esp_wifi: Support for additional WPA3 testcases

1. Anti-Clogging Token Request support
2. Return correct status from SAE modules for invalid scenarios
3. Add PMK Caching support for WPA3

components/wpa_supplicant/src/rsn_supp/pmksa_cache.c

@@ -103,7 +103,7 @@ static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
  */
 struct rsn_pmksa_cache_entry *
 pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
-        const u8 *kck, size_t kck_len,
+        const u8 *pmkid, const u8 *kck, size_t kck_len,
         const u8 *aa, const u8 *spa, void *network_ctx, int akmp)
 {
     struct rsn_pmksa_cache_entry *entry, *pos, *prev;
@@ -120,8 +120,11 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
         return NULL;
     os_memcpy(entry->pmk, pmk, pmk_len);
     entry->pmk_len = pmk_len;
-    rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid,
-            wpa_key_mgmt_sha256(akmp));
+    if (pmkid)
+        os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
+    else
+        rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid,
+                  wpa_key_mgmt_sha256(akmp));
     entry->expiration = now_sec + dot11RSNAConfigPMKLifetime;
     entry->reauth_time = now_sec + dot11RSNAConfigPMKLifetime *
         dot11RSNAConfigPMKReauthThreshold / 100;
@@ -318,7 +321,7 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa,
     struct rsn_pmksa_cache_entry *new_entry;
 
     new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len,
-            NULL, 0,
+            NULL, NULL, 0,
             aa, pmksa->sm->own_addr,
             old_entry->network_ctx, old_entry->akmp);
     if (new_entry == NULL)
@@ -428,7 +431,7 @@ int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
                 network_ctx,
                 bssid);
     if (sm->cur_pmksa) {
-        wpa_hexdump(MSG_DEBUG, "RSN: PMKSA cache entry found - PMKID",
+        wpa_hexdump(MSG_ERROR, "RSN: PMKSA cache entry found - PMKID",
                 sm->cur_pmksa->pmkid, PMKID_LEN);
         return 0;
     }

components/wpa_supplicant/src/rsn_supp/pmksa_cache.h

@@ -57,7 +57,7 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
 int pmksa_cache_list(struct rsn_pmksa_cache *pmksa, char *buf, size_t len);
 struct rsn_pmksa_cache_entry *
 pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
-        const u8 *kck, size_t kck_len,
+        const u8 *pmkid, const u8 *kck, size_t kck_len,
         const u8 *aa, const u8 *spa, void *network_ctx, int akmp);
 struct rsn_pmksa_cache_entry * pmksa_cache_get_current(struct wpa_sm *sm);
 void pmksa_cache_clear_current(struct wpa_sm *sm);
@@ -105,7 +105,7 @@ static inline int pmksa_cache_list(struct rsn_pmksa_cache *pmksa, char *buf,
 
     static inline struct rsn_pmksa_cache_entry *
 pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
-        const u8 *kck, size_t kck_len,
+        const u8 *pmkid, const u8 *kck, size_t kck_len,
         const u8 *aa, const u8 *spa, void *network_ctx, int akmp)
 {
     return NULL;

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -399,12 +399,9 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
             if (sm->proto == WPA_PROTO_RSN &&
                     !wpa_key_mgmt_suite_b(sm->key_mgmt) &&
                     !wpa_key_mgmt_ft(sm->key_mgmt)) {
-                sa = pmksa_cache_add(sm->pmksa,
-                        sm->pmk, pmk_len,
-                        NULL, 0,
-						     src_addr, sm->own_addr,
-						     sm->network_ctx,
-						     sm->key_mgmt);
+                sa = pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len,
+                                     NULL, NULL, 0, src_addr, sm->own_addr,
+                                     sm->network_ctx, sm->key_mgmt);
 			}
 			if (!sm->cur_pmksa && pmkid &&
 			    pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
@@ -590,8 +587,8 @@ void   wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
     if (res)
         goto failed;
 
-    if (esp_wifi_sta_prof_is_wpa2_internal() 
-            && esp_wifi_sta_get_prof_authmode_internal() == WPA2_AUTH_ENT) {
+    if (esp_wifi_sta_prof_is_wpa2_internal() &&
+        esp_wifi_sta_get_prof_authmode_internal() == WPA2_AUTH_ENT) {
         pmksa_cache_set_current(sm, NULL, sm->bssid, 0, 0);
     }
 
