forked from espressif/esp-idf
feat(wpa_supplicant): Add support for Opportunistic Key Caching
This commit is contained in:
Aditi
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
@@ -319,6 +319,13 @@ esp_err_t esp_eap_client_set_fast_params(esp_eap_fast_config config);
|
|||||||
*/
|
*/
|
||||||
esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle);
|
esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Set Opportunistic key caching support for station.
|
||||||
|
*
|
||||||
|
* @param enable Boolean indicating whether to enable (true) or disable (false) OKC support.
|
||||||
|
*/
|
||||||
|
void esp_wifi_set_okc_support(bool enable);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
@@ -626,10 +626,10 @@ static int wpa2_start_eapol_internal(void)
|
|||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (wpa_sta_cur_pmksa_matches_akm()) {
|
if (wpa_sta_cur_pmksa_matches_akm() && wpa_sta_is_cur_pmksa_set()) {
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"RSN: PMKSA caching - do not send EAPOL-Start");
|
"RSN: PMKSA caching - do not send EAPOL-Start");
|
||||||
return ESP_FAIL;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = esp_wifi_get_assoc_bssid_internal(bssid);
|
ret = esp_wifi_get_assoc_bssid_internal(bssid);
|
||||||
@@ -815,12 +815,26 @@ static esp_err_t esp_client_enable_fn(void *arg)
|
|||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void esp_wifi_set_okc_support(bool enable)
|
||||||
|
{
|
||||||
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
|
if (enable) {
|
||||||
|
sm->okc = 1;
|
||||||
|
} else {
|
||||||
|
sm->okc = 0;
|
||||||
|
}
|
||||||
|
wpa_printf(MSG_DEBUG, "OKC set to %d", sm->okc);
|
||||||
|
}
|
||||||
|
|
||||||
esp_err_t esp_wifi_sta_enterprise_enable(void)
|
esp_err_t esp_wifi_sta_enterprise_enable(void)
|
||||||
{
|
{
|
||||||
wifi_wpa2_param_t param;
|
wifi_wpa2_param_t param;
|
||||||
esp_err_t ret;
|
esp_err_t ret;
|
||||||
struct wpa_sm *sm = &gWpaSm;
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
|
|
||||||
|
/* Enable opportunistic key caching support */
|
||||||
|
esp_wifi_set_okc_support(true);
|
||||||
|
|
||||||
wpa2_api_lock();
|
wpa2_api_lock();
|
||||||
|
|
||||||
if (wpa2_is_enabled()) {
|
if (wpa2_is_enabled()) {
|
||||||
|
|||||||
@@ -37,6 +37,7 @@
|
|||||||
#include "common/sae.h"
|
#include "common/sae.h"
|
||||||
#include "esp_eap_client_i.h"
|
#include "esp_eap_client_i.h"
|
||||||
#include "esp_wpa3_i.h"
|
#include "esp_wpa3_i.h"
|
||||||
|
#include "eap_peer/eap.h"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* eapol_sm_notify_eap_success - Notification of external EAP success trigger
|
* eapol_sm_notify_eap_success - Notification of external EAP success trigger
|
||||||
@@ -376,7 +377,6 @@ static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
|
static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
|
||||||
const unsigned char *src_addr,
|
const unsigned char *src_addr,
|
||||||
const u8 *pmkid)
|
const u8 *pmkid)
|
||||||
@@ -681,7 +681,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
|
|||||||
|
|
||||||
#ifdef CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT
|
#ifdef CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT
|
||||||
if (is_wpa2_enterprise_connection()) {
|
if (is_wpa2_enterprise_connection()) {
|
||||||
pmksa_cache_set_current(sm, NULL, sm->bssid, 0, 0);
|
pmksa_cache_set_current(sm, NULL, sm->bssid, sm->okc ? (void*)sm->network_ctx : NULL, sm->okc);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -2313,6 +2313,8 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
|
|||||||
bool use_pmk_cache = !esp_wifi_skip_supp_pmkcaching();
|
bool use_pmk_cache = !esp_wifi_skip_supp_pmkcaching();
|
||||||
u8 assoc_rsnxe[20];
|
u8 assoc_rsnxe[20];
|
||||||
size_t assoc_rsnxe_len = sizeof(assoc_rsnxe);
|
size_t assoc_rsnxe_len = sizeof(assoc_rsnxe);
|
||||||
|
bool reassoc_same_ess = false;
|
||||||
|
int try_opportunistic = 0;
|
||||||
|
|
||||||
/* Incase AP has changed it's SSID, don't try with PMK caching for SAE connection */
|
/* Incase AP has changed it's SSID, don't try with PMK caching for SAE connection */
|
||||||
/* Ideally we should use network_ctx for this purpose however currently network profile block
|
/* Ideally we should use network_ctx for this purpose however currently network profile block
|
||||||
@@ -2324,6 +2326,16 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
|
|||||||
(os_memcmp(sm->ssid, ssid, ssid_len) != 0)) {
|
(os_memcmp(sm->ssid, ssid, ssid_len) != 0)) {
|
||||||
use_pmk_cache = false;
|
use_pmk_cache = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (os_memcmp(sm->ssid, ssid, ssid_len) == 0) {
|
||||||
|
wpa_printf(MSG_DEBUG, "reassoc same ess and okc is %d", sm->okc);
|
||||||
|
if (sm->okc == 1) {
|
||||||
|
try_opportunistic = 1;
|
||||||
|
}
|
||||||
|
reassoc_same_ess = true;
|
||||||
|
}
|
||||||
|
sm->network_ctx = ssid;
|
||||||
|
|
||||||
sm->pairwise_cipher = BIT(pairwise_cipher);
|
sm->pairwise_cipher = BIT(pairwise_cipher);
|
||||||
sm->group_cipher = BIT(group_cipher);
|
sm->group_cipher = BIT(group_cipher);
|
||||||
sm->rx_replay_counter_set = 0; //init state not intall replay counter value
|
sm->rx_replay_counter_set = 0; //init state not intall replay counter value
|
||||||
@@ -2345,7 +2357,11 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (wpa_key_mgmt_supports_caching(sm->key_mgmt) && use_pmk_cache) {
|
if (wpa_key_mgmt_supports_caching(sm->key_mgmt) && use_pmk_cache) {
|
||||||
pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0);
|
if (reassoc_same_ess && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) {
|
||||||
|
pmksa_cache_set_current(sm, NULL, (const u8*) bssid, (void*)sm->network_ctx, try_opportunistic);
|
||||||
|
} else {
|
||||||
|
pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, try_opportunistic);
|
||||||
|
}
|
||||||
wpa_sm_set_pmk_from_pmksa(sm);
|
wpa_sm_set_pmk_from_pmksa(sm);
|
||||||
} else {
|
} else {
|
||||||
if (pmksa) {
|
if (pmksa) {
|
||||||
|
|||||||
@@ -111,6 +111,7 @@ struct wpa_sm {
|
|||||||
u8 *assoc_resp_ies; /* MDIE and FTIE from (Re)Association Response */
|
u8 *assoc_resp_ies; /* MDIE and FTIE from (Re)Association Response */
|
||||||
size_t assoc_resp_ies_len;
|
size_t assoc_resp_ies_len;
|
||||||
#endif /* CONFIG_IEEE80211R */
|
#endif /* CONFIG_IEEE80211R */
|
||||||
|
int okc; /* Used for trying Opportunistic Key Caching */
|
||||||
#ifdef CONFIG_OWE_STA
|
#ifdef CONFIG_OWE_STA
|
||||||
struct crypto_ecdh *owe_ecdh;
|
struct crypto_ecdh *owe_ecdh;
|
||||||
u16 owe_group;
|
u16 owe_group;
|
||||||
|
|||||||
Reference in New Issue
Block a user