diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 77c8c14923..ae487c03ad 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -44,7 +44,7 @@ #define WPA_4_4_HANDSHAKE_BIT (1<<13) #define WPA_GROUP_HANDSHAKE_BIT (1<<14) - struct wpa_sm gWpaSm; +struct wpa_sm gWpaSm; /* fix buf for tx for now */ #define WPA_TX_MSG_BUFF_MAXLEN 200 @@ -318,9 +318,11 @@ static void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; key_info = WPA_KEY_INFO_REQUEST | ver; if (sm->ptk_set) + key_info |= WPA_KEY_INFO_SECURE; + if (sm->ptk_set && mic_len) key_info |= WPA_KEY_INFO_MIC; if (error) - key_info |= WPA_KEY_INFO_ERROR|WPA_KEY_INFO_SECURE; + key_info |= WPA_KEY_INFO_ERROR; if (pairwise) key_info |= WPA_KEY_INFO_KEY_TYPE; @@ -2336,9 +2338,9 @@ wpa_sm_set_key(struct install_key *key_sm, enum wpa_alg alg, struct wpa_sm *sm = &gWpaSm; /*gtk or ptk both need check countermeasures*/ - if (alg == WIFI_WPA_ALG_TKIP && key_len == 32) { + if (alg == WIFI_WPA_ALG_TKIP && key_idx == 0 && key_len == 32) { /* Clear the MIC error counter when setting a new PTK. */ - key_sm->mic_errors_seen = 0; + sm->mic_errors_seen = 0; } key_sm->keys_cleared = 0; @@ -2361,9 +2363,8 @@ wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size_t k void wpa_supplicant_clr_countermeasures(u16 *pisunicast) { - struct wpa_sm *sm = &gWpaSm; - (sm->install_ptk).mic_errors_seen=0; - (sm->install_gtk).mic_errors_seen=0; + struct wpa_sm *sm = &gWpaSm; + sm->mic_errors_seen = 0; ets_timer_done(&(sm->cm_timer)); wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures clean\n"); } @@ -2388,22 +2389,20 @@ void wpa_supplicant_stop_countermeasures(u16 *pisunicast) int wpa_michael_mic_failure(u16 isunicast) { - struct wpa_sm *sm = &gWpaSm; - int *pmic_errors_seen=(isunicast)? &((sm->install_ptk).mic_errors_seen) : &((sm->install_gtk).mic_errors_seen); + struct wpa_sm *sm = &gWpaSm; - wpa_printf(MSG_DEBUG, "\nTKIP MIC failure occur\n"); + wpa_printf(MSG_DEBUG, "TKIP MIC failure occur"); - /*both unicast and multicast mic_errors_seen need statistics*/ - if ((sm->install_ptk).mic_errors_seen + (sm->install_gtk).mic_errors_seen) { + if (sm->mic_errors_seen) { /* Send the new MIC error report immediately since we are going * to start countermeasures and AP better do the same. */ wpa_sm_set_state(WPA_TKIP_COUNTERMEASURES); - wpa_sm_key_request(sm, 1, 0); + wpa_sm_key_request(sm, 1, isunicast); /* initialize countermeasures */ sm->countermeasures = 1; - wpa_printf(MSG_DEBUG, "TKIP countermeasures started\n"); + wpa_printf(MSG_DEBUG, "TKIP countermeasures started"); /* * Need to wait for completion of request frame. We do not get @@ -2422,9 +2421,9 @@ int wpa_michael_mic_failure(u16 isunicast) /* TODO: mark the AP rejected for 60 second. STA is * allowed to associate with another AP.. */ } else { - *pmic_errors_seen=(*pmic_errors_seen)+1; + sm->mic_errors_seen++; wpa_sm_set_state(WPA_MIC_FAILURE); - wpa_sm_key_request(sm, 1, 0); + wpa_sm_key_request(sm, 1, isunicast); /*start 60sec counter to monitor whether next mic_failure occur in this period, or clear mic_errors_seen*/ ets_timer_disarm(&(sm->cm_timer)); ets_timer_done(&(sm->cm_timer)); diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_i.h b/components/wpa_supplicant/src/rsn_supp/wpa_i.h index 9fa4527236..f60036dcf0 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa_i.h +++ b/components/wpa_supplicant/src/rsn_supp/wpa_i.h @@ -16,7 +16,6 @@ #define WPA_I_H struct install_key { - int mic_errors_seen; /* Michael MIC errors with the current PTK */ int keys_cleared; enum wpa_alg alg; u8 addr[ETH_ALEN]; @@ -75,6 +74,7 @@ struct wpa_sm { struct install_key install_ptk; struct install_key install_gtk; + int mic_errors_seen; /* Michael MIC errors with the current PTK */ void (* sendto) (void *buffer, uint16_t len); void (*config_assoc_ie) (u8 proto, u8 *assoc_buf, u32 assoc_wpa_ie_len);