Merge branch 'feature/wifi_wapi_release' into 'master'

Feature/wifi wapi release

Closes WIFI-2553

See merge request espressif/esp-idf!11589

components/esp_wifi/CMakeLists.txt

@@ -46,10 +46,11 @@ target_link_libraries(${COMPONENT_LIB} PUBLIC "-L ${CMAKE_CURRENT_SOURCE_DIR}/li
 
 if(link_binary_libs)
     set(phy phy)
-    set(blobs coexist core espnow mesh net80211 pp smartconfig ${phy})
+    set(blobs coexist core espnow mesh net80211 pp smartconfig wapi ${phy})
     if(${idf_target} STREQUAL "esp32")
         list(APPEND blobs rtc)
     endif()
+
     foreach(blob ${blobs})
         add_prebuilt_library(${blob} "${CMAKE_CURRENT_SOURCE_DIR}/lib/${target_name}/lib${blob}.a"
                             REQUIRES ${COMPONENT_NAME})

components/esp_wifi/include/esp_private/wifi.h

@@ -190,6 +190,27 @@ typedef void (*wifi_netstack_buf_free_cb_t)(void *netstack_buf);
   */
 esp_err_t esp_wifi_internal_tx_by_ref(wifi_interface_t ifx, void *buffer, size_t len, void *netstack_buf);
 
+/**
+  * @brief     Initialize WAPI function when wpa_supplicant initialize.
+  *
+  * This API is privately used, be careful not open to external applicantion.
+  *
+  * @return
+  *          - ESP_OK : succeed
+  *          - ESP_ERR_WAPI_INTERNAL : Internal error
+  */
+esp_err_t esp_wifi_internal_wapi_init(void);
+
+/**
+  * @brief     De-initialize WAPI function when wpa_supplicant de-initialize.
+  *
+  * This API is privately used, be careful not open to external applicantion.
+  *
+  * @return
+  *          - ESP_OK : succeed
+  */
+esp_err_t esp_wifi_internal_wapi_deinit(void);
+
 /**
   * @brief  register the net stack buffer reference increasing and free callback
   *

components/esp_wifi/include/esp_wifi_types.h

@@ -55,6 +55,7 @@ typedef enum {
     WIFI_AUTH_WPA_PSK,          /**< authenticate mode : WPA_PSK */
     WIFI_AUTH_WPA2_PSK,         /**< authenticate mode : WPA2_PSK */
     WIFI_AUTH_WPA_WPA2_PSK,     /**< authenticate mode : WPA_WPA2_PSK */
+    WIFI_AUTH_WAPI_PSK,         /**< authenticate mode : WAPI_PSK */
     WIFI_AUTH_WPA2_ENTERPRISE,  /**< authenticate mode : WPA2_ENTERPRISE */
     WIFI_AUTH_WPA3_PSK,         /**< authenticate mode : WPA3_PSK */
     WIFI_AUTH_WPA2_WPA3_PSK,    /**< authenticate mode : WPA2_WPA3_PSK */
@@ -141,6 +142,7 @@ typedef enum {
     WIFI_CIPHER_TYPE_CCMP,       /**< the cipher type is CCMP */
     WIFI_CIPHER_TYPE_TKIP_CCMP,  /**< the cipher type is TKIP and CCMP */
     WIFI_CIPHER_TYPE_AES_CMAC128,/**< the cipher type is AES-CMAC-128 */
+    WIFI_CIPHER_TYPE_SMS4,       /**< the cipher type is SMS4 */
     WIFI_CIPHER_TYPE_UNKNOWN,    /**< the cipher type is unknown */
 } wifi_cipher_type_t;
 

components/esp_wifi/lib

@@ -1 +1 @@
-Subproject commit 2c6178981f0d8cb7cee9177db1baff7f32940af8
+Subproject commit 55635ec1783027dc31ba0df690d90931abed2db7

components/esp_wifi/src/lib_printf.c

@@ -138,6 +138,15 @@ int coexist_printf(const char* format, ...)
     return res;
 }
 
+int wapi_printf(const char* format, ...)
+{
+    va_list arg;
+    va_start(arg, format);
+    int res = lib_printf("coexist", format, arg);
+    va_end(arg);
+    return res;
+}
+
 int mesh_printf(const char* format, ...)
 {
     va_list arg;

components/wpa_supplicant/Kconfig

@@ -6,6 +6,13 @@ menu "Supplicant"
         help
             Select this option to use MbedTLS crypto API's which utilize hardware acceleration.
 
+    config WPA_WAPI_PSK
+        bool "Enable WAPI PSK support"
+        default n
+        help
+            Select this option to enable WAPI-PSK
+            which is a Chinese National Standard Encryption for Wireless LANs (GB 15629.11-2003).
+
     config WPA_DEBUG_PRINT
         bool "Print debug messages from WPA Supplicant"
         default n

components/wpa_supplicant/src/ap/wpa_auth.c

@@ -1203,7 +1203,7 @@ void wpa_remove_ptk(struct wpa_state_machine *sm)
 {
     sm->PTK_valid = FALSE;
     memset(&sm->PTK, 0, sizeof(sm->PTK));
-    wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
+    wpa_auth_set_key(sm->wpa_auth, 0, WIFI_WPA_ALG_NONE, sm->addr, 0, NULL, 0);
     sm->pairwise_set = FALSE;
     eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
 }
@@ -2304,7 +2304,7 @@ static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
 
 #ifdef CONFIG_IEEE80211W
     if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION &&
-        wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
+        wpa_auth_set_key(wpa_auth, group->vlan_id, WIFI_WPA_ALG_IGTK,
         		 broadcast_ether_addr, group->GN_igtk,
                  group->IGTK[group->GN_igtk - 4],
                  WPA_IGTK_LEN) < 0)

components/wpa_supplicant/src/ap/wpa_auth_ie.c

@@ -372,10 +372,13 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 	if (wpa_ie == NULL || wpa_ie_len < 1)
 		return WPA_INVALID_IE;
 
-	if (wpa_ie[0] == WLAN_EID_RSN)
+	if (wpa_ie[0] == WLAN_EID_RSN) {
 		version = WPA_PROTO_RSN;
-	else
+	} else if (wpa_ie[0] == WLAN_EID_WAPI) {
+		version = WPA_PROTO_WAPI;
+	} else {
 		version = WPA_PROTO_WPA;
+	}
 
 	if (!(wpa_auth->conf.wpa & version)) {
 		wpa_printf( MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
@@ -421,6 +424,9 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 					       data.group_cipher);
 		if (!selector)
 			selector = RSN_CIPHER_SUITE_CCMP;
+	} else if (version == WPA_PROTO_WAPI) {
+		res = 0;
+		selector = WAPI_CIPHER_SUITE_SMS4;
 	} else {
 		res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
 

components/wpa_supplicant/src/common/defs.h

@@ -24,6 +24,7 @@ typedef enum { FALSE = 0, TRUE = 1 } Boolean;
 #define WPA_CIPHER_CCMP                 BIT(3)
 #define WPA_CIPHER_AES_128_CMAC         BIT(5)
 #define WPA_CIPHER_GCMP                 BIT(6)
+#define WPA_CIPHER_SMS4                 BIT(10)
 
 #define WPA_KEY_MGMT_IEEE8021X BIT(0)
 #define WPA_KEY_MGMT_PSK BIT(1)
@@ -134,19 +135,6 @@ enum wifi_key_alg {
 	ALG_AES_CMAC,
 };
 
-enum wpa_alg {
-	WPA_ALG_NONE =0,
-	WPA_ALG_WEP40 = 1,
-	WPA_ALG_TKIP = 2,
-	WPA_ALG_CCMP = 3,
-	WPA_ALG_WAPI = 4,
-	WPA_ALG_WEP104 = 5,
-	WPA_ALG_WEP,
-	WPA_ALG_IGTK,
-	WPA_ALG_PMK,
-	WPA_ALG_GCMP
-};
-
 /**
  * enum wpa_cipher - Cipher suites
  */

components/wpa_supplicant/src/common/ieee802_11_common.h

@@ -11,6 +11,7 @@
 
 #include "defs.h"
 #include "ieee802_11_defs.h"
+#include "esp_supplicant/esp_wifi_driver.h"
 
 struct element {
 	u8 id;

components/wpa_supplicant/src/common/ieee802_11_defs.h

@@ -214,6 +214,7 @@
 #define WLAN_EID_RIC_DATA 57
 #define WLAN_EID_HT_OPERATION 61
 #define WLAN_EID_SECONDARY_CHANNEL_OFFSET 62
+#define WLAN_EID_WAPI 68
 #define WLAN_EID_RRM_ENABLED_CAPABILITIES 70
 #define WLAN_EID_20_40_BSS_COEXISTENCE 72
 #define WLAN_EID_20_40_BSS_INTOLERANT 73

components/wpa_supplicant/src/common/wpa_common.c

@@ -588,16 +588,16 @@ int wpa_cipher_to_alg(int cipher)
 {
 	switch (cipher) {
 	case WPA_CIPHER_CCMP:
-		return WPA_ALG_CCMP;
+		return WIFI_WPA_ALG_CCMP;
 	case WPA_CIPHER_GCMP:
-		return WPA_ALG_GCMP;
+		return WIFI_WPA_ALG_GCMP;
 	case WPA_CIPHER_TKIP:
-		return WPA_ALG_TKIP;
+		return WIFI_WPA_ALG_TKIP;
 	case WPA_CIPHER_WEP104:
 	case WPA_CIPHER_WEP40:
-		return WPA_ALG_WEP;
+		return WIFI_WPA_ALG_WEP;
 	}
-	return WPA_ALG_NONE;
+	return WIFI_WPA_ALG_NONE;
 }
 
 u32 wpa_cipher_to_suite(int proto, int cipher)

components/wpa_supplicant/src/common/wpa_common.h

@@ -13,6 +13,7 @@
  */
 
 #include "os.h"
+#include "esp_supplicant/esp_wifi_driver.h"
 #ifndef WPA_COMMON_H
 #define WPA_COMMON_H
 
@@ -45,6 +46,15 @@
 #define WPA_CIPHER_SUITE_CCMP RSN_SELECTOR(0x00, 0x50, 0xf2, 4)
 #define WPA_CIPHER_SUITE_WEP104 RSN_SELECTOR(0x00, 0x50, 0xf2, 5)
 
+#define WAPI_SELECTOR(a, b, c, d) \
+	((((u32) (a)) << 24) | (((u32) (b)) << 16) | (((u32) (c)) << 8) | \
+	 (u32) (d))
+
+#define WAPI_AUTH_KEY_MGMT_NONE WAPI_SELECTOR(0x00, 0x14, 0x72, 0)
+#define WAPI_AUTH_KEY_MGMT_CERT WAPI_SELECTOR(0x00, 0x14, 0x72, 1)
+#define WAPI_AUTH_KEY_MGMT_PSK WAPI_SELECTOR(0x00, 0x14, 0x72, 2)
+#define WAPI_CIPHER_SUITE_NONE WAPI_SELECTOR(0x00, 0x14, 0x72, 0)
+#define WAPI_CIPHER_SUITE_SMS4 WAPI_SELECTOR(0x00, 0x14, 0x72, 1)
 
 #define RSN_AUTH_KEY_MGMT_UNSPEC_802_1X RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
 #define RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X RSN_SELECTOR(0x00, 0x0f, 0xac, 2)

components/wpa_supplicant/src/esp_supplicant/esp_wifi_driver.h

@@ -27,17 +27,17 @@
 #define WPA2_TASK_STACK_SIZE  (6144 + TASK_STACK_SIZE_ADD)
 #define WPS_TASK_STACK_SIZE  (12288 + TASK_STACK_SIZE_ADD)
 
-enum {
-    WIFI_WPA_ALG_NONE = 0,
-    WIFI_WPA_ALG_WEP40 = 1,
-    WIFI_WPA_ALG_TKIP = 2,
-    WIFI_WPA_ALG_CCMP = 3,
-    WIFI_WPA_ALG_WAPI = 4,
+enum wpa_alg{
+    WIFI_WPA_ALG_NONE   = 0,
+    WIFI_WPA_ALG_WEP40  = 1,
+    WIFI_WPA_ALG_TKIP   = 2,
+    WIFI_WPA_ALG_CCMP   = 3,
+    WIFI_WAPI_ALG_SMS4  = 4,
     WIFI_WPA_ALG_WEP104 = 5,
-    WIFI_WPA_ALG_WEP,
-    WIFI_WPA_ALG_IGTK,
-    WIFI_WPA_ALG_PMK,
-    WIFI_WPA_ALG_GCMP
+    WIFI_WPA_ALG_WEP    = 6,
+    WIFI_WPA_ALG_IGTK   = 7,
+    WIFI_WPA_ALG_PMK    = 8,
+    WIFI_WPA_ALG_GCMP   = 9,
 };
 
 typedef enum {
@@ -72,7 +72,9 @@ enum {
     WPA2_AUTH_PSK_SHA256= 0x08,
     WPA3_AUTH_PSK       = 0x09,
     WPA2_AUTH_ENT_SHA256= 0x0a,
-    WPA2_AUTH_INVALID   = 0x0b,
+    WAPI_AUTH_PSK       = 0x0b,
+    WAPI_AUTH_CERT      = 0x0c,
+    WPA2_AUTH_INVALID   = 0x0d,
 };
 
 typedef enum {
@@ -232,6 +234,7 @@ int esp_wifi_register_wpa2_cb_internal(struct wpa2_funcs *cb);
 int esp_wifi_unregister_wpa2_cb_internal(void);
 bool esp_wifi_sta_prof_is_wpa2_internal(void);
 bool esp_wifi_sta_prof_is_wpa3_internal(void);
+bool esp_wifi_sta_prof_is_wapi_internal(void);
 esp_err_t esp_wifi_sta_wpa2_ent_disable_internal(wifi_wpa2_param_t *param);
 esp_err_t esp_wifi_sta_wpa2_ent_enable_internal(wifi_wpa2_param_t *param);
 esp_err_t esp_wifi_set_wpa2_ent_state_internal(wpa2_ent_eap_state_t state);

components/wpa_supplicant/src/esp_supplicant/esp_wpa_main.c

@@ -80,6 +80,8 @@ void  wpa_config_profile(void)
         wpa_set_profile(WPA_PROTO_WPA, esp_wifi_sta_get_prof_authmode_internal());
     } else if (esp_wifi_sta_prof_is_wpa2_internal() || esp_wifi_sta_prof_is_wpa3_internal()) {
         wpa_set_profile(WPA_PROTO_RSN, esp_wifi_sta_get_prof_authmode_internal());
+    } else if (esp_wifi_sta_prof_is_wapi_internal()) {
+        wpa_set_profile(WPA_PROTO_WAPI, esp_wifi_sta_get_prof_authmode_internal());
     } else {
         WPA_ASSERT(0);
     }
@@ -224,6 +226,7 @@ static inline void esp_supplicant_common_init(struct wpa_funcs *wpa_cb)
 
 int esp_supplicant_init(void)
 {
+    int ret = ESP_OK;
     struct wpa_funcs *wpa_cb;
 
     wpa_cb = (struct wpa_funcs *)os_malloc(sizeof(struct wpa_funcs));
@@ -255,7 +258,11 @@ int esp_supplicant_init(void)
 
     esp_wifi_register_wpa_cb_internal(wpa_cb);
 
-    return ESP_OK;
+#if CONFIG_WPA_WAPI_PSK
+    ret =  esp_wifi_internal_wapi_init();
+#endif
+
+    return ret;
 }
 
 int esp_supplicant_deinit(void)

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -104,6 +104,9 @@ wifi_cipher_type_t cipher_type_map_supp_to_public(unsigned wpa_cipher)
     case WPA_CIPHER_AES_128_CMAC:
         return WIFI_CIPHER_TYPE_AES_CMAC128;
 
+    case WPA_CIPHER_SMS4:
+        return WIFI_CIPHER_TYPE_SMS4;
+
     default:
         return WIFI_CIPHER_TYPE_UNKNOWN;
     }
@@ -133,6 +136,9 @@ unsigned cipher_type_map_public_to_supp(wifi_cipher_type_t cipher)
     case WIFI_CIPHER_TYPE_AES_CMAC128:
         return WPA_CIPHER_AES_128_CMAC;
 
+    case WIFI_CIPHER_TYPE_SMS4:
+        return WPA_CIPHER_SMS4;
+
     default:
         return WPA_CIPHER_NONE;
     }
@@ -663,11 +669,11 @@ int   wpa_supplicant_install_ptk(struct wpa_sm *sm)
 
     switch (sm->pairwise_cipher) {
     case WPA_CIPHER_CCMP:
-        alg = WPA_ALG_CCMP;
+        alg = WIFI_WPA_ALG_CCMP;
         keylen = 16;
         break;
     case WPA_CIPHER_TKIP:
-        alg = WPA_ALG_TKIP;
+        alg = WIFI_WPA_ALG_TKIP;
         keylen = 32;
         break;
     case WPA_CIPHER_NONE:
@@ -720,7 +726,7 @@ int   wpa_supplicant_check_group_cipher(int group_cipher,
             break;
         }
         *key_rsc_len = 6;
-        *alg = WPA_ALG_CCMP;
+        *alg = WIFI_WPA_ALG_CCMP;
         break;
     case WPA_CIPHER_TKIP:
         if (keylen != 32 || maxkeylen < 32) {
@@ -728,7 +734,7 @@ int   wpa_supplicant_check_group_cipher(int group_cipher,
             break;
         }
         *key_rsc_len = 6;
-        *alg = WPA_ALG_TKIP;
+        *alg = WIFI_WPA_ALG_TKIP;
         break;
     case WPA_CIPHER_WEP104:
         if (keylen != 13 || maxkeylen < 13) {
@@ -736,7 +742,7 @@ int   wpa_supplicant_check_group_cipher(int group_cipher,
             break;
         }
         *key_rsc_len = 0;
-        *alg = WPA_ALG_WEP104;
+        *alg = WIFI_WPA_ALG_WEP104;
         break;
     case WPA_CIPHER_WEP40:
         if (keylen != 5 || maxkeylen < 5) {
@@ -744,7 +750,7 @@ int   wpa_supplicant_check_group_cipher(int group_cipher,
             break;
         }
         *key_rsc_len = 0;
-        *alg = WPA_ALG_WEP40;
+        *alg = WIFI_WPA_ALG_WEP40;
         break;
     default:
         #ifdef DEBUG_PRINT
@@ -2113,6 +2119,8 @@ void wpa_set_profile(u32 wpa_proto, u8 auth_mode)
         sm->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
     } else if (auth_mode == WPA3_AUTH_PSK) {
          sm->key_mgmt = WPA_KEY_MGMT_SAE; /* for WPA3 PSK */
+    } else if (auth_mode == WAPI_AUTH_PSK) {
+         sm->key_mgmt = WPA_KEY_MGMT_WAPI_PSK; /* for WAPI PSK */
     } else {
         sm->key_mgmt = WPA_KEY_MGMT_PSK;  /* fixed to PSK for now */
     }
@@ -2251,7 +2259,7 @@ wpa_sm_set_key(struct install_key *key_sm, enum wpa_alg alg,
     struct wpa_sm *sm = &gWpaSm;
 
     /*gtk or ptk both need check countermeasures*/
-    if (alg == WPA_ALG_TKIP && key_len == 32) {
+    if (alg == WIFI_WPA_ALG_TKIP && key_len == 32) {
         /* Clear the MIC error counter when setting a new PTK. */
         key_sm->mic_errors_seen = 0;
     }

components/wpa_supplicant/src/rsn_supp/wpa_ie.c

@@ -33,10 +33,13 @@
 int  wpa_parse_wpa_ie(const u8 *wpa_ie, size_t wpa_ie_len,
 		     struct wpa_ie_data *data)
 {
-	if (wpa_ie_len >= 1 && wpa_ie[0] == WLAN_EID_RSN)
-		return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data);
-	else
-		return wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, data);
+    if (wpa_ie_len >= 1 && wpa_ie[0] == WLAN_EID_RSN) {
+        return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data);
+    } else if (wpa_ie[0] == WLAN_EID_WAPI) {
+        return 0;
+    }
+
+    return wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, data);
 }
 
 
@@ -280,17 +283,20 @@ static int  wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
  */
 int  wpa_gen_wpa_ie(struct wpa_sm *sm, u8 *wpa_ie, size_t wpa_ie_len)
 {
-    if (sm->proto == WPA_PROTO_RSN)
+    if (sm->proto == WPA_PROTO_RSN) {
         return wpa_gen_wpa_ie_rsn(wpa_ie, wpa_ie_len,
                       sm->pairwise_cipher,
                       sm->group_cipher,
                       sm->key_mgmt, sm->mgmt_group_cipher,
                       sm);
-    else
-        return wpa_gen_wpa_ie_wpa(wpa_ie, wpa_ie_len,
-                      sm->pairwise_cipher,
-                      sm->group_cipher,
-                      sm->key_mgmt);
+    } else if (sm->proto == WPA_PROTO_WAPI) {
+        return 0;
+    }
+
+    return wpa_gen_wpa_ie_wpa(wpa_ie, wpa_ie_len,
+                    sm->pairwise_cipher,
+                    sm->group_cipher,
+                    sm->key_mgmt);
 }