diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h b/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h index b18290186d..95f75876a6 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -319,6 +319,13 @@ esp_err_t esp_eap_client_set_fast_params(esp_eap_fast_config config); */ esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle); +/** + * @brief Set Opportunistic key caching support for station. + * + * @param enable Boolean indicating whether to enable (true) or disable (false) OKC support. + */ +void esp_wifi_set_okc_support(bool enable); + #ifdef __cplusplus } #endif diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c index aedc3f1652..78d599ada8 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -626,10 +626,10 @@ static int wpa2_start_eapol_internal(void) return ESP_FAIL; } - if (wpa_sta_cur_pmksa_matches_akm()) { + if (wpa_sta_cur_pmksa_matches_akm() && wpa_sta_is_cur_pmksa_set()) { wpa_printf(MSG_DEBUG, "RSN: PMKSA caching - do not send EAPOL-Start"); - return ESP_FAIL; + return ESP_OK; } ret = esp_wifi_get_assoc_bssid_internal(bssid); @@ -815,12 +815,26 @@ static esp_err_t esp_client_enable_fn(void *arg) return ESP_OK; } +void esp_wifi_set_okc_support(bool enable) +{ + struct wpa_sm *sm = &gWpaSm; + if (enable) { + sm->okc = 1; + } else { + sm->okc = 0; + } + wpa_printf(MSG_DEBUG, "OKC set to %d", sm->okc); +} + esp_err_t esp_wifi_sta_enterprise_enable(void) { wifi_wpa2_param_t param; esp_err_t ret; struct wpa_sm *sm = &gWpaSm; + /* Enable opportunistic key caching support */ + esp_wifi_set_okc_support(true); + wpa2_api_lock(); if (wpa2_is_enabled()) { diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 6161d0b8c1..0522f89b88 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -37,6 +37,7 @@ #include "common/sae.h" #include "esp_eap_client_i.h" #include "esp_wpa3_i.h" +#include "eap_peer/eap.h" /** * eapol_sm_notify_eap_success - Notification of external EAP success trigger @@ -376,7 +377,6 @@ static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, - static int wpa_supplicant_get_pmk(struct wpa_sm *sm, const unsigned char *src_addr, const u8 *pmkid) @@ -681,7 +681,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, #ifdef CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT if (is_wpa2_enterprise_connection()) { - pmksa_cache_set_current(sm, NULL, sm->bssid, 0, 0); + pmksa_cache_set_current(sm, NULL, sm->bssid, sm->okc ? (void*)sm->network_ctx : NULL, sm->okc); } #endif @@ -2313,6 +2313,8 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, bool use_pmk_cache = !esp_wifi_skip_supp_pmkcaching(); u8 assoc_rsnxe[20]; size_t assoc_rsnxe_len = sizeof(assoc_rsnxe); + bool reassoc_same_ess = false; + int try_opportunistic = 0; /* Incase AP has changed it's SSID, don't try with PMK caching for SAE connection */ /* Ideally we should use network_ctx for this purpose however currently network profile block @@ -2324,6 +2326,16 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, (os_memcmp(sm->ssid, ssid, ssid_len) != 0)) { use_pmk_cache = false; } + + if (os_memcmp(sm->ssid, ssid, ssid_len) == 0) { + wpa_printf(MSG_DEBUG, "reassoc same ess and okc is %d", sm->okc); + if (sm->okc == 1) { + try_opportunistic = 1; + } + reassoc_same_ess = true; + } + sm->network_ctx = ssid; + sm->pairwise_cipher = BIT(pairwise_cipher); sm->group_cipher = BIT(group_cipher); sm->rx_replay_counter_set = 0; //init state not intall replay counter value @@ -2345,7 +2357,11 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, } } if (wpa_key_mgmt_supports_caching(sm->key_mgmt) && use_pmk_cache) { - pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0); + if (reassoc_same_ess && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) { + pmksa_cache_set_current(sm, NULL, (const u8*) bssid, (void*)sm->network_ctx, try_opportunistic); + } else { + pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, try_opportunistic); + } wpa_sm_set_pmk_from_pmksa(sm); } else { if (pmksa) { diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_i.h b/components/wpa_supplicant/src/rsn_supp/wpa_i.h index 03cca337a5..b31aeb1e1a 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa_i.h +++ b/components/wpa_supplicant/src/rsn_supp/wpa_i.h @@ -111,6 +111,7 @@ struct wpa_sm { u8 *assoc_resp_ies; /* MDIE and FTIE from (Re)Association Response */ size_t assoc_resp_ies_len; #endif /* CONFIG_IEEE80211R */ + int okc; /* Used for trying Opportunistic Key Caching */ #ifdef CONFIG_OWE_STA struct crypto_ecdh *owe_ecdh; u16 owe_group;