Commit Graph

492 Commits

Author SHA1 Message Date
Sarvesh Bodakhe
02d6704a30 fix(wpa_supplicant): Improve execution flow for WPS registrar public APIs
Make sure that WPS registrar public APIs do not modify supplicant
data in application task context. Execute API functionlity in eloop
context to prevent protential race conditions.
2024-03-18 12:44:59 +05:30
Sarvesh Bodakhe
e1502fb99e fix(wifi): Avoid dereferencing a dangling function pointer in WPS supplicant
Avoid dereferencing a dangling function pointer in 'eap_server_sm_deinit()'.
This issue arises when hostap unregisteres EAP methods before it removes
the server state machine for station.
2024-03-18 12:44:53 +05:30
Kapil Gupta
6f9cc06b30 fix(wpa_supplicant): (PEAP client) Update Phase 2 auth requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases
2024-03-15 13:22:10 +05:30
Sarvesh Bodakhe
344c5d1fce fix(wifi): fix bug in 'esp_wifi_deauthenticate_internal' and other improvements 2024-03-14 11:24:27 +05:30
Sarvesh Bodakhe
e5059dffec fix(wpa_supplicant): Add some bugfixes in wpa_supplicant
1) Add parameter to configure reason code of deauth frame
2) Add logs to indicate MIC failure 4-Way-Handshake
3) Process RSNXE capabilities only if AP advertises them
2024-03-14 11:23:05 +05:30
Sarvesh Bodakhe
1d8b484cce fix(esp_wifi): Reduce memory footprint for scan when SAE-PK is enabled
Use bss information cached in wifi library to get RSNXE capabilities
instead of storing bss information again in supplicant and accessing it.
2024-03-13 10:48:07 +05:30
Jiang Jiang Jian
4febc6ef70 Merge branch 'bugfix/fix_esp_wifi_scan_start_memory_leakage_issue_v5.1' into 'release/v5.1'
fix(wifi): fix esp_wifi_scan_start memory leakage issue(Backport v5.1)

See merge request espressif/esp-idf!29476
2024-03-11 15:27:54 +08:00
muhaidong
3a2f9feec3 fix(wifi): fix esp_wifi_scan_start memory leakage issue
Closes https://github.com/espressif/esp-idf/issues/10693
2024-03-11 10:49:18 +08:00
aditi_lonkar
b5c19506d1 fix(wpa_supplicant):Add MBO config flag for mbo apis 2024-03-11 10:43:49 +08:00
Jiang Jiang Jian
6481fdf05e Merge branch 'bugfix/esp32c2_eap_auth_v5.1' into 'release/v5.1'
fix(wifi): Added low heap usage Kconfig option for eap enterprise (v5.1)

See merge request espressif/esp-idf!28825
2024-02-27 19:59:52 +08:00
Kapil Gupta
8a01702d65 fix(wifi): add low memory options for eap enterprise 2024-02-01 10:05:06 +05:30
Kapil Gupta
0cd6a05fdf fix(wifi): Add support to move supplicant BSS to external memory 2024-01-27 10:54:26 +05:30
jgujarathi
f33c32dc05 fix(wpa_supplicant): Move concurrent wps and dpp check to before creating task
- Move the check for checking concurrent wps and dpp check to before creating
  task rather than after.
2024-01-03 13:46:41 +05:30
jgujarathi
078da4b2d2 fix(wpa_supplicant): Fix a crash in esp_wifi_wps_disable
- Fixes a crash observed in esp_wifi_wps_disable when wps process
  is ongoing, caused due to concurrency issues in cancelling timers.
2024-01-03 13:46:41 +05:30
jgujarathi
a65cb7669c fix(wpa_supplicant): Add support for a dpp authentication timeout
- Adds support for a 1 second dpp authentication timeout.
2024-01-03 13:46:41 +05:30
jgujarathi
dcc14e8c15 fix(wpa_supplicant): Restructuring DPP init method to ensure cleanup
- Restructuring DPP init function to ensure cleanup of variables in case of
  init failure
2024-01-03 13:46:40 +05:30
jgujarathi
5e20319831 fix(wpa_supplicant): Fix location of clearing up dpp global variables
- Fix location of cleaing up dpp global variables to ensure that there are
  no concurrency issues.
2024-01-03 13:46:40 +05:30
jgujarathi
c3518e0c87 fix(wpa_supplicant): Fix a memory leak in dpp deinit path
- Ensures that the auth information of dpp gets freed when there is
  dpp gets deinited.
2024-01-03 13:46:40 +05:30
aditi_lonkar
4dd0805a6e fix(esp_wifi):Fix WDT when esp_supp_dpp_start_listen called multiple times 2024-01-03 13:46:38 +05:30
muhaidong
1881900781 fix(wifi): allow some special igtk keyindx to workaround faulty APs 2023-12-19 19:15:49 +08:00
Sarvesh Bodakhe
d1e31a4194 fix(esp_wifi): Fix issue of station disconnecting immediately when AP RSSI is zero 2023-12-11 14:58:16 +05:30
Kapil Gupta
0c3440a5bc fix(wifi): Disallow DPP and WPS concurrency 2023-11-16 12:35:19 +05:30
Kapil Gupta
5d5dac7754 fix(wpa_supplicant): memzero wifi config before sending config event 2023-11-16 12:35:15 +05:30
Jiang Jiang Jian
8df1e1ae66 Merge branch 'bugfix/install_key_issue_v5.1' into 'release/v5.1'
WiFI: Fix key install issue in PTK renew (v5.1)

See merge request espressif/esp-idf!26851
2023-11-02 14:18:42 +08:00
Kapil Gupta
095eae5fa3 fix(wpa_supplicant): Correct iv lenght passed in mbedtls_cipher_set_iv() 2023-11-01 18:02:29 +05:30
Jiang Jiang Jian
8dd9310925 Merge branch 'bugfix/fix_compilation_issue_v5.1' into 'release/v5.1'
fix(wpa_supplicant): Fix compilation issue in EAP disabled (v5.1)

See merge request espressif/esp-idf!26727
2023-11-01 15:40:55 +08:00
Shreyas Sheth
6c5b3c5d4c fix(wifi): wpa3 softap fix deauth when assoc req recv before sae is finished 2023-10-31 15:47:07 +05:30
Kapil Gupta
d9b36afbe6 fix(wpa_supplicant): Fix compilation issue in EAP disabled 2023-10-27 18:08:16 +05:30
Kapil Gupta
99e7db4ce5 fix(wpa_supplicant): implement sha1_finish for fastpbkdf2 2023-10-26 13:30:01 +05:30
Jiang Jiang Jian
55d3bc2d37 Merge branch 'bugfix/wps_condition_chain_v5.1' into 'release/v5.1'
fix(wifi): Fix static analyzer warning for WPS code (v5.1)

See merge request espressif/esp-idf!26494
2023-10-19 13:51:57 +08:00
Kapil Gupta
5457c4c0b8 fix(wifi): Fix static analyzer warning for WPS code 2023-10-18 17:54:40 +05:30
jgujarathi
143079bfd7 fix(wpa_supplicant/dpp): Ensure dpp follows init->bootstrap->listen path
- esp_supp_dpp_init : Ensures that the mode is set to station before
  the API call.
- Ensures that dpp follows the path of init(esp_supp_dpp_init) ->
  bootstrap(esp_supp_dpp_bootstrap_gen) -> listen(esp_supp_dpp_start_listen)
  by returning errors if any of them is invoked out of order.
2023-10-17 14:27:14 +05:30
aditi_lonkar
cc3b0d9f49 fix(wpa_supplicant): Fix few dpp bugs
1) Fix crash in dpp Listen without bootstrap
  2) Fix crash on receiving dpp auth_req from hostapd with dpp akm
2023-10-17 14:27:14 +05:30
Jiang Jiang Jian
face850973 Merge branch 'feature/rename_wpa2_ent_to_eap_client_v5.1' into 'release/v5.1'
WiFi: Rename WPA2 enterprise APIs to EAP Client. (v5.1)

See merge request espressif/esp-idf!26082
2023-09-26 13:30:52 +08:00
Kapil Gupta
52120cde26 change(wifi): Add supplicant's public API header files to doc 2023-09-25 10:54:52 +05:30
jgujarathi
3d056fd748 fix(esp_wifi): Fix issues with extended caps IE, scan and HT40 mode
-Merges the addition of extended caps IE for assoc req, probe resp
 and beacons in a single place. This ensures that there are no
 duplicate Extended Caps IE in the frame. Moves the capability
 indication for BTM and HT20/40 from supplicant to wifi libs.

-Fix issue with frequent disconections when scanning for only a single
 channel.

-Prints error message and returns ESP_ERR_NOT_SUPPORTED in case
 esp32c2 tries to set bandwidth to HT40.
2023-09-20 19:44:57 +08:00
Kapil Gupta
981086ba30 change(esp_wifi): Rename WiFi enterprise connection APIs 2023-09-20 17:06:59 +05:30
Shreyas Sheth
05915fee6e docs(wifi): Update wifi and wifi security documentation
1. Update documentation for WPA3 Enterprise and WPA3 Enterprise 192-bit
mode
2. Update documentation for WPA3 OWE and OWE transition mode
3. Update documentation related to SAE PK, SAE PWE and Transition Disable
4. Update documnetation for wifi connect API
5. Fix config paramter information for wifi scan start
6. Fix documentation related to scan threshold config setting
7. Replace ESP_ERR_WIFI_ARG error code as ESP_ERR_INVALID_ARG
8. Update documentation for 802.11R Fast transition
2023-09-14 10:14:13 +08:00
Kapil Gupta
fc9ce3b5f4 ci(esp_wifi): unit test for fast PBKDF2 validation 2023-09-13 16:33:19 +08:00
Kapil Gupta
4756c22ffa change(esp_wifi): Port fast_pbkdf2 implementation for mbedlts
Add changes to use fast_pbkdf2 as default for PMK calculations.
fast_pbkdf2 is significantly faster than current implementations
for esp chips.

Also removes unnecessary code for pbkdf-sha256 and pbkdf-sha512.
2023-09-13 16:33:19 +08:00
Kapil Gupta
e62d11ef41 change(esp_wifi): Copy fastpbkdf2 implementation
Copy pbkdf2 implementation from https://github.com/ctz/fastpbkdf2(3c56895)
2023-09-13 16:33:19 +08:00
Jiang Jiang Jian
111779db5a Merge branch 'feature/configurable_wpa2_ent_v5.1' into 'release/v5.1'
Make enterprise support configurable to save binary size.(v5.1)

See merge request espressif/esp-idf!25558
2023-09-13 10:18:05 +08:00
Jiang Jiang Jian
0c27d2467d Merge branch 'bugfix/pbc_overlap_in_wps_pin_method_v5.1' into 'release/v5.1'
Fix for issue of wps-pbc overlap in wps-pin method(v5.1)

See merge request espressif/esp-idf!25695
2023-09-11 12:12:29 +08:00
Jiang Jiang Jian
1d91310e0f Merge branch 'bugfix/wps_wpa3_passphrase_v5.1' into 'release/v5.1'
WiFi: get passphrase in WPS if AP support SAE (v5.1)

See merge request espressif/esp-idf!25885
2023-09-11 10:54:18 +08:00
Kapil Gupta
797ec25a3f fix(wifi): Get passphrase in WPS if AP support SAE
Also add changes to send NACK if WPS message received twice.
2023-09-08 15:21:56 +05:30
aditi_lonkar
8254175931 wpa_supplicant: Fix for issue of wps-pbc overlap in wps-pin method 2023-09-07 15:14:35 +05:30
Kapil Gupta
397206d050 change(wifi): Reduce BSS logging in wpa_supplicant 2023-09-07 10:19:02 +05:30
Jiang Jiang Jian
3eed68cc9c Merge branch 'bugfix/update_supplicant_copyrights_v5.1' into 'release/v5.1'
Update copyright info for wpa_supplicant (v5.1)

See merge request espressif/esp-idf!25526
2023-08-28 13:49:25 +08:00
Jiang Jiang Jian
4299b9346b Merge branch 'bugfix/supplicant_osi_violation_v5.1' into 'release/v5.1'
Fix abstraction violation in wpa_supplicant (Backport v5.1)

See merge request espressif/esp-idf!25565
2023-08-28 10:30:37 +08:00
Nachiket Kukade
c15472b12e fix(supplicant): Fix abstraction violation in wpa_supplicant 2023-08-25 12:30:44 +05:30