Commit graph

73 commits

Author SHA1 Message Date
Nachiket Kukade
4557c686b8 wpa_supplicant: Fix EAP Re-authentication issue
EAP reauth frames are dropped at various stages due to current
implementation of WPA2 ENT states and EAP SM init/deinit logic.
Route EAPOL frames based on EAP pkt type and maintain EAP SM
to facilitate EAP re-authentication process.
2020-05-06 10:21:45 +05:30
Nachiket Kukade
bc7a34b494 wpa_supplicant: Disable TLSv1.2 by default
Some Enterprise Authentication Servers do not support TLS v1.2.
Move this option to Menuconfig and disable by default.
2020-05-06 10:21:25 +05:30
Nachiket Kukade
ab81940982 esp_wifi: Additional changes for WPA3 & PMF testcases
Added WPA3 Testcases support for -
1. Anti-Clogging Token Request support
2. Return correct status from SAE modules for invalid scenarios
3. Add PMK Caching support for WPA3

wifi lib includes fixes for below PMF Certification issues -
1. Check return status of decrypt operation. Fixes 5.3.3.1.
2. Allow PMF negotiation for WPA2-Enterprise. Fixes 5.3.3.2, 5.3.3.4.
3. Add NULL check on key before encrypting PMF, fixes crash.
2020-05-06 10:20:46 +05:30
Nachiket Kukade
d36663b798 wpa_supplicant: Support WPA3 4-way handshake, add config option
1. Add changes in 4-way handshake path to allow SAE key mgmt.
2. Support for configuring WAP3 at init time, added Kconfig option.
3. Handle and propagate error conditions properly.
2020-05-06 10:20:35 +05:30
Nachiket Kukade
6b76228fcb wpa_supplicant: Add SAE handshake support for WPA3-PSK
Under WPA3-Personal, SAE authentication is used to derive PMK
which is more secure and immune to offline dictionary attacks.
1. Add modules to generate SAE commit/confirm for the handshake
2. Add modules that build and parse SAE data in Auth frames
3. Add WPA3 association and key mgmt definitions
4. Invert y-bit while solving for ECC co-ordinate -
     Once an X co-ordinate is obtained, solving for Y co-ordinate
     using an elliptical curve equation results in 2 possible values,
     Y and (P - Y), where p is the prime number. The co-ordinates are
     used for deriving keys in SAE handshake. As par the 802.11 spec
     if LSB of X is same as LSB of Y then Y is chosen, (P - Y) otherwise.
     This is not what is implemented, so fix this behavior to obtain the
     correct Y co-ordinate.
2020-05-06 10:20:26 +05:30
Sagar Bijwe
8f5f828ad6 wpa_supplicant: Adding SAE modules with testcase
This change ports SAE(Simultaneous Authentication of Equals)
feature from wpa_supplicant and makes it work with mbedtls
crypto APIs. Currently only group 19 is supported. A sample
SAE handshake is included in the testcase. Other minor
changes for DH groups are also included.
2020-05-06 10:20:22 +05:30
Nachiket Kukade
5c5ae96be2 Add encryption/decryption support for PMF
1. Add CCMP, AES crypto modules for unicast protected Mgmt frames
2. Add support for computing SHA256 MIC on Bcast Mgmt frames
3. Add support for storing iGTK during 4-way handshake.
4. Provide APIs to MLME for utilizing the SW crypto modules
2020-05-06 10:20:16 +05:30
Nachiket Kukade
1b7f3fee5c Add support for PMF configuration and negotiation
1. Add APIs for configuring PMF through set config.
2. Map Supplicant and Wifi Cipher types.
3. Add support for PMF negotiation while generating RSN IE.
2020-05-06 10:20:11 +05:30
liu zhifu
8cd210b38b esp_wifi/supplicant: fix some WiFi stop memory leak 2020-05-06 10:15:51 +05:30
Hrudaynath Dhabe
19e840aa53 wpa_supplicant: Set assoc_ie_len based on generated RSN/WPA IE 2020-05-06 10:15:46 +05:30
Hrudaynath Dhabe
39acf9c4dd wifi: Add PMK caching feature for station WPA2-enterprise
4. Pmksa cache expiry after dot11RSNAConfigPMKLifetime timeout.
2020-05-06 10:15:43 +05:30
Sagar Bijwe
2da4ffa2aa wifi: Add PMK caching feature for station WPA2-enterprise
1) Added PMK caching module from wpa_supplicant.
2) Modified wpa_sm to
    a) Add entry to PMK cache when first time associated to an AP.
    b) Maintain entry across the associations.
    c) Clear current PMKSA when deauth happens.
    d) Search for an entry when re-associating to the same AP and
       set it as current PMKSA
    e) Wait for msg 1/4 from AP instead of starting EAP authentication.
    f) Check PMKID in msg 1 with current PMKSA/cache.
    g) Use the cached PMK to complete 4-way handshake.
3) Remove config_bss callback as it was redundant and used to cause
   problems for PMK caching flow.

Closes IDF-969
2020-05-06 10:15:36 +05:30
Sagar Bijwe
5209dff76b wpa_supplicant: Fix compilation errors when USE_MBEDTLS is disabled.
This is a regression from earlier commit related to TLSV12 which used
sha functions that are currently declared static.
Solution: Follow upstream code structure and resolve the errors.
2020-04-15 15:34:35 +05:30
Sagar Bijwe
64061541f0 wpa_supplicant: Fix wpa_supplicant TLS 1.2 issues
1) Fixed compilation issues.
2) Added tlsprf.c from upstream
3) Enabled SHA256 in supplicant compilation.
2020-04-13 16:24:26 +00:00
Sagar Bijwe
a8e0b9171b wpa_supplicant: Fix SAE test-case failure on mbedtls version udpate
Problem:
mbedtls_ctr_drbg_context was initialized in crypto_ec_point_mul. This
was okay in releases before 2.16.4 as entropy_len used to get set to
MBEDTLS_CTR_DRBG_ENTROPY_LEN in function mbedtls_ctr_drbg_seed. The
function is now changed to set the length to
MBEDTLS_CTR_DRBG_ENTROPY_LEN if previous length is 0 and hence the bug.

Solution:
Initialize mbedtls_ctr_drbg_context in crypto_ec_point_mul.
2020-03-18 11:49:23 +00:00
Hrudaynath Dhabe
8f0f3e8f88 WPS_CONFIG_INIT_DEFAULT(type) error 2020-02-06 14:06:38 +08:00
liu zhifu
19e355e080 esp_wifi: fix WiFi deinit memory leak 2019-10-29 22:32:17 +08:00
Nachiket Kukade
ca80b0445d wpa_supplicant: Make internal crypto headers private (backport v4.0)
A lot of internally used crypto headers are publicly includeable
in user projects. This leads to bug reports when these headers
are incorrectly used or the API's are not used as intended.

Move all crypto headers into private crypto src folder, also move
crypto_ops into Supplicant to remove dependecy on crypto headers.

Closes IDF-476
2019-09-17 13:28:30 +00:00
Nachiket Kukade
6b348b94e3 wps: Relax the check on older config methods in case of WPS2.0 (backport
v4.0)

Some APs incorrectly advertize newer WPS2.0 config method bits
without setting bits for the corresponding older methods. This
results in failures during 8-way handshake. Add a workaround to
relax this check so that WPS handshake can proceed.
2019-08-29 13:05:02 +05:30
liu zhifu
f3f08fa713 esp_wifi/supplicant: fix some supplicant bugs
Closes IDFGH-1455
Closes IDF-774
2019-07-18 17:36:19 +08:00
xiehang
6c865a84ff 1, Fix wps memory leak.
2, Add a queue to save wps rx eapol frame.
  3, Add data lock protect wpa2_sig_cnt.
  4, Add a queue to save wpa2 rx rapol frame.
2019-07-11 08:57:31 +00:00
Nachiket Kukade
900df44546 wpa_supplicant: Cleanup fast_xxx modules that use duplicate code
wpa_supplicant is using MbedTLS API's for crypto algorithms. For
calling them a duplicate set of modules is maintained prepended
with 'fast_'. Remove these and use flag USE_MBEDTLS_CRYPTO
instead to separate modules calling MbedTLS API's from native
implementation.
2019-07-10 14:53:20 +05:30
Sagar Bijwe
ae46f04997 wpa_supplicant: Fix sprintf security bugs.
Revert back to using os_snprintf instead of sprintf.

Closes WIFI-624
2019-07-06 04:22:53 +00:00
Nachiket Kukade
773ddcf0ff wpa_supplicant: Remove tags file which was added by mistake
Merge request idf/esp-idf!5219 added a ctags 'tags' file to
the repository by mistake. Remove it.
2019-07-05 14:23:21 +05:30
Deng Xin
c139683024 supplicant/esp_wifi: move supplicant to idf
Move supplicant to idf and do following refactoring:
1. Make the folder structure consitent with supplicant upstream
2. Remove duplicated header files and minimize the public header files
3. Refactor for WiFi/supplicant interfaces
2019-06-29 22:46:52 +08:00
Renz Christian Bagaporo
9b350f9ecc cmake: some formatting fixes
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY
variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
2019-06-21 19:53:29 +08:00
Renz Christian Bagaporo
9eccd7c082 components: use new component registration api 2019-06-21 19:53:29 +08:00
xiehang
2503af2464 wps: add overlap event
modify some header files to be consistent with vnc
2019-06-06 13:16:20 +08:00
Renz Christian Bagaporo
ffec9d4947 components: update with build system changes 2019-05-13 19:59:17 +08:00
Michael (XIAO Xufeng)
562af8f65e global: move the soc component out of the common list
This MR removes the common dependency from every IDF components to the SOC component.

Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.

In CMAKE, we have two kinds of header visibilities (set by include path visibility):

(Assume component A --(depends on)--> B, B is the current component)

1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)

and we have two kinds of depending ways:

(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)

1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)

1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)

This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:

- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h

The major broken include chain includes:

1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h

some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h

BREAKING CHANGE
2019-04-16 13:21:15 +08:00
Ivan Grokhotkov
d15e18aa5d newlib: fixes for compatibility with newlib 3.0 2019-04-10 13:48:57 +08:00
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
Balazs Racz
efcd10ea31 Fix missing declaration of __bswap64 in endian.h
Merges https://github.com/espressif/esp-idf/pull/2983
2019-03-21 15:08:11 +08:00
Ivan Grokhotkov
1d0bffb20a lwip, wpa_supplicant: use endianness macros from libc if possible 2019-03-19 22:15:32 +08:00
Renz Bagaporo
cc774111bf cmake: Add support for test build 2018-10-20 12:07:24 +08:00
Jiang Jiang Jian
9b566a8965 Merge branch 'bugfix/wpa2_fixes' into 'master'
wpa2_enterprise fixes from Github

See merge request idf/esp-idf!3166
2018-10-18 11:10:10 +08:00
Sagar Bijwe
48fccbf5dd nvs_flash: Add support for nvs encryption 2018-09-24 11:25:21 +05:30
Jiang Jiang Jian
93b588a0cf Merge branch 'bugfix/wpa2_fixes_2' into 'master'
wpa_supplicant: more fixes from github

See merge request idf/esp-idf!3255
2018-09-21 20:14:56 +08:00
Sagar Bijwe
112244bac4 wpa_supplicant: Implement BIGNUM and ECC crypto wrapper apis for ESP using mbedtls 2018-09-19 11:10:28 +05:30
negativekelvin
171f54bd7e wpa_supplicant: more wpa2_enterprise fixes
Merges https://github.com/espressif/esp-idf/pull/2386

Closes https://github.com/espressif/esp-idf/issues/2383

Closes https://github.com/espressif/esp-idf/issues/2381
2018-09-12 22:29:15 +08:00
Renz Christian Bagaporo
d9939cedd9 cmake: make main a component again 2018-09-11 09:44:12 +08:00
Angus Gratton
b355854d4d Merge branch 'master' into feature/cmake 2018-09-05 10:35:04 +08:00
Angus Gratton
83a179abb0 esp32: Add esp_fill_random() function
Convenience function to fill a buffer with random bytes.

Add some unit tests (only sanity checks, really.)
2018-09-03 04:39:45 +00:00
negativekelvin
1d5dc2b9ef wpa2_enterprise fixes 2018-09-01 22:19:48 -07:00
Angus Gratton
ff2404a272 Merge branch 'master' into feature/cmake 2018-08-16 17:14:17 +10:00
Mahavir Jain
02ddb7302e wpa_supplicant: removed unrequired header dir include from component.mk
- Also fixed license header in rtc driver

Signed-off-by: Mahavir Jain <mahavir@espressif.com>
2018-07-30 11:17:11 +05:30
Mahavir Jain
fdfe38a779 wpa_supplicant: add missing source dirs to CMake build
Closes: https://github.com/espressif/esp-idf/issues/2168

Signed-off-by: Mahavir Jain <mahavir@espressif.com>
2018-07-12 17:22:47 +05:30
Angus Gratton
a67d5d89e0 Replace all DOS line endings with Unix
Command run was:
git ls-tree -r HEAD --name-only | xargs dos2unix
2018-07-12 19:10:37 +08:00
Alexey Gerenkov
c2dc09304c gcc8_newlib3: Compilation warnings and errors not specific to newlib v3 2018-07-09 13:22:24 +03:00
Anton Maklakov
1f3320ebdf wpa_supplicant: fix errors for GCC 8 support
components/wpa_supplicant/port/include/os.h:259:29: error: 'strncpy' output truncated before terminating nul copying 3 bytes from a string of the same length [-Werror=stringop-truncation]
 #define os_strncpy(d, s, n) strncpy((d), (s), (n))
                             ^~~~~~~~~~~~~~~~~~~~~~
components/wpa_supplicant/src/wpa2/eap_peer/eap.c:410:3: note: in expansion of macro 'os_strncpy'
   os_strncpy(sm->blob[0].name, CLIENT_CERT_NAME, BLOB_NAME_LEN);
   ^~~~~~~~~~
2018-07-02 09:05:00 +00:00