Merge branch 'bugfix/wpa3_to_wpa2_transition_fix_v4.2' into 'release/v4.2'

wpa_supplicant: Fix WPA3 and WPA2 transition related failures (Backport v4.2) See merge request espressif/esp-idf!9865
2020-08-10 23:25:42 +08:00 · 2020-08-10 23:25:42 +08:00 · 202dbaffa7
parent 76cd5c8793 21dc9fcb5d
commit 202dbaffa7
5 changed files with 18 additions and 4 deletions
--- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c
+++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c
@ -694,7 +694,8 @@ static int wpa2_start_eapol_internal(void)
    if (!sm) {
        return ESP_FAIL;
    }
-    if (wpa_sta_is_cur_pmksa_set()) {
+
+    if (wpa_sta_cur_pmksa_matches_akm()) {
        wpa_printf(MSG_DEBUG,
                "RSN: PMKSA caching - do not send EAPOL-Start");
        return ESP_FAIL;
--- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa3.c
+++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa3.c
@ -32,7 +32,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid)
    u8 own_addr[ETH_ALEN];
    const u8 *pw;

-    if (wpa_sta_is_cur_pmksa_set()) {
+    if (wpa_sta_cur_pmksa_matches_akm()) {
        wpa_printf(MSG_INFO, "wpa3: Skip SAE and use cached PMK instead");
        return ESP_FAIL;
    }
@ -189,7 +189,7 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status)
 static int wpa3_parse_sae_confirm(u8 *buf, u32 len)
 {
    if (g_sae_data.state != SAE_CONFIRMED) {
-        wpa_printf(MSG_ERROR, "wpa3: failed to parse SAE commit in state(%d)!",
+        wpa_printf(MSG_ERROR, "wpa3: failed to parse SAE confirm in state(%d)!",
                   g_sae_data.state);
        return ESP_FAIL;
    }
@ -201,7 +201,6 @@ static int wpa3_parse_sae_confirm(u8 *buf, u32 len)
    g_sae_data.state = SAE_ACCEPTED;

    wpa_set_pmk(g_sae_data.pmk, g_sae_data.pmkid, true);
-    memcpy(esp_wifi_sta_get_ap_info_prof_pmk_internal(), g_sae_data.pmk, PMK_LEN);

    return ESP_OK;
 }
--- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c
+++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c
@ -189,6 +189,7 @@ static void wpa_sta_disconnected_cb(uint8_t reason_code)
        case WIFI_REASON_AUTH_FAIL:
        case WIFI_REASON_ASSOC_FAIL:
        case WIFI_REASON_CONNECTION_FAIL:
+        case WIFI_REASON_HANDSHAKE_TIMEOUT:
            esp_wpa3_free_sae_data();
            wpa_sta_clear_curr_pmksa();
            break;
--- a/components/wpa_supplicant/src/rsn_supp/wpa.c
+++ b/components/wpa_supplicant/src/rsn_supp/wpa.c
@ -2140,6 +2140,9 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
        esp_wifi_get_config(ESP_IF_WIFI_STA, &wifi_cfg);
        sm->pmf_cfg = wifi_cfg.sta.pmf_cfg;
        sm->mgmt_group_cipher = cipher_type_map_public_to_supp(esp_wifi_sta_get_mgmt_group_cipher());
+    } else {
+        memset(&sm->pmf_cfg, 0, sizeof(sm->pmf_cfg));
+        sm->mgmt_group_cipher = WPA_CIPHER_NONE;
    }
 #endif
    set_assoc_ie(assoc_ie_buf); /* use static buffer */
@ -2372,6 +2375,15 @@ bool wpa_sta_is_cur_pmksa_set(void) {
    return (pmksa_cache_get_current(sm) != NULL);
 }

+bool wpa_sta_cur_pmksa_matches_akm(void) {
+    struct wpa_sm *sm = &gWpaSm;
+    struct rsn_pmksa_cache_entry *pmksa;
+
+    pmksa = pmksa_cache_get_current(sm);
+    return (pmksa != NULL  &&
+            sm->key_mgmt == pmksa->akmp);
+}
+
 void wpa_sta_clear_curr_pmksa(void) {
    struct wpa_sm *sm = &gWpaSm;

--- a/components/wpa_supplicant/src/rsn_supp/wpa.h
+++ b/components/wpa_supplicant/src/rsn_supp/wpa.h
@ -37,6 +37,7 @@ struct wpa_sm;
 int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len);
 bool wpa_sta_is_cur_pmksa_set(void);
 bool wpa_sta_in_4way_handshake(void);
+bool wpa_sta_cur_pmksa_matches_akm(void);

 #define WPA_ASSERT  assert