Commit Graph

514 Commits

Author SHA1 Message Date
Shyamal Khachane
39d284ba33 fix(esp_wifi): Handle PMKID mismatch or absence in OWE
Compute keys incase PMKID does not match or PMKID is absent in association response
2024-07-25 08:33:42 +05:30
Kapil Gupta
3d84716864 fix(esp_wifi): backport some dpp fixes 2024-07-22 12:02:43 +05:30
aditi
03f7fad2fa fix(wpa_supplicant):Fix for setting wps status fail when connection fails 2024-07-17 11:17:34 +05:30
muhaidong
1f74339756 fix(wifi): fix configure gcmp failure issue 2024-07-15 20:04:09 +08:00
Sarvesh Bodakhe
67de87c6ba fix(wpa_supplicant): Avoid delaying removal of wps enrollee by 10ms
This is no longer needed as eloop timers are now executed in wifi task context.
2024-07-12 12:03:30 +05:30
Sarvesh Bodakhe
23470b660e fix(wpa_supplicant): Handle case when WPS registrar misses WSC_DONE sent by station
When registrar somehow misses the WSC_DONE sent by station and station
goes for next connection after sending deauth, make sure that softAP
disables the registrar.
2024-07-12 12:03:06 +05:30
Sarvesh Bodakhe
de4010b95a feat(esp_wifi): Add support for WPA3 transition disable and more updates
1. Add support for SAE-PK and WPA3-Enterprise transition disable
2. Add support to handle OWE transition disable indication from AP
3. refactor: Backport common changes in scan/connect path from 90cc6158
   - 90cc6158 adds support for Network Introduction Protocol in DPP
4. Fix issue of supplicant using wrong parameters to configure bss
  - Ensure that wpa_supplicant's state machine registers the requirement for rsnxe
    before deciding to add rsnxe to a assoc request.

Co-authored-by: default avatarjgujarathi <jash.gujarathi@espressif.com>
2024-07-03 13:07:47 +05:30
Jiang Jiang Jian
2653904d33 Merge branch 'bugfix/mgmt_gcmp_issue_v5.1' into 'release/v5.1'
fix(wifi): Fix GCMP encryption for mgmt packets and other bugfixes (Backport v5.1)

See merge request espressif/esp-idf!30481
2024-07-01 11:06:05 +08:00
Kapil Gupta
967eda03d0 fix(esp_wifi): Correct action frame type in send_mgmt_frame API 2024-06-28 16:25:18 +05:30
Sarvesh Bodakhe
9d637316a9 fix(wifi): Add bugfix to avoid RSNXE and KDE mismatch during 4-way-handshake 2024-06-28 16:25:18 +05:30
Kapil Gupta
c5e1603e6d fix(wifi): Fix encryption/decryption issue for mgmt packets
* Fix issues related to mgmt packets encryption in GCMP
* Fix issue of wrong decryption of mgmt packets when PMF is enabled
* Fix softAP bug in handling of SAE Reauthentication
* Fix send mgmt err when eapol process
* Fix data len not correct in he actions
2024-06-28 16:24:54 +05:30
Shreyas Sheth
a14d4ea8a4 fix(wpa_supplicant): Fix wpa3 AP crash because of dangling pointer 2024-06-26 10:45:28 +08:00
Shyamal Khachane
233a57d4f5 fix(esp_wifi): Fix a memory leak that occurs when the SAE connection is interrupted
1. Free temporary data used by SAE before memsetting the same
2. Drop any received auth response that uses a different algorithm than the one currently in use
2024-06-21 14:47:30 +05:30
Nachiket Kukade
1614f9e3b5 fix(wpa_supplicant): Suppress RSN IE print to Verbose level 2024-05-29 11:09:57 +05:30
Jiang Jiang Jian
db65d0b71e Merge branch 'feature/disable_pmk_caching_v5.1' into 'release/v5.1'
feat(esp_wifi): Provide API to disable PMK caching (v5.1)

See merge request espressif/esp-idf!30290
2024-05-13 10:43:22 +08:00
Jiang Jiang Jian
3e151e836f Merge branch 'bugfix/dpp_auth_deinit_crash_v51' into 'release/v5.1'
Fix issues with DPP stop listen and DPP auth data deinit (Backport v5.1)

See merge request espressif/esp-idf!29702
2024-05-13 10:37:09 +08:00
Kapil Gupta
a4cda66e30 feat(esp_wifi): Provide API to disable PMK caching 2024-04-17 09:40:37 +05:30
Shreyas Sheth
2ac6e7345f fix(wpa_supplicant): Compile error when CONFIG_SAE is disabled
Closes https://github.com/espressif/esp-idf/issues/13553
2024-04-11 11:18:58 +05:30
Shreyas Sheth
a64d8b12c8 fix(esp_wifi): Fix crash when assoc req comes before confirm is processed 2024-04-03 00:04:14 +05:30
Sarvesh Bodakhe
d2b674622c fix(esp_wifi): Fix regression caused by 02d6704a when supplicant logs enabled 2024-03-20 11:03:20 +05:30
jgujarathi
aef69dffb3 fix(wpa_supplicant): Cancel offchannel listen operations before sending dpp fail
- Ensure that offchannel listening operations are cancelled before sending dpp
  fail events
2024-03-18 14:37:33 +05:30
jgujarathi
36f3cbf369 fix(wpa_supplicant): Ensure dpp auth structure is deinited in dpp task context
- Ensure that the dpp auth data gets deinited only in DPP task context to ensure
  that there are no concurrency issues in usage of DPP auth data.
2024-03-18 14:37:30 +05:30
Sarvesh Bodakhe
02d6704a30 fix(wpa_supplicant): Improve execution flow for WPS registrar public APIs
Make sure that WPS registrar public APIs do not modify supplicant
data in application task context. Execute API functionlity in eloop
context to prevent protential race conditions.
2024-03-18 12:44:59 +05:30
Sarvesh Bodakhe
e1502fb99e fix(wifi): Avoid dereferencing a dangling function pointer in WPS supplicant
Avoid dereferencing a dangling function pointer in 'eap_server_sm_deinit()'.
This issue arises when hostap unregisteres EAP methods before it removes
the server state machine for station.
2024-03-18 12:44:53 +05:30
Kapil Gupta
6f9cc06b30 fix(wpa_supplicant): (PEAP client) Update Phase 2 auth requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases
2024-03-15 13:22:10 +05:30
Sarvesh Bodakhe
344c5d1fce fix(wifi): fix bug in 'esp_wifi_deauthenticate_internal' and other improvements 2024-03-14 11:24:27 +05:30
Sarvesh Bodakhe
e5059dffec fix(wpa_supplicant): Add some bugfixes in wpa_supplicant
1) Add parameter to configure reason code of deauth frame
2) Add logs to indicate MIC failure 4-Way-Handshake
3) Process RSNXE capabilities only if AP advertises them
2024-03-14 11:23:05 +05:30
Sarvesh Bodakhe
1d8b484cce fix(esp_wifi): Reduce memory footprint for scan when SAE-PK is enabled
Use bss information cached in wifi library to get RSNXE capabilities
instead of storing bss information again in supplicant and accessing it.
2024-03-13 10:48:07 +05:30
Jiang Jiang Jian
4febc6ef70 Merge branch 'bugfix/fix_esp_wifi_scan_start_memory_leakage_issue_v5.1' into 'release/v5.1'
fix(wifi): fix esp_wifi_scan_start memory leakage issue(Backport v5.1)

See merge request espressif/esp-idf!29476
2024-03-11 15:27:54 +08:00
muhaidong
3a2f9feec3 fix(wifi): fix esp_wifi_scan_start memory leakage issue
Closes https://github.com/espressif/esp-idf/issues/10693
2024-03-11 10:49:18 +08:00
aditi_lonkar
b5c19506d1 fix(wpa_supplicant):Add MBO config flag for mbo apis 2024-03-11 10:43:49 +08:00
Jiang Jiang Jian
6481fdf05e Merge branch 'bugfix/esp32c2_eap_auth_v5.1' into 'release/v5.1'
fix(wifi): Added low heap usage Kconfig option for eap enterprise (v5.1)

