fix(wpa_supplicant): Add some bugfixes in wpa_supplicant

1) Add parameter to configure reason code of deauth frame
2) Add logs to indicate MIC failure 4-Way-Handshake
3) Process RSNXE capabilities only if AP advertises them

components/wpa_supplicant/src/ap/wpa_auth.c

@@ -197,10 +197,10 @@ int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
 }
 
 static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
-                   const u8 *addr)
+                   const u8 *addr, u16 reason)
 {
     wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
-    esp_wifi_ap_deauth_internal((uint8_t*)addr, WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT);
+    esp_wifi_ap_deauth_internal((uint8_t*)addr, reason);
     return;
 }
 
@@ -736,7 +736,8 @@ continue_processing:
                    "collect more entropy for random number "
                    "generation");
             random_mark_pool_ready();
-            wpa_sta_disconnect(wpa_auth, sm->addr);
+            wpa_sta_disconnect(wpa_auth, sm->addr,
+                    WLAN_REASON_PREV_AUTH_NOT_VALID);
             return;
         }
         if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
@@ -763,12 +764,14 @@ continue_processing:
             wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
                     eapol_key_ie, eapol_key_ie_len);
             /* MLME-DEAUTHENTICATE.request */
-            wpa_sta_disconnect(wpa_auth, sm->addr);
+            wpa_sta_disconnect(wpa_auth, sm->addr,
+                    WLAN_REASON_PREV_AUTH_NOT_VALID);
             return;
         }
 #ifdef CONFIG_IEEE80211R_AP
         if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
-            wpa_sta_disconnect(wpa_auth, sm->addr);
+            wpa_sta_disconnect(wpa_auth, sm->addr,
+                    WLAN_REASON_PREV_AUTH_NOT_VALID);
             return;
         }
 #endif /* CONFIG_IEEE80211R_AP */
@@ -802,6 +805,8 @@ continue_processing:
     if (sm->PTK_valid && !sm->update_snonce) {
         if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,
                        data_len)) {
+            wpa_printf(MSG_INFO,
+                     "received EAPOL-Key with invalid MIC");
             return;
         }
         sm->MICVerified = TRUE;
@@ -815,6 +820,8 @@ continue_processing:
             memcpy(sm->req_replay_counter, key->replay_counter,
                   WPA_REPLAY_COUNTER_LEN);
         } else {
+            wpa_printf(MSG_INFO,
+                     "received EAPOL-Key request with invalid MIC");
             return;
         }
 
@@ -1273,9 +1280,14 @@ SM_STATE(WPA_PTK, INITIALIZE)
 
 SM_STATE(WPA_PTK, DISCONNECT)
 {
+    u16 reason = sm->disconnect_reason;
+
     SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
     sm->Disconnect = FALSE;
-    wpa_sta_disconnect(sm->wpa_auth, sm->addr);
+    sm->disconnect_reason = 0;
+    if (!reason)
+        reason = WLAN_REASON_PREV_AUTH_NOT_VALID;
+    wpa_sta_disconnect(sm->wpa_auth, sm->addr, reason);
 }
 
 
@@ -1345,7 +1357,8 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
     if (os_get_random(sm->ANonce, WPA_NONCE_LEN)) {
         wpa_printf( MSG_ERROR, "WPA: Failed to get random data for "
                "ANonce.");
-        wpa_sta_disconnect(sm->wpa_auth, sm->addr);
+        wpa_sta_disconnect(sm->wpa_auth, sm->addr,
+                WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT);
         return;
     }
     wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
@@ -1518,11 +1531,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
         if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
                        sm->last_rx_eapol_key,
                        sm->last_rx_eapol_key_len) == 0) {
-            wpa_printf( MSG_DEBUG, "mic verify ok, pmk=%p\n", pmk);
             ok = 1;
             break;
-        } else {
-            wpa_printf( MSG_DEBUG, "mic verify fail, pmk=%p\n", pmk);
         }
 
         if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)){
@@ -1532,6 +1542,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
     }
 
     if (!ok) {
+        wpa_printf(MSG_INFO, "invalid MIC in msg 2/4 of 4-Way Handshake");
         return;
     }
 
@@ -1792,7 +1803,8 @@ SM_STATE(WPA_PTK, PTKINITDONE)
         int klen = wpa_cipher_key_len(sm->pairwise);
         if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
                      sm->PTK.tk, klen)) {
-            wpa_sta_disconnect(sm->wpa_auth, sm->addr);
+            wpa_sta_disconnect(sm->wpa_auth, sm->addr,
+                    WLAN_REASON_PREV_AUTH_NOT_VALID);
             return;
         }
         /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
@@ -1900,6 +1912,8 @@ SM_STEP(WPA_PTK)
             SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
         else if (sm->TimeoutCtr >
              (int) dot11RSNAConfigPairwiseUpdateCount) {
+            sm->disconnect_reason =
+                WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT;
             SM_ENTER(WPA_PTK, DISCONNECT);
         } else if (sm->TimeoutEvt)
             SM_ENTER(WPA_PTK, PTKSTART);
@@ -1924,6 +1938,8 @@ SM_STEP(WPA_PTK)
             SM_ENTER(WPA_PTK, PTKINITDONE);
         else if (sm->TimeoutCtr >
              (int) dot11RSNAConfigPairwiseUpdateCount) {
+            sm->disconnect_reason =
+                WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT;
             SM_ENTER(WPA_PTK, DISCONNECT);
         } else if (sm->TimeoutEvt)
             SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
@@ -2029,6 +2045,7 @@ SM_STATE(WPA_PTK_GROUP, KEYERROR)
         sm->group->GKeyDoneStations--;
     sm->GUpdateStationKeys = FALSE;
     sm->Disconnect = TRUE;
+    sm->disconnect_reason = WLAN_REASON_GROUP_KEY_UPDATE_TIMEOUT;
 }
 
 

components/wpa_supplicant/src/ap/wpa_auth_i.h

@@ -47,6 +47,7 @@ struct wpa_state_machine {
 	Boolean AuthenticationRequest;
 	Boolean ReAuthenticationRequest;
 	Boolean Disconnect;
+	u16 disconnect_reason; /* specific reason code to use with Disconnect */
 	int TimeoutCtr;
 	int GTimeoutCtr;
 	Boolean TimeoutEvt;