Merge branch 'bugfix/wps_wfa_cert_fixes_v4.1' into 'release/v4.1'

wpa_supplicant: Add WPS strict in config option(backport v4.1) See merge request espressif/esp-idf!14229
2024-10-05 20:47:46 -04:00 · 2022-01-28 13:04:12 +00:00 · 2022-01-28 13:04:12 +00:00 · df2856c13d
commit df2856c13d
parent f69ef6b5db d9ed6d93e9
8 changed files with 22 additions and 62 deletions
--- a/components/wpa_supplicant/CMakeLists.txt
+++ b/components/wpa_supplicant/CMakeLists.txt
@ -129,5 +129,8 @@ target_compile_definitions(${COMPONENT_LIB} PRIVATE
 if(CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE)
    target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_WPA3_SAE)
 endif()
+if(CONFIG_WPA_WPS_STRICT)
+    target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_WPS_STRICT)
+endif()

 set_property(TARGET ${COMPONENT_LIB} APPEND PROPERTY LINK_INTERFACE_MULTIPLICITY 3)
--- a/components/wpa_supplicant/Kconfig
+++ b/components/wpa_supplicant/Kconfig
@ -12,24 +12,13 @@ menu "Supplicant"
        help
            Select this to enable TLS v1.2 for WPA2-Enterprise Authentication.

-    config WPA_WPS_WARS
-        bool "Add WPS Inter operatability Fixes"
+    config WPA_WPS_STRICT
+        bool "Strictly validate all WPS attributes"
        default n
        help
-            Select this option to enable WPS related IOT fixes with
-            different APs. This option fixes IOT related issues with
-            APs which do not follow some of the standards of WPS-2.0
-            specification. These do not include any of the security
-            related bypassing, just simple configuration corrections.
-
-            Current fixes under this flag.
-            1. Allow NULL-padded WPS attributes: Some APs keep NULL-padding
-            at the end of some variable length WPS Attributes.
-            This is not as par the WPS2.0 specs, but to avoid interop issues,
-            ignore the padding by reducing the attribute length by 1.
-            2. Bypass WPS-Config method validation: Some APs set display/pbc
-            button bit without setting virtual/physical display/button bit which
-            will cause M2 validation fail, bypassing WPS-Config method validation.
+            Select this option to enable validate each WPS attribute
+            rigorously. Disabling this add the workaorunds with various APs.
+            Enabling this may cause inter operability issues with some APs.

    config WPA_DEBUG_PRINT
        bool "Print debug messages from WPA Supplicant"
--- a/components/wpa_supplicant/component.mk
+++ b/components/wpa_supplicant/component.mk
@ -31,3 +31,6 @@ CFLAGS += -DCONFIG_SHA256 -DCONFIG_IEEE80211W -DESP_SUPPLICANT -DIEEE8021X_EAPOL
 ifdef CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE
 	CFLAGS += -DCONFIG_WPA3_SAE
 endif
+ifdef CONFIG_WPA_WPS_STRICT
+	CFLAGS += -DCONFIG_WPS_STRICT
+endif
--- a/components/wpa_supplicant/src/esp_supplicant/esp_wps.c
+++ b/components/wpa_supplicant/src/esp_supplicant/esp_wps.c
@ -1327,9 +1327,9 @@ int wps_dev_init(void)
    dev->config_methods = WPS_CONFIG_VIRT_PUSHBUTTON | WPS_CONFIG_PHY_DISPLAY;
    dev->rf_bands = WPS_RF_24GHZ;

-    WPA_PUT_BE16(dev->pri_dev_type, WPS_DEV_COMPUTER);
+    WPA_PUT_BE16(dev->pri_dev_type, WPS_DEV_PHONE);
    WPA_PUT_BE32(dev->pri_dev_type + 2, WPS_DEV_OUI_WFA);
-    WPA_PUT_BE16(dev->pri_dev_type + 6, WPS_DEV_COMPUTER_PC);
+    WPA_PUT_BE16(dev->pri_dev_type + 6, WPS_DEV_PHONE_SINGLE_MODE);

    if (!s_factory_info) {
        ret = wps_set_default_factory();
--- a/components/wpa_supplicant/src/wps/wps_attr_build.c
+++ b/components/wpa_supplicant/src/wps/wps_attr_build.c
@ -20,7 +20,7 @@

 int wps_build_public_key(struct wps_data *wps, struct wpabuf *msg, wps_key_mode_t mode)
 {
-	struct wpabuf *pubkey;
+	struct wpabuf *pubkey = NULL;

 	if (mode != WPS_CALC_KEY_NO_CALC) {

--- a/components/wpa_supplicant/src/wps/wps_attr_parse.c
+++ b/components/wpa_supplicant/src/wps/wps_attr_parse.c
@ -19,7 +19,7 @@
 static int wps_set_vendor_ext_wfa_subelem(struct wps_parse_attr *attr,
 					  u8 id, u8 len, const u8 *pos)
 {
-	wpa_printf(MSG_DEBUG, "WPS: WFA subelement id=%u len=%u",
+	wpa_printf(MSG_MSGDUMP, "WPS: WFA subelement id=%u len=%u",
 		   id, len);
 	switch (id) {
 	case WFA_ELEM_VERSION2:
@ -128,44 +128,9 @@ static int wps_parse_vendor_ext(struct wps_parse_attr *attr, const u8 *pos,
 	return 0;
 }

-static u16 wps_ignore_null_padding_in_attr(const u8 *pos, u16 type, u16 attr_data_len)
-{
-	u16 len = attr_data_len;
-
-	if (len == 0)
-		return 0;
-#ifdef CONFIG_WPA_WPS_WARS
-	/*
-	 * Some AP's keep NULL-padding at the end of some variable length WPS Attributes.
-	 * This is not as par the WPS2.0 specs, but to avoid interop issues, ignore the
-	 * padding by reducing the attribute length by 1.
-	 */
-	switch (type) {
-		case ATTR_MANUFACTURER:
-		case ATTR_MODEL_NAME:
-		case ATTR_MODEL_NUMBER:
-		case ATTR_SERIAL_NUMBER:
-		case ATTR_DEV_NAME:
-		case ATTR_SSID:
-		case ATTR_NETWORK_KEY:
-			if (pos[len - 1] == 0)
-				len--;
-			break;
-		default:
-			break;
-	}
-#endif
-
-	return len;
-}
-
 static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
-			const u8 *pos, u16 attr_data_len)
+			const u8 *pos, u16 len)
 {
-	u16 len;
-
-	len = wps_ignore_null_padding_in_attr(pos, type, attr_data_len);
-
 	switch (type) {
 	case ATTR_VERSION:
 		if (len != 1) {
@ -617,7 +582,7 @@ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr)
 		pos += 2;
 		len = WPA_GET_BE16(pos);
 		pos += 2;
-		wpa_printf(MSG_DEBUG, "WPS: attr type=0x%x len=%u",
+		wpa_printf(MSG_MSGDUMP, "WPS: attr type=0x%x len=%u",
 			   type, len);
 		if (len > end - pos) {
 			wpa_printf(MSG_DEBUG,  "WPS: Attribute overflow");
--- a/components/wpa_supplicant/src/wps/wps_defs.h
+++ b/components/wpa_supplicant/src/wps/wps_defs.h
@ -25,8 +25,6 @@ extern int wps_testing_dummy_cred;

 #endif /* CONFIG_WPS_TESTING */

-#define CONFIG_WPS_STRICT
-
 /* Diffie-Hellman 1536-bit MODP Group; RFC 3526, Group 5 */
 #define WPS_DH_GROUP 5

@ -310,7 +308,8 @@ enum wps_dev_subcateg {
 	WPS_DEV_GAMING_XBOX = 1,
 	WPS_DEV_GAMING_XBOX360 = 2,
 	WPS_DEV_GAMING_PLAYSTATION = 3,
-	WPS_DEV_PHONE_WINDOWS_MOBILE = 1
+	WPS_DEV_PHONE_WINDOWS_MOBILE = 1,
+	WPS_DEV_PHONE_SINGLE_MODE = 2,
 };


--- a/components/wpa_supplicant/src/wps/wps_validate.c
+++ b/components/wpa_supplicant/src/wps/wps_validate.c
@ -12,6 +12,8 @@
 #include "wps/wps.h"


+#ifdef CONFIG_WPS_STRICT
+
 #ifndef WPS_STRICT_ALL
 #define WPS_STRICT_WPS2
 #endif /* WPS_STRICT_ALL */
@ -95,7 +97,6 @@ static int wps_validate_response_type(const u8 *response_type, int mandatory)

 static int valid_config_methods(u16 val, int wps2)
 {
-#ifndef CONFIG_WPA_WPS_WARS
 	if (wps2) {
 		if (!(val & 0x6000) && (val & WPS_CONFIG_DISPLAY)) {
 			wpa_printf(MSG_INFO, "WPS-STRICT: Display flag "
@ -109,7 +110,6 @@ static int valid_config_methods(u16 val, int wps2)
 		}
 	}

-#endif
 	return 1;
 }

@ -2363,3 +2363,4 @@ _out:

 	return ret;
 }
+#endif