From b76b02264c92bb69e635264f14454ed954cd0ba8 Mon Sep 17 00:00:00 2001 From: "tarun.kumar" Date: Fri, 16 May 2025 20:05:50 +0530 Subject: [PATCH 1/2] fix(wifi): Made changes in api for sending bcast deauth frames --- components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld | 2 +- components/esp_rom/esp32c2/ld/esp32c2.rom.ld | 2 +- components/wpa_supplicant/esp_supplicant/src/esp_hostap.c | 6 ++---- .../wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h | 1 + .../wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c | 2 +- components/wpa_supplicant/src/ap/wpa_auth.c | 7 ++++--- components/wpa_supplicant/src/rsn_supp/wpa.c | 6 ++++++ 7 files changed, 16 insertions(+), 10 deletions(-) diff --git a/components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld b/components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld index 7c128e14b3..070e0c92b5 100644 --- a/components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld +++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld @@ -104,7 +104,7 @@ cnx_coexist_timeout_process = 0x400020ac; ieee80211_add_extcap = 0x400020cc; //ieee80211_alloc_proberesp = 0x400020d8; esp_wifi_80211_tx = 0x400020f8; -ieee80211_crypto_aes_128_cmac_decrypt = 0x40002104; +/* ieee80211_crypto_aes_128_cmac_decrypt = 0x40002104; */ ieee80211_output_do = 0x4000210c; ieee80211_send_nulldata = 0x40002110; //ieee80211_setup_robust_mgmtframe = 0x40002114; diff --git a/components/esp_rom/esp32c2/ld/esp32c2.rom.ld b/components/esp_rom/esp32c2/ld/esp32c2.rom.ld index d4da209441..cf0b04e6e5 100644 --- a/components/esp_rom/esp32c2/ld/esp32c2.rom.ld +++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.ld @@ -1010,7 +1010,7 @@ ieee80211_amsdu_length_check = 0x400020ec; ieee80211_encap_amsdu = 0x400020f0; ieee80211_output_raw_process = 0x400020f4; ieee80211_raw_frame_sanity_check = 0x400020fc; -ieee80211_crypto_aes_128_cmac_encrypt = 0x40002100; +/* ieee80211_crypto_aes_128_cmac_encrypt = 0x40002100; */ ieee80211_alloc_tx_buf = 0x40002108; /* ieee80211_output_do = 0x4000210c; */ /* ieee80211_send_nulldata = 0x40002110; */ diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c index f6c6ebb6a2..878695691a 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c @@ -22,6 +22,7 @@ #include "esp_wps.h" #include "esp_wps_i.h" +#include "rsn_supp/wpa.h" #include "ap/sta_info.h" #include "common/sae.h" #include "ap/ieee802_11.h" @@ -137,7 +138,7 @@ void *hostap_init(void) auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_SAE; } #endif /* CONFIG_IEEE80211W */ - + esp_wifi_ap_set_group_mgmt_cipher_internal(cipher_type_map_supp_to_public(auth_conf->group_mgmt_cipher)); spp_attrubute = esp_wifi_get_spp_attrubute_internal(WIFI_IF_AP); auth_conf->spp_sup.capable = ((spp_attrubute & WPA_CAPABILITY_SPP_CAPABLE) ? SPP_AMSDU_CAP_ENABLE : SPP_AMSDU_CAP_DISABLE); auth_conf->spp_sup.require = ((spp_attrubute & WPA_CAPABILITY_SPP_REQUIRED) ? SPP_AMSDU_REQ_ENABLE : SPP_AMSDU_REQ_DISABLE); @@ -173,9 +174,6 @@ void *hostap_init(void) auth_conf->sae_require_mfp = 1; #endif /* CONFIG_SAE */ - //TODO change it when AP support GCMP-PSK - auth_conf->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC; - hapd->conf->ap_max_inactivity = 5 * 60; hostapd_setup_wpa_psk(hapd->conf); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h index 236ae5bdf8..387a2251bc 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h @@ -303,5 +303,6 @@ uint8_t* esp_wifi_sta_get_rsnxe(u8 *bssid); esp_err_t esp_wifi_sta_connect_internal(const uint8_t *bssid); void esp_wifi_enable_sae_pk_only_mode_internal(void); uint8_t esp_wifi_ap_get_transition_disable_internal(void); +void esp_wifi_ap_set_group_mgmt_cipher_internal(wifi_cipher_type_t cipher); #endif /* _ESP_WIFI_DRIVER_H_ */ diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c index 189c7aa965..98678b6b2d 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index 221098f1f5..5adf4386e3 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -165,9 +165,8 @@ static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, if (key) { wpa_printf (MSG_DEBUG, "%s : igtk idx %d", __func__, idx); wifi_wpa_igtk_t *igtk = os_malloc(sizeof(wifi_wpa_igtk_t)); - if (igtk != NULL) { - memcpy(&igtk->igtk[0], key, WPA_IGTK_LEN); + memcpy(&igtk->igtk[0], key, key_len); memset((uint8_t*)&igtk->pn[0],0,6); igtk->keyid[0] = idx; igtk->keyid[1] = 0; @@ -2453,6 +2452,8 @@ static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth, struct wpa_group *group) { int ret = 0; + size_t len; + len = wpa_cipher_key_len(wpa_auth->conf.group_mgmt_cipher); if (wpa_auth_set_key(wpa_auth, group->vlan_id, wpa_cipher_to_alg(wpa_auth->conf.wpa_group), (uint8_t *)broadcast_ether_addr, group->GN, @@ -2464,7 +2465,7 @@ static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth, wpa_auth_set_key(wpa_auth, group->vlan_id, WIFI_WPA_ALG_IGTK, broadcast_ether_addr, group->GN_igtk, group->IGTK[group->GN_igtk - 4], - WPA_IGTK_LEN) < 0) + len) < 0) ret = -1; #endif /* CONFIG_IEEE80211W */ diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index fac885d674..3fb23602e7 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -108,6 +108,12 @@ wifi_cipher_type_t cipher_type_map_supp_to_public(unsigned wpa_cipher) case WPA_CIPHER_AES_128_CMAC: return WIFI_CIPHER_TYPE_AES_CMAC128; + case WPA_CIPHER_BIP_GMAC_128: + return WIFI_CIPHER_TYPE_AES_GMAC128; + + case WPA_CIPHER_BIP_GMAC_256: + return WIFI_CIPHER_TYPE_AES_GMAC256; + case WPA_CIPHER_SMS4: return WIFI_CIPHER_TYPE_SMS4; From 82db08f9a299f75c6ecd70f1f1d2b048ad5f6ee7 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Thu, 5 Jun 2025 15:24:03 +0530 Subject: [PATCH 2/2] fix(esp_wifi): Set default ap mgmt cipher --- components/esp_wifi/lib | 2 +- .../esp_supplicant/src/esp_hostap.c | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index ef66afa203..e6c344109c 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit ef66afa2032019091430c00f41d13ef77574170d +Subproject commit e6c344109c40d67bc783b09223756b1f42919d02 diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c index 878695691a..57559a3f53 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c @@ -130,6 +130,21 @@ void *hostap_init(void) wpa_printf(MSG_DEBUG, "%s : pmf optional", __func__); } + if (auth_conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { + switch (pairwise_cipher) { + case WIFI_CIPHER_TYPE_CCMP: + auth_conf->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC; + break; + case WIFI_CIPHER_TYPE_GCMP: + auth_conf->group_mgmt_cipher = WPA_CIPHER_BIP_GMAC_128; + break; + case WIFI_CIPHER_TYPE_GCMP256: + auth_conf->group_mgmt_cipher = WPA_CIPHER_BIP_GMAC_256; + break; + default: + auth_conf->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC; + } + } if (authmode == WIFI_AUTH_WPA2_WPA3_PSK) { auth_conf->wpa_key_mgmt |= WPA_KEY_MGMT_SAE; }