Commit Graph

286 Commits

Author SHA1 Message Date
Shreyas Sheth
a64d8b12c8 fix(esp_wifi): Fix crash when assoc req comes before confirm is processed 2024-04-03 00:04:14 +05:30
Sarvesh Bodakhe
e1502fb99e fix(wifi): Avoid dereferencing a dangling function pointer in WPS supplicant
Avoid dereferencing a dangling function pointer in 'eap_server_sm_deinit()'.
This issue arises when hostap unregisteres EAP methods before it removes
the server state machine for station.
2024-03-18 12:44:53 +05:30
Kapil Gupta
6f9cc06b30 fix(wpa_supplicant): (PEAP client) Update Phase 2 auth requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases
2024-03-15 13:22:10 +05:30
Sarvesh Bodakhe
344c5d1fce fix(wifi): fix bug in 'esp_wifi_deauthenticate_internal' and other improvements 2024-03-14 11:24:27 +05:30
Sarvesh Bodakhe
e5059dffec fix(wpa_supplicant): Add some bugfixes in wpa_supplicant
1) Add parameter to configure reason code of deauth frame
2) Add logs to indicate MIC failure 4-Way-Handshake
3) Process RSNXE capabilities only if AP advertises them
2024-03-14 11:23:05 +05:30
muhaidong
1881900781 fix(wifi): allow some special igtk keyindx to workaround faulty APs 2023-12-19 19:15:49 +08:00
Kapil Gupta
d9b36afbe6 fix(wpa_supplicant): Fix compilation issue in EAP disabled 2023-10-27 18:08:16 +05:30
aditi_lonkar
cc3b0d9f49 fix(wpa_supplicant): Fix few dpp bugs
1) Fix crash in dpp Listen without bootstrap
  2) Fix crash on receiving dpp auth_req from hostapd with dpp akm
2023-10-17 14:27:14 +05:30
Jiang Jiang Jian
face850973 Merge branch 'feature/rename_wpa2_ent_to_eap_client_v5.1' into 'release/v5.1'
WiFi: Rename WPA2 enterprise APIs to EAP Client. (v5.1)

See merge request espressif/esp-idf!26082
2023-09-26 13:30:52 +08:00
jgujarathi
3d056fd748 fix(esp_wifi): Fix issues with extended caps IE, scan and HT40 mode
-Merges the addition of extended caps IE for assoc req, probe resp
 and beacons in a single place. This ensures that there are no
 duplicate Extended Caps IE in the frame. Moves the capability
 indication for BTM and HT20/40 from supplicant to wifi libs.

-Fix issue with frequent disconections when scanning for only a single
 channel.

-Prints error message and returns ESP_ERR_NOT_SUPPORTED in case
 esp32c2 tries to set bandwidth to HT40.
2023-09-20 19:44:57 +08:00
Kapil Gupta
981086ba30 change(esp_wifi): Rename WiFi enterprise connection APIs 2023-09-20 17:06:59 +05:30
Jiang Jiang Jian
111779db5a Merge branch 'feature/configurable_wpa2_ent_v5.1' into 'release/v5.1'
Make enterprise support configurable to save binary size.(v5.1)

See merge request espressif/esp-idf!25558
2023-09-13 10:18:05 +08:00
Kapil Gupta
397206d050 change(wifi): Reduce BSS logging in wpa_supplicant 2023-09-07 10:19:02 +05:30
Jiang Jiang Jian
4299b9346b Merge branch 'bugfix/supplicant_osi_violation_v5.1' into 'release/v5.1'
Fix abstraction violation in wpa_supplicant (Backport v5.1)

See merge request espressif/esp-idf!25565
2023-08-28 10:30:37 +08:00
Nachiket Kukade
c15472b12e fix(supplicant): Fix abstraction violation in wpa_supplicant 2023-08-25 12:30:44 +05:30
aditi_lonkar
0624d5e58f esp_wifi: Make enterprise support configurable to save binary size. 2023-08-25 11:20:58 +05:30
Kapil Gupta
c7a7bb62c6 esp_wifi: Move ccmp mgmt enc/decrypt logs to verbose 2023-08-24 03:11:42 +00:00
Jiang Jiang Jian
372a34f6d5 Merge branch 'fix/wifi_wps_pbc_overlap_v5.1' into 'release/v5.1'
fix(wpa_supplicant): Add support to detect PBC overlap in wps registrar mode (Backport v5.1)

See merge request espressif/esp-idf!25440
2023-08-23 19:54:50 +08:00
Nachiket Kukade
c05a0b4c50 fix(supplicant): Ignore EAPOL non-key frames in EAPOL txdone callback 2023-08-21 18:06:32 +05:30
Sarvesh Bodakhe
2791508094 fix(wpa_supplicant): Add support to detect PBC overlap in wps registrar mode 2023-08-21 12:35:50 +05:30
Nachiket Kukade
feecbad7db fix(wifi): Fix EAPOL Key TxDone callback implementation
Fix issues arising due to not distinguishing between M2 and M4
TxDone during 4-way handshake. Also fix EAPOL frame rate to lowest
possible rate.
2023-08-16 19:26:22 +05:30
Jiang Jiang Jian
01c6fc6511 Merge branch 'bugfix/minor_enterprise_fixes_v5.1' into 'release/v5.1'
Drop Eapol msg if EAP success is not processed (Backport v5.1)

See merge request espressif/esp-idf!25065
2023-08-02 10:48:56 +08:00
jgujarathi
0ba37a2b85 fix(rrm) : Fix crash in RRM neighbour report requests.
Fix crash in sending new RRM neighbour report requests by removing
the call to neighbour report request timeout callback in case of
already ongoing neighbour report request timer.
2023-08-01 13:12:00 +05:30
Jiang Jiang Jian
5dfbd1eb8d Merge branch 'bugfix/malloc_free_removal_v5.1' into 'release/v5.1'
change(esp_wifi): Remove direct call of malloc() and free() (v5.1)

See merge request espressif/esp-idf!24932
2023-08-01 10:53:10 +08:00
Shyamal Khachane
c612f36786 fix(esp_wifi): Drop Eapol msg if EAP success is not processed 2023-07-28 15:11:44 +05:30
Kapil Gupta
020eba74c6 change(esp_wifi): Remove direct call of malloc() and free() 2023-07-22 07:13:53 +00:00
Shyamal Khachane
dbe7c4a78d fix(esp_wifi): Backport some wifi fixes
1. Fix memory leak caused by assoc IE and retry timer
2. Discard commit frame received at confirmed state in SAE
3. Ignore immediate assoc req received from the station while we are
processing the older one. Fix regression caused by 4cb4faa9
2023-07-21 15:06:09 +05:30
aditi_lonkar
33aff4c5a0 Fix for sending deauth before Eap-Failure in WPS 2023-07-10 02:20:51 +00:00
jgujarathi
9aedb4bd83 wpa_supplicant : Fix scan results for GCMP and GCMP-256 cipher.
Add support for recognising GCMP and GCMP-256 ciphers if used by AP.
Update the scan example to show the correct cipher.
2023-05-19 16:58:51 +08:00
Shyamal Khachane
90e354a723 wpa_supplicant: Reduce logging for SAE 2023-05-04 11:23:55 +05:30
Sarvesh Bodakhe
a64cbdea10 wpa_supplicant: Fix PMKID SHA-256 related regression
Fixed regression caused by commit 38e9c8b4
2023-04-27 11:35:20 +05:30
laokaiyao
954a6a2cff esp32h4: removed esp32h4 related codes 2023-04-26 18:53:12 +08:00
Shreyas Sheth
f9ebbdf6ea esp_wifi:Enable wpsreg to initialize in APSTA mode 2023-04-24 12:32:47 +08:00
Shreyas Sheth
79dabf50b0 esp_wifi: Install keys after successful transmission of EAPOL 4/4 Message 2023-04-24 12:31:21 +08:00
Shyamal Khachane
c046ddd642 wpa_supplicant : Fix association response processing in OWE 2023-04-07 11:45:46 +05:30
Jiang Jiang Jian
262149246d Merge branch 'bugfix/invalid_pmkid_in_eapol_1_of_4' into 'master'
wpa_supplicant: bugfix invalid pmkid in eapol 1 of 4

Closes WIFI-5636

See merge request espressif/esp-idf!23033
2023-04-03 17:24:29 +08:00
Shreyas Sheth
38e9c8b474 wpa_supplicant: Bugfix sending invalid PMKID by softAP in EAPOL message 1 of 4 2023-04-03 12:00:23 +05:30
Jiang Jiang Jian
74c151df44 Merge branch 'bugfix/fix_softap_wpa3_loop' into 'master'
Fix infinite loop in PMK mismatch case in WPA3 SoftAP

Closes WIFI-5627

See merge request espressif/esp-idf!22954
2023-03-30 14:42:00 +08:00
Shreyas Sheth
888b909e79 esp_wifi: WPA3 softap set PMF required true
1) Set NVS PMF required true if not specified by application when
   authmode is WPA3
2) Fix issue regarding cleanup of non associated sta_info
3) Fix implementation of sta lock to avoid concurrency issues
4) Fix softAP deinit crash when password is configured with max length
2023-03-29 13:07:52 +00:00
Nachiket Kukade
7ee27bc956 wpa_supplicant: Fix infinite loop in PMK mismatch case in WPA3 SoftAP 2023-03-28 16:52:16 +05:30
Jiang Jiang Jian
3cad41ee77 Merge branch 'bugfix/wpa3_softap_supplicant_coverity_fixes' into 'master'
esp_wifi: Fix some SAE SoftAP issues

Closes WIFI-5493, WIFI-5498, IDF-7028, WIFI-5516, and WIFI-5515

See merge request espressif/esp-idf!22574
2023-03-13 10:33:27 +08:00
Shreyas Sheth
c797146f43 wpa_supplicant: Resolve WPA3 SAE softAP coverity issues
1) Resolve wpa_suppliant coverity issues caused by SAE softAP
2) Fix crash occured while deinitialization of softAP
   when authmode is changed
3) Fix issue related to anti clogging token and send_confirm
4) Put some AP specific functions under ESP_WIFI_SOFTAP_SUPPORT
   compilation flags
2023-03-12 17:33:17 +05:30
Nachiket Kukade
4c76af3f68 esp_wifi: Add support for NAN Discovery and Datapath
Update wifi lib with below -
1. Create NAN Discovery SM for beaconing & cluster formation
2. Create NAN interface for Tx/Rx of beacons & action frames
3. Add commands & events for NAN Services Publish/Subscribe/Followup
4. Add NAN Datapath definitions, Events, Peer structures
5. Support for forming and parsing of Datapath related attributes
6. Modules for NDP Req, Resp, Confirm, Term, Peer management
7. NAN Interface related additions in Datapath, Data Tx Q's

In addition include below changes -
1. Add netif and driver support for NAN Interface
2. Add simple examples for Publisher-Subscriber usecases
3. Add an advanced console example that supports commands
   for NAN Discovery, Services & Datapath
4. Add wifi_apps for providing better NAN API's and Peer management

Co-authored-by: Shyamal Khachane <shyamal.khachane@espressif.com>
2023-03-10 11:18:23 +05:30
Jiang Jiang Jian
58b3692540 Merge branch 'bugfix/add_unregister_wpa3_cb' into 'master'
wpa_supplicant : Fix issues encountered in WFA testing

Closes WIFI-5386

See merge request espressif/esp-idf!22396
2023-03-07 14:15:20 +08:00
jgujarathi
d9d1c3e334 wpa_supplicant : Add validations for 192-bit Suite B test cases.
Add validation for group data cipher, pairwise cipher and AKM Suites to
ensure correct ciphers are supported by AP during 192-bit Enterprise
connections.
2023-03-01 12:04:45 +05:30
Shreyas Sheth
2b8e40e760 esp_wifi: WPA3-SAE support for softAP 2023-02-28 12:25:05 +08:00
Alexey Lapshin
adcdfa641c wpa_supplicant: fix gcc-12 compile errors 2023-02-22 05:33:03 +00:00
jgujarathi
178497c432 wpa_supplicant : Add deinitialization of Enterprise config_methods.
Add deinitialization of config_methods as it prevents correct reinitialization of sta in eap_peer_config_init() during reassoc.
2023-02-17 17:21:41 +05:30
Sarvesh Bodakhe
d2f6a3dacc esp-wifi: add SAE-PK (Public Key) authentication support for station 2023-02-16 13:49:11 +05:30
Kapil Gupta
30a2558450 esp_wifi: Merge wpa_supplicant and esp_wifi Kconfig 2023-02-11 07:38:45 +08:00