Commit Graph

313 Commits

Author SHA1 Message Date
jgujarathi
15ba8fb5ab fix(wpa_supplicant): Cancel offchannel listen operations before sending dpp fail
- Ensure that offchannel listening operations are cancelled before sending dpp
  fail events
2024-04-03 11:10:34 +08:00
jgujarathi
69321d1dda fix(wpa_supplicant): Ensure dpp auth structure is deinited in dpp task context
- Ensure that the dpp auth data gets deinited only in DPP task context to ensure
  that there are no concurrency issues in usage of DPP auth data.
2024-04-03 11:10:34 +08:00
Kapil Gupta
4db2ef0f33 fix(wpa_supplicant): (PEAP client) Update Phase 2 auth requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases
2024-03-20 09:42:14 +05:30
muhaidong
0bfa176435 fix(wifi): fix esp_wifi_scan_start memory leakage issue
Closes https://github.com/espressif/esp-idf/issues/10693
2024-02-05 19:33:47 +08:00
Kapil Gupta
944862de25 fix(wifi): Add support to move supplicant BSS to external memory 2024-01-27 11:13:09 +05:30
jgujarathi
d82f42a464 fix(wpa_supplicant): Move concurrent wps and dpp check to before creating task
- Move the check for checking concurrent wps and dpp check to before creating
  task rather than after.
2023-12-15 18:46:17 +05:30
jgujarathi
b167df155f fix(wpa_supplicant): Fix a crash in esp_wifi_wps_disable
- Fixes a crash observed in esp_wifi_wps_disable when wps process
  is ongoing, caused due to concurrency issues in cancelling timers.
2023-12-15 18:46:17 +05:30
jgujarathi
8103512379 fix(wpa_supplicant): Restructuring DPP init method to ensure cleanup
- Restructuring DPP init function to ensure cleanup of variables in case of
  init failure
2023-12-15 18:46:15 +05:30
jgujarathi
45caba87f1 fix(wpa_supplicant): Fix location of clearing up dpp global variables
- Fix location of cleaing up dpp global variables to ensure that there are
  no concurrency issues.
2023-12-15 18:28:48 +05:30
jgujarathi
8f928f77e8 fix(wpa_supplicant): Fix a memory leak in dpp deinit path
- Ensures that the auth information of dpp gets freed when there is
  dpp gets deinited.
2023-12-15 18:28:48 +05:30
aditi_lonkar
aad82378bb fix(esp_wifi):Fix WDT when esp_supp_dpp_start_listen called multiple times 2023-12-15 18:28:45 +05:30
Shreyas Sheth
aa8822bbf1 fix(wpa_supplicant): Resolve memory leak for unit test of fast pbkdf2 2023-12-13 16:12:00 +05:30
Jiang Jiang Jian
8e41f7b9d8 Merge branch 'feature/pbkdf2_fast_implementation_v4.4' into 'release/v4.4'
Feature/pbkdf2 fast implementation v4.4

See merge request espressif/esp-idf!25515
2023-12-06 10:45:57 +08:00
Shreyas Sheth
d6f65b1472 fix(wpa_supplicant): Remove deprecated mbedtls functions used in fast pbkdf2 and fix ci error 2023-12-05 23:59:58 +05:30
Kapil Gupta
a1b3ef5cef fix(wpa_supplicant): implement sha1_finish for fastpbkdf2 2023-12-05 16:54:31 +05:30
Shreyas Sheth
e9f29de687 ci(wifi): Add test case for fast pbkdf2 verification 2023-12-05 16:54:31 +05:30
Kapil Gupta
3e4f49606b change(esp_wifi): Port fast_pbkdf2 implementation for mbedlts
Add changes to use fast_pbkdf2 as default for PMK calculations.
fast_pbkdf2 is significantly faster than current implementations
for esp chips.

Also removes unnecessary code for pbkdf-sha256 and pbkdf-sha512.
2023-12-05 16:54:31 +05:30
Kapil Gupta
e8fcdc3ebf change(esp_wifi): Copy fastpbkdf2 implementation
Copy pbkdf2 implementation from https://github.com/ctz/fastpbkdf2(3c56895)
2023-12-05 16:54:31 +05:30
Jiang Jiang Jian
50511114e1 Merge branch 'bugfix/pbc_overlap_in_wps_pin_method_v4.4' into 'release/v4.4'
wpa_supplicant: Fix for issue of wps-pbc overlap in wps-pin method(4.4)

See merge request espressif/esp-idf!25737
2023-12-05 10:39:27 +08:00
aditi_lonkar
58f51147cf wpa_supplicant: Fix for issue of wps-pbc overlap in wps-pin method 2023-12-04 15:23:53 +05:30
muhaidong
24e208eca1 fix(wifi): allow some special igtk keyindx to workaround faulty APs 2023-12-01 14:02:07 +08:00
Jiang Jiang Jian
fe4eb82500 Merge branch 'bugfix/connect_issue_for_zero_rssi_v4.4' into 'release/v4.4'
fix(esp_wifi): Fix issue of station disconnecting immediately after scanning (Backport v4.4)

See merge request espressif/esp-idf!26746
2023-11-22 16:34:13 +08:00
Kapil Gupta
93b64fd6d6 Merge branch 'bugfix/dpp_config_memset_v4.4' into 'release/v4.4'
Wi-Fi: Fixed some DPP issues (v4.4)

See merge request espressif/esp-idf!27194
2023-11-22 11:33:11 +08:00
Kapil Gupta
9a1e54d485 fix(wpa_supplicant): memzero wifi config before sending config event 2023-11-21 11:36:59 +05:30
Kapil Gupta
d5e628229f fix(wifi): Disallow DPP and WPS concurrency 2023-11-21 11:36:38 +05:30
Sarvesh Bodakhe
de59abad0a fix(esp_wifi): Fix issue of station disconnecting immediately when AP RSSI is zero 2023-11-21 10:29:43 +05:30
jgujarathi
86fe60ad5a fix(wpa_supplicant): Add HT20_40 capability in assoc requests
- Add the HT2040 capability indication in the extended caps IE of
  assoc requests.
2023-11-20 11:10:00 +05:30
aditi_lonkar
44b7e8ed10 fix(wpa_supplicant): Fix few dpp bugs
1) Fix crash in dpp Listen without bootstrap
  2) Fix crash on receiving dpp auth_req from hostapd with dpp akm
  3) Ensures that the mode is set to station before dpp init
  4) Ensures that dpp follows the path of init->bootstrap->listen
2023-11-16 12:42:18 +05:30
Jiang Jiang Jian
6087eb201f Merge branch 'docs/update_wifi_and_wpa_supplicant_documentation_v4.4' into 'release/v4.4'
docs(wifi): Update wifi and wifi security documentation and bugfixes

See merge request espressif/esp-idf!25831
2023-10-19 04:04:19 +08:00
Shreyas Sheth
a319ccb552 fix(wifi): Fix crash occuring when station SAE group is not set to SECP256R1 2023-10-17 13:45:27 +05:30
Shreyas Sheth
3d85e81be2 docs(wifi): Update wifi and wifi security documentation and bugfixes
1. Update documentation for WPA3 Enterprise and WPA3 Enterprise 192-bit
mode
2. Update documentation for WPA3 OWE and OWE transition mode
3. Update documentation related to SAE PK, SAE PWE and Transition Disable
4. Update documnetation for wifi connect API
5. Fix config paramter information for wifi scan start
6. Fix documentation related to scan threshold config setting
7. Replace ESP_ERR_WIFI_ARG error code as ESP_ERR_INVALID_ARG
8. Update documentation for 802.11R Fast transition
9. Fix sta connecting with wpa security in enterprise mode
2023-10-16 14:21:44 +05:30
Kapil Gupta
61e344a057 fix(wifi): Get passphrase in WPS if AP support SAE
Also add changes to send NACK if WPS message received twice.
2023-10-10 09:28:06 +00:00
Kapil Gupta
102e0170c2 change(wifi): Reduce BSS logging in wpa_supplicant 2023-09-07 10:59:47 +05:30
Nachiket Kukade
46a4a4694b fix(supplicant): Fix abstraction violation in wpa_supplicant 2023-08-25 12:36:00 +05:30
Nachiket Kukade
29d9e6f01a fix(supplicant): Ignore EAPOL non-key frames in EAPOL txdone callback 2023-08-21 18:46:27 +05:30
jgujarathi
8084fe563a fix(rrm) : Fix crash in RRM neighbour report requests.
Fix crash in sending new RRM neighbour report requests by removing
the call to neighbour report request timeout callback in case of
already ongoing neighbour report request timer.
2023-08-18 12:59:33 +05:30
Nachiket Kukade
debcbac7c1 fix(wifi): Fix EAPOL Key TxDone callback implementation
Fix issues arising due to not distinguishing between M2 and M4
TxDone during 4-way handshake. Also fix EAPOL frame rate to lowest
possible rate.
2023-08-16 21:15:04 +05:30
Shyamal Khachane
78f230f1b0 fix(esp_wifi): Drop Eapol msg if EAP success is not processed 2023-07-28 15:19:31 +05:30
Shyamal Khachane
5708e53f3e fix(wifi): Fix SAE and SAE related NVS issues
1. Discard commit frame received at confirmed state in SAE STA
2. Bugfix NVS get values for sae pwe
3. Bugfix memory leak caused by assoc retry timer and assoc IE
2023-07-24 15:34:41 +05:30
jgujarathi
9ea42c66d0 fix(esp_wifi): Fix race conditions in btm task deletion.
Fix possible cases of multiple btm_rrm_t tasks due to possible race
condition during btm task deletion.
2023-07-17 10:17:00 +05:30
Kapil Gupta
9e7b55ac99 esp_wifi: Optimize sae crypto operations for esp32 2023-07-13 09:47:32 +05:30
jgujarathi
8ba3507fa4 fix(wpa_supplicant) : Fix occasional crash during btm roam.
Fix crash due to premature deallocation of neighbour report elements
by scan_done. Post event to btm_rrm_t task to handle scan_done serially
rather than when btm_rrm_t task is processing btm request rx frame.
2023-07-12 10:41:58 +05:30
Shreyas Sheth
128aba4892 esp_wifi: Install keys after eapol and NVS store security values
1. Bugfix store authmode security in NVS
2. Install keys after successful transmission of EAPOL 4/4 Message
2023-06-18 02:48:15 +05:30
Kapil Gupta
f46518e42e esp_wifi: Fix WPS issue for WPA3+WPA2 mode 2023-06-09 18:06:56 +05:30
Jiang Jiang Jian
c125f0a9f3 Merge branch 'bugfix/mbo_ie_absent_prob_req_v44' into 'release/v4.4'
wpa_supplicant : Add MBO ie in probe request.(backport v4.4)

See merge request espressif/esp-idf!24099
2023-06-09 19:16:46 +08:00
jgujarathi
62b672158a wpa_supplicant : Fix scan results for GCMP and GCMP-256 cipher.
Add support for recognising GCMP and GCMP-256 ciphers if used by AP.
Update the scan example to show the correct cipher.
2023-06-07 10:22:03 +05:30
jgujarathi
2f630f5e91 wpa_supplicant : Add MBO ie in probe request.
Adds the MBO information element in the probe request frame by resetting
scan_ie after set_config is done.
2023-06-07 10:21:52 +05:30
jasta
4353014715 esp_dpp: Fix retry with esp_supp_dpp_start_listen after failure
This fixes a subtle bug in which ESP_ERR_DPP_TX_FAILURE errors would
call esp_supp_dpp_stop_listen which sets the s_dpp_stop_listening flag
to true.  Subsequent attempts to restart listening with
esp_supp_dpp_start_listen then only attempt to listen once more for
500ms before reading the s_dpp_stop_listening flag again and giving up.

This contributes greatly to #10615, but the fix here is still largely
a work-around as it sometimes requires manually retrying a couple times
before it works.  Without this fix, any number of retries by
deinit/init again will seemingly not work as the retries for currently
unknown reasons.

Signed-off-by: Shreyas Sheth <shreyas.sheth@espressif.com>

Closes https://github.com/espressif/esp-idf/pull/10865
2023-05-05 14:21:20 +05:30
Sarvesh Bodakhe
9baec826ac esp_wifi: fix some wifi bugs
1. Move wpa_supplicant WIFI_EVENT_STA_CONNECTED and WIFI_EVENT_STA_DISCONNECTED event handlers into callbacks
2. Validate softAP interface when sending beacon frame
2023-04-19 12:13:52 +05:30
Kapil Gupta
5c642f98c7 wpa_supplicant: Update WPS API documentation 2023-03-30 20:05:06 +05:30