Merge branch 'bugfix/fix_softap_pairwise_cipher_issue_v5.1' into 'rel…

…ease/v5.1' esp_wifi: update pairwise cipher in softAP(Backport v5.1) See merge request espressif/esp-idf!23503
espressif · Apr 27, 2023 · c710a69 · c710a69
2 parents eeea0a7 + 193f581
commit c710a69
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 9 deletions.
diff --git a/components/esp_wifi/include/esp_wifi_types.h b/components/esp_wifi/include/esp_wifi_types.h
@@ -286,11 +286,11 @@ typedef struct {
     uint8_t password[64];       /**< Password of soft-AP. */
     uint8_t ssid_len;           /**< Optional length of SSID field. */
     uint8_t channel;            /**< Channel of soft-AP */
-    wifi_auth_mode_t authmode;  /**< Auth mode of soft-AP. Do not support AUTH_WEP in soft-AP mode */
+    wifi_auth_mode_t authmode;  /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP.  */
     uint8_t ssid_hidden;        /**< Broadcast SSID or not, default 0, broadcast the SSID */
     uint8_t max_connection;     /**< Max number of stations allowed to connect in */
     uint16_t beacon_interval;   /**< Beacon interval which should be multiples of 100. Unit: TU(time unit, 1 TU = 1024 us). Range: 100 ~ 60000. Default value: 100 */
-    wifi_cipher_type_t pairwise_cipher;   /**< pairwise cipher of SoftAP, group cipher will be derived using this. cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */
+    wifi_cipher_type_t pairwise_cipher;   /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */
     bool ftm_responder;         /**< Enable FTM Responder mode */
     wifi_pmf_config_t pmf_cfg;  /**< Configuration for Protected Management Frame */
     wifi_sae_pwe_method_t sae_pwe_h2e;  /**< Configuration for SAE PWE derivation method */

diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
@@ -40,7 +40,7 @@ void *hostap_init(void)
     struct wpa_auth_config *auth_conf;
     u16 spp_attrubute = 0;
     u8 pairwise_cipher;
-    wifi_pmf_config_t pmf_cfg;
+    wifi_pmf_config_t pmf_cfg = {0};
     uint8_t authmode;
 
     hapd = (struct hostapd_data *)os_zalloc(sizeof(struct hostapd_data));
@@ -85,11 +85,12 @@ void *hostap_init(void)
     pairwise_cipher = esp_wifi_ap_get_prof_pairwise_cipher_internal();
 
 #ifdef CONFIG_IEEE80211W
-
-    esp_wifi_get_pmf_config_internal(&pmf_cfg, WIFI_IF_AP);
-
-    if (pmf_cfg.required) {
-        pairwise_cipher = WIFI_CIPHER_TYPE_CCMP;
+    if((auth_conf->wpa & WPA_PROTO_RSN) == WPA_PROTO_RSN)
+    {
+        esp_wifi_get_pmf_config_internal(&pmf_cfg, WIFI_IF_AP);
+        if (pmf_cfg.required) {
+            pairwise_cipher = WIFI_CIPHER_TYPE_CCMP;
+        }
     }
 #endif /* CONFIG_IEEE80211W */