301 Commits

Author SHA1 Message Date
Sarvesh Bodakhe
3ba5cb9687 fix(wifi): Add bugfix to avoid RSNXE and KDE mismatch during 4-way-handshake 2024-04-24 01:48:16 +05:30
Kapil Gupta
280ec09b03 fix(wifi): Fix encryption/decryption issue for mgmt packets
* Fix issues related to mgmt packets encryption in GCMP
* Fix issue of wrong decryption of mgmt packets when PMF is enabled
* Fix softAP bug in handling of SAE Reauthentication
2024-04-24 01:48:06 +05:30
Shreyas Sheth
c3f819289d fix(esp_wifi): Fix crash when assoc req comes before confirm is processed 2024-04-02 23:03:29 +05:30
Sarvesh Bodakhe
8e694cddcc feat(esp_wifi): Add support for WPA3 transition disable and more updates
1. Add support for SAE-PK and WPA3-Enterprise transition disable
2. Add support to handle OWE transition disable indication from AP
2. Update Wi-Fi WPA3 authmodes as per WPA Specification v3.3:
   - Merge 'WIFI_AUTH_WPA3_EXT_PSK' and 'WIFI_AUTH_WPA3_EXT_PSK_MIXED_MODE'
     into 'WIFI_AUTH_WPA3_PSK' as per specification.
4. refactor: Backport common changes in scan/connect path from 90cc6158
   - 90cc6158 adds support for Network Introduction Protocl in DPP
2024-03-28 11:38:45 +05:30
Jiang Jiang Jian
93f7ae7f7f Merge branch 'bugfix/wps_crash_issue_v5.2' into 'release/v5.2'
fix(wpa_supplicant): Avoid dereferencing a dangling function pointer in WPS (Backport v5.2)

See merge request espressif/esp-idf!29735
2024-03-26 10:51:58 +08:00
Sarvesh Bodakhe
34a26ed632 fix(wifi): Avoid dereferencing a dangling function pointer in WPS supplicant
Avoid dereferencing a dangling function pointer in 'eap_server_sm_deinit()'.
This issue arises when hostap unregisteres EAP methods before it removes
the server state machine for station.
2024-03-19 14:51:14 +05:30
Shreyas Sheth
dd1265845f fix(wifi): Fix wpa3 crash for station added without sta lock 2024-03-19 14:37:32 +08:00
Kapil Gupta
b761052e6b fix(wpa_supplicant): (PEAP client) Update Phase 2 auth requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases
2024-03-15 13:21:59 +05:30
Sarvesh Bodakhe
8baaeb2fa3 fix(wifi): fix bug in 'esp_wifi_deauthenticate_internal' and other improvements 2023-11-16 11:13:45 +08:00
Sarvesh Bodakhe
eb51374615 fix(wpa_supplicant): Add some bugfixes in wpa_supplicant
1) Add parameter to configure reason code of deauth frame
2) Add logs to indicate MIC failure 4-Way-Handshake
3) Process RSNXE capabilities only if AP advertises them
2023-11-16 11:13:26 +08:00
Kapil Gupta
94c38470ac fix(wpa_supplicant): Fix compilation issue in EAP disabled 2023-11-02 16:17:18 +05:30
Shreyas Sheth
ee9ce51133 feat(wifi): Add SAE EXT key support for esp station 2023-10-18 17:10:31 +05:30
Jouni Malinen
98cc860e86 feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
SAE: Derive a variable length PMK with the new AKM suites

Select the PMK length based on the used group (prime length) when using
the new AKM suites for SAE.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Jouni Malinen
3ec105067c feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
SAE: Indicate AKM suite selector in commit for new AKM suites

SAE authentication needs to known which AKM suite is being used to be
able to determine the correct PMK length for the new AKM suite selectors
that use variable length keys.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Jouni Malinen
5719f7908d feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
SAE: EAPOL-Key and key/MIC length information for the new AKM suites

Update the AKM suite specific mapping of various EAPOL-Key key lengths
and algorithms to include the new SAE AKM suites with variable length
keys.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Jouni Malinen
21ac680eac feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs

Define new WPA_KEY_MGMT_* values for the new SAE AKM suite selectors
with variable length keys. This includes updates to various mapping and
checking of the SAE key_mgmt values.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Jouni Malinen
b95ace06b8 feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
Define new RSN AKM suite selector values

Add the new AKM suite selectors defined in IEEE P802.11-REVme/D1.3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Shreyas Sheth
e746fc0deb feat(wifi): Refactor and update wpa_supplicant with upstream 2023-10-18 16:50:24 +05:30
aditi_lonkar
236fa500c7 fix(wpa_supplicant): Fix few dpp bugs
1) Fix crash in dpp Listen without bootstrap
  2) Fix crash on receiving dpp auth_req from hostapd with dpp akm
2023-10-12 13:51:27 +00:00
Kapil Gupta
3b748a6cb7 Merge branch 'feature/rename_wpa2_ent_to_eap_client' into 'master'
WiFi: Rename WPA2 enterprise APIs to EAP Client.

See merge request espressif/esp-idf!25233
2023-09-18 16:16:54 +08:00
Kapil Gupta
9deb5ffccf change(esp_wifi): Rename WiFi enterprise connection APIs 2023-09-14 13:10:52 +05:30
jgujarathi
906685898d fix(esp_wifi): Fix issues with extended caps IE, scan and HT40 mode
-Merges the addition of extended caps IE for assoc req, probe resp
 and beacons in a single place. This ensures that there are no
 duplicate Extended Caps IE in the frame. Moves the capability
 indication for BTM and HT20/40 from supplicant to wifi libs.

-Fix issue with frequent disconections when scanning for only a single
 channel.

-Prints error message and returns ESP_ERR_NOT_SUPPORTED in case
 esp32c2 tries to set bandwidth to HT40.
2023-09-14 10:19:27 +05:30
Jiang Jiang Jian
5933779f2d Merge branch 'feature/configurable_wpa2_ent' into 'master'
esp_wifi: Make enterprise support configurable to save binary size.

Closes WIFI-3597

See merge request espressif/esp-idf!24345
2023-09-13 10:17:44 +08:00
Jiang Jiang Jian
550f5b7593 Merge branch 'bugfix/reduce_bss_logging' into 'master'
WiFi: Reduce BSS logging in wpa_supplicant

Closes WIFIBUG-57 and WIFIBUG-17

See merge request espressif/esp-idf!25247
2023-08-28 13:44:38 +08:00
aditi_lonkar
c88e7106ec esp_wifi: Make enterprise support configurable to save binary size. 2023-08-25 11:00:54 +05:30
Nachiket Kukade
2b24798e33 fix(supplicant): Fix abstraction violation in wpa_supplicant 2023-08-23 10:03:05 +05:30
Kapil Gupta
42ac4614e6 change(wifi): Reduce BSS logging in wpa_supplicant 2023-08-22 14:31:02 +00:00
Nachiket Kukade
d3284d7189 fix(supplicant): Ignore EAPOL non-key frames in EAPOL txdone callback 2023-08-21 18:01:16 +05:30
Jiang Jiang Jian
b642bb9b53 Merge branch 'fix/wifi_wps_pbc_overlap' into 'master'
fix(wpa_supplicant): Add support to detect  PBC overlap in wps registrar mode

Closes WIFIBUG-56

See merge request espressif/esp-idf!25331
2023-08-21 14:49:24 +08:00
Nachiket Kukade
29e6603ba7 fix(wifi): Fix EAPOL Key TxDone callback implementation
Fix issues arising due to not distinguishing between M2 and M4
TxDone during 4-way handshake. Also fix EAPOL frame rate to lowest
possible rate.
2023-08-14 16:50:42 +05:30
Sarvesh Bodakhe
2c3394ff01 fix(wpa_supplicant): Add support to detect PBC overlap in wps registrar mode 2023-08-11 16:06:23 +05:30
Armando
706d684418 feat(esp32p4): introduced new target esp32p4, supported hello_world 2023-08-09 19:33:25 +08:00
Jiang Jiang Jian
e6e0b0dc40 Merge branch 'bugfix/neighbour_report_crash' into 'master'
Fix crash in RRM neighbour report requests.

Closes WIFI-5838

See merge request espressif/esp-idf!24993
2023-08-01 15:24:56 +08:00
Jiang Jiang Jian
07dd194fdb Merge branch 'bugfix/minor_enterprise_fixes' into 'master'
Minor enterprise fixes

See merge request espressif/esp-idf!24987
2023-08-01 15:16:23 +08:00
Shyamal Khachane
d64a3d7755 fix(esp_wifi): Drop Eapol msg if EAP success is not processed 2023-07-28 15:00:03 +05:30
Jiang Jiang Jian
8ef5a0f723 Merge branch 'bugfix/ccmp_decrypt_log' into 'master'
esp_wifi: Move ccmp mgmt enc/decrypt logs to verbose

See merge request espressif/esp-idf!24331
2023-07-26 10:37:06 +08:00
jgujarathi
c610594abb fix(rrm) : Fix crash in RRM neighbour report requests.
Fix crash in sending new RRM neighbour report requests by removing
the call to neighbour report request timeout callback in case of
already ongoing neighbour report request timer.
2023-07-25 16:38:59 +05:30
Shreyas Sheth
88cbcf4696 fix(wifi): Bugfix ignore immediate assoc req received by AP
1) Ignore immediate assoc req received from the station while we are
processing the older one
2) Create station mutex (sta->lock) only for stations connecting with wpa3
security
3) Fix regression caused by 4cb4faa9
2023-07-15 13:53:51 +05:30
Kapil Gupta
09916413a4 esp_wifi: Move ccmp mgmt enc/decrypt logs to verbose 2023-06-20 17:24:40 +05:30
Kapil Gupta
f6b9c4846b Merge branch 'bugfix/wps_deauth_sent_before_eap_failure' into 'master'
esp_wifi: Send deauth before Eap-Failure in WPS registrar

Closes WIFI-5999

See merge request espressif/esp-idf!24164
2023-06-20 18:26:54 +08:00
Kapil Gupta
32479c960b esp_wifi: Remove direct call of malloc() and free() 2023-06-14 11:50:58 +05:30
aditi_lonkar
d34a63d1aa Fix for sending deauth before Eap-Failure in WPS 2023-06-12 15:08:42 +05:30
Jiang Jiang Jian
cd53393e0b Merge branch 'bugfix/mbo_ie_absent_prob_req' into 'master'
wpa_supplicant : Add MBO IE in probe request and fix issues with parsing GCMP ciphers in scan results.

See merge request espressif/esp-idf!23390
2023-05-19 16:58:12 +08:00
jgujarathi
e803554654 wpa_supplicant : Fix scan results for GCMP and GCMP-256 cipher.
Add support for recognising GCMP and GCMP-256 ciphers if used by AP.
Update the scan example to show the correct cipher.
2023-05-05 10:13:17 +05:30
Shyamal Khachane
032305a74f wpa_supplicant: Reduce logging for SAE 2023-05-04 11:21:57 +05:30
Sarvesh Bodakhe
0518d2eb65 wpa_supplicant: Fix PMKID SHA-256 related regression
Fixed regression caused by commit 38e9c8b4
2023-04-26 18:00:32 +05:30
laokaiyao
bf2a7b2df6 esp32h4: removed esp32h4 related codes 2023-04-23 12:03:07 +00:00
Shreyas Sheth
5524aad43f esp_wifi:Enable wpsreg to initialize in APSTA mode 2023-04-20 14:48:14 +05:30
Shreyas Sheth
dce0920329 esp_wifi: Install keys after successful transmission of EAPOL 4/4 Message 2023-04-12 18:32:24 +05:30
Shyamal Khachane
c046ddd642 wpa_supplicant : Fix association response processing in OWE 2023-04-07 11:45:46 +05:30