OCV: Report validation errors for EAPOL-Key messages in AP mode

Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in EAPOL-Key msg 2/4 and group 2/2.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-05-25 19:08:16 +03:00 committed by Jouni Malinen
parent d52067a5b6
commit a3556d5813
3 changed files with 14 additions and 1 deletions

View file

@ -15,6 +15,7 @@
#include "common/ieee802_11_defs.h" #include "common/ieee802_11_defs.h"
#include "common/ocv.h" #include "common/ocv.h"
#include "common/dpp.h" #include "common/dpp.h"
#include "common/wpa_ctrl.h"
#include "crypto/aes.h" #include "crypto/aes.h"
#include "crypto/aes_wrap.h" #include "crypto/aes_wrap.h"
#include "crypto/aes_siv.h" #include "crypto/aes_siv.h"
@ -3044,6 +3045,11 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
tx_chanwidth, tx_seg1_idx) != 0) { tx_chanwidth, tx_seg1_idx) != 0) {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
"OCV failed: %s", ocv_errorstr); "OCV failed: %s", ocv_errorstr);
if (wpa_auth->conf.msg_ctx)
wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
OCV_FAILURE "addr=" MACSTR
" frame=eapol-key-m2 error=%s",
MAC2STR(sm->addr), ocv_errorstr);
return; return;
} }
} }
@ -3868,7 +3874,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
if (wpa_channel_info(wpa_auth, &ci) != 0) { if (wpa_channel_info(wpa_auth, &ci) != 0) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"Failed to get channel info to validate received OCI in EAPOL-Key group 1/2"); "Failed to get channel info to validate received OCI in EAPOL-Key group 2/2");
return; return;
} }
@ -3882,6 +3888,11 @@ SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
tx_chanwidth, tx_seg1_idx) != 0) { tx_chanwidth, tx_seg1_idx) != 0) {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
"OCV failed: %s", ocv_errorstr); "OCV failed: %s", ocv_errorstr);
if (wpa_auth->conf.msg_ctx)
wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
OCV_FAILURE "addr=" MACSTR
" frame=eapol-key-g2 error=%s",
MAC2STR(sm->addr), ocv_errorstr);
return; return;
} }
} }

View file

@ -168,6 +168,7 @@ struct ft_remote_r1kh {
struct wpa_auth_config { struct wpa_auth_config {
void *msg_ctx;
int wpa; int wpa;
int extended_key_id; int extended_key_id;
int wpa_key_mgmt; int wpa_key_mgmt;

View file

@ -1451,6 +1451,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
size_t wpa_ie_len; size_t wpa_ie_len;
hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf); hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf);
_conf.msg_ctx = hapd->msg_ctx;
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS) if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS)
_conf.tx_status = 1; _conf.tx_status = 1;
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME) if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)