See merge request espressif/esp-idf!28825
2024-02-27 19:59:52 +08:00
Kapil Gupta
8a01702d65 fix(wifi): add low memory options for eap enterprise 2024-02-01 10:05:06 +05:30
Kapil Gupta
0cd6a05fdf fix(wifi): Add support to move supplicant BSS to external memory 2024-01-27 10:54:26 +05:30
jgujarathi
f33c32dc05 fix(wpa_supplicant): Move concurrent wps and dpp check to before creating task
- Move the check for checking concurrent wps and dpp check to before creating
  task rather than after.
2024-01-03 13:46:41 +05:30
jgujarathi
078da4b2d2 fix(wpa_supplicant): Fix a crash in esp_wifi_wps_disable
- Fixes a crash observed in esp_wifi_wps_disable when wps process
  is ongoing, caused due to concurrency issues in cancelling timers.
2024-01-03 13:46:41 +05:30
jgujarathi
a65cb7669c fix(wpa_supplicant): Add support for a dpp authentication timeout
- Adds support for a 1 second dpp authentication timeout.
2024-01-03 13:46:41 +05:30
jgujarathi
dcc14e8c15 fix(wpa_supplicant): Restructuring DPP init method to ensure cleanup
- Restructuring DPP init function to ensure cleanup of variables in case of
  init failure
2024-01-03 13:46:40 +05:30
jgujarathi
5e20319831 fix(wpa_supplicant): Fix location of clearing up dpp global variables
- Fix location of cleaing up dpp global variables to ensure that there are
  no concurrency issues.
2024-01-03 13:46:40 +05:30
jgujarathi
c3518e0c87 fix(wpa_supplicant): Fix a memory leak in dpp deinit path
- Ensures that the auth information of dpp gets freed when there is
  dpp gets deinited.
2024-01-03 13:46:40 +05:30
aditi_lonkar
4dd0805a6e fix(esp_wifi):Fix WDT when esp_supp_dpp_start_listen called multiple times 2024-01-03 13:46:38 +05:30
muhaidong
1881900781 fix(wifi): allow some special igtk keyindx to workaround faulty APs 2023-12-19 19:15:49 +08:00
Sarvesh Bodakhe
d1e31a4194 fix(esp_wifi): Fix issue of station disconnecting immediately when AP RSSI is zero 2023-12-11 14:58:16 +05:30
Kapil Gupta
0c3440a5bc fix(wifi): Disallow DPP and WPS concurrency 2023-11-16 12:35:19 +05:30
Kapil Gupta
5d5dac7754 fix(wpa_supplicant): memzero wifi config before sending config event 2023-11-16 12:35:15 +05:30
Jiang Jiang Jian
8df1e1ae66 Merge branch 'bugfix/install_key_issue_v5.1' into 'release/v5.1'
WiFI: Fix key install issue in PTK renew (v5.1)

See merge request espressif/esp-idf!26851
2023-11-02 14:18:42 +08:00
Kapil Gupta
095eae5fa3 fix(wpa_supplicant): Correct iv lenght passed in mbedtls_cipher_set_iv() 2023-11-01 18:02:29 +05:30
Jiang Jiang Jian
8dd9310925 Merge branch 'bugfix/fix_compilation_issue_v5.1' into 'release/v5.1'
fix(wpa_supplicant): Fix compilation issue in EAP disabled (v5.1)

See merge request espressif/esp-idf!26727
2023-11-01 15:40:55 +08:00
Shreyas Sheth
6c5b3c5d4c fix(wifi): wpa3 softap fix deauth when assoc req recv before sae is finished 2023-10-31 15:47:07 +05:30
Kapil Gupta
d9b36afbe6 fix(wpa_supplicant): Fix compilation issue in EAP disabled 2023-10-27 18:08:16 +05:30