supplicant/esp_wifi: move supplicant to idf

Move supplicant to idf and do following refactoring:
1. Make the folder structure consitent with supplicant upstream
2. Remove duplicated header files and minimize the public header files
3. Refactor for WiFi/supplicant interfaces

components/esp_wifi/CMakeLists.txt

@@ -19,7 +19,7 @@ idf_build_get_property(build_dir BUILD_DIR)
 target_link_libraries(${COMPONENT_LIB} PUBLIC "-L ${CMAKE_CURRENT_SOURCE_DIR}/lib_${idf_target}")
 
 if(NOT CONFIG_ESP32_NO_BLOBS)
-    set(blobs coexist core espnow mesh net80211 phy pp rtc smartconfig wpa2 wpa wps)
+    set(blobs coexist core espnow mesh net80211 phy pp rtc smartconfig)
     foreach(blob ${blobs})
         add_library(${blob} STATIC IMPORTED)
         set_property(TARGET ${blob} PROPERTY IMPORTED_LOCATION ${CMAKE_CURRENT_SOURCE_DIR}/lib_${idf_target}/lib${blob}.a)

components/esp_wifi/component.mk

@@ -6,7 +6,7 @@ COMPONENT_ADD_INCLUDEDIRS := include $(IDF_TARGET)/include
 COMPONENT_SRCDIRS := src
 
 ifndef CONFIG_ESP32_NO_BLOBS
-    LIBS := core rtc net80211 pp wpa smartconfig coexist wps wpa2 espnow phy mesh
+    LIBS := core rtc net80211 pp smartconfig coexist espnow phy mesh
     COMPONENT_ADD_LDFLAGS += -L$(COMPONENT_PATH)/lib_$(IDF_TARGET) \
                           $(addprefix -l,$(LIBS))
 

components/esp_wifi/include/esp_wifi_crypto_types.h

@@ -62,43 +62,6 @@ typedef struct crypto_hash esp_crypto_hash_t;
  */
 typedef struct crypto_cipher esp_crypto_cipher_t;
 
-/**
-  * @brief The crypto callback function used in wpa enterprise hash operation when connect.
-  *        Initialize a esp_crypto_hash_t structure.
-  *
-  * @param alg  Hash algorithm.
-  * @param key  Key for keyed hash (e.g., HMAC) or %NULL if not needed.
-  * @param key_len  Length of the key in bytes
-  *
-  */
-typedef esp_crypto_hash_t * (*esp_crypto_hash_init_t)(esp_crypto_hash_alg_t alg, const unsigned char *key, int key_len);
-
-/**
-  * @brief The crypto callback function used in wpa enterprise hash operation when connect. 
-  *        Add data to hash calculation.
-  *
-  * @param ctz  Context pointer from esp_crypto_hash_init_t function.
-  * @param data  Data buffer to add.
-  * @param len  Length of the buffer.
-  *
-  */
-typedef void (*esp_crypto_hash_update_t)(esp_crypto_hash_t *ctx, const unsigned char *data, int len);
-
-/**
-  * @brief The crypto callback function used in wpa enterprise hash operation when connect. 
-  *        Complete hash calculation.
-  *
-  * @param ctz  Context pointer from esp_crypto_hash_init_t function.
-  * @param hash   Buffer for hash value or %NULL if caller is just freeing the hash
-  *               context.
-  * @param len  Pointer to length of the buffer or %NULL if caller is just freeing the
-  *             hash context; on return, this is set to the actual length of the hash value
-  *             Returns: 0 on success, -1 if buffer is too small (len set to needed length),
-  *             or -2 on other failures (including failed crypto_hash_update() operations)
-  *
-  */
-typedef int (*esp_crypto_hash_finish_t)(esp_crypto_hash_t *ctx, unsigned char *hash, int *len);
-
 /**
   * @brief The AES callback function when do WPS connect. 
   *
@@ -142,64 +105,6 @@ typedef int (*esp_aes_wrap_t)(const unsigned char *kek, int n, const unsigned ch
   */
 typedef int (*esp_aes_unwrap_t)(const unsigned char *kek, int n, const unsigned char *cipher, unsigned char *plain);
 
-/**
-  * @brief The crypto callback function used in wpa enterprise cipher operation when connect.
-  *        Initialize a esp_crypto_cipher_t structure.
-  *
-  * @param alg  cipher algorithm.
-  * @param iv  Initialization vector for block ciphers or %NULL for stream ciphers.
-  * @param key  Cipher key
-  * @param key_len  Length of key in bytes
-  *
-  */
-typedef esp_crypto_cipher_t * (*esp_crypto_cipher_init_t)(esp_crypto_cipher_alg_t alg, const unsigned char *iv, const unsigned char *key, int key_len);
-
-/**
-  * @brief The crypto callback function used in wpa enterprise cipher operation when connect.
-  *        Cipher encrypt.
-  *
-  * @param ctx  Context pointer from esp_crypto_cipher_init_t callback function.
-  * @param plain  Plaintext to cipher.
-  * @param crypt  Resulting ciphertext.
-  * @param len  Length of the plaintext.
-  *
-  */
-typedef int (*esp_crypto_cipher_encrypt_t)(esp_crypto_cipher_t *ctx,
-				             const unsigned char *plain, unsigned char *crypt, int len);
-/**
-  * @brief The crypto callback function used in wpa enterprise cipher operation when connect.
-  *        Cipher decrypt.
-  *
-  * @param ctx  Context pointer from esp_crypto_cipher_init_t callback function.
-  * @param crypt  Ciphertext to decrypt.
-  * @param plain  Resulting plaintext.
-  * @param len  Length of the cipher text.
-  *
-  */
-typedef int (*esp_crypto_cipher_decrypt_t)(esp_crypto_cipher_t *ctx,
-				             const unsigned char *crypt, unsigned char *plain, int len);
-/**
-  * @brief The crypto callback function used in wpa enterprise cipher operation when connect.
-  *        Free cipher context.
-  *
-  * @param ctx  Context pointer from esp_crypto_cipher_init_t callback function.
-  *
-  */
-typedef void (*esp_crypto_cipher_deinit_t)(esp_crypto_cipher_t *ctx);
-
-/**
-  * @brief The SHA256 callback function when do WPS connect. 
-  *
-  * @param key  Key for HMAC operations.
-  * @param key_len  Length of the key in bytes.
-  * @param data  Pointers to the data area.
-  * @param data_len  Length of the data area.
-  * @param mac  Buffer for the hash (20 bytes).
-  *
-  */
-typedef void (*esp_hmac_sha256_t)(const unsigned char *key, int key_len, const unsigned char *data,
-		                    int data_len, unsigned char *mac);
-
 /**
   * @brief The SHA256 callback function when do WPS connect. 
   *
@@ -229,37 +134,6 @@ typedef void (*esp_hmac_sha256_vector_t)(const unsigned char *key, int key_len,
 typedef void (*esp_sha256_prf_t)(const unsigned char *key, int key_len, const char *label,
 	                           const unsigned char *data, int data_len, unsigned char *buf, int buf_len);
 
-/**
-  * @brief The SHA256 callback function when do WPS connect. 
-  *
-  * @param num_elem  Number of elements in the data vector.
-  * @param addr  Pointers to the data areas.
-  * @param len  Lengths of the data blocks.
-  * @paramac  Buffer for the hash.
-  *
-  */
-typedef int (*esp_sha256_vector_t)(int num_elem, const unsigned char *addr[], const int *len,
-		                     unsigned char *mac);
-
-/**
-  * @brief The bignum calculate callback function used when do connect. 
-  *        In WPS process, it used to calculate public key and private key.
-  *
-  * @param base  Base integer (big endian byte array).
-  * @param base_len  Length of base integer in bytes.
-  * @param power  Power integer (big endian byte array).
-  * @param power_len  Length of power integer in bytes.
-  * @param modulus  Modulus integer (big endian byte array).
-  * @param modulus_len  Length of modulus integer in bytes.
-  * @param result  Buffer for the result.
-  * @param result_len  Result length (max buffer size on input, real len on output).
-  *
-  */
-typedef int (*esp_crypto_mod_exp_t)(const unsigned char *base, int base_len,
-		                      const unsigned char *power, int power_len,
-		                      const unsigned char *modulus, int modulus_len,
-		                      unsigned char *result, unsigned int *result_len);
-
 /**
  * @brief HMAC-MD5 over data buffer (RFC 2104)'
  * 
@@ -441,258 +315,6 @@ typedef void * (*esp_aes_decrypt_init_t)(const unsigned char *key, unsigned int
  */
 typedef void (*esp_aes_decrypt_deinit_t)(void *ctx);
 
-/**
- * @brief Initialize TLS library
- * 
- * @conf: Configuration data for TLS library
- * Returns: Context data to be used as tls_ctx in calls to other functions,
- * or %NULL on failure.
- *
- * Called once during program startup and once for each RSN pre-authentication
- * session. In other words, there can be two concurrent TLS contexts. If global
- * library initialization is needed (i.e., one that is shared between both
- * authentication types), the TLS library wrapper should maintain a reference
- * counter and do global initialization only when moving from 0 to 1 reference.
- */
-typedef void * (*esp_tls_init_t)(void);
-
-/**
- * @brief Deinitialize TLS library
- * 
- * @tls_ctx: TLS context data from tls_init()
- *
- * Called once during program shutdown and once for each RSN pre-authentication
- * session. If global library deinitialization is needed (i.e., one that is
- * shared between both authentication types), the TLS library wrapper should
- * maintain a reference counter and do global deinitialization only when moving
- * from 1 to 0 references.
- */
-typedef void (*esp_tls_deinit_t)(void *tls_ctx);
-
-/**
- * @brief Add certificate and private key for connect
- 
- * @sm: eap state machine
- * 
- * Returns: 0 for success, -1 state machine didn't exist, -2 short of certificate or key
- */
-typedef int (*esp_eap_peer_blob_init_t)(void *sm);
-
-/**
- * @brief delete the certificate and private
- * 
- * @sm: eap state machine
- * 
- */
-typedef void (*esp_eap_peer_blob_deinit_t)(void *sm);
-
-/**
- * @brief Initialize the eap state machine
- * 
- * @sm: eap state machine
- * @private_key_passwd: the start address of private_key_passwd
- * @private_key_passwd_len: length of private_key_password
- * 
- * Returns: 0 is success, -1 state machine didn't exist, -2 short of parameters
- * 
- */
-typedef int (*esp_eap_peer_config_init_t)(void *sm, unsigned char *private_key_passwd,int private_key_passwd_len);
-
-/**
- * @brief Deinit the eap state machine
- * 
- * @sm: eap state machine
- * 
- */
-typedef void (*esp_eap_peer_config_deinit_t)(void *sm);
-
-/**
- * @brief Register the eap method 
- * 
- * Note: ESP32 only support PEAP/TTLS/TLS three eap methods now.
- * 
- */
-typedef int (*esp_eap_peer_register_methods_t)(void);
-
-/**
- * @brief remove the eap method 
- * 
- * Note: ESP32 only support PEAP/TTLS/TLS three eap methods now.
- * 
- */
-typedef void (*esp_eap_peer_unregister_methods_t)(void);
-
-/**
- * @brief remove the eap method before build new connect
- * 
- * @sm: eap state machine
- * @txt: not used now
- */
-typedef void (*esp_eap_deinit_prev_method_t)(void *sm, const char *txt);
-
-/**
- * @brief Get EAP method based on type number
- * 
- * @vendor: EAP Vendor-Id (0 = IETF)
- * @method: EAP type number
- * Returns: Pointer to EAP method or %NULL if not found
- */
-typedef const void * (*esp_eap_peer_get_eap_method_t)(int vendor, int method);
-
-/**
- * @brief Abort EAP authentication
- * 
- * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
- *
- * Release system resources that have been allocated for the authentication
- * session without fully deinitializing the EAP state machine.
- */
-typedef void (*esp_eap_sm_abort_t)(void *sm);
-
-/**
- * @brief Build EAP-NAK for the current network
- * 
- * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
- * @type: EAP type of the fail reason
- * @id: EAP identifier for the packet
- *
- * This function allocates and builds a nak packet for the
- * current network. The caller is responsible for freeing the returned data.
- */
-typedef void * (*esp_eap_sm_build_nak_t)(void *sm, int type, unsigned char id);
-
-/**
- * @brief Build EAP-Identity/Response for the current network
- * 
- * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
- * @id: EAP identifier for the packet
- * @encrypted: Whether the packet is for encrypted tunnel (EAP phase 2)
- * Returns: Pointer to the allocated EAP-Identity/Response packet or %NULL on
- * failure
- *
- * This function allocates and builds an EAP-Identity/Response packet for the
- * current network. The caller is responsible for freeing the returned data.
- */
-typedef void * (*esp_eap_sm_build_identity_resp_t)(void *sm, unsigned char id, int encrypted);
-
-/**
- * @brief Allocate a buffer for an EAP message
- * 
- * @vendor: Vendor-Id (0 = IETF)
- * @type: EAP type
- * @payload_len: Payload length in bytes (data after Type)
- * @code: Message Code (EAP_CODE_*)
- * @identifier: Identifier
- * Returns: Pointer to the allocated message buffer or %NULL on error
- *
- * This function can be used to allocate a buffer for an EAP message and fill
- * in the EAP header. This function is automatically using expanded EAP header
- * if the selected Vendor-Id is not IETF. In other words, most EAP methods do
- * not need to separately select which header type to use when using this
- * function to allocate the message buffers. The returned buffer has room for
- * payload_len bytes and has the EAP header and Type field already filled in.
- */
-typedef void * (*esp_eap_msg_alloc_t)(int vendor, int type, unsigned int payload_len,
-                             unsigned char code, unsigned char identifier);
-
-/**
- * @brief get the enrollee mac address
- * @mac_addr: instore the mac address of enrollee
- * @uuid: Universally Unique Identifer of the enrollee
- * 
- */                        
-typedef void (*esp_uuid_gen_mac_addr_t)(const unsigned char *mac_addr, unsigned char *uuid);
-
-/**
- * @brief free the message after finish DH
- * 
- */
-typedef void (*esp_dh5_free_t)(void *ctx);
-
-/**
- * @brief Build WPS IE for (Re)Association Request
- * 
- * @req_type: Value for Request Type attribute
- * Returns: WPS IE or %NULL on failure
- *
- * The caller is responsible for freeing the buffer.
- */
-typedef void * (*esp_wps_build_assoc_req_ie_t)(int req_type);
-
-/**
- * @brief Build WPS IE for (Re)Association Response
- * 
- * Returns: WPS IE or %NULL on failure
- *
- * The caller is responsible for freeing the buffer.
- */
-typedef void * (*esp_wps_build_assoc_resp_ie_t)(void);
-
-/**
- * @brief Build WPS IE for Probe Request
- * 
- * @pw_id: Password ID (DEV_PW_PUSHBUTTON for active PBC and DEV_PW_DEFAULT for
- * most other use cases)
- * @dev: Device attributes
- * @uuid: Own UUID
- * @req_type: Value for Request Type attribute
- * @num_req_dev_types: Number of requested device types
- * @req_dev_types: Requested device types (8 * num_req_dev_types octets) or
- *	%NULL if none
- * Returns: WPS IE or %NULL on failure
- *
- * The caller is responsible for freeing the buffer.
- */
-typedef void * (*esp_wps_build_probe_req_ie_t)(uint16_t pw_id, void *dev, const unsigned char *uuid,
-                             int req_type, unsigned int num_req_dev_types, const unsigned char *req_dev_types);
-
-/**
- * @brief build public key for exchange in M1
- * 
- * 
- */
-typedef int (*esp_wps_build_public_key_t)(void *wps, void *msg, int mode);
-
-
-/**
- * @brief get the wps information in exchange password
- * 
- * 
- */
-typedef void * (*esp_wps_enrollee_get_msg_t)(void *wps, void *op_code);
-
-/**
- * @brief deal with the wps information in exchange password
- * 
- * 
- */
-typedef int (*esp_wps_enrollee_process_msg_t)(void *wps, int op_code, const void *msg);
-
-/**
- * @brief Generate a random PIN
- * 
- * Returns: Eight digit PIN (i.e., including the checksum digit)
- */
-typedef unsigned int (*esp_wps_generate_pin_t)(void);
-
-/**
- * @brief Check whether WPS IE indicates active PIN
- * 
- * @msg: WPS IE contents from Beacon or Probe Response frame
- * Returns: 1 if PIN Registrar is active, 0 if not
- */
-typedef int (*esp_wps_is_selected_pin_registrar_t)(const void *msg, unsigned char *bssid);
-
-/**
- * @brief Check whether WPS IE indicates active PBC
- * 
- * @msg: WPS IE contents from Beacon or Probe Response frame
- * Returns: 1 if PBC Registrar is active, 0 if not
- */
-typedef int (*esp_wps_is_selected_pbc_registrar_t)(const void *msg, unsigned char *bssid);
-
-
-
 /**
   * @brief The crypto callback function structure used when do station security connect.
   *        The structure can be set as software crypto or the crypto optimized by ESP32
@@ -722,67 +344,6 @@ typedef struct {
     esp_aes_decrypt_deinit_t aes_decrypt_deinit;
 }wpa_crypto_funcs_t;
 
-/**
-  * @brief The crypto callback function structure used when do WPS process. The 
-  *        structure can be set as software crypto or the crypto optimized by ESP32
-  *        hardware.
-  */
-typedef struct{
-    uint32_t size;
-    uint32_t version;
-    esp_aes_128_encrypt_t aes_128_encrypt;          /**< function used to process message when do WPS */
-    esp_aes_128_decrypt_t aes_128_decrypt;          /**< function used to process message when do WPS */
-    esp_crypto_mod_exp_t crypto_mod_exp;            /**< function used to calculate public key and private key */
-    esp_hmac_sha256_t hmac_sha256;                  /**< function used to get attribute */
-    esp_hmac_sha256_vector_t hmac_sha256_vector;    /**< function used to process message when do WPS */
-    esp_sha256_vector_t sha256_vector;              /**< function used to process message when do WPS */
-    esp_uuid_gen_mac_addr_t uuid_gen_mac_addr;
-    esp_dh5_free_t dh5_free;
-    esp_wps_build_assoc_req_ie_t wps_build_assoc_req_ie;
-    esp_wps_build_assoc_resp_ie_t wps_build_assoc_resp_ie;
-    esp_wps_build_probe_req_ie_t wps_build_probe_req_ie;
-    esp_wps_build_public_key_t wps_build_public_key;
-    esp_wps_enrollee_get_msg_t wps_enrollee_get_msg;
-    esp_wps_enrollee_process_msg_t wps_enrollee_process_msg;
-    esp_wps_generate_pin_t wps_generate_pin;
-    esp_wps_is_selected_pin_registrar_t wps_is_selected_pin_registrar;
-    esp_wps_is_selected_pbc_registrar_t wps_is_selected_pbc_registrar;
-    esp_eap_msg_alloc_t eap_msg_alloc;
-}wps_crypto_funcs_t;
-
-/**
-  * @brief The crypto callback function structure used when do WPA enterprise connect.
-  *        The structure can be set as software crypto or the crypto optimized by ESP32
-  *        hardware.
-  */
-typedef struct {
-    uint32_t size;
-    uint32_t version;
-    esp_crypto_hash_init_t crypto_hash_init;                  /**< function used to initialize a crypto_hash structure when use TLSV1 */
-    esp_crypto_hash_update_t crypto_hash_update;              /**< function used to calculate hash data when use TLSV1 */
-    esp_crypto_hash_finish_t crypto_hash_finish;              /**< function used to finish the hash calculate when use TLSV1 */
-    esp_crypto_cipher_init_t crypto_cipher_init;              /**< function used to initialize a crypt_cipher structure when use TLSV1 */
-    esp_crypto_cipher_encrypt_t crypto_cipher_encrypt;        /**< function used to encrypt cipher when use TLSV1 */
-    esp_crypto_cipher_decrypt_t crypto_cipher_decrypt;        /**< function used to decrypt cipher when use TLSV1 */
-    esp_crypto_cipher_deinit_t crypto_cipher_deinit;          /**< function used to free context when use TLSV1 */
-    esp_crypto_mod_exp_t crypto_mod_exp;                      /**< function used to do key exchange when use TLSV1 */
-    esp_sha256_vector_t sha256_vector;                        /**< function used to do X.509v3 certificate parsing and processing */
-    esp_tls_init_t tls_init;
-    esp_tls_deinit_t tls_deinit;
-    esp_eap_peer_blob_init_t eap_peer_blob_init;
-    esp_eap_peer_blob_deinit_t eap_peer_blob_deinit;
-    esp_eap_peer_config_init_t eap_peer_config_init;
-    esp_eap_peer_config_deinit_t eap_peer_config_deinit;
-    esp_eap_peer_register_methods_t eap_peer_register_methods;
-    esp_eap_peer_unregister_methods_t eap_peer_unregister_methods;
-    esp_eap_deinit_prev_method_t eap_deinit_prev_method;
-    esp_eap_peer_get_eap_method_t eap_peer_get_eap_method;
-    esp_eap_sm_abort_t eap_sm_abort;
-    esp_eap_sm_build_nak_t eap_sm_build_nak;
-    esp_eap_sm_build_identity_resp_t eap_sm_build_identity_resp;
-    esp_eap_msg_alloc_t eap_msg_alloc;
-} wpa2_crypto_funcs_t;
-
 /**
   * @brief The crypto callback function structure used in mesh vendor IE encryption. The
   *        structure can be set as software crypto or the crypto optimized by ESP32

components/esp_wifi/lib_esp32

@@ -1 +1 @@
-Subproject commit fc518f822e23b6f4fd8870d61cb1dba107727df2
+Subproject commit 6579ef9a7ebdfa4196398056ee5337c300ca74e3

components/esp_wifi/src/fast_crypto_ops.c

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/aes_wrap.h"
 #include "crypto/sha256.h"
 #include "crypto/crypto.h"
@@ -20,13 +20,6 @@
 #include "crypto/sha1.h"
 #include "crypto/aes.h"
 #include "crypto/dh_group5.h"
-#include "wps/wps.h"
-#include "wps/wps_i.h"
-#include "wpa2/eap_peer/eap.h"
-#include "wpa2/tls/tls.h"
-#include "wpa2/eap_peer/eap_methods.h"
-#include "wpa2/eap_peer/eap_i.h"
-#include "wpa2/eap_peer/eap_common.h"
 #include "esp_wifi_crypto_types.h"
 /* 
  * The parameters is used to set the cyrpto callback function for station connect when in security mode,
@@ -59,63 +52,6 @@ const wpa_crypto_funcs_t g_wifi_default_wpa_crypto_funcs = {
     .aes_decrypt_deinit = (esp_aes_decrypt_deinit_t)aes_decrypt_deinit
 };
 
-const wps_crypto_funcs_t g_wifi_default_wps_crypto_funcs = {
-    .size = sizeof(wps_crypto_funcs_t), 
-    .version = ESP_WIFI_CRYPTO_VERSION,
-    .aes_128_encrypt = (esp_aes_128_encrypt_t)fast_aes_128_cbc_encrypt,
-    .aes_128_decrypt = (esp_aes_128_decrypt_t)fast_aes_128_cbc_decrypt,
-    .crypto_mod_exp = (esp_crypto_mod_exp_t)fast_crypto_mod_exp,
-    .hmac_sha256 = (esp_hmac_sha256_t)fast_hmac_sha256,
-    .hmac_sha256_vector = (esp_hmac_sha256_vector_t)fast_hmac_sha256_vector,
-    .sha256_vector = (esp_sha256_vector_t)fast_sha256_vector,
-    .uuid_gen_mac_addr = (esp_uuid_gen_mac_addr_t)uuid_gen_mac_addr,
-    .dh5_free = (esp_dh5_free_t)dh5_free,
-    .wps_build_assoc_req_ie = (esp_wps_build_assoc_req_ie_t)wps_build_assoc_req_ie,
-    .wps_build_assoc_resp_ie = (esp_wps_build_assoc_resp_ie_t)wps_build_assoc_resp_ie,
-    .wps_build_probe_req_ie = (esp_wps_build_probe_req_ie_t)wps_build_probe_req_ie,
-    .wps_build_public_key = (esp_wps_build_public_key_t)wps_build_public_key,
-    .wps_enrollee_get_msg = (esp_wps_enrollee_get_msg_t)wps_enrollee_get_msg,
-    .wps_enrollee_process_msg = (esp_wps_enrollee_process_msg_t)wps_enrollee_process_msg,
-    .wps_generate_pin = (esp_wps_generate_pin_t)wps_generate_pin,
-    .wps_is_selected_pin_registrar = (esp_wps_is_selected_pin_registrar_t)wps_is_selected_pin_registrar,
-    .wps_is_selected_pbc_registrar = (esp_wps_is_selected_pbc_registrar_t)wps_is_selected_pbc_registrar,
-    .eap_msg_alloc = (esp_eap_msg_alloc_t)eap_msg_alloc
-};
-
-/*
- * What should notice is that the cyrpto hash type function and crypto cipher type function can not register
- * as different, i.e, if you use fast_crypto_hash_init, you should use fast_crypto_hash_update and 
- * fast_crypto_hash_finish for finish hash calculate, rather than call crypto_hash_update and 
- * crypto_hash_finish, so do crypto_cipher.
- */
-const wpa2_crypto_funcs_t g_wifi_default_wpa2_crypto_funcs = {
-    .size = sizeof(wpa2_crypto_funcs_t),
-    .version = ESP_WIFI_CRYPTO_VERSION,
-    .crypto_hash_init = (esp_crypto_hash_init_t)fast_crypto_hash_init,
-    .crypto_hash_update = (esp_crypto_hash_update_t)fast_crypto_hash_update,
-    .crypto_hash_finish = (esp_crypto_hash_finish_t)fast_crypto_hash_finish,
-    .crypto_cipher_init = (esp_crypto_cipher_init_t)fast_crypto_cipher_init,
-    .crypto_cipher_encrypt = (esp_crypto_cipher_encrypt_t)fast_crypto_cipher_encrypt,
-    .crypto_cipher_decrypt = (esp_crypto_cipher_decrypt_t)fast_crypto_cipher_decrypt,
-    .crypto_cipher_deinit = (esp_crypto_cipher_deinit_t)fast_crypto_cipher_deinit,
-    .crypto_mod_exp = (esp_crypto_mod_exp_t)crypto_mod_exp,
-    .sha256_vector = (esp_sha256_vector_t)fast_sha256_vector,
-    .tls_init = (esp_tls_init_t)tls_init,
-    .tls_deinit = (esp_tls_deinit_t)tls_deinit,
-    .eap_peer_blob_init = (esp_eap_peer_blob_init_t)eap_peer_blob_init,
-    .eap_peer_blob_deinit = (esp_eap_peer_blob_deinit_t)eap_peer_blob_deinit,
-    .eap_peer_config_init = (esp_eap_peer_config_init_t)eap_peer_config_init,
-    .eap_peer_config_deinit = (esp_eap_peer_config_deinit_t)eap_peer_config_deinit,
-    .eap_peer_register_methods = (esp_eap_peer_register_methods_t)eap_peer_register_methods,
-    .eap_peer_unregister_methods = (esp_eap_peer_unregister_methods_t)eap_peer_unregister_methods,
-    .eap_deinit_prev_method = (esp_eap_deinit_prev_method_t)eap_deinit_prev_method,
-    .eap_peer_get_eap_method = (esp_eap_peer_get_eap_method_t)eap_peer_get_eap_method,
-    .eap_sm_abort = (esp_eap_sm_abort_t)eap_sm_abort,
-    .eap_sm_build_nak = (esp_eap_sm_build_nak_t)eap_sm_build_nak,
-    .eap_sm_build_identity_resp = (esp_eap_sm_build_identity_resp_t)eap_sm_build_identity_resp,
-    .eap_msg_alloc = (esp_eap_msg_alloc_t)eap_msg_alloc
-};
-
 const mesh_crypto_funcs_t g_wifi_default_mesh_crypto_funcs = {
     .aes_128_encrypt = (esp_aes_128_encrypt_t)fast_aes_128_cbc_encrypt,
     .aes_128_decrypt = (esp_aes_128_decrypt_t)fast_aes_128_cbc_decrypt,

components/esp_wifi/src/wifi_init.c

@@ -18,6 +18,7 @@
 #include "esp_private/wifi.h"
 #include "esp_pm.h"
 #include "soc/rtc.h"
+#include "esp_wpa.h"
 
 ESP_EVENT_DEFINE_BASE(WIFI_EVENT);
 
@@ -106,6 +107,17 @@ esp_err_t esp_wifi_init(const wifi_init_config_t *config)
     if (result == ESP_OK) {
         esp_wifi_set_debug_log();
         s_wifi_mac_time_update_cb = esp_wifi_internal_update_mac_time;
+
+        result = esp_supplicant_init();
+        if (result != ESP_OK) {
+            ESP_LOGE(TAG, "Failed to init supplicant (0x%x)", result);
+            esp_err_t deinit_ret = esp_wifi_deinit();
+            if (deinit_ret != ESP_OK) {
+                ESP_LOGE(TAG, "Failed to deinit Wi-Fi (0x%x)", deinit_ret);
+            }
+
+            return result;
+        } 
     }
 
     return result;

components/esp_wifi/test/test_header_files_md5.c

@@ -19,7 +19,7 @@ TEST_CASE("wifi os adapter MD5","[wifi]")
 }
 
 TEST_CASE("wifi crypto types MD5","[wifi]")
-{    
+{   
     const char *test_wifi_crypto_funcs_md5 = WIFI_CRYPTO_MD5;
 
     ESP_LOGI(TAG, "test wifi crypto adapter MD5...");

components/wpa_supplicant/CMakeLists.txt

@@ -1,5 +1,9 @@
-set(srcs 
-    "port/os_xtensa.c"
+set(srcs "port/os_xtensa.c"
+    "src/ap/ap_config.c"
+    "src/ap/ieee802_1x.c"
+    "src/ap/wpa_auth.c"
+    "src/ap/wpa_auth_ie.c"
+    "src/common/wpa_common.c"
     "src/crypto/aes-cbc.c"
     "src/crypto/aes-internal-dec.c"
     "src/crypto/aes-internal-enc.c"
@@ -33,37 +37,46 @@ set(srcs
     "src/fast_crypto/fast_crypto_internal.c"
     "src/fast_crypto/fast_sha256-internal.c"
     "src/fast_crypto/fast_sha256.c"
-    "src/wpa2/eap_peer/chap.c"
-    "src/wpa2/eap_peer/eap.c"
-    "src/wpa2/eap_peer/eap_common.c"
-    "src/wpa2/eap_peer/eap_mschapv2.c"
-    "src/wpa2/eap_peer/eap_peap.c"
-    "src/wpa2/eap_peer/eap_peap_common.c"
-    "src/wpa2/eap_peer/eap_tls.c"
-    "src/wpa2/eap_peer/eap_tls_common.c"
-    "src/wpa2/eap_peer/eap_ttls.c"
-    "src/wpa2/eap_peer/mschapv2.c"
-    "src/wpa2/tls/asn1.c"
-    "src/wpa2/tls/bignum.c"
-    "src/wpa2/tls/pkcs1.c"
-    "src/wpa2/tls/pkcs5.c"
-    "src/wpa2/tls/pkcs8.c"
-    "src/wpa2/tls/rsa.c"
-    "src/wpa2/tls/tls_internal.c"
-    "src/wpa2/tls/tlsv1_client.c"
-    "src/wpa2/tls/tlsv1_client_read.c"
-    "src/wpa2/tls/tlsv1_client_write.c"
-    "src/wpa2/tls/tlsv1_common.c"
-    "src/wpa2/tls/tlsv1_cred.c"
-    "src/wpa2/tls/tlsv1_record.c"
-    "src/wpa2/tls/tlsv1_server.c"
-    "src/wpa2/tls/tlsv1_server_read.c"
-    "src/wpa2/tls/tlsv1_server_write.c"
-    "src/wpa2/tls/x509v3.c"
-    "src/wpa2/utils/base64.c"
-    "src/wpa2/utils/ext_password.c"
-    "src/wps/eap_common.c"
-    "src/wps/uuid.c"
+    "src/eap_peer/chap.c"
+    "src/eap_peer/eap.c"
+    "src/eap_peer/eap_common.c"
+    "src/eap_peer/eap_mschapv2.c"
+    "src/eap_peer/eap_peap.c"
+    "src/eap_peer/eap_peap_common.c"
+    "src/eap_peer/eap_tls.c"
+    "src/eap_peer/eap_tls_common.c"
+    "src/eap_peer/eap_ttls.c"
+    "src/eap_peer/mschapv2.c"
+    "src/esp_supplicant/esp_hostap.c"
+    "src/esp_supplicant/esp_wpa2.c"
+    "src/esp_supplicant/esp_wpa_main.c"
+    "src/esp_supplicant/esp_wpas_glue.c"
+    "src/esp_supplicant/esp_wps.c"
+    "src/rsn_supp/wpa.c"
+    "src/rsn_supp/wpa_ie.c"
+    "src/tls/asn1.c"
+    "src/tls/bignum.c"
+    "src/tls/pkcs1.c"
+    "src/tls/pkcs5.c"
+    "src/tls/pkcs8.c"
+    "src/tls/rsa.c"
+    "src/tls/tls_internal.c"
+    "src/tls/tlsv1_client.c"
+    "src/tls/tlsv1_client_read.c"
+    "src/tls/tlsv1_client_write.c"
+    "src/tls/tlsv1_common.c"
+    "src/tls/tlsv1_cred.c"
+    "src/tls/tlsv1_record.c"
+    "src/tls/tlsv1_server.c"
+    "src/tls/tlsv1_server_read.c"
+    "src/tls/tlsv1_server_write.c"
+    "src/tls/x509v3.c"
+    "src/utils/base64.c"
+    "src/utils/common.c"
+    "src/utils/ext_password.c"
+    "src/utils/uuid.c"
+    "src/utils/wpabuf.c"
+    "src/utils/wpa_debug.c"
     "src/wps/wps.c"
     "src/wps/wps_attr_build.c"
     "src/wps/wps_attr_parse.c"
@@ -75,13 +88,14 @@ set(srcs
     "src/wps/wps_validate.c")
 
 idf_component_register(SRCS "${srcs}"
-                    INCLUDE_DIRS include port/include
+                    INCLUDE_DIRS include port/include include/esp_supplicant
+                    PRIV_INCLUDE_DIRS src
                     PRIV_REQUIRES mbedtls)
 
 target_compile_options(${COMPONENT_LIB} PRIVATE -Wno-strict-aliasing)
 target_compile_definitions(${COMPONENT_LIB} PRIVATE
     __ets__
-    EMBEDDED_SUPP
+    ESP_SUPPLICANT
     IEEE8021X_EAPOL
     EAP_PEER_METHOD
     EAP_MSCHAPv2

components/wpa_supplicant/Kconfig

@@ -0,0 +1,30 @@
+menu "Supplicant"
+
+    config WPA_ENTERPRISE
+        bool "Enable WPA/WPA2-Enterprise"
+        default n
+        help
+            Select this option to enable WiFi WPA/WPA2-Enterprise authentication.
+
+    config WPA_EAP_TLS
+        bool "Enable EAP-TLS"
+        depends on WPA_ENTERPRISE
+        default y
+        help
+            Select this option to support EAP-TLS.
+
+    config WPA_EAP_TTLS
+        bool "Enable EAP-TTLS"
+        depends on WPA_ENTERPRISE
+        default y
+        help
+            Select this option to support EAP-TTLS.
+
+    config WPA_EAP_PEAP
+        bool "Enable EAP-PEAP"
+        depends on WPA_ENTERPRISE
+        default y
+        help
+            Select this option to support EAP-PEAP.
+
+endmenu

components/wpa_supplicant/component.mk

@@ -1,4 +1,5 @@
-COMPONENT_ADD_INCLUDEDIRS := include port/include
-COMPONENT_SRCDIRS := src/crypto port src/fast_crypto src/wpa2/eap_peer src/wpa2/tls src/wpa2/utils src/wps
+COMPONENT_ADD_INCLUDEDIRS := include port/include include/esp_supplicant
+COMPONENT_PRIV_INCLUDEDIRS := src
+COMPONENT_SRCDIRS := port src/ap src/common src/crypto src/eap_peer src/fast_crypto src/rsn_supp src/tls src/utils src/esp_supplicant src/wps
 
-CFLAGS += -DEMBEDDED_SUPP -DIEEE8021X_EAPOL -DEAP_PEER_METHOD -DEAP_MSCHAPv2 -DEAP_TTLS -DEAP_TLS -DEAP_PEAP -DUSE_WPA2_TASK -DCONFIG_WPS2 -DCONFIG_WPS_PIN -DUSE_WPS_TASK -DESPRESSIF_USE -DESP32_WORKAROUND -D__ets__ -DCONFIG_ECC -Wno-strict-aliasing
+CFLAGS += -DESP_SUPPLICANT -DIEEE8021X_EAPOL -DEAP_PEER_METHOD -DEAP_MSCHAPv2 -DUSE_WPA2_TASK -DCONFIG_WPS2 -DCONFIG_WPS_PIN -DUSE_WPS_TASK -DESPRESSIF_USE -DESP32_WORKAROUND -DCONFIG_ECC -D__ets__ -Wno-strict-aliasing

components/wpa_supplicant/include/crypto/common.h

@@ -1,481 +0,0 @@
-/*
- * wpa_supplicant/hostapd / common helper functions, etc.
- * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-
-#ifndef COMMON_H
-#define COMMON_H
-
-#include "os.h"
-
-#if defined(__XTENSA__)
-#include <machine/endian.h>
-#define __BYTE_ORDER     BYTE_ORDER
-#define __LITTLE_ENDIAN  LITTLE_ENDIAN
-#define __BIG_ENDIAN     BIG_ENDIAN
-#endif /*__XTENSA__*/
-
-#if defined(__linux__) || defined(__GLIBC__)
-#include <endian.h>
-#include <byteswap.h>
-#endif /* __linux__ */
-
-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) || \
-    defined(__OpenBSD__)
-#include <sys/types.h>
-#include <sys/endian.h>
-#define __BYTE_ORDER	_BYTE_ORDER
-#define	__LITTLE_ENDIAN	_LITTLE_ENDIAN
-#define	__BIG_ENDIAN	_BIG_ENDIAN
-#ifdef __OpenBSD__
-#define bswap_16 swap16
-#define bswap_32 swap32
-#define bswap_64 swap64
-#else /* __OpenBSD__ */
-#define bswap_16 bswap16
-#define bswap_32 bswap32
-#define bswap_64 bswap64
-#endif /* __OpenBSD__ */
-#endif /* defined(__FreeBSD__) || defined(__NetBSD__) ||
-	* defined(__DragonFly__) || defined(__OpenBSD__) */
-
-#ifdef __APPLE__
-#include <sys/types.h>
-#include <machine/endian.h>
-#define __BYTE_ORDER	_BYTE_ORDER
-#define __LITTLE_ENDIAN	_LITTLE_ENDIAN
-#define __BIG_ENDIAN	_BIG_ENDIAN
-static inline unsigned short bswap_16(unsigned short v)
-{
-	return ((v & 0xff) << 8) | (v >> 8);
-}
-
-static inline unsigned int bswap_32(unsigned int v)
-{
-	return ((v & 0xff) << 24) | ((v & 0xff00) << 8) |
-		((v & 0xff0000) >> 8) | (v >> 24);
-}
-#endif /* __APPLE__ */
-
-#ifdef CONFIG_TI_COMPILER
-#define __BIG_ENDIAN 4321
-#define __LITTLE_ENDIAN 1234
-#ifdef __big_endian__
-#define __BYTE_ORDER __BIG_ENDIAN
-#else
-#define __BYTE_ORDER __LITTLE_ENDIAN
-#endif
-#endif /* CONFIG_TI_COMPILER */
-
-#ifdef __SYMBIAN32__
-#define __BIG_ENDIAN 4321
-#define __LITTLE_ENDIAN 1234
-#define __BYTE_ORDER __LITTLE_ENDIAN
-#endif /* __SYMBIAN32__ */
-
-#ifdef CONFIG_NATIVE_WINDOWS
-#include <winsock.h>
-
-typedef int socklen_t;
-
-#ifndef MSG_DONTWAIT
-#define MSG_DONTWAIT 0 /* not supported */
-#endif
-
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-#ifdef _MSC_VER
-#define inline __inline
-
-#undef vsnprintf
-#define vsnprintf _vsnprintf
-#undef close
-#define close closesocket
-#endif /* _MSC_VER */
-
-
-/* Define platform specific integer types */
-
-#ifdef _MSC_VER
-typedef UINT64 u64;
-typedef UINT32 u32;
-typedef UINT16 u16;
-typedef UINT8 u8;
-typedef INT64 s64;
-typedef INT32 s32;
-typedef INT16 s16;
-typedef INT8 s8;
-#define WPA_TYPES_DEFINED
-#endif /* _MSC_VER */
-
-#ifdef __vxworks
-typedef unsigned long long u64;
-typedef UINT32 u32;
-typedef UINT16 u16;
-typedef UINT8 u8;
-typedef long long s64;
-typedef INT32 s32;
-typedef INT16 s16;
-typedef INT8 s8;
-#define WPA_TYPES_DEFINED
-#endif /* __vxworks */
-
-#ifdef CONFIG_TI_COMPILER
-#ifdef _LLONG_AVAILABLE
-typedef unsigned long long u64;
-#else
-/*
- * TODO: 64-bit variable not available. Using long as a workaround to test the
- * build, but this will likely not work for all operations.
- */
-typedef unsigned long u64;
-#endif
-typedef unsigned int u32;
-typedef unsigned short u16;
-typedef unsigned char u8;
-#define WPA_TYPES_DEFINED
-#endif /* CONFIG_TI_COMPILER */
-
-#ifdef __SYMBIAN32__
-#define __REMOVE_PLATSEC_DIAGNOSTICS__
-#include <e32def.h>
-typedef TUint64 u64;
-typedef TUint32 u32;
-typedef TUint16 u16;
-typedef TUint8 u8;
-#define WPA_TYPES_DEFINED
-#endif /* __SYMBIAN32__ */
-
-#ifndef WPA_TYPES_DEFINED
-#ifdef CONFIG_USE_INTTYPES_H
-#include <inttypes.h>
-#else
-#include <stdint.h>
-#endif
-
-typedef uint64_t u64;
-typedef uint32_t u32;
-typedef uint16_t u16;
-typedef uint8_t u8;
-typedef int64_t s64;
-typedef int32_t s32;
-typedef int16_t s16;
-typedef int8_t s8;
-#define WPA_TYPES_DEFINED
-#endif /* !WPA_TYPES_DEFINED */
-
-
-/* Define platform specific byte swapping macros */
-
-#if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS)
-
-static inline unsigned short wpa_swap_16(unsigned short v)
-{
-	return ((v & 0xff) << 8) | (v >> 8);
-}
-
-static inline unsigned int wpa_swap_32(unsigned int v)
-{
-	return ((v & 0xff) << 24) | ((v & 0xff00) << 8) |
-		((v & 0xff0000) >> 8) | (v >> 24);
-}
-
-#define le_to_host16(n) (n)
-#define host_to_le16(n) (n)
-#define be_to_host16(n) wpa_swap_16(n)
-#define host_to_be16(n) wpa_swap_16(n)
-#define le_to_host32(n) (n)
-#define be_to_host32(n) wpa_swap_32(n)
-#define host_to_be32(n) wpa_swap_32(n)
-
-#define WPA_BYTE_SWAP_DEFINED
-
-#endif /* __CYGWIN__ || CONFIG_NATIVE_WINDOWS */
-
-
-#ifndef WPA_BYTE_SWAP_DEFINED
-
-#ifndef __BYTE_ORDER
-#ifndef __LITTLE_ENDIAN
-#ifndef __BIG_ENDIAN
-#define __LITTLE_ENDIAN 1234
-#define __BIG_ENDIAN 4321
-#if defined(sparc)
-#define __BYTE_ORDER __BIG_ENDIAN
-#endif
-#endif /* __BIG_ENDIAN */
-#endif /* __LITTLE_ENDIAN */
-#endif /* __BYTE_ORDER */
-
-#if __BYTE_ORDER == __LITTLE_ENDIAN
-#define le_to_host16(n) ((__force u16) (le16) (n))
-#define host_to_le16(n) ((__force le16) (u16) (n))
-#define be_to_host16(n) bswap_16((__force u16) (be16) (n))
-#define host_to_be16(n) ((__force be16) bswap_16((n)))
-#define le_to_host32(n) ((__force u32) (le32) (n))
-#define host_to_le32(n) ((__force le32) (u32) (n))
-#define be_to_host32(n) bswap_32((__force u32) (be32) (n))
-#define host_to_be32(n) ((__force be32) bswap_32((n)))
-#define le_to_host64(n) ((__force u64) (le64) (n))
-#define host_to_le64(n) ((__force le64) (u64) (n))
-#define be_to_host64(n) bswap_64((__force u64) (be64) (n))
-#define host_to_be64(n) ((__force be64) bswap_64((n)))
-#elif __BYTE_ORDER == __BIG_ENDIAN
-#define le_to_host16(n) bswap_16(n)
-#define host_to_le16(n) bswap_16(n)
-#define be_to_host16(n) (n)
-#define host_to_be16(n) (n)
-#define le_to_host32(n) bswap_32(n)
-#define be_to_host32(n) (n)
-#define host_to_be32(n) (n)
-#define le_to_host64(n) bswap_64(n)
-#define host_to_le64(n) bswap_64(n)
-#define be_to_host64(n) (n)
-#define host_to_be64(n) (n)
-#ifndef WORDS_BIGENDIAN
-#define WORDS_BIGENDIAN
-#endif
-#else
-#error Could not determine CPU byte order
-#endif
-
-#define WPA_BYTE_SWAP_DEFINED
-#endif /* !WPA_BYTE_SWAP_DEFINED */
-
-
-/* Macros for handling unaligned memory accesses */
-
-#define WPA_GET_BE16(a) ((u16) (((a)[0] << 8) | (a)[1]))
-#define WPA_PUT_BE16(a, val)			\
-	do {					\
-		(a)[0] = ((u16) (val)) >> 8;	\
-		(a)[1] = ((u16) (val)) & 0xff;	\
-	} while (0)
-
-#define WPA_GET_LE16(a) ((u16) (((a)[1] << 8) | (a)[0]))
-#define WPA_PUT_LE16(a, val)			\
-	do {					\
-		(a)[1] = ((u16) (val)) >> 8;	\
-		(a)[0] = ((u16) (val)) & 0xff;	\
-	} while (0)
-
-#define WPA_GET_BE24(a) ((((u32) (a)[0]) << 16) | (((u32) (a)[1]) << 8) | \
-			 ((u32) (a)[2]))
-#define WPA_PUT_BE24(a, val)					\
-	do {							\
-		(a)[0] = (u8) ((((u32) (val)) >> 16) & 0xff);	\
-		(a)[1] = (u8) ((((u32) (val)) >> 8) & 0xff);	\
-		(a)[2] = (u8) (((u32) (val)) & 0xff);		\
-	} while (0)
-
-#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \
-			 (((u32) (a)[2]) << 8) | ((u32) (a)[3]))
-#define WPA_PUT_BE32(a, val)					\
-	do {							\
-		(a)[0] = (u8) ((((u32) (val)) >> 24) & 0xff);	\
-		(a)[1] = (u8) ((((u32) (val)) >> 16) & 0xff);	\
-		(a)[2] = (u8) ((((u32) (val)) >> 8) & 0xff);	\
-		(a)[3] = (u8) (((u32) (val)) & 0xff);		\
-	} while (0)
-
-#define WPA_GET_LE32(a) ((((u32) (a)[3]) << 24) | (((u32) (a)[2]) << 16) | \
-			 (((u32) (a)[1]) << 8) | ((u32) (a)[0]))
-#define WPA_PUT_LE32(a, val)					\
-	do {							\
-		(a)[3] = (u8) ((((u32) (val)) >> 24) & 0xff);	\
-		(a)[2] = (u8) ((((u32) (val)) >> 16) & 0xff);	\
-		(a)[1] = (u8) ((((u32) (val)) >> 8) & 0xff);	\
-		(a)[0] = (u8) (((u32) (val)) & 0xff);		\
-	} while (0)
-
-#define WPA_GET_BE64(a) ((((u64) (a)[0]) << 56) | (((u64) (a)[1]) << 48) | \
-			 (((u64) (a)[2]) << 40) | (((u64) (a)[3]) << 32) | \
-			 (((u64) (a)[4]) << 24) | (((u64) (a)[5]) << 16) | \
-			 (((u64) (a)[6]) << 8) | ((u64) (a)[7]))
-#define WPA_PUT_BE64(a, val)				\
-	do {						\
-		(a)[0] = (u8) (((u64) (val)) >> 56);	\
-		(a)[1] = (u8) (((u64) (val)) >> 48);	\
-		(a)[2] = (u8) (((u64) (val)) >> 40);	\
-		(a)[3] = (u8) (((u64) (val)) >> 32);	\
-		(a)[4] = (u8) (((u64) (val)) >> 24);	\
-		(a)[5] = (u8) (((u64) (val)) >> 16);	\
-		(a)[6] = (u8) (((u64) (val)) >> 8);	\
-		(a)[7] = (u8) (((u64) (val)) & 0xff);	\
-	} while (0)
-
-#define WPA_GET_LE64(a) ((((u64) (a)[7]) << 56) | (((u64) (a)[6]) << 48) | \
-			 (((u64) (a)[5]) << 40) | (((u64) (a)[4]) << 32) | \
-			 (((u64) (a)[3]) << 24) | (((u64) (a)[2]) << 16) | \
-			 (((u64) (a)[1]) << 8) | ((u64) (a)[0]))
-
-
-#ifndef ETH_ALEN
-#define ETH_ALEN 6
-#endif
-#ifndef IFNAMSIZ
-#define IFNAMSIZ 16
-#endif
-#ifndef ETH_P_ALL
-#define ETH_P_ALL 0x0003
-#endif
-#ifndef ETH_P_PAE
-#define ETH_P_PAE 0x888E /* Port Access Entity (IEEE 802.1X) */
-#endif /* ETH_P_PAE */
-#ifndef ETH_P_EAPOL
-#define ETH_P_EAPOL ETH_P_PAE
-#endif /* ETH_P_EAPOL */
-#ifndef ETH_P_RSN_PREAUTH
-#define ETH_P_RSN_PREAUTH 0x88c7
-#endif /* ETH_P_RSN_PREAUTH */
-#ifndef ETH_P_RRB
-#define ETH_P_RRB 0x890D
-#endif /* ETH_P_RRB */
-
-
-#ifdef __GNUC__
-#define PRINTF_FORMAT(a,b) __attribute__ ((format (printf, (a), (b))))
-#define STRUCT_PACKED __attribute__ ((packed))
-#else
-#define PRINTF_FORMAT(a,b)
-#define STRUCT_PACKED
-#endif
-
-#ifdef CONFIG_ANSI_C_EXTRA
-
-#if !defined(_MSC_VER) || _MSC_VER < 1400
-/* snprintf - used in number of places; sprintf() is _not_ a good replacement
- * due to possible buffer overflow; see, e.g.,
- * http://www.ijs.si/software/snprintf/ for portable implementation of
- * snprintf. */
-int snprintf(char *str, size_t size, const char *format, ...);
-
-/* vsnprintf - only used for wpa_msg() in wpa_supplicant.c */
-int vsnprintf(char *str, size_t size, const char *format, va_list ap);
-#endif /* !defined(_MSC_VER) || _MSC_VER < 1400 */
-
-/* getopt - only used in main.c */
-int getopt(int argc, char *const argv[], const char *optstring);
-extern char *optarg;
-extern int optind;
-
-#ifndef CONFIG_NO_SOCKLEN_T_TYPEDEF
-#ifndef __socklen_t_defined
-typedef int socklen_t;
-#endif
-#endif
-
-/* inline - define as __inline or just define it to be empty, if needed */
-#ifdef CONFIG_NO_INLINE
-#define inline
-#else
-#define inline __inline
-#endif
-
-#ifndef __func__
-#define __func__ "__func__ not defined"
-#endif
-
-#ifndef bswap_16
-#define bswap_16(a) ((((u16) (a) << 8) & 0xff00) | (((u16) (a) >> 8) & 0xff))
-#endif
-
-#ifndef bswap_32
-#define bswap_32(a) ((((u32) (a) << 24) & 0xff000000) | \
-		     (((u32) (a) << 8) & 0xff0000) | \
-     		     (((u32) (a) >> 8) & 0xff00) | \
-     		     (((u32) (a) >> 24) & 0xff))
-#endif
-
-#ifndef MSG_DONTWAIT
-#define MSG_DONTWAIT 0
-#endif
-
-#ifdef _WIN32_WCE
-void perror(const char *s);
-#endif /* _WIN32_WCE */
-
-#endif /* CONFIG_ANSI_C_EXTRA */
-
-#ifndef MAC2STR
-#define MAC2STR(a) (a)[0], (a)[1], (a)[2], (a)[3], (a)[4], (a)[5]
-#define MACSTR "%02x:%02x:%02x:%02x:%02x:%02x"
-#endif
-
-#ifndef BIT
-#define BIT(x) (1 << (x))
-#endif
-
-/*
- * Definitions for sparse validation
- * (http://kernel.org/pub/linux/kernel/people/josh/sparse/)
- */
-#ifdef __CHECKER__
-#define __force __attribute__((force))
-#define __bitwise __attribute__((bitwise))
-#else
-#define __force
-#define __bitwise
-#endif
-
-typedef u16 __bitwise be16;
-typedef u16 __bitwise le16;
-typedef u32 __bitwise be32;
-typedef u32 __bitwise le32;
-typedef u64 __bitwise be64;
-typedef u64 __bitwise le64;
-
-#ifndef __must_check
-#if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)
-#define __must_check __attribute__((__warn_unused_result__))
-#else
-#define __must_check
-#endif /* __GNUC__ */
-#endif /* __must_check */
-
-int hwaddr_aton(const char *txt, u8 *addr);
-int hwaddr_aton2(const char *txt, u8 *addr);
-int hexstr2bin(const char *hex, u8 *buf, size_t len);
-void inc_byte_array(u8 *counter, size_t len);
-void wpa_get_ntp_timestamp(u8 *buf);
-int wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data, size_t len);
-int wpa_snprintf_hex_uppercase(char *buf, size_t buf_size, const u8 *data,
-			       size_t len);
-
-#ifdef CONFIG_NATIVE_WINDOWS
-void wpa_unicode2ascii_inplace(TCHAR *str);
-TCHAR * wpa_strdup_tchar(const char *str);
-#else /* CONFIG_NATIVE_WINDOWS */
-#define wpa_unicode2ascii_inplace(s) do { } while (0)
-#define wpa_strdup_tchar(s) strdup((s))
-#endif /* CONFIG_NATIVE_WINDOWS */
-
-const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
-
-static inline int is_zero_ether_addr(const u8 *a)
-{
-	return !(a[0] | a[1] | a[2] | a[3] | a[4] | a[5]);
-}
-
-/*
- * gcc 4.4 ends up generating strict-aliasing warnings about some very common
- * networking socket uses that do not really result in a real problem and
- * cannot be easily avoided with union-based type-punning due to struct
- * definitions including another struct in system header files. To avoid having
- * to fully disable strict-aliasing warnings, provide a mechanism to hide the
- * typecast from aliasing for now. A cleaner solution will hopefully be found
- * in the future to handle these cases.
- */
-void * __hide_aliasing_typecast(void *foo);
-#define aliasing_hide_typecast(a,t) (t *) __hide_aliasing_typecast((a))
-
-#endif /* COMMON_H */

components/wpa_supplicant/include/crypto/crypto.h

@@ -27,7 +27,7 @@
 #ifndef CRYPTO_H
 #define CRYPTO_H
 
-#include "common.h"
+#include "utils/common.h"
 
 /**
  * md4_vector - MD4 hash for data vector

components/wpa_supplicant/include/crypto/dh_group5.h

@@ -15,7 +15,7 @@
 #ifndef DH_GROUP5_H
 #define DH_GROUP5_H
 
-#include "wpa/wpabuf.h"
+#include "utils/wpabuf.h"
 
 void * dh5_init(struct wpabuf **priv, struct wpabuf **publ);
 struct wpabuf * dh5_derive_shared(void *ctx, const struct wpabuf *peer_public,

components/wpa_supplicant/include/crypto/wepkey.h

@@ -0,0 +1,10 @@
+#ifndef WEPKEY_H
+#define WEPKEY_H
+
+#define WEPKEY_64_BYTES   5
+#define WePKEY_128_BYTES  13
+
+unsigned int wepkey_64(uint8_t *out, unsigned int size, const char *in, int n);
+unsigned int wepkey_128(uint8_t *out, unsigned int size, const char *in, int n);
+
+#endif /* WEPKEY_H */

components/wpa_supplicant/include/esp_supplicant/esp_wpa.h

@@ -0,0 +1,66 @@
+// Copyright 2019 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __ESP_WPA_H__
+#define __ESP_WPA_H__
+
+#include <stdint.h>
+#include <stdbool.h>
+#include "esp_err.h"
+#include "esp_wifi_crypto_types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** \defgroup WiFi_APIs WiFi Related APIs
+  * @brief WiFi APIs
+  */
+
+/** @addtogroup WiFi_APIs
+  * @{
+  */
+
+/** \defgroup WPA_APIs  WPS APIs
+  * @brief ESP32 Supplicant APIs
+  *
+  */
+
+/** @addtogroup WPA_APIs
+  * @{
+  */
+
+
+/**
+  * @brief     Supplicant initialization
+  *
+  * @return    
+  *          - ESP_OK : succeed
+  *          - ESP_ERR_NO_MEM : out of memory
+  */
+esp_err_t esp_supplicant_init(void);
+
+/**
+  * @}
+  */
+
+/**
+  * @}
+  */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __ESP_WPA_H__ */

components/esp_wifi/include/esp_wpa2.h → components/wpa_supplicant/include/esp_supplicant/esp_wpa2.h

@@ -1,4 +1,4 @@
-// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
+// Hardware crypto support Copyright 2019 Espressif Systems (Shanghai) PTE LTD
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,28 +12,17 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#ifndef ESP_WPA2_H
-#define ESP_WPA2_H
+#ifndef _ESP_WPA2_H
+#define _ESP_WPA2_H
 
 #include <stdbool.h>
 
 #include "esp_err.h"
-#include "esp_wifi_crypto_types.h"
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-extern const wpa2_crypto_funcs_t g_wifi_default_wpa2_crypto_funcs;
-
-typedef struct {
-    const wpa2_crypto_funcs_t *crypto_funcs;
-}esp_wpa2_config_t;
-
-#define WPA2_CONFIG_INIT_DEFAULT() { \
-    .crypto_funcs = &g_wifi_default_wpa2_crypto_funcs \
-}
-
 /**
   * @brief  Enable wpa2 enterprise authentication.
   *
@@ -44,7 +33,7 @@ typedef struct {
   *    - ESP_OK: succeed.
   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
   */
-esp_err_t esp_wifi_sta_wpa2_ent_enable(const esp_wpa2_config_t *config);
+esp_err_t esp_wifi_sta_wpa2_ent_enable(void);
 
 /**
   * @brief  Disable wpa2 enterprise authentication.

components/esp_wifi/include/esp_wps.h → components/wpa_supplicant/include/esp_supplicant/esp_wps.h

@@ -1,4 +1,4 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+// Copyright 2019 Espressif Systems (Shanghai) PTE LTD
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -54,8 +54,6 @@ typedef enum wps_type {
     WPS_TYPE_MAX,
 } wps_type_t;
 
-extern const wps_crypto_funcs_t g_wifi_default_wps_crypto_funcs;
-
 #define WPS_MAX_MANUFACTURER_LEN 65
 #define WPS_MAX_MODEL_NUMBER_LEN 33
 #define WPS_MAX_MODEL_NAME_LEN   33
@@ -70,13 +68,11 @@ typedef struct {
 
 typedef struct {
     wps_type_t wps_type;
-    const wps_crypto_funcs_t *crypto_funcs;
     wps_factory_information_t factory_info;
 } esp_wps_config_t;
 
 #define WPS_CONFIG_INIT_DEFAULT(type) { \
     .wps_type = type, \
-    .crypto_funcs = &g_wifi_default_wps_crypto_funcs, \
     .factory_info = {   \
         .manufacturer = "ESPRESSIF",  \
         .model_number = "ESP32",  \

components/wpa_supplicant/include/wpa/common.h → components/wpa_supplicant/include/utils/common.h

@@ -18,6 +18,7 @@
 #if defined(__ets__)
 #endif /* ets */
 #include "os.h"
+#include "esp_bit_defs.h"
 
 /* Define platform specific variable type macros */
 #if defined(ESP_PLATFORM)

components/wpa_supplicant/include/wpa/wpa_debug.h → components/wpa_supplicant/include/utils/wpa_debug.h

@@ -75,6 +75,7 @@ void wpa_debug_print_timestamp(void);
 #ifdef DEBUG_PRINT
 #define wpa_printf(level,fmt, args...) ESP_LOG_LEVEL_LOCAL(level, TAG, fmt, ##args)
 
+void wpa_dump_mem(char* desc, uint8_t *addr, uint16_t len);
 static inline void wpa_hexdump_ascii(int level, const char *title, const u8 *buf, size_t len)
 {
 

components/wpa_supplicant/include/wpa/hostapd.h

@@ -1,312 +0,0 @@
-/*
- * hostapd / Initialization and configuration
- * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef HOSTAPD_H
-#define HOSTAPD_H
-
-#include "wpa/defs.h"
-#include "wpa/ap_config.h"
-
-struct wpa_driver_ops;
-struct wpa_ctrl_dst;
-struct radius_server_data;
-struct upnp_wps_device_sm;
-struct hostapd_data;
-struct sta_info;
-struct hostap_sta_driver_data;
-struct ieee80211_ht_capabilities;
-struct full_dynamic_vlan;
-enum wps_event;
-union wps_event_data;
-
-struct hostapd_iface;
-
-struct hapd_interfaces {
-	int (*reload_config)(struct hostapd_iface *iface);
-	struct hostapd_config * (*config_read_cb)(const char *config_fname);
-	int (*ctrl_iface_init)(struct hostapd_data *hapd);
-	void (*ctrl_iface_deinit)(struct hostapd_data *hapd);
-	int (*for_each_interface)(struct hapd_interfaces *interfaces,
-				  int (*cb)(struct hostapd_iface *iface,
-					    void *ctx), void *ctx);
-	int (*driver_init)(struct hostapd_iface *iface);
-
-	size_t count;
-	int global_ctrl_sock;
-	char *global_iface_path;
-	char *global_iface_name;
-	struct hostapd_iface **iface;
-};
-
-
-struct hostapd_probereq_cb {
-	int (*cb)(void *ctx, const u8 *sa, const u8 *da, const u8 *bssid,
-		  const u8 *ie, size_t ie_len, int ssi_signal);
-	void *ctx;
-};
-
-#define HOSTAPD_RATE_BASIC 0x00000001
-
-struct hostapd_rate_data {
-	int rate; /* rate in 100 kbps */
-	int flags; /* HOSTAPD_RATE_ flags */
-};
-
-struct hostapd_frame_info {
-	u32 channel;
-	u32 datarate;
-	int ssi_signal; /* dBm */
-};
-
-
-/**
- * struct hostapd_data - hostapd per-BSS data structure
- */
-struct hostapd_data {
-//	struct hostapd_iface *iface;
-	struct hostapd_config *iconf;
-	struct hostapd_bss_config *conf;
-	int interface_added; /* virtual interface added for this BSS */
-
-	u8 own_addr[ETH_ALEN];
-
-	int num_sta; /* number of entries in sta_list */
-//	struct sta_info *sta_list; /* STA info list head */
-//#define STA_HASH_SIZE 256
-//#define STA_HASH(sta) (sta[5])
-//	struct sta_info *sta_hash[STA_HASH_SIZE];
-
-//	/*
-//	 * Bitfield for indicating which AIDs are allocated. Only AID values
-//	 * 1-2007 are used and as such, the bit at index 0 corresponds to AID
-//	 * 1.
-//	 */
-//#define AID_WORDS ((2008 + 31) / 32)
-//	u32 sta_aid[AID_WORDS];
-
-//	const struct wpa_driver_ops *driver;
-//	void *drv_priv;
-
-//	void (*new_assoc_sta_cb)(struct hostapd_data *hapd,
-//				 struct sta_info *sta, int reassoc);
-
-//	void *msg_ctx; /* ctx for wpa_msg() calls */
-//	void *msg_ctx_parent; /* parent interface ctx for wpa_msg() calls */
-
-//	struct radius_client_data *radius;
-//	u32 acct_session_id_hi, acct_session_id_lo;
-//	struct radius_das_data *radius_das;
-
-//	struct iapp_data *iapp;
-
-//	struct hostapd_cached_radius_acl *acl_cache;
-//	struct hostapd_acl_query_data *acl_queries;
-
-	struct wpa_authenticator *wpa_auth;
-//	struct eapol_authenticator *eapol_auth;
-
-//	struct rsn_preauth_interface *preauth_iface;
-//	time_t michael_mic_failure;
-//	int michael_mic_failures;
-//	int tkip_countermeasures;
-
-//	int ctrl_sock;
-//	struct wpa_ctrl_dst *ctrl_dst;
-
-//	void *ssl_ctx;
-//	void *eap_sim_db_priv;
-//	struct radius_server_data *radius_srv;
-
-//	int parameter_set_count;
-
-	/* Time Advertisement */
-//	u8 time_update_counter;
-//	struct wpabuf *time_adv;
-
-#ifdef CONFIG_FULL_DYNAMIC_VLAN
-	struct full_dynamic_vlan *full_dynamic_vlan;
-#endif /* CONFIG_FULL_DYNAMIC_VLAN */
-
-//	struct l2_packet_data *l2;
-//	struct wps_context *wps;
-
-//	int beacon_set_done;
-//	struct wpabuf *wps_beacon_ie;
-//	struct wpabuf *wps_probe_resp_ie;
-#ifdef CONFIG_WPS
-	unsigned int ap_pin_failures;
-	unsigned int ap_pin_failures_consecutive;
-	struct upnp_wps_device_sm *wps_upnp;
-	unsigned int ap_pin_lockout_time;
-#endif /* CONFIG_WPS */
-
-//	struct hostapd_probereq_cb *probereq_cb;
-//	size_t num_probereq_cb;
-
-//	void (*public_action_cb)(void *ctx, const u8 *buf, size_t len,
-//				 int freq);
-//	void *public_action_cb_ctx;
-
-//	int (*vendor_action_cb)(void *ctx, const u8 *buf, size_t len,
-//				int freq);
-//	void *vendor_action_cb_ctx;
-
-//	void (*wps_reg_success_cb)(void *ctx, const u8 *mac_addr,
-//				   const u8 *uuid_e);
-//	void *wps_reg_success_cb_ctx;
-
-//	void (*wps_event_cb)(void *ctx, enum wps_event event,
-//			     union wps_event_data *data);
-//	void *wps_event_cb_ctx;
-
-//	void (*sta_authorized_cb)(void *ctx, const u8 *mac_addr,
-//				  int authorized, const u8 *p2p_dev_addr);
-//	void *sta_authorized_cb_ctx;
-
-//	void (*setup_complete_cb)(void *ctx);
-//	void *setup_complete_cb_ctx;
-
-#ifdef CONFIG_P2P
-	struct p2p_data *p2p;
-	struct p2p_group *p2p_group;
-	struct wpabuf *p2p_beacon_ie;
-	struct wpabuf *p2p_probe_resp_ie;
-
-	/* Number of non-P2P association stations */
-	int num_sta_no_p2p;
-
-	/* Periodic NoA (used only when no non-P2P clients in the group) */
-	int noa_enabled;
-	int noa_start;
-	int noa_duration;
-#endif /* CONFIG_P2P */
-#ifdef CONFIG_INTERWORKING
-	size_t gas_frag_limit;
-#endif /* CONFIG_INTERWORKING */
-
-#ifdef CONFIG_SQLITE
-	struct hostapd_eap_user tmp_eap_user;
-#endif /* CONFIG_SQLITE */
-};
-
-#if 0
-/**
- * struct hostapd_iface - hostapd per-interface data structure
- */
-struct hostapd_iface {
-	struct hapd_interfaces *interfaces;
-	void *owner;
-	char *config_fname;
-	struct hostapd_config *conf;
-
-	size_t num_bss;
-	struct hostapd_data **bss;
-
-	int num_ap; /* number of entries in ap_list */
-	struct ap_info *ap_list; /* AP info list head */
-	struct ap_info *ap_hash[STA_HASH_SIZE];
-	struct ap_info *ap_iter_list;
-
-	unsigned int drv_flags;
-
-	/*
-	 * A bitmap of supported protocols for probe response offload. See
-	 * struct wpa_driver_capa in driver.h
-	 */
-	unsigned int probe_resp_offloads;
-
-	struct hostapd_hw_modes *hw_features;
-	int num_hw_features;
-	struct hostapd_hw_modes *current_mode;
-	/* Rates that are currently used (i.e., filtered copy of
-	 * current_mode->channels */
-	int num_rates;
-	struct hostapd_rate_data *current_rates;
-	int *basic_rates;
-	int freq;
-
-	u16 hw_flags;
-
-	/* Number of associated Non-ERP stations (i.e., stations using 802.11b
-	 * in 802.11g BSS) */
-	int num_sta_non_erp;
-
-	/* Number of associated stations that do not support Short Slot Time */
-	int num_sta_no_short_slot_time;
-
-	/* Number of associated stations that do not support Short Preamble */
-	int num_sta_no_short_preamble;
-
-	int olbc; /* Overlapping Legacy BSS Condition */
-
-	/* Number of HT associated stations that do not support greenfield */
-	int num_sta_ht_no_gf;
-
-	/* Number of associated non-HT stations */
-	int num_sta_no_ht;
-
-	/* Number of HT associated stations 20 MHz */
-	int num_sta_ht_20mhz;
-
-	/* Overlapping BSS information */
-	int olbc_ht;
-
-	u16 ht_op_mode;
-	void (*scan_cb)(struct hostapd_iface *iface);
-};
-#endif
-
-#if 0
-/* hostapd.c */
-int hostapd_for_each_interface(struct hapd_interfaces *interfaces,
-			       int (*cb)(struct hostapd_iface *iface,
-					 void *ctx), void *ctx);
-int hostapd_reload_config(struct hostapd_iface *iface);
-struct hostapd_data *
-hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
-		       struct hostapd_config *conf,
-		       struct hostapd_bss_config *bss);
-int hostapd_setup_interface(struct hostapd_iface *iface);
-int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
-void hostapd_interface_deinit(struct hostapd_iface *iface);
-void hostapd_interface_free(struct hostapd_iface *iface);
-void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
-			   int reassoc);
-void hostapd_interface_deinit_free(struct hostapd_iface *iface);
-int hostapd_enable_iface(struct hostapd_iface *hapd_iface);
-int hostapd_reload_iface(struct hostapd_iface *hapd_iface);
-int hostapd_disable_iface(struct hostapd_iface *hapd_iface);
-int hostapd_add_iface(struct hapd_interfaces *ifaces, char *buf);
-int hostapd_remove_iface(struct hapd_interfaces *ifaces, char *buf);
-
-/* utils.c */
-int hostapd_register_probereq_cb(struct hostapd_data *hapd,
-				 int (*cb)(void *ctx, const u8 *sa,
-					   const u8 *da, const u8 *bssid,
-					   const u8 *ie, size_t ie_len,
-					   int ssi_signal),
-				 void *ctx);
-void hostapd_prune_associations(struct hostapd_data *hapd, const u8 *addr);
-
-/* drv_callbacks.c (TODO: move to somewhere else?) */
-int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
-			const u8 *ie, size_t ielen, int reassoc);
-void hostapd_notif_disassoc(struct hostapd_data *hapd, const u8 *addr);
-void hostapd_event_sta_low_ack(struct hostapd_data *hapd, const u8 *addr);
-int hostapd_probe_req_rx(struct hostapd_data *hapd, const u8 *sa, const u8 *da,
-			 const u8 *bssid, const u8 *ie, size_t ie_len,
-			 int ssi_signal);
-void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht,
-			     int offset);
-
-const struct hostapd_eap_user *
-hostapd_get_eap_user(struct hostapd_data *hapd, const u8 *identity,
-		     size_t identity_len, int phase2);
-#endif
-
-#endif /* HOSTAPD_H */

components/wpa_supplicant/include/wpa/ieee80211_crypto.h

@@ -1,226 +0,0 @@
-/*-
- * Copyright (c) 2001 Atsushi Onoe
- * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-/*
- * copyright (c) 2010-2011  Espressif System
- */
-#ifndef _NET80211_IEEE80211_CRYPTO_H_
-#define _NET80211_IEEE80211_CRYPTO_H_
-
-//#include "pp/esf_buf.h"
-
-/*
- * 802.11 protocol crypto-related definitions.
- */
-#define	IEEE80211_KEYBUF_SIZE	16
-#define	IEEE80211_MICBUF_SIZE	(8+8)	/* space for both tx+rx keys */
-
-/*
- * Old WEP-style key.  Deprecated.
- */
-
-#if 0
-struct ieee80211_rsnparms {
-	uint8_t		rsn_mcastcipher;	/* mcast/group cipher */
-	uint8_t		rsn_mcastkeylen;	/* mcast key length */
-	uint8_t		rsn_ucastcipher;	/* selected unicast cipher */
-	uint8_t		rsn_ucastkeylen;	/* unicast key length */
-	uint8_t		rsn_keymgmt;		/* selected key mgmt algo */
-	uint16_t	rsn_caps;		/* capabilities */
-};
-#endif //0000
-
-/*
- * Template for a supported cipher.  Ciphers register with the
- * crypto code and are typically loaded as separate modules
- * (the null cipher is always present).
- * XXX may need refcnts
- */
-
-/*
- * Crypto key state.  There is sufficient room for all supported
- * ciphers (see below).  The underlying ciphers are handled
- * separately through loadable cipher modules that register with
- * the generic crypto support.  A key has a reference to an instance
- * of the cipher; any per-key state is hung off wk_private by the
- * cipher when it is attached.  Ciphers are automatically called
- * to detach and cleanup any such state when the key is deleted.
- *
- * The generic crypto support handles encap/decap of cipher-related
- * frame contents for both hardware- and software-based implementations.
- * A key requiring software crypto support is automatically flagged and
- * the cipher is expected to honor this and do the necessary work.
- * Ciphers such as TKIP may also support mixed hardware/software
- * encrypt/decrypt and MIC processing.
- */
-typedef uint16_t ieee80211_keyix;	/* h/w key index */
-
-struct ieee80211_key {
-	uint8_t		wk_keylen;	/* key length in bytes */
-	uint8_t		wk_pad;
-	uint16_t	wk_flags;
-#define	IEEE80211_KEY_XMIT	0x0001	/* key used for xmit */
-#define	IEEE80211_KEY_RECV	0x0002	/* key used for recv */
-#define	IEEE80211_KEY_GROUP	0x0004	/* key used for WPA group operation */
-#define	IEEE80211_KEY_SWENCRYPT	0x0010	/* host-based encrypt */
-#define	IEEE80211_KEY_SWDECRYPT	0x0020	/* host-based decrypt */
-#define	IEEE80211_KEY_SWENMIC	0x0040	/* host-based enmic */
-#define	IEEE80211_KEY_SWDEMIC	0x0080	/* host-based demic */
-#define	IEEE80211_KEY_DEVKEY	0x0100	/* device key request completed */
-#define	IEEE80211_KEY_CIPHER0	0x1000	/* cipher-specific action 0 */
-#define	IEEE80211_KEY_CIPHER1	0x2000	/* cipher-specific action 1 */
-#define IEEE80211_KEY_EMPTY     0x0000
-	ieee80211_keyix	wk_keyix;	/* h/w key index */
-	ieee80211_keyix	wk_rxkeyix;	/* optional h/w rx key index */
-	uint8_t		wk_key[IEEE80211_KEYBUF_SIZE+IEEE80211_MICBUF_SIZE];
-#define	wk_txmic	wk_key+IEEE80211_KEYBUF_SIZE+0	/* XXX can't () right */
-#define	wk_rxmic	wk_key+IEEE80211_KEYBUF_SIZE+8	/* XXX can't () right */
-					/* key receive sequence counter */
-	uint64_t	wk_keyrsc[IEEE80211_TID_SIZE];
-	uint64_t	wk_keytsc;	/* key transmit sequence counter */
-	const struct ieee80211_cipher *wk_cipher;
-	//void		*wk_private;	/* private cipher state */
-	//uint8_t		wk_macaddr[IEEE80211_ADDR_LEN]; //JLU: no need ...
-};
-#define	IEEE80211_KEY_COMMON 		/* common flags passed in by apps */\
-	(IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV | IEEE80211_KEY_GROUP)
-#define	IEEE80211_KEY_DEVICE		/* flags owned by device driver */\
-	(IEEE80211_KEY_DEVKEY|IEEE80211_KEY_CIPHER0|IEEE80211_KEY_CIPHER1)
-
-#define	IEEE80211_KEY_SWCRYPT \
-	(IEEE80211_KEY_SWENCRYPT | IEEE80211_KEY_SWDECRYPT)
-#define	IEEE80211_KEY_SWMIC	(IEEE80211_KEY_SWENMIC | IEEE80211_KEY_SWDEMIC)
-
-//#define	IEEE80211_KEYIX_NONE	((ieee80211_keyix) -1)
-
-/*
- * NB: these values are ordered carefully; there are lots of
- * of implications in any reordering.  Beware that 4 is used
- * only to indicate h/w TKIP MIC support in driver capabilities;
- * there is no separate cipher support (it's rolled into the
- * TKIP cipher support).
- */
-#define	IEEE80211_CIPHER_NONE		0	/* pseudo value */
-#define	IEEE80211_CIPHER_TKIP		1
-#define	IEEE80211_CIPHER_AES_OCB	2
-#define	IEEE80211_CIPHER_AES_CCM	3
-#define	IEEE80211_CIPHER_TKIPMIC	4	/* TKIP MIC capability */
-#define	IEEE80211_CIPHER_CKIP		5
-#define	IEEE80211_CIPHER_WEP		6
-#define	IEEE80211_CIPHER_WEP40		7
-#define	IEEE80211_CIPHER_WEP104		8
-
-
-#define	IEEE80211_CIPHER_MAX		(IEEE80211_CIPHER_NONE+2)
-
-/* capability bits in ic_cryptocaps/iv_cryptocaps */
-#define	IEEE80211_CRYPTO_NONE		(1<<IEEE80211_CIPHER_NONE)
-#define	IEEE80211_CRYPTO_WEP		(1<<IEEE80211_CIPHER_WEP)
-#define	IEEE80211_CRYPTO_WEP40		(1<<IEEE80211_CIPHER_WEP40)
-#define	IEEE80211_CRYPTO_WEP104	(1<<IEEE80211_CIPHER_WEP104)
-#define	IEEE80211_CRYPTO_TKIP		(1<<IEEE80211_CIPHER_TKIP)
-#define	IEEE80211_CRYPTO_AES_OCB	(1<<IEEE80211_CIPHER_AES_OCB)
-#define	IEEE80211_CRYPTO_AES_CCM	(1<<IEEE80211_CIPHER_AES_CCM)
-#define	IEEE80211_CRYPTO_TKIPMIC	(1<<IEEE80211_CIPHER_TKIPMIC)
-#define	IEEE80211_CRYPTO_CKIP		(1<<IEEE80211_CIPHER_CKIP)
-
-struct ieee80211_cipher {
-	u_int	ic_cipher;		/* IEEE80211_CIPHER_* */
-	u_int	ic_header;		/* size of privacy header (bytes) */
-	u_int	ic_trailer;		/* size of privacy trailer (bytes) */
-	u_int	ic_miclen;		/* size of mic trailer (bytes) */
-//	int	(*ic_setkey)(struct ieee80211_key *);
-	int	(*ic_encap)(struct ieee80211_key *, esf_buf_t *, uint8_t);
-	int	(*ic_decap)(struct ieee80211_key *, esf_buf_t *, int);
-#ifdef EAGLE_SW_MIC
-	int	(*ic_enmic)(struct ieee80211_key *, esf_buf_t *, int);
-	int	(*ic_demic)(struct ieee80211_key *, esf_buf_t *, int);
-#endif /* EAGLE_SW_CRYPTO */
-};
-
-struct ieee80211com;
-struct ieee80211_conn;
-
-#define	IEEE80211_KEY_UNDEFINED(k) \
-	((k)->wk_cipher == &ieee80211_cipher_none)
-
-struct ieee80211_key *ieee80211_crypto_encap(struct ieee80211_conn *,
-		esf_buf *);
-
-struct ieee80211_key *ieee80211_crypto_decap(struct ieee80211_conn *,
-		esf_buf *, int);
-
-#if 0 //H/W MIC
-/*
- * Check and remove any MIC.
- */
-static INLINE int
-ieee80211_crypto_demic(struct ieee80211vap *vap, struct ieee80211_key *k,
-	esf_buf *m, int force)
-{
-	const struct ieee80211_cipher *cip = k->wk_cipher;
-	return (cip->ic_miclen > 0 ? cip->ic_demic(k, m, force) : 1);
-}
-
-/*
- * Add any MIC.
- */
-static INLINE int
-ieee80211_crypto_enmic(struct ieee80211vap *vap,
-	struct ieee80211_key *k, esf_buf *m, int force)
-{
-	const struct ieee80211_cipher *cip = k->wk_cipher;
-	return (cip->ic_miclen > 0 ? cip->ic_enmic(k, m, force) : 1);
-}
-#endif //0000
-
-/* 
- * Setup crypto support for a device/shared instance.
- */
-void ieee80211_crypto_attach(struct ieee80211com *ic);
-
-/* 
- * Reset key state to an unused state.  The crypto
- * key allocation mechanism insures other state (e.g.
- * key data) is properly setup before a key is used.
- */
-static inline void
-ieee80211_crypto_resetkey(struct ieee80211_key *k)
-{
-	k->wk_cipher = NULL;
-	k->wk_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV;
-}
-
-/*
- * Crypt-related notification methods.
- */
-//void	ieee80211_notify_replay_failure(const struct ieee80211_frame *, const struct ieee80211_key *,
-//		uint64_t rsc, int tid);
-//void	ieee80211_notify_michael_failure(const struct ieee80211_frame *, u_int keyix);
-
-#endif /* _NET80211_IEEE80211_CRYPTO_H_ */

components/wpa_supplicant/include/wpa/ieee802_1x.h

@@ -1,64 +0,0 @@
-/*
- * hostapd / IEEE 802.1X-2004 Authenticator
- * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef IEEE802_1X_H
-#define IEEE802_1X_H
-
-struct hostapd_data;
-struct sta_info;
-struct eapol_state_machine;
-struct hostapd_config;
-struct hostapd_bss_config;
-struct hostapd_radius_attr;
-struct radius_msg;
-
-
-void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
-			size_t len);
-
-#if 0
-void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta);
-void ieee802_1x_free_station(struct sta_info *sta);
-
-void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta);
-void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta);
-void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
-				   struct sta_info *sta, int authorized);
-void ieee802_1x_dump_state(FILE *f, const char *prefix, struct sta_info *sta);
-int ieee802_1x_init(struct hostapd_data *hapd);
-void ieee802_1x_deinit(struct hostapd_data *hapd);
-int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
-			 const u8 *buf, size_t len, int ack);
-int ieee802_1x_eapol_tx_status(struct hostapd_data *hapd, struct sta_info *sta,
-			       const u8 *data, int len, int ack);
-u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len);
-u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len,
-				 int idx);
-struct wpabuf * ieee802_1x_get_radius_cui(struct eapol_state_machine *sm);
-const u8 * ieee802_1x_get_key(struct eapol_state_machine *sm, size_t *len);
-void ieee802_1x_notify_port_enabled(struct eapol_state_machine *sm,
-				    int enabled);
-void ieee802_1x_notify_port_valid(struct eapol_state_machine *sm,
-				  int valid);
-void ieee802_1x_notify_pre_auth(struct eapol_state_machine *sm, int pre_auth);
-int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen);
-int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
-			   char *buf, size_t buflen);
-void hostapd_get_ntp_timestamp(u8 *buf);
-char *eap_type_text(u8 type);
-
-const char *radius_mode_txt(struct hostapd_data *hapd);
-int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta);
-
-int add_common_radius_attr(struct hostapd_data *hapd,
-			   struct hostapd_radius_attr *req_attr,
-			   struct sta_info *sta,
-			   struct radius_msg *msg);
-#endif
-
-#endif /* IEEE802_1X_H */

components/wpa_supplicant/include/wpa/includes.h

@@ -1,31 +0,0 @@
-/*
- * wpa_supplicant/hostapd - Default include files
- * Copyright (c) 2005-2006, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- *
- * This header file is included into all C files so that commonly used header
- * files can be selected with OS specific ifdef blocks in one place instead of
- * having to have OS/C library specific selection in many files.
- */
-
-#ifndef INCLUDES_H
-#define INCLUDES_H
-
-/* Include possible build time configuration before including anything else */
-//#include "build_config.h"  //don't need anymore
-
-//#include <stdlib.h>
-//#include <stdio.h>
-//#include <string.h>
-//#include <ctype.h>
-//#include <time.h>
-
-#endif /* INCLUDES_H */

components/wpa_supplicant/include/wpa/wpas_glue.h

@@ -1,31 +0,0 @@
-/*
- * WPA Supplicant - Glue code to setup EAPOL and RSN modules
- * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
- */
-
-#ifndef WPAS_GLUE_H
-#define WPAS_GLUE_H
-
-u8 * wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type,
-				      const void *data, u16 data_len,
-				      size_t *msg_len, void **data_pos);
-
-int wpa_sm_mlme_setprotection(struct wpa_sm *sm, const u8 *addr,
-					    int protect_type, int key_type);
-
-void wpa_sm_deauthenticate(struct wpa_sm *sm, uint8 reason_code);
-
-void wpa_sm_disassociate(struct wpa_sm *sm, int reason_code);
-
-int wpa_sm_get_beacon_ie(struct wpa_sm *sm);
-
-#endif /* WPAS_GLUE_H */

components/wpa_supplicant/include/wpa2/utils/base64.h

@@ -1,17 +0,0 @@
-/*
- * Base64 encoding/decoding (RFC1341)
- * Copyright (c) 2005, Jouni Malinen <j@w1.fi>
- *
- * This software may be distributed under the terms of the BSD license.
- * See README for more details.
- */
-
-#ifndef BASE64_H
-#define BASE64_H
-
-unsigned char * base64_encode(const unsigned char *src, size_t len,
-			      size_t *out_len);
-unsigned char * base64_decode(const unsigned char *src, size_t len,
-			      size_t *out_len);
-
-#endif /* BASE64_H */

components/wpa_supplicant/port/include/endian.h

@@ -98,10 +98,6 @@ typedef	__uint64_t	uint64_t;
 #define	le32toh(x)	((uint32_t)(x))
 #define	le64toh(x)	((uint64_t)(x))
 
-#ifndef htons
-#define htons htobe16
-#endif //htons
-
 #else /* _BYTE_ORDER != _LITTLE_ENDIAN */
 #define	htobe16(x)	((uint16_t)(x))
 #define	htobe32(x)	((uint32_t)(x))

components/wpa_supplicant/port/include/supplicant_opt.h

@@ -0,0 +1,32 @@
+// Copyright 2019 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef _SUPPLICANT_OPT_H
+#define _SUPPLICANT_OPT_H
+
+#include "sdkconfig.h"
+
+#if CONFIG_WPA_EAP_TLS
+#define EAP_TLS 1
+#endif
+
+#if CONFIG_WPA_EAP_TTLS
+#define EAP_TTLS 1
+#endif
+
+#if CONFIG_WPA_EAP_PEAP
+#define EAP_PEAP 1
+#endif
+
+#endif /* _SUPPLICANT_OPT_H */

components/wpa_supplicant/port/os_xtensa.c

@@ -27,7 +27,7 @@
 #include <time.h>
 #include <sys/time.h>
 #include "esp_system.h"
-#include "crypto/common.h"
+#include "utils/common.h"
 
 int os_get_time(struct os_time *t)
 {

components/wpa_supplicant/src/ap/ap_config.c

@@ -0,0 +1,248 @@
+/*
+ * hostapd / Configuration helper functions
+ * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "crypto/sha1.h"
+#include "common/ieee802_11_defs.h"
+#include "common/eapol_common.h"
+#include "ap/wpa_auth.h"
+#include "ap/ap_config.h"
+#include "utils/wpa_debug.h"
+#include "ap/hostapd.h"
+#include "ap/wpa_auth_i.h"
+#include "esp_supplicant/esp_wifi_driver.h"
+#include "esp_wifi_types.h"
+
+void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
+{
+    bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
+
+    bss->wep_rekeying_period = 300;
+    /* use key0 in individual key and key1 in broadcast key */
+    bss->broadcast_key_idx_min = 1;
+    bss->broadcast_key_idx_max = 2;
+
+    bss->wpa_group_rekey = 600;
+    bss->wpa_gmk_rekey = 86400;
+    bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
+    bss->wpa_pairwise = WPA_CIPHER_TKIP;
+    bss->wpa_group = WPA_CIPHER_TKIP;
+    bss->rsn_pairwise = 0;
+
+    bss->max_num_sta = MAX_STA_COUNT;
+
+    bss->dtim_period = 2;
+
+    bss->ap_max_inactivity = 5*60;  //AP_MAX_INACTIVITY;
+    bss->eapol_version = EAPOL_VERSION;
+
+    bss->max_listen_interval = 65535;
+
+#ifdef CONFIG_IEEE80211W
+    bss->assoc_sa_query_max_timeout = 1000;
+    bss->assoc_sa_query_retry_timeout = 201;
+#endif /* CONFIG_IEEE80211W */
+#ifdef EAP_SERVER_FAST
+     /* both anonymous and authenticated provisioning */
+    bss->eap_fast_prov = 3;
+    bss->pac_key_lifetime = 7 * 24 * 60 * 60;
+    bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
+#endif /* EAP_SERVER_FAST */
+
+    /* Set to -1 as defaults depends on HT in setup */
+    bss->wmm_enabled = -1;
+
+#ifdef CONFIG_IEEE80211R
+    bss->ft_over_ds = 1;
+#endif /* CONFIG_IEEE80211R */
+
+}
+
+
+struct hostapd_config * hostapd_config_defaults(void)
+{
+#define ecw2cw(ecw) ((1 << (ecw)) - 1)
+
+    struct hostapd_config *conf;
+    struct hostapd_bss_config *bss;
+#undef ecw2cw
+
+    conf = (struct hostapd_config *)os_zalloc(sizeof(*conf));
+    bss = (struct hostapd_bss_config *)os_zalloc(sizeof(*bss));
+    if (conf == NULL || bss == NULL) {
+    	wpa_printf(MSG_DEBUG, "Failed to allocate memory for "
+               "configuration data.");
+        os_free(conf);
+        os_free(bss);
+        return NULL;
+    }
+
+    hostapd_config_defaults_bss(bss);
+
+    conf->num_bss = 1;
+    conf->bss = bss;
+
+    conf->beacon_int = 100;
+    conf->rts_threshold = -1; /* use driver default: 2347 */
+    conf->fragm_threshold = -1; /* user driver default: 2346 */
+    conf->send_probe_response = 1;
+
+    conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
+
+    conf->ap_table_max_size = 255;
+    conf->ap_table_expiration_time = 60;
+
+    return conf;
+}
+
+
+int hostapd_mac_comp(const void *a, const void *b)
+{
+    return memcmp(a, b, sizeof(macaddr));
+}
+
+
+int hostapd_mac_comp_empty(const void *a)
+{
+    u8 empty[ETH_ALEN];
+
+    os_bzero(empty, ETH_ALEN);
+
+    return memcmp(a, empty, ETH_ALEN);
+}
+
+static int hostapd_derive_psk(struct hostapd_ssid *ssid)
+{
+    ssid->wpa_psk = (struct hostapd_wpa_psk *)os_zalloc(sizeof(struct hostapd_wpa_psk));
+    if (ssid->wpa_psk == NULL) {
+    	wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
+        return -1;
+    }
+    wpa_hexdump_ascii(MSG_DEBUG, "SSID",
+              (u8 *) ssid->ssid, ssid->ssid_len);
+    wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
+                  (u8 *) ssid->wpa_passphrase,
+                  strlen(ssid->wpa_passphrase));
+#ifdef ESP_SUPPLICANT
+    memcpy(ssid->wpa_psk->psk, esp_wifi_ap_get_prof_pmk_internal(), PMK_LEN);
+#else
+    /* It's too SLOW */
+    pbkdf2_sha1(ssid->wpa_passphrase,
+            ssid->ssid, ssid->ssid_len,
+            4096, ssid->wpa_psk->psk, PMK_LEN);
+#endif
+    wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
+            ssid->wpa_psk->psk, PMK_LEN);
+    return 0;
+}
+
+
+int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
+{
+    struct hostapd_ssid *ssid = &conf->ssid;
+
+    if (ssid->wpa_passphrase != NULL) {
+        if (ssid->wpa_psk != NULL) {
+        	wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
+                   "instead of passphrase");
+        } else {
+        	wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
+                   "passphrase\n");
+            if (hostapd_derive_psk(ssid) < 0)
+                return -1;
+        }
+        ssid->wpa_psk->group = 1;
+    }
+
+    return 0;
+}
+
+
+int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, struct hostapd_wep_keys *b)
+{
+    int i;
+
+    if (a->idx != b->idx || a->default_len != b->default_len)
+        return 1;
+    for (i = 0; i < NUM_WEP_KEYS; i++)
+        if (a->len[i] != b->len[i] ||
+        	memcmp(a->key[i], b->key[i], a->len[i]) != 0)
+            return 1;
+    return 0;
+}
+
+/**
+ * hostapd_maclist_found - Find a MAC address from a list
+ * @list: MAC address list
+ * @num_entries: Number of addresses in the list
+ * @addr: Address to search for
+ * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
+ * Returns: 1 if address is in the list or 0 if not.
+ *
+ * Perform a binary search for given MAC address from a pre-sorted list.
+ */
+int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
+              const u8 *addr, int *vlan_id)
+{
+    int start, end, middle, res;
+
+    start = 0;
+    end = num_entries - 1;
+
+    while (start <= end) {
+        middle = (start + end) / 2;
+        res = memcmp(list[middle].addr, addr, ETH_ALEN);
+        if (res == 0) {
+            if (vlan_id)
+                *vlan_id = list[middle].vlan_id;
+            return 1;
+        }
+        if (res < 0)
+            start = middle + 1;
+        else
+            end = middle - 1;
+    }
+
+    return 0;
+}
+
+
+int hostapd_rate_found(int *list, int rate)
+{
+    int i;
+
+    if (list == NULL)
+        return 0;
+
+    for (i = 0; list[i] >= 0; i++)
+        if (list[i] == rate)
+            return 1;
+
+    return 0;
+}
+
+const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
+			   const u8 *addr, const u8 *prev_psk)
+{
+    struct hostapd_wpa_psk *psk;
+    int next_ok = prev_psk == NULL;
+
+    for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
+        if (next_ok &&
+            (psk->group || memcmp(psk->addr, addr, ETH_ALEN) == 0))
+            return psk->psk;
+
+        if (psk->psk == prev_psk)
+            next_ok = 1;
+    }
+
+    return NULL;
+}
+

components/wpa_supplicant/include/wpa/ap_config.h → components/wpa_supplicant/src/ap/ap_config.h

@@ -9,11 +9,8 @@
 #ifndef HOSTAPD_CONFIG_H
 #define HOSTAPD_CONFIG_H
 
-#include "wpa/defs.h"
-//#include "ip_addr.h"
-#include "wpa/wpa_common.h"
-//#include "common/ieee802_11_common.h"
-//#include "wps/wps.h"
+#include "common/defs.h"
+#include "common/wpa_common.h"
 
 #define MAX_STA_COUNT 4
 #define MAX_VLAN_ID 4094
@@ -54,12 +51,8 @@ struct hostapd_ssid {
 	unsigned int ssid_set:1;
 	unsigned int utf8_ssid:1;
 
-//	char vlan[IFNAMSIZ + 1];
-//	secpolicy security_policy;
-
 	struct hostapd_wpa_psk *wpa_psk;
 	char *wpa_passphrase;
-//	char *wpa_psk_file;
 
 	struct hostapd_wep_keys wep;
 
@@ -183,70 +176,22 @@ struct hostapd_nai_realm_data {
  * struct hostapd_bss_config - Per-BSS configuration
  */
 struct hostapd_bss_config {
-//	char iface[IFNAMSIZ + 1];
-//	char bridge[IFNAMSIZ + 1];
-//	char wds_bridge[IFNAMSIZ + 1];
-
-//	enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
-
-//	unsigned int logger_syslog; /* module bitfield */
-//	unsigned int logger_stdout; /* module bitfield */
-
-//	char *dump_log_name; /* file name for state dump (SIGUSR1) */
-
 	int max_num_sta; /* maximum number of STAs in station table */
 
 	int dtim_period;
 
 	int ieee802_1x; /* use IEEE 802.1X */
 	int eapol_version;
-//	int eap_server; /* Use internal EAP server instead of external
-//			 * RADIUS server */
-//	struct hostapd_eap_user *eap_user;
-//	char *eap_user_sqlite;
-//	char *eap_sim_db;
-//	struct hostapd_ip_addr own_ip_addr;
-//	char *nas_identifier;
-//	struct hostapd_radius_servers *radius;
-//	int acct_interim_interval;
-//	int radius_request_cui;
-//	struct hostapd_radius_attr *radius_auth_req_attr;
-//	struct hostapd_radius_attr *radius_acct_req_attr;
-//	int radius_das_port;
-//	unsigned int radius_das_time_window;
-//	int radius_das_require_event_timestamp;
-//	struct hostapd_ip_addr radius_das_client_addr;
-//	u8 *radius_das_shared_secret;
-//	size_t radius_das_shared_secret_len;
-
 	struct hostapd_ssid ssid;
 
-//	char *eap_req_id_text; /* optional displayable message sent with
-//				* EAP Request-Identity */
-//	size_t eap_req_id_text_len;
-//	int eapol_key_index_workaround;
-
-//	size_t default_wep_key_len;
-//	int individual_wep_key_len;
 	int wep_rekeying_period;
 	int broadcast_key_idx_min, broadcast_key_idx_max;
-//	int eap_reauth_period;
-
-//	int ieee802_11f; /* use IEEE 802.11f (IAPP) */
-//	char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast
-//					* frames */
 
 	enum {
 		ACCEPT_UNLESS_DENIED = 0,
 		DENY_UNLESS_ACCEPTED = 1,
 		USE_EXTERNAL_RADIUS_AUTH = 2
 	} macaddr_acl;
-//	struct mac_acl_entry *accept_mac;
-//	int num_accept_mac;
-//	struct mac_acl_entry *deny_mac;
-//	int num_deny_mac;
-//	int wds_sta;
-//	int isolate;
 
 	int auth_algs; /* bitfield of allowed IEEE 802.11 authentication
 			* algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */
@@ -288,49 +233,12 @@ struct hostapd_bss_config {
 	int ft_over_ds;
 #endif /* CONFIG_IEEE80211R */
 
-//	char *ctrl_interface; /* directory for UNIX domain sockets */
-#ifndef CONFIG_NATIVE_WINDOWS
-//	gid_t ctrl_interface_gid;
-#endif /* CONFIG_NATIVE_WINDOWS */
-//	int ctrl_interface_gid_set;
-
-//	char *ca_cert;
-//	char *server_cert;
-//	char *private_key;
-//	char *private_key_passwd;
-//	int check_crl;
-//	char *dh_file;
-//	u8 *pac_opaque_encr_key;
-//	u8 *eap_fast_a_id;
-//	size_t eap_fast_a_id_len;
-//	char *eap_fast_a_id_info;
-//	int eap_fast_prov;
-//	int pac_key_lifetime;
-//	int pac_key_refresh_time;
-//	int eap_sim_aka_result_ind;
-//	int tnc;
-//	int fragment_size;
-//	u16 pwd_group;
-
-//	char *radius_server_clients;
-//	int radius_server_auth_port;
-//	int radius_server_ipv6;
-
-//	char *test_socket; /* UNIX domain socket path for driver_test */
-
-//	int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group
-//				 * address instead of individual address
-//				 * (for driver_wired.c).
-//				 */
-
 	int ap_max_inactivity;
 	int ignore_broadcast_ssid;
 
 	int wmm_enabled;
 	int wmm_uapsd;
 
-//	struct hostapd_vlan *vlan, *vlan_tail;
-
 	macaddr bssid;
 
 	/*
@@ -340,10 +248,6 @@ struct hostapd_bss_config {
 	 */
 	u16 max_listen_interval;
 
-//	int disable_pmksa_caching;
-//	int okc; /* Opportunistic Key Caching */
-
-//	int wps_state;
 #ifdef CONFIG_WPS
 	int ap_setup_locked;
 	u8 uuid[16];
@@ -375,71 +279,6 @@ struct hostapd_bss_config {
 	struct wpabuf *wps_nfc_dh_privkey;
 	struct wpabuf *wps_nfc_dev_pw;
 #endif /* CONFIG_WPS */
-//	int pbc_in_m1;
-
-#define P2P_ENABLED BIT(0)
-#define P2P_GROUP_OWNER BIT(1)
-#define P2P_GROUP_FORMATION BIT(2)
-#define P2P_MANAGE BIT(3)
-#define P2P_ALLOW_CROSS_CONNECTION BIT(4)
-//	int p2p;
-
-//	int disassoc_low_ack;
-//	int skip_inactivity_poll;
-
-#define TDLS_PROHIBIT BIT(0)
-#define TDLS_PROHIBIT_CHAN_SWITCH BIT(1)
-//	int tdls;
-//	int disable_11n;
-//	int disable_11ac;
-
-	/* IEEE 802.11v */
-//	int time_advertisement;
-//	char *time_zone;
-//	int wnm_sleep_mode;
-//	int bss_transition;
-
-	/* IEEE 802.11u - Interworking */
-//	int interworking;
-//	int access_network_type;
-//	int internet;
-//	int asra;
-//	int esr;
-//	int uesa;
-//	int venue_info_set;
-//	u8 venue_group;
-//	u8 venue_type;
-//	u8 hessid[ETH_ALEN];
-
-	/* IEEE 802.11u - Roaming Consortium list */
-//	unsigned int roaming_consortium_count;
-//	struct hostapd_roaming_consortium *roaming_consortium;
-
-	/* IEEE 802.11u - Venue Name duples */
-//	unsigned int venue_name_count;
-//	struct hostapd_lang_string *venue_name;
-
-	/* IEEE 802.11u - Network Authentication Type */
-//	u8 *network_auth_type;
-//	size_t network_auth_type_len;
-
-	/* IEEE 802.11u - IP Address Type Availability */
-//	u8 ipaddr_type_availability;
-//	u8 ipaddr_type_configured;
-
-	/* IEEE 802.11u - 3GPP Cellular Network */
-//	u8 *anqp_3gpp_cell_net;
-//	size_t anqp_3gpp_cell_net_len;
-
-	/* IEEE 802.11u - Domain Name */
-//	u8 *domain_name;
-//	size_t domain_name_len;
-
-//	unsigned int nai_realm_count;
-//	struct hostapd_nai_realm_data *nai_realm_data;
-
-//	u16 gas_comeback_delay;
-//	int gas_frag_limit;
 
 #ifdef CONFIG_HS20
 	int hs20;
@@ -453,13 +292,10 @@ struct hostapd_bss_config {
 	u8 hs20_operating_class_len;
 #endif /* CONFIG_HS20 */
 
-//	u8 wps_rf_bands; /* RF bands for WPS (WPS_RF_*) */
-
 #ifdef CONFIG_RADIUS_TEST
 	char *dump_msk_file;
 #endif /* CONFIG_RADIUS_TEST */
 
-//	struct wpabuf *vendor_elements;
 };
 
 
@@ -498,8 +334,6 @@ struct hostapd_config {
 
 	int ieee80211d;
 
-//	struct hostapd_tx_queue_params tx_queue[NUM_TX_QUEUES];
-
 	/*
 	 * WMM AC parameters, in same order as 802.1D, i.e.
 	 * 0 = BE (best effort)
@@ -507,7 +341,6 @@ struct hostapd_config {
 	 * 2 = VI (video)
 	 * 3 = VO (voice)
 	 */
-//	struct hostapd_wmm_ac_params wmm_ac_params[4];
 
 	int ht_op_mode_fixed;
 	u16 ht_capab;
@@ -536,9 +369,7 @@ int hostapd_wep_key_cmp(struct hostapd_wep_keys *a,
 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
 			   const u8 *addr, const u8 *prev_psk);
 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
-//const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan,
-//					int vlan_id);
-//struct hostapd_radius_attr *
-//hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type);
+bool wpa_ap_join(void** sm, uint8_t *bssid, uint8_t *wpa_ie, uint8_t wpa_ie_len);
+bool wpa_ap_remove(void* sm);
 
 #endif /* HOSTAPD_CONFIG_H */

components/wpa_supplicant/src/ap/hostapd.h

@@ -0,0 +1,115 @@
+/*
+ * hostapd / Initialization and configuration
+ * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef HOSTAPD_H
+#define HOSTAPD_H
+
+#include "common/defs.h"
+#include "ap/ap_config.h"
+
+struct wpa_driver_ops;
+struct wpa_ctrl_dst;
+struct radius_server_data;
+struct upnp_wps_device_sm;
+struct hostapd_data;
+struct sta_info;
+struct hostap_sta_driver_data;
+struct ieee80211_ht_capabilities;
+struct full_dynamic_vlan;
+enum wps_event;
+union wps_event_data;
+
+struct hostapd_iface;
+
+struct hapd_interfaces {
+	int (*reload_config)(struct hostapd_iface *iface);
+	struct hostapd_config * (*config_read_cb)(const char *config_fname);
+	int (*ctrl_iface_init)(struct hostapd_data *hapd);
+	void (*ctrl_iface_deinit)(struct hostapd_data *hapd);
+	int (*for_each_interface)(struct hapd_interfaces *interfaces,
+				  int (*cb)(struct hostapd_iface *iface,
+					    void *ctx), void *ctx);
+	int (*driver_init)(struct hostapd_iface *iface);
+
+	size_t count;
+	int global_ctrl_sock;
+	char *global_iface_path;
+	char *global_iface_name;
+	struct hostapd_iface **iface;
+};
+
+
+struct hostapd_probereq_cb {
+	int (*cb)(void *ctx, const u8 *sa, const u8 *da, const u8 *bssid,
+		  const u8 *ie, size_t ie_len, int ssi_signal);
+	void *ctx;
+};
+
+#define HOSTAPD_RATE_BASIC 0x00000001
+
+struct hostapd_rate_data {
+	int rate; /* rate in 100 kbps */
+	int flags; /* HOSTAPD_RATE_ flags */
+};
+
+struct hostapd_frame_info {
+	u32 channel;
+	u32 datarate;
+	int ssi_signal; /* dBm */
+};
+
+
+/**
+ * struct hostapd_data - hostapd per-BSS data structure
+ */
+struct hostapd_data {
+	struct hostapd_config *iconf;
+	struct hostapd_bss_config *conf;
+	int interface_added; /* virtual interface added for this BSS */
+
+	u8 own_addr[ETH_ALEN];
+
+	int num_sta; /* number of entries in sta_list */
+
+	struct wpa_authenticator *wpa_auth;
+
+#ifdef CONFIG_FULL_DYNAMIC_VLAN
+	struct full_dynamic_vlan *full_dynamic_vlan;
+#endif /* CONFIG_FULL_DYNAMIC_VLAN */
+
+#ifdef CONFIG_WPS
+	unsigned int ap_pin_failures;
+	unsigned int ap_pin_failures_consecutive;
+	struct upnp_wps_device_sm *wps_upnp;
+	unsigned int ap_pin_lockout_time;
+#endif /* CONFIG_WPS */
+
+#ifdef CONFIG_P2P
+	struct p2p_data *p2p;
+	struct p2p_group *p2p_group;
+	struct wpabuf *p2p_beacon_ie;
+	struct wpabuf *p2p_probe_resp_ie;
+
+	/* Number of non-P2P association stations */
+	int num_sta_no_p2p;
+
+	/* Periodic NoA (used only when no non-P2P clients in the group) */
+	int noa_enabled;
+	int noa_start;
+	int noa_duration;
+#endif /* CONFIG_P2P */
+#ifdef CONFIG_INTERWORKING
+	size_t gas_frag_limit;
+#endif /* CONFIG_INTERWORKING */
+
+#ifdef CONFIG_SQLITE
+	struct hostapd_eap_user tmp_eap_user;
+#endif /* CONFIG_SQLITE */
+};
+
+#endif /* HOSTAPD_H */

components/wpa_supplicant/src/ap/ieee802_1x.c

@@ -0,0 +1,78 @@
+/*
+ * hostapd / IEEE 802.1X-2004 Authenticator
+ * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "crypto/crypto.h"
+#include "crypto/random.h"
+#include "common/ieee802_11_defs.h"
+#include "hostapd.h"
+#include "ap/sta_info.h"
+#include "ap/wpa_auth.h"
+#include "ap/ap_config.h"
+#include "ap/ieee802_1x.h"
+#include "utils/wpa_debug.h"
+
+/**
+ * ieee802_1x_receive - Process the EAPOL frames from the Supplicant
+ * @hapd: hostapd BSS data
+ * @sa: Source address (sender of the EAPOL frame)
+ * @buf: EAPOL frame
+ * @len: Length of buf in octets
+ *
+ * This function is called for each incoming EAPOL frame from the interface
+ */
+void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
+			size_t len)
+{
+	struct sta_info *sta;
+	struct ieee802_1x_hdr *hdr;
+	struct ieee802_1x_eapol_key *key;
+	u16 datalen;
+
+	wpa_printf( MSG_DEBUG, "IEEE 802.1X: %lu bytes from " MACSTR,
+		   (unsigned long) len, MAC2STR(sa));
+	sta = ap_get_sta(hapd, sa);
+	if (!sta || !(sta->flags & (WLAN_STA_ASSOC | WLAN_STA_PREAUTH))) {
+		wpa_printf( MSG_DEBUG, "IEEE 802.1X data frame from not "
+			   "associated/Pre-authenticating STA");
+		return;
+	}
+
+	if (len < sizeof(*hdr)) {
+		wpa_printf( MSG_DEBUG, "   too short IEEE 802.1X packet\n");
+		return;
+	}
+
+	hdr = (struct ieee802_1x_hdr *) buf;
+	datalen = be_to_host16(hdr->length);
+	wpa_printf( MSG_DEBUG, "   IEEE 802.1X: version=%d type=%d length=%d",
+		   hdr->version, hdr->type, datalen);
+
+	if (len - sizeof(*hdr) < datalen) {
+		wpa_printf( MSG_DEBUG, "   frame too short for this IEEE 802.1X packet\n");
+		return;
+	}
+	if (len - sizeof(*hdr) > datalen) {
+		wpa_printf( MSG_DEBUG, "   ignoring %lu extra octets after "
+			   "IEEE 802.1X packet",
+			   (unsigned long) len - sizeof(*hdr) - datalen);
+	}
+
+	key = (struct ieee802_1x_eapol_key *) (hdr + 1);
+	if (datalen >= sizeof(struct ieee802_1x_eapol_key) &&
+	    hdr->type == IEEE802_1X_TYPE_EAPOL_KEY &&
+	    (key->type == EAPOL_KEY_TYPE_WPA ||
+	     key->type == EAPOL_KEY_TYPE_RSN)) {
+		wpa_receive(hapd->wpa_auth, sta->wpa_sm, (u8 *) hdr,
+			    sizeof(*hdr) + datalen);
+		return;
+	}
+}
+

components/wpa_supplicant/src/ap/ieee802_1x.h

@@ -0,0 +1,24 @@
+/*
+ * hostapd / IEEE 802.1X-2004 Authenticator
+ * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef IEEE802_1X_H
+#define IEEE802_1X_H
+
+struct hostapd_data;
+struct sta_info;
+struct eapol_state_machine;
+struct hostapd_config;
+struct hostapd_bss_config;
+struct hostapd_radius_attr;
+struct radius_msg;
+
+
+void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
+			size_t len);
+
+#endif /* IEEE802_1X_H */

components/wpa_supplicant/include/wpa/sta_info.h → components/wpa_supplicant/src/ap/sta_info.h

@@ -48,61 +48,14 @@ struct sta_info {
 	u16 listen_interval; /* or beacon_int for APs */
 	u8 supported_rates[WLAN_SUPP_RATES_MAX];
 	int supported_rates_len;
-//	u8 qosinfo; /* Valid when WLAN_STA_WMM is set */
-
-//	unsigned int nonerp_set:1;
-//	unsigned int no_short_slot_time_set:1;
-//	unsigned int no_short_preamble_set:1;
-//	unsigned int no_ht_gf_set:1;
-//	unsigned int no_ht_set:1;
-//	unsigned int ht_20mhz_set:1;
-//	unsigned int no_p2p_set:1;
 
 	u16 auth_alg;
-//	u8 previous_ap[6];
 
 	enum {
 		STA_NULLFUNC = 0, STA_DISASSOC, STA_DEAUTH, STA_REMOVE
 	} timeout_next;
 
-//	u16 deauth_reason;
-//	u16 disassoc_reason;
-
-	/* IEEE 802.1X related data */
-//	struct eapol_state_machine *eapol_sm;
-
-	/* IEEE 802.11f (IAPP) related data */
-//	struct ieee80211_mgmt *last_assoc_req;
-
-//	u32 acct_session_id_hi;
-//	u32 acct_session_id_lo;
-//	time_t acct_session_start;
-//	int acct_session_started;
-//	int acct_terminate_cause; /* Acct-Terminate-Cause */
-//	int acct_interim_interval; /* Acct-Interim-Interval */
-
-//	unsigned long last_rx_bytes;
-//	unsigned long last_tx_bytes;
-//	u32 acct_input_gigawords; /* Acct-Input-Gigawords */
-//	u32 acct_output_gigawords; /* Acct-Output-Gigawords */
-
-//	u8 *challenge; /* IEEE 802.11 Shared Key Authentication Challenge */
-
 	struct wpa_state_machine *wpa_sm;
-//	struct rsn_preauth_interface *preauth_iface;
-
-	struct hostapd_ssid *ssid; /* SSID selection based on (Re)AssocReq */
-//	struct hostapd_ssid *ssid_probe; /* SSID selection based on ProbeReq */
-
-//	int vlan_id;
-	 /* PSKs from RADIUS authentication server */
-//	struct hostapd_sta_wpa_psk_short *psk;
-
-//	char *identity; /* User-Name from RADIUS */
-//	char *radius_cui; /* Chargeable-User-Identity from RADIUS */
-
-//	struct ieee80211_ht_capabilities *ht_capabilities;
-//	struct ieee80211_vht_capabilities *vht_capabilities;
 
 #ifdef CONFIG_IEEE80211W
 	int sa_query_count; /* number of pending SA Query requests;
@@ -120,12 +73,6 @@ struct sta_info {
 	u8 gas_dialog_next;
 #endif /* CONFIG_INTERWORKING */
 
-//	struct wpabuf *wps_ie; /* WPS IE from (Re)Association Request */
-//	struct wpabuf *p2p_ie; /* P2P IE from (Re)Association Request */
-//	struct wpabuf *hs20_ie; /* HS 2.0 IE from (Re)Association Request */
-
-//	struct os_time connected_time;
-
 #ifdef CONFIG_SAE
 	enum { SAE_INIT, SAE_COMMIT, SAE_CONFIRM } sae_state;
 	u16 sae_send_confirm;

components/wpa_supplicant/src/ap/wpa_auth.c

@@ -0,0 +1,2439 @@
+/*
+ * IEEE 802.11 RSN / WPA Authenticator
+ * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "utils/state_machine.h"
+#include "common/ieee802_11_defs.h"
+#include "ap/wpa_auth.h"
+#include "ap/wpa_auth_i.h"
+#include "ap/wpa_auth_ie.h"
+#include "utils/wpa_debug.h"
+#include "hostapd.h"
+#include "rsn_supp/wpa.h"
+#include "ap/ap_config.h"
+#include "common/wpa_common.h"
+
+#include "crypto/aes_wrap.h"
+#include "crypto/crypto.h"
+#include "crypto/sha1.h"
+#include "crypto/sha256.h"
+#include "crypto/random.h"
+
+#include "esp_supplicant/esp_wifi_driver.h"
+#include "esp_wifi.h"
+#include "esp_private/wifi.h"
+
+#define STATE_MACHINE_DATA struct wpa_state_machine
+#define STATE_MACHINE_DEBUG_PREFIX "WPA"
+#define STATE_MACHINE_ADDR sm->addr
+
+
+static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
+static int wpa_sm_step(struct wpa_state_machine *sm);
+static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len);
+static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
+                  struct wpa_group *group);
+static void wpa_request_new_ptk(struct wpa_state_machine *sm);
+static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
+              struct wpa_group *group);
+static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
+                       struct wpa_group *group);
+
+static const u32 dot11RSNAConfigGroupUpdateCount = 4;
+static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
+static const u32 eapol_key_timeout_first = 100; /* ms */
+static const u32 eapol_key_timeout_subseq = 1000; /* ms */
+static const u32 eapol_key_timeout_first_group = 500; /* ms */
+
+#define WPA_SM_MAX_INDEX 16
+static void *s_sm_table[WPA_SM_MAX_INDEX];
+static u32 s_sm_valid_bitmap = 0;
+
+static struct wpa_state_machine * wpa_auth_get_sm(u32 index)
+{
+    if ( (index < WPA_SM_MAX_INDEX) && (BIT(index) & s_sm_valid_bitmap)){
+        return s_sm_table[index];
+    }
+
+    return NULL;
+}
+
+static void wpa_auth_add_sm(struct wpa_state_machine *sm)
+{
+    if (sm) {
+        u8 i;
+        for (i=0; i<WPA_SM_MAX_INDEX; i++) {
+            if (BIT(i) & s_sm_valid_bitmap) {
+                if (s_sm_table[i] == sm) {
+                    wpa_printf( MSG_INFO, "add sm already exist i=%d", i);
+                }
+                continue;
+            }
+            s_sm_table[i] = sm;
+            s_sm_valid_bitmap |= BIT(i);
+            sm->index = i;
+            wpa_printf( MSG_DEBUG, "add sm, index=%d bitmap=%x\n", i, s_sm_valid_bitmap);
+            return;
+        }
+    }
+}
+
+static void wpa_auth_del_sm(struct wpa_state_machine *sm)
+{
+    if (sm && (sm->index < WPA_SM_MAX_INDEX)) {
+        if (sm != s_sm_table[sm->index]) {
+            wpa_printf( MSG_INFO, "del sm error %d", sm->index);
+        }
+        s_sm_table[sm->index] = NULL;
+        s_sm_valid_bitmap &= ~BIT(sm->index);
+        wpa_printf( MSG_DEBUG, "del sm, index=%d bitmap=%x\n", sm->index, s_sm_valid_bitmap);
+    }
+}
+
+static inline int wpa_auth_mic_failure_report(
+    struct wpa_authenticator *wpa_auth, const u8 *addr)
+{
+    return 0;
+}
+
+
+static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth,
+                      const u8 *addr, wpa_eapol_variable var,
+                      int value)
+{
+}
+
+
+static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth,
+                     const u8 *addr, wpa_eapol_variable var)
+{
+    return -1;
+}
+
+static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
+                      const u8 *addr, const u8 *prev_psk)
+{
+    struct hostapd_data *hapd = (struct hostapd_data *)esp_wifi_get_hostap_private_internal();
+
+    if (!hapd){
+        return NULL;
+    }
+
+    return (u8*)hostapd_get_psk(hapd->conf, addr, prev_psk);
+}
+
+static inline int wpa_auth_get_msk(struct wpa_authenticator *wpa_auth,
+                   const u8 *addr, u8 *msk, size_t *len)
+{
+    return -1;
+}
+
+static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
+                   int vlan_id,
+                   enum wpa_alg alg, const u8 *addr, int idx,
+                   u8 *key, size_t key_len)
+{
+    return esp_wifi_set_ap_key_internal(alg, addr, idx, key, key_len);
+}
+
+
+static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
+                      const u8 *addr, int idx, u8 *seq)
+{
+    return -1;
+}
+
+/* fix buf for tx for now */
+#define WPA_TX_MSG_BUFF_MAXLEN 200
+
+static inline int 
+wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr,
+            const u8 *data, size_t data_len, int encrypt)
+{
+    void *buffer = os_malloc(256);
+    struct l2_ethhdr *eth = buffer;
+
+    if (!buffer){
+        wpa_printf( MSG_DEBUG, "send_eapol, buffer=%p\n", buffer);
+        return -1;
+    }
+
+    memcpy(eth->h_dest, addr, ETH_ALEN);
+    memcpy(eth->h_source, wpa_auth->addr, ETH_ALEN);
+    eth->h_proto = host_to_be16(ETH_P_EAPOL);
+
+    memcpy((char *)buffer + sizeof(struct l2_ethhdr), data, data_len);
+    esp_wifi_internal_tx(1, buffer, sizeof(struct l2_ethhdr) + data_len);
+    os_free(buffer);
+    return 0;
+}
+
+int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
+              int (*cb)(struct wpa_state_machine *sm, void *ctx),
+              void *cb_ctx)
+{
+    return 0;
+}
+
+static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth,
+                   const u8 *addr)
+{
+    wpa_printf(MSG_DEBUG, "wpa_sta_disconnect STA " MACSTR, MAC2STR(addr));
+    esp_wifi_ap_deauth_internal((uint8_t*)addr, WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT);
+    return;
+}
+
+static int wpa_use_aes_cmac(struct wpa_state_machine *sm)
+{
+    int ret = 0;
+#ifdef CONFIG_IEEE80211R
+    if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
+        ret = 1;
+#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_IEEE80211W
+    if (wpa_key_mgmt_sha256(sm->wpa_key_mgmt))
+        ret = 1;
+#endif /* CONFIG_IEEE80211W */
+    return ret;
+}
+
+static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx)
+{
+    struct wpa_authenticator *wpa_auth = eloop_ctx;
+    struct wpa_group *group;
+
+    for (group = wpa_auth->group; group; group = group->next) {
+        group->GTKReKey = TRUE;
+        do {
+            group->changed = FALSE;
+            wpa_group_sm_step(wpa_auth, group);
+        } while (group->changed);
+    }
+
+    if (wpa_auth->conf.wpa_group_rekey) {
+        eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
+                       0, wpa_rekey_gtk, wpa_auth, NULL);
+    }
+}
+
+
+static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
+{
+    struct wpa_state_machine *sm = timeout_ctx;
+
+    wpa_request_new_ptk(sm);
+    wpa_sm_step(sm);
+}
+
+static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
+                      struct wpa_group *group)
+{
+    u8 buf[ETH_ALEN + 8 + sizeof(group)];
+    u8 rkey[32];
+
+    if (os_get_random(group->GMK, WPA_GMK_LEN) < 0)
+        return -1;
+    wpa_hexdump_key(MSG_DEBUG, "GMK", group->GMK, WPA_GMK_LEN);
+
+    /*
+     * Counter = PRF-256(Random number, "Init Counter",
+     *                   Local MAC Address || Time)
+     */
+    memcpy(buf, wpa_auth->addr, ETH_ALEN);
+    wpa_get_ntp_timestamp(buf + ETH_ALEN);
+    memcpy(buf + ETH_ALEN + 8, &group, sizeof(group));
+    if (os_get_random(rkey, sizeof(rkey)) < 0)
+        return -1;
+
+    if (sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf),
+            group->Counter, WPA_NONCE_LEN) < 0)
+        return -1;
+    wpa_hexdump_key(MSG_DEBUG, "Key Counter",
+            group->Counter, WPA_NONCE_LEN);
+
+    return 0;
+}
+
+static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
+                     int vlan_id, int delay_init)
+{
+    struct wpa_group *group;
+    group = (struct wpa_group *)os_zalloc(sizeof(struct wpa_group));
+    if (group == NULL)
+        return NULL;
+
+    group->GTKAuthenticator = TRUE;
+    group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
+
+    if (random_pool_ready() != 1) {
+        wpa_printf( MSG_INFO, "WPA: Not enough entropy in random pool "
+               "for secure operations - update keys later when "
+               "the first station connects");
+    }
+
+    /*
+     * Set initial GMK/Counter value here. The actual values that will be
+     * used in negotiations will be set once the first station tries to
+     * connect. This allows more time for collecting additional randomness
+     * on embedded devices.
+     */
+    if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
+        wpa_printf( MSG_ERROR, "Failed to get random data for WPA "
+               "initialization.");
+        os_free(group);
+        return NULL;
+    }
+
+    group->GInit = TRUE;
+    if (delay_init) {
+        wpa_printf( MSG_DEBUG, "WPA: Delay group state machine start "
+               "until Beacon frames have been configured\n");
+        /* Initialization is completed in wpa_init_keys(). */
+    } else {
+        wpa_group_sm_step(wpa_auth, group);
+        group->GInit = FALSE;
+        wpa_group_sm_step(wpa_auth, group);
+    }
+
+    return group;
+}
+
+
+/**
+ * wpa_init - Initialize WPA authenticator
+ * @addr: Authenticator address
+ * @conf: Configuration for WPA authenticator
+ * @cb: Callback functions for WPA authenticator
+ * Returns: Pointer to WPA authenticator data or %NULL on failure
+ */
+struct wpa_authenticator * wpa_init(const u8 *addr,
+                    struct wpa_auth_config *conf,
+                    struct wpa_auth_callbacks *cb)
+{
+    struct wpa_authenticator *wpa_auth;
+    wpa_auth = (struct wpa_authenticator *)os_zalloc(sizeof(struct wpa_authenticator));
+    if (wpa_auth == NULL)
+        return NULL;
+    memcpy(wpa_auth->addr, addr, ETH_ALEN);
+    memcpy(&wpa_auth->conf, conf, sizeof(*conf));
+
+    if (wpa_auth_gen_wpa_ie(wpa_auth)) {
+        wpa_printf( MSG_ERROR, "Could not generate WPA IE.");
+        os_free(wpa_auth);
+        return NULL;
+    }
+
+    wpa_auth->group = wpa_group_init(wpa_auth, 0, 0);
+    if (wpa_auth->group == NULL) {
+        os_free(wpa_auth->wpa_ie);
+        os_free(wpa_auth);
+        return NULL;
+    }
+
+#ifdef CONFIG_IEEE80211R
+    wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
+    if (wpa_auth->ft_pmk_cache == NULL) {
+        wpa_printf( MSG_ERROR, "FT PMK cache initialization failed.");
+        os_free(wpa_auth->wpa_ie);
+        pmksa_cache_auth_deinit(wpa_auth->pmksa);
+        os_free(wpa_auth);
+        return NULL;
+    }
+#endif /* CONFIG_IEEE80211R */
+
+    return wpa_auth;
+}
+
+struct wpa_state_machine * 
+wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr)
+{
+    struct wpa_state_machine *sm;
+
+    sm = (struct wpa_state_machine *)os_zalloc(sizeof(struct wpa_state_machine));
+    if (sm == NULL)
+        return NULL;
+    memcpy(sm->addr, addr, ETH_ALEN);
+
+    sm->wpa_auth = wpa_auth;
+    sm->group = wpa_auth->group;
+    wpa_auth_add_sm(sm);
+
+    return sm;
+}
+
+int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
+                struct wpa_state_machine *sm)
+{
+    if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
+        return -1;
+
+#ifdef CONFIG_IEEE80211R
+    if (sm->ft_completed) {
+        wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
+                "FT authentication already completed - do not "
+                "start 4-way handshake");
+        return 0;
+    }
+#endif /* CONFIG_IEEE80211R */
+
+    if (sm->started) {
+        memset(&sm->key_replay, 0, sizeof(sm->key_replay));
+        sm->ReAuthenticationRequest = TRUE;
+        return wpa_sm_step(sm);
+    }
+
+    sm->started = 1;
+
+    sm->Init = TRUE;
+    if (wpa_sm_step(sm) == 1)
+        return 1; /* should not really happen */
+    sm->Init = FALSE;
+    sm->AuthenticationRequest = TRUE;
+    return wpa_sm_step(sm);
+}
+
+
+void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
+{
+    /* WPA/RSN was not used - clear WPA state. This is needed if the STA
+     * reassociates back to the same AP while the previous entry for the
+     * STA has not yet been removed. */
+    if (sm == NULL)
+        return;
+
+    sm->wpa_key_mgmt = 0;
+}
+
+
+static void wpa_free_sta_sm(struct wpa_state_machine *sm)
+{
+    wpa_auth_del_sm(sm);
+    if (sm->GUpdateStationKeys) {
+        sm->group->GKeyDoneStations--;
+        sm->GUpdateStationKeys = FALSE;
+    }
+#ifdef CONFIG_IEEE80211R
+    os_free(sm->assoc_resp_ftie);
+#endif /* CONFIG_IEEE80211R */
+    wpa_printf( MSG_DEBUG, "wpa_free_sta_sm: free eapol=%p\n", sm->last_rx_eapol_key);
+    os_free(sm->last_rx_eapol_key);
+    os_free(sm->wpa_ie);
+    os_free(sm);
+}
+
+
+void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
+{
+    wpa_printf( MSG_DEBUG, "deinit sm=%p\n", sm);
+    if (sm == NULL)
+        return;
+
+    ets_timer_disarm(&sm->resend_eapol);
+    ets_timer_done(&sm->resend_eapol);
+
+    if (sm->in_step_loop) {
+        /* Must not free state machine while wpa_sm_step() is running.
+         * Freeing will be completed in the end of wpa_sm_step(). */
+        wpa_printf( MSG_DEBUG, "WPA: Registering pending STA state "
+               "machine deinit for " MACSTR, MAC2STR(sm->addr));
+        sm->pending_deinit = 1;
+    } else
+        wpa_free_sta_sm(sm);
+}
+
+
+static void wpa_request_new_ptk(struct wpa_state_machine *sm)
+{
+    if (sm == NULL)
+        return;
+
+    sm->PTKRequest = TRUE;
+    sm->PTK_valid = 0;
+}
+
+static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
+                    const u8 *replay_counter)
+{
+    int i;
+    for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
+        if (!ctr[i].valid)
+            break;
+        if (memcmp(replay_counter, ctr[i].counter,
+                  WPA_REPLAY_COUNTER_LEN) == 0)
+            return 1;
+    }
+    return 0;
+}
+
+static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
+                        const u8 *replay_counter)
+{
+    int i;
+    for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
+        if (ctr[i].valid &&
+            (replay_counter == NULL ||
+             memcmp(replay_counter, ctr[i].counter,
+                   WPA_REPLAY_COUNTER_LEN) == 0))
+            ctr[i].valid = FALSE;
+    }
+}
+
+#ifdef CONFIG_IEEE80211R
+static int ICACHE_FLASH_ATTR ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
+                   struct wpa_state_machine *sm,
+                   struct wpa_eapol_ie_parse *kde)
+{
+    struct wpa_ie_data ie;
+    struct rsn_mdie *mdie;
+
+    if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
+        ie.num_pmkid != 1 || ie.pmkid == NULL) {
+        wpa_printf( MSG_DEBUG, "FT: No PMKR1Name in "
+               "FT 4-way handshake message 2/4");
+        return -1;
+    }
+
+    memcpy(sm->sup_pmk_r1_name, ie.pmkid, PMKID_LEN);
+    wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from Supplicant",
+            sm->sup_pmk_r1_name, PMKID_LEN);
+
+    if (!kde->mdie || !kde->ftie) {
+        wpa_printf( MSG_DEBUG, "FT: No %s in FT 4-way handshake "
+               "message 2/4", kde->mdie ? "FTIE" : "MDIE");
+        return -1;
+    }
+
+    mdie = (struct rsn_mdie *) (kde->mdie + 2);
+    if (kde->mdie[1] < sizeof(struct rsn_mdie) ||
+    	memcmp(wpa_auth->conf.mobility_domain, mdie->mobility_domain,
+              MOBILITY_DOMAIN_ID_LEN) != 0) {
+        wpa_printf( MSG_DEBUG, "FT: MDIE mismatch");
+        return -1;
+    }
+
+    if (sm->assoc_resp_ftie &&
+        (kde->ftie[1] != sm->assoc_resp_ftie[1] ||
+        memcmp(kde->ftie, sm->assoc_resp_ftie,
+               2 + sm->assoc_resp_ftie[1]) != 0)) {
+        wpa_printf( MSG_DEBUG, "FT: FTIE mismatch");
+        wpa_hexdump(MSG_DEBUG, "FT: FTIE in EAPOL-Key msg 2/4",
+                kde->ftie, kde->ftie_len);
+        wpa_hexdump(MSG_DEBUG, "FT: FTIE in (Re)AssocResp",
+                sm->assoc_resp_ftie, 2 + sm->assoc_resp_ftie[1]);
+        return -1;
+    }
+
+    return 0;
+}
+#endif /* CONFIG_IEEE80211R */
+
+static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
+                    struct wpa_state_machine *sm, int group)
+{
+    if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
+    } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
+    } else {
+        if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
+            return 1; /* STA entry was removed */
+    }
+
+    /*
+     * Error report is not a request for a new key handshake, but since
+     * Authenticator may do it, let's change the keys now anyway.
+     */
+    wpa_request_new_ptk(sm);
+    return 0;
+}
+
+void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *sm, u8 *data, size_t data_len)
+{
+    struct ieee802_1x_hdr *hdr;
+    struct wpa_eapol_key *key;
+    u16 key_info, key_data_length;
+    enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
+           SMK_M1, SMK_M3, SMK_ERROR } msg;
+    struct wpa_eapol_ie_parse kde;
+    int ft;
+    const u8 *eapol_key_ie;
+    size_t eapol_key_ie_len;
+
+    if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL)
+        return;
+
+    if (data_len < sizeof(*hdr) + sizeof(*key))
+        return;
+
+    hdr = (struct ieee802_1x_hdr *) data;
+    key = (struct wpa_eapol_key *) (hdr + 1);
+    key_info = WPA_GET_BE16(key->key_info);
+    key_data_length = WPA_GET_BE16(key->key_data_length);
+    wpa_printf( MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
+           " key_info=0x%x type=%u key_data_length=%u\n",
+           MAC2STR(sm->addr), key_info, key->type, key_data_length);
+    if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) {
+        wpa_printf( MSG_INFO, "WPA: Invalid EAPOL-Key frame - "
+               "key_data overflow (%d > %lu)\n",
+               key_data_length,
+               (unsigned long) (data_len - sizeof(*hdr) -
+                        sizeof(*key)));
+        return;
+    }
+
+    if (sm->wpa == WPA_VERSION_WPA2) {
+        if (key->type == EAPOL_KEY_TYPE_WPA) {
+            /*
+             * Some deployed station implementations seem to send
+             * msg 4/4 with incorrect type value in WPA2 mode.
+             */
+            wpa_printf( MSG_DEBUG, "Workaround: Allow EAPOL-Key "
+                   "with unexpected WPA type in RSN mode\n");
+        } else if (key->type != EAPOL_KEY_TYPE_RSN) {
+            wpa_printf( MSG_DEBUG, "Ignore EAPOL-Key with "
+                   "unexpected type %d in RSN mode\n",
+                   key->type);
+            return;
+        }
+    } else {
+        if (key->type != EAPOL_KEY_TYPE_WPA) {
+            wpa_printf( MSG_DEBUG, "Ignore EAPOL-Key with "
+                   "unexpected type %d in WPA mode\n",
+                   key->type);
+            return;
+        }
+    }
+
+    wpa_hexdump(MSG_DEBUG, "WPA: Received Key Nonce", key->key_nonce,
+            WPA_NONCE_LEN);
+    wpa_hexdump(MSG_DEBUG, "WPA: Received Replay Counter",
+            key->replay_counter, WPA_REPLAY_COUNTER_LEN);
+
+    /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
+     * are set */
+
+    if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
+        (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
+        if (key_info & WPA_KEY_INFO_ERROR) {
+            msg = SMK_ERROR;
+        } else {
+            msg = SMK_M1;
+        }
+    } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
+        msg = SMK_M3;
+    } else if (key_info & WPA_KEY_INFO_REQUEST) {
+        msg = REQUEST;
+    } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
+        msg = GROUP_2;
+    } else if (key_data_length == 0) {
+        msg = PAIRWISE_4;
+    } else {
+        msg = PAIRWISE_2;
+    }
+
+    /* TODO: key_info type validation for PeerKey */
+    if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
+        msg == GROUP_2) {
+        u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
+        if (sm->pairwise == WPA_CIPHER_CCMP ||
+            sm->pairwise == WPA_CIPHER_GCMP) {
+            if (wpa_use_aes_cmac(sm) &&
+                ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
+                return;
+            }
+
+            if (!wpa_use_aes_cmac(sm) &&
+                ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+                return;
+            }
+        }
+    }
+
+    if (key_info & WPA_KEY_INFO_REQUEST) {
+        if (sm->req_replay_counter_used &&
+        	memcmp(key->replay_counter, sm->req_replay_counter,
+                  WPA_REPLAY_COUNTER_LEN) <= 0) {
+            return;
+        }
+    }
+
+    if (!(key_info & WPA_KEY_INFO_REQUEST) &&
+        !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
+        int i;
+
+        if (msg == PAIRWISE_2 &&
+            wpa_replay_counter_valid(sm->prev_key_replay,
+                         key->replay_counter) &&
+            sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
+            memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
+        {
+            /*
+             * Some supplicant implementations (e.g., Windows XP
+             * WZC) update SNonce for each EAPOL-Key 2/4. This
+             * breaks the workaround on accepting any of the
+             * pending requests, so allow the SNonce to be updated
+             * even if we have already sent out EAPOL-Key 3/4.
+             */
+            sm->update_snonce = 1;
+            wpa_replay_counter_mark_invalid(sm->prev_key_replay,
+                            key->replay_counter);
+            goto continue_processing;
+        }
+
+        if (msg == PAIRWISE_2 &&
+            wpa_replay_counter_valid(sm->prev_key_replay,
+                         key->replay_counter) &&
+            sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
+        } else {
+        }
+        for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
+            if (!sm->key_replay[i].valid)
+                break;
+            wpa_hexdump(MSG_DEBUG, "pending replay counter",
+                    sm->key_replay[i].counter,
+                    WPA_REPLAY_COUNTER_LEN);
+        }
+        wpa_hexdump(MSG_DEBUG, "received replay counter",
+                key->replay_counter, WPA_REPLAY_COUNTER_LEN);
+        return;
+    }
+
+continue_processing:
+    switch (msg) {
+    case PAIRWISE_2:
+        if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
+            sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
+            (!sm->update_snonce ||
+             sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
+            return;
+        }
+        random_add_randomness(key->key_nonce, WPA_NONCE_LEN);
+        if (sm->group->reject_4way_hs_for_entropy) {
+            /*
+             * The system did not have enough entropy to generate
+             * strong random numbers. Reject the first 4-way
+             * handshake(s) and collect some entropy based on the
+             * information from it. Once enough entropy is
+             * available, the next atempt will trigger GMK/Key
+             * Counter update and the station will be allowed to
+             * continue.
+             */
+            wpa_printf( MSG_DEBUG, "WPA: Reject 4-way handshake to "
+                   "collect more entropy for random number "
+                   "generation");
+            random_mark_pool_ready();
+            wpa_sta_disconnect(wpa_auth, sm->addr);
+            return;
+        }
+        if (wpa_parse_kde_ies((u8 *) (key + 1), key_data_length,
+                      &kde) < 0) {
+            return;
+        }
+        if (kde.rsn_ie) {
+            eapol_key_ie = kde.rsn_ie;
+            eapol_key_ie_len = kde.rsn_ie_len;
+        } else {
+            eapol_key_ie = kde.wpa_ie;
+            eapol_key_ie_len = kde.wpa_ie_len;
+        }
+        ft = sm->wpa == WPA_VERSION_WPA2 &&
+            wpa_key_mgmt_ft(sm->wpa_key_mgmt);
+        if (sm->wpa_ie == NULL ||
+            wpa_compare_rsn_ie(ft,
+                       sm->wpa_ie, sm->wpa_ie_len,
+                       eapol_key_ie, eapol_key_ie_len)) {
+            if (sm->wpa_ie) {
+                wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
+                        sm->wpa_ie, sm->wpa_ie_len);
+            }
+            wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4",
+                    eapol_key_ie, eapol_key_ie_len);
+            /* MLME-DEAUTHENTICATE.request */
+            wpa_sta_disconnect(wpa_auth, sm->addr);
+            return;
+        }
+#ifdef CONFIG_IEEE80211R
+        if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) {
+            wpa_sta_disconnect(wpa_auth, sm->addr);
+            return;
+        }
+#endif /* CONFIG_IEEE80211R */
+        break;
+    case PAIRWISE_4:
+        if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
+            !sm->PTK_valid) {
+            return;
+        }
+        break;
+    case GROUP_2:
+        if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
+            || !sm->PTK_valid) {
+            return;
+        }
+        break;
+#ifdef CONFIG_PEERKEY
+    case SMK_M1:
+    case SMK_M3:
+    case SMK_ERROR:
+        if (!wpa_auth->conf.peerkey) {
+            wpa_printf( MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
+                   "PeerKey use disabled - ignoring message");
+            return;
+        }
+        if (!sm->PTK_valid) {
+            return;
+        }
+        break;
+#else /* CONFIG_PEERKEY */
+    case SMK_M1:
+    case SMK_M3:
+    case SMK_ERROR:
+        return; /* STSL disabled - ignore SMK messages */
+#endif /* CONFIG_PEERKEY */
+    case REQUEST:
+        break;
+    }
+
+
+    if (key_info & WPA_KEY_INFO_ACK) {
+        return;
+    }
+
+    if (!(key_info & WPA_KEY_INFO_MIC)) {
+        return;
+    }
+
+    sm->MICVerified = FALSE;
+    if (sm->PTK_valid && !sm->update_snonce) {
+        if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
+            return;
+        }
+        sm->MICVerified = TRUE;
+        eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
+        ets_timer_disarm(&sm->resend_eapol);
+        ets_timer_done(&sm->resend_eapol);
+        sm->pending_1_of_4_timeout = 0;
+    }
+
+    if (key_info & WPA_KEY_INFO_REQUEST) {
+        if (sm->MICVerified) {
+            sm->req_replay_counter_used = 1;
+            memcpy(sm->req_replay_counter, key->replay_counter,
+                  WPA_REPLAY_COUNTER_LEN);
+        } else {
+            return;
+        }
+
+        /*
+         * TODO: should decrypt key data field if encryption was used;
+         * even though MAC address KDE is not normally encrypted,
+         * supplicant is allowed to encrypt it.
+         */
+        if (msg == SMK_ERROR) {
+#ifdef CONFIG_PEERKEY
+            wpa_smk_error(wpa_auth, sm, key);
+#endif /* CONFIG_PEERKEY */
+            return;
+        } else if (key_info & WPA_KEY_INFO_ERROR) {
+            if (wpa_receive_error_report(
+                    wpa_auth, sm,
+                    !(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
+                return; /* STA entry was removed */
+        } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
+            wpa_request_new_ptk(sm);
+#ifdef CONFIG_PEERKEY
+        } else if (msg == SMK_M1) {
+            wpa_smk_m1(wpa_auth, sm, key);
+#endif /* CONFIG_PEERKEY */
+        } else if (key_data_length > 0 &&
+               wpa_parse_kde_ies((const u8 *) (key + 1),
+                         key_data_length, &kde) == 0 &&
+               kde.mac_addr) {
+        } else {
+            eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
+            wpa_rekey_gtk(wpa_auth, NULL);
+        }
+    } else {
+        /* Do not allow the same key replay counter to be reused. */
+        wpa_replay_counter_mark_invalid(sm->key_replay,
+                        key->replay_counter);
+
+        if (msg == PAIRWISE_2) {
+            /*
+             * Maintain a copy of the pending EAPOL-Key frames in
+             * case the EAPOL-Key frame was retransmitted. This is
+             * needed to allow EAPOL-Key msg 2/4 reply to another
+             * pending msg 1/4 to update the SNonce to work around
+             * unexpected supplicant behavior.
+             */
+            memcpy(sm->prev_key_replay, sm->key_replay,
+                  sizeof(sm->key_replay));
+        } else {
+            memset(sm->prev_key_replay, 0,
+                  sizeof(sm->prev_key_replay));
+        }
+
+        /*
+         * Make sure old valid counters are not accepted anymore and
+         * do not get copied again.
+         */
+        wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
+    }
+
+#ifdef CONFIG_PEERKEY
+    if (msg == SMK_M3) {
+        wpa_smk_m3(wpa_auth, sm, key);
+        return;
+    }
+#endif /* CONFIG_PEERKEY */
+
+    wpa_printf( MSG_DEBUG, "wpa_rx: free eapol=%p\n", sm->last_rx_eapol_key);
+    os_free(sm->last_rx_eapol_key);
+    sm->last_rx_eapol_key = (u8 *)os_malloc(data_len);
+    if (sm->last_rx_eapol_key == NULL)
+        return;
+    wpa_printf( MSG_DEBUG, "wpa_rx: new eapol=%p\n", sm->last_rx_eapol_key);
+    memcpy(sm->last_rx_eapol_key, data, data_len);
+    sm->last_rx_eapol_key_len = data_len;
+
+    sm->rx_eapol_key_secure = !!(key_info & WPA_KEY_INFO_SECURE);
+    sm->EAPOLKeyReceived = TRUE;
+    sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
+    sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST);
+    memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN);
+    wpa_sm_step(sm);
+}
+
+
+static int wpa_gmk_to_gtk(const u8 *gmk, const char *label, const u8 *addr,
+              const u8 *gnonce, u8 *gtk, size_t gtk_len)
+{
+    u8 data[ETH_ALEN + WPA_NONCE_LEN + 8 + 16];
+    u8 *pos;
+    int ret = 0;
+
+    /* GTK = PRF-X(GMK, "Group key expansion",
+     *    AA || GNonce || Time || random data)
+     * The example described in the IEEE 802.11 standard uses only AA and
+     * GNonce as inputs here. Add some more entropy since this derivation
+     * is done only at the Authenticator and as such, does not need to be
+     * exactly same.
+     */
+    memcpy(data, addr, ETH_ALEN);
+    memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN);
+    pos = data + ETH_ALEN + WPA_NONCE_LEN;
+    wpa_get_ntp_timestamp(pos);
+    pos += 8;
+    if (os_get_random(pos, 16) < 0)
+        ret = -1;
+
+#ifdef CONFIG_IEEE80211W
+    fast_sha256_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len);
+#else /* CONFIG_IEEE80211W */
+    if (sha1_prf(gmk, WPA_GMK_LEN, label, data, sizeof(data), gtk, gtk_len) < 0)
+        ret = -1;
+#endif /* CONFIG_IEEE80211W */
+
+    return ret;
+}
+
+
+static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
+{
+    struct wpa_state_machine *sm = timeout_ctx;
+
+    sm->pending_1_of_4_timeout = 0;
+    sm->TimeoutEvt = TRUE;
+    wpa_sm_step(sm);
+}
+
+
+void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
+              struct wpa_state_machine *sm, int key_info,
+              const u8 *key_rsc, const u8 *nonce,
+              const u8 *kde, size_t kde_len,
+              int keyidx, int encr, int force_version)
+{
+    struct ieee802_1x_hdr *hdr;
+    struct wpa_eapol_key *key;
+    size_t len;
+    int alg;
+    int key_data_len, pad_len = 0;
+    u8 *buf, *pos;
+    int version, pairwise;
+    int i;
+
+    wpa_printf( MSG_DEBUG, "wpa_auth=%p sm=%p  kdersc=%p kde=%p nounce=%p kde_len=%u keyidx=%d encr=%d force=%d\n",
+                   wpa_auth,sm, key_rsc, kde, nonce, kde_len, keyidx, encr, force_version);
+    len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
+
+    if (force_version)
+        version = force_version;
+    else if (wpa_use_aes_cmac(sm))
+        version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
+    else if (sm->pairwise != WPA_CIPHER_TKIP)
+        version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
+    else
+        version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
+
+    pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
+
+    wpa_printf( MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
+           "ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
+           "encr=%d)\n",
+           version,
+           (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
+           (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
+           (key_info & WPA_KEY_INFO_ACK) ? 1 : 0,
+           (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0,
+           pairwise, (unsigned long) kde_len, keyidx, encr);
+
+    key_data_len = kde_len;
+
+    if ((version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
+         version == WPA_KEY_INFO_TYPE_AES_128_CMAC) && encr) {
+        pad_len = key_data_len % 8;
+        if (pad_len)
+            pad_len = 8 - pad_len;
+        key_data_len += pad_len + 8;
+    }
+
+    len += key_data_len;
+
+    hdr = (struct ieee802_1x_hdr *)os_zalloc(len);
+    if (hdr == NULL)
+        return;
+    hdr->version = wpa_auth->conf.eapol_version;
+    hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
+    hdr->length = host_to_be16(len  - sizeof(*hdr));
+    key = (struct wpa_eapol_key *) (hdr + 1);
+
+    key->type = sm->wpa == WPA_VERSION_WPA2 ?
+        EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
+    key_info |= version;
+    if (encr && sm->wpa == WPA_VERSION_WPA2)
+        key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
+    if (sm->wpa != WPA_VERSION_WPA2)
+        key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
+    WPA_PUT_BE16(key->key_info, key_info);
+
+    alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
+    WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
+    if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
+        WPA_PUT_BE16(key->key_length, 0);
+
+    /* FIX: STSL: what to use as key_replay_counter? */
+    for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
+        sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
+        memcpy(sm->key_replay[i].counter,
+              sm->key_replay[i - 1].counter,
+              WPA_REPLAY_COUNTER_LEN);
+    }
+    inc_byte_array(sm->key_replay[0].counter, WPA_REPLAY_COUNTER_LEN);
+    memcpy(key->replay_counter, sm->key_replay[0].counter,
+          WPA_REPLAY_COUNTER_LEN);
+    sm->key_replay[0].valid = TRUE;
+
+    if (nonce)
+        memcpy(key->key_nonce, nonce, WPA_NONCE_LEN);
+
+    if (key_rsc)
+        memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
+
+    if (kde && !encr) {
+        memcpy(key + 1, kde, kde_len);
+        WPA_PUT_BE16(key->key_data_length, kde_len);
+    } else if (encr && kde) {
+        buf = (u8 *)os_zalloc(key_data_len);
+        if (buf == NULL) {
+            os_free(hdr);
+            return;
+        }
+        pos = buf;
+        memcpy(pos, kde, kde_len);
+        pos += kde_len;
+
+        if (pad_len)
+            *pos++ = 0xdd;
+
+        wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data",
+                buf, key_data_len);
+        if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
+            version == WPA_KEY_INFO_TYPE_AES_128_CMAC) {
+            if (fast_aes_wrap(sm->PTK.kek, (key_data_len - 8) / 8, buf,
+            		(u8 *) (key + 1))) {
+            	os_free(hdr);
+            	os_free(buf);
+            	return;
+            }
+            WPA_PUT_BE16(key->key_data_length, key_data_len);
+        } else {
+            u8 ek[32];
+            memcpy(key->key_iv,
+                  sm->group->Counter + WPA_NONCE_LEN - 16, 16);
+            inc_byte_array(sm->group->Counter, WPA_NONCE_LEN);
+            memcpy(ek, key->key_iv, 16);
+            memcpy(ek + 16, sm->PTK.kek, 16);
+            memcpy(key + 1, buf, key_data_len);
+            rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len);
+            WPA_PUT_BE16(key->key_data_length, key_data_len);
+        }
+        os_free(buf);
+    }
+
+    if (key_info & WPA_KEY_INFO_MIC) {
+        if (!sm->PTK_valid) {
+            os_free(hdr);
+            return;
+        }
+        wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
+                  key->key_mic);
+    }
+
+    wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, 1);
+    wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len, sm->pairwise_set);
+    os_free(hdr);
+}
+
+int hostap_eapol_resend_process(void *timeout_ctx)
+{
+    u32 index = (u32)timeout_ctx;
+    struct wpa_state_machine *sm = wpa_auth_get_sm(index);
+
+    wpa_printf( MSG_DEBUG, "resend eapol1");
+
+    if(sm) {
+        sm->pending_1_of_4_timeout = 0;
+        sm->TimeoutEvt = TRUE;
+        sm->in_step_loop = 0;
+        wpa_sm_step(sm);
+    } else {
+    	wpa_printf( MSG_INFO, "Station left, stop send EAPOL frame");
+    }
+
+    return ESP_OK;
+}
+
+void resend_eapol_handle(void *timeout_ctx)
+{
+    wifi_ipc_config_t cfg;
+
+    cfg.fn = hostap_eapol_resend_process;
+    cfg.arg = timeout_ctx;
+    cfg.arg_size = 0;
+    esp_wifi_ipc_internal(&cfg, false);
+}
+
+static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
+               struct wpa_state_machine *sm, int key_info,
+               const u8 *key_rsc, const u8 *nonce,
+               const u8 *kde, size_t kde_len,
+               int keyidx, int encr)
+{
+    int timeout_ms;
+    int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
+    int ctr;
+
+    if (sm == NULL)
+        return;
+
+    __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len,
+             keyidx, encr, 0);
+
+    ctr = pairwise ? sm->TimeoutCtr : sm->GTimeoutCtr;
+    if (ctr == 1 && wpa_auth->conf.tx_status)
+        timeout_ms = pairwise ? eapol_key_timeout_first :
+            eapol_key_timeout_first_group;
+    else
+        timeout_ms = eapol_key_timeout_subseq;
+    if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
+        sm->pending_1_of_4_timeout = 1;
+    wpa_printf( MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
+           "counter %d)\n", timeout_ms, ctr);
+    eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
+                   wpa_send_eapol_timeout, wpa_auth, sm);
+    ets_timer_disarm(&sm->resend_eapol);
+    ets_timer_setfn(&sm->resend_eapol, (ETSTimerFunc *)resend_eapol_handle, (void*)(sm->index));
+    ets_timer_arm(&sm->resend_eapol, 1000, 0);
+}
+
+
+static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len)
+{
+    struct ieee802_1x_hdr *hdr;
+    struct wpa_eapol_key *key;
+    u16 key_info;
+    int ret = 0;
+    int mic_ret = 0;
+    u8 mic[16];
+    char debug_log[8];
+
+    if (data_len < sizeof(*hdr) + sizeof(*key)){
+        wpa_printf( MSG_DEBUG, "invalid data length, len=%u\n", data_len);
+        return -1;
+    }
+
+    hdr = (struct ieee802_1x_hdr *) data;
+    key = (struct wpa_eapol_key *) (hdr + 1);
+    key_info = WPA_GET_BE16(key->key_info);
+    memcpy(mic, key->key_mic, 16);
+    memset(key->key_mic, 0, 16);
+
+    mic_ret = wpa_eapol_key_mic(PTK->kck, key_info & WPA_KEY_INFO_TYPE_MASK, data, data_len, key->key_mic);
+    if ( mic_ret || memcmp(mic, key->key_mic, 16) != 0) {
+        ret = -1;
+    }
+    os_memset(debug_log, 0, 8);
+    os_memcpy(debug_log, "you mic", sizeof("you mic"));
+    wpa_dump_mem(debug_log, mic, 16);
+    os_memset(debug_log, 0, 8);
+    os_memcpy(debug_log, "my mic", sizeof("my mic"));
+    wpa_dump_mem(debug_log, key->key_mic, 16);
+
+    memcpy(key->key_mic, mic, 16);
+    return ret;
+}
+
+
+void wpa_remove_ptk(struct wpa_state_machine *sm)
+{
+    sm->PTK_valid = FALSE;
+    memset(&sm->PTK, 0, sizeof(sm->PTK));
+    wpa_auth_set_key(sm->wpa_auth, 0, WPA_ALG_NONE, sm->addr, 0, NULL, 0);
+    sm->pairwise_set = FALSE;
+    eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
+}
+
+
+int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
+{
+    int remove_ptk = 1;
+
+    if (sm == NULL)
+        return -1;
+    
+    switch (event) {
+    case WPA_AUTH:
+    case WPA_ASSOC:
+        break;
+    case WPA_DEAUTH:
+    case WPA_DISASSOC:
+        sm->DeauthenticationRequest = TRUE;
+        break;
+    case WPA_REAUTH:
+    case WPA_REAUTH_EAPOL:
+        if (!sm->started) {
+            /*
+             * When using WPS, we may end up here if the STA
+             * manages to re-associate without the previous STA
+             * entry getting removed. Consequently, we need to make
+             * sure that the WPA state machines gets initialized
+             * properly at this point.
+             */
+            wpa_printf( MSG_DEBUG, "WPA state machine had not been "
+                   "started - initialize now");
+            sm->started = 1;
+            sm->Init = TRUE;
+            if (wpa_sm_step(sm) == 1)
+                return 1; /* should not really happen */
+            sm->Init = FALSE;
+            sm->AuthenticationRequest = TRUE;
+            break;
+        }
+        if (sm->GUpdateStationKeys) {
+            /*
+             * Reauthentication cancels the pending group key
+             * update for this STA.
+             */
+            sm->group->GKeyDoneStations--;
+            sm->GUpdateStationKeys = FALSE;
+            sm->PtkGroupInit = TRUE;
+        }
+        sm->ReAuthenticationRequest = TRUE;
+        break;
+    case WPA_ASSOC_FT:
+#ifdef CONFIG_IEEE80211R
+        wpa_printf( MSG_DEBUG, "FT: Retry PTK configuration "
+               "after association");
+        wpa_ft_install_ptk(sm);
+
+        /* Using FT protocol, not WPA auth state machine */
+        sm->ft_completed = 1;
+        return 0;
+#else /* CONFIG_IEEE80211R */
+        break;
+#endif /* CONFIG_IEEE80211R */
+    }
+
+#ifdef CONFIG_IEEE80211R
+    sm->ft_completed = 0;
+#endif /* CONFIG_IEEE80211R */
+
+#ifdef CONFIG_IEEE80211W
+    if (sm->mgmt_frame_prot && event == WPA_AUTH)
+        remove_ptk = 0;
+#endif /* CONFIG_IEEE80211W */
+
+    if (remove_ptk) {
+        sm->PTK_valid = FALSE;
+        memset(&sm->PTK, 0, sizeof(sm->PTK));
+
+        if (event != WPA_REAUTH_EAPOL)
+            wpa_remove_ptk(sm);
+    }
+
+    return wpa_sm_step(sm);
+}
+
+
+SM_STATE(WPA_PTK, INITIALIZE)
+{
+    SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk);
+    if (sm->Init) {
+        /* Init flag is not cleared here, so avoid busy
+         * loop by claiming nothing changed. */
+        sm->changed = FALSE;
+    }
+
+    sm->keycount = 0;
+    if (sm->GUpdateStationKeys)
+        sm->group->GKeyDoneStations--;
+    sm->GUpdateStationKeys = FALSE;
+    if (sm->wpa == WPA_VERSION_WPA)
+        sm->PInitAKeys = FALSE;
+    if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and
+           * Local AA > Remote AA)) */) {
+        sm->Pair = TRUE;
+    }
+    wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0);
+    wpa_remove_ptk(sm);
+    wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0);
+    sm->TimeoutCtr = 0;
+    if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
+        wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+                   WPA_EAPOL_authorized, 0);
+    }
+}
+
+
+SM_STATE(WPA_PTK, DISCONNECT)
+{
+    SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk);
+    sm->Disconnect = FALSE;
+    wpa_sta_disconnect(sm->wpa_auth, sm->addr);
+}
+
+
+SM_STATE(WPA_PTK, DISCONNECTED)
+{
+    SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk);
+    sm->DeauthenticationRequest = FALSE;
+}
+
+
+SM_STATE(WPA_PTK, AUTHENTICATION)
+{
+    SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk);
+    memset(&sm->PTK, 0, sizeof(sm->PTK));
+    sm->PTK_valid = FALSE;
+    wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto,
+               1);
+    wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1);
+    sm->AuthenticationRequest = FALSE;
+}
+
+
+static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
+                  struct wpa_group *group)
+{
+    if (group->first_sta_seen)
+        return;
+    /*
+     * System has run bit further than at the time hostapd was started
+     * potentially very early during boot up. This provides better chances
+     * of collecting more randomness on embedded systems. Re-initialize the
+     * GMK and Counter here to improve their strength if there was not
+     * enough entropy available immediately after system startup.
+     */
+    wpa_printf( MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
+           "station\n");
+    if (random_pool_ready() != 1) {
+        wpa_printf( MSG_INFO, "WPA: Not enough entropy in random pool "
+               "to proceed - reject first 4-way handshake");
+        group->reject_4way_hs_for_entropy = TRUE;
+    } else {
+        group->first_sta_seen = TRUE;
+        group->reject_4way_hs_for_entropy = FALSE;
+    }
+
+    wpa_group_init_gmk_and_counter(wpa_auth, group);
+    wpa_gtk_update(wpa_auth, group);
+    wpa_group_config_group_keys(wpa_auth, group);
+}
+
+
+SM_STATE(WPA_PTK, AUTHENTICATION2)
+{
+    SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
+
+    wpa_group_ensure_init(sm->wpa_auth, sm->group);
+
+    /*
+     * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
+     * ambiguous. The Authenticator state machine uses a counter that is
+     * incremented by one for each 4-way handshake. However, the security
+     * analysis of 4-way handshake points out that unpredictable nonces
+     * help in preventing precomputation attacks. Instead of the state
+     * machine definition, use an unpredictable nonce value here to provide
+     * stronger protection against potential precomputation attacks.
+     */
+    if (os_get_random(sm->ANonce, WPA_NONCE_LEN)) {
+        wpa_printf( MSG_ERROR, "WPA: Failed to get random data for "
+               "ANonce.");
+        wpa_sta_disconnect(sm->wpa_auth, sm->addr);
+        return;
+    }
+    wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
+            WPA_NONCE_LEN);
+    sm->ReAuthenticationRequest = FALSE;
+    /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
+     * logical place than INITIALIZE since AUTHENTICATION2 can be
+     * re-entered on ReAuthenticationRequest without going through
+     * INITIALIZE. */
+    sm->TimeoutCtr = 0;
+}
+
+
+SM_STATE(WPA_PTK, INITPMK)
+{
+    u8 msk[2 * PMK_LEN];
+    size_t len = 2 * PMK_LEN;
+
+    SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
+#ifdef CONFIG_IEEE80211R
+    sm->xxkey_len = 0;
+#endif /* CONFIG_IEEE80211R */
+
+    if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
+        wpa_printf( MSG_DEBUG, "WPA: PMK from EAPOL state machine "
+               "(len=%lu)", (unsigned long) len);
+        memcpy(sm->PMK, msk, PMK_LEN);
+#ifdef CONFIG_IEEE80211R
+        if (len >= 2 * PMK_LEN) {
+            memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
+            sm->xxkey_len = PMK_LEN;
+        }
+#endif /* CONFIG_IEEE80211R */
+    } else {
+        wpa_printf( MSG_DEBUG, "WPA: Could not get PMK");
+    }
+
+    sm->req_replay_counter_used = 0;
+    /* IEEE 802.11i does not set keyRun to FALSE, but not doing this
+     * will break reauthentication since EAPOL state machines may not be
+     * get into AUTHENTICATING state that clears keyRun before WPA state
+     * machine enters AUTHENTICATION2 state and goes immediately to INITPMK
+     * state and takes PMK from the previously used AAA Key. This will
+     * eventually fail in 4-Way Handshake because Supplicant uses PMK
+     * derived from the new AAA Key. Setting keyRun = FALSE here seems to
+     * be good workaround for this issue. */
+    wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0);
+}
+
+
+SM_STATE(WPA_PTK, INITPSK)
+{
+    const u8 *psk;
+    SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk);
+    psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL);
+    if (psk) {
+        memcpy(sm->PMK, psk, PMK_LEN);
+#ifdef CONFIG_IEEE80211R
+        memcpy(sm->xxkey, psk, PMK_LEN);
+        sm->xxkey_len = PMK_LEN;
+#endif /* CONFIG_IEEE80211R */
+    }
+    sm->req_replay_counter_used = 0;
+}
+
+
+SM_STATE(WPA_PTK, PTKSTART)
+{
+    u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
+    size_t pmkid_len = 0;
+
+    SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
+    sm->PTKRequest = FALSE;
+    sm->TimeoutEvt = FALSE;
+
+    sm->TimeoutCtr++;
+    if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
+        /* No point in sending the EAPOL-Key - we will disconnect
+         * immediately following this. */
+        return;
+    }
+
+    /*
+     * TODO: Could add PMKID even with WPA2-PSK, but only if there is only
+     * one possible PSK for this STA.
+     */
+    if (sm->wpa == WPA_VERSION_WPA2 &&
+        wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt)) {
+        pmkid = buf;
+        pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN;
+        pmkid[0] = WLAN_EID_VENDOR_SPECIFIC;
+        pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN;
+        RSN_SELECTOR_PUT(&pmkid[2], RSN_KEY_DATA_PMKID);
+
+        {
+            /*
+             * Calculate PMKID since no PMKSA cache entry was
+             * available with pre-calculated PMKID.
+             */
+            rsn_pmkid(sm->PMK, PMK_LEN, sm->wpa_auth->addr,
+                  sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
+                  wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
+        }
+    }
+    wpa_send_eapol(sm->wpa_auth, sm,
+               WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
+               sm->ANonce, pmkid, pmkid_len, 0, 0);
+}
+
+
+static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
+              struct wpa_ptk *ptk)
+{
+    size_t ptk_len = sm->pairwise != WPA_CIPHER_TKIP ? 48 : 64;
+#ifdef CONFIG_IEEE80211R
+    if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
+        return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
+#endif /* CONFIG_IEEE80211R */
+
+    wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
+               sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
+               (u8 *) ptk, ptk_len,
+               wpa_key_mgmt_sha256(sm->wpa_key_mgmt));
+
+    return 0;
+}
+
+
+SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
+{
+    struct wpa_ptk PTK;
+    int ok = 0;
+    const u8 *pmk = NULL;
+
+    SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
+    sm->EAPOLKeyReceived = FALSE;
+    sm->update_snonce = FALSE;
+
+    /* WPA with IEEE 802.1X: use the derived PMK from EAP
+     * WPA-PSK: iterate through possible PSKs and select the one matching
+     * the packet */
+    for (;;) {
+        if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
+            wpa_printf( MSG_DEBUG, "wpa psk\n");
+            pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
+            if (pmk == NULL){
+                wpa_printf( MSG_DEBUG, "pmk is null\n");
+                break;
+            }
+        } else {
+            pmk = sm->PMK;
+        }
+
+        wpa_derive_ptk(sm, pmk, &PTK);
+
+        if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key,
+                       sm->last_rx_eapol_key_len) == 0) {
+            wpa_printf( MSG_DEBUG, "mic verify ok, pmk=%p\n", pmk);
+            ok = 1;
+            break;
+        } else {
+            wpa_printf( MSG_DEBUG, "mic verify fail, pmk=%p\n", pmk);
+        }
+
+        if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)){
+            wpa_printf( MSG_DEBUG, "wpa_key_mgmt=%x\n", sm->wpa_key_mgmt);
+            break;
+        }
+    }
+
+    if (!ok) {
+        return;
+    }
+
+#ifdef CONFIG_IEEE80211R
+    if (sm->wpa == WPA_VERSION_WPA2 && wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
+        /*
+         * Verify that PMKR1Name from EAPOL-Key message 2/4 matches
+         * with the value we derived.
+         */
+        if (memcmp(sm->sup_pmk_r1_name, sm->pmk_r1_name,
+                  WPA_PMK_NAME_LEN) != 0) {
+            wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from "
+                    "Supplicant",
+                    sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
+            wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
+                    sm->pmk_r1_name, WPA_PMK_NAME_LEN);
+            return;
+        }
+    }
+#endif /* CONFIG_IEEE80211R */
+
+    sm->pending_1_of_4_timeout = 0;
+    eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
+
+    if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
+        /* PSK may have changed from the previous choice, so update
+         * state machine data based on whatever PSK was selected here.
+         */
+        memcpy(sm->PMK, pmk, PMK_LEN);
+    }
+
+    sm->MICVerified = TRUE;
+
+    memcpy(&sm->PTK, &PTK, sizeof(PTK));
+    sm->PTK_valid = TRUE;
+}
+
+
+SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2)
+{
+    SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk);
+    sm->TimeoutCtr = 0;
+}
+
+
+#ifdef CONFIG_IEEE80211W
+
+static int ieee80211w_kde_len(struct wpa_state_machine *sm)
+{
+    if (sm->mgmt_frame_prot) {
+        return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde);
+    }
+
+    return 0;
+}
+
+
+static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
+{
+    struct wpa_igtk_kde igtk;
+    struct wpa_group *gsm = sm->group;
+
+    if (!sm->mgmt_frame_prot)
+        return pos;
+
+    igtk.keyid[0] = gsm->GN_igtk;
+    igtk.keyid[1] = 0;
+    if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
+        wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
+        memset(igtk.pn, 0, sizeof(igtk.pn));
+    memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
+    if (sm->wpa_auth->conf.disable_gtk) {
+        /*
+         * Provide unique random IGTK to each STA to prevent use of
+         * IGTK in the BSS.
+         */
+        if (os_get_random(igtk.igtk, WPA_IGTK_LEN) < 0)
+            return pos;
+    }
+    pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
+              (const u8 *) &igtk, sizeof(igtk), NULL, 0);
+
+    return pos;
+}
+
+#else /* CONFIG_IEEE80211W */
+
+static int ieee80211w_kde_len(struct wpa_state_machine *sm)
+{
+    return 0;
+}
+
+
+static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
+{
+    return pos;
+}
+
+#endif /* CONFIG_IEEE80211W */
+
+
+SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
+{
+    u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos, dummy_gtk[32];
+    size_t gtk_len, kde_len;
+    struct wpa_group *gsm = sm->group;
+    u8 *wpa_ie;
+    int wpa_ie_len, secure, keyidx, encr = 0;
+
+    SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
+    sm->TimeoutEvt = FALSE;
+
+    sm->TimeoutCtr++;
+    if (sm->TimeoutCtr > (int) dot11RSNAConfigPairwiseUpdateCount) {
+        /* No point in sending the EAPOL-Key - we will disconnect
+         * immediately following this. */
+        return;
+    }
+
+    /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
+       GTK[GN], IGTK, [FTIE], [TIE * 2])
+     */
+    memset(rsc, 0, WPA_KEY_RSC_LEN);
+    wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
+    /* If FT is used, wpa_auth->wpa_ie includes both RSNIE and MDIE */
+    wpa_ie = sm->wpa_auth->wpa_ie;
+    wpa_ie_len = sm->wpa_auth->wpa_ie_len;
+    if (sm->wpa == WPA_VERSION_WPA &&
+        (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
+        wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
+        /* WPA-only STA, remove RSN IE */
+        wpa_ie = wpa_ie + wpa_ie[1] + 2;
+        wpa_ie_len = wpa_ie[1] + 2;
+    }
+    if (sm->wpa == WPA_VERSION_WPA2) {
+        /* WPA2 send GTK in the 4-way handshake */
+        secure = 1;
+        gtk = gsm->GTK[gsm->GN - 1];
+        gtk_len = gsm->GTK_len;
+        if (sm->wpa_auth->conf.disable_gtk) {
+            /*
+             * Provide unique random GTK to each STA to prevent use
+             * of GTK in the BSS.
+             */
+            if (os_get_random(dummy_gtk, gtk_len) < 0)
+                return;
+            gtk = dummy_gtk;
+        }
+        keyidx = gsm->GN;
+        _rsc = rsc;
+        encr = 1;
+    } else {
+        /* WPA does not include GTK in msg 3/4 */
+        secure = 0;
+        gtk = NULL;
+        gtk_len = 0;
+        keyidx = 0;
+        _rsc = NULL;
+        if (sm->rx_eapol_key_secure) {
+            /*
+             * It looks like Windows 7 supplicant tries to use
+             * Secure bit in msg 2/4 after having reported Michael
+             * MIC failure and it then rejects the 4-way handshake
+             * if msg 3/4 does not set Secure bit. Work around this
+             * by setting the Secure bit here even in the case of
+             * WPA if the supplicant used it first.
+             */
+            secure = 1;
+        }
+    }
+
+    kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
+    if (gtk)
+        kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
+#ifdef CONFIG_IEEE80211R
+    if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
+        kde_len += 2 + PMKID_LEN; /* PMKR1Name into RSN IE */
+        kde_len += 300; /* FTIE + 2 * TIE */
+    }
+#endif /* CONFIG_IEEE80211R */
+    kde = (u8 *)os_malloc(kde_len);
+    if (kde == NULL)
+        return;
+
+    pos = kde;
+    memcpy(pos, wpa_ie, wpa_ie_len);
+    pos += wpa_ie_len;
+#ifdef CONFIG_IEEE80211R
+    if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
+        int res = wpa_insert_pmkid(kde, pos - kde, sm->pmk_r1_name);
+        if (res < 0) {
+            wpa_printf( MSG_ERROR, "FT: Failed to insert "
+                   "PMKR1Name into RSN IE in EAPOL-Key data");
+            os_free(kde);
+            return;
+        }
+        pos += res;
+    }
+#endif /* CONFIG_IEEE80211R */
+    if (gtk) {
+        u8 hdr[2];
+        hdr[0] = keyidx & 0x03;
+        hdr[1] = 0;
+        pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
+                  gtk, gtk_len);
+    }
+    pos = ieee80211w_kde_add(sm, pos);
+
+#ifdef CONFIG_IEEE80211R
+    if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
+        int res;
+        struct wpa_auth_config *conf;
+
+        conf = &sm->wpa_auth->conf;
+        res = wpa_write_ftie(conf, conf->r0_key_holder,
+                     conf->r0_key_holder_len,
+                     NULL, NULL, pos, kde + kde_len - pos,
+                     NULL, 0);
+        if (res < 0) {
+            wpa_printf( MSG_ERROR, "FT: Failed to insert FTIE "
+                   "into EAPOL-Key Key Data");
+            os_free(kde);
+            return;
+        }
+        pos += res;
+
+        /* TIE[ReassociationDeadline] (TU) */
+        *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
+        *pos++ = 5;
+        *pos++ = WLAN_TIMEOUT_REASSOC_DEADLINE;
+        WPA_PUT_LE32(pos, conf->reassociation_deadline);
+        pos += 4;
+
+        /* TIE[KeyLifetime] (seconds) */
+        *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
+        *pos++ = 5;
+        *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
+        WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
+        pos += 4;
+    }
+#endif /* CONFIG_IEEE80211R */
+
+    wpa_send_eapol(sm->wpa_auth, sm,
+               (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC |
+               WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
+               WPA_KEY_INFO_KEY_TYPE,
+               _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
+    os_free(kde);
+}
+
+
+SM_STATE(WPA_PTK, PTKINITDONE)
+{
+    SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk);
+    sm->EAPOLKeyReceived = FALSE;
+    if (sm->Pair) {
+        enum wpa_alg alg = wpa_cipher_to_alg(sm->pairwise);
+        int klen = wpa_cipher_key_len(sm->pairwise);
+        if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
+                     sm->PTK.tk1, klen)) {
+            wpa_sta_disconnect(sm->wpa_auth, sm->addr);
+            return;
+        }
+        /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
+        sm->pairwise_set = TRUE;
+
+        if (sm->wpa_auth->conf.wpa_ptk_rekey) {
+            eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
+            eloop_register_timeout(sm->wpa_auth->conf.
+                           wpa_ptk_rekey, 0, wpa_rekey_ptk,
+                           sm->wpa_auth, sm);
+        }
+
+        if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
+            wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+                       WPA_EAPOL_authorized, 1);
+        }
+    }
+
+    if (0 /* IBSS == TRUE */) {
+        sm->keycount++;
+        if (sm->keycount == 2) {
+            wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+                       WPA_EAPOL_portValid, 1);
+        }
+    } else {
+        wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid,
+                   1);
+    }
+    wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0);
+    wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1);
+    if (sm->wpa == WPA_VERSION_WPA)
+        sm->PInitAKeys = TRUE;
+    else
+        sm->has_GTK = TRUE;
+
+
+{
+    esp_wifi_wpa_ptk_init_done_internal(sm->addr);
+}
+#ifdef CONFIG_IEEE80211R
+    wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
+#endif /* CONFIG_IEEE80211R */
+}
+
+
+SM_STEP(WPA_PTK)
+{
+
+    if (sm->Init)
+        SM_ENTER(WPA_PTK, INITIALIZE);
+    else if (sm->Disconnect
+         /* || FIX: dot11RSNAConfigSALifetime timeout */) {
+        SM_ENTER(WPA_PTK, DISCONNECT);
+    }
+    else if (sm->DeauthenticationRequest)
+        SM_ENTER(WPA_PTK, DISCONNECTED);
+    else if (sm->AuthenticationRequest)
+        SM_ENTER(WPA_PTK, AUTHENTICATION);
+    else if (sm->ReAuthenticationRequest)
+        SM_ENTER(WPA_PTK, AUTHENTICATION2);
+    else if (sm->PTKRequest)
+        SM_ENTER(WPA_PTK, PTKSTART);
+    else switch (sm->wpa_ptk_state) {
+    case WPA_PTK_INITIALIZE:
+        break;
+    case WPA_PTK_DISCONNECT:
+        SM_ENTER(WPA_PTK, DISCONNECTED);
+        break;
+    case WPA_PTK_DISCONNECTED:
+        SM_ENTER(WPA_PTK, INITIALIZE);
+        break;
+    case WPA_PTK_AUTHENTICATION:
+        SM_ENTER(WPA_PTK, AUTHENTICATION2);
+        break;
+    case WPA_PTK_AUTHENTICATION2:
+        if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
+            wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
+                       WPA_EAPOL_keyRun) > 0)
+            SM_ENTER(WPA_PTK, INITPMK);
+        else if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)
+             /* FIX: && 802.1X::keyRun */)
+            SM_ENTER(WPA_PTK, INITPSK);
+        break;
+    case WPA_PTK_INITPMK:
+        if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr,
+                       WPA_EAPOL_keyAvailable) > 0)
+            SM_ENTER(WPA_PTK, PTKSTART);
+        else {
+            SM_ENTER(WPA_PTK, DISCONNECT);
+        }
+        break;
+    case WPA_PTK_INITPSK:
+        if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL))
+            SM_ENTER(WPA_PTK, PTKSTART);
+        else {
+            SM_ENTER(WPA_PTK, DISCONNECT);
+        }
+        break;
+    case WPA_PTK_PTKSTART:
+        if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
+            sm->EAPOLKeyPairwise)
+            SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
+        else if (sm->TimeoutCtr >
+             (int) dot11RSNAConfigPairwiseUpdateCount) {
+            SM_ENTER(WPA_PTK, DISCONNECT);
+        } else if (sm->TimeoutEvt)
+            SM_ENTER(WPA_PTK, PTKSTART);
+        break;
+    case WPA_PTK_PTKCALCNEGOTIATING:
+        if (sm->MICVerified)
+            SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2);
+        else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
+             sm->EAPOLKeyPairwise)
+            SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
+        else if (sm->TimeoutEvt)
+            SM_ENTER(WPA_PTK, PTKSTART);
+        break;
+    case WPA_PTK_PTKCALCNEGOTIATING2:
+        SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
+        break;
+    case WPA_PTK_PTKINITNEGOTIATING:
+        if (sm->update_snonce)
+            SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
+        else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
+             sm->EAPOLKeyPairwise && sm->MICVerified)
+            SM_ENTER(WPA_PTK, PTKINITDONE);
+        else if (sm->TimeoutCtr >
+             (int) dot11RSNAConfigPairwiseUpdateCount) {
+            SM_ENTER(WPA_PTK, DISCONNECT);
+        } else if (sm->TimeoutEvt)
+            SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
+        break;
+    case WPA_PTK_PTKINITDONE:
+        break;
+    }
+}
+
+
+SM_STATE(WPA_PTK_GROUP, IDLE)
+{
+    SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group);
+    if (sm->Init) {
+        /* Init flag is not cleared here, so avoid busy
+         * loop by claiming nothing changed. */
+        sm->changed = FALSE;
+    }
+    sm->GTimeoutCtr = 0;
+}
+
+
+SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
+{
+    u8 rsc[WPA_KEY_RSC_LEN];
+    struct wpa_group *gsm = sm->group;
+    u8 *kde, *pos, hdr[2];
+    size_t kde_len;
+    u8 *gtk, dummy_gtk[32];
+
+    SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
+
+    sm->GTimeoutCtr++;
+    if (sm->GTimeoutCtr > (int) dot11RSNAConfigGroupUpdateCount) {
+        /* No point in sending the EAPOL-Key - we will disconnect
+         * immediately following this. */
+        return;
+    }
+
+    if (sm->wpa == WPA_VERSION_WPA)
+        sm->PInitAKeys = FALSE;
+    sm->TimeoutEvt = FALSE;
+    /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
+    memset(rsc, 0, WPA_KEY_RSC_LEN);
+    if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
+        wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
+
+    gtk = gsm->GTK[gsm->GN - 1];
+    if (sm->wpa_auth->conf.disable_gtk) {
+        /*
+         * Provide unique random GTK to each STA to prevent use
+         * of GTK in the BSS.
+         */
+        if (os_get_random(dummy_gtk, gsm->GTK_len) < 0)
+            return;
+        gtk = dummy_gtk;
+    }
+    if (sm->wpa == WPA_VERSION_WPA2) {
+        kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len +
+            ieee80211w_kde_len(sm);
+        kde = (u8 *)os_malloc(kde_len);
+        if (kde == NULL)
+            return;
+
+        pos = kde;
+        hdr[0] = gsm->GN & 0x03;
+        hdr[1] = 0;
+        pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
+                  gtk, gsm->GTK_len);
+        pos = ieee80211w_kde_add(sm, pos);
+    } else {
+        kde = gtk;
+        pos = kde + gsm->GTK_len;
+    }
+
+    wpa_send_eapol(sm->wpa_auth, sm,
+               WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
+               WPA_KEY_INFO_ACK |
+               (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
+               rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
+    if (sm->wpa == WPA_VERSION_WPA2)
+        os_free(kde);
+}
+
+
+SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
+{
+    SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group);
+    sm->EAPOLKeyReceived = FALSE;
+    if (sm->GUpdateStationKeys)
+        sm->group->GKeyDoneStations--;
+    sm->GUpdateStationKeys = FALSE;
+    sm->GTimeoutCtr = 0;
+    /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
+    sm->has_GTK = TRUE;
+}
+
+
+SM_STATE(WPA_PTK_GROUP, KEYERROR)
+{
+    SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group);
+    if (sm->GUpdateStationKeys)
+        sm->group->GKeyDoneStations--;
+    sm->GUpdateStationKeys = FALSE;
+    sm->Disconnect = TRUE;
+}
+
+
+SM_STEP(WPA_PTK_GROUP)
+{
+    if (sm->Init || sm->PtkGroupInit) {
+        SM_ENTER(WPA_PTK_GROUP, IDLE);
+        sm->PtkGroupInit = FALSE;
+    } else switch (sm->wpa_ptk_group_state) {
+    case WPA_PTK_GROUP_IDLE:
+        if (sm->GUpdateStationKeys ||
+            (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
+            SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
+        break;
+    case WPA_PTK_GROUP_REKEYNEGOTIATING:
+        if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
+            !sm->EAPOLKeyPairwise && sm->MICVerified)
+            SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
+        else if (sm->GTimeoutCtr >
+             (int) dot11RSNAConfigGroupUpdateCount)
+            SM_ENTER(WPA_PTK_GROUP, KEYERROR);
+        else if (sm->TimeoutEvt)
+            SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
+        break;
+    case WPA_PTK_GROUP_KEYERROR:
+        SM_ENTER(WPA_PTK_GROUP, IDLE);
+        break;
+    case WPA_PTK_GROUP_REKEYESTABLISHED:
+        SM_ENTER(WPA_PTK_GROUP, IDLE);
+        break;
+    }
+}
+
+
+static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
+              struct wpa_group *group)
+{
+    int ret = 0;
+
+    memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
+    inc_byte_array(group->Counter, WPA_NONCE_LEN);
+
+    if (wpa_gmk_to_gtk(group->GMK, "Group key expansion",
+               wpa_auth->addr, group->GNonce,
+               group->GTK[group->GN - 1], group->GTK_len) < 0)
+        ret = -1;
+    wpa_hexdump_key(MSG_DEBUG, "GTK",
+            group->GTK[group->GN - 1], group->GTK_len);
+
+#ifdef CONFIG_IEEE80211W
+    if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION) {
+        memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN);
+        inc_byte_array(group->Counter, WPA_NONCE_LEN);
+        if (wpa_gmk_to_gtk(group->GMK, "IGTK key expansion",
+                   wpa_auth->addr, group->GNonce,
+                   group->IGTK[group->GN_igtk - 4],
+                   WPA_IGTK_LEN) < 0)
+            ret = -1;
+        wpa_hexdump_key(MSG_DEBUG, "IGTK",
+                group->IGTK[group->GN_igtk - 4], WPA_IGTK_LEN);
+    }
+#endif /* CONFIG_IEEE80211W */
+
+    return ret;
+}
+
+
+static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
+                   struct wpa_group *group)
+{
+    wpa_printf( MSG_DEBUG, "WPA: group state machine entering state "
+           "GTK_INIT (VLAN-ID %d)\n", group->vlan_id);
+    group->changed = FALSE; /* GInit is not cleared here; avoid loop */
+    group->wpa_group_state = WPA_GROUP_GTK_INIT;
+
+    /* GTK[0..N] = 0 */
+    memset(group->GTK, 0, sizeof(group->GTK));
+    group->GN = 1;
+    group->GM = 2;
+#ifdef CONFIG_IEEE80211W
+    group->GN_igtk = 4;
+    group->GM_igtk = 5;
+#endif /* CONFIG_IEEE80211W */
+    /* GTK[GN] = CalcGTK() */
+    wpa_gtk_update(wpa_auth, group);
+}
+
+
+static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
+{
+    if (ctx != NULL && ctx != sm->group)
+        return 0;
+
+    if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
+        sm->GUpdateStationKeys = FALSE;
+        return 0;
+    }
+    if (sm->GUpdateStationKeys) {
+        /*
+         * This should not really happen, so add a debug log entry.
+         * Since we clear the GKeyDoneStations before the loop, the
+         * station needs to be counted here anyway.
+         */
+    }
+
+    /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
+    if (sm->is_wnmsleep)
+        return 0;
+
+    sm->group->GKeyDoneStations++;
+    sm->GUpdateStationKeys = TRUE;
+
+    wpa_sm_step(sm);
+    return 0;
+}
+
+
+#ifdef CONFIG_WNM
+/* update GTK when exiting WNM-Sleep Mode */
+void wpa_wnmsleep_rekey_gtk(struct wpa_state_machine *sm)
+{
+    if (sm->is_wnmsleep)
+        return;
+
+    wpa_group_update_sta(sm, NULL);
+}
+
+
+void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
+{
+    sm->is_wnmsleep = !!flag;
+}
+
+
+int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
+{
+    struct wpa_group *gsm = sm->group;
+    u8 *start = pos;
+
+    /*
+     * GTK subelement:
+     * Sub-elem ID[1] | Length[1] | Key Info[2] | Key Length[1] | RSC[8] |
+     * Key[5..32]
+     */
+    *pos++ = WNM_SLEEP_SUBELEM_GTK;
+    *pos++ = 11 + gsm->GTK_len;
+    /* Key ID in B0-B1 of Key Info */
+    WPA_PUT_LE16(pos, gsm->GN & 0x03);
+    pos += 2;
+    *pos++ = gsm->GTK_len;
+    if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, pos) != 0)
+        return 0;
+    pos += 8;
+    memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
+    pos += gsm->GTK_len;
+
+    wpa_printf( MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
+           gsm->GN);
+    wpa_hexdump_key(MSG_DEBUG, "WNM: GTK in WNM-Sleep Mode exit",
+            gsm->GTK[gsm->GN - 1], gsm->GTK_len);
+
+    return pos - start;
+}
+
+
+#ifdef CONFIG_IEEE80211W
+int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
+{
+    struct wpa_group *gsm = sm->group;
+    u8 *start = pos;
+
+    /*
+     * IGTK subelement:
+     * Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16]
+     */
+    *pos++ = WNM_SLEEP_SUBELEM_IGTK;
+    *pos++ = 2 + 6 + WPA_IGTK_LEN;
+    WPA_PUT_LE16(pos, gsm->GN_igtk);
+    pos += 2;
+    if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, pos) != 0)
+        return 0;
+    pos += 6;
+
+    memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
+    pos += WPA_IGTK_LEN;
+
+    wpa_printf( MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
+           gsm->GN_igtk);
+    wpa_hexdump_key(MSG_DEBUG, "WNM: IGTK in WNM-Sleep Mode exit",
+            gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
+
+    return pos - start;
+}
+#endif /* CONFIG_IEEE80211W */
+#endif /* CONFIG_WNM */
+
+
+static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
+                  struct wpa_group *group)
+{
+    int tmp;
+
+    wpa_printf( MSG_DEBUG, "WPA: group state machine entering state "
+           "SETKEYS (VLAN-ID %d)\n", group->vlan_id);
+    group->changed = TRUE;
+    group->wpa_group_state = WPA_GROUP_SETKEYS;
+    group->GTKReKey = FALSE;
+    tmp = group->GM;
+    group->GM = group->GN;
+    group->GN = tmp;
+#ifdef CONFIG_IEEE80211W
+    tmp = group->GM_igtk;
+    group->GM_igtk = group->GN_igtk;
+    group->GN_igtk = tmp;
+#endif /* CONFIG_IEEE80211W */
+    /* "GKeyDoneStations = GNoStations" is done in more robust way by
+     * counting the STAs that are marked with GUpdateStationKeys instead of
+     * including all STAs that could be in not-yet-completed state. */
+    wpa_gtk_update(wpa_auth, group);
+
+    if (group->GKeyDoneStations) {
+        wpa_printf( MSG_DEBUG, "wpa_group_setkeys: Unexpected "
+               "GKeyDoneStations=%d when starting new GTK rekey",
+               group->GKeyDoneStations);
+        group->GKeyDoneStations = 0;
+    }
+    wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
+    wpa_printf( MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
+           group->GKeyDoneStations);
+}
+
+
+static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
+                       struct wpa_group *group)
+{
+    int ret = 0;
+    if (wpa_auth_set_key(wpa_auth, group->vlan_id,
+                 wpa_cipher_to_alg(wpa_auth->conf.wpa_group),
+                 (uint8_t *)broadcast_ether_addr, group->GN,
+                 group->GTK[group->GN - 1], group->GTK_len) < 0)
+        ret = -1;
+
+#ifdef CONFIG_IEEE80211W
+    if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION &&
+        wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
+        		 broadcast_ether_addr, group->GN_igtk,
+                 group->IGTK[group->GN_igtk - 4],
+                 WPA_IGTK_LEN) < 0)
+        ret = -1;
+#endif /* CONFIG_IEEE80211W */
+
+    return ret;
+}
+
+
+static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
+                 struct wpa_group *group)
+{
+    wpa_printf( MSG_DEBUG, "WPA: group state machine entering state "
+           "SETKEYSDONE (VLAN-ID %d)\n", group->vlan_id);
+    group->changed = TRUE;
+    group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
+
+    if (wpa_group_config_group_keys(wpa_auth, group) < 0)
+        return -1;
+
+    return 0;
+}
+
+
+static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
+                  struct wpa_group *group)
+{
+    if (group->GInit) {
+        wpa_group_gtk_init(wpa_auth, group);
+    } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT &&
+           group->GTKAuthenticator) {
+        wpa_group_setkeysdone(wpa_auth, group);
+    } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE &&
+           group->GTKReKey) {
+        wpa_group_setkeys(wpa_auth, group);
+    } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) {
+        if (group->GKeyDoneStations == 0)
+            wpa_group_setkeysdone(wpa_auth, group);
+        else if (group->GTKReKey)
+            wpa_group_setkeys(wpa_auth, group);
+    }
+}
+
+
+static int wpa_sm_step(struct wpa_state_machine *sm)
+{
+    if (sm == NULL)
+        return 0;
+
+    if (sm->in_step_loop) {
+        /* This should not happen, but if it does, make sure we do not
+         * end up freeing the state machine too early by exiting the
+         * recursive call. */
+        wpa_printf( MSG_ERROR, "WPA: wpa_sm_step() called recursively");
+        return 0;
+    }
+
+    sm->in_step_loop = 1;
+    do {
+        if (sm->pending_deinit)
+            break;
+
+        sm->changed = FALSE;
+        sm->wpa_auth->group->changed = FALSE;
+
+        SM_STEP_RUN(WPA_PTK);
+        if (sm->pending_deinit)
+            break;
+        SM_STEP_RUN(WPA_PTK_GROUP);
+        if (sm->pending_deinit)
+            break;
+        wpa_group_sm_step(sm->wpa_auth, sm->group);
+    } while (sm->changed || sm->wpa_auth->group->changed);
+    sm->in_step_loop = 0;
+
+    if (sm->pending_deinit) {
+        wpa_printf( MSG_DEBUG, "WPA: Completing pending STA state "
+               "machine deinit for " MACSTR, MAC2STR(sm->addr));
+        wpa_free_sta_sm(sm);
+        return 1;
+    }
+    return 0;
+}
+
+bool wpa_ap_join(void** sm, uint8_t *bssid, uint8_t *wpa_ie, uint8_t wpa_ie_len)
+{
+    struct hostapd_data *hapd = (struct hostapd_data*)esp_wifi_get_hostap_private_internal();
+    struct wpa_state_machine   **wpa_sm;
+
+    if (!sm || !bssid || !wpa_ie){
+        return false;
+    }
+
+   
+    wpa_sm = (struct wpa_state_machine  **)sm;
+
+    if (hapd) {
+        if (hapd->wpa_auth->conf.wpa) {
+            if (*wpa_sm){
+                wpa_auth_sta_deinit(*wpa_sm);
+            }
+
+            *wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, bssid);
+            wpa_printf( MSG_DEBUG, "init wpa sm=%p\n", *wpa_sm);
+
+            if (*wpa_sm == NULL) {
+                return false;
+            }
+
+            if (wpa_validate_wpa_ie(hapd->wpa_auth, *wpa_sm, wpa_ie, wpa_ie_len)) {
+                return false;
+            }
+        }
+
+        wpa_auth_sta_associated(hapd->wpa_auth, *wpa_sm);
+    }
+
+    return true;
+}
+
+bool wpa_ap_remove(void* sm)
+{
+    struct wpa_state_machine   *wpa_sm;
+    if (!sm) return false;
+
+    wpa_sm = (struct wpa_state_machine*)sm;
+    wpa_auth_sta_deinit(wpa_sm);
+
+    return true;
+}
+

components/wpa_supplicant/include/wpa/wpa_auth.h → components/wpa_supplicant/src/ap/wpa_auth.h

@@ -9,14 +9,16 @@
 #ifndef WPA_AUTH_H
 #define WPA_AUTH_H
 
-#include "wpa/defs.h"
-#include "wpa/eapol_common.h"
-#include "wpa/wpa_common.h"
+#include "common/defs.h"
+#include "common/eapol_common.h"
+#include "common/wpa_common.h"
 
 #ifdef _MSC_VER
 #pragma pack(push, 1)
 #endif /* _MSC_VER */
 
+#define WPA_IS_MULTICAST(_a) (*(_a) & 0x01)
+
 /* IEEE Std 802.11r-2008, 11A.10.3 - Remote request/response frame definition
  */
 struct ft_rrb_frame {

components/wpa_supplicant/include/wpa/wpa_auth_i.h → components/wpa_supplicant/src/ap/wpa_auth_i.h

@@ -102,10 +102,6 @@ struct wpa_state_machine {
 	} wpa;
 	int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
 	int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */
-//	struct rsn_pmksa_cache_entry *pmksa;
-
-//	u32 dot11RSNAStatsTKIPLocalMICFailures;
-//	u32 dot11RSNAStatsTKIPRemoteMICFailures;
 
 #ifdef CONFIG_IEEE80211R
 	u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
@@ -120,6 +116,8 @@ struct wpa_state_machine {
 #endif /* CONFIG_IEEE80211R */
 
 	int pending_1_of_4_timeout;
+	u32 index;
+	ETSTimer resend_eapol;
 };
 
 
@@ -160,40 +158,18 @@ struct wpa_ft_pmk_cache;
 struct wpa_authenticator {
 	struct wpa_group *group;
 
-//	unsigned int dot11RSNAStatsTKIPRemoteMICFailures;
-//	u32 dot11RSNAAuthenticationSuiteSelected;
-//	u32 dot11RSNAPairwiseCipherSelected;
-//	u32 dot11RSNAGroupCipherSelected;
-//	u8 dot11RSNAPMKIDUsed[PMKID_LEN];
-//	u32 dot11RSNAAuthenticationSuiteRequested; /* FIX: update */
-//	u32 dot11RSNAPairwiseCipherRequested; /* FIX: update */
-//	u32 dot11RSNAGroupCipherRequested; /* FIX: update */
-//	unsigned int dot11RSNATKIPCounterMeasuresInvoked;
-//	unsigned int dot11RSNA4WayHandshakeFailures;
-
-//	struct wpa_stsl_negotiation *stsl_negotiations;
-
 	struct wpa_auth_config conf;
-//	struct wpa_auth_callbacks cb;
 
 	u8 *wpa_ie;
 	size_t wpa_ie_len;
 
 	u8 addr[ETH_ALEN];
 
-//	struct rsn_pmksa_cache *pmksa;
-//	struct wpa_ft_pmk_cache *ft_pmk_cache;
 };
 
 
 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
 		     const u8 *pmkid);
-#if 0
-void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr,
-		     logger_level level, const char *txt);
-void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, const u8 *addr,
-		      logger_level level, const char *fmt, ...);
-#endif
 void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
 		      struct wpa_state_machine *sm, int key_info,
 		      const u8 *key_rsc, const u8 *nonce,

components/wpa_supplicant/src/ap/wpa_auth_ie.c

@@ -0,0 +1,705 @@
+/*
+ * hostapd - WPA/RSN IE and KDE definitions
+ * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+ 
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "common/ieee802_11_defs.h"
+#include "ap/wpa_auth.h"
+#include "ap/wpa_auth_ie.h"
+#include "ap/wpa_auth_i.h"
+#include "common/wpa_common.h"
+#include "utils/wpa_debug.h"
+
+#ifdef CONFIG_RSN_TESTING
+int rsn_testing = 0;
+#endif /* CONFIG_RSN_TESTING */
+
+
+static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
+{
+	struct wpa_ie_hdr *hdr;
+	int num_suites;
+	u8 *pos, *count;
+	u32 suite;
+
+	hdr = (struct wpa_ie_hdr *) buf;
+	hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
+	RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
+	WPA_PUT_LE16(hdr->version, WPA_VERSION);
+	pos = (u8 *) (hdr + 1);
+
+	suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group);
+	if (suite == 0) {
+		wpa_printf( MSG_DEBUG, "Invalid group cipher (%d).",
+			   conf->wpa_group);
+		return -1;
+	}
+	RSN_SELECTOR_PUT(pos, suite);
+	pos += WPA_SELECTOR_LEN;
+
+	count = pos;
+	pos += 2;
+
+	num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
+	if (num_suites == 0) {
+		wpa_printf( MSG_DEBUG, "Invalid pairwise cipher (%d).",
+			   conf->wpa_pairwise);
+		return -1;
+	}
+	pos += num_suites * WPA_SELECTOR_LEN;
+	WPA_PUT_LE16(count, num_suites);
+
+	num_suites = 0;
+	count = pos;
+	pos += 2;
+
+	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
+		RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
+		pos += WPA_SELECTOR_LEN;
+		num_suites++;
+	}
+	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
+		RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
+		pos += WPA_SELECTOR_LEN;
+		num_suites++;
+	}
+
+	if (num_suites == 0) {
+		wpa_printf( MSG_DEBUG, "Invalid key management type (%d).",
+			   conf->wpa_key_mgmt);
+		return -1;
+	}
+	WPA_PUT_LE16(count, num_suites);
+
+	/* WPA Capabilities; use defaults, so no need to include it */
+
+	hdr->len = (pos - buf) - 2;
+
+	return pos - buf;
+}
+
+
+int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
+		     const u8 *pmkid)
+{
+	struct rsn_ie_hdr *hdr;
+	int num_suites, res;
+	u8 *pos, *count;
+	u16 capab;
+	u32 suite;
+
+	hdr = (struct rsn_ie_hdr *) buf;
+	hdr->elem_id = WLAN_EID_RSN;
+	WPA_PUT_LE16(hdr->version, RSN_VERSION);
+	pos = (u8 *) (hdr + 1);
+
+	suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
+	if (suite == 0) {
+		wpa_printf( MSG_DEBUG, "Invalid group cipher (%d).",
+			   conf->wpa_group);
+		return -1;
+	}
+	RSN_SELECTOR_PUT(pos, suite);
+	pos += RSN_SELECTOR_LEN;
+
+	num_suites = 0;
+	count = pos;
+	pos += 2;
+
+#ifdef CONFIG_RSN_TESTING
+	if (rsn_testing) {
+		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+#endif /* CONFIG_RSN_TESTING */
+
+	res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
+	num_suites += res;
+	pos += res * RSN_SELECTOR_LEN;
+
+#ifdef CONFIG_RSN_TESTING
+	if (rsn_testing) {
+		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+#endif /* CONFIG_RSN_TESTING */
+
+	if (num_suites == 0) {
+		wpa_printf( MSG_DEBUG, "Invalid pairwise cipher (%d).",
+			   conf->rsn_pairwise);
+		return -1;
+	}
+	WPA_PUT_LE16(count, num_suites);
+
+	num_suites = 0;
+	count = pos;
+	pos += 2;
+
+#ifdef CONFIG_RSN_TESTING
+	if (rsn_testing) {
+		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+#endif /* CONFIG_RSN_TESTING */
+
+	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
+		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
+		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+#ifdef CONFIG_IEEE80211R
+	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
+		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
+		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_IEEE80211W
+	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
+		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
+		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
+		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
+		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+#endif /* CONFIG_SAE */
+
+#ifdef CONFIG_RSN_TESTING
+	if (rsn_testing) {
+		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+#endif /* CONFIG_RSN_TESTING */
+
+	if (num_suites == 0) {
+		wpa_printf( MSG_DEBUG, "Invalid key management type (%d).",
+			   conf->wpa_key_mgmt);
+		return -1;
+	}
+	WPA_PUT_LE16(count, num_suites);
+
+	/* RSN Capabilities */
+	capab = 0;
+	if (conf->rsn_preauth)
+		capab |= WPA_CAPABILITY_PREAUTH;
+	if (conf->peerkey)
+		capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
+	if (conf->wmm_enabled) {
+		/* 4 PTKSA replay counters when using WMM */
+		capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
+	}
+#ifdef CONFIG_IEEE80211W
+	if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
+		capab |= WPA_CAPABILITY_MFPC;
+		if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
+			capab |= WPA_CAPABILITY_MFPR;
+	}
+#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_RSN_TESTING
+	if (rsn_testing)
+		capab |= BIT(8) | BIT(14) | BIT(15);
+#endif /* CONFIG_RSN_TESTING */
+	WPA_PUT_LE16(pos, capab);
+	pos += 2;
+
+	if (pmkid) {
+		if (pos + 2 + PMKID_LEN > buf + len)
+			return -1;
+		/* PMKID Count */
+		WPA_PUT_LE16(pos, 1);
+		pos += 2;
+		memcpy(pos, pmkid, PMKID_LEN);
+		pos += PMKID_LEN;
+	}
+
+#ifdef CONFIG_IEEE80211W
+	if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
+		if (pos + 2 + 4 > buf + len)
+			return -1;
+		if (pmkid == NULL) {
+			/* PMKID Count */
+			WPA_PUT_LE16(pos, 0);
+			pos += 2;
+		}
+
+		/* Management Group Cipher Suite */
+		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
+		pos += RSN_SELECTOR_LEN;
+	}
+#endif /* CONFIG_IEEE80211W */
+
+#ifdef CONFIG_RSN_TESTING
+	if (rsn_testing) {
+		/*
+		 * Fill in any defined fields and add extra data to the end of
+		 * the element.
+		 */
+		int pmkid_count_set = pmkid != NULL;
+		if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
+			pmkid_count_set = 1;
+		/* PMKID Count */
+		WPA_PUT_LE16(pos, 0);
+		pos += 2;
+		if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
+			/* Management Group Cipher Suite */
+			RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
+			pos += RSN_SELECTOR_LEN;
+		}
+
+		memset(pos, 0x12, 17);
+		pos += 17;
+	}
+#endif /* CONFIG_RSN_TESTING */
+
+	hdr->len = (pos - buf) - 2;
+
+	return pos - buf;
+}
+
+
+int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
+{
+	u8 *pos, buf[128];
+	int res;
+
+	pos = buf;
+
+	if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
+		res = wpa_write_rsn_ie(&wpa_auth->conf,
+				       pos, buf + sizeof(buf) - pos, NULL);
+		if (res < 0)
+			return res;
+		pos += res;
+	}
+#ifdef CONFIG_IEEE80211R
+	if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
+		res = wpa_write_mdie(&wpa_auth->conf, pos,
+				     buf + sizeof(buf) - pos);
+		if (res < 0)
+			return res;
+		pos += res;
+	}
+#endif /* CONFIG_IEEE80211R */
+	if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
+		res = wpa_write_wpa_ie(&wpa_auth->conf,
+				       pos, buf + sizeof(buf) - pos);
+		if (res < 0)
+			return res;
+		pos += res;
+	}
+
+	os_free(wpa_auth->wpa_ie);
+	wpa_auth->wpa_ie = os_malloc(pos - buf);
+	if (wpa_auth->wpa_ie == NULL)
+		return -1;
+	memcpy(wpa_auth->wpa_ie, buf, pos - buf);
+	wpa_auth->wpa_ie_len = pos - buf;
+
+	return 0;
+}
+
+u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
+		 const u8 *data2, size_t data2_len)
+{
+	*pos++ = WLAN_EID_VENDOR_SPECIFIC;
+	*pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
+	RSN_SELECTOR_PUT(pos, kde);
+	pos += RSN_SELECTOR_LEN;
+	memcpy(pos, data, data_len);
+	pos += data_len;
+	if (data2) {
+		memcpy(pos, data2, data2_len);
+		pos += data2_len;
+	}
+	return pos;
+}
+
+int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
+			struct wpa_state_machine *sm,
+			const u8 *wpa_ie, size_t wpa_ie_len/*,
+			const u8 *mdie, size_t mdie_len*/)
+{
+	struct wpa_ie_data data;
+	int ciphers, key_mgmt, res, version;
+	u32 selector;
+
+	if (wpa_auth == NULL || sm == NULL)
+		return WPA_NOT_ENABLED;
+
+	if (wpa_ie == NULL || wpa_ie_len < 1)
+		return WPA_INVALID_IE;
+
+	if (wpa_ie[0] == WLAN_EID_RSN)
+		version = WPA_PROTO_RSN;
+	else
+		version = WPA_PROTO_WPA;
+
+	if (!(wpa_auth->conf.wpa & version)) {
+		wpa_printf( MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
+			   version, MAC2STR(sm->addr));
+		return WPA_INVALID_PROTO;
+	}
+
+	if (version == WPA_PROTO_RSN) {
+		res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
+
+		selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
+		if (0) {
+		}
+#ifdef CONFIG_IEEE80211R
+		else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
+			selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
+		else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
+			selector = RSN_AUTH_KEY_MGMT_FT_PSK;
+#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_IEEE80211W
+		else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
+			selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
+		else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
+			selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
+#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+		else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
+			selector = RSN_AUTH_KEY_MGMT_SAE;
+		else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
+			selector = RSN_AUTH_KEY_MGMT_FT_SAE;
+#endif /* CONFIG_SAE */
+		else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
+			selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
+		else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
+			selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
+
+		selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
+					       data.pairwise_cipher);
+		if (!selector)
+			selector = RSN_CIPHER_SUITE_CCMP;
+
+		selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
+					       data.group_cipher);
+		if (!selector)
+			selector = RSN_CIPHER_SUITE_CCMP;
+	} else {
+		res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
+
+		selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
+		if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
+			selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
+		else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
+			selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
+
+		selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
+					       data.pairwise_cipher);
+		if (!selector)
+			selector = RSN_CIPHER_SUITE_TKIP;
+
+		selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
+					       data.group_cipher);
+		if (!selector)
+			selector = WPA_CIPHER_SUITE_TKIP;
+	}
+	if (res) {
+		wpa_printf( MSG_DEBUG, "Failed to parse WPA/RSN IE from "
+			   MACSTR " (res=%d)", MAC2STR(sm->addr), res);
+		wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
+		return WPA_INVALID_IE;
+	}
+
+	if (data.group_cipher != wpa_auth->conf.wpa_group) {
+		wpa_printf( MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
+			   MACSTR, data.group_cipher, MAC2STR(sm->addr));
+		return WPA_INVALID_GROUP;
+	}
+
+	key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
+	if (!key_mgmt) {
+		wpa_printf( MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
+			   MACSTR, data.key_mgmt, MAC2STR(sm->addr));
+		return WPA_INVALID_AKMP;
+	}
+	if (0) {
+	}
+#ifdef CONFIG_IEEE80211R
+	else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
+		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
+	else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
+		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
+#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_IEEE80211W
+	else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
+		sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
+	else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
+		sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
+#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+	else if (key_mgmt & WPA_KEY_MGMT_SAE)
+		sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
+	else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
+		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
+#endif /* CONFIG_SAE */
+	else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
+		sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
+	else
+		sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
+
+	if (version == WPA_PROTO_RSN)
+		ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
+	else
+		ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
+	if (!ciphers) {
+		wpa_printf( MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
+			   "from " MACSTR,
+			   version == WPA_PROTO_RSN ? "RSN" : "WPA",
+			   data.pairwise_cipher, MAC2STR(sm->addr));
+		return WPA_INVALID_PAIRWISE;
+	}
+
+#ifdef CONFIG_IEEE80211W
+	if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
+		if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
+			wpa_printf( MSG_DEBUG, "Management frame protection "
+				   "required, but client did not enable it");
+			return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
+		}
+
+		if (ciphers & WPA_CIPHER_TKIP) {
+			wpa_printf( MSG_DEBUG, "Management frame protection "
+				   "cannot use TKIP");
+			return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
+		}
+
+		if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
+			wpa_printf( MSG_DEBUG, "Unsupported management group "
+				   "cipher %d", data.mgmt_group_cipher);
+			return WPA_INVALID_MGMT_GROUP_CIPHER;
+		}
+	}
+
+	if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
+	    !(data.capabilities & WPA_CAPABILITY_MFPC))
+		sm->mgmt_frame_prot = 0;
+	else
+		sm->mgmt_frame_prot = 1;
+#endif /* CONFIG_IEEE80211W */
+
+#ifdef CONFIG_IEEE80211R
+	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
+		if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
+			wpa_printf( MSG_DEBUG, "RSN: Trying to use FT, but "
+				   "MDIE not included");
+			return WPA_INVALID_MDIE;
+		}
+		if (memcmp(mdie, wpa_auth->conf.mobility_domain,
+			      MOBILITY_DOMAIN_ID_LEN) != 0) {
+			wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
+				    "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
+			return WPA_INVALID_MDIE;
+		}
+	}
+#endif /* CONFIG_IEEE80211R */
+
+	if (ciphers & WPA_CIPHER_CCMP)
+		sm->pairwise = WPA_CIPHER_CCMP;
+	else if (ciphers & WPA_CIPHER_GCMP)
+		sm->pairwise = WPA_CIPHER_GCMP;
+	else
+		sm->pairwise = WPA_CIPHER_TKIP;
+
+	/* TODO: clear WPA/WPA2 state if STA changes from one to another */
+	if (wpa_ie[0] == WLAN_EID_RSN)
+		sm->wpa = WPA_VERSION_WPA2;
+	else
+		sm->wpa = WPA_VERSION_WPA;
+
+	if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
+		os_free(sm->wpa_ie);
+		sm->wpa_ie = os_malloc(wpa_ie_len);
+		if (sm->wpa_ie == NULL)
+			return WPA_ALLOC_FAIL;
+	}
+	memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
+	sm->wpa_ie_len = wpa_ie_len;
+
+	return WPA_IE_OK;
+}
+
+/**
+ * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
+ * @pos: Pointer to the IE header
+ * @end: Pointer to the end of the Key Data buffer
+ * @ie: Pointer to parsed IE data
+ * Returns: 0 on success, 1 if end mark is found, -1 on failure
+ */
+static int wpa_parse_generic(const u8 *pos, const u8 *end,
+			     struct wpa_eapol_ie_parse *ie)
+{
+	if (pos[1] == 0)
+		return 1;
+
+	if (pos[1] >= 6 &&
+	    RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
+	    pos[2 + WPA_SELECTOR_LEN] == 1 &&
+	    pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
+		ie->wpa_ie = pos;
+		ie->wpa_ie_len = pos[1] + 2;
+		return 0;
+	}
+
+	if (pos + 1 + RSN_SELECTOR_LEN < end &&
+	    pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
+	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
+		ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
+		return 0;
+	}
+
+	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
+		ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
+		ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
+		return 0;
+	}
+
+	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
+		ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
+		ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
+		return 0;
+	}
+
+#ifdef CONFIG_PEERKEY
+	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
+		ie->smk = pos + 2 + RSN_SELECTOR_LEN;
+		ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
+		return 0;
+	}
+
+	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
+		ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
+		ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
+		return 0;
+	}
+
+	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
+		ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
+		ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
+		return 0;
+	}
+
+	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
+		ie->error = pos + 2 + RSN_SELECTOR_LEN;
+		ie->error_len = pos[1] - RSN_SELECTOR_LEN;
+		return 0;
+	}
+#endif /* CONFIG_PEERKEY */
+
+#ifdef CONFIG_IEEE80211W
+	if (pos[1] > RSN_SELECTOR_LEN + 2 &&
+	    RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
+		ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
+		ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
+		return 0;
+	}
+#endif /* CONFIG_IEEE80211W */
+
+	return 0;
+}
+
+
+/**
+ * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
+ * @buf: Pointer to the Key Data buffer
+ * @len: Key Data Length
+ * @ie: Pointer to parsed IE data
+ * Returns: 0 on success, -1 on failure
+ */
+int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
+{
+	const u8 *pos, *end;
+	int ret = 0;
+
+	memset(ie, 0, sizeof(*ie));
+	for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
+		if (pos[0] == 0xdd &&
+		    ((pos == buf + len - 1) || pos[1] == 0)) {
+			/* Ignore padding */
+			break;
+		}
+		if (pos + 2 + pos[1] > end) {
+			wpa_printf( MSG_DEBUG, "WPA: EAPOL-Key Key Data "
+				   "underflow (ie=%d len=%d pos=%d)",
+				   pos[0], pos[1], (int) (pos - buf));
+			wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
+					buf, len);
+			ret = -1;
+			break;
+		}
+		if (*pos == WLAN_EID_RSN) {
+			ie->rsn_ie = pos;
+			ie->rsn_ie_len = pos[1] + 2;
+#ifdef CONFIG_IEEE80211R
+		} else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
+			ie->mdie = pos;
+			ie->mdie_len = pos[1] + 2;
+		} else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
+			ie->ftie = pos;
+			ie->ftie_len = pos[1] + 2;
+#endif /* CONFIG_IEEE80211R */
+		} else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
+			ret = wpa_parse_generic(pos, end, ie);
+			if (ret < 0)
+				break;
+			if (ret > 0) {
+				ret = 0;
+				break;
+			}
+		} else {
+			wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
+				    "Key Data IE", pos, 2 + pos[1]);
+		}
+	}
+
+	return ret;
+}
+
+
+int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
+{
+	return sm ? sm->mgmt_frame_prot : 0;
+}

components/wpa_supplicant/include/wpa/defs.h → components/wpa_supplicant/src/common/defs.h

@@ -23,57 +23,13 @@
 #endif
 typedef enum { FALSE = 0, TRUE = 1 } Boolean;
 
-/*
-#define WPA_CIPHER_NONE BIT(0)
-#define WPA_CIPHER_WEP40 BIT(1)
-#define WPA_CIPHER_WEP104 BIT(2)
-#define WPA_CIPHER_TKIP BIT(3)
-#define WPA_CIPHER_CCMP BIT(4)
-#ifdef CONFIG_IEEE80211W
-#define WPA_CIPHER_AES_128_CMAC BIT(5)
-#endif 
-*/
-
-/*
- * NB: these values are ordered carefully; there are lots of
- * of implications in any reordering.  Beware that 4 is used
- * only to indicate h/w TKIP MIC support in driver capabilities;
- * there is no separate cipher support (it's rolled into the
- * TKIP cipher support).
- */
-#define	IEEE80211_CIPHER_NONE		0	/* pseudo value */
-#define	IEEE80211_CIPHER_TKIP		1
-#define	IEEE80211_CIPHER_AES_OCB	2
-#define	IEEE80211_CIPHER_AES_CCM	3
-#define	IEEE80211_CIPHER_TKIPMIC	4	/* TKIP MIC capability */
-#define	IEEE80211_CIPHER_CKIP		5
-#define	IEEE80211_CIPHER_WEP		6
-#define	IEEE80211_CIPHER_WEP40		7
-#define	IEEE80211_CIPHER_WEP104		8
-
-
-#define	IEEE80211_CIPHER_MAX		(IEEE80211_CIPHER_NONE+2)
-
-/* capability bits in ic_cryptocaps/iv_cryptocaps */
-#define	IEEE80211_CRYPTO_NONE		(1<<IEEE80211_CIPHER_NONE)
-#define	IEEE80211_CRYPTO_WEP		(1<<IEEE80211_CIPHER_WEP)
-#define	IEEE80211_CRYPTO_WEP40		(1<<IEEE80211_CIPHER_WEP40)
-#define	IEEE80211_CRYPTO_WEP104	(1<<IEEE80211_CIPHER_WEP104)
-#define	IEEE80211_CRYPTO_TKIP		(1<<IEEE80211_CIPHER_TKIP)
-#define	IEEE80211_CRYPTO_AES_OCB	(1<<IEEE80211_CIPHER_AES_OCB)
-#define	IEEE80211_CRYPTO_AES_CCM	(1<<IEEE80211_CIPHER_AES_CCM)
-#define	IEEE80211_CRYPTO_TKIPMIC	(1<<IEEE80211_CIPHER_TKIPMIC)
-#define	IEEE80211_CRYPTO_CKIP		(1<<IEEE80211_CIPHER_CKIP)
-
-#define WPA_CIPHER_NONE                     IEEE80211_CRYPTO_NONE
-#define WPA_CIPHER_WEP40                    IEEE80211_CRYPTO_WEP40
-#define WPA_CIPHER_WEP104                  IEEE80211_CRYPTO_WEP104
-#define WPA_CIPHER_TKIP                       IEEE80211_CRYPTO_TKIP
-#define WPA_CIPHER_CCMP                     IEEE80211_CRYPTO_AES_CCM
-#ifdef CONFIG_IEEE80211W
-#define WPA_CIPHER_AES_128_CMAC    IEEE80211_CRYPTO_AES_OCB
-#endif /* CONFIG_IEEE80211W */
-#define WPA_CIPHER_GCMP BIT(6)
+#define WPA_CIPHER_NONE                 BIT(0)
+#define WPA_CIPHER_WEP40                BIT(7)
+#define WPA_CIPHER_WEP104               BIT(8)
+#define WPA_CIPHER_TKIP                 BIT(1)
+#define WPA_CIPHER_CCMP                 BIT(3)
+#define WPA_CIPHER_AES_128_CMAC         BIT(2)
+#define WPA_CIPHER_GCMP                 BIT(6)
 
 #define WPA_KEY_MGMT_IEEE8021X BIT(0)
 #define WPA_KEY_MGMT_PSK BIT(1)
@@ -124,7 +80,7 @@ static inline int wpa_key_mgmt_sha256(int akm)
 #define WPA_AUTH_ALG_FT BIT(3)
 
 
-enum ieee80211_key_alg {
+enum wifi_key_alg {
 	ALG_WEP,
 	ALG_TKIP,
 	ALG_CCMP,

components/wpa_supplicant/src/common/wpa_common.c

@@ -0,0 +1,668 @@
+/*
+ * WPA/RSN - Shared functions for supplicant and authenticator
+ * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+ #ifdef ESP_SUPPLICANT
+
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "common/defs.h"
+#include "common/ieee802_11_defs.h"
+#include "common/wpa_common.h"
+#include "rsn_supp/wpa.h"
+#include "crypto/sha1.h"
+#include "crypto/sha256.h"
+#include "crypto/md5.h"
+ 
+#define MD5_MAC_LEN 16
+
+#ifndef CONFIG_NO_WPA2
+static int rsn_selector_to_bitfield(const u8 *s)
+{
+	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_NONE)
+		return WPA_CIPHER_NONE;
+	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_WEP40)
+		return WPA_CIPHER_WEP40;
+	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_TKIP)
+		return WPA_CIPHER_TKIP;
+	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP)
+		return WPA_CIPHER_CCMP;
+	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_WEP104)
+		return WPA_CIPHER_WEP104;
+#ifdef CONFIG_IEEE80211W
+	if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_AES_128_CMAC)
+		return WPA_CIPHER_AES_128_CMAC;
+#endif /* CONFIG_IEEE80211W */
+	return 0;
+}
+
+static int rsn_key_mgmt_to_bitfield(const u8 *s)
+{
+	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_UNSPEC_802_1X)
+		return WPA_KEY_MGMT_IEEE8021X;
+	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X)
+		return WPA_KEY_MGMT_PSK;
+#ifdef CONFIG_IEEE80211R
+	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_802_1X)
+		return WPA_KEY_MGMT_FT_IEEE8021X;
+	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_FT_PSK)
+		return WPA_KEY_MGMT_FT_PSK;
+#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_IEEE80211W
+	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_802_1X_SHA256)
+		return WPA_KEY_MGMT_IEEE8021X_SHA256;
+	if (RSN_SELECTOR_GET(s) == RSN_AUTH_KEY_MGMT_PSK_SHA256)
+		return WPA_KEY_MGMT_PSK_SHA256;
+#endif /* CONFIG_IEEE80211W */
+	return 0;
+}
+
+static int wpa_selector_to_bitfield(const u8 *s)
+{
+	if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE)
+		return WPA_CIPHER_NONE;
+	if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40)
+		return WPA_CIPHER_WEP40;
+	if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP)
+		return WPA_CIPHER_TKIP;
+	if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP)
+		return WPA_CIPHER_CCMP;
+	if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104)
+		return WPA_CIPHER_WEP104;
+	return 0;
+}
+
+static int wpa_key_mgmt_to_bitfield(const u8 *s)
+{
+	if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X)
+		return WPA_KEY_MGMT_IEEE8021X;
+	if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X)
+		return WPA_KEY_MGMT_PSK;
+	if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE)
+		return WPA_KEY_MGMT_WPA_NONE;
+	return 0;
+}
+#endif /* CONFIG_NO_WPA2 */
+/**
+ * wpa_parse_wpa_ie_rsn - Parse RSN IE
+ * @rsn_ie: Buffer containing RSN IE
+ * @rsn_ie_len: RSN IE buffer length (including IE number and length octets)
+ * @data: Pointer to structure that will be filled in with parsed data
+ * Returns: 0 on success, <0 on failure
+ */
+int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
+			 struct wpa_ie_data *data)
+{
+#ifndef CONFIG_NO_WPA2
+	const struct rsn_ie_hdr *hdr;
+	const u8 *pos;
+	int left;
+	int i, count;
+
+	memset(data, 0, sizeof(*data));
+	data->proto = WPA_PROTO_RSN;
+	data->pairwise_cipher = WPA_CIPHER_CCMP;
+	data->group_cipher = WPA_CIPHER_CCMP;
+	data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
+	data->capabilities = 0;
+	data->pmkid = NULL;
+	data->num_pmkid = 0;
+	data->mgmt_group_cipher = 0;
+
+	if (rsn_ie_len == 0) {
+		/* No RSN IE - fail silently */
+		return -1;
+	}
+
+	if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) {
+	    #ifdef DEBUG_PRINT	
+		wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
+			   __func__, (unsigned long) rsn_ie_len);
+	    #endif	
+		return -1;
+	}
+
+	hdr = (const struct rsn_ie_hdr *) rsn_ie;
+
+	if (hdr->elem_id != WLAN_EID_RSN ||
+	    hdr->len != rsn_ie_len - 2 ||
+	    WPA_GET_LE16(hdr->version) != RSN_VERSION) {
+    	    #ifdef DEBUG_PRINT	
+		wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
+			   __func__);
+	     #endif		
+		return -2;
+	}
+
+	pos = (const u8 *) (hdr + 1);
+	left = rsn_ie_len - sizeof(*hdr);
+
+	if (left >= RSN_SELECTOR_LEN) {
+		data->group_cipher = rsn_selector_to_bitfield(pos);
+		pos += RSN_SELECTOR_LEN;
+		left -= RSN_SELECTOR_LEN;
+	} else if (left > 0) {
+	    #ifdef DEBUG_PRINT	
+		wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
+			   __func__, left);
+	     #endif	
+		return -3;
+	}
+
+	if (left >= 2) {
+		data->pairwise_cipher = 0;
+		count = WPA_GET_LE16(pos);
+		pos += 2;
+		left -= 2;
+		if (count == 0 || left < count * RSN_SELECTOR_LEN) {
+		    #ifdef DEBUG_PRINT		
+			wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
+				   "count %u left %u", __func__, count, left);
+		    #endif	
+			return -4;
+		}
+		for (i = 0; i < count; i++) {
+			data->pairwise_cipher |= rsn_selector_to_bitfield(pos);
+			pos += RSN_SELECTOR_LEN;
+			left -= RSN_SELECTOR_LEN;
+		}
+	} else if (left == 1) {
+	    #ifdef DEBUG_PRINT	
+		wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
+			   __func__);
+	    #endif	
+		return -5;
+	}
+
+	if (left >= 2) {
+		data->key_mgmt = 0;
+		count = WPA_GET_LE16(pos);
+		pos += 2;
+		left -= 2;
+		if (count == 0 || left < count * RSN_SELECTOR_LEN) {
+		    #ifdef DEBUG_PRINT		
+			wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
+				   "count %u left %u", __func__, count, left);
+		    #endif	
+			return -6;
+		}
+		for (i = 0; i < count; i++) {
+			data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos);
+			pos += RSN_SELECTOR_LEN;
+			left -= RSN_SELECTOR_LEN;
+		}
+	} else if (left == 1) {
+	    #ifdef DEBUG_PRINT	
+		wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
+			   __func__);
+	    #endif	
+		return -7;
+	}
+
+	if (left >= 2) {
+		data->capabilities = WPA_GET_LE16(pos);
+		pos += 2;
+		left -= 2;
+	}
+
+	if (left >= 2) {
+		data->num_pmkid = WPA_GET_LE16(pos);
+		pos += 2;
+		left -= 2;
+		if (left < (int) data->num_pmkid * PMKID_LEN) {
+		    #ifdef DEBUG_PRINT	
+			wpa_printf(MSG_DEBUG, "%s: PMKID underflow "
+				   "(num_pmkid=%lu left=%d)",
+				   __func__, (unsigned long) data->num_pmkid,
+				   left);
+		    #endif	
+			data->num_pmkid = 0;
+			return -9;
+		} else {
+			data->pmkid = pos;
+			pos += data->num_pmkid * PMKID_LEN;
+			left -= data->num_pmkid * PMKID_LEN;
+		}
+	}
+
+	if (left > 0) {
+	    #ifdef DEBUG_PRINT	
+		wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored",
+			   __func__, left);
+	    #endif	
+	}
+
+	return 0;
+#else /* CONFIG_NO_WPA2 */
+	return -1;
+#endif /* CONFIG_NO_WPA2 */
+}
+
+int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
+			 struct wpa_ie_data *data)
+{
+	const struct wpa_ie_hdr *hdr;
+	const u8 *pos;
+	int left;
+	int i, count;
+
+	memset(data, 0, sizeof(*data));
+	data->proto = WPA_PROTO_WPA;
+	data->pairwise_cipher = WPA_CIPHER_TKIP;
+	data->group_cipher = WPA_CIPHER_TKIP;
+	data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
+	data->capabilities = 0;
+	data->pmkid = NULL;
+	data->num_pmkid = 0;
+	data->mgmt_group_cipher = 0;
+
+	if (wpa_ie_len == 0) {
+		/* No WPA IE - fail silently */
+		return -1;
+	}
+
+	if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) {
+		wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
+			   __func__, (unsigned long) wpa_ie_len);
+		return -1;
+	}
+
+	hdr = (const struct wpa_ie_hdr *) wpa_ie;
+
+	if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC ||
+	    hdr->len != wpa_ie_len - 2 ||
+	    RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE ||
+	    WPA_GET_LE16(hdr->version) != WPA_VERSION) {
+		wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
+			   __func__);
+		return -2;
+	}
+
+	pos = (const u8 *) (hdr + 1);
+	left = wpa_ie_len - sizeof(*hdr);
+
+	if (left >= WPA_SELECTOR_LEN) {
+		data->group_cipher = wpa_selector_to_bitfield(pos);
+		pos += WPA_SELECTOR_LEN;
+		left -= WPA_SELECTOR_LEN;
+	} else if (left > 0) {
+		wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
+			   __func__, left);
+		return -3;
+	}
+
+	if (left >= 2) {
+		data->pairwise_cipher = 0;
+		count = WPA_GET_LE16(pos);
+		pos += 2;
+		left -= 2;
+		if (count == 0 || left < count * WPA_SELECTOR_LEN) {
+			wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
+				   "count %u left %u", __func__, count, left);
+			return -4;
+		}
+		for (i = 0; i < count; i++) {
+			data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
+			pos += WPA_SELECTOR_LEN;
+			left -= WPA_SELECTOR_LEN;
+		}
+	} else if (left == 1) {
+		wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
+			   __func__);
+		return -5;
+	}
+
+	if (left >= 2) {
+		data->key_mgmt = 0;
+		count = WPA_GET_LE16(pos);
+		pos += 2;
+		left -= 2;
+		if (count == 0 || left < count * WPA_SELECTOR_LEN) {
+			wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
+				   "count %u left %u", __func__, count, left);
+			return -6;
+		}
+		for (i = 0; i < count; i++) {
+			data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
+			pos += WPA_SELECTOR_LEN;
+			left -= WPA_SELECTOR_LEN;
+		}
+	} else if (left == 1) {
+		wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
+			   __func__);
+		return -7;
+	}
+
+	if (left >= 2) {
+		data->capabilities = WPA_GET_LE16(pos);
+		pos += 2;
+		left -= 2;
+	}
+
+	if (left > 0) {
+		wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored",
+			   __func__, left);
+	}
+
+	return 0;
+}
+
+
+/**
+ * wpa_eapol_key_mic - Calculate EAPOL-Key MIC
+ * @key: EAPOL-Key Key Confirmation Key (KCK)
+ * @ver: Key descriptor version (WPA_KEY_INFO_TYPE_*)
+ * @buf: Pointer to the beginning of the EAPOL header (version field)
+ * @len: Length of the EAPOL frame (from EAPOL header to the end of the frame)
+ * @mic: Pointer to the buffer to which the EAPOL-Key MIC is written
+ * Returns: 0 on success, -1 on failure
+ *
+ * Calculate EAPOL-Key MIC for an EAPOL-Key packet. The EAPOL-Key MIC field has
+ * to be cleared (all zeroes) when calling this function.
+ *
+ * Note: 'IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames' has an error in the
+ * description of the Key MIC calculation. It includes packet data from the
+ * beginning of the EAPOL-Key header, not EAPOL header. This incorrect change
+ * happened during final editing of the standard and the correct behavior is
+ * defined in the last draft (IEEE 802.11i/D10).
+ */
+int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len,
+		      u8 *mic)
+{
+	u8 hash[SHA1_MAC_LEN];
+
+	switch (ver) {
+	case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
+		    return hmac_md5(key, 16, buf, len, mic);
+	case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
+		if (hmac_sha1(key, 16, buf, len, hash))
+			return -1;
+		memcpy(mic, hash, MD5_MAC_LEN);
+		break;
+	default:
+		return -1;
+	}
+
+	return 0;
+}
+
+int wpa_compare_rsn_ie(int ft_initial_assoc,
+		       const u8 *ie1, size_t ie1len,
+		       const u8 *ie2, size_t ie2len)
+{
+	if (ie1 == NULL || ie2 == NULL)
+		return -1;
+
+	if (ie1len == ie2len && memcmp(ie1, ie2, ie1len) == 0)
+		return 0; /* identical IEs */
+
+#ifdef CONFIG_IEEE80211R
+	if (ft_initial_assoc) {
+		struct wpa_ie_data ie1d, ie2d;
+		/*
+		 * The PMKID-List in RSN IE is different between Beacon/Probe
+		 * Response/(Re)Association Request frames and EAPOL-Key
+		 * messages in FT initial mobility domain association. Allow
+		 * for this, but verify that other parts of the RSN IEs are
+		 * identical.
+		 */
+		if (wpa_parse_wpa_ie_rsn(ie1, ie1len, &ie1d) < 0 ||
+		    wpa_parse_wpa_ie_rsn(ie2, ie2len, &ie2d) < 0)
+			return -1;
+		if (ie1d.proto == ie2d.proto &&
+		    ie1d.pairwise_cipher == ie2d.pairwise_cipher &&
+		    ie1d.group_cipher == ie2d.group_cipher &&
+		    ie1d.key_mgmt == ie2d.key_mgmt &&
+		    ie1d.capabilities == ie2d.capabilities &&
+		    ie1d.mgmt_group_cipher == ie2d.mgmt_group_cipher)
+			return 0;
+	}
+#endif /* CONFIG_IEEE80211R */
+
+	return -1;
+}
+
+#ifdef DEBUG_PRINT
+/**
+ * wpa_cipher_txt - Convert cipher suite to a text string
+ * @cipher: Cipher suite (WPA_CIPHER_* enum)
+ * Returns: Pointer to a text string of the cipher suite name
+ */
+const char * wpa_cipher_txt(int cipher)
+{
+	switch (cipher) {
+	case WPA_CIPHER_NONE:
+		return "NONE";
+	case WPA_CIPHER_WEP40:
+		return "WEP-40";
+	case WPA_CIPHER_WEP104:
+		return "WEP-104";
+	case WPA_CIPHER_TKIP:
+		return "TKIP";
+	case WPA_CIPHER_CCMP:
+		return "CCMP";
+	case WPA_CIPHER_CCMP | WPA_CIPHER_TKIP:
+		return "CCMP+TKIP";
+	default:
+		return "UNKNOWN";
+	}
+}
+#endif
+
+/**
+ * wpa_pmk_to_ptk - Calculate PTK from PMK, addresses, and nonces
+ * @pmk: Pairwise master key
+ * @pmk_len: Length of PMK
+ * @label: Label to use in derivation
+ * @addr1: AA or SA
+ * @addr2: SA or AA
+ * @nonce1: ANonce or SNonce
+ * @nonce2: SNonce or ANonce
+ * @ptk: Buffer for pairwise transient key
+ * @ptk_len: Length of PTK
+ * @use_sha256: Whether to use SHA256-based KDF
+ *
+ * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
+ * PTK = PRF-X(PMK, "Pairwise key expansion",
+ *             Min(AA, SA) || Max(AA, SA) ||
+ *             Min(ANonce, SNonce) || Max(ANonce, SNonce))
+ *
+ * STK = PRF-X(SMK, "Peer key expansion",
+ *             Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) ||
+ *             Min(INonce, PNonce) || Max(INonce, PNonce))
+ */
+void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
+		    const u8 *addr1, const u8 *addr2,
+		    const u8 *nonce1, const u8 *nonce2,
+		    u8 *ptk, size_t ptk_len, int use_sha256)
+{
+	u8 data[2 * ETH_ALEN + 2 * WPA_NONCE_LEN];
+
+	if (memcmp(addr1, addr2, ETH_ALEN) < 0) {
+		memcpy(data, addr1, ETH_ALEN);
+		memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
+	} else {
+		memcpy(data, addr2, ETH_ALEN);
+		memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
+	}
+
+	if (memcmp(nonce1, nonce2, WPA_NONCE_LEN) < 0) {
+		memcpy(data + 2 * ETH_ALEN, nonce1, WPA_NONCE_LEN);
+		memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce2,
+			  WPA_NONCE_LEN);
+	} else {
+		memcpy(data + 2 * ETH_ALEN, nonce2, WPA_NONCE_LEN);
+		memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce1,
+			  WPA_NONCE_LEN);
+	}
+
+#ifdef CONFIG_IEEE80211W
+	if (use_sha256) {
+		fast_sha256_prf(pmk, pmk_len, label, data, sizeof(data),
+			ptk, ptk_len);
+	}
+	else
+#endif /* CONFIG_IEEE80211W */
+	{
+	    sha1_prf(pmk, pmk_len, label, data, sizeof(data), ptk, ptk_len);
+	}
+	wpa_printf(MSG_DEBUG, "WPA: PTK derivation - A1=" MACSTR " A2=" MACSTR"\n",
+		   MAC2STR(addr1), MAC2STR(addr2));
+
+	wpa_hexdump(MSG_MSGDUMP, "WPA: PMK", pmk, pmk_len);
+	wpa_hexdump(MSG_MSGDUMP, "WPA: PTK", ptk, ptk_len);
+}
+
+/**
+ * rsn_pmkid - Calculate PMK identifier
+ * @pmk: Pairwise master key
+ * @pmk_len: Length of pmk in bytes
+ * @aa: Authenticator address
+ * @spa: Supplicant address
+ * @pmkid: Buffer for PMKID
+ * @use_sha256: Whether to use SHA256-based KDF
+ *
+ * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
+ * PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA)
+ */
+void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa,
+	       u8 *pmkid, int use_sha256)
+{
+	char title[9];
+	const u8 *addr[3];
+	const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN };
+	unsigned char hash[SHA256_MAC_LEN];
+
+    os_memcpy(title, "PMK Name", sizeof("PMK Name"));
+	addr[0] = (u8 *) title;
+	addr[1] = aa;
+	addr[2] = spa;
+
+#ifdef CONFIG_IEEE80211W
+	if (use_sha256) {
+		fast_hmac_sha256_vector(pmk, pmk_len, 3, addr, len, hash);
+	}
+	else
+#endif /* CONFIG_IEEE80211W */
+	hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash);
+	memcpy(pmkid, hash, PMKID_LEN);
+}
+
+int wpa_cipher_key_len(int cipher)
+{
+	switch (cipher) {
+	case WPA_CIPHER_CCMP:
+	case WPA_CIPHER_GCMP:
+		return 16;
+	case WPA_CIPHER_TKIP:
+		return 32;
+	case WPA_CIPHER_WEP104:
+		return 13;
+	case WPA_CIPHER_WEP40:
+		return 5;
+	}
+
+	return 0;
+}
+
+int wpa_cipher_to_alg(int cipher)
+{
+	switch (cipher) {
+	case WPA_CIPHER_CCMP:
+		return WPA_ALG_CCMP;
+	case WPA_CIPHER_GCMP:
+		return WPA_ALG_GCMP;
+	case WPA_CIPHER_TKIP:
+		return WPA_ALG_TKIP;
+	case WPA_CIPHER_WEP104:
+	case WPA_CIPHER_WEP40:
+		return WPA_ALG_WEP;
+	}
+	return WPA_ALG_NONE;
+}
+
+u32 wpa_cipher_to_suite(int proto, int cipher)
+{
+	if (cipher & WPA_CIPHER_CCMP)
+		return (proto == WPA_PROTO_RSN ?
+			RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP);
+	if (cipher & WPA_CIPHER_GCMP)
+		return RSN_CIPHER_SUITE_GCMP;
+	if (cipher & WPA_CIPHER_TKIP)
+		return (proto == WPA_PROTO_RSN ?
+			RSN_CIPHER_SUITE_TKIP : WPA_CIPHER_SUITE_TKIP);
+	if (cipher & WPA_CIPHER_WEP104)
+		return (proto == WPA_PROTO_RSN ?
+			RSN_CIPHER_SUITE_WEP104 : WPA_CIPHER_SUITE_WEP104);
+	if (cipher & WPA_CIPHER_WEP40)
+		return (proto == WPA_PROTO_RSN ?
+			RSN_CIPHER_SUITE_WEP40 : WPA_CIPHER_SUITE_WEP40);
+	if (cipher & WPA_CIPHER_NONE)
+		return (proto == WPA_PROTO_RSN ?
+			RSN_CIPHER_SUITE_NONE : WPA_CIPHER_SUITE_NONE);
+	return 0;
+}
+
+int rsn_cipher_put_suites(u8 *pos, int ciphers)
+{
+	int num_suites = 0;
+
+	if (ciphers & WPA_CIPHER_CCMP) {
+		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+	if (ciphers & WPA_CIPHER_GCMP) {
+		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+	if (ciphers & WPA_CIPHER_TKIP) {
+		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_TKIP);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+	if (ciphers & WPA_CIPHER_NONE) {
+		RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NONE);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+
+	return num_suites;
+}
+
+int wpa_cipher_put_suites(u8 *pos, int ciphers)
+{
+	int num_suites = 0;
+
+	if (ciphers & WPA_CIPHER_CCMP) {
+		RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_CCMP);
+		pos += WPA_SELECTOR_LEN;
+		num_suites++;
+	}
+	if (ciphers & WPA_CIPHER_TKIP) {
+		RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_TKIP);
+		pos += WPA_SELECTOR_LEN;
+		num_suites++;
+	}
+	if (ciphers & WPA_CIPHER_NONE) {
+		RSN_SELECTOR_PUT(pos, WPA_CIPHER_SUITE_NONE);
+		pos += WPA_SELECTOR_LEN;
+		num_suites++;
+	}
+
+	return num_suites;
+}
+
+#endif // ESP_SUPPLICANT
+
+

components/wpa_supplicant/include/wpa/wpa_common.h → components/wpa_supplicant/src/common/wpa_common.h

@@ -42,9 +42,6 @@
 #define WPA_CIPHER_SUITE_NONE RSN_SELECTOR(0x00, 0x50, 0xf2, 0)
 #define WPA_CIPHER_SUITE_WEP40 RSN_SELECTOR(0x00, 0x50, 0xf2, 1)
 #define WPA_CIPHER_SUITE_TKIP RSN_SELECTOR(0x00, 0x50, 0xf2, 2)
-#if 0
-#define WPA_CIPHER_SUITE_WRAP RSN_SELECTOR(0x00, 0x50, 0xf2, 3)
-#endif
 #define WPA_CIPHER_SUITE_CCMP RSN_SELECTOR(0x00, 0x50, 0xf2, 4)
 #define WPA_CIPHER_SUITE_WEP104 RSN_SELECTOR(0x00, 0x50, 0xf2, 5)
 
@@ -61,9 +58,6 @@
 #define RSN_CIPHER_SUITE_NONE RSN_SELECTOR(0x00, 0x0f, 0xac, 0)
 #define RSN_CIPHER_SUITE_WEP40 RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
 #define RSN_CIPHER_SUITE_TKIP RSN_SELECTOR(0x00, 0x0f, 0xac, 2)
-#if 0
-#define RSN_CIPHER_SUITE_WRAP RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
-#endif
 #define RSN_CIPHER_SUITE_CCMP RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
 #define RSN_CIPHER_SUITE_WEP104 RSN_SELECTOR(0x00, 0x0f, 0xac, 5)
 #ifdef CONFIG_IEEE80211W
@@ -76,9 +70,6 @@
  * GroupKey and PeerKey require encryption, otherwise, encryption is optional.
  */
 #define RSN_KEY_DATA_GROUPKEY RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
-#if 0
-#define RSN_KEY_DATA_STAKEY RSN_SELECTOR(0x00, 0x0f, 0xac, 2)
-#endif
 #define RSN_KEY_DATA_MAC_ADDR RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
 #define RSN_KEY_DATA_PMKID RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
 #ifdef CONFIG_PEERKEY
@@ -329,4 +320,17 @@ void wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
 void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa,
 	       u8 *pmkid, int use_sha256);
 
+int wpa_cipher_key_len(int cipher);
+
+int wpa_cipher_to_alg(int cipher);
+
+u32 wpa_cipher_to_suite(int proto, int cipher);
+
+int wpa_cipher_put_suites(u8 *pos, int ciphers);
+
+int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
+           struct wpa_ie_data *data);
+
+int rsn_cipher_put_suites(u8 *pos, int ciphers);
+
 #endif /* WPA_COMMON_H */

components/wpa_supplicant/src/common/wpa_ctrl.h

@@ -0,0 +1,196 @@
+/*
+ * wpa_supplicant/hostapd control interface library
+ * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef WPA_CTRL_H
+#define WPA_CTRL_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* wpa_supplicant control interface - fixed message prefixes */
+
+/** Interactive request for identity/password/pin */
+#define WPA_CTRL_REQ "CTRL-REQ-"
+
+/** Response to identity/password/pin request */
+#define WPA_CTRL_RSP "CTRL-RSP-"
+
+/* Event messages with fixed prefix */
+/** Authentication completed successfully and data connection enabled */
+#define WPA_EVENT_CONNECTED "CTRL-EVENT-CONNECTED "
+/** Disconnected, data connection is not available */
+#define WPA_EVENT_DISCONNECTED "CTRL-EVENT-DISCONNECTED "
+/** Association rejected during connection attempt */
+#define WPA_EVENT_ASSOC_REJECT "CTRL-EVENT-ASSOC-REJECT "
+/** wpa_supplicant is exiting */
+#define WPA_EVENT_TERMINATING "CTRL-EVENT-TERMINATING "
+/** Password change was completed successfully */
+#define WPA_EVENT_PASSWORD_CHANGED "CTRL-EVENT-PASSWORD-CHANGED "
+/** EAP-Request/Notification received */
+#define WPA_EVENT_EAP_NOTIFICATION "CTRL-EVENT-EAP-NOTIFICATION "
+/** EAP authentication started (EAP-Request/Identity received) */
+#define WPA_EVENT_EAP_STARTED "CTRL-EVENT-EAP-STARTED "
+/** EAP method proposed by the server */
+#define WPA_EVENT_EAP_PROPOSED_METHOD "CTRL-EVENT-EAP-PROPOSED-METHOD "
+/** EAP method selected */
+#define WPA_EVENT_EAP_METHOD "CTRL-EVENT-EAP-METHOD "
+/** EAP peer certificate from TLS */
+#define WPA_EVENT_EAP_PEER_CERT "CTRL-EVENT-EAP-PEER-CERT "
+/** EAP TLS certificate chain validation error */
+#define WPA_EVENT_EAP_TLS_CERT_ERROR "CTRL-EVENT-EAP-TLS-CERT-ERROR "
+/** EAP status */
+#