From 34725cdbfdc1228f2aeabb459449a3eed6bf0cfb Mon Sep 17 00:00:00 2001 From: Sarvesh Bodakhe Date: Fri, 8 Dec 2023 16:14:51 +0530 Subject: [PATCH 1/2] feat(wifi): Add support SAE-PK and WPA3-Enterprise transition disable --- components/esp_wifi/lib | 2 +- .../esp_supplicant/src/esp_wifi_driver.h | 1 + .../esp_supplicant/src/esp_wpas_glue.c | 20 ++++++++++++++++++- .../wpa_supplicant/src/common/wpa_common.h | 3 +++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index 47abfa88c7..4982b16b1e 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit 47abfa88c74aae92d3f0383d56d7c6805159903d +Subproject commit 4982b16b1ed2c427271fd3b21bb54fb235e3d9f4 diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h index 226fd7660e..5def9f65cb 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h @@ -299,5 +299,6 @@ uint8_t* esp_wifi_sta_get_sae_identifier_internal(void); bool esp_wifi_eb_tx_status_success_internal(void *eb); uint8_t* esp_wifi_sta_get_rsnxe(u8 *bssid); esp_err_t esp_wifi_sta_connect_internal(const uint8_t *bssid); +void esp_wifi_enable_sae_pk_only_mode_internal(void); #endif /* _ESP_WIFI_DRIVER_H_ */ diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c index 16f8916f15..0ee7a5c3b4 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c @@ -93,14 +93,32 @@ int hostapd_send_eapol(const u8 *source, const u8 *sta_addr, } +static void disable_wpa_wpa2() { + esp_wifi_sta_disable_wpa2_authmode_internal(); +} + void wpa_supplicant_transition_disable(struct wpa_sm *sm, u8 bitmap) { wpa_printf(MSG_DEBUG, "TRANSITION_DISABLE %02x", bitmap); if ((bitmap & TRANSITION_DISABLE_WPA3_PERSONAL) && wpa_key_mgmt_sae(sm->key_mgmt)) { - esp_wifi_sta_disable_wpa2_authmode_internal(); + disable_wpa_wpa2(); } + + if ((bitmap & TRANSITION_DISABLE_SAE_PK) && + wpa_key_mgmt_sae(sm->key_mgmt)) { + wpa_printf(MSG_INFO, + "SAE-PK: SAE authentication without PK disabled based on AP notification"); + disable_wpa_wpa2(); + esp_wifi_enable_sae_pk_only_mode_internal(); + } + + if ((bitmap & TRANSITION_DISABLE_WPA3_ENTERPRISE) && + wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) { + disable_wpa_wpa2(); + } + } u8 *wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type, diff --git a/components/wpa_supplicant/src/common/wpa_common.h b/components/wpa_supplicant/src/common/wpa_common.h index 8f8071962e..d682f29bd0 100644 --- a/components/wpa_supplicant/src/common/wpa_common.h +++ b/components/wpa_supplicant/src/common/wpa_common.h @@ -327,6 +327,9 @@ struct rsn_rdie { /* WFA Transition Disable KDE (using OUI_WFA) */ /* Transition Disable Bitmap bits */ #define TRANSITION_DISABLE_WPA3_PERSONAL BIT(0) +#define TRANSITION_DISABLE_SAE_PK BIT(1) +#define TRANSITION_DISABLE_WPA3_ENTERPRISE BIT(2) +#define TRANSITION_DISABLE_ENHANCED_OPEN BIT(3) #ifdef CONFIG_IEEE80211R int wpa_ft_mic(const u8 *kck, size_t kck_len, const u8 *sta_addr, From fd556dc78549ded9b7727de16240671fbfbd91be Mon Sep 17 00:00:00 2001 From: Shyamal Khachane Date: Wed, 17 Jan 2024 12:44:17 +0530 Subject: [PATCH 2/2] feat(wifi): Add support to handle OWE transition disable indication from AP --- .../wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h | 1 + .../wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h index 5def9f65cb..d5801593e5 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h @@ -291,6 +291,7 @@ bool esp_wifi_is_ft_enabled_internal(uint8_t if_index); uint8_t esp_wifi_sta_get_config_sae_pk_internal(void); void esp_wifi_sta_disable_sae_pk_internal(void); void esp_wifi_sta_disable_wpa2_authmode_internal(void); +void esp_wifi_sta_disable_owe_trans_internal(void); uint8_t esp_wifi_ap_get_max_sta_conn(void); uint8_t esp_wifi_get_config_sae_pwe_h2e_internal(uint8_t ifx); bool esp_wifi_ap_notify_node_sae_auth_done(uint8_t *mac); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c index 0ee7a5c3b4..23608c7299 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c @@ -93,7 +93,8 @@ int hostapd_send_eapol(const u8 *source, const u8 *sta_addr, } -static void disable_wpa_wpa2() { +static void disable_wpa_wpa2(void) +{ esp_wifi_sta_disable_wpa2_authmode_internal(); } @@ -119,6 +120,10 @@ void wpa_supplicant_transition_disable(struct wpa_sm *sm, u8 bitmap) disable_wpa_wpa2(); } + if ((bitmap & TRANSITION_DISABLE_ENHANCED_OPEN) && + wpa_key_mgmt_owe(sm->key_mgmt)) { + esp_wifi_sta_disable_owe_trans_internal(); + } } u8 *wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type,