Commit graph

86 commits

Author SHA1 Message Date
ronghulin
4e7d7426aa bugfix: fix softap mode wpa memory leak 2020-07-29 14:17:12 +08:00
Nachiket Kukade
e9a07592fc wpa_supplicant: Fix WPA3 and WPA2 transition related failures
1. If Device is connected to AP in WPA3-PSK mode, AP switching
security to WPA2-PSK causes connection failures even after reset.
Fix is to not store WPA3's PMK in NVS for caching.

2. AP switching back to WPA3 causes even more connection failures.
This is due to device not clearing Supplicant level PMK Cache when
it is no longer valid. Fix is to clear the Cache when 4-way handshake
fails and to check Key Mgmt of Cache before using.

3. When AP switches from WPA3 to WPA2, device's PMF config in
Supplicant remains enabled. This may cause failures during
4-way handshake. So clear PMF config in when PMF is no longer used.
2020-07-15 13:40:03 +00:00
Jiang Jiang Jian
1ad7e276d9 Merge branch 'workaround/wps_iot_fixes_v4.0' into 'release/v4.0'
wpa_supplicant: WPS Inter operatability Fixes( backport v4.0)

See merge request espressif/esp-idf!8951
2020-06-05 13:50:27 +08:00
Angus Gratton
84d6d48fe0 wpa_supplicant: Allow building with mbedTLS integration but no hardware MPI
Closes https://github.com/espressif/esp-idf/issues/5321
2020-06-04 18:32:58 +10:00
kapil.gupta
9746fa569c wpa_supplicant: WPS Inter operatability Fixes
Add WPS IOT fixes under config option

Current fixes under this flag.
1. Allow NULL-padded WPS attributes.
2. Bypass WPS-Config method validation
2020-06-03 13:33:49 +00:00
Nachiket Kukade
40385ea454 wpa_supplicant: Allow NULL-padded WPS attributes
Some AP's keep NULL-padding at the end of some variable length WPS
Attributes. This is not as par the WPS2.0 specs, but to avoid interop
issues, ignore the padding by reducing the attribute length by 1.
2020-06-03 13:33:49 +00:00
Jiang Jiang Jian
5c2ed3af0e Merge branch 'bugfix/fix_memleak_in_wpa3_feature_v4.0' into 'release/v4.0'
fix(wpa_supplicant): fix memleak in wpa3 feature (backport v4.0)

See merge request espressif/esp-idf!8655
2020-05-29 11:14:36 +08:00
Nachiket Kukade
db5f01429f wpa_supplicant: Fix memory leaks in WPA3 connection
1. Buffers for SAE messages are not freed after the handshake.
   This causes memory leak, free buffers after SAE handshake.
2. SAE global data is not freed until the next WPA3 connection
   takes place, holding up heap space without reason. Free theis
   data after SAE handshake is complete or event fails.
3. Update wifi lib which includes memory leak fix during BIP
   encryption/decryption operations.
2020-05-13 20:45:34 +05:30
Nachiket Kukade
b938846de6 wpa_supplicant: Fix formatting of file esp_wpa3.c
Replace tabs with spaces in esp_wpa3.c.
2020-05-13 20:35:56 +05:30
Jiang Jiang Jian
6a6de506b1 Merge branch 'bugfix/supplicant_general_fixes_40' into 'release/v4.0'
wpa_supplicant: Fix some memleaks and invalid memory access (backport v4.0)

See merge request espressif/esp-idf!8553
2020-05-12 20:17:51 +08:00
kapil.gupta
398dc28a4e wpa_supplicant: Add parsing support for WEP40 key
WEP key is passed as ascii key without "", add parsing support
in supplicant for this.
2020-05-11 11:23:10 +05:30
Zhang Jun Hao
a87df25d9e fix(wpa_supplicant): fix memleak in wpa3 feature 2020-05-08 16:25:38 +08:00
kapil.gupta
4242519894 wpa_supplicant: Fix some memleaks and invalid memory access
Add changes to fix issues reported in clang analyzer
2020-05-06 11:06:51 +00:00
Nachiket Kukade
4557c686b8 wpa_supplicant: Fix EAP Re-authentication issue
EAP reauth frames are dropped at various stages due to current
implementation of WPA2 ENT states and EAP SM init/deinit logic.
Route EAPOL frames based on EAP pkt type and maintain EAP SM
to facilitate EAP re-authentication process.
2020-05-06 10:21:45 +05:30
Nachiket Kukade
bc7a34b494 wpa_supplicant: Disable TLSv1.2 by default
Some Enterprise Authentication Servers do not support TLS v1.2.
Move this option to Menuconfig and disable by default.
2020-05-06 10:21:25 +05:30
Nachiket Kukade
ab81940982 esp_wifi: Additional changes for WPA3 & PMF testcases
Added WPA3 Testcases support for -
1. Anti-Clogging Token Request support
2. Return correct status from SAE modules for invalid scenarios
3. Add PMK Caching support for WPA3

wifi lib includes fixes for below PMF Certification issues -
1. Check return status of decrypt operation. Fixes 5.3.3.1.
2. Allow PMF negotiation for WPA2-Enterprise. Fixes 5.3.3.2, 5.3.3.4.
3. Add NULL check on key before encrypting PMF, fixes crash.
2020-05-06 10:20:46 +05:30
Nachiket Kukade
d36663b798 wpa_supplicant: Support WPA3 4-way handshake, add config option
1. Add changes in 4-way handshake path to allow SAE key mgmt.
2. Support for configuring WAP3 at init time, added Kconfig option.
3. Handle and propagate error conditions properly.
2020-05-06 10:20:35 +05:30
Nachiket Kukade
6b76228fcb wpa_supplicant: Add SAE handshake support for WPA3-PSK
Under WPA3-Personal, SAE authentication is used to derive PMK
which is more secure and immune to offline dictionary attacks.
1. Add modules to generate SAE commit/confirm for the handshake
2. Add modules that build and parse SAE data in Auth frames
3. Add WPA3 association and key mgmt definitions
4. Invert y-bit while solving for ECC co-ordinate -
     Once an X co-ordinate is obtained, solving for Y co-ordinate
     using an elliptical curve equation results in 2 possible values,
     Y and (P - Y), where p is the prime number. The co-ordinates are
     used for deriving keys in SAE handshake. As par the 802.11 spec
     if LSB of X is same as LSB of Y then Y is chosen, (P - Y) otherwise.
     This is not what is implemented, so fix this behavior to obtain the
     correct Y co-ordinate.
2020-05-06 10:20:26 +05:30
Sagar Bijwe
8f5f828ad6 wpa_supplicant: Adding SAE modules with testcase
This change ports SAE(Simultaneous Authentication of Equals)
feature from wpa_supplicant and makes it work with mbedtls
crypto APIs. Currently only group 19 is supported. A sample
SAE handshake is included in the testcase. Other minor
changes for DH groups are also included.
2020-05-06 10:20:22 +05:30
Nachiket Kukade
5c5ae96be2 Add encryption/decryption support for PMF
1. Add CCMP, AES crypto modules for unicast protected Mgmt frames
2. Add support for computing SHA256 MIC on Bcast Mgmt frames
3. Add support for storing iGTK during 4-way handshake.
4. Provide APIs to MLME for utilizing the SW crypto modules
2020-05-06 10:20:16 +05:30
Nachiket Kukade
1b7f3fee5c Add support for PMF configuration and negotiation
1. Add APIs for configuring PMF through set config.
2. Map Supplicant and Wifi Cipher types.
3. Add support for PMF negotiation while generating RSN IE.
2020-05-06 10:20:11 +05:30
liu zhifu
8cd210b38b esp_wifi/supplicant: fix some WiFi stop memory leak 2020-05-06 10:15:51 +05:30
Hrudaynath Dhabe
19e840aa53 wpa_supplicant: Set assoc_ie_len based on generated RSN/WPA IE 2020-05-06 10:15:46 +05:30
Hrudaynath Dhabe
39acf9c4dd wifi: Add PMK caching feature for station WPA2-enterprise
4. Pmksa cache expiry after dot11RSNAConfigPMKLifetime timeout.
2020-05-06 10:15:43 +05:30
Sagar Bijwe
2da4ffa2aa wifi: Add PMK caching feature for station WPA2-enterprise
1) Added PMK caching module from wpa_supplicant.
2) Modified wpa_sm to
    a) Add entry to PMK cache when first time associated to an AP.
    b) Maintain entry across the associations.
    c) Clear current PMKSA when deauth happens.
    d) Search for an entry when re-associating to the same AP and
       set it as current PMKSA
    e) Wait for msg 1/4 from AP instead of starting EAP authentication.
    f) Check PMKID in msg 1 with current PMKSA/cache.
    g) Use the cached PMK to complete 4-way handshake.
3) Remove config_bss callback as it was redundant and used to cause
   problems for PMK caching flow.

Closes IDF-969
2020-05-06 10:15:36 +05:30
Sagar Bijwe
5209dff76b wpa_supplicant: Fix compilation errors when USE_MBEDTLS is disabled.
This is a regression from earlier commit related to TLSV12 which used
sha functions that are currently declared static.
Solution: Follow upstream code structure and resolve the errors.
2020-04-15 15:34:35 +05:30
Sagar Bijwe
64061541f0 wpa_supplicant: Fix wpa_supplicant TLS 1.2 issues
1) Fixed compilation issues.
2) Added tlsprf.c from upstream
3) Enabled SHA256 in supplicant compilation.
2020-04-13 16:24:26 +00:00
Sagar Bijwe
a8e0b9171b wpa_supplicant: Fix SAE test-case failure on mbedtls version udpate
Problem:
mbedtls_ctr_drbg_context was initialized in crypto_ec_point_mul. This
was okay in releases before 2.16.4 as entropy_len used to get set to
MBEDTLS_CTR_DRBG_ENTROPY_LEN in function mbedtls_ctr_drbg_seed. The
function is now changed to set the length to
MBEDTLS_CTR_DRBG_ENTROPY_LEN if previous length is 0 and hence the bug.

Solution:
Initialize mbedtls_ctr_drbg_context in crypto_ec_point_mul.
2020-03-18 11:49:23 +00:00
Hrudaynath Dhabe
8f0f3e8f88 WPS_CONFIG_INIT_DEFAULT(type) error 2020-02-06 14:06:38 +08:00
liu zhifu
19e355e080 esp_wifi: fix WiFi deinit memory leak 2019-10-29 22:32:17 +08:00
Nachiket Kukade
ca80b0445d wpa_supplicant: Make internal crypto headers private (backport v4.0)
A lot of internally used crypto headers are publicly includeable
in user projects. This leads to bug reports when these headers
are incorrectly used or the API's are not used as intended.

Move all crypto headers into private crypto src folder, also move
crypto_ops into Supplicant to remove dependecy on crypto headers.

Closes IDF-476
2019-09-17 13:28:30 +00:00
Nachiket Kukade
6b348b94e3 wps: Relax the check on older config methods in case of WPS2.0 (backport
v4.0)

Some APs incorrectly advertize newer WPS2.0 config method bits
without setting bits for the corresponding older methods. This
results in failures during 8-way handshake. Add a workaround to
relax this check so that WPS handshake can proceed.
2019-08-29 13:05:02 +05:30
liu zhifu
f3f08fa713 esp_wifi/supplicant: fix some supplicant bugs
Closes IDFGH-1455
Closes IDF-774
2019-07-18 17:36:19 +08:00
xiehang
6c865a84ff 1, Fix wps memory leak.
2, Add a queue to save wps rx eapol frame.
  3, Add data lock protect wpa2_sig_cnt.
  4, Add a queue to save wpa2 rx rapol frame.
2019-07-11 08:57:31 +00:00
Nachiket Kukade
900df44546 wpa_supplicant: Cleanup fast_xxx modules that use duplicate code
wpa_supplicant is using MbedTLS API's for crypto algorithms. For
calling them a duplicate set of modules is maintained prepended
with 'fast_'. Remove these and use flag USE_MBEDTLS_CRYPTO
instead to separate modules calling MbedTLS API's from native
implementation.
2019-07-10 14:53:20 +05:30
Sagar Bijwe
ae46f04997 wpa_supplicant: Fix sprintf security bugs.
Revert back to using os_snprintf instead of sprintf.

Closes WIFI-624
2019-07-06 04:22:53 +00:00
Nachiket Kukade
773ddcf0ff wpa_supplicant: Remove tags file which was added by mistake
Merge request idf/esp-idf!5219 added a ctags 'tags' file to
the repository by mistake. Remove it.
2019-07-05 14:23:21 +05:30
Deng Xin
c139683024 supplicant/esp_wifi: move supplicant to idf
Move supplicant to idf and do following refactoring:
1. Make the folder structure consitent with supplicant upstream
2. Remove duplicated header files and minimize the public header files
3. Refactor for WiFi/supplicant interfaces
2019-06-29 22:46:52 +08:00
Renz Christian Bagaporo
9b350f9ecc cmake: some formatting fixes
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY
variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
2019-06-21 19:53:29 +08:00
Renz Christian Bagaporo
9eccd7c082 components: use new component registration api 2019-06-21 19:53:29 +08:00
xiehang
2503af2464 wps: add overlap event
modify some header files to be consistent with vnc
2019-06-06 13:16:20 +08:00
Renz Christian Bagaporo
ffec9d4947 components: update with build system changes 2019-05-13 19:59:17 +08:00
Michael (XIAO Xufeng)
562af8f65e global: move the soc component out of the common list
This MR removes the common dependency from every IDF components to the SOC component.

Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.

In CMAKE, we have two kinds of header visibilities (set by include path visibility):

(Assume component A --(depends on)--> B, B is the current component)

1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)

and we have two kinds of depending ways:

(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)

1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)

1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)

This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:

- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h

The major broken include chain includes:

1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h

some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h

BREAKING CHANGE
2019-04-16 13:21:15 +08:00
Ivan Grokhotkov
d15e18aa5d newlib: fixes for compatibility with newlib 3.0 2019-04-10 13:48:57 +08:00
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
Balazs Racz
efcd10ea31 Fix missing declaration of __bswap64 in endian.h
Merges https://github.com/espressif/esp-idf/pull/2983
2019-03-21 15:08:11 +08:00
Ivan Grokhotkov
1d0bffb20a lwip, wpa_supplicant: use endianness macros from libc if possible 2019-03-19 22:15:32 +08:00
Renz Bagaporo
cc774111bf cmake: Add support for test build 2018-10-20 12:07:24 +08:00
Jiang Jiang Jian
9b566a8965 Merge branch 'bugfix/wpa2_fixes' into 'master'
wpa2_enterprise fixes from Github

See merge request idf/esp-idf!3166
2018-10-18 11:10:10 +08:00
Sagar Bijwe
48fccbf5dd nvs_flash: Add support for nvs encryption 2018-09-24 11:25:21 +05:30