Merge branch 'bugfix/mgmt_gcmp_issue_v5.2' into 'release/v5.2'

fix(wifi): Fix GCMP encryption for mgmt packets and other bugfixes (Backport v5.2) See merge request espressif/esp-idf!30439
2024-10-05 20:47:46 -04:00 · 2024-04-24 11:06:54 +08:00 · 2024-04-24 11:06:54 +08:00 · 8b4177f148
commit 8b4177f148
parent 66c164b90b 5ce43f68f3
11 changed files with 20 additions and 13 deletions
--- a/components/esp_rom/esp32c2/ld/esp32c2.rom.ld
+++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.ld
@ -1867,8 +1867,8 @@ ieee80211_decap = 0x40001ffc;
 ieee80211_set_tx_pti = 0x40002000;
 wifi_is_started = 0x40002004;
 ieee80211_gettid = 0x40002008;
-ieee80211_ccmp_decrypt = 0x4000200c;
-ieee80211_ccmp_encrypt = 0x40002010;
+/* ieee80211_ccmp_decrypt = 0x4000200c; */
+/* ieee80211_ccmp_encrypt = 0x40002010; */
 ccmp_encap = 0x40002014;
 ccmp_decap = 0x40002018;
 tkip_encap = 0x4000201c;
@ -1922,7 +1922,7 @@ ieee80211_crypto_aes_128_cmac_encrypt = 0x40002100;
 ieee80211_alloc_tx_buf = 0x40002108;
 /* ieee80211_output_do = 0x4000210c; */
 /* ieee80211_send_nulldata = 0x40002110; */
-ieee80211_setup_robust_mgmtframe = 0x40002114;
+/* ieee80211_setup_robust_mgmtframe = 0x40002114; */
 ieee80211_encap_null_data = 0x4000211c;
 ieee80211_send_deauth = 0x40002120;
 ieee80211_alloc_deauth = 0x40002124;
--- a/components/esp_wifi/lib
+++ b/components/esp_wifi/lib
@ -1 +1 @@
-Subproject commit a6c1a26f5aee8150c2556038e33cd312d5df6432
+Subproject commit 6a55cb409b50ee8c135b901cff9ba5323a03b6cc
--- a/components/wpa_supplicant/esp_supplicant/src/esp_common.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_common.c
@ -797,7 +797,7 @@ int wpa_drv_send_action(struct wpa_supplicant *wpa_s,
 	}

 	req->ifx = WIFI_IF_STA;
-	req->subtype = WLAN_FC_STYPE_ACTION;
+	req->subtype = (WLAN_FC_STYPE_ACTION << 4);
 	req->data_len = data_len;
 	os_memcpy(req->data, data, req->data_len);

--- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
@ -125,7 +125,7 @@ struct wpa_funcs {
    bool (*wpa_sta_in_4way_handshake)(void);
    void *(*wpa_ap_init)(void);
    bool (*wpa_ap_deinit)(void *data);
-    bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8* rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype);
+    bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8* rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher);
    bool (*wpa_ap_remove)(u8 *bssid);
    uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len);
    bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len);
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
@ -630,7 +630,7 @@ int esp_send_sae_auth_reply(struct hostapd_data *hapd,
    os_memcpy(&((uint16_t *)req->data)[3], ies, ies_len - 3 * sizeof(uint16_t));

    req->ifx = WIFI_IF_AP;
-    req->subtype = WLAN_FC_STYPE_AUTH;
+    req->subtype = (WLAN_FC_STYPE_AUTH << 4);
    req->data_len = ies_len;
    os_memcpy(req->da, bssid, ETH_ALEN);

--- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c
@ -310,7 +310,7 @@ static int check_n_add_wps_sta(struct hostapd_data *hapd, struct sta_info *sta_i
 }
 #endif

-static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len,u8 *rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype)
+static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8 *rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher)
 {
    struct sta_info *sta_info = NULL;
    struct hostapd_data *hapd = hostapd_get_hapd_data();
@ -332,6 +332,7 @@ static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len,u8
 #endif /* CONFIG_SAE */
        if (!esp_wifi_ap_is_sta_sae_reauth_node(bssid)) {
            ap_free_sta(hapd, old_sta);
+            *sta = NULL;
        }
 #ifdef CONFIG_SAE
          else if (old_sta && old_sta->lock) {
@ -371,7 +372,7 @@ process_old_sta:
        goto fail;
    }
 #endif
-    if (wpa_ap_join(sta_info, bssid, wpa_ie, wpa_ie_len, rsnxe, rsnxe_len, pmf_enable, subtype)) {
+    if (wpa_ap_join(sta_info, bssid, wpa_ie, wpa_ie_len, rsnxe, rsnxe_len, pmf_enable, subtype, pairwise_cipher)) {
        goto done;
    } else {
        goto fail;
--- a/components/wpa_supplicant/src/ap/ap_config.h
+++ b/components/wpa_supplicant/src/ap/ap_config.h
@ -338,7 +338,7 @@ struct hostapd_config {
 	char country[3]; /* first two octets: country code as described in
 			  * ISO/IEC 3166-1. Third octet:
 			  * ' ' (ascii 32): all environments
-			  * 'O': Outdoor environemnt only
+			  * 'O': Outdoor environment only
 			  * 'I': Indoor environment only
 			  */

@ -384,7 +384,7 @@ int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
 struct sta_info;
 bool wpa_ap_join(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie,
 		 uint8_t wpa_ie_len,uint8_t *rsnxe, uint8_t rsnxe_len,
-		 bool *pmf_enable, int subtype);
+		 bool *pmf_enable, int subtype, uint8_t *pairwise_cipher);
 bool wpa_ap_remove(u8* bssid);

 #endif /* HOSTAPD_CONFIG_H */
--- a/components/wpa_supplicant/src/ap/wpa_auth.c
+++ b/components/wpa_supplicant/src/ap/wpa_auth.c
@ -2560,7 +2560,7 @@ void wpa_deinit(struct wpa_authenticator *wpa_auth)
 #ifdef CONFIG_ESP_WIFI_SOFTAP_SUPPORT
 bool wpa_ap_join(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie,
                uint8_t wpa_ie_len, uint8_t *rsnxe, uint8_t rsnxe_len,
-                bool *pmf_enable, int subtype)
+                bool *pmf_enable, int subtype, uint8_t *pairwise_cipher)
 {
    struct hostapd_data *hapd = (struct hostapd_data*)esp_wifi_get_hostap_private_internal();
    enum wpa_validate_result status_code = WPA_IE_OK;
@ -2611,6 +2611,7 @@ send_resp:

            //Check whether AP uses Management Frame Protection for this connection
            *pmf_enable = wpa_auth_uses_mfp(sta->wpa_sm);
+            *pairwise_cipher = GET_BIT_POSITION(sta->wpa_sm->pairwise);
        }

        wpa_auth_sta_associated(hapd->wpa_auth, sta->wpa_sm);
--- a/components/wpa_supplicant/src/crypto/ccmp.c
+++ b/components/wpa_supplicant/src/crypto/ccmp.c
@ -222,7 +222,7 @@ u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen,
 	wpa_hexdump(MSG_MSGDUMP, "CCMP AAD", aad, aad_len);
 	wpa_hexdump(MSG_MSGDUMP, "CCMP nonce", nonce, 13);

-	if (aes_ccm_ae(tk, 16, nonce, 8, frame + hdrlen, plen, aad, aad_len,
+	if (aes_ccm_ae(tk, 16, nonce, 8, frame + hdrlen + 8, plen, aad, aad_len,
 		       pos, pos + plen) < 0) {
 		wpa_printf(MSG_ERROR, "aes ccm ae failed");
 		os_free(crypt);
--- a/components/wpa_supplicant/src/rsn_supp/wpa.c
+++ b/components/wpa_supplicant/src/rsn_supp/wpa.c
@ -2347,6 +2347,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
    sm->ap_notify_completed_rsne = esp_wifi_sta_is_ap_notify_completed_rsne_internal();
    sm->use_ext_key_id = (sm->proto == WPA_PROTO_WPA);
    pmksa_cache_clear_current(sm);
+    sm->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_STA);

    struct rsn_pmksa_cache_entry *pmksa = NULL;
    if (use_pmk_cache) {
--- a/components/wpa_supplicant/src/utils/common.h
+++ b/components/wpa_supplicant/src/utils/common.h
@ -335,6 +335,10 @@ void perror(const char *s);
 #define BIT(x) (1U << (x))
 #endif

+#ifndef GET_BIT_POSITION
+#define GET_BIT_POSITION(value) (__builtin_ffs(value) - 1)
+#endif
+
 /*
 * Definitions for sparse validation
 * (http://kernel.org/pub/linux/kernel/people/josh/sparse/)