From 6d7593c1be1171efec3a9be9cd4e7455006ed775 Mon Sep 17 00:00:00 2001
From: "tarun.kumar" <tarun.kumar@espressif.com>
Date: Fri, 11 Apr 2025 15:41:10 +0530
Subject: [PATCH 1/2] fix(wifi) : Add config param for gtk rekeying on softAP
 side

---
 .../esp_wifi/include/esp_wifi_types_generic.h    |  1 +
 .../esp_supplicant/src/esp_hostap.c              |  6 ++++++
 .../esp_supplicant/src/esp_wifi_driver.h         |  1 +
 components/wpa_supplicant/src/ap/wpa_auth.c      | 16 ++++++++++++++++
 4 files changed, 24 insertions(+)

diff --git a/components/esp_wifi/include/esp_wifi_types_generic.h b/components/esp_wifi/include/esp_wifi_types_generic.h
index 8cf8d0de49..cabb434a39 100644
--- a/components/esp_wifi/include/esp_wifi_types_generic.h
+++ b/components/esp_wifi/include/esp_wifi_types_generic.h
@@ -539,6 +539,7 @@ typedef struct {
     uint8_t transition_disable;               /**< Whether to enable transition disable feature */
     uint8_t sae_ext;                          /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */
     wifi_bss_max_idle_config_t bss_max_idle_cfg;  /**< Configuration for bss max idle, effective if CONFIG_WIFI_BSS_MAX_IDLE_SUPPORT is enabled */
+    uint16_t gtk_rekey_interval;              /**< GTK rekeying interval in seconds. If set to 0, GTK rekeying is disabled. Range: 60 ~ 65535 including 0. */
 } wifi_ap_config_t;
 
 #define SAE_H2E_IDENTIFIER_LEN 32    /**< Length of the password identifier for H2E */
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
index ccf7d81337..ab488f2155 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
@@ -84,6 +84,12 @@ void *hostap_init(void)
 
     hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP);
     auth_conf->sae_pwe = hapd->conf->sae_pwe;
+    auth_conf->wpa_group_rekey = esp_wifi_ap_get_gtk_rekeying_config_internal();
+#define MIN_GTK_REKEYING_INTERVAL 60
+    if (auth_conf->wpa_group_rekey && auth_conf->wpa_group_rekey < MIN_GTK_REKEYING_INTERVAL) {
+        auth_conf->wpa_group_rekey = MIN_GTK_REKEYING_INTERVAL;
+    }
+#undef MIN_GTK_REKEYING_INTERVAL
 
     authmode = esp_wifi_ap_get_prof_authmode_internal();
     if (authmode_has_wpa(authmode)) {
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
index df068bba20..0419b884bd 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
@@ -285,6 +285,7 @@ esp_err_t esp_wifi_register_mgmt_frame_internal(uint32_t type, uint32_t subtype)
 esp_err_t esp_wifi_send_mgmt_frm_internal(const wifi_mgmt_frm_req_t *req);
 uint8_t esp_wifi_ap_get_prof_pairwise_cipher_internal(void);
 uint8_t esp_wifi_ap_get_sae_ext_config_internal(void);
+uint16_t esp_wifi_ap_get_gtk_rekeying_config_internal(void);
 bool esp_wifi_is_mbo_enabled_internal(uint8_t if_index);
 void esp_wifi_get_pmf_config_internal(wifi_pmf_config_t *pmf_cfg, uint8_t ifx);
 bool esp_wifi_is_ft_enabled_internal(uint8_t if_index);
diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c
index f5715611a8..a3c67cd136 100644
--- a/components/wpa_supplicant/src/ap/wpa_auth.c
+++ b/components/wpa_supplicant/src/ap/wpa_auth.c
@@ -211,6 +211,16 @@ int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
               int (*cb)(struct wpa_state_machine *sm, void *ctx),
               void *cb_ctx)
 {
+    struct hostapd_data *hapd = hostapd_get_hapd_data();
+    struct sta_info *sta;
+
+    if (hapd == NULL)
+        return 1;
+
+    for (sta = hapd->sta_list; sta; sta = sta->next) {
+         if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
+             return 1;
+    }
     return 0;
 }
 
@@ -397,6 +407,11 @@ struct wpa_authenticator * wpa_init(const u8 *addr,
         return NULL;
     }
 
+    if (wpa_auth->conf.wpa_group_rekey) {
+        eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
+                       0, wpa_rekey_gtk, wpa_auth, NULL);
+    }
+
 #ifdef CONFIG_IEEE80211R_AP
     wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
     if (wpa_auth->ft_pmk_cache == NULL) {
@@ -2565,6 +2580,7 @@ static int wpa_sm_step(struct wpa_state_machine *sm)
 void wpa_deinit(struct wpa_authenticator *wpa_auth)
 {
     struct wpa_group *group, *prev;
+    eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
 	pmksa_cache_auth_deinit(wpa_auth->pmksa);
     if (wpa_auth->wpa_ie != NULL) {
         os_free(wpa_auth->wpa_ie);

From 004abebdbd4cc19391931345fe9b651e72d0ccbb Mon Sep 17 00:00:00 2001
From: "tarun.kumar" <tarun.kumar@espressif.com>
Date: Sun, 13 Apr 2025 20:38:59 +0530
Subject: [PATCH 2/2] fix)wifi): Add GTK rekeying interval field in softap
 example

---
 components/esp_wifi/lib                            |  2 +-
 .../getting_started/softAP/main/Kconfig.projbuild  | 14 ++++++++++++++
 .../softAP/main/softap_example_main.c              |  7 +++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
index 0a6b4ae17b..265486dd52 160000
--- a/components/esp_wifi/lib
+++ b/components/esp_wifi/lib
@@ -1 +1 @@
-Subproject commit 0a6b4ae17b00566fd45aae10696e2f728e63e245
+Subproject commit 265486dd52fa72c9dbb2ebf60091f81d4b4f783d
diff --git a/examples/wifi/getting_started/softAP/main/Kconfig.projbuild b/examples/wifi/getting_started/softAP/main/Kconfig.projbuild
index 19e9f86e01..5dcaa97c15 100644
--- a/examples/wifi/getting_started/softAP/main/Kconfig.projbuild
+++ b/examples/wifi/getting_started/softAP/main/Kconfig.projbuild
@@ -23,4 +23,18 @@ menu "Example Configuration"
         default 4
         help
             Max number of the STA connects to AP.
+
+    config ESP_GTK_REKEYING_ENABLE
+        bool "Enable GTK Rekeying"
+        default y
+        help
+            Flag to enable GTK rekeying.
+
+    config ESP_GTK_REKEY_INTERVAL
+        int "GTK rekey interval"
+        depends on ESP_GTK_REKEYING_ENABLE
+        range 60 65535
+        default 600
+        help
+            GTK rekeying interval in seconds.
 endmenu
diff --git a/examples/wifi/getting_started/softAP/main/softap_example_main.c b/examples/wifi/getting_started/softAP/main/softap_example_main.c
index 941b0b77c3..c2bca87431 100644
--- a/examples/wifi/getting_started/softAP/main/softap_example_main.c
+++ b/examples/wifi/getting_started/softAP/main/softap_example_main.c
@@ -28,6 +28,12 @@
 #define EXAMPLE_ESP_WIFI_CHANNEL   CONFIG_ESP_WIFI_CHANNEL
 #define EXAMPLE_MAX_STA_CONN       CONFIG_ESP_MAX_STA_CONN
 
+#if CONFIG_ESP_GTK_REKEYING_ENABLE
+#define EXAMPLE_GTK_REKEY_INTERVAL CONFIG_ESP_GTK_REKEY_INTERVAL
+#else
+#define EXAMPLE_GTK_REKEY_INTERVAL 0
+#endif
+
 static const char *TAG = "wifi softAP";
 
 static void wifi_event_handler(void* arg, esp_event_base_t event_base,
@@ -81,6 +87,7 @@ void wifi_init_softap(void)
                 .protected_keep_alive = 1,
             },
 #endif
+            .gtk_rekey_interval = EXAMPLE_GTK_REKEY_INTERVAL,
         },
     };
     if (strlen(EXAMPLE_ESP_WIFI_PASS) == 0) {