Inicio Explorar Axuda
Iniciar sesión
RT-Thread-packages
/
esp-idf
réplica de https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

Merge branch 'bugfix/gtk_reinstallation_fix_1_4.3' into 'release/v4.3'

wpa_supplicant: Clean gtk after disconnect (backport v4.3)

See merge request espressif/esp-idf!13286
Jiang Jiang Jian %!s(int64=4) %!d(string=hai) anos
pai
ae72870d43 952e47d45d
achega
dede31cd83
Modificáronse 3 ficheiros con 9 adicións e 29 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 0 5
      components/wpa_supplicant/src/common/wpa_common.h
  2. 9 23
      components/wpa_supplicant/src/rsn_supp/wpa.c
  3. 0 1
      components/wpa_supplicant/src/rsn_supp/wpa_i.h

+ 0 - 5
components/wpa_supplicant/src/common/wpa_common.h
Ver ficheiro 

@@ -184,11 +184,6 @@ struct wpa_ptk {
 
 	} u;
 
 	} u;
 
 } STRUCT_PACKED;
 
 } STRUCT_PACKED;
 
 
 
-struct wpa_gtk {
 
-	u8 gtk[WPA_GTK_MAX_LEN];
 
-	size_t gtk_len;
 
-};
 
-
 
 struct wpa_gtk_data {
 
 struct wpa_gtk_data {
 
 	enum wpa_alg alg;
 
 	enum wpa_alg alg;
 
 	int tx, key_rsc_len, keyidx;
 
 	int tx, key_rsc_len, keyidx;

+ 9 - 23
components/wpa_supplicant/src/rsn_supp/wpa.c
Ver ficheiro 

@@ -65,6 +65,7 @@ int wpa_sm_get_key(uint8_t *ifx, int *alg, u8 *addr, int *key_idx, u8 *key, size
 
 void wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len);
 
 void wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len);
 
 
 
 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm);
 
 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm);
 
+static bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd);
 
 static inline enum wpa_states   wpa_sm_get_state(struct wpa_sm *sm)
 
 static inline enum wpa_states   wpa_sm_get_state(struct wpa_sm *sm)
 
 {
 
 {
 
     return sm->wpa_state;;
 
     return sm->wpa_state;;
 
@@ -814,8 +815,7 @@ int   wpa_supplicant_install_gtk(struct wpa_sm *sm,
 
     wpa_hexdump(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
 
     wpa_hexdump(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
 
 
 
     /* Detect possible key reinstallation */
 
     /* Detect possible key reinstallation */
 
-    if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
 
-        os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
 
+    if (wpa_supplicant_gtk_in_use(sm, &(sm->gd))) {
 
             wpa_printf(MSG_DEBUG,
 
             wpa_printf(MSG_DEBUG,
 
                     "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
 
                     "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
 
                     gd->keyidx, gd->tx, gd->gtk_len);
 
                     gd->keyidx, gd->tx, gd->gtk_len);
 
@@ -860,13 +860,10 @@ int   wpa_supplicant_install_gtk(struct wpa_sm *sm,
 
         return -1;
 
         return -1;
 
     }
 
     }
 
 
 
-    sm->gtk.gtk_len = gd->gtk_len;
 
-    os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
 
-
 
     return 0;
 
     return 0;
 
 }
 
 }
 
 
 
-bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd)
 
+static bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd)
 
 {
 
 {
 
     u8 *_gtk = gd->gtk;
 
     u8 *_gtk = gd->gtk;
 
     u8 gtk_buf[32];
 
     u8 gtk_buf[32];
 
@@ -875,8 +872,7 @@ bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd)
 
     int alg;
 
     int alg;
 
     u8 bssid[6];
 
     u8 bssid[6];
 
     int keyidx;
 
     int keyidx;
 
-
 
-    wpa_hexdump(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
 
+    int hw_keyidx;
 
 
 
