Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 600c3a00be1b7a73e72c94bbb4a2c6f2446c8b6e / . / core / mac / src / pe / lim / lim_sme_req_utils.c
blob: fc26863062098accba589738b015b43d782e16a7 [file] [log] [blame]
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]1/*
Srinivas Girigowda9efa10e2016-01-04 18:49:40 -0800[diff] [blame]2 * Copyright (c) 2011-2016 The Linux Foundation. All rights reserved.
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]3 *
4 * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
5 *
6 *
7 * Permission to use, copy, modify, and/or distribute this software for
8 * any purpose with or without fee is hereby granted, provided that the
9 * above copyright notice and this permission notice appear in all
10 * copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
13 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
14 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
15 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
16 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
17 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
18 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
19 * PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * This file was originally distributed by Qualcomm Atheros, Inc.
24 * under proprietary terms before Copyright ownership was assigned
25 * to the Linux Foundation.
26 */
27
28/*
29 *
30 * This file lim_sme_req_utils.cc contains the utility functions
31 * for processing SME request messages.
32 * Author: Chandra Modumudi
33 * Date: 02/11/02
34 * History:-
35 * Date Modified by Modification Information
36 * --------------------------------------------------------------------
37 * 05/26/10 js WPA handling in (Re)Assoc frames
38 *
39 */
40
41#include "wni_api.h"
42#include "wni_cfg.h"
43#include "cfg_api.h"
44#include "sir_api.h"
45#include "sch_api.h"
46#include "utils_api.h"
47#include "lim_types.h"
48#include "lim_utils.h"
49#include "lim_assoc_utils.h"
50#include "lim_security_utils.h"
51#include "lim_ser_des_utils.h"
52
53/**
54 * lim_is_rs_nie_valid_in_sme_req_message()
55 *
56 * @mac_ctx Pointer to Global MAC structure
57 * @rsn_ie Pointer to received RSN IE
58 *
59 * This function is called to verify if the RSN IE received in various SME_REQ
60 * messages is valid or not
61 *
62 * Return: true when RSN IE is valid, false otherwise
63 *
64 */
65
66static uint8_t
67lim_is_rsn_ie_valid_in_sme_req_message(tpAniSirGlobal mac_ctx, tpSirRSNie rsn_ie)
68{
69 uint8_t start = 0;
70 uint32_t privacy, val;
71 int len;
72
73 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_PRIVACY_ENABLED,
74 &privacy) != eSIR_SUCCESS) {
75 lim_log(mac_ctx, LOGP, FL("Unable to retrieve POI from CFG"));
76 }
77
78 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_RSN_ENABLED, &val)
79 != eSIR_SUCCESS) {
80 lim_log(mac_ctx, LOGP,
81 FL("Unable to retrieve RSN_ENABLED from CFG"));
82 }
83
84 if (rsn_ie->length && (!privacy || !val)) {
85 /* Privacy & RSN not enabled in CFG.
86 * In order to allow mixed mode for Guest access
87 * allow BSS creation/join with no Privacy capability
88 * yet advertising WPA IE
89 */
90 PELOG1(lim_log(mac_ctx, LOG1,
91 FL("RSN ie len %d PRIVACY %d RSN %d"),
92 rsn_ie->length, privacy, val);)
93 }
94
95 if (!rsn_ie->length)
96 return true;
97
98 if ((rsn_ie->rsnIEdata[0] != DOT11F_EID_RSN)
99#ifdef FEATURE_WLAN_WAPI
100 && (rsn_ie->rsnIEdata[0] != DOT11F_EID_WAPI)
101#endif
102 && (rsn_ie->rsnIEdata[0] != DOT11F_EID_WPA)) {
103 lim_log(mac_ctx, LOGE, FL("RSN/WPA/WAPI EID %d not [%d || %d]"),
104 rsn_ie->rsnIEdata[0], DOT11F_EID_RSN,
105 DOT11F_EID_WPA);
106 return false;
107 }
108
109 len = rsn_ie->length;
110 start = 0;
111 while (len > 0) {
112 switch (rsn_ie->rsnIEdata[start]) {
113 case DOT11F_EID_RSN:
114 /* Check validity of RSN IE */
115 if ((rsn_ie->rsnIEdata[start + 1] >
116 DOT11F_IE_RSN_MAX_LEN)
117 || (rsn_ie->rsnIEdata[start + 1] <
118 DOT11F_IE_RSN_MIN_LEN)) {
119 lim_log(mac_ctx, LOGE,
120 FL("RSN IE len %d not [%d,%d]"),
121 rsn_ie->rsnIEdata[start + 1],
122 DOT11F_IE_RSN_MIN_LEN,
123 DOT11F_IE_RSN_MAX_LEN);
124 return false;
125 }
126 break;
127 case DOT11F_EID_WPA:
128 /* Check validity of WPA IE */
129 if (SIR_MAC_MAX_IE_LENGTH <= start)
130 break;
131
132 if (start <= (SIR_MAC_MAX_IE_LENGTH - sizeof(uint32_t)))
133 val = sir_read_u32((uint8_t *) &
134 rsn_ie->rsnIEdata[start + 2]);
135
136 if ((rsn_ie->rsnIEdata[start + 1] <
137 DOT11F_IE_WPA_MIN_LEN)
138 || (rsn_ie->rsnIEdata[start + 1] >
139 DOT11F_IE_WPA_MAX_LEN)
140 || (SIR_MAC_WPA_OUI != val)) {
141 lim_log(mac_ctx, LOGE,
142 FL("WPA IE len %d not [%d,%d] OR data 0x%x not 0x%x"),
143 rsn_ie->rsnIEdata[start + 1],
144 DOT11F_IE_WPA_MIN_LEN,
145 DOT11F_IE_WPA_MAX_LEN,
146 val, SIR_MAC_WPA_OUI);
147 return false;
148 }
149 break;
150#ifdef FEATURE_WLAN_WAPI
151 case DOT11F_EID_WAPI:
152 if ((rsn_ie->rsnIEdata[start + 1] >
153 DOT11F_IE_WAPI_MAX_LEN)
154 || (rsn_ie->rsnIEdata[start + 1] <
155 DOT11F_IE_WAPI_MIN_LEN)) {
156 lim_log(mac_ctx, LOGE,
157 FL("WAPI IE len %d not [%d,%d]"),
158 rsn_ie->rsnIEdata[start + 1],
159 DOT11F_IE_WAPI_MIN_LEN,
160 DOT11F_IE_WAPI_MAX_LEN);
161 return false;
162 }
163 break;
164#endif
165 default:
166 /* we will never be here, simply for completeness */
167 return false;
168 } /* end of switch */
169 /* EID + length field + length */
170 start += 2 + rsn_ie->rsnIEdata[start + 1];
171 len -= start;
172 } /* end while loop */
173 return true;
174} /*** end lim_is_rs_nie_valid_in_sme_req_message() ***/
175
176/**
177 * lim_is_addie_valid_in_sme_req_message()
178 *
179 ***FUNCTION:
180 * This function is called to verify if the Add IE
181 * received in various SME_REQ messages is valid or not
182 *
183 ***LOGIC:
184 * Add IE validity checks are performed on only length
185 *
186 ***ASSUMPTIONS:
187 *
188 ***NOTE:
189 *
190 * @param pMac Pointer to Global MAC structure
191 * @param pWSCie Pointer to received WSC IE
192 * @return true when WSC IE is valid, false otherwise
193 */
194
195static uint8_t
196lim_is_addie_valid_in_sme_req_message(tpAniSirGlobal pMac, tpSirAddie pAddie)
197{
198 int left = pAddie->length;
199 uint8_t *ptr = pAddie->addIEdata;
200 uint8_t elem_id, elem_len;
201
202 if (left == 0)
203 return true;
204
205 while (left >= 2) {
206 elem_id = ptr[0];
207 elem_len = ptr[1];
208 left -= 2;
209 if (elem_len > left) {
210 lim_log(pMac, LOGE,
211 FL
212 ("****Invalid Add IEs eid = %d elem_len=%d left=%d*****"),
213 elem_id, elem_len, left);
214 return false;
215 }
216
217 left -= elem_len;
218 ptr += (elem_len + 2);
219 }
220 /* there shouldn't be any left byte */
221
222 return true;
223} /*** end lim_is_addie_valid_in_sme_req_message() ***/
224
225/**
226 * lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message() - to set rsnie/wpaie
227 *
228 * @mac_ctx : Pointer to Global MAC structure
229 * @rsn_ie : Pointer to received RSN IE
230 * @session : Pointer to pe session
231 *
232 * This function is called to verify if the RSN IE received in various
233 * SME_REQ messages is valid or not. RSN IE validity checks are performed in
234 * this function
235 *
236 * Return: true when RSN IE is valid, false otherwise
237 */
238uint8_t
239lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
240 tpSirRSNie rsn_ie,
241 tpPESession session)
242{
243 uint8_t wpa_idx = 0;
244 uint32_t privacy, val;
245
246 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_PRIVACY_ENABLED,
247 &privacy) != eSIR_SUCCESS)
248 lim_log(mac_ctx, LOGP, FL("Unable to retrieve POI from CFG"));
249
250 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_RSN_ENABLED,
251 &val) != eSIR_SUCCESS)
252 lim_log(mac_ctx, LOGP,
253 FL("Unable to retrieve RSN_ENABLED from CFG"));
254
255 if (rsn_ie->length && (!privacy || !val)) {
256 /*
257 * Privacy & RSN not enabled in CFG.
258 * In order to allow mixed mode for Guest access
259 * allow BSS creation/join with no Privacy capability
260 * yet advertising WPA IE
261 */
262 lim_log(mac_ctx, LOG1,
263 FL("RSN ie len %d but PRIVACY %d RSN %d"),
264 rsn_ie->length, privacy, val);
265 }
266
267 if (!rsn_ie->length)
268 return true;
269
270 if ((rsn_ie->rsnIEdata[0] != SIR_MAC_RSN_EID) &&
271 (rsn_ie->rsnIEdata[0] != SIR_MAC_WPA_EID)) {
272 lim_log(mac_ctx, LOGE, FL("RSN/WPA EID %d not [%d || %d]"),
273 rsn_ie->rsnIEdata[0], SIR_MAC_RSN_EID,
274 SIR_MAC_WPA_EID);
275 return false;
276 }
277 /* Check validity of RSN IE */
278 if ((rsn_ie->rsnIEdata[0] == SIR_MAC_RSN_EID) &&
279 (rsn_ie->rsnIEdata[1] < SIR_MAC_RSN_IE_MIN_LENGTH)) {
280 lim_log(mac_ctx, LOGE, FL("RSN IE len %d not [%d,%d]"),
281 rsn_ie->rsnIEdata[1], SIR_MAC_RSN_IE_MIN_LENGTH,
282 SIR_MAC_RSN_IE_MAX_LENGTH);
283 return false;
284 }
285
286 if (rsn_ie->length > rsn_ie->rsnIEdata[1] + 2) {
287 if (rsn_ie->rsnIEdata[0] != SIR_MAC_RSN_EID) {
288 lim_log(mac_ctx, LOGE,
289 FL("First byte[%d] in rsnIEdata isn't RSN_EID"),
290 rsn_ie->rsnIEdata[1]);
291 return false;
292 }
293 lim_log(mac_ctx, LOG1,
294 FL("WPA IE is present along with WPA2 IE"));
295 wpa_idx = 2 + rsn_ie->rsnIEdata[1];
296 } else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2) &&
297 (rsn_ie->rsnIEdata[0] == SIR_MAC_RSN_EID)) {
298 lim_log(mac_ctx, LOG1, FL("Only RSN IE is present"));
299 dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
300 (uint8_t) rsn_ie->length,
301 &session->gStartBssRSNIe);
302 } else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2)
303 && (rsn_ie->rsnIEdata[0] == SIR_MAC_WPA_EID)) {
304 lim_log(mac_ctx, LOG1, FL("Only WPA IE is present"));
305 dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[6],
306 (uint8_t) rsn_ie->length - 4,
307 &session->gStartBssWPAIe);
308 }
309 /* Check validity of WPA IE */
310 if (wpa_idx + 6 >= SIR_MAC_MAX_IE_LENGTH)
311 return false;
312
313 val = sir_read_u32((uint8_t *)&rsn_ie->rsnIEdata[wpa_idx + 2]);
314 if ((rsn_ie->rsnIEdata[wpa_idx] == SIR_MAC_WPA_EID)
315 && ((rsn_ie->rsnIEdata[wpa_idx + 1] < SIR_MAC_WPA_IE_MIN_LENGTH)
316 || (SIR_MAC_WPA_OUI != val))) {
317 lim_log(mac_ctx, LOGE,
318 FL("WPA IE len %d not [%d,%d] OR data 0x%x not 0x%x"),
319 rsn_ie->rsnIEdata[1],
320 SIR_MAC_RSN_IE_MIN_LENGTH,
321 SIR_MAC_RSN_IE_MAX_LENGTH, val,
322 SIR_MAC_WPA_OUI);
323 return false;
324 } else {
325 /* Both RSN and WPA IEs are present */
326 dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
327 (uint8_t) rsn_ie->length,
328 &session->gStartBssRSNIe);
329 dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[wpa_idx + 6],
330 rsn_ie->rsnIEdata[wpa_idx + 1] - 4,
331 &session->gStartBssWPAIe);
332 }
333 return true;
334}
335
336/**
337 * lim_is_bss_descr_valid_in_sme_req_message()
338 *
339 ***FUNCTION:
340 * This function is called to verify if the BSS Descr
341 * received in various SME_REQ messages is valid or not
342 *
343 ***LOGIC:
344 * BSS Descritipion validity checks are performed in this function
345 *
346 ***ASSUMPTIONS:
347 *
348 ***NOTE:
349 *
350 * @param pMac Pointer to Global MAC structure
351 * @param pBssDescr Pointer to received Bss Descritipion
352 * @return true when BSS description is valid, false otherwise
353 */
354
355static uint8_t
356lim_is_bss_descr_valid_in_sme_req_message(tpAniSirGlobal pMac,
357 tpSirBssDescription pBssDescr)
358{
359 uint8_t valid = true;
360
361 if (lim_is_addr_bc(pBssDescr->bssId) || !pBssDescr->channelId) {
362 valid = false;
363 goto end;
364 }
365
366end:
367 return valid;
368} /*** end lim_is_bss_descr_valid_in_sme_req_message() ***/
369
370/**
371 * lim_is_sme_start_bss_req_valid() - To validate sme start bss request
372 *
373 * @mac_ctx: Pointer to Global MAC structure
374 * @start_bss_req: Pointer to received SME_START_BSS_REQ message
375 *
376 * This function is called by lim_process_sme_req_messages() upon
377 * receiving SME_START_BSS_REQ message from application.
378 *
379 * Return: true when received SME_START_BSS_REQ is formatted correctly false
380 * otherwise
381 */
382
383uint8_t
384lim_is_sme_start_bss_req_valid(tpAniSirGlobal mac_ctx,
385 tpSirSmeStartBssReq start_bss_req)
386{
387 uint8_t i = 0;
388 tSirMacRateSet *opr_rates = &start_bss_req->operationalRateSet;
389
390 PELOG1(lim_log(mac_ctx, LOG1,
Sreelakshmi Konamki39acb132015-12-16 13:06:22 +0530[diff] [blame]391 FL("Parsed START_BSS_REQ fields are bssType=%s (%d), channelId=%d, SSID len=%d, rsnIE len=%d, nwType=%d, rateset len=%d"),
392 lim_bss_type_to_string(start_bss_req->bssType),
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]393 start_bss_req->bssType, start_bss_req->channelId,
394 start_bss_req->ssId.length, start_bss_req->rsnIE.length,
395 start_bss_req->nwType, opr_rates->numRates);)
396
397 switch (start_bss_req->bssType) {
398 case eSIR_INFRASTRUCTURE_MODE:
399 /**
400 * Should not have received start BSS req with bssType
401 * Infrastructure on STA.
402 */
403 lim_log(mac_ctx, LOGE,
404 FL("Invalid bssType %d in eWNI_SME_START_BSS_REQ"),
405 start_bss_req->bssType);
406 return false;
407 break;
408 case eSIR_IBSS_MODE:
409 break;
410 case eSIR_BTAMP_STA_MODE:
411 break;
412 case eSIR_BTAMP_AP_MODE:
413 break;
414 case eSIR_INFRA_AP_MODE:
415 break;
416 default:
417 /**
418 * Should not have received start BSS req with bssType
419 * other than Infrastructure/IBSS.
420 */
421 lim_log(mac_ctx, LOGW,
422 FL("Invalid bssType %d in eWNI_SME_START_BSS_REQ"),
423 start_bss_req->bssType);
424 return false;
425 }
426
427 if (start_bss_req->bssType == eSIR_IBSS_MODE
428 && (!start_bss_req->ssId.length
429 || start_bss_req->ssId.length > SIR_MAC_MAX_SSID_LENGTH)) {
430 lim_log(mac_ctx, LOGW,
431 FL("Invalid SSID length in eWNI_SME_START_BSS_REQ"));
432 return false;
433 }
434
435 if (!lim_is_rsn_ie_valid_in_sme_req_message(mac_ctx,
436 &start_bss_req->rsnIE))
437 return false;
438
439 if (start_bss_req->nwType != eSIR_11A_NW_TYPE
440 && start_bss_req->nwType != eSIR_11B_NW_TYPE
441 && start_bss_req->nwType != eSIR_11G_NW_TYPE)
442 return false;
443
444 if (start_bss_req->nwType == eSIR_11A_NW_TYPE) {
445 for (i = 0; i < opr_rates->numRates; i++) {
446 if (sirIsArate(opr_rates->rate[i] & 0x7F))
447 continue;
448
449 lim_log(mac_ctx, LOGW,
450 FL("Invalid operational 11A rates"));
451 sir_dump_buf(mac_ctx, SIR_LIM_MODULE_ID, LOG2,
452 opr_rates->rate, opr_rates->numRates);
453 return false;
454 }
455 return true;
456 }
457 /* check if all the rates in the opr rate set are legal 11G rates */
458 if (start_bss_req->nwType == eSIR_11G_NW_TYPE) {
459 for (i = 0; i < opr_rates->numRates; i++) {
460 if (sirIsGrate(opr_rates->rate[i] & 0x7F))
461 continue;
462
463 lim_log(mac_ctx, LOGW,
464 FL("Invalid operational 11G rates"));
465 sir_dump_buf(mac_ctx, SIR_LIM_MODULE_ID, LOG2,
466 opr_rates->rate, opr_rates->numRates);
467 return false;
468 }
469 return true;
470 }
471
472 for (i = 0; i < opr_rates->numRates; i++) {
473 if (sirIsBrate(opr_rates->rate[i] & 0x7F))
474 continue;
475
476 lim_log(mac_ctx, LOGW,
477 FL("Invalid operational 11B rates"));
478 sir_dump_buf(mac_ctx, SIR_LIM_MODULE_ID, LOG2,
479 opr_rates->rate, opr_rates->numRates);
480 return false;
481 }
482 return true;
483}
484
485/**
486 * lim_is_sme_join_req_valid()
487 *
488 ***FUNCTION:
489 * This function is called by lim_process_sme_req_messages() upon
490 * receiving SME_JOIN_REQ message from application.
491 *
492 ***LOGIC:
493 * Message validity checks are performed in this function
494 *
495 ***ASSUMPTIONS:
496 *
497 ***NOTE:
498 *
499 * @param pMac Pointer to Global MAC structure
500 * @param pJoinReq Pointer to received SME_JOIN_REQ message
501 * @return true when received SME_JOIN_REQ is formatted correctly
502 * false otherwise
503 */
504
505uint8_t lim_is_sme_join_req_valid(tpAniSirGlobal pMac, tpSirSmeJoinReq pJoinReq)
506{
507 uint8_t valid = true;
508
509 if (!lim_is_rsn_ie_valid_in_sme_req_message(pMac, &pJoinReq->rsnIE)) {
510 lim_log(pMac, LOGE,
511 FL("received SME_JOIN_REQ with invalid RSNIE"));
512 valid = false;
513 goto end;
514 }
515
516 if (!lim_is_addie_valid_in_sme_req_message(pMac, &pJoinReq->addIEScan)) {
517 lim_log(pMac, LOGE,
518 FL
519 ("received SME_JOIN_REQ with invalid additional IE for scan"));
520 valid = false;
521 goto end;
522 }
523
524 if (!lim_is_addie_valid_in_sme_req_message(pMac, &pJoinReq->addIEAssoc)) {
525 lim_log(pMac, LOGE,
526 FL
527 ("received SME_JOIN_REQ with invalid additional IE for assoc"));
528 valid = false;
529 goto end;
530 }
531
532 if (!lim_is_bss_descr_valid_in_sme_req_message(pMac, &pJoinReq->bssDescription)) {
533 /* / Received eWNI_SME_JOIN_REQ with invalid BSS Info */
534 /* Log the event */
535 lim_log(pMac, LOGE,
536 FL("received SME_JOIN_REQ with invalid bssInfo"));
537
538 valid = false;
539 goto end;
540 }
541
542 /*
543 Reject Join Req if the Self Mac Address and
544 the Ap's Mac Address is same
545 */
Anurag Chouhan600c3a02016-03-01 10:33:54 +0530[diff] [blame^]546 if (!qdf_mem_cmp((uint8_t *) pJoinReq->selfMacAddr,
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]547 (uint8_t *) pJoinReq->bssDescription.bssId,
548 (uint8_t) (sizeof(tSirMacAddr)))) {
549 /* Log the event */
550 lim_log(pMac, LOGE,
551 FL
552 ("received SME_JOIN_REQ with Self Mac and BSSID Same"));
553
554 valid = false;
555 goto end;
556 }
557
558end:
559 return valid;
560} /*** end lim_is_sme_join_req_valid() ***/
561
562/**
563 * lim_is_sme_disassoc_req_valid()
564 *
565 ***FUNCTION:
566 * This function is called by lim_process_sme_req_messages() upon
567 * receiving SME_DISASSOC_REQ message from application.
568 *
569 ***LOGIC:
570 * Message validity checks are performed in this function
571 *
572 ***ASSUMPTIONS:
573 *
574 ***NOTE:
575 *
576 * @param pMac Pointer to Global MAC structure
577 * @param pDisassocReq Pointer to received SME_DISASSOC_REQ message
578 * @return true When received SME_DISASSOC_REQ is formatted
579 * correctly
580 * false otherwise
581 */
582
583uint8_t
584lim_is_sme_disassoc_req_valid(tpAniSirGlobal pMac,
585 tpSirSmeDisassocReq pDisassocReq,
586 tpPESession psessionEntry)
587{
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]588 if (qdf_is_macaddr_group(&pDisassocReq->peer_macaddr) &&
589 !qdf_is_macaddr_broadcast(&pDisassocReq->peer_macaddr))
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]590 return false;
591
592 return true;
593} /*** end lim_is_sme_disassoc_req_valid() ***/
594
595/**
596 * lim_is_sme_disassoc_cnf_valid()
597 *
598 ***FUNCTION:
599 * This function is called by lim_process_sme_req_messages() upon
600 * receiving SME_DISASSOC_CNF message from application.
601 *
602 ***LOGIC:
603 * Message validity checks are performed in this function
604 *
605 ***ASSUMPTIONS:
606 *
607 ***NOTE:
608 *
609 * @param pMac Pointer to Global MAC structure
610 * @param pDisassocCnf Pointer to received SME_DISASSOC_REQ message
611 * @return true When received SME_DISASSOC_CNF is formatted
612 * correctly
613 * false otherwise
614 */
615
616uint8_t
617lim_is_sme_disassoc_cnf_valid(tpAniSirGlobal pMac,
618 tpSirSmeDisassocCnf pDisassocCnf,
619 tpPESession psessionEntry)
620{
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]621 if (qdf_is_macaddr_group(&pDisassocCnf->peer_macaddr))
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]622 return false;
623
624 return true;
625} /*** end lim_is_sme_disassoc_cnf_valid() ***/
626
627/**
628 * lim_is_sme_deauth_req_valid()
629 *
630 ***FUNCTION:
631 * This function is called by lim_process_sme_req_messages() upon
632 * receiving SME_DEAUTH_REQ message from application.
633 *
634 ***LOGIC:
635 * Message validity checks are performed in this function
636 *
637 ***ASSUMPTIONS:
638 *
639 ***NOTE:
640 *
641 * @param pMac Pointer to Global MAC structure
642 * @param pDeauthReq Pointer to received SME_DEAUTH_REQ message
643 * @return true When received SME_DEAUTH_REQ is formatted correctly
644 * false otherwise
645 */
646
647uint8_t
648lim_is_sme_deauth_req_valid(tpAniSirGlobal pMac, tpSirSmeDeauthReq pDeauthReq,
649 tpPESession psessionEntry)
650{
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]651 if (qdf_is_macaddr_group(&pDeauthReq->peer_macaddr) &&
652 !qdf_is_macaddr_broadcast(&pDeauthReq->peer_macaddr))
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]653 return false;
654
655 return true;
656} /*** end lim_is_sme_deauth_req_valid() ***/
657
658/**
659 * lim_is_sme_scan_req_valid()
660 *
661 ***FUNCTION:
662 * This function is called by lim_process_sme_req_messages() upon
663 * receiving SME_SCAN_REQ message from application.
664 *
665 ***LOGIC:
666 * Message validity checks are performed in this function
667 *
668 ***ASSUMPTIONS:
669 *
670 ***NOTE:
671 *
672 * @param pScanReq Pointer to received SME_SCAN_REQ message
673 * @return true when received SME_SCAN_REQ is formatted correctly
674 * false otherwise
675 */
676
677uint8_t lim_is_sme_scan_req_valid(tpAniSirGlobal pMac, tpSirSmeScanReq pScanReq)
678{
679 uint8_t valid = true;
680 uint8_t i = 0;
681
682 if (pScanReq->numSsid > SIR_SCAN_MAX_NUM_SSID) {
683 valid = false;
684 lim_log(pMac, LOGE,
685 FL("Number of SSIDs > SIR_SCAN_MAX_NUM_SSID"));
686 goto end;
687 }
688
689 for (i = 0; i < pScanReq->numSsid; i++) {
690 if (pScanReq->ssId[i].length > SIR_MAC_MAX_SSID_LENGTH) {
691 lim_log(pMac, LOGE,
692 FL
693 ("Requested SSID length > SIR_MAC_MAX_SSID_LENGTH"));
694 valid = false;
695 goto end;
696 }
697 }
698 if ((pScanReq->bssType < 0) || (pScanReq->bssType > eSIR_AUTO_MODE)) {
699 lim_log(pMac, LOGE, FL("Invalid BSS Type"));
700 valid = false;
701 }
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]702 if (qdf_is_macaddr_group(&pScanReq->bssId) &&
703 !qdf_is_macaddr_broadcast(&pScanReq->bssId)) {
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]704 valid = false;
705 lim_log(pMac, LOGE,
706 FL("BSSID is group addr and is not Broadcast Addr"));
707 }
708 if (!
709 (pScanReq->scanType == eSIR_PASSIVE_SCAN
710 || pScanReq->scanType == eSIR_ACTIVE_SCAN)) {
711 valid = false;
712 lim_log(pMac, LOGE, FL("Invalid Scan Type"));
713 }
714 if (pScanReq->channelList.numChannels > SIR_MAX_NUM_CHANNELS) {
715 valid = false;
716 lim_log(pMac, LOGE,
717 FL("Number of Channels > SIR_MAX_NUM_CHANNELS"));
718 }
719
720 /*
721 ** check min/max channelTime range
722 **/
723 if (valid) {
724 if ((pScanReq->scanType == eSIR_ACTIVE_SCAN) &&
725 (pScanReq->maxChannelTime < pScanReq->minChannelTime)) {
726 lim_log(pMac, LOGE,
727 FL("Max Channel Time < Min Channel Time"));
728 valid = false;
729 goto end;
730 }
731 }
732
733end:
734 return valid;
735} /*** end lim_is_sme_scan_req_valid() ***/
736
737/**
738 * lim_is_sme_set_context_req_valid()
739 *
740 ***FUNCTION:
741 * This function is called by lim_process_sme_req_messages() upon
742 * receiving SME_SET_CONTEXT_REQ message from application.
743 *
744 ***LOGIC:
745 * Message validity checks are performed in this function
746 *
747 ***ASSUMPTIONS:
748 *
749 ***NOTE:
750 *
751 * @param pMsg - Pointer to received SME_SET_CONTEXT_REQ message
752 * @return true when received SME_SET_CONTEXT_REQ is formatted correctly
753 * false otherwise
754 */
755
756uint8_t
757lim_is_sme_set_context_req_valid(tpAniSirGlobal pMac,
758 tpSirSmeSetContextReq pSetContextReq)
759{
760 uint8_t i = 0;
761 uint8_t valid = true;
762 tpSirKeys pKey = pSetContextReq->keyMaterial.key;
763
764 if ((pSetContextReq->keyMaterial.edType != eSIR_ED_WEP40) &&
765 (pSetContextReq->keyMaterial.edType != eSIR_ED_WEP104) &&
766 (pSetContextReq->keyMaterial.edType != eSIR_ED_NONE) &&
767#ifdef FEATURE_WLAN_WAPI
768 (pSetContextReq->keyMaterial.edType != eSIR_ED_WPI) &&
769#endif
770 !pSetContextReq->keyMaterial.numKeys) {
771 /**
772 * No keys present in case of TKIP or CCMP
773 * Log error.
774 */
775 lim_log(pMac, LOGW,
776 FL
777 ("No keys present in SME_SETCONTEXT_REQ for edType=%d"),
778 pSetContextReq->keyMaterial.edType);
779
780 valid = false;
781 goto end;
782 }
783
784 if (pSetContextReq->keyMaterial.numKeys &&
785 (pSetContextReq->keyMaterial.edType == eSIR_ED_NONE)) {
786 /**
787 * Keys present in case of no ED policy
788 * Log error.
789 */
790 lim_log(pMac, LOGW,
791 FL("Keys present in SME_SETCONTEXT_REQ for edType=%d"),
792 pSetContextReq->keyMaterial.edType);
793
794 valid = false;
795 goto end;
796 }
797
798 if (pSetContextReq->keyMaterial.edType >= eSIR_ED_NOT_IMPLEMENTED) {
799 /**
800 * Invalid edType in the message
801 * Log error.
802 */
803 lim_log(pMac, LOGW,
804 FL("Invalid edType=%d in SME_SETCONTEXT_REQ"),
805 pSetContextReq->keyMaterial.edType);
806
807 valid = false;
808 goto end;
809 } else if (pSetContextReq->keyMaterial.edType > eSIR_ED_NONE) {
810 uint32_t poi;
811
812 if (wlan_cfg_get_int(pMac, WNI_CFG_PRIVACY_ENABLED,
813 &poi) != eSIR_SUCCESS) {
814 lim_log(pMac, LOGP,
815 FL("Unable to retrieve POI from CFG"));
816 }
817
818 if (!poi) {
819 /**
820 * Privacy is not enabled
821 * In order to allow mixed mode for Guest access
822 * allow BSS creation/join with no Privacy capability
823 * yet advertising WPA IE
824 */
825 PELOG1(lim_log(pMac, LOG1,
826 FL
827 ("Privacy is not enabled, yet non-None EDtype=%d in SME_SETCONTEXT_REQ"),
828 pSetContextReq->keyMaterial.edType);
829 )
830 }
831 }
832
833 for (i = 0; i < pSetContextReq->keyMaterial.numKeys; i++) {
834 if (((pSetContextReq->keyMaterial.edType == eSIR_ED_WEP40) &&
835 (pKey->keyLength != 5)) ||
836 ((pSetContextReq->keyMaterial.edType == eSIR_ED_WEP104) &&
837 (pKey->keyLength != 13)) ||
838 ((pSetContextReq->keyMaterial.edType == eSIR_ED_TKIP) &&
839 (pKey->keyLength != 32)) ||
840#ifdef FEATURE_WLAN_WAPI
841 ((pSetContextReq->keyMaterial.edType == eSIR_ED_WPI) &&
842 (pKey->keyLength != 32)) ||
843#endif
844 ((pSetContextReq->keyMaterial.edType == eSIR_ED_CCMP) &&
845 (pKey->keyLength != 16))) {
846 /**
847 * Invalid key length for a given ED type
848 * Log error.
849 */
850 lim_log(pMac, LOGW,
851 FL
852 ("Invalid keyLength =%d for edType=%d in SME_SETCONTEXT_REQ"),
853 pKey->keyLength,
854 pSetContextReq->keyMaterial.edType);
855
856 valid = false;
857 goto end;
858 }
859 pKey++;
860 }
861
862end:
863 return valid;
864} /*** end lim_is_sme_set_context_req_valid() ***/
865
866/**
867 * lim_is_sme_stop_bss_req_valid()
868 *
869 ***FUNCTION:
870 * This function is called by lim_process_sme_req_messages() upon
871 * receiving SME_STOP_BSS_REQ message from application.
872 *
873 ***LOGIC:
874 * Message validity checks are performed in this function
875 *
876 ***ASSUMPTIONS:
877 *
878 ***NOTE:
879 *
880 * @param pMsg - Pointer to received SME_STOP_BSS_REQ message
881 * @return true when received SME_STOP_BSS_REQ is formatted correctly
882 * false otherwise
883 */
884
885uint8_t lim_is_sme_stop_bss_req_valid(uint32_t *pMsg)
886{
887 uint8_t valid = true;
888
889 return valid;
890} /*** end lim_is_sme_stop_bss_req_valid() ***/
891
892/**
893 * lim_get_bss_id_from_sme_join_req_msg()
894 *
895 ***FUNCTION:
896 * This function is called in various places to get BSSID
897 * from BSS description/Neighbor BSS Info in the SME_JOIN_REQ/
898 * SME_REASSOC_REQ message.
899 *
900 ***PARAMS:
901 *
902 ***LOGIC:
903 *
904 ***ASSUMPTIONS:
905 * NA
906 *
907 ***NOTE:
908 * NA
909 *
910 * @param pBuf - Pointer to received SME_JOIN/SME_REASSOC_REQ
911 * message
912 * @return pBssId - Pointer to BSSID
913 */
914
915uint8_t *lim_get_bss_id_from_sme_join_req_msg(uint8_t *pBuf)
916{
917 if (!pBuf)
918 return NULL;
919
920 pBuf += sizeof(uint32_t); /* skip message header */
921
922 pBuf += lim_get_u16(pBuf) + sizeof(uint16_t); /* skip RSN IE */
923
924 pBuf += sizeof(uint16_t); /* skip length of BSS description */
925
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]926 return pBuf;
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]927} /*** end lim_get_bss_id_from_sme_join_req_msg() ***/