AP: Check driver's capability to enable OCV when driver SME is used

When the driver SME is used, offloaded handshakes which need Operating
Channel Validation (OCV) such as SA Query procedure, etc. would fail if
hostapd enables OCV based on configuration but the driver doesn't
support OCV. To avoid this when driver SME is used, enable OCV from
hostapd only when the driver indicates support for OCV.

This commit also adds a capability flag to indicate whether driver SME
is used in AP mode.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 36d2df03eb02babf76b97a76f4cb4a0d39d46479..a3d28efed5435871a66ad3e093775e22e0b1e094 100644 (file)
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1804,6 +1804,9 @@ own_ip_addr=127.0.0.1
 
 # ocv: Operating Channel Validation
 # This is a countermeasure against multi-channel man-in-the-middle attacks.
+# Enabling this depends on the driver's support for OCV when the driver SME is
+# used. If hostapd SME is used, this will be enabled just based on this
+# configuration.
 # Enabling this automatically also enables ieee80211w, if not yet enabled.
 # 0 = disabled (default)
 # 1 = enabled

diff --git a/src/ap/hs20.c b/src/ap/hs20.c
index 543fa335f7a589535888ec10b8138c1b81f0720b..05e9b9d20fd7502bae4187254cbac38542b73f60 100644 (file)
--- a/src/ap/hs20.c
+++ b/src/ap/hs20.c
@@ -86,7 +86,9 @@ u8 * hostapd_eid_osen(struct hostapd_data *hapd, u8 *eid)
                        capab |= WPA_CAPABILITY_MFPR;
        }
 #ifdef CONFIG_OCV
-       if (hapd->conf->ocv)
+       if (hapd->conf->ocv &&
+           (hapd->iface->drv_flags2 &
+            (WPA_DRIVER_FLAGS2_AP_SME | WPA_DRIVER_FLAGS2_OCV)))
                capab |= WPA_CAPABILITY_OCVC;
 #endif /* CONFIG_OCV */
        WPA_PUT_LE16(eid, capab);

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index f24ada266b74547614c0c39873061888997b6f1e..c3b2e81e2e72dc0996c5cf117f118c8d19fdee51 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1515,6 +1515,12 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
        if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
                _conf.beacon_prot = 0;
 
+#ifdef CONFIG_OCV
+       if (!(hapd->iface->drv_flags2 &
+             (WPA_DRIVER_FLAGS2_AP_SME | WPA_DRIVER_FLAGS2_OCV)))
+               _conf.ocv = 0;
+#endif /* CONFIG_OCV */
+
        _conf.secure_ltf =
                !!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF);
        _conf.secure_rtt =

diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 595677567103605bb1e00f4ac91d6c85560be1db..5b2c71ca0fd05b9d8a416eb013330275f3b07ff7 100644 (file)
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -2017,6 +2017,8 @@ struct wpa_driver_capa {
 #define WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT 0x0000000000000040ULL
 /** Driver supports Operating Channel Validation */
 #define WPA_DRIVER_FLAGS2_OCV                  0x0000000000000080ULL
+/** Driver expects user space implementation of SME in AP mode */
+#define WPA_DRIVER_FLAGS2_AP_SME               0x0000000000000100ULL
        u64 flags2;
 
 #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \

diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index d2400bbd9c357105e8955e1e2092f9e1a65b7f28..1b57c0e88b69ce6f080f07cc52ac911ec0036757 100644 (file)
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -1390,6 +1390,7 @@ int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
 
        if (!info.device_ap_sme) {
                drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS;
+               drv->capa.flags2 |= WPA_DRIVER_FLAGS2_AP_SME;
 
                /*
                 * No AP SME is currently assumed to also indicate no AP MLME