Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / qcacld-3.0 / 9769900bfe97726da06a1facab12105b3680f993 / . / core / mac / src / pe / lim / lim_sme_req_utils.c
blob: 327009f7f07336b1ebe9001ff4190980707e2471 [file] [log] [blame]
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]1/*
Srinivas Girigowda9efa10e2016-01-04 18:49:40 -0800[diff] [blame]2 * Copyright (c) 2011-2016 The Linux Foundation. All rights reserved.
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]3 *
4 * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
5 *
6 *
7 * Permission to use, copy, modify, and/or distribute this software for
8 * any purpose with or without fee is hereby granted, provided that the
9 * above copyright notice and this permission notice appear in all
10 * copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
13 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
14 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
15 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
16 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
17 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
18 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
19 * PERFORMANCE OF THIS SOFTWARE.
20 */
21
22/*
23 * This file was originally distributed by Qualcomm Atheros, Inc.
24 * under proprietary terms before Copyright ownership was assigned
25 * to the Linux Foundation.
26 */
27
28/*
29 *
30 * This file lim_sme_req_utils.cc contains the utility functions
31 * for processing SME request messages.
32 * Author: Chandra Modumudi
33 * Date: 02/11/02
34 * History:-
35 * Date Modified by Modification Information
36 * --------------------------------------------------------------------
37 * 05/26/10 js WPA handling in (Re)Assoc frames
38 *
39 */
40
41#include "wni_api.h"
42#include "wni_cfg.h"
43#include "cfg_api.h"
44#include "sir_api.h"
45#include "sch_api.h"
46#include "utils_api.h"
47#include "lim_types.h"
48#include "lim_utils.h"
49#include "lim_assoc_utils.h"
50#include "lim_security_utils.h"
51#include "lim_ser_des_utils.h"
52
53/**
54 * lim_is_rs_nie_valid_in_sme_req_message()
55 *
56 * @mac_ctx Pointer to Global MAC structure
57 * @rsn_ie Pointer to received RSN IE
58 *
59 * This function is called to verify if the RSN IE received in various SME_REQ
60 * messages is valid or not
61 *
62 * Return: true when RSN IE is valid, false otherwise
63 *
64 */
65
66static uint8_t
67lim_is_rsn_ie_valid_in_sme_req_message(tpAniSirGlobal mac_ctx, tpSirRSNie rsn_ie)
68{
69 uint8_t start = 0;
70 uint32_t privacy, val;
71 int len;
72
73 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_PRIVACY_ENABLED,
74 &privacy) != eSIR_SUCCESS) {
75 lim_log(mac_ctx, LOGP, FL("Unable to retrieve POI from CFG"));
76 }
77
78 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_RSN_ENABLED, &val)
79 != eSIR_SUCCESS) {
80 lim_log(mac_ctx, LOGP,
81 FL("Unable to retrieve RSN_ENABLED from CFG"));
82 }
83
84 if (rsn_ie->length && (!privacy || !val)) {
85 /* Privacy & RSN not enabled in CFG.
86 * In order to allow mixed mode for Guest access
87 * allow BSS creation/join with no Privacy capability
88 * yet advertising WPA IE
89 */
90 PELOG1(lim_log(mac_ctx, LOG1,
91 FL("RSN ie len %d PRIVACY %d RSN %d"),
92 rsn_ie->length, privacy, val);)
93 }
94
95 if (!rsn_ie->length)
96 return true;
97
98 if ((rsn_ie->rsnIEdata[0] != DOT11F_EID_RSN)
99#ifdef FEATURE_WLAN_WAPI
100 && (rsn_ie->rsnIEdata[0] != DOT11F_EID_WAPI)
101#endif
102 && (rsn_ie->rsnIEdata[0] != DOT11F_EID_WPA)) {
103 lim_log(mac_ctx, LOGE, FL("RSN/WPA/WAPI EID %d not [%d || %d]"),
104 rsn_ie->rsnIEdata[0], DOT11F_EID_RSN,
105 DOT11F_EID_WPA);
106 return false;
107 }
108
109 len = rsn_ie->length;
110 start = 0;
111 while (len > 0) {
112 switch (rsn_ie->rsnIEdata[start]) {
113 case DOT11F_EID_RSN:
114 /* Check validity of RSN IE */
115 if ((rsn_ie->rsnIEdata[start + 1] >
116 DOT11F_IE_RSN_MAX_LEN)
117 || (rsn_ie->rsnIEdata[start + 1] <
118 DOT11F_IE_RSN_MIN_LEN)) {
119 lim_log(mac_ctx, LOGE,
120 FL("RSN IE len %d not [%d,%d]"),
121 rsn_ie->rsnIEdata[start + 1],
122 DOT11F_IE_RSN_MIN_LEN,
123 DOT11F_IE_RSN_MAX_LEN);
124 return false;
125 }
126 break;
127 case DOT11F_EID_WPA:
128 /* Check validity of WPA IE */
129 if (SIR_MAC_MAX_IE_LENGTH <= start)
130 break;
131
132 if (start <= (SIR_MAC_MAX_IE_LENGTH - sizeof(uint32_t)))
133 val = sir_read_u32((uint8_t *) &
134 rsn_ie->rsnIEdata[start + 2]);
135
136 if ((rsn_ie->rsnIEdata[start + 1] <
137 DOT11F_IE_WPA_MIN_LEN)
138 || (rsn_ie->rsnIEdata[start + 1] >
139 DOT11F_IE_WPA_MAX_LEN)
140 || (SIR_MAC_WPA_OUI != val)) {
141 lim_log(mac_ctx, LOGE,
142 FL("WPA IE len %d not [%d,%d] OR data 0x%x not 0x%x"),
143 rsn_ie->rsnIEdata[start + 1],
144 DOT11F_IE_WPA_MIN_LEN,
145 DOT11F_IE_WPA_MAX_LEN,
146 val, SIR_MAC_WPA_OUI);
147 return false;
148 }
149 break;
150#ifdef FEATURE_WLAN_WAPI
151 case DOT11F_EID_WAPI:
152 if ((rsn_ie->rsnIEdata[start + 1] >
153 DOT11F_IE_WAPI_MAX_LEN)
154 || (rsn_ie->rsnIEdata[start + 1] <
155 DOT11F_IE_WAPI_MIN_LEN)) {
156 lim_log(mac_ctx, LOGE,
157 FL("WAPI IE len %d not [%d,%d]"),
158 rsn_ie->rsnIEdata[start + 1],
159 DOT11F_IE_WAPI_MIN_LEN,
160 DOT11F_IE_WAPI_MAX_LEN);
161 return false;
162 }
163 break;
164#endif
165 default:
166 /* we will never be here, simply for completeness */
167 return false;
168 } /* end of switch */
169 /* EID + length field + length */
170 start += 2 + rsn_ie->rsnIEdata[start + 1];
171 len -= start;
172 } /* end while loop */
173 return true;
174} /*** end lim_is_rs_nie_valid_in_sme_req_message() ***/
175
176/**
177 * lim_is_addie_valid_in_sme_req_message()
178 *
179 ***FUNCTION:
180 * This function is called to verify if the Add IE
181 * received in various SME_REQ messages is valid or not
182 *
183 ***LOGIC:
184 * Add IE validity checks are performed on only length
185 *
186 ***ASSUMPTIONS:
187 *
188 ***NOTE:
189 *
190 * @param pMac Pointer to Global MAC structure
191 * @param pWSCie Pointer to received WSC IE
192 * @return true when WSC IE is valid, false otherwise
193 */
194
195static uint8_t
196lim_is_addie_valid_in_sme_req_message(tpAniSirGlobal pMac, tpSirAddie pAddie)
197{
198 int left = pAddie->length;
199 uint8_t *ptr = pAddie->addIEdata;
200 uint8_t elem_id, elem_len;
201
202 if (left == 0)
203 return true;
204
205 while (left >= 2) {
206 elem_id = ptr[0];
207 elem_len = ptr[1];
208 left -= 2;
209 if (elem_len > left) {
210 lim_log(pMac, LOGE,
211 FL
212 ("****Invalid Add IEs eid = %d elem_len=%d left=%d*****"),
213 elem_id, elem_len, left);
214 return false;
215 }
216
217 left -= elem_len;
218 ptr += (elem_len + 2);
219 }
220 /* there shouldn't be any left byte */
221
222 return true;
223} /*** end lim_is_addie_valid_in_sme_req_message() ***/
224
225/**
226 * lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message() - to set rsnie/wpaie
227 *
228 * @mac_ctx : Pointer to Global MAC structure
229 * @rsn_ie : Pointer to received RSN IE
230 * @session : Pointer to pe session
231 *
232 * This function is called to verify if the RSN IE received in various
233 * SME_REQ messages is valid or not. RSN IE validity checks are performed in
234 * this function
235 *
236 * Return: true when RSN IE is valid, false otherwise
237 */
238uint8_t
239lim_set_rs_nie_wp_aiefrom_sme_start_bss_req_message(tpAniSirGlobal mac_ctx,
240 tpSirRSNie rsn_ie,
241 tpPESession session)
242{
243 uint8_t wpa_idx = 0;
244 uint32_t privacy, val;
245
246 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_PRIVACY_ENABLED,
247 &privacy) != eSIR_SUCCESS)
248 lim_log(mac_ctx, LOGP, FL("Unable to retrieve POI from CFG"));
249
250 if (wlan_cfg_get_int(mac_ctx, WNI_CFG_RSN_ENABLED,
251 &val) != eSIR_SUCCESS)
252 lim_log(mac_ctx, LOGP,
253 FL("Unable to retrieve RSN_ENABLED from CFG"));
254
255 if (rsn_ie->length && (!privacy || !val)) {
256 /*
257 * Privacy & RSN not enabled in CFG.
258 * In order to allow mixed mode for Guest access
259 * allow BSS creation/join with no Privacy capability
260 * yet advertising WPA IE
261 */
262 lim_log(mac_ctx, LOG1,
263 FL("RSN ie len %d but PRIVACY %d RSN %d"),
264 rsn_ie->length, privacy, val);
265 }
266
267 if (!rsn_ie->length)
268 return true;
269
270 if ((rsn_ie->rsnIEdata[0] != SIR_MAC_RSN_EID) &&
271 (rsn_ie->rsnIEdata[0] != SIR_MAC_WPA_EID)) {
272 lim_log(mac_ctx, LOGE, FL("RSN/WPA EID %d not [%d || %d]"),
273 rsn_ie->rsnIEdata[0], SIR_MAC_RSN_EID,
274 SIR_MAC_WPA_EID);
275 return false;
276 }
277 /* Check validity of RSN IE */
278 if ((rsn_ie->rsnIEdata[0] == SIR_MAC_RSN_EID) &&
279 (rsn_ie->rsnIEdata[1] < SIR_MAC_RSN_IE_MIN_LENGTH)) {
280 lim_log(mac_ctx, LOGE, FL("RSN IE len %d not [%d,%d]"),
281 rsn_ie->rsnIEdata[1], SIR_MAC_RSN_IE_MIN_LENGTH,
282 SIR_MAC_RSN_IE_MAX_LENGTH);
283 return false;
284 }
285
286 if (rsn_ie->length > rsn_ie->rsnIEdata[1] + 2) {
287 if (rsn_ie->rsnIEdata[0] != SIR_MAC_RSN_EID) {
288 lim_log(mac_ctx, LOGE,
289 FL("First byte[%d] in rsnIEdata isn't RSN_EID"),
290 rsn_ie->rsnIEdata[1]);
291 return false;
292 }
293 lim_log(mac_ctx, LOG1,
294 FL("WPA IE is present along with WPA2 IE"));
295 wpa_idx = 2 + rsn_ie->rsnIEdata[1];
296 } else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2) &&
297 (rsn_ie->rsnIEdata[0] == SIR_MAC_RSN_EID)) {
298 lim_log(mac_ctx, LOG1, FL("Only RSN IE is present"));
299 dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
300 (uint8_t) rsn_ie->length,
301 &session->gStartBssRSNIe);
302 } else if ((rsn_ie->length == rsn_ie->rsnIEdata[1] + 2)
303 && (rsn_ie->rsnIEdata[0] == SIR_MAC_WPA_EID)) {
304 lim_log(mac_ctx, LOG1, FL("Only WPA IE is present"));
305 dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[6],
306 (uint8_t) rsn_ie->length - 4,
307 &session->gStartBssWPAIe);
308 }
309 /* Check validity of WPA IE */
310 if (wpa_idx + 6 >= SIR_MAC_MAX_IE_LENGTH)
311 return false;
312
313 val = sir_read_u32((uint8_t *)&rsn_ie->rsnIEdata[wpa_idx + 2]);
314 if ((rsn_ie->rsnIEdata[wpa_idx] == SIR_MAC_WPA_EID)
315 && ((rsn_ie->rsnIEdata[wpa_idx + 1] < SIR_MAC_WPA_IE_MIN_LENGTH)
316 || (SIR_MAC_WPA_OUI != val))) {
317 lim_log(mac_ctx, LOGE,
318 FL("WPA IE len %d not [%d,%d] OR data 0x%x not 0x%x"),
319 rsn_ie->rsnIEdata[1],
320 SIR_MAC_RSN_IE_MIN_LENGTH,
321 SIR_MAC_RSN_IE_MAX_LENGTH, val,
322 SIR_MAC_WPA_OUI);
323 return false;
324 } else {
325 /* Both RSN and WPA IEs are present */
326 dot11f_unpack_ie_rsn(mac_ctx, &rsn_ie->rsnIEdata[2],
327 (uint8_t) rsn_ie->length,
328 &session->gStartBssRSNIe);
329 dot11f_unpack_ie_wpa(mac_ctx, &rsn_ie->rsnIEdata[wpa_idx + 6],
330 rsn_ie->rsnIEdata[wpa_idx + 1] - 4,
331 &session->gStartBssWPAIe);
332 }
333 return true;
334}
335
336/**
337 * lim_is_bss_descr_valid_in_sme_req_message()
338 *
339 ***FUNCTION:
340 * This function is called to verify if the BSS Descr
341 * received in various SME_REQ messages is valid or not
342 *
343 ***LOGIC:
344 * BSS Descritipion validity checks are performed in this function
345 *
346 ***ASSUMPTIONS:
347 *
348 ***NOTE:
349 *
350 * @param pMac Pointer to Global MAC structure
351 * @param pBssDescr Pointer to received Bss Descritipion
352 * @return true when BSS description is valid, false otherwise
353 */
354
355static uint8_t
356lim_is_bss_descr_valid_in_sme_req_message(tpAniSirGlobal pMac,
357 tpSirBssDescription pBssDescr)
358{
359 uint8_t valid = true;
360
361 if (lim_is_addr_bc(pBssDescr->bssId) || !pBssDescr->channelId) {
362 valid = false;
363 goto end;
364 }
365
366end:
367 return valid;
368} /*** end lim_is_bss_descr_valid_in_sme_req_message() ***/
369
370/**
371 * lim_is_sme_start_bss_req_valid() - To validate sme start bss request
372 *
373 * @mac_ctx: Pointer to Global MAC structure
374 * @start_bss_req: Pointer to received SME_START_BSS_REQ message
375 *
376 * This function is called by lim_process_sme_req_messages() upon
377 * receiving SME_START_BSS_REQ message from application.
378 *
379 * Return: true when received SME_START_BSS_REQ is formatted correctly false
380 * otherwise
381 */
382
383uint8_t
384lim_is_sme_start_bss_req_valid(tpAniSirGlobal mac_ctx,
385 tpSirSmeStartBssReq start_bss_req)
386{
387 uint8_t i = 0;
388 tSirMacRateSet *opr_rates = &start_bss_req->operationalRateSet;
389
390 PELOG1(lim_log(mac_ctx, LOG1,
Sreelakshmi Konamki39acb132015-12-16 13:06:22 +0530[diff] [blame]391 FL("Parsed START_BSS_REQ fields are bssType=%s (%d), channelId=%d, SSID len=%d, rsnIE len=%d, nwType=%d, rateset len=%d"),
392 lim_bss_type_to_string(start_bss_req->bssType),
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]393 start_bss_req->bssType, start_bss_req->channelId,
394 start_bss_req->ssId.length, start_bss_req->rsnIE.length,
395 start_bss_req->nwType, opr_rates->numRates);)
396
397 switch (start_bss_req->bssType) {
398 case eSIR_INFRASTRUCTURE_MODE:
399 /**
400 * Should not have received start BSS req with bssType
401 * Infrastructure on STA.
402 */
403 lim_log(mac_ctx, LOGE,
404 FL("Invalid bssType %d in eWNI_SME_START_BSS_REQ"),
405 start_bss_req->bssType);
406 return false;
407 break;
408 case eSIR_IBSS_MODE:
409 break;
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]410 case eSIR_INFRA_AP_MODE:
411 break;
Deepak Dhamdheree2dd5442016-05-27 15:05:51 -0700[diff] [blame]412 case eSIR_NDI_MODE:
413 break;
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]414 default:
415 /**
416 * Should not have received start BSS req with bssType
417 * other than Infrastructure/IBSS.
418 */
419 lim_log(mac_ctx, LOGW,
420 FL("Invalid bssType %d in eWNI_SME_START_BSS_REQ"),
421 start_bss_req->bssType);
422 return false;
423 }
424
425 if (start_bss_req->bssType == eSIR_IBSS_MODE
426 && (!start_bss_req->ssId.length
427 || start_bss_req->ssId.length > SIR_MAC_MAX_SSID_LENGTH)) {
428 lim_log(mac_ctx, LOGW,
429 FL("Invalid SSID length in eWNI_SME_START_BSS_REQ"));
430 return false;
431 }
432
433 if (!lim_is_rsn_ie_valid_in_sme_req_message(mac_ctx,
434 &start_bss_req->rsnIE))
435 return false;
436
437 if (start_bss_req->nwType != eSIR_11A_NW_TYPE
438 && start_bss_req->nwType != eSIR_11B_NW_TYPE
439 && start_bss_req->nwType != eSIR_11G_NW_TYPE)
440 return false;
441
442 if (start_bss_req->nwType == eSIR_11A_NW_TYPE) {
443 for (i = 0; i < opr_rates->numRates; i++) {
444 if (sirIsArate(opr_rates->rate[i] & 0x7F))
445 continue;
446
447 lim_log(mac_ctx, LOGW,
448 FL("Invalid operational 11A rates"));
449 sir_dump_buf(mac_ctx, SIR_LIM_MODULE_ID, LOG2,
450 opr_rates->rate, opr_rates->numRates);
451 return false;
452 }
453 return true;
454 }
455 /* check if all the rates in the opr rate set are legal 11G rates */
456 if (start_bss_req->nwType == eSIR_11G_NW_TYPE) {
457 for (i = 0; i < opr_rates->numRates; i++) {
458 if (sirIsGrate(opr_rates->rate[i] & 0x7F))
459 continue;
460
461 lim_log(mac_ctx, LOGW,
462 FL("Invalid operational 11G rates"));
463 sir_dump_buf(mac_ctx, SIR_LIM_MODULE_ID, LOG2,
464 opr_rates->rate, opr_rates->numRates);
465 return false;
466 }
467 return true;
468 }
469
470 for (i = 0; i < opr_rates->numRates; i++) {
471 if (sirIsBrate(opr_rates->rate[i] & 0x7F))
472 continue;
473
474 lim_log(mac_ctx, LOGW,
475 FL("Invalid operational 11B rates"));
476 sir_dump_buf(mac_ctx, SIR_LIM_MODULE_ID, LOG2,
477 opr_rates->rate, opr_rates->numRates);
478 return false;
479 }
480 return true;
481}
482
483/**
484 * lim_is_sme_join_req_valid()
485 *
486 ***FUNCTION:
487 * This function is called by lim_process_sme_req_messages() upon
488 * receiving SME_JOIN_REQ message from application.
489 *
490 ***LOGIC:
491 * Message validity checks are performed in this function
492 *
493 ***ASSUMPTIONS:
494 *
495 ***NOTE:
496 *
497 * @param pMac Pointer to Global MAC structure
498 * @param pJoinReq Pointer to received SME_JOIN_REQ message
499 * @return true when received SME_JOIN_REQ is formatted correctly
500 * false otherwise
501 */
502
503uint8_t lim_is_sme_join_req_valid(tpAniSirGlobal pMac, tpSirSmeJoinReq pJoinReq)
504{
505 uint8_t valid = true;
506
507 if (!lim_is_rsn_ie_valid_in_sme_req_message(pMac, &pJoinReq->rsnIE)) {
508 lim_log(pMac, LOGE,
509 FL("received SME_JOIN_REQ with invalid RSNIE"));
510 valid = false;
511 goto end;
512 }
513
514 if (!lim_is_addie_valid_in_sme_req_message(pMac, &pJoinReq->addIEScan)) {
515 lim_log(pMac, LOGE,
516 FL
517 ("received SME_JOIN_REQ with invalid additional IE for scan"));
518 valid = false;
519 goto end;
520 }
521
522 if (!lim_is_addie_valid_in_sme_req_message(pMac, &pJoinReq->addIEAssoc)) {
523 lim_log(pMac, LOGE,
524 FL
525 ("received SME_JOIN_REQ with invalid additional IE for assoc"));
526 valid = false;
527 goto end;
528 }
529
530 if (!lim_is_bss_descr_valid_in_sme_req_message(pMac, &pJoinReq->bssDescription)) {
531 /* / Received eWNI_SME_JOIN_REQ with invalid BSS Info */
532 /* Log the event */
533 lim_log(pMac, LOGE,
534 FL("received SME_JOIN_REQ with invalid bssInfo"));
535
536 valid = false;
537 goto end;
538 }
539
540 /*
541 Reject Join Req if the Self Mac Address and
542 the Ap's Mac Address is same
543 */
Anurag Chouhan600c3a02016-03-01 10:33:54 +0530[diff] [blame]544 if (!qdf_mem_cmp((uint8_t *) pJoinReq->selfMacAddr,
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]545 (uint8_t *) pJoinReq->bssDescription.bssId,
546 (uint8_t) (sizeof(tSirMacAddr)))) {
547 /* Log the event */
548 lim_log(pMac, LOGE,
549 FL
550 ("received SME_JOIN_REQ with Self Mac and BSSID Same"));
551
552 valid = false;
553 goto end;
554 }
555
556end:
557 return valid;
558} /*** end lim_is_sme_join_req_valid() ***/
559
560/**
561 * lim_is_sme_disassoc_req_valid()
562 *
563 ***FUNCTION:
564 * This function is called by lim_process_sme_req_messages() upon
565 * receiving SME_DISASSOC_REQ message from application.
566 *
567 ***LOGIC:
568 * Message validity checks are performed in this function
569 *
570 ***ASSUMPTIONS:
571 *
572 ***NOTE:
573 *
574 * @param pMac Pointer to Global MAC structure
575 * @param pDisassocReq Pointer to received SME_DISASSOC_REQ message
576 * @return true When received SME_DISASSOC_REQ is formatted
577 * correctly
578 * false otherwise
579 */
580
581uint8_t
582lim_is_sme_disassoc_req_valid(tpAniSirGlobal pMac,
583 tpSirSmeDisassocReq pDisassocReq,
584 tpPESession psessionEntry)
585{
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]586 if (qdf_is_macaddr_group(&pDisassocReq->peer_macaddr) &&
587 !qdf_is_macaddr_broadcast(&pDisassocReq->peer_macaddr))
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]588 return false;
589
590 return true;
591} /*** end lim_is_sme_disassoc_req_valid() ***/
592
593/**
594 * lim_is_sme_disassoc_cnf_valid()
595 *
596 ***FUNCTION:
597 * This function is called by lim_process_sme_req_messages() upon
598 * receiving SME_DISASSOC_CNF message from application.
599 *
600 ***LOGIC:
601 * Message validity checks are performed in this function
602 *
603 ***ASSUMPTIONS:
604 *
605 ***NOTE:
606 *
607 * @param pMac Pointer to Global MAC structure
608 * @param pDisassocCnf Pointer to received SME_DISASSOC_REQ message
609 * @return true When received SME_DISASSOC_CNF is formatted
610 * correctly
611 * false otherwise
612 */
613
614uint8_t
615lim_is_sme_disassoc_cnf_valid(tpAniSirGlobal pMac,
616 tpSirSmeDisassocCnf pDisassocCnf,
617 tpPESession psessionEntry)
618{
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]619 if (qdf_is_macaddr_group(&pDisassocCnf->peer_macaddr))
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]620 return false;
621
622 return true;
623} /*** end lim_is_sme_disassoc_cnf_valid() ***/
624
625/**
626 * lim_is_sme_deauth_req_valid()
627 *
628 ***FUNCTION:
629 * This function is called by lim_process_sme_req_messages() upon
630 * receiving SME_DEAUTH_REQ message from application.
631 *
632 ***LOGIC:
633 * Message validity checks are performed in this function
634 *
635 ***ASSUMPTIONS:
636 *
637 ***NOTE:
638 *
639 * @param pMac Pointer to Global MAC structure
640 * @param pDeauthReq Pointer to received SME_DEAUTH_REQ message
641 * @return true When received SME_DEAUTH_REQ is formatted correctly
642 * false otherwise
643 */
644
645uint8_t
646lim_is_sme_deauth_req_valid(tpAniSirGlobal pMac, tpSirSmeDeauthReq pDeauthReq,
647 tpPESession psessionEntry)
648{
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]649 if (qdf_is_macaddr_group(&pDeauthReq->peer_macaddr) &&
650 !qdf_is_macaddr_broadcast(&pDeauthReq->peer_macaddr))
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]651 return false;
652
653 return true;
654} /*** end lim_is_sme_deauth_req_valid() ***/
655
656/**
657 * lim_is_sme_scan_req_valid()
658 *
659 ***FUNCTION:
660 * This function is called by lim_process_sme_req_messages() upon
661 * receiving SME_SCAN_REQ message from application.
662 *
663 ***LOGIC:
664 * Message validity checks are performed in this function
665 *
666 ***ASSUMPTIONS:
667 *
668 ***NOTE:
669 *
670 * @param pScanReq Pointer to received SME_SCAN_REQ message
671 * @return true when received SME_SCAN_REQ is formatted correctly
672 * false otherwise
673 */
674
675uint8_t lim_is_sme_scan_req_valid(tpAniSirGlobal pMac, tpSirSmeScanReq pScanReq)
676{
677 uint8_t valid = true;
678 uint8_t i = 0;
679
680 if (pScanReq->numSsid > SIR_SCAN_MAX_NUM_SSID) {
681 valid = false;
682 lim_log(pMac, LOGE,
683 FL("Number of SSIDs > SIR_SCAN_MAX_NUM_SSID"));
684 goto end;
685 }
686
687 for (i = 0; i < pScanReq->numSsid; i++) {
688 if (pScanReq->ssId[i].length > SIR_MAC_MAX_SSID_LENGTH) {
689 lim_log(pMac, LOGE,
690 FL
691 ("Requested SSID length > SIR_MAC_MAX_SSID_LENGTH"));
692 valid = false;
693 goto end;
694 }
695 }
696 if ((pScanReq->bssType < 0) || (pScanReq->bssType > eSIR_AUTO_MODE)) {
697 lim_log(pMac, LOGE, FL("Invalid BSS Type"));
698 valid = false;
699 }
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]700 if (qdf_is_macaddr_group(&pScanReq->bssId) &&
701 !qdf_is_macaddr_broadcast(&pScanReq->bssId)) {
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]702 valid = false;
703 lim_log(pMac, LOGE,
704 FL("BSSID is group addr and is not Broadcast Addr"));
705 }
706 if (!
707 (pScanReq->scanType == eSIR_PASSIVE_SCAN
708 || pScanReq->scanType == eSIR_ACTIVE_SCAN)) {
709 valid = false;
710 lim_log(pMac, LOGE, FL("Invalid Scan Type"));
711 }
712 if (pScanReq->channelList.numChannels > SIR_MAX_NUM_CHANNELS) {
713 valid = false;
714 lim_log(pMac, LOGE,
715 FL("Number of Channels > SIR_MAX_NUM_CHANNELS"));
716 }
717
718 /*
719 ** check min/max channelTime range
720 **/
721 if (valid) {
722 if ((pScanReq->scanType == eSIR_ACTIVE_SCAN) &&
723 (pScanReq->maxChannelTime < pScanReq->minChannelTime)) {
724 lim_log(pMac, LOGE,
725 FL("Max Channel Time < Min Channel Time"));
726 valid = false;
727 goto end;
728 }
729 }
730
731end:
732 return valid;
733} /*** end lim_is_sme_scan_req_valid() ***/
734
735/**
736 * lim_is_sme_set_context_req_valid()
737 *
738 ***FUNCTION:
739 * This function is called by lim_process_sme_req_messages() upon
740 * receiving SME_SET_CONTEXT_REQ message from application.
741 *
742 ***LOGIC:
743 * Message validity checks are performed in this function
744 *
745 ***ASSUMPTIONS:
746 *
747 ***NOTE:
748 *
749 * @param pMsg - Pointer to received SME_SET_CONTEXT_REQ message
750 * @return true when received SME_SET_CONTEXT_REQ is formatted correctly
751 * false otherwise
752 */
753
754uint8_t
755lim_is_sme_set_context_req_valid(tpAniSirGlobal pMac,
756 tpSirSmeSetContextReq pSetContextReq)
757{
758 uint8_t i = 0;
759 uint8_t valid = true;
760 tpSirKeys pKey = pSetContextReq->keyMaterial.key;
761
762 if ((pSetContextReq->keyMaterial.edType != eSIR_ED_WEP40) &&
763 (pSetContextReq->keyMaterial.edType != eSIR_ED_WEP104) &&
764 (pSetContextReq->keyMaterial.edType != eSIR_ED_NONE) &&
765#ifdef FEATURE_WLAN_WAPI
766 (pSetContextReq->keyMaterial.edType != eSIR_ED_WPI) &&
767#endif
768 !pSetContextReq->keyMaterial.numKeys) {
769 /**
770 * No keys present in case of TKIP or CCMP
771 * Log error.
772 */
773 lim_log(pMac, LOGW,
774 FL
775 ("No keys present in SME_SETCONTEXT_REQ for edType=%d"),
776 pSetContextReq->keyMaterial.edType);
777
778 valid = false;
779 goto end;
780 }
781
782 if (pSetContextReq->keyMaterial.numKeys &&
783 (pSetContextReq->keyMaterial.edType == eSIR_ED_NONE)) {
784 /**
785 * Keys present in case of no ED policy
786 * Log error.
787 */
788 lim_log(pMac, LOGW,
789 FL("Keys present in SME_SETCONTEXT_REQ for edType=%d"),
790 pSetContextReq->keyMaterial.edType);
791
792 valid = false;
793 goto end;
794 }
795
796 if (pSetContextReq->keyMaterial.edType >= eSIR_ED_NOT_IMPLEMENTED) {
797 /**
798 * Invalid edType in the message
799 * Log error.
800 */
801 lim_log(pMac, LOGW,
802 FL("Invalid edType=%d in SME_SETCONTEXT_REQ"),
803 pSetContextReq->keyMaterial.edType);
804
805 valid = false;
806 goto end;
807 } else if (pSetContextReq->keyMaterial.edType > eSIR_ED_NONE) {
808 uint32_t poi;
809
810 if (wlan_cfg_get_int(pMac, WNI_CFG_PRIVACY_ENABLED,
811 &poi) != eSIR_SUCCESS) {
812 lim_log(pMac, LOGP,
813 FL("Unable to retrieve POI from CFG"));
814 }
815
816 if (!poi) {
817 /**
818 * Privacy is not enabled
819 * In order to allow mixed mode for Guest access
820 * allow BSS creation/join with no Privacy capability
821 * yet advertising WPA IE
822 */
823 PELOG1(lim_log(pMac, LOG1,
824 FL
825 ("Privacy is not enabled, yet non-None EDtype=%d in SME_SETCONTEXT_REQ"),
826 pSetContextReq->keyMaterial.edType);
827 )
828 }
829 }
830
831 for (i = 0; i < pSetContextReq->keyMaterial.numKeys; i++) {
832 if (((pSetContextReq->keyMaterial.edType == eSIR_ED_WEP40) &&
833 (pKey->keyLength != 5)) ||
834 ((pSetContextReq->keyMaterial.edType == eSIR_ED_WEP104) &&
835 (pKey->keyLength != 13)) ||
836 ((pSetContextReq->keyMaterial.edType == eSIR_ED_TKIP) &&
837 (pKey->keyLength != 32)) ||
838#ifdef FEATURE_WLAN_WAPI
839 ((pSetContextReq->keyMaterial.edType == eSIR_ED_WPI) &&
840 (pKey->keyLength != 32)) ||
841#endif
842 ((pSetContextReq->keyMaterial.edType == eSIR_ED_CCMP) &&
843 (pKey->keyLength != 16))) {
844 /**
845 * Invalid key length for a given ED type
846 * Log error.
847 */
848 lim_log(pMac, LOGW,
849 FL
850 ("Invalid keyLength =%d for edType=%d in SME_SETCONTEXT_REQ"),
851 pKey->keyLength,
852 pSetContextReq->keyMaterial.edType);
853
854 valid = false;
855 goto end;
856 }
857 pKey++;
858 }
859
860end:
861 return valid;
862} /*** end lim_is_sme_set_context_req_valid() ***/
863
864/**
865 * lim_is_sme_stop_bss_req_valid()
866 *
867 ***FUNCTION:
868 * This function is called by lim_process_sme_req_messages() upon
869 * receiving SME_STOP_BSS_REQ message from application.
870 *
871 ***LOGIC:
872 * Message validity checks are performed in this function
873 *
874 ***ASSUMPTIONS:
875 *
876 ***NOTE:
877 *
878 * @param pMsg - Pointer to received SME_STOP_BSS_REQ message
879 * @return true when received SME_STOP_BSS_REQ is formatted correctly
880 * false otherwise
881 */
882
883uint8_t lim_is_sme_stop_bss_req_valid(uint32_t *pMsg)
884{
885 uint8_t valid = true;
886
887 return valid;
888} /*** end lim_is_sme_stop_bss_req_valid() ***/
889
890/**
891 * lim_get_bss_id_from_sme_join_req_msg()
892 *
893 ***FUNCTION:
894 * This function is called in various places to get BSSID
895 * from BSS description/Neighbor BSS Info in the SME_JOIN_REQ/
896 * SME_REASSOC_REQ message.
897 *
898 ***PARAMS:
899 *
900 ***LOGIC:
901 *
902 ***ASSUMPTIONS:
903 * NA
904 *
905 ***NOTE:
906 * NA
907 *
908 * @param pBuf - Pointer to received SME_JOIN/SME_REASSOC_REQ
909 * message
910 * @return pBssId - Pointer to BSSID
911 */
912
913uint8_t *lim_get_bss_id_from_sme_join_req_msg(uint8_t *pBuf)
914{
915 if (!pBuf)
916 return NULL;
917
918 pBuf += sizeof(uint32_t); /* skip message header */
919
920 pBuf += lim_get_u16(pBuf) + sizeof(uint16_t); /* skip RSN IE */
921
922 pBuf += sizeof(uint16_t); /* skip length of BSS description */
923
Anurag Chouhanc5548422016-02-24 18:33:27 +0530[diff] [blame]924 return pBuf;
Prakash Dhavali7090c5f2015-11-02 17:55:19 -0800[diff] [blame]925} /*** end lim_get_bss_id_from_sme_join_req_msg() ***/