From e13e44283836a6a7389669afeb9d7f7bfb8b920d Mon Sep 17 00:00:00 2001 From: Sarvesh Bodakhe Date: Fri, 29 Aug 2025 23:40:35 +0530 Subject: [PATCH] fix(wifi): add GCMP-128 support for SoftAP and some other bugfixes - GCMP-256 SoftAP support was previously added as part of SAE Extended Key handling. - Fixes the authmode sent in WIFI_EVENT_STA_CONNECTED, which was previously taken directly from the AKM field. This caused incorrect values in some cases. - Updates the "security" log to show the correct wifi_auth_mode_t. - Fixes wrong authmode strength used in the connection path. --- components/esp_wifi/include/esp_wifi_types_generic.h | 4 ++-- components/esp_wifi/lib | 2 +- components/wpa_supplicant/esp_supplicant/src/esp_hostap.c | 4 ++++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/components/esp_wifi/include/esp_wifi_types_generic.h b/components/esp_wifi/include/esp_wifi_types_generic.h index 51eee18abf..9f5933131b 100644 --- a/components/esp_wifi/include/esp_wifi_types_generic.h +++ b/components/esp_wifi/include/esp_wifi_types_generic.h @@ -406,13 +406,13 @@ typedef struct { uint8_t password[64]; /**< Password of soft-AP. */ uint8_t ssid_len; /**< Optional length of SSID field. */ uint8_t channel; /**< Channel of soft-AP */ - wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP. */ + wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP by default, unless explicitly set. */ uint8_t ssid_hidden; /**< Broadcast SSID or not, default 0, broadcast the SSID */ uint8_t max_connection; /**< Max number of stations allowed to connect in */ uint16_t beacon_interval; /**< Beacon interval which should be multiples of 100. Unit: TU(time unit, 1 TU = 1024 us). Range: 100 ~ 60000. Default value: 100 */ uint8_t csa_count; /**< Channel Switch Announcement Count. Notify the station that the channel will switch after the csa_count beacon intervals. Default value: 3 */ uint8_t dtim_period; /**< Dtim period of soft-AP. Range: 1 ~ 10. Default value: 1 */ - wifi_cipher_type_t pairwise_cipher; /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */ + wifi_cipher_type_t pairwise_cipher; /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP, WIFI_CIPHER_TYPE_TKIP_CCMP, WIFI_CIPHER_TYPE_GCMP and WIFI_CIPHER_TYPE_GCMP256. */ bool ftm_responder; /**< Enable FTM Responder mode */ wifi_pmf_config_t pmf_cfg; /**< Configuration for Protected Management Frame */ wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */ diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index cdf01b2d82..51cfbfa1f4 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit cdf01b2d82f5a088ee27bdbb924d5cb6eadea3c8 +Subproject commit 51cfbfa1f4b7e13002f63deb96447521504bccca diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c index c193c33483..b9e5cbbe58 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c @@ -120,6 +120,10 @@ void *hostap_init(void) auth_conf->wpa_group = WPA_CIPHER_GCMP_256; auth_conf->wpa_pairwise = WPA_CIPHER_GCMP_256; auth_conf->rsn_pairwise = WPA_CIPHER_GCMP_256; + } else if (pairwise_cipher == WIFI_CIPHER_TYPE_GCMP) { + auth_conf->wpa_group = WPA_CIPHER_GCMP; + auth_conf->wpa_pairwise = WPA_CIPHER_GCMP; + auth_conf->rsn_pairwise = WPA_CIPHER_GCMP; } else { auth_conf->wpa_group = WPA_CIPHER_TKIP; auth_conf->wpa_pairwise = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP;