From cc3b0d9f490946df906b347a7c19a8f329f0cdec Mon Sep 17 00:00:00 2001 From: aditi_lonkar Date: Mon, 25 Sep 2023 15:10:15 +0530 Subject: [PATCH 1/2] fix(wpa_supplicant): Fix few dpp bugs 1) Fix crash in dpp Listen without bootstrap 2) Fix crash on receiving dpp auth_req from hostapd with dpp akm --- .../wpa_supplicant/esp_supplicant/src/esp_dpp.c | 6 +++++- components/wpa_supplicant/src/common/dpp.c | 17 ++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c index bd43dbdb45..e88353b9a8 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -379,6 +379,10 @@ static void esp_dpp_task(void *pvParameters ) static int counter; int channel; + if (p->num_chan <= 0) { + wpa_printf(MSG_ERROR, "Listen channel not set"); + break; + } channel = p->chan_list[counter++ % p->num_chan]; esp_wifi_remain_on_channel(WIFI_IF_STA, WIFI_ROC_REQ, channel, BOOTSTRAP_ROC_WAIT_TIME, s_action_rx_cb); diff --git a/components/wpa_supplicant/src/common/dpp.c b/components/wpa_supplicant/src/common/dpp.c index a2f075b9f7..9d3507ad3a 100644 --- a/components/wpa_supplicant/src/common/dpp.c +++ b/components/wpa_supplicant/src/common/dpp.c @@ -43,7 +43,7 @@ struct dpp_global { static const struct dpp_curve_params dpp_curves[] = { /* The mandatory to support and the default NIST P-256 curve needs to * be the first entry on this list. */ - { "sec256r1", 32, 32, 16, 32, "P-256", 19, "ES256" }, + { "secp256r1", 32, 32, 16, 32, "P-256", 19, "ES256" }, { "secp384r1", 48, 48, 24, 48, "P-384", 20, "ES384" }, { "secp521r1", 64, 64, 32, 66, "P-521", 21, "ES512" }, { "brainpoolP256r1", 32, 32, 16, 32, "BP-256", 28, "BS256" }, @@ -4669,7 +4669,8 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk, { struct json_token *token; const struct dpp_curve_params *curve; - struct wpabuf *x = NULL, *y = NULL, *a = NULL; + struct wpabuf *x = NULL, *y = NULL; + unsigned char *a = NULL; struct crypto_ec_group *group; struct crypto_key *pkey = NULL; size_t len; @@ -4731,17 +4732,19 @@ static struct crypto_key * dpp_parse_jwk(struct json_token *jwk, goto fail; } - len = wpabuf_len(x); - a = wpabuf_concat(x, y); - pkey = crypto_ec_set_pubkey_point(group, wpabuf_head(a), - len); + len = wpabuf_len(x) + wpabuf_len(y); + a = os_zalloc(len); + os_memcpy(a, wpabuf_head(x), wpabuf_len(x)); + os_memcpy(a + wpabuf_len(x), wpabuf_head(y), wpabuf_len(y)); + pkey = crypto_ec_set_pubkey_point(group, a, len); + crypto_ec_deinit((struct crypto_ec *)group); *key_curve = curve; fail: - wpabuf_free(a); wpabuf_free(x); wpabuf_free(y); + os_free(a); return pkey; } From 143079bfd7c9a9de02c913746148b431d54b199c Mon Sep 17 00:00:00 2001 From: jgujarathi Date: Tue, 3 Oct 2023 13:53:00 +0530 Subject: [PATCH 2/2] fix(wpa_supplicant/dpp): Ensure dpp follows init->bootstrap->listen path - esp_supp_dpp_init : Ensures that the mode is set to station before the API call. - Ensures that dpp follows the path of init(esp_supp_dpp_init) -> bootstrap(esp_supp_dpp_bootstrap_gen) -> listen(esp_supp_dpp_start_listen) by returning errors if any of them is invoked out of order. --- .../esp_supplicant/src/esp_dpp.c | 27 ++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c index e88353b9a8..cd4860fc7f 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c @@ -22,7 +22,7 @@ static void *s_dpp_api_lock = NULL; static bool s_dpp_stop_listening; static int s_dpp_auth_retries; -struct esp_dpp_context_t s_dpp_ctx; +static struct esp_dpp_context_t s_dpp_ctx; static wifi_action_rx_cb_t s_action_rx_cb = esp_supp_rx_action; #define DPP_API_LOCK() os_mutex_lock(s_dpp_api_lock) @@ -522,6 +522,10 @@ esp_err_t esp_supp_dpp_bootstrap_gen(const char *chan_list, enum dpp_bootstrap_type type, const char *key, const char *uri_info) { + if (!s_dpp_ctx.dpp_global) { + wpa_printf(MSG_ERROR, "DPP: failed to bootstrap as dpp not initialized."); + return ESP_FAIL; + } struct dpp_bootstrap_params_t *params = &s_dpp_ctx.bootstrap_params; char *uri_chan_list = esp_dpp_parse_chan_list(chan_list); char *command = os_zalloc(1200); @@ -585,6 +589,11 @@ fail: esp_err_t esp_supp_dpp_start_listen(void) { + if (!s_dpp_ctx.dpp_global || s_dpp_ctx.id < 1) { + wpa_printf(MSG_ERROR, "DPP: failed to start listen as dpp not initialized or bootstrapped."); + return ESP_FAIL; + } + if (esp_wifi_get_user_init_flag_internal() == 0) { wpa_printf(MSG_ERROR, "DPP: ROC not possible before wifi is started"); return ESP_ERR_INVALID_STATE; @@ -602,6 +611,15 @@ void esp_supp_dpp_stop_listen(void) esp_err_t esp_supp_dpp_init(esp_supp_dpp_event_cb_t cb) { + wifi_mode_t mode = 0; + if (esp_wifi_get_mode(&mode) || ((mode != WIFI_MODE_STA) && (mode != WIFI_MODE_APSTA))) { + wpa_printf(MSG_ERROR, "DPP: failed to init as not in station mode."); + return ESP_FAIL; + } + if (s_dpp_ctx.dpp_global) { + wpa_printf(MSG_ERROR, "DPP: failed to init as init already done."); + return ESP_FAIL; + } struct dpp_global_config cfg = {0}; int ret; @@ -651,7 +669,10 @@ void esp_supp_dpp_deinit(void) esp_event_handler_unregister(WIFI_EVENT, WIFI_EVENT_ROC_DONE, &offchan_event_handler); s_dpp_auth_retries = 0; - dpp_global_deinit(s_dpp_ctx.dpp_global); - esp_dpp_post_evt(SIG_DPP_DEL_TASK, 0); + if (s_dpp_ctx.dpp_global) { + dpp_global_deinit(s_dpp_ctx.dpp_global); + s_dpp_ctx.dpp_global = NULL; + esp_dpp_post_evt(SIG_DPP_DEL_TASK, 0); + } } #endif