From 8d383980a13f6239a27915a35444f9c1611f6bbf Mon Sep 17 00:00:00 2001 From: muhaidong Date: Wed, 19 Apr 2023 19:57:27 +0800 Subject: [PATCH 1/3] esp_supplicant: wpa pmf should be disabled --- .../wpa_supplicant/esp_supplicant/src/esp_hostap.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c index d160b7c336..481be139e7 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c @@ -40,7 +40,7 @@ void *hostap_init(void) struct wpa_auth_config *auth_conf; u16 spp_attrubute = 0; u8 pairwise_cipher; - wifi_pmf_config_t pmf_cfg; + wifi_pmf_config_t pmf_cfg = {0}; uint8_t authmode; hapd = (struct hostapd_data *)os_zalloc(sizeof(struct hostapd_data)); @@ -85,11 +85,12 @@ void *hostap_init(void) pairwise_cipher = esp_wifi_ap_get_prof_pairwise_cipher_internal(); #ifdef CONFIG_IEEE80211W - - esp_wifi_get_pmf_config_internal(&pmf_cfg, WIFI_IF_AP); - - if (pmf_cfg.required) { - pairwise_cipher = WIFI_CIPHER_TYPE_CCMP; + if((auth_conf->wpa & WPA_PROTO_RSN) == WPA_PROTO_RSN) + { + esp_wifi_get_pmf_config_internal(&pmf_cfg, WIFI_IF_AP); + if (pmf_cfg.required) { + pairwise_cipher = WIFI_CIPHER_TYPE_CCMP; + } } #endif /* CONFIG_IEEE80211W */ From f03e3c164e47cc31fe64859d7a0297bdbfd43383 Mon Sep 17 00:00:00 2001 From: muhaidong Date: Wed, 26 Apr 2023 21:38:34 +0800 Subject: [PATCH 2/3] esp_supplicant: When the softAP authentication mode is set to WPA2_PSK, WPA2_WPA3_PSK, or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP --- components/esp_wifi/include/esp_wifi_types.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/esp_wifi/include/esp_wifi_types.h b/components/esp_wifi/include/esp_wifi_types.h index 6b43d113a1..5a178ef109 100644 --- a/components/esp_wifi/include/esp_wifi_types.h +++ b/components/esp_wifi/include/esp_wifi_types.h @@ -286,11 +286,11 @@ typedef struct { uint8_t password[64]; /**< Password of soft-AP. */ uint8_t ssid_len; /**< Optional length of SSID field. */ uint8_t channel; /**< Channel of soft-AP */ - wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP in soft-AP mode */ + wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP. */ uint8_t ssid_hidden; /**< Broadcast SSID or not, default 0, broadcast the SSID */ uint8_t max_connection; /**< Max number of stations allowed to connect in */ uint16_t beacon_interval; /**< Beacon interval which should be multiples of 100. Unit: TU(time unit, 1 TU = 1024 us). Range: 100 ~ 60000. Default value: 100 */ - wifi_cipher_type_t pairwise_cipher; /**< pairwise cipher of SoftAP, group cipher will be derived using this. cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */ + wifi_cipher_type_t pairwise_cipher; /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */ bool ftm_responder; /**< Enable FTM Responder mode */ wifi_pmf_config_t pmf_cfg; /**< Configuration for Protected Management Frame */ wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */ From 193f581cecfb378083c8ee1554492778f9428f0e Mon Sep 17 00:00:00 2001 From: muhaidong Date: Wed, 26 Apr 2023 20:45:38 +0800 Subject: [PATCH 3/3] esp_wifi: update pairwise cipher in softAP --- components/esp_wifi/include/esp_wifi_types.h | 2 +- components/esp_wifi/lib | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/esp_wifi/include/esp_wifi_types.h b/components/esp_wifi/include/esp_wifi_types.h index 5a178ef109..200bd70b1a 100644 --- a/components/esp_wifi/include/esp_wifi_types.h +++ b/components/esp_wifi/include/esp_wifi_types.h @@ -286,7 +286,7 @@ typedef struct { uint8_t password[64]; /**< Password of soft-AP. */ uint8_t ssid_len; /**< Optional length of SSID field. */ uint8_t channel; /**< Channel of soft-AP */ - wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP. */ + wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP. */ uint8_t ssid_hidden; /**< Broadcast SSID or not, default 0, broadcast the SSID */ uint8_t max_connection; /**< Max number of stations allowed to connect in */ uint16_t beacon_interval; /**< Beacon interval which should be multiples of 100. Unit: TU(time unit, 1 TU = 1024 us). Range: 100 ~ 60000. Default value: 100 */ diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index f4fee447eb..6292339dd1 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit f4fee447eb5abc27d0088849580c2e9117f059bc +Subproject commit 6292339dd1f262ec0bf9bb058758dbf02e1e0505