alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'bugfix/wlan_fixes_backports_v4.3' into 'release/v4.3'

Browse Source 
esp_wifi: Fix some wlan issues(backport v4.3)

See merge request espressif/esp-idf!19359
This commit is contained in:
Jiang Jiang Jian 2022-08-03 21:16:39 +08:00
commit bfb2fee42a
20 changed files with 186 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
components/wpa_supplicant/include/esp_supplicant/esp_rrm.h
View File

@ -1,17 +1,6 @@
/**
* Copyright 2020 Espressif Systems (Shanghai) PTE LTD
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
/*
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_RRM_H
@ -41,11 +30,22 @@ typedef void (*neighbor_rep_request_cb)(void *ctx, const uint8_t *report, size_t
* @param cb_ctx: callback context
*
* @return
* - 0: success else failure
* - 0: success
* - -1: AP does not support RRM
* - -2: station not connected to AP
*/
int esp_rrm_send_neighbor_rep_request(neighbor_rep_request_cb cb,
void *cb_ctx);
/**
* @brief Check RRM capability of connected AP
*
* @return
* - true: AP supports RRM
* - false: AP does not support RRM or station not connected to AP
*/
bool esp_rrm_is_rrm_supported_connection(void);
#ifdef __cplusplus
}
#endif

29
components/wpa_supplicant/include/esp_supplicant/esp_wnm.h
View File

@ -1,17 +1,6 @@
/**
* Copyright 2020 Espressif Systems (Shanghai) PTE LTD
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
/*
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_WNM_H
@ -44,12 +33,22 @@ enum btm_query_reason {
* @param cand_list: whether candidate list to be included from scan results available in supplicant's cache.
*
* @return
* - 0: success else failure
* - 0: success
* - -1: AP does not support BTM
* - -2: station not connected to AP
*/
int esp_wnm_send_bss_transition_mgmt_query(enum btm_query_reason query_reason,
const char *btm_candidates,
int cand_list);
/**
* @brief Check bss trasition capability of connected AP
*
* @return
* - true: AP supports BTM
* - false: AP does not support BTM or station not connected to AP
*/
bool esp_wnm_is_btm_supported_connection(void);
#ifdef __cplusplus
}
#endif

1
components/wpa_supplicant/src/ap/ap_config.h
View File

@ -219,7 +219,6 @@ struct hostapd_bss_config {
int rsn_pairwise;
int rsn_preauth;
char *rsn_preauth_interfaces;
int peerkey;
#ifdef CONFIG_IEEE80211R
/* IEEE 802.11r - Fast BSS Transition */

63
components/wpa_supplicant/src/ap/wpa_auth.c
View File

@ -556,8 +556,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s
struct ieee802_1x_hdr *hdr;
struct wpa_eapol_key *key;
u16 key_info, key_data_length;
enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
SMK_M1, SMK_M3, SMK_ERROR } msg;
enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST } msg;
struct wpa_eapol_ie_parse kde;
int ft;
const u8 *eapol_key_ie;
@ -616,16 +615,12 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
* are set */
if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
(WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
if (key_info & WPA_KEY_INFO_ERROR) {
msg = SMK_ERROR;
} else {
msg = SMK_M1;
}
} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
msg = SMK_M3;
} else if (key_info & WPA_KEY_INFO_REQUEST) {
if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
wpa_printf(MSG_DEBUG, "WPA: Ignore SMK message");
return;
}
if (key_info & WPA_KEY_INFO_REQUEST) {
msg = REQUEST;
} else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
msg = GROUP_2;
@ -635,7 +630,6 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s
msg = PAIRWISE_2;
}
/* TODO: key_info type validation for PeerKey */
if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
msg == GROUP_2) {
u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
@ -775,25 +769,6 @@ continue_processing:
return;
}
break;
#ifdef CONFIG_PEERKEY
case SMK_M1:
case SMK_M3:
case SMK_ERROR:
if (!wpa_auth->conf.peerkey) {
wpa_printf( MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
"PeerKey use disabled - ignoring message");
return;
}
if (!sm->PTK_valid) {
return;
}
break;
#else /* CONFIG_PEERKEY */
case SMK_M1:
case SMK_M3:
case SMK_ERROR:
return; /* STSL disabled - ignore SMK messages */
#endif /* CONFIG_PEERKEY */
case REQUEST:
break;
}
@ -833,22 +808,13 @@ continue_processing:
* even though MAC address KDE is not normally encrypted,
* supplicant is allowed to encrypt it.
*/
if (msg == SMK_ERROR) {
#ifdef CONFIG_PEERKEY
wpa_smk_error(wpa_auth, sm, key);
#endif /* CONFIG_PEERKEY */
return;
} else if (key_info & WPA_KEY_INFO_ERROR) {
if (key_info & WPA_KEY_INFO_ERROR) {
if (wpa_receive_error_report(
wpa_auth, sm,
!(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
return; /* STA entry was removed */
} else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
wpa_request_new_ptk(sm);
#ifdef CONFIG_PEERKEY
} else if (msg == SMK_M1) {
wpa_smk_m1(wpa_auth, sm, key);
#endif /* CONFIG_PEERKEY */
} else if (key_data_length > 0 &&
wpa_parse_kde_ies((const u8 *) (key + 1),
key_data_length, &kde) == 0 &&
@ -884,13 +850,6 @@ continue_processing:
wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
}
#ifdef CONFIG_PEERKEY
if (msg == SMK_M3) {
wpa_smk_m3(wpa_auth, sm, key);
return;
}
#endif /* CONFIG_PEERKEY */
wpa_printf( MSG_DEBUG, "wpa_rx: free eapol=%p\n", sm->last_rx_eapol_key);
os_free(sm->last_rx_eapol_key);
sm->last_rx_eapol_key = (u8 *)os_malloc(data_len);
@ -1022,11 +981,11 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
WPA_PUT_BE16(key->key_info, key_info);
alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
if (sm->wpa == WPA_VERSION_WPA2 && !pairwise)
WPA_PUT_BE16(key->key_length, 0);
else
WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
/* FIX: STSL: what to use as key_replay_counter? */
for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
memcpy(sm->key_replay[i].counter,

1
components/wpa_supplicant/src/ap/wpa_auth.h
View File

@ -136,7 +136,6 @@ struct wpa_auth_config {
int rsn_pairwise;
int rsn_preauth;
int eapol_version;
int peerkey;
int wmm_enabled;
int wmm_uapsd;
int disable_pmksa_caching;

11
components/wpa_supplicant/src/ap/wpa_auth_i.h
View File

@ -183,17 +183,6 @@ int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
int (*cb)(struct wpa_authenticator *a, void *ctx),
void *cb_ctx);
#ifdef CONFIG_PEERKEY
int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
struct wpa_stsl_negotiation *neg);
void wpa_smk_error(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm, struct wpa_eapol_key *key);
void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm, struct wpa_eapol_key *key);
void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm, struct wpa_eapol_key *key);
#endif /* CONFIG_PEERKEY */
#ifdef CONFIG_IEEE80211R
int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,

32
components/wpa_supplicant/src/ap/wpa_auth_ie.c
View File

@ -216,8 +216,6 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
capab = 0;
if (conf->rsn_preauth)
capab |= WPA_CAPABILITY_PREAUTH;
if (conf->peerkey)
capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
if (conf->wmm_enabled) {
/* 4 PTKSA replay counters when using WMM */
capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
@ -626,36 +624,6 @@ static int wpa_parse_generic(const u8 *pos, const u8 *end,
return 0;
}
#ifdef CONFIG_PEERKEY
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
ie->smk = pos + 2 + RSN_SELECTOR_LEN;
ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
return 0;
}
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
return 0;
}
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
return 0;
}
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
ie->error = pos + 2 + RSN_SELECTOR_LEN;
ie->error_len = pos[1] - RSN_SELECTOR_LEN;
return 0;
}
#endif /* CONFIG_PEERKEY */
#ifdef CONFIG_IEEE80211W
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {

10
components/wpa_supplicant/src/ap/wpa_auth_ie.h
View File

@ -19,16 +19,6 @@ struct wpa_eapol_ie_parse {
size_t gtk_len;
const u8 *mac_addr;
size_t mac_addr_len;
#ifdef CONFIG_PEERKEY
const u8 *smk;
size_t smk_len;
const u8 *nonce;
size_t nonce_len;
const u8 *lifetime;
size_t lifetime_len;
const u8 *error;
size_t error_len;
#endif /* CONFIG_PEERKEY */
#ifdef CONFIG_IEEE80211W
const u8 *igtk;
size_t igtk_len;

2
components/wpa_supplicant/src/common/ieee802_11_defs.h
View File

@ -249,6 +249,8 @@
#define WLAN_EID_EXT_HE_CAPABILITIES 35
#define WLAN_EID_EXT_HE_OPERATION 36
#define WLAN_EXT_CAPAB_BSS_TRANSITION 19
/* Action frame categories (IEEE Std 802.11-2016, 9.4.1.11, Table 9-76) */
#define WLAN_ACTION_SPECTRUM_MGMT 0
#define WLAN_ACTION_QOS 1

5
components/wpa_supplicant/src/common/sae.c
View File

@ -48,7 +48,6 @@ int sae_set_group(struct sae_data *sae, int group)
tmp->prime_len = tmp->dh->prime_len;
if (tmp->prime_len > SAE_MAX_PRIME_LEN) {
sae_clear_data(sae);
os_free(tmp);
return ESP_FAIL;
}
@ -56,7 +55,6 @@ int sae_set_group(struct sae_data *sae, int group)
tmp->prime_len);
if (tmp->prime_buf == NULL) {
sae_clear_data(sae);
os_free(tmp);
return ESP_FAIL;
}
tmp->prime = tmp->prime_buf;
@ -65,7 +63,6 @@ int sae_set_group(struct sae_data *sae, int group)
tmp->dh->order_len);
if (tmp->order_buf == NULL) {
sae_clear_data(sae);
os_free(tmp);
return ESP_FAIL;
}
tmp->order = tmp->order_buf;
@ -846,7 +843,7 @@ fail:
int sae_process_commit(struct sae_data *sae)
{
u8 k[SAE_MAX_PRIME_LEN];
u8 k[SAE_MAX_PRIME_LEN] = {0};
if (sae->tmp == NULL ||
(sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) ||
(sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) ||

4
components/wpa_supplicant/src/common/wpa_common.c
View File

@ -488,10 +488,6 @@ const char * wpa_cipher_txt(int cipher)
* PTK = PRF-X(PMK, "Pairwise key expansion",
* Min(AA, SA) || Max(AA, SA) ||
* Min(ANonce, SNonce) || Max(ANonce, SNonce))
*
* STK = PRF-X(SMK, "Peer key expansion",
* Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) ||
* Min(INonce, PNonce) || Max(INonce, PNonce))
*/
void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
const u8 *addr1, const u8 *addr2,

23
components/wpa_supplicant/src/common/wpa_common.h
View File

@ -83,12 +83,6 @@
#define RSN_KEY_DATA_GROUPKEY RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
#define RSN_KEY_DATA_MAC_ADDR RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
#define RSN_KEY_DATA_PMKID RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
#ifdef CONFIG_PEERKEY
#define RSN_KEY_DATA_SMK RSN_SELECTOR(0x00, 0x0f, 0xac, 5)
#define RSN_KEY_DATA_NONCE RSN_SELECTOR(0x00, 0x0f, 0xac, 6)
#define RSN_KEY_DATA_LIFETIME RSN_SELECTOR(0x00, 0x0f, 0xac, 7)
#define RSN_KEY_DATA_ERROR RSN_SELECTOR(0x00, 0x0f, 0xac, 8)
#endif /* CONFIG_PEERKEY */
#ifdef CONFIG_IEEE80211W
#define RSN_KEY_DATA_IGTK RSN_SELECTOR(0x00, 0x0f, 0xac, 9)
#endif /* CONFIG_IEEE80211W */
@ -244,23 +238,6 @@ struct rsn_ie_hdr {
u8 version[2]; /* little endian */
} STRUCT_PACKED;
#ifdef CONFIG_PEERKEY
enum {
STK_MUI_4WAY_STA_AP = 1,
STK_MUI_4WAY_STAT_STA = 2,
STK_MUI_GTK = 3,
STK_MUI_SMK = 4
};
enum {
STK_ERR_STA_NR = 1,
STK_ERR_STA_NRSN = 2,
STK_ERR_CPHR_NS = 3,
STK_ERR_NO_STSL = 4
};
#endif /* CONFIG_PEERKEY */
struct rsn_error_kde {
be16 mui;
be16 error_type;

50
components/wpa_supplicant/src/crypto/crypto_mbedtls.c
View File

@ -120,7 +120,6 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
struct crypto_hash *ctx;
mbedtls_md_type_t md_type;
const mbedtls_md_info_t *md_info;
int ret;
switch (alg) {
case CRYPTO_HASH_ALG_HMAC_MD5:
@ -144,29 +143,37 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
mbedtls_md_init(&ctx->ctx);
md_info = mbedtls_md_info_from_type(md_type);
if (!md_info) {
os_free(ctx);
return NULL;
goto cleanup;
}
ret = mbedtls_md_setup(&ctx->ctx, md_info, 1);
if (ret != 0) {
os_free(ctx);
return NULL;
if (mbedtls_md_setup(&ctx->ctx, md_info, 1) != 0) {
goto cleanup;
}
if (mbedtls_md_hmac_starts(&ctx->ctx, key, key_len) != 0) {
goto cleanup;
}
mbedtls_md_hmac_starts(&ctx->ctx, key, key_len);
return ctx;
cleanup:
os_free(ctx);
return NULL;
}
void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
{
int ret;
if (ctx == NULL) {
return;
}
mbedtls_md_hmac_update(&ctx->ctx, data, len);
ret = mbedtls_md_hmac_update(&ctx->ctx, data, len);
if (ret != 0) {
wpa_printf(MSG_ERROR, "%s: mbedtls_md_hmac_update failed", __func__);
}
}
int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
{
int ret;
if (ctx == NULL) {
return -2;
}
@ -176,11 +183,11 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
bin_clear_free(ctx, sizeof(*ctx));
return 0;
}
mbedtls_md_hmac_finish(&ctx->ctx, mac);
ret = mbedtls_md_hmac_finish(&ctx->ctx, mac);
mbedtls_md_free(&ctx->ctx);
bin_clear_free(ctx, sizeof(*ctx));
return 0;
return ret;
}
static int hmac_vector(mbedtls_md_type_t md_type,
@ -205,17 +212,24 @@ static int hmac_vector(mbedtls_md_type_t md_type,
return(ret);
}
mbedtls_md_hmac_starts(&md_ctx, key, key_len);
for (i = 0; i < num_elem; i++) {
mbedtls_md_hmac_update(&md_ctx, addr[i], len[i]);
ret = mbedtls_md_hmac_starts(&md_ctx, key, key_len);
if (ret != 0) {
return(ret);
}
mbedtls_md_hmac_finish(&md_ctx, mac);
for (i = 0; i < num_elem; i++) {
ret = mbedtls_md_hmac_update(&md_ctx, addr[i], len[i]);
if (ret != 0) {
return(ret);
}
}
ret = mbedtls_md_hmac_finish(&md_ctx, mac);
mbedtls_md_free(&md_ctx);
return 0;
return ret;
}
int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem,

1
components/wpa_supplicant/src/eap_peer/eap_fast_pac.c
View File

@ -552,6 +552,7 @@ static int eap_fast_write_pac(struct eap_sm *sm, const char *pac_file,
return -1;
}
eap_set_config_blob(sm, blob);
os_free(blob);
} else {
FILE *f;
f = fopen(pac_file, "wb");

66
components/wpa_supplicant/src/esp_supplicant/esp_common.c
View File

@ -312,23 +312,83 @@ void esp_supplicant_common_deinit(void)
}
}
bool esp_rrm_is_rrm_supported_connection(void)
{
struct wpa_supplicant *wpa_s = &g_wpa_supp;
if (!wpa_s->current_bss) {
wpa_printf(MSG_DEBUG, "STA not associated, return");
return false;
}
if (!(wpa_s->rrm_ie[0] & WLAN_RRM_CAPS_NEIGHBOR_REPORT)) {
wpa_printf(MSG_DEBUG,
"RRM: No network support for Neighbor Report.");
return false;
}
return true;
}
int esp_rrm_send_neighbor_rep_request(neighbor_rep_request_cb cb,
void *cb_ctx)
{
struct wpa_supplicant *wpa_s = &g_wpa_supp;
struct wpa_ssid_value wpa_ssid = {0};
struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal();
struct wifi_ssid *ssid;
if (!wpa_s->current_bss) {
wpa_printf(MSG_ERROR, "STA not associated, return");
return -2;
}
if (!(wpa_s->rrm_ie[0] & WLAN_RRM_CAPS_NEIGHBOR_REPORT)) {
wpa_printf(MSG_ERROR,
"RRM: No network support for Neighbor Report.");
return -1;
}
ssid = esp_wifi_sta_get_prof_ssid_internal();
os_memcpy(wpa_ssid.ssid, ssid->ssid, ssid->len);
wpa_ssid.ssid_len = ssid->len;
return wpas_rrm_send_neighbor_rep_request(&g_wpa_supp, &wpa_ssid, 0, 0, cb, cb_ctx);
return wpas_rrm_send_neighbor_rep_request(wpa_s, &wpa_ssid, 0, 0, cb, cb_ctx);
}
bool esp_wnm_is_btm_supported_connection(void)
{
struct wpa_supplicant *wpa_s = &g_wpa_supp;
if (!wpa_s->current_bss) {
wpa_printf(MSG_DEBUG, "STA not associated, return");
return false;
}
if (!wpa_bss_ext_capab(wpa_s->current_bss, WLAN_EXT_CAPAB_BSS_TRANSITION)) {
wpa_printf(MSG_DEBUG, "AP doesn't support BTM, return");
return false;
}
return true;
}
int esp_wnm_send_bss_transition_mgmt_query(enum btm_query_reason query_reason,
const char *btm_candidates,
int cand_list)
{
return wnm_send_bss_transition_mgmt_query(&g_wpa_supp, query_reason, btm_candidates, cand_list);
struct wpa_supplicant *wpa_s = &g_wpa_supp;
if (!wpa_s->current_bss) {
wpa_printf(MSG_ERROR, "STA not associated, return");
return -2;
}
if (!wpa_bss_ext_capab(wpa_s->current_bss, WLAN_EXT_CAPAB_BSS_TRANSITION)) {
wpa_printf(MSG_ERROR, "AP doesn't support BTM, return");
return -1;
}
return wnm_send_bss_transition_mgmt_query(wpa_s, query_reason, btm_candidates, cand_list);
}
void wpa_supplicant_connect(struct wpa_supplicant *wpa_s,

4
components/wpa_supplicant/src/esp_supplicant/esp_wps.c
View File

@ -797,6 +797,10 @@ int wps_process_wps_mX_req(u8 *ubuf, int len, enum wps_process_res *res)
}
if ((flag & WPS_MSG_FLAG_MORE) || wps_buf != NULL) {//frag msg
if (tlen > 50000) {
wpa_printf(MSG_ERROR, "EAP-WSC: Invalid Message Length");
return ESP_FAIL;
}
wpa_printf(MSG_DEBUG, "rx frag msg id:%d, flag:%d, frag_len: %d, tot_len: %d, be_tot_len:%d", sm->current_identifier, flag, frag_len, tlen, be_tot_len);
if (ESP_OK != wps_enrollee_process_msg_frag(&wps_buf, tlen, tbuf, frag_len, flag)) {
if (wps_buf) {

48
components/wpa_supplicant/src/rsn_supp/wpa.c
View File

@ -44,7 +44,7 @@
#define WPA_4_4_HANDSHAKE_BIT (1<<13)
#define WPA_GROUP_HANDSHAKE_BIT (1<<14)
struct wpa_sm gWpaSm;
struct wpa_sm gWpaSm;
/* fix buf for tx for now */
#define WPA_TX_MSG_BUFF_MAXLEN 200
@ -289,10 +289,12 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
reply->type = sm->proto == WPA_PROTO_RSN ?
EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
key_info = WPA_KEY_INFO_REQUEST | ver;
if (sm->ptk_set)
if (sm->ptk_set) {
key_info |= WPA_KEY_INFO_SECURE;
key_info |= WPA_KEY_INFO_MIC;
}
if (error)
key_info |= WPA_KEY_INFO_ERROR|WPA_KEY_INFO_SECURE;
key_info |= WPA_KEY_INFO_ERROR;
if (pairwise)
key_info |= WPA_KEY_INFO_KEY_TYPE;
WPA_PUT_BE16(reply->key_info, key_info);
@ -2179,7 +2181,17 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
{
int res = 0;
struct wpa_sm *sm = &gWpaSm;
bool use_pmk_cache = true;
/* Incase AP has changed it's SSID, don't try with PMK caching for SAE connection */
/* Ideally we should use network_ctx for this purpose however currently network profile block
* is part of libraries,
* TODO Correct this in future during NVS restructuring */
if ((sm->key_mgmt == WPA_KEY_MGMT_SAE) &&
(os_memcmp(sm->bssid, bssid, ETH_ALEN) == 0) &&
(os_memcmp(sm->ssid, ssid, ssid_len) != 0)) {
use_pmk_cache = false;
}
sm->pairwise_cipher = BIT(pairwise_cipher);
sm->group_cipher = BIT(group_cipher);
sm->rx_replay_counter_set = 0; //init state not intall replay counter value
@ -2192,7 +2204,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
if (sm->key_mgmt == WPA_KEY_MGMT_SAE ||
is_wpa2_enterprise_connection()) {
if (!esp_wifi_skip_supp_pmkcaching()) {
if (!esp_wifi_skip_supp_pmkcaching() && use_pmk_cache) {
pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0);
wpa_sm_set_pmk_from_pmksa(sm);
} else {
@ -2225,6 +2237,9 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
if (res < 0)
return -1;
sm->assoc_wpa_ie_len = res;
os_memset(sm->ssid, 0, sizeof(sm->ssid));
os_memcpy(sm->ssid, ssid, ssid_len);
sm->ssid_len = ssid_len;
wpa_set_passphrase(passphrase, ssid, ssid_len);
return 0;
}
@ -2296,9 +2311,9 @@ wpa_sm_set_key(struct install_key *key_sm, enum wpa_alg alg,
struct wpa_sm *sm = &gWpaSm;
/*gtk or ptk both need check countermeasures*/
if (alg == WIFI_WPA_ALG_TKIP && key_len == 32) {
if (alg == WIFI_WPA_ALG_TKIP && key_idx == 0 && key_len == 32) {
/* Clear the MIC error counter when setting a new PTK. */
key_sm->mic_errors_seen = 0;
sm->mic_errors_seen = 0;
}
key_sm->keys_cleared = 0;
@ -2321,9 +2336,8 @@ wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size_t k
void wpa_supplicant_clr_countermeasures(u16 *pisunicast)
{
struct wpa_sm *sm = &gWpaSm;
(sm->install_ptk).mic_errors_seen=0;
(sm->install_gtk).mic_errors_seen=0;
struct wpa_sm *sm = &gWpaSm;
sm->mic_errors_seen = 0;
ets_timer_done(&(sm->cm_timer));
wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures clean\n");
}
@ -2348,22 +2362,20 @@ void wpa_supplicant_stop_countermeasures(u16 *pisunicast)
int wpa_michael_mic_failure(u16 isunicast)
{
struct wpa_sm *sm = &gWpaSm;
int *pmic_errors_seen=(isunicast)? &((sm->install_ptk).mic_errors_seen) : &((sm->install_gtk).mic_errors_seen);
struct wpa_sm *sm = &gWpaSm;
wpa_printf(MSG_DEBUG, "\nTKIP MIC failure occur\n");
wpa_printf(MSG_DEBUG, "TKIP MIC failure occur");
/*both unicast and multicast mic_errors_seen need statistics*/
if ((sm->install_ptk).mic_errors_seen + (sm->install_gtk).mic_errors_seen) {
if (sm->mic_errors_seen) {
/* Send the new MIC error report immediately since we are going
* to start countermeasures and AP better do the same.
*/
wpa_sm_set_state(WPA_TKIP_COUNTERMEASURES);
wpa_sm_key_request(sm, 1, 0);
wpa_sm_key_request(sm, 1, isunicast);
/* initialize countermeasures */
sm->countermeasures = 1;
wpa_printf(MSG_DEBUG, "TKIP countermeasures started\n");
wpa_printf(MSG_DEBUG, "TKIP countermeasures started");
/*
* Need to wait for completion of request frame. We do not get
@ -2382,9 +2394,9 @@ int wpa_michael_mic_failure(u16 isunicast)
/* TODO: mark the AP rejected for 60 second. STA is
* allowed to associate with another AP.. */
} else {
*pmic_errors_seen=(*pmic_errors_seen)+1;
sm->mic_errors_seen++;
wpa_sm_set_state(WPA_MIC_FAILURE);
wpa_sm_key_request(sm, 1, 0);
wpa_sm_key_request(sm, 1, isunicast);
/*start 60sec counter to monitor whether next mic_failure occur in this period, or clear mic_errors_seen*/
ets_timer_disarm(&(sm->cm_timer));
ets_timer_done(&(sm->cm_timer));

