143 Commits

Author SHA1 Message Date
Jiang Jiang Jian
3d88183b23 Merge branch 'bugfix/do_not_allow_unauthenticated_encrypted_key_data_release_v4.1' into 'release/v4.1'
esp_wifi: Ignore unauthenticated encrypted EAPOL-Key data and fix

See merge request espressif/esp-idf!18319
2022-07-10 15:59:38 +08:00
Hrudaynath Dhabe
092036602c esp_wifi: Ignore unauthenticated encrypted EAPOL-Key data and fix handling of key RSC.
Closes https://github.com/espressif/esp-idf/issues/8401
2022-06-14 18:23:17 +05:30
Hrudaynath Dhabe
ee50721f81 esp_wifi: Fix the negotiation of method with eap server. 2022-06-14 17:49:05 +05:30
Jiang Jiang Jian
5c281ed18c Merge branch 'bugfix/wpa3_memory_leak_v4.1' into 'release/v4.1'
esp_wifi: Fix Some wifi bugs.(v4.1)

See merge request espressif/esp-idf!16560
2022-03-02 22:00:52 +08:00
Jiang Jiang Jian
70bda5d6bc Merge branch 'bugfix/eap_client_crash_v4.1' into 'release/v4.1'
wpa_supplicant: Fix memory corruption (v4.1)

See merge request espressif/esp-idf!17131
2022-03-02 16:40:53 +08:00
Kapil Gupta
b3d03e8db7 wpa_supplicant: Fix invalid memory dereference 2022-02-12 10:36:40 +05:30
Kapil Gupta
9f70b89794 wpa_supplicant: Add WPS Fixes
Add following bugfixes

1. Station not able to connect when WPS pin is pressed first on AP.
2. PBC overlap getting detected for selected registrar PIN APs.
3. Station not considering authorised MACs for PIN method.
4. For PIN methodm If no AP is found, station will loop through
   APs in its vicinity and try to do WPS with them one by one till
   WPS timeout occurs. This is for some APs which do not set
   selected registrar correctly.
2022-02-08 17:09:41 +05:30
aditi_lonkar
445852da8d esp_wifi: Fixes memory leak in wpa3 connection. 2022-01-28 16:50:36 +05:30
aditi_lonkar
d9ed6d93e9 wpa_supplicant: Add WPS strict in config option
WPS strict disables workarounds with different APs and may cause
IOT issues. Remove this as default and introduce as a config option.

Also declare esp device as single band mobile device otherwise
WFA sniffer was not able to identify it in the certification setup.
2022-01-28 16:52:51 +08:00
aditi_lonkar
388bf07ceb wpa_supplicant: Fix compilation when debug prints are enabled 2021-12-07 12:21:56 +08:00
Kapil Gupta
bd716b6fa1 wpa_supplicant: Add missing cflag for legacy makefile 2021-10-28 16:55:50 +05:30
Kapil Gupta
c4b411cbb2 wpa_supplicant: Update internal tls client with sha384/sha512 support 2021-10-28 16:55:14 +05:30
Kapil Gupta
04d02e5b52 esp_wifi: Fix interoperability issue with windows 2008 2021-10-28 16:07:01 +08:00
Kapil Gupta
789a7e5e5a Merge branch 'bugfix/eap_client_windows' into 'master'
wpa_supplicant: clean tls client state machine

Closes IDFGH-5702, IDFGH-5662, and IDFGH-119

Closes https://github.com/espressif/esp-idf/issues/7422
Closes https://github.com/espressif/esp-idf/issues/1297

See merge request espressif/esp-idf!14968

(cherry picked from commit e8360fe0756ec592cbd5f4ff4d36946a22561d8f)

d3a42d78 wpa_supplicant: clean tls client state machine
2021-09-01 19:15:02 +08:00
Hrudaynath Dhabe
e1af1fe126 wpa_supplicant: Group key reinstallation fixes
This commit reverts previous commit for GTK reinstallation fix
and corrects original fix.
2021-05-13 15:34:58 +08:00
Jiang Jiang Jian
056890a41a Merge branch 'bugfix/fix_some_wifi_bugs_0105_v4.1' into 'release/v4.1'
Bugfix/fix some wifi bugs 0105 v4.1 (backport v4.1)

See merge request espressif/esp-idf!11881
2021-03-23 16:36:07 +00:00
Jiang Jiang Jian
645b200d73 Merge branch 'bugfix/wpa_supplicant_coverity_issue_fixes_v4.1' into 'release/v4.1'
Fix some issues raised by Coverity static Analyzer.(backport_v4.1)

See merge request espressif/esp-idf!11920
2021-03-23 03:27:44 +00:00
xiehang
4403af7267 esp_wifi: Modify ESP_IF_WIFI_STA to WIFI_IF_STA 2021-03-22 17:18:58 +08:00
kapil.gupta
c907da0656 esp_wifi: Add support for 802.1x sha256 auth key mode 2021-03-17 15:27:39 +08:00
aditi_lonkar
8668c11a12 wpa_supplicant: Fix some memory leak issues by coverity static analyzer. 2021-01-18 11:35:48 +05:30
kapil.gupta
45370f4fae wpa_supplicant: Fix null pointer dereference if eap init failed 2020-12-16 11:57:08 +05:30
Hrudaynath Dhabe
fc18d7972e wpa_supplicant: Minor bugfix with wpa_supplicant debug logs. 2020-11-22 17:47:20 +08:00
Hrudaynath Dhabe
7eada9f4d3 wpa_supplicant: Fix configurable debug log feature's warning issue 2020-11-20 22:26:44 +08:00
Nachiket Kukade
ffc87ab7d9 esp_wifi: Update wifi lib
1. Add STA checks during STA PMF operations
2. Fix WPA2-Ent issue with Open AP
3. Skip WPA-TKIP profile if PMF is required
4. Skip & clear Supplicant PMK Cache with mismatching AP config
5. Use flag ESP32_WIFI_ENABLE_WPA3_SAE to control WPA3 code, disabling
   it code footprint reduces by 7.7kB in libwpa_supplicant.a
6. Fix handling of multiple AP credentials in WPS, apps need update
   to handle the new event for the fix to work

Closes https://github.com/espressif/esp-idf/issues/5971
2020-11-20 19:45:21 +08:00
GOPTIONS\pfrost
77e7b15190 Reduce log level of hexdumps to verbose
Revert "Reduce log level of hexdumps to verbose"

Add a menuconfig option to enable or disable the logging in wpa_supplicant

Clarify help message
2020-11-20 19:40:48 +08:00
kapil.gupta
2c995da190 ESP-WIFI: Optimize 4way handshake failure time
In case of wrong passpharse, AP will keep on sending 1/4 multiple
times which may take around 10 secs to disconnect and detect
wrong password event.

Add changes to reject EAPOL1 after 3 consecutive reception
2020-11-20 19:33:43 +08:00
Nachiket Kukade
0bd483bbf5 espnow/pmf: Implement ESPNOW + PMF Co-existance
H/W decryption of Mgmt frames was disabled for PMF and done through
S/W. If ESPNOW packets go through this path, it affects backward
compatibility since method of decrypting Mgmt packets is different in H/W.

To address PMF + ESPNOW Co-existance, CCMP decryption method is modified
for ESPNOW packets so that they can be decrypted correctly. Since Tx
of ESPNOW packets can still be done in H/W alongside PMF, no change
required in encryption method in S/W.

Co-Authored-By: Nachiket Kukade <nachiket.kukade@espressif.com>
Co-Authored-By: zhangyanjiao <zhangyanjiao@espressif.com>
Co-Authored-By: kapil.gupta <kapil.gupta@espressif.com>
2020-11-20 19:00:55 +08:00
Nachiket Kukade
50cf0c2d24 wpa_supplicant: Increase PMK Lifetime to a very high value
For WPA3 connection nearing PMK lifetime expiry, PMK Cache
needs a re-authentication or the cache will expire. After
current expiry of 12 hours Station ends up sending a deauth
to the AP. An SAE re-authentication also cannot occur without
a disconnection with current implementation. So increase the
PMK lifetime to 100 days for now.
2020-11-18 12:36:52 +05:30
Jiang Jiang Jian
55bb405583 Merge branch 'bugfix/wps_fail_reason_code' into 'master'
esp_wifi: Add Failures Reason code in all WPS failure send event

Closes WIFI-2947

See merge request espressif/esp-idf!10924

(cherry picked from commit 65bee9886160c29f75d48a4fb855a40eb0f21c77)

474c38a5 esp_wifi: Add WPS Reason code in all failures
2020-11-03 13:48:21 +08:00
Jiang Jiang Jian
e365d1ff60 Merge branch 'feature/esp_tls_for_supplicant_v4.1' into 'release/v4.1'
wpa_supplicant: Support for mbedtls tls handshake(backport v4.1)

See merge request espressif/esp-idf!9856
2020-10-28 19:29:55 +08:00
Jiang Jiang Jian
b6615a6c5a Merge branch 'bugfix/wpa_supplicant_link_depth_v4.1' into 'release/v4.1'
wpa_supplicant: Fix failure to link under some circumstances (v4.1)

See merge request espressif/esp-idf!10977
2020-10-28 15:59:22 +08:00
Angus Gratton
865c1dd3dc wpa_supplicant: Fix failure to link under some circumstances
Depending on CMake internals, the wpa_supplicant library may need to be repeated
multiple times in the linker command line.

Closes https://github.com/espressif/esp-idf/issues/5641
2020-10-26 15:13:01 +11:00
Nachiket Kukade
af66eab249 wpa_supplicant: Fix WPA3 and WPA2 transition related failures
1. If Device is connected to AP in WPA3-PSK mode, AP switching
security to WPA2-PSK causes connection failures even after reset.
Fix is to not store WPA3's PMK in NVS for caching.

2. AP switching back to WPA3 causes even more connection failures.
This is due to device not clearing Supplicant level PMK Cache when
it is no longer valid. Fix is to clear the Cache when 4-way handshake
fails and to check Key Mgmt of Cache before using.

3. When AP switches from WPA3 to WPA2, device's PMF config in
Supplicant remains enabled. This may cause failures during
4-way handshake. So clear PMF config in when PMF is no longer used.
2020-10-22 10:05:02 +00:00
kapil.gupta
d9fa1f6436 wpa_supplicant: Fix IOT issue with latest freeradius
Fix inter operability issue with freeradius version 3.0.21
and openssl 1.1.1f when internal tls client is used which
requires extension elements in client hello.

closes https://github.com/espressif/esp-idf/issues/5273
closes https://github.com/espressif/esp-idf/issues/5627
2020-10-13 08:09:00 +00:00
kapil.gupta
1d59af5c84 wpa_supplicant: Fix invalid pointer deference and memleak
Add following changes as part of this:

1. EAP client will crash during validation of key size when CA
certs and keys not present. Add changes to validate it first.
2. Free memory allocated in TLS context
2020-10-13 08:09:00 +00:00
kapil.gupta
70fb594873 wpa_supplicant: Support for mbedtls tls handshake
Add support for mbedtls based tls handshake, this removes
dependency from internal implementation of EAP client.
2020-10-13 08:09:00 +00:00
Jiang Jiang Jian
f280be4a86 Merge branch 'bugfix/clean_wpa2_wifi_deinit' into 'master'
wpa_supplicant: Deinit wpa2 states in wifi deinit

See merge request espressif/esp-idf!10103

(cherry picked from commit 4dcaa0e6f4dd4efc8f0c8a7e83a3fe799b80ef74)

06bc7f1d wpa_supplicant: Deinit wpa2 states in wifi deinit
2020-09-17 06:06:40 +00:00
kapil.gupta
ab7eafa3b8 wpa_supplicant: WPS Inter operatability Fixes
Add WPS IOT fixes under config option

Current fixes under this flag.
1. Allow NULL-padded WPS attributes.
2. Bypass WPS-Config method validation
2020-08-26 08:49:43 +00:00
Nachiket Kukade
367397385e wpa_supplicant: Allow NULL-padded WPS attributes
Some AP's keep NULL-padding at the end of some variable length WPS
Attributes. This is not as par the WPS2.0 specs, but to avoid interop
issues, ignore the padding by reducing the attribute length by 1.
2020-08-26 08:49:43 +00:00
ronghulin
828cc1318b bugfix: fix softap mode wpa memory leak 2020-07-29 14:15:56 +08:00
Angus Gratton
50319bb03c wpa_supplicant: Allow building with mbedTLS integration but no hardware MPI
Also disable the relevant function in bignum.h based on config, so fails at
compile not link time.

Closes https://github.com/espressif/esp-idf/issues/5321
2020-06-03 15:11:21 +10:00
Jiang Jiang Jian
58f0a94cdf Merge branch 'bugfix/fix_memleak_in_wpa3_feature_v4.1' into 'release/v4.1'
fix(wpa_supplicant): fix memleak in wpa3 feature(backport v4.1)

See merge request espressif/esp-idf!8656
2020-05-22 21:23:43 +08:00
Nachiket Kukade
276cbb69f3 wpa_supplicant: Fix memory leaks in WPA3 connection
1. Buffers for SAE messages are not freed after the handshake.
   This causes memory leak, free buffers after SAE handshake.
2. SAE global data is not freed until the next WPA3 connection
   takes place, holding up heap space without reason. Free theis
   data after SAE handshake is complete or event fails.
3. Update wifi lib which includes memory leak fix during BIP
   encryption/decryption operations.
2020-05-18 15:46:32 +05:30
Nachiket Kukade
c973bea7d1 wpa_supplicant: Fix formatting of file esp_wpa3.c
Replace tabs with spaces in esp_wpa3.c.
2020-05-18 15:45:34 +05:30
Zhang Jun Hao
949e7c6f85 fix(wpa_supplicant): fix memleak in wpa3 feature 2020-05-08 16:30:16 +08:00
kapil.gupta
de85de7c51 wpa_supplicant: Fix some memleaks and invalid memory access
Add changes to fix issues reported in clang analyzer
2020-05-06 11:05:30 +00:00
Nachiket Kukade
6254bf443e wpa_supplicant: Disable TLSv1.2 by default
Some Enterprise Authentication Servers do not support TLS v1.2.
Move this option to Menuconfig and disable by default.
2020-04-28 10:46:59 +05:30
Sagar Bijwe
b7ae3ff9bd wpa_supplicant: Fix compilation errors when USE_MBEDTLS is disabled.
This is a regression from earlier commit related to TLSV12 which used
sha functions that are currently declared static.
Solution: Follow upstream code structure and resolve the errors.
2020-04-15 15:33:59 +05:30
Sagar Bijwe
afc1362ea6 wpa_supplicant: Fix wpa_supplicant TLS 1.2 issues
1) Fixed compilation issues.
2) Added tlsprf.c from upstream
3) Enabled SHA256 in supplicant compilation.
2020-04-13 16:39:59 +00:00
Sagar Bijwe
5c4f7948d4 wpa_supplicant: Fix SAE test-case failure on mbedtls version udpate
Problem:
mbedtls_ctr_drbg_context was initialized in crypto_ec_point_mul. This
was okay in releases before 2.16.4 as entropy_len used to get set to
MBEDTLS_CTR_DRBG_ENTROPY_LEN in function mbedtls_ctr_drbg_seed. The
function is now changed to set the length to
MBEDTLS_CTR_DRBG_ENTROPY_LEN if previous length is 0 and hence the bug.

Solution:
Initialize mbedtls_ctr_drbg_context in crypto_ec_point_mul.
2020-03-23 11:22:02 +05:30