mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
wpa_supplicant: Unicast key renew in TKIP mic failure
Currently we always request group key renew for during TKIP mic failure. Add support for unicast/multicast key renew as per packet.
This commit is contained in:
parent
f05d741c03
commit
9fb3ad9946
@ -44,7 +44,7 @@
|
|||||||
|
|
||||||
#define WPA_4_4_HANDSHAKE_BIT (1<<13)
|
#define WPA_4_4_HANDSHAKE_BIT (1<<13)
|
||||||
#define WPA_GROUP_HANDSHAKE_BIT (1<<14)
|
#define WPA_GROUP_HANDSHAKE_BIT (1<<14)
|
||||||
struct wpa_sm gWpaSm;
|
struct wpa_sm gWpaSm;
|
||||||
/* fix buf for tx for now */
|
/* fix buf for tx for now */
|
||||||
#define WPA_TX_MSG_BUFF_MAXLEN 200
|
#define WPA_TX_MSG_BUFF_MAXLEN 200
|
||||||
|
|
||||||
@ -318,9 +318,11 @@ static void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
|
|||||||
EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
|
EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
|
||||||
key_info = WPA_KEY_INFO_REQUEST | ver;
|
key_info = WPA_KEY_INFO_REQUEST | ver;
|
||||||
if (sm->ptk_set)
|
if (sm->ptk_set)
|
||||||
|
key_info |= WPA_KEY_INFO_SECURE;
|
||||||
|
if (sm->ptk_set && mic_len)
|
||||||
key_info |= WPA_KEY_INFO_MIC;
|
key_info |= WPA_KEY_INFO_MIC;
|
||||||
if (error)
|
if (error)
|
||||||
key_info |= WPA_KEY_INFO_ERROR|WPA_KEY_INFO_SECURE;
|
key_info |= WPA_KEY_INFO_ERROR;
|
||||||
if (pairwise)
|
if (pairwise)
|
||||||
key_info |= WPA_KEY_INFO_KEY_TYPE;
|
key_info |= WPA_KEY_INFO_KEY_TYPE;
|
||||||
|
|
||||||
@ -2349,9 +2351,9 @@ wpa_sm_set_key(struct install_key *key_sm, enum wpa_alg alg,
|
|||||||
struct wpa_sm *sm = &gWpaSm;
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
|
|
||||||
/*gtk or ptk both need check countermeasures*/
|
/*gtk or ptk both need check countermeasures*/
|
||||||
if (alg == WIFI_WPA_ALG_TKIP && key_len == 32) {
|
if (alg == WIFI_WPA_ALG_TKIP && key_idx == 0 && key_len == 32) {
|
||||||
/* Clear the MIC error counter when setting a new PTK. */
|
/* Clear the MIC error counter when setting a new PTK. */
|
||||||
key_sm->mic_errors_seen = 0;
|
sm->mic_errors_seen = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
key_sm->keys_cleared = 0;
|
key_sm->keys_cleared = 0;
|
||||||
@ -2375,8 +2377,7 @@ wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size_t k
|
|||||||
void wpa_supplicant_clr_countermeasures(u16 *pisunicast)
|
void wpa_supplicant_clr_countermeasures(u16 *pisunicast)
|
||||||
{
|
{
|
||||||
struct wpa_sm *sm = &gWpaSm;
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
(sm->install_ptk).mic_errors_seen=0;
|
sm->mic_errors_seen = 0;
|
||||||
(sm->install_gtk).mic_errors_seen=0;
|
|
||||||
ets_timer_done(&(sm->cm_timer));
|
ets_timer_done(&(sm->cm_timer));
|
||||||
wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures clean\n");
|
wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures clean\n");
|
||||||
}
|
}
|
||||||
@ -2402,21 +2403,19 @@ void wpa_supplicant_stop_countermeasures(u16 *pisunicast)
|
|||||||
int wpa_michael_mic_failure(u16 isunicast)
|
int wpa_michael_mic_failure(u16 isunicast)
|
||||||
{
|
{
|
||||||
struct wpa_sm *sm = &gWpaSm;
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
int *pmic_errors_seen=(isunicast)? &((sm->install_ptk).mic_errors_seen) : &((sm->install_gtk).mic_errors_seen);
|
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "\nTKIP MIC failure occur\n");
|
wpa_printf(MSG_DEBUG, "TKIP MIC failure occur");
|
||||||
|
|
||||||
/*both unicast and multicast mic_errors_seen need statistics*/
|
if (sm->mic_errors_seen) {
|
||||||
if ((sm->install_ptk).mic_errors_seen + (sm->install_gtk).mic_errors_seen) {
|
|
||||||
/* Send the new MIC error report immediately since we are going
|
/* Send the new MIC error report immediately since we are going
|
||||||
* to start countermeasures and AP better do the same.
|
* to start countermeasures and AP better do the same.
|
||||||
*/
|
*/
|
||||||
wpa_sm_set_state(WPA_TKIP_COUNTERMEASURES);
|
wpa_sm_set_state(WPA_TKIP_COUNTERMEASURES);
|
||||||
wpa_sm_key_request(sm, 1, 0);
|
wpa_sm_key_request(sm, 1, isunicast);
|
||||||
|
|
||||||
/* initialize countermeasures */
|
/* initialize countermeasures */
|
||||||
sm->countermeasures = 1;
|
sm->countermeasures = 1;
|
||||||
wpa_printf(MSG_DEBUG, "TKIP countermeasures started\n");
|
wpa_printf(MSG_DEBUG, "TKIP countermeasures started");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Need to wait for completion of request frame. We do not get
|
* Need to wait for completion of request frame. We do not get
|
||||||
@ -2435,9 +2434,9 @@ int wpa_michael_mic_failure(u16 isunicast)
|
|||||||
/* TODO: mark the AP rejected for 60 second. STA is
|
/* TODO: mark the AP rejected for 60 second. STA is
|
||||||
* allowed to associate with another AP.. */
|
* allowed to associate with another AP.. */
|
||||||
} else {
|
} else {
|
||||||
*pmic_errors_seen=(*pmic_errors_seen)+1;
|
sm->mic_errors_seen++;
|
||||||
wpa_sm_set_state(WPA_MIC_FAILURE);
|
wpa_sm_set_state(WPA_MIC_FAILURE);
|
||||||
wpa_sm_key_request(sm, 1, 0);
|
wpa_sm_key_request(sm, 1, isunicast);
|
||||||
/*start 60sec counter to monitor whether next mic_failure occur in this period, or clear mic_errors_seen*/
|
/*start 60sec counter to monitor whether next mic_failure occur in this period, or clear mic_errors_seen*/
|
||||||
ets_timer_disarm(&(sm->cm_timer));
|
ets_timer_disarm(&(sm->cm_timer));
|
||||||
ets_timer_done(&(sm->cm_timer));
|
ets_timer_done(&(sm->cm_timer));
|
||||||
|
@ -16,7 +16,6 @@
|
|||||||
#define WPA_I_H
|
#define WPA_I_H
|
||||||
|
|
||||||
struct install_key {
|
struct install_key {
|
||||||
int mic_errors_seen; /* Michael MIC errors with the current PTK */
|
|
||||||
int keys_cleared;
|
int keys_cleared;
|
||||||
enum wpa_alg alg;
|
enum wpa_alg alg;
|
||||||
u8 addr[ETH_ALEN];
|
u8 addr[ETH_ALEN];
|
||||||
@ -77,6 +76,7 @@ struct wpa_sm {
|
|||||||
|
|
||||||
struct install_key install_ptk;
|
struct install_key install_ptk;
|
||||||
struct install_key install_gtk;
|
struct install_key install_gtk;
|
||||||
|
int mic_errors_seen; /* Michael MIC errors with the current PTK */
|
||||||
|
|
||||||
void (* sendto) (void *buffer, uint16_t len);
|
void (* sendto) (void *buffer, uint16_t len);
|
||||||
void (*config_assoc_ie) (u8 proto, u8 *assoc_buf, u32 assoc_wpa_ie_len);
|
void (*config_assoc_ie) (u8 proto, u8 *assoc_buf, u32 assoc_wpa_ie_len);
|
||||||
|
Loading…
Reference in New Issue
Block a user