Add following bugfixes
1. Station not able to connect when WPS pin is pressed first on AP.
2. PBC overlap getting detected for selected registrar PIN APs.
3. Station not considering authorised MACs for PIN method.
4. For PIN methodm If no AP is found, station will loop through
APs in its vicinity and try to do WPS with them one by one till
WPS timeout occurs. This is for some APs which do not set
selected registrar correctly.
Current code does not correctly free all pins in wps_free_pins due to the
semicolon at the end of dl_list_for_each_safe(). Fix it.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
WPS strict disables workarounds with different APs and may cause
IOT issues. Remove this as default and introduce as a config option.
Also declare esp device as single band mobile device otherwise
WFA sniffer was not able to identify it in the certification setup.
Flag ESP32_WIFI_ENABLE_WPA3_SAE from Menuconfig is used to
control the stack size required by WPA3. Use the same flag
to compile out the WPA3 code and control the code size.
With this flag disabled code footprint reduces by about 7.7kB
in libwpa_supplicant.a
Update WiFi libs with added checks to cleanly handle disabling
of WPA3 callbacks.
Curretly wpa_supplicant uses internal APIs for RSA operations
which internally uses lots of big num operations.
Big num operations are CPU expensive and can take a lot of time
which can cause watchdog timer to tigger.
This can be optimize by using mbedtls APIs which uses
hardware blocks for big num operations.
To fix this, write new crypto_mbedtls-rsa.c which has APIs
similar to crypto_internal-rsa.c but uses mbedtls APIs.
For WPA3 connection nearing PMK lifetime expiry, PMK Cache
needs a re-authentication or the cache will expire. After
current expiry of 12 hours Station ends up sending a deauth
to the AP. An SAE re-authentication also cannot occur without
a disconnection with current implementation. So increase the
PMK lifetime to 100 days for now.
1. Add STA checks during STA PMF operations
2. Fix WPA2-Ent issue with Open AP
3. Skip WPA-TKIP profile if PMF is required
4. Skip & clear Supplicant PMK Cache with mismatching AP config
H/W decryption of Mgmt frames was disabled for PMF and done through
S/W. If ESPNOW packets go through this path, it affects backward
compatibility since method of decrypting Mgmt packets is different in H/W.
To address PMF + ESPNOW Co-existance, CCMP decryption method is modified
for ESPNOW packets so that they can be decrypted correctly. Since Tx
of ESPNOW packets can still be done in H/W alongside PMF, no change
required in encryption method in S/W.
Co-Authored-By: Nachiket Kukade <nachiket.kukade@espressif.com>
Co-Authored-By: zhangyanjiao <zhangyanjiao@espressif.com>
Co-Authored-By: kapil.gupta <kapil.gupta@espressif.com>
wpa_supplicant: Deinit wpa2 states in wifi deinit
See merge request espressif/esp-idf!10103
(cherry picked from commit 4dcaa0e6f4)
06bc7f1d wpa_supplicant: Deinit wpa2 states in wifi deinit
