espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-03 18:40:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(esp_wifi): Add support of wpa3 compatible more for ap and sta

Browse Source
This commit is contained in:
Shreyas Sheth
2025-04-02 10:36:27 +05:30
committed by Kapil Gupta
parent e8a19841f4
commit fbfa3aa0e0
10 changed files with 33 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
components/esp_wifi/include/esp_wifi_types_generic.h
View File

@@ -533,8 +533,6 @@ typedef struct {
bool ftm_responder; /**< Enable FTM Responder mode */ bool ftm_responder; /**< Enable FTM Responder mode */
wifi_pmf_config_t pmf_cfg; /**< Configuration for Protected Management Frame */ wifi_pmf_config_t pmf_cfg; /**< Configuration for Protected Management Frame */
wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */ wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */
uint8_t transition_disable; /**< Whether to enable transition disable feature */
uint8_t sae_ext; /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */
uint8_t transition_disable: 1; /**< Whether to enable transition disable feature */ uint8_t transition_disable: 1; /**< Whether to enable transition disable feature */
uint8_t sae_ext: 1; /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */ uint8_t sae_ext: 1; /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */
uint8_t wpa3_compatible_mode: 1; /**< Whether to enable wpa3 compatible authmode feature */ uint8_t wpa3_compatible_mode: 1; /**< Whether to enable wpa3 compatible authmode feature */
@@ -565,7 +563,8 @@ typedef struct {
uint32_t ft_enabled: 1; /**< Whether FT is enabled for the connection */ uint32_t ft_enabled: 1; /**< Whether FT is enabled for the connection */
uint32_t owe_enabled: 1; /**< Whether OWE is enabled for the connection */ uint32_t owe_enabled: 1; /**< Whether OWE is enabled for the connection */
uint32_t transition_disable: 1; /**< Whether to enable transition disable feature */ uint32_t transition_disable: 1; /**< Whether to enable transition disable feature */
uint32_t reserved1: 26; /**< Reserved for future feature set */ uint32_t wpa3_compatible_mode: 1; /**< Whether to enable wpa3 compatible authmode feature */
uint32_t reserved1: 25; /**< Reserved for future feature set */
wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */ wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */
wifi_sae_pk_mode_t sae_pk_mode; /**< Configuration for SAE-PK (Public Key) Authentication method */ wifi_sae_pk_mode_t sae_pk_mode; /**< Configuration for SAE-PK (Public Key) Authentication method */
uint8_t failure_retry_cnt; /**< Number of connection retries station will do before moving to next AP. scan_method should be set as WIFI_ALL_CHANNEL_SCAN to use this config. uint8_t failure_retry_cnt; /**< Number of connection retries station will do before moving to next AP. scan_method should be set as WIFI_ALL_CHANNEL_SCAN to use this config.

6
components/wpa_supplicant/esp_supplicant/src/esp_common.c
View File

@@ -322,7 +322,9 @@ void supplicant_sta_conn_handler(uint8_t *bssid)
u8 *ie; u8 *ie;
struct wpa_supplicant *wpa_s = &g_wpa_supp; struct wpa_supplicant *wpa_s = &g_wpa_supp;
struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, bssid); struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, bssid);
#ifdef CONFIG_RRM
struct ieee802_11_elems elems; struct ieee802_11_elems elems;
#endif
if (!bss) { if (!bss) {
wpa_printf(MSG_INFO, "connected bss entry not present in scan cache"); wpa_printf(MSG_INFO, "connected bss entry not present in scan cache");
@@ -331,11 +333,13 @@ void supplicant_sta_conn_handler(uint8_t *bssid)
wpa_s->current_bss = bss; wpa_s->current_bss = bss;
ie = (u8 *)bss; ie = (u8 *)bss;
ie += sizeof(struct wpa_bss); ie += sizeof(struct wpa_bss);
#ifdef CONFIG_RRM
ieee802_11_parse_elems(ie, bss->ie_len, &elems, 0); ieee802_11_parse_elems(ie, bss->ie_len, &elems, 0);
if (elems.rrm_enabled_len > 0 && elems.rrm_enabled != NULL) { if (elems.rrm_enabled_len > 0 && elems.rrm_enabled != NULL) {
os_memcpy(wpa_s->rrm_ie, elems.rrm_enabled, 5); //TODO ask kapil about 5 os_memcpy(wpa_s->rrm_ie, elems.rrm_enabled, 5);
wpa_s->rrm.rrm_used = true; wpa_s->rrm.rrm_used = true;
} }
#endif
wpa_bss_flush(wpa_s); wpa_bss_flush(wpa_s);
/* Register for mgmt frames */ /* Register for mgmt frames */
register_mgmt_frames(wpa_s); register_mgmt_frames(wpa_s);

8
components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
View File

@@ -84,7 +84,6 @@ void *hostap_init(void)
} }
hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP); hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP);
auth_conf->sae_pwe = hapd->conf->sae_pwe;
auth_conf->wpa_group_rekey = esp_wifi_ap_get_gtk_rekeying_config_internal(); auth_conf->wpa_group_rekey = esp_wifi_ap_get_gtk_rekeying_config_internal();
#define MIN_GTK_REKEYING_INTERVAL 60 #define MIN_GTK_REKEYING_INTERVAL 60
if (auth_conf->wpa_group_rekey && auth_conf->wpa_group_rekey < MIN_GTK_REKEYING_INTERVAL) { if (auth_conf->wpa_group_rekey && auth_conf->wpa_group_rekey < MIN_GTK_REKEYING_INTERVAL) {
@@ -111,6 +110,9 @@ void *hostap_init(void)
} }
#endif /* CONFIG_IEEE80211W */ #endif /* CONFIG_IEEE80211W */
if (esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_AP)) { if (esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_AP)) {
//TODO check sae_pwe
hapd->conf->sae_pwe = SAE_PWE_HASH_TO_ELEMENT;
auth_conf->rsn_override_omit_rsnxe = 1;
hapd->conf->rsn_override_key_mgmt = WPA_KEY_MGMT_SAE; hapd->conf->rsn_override_key_mgmt = WPA_KEY_MGMT_SAE;
hapd->conf->rsn_override_pairwise = WPA_CIPHER_CCMP; hapd->conf->rsn_override_pairwise = WPA_CIPHER_CCMP;
hapd->conf->rsn_override_mfp = MGMT_FRAME_PROTECTION_REQUIRED; hapd->conf->rsn_override_mfp = MGMT_FRAME_PROTECTION_REQUIRED;
@@ -144,6 +146,7 @@ void *hostap_init(void)
auth_conf->rsn_pairwise = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP; auth_conf->rsn_pairwise = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP;
} }
auth_conf->sae_pwe = hapd->conf->sae_pwe;
auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK; auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
auth_conf->eapol_version = EAPOL_VERSION; auth_conf->eapol_version = EAPOL_VERSION;
@@ -200,7 +203,8 @@ void *hostap_init(void)
#ifdef CONFIG_SAE #ifdef CONFIG_SAE
if (authmode == WIFI_AUTH_WPA3_PSK || if (authmode == WIFI_AUTH_WPA3_PSK ||
authmode == WIFI_AUTH_WPA2_WPA3_PSK) { authmode == WIFI_AUTH_WPA2_WPA3_PSK ||
esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_AP)) {
if (wpa3_hostap_auth_init(hapd) != 0) { if (wpa3_hostap_auth_init(hapd) != 0) {
goto fail; goto fail;
} }

2
components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
View File

@@ -129,7 +129,7 @@ struct wpa_funcs {
bool (*wpa_sta_in_4way_handshake)(void); bool (*wpa_sta_in_4way_handshake)(void);
void *(*wpa_ap_init)(void); void *(*wpa_ap_init)(void);
bool (*wpa_ap_deinit)(void *data); bool (*wpa_ap_deinit)(void *data);
bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *assoc_req_ie, uint32_t assoc_req_ie_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher); bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *assoc_req_ie, uint32_t len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher);
bool (*wpa_ap_remove)(u8 *bssid); bool (*wpa_ap_remove)(u8 *bssid);
uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len); uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len);
bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len); bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len);

5
components/wpa_supplicant/src/ap/wpa_auth_ie.c
View File

@@ -661,11 +661,6 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
return WPA_INVALID_AKMP; return WPA_INVALID_AKMP;
} }
if (!key_mgmt) {
wpa_printf( MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
MACSTR, data.key_mgmt, MAC2STR(sm->addr));
return WPA_INVALID_AKMP;
}
if (0) { if (0) {
} }
#ifdef CONFIG_IEEE80211R_AP #ifdef CONFIG_IEEE80211R_AP

5
components/wpa_supplicant/src/common/wpa_common.c
View File

@@ -402,7 +402,12 @@ int wpa_parse_wpa_ie_rsnxe(const u8 *rsnxe_ie, size_t rsnxe_ie_len,
if (rsnxe_ie_len < 1) { if (rsnxe_ie_len < 1) {
return -1; return -1;
} }
if (rsnxe_ie && rsnxe_ie[0] == WLAN_EID_VENDOR_SPECIFIC &&
rsnxe_ie[1] >= 1 + 4) {
rsnxe_capa = rsnxe_ie[2 + 4];
} else {
rsnxe_capa = rsnxe_ie[2]; rsnxe_capa = rsnxe_ie[2];
}
if (sae_pwe == 1 && !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))){ if (sae_pwe == 1 && !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))){
wpa_printf(MSG_ERROR, "SAE H2E required, but not supported by the AP"); wpa_printf(MSG_ERROR, "SAE H2E required, but not supported by the AP");
return -1; return -1;

2
components/wpa_supplicant/src/rsn_supp/wpa.c
View File

@@ -2601,7 +2601,7 @@ int wpa_set_bss(uint8_t *macddr, uint8_t *bssid, u8 pairwise_cipher, u8 group_ci
esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_STA)); esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_STA));
wpa_sm_set_param(sm, WPA_PARAM_RSN_OVERRIDE, wpa_sm_set_param(sm, WPA_PARAM_RSN_OVERRIDE,
RSN_OVERRIDE_NOT_USED); RSN_OVERRIDE_NOT_USED);
ie = esp_wifi_sta_get_ie(bssid, WLAN_EID_RSN); ie = esp_wifi_sta_get_ie(bssid, WFA_RSNE_OVERRIDE_OUI_TYPE);
if (esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_STA) && if (esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_STA) &&
ie && ie[0] != WLAN_EID_RSN) { ie && ie[0] != WLAN_EID_RSN) {

4
components/wpa_supplicant/src/rsn_supp/wpa_ie.c
View File

@@ -43,6 +43,10 @@ int wpa_parse_wpa_ie(const u8 *wpa_ie, size_t wpa_ie_len,
wpa_ie[1] >= 4 && wpa_ie[1] >= 4 &&
WPA_GET_BE32(&wpa_ie[2]) == RSNE_OVERRIDE_IE_VENDOR_TYPE) { WPA_GET_BE32(&wpa_ie[2]) == RSNE_OVERRIDE_IE_VENDOR_TYPE) {
return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data); return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data);
} else if (wpa_ie_len >= 6 && wpa_ie[0] == WLAN_EID_VENDOR_SPECIFIC &&
wpa_ie[1] >= 4 &&
WPA_GET_BE32(&wpa_ie[2]) == RSNXE_OVERRIDE_IE_VENDOR_TYPE) {
return wpa_parse_wpa_ie_rsnxe(wpa_ie, wpa_ie_len, data);
} }
return wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, data); return wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, data);
} }