diff --git a/components/esp_wifi/Kconfig b/components/esp_wifi/Kconfig index c54b645a4f..836294228c 100644 --- a/components/esp_wifi/Kconfig +++ b/components/esp_wifi/Kconfig @@ -311,10 +311,17 @@ menu "Wi-Fi" config ESP_WIFI_ENABLE_SAE_PK bool "Enable SAE-PK" default y - depends on ESP_WIFI_ENABLE_WPA3_SAE + depends on (ESP_WIFI_ENABLE_WPA3_SAE && ESP_WIFI_ENABLE_SAE_H2E) help Select this option to enable SAE-PK + config ESP_WIFI_ENABLE_SAE_H2E + bool "Enable SAE-H2E" + default y + depends on ESP_WIFI_ENABLE_WPA3_SAE + help + Select this option to enable SAE-H2E + config ESP_WIFI_SOFTAP_SAE_SUPPORT bool "Enable WPA3 Personal(SAE) SoftAP" default y diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index 17554ae784..444e8af83d 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit 17554ae78486e9c265ebba92e5e114f3ce9e07b6 +Subproject commit 444e8af83d4d02255be48fc646d6c2a41280c3d1 diff --git a/components/esp_wifi/src/wifi_init.c b/components/esp_wifi/src/wifi_init.c index 42625fce05..8d23390e81 100644 --- a/components/esp_wifi/src/wifi_init.c +++ b/components/esp_wifi/src/wifi_init.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -521,7 +521,12 @@ esp_err_t ieee80211_ftm_attach(void) /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ return ESP_OK; } -#endif + +void ftm_initiator_cleanup(void) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ +} +#endif /* CONFIG_ESP_WIFI_FTM_ENABLE */ #ifndef CONFIG_ESP_WIFI_SOFTAP_SUPPORT void net80211_softap_funcs_init(void) @@ -597,7 +602,29 @@ void * ieee80211_alloc_proberesp(void *p, int arg) return NULL; } -#endif +bool hostap_query_mac_in_list(const uint8_t *p, int arg) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ + return false; +} + +int hostap_add_in_mac_list(const uint8_t *p, int arg) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ + return 0; +} + +int hostap_del_mac_info_from_list(const uint8_t *p, int arg) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ + return 0; +} + +void create_new_bss_for_sa_query_failed_sta(uint8_t arg) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ +} +#endif /* CONFIG_ESP_WIFI_SOFTAP_SUPPORT */ #ifndef CONFIG_ESP_WIFI_NAN_ENABLE @@ -624,7 +651,40 @@ void nan_sm_handle_event(void *p1, int p2) /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ } -#endif +int wifi_create_nan(void) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ + return 0; +} + +int wifi_nan_set_config_local(wifi_nan_config_t *p) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ + return 0; +} + +esp_err_t nan_dp_post_tx(void *p1, void *p2) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ + return ESP_OK; +} + +void nan_dp_delete_peer(void *p) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ +} + +void *nan_dp_search_node(const uint8_t *p) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ + return NULL; +} + +void nan_ndp_resp_timeout_process(void *p) +{ + /* Do not remove, stub to overwrite weak link in Wi-Fi Lib */ +} +#endif /* CONFIG_ESP_WIFI_NAN_ENABLE */ #if CONFIG_IDF_TARGET_ESP32C2 #if CONFIG_ESP32C2_REV_MIN_FULL < 200 diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 9a5f9a3bf3..475fb467fd 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -273,6 +273,9 @@ endif() if(CONFIG_ESP_WIFI_ENABLE_SAE_PK) target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_SAE_PK) endif() +if(CONFIG_ESP_WIFI_ENABLE_SAE_H2E) + target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_SAE_H2E) +endif() if(CONFIG_ESP_WIFI_SOFTAP_SAE_SUPPORT) target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_SAE) endif() diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_common.c b/components/wpa_supplicant/esp_supplicant/src/esp_common.c index f2b02dbdd3..d4dc0d3e4f 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_common.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_common.c @@ -845,3 +845,10 @@ void esp_set_assoc_ie(uint8_t *bssid, const u8 *ies, size_t ies_len, bool mdie) #else void esp_set_assoc_ie(uint8_t *bssid, const u8 *ies, size_t ies_len, bool mdie) { } #endif /* defined(CONFIG_RRM) || defined(CONFIG_IEEE80211R) || defined(CONFIG_WPA3_SAE) */ + +#ifndef CONFIG_SAE_H2E +int map_wifi_config_sae_pwe_to_supp(wifi_sae_pwe_method_t sae_pwe_config) +{ + return SAE_PWE_HUNT_AND_PECK; +} +#endif /* CONFIG_SAE_H2E */ diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c index 7135a03f5a..c9b09881ee 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c @@ -16,8 +16,11 @@ #include "endian.h" #include "esp_hostap.h" #include +#include "common/defs.h" +#ifdef CONFIG_SAE_H2E static struct sae_pt *g_sae_pt; +#endif /* CONFIG_SAE_H2E */ static struct sae_data g_sae_data; static struct wpabuf *g_sae_token = NULL; static struct wpabuf *g_sae_commit = NULL; @@ -28,14 +31,15 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len) { int default_group = IANA_SECP256R1; u32 len = 0; - uint8_t use_pt = 0; u8 own_addr[ETH_ALEN]; const u8 *pw = (const u8 *)esp_wifi_sta_get_prof_password_internal(); - struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal(); - uint8_t sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_STA); char sae_pwd_id[SAE_H2E_IDENTIFIER_LEN + 1] = {0}; bool valid_pwd_id = false; +#ifdef CONFIG_SAE_H2E + uint8_t sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_STA); const u8 *rsnxe; + uint8_t use_pt = 0; + struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal(); u8 rsnxe_capa = 0; if (wpa_key_mgmt_sae_ext_key(gWpaSm.key_mgmt)) { @@ -46,6 +50,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len) if (rsnxe && rsnxe[1] >= 1) { rsnxe_capa = rsnxe[2]; } +#endif /* CONFIG_SAE_H2E */ #ifdef CONFIG_SAE_PK bool use_pk = false; @@ -63,6 +68,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len) return ESP_FAIL; } #endif /* CONFIG_SAE_PK */ +#ifdef CONFIG_SAE_H2E if (use_pt || sae_pwe == SAE_PWE_HASH_TO_ELEMENT || sae_pwe == SAE_PWE_BOTH) { use_pt = !!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E)); @@ -89,6 +95,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len) if (use_pt && !g_sae_pt) { g_sae_pt = sae_derive_pt(g_allowed_groups, ssid->ssid, ssid->len, pw, strlen((const char *)pw), valid_pwd_id ? sae_pwd_id : NULL); } +#endif /* CONFIG_SAE_H2E */ if (wpa_sta_cur_pmksa_matches_akm()) { wpa_printf(MSG_INFO, "wpa3: Skip SAE and use cached PMK instead"); @@ -120,16 +127,21 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len) return ESP_FAIL; } +#ifdef CONFIG_SAE_H2E if (use_pt && sae_prepare_commit_pt(&g_sae_data, g_sae_pt, own_addr, bssid, NULL, NULL) < 0) { wpa_printf(MSG_ERROR, "wpa3: failed to prepare SAE commit!"); return ESP_FAIL; } - if (!use_pt && - sae_prepare_commit(own_addr, bssid, pw, - strlen((const char *)pw), - &g_sae_data) < 0) { +#endif /* CONFIG_SAE_H2E */ + if ( +#ifdef CONFIG_SAE_H2E + !use_pt && +#endif /* CONFIG_SAE_H2E */ + sae_prepare_commit(own_addr, bssid, pw, + strlen((const char *)pw), + &g_sae_data) < 0) { wpa_printf(MSG_ERROR, "wpa3: failed to prepare SAE commit!"); return ESP_FAIL; } @@ -207,10 +219,12 @@ void esp_wpa3_free_sae_data(void) g_sae_confirm = NULL; } sae_clear_data(&g_sae_data); +#ifdef CONFIG_SAE_H2E if (g_sae_pt) { sae_deinit_pt(g_sae_pt); g_sae_pt = NULL; } +#endif /* CONFIG_SAE_H2E */ } static u8 *wpa3_build_sae_msg(u8 *bssid, u32 sae_msg_type, size_t *sae_msg_len) diff --git a/components/wpa_supplicant/src/ap/ap_config.c b/components/wpa_supplicant/src/ap/ap_config.c index 0746bfea94..5c613a0d37 100644 --- a/components/wpa_supplicant/src/ap/ap_config.c +++ b/components/wpa_supplicant/src/ap/ap_config.c @@ -147,7 +147,7 @@ static int hostapd_derive_psk(struct hostapd_ssid *ssid) int hostapd_setup_sae_pt(struct hostapd_bss_config *conf) { -#ifdef CONFIG_SAE +#ifdef CONFIG_SAE_H2E struct hostapd_ssid *ssid = &conf->ssid; if ((conf->sae_pwe == SAE_PWE_HUNT_AND_PECK || !wpa_key_mgmt_sae(conf->wpa_key_mgmt))) @@ -165,7 +165,7 @@ int hostapd_setup_sae_pt(struct hostapd_bss_config *conf) return -1; } -#endif /* CONFIG_SAE */ +#endif /* CONFIG_SAE_H2E */ return 0; } diff --git a/docs/en/api-guides/performance/size.rst b/docs/en/api-guides/performance/size.rst index 4fa09b10fa..4f25c56280 100644 --- a/docs/en/api-guides/performance/size.rst +++ b/docs/en/api-guides/performance/size.rst @@ -111,6 +111,7 @@ The following binary size optimizations apply to a particular component or a fun - Disabling :ref:`CONFIG_ESP_WIFI_ENABLE_WPA3_SAE` will save some Wi-Fi binary size if WPA3 support is not needed. Note that WPA3 is mandatory for new Wi-Fi device certifications. - Disabling :ref:`CONFIG_ESP_WIFI_SOFTAP_SUPPORT` will save some Wi-Fi binary size if soft-AP support is not needed. - Disabling :ref:`CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT` will save some Wi-Fi binary size if enterprise support is not needed. + - Disabling :ref:`CONFIG_ESP_WIFI_ENABLE_SAE_H2E` will save some Wi-Fi binary size if hash-to-element authentication method of WPA3-SAE is not needed. Note that hash-to-element is faster, more secure and immune to side channel attacks than the default authentication method of hunting-and-pecking. .. only:: esp32 diff --git a/docs/zh_CN/api-guides/performance/size.rst b/docs/zh_CN/api-guides/performance/size.rst index 5ae05f7d15..87bb58bc08 100644 --- a/docs/zh_CN/api-guides/performance/size.rst +++ b/docs/zh_CN/api-guides/performance/size.rst @@ -111,6 +111,7 @@ ESP-IDF 构建系统会编译项目和 ESP-IDF 中所有源文件,但只有程 - 如果不需要启用 WPA3 支持,禁用 :ref:`CONFIG_ESP_WIFI_ENABLE_WPA3_SAE` 可以减小 Wi-Fi 二进制文件的大小。请注意,WPA3 支持是目前认证新 Wi-Fi 设备的必要标准。 - 如果不需要启用 soft-AP 支持,禁用 :ref:`CONFIG_ESP_WIFI_SOFTAP_SUPPORT` 可以减小 Wi-Fi 二进制文件的大小。 - 如不需要启用企业支持,禁用 :ref:`CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT` 可以减小 Wi-Fi 二进制文件的大小。 + - 如果不需要启用 WPA3-SAE 的哈希到元素(hash-to-element)认证方法,禁用 :ref:`CONFIG_ESP_WIFI_ENABLE_SAE_H2E` 可以减少 Wi-Fi 二进制文件的大小。请注意,与默认的 “hunting-and-pecking” 认证方法相比,哈希到元素方法更快、更安全,并且对侧信道攻击更具有免疫能力。 .. only:: esp32 diff --git a/examples/wifi/getting_started/station/main/Kconfig.projbuild b/examples/wifi/getting_started/station/main/Kconfig.projbuild index 5f26f13938..c78d713d7a 100644 --- a/examples/wifi/getting_started/station/main/Kconfig.projbuild +++ b/examples/wifi/getting_started/station/main/Kconfig.projbuild @@ -14,20 +14,22 @@ menu "Example Configuration" choice ESP_WIFI_SAE_MODE prompt "WPA3 SAE mode selection" - default ESP_WPA3_SAE_PWE_BOTH + default ESP_STATION_EXAMPLE_WPA3_SAE_PWE_BOTH help Select mode for SAE as Hunt and Peck, H2E or both. - config ESP_WPA3_SAE_PWE_HUNT_AND_PECK + config ESP_STATION_EXAMPLE_WPA3_SAE_PWE_HUNT_AND_PECK bool "HUNT AND PECK" - config ESP_WPA3_SAE_PWE_HASH_TO_ELEMENT + config ESP_STATION_EXAMPLE_WPA3_SAE_PWE_HASH_TO_ELEMENT bool "H2E" - config ESP_WPA3_SAE_PWE_BOTH + depends on ESP_WIFI_ENABLE_SAE_H2E + config ESP_STATION_EXAMPLE_WPA3_SAE_PWE_BOTH bool "BOTH" + depends on ESP_WIFI_ENABLE_SAE_H2E endchoice config ESP_WIFI_PW_ID string "PASSWORD IDENTIFIER" - depends on ESP_WPA3_SAE_PWE_HASH_TO_ELEMENT|| ESP_WPA3_SAE_PWE_BOTH + depends on ESP_STATION_EXAMPLE_WPA3_SAE_PWE_HASH_TO_ELEMENT|| ESP_STATION_EXAMPLE_WPA3_SAE_PWE_BOTH default "" help password identifier for SAE H2E @@ -43,8 +45,8 @@ menu "Example Configuration" default ESP_WIFI_AUTH_WPA2_PSK help The weakest authmode to accept in the scan mode. - This value defaults to ESP_WIFI_AUTH_WPA2_PSK incase password is present and ESP_WIFI_AUTH_OPEN is used. - Please select ESP_WIFI_AUTH_WEP/ESP_WIFI_AUTH_WPA_PSK incase AP is operating in WEP/WPA mode. + This value defaults to ESP_WIFI_AUTH_WPA2_PSK in case password is present and ESP_WIFI_AUTH_OPEN is used. + Please select ESP_WIFI_AUTH_WEP/ESP_WIFI_AUTH_WPA_PSK in case AP is operating in WEP/WPA mode. config ESP_WIFI_AUTH_OPEN bool "OPEN" diff --git a/examples/wifi/getting_started/station/main/station_example_main.c b/examples/wifi/getting_started/station/main/station_example_main.c index 2d0dba1205..d5ed5eb1a1 100644 --- a/examples/wifi/getting_started/station/main/station_example_main.c +++ b/examples/wifi/getting_started/station/main/station_example_main.c @@ -28,13 +28,13 @@ #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY -#if CONFIG_ESP_WPA3_SAE_PWE_HUNT_AND_PECK +#if CONFIG_ESP_STATION_EXAMPLE_WPA3_SAE_PWE_HUNT_AND_PECK #define ESP_WIFI_SAE_MODE WPA3_SAE_PWE_HUNT_AND_PECK #define EXAMPLE_H2E_IDENTIFIER "" -#elif CONFIG_ESP_WPA3_SAE_PWE_HASH_TO_ELEMENT +#elif CONFIG_ESP_STATION_EXAMPLE_WPA3_SAE_PWE_HASH_TO_ELEMENT #define ESP_WIFI_SAE_MODE WPA3_SAE_PWE_HASH_TO_ELEMENT #define EXAMPLE_H2E_IDENTIFIER CONFIG_ESP_WIFI_PW_ID -#elif CONFIG_ESP_WPA3_SAE_PWE_BOTH +#elif CONFIG_ESP_STATION_EXAMPLE_WPA3_SAE_PWE_BOTH #define ESP_WIFI_SAE_MODE WPA3_SAE_PWE_BOTH #define EXAMPLE_H2E_IDENTIFIER CONFIG_ESP_WIFI_PW_ID #endif