Commit Graph

54 Commits

Author SHA1 Message Date
gauri patankar
bc992d7975 wpa_supplicant: Move SAE modules into dragonfly files 2022-10-12 14:52:08 +05:30
Ivan Grokhotkov
401c10ecfb build system: re-add -Wno-format as private flag for some components 2022-08-03 16:42:47 +04:00
Jiang Jiang Jian
371a935e76 Merge branch 'bugfix/wpa2_enterprise_issues' into 'master'
esp_wifi: WPA2 enterprise related changes

Closes WIFI-4579

See merge request espressif/esp-idf!19162
2022-07-22 13:56:41 +08:00
Kapil Gupta
951928960b esp_wifi: WPA2 enterprise related changes
1. Removed DHE ciphers when mbedTLS is disabled since they take
too much processing power.
2. Removed support of SHA384 and SHA512 when mbedTLS is disabled
due to too much processing needed.
3. Fixed bugs in crypto_hash_init API which was causing
EAP connections to fail when mbedTLS was enabled.
4. Cleaned some code of crypto_hash_***
2022-07-21 13:33:18 +05:30
David Cermak
5c383d7b73 esp_netif/lwip: Fix deps cycles to "lwip -> esp_netif -> phy-drivers"
Fix dependency tree so that lwip doesn't depend on any specific network
interface component.
Network interface drivers shall depend on esp_netif.
esp_netif shall depend on lwip (but not on any specific interface
driver) -- it optionally depends on vfs and esp_eth (need ethernet
header for L2/bridge mode)
2022-07-20 14:59:07 +02:00
Shyamal Khachane
6d55761f60 OWE support for station 2022-06-15 17:20:24 +05:30
Laukik Hase
28ac0b12fb
mbedtls: Remove deprecated options from mbedtls/esp_config.h
- Removed options related to RC4 ciphersuite, SSL3 and TLS1
  (as per mbedtls v3.1.0)
2022-05-28 10:21:06 +05:30
Kapil Gupta
a6811adac7 wpa_supplicant: Add WPS registrar support for softAP mode 2022-05-24 12:11:53 +05:30
Kapil Gupta
c2429f1cf9 wpa_supplicant: sync eap code with upstream 2022-05-13 12:57:47 +08:00
Kapil Gupta
36321fda82 Merge branch 'feature/eloop_timer' into 'master'
wpa_supplicant: Add timer based eloop implementation

See merge request espressif/esp-idf!17430
2022-05-12 12:30:44 +08:00
Kapil Gupta
ecc87cfc8d wpa_supplicant: wps code updation
Update WPS code with upstream. Also moved ESP specific code
in another esp code folder.
2022-05-11 12:18:52 +00:00
Kapil Gupta
d06daee350 wpa_supplicant: Add timer based eloop implementation 2022-05-11 17:45:23 +05:30
kapil.gupta
3d5ca7ee6e wpa_supplicant: Add support for FT psk 2022-05-01 16:16:51 +05:30
Kapil Gupta
f57ccaabee esp_example: Enable MbedTLS for DPP enrollee by default 2022-01-28 13:53:39 +08:00
Hrudaynath Dhabe
5f96a6ffd2 esp_wifi: Add support for EAP-FAST authentication method 2021-11-22 17:33:36 +05:30
Zhang Jun Hao
a568b4fddf esp_wifi: support station only mode for code size down 2021-10-27 11:48:22 +08:00
Kapil Gupta
797c7144bd esp_wifi: Add support for GCMP and GMAC ciphers 2021-10-12 20:48:51 +08:00
Kapil Gupta
834afad47e esp_wifi: Add support for MBO certification 2021-10-04 15:56:14 +08:00
Kapil Gupta
393a9d5a94 wpa_supplicant: Update internal tls client with sha384/sha512 support
Add support for validating certificates with SHA384 and SHA512 hashes.
2021-09-13 14:11:55 +05:30
Kapil Gupta
e667d1af2e wpa_supplicant: bypass sonar checks for upstream code 2021-07-22 14:12:22 +08:00
Kapil Gupta
d3d977617b wpa_supplicant: Add WPS strict in config option
WPS strict disables workarounds with different APs and may cause
IOT issues. Remove this as default and introduce as a config option.

Also declare esp device as single band mobile device otherwise
WFA sniffer was not able to identify it in the certification setup.
2021-06-24 16:15:15 +08:00
David Cermak
02ac1baee4 wpa_supplicant: Temporarily disable write-string warning
Since some assignment of a string literal to `char *` variables were
added and not caught by the CI.
2021-06-10 22:22:48 +08:00
kapil.gupta
ad7cb5f5c1 wpa_supplicant: Write Crypto API based on mbedtls
This commit add following crypto changes

1. Update current crypto code with upstream supplicant code
2. Add a proper porting layer to use mbedtls APIs for all the crypto
   operations used by supplicant.

Internal crypto will be used when USE_MBEDLTS flag is disabled
in supplicant's menuconfig.

This commit also removes the clutter in crypto files due to partial
porting of some APIs to mbedtls, all the code from those files have
been removed and rewritten in a generic way, this is inspired from
current upstream code.

This also reduces the lib size significantly, supplicant's lib
size reduces around ~567kb after this change(NB: lib size doesn't
indicate reduction in final bin size).
2021-05-04 10:54:57 +00:00
Nachiket Kukade
87205dc2f4 Add DPP Enrollee Support
1. Modify DPP Protocol modules for our purpose
2. Add DPP supplicant task and modules to handle DPP frames
3. Add DPP Public API's and definitions for DPP
2021-01-25 13:24:21 +05:30
zhangyanjiao
c0f4fdfd4d wpa_supplicant: Use WPA3 flag to reduce code size
Flag ESP32_WIFI_ENABLE_WPA3_SAE from Menuconfig is used to
control the stack size required by WPA3. Use the same flag
to compile out the WPA3 code and control the code size.
With this flag disabled code footprint reduces by about 7.7kB
in libwpa_supplicant.a
Update WiFi libs with added checks to cleanly handle disabling
of WPA3 callbacks.

Closes https://github.com/espressif/esp-idf/issues/5971
2020-11-23 14:28:12 +08:00
kapil.gupta
27101f9454 wpa_supplicant: Add initial roaming support
This commit adds different features from 802.11k and 802.11v
specifications to make the device ready for network assisted
roaming. It also adds initial framework for device to detect
whether it needs to move to a better AP.

Followings are added as part of this.

1. Support for sending neighbor report request and provide
   the report back to the APP.
2. Support for beacon measurement report.
3. Support for link measurement report.
4. Support for sending bss transition management query frame
   (triggered by the APP).
5. Support for bss transition management request and move
   to the candidate based on that.
6. Sending the bss transition management response.
2020-11-17 17:15:26 +05:30
Angus Gratton
bc1cca2bf8 wpa_supplicant: Fix failure to link under some circumstances
Depending on CMake internals, the wpa_supplicant library may need to be repeated
multiple times in the linker command line.

Closes https://github.com/espressif/esp-idf/issues/5641
2020-10-13 18:25:29 +11:00
kapil.gupta
bd2815db10 wpa_supplicant: Support for mbedtls tls handshake
Add support for mbedtls based tls handshake, this removes
dependency from internal implementation of EAP client.
2020-06-26 17:20:22 +05:30
kapil.gupta
1cabd06f0c wpa_supplicant: Replace internal RSA APIs by mbedtls APIs
Curretly wpa_supplicant uses internal APIs for RSA operations
which internally uses lots of big num operations.

Big num operations are CPU expensive and can take a lot of time
which can cause watchdog timer to tigger.

This can be optimize by using mbedtls APIs which uses
hardware blocks for big num operations.

To fix this, write new crypto_mbedtls-rsa.c which has APIs
similar to crypto_internal-rsa.c but uses mbedtls APIs.
2020-06-07 15:31:12 +00:00
Nachiket Kukade
59e8e407a0 wpa_supplicant: Disable TLSv1.2 by default
Some Enterprise Authentication Servers do not support TLS v1.2.
Move this option to Menuconfig and disable by default.
2020-04-28 10:05:35 +05:30
kapil.gupta
ab784bb53a wpa_supplicant: Port dpp feature from supplicant
Add files required for DPP feature from upstream.
These file expose the functionality to create DPP packets.
Ported crypto layer from openssl to mbedtls.

Interfacing to use these API will be added in seperate commit
2020-04-14 18:53:35 +05:30
Sagar Bijwe
a830ddd9ba wpa_supplicant: Fix wpa_supplicant TLS 1.2 issues
1) Fixed compilation issues.
2) Added tlsprf.c from upstream
3) Enabled SHA256 in supplicant compilation.
2020-03-31 17:16:10 +05:30
Konstantin Kondrashov
739eb05bb9 esp32: add implementation of esp_timer based on TG0 LAC timer
Closes: IDF-979
2020-02-06 14:00:18 +08:00
Nachiket Kukade
f2e37c4ca8 wpa_supplicant: Support WPA3 4-way handshake, add config option
1. Add changes in 4-way handshake path to allow SAE key mgmt.
2. Support for configuring WAP3 at init time, added Kconfig option.
3. Handle and propagate error conditions properly.
4. Link changes from WiFi library.
2019-11-26 10:59:55 +05:30
Nachiket Kukade
da07b2b4a7 wpa_supplicant: Add SAE handshake support for WPA3-PSK
Under WPA3-Personal, SAE authentication is used to derive PMK
which is more secure and immune to offline dictionary attacks.
1. Add modules to generate SAE commit/confirm for the handshake
2. Add modules that build and parse SAE data in Auth frames
3. Add WPA3 association and key mgmt definitions
4. Invert y-bit while solving for ECC co-ordinate -
     Once an X co-ordinate is obtained, solving for Y co-ordinate
     using an elliptical curve equation results in 2 possible values,
     Y and (P - Y), where p is the prime number. The co-ordinates are
     used for deriving keys in SAE handshake. As par the 802.11 spec
     if LSB of X is same as LSB of Y then Y is chosen, (P - Y) otherwise.
     This is not what is implemented, so fix this behavior to obtain the
     correct Y co-ordinate.
2019-11-26 04:24:57 +00:00
Sagar Bijwe
aceb141d2b wpa_supplicant: Adding SAE modules with testcase
This change ports SAE(Simultaneous Authentication of Equals)
feature from wpa_supplicant and makes it work with mbedtls
crypto APIs. Currently only group 19 is supported. A sample
SAE handshake is included in the testcase. Other minor
changes for DH groups are also included.
2019-11-26 04:24:57 +00:00
Nachiket Kukade
75ea0df916 Add encryption/decryption support for PMF
1. Add CCMP, AES crypto modules for unicast protected Mgmt frames
2. Add support for computing SHA256 MIC on Bcast Mgmt frames
3. Add support for storing iGTK during 4-way handshake.
4. Provide APIs to MLME for utilizing the SW crypto modules
5. Link PMF changes from WiFi library submodule
2019-11-25 04:11:09 +00:00
Nachiket Kukade
773e095a65 Add support for PMF configuration and negotiation
1. Add APIs for configuring PMF through set config.
2. Map Supplicant and Wifi Cipher types.
3. Add support for PMF negotiation while generating RSN IE.
2019-11-25 04:11:09 +00:00
Sagar Bijwe
bd5d086475 wifi: Add PMK caching feature for station WPA2-enterprise
1) Added PMK caching module from wpa_supplicant.
2) Modified wpa_sm to
    a) Add entry to PMK cache when first time associated to an AP.
    b) Maintain entry across the associations.
    c) Clear current PMKSA when deauth happens.
    d) Search for an entry when re-associating to the same AP and
       set it as current PMKSA
    e) Wait for msg 1/4 from AP instead of starting EAP authentication.
    f) Check PMKID in msg 1 with current PMKSA/cache.
    g) Use the cached PMK to complete 4-way handshake.
3) Remove config_bss callback as it was redundant and used to cause
   problems for PMK caching flow.

Closes IDF-969
2019-10-31 10:51:30 +00:00
Nachiket Kukade
9ec363a25d wpa_supplicant: Make internally used crypto headers private
A lot of internally used crypto headers are publicly includeable
in user projects. This leads to bug reports when these headers
are incorrectly used or the API's are not used as intended.

Move all crypto headers into private crypto src folder, also move
crypto_ops into Supplicant to remove dependecy on crypto headers.

Closes IDF-476
2019-08-17 11:48:37 +00:00
Nachiket Kukade
900df44546 wpa_supplicant: Cleanup fast_xxx modules that use duplicate code
wpa_supplicant is using MbedTLS API's for crypto algorithms. For
calling them a duplicate set of modules is maintained prepended
with 'fast_'. Remove these and use flag USE_MBEDTLS_CRYPTO
instead to separate modules calling MbedTLS API's from native
implementation.
2019-07-10 14:53:20 +05:30
Deng Xin
c139683024 supplicant/esp_wifi: move supplicant to idf
Move supplicant to idf and do following refactoring:
1. Make the folder structure consitent with supplicant upstream
2. Remove duplicated header files and minimize the public header files
3. Refactor for WiFi/supplicant interfaces
2019-06-29 22:46:52 +08:00
Renz Christian Bagaporo
9b350f9ecc cmake: some formatting fixes
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY
variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
2019-06-21 19:53:29 +08:00
Renz Christian Bagaporo
9eccd7c082 components: use new component registration api 2019-06-21 19:53:29 +08:00
Renz Christian Bagaporo
ffec9d4947 components: update with build system changes 2019-05-13 19:59:17 +08:00
Sagar Bijwe
112244bac4 wpa_supplicant: Implement BIGNUM and ECC crypto wrapper apis for ESP using mbedtls 2018-09-19 11:10:28 +05:30
Renz Christian Bagaporo
d9939cedd9 cmake: make main a component again 2018-09-11 09:44:12 +08:00
Mahavir Jain
fdfe38a779 wpa_supplicant: add missing source dirs to CMake build
Closes: https://github.com/espressif/esp-idf/issues/2168

Signed-off-by: Mahavir Jain <mahavir@espressif.com>
2018-07-12 17:22:47 +05:30
Angus Gratton
4667fb2495 cmake: Compatibility fixes from Mahavir 2018-06-06 16:14:03 +10:00
Angus Gratton
6b9784cc45 Merge branch 'master' into feature/cmake_update 2018-05-31 14:46:23 +10:00