From 341a92aaa57b669d1e5a612820aeec21b841fb60 Mon Sep 17 00:00:00 2001 From: Shreyas Sheth Date: Thu, 21 Jul 2022 12:56:06 +0530 Subject: [PATCH] esp_wifi: WPA3 SAE keep default value as h2e and hunting and pecking for sae pwe --- components/esp_wifi/include/esp_wifi_types.h | 12 ++++++++++-- components/esp_wifi/lib | 2 +- .../esp_supplicant/src/esp_wifi_driver.h | 4 ++-- .../wpa_supplicant/esp_supplicant/src/esp_wpa3.c | 2 +- components/wpa_supplicant/src/common/wpa_common.c | 2 +- components/wpa_supplicant/src/rsn_supp/wpa.c | 2 +- .../station/main/station_example_main.c | 2 +- 7 files changed, 17 insertions(+), 9 deletions(-) diff --git a/components/esp_wifi/include/esp_wifi_types.h b/components/esp_wifi/include/esp_wifi_types.h index e0419acc02a5..96c8e394c5ff 100644 --- a/components/esp_wifi/include/esp_wifi_types.h +++ b/components/esp_wifi/include/esp_wifi_types.h @@ -222,6 +222,14 @@ typedef struct { bool required; /**< Advertizes that Protected Management Frame is required. Device will not associate to non-PMF capable devices. */ } wifi_pmf_config_t; +/** Configuration for SAE PWE derivation */ +typedef enum { + WPA3_SAE_PWE_UNSPECIFIED, + WPA3_SAE_PWE_HUNT_AND_PECK, + WPA3_SAE_PWE_HASH_TO_ELEMENT, + WPA3_SAE_PWE_BOTH, +} wifi_sae_pwe_method_t; + /** @brief Soft-AP configuration settings for the ESP32 */ typedef struct { uint8_t ssid[32]; /**< SSID of ESP32 soft-AP. If ssid_len field is 0, this must be a Null terminated string. Otherwise, length is set according to ssid_len. */ @@ -254,8 +262,8 @@ typedef struct { uint32_t mbo_enabled:1; /**< Whether MBO is enabled for the connection */ uint32_t ft_enabled:1; /**< Whether FT is enabled for the connection */ uint32_t owe_enabled:1; /**< Whether OWE is enabled for the connection */ - uint32_t sae_pwe_h2e:2; /**< Whether SAE hash to element is enabled */ - uint32_t reserved:25; /**< Reserved for future feature set */ + uint32_t reserved:27; /**< Reserved for future feature set */ + wifi_sae_pwe_method_t sae_pwe_h2e; /**< Whether SAE hash to element is enabled */ } wifi_sta_config_t; /** @brief Configuration data for ESP32 AP or STA. diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index 9d353460e824..4b1daf3775bc 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit 9d353460e8240e3b413867ea433085e218c9adf5 +Subproject commit 4b1daf3775bc399296482ef2760f1efe9855e6f1 diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h index 07c133144a32..856d40d5c57c 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h @@ -279,7 +279,7 @@ esp_err_t esp_wifi_remain_on_channel(uint8_t ifx, uint8_t type, uint8_t channel, bool esp_wifi_is_mbo_enabled_internal(uint8_t if_index); void esp_wifi_get_pmf_config_internal(wifi_pmf_config_t *pmf_cfg, uint8_t ifx); bool esp_wifi_is_ft_enabled_internal(uint8_t if_index); -uint8_t esp_wifi_get_config_sae_pwe_h2e_internal(void); -uint8_t esp_wifi_get_use_h2e_internal(void); +uint8_t esp_wifi_sta_get_config_sae_pwe_h2e_internal(void); +uint8_t esp_wifi_sta_get_use_h2e_internal(void); #endif /* _ESP_WIFI_DRIVER_H_ */ diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c index e5cedb6b50fb..fa5b27402f42 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c @@ -25,7 +25,7 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid) u8 own_addr[ETH_ALEN]; const u8 *pw = (const u8 *)esp_wifi_sta_get_prof_password_internal(); struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal(); - uint8_t use_pt = esp_wifi_get_use_h2e_internal(); + uint8_t use_pt = esp_wifi_sta_get_use_h2e_internal(); if (use_pt && !g_sae_pt) { g_sae_pt = sae_derive_pt(g_allowed_groups, ssid->ssid, ssid->len, pw, strlen((const char *)pw), NULL); diff --git a/components/wpa_supplicant/src/common/wpa_common.c b/components/wpa_supplicant/src/common/wpa_common.c index 6d74532c647a..4cdf7ab38805 100644 --- a/components/wpa_supplicant/src/common/wpa_common.c +++ b/components/wpa_supplicant/src/common/wpa_common.c @@ -369,7 +369,7 @@ int wpa_parse_wpa_ie_rsnxe(const u8 *rsnxe_ie, size_t rsnxe_ie_len, struct wpa_ie_data *data) { uint8_t rsnxe_capa = 0; - uint8_t sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(); + uint8_t sae_pwe = esp_wifi_sta_get_config_sae_pwe_h2e_internal(); memset(data, 0, sizeof(*data)); if (rsnxe_ie_len < 1) { diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index d0e0a1c043d2..a484a2dcc44c 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -2674,7 +2674,7 @@ int wpa_sm_set_ap_rsnxe(const u8 *ie, size_t len) sm->ap_rsnxe_len = len; } - sm->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(); + sm->sae_pwe = esp_wifi_sta_get_config_sae_pwe_h2e_internal(); return 0; } diff --git a/examples/wifi/getting_started/station/main/station_example_main.c b/examples/wifi/getting_started/station/main/station_example_main.c index 9c00dd1eb9c0..972bea9028d9 100644 --- a/examples/wifi/getting_started/station/main/station_example_main.c +++ b/examples/wifi/getting_started/station/main/station_example_main.c @@ -115,7 +115,7 @@ void wifi_init_sta(void) * However these modes are deprecated and not advisable to be used. Incase your Access point * doesn't support WPA2, these mode can be enabled by commenting below line */ .threshold.authmode = ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD, - .sae_pwe_h2e = 2, + .sae_pwe_h2e = WPA3_SAE_PWE_BOTH, }, }; ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );