diff --git a/components/esp_coex/src/coexist_debug_diagram.c b/components/esp_coex/src/coexist_debug_diagram.c index ed2fd1c88e..a69d8dd90f 100644 --- a/components/esp_coex/src/coexist_debug_diagram.c +++ b/components/esp_coex/src/coexist_debug_diagram.c @@ -16,7 +16,7 @@ void diagram_bind_io_to_evt(void) { coex_bind_io_to_evt(1, 16); #else coex_bind_io_to_evt(0, 0); - coex_bind_io_to_evt(1, 1); + coex_bind_io_to_evt(1, 4); #endif /* Bind IO to Wi-Fi evt */ wifi_bind_io_to_evt(2, 9); @@ -35,7 +35,7 @@ void diagram_bind_io_to_evt(void) { coex_bind_io_to_evt(1, 16); #else coex_bind_io_to_evt(0, 0); - coex_bind_io_to_evt(1, 1); + coex_bind_io_to_evt(1, 4); #endif /* Bind IO to Wi-Fi evt */ wifi_bind_io_to_evt(2, 9); diff --git a/components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld b/components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld index 9b2aec6265..aa413cd201 100644 --- a/components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld +++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.eco4.ld @@ -41,7 +41,7 @@ wDev_AppendRxBlocks = 0x40001cdc; wDev_ProcessFiq = 0x40001d08; wDev_ProcessRxSucData = 0x40001d0c; ppProcTxDone = 0x40001d1c; -pm_tx_data_done_process = 0x40001d20; +/*pm_tx_data_done_process = 0x40001d20;*/ ppMapWaitTxq = 0x40001d28; lmacDiscardFrameExchangeSequence = 0x40001d70; lmacDisableTransmit = 0x40001d74; @@ -61,7 +61,7 @@ pm_stop = 0x40001e38; hal_set_sta_tbtt = 0x40001e4c; //pm_update_next_tbtt = 0x40001e50; pm_set_sleep_type = 0x40001e54; -pm_tx_null_data_done_process = 0x40001eb0; +/*pm_tx_null_data_done_process = 0x40001eb0;*/ //pm_tx_data_process = 0x40001eb4; /*pm_attach = 0x40001eb8;*/ /*pm_coex_schm_process = 0x40001ebc;*/ diff --git a/components/esp_rom/esp32c2/ld/esp32c2.rom.ld b/components/esp_rom/esp32c2/ld/esp32c2.rom.ld index b568eb92b4..75bd2a0d49 100644 --- a/components/esp_rom/esp32c2/ld/esp32c2.rom.ld +++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.ld @@ -531,7 +531,7 @@ pm_local_tsf_process = 0x40001b8c; pm_set_beacon_filter = 0x40001b90; pm_is_in_wifi_slice_threshold = 0x40001b94; pm_is_waked = 0x40001b98; -pm_keep_alive = 0x40001b9c; +/*pm_keep_alive = 0x40001b9c;*/ /* pm_on_beacon_rx = 0x40001ba0; */ pm_on_data_rx = 0x40001ba4; pm_on_tbtt = 0x40001ba8; diff --git a/components/esp_rom/esp32c3/ld/esp32c3.rom.ld b/components/esp_rom/esp32c3/ld/esp32c3.rom.ld index 3394424809..ccfacca75b 100644 --- a/components/esp_rom/esp32c3/ld/esp32c3.rom.ld +++ b/components/esp_rom/esp32c3/ld/esp32c3.rom.ld @@ -720,7 +720,7 @@ pm_local_tsf_process = 0x40001668; pm_set_beacon_filter = 0x4000166c; pm_is_in_wifi_slice_threshold = 0x40001670; pm_is_waked = 0x40001674; -pm_keep_alive = 0x40001678; +/*pm_keep_alive = 0x40001678;*/ /* pm_on_beacon_rx = 0x4000167c; */ pm_on_data_rx = 0x40001680; pm_on_tbtt = 0x40001684; diff --git a/components/esp_rom/esp32s3/ld/esp32s3.rom.ld b/components/esp_rom/esp32s3/ld/esp32s3.rom.ld index a883ee0416..eb786cfaff 100644 --- a/components/esp_rom/esp32s3/ld/esp32s3.rom.ld +++ b/components/esp_rom/esp32s3/ld/esp32s3.rom.ld @@ -974,7 +974,7 @@ pm_local_tsf_process = 0x40005478; pm_set_beacon_filter = 0x40005484; pm_is_in_wifi_slice_threshold = 0x40005490; pm_is_waked = 0x4000549c; -pm_keep_alive = 0x400054a8; +/*pm_keep_alive = 0x400054a8;*/ /* pm_on_beacon_rx = 0x400054b4; */ pm_on_data_rx = 0x400054c0; pm_on_tbtt = 0x400054cc; diff --git a/components/esp_wifi/include/esp_now.h b/components/esp_wifi/include/esp_now.h index af7695e258..1fcffa4a0e 100644 --- a/components/esp_wifi/include/esp_now.h +++ b/components/esp_wifi/include/esp_now.h @@ -94,15 +94,8 @@ typedef struct esp_now_recv_info { /** * @brief ESPNOW rate config - * */ -typedef struct esp_now_rate_config { - wifi_phy_mode_t phymode; /**< ESPNOW phymode of specified interface */ - wifi_phy_rate_t rate; /**< ESPNOW rate of specified interface */ - bool ersu; /**< ESPNOW using ERSU to send frame, ERSU is a transmission mode related to 802.11 ax. - ERSU is always used in long distance transmission, and its frame has lower rate compared with SU mode */ - bool dcm; /**< ESPNOW using dcm rate to send frame */ -} esp_now_rate_config_t; +typedef wifi_tx_rate_config_t esp_now_rate_config_t; /** * @brief Callback function of receiving ESPNOW data diff --git a/components/esp_wifi/include/esp_wifi.h b/components/esp_wifi/include/esp_wifi.h index fc321d2036..cce6afaa9c 100644 --- a/components/esp_wifi/include/esp_wifi.h +++ b/components/esp_wifi/include/esp_wifi.h @@ -1544,6 +1544,7 @@ esp_err_t esp_wifi_get_country_code(char *country); * @brief Config 80211 tx rate of specified interface * * @attention 1. This API should be called after esp_wifi_init() and before esp_wifi_start(). + * @attention 2. Can not set 80211 tx rate under 11A/11AC/11AX protocol, you can use esp_wifi_config_80211_tx instead. * * @param ifx Interface to be configured. * @param rate Phy rate to be configured. @@ -1554,6 +1555,21 @@ esp_err_t esp_wifi_get_country_code(char *country); */ esp_err_t esp_wifi_config_80211_tx_rate(wifi_interface_t ifx, wifi_phy_rate_t rate); +/** + * @brief Config 80211 tx rate and phymode of specified interface + * + * @attention 1. This API should be called after esp_wifi_init() and before esp_wifi_start(). + + * + * @param ifx Interface to be configured. + * @param config rate_config to be configured. + * + * @return + * - ESP_OK: succeed + * - others: failed + */ +esp_err_t esp_wifi_config_80211_tx(wifi_interface_t ifx, wifi_tx_rate_config_t *config); + /** * @brief Disable PMF configuration for specified interface * diff --git a/components/esp_wifi/include/esp_wifi_he_types.h b/components/esp_wifi/include/esp_wifi_he_types.h index e2fe9c9f75..f5ac859fb7 100644 --- a/components/esp_wifi/include/esp_wifi_he_types.h +++ b/components/esp_wifi/include/esp_wifi_he_types.h @@ -204,9 +204,9 @@ typedef struct { unsigned : 1; /**< reserved */ unsigned : 1; /**< reserved */ unsigned : 1; /**< reserved */ - unsigned channel: 4; /**< the primary channel */ - unsigned second: 4; /**< the second channel if in HT40 */ - unsigned : 12; /**< reserved */ + unsigned channel: 8; /**< the primary channel */ + unsigned second: 8; /**< the second channel if in HT40 */ + unsigned : 4; /**< reserved */ unsigned : 4; /**< reserved */ unsigned : 1; /**< reserved */ unsigned : 7; /**< reserved */ diff --git a/components/esp_wifi/include/esp_wifi_types_generic.h b/components/esp_wifi/include/esp_wifi_types_generic.h index a232069fa4..7b7363ea38 100644 --- a/components/esp_wifi/include/esp_wifi_types_generic.h +++ b/components/esp_wifi/include/esp_wifi_types_generic.h @@ -508,20 +508,21 @@ typedef enum { * @brief Soft-AP configuration settings for the device */ typedef struct { - uint8_t ssid[32]; /**< SSID of soft-AP. If ssid_len field is 0, this must be a Null terminated string. Otherwise, length is set according to ssid_len. */ - uint8_t password[64]; /**< Password of soft-AP. */ - uint8_t ssid_len; /**< Optional length of SSID field. */ - uint8_t channel; /**< Channel of soft-AP */ - wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP. */ - uint8_t ssid_hidden; /**< Broadcast SSID or not, default 0, broadcast the SSID */ - uint8_t max_connection; /**< Max number of stations allowed to connect in */ - uint16_t beacon_interval; /**< Beacon interval which should be multiples of 100. Unit: TU(time unit, 1 TU = 1024 us). Range: 100 ~ 60000. Default value: 100 */ - uint8_t csa_count; /**< Channel Switch Announcement Count. Notify the station that the channel will switch after the csa_count beacon intervals. Range: 1 ~ 30. Default value: 3 */ - uint8_t dtim_period; /**< Dtim period of soft-AP. Range: 1 ~ 10. Default value: 1 */ - wifi_cipher_type_t pairwise_cipher; /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */ - bool ftm_responder; /**< Enable FTM Responder mode */ - wifi_pmf_config_t pmf_cfg; /**< Configuration for Protected Management Frame */ - wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */ + uint8_t ssid[32]; /**< SSID of soft-AP. If ssid_len field is 0, this must be a Null terminated string. Otherwise, length is set according to ssid_len. */ + uint8_t password[64]; /**< Password of soft-AP. */ + uint8_t ssid_len; /**< Optional length of SSID field. */ + uint8_t channel; /**< Channel of soft-AP */ + wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP. */ + uint8_t ssid_hidden; /**< Broadcast SSID or not, default 0, broadcast the SSID */ + uint8_t max_connection; /**< Max number of stations allowed to connect in */ + uint16_t beacon_interval; /**< Beacon interval which should be multiples of 100. Unit: TU(time unit, 1 TU = 1024 us). Range: 100 ~ 60000. Default value: 100 */ + uint8_t csa_count; /**< Channel Switch Announcement Count. Notify the station that the channel will switch after the csa_count beacon intervals. Default value: 3 */ + uint8_t dtim_period; /**< Dtim period of soft-AP. Range: 1 ~ 10. Default value: 1 */ + wifi_cipher_type_t pairwise_cipher; /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */ + bool ftm_responder; /**< Enable FTM Responder mode */ + wifi_pmf_config_t pmf_cfg; /**< Configuration for Protected Management Frame */ + wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */ + uint8_t transition_disable; /**< Whether to enable transition disable feature */ } wifi_ap_config_t; #define SAE_H2E_IDENTIFIER_LEN 32 /**< Length of the password identifier for H2E */ @@ -560,7 +561,7 @@ typedef struct { uint32_t he_trig_mu_bmforming_partial_feedback_disabled: 1; /**< Whether to disable support the transmission of partial-bandwidth MU feedback in an HE TB sounding sequence. */ uint32_t he_trig_cqi_feedback_disabled: 1; /**< Whether to disable support the transmission of CQI feedback in an HE TB sounding sequence. */ uint32_t he_reserved: 22; /**< Reserved for future feature set */ - uint8_t sae_h2e_identifier[SAE_H2E_IDENTIFIER_LEN];/**< Password identifier for H2E. this needs to be null