@@ -1991,7 +1988,7 @@ void wpa_sm_set_state(enum wpa_states state)
  * Configure the PMK for WPA state machine.
  */
 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
-		    const u8 *bssid)
+                    const u8 *pmkid, const u8 *bssid)
 {
 	if (sm == NULL)
 		return;
@@ -2006,9 +2003,9 @@ void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
 #endif /* CONFIG_IEEE80211R */
 
 	if (bssid) {
-		pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, 0,
-				bssid, sm->own_addr,
-				sm->network_ctx, sm->key_mgmt);
+		pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
+                        bssid, sm->own_addr,
+                        sm->network_ctx, sm->key_mgmt);
 	}
 }
 
@@ -2090,12 +2087,18 @@ void wpa_set_profile(u32 wpa_proto, u8 auth_mode)
     }
 }
 
-void wpa_set_pmk(uint8_t *pmk)
+void wpa_set_pmk(uint8_t *pmk, const u8 *pmkid, bool cache_pmksa)
 {
     struct wpa_sm *sm = &gWpaSm;
     
     memcpy(sm->pmk, pmk, PMK_LEN);
     sm->pmk_len = PMK_LEN;
+
+    if (cache_pmksa) {
+        pmksa_cache_add(sm->pmksa, pmk, PMK_LEN, pmkid, NULL, 0,
+                        sm->bssid, sm->own_addr,
+                        sm->network_ctx, sm->key_mgmt);
+    }
 }
 
 int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, char *passphrase, u8 *ssid, size_t ssid_len)
@@ -2112,9 +2115,10 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
     memcpy(sm->own_addr, macddr, ETH_ALEN);
     memcpy(sm->bssid, bssid, ETH_ALEN);
     sm->ap_notify_completed_rsne = esp_wifi_sta_is_ap_notify_completed_rsne_internal();
-        
-    if (esp_wifi_sta_prof_is_wpa2_internal() 
-            && esp_wifi_sta_get_prof_authmode_internal() == WPA2_AUTH_ENT) {
+
+    if (sm->key_mgmt == WPA_KEY_MGMT_SAE ||
+        (esp_wifi_sta_prof_is_wpa2_internal() &&
+         esp_wifi_sta_get_prof_authmode_internal() == WPA2_AUTH_ENT)) {
         pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0);
         wpa_sm_set_pmk_from_pmksa(sm);
     }
@@ -2153,7 +2157,7 @@ wpa_set_passphrase(char * passphrase, u8 *ssid, size_t ssid_len)
      *    PMK.
      */
     if (sm->key_mgmt == WPA_KEY_MGMT_SAE)
-	return;
+        return;
 
     /* This is really SLOW, so just re cacl while reset param */
     if (esp_wifi_sta_get_reset_param_internal() != 0) {
@@ -2358,5 +2362,13 @@ bool wpa_sta_is_cur_pmksa_set(void) {
     return (pmksa_cache_get_current(sm) != NULL);
 }
 
+void wpa_sta_clear_curr_pmksa(void) {
+    struct wpa_sm *sm = &gWpaSm;
+
+    if (sm->pmksa)
+        pmksa_cache_flush(sm->pmksa, NULL, sm->pmk, sm->pmk_len);
+    pmksa_cache_clear_current(sm);
+}
+
 #endif // ESP_SUPPLICANT
 

components/wpa_supplicant/src/rsn_supp/wpa.h

@@ -119,7 +119,7 @@ void wpa_sm_set_state(enum wpa_states state);
 
 char * dup_binstr(const void *src, size_t len);
 
-void wpa_set_pmk(uint8_t *pmk);
+void wpa_set_pmk(uint8_t *pmk, const u8 *pmkid, bool cache_pmksa);
 
 int wpa_hook_init(void);
 
@@ -133,5 +133,7 @@ wifi_cipher_type_t cipher_type_map_supp_to_public(uint32_t wpa_cipher);
 
 uint32_t cipher_type_map_supp_to_public(wifi_cipher_type_t cipher);
 
+void wpa_sta_clear_curr_pmksa(void);
+
 #endif /* WPA_H */
 

components/wpa_supplicant/src/rsn_supp/wpa_ie.c

@@ -220,9 +220,9 @@ static int  wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
 #ifdef CONFIG_IEEE80211W
     if (sm->pmf_cfg.capable) {
         capab |= WPA_CAPABILITY_MFPC;
-        if (sm->pmf_cfg.required) {
+        if (sm->pmf_cfg.required || key_mgmt == WPA_KEY_MGMT_SAE) {
             capab |= WPA_CAPABILITY_MFPR;
-	}
+        }
     }
 #endif /* CONFIG_IEEE80211W */
     WPA_PUT_LE16(pos, capab);