Merge branch 'bugfix/reduce_memory_footprint_of_sae_pk_v5.1' into 're…

…lease/v5.1' fix(wifi): Reduce memory footprint for scan when SAE-PK is enabled (v5.1) See merge request espressif/esp-idf!27654
espressif · Mar 14, 2024 · 8b48f33 · 8b48f33
2 parents 96888a9 + 1d8b484
commit 8b48f33
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 49 deletions.
diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt
@@ -174,7 +174,7 @@ if(CONFIG_ESP_WIFI_ENABLE_SAE_PK)
     "src/common/sae_pk.c")
 endif()
 
-if(CONFIG_ESP_WIFI_11KV_SUPPORT OR CONFIG_ESP_WIFI_11R_SUPPORT OR CONFIG_ESP_WIFI_ENABLE_SAE_PK)
+if(CONFIG_ESP_WIFI_11KV_SUPPORT OR CONFIG_ESP_WIFI_11R_SUPPORT)
     set(srcs ${srcs}
     "src/common/bss.c"
     "src/common/scan.c"

diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_common.c b/components/wpa_supplicant/esp_supplicant/src/esp_common.c
@@ -260,12 +260,12 @@ static int ieee80211_handle_rx_frm(u8 type, u8 *frame, size_t len, u8 *sender,
 	int ret = 0;
 
 	switch (type) {
-#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211KV) || defined(CONFIG_SAE_PK)
+#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211KV)
 	case WLAN_FC_STYPE_BEACON:
 	case WLAN_FC_STYPE_PROBE_RESP:
 		ret = esp_handle_beacon_probe(type, frame, len, sender, rssi, channel, current_tsf);
 		break;
-#endif /* defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R) || defined(CONFIG_SAE_PK)*/
+#endif /* defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R) */
 #ifdef CONFIG_IEEE80211R
 	case WLAN_FC_STYPE_AUTH:
 		ret = handle_auth_frame(frame, len, sender, rssi, channel);
@@ -328,7 +328,7 @@ int esp_supplicant_common_init(struct wpa_funcs *wpa_cb)
 	struct wpa_supplicant *wpa_s = &g_wpa_supp;
 	int ret = 0;
 
-#if defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R) || defined(CONFIG_SAE_PK)
+#if defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R)
 #ifdef CONFIG_SUPPLICANT_TASK
 	if (!s_supplicant_api_lock) {
 		s_supplicant_api_lock = os_recursive_mutex_create();
@@ -361,7 +361,7 @@ int esp_supplicant_common_init(struct wpa_funcs *wpa_cb)
 #endif /* CONFIG_IEEE80211KV */
 	esp_scan_init(wpa_s);
 
-#endif /* defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R) || defined(CONFIG_SAE_PK)*/
+#endif /* defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R) */
 	wpa_s->type = 0;
 	wpa_s->subtype = 0;
 	wpa_s->type |= (1 << WLAN_FC_STYPE_ASSOC_RESP) | (1 << WLAN_FC_STYPE_REASSOC_RESP) | (1 << WLAN_FC_STYPE_AUTH);
@@ -386,13 +386,13 @@ void esp_supplicant_common_deinit(void)
 {
 	struct wpa_supplicant *wpa_s = &g_wpa_supp;
 
-#if defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R) || defined(CONFIG_SAE_PK)
+#if defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R)
 	esp_scan_deinit(wpa_s);
 #ifdef CONFIG_IEEE80211KV
 	wpas_rrm_reset(wpa_s);
 	wpas_clear_beacon_rep_data(wpa_s);
 #endif /* CONFIG_IEEE80211KV */
-#endif /* defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R) || defined(CONFIG_SAE_PK)*/
+#endif /* defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R) */
 	if (wpa_s->type) {
 		wpa_s->type = 0;
 		esp_wifi_register_mgmt_frame_internal(wpa_s->type, wpa_s->subtype);

diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
@@ -286,7 +286,6 @@ esp_err_t esp_wifi_remain_on_channel(uint8_t ifx, uint8_t type, uint8_t channel,
 bool esp_wifi_is_mbo_enabled_internal(uint8_t if_index);
 void esp_wifi_get_pmf_config_internal(wifi_pmf_config_t *pmf_cfg, uint8_t ifx);
 bool esp_wifi_is_ft_enabled_internal(uint8_t if_index);
-uint8_t esp_wifi_sta_get_use_h2e_internal(void);
 uint8_t esp_wifi_sta_get_config_sae_pk_internal(void);
 void esp_wifi_sta_disable_sae_pk_internal(void);
 void esp_wifi_sta_disable_wpa2_authmode_internal(void);
@@ -296,5 +295,6 @@ bool esp_wifi_ap_notify_node_sae_auth_done(uint8_t *mac);
 bool esp_wifi_ap_is_sta_sae_reauth_node(uint8_t *mac);
 uint8_t* esp_wifi_sta_get_sae_identifier_internal(void);
 bool esp_wifi_eb_tx_status_success_internal(void *eb);
+uint8_t* esp_wifi_sta_get_rsnxe(void);
 
 #endif /* _ESP_WIFI_DRIVER_H_ */
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
@@ -17,11 +17,6 @@
 #include "esp_hostap.h"
 #include <inttypes.h>
 
-#ifdef CONFIG_SAE_PK
-#include "common/bss.h"
-extern struct wpa_supplicant g_wpa_supp;
-#endif
-
 static struct sae_pt *g_sae_pt;
 static struct sae_data g_sae_data;
 static struct wpabuf *g_sae_token = NULL;
@@ -33,12 +28,53 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len)
 {
     int default_group = IANA_SECP256R1;
     u32 len = 0;
+    uint8_t use_pt = 0;
     u8 own_addr[ETH_ALEN];
     const u8 *pw = (const u8 *)esp_wifi_sta_get_prof_password_internal();
     struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal();
-    uint8_t use_pt = esp_wifi_sta_get_use_h2e_internal();
+    uint8_t sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_STA);
     char sae_pwd_id[SAE_H2E_IDENTIFIER_LEN+1] = {0};
     bool valid_pwd_id = false;
+    const u8 *rsnxe;
+    u8 rsnxe_capa = 0;
+
+    rsnxe = esp_wifi_sta_get_rsnxe();
+    if (rsnxe && rsnxe[1] >= 1) {
+        rsnxe_capa = rsnxe[2];
+    }
+
+#ifdef CONFIG_SAE_PK
+    bool use_pk = false;
+    uint8_t sae_pk_mode = esp_wifi_sta_get_config_sae_pk_internal();
+
+    if ((rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) &&
+         sae_pk_mode != WPA3_SAE_PK_MODE_DISABLED &&
+         ((pw && sae_pk_valid_password((const char*)pw)))) {
+        use_pt = 1;
+        use_pk = true;
+    }
+
+    if (sae_pk_mode == WPA3_SAE_PK_MODE_ONLY && !use_pk) {
+        wpa_printf(MSG_DEBUG,
+           "SAE: Cannot use PK with the selected AP");
+        return ESP_FAIL;
+    }
+#endif /* CONFIG_SAE_PK */
+    if (use_pt || sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
+        sae_pwe == SAE_PWE_BOTH) {
+        use_pt = !!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E));
+
+        if ((sae_pwe == SAE_PWE_HASH_TO_ELEMENT
+#ifdef CONFIG_SAE_PK
+            || (use_pk && sae_pk_mode == WPA3_SAE_PK_MODE_ONLY)
+#endif /* CONFIG_SAE_PK */
+            ) && !use_pt) {
+            wpa_printf(MSG_DEBUG,
+              "SAE: Cannot use H2E with the selected AP");
+            return ESP_FAIL;
+        }
+    }
+
 
     if (use_pt != 0) {
         memcpy(sae_pwd_id, esp_wifi_sta_get_sae_identifier_internal(), SAE_H2E_IDENTIFIER_LEN);
@@ -79,40 +115,6 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len)
         return ESP_FAIL;
     }
 
-#ifdef CONFIG_SAE_PK
-    bool use_pk = false;
-    uint8_t sae_pk_mode = esp_wifi_sta_get_config_sae_pk_internal();
-    u8 rsnxe_capa = 0;
-    struct wpa_bss *bss = wpa_bss_get_bssid(&g_wpa_supp, (uint8_t *)bssid);
-    if (!bss) {
-        wpa_printf(MSG_ERROR,
-                "SAE: BSS not available, update scan result to get BSS");
-       // TODO: should we trigger scan again.
-        return ESP_FAIL;
-    }
-    if (bss) {
-        const u8 *rsnxe;
-
-        rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
-        if (rsnxe && rsnxe[1] >= 1) {
-            rsnxe_capa = rsnxe[2];
-        }
-    }
-
-    if (use_pt && (rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) &&
-        sae_pk_mode != WPA3_SAE_PK_MODE_DISABLED &&
-        ((pw && sae_pk_valid_password((const char*)pw)))) {
-        use_pt = 1;
-        use_pk = true;
-    }
-
-    if (sae_pk_mode == WPA3_SAE_PK_MODE_ONLY && !use_pk) {
-        wpa_printf(MSG_DEBUG,
-           "SAE: Cannot use PK with the selected AP");
-    return ESP_FAIL;
-    }
-#endif /* CONFIG_SAE_PK */
-
     if (use_pt &&
             sae_prepare_commit_pt(&g_sae_data, g_sae_pt,
                     own_addr, bssid, NULL, NULL) < 0) {