feat(esp_wifi): Add support of wpa3 compatible more for ap and sta

2025-10-03 18:40:59 +02:00 · 2025-04-02 10:36:27 +05:30
parent e8a19841f4
commit fbfa3aa0e0
10 changed files with 33 additions and 22 deletions
--- a/components/esp_wifi/include/esp_wifi_types_generic.h
+++ b/components/esp_wifi/include/esp_wifi_types_generic.h
@@ -533,8 +533,6 @@ typedef struct {
    bool ftm_responder;                       /**< Enable FTM Responder mode */
    wifi_pmf_config_t pmf_cfg;                /**< Configuration for Protected Management Frame */
    wifi_sae_pwe_method_t sae_pwe_h2e;        /**< Configuration for SAE PWE derivation method */
-    uint8_t transition_disable;               /**< Whether to enable transition disable feature */
-    uint8_t sae_ext;                          /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */
    uint8_t transition_disable: 1;            /**< Whether to enable transition disable feature */
    uint8_t sae_ext: 1;                       /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */
    uint8_t wpa3_compatible_mode: 1;          /**< Whether to enable wpa3 compatible authmode feature */
@@ -565,7 +563,8 @@ typedef struct {
    uint32_t ft_enabled: 1;                   /**< Whether FT is enabled for the connection */
    uint32_t owe_enabled: 1;                  /**< Whether OWE is enabled for the connection */
    uint32_t transition_disable: 1;           /**< Whether to enable transition disable feature */
-    uint32_t reserved1: 26;                   /**< Reserved for future feature set */
+    uint32_t wpa3_compatible_mode: 1;         /**< Whether to enable wpa3 compatible authmode feature */
+    uint32_t reserved1: 25;                    /**< Reserved for future feature set */
    wifi_sae_pwe_method_t sae_pwe_h2e;        /**< Configuration for SAE PWE derivation method */
    wifi_sae_pk_mode_t sae_pk_mode;           /**< Configuration for SAE-PK (Public Key) Authentication method */
    uint8_t failure_retry_cnt;                /**< Number of connection retries station will do before moving to next AP. scan_method should be set as WIFI_ALL_CHANNEL_SCAN to use this config.
--- a/components/wpa_supplicant/esp_supplicant/src/esp_common.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_common.c
@@ -322,7 +322,9 @@ void supplicant_sta_conn_handler(uint8_t *bssid)
    u8 *ie;
    struct wpa_supplicant *wpa_s = &g_wpa_supp;
    struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, bssid);
+#ifdef CONFIG_RRM
    struct ieee802_11_elems elems;
+#endif

    if (!bss) {
        wpa_printf(MSG_INFO, "connected bss entry not present in scan cache");
@@ -331,11 +333,13 @@ void supplicant_sta_conn_handler(uint8_t *bssid)
    wpa_s->current_bss = bss;
    ie = (u8 *)bss;
    ie += sizeof(struct wpa_bss);
+#ifdef CONFIG_RRM
    ieee802_11_parse_elems(ie, bss->ie_len, &elems, 0);
    if (elems.rrm_enabled_len > 0 && elems.rrm_enabled != NULL) {
-        os_memcpy(wpa_s->rrm_ie, elems.rrm_enabled, 5); //TODO ask kapil about 5
+        os_memcpy(wpa_s->rrm_ie, elems.rrm_enabled, 5);
        wpa_s->rrm.rrm_used = true;
    }
+#endif
    wpa_bss_flush(wpa_s);
    /* Register for mgmt frames */
    register_mgmt_frames(wpa_s);
--- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
@@ -84,7 +84,6 @@ void *hostap_init(void)
    }

    hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP);
-    auth_conf->sae_pwe = hapd->conf->sae_pwe;
    auth_conf->wpa_group_rekey = esp_wifi_ap_get_gtk_rekeying_config_internal();
 #define MIN_GTK_REKEYING_INTERVAL 60
    if (auth_conf->wpa_group_rekey && auth_conf->wpa_group_rekey < MIN_GTK_REKEYING_INTERVAL) {
@@ -111,6 +110,9 @@ void *hostap_init(void)
    }
 #endif /* CONFIG_IEEE80211W */
    if (esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_AP)) {
+        //TODO check sae_pwe
+        hapd->conf->sae_pwe = SAE_PWE_HASH_TO_ELEMENT;
+        auth_conf->rsn_override_omit_rsnxe = 1;
        hapd->conf->rsn_override_key_mgmt = WPA_KEY_MGMT_SAE;
        hapd->conf->rsn_override_pairwise = WPA_CIPHER_CCMP;
        hapd->conf->rsn_override_mfp = MGMT_FRAME_PROTECTION_REQUIRED;
@@ -144,6 +146,7 @@ void *hostap_init(void)
        auth_conf->rsn_pairwise = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP;
    }

