From fbfa3aa0e0afb1b3e8eddb2b1fe67975b90f3cf7 Mon Sep 17 00:00:00 2001 From: Shreyas Sheth Date: Wed, 2 Apr 2025 10:36:27 +0530 Subject: [PATCH] feat(esp_wifi): Add support of wpa3 compatible more for ap and sta --- components/esp_wifi/include/esp_wifi_types_generic.h | 5 ++--- .../wpa_supplicant/esp_supplicant/src/esp_common.c | 6 +++++- .../wpa_supplicant/esp_supplicant/src/esp_hostap.c | 8 ++++++-- .../esp_supplicant/src/esp_wifi_driver.h | 2 +- .../wpa_supplicant/esp_supplicant/src/esp_wpa3.c | 2 +- .../wpa_supplicant/esp_supplicant/src/esp_wpa_main.c | 12 ++++++------ components/wpa_supplicant/src/ap/wpa_auth_ie.c | 7 +------ components/wpa_supplicant/src/common/wpa_common.c | 7 ++++++- components/wpa_supplicant/src/rsn_supp/wpa.c | 2 +- components/wpa_supplicant/src/rsn_supp/wpa_ie.c | 4 ++++ 10 files changed, 33 insertions(+), 22 deletions(-) diff --git a/components/esp_wifi/include/esp_wifi_types_generic.h b/components/esp_wifi/include/esp_wifi_types_generic.h index 5557024eeb..c82809d8a4 100644 --- a/components/esp_wifi/include/esp_wifi_types_generic.h +++ b/components/esp_wifi/include/esp_wifi_types_generic.h @@ -533,8 +533,6 @@ typedef struct { bool ftm_responder; /**< Enable FTM Responder mode */ wifi_pmf_config_t pmf_cfg; /**< Configuration for Protected Management Frame */ wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */ - uint8_t transition_disable; /**< Whether to enable transition disable feature */ - uint8_t sae_ext; /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */ uint8_t transition_disable: 1; /**< Whether to enable transition disable feature */ uint8_t sae_ext: 1; /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */ uint8_t wpa3_compatible_mode: 1; /**< Whether to enable wpa3 compatible authmode feature */ @@ -565,7 +563,8 @@ typedef struct { uint32_t ft_enabled: 1; /**< Whether FT is enabled for the connection */ uint32_t owe_enabled: 1; /**< Whether OWE is enabled for the connection */ uint32_t transition_disable: 1; /**< Whether to enable transition disable feature */ - uint32_t reserved1: 26; /**< Reserved for future feature set */ + uint32_t wpa3_compatible_mode: 1; /**< Whether to enable wpa3 compatible authmode feature */ + uint32_t reserved1: 25; /**< Reserved for future feature set */ wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */ wifi_sae_pk_mode_t sae_pk_mode; /**< Configuration for SAE-PK (Public Key) Authentication method */ uint8_t failure_retry_cnt; /**< Number of connection retries station will do before moving to next AP. scan_method should be set as WIFI_ALL_CHANNEL_SCAN to use this config. diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_common.c b/components/wpa_supplicant/esp_supplicant/src/esp_common.c index b95578035e..60e5cc0e5c 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_common.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_common.c @@ -322,7 +322,9 @@ void supplicant_sta_conn_handler(uint8_t *bssid) u8 *ie; struct wpa_supplicant *wpa_s = &g_wpa_supp; struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, bssid); +#ifdef CONFIG_RRM struct ieee802_11_elems elems; +#endif if (!bss) { wpa_printf(MSG_INFO, "connected bss entry not present in scan cache"); @@ -331,11 +333,13 @@ void supplicant_sta_conn_handler(uint8_t *bssid) wpa_s->current_bss = bss; ie = (u8 *)bss; ie += sizeof(struct wpa_bss); +#ifdef CONFIG_RRM ieee802_11_parse_elems(ie, bss->ie_len, &elems, 0); if (elems.rrm_enabled_len > 0 && elems.rrm_enabled != NULL) { - os_memcpy(wpa_s->rrm_ie, elems.rrm_enabled, 5); //TODO ask kapil about 5 + os_memcpy(wpa_s->rrm_ie, elems.rrm_enabled, 5); wpa_s->rrm.rrm_used = true; } +#endif wpa_bss_flush(wpa_s); /* Register for mgmt frames */ register_mgmt_frames(wpa_s); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c index 44dba7071b..df9da91253 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c @@ -84,7 +84,6 @@ void *hostap_init(void) } hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP); - auth_conf->sae_pwe = hapd->conf->sae_pwe; auth_conf->wpa_group_rekey = esp_wifi_ap_get_gtk_rekeying_config_internal(); #define MIN_GTK_REKEYING_INTERVAL 60 if (auth_conf->wpa_group_rekey && auth_conf->wpa_group_rekey < MIN_GTK_REKEYING_INTERVAL) { @@ -111,6 +110,9 @@ void *hostap_init(void) } #endif /* CONFIG_IEEE80211W */ if (esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_AP)) { + //TODO check sae_pwe + hapd->conf->sae_pwe = SAE_PWE_HASH_TO_ELEMENT; + auth_conf->rsn_override_omit_rsnxe = 1; hapd->conf->rsn_override_key_mgmt = WPA_KEY_MGMT_SAE; hapd->conf->rsn_override_pairwise = WPA_CIPHER_CCMP; hapd->conf->rsn_override_mfp = MGMT_FRAME_PROTECTION_REQUIRED; @@ -144,6 +146,7 @@ void *hostap_init(void) auth_conf->rsn_pairwise = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP; } + auth_conf->sae_pwe = hapd->conf->sae_pwe; auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK; auth_conf->eapol_version = EAPOL_VERSION; @@ -200,7 +203,8 @@ void *hostap_init(void) #ifdef CONFIG_SAE if (authmode == WIFI_AUTH_WPA3_PSK || - authmode == WIFI_AUTH_WPA2_WPA3_PSK) { + authmode == WIFI_AUTH_WPA2_WPA3_PSK || + esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_AP)) { if (wpa3_hostap_auth_init(hapd) != 0) { goto fail; } diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h index 52ddae0473..1bfdc2ccd2 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h @@ -129,7 +129,7 @@ struct wpa_funcs { bool (*wpa_sta_in_4way_handshake)(void); void *(*wpa_ap_init)(void); bool (*wpa_ap_deinit)(void *data); - bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *assoc_req_ie, uint32_t assoc_req_ie_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher); + bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *assoc_req_ie, uint32_t len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher); bool (*wpa_ap_remove)(u8 *bssid); uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len); bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c index d3436684d1..15f138cac3 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c @@ -53,7 +53,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len) rsnxe = esp_wifi_sta_get_ie((u8*)bssid, WLAN_EID_RSNX); } if (rsnxe && rsnxe[0] == WLAN_EID_VENDOR_SPECIFIC && - rsnxe[1] >= 1 + 4) { + rsnxe[1] >= 1 + 4) { rsnxe_capa = rsnxe[2 + 4]; } else if (rsnxe && rsnxe[1] >= 1) { rsnxe_capa = rsnxe[2]; diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c index 827f331df9..f71d0f69b8 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c @@ -389,17 +389,17 @@ static bool hostap_sta_join(void **sta, u8 *bssid, u8 *assoc_req_ie, uint32_t as } if (ieee802_11_parse_elems(assoc_req_ie, assoc_ie_len, &elems, 1) == ParseFailed) { - wpa_printf(MSG_INFO, "Failed to parse assoc req IEs"); - return -1; + wpa_printf(MSG_INFO, "Failed to parse assoc req IEs"); + return -1; } if (elems.rsn_ie) { - elems.rsn_ie = elems.rsn_ie - 2; - elems.rsn_ie_len = elems.rsn_ie_len + 2; + elems.rsn_ie = elems.rsn_ie - 2; + elems.rsn_ie_len = elems.rsn_ie_len + 2; } if (elems.rsnxe) { - elems.rsnxe = elems.rsnxe - 2; - elems.rsnxe_len = elems.rsnxe_len + 2; + elems.rsnxe = elems.rsnxe - 2; + elems.rsnxe_len = elems.rsnxe_len + 2; } if (*sta) { diff --git a/components/wpa_supplicant/src/ap/wpa_auth_ie.c b/components/wpa_supplicant/src/ap/wpa_auth_ie.c index 45f7593110..ed34241985 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth_ie.c +++ b/components/wpa_supplicant/src/ap/wpa_auth_ie.c @@ -506,7 +506,7 @@ int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth) return res; pos += res; } - + if ((wpa_auth->conf.wpa & WPA_PROTO_RSN) && (wpa_auth->conf.rsn_override_key_mgmt)) { res = wpa_write_rsnxe_override(&wpa_auth->conf, pos, @@ -661,11 +661,6 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, return WPA_INVALID_AKMP; } - if (!key_mgmt) { - wpa_printf( MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from " - MACSTR, data.key_mgmt, MAC2STR(sm->addr)); - return WPA_INVALID_AKMP; - } if (0) { } #ifdef CONFIG_IEEE80211R_AP diff --git a/components/wpa_supplicant/src/common/wpa_common.c b/components/wpa_supplicant/src/common/wpa_common.c index c33d01da96..1aa4db2dca 100644 --- a/components/wpa_supplicant/src/common/wpa_common.c +++ b/components/wpa_supplicant/src/common/wpa_common.c @@ -402,7 +402,12 @@ int wpa_parse_wpa_ie_rsnxe(const u8 *rsnxe_ie, size_t rsnxe_ie_len, if (rsnxe_ie_len < 1) { return -1; } - rsnxe_capa = rsnxe_ie[2]; + if (rsnxe_ie && rsnxe_ie[0] == WLAN_EID_VENDOR_SPECIFIC && + rsnxe_ie[1] >= 1 + 4) { + rsnxe_capa = rsnxe_ie[2 + 4]; + } else { + rsnxe_capa = rsnxe_ie[2]; + } if (sae_pwe == 1 && !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))){ wpa_printf(MSG_ERROR, "SAE H2E required, but not supported by the AP"); return -1; diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index f7392a54c6..5161327c8a 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2601,7 +2601,7 @@ int wpa_set_bss(uint8_t *macddr, uint8_t *bssid, u8 pairwise_cipher, u8 group_ci esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_STA)); wpa_sm_set_param(sm, WPA_PARAM_RSN_OVERRIDE, RSN_OVERRIDE_NOT_USED); - ie = esp_wifi_sta_get_ie(bssid, WLAN_EID_RSN); + ie = esp_wifi_sta_get_ie(bssid, WFA_RSNE_OVERRIDE_OUI_TYPE); if (esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_STA) && ie && ie[0] != WLAN_EID_RSN) { diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_ie.c b/components/wpa_supplicant/src/rsn_supp/wpa_ie.c index f1e056cf81..0edbaad862 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa_ie.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa_ie.c @@ -43,6 +43,10 @@ int wpa_parse_wpa_ie(const u8 *wpa_ie, size_t wpa_ie_len, wpa_ie[1] >= 4 && WPA_GET_BE32(&wpa_ie[2]) == RSNE_OVERRIDE_IE_VENDOR_TYPE) { return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data); + } else if (wpa_ie_len >= 6 && wpa_ie[0] == WLAN_EID_VENDOR_SPECIFIC && + wpa_ie[1] >= 4 && + WPA_GET_BE32(&wpa_ie[2]) == RSNXE_OVERRIDE_IE_VENDOR_TYPE) { + return wpa_parse_wpa_ie_rsnxe(wpa_ie, wpa_ie_len, data); } return wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, data); }