Merge branch 'bugfix/handle_sae_discarded_auth_frame' into 'master'

Discard commit frame received at confirmed state in SAE Closes WIFI-6123 See merge request espressif/esp-idf!24671
espressif · Jul 18, 2023 · f5fb6a6 · f5fb6a6
2 parents 13ea139 + a9e6deb
commit f5fb6a6
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 5 deletions.
diff --git a/components/esp_common/src/esp_err_to_name.c b/components/esp_common/src/esp_err_to_name.c
@@ -410,6 +410,9 @@ static const esp_err_msg_t esp_err_msg_table[] = {
 #   endif
 #   ifdef      ESP_ERR_WIFI_TWT_SETUP_REJECT
     ERR_TBL_IT(ESP_ERR_WIFI_TWT_SETUP_REJECT),                  /* 12314 0x301a The twt setup request was rejected by the AP */
+#   endif
+#   ifdef      ESP_ERR_WIFI_DISCARD
+    ERR_TBL_IT(ESP_ERR_WIFI_DISCARD),                           /* 12315 0x301b Discard frame */
 #   endif
     // components/wpa_supplicant/esp_supplicant/include/esp_wps.h
 #   ifdef      ESP_ERR_WIFI_REGISTRAR

diff --git a/components/esp_wifi/include/esp_wifi.h b/components/esp_wifi/include/esp_wifi.h
@@ -87,6 +87,7 @@ extern "C" {
 #define ESP_ERR_WIFI_TWT_SETUP_TIMEOUT (ESP_ERR_WIFI_BASE + 24)  /*!< Timeout of receiving twt setup response frame, timeout times can be set during twt setup */
 #define ESP_ERR_WIFI_TWT_SETUP_TXFAIL  (ESP_ERR_WIFI_BASE + 25)  /*!< TWT setup frame tx failed */
 #define ESP_ERR_WIFI_TWT_SETUP_REJECT  (ESP_ERR_WIFI_BASE + 26)  /*!< The twt setup request was rejected by the AP */
+#define ESP_ERR_WIFI_DISCARD           (ESP_ERR_WIFI_BASE + 27)  /*!< Discard frame */
 
 /**
  * @brief WiFi stack configuration parameters passed to esp_wifi_init call.

diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
@@ -239,9 +239,8 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status)
     int ret;
 
     if (g_sae_data.state != SAE_COMMITTED) {
-        wpa_printf(MSG_ERROR, "wpa3: failed to parse SAE commit in state(%d)!",
-                   g_sae_data.state);
-        return ESP_FAIL;
+        wpa_printf(MSG_DEBUG, "wpa3: Discarding commit frame received in state %d", g_sae_data.state);
+        return ESP_ERR_WIFI_DISCARD;
     }
 
     if (status == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ) {
@@ -264,7 +263,10 @@ static int wpa3_parse_sae_commit(u8 *buf, u32 len, u16 status)
 
     ret = sae_parse_commit(&g_sae_data, buf, len, NULL, 0, g_allowed_groups,
                            (status == WLAN_STATUS_SAE_HASH_TO_ELEMENT || status == WLAN_STATUS_SAE_PK));
-    if (ret) {
+    if (ret == SAE_SILENTLY_DISCARD) {
+        wpa_printf(MSG_DEBUG, "wpa3: Discarding commit frame due to reflection attack");
+        return ESP_ERR_WIFI_DISCARD;
+    } else if (ret) {
         wpa_printf(MSG_ERROR, "wpa3: could not parse commit(%d)", ret);
         return ret;
     }
+ −		esp32/libcore.a
+ −		esp32/libespnow.a
+ −		esp32/libmesh.a
+ −		esp32/libnet80211.a
+ −		esp32/libpp.a
+ −		esp32/libsmartconfig.a
+ −		esp32/libwapi.a
+ −		esp32c2/libcore.a
+ −		esp32c2/libespnow.a
+ −		esp32c2/libnet80211.a
+ −		esp32c2/libpp.a
+ −		esp32c2/libsmartconfig.a
+ −		esp32c3/libcore.a
+ −		esp32c3/libespnow.a
+ −		esp32c3/libmesh.a
+ −		esp32c3/libnet80211.a
+ −		esp32c3/libpp.a
+ −		esp32c3/libsmartconfig.a
+ −		esp32c3/libwapi.a
+ −		esp32c6/libcore.a
+ −		esp32c6/libespnow.a
+ −		esp32c6/libmesh.a
+ −		esp32c6/libnet80211.a
+ −		esp32c6/libpp.a
+ −		esp32c6/libsmartconfig.a
+ −		esp32c6/libwapi.a
+ −		esp32s2/libcore.a
+ −		esp32s2/libespnow.a
+ −		esp32s2/libmesh.a
+ −		esp32s2/libnet80211.a
+ −		esp32s2/libpp.a
+ −		esp32s2/libsmartconfig.a
+ −		esp32s2/libwapi.a
+ −		esp32s3/libcore.a
+ −		esp32s3/libespnow.a
+ −		esp32s3/libmesh.a
+ −		esp32s3/libnet80211.a
+ −		esp32s3/libpp.a
+ −		esp32s3/libsmartconfig.a
+ −		esp32s3/libwapi.a