+ * Detect the cryptosystem and handshaking protocol used by an 802.11 network
+ *
+ * @v iob	I/O buffer containing beacon frame
+ * @ret secprot	Security handshaking protocol used by network
+ * @ret crypt	Cryptosystem used by network
+ * @ret rc	Return status code
+ *
+ * This function uses weak linkage, as it must be called from generic
+ * contexts but should only be linked in if some encryption is
+ * supported; you must test its address against @c NULL before calling
+ * it. If it does not exist, any network with the PRIVACY bit set in
+ * beacon->capab should be considered unknown.
+ */
+int sec80211_detect ( struct io_buffer *iob,
+		      enum net80211_security_proto *secprot,
+		      enum net80211_crypto_alg *crypt )
+{
+	struct ieee80211_frame *hdr = iob->data;
+	struct ieee80211_beacon *beacon =
+		( struct ieee80211_beacon * ) hdr->data;
+	u8 *rsn, *rsn_end;
+	int is_rsn, rc;
+
+	*crypt = NET80211_CRYPT_UNKNOWN;
+	*secprot = NET80211_SECPROT_UNKNOWN;
+
+	/* Find RSN or WPA IE */
+	if ( ! ( rsn = sec80211_find_rsn ( beacon->info_element, iob->tail,
+					   &is_rsn, &rsn_end ) ) ) {
+		/* No security IE at all; either WEP or no security. */
+		*secprot = NET80211_SECPROT_NONE;
+
+		if ( beacon->capability & IEEE80211_CAPAB_PRIVACY )
+			*crypt = NET80211_CRYPT_WEP;
+		else
+			*crypt = NET80211_CRYPT_NONE;
+
+		return 0;
+	}
+
+	/* Determine type of security */
+	if ( ( rc = sec80211_detect_ie ( is_rsn, rsn, rsn_end, secprot,
+					 crypt ) ) == 0 )
+		return 0;
+
+	/* If we get here, the RSN IE was invalid */
+
+	*crypt = NET80211_CRYPT_UNKNOWN;
+	*secprot = NET80211_SECPROT_UNKNOWN;
+	DBG ( "Failed to handle RSN IE:\n" );
+	DBG_HD ( rsn, rsn_end - rsn );
+	return rc;
+}
+
+
+/**
+ * Determine RSN descriptor for specified net80211 ID
+ *
+ * @v id	net80211 ID value
+ * @v rsnie	Whether to return a new-format (RSN IE) descriptor
+ * @v map	Map to use in translation
+ * @ret desc	RSN descriptor, or 0 on error
+ *
+ * If @a rsnie is false, returns an old-format (WPA vendor IE)
+ * descriptor.
+ */
+static u32 rsn_get_desc ( unsigned id, int rsnie, struct descriptor_map *map )
+{
+	u32 vendor = ( rsnie ? IEEE80211_RSN_OUI : IEEE80211_WPA_OUI );
+
+	for ( ; map->oui_type != END_MAGIC; map++ ) {
+		if ( map->net80211_type == id )
+			return map->oui_type | vendor;
+	}
+
+	return 0;
+}
+
+/**
+ * Determine RSN descriptor for specified net80211 cryptosystem number
+ *
+ * @v crypt	Cryptosystem number
+ * @v rsnie	Whether to return a new-format (RSN IE) descriptor
+ * @ret desc	RSN descriptor
+ *
+ * If @a rsnie is false, returns an old-format (WPA vendor IE)
+ * descriptor.
+ */
+u32 sec80211_rsn_get_crypto_desc ( enum net80211_crypto_alg crypt, int rsnie )
+{
+	return rsn_get_desc ( crypt, rsnie, rsn_cipher_map );
+}
+
+/**
+ * Determine RSN descriptor for specified net80211 handshaker number
+ *
+ * @v secprot	Handshaker number
+ * @v rsnie	Whether to return a new-format (RSN IE) descriptor
+ * @ret desc	RSN descriptor
+ *
+ * If @a rsnie is false, returns an old-format (WPA vendor IE)
+ * descriptor.
+ */
+u32 sec80211_rsn_get_akm_desc ( enum net80211_security_proto secprot,
+				int rsnie )
+{
+	return rsn_get_desc ( secprot, rsnie, rsn_akm_map );
+}
+
+/**
+ * Determine net80211 cryptosystem number from RSN descriptor
+ *
+ * @v desc	RSN descriptor
+ * @ret crypt	net80211 cryptosystem enumeration value
+ */
+enum net80211_crypto_alg sec80211_rsn_get_net80211_crypt ( u32 desc )
+{
+	struct descriptor_map *map = rsn_cipher_map;
+
+	for ( ; map->oui_type != END_MAGIC; map++ ) {
+		if ( map->oui_type == ( desc & OUI_TYPE_MASK ) )
+			break;
+	}
+
+	return map->net80211_type;
+}
diff --git a/roms/ipxe/src/net/80211/wep.c b/roms/ipxe/src/net/80211/wep.c
new file mode 100644
index 00000000..e22ac899
--- /dev/null
+++ b/roms/ipxe/src/net/80211/wep.c
@@ -0,0 +1,304 @@
+/*
+ * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <ipxe/net80211.h>
+#include <ipxe/sec80211.h>
+#include <ipxe/crypto.h>
+#include <ipxe/arc4.h>
+#include <ipxe/crc32.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+/** @file
+ *
+ * The WEP wireless encryption method (insecure!)
+ *
+ * The data field in a WEP-encrypted packet contains a 3-byte
+ * initialisation vector, one-byte Key ID field (only the bottom two
+ * bits are ever used), encrypted data, and a 4-byte encrypted CRC of
+ * the plaintext data, called the ICV. To decrypt it, the IV is
+ * prepended to the shared key and the data stream (including ICV) is
+ * run through the ARC4 stream cipher; if the ICV matches a CRC32
+ * calculated on the plaintext, the packet is valid.
+ *
+ * For efficiency and code-size reasons, this file assumes it is
+ * running on a little-endian machine.
+ */
+
+/** Length of WEP initialisation vector */
+#define WEP_IV_LEN	3
+
+/** Length of WEP key ID byte */
+#define WEP_KID_LEN	1
+
+/** Length of WEP ICV checksum */
+#define WEP_ICV_LEN	4
+
+/** Maximum length of WEP key */
+#define WEP_MAX_KEY	16
+
+/** Amount of data placed before the encrypted bytes */
+#define WEP_HEADER_LEN	4
+
+/** Amount of data placed after the encrypted bytes */
+#define WEP_TRAILER_LEN	4
+
+/** Total WEP overhead bytes */
+#define WEP_OVERHEAD	8
+
+/** Context for WEP encryption and decryption */
+struct wep_ctx
+{
+	/** Encoded WEP key
+	 *
+	 * The actual key bytes are stored beginning at offset 3, to
+	 * leave room for easily inserting the IV before a particular
+	 * operation.
+	 */
+	u8 key[WEP_IV_LEN + WEP_MAX_KEY];
+
+	/** Length of WEP key (not including IV bytes) */
+	int keylen;
+
+	/** ARC4 context */
+	struct arc4_ctx arc4;
+};
+
+/**
+ * Initialize WEP algorithm
+ *
+ * @v crypto	802.11 cryptographic algorithm
+ * @v key	WEP key to use
+ * @v keylen	Length of WEP key
+ * @v rsc	Initial receive sequence counter (unused)
+ * @ret rc	Return status code
+ *
+ * Standard key lengths are 5 and 13 bytes; 16-byte keys are
+ * occasionally supported as an extension to the standard.
+ */
+static int wep_init ( struct net80211_crypto *crypto, const void *key,
+		      int keylen, const void *rsc __unused )
+{
+	struct wep_ctx *ctx = crypto->priv;
+
+	ctx->keylen = ( keylen > WEP_MAX_KEY ? WEP_MAX_KEY : keylen );
+	memcpy ( ctx->key + WEP_IV_LEN, key, ctx->keylen );
+
+	return 0;
+}
+
+/**
+ * Encrypt packet using WEP
+ *
+ * @v crypto	802.11 cryptographic algorithm
+ * @v iob	I/O buffer of plaintext packet
+ * @ret eiob	Newly allocated I/O buffer for encrypted packet, or NULL
+ *
+ * If memory allocation fails, @c NULL is returned.
+ */
+static struct io_buffer * wep_encrypt ( struct net80211_crypto *crypto,
+					struct io_buffer *iob )
+{
+	struct wep_ctx *ctx = crypto->priv;
+	struct io_buffer *eiob;
+	struct ieee80211_frame *hdr;
+	const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
+	int datalen = iob_len ( iob ) - hdrlen;
+	int newlen = hdrlen + datalen + WEP_OVERHEAD;
+	u32 iv, icv;
+
+	eiob = alloc_iob ( newlen );
+	if ( ! eiob )
+		return NULL;
+
+	memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
+	hdr = eiob->data;
+	hdr->fc |= IEEE80211_FC_PROTECTED;
+
+	/* Calculate IV, put it in the header (with key ID byte = 0), and
+	   set it up at the start of the encryption key. */
+	iv = random() & 0xffffff; /* IV in bottom 3 bytes, top byte = KID = 0 */
+	memcpy ( iob_put ( eiob, WEP_HEADER_LEN ), &iv, WEP_HEADER_LEN );
+	memcpy ( ctx->key, &iv, WEP_IV_LEN );
+
+	/* Encrypt the data using RC4 */
+	cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key,
+			ctx->keylen + WEP_IV_LEN );
+	cipher_encrypt ( &arc4_algorithm, &ctx->arc4, iob->data + hdrlen,
+			 iob_put ( eiob, datalen ), datalen );
+
+	/* Add ICV */
+	icv = ~crc32_le ( ~0, iob->data + hdrlen, datalen );
+	cipher_encrypt ( &arc4_algorithm, &ctx->arc4, &icv,
+			 iob_put ( eiob, WEP_ICV_LEN ), WEP_ICV_LEN );
+
+	return eiob;
+}
+
+/**
+ * Decrypt packet using WEP
+ *
+ * @v crypto	802.11 cryptographic algorithm
+ * @v eiob	I/O buffer of encrypted packet
+ * @ret iob	Newly allocated I/O buffer for plaintext packet, or NULL
+ *
+ * If a consistency check for the decryption fails (usually indicating
+ * an invalid key), @c NULL is returned.
+ */
+static struct io_buffer * wep_decrypt ( struct net80211_crypto *crypto,
+					struct io_buffer *eiob )
+{
+	struct wep_ctx *ctx = crypto->priv;
+	struct io_buffer *iob;
+	struct ieee80211_frame *hdr;
+	const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
+	int datalen = iob_len ( eiob ) - hdrlen - WEP_OVERHEAD;
+	int newlen = hdrlen + datalen;
+	u32 iv, icv, crc;
+
+	iob = alloc_iob ( newlen );
+	if ( ! iob )
+		return NULL;
+
+	memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
+	hdr = iob->data;
+	hdr->fc &= ~IEEE80211_FC_PROTECTED;
+
+	/* Strip off IV and use it to initialize cryptosystem */
+	memcpy ( &iv, eiob->data + hdrlen, 4 );
+	iv &= 0xffffff;		/* ignore key ID byte */
+	memcpy ( ctx->key, &iv, WEP_IV_LEN );
+
+	/* Decrypt the data using RC4 */
+	cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key,
+			ctx->keylen + WEP_IV_LEN );
+	cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen +
+			 WEP_HEADER_LEN, iob_put ( iob, datalen ), datalen );
+
+	/* Strip off ICV and verify it */
+	cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen +
+			 WEP_HEADER_LEN + datalen, &icv, WEP_ICV_LEN );
+	crc = ~crc32_le ( ~0, iob->data + hdrlen, datalen );
+	if ( crc != icv ) {
+		DBGC ( crypto, "WEP %p CRC mismatch: expect %08x, get %08x\n",
+		       crypto, icv, crc );
+		free_iob ( iob );
+		return NULL;
+	}
+	return iob;
+}
+
+/** WEP cryptosystem for 802.11 */
+struct net80211_crypto wep_crypto __net80211_crypto = {
+	.algorithm = NET80211_CRYPT_WEP,
+	.init = wep_init,
+	.encrypt = wep_encrypt,
+	.decrypt = wep_decrypt,
+	.priv_len = sizeof ( struct wep_ctx ),
+};
+
+/**
+ * Initialize trivial 802.11 security handshaker
+ *
+ * @v dev	802.11 device
+ * @v ctx	Security handshaker
+ *
+ * This simply fetches a WEP key from netX/key, and if it exists,
+ * installs WEP cryptography on the 802.11 device. No real handshaking
+ * is performed.
+ */
+static int trivial_init ( struct net80211_device *dev )
+{
+	u8 key[WEP_MAX_KEY];	/* support up to 128-bit keys */
+	int len;
+	int rc;
+
+	if ( dev->associating &&
+	     dev->associating->crypto == NET80211_CRYPT_NONE )
+		return 0;	/* no crypto? OK. */
+
+	len = fetch_raw_setting ( netdev_settings ( dev->netdev ),
+				  &net80211_key_setting, key, WEP_MAX_KEY );
+
+	if ( len <= 0 ) {
+		DBGC ( dev, "802.11 %p cannot do WEP without a key\n", dev );
+		return -EACCES;
+	}
+
+	/* Full 128-bit keys are a nonstandard extension, but they're
+	   utterly trivial to support, so we do. */
+	if ( len != 5 && len != 13 && len != 16 ) {
+		DBGC ( dev, "802.11 %p invalid WEP key length %d\n",
+		       dev, len );
+		return -EINVAL;
+	}
+
+	DBGC ( dev, "802.11 %p installing %d-bit WEP\n", dev, len * 8 );
+
+	rc = sec80211_install ( &dev->crypto, NET80211_CRYPT_WEP, key, len,
+				NULL );
+	if ( rc < 0 )
+		return rc;
+
+	return 0;
+}
+
+/**
+ * Check for key change on trivial 802.11 security handshaker
+ *
+ * @v dev	802.11 device
+ * @v ctx	Security handshaker
+ */
+static int trivial_change_key ( struct net80211_device *dev )
+{
+	u8 key[WEP_MAX_KEY];
+	int len;
+	int change = 0;
+
+	/* If going from WEP to clear, or something else to WEP, reassociate. */
+	if ( ! dev->crypto || ( dev->crypto->init != wep_init ) )
+		change ^= 1;
+
+	len = fetch_raw_setting ( netdev_settings ( dev->netdev ),
+				  &net80211_key_setting, key, WEP_MAX_KEY );
+	if ( len <= 0 )
+		change ^= 1;
+
+	/* Changing crypto type => return nonzero to reassociate. */
+	if ( change )
+		return -EINVAL;
+
+	/* Going from no crypto to still no crypto => nothing to do. */
+	if ( len <= 0 )
+		return 0;
+
+	/* Otherwise, reinitialise WEP with new key. */
+	return wep_init ( dev->crypto, key, len, NULL );
+}
+
+/** Trivial 802.11 security handshaker */
+struct net80211_handshaker trivial_handshaker __net80211_handshaker = {
+	.protocol = NET80211_SECPROT_NONE,
+	.init = trivial_init,
+	.change_key = trivial_change_key,
+	.priv_len = 0,
+};
diff --git a/roms/ipxe/src/net/80211/wpa.c b/roms/ipxe/src/net/80211/wpa.c
new file mode 100644
index 00000000..e2c4945f
--- /dev/null
+++ b/roms/ipxe/src/net/80211/wpa.c
@@ -0,0 +1,915 @@
+/*
+ * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <ipxe/net80211.h>
+#include <ipxe/sec80211.h>
+#include <ipxe/wpa.h>
+#include <ipxe/eapol.h>
+#include <ipxe/crypto.h>
+#include <ipxe/arc4.h>
+#include <ipxe/crc32.h>
+#include <ipxe/sha1.h>
+#include <ipxe/hmac.h>
+#include <ipxe/list.h>
+#include <ipxe/ethernet.h>
+#include <ipxe/rbg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <byteswap.h>
+
+/** @file
+ *
+ * Handler for the aspects of WPA handshaking that are independent of
+ * 802.1X/PSK or TKIP/CCMP; this mostly involves the 4-Way Handshake.
+ */
+
+/** List of WPA contexts in active use. */
+struct list_head wpa_contexts = LIST_HEAD_INIT ( wpa_contexts );
+
+
+/**
+ * Return an error code and deauthenticate
+ *
+ * @v ctx	WPA common context
+ * @v rc	Return status code
+ * @ret rc	The passed return status code
+ */
+static int wpa_fail ( struct wpa_common_ctx *ctx, int rc )
+{
+	net80211_deauthenticate ( ctx->dev, rc );
+	return rc;
+}
+
+
+/**
+ * Find a cryptosystem handler structure from a crypto ID
+ *
+ * @v crypt	Cryptosystem ID
+ * @ret crypto	Cryptosystem handler structure
+ *
+ * If support for @a crypt is not compiled in to iPXE, or if @a crypt
+ * is NET80211_CRYPT_UNKNOWN, returns @c NULL.
+ */
+static struct net80211_crypto *
+wpa_find_cryptosystem ( enum net80211_crypto_alg crypt )
+{
+	struct net80211_crypto *crypto;
+
+	for_each_table_entry ( crypto, NET80211_CRYPTOS ) {
+		if ( crypto->algorithm == crypt )
+			return crypto;
+	}
+
+	return NULL;
+}
+
+
+/**
+ * Find WPA key integrity and encryption handler from key version field
+ *
+ * @v ver	Version bits of EAPOL-Key info field
+ * @ret kie	Key integrity and encryption handler
+ */
+struct wpa_kie * wpa_find_kie ( int version )
+{
+	struct wpa_kie *kie;
+
+	for_each_table_entry ( kie, WPA_KIES ) {
+		if ( kie->version == version )
+			return kie;
+	}
+
+	return NULL;
+}
+
+
+/**
+ * Construct RSN or WPA information element
+ *
+ * @v dev	802.11 device
+ * @ret ie_ret	RSN or WPA information element
+ * @ret rc	Return status code
+ *
+ * This function allocates, fills, and returns a RSN or WPA
+ * information element suitable for including in an association
+ * request frame to the network identified by @c dev->associating.
+ * If it is impossible to construct an information element consistent
+ * with iPXE's capabilities that is compatible with that network, or
+ * if none should be sent because that network's beacon included no
+ * security information, returns an error indication and leaves
+ * @a ie_ret unchanged.
+ *
+ * The returned IE will be of the same type (RSN or WPA) as was
+ * included in the beacon for the network it is destined for.
+ */
+int wpa_make_rsn_ie ( struct net80211_device *dev, union ieee80211_ie **ie_ret )
+{
+	u8 *rsn, *rsn_end;
+	int is_rsn;
+	u32 group_cipher;
+	enum net80211_crypto_alg gcrypt;
+	int ie_len;
+	u8 *iep;
+	struct ieee80211_ie_rsn *ie;
+	struct ieee80211_frame *hdr;
+	struct ieee80211_beacon *beacon;
+
+	if ( ! dev->associating ) {
+		DBG ( "WPA: Can't make RSN IE for a non-associating device\n" );
+		return -EINVAL;
+	}
+
+	hdr = dev->associating->beacon->data;
+	beacon = ( struct ieee80211_beacon * ) hdr->data;
+	rsn = sec80211_find_rsn ( beacon->info_element,
+				  dev->associating->beacon->tail, &is_rsn,
+				  &rsn_end );
+	if ( ! rsn ) {
+		DBG ( "WPA: Can't make RSN IE when we didn't get one\n" );
+		return -EINVAL;
+	}
+
+	rsn += 2;		/* skip version */
+	group_cipher = *( u32 * ) rsn;
+	gcrypt = sec80211_rsn_get_net80211_crypt ( group_cipher );
+
+	if ( ! wpa_find_cryptosystem ( gcrypt ) ||
+	     ! wpa_find_cryptosystem ( dev->associating->crypto ) ) {
+		DBG ( "WPA: No support for (GC:%d, PC:%d)\n",
+		      gcrypt, dev->associating->crypto );
+		return -ENOTSUP;
+	}
+
+	/* Everything looks good - make our IE. */
+
+	/* WPA IEs need 4 more bytes for the OUI+type */
+	ie_len = ieee80211_rsn_size ( 1, 1, 0, is_rsn ) + ( 4 * ! is_rsn );
+	iep = malloc ( ie_len );
+	if ( ! iep )
+		return -ENOMEM;
+
+	*ie_ret = ( union ieee80211_ie * ) iep;
+
+	/* Store ID and length bytes. */
+	*iep++ = ( is_rsn ? IEEE80211_IE_RSN : IEEE80211_IE_VENDOR );
+	*iep++ = ie_len - 2;
+
+	/* Store OUI+type for WPA IEs. */
+	if ( ! is_rsn ) {
+		*( u32 * ) iep = IEEE80211_WPA_OUI_VEN;
+		iep += 4;
+	}
+
+	/* If this is a WPA IE, the id and len bytes in the
+	   ieee80211_ie_rsn structure will not be valid, but by doing
+	   the cast we can fill all the other fields much more
+	   readily. */
+
+	ie = ( struct ieee80211_ie_rsn * ) ( iep - 2 );
+	ie->version = IEEE80211_RSN_VERSION;
+	ie->group_cipher = group_cipher;
+	ie->pairwise_count = 1;
+	ie->pairwise_cipher[0] =
+		sec80211_rsn_get_crypto_desc ( dev->associating->crypto,
+					       is_rsn );
+	ie->akm_count = 1;
+	ie->akm_list[0] =
+		sec80211_rsn_get_akm_desc ( dev->associating->handshaking,
+					    is_rsn );
+	if ( is_rsn ) {
+		ie->rsn_capab = 0;
+		ie->pmkid_count = 0;
+	}
+
+	return 0;
+}
+
+
+/**
+ * Set up generic WPA support to handle 4-Way Handshake
+ *
+ * @v dev	802.11 device
+ * @v ctx	WPA common context
+ * @v pmk	Pairwise Master Key to use for session
+ * @v pmk_len	Length of PMK, almost always 32
+ * @ret rc	Return status code
+ */
+int wpa_start ( struct net80211_device *dev, struct wpa_common_ctx *ctx,
+		const void *pmk, size_t pmk_len )
+{
+	struct io_buffer *iob;
+	struct ieee80211_frame *hdr;
+	struct ieee80211_beacon *beacon;
+	u8 *ap_rsn_ie = NULL, *ap_rsn_ie_end;
+
+	if ( ! dev->rsn_ie || ! dev->associating )
+		return -EINVAL;
+
+	ctx->dev = dev;
+	memcpy ( ctx->pmk, pmk, ctx->pmk_len = pmk_len );
+	ctx->state = WPA_READY;
+	ctx->replay = ~0ULL;
+
+	iob = dev->associating->beacon;
+	hdr = iob->data;
+	beacon = ( struct ieee80211_beacon * ) hdr->data;
+	ap_rsn_ie = sec80211_find_rsn ( beacon->info_element, iob->tail,
+					&ctx->ap_rsn_is_rsn, &ap_rsn_ie_end );
+	if ( ap_rsn_ie ) {
+		ctx->ap_rsn_ie = malloc ( ap_rsn_ie_end - ap_rsn_ie );
+		if ( ! ctx->ap_rsn_ie )
+			return -ENOMEM;
+		memcpy ( ctx->ap_rsn_ie, ap_rsn_ie, ap_rsn_ie_end - ap_rsn_ie );
+		ctx->ap_rsn_ie_len = ap_rsn_ie_end - ap_rsn_ie;
+	} else {
+		return -ENOENT;
+	}
+
+	ctx->crypt = dev->associating->crypto;
+	ctx->gcrypt = NET80211_CRYPT_UNKNOWN;
+
+	list_add_tail ( &ctx->list, &wpa_contexts );
+	return 0;
+}
+
+
+/**
+ * Disable handling of received WPA handshake frames
+ *
+ * @v dev	802.11 device
+ */
+void wpa_stop ( struct net80211_device *dev )
+{
+	struct wpa_common_ctx *ctx, *tmp;
+
+	list_for_each_entry_safe ( ctx, tmp, &wpa_contexts, list ) {
+		if ( ctx->dev == dev ) {
+			free ( ctx->ap_rsn_ie );
+			ctx->ap_rsn_ie = NULL;
+			list_del ( &ctx->list );
+		}
+	}
+}
+
+
+/**
+ * Derive pairwise transient key
+ *
+ * @v ctx	WPA common context
+ */
+static void wpa_derive_ptk ( struct wpa_common_ctx *ctx )
+{
+	struct {
+		u8 mac1[ETH_ALEN];
+		u8 mac2[ETH_ALEN];
+		u8 nonce1[WPA_NONCE_LEN];
+		u8 nonce2[WPA_NONCE_LEN];
+	} __attribute__ (( packed )) ptk_data;
+
+	/* The addresses and nonces are stored in numerical order (!) */
+
+	if ( memcmp ( ctx->dev->netdev->ll_addr, ctx->dev->bssid,
+		      ETH_ALEN ) < 0 ) {
+		memcpy ( ptk_data.mac1, ctx->dev->netdev->ll_addr, ETH_ALEN );
+		memcpy ( ptk_data.mac2, ctx->dev->bssid, ETH_ALEN );
+	} else {
+		memcpy ( ptk_data.mac1, ctx->dev->bssid, ETH_ALEN );
+		memcpy ( ptk_data.mac2, ctx->dev->netdev->ll_addr, ETH_ALEN );
+	}
+
+	if ( memcmp ( ctx->Anonce, ctx->Snonce, WPA_NONCE_LEN ) < 0 ) {
+		memcpy ( ptk_data.nonce1, ctx->Anonce, WPA_NONCE_LEN );
+		memcpy ( ptk_data.nonce2, ctx->Snonce, WPA_NONCE_LEN );
+	} else {
+		memcpy ( ptk_data.nonce1, ctx->Snonce, WPA_NONCE_LEN );
+		memcpy ( ptk_data.nonce2, ctx->Anonce, WPA_NONCE_LEN );
+	}
+
+	DBGC2 ( ctx, "WPA %p A1 %s, A2 %s\n", ctx, eth_ntoa ( ptk_data.mac1 ),
+	       eth_ntoa ( ptk_data.mac2 ) );
+	DBGC2 ( ctx, "WPA %p Nonce1, Nonce2:\n", ctx );
+	DBGC2_HD ( ctx, ptk_data.nonce1, WPA_NONCE_LEN );
+	DBGC2_HD ( ctx, ptk_data.nonce2, WPA_NONCE_LEN );
+
+	prf_sha1 ( ctx->pmk, ctx->pmk_len,
+		   "Pairwise key expansion",
+		   &ptk_data, sizeof ( ptk_data ),
+		   &ctx->ptk, sizeof ( ctx->ptk ) );
+
+	DBGC2 ( ctx, "WPA %p PTK:\n", ctx );
+	DBGC2_HD ( ctx, &ctx->ptk, sizeof ( ctx->ptk ) );
+}
+
+
+/**
+ * Install pairwise transient key
+ *
+ * @v ctx	WPA common context
+ * @v len	Key length (16 for CCMP, 32 for TKIP)
+ * @ret rc	Return status code
+ */
+static inline int wpa_install_ptk ( struct wpa_common_ctx *ctx, int len )
+{
+	DBGC ( ctx, "WPA %p: installing %d-byte pairwise transient key\n",
+	       ctx, len );
+	DBGC2_HD ( ctx, &ctx->ptk.tk, len );
+
+	return sec80211_install ( &ctx->dev->crypto, ctx->crypt,
+				  &ctx->ptk.tk, len, NULL );
+}
+
+/**
+ * Install group transient key
+ *
+ * @v ctx	WPA common context
+ * @v len	Key length (16 for CCMP, 32 for TKIP)
+ * @v rsc	Receive sequence counter field in EAPOL-Key packet
+ * @ret rc	Return status code
+ */
+static inline int wpa_install_gtk ( struct wpa_common_ctx *ctx, int len,
+				    const void *rsc )
+{
+	DBGC ( ctx, "WPA %p: installing %d-byte group transient key\n",
+	       ctx, len );
+	DBGC2_HD ( ctx, &ctx->gtk.tk, len );
+
+	return sec80211_install ( &ctx->dev->gcrypto, ctx->gcrypt,
+				  &ctx->gtk.tk, len, rsc );
+}
+
+/**
+ * Search for group transient key, and install it if found
+ *
+ * @v ctx	WPA common context
+ * @v ie	Pointer to first IE in key data field
+ * @v ie_end	Pointer to first byte not in key data field
+ * @v rsc	Receive sequence counter field in EAPOL-Key packet
+ * @ret rc	Return status code
+ */
+static int wpa_maybe_install_gtk ( struct wpa_common_ctx *ctx,
+				   union ieee80211_ie *ie, void *ie_end,
+				   const void *rsc )
+{
+	struct wpa_kde *kde;
+
+	if ( ! ieee80211_ie_bound ( ie, ie_end ) )
+		return -ENOENT;
+
+	while ( ie ) {
+		if ( ie->id == IEEE80211_IE_VENDOR &&
+		     ie->vendor.oui == WPA_KDE_GTK )
+			break;
+
+		ie = ieee80211_next_ie ( ie, ie_end );
+	}
+
+	if ( ! ie )
+		return -ENOENT;
+
+	if ( ie->len - 6u > sizeof ( ctx->gtk.tk ) ) {
+		DBGC ( ctx, "WPA %p: GTK KDE is too long (%d bytes, max %zd)\n",
+		       ctx, ie->len - 4, sizeof ( ctx->gtk.tk ) );
+		return -EINVAL;
+	}
+
+	/* XXX We ignore key ID for now. */
+	kde = ( struct wpa_kde * ) ie;
+	memcpy ( &ctx->gtk.tk, &kde->gtk_encap.gtk, kde->len - 6 );
+
+	return wpa_install_gtk ( ctx, kde->len - 6, rsc );
+}
+
+
+/**
+ * Allocate I/O buffer for construction of outgoing EAPOL-Key frame
+ *
+ * @v kdlen	Maximum number of bytes in the Key Data field
+ * @ret iob	Newly allocated I/O buffer
+ *
+ * The returned buffer will have space reserved for the link-layer and
+ * EAPOL headers, and will have @c iob->tail pointing to the start of
+ * the Key Data field. Thus, it is necessary to use iob_put() in
+ * filling the Key Data.
+ */
+static struct io_buffer * wpa_alloc_frame ( int kdlen )
+{
+	struct io_buffer *ret = alloc_iob ( sizeof ( struct eapol_key_pkt ) +
+					    kdlen + EAPOL_HDR_LEN +
+					    MAX_LL_HEADER_LEN );
+	if ( ! ret )
+		return NULL;
+
+	iob_reserve ( ret, MAX_LL_HEADER_LEN + EAPOL_HDR_LEN );
+	memset ( iob_put ( ret, sizeof ( struct eapol_key_pkt ) ), 0,
+		 sizeof ( struct eapol_key_pkt ) );
+
+	return ret;
+}
+
+
+/**
+ * Send EAPOL-Key packet
+ *
+ * @v iob	I/O buffer, with sufficient headroom for headers
+ * @v dev	802.11 device
+ * @v kie	Key integrity and encryption handler
+ * @v is_rsn	If TRUE, handshake uses new RSN format
+ * @ret rc	Return status code
+ *
+ * If a KIE is specified, the MIC will be filled in before transmission.
+ */
+static int wpa_send_eapol ( struct io_buffer *iob, struct wpa_common_ctx *ctx,
+			    struct wpa_kie *kie )
+{
+	struct eapol_key_pkt *pkt = iob->data;
+	struct eapol_frame *eapol = iob_push ( iob, EAPOL_HDR_LEN );
+
+	pkt->info = htons ( pkt->info );
+	pkt->keysize = htons ( pkt->keysize );
+	pkt->datalen = htons ( pkt->datalen );
+	pkt->replay = cpu_to_be64 ( pkt->replay );
+	eapol->version = EAPOL_THIS_VERSION;
+	eapol->type = EAPOL_TYPE_KEY;
+	eapol->length = htons ( iob->tail - iob->data - sizeof ( *eapol ) );
+
+	memset ( pkt->mic, 0, sizeof ( pkt->mic ) );
+	if ( kie )
+		kie->mic ( &ctx->ptk.kck, eapol, EAPOL_HDR_LEN +
+			   sizeof ( *pkt ) + ntohs ( pkt->datalen ),
+			   pkt->mic );
+
+	return net_tx ( iob, ctx->dev->netdev, &eapol_protocol,
+			ctx->dev->bssid, ctx->dev->netdev->ll_addr );
+}
+
+
+/**
+ * Send second frame in 4-Way Handshake
+ *
+ * @v ctx	WPA common context
+ * @v pkt	First frame, to which this is a reply
+ * @v is_rsn	If TRUE, handshake uses new RSN format
+ * @v kie	Key integrity and encryption handler
+ * @ret rc	Return status code
+ */
+static int wpa_send_2_of_4 ( struct wpa_common_ctx *ctx,
+			     struct eapol_key_pkt *pkt, int is_rsn,
+			     struct wpa_kie *kie )
+{
+	struct io_buffer *iob = wpa_alloc_frame ( ctx->dev->rsn_ie->len + 2 );
+	struct eapol_key_pkt *npkt;
+
+	if ( ! iob )
+		return -ENOMEM;
+
+	npkt = iob->data;
+	memcpy ( npkt, pkt, sizeof ( *pkt ) );
+	npkt->info &= ~EAPOL_KEY_INFO_KEY_ACK;
+	npkt->info |= EAPOL_KEY_INFO_KEY_MIC;
+	if ( is_rsn )
+		npkt->keysize = 0;
+	memcpy ( npkt->nonce, ctx->Snonce, sizeof ( npkt->nonce ) );
+	npkt->datalen = ctx->dev->rsn_ie->len + 2;
+	memcpy ( iob_put ( iob, npkt->datalen ), ctx->dev->rsn_ie,
+		 npkt->datalen );
+
+	DBGC ( ctx, "WPA %p: sending 2/4\n", ctx );
+
+	return wpa_send_eapol ( iob, ctx, kie );
+}
+
+
+/**
+ * Handle receipt of first frame in 4-Way Handshake
+ *
+ * @v ctx	WPA common context
+ * @v pkt	EAPOL-Key packet
+ * @v is_rsn	If TRUE, frame uses new RSN format
+ * @v kie	Key integrity and encryption handler
+ * @ret rc	Return status code
+ */
+static int wpa_handle_1_of_4 ( struct wpa_common_ctx *ctx,
+			       struct eapol_key_pkt *pkt, int is_rsn,
+			       struct wpa_kie *kie )
+{
+	if ( ctx->state == WPA_WAITING )
+		return -EINVAL;
+
+	ctx->state = WPA_WORKING;
+	memcpy ( ctx->Anonce, pkt->nonce, sizeof ( ctx->Anonce ) );
+	if ( ! ctx->have_Snonce ) {
+		rbg_generate ( NULL, 0, 0, ctx->Snonce,
+			       sizeof ( ctx->Snonce ) );
+		ctx->have_Snonce = 1;
+	}
+
+	DBGC ( ctx, "WPA %p: received 1/4, looks OK\n", ctx );
+
+	wpa_derive_ptk ( ctx );
+
+	return wpa_send_2_of_4 ( ctx, pkt, is_rsn, kie );
+}
+
+
+/**
+ * Send fourth frame in 4-Way Handshake, or second in Group Key Handshake
+ *
+ * @v ctx	WPA common context
+ * @v pkt	EAPOL-Key packet for frame to which we're replying
+ * @v is_rsn	If TRUE, frame uses new RSN format
+ * @v kie	Key integrity and encryption handler
+ * @ret rc	Return status code
+ */
+static int wpa_send_final ( struct wpa_common_ctx *ctx,
+			    struct eapol_key_pkt *pkt, int is_rsn,
+			    struct wpa_kie *kie )
+{
+	struct io_buffer *iob = wpa_alloc_frame ( 0 );
+	struct eapol_key_pkt *npkt;
+
+	if ( ! iob )
+		return -ENOMEM;
+
+	npkt = iob->data;
+	memcpy ( npkt, pkt, sizeof ( *pkt ) );
+	npkt->info &= ~( EAPOL_KEY_INFO_KEY_ACK | EAPOL_KEY_INFO_INSTALL |
+			 EAPOL_KEY_INFO_KEY_ENC );
+	if ( is_rsn )
+		npkt->keysize = 0;
+	memset ( npkt->nonce, 0, sizeof ( npkt->nonce ) );
+	memset ( npkt->iv, 0, sizeof ( npkt->iv ) );
+	npkt->datalen = 0;
+
+	if ( npkt->info & EAPOL_KEY_INFO_TYPE )
+		DBGC ( ctx, "WPA %p: sending 4/4\n", ctx );
+	else
+		DBGC ( ctx, "WPA %p: sending 2/2\n", ctx );
+
+	return wpa_send_eapol ( iob, ctx, kie );
+
+}
+
+
+/**
+ * Handle receipt of third frame in 4-Way Handshake
+ *
+ * @v ctx	WPA common context
+ * @v pkt	EAPOL-Key packet
+ * @v is_rsn	If TRUE, frame uses new RSN format
+ * @v kie	Key integrity and encryption handler
+ * @ret rc	Return status code
+ */
+static int wpa_handle_3_of_4 ( struct wpa_common_ctx *ctx,
+			       struct eapol_key_pkt *pkt, int is_rsn,
+			       struct wpa_kie *kie )
+{
+	int rc;
+	u8 *this_rsn, *this_rsn_end;
+	u8 *new_rsn, *new_rsn_end;
+	int this_is_rsn, new_is_rsn;
+
+	if ( ctx->state == WPA_WAITING )
+		return -EINVAL;
+
+	ctx->state = WPA_WORKING;
+
+	/* Check nonce */
+	if ( memcmp ( ctx->Anonce, pkt->nonce, WPA_NONCE_LEN ) != 0 ) {
+		DBGC ( ctx, "WPA %p ALERT: nonce mismatch in 3/4\n", ctx );
+		return wpa_fail ( ctx, -EACCES );
+	}
+
+	/* Check RSN IE */
+	this_rsn = sec80211_find_rsn ( ( union ieee80211_ie * ) pkt->data,
+				       pkt->data + pkt->datalen,
+				       &this_is_rsn, &this_rsn_end );
+	if ( this_rsn )
+		new_rsn = sec80211_find_rsn ( ( union ieee80211_ie * )
+					              this_rsn_end,
+					      pkt->data + pkt->datalen,
+					      &new_is_rsn, &new_rsn_end );
+	else
+		new_rsn = NULL;
+
+	if ( ! ctx->ap_rsn_ie || ! this_rsn ||
+	     ctx->ap_rsn_ie_len != ( this_rsn_end - this_rsn ) ||
+	     ctx->ap_rsn_is_rsn != this_is_rsn ||
+	     memcmp ( ctx->ap_rsn_ie, this_rsn, ctx->ap_rsn_ie_len ) != 0 ) {
+		DBGC ( ctx, "WPA %p ALERT: RSN mismatch in 3/4\n", ctx );
+		DBGC2 ( ctx, "WPA %p RSNs (in 3/4, in beacon):\n", ctx );
+		DBGC2_HD ( ctx, this_rsn, this_rsn_end - this_rsn );
+		DBGC2_HD ( ctx, ctx->ap_rsn_ie, ctx->ap_rsn_ie_len );
+		return wpa_fail ( ctx, -EACCES );
+	}
+
+	/* Don't switch if they just supplied both styles of IE
+	   simultaneously; we need two RSN IEs or two WPA IEs to
+	   switch ciphers. They'll be immediately consecutive because
+	   of ordering guarantees. */
+	if ( new_rsn && this_is_rsn == new_is_rsn ) {
+		struct net80211_wlan *assoc = ctx->dev->associating;
+		DBGC ( ctx, "WPA %p: accommodating bait-and-switch tactics\n",
+		       ctx );
+		DBGC2 ( ctx, "WPA %p RSNs (in 3/4+beacon, new in 3/4):\n",
+			ctx );
+		DBGC2_HD ( ctx, this_rsn, this_rsn_end - this_rsn );
+		DBGC2_HD ( ctx, new_rsn, new_rsn_end - new_rsn );
+
+		if ( ( rc = sec80211_detect_ie ( new_is_rsn, new_rsn,
+						 new_rsn_end,
+						 &assoc->handshaking,
+						 &assoc->crypto ) ) != 0 )
+			DBGC ( ctx, "WPA %p: bait-and-switch invalid, staying "
+			       "with original request\n", ctx );
+	} else {
+		new_rsn = this_rsn;
+		new_is_rsn = this_is_rsn;
+		new_rsn_end = this_rsn_end;
+	}
+
+	/* Grab group cryptosystem ID */
+	ctx->gcrypt = sec80211_rsn_get_net80211_crypt ( *( u32 * )
+							( new_rsn + 2 ) );
+
+	/* Check for a GTK, if info field is encrypted */
+	if ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) {
+		rc = wpa_maybe_install_gtk ( ctx,
+					     ( union ieee80211_ie * ) pkt->data,
+					     pkt->data + pkt->datalen,
+					     pkt->rsc );
+		if ( rc < 0 ) {
+			DBGC ( ctx, "WPA %p did not install GTK in 3/4: %s\n",
+			       ctx, strerror ( rc ) );
+			if ( rc != -ENOENT )
+				return wpa_fail ( ctx, rc );
+		}
+	}
+
+	DBGC ( ctx, "WPA %p: received 3/4, looks OK\n", ctx );
+
+	/* Send final message */
+	rc = wpa_send_final ( ctx, pkt, is_rsn, kie );
+	if ( rc < 0 )
+		return wpa_fail ( ctx, rc );
+
+	/* Install PTK */
+	rc = wpa_install_ptk ( ctx, pkt->keysize );
+	if ( rc < 0 ) {
+		DBGC ( ctx, "WPA %p failed to install PTK: %s\n", ctx,
+		       strerror ( rc ) );
+		return wpa_fail ( ctx, rc );
+	}
+
+	/* Mark us as needing a new Snonce if we rekey */
+	ctx->have_Snonce = 0;
+
+	/* Done! */
+	ctx->state = WPA_SUCCESS;
+	return 0;
+}
+
+
+/**
+ * Handle receipt of first frame in Group Key Handshake
+ *
+ * @v ctx	WPA common context
+ * @v pkt	EAPOL-Key packet
+ * @v is_rsn	If TRUE, frame uses new RSN format
+ * @v kie	Key integrity and encryption handler
+ * @ret rc	Return status code
+ */
+static int wpa_handle_1_of_2 ( struct wpa_common_ctx *ctx,
+			       struct eapol_key_pkt *pkt, int is_rsn,
+			       struct wpa_kie *kie )
+{
+	int rc;
+
+	/*
+	 * WPA and RSN do this completely differently.
+	 *
+	 * The idea of encoding the GTK (or PMKID, or various other
+	 * things) into a KDE that looks like an information element
+	 * is an RSN innovation; old WPA code never encapsulates
+	 * things like that. If it looks like an info element, it
+	 * really is (for the WPA IE check in frames 2/4 and 3/4). The
+	 * "key data encrypted" bit in the info field is also specific
+	 * to RSN.
+	 *
+	 * So from an old WPA host, 3/4 does not contain an
+	 * encapsulated GTK. The first frame of the GK handshake
+	 * contains it, encrypted, but without a KDE wrapper, and with
+	 * the key ID field (which iPXE doesn't use) shoved away in
+	 * the reserved bits in the info field, and the TxRx bit
+	 * stealing the Install bit's spot.
+	 */
+
+	if ( is_rsn && ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) ) {
+		rc = wpa_maybe_install_gtk ( ctx,
+					     ( union ieee80211_ie * ) pkt->data,
+					     pkt->data + pkt->datalen,
+					     pkt->rsc );
+		if ( rc < 0 ) {
+			DBGC ( ctx, "WPA %p: failed to install GTK in 1/2: "
+			       "%s\n", ctx, strerror ( rc ) );
+			return wpa_fail ( ctx, rc );
+		}
+	} else {
+		rc = kie->decrypt ( &ctx->ptk.kek, pkt->iv, pkt->data,
+				    &pkt->datalen );
+		if ( rc < 0 ) {
+			DBGC ( ctx, "WPA %p: failed to decrypt GTK: %s\n",
+			       ctx, strerror ( rc ) );
+			return rc; /* non-fatal */
+		}
+		if ( pkt->datalen > sizeof ( ctx->gtk.tk ) ) {
+			DBGC ( ctx, "WPA %p: too much GTK data (%d > %zd)\n",
+			       ctx, pkt->datalen, sizeof ( ctx->gtk.tk ) );
+			return wpa_fail ( ctx, -EINVAL );
+		}
+
+		memcpy ( &ctx->gtk.tk, pkt->data, pkt->datalen );
+		wpa_install_gtk ( ctx, pkt->datalen, pkt->rsc );
+	}
+
+	DBGC ( ctx, "WPA %p: received 1/2, looks OK\n", ctx );
+
+	return wpa_send_final ( ctx, pkt, is_rsn, kie );
+}
+
+
+/**
+ * Handle receipt of EAPOL-Key frame for WPA
+ *
+ * @v iob	I/O buffer
+ * @v netdev	Network device
+ * @v ll_dest	Link-layer destination address
+ * @v ll_source	Source link-layer address
+ */
+static int eapol_key_rx ( struct io_buffer *iob, struct net_device *netdev,
+			  const void *ll_dest __unused,
+			  const void *ll_source )
+{
+	struct net80211_device *dev = net80211_get ( netdev );
+	struct eapol_key_pkt *pkt = iob->data;
+	int is_rsn, found_ctx;
+	struct wpa_common_ctx *ctx;
+	int rc = 0;
+	struct wpa_kie *kie;
+	u8 their_mic[16], our_mic[16];
+
+	if ( pkt->type != EAPOL_KEY_TYPE_WPA &&
+	     pkt->type != EAPOL_KEY_TYPE_RSN ) {
+		DBG ( "EAPOL-Key: packet not of 802.11 type\n" );
+		rc = -EINVAL;
+		goto drop;
+	}
+
+	is_rsn = ( pkt->type == EAPOL_KEY_TYPE_RSN );
+
+	if ( ! dev ) {
+		DBG ( "EAPOL-Key: packet not from 802.11\n" );
+		rc = -EINVAL;
+		goto drop;
+	}
+
+	if ( memcmp ( dev->bssid, ll_source, ETH_ALEN ) != 0 ) {
+		DBG ( "EAPOL-Key: packet not from associated AP\n" );
+		rc = -EINVAL;
+		goto drop;
+	}
+
+	if ( ! ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_KEY_ACK ) ) {
+		DBG ( "EAPOL-Key: packet sent in wrong direction\n" );
+		rc = -EINVAL;
+		goto drop;
+	}
+
+	found_ctx = 0;
+	list_for_each_entry ( ctx, &wpa_contexts, list ) {
+		if ( ctx->dev == dev ) {
+			found_ctx = 1;
+			break;
+		}
+	}
+
+	if ( ! found_ctx ) {
+		DBG ( "EAPOL-Key: no WPA context to handle packet for %p\n",
+		      dev );
+		rc = -ENOENT;
+		goto drop;
+	}
+
+	if ( ( void * ) ( pkt + 1 ) + ntohs ( pkt->datalen ) > iob->tail ) {
+		DBGC ( ctx, "WPA %p: packet truncated (has %zd extra bytes, "
+		       "states %d)\n", ctx, iob->tail - ( void * ) ( pkt + 1 ),
+		       ntohs ( pkt->datalen ) );
+		rc = -EINVAL;
+		goto drop;
+	}
+
+	/* Get a handle on key integrity/encryption handler */
+	kie = wpa_find_kie ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_VERSION );
+	if ( ! kie ) {
+		DBGC ( ctx, "WPA %p: no support for packet version %d\n", ctx,
+		       ntohs ( pkt->info ) & EAPOL_KEY_INFO_VERSION );
+		rc = wpa_fail ( ctx, -ENOTSUP );
+		goto drop;
+	}
+
+	/* Check MIC */
+	if ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_KEY_MIC ) {
+		memcpy ( their_mic, pkt->mic, sizeof ( pkt->mic ) );
+		memset ( pkt->mic, 0, sizeof ( pkt->mic ) );
+		kie->mic ( &ctx->ptk.kck, ( void * ) pkt - EAPOL_HDR_LEN,
+			   EAPOL_HDR_LEN + sizeof ( *pkt ) +
+			   ntohs ( pkt->datalen ), our_mic );
+		DBGC2 ( ctx, "WPA %p MIC comparison (theirs, ours):\n", ctx );
+		DBGC2_HD ( ctx, their_mic, 16 );
+		DBGC2_HD ( ctx, our_mic, 16 );
+		if ( memcmp ( their_mic, our_mic, sizeof ( pkt->mic ) ) != 0 ) {
+			DBGC ( ctx, "WPA %p: EAPOL MIC failure\n", ctx );
+			goto drop;
+		}
+	}
+
+	/* Fix byte order to local */
+	pkt->info = ntohs ( pkt->info );
+	pkt->keysize = ntohs ( pkt->keysize );
+	pkt->datalen = ntohs ( pkt->datalen );
+	pkt->replay = be64_to_cpu ( pkt->replay );
+
+	/* Check replay counter */
+	if ( ctx->replay != ~0ULL && ctx->replay >= pkt->replay ) {
+		DBGC ( ctx, "WPA %p ALERT: Replay detected! "
+		       "(%08x:%08x >= %08x:%08x)\n", ctx,
+		       ( u32 ) ( ctx->replay >> 32 ), ( u32 ) ctx->replay,
+		       ( u32 ) ( pkt->replay >> 32 ), ( u32 ) pkt->replay );
+		rc = 0;		/* ignore without error */
+		goto drop;
+	}
+	ctx->replay = pkt->replay;
+
+	/* Decrypt key data */
+	if ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) {
+		rc = kie->decrypt ( &ctx->ptk.kek, pkt->iv, pkt->data,
+				    &pkt->datalen );
+		if ( rc < 0 ) {
+			DBGC ( ctx, "WPA %p: failed to decrypt packet: %s\n",
+			       ctx, strerror ( rc ) );
+			goto drop;
+		}
+	}
+
+	/* Hand it off to appropriate handler */
+	switch ( pkt->info & ( EAPOL_KEY_INFO_TYPE |
+			       EAPOL_KEY_INFO_KEY_MIC ) ) {
+	case EAPOL_KEY_TYPE_PTK:
+		rc = wpa_handle_1_of_4 ( ctx, pkt, is_rsn, kie );
+		break;
+
+	case EAPOL_KEY_TYPE_PTK | EAPOL_KEY_INFO_KEY_MIC:
+		rc = wpa_handle_3_of_4 ( ctx, pkt, is_rsn, kie );
+		break;
+
+	case EAPOL_KEY_TYPE_GTK | EAPOL_KEY_INFO_KEY_MIC:
+		rc = wpa_handle_1_of_2 ( ctx, pkt, is_rsn, kie );
+		break;
+
+	default:
+		DBGC ( ctx, "WPA %p: Invalid combination of key flags %04x\n",
+		       ctx, pkt->info );
+		rc = -EINVAL;
+		break;
+	}
+
+ drop:
+	free_iob ( iob );
+	return rc;
+}
+
+struct eapol_handler eapol_key_handler __eapol_handler = {
+	.type = EAPOL_TYPE_KEY,
+	.rx = eapol_key_rx,
+};
+
+/* WPA always needs EAPOL in order to be useful */
+REQUIRE_OBJECT ( eapol );
diff --git a/roms/ipxe/src/net/80211/wpa_ccmp.c b/roms/ipxe/src/net/80211/wpa_ccmp.c
new file mode 100644
index 00000000..f98ebea2
--- /dev/null
+++ b/roms/ipxe/src/net/80211/wpa_ccmp.c
@@ -0,0 +1,530 @@
+/*
+ * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <string.h>
+#include <ipxe/net80211.h>
+#include <ipxe/crypto.h>
+#include <ipxe/hmac.h>
+#include <ipxe/sha1.h>
+#include <ipxe/aes.h>
+#include <ipxe/wpa.h>
+#include <byteswap.h>
+#include <errno.h>
+
+/** @file
+ *
+ * Backend for WPA using the CCMP encryption method
+ */
+
+/** Context for CCMP encryption and decryption */
+struct ccmp_ctx
+{
+	/** AES context - only ever used for encryption */
+	u8 aes_ctx[AES_CTX_SIZE];
+
+	/** Most recently sent packet number */
+	u64 tx_seq;
+
+	/** Most recently received packet number */
+	u64 rx_seq;
+};
+
+/** Header structure at the beginning of CCMP frame data */
+struct ccmp_head
+{
+	u8 pn_lo[2];		/**< Bytes 0 and 1 of packet number */
+	u8 _rsvd;		/**< Reserved byte */
+	u8 kid;			/**< Key ID and ExtIV byte */
+	u8 pn_hi[4];		/**< Bytes 2-5 (2 first) of packet number */
+} __attribute__ (( packed ));
+
+
+/** CCMP header overhead */
+#define CCMP_HEAD_LEN	8
+
+/** CCMP MIC trailer overhead */
+#define CCMP_MIC_LEN	8
+
+/** CCMP nonce length */
+#define CCMP_NONCE_LEN	13
+
+/** CCMP nonce structure */
+struct ccmp_nonce
+{
+	u8 prio;		/**< Packet priority, 0 for non-QoS */
+	u8 a2[ETH_ALEN];	/**< Address 2 from packet header (sender) */
+	u8 pn[6];		/**< Packet number */
+} __attribute__ (( packed ));
+
+/** CCMP additional authentication data length (for non-QoS, non-WDS frames) */
+#define CCMP_AAD_LEN	22
+
+/** CCMP additional authentication data structure */
+struct ccmp_aad
+{
+	u16 fc;			/**< Frame Control field */
+	u8 a1[6];		/**< Address 1 */
+	u8 a2[6];		/**< Address 2 */
+	u8 a3[6];		/**< Address 3 */
+	u16 seq;		/**< Sequence Control field */
+	/* Address 4 and QoS Control are included if present */
+} __attribute__ (( packed ));
+
+/** Mask for Frame Control field in AAD */
+#define CCMP_AAD_FC_MASK	0xC38F
+
+/** Mask for Sequence Control field in AAD */
+#define CCMP_AAD_SEQ_MASK	0x000F
+
+
+/**
+ * Convert 6-byte LSB packet number to 64-bit integer
+ *
+ * @v pn	Pointer to 6-byte packet number
+ * @ret v	64-bit integer value of @a pn
+ */
+static u64 pn_to_u64 ( const u8 *pn )
+{
+	int i;
+	u64 ret = 0;
+
+	for ( i = 5; i >= 0; i-- ) {
+		ret <<= 8;
+		ret |= pn[i];
+	}
+
+	return ret;
+}
+
+/**
+ * Convert 64-bit integer to 6-byte packet number
+ *
+ * @v v		64-bit integer
+ * @v msb	If TRUE, reverse the output PN to be in MSB order
+ * @ret pn	6-byte packet number
+ *
+ * The PN is stored in LSB order in the packet header and in MSB order
+ * in the nonce. WHYYYYY?
+ */
+static void u64_to_pn ( u64 v, u8 *pn, int msb )
+{
+	int i;
+	u8 *pnp = pn + ( msb ? 5 : 0 );
+	int delta = ( msb ? -1 : +1 );
+
+	for ( i = 0; i < 6; i++ ) {
+		*pnp = v & 0xFF;
+		pnp += delta;
+		v >>= 8;
+	}
+}
+
+/** Value for @a msb argument of u64_to_pn() for MSB output */
+#define PN_MSB	1
+
+/** Value for @a msb argument of u64_to_pn() for LSB output */
+#define PN_LSB	0
+
+
+
+/**
+ * Initialise CCMP state and install key
+ *
+ * @v crypto	CCMP cryptosystem structure
+ * @v key	Pointer to 16-byte temporal key to install
+ * @v keylen	Length of key (16 bytes)
+ * @v rsc	Initial receive sequence counter
+ */
+static int ccmp_init ( struct net80211_crypto *crypto, const void *key,
+		       int keylen, const void *rsc )
+{
+	struct ccmp_ctx *ctx = crypto->priv;
+
+	if ( keylen != 16 )
+		return -EINVAL;
+
+	if ( rsc )
+		ctx->rx_seq = pn_to_u64 ( rsc );
+
+	cipher_setkey ( &aes_algorithm, ctx->aes_ctx, key, keylen );
+
+	return 0;
+}
+
+
+/**
+ * Encrypt or decrypt data stream using AES in Counter mode
+ *
+ * @v ctx	CCMP cryptosystem context
+ * @v nonce	Nonce value, 13 bytes
+ * @v srcv	Data to encrypt or decrypt
+ * @v len	Number of bytes pointed to by @a src
+ * @v msrcv	MIC value to encrypt or decrypt (may be NULL)
+ * @ret destv	Encrypted or decrypted data
+ * @ret mdestv	Encrypted or decrypted MIC value
+ *
+ * This assumes CCMP parameters of L=2 and M=8. The algorithm is
+ * defined in RFC 3610.
+ */
+static void ccmp_ctr_xor ( struct ccmp_ctx *ctx, const void *nonce,
+			   const void *srcv, void *destv, int len,
+			   const void *msrcv, void *mdestv )
+{
+	u8 A[16], S[16];
+	u16 ctr;
+	int i;
+	const u8 *src = srcv, *msrc = msrcv;
+	u8 *dest = destv, *mdest = mdestv;
+
+	A[0] = 0x01;		/* flags, L' = L - 1 = 1, other bits rsvd */
+	memcpy ( A + 1, nonce, CCMP_NONCE_LEN );
+
+	if ( msrcv ) {
+		A[14] = A[15] = 0;
+
+		cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, A, S, 16 );
+
+		for ( i = 0; i < 8; i++ ) {
+			*mdest++ = *msrc++ ^ S[i];
+		}
+	}
+
+	for ( ctr = 1 ;; ctr++ ) {
+		A[14] = ctr >> 8;
+		A[15] = ctr & 0xFF;
+
+		cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, A, S, 16 );
+
+		for ( i = 0; i < len && i < 16; i++ )
+			*dest++ = *src++ ^ S[i];
+
+		if ( len <= 16 )
+			break;	/* we're done */
+
+		len -= 16;
+	}
+}
+
+
+/**
+ * Advance one block in CBC-MAC calculation
+ *
+ * @v aes_ctx	AES encryption context with key set
+ * @v B		Cleartext block to incorporate (16 bytes)
+ * @v X		Previous ciphertext block (16 bytes)
+ * @ret B	Clobbered
+ * @ret X	New ciphertext block (16 bytes)
+ *
+ * This function does X := E[key] ( X ^ B ).
+ */
+static void ccmp_feed_cbc_mac ( void *aes_ctx, u8 *B, u8 *X )
+{
+	int i;
+	for ( i = 0; i < 16; i++ )
+		B[i] ^= X[i];
+	cipher_encrypt ( &aes_algorithm, aes_ctx, B, X, 16 );
+}
+
+
+/**
+ * Calculate MIC on plaintext data using CBC-MAC
+ *
+ * @v ctx	CCMP cryptosystem context
+ * @v nonce	Nonce value, 13 bytes
+ * @v data	Data to calculate MIC over
+ * @v datalen	Length of @a data
+ * @v aad	Additional authentication data, for MIC but not encryption
+ * @ret mic	MIC value (unencrypted), 8 bytes
+ *
+ * @a aadlen is assumed to be 22 bytes long, as it always is for
+ * 802.11 use when transmitting non-QoS, not-between-APs frames (the
+ * only type we deal with).
+ */
+static void ccmp_cbc_mac ( struct ccmp_ctx *ctx, const void *nonce,
+			   const void *data, u16 datalen,
+			   const void *aad, void *mic )
+{
+	u8 X[16], B[16];
+
+	/* Zeroth block: flags, nonce, length */
+
+	/* Rsv AAD - M'-  - L'-
+	 *  0   1  0 1 1  0 0 1   for an 8-byte MAC and 2-byte message length
+	 */
+	B[0] = 0x59;
+	memcpy ( B + 1, nonce, CCMP_NONCE_LEN );
+	B[14] = datalen >> 8;
+	B[15] = datalen & 0xFF;
+
+	cipher_encrypt ( &aes_algorithm, ctx->aes_ctx, B, X, 16 );
+
+	/* First block: AAD length field and 14 bytes of AAD */
+	B[0] = 0;
+	B[1] = CCMP_AAD_LEN;
+	memcpy ( B + 2, aad, 14 );
+
+	ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
+
+	/* Second block: Remaining 8 bytes of AAD, 8 bytes zero pad */
+	memcpy ( B, aad + 14, 8 );
+	memset ( B + 8, 0, 8 );
+
+	ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
+
+	/* Message blocks */
+	while ( datalen ) {
+		if ( datalen >= 16 ) {
+			memcpy ( B, data, 16 );
+			datalen -= 16;
+		} else {
+			memcpy ( B, data, datalen );
+			memset ( B + datalen, 0, 16 - datalen );
+			datalen = 0;
+		}
+
+		ccmp_feed_cbc_mac ( ctx->aes_ctx, B, X );
+
+		data += 16;
+	}
+
+	/* Get MIC from final value of X */
+	memcpy ( mic, X, 8 );
+}
+
+
+/**
+ * Encapsulate and encrypt a packet using CCMP
+ *
+ * @v crypto	CCMP cryptosystem
+ * @v iob	I/O buffer containing cleartext packet
+ * @ret eiob	I/O buffer containing encrypted packet
+ */
+struct io_buffer * ccmp_encrypt ( struct net80211_crypto *crypto,
+				  struct io_buffer *iob )
+{
+	struct ccmp_ctx *ctx = crypto->priv;
+	struct ieee80211_frame *hdr = iob->data;
+	struct io_buffer *eiob;
+	const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
+	int datalen = iob_len ( iob ) - hdrlen;
+	struct ccmp_head head;
+	struct ccmp_nonce nonce;
+	struct ccmp_aad aad;
+	u8 mic[8], tx_pn[6];
+	void *edata, *emic;
+
+	ctx->tx_seq++;
+	u64_to_pn ( ctx->tx_seq, tx_pn, PN_LSB );
+
+	/* Allocate memory */
+	eiob = alloc_iob ( iob_len ( iob ) + CCMP_HEAD_LEN + CCMP_MIC_LEN );
+	if ( ! eiob )
+		return NULL;
+
+	/* Copy frame header */
+	memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
+	hdr = eiob->data;
+	hdr->fc |= IEEE80211_FC_PROTECTED;
+
+	/* Fill in packet number and extended IV */
+	memcpy ( head.pn_lo, tx_pn, 2 );
+	memcpy ( head.pn_hi, tx_pn + 2, 4 );
+	head.kid = 0x20;	/* have Extended IV, key ID 0 */
+	head._rsvd = 0;
+	memcpy ( iob_put ( eiob, sizeof ( head ) ), &head, sizeof ( head ) );
+
+	/* Form nonce */
+	nonce.prio = 0;
+	memcpy ( nonce.a2, hdr->addr2, ETH_ALEN );
+	u64_to_pn ( ctx->tx_seq, nonce.pn, PN_MSB );
+
+	/* Form additional authentication data */
+	aad.fc = hdr->fc & CCMP_AAD_FC_MASK;
+	memcpy ( aad.a1, hdr->addr1, 3 * ETH_ALEN ); /* all 3 at once */
+	aad.seq = hdr->seq & CCMP_AAD_SEQ_MASK;
+
+	/* Calculate MIC over the data */
+	ccmp_cbc_mac ( ctx, &nonce, iob->data + hdrlen, datalen, &aad, mic );
+
+	/* Copy and encrypt data and MIC */
+	edata = iob_put ( eiob, datalen );
+	emic = iob_put ( eiob, CCMP_MIC_LEN );
+	ccmp_ctr_xor ( ctx, &nonce,
+		       iob->data + hdrlen, edata, datalen,
+		       mic, emic );
+
+	/* Done! */
+	DBGC2 ( ctx, "WPA-CCMP %p: encrypted packet %p -> %p\n", ctx,
+		iob, eiob );
+
+	return eiob;
+}
+
+/**
+ * Decrypt a packet using CCMP
+ *
+ * @v crypto	CCMP cryptosystem
+ * @v eiob	I/O buffer containing encrypted packet
+ * @ret iob	I/O buffer containing cleartext packet
+ */
+static struct io_buffer * ccmp_decrypt ( struct net80211_crypto *crypto,
+					 struct io_buffer *eiob )
+{
+	struct ccmp_ctx *ctx = crypto->priv;
+	struct ieee80211_frame *hdr;
+	struct io_buffer *iob;
+	const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
+	int datalen = iob_len ( eiob ) - hdrlen - CCMP_HEAD_LEN - CCMP_MIC_LEN;
+	struct ccmp_head *head;
+	struct ccmp_nonce nonce;
+	struct ccmp_aad aad;
+	u8 rx_pn[6], their_mic[8], our_mic[8];
+
+	iob = alloc_iob ( hdrlen + datalen );
+	if ( ! iob )
+		return NULL;
+
+	/* Copy frame header */
+	memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
+	hdr = iob->data;
+	hdr->fc &= ~IEEE80211_FC_PROTECTED;
+
+	/* Check and update RX packet number */
+	head = eiob->data + hdrlen;
+	memcpy ( rx_pn, head->pn_lo, 2 );
+	memcpy ( rx_pn + 2, head->pn_hi, 4 );
+
+	if ( pn_to_u64 ( rx_pn ) <= ctx->rx_seq ) {
+		DBGC ( ctx, "WPA-CCMP %p: packet received out of order "
+		       "(%012llx <= %012llx)\n", ctx, pn_to_u64 ( rx_pn ),
+		       ctx->rx_seq );
+		free_iob ( iob );
+		return NULL;
+	}
+
+	ctx->rx_seq = pn_to_u64 ( rx_pn );
+	DBGC2 ( ctx, "WPA-CCMP %p: RX packet number %012llx\n", ctx, ctx->rx_seq );
+
+	/* Form nonce */
+	nonce.prio = 0;
+	memcpy ( nonce.a2, hdr->addr2, ETH_ALEN );
+	u64_to_pn ( ctx->rx_seq, nonce.pn, PN_MSB );
+
+	/* Form additional authentication data */
+	aad.fc = ( hdr->fc & CCMP_AAD_FC_MASK ) | IEEE80211_FC_PROTECTED;
+	memcpy ( aad.a1, hdr->addr1, 3 * ETH_ALEN ); /* all 3 at once */
+	aad.seq = hdr->seq & CCMP_AAD_SEQ_MASK;
+
+	/* Copy-decrypt data and MIC */
+	ccmp_ctr_xor ( ctx, &nonce, eiob->data + hdrlen + sizeof ( *head ),
+		       iob_put ( iob, datalen ), datalen,
+		       eiob->tail - CCMP_MIC_LEN, their_mic );
+
+	/* Check MIC */
+	ccmp_cbc_mac ( ctx, &nonce, iob->data + hdrlen, datalen, &aad,
+		       our_mic );
+
+	if ( memcmp ( their_mic, our_mic, CCMP_MIC_LEN ) != 0 ) {
+		DBGC2 ( ctx, "WPA-CCMP %p: MIC failure\n", ctx );
+		free_iob ( iob );
+		return NULL;
+	}
+
+	DBGC2 ( ctx, "WPA-CCMP %p: decrypted packet %p -> %p\n", ctx,
+		eiob, iob );
+
+	return iob;
+}
+
+
+/** CCMP cryptosystem */
+struct net80211_crypto ccmp_crypto __net80211_crypto = {
+	.algorithm = NET80211_CRYPT_CCMP,
+	.init = ccmp_init,
+	.encrypt = ccmp_encrypt,
+	.decrypt = ccmp_decrypt,
+	.priv_len = sizeof ( struct ccmp_ctx ),
+};
+
+
+
+
+/**
+ * Calculate HMAC-SHA1 MIC for EAPOL-Key frame
+ *
+ * @v kck	Key Confirmation Key, 16 bytes
+ * @v msg	Message to calculate MIC over
+ * @v len	Number of bytes to calculate MIC over
+ * @ret mic	Calculated MIC, 16 bytes long
+ */
+static void ccmp_kie_mic ( const void *kck, const void *msg, size_t len,
+			   void *mic )
+{
+	u8 sha1_ctx[SHA1_CTX_SIZE];
+	u8 kckb[16];
+	u8 hash[SHA1_SIZE];
+	size_t kck_len = 16;
+
+	memcpy ( kckb, kck, kck_len );
+
+	hmac_init ( &sha1_algorithm, sha1_ctx, kckb, &kck_len );
+	hmac_update ( &sha1_algorithm, sha1_ctx, msg, len );
+	hmac_final ( &sha1_algorithm, sha1_ctx, kckb, &kck_len, hash );
+
+	memcpy ( mic, hash, 16 );
+}
+
+/**
+ * Decrypt key data in EAPOL-Key frame
+ *
+ * @v kek	Key Encryption Key, 16 bytes
+ * @v iv	Initialisation vector, 16 bytes (unused)
+ * @v msg	Message to decrypt
+ * @v len	Length of message
+ * @ret msg	Decrypted message in place of original
+ * @ret len	Adjusted downward for 8 bytes of overhead
+ * @ret rc	Return status code
+ *
+ * The returned message may still contain padding of 0xDD followed by
+ * zero or more 0x00 octets. It is impossible to remove the padding
+ * without parsing the IEs in the packet (another design decision that
+ * tends to make one question the 802.11i committee's intelligence...)
+ */
+static int ccmp_kie_decrypt ( const void *kek, const void *iv __unused,
+			      void *msg, u16 *len )
+{
+	if ( *len % 8 != 0 )
+		return -EINVAL;
+
+	if ( aes_unwrap ( kek, msg, msg, *len / 8 - 1 ) != 0 )
+		return -EINVAL;
+
+	*len -= 8;
+
+	return 0;
+}
+
+/** CCMP-style key integrity and encryption handler */
+struct wpa_kie ccmp_kie __wpa_kie = {
+	.version = EAPOL_KEY_VERSION_WPA2,
+	.mic = ccmp_kie_mic,
+	.decrypt = ccmp_kie_decrypt,
+};
diff --git a/roms/ipxe/src/net/80211/wpa_psk.c b/roms/ipxe/src/net/80211/wpa_psk.c
new file mode 100644
index 00000000..71190b13
--- /dev/null
+++ b/roms/ipxe/src/net/80211/wpa_psk.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <string.h>
+#include <ipxe/net80211.h>
+#include <ipxe/sha1.h>
+#include <ipxe/wpa.h>
+#include <errno.h>
+
+/** @file
+ *
+ * Frontend for WPA using a pre-shared key.
+ */
+
+/**
+ * Initialise WPA-PSK state
+ *
+ * @v dev	802.11 device
+ * @ret rc	Return status code
+ */
+static int wpa_psk_init ( struct net80211_device *dev )
+{
+	return wpa_make_rsn_ie ( dev, &dev->rsn_ie );
+}
+
+/**
+ * Start WPA-PSK authentication
+ *
+ * @v dev	802.11 device
+ * @ret rc	Return status code
+ */
+static int wpa_psk_start ( struct net80211_device *dev )
+{
+	char passphrase[64+1];
+	u8 pmk[WPA_PMK_LEN];
+	int len;
+	struct wpa_common_ctx *ctx = dev->handshaker->priv;
+
+	len = fetch_string_setting ( netdev_settings ( dev->netdev ),
+				     &net80211_key_setting, passphrase,
+				     64 + 1 );
+
+	if ( len <= 0 ) {
+		DBGC ( ctx, "WPA-PSK %p: no passphrase provided!\n", ctx );
+		net80211_deauthenticate ( dev, -EACCES );
+		return -EACCES;
+	}
+
+	pbkdf2_sha1 ( passphrase, len, dev->essid, strlen ( dev->essid ),
+		      4096, pmk, WPA_PMK_LEN );
+
+	DBGC ( ctx, "WPA-PSK %p: derived PMK from passphrase `%s':\n", ctx,
+	       passphrase );
+	DBGC_HD ( ctx, pmk, WPA_PMK_LEN );
+
+	return wpa_start ( dev, ctx, pmk, WPA_PMK_LEN );
+}
+
+/**
+ * Step WPA-PSK authentication
+ *
+ * @v dev	802.11 device
+ * @ret rc	Return status code
+ */
+static int wpa_psk_step ( struct net80211_device *dev )
+{
+	struct wpa_common_ctx *ctx = dev->handshaker->priv;
+
+	switch ( ctx->state ) {
+	case WPA_SUCCESS:
+		return 1;
+	case WPA_FAILURE:
+		return -EACCES;
+	default:
+		return 0;
+	}
+}
+
+/**
+ * Do-nothing function; you can't change a WPA key post-authentication
+ *
+ * @v dev	802.11 device
+ * @ret rc	Return status code
+ */
+static int wpa_psk_no_change_key ( struct net80211_device *dev __unused )
+{
+	return 0;
+}
+
+/**
+ * Disable handling of received WPA authentication frames
+ *
+ * @v dev	802.11 device
+ */
+static void wpa_psk_stop ( struct net80211_device *dev )
+{
+	wpa_stop ( dev );
+}
+
+/** WPA-PSK security handshaker */
+struct net80211_handshaker wpa_psk_handshaker __net80211_handshaker = {
+	.protocol = NET80211_SECPROT_PSK,
+	.init = wpa_psk_init,
+	.start = wpa_psk_start,
+	.step = wpa_psk_step,
+	.change_key = wpa_psk_no_change_key,
+	.stop = wpa_psk_stop,
+	.priv_len = sizeof ( struct wpa_common_ctx ),
+};
diff --git a/roms/ipxe/src/net/80211/wpa_tkip.c b/roms/ipxe/src/net/80211/wpa_tkip.c
new file mode 100644
index 00000000..fa3e0763
--- /dev/null
+++ b/roms/ipxe/src/net/80211/wpa_tkip.c
@@ -0,0 +1,588 @@
+/*
+ * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <string.h>
+#include <ipxe/net80211.h>
+#include <ipxe/crypto.h>
+#include <ipxe/hmac.h>
+#include <ipxe/sha1.h>
+#include <ipxe/md5.h>
+#include <ipxe/crc32.h>
+#include <ipxe/arc4.h>
+#include <ipxe/wpa.h>
+#include <byteswap.h>
+#include <errno.h>
+
+/** @file
+ *
+ * Backend for WPA using the TKIP encryption standard.
+ */
+
+/** Context for one direction of TKIP, either encryption or decryption */
+struct tkip_dir_ctx
+{
+	/** High 32 bits of last sequence counter value used */
+	u32 tsc_hi;
+
+	/** Low 32 bits of last sequence counter value used */
+	u16 tsc_lo;
+
+	/** MAC address used to derive TTAK */
+	u8 mac[ETH_ALEN];
+
+	/** If TRUE, TTAK is valid */
+	u16 ttak_ok;
+
+	/** TKIP-mixed transmit address and key, depends on tsc_hi and MAC */
+	u16 ttak[5];
+};
+
+/** Context for TKIP encryption and decryption */
+struct tkip_ctx
+{
+	/** Temporal key to use */
+	struct tkip_tk tk;
+
+	/** State for encryption */
+	struct tkip_dir_ctx enc;
+
+	/** State for decryption */
+	struct tkip_dir_ctx dec;
+};
+
+/** Header structure at the beginning of TKIP frame data */
+struct tkip_head
+{
+	u8 tsc1;		/**< High byte of low 16 bits of TSC */
+	u8 seed1;		/**< Second byte of WEP seed */
+	u8 tsc0;		/**< Low byte of TSC */
+	u8 kid;			/**< Key ID and ExtIV byte */
+	u32 tsc_hi;		/**< High 32 bits of TSC, as an ExtIV */
+} __attribute__ (( packed ));
+
+
+/** TKIP header overhead (IV + KID + ExtIV) */
+#define TKIP_HEAD_LEN	8
+
+/** TKIP trailer overhead (MIC + ICV) [assumes unfragmented] */
+#define TKIP_FOOT_LEN	12
+
+/** TKIP MIC length */
+#define TKIP_MIC_LEN	8
+
+/** TKIP ICV length */
+#define TKIP_ICV_LEN	4
+
+
+/** TKIP S-box */
+static const u16 Sbox[256] = {
+	0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
+	0x6050, 0x0203, 0xCEA9, 0x567D, 0xE719, 0xB562, 0x4DE6, 0xEC9A,
+	0x8F45, 0x1F9D, 0x8940, 0xFA87, 0xEF15, 0xB2EB, 0x8EC9, 0xFB0B,
+	0x41EC, 0xB367, 0x5FFD, 0x45EA, 0x23BF, 0x53F7, 0xE496, 0x9B5B,
+	0x75C2, 0xE11C, 0x3DAE, 0x4C6A, 0x6C5A, 0x7E41, 0xF502, 0x834F,
+	0x685C, 0x51F4, 0xD134, 0xF908, 0xE293, 0xAB73, 0x6253, 0x2A3F,
+	0x080C, 0x9552, 0x4665, 0x9D5E, 0x3028, 0x37A1, 0x0A0F, 0x2FB5,
+	0x0E09, 0x2436, 0x1B9B, 0xDF3D, 0xCD26, 0x4E69, 0x7FCD, 0xEA9F,
+	0x121B, 0x1D9E, 0x5874, 0x342E, 0x362D, 0xDCB2, 0xB4EE, 0x5BFB,
+	0xA4F6, 0x764D, 0xB761, 0x7DCE, 0x527B, 0xDD3E, 0x5E71, 0x1397,
+	0xA6F5, 0xB968, 0x0000, 0xC12C, 0x4060, 0xE31F, 0x79C8, 0xB6ED,
+	0xD4BE, 0x8D46, 0x67D9, 0x724B, 0x94DE, 0x98D4, 0xB0E8, 0x854A,
+	0xBB6B, 0xC52A, 0x4FE5, 0xED16, 0x86C5, 0x9AD7, 0x6655, 0x1194,
+	0x8ACF, 0xE910, 0x0406, 0xFE81, 0xA0F0, 0x7844, 0x25BA, 0x4BE3,
+	0xA2F3, 0x5DFE, 0x80C0, 0x058A, 0x3FAD, 0x21BC, 0x7048, 0xF104,
+	0x63DF, 0x77C1, 0xAF75, 0x4263, 0x2030, 0xE51A, 0xFD0E, 0xBF6D,
+	0x814C, 0x1814, 0x2635, 0xC32F, 0xBEE1, 0x35A2, 0x88CC, 0x2E39,
+	0x9357, 0x55F2, 0xFC82, 0x7A47, 0xC8AC, 0xBAE7, 0x322B, 0xE695,
+	0xC0A0, 0x1998, 0x9ED1, 0xA37F, 0x4466, 0x547E, 0x3BAB, 0x0B83,
+	0x8CCA, 0xC729, 0x6BD3, 0x283C, 0xA779, 0xBCE2, 0x161D, 0xAD76,
+	0xDB3B, 0x6456, 0x744E, 0x141E, 0x92DB, 0x0C0A, 0x486C, 0xB8E4,
+	0x9F5D, 0xBD6E, 0x43EF, 0xC4A6, 0x39A8, 0x31A4, 0xD337, 0xF28B,
+	0xD532, 0x8B43, 0x6E59, 0xDAB7, 0x018C, 0xB164, 0x9CD2, 0x49E0,
+	0xD8B4, 0xACFA, 0xF307, 0xCF25, 0xCAAF, 0xF48E, 0x47E9, 0x1018,
+	0x6FD5, 0xF088, 0x4A6F, 0x5C72, 0x3824, 0x57F1, 0x73C7, 0x9751,
+	0xCB23, 0xA17C, 0xE89C, 0x3E21, 0x96DD, 0x61DC, 0x0D86, 0x0F85,
+	0xE090, 0x7C42, 0x71C4, 0xCCAA, 0x90D8, 0x0605, 0xF701, 0x1C12,
+	0xC2A3, 0x6A5F, 0xAEF9, 0x69D0, 0x1791, 0x9958, 0x3A27, 0x27B9,
+	0xD938, 0xEB13, 0x2BB3, 0x2233, 0xD2BB, 0xA970, 0x0789, 0x33A7,
+	0x2DB6, 0x3C22, 0x1592, 0xC920, 0x8749, 0xAAFF, 0x5078, 0xA57A,
+	0x038F, 0x59F8, 0x0980, 0x1A17, 0x65DA, 0xD731, 0x84C6, 0xD0B8,
+	0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
+};
+
+/**
+ * Perform S-box mapping on a 16-bit value
+ *
+ * @v v		Value to perform S-box mapping on
+ * @ret Sv	S-box mapped value
+ */
+static inline u16 S ( u16 v )
+{
+	return Sbox[v & 0xFF] ^ swap16 ( Sbox[v >> 8] );
+}
+
+/**
+ * Rotate 16-bit value right
+ *
+ * @v v		Value to rotate
+ * @v bits	Number of bits to rotate by
+ * @ret rotv	Rotated value
+ */
+static inline u16 ror16 ( u16 v, int bits )
+{
+	return ( v >> bits ) | ( v << ( 16 - bits ) );
+}
+
+/**
+ * Rotate 32-bit value right
+ *
+ * @v v		Value to rotate
+ * @v bits	Number of bits to rotate by
+ * @ret rotv	Rotated value
+ */
+static inline u32 ror32 ( u32 v, int bits )
+{
+	return ( v >> bits ) | ( v << ( 32 - bits ) );
+}
+
+/**
+ * Rotate 32-bit value left
+ *
+ * @v v		Value to rotate
+ * @v bits	Number of bits to rotate by
+ * @ret rotv	Rotated value
+ */
+static inline u32 rol32 ( u32 v, int bits )
+{
+	return ( v << bits ) | ( v >> ( 32 - bits ) );
+}
+
+
+/**
+ * Initialise TKIP state and install key
+ *
+ * @v crypto	TKIP cryptosystem structure
+ * @v key	Pointer to tkip_tk to install
+ * @v keylen	Length of key (32 bytes)
+ * @v rsc	Initial receive sequence counter
+ */
+static int tkip_init ( struct net80211_crypto *crypto, const void *key,
+		       int keylen, const void *rsc )
+{
+	struct tkip_ctx *ctx = crypto->priv;
+	const u8 *rscb = rsc;
+
+	if ( keylen != sizeof ( ctx->tk ) )
+		return -EINVAL;
+
+	if ( rscb ) {
+		ctx->dec.tsc_lo =   ( rscb[1] <<  8 ) |   rscb[0];
+		ctx->dec.tsc_hi = ( ( rscb[5] << 24 ) | ( rscb[4] << 16 ) |
+				    ( rscb[3] <<  8 ) |   rscb[2] );
+	}
+
+	memcpy ( &ctx->tk, key, sizeof ( ctx->tk ) );
+
+	return 0;
+}
+
+/**
+ * Perform TKIP key mixing, phase 1
+ *
+ * @v dctx	TKIP directional context
+ * @v tk	TKIP temporal key
+ * @v mac	MAC address of transmitter
+ *
+ * This recomputes the TTAK in @a dctx if necessary, and sets
+ * @c dctx->ttak_ok.
+ */
+static void tkip_mix_1 ( struct tkip_dir_ctx *dctx, struct tkip_tk *tk, u8 *mac )
+{
+	int i, j;
+
+	if ( dctx->ttak_ok && ! memcmp ( mac, dctx->mac, ETH_ALEN ) )
+		return;
+
+	memcpy ( dctx->mac, mac, ETH_ALEN );
+
+	dctx->ttak[0] = dctx->tsc_hi & 0xFFFF;
+	dctx->ttak[1] = dctx->tsc_hi >> 16;
+	dctx->ttak[2] = ( mac[1] << 8 ) | mac[0];
+	dctx->ttak[3] = ( mac[3] << 8 ) | mac[2];
+	dctx->ttak[4] = ( mac[5] << 8 ) | mac[4];
+
+	for ( i = 0; i < 8; i++ ) {
+		j = 2 * ( i & 1 );
+
+		dctx->ttak[0] += S ( dctx->ttak[4] ^ ( ( tk->key[1 + j] << 8 ) |
+						         tk->key[0 + j] ) );
+		dctx->ttak[1] += S ( dctx->ttak[0] ^ ( ( tk->key[5 + j] << 8 ) |
+						         tk->key[4 + j] ) );
+		dctx->ttak[2] += S ( dctx->ttak[1] ^ ( ( tk->key[9 + j] << 8 ) |
+						         tk->key[8 + j] ) );
+		dctx->ttak[3] += S ( dctx->ttak[2] ^ ( ( tk->key[13+ j] << 8 ) |
+						         tk->key[12+ j] ) );
+		dctx->ttak[4] += S ( dctx->ttak[3] ^ ( ( tk->key[1 + j] << 8 ) |
+						         tk->key[0 + j] ) ) + i;
+	}
+
+	dctx->ttak_ok = 1;
+}
+
+/**
+ * Perform TKIP key mixing, phase 2
+ *
+ * @v dctx	TKIP directional context
+ * @v tk	TKIP temporal key
+ * @ret key	ARC4 key, 16 bytes long
+ */
+static void tkip_mix_2 ( struct tkip_dir_ctx *dctx, struct tkip_tk *tk,
+			 void *key )
+{
+	u8 *kb = key;
+	u16 ppk[6];
+	int i;
+
+	memcpy ( ppk, dctx->ttak, sizeof ( dctx->ttak ) );
+	ppk[5] = dctx->ttak[4] + dctx->tsc_lo;
+
+	ppk[0] += S ( ppk[5] ^ ( ( tk->key[1] << 8 ) | tk->key[0] ) );
+	ppk[1] += S ( ppk[0] ^ ( ( tk->key[3] << 8 ) | tk->key[2] ) );
+	ppk[2] += S ( ppk[1] ^ ( ( tk->key[5] << 8 ) | tk->key[4] ) );
+	ppk[3] += S ( ppk[2] ^ ( ( tk->key[7] << 8 ) | tk->key[6] ) );
+	ppk[4] += S ( ppk[3] ^ ( ( tk->key[9] << 8 ) | tk->key[8] ) );
+	ppk[5] += S ( ppk[4] ^ ( ( tk->key[11] << 8 ) | tk->key[10] ) );
+
+	ppk[0] += ror16 ( ppk[5] ^ ( ( tk->key[13] << 8 ) | tk->key[12] ), 1 );
+	ppk[1] += ror16 ( ppk[0] ^ ( ( tk->key[15] << 8 ) | tk->key[14] ), 1 );
+	ppk[2] += ror16 ( ppk[1], 1 );
+	ppk[3] += ror16 ( ppk[2], 1 );
+	ppk[4] += ror16 ( ppk[3], 1 );
+	ppk[5] += ror16 ( ppk[4], 1 );
+
+	kb[0] = dctx->tsc_lo >> 8;
+	kb[1] = ( ( dctx->tsc_lo >> 8 ) | 0x20 ) & 0x7F;
+	kb[2] = dctx->tsc_lo & 0xFF;
+	kb[3] = ( ( ppk[5] ^ ( ( tk->key[1] << 8 ) | tk->key[0] ) ) >> 1 )
+		& 0xFF;
+
+	for ( i = 0; i < 6; i++ ) {
+		kb[4 + 2*i] = ppk[i] & 0xFF;
+		kb[5 + 2*i] = ppk[i] >> 8;
+	}
+}
+
+/**
+ * Update Michael message integrity code based on next 32-bit word of data
+ *
+ * @v V		Michael code state (two 32-bit words)
+ * @v word	Next 32-bit word of data
+ */
+static void tkip_feed_michael ( u32 *V, u32 word )
+{
+	V[0] ^= word;
+	V[1] ^= rol32 ( V[0], 17 );
+	V[0] += V[1];
+	V[1] ^= ( ( V[0] & 0xFF00FF00 ) >> 8 ) | ( ( V[0] & 0x00FF00FF ) << 8 );
+	V[0] += V[1];
+	V[1] ^= rol32 ( V[0], 3 );
+	V[0] += V[1];
+	V[1] ^= ror32 ( V[0], 2 );
+	V[0] += V[1];
+}
+
+/**
+ * Calculate Michael message integrity code
+ *
+ * @v key	MIC key to use (8 bytes)
+ * @v da	Destination link-layer address
+ * @v sa	Source link-layer address
+ * @v data	Start of data to calculate over
+ * @v len	Length of header + data
+ * @ret mic	Calculated Michael MIC (8 bytes)
+ */
+static void tkip_michael ( const void *key, const void *da, const void *sa,
+			   const void *data, size_t len, void *mic )
+{
+	u32 V[2];		/* V[0] = "l", V[1] = "r" in 802.11 */
+	union {
+		u8 byte[12];
+		u32 word[3];
+	} cap;
+	const u8 *ptr = data;
+	const u8 *end = ptr + len;
+	int i;
+
+	memcpy ( V, key, sizeof ( V ) );
+	V[0] = le32_to_cpu ( V[0] );
+	V[1] = le32_to_cpu ( V[1] );
+
+	/* Feed in header (we assume non-QoS, so Priority = 0) */
+	memcpy ( &cap.byte[0], da, ETH_ALEN );
+	memcpy ( &cap.byte[6], sa, ETH_ALEN );
+	tkip_feed_michael ( V, le32_to_cpu ( cap.word[0] ) );
+	tkip_feed_michael ( V, le32_to_cpu ( cap.word[1] ) );
+	tkip_feed_michael ( V, le32_to_cpu ( cap.word[2] ) );
+	tkip_feed_michael ( V, 0 );
+
+	/* Feed in data */
+	while ( ptr + 4 <= end ) {
+		tkip_feed_michael ( V, le32_to_cpu ( *( u32 * ) ptr ) );
+		ptr += 4;
+	}
+
+	/* Add unaligned part and padding */
+	for ( i = 0; ptr < end; i++ )
+		cap.byte[i] = *ptr++;
+	cap.byte[i++] = 0x5a;
+	for ( ; i < 8; i++ )
+		cap.byte[i] = 0;
+
+	/* Feed in padding */
+	tkip_feed_michael ( V, le32_to_cpu ( cap.word[0] ) );
+	tkip_feed_michael ( V, le32_to_cpu ( cap.word[1] ) );
+
+	/* Output MIC */
+	V[0] = cpu_to_le32 ( V[0] );
+	V[1] = cpu_to_le32 ( V[1] );
+	memcpy ( mic, V, sizeof ( V ) );
+}
+
+/**
+ * Encrypt a packet using TKIP
+ *
+ * @v crypto	TKIP cryptosystem
+ * @v iob	I/O buffer containing cleartext packet
+ * @ret eiob	I/O buffer containing encrypted packet
+ */
+static struct io_buffer * tkip_encrypt ( struct net80211_crypto *crypto,
+					 struct io_buffer *iob )
+{
+	struct tkip_ctx *ctx = crypto->priv;
+	struct ieee80211_frame *hdr = iob->data;
+	struct io_buffer *eiob;
+	struct arc4_ctx arc4;
+	u8 key[16];
+	struct tkip_head head;
+	u8 mic[8];
+	u32 icv;
+	const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
+	int datalen = iob_len ( iob ) - hdrlen;
+
+	ctx->enc.tsc_lo++;
+	if ( ctx->enc.tsc_lo == 0 ) {
+		ctx->enc.tsc_hi++;
+		ctx->enc.ttak_ok = 0;
+	}
+
+	tkip_mix_1 ( &ctx->enc, &ctx->tk, hdr->addr2 );
+	tkip_mix_2 ( &ctx->enc, &ctx->tk, key );
+
+	eiob = alloc_iob ( iob_len ( iob ) + TKIP_HEAD_LEN + TKIP_FOOT_LEN );
+	if ( ! eiob )
+		return NULL;
+
+	/* Copy frame header */
+	memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
+	hdr = eiob->data;
+	hdr->fc |= IEEE80211_FC_PROTECTED;
+
+	/* Fill in IV and key ID byte, and extended IV */
+	memcpy ( &head, key, 3 );
+	head.kid = 0x20;		/* have Extended IV, key ID 0 */
+	head.tsc_hi = cpu_to_le32 ( ctx->enc.tsc_hi );
+	memcpy ( iob_put ( eiob, sizeof ( head ) ), &head, sizeof ( head ) );
+
+	/* Copy and encrypt the data */
+	cipher_setkey ( &arc4_algorithm, &arc4, key, 16 );
+	cipher_encrypt ( &arc4_algorithm, &arc4, iob->data + hdrlen,
+			 iob_put ( eiob, datalen ), datalen );
+
+	/* Add MIC */
+	hdr = iob->data;
+	tkip_michael ( &ctx->tk.mic.tx, hdr->addr3, hdr->addr2,
+		       iob->data + hdrlen, datalen, mic );
+	cipher_encrypt ( &arc4_algorithm, &arc4, mic,
+			 iob_put ( eiob, sizeof ( mic ) ), sizeof ( mic ) );
+
+	/* Add ICV */
+	icv = crc32_le ( ~0, iob->data + hdrlen, datalen );
+	icv = crc32_le ( icv, mic, sizeof ( mic ) );
+	icv = cpu_to_le32 ( ~icv );
+	cipher_encrypt ( &arc4_algorithm, &arc4, &icv,
+			 iob_put ( eiob, TKIP_ICV_LEN ), TKIP_ICV_LEN );
+
+	DBGC2 ( ctx, "WPA-TKIP %p: encrypted packet %p -> %p\n", ctx,
+		iob, eiob );
+
+	return eiob;
+}
+
+/**
+ * Decrypt a packet using TKIP
+ *
+ * @v crypto	TKIP cryptosystem
+ * @v eiob	I/O buffer containing encrypted packet
+ * @ret iob	I/O buffer containing cleartext packet
+ */
+static struct io_buffer * tkip_decrypt ( struct net80211_crypto *crypto,
+					 struct io_buffer *eiob )
+{
+	struct tkip_ctx *ctx = crypto->priv;
+	struct ieee80211_frame *hdr;
+	struct io_buffer *iob;
+	const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
+	int datalen = iob_len ( eiob ) - hdrlen - TKIP_HEAD_LEN - TKIP_FOOT_LEN;
+	struct tkip_head *head;
+	struct arc4_ctx arc4;
+	u16 rx_tsc_lo;
+	u8 key[16];
+	u8 mic[8];
+	u32 icv, crc;
+
+	iob = alloc_iob ( hdrlen + datalen + TKIP_FOOT_LEN );
+	if ( ! iob )
+		return NULL;
+
+	/* Copy frame header */
+	memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
+	hdr = iob->data;
+	hdr->fc &= ~IEEE80211_FC_PROTECTED;
+
+	/* Check and update TSC */
+	head = eiob->data + hdrlen;
+	rx_tsc_lo = ( head->tsc1 << 8 ) | head->tsc0;
+
+	if ( head->tsc_hi < ctx->dec.tsc_hi ||
+	     ( head->tsc_hi == ctx->dec.tsc_hi &&
+	       rx_tsc_lo <= ctx->dec.tsc_lo ) ) {
+		DBGC ( ctx, "WPA-TKIP %p: packet received out of order "
+		       "(%08x:%04x <= %08x:%04x)\n", ctx, head->tsc_hi,
+		       rx_tsc_lo, ctx->dec.tsc_hi, ctx->dec.tsc_lo );
+		free_iob ( iob );
+		return NULL;
+	}
+	ctx->dec.tsc_lo = rx_tsc_lo;
+	if ( ctx->dec.tsc_hi != head->tsc_hi ) {
+		ctx->dec.ttak_ok = 0;
+		ctx->dec.tsc_hi = head->tsc_hi;
+	}
+
+	/* Calculate key */
+	tkip_mix_1 ( &ctx->dec, &ctx->tk, hdr->addr2 );
+	tkip_mix_2 ( &ctx->dec, &ctx->tk, key );
+
+	/* Copy-decrypt data, MIC, ICV */
+	cipher_setkey ( &arc4_algorithm, &arc4, key, 16 );
+	cipher_decrypt ( &arc4_algorithm, &arc4,
+			 eiob->data + hdrlen + TKIP_HEAD_LEN,
+			 iob_put ( iob, datalen ), datalen + TKIP_FOOT_LEN );
+
+	/* Check ICV */
+	icv = le32_to_cpu ( *( u32 * ) ( iob->tail + TKIP_MIC_LEN ) );
+	crc = ~crc32_le ( ~0, iob->data + hdrlen, datalen + TKIP_MIC_LEN );
+	if ( crc != icv ) {
+		DBGC ( ctx, "WPA-TKIP %p CRC mismatch: expect %08x, get %08x\n",
+		       ctx, icv, crc );
+		free_iob ( iob );
+		return NULL;
+	}
+
+	/* Check MIC */
+	tkip_michael ( &ctx->tk.mic.rx, hdr->addr1, hdr->addr3,
+		       iob->data + hdrlen, datalen, mic );
+	if ( memcmp ( mic, iob->tail, TKIP_MIC_LEN ) != 0 ) {
+		DBGC ( ctx, "WPA-TKIP %p ALERT! MIC failure\n", ctx );
+		/* XXX we should do the countermeasures here */
+		free_iob ( iob );
+		return NULL;
+	}
+
+	DBGC2 ( ctx, "WPA-TKIP %p: decrypted packet %p -> %p\n", ctx,
+		eiob, iob );
+
+	return iob;
+}
+
+/** TKIP cryptosystem */
+struct net80211_crypto tkip_crypto __net80211_crypto = {
+	.algorithm = NET80211_CRYPT_TKIP,
+	.init = tkip_init,
+	.encrypt = tkip_encrypt,
+	.decrypt = tkip_decrypt,
+	.priv_len = sizeof ( struct tkip_ctx ),
+};
+
+
+
+
+/**
+ * Calculate HMAC-MD5 MIC for EAPOL-Key frame
+ *
+ * @v kck	Key Confirmation Key, 16 bytes
+ * @v msg	Message to calculate MIC over
+ * @v len	Number of bytes to calculate MIC over
+ * @ret mic	Calculated MIC, 16 bytes long
+ */
+static void tkip_kie_mic ( const void *kck, const void *msg, size_t len,
+			   void *mic )
+{
+	uint8_t ctx[MD5_CTX_SIZE];
+	u8 kckb[16];
+	size_t kck_len = 16;
+
+	memcpy ( kckb, kck, kck_len );
+
+	hmac_init ( &md5_algorithm, ctx, kckb, &kck_len );
+	hmac_update ( &md5_algorithm, ctx, msg, len );
+	hmac_final ( &md5_algorithm, ctx, kckb, &kck_len, mic );
+}
+
+/**
+ * Decrypt key data in EAPOL-Key frame
+ *
+ * @v kek	Key Encryption Key, 16 bytes
+ * @v iv	Initialisation vector, 16 bytes
+ * @v msg	Message to decrypt
+ * @v len	Length of message
+ * @ret msg	Decrypted message in place of original
+ * @ret len	Unchanged
+ * @ret rc	Always 0 for success
+ */
+static int tkip_kie_decrypt ( const void *kek, const void *iv,
+			      void *msg, u16 *len )
+{
+	u8 key[32];
+	memcpy ( key, iv, 16 );
+	memcpy ( key + 16, kek, 16 );
+
+	arc4_skip ( key, 32, 256, msg, msg, *len );
+
+	return 0;
+}
+
+
+/** TKIP-style key integrity and encryption handler */
+struct wpa_kie tkip_kie __wpa_kie = {
+	.version = EAPOL_KEY_VERSION_WPA,
+	.mic = tkip_kie_mic,
+	.decrypt = tkip_kie_decrypt,
+};