4
components/wpa_supplicant/src/rsn_supp/wpa_i.h
View File

@ -16,7 +16,6 @@
#define WPA_I_H
struct install_key {
int mic_errors_seen; /* Michael MIC errors with the current PTK */
int keys_cleared;
enum wpa_alg alg;
u8 addr[ETH_ALEN];
@ -43,6 +42,8 @@ struct wpa_sm {
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */
u8 ssid[32];
size_t ssid_len;
unsigned int pairwise_cipher;
unsigned int group_cipher;
@ -75,6 +76,7 @@ struct wpa_sm {
struct install_key install_ptk;
struct install_key install_gtk;
int mic_errors_seen; /* Michael MIC errors with the current PTK */
void (* sendto) (void *buffer, uint16_t len);
void (*config_assoc_ie) (u8 proto, u8 *assoc_buf, u32 assoc_wpa_ie_len);

10
components/wpa_supplicant/src/rsn_supp/wpa_ie.h
View File

@ -25,16 +25,6 @@ struct wpa_eapol_ie_parse {
size_t gtk_len;
const u8 *mac_addr;
size_t mac_addr_len;
#ifdef CONFIG_PEERKEY
const u8 *smk;
size_t smk_len;
const u8 *nonce;
size_t nonce_len;
const u8 *lifetime;
size_t lifetime_len;
const u8 *error;
size_t error_len;
#endif /* CONFIG_PEERKEY */
#ifdef CONFIG_IEEE80211W
const u8 *igtk;
size_t igtk_len;

10
examples/wifi/roaming/main/roaming_example.c
View File

@ -52,6 +52,16 @@ static void event_handler(void* arg, esp_event_base_t event_base,
esp_wifi_set_rssi_threshold(EXAMPLE_WIFI_RSSI_THRESHOLD);
}
#endif
if (esp_rrm_is_rrm_supported_connection()) {
ESP_LOGI(TAG,"RRM supported");
} else {
ESP_LOGI(TAG,"RRM not supported");
}
if (esp_wnm_is_btm_supported_connection()) {
ESP_LOGI(TAG,"BTM supported");
} else {
ESP_LOGI(TAG,"BTM not supported");
}
}
}