Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Reject assoc req with PMF disabled from SAE STA

For WPA3 SAE test case 4.2.7, SAP should reject the association
request with PMF disabled from SAE STA.

Change-Id: Ie2298313ce5a7a363afdb4478f541cf2da612603
CRs-Fixed: 2387822
Min Liu 6 years ago
parent
98e93b772c
commit
b3b222af60
2 changed files with 48 additions and 1 deletions
Split View Show Diff Stats
  1. 3 1
      core/mac/inc/sir_mac_prot_def.h
  2. 45 0
      core/mac/src/pe/lim/lim_process_assoc_req_frame.c

+ 3 - 1
core/mac/inc/sir_mac_prot_def.h
View File 

@@ -506,7 +506,9 @@ typedef enum eSirMacStatusCodes {
 
 	eSIR_MAC_DSSS_OFDM_NOT_SUPPORTED_STATUS = 26,   /* Association denied due to requesting station not supporting the DSSS-OFDM option */
 
 	/* reserved                                     27-29 */
 
 	eSIR_MAC_TRY_AGAIN_LATER = 30,  /* Association request rejected temporarily, try again later */
 
-	/* reserved                                     31 */
 
+#ifdef WLAN_FEATURE_11W
 
+	eSIR_MAC_ROBUST_MGMT_FRAMES_POLICY_VIOLATION_STATUS = 31,    /* Robust management frames policy violation */
 
+#endif
 
 	eSIR_MAC_QOS_UNSPECIFIED_FAILURE_STATUS = 32,   /* Unspecified, QoS-related failure */
 
 	eSIR_MAC_QAP_NO_BANDWIDTH_STATUS = 33,  /* Association denied because QoS AP has insufficient bandwidth to handle another */
 
 	/* QoS STA */

+ 45 - 0
core/mac/src/pe/lim/lim_process_assoc_req_frame.c
View File 

@@ -907,6 +907,38 @@ static tSirMacStatusCodes lim_check_wpa_ie(struct pe_session *session,
 
 					 assoc_req->HTCaps.present);
 
 }
 
 #endif
 
+
 
+/**
 
+  * lim_check_sae_pmf_cap() - check pmf capability for SAE STA
 
+  * @session: pointer to pe session entry
 
+  * @rsn: pointer to RSN
 
+  *
 
+  * This function checks if SAE STA is pmf capable when SAE SAP is pmf
 
+  * capable. Reject with eSIR_MAC_ROBUST_MGMT_FRAMES_POLICY_VIOLATION
 
+  * if SAE STA is pmf disable.
 
+  *
 
+  * Return: tSirMacStatusCodes
 
+  */
 
+#ifdef WLAN_FEATURE_SAE
 
+static tSirMacStatusCodes lim_check_sae_pmf_cap(struct pe_session *session,
 
+						tDot11fIERSN *rsn)
 
+{
 
+	tSirMacStatusCodes status = eSIR_MAC_SUCCESS_STATUS;
 
+
 
+	if (session->pLimStartBssReq->pmfCapable &&
 
+	    (rsn->RSN_Cap[0] & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) == 0)
 
+		status = eSIR_MAC_ROBUST_MGMT_FRAMES_POLICY_VIOLATION_STATUS;
 
+
 
+	return status;
 
+}
 
+#else
 
+static tSirMacStatusCodes lim_check_sae_pmf_cap(struct pe_session *session,
 
+						tDot11fIERSN *rsn)
 
+{
 
+	return eSIR_MAC_SUCCESS_STATUS;
 
+}
 
+#endif
 
+
 
 /**
 
   * lim_check_wpa_rsn_ie() - wpa and rsn ie related checks
 
   * @session: pointer to pe session entry
 
@@ -1000,6 +1032,19 @@ static bool lim_check_wpa_rsn_ie(struct pe_session *session,
 
 		}
 
 		*akm_type = lim_translate_rsn_oui_to_akm_type(
 
 						    dot11f_ie_rsn.akm_suite[0]);
 
+
 
+		if (*akm_type == ANI_AKM_TYPE_SAE)
 
+			status = lim_check_sae_pmf_cap(session, &dot11f_ie_rsn);
 
+		if (eSIR_MAC_SUCCESS_STATUS != status) {
 
+			/* Reject pmf disable SAE STA */
 
+			pe_warn("Re/Assoc rejected from: " MAC_ADDRESS_STR,
 
+				MAC_ADDR_ARRAY(hdr->sa));
 
+			lim_send_assoc_rsp_mgmt_frame(mac_ctx, status,
 
+						      1, hdr->sa, sub_type,
 
+						      0, session);
 
+			return false;
 
+		}
 
+
 
 	} else if (assoc_req->wpaPresent) {
 
 		if (!(assoc_req->wpa.length)) {
 
 			pe_warn("Re/Assoc rejected from: "