From 3cc59d2cd87aadef3994dbe35d830463fc137d65 Mon Sep 17 00:00:00 2001 From: Sarvesh Bodakhe Date: Wed, 23 Jul 2025 13:42:08 +0530 Subject: [PATCH] fix(wifi): add GCMP-128 cipher support for SoftAP mode GCMP-256 SoftAP support was previously added as part of SAE Extended Key handling. --- components/esp_wifi/include/esp_wifi_types_generic.h | 4 ++-- components/esp_wifi/lib | 2 +- components/wpa_supplicant/esp_supplicant/src/esp_hostap.c | 4 ++++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/components/esp_wifi/include/esp_wifi_types_generic.h b/components/esp_wifi/include/esp_wifi_types_generic.h index 6c186b8785..9494605707 100644 --- a/components/esp_wifi/include/esp_wifi_types_generic.h +++ b/components/esp_wifi/include/esp_wifi_types_generic.h @@ -527,13 +527,13 @@ typedef struct { uint8_t password[64]; /**< Password of soft-AP. */ uint8_t ssid_len; /**< Optional length of SSID field. */ uint8_t channel; /**< Channel of soft-AP */ - wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP. */ + wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP by default, unless explicitly set. */ uint8_t ssid_hidden; /**< Broadcast SSID or not, default 0, broadcast the SSID */ uint8_t max_connection; /**< Max number of stations allowed to connect in */ uint16_t beacon_interval; /**< Beacon interval which should be multiples of 100. Unit: TU(time unit, 1 TU = 1024 us). Range: 100 ~ 60000. Default value: 100 */ uint8_t csa_count; /**< Channel Switch Announcement Count. Notify the station that the channel will switch after the csa_count beacon intervals. Default value: 3 */ uint8_t dtim_period; /**< Dtim period of soft-AP. Range: 1 ~ 10. Default value: 1 */ - wifi_cipher_type_t pairwise_cipher; /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */ + wifi_cipher_type_t pairwise_cipher; /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP, WIFI_CIPHER_TYPE_TKIP_CCMP, WIFI_CIPHER_TYPE_GCMP and WIFI_CIPHER_TYPE_GCMP256. */ bool ftm_responder; /**< Enable FTM Responder mode */ wifi_pmf_config_t pmf_cfg; /**< Configuration for Protected Management Frame */ wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */ diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index 2300a8f5a9..10dca7affa 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit 2300a8f5a9af2a50620cef55be2c001f5edc2546 +Subproject commit 10dca7affa0ef6e50130a9bb8b2e1beb95bd4eb7 diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c index 9df1087a27..da162f0ee5 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c @@ -126,6 +126,10 @@ void *hostap_init(void) auth_conf->wpa_group = WPA_CIPHER_GCMP_256; auth_conf->wpa_pairwise = WPA_CIPHER_GCMP_256; auth_conf->rsn_pairwise = WPA_CIPHER_GCMP_256; + } else if (pairwise_cipher == WIFI_CIPHER_TYPE_GCMP) { + auth_conf->wpa_group = WPA_CIPHER_GCMP; + auth_conf->wpa_pairwise = WPA_CIPHER_GCMP; + auth_conf->rsn_pairwise = WPA_CIPHER_GCMP; } else { auth_conf->wpa_group = WPA_CIPHER_TKIP; auth_conf->wpa_pairwise = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP;