Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / prima / af3e84d21fafbeecbd3a03f0613b28640a293cc1 / . / CORE / MAC / src / pe / lim / limSmeReqUtils.c
blob: 09348ff86dc57cf3639e0de47ebd3356ccd00175 [file] [log] [blame]
Jeff Johnson295189b2012-06-20 16:38:30 -0700[diff] [blame]1/*
Gopichand Nakkala92f07d82013-01-08 21:16:34 -0800[diff] [blame]2 * Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
3 *
4 * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
5 *
6 *
7 * Permission to use, copy, modify, and/or distribute this software for
8 * any purpose with or without fee is hereby granted, provided that the
9 * above copyright notice and this permission notice appear in all
10 * copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
13 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
14 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
15 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
16 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
17 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
18 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
19 * PERFORMANCE OF THIS SOFTWARE.
20 */
21/*
Jeff Johnson32d95a32012-09-10 13:15:23 -0700[diff] [blame]22 * Copyright (c) 2012, The Linux Foundation. All rights reserved.
Jeff Johnson295189b2012-06-20 16:38:30 -0700[diff] [blame]23 *
24 * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
25 *
26 *
27 * Permission to use, copy, modify, and/or distribute this software for
28 * any purpose with or without fee is hereby granted, provided that the
29 * above copyright notice and this permission notice appear in all
30 * copies.
31 *
32 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
33 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
34 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
35 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
36 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
37 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
38 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
39 * PERFORMANCE OF THIS SOFTWARE.
40 */
41
42/*
43 *
44 * Airgo Networks, Inc proprietary. All rights reserved.
45 * This file limSmeReqUtils.cc contains the utility functions
46 * for processing SME request messages.
47 * Author: Chandra Modumudi
48 * Date: 02/11/02
49 * History:-
50 * Date Modified by Modification Information
51 * --------------------------------------------------------------------
52 * 05/26/10 js WPA handling in (Re)Assoc frames
53 *
54 */
55
56#include "wniApi.h"
57#if (WNI_POLARIS_FW_PRODUCT == AP)
58#include "wniCfgAp.h"
59#else
60#include "wniCfgSta.h"
61#endif
62#include "cfgApi.h"
63#include "sirApi.h"
64#include "schApi.h"
65#include "utilsApi.h"
66#include "limTypes.h"
67#include "limUtils.h"
68#include "limAssocUtils.h"
69#include "limSecurityUtils.h"
70#include "limSerDesUtils.h"
71
72
73
74/**
75 * limIsRSNieValidInSmeReqMessage()
76 *
77 *FUNCTION:
78 * This function is called to verify if the RSN IE
79 * received in various SME_REQ messages is valid or not
80 *
81 *LOGIC:
82 * RSN IE validity checks are performed in this function
83 *
84 *ASSUMPTIONS:
85 *
86 *NOTE:
87 *
88 * @param pMac Pointer to Global MAC structure
89 * @param pRSNie Pointer to received RSN IE
90 * @return true when RSN IE is valid, false otherwise
91 */
92
93static tANI_U8
94limIsRSNieValidInSmeReqMessage(tpAniSirGlobal pMac, tpSirRSNie pRSNie)
95{
96 tANI_U8 startPos = 0;
97 tANI_U32 privacy, val;
98 int len;
99
100 if (wlan_cfgGetInt(pMac, WNI_CFG_PRIVACY_ENABLED,
101 &privacy) != eSIR_SUCCESS)
102 {
103 limLog(pMac, LOGP,
104 FL("Unable to retrieve POI from CFG\n"));
105 }
106
107 if (wlan_cfgGetInt(pMac, WNI_CFG_RSN_ENABLED,
108 &val) != eSIR_SUCCESS)
109 {
110 limLog(pMac, LOGP,
111 FL("Unable to retrieve RSN_ENABLED from CFG\n"));
112 }
113
114 if (pRSNie->length && (!privacy || !val))
115 {
116 // Privacy & RSN not enabled in CFG.
117 /**
118 * In order to allow mixed mode for Guest access
119 * allow BSS creation/join with no Privacy capability
120 * yet advertising WPA IE
121 */
122 PELOG1(limLog(pMac, LOG1, FL("RSN ie len %d but PRIVACY %d RSN %d\n"),
123 pRSNie->length, privacy, val);)
124 }
125
126 if (pRSNie->length)
127 {
128 if ((pRSNie->rsnIEdata[0] != DOT11F_EID_RSN) &&
129 (pRSNie->rsnIEdata[0] != DOT11F_EID_WPA)
130#ifdef FEATURE_WLAN_WAPI
131 && (pRSNie->rsnIEdata[0] != DOT11F_EID_WAPI)
132#endif
133 )
134 {
135 limLog(pMac, LOGE, FL("RSN/WPA/WAPI EID %d not [%d || %d]\n"),
136 pRSNie->rsnIEdata[0], DOT11F_EID_RSN,
137 DOT11F_EID_WPA);
138 return false;
139 }
140
141 len = pRSNie->length;
142 startPos = 0;
143 while(len > 0)
144 {
145 // Check validity of RSN IE
146 if (pRSNie->rsnIEdata[startPos] == DOT11F_EID_RSN)
147 {
148 if((pRSNie->rsnIEdata[startPos+1] > DOT11F_IE_RSN_MAX_LEN) ||
149 (pRSNie->rsnIEdata[startPos+1] < DOT11F_IE_RSN_MIN_LEN))
150 {
151 limLog(pMac, LOGE, FL("RSN IE len %d not [%d,%d]\n"),
152 pRSNie->rsnIEdata[startPos+1], DOT11F_IE_RSN_MIN_LEN,
153 DOT11F_IE_RSN_MAX_LEN);
154 return false;
155 }
156 }
157 else if(pRSNie->rsnIEdata[startPos] == DOT11F_EID_WPA)
158 {
159 // Check validity of WPA IE
160 val = sirReadU32((tANI_U8 *) &pRSNie->rsnIEdata[startPos + 2]);
161 if((pRSNie->rsnIEdata[startPos + 1] < DOT11F_IE_WPA_MIN_LEN) ||
162 (pRSNie->rsnIEdata[startPos + 1] > DOT11F_IE_WPA_MAX_LEN) ||
163 (SIR_MAC_WPA_OUI != val))
164 {
165 limLog(pMac, LOGE,
166 FL("WPA IE len %d not [%d,%d] OR data 0x%x not 0x%x\n"),
167 pRSNie->rsnIEdata[startPos+1], DOT11F_IE_WPA_MIN_LEN,
168 DOT11F_IE_WPA_MAX_LEN, val, SIR_MAC_WPA_OUI);
169
170 return false;
171 }
172 }
173#ifdef FEATURE_WLAN_WAPI
174 else if(pRSNie->rsnIEdata[startPos] == DOT11F_EID_WAPI)
175 {
176 if((pRSNie->rsnIEdata[startPos+1] > DOT11F_IE_WAPI_MAX_LEN) ||
177 (pRSNie->rsnIEdata[startPos+1] < DOT11F_IE_WAPI_MIN_LEN))
178 {
179 limLog(pMac, LOGE,
180 FL("WAPI IE len %d not [%d,%d]\n"),
181 pRSNie->rsnIEdata[startPos+1], DOT11F_IE_WAPI_MIN_LEN,
182 DOT11F_IE_WAPI_MAX_LEN);
183
184 return false;
185 }
186 }
187#endif
188 else
189 {
190 //we will never be here, simply for completeness
191 return false;
192 }
193 startPos += 2 + pRSNie->rsnIEdata[startPos+1]; //EID + length field + length
194 len -= startPos;
195 }//while
196
197 }
198
199 return true;
200} /*** end limIsRSNieValidInSmeReqMessage() ***/
201
202/**
203 * limIsAddieValidInSmeReqMessage()
204 *
205 *FUNCTION:
206 * This function is called to verify if the Add IE
207 * received in various SME_REQ messages is valid or not
208 *
209 *LOGIC:
210 * Add IE validity checks are performed on only length
211 *
212 *ASSUMPTIONS:
213 *
214 *NOTE:
215 *
216 * @param pMac Pointer to Global MAC structure
217 * @param pWSCie Pointer to received WSC IE
218 * @return true when WSC IE is valid, false otherwise
219 */
220
221static tANI_U8
222limIsAddieValidInSmeReqMessage(tpAniSirGlobal pMac, tpSirAddie pAddie)
223{
224 int left = pAddie->length;
225 tANI_U8 *ptr = pAddie->addIEdata;
226 tANI_U8 elem_id, elem_len;
227
228 if (left == 0)
229 return true;
230
231 while(left >= 2)
232 {
233 elem_id = ptr[0];
234 elem_len = ptr[1];
235 left -= 2;
236 if(elem_len > left)
237 {
238 limLog( pMac, LOGE,
239 FL("****Invalid Add IEs eid = %d elem_len=%d left=%d*****\n"),
240 elem_id,elem_len,left);
241 return false;
242 }
243
244 left -= elem_len;
245 ptr += (elem_len + 2);
246 }
247 // there shouldn't be any left byte
248
249
250 return true;
251} /*** end limIsAddieValidInSmeReqMessage() ***/
252
253#ifdef WLAN_SOFTAP_FEATURE
254/**
255 * limSetRSNieWPAiefromSmeStartBSSReqMessage()
256 *
257 *FUNCTION:
258 * This function is called to verify if the RSN IE
259 * received in various SME_REQ messages is valid or not
260 *
261 *LOGIC:
262 * RSN IE validity checks are performed in this function
263 *
264 *ASSUMPTIONS:
265 *
266 *NOTE:
267 *
268 * @param pMac Pointer to Global MAC structure
269 * @param pRSNie Pointer to received RSN IE
270 * @return true when RSN IE is valid, false otherwise
271 */
272
273tANI_U8
274limSetRSNieWPAiefromSmeStartBSSReqMessage(tpAniSirGlobal pMac,
275 tpSirRSNie pRSNie,
276 tpPESession pSessionEntry)
277{
278 tANI_U8 wpaIndex = 0;
279 tANI_U32 privacy, val;
280
281 if (wlan_cfgGetInt(pMac, WNI_CFG_PRIVACY_ENABLED,
282 &privacy) != eSIR_SUCCESS)
283 {
284 limLog(pMac, LOGP,
285 FL("Unable to retrieve POI from CFG\n"));
286 }
287
288 if (wlan_cfgGetInt(pMac, WNI_CFG_RSN_ENABLED,
289 &val) != eSIR_SUCCESS)
290 {
291 limLog(pMac, LOGP,
292 FL("Unable to retrieve RSN_ENABLED from CFG\n"));
293 }
294
295 if (pRSNie->length && (!privacy || !val))
296 {
297 // Privacy & RSN not enabled in CFG.
298 /**
299 * In order to allow mixed mode for Guest access
300 * allow BSS creation/join with no Privacy capability
301 * yet advertising WPA IE
302 */
303 PELOG1(limLog(pMac, LOG1, FL("RSN ie len %d but PRIVACY %d RSN %d\n"),
304 pRSNie->length, privacy, val);)
305 }
306
307 if (pRSNie->length)
308 {
309 if ((pRSNie->rsnIEdata[0] != SIR_MAC_RSN_EID) &&
310 (pRSNie->rsnIEdata[0] != SIR_MAC_WPA_EID))
311 {
312 limLog(pMac, LOGE, FL("RSN/WPA EID %d not [%d || %d]\n"),
313 pRSNie->rsnIEdata[0], SIR_MAC_RSN_EID,
314 SIR_MAC_WPA_EID);
315 return false;
316 }
317
318 // Check validity of RSN IE
319 if ((pRSNie->rsnIEdata[0] == SIR_MAC_RSN_EID) &&
320#if 0 // Comparison always false
321 (pRSNie->rsnIEdata[1] > SIR_MAC_RSN_IE_MAX_LENGTH) ||
322#endif
323 (pRSNie->rsnIEdata[1] < SIR_MAC_RSN_IE_MIN_LENGTH))
324 {
325 limLog(pMac, LOGE, FL("RSN IE len %d not [%d,%d]\n"),
326 pRSNie->rsnIEdata[1], SIR_MAC_RSN_IE_MIN_LENGTH,
327 SIR_MAC_RSN_IE_MAX_LENGTH);
328 return false;
329 }
330
331 if (pRSNie->length > pRSNie->rsnIEdata[1] + 2)
332 {
333 if (pRSNie->rsnIEdata[0] != SIR_MAC_RSN_EID)
334 {
335 limLog(pMac,
336 LOGE,
337 FL("First byte[%d] in rsnIEdata is not RSN_EID\n"),
338 pRSNie->rsnIEdata[1]);
339 return false;
340 }
341
342 limLog(pMac,
343 LOG1,
344 FL("WPA IE is present along with WPA2 IE\n"));
345 wpaIndex = 2 + pRSNie->rsnIEdata[1];
346 }
347 else if ((pRSNie->length == pRSNie->rsnIEdata[1] + 2) &&
348 (pRSNie->rsnIEdata[0] == SIR_MAC_RSN_EID))
349 {
350 limLog(pMac,
351 LOG1,
352 FL("Only RSN IE is present\n"));
353 dot11fUnpackIeRSN(pMac,&pRSNie->rsnIEdata[2],
354 (tANI_U8)pRSNie->length,&pSessionEntry->gStartBssRSNIe);
355 }
356 else if ((pRSNie->length == pRSNie->rsnIEdata[1] + 2) &&
357 (pRSNie->rsnIEdata[0] == SIR_MAC_WPA_EID))
358 {
359 limLog(pMac,
360 LOG1,
361 FL("Only WPA IE is present\n"));
362
363 dot11fUnpackIeWPA(pMac,&pRSNie->rsnIEdata[6],(tANI_U8)pRSNie->length-4,
364 &pSessionEntry->gStartBssWPAIe);
365 }
366
367 // Check validity of WPA IE
368 val = sirReadU32((tANI_U8 *) &pRSNie->rsnIEdata[wpaIndex + 2]);
369
370 if ((pRSNie->rsnIEdata[wpaIndex] == SIR_MAC_WPA_EID) &&
371#if 0 // Comparison always false
372 (pRSNie->rsnIEdata[wpaIndex + 1] > SIR_MAC_WPA_IE_MAX_LENGTH) ||
373#endif
374 ((pRSNie->rsnIEdata[wpaIndex + 1] < SIR_MAC_WPA_IE_MIN_LENGTH) ||
375 (SIR_MAC_WPA_OUI != val)))
376 {
377 limLog(pMac, LOGE,
378 FL("WPA IE len %d not [%d,%d] OR data 0x%x not 0x%x\n"),
379 pRSNie->rsnIEdata[1], SIR_MAC_RSN_IE_MIN_LENGTH,
380 SIR_MAC_RSN_IE_MAX_LENGTH, val, SIR_MAC_WPA_OUI);
381
382 return false;
383 }
384 else
385 {
386 /* Both RSN and WPA IEs are present */
387 dot11fUnpackIeRSN(pMac,&pRSNie->rsnIEdata[2],
388 (tANI_U8)pRSNie->length,&pSessionEntry->gStartBssRSNIe);
389
390 dot11fUnpackIeWPA(pMac,&pRSNie->rsnIEdata[wpaIndex + 6],
391 pRSNie->rsnIEdata[wpaIndex + 1]-4,
392 &pSessionEntry->gStartBssWPAIe);
393
394 }
395 }
396
397 return true;
398} /*** end limSetRSNieWPAiefromSmeStartBSSReqMessage() ***/
399#endif
400
401#if (WNI_POLARIS_FW_PACKAGE == ADVANCED) && (WNI_POLARIS_FW_PRODUCT == AP)
402/**
403 * limIsBssInfoValidInSmeReqMessage()
404 *
405 *FUNCTION:
406 * This function is called to verify if the BSS info
407 * received in various SME_REQ messages is valid or not
408 *
409 *LOGIC:
410 * BSS info validity checks are performed in this function
411 *
412 *ASSUMPTIONS:
413 *
414 *NOTE:
415 *
416 * @param pMac Pointer to Global MAC structure
417 * @param pBssInfo Pointer to received Bss Information
418 * @return true when BSS info is valid, false otherwise
419 */
420
421static tANI_U8
422limIsBssInfoValidInSmeReqMessage(tpAniSirGlobal pMac,
423 tpSirNeighborBssInfo pBssInfo)
424{
425 tANI_U8 valid = true;
426
427 if ((pBssInfo->bssType != eSIR_INFRASTRUCTURE_MODE) ||
428 limIsGroupAddr(pBssInfo->bssId) ||
429 !pBssInfo->channelId ||
430 !pBssInfo->ssId.length ||
431 (pBssInfo->ssId.length > SIR_MAC_MAX_SSID_LENGTH) ||
432 !limIsRSNieValidInSmeReqMessage(pMac, &pBssInfo->rsnIE))
433 {
434 valid = false;
435 goto end;
436 }
437
438end:
439 return valid;
440} /*** end limIsBssInfoValidInSmeReqMessage() ***/
441#else
442
443
444
445/**
446 * limIsBssDescrValidInSmeReqMessage()
447 *
448 *FUNCTION:
449 * This function is called to verify if the BSS Descr
450 * received in various SME_REQ messages is valid or not
451 *
452 *LOGIC:
453 * BSS Descritipion validity checks are performed in this function
454 *
455 *ASSUMPTIONS:
456 *
457 *NOTE:
458 *
459 * @param pMac Pointer to Global MAC structure
460 * @param pBssDescr Pointer to received Bss Descritipion
461 * @return true when BSS description is valid, false otherwise
462 */
463
464static tANI_U8
465limIsBssDescrValidInSmeReqMessage(tpAniSirGlobal pMac,
466 tpSirBssDescription pBssDescr)
467{
468 tANI_U8 valid = true;
469
470 if (limIsAddrBC(pBssDescr->bssId) ||
471 !pBssDescr->channelId)
472 {
473 valid = false;
474 goto end;
475 }
476
477end:
478 return valid;
479} /*** end limIsBssDescrValidInSmeReqMessage() ***/
480#endif
481
482
483
484/**
485 * limIsSmeStartReqValid()
486 *
487 *FUNCTION:
488 * This function is called by limProcessSmeReqMessages() upon
489 * receiving SME_START_REQ message from application.
490 *
491 *LOGIC:
492 * Message validity checks are performed in this function
493 *
494 *ASSUMPTIONS:
495 *
496 *NOTE:
497 *
498 * @param pMsg - Pointer to received SME_START_BSS_REQ message
499 * @return true when received SME_START_REQ is formatted correctly
500 * false otherwise
501 */
502
503tANI_U8
504limIsSmeStartReqValid(tpAniSirGlobal pMac, tANI_U32 *pMsg)
505{
506 tANI_U8 valid = true;
507
508 if (((tpSirSmeStartReq) pMsg)->length != sizeof(tSirSmeStartReq))
509 {
510 /**
511 * Invalid length in START_REQ message
512 * Log error.
513 */
514 limLog(pMac, LOGW,
515 FL("Invalid length %d in eWNI_SME_START_REQ\n"),
516 ((tpSirSmeStartReq) pMsg)->length);
517
518 valid = false;
519 goto end;
520 }
521
522end:
523 return valid;
524} /*** end limIsSmeStartReqValid() ***/
525
526
527
528/**
529 * limIsSmeStartBssReqValid()
530 *
531 *FUNCTION:
532 * This function is called by limProcessSmeReqMessages() upon
533 * receiving SME_START_BSS_REQ message from application.
534 *
535 *LOGIC:
536 * Message validity checks are performed in this function
537 *
538 *ASSUMPTIONS:
539 *
540 *NOTE:
541 *
542 * @param pMac Pointer to Global MAC structure
543 * @param pStartBssReq Pointer to received SME_START_BSS_REQ message
544 * @return true when received SME_START_BSS_REQ is formatted correctly
545 * false otherwise
546 */
547
548tANI_U8
549limIsSmeStartBssReqValid(tpAniSirGlobal pMac,
550 tpSirSmeStartBssReq pStartBssReq)
551{
552 tANI_U8 i = 0;
553 tANI_U8 valid = true;
554
555 PELOG1(limLog(pMac, LOG1,
556 FL("Parsed START_BSS_REQ fields are bssType=%d, channelId=%d, SSID len=%d, rsnIE len=%d, nwType=%d, rateset len=%d\n"),
557 pStartBssReq->bssType,
558 pStartBssReq->channelId,
559 pStartBssReq->ssId.length,
560 pStartBssReq->rsnIE.length,
561 pStartBssReq->nwType,
562 pStartBssReq->operationalRateSet.numRates);)
563
564 switch (pStartBssReq->bssType)
565 {
566 case eSIR_INFRASTRUCTURE_MODE:
567#if (WNI_POLARIS_FW_PRODUCT == AP)
568 /* Check for the AP Role/Station role here and act accordingly.
569 * Currently assuming this as AP and breaks TODO */
570 break;
571#endif
572 /**
573 * Should not have received start BSS req with bssType
574 * Infrastructure on STA.
575 * Log error.
576 */
577 limLog(pMac, LOGE, FL("Invalid bssType %d in eWNI_SME_START_BSS_REQ\n"),pStartBssReq->bssType);
578 valid = false;
579 goto end;
580 break;
581
582 case eSIR_IBSS_MODE:
583 break;
584
585 /* Added for BT AMP support */
586 case eSIR_BTAMP_STA_MODE:
587 break;
588
589 /* Added for BT AMP support */
590 case eSIR_BTAMP_AP_MODE:
591 break;
592
593#ifdef WLAN_SOFTAP_FEATURE
594 /* Added for SoftAP support */
595 case eSIR_INFRA_AP_MODE:
596 break;
597#endif
598
599 default:
600 /**
601 * Should not have received start BSS req with bssType
602 * other than Infrastructure/IBSS.
603 * Log error
604 */
605 limLog(pMac, LOGW,
606 FL("Invalid bssType %d in eWNI_SME_START_BSS_REQ\n"),
607 pStartBssReq->bssType);
608
609 valid = false;
610 goto end;
611 }
612
613#if (WNI_POLARIS_FW_PACKAGE == ADVANCED) && (WNI_POLARIS_FW_PRODUCT == AP)
614
615 /* Assumed as AP again, need to check the role and change accordingly */
616 if (pStartBssReq->bssType == eSIR_INFRASTRUCTURE_MODE)
617 {
618 if ((pStartBssReq->numSSID == 1) && pStartBssReq->ssId.length &&
619 ((pStartBssReq->ssId.length != pStartBssReq->ssIdList[0].length) ||
620 ( !palEqualMemory( pMac->hHdd,pStartBssReq->ssId.ssId,
621 pStartBssReq->ssIdList[0].ssId,
622 pStartBssReq->ssId.length) )))
623 {
624 /**
625 * Invalid combination of ssID length
626 * and number of SSIDs present.
627 * Reject START_BSS_REQ.
628 */
629 limLog(pMac, LOGW,
630 FL("Mismatch in SSID length & numSSID in SME_START_BSS_REQ\n"));
631
632 valid = false;
633 goto end;
634 }
635
636 if (!pStartBssReq->numSSID ||
637 (pStartBssReq->ssId.length && (pStartBssReq->numSSID != 1)))
638 {
639 /**
640 * Invalid combination of ssID length
641 * and number of SSIDs present.
642 * Reject START_BSS_REQ.
643 */
644 limLog(pMac, LOGW,
645 FL("Mismatch in SSID length[%d] & numSSID[%d] in SME_START_BSS_REQ\n"),
646 pStartBssReq->ssId.length, pStartBssReq->numSSID);
647
648 valid = false;
649 goto end;
650 }
651 }
652#endif
653#if defined(ANI_PRODUCT_TYPE_CLIENT) || defined(ANI_AP_CLIENT_SDK)
654 /* This below code is client specific code. TODO */
655 if (pStartBssReq->bssType == eSIR_IBSS_MODE)
656 {
657 if (!pStartBssReq->ssId.length ||
658 (pStartBssReq->ssId.length > SIR_MAC_MAX_SSID_LENGTH))
659 {
660 // Invalid length for SSID.
661 // Reject START_BSS_REQ
662 limLog(pMac, LOGW,
663 FL("Invalid SSID length in eWNI_SME_START_BSS_REQ\n"));
664
665 valid = false;
666 goto end;
667 }
668 }
669#endif
670
671#if (WNI_POLARIS_FW_PACKAGE == ADVANCED) && (WNI_POLARIS_FW_PRODUCT == AP)
672 /* Assumed as AP TODO */
673 if (pStartBssReq->bssType == eSIR_INFRASTRUCTURE_MODE)
674 {
675 tpSirAlternateRadioInfo pRadioInfo;
676
677 pRadioInfo = pStartBssReq->alternateRadioList.alternateRadio;
678 for (i = 0; i < pStartBssReq->alternateRadioList.numBss; i++)
679 {
680 if (limIsGroupAddr(pRadioInfo->bssId))
681 {
682 // Invalid mate BSSID.
683 // Reject START_BSS_REQ
684 limLog(pMac, LOGW,
685 FL("Invalid mate BSSID in eWNI_SME_START_BSS_REQ\n"));
686
687 valid = false;
688 goto end;
689 }
690 pRadioInfo += sizeof(tSirAlternateRadioInfo);
691 }
692
693 /*
694 ** check WDS info length
695 **/
696 if (pStartBssReq->wdsInfo.wdsLength > ANI_WDS_INFO_MAX_LENGTH)
697 {
698 PELOGW(limLog(pMac, LOGW, FL("Illegal WDS info length\n"));)
699 valid = false;
700 goto end;
701 }
702 }
703#endif
704
705 if (!limIsRSNieValidInSmeReqMessage(pMac, &pStartBssReq->rsnIE))
706 {
707 valid = false;
708 goto end;
709 }
710
711 if (pStartBssReq->nwType != eSIR_11A_NW_TYPE &&
712 pStartBssReq->nwType != eSIR_11B_NW_TYPE &&
713 pStartBssReq->nwType != eSIR_11G_NW_TYPE)
714 {
715 valid = false;
716 goto end;
717 }
718
719 if (pStartBssReq->nwType == eSIR_11A_NW_TYPE)
720 {
721 for (i = 0; i < pStartBssReq->operationalRateSet.numRates; i++)
722 if (!sirIsArate(pStartBssReq->operationalRateSet.rate[i] & 0x7F))
723 {
724 // Invalid Operational rates
725 // Reject START_BSS_REQ
726 limLog(pMac, LOGW,
727 FL("Invalid operational rates in eWNI_SME_START_BSS_REQ\n"));
Mohit Khanna23863762012-09-11 17:40:09 -0700[diff] [blame]728 sirDumpBuf(pMac, SIR_LIM_MODULE_ID, LOG2,
Jeff Johnson295189b2012-06-20 16:38:30 -0700[diff] [blame]729 pStartBssReq->operationalRateSet.rate,
730 pStartBssReq->operationalRateSet.numRates);
731
732 valid = false;
733 goto end;
734 }
735 }
736 // check if all the rates in the operatioal rate set are legal 11G rates
737 else if (pStartBssReq->nwType == eSIR_11G_NW_TYPE)
738 {
739 for (i = 0; i < pStartBssReq->operationalRateSet.numRates; i++)
740 if (!sirIsGrate(pStartBssReq->operationalRateSet.rate[i] & 0x7F))
741 {
742 // Invalid Operational rates
743 // Reject START_BSS_REQ
744 limLog(pMac, LOGW,
745 FL("Invalid operational rates in eWNI_SME_START_BSS_REQ\n"));
Mohit Khanna23863762012-09-11 17:40:09 -0700[diff] [blame]746 sirDumpBuf(pMac, SIR_LIM_MODULE_ID, LOG2,
Jeff Johnson295189b2012-06-20 16:38:30 -0700[diff] [blame]747 pStartBssReq->operationalRateSet.rate,
748 pStartBssReq->operationalRateSet.numRates);
749
750 valid = false;
751 goto end;
752 }
753 }
754 else
755 {
756 for (i = 0; i < pStartBssReq->operationalRateSet.numRates; i++)
757 if (!sirIsBrate(pStartBssReq->operationalRateSet.rate[i] & 0x7F))
758 {
759 // Invalid Operational rates
760 // Reject START_BSS_REQ
761 limLog(pMac, LOGW,
762 FL("Invalid operational rates in eWNI_SME_START_BSS_REQ\n"));
Mohit Khanna23863762012-09-11 17:40:09 -0700[diff] [blame]763 sirDumpBuf(pMac, SIR_LIM_MODULE_ID, LOG2,
Jeff Johnson295189b2012-06-20 16:38:30 -0700[diff] [blame]764 pStartBssReq->operationalRateSet.rate,
765 pStartBssReq->operationalRateSet.numRates);
766
767 valid = false;
768 goto end;
769 }
770 }
771
772end:
773 return valid;
774} /*** end limIsSmeStartBssReqValid() ***/
775
776
777
778/**
779 * limIsSmeJoinReqValid()
780 *
781 *FUNCTION:
782 * This function is called by limProcessSmeReqMessages() upon
783 * receiving SME_JOIN_REQ message from application.
784 *
785 *LOGIC:
786 * Message validity checks are performed in this function
787 *
788 *ASSUMPTIONS:
789 *
790 *NOTE:
791 *
792 * @param pMac Pointer to Global MAC structure
793 * @param pJoinReq Pointer to received SME_JOIN_REQ message
794 * @return true when received SME_JOIN_REQ is formatted correctly
795 * false otherwise
796 */
797
798tANI_U8
799limIsSmeJoinReqValid(tpAniSirGlobal pMac, tpSirSmeJoinReq pJoinReq)
800{
801 tANI_U8 valid = true;
802
803#if (WNI_POLARIS_FW_PACKAGE == ADVANCED)
804 if (pJoinReq->assocType > eSIR_TRANSFERRED)
805 {
806 /// Received eWNI_SME_JOIN_REQ with invalid assocType
807 // Log the event
808 limLog(pMac, LOGW,
809 FL("received SME_JOIN_REQ with invalid assocType\n"));
810
811 valid = false;
812 goto end;
813 }
814#endif
815
816 if (!limIsRSNieValidInSmeReqMessage(pMac, &pJoinReq->rsnIE))
817 {
818 limLog(pMac, LOGE,
819 FL("received SME_JOIN_REQ with invalid RSNIE\n"));
820 valid = false;
821 goto end;
822 }
823
824 if (!limIsAddieValidInSmeReqMessage(pMac, &pJoinReq->addIEScan))
825 {
826 limLog(pMac, LOGE,
827 FL("received SME_JOIN_REQ with invalid additional IE for scan\n"));
828 valid = false;
829 goto end;
830 }
831
832 if (!limIsAddieValidInSmeReqMessage(pMac, &pJoinReq->addIEAssoc))
833 {
834 limLog(pMac, LOGE,
835 FL("received SME_JOIN_REQ with invalid additional IE for assoc\n"));
836 valid = false;
837 goto end;
838 }
839
840
841#if (WNI_POLARIS_FW_PACKAGE == ADVANCED) && (WNI_POLARIS_FW_PRODUCT == AP)
842 if (!limIsBssInfoValidInSmeReqMessage(
843 pMac,
844 pJoinReq->neighborBssList.bssList))
845#else
846 if (!limIsBssDescrValidInSmeReqMessage(pMac,
847 &pJoinReq->bssDescription))
848#endif
849 {
850 /// Received eWNI_SME_JOIN_REQ with invalid BSS Info
851 // Log the event
852 limLog(pMac, LOGE,
853 FL("received SME_JOIN_REQ with invalid bssInfo\n"));
854
855 valid = false;
856 goto end;
857 }
858
Jeff Johnsone7245742012-09-05 17:12:55 -0700[diff] [blame]859 /*
860 Reject Join Req if the Self Mac Address and
861 the Ap's Mac Address is same
862 */
863 if( palEqualMemory( pMac->hHdd, (tANI_U8* ) pJoinReq->selfMacAddr,
864 (tANI_U8 *) pJoinReq->bssDescription.bssId,
865 (tANI_U8) (sizeof(tSirMacAddr))))
866 {
867 // Log the event
868 limLog(pMac, LOGE,
869 FL("received SME_JOIN_REQ with Self Mac and BSSID Same\n"));
870
871 valid = false;
872 goto end;
873 }
874
Jeff Johnson295189b2012-06-20 16:38:30 -0700[diff] [blame]875end:
876 return valid;
877} /*** end limIsSmeJoinReqValid() ***/
878
879
880
881/**
882 * limIsSmeDisassocReqValid()
883 *
884 *FUNCTION:
885 * This function is called by limProcessSmeReqMessages() upon
886 * receiving SME_DISASSOC_REQ message from application.
887 *
888 *LOGIC:
889 * Message validity checks are performed in this function
890 *
891 *ASSUMPTIONS:
892 *
893 *NOTE:
894 *
895 * @param pMac Pointer to Global MAC structure
896 * @param pDisassocReq Pointer to received SME_DISASSOC_REQ message
897 * @return true When received SME_DISASSOC_REQ is formatted
898 * correctly
899 * false otherwise
900 */
901
902tANI_U8
903limIsSmeDisassocReqValid(tpAniSirGlobal pMac,
904 tpSirSmeDisassocReq pDisassocReq, tpPESession psessionEntry)
905{
906 if (limIsGroupAddr(pDisassocReq->peerMacAddr) &&
907 !limIsAddrBC(pDisassocReq->peerMacAddr))
908 return false;
909
910#if (WNI_POLARIS_FW_PRODUCT == AP)
911 if (((psessionEntry->limSystemRole == eLIM_AP_ROLE) &&
912 ((pDisassocReq->aid < 2) || (pDisassocReq->aid > 2007))) ||
913 ((psessionEntry->limSystemRole == eLIM_STA_ROLE) &&
914 (pDisassocReq->aid != 1)))
915 return false;
916#endif
917
918 return true;
919} /*** end limIsSmeDisassocReqValid() ***/
920
921
922
923/**
924 * limIsSmeDisassocCnfValid()
925 *
926 *FUNCTION:
927 * This function is called by limProcessSmeReqMessages() upon
928 * receiving SME_DISASSOC_CNF message from application.
929 *
930 *LOGIC:
931 * Message validity checks are performed in this function
932 *
933 *ASSUMPTIONS:
934 *
935 *NOTE:
936 *
937 * @param pMac Pointer to Global MAC structure
938 * @param pDisassocCnf Pointer to received SME_DISASSOC_REQ message
939 * @return true When received SME_DISASSOC_CNF is formatted
940 * correctly
941 * false otherwise
942 */
943
944tANI_U8
945limIsSmeDisassocCnfValid(tpAniSirGlobal pMac,
946 tpSirSmeDisassocCnf pDisassocCnf, tpPESession psessionEntry)
947{
948 if (limIsGroupAddr(pDisassocCnf->peerMacAddr))
949 return false;
950
951#if (WNI_POLARIS_FW_PRODUCT == AP)
952 if (((psessionEntry->limSystemRole == eLIM_AP_ROLE) &&
953 ((pDisassocCnf->aid < 2) || (pDisassocCnf->aid > 2007))) ||
954 ((psessionEntry->limSystemRole == eLIM_STA_ROLE) &&
955 (pDisassocCnf->aid != 1)))
956 return false;
957#endif
958 return true;
959} /*** end limIsSmeDisassocCnfValid() ***/
960
961
962
963/**
964 * limIsSmeDeauthReqValid()
965 *
966 *FUNCTION:
967 * This function is called by limProcessSmeReqMessages() upon
968 * receiving SME_DEAUTH_REQ message from application.
969 *
970 *LOGIC:
971 * Message validity checks are performed in this function
972 *
973 *ASSUMPTIONS:
974 *
975 *NOTE:
976 *
977 * @param pMac Pointer to Global MAC structure
978 * @param pDeauthReq Pointer to received SME_DEAUTH_REQ message
979 * @return true When received SME_DEAUTH_REQ is formatted correctly
980 * false otherwise
981 */
982
983tANI_U8
984limIsSmeDeauthReqValid(tpAniSirGlobal pMac, tpSirSmeDeauthReq pDeauthReq, tpPESession psessionEntry)
985{
986 if (limIsGroupAddr(pDeauthReq->peerMacAddr) &&
987 !limIsAddrBC(pDeauthReq->peerMacAddr))
988 return false;
989
990#if (WNI_POLARIS_FW_PRODUCT == AP)
991 if (((psessionEntryp->limSystemRole == eLIM_AP_ROLE) &&
992 ((pDeauthReq->aid < 2) || (pDeauthReq->aid > 2007))) ||
993 ((psessionEntryp->limSystemRole == eLIM_STA_ROLE) &&
994 (pDeauthReq->aid != 1)))
995 return false;
996#endif
997 return true;
998} /*** end limIsSmeDeauthReqValid() ***/
999
1000
1001
1002/**
1003 * limIsSmeScanReqValid()
1004 *
1005 *FUNCTION:
1006 * This function is called by limProcessSmeReqMessages() upon
1007 * receiving SME_SCAN_REQ message from application.
1008 *
1009 *LOGIC:
1010 * Message validity checks are performed in this function
1011 *
1012 *ASSUMPTIONS:
1013 *
1014 *NOTE:
1015 *
1016 * @param pScanReq Pointer to received SME_SCAN_REQ message
1017 * @return true when received SME_SCAN_REQ is formatted correctly
1018 * false otherwise
1019 */
1020
1021tANI_U8
1022limIsSmeScanReqValid(tpAniSirGlobal pMac, tpSirSmeScanReq pScanReq)
1023{
1024 tANI_U8 valid = true;
1025 tANI_U8 i = 0;
1026
1027 for (i = 0; i < pScanReq->numSsid; i++)
1028 {
1029 if (pScanReq->ssId[i].length > SIR_MAC_MAX_SSID_LENGTH)
1030 {
1031 valid = false;
1032 goto end;
1033 }
1034 }
1035 if ((pScanReq->bssType > eSIR_AUTO_MODE) ||
1036 (limIsGroupAddr(pScanReq->bssId) && !limIsAddrBC(pScanReq->bssId)) ||
1037 (!(pScanReq->scanType == eSIR_PASSIVE_SCAN || pScanReq->scanType == eSIR_ACTIVE_SCAN)) ||
1038 (pScanReq->channelList.numChannels > SIR_MAX_NUM_CHANNELS))
1039 {
1040 valid = false;
1041 goto end;
1042 }
1043
1044 /*
1045 ** check min/max channelTime range
1046 **/
1047
1048 if ((pScanReq->scanType == eSIR_ACTIVE_SCAN) &&
1049 (pScanReq->maxChannelTime < pScanReq->minChannelTime))
1050 {
1051 PELOGW(limLog(pMac, LOGW, FL("Max Channel Time < Min Channel Time\n"));)
1052 valid = false;
1053 goto end;
1054 }
1055
1056end:
1057 return valid;
1058} /*** end limIsSmeScanReqValid() ***/
1059
1060
1061
1062/**
1063 * limIsSmeAuthReqValid()
1064 *
1065 *FUNCTION:
1066 * This function is called by limProcessSmeReqMessages() upon
1067 * receiving SME_AUTH_REQ message from application.
1068 *
1069 *LOGIC:
1070 * Message validity checks are performed in this function
1071 *
1072 *ASSUMPTIONS:
1073 *
1074 *NOTE:
1075 *
1076 * @param pAuthReq Pointer to received SME_AUTH_REQ message
1077 * @return true when received SME_AUTH_REQ is formatted correctly
1078 * false otherwise
1079 */
1080
1081tANI_U8
1082limIsSmeAuthReqValid(tpSirSmeAuthReq pAuthReq)
1083{
1084 tANI_U8 valid = true;
1085
1086 if (limIsGroupAddr(pAuthReq->peerMacAddr) ||
1087 (pAuthReq->authType > eSIR_AUTO_SWITCH) ||
1088 !pAuthReq->channelNumber)
1089 {
1090 valid = false;
1091 goto end;
1092 }
1093
1094end:
1095 return valid;
1096} /*** end limIsSmeAuthReqValid() ***/
1097
1098
1099
1100/**
1101 * limIsSmeSetContextReqValid()
1102 *
1103 *FUNCTION:
1104 * This function is called by limProcessSmeReqMessages() upon
1105 * receiving SME_SET_CONTEXT_REQ message from application.
1106 *
1107 *LOGIC:
1108 * Message validity checks are performed in this function
1109 *
1110 *ASSUMPTIONS:
1111 *
1112 *NOTE:
1113 *
1114 * @param pMsg - Pointer to received SME_SET_CONTEXT_REQ message
1115 * @return true when received SME_SET_CONTEXT_REQ is formatted correctly
1116 * false otherwise
1117 */
1118
1119tANI_U8
1120limIsSmeSetContextReqValid(tpAniSirGlobal pMac, tpSirSmeSetContextReq pSetContextReq)
1121{
1122 tANI_U8 i = 0;
1123 tANI_U8 valid = true;
1124 tpSirKeys pKey = pSetContextReq->keyMaterial.key;
1125
1126 if ((pSetContextReq->keyMaterial.edType != eSIR_ED_WEP40) &&
1127 (pSetContextReq->keyMaterial.edType != eSIR_ED_WEP104) &&
1128 (pSetContextReq->keyMaterial.edType != eSIR_ED_NONE) &&
1129#ifdef FEATURE_WLAN_WAPI
1130 (pSetContextReq->keyMaterial.edType != eSIR_ED_WPI) &&
1131#endif
1132 !pSetContextReq->keyMaterial.numKeys)
1133 {
1134 /**
1135 * No keys present in case of TKIP or CCMP
1136 * Log error.
1137 */
1138 limLog(pMac, LOGW,
1139 FL("No keys present in SME_SETCONTEXT_REQ for edType=%d\n"),
1140 pSetContextReq->keyMaterial.edType);
1141
1142 valid = false;
1143 goto end;
1144 }
1145
1146 if (pSetContextReq->keyMaterial.numKeys &&
1147 (pSetContextReq->keyMaterial.edType == eSIR_ED_NONE))
1148 {
1149 /**
1150 * Keys present in case of no ED policy
1151 * Log error.
1152 */
1153 limLog(pMac, LOGW,
1154 FL("Keys present in SME_SETCONTEXT_REQ for edType=%d\n"),
1155 pSetContextReq->keyMaterial.edType);
1156
1157 valid = false;
1158 goto end;
1159 }
1160
1161 if (pSetContextReq->keyMaterial.edType >= eSIR_ED_NOT_IMPLEMENTED)
1162 {
1163 /**
1164 * Invalid edType in the message
1165 * Log error.
1166 */
1167 limLog(pMac, LOGW,
1168 FL("Invalid edType=%d in SME_SETCONTEXT_REQ\n"),
1169 pSetContextReq->keyMaterial.edType);
1170
1171 valid = false;
1172 goto end;
1173 }
1174 else if (pSetContextReq->keyMaterial.edType > eSIR_ED_NONE)
1175 {
1176 tANI_U32 poi;
1177
1178 if (wlan_cfgGetInt(pMac, WNI_CFG_PRIVACY_ENABLED,
1179 &poi) != eSIR_SUCCESS)
1180 {
1181 limLog(pMac, LOGP,
1182 FL("Unable to retrieve POI from CFG\n"));
1183 }
1184
1185 if (!poi)
1186 {
1187 /**
1188 * Privacy is not enabled
1189 * In order to allow mixed mode for Guest access
1190 * allow BSS creation/join with no Privacy capability
1191 * yet advertising WPA IE
1192 */
1193 PELOG1(limLog(pMac, LOG1,
1194 FL("Privacy is not enabled, yet non-None EDtype=%d in SME_SETCONTEXT_REQ\n"),
1195 pSetContextReq->keyMaterial.edType);)
1196 }
1197 }
1198
1199 for (i = 0; i < pSetContextReq->keyMaterial.numKeys; i++)
1200 {
1201 if (((pSetContextReq->keyMaterial.edType == eSIR_ED_WEP40) &&
1202 (pKey->keyLength != 5)) ||
1203 ((pSetContextReq->keyMaterial.edType == eSIR_ED_WEP104) &&
1204 (pKey->keyLength != 13)) ||
1205 ((pSetContextReq->keyMaterial.edType == eSIR_ED_TKIP) &&
1206 (pKey->keyLength != 32)) ||
1207#ifdef FEATURE_WLAN_WAPI
1208 ((pSetContextReq->keyMaterial.edType == eSIR_ED_WPI) &&
1209 (pKey->keyLength != 32)) ||
1210#endif
1211 ((pSetContextReq->keyMaterial.edType == eSIR_ED_CCMP) &&
1212 (pKey->keyLength != 16)))
1213 {
1214 /**
1215 * Invalid key length for a given ED type
1216 * Log error.
1217 */
1218 limLog(pMac, LOGW,
1219 FL("Invalid keyLength =%d for edType=%d in SME_SETCONTEXT_REQ\n"),
1220 pKey->keyLength, pSetContextReq->keyMaterial.edType);
1221
1222 valid = false;
1223 goto end;
1224 }
1225 pKey++;
1226 }
1227
1228end:
1229 return valid;
1230} /*** end limIsSmeSetContextReqValid() ***/
1231
1232
1233
1234/**
1235 * limIsSmeStopBssReqValid()
1236 *
1237 *FUNCTION:
1238 * This function is called by limProcessSmeReqMessages() upon
1239 * receiving SME_STOP_BSS_REQ message from application.
1240 *
1241 *LOGIC:
1242 * Message validity checks are performed in this function
1243 *
1244 *ASSUMPTIONS:
1245 *
1246 *NOTE:
1247 *
1248 * @param pMsg - Pointer to received SME_STOP_BSS_REQ message
1249 * @return true when received SME_STOP_BSS_REQ is formatted correctly
1250 * false otherwise
1251 */
1252
1253tANI_U8
1254limIsSmeStopBssReqValid(tANI_U32 *pMsg)
1255{
1256 tANI_U8 valid = true;
1257
1258 return valid;
1259} /*** end limIsSmeStopBssReqValid() ***/
1260
1261
1262/**
1263 * limGetBssIdFromSmeJoinReqMsg()
1264 *
1265 *FUNCTION:
1266 * This function is called in various places to get BSSID
1267 * from BSS description/Neighbor BSS Info in the SME_JOIN_REQ/
1268 * SME_REASSOC_REQ message.
1269 *
1270 *PARAMS:
1271 *
1272 *LOGIC:
1273 *
1274 *ASSUMPTIONS:
1275 * NA
1276 *
1277 *NOTE:
1278 * NA
1279 *
1280 * @param pBuf - Pointer to received SME_JOIN/SME_REASSOC_REQ
1281 * message
1282 * @return pBssId - Pointer to BSSID
1283 */
1284
1285tANI_U8*
1286limGetBssIdFromSmeJoinReqMsg(tANI_U8 *pBuf)
1287{
1288 if (!pBuf)
1289 return NULL;
1290
1291 pBuf += sizeof(tANI_U32); // skip message header
1292
1293#if (WNI_POLARIS_FW_PACKAGE == ADVANCED)
1294 pBuf += sizeof(tSirAssocType); // skip assocType
1295#endif
1296
1297 pBuf += limGetU16(pBuf) + sizeof(tANI_U16); // skip RSN IE
1298
1299#if (WNI_POLARIS_FW_PACKAGE == ADVANCED) && (WNI_POLARIS_FW_PRODUCT == AP)
1300 pBuf += sizeof(tAniBool); // skip BP indicator
1301 pBuf += sizeof(tSirBpIndicatorType); // skip BP indicator type
1302 pBuf += sizeof(tANI_U32); // skip number of neighbor BSS
1303#else
1304 pBuf += sizeof(tANI_U16); // skip length of BSS description
1305#endif
1306
1307 return (pBuf);
1308} /*** end limGetBssIdFromSmeJoinReqMsg() ***/
1309
1310