From 944690a5e777ef20211a43f623117ac8d36421f0 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Thu, 2 Jun 2022 19:06:41 +0530 Subject: [PATCH 1/6] Correct condition for not to use pmk caching --- components/wpa_supplicant/src/rsn_supp/wpa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index be59d8fce7..9a54919d33 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2275,7 +2275,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, if (sm->key_mgmt == WPA_KEY_MGMT_SAE || is_wpa2_enterprise_connection()) { - if (!esp_wifi_skip_supp_pmkcaching() || use_pmk_cache) { + if (!esp_wifi_skip_supp_pmkcaching() && use_pmk_cache) { pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0); wpa_sm_set_pmk_from_pmksa(sm); } else { From 916a4d65242b2bb858d2daa9e399d66fc53962c9 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Thu, 2 Jun 2022 19:08:22 +0530 Subject: [PATCH 2/6] Fix coverity reported issues --- components/wpa_supplicant/src/ap/wpa_auth.c | 1 + components/wpa_supplicant/src/common/sae.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index d5a179c4c6..57af43b250 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -1060,6 +1060,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, os_free(hdr); return; } + os_free(buf); } if (key_info & WPA_KEY_INFO_MIC) { diff --git a/components/wpa_supplicant/src/common/sae.c b/components/wpa_supplicant/src/common/sae.c index af1da9d506..a075592f8b 100644 --- a/components/wpa_supplicant/src/common/sae.c +++ b/components/wpa_supplicant/src/common/sae.c @@ -815,8 +815,10 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k) */ os_memset(null_key, 0, sizeof(null_key)); - hmac_sha256(null_key, sizeof(null_key), k, sae->tmp->prime_len, - keyseed); + if (hmac_sha256(null_key, sizeof(null_key), k, sae->tmp->prime_len, + keyseed) < 0) + goto fail; + wpa_hexdump_key(MSG_DEBUG, "SAE: keyseed", keyseed, sizeof(keyseed)); crypto_bignum_add(sae->tmp->own_commit_scalar, sae->peer_commit_scalar, From 2aa6853d3edf6ea81df590306e9e3a236241fb0b Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Thu, 2 Jun 2022 19:09:24 +0530 Subject: [PATCH 3/6] Remove strcpy/strncpy function callings from supplicant --- components/wpa_supplicant/port/include/os.h | 3 --- components/wpa_supplicant/src/eap_peer/eap.c | 8 ++++---- components/wpa_supplicant/src/eap_peer/eap_peap.c | 4 ++-- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/components/wpa_supplicant/port/include/os.h b/components/wpa_supplicant/port/include/os.h index 765396794b..06c4c176ab 100644 --- a/components/wpa_supplicant/port/include/os.h +++ b/components/wpa_supplicant/port/include/os.h @@ -281,9 +281,6 @@ char * ets_strdup(const char *s); #ifndef os_strncmp #define os_strncmp(s1, s2, n) strncmp((s1), (s2), (n)) #endif -#ifndef os_strncpy -#define os_strncpy(d, s, n) strncpy((d), (s), (n)) -#endif #ifndef os_strrchr #define os_strrchr(s, c) strrchr((s), (c)) #endif diff --git a/components/wpa_supplicant/src/eap_peer/eap.c b/components/wpa_supplicant/src/eap_peer/eap.c index 1d4b5036e5..1b80c191b0 100644 --- a/components/wpa_supplicant/src/eap_peer/eap.c +++ b/components/wpa_supplicant/src/eap_peer/eap.c @@ -661,7 +661,7 @@ int eap_peer_blob_init(struct eap_sm *sm) ret = -2; goto _out; } - os_strncpy(sm->blob[0].name, CLIENT_CERT_NAME, BLOB_NAME_LEN+1); + os_strlcpy(sm->blob[0].name, CLIENT_CERT_NAME, BLOB_NAME_LEN+1); sm->blob[0].len = g_wpa_client_cert_len; sm->blob[0].data = g_wpa_client_cert; } @@ -672,7 +672,7 @@ int eap_peer_blob_init(struct eap_sm *sm) ret = -2; goto _out; } - os_strncpy(sm->blob[1].name, PRIVATE_KEY_NAME, BLOB_NAME_LEN+1); + os_strlcpy(sm->blob[1].name, PRIVATE_KEY_NAME, BLOB_NAME_LEN+1); sm->blob[1].len = g_wpa_private_key_len; sm->blob[1].data = g_wpa_private_key; } @@ -683,7 +683,7 @@ int eap_peer_blob_init(struct eap_sm *sm) ret = -2; goto _out; } - os_strncpy(sm->blob[2].name, CA_CERT_NAME, BLOB_NAME_LEN+1); + os_strlcpy(sm->blob[2].name, CA_CERT_NAME, BLOB_NAME_LEN+1); sm->blob[2].len = g_wpa_ca_cert_len; sm->blob[2].data = g_wpa_ca_cert; } @@ -694,7 +694,7 @@ int eap_peer_blob_init(struct eap_sm *sm) ret = -2; goto _out; } - os_strncpy(sm->blob[3].name, "blob://", 8); + os_strlcpy(sm->blob[3].name, "blob://", 8); sm->blob[3].len = g_wpa_pac_file_len; sm->blob[3].data = g_wpa_pac_file; } diff --git a/components/wpa_supplicant/src/eap_peer/eap_peap.c b/components/wpa_supplicant/src/eap_peer/eap_peap.c index 866dbee118..498fb060a2 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_peap.c +++ b/components/wpa_supplicant/src/eap_peer/eap_peap.c @@ -1115,9 +1115,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv, * label by default, but allow it to be configured with * phase1 parameter peaplabel=1. */ if (data->peap_version > 1 || data->force_new_label) - strcpy(label, "client PEAP encryption"); + os_strlcpy(label, "client PEAP encryption", 24); else - strcpy(label, "client EAP encryption"); + os_strlcpy(label, "client EAP encryption", 24); wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in " "key derivation", label); data->key_data = From e60ebc0cbe8f30a98d4b26089df4e69dbf9832c4 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Thu, 2 Jun 2022 19:10:04 +0530 Subject: [PATCH 4/6] Use snprintf instead of sprintf --- .../esp_supplicant/src/esp_dpp.c | 2 +- .../esp_supplicant/src/esp_wpa2.c | 6 +++-- .../esp_supplicant/src/esp_wps.c | 24 +++++++++---------- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c index 7b8b984632..7be7e328c2 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c @@ -554,7 +554,7 @@ esp_supp_dpp_bootstrap_gen(const char *chan_list, enum dpp_bootstrap_type type, } } - sprintf(command, "type=qrcode mac=" MACSTR "%s%s%s%s%s", + os_snprintf(command, 1200, "type=qrcode mac=" MACSTR "%s%s%s%s%s", MAC2STR(params->mac), uri_chan_list, key ? "key=" : "", key ? key : "", params->info_len ? " info=" : "", diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c index 52bfa3927f..219522f558 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c @@ -1153,12 +1153,14 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config confi { char config_for_supplicant[PHASE1_PARAM_STRING_LEN] = ""; if ((config.fast_provisioning > -1) && (config.fast_provisioning <= 2)) { - os_sprintf((char *) &config_for_supplicant, "fast_provisioning=%d ", config.fast_provisioning); + os_snprintf((char *) &config_for_supplicant, PHASE1_PARAM_STRING_LEN, "fast_provisioning=%d ", config.fast_provisioning); } else { return ESP_ERR_INVALID_ARG; } if (config.fast_max_pac_list_len && config.fast_max_pac_list_len < 100) { - os_sprintf((char *) &config_for_supplicant + strlen(config_for_supplicant), "fast_max_pac_list_len=%d ", config.fast_max_pac_list_len); + os_snprintf((char *) &config_for_supplicant + strlen(config_for_supplicant), + PHASE1_PARAM_STRING_LEN - strlen(config_for_supplicant), + "fast_max_pac_list_len=%d ", config.fast_max_pac_list_len); } else if (config.fast_max_pac_list_len >= 100) { return ESP_ERR_INVALID_ARG; } diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c index 74c8383cb4..ac8faefad6 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c @@ -392,7 +392,7 @@ wps_parse_scan_result(struct wps_scan_ie *scan) wpabuf_free(buf); esp_wifi_enable_sta_privacy_internal(); os_memset(sm->ssid[0], 0, SSID_MAX_LEN); - strncpy((char *)sm->ssid[0], (char *)&scan->ssid[2], (int)scan->ssid[1]); + os_strlcpy((char *)sm->ssid[0], (char *)&scan->ssid[2], (int)scan->ssid[1]); sm->ssid_len[0] = scan->ssid[1]; if (scan->bssid && memcmp(sm->bssid, scan->bssid, ETH_ALEN) != 0) { wpa_printf(MSG_INFO, "sm BSSid: "MACSTR " scan BSSID " MACSTR "\n", @@ -1052,10 +1052,10 @@ int wps_set_default_factory(void) } } - sprintf(s_factory_info->manufacturer, "ESPRESSIF"); - sprintf(s_factory_info->model_name, "ESPRESSIF IOT"); - sprintf(s_factory_info->model_number, "ESP32"); - sprintf(s_factory_info->device_name, "ESP32 STATION"); + os_snprintf(s_factory_info->manufacturer, WPS_MAX_MANUFACTURER_LEN, "ESPRESSIF"); + os_snprintf(s_factory_info->model_name, WPS_MAX_MODEL_NUMBER_LEN, "ESPRESSIF IOT"); + os_snprintf(s_factory_info->model_number, WPS_MAX_MODEL_NAME_LEN, "ESP32"); + os_snprintf(s_factory_info->device_name, WPS_MAX_DEVICE_NAME_LEN, "ESP32 STATION"); return ESP_OK; } @@ -1129,35 +1129,35 @@ int wps_dev_init(void) ret = ESP_FAIL; goto _out; } - sprintf(dev->manufacturer, s_factory_info->manufacturer); + os_snprintf(dev->manufacturer, WPS_MAX_MANUFACTURER_LEN, s_factory_info->manufacturer); dev->model_name = os_zalloc(WPS_MAX_MODEL_NAME_LEN); if (!dev->model_name) { ret = ESP_FAIL; goto _out; } - sprintf(dev->model_name, s_factory_info->model_name); + os_snprintf(dev->model_name, WPS_MAX_MODEL_NAME_LEN, s_factory_info->model_name); dev->model_number = os_zalloc(WPS_MAX_MODEL_NAME_LEN); if (!dev->model_number) { ret = ESP_FAIL; goto _out; } - sprintf(dev->model_number, s_factory_info->model_number); + os_snprintf(dev->model_number, WPS_MAX_MODEL_NAME_LEN, s_factory_info->model_number); dev->device_name = os_zalloc(WPS_MAX_DEVICE_NAME_LEN); if (!dev->device_name) { ret = ESP_FAIL; goto _out; } - sprintf(dev->device_name, s_factory_info->device_name); + os_snprintf(dev->device_name, WPS_MAX_DEVICE_NAME_LEN, s_factory_info->device_name); dev->serial_number = os_zalloc(16); if (!dev->serial_number) { ret = ESP_FAIL; goto _out; } - sprintf(dev->serial_number, "%02x%02x%02x%02x%02x%02x", + os_snprintf(dev->serial_number, 16, "%02x%02x%02x%02x%02x%02x", sm->ownaddr[0], sm->ownaddr[1], sm->ownaddr[2], sm->ownaddr[3], sm->ownaddr[4], sm->ownaddr[5]); @@ -1356,7 +1356,7 @@ int wps_init_cfg_pin(struct wps_config *cfg) if (wps_generate_pin(&spin) < 0) { return -1; } - os_sprintf((char *)cfg->pin, "%08d", spin); + os_snprintf((char *)cfg->pin, 9, "%08d", spin); } return 0; @@ -1553,7 +1553,7 @@ wifi_wps_scan_done(void *arg, STATUS status) esp_wifi_disconnect(); os_memcpy(wifi_config.sta.bssid, sm->bssid, ETH_ALEN); - os_strncpy((char *)wifi_config.sta.ssid, (char *)sm->ssid[0], sm->ssid_len[0]); + os_strlcpy((char *)wifi_config.sta.ssid, (char *)sm->ssid[0], sm->ssid_len[0]); wifi_config.sta.bssid_set = 1; wpa_printf(MSG_INFO, "WPS: connecting to %s, bssid=" MACSTR, (char *)sm->ssid[0], MAC2STR(wifi_config.sta.bssid)); From e9128b3b5b55c52bfc5cddde6951cf992ad95882 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Mon, 6 Jun 2022 11:01:02 +0530 Subject: [PATCH 5/6] wpa_supplicant: Removed ESP32 reference from generic APIs/Code --- .../esp_supplicant/include/esp_wpa.h | 2 +- .../esp_supplicant/include/esp_wpa2.h | 4 ++-- .../esp_supplicant/include/esp_wps.h | 2 +- .../esp_supplicant/src/esp_wps.c | 18 ++++++++++++++++-- 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_wpa.h b/components/wpa_supplicant/esp_supplicant/include/esp_wpa.h index f79f5c55a6..5e232486c5 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_wpa.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_wpa.h @@ -26,7 +26,7 @@ extern "C" { */ /** \defgroup WPA_APIs WPS APIs - * @brief ESP32 Supplicant APIs + * @brief Supplicant APIs * */ diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h b/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h index 8de7e07c63..f5fe1d9c1d 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h @@ -32,7 +32,7 @@ extern "C" { /** * @brief Enable wpa2 enterprise authentication. * - * @attention 1. wpa2 enterprise authentication can only be used when ESP32 station is enabled. + * @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled. * @attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method. * * @return @@ -44,7 +44,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void); /** * @brief Disable wpa2 enterprise authentication. * - * @attention 1. wpa2 enterprise authentication can only be used when ESP32 station is enabled. + * @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled. * @attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method. * * @return diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_wps.h b/components/wpa_supplicant/esp_supplicant/include/esp_wps.h index 3b5af6a031..2437f28bfc 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_wps.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_wps.h @@ -63,7 +63,7 @@ typedef struct { .wps_type = type, \ .factory_info = { \ ESP_COMPILER_DESIGNATED_INIT_AGGREGATE_TYPE_STR(manufacturer, "ESPRESSIF") \ - ESP_COMPILER_DESIGNATED_INIT_AGGREGATE_TYPE_STR(model_number, "ESP32") \ + ESP_COMPILER_DESIGNATED_INIT_AGGREGATE_TYPE_STR(model_number, CONFIG_IDF_TARGET) \ ESP_COMPILER_DESIGNATED_INIT_AGGREGATE_TYPE_STR(model_name, "ESPRESSIF IOT") \ ESP_COMPILER_DESIGNATED_INIT_AGGREGATE_TYPE_STR(device_name, "ESP DEVICE") \ }, \ diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c index ac8faefad6..41ddbf1e33 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c @@ -29,6 +29,20 @@ #include "eap_common/eap_wsc_common.h" #include "esp_wpas_glue.h" +#if CONFIG_IDF_TARGET_ESP32 +const char *wps_model_number = "ESP32"; +#elif CONFIG_IDF_TARGET_ESP32S2 +const char *wps_model_number = "ESP32S2"; +#elif CONFIG_IDF_TARGET_ESP32S3 +const char *wps_model_number = "ESP32S3"; +#elif CONFIG_IDF_TARGET_ESP32C3 +const char *wps_model_number = "ESP32C3"; +#elif CONFIG_IDF_TARGET_ESP32C2 +const char *wps_model_number = "ESP32C2"; +#elif CONFIG_IDF_TARGET_ESP32H2 +const char *wps_model_number = "ESP32H2"; +#endif + void *s_wps_api_lock = NULL; /* Used in WPS public API only, never be freed */ void *s_wps_api_sem = NULL; /* Sync semaphore used between WPS publi API caller task and WPS task */ bool s_wps_enabled = false; @@ -1054,8 +1068,8 @@ int wps_set_default_factory(void) os_snprintf(s_factory_info->manufacturer, WPS_MAX_MANUFACTURER_LEN, "ESPRESSIF"); os_snprintf(s_factory_info->model_name, WPS_MAX_MODEL_NUMBER_LEN, "ESPRESSIF IOT"); - os_snprintf(s_factory_info->model_number, WPS_MAX_MODEL_NAME_LEN, "ESP32"); - os_snprintf(s_factory_info->device_name, WPS_MAX_DEVICE_NAME_LEN, "ESP32 STATION"); + os_snprintf(s_factory_info->model_number, WPS_MAX_MODEL_NAME_LEN, wps_model_number); + os_snprintf(s_factory_info->device_name, WPS_MAX_DEVICE_NAME_LEN, "%s STATION", wps_model_number); return ESP_OK; } From 28a06d07f78c9a3cad443510a0d973f378d1be3c Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Mon, 6 Jun 2022 13:01:25 +0530 Subject: [PATCH 6/6] Corrected hash size for sta_info structure --- components/wpa_supplicant/src/ap/hostapd.h | 4 ++-- components/wpa_supplicant/src/ap/wpa_auth.c | 15 ++------------- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/components/wpa_supplicant/src/ap/hostapd.h b/components/wpa_supplicant/src/ap/hostapd.h index 92192c609f..8708a68c7c 100644 --- a/components/wpa_supplicant/src/ap/hostapd.h +++ b/components/wpa_supplicant/src/ap/hostapd.h @@ -93,8 +93,8 @@ struct hostapd_data { u8 own_addr[ETH_ALEN]; struct sta_info *sta_list; /* STA info list head */ -#define STA_HASH_SIZE 10 -#define STA_HASH(sta) (sta[5] & 0xa) +#define STA_HASH_SIZE 16 +#define STA_HASH(sta) (sta[5] & 0xf) struct sta_info *sta_hash[STA_HASH_SIZE]; int num_sta; /* number of entries in sta_list */ diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index 57af43b250..6c0e902876 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -37,7 +37,6 @@ #define STATE_MACHINE_ADDR sm->addr -static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx); static int wpa_sm_step(struct wpa_state_machine *sm); static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data, size_t data_len); @@ -805,7 +804,7 @@ continue_processing: return; } sm->MICVerified = TRUE; - eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); + eloop_cancel_timeout(resend_eapol_handle, (void*)(sm->index), NULL); sm->pending_1_of_4_timeout = 0; } @@ -916,16 +915,6 @@ static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr, } -static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx) -{ - struct wpa_state_machine *sm = timeout_ctx; - - sm->pending_1_of_4_timeout = 0; - sm->TimeoutEvt = TRUE; - wpa_sm_step(sm); -} - - void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *sm, int key_info, const u8 *key_rsc, const u8 *nonce, @@ -1549,7 +1538,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) #endif /* CONFIG_IEEE80211R_AP */ sm->pending_1_of_4_timeout = 0; - eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); + eloop_cancel_timeout(resend_eapol_handle, (void*)(sm->index), NULL); if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) { /* PSK may have changed from the previous choice, so update