H/W decryption of Mgmt frames was disabled for PMF and done through
S/W. If ESPNOW packets go through this path, it affects backward
compatibility since method of decrypting Mgmt packets is different in H/W.
To address PMF + ESPNOW Co-existance, CCMP decryption method is modified
for ESPNOW packets so that they can be decrypted correctly. Since Tx
of ESPNOW packets can still be done in H/W alongside PMF, no change
required in encryption method in S/W.
Co-Authored-By: Nachiket Kukade <nachiket.kukade@espressif.com>
Co-Authored-By: zhangyanjiao <zhangyanjiao@espressif.com>
Co-Authored-By: kapil.gupta <kapil.gupta@espressif.com>
wpa_supplicant: add support for PAP, MS-CHAP and CHAP as Phase 2 algorithms for TTLS alongside MS-CHAPv2
Closes FCS-361
See merge request espressif/esp-idf!8816
Add following changes as part of this:
1. EAP client will crash during validation of key size when CA
certs and keys not present. Add changes to validate it first.
2. Free memory allocated in TLS context
1. If Device is connected to AP in WPA3-PSK mode, AP switching
security to WPA2-PSK causes connection failures even after reset.
Fix is to not store WPA3's PMK in NVS for caching.
2. AP switching back to WPA3 causes even more connection failures.
This is due to device not clearing Supplicant level PMK Cache when
it is no longer valid. Fix is to clear the Cache when 4-way handshake
fails and to check Key Mgmt of Cache before using.
3. When AP switches from WPA3 to WPA2, device's PMF config in
Supplicant remains enabled. This may cause failures during
4-way handshake. So clear PMF config in when PMF is no longer used.
WPS can send multiple AP credentials, while existing implementation
will only use the first credentials which could be for the 5G band.
Fix this by passing these credentials to the App and attempting
to connect using each of those. Older Apps will remain compatible
without breaking WPS, but the issue will remain.
Curretly wpa_supplicant uses internal APIs for RSA operations
which internally uses lots of big num operations.
Big num operations are CPU expensive and can take a lot of time
which can cause watchdog timer to tigger.
This can be optimize by using mbedtls APIs which uses
hardware blocks for big num operations.
To fix this, write new crypto_mbedtls-rsa.c which has APIs
similar to crypto_internal-rsa.c but uses mbedtls APIs.
In case of wrong passpharse, AP will keep on sending 1/4 multiple
times which may take around 10 secs to disconnect and detect
wrong password event.
Add changes to reject EAPOL1 after 3 consecutive reception
Some AP's keep NULL-padding at the end of some variable length WPS
Attributes. This is not as par the WPS2.0 specs, but to avoid interop
issues, ignore the padding by reducing the attribute length by 1.
1. Buffers for SAE messages are not freed after the handshake.
This causes memory leak, free buffers after SAE handshake.
2. SAE global data is not freed until the next WPA3 connection
takes place, holding up heap space without reason. Free this
data after SAE handshake is complete or event fails.
3. Update wifi lib which includes memory leak fix during BIP
encryption/decryption operations.
Add files required for DPP feature from upstream.
These file expose the functionality to create DPP packets.
Ported crypto layer from openssl to mbedtls.
Interfacing to use these API will be added in seperate commit
This is a regression from earlier commit related to TLSV12 which used
sha functions that are currently declared static.
Solution: Follow upstream code structure and resolve the errors.
Problem:
mbedtls_ctr_drbg_context was initialized in crypto_ec_point_mul. This
was okay in releases before 2.16.4 as entropy_len used to get set to
MBEDTLS_CTR_DRBG_ENTROPY_LEN in function mbedtls_ctr_drbg_seed. The
function is now changed to set the length to
MBEDTLS_CTR_DRBG_ENTROPY_LEN if previous length is 0 and hence the bug.
Solution:
Initialize mbedtls_ctr_drbg_context in crypto_ec_point_mul.
