OCV: Report validation errors for EAPOL-Key messages in AP mode

Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in EAPOL-Key msg 2/4 and group 2/2.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index d5aaf9cb86d6ac1be29458f7432d63c5dcc58585..203aecea7c0fb84868ee6f98edede582318d1141 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -15,6 +15,7 @@
 #include "common/ieee802_11_defs.h"
 #include "common/ocv.h"
 #include "common/dpp.h"
+#include "common/wpa_ctrl.h"
 #include "crypto/aes.h"
 #include "crypto/aes_wrap.h"
 #include "crypto/aes_siv.h"
@@ -3044,6 +3045,11 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
                                         tx_chanwidth, tx_seg1_idx) != 0) {
                        wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
                                         "OCV failed: %s", ocv_errorstr);
+                       if (wpa_auth->conf.msg_ctx)
+                               wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
+                                       OCV_FAILURE "addr=" MACSTR
+                                       " frame=eapol-key-m2 error=%s",
+                                       MAC2STR(sm->addr), ocv_errorstr);
                        return;
                }
        }
@@ -3868,7 +3874,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
 
                if (wpa_channel_info(wpa_auth, &ci) != 0) {
                        wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
-                                       "Failed to get channel info to validate received OCI in EAPOL-Key group 1/2");
+                                       "Failed to get channel info to validate received OCI in EAPOL-Key group 2/2");
                        return;
                }
 
@@ -3882,6 +3888,11 @@ SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
                                         tx_chanwidth, tx_seg1_idx) != 0) {
                        wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
                                         "OCV failed: %s", ocv_errorstr);
+                       if (wpa_auth->conf.msg_ctx)
+                               wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
+                                       OCV_FAILURE "addr=" MACSTR
+                                       " frame=eapol-key-g2 error=%s",
+                                       MAC2STR(sm->addr), ocv_errorstr);
                        return;
                }
        }

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 1ea067bcf85e4fb287e3dd3466237d2b5d116ce6..90b1885995bbe731ae74c5182d98182fa908f958 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -168,6 +168,7 @@ struct ft_remote_r1kh {
 
 
 struct wpa_auth_config {
+       void *msg_ctx;
        int wpa;
        int extended_key_id;
        int wpa_key_mgmt;

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 05d87ac5045beaacaddad10b8f6803a97a99cf55..e1da56da91c00067b77a52f6a20c777be621704f 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1451,6 +1451,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
        size_t wpa_ie_len;
 
        hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf);
+       _conf.msg_ctx = hapd->msg_ctx;
        if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS)
                _conf.tx_status = 1;
        if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)