     #ifdef DEBUG_PRINT
 
     #ifdef DEBUG_PRINT
 
     wpa_printf(MSG_DEBUG, "WPA: Judge GTK: (keyidx=%d len=%d).", gd->keyidx, gd->gtk_len);
 
     wpa_printf(MSG_DEBUG, "WPA: Judge GTK: (keyidx=%d len=%d).", gd->keyidx, gd->gtk_len);
 
@@ -890,19 +886,11 @@ bool wpa_supplicant_gtk_in_use(struct wpa_sm *sm, struct wpa_gtk_data *gd)
 
         _gtk = gtk_buf;
 
         _gtk = gtk_buf;
 
     }
 
     }
 
 
 
-    //check if gtk is in use.
 
-    if (wpa_sm_get_key(&ifx, &alg, bssid, &keyidx, gtk_get, gd->gtk_len, gd->keyidx) == 0) {
 
+    hw_keyidx = esp_wifi_get_sta_hw_key_idx_internal(gd->keyidx);
 
+    if (wpa_sm_get_key(&ifx, &alg, bssid, &keyidx, gtk_get, gd->gtk_len, hw_keyidx - 2) == 0) {
 
         if (ifx == 0 && alg == gd->alg && memcmp(bssid, sm->bssid, ETH_ALEN) == 0 &&
 
         if (ifx == 0 && alg == gd->alg && memcmp(bssid, sm->bssid, ETH_ALEN) == 0 &&
 
         		memcmp(_gtk, gtk_get, gd->gtk_len) == 0) {
 
         		memcmp(_gtk, gtk_get, gd->gtk_len) == 0) {
 
-            wpa_printf(MSG_DEBUG, "GTK %d is already in use in entry %d, it may be an attack, ignor it.", gd->keyidx, gd->keyidx + 2);
 
-            return true;
 
-        }
 
-    }
 
-
 
-    if (wpa_sm_get_key(&ifx, &alg, bssid, &keyidx, gtk_get, gd->gtk_len, (gd->keyidx+1)%2) == 0) {
 
-    	if (ifx == 0 && alg == gd->alg && memcmp(bssid, sm->bssid, ETH_ALEN) == 0 &&
 
-    			memcmp(_gtk, gtk_get, gd->gtk_len) == 0) {
 
-            wpa_printf(MSG_DEBUG, "GTK %d is already in use in entry %d, it may be an attack, ignor it.", gd->keyidx, (gd->keyidx+1)%2 + 2);
 
+            wpa_printf(MSG_DEBUG, "GTK %d is already in use in entry %d, it may be an attack, ignore it.", gd->keyidx, hw_keyidx);
 
             return true;
 
             return true;
 
         }
 
         }
 
     }
 
     }
 
@@ -1581,10 +1569,8 @@ failed:
 
     u16 rekey= (WPA_SM_STATE(sm) == WPA_COMPLETED);
 
     u16 rekey= (WPA_SM_STATE(sm) == WPA_COMPLETED);
 
 
 
     if((sm->gd).gtk_len) {
 
     if((sm->gd).gtk_len) {
 
-    	if (wpa_supplicant_gtk_in_use(sm, &(sm->gd)) == false) {
 
-            if (wpa_supplicant_install_gtk(sm, &(sm->gd)))
 
-                goto failed;
 
-    	}
 
+        if (wpa_supplicant_install_gtk(sm, &(sm->gd)))
 
+            goto failed;
 
     } else {
 
     } else {
 
         goto failed;
 
         goto failed;
 
     }
 
     }

+ 0 - 1
components/wpa_supplicant/src/rsn_supp/wpa_i.h
Ver ficheiro 

@@ -41,7 +41,6 @@ struct wpa_sm {
 
     u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
 
     u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
 
     int rx_replay_counter_set;
 
     int rx_replay_counter_set;
 
     u8 request_counter[WPA_REPLAY_COUNTER_LEN];
 
     u8 request_counter[WPA_REPLAY_COUNTER_LEN];
 
-    struct wpa_gtk gtk;
 
     struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
 
     struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
 
     struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */
 
     struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */