From a5e418b4b60b1cd51633ef1bbfe62df08c11be20 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Wed, 3 Aug 2022 11:54:26 +0530 Subject: [PATCH 1/3] wpa_supplicant: Fix issues reported by coverity --- components/wpa_supplicant/src/ap/wpa_auth.c | 63 ++++--------------- components/wpa_supplicant/src/ap/wpa_auth.h | 1 - components/wpa_supplicant/src/ap/wpa_auth_i.h | 11 ---- .../wpa_supplicant/src/ap/wpa_auth_ie.c | 32 ---------- .../wpa_supplicant/src/ap/wpa_auth_ie.h | 10 --- components/wpa_supplicant/src/common/sae.c | 5 +- .../wpa_supplicant/src/common/wpa_common.c | 4 -- .../wpa_supplicant/src/common/wpa_common.h | 25 -------- .../src/esp_supplicant/esp_wps.c | 4 ++ .../wpa_supplicant/src/rsn_supp/wpa_ie.h | 10 --- 10 files changed, 16 insertions(+), 149 deletions(-) diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index 58625bb553..81e586bf94 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -556,8 +556,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s struct ieee802_1x_hdr *hdr; struct wpa_eapol_key *key; u16 key_info, key_data_length; - enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST, - SMK_M1, SMK_M3, SMK_ERROR } msg; + enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST } msg; struct wpa_eapol_ie_parse kde; int ft; const u8 *eapol_key_ie; @@ -616,16 +615,12 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys * are set */ - if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) == - (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) { - if (key_info & WPA_KEY_INFO_ERROR) { - msg = SMK_ERROR; - } else { - msg = SMK_M1; - } - } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { - msg = SMK_M3; - } else if (key_info & WPA_KEY_INFO_REQUEST) { + if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { + wpa_printf(MSG_DEBUG, "WPA: Ignore SMK message"); + return; + } + + if (key_info & WPA_KEY_INFO_REQUEST) { msg = REQUEST; } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) { msg = GROUP_2; @@ -635,7 +630,6 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s msg = PAIRWISE_2; } - /* TODO: key_info type validation for PeerKey */ if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 || msg == GROUP_2) { u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK; @@ -775,25 +769,6 @@ continue_processing: return; } break; -#ifdef CONFIG_PEERKEY - case SMK_M1: - case SMK_M3: - case SMK_ERROR: - if (!wpa_auth->conf.peerkey) { - wpa_printf( MSG_DEBUG, "RSN: SMK M1/M3/Error, but " - "PeerKey use disabled - ignoring message"); - return; - } - if (!sm->PTK_valid) { - return; - } - break; -#else /* CONFIG_PEERKEY */ - case SMK_M1: - case SMK_M3: - case SMK_ERROR: - return; /* STSL disabled - ignore SMK messages */ -#endif /* CONFIG_PEERKEY */ case REQUEST: break; } @@ -833,22 +808,13 @@ continue_processing: * even though MAC address KDE is not normally encrypted, * supplicant is allowed to encrypt it. */ - if (msg == SMK_ERROR) { -#ifdef CONFIG_PEERKEY - wpa_smk_error(wpa_auth, sm, key); -#endif /* CONFIG_PEERKEY */ - return; - } else if (key_info & WPA_KEY_INFO_ERROR) { + if (key_info & WPA_KEY_INFO_ERROR) { if (wpa_receive_error_report( wpa_auth, sm, !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0) return; /* STA entry was removed */ } else if (key_info & WPA_KEY_INFO_KEY_TYPE) { wpa_request_new_ptk(sm); -#ifdef CONFIG_PEERKEY - } else if (msg == SMK_M1) { - wpa_smk_m1(wpa_auth, sm, key); -#endif /* CONFIG_PEERKEY */ } else if (key_data_length > 0 && wpa_parse_kde_ies((const u8 *) (key + 1), key_data_length, &kde) == 0 && @@ -884,13 +850,6 @@ continue_processing: wpa_replay_counter_mark_invalid(sm->key_replay, NULL); } -#ifdef CONFIG_PEERKEY - if (msg == SMK_M3) { - wpa_smk_m3(wpa_auth, sm, key); - return; - } -#endif /* CONFIG_PEERKEY */ - wpa_printf( MSG_DEBUG, "wpa_rx: free eapol=%p\n", sm->last_rx_eapol_key); os_free(sm->last_rx_eapol_key); sm->last_rx_eapol_key = (u8 *)os_malloc(data_len); @@ -1022,11 +981,11 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, WPA_PUT_BE16(key->key_info, key_info); alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group; - WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg)); - if (key_info & WPA_KEY_INFO_SMK_MESSAGE) + if (sm->wpa == WPA_VERSION_WPA2 && !pairwise) WPA_PUT_BE16(key->key_length, 0); + else + WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg)); - /* FIX: STSL: what to use as key_replay_counter? */ for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) { sm->key_replay[i].valid = sm->key_replay[i - 1].valid; memcpy(sm->key_replay[i].counter, diff --git a/components/wpa_supplicant/src/ap/wpa_auth.h b/components/wpa_supplicant/src/ap/wpa_auth.h index ee40c2d43d..2e0d1789b3 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.h +++ b/components/wpa_supplicant/src/ap/wpa_auth.h @@ -136,7 +136,6 @@ struct wpa_auth_config { int rsn_pairwise; int rsn_preauth; int eapol_version; - int peerkey; int wmm_enabled; int wmm_uapsd; int disable_pmksa_caching; diff --git a/components/wpa_supplicant/src/ap/wpa_auth_i.h b/components/wpa_supplicant/src/ap/wpa_auth_i.h index 6a55cdee53..d7a26589eb 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth_i.h +++ b/components/wpa_supplicant/src/ap/wpa_auth_i.h @@ -182,17 +182,6 @@ int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth, int (*cb)(struct wpa_authenticator *a, void *ctx), void *cb_ctx); -#ifdef CONFIG_PEERKEY -int wpa_stsl_remove(struct wpa_authenticator *wpa_auth, - struct wpa_stsl_negotiation *neg); -void wpa_smk_error(struct wpa_authenticator *wpa_auth, - struct wpa_state_machine *sm, struct wpa_eapol_key *key); -void wpa_smk_m1(struct wpa_authenticator *wpa_auth, - struct wpa_state_machine *sm, struct wpa_eapol_key *key); -void wpa_smk_m3(struct wpa_authenticator *wpa_auth, - struct wpa_state_machine *sm, struct wpa_eapol_key *key); -#endif /* CONFIG_PEERKEY */ - #ifdef CONFIG_IEEE80211R int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len); int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id, diff --git a/components/wpa_supplicant/src/ap/wpa_auth_ie.c b/components/wpa_supplicant/src/ap/wpa_auth_ie.c index 34f12217db..0a211aba3a 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth_ie.c +++ b/components/wpa_supplicant/src/ap/wpa_auth_ie.c @@ -216,8 +216,6 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len, capab = 0; if (conf->rsn_preauth) capab |= WPA_CAPABILITY_PREAUTH; - if (conf->peerkey) - capab |= WPA_CAPABILITY_PEERKEY_ENABLED; if (conf->wmm_enabled) { /* 4 PTKSA replay counters when using WMM */ capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2); @@ -599,36 +597,6 @@ static int wpa_parse_generic(const u8 *pos, const u8 *end, return 0; } -#ifdef CONFIG_PEERKEY - if (pos[1] > RSN_SELECTOR_LEN + 2 && - RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) { - ie->smk = pos + 2 + RSN_SELECTOR_LEN; - ie->smk_len = pos[1] - RSN_SELECTOR_LEN; - return 0; - } - - if (pos[1] > RSN_SELECTOR_LEN + 2 && - RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) { - ie->nonce = pos + 2 + RSN_SELECTOR_LEN; - ie->nonce_len = pos[1] - RSN_SELECTOR_LEN; - return 0; - } - - if (pos[1] > RSN_SELECTOR_LEN + 2 && - RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) { - ie->lifetime = pos + 2 + RSN_SELECTOR_LEN; - ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN; - return 0; - } - - if (pos[1] > RSN_SELECTOR_LEN + 2 && - RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) { - ie->error = pos + 2 + RSN_SELECTOR_LEN; - ie->error_len = pos[1] - RSN_SELECTOR_LEN; - return 0; - } -#endif /* CONFIG_PEERKEY */ - #ifdef CONFIG_IEEE80211W if (pos[1] > RSN_SELECTOR_LEN + 2 && RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) { diff --git a/components/wpa_supplicant/src/ap/wpa_auth_ie.h b/components/wpa_supplicant/src/ap/wpa_auth_ie.h index 4999139510..dfcfbd301e 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth_ie.h +++ b/components/wpa_supplicant/src/ap/wpa_auth_ie.h @@ -19,16 +19,6 @@ struct wpa_eapol_ie_parse { size_t gtk_len; const u8 *mac_addr; size_t mac_addr_len; -#ifdef CONFIG_PEERKEY - const u8 *smk; - size_t smk_len; - const u8 *nonce; - size_t nonce_len; - const u8 *lifetime; - size_t lifetime_len; - const u8 *error; - size_t error_len; -#endif /* CONFIG_PEERKEY */ #ifdef CONFIG_IEEE80211W const u8 *igtk; size_t igtk_len; diff --git a/components/wpa_supplicant/src/common/sae.c b/components/wpa_supplicant/src/common/sae.c index 3a1539ee41..7fdb784b86 100644 --- a/components/wpa_supplicant/src/common/sae.c +++ b/components/wpa_supplicant/src/common/sae.c @@ -65,7 +65,6 @@ int sae_set_group(struct sae_data *sae, int group) tmp->prime_len = tmp->dh->prime_len; if (tmp->prime_len > SAE_MAX_PRIME_LEN) { sae_clear_data(sae); - os_free(tmp); return ESP_FAIL; } @@ -73,7 +72,6 @@ int sae_set_group(struct sae_data *sae, int group) tmp->prime_len); if (tmp->prime_buf == NULL) { sae_clear_data(sae); - os_free(tmp); return ESP_FAIL; } tmp->prime = tmp->prime_buf; @@ -82,7 +80,6 @@ int sae_set_group(struct sae_data *sae, int group) tmp->dh->order_len); if (tmp->order_buf == NULL) { sae_clear_data(sae); - os_free(tmp); return ESP_FAIL; } tmp->order = tmp->order_buf; @@ -862,7 +859,7 @@ fail: int sae_process_commit(struct sae_data *sae) { - u8 k[SAE_MAX_PRIME_LEN]; + u8 k[SAE_MAX_PRIME_LEN] = {0}; if (sae->tmp == NULL || (sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) || (sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) || diff --git a/components/wpa_supplicant/src/common/wpa_common.c b/components/wpa_supplicant/src/common/wpa_common.c index adfc78330a..0f96fb4c0a 100644 --- a/components/wpa_supplicant/src/common/wpa_common.c +++ b/components/wpa_supplicant/src/common/wpa_common.c @@ -487,10 +487,6 @@ const char * wpa_cipher_txt(int cipher) * PTK = PRF-X(PMK, "Pairwise key expansion", * Min(AA, SA) || Max(AA, SA) || * Min(ANonce, SNonce) || Max(ANonce, SNonce)) - * - * STK = PRF-X(SMK, "Peer key expansion", - * Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) || - * Min(INonce, PNonce) || Max(INonce, PNonce)) */ void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label, const u8 *addr1, const u8 *addr2, diff --git a/components/wpa_supplicant/src/common/wpa_common.h b/components/wpa_supplicant/src/common/wpa_common.h index 322f55e010..37d9ec07d7 100644 --- a/components/wpa_supplicant/src/common/wpa_common.h +++ b/components/wpa_supplicant/src/common/wpa_common.h @@ -73,12 +73,6 @@ #define RSN_KEY_DATA_GROUPKEY RSN_SELECTOR(0x00, 0x0f, 0xac, 1) #define RSN_KEY_DATA_MAC_ADDR RSN_SELECTOR(0x00, 0x0f, 0xac, 3) #define RSN_KEY_DATA_PMKID RSN_SELECTOR(0x00, 0x0f, 0xac, 4) -#ifdef CONFIG_PEERKEY -#define RSN_KEY_DATA_SMK RSN_SELECTOR(0x00, 0x0f, 0xac, 5) -#define RSN_KEY_DATA_NONCE RSN_SELECTOR(0x00, 0x0f, 0xac, 6) -#define RSN_KEY_DATA_LIFETIME RSN_SELECTOR(0x00, 0x0f, 0xac, 7) -#define RSN_KEY_DATA_ERROR RSN_SELECTOR(0x00, 0x0f, 0xac, 8) -#endif /* CONFIG_PEERKEY */ #ifdef CONFIG_IEEE80211W #define RSN_KEY_DATA_IGTK RSN_SELECTOR(0x00, 0x0f, 0xac, 9) #endif /* CONFIG_IEEE80211W */ @@ -109,8 +103,6 @@ /* B4-B5: GTKSA Replay Counter */ #define WPA_CAPABILITY_MFPR BIT(6) #define WPA_CAPABILITY_MFPC BIT(7) -#define WPA_CAPABILITY_PEERKEY_ENABLED BIT(9) - /* IEEE 802.11r */ #define MOBILITY_DOMAIN_ID_LEN 2 @@ -232,23 +224,6 @@ struct rsn_ie_hdr { u8 version[2]; /* little endian */ } STRUCT_PACKED; - -#ifdef CONFIG_PEERKEY -enum { - STK_MUI_4WAY_STA_AP = 1, - STK_MUI_4WAY_STAT_STA = 2, - STK_MUI_GTK = 3, - STK_MUI_SMK = 4 -}; - -enum { - STK_ERR_STA_NR = 1, - STK_ERR_STA_NRSN = 2, - STK_ERR_CPHR_NS = 3, - STK_ERR_NO_STSL = 4 -}; -#endif /* CONFIG_PEERKEY */ - struct rsn_error_kde { be16 mui; be16 error_type; diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c index 723741c8b8..e6f5249e3d 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c @@ -795,6 +795,10 @@ int wps_process_wps_mX_req(u8 *ubuf, int len, enum wps_process_res *res) } if ((flag & WPS_MSG_FLAG_MORE) || wps_buf != NULL) {//frag msg + if (tlen > 50000) { + wpa_printf(MSG_ERROR, "EAP-WSC: Invalid Message Length"); + return ESP_FAIL; + } wpa_printf(MSG_DEBUG, "rx frag msg id:%d, flag:%d, frag_len: %d, tot_len: %d, be_tot_len:%d", sm->current_identifier, flag, frag_len, tlen, be_tot_len); if (ESP_OK != wps_enrollee_process_msg_frag(&wps_buf, tlen, tbuf, frag_len, flag)) { if (wps_buf) { diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_ie.h b/components/wpa_supplicant/src/rsn_supp/wpa_ie.h index c71a926f2b..98ba648794 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa_ie.h +++ b/components/wpa_supplicant/src/rsn_supp/wpa_ie.h @@ -25,16 +25,6 @@ struct wpa_eapol_ie_parse { size_t gtk_len; const u8 *mac_addr; size_t mac_addr_len; -#ifdef CONFIG_PEERKEY - const u8 *smk; - size_t smk_len; - const u8 *nonce; - size_t nonce_len; - const u8 *lifetime; - size_t lifetime_len; - const u8 *error; - size_t error_len; -#endif /* CONFIG_PEERKEY */ #ifdef CONFIG_IEEE80211W const u8 *igtk; size_t igtk_len; From 78f88c1e01b3cb248e2df6b906c0365e296b1c44 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Wed, 3 Aug 2022 11:57:25 +0530 Subject: [PATCH 2/3] esp_wifi: Changes to not use pmkid caching when SSID is changed --- components/wpa_supplicant/src/rsn_supp/wpa.c | 12 +++++++++++- components/wpa_supplicant/src/rsn_supp/wpa_i.h | 2 ++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 108493fbe4..9961286538 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2139,7 +2139,14 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, { int res = 0; struct wpa_sm *sm = &gWpaSm; + bool use_pmk_cache = true; + /* Incase AP has changed it's SSID, don't try with PMK caching for SAE connection */ + if ((sm->key_mgmt == WPA_KEY_MGMT_SAE) && + (os_memcmp(sm->bssid, bssid, ETH_ALEN) == 0) && + (os_memcmp(sm->ssid, ssid, ssid_len) != 0)) { + use_pmk_cache = false; + } sm->pairwise_cipher = BIT(pairwise_cipher); sm->group_cipher = BIT(group_cipher); sm->rx_replay_counter_set = 0; //init state not intall replay counter value @@ -2152,7 +2159,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, if (sm->key_mgmt == WPA_KEY_MGMT_SAE || is_wpa2_enterprise_connection()) { - if (!esp_wifi_skip_supp_pmkcaching()) { + if (!esp_wifi_skip_supp_pmkcaching() && use_pmk_cache) { pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0); wpa_sm_set_pmk_from_pmksa(sm); } else { @@ -2185,6 +2192,9 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, if (res < 0) return -1; sm->assoc_wpa_ie_len = res; + os_memset(sm->ssid, 0, sizeof(sm->ssid)); + os_memcpy(sm->ssid, ssid, ssid_len); + sm->ssid_len = ssid_len; wpa_set_passphrase(passphrase, ssid, ssid_len); return 0; } diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_i.h b/components/wpa_supplicant/src/rsn_supp/wpa_i.h index 831810a5d5..e7fd2e2b23 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa_i.h +++ b/components/wpa_supplicant/src/rsn_supp/wpa_i.h @@ -43,6 +43,8 @@ struct wpa_sm { u8 request_counter[WPA_REPLAY_COUNTER_LEN]; struct rsn_pmksa_cache *pmksa; /* PMKSA cache */ struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */ + u8 ssid[32]; + size_t ssid_len; unsigned int pairwise_cipher; unsigned int group_cipher; From 941d79baa27454202987baba181be109427df187 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Wed, 3 Aug 2022 12:40:31 +0530 Subject: [PATCH 3/3] wpa_supplicant: Unicast key renew in TKIP mic failure Currently we always request group key renew for during TKIP mic failure. Add support for unicast/multicast key renew as per packet. --- components/wpa_supplicant/src/rsn_supp/wpa.c | 33 +++++++++---------- .../wpa_supplicant/src/rsn_supp/wpa_i.h | 2 +- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 9961286538..f86ab08b04 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -282,10 +282,12 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) reply->type = sm->proto == WPA_PROTO_RSN ? EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; key_info = WPA_KEY_INFO_REQUEST | ver; - if (sm->ptk_set) + if (sm->ptk_set) { + key_info |= WPA_KEY_INFO_SECURE; key_info |= WPA_KEY_INFO_MIC; + } if (error) - key_info |= WPA_KEY_INFO_ERROR|WPA_KEY_INFO_SECURE; + key_info |= WPA_KEY_INFO_ERROR; if (pairwise) key_info |= WPA_KEY_INFO_KEY_TYPE; WPA_PUT_BE16(reply->key_info, key_info); @@ -2264,9 +2266,9 @@ wpa_sm_set_key(struct install_key *key_sm, enum wpa_alg alg, struct wpa_sm *sm = &gWpaSm; /*gtk or ptk both need check countermeasures*/ - if (alg == WPA_ALG_TKIP && key_len == 32) { + if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) { /* Clear the MIC error counter when setting a new PTK. */ - key_sm->mic_errors_seen = 0; + sm->mic_errors_seen = 0; } key_sm->keys_cleared = 0; @@ -2289,9 +2291,8 @@ wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size_t k void wpa_supplicant_clr_countermeasures(u16 *pisunicast) { - struct wpa_sm *sm = &gWpaSm; - (sm->install_ptk).mic_errors_seen=0; - (sm->install_gtk).mic_errors_seen=0; + struct wpa_sm *sm = &gWpaSm; + sm->mic_errors_seen = 0; ets_timer_done(&(sm->cm_timer)); wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures clean\n"); } @@ -2301,9 +2302,9 @@ void wpa_supplicant_clr_countermeasures(u16 *pisunicast) */ void wpa_supplicant_stop_countermeasures(u16 *pisunicast) { - struct wpa_sm *sm = &gWpaSm; + struct wpa_sm *sm = &gWpaSm; - ets_timer_done(&(sm->cm_timer)); + ets_timer_done(&(sm->cm_timer)); if (sm->countermeasures) { sm->countermeasures = 0; wpa_supplicant_clr_countermeasures(NULL); @@ -2316,22 +2317,20 @@ void wpa_supplicant_stop_countermeasures(u16 *pisunicast) int wpa_michael_mic_failure(u16 isunicast) { - struct wpa_sm *sm = &gWpaSm; - int32_t *pmic_errors_seen=(isunicast)? &((sm->install_ptk).mic_errors_seen) : &((sm->install_gtk).mic_errors_seen); + struct wpa_sm *sm = &gWpaSm; wpa_printf(MSG_DEBUG, "\nTKIP MIC failure occur\n"); - /*both unicast and multicast mic_errors_seen need statistics*/ - if ((sm->install_ptk).mic_errors_seen + (sm->install_gtk).mic_errors_seen) { + if (sm->mic_errors_seen) { /* Send the new MIC error report immediately since we are going * to start countermeasures and AP better do the same. */ wpa_sm_set_state(WPA_TKIP_COUNTERMEASURES); - wpa_sm_key_request(sm, 1, 0); + wpa_sm_key_request(sm, 1, isunicast); /* initialize countermeasures */ sm->countermeasures = 1; - wpa_printf(MSG_DEBUG, "TKIP countermeasures started\n"); + wpa_printf(MSG_DEBUG, "TKIP countermeasures started"); /* * Need to wait for completion of request frame. We do not get @@ -2350,9 +2349,9 @@ int wpa_michael_mic_failure(u16 isunicast) /* TODO: mark the AP rejected for 60 second. STA is * allowed to associate with another AP.. */ } else { - *pmic_errors_seen=(*pmic_errors_seen)+1; + sm->mic_errors_seen++; wpa_sm_set_state(WPA_MIC_FAILURE); - wpa_sm_key_request(sm, 1, 0); + wpa_sm_key_request(sm, 1, isunicast); /*start 60sec counter to monitor whether next mic_failure occur in this period, or clear mic_errors_seen*/ ets_timer_disarm(&(sm->cm_timer)); ets_timer_done(&(sm->cm_timer)); diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_i.h b/components/wpa_supplicant/src/rsn_supp/wpa_i.h index e7fd2e2b23..e2911fbc92 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa_i.h +++ b/components/wpa_supplicant/src/rsn_supp/wpa_i.h @@ -16,7 +16,6 @@ #define WPA_I_H struct install_key { - int mic_errors_seen; /* Michael MIC errors with the current PTK */ int keys_cleared; enum wpa_alg alg; u8 addr[ETH_ALEN]; @@ -77,6 +76,7 @@ struct wpa_sm { struct install_key install_ptk; struct install_key install_gtk; + int mic_errors_seen; /* Michael MIC errors with the current PTK */ int key_entry_valid; //present current avaliable entry for bssid, for pairkey:0,5,10,15,20, gtk: pairkey_no+i (i:1~4) void (* sendto) (void *buffer, uint16_t len);