WPS strict disables workarounds with different APs and may cause
IOT issues. Remove this as default and introduce as a config option.
Also declare esp device as single band mobile device otherwise
WFA sniffer was not able to identify it in the certification setup.
1. Add Example for DPP Enrollee
2. Use DPP Supplicant API's to setup connection
3. Add support for multiple channels in Bootstrapping
4. Add Unity testcase for testing Offchannel operations
Closes https://github.com/espressif/esp-idf/issues/5654
1. Modify DPP Protocol modules for our purpose
2. Add DPP supplicant task and modules to handle DPP frames
3. Add DPP Public API's and definitions for DPP
1. Add API's and structures for Remain-onChannel & Action Tx
2. Handling of events and callbacks for the operations
3. Update WiFi lib with related API support
Lock is not required during btm/rrm action frames processing and
taking it may cause inconsistant behavior since wifi task
posts the events to this task.
Flag ESP32_WIFI_ENABLE_WPA3_SAE from Menuconfig is used to
control the stack size required by WPA3. Use the same flag
to compile out the WPA3 code and control the code size.
With this flag disabled code footprint reduces by about 7.7kB
in libwpa_supplicant.a
Update WiFi libs with added checks to cleanly handle disabling
of WPA3 callbacks.
Closes https://github.com/espressif/esp-idf/issues/5971
This commit adds different features from 802.11k and 802.11v
specifications to make the device ready for network assisted
roaming. It also adds initial framework for device to detect
whether it needs to move to a better AP.
Followings are added as part of this.
1. Support for sending neighbor report request and provide
the report back to the APP.
2. Support for beacon measurement report.
3. Support for link measurement report.
4. Support for sending bss transition management query frame
(triggered by the APP).
5. Support for bss transition management request and move
to the candidate based on that.
6. Sending the bss transition management response.
* Target components pull in xtensa component directly
* Use CPU HAL where applicable
* Remove unnecessary xtensa headers
* Compilation changes necessary to support non-xtensa gcc types (ie int32_t/uint32_t is no
longer signed/unsigned int).
Changes come from internal branch commit a6723fc
1. Add STA checks during STA PMF operations
2. Fix WPA2-Ent issue with Open AP
3. Skip WPA-TKIP profile if PMF is required
4. Skip & clear Supplicant PMK Cache with mismatching AP config
1. If Device is connected to AP in WPA3-PSK mode, AP switching
security to WPA2-PSK causes connection failures even after reset.
Fix is to not store WPA3's PMK in NVS for caching.
2. AP switching back to WPA3 causes even more connection failures.
This is due to device not clearing Supplicant level PMK Cache when
it is no longer valid. Fix is to clear the Cache when 4-way handshake
fails and to check Key Mgmt of Cache before using.
3. When AP switches from WPA3 to WPA2, device's PMF config in
Supplicant remains enabled. This may cause failures during
4-way handshake. So clear PMF config in when PMF is no longer used.
WPS can send multiple AP credentials, while existing implementation
will only use the first credentials which could be for the 5G band.
Fix this by passing these credentials to the App and attempting
to connect using each of those. Older Apps will remain compatible
without breaking WPS, but the issue will remain.
In case of wrong passpharse, AP will keep on sending 1/4 multiple
times which may take around 10 secs to disconnect and detect
wrong password event.
Add changes to reject EAPOL1 after 3 consecutive reception
1. Buffers for SAE messages are not freed after the handshake.
This causes memory leak, free buffers after SAE handshake.
2. SAE global data is not freed until the next WPA3 connection
takes place, holding up heap space without reason. Free this
data after SAE handshake is complete or event fails.
3. Update wifi lib which includes memory leak fix during BIP
encryption/decryption operations.
1. Add changes in 4-way handshake path to allow SAE key mgmt.
2. Support for configuring WAP3 at init time, added Kconfig option.
3. Handle and propagate error conditions properly.
4. Link changes from WiFi library.
Under WPA3-Personal, SAE authentication is used to derive PMK
which is more secure and immune to offline dictionary attacks.
1. Add modules to generate SAE commit/confirm for the handshake
2. Add modules that build and parse SAE data in Auth frames
3. Add WPA3 association and key mgmt definitions
4. Invert y-bit while solving for ECC co-ordinate -
Once an X co-ordinate is obtained, solving for Y co-ordinate
using an elliptical curve equation results in 2 possible values,
Y and (P - Y), where p is the prime number. The co-ordinates are
used for deriving keys in SAE handshake. As par the 802.11 spec
if LSB of X is same as LSB of Y then Y is chosen, (P - Y) otherwise.
This is not what is implemented, so fix this behavior to obtain the
correct Y co-ordinate.
1. Add CCMP, AES crypto modules for unicast protected Mgmt frames
2. Add support for computing SHA256 MIC on Bcast Mgmt frames
3. Add support for storing iGTK during 4-way handshake.
4. Provide APIs to MLME for utilizing the SW crypto modules
5. Link PMF changes from WiFi library submodule
1. Add APIs for configuring PMF through set config.
2. Map Supplicant and Wifi Cipher types.
3. Add support for PMF negotiation while generating RSN IE.
1) Added PMK caching module from wpa_supplicant.
2) Modified wpa_sm to
a) Add entry to PMK cache when first time associated to an AP.
b) Maintain entry across the associations.
c) Clear current PMKSA when deauth happens.
d) Search for an entry when re-associating to the same AP and
set it as current PMKSA
e) Wait for msg 1/4 from AP instead of starting EAP authentication.
f) Check PMKID in msg 1 with current PMKSA/cache.
g) Use the cached PMK to complete 4-way handshake.
3) Remove config_bss callback as it was redundant and used to cause
problems for PMK caching flow.
Closes IDF-969
EAP reauth frames are dropped at various stages due to current
implementation of WPA2 ENT states and EAP SM init/deinit logic.
Route EAPOL frames based on EAP pkt type and maintain EAP SM
to facilitate EAP re-authentication process.
The full fix for the change includes a fix from wifi library
(commit - 36f99df849214fbf9b0d15e58554632a568e05aa).