forked from espressif/esp-idf
wpa_supplicant: Add WPS strict in config option
WPS strict disables workarounds with different APs and may cause IOT issues. Remove this as default and introduce as a config option. Also add changes to declare esp device as single band mobile device since WFA sniffer was not able to identify it in the certification setup.
This commit is contained in:
Kapil Gupta
bot
@ -153,5 +153,8 @@ target_compile_definitions(${COMPONENT_LIB} PRIVATE
|
||||
if(CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE)
|
||||
target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_WPA3_SAE)
|
||||
endif()
|
||||
if(CONFIG_WPA_WPS_STRICT)
|
||||
target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_WPS_STRICT)
|
||||
endif()
|
||||
|
||||
set_property(TARGET ${COMPONENT_LIB} APPEND PROPERTY LINK_INTERFACE_MULTIPLICITY 3)
|
||||
|
||||
@ -30,24 +30,13 @@ menu "Supplicant"
|
||||
help
|
||||
Select this to enable unity test for DPP.
|
||||
|
||||
config WPA_WPS_WARS
|
||||
bool "Add WPS Inter operatability Fixes"
|
||||
config WPA_WPS_STRICT
|
||||
bool "Strictly validate all WPS attributes"
|
||||
default n
|
||||
help
|
||||
Select this option to enable WPS related IOT fixes with
|
||||
different APs. This option fixes IOT related issues with
|
||||
APs which do not follow some of the standards of WPS-2.0
|
||||
specification. These do not include any of the security
|
||||
related bypassing, just simple configuration corrections.
|
||||
|
||||
Current fixes under this flag.
|
||||
1. Allow NULL-padded WPS attributes: Some APs keep NULL-padding
|
||||
at the end of some variable length WPS Attributes.
|
||||
This is not as par the WPS2.0 specs, but to avoid interop issues,
|
||||
ignore the padding by reducing the attribute length by 1.
|
||||
2. Bypass WPS-Config method validation: Some APs set display/pbc
|
||||
button bit without setting virtual/phycial display/button bit which
|
||||
will cause M2 validation fail, bypassing WPS-Config method validation.
|
||||
Select this option to enable validate each WPS attribute
|
||||
rigorously. Disabling this add the workaorunds with various APs.
|
||||
Enabling this may cause inter operability issues with some APs.
|
||||
|
||||
menuconfig WPA_11KV_SUPPORT
|
||||
bool "Enable 802.11k, 802.11v APIs handling in supplicant"
|
||||
|
||||
@ -40,3 +40,6 @@ CFLAGS += -DCONFIG_DPP -DCONFIG_IEEE80211W -DESP_SUPPLICANT -DIEEE8021X_EAPOL -D
|
||||
ifdef CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE
|
||||
CFLAGS += -DCONFIG_WPA3_SAE
|
||||
endif
|
||||
ifdef CONFIG_WPA_WPS_STRICT
|
||||
CFLAGS += -DCONFIG_WPS_STRICT
|
||||
endif
|
||||
|
||||
@ -1327,9 +1327,9 @@ int wps_dev_init(void)
|
||||
dev->config_methods = WPS_CONFIG_VIRT_PUSHBUTTON | WPS_CONFIG_PHY_DISPLAY;
|
||||
dev->rf_bands = WPS_RF_24GHZ;
|
||||
|
||||
WPA_PUT_BE16(dev->pri_dev_type, WPS_DEV_COMPUTER);
|
||||
WPA_PUT_BE16(dev->pri_dev_type, WPS_DEV_PHONE);
|
||||
WPA_PUT_BE32(dev->pri_dev_type + 2, WPS_DEV_OUI_WFA);
|
||||
WPA_PUT_BE16(dev->pri_dev_type + 6, WPS_DEV_COMPUTER_PC);
|
||||
WPA_PUT_BE16(dev->pri_dev_type + 6, WPS_DEV_PHONE_SINGLE_MODE);
|
||||
|
||||
if (!s_factory_info) {
|
||||
ret = wps_set_default_factory();
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
|
||||
int wps_build_public_key(struct wps_data *wps, struct wpabuf *msg, wps_key_mode_t mode)
|
||||
{
|
||||
struct wpabuf *pubkey;
|
||||
struct wpabuf *pubkey = NULL;
|
||||
|
||||
if (mode != WPS_CALC_KEY_NO_CALC) {
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
static int wps_set_vendor_ext_wfa_subelem(struct wps_parse_attr *attr,
|
||||
u8 id, u8 len, const u8 *pos)
|
||||
{
|
||||
wpa_printf(MSG_DEBUG, "WPS: WFA subelement id=%u len=%u",
|
||||
wpa_printf(MSG_MSGDUMP, "WPS: WFA subelement id=%u len=%u",
|
||||
id, len);
|
||||
switch (id) {
|
||||
case WFA_ELEM_VERSION2:
|
||||
@ -128,44 +128,9 @@ static int wps_parse_vendor_ext(struct wps_parse_attr *attr, const u8 *pos,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static u16 wps_ignore_null_padding_in_attr(const u8 *pos, u16 type, u16 attr_data_len)
|
||||
{
|
||||
u16 len = attr_data_len;
|
||||
|
||||
if (len == 0)
|
||||
return 0;
|
||||
#ifdef CONFIG_WPA_WPS_WARS
|
||||
/*
|
||||
* Some AP's keep NULL-padding at the end of some variable length WPS Attributes.
