Commit Graph

539 Commits

Author SHA1 Message Date
Nachiket Kukade
4350564461 fix(wpa_supplicant): Suppress RSN IE print to Verbose level 2024-05-29 11:28:15 +05:30
Kapil Gupta
5ce43f68f3 fix(esp_wifi): Correct action frame type in send_mgmt_frame API 2024-04-24 01:52:35 +05:30
Sarvesh Bodakhe
3ba5cb9687 fix(wifi): Add bugfix to avoid RSNXE and KDE mismatch during 4-way-handshake 2024-04-24 01:48:16 +05:30
Kapil Gupta
280ec09b03 fix(wifi): Fix encryption/decryption issue for mgmt packets
* Fix issues related to mgmt packets encryption in GCMP
* Fix issue of wrong decryption of mgmt packets when PMF is enabled
* Fix softAP bug in handling of SAE Reauthentication
2024-04-24 01:48:06 +05:30
Kapil Gupta
f9feb970b9 feat(esp_wifi): Provide API to disable PMK caching 2024-04-17 09:40:22 +05:30
Shreyas Sheth
9004c42f29 fix(wpa_supplicant): Compile error when CONFIG_SAE is disabled
Closes https://github.com/espressif/esp-idf/issues/13553
2024-04-11 11:18:50 +05:30
Shreyas Sheth
c3f819289d fix(esp_wifi): Fix crash when assoc req comes before confirm is processed 2024-04-02 23:03:29 +05:30
Sarvesh Bodakhe
8e694cddcc feat(esp_wifi): Add support for WPA3 transition disable and more updates
1. Add support for SAE-PK and WPA3-Enterprise transition disable
2. Add support to handle OWE transition disable indication from AP
2. Update Wi-Fi WPA3 authmodes as per WPA Specification v3.3:
   - Merge 'WIFI_AUTH_WPA3_EXT_PSK' and 'WIFI_AUTH_WPA3_EXT_PSK_MIXED_MODE'
     into 'WIFI_AUTH_WPA3_PSK' as per specification.
4. refactor: Backport common changes in scan/connect path from 90cc6158
   - 90cc6158 adds support for Network Introduction Protocl in DPP
2024-03-28 11:38:45 +05:30
jgujarathi
6115e2500a fix(wpa_supplicant): Cancel offchannel listen operations before sending dpp fail
- Ensure that offchannel listening operations are cancelled before sending dpp
  fail events
2024-03-26 10:04:13 +05:30
jgujarathi
1830bc4d29 fix(wpa_supplicant): Ensure dpp auth structure is deinited in dpp task context
- Ensure that the dpp auth data gets deinited only in DPP task context to ensure
  that there are no concurrency issues in usage of DPP auth data.
2024-03-26 10:04:06 +05:30
Jiang Jiang Jian
93f7ae7f7f Merge branch 'bugfix/wps_crash_issue_v5.2' into 'release/v5.2'
fix(wpa_supplicant): Avoid dereferencing a dangling function pointer in WPS (Backport v5.2)

See merge request espressif/esp-idf!29735
2024-03-26 10:51:58 +08:00
Sarvesh Bodakhe
691997af91 fix(wpa_supplicant): Improve execution flow for WPS registrar public APIs
Make sure that WPS registrar public APIs do not modify supplicant
data in application task context. Execute API functionlity in eloop
context to prevent protential race conditions.
2024-03-20 11:07:43 +05:30
Sarvesh Bodakhe
34a26ed632 fix(wifi): Avoid dereferencing a dangling function pointer in WPS supplicant
Avoid dereferencing a dangling function pointer in 'eap_server_sm_deinit()'.
This issue arises when hostap unregisteres EAP methods before it removes
the server state machine for station.
2024-03-19 14:51:14 +05:30
Shreyas Sheth
dd1265845f fix(wifi): Fix wpa3 crash for station added without sta lock 2024-03-19 14:37:32 +08:00
Kapil Gupta
b761052e6b fix(wpa_supplicant): (PEAP client) Update Phase 2 auth requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases
2024-03-15 13:21:59 +05:30
muhaidong
d0afffe8c9 fix(wifi): fix esp_wifi_scan_start memory leakage issue
Closes https://github.com/espressif/esp-idf/issues/10693
2024-02-21 16:32:31 +08:00
Jiang Jiang Jian
4a3f224fe1 Merge branch 'bugfix/esp32c2_eap_auth_v5.2' into 'release/v5.2'
fix(wifi): Added low heap usage Kconfig option for eap enterprise (v5.2)