terminated string */ + uint8_t sae_h2e_identifier[SAE_H2E_IDENTIFIER_LEN]; /**< Password identifier for H2E. this needs to be null terminated string */ } wifi_sta_config_t; /** @@ -1019,6 +1020,8 @@ typedef enum { WIFI_EVENT_STA_NEIGHBOR_REP, /**< Received Neighbor Report response */ + WIFI_EVENT_AP_WRONG_PASSWORD, /**< a station tried to connect with wrong password */ + WIFI_EVENT_MAX, /**< Invalid Wi-Fi event ID */ } wifi_event_t; @@ -1313,6 +1316,22 @@ typedef struct { uint16_t report_len; /**< Length of the report*/ } wifi_event_neighbor_report_t; +/** Argument structure for WIFI_EVENT_AP_WRONG_PASSWORD event */ +typedef struct { + uint8_t mac[6]; /**< MAC address of the station trying to connect to Soft-AP */ +} wifi_event_ap_wrong_password_t; + +/** + * @brief Argument structure for wifi_tx_rate_config + */ +typedef struct { + wifi_phy_mode_t phymode; /**< Phymode of specified interface */ + wifi_phy_rate_t rate; /**< Rate of specified interface */ + bool ersu; /**< Using ERSU to send frame, ERSU is a transmission mode related to 802.11 ax. + ERSU is always used in long distance transmission, and its frame has lower rate compared with SU mode */ + bool dcm; /**< Using dcm rate to send frame */ +} wifi_tx_rate_config_t; + #ifdef __cplusplus } #endif diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index a29b11bf0f..b15699a76c 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit a29b11bf0fe019ca0ade5459714b0b2426dfe020 +Subproject commit b15699a76c068ab7d7dc6cbee53eb6d559fe646f diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c index 5f929284be..a5d92e64f5 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c @@ -1163,6 +1163,10 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y, int secret_key = 0; mbedtls_ecdh_context *ctx = (mbedtls_ecdh_context *)ecdh; + if (!ctx) { + wpa_printf(MSG_ERROR, "ECDH Context is NULL"); + return 0; + } mbedtls_ctr_drbg_context ctr_drbg; mbedtls_entropy_context entropy; @@ -1216,7 +1220,7 @@ struct wpabuf * crypto_ecdh_set_peerkey(struct crypto_ecdh *ecdh, int inc_y, /* Setup ECDH context from EC key */ /* Call to mbedtls_ecdh_get_params() will initialize the context when not LEGACY context */ - if (ctx != NULL && peer != NULL) { + if (peer != NULL) { mbedtls_ecp_copy(ACCESS_ECDH(&ctx, Qp), &(mbedtls_pk_ec(*peer))->MBEDTLS_PRIVATE(Q)); #ifndef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT ctx->MBEDTLS_PRIVATE(var) = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c index 0716ad5952..42e42c99ce 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c @@ -161,6 +161,19 @@ void *hostap_init(void) os_memcpy(hapd->conf->ssid.wpa_passphrase, esp_wifi_ap_get_prof_password_internal(), strlen((char *)esp_wifi_ap_get_prof_password_internal())); hapd->conf->ssid.wpa_passphrase[WIFI_PASSWORD_LEN_MAX - 1] = '\0'; hapd->conf->max_num_sta = esp_wifi_ap_get_max_sta_conn(); + auth_conf->transition_disable = esp_wifi_ap_get_transition_disable_internal(); + if (authmode != WIFI_AUTH_WPA3_PSK && + authmode != WIFI_AUTH_WPA2_WPA3_PSK && auth_conf->transition_disable) { + auth_conf->transition_disable = 0; + wpa_printf(MSG_DEBUG, "overriding transition_disable config with 0 as authmode is not WPA3"); + } + +#ifdef CONFIG_SAE + auth_conf->sae_require_mfp = 1; +#endif /* CONFIG_SAE */ + + //TODO change it when AP support GCMP-PSK + auth_conf->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC; hapd->conf->ap_max_inactivity = 5 * 60; hostapd_setup_wpa_psk(hapd->conf); @@ -348,7 +361,7 @@ uint8_t wpa_status_to_reason_code(int status) } bool hostap_new_assoc_sta(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie, - uint8_t wpa_ie_len, uint8_t *rsnxe, uint8_t rsnxe_len, + uint8_t wpa_ie_len, uint8_t *rsnxe, uint16_t rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher, uint8_t *reason) { struct hostapd_data *hapd = (struct hostapd_data*)esp_wifi_get_hostap_private_internal(); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h index a07650603d..b9dc1eba43 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h @@ -128,7 +128,7 @@ struct wpa_funcs { bool (*wpa_sta_in_4way_handshake)(void); void *(*wpa_ap_init)(void); bool (*wpa_ap_deinit)(void *data); - bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8* rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher); + bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8* rsnxe, u16 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher); bool (*wpa_ap_remove)(u8 *bssid); uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len); bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len); @@ -303,5 +303,8 @@ bool esp_wifi_eb_tx_status_success_internal(void *eb); uint8_t* esp_wifi_sta_get_rsnxe(u8 *bssid); esp_err_t esp_wifi_sta_connect_internal(const uint8_t *bssid); void esp_wifi_enable_sae_pk_only_mode_internal(void); +uint8_t esp_wifi_ap_get_transition_disable_internal(void); +int esp_wifi_softap_set_obss_overlap(bool overlap); +void esp_wifi_set_sigma_internal(bool flag); #endif /* _ESP_WIFI_DRIVER_H_ */ diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c index e66b2a745d..f93722edb1 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c @@ -532,6 +532,11 @@ static void wpa3_process_rx_confirm(wpa3_hostap_auth_event_t *evt) goto done; } if (ret == WLAN_STATUS_SUCCESS) { + if (sta->sae_data && esp_send_sae_auth_reply(hapd, sta->addr, frm->bssid, WLAN_AUTH_SAE, 2, + WLAN_STATUS_SUCCESS, wpabuf_head(sta->sae_data), wpabuf_len(sta->sae_data)) != ESP_OK) { + ap_free_sta(hapd, sta); + goto done; + } if (esp_wifi_ap_notify_node_sae_auth_done(frm->bssid) != true) { ap_free_sta(hapd, sta); goto done; @@ -543,6 +548,11 @@ static void wpa3_process_rx_confirm(wpa3_hostap_auth_event_t *evt) esp_wifi_ap_get_sta_aid(frm->bssid, &aid); if (aid == 0) { esp_wifi_ap_deauth_internal(frm->bssid, ret); + } else { + if (sta && sta->sae_data) { + wpabuf_free(sta->sae_data); + sta->sae_data = NULL; + } } } } diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c index 09532deb12..ae734b40cd 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c @@ -352,7 +352,7 @@ static int check_n_add_wps_sta(struct hostapd_data *hapd, struct sta_info *sta_i } #endif -static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8 *rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher) +static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8 *rsnxe, u16 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher) { struct sta_info *sta_info = NULL; struct hostapd_data *hapd = hostapd_get_hapd_data(); diff --git a/components/wpa_supplicant/src/ap/ap_config.h b/components/wpa_supplicant/src/ap/ap_config.h index 1d11dd4816..731b1da032 100644 --- a/components/wpa_supplicant/src/ap/ap_config.h +++ b/components/wpa_supplicant/src/ap/ap_config.h @@ -383,7 +383,7 @@ const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf); struct sta_info; bool hostap_new_assoc_sta(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie, - uint8_t wpa_ie_len,uint8_t *rsnxe, uint8_t rsnxe_len, + uint8_t wpa_ie_len, uint8_t *rsnxe, uint16_t rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher, uint8_t *reason); bool wpa_ap_remove(u8* bssid); diff --git a/components/wpa_supplicant/src/ap/ieee802_11.c b/components/wpa_supplicant/src/ap/ieee802_11.c index f47a9b86cc..653926d70b 100644 --- a/components/wpa_supplicant/src/ap/ieee802_11.c +++ b/components/wpa_supplicant/src/ap/ieee802_11.c @@ -179,14 +179,18 @@ static int auth_sae_send_confirm(struct hostapd_data *hapd, #ifdef ESP_SUPPLICANT if (sta->remove_pending) { reply_res = -1; + wpabuf_free(data); } else { - reply_res = esp_send_sae_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2, - WLAN_STATUS_SUCCESS, wpabuf_head(data), - wpabuf_len(data)); + if (sta->sae_data) + wpabuf_free(sta->sae_data); + sta->sae_data = data; + reply_res = 0; + /* confirm is sent in later stage when all the required processing for a sta is done*/ } +#else + wpabuf_free(data); #endif /* ESP_SUPPLICANT */ - wpabuf_free(data); return reply_res; } @@ -625,6 +629,10 @@ int handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, if (sae_check_confirm(sta->sae, buf, len) < 0) { resp = WLAN_STATUS_CHALLENGE_FAIL; + wifi_event_ap_wrong_password_t evt = {0}; + os_memcpy(evt.mac, bssid, ETH_ALEN); + esp_event_post(WIFI_EVENT, WIFI_EVENT_AP_WRONG_PASSWORD, &evt, + sizeof(evt), 0); goto reply; } sta->sae->rc = peer_send_confirm; @@ -672,7 +680,7 @@ int auth_sae_queue(struct hostapd_data *hapd, unsigned int queue_len; queue_len = dl_list_len(&hapd->sae_commit_queue); - if (queue_len >= 5) { + if (queue_len >= hapd->conf->max_num_sta) { wpa_printf(MSG_DEBUG, "SAE: No more room in message queue - drop the new frame from " MACSTR, MAC2STR(bssid)); diff --git a/components/wpa_supplicant/src/ap/sta_info.c b/components/wpa_supplicant/src/ap/sta_info.c index 66e856ebee..0894486373 100644 --- a/components/wpa_supplicant/src/ap/sta_info.c +++ b/components/wpa_supplicant/src/ap/sta_info.c @@ -113,6 +113,10 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta) os_mutex_delete(sta->lock); sta->lock = NULL; } + if (sta->sae_data) { + wpabuf_free(sta->sae_data); + sta->sae_data = NULL; + } #endif /* CONFIG_SAE */ wpa_auth_sta_deinit(sta->wpa_sm); #ifdef CONFIG_WPS_REGISTRAR diff --git a/components/wpa_supplicant/src/ap/sta_info.h b/components/wpa_supplicant/src/ap/sta_info.h index af475d09c0..3c3769dd1a 100644 --- a/components/wpa_supplicant/src/ap/sta_info.h +++ b/components/wpa_supplicant/src/ap/sta_info.h @@ -66,6 +66,7 @@ struct sta_info { * processing commit for that station */ bool remove_pending; /* Flag to indicate to free station when * whose mutex is taken by task */ + struct wpabuf *sae_data; #endif /* CONFIG_SAE */ #endif /* ESP_SUPPLICANT */ diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index 58748a85ff..221098f1f5 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -1668,6 +1668,10 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) if (!ok) { wpa_printf(MSG_INFO, "invalid MIC in msg 2/4 of 4-Way Handshake"); + wifi_event_ap_wrong_password_t evt = {0}; + os_memcpy(evt.mac, sm->addr, ETH_ALEN); + esp_event_post(WIFI_EVENT, WIFI_EVENT_AP_WRONG_PASSWORD, &evt, + sizeof(evt), 0); return; } @@ -1871,6 +1875,10 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING) } kde_len = wpa_ie_len + ieee80211w_kde_len(sm); + + if (sm->wpa_auth->conf.transition_disable) + kde_len += 2 + RSN_SELECTOR_LEN + 1; + if (gtk) kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len; #ifdef CONFIG_IEEE80211R_AP @@ -1907,6 +1915,9 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING) } pos = ieee80211w_kde_add(sm, pos); + if (sm->wpa_auth->conf.transition_disable) + pos = wpa_add_kde(pos, WFA_KEY_DATA_TRANSITION_DISABLE, + &sm->wpa_auth->conf.transition_disable, 1, NULL, 0); #ifdef CONFIG_IEEE80211R_AP if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { int res; diff --git a/components/wpa_supplicant/src/ap/wpa_auth.h b/components/wpa_supplicant/src/ap/wpa_auth.h index e39c1425e4..057838ce87 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.h +++ b/components/wpa_supplicant/src/ap/wpa_auth.h @@ -144,6 +144,10 @@ struct wpa_auth_config { #ifdef CONFIG_IEEE80211W enum mfp_options ieee80211w; #endif /* CONFIG_IEEE80211W */ + int group_mgmt_cipher; +#ifdef CONFIG_SAE + int sae_require_mfp; +#endif /* CONFIG_SAE */ #ifdef CONFIG_IEEE80211R #define SSID_LEN 32 u8 ssid[SSID_LEN]; @@ -163,6 +167,7 @@ struct wpa_auth_config { int ap_mlme; enum sae_pwe sae_pwe; struct rsn_sppamsdu_sup spp_sup; + u8 transition_disable; }; typedef enum { diff --git a/components/wpa_supplicant/src/ap/wpa_auth_ie.c b/components/wpa_supplicant/src/ap/wpa_auth_ie.c index e25223d0fe..1eedb701c2 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth_ie.c +++ b/components/wpa_supplicant/src/ap/wpa_auth_ie.c @@ -388,6 +388,7 @@ u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len, return pos; } + enum wpa_validate_result wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *sm, @@ -563,13 +564,25 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, return WPA_MGMT_FRAME_PROTECTION_VIOLATION; } - if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) { - wpa_printf( MSG_DEBUG, "Unsupported management group " + if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher) + { + wpa_printf(MSG_DEBUG, "Unsupported management group " "cipher %d", data.mgmt_group_cipher); return WPA_INVALID_MGMT_GROUP_CIPHER; } } +#ifdef CONFIG_SAE + if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL && + wpa_auth->conf.sae_require_mfp && + wpa_key_mgmt_sae(sm->wpa_key_mgmt) && + !(data.capabilities & WPA_CAPABILITY_MFPC)) { + wpa_printf(MSG_DEBUG, + "Management frame protection required with SAE, but client did not enable it"); + return WPA_MGMT_FRAME_PROTECTION_VIOLATION; + } +#endif /* CONFIG_SAE */ + if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION || !(data.capabilities & WPA_CAPABILITY_MFPC)) sm->mgmt_frame_prot = 0; diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index aef17fc9c0..7465a80e39 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2731,8 +2731,6 @@ struct wpa_sm * get_wpa_sm(void) int wpa_sm_set_ap_rsnxe(const u8 *ie, size_t len) { struct wpa_sm *sm = &gWpaSm; - if (!sm) - return -1; os_free(sm->ap_rsnxe); if (!ie || len == 0) {