Merge branch 'bugfix/wps_wfa_cert_fixes' into 'master'

wpa_supplicant: Add WPS strict in config option

Closes WIFI-3624 and WIFI-3842

See merge request espressif/esp-idf!13545

components/wpa_supplicant/CMakeLists.txt

@@ -183,5 +183,8 @@ target_compile_definitions(${COMPONENT_LIB} PRIVATE
 if(CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE)
     target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_WPA3_SAE)
 endif()
+if(CONFIG_WPA_WPS_STRICT)
+    target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_WPS_STRICT)
+endif()
 
 set_property(TARGET ${COMPONENT_LIB} APPEND PROPERTY LINK_INTERFACE_MULTIPLICITY 3)

components/wpa_supplicant/Kconfig

@@ -35,24 +35,13 @@ menu "Supplicant"
         help
             Select this to enable unity test for DPP.
 
-    config WPA_WPS_WARS
-        bool "Add WPS Inter operatability Fixes"
+    config WPA_WPS_STRICT
+        bool "Strictly validate all WPS attributes"
         default n
         help
-            Select this option to enable WPS related IOT fixes with
-            different APs. This option fixes IOT related issues with
-            APs which do not follow some of the standards of WPS-2.0
-            specification. These do not include any of the security
-            related bypassing, just simple configuration corrections.
-
-            Current fixes under this flag.
-            1. Allow NULL-padded WPS attributes: Some APs keep NULL-padding
-            at the end of some variable length WPS Attributes.
-            This is not as par the WPS2.0 specs, but to avoid interop issues,
-            ignore the padding by reducing the attribute length by 1.
-            2. Bypass WPS-Config method validation: Some APs set display/pbc
-            button bit without setting virtual/phycial display/button bit which
-            will cause M2 validation fail, bypassing WPS-Config method validation.
+            Select this option to enable validate each WPS attribute
+            rigorously. Disabling this add the workaorunds with various APs.
+            Enabling this may cause inter operability issues with some APs.
 
     menuconfig WPA_11KV_SUPPORT
         bool "Enable 802.11k, 802.11v APIs handling in supplicant"

components/wpa_supplicant/component.mk

@@ -76,3 +76,6 @@ CFLAGS += -DCONFIG_DPP -DCONFIG_IEEE80211W -DESP_SUPPLICANT -DIEEE8021X_EAPOL -D
 ifdef CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE
 	CFLAGS += -DCONFIG_WPA3_SAE
 endif
+ifdef CONFIG_WPA_WPS_STRICT
+	CFLAGS += -DCONFIG_WPS_STRICT
+endif

components/wpa_supplicant/src/esp_supplicant/esp_wps.c

@@ -1327,9 +1327,9 @@ int wps_dev_init(void)
     dev->config_methods = WPS_CONFIG_VIRT_PUSHBUTTON | WPS_CONFIG_PHY_DISPLAY;
     dev->rf_bands = WPS_RF_24GHZ;
 
-    WPA_PUT_BE16(dev->pri_dev_type, WPS_DEV_COMPUTER);
+    WPA_PUT_BE16(dev->pri_dev_type, WPS_DEV_PHONE);
     WPA_PUT_BE32(dev->pri_dev_type + 2, WPS_DEV_OUI_WFA);
-    WPA_PUT_BE16(dev->pri_dev_type + 6, WPS_DEV_COMPUTER_PC);
+    WPA_PUT_BE16(dev->pri_dev_type + 6, WPS_DEV_PHONE_SINGLE_MODE);
 
     if (!s_factory_info) {
         ret = wps_set_default_factory();

components/wpa_supplicant/src/wps/wps_attr_build.c

@@ -20,7 +20,7 @@
 
 int wps_build_public_key(struct wps_data *wps, struct wpabuf *msg, wps_key_mode_t mode)
 {
-	struct wpabuf *pubkey;
+	struct wpabuf *pubkey = NULL;
 
 	if (mode != WPS_CALC_KEY_NO_CALC) {
 

components/wpa_supplicant/src/wps/wps_attr_parse.c

@@ -19,7 +19,7 @@
 static int wps_set_vendor_ext_wfa_subelem(struct wps_parse_attr *attr,
 					  u8 id, u8 len, const u8 *pos)
 {
-	wpa_printf(MSG_DEBUG, "WPS: WFA subelement id=%u len=%u",
+	wpa_printf(MSG_MSGDUMP, "WPS: WFA subelement id=%u len=%u",
 		   id, len);
 	switch (id) {
 	case WFA_ELEM_VERSION2:
@@ -128,44 +128,9 @@ static int wps_parse_vendor_ext(struct wps_parse_attr *attr, const u8 *pos,
 	return 0;
 }
 
-static u16 wps_ignore_null_padding_in_attr(const u8 *pos, u16 type, u16 attr_data_len)
-{
-	u16 len = attr_data_len;
-
-	if (len == 0)
-		return 0;
-#ifdef CONFIG_WPA_WPS_WARS
-	/*
-	 * Some AP's keep NULL-padding at the end of some variable length WPS Attributes.
-	 * This is not as par the WPS2.0 specs, but to avoid interop issues, ignore the
-	 * padding by reducing the attribute length by 1.
-	 */
-	switch (type) {
-		case ATTR_MANUFACTURER:
-		case ATTR_MODEL_NAME:
-		case ATTR_MODEL_NUMBER:
-		case ATTR_SERIAL_NUMBER:
-		case ATTR_DEV_NAME:
-		case ATTR_SSID:
-		case ATTR_NETWORK_KEY:
-			if (pos[len - 1] == 0)
-				len--;
-			break;
-		default:
-			break;
-	}
-#endif
-
-	return len;
-}
-
 static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
-			const u8 *pos, u16 attr_data_len)
+			const u8 *pos, u16 len)
 {
-	u16 len;
-
-	len = wps_ignore_null_padding_in_attr(pos, type, attr_data_len);
-
 	switch (type) {
 	case ATTR_VERSION:
 		if (len != 1) {
@@ -617,7 +582,7 @@ int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr)
 		pos += 2;
 		len = WPA_GET_BE16(pos);
 		pos += 2;
-		wpa_printf(MSG_DEBUG, "WPS: attr type=0x%x len=%u",
+		wpa_printf(MSG_MSGDUMP, "WPS: attr type=0x%x len=%u",
 			   type, len);
 		if (len > end - pos) {
 			wpa_printf(MSG_DEBUG,  "WPS: Attribute overflow");

components/wpa_supplicant/src/wps/wps_defs.h

@@ -25,8 +25,6 @@ extern int wps_testing_dummy_cred;
 
 #endif /* CONFIG_WPS_TESTING */
 
-#define CONFIG_WPS_STRICT
-
 /* Diffie-Hellman 1536-bit MODP Group; RFC 3526, Group 5 */
 #define WPS_DH_GROUP 5
 
@@ -310,7 +308,8 @@ enum wps_dev_subcateg {
 	WPS_DEV_GAMING_XBOX = 1,
 	WPS_DEV_GAMING_XBOX360 = 2,
 	WPS_DEV_GAMING_PLAYSTATION = 3,
-	WPS_DEV_PHONE_WINDOWS_MOBILE = 1
+	WPS_DEV_PHONE_WINDOWS_MOBILE = 1,
+	WPS_DEV_PHONE_SINGLE_MODE = 2,
 };
 
 

components/wpa_supplicant/src/wps/wps_validate.c

@@ -12,6 +12,8 @@
 #include "wps/wps.h"
 
 
+#ifdef CONFIG_WPS_STRICT
+
 #ifndef WPS_STRICT_ALL
 #define WPS_STRICT_WPS2
 #endif /* WPS_STRICT_ALL */
@@ -95,7 +97,6 @@ static int wps_validate_response_type(const u8 *response_type, int mandatory)
 
 static int valid_config_methods(u16 val, int wps2)
 {
-#ifndef CONFIG_WPA_WPS_WARS
 	if (wps2) {
 		if (!(val & 0x6000) && (val & WPS_CONFIG_DISPLAY)) {
 			wpa_printf(MSG_INFO, "WPS-STRICT: Display flag "
@@ -109,7 +110,6 @@ static int valid_config_methods(u16 val, int wps2)
 		}
 	}
 
-#endif
 	return 1;
 }
 
@@ -2363,3 +2363,4 @@ _out:
 
 	return ret;
 }
+#endif