From 6f7cf98ffe849c364c534d09fbce9024f56e1e19 Mon Sep 17 00:00:00 2001
From: gauri patankar <gauri.patankar@espressif.com>
Date: Thu, 28 Jul 2022 15:59:07 +0530
Subject: [PATCH] esp_wifi: SAE Password Identifier support

---
 components/esp_wifi/include/esp_wifi_types.h  |  2 ++
 components/esp_wifi/lib                       |  2 +-
 .../esp_supplicant/src/esp_wifi_driver.h      |  1 +
 .../esp_supplicant/src/esp_wpa3.c             | 13 ++++++++++--
 .../station/main/Kconfig.projbuild            | 20 +++++++++++++++++++
 .../station/main/station_example_main.c       | 15 ++++++++++++--
 6 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/components/esp_wifi/include/esp_wifi_types.h b/components/esp_wifi/include/esp_wifi_types.h
index 8784730fe7..c815a9fe0e 100644
--- a/components/esp_wifi/include/esp_wifi_types.h
+++ b/components/esp_wifi/include/esp_wifi_types.h
@@ -290,6 +290,7 @@ typedef struct {
     wifi_sae_pwe_method_t sae_pwe_h2e;  /**< Configuration for SAE PWE derivation method */
 } wifi_ap_config_t;
 
+#define SAE_H2E_IDENTIFIER_LEN 32
 /** @brief STA configuration settings for the device */
 typedef struct {
     uint8_t ssid[32];                         /**< SSID of target AP. */
@@ -322,6 +323,7 @@ typedef struct {
     uint32_t he_trig_mu_bmforming_partial_feedback_disabled:1;    /**< Whether to disable support the transmission of partial-bandwidth MU feedback in an HE TB sounding sequence. */
     uint32_t he_trig_cqi_feedback_disabled:1;                     /**< Whether to disable support the transmission of CQI feedback in an HE TB sounding sequence. */
     uint32_t he_reserved:22;                                      /**< Reserved for future feature set */
+    uint8_t sae_h2e_identifier[SAE_H2E_IDENTIFIER_LEN];/**< Password identifier for H2E. this needs to be null terminated string */
 } wifi_sta_config_t;
 
 /** @brief Configuration data for device's AP or STA.
diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
index 302a414d89..5ec56cf377 160000
--- a/components/esp_wifi/lib
+++ b/components/esp_wifi/lib
@@ -1 +1 @@
-Subproject commit 302a414d8912740b24708974a04f9075400e7c91
+Subproject commit 5ec56cf3775998a69b7946a5b2318d22f6650a95
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
index 7a8f7f6bd5..079f09300c 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
@@ -292,5 +292,6 @@ uint8_t esp_wifi_ap_get_max_sta_conn(void);
 uint8_t esp_wifi_get_config_sae_pwe_h2e_internal(uint8_t ifx);
 bool esp_wifi_ap_notify_node_sae_auth_done(uint8_t *mac);
 bool esp_wifi_ap_is_sta_sae_reauth_node(uint8_t *mac);
+uint8_t* esp_wifi_sta_get_sae_identifier_internal(void);
 
 #endif /* _ESP_WIFI_DRIVER_H_ */
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
index 8d1dad4bc1..cf77cf26bf 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa3.c
@@ -36,9 +36,18 @@ static esp_err_t wpa3_build_sae_commit(u8 *bssid, size_t *sae_msg_len)
     const u8 *pw = (const u8 *)esp_wifi_sta_get_prof_password_internal();
     struct wifi_ssid *ssid = esp_wifi_sta_get_prof_ssid_internal();
     uint8_t use_pt = esp_wifi_sta_get_use_h2e_internal();
+    char sae_pwd_id[SAE_H2E_IDENTIFIER_LEN+1] = {0};
+    bool valid_pwd_id = false;
+
+    if (use_pt != 0) {
+        memcpy(sae_pwd_id, esp_wifi_sta_get_sae_identifier_internal(), SAE_H2E_IDENTIFIER_LEN);
+        if (os_strlen(sae_pwd_id) > 0) {
+            valid_pwd_id = true;
+        }
+    }
 
     if (use_pt && !g_sae_pt) {
-        g_sae_pt = sae_derive_pt(g_allowed_groups, ssid->ssid, ssid->len, pw, strlen((const char *)pw), NULL);
+        g_sae_pt = sae_derive_pt(g_allowed_groups, ssid->ssid, ssid->len, pw, strlen((const char *)pw), valid_pwd_id ? sae_pwd_id : NULL);
     }
 
     if (wpa_sta_cur_pmksa_matches_akm()) {
@@ -134,7 +143,7 @@ reuse_data:
         return ESP_FAIL;
     }
 
-    if (sae_write_commit(&g_sae_data, g_sae_commit, g_sae_token, NULL) != ESP_OK) {
+    if (sae_write_commit(&g_sae_data, g_sae_commit, g_sae_token, valid_pwd_id ? sae_pwd_id : NULL) != ESP_OK) {
         wpa_printf(MSG_ERROR, "wpa3: failed to write SAE commit msg");
         wpabuf_free(g_sae_commit);
         g_sae_commit = NULL;
diff --git a/examples/wifi/getting_started/station/main/Kconfig.projbuild b/examples/wifi/getting_started/station/main/Kconfig.projbuild
index a43c1b8f53..5f26f13938 100644
--- a/examples/wifi/getting_started/station/main/Kconfig.projbuild
+++ b/examples/wifi/getting_started/station/main/Kconfig.projbuild
@@ -12,6 +12,26 @@ menu "Example Configuration"
         help
             WiFi password (WPA or WPA2) for the example to use.
 
+    choice ESP_WIFI_SAE_MODE
+        prompt "WPA3 SAE mode selection"
+        default ESP_WPA3_SAE_PWE_BOTH
+        help
+            Select mode for SAE as Hunt and Peck, H2E or both.
+        config ESP_WPA3_SAE_PWE_HUNT_AND_PECK
+            bool "HUNT AND PECK"
+        config ESP_WPA3_SAE_PWE_HASH_TO_ELEMENT
+            bool "H2E"
+        config ESP_WPA3_SAE_PWE_BOTH
+            bool "BOTH"
+    endchoice
+
+    config ESP_WIFI_PW_ID
+        string "PASSWORD IDENTIFIER"
+        depends on  ESP_WPA3_SAE_PWE_HASH_TO_ELEMENT|| ESP_WPA3_SAE_PWE_BOTH
+        default ""
+        help
+            password identifier for SAE H2E
+
     config ESP_MAXIMUM_RETRY
         int "Maximum retry"
         default 5
diff --git a/examples/wifi/getting_started/station/main/station_example_main.c b/examples/wifi/getting_started/station/main/station_example_main.c
index 10cb7b35ce..d68ef39a21 100644
--- a/examples/wifi/getting_started/station/main/station_example_main.c
+++ b/examples/wifi/getting_started/station/main/station_example_main.c
@@ -28,6 +28,16 @@
 #define EXAMPLE_ESP_WIFI_PASS      CONFIG_ESP_WIFI_PASSWORD
 #define EXAMPLE_ESP_MAXIMUM_RETRY  CONFIG_ESP_MAXIMUM_RETRY
 
+#if CONFIG_ESP_WPA3_SAE_PWE_HUNT_AND_PECK
+#define ESP_WIFI_SAE_MODE WPA3_SAE_PWE_HUNT_AND_PECK
+#define EXAMPLE_H2E_IDENTIFIER ""
+#elif CONFIG_ESP_WPA3_SAE_PWE_HASH_TO_ELEMENT
+#define ESP_WIFI_SAE_MODE WPA3_SAE_PWE_HASH_TO_ELEMENT
+#define EXAMPLE_H2E_IDENTIFIER CONFIG_ESP_WIFI_PW_ID
+#elif CONFIG_ESP_WPA3_SAE_PWE_BOTH
+#define ESP_WIFI_SAE_MODE WPA3_SAE_PWE_BOTH
+#define EXAMPLE_H2E_IDENTIFIER CONFIG_ESP_WIFI_PW_ID
+#endif
 #if CONFIG_ESP_WIFI_AUTH_OPEN
 #define ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD WIFI_AUTH_OPEN
 #elif CONFIG_ESP_WIFI_AUTH_WEP
@@ -114,10 +124,11 @@ void wifi_init_sta(void)
             /* Authmode threshold resets to WPA2 as default if password matches WPA2 standards (pasword len => 8).
              * If you want to connect the device to deprecated WEP/WPA networks, Please set the threshold value
              * to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with length and format matching to
-	     * WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK standards.
+             * WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK standards.
              */
             .threshold.authmode = ESP_WIFI_SCAN_AUTH_MODE_THRESHOLD,
-            .sae_pwe_h2e = WPA3_SAE_PWE_BOTH,
+            .sae_pwe_h2e = ESP_WIFI_SAE_MODE,
+            .sae_h2e_identifier = EXAMPLE_H2E_IDENTIFIER,
         },
     };
     ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );