fix(esp_wifi): Discard commit frame received at confirmed state in SAE

2023-07-17 17:53:45 +05:30
parent 447704bb7f
commit a9e6deb615
4 changed files with 11 additions and 5 deletions
--- a/components/esp_common/src/esp_err_to_name.c
+++ b/components/esp_common/src/esp_err_to_name.c
@@ -410,6 +410,9 @@ static const esp_err_msg_t esp_err_msg_table[] = {
 #   endif
 #   ifdef      ESP_ERR_WIFI_TWT_SETUP_REJECT
    ERR_TBL_IT(ESP_ERR_WIFI_TWT_SETUP_REJECT),                  /* 12314 0x301a The twt setup request was rejected by the AP */
+#   endif
+#   ifdef      ESP_ERR_WIFI_DISCARD
+    ERR_TBL_IT(ESP_ERR_WIFI_DISCARD),                           /* 12315 0x301b Discard frame */
 #   endif
    // components/wpa_supplicant/esp_supplicant/include/esp_wps.h
 #   ifdef      ESP_ERR_WIFI_REGISTRAR
--- a/components/esp_wifi/include/esp_wifi.h
+++ b/components/esp_wifi/include/esp_wifi.h
@@ -87,6 +87,7 @@ extern "C" {
 #define ESP_ERR_WIFI_TWT_SETUP_TIMEOUT (ESP_ERR_WIFI_BASE + 24)  /*!< Timeout of receiving twt setup response frame, timeout times can be set during twt setup */
 #define ESP_ERR_WIFI_TWT_SETUP_TXFAIL  (ESP_ERR_WIFI_BASE + 25)  /*!< TWT setup frame tx failed */
 #define ESP_ERR_WIFI_TWT_SETUP_REJECT  (ESP_ERR_WIFI_BASE + 26)  /*!< The twt setup request was rejected by the AP */
+#define ESP_ERR_WIFI_DISCARD           (ESP_ERR_WIFI_BASE + 27)  /*!< Discard frame */

 /**
 * @brief WiFi stack configuration parameters passed to esp_wifi_init call.
--- a/components/esp_wifi/lib
+++ b/components/esp_wifi/lib
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
@@ -239,9 +239,8 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status)
    int ret;

    if (g_sae_data.state != SAE_COMMITTED) {
-        wpa_printf(MSG_ERROR, "wpa3: failed to parse SAE commit in state(%d)!",
-                   g_sae_data.state);
-        return ESP_FAIL;
+        wpa_printf(MSG_DEBUG, "wpa3: Discarding commit frame received in state %d", g_sae_data.state);
+        return ESP_ERR_WIFI_DISCARD;
    }

    if (status == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ) {
@@ -264,7 +263,10 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status)

    ret = sae_parse_commit(&g_sae_data, buf, len, NULL, 0, g_allowed_groups,
                           (status == WLAN_STATUS_SAE_HASH_TO_ELEMENT || status == WLAN_STATUS_SAE_PK));
-    if (ret) {
+    if (ret == SAE_SILENTLY_DISCARD) {
+        wpa_printf(MSG_DEBUG, "wpa3: Discarding commit frame due to reflection attack");
+        return ESP_ERR_WIFI_DISCARD;
+    } else if (ret) {
        wpa_printf(MSG_ERROR, "wpa3: could not parse commit(%d)", ret);
        return ret;
    }