espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-05 13:44:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

wpa_supplicant:Remove redundant DEBUG_PRINT in supplicant

Browse Source
This commit is contained in:
gauri patankar
2023-01-03 12:51:10 +05:30
parent 5c8263a08b
commit 68fb038f43
7 changed files with 1 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
View File

@@ -607,7 +607,7 @@ static int tls_create_mbedtls_handle(struct tls_connection *conn,
#endif #endif
/* Enable debug prints in case supplicant's prints are enabled */ /* Enable debug prints in case supplicant's prints are enabled */
#if defined(DEBUG_PRINT) && defined(CONFIG_MBEDTLS_DEBUG) && defined(ESPRESSIF_USE) #if defined(CONFIG_MBEDTLS_DEBUG) && defined(ESPRESSIF_USE)
mbedtls_esp_enable_debug_log(&tls->conf, 2); mbedtls_esp_enable_debug_log(&tls->conf, 2);
#endif #endif
return 0; return 0;

10
components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c
View File

@@ -521,12 +521,10 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
} }
if (len < sizeof(*hdr) + sizeof(*ehdr)) { if (len < sizeof(*hdr) + sizeof(*ehdr)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA " wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA "
"EAPOL-Key (len %lu, expecting at least %lu)", "EAPOL-Key (len %lu, expecting at least %lu)",
(unsigned long) len, (unsigned long) len,
(unsigned long) sizeof(*hdr) + sizeof(*ehdr)); (unsigned long) sizeof(*hdr) + sizeof(*ehdr));
#endif
return ESP_FAIL; return ESP_FAIL;
} }
@@ -537,27 +535,21 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
plen = be_to_host16(hdr->length); plen = be_to_host16(hdr->length);
data_len = plen + sizeof(*hdr); data_len = plen + sizeof(*hdr);
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d", wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d",
hdr->version, hdr->type, plen); hdr->version, hdr->type, plen);
#endif
if (hdr->version < EAPOL_VERSION) { if (hdr->version < EAPOL_VERSION) {
/* TODO: backwards compatibility */ /* TODO: backwards compatibility */
} }
if (hdr->type != IEEE802_1X_TYPE_EAP_PACKET) { if (hdr->type != IEEE802_1X_TYPE_EAP_PACKET) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA2: EAP frame (type %u) discarded, " wpa_printf(MSG_DEBUG, "WPA2: EAP frame (type %u) discarded, "
"not a EAP PACKET frame", hdr->type); "not a EAP PACKET frame", hdr->type);
#endif
ret = -2; ret = -2;
goto _out; goto _out;
} }
if (plen > len - sizeof(*hdr) || plen < sizeof(*ehdr)) { if (plen > len - sizeof(*hdr) || plen < sizeof(*ehdr)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA2: EAPOL frame payload size %lu " wpa_printf(MSG_DEBUG, "WPA2: EAPOL frame payload size %lu "
"invalid (frame size %lu)", "invalid (frame size %lu)",
(unsigned long) plen, (unsigned long) len); (unsigned long) plen, (unsigned long) len);
#endif
ret = -2; ret = -2;
goto _out; goto _out;
} }
@@ -565,10 +557,8 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
wpa_hexdump(MSG_MSGDUMP, "WPA2: RX EAPOL-EAP PACKET", tmp, len); wpa_hexdump(MSG_MSGDUMP, "WPA2: RX EAPOL-EAP PACKET", tmp, len);
if (data_len < len) { if (data_len < len) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE " wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
"802.1X data\n", (unsigned long) len - data_len); "802.1X data\n", (unsigned long) len - data_len);
#endif
} }
#ifdef EAP_PEER_METHOD #ifdef EAP_PEER_METHOD

12
components/wpa_supplicant/esp_supplicant/src/esp_wps.c
View File

@@ -933,12 +933,10 @@ int wps_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len)
} }
if (len < sizeof(*hdr) + sizeof(*ehdr)) { if (len < sizeof(*hdr) + sizeof(*ehdr)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA " wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA "
"EAPOL-Key (len %lu, expecting at least %lu)", "EAPOL-Key (len %lu, expecting at least %lu)",
(unsigned long) len, (unsigned long) len,
(unsigned long) sizeof(*hdr) + sizeof(*ehdr)); (unsigned long) sizeof(*hdr) + sizeof(*ehdr));
#endif
return ESP_OK; return ESP_OK;
} }
@@ -950,28 +948,22 @@ int wps_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len)
data_len = plen + sizeof(*hdr); data_len = plen + sizeof(*hdr);
eap_len = be_to_host16(ehdr->length); eap_len = be_to_host16(ehdr->length);
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d", wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d",
hdr->version, hdr->type, plen); hdr->version, hdr->type, plen);
#endif
if (hdr->version < EAPOL_VERSION) { if (hdr->version < EAPOL_VERSION) {
/* TODO: backwards compatibility */ /* TODO: backwards compatibility */
} }
if (hdr->type != IEEE802_1X_TYPE_EAP_PACKET) { if (hdr->type != IEEE802_1X_TYPE_EAP_PACKET) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPS: EAP frame (type %u) discarded, " wpa_printf(MSG_DEBUG, "WPS: EAP frame (type %u) discarded, "
"not a EAP PACKET frame", hdr->type); "not a EAP PACKET frame", hdr->type);
#endif
ret = 0; ret = 0;
goto out; goto out;
} }
if (plen > len - sizeof(*hdr) || plen < sizeof(*ehdr)) { if (plen > len - sizeof(*hdr) || plen < sizeof(*ehdr)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %lu " wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %lu "
"invalid (frame size %lu)", "invalid (frame size %lu)",
(unsigned long) plen, (unsigned long) len); (unsigned long) plen, (unsigned long) len);
#endif
ret = 0; ret = 0;
goto out; goto out;
} }
@@ -979,18 +971,14 @@ int wps_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len)
wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-EAP PACKET", tmp, len); wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-EAP PACKET", tmp, len);
if (data_len < len) { if (data_len < len) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE " wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
"802.1X data", (unsigned long) len - data_len); "802.1X data", (unsigned long) len - data_len);
#endif
} }
if (eap_len != plen) { if (eap_len != plen) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL length %lu " wpa_printf(MSG_DEBUG, "WPA: EAPOL length %lu "
"invalid (eapol length %lu)", "invalid (eapol length %lu)",
(unsigned long) eap_len, (unsigned long) plen); (unsigned long) eap_len, (unsigned long) plen);
#endif
ret = 0; ret = 0;
goto out; goto out;
} }

1
components/wpa_supplicant/port/include/supplicant_opt.h
View File

@@ -10,7 +10,6 @@
#include "sdkconfig.h" #include "sdkconfig.h"
#if CONFIG_WPA_DEBUG_PRINT #if CONFIG_WPA_DEBUG_PRINT
#define DEBUG_PRINT
#if defined(CONFIG_LOG_DEFAULT_LEVEL_DEBUG) || defined(CONFIG_LOG_DEFAULT_LEVEL_VERBOSE) #if defined(CONFIG_LOG_DEFAULT_LEVEL_DEBUG) || defined(CONFIG_LOG_DEFAULT_LEVEL_VERBOSE)
#define ELOOP_DEBUG #define ELOOP_DEBUG
#endif #endif

20
components/wpa_supplicant/src/common/wpa_common.c
View File

@@ -416,10 +416,8 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
} }
if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) { if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "%s: ie len too short %lu", wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
__func__, (unsigned long) rsn_ie_len); __func__, (unsigned long) rsn_ie_len);
#endif
return -1; return -1;
} }
@@ -428,10 +426,8 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
if (hdr->elem_id != WLAN_EID_RSN || if (hdr->elem_id != WLAN_EID_RSN ||
hdr->len != rsn_ie_len - 2 || hdr->len != rsn_ie_len - 2 ||
WPA_GET_LE16(hdr->version) != RSN_VERSION) { WPA_GET_LE16(hdr->version) != RSN_VERSION) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version", wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
__func__); __func__);
#endif
return -2; return -2;
} }
@@ -443,10 +439,8 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
pos += RSN_SELECTOR_LEN; pos += RSN_SELECTOR_LEN;
left -= RSN_SELECTOR_LEN; left -= RSN_SELECTOR_LEN;
} else if (left > 0) { } else if (left > 0) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much", wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
__func__, left); __func__, left);
#endif
return -3; return -3;
} }
@@ -456,10 +450,8 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
pos += 2; pos += 2;
left -= 2; left -= 2;
if (count == 0 || left < count * RSN_SELECTOR_LEN) { if (count == 0 || left < count * RSN_SELECTOR_LEN) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), " wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
"count %u left %u", __func__, count, left); "count %u left %u", __func__, count, left);
#endif
return -4; return -4;
} }
for (i = 0; i < count; i++) { for (i = 0; i < count; i++) {
@@ -468,10 +460,8 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
left -= RSN_SELECTOR_LEN; left -= RSN_SELECTOR_LEN;
} }
} else if (left == 1) { } else if (left == 1) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)", wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
__func__); __func__);
#endif
return -5; return -5;
} }
@@ -481,10 +471,8 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
pos += 2; pos += 2;
left -= 2; left -= 2;
if (count == 0 || left < count * RSN_SELECTOR_LEN) { if (count == 0 || left < count * RSN_SELECTOR_LEN) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), " wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
"count %u left %u", __func__, count, left); "count %u left %u", __func__, count, left);
#endif
return -6; return -6;
} }
for (i = 0; i < count; i++) { for (i = 0; i < count; i++) {
@@ -493,10 +481,8 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
left -= RSN_SELECTOR_LEN; left -= RSN_SELECTOR_LEN;
} }
} else if (left == 1) { } else if (left == 1) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)", wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
__func__); __func__);
#endif
return -7; return -7;
} }
@@ -511,12 +497,10 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
pos += 2; pos += 2;
left -= 2; left -= 2;
if (left < (int) data->num_pmkid * PMKID_LEN) { if (left < (int) data->num_pmkid * PMKID_LEN) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "%s: PMKID underflow " wpa_printf(MSG_DEBUG, "%s: PMKID underflow "
"(num_pmkid=%lu left=%d)", "(num_pmkid=%lu left=%d)",
__func__, (unsigned long) data->num_pmkid, __func__, (unsigned long) data->num_pmkid,
left); left);
#endif
data->num_pmkid = 0; data->num_pmkid = 0;
return -9; return -9;
} else { } else {
@@ -540,10 +524,8 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
} }
if (left > 0) { if (left > 0) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored", wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored",
__func__, left); __func__, left);
#endif
} }
return 0; return 0;
@@ -1033,7 +1015,6 @@ int rsn_pmkid_suite_b_192(const u8 *kck, size_t kck_len, const u8 *aa,
} }
#endif /* CONFIG_SUITEB192 */ #endif /* CONFIG_SUITEB192 */
#ifdef DEBUG_PRINT
/** /**
* wpa_cipher_txt - Convert cipher suite to a text string * wpa_cipher_txt - Convert cipher suite to a text string
* @cipher: Cipher suite (WPA_CIPHER_* enum) * @cipher: Cipher suite (WPA_CIPHER_* enum)
@@ -1066,7 +1047,6 @@ const char * wpa_cipher_txt(int cipher)
return "UNKNOWN"; return "UNKNOWN";
} }
} }
#endif
/** /**
* wpa_pmk_to_ptk - Calculate PTK from PMK, addresses, and nonces * wpa_pmk_to_ptk - Calculate PTK from PMK, addresses, and nonces

116
components/wpa_supplicant/src/rsn_supp/wpa.c
View File

@@ -231,27 +231,21 @@ void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
* BSSID from the driver. * BSSID from the driver.
*/ */
if (wpa_sm_get_bssid(sm, sm->bssid) < 0) { if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Failed to read BSSID for " wpa_printf(MSG_DEBUG, "WPA: Failed to read BSSID for "
"EAPOL-Key destination address"); "EAPOL-Key destination address");
#endif
} else { } else {
dest = sm->bssid; dest = sm->bssid;
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Use BSSID (" MACSTR wpa_printf(MSG_DEBUG, "WPA: Use BSSID (" MACSTR
") as the destination for EAPOL-Key", ") as the destination for EAPOL-Key",
MAC2STR(dest)); MAC2STR(dest));
#endif
} }
} }
if (key_mic && if (key_mic &&
wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len, wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len,
key_mic)) { key_mic)) {
#ifdef DEBUG_PRINT
wpa_msg(NULL, MSG_ERROR, wpa_msg(NULL, MSG_ERROR,
"WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC", "WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
ver, sm->key_mgmt); ver, sm->key_mgmt);
#endif
goto out; goto out;
} }
wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len); wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
@@ -538,10 +532,8 @@ int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
u8 *rbuf, *key_mic; u8 *rbuf, *key_mic;
if (wpa_ie == NULL) { if (wpa_ie == NULL) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_ERROR, "WPA: No wpa_ie set - cannot " wpa_printf(MSG_ERROR, "WPA: No wpa_ie set - cannot "
"generate msg 2/4"); "generate msg 2/4");
#endif
return -1; return -1;
} }
@@ -673,10 +665,8 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
if (res == -2) { if (res == -2) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - " wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - "
"requesting full EAP authentication"); "requesting full EAP authentication");
#endif
return; return;
} }
if (res) if (res)
@@ -688,9 +678,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
if (sm->renew_snonce) { if (sm->renew_snonce) {
if (os_get_random(sm->snonce, WPA_NONCE_LEN)) { if (os_get_random(sm->snonce, WPA_NONCE_LEN)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Failed to get random data for SNonce"); wpa_printf(MSG_DEBUG, "WPA: Failed to get random data for SNonce");
#endif
goto failed; goto failed;
} }
@@ -738,9 +726,7 @@ static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
{ {
struct wpa_sm *sm = eloop_ctx; struct wpa_sm *sm = eloop_ctx;
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Request PTK rekeying"); wpa_printf(MSG_DEBUG, "WPA: Request PTK rekeying");
#endif
wpa_sm_key_request(sm, 0, 1); wpa_sm_key_request(sm, 0, 1);
} }
@@ -776,11 +762,9 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, enum key_flag key_flag)
} }
if (wpa_sm_set_key(&(sm->install_ptk), alg, sm->bssid, 0, 1, (sm->install_ptk).seq, WPA_KEY_RSC_LEN, if (wpa_sm_set_key(&(sm->install_ptk), alg, sm->bssid, 0, 1, (sm->install_ptk).seq, WPA_KEY_RSC_LEN,
sm->ptk.tk, keylen, KEY_FLAG_PAIRWISE | key_flag) < 0) { sm->ptk.tk, keylen, KEY_FLAG_PAIRWISE | key_flag) < 0) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Failed to set PTK to the " wpa_printf(MSG_DEBUG, "WPA: Failed to set PTK to the "
"driver (alg=%d keylen=%d bssid=" MACSTR ")", "driver (alg=%d keylen=%d bssid=" MACSTR ")",
alg, keylen, MAC2STR(sm->bssid)); alg, keylen, MAC2STR(sm->bssid));
#endif
return -1; return -1;
} }
@@ -825,12 +809,10 @@ static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
const u8 *addr, int secure) const u8 *addr, int secure)
{ {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Key negotiation completed with " wpa_printf(MSG_DEBUG, "WPA: Key negotiation completed with "
MACSTR " [PTK=%s GTK=%s]\n", MAC2STR(addr), MACSTR " [PTK=%s GTK=%s]\n", MAC2STR(addr),
wpa_cipher_txt(sm->pairwise_cipher), wpa_cipher_txt(sm->pairwise_cipher),
wpa_cipher_txt(sm->group_cipher)); wpa_cipher_txt(sm->group_cipher));
#endif
wpa_sm_cancel_auth_timeout(sm); wpa_sm_cancel_auth_timeout(sm);
wpa_sm_set_state(WPA_COMPLETED); wpa_sm_set_state(WPA_COMPLETED);
@@ -926,9 +908,7 @@ static bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd
u8 bssid[6]; u8 bssid[6];
int keyidx = gd->keyidx; int keyidx = gd->keyidx;
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Judge GTK: (keyidx=%d len=%d).", gd->keyidx, gd->gtk_len); wpa_printf(MSG_DEBUG, "WPA: Judge GTK: (keyidx=%d len=%d).", gd->keyidx, gd->gtk_len);
#endif
if (sm->group_cipher == WPA_CIPHER_TKIP) { if (sm->group_cipher == WPA_CIPHER_TKIP) {
/* Swap Tx/Rx keys for Michael MIC */ /* Swap Tx/Rx keys for Michael MIC */
@@ -958,10 +938,8 @@ int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
* doing Group Key only APs) and without this workaround, the * doing Group Key only APs) and without this workaround, the
* data connection does not work because wpa_supplicant * data connection does not work because wpa_supplicant
* configured non-zero keyidx to be used for unicast. */ * configured non-zero keyidx to be used for unicast. */
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Tx bit set for GTK, but pairwise " wpa_printf(MSG_DEBUG, "WPA: Tx bit set for GTK, but pairwise "
"keys are used - ignore Tx bit"); "keys are used - ignore Tx bit");
#endif
return 0; return 0;
} }
return tx; return tx;
@@ -1000,9 +978,7 @@ int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
gtk_len, gtk_len, gtk_len, gtk_len,
&(gd->key_rsc_len), &(gd->alg))) { &(gd->key_rsc_len), &(gd->alg))) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "RSN: Failed to install GTK"); wpa_printf(MSG_DEBUG, "RSN: Failed to install GTK");
#endif
return -1; return -1;
} }
return 0; return 0;
@@ -1057,20 +1033,16 @@ void wpa_report_ie_mismatch(struct wpa_sm *sm, const u8 *src_addr,
const u8 *rsn_ie, size_t rsn_ie_len) const u8 *rsn_ie, size_t rsn_ie_len)
#endif #endif
{ {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: %s (src=" MACSTR ")", wpa_printf(MSG_DEBUG, "WPA: %s (src=" MACSTR ")",
reason, MAC2STR(src_addr)); reason, MAC2STR(src_addr));
#endif
if (sm->ap_wpa_ie) { if (sm->ap_wpa_ie) {
wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp", wpa_hexdump(MSG_INFO, "WPA: WPA IE in Beacon/ProbeResp",
sm->ap_wpa_ie, sm->ap_wpa_ie_len); sm->ap_wpa_ie, sm->ap_wpa_ie_len);
} }
if (wpa_ie) { if (wpa_ie) {
if (!sm->ap_wpa_ie) { if (!sm->ap_wpa_ie) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: No WPA IE in " wpa_printf(MSG_DEBUG, "WPA: No WPA IE in "
"Beacon/ProbeResp"); "Beacon/ProbeResp");
#endif
} }
wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg", wpa_hexdump(MSG_INFO, "WPA: WPA IE in 3/4 msg",
wpa_ie, wpa_ie_len); wpa_ie, wpa_ie_len);
@@ -1082,10 +1054,8 @@ void wpa_report_ie_mismatch(struct wpa_sm *sm, const u8 *src_addr,
} }
if (rsn_ie) { if (rsn_ie) {
if (!sm->ap_rsn_ie) { if (!sm->ap_rsn_ie) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: No RSN IE in " wpa_printf(MSG_DEBUG, "WPA: No RSN IE in "
"Beacon/ProbeResp"); "Beacon/ProbeResp");
#endif
} }
wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg", wpa_hexdump(MSG_INFO, "WPA: RSN IE in 3/4 msg",
rsn_ie, rsn_ie_len); rsn_ie, rsn_ie_len);
@@ -1291,19 +1261,15 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
goto failed; goto failed;
if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: GTK IE in unencrypted key data"); wpa_printf(MSG_DEBUG, "WPA: GTK IE in unencrypted key data");
#endif
goto failed; goto failed;
} }
wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len); wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", key_data, key_data_len);
if (memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { if (memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: ANonce from message 1 of 4-Way " wpa_printf(MSG_DEBUG, "WPA: ANonce from message 1 of 4-Way "
"Handshake differs from 3 of 4-Way Handshake - drop" "Handshake differs from 3 of 4-Way Handshake - drop"
" packet (src=" MACSTR ")", MAC2STR(sm->bssid)); " packet (src=" MACSTR ")", MAC2STR(sm->bssid));
#endif
goto failed; goto failed;
} }
@@ -1311,21 +1277,17 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
switch (sm->pairwise_cipher) { switch (sm->pairwise_cipher) {
case WPA_CIPHER_CCMP: case WPA_CIPHER_CCMP:
if (keylen != 16) { if (keylen != 16) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Invalid CCMP key length " wpa_printf(MSG_DEBUG, "WPA: Invalid CCMP key length "
"%d (src=" MACSTR ")", "%d (src=" MACSTR ")",
keylen, MAC2STR(sm->bssid)); keylen, MAC2STR(sm->bssid));
#endif
goto failed; goto failed;
} }
break; break;
case WPA_CIPHER_TKIP: case WPA_CIPHER_TKIP:
if (keylen != 32) { if (keylen != 32) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Invalid TKIP key length " wpa_printf(MSG_DEBUG, "WPA: Invalid TKIP key length "
"%d (src=" MACSTR ")", "%d (src=" MACSTR ")",
keylen, MAC2STR(sm->bssid)); keylen, MAC2STR(sm->bssid));
#endif
goto failed; goto failed;
} }
break; break;
@@ -1345,17 +1307,13 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
wpa_sm_set_seq(sm, key, 0); wpa_sm_set_seq(sm, key, 0);