See merge request espressif/esp-idf!28824
2024-02-21 14:31:32 +08:00
aditi_lonkar
a3ba6b299d fix(wpa_supplicant):Add MBO config flag for mbo apis 2024-02-20 13:54:20 +08:00
Kapil Gupta
3d8fd79a10 fix(wifi): add low memory options for eap enterprise 2024-02-19 14:33:55 +08:00
Kapil Gupta
d900eed440 fix(wifi): Add support to move supplicant BSS to external memory 2024-01-27 10:40:54 +05:30
jgujarathi
72176eee5d fix(wpa_supplicant): Move concurrent wps and dpp check to before creating task
- Move the check for checking concurrent wps and dpp check to before creating
  task rather than after.
2023-12-05 18:57:33 +05:30
jgujarathi
3da789bae6 fix(wpa_supplicant): Fix a crash in esp_wifi_wps_disable
- Fixes a crash observed in esp_wifi_wps_disable when wps process
  is ongoing, caused due to concurrency issues in cancelling timers.
2023-12-05 18:57:25 +05:30
jgujarathi
34795220d2 fix(wpa_supplicant): Add support for a dpp authentication timeout
- Adds support for a 1 second dpp authentication timeout.
2023-12-05 18:57:17 +05:30
jgujarathi
357e0e144b fix(wpa_supplicant): Restructuring DPP init method to ensure cleanup
- Restructuring DPP init function to ensure cleanup of variables in case of
  init failure
2023-12-05 18:57:09 +05:30
jgujarathi
58f1bde9ef fix(wpa_supplicant): Fix location of clearing up dpp global variables
- Fix location of cleaing up dpp global variables to ensure that there are
  no concurrency issues.
2023-12-05 18:57:02 +05:30
jgujarathi
f9c8db8f94 fix(wpa_supplicant): Fix a memory leak in dpp deinit path
- Ensures that the auth information of dpp gets freed when there is
  dpp gets deinited.
2023-12-05 18:56:52 +05:30
aditi_lonkar
6a92a3582e fix(esp_wifi):Fix WDT when esp_supp_dpp_start_listen called multiple times 2023-12-05 18:56:30 +05:30
Jiang Jiang Jian
2fa1e2b23a Merge branch 'bugfix/wifi_backport_v5.2' into 'release/v5.2'
fix(esp_wifi): backport some wifi fixes to v5.2

See merge request espressif/esp-idf!27185
2023-11-17 04:43:10 +08:00
Kapil Gupta
476f83c602 fix(wifi): Disallow DPP and WPS concurrency 2023-11-16 12:34:23 +05:30
Kapil Gupta
ab93a6bd5b fix(wpa_supplicant): memzero wifi config before sending config event 2023-11-16 12:34:10 +05:30
Sarvesh Bodakhe
8baaeb2fa3 fix(wifi): fix bug in 'esp_wifi_deauthenticate_internal' and other improvements 2023-11-16 11:13:45 +08:00
Sarvesh Bodakhe
eb51374615 fix(wpa_supplicant): Add some bugfixes in wpa_supplicant
1) Add parameter to configure reason code of deauth frame
2) Add logs to indicate MIC failure 4-Way-Handshake
3) Process RSNXE capabilities only if AP advertises them
2023-11-16 11:13:26 +08:00
Jiang Jiang Jian
ff4c82a32d Merge branch 'bugfix/disable_fastpbkdf2_hardwaredisable_v5.2' into 'release/v5.2'
fix(wpa_supplicant): implement sha1_finish for fastpbkdf2 (v5.2)

See merge request espressif/esp-idf!26877
2023-11-06 11:32:23 +08:00
Jiang Jiang Jian
5bf1070143 Merge branch 'bugfix/backport_wifi_fixes_v5.2' into 'release/v5.2'
fix(wifi): optimize wifi bin size and fix some issue

See merge request espressif/esp-idf!26894
2023-11-03 21:08:39 +08:00
Jiang Jiang Jian
1ae6dad0d8 Merge branch 'bugfix/fix_compilation_issue_v5.2' into 'release/v5.2'
fix(wpa_supplicant): Fix compilation issue in EAP disabled (v5.2)

See merge request espressif/esp-idf!26876
2023-11-03 20:54:46 +08:00
Kapil Gupta
e3c2ee1ba9 fix(wpa_supplicant): implement sha1_finish for fastpbkdf2 2023-11-03 06:04:50 +00:00
Shreyas Sheth
e8d43b03a1 fix(wifi): wpa3 softap fix deauth when assoc req recv before sae is finished 2023-11-03 10:15:55 +08:00
Sarvesh Bodakhe
8f8f7ddb45 fix(esp_wifi): Fix issue of station disconnecting immediately when AP RSSI is zero 2023-11-03 10:14:47 +08:00
Kapil Gupta
94c38470ac fix(wpa_supplicant): Fix compilation issue in EAP disabled 2023-11-02 16:17:18 +05:30
Kapil Gupta
ba274216b9 fix(wpa_supplicant): Correct iv lenght passed in mbedtls_cipher_set_iv() 2023-11-01 18:02:18 +05:30
Jiang Jiang Jian
6db16c6e81 Merge branch 'feature/sta_sae_ext_key' into 'master'
feat(wifi): Add support for sae ext key for station

Closes WIFI-6170

See merge request espressif/esp-idf!24833
2023-10-19 18:49:15 +08:00
Zim Kalinowski
fa1a3ce0b5 Merge branch 'refactor/components_linux_compatible' into 'master'
Exclude all currently incompatible components from Linux build

Closes IDF-8318 and IDF-5996

See merge request espressif/esp-idf!25598
2023-10-18 20:17:49 +08:00
Shreyas Sheth
ee9ce51133 feat(wifi): Add SAE EXT key support for esp station 2023-10-18 17:10:31 +05:30
Jouni Malinen
98cc860e86 feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
SAE: Derive a variable length PMK with the new AKM suites

Select the PMK length based on the used group (prime length) when using
the new AKM suites for SAE.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Jouni Malinen
3ec105067c feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
SAE: Indicate AKM suite selector in commit for new AKM suites

SAE authentication needs to known which AKM suite is being used to be
able to determine the correct PMK length for the new AKM suite selectors
that use variable length keys.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Jouni Malinen
5719f7908d feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
SAE: EAPOL-Key and key/MIC length information for the new AKM suites

Update the AKM suite specific mapping of various EAPOL-Key key lengths
and algorithms to include the new SAE AKM suites with variable length
keys.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Jouni Malinen
21ac680eac feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs

Define new WPA_KEY_MGMT_* values for the new SAE AKM suite selectors
with variable length keys. This includes updates to various mapping and
checking of the SAE key_mgmt values.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Jouni Malinen
7dbfd8c6da feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
SAE: Use wpa_key_mgmt_sae() helper

Use the existing helper function instead of maintaining multiple copies
of lists of SAE key management suites.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Jouni Malinen
b95ace06b8 feat(wifi): Pull in wpa_supplicant upstream code for SAE EXT key
Define new RSN AKM suite selector values

Add the new AKM suite selectors defined in IEEE P802.11-REVme/D1.3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-18 16:50:24 +05:30
Shreyas Sheth
e746fc0deb feat(wifi): Refactor and update wpa_supplicant with upstream 2023-10-18 16:50:24 +05:30