From 7ed8fdac59c084ddd4e3653ef869cf258ec1840c Mon Sep 17 00:00:00 2001
From: Nachiket Kukade <nachiket.kukade@espressif.com>
Date: Wed, 9 Feb 2022 19:08:59 +0530
Subject: [PATCH] esp_wifi: Always connect Station in PMF mode if possible

While using esp_wifi_set_config, flag pmf_capable defaults to 0.
Users may not bother to enable it, which prevents connection to a
WPA3 AP. Or the AP may reset into WPA3 mode failing the re-connection.
To ensure better security, deprecate the pmf_capable flag and set it to
true internally.
---
 components/esp_wifi/include/esp_wifi_types.h              | 2 +-
 components/esp_wifi/lib                                   | 2 +-
 components/wpa_supplicant/esp_supplicant/src/esp_dpp.c    | 1 -
 examples/bluetooth/nimble/bleprph_wifi_coex/main/main.c   | 5 -----
 .../protocols/static_ip/main/static_ip_example_main.c     | 5 -----
 .../getting_started/station/main/station_example_main.c   | 5 -----
 examples/wifi/iperf/main/cmd_wifi.c                       | 1 -
 examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c     | 8 +-------
 examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c | 7 -------
 9 files changed, 3 insertions(+), 33 deletions(-)

diff --git a/components/esp_wifi/include/esp_wifi_types.h b/components/esp_wifi/include/esp_wifi_types.h
index f01d6590ed..480279ed7e 100644
--- a/components/esp_wifi/include/esp_wifi_types.h
+++ b/components/esp_wifi/include/esp_wifi_types.h
@@ -215,7 +215,7 @@ typedef enum {
 
 /** Configuration structure for Protected Management Frame */
 typedef struct {
-    bool capable;            /**< Device will always connect in PMF mode if other device also advertizes PMF capability. */
+    bool capable;            /**< Deprecated variable. Device will always connect in PMF mode if other device also advertizes PMF capability. */
     bool required;           /**< Advertizes that Protected Management Frame is required. Device will not associate to non-PMF capable devices. */
 } wifi_pmf_config_t;
 
diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
index d464572fa5..81768e6354 160000
--- a/components/esp_wifi/lib
+++ b/components/esp_wifi/lib
@@ -1 +1 @@
-Subproject commit d464572fa5be0b6508cdb6a93124f9ea72280225
+Subproject commit 81768e63548385be79e7b35828832a53faba4393
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
index f0fcd95bc5..b2cdb3315b 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c
@@ -184,7 +184,6 @@ static int esp_dpp_handle_config_obj(struct dpp_authentication *auth,
             os_memcpy(wifi_cfg->sta.password, conf->passphrase,
                       sizeof(wifi_cfg->sta.password));
         if (conf->akm == DPP_AKM_PSK_SAE) {
-            wifi_cfg->sta.pmf_cfg.capable = true;
             wifi_cfg->sta.pmf_cfg.required = true;
         }
     }
diff --git a/examples/bluetooth/nimble/bleprph_wifi_coex/main/main.c b/examples/bluetooth/nimble/bleprph_wifi_coex/main/main.c
index fb93e64fee..5a4e3b4811 100644
--- a/examples/bluetooth/nimble/bleprph_wifi_coex/main/main.c
+++ b/examples/bluetooth/nimble/bleprph_wifi_coex/main/main.c
@@ -123,11 +123,6 @@ void wifi_init_sta(void)
              * However these modes are deprecated and not advisable to be used. Incase your Access point
              * doesn't support WPA2, these mode can be enabled by commenting below line */
              .threshold.authmode = WIFI_AUTH_WPA2_PSK,
-
-            .pmf_cfg = {
-                .capable = true,
-                .required = false
-            },
         },
     };
     ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
diff --git a/examples/protocols/static_ip/main/static_ip_example_main.c b/examples/protocols/static_ip/main/static_ip_example_main.c
index f609fb2f36..deef05db20 100644
--- a/examples/protocols/static_ip/main/static_ip_example_main.c
+++ b/examples/protocols/static_ip/main/static_ip_example_main.c
@@ -141,11 +141,6 @@ void wifi_init_sta(void)
              * However these modes are deprecated and not advisable to be used. Incase your Access point
              * doesn't support WPA2, these mode can be enabled by commenting below line */
 	     .threshold.authmode = WIFI_AUTH_WPA2_PSK,
-
-            .pmf_cfg = {
-                .capable = true,
-                .required = false
-            },
         },
     };
     ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
diff --git a/examples/wifi/getting_started/station/main/station_example_main.c b/examples/wifi/getting_started/station/main/station_example_main.c
index f8d91e26e1..e478a4fc2b 100644
--- a/examples/wifi/getting_started/station/main/station_example_main.c
+++ b/examples/wifi/getting_started/station/main/station_example_main.c
@@ -96,11 +96,6 @@ void wifi_init_sta(void)
              * However these modes are deprecated and not advisable to be used. Incase your Access point
              * doesn't support WPA2, these mode can be enabled by commenting below line */
 	     .threshold.authmode = WIFI_AUTH_WPA2_PSK,
-
-            .pmf_cfg = {
-                .capable = true,
-                .required = false
-            },
         },
     };
     ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
diff --git a/examples/wifi/iperf/main/cmd_wifi.c b/examples/wifi/iperf/main/cmd_wifi.c
index 8078ee64e5..c435d0a4c1 100644
--- a/examples/wifi/iperf/main/cmd_wifi.c
+++ b/examples/wifi/iperf/main/cmd_wifi.c
@@ -161,7 +161,6 @@ static bool wifi_cmd_sta_join(const char *ssid, const char *pass)
     int bits = xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, 0, 1, 0);
 
     wifi_config_t wifi_config = { 0 };
-    wifi_config.sta.pmf_cfg.capable = true;
 
     strlcpy((char *) wifi_config.sta.ssid, ssid, sizeof(wifi_config.sta.ssid));
     if (pass) {
diff --git a/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c b/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c
index 477c08cd29..8588feef36 100644
--- a/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c
+++ b/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: CC0-1.0
  */
@@ -89,12 +89,6 @@ static void initialise_wifi(void)
     wifi_config_t wifi_config = {
         .sta = {
             .ssid = EXAMPLE_WIFI_SSID,
-#if defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE)
-            .pmf_cfg = {
-                .capable = true,
-                .required = false
-            },
-#endif
         },
     };
     ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
diff --git a/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c b/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
index e6175d695b..892c542590 100644
--- a/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
+++ b/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
@@ -122,15 +122,8 @@ static void initialise_wifi(void)
     wifi_config_t wifi_config = {
         .sta = {
             .ssid = EXAMPLE_WIFI_SSID,
-#if defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE)
-            .pmf_cfg = {
-                .capable = true,
-                .required = false
-            },
-#endif
 #if defined (CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE)
             .pmf_cfg = {
-                .capable = true,
                 .required = true
             },
 #endif