EAP reauth frames are dropped at various stages due to current
implementation of WPA2 ENT states and EAP SM init/deinit logic.
Route EAPOL frames based on EAP pkt type and maintain EAP SM
to facilitate EAP re-authentication process.
Added WPA3 Testcases support for -
1. Anti-Clogging Token Request support
2. Return correct status from SAE modules for invalid scenarios
3. Add PMK Caching support for WPA3
wifi lib includes fixes for below PMF Certification issues -
1. Check return status of decrypt operation. Fixes 5.3.3.1.
2. Allow PMF negotiation for WPA2-Enterprise. Fixes 5.3.3.2, 5.3.3.4.
3. Add NULL check on key before encrypting PMF, fixes crash.
1. Add changes in 4-way handshake path to allow SAE key mgmt.
2. Support for configuring WAP3 at init time, added Kconfig option.
3. Handle and propagate error conditions properly.
Under WPA3-Personal, SAE authentication is used to derive PMK
which is more secure and immune to offline dictionary attacks.
1. Add modules to generate SAE commit/confirm for the handshake
2. Add modules that build and parse SAE data in Auth frames
3. Add WPA3 association and key mgmt definitions
4. Invert y-bit while solving for ECC co-ordinate -
Once an X co-ordinate is obtained, solving for Y co-ordinate
using an elliptical curve equation results in 2 possible values,
Y and (P - Y), where p is the prime number. The co-ordinates are
used for deriving keys in SAE handshake. As par the 802.11 spec
if LSB of X is same as LSB of Y then Y is chosen, (P - Y) otherwise.
This is not what is implemented, so fix this behavior to obtain the
correct Y co-ordinate.
This change ports SAE(Simultaneous Authentication of Equals)
feature from wpa_supplicant and makes it work with mbedtls
crypto APIs. Currently only group 19 is supported. A sample
SAE handshake is included in the testcase. Other minor
changes for DH groups are also included.
1. Add CCMP, AES crypto modules for unicast protected Mgmt frames
2. Add support for computing SHA256 MIC on Bcast Mgmt frames
3. Add support for storing iGTK during 4-way handshake.
4. Provide APIs to MLME for utilizing the SW crypto modules
1. Add APIs for configuring PMF through set config.
2. Map Supplicant and Wifi Cipher types.
3. Add support for PMF negotiation while generating RSN IE.
1. Fix WiFi log print level
2. Optimize WiFi/BT coexist sleep
- If any data tx/rx in WiFi slice, fore wakeup next TBTT
- Increase active timeout time to coex TBTT interval to avoid sleep in WiFi slice
3. Fix esp_wifi_stop() crash
esp_wifi_stop() crashes if it's called when WiFi is not initialized.
4. Fix esp_wifi_stop() leads to memory leak
5. esp_wifi_sta_get_ap_info() returns actual values of group ciphers
1,Reduce WiFi bin size
2,Add TX packets size check
3,Fix scan get rssi error
4,Add wifi stop check at WiFi deinit entry
5,coex adjust scheme when bt is connected status
6,Return fail when setting AP's channel is out of range
7,Fix the bug for setting channel when WiFi in NULL mode
Fix an error of mesh deinit lock.
Fix mesh send returns TIMEOUT.
Increase root window close time to 120s.
Clear ie.child when the child connected or fully associated.
Update rc_rssi when roots direct/forward.
ix assoc in mesh ie wrong.
Mesh packets use AC_VI instead of AC_BE.
Fix following WiFi issues:
1. Fix WiFi buffer reload issue
2. Fix AMSDU decrypt issue
3. Fix some WiFi timer issues
4. Fix the crash caused by too big of association request RSN information
5. Fix the crash caused by block scan
6. Fix the bug for getting channel and bandwidth
7. Fix some Sniffer bugs
8. Fix some ESP-NOW issues
1> fix the bug when modifying the channel info of peer node
2> fix the crash when modifying peer node between unencrypted and encrypted
3> fix the bug for fetch peer
4> modify the esp_wifi_set_channel() function
5> fix the bug that the channel parameter doesn't work when adding peer node
Closes https://github.com/espressif/esp-idf/issues/2833
Closes https://github.com/espressif/esp-idf/issues/4311
Sometimes, libphy.a call phy_enter_critical() to protect accessing
critical sections, such like operating on I2C, but it may not effect
when both the CPU core call it. It may cause accessing I2C blocking
and cannot recover by esp_restart(), until do HW reboot.
1. Fix WiFi scan leads to poor performance of Bluetooth.
2. Improve WiFi connect success ratio when coexist with Bluetooth.
3. Check if WiFi is still connected when CSA or beacon timeout happen.
4. add coex pre init
Fix following WiFi bugs:
1. Fix the bug for API_CHECK_ENABLED
2. Fix the bug that wpa2 enterprise sta can connect open AP
3. Fix TKIP/CCMP PN replay attack detection bug
4. Increase buffer number type from uint8_t to uint16_t to support more than 255 buffers
5. Avoid recalculating PMK if esp_wifi_set_config() is not called
6. Fix 5.5M signal test bug
1. Fix high beacon and broadcast packets loss ratio of WiFi to
make MDNS test pass.
2. Improve stability of WiFi performance with a little sacrifice
of throughput.
3. Improve BLE advertising and connection performance with
dynamic priority. It sacrifices a little WiFi throughput, but
achieves balance between WiFi and Bluetooth.
A lot of internally used crypto headers are publicly includeable
in user projects. This leads to bug reports when these headers
are incorrectly used or the API's are not used as intended.
Move all crypto headers into private crypto src folder, also move
crypto_ops into Supplicant to remove dependecy on crypto headers.
Closes IDF-476
1. fix the bug that bb reset lock unhandled may cause assert in vPortCPUReleaseMutexIntsDisabledInternal
2. fix wifi mac reset may blocking then cause wdt timeout
3. fix bug wifi mac reset before coex init
wpa_supplicant is using MbedTLS API's for crypto algorithms. For
calling them a duplicate set of modules is maintained prepended
with 'fast_'. Remove these and use flag USE_MBEDTLS_CRYPTO
instead to separate modules calling MbedTLS API's from native
implementation.
1. resend eb which are pending in g_ic.tx_buf due to channel switch.
2. add lock for mgmg/xon/bcast to protect send from user flush.
3. softap: add check if secondary offset is correct when start softap.
4. softap: in inactive timer handler, add check if child bss is removed to avoid removing it again.
5. disable A-MPDU for non-root.
6. fix reusing a freed eb.
7. fix when node becomes root, it does not record assoc value to nvs.
8. discard unnecessary forwarded group packets.
9. fix toDS state is not updated in time.
10. fix s_sta_cnx_times is not cleared when deinit causes root sends ADD annoucement.
11. root: increase beacon timeout time from 6 seconds to 15 seconds to delay initiation of reconnection.
12. add esp_mesh_get_tsf_time to return TSF time.
13. send the whole routing table multi-times.
14. clear candidate settings if not receive candidate beacon within 8 seconds.
Move supplicant to idf and do following refactoring:
1. Make the folder structure consitent with supplicant upstream
2. Remove duplicated header files and minimize the public header files
3. Refactor for WiFi/supplicant interfaces
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY
variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
!4452 and !4897 made some ill-advised corrections to dependency info;
revert those in this MR. Handling pre-built binaries as imported
libraries is retained, however.
!4452 used setting LINK_LIBRARIES and INTERFACE_LINK_LIBRARIES to link
components built under ESP-IDF build system. However, LINK_LIBRARIES does
not produce behavior same as linking PRIVATE. This MR uses the new
signature for target_link_libraries directly instead. This also moves
setting dependencies during component registration rather than after all
components have been processed.
The consequence is that internally, components have to use the new
signature form as well. This does not affect linking the components to
external targets, such as with idf_as_lib example. This only affects
linking additional libraries to ESP-IDF libraries outside component processing (after
idf_build_process), which is not even possible for CMake<v3.13 as
target_link_libraries is not valid for targets not created in current
directory. See https://cmake.org/cmake/help/v3.13/policy/CMP0079.html#policy:CMP0079
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .
Cleaned up header files from unnecessary headers (releated to soc/... headers).
Fix following wpa2 enterprise vulnerability issues:
1. The station can complete 4-way handshake after EAP-FAIL is received
2. The station crashes if EAP-SUCCESS is received before PMK is setup
1. fix the bug no disconnect event when STA recv disassoc after sending auth
2. fix the bug full scan send multi events when recv deauth/disassoc
Closes https://github.com/espressif/esp-idf/issues/3474
