[NXP][platform][common] add WPA3 support #39411

Martin-NXP · 2025-06-05T14:55:32Z

Description

Add WPA3-SAE support for NXP platforms

Testing

Wifi commissioning using WPA3-SAE security AP, rw61x NXP platform

Signed-off-by: Martin Girardot <[email protected]>

gemini-code-assist

Code Review

This pull request aims to add WPA3-SAE support for NXP platforms by updating how Wi-Fi network credentials are provisioned. The core change involves populating a new password field in the network security structure, intended for WPA3's potentially longer passwords, alongside the existing psk field.

While adding WPA3 support is a valuable enhancement, the current implementation has critical memory safety concerns. Specifically, there are potential buffer overflows when copying the key to both the psk and the new password fields if the provided keyLen exceeds their respective buffer capacities. These issues need to be addressed before merging.

Summary of Findings

Potential Buffer Overflow in psk field copy: The memcpy to pNetworkData->security.psk (line 645) can cause a buffer overflow if keyLen (now potentially for a longer WPA3 password) exceeds the psk buffer's capacity. This is a critical memory safety issue.
Potential Buffer Overflow in new password field copy: The newly added memcpy to pNetworkData->security.password (line 648) can also cause a buffer overflow if keyLen exceeds the password buffer's capacity. This also needs to be safeguarded to prevent memory corruption.

Merge Readiness

This pull request introduces important WPA3 support. However, there are critical buffer overflow vulnerabilities identified in the way network keys are copied. These issues must be addressed to ensure memory safety before the PR can be considered for merging. As an AI reviewer, I am not authorized to approve pull requests; please ensure these changes are reviewed and approved by other maintainers after the identified issues are resolved.

src/platform/nxp/common/ConnectivityManagerImpl.cpp

github-actions · 2025-06-05T15:07:14Z

PR #39411: Size comparison from 0a6c200 to 4c8586c

Full report (14 builds for cc13x4_26x4, cc32xx, nrfconnect, qpg, stm32, tizen)

platform	target	config	section	`0a6c200`	`4c8586c`
cc13x4_26x4	lighting-app	LP_EM_CC1354P10_6	FLASH	820900	820900
			RAM	120224	120224
	lock-ftd	LP_EM_CC1354P10_6	FLASH	832528	832528
			RAM	125376	125376
	pump-app	LP_EM_CC1354P10_6	FLASH	778024	778024
			RAM	113780	113780
	pump-controller-app	LP_EM_CC1354P10_6	FLASH	762332	762332
			RAM	113988	113988
cc32xx	air-purifier	CC3235SF_LAUNCHXL	FLASH	548542	548542
			RAM	205192	205192
	lock	CC3235SF_LAUNCHXL	FLASH	582014	582014
			RAM	205384	205384
nrfconnect	all-clusters-app	nrf52840dk_nrf52840	FLASH	922100	922100
			RAM	167462	167462
		nrf7002dk_nrf5340_cpuapp	FLASH	913312	913312
			RAM	145706	145706
	all-clusters-minimal-app	nrf52840dk_nrf52840	FLASH	859368	859368
			RAM	141095	141095
qpg	lighting-app	qpg6105+debug	FLASH	667500	667500
			RAM	105196	105196
	lock-app	qpg6105+debug	FLASH	627568	627568
			RAM	99816	99816
stm32	light	STM32WB5MM-DK	FLASH	465260	465260
			RAM	141424	141424
tizen	all-clusters-app	arm	unknown	5300	5300
			FLASH	1821496	1821496
			RAM	97056	97056
	chip-tool-ubsan	arm	unknown	20664	20664
			FLASH	20933142	20933142
			RAM	`9116752`	`9116752`

github-actions · 2025-06-05T15:44:45Z

PR #39411: Size comparison from d74efe3 to 8ce4ae9

Increases above 0.2%:

platform	target	config	section	`d74efe3`	`8ce4ae9`	change	% change
telink	lighting-app-ota-factory-data	tlsr9118bdk40d	FLASH	601046	604902	3856	0.6

Full report (70 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, stm32, telink, tizen)

platform	target	config	section	`d74efe3`	`8ce4ae9`	change	% change
bl602	lighting-app	bl602+mfd+littlefs+rpc	FLASH	1102698	1102698	0	0.0
			RAM	179058	179058	0	0.0
bl702	lighting-app	bl702+eth	FLASH	655804	655804	0	0.0
			RAM	135009	135009	0	0.0
		bl702+wifi	FLASH	833294	833294	0	0.0
			RAM	124573	124573	0	0.0
		bl706+mfd+rpc+littlefs	FLASH	1065726	1065726	0	0.0
			RAM	117405	117405	0	0.0
bl702l	contact-sensor-app	bl702l+mfd+littlefs	FLASH	895272	895272	0	0.0
			RAM	105708	105708	0	0.0
	lighting-app	bl702l+mfd+littlefs	FLASH	978996	978996	0	0.0
			RAM	109892	109892	0	0.0
cc13x4_26x4	lighting-app	LP_EM_CC1354P10_6	FLASH	820900	820900	0	0.0
			RAM	120224	120224	0	0.0
	lock-ftd	LP_EM_CC1354P10_6	FLASH	832528	832528	0	0.0
			RAM	125376	125376	0	0.0
	pump-app	LP_EM_CC1354P10_6	FLASH	778024	778024	0	0.0
			RAM	113780	113780	0	0.0
	pump-controller-app	LP_EM_CC1354P10_6	FLASH	762332	762332	0	0.0
			RAM	113988	113988	0	0.0
cc32xx	air-purifier	CC3235SF_LAUNCHXL	FLASH	548542	548542	0	0.0
			RAM	205192	205192	0	0.0
	lock	CC3235SF_LAUNCHXL	FLASH	582014	582014	0	0.0
			RAM	205384	205384	0	0.0
cyw30739	light	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	662981	662981	0	0.0
			RAM	77504	77504	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	682817	682817	0	0.0
			RAM	80144	80144	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	682817	682817	0	0.0
			RAM	80144	80144	0	0.0
		CYW930739M2EVB-02	unknown	2040	2040	0	0.0
			FLASH	639757	639757	0	0.0
			RAM	72572	72572	0	0.0
	light-switch	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	624357	624357	0	0.0
			RAM	73816	73816	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	643985	643985	0	0.0
			RAM	76368	76368	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	643985	643985	0	0.0
			RAM	76368	76368	0	0.0
	lock	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	645277	645277	0	0.0
			RAM	76816	76816	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	664977	664977	0	0.0
			RAM	79368	79368	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	664977	664977	0	0.0
			RAM	79368	79368	0	0.0
	thermostat	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	619945	619945	0	0.0
			RAM	70928	70928	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	639797	639797	0	0.0
			RAM	73560	73560	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	639797	639797	0	0.0
			RAM	73560	73560	0	0.0
efr32	lock-app	BRD4187C	FLASH	947108	947108	0	0.0
			RAM	132036	132036	0	0.0
		BRD4338a	FLASH	776392	776384	-8	-0.0
			RAM	173256	173256	0	0.0
	window-app	BRD4187C	FLASH	1040072	1040064	-8	-0.0
			RAM	128164	128164	0	0.0
esp32	all-clusters-app	c3devkit	DRAM	103536	103536	0	0.0
			FLASH	1808816	1808816	0	0.0
			IRAM	83862	83862	0	0.0
		m5stack	DRAM	122404	122404	0	0.0
			FLASH	1773818	1773818	0	0.0
			IRAM	117071	117071	0	0.0
linux	air-purifier-app	debug	unknown	4848	4848	0	0.0
			FLASH	2788328	2788328	0	0.0
			RAM	117048	117048	0	0.0
	all-clusters-app	debug	unknown	5664	5664	0	0.0
			FLASH	6368672	6368672	0	0.0
			RAM	536896	536896	0	0.0
	all-clusters-minimal-app	debug	unknown	5528	5528	0	0.0
			FLASH	`5470366`	`5470366`	0	0.0
			RAM	228008	228008	0	0.0
	bridge-app	debug	unknown	5560	5560	0	0.0
			FLASH	4802878	4802878	0	0.0
			RAM	207680	207680	0	0.0
	camera-app	debug	unknown	8912	8912	0	0.0
			FLASH	`6911371`	`6911371`	0	0.0
			RAM	228920	228920	0	0.0
	camera-controller	debug	unknown	9168	9168	0	0.0
			FLASH	14296203	14296267	64	0.0
			RAM	657992	657992	0	0.0
	chip-tool	debug	unknown	6240	6240	0	0.0
			FLASH	14657911	14657971	60	0.0
			RAM	651440	651440	0	0.0
	chip-tool-ipv6only	arm64	unknown	40480	40480	0	0.0
			FLASH	12627780	12627812	32	0.0
			RAM	697744	697744	0	0.0
	fabric-admin	debug	unknown	5920	5920	0	0.0
			FLASH	12727093	12727093	0	0.0
			RAM	650840	650840	0	0.0
	fabric-bridge-app	debug	unknown	4808	4808	0	0.0
			FLASH	`4588780`	`4588780`	0	0.0
			RAM	193376	193376	0	0.0
	fabric-sync	debug	unknown	5056	5056	0	0.0
			FLASH	5734477	5734477	0	0.0
			RAM	490320	490320	0	0.0
	lighting-app	debug+rpc+ui	unknown	6272	6272	0	0.0
			FLASH	5652097	5652097	0	0.0
			RAM	209896	209896	0	0.0
	lock-app	debug	unknown	5488	5488	0	0.0
			FLASH	4836080	4836080	0	0.0
			RAM	197128	197128	0	0.0
	ota-provider-app	debug	unknown	4848	4848	0	0.0
			FLASH	4440616	4440616	0	0.0
			RAM	186016	186016	0	0.0
	ota-requestor-app	debug	unknown	4728	4728	0	0.0
			FLASH	`4509974`	`4509974`	0	0.0
			RAM	188632	188632	0	0.0
	shell	debug	unknown	4248	4248	0	0.0
			FLASH	3084300	3084300	0	0.0
			RAM	150920	150920	0	0.0
	thermostat-no-ble	arm64	unknown	9784	9784	0	0.0
			FLASH	`4234716`	`4234716`	0	0.0
			RAM	233448	233448	0	0.0
	tv-app	debug	unknown	5824	5824	0	0.0
			FLASH	`6099549`	`6099549`	0	0.0
			RAM	614552	614552	0	0.0
	tv-casting-app	debug	unknown	5336	5336	0	0.0
			FLASH	12809037	12809037	0	0.0
			RAM	767968	767968	0	0.0
nrfconnect	all-clusters-app	nrf52840dk_nrf52840	FLASH	922100	922100	0	0.0
			RAM	167462	167462	0	0.0
		nrf7002dk_nrf5340_cpuapp	FLASH	913312	913312	0	0.0
			RAM	145706	145706	0	0.0
	all-clusters-minimal-app	nrf52840dk_nrf52840	FLASH	859368	859368	0	0.0
			RAM	141095	141095	0	0.0
nxp	contact	mcxw71+release	FLASH	625376	625376	0	0.0
			RAM	63196	63196	0	0.0
	lock	mcxw71+release	FLASH	776416	776416	0	0.0
			RAM	67860	67860	0	0.0
psoc6	all-clusters	cy8ckit_062s2_43012	FLASH	1671932	1671932	0	0.0
			RAM	212456	212456	0	0.0
	all-clusters-minimal	cy8ckit_062s2_43012	FLASH	1576324	1576324	0	0.0
			RAM	208512	208512	0	0.0
	light	cy8ckit_062s2_43012	FLASH	1448772	1448772	0	0.0
			RAM	197240	197240	0	0.0
	lock	cy8ckit_062s2_43012	FLASH	1481036	1481036	0	0.0
			RAM	224952	224952	0	0.0
stm32	light	STM32WB5MM-DK	FLASH	465260	465260	0	0.0
			RAM	141424	141424	0	0.0
telink	bridge-app	tl7218x	FLASH	694658	677902	-16756	-2.4
			RAM	102100	90960	-11140	-10.9
	light-app-ota-compress-lzma-factory-data	tl3218x	FLASH	767076	767076	0	0.0
			RAM	50252	50252	0	0.0
	light-app-ota-compress-lzma-shell-factory-data	tl3218x	FLASH	768106	768106	0	0.0
			RAM	40544	40544	0	0.0
	light-app-ota-shell-factory-data	tl7218x	FLASH	774204	756584	-17620	-2.3
			RAM	109424	97672	-11752	-10.7
	light-switch-app-ota-compress-lzma-factory-data	tl7218x_retention	FLASH	703564	687666	-15898	-2.3
			RAM	62812	51780	-11032	-17.6
	light-switch-app-ota-compress-lzma-shell-factory-data	tlsr9528a	FLASH	741518	716116	-25402	-3.4
			RAM	85984	73592	-12392	-14.4
	light-switch-app-ota-shell-factory-data	tl3218x_retention	FLASH	713424	713424	0	0.0
			RAM	37228	37228	0	0.0
	lighting-app-ota-factory-data	tlsr9118bdk40d	FLASH	601046	604902	3856	0.6
			RAM	120196	106920	-13276	-11.0
	lighting-app-ota-rpc-factory-data-4mb	tlsr9518adk80d	FLASH	809542	791654	-17888	-2.2
			RAM	107692	96520	-11172	-10.4
tizen	all-clusters-app	arm	unknown	5300	5300	0	0.0
			FLASH	1821496	1821496	0	0.0
			RAM	97056	97056	0	0.0
	chip-tool-ubsan	arm	unknown	20664	20664	0	0.0
			FLASH	20933142	20933190	48	0.0
			RAM	`9116752`	`9116752`	0	0.0

tcarmelveilleux

Do not memcpy into a buffer from outside data without bound-checking against the size of the buffer receiving the data.

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

Signed-off-by: Martin Girardot <[email protected]>

Martin-NXP requested a review from a team as a code owner June 5, 2025 14:55

pullapprove bot added the review - pending label Jun 5, 2025

github-actions bot added platform nxp NXP platform labels Jun 5, 2025

[NXP][platform][common] add WPA3 support

93c0bfc

Signed-off-by: Martin Girardot <[email protected]>

gemini-code-assist bot suggested changes Jun 5, 2025

View reviewed changes

src/platform/nxp/common/ConnectivityManagerImpl.cpp Outdated Show resolved Hide resolved

src/platform/nxp/common/ConnectivityManagerImpl.cpp Outdated Show resolved Hide resolved

Restyled by clang-format

8ce4ae9

Martin-NXP force-pushed the nxp_upstream_wpa3_support branch 2 times, most recently from 06d7494 to 93c0bfc Compare June 5, 2025 15:27

chapongatien approved these changes Jun 6, 2025

View reviewed changes

tcarmelveilleux requested changes Jun 6, 2025

View reviewed changes

Martin-NXP and others added 2 commits June 10, 2025 15:00

Update src/platform/nxp/common/ConnectivityManagerImpl.cpp

b9bcd7c

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

Update Gemini commit

50f91bd

Signed-off-by: Martin Girardot <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[NXP][platform][common] add WPA3 support #39411

[NXP][platform][common] add WPA3 support #39411

Martin-NXP commented Jun 5, 2025

Uh oh!

gemini-code-assist bot left a comment

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Jun 5, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Jun 5, 2025 •

edited

Loading

Uh oh!

tcarmelveilleux left a comment

Uh oh!

Uh oh!

[NXP][platform][common] add WPA3 support #39411

Are you sure you want to change the base?

[NXP][platform][common] add WPA3 support #39411

Conversation

Martin-NXP commented Jun 5, 2025

Description

Testing

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Summary of Findings

Merge Readiness

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Jun 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Jun 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

tcarmelveilleux left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

github-actions bot commented Jun 5, 2025 •

edited

Loading

github-actions bot commented Jun 5, 2025 •

edited

Loading