espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-30 02:37:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

esp_wifi: Ignore unauthenticated encrypted EAPOL-Key data and fix handling of key RSC.

Browse Source 
Closes https://github.com/espressif/esp-idf/issues/8401
This commit is contained in:
Hrudaynath Dhabe
2022-02-10 14:40:01 +05:30
committed by BOT
parent a015532f66
commit 7af06705d3
3 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
components/wpa_supplicant/src/common/wpa_common.c
View File

@ -674,4 +674,14 @@ int wpa_cipher_put_suites(u8 *pos, int ciphers)
return num_suites; return num_suites;
} }
unsigned int wpa_mic_len(int akmp)
{
/* The following code is supposed to be used for 192 bit encryption support only
if (akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
return 24;
*/
return 16;
}
#endif // ESP_SUPPLICANT #endif // ESP_SUPPLICANT

2
components/wpa_supplicant/src/common/wpa_common.h
View File

@ -352,4 +352,6 @@ int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
int rsn_cipher_put_suites(u8 *pos, int ciphers); int rsn_cipher_put_suites(u8 *pos, int ciphers);
unsigned int wpa_mic_len(int akmp);
#endif /* WPA_COMMON_H */ #endif /* WPA_COMMON_H */

18
components/wpa_supplicant/src/rsn_supp/wpa.c
View File

@ -1179,7 +1179,7 @@ int ieee80211w_set_keys(struct wpa_sm *sm,
os_bzero(null_rsc, WPA_KEY_RSC_LEN); os_bzero(null_rsc, WPA_KEY_RSC_LEN);
if (sm->proto == WPA_PROTO_RSN) { if (sm->proto == WPA_PROTO_RSN && isptk) {
key_rsc = null_rsc; key_rsc = null_rsc;
} else { } else {
key_rsc = key->key_rsc; key_rsc = key->key_rsc;
@ -1781,6 +1781,9 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
u16 key_info, ver; u16 key_info, ver;
u8 *tmp; u8 *tmp;
int ret = -1; int ret = -1;
size_t mic_len;
mic_len = wpa_mic_len(sm->key_mgmt);
if (len < sizeof(*hdr) + sizeof(*key)) { if (len < sizeof(*hdr) + sizeof(*key)) {
#ifdef DEBUG_PRINT #ifdef DEBUG_PRINT
@ -1937,7 +1940,18 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
extra_len = WPA_GET_BE16(key->key_data_length); extra_len = WPA_GET_BE16(key->key_data_length);
if (sm->proto == WPA_PROTO_RSN && if (sm->proto == WPA_PROTO_RSN &&
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && mic_len) {
/*
* Only decrypt the Key Data field if the frame's authenticity
* was verified. When using AES-SIV (FILS), the MIC flag is not
* set, so this check should only be performed if mic_len != 0
* which is the case in this code branch.
*/
if (!(key_info & WPA_KEY_INFO_MIC)) {
wpa_printf(MSG_WARNING,
"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
goto out;
}
if (wpa_supplicant_decrypt_key_data(sm, key, ver)) if (wpa_supplicant_decrypt_key_data(sm, key, ver))
goto out; goto out;
extra_len = WPA_GET_BE16(key->key_data_length); extra_len = WPA_GET_BE16(key->key_data_length);