From de4010b95a4f2e4b1bdb1d606c17a88d62a2f284 Mon Sep 17 00:00:00 2001 From: Sarvesh Bodakhe Date: Mon, 1 Jul 2024 14:36:14 +0530 Subject: [PATCH] feat(esp_wifi): Add support for WPA3 transition disable and more updates 1. Add support for SAE-PK and WPA3-Enterprise transition disable 2. Add support to handle OWE transition disable indication from AP 3. refactor: Backport common changes in scan/connect path from 90cc6158 - 90cc6158 adds support for Network Introduction Protocol in DPP 4. Fix issue of supplicant using wrong parameters to configure bss - Ensure that wpa_supplicant's state machine registers the requirement for rsnxe before deciding to add rsnxe to a assoc request. Co-authored-by: default avatarjgujarathi --- components/esp_wifi/lib | 2 +- .../esp_supplicant/src/esp_wifi_driver.h | 8 +++-- .../esp_supplicant/src/esp_wpa3.c | 8 ++--- .../esp_supplicant/src/esp_wpa_main.c | 4 +-- .../esp_supplicant/src/esp_wpas_glue.c | 32 ++++++++++++++++--- .../esp_supplicant/src/esp_wpas_glue.h | 2 +- .../wpa_supplicant/src/common/wpa_common.h | 3 ++ components/wpa_supplicant/src/rsn_supp/wpa.c | 4 +++ 8 files changed, 48 insertions(+), 15 deletions(-) diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index 20d6700bee..bddbf09a6d 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit 20d6700beef8162b62326658a0fd4433d5663e8a +Subproject commit bddbf09a6dee01df752057bd7cf40b55a96644cc diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h index 795692de74..6be0bb3358 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -140,7 +140,6 @@ struct wpa_funcs { void (*wpa_config_done)(void); uint8_t *(*owe_build_dhie)(uint16_t group); int (*owe_process_assoc_resp)(const u8 *rsn_ie, size_t rsn_len, const uint8_t *dh_ie, size_t dh_len); - int (*wpa_sta_set_ap_rsnxe)(const u8 *rsnxe, size_t rsnxe_ie_len); }; struct wpa2_funcs { @@ -289,12 +288,15 @@ bool esp_wifi_is_ft_enabled_internal(uint8_t if_index); uint8_t esp_wifi_sta_get_config_sae_pk_internal(void); void esp_wifi_sta_disable_sae_pk_internal(void); void esp_wifi_sta_disable_wpa2_authmode_internal(void); +void esp_wifi_sta_disable_owe_trans_internal(void); uint8_t esp_wifi_ap_get_max_sta_conn(void); uint8_t esp_wifi_get_config_sae_pwe_h2e_internal(uint8_t ifx); bool esp_wifi_ap_notify_node_sae_auth_done(uint8_t *mac); bool esp_wifi_ap_is_sta_sae_reauth_node(uint8_t *mac); uint8_t* esp_wifi_sta_get_sae_identifier_internal(void); bool esp_wifi_eb_tx_status_success_internal(void *eb); -uint8_t* esp_wifi_sta_get_rsnxe(void); +uint8_t* esp_wifi_sta_get_rsnxe(u8 *bssid); +esp_err_t esp_wifi_sta_connect_internal(const uint8_t *bssid); +void esp_wifi_enable_sae_pk_only_mode_internal(void); #endif /* _ESP_WIFI_DRIVER_H_ */ diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c index c43fc90b4c..c5a6ccbb06 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c @@ -38,10 +38,10 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len) const u8 *rsnxe; u8 rsnxe_capa = 0; - rsnxe = esp_wifi_sta_get_rsnxe(); - if (rsnxe && rsnxe[1] >= 1) { - rsnxe_capa = rsnxe[2]; - } + rsnxe = esp_wifi_sta_get_rsnxe(bssid); + if (rsnxe && rsnxe[1] >= 1) { + rsnxe_capa = rsnxe[2]; + } #ifdef CONFIG_SAE_PK bool use_pk = false; diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c index 70b8e50c0a..bf854e2036 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c @@ -214,7 +214,8 @@ int wpa_sta_connect(uint8_t *bssid) esp_set_assoc_ie((uint8_t *)bssid, NULL, 0, false); } - return 0; + ret = esp_wifi_sta_connect_internal(bssid); + return ret; } void wpa_config_done(void) @@ -433,7 +434,6 @@ int esp_supplicant_init(void) wpa_cb->wpa_config_bss = NULL;//wpa_config_bss; wpa_cb->wpa_michael_mic_failure = wpa_michael_mic_failure; wpa_cb->wpa_config_done = wpa_config_done; - wpa_cb->wpa_sta_set_ap_rsnxe = wpa_sm_set_ap_rsnxe; esp_wifi_register_wpa3_ap_cb(wpa_cb); esp_wifi_register_wpa3_cb(wpa_cb); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c index 4f1da5d792..189c7aa965 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -93,12 +93,36 @@ int hostapd_send_eapol(const u8 *source, const u8 *sta_addr, } -void wpa_supplicant_transition_disable(void *sm, u8 bitmap) +static void disable_wpa_wpa2(void) +{ + esp_wifi_sta_disable_wpa2_authmode_internal(); +} + +void wpa_supplicant_transition_disable(struct wpa_sm *sm, u8 bitmap) { wpa_printf(MSG_DEBUG, "TRANSITION_DISABLE %02x", bitmap); - if (bitmap & TRANSITION_DISABLE_WPA3_PERSONAL) { - esp_wifi_sta_disable_wpa2_authmode_internal(); + if ((bitmap & TRANSITION_DISABLE_WPA3_PERSONAL) && + wpa_key_mgmt_sae(sm->key_mgmt)) { + disable_wpa_wpa2(); + } + + if ((bitmap & TRANSITION_DISABLE_SAE_PK) && + wpa_key_mgmt_sae(sm->key_mgmt)) { + wpa_printf(MSG_INFO, + "SAE-PK: SAE authentication without PK disabled based on AP notification"); + disable_wpa_wpa2(); + esp_wifi_enable_sae_pk_only_mode_internal(); + } + + if ((bitmap & TRANSITION_DISABLE_WPA3_ENTERPRISE) && + wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) { + disable_wpa_wpa2(); + } + + if ((bitmap & TRANSITION_DISABLE_ENHANCED_OPEN) && + wpa_key_mgmt_owe(sm->key_mgmt)) { + esp_wifi_sta_disable_owe_trans_internal(); } } diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.h b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.h index 11f5b3ddff..e18ad28cdd 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.h @@ -31,7 +31,7 @@ void wpa_free_eapol(u8 *buffer); int wpa_ether_send(void *ctx, const u8 *dest, u16 proto, const u8 *data, size_t data_len); -void wpa_supplicant_transition_disable(void *sm, u8 bitmap); +void wpa_supplicant_transition_disable(struct wpa_sm *sm, u8 bitmap); int hostapd_send_eapol(const u8 *source, const u8 *sta_addr, const u8 *data, size_t data_len); diff --git a/components/wpa_supplicant/src/common/wpa_common.h b/components/wpa_supplicant/src/common/wpa_common.h index 4462c81f00..92f5c140d7 100644 --- a/components/wpa_supplicant/src/common/wpa_common.h +++ b/components/wpa_supplicant/src/common/wpa_common.h @@ -325,6 +325,9 @@ struct rsn_rdie { /* WFA Transition Disable KDE (using OUI_WFA) */ /* Transition Disable Bitmap bits */ #define TRANSITION_DISABLE_WPA3_PERSONAL BIT(0) +#define TRANSITION_DISABLE_SAE_PK BIT(1) +#define TRANSITION_DISABLE_WPA3_ENTERPRISE BIT(2) +#define TRANSITION_DISABLE_ENHANCED_OPEN BIT(3) #ifdef CONFIG_IEEE80211R int wpa_ft_mic(const u8 *kck, size_t kck_len, const u8 *sta_addr, diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 29c06bef6f..7caa744694 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2442,6 +2442,10 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, if (res < 0) return -1; sm->assoc_wpa_ie_len = res; + + const u8 *rsnxe; + rsnxe = esp_wifi_sta_get_rsnxe((u8*)bssid); + wpa_sm_set_ap_rsnxe(rsnxe, rsnxe ? (rsnxe[1] + 2) : 0); res = wpa_gen_rsnxe(sm, assoc_rsnxe, assoc_rsnxe_len); if (res < 0) return -1;