From 6f92f81dacfc0c36e72f1ed64ec5ac73fedbb1b7 Mon Sep 17 00:00:00 2001 From: Veerendranath Jakkam Date: Fri, 5 Feb 2021 00:03:20 +0530 Subject: [PATCH] AP: Check driver's capability to enable OCV when driver SME is used When the driver SME is used, offloaded handshakes which need Operating Channel Validation (OCV) such as SA Query procedure, etc. would fail if hostapd enables OCV based on configuration but the driver doesn't support OCV. To avoid this when driver SME is used, enable OCV from hostapd only when the driver indicates support for OCV. This commit also adds a capability flag to indicate whether driver SME is used in AP mode. Signed-off-by: Veerendranath Jakkam --- hostapd/hostapd.conf | 3 +++ src/ap/hs20.c | 4 +++- src/ap/wpa_auth_glue.c | 6 ++++++ src/drivers/driver.h | 2 ++ src/drivers/driver_nl80211_capa.c | 1 + 5 files changed, 15 insertions(+), 1 deletion(-) diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 36d2df03eb..a3d28efed5 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1804,6 +1804,9 @@ own_ip_addr=127.0.0.1 # ocv: Operating Channel Validation # This is a countermeasure against multi-channel man-in-the-middle attacks. +# Enabling this depends on the driver's support for OCV when the driver SME is +# used. If hostapd SME is used, this will be enabled just based on this +# configuration. # Enabling this automatically also enables ieee80211w, if not yet enabled. # 0 = disabled (default) # 1 = enabled diff --git a/src/ap/hs20.c b/src/ap/hs20.c index 543fa335f7..05e9b9d20f 100644 --- a/src/ap/hs20.c +++ b/src/ap/hs20.c @@ -86,7 +86,9 @@ u8 * hostapd_eid_osen(struct hostapd_data *hapd, u8 *eid) capab |= WPA_CAPABILITY_MFPR; } #ifdef CONFIG_OCV - if (hapd->conf->ocv) + if (hapd->conf->ocv && + (hapd->iface->drv_flags2 & + (WPA_DRIVER_FLAGS2_AP_SME | WPA_DRIVER_FLAGS2_OCV))) capab |= WPA_CAPABILITY_OCVC; #endif /* CONFIG_OCV */ WPA_PUT_LE16(eid, capab); diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index f24ada266b..c3b2e81e2e 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -1515,6 +1515,12 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION)) _conf.beacon_prot = 0; +#ifdef CONFIG_OCV + if (!(hapd->iface->drv_flags2 & + (WPA_DRIVER_FLAGS2_AP_SME | WPA_DRIVER_FLAGS2_OCV))) + _conf.ocv = 0; +#endif /* CONFIG_OCV */ + _conf.secure_ltf = !!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF); _conf.secure_rtt = diff --git a/src/drivers/driver.h b/src/drivers/driver.h index 5956775671..5b2c71ca0f 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -2017,6 +2017,8 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT 0x0000000000000040ULL /** Driver supports Operating Channel Validation */ #define WPA_DRIVER_FLAGS2_OCV 0x0000000000000080ULL +/** Driver expects user space implementation of SME in AP mode */ +#define WPA_DRIVER_FLAGS2_AP_SME 0x0000000000000100ULL u64 flags2; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index d2400bbd9c..1b57c0e88b 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -1390,6 +1390,7 @@ int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) if (!info.device_ap_sme) { drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; + drv->capa.flags2 |= WPA_DRIVER_FLAGS2_AP_SME; /* * No AP SME is currently assumed to also indicate no AP MLME -- 2.47.2