Home Esplora Aiuto
Accedi
RT-Thread-packages
/
esp-idf
mirror da https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

esp_wifi: Refactor key install code

Kapil Gupta 4 anni fa
parent
c3c37b95e7
commit
0336584f3e
5 ha cambiato i file con 70 aggiunte e 41 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1 1
      components/esp_wifi/lib
  2. 12 4
      components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
  3. 4 4
      components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c
  4. 49 27
      components/wpa_supplicant/src/rsn_supp/wpa.c
  5. 4 5
      components/wpa_supplicant/src/rsn_supp/wpa_i.h

+ 1 - 1
components/esp_wifi/lib
Vedi File 

@@ -1 +1 @@
 
-Subproject commit ae1371b9a43f2d7e78f10c1f525850a2962df0ba
 
+Subproject commit 428480bbb90442db61fb20fed9980dd035245fe9

+ 12 - 4
components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
Vedi File 

@@ -187,6 +187,16 @@ typedef struct {
 
     uint8_t data[0];
 
 } wifi_mgmt_frm_req_t;
 
 
+enum key_flag {
 
+    KEY_FLAG_MODIFY                 = BIT(0),
 
+    KEY_FLAG_DEFAULT                = BIT(1),
 
+    KEY_FLAG_RX                     = BIT(2),
 
+    KEY_FLAG_TX                     = BIT(3),
 
+    KEY_FLAG_GROUP                  = BIT(4),
 
+    KEY_FLAG_PAIRWISE               = BIT(5),
 
+    KEY_FLAG_PMK                    = BIT(6),
 
+};
 
+
 
 uint8_t *esp_wifi_ap_get_prof_pmk_internal(void);
 
 struct wifi_ssid *esp_wifi_ap_get_prof_ap_ssid_internal(void);
 
 uint8_t esp_wifi_ap_get_prof_authmode_internal(void);
 
@@ -208,15 +218,13 @@ uint16_t esp_wifi_get_spp_attrubute_internal(uint8_t ifx);
 
 bool esp_wifi_sta_is_running_internal(void);
 
 bool esp_wifi_auth_done_internal(void);
 
 int esp_wifi_set_ap_key_internal(int alg, const u8 *addr, int idx, u8 *key, size_t key_len);
 
-int esp_wifi_get_sta_hw_key_idx_internal(int key_idx);
 
 int esp_wifi_set_sta_key_internal(int alg, u8 *addr, int key_idx, int set_tx,
 
-                                  u8 *seq, size_t seq_len, u8 *key, size_t key_len, int key_entry_valid);
 
+                                  u8 *seq, size_t seq_len, u8 *key, size_t key_len, enum key_flag key_flag);
 
 int  esp_wifi_get_sta_key_internal(uint8_t *ifx, int *alg, u8 *addr, int *key_idx,
 
-                                   u8 *key, size_t key_len, int key_entry_valid);
 
+                                   u8 *key, size_t key_len, enum key_flag key_flag);
 
 bool esp_wifi_wpa_ptk_init_done_internal(uint8_t *mac);
 
 uint8_t esp_wifi_sta_set_reset_param_internal(uint8_t reset_flag);
 
 uint8_t esp_wifi_get_sta_gtk_index_internal(void);
 
-void esp_wifi_set_sta_gtk_index_internal(u8 valid, u8 index);
 
 int esp_wifi_register_tx_cb_internal(wifi_tx_cb_t fn, u8 id);
 
 int esp_wifi_register_wpa_cb_internal(struct wpa_funcs *cb);
 
 int esp_wifi_unregister_wpa_cb_internal(void);

+ 4 - 4
components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c
Vedi File 

@@ -30,15 +30,15 @@
 
 #include "esp_common_i.h"
 
 
 void  wpa_install_key(enum wpa_alg alg, u8 *addr, int key_idx, int set_tx,
 
-                      u8 *seq, size_t seq_len, u8 *key, size_t key_len, int key_entry_valid)
 
+                      u8 *seq, size_t seq_len, u8 *key, size_t key_len, enum key_flag key_flag)
 
 {
 
-    esp_wifi_set_sta_key_internal(alg, addr, key_idx, set_tx, seq, seq_len, key, key_len, key_entry_valid);
 
+    esp_wifi_set_sta_key_internal(alg, addr, key_idx, set_tx, seq, seq_len, key, key_len, key_flag);
 
 }
 
 
 int  wpa_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx,
 
-                 u8 *key, size_t key_len, int key_entry_valid)
 
+                 u8 *key, size_t key_len, enum key_flag key_flag)
 
 {
 
-    return esp_wifi_get_sta_key_internal(ifx, alg, addr, key_idx, key, key_len, key_entry_valid);
 
+    return esp_wifi_get_sta_key_internal(ifx, alg, addr, key_idx, key, key_len, key_flag);
 
 }
 
 
 /**

+ 49 - 27
components/wpa_supplicant/src/rsn_supp/wpa.c
Vedi File 

@@ -54,13 +54,13 @@ u8 assoc_ie_buf[ASSOC_IE_LEN+2];
 
 
 void set_assoc_ie(u8 * assoc_buf);
 
 
-int wpa_sm_set_key(struct install_key *sm, enum wpa_alg alg,
 
+static int wpa_sm_set_key(struct install_key *sm, enum wpa_alg alg,
 
         u8 *addr, int key_idx, int set_tx,
 
         u8 *seq, size_t seq_len,
 
         u8 *key, size_t key_len,
 
-        int  key_entry_valid);
 
+        enum key_flag key_flag);
 
 
-int wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size_t key_len, int key_entry_valid);
 
+static int wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size_t key_len, enum key_flag key_flag);
 
 
 void wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len);
 
 
@@ -691,7 +691,7 @@ static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
 
 }
 
 
 
-static int wpa_supplicant_install_ptk(struct wpa_sm *sm)
 
+static int wpa_supplicant_install_ptk(struct wpa_sm *sm, enum key_flag key_flag)
 
 {
 
     int keylen;
 
     enum wpa_alg alg;
 
@@ -706,12 +706,8 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm)
 
                "NONE - do not use pairwise keys");
 
         return 0;
 
     }
 
-    //now only use keyentry 0 for pairwise key
 
-    sm->key_entry_valid = esp_wifi_get_sta_hw_key_idx_internal(0); //KEY_IDX_STA_PTK
 
-
 
-    wpa_hexdump(MSG_DEBUG, "WPA: Pairwise Key", sm->ptk.tk, keylen);
 
     if (wpa_sm_set_key(&(sm->install_ptk), alg, sm->bssid, 0, 1, (sm->install_ptk).seq, WPA_KEY_RSC_LEN,
 
-                       sm->ptk.tk, keylen, sm->key_entry_valid) < 0) {
 
+                       sm->ptk.tk, keylen, KEY_FLAG_PAIRWISE | key_flag) < 0) {
 
         #ifdef DEBUG_PRINT
 
         wpa_printf(MSG_DEBUG, "WPA: Failed to set PTK to the "
 
                "driver (alg=%d keylen=%d bssid=" MACSTR ")",
 
@@ -788,7 +784,6 @@ void   wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
 
 
 }
 
 
-
 
 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
 
                       struct wpa_gtk_data *gd)
 
 {
 
@@ -817,13 +812,11 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
 
         memcpy(gtk_buf + 24, gd->gtk + 24, 8);
 
         _gtk = gtk_buf;
 
     }
 
-    //now only use keycache entry1 for group key
 
-    sm->key_entry_valid = esp_wifi_get_sta_hw_key_idx_internal(gd->keyidx);
 
     if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
 
         if (wpa_sm_set_key(&(sm->install_gtk), gd->alg,
 
                    sm->bssid, //(u8 *) "\xff\xff\xff\xff\xff\xff",
 
                    gd->keyidx, 1, key_rsc, gd->key_rsc_len,
 
-                   _gtk, gd->gtk_len,sm->key_entry_valid) < 0) {
 
+                   _gtk, gd->gtk_len, (KEY_FLAG_GROUP | KEY_FLAG_RX | KEY_FLAG_TX)) < 0) {
 
             wpa_printf(MSG_DEBUG, "WPA: Failed to set "
 
                    "GTK to the driver (Group only).");
 
             return -1;
 
@@ -831,7 +824,7 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
 
     } else if (wpa_sm_set_key(&(sm->install_gtk), gd->alg,
 
                   sm->bssid, //(u8 *) "\xff\xff\xff\xff\xff\xff",
 
                   gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
 
-                  _gtk, gd->gtk_len, sm->key_entry_valid) < 0) {
 
+                  _gtk, gd->gtk_len, KEY_FLAG_GROUP | KEY_FLAG_RX) < 0) {
 
         wpa_printf(MSG_DEBUG, "WPA: Failed to set GTK to "
 
                "the driver (alg=%d keylen=%d keyidx=%d)",
 
                gd->alg, gd->gtk_len, gd->keyidx);
 
@@ -849,8 +842,7 @@ static bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd
 
     u8 ifx;
 
     int alg;
 
     u8 bssid[6];
 
-    int keyidx;
 
-    int hw_keyidx;
 
+    int keyidx = gd->keyidx;
 
 
     #ifdef DEBUG_PRINT
 
     wpa_printf(MSG_DEBUG, "WPA: Judge GTK: (keyidx=%d len=%d).", gd->keyidx, gd->gtk_len);
 
@@ -864,11 +856,10 @@ static bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd
 
         _gtk = gtk_buf;
 
     }
 
 
-    hw_keyidx = esp_wifi_get_sta_hw_key_idx_internal(gd->keyidx);
 
-    if (wpa_sm_get_key(&ifx, &alg, bssid, &keyidx, gtk_get, gd->gtk_len, hw_keyidx - 2) == 0) {
 
+    if (wpa_sm_get_key(&ifx, &alg, bssid, &keyidx, gtk_get, gd->gtk_len, KEY_FLAG_GROUP) == 0) {
 
         if (ifx == 0 && alg == gd->alg && memcmp(bssid, sm->bssid, ETH_ALEN) == 0 &&
 
                 memcmp(_gtk, gtk_get, gd->gtk_len) == 0) {
 
-            wpa_printf(MSG_DEBUG, "GTK %d is already in use in entry %d, it may be an attack, ignore it.", gd->keyidx, hw_keyidx);
 
+            wpa_printf(MSG_DEBUG, "GTK %d is already in use, it may be an attack, ignore it.", gd->keyidx);
 
             return true;
 
         }
 
     }
 
@@ -1236,6 +1227,9 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
 
         goto failed;
 
     }
 
 
+    if (sm->key_install && sm->key_info & WPA_KEY_INFO_INSTALL) {
 
+        wpa_supplicant_install_ptk(sm, KEY_FLAG_RX);
 
+    }
 
     /*after txover, callback will continue run remain task*/
 
     if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
 
                        &sm->ptk)) {
 
@@ -1248,12 +1242,41 @@ failed:
 
     wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
 
 }
 
 
+static int wpa_supplicant_activate_ptk(struct wpa_sm *sm)
 
+{
 
+    int keylen;
 
+    enum wpa_alg alg;
 
+
 
+    alg = wpa_cipher_to_alg(sm->pairwise_cipher);
 
+    keylen = wpa_cipher_key_len(sm->pairwise_cipher);
 
+
 
+    if (alg == WIFI_WPA_ALG_NONE) {
 
+        wpa_printf(MSG_DEBUG, "WPA: Pairwise Cipher Suite: "
 
+               "NONE - do not use pairwise keys");
 
+        return 0;
 
+    }
 
+
 
+    wpa_printf(MSG_DEBUG,
 
+            "WPA: Activate PTK bssid=" MACSTR ")",
 
+            MAC2STR(sm->bssid));
 
+
 
+    if (wpa_sm_set_key(&(sm->install_ptk), alg, sm->bssid, 0, 1, (sm->install_ptk).seq,
 
+                       WPA_KEY_RSC_LEN, sm->ptk.tk, keylen,
 
+                       (KEY_FLAG_MODIFY | KEY_FLAG_PAIRWISE | KEY_FLAG_RX | KEY_FLAG_TX)) < 0) {
 
+            wpa_printf(MSG_WARNING,
 
+                    "WPA: Failed to activate PTK for TX (idx=%d bssid="
 
+                    MACSTR ")", 0, MAC2STR(sm->bssid));
 
+            return -1;
 
+    }
 
+    return 0;
 
+}
 
+
 
 static int wpa_supplicant_send_4_of_4_txcallback(struct wpa_sm *sm)
 
 {
 
        u16 key_info=sm->key_info;
 
 
     if (sm->key_install && key_info & WPA_KEY_INFO_INSTALL) {
 
-        if (wpa_supplicant_install_ptk(sm))
 
+        if (wpa_supplicant_activate_ptk(sm))
 
             goto failed;
 
     }
 
     else if (sm->key_install == false) {
 
@@ -2098,7 +2121,6 @@ bool wpa_sm_init(char * payload, WPA_SEND_FUNC snd_func,
 
     sm->get_ppkey = ppgetkey;
 
     sm->wpa_deauthenticate = wpa_deauth;
 
     sm->wpa_neg_complete = wpa_neg_complete;
 
-    sm->key_entry_valid = 0;
 
     sm->key_install = false;
 
 
     spp_attrubute = esp_wifi_get_spp_attrubute_internal(WIFI_IF_STA);
 
@@ -2293,12 +2315,12 @@ set_assoc_ie(u8 * assoc_buf)
 
     sm->config_assoc_ie(sm->proto, assoc_buf, sm->assoc_wpa_ie_len);
 
 }
 
 
-  int
 
+static int
 
 wpa_sm_set_key(struct install_key *key_sm, enum wpa_alg alg,
 
         u8 *addr, int key_idx, int set_tx,
 
         u8 *seq, size_t seq_len,
 
         u8 *key, size_t key_len,
 
-        int  key_entry_valid)
 
+        enum key_flag key_flag)
 
 {
 
     struct wpa_sm *sm = &gWpaSm;
 
 
@@ -2315,15 +2337,15 @@ wpa_sm_set_key(struct install_key *key_sm, enum wpa_alg alg,
 
     key_sm->set_tx = set_tx;
 
     memcpy(key_sm->key, key, key_len);
 
 
-    sm->install_ppkey(alg, addr, key_idx, set_tx, seq, seq_len, key, key_len, key_entry_valid);
 
+    sm->install_ppkey(alg, addr, key_idx, set_tx, seq, seq_len, key, key_len, key_flag);
 
     return 0;
 
 }
 
 
-  int
 
-wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size_t key_len, int key_entry_valid)
 
+static int
 
+wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size_t key_len, enum key_flag key_flag)
 
 {
 
     struct wpa_sm *sm = &gWpaSm;
 
-    return sm->get_ppkey(ifx, alg, addr, key_idx, key, key_len, key_entry_valid);
 
+    return sm->get_ppkey(ifx, alg, addr, key_idx, key, key_len, key_flag);
 
 }
 
 
 void wpa_supplicant_clr_countermeasures(u16 *pisunicast)

+ 4 - 5
components/wpa_supplicant/src/rsn_supp/wpa_i.h
Vedi File 

@@ -75,14 +75,13 @@ struct wpa_sm {
 
 
     struct install_key install_ptk;
 
     struct install_key install_gtk;
 
-    int  key_entry_valid;   //present current avaliable entry for bssid, for pairkey:0,5,10,15,20, gtk: pairkey_no+i (i:1~4)
 
 
     void (* sendto) (void *buffer, uint16_t len);
 
     void (*config_assoc_ie) (u8 proto, u8 *assoc_buf, u32 assoc_wpa_ie_len);
 
     void (*install_ppkey) (enum wpa_alg alg, u8 *addr, int key_idx, int set_tx,
 
-               u8 *seq, unsigned int seq_len, u8 *key, unsigned int key_len, int key_entry_valid);
 
+               u8 *seq, unsigned int seq_len, u8 *key, unsigned int key_len, enum key_flag key_flag);
 
     int (*get_ppkey) (uint8_t *ifx, int *alg, uint8_t *addr, int *key_idx,
 
-               uint8_t *key, size_t key_len, int key_entry_valid);
 
+               uint8_t *key, size_t key_len, enum key_flag key_flag);
 
     void (*wpa_deauthenticate)(u8 reason_code);
 
     void (*wpa_neg_complete)(void);
 
     struct wpa_gtk_data gd; //used for calllback save param
 
@@ -145,9 +144,9 @@ typedef void (* WPA_SEND_FUNC)(void *buffer, u16 len);
 
 typedef void (* WPA_SET_ASSOC_IE)(u8 proto, u8 *assoc_buf, u32 assoc_wpa_ie_len);
 
 
 typedef void (*WPA_INSTALL_KEY) (enum wpa_alg alg, u8 *addr, int key_idx, int set_tx,
 
-               u8 *seq, size_t seq_len, u8 *key, size_t key_len, int key_entry_valid);
 
+               u8 *seq, size_t seq_len, u8 *key, size_t key_len, enum key_flag key_flag);
 
 
-typedef int (*WPA_GET_KEY) (u8 *ifx, int *alg, u8 *addt, int *keyidx, u8 *key, size_t key_len, int key_entry_valid);
 
+typedef int (*WPA_GET_KEY) (u8 *ifx, int *alg, u8 *addt, int *keyidx, u8 *key, size_t key_len, enum key_flag key_flag);
 
 
 typedef void (*WPA_DEAUTH_FUNC)(u8 reason_code);