451 Commits

Author SHA1 Message Date
Shyamal Khachane
ff6db87429 fix(esp_wifi): Fix a memory leak that occurs when SAE connection is interrupted
1. Free temporary data used by SAE before memsetting the same
2. Drop any received auth response that uses a different algorithm than the one currently in use
2024-06-21 16:38:27 +05:30
Nachiket Kukade
c2123313b4 fix(wpa_supplicant): Suppress RSN IE print to Verbose level 2024-05-29 11:06:57 +05:30
aditi_lonkar
6c4c3d6ef8 fix(wpa_supplicant):Fix memory leak in wpa3-sae
Closes https://github.com/espressif/esp-idf/issues/11381
2024-05-21 19:06:26 +05:30
Sarvesh Bodakhe
9efdcd52cc fix(wifi): fix bug in 'esp_wifi_deauthenticate_internal' and other improvements 2024-05-20 14:44:36 +05:30
Sarvesh Bodakhe
61a91afa3a fix(wpa_supplicant): Add some bugfixes in wpa_supplicant
1) Add parameter to configure reason code of deauth frame
2) Add logs to indicate MIC failure 4-Way-Handshake
3) Process RSNXE capabilities only if AP advertises them
2024-05-20 14:44:16 +05:30
Jiang Jiang Jian
397c1d9903 Merge branch 'bugfix/wps_crash_issue_v5.0' into 'release/v5.0'
fix(wpa_supplicant): Avoid dereferencing a dangling function pointer in WPS (Backport v5.0)

See merge request espressif/esp-idf!29736
2024-04-07 10:11:34 +08:00
Sarvesh Bodakhe
3847822531 fix(wpa_supplicant): Improve execution flow for WPS registrar public APIs
Make sure that WPS registrar public APIs do not modify supplicant
data in application task context. Execute API functionlity in eloop
context to prevent protential race conditions.
2024-04-03 11:33:54 +08:00
Sarvesh Bodakhe
c24b840ce7 fix(wifi): Avoid dereferencing a dangling function pointer in WPS supplicant
Avoid dereferencing a dangling function pointer in 'eap_server_sm_deinit()'.
This issue arises when hostap unregisteres EAP methods before it removes
the server state machine for station.
2024-04-03 11:33:54 +08:00
jgujarathi
969605c7c2 fix(wpa_supplicant): Cancel offchannel listen operations before sending dpp fail
- Ensure that offchannel listening operations are cancelled before sending dpp
  fail events
2024-04-03 10:20:54 +08:00
jgujarathi
0f1c0d27c8 fix(wpa_supplicant): Ensure dpp auth structure is deinited in dpp task context
- Ensure that the dpp auth data gets deinited only in DPP task context to ensure
  that there are no concurrency issues in usage of DPP auth data.
2024-04-03 10:20:54 +08:00
Kapil Gupta
34121bdeac fix(wpa_supplicant): (PEAP client) Update Phase 2 auth requirements
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.

Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.

Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
 * 0 = do not require Phase 2 authentication
 * 1 = require Phase 2 authentication when client certificate
   (private_key/client_cert) is no used and TLS session resumption was
   not used (default)
 * 2 = require Phase 2 authentication in all cases
2024-03-15 13:22:22 +05:30
muhaidong
0f3286aa92 fix(wifi): fix esp_wifi_scan_start memory leakage issue
Closes https://github.com/espressif/esp-idf/issues/10693
2024-03-07 17:43:57 +08:00
Jiang Jiang Jian
702853c00e Merge branch 'bugfix/esp32c2_eap_auth_v5.0' into 'release/v5.0'
fix(wifi): Added low heap usage Kconfig option for eap enterprise (v5.0)

See merge request espressif/esp-idf!28826
2024-02-29 11:24:50 +08:00
aditi_lonkar
7c65911c18 fix(wpa_supplicant):Add MBO config flag for mbo apis 2024-02-28 10:37:57 +08:00
Kapil Gupta
c62022b312 fix(wifi): add low memory options for eap enterprise 2024-02-28 10:37:40 +08:00
Kapil Gupta
443842fd9d fix(wifi): Add support to move supplicant BSS to external memory 2024-01-27 11:15:10 +05:30
jgujarathi
6cb42e4304 fix(wpa_supplicant): Add support for a dpp authentication timeout
- Adds support for a 1 second dpp authentication timeout.
2024-01-08 15:57:50 +05:30
jgujarathi
d982e66c21 fix(wpa_supplicant): Restructuring DPP init method to ensure cleanup
- Restructuring DPP init function to ensure cleanup of variables in case of
  init failure
2024-01-08 15:57:50 +05:30
jgujarathi
339efe8cae fix(wpa_supplicant): Fix location of clearing up dpp global variables
- Fix location of cleaing up dpp global variables to ensure that there are
  no concurrency issues.
2024-01-08 15:57:50 +05:30
jgujarathi
ed4582c9e0 fix(wpa_supplicant): Fix a memory leak in dpp deinit path
- Ensures that the auth information of dpp gets freed when there is
  dpp gets deinited.
2024-01-08 15:57:50 +05:30
jgujarathi
8009cdae1d fix(wpa_supplicant): Move concurrent wps and dpp check to before creating task
- Move the check for checking concurrent wps and dpp check to before creating
  task rather than after.
2024-01-08 15:57:50 +05:30
jgujarathi
290b30e56e fix(wpa_supplicant): Fix a crash in esp_wifi_wps_disable
- Fixes a crash observed in esp_wifi_wps_disable when wps process
  is ongoing, caused due to concurrency issues in cancelling timers.
2024-01-08 15:57:50 +05:30
aditi_lonkar
5fbe36db0f fix(esp_wifi):Fix WDT when esp_supp_dpp_start_listen called multiple times 2024-01-08 15:57:49 +05:30
Jiang Jiang Jian
cba997763d Merge branch 'bugfix/fix_some_wifi_bugs_231121_v5.0' into 'release/v5.0'
fix(wifi): fix some wifi bugs(Backport v5.0)

See merge request espressif/esp-idf!27306
2023-11-23 14:41:40 +08:00
muhaidong
2e5937286c fix(wifi): fix some wifi bugs
1 sta not pmf capable when ap requires should reject profile
2 fix softap set config issue
3 allow some special igtk keyindx to workaround faulty APs
2023-11-22 19:04:43 +08:00
Kapil Gupta
a155523263 fix(wpa_supplicant): memzero wifi config before sending config event 2023-11-22 02:58:06 +00:00
Kapil Gupta
6383609e99 fix(wifi): Disallow DPP and WPS concurrency 2023-11-22 02:58:06 +00:00
Jiang Jiang Jian
3f207efa4b Merge branch 'bugfix/supplicant_tls_fix_v5.0' into 'release/v5.0'
fix(wpa_supplicant): Correct iv lenght passed in mbedtls_cipher_set_iv() (v5.0)

See merge request espressif/esp-idf!26847
2023-11-02 15:13:20 +08:00
Jiang Jiang Jian
03732b50fd Merge branch 'feature/pbkdf2_fast_implementation_v5.0' into 'release/v5.0'
change(esp_wifi): Copy fastpbkdf2 implementation

See merge request espressif/esp-idf!26852
2023-11-02 15:12:20 +08:00
Kapil Gupta
46f81cebe4 fix(wpa_supplicant): implement sha1_finish for fastpbkdf2 2023-11-01 21:58:00 +05:30
Kapil Gupta
cc12adf71b ci(esp_wifi): unit test for fast PBKDF2 validation 2023-11-01 21:57:23 +05:30
Kapil Gupta
973aca32be change(esp_wifi): Port fast_pbkdf2 implementation for mbedlts
Add changes to use fast_pbkdf2 as default for PMK calculations.
fast_pbkdf2 is significantly faster than current implementations
for esp chips.

Also removes unnecessary code for pbkdf-sha256 and pbkdf-sha512.
2023-11-01 21:56:56 +05:30
Kapil Gupta
5d26770886 change(esp_wifi): Copy fastpbkdf2 implementation
Copy pbkdf2 implementation from https://github.com/ctz/fastpbkdf2(3c56895)
2023-11-01 21:56:48 +05:30
Jiang Jiang Jian
e9ee047908 Merge branch 'feat/support_esp32c3_eco7_wifi_v5.0' into 'release/v5.0'
Backport/support esp32c3 v1.1 WiFi/BT/BLE(v5.0)

See merge request espressif/esp-idf!26756
2023-11-01 20:35:05 +08:00
Kapil Gupta
4ae0dc38cc fix(wpa_supplicant): Correct iv lenght passed in mbedtls_cipher_set_iv() 2023-11-01 18:02:42 +05:30
Sarvesh Bodakhe
c90353291c fix(esp_wifi): Fix issue of station disconnecting immediately when AP RSSI is zero 2023-10-31 20:38:17 +08:00
Kapil Gupta
f2da30262a fix(wpa_supplicant): Fix compilation issue in EAP disabled 2023-10-27 18:09:37 +05:30
Jiang Jiang Jian
4bd203b6da Merge branch 'bugfix/wps_condition_chain_v5.0' into 'release/v5.0'
fix(wifi): Fix static analyzer warning for WPS code (v5.0)

See merge request espressif/esp-idf!26495
2023-10-27 19:46:03 +08:00
aditi_lonkar
8edd26b4f3 fix(wpa_supplicant): Fix few dpp bugs
1) Fix crash in dpp Listen without bootstrap
  2) Fix crash on receiving dpp auth_req from hostapd with dpp akm
  3) Ensures that the mode is set to station before dpp init
  4) Ensures that dpp follows the path of init->bootstrap->listen
2023-10-26 12:09:44 +05:30
Kapil Gupta
28ba29a95d fix(wifi): Fix static analyzer warning for WPS code 2023-10-18 17:55:38 +05:30
Shreyas Sheth
5004647fb1 fix(wifi): Fix crash occuring when station SAE group is not set to SECP256R1 2023-10-17 14:11:19 +05:30
Shreyas Sheth
79e55b6e92 docs(wifi): Update wifi and wifi security documentation and bugfixes
1. Update documentation for WPA3 Enterprise and WPA3 Enterprise 192-bit
mode
2. Update documentation for WPA3 OWE and OWE transition mode
3. Update documentation related to SAE PK, SAE PWE and Transition Disable
4. Update documnetation for wifi connect API
5. Fix config paramter information for wifi scan start
6. Fix documentation related to scan threshold config setting
7. Replace ESP_ERR_WIFI_ARG error code as ESP_ERR_INVALID_ARG
8. Update documentation for 802.11R Fast transition
9. Fix sta connecting with wpa security in enterprise mode
2023-10-17 14:01:18 +05:30
Jiang Jiang Jian
0f3eb4f5a6 Merge branch 'bugfix/pbc_overlap_in_wps_pin_method_v5.0' into 'release/v5.0'
wpa_supplicant: Fix for issue of wps-pbc overlap in wps-pin method(v5.0)

See merge request espressif/esp-idf!25738
2023-10-08 14:09:22 +08:00
Jiang Jiang Jian
1f870c8102 Merge branch 'feature/rename_wpa2_ent_to_eap_client_v5.0' into 'release/v5.0'
WiFi: Rename WPA2 enterprise APIs to EAP Client. (v5.0)

See merge request espressif/esp-idf!26098
2023-10-07 14:33:17 +08:00
Kapil Gupta
32c6d13001 change(wifi): Rename ESP_WIFI_MBEDTLS_CRYPTO to WPA_MBEDTLS_CRYPTO 2023-09-25 10:58:06 +05:30
Kapil Gupta
9562935813 change(wifi): Add dependency of group 19 for MbedTLS crypto 2023-09-25 10:57:57 +05:30
Kapil Gupta
3f0800ef66 change(wifi): Add supplicant's public API header files to doc 2023-09-25 10:57:11 +05:30
Kapil Gupta
5cc7d3741d change(esp_wifi): Rename WiFi enterprise connection APIs 2023-09-21 11:54:32 +05:30
Kapil Gupta
c853492e1c change(wifi): Reduce BSS logging in wpa_supplicant 2023-09-21 02:55:35 +00:00
Jiang Jiang Jian
c4d7be43ed Merge branch 'bugfix/wps_wpa3_passphrase_v5.0' into 'release/v5.0'
WiFi: get passphrase in WPS if AP support SAE (v5.0)

See merge request espressif/esp-idf!25886
2023-09-21 10:54:06 +08:00