alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-09-18 15:53:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

esp_wifi: WPA3-SAE support for softAP

Browse Source
This commit is contained in:
Shreyas Sheth
2023-02-28 12:25:05 +08:00
committed by Jiang Jiang Jian
parent ad19981af8
commit 2b8e40e760
44 changed files with 2773 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
View File

@@ -17,9 +17,14 @@
#include "ap/wpa_auth_i.h"
#include "esp_wifi_driver.h"
#include "esp_wifi_types.h"
#include "esp_wpa3_i.h"
struct hostapd_data *global_hapd;
#ifdef CONFIG_SAE
extern SemaphoreHandle_t g_wpa3_hostap_auth_api_lock;
#endif /* CONFIG_SAE */
struct hostapd_data *hostapd_get_hapd_data(void)
{
return global_hapd;
@@ -33,6 +38,7 @@ void *hostap_init(void)
u16 spp_attrubute = 0;
u8 pairwise_cipher;
wifi_pmf_config_t pmf_cfg;
uint8_t authmode;
hapd = (struct hostapd_data *)os_zalloc(sizeof(struct hostapd_data));
@@ -46,7 +52,6 @@ void *hostap_init(void)
os_free(hapd);
return NULL;
}
hapd->conf->max_num_sta = MAX_STA_COUNT;
auth_conf = (struct wpa_auth_config *)os_zalloc(sizeof(struct wpa_auth_config));
@@ -56,15 +61,23 @@ void *hostap_init(void)
hapd = NULL;
return NULL;
}
if (esp_wifi_ap_get_prof_authmode_internal() == WIFI_AUTH_WPA_PSK) {
hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP);
auth_conf->sae_pwe = hapd->conf->sae_pwe;
authmode = esp_wifi_ap_get_prof_authmode_internal();
if (authmode == WIFI_AUTH_WPA_PSK) {
auth_conf->wpa = WPA_PROTO_WPA;
}
if (esp_wifi_ap_get_prof_authmode_internal() == WIFI_AUTH_WPA2_PSK) {
if (authmode == WIFI_AUTH_WPA2_PSK) {
auth_conf->wpa = WPA_PROTO_RSN;
}
if (esp_wifi_ap_get_prof_authmode_internal() == WIFI_AUTH_WPA_WPA2_PSK) {
if (authmode == WIFI_AUTH_WPA_WPA2_PSK) {
auth_conf->wpa = WPA_PROTO_RSN | WPA_PROTO_WPA;
}
if (authmode == WIFI_AUTH_WPA3_PSK || authmode == WIFI_AUTH_WPA2_WPA3_PSK) {
auth_conf->wpa = WPA_PROTO_RSN;
}
pairwise_cipher = esp_wifi_ap_get_prof_pairwise_cipher_internal();
@@ -73,7 +86,7 @@ void *hostap_init(void)
esp_wifi_get_pmf_config_internal(&pmf_cfg, WIFI_IF_AP);
if (pmf_cfg.required) {
pairwise_cipher = WIFI_CIPHER_TYPE_CCMP;
pairwise_cipher = WIFI_CIPHER_TYPE_CCMP;
}
#endif /* CONFIG_IEEE80211W */
@@ -98,15 +111,24 @@ void *hostap_init(void)
auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
auth_conf->eapol_version = EAPOL_VERSION;
hapd->conf->sae_anti_clogging_threshold = SAE_ANTI_CLOGGING_THRESHOLD;
#ifdef CONFIG_IEEE80211W
if (pmf_cfg.required && pmf_cfg.capable) {
auth_conf->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
wpa_printf(MSG_DEBUG, "%s :pmf required", __func__);
auth_conf->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
wpa_printf(MSG_DEBUG, "%s :pmf required", __func__);
} else if (pmf_cfg.capable && !pmf_cfg.required) {
auth_conf->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
wpa_printf(MSG_DEBUG, "%s : pmf optional", __func__);
auth_conf->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
wpa_printf(MSG_DEBUG, "%s : pmf optional", __func__);
}
if (authmode == WIFI_AUTH_WPA2_WPA3_PSK) {
auth_conf->wpa_key_mgmt |= WPA_KEY_MGMT_SAE;
}
if (authmode == WIFI_AUTH_WPA3_PSK) {
auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
}
#endif /* CONFIG_IEEE80211W */
@@ -116,6 +138,7 @@ void *hostap_init(void)
memcpy(hapd->conf->ssid.ssid, ssid->ssid, ssid->len);
hapd->conf->ssid.ssid_len = ssid->len;
hapd->conf->wpa_key_mgmt = auth_conf->wpa_key_mgmt;
hapd->conf->ssid.wpa_passphrase = (char *)os_zalloc(64);
if (hapd->conf->ssid.wpa_passphrase == NULL) {
os_free(auth_conf);
@@ -124,7 +147,24 @@ void *hostap_init(void)
hapd = NULL;
return NULL;
}
memcpy(hapd->conf->ssid.wpa_passphrase, esp_wifi_ap_get_prof_password_internal(), strlen((char *)esp_wifi_ap_get_prof_password_internal()));
#ifdef CONFIG_SAE
if (authmode == WIFI_AUTH_WPA3_PSK ||
authmode == WIFI_AUTH_WPA2_WPA3_PSK) {
if (wpa3_hostap_auth_init(hapd) != 0) {
os_free(hapd->conf->ssid.wpa_passphrase);
os_free(auth_conf);
os_free(hapd->conf);
os_free(hapd);
hapd = NULL;
return NULL;
}
}
#endif /* CONFIG_SAE */
os_memcpy(hapd->conf->ssid.wpa_passphrase, esp_wifi_ap_get_prof_password_internal(), strlen((char *)esp_wifi_ap_get_prof_password_internal()));
hapd->conf->max_num_sta = esp_wifi_ap_get_max_sta_conn();
hapd->conf->ap_max_inactivity = 5 * 60;
hostapd_setup_wpa_psk(hapd->conf);
@@ -139,6 +179,41 @@ void *hostap_init(void)
return (void *)hapd;
}
void hostapd_cleanup(struct hostapd_data *hapd)
{
if (hapd == NULL) {
return;
}
if(hapd->wpa_auth) {
wpa_deinit(hapd->wpa_auth);
hapd->wpa_auth = NULL;
}
if (hapd->conf) {
hostapd_config_free_bss(hapd->conf);
hapd->conf = NULL;
}
#ifdef CONFIG_SAE
struct hostapd_sae_commit_queue *q, *tmp;
if (dl_list_empty(&hapd->sae_commit_queue)) {
dl_list_for_each_safe(q, tmp, &hapd->sae_commit_queue,
struct hostapd_sae_commit_queue, list) {
dl_list_del(&q->list);
os_free(q);
}
}
#endif /* CONFIG_SAE */
os_free(hapd);
global_hapd = NULL;
}
bool hostap_deinit(void *data)
{
struct hostapd_data *hapd = (struct hostapd_data *)data;
@@ -146,30 +221,95 @@ bool hostap_deinit(void *data)
if (hapd == NULL) {
return true;
}
if (hapd->wpa_auth != NULL) {
if (hapd->wpa_auth->wpa_ie != NULL) {
os_free(hapd->wpa_auth->wpa_ie);
}
if (hapd->wpa_auth->group != NULL) {
os_free(hapd->wpa_auth->group);
}
os_free(hapd->wpa_auth);
}
if (hapd->conf != NULL) {
if (hapd->conf->ssid.wpa_psk != NULL) {
os_free(hapd->conf->ssid.wpa_psk);
}
if (hapd->conf->ssid.wpa_passphrase != NULL) {
os_free(hapd->conf->ssid.wpa_passphrase);
}
os_free(hapd->conf);
}
os_free(hapd);
esp_wifi_unset_appie_internal(WIFI_APPIE_WPA);
global_hapd = NULL;
#ifdef CONFIG_SAE
uint8_t authmode;
authmode = esp_wifi_ap_get_prof_authmode_internal();
if (authmode == WIFI_AUTH_WPA3_PSK ||
authmode == WIFI_AUTH_WPA2_WPA3_PSK) {
wpa3_hostap_auth_deinit();
/* Wait till lock is released by wpa3 task */
if (WPA3_HOSTAP_AUTH_API_LOCK() == pdTRUE) {
WPA3_HOSTAP_AUTH_API_UNLOCK();
os_mutex_delete(g_wpa3_hostap_auth_api_lock);
g_wpa3_hostap_auth_api_lock = NULL;
}
}
#endif /* CONFIG_SAE */
hostapd_cleanup(hapd);
return true;
}
int esp_wifi_build_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len)
{
u8 *pos = eid;
u16 capab = 0;
size_t flen;
if (!(hapd->wpa_auth->conf.wpa & WPA_PROTO_RSN)) {
return 0;
}
if (wpa_key_mgmt_sae(hapd->wpa_auth->conf.wpa_key_mgmt) &&
(hapd->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT
|| hapd->conf->sae_pwe == SAE_PWE_BOTH)) {
capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
}
flen = (capab & 0xff00) ? 2 : 1;
if (len < 2 + flen || !capab) {
return 0; /* no supported extended RSN capabilities */
}
capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */
*pos++ = WLAN_EID_RSNX;
*pos++ = flen;
*pos++ = capab & 0x00ff;
capab >>= 8;
if (capab) {
*pos++ = capab;
}
return pos - eid;
}
u16 esp_send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *addr, u16 status_code, bool omit_rsnxe, int subtype)
{
#define ASSOC_RESP_LENGTH 20
u8 buf[ASSOC_RESP_LENGTH];
wifi_mgmt_frm_req_t *reply = NULL;
int send_len = 0;
int res = WLAN_STATUS_SUCCESS;
if (!omit_rsnxe) {
send_len = esp_wifi_build_rsnxe(hapd, buf, ASSOC_RESP_LENGTH);
}
esp_wifi_set_appie_internal(WIFI_APPIE_ASSOC_RESP, buf, send_len, 0);
reply = os_zalloc(sizeof(wifi_mgmt_frm_req_t) + sizeof(uint16_t));
if (!reply) {
wpa_printf(MSG_ERROR, "failed to allocate memory for assoc response");
res = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto done;
}
reply->ifx = WIFI_IF_AP;
reply->subtype = subtype;
os_memcpy(reply->da, addr, ETH_ALEN);
reply->data_len = sizeof(uint16_t);
((uint16_t *)reply->data)[0] = status_code;
if (esp_wifi_send_mgmt_frm_internal(reply) != 0) {
res = WLAN_STATUS_UNSPECIFIED_FAILURE;
wpa_printf(MSG_INFO, "esp_send_assoc_resp_failed: send failed");
}
#undef ASSOC_RESP_LENGTH
done:
os_free(reply);
return res;
}