hostap/src
Veerendranath Jakkam debf3e2165 OCV: Work around for misbehaving STAs that indicate OCVC=1 without OCI
Some legacy stations copy previously reserved RSN capability bits,
including OCVC, in (Re)Association Request frames from the AP's RSNE but
do not indicate MFP capability and/or do not send OCI in RSN handshakes.
This is causing connection failures with such erroneous STAs.

To improve interoperability with such legacy STAs allow a workaround OCV
mode to be enabled to ignore OCVC=1 from the STA if it does not follow
OCV requirements in the first protected exchange. This covers cases
where a STA claims to have OCV capability, but it does not negotiate use
of management frame protection or does not include OCI in EAPOL Key msg
2/4, FT Reassociation Request frame, or FILS (Re)Association Reqest.

The previous behavior with ocv=1 is maintained, i.e., misbehaving STAs
are not allowed to connect. When the new workaround mode is enabled with
ocv=2, the AP considers STA as OCV capable on below criteria
- STA indicates both OCV and MFP capability
- STA sends OCI during connection attempt in a protected frame

Enabling this workaround mode reduced OCV protection to some extend
since it allows misbehavior to go through. As such, this should be
enabled only if interoperability with misbehaving STAs is needed.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-08 18:46:38 +03:00
..
ap OCV: Work around for misbehaving STAs that indicate OCVC=1 without OCI 2020-10-08 18:46:38 +03:00
common DPP2: Presence Announcement notification 2020-10-07 21:13:37 +03:00
crypto OpenSSL: Allow systemwide secpolicy overrides for TLS version 2020-09-08 19:32:28 +03:00
drivers MSCS: Add support to process MSCS Response frames 2020-08-14 11:53:37 +03:00
eap_common EAP-SIM/AKA peer: Add support for EAP Method prefix 2020-01-10 19:16:13 +02:00
eap_peer EAP-TEAP (client): Allow Phase 2 to be skipped if certificate is used 2020-06-20 18:05:46 +03:00
eap_server EAP-TEAP (server): Allow Phase 2 skip based on client certificate 2020-06-20 18:07:04 +03:00
eapol_auth Add PRINTF_FORMAT for printf wrapper functions 2020-05-02 21:04:17 +03:00
eapol_supp EAPOL supp: Convert Boolean to C99 bool 2020-04-24 17:06:50 +03:00
fst FST: Convert Boolean to C99 bool 2020-04-24 17:06:50 +03:00
l2_packet l2_packet: Allow initialization without RX handling 2020-04-19 17:42:41 +03:00
p2p P2P: Increase number of channels per operating class 2020-02-12 23:17:24 +02:00
pae MACsec: Convert Boolean to C99 bool 2020-04-24 17:06:50 +03:00
radius RADIUS: Convert Boolean to C99 bool 2020-04-24 17:06:50 +03:00
rsn_supp OCV: Use more granular error codes for OCI validation failures 2020-09-11 15:23:28 +03:00
tls PKCS#1: Debug dump invalid Signature EB 2020-04-05 20:13:26 +03:00
utils JSON: Add base64 helper functions 2020-06-15 20:19:19 +03:00
wps WPS UPnP: Support build on OS X 2020-06-09 12:48:13 +03:00
lib.rules tests: Fix CFLAGS passing for new fuzzing tools 2019-06-11 06:34:19 +03:00
Makefile FST: Add the Fast Session Transfer (FST) module 2015-07-16 18:26:15 +03:00