+    auth_conf->sae_pwe = hapd->conf->sae_pwe;
    auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
    auth_conf->eapol_version = EAPOL_VERSION;

@@ -200,7 +203,8 @@ void *hostap_init(void)

 #ifdef CONFIG_SAE
    if (authmode == WIFI_AUTH_WPA3_PSK ||
-            authmode == WIFI_AUTH_WPA2_WPA3_PSK) {
+            authmode == WIFI_AUTH_WPA2_WPA3_PSK ||
+            esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_AP)) {
        if (wpa3_hostap_auth_init(hapd) != 0) {
            goto fail;
        }
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
@@ -129,7 +129,7 @@ struct wpa_funcs {
    bool (*wpa_sta_in_4way_handshake)(void);
    void *(*wpa_ap_init)(void);
    bool (*wpa_ap_deinit)(void *data);
-    bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *assoc_req_ie, uint32_t assoc_req_ie_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher);
+    bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *assoc_req_ie, uint32_t len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher);
    bool (*wpa_ap_remove)(u8 *bssid);
    uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len);
    bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len);
--- a/components/wpa_supplicant/src/ap/wpa_auth_ie.c
+++ b/components/wpa_supplicant/src/ap/wpa_auth_ie.c
@@ -661,11 +661,6 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 		return WPA_INVALID_AKMP;
 	}

-	if (!key_mgmt) {
-		wpa_printf( MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
-			   MACSTR, data.key_mgmt, MAC2STR(sm->addr));
-		return WPA_INVALID_AKMP;
-	}
 	if (0) {
 	}
 #ifdef CONFIG_IEEE80211R_AP
--- a/components/wpa_supplicant/src/common/wpa_common.c
+++ b/components/wpa_supplicant/src/common/wpa_common.c
@@ -402,7 +402,12 @@ int wpa_parse_wpa_ie_rsnxe(const u8 *rsnxe_ie, size_t rsnxe_ie_len,
 	if (rsnxe_ie_len < 1) {
 		return -1;
 	}
+	if (rsnxe_ie && rsnxe_ie[0] == WLAN_EID_VENDOR_SPECIFIC &&
+		rsnxe_ie[1] >= 1 + 4) {
+		rsnxe_capa = rsnxe_ie[2 + 4];
+	} else {
 		rsnxe_capa = rsnxe_ie[2];
+	}
 	if (sae_pwe == 1 && !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))){
 		wpa_printf(MSG_ERROR, "SAE H2E required, but not supported by the AP");
 		return -1;
--- a/components/wpa_supplicant/src/rsn_supp/wpa.c
+++ b/components/wpa_supplicant/src/rsn_supp/wpa.c
@@ -2601,7 +2601,7 @@ int wpa_set_bss(uint8_t *macddr, uint8_t *bssid, u8 pairwise_cipher, u8 group_ci
            esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_STA));
    wpa_sm_set_param(sm, WPA_PARAM_RSN_OVERRIDE,
            RSN_OVERRIDE_NOT_USED);
-    ie = esp_wifi_sta_get_ie(bssid, WLAN_EID_RSN);
+    ie = esp_wifi_sta_get_ie(bssid, WFA_RSNE_OVERRIDE_OUI_TYPE);

    if (esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_STA) &&
            ie && ie[0] != WLAN_EID_RSN) {
--- a/components/wpa_supplicant/src/rsn_supp/wpa_ie.c
+++ b/components/wpa_supplicant/src/rsn_supp/wpa_ie.c
@@ -43,6 +43,10 @@ int  wpa_parse_wpa_ie(const u8 *wpa_ie, size_t wpa_ie_len,
               wpa_ie[1] >= 4 &&
               WPA_GET_BE32(&wpa_ie[2]) == RSNE_OVERRIDE_IE_VENDOR_TYPE) {
        return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data);
+    } else if (wpa_ie_len >= 6 && wpa_ie[0] == WLAN_EID_VENDOR_SPECIFIC &&
+               wpa_ie[1] >= 4 &&
+               WPA_GET_BE32(&wpa_ie[2]) == RSNXE_OVERRIDE_IE_VENDOR_TYPE) {
+        return wpa_parse_wpa_ie_rsnxe(wpa_ie, wpa_ie_len, data);
    }
    return wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, data);
 }