if (wpa_supplicant_pairwise_gtk(sm, if (wpa_supplicant_pairwise_gtk(sm,
ie.gtk, ie.gtk_len, key_info) < 0) { ie.gtk, ie.gtk_len, key_info) < 0) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "RSN: Failed to configure GTK"); wpa_printf(MSG_DEBUG, "RSN: Failed to configure GTK");
#endif
goto failed; goto failed;
} }
} }
if (sm->pmf_cfg.capable && ieee80211w_set_keys(sm, &ie) < 0) { if (sm->pmf_cfg.capable && ieee80211w_set_keys(sm, &ie) < 0) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "RSN: Failed to configure IGTK"); wpa_printf(MSG_DEBUG, "RSN: Failed to configure IGTK");
#endif
goto failed; goto failed;
} }
@@ -1483,15 +1441,11 @@ static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
wpa_supplicant_parse_ies(keydata, keydatalen, &ie); wpa_supplicant_parse_ies(keydata, keydatalen, &ie);
if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: GTK IE in unencrypted key data"); wpa_printf(MSG_DEBUG, "WPA: GTK IE in unencrypted key data");
#endif
return -1; return -1;
} }
if (ie.gtk == NULL) { if (ie.gtk == NULL) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: No GTK IE in Group Key msg 1/2"); wpa_printf(MSG_DEBUG, "WPA: No GTK IE in Group Key msg 1/2");
#endif
return -1; return -1;
} }
maxkeylen = gd->gtk_len = ie.gtk_len - 2; maxkeylen = gd->gtk_len = ie.gtk_len - 2;
@@ -1507,19 +1461,15 @@ static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm, gd->tx = wpa_supplicant_gtk_tx_bit_workaround(sm,
!!(ie.gtk[0] & BIT(2))); !!(ie.gtk[0] & BIT(2)));
if (ie.gtk_len - 2 > sizeof(gd->gtk)) { if (ie.gtk_len - 2 > sizeof(gd->gtk)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "RSN: Too long GTK in GTK IE " wpa_printf(MSG_DEBUG, "RSN: Too long GTK in GTK IE "
"(len=%lu)", (unsigned long) ie.gtk_len - 2); "(len=%lu)", (unsigned long) ie.gtk_len - 2);
#endif
return -1; return -1;
} }
memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2); memcpy(gd->gtk, ie.gtk + 2, ie.gtk_len - 2);
if (ieee80211w_set_keys(sm, &ie) < 0) if (ieee80211w_set_keys(sm, &ie) < 0)
{ {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "RSN: Failed to configure IGTK"); wpa_printf(MSG_DEBUG, "RSN: Failed to configure IGTK");
#endif
} }
return 0; return 0;
} }
@@ -1537,10 +1487,8 @@ static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
maxkeylen = key_data_len; maxkeylen = key_data_len;
if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
if (maxkeylen < 8) { if (maxkeylen < 8) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Too short maxkeylen (%lu)", wpa_printf(MSG_DEBUG, "WPA: Too short maxkeylen (%lu)",
(unsigned long) maxkeylen); (unsigned long) maxkeylen);
#endif
return -1; return -1;
} }
maxkeylen -= 8; maxkeylen -= 8;
@@ -1557,50 +1505,38 @@ static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
os_memcpy(ek, key->key_iv, 16); os_memcpy(ek, key->key_iv, 16);
os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
if (key_data_len > sizeof(gd->gtk)) { if (key_data_len > sizeof(gd->gtk)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: RC4 key data " wpa_printf(MSG_DEBUG, "WPA: RC4 key data "
"too long (%lu)", "too long (%lu)",
(unsigned long) key_data_len); (unsigned long) key_data_len);
#endif
return -1; return -1;
} }
os_memcpy(gd->gtk, key_data, key_data_len); os_memcpy(gd->gtk, key_data, key_data_len);
if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) { if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: RC4 failed"); wpa_printf(MSG_DEBUG, "WPA: RC4 failed");
#endif
return -1; return -1;
} }
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
if (maxkeylen % 8) { if (maxkeylen % 8) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"WPA: Unsupported AES-WRAP len %lu", "WPA: Unsupported AES-WRAP len %lu",
(unsigned long) maxkeylen); (unsigned long) maxkeylen);
#endif
return -1; return -1;
} }
if (maxkeylen > sizeof(gd->gtk)) { if (maxkeylen > sizeof(gd->gtk)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: AES-WRAP key data " wpa_printf(MSG_DEBUG, "WPA: AES-WRAP key data "
"too long (keydatalen=%lu maxkeylen=%lu)", "too long (keydatalen=%lu maxkeylen=%lu)",
(unsigned long) key_data_len, (unsigned long) key_data_len,
(unsigned long) maxkeylen); (unsigned long) maxkeylen);
#endif
return -1; return -1;
} }
if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, key_data, gd->gtk)) { if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, maxkeylen / 8, key_data, gd->gtk)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: AES unwrap " wpa_printf(MSG_DEBUG, "WPA: AES unwrap "
"failed - could not decrypt GTK"); "failed - could not decrypt GTK");
#endif
return -1; return -1;
} }
} else { } else {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Unsupported key_info type %d", wpa_printf(MSG_DEBUG, "WPA: Unsupported key_info type %d",
ver); ver);
#endif
return -1; return -1;
} }
gd->tx = wpa_supplicant_gtk_tx_bit_workaround( gd->tx = wpa_supplicant_gtk_tx_bit_workaround(
@@ -1735,10 +1671,8 @@ static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt, wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
ver, buf, len, key->key_mic); ver, buf, len, key->key_mic);
if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Invalid EAPOL-Key MIC " wpa_printf(MSG_DEBUG, "WPA: Invalid EAPOL-Key MIC "
"when using TPTK - ignoring TPTK"); "when using TPTK - ignoring TPTK");
#endif
} else { } else {
ok = 1; ok = 1;
sm->tptk_set = 0; sm->tptk_set = 0;
@@ -1752,20 +1686,16 @@ static int wpa_supplicant_verify_eapol_key_mic(struct wpa_sm *sm,
wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt, wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
ver, buf, len, key->key_mic); ver, buf, len, key->key_mic);
if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) { if (os_memcmp_const(mic, key->key_mic, mic_len) != 0) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Invalid EAPOL-Key MIC " wpa_printf(MSG_DEBUG, "WPA: Invalid EAPOL-Key MIC "
"- dropping packet"); "- dropping packet");
#endif
return -1; return -1;
} }
ok = 1; ok = 1;
} }
if (!ok) { if (!ok) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Could not verify EAPOL-Key MIC " wpa_printf(MSG_DEBUG, "WPA: Could not verify EAPOL-Key MIC "
"- dropping packet"); "- dropping packet");
#endif
return -1; return -1;
} }
@@ -1787,10 +1717,8 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data", wpa_hexdump(MSG_DEBUG, "RSN: encrypted key data",
key_data, *key_data_len); key_data, *key_data_len);
if (!sm->ptk_set) { if (!sm->ptk_set) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: PTK not available, " wpa_printf(MSG_DEBUG, "WPA: PTK not available, "
"cannot decrypt EAPOL-Key key data."); "cannot decrypt EAPOL-Key key data.");
#endif
return -1; return -1;
} }
@@ -1801,9 +1729,7 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
os_memcpy(ek, key->key_iv, 16); os_memcpy(ek, key->key_iv, 16);
os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len); os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) { if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: RC4 failed"); wpa_printf(MSG_DEBUG, "WPA: RC4 failed");
#endif
return -1; return -1;
} }
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES || } else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
@@ -1814,10 +1740,8 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
sm->key_mgmt == WPA_KEY_MGMT_OWE) { sm->key_mgmt == WPA_KEY_MGMT_OWE) {
u8 *buf; u8 *buf;
if (*key_data_len < 8 || *key_data_len % 8) { if (*key_data_len < 8 || *key_data_len % 8) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Unsupported " wpa_printf(MSG_DEBUG, "WPA: Unsupported "
"AES-WRAP len %u", (unsigned int) *key_data_len); "AES-WRAP len %u", (unsigned int) *key_data_len);
#endif
return -1; return -1;
} }
@@ -1827,28 +1751,22 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
/* /*
buf = os_wifi_malloc(keydatalen); buf = os_wifi_malloc(keydatalen);
if (buf == NULL) { if (buf == NULL) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: No memory for " wpa_printf(MSG_DEBUG, "WPA: No memory for "
"AES-UNWRAP buffer"); "AES-UNWRAP buffer");
#endif
return -1; return -1;
} }
*/ */
if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8, if (aes_unwrap(sm->ptk.kek, sm->ptk.kek_len, *key_data_len / 8,
key_data, buf)) { key_data, buf)) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: AES unwrap failed - " wpa_printf(MSG_DEBUG, "WPA: AES unwrap failed - "
"could not decrypt EAPOL-Key key data"); "could not decrypt EAPOL-Key key data");
#endif
return -1; return -1;
} }
os_memcpy(key_data, buf, *key_data_len); os_memcpy(key_data, buf, *key_data_len);
WPA_PUT_BE16(key->key_data_length, *key_data_len); WPA_PUT_BE16(key->key_data_length, *key_data_len);
} else { } else {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Unsupported key_info type %d", wpa_printf(MSG_DEBUG, "WPA: Unsupported key_info type %d",
ver); ver);
#endif
return -1; return -1;
} }
wpa_hexdump(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data", wpa_hexdump(MSG_DEBUG, "WPA: decrypted EAPOL-Key key data",
@@ -1863,7 +1781,6 @@ static void wpa_eapol_key_dump(struct wpa_sm *sm,
const u8 *mic, unsigned int mic_len) const u8 *mic, unsigned int mic_len)
{ {
#ifdef DEBUG_PRINT #ifdef DEBUG_PRINT
u16 key_info = WPA_GET_BE16(key->key_info); u16 key_info = WPA_GET_BE16(key->key_info);
wpa_printf(MSG_DEBUG, " EAPOL-Key type=%d", key->type); wpa_printf(MSG_DEBUG, " EAPOL-Key type=%d", key->type);
@@ -1890,7 +1807,6 @@ static void wpa_eapol_key_dump(struct wpa_sm *sm,
wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8); wpa_hexdump(MSG_DEBUG, " key_rsc", key->key_rsc, 8);
wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8); wpa_hexdump(MSG_DEBUG, " key_id (reserved)", key->key_id, 8);
wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len); wpa_hexdump(MSG_DEBUG, " key_mic", mic, mic_len);
#endif #endif
} }
@@ -1928,12 +1844,10 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key); keyhdrlen = mic_len == 24 ? sizeof(*key192) : sizeof(*key);
if (len < sizeof(*hdr) + keyhdrlen) { if (len < sizeof(*hdr) + keyhdrlen) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA " wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA "
"EAPOL-Key (len %lu, expecting at least %lu)", "EAPOL-Key (len %lu, expecting at least %lu)",
(unsigned long) len, (unsigned long) len,
(unsigned long) sizeof(*hdr) + sizeof(*key)); (unsigned long) sizeof(*hdr) + sizeof(*key));
#endif
return 0; return 0;
} }
@@ -1951,37 +1865,29 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
plen = be_to_host16(hdr->length); plen = be_to_host16(hdr->length);
data_len = plen + sizeof(*hdr); data_len = plen + sizeof(*hdr);
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d", wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d",
hdr->version, hdr->type, plen); hdr->version, hdr->type, plen);
#endif
if (hdr->version < EAPOL_VERSION) { if (hdr->version < EAPOL_VERSION) {
/* TODO: backwards compatibility */ /* TODO: backwards compatibility */
} }
if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL frame (type %u) discarded, " wpa_printf(MSG_DEBUG, "WPA: EAPOL frame (type %u) discarded, "
"not a Key frame", hdr->type); "not a Key frame", hdr->type);
#endif
ret = 0; ret = 0;
goto out; goto out;
} }
if (plen > len - sizeof(*hdr) || plen < keyhdrlen) { if (plen > len - sizeof(*hdr) || plen < keyhdrlen) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %lu " wpa_printf(MSG_DEBUG, "WPA: EAPOL frame payload size %lu "
"invalid (frame size %lu)", "invalid (frame size %lu)",
(unsigned long) plen, (unsigned long) len); (unsigned long) plen, (unsigned long) len);
#endif
ret = 0; ret = 0;
goto out; goto out;
} }
if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) { if (key->type != EAPOL_KEY_TYPE_WPA && key->type != EAPOL_KEY_TYPE_RSN) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key type (%d) unknown, " wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key type (%d) unknown, "
"discarded", key->type); "discarded", key->type);
#endif
ret = 0; ret = 0;
goto out; goto out;
} }
@@ -1989,10 +1895,8 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len); wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len);
if (data_len < len) { if (data_len < len) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE " wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
"802.1X data", (unsigned long) len - data_len); "802.1X data", (unsigned long) len - data_len);
#endif
} }
key_info = WPA_GET_BE16(key->key_info); key_info = WPA_GET_BE16(key->key_info);
ver = key_info & WPA_KEY_INFO_TYPE_MASK; ver = key_info & WPA_KEY_INFO_TYPE_MASK;
@@ -2009,10 +1913,8 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
#endif /* CONFIG_OWE_STA */ #endif /* CONFIG_OWE_STA */
#endif #endif
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Unsupported EAPOL-Key descriptor " wpa_printf(MSG_DEBUG, "WPA: Unsupported EAPOL-Key descriptor "
"version %d.", ver); "version %d.", ver);
#endif
goto out; goto out;
} }
if (wpa_key_mgmt_suite_b(sm->key_mgmt) && if (wpa_key_mgmt_suite_b(sm->key_mgmt) &&
@@ -2040,21 +1942,17 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
sm->key_mgmt != WPA_KEY_MGMT_SAE && sm->key_mgmt != WPA_KEY_MGMT_SAE &&
sm->key_mgmt != WPA_KEY_MGMT_OWE) { sm->key_mgmt != WPA_KEY_MGMT_OWE) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: CCMP is used, but EAPOL-Key " wpa_printf(MSG_DEBUG, "WPA: CCMP is used, but EAPOL-Key "
"descriptor version (%d) is not 2.", ver); "descriptor version (%d) is not 2.", ver);
#endif
if (sm->group_cipher != WPA_CIPHER_CCMP && if (sm->group_cipher != WPA_CIPHER_CCMP &&
!(key_info & WPA_KEY_INFO_KEY_TYPE)) { !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
/* Earlier versions of IEEE 802.11i did not explicitly /* Earlier versions of IEEE 802.11i did not explicitly
* require version 2 descriptor for all EAPOL-Key * require version 2 descriptor for all EAPOL-Key
* packets, so allow group keys to use version 1 if * packets, so allow group keys to use version 1 if
* CCMP is not used for them. */ * CCMP is not used for them. */
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Backwards compatibility: " wpa_printf(MSG_DEBUG, "WPA: Backwards compatibility: "
"allow invalid version for non-CCMP group " "allow invalid version for non-CCMP group "
"keys"); "keys");
#endif
} else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) { } else if (ver == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used"); "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used");
@@ -2076,24 +1974,18 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
if (sm->rx_replay_counter_set && if (sm->rx_replay_counter_set &&
os_memcmp(key->replay_counter, sm->rx_replay_counter, os_memcmp(key->replay_counter, sm->rx_replay_counter,
WPA_REPLAY_COUNTER_LEN) <= 0) { WPA_REPLAY_COUNTER_LEN) <= 0) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Replay Counter did not" wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Replay Counter did not"
" increase - dropping packet"); " increase - dropping packet");
#endif
goto out; goto out;
} }
if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))) { if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: No Ack bit in key_info"); wpa_printf(MSG_DEBUG, "WPA: No Ack bit in key_info");
#endif
goto out; goto out;
} }
if (key_info & WPA_KEY_INFO_REQUEST) { if (key_info & WPA_KEY_INFO_REQUEST) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key with Request bit - dropped"); wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key with Request bit - dropped");
#endif
goto out; goto out;
} }
@@ -2111,12 +2003,10 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
if (key_data_len > plen - keyhdrlen) { if (key_data_len > plen - keyhdrlen) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Invalid EAPOL-Key " wpa_printf(MSG_DEBUG, "WPA: Invalid EAPOL-Key "
"frame - key_data overflow (%d > %u)", "frame - key_data overflow (%d > %u)",
(unsigned int) key_data_len, (unsigned int) key_data_len,
(unsigned int) (plen - keyhdrlen)); (unsigned int) (plen - keyhdrlen));
#endif
goto out; goto out;
} }
@@ -2140,10 +2030,8 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
if (key_info & WPA_KEY_INFO_KEY_TYPE) { if (key_info & WPA_KEY_INFO_KEY_TYPE) {
if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) { if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: Ignored EAPOL-Key " wpa_printf(MSG_DEBUG, "WPA: Ignored EAPOL-Key "
"(Pairwise) with non-zero key index"); "(Pairwise) with non-zero key index");
#endif
goto out; goto out;
} }
@@ -2155,9 +2043,7 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
/* 1/4 4-Way Handshake */ /* 1/4 4-Way Handshake */
sm->eapol1_count++; sm->eapol1_count++;
if (sm->eapol1_count > MAX_EAPOL_RETRIES) { if (sm->eapol1_count > MAX_EAPOL_RETRIES) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_INFO, "EAPOL1 received for %d times, sending deauth", sm->eapol1_count); wpa_printf(MSG_INFO, "EAPOL1 received for %d times, sending deauth", sm->eapol1_count);
#endif
esp_wifi_internal_issue_disconnect(WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT); esp_wifi_internal_issue_disconnect(WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT);
goto out; goto out;
} }
@@ -2172,10 +2058,8 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
key_data, key_data_len, key_data, key_data_len,
ver); ver);
} else { } else {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key (Group) " wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key (Group) "
"without Mic bit - dropped"); "without Mic bit - dropped");
#endif
} }
} }

2
components/wpa_supplicant/src/rsn_supp/wpa_ie.c
View File

@@ -417,11 +417,9 @@ int wpa_supplicant_parse_ies(const u8 *buf, size_t len,
break; break;
} }
if (pos + 2 + pos[1] > end) { if (pos + 2 + pos[1] > end) {
#ifdef DEBUG_PRINT
wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data " wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
"underflow (ie=%d len=%d pos=%d)", "underflow (ie=%d len=%d pos=%d)",
pos[0], pos[1], (int) (pos - buf)); pos[0], pos[1], (int) (pos - buf));
#endif
wpa_hexdump(MSG_DEBUG, "WPA: Key Data", wpa_hexdump(MSG_DEBUG, "WPA: Key Data",
buf, len); buf, len);
ret = -1; ret = -1;