feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

fix(esp_wifi): Discard commit frame received at confirmed state in SAE

Browse Source
This commit is contained in:
Shyamal Khachane
2023-07-17 17:53:45 +05:30
parent 447704bb7f
commit a9e6deb615
4 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
components/esp_common/src/esp_err_to_name.c
View File

@@ -410,6 +410,9 @@ static const esp_err_msg_t esp_err_msg_table[] = {
# endif # endif
# ifdef ESP_ERR_WIFI_TWT_SETUP_REJECT # ifdef ESP_ERR_WIFI_TWT_SETUP_REJECT
ERR_TBL_IT(ESP_ERR_WIFI_TWT_SETUP_REJECT), /* 12314 0x301a The twt setup request was rejected by the AP */ ERR_TBL_IT(ESP_ERR_WIFI_TWT_SETUP_REJECT), /* 12314 0x301a The twt setup request was rejected by the AP */
# endif
# ifdef ESP_ERR_WIFI_DISCARD
ERR_TBL_IT(ESP_ERR_WIFI_DISCARD), /* 12315 0x301b Discard frame */
# endif # endif
// components/wpa_supplicant/esp_supplicant/include/esp_wps.h // components/wpa_supplicant/esp_supplicant/include/esp_wps.h
# ifdef ESP_ERR_WIFI_REGISTRAR # ifdef ESP_ERR_WIFI_REGISTRAR

1
components/esp_wifi/include/esp_wifi.h
View File

@@ -87,6 +87,7 @@ extern "C" {
#define ESP_ERR_WIFI_TWT_SETUP_TIMEOUT (ESP_ERR_WIFI_BASE + 24) /*!< Timeout of receiving twt setup response frame, timeout times can be set during twt setup */ #define ESP_ERR_WIFI_TWT_SETUP_TIMEOUT (ESP_ERR_WIFI_BASE + 24) /*!< Timeout of receiving twt setup response frame, timeout times can be set during twt setup */
#define ESP_ERR_WIFI_TWT_SETUP_TXFAIL (ESP_ERR_WIFI_BASE + 25) /*!< TWT setup frame tx failed */ #define ESP_ERR_WIFI_TWT_SETUP_TXFAIL (ESP_ERR_WIFI_BASE + 25) /*!< TWT setup frame tx failed */
#define ESP_ERR_WIFI_TWT_SETUP_REJECT (ESP_ERR_WIFI_BASE + 26) /*!< The twt setup request was rejected by the AP */ #define ESP_ERR_WIFI_TWT_SETUP_REJECT (ESP_ERR_WIFI_BASE + 26) /*!< The twt setup request was rejected by the AP */
#define ESP_ERR_WIFI_DISCARD (ESP_ERR_WIFI_BASE + 27) /*!< Discard frame */
/** /**
* @brief WiFi stack configuration parameters passed to esp_wifi_init call. * @brief WiFi stack configuration parameters passed to esp_wifi_init call.

2
components/esp_wifi/lib

Submodule components/esp_wifi/lib updated: 17154abee3...da0306da9b

10
components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
View File

@@ -239,9 +239,8 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status)
int ret; int ret;
if (g_sae_data.state != SAE_COMMITTED) { if (g_sae_data.state != SAE_COMMITTED) {
wpa_printf(MSG_ERROR, "wpa3: failed to parse SAE commit in state(%d)!", wpa_printf(MSG_DEBUG, "wpa3: Discarding commit frame received in state %d", g_sae_data.state);
g_sae_data.state); return ESP_ERR_WIFI_DISCARD;
return ESP_FAIL;
} }
if (status == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ) { if (status == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ) {
@@ -264,7 +263,10 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status)
ret = sae_parse_commit(&g_sae_data, buf, len, NULL, 0, g_allowed_groups, ret = sae_parse_commit(&g_sae_data, buf, len, NULL, 0, g_allowed_groups,
(status == WLAN_STATUS_SAE_HASH_TO_ELEMENT || status == WLAN_STATUS_SAE_PK)); (status == WLAN_STATUS_SAE_HASH_TO_ELEMENT || status == WLAN_STATUS_SAE_PK));
if (ret) { if (ret == SAE_SILENTLY_DISCARD) {
wpa_printf(MSG_DEBUG, "wpa3: Discarding commit frame due to reflection attack");
return ESP_ERR_WIFI_DISCARD;
} else if (ret) {
wpa_printf(MSG_ERROR, "wpa3: could not parse commit(%d)", ret); wpa_printf(MSG_ERROR, "wpa3: could not parse commit(%d)", ret);
return ret; return ret;
} }