From 113a2ceaf7921313e8e25f1e0217b988df992891 Mon Sep 17 00:00:00 2001 From: Shyamal Khachane Date: Thu, 20 Jul 2023 14:07:25 +0530 Subject: [PATCH] fix(wifi): Fix SAE and SAE related NVS issues 1. Discard commit frame received at confirmed state in SAE STA 2. Add nvs values for new config params 3. Bugfix NVS get values for sae pwe 4. Bugfix memory leak caused by assoc retry timer and assoc IE --- components/esp_common/src/esp_err_to_name.c | 3 +++ components/esp_wifi/include/esp_wifi.h | 1 + components/esp_wifi/lib | 2 +- .../wpa_supplicant/src/esp_supplicant/esp_common.c | 9 +++++++++ .../wpa_supplicant/src/esp_supplicant/esp_common_i.h | 1 + .../wpa_supplicant/src/esp_supplicant/esp_wpa3.c | 10 ++++++---- .../wpa_supplicant/src/esp_supplicant/esp_wpa_main.c | 1 + 7 files changed, 22 insertions(+), 5 deletions(-) diff --git a/components/esp_common/src/esp_err_to_name.c b/components/esp_common/src/esp_err_to_name.c index 8cf30cb9b1..7e65e7804b 100644 --- a/components/esp_common/src/esp_err_to_name.c +++ b/components/esp_common/src/esp_err_to_name.c @@ -372,6 +372,9 @@ static const esp_err_msg_t esp_err_msg_table[] = { # endif # ifdef ESP_ERR_WIFI_TX_DISALLOW ERR_TBL_IT(ESP_ERR_WIFI_TX_DISALLOW), /* 12310 0x3016 The WiFi TX is disallowed */ +# endif +# ifdef ESP_ERR_WIFI_DISCARD + ERR_TBL_IT(ESP_ERR_WIFI_DISCARD), /* 12311 0x3017 Discard frame */ # endif // components/wpa_supplicant/include/esp_supplicant/esp_wps.h # ifdef ESP_ERR_WIFI_REGISTRAR diff --git a/components/esp_wifi/include/esp_wifi.h b/components/esp_wifi/include/esp_wifi.h index 67e434c18b..0ec4db4efb 100644 --- a/components/esp_wifi/include/esp_wifi.h +++ b/components/esp_wifi/include/esp_wifi.h @@ -81,6 +81,7 @@ extern "C" { #define ESP_ERR_WIFI_STOP_STATE (ESP_ERR_WIFI_BASE + 20) /*!< Returned when WiFi is stopping */ #define ESP_ERR_WIFI_NOT_ASSOC (ESP_ERR_WIFI_BASE + 21) /*!< The WiFi connection is not associated */ #define ESP_ERR_WIFI_TX_DISALLOW (ESP_ERR_WIFI_BASE + 22) /*!< The WiFi TX is disallowed */ +#define ESP_ERR_WIFI_DISCARD (ESP_ERR_WIFI_BASE + 23) /*!< Discard frame */ /** * @brief WiFi stack configuration parameters passed to esp_wifi_init call. diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index 379d5d23ce..e85140ddb7 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit 379d5d23ce7a55c07504f6797ddc2255cf72e264 +Subproject commit e85140ddb7229b58d372f7165dfb388a9e6d8ffc diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_common.c b/components/wpa_supplicant/src/esp_supplicant/esp_common.c index 72a716a26f..2e0167de0f 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_common.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_common.c @@ -184,6 +184,15 @@ static void register_action_frame(struct wpa_supplicant *wpa_s) } #endif /* defined(CONFIG_WPA_11KV_SUPPORT) */ + +void esp_supplicant_unset_all_appie(void) +{ + uint8_t appie; + for (appie = WIFI_APPIE_PROBEREQ; appie < WIFI_APPIE_RAM_MAX; appie++) { + esp_wifi_unset_appie_internal(appie); + } +} + static int ieee80211_handle_rx_frm(u8 type, u8 *frame, size_t len, u8 *sender, u32 rssi, u8 channel, u64 current_tsf) { diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_common_i.h b/components/wpa_supplicant/src/esp_supplicant/esp_common_i.h index 2f174b631a..bb11dd4542 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_common_i.h +++ b/components/wpa_supplicant/src/esp_supplicant/esp_common_i.h @@ -49,6 +49,7 @@ static inline void esp_set_rm_enabled_ie(void) {} #endif int esp_supplicant_common_init(struct wpa_funcs *wpa_cb); void esp_supplicant_common_deinit(void); +void esp_supplicant_unset_all_appie(void); void esp_set_assoc_ie(uint8_t *bssid, const u8 *ies, size_t ies_len, bool add_mdie); void supplicant_sta_conn_handler(uint8_t* bssid); void supplicant_sta_disconn_handler(void); diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wpa3.c b/components/wpa_supplicant/src/esp_supplicant/esp_wpa3.c index aff38250e1..d1ff943b95 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa3.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa3.c @@ -176,9 +176,8 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status) int ret; if (g_sae_data.state != SAE_COMMITTED) { - wpa_printf(MSG_ERROR, "wpa3: failed to parse SAE commit in state(%d)!", - g_sae_data.state); - return ESP_FAIL; + wpa_printf(MSG_DEBUG, "wpa3: Discarding commit frame received in state %d", g_sae_data.state); + return ESP_ERR_WIFI_DISCARD; } if (status == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ) { @@ -201,7 +200,10 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status) ret = sae_parse_commit(&g_sae_data, buf, len, NULL, 0, g_allowed_groups, status == WLAN_STATUS_SAE_HASH_TO_ELEMENT); - if (ret) { + if (ret == SAE_SILENTLY_DISCARD) { + wpa_printf(MSG_DEBUG, "wpa3: Discarding commit frame due to reflection attack"); + return ESP_ERR_WIFI_DISCARD; + } else if (ret) { wpa_printf(MSG_ERROR, "wpa3: could not parse commit(%d)", ret); return ret; } diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c b/components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c index 9f1a223e4e..70febadf52 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c @@ -279,6 +279,7 @@ int esp_supplicant_init(void) int esp_supplicant_deinit(void) { esp_supplicant_common_deinit(); + esp_supplicant_unset_all_appie(); wpa_cb=NULL; return esp_wifi_unregister_wpa_cb_internal(); }