Merge branch 'bugfix/prevent_open_auth_sae' into 'release/v5.0'

Fix SAE open auth and PMK issues (Backport v5.0)

See merge request espressif/esp-idf!21852

components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c

@@ -18,7 +18,7 @@ static struct wpabuf *g_sae_commit = NULL;
 static struct wpabuf *g_sae_confirm = NULL;
 int g_allowed_groups[] = { IANA_SECP256R1, 0 };
 
-static esp_err_t wpa3_build_sae_commit(u8 *bssid)
+static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len)
 {
     int default_group = IANA_SECP256R1;
     u32 len = 0;
@@ -33,6 +33,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid)
 
     if (wpa_sta_cur_pmksa_matches_akm()) {
         wpa_printf(MSG_INFO, "wpa3: Skip SAE and use cached PMK instead");
+        *sae_msg_len = 0;
         return ESP_FAIL;
     }
 
@@ -151,7 +152,7 @@ static u8 *wpa3_build_sae_msg(u8 *bssid, u32 sae_msg_type, size_t *sae_msg_len)
             if (esp_wifi_get_wps_status_internal() != WPS_STATUS_DISABLE) {
                 return NULL;
             }
-            if (ESP_OK != wpa3_build_sae_commit(bssid))
+            if (ESP_OK != wpa3_build_sae_commit(bssid, sae_msg_len))
                 return NULL;
             *sae_msg_len = wpabuf_len(g_sae_commit);
             buf = wpabuf_mhead_u8(g_sae_commit);

components/wpa_supplicant/src/common/defs.h

@@ -126,6 +126,14 @@ static inline int wpa_key_mgmt_cckm(int akm)
 	return akm == WPA_KEY_MGMT_CCKM;
 }
 
+#ifdef ESP_SUPPLICANT
+static inline int wpa_key_mgmt_supports_caching(int akm)
+{
+        return wpa_key_mgmt_wpa_ieee8021x(akm) ||
+		wpa_key_mgmt_sae(akm) ||
+		wpa_key_mgmt_owe(akm);
+}
+#endif
 
 #define WPA_PROTO_WPA BIT(0)
 #define WPA_PROTO_RSN BIT(1)

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -2435,7 +2435,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
 {
     int res = 0;
     struct wpa_sm *sm = &gWpaSm;
-    bool use_pmk_cache = true;
+    bool use_pmk_cache = !esp_wifi_skip_supp_pmkcaching();
     u8 assoc_rsnxe[20];
     size_t assoc_rsnxe_len = sizeof(assoc_rsnxe);
 
@@ -2460,28 +2460,19 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
     sm->use_ext_key_id = (sm->proto == WPA_PROTO_WPA);
     pmksa_cache_clear_current(sm);
 
-    if (sm->key_mgmt == WPA_KEY_MGMT_SAE ||
+    struct rsn_pmksa_cache_entry *pmksa = NULL;
-        sm->key_mgmt == WPA_KEY_MGMT_OWE ||
+    if (use_pmk_cache) {
-        is_wpa2_enterprise_connection()) {
+        pmksa = pmksa_cache_get(sm->pmksa, (const u8 *)bssid, NULL, NULL);
-        if (!esp_wifi_skip_supp_pmkcaching() && use_pmk_cache) {
+        if (pmksa && (pmksa->akmp != sm->key_mgmt)) {
-            if (pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0) == 0) {
+            use_pmk_cache = false;
-                struct rsn_pmksa_cache_entry *pmksa = pmksa_cache_get_current(sm);
+        }
-                if (pmksa && (pmksa->akmp != sm->key_mgmt)) {
+    }
-                    pmksa_cache_clear_current(sm);
+    if (wpa_key_mgmt_supports_caching(sm->key_mgmt) && use_pmk_cache) {
-                    pmksa_cache_flush(sm->pmksa, NULL, pmksa->pmk, pmksa->pmk_len);
+        pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0);
-                }
+        wpa_sm_set_pmk_from_pmksa(sm);
-            } else {
+    } else {
-                wpa_sm_set_pmk_from_pmksa(sm);
+        if (pmksa) {
-            }
+            pmksa_cache_flush(sm->pmksa, NULL, pmksa->pmk, pmksa->pmk_len);
-        } else {
-            struct rsn_pmksa_cache_entry *entry = NULL;
-
-            if (sm->pmksa) {
-                entry = pmksa_cache_get(sm->pmksa, (const u8 *)bssid, NULL, NULL);
-            }
-            if (entry) {
-                pmksa_cache_flush(sm->pmksa, NULL, entry->pmk, entry->pmk_len);
-            }
         }
     }