From 716c5731eccb34401d90894fa41f2c19094e07a3 Mon Sep 17 00:00:00 2001
From: Sarvesh Bodakhe <sarvesh.bodakhe@espressif.com>
Date: Sat, 14 Dec 2024 18:13:18 +0530
Subject: [PATCH] feat(wpa_supplicant): Add WIFI_EVENT_AP_WRONG_PASSWORD in
 SoftAP

This event is triggered when external station tries connecting to softAP
with wrong password.

Currently supported softAP AUTH modes: WPA-PSK, WPA2-PSK and WPA3-PSK (SAE-auth)
---
 components/esp_wifi/include/esp_wifi_types_generic.h | 7 +++++++
 components/esp_wifi/lib                              | 2 +-
 components/wpa_supplicant/src/ap/ieee802_11.c        | 4 ++++
 components/wpa_supplicant/src/ap/wpa_auth.c          | 4 ++++
 4 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/components/esp_wifi/include/esp_wifi_types_generic.h b/components/esp_wifi/include/esp_wifi_types_generic.h
index 5a12424c1c..f07536332b 100644
--- a/components/esp_wifi/include/esp_wifi_types_generic.h
+++ b/components/esp_wifi/include/esp_wifi_types_generic.h
@@ -1019,6 +1019,8 @@ typedef enum {
 
     WIFI_EVENT_STA_NEIGHBOR_REP,         /**< Received Neighbor Report response */
 
+    WIFI_EVENT_AP_WRONG_PASSWORD,        /**< a station tried to connect with wrong password */
+
     WIFI_EVENT_MAX,                      /**< Invalid Wi-Fi event ID */
 } wifi_event_t;
 
@@ -1313,6 +1315,11 @@ typedef struct {
     uint16_t report_len;                            /**< Length of the report*/
 } wifi_event_neighbor_report_t;
 
+/** Argument structure for WIFI_EVENT_AP_WRONG_PASSWORD event */
+typedef struct {
+    uint8_t mac[6];           /**< MAC address of the station trying to connect to Soft-AP */
+} wifi_event_ap_wrong_password_t;
+
 /**
   * @brief Argument structure for wifi_tx_rate_config
   */
diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
index df42b857ed..4cc66f0553 160000
--- a/components/esp_wifi/lib
+++ b/components/esp_wifi/lib
@@ -1 +1 @@
-Subproject commit df42b857ede33d672362fdc5e0178f5d2bd91595
+Subproject commit 4cc66f055399501950062ad1a4a1349fe02304c9
diff --git a/components/wpa_supplicant/src/ap/ieee802_11.c b/components/wpa_supplicant/src/ap/ieee802_11.c
index f47a9b86cc..622d18fbea 100644
--- a/components/wpa_supplicant/src/ap/ieee802_11.c
+++ b/components/wpa_supplicant/src/ap/ieee802_11.c
@@ -625,6 +625,10 @@ int handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 
        if (sae_check_confirm(sta->sae, buf, len) < 0) {
            resp = WLAN_STATUS_CHALLENGE_FAIL;
+           wifi_event_ap_wrong_password_t evt = {0};
+           os_memcpy(evt.mac, bssid, ETH_ALEN);
+           esp_event_post(WIFI_EVENT, WIFI_EVENT_AP_WRONG_PASSWORD, &evt,
+                    sizeof(evt), 0);
            goto reply;
        }
        sta->sae->rc = peer_send_confirm;
diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c
index 58748a85ff..18a5069fb3 100644
--- a/components/wpa_supplicant/src/ap/wpa_auth.c
+++ b/components/wpa_supplicant/src/ap/wpa_auth.c
@@ -1668,6 +1668,10 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
 
     if (!ok) {
         wpa_printf(MSG_INFO, "invalid MIC in msg 2/4 of 4-Way Handshake");
+        wifi_event_ap_wrong_password_t evt = {0};
+        os_memcpy(evt.mac, sm->addr, ETH_ALEN);
+        esp_event_post(WIFI_EVENT, WIFI_EVENT_AP_WRONG_PASSWORD, &evt,
+                sizeof(evt), 0);
         return;
     }