alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix(wifi): Fix encryption/decryption issue for mgmt packets

Browse Source 
* Fix issues related to mgmt packets encryption in GCMP
* Fix issue of wrong decryption of mgmt packets when PMF is enabled
* Fix softAP bug in handling of SAE Reauthentication
This commit is contained in:
Kapil Gupta 2024-03-28 15:16:49 +05:30 committed by Sarvesh Bodakhe
parent 2ba5320112
commit 280ec09b03
8 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
components/esp_rom/esp32c2/ld/esp32c2.rom.ld
View File

@ -1867,8 +1867,8 @@ ieee80211_decap = 0x40001ffc;
ieee80211_set_tx_pti = 0x40002000;
wifi_is_started = 0x40002004;
ieee80211_gettid = 0x40002008;
ieee80211_ccmp_decrypt = 0x4000200c;
ieee80211_ccmp_encrypt = 0x40002010;
/* ieee80211_ccmp_decrypt = 0x4000200c; */
/* ieee80211_ccmp_encrypt = 0x40002010; */
ccmp_encap = 0x40002014;
ccmp_decap = 0x40002018;
tkip_encap = 0x4000201c;
@ -1922,7 +1922,7 @@ ieee80211_crypto_aes_128_cmac_encrypt = 0x40002100;
ieee80211_alloc_tx_buf = 0x40002108;
/* ieee80211_output_do = 0x4000210c; */
/* ieee80211_send_nulldata = 0x40002110; */
ieee80211_setup_robust_mgmtframe = 0x40002114;
/* ieee80211_setup_robust_mgmtframe = 0x40002114; */
ieee80211_encap_null_data = 0x4000211c;
ieee80211_send_deauth = 0x40002120;
ieee80211_alloc_deauth = 0x40002124;

2
components/esp_wifi/lib

@ -1 +1 @@
Subproject commit a6c1a26f5aee8150c2556038e33cd312d5df6432
Subproject commit 6a55cb409b50ee8c135b901cff9ba5323a03b6cc

2
components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
View File

@ -125,7 +125,7 @@ struct wpa_funcs {
bool (*wpa_sta_in_4way_handshake)(void);
void *(*wpa_ap_init)(void);
bool (*wpa_ap_deinit)(void *data);
bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8* rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype);
bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8* rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher);
bool (*wpa_ap_remove)(u8 *bssid);
uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len);
bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len);

4
components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c
View File

@ -310,7 +310,7 @@ static int check_n_add_wps_sta(struct hostapd_data *hapd, struct sta_info *sta_i
}
#endif
static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len,u8 *rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype)
static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8 *rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher)
{
struct sta_info *sta_info = NULL;
struct hostapd_data *hapd = hostapd_get_hapd_data();
@ -371,7 +371,7 @@ process_old_sta:
goto fail;
}
#endif
if (wpa_ap_join(sta_info, bssid, wpa_ie, wpa_ie_len, rsnxe, rsnxe_len, pmf_enable, subtype)) {
if (wpa_ap_join(sta_info, bssid, wpa_ie, wpa_ie_len, rsnxe, rsnxe_len, pmf_enable, subtype, pairwise_cipher)) {
goto done;
} else {
goto fail;

4
components/wpa_supplicant/src/ap/ap_config.h
View File

@ -338,7 +338,7 @@ struct hostapd_config {
char country[3]; /* first two octets: country code as described in
* ISO/IEC 3166-1. Third octet:
* ' ' (ascii 32): all environments
* 'O': Outdoor environemnt only
* 'O': Outdoor environment only
* 'I': Indoor environment only
*/
@ -384,7 +384,7 @@ int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
struct sta_info;
bool wpa_ap_join(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie,
uint8_t wpa_ie_len,uint8_t *rsnxe, uint8_t rsnxe_len,
bool *pmf_enable, int subtype);
bool *pmf_enable, int subtype, uint8_t *pairwise_cipher);
bool wpa_ap_remove(u8* bssid);
#endif /* HOSTAPD_CONFIG_H */

3
components/wpa_supplicant/src/ap/wpa_auth.c
View File

@ -2560,7 +2560,7 @@ void wpa_deinit(struct wpa_authenticator *wpa_auth)
#ifdef CONFIG_ESP_WIFI_SOFTAP_SUPPORT
bool wpa_ap_join(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie,
uint8_t wpa_ie_len, uint8_t *rsnxe, uint8_t rsnxe_len,
bool *pmf_enable, int subtype)
bool *pmf_enable, int subtype, uint8_t *pairwise_cipher)
{
struct hostapd_data *hapd = (struct hostapd_data*)esp_wifi_get_hostap_private_internal();
enum wpa_validate_result status_code = WPA_IE_OK;
@ -2611,6 +2611,7 @@ send_resp:
//Check whether AP uses Management Frame Protection for this connection
*pmf_enable = wpa_auth_uses_mfp(sta->wpa_sm);
*pairwise_cipher = GET_BIT_POSITION(sta->wpa_sm->pairwise);
}
wpa_auth_sta_associated(hapd->wpa_auth, sta->wpa_sm);

2
components/wpa_supplicant/src/crypto/ccmp.c
View File

@ -222,7 +222,7 @@ u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
wpa_hexdump(MSG_MSGDUMP, "CCMP AAD", aad, aad_len);
wpa_hexdump(MSG_MSGDUMP, "CCMP nonce", nonce, 13);
if (aes_ccm_ae(tk, 16, nonce, 8, frame + hdrlen, plen, aad, aad_len,
if (aes_ccm_ae(tk, 16, nonce, 8, frame + hdrlen + 8, plen, aad, aad_len,
pos, pos + plen) < 0) {
wpa_printf(MSG_ERROR, "aes ccm ae failed");
os_free(crypt);

4
components/wpa_supplicant/src/utils/common.h
View File

@ -335,6 +335,10 @@ void perror(const char *s);
#define BIT(x) (1U << (x))
#endif
#ifndef GET_BIT_POSITION
#define GET_BIT_POSITION(value) (__builtin_ffs(value) - 1)
#endif
/*
* Definitions for sparse validation
* (http://kernel.org/pub/linux/kernel/people/josh/sparse/)