feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

Merge branch 'refactor/sae_pt_flag' into 'master'

Browse Source 
refactor(wifi) : Add SAE-H2E config flag and optimize wifi bin size for STA/SoftAP mode

See merge request espressif/esp-idf!36959
This commit is contained in:
Jiang Jiang Jian
2025-04-03 18:58:14 +08:00
parent 1e30aa74b5 07540f3253
commit e49d5914b0
11 changed files with 120 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
components/esp_wifi/Kconfig
View File

@@ -311,10 +311,17 @@ menu "Wi-Fi"
config ESP_WIFI_ENABLE_SAE_PK
bool "Enable SAE-PK"
default y
depends on ESP_WIFI_ENABLE_WPA3_SAE
depends on (ESP_WIFI_ENABLE_WPA3_SAE && ESP_WIFI_ENABLE_SAE_H2E)
help
Select this option to enable SAE-PK
config ESP_WIFI_ENABLE_SAE_H2E
bool "Enable SAE-H2E"
default y
depends on ESP_WIFI_ENABLE_WPA3_SAE
help
Select this option to enable SAE-H2E
config ESP_WIFI_SOFTAP_SAE_SUPPORT
bool "Enable WPA3 Personal(SAE) SoftAP"
default y

2
components/esp_wifi/lib

Submodule components/esp_wifi/lib updated: 17554ae784...444e8af83d

68
components/esp_wifi/src/wifi_init.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -521,7 +521,12 @@ esp_err_t ieee80211_ftm_attach(void)
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
return ESP_OK;
}
#endif
void ftm_initiator_cleanup(void)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
}
#endif /* CONFIG_ESP_WIFI_FTM_ENABLE */
#ifndef CONFIG_ESP_WIFI_SOFTAP_SUPPORT
void net80211_softap_funcs_init(void)
@@ -597,7 +602,29 @@ void * ieee80211_alloc_proberesp(void *p, int arg)
return NULL;
}
#endif
bool hostap_query_mac_in_list(const uint8_t *p, int arg)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
return false;
}
int hostap_add_in_mac_list(const uint8_t *p, int arg)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
return 0;
}
int hostap_del_mac_info_from_list(const uint8_t *p, int arg)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
return 0;
}
void create_new_bss_for_sa_query_failed_sta(uint8_t arg)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
}
#endif /* CONFIG_ESP_WIFI_SOFTAP_SUPPORT */
#ifndef CONFIG_ESP_WIFI_NAN_ENABLE
@@ -624,7 +651,40 @@ void nan_sm_handle_event(void *p1, int p2)
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
}
#endif
int wifi_create_nan(void)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
return 0;
}
int wifi_nan_set_config_local(wifi_nan_config_t *p)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
return 0;
}
esp_err_t nan_dp_post_tx(void *p1, void *p2)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
return ESP_OK;
}
void nan_dp_delete_peer(void *p)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
}
void *nan_dp_search_node(const uint8_t *p)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
return NULL;
}
void nan_ndp_resp_timeout_process(void *p)
{
/* Do not remove, stub to overwrite weak link in Wi-Fi Lib */
}
#endif /* CONFIG_ESP_WIFI_NAN_ENABLE */
#if CONFIG_IDF_TARGET_ESP32C2
#if CONFIG_ESP32C2_REV_MIN_FULL < 200

3
components/wpa_supplicant/CMakeLists.txt
View File

@@ -273,6 +273,9 @@ endif()
if(CONFIG_ESP_WIFI_ENABLE_SAE_PK)
target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_SAE_PK)
endif()
if(CONFIG_ESP_WIFI_ENABLE_SAE_H2E)
target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_SAE_H2E)
endif()
if(CONFIG_ESP_WIFI_SOFTAP_SAE_SUPPORT)
target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_SAE)
endif()

7
components/wpa_supplicant/esp_supplicant/src/esp_common.c
View File

@@ -845,3 +845,10 @@ void esp_set_assoc_ie(uint8_t *bssid, const u8 *ies, size_t ies_len, bool mdie)
#else
void esp_set_assoc_ie(uint8_t *bssid, const u8 *ies, size_t ies_len, bool mdie) { }
#endif /* defined(CONFIG_RRM) || defined(CONFIG_IEEE80211R) || defined(CONFIG_WPA3_SAE) */
#ifndef CONFIG_SAE_H2E
int map_wifi_config_sae_pwe_to_supp(wifi_sae_pwe_method_t sae_pwe_config)
{
return SAE_PWE_HUNT_AND_PECK;
}
#endif /* CONFIG_SAE_H2E */

28
components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
View File

@@ -16,8 +16,11 @@
#include "endian.h"
#include "esp_hostap.h"
#include <inttypes.h>
#include "common/defs.h"
#ifdef CONFIG_SAE_H2E
static struct sae_pt *g_sae_pt;
#endif /* CONFIG_SAE_H2E */
static struct sae_data g_sae_data;
static struct wpabuf *g_sae_token = NULL;
static struct wpabuf *g_sae_commit = NULL;
@@ -28,14 +31,15 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len)
{
int default_group = IANA_SECP256R1;
u32 len = 0;
uint8_t use_pt = 0;
u8 own_addr[ETH_ALEN];
const u8 *pw = (const u8 *)esp_wifi_sta_get_prof_password_internal();
struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal();
uint8_t sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_STA);
char sae_pwd_id[SAE_H2E_IDENTIFIER_LEN + 1] = {0};
bool valid_pwd_id = false;
#ifdef CONFIG_SAE_H2E
uint8_t sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_STA);
const u8 *rsnxe;
uint8_t use_pt = 0;
struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal();
u8 rsnxe_capa = 0;
if (wpa_key_mgmt_sae_ext_key(gWpaSm.key_mgmt)) {
@@ -46,6 +50,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len)
if (rsnxe && rsnxe[1] >= 1) {
rsnxe_capa = rsnxe[2];
}
#endif /* CONFIG_SAE_H2E */
#ifdef CONFIG_SAE_PK
bool use_pk = false;
@@ -63,6 +68,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len)
return ESP_FAIL;
}
#endif /* CONFIG_SAE_PK */
#ifdef CONFIG_SAE_H2E
if (use_pt || sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
sae_pwe == SAE_PWE_BOTH) {
use_pt = !!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E));
@@ -89,6 +95,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len)
if (use_pt && !g_sae_pt) {
g_sae_pt = sae_derive_pt(g_allowed_groups, ssid->ssid, ssid->len, pw, strlen((const char *)pw), valid_pwd_id ? sae_pwd_id : NULL);
}
#endif /* CONFIG_SAE_H2E */
if (wpa_sta_cur_pmksa_matches_akm()) {
wpa_printf(MSG_INFO, "wpa3: Skip SAE and use cached PMK instead");
@@ -120,16 +127,21 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len)
return ESP_FAIL;
}
#ifdef CONFIG_SAE_H2E
if (use_pt &&
sae_prepare_commit_pt(&g_sae_data, g_sae_pt,
own_addr, bssid, NULL, NULL) < 0) {
wpa_printf(MSG_ERROR, "wpa3: failed to prepare SAE commit!");
return ESP_FAIL;
}
if (!use_pt &&
sae_prepare_commit(own_addr, bssid, pw,
strlen((const char *)pw),
&g_sae_data) < 0) {
#endif /* CONFIG_SAE_H2E */
if (
#ifdef CONFIG_SAE_H2E
!use_pt &&
#endif /* CONFIG_SAE_H2E */
sae_prepare_commit(own_addr, bssid, pw,
strlen((const char *)pw),
&g_sae_data) < 0) {
wpa_printf(MSG_ERROR, "wpa3: failed to prepare SAE commit!");
return ESP_FAIL;
}
@@ -207,10 +219,12 @@ void esp_wpa3_free_sae_data(void)
g_sae_confirm = NULL;
}
sae_clear_data(&g_sae_data);
#ifdef CONFIG_SAE_H2E
if (g_sae_pt) {
sae_deinit_pt(g_sae_pt);
g_sae_pt = NULL;
}
#endif /* CONFIG_SAE_H2E */
}
static u8 *wpa3_build_sae_msg(u8 *bssid, u32 sae_msg_type, size_t *sae_msg_len)

4
components/wpa_supplicant/src/ap/ap_config.c
View File

@@ -147,7 +147,7 @@ static int hostapd_derive_psk(struct hostapd_ssid *ssid)
int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
{
#ifdef CONFIG_SAE
#ifdef CONFIG_SAE_H2E
struct hostapd_ssid *ssid = &conf->ssid;
if ((conf->sae_pwe == SAE_PWE_HUNT_AND_PECK ||
!wpa_key_mgmt_sae(conf->wpa_key_mgmt)))
@@ -165,7 +165,7 @@ int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
return -1;
}
#endif /* CONFIG_SAE */
#endif /* CONFIG_SAE_H2E */
return 0;
}

1
docs/en/api-guides/performance/size.rst
View File

@@ -111,6 +111,7 @@ The following binary size optimizations apply to a particular component or a fun
- Disabling :ref:`CONFIG_ESP_WIFI_ENABLE_WPA3_SAE` will save some Wi-Fi binary size if WPA3 support is not needed. Note that WPA3 is mandatory for new Wi-Fi device certifications.
- Disabling :ref:`CONFIG_ESP_WIFI_SOFTAP_SUPPORT` will save some Wi-Fi binary size if soft-AP support is not needed.
- Disabling :ref:`CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT` will save some Wi-Fi binary size if enterprise support is not needed.
- Disabling :ref:`CONFIG_ESP_WIFI_ENABLE_SAE_H2E` will save some Wi-Fi binary size if hash-to-element authentication method of WPA3-SAE is not needed. Note that hash-to-element is faster, more secure and immune to side channel attacks than the default authentication method of hunting-and-pecking.
.. only:: esp32

1
docs/zh_CN/api-guides/performance/size.rst
View File

@@ -111,6 +111,7 @@ ESP-IDF 构建系统会编译项目和 ESP-IDF 中所有源文件,但只有程
- 如果不需要启用 WPA3 支持,禁用 :ref:`CONFIG_ESP_WIFI_ENABLE_WPA3_SAE` 可以减小 Wi-Fi 二进制文件的大小。请注意WPA3 支持是目前认证新 Wi-Fi 设备的必要标准。
- 如果不需要启用 soft-AP 支持,禁用 :ref:`CONFIG_ESP_WIFI_SOFTAP_SUPPORT` 可以减小 Wi-Fi 二进制文件的大小。
- 如不需要启用企业支持,禁用 :ref:`CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT` 可以减小 Wi-Fi 二进制文件的大小。
- 如果不需要启用 WPA3-SAE 的哈希到元素hash-to-element认证方法禁用 :ref:`CONFIG_ESP_WIFI_ENABLE_SAE_H2E` 可以减少 Wi-Fi 二进制文件的大小。请注意,与默认的 “hunting-and-pecking” 认证方法相比,哈希到元素方法更快、更安全,并且对侧信道攻击更具有免疫能力。
.. only:: esp32

16
examples/wifi/getting_started/station/main/Kconfig.projbuild
View File

@@ -14,20 +14,22 @@ menu "Example Configuration"
choice ESP_WIFI_SAE_MODE
prompt "WPA3 SAE mode selection"
default ESP_WPA3_SAE_PWE_BOTH
default ESP_STATION_EXAMPLE_WPA3_SAE_PWE_BOTH
help
Select mode for SAE as Hunt and Peck, H2E or both.
config ESP_WPA3_SAE_PWE_HUNT_AND_PECK
config ESP_STATION_EXAMPLE_WPA3_SAE_PWE_HUNT_AND_PECK
bool "HUNT AND PECK"
config ESP_WPA3_SAE_PWE_HASH_TO_ELEMENT
config ESP_STATION_EXAMPLE_WPA3_SAE_PWE_HASH_TO_ELEMENT
bool "H2E"
config ESP_WPA3_SAE_PWE_BOTH
depends on ESP_WIFI_ENABLE_SAE_H2E
config ESP_STATION_EXAMPLE_WPA3_SAE_PWE_BOTH
bool "BOTH"
depends on ESP_WIFI_ENABLE_SAE_H2E
endchoice
config ESP_WIFI_PW_ID
string "PASSWORD IDENTIFIER"
depends on ESP_WPA3_SAE_PWE_HASH_TO_ELEMENT|| ESP_WPA3_SAE_PWE_BOTH
depends on ESP_STATION_EXAMPLE_WPA3_SAE_PWE_HASH_TO_ELEMENT|| ESP_STATION_EXAMPLE_WPA3_SAE_PWE_BOTH
default ""
help
password identifier for SAE H2E
@@ -43,8 +45,8 @@ menu "Example Configuration"
default ESP_WIFI_AUTH_WPA2_PSK
help
The weakest authmode to accept in the scan mode.
This value defaults to ESP_WIFI_AUTH_WPA2_PSK incase password is present and ESP_WIFI_AUTH_OPEN is used.
Please select ESP_WIFI_AUTH_WEP/ESP_WIFI_AUTH_WPA_PSK incase AP is operating in WEP/WPA mode.
This value defaults to ESP_WIFI_AUTH_WPA2_PSK in case password is present and ESP_WIFI_AUTH_OPEN is used.
Please select ESP_WIFI_AUTH_WEP/ESP_WIFI_AUTH_WPA_PSK in case AP is operating in WEP/WPA mode.
config ESP_WIFI_AUTH_OPEN
bool "OPEN"

6
examples/wifi/getting_started/station/main/station_example_main.c
View File

@@ -28,13 +28,13 @@
#define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY
#if CONFIG_ESP_WPA3_SAE_PWE_HUNT_AND_PECK
#if CONFIG_ESP_STATION_EXAMPLE_WPA3_SAE_PWE_HUNT_AND_PECK
#define ESP_WIFI_SAE_MODE WPA3_SAE_PWE_HUNT_AND_PECK
#define EXAMPLE_H2E_IDENTIFIER ""
#elif CONFIG_ESP_WPA3_SAE_PWE_HASH_TO_ELEMENT
#elif CONFIG_ESP_STATION_EXAMPLE_WPA3_SAE_PWE_HASH_TO_ELEMENT
#define ESP_WIFI_SAE_MODE WPA3_SAE_PWE_HASH_TO_ELEMENT
#define EXAMPLE_H2E_IDENTIFIER CONFIG_ESP_WIFI_PW_ID
#elif CONFIG_ESP_WPA3_SAE_PWE_BOTH
#elif CONFIG_ESP_STATION_EXAMPLE_WPA3_SAE_PWE_BOTH
#define ESP_WIFI_SAE_MODE WPA3_SAE_PWE_BOTH
#define EXAMPLE_H2E_IDENTIFIER CONFIG_ESP_WIFI_PW_ID
#endif