feat(esp_wifi): Add support for WPA3 transition disable and more updates

1. Add support for SAE-PK and WPA3-Enterprise transition disable
2. Add support to handle OWE transition disable indication from AP
2. Update Wi-Fi WPA3 authmodes as per WPA Specification v3.3:
   - Merge 'WIFI_AUTH_WPA3_EXT_PSK' and 'WIFI_AUTH_WPA3_EXT_PSK_MIXED_MODE'
     into 'WIFI_AUTH_WPA3_PSK' as per specification.
4. refactor: Backport common changes in scan/connect path from 90cc6158
   - 90cc6158 adds support for Network Introduction Protocl in DPP

components/esp_wifi/include/esp_wifi_types.h

@@ -56,7 +56,7 @@ typedef struct {
 } wifi_country_t;
 
 /* Strength of authmodes */
-/* OPEN < WEP < WPA_PSK < OWE < WPA2_PSK = WPA_WPA2_PSK < WAPI_PSK < WPA3_PSK = WPA2_WPA3_PSK < WPA3_EXT_PSK = WPA3_EXT_PSK_MIXED_MODE */
+/* OPEN < WEP < WPA_PSK < OWE < WPA2_PSK = WPA_WPA2_PSK < WAPI_PSK < WPA3_PSK = WPA2_WPA3_PSK */
 typedef enum {
     WIFI_AUTH_OPEN = 0,         /**< authenticate mode : open */
     WIFI_AUTH_WEP,              /**< authenticate mode : WEP */
@@ -70,8 +70,6 @@ typedef enum {
     WIFI_AUTH_WAPI_PSK,         /**< authenticate mode : WAPI_PSK */
     WIFI_AUTH_OWE,              /**< authenticate mode : OWE */
     WIFI_AUTH_WPA3_ENT_192,     /**< authenticate mode : WPA3_ENT_SUITE_B_192_BIT */
-    WIFI_AUTH_WPA3_EXT_PSK,     /**< authenticate mode : WPA3_PSK_EXT_KEY */
-    WIFI_AUTH_WPA3_EXT_PSK_MIXED_MODE, /**< authenticate mode: WPA3_PSK + WPA3_PSK_EXT_KEY */
     WIFI_AUTH_MAX
 } wifi_auth_mode_t;
 

components/esp_wifi/lib

@@ -1 +1 @@
-Subproject commit bb386048d34c44dbb2295d33b78540ecb8560f8e
+Subproject commit 00ffcf8882a8fc8882a7957649877f619bfda5bb

components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h

@@ -290,12 +290,15 @@ bool esp_wifi_is_ft_enabled_internal(uint8_t if_index);
 uint8_t esp_wifi_sta_get_config_sae_pk_internal(void);
 void esp_wifi_sta_disable_sae_pk_internal(void);
 void esp_wifi_sta_disable_wpa2_authmode_internal(void);
+void esp_wifi_sta_disable_owe_trans_internal(void);
 uint8_t esp_wifi_ap_get_max_sta_conn(void);
 uint8_t esp_wifi_get_config_sae_pwe_h2e_internal(uint8_t ifx);
 bool esp_wifi_ap_notify_node_sae_auth_done(uint8_t *mac);
 bool esp_wifi_ap_is_sta_sae_reauth_node(uint8_t *mac);
 uint8_t* esp_wifi_sta_get_sae_identifier_internal(void);
 bool esp_wifi_eb_tx_status_success_internal(void *eb);
-uint8_t* esp_wifi_sta_get_rsnxe(void);
+uint8_t* esp_wifi_sta_get_rsnxe(u8 *bssid);
+esp_err_t esp_wifi_sta_connect_internal(const uint8_t *bssid);
+void esp_wifi_enable_sae_pk_only_mode_internal(void);
 
 #endif /* _ESP_WIFI_DRIVER_H_ */

components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c

@@ -43,7 +43,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len)
         use_pt = 1;
     }
 
-   rsnxe = esp_wifi_sta_get_rsnxe();
+   rsnxe = esp_wifi_sta_get_rsnxe(bssid);
    if (rsnxe && rsnxe[1] >= 1) {
        rsnxe_capa = rsnxe[2];
    }

components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c

@@ -213,7 +213,8 @@ int wpa_sta_connect(uint8_t *bssid)
         esp_set_assoc_ie((uint8_t *)bssid, NULL, 0, false);
     }
 
-    return 0;
+    ret = esp_wifi_sta_connect_internal(bssid);
+    return ret;
 }
 
 void wpa_config_done(void)

components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -93,13 +93,36 @@ int hostapd_send_eapol(const u8 *source, const u8 *sta_addr,
 
 }
 
+static void disable_wpa_wpa2(void)
+{
+    esp_wifi_sta_disable_wpa2_authmode_internal();
+}
+
 void wpa_supplicant_transition_disable(struct wpa_sm *sm, u8 bitmap)
 {
     wpa_printf(MSG_DEBUG, "TRANSITION_DISABLE %02x", bitmap);
 
     if  ((bitmap & TRANSITION_DISABLE_WPA3_PERSONAL) &&
           wpa_key_mgmt_sae(sm->key_mgmt)) {
-        esp_wifi_sta_disable_wpa2_authmode_internal();
+        disable_wpa_wpa2();
+    }
+
+    if ((bitmap & TRANSITION_DISABLE_SAE_PK) &&
+        wpa_key_mgmt_sae(sm->key_mgmt)) {
+        wpa_printf(MSG_INFO,
+            "SAE-PK: SAE authentication without PK disabled based on AP notification");
+        disable_wpa_wpa2();
+        esp_wifi_enable_sae_pk_only_mode_internal();
+    }
+
+    if ((bitmap & TRANSITION_DISABLE_WPA3_ENTERPRISE) &&
+        wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) {
+        disable_wpa_wpa2();
+    }
+
+    if ((bitmap & TRANSITION_DISABLE_ENHANCED_OPEN) &&
+        wpa_key_mgmt_owe(sm->key_mgmt)) {
+        esp_wifi_sta_disable_owe_trans_internal();
     }
 }
 

components/wpa_supplicant/src/common/wpa_common.h

@@ -326,6 +326,9 @@ struct rsn_rdie {
 /* WFA Transition Disable KDE (using OUI_WFA) */
 /* Transition Disable Bitmap bits */
 #define TRANSITION_DISABLE_WPA3_PERSONAL BIT(0)
+#define TRANSITION_DISABLE_SAE_PK BIT(1)
+#define TRANSITION_DISABLE_WPA3_ENTERPRISE BIT(2)
+#define TRANSITION_DISABLE_ENHANCED_OPEN BIT(3)
 
 #ifdef CONFIG_IEEE80211R
 int wpa_ft_mic(const u8 *kck, size_t kck_len, const u8 *sta_addr,

examples/wifi/scan/main/scan.c

@@ -55,12 +55,6 @@ static void print_auth_mode(int authmode)
     case WIFI_AUTH_WPA3_ENT_192:
         ESP_LOGI(TAG, "Authmode \tWIFI_AUTH_WPA3_ENT_192");
         break;
-    case WIFI_AUTH_WPA3_EXT_PSK:
-        ESP_LOGI(TAG, "Authmode \tWIFI_AUTH_WPA3_EXT_PSK");
-        break;
-    case WIFI_AUTH_WPA3_EXT_PSK_MIXED_MODE:
-        ESP_LOGI(TAG, "Authmode \tWIFI_AUTH_WPA3_EXT_PSK_MIXED_MODE");
-        break;
     default:
         ESP_LOGI(TAG, "Authmode \tWIFI_AUTH_UNKNOWN");
         break;