AP: Check driver's capability to enable OCV when driver SME is used

When the driver SME is used, offloaded handshakes which need Operating Channel Validation (OCV) such as SA Query procedure, etc. would fail if hostapd enables OCV based on configuration but the driver doesn't support OCV. To avoid this when driver SME is used, enable OCV from hostapd only when the driver indicates support for OCV. This commit also adds a capability flag to indicate whether driver SME is used in AP mode. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-02-05 00:03:20 +05:30 · 2021-02-05 00:03:20 +05:30 · 6f92f81dac
commit 6f92f81dac
parent 73ebd58fc8
5 changed files with 15 additions and 1 deletions
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@ -1804,6 +1804,9 @@ own_ip_addr=127.0.0.1

 # ocv: Operating Channel Validation
 # This is a countermeasure against multi-channel man-in-the-middle attacks.
+# Enabling this depends on the driver's support for OCV when the driver SME is
+# used. If hostapd SME is used, this will be enabled just based on this
+# configuration.
 # Enabling this automatically also enables ieee80211w, if not yet enabled.
 # 0 = disabled (default)
 # 1 = enabled
--- a/src/ap/hs20.c
+++ b/src/ap/hs20.c
@ -86,7 +86,9 @@ u8 * hostapd_eid_osen(struct hostapd_data *hapd, u8 *eid)
 			capab |= WPA_CAPABILITY_MFPR;
 	}
 #ifdef CONFIG_OCV
-	if (hapd->conf->ocv)
+	if (hapd->conf->ocv &&
+	    (hapd->iface->drv_flags2 &
+	     (WPA_DRIVER_FLAGS2_AP_SME | WPA_DRIVER_FLAGS2_OCV)))
 		capab |= WPA_CAPABILITY_OCVC;
 #endif /* CONFIG_OCV */
 	WPA_PUT_LE16(eid, capab);
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@ -1515,6 +1515,12 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
 	if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
 		_conf.beacon_prot = 0;

+#ifdef CONFIG_OCV
+	if (!(hapd->iface->drv_flags2 &
+	      (WPA_DRIVER_FLAGS2_AP_SME | WPA_DRIVER_FLAGS2_OCV)))
+		_conf.ocv = 0;
+#endif /* CONFIG_OCV */
+
 	_conf.secure_ltf =
 		!!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF);
 	_conf.secure_rtt =
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@ -2017,6 +2017,8 @@ struct wpa_driver_capa {
 #define WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT 0x0000000000000040ULL
 /** Driver supports Operating Channel Validation */
 #define WPA_DRIVER_FLAGS2_OCV			0x0000000000000080ULL
+/** Driver expects user space implementation of SME in AP mode */
+#define WPA_DRIVER_FLAGS2_AP_SME		0x0000000000000100ULL
 	u64 flags2;

 #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@ -1390,6 +1390,7 @@ int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)

 	if (!info.device_ap_sme) {
 		drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS;
+		drv->capa.flags2 |= WPA_DRIVER_FLAGS2_AP_SME;

 		/*
 		 * No AP SME is currently assumed to also indicate no AP MLME