Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 776ee7a0f273fa6475565b06c0c59fb6e0d05c7a / . / core / mac / src / pe / lim / lim_sme_req_utils.c
blob: cd2112ba05318a2f39bd895745d5289d9ef36bb6 [file] [log] [blame]
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]1/*
Srinivas Girigowda9efa10e2016-01-04 18:49:40 -0800[diff] [blame]2 * Copyright (c) 2011-2016 The Linux Foundation. All rights reserved.
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]3 *
4 * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
5 *
6 *
7 * Permission to use, copy, modify, and/or distribute this software for
8 * any purpose with or without fee is hereby granted, provided that the
9 * above copyright notice and this permission notice appear in all
10 * copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
13 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
14 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
15 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
16 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
17 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
18 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
19 * PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * This file was originally distributed by Qualcomm Atheros, Inc.
24 * under proprietary terms before Copyright ownership was assigned
25 * to the Linux Foundation.
26 */
27
28/*
29 *
30 * This file lim_sme_req_utils.cc contains the utility functions
31 * for processing SME request messages.
32 * Author: Chandra Modumudi
33 * Date: 02/11/02
34 * History:-
35 * Date Modified by Modification Information
36 * --------------------------------------------------------------------
37 * 05/26/10 js WPA handling in (Re)Assoc frames
38 *
39 */
40
41#include "wni_api.h"
42#include "wni_cfg.h"
43#include "cfg_api.h"
44#include "sir_api.h"
45#include "sch_api.h"
46#include "utils_api.h"
47#include "lim_types.h"
48#include "lim_utils.h"
49#include "lim_assoc_utils.h"
50#include "lim_security_utils.h"
51#include "lim_ser_des_utils.h"
Jeff Johnson5fc51762016-10-07 07:33:42 -0700[diff] [blame]52#include "lim_sme_req_utils.h"
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]53
54/**
55 * lim_is_rs_nie_valid_in_sme_req_message()
56 *
57 * @mac_ctx Pointer to Global MAC structure
58 * @rsn_ie Pointer to received RSN IE
59 *
60 * This function is called to verify if the RSN IE received in various SME_REQ
61 * messages is valid or not
62 *
63 * Return: true when RSN IE is valid, false otherwise
64 *
65 */
66
67static uint8_t
68lim_is_rsn_ie_valid_in_sme_req_message(tpAniSirGlobal mac_ctx, tpSirRSNie rsn_ie)
69{
70 uint8_t start = 0;
71 uint32_t privacy, val;
72 int len;
73
74 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_PRIVACY_ENABLED,
75 &privacy) != eSIR_SUCCESS) {
76 lim_log(mac_ctx, LOGP, FL("Unable to retrieve POI from CFG"));
77 }
78
79 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_RSN_ENABLED, &val)
80 != eSIR_SUCCESS) {
81 lim_log(mac_ctx, LOGP,
82 FL("Unable to retrieve RSN_ENABLED from CFG"));
83 }
84
85 if (rsn_ie->length && (!privacy || !val)) {
86 /* Privacy & RSN not enabled in CFG.
87 * In order to allow mixed mode for Guest access
88 * allow BSS creation/join with no Privacy capability
89 * yet advertising WPA IE
90 */
91 PELOG1(lim_log(mac_ctx, LOG1,
92 FL("RSN ie len %d PRIVACY %d RSN %d"),
93 rsn_ie->length, privacy, val);)
94 }
95
96 if (!rsn_ie->length)
97 return true;
98
99 if ((rsn_ie->rsnIEdata[0] != DOT11F_EID_RSN)
100#ifdef FEATURE_WLAN_WAPI
101 && (rsn_ie->rsnIEdata[0] != DOT11F_EID_WAPI)
102#endif
103 && (rsn_ie->rsnIEdata[0] != DOT11F_EID_WPA)) {
104 lim_log(mac_ctx, LOGE, FL("RSN/WPA/WAPI EID %d not [%d || %d]"),
105 rsn_ie->rsnIEdata[0], DOT11F_EID_RSN,
106 DOT11F_EID_WPA);
107 return false;
108 }
109
110 len = rsn_ie->length;
111 start = 0;
112 while (len > 0) {
113 switch (rsn_ie->rsnIEdata[start]) {
114 case DOT11F_EID_RSN:
115 /* Check validity of RSN IE */
116 if ((rsn_ie->rsnIEdata[start + 1] >
117 DOT11F_IE_RSN_MAX_LEN)
118 || (rsn_ie->rsnIEdata[start + 1] <
119 DOT11F_IE_RSN_MIN_LEN)) {
120 lim_log(mac_ctx, LOGE,
121 FL("RSN IE len %d not [%d,%d]"),
122 rsn_ie->rsnIEdata[start + 1],
123 DOT11F_IE_RSN_MIN_LEN,
124 DOT11F_IE_RSN_MAX_LEN);
125 return false;
126 }
127 break;
128 case DOT11F_EID_WPA:
129 /* Check validity of WPA IE */
130 if (SIR_MAC_MAX_IE_LENGTH <= start)
131 break;
132
133 if (start <= (SIR_MAC_MAX_IE_LENGTH - sizeof(uint32_t)))
134 val = sir_read_u32((uint8_t *) &
135 rsn_ie->rsnIEdata[start + 2]);
136
137 if ((rsn_ie->rsnIEdata[start + 1] <
138 DOT11F_IE_WPA_MIN_LEN)
139 || (rsn_ie->rsnIEdata[start + 1] >
140 DOT11F_IE_WPA_MAX_LEN)
141 || (SIR_MAC_WPA_OUI != val)) {
142 lim_log(mac_ctx, LOGE,
143 FL("WPA IE len %d not [%d,%d] OR data 0x%x not 0x%x"),
144 rsn_ie->rsnIEdata[start + 1],
145 DOT11F_IE_WPA_MIN_LEN,
146 DOT11F_IE_WPA_MAX_LEN,
147 val, SIR_MAC_WPA_OUI);
148 return false;
149 }
150 break;
151#ifdef FEATURE_WLAN_WAPI
152 case DOT11F_EID_WAPI:
153 if ((rsn_ie->rsnIEdata[start + 1] >
154 DOT11F_IE_WAPI_MAX_LEN)
155 || (rsn_ie->rsnIEdata[start + 1] <
156 DOT11F_IE_WAPI_MIN_LEN)) {
157 lim_log(mac_ctx, LOGE,
158 FL("WAPI IE len %d not [%d,%d]"),
159 rsn_ie->rsnIEdata[start + 1],
160 DOT11F_IE_WAPI_MIN_LEN,
161 DOT11F_IE_WAPI_MAX_LEN);
162 return false;
163 }
164 break;
165#endif
166 default:
167 /* we will never be here, simply for completeness */
168 return false;
169 } /* end of switch */
170 /* EID + length field + length */
171 start += 2 + rsn_ie->rsnIEdata[start + 1];
172 len -= start;
173 } /* end while loop */
174 return true;
175} /*** end lim_is_rs_nie_valid_in_sme_req_message() ***/
176
177/**
178 * lim_is_addie_valid_in_sme_req_message()
179 *
180 ***FUNCTION:
181 * This function is called to verify if the Add IE
182 * received in various SME_REQ messages is valid or not
183 *
184 ***LOGIC:
185 * Add IE validity checks are performed on only length
186 *
187 ***ASSUMPTIONS:
188 *
189 ***NOTE:
190 *
191 * @param pMac Pointer to Global MAC structure
192 * @param pWSCie Pointer to received WSC IE
193 * @return true when WSC IE is valid, false otherwise
194 */
195
196static uint8_t
197lim_is_addie_valid_in_sme_req_message(tpAniSirGlobal pMac, tpSirAddie pAddie)
198{
199 int left = pAddie->length;
200 uint8_t *ptr = pAddie->addIEdata;
201 uint8_t elem_id, elem_len;
202
203 if (left == 0)
204 return true;
205
206 while (left >= 2) {
207 elem_id = ptr[0];
208 elem_len = ptr[1];
209 left -= 2;
210 if (elem_len > left) {
211 lim_log(pMac, LOGE,
212 FL
213 ("****Invalid Add IEs eid = %d elem_len=%d left=%d*****"),
214 elem_id, elem_len, left);
215 return false;
216 }
217
218 left -= elem_len;
219 ptr += (elem_len + 2);
220 }
221 /* there shouldn't be any left byte */
222
223 return true;
224} /*** end lim_is_addie_valid_in_sme_req_message() ***/
225
226/**
227 * lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message() - to set rsnie/wpaie
228 *
229 * @mac_ctx : Pointer to Global MAC structure
230 * @rsn_ie : Pointer to received RSN IE
231 * @session : Pointer to pe session
232 *
233 * This function is called to verify if the RSN IE received in various
234 * SME_REQ messages is valid or not. RSN IE validity checks are performed in
235 * this function
236 *
237 * Return: true when RSN IE is valid, false otherwise
238 */
239uint8_t
240lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
241 tpSirRSNie rsn_ie,
242 tpPESession session)
243{
244 uint8_t wpa_idx = 0;
245 uint32_t privacy, val;
246
247 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_PRIVACY_ENABLED,
248 &privacy) != eSIR_SUCCESS)
249 lim_log(mac_ctx, LOGP, FL("Unable to retrieve POI from CFG"));
250
251 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_RSN_ENABLED,
252 &val) != eSIR_SUCCESS)
253 lim_log(mac_ctx, LOGP,
254 FL("Unable to retrieve RSN_ENABLED from CFG"));
255
256 if (rsn_ie->length && (!privacy || !val)) {
257 /*
258 * Privacy & RSN not enabled in CFG.
259 * In order to allow mixed mode for Guest access
260 * allow BSS creation/join with no Privacy capability
261 * yet advertising WPA IE
262 */
263 lim_log(mac_ctx, LOG1,
264 FL("RSN ie len %d but PRIVACY %d RSN %d"),
265 rsn_ie->length, privacy, val);
266 }
267
268 if (!rsn_ie->length)
269 return true;
270
271 if ((rsn_ie->rsnIEdata[0] != SIR_MAC_RSN_EID) &&
272 (rsn_ie->rsnIEdata[0] != SIR_MAC_WPA_EID)) {
273 lim_log(mac_ctx, LOGE, FL("RSN/WPA EID %d not [%d || %d]"),
274 rsn_ie->rsnIEdata[0], SIR_MAC_RSN_EID,
275 SIR_MAC_WPA_EID);
276 return false;
277 }
278 /* Check validity of RSN IE */
279 if ((rsn_ie->rsnIEdata[0] == SIR_MAC_RSN_EID) &&
280 (rsn_ie->rsnIEdata[1] < SIR_MAC_RSN_IE_MIN_LENGTH)) {
281 lim_log(mac_ctx, LOGE, FL("RSN IE len %d not [%d,%d]"),
282 rsn_ie->rsnIEdata[1], SIR_MAC_RSN_IE_MIN_LENGTH,
283 SIR_MAC_RSN_IE_MAX_LENGTH);
284 return false;
285 }
286
287 if (rsn_ie->length > rsn_ie->rsnIEdata[1] + 2) {
288 if (rsn_ie->rsnIEdata[0] != SIR_MAC_RSN_EID) {
289 lim_log(mac_ctx, LOGE,
290 FL("First byte[%d] in rsnIEdata isn't RSN_EID"),
291 rsn_ie->rsnIEdata[1]);
292 return false;
293 }
294 lim_log(mac_ctx, LOG1,
295 FL("WPA IE is present along with WPA2 IE"));
296 wpa_idx = 2 + rsn_ie->rsnIEdata[1];
297 } else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2) &&
298 (rsn_ie->rsnIEdata[0] == SIR_MAC_RSN_EID)) {
299 lim_log(mac_ctx, LOG1, FL("Only RSN IE is present"));
300 dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
301 (uint8_t) rsn_ie->length,
302 &session->gStartBssRSNIe);
303 } else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2)
304 && (rsn_ie->rsnIEdata[0] == SIR_MAC_WPA_EID)) {
305 lim_log(mac_ctx, LOG1, FL("Only WPA IE is present"));
306 dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[6],
307 (uint8_t) rsn_ie->length - 4,
308 &session->gStartBssWPAIe);
309 }
310 /* Check validity of WPA IE */
311 if (wpa_idx + 6 >= SIR_MAC_MAX_IE_LENGTH)
312 return false;
313
314 val = sir_read_u32((uint8_t *)&rsn_ie->rsnIEdata[wpa_idx + 2]);
315 if ((rsn_ie->rsnIEdata[wpa_idx] == SIR_MAC_WPA_EID)
316 && ((rsn_ie->rsnIEdata[wpa_idx + 1] < SIR_MAC_WPA_IE_MIN_LENGTH)
317 || (SIR_MAC_WPA_OUI != val))) {
318 lim_log(mac_ctx, LOGE,
319 FL("WPA IE len %d not [%d,%d] OR data 0x%x not 0x%x"),
320 rsn_ie->rsnIEdata[1],
321 SIR_MAC_RSN_IE_MIN_LENGTH,
322 SIR_MAC_RSN_IE_MAX_LENGTH, val,
323 SIR_MAC_WPA_OUI);
324 return false;
325 } else {
326 /* Both RSN and WPA IEs are present */
327 dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
328 (uint8_t) rsn_ie->length,
329 &session->gStartBssRSNIe);
330 dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[wpa_idx + 6],
331 rsn_ie->rsnIEdata[wpa_idx + 1] - 4,
332 &session->gStartBssWPAIe);
333 }
334 return true;
335}
336
337/**
338 * lim_is_bss_descr_valid_in_sme_req_message()
339 *
340 ***FUNCTION:
341 * This function is called to verify if the BSS Descr
342 * received in various SME_REQ messages is valid or not
343 *
344 ***LOGIC:
345 * BSS Descritipion validity checks are performed in this function
346 *
347 ***ASSUMPTIONS:
348 *
349 ***NOTE:
350 *
351 * @param pMac Pointer to Global MAC structure
352 * @param pBssDescr Pointer to received Bss Descritipion
353 * @return true when BSS description is valid, false otherwise
354 */
355
356static uint8_t
357lim_is_bss_descr_valid_in_sme_req_message(tpAniSirGlobal pMac,
358 tpSirBssDescription pBssDescr)
359{
360 uint8_t valid = true;
361
362 if (lim_is_addr_bc(pBssDescr->bssId) || !pBssDescr->channelId) {
363 valid = false;
364 goto end;
365 }
366
367end:
368 return valid;
369} /*** end lim_is_bss_descr_valid_in_sme_req_message() ***/
370
371/**
372 * lim_is_sme_start_bss_req_valid() - To validate sme start bss request
373 *
374 * @mac_ctx: Pointer to Global MAC structure
375 * @start_bss_req: Pointer to received SME_START_BSS_REQ message
376 *
377 * This function is called by lim_process_sme_req_messages() upon
378 * receiving SME_START_BSS_REQ message from application.
379 *
380 * Return: true when received SME_START_BSS_REQ is formatted correctly false
381 * otherwise
382 */
383
384uint8_t
385lim_is_sme_start_bss_req_valid(tpAniSirGlobal mac_ctx,
386 tpSirSmeStartBssReq start_bss_req)
387{
388 uint8_t i = 0;
389 tSirMacRateSet *opr_rates = &start_bss_req->operationalRateSet;
390
391 PELOG1(lim_log(mac_ctx, LOG1,
Sreelakshmi Konamki39acb132015-12-16 13:06:22 +0530[diff] [blame]392 FL("Parsed START_BSS_REQ fields are bssType=%s (%d), channelId=%d, SSID len=%d, rsnIE len=%d, nwType=%d, rateset len=%d"),
393 lim_bss_type_to_string(start_bss_req->bssType),
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]394 start_bss_req->bssType, start_bss_req->channelId,
395 start_bss_req->ssId.length, start_bss_req->rsnIE.length,
396 start_bss_req->nwType, opr_rates->numRates);)
397
398 switch (start_bss_req->bssType) {
399 case eSIR_INFRASTRUCTURE_MODE:
400 /**
401 * Should not have received start BSS req with bssType
402 * Infrastructure on STA.
403 */
404 lim_log(mac_ctx, LOGE,
405 FL("Invalid bssType %d in eWNI_SME_START_BSS_REQ"),
406 start_bss_req->bssType);
407 return false;
408 break;
409 case eSIR_IBSS_MODE:
410 break;
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]411 case eSIR_INFRA_AP_MODE:
412 break;
Deepak Dhamdheree2dd5442016-05-27 15:05:51 -0700[diff] [blame]413 case eSIR_NDI_MODE:
414 break;
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]415 default:
416 /**
417 * Should not have received start BSS req with bssType
418 * other than Infrastructure/IBSS.
419 */
420 lim_log(mac_ctx, LOGW,
421 FL("Invalid bssType %d in eWNI_SME_START_BSS_REQ"),
422 start_bss_req->bssType);
423 return false;
424 }
425
426 if (start_bss_req->bssType == eSIR_IBSS_MODE
427 && (!start_bss_req->ssId.length
428 || start_bss_req->ssId.length > SIR_MAC_MAX_SSID_LENGTH)) {
429 lim_log(mac_ctx, LOGW,
430 FL("Invalid SSID length in eWNI_SME_START_BSS_REQ"));
431 return false;
432 }
433
434 if (!lim_is_rsn_ie_valid_in_sme_req_message(mac_ctx,
435 &start_bss_req->rsnIE))
436 return false;
437
438 if (start_bss_req->nwType != eSIR_11A_NW_TYPE
439 && start_bss_req->nwType != eSIR_11B_NW_TYPE
440 && start_bss_req->nwType != eSIR_11G_NW_TYPE)
441 return false;
442
443 if (start_bss_req->nwType == eSIR_11A_NW_TYPE) {
444 for (i = 0; i < opr_rates->numRates; i++) {
445 if (sirIsArate(opr_rates->rate[i] & 0x7F))
446 continue;
447
448 lim_log(mac_ctx, LOGW,
449 FL("Invalid operational 11A rates"));
450 sir_dump_buf(mac_ctx, SIR_LIM_MODULE_ID, LOG2,
451 opr_rates->rate, opr_rates->numRates);
452 return false;
453 }
454 return true;
455 }
456 /* check if all the rates in the opr rate set are legal 11G rates */
457 if (start_bss_req->nwType == eSIR_11G_NW_TYPE) {
458 for (i = 0; i < opr_rates->numRates; i++) {
459 if (sirIsGrate(opr_rates->rate[i] & 0x7F))
460 continue;
461
462 lim_log(mac_ctx, LOGW,
463 FL("Invalid operational 11G rates"));
464 sir_dump_buf(mac_ctx, SIR_LIM_MODULE_ID, LOG2,
465 opr_rates->rate, opr_rates->numRates);
466 return false;
467 }
468 return true;
469 }
470
471 for (i = 0; i < opr_rates->numRates; i++) {
472 if (sirIsBrate(opr_rates->rate[i] & 0x7F))
473 continue;
474
475 lim_log(mac_ctx, LOGW,
476 FL("Invalid operational 11B rates"));
477 sir_dump_buf(mac_ctx, SIR_LIM_MODULE_ID, LOG2,
478 opr_rates->rate, opr_rates->numRates);
479 return false;
480 }
481 return true;
482}
483
484/**
485 * lim_is_sme_join_req_valid()
486 *
487 ***FUNCTION:
488 * This function is called by lim_process_sme_req_messages() upon
489 * receiving SME_JOIN_REQ message from application.
490 *
491 ***LOGIC:
492 * Message validity checks are performed in this function
493 *
494 ***ASSUMPTIONS:
495 *
496 ***NOTE:
497 *
498 * @param pMac Pointer to Global MAC structure
499 * @param pJoinReq Pointer to received SME_JOIN_REQ message
500 * @return true when received SME_JOIN_REQ is formatted correctly
501 * false otherwise
502 */
503
504uint8_t lim_is_sme_join_req_valid(tpAniSirGlobal pMac, tpSirSmeJoinReq pJoinReq)
505{
506 uint8_t valid = true;
507
508 if (!lim_is_rsn_ie_valid_in_sme_req_message(pMac, &pJoinReq->rsnIE)) {
509 lim_log(pMac, LOGE,
510 FL("received SME_JOIN_REQ with invalid RSNIE"));
511 valid = false;
512 goto end;
513 }
514
515 if (!lim_is_addie_valid_in_sme_req_message(pMac, &pJoinReq->addIEScan)) {
516 lim_log(pMac, LOGE,
517 FL
518 ("received SME_JOIN_REQ with invalid additional IE for scan"));
519 valid = false;
520 goto end;
521 }
522
523 if (!lim_is_addie_valid_in_sme_req_message(pMac, &pJoinReq->addIEAssoc)) {
524 lim_log(pMac, LOGE,
525 FL
526 ("received SME_JOIN_REQ with invalid additional IE for assoc"));
527 valid = false;
528 goto end;
529 }
530
531 if (!lim_is_bss_descr_valid_in_sme_req_message(pMac, &pJoinReq->bssDescription)) {
532 /* / Received eWNI_SME_JOIN_REQ with invalid BSS Info */
533 /* Log the event */
534 lim_log(pMac, LOGE,
535 FL("received SME_JOIN_REQ with invalid bssInfo"));
536
537 valid = false;
538 goto end;
539 }
540
541 /*
542 Reject Join Req if the Self Mac Address and
543 the Ap's Mac Address is same
544 */
Anurag Chouhan600c3a02016-03-01 10:33:54 +0530[diff] [blame]545 if (!qdf_mem_cmp((uint8_t *) pJoinReq->selfMacAddr,
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]546 (uint8_t *) pJoinReq->bssDescription.bssId,
547 (uint8_t) (sizeof(tSirMacAddr)))) {
548 /* Log the event */
549 lim_log(pMac, LOGE,
550 FL
551 ("received SME_JOIN_REQ with Self Mac and BSSID Same"));
552
553 valid = false;
554 goto end;
555 }
556
557end:
558 return valid;
559} /*** end lim_is_sme_join_req_valid() ***/
560
561/**
562 * lim_is_sme_disassoc_req_valid()
563 *
564 ***FUNCTION:
565 * This function is called by lim_process_sme_req_messages() upon
566 * receiving SME_DISASSOC_REQ message from application.
567 *
568 ***LOGIC:
569 * Message validity checks are performed in this function
570 *
571 ***ASSUMPTIONS:
572 *
573 ***NOTE:
574 *
575 * @param pMac Pointer to Global MAC structure
576 * @param pDisassocReq Pointer to received SME_DISASSOC_REQ message
577 * @return true When received SME_DISASSOC_REQ is formatted
578 * correctly
579 * false otherwise
580 */
581
582uint8_t
583lim_is_sme_disassoc_req_valid(tpAniSirGlobal pMac,
584 tpSirSmeDisassocReq pDisassocReq,
585 tpPESession psessionEntry)
586{
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]587 if (qdf_is_macaddr_group(&pDisassocReq->peer_macaddr) &&
588 !qdf_is_macaddr_broadcast(&pDisassocReq->peer_macaddr))
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]589 return false;
590
591 return true;
592} /*** end lim_is_sme_disassoc_req_valid() ***/
593
594/**
595 * lim_is_sme_disassoc_cnf_valid()
596 *
597 ***FUNCTION:
598 * This function is called by lim_process_sme_req_messages() upon
599 * receiving SME_DISASSOC_CNF message from application.
600 *
601 ***LOGIC:
602 * Message validity checks are performed in this function
603 *
604 ***ASSUMPTIONS:
605 *
606 ***NOTE:
607 *
608 * @param pMac Pointer to Global MAC structure
609 * @param pDisassocCnf Pointer to received SME_DISASSOC_REQ message
610 * @return true When received SME_DISASSOC_CNF is formatted
611 * correctly
612 * false otherwise
613 */
614
615uint8_t
616lim_is_sme_disassoc_cnf_valid(tpAniSirGlobal pMac,
617 tpSirSmeDisassocCnf pDisassocCnf,
618 tpPESession psessionEntry)
619{
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]620 if (qdf_is_macaddr_group(&pDisassocCnf->peer_macaddr))
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]621 return false;
622
623 return true;
624} /*** end lim_is_sme_disassoc_cnf_valid() ***/
625
626/**
627 * lim_is_sme_deauth_req_valid()
628 *
629 ***FUNCTION:
630 * This function is called by lim_process_sme_req_messages() upon
631 * receiving SME_DEAUTH_REQ message from application.
632 *
633 ***LOGIC:
634 * Message validity checks are performed in this function
635 *
636 ***ASSUMPTIONS:
637 *
638 ***NOTE:
639 *
640 * @param pMac Pointer to Global MAC structure
641 * @param pDeauthReq Pointer to received SME_DEAUTH_REQ message
642 * @return true When received SME_DEAUTH_REQ is formatted correctly
643 * false otherwise
644 */
645
646uint8_t
647lim_is_sme_deauth_req_valid(tpAniSirGlobal pMac, tpSirSmeDeauthReq pDeauthReq,
648 tpPESession psessionEntry)
649{
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]650 if (qdf_is_macaddr_group(&pDeauthReq->peer_macaddr) &&
651 !qdf_is_macaddr_broadcast(&pDeauthReq->peer_macaddr))
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]652 return false;
653
654 return true;
655} /*** end lim_is_sme_deauth_req_valid() ***/
656
657/**
658 * lim_is_sme_scan_req_valid()
659 *
660 ***FUNCTION:
661 * This function is called by lim_process_sme_req_messages() upon
662 * receiving SME_SCAN_REQ message from application.
663 *
664 ***LOGIC:
665 * Message validity checks are performed in this function
666 *
667 ***ASSUMPTIONS:
668 *
669 ***NOTE:
670 *
671 * @param pScanReq Pointer to received SME_SCAN_REQ message
672 * @return true when received SME_SCAN_REQ is formatted correctly
673 * false otherwise
674 */
675
676uint8_t lim_is_sme_scan_req_valid(tpAniSirGlobal pMac, tpSirSmeScanReq pScanReq)
677{
678 uint8_t valid = true;
679 uint8_t i = 0;
680
681 if (pScanReq->numSsid > SIR_SCAN_MAX_NUM_SSID) {
682 valid = false;
683 lim_log(pMac, LOGE,
684 FL("Number of SSIDs > SIR_SCAN_MAX_NUM_SSID"));
685 goto end;
686 }
687
688 for (i = 0; i < pScanReq->numSsid; i++) {
689 if (pScanReq->ssId[i].length > SIR_MAC_MAX_SSID_LENGTH) {
690 lim_log(pMac, LOGE,
691 FL
692 ("Requested SSID length > SIR_MAC_MAX_SSID_LENGTH"));
693 valid = false;
694 goto end;
695 }
696 }
697 if ((pScanReq->bssType < 0) || (pScanReq->bssType > eSIR_AUTO_MODE)) {
698 lim_log(pMac, LOGE, FL("Invalid BSS Type"));
699 valid = false;
700 }
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]701 if (qdf_is_macaddr_group(&pScanReq->bssId) &&
702 !qdf_is_macaddr_broadcast(&pScanReq->bssId)) {
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]703 valid = false;
704 lim_log(pMac, LOGE,
705 FL("BSSID is group addr and is not Broadcast Addr"));
706 }
707 if (!
708 (pScanReq->scanType == eSIR_PASSIVE_SCAN
709 || pScanReq->scanType == eSIR_ACTIVE_SCAN)) {
710 valid = false;
711 lim_log(pMac, LOGE, FL("Invalid Scan Type"));
712 }
713 if (pScanReq->channelList.numChannels > SIR_MAX_NUM_CHANNELS) {
714 valid = false;
715 lim_log(pMac, LOGE,
716 FL("Number of Channels > SIR_MAX_NUM_CHANNELS"));
717 }
718
719 /*
720 ** check min/max channelTime range
721 **/
722 if (valid) {
723 if ((pScanReq->scanType == eSIR_ACTIVE_SCAN) &&
724 (pScanReq->maxChannelTime < pScanReq->minChannelTime)) {
725 lim_log(pMac, LOGE,
726 FL("Max Channel Time < Min Channel Time"));
727 valid = false;
728 goto end;
729 }
730 }
731
732end:
733 return valid;
734} /*** end lim_is_sme_scan_req_valid() ***/
735
736/**
737 * lim_is_sme_set_context_req_valid()
738 *
739 ***FUNCTION:
740 * This function is called by lim_process_sme_req_messages() upon
741 * receiving SME_SET_CONTEXT_REQ message from application.
742 *
743 ***LOGIC:
744 * Message validity checks are performed in this function
745 *
746 ***ASSUMPTIONS:
747 *
748 ***NOTE:
749 *
750 * @param pMsg - Pointer to received SME_SET_CONTEXT_REQ message
751 * @return true when received SME_SET_CONTEXT_REQ is formatted correctly
752 * false otherwise
753 */
754
755uint8_t
756lim_is_sme_set_context_req_valid(tpAniSirGlobal pMac,
757 tpSirSmeSetContextReq pSetContextReq)
758{
759 uint8_t i = 0;
760 uint8_t valid = true;
761 tpSirKeys pKey = pSetContextReq->keyMaterial.key;
762
763 if ((pSetContextReq->keyMaterial.edType != eSIR_ED_WEP40) &&
764 (pSetContextReq->keyMaterial.edType != eSIR_ED_WEP104) &&
765 (pSetContextReq->keyMaterial.edType != eSIR_ED_NONE) &&
766#ifdef FEATURE_WLAN_WAPI
767 (pSetContextReq->keyMaterial.edType != eSIR_ED_WPI) &&
768#endif
769 !pSetContextReq->keyMaterial.numKeys) {
770 /**
771 * No keys present in case of TKIP or CCMP
772 * Log error.
773 */
774 lim_log(pMac, LOGW,
775 FL
776 ("No keys present in SME_SETCONTEXT_REQ for edType=%d"),
777 pSetContextReq->keyMaterial.edType);
778
779 valid = false;
780 goto end;
781 }
782
783 if (pSetContextReq->keyMaterial.numKeys &&
784 (pSetContextReq->keyMaterial.edType == eSIR_ED_NONE)) {
785 /**
786 * Keys present in case of no ED policy
787 * Log error.
788 */
789 lim_log(pMac, LOGW,
790 FL("Keys present in SME_SETCONTEXT_REQ for edType=%d"),
791 pSetContextReq->keyMaterial.edType);
792
793 valid = false;
794 goto end;
795 }
796
797 if (pSetContextReq->keyMaterial.edType >= eSIR_ED_NOT_IMPLEMENTED) {
798 /**
799 * Invalid edType in the message
800 * Log error.
801 */
802 lim_log(pMac, LOGW,
803 FL("Invalid edType=%d in SME_SETCONTEXT_REQ"),
804 pSetContextReq->keyMaterial.edType);
805
806 valid = false;
807 goto end;
808 } else if (pSetContextReq->keyMaterial.edType > eSIR_ED_NONE) {
809 uint32_t poi;
810
811 if (wlan_cfg_get_int(pMac, WNI_CFG_PRIVACY_ENABLED,
812 &poi) != eSIR_SUCCESS) {
813 lim_log(pMac, LOGP,
814 FL("Unable to retrieve POI from CFG"));
815 }
816
817 if (!poi) {
818 /**
819 * Privacy is not enabled
820 * In order to allow mixed mode for Guest access
821 * allow BSS creation/join with no Privacy capability
822 * yet advertising WPA IE
823 */
824 PELOG1(lim_log(pMac, LOG1,
825 FL
826 ("Privacy is not enabled, yet non-None EDtype=%d in SME_SETCONTEXT_REQ"),
827 pSetContextReq->keyMaterial.edType);
828 )
829 }
830 }
831
832 for (i = 0; i < pSetContextReq->keyMaterial.numKeys; i++) {
833 if (((pSetContextReq->keyMaterial.edType == eSIR_ED_WEP40) &&
834 (pKey->keyLength != 5)) ||
835 ((pSetContextReq->keyMaterial.edType == eSIR_ED_WEP104) &&
836 (pKey->keyLength != 13)) ||
837 ((pSetContextReq->keyMaterial.edType == eSIR_ED_TKIP) &&
838 (pKey->keyLength != 32)) ||
839#ifdef FEATURE_WLAN_WAPI
840 ((pSetContextReq->keyMaterial.edType == eSIR_ED_WPI) &&
841 (pKey->keyLength != 32)) ||
842#endif
843 ((pSetContextReq->keyMaterial.edType == eSIR_ED_CCMP) &&
844 (pKey->keyLength != 16))) {
845 /**
846 * Invalid key length for a given ED type
847 * Log error.
848 */
849 lim_log(pMac, LOGW,
850 FL
851 ("Invalid keyLength =%d for edType=%d in SME_SETCONTEXT_REQ"),
852 pKey->keyLength,
853 pSetContextReq->keyMaterial.edType);
854
855 valid = false;
856 goto end;
857 }
858 pKey++;
859 }
860
861end:
862 return valid;
863} /*** end lim_is_sme_set_context_req_valid() ***/
864
865/**
866 * lim_is_sme_stop_bss_req_valid()
867 *
868 ***FUNCTION:
869 * This function is called by lim_process_sme_req_messages() upon
870 * receiving SME_STOP_BSS_REQ message from application.
871 *
872 ***LOGIC:
873 * Message validity checks are performed in this function
874 *
875 ***ASSUMPTIONS:
876 *
877 ***NOTE:
878 *
879 * @param pMsg - Pointer to received SME_STOP_BSS_REQ message
880 * @return true when received SME_STOP_BSS_REQ is formatted correctly
881 * false otherwise
882 */
883
884uint8_t lim_is_sme_stop_bss_req_valid(uint32_t *pMsg)
885{
886 uint8_t valid = true;
887
888 return valid;
889} /*** end lim_is_sme_stop_bss_req_valid() ***/
890
891/**
892 * lim_get_bss_id_from_sme_join_req_msg()
893 *
894 ***FUNCTION:
895 * This function is called in various places to get BSSID
896 * from BSS description/Neighbor BSS Info in the SME_JOIN_REQ/
897 * SME_REASSOC_REQ message.
898 *
899 ***PARAMS:
900 *
901 ***LOGIC:
902 *
903 ***ASSUMPTIONS:
904 * NA
905 *
906 ***NOTE:
907 * NA
908 *
909 * @param pBuf - Pointer to received SME_JOIN/SME_REASSOC_REQ
910 * message
911 * @return pBssId - Pointer to BSSID
912 */
913
914uint8_t *lim_get_bss_id_from_sme_join_req_msg(uint8_t *pBuf)
915{
916 if (!pBuf)
917 return NULL;
918
919 pBuf += sizeof(uint32_t); /* skip message header */
920
921 pBuf += lim_get_u16(pBuf) + sizeof(uint16_t); /* skip RSN IE */
922
923 pBuf += sizeof(uint16_t); /* skip length of BSS description */
924
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]925 return pBuf;
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]926} /*** end lim_get_bss_id_from_sme_join_req_msg() ***/