|
||||
* This is not as par the WPS2.0 specs, but to avoid interop issues, ignore the
|
||||
* padding by reducing the attribute length by 1.
|
||||
*/
|
||||
switch (type) {
|
||||
case ATTR_MANUFACTURER:
|
||||
case ATTR_MODEL_NAME:
|
||||
case ATTR_MODEL_NUMBER:
|
||||
case ATTR_SERIAL_NUMBER:
|
||||
case ATTR_DEV_NAME:
|
||||
case ATTR_SSID:
|
||||
case ATTR_NETWORK_KEY:
|
||||
if (pos[len - 1] == 0)
|
||||
len--;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
|
||||
return len;
|
||||
}
|
||||
|
||||
static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
|
||||
const u8 *pos, u16 attr_data_len)
|
||||
const u8 *pos, u16 len)
|
||||
{
|
||||
u16 len;
|
||||
|
||||
len = wps_ignore_null_padding_in_attr(pos, type, attr_data_len);
|
||||
|
||||
switch (type) {
|
||||
case ATTR_VERSION:
|
||||
if (len != 1) {
|
||||
@ -617,7 +582,7 @@ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr)
|
||||
pos += 2;
|
||||
len = WPA_GET_BE16(pos);
|
||||
pos += 2;
|
||||
wpa_printf(MSG_DEBUG, "WPS: attr type=0x%x len=%u",
|
||||
wpa_printf(MSG_MSGDUMP, "WPS: attr type=0x%x len=%u",
|
||||
type, len);
|
||||
if (len > end - pos) {
|
||||
wpa_printf(MSG_DEBUG, "WPS: Attribute overflow");
|
||||
|
||||
@ -25,8 +25,6 @@ extern int wps_testing_dummy_cred;
|
||||
|
||||
#endif /* CONFIG_WPS_TESTING */
|
||||
|
||||
#define CONFIG_WPS_STRICT
|
||||
|
||||
/* Diffie-Hellman 1536-bit MODP Group; RFC 3526, Group 5 */
|
||||
#define WPS_DH_GROUP 5
|
||||
|
||||
@ -310,7 +308,8 @@ enum wps_dev_subcateg {
|
||||
WPS_DEV_GAMING_XBOX = 1,
|
||||
WPS_DEV_GAMING_XBOX360 = 2,
|
||||
WPS_DEV_GAMING_PLAYSTATION = 3,
|
||||
WPS_DEV_PHONE_WINDOWS_MOBILE = 1
|
||||
WPS_DEV_PHONE_WINDOWS_MOBILE = 1,
|
||||
WPS_DEV_PHONE_SINGLE_MODE = 2,
|
||||
};
|
||||
|
||||
|
||||
|
||||
@ -12,6 +12,8 @@
|
||||
#include "wps/wps.h"
|
||||
|
||||
|
||||
#ifdef CONFIG_WPS_STRICT
|
||||
|
||||
#ifndef WPS_STRICT_ALL
|
||||
#define WPS_STRICT_WPS2
|
||||
#endif /* WPS_STRICT_ALL */
|
||||
@ -95,7 +97,6 @@ static int wps_validate_response_type(const u8 *response_type, int mandatory)
|
||||
|
||||
static int valid_config_methods(u16 val, int wps2)
|
||||
{
|
||||
#ifndef CONFIG_WPA_WPS_WARS
|
||||
if (wps2) {
|
||||
if (!(val & 0x6000) && (val & WPS_CONFIG_DISPLAY)) {
|
||||
wpa_printf(MSG_INFO, "WPS-STRICT: Display flag "
|
||||
@ -109,7 +110,6 @@ static int valid_config_methods(u16 val, int wps2)
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -2363,3 +2363,4 @@ _out:
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user