fix(wifi) : Add config param for gtk rekeying on softAP side

components/esp_wifi/include/esp_wifi_types_generic.h

@@ -539,6 +539,7 @@ typedef struct {
     uint8_t transition_disable;               /**< Whether to enable transition disable feature */
     uint8_t sae_ext;                          /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */
     wifi_bss_max_idle_config_t bss_max_idle_cfg;  /**< Configuration for bss max idle, effective if CONFIG_WIFI_BSS_MAX_IDLE_SUPPORT is enabled */
+    uint16_t gtk_rekey_interval;              /**< GTK rekeying interval in seconds. If set to 0, GTK rekeying is disabled. Range: 60 ~ 65535 including 0. */
 } wifi_ap_config_t;
 
 #define SAE_H2E_IDENTIFIER_LEN 32    /**< Length of the password identifier for H2E */

components/wpa_supplicant/esp_supplicant/src/esp_hostap.c

@@ -84,6 +84,12 @@ void *hostap_init(void)
 
     hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP);
     auth_conf->sae_pwe = hapd->conf->sae_pwe;
+    auth_conf->wpa_group_rekey = esp_wifi_ap_get_gtk_rekeying_config_internal();
+#define MIN_GTK_REKEYING_INTERVAL 60
+    if (auth_conf->wpa_group_rekey && auth_conf->wpa_group_rekey < MIN_GTK_REKEYING_INTERVAL) {
+        auth_conf->wpa_group_rekey = MIN_GTK_REKEYING_INTERVAL;
+    }
+#undef MIN_GTK_REKEYING_INTERVAL
 
     authmode = esp_wifi_ap_get_prof_authmode_internal();
     if (authmode_has_wpa(authmode)) {

components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h

@@ -285,6 +285,7 @@ esp_err_t esp_wifi_register_mgmt_frame_internal(uint32_t type, uint32_t subtype)
 esp_err_t esp_wifi_send_mgmt_frm_internal(const wifi_mgmt_frm_req_t *req);
 uint8_t esp_wifi_ap_get_prof_pairwise_cipher_internal(void);
 uint8_t esp_wifi_ap_get_sae_ext_config_internal(void);
+uint16_t esp_wifi_ap_get_gtk_rekeying_config_internal(void);
 bool esp_wifi_is_mbo_enabled_internal(uint8_t if_index);
 void esp_wifi_get_pmf_config_internal(wifi_pmf_config_t *pmf_cfg, uint8_t ifx);
 bool esp_wifi_is_ft_enabled_internal(uint8_t if_index);

components/wpa_supplicant/src/ap/wpa_auth.c

@@ -211,6 +211,16 @@ int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
               int (*cb)(struct wpa_state_machine *sm, void *ctx),
               void *cb_ctx)
 {
+    struct hostapd_data *hapd = hostapd_get_hapd_data();
+    struct sta_info *sta;
+
+    if (hapd == NULL)
+        return 1;
+
+    for (sta = hapd->sta_list; sta; sta = sta->next) {
+         if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
+             return 1;
+    }
     return 0;
 }
 
@@ -397,6 +407,11 @@ struct wpa_authenticator * wpa_init(const u8 *addr,
         return NULL;
     }
 
+    if (wpa_auth->conf.wpa_group_rekey) {
+        eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
+                       0, wpa_rekey_gtk, wpa_auth, NULL);
+    }
+
 #ifdef CONFIG_IEEE80211R_AP
     wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
     if (wpa_auth->ft_pmk_cache == NULL) {
@@ -2565,6 +2580,7 @@ static int wpa_sm_step(struct wpa_state_machine *sm)
 void wpa_deinit(struct wpa_authenticator *wpa_auth)
 {
     struct wpa_group *group, *prev;
+    eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
 	pmksa_cache_auth_deinit(wpa_auth->pmksa);
     if (wpa_auth->wpa_ie != NULL) {
         os_free(wpa_auth->wpa_ie);