mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
Merge branch 'bugfix/wlan_fixes_backports_v4.1' into 'release/v4.1'
esp_wifi: Fix some wlan issues(backport v4.1) See merge request espressif/esp-idf!19363
This commit is contained in:
Jiang Jiang Jian
commit
da82c4f804
@ -556,8 +556,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s
|
|||||||
struct ieee802_1x_hdr *hdr;
|
struct ieee802_1x_hdr *hdr;
|
||||||
struct wpa_eapol_key *key;
|
struct wpa_eapol_key *key;
|
||||||
u16 key_info, key_data_length;
|
u16 key_info, key_data_length;
|
||||||
enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
|
enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST } msg;
|
||||||
SMK_M1, SMK_M3, SMK_ERROR } msg;
|
|
||||||
struct wpa_eapol_ie_parse kde;
|
struct wpa_eapol_ie_parse kde;
|
||||||
int ft;
|
int ft;
|
||||||
const u8 *eapol_key_ie;
|
const u8 *eapol_key_ie;
|
||||||
@ -616,16 +615,12 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s
|
|||||||
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
|
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
|
||||||
* are set */
|
* are set */
|
||||||
|
|
||||||
if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
|
if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
|
||||||
(WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
|
wpa_printf(MSG_DEBUG, "WPA: Ignore SMK message");
|
||||||
if (key_info & WPA_KEY_INFO_ERROR) {
|
return;
|
||||||
msg = SMK_ERROR;
|
|
||||||
} else {
|
|
||||||
msg = SMK_M1;
|
|
||||||
}
|
}
|
||||||
} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
|
|
||||||
msg = SMK_M3;
|
if (key_info & WPA_KEY_INFO_REQUEST) {
|
||||||
} else if (key_info & WPA_KEY_INFO_REQUEST) {
|
|
||||||
msg = REQUEST;
|
msg = REQUEST;
|
||||||
} else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
|
} else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
|
||||||
msg = GROUP_2;
|
msg = GROUP_2;
|
||||||
@ -635,7 +630,6 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s
|
|||||||
msg = PAIRWISE_2;
|
msg = PAIRWISE_2;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* TODO: key_info type validation for PeerKey */
|
|
||||||
if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
|
if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
|
||||||
msg == GROUP_2) {
|
msg == GROUP_2) {
|
||||||
u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
|
u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
|
||||||
@ -775,25 +769,6 @@ continue_processing:
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
case SMK_M1:
|
|
||||||
case SMK_M3:
|
|
||||||
case SMK_ERROR:
|
|
||||||
if (!wpa_auth->conf.peerkey) {
|
|
||||||
wpa_printf( MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
|
|
||||||
"PeerKey use disabled - ignoring message");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (!sm->PTK_valid) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
#else /* CONFIG_PEERKEY */
|
|
||||||
case SMK_M1:
|
|
||||||
case SMK_M3:
|
|
||||||
case SMK_ERROR:
|
|
||||||
return; /* STSL disabled - ignore SMK messages */
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
case REQUEST:
|
case REQUEST:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -833,22 +808,13 @@ continue_processing:
|
|||||||
* even though MAC address KDE is not normally encrypted,
|
* even though MAC address KDE is not normally encrypted,
|
||||||
* supplicant is allowed to encrypt it.
|
* supplicant is allowed to encrypt it.
|
||||||
*/
|
*/
|
||||||
if (msg == SMK_ERROR) {
|
if (key_info & WPA_KEY_INFO_ERROR) {
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
wpa_smk_error(wpa_auth, sm, key);
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
return;
|
|
||||||
} else if (key_info & WPA_KEY_INFO_ERROR) {
|
|
||||||
if (wpa_receive_error_report(
|
if (wpa_receive_error_report(
|
||||||
wpa_auth, sm,
|
wpa_auth, sm,
|
||||||
!(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
|
!(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
|
||||||
return; /* STA entry was removed */
|
return; /* STA entry was removed */
|
||||||
} else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
|
} else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
|
||||||
wpa_request_new_ptk(sm);
|
wpa_request_new_ptk(sm);
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
} else if (msg == SMK_M1) {
|
|
||||||
wpa_smk_m1(wpa_auth, sm, key);
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
} else if (key_data_length > 0 &&
|
} else if (key_data_length > 0 &&
|
||||||
wpa_parse_kde_ies((const u8 *) (key + 1),
|
wpa_parse_kde_ies((const u8 *) (key + 1),
|
||||||
key_data_length, &kde) == 0 &&
|
key_data_length, &kde) == 0 &&
|
||||||
@ -884,13 +850,6 @@ continue_processing:
|
|||||||
wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
|
wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
if (msg == SMK_M3) {
|
|
||||||
wpa_smk_m3(wpa_auth, sm, key);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
wpa_printf( MSG_DEBUG, "wpa_rx: free eapol=%p\n", sm->last_rx_eapol_key);
|
wpa_printf( MSG_DEBUG, "wpa_rx: free eapol=%p\n", sm->last_rx_eapol_key);
|
||||||
os_free(sm->last_rx_eapol_key);
|
os_free(sm->last_rx_eapol_key);
|
||||||
sm->last_rx_eapol_key = (u8 *)os_malloc(data_len);
|
sm->last_rx_eapol_key = (u8 *)os_malloc(data_len);
|
||||||
@ -1022,11 +981,11 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
|||||||
WPA_PUT_BE16(key->key_info, key_info);
|
WPA_PUT_BE16(key->key_info, key_info);
|
||||||
|
|
||||||
alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
|
alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
|
||||||
WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
|
if (sm->wpa == WPA_VERSION_WPA2 && !pairwise)
|
||||||
if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
|
|
||||||
WPA_PUT_BE16(key->key_length, 0);
|
WPA_PUT_BE16(key->key_length, 0);
|
||||||
|
else
|
||||||
|
WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
|
||||||
|
|
||||||
/* FIX: STSL: what to use as key_replay_counter? */
|
|
||||||
for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
|
for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
|
||||||
sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
|
sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
|
||||||
memcpy(sm->key_replay[i].counter,
|
memcpy(sm->key_replay[i].counter,
|
||||||
|
|||||||
@ -136,7 +136,6 @@ struct wpa_auth_config {
|
|||||||
int rsn_pairwise;
|
int rsn_pairwise;
|
||||||
int rsn_preauth;
|
int rsn_preauth;
|
||||||
int eapol_version;
|
int eapol_version;
|
||||||
int peerkey;
|
|
||||||
int wmm_enabled;
|
int wmm_enabled;
|
||||||
int wmm_uapsd;
|
int wmm_uapsd;
|
||||||
int disable_pmksa_caching;
|
int disable_pmksa_caching;
|
||||||
|
|||||||
@ -182,17 +182,6 @@ int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
|
|||||||
int (*cb)(struct wpa_authenticator *a, void *ctx),
|
int (*cb)(struct wpa_authenticator *a, void *ctx),
|
||||||
void *cb_ctx);
|
void *cb_ctx);
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_stsl_negotiation *neg);
|
|
||||||
void wpa_smk_error(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm, struct wpa_eapol_key *key);
|
|
||||||
void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm, struct wpa_eapol_key *key);
|
|
||||||
void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm, struct wpa_eapol_key *key);
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211R
|
#ifdef CONFIG_IEEE80211R
|
||||||
int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
|
int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
|
||||||
int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
|
int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
|
||||||
|
|||||||
@ -216,8 +216,6 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
|
|||||||
capab = 0;
|
capab = 0;
|
||||||
if (conf->rsn_preauth)
|
if (conf->rsn_preauth)
|
||||||
capab |= WPA_CAPABILITY_PREAUTH;
|
capab |= WPA_CAPABILITY_PREAUTH;
|
||||||
if (conf->peerkey)
|
|
||||||
capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
|
|
||||||
if (conf->wmm_enabled) {
|
if (conf->wmm_enabled) {
|
||||||
/* 4 PTKSA replay counters when using WMM */
|
/* 4 PTKSA replay counters when using WMM */
|
||||||
capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
|
capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
|
||||||
@ -599,36 +597,6 @@ static int wpa_parse_generic(const u8 *pos, const u8 *end,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
|
|
||||||
ie->smk = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
|
|
||||||
ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
|
|
||||||
ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
|
|
||||||
ie->error = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->error_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
|
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
|
||||||
|
|||||||
@ -19,16 +19,6 @@ struct wpa_eapol_ie_parse {
|
|||||||
size_t gtk_len;
|
size_t gtk_len;
|
||||||
const u8 *mac_addr;
|
const u8 *mac_addr;
|
||||||
size_t mac_addr_len;
|
size_t mac_addr_len;
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
const u8 *smk;
|
|
||||||
size_t smk_len;
|
|
||||||
const u8 *nonce;
|
|
||||||
size_t nonce_len;
|
|
||||||
const u8 *lifetime;
|
|
||||||
size_t lifetime_len;
|
|
||||||
const u8 *error;
|
|
||||||
size_t error_len;
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
const u8 *igtk;
|
const u8 *igtk;
|
||||||
size_t igtk_len;
|
size_t igtk_len;
|
||||||
|
|||||||
@ -65,7 +65,6 @@ int sae_set_group(struct sae_data *sae, int group)
|
|||||||
tmp->prime_len = tmp->dh->prime_len;
|
tmp->prime_len = tmp->dh->prime_len;
|
||||||
if (tmp->prime_len > SAE_MAX_PRIME_LEN) {
|
if (tmp->prime_len > SAE_MAX_PRIME_LEN) {
|
||||||
sae_clear_data(sae);
|
sae_clear_data(sae);
|
||||||
os_free(tmp);
|
|
||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -73,7 +72,6 @@ int sae_set_group(struct sae_data *sae, int group)
|
|||||||
tmp->prime_len);
|
tmp->prime_len);
|
||||||
if (tmp->prime_buf == NULL) {
|
if (tmp->prime_buf == NULL) {
|
||||||
sae_clear_data(sae);
|
sae_clear_data(sae);
|
||||||
os_free(tmp);
|
|
||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
tmp->prime = tmp->prime_buf;
|
tmp->prime = tmp->prime_buf;
|
||||||
@ -82,7 +80,6 @@ int sae_set_group(struct sae_data *sae, int group)
|
|||||||
tmp->dh->order_len);
|
tmp->dh->order_len);
|
||||||
if (tmp->order_buf == NULL) {
|
if (tmp->order_buf == NULL) {
|
||||||
sae_clear_data(sae);
|
sae_clear_data(sae);
|
||||||
os_free(tmp);
|
|
||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
tmp->order = tmp->order_buf;
|
tmp->order = tmp->order_buf;
|
||||||
@ -862,7 +859,7 @@ fail:
|
|||||||
|
|
||||||
int sae_process_commit(struct sae_data *sae)
|
int sae_process_commit(struct sae_data *sae)
|
||||||
{
|
{
|
||||||
u8 k[SAE_MAX_PRIME_LEN];
|
u8 k[SAE_MAX_PRIME_LEN] = {0};
|
||||||
if (sae->tmp == NULL ||
|
if (sae->tmp == NULL ||
|
||||||
(sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) ||
|
(sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) ||
|
||||||
(sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) ||
|
(sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) ||
|
||||||
|
|||||||
@ -487,10 +487,6 @@ const char * wpa_cipher_txt(int cipher)
|
|||||||
* PTK = PRF-X(PMK, "Pairwise key expansion",
|
* PTK = PRF-X(PMK, "Pairwise key expansion",
|
||||||
* Min(AA, SA) || Max(AA, SA) ||
|
* Min(AA, SA) || Max(AA, SA) ||
|
||||||
* Min(ANonce, SNonce) || Max(ANonce, SNonce))
|
* Min(ANonce, SNonce) || Max(ANonce, SNonce))
|
||||||
*
|
|
||||||
* STK = PRF-X(SMK, "Peer key expansion",
|
|
||||||
* Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) ||
|
|
||||||
* Min(INonce, PNonce) || Max(INonce, PNonce))
|
|
||||||
*/
|
*/
|
||||||
void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
|
void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
|
||||||
const u8 *addr1, const u8 *addr2,
|
const u8 *addr1, const u8 *addr2,
|
||||||
|
|||||||
@ -73,12 +73,6 @@
|
|||||||
#define RSN_KEY_DATA_GROUPKEY RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
|
#define RSN_KEY_DATA_GROUPKEY RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
|
||||||
#define RSN_KEY_DATA_MAC_ADDR RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
|
#define RSN_KEY_DATA_MAC_ADDR RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
|
||||||
#define RSN_KEY_DATA_PMKID RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
|
#define RSN_KEY_DATA_PMKID RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
#define RSN_KEY_DATA_SMK RSN_SELECTOR(0x00, 0x0f, 0xac, 5)
|
|
||||||
#define RSN_KEY_DATA_NONCE RSN_SELECTOR(0x00, 0x0f, 0xac, 6)
|
|
||||||
#define RSN_KEY_DATA_LIFETIME RSN_SELECTOR(0x00, 0x0f, 0xac, 7)
|
|
||||||
#define RSN_KEY_DATA_ERROR RSN_SELECTOR(0x00, 0x0f, 0xac, 8)
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
#define RSN_KEY_DATA_IGTK RSN_SELECTOR(0x00, 0x0f, 0xac, 9)
|
#define RSN_KEY_DATA_IGTK RSN_SELECTOR(0x00, 0x0f, 0xac, 9)
|
||||||
#endif /* CONFIG_IEEE80211W */
|
#endif /* CONFIG_IEEE80211W */
|
||||||
@ -109,8 +103,6 @@
|
|||||||
/* B4-B5: GTKSA Replay Counter */
|
/* B4-B5: GTKSA Replay Counter */
|
||||||
#define WPA_CAPABILITY_MFPR BIT(6)
|
#define WPA_CAPABILITY_MFPR BIT(6)
|
||||||
#define WPA_CAPABILITY_MFPC BIT(7)
|
#define WPA_CAPABILITY_MFPC BIT(7)
|
||||||
#define WPA_CAPABILITY_PEERKEY_ENABLED BIT(9)
|
|
||||||
|
|
||||||
|
|
||||||
/* IEEE 802.11r */
|
/* IEEE 802.11r */
|
||||||
#define MOBILITY_DOMAIN_ID_LEN 2
|
#define MOBILITY_DOMAIN_ID_LEN 2
|
||||||
@ -232,23 +224,6 @@ struct rsn_ie_hdr {
|
|||||||
u8 version[2]; /* little endian */
|
u8 version[2]; /* little endian */
|
||||||
} STRUCT_PACKED;
|
} STRUCT_PACKED;
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
enum {
|
|
||||||
STK_MUI_4WAY_STA_AP = 1,
|
|
||||||
STK_MUI_4WAY_STAT_STA = 2,
|
|
||||||
STK_MUI_GTK = 3,
|
|
||||||
STK_MUI_SMK = 4
|
|
||||||
};
|
|
||||||
|
|
||||||
enum {
|
|
||||||
STK_ERR_STA_NR = 1,
|
|
||||||
STK_ERR_STA_NRSN = 2,
|
|
||||||
STK_ERR_CPHR_NS = 3,
|
|
||||||
STK_ERR_NO_STSL = 4
|
|
||||||
};
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
struct rsn_error_kde {
|
struct rsn_error_kde {
|
||||||
be16 mui;
|
be16 mui;
|
||||||
be16 error_type;
|
be16 error_type;
|
||||||
|
|||||||
@ -795,6 +795,10 @@ int wps_process_wps_mX_req(u8 *ubuf, int len, enum wps_process_res *res)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ((flag & WPS_MSG_FLAG_MORE) || wps_buf != NULL) {//frag msg
|
if ((flag & WPS_MSG_FLAG_MORE) || wps_buf != NULL) {//frag msg
|
||||||
|
if (tlen > 50000) {
|
||||||
|
wpa_printf(MSG_ERROR, "EAP-WSC: Invalid Message Length");
|
||||||
|
return ESP_FAIL;
|
||||||
|
}
|
||||||
wpa_printf(MSG_DEBUG, "rx frag msg id:%d, flag:%d, frag_len: %d, tot_len: %d, be_tot_len:%d", sm->current_identifier, flag, frag_len, tlen, be_tot_len);
|
wpa_printf(MSG_DEBUG, "rx frag msg id:%d, flag:%d, frag_len: %d, tot_len: %d, be_tot_len:%d", sm->current_identifier, flag, frag_len, tlen, be_tot_len);
|
||||||
if (ESP_OK != wps_enrollee_process_msg_frag(&wps_buf, tlen, tbuf, frag_len, flag)) {
|
if (ESP_OK != wps_enrollee_process_msg_frag(&wps_buf, tlen, tbuf, frag_len, flag)) {
|
||||||
if (wps_buf) {
|
if (wps_buf) {
|
||||||
|
|||||||
@ -282,10 +282,12 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
|
|||||||
reply->type = sm->proto == WPA_PROTO_RSN ?
|
reply->type = sm->proto == WPA_PROTO_RSN ?
|
||||||
EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
|
EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
|
||||||
key_info = WPA_KEY_INFO_REQUEST | ver;
|
key_info = WPA_KEY_INFO_REQUEST | ver;
|
||||||
if (sm->ptk_set)
|
if (sm->ptk_set) {
|
||||||
|
key_info |= WPA_KEY_INFO_SECURE;
|
||||||
key_info |= WPA_KEY_INFO_MIC;
|
key_info |= WPA_KEY_INFO_MIC;
|
||||||
|
}
|
||||||
if (error)
|
if (error)
|
||||||
key_info |= WPA_KEY_INFO_ERROR|WPA_KEY_INFO_SECURE;
|
key_info |= WPA_KEY_INFO_ERROR;
|
||||||
if (pairwise)
|
if (pairwise)
|
||||||
key_info |= WPA_KEY_INFO_KEY_TYPE;
|
key_info |= WPA_KEY_INFO_KEY_TYPE;
|
||||||
WPA_PUT_BE16(reply->key_info, key_info);
|
WPA_PUT_BE16(reply->key_info, key_info);
|
||||||
@ -2139,7 +2141,14 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
|
|||||||
{
|
{
|
||||||
int res = 0;
|
int res = 0;
|
||||||
struct wpa_sm *sm = &gWpaSm;
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
|
bool use_pmk_cache = true;
|
||||||
|
|
||||||
|
/* Incase AP has changed it's SSID, don't try with PMK caching for SAE connection */
|
||||||
|
if ((sm->key_mgmt == WPA_KEY_MGMT_SAE) &&
|
||||||
|
(os_memcmp(sm->bssid, bssid, ETH_ALEN) == 0) &&
|
||||||
|
(os_memcmp(sm->ssid, ssid, ssid_len) != 0)) {
|
||||||
|
use_pmk_cache = false;
|
||||||
|
}
|
||||||
sm->pairwise_cipher = BIT(pairwise_cipher);
|
sm->pairwise_cipher = BIT(pairwise_cipher);
|
||||||
sm->group_cipher = BIT(group_cipher);
|
sm->group_cipher = BIT(group_cipher);
|
||||||
sm->rx_replay_counter_set = 0; //init state not intall replay counter value
|
sm->rx_replay_counter_set = 0; //init state not intall replay counter value
|
||||||
@ -2152,7 +2161,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
|
|||||||
|
|
||||||
if (sm->key_mgmt == WPA_KEY_MGMT_SAE ||
|
if (sm->key_mgmt == WPA_KEY_MGMT_SAE ||
|
||||||
is_wpa2_enterprise_connection()) {
|
is_wpa2_enterprise_connection()) {
|
||||||
if (!esp_wifi_skip_supp_pmkcaching()) {
|
if (!esp_wifi_skip_supp_pmkcaching() && use_pmk_cache) {
|
||||||
pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0);
|
pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0);
|
||||||
wpa_sm_set_pmk_from_pmksa(sm);
|
wpa_sm_set_pmk_from_pmksa(sm);
|
||||||
} else {
|
} else {
|
||||||
@ -2185,6 +2194,9 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
|
|||||||
if (res < 0)
|
if (res < 0)
|
||||||
return -1;
|
return -1;
|
||||||
sm->assoc_wpa_ie_len = res;
|
sm->assoc_wpa_ie_len = res;
|
||||||
|
os_memset(sm->ssid, 0, sizeof(sm->ssid));
|
||||||
|
os_memcpy(sm->ssid, ssid, ssid_len);
|
||||||
|
sm->ssid_len = ssid_len;
|
||||||
wpa_set_passphrase(passphrase, ssid, ssid_len);
|
wpa_set_passphrase(passphrase, ssid, ssid_len);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -2254,9 +2266,9 @@ wpa_sm_set_key(struct install_key *key_sm, enum wpa_alg alg,
|
|||||||
struct wpa_sm *sm = &gWpaSm;
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
|
|
||||||
/*gtk or ptk both need check countermeasures*/
|
/*gtk or ptk both need check countermeasures*/
|
||||||
if (alg == WPA_ALG_TKIP && key_len == 32) {
|
if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) {
|
||||||
/* Clear the MIC error counter when setting a new PTK. */
|
/* Clear the MIC error counter when setting a new PTK. */
|
||||||
key_sm->mic_errors_seen = 0;
|
sm->mic_errors_seen = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
key_sm->keys_cleared = 0;
|
key_sm->keys_cleared = 0;
|
||||||
@ -2280,8 +2292,7 @@ wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size_t k
|
|||||||
void wpa_supplicant_clr_countermeasures(u16 *pisunicast)
|
void wpa_supplicant_clr_countermeasures(u16 *pisunicast)
|
||||||
{
|
{
|
||||||
struct wpa_sm *sm = &gWpaSm;
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
(sm->install_ptk).mic_errors_seen=0;
|
sm->mic_errors_seen = 0;
|
||||||
(sm->install_gtk).mic_errors_seen=0;
|
|
||||||
ets_timer_done(&(sm->cm_timer));
|
ets_timer_done(&(sm->cm_timer));
|
||||||
wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures clean\n");
|
wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures clean\n");
|
||||||
}
|
}
|
||||||
@ -2307,21 +2318,19 @@ void wpa_supplicant_stop_countermeasures(u16 *pisunicast)
|
|||||||
int wpa_michael_mic_failure(u16 isunicast)
|
int wpa_michael_mic_failure(u16 isunicast)
|
||||||
{
|
{
|
||||||
struct wpa_sm *sm = &gWpaSm;
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
int32_t *pmic_errors_seen=(isunicast)? &((sm->install_ptk).mic_errors_seen) : &((sm->install_gtk).mic_errors_seen);
|
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "\nTKIP MIC failure occur\n");
|
wpa_printf(MSG_DEBUG, "\nTKIP MIC failure occur\n");
|
||||||
|
|
||||||
/*both unicast and multicast mic_errors_seen need statistics*/
|
if (sm->mic_errors_seen) {
|
||||||
if ((sm->install_ptk).mic_errors_seen + (sm->install_gtk).mic_errors_seen) {
|
|
||||||
/* Send the new MIC error report immediately since we are going
|
/* Send the new MIC error report immediately since we are going
|
||||||
* to start countermeasures and AP better do the same.
|
* to start countermeasures and AP better do the same.
|
||||||
*/
|
*/
|
||||||
wpa_sm_set_state(WPA_TKIP_COUNTERMEASURES);
|
wpa_sm_set_state(WPA_TKIP_COUNTERMEASURES);
|
||||||
wpa_sm_key_request(sm, 1, 0);
|
wpa_sm_key_request(sm, 1, isunicast);
|
||||||
|
|
||||||
/* initialize countermeasures */
|
/* initialize countermeasures */
|
||||||
sm->countermeasures = 1;
|
sm->countermeasures = 1;
|
||||||
wpa_printf(MSG_DEBUG, "TKIP countermeasures started\n");
|
wpa_printf(MSG_DEBUG, "TKIP countermeasures started");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Need to wait for completion of request frame. We do not get
|
* Need to wait for completion of request frame. We do not get
|
||||||
@ -2340,9 +2349,9 @@ int wpa_michael_mic_failure(u16 isunicast)
|
|||||||
/* TODO: mark the AP rejected for 60 second. STA is
|
/* TODO: mark the AP rejected for 60 second. STA is
|
||||||
* allowed to associate with another AP.. */
|
* allowed to associate with another AP.. */
|
||||||
} else {
|
} else {
|
||||||
*pmic_errors_seen=(*pmic_errors_seen)+1;
|
sm->mic_errors_seen++;
|
||||||
wpa_sm_set_state(WPA_MIC_FAILURE);
|
wpa_sm_set_state(WPA_MIC_FAILURE);
|
||||||
wpa_sm_key_request(sm, 1, 0);
|
wpa_sm_key_request(sm, 1, isunicast);
|
||||||
/*start 60sec counter to monitor whether next mic_failure occur in this period, or clear mic_errors_seen*/
|
/*start 60sec counter to monitor whether next mic_failure occur in this period, or clear mic_errors_seen*/
|
||||||
ets_timer_disarm(&(sm->cm_timer));
|
ets_timer_disarm(&(sm->cm_timer));
|
||||||
ets_timer_done(&(sm->cm_timer));
|
ets_timer_done(&(sm->cm_timer));
|
||||||
|
|||||||
@ -16,7 +16,6 @@
|
|||||||
#define WPA_I_H
|
#define WPA_I_H
|
||||||
|
|
||||||
struct install_key {
|
struct install_key {
|
||||||
int mic_errors_seen; /* Michael MIC errors with the current PTK */
|
|
||||||
int keys_cleared;
|
int keys_cleared;
|
||||||
enum wpa_alg alg;
|
enum wpa_alg alg;
|
||||||
u8 addr[ETH_ALEN];
|
u8 addr[ETH_ALEN];
|
||||||
@ -43,6 +42,8 @@ struct wpa_sm {
|
|||||||
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
|
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
|
||||||
struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
|
struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
|
||||||
struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */
|
struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */
|
||||||
|
u8 ssid[32];
|
||||||
|
size_t ssid_len;
|
||||||
|
|
||||||
unsigned int pairwise_cipher;
|
unsigned int pairwise_cipher;
|
||||||
unsigned int group_cipher;
|
unsigned int group_cipher;
|
||||||
@ -75,6 +76,7 @@ struct wpa_sm {
|
|||||||
|
|
||||||
struct install_key install_ptk;
|
struct install_key install_ptk;
|
||||||
struct install_key install_gtk;
|
struct install_key install_gtk;
|
||||||
|
int mic_errors_seen; /* Michael MIC errors with the current PTK */
|
||||||
int key_entry_valid; //present current avaliable entry for bssid, for pairkey:0,5,10,15,20, gtk: pairkey_no+i (i:1~4)
|
int key_entry_valid; //present current avaliable entry for bssid, for pairkey:0,5,10,15,20, gtk: pairkey_no+i (i:1~4)
|
||||||
|
|
||||||
void (* sendto) (void *buffer, uint16_t len);
|
void (* sendto) (void *buffer, uint16_t len);
|
||||||
|
|||||||
@ -25,16 +25,6 @@ struct wpa_eapol_ie_parse {
|
|||||||
size_t gtk_len;
|
size_t gtk_len;
|
||||||
const u8 *mac_addr;
|
const u8 *mac_addr;
|
||||||
size_t mac_addr_len;
|
size_t mac_addr_len;
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
const u8 *smk;
|
|
||||||
size_t smk_len;
|
|
||||||
const u8 *nonce;
|
|
||||||
size_t nonce_len;
|
|
||||||
const u8 *lifetime;
|
|
||||||
size_t lifetime_len;
|
|
||||||
const u8 *error;
|
|
||||||
size_t error_len;
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
const u8 *igtk;
|
const u8 *igtk;
|
||||||
size_t igtk_len;
|
size_t igtk_len;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user