esp_wifi: Always connect Station in PMF mode if possible

While using esp_wifi_set_config, flag pmf_capable defaults to 0. Users may not bother to enable it, which prevents connection to a WPA3 AP. Or the AP may reset into WPA3 mode failing the re-connection. To ensure better security, deprecate the pmf_capable flag and set it to true internally.
2022-02-09 19:08:59 +05:30 · 2022-02-09 19:08:59 +05:30 · 7ed8fdac59
commit 7ed8fdac59
--- a/components/esp_wifi/include/esp_wifi_types.h
+++ b/components/esp_wifi/include/esp_wifi_types.h
@ -215,7 +215,7 @@ typedef enum {

 /** Configuration structure for Protected Management Frame */
 typedef struct {
-    bool capable;            /**< Device will always connect in PMF mode if other device also advertizes PMF capability. */
+    bool capable;            /**< Deprecated variable. Device will always connect in PMF mode if other device also advertizes PMF capability. */
    bool required;           /**< Advertizes that Protected Management Frame is required. Device will not associate to non-PMF capable devices. */
 } wifi_pmf_config_t;

--- a/components/esp_wifi/lib
+++ b/components/esp_wifi/lib
@ -1 +1 @@
-Subproject commit d464572fa5be0b6508cdb6a93124f9ea72280225
+Subproject commit 81768e63548385be79e7b35828832a53faba4393
--- a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
@ -184,7 +184,6 @@ static int esp_dpp_handle_config_obj(struct dpp_authentication *auth,
            os_memcpy(wifi_cfg->sta.password, conf->passphrase,
                      sizeof(wifi_cfg->sta.password));
        if (conf->akm == DPP_AKM_PSK_SAE) {
-            wifi_cfg->sta.pmf_cfg.capable = true;
            wifi_cfg->sta.pmf_cfg.required = true;
        }
    }
--- a/examples/bluetooth/nimble/bleprph_wifi_coex/main/main.c
+++ b/examples/bluetooth/nimble/bleprph_wifi_coex/main/main.c
@ -123,11 +123,6 @@ void wifi_init_sta(void)
             * However these modes are deprecated and not advisable to be used. Incase your Access point
             * doesn't support WPA2, these mode can be enabled by commenting below line */
             .threshold.authmode = WIFI_AUTH_WPA2_PSK,
-
-            .pmf_cfg = {
-                .capable = true,
-                .required = false
-            },
        },
    };
    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
--- a/examples/protocols/static_ip/main/static_ip_example_main.c
+++ b/examples/protocols/static_ip/main/static_ip_example_main.c
@ -141,11 +141,6 @@ void wifi_init_sta(void)
             * However these modes are deprecated and not advisable to be used. Incase your Access point
             * doesn't support WPA2, these mode can be enabled by commenting below line */
 	     .threshold.authmode = WIFI_AUTH_WPA2_PSK,
-
-            .pmf_cfg = {
-                .capable = true,
-                .required = false
-            },
        },
    };
    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
--- a/examples/wifi/getting_started/station/main/station_example_main.c
+++ b/examples/wifi/getting_started/station/main/station_example_main.c
@ -96,11 +96,6 @@ void wifi_init_sta(void)
             * However these modes are deprecated and not advisable to be used. Incase your Access point
             * doesn't support WPA2, these mode can be enabled by commenting below line */
 	     .threshold.authmode = WIFI_AUTH_WPA2_PSK,
-
-            .pmf_cfg = {
-                .capable = true,
-                .required = false
-            },
        },
    };
    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
--- a/examples/wifi/iperf/main/cmd_wifi.c
+++ b/examples/wifi/iperf/main/cmd_wifi.c
@ -161,7 +161,6 @@ static bool wifi_cmd_sta_join(const char *ssid, const char *pass)
    int bits = xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, 0, 1, 0);

    wifi_config_t wifi_config = { 0 };
-    wifi_config.sta.pmf_cfg.capable = true;

    strlcpy((char *) wifi_config.sta.ssid, ssid, sizeof(wifi_config.sta.ssid));
    if (pass) {
--- a/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c
+++ b/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: CC0-1.0
 */
@ -89,12 +89,6 @@ static void initialise_wifi(void)
    wifi_config_t wifi_config = {
        .sta = {
            .ssid = EXAMPLE_WIFI_SSID,
-#if defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE)
-            .pmf_cfg = {
-                .capable = true,
-                .required = false
-            },
-#endif
        },
    };
    ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
--- a/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
+++ b/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
@ -122,15 +122,8 @@ static void initialise_wifi(void)
    wifi_config_t wifi_config = {
        .sta = {
            .ssid = EXAMPLE_WIFI_SSID,
-#if defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE)
-            .pmf_cfg = {
-                .capable = true,
-                .required = false
-            },
-#endif
 #if defined (CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE)
            .pmf_cfg = {
-                .capable = true,
                .required = true
            },
 #endif