mirror of
https://github.com/espressif/esp-idf.git
synced 2025-08-07 11:59:04 +00:00
Merge branch 'fix/wpa_eap_v1_192_bit_cert_v5.1' into 'release/v5.1'
Sending disconnect event in connect fail and add enterprise check 192 bit and some fixes for wpa_supplicant(v5.1) See merge request espressif/esp-idf!41009
This commit is contained in:
Jiang Jiang Jian
@@ -1024,7 +1024,7 @@ ieee80211_getcapinfo = 0x40002130;
|
|||||||
/* sta_recv_sa_query_resp = 0x40002144; */
|
/* sta_recv_sa_query_resp = 0x40002144; */
|
||||||
ieee80211_set_max_rate = 0x4000214c;
|
ieee80211_set_max_rate = 0x4000214c;
|
||||||
ic_set_sta = 0x40002150;
|
ic_set_sta = 0x40002150;
|
||||||
ieee80211_parse_wpa = 0x40002158;
|
/* ieee80211_parse_wpa = 0x40002158; */
|
||||||
ieee80211_add_assoc_req_ies = 0x40002160;
|
ieee80211_add_assoc_req_ies = 0x40002160;
|
||||||
ieee80211_add_probe_req_ies = 0x40002164;
|
ieee80211_add_probe_req_ies = 0x40002164;
|
||||||
/* Data (.data, .bss, .rodata) */
|
/* Data (.data, .bss, .rodata) */
|
||||||
|
|||||||
@@ -1406,7 +1406,7 @@ esp_err_t esp_wifi_force_wakeup_release(void);
|
|||||||
/**
|
/**
|
||||||
* @brief configure country
|
* @brief configure country
|
||||||
*
|
*
|
||||||
* @attention 1. When ieee80211d_enabled, the country info of the AP to which
|
* @attention 1. When ieee80211d_enabled is enabled, the country info of the AP to which
|
||||||
* the station is connected is used. E.g. if the configured country is US
|
* the station is connected is used. E.g. if the configured country is US
|
||||||
* and the country info of the AP to which the station is connected is JP
|
* and the country info of the AP to which the station is connected is JP
|
||||||
* then the country info that will be used is JP. If the station disconnected
|
* then the country info that will be used is JP. If the station disconnected
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ typedef struct {
|
|||||||
* @brief Wi-Fi authmode type
|
* @brief Wi-Fi authmode type
|
||||||
* Strength of authmodes
|
* Strength of authmodes
|
||||||
* Personal Networks : OPEN < WEP < WPA_PSK < OWE < WPA2_PSK = WPA_WPA2_PSK < WAPI_PSK < WPA3_PSK = WPA2_WPA3_PSK
|
* Personal Networks : OPEN < WEP < WPA_PSK < OWE < WPA2_PSK = WPA_WPA2_PSK < WAPI_PSK < WPA3_PSK = WPA2_WPA3_PSK
|
||||||
* Enterprise Networks : WIFI_AUTH_WPA2_ENTERPRISE < WIFI_AUTH_WPA3_ENT_192
|
* Enterprise Networks : WIFI_AUTH_WPA_ENTERPRISE < WIFI_AUTH_WPA2_ENTERPRISE < WIFI_AUTH_WPA3_ENT_192
|
||||||
*/
|
*/
|
||||||
typedef enum {
|
typedef enum {
|
||||||
WIFI_AUTH_OPEN = 0, /**< authenticate mode : open */
|
WIFI_AUTH_OPEN = 0, /**< authenticate mode : open */
|
||||||
@@ -67,13 +67,19 @@ typedef enum {
|
|||||||
WIFI_AUTH_WPA_PSK, /**< authenticate mode : WPA_PSK */
|
WIFI_AUTH_WPA_PSK, /**< authenticate mode : WPA_PSK */
|
||||||
WIFI_AUTH_WPA2_PSK, /**< authenticate mode : WPA2_PSK */
|
WIFI_AUTH_WPA2_PSK, /**< authenticate mode : WPA2_PSK */
|
||||||
WIFI_AUTH_WPA_WPA2_PSK, /**< authenticate mode : WPA_WPA2_PSK */
|
WIFI_AUTH_WPA_WPA2_PSK, /**< authenticate mode : WPA_WPA2_PSK */
|
||||||
WIFI_AUTH_ENTERPRISE, /**< authenticate mode : WiFi EAP security */
|
WIFI_AUTH_ENTERPRISE, /**< authenticate mode : WiFi EAP security, treated the same as WIFI_AUTH_WPA2_ENTERPRISE */
|
||||||
WIFI_AUTH_WPA2_ENTERPRISE = WIFI_AUTH_ENTERPRISE, /**< authenticate mode : WiFi EAP security */
|
WIFI_AUTH_WPA2_ENTERPRISE = WIFI_AUTH_ENTERPRISE, /**< authenticate mode : WPA2-Enterprise security */
|
||||||
WIFI_AUTH_WPA3_PSK, /**< authenticate mode : WPA3_PSK */
|
WIFI_AUTH_WPA3_PSK, /**< authenticate mode : WPA3_PSK */
|
||||||
WIFI_AUTH_WPA2_WPA3_PSK, /**< authenticate mode : WPA2_WPA3_PSK */
|
WIFI_AUTH_WPA2_WPA3_PSK, /**< authenticate mode : WPA2_WPA3_PSK */
|
||||||
WIFI_AUTH_WAPI_PSK, /**< authenticate mode : WAPI_PSK */
|
WIFI_AUTH_WAPI_PSK, /**< authenticate mode : WAPI_PSK */
|
||||||
WIFI_AUTH_OWE, /**< authenticate mode : OWE */
|
WIFI_AUTH_OWE, /**< authenticate mode : OWE */
|
||||||
WIFI_AUTH_WPA3_ENT_192, /**< authenticate mode : WPA3_ENT_SUITE_B_192_BIT */
|
WIFI_AUTH_WPA3_ENT_192, /**< authenticate mode : WPA3_ENT_SUITE_B_192_BIT */
|
||||||
|
WIFI_AUTH_DUMMY1,
|
||||||
|
WIFI_AUTH_DUMMY2,
|
||||||
|
WIFI_AUTH_DUMMY3,
|
||||||
|
WIFI_AUTH_DUMMY4,
|
||||||
|
WIFI_AUTH_DUMMY5,
|
||||||
|
WIFI_AUTH_WPA_ENTERPRISE, /**< Authenticate mode : WPA-Enterprise security */
|
||||||
WIFI_AUTH_MAX
|
WIFI_AUTH_MAX
|
||||||
} wifi_auth_mode_t;
|
} wifi_auth_mode_t;
|
||||||
|
|
||||||
|
|||||||
Submodule components/esp_wifi/lib updated: e6c344109c...a34ac915ef
@@ -60,6 +60,7 @@ static struct eap_sm *gEapSm = NULL;
|
|||||||
|
|
||||||
static int eap_peer_sm_init(void);
|
static int eap_peer_sm_init(void);
|
||||||
static void eap_peer_sm_deinit(void);
|
static void eap_peer_sm_deinit(void);
|
||||||
|
static void eap_start_eapol(void *ctx, void *data);
|
||||||
|
|
||||||
static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bssid);
|
static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bssid);
|
||||||
static int wpa2_start_eapol_internal(void);
|
static int wpa2_start_eapol_internal(void);
|
||||||
@@ -529,6 +530,10 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
|
|||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!sm->eap_process_started) {
|
||||||
|
sm->eap_process_started = true;
|
||||||
|
eloop_cancel_timeout(eap_start_eapol, NULL, NULL);
|
||||||
|
}
|
||||||
if (len < sizeof(*hdr) + sizeof(*ehdr)) {
|
if (len < sizeof(*hdr) + sizeof(*ehdr)) {
|
||||||
wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA "
|
wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA "
|
||||||
"EAPOL-Key (len %lu, expecting at least %lu)",
|
"EAPOL-Key (len %lu, expecting at least %lu)",
|
||||||
@@ -612,15 +617,28 @@ _out:
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int wpa2_start_eapol(void)
|
static void eap_start_eapol(void *ctx, void *data)
|
||||||
{
|
{
|
||||||
#ifdef USE_WPA2_TASK
|
#ifdef USE_WPA2_TASK
|
||||||
return wpa2_post(SIG_WPA2_START, 0);
|
wpa2_post(SIG_WPA2_START, 0);
|
||||||
#else
|
#else
|
||||||
return wpa2_start_eapol_internal();
|
wpa2_start_eapol_internal();
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int eap_start_eapol_timer(void)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Do not send EAPOL-Start immediately since in most cases,
|
||||||
|
* Authenticator is going to start authentication immediately
|
||||||
|
* after association and an extra EAPOL-Start is just going to
|
||||||
|
* delay authentication. Use a short timeout to send the first
|
||||||
|
* EAPOL-Start if Authenticator does not start authentication.
|
||||||
|
*/
|
||||||
|
eloop_register_timeout(2, 0, eap_start_eapol, NULL, NULL);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int wpa2_start_eapol_internal(void)
|
static int wpa2_start_eapol_internal(void)
|
||||||
{
|
{
|
||||||
struct eap_sm *sm = gEapSm;
|
struct eap_sm *sm = gEapSm;
|
||||||
@@ -739,6 +757,7 @@ static int eap_peer_sm_init(void)
|
|||||||
wpa_printf(MSG_INFO, "wifi_task prio:%d, stack:%d", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE);
|
wpa_printf(MSG_INFO, "wifi_task prio:%d, stack:%d", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
sm->workaround = 1;
|
sm->workaround = 1;
|
||||||
|
sm->eap_process_started = false;
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
|
|
||||||
_err:
|
_err:
|
||||||
@@ -806,7 +825,7 @@ static esp_err_t esp_client_enable_fn(void *arg)
|
|||||||
}
|
}
|
||||||
|
|
||||||
wpa2_cb->wpa2_sm_rx_eapol = wpa2_ent_rx_eapol;
|
wpa2_cb->wpa2_sm_rx_eapol = wpa2_ent_rx_eapol;
|
||||||
wpa2_cb->wpa2_start = wpa2_start_eapol;
|
wpa2_cb->wpa2_start = eap_start_eapol_timer;
|
||||||
wpa2_cb->wpa2_init = eap_peer_sm_init;
|
wpa2_cb->wpa2_init = eap_peer_sm_init;
|
||||||
wpa2_cb->wpa2_deinit = eap_peer_sm_deinit;
|
wpa2_cb->wpa2_deinit = eap_peer_sm_deinit;
|
||||||
|
|
||||||
|
|||||||
@@ -311,6 +311,7 @@ struct eap_sm {
|
|||||||
size_t eapKeyDataLen;
|
size_t eapKeyDataLen;
|
||||||
struct wpabuf *lastRespData;
|
struct wpabuf *lastRespData;
|
||||||
const struct eap_method *m;
|
const struct eap_method *m;
|
||||||
|
bool eap_process_started;
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
|
|||||||
@@ -2287,7 +2287,7 @@ void wpa_set_profile(u32 wpa_proto, u8 auth_mode)
|
|||||||
struct wpa_sm *sm = &gWpaSm;
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
|
|
||||||
sm->proto = wpa_proto;
|
sm->proto = wpa_proto;
|
||||||
if (auth_mode == WPA2_AUTH_ENT) {
|
if (auth_mode == WPA2_AUTH_ENT || (auth_mode == WPA_AUTH_UNSPEC)) {
|
||||||
sm->key_mgmt = WPA_KEY_MGMT_IEEE8021X; /* for wpa2 enterprise */
|
sm->key_mgmt = WPA_KEY_MGMT_IEEE8021X; /* for wpa2 enterprise */
|
||||||
} else if (auth_mode == WPA2_AUTH_ENT_SHA256) {
|
} else if (auth_mode == WPA2_AUTH_ENT_SHA256) {
|
||||||
sm->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256; /* for wpa2 enterprise sha256 */
|
sm->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256; /* for wpa2 enterprise sha256 */
|
||||||
@@ -2386,7 +2386,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher,
|
|||||||
}
|
}
|
||||||
#ifdef CONFIG_SUITEB192
|
#ifdef CONFIG_SUITEB192
|
||||||
extern bool g_wpa_suiteb_certification;
|
extern bool g_wpa_suiteb_certification;
|
||||||
if (g_wpa_suiteb_certification) {
|
if (is_wpa2_enterprise_connection() && g_wpa_suiteb_certification) {
|
||||||
if (sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_256) {
|
if (sm->mgmt_group_cipher != WPA_CIPHER_BIP_GMAC_256) {
|
||||||
wpa_printf(MSG_ERROR, "suite-b 192bit certification, only GMAC256 is supported");
|
wpa_printf(MSG_ERROR, "suite-b 192bit certification, only GMAC256 is supported");
|
||||||
return -1;
|
return -1;
|
||||||
|
|||||||
Reference in New Issue
Block a user