alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

wpa_supplicant: Group key reinstallation fixes

Browse Source 
This commit reverts previous commit for GTK reinstallation fix
and corrects original fix.
This commit is contained in:
Kapil Gupta 2021-04-22 13:05:49 +05:30
parent a67793e9fc
commit 952e47d45d
3 changed files with 9 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
components/wpa_supplicant/src/common/wpa_common.h
View File

@ -184,11 +184,6 @@ struct wpa_ptk {
} u; } u;
} STRUCT_PACKED; } STRUCT_PACKED;
struct wpa_gtk {
u8 gtk[WPA_GTK_MAX_LEN];
size_t gtk_len;
};
struct wpa_gtk_data { struct wpa_gtk_data {
enum wpa_alg alg; enum wpa_alg alg;
int tx, key_rsc_len, keyidx; int tx, key_rsc_len, keyidx;

32
components/wpa_supplicant/src/rsn_supp/wpa.c
View File

@ -65,6 +65,7 @@ int wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size
void wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len); void wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len);
void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm); void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm);
static bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd);
static inline enum wpa_states wpa_sm_get_state(struct wpa_sm *sm) static inline enum wpa_states wpa_sm_get_state(struct wpa_sm *sm)
{ {
return sm->wpa_state;; return sm->wpa_state;;
@ -814,8 +815,7 @@ int wpa_supplicant_install_gtk(struct wpa_sm *sm,
wpa_hexdump(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); wpa_hexdump(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
/* Detect possible key reinstallation */ /* Detect possible key reinstallation */
if (sm->gtk.gtk_len == (size_t) gd->gtk_len && if (wpa_supplicant_gtk_in_use(sm, &(sm->gd))) {
os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
gd->keyidx, gd->tx, gd->gtk_len); gd->keyidx, gd->tx, gd->gtk_len);
@ -860,13 +860,10 @@ int wpa_supplicant_install_gtk(struct wpa_sm *sm,
return -1; return -1;
} }
sm->gtk.gtk_len = gd->gtk_len;
os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
return 0; return 0;
} }
bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd) static bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd)
{ {
u8 *_gtk = gd->gtk; u8 *_gtk = gd->gtk;
u8 gtk_buf[32]; u8 gtk_buf[32];
@ -875,8 +872,7 @@ bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd)
int alg; int alg;
u8 bssid[6]; u8 bssid[6];
int keyidx; int keyidx;
int hw_keyidx;
wpa_hexdump(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
#ifdef DEBUG_PRINT #ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Judge GTK: (keyidx=%d len=%d).", gd->keyidx, gd->gtk_len); wpa_printf(MSG_DEBUG, "WPA: Judge GTK: (keyidx=%d len=%d).", gd->keyidx, gd->gtk_len);
@ -890,19 +886,11 @@ bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd)
_gtk = gtk_buf; _gtk = gtk_buf;
} }
//check if gtk is in use. hw_keyidx = esp_wifi_get_sta_hw_key_idx_internal(gd->keyidx);
if (wpa_sm_get_key(&ifx, &alg, bssid, &keyidx, gtk_get, gd->gtk_len, gd->keyidx) == 0) { if (wpa_sm_get_key(&ifx, &alg, bssid, &keyidx, gtk_get, gd->gtk_len, hw_keyidx - 2) == 0) {
if (ifx == 0 && alg == gd->alg && memcmp(bssid, sm->bssid, ETH_ALEN) == 0 && if (ifx == 0 && alg == gd->alg && memcmp(bssid, sm->bssid, ETH_ALEN) == 0 &&
memcmp(_gtk, gtk_get, gd->gtk_len) == 0) { memcmp(_gtk, gtk_get, gd->gtk_len) == 0) {
wpa_printf(MSG_DEBUG, "GTK %d is already in use in entry %d, it may be an attack, ignor it.", gd->keyidx, gd->keyidx + 2); wpa_printf(MSG_DEBUG, "GTK %d is already in use in entry %d, it may be an attack, ignore it.", gd->keyidx, hw_keyidx);
return true;
}
}
if (wpa_sm_get_key(&ifx, &alg, bssid, &keyidx, gtk_get, gd->gtk_len, (gd->keyidx+1)%2) == 0) {
if (ifx == 0 && alg == gd->alg && memcmp(bssid, sm->bssid, ETH_ALEN) == 0 &&
memcmp(_gtk, gtk_get, gd->gtk_len) == 0) {
wpa_printf(MSG_DEBUG, "GTK %d is already in use in entry %d, it may be an attack, ignor it.", gd->keyidx, (gd->keyidx+1)%2 + 2);
return true; return true;
} }
} }
@ -1581,10 +1569,8 @@ failed:
u16 rekey= (WPA_SM_STATE(sm) == WPA_COMPLETED); u16 rekey= (WPA_SM_STATE(sm) == WPA_COMPLETED);
if((sm->gd).gtk_len) { if((sm->gd).gtk_len) {
if (wpa_supplicant_gtk_in_use(sm, &(sm->gd)) == false) { if (wpa_supplicant_install_gtk(sm, &(sm->gd)))
if (wpa_supplicant_install_gtk(sm, &(sm->gd))) goto failed;
goto failed;
}
} else { } else {
goto failed; goto failed;
} }

1
components/wpa_supplicant/src/rsn_supp/wpa_i.h
View File

@ -41,7 +41,6 @@ struct wpa_sm {
u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
int rx_replay_counter_set; int rx_replay_counter_set;
u8 request_counter[WPA_REPLAY_COUNTER_LEN]; u8 request_counter[WPA_REPLAY_COUNTER_LEN];
struct wpa_gtk gtk;
struct rsn_pmksa_cache *pmksa; /* PMKSA cache */ struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */ struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */