diff --git a/components/esp_wifi/include/esp_wifi_types.h b/components/esp_wifi/include/esp_wifi_types.h index e0419acc02..96c8e394c5 100644 --- a/components/esp_wifi/include/esp_wifi_types.h +++ b/components/esp_wifi/include/esp_wifi_types.h @@ -222,6 +222,14 @@ typedef struct { bool required; /**< Advertizes that Protected Management Frame is required. Device will not associate to non-PMF capable devices. */ } wifi_pmf_config_t; +/** Configuration for SAE PWE derivation */ +typedef enum { + WPA3_SAE_PWE_UNSPECIFIED, + WPA3_SAE_PWE_HUNT_AND_PECK, + WPA3_SAE_PWE_HASH_TO_ELEMENT, + WPA3_SAE_PWE_BOTH, +} wifi_sae_pwe_method_t; + /** @brief Soft-AP configuration settings for the ESP32 */ typedef struct { uint8_t ssid[32]; /**< SSID of ESP32 soft-AP. If ssid_len field is 0, this must be a Null terminated string. Otherwise, length is set according to ssid_len. */ @@ -254,8 +262,8 @@ typedef struct { uint32_t mbo_enabled:1; /**< Whether MBO is enabled for the connection */ uint32_t ft_enabled:1; /**< Whether FT is enabled for the connection */ uint32_t owe_enabled:1; /**< Whether OWE is enabled for the connection */ - uint32_t sae_pwe_h2e:2; /**< Whether SAE hash to element is enabled */ - uint32_t reserved:25; /**< Reserved for future feature set */ + uint32_t reserved:27; /**< Reserved for future feature set */ + wifi_sae_pwe_method_t sae_pwe_h2e; /**< Whether SAE hash to element is enabled */ } wifi_sta_config_t; /** @brief Configuration data for ESP32 AP or STA. diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index 9d353460e8..4b1daf3775 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit 9d353460e8240e3b413867ea433085e218c9adf5 +Subproject commit 4b1daf3775bc399296482ef2760f1efe9855e6f1 diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h index 07c133144a..856d40d5c5 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h @@ -279,7 +279,7 @@ esp_err_t esp_wifi_remain_on_channel(uint8_t ifx, uint8_t type, uint8_t channel, bool esp_wifi_is_mbo_enabled_internal(uint8_t if_index); void esp_wifi_get_pmf_config_internal(wifi_pmf_config_t *pmf_cfg, uint8_t ifx); bool esp_wifi_is_ft_enabled_internal(uint8_t if_index); -uint8_t esp_wifi_get_config_sae_pwe_h2e_internal(void); -uint8_t esp_wifi_get_use_h2e_internal(void); +uint8_t esp_wifi_sta_get_config_sae_pwe_h2e_internal(void); +uint8_t esp_wifi_sta_get_use_h2e_internal(void); #endif /* _ESP_WIFI_DRIVER_H_ */ diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c index e5cedb6b50..fa5b27402f 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c @@ -25,7 +25,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid) u8 own_addr[ETH_ALEN]; const u8 *pw = (const u8 *)esp_wifi_sta_get_prof_password_internal(); struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal(); - uint8_t use_pt = esp_wifi_get_use_h2e_internal(); + uint8_t use_pt = esp_wifi_sta_get_use_h2e_internal(); if (use_pt && !g_sae_pt) { g_sae_pt = sae_derive_pt(g_allowed_groups, ssid->ssid, ssid->len, pw, strlen((const char *)pw), NULL); diff --git a/components/wpa_supplicant/src/common/wpa_common.c b/components/wpa_supplicant/src/common/wpa_common.c index 6d74532c64..4cdf7ab388 100644 --- a/components/wpa_supplicant/src/common/wpa_common.c +++ b/components/wpa_supplicant/src/common/wpa_common.c @@ -369,7 +369,7 @@ int wpa_parse_wpa_ie_rsnxe(const u8 *rsnxe_ie, size_t rsnxe_ie_len, struct wpa_ie_data *data) { uint8_t rsnxe_capa = 0; - uint8_t sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(); + uint8_t sae_pwe = esp_wifi_sta_get_config_sae_pwe_h2e_internal(); memset(data, 0, sizeof(*data)); if (rsnxe_ie_len < 1) { diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index d0e0a1c043..a484a2dcc4 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2674,7 +2674,7 @@ int wpa_sm_set_ap_rsnxe(const u8 *ie, size_t len) sm->ap_rsnxe_len = len; } - sm->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(); + sm->sae_pwe = esp_wifi_sta_get_config_sae_pwe_h2e_internal(); return 0; } diff --git a/examples/wifi/getting_started/station/main/station_example_main.c b/examples/wifi/getting_started/station/main/station_example_main.c index 9c00dd1eb9..972bea9028 100644 --- a/examples/wifi/getting_started/station/main/station_example_main.c +++ b/examples/wifi/getting_started/station/main/station_example_main.c @@ -115,7 +115,7 @@ void wifi_init_sta(void) * However these modes are deprecated and not advisable to be used. Incase your Access point * doesn't support WPA2, these mode can be enabled by commenting below line */ .threshold.authmode = ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD, - .sae_pwe_h2e = 2, + .sae_pwe_h2e = WPA3_SAE_PWE_BOTH, }, }; ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );