Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 8c6f5e82b0b15337e158ee915aac207b5602f3c6 / . / core / mac / src / pe / lim / lim_process_auth_frame.c
blob: a2a6b4dceee6303753e40e20ab17f6ccd3e261d7 [file] [log] [blame]
/*
* Copyright (c) 2011-2017 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
*
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all
* copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
* WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
* TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/*
* This file was originally distributed by Qualcomm Atheros, Inc.
* under proprietary terms before Copyright ownership was assigned
* to the Linux Foundation.
*/
/*
*
* This file lim_process_auth_frame.cc contains the code
* for processing received Authentication Frame.
* Author: Chandra Modumudi
* Date: 03/11/02
* History:-
* Date Modified by Modification Information
* --------------------------------------------------------------------
* 05/12/2010 js To support Shared key authentication at AP side
*
*/
#include "wni_api.h"
#include "wni_cfg.h"
#include "ani_global.h"
#include "cfg_api.h"
#include "utils_api.h"
#include "lim_utils.h"
#include "lim_assoc_utils.h"
#include "lim_security_utils.h"
#include "lim_ser_des_utils.h"
#include "lim_ft.h"
#include "cds_utils.h"
#include "lim_send_messages.h"
#include "lim_process_fils.h"
/**
* is_auth_valid
*
***FUNCTION:
* This function is called by lim_process_auth_frame() upon Authentication
* frame reception.
*
***LOGIC:
* This function is used to test validity of auth frame:
* - AUTH1 and AUTH3 must be received in AP mode
* - AUTH2 and AUTH4 must be received in STA mode
* - AUTH3 and AUTH4 must have challenge text IE, that is,'type' field has been set to
* SIR_MAC_CHALLENGE_TEXT_EID by parser
* -
*
***ASSUMPTIONS:
*
***NOTE:
*
* @param *auth - Pointer to extracted auth frame body
*
* @return 0 or 1 (Valid)
*/
static inline unsigned int is_auth_valid(tpAniSirGlobal pMac,
tpSirMacAuthFrameBody auth,
tpPESession sessionEntry)
{
unsigned int valid = 1;
if (((auth->authTransactionSeqNumber == SIR_MAC_AUTH_FRAME_1) ||
(auth->authTransactionSeqNumber == SIR_MAC_AUTH_FRAME_3)) &&
(LIM_IS_STA_ROLE(sessionEntry)))
valid = 0;
if (((auth->authTransactionSeqNumber == SIR_MAC_AUTH_FRAME_2) ||
(auth->authTransactionSeqNumber == SIR_MAC_AUTH_FRAME_4)) &&
(LIM_IS_AP_ROLE(sessionEntry)))
valid = 0;
if (((auth->authTransactionSeqNumber == SIR_MAC_AUTH_FRAME_3) ||
(auth->authTransactionSeqNumber == SIR_MAC_AUTH_FRAME_4)) &&
(auth->type != SIR_MAC_CHALLENGE_TEXT_EID) &&
(auth->authAlgoNumber != eSIR_SHARED_KEY))
valid = 0;
return valid;
}
static void lim_process_auth_shared_system_algo(tpAniSirGlobal mac_ctx,
tpSirMacMgmtHdr mac_hdr,
tSirMacAuthFrameBody *rx_auth_frm_body,
tSirMacAuthFrameBody *auth_frame,
uint8_t *challenge_txt_arr,
tpPESession pe_session)
{
uint32_t val;
uint8_t cfg_privacy_opt_imp, *challenge;
struct tLimPreAuthNode *auth_node;
pe_debug("=======> eSIR_SHARED_KEY");
if (LIM_IS_AP_ROLE(pe_session))
val = pe_session->privacy;
else if (wlan_cfg_get_int(mac_ctx,
WNI_CFG_PRIVACY_ENABLED, &val) != eSIR_SUCCESS)
pe_warn("couldnt retrieve Privacy option");
cfg_privacy_opt_imp = (uint8_t) val;
if (!cfg_privacy_opt_imp) {
pe_err("rx Auth frame for unsupported auth algorithm %d "
MAC_ADDRESS_STR,
rx_auth_frm_body->authAlgoNumber,
MAC_ADDR_ARRAY(mac_hdr->sa));
/*
* Authenticator does not have WEP
* implemented.
* Reject by sending Authentication frame
* with Auth algorithm not supported status
* code.
*/
auth_frame->authAlgoNumber = rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
rx_auth_frm_body->authTransactionSeqNumber + 1;
auth_frame->authStatusCode =
eSIR_MAC_AUTH_ALGO_NOT_SUPPORTED_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
return;
} else {
/* Create entry for this STA in pre-auth list */
auth_node = lim_acquire_free_pre_auth_node(mac_ctx,
&mac_ctx->lim.gLimPreAuthTimerTable);
if (auth_node == NULL) {
pe_warn("Max preauth-nodes reached");
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOGW);
return;
}
qdf_mem_copy((uint8_t *) auth_node->peerMacAddr, mac_hdr->sa,
sizeof(tSirMacAddr));
auth_node->mlmState = eLIM_MLM_WT_AUTH_FRAME3_STATE;
auth_node->authType =
(tAniAuthType) rx_auth_frm_body->authAlgoNumber;
auth_node->fSeen = 0;
auth_node->fTimerStarted = 0;
auth_node->seq_num = ((mac_hdr->seqControl.seqNumHi << 4) |
(mac_hdr->seqControl.seqNumLo));
auth_node->timestamp = qdf_mc_timer_get_system_ticks();
lim_add_pre_auth_node(mac_ctx, auth_node);
pe_debug("Alloc new data: %p id: %d peer ",
auth_node, auth_node->authNodeIdx);
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOG1);
/* / Create and activate Auth Response timer */
if (tx_timer_change_context(&auth_node->timer,
auth_node->authNodeIdx) != TX_SUCCESS) {
/* Could not start Auth response timer. Log error */
pe_warn("Unable to chg context auth response timer for peer");
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOGW);
/*
* Send Auth frame with unspecified failure status code.
*/
auth_frame->authAlgoNumber =
rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
rx_auth_frm_body->authTransactionSeqNumber + 1;
auth_frame->authStatusCode =
eSIR_MAC_UNSPEC_FAILURE_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
lim_delete_pre_auth_node(mac_ctx, mac_hdr->sa);
return;
}
lim_activate_auth_rsp_timer(mac_ctx, auth_node);
auth_node->fTimerStarted = 1;
/*
* get random bytes and use as challenge text.
* If it fails we already have random stack bytes.
*/
if (!QDF_IS_STATUS_SUCCESS(cds_rand_get_bytes(0,
(uint8_t *) challenge_txt_arr,
SIR_MAC_AUTH_CHALLENGE_LENGTH)))
pe_err("Challenge text preparation failed");
challenge = auth_node->challengeText;
qdf_mem_copy(challenge, (uint8_t *)challenge_txt_arr,
sizeof(challenge_txt_arr));
/*
* Sending Authenticaton frame with challenge.
*/
auth_frame->authAlgoNumber = rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
rx_auth_frm_body->authTransactionSeqNumber + 1;
auth_frame->authStatusCode = eSIR_MAC_SUCCESS_STATUS;
auth_frame->type = SIR_MAC_CHALLENGE_TEXT_EID;
auth_frame->length = SIR_MAC_AUTH_CHALLENGE_LENGTH;
qdf_mem_copy(auth_frame->challengeText,
auth_node->challengeText,
SIR_MAC_AUTH_CHALLENGE_LENGTH);
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
}
}
static void lim_process_auth_open_system_algo(tpAniSirGlobal mac_ctx,
tpSirMacMgmtHdr mac_hdr,
tSirMacAuthFrameBody *rx_auth_frm_body,
tSirMacAuthFrameBody *auth_frame,
tpPESession pe_session)
{
struct tLimPreAuthNode *auth_node;
pe_debug("=======> eSIR_OPEN_SYSTEM");
/* Create entry for this STA in pre-auth list */
auth_node = lim_acquire_free_pre_auth_node(mac_ctx,
&mac_ctx->lim.gLimPreAuthTimerTable);
if (auth_node == NULL) {
pe_warn("Max pre-auth nodes reached ");
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOGW);
return;
}
pe_debug("Alloc new data: %p peer", auth_node);
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOGD);
qdf_mem_copy((uint8_t *) auth_node->peerMacAddr,
mac_hdr->sa, sizeof(tSirMacAddr));
auth_node->mlmState = eLIM_MLM_AUTHENTICATED_STATE;
auth_node->authType = (tAniAuthType) rx_auth_frm_body->authAlgoNumber;
auth_node->fSeen = 0;
auth_node->fTimerStarted = 0;
auth_node->seq_num = ((mac_hdr->seqControl.seqNumHi << 4) |
(mac_hdr->seqControl.seqNumLo));
auth_node->timestamp = qdf_mc_timer_get_system_ticks();
lim_add_pre_auth_node(mac_ctx, auth_node);
/*
* Send Authenticaton frame with Success
* status code.
*/
auth_frame->authAlgoNumber = rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
rx_auth_frm_body->authTransactionSeqNumber + 1;
auth_frame->authStatusCode = eSIR_MAC_SUCCESS_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame, mac_hdr->sa,
LIM_NO_WEP_IN_FC,
pe_session, false);
}
static void lim_process_auth_frame_type1(tpAniSirGlobal mac_ctx,
tpSirMacMgmtHdr mac_hdr,
tSirMacAuthFrameBody *rx_auth_frm_body,
uint8_t *rx_pkt_info, uint16_t curr_seq_num,
tSirMacAuthFrameBody *auth_frame, tpPESession pe_session)
{
tpDphHashNode sta_ds_ptr = NULL;
struct tLimPreAuthNode *auth_node;
uint8_t challenge_txt_arr[SIR_MAC_AUTH_CHALLENGE_LENGTH];
uint32_t maxnum_preauth;
uint16_t associd = 0;
/* AuthFrame 1 */
sta_ds_ptr = dph_lookup_hash_entry(mac_ctx, mac_hdr->sa,
&associd, &pe_session->dph.dphHashTable);
if (sta_ds_ptr) {
tLimMlmDisassocReq *pMlmDisassocReq = NULL;
tLimMlmDeauthReq *pMlmDeauthReq = NULL;
bool isConnected = true;
pMlmDisassocReq =
mac_ctx->lim.limDisassocDeauthCnfReq.pMlmDisassocReq;
if (pMlmDisassocReq &&
(!qdf_mem_cmp((uint8_t *) mac_hdr->sa, (uint8_t *)
&pMlmDisassocReq->peer_macaddr.bytes,
QDF_MAC_ADDR_SIZE))) {
pe_debug("TODO:Ack for disassoc frame is pending Issue delsta for "
MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(
pMlmDisassocReq->peer_macaddr.bytes));
lim_process_disassoc_ack_timeout(mac_ctx);
isConnected = false;
}
pMlmDeauthReq =
mac_ctx->lim.limDisassocDeauthCnfReq.pMlmDeauthReq;
if (pMlmDeauthReq &&
(!qdf_mem_cmp((uint8_t *) mac_hdr->sa, (uint8_t *)
&pMlmDeauthReq->peer_macaddr.bytes,
QDF_MAC_ADDR_SIZE))) {
pe_debug("TODO:Ack for deauth frame is pending Issue delsta for "
MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(
pMlmDeauthReq->peer_macaddr.bytes));
lim_process_deauth_ack_timeout(mac_ctx);
isConnected = false;
}
/*
* pStaDS != NULL and isConnected = 1 means the STA is already
* connected, But SAP received the Auth from that station.
* For non PMF connection send Deauth frame as STA will retry
* to connect back.
*
* For PMF connection the AP should not tear down or otherwise
* modify the state of the existing association until the
* SA-Query procedure determines that the original SA is
* invalid.
*/
if (isConnected
#ifdef WLAN_FEATURE_11W
&& !sta_ds_ptr->rmfEnabled
#endif
) {
pe_err("STA is already connected but received auth frame"
"Send the Deauth and lim Delete Station Context"
"(staId: %d, associd: %d) ",
sta_ds_ptr->staIndex, associd);
lim_send_deauth_mgmt_frame(mac_ctx,
eSIR_MAC_UNSPEC_FAILURE_REASON,
(uint8_t *) mac_hdr->sa,
pe_session, false);
lim_trigger_sta_deletion(mac_ctx, sta_ds_ptr,
pe_session);
return;
}
}
/* Check if there exists pre-auth context for this STA */
auth_node = lim_search_pre_auth_list(mac_ctx, mac_hdr->sa);
if (auth_node) {
/* Pre-auth context exists for the STA */
if (!(mac_hdr->fc.retry == 0 ||
auth_node->seq_num != curr_seq_num)) {
/*
* This can happen when first authentication frame is
* received but ACK lost at STA side, in this case 2nd
* auth frame is already in transmission queue
*/
pe_warn("STA is initiating Auth after ACK lost");
return;
}
/*
* STA is initiating brand-new Authentication
* sequence after local Auth Response timeout Or STA
* retrying to transmit First Auth frame due to packet
* drop OTA Delete Pre-auth node and fall through.
*/
if (auth_node->fTimerStarted)
lim_deactivate_and_change_per_sta_id_timer(
mac_ctx, eLIM_AUTH_RSP_TIMER,
auth_node->authNodeIdx);
pe_debug("STA is initiating brand-new Auth");
lim_delete_pre_auth_node(mac_ctx, mac_hdr->sa);
/*
* SAP Mode:Disassociate the station and
* delete its entry if we have its entry
* already and received "auth" from the
* same station.
* SAP dphHashTable.size = 8
*/
for (associd = 0; associd < pe_session->dph.dphHashTable.size;
associd++) {
sta_ds_ptr = dph_get_hash_entry(mac_ctx, associd,
&pe_session->dph.dphHashTable);
if (NULL == sta_ds_ptr)
continue;
if (sta_ds_ptr->valid && (!qdf_mem_cmp(
(uint8_t *)&sta_ds_ptr->staAddr,
(uint8_t *) &(mac_hdr->sa),
(uint8_t) sizeof(tSirMacAddr))))
break;
sta_ds_ptr = NULL;
}
if (NULL != sta_ds_ptr
#ifdef WLAN_FEATURE_11W
&& !sta_ds_ptr->rmfEnabled
#endif
) {
pe_debug("lim Delete Station Context staId: %d associd: %d",
sta_ds_ptr->staIndex, associd);
lim_send_deauth_mgmt_frame(mac_ctx,
eSIR_MAC_UNSPEC_FAILURE_REASON,
(uint8_t *)auth_node->peerMacAddr,
pe_session, false);
lim_trigger_sta_deletion(mac_ctx, sta_ds_ptr,
pe_session);
return;
}
}
if (wlan_cfg_get_int(mac_ctx, WNI_CFG_MAX_NUM_PRE_AUTH,
(uint32_t *) &maxnum_preauth) != eSIR_SUCCESS)
pe_warn("could not retrieve MaxNumPreAuth");
if (mac_ctx->lim.gLimNumPreAuthContexts == maxnum_preauth &&
!lim_delete_open_auth_pre_auth_node(mac_ctx)) {
pe_err("Max no of preauth context reached");
/*
* Maximum number of pre-auth contexts reached.
* Send Authentication frame with unspecified failure
*/
auth_frame->authAlgoNumber = rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
rx_auth_frm_body->authTransactionSeqNumber + 1;
auth_frame->authStatusCode =
eSIR_MAC_UNSPEC_FAILURE_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
return;
}
/* No Pre-auth context exists for the STA. */
if (lim_is_auth_algo_supported(mac_ctx,
(tAniAuthType) rx_auth_frm_body->authAlgoNumber,
pe_session)) {
if (lim_get_session_by_macaddr(mac_ctx, mac_hdr->sa)) {
auth_frame->authAlgoNumber =
rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
rx_auth_frm_body->authTransactionSeqNumber + 1;
auth_frame->authStatusCode =
eSIR_MAC_WME_INVALID_PARAMS_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
return;
}
switch (rx_auth_frm_body->authAlgoNumber) {
case eSIR_OPEN_SYSTEM:
lim_process_auth_open_system_algo(mac_ctx, mac_hdr,
rx_auth_frm_body, auth_frame, pe_session);
break;
case eSIR_SHARED_KEY:
lim_process_auth_shared_system_algo(mac_ctx, mac_hdr,
rx_auth_frm_body, auth_frame,
challenge_txt_arr, pe_session);
break;
default:
pe_err("rx Auth frm for unsupported auth algo %d "
MAC_ADDRESS_STR,
rx_auth_frm_body->authAlgoNumber,
MAC_ADDR_ARRAY(mac_hdr->sa));
/*
* Responding party does not support the
* authentication algorithm requested by
* sending party.
* Reject by sending Authentication frame
* with auth algorithm not supported status code
*/
auth_frame->authAlgoNumber =
rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
rx_auth_frm_body->authTransactionSeqNumber + 1;
auth_frame->authStatusCode =
eSIR_MAC_AUTH_ALGO_NOT_SUPPORTED_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
return;
}
} else {
pe_err("received Authentication frame for unsupported auth algorithm %d "
MAC_ADDRESS_STR,
rx_auth_frm_body->authAlgoNumber,
MAC_ADDR_ARRAY(mac_hdr->sa));
/*
* Responding party does not support the
* authentication algorithm requested by sending party.
* Reject Authentication with StatusCode=13.
*/
auth_frame->authAlgoNumber = rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
rx_auth_frm_body->authTransactionSeqNumber + 1;
auth_frame->authStatusCode =
eSIR_MAC_AUTH_ALGO_NOT_SUPPORTED_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa,
LIM_NO_WEP_IN_FC,
pe_session, false);
return;
}
}
static void lim_process_auth_frame_type2(tpAniSirGlobal mac_ctx,
tpSirMacMgmtHdr mac_hdr,
tSirMacAuthFrameBody *rx_auth_frm_body,
tSirMacAuthFrameBody *auth_frame,
uint8_t *plainbody,
uint8_t *body_ptr, uint16_t frame_len,
tpPESession pe_session)
{
uint8_t key_id, cfg_privacy_opt_imp;
uint32_t val, key_length = 8;
uint8_t defaultkey[SIR_MAC_KEY_LENGTH];
struct tLimPreAuthNode *auth_node;
uint8_t *encr_auth_frame;
/* AuthFrame 2 */
if (pe_session->limMlmState != eLIM_MLM_WT_AUTH_FRAME2_STATE) {
/**
* Check if a Reassociation is in progress and this is a
* Pre-Auth frame
*/
if (LIM_IS_STA_ROLE(pe_session) &&
(pe_session->limSmeState == eLIM_SME_WT_REASSOC_STATE) &&
(rx_auth_frm_body->authStatusCode ==
eSIR_MAC_SUCCESS_STATUS) &&
(pe_session->ftPEContext.pFTPreAuthReq != NULL) &&
(!qdf_mem_cmp(
pe_session->ftPEContext.pFTPreAuthReq->preAuthbssId,
mac_hdr->sa, sizeof(tSirMacAddr)))) {
/* Update the FTIEs in the saved auth response */
pe_warn("rx PreAuth frm2 in smestate: %d from: %pM",
pe_session->limSmeState, mac_hdr->sa);
pe_session->ftPEContext.saved_auth_rsp_length = 0;
if ((body_ptr != NULL) && (frame_len < MAX_FTIE_SIZE)) {
qdf_mem_copy(
pe_session->ftPEContext.saved_auth_rsp,
body_ptr, frame_len);
pe_session->ftPEContext.saved_auth_rsp_length =
frame_len;
}
} else {
/*
* Received Auth frame2 in an unexpected state.
* Log error and ignore the frame.
*/
pe_debug("rx Auth frm2 from peer in state: %d addr",
pe_session->limMlmState);
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOG1);
}
return;
}
if (qdf_mem_cmp((uint8_t *) mac_hdr->sa,
(uint8_t *) &mac_ctx->lim.gpLimMlmAuthReq->peerMacAddr,
sizeof(tSirMacAddr))) {
/*
* Received Authentication frame from an entity
* other than one request was initiated.
* Wait until Authentication Failure Timeout.
*/
pe_warn("received Auth frame2 from unexpected peer"
MAC_ADDRESS_STR, MAC_ADDR_ARRAY(mac_hdr->sa));
return;
}
if (rx_auth_frm_body->authStatusCode ==
eSIR_MAC_AUTH_ALGO_NOT_SUPPORTED_STATUS) {
/*
* Interoperability workaround: Linksys WAP4400N is returning
* wrong authType in OpenAuth response in case of
* SharedKey AP configuration. Pretend we don't see that,
* so upper layer can fallback to SharedKey authType,
* and successfully connect to the AP.
*/
if (rx_auth_frm_body->authAlgoNumber !=
mac_ctx->lim.gpLimMlmAuthReq->authType) {
rx_auth_frm_body->authAlgoNumber =
mac_ctx->lim.gpLimMlmAuthReq->authType;
}
}
if (rx_auth_frm_body->authAlgoNumber !=
mac_ctx->lim.gpLimMlmAuthReq->authType) {
/*
* Received Authentication frame with an auth
* algorithm other than one requested.
* Wait until Authentication Failure Timeout.
*/
pe_warn("rx Auth frame2 for unexpected auth algo number %d "
MAC_ADDRESS_STR,
rx_auth_frm_body->authAlgoNumber,
MAC_ADDR_ARRAY(mac_hdr->sa));
return;
}
if (rx_auth_frm_body->authStatusCode != eSIR_MAC_SUCCESS_STATUS) {
/*
* Authentication failure.
* Return Auth confirm with received failure code to SME
*/
pe_err("rx Auth frame from peer with failure code %d "
MAC_ADDRESS_STR,
rx_auth_frm_body->authStatusCode,
MAC_ADDR_ARRAY(mac_hdr->sa));
lim_restore_from_auth_state(mac_ctx, eSIR_SME_AUTH_REFUSED,
rx_auth_frm_body->authStatusCode,
pe_session);
return;
}
if (lim_process_fils_auth_frame2(mac_ctx, pe_session,
rx_auth_frm_body)) {
lim_restore_from_auth_state(mac_ctx, eSIR_SME_SUCCESS,
rx_auth_frm_body->authStatusCode, pe_session);
return;
}
if (rx_auth_frm_body->authAlgoNumber == eSIR_OPEN_SYSTEM) {
pe_session->limCurrentAuthType = eSIR_OPEN_SYSTEM;
auth_node = lim_acquire_free_pre_auth_node(mac_ctx,
&mac_ctx->lim.gLimPreAuthTimerTable);
if (auth_node == NULL) {
pe_warn("Max pre-auth nodes reached");
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOGW);
return;
}
pe_debug("Alloc new data: %p peer", auth_node);
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOGD);
qdf_mem_copy((uint8_t *) auth_node->peerMacAddr,
mac_ctx->lim.gpLimMlmAuthReq->peerMacAddr,
sizeof(tSirMacAddr));
auth_node->fTimerStarted = 0;
auth_node->authType =
mac_ctx->lim.gpLimMlmAuthReq->authType;
auth_node->seq_num =
((mac_hdr->seqControl.seqNumHi << 4) |
(mac_hdr->seqControl.seqNumLo));
auth_node->timestamp = qdf_mc_timer_get_system_ticks();
lim_add_pre_auth_node(mac_ctx, auth_node);
lim_restore_from_auth_state(mac_ctx, eSIR_SME_SUCCESS,
rx_auth_frm_body->authStatusCode, pe_session);
} else {
/* Shared key authentication */
if (LIM_IS_AP_ROLE(pe_session))
val = pe_session->privacy;
else if (wlan_cfg_get_int(mac_ctx,
WNI_CFG_PRIVACY_ENABLED,
&val) != eSIR_SUCCESS)
pe_warn("couldnt retrieve Privacy option");
cfg_privacy_opt_imp = (uint8_t) val;
if (!cfg_privacy_opt_imp) {
/*
* Requesting STA does not have WEP implemented.
* Reject with unsupported authentication algo
* Status code & wait until auth failure timeout
*/
pe_err("rx Auth frm from peer for unsupported auth algo %d "
MAC_ADDRESS_STR,
rx_auth_frm_body->authAlgoNumber,
MAC_ADDR_ARRAY(mac_hdr->sa));
auth_frame->authAlgoNumber =
rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
rx_auth_frm_body->authTransactionSeqNumber + 1;
auth_frame->authStatusCode =
eSIR_MAC_AUTH_ALGO_NOT_SUPPORTED_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
return;
}
if (rx_auth_frm_body->type != SIR_MAC_CHALLENGE_TEXT_EID) {
pe_err("rx auth frm with invalid challenge txtie");
return;
}
if (wlan_cfg_get_int(mac_ctx, WNI_CFG_WEP_DEFAULT_KEYID,
&val) != eSIR_SUCCESS)
pe_warn("could not retrieve Default key_id");
key_id = (uint8_t) val;
val = SIR_MAC_KEY_LENGTH;
if (LIM_IS_AP_ROLE(pe_session)) {
tpSirKeys key_ptr =
&pe_session->WEPKeyMaterial[key_id].key[0];
qdf_mem_copy(defaultkey, key_ptr->key,
key_ptr->keyLength);
} else if (wlan_cfg_get_str(mac_ctx,
(uint16_t)(WNI_CFG_WEP_DEFAULT_KEY_1 + key_id),
defaultkey, &val) != eSIR_SUCCESS) {
/* Couldnt get Default key from CFG. */
pe_warn("cant retrieve Defaultkey");
auth_frame->authAlgoNumber =
rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
rx_auth_frm_body->authTransactionSeqNumber + 1;
auth_frame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
lim_send_auth_mgmt_frame(mac_ctx,
auth_frame, mac_hdr->sa,
LIM_NO_WEP_IN_FC,
pe_session, false);
lim_restore_from_auth_state(mac_ctx,
eSIR_SME_INVALID_WEP_DEFAULT_KEY,
eSIR_MAC_UNSPEC_FAILURE_REASON,
pe_session);
return;
}
key_length = val;
((tpSirMacAuthFrameBody)plainbody)->authAlgoNumber =
sir_swap_u16if_needed(rx_auth_frm_body->authAlgoNumber);
((tpSirMacAuthFrameBody)plainbody)->authTransactionSeqNumber =
sir_swap_u16if_needed((uint16_t)(
rx_auth_frm_body->authTransactionSeqNumber
+ 1));
((tpSirMacAuthFrameBody)plainbody)->authStatusCode =
eSIR_MAC_SUCCESS_STATUS;
((tpSirMacAuthFrameBody)plainbody)->type =
SIR_MAC_CHALLENGE_TEXT_EID;
((tpSirMacAuthFrameBody)plainbody)->length =
rx_auth_frm_body->length;
qdf_mem_copy((uint8_t *) (
(tpSirMacAuthFrameBody)plainbody)->challengeText,
rx_auth_frm_body->challengeText,
rx_auth_frm_body->length);
encr_auth_frame = qdf_mem_malloc(rx_auth_frm_body->length +
LIM_ENCR_AUTH_INFO_LEN);
if (!encr_auth_frame) {
pe_err("failed to allocate memory");
return;
}
lim_encrypt_auth_frame(mac_ctx, key_id,
defaultkey, plainbody,
encr_auth_frame, key_length);
pe_session->limMlmState = eLIM_MLM_WT_AUTH_FRAME4_STATE;
MTRACE(mac_trace(mac_ctx, TRACE_CODE_MLM_STATE,
pe_session->peSessionId,
pe_session->limMlmState));
lim_send_auth_mgmt_frame(mac_ctx,
(tpSirMacAuthFrameBody)encr_auth_frame,
mac_hdr->sa, rx_auth_frm_body->length,
pe_session, false);
qdf_mem_free(encr_auth_frame);
return;
}
}
static void lim_process_auth_frame_type3(tpAniSirGlobal mac_ctx,
tpSirMacMgmtHdr mac_hdr,
tSirMacAuthFrameBody *rx_auth_frm_body,
tSirMacAuthFrameBody *auth_frame,
tpPESession pe_session)
{
struct tLimPreAuthNode *auth_node;
/* AuthFrame 3 */
if (rx_auth_frm_body->authAlgoNumber != eSIR_SHARED_KEY) {
pe_err("rx Auth frame3 from peer with auth algo number %d "
MAC_ADDRESS_STR,
rx_auth_frm_body->authAlgoNumber,
MAC_ADDR_ARRAY(mac_hdr->sa));
/*
* Received Authentication frame3 with algorithm other than
* Shared Key authentication type. Reject with Auth frame4
* with 'out of sequence' status code.
*/
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber = SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_AUTH_FRAME_OUT_OF_SEQ_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
return;
}
if (LIM_IS_AP_ROLE(pe_session) ||
LIM_IS_IBSS_ROLE(pe_session)) {
/*
* Check if wep bit was set in FC. If not set,
* reject with Authentication frame4 with
* 'challenge failure' status code.
*/
if (!mac_hdr->fc.wep) {
pe_err("received Auth frame3 from peer with no WEP bit set "
MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(mac_hdr->sa));
/* WEP bit is not set in FC of Auth Frame3 */
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa,
LIM_NO_WEP_IN_FC,
pe_session, false);
return;
}
auth_node = lim_search_pre_auth_list(mac_ctx, mac_hdr->sa);
if (auth_node == NULL) {
pe_warn("received AuthFrame3 from peer that has no preauth context "
MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(mac_hdr->sa));
/*
* No 'pre-auth' context exists for this STA that sent
* an Authentication frame3. Send Auth frame4 with
* 'out of sequence' status code.
*/
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_AUTH_FRAME_OUT_OF_SEQ_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
return;
}
if (auth_node->mlmState == eLIM_MLM_AUTH_RSP_TIMEOUT_STATE) {
pe_warn("auth response timer timedout for peer "
MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(mac_hdr->sa));
/*
* Received Auth Frame3 after Auth Response timeout.
* Reject by sending Auth Frame4 with
* Auth respone timeout Status Code.
*/
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_AUTH_RSP_TIMEOUT_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
/* Delete pre-auth context of STA */
lim_delete_pre_auth_node(mac_ctx, mac_hdr->sa);
return;
}
if (rx_auth_frm_body->authStatusCode !=
eSIR_MAC_SUCCESS_STATUS) {
/*
* Received Authenetication Frame 3 with status code
* other than success. Wait until Auth response timeout
* to delete STA context.
*/
pe_err("rx Auth frm3 from peer with status code %d "
MAC_ADDRESS_STR,
rx_auth_frm_body->authStatusCode,
MAC_ADDR_ARRAY(mac_hdr->sa));
return;
}
/*
* Check if received challenge text is same as one sent in
* Authentication frame3
*/
if (!qdf_mem_cmp(rx_auth_frm_body->challengeText,
auth_node->challengeText,
SIR_MAC_AUTH_CHALLENGE_LENGTH)) {
/*
* Challenge match. STA is autheticated
* Delete Authentication response timer if running
*/
lim_deactivate_and_change_per_sta_id_timer(mac_ctx,
eLIM_AUTH_RSP_TIMER, auth_node->authNodeIdx);
auth_node->fTimerStarted = 0;
auth_node->mlmState = eLIM_MLM_AUTHENTICATED_STATE;
/*
* Send Auth Frame4 with 'success' Status Code.
*/
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_SUCCESS_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
return;
} else {
pe_warn("Challenge failure for peer "MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(mac_hdr->sa));
/*
* Challenge Failure.
* Send Authentication frame4 with 'challenge failure'
* status code and wait until Auth response timeout to
* delete STA context.
*/
auth_frame->authAlgoNumber =
rx_auth_frm_body->authAlgoNumber;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
return;
}
}
}
static void lim_process_auth_frame_type4(tpAniSirGlobal mac_ctx,
tpSirMacMgmtHdr mac_hdr,
tSirMacAuthFrameBody *rx_auth_frm_body,
tpPESession pe_session)
{
struct tLimPreAuthNode *auth_node;
if (pe_session->limMlmState != eLIM_MLM_WT_AUTH_FRAME4_STATE) {
/*
* Received Authentication frame4 in an unexpected state.
* Log error and ignore the frame.
*/
pe_warn("received unexpected Auth frame4 from peer in state %d, addr "
MAC_ADDRESS_STR,
pe_session->limMlmState,
MAC_ADDR_ARRAY(mac_hdr->sa));
return;
}
if (rx_auth_frm_body->authAlgoNumber != eSIR_SHARED_KEY) {
/*
* Received Authentication frame4 with algorithm other than
* Shared Key authentication type.
* Wait until Auth failure timeout to report authentication
* failure to SME.
*/
pe_err("received Auth frame4 from peer with invalid auth algo %d"
MAC_ADDRESS_STR,
rx_auth_frm_body->authAlgoNumber,
MAC_ADDR_ARRAY(mac_hdr->sa));
return;
}
if (qdf_mem_cmp((uint8_t *) mac_hdr->sa,
(uint8_t *) &mac_ctx->lim.gpLimMlmAuthReq->peerMacAddr,
sizeof(tSirMacAddr))) {
/*
* Received Authentication frame from an entity
* other than one to which request was initiated.
* Wait until Authentication Failure Timeout.
*/
pe_warn("received Auth frame4 from unexpected peer "MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(mac_hdr->sa));
return;
}
if (rx_auth_frm_body->authAlgoNumber !=
mac_ctx->lim.gpLimMlmAuthReq->authType) {
/*
* Received Authentication frame with an auth algorithm
* other than one requested.
* Wait until Authentication Failure Timeout.
*/
pe_err("received Authentication frame from peer with invalid auth seq number %d "
MAC_ADDRESS_STR,
rx_auth_frm_body->authTransactionSeqNumber,
MAC_ADDR_ARRAY(mac_hdr->sa));
return;
}
if (rx_auth_frm_body->authStatusCode == eSIR_MAC_SUCCESS_STATUS) {
/*
* Authentication Success, Inform SME of same.
*/
pe_session->limCurrentAuthType = eSIR_SHARED_KEY;
auth_node = lim_acquire_free_pre_auth_node(mac_ctx,
&mac_ctx->lim.gLimPreAuthTimerTable);
if (auth_node == NULL) {
pe_warn("Max pre-auth nodes reached");
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOGW);
return;
}
pe_debug("Alloc new data: %p peer", auth_node);
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOGD);
qdf_mem_copy((uint8_t *) auth_node->peerMacAddr,
mac_ctx->lim.gpLimMlmAuthReq->peerMacAddr,
sizeof(tSirMacAddr));
auth_node->fTimerStarted = 0;
auth_node->authType = mac_ctx->lim.gpLimMlmAuthReq->authType;
auth_node->seq_num = ((mac_hdr->seqControl.seqNumHi << 4) |
(mac_hdr->seqControl.seqNumLo));
auth_node->timestamp = qdf_mc_timer_get_system_ticks();
lim_add_pre_auth_node(mac_ctx, auth_node);
lim_restore_from_auth_state(mac_ctx, eSIR_SME_SUCCESS,
rx_auth_frm_body->authStatusCode, pe_session);
} else {
/*
* Authentication failure.
* Return Auth confirm with received failure code to SME
*/
pe_err("Authentication failure from peer "MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(mac_hdr->sa));
lim_restore_from_auth_state(mac_ctx, eSIR_SME_AUTH_REFUSED,
rx_auth_frm_body->authStatusCode,
pe_session);
}
}
void lim_send_open_system_auth(void *ctx, uint32_t param)
{
tLimMlmAuthReq *auth_req;
tpPESession session_entry;
tpAniSirGlobal mac_ctx = (tpAniSirGlobal)ctx;
uint8_t session_id;
session_id = mac_ctx->lim.limTimers.open_sys_auth_timer.sessionId;
session_entry = pe_find_session_by_session_id(mac_ctx, session_id);
if (!session_entry)
return;
/* Trigger MAC based Authentication */
auth_req = qdf_mem_malloc(sizeof(tLimMlmAuthReq));
if (!auth_req) {
pe_err("mlmAuthReq :Memory alloc failed");
lim_handle_sme_join_result(mac_ctx,
eSIR_SME_AUTH_TIMEOUT_RESULT_CODE,
eSIR_MAC_AUTH_ALGO_NOT_SUPPORTED_STATUS,
session_entry);
tx_timer_deactivate(&mac_ctx->lim.limTimers.
open_sys_auth_timer);
return;
}
sir_copy_mac_addr(auth_req->peerMacAddr, session_entry->bssId);
auth_req->authType = eSIR_OPEN_SYSTEM;
/* Update PE session Id */
auth_req->sessionId = session_id;
if (wlan_cfg_get_int(mac_ctx, WNI_CFG_AUTHENTICATE_FAILURE_TIMEOUT,
(uint32_t *) &auth_req->authFailureTimeout) != eSIR_SUCCESS) {
pe_err("Fail:retrieve AuthFailureTimeout");
}
lim_post_mlm_message(mac_ctx, LIM_MLM_AUTH_REQ, (uint32_t *) auth_req);
tx_timer_deactivate(&mac_ctx->lim.limTimers.open_sys_auth_timer);
}
/**
* lim_process_auth_frame() - to process auth frame
* @mac_ctx - Pointer to Global MAC structure
* @rx_pkt_info - A pointer to Rx packet info structure
* @session - A pointer to session
*
* This function is called by limProcessMessageQueue() upon Authentication
* frame reception.
*
* LOGIC:
* This function processes received Authentication frame and responds
* with either next Authentication frame in sequence to peer MAC entity
* or LIM_MLM_AUTH_IND on AP or LIM_MLM_AUTH_CNF on STA.
*
* NOTE:
* 1. Authentication failures are reported to SME with same status code
* received from the peer MAC entity.
* 2. Authentication frame2/4 received with alogirthm number other than
* one requested in frame1/3 are logged with an error and auth confirm
* will be sent to SME only after auth failure timeout.
* 3. Inconsistency in the spec:
* On receiving Auth frame2, specs says that if WEP key mapping key
* or default key is NULL, Auth frame3 with a status code 15 (challenge
* failure to be returned to peer entity. However, section 7.2.3.10,
* table 14 says that status code field is 'reserved' for frame3 !
* In the current implementation, Auth frame3 is returned with status
* code 15 overriding section 7.2.3.10.
* 4. If number pre-authentications reach configrable max limit,
* Authentication frame with 'unspecified failure' status code is
* returned to requesting entity.
*
* Return: None
*/
void
lim_process_auth_frame(tpAniSirGlobal mac_ctx, uint8_t *rx_pkt_info,
tpPESession pe_session)
{
uint8_t *body_ptr, key_id, cfg_privacy_opt_imp;
uint8_t defaultkey[SIR_MAC_KEY_LENGTH];
uint8_t plainbody[LIM_ENCR_AUTH_BODY_LEN];
uint8_t decrypt_result;
uint16_t frame_len, curr_seq_num = 0;
uint32_t val, key_length = 8;
tSirMacAuthFrameBody *rx_auth_frm_body, *rx_auth_frame, *auth_frame;
tpSirMacMgmtHdr mac_hdr;
struct tLimPreAuthNode *auth_node;
/* Get pointer to Authentication frame header and body */
mac_hdr = WMA_GET_RX_MAC_HEADER(rx_pkt_info);
frame_len = WMA_GET_RX_PAYLOAD_LEN(rx_pkt_info);
if (!frame_len) {
/* Log error */
pe_err("received Auth frame with no body from: %pM",
mac_hdr->sa);
return;
}
if (lim_is_group_addr(mac_hdr->sa)) {
/*
* Received Auth frame from a BC/MC address
* Log error and ignore it
*/
pe_err("received Auth frame from a BC/MC addr: %pM",
mac_hdr->sa);
return;
}
curr_seq_num = (mac_hdr->seqControl.seqNumHi << 4) |
(mac_hdr->seqControl.seqNumLo);
pe_info("Sessionid: %d System role: %d limMlmState: %d: Auth response Received BSSID: "MAC_ADDRESS_STR" RSSI: %d",
pe_session->peSessionId, GET_LIM_SYSTEM_ROLE(pe_session),
pe_session->limMlmState, MAC_ADDR_ARRAY(mac_hdr->bssId),
(uint) abs((int8_t) WMA_GET_RX_RSSI_NORMALIZED(rx_pkt_info)));
body_ptr = WMA_GET_RX_MPDU_DATA(rx_pkt_info);
/* Restore default failure timeout */
if (QDF_P2P_CLIENT_MODE == pe_session->pePersona &&
pe_session->defaultAuthFailureTimeout) {
pe_debug("Restore default failure timeout");
cfg_set_int(mac_ctx, WNI_CFG_AUTHENTICATE_FAILURE_TIMEOUT,
pe_session->defaultAuthFailureTimeout);
}
rx_auth_frame = qdf_mem_malloc(sizeof(tSirMacAuthFrameBody));
if (!rx_auth_frame) {
pe_err("failed to allocate memory");
return;
}
auth_frame = qdf_mem_malloc(sizeof(tSirMacAuthFrameBody));
if (!auth_frame) {
pe_err("failed to allocate memory");
goto free;
}
/*
* Determine if WEP bit is set in the FC or received MAC header
* Note: WEP bit is set in FC of MAC header.
*/
if (mac_hdr->fc.wep) {
/*
* If TKIP counter measures enabled then issue Deauth
* frame to station
*/
if (pe_session->bTkipCntrMeasActive &&
LIM_IS_AP_ROLE(pe_session)) {
pe_err("Tkip counter enabled, send deauth to: %pM",
mac_hdr->sa);
lim_send_deauth_mgmt_frame(mac_ctx,
eSIR_MAC_MIC_FAILURE_REASON,
mac_hdr->sa, pe_session, false);
goto free;
}
/* Extract key ID from IV (most 2 bits of 4th byte of IV) */
key_id = (*(body_ptr + 3)) >> 6;
/*
* On STA in infrastructure BSS, Authentication frames received
* with WEP bit set in the FC must be rejected with challenge
* failure status code (wierd thing in the spec - this should've
* been rejected with unspecified failure/unexpected assertion
* of wep bit (this status code does not exist though) or
* Out-of-sequence-Authentication-Frame status code.
*/
if (LIM_IS_STA_ROLE(pe_session)) {
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
/* Log error */
pe_err("rx Auth frm with wep bit set role: %d %pM",
GET_LIM_SYSTEM_ROLE(pe_session), mac_hdr->sa);
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
goto free;
}
if (frame_len < LIM_ENCR_AUTH_BODY_LEN) {
/* Log error */
pe_err("Not enough size: %d to decry rx Auth frm",
frame_len);
lim_print_mac_addr(mac_ctx, mac_hdr->sa, LOGE);
goto free;
}
if (LIM_IS_AP_ROLE(pe_session)) {
val = pe_session->privacy;
} else if (wlan_cfg_get_int(mac_ctx, WNI_CFG_PRIVACY_ENABLED,
&val) != eSIR_SUCCESS) {
/*
* Accept Authentication frame only if Privacy is
* implemented, if Could not get Privacy option
* from CFG then Log fatal error
*/
pe_warn("could not retrieve Privacy option");
}
cfg_privacy_opt_imp = (uint8_t) val;
if (!cfg_privacy_opt_imp) {
pe_err("received Authentication frame3 from peer that while privacy option is turned OFF "
MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(mac_hdr->sa));
/*
* Privacy option is not implemented.
* So reject Authentication frame received with
* WEP bit set by sending Authentication frame
* with 'challenge failure' status code. This is
* another strange thing in the spec. Status code
* should have been 'unsupported algorithm' status code.
*/
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
goto free;
}
/*
* Privacy option is implemented. Check if the received frame is
* Authentication frame3 and there is a context for requesting
* STA. If not, reject with unspecified failure status code
*/
auth_node = lim_search_pre_auth_list(mac_ctx, mac_hdr->sa);
if (auth_node == NULL) {
pe_err("rx Auth frame with no preauth ctx with WEP bit set "
MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(mac_hdr->sa));
/*
* No 'pre-auth' context exists for this STA
* that sent an Authentication frame with FC
* bit set. Send Auth frame4 with
* 'out of sequence' status code.
*/
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_AUTH_FRAME_OUT_OF_SEQ_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
goto free;
}
/* Change the auth-response timeout */
lim_deactivate_and_change_per_sta_id_timer(mac_ctx,
eLIM_AUTH_RSP_TIMER, auth_node->authNodeIdx);
/* 'Pre-auth' status exists for STA */
if ((auth_node->mlmState != eLIM_MLM_WT_AUTH_FRAME3_STATE) &&
(auth_node->mlmState !=
eLIM_MLM_AUTH_RSP_TIMEOUT_STATE)) {
pe_err("received Authentication frame from peer that is in state %d "
MAC_ADDRESS_STR,
auth_node->mlmState,
MAC_ADDR_ARRAY(mac_hdr->sa));
/*
* Should not have received Authentication frame
* with WEP bit set in FC in other states.
* Reject by sending Authenticaton frame with
* out of sequence Auth frame status code.
*/
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_AUTH_FRAME_OUT_OF_SEQ_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
goto free;
}
val = SIR_MAC_KEY_LENGTH;
if (LIM_IS_AP_ROLE(pe_session)) {
tpSirKeys key_ptr;
key_ptr = &pe_session->WEPKeyMaterial[key_id].key[0];
qdf_mem_copy(defaultkey, key_ptr->key,
key_ptr->keyLength);
val = key_ptr->keyLength;
} else if (wlan_cfg_get_str(mac_ctx,
(uint16_t) (WNI_CFG_WEP_DEFAULT_KEY_1 + key_id),
defaultkey, &val) != eSIR_SUCCESS) {
pe_warn("could not retrieve Default key");
/*
* Send Authentication frame
* with challenge failure status code
*/
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
goto free;
}
key_length = val;
decrypt_result = lim_decrypt_auth_frame(mac_ctx, defaultkey,
body_ptr, plainbody, key_length,
(uint16_t) (frame_len -
SIR_MAC_WEP_IV_LENGTH));
if (decrypt_result == LIM_DECRYPT_ICV_FAIL) {
pe_err("received Authentication frame from peer that failed decryption: "
MAC_ADDRESS_STR,
MAC_ADDR_ARRAY(mac_hdr->sa));
/* ICV failure */
lim_delete_pre_auth_node(mac_ctx, mac_hdr->sa);
auth_frame->authAlgoNumber = eSIR_SHARED_KEY;
auth_frame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
auth_frame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
lim_send_auth_mgmt_frame(mac_ctx, auth_frame,
mac_hdr->sa, LIM_NO_WEP_IN_FC,
pe_session, false);
goto free;
}
if ((sir_convert_auth_frame2_struct(mac_ctx, plainbody,
frame_len - 8, rx_auth_frame) != eSIR_SUCCESS)
|| (!is_auth_valid(mac_ctx, rx_auth_frame,
pe_session))) {
pe_err("failed to convert Auth Frame to structure or Auth is not valid");
goto free;
}
} else if ((sir_convert_auth_frame2_struct(mac_ctx, body_ptr,
frame_len, rx_auth_frame) != eSIR_SUCCESS)
|| (!is_auth_valid(mac_ctx, rx_auth_frame,
pe_session))) {
pe_err("failed to convert Auth Frame to structure or Auth is not valid");
goto free;
}
rx_auth_frm_body = rx_auth_frame;
pe_debug("Received Auth frame with type: %d seqnum: %d status: %d %d",
(uint32_t) rx_auth_frm_body->authAlgoNumber,
(uint32_t) rx_auth_frm_body->authTransactionSeqNumber,
(uint32_t) rx_auth_frm_body->authStatusCode,
(uint32_t) mac_ctx->lim.gLimNumPreAuthContexts);
if (!lim_is_valid_fils_auth_frame(mac_ctx, pe_session,
rx_auth_frm_body)) {
pe_err("Received invalid FILS auth packet");
goto free;
}
/*
* IOT Workaround: with invalid WEP key, some APs reply
* AuthFrame 4 with invalid seqNumber. This AuthFrame
* will be dropped by driver, thus driver sends the
* generic status code instead of protocol status code.
* As a workaround, override AuthFrame 4's seqNumber.
*/
if ((pe_session->limMlmState ==
eLIM_MLM_WT_AUTH_FRAME4_STATE) &&
(rx_auth_frm_body->authTransactionSeqNumber !=
SIR_MAC_AUTH_FRAME_1) &&
(rx_auth_frm_body->authTransactionSeqNumber !=
SIR_MAC_AUTH_FRAME_2) &&
(rx_auth_frm_body->authTransactionSeqNumber !=
SIR_MAC_AUTH_FRAME_3)) {
pe_warn("Override AuthFrame 4's seqNumber to 4");
rx_auth_frm_body->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
}
switch (rx_auth_frm_body->authTransactionSeqNumber) {
case SIR_MAC_AUTH_FRAME_1:
lim_process_auth_frame_type1(mac_ctx,
mac_hdr, rx_auth_frm_body, rx_pkt_info,
curr_seq_num, auth_frame, pe_session);
break;
case SIR_MAC_AUTH_FRAME_2:
lim_process_auth_frame_type2(mac_ctx,
mac_hdr, rx_auth_frm_body, auth_frame, plainbody,
body_ptr, frame_len, pe_session);
break;
case SIR_MAC_AUTH_FRAME_3:
lim_process_auth_frame_type3(mac_ctx,
mac_hdr, rx_auth_frm_body, auth_frame, pe_session);
break;
case SIR_MAC_AUTH_FRAME_4:
lim_process_auth_frame_type4(mac_ctx,
mac_hdr, rx_auth_frm_body, pe_session);
break;
default:
/* Invalid Authentication Frame received. Ignore it. */
pe_warn("rx auth frm with invalid authseq no: %d from: %pM",
rx_auth_frm_body->authTransactionSeqNumber,
mac_hdr->sa);
break;
}
free:
if (auth_frame)
qdf_mem_free(auth_frame);
if (rx_auth_frame)
qdf_mem_free(rx_auth_frame);
}
/*----------------------------------------------------------------------
*
* Pass the received Auth frame. This is possibly the pre-auth from the
* neighbor AP, in the same mobility domain.
* This will be used in case of 11r FT.
*
* !!!! This is going to be renoved for the next checkin. We will be creating
* the session before sending out the Auth. Thus when auth response
* is received we will have a session in progress. !!!!!
***----------------------------------------------------------------------
*/
tSirRetStatus lim_process_auth_frame_no_session(tpAniSirGlobal pMac, uint8_t *pBd,
void *body)
{
tpSirMacMgmtHdr pHdr;
tpPESession psessionEntry = NULL;
uint8_t *pBody;
uint16_t frameLen;
tSirMacAuthFrameBody rxAuthFrame;
tSirMacAuthFrameBody *pRxAuthFrameBody = NULL;
tSirRetStatus ret_status = eSIR_FAILURE;
int i;
pHdr = WMA_GET_RX_MAC_HEADER(pBd);
pBody = WMA_GET_RX_MPDU_DATA(pBd);
frameLen = WMA_GET_RX_PAYLOAD_LEN(pBd);
pe_info("Auth Frame Received: BSSID " MAC_ADDRESS_STR " (RSSI %d)",
MAC_ADDR_ARRAY(pHdr->bssId),
(uint) abs((int8_t) WMA_GET_RX_RSSI_NORMALIZED(pBd)));
/* Auth frame has come on a new BSS, however, we need to find the session
* from where the auth-req was sent to the new AP
*/
for (i = 0; i < pMac->lim.maxBssId; i++) {
/* Find first free room in session table */
if (pMac->lim.gpSession[i].valid == true &&
pMac->lim.gpSession[i].ftPEContext.ftPreAuthSession ==
true) {
/* Found the session */
psessionEntry = &pMac->lim.gpSession[i];
pMac->lim.gpSession[i].ftPEContext.ftPreAuthSession =
false;
}
}
if (psessionEntry == NULL) {
pe_debug("cannot find session id in FT pre-auth phase");
return eSIR_FAILURE;
}
if (psessionEntry->ftPEContext.pFTPreAuthReq == NULL) {
pe_err("Error: No FT");
/* No FT in progress. */
return eSIR_FAILURE;
}
if (frameLen == 0) {
pe_err("Error: Frame len = 0");
return eSIR_FAILURE;
}
lim_print_mac_addr(pMac, pHdr->bssId, LOGD);
lim_print_mac_addr(pMac,
psessionEntry->ftPEContext.pFTPreAuthReq->preAuthbssId,
LOGD);
pe_debug("seqControl: 0x%X",
((pHdr->seqControl.seqNumHi << 8) |
(pHdr->seqControl.seqNumLo << 4) |
(pHdr->seqControl.fragNum)));
/* Check that its the same bssId we have for preAuth */
if (qdf_mem_cmp
(psessionEntry->ftPEContext.pFTPreAuthReq->preAuthbssId,
pHdr->bssId, sizeof(tSirMacAddr))) {
pe_err("Error: Same bssid as preauth BSSID");
/* In this case SME if indeed has triggered a */
/* pre auth it will time out. */
return eSIR_FAILURE;
}
if (true ==
psessionEntry->ftPEContext.pFTPreAuthReq->bPreAuthRspProcessed) {
/*
* This is likely a duplicate for the same pre-auth request.
* PE/LIM already posted a response to SME. Hence, drop it.
* TBD:
* 1) How did we even receive multiple auth responses?
* 2) Do we need to delete pre-auth session? Suppose we
* previously received an auth resp with failure which
* would not have created the session and forwarded to SME.
* And, we subsequently received an auth resp with success
* which would have created the session. This will now be
* dropped without being forwarded to SME! However, it is
* very unlikely to receive auth responses from the same
* AP with different reason codes.
* NOTE: return eSIR_SUCCESS so that the packet is dropped
* as this was indeed a response from the BSSID we tried to
* pre-auth.
*/
pe_debug("Auth rsp already posted to SME"
" (session %p, FT session %p)", psessionEntry,
psessionEntry);
return eSIR_SUCCESS;
} else {
pe_warn("Auth rsp not yet posted to SME"
" (session %p, FT session %p)", psessionEntry,
psessionEntry);
psessionEntry->ftPEContext.pFTPreAuthReq->bPreAuthRspProcessed =
true;
}
pe_debug("Pre-Auth response received from neighbor");
pe_debug("Pre-Auth done state");
/* Stopping timer now, that we have our unicast from the AP */
/* of our choice. */
lim_deactivate_and_change_timer(pMac, eLIM_FT_PREAUTH_RSP_TIMER);
/* Save off the auth resp. */
if ((sir_convert_auth_frame2_struct(pMac, pBody, frameLen, &rxAuthFrame) !=
eSIR_SUCCESS)) {
pe_err("failed to convert Auth frame to struct");
lim_handle_ft_pre_auth_rsp(pMac, eSIR_FAILURE, NULL, 0,
psessionEntry);
return eSIR_FAILURE;
}
pRxAuthFrameBody = &rxAuthFrame;
pe_debug("Received Auth frame with type: %d seqnum: %d status: %d %d",
(uint32_t) pRxAuthFrameBody->authAlgoNumber,
(uint32_t) pRxAuthFrameBody->authTransactionSeqNumber,
(uint32_t) pRxAuthFrameBody->authStatusCode,
(uint32_t) pMac->lim.gLimNumPreAuthContexts);
switch (pRxAuthFrameBody->authTransactionSeqNumber) {
case SIR_MAC_AUTH_FRAME_2:
if (pRxAuthFrameBody->authStatusCode != eSIR_MAC_SUCCESS_STATUS) {
pe_err("Auth status code received is %d",
(uint32_t) pRxAuthFrameBody->authStatusCode);
if (eSIR_MAC_MAX_ASSOC_STA_REACHED_STATUS ==
pRxAuthFrameBody->authStatusCode)
ret_status = eSIR_LIM_MAX_STA_REACHED_ERROR;
} else {
ret_status = eSIR_SUCCESS;
}
break;
default:
pe_warn("Seq. no incorrect expected 2 received %d",
(uint32_t) pRxAuthFrameBody->authTransactionSeqNumber);
break;
}
/* Send the Auth response to SME */
lim_handle_ft_pre_auth_rsp(pMac, ret_status, pBody, frameLen, psessionEntry);
return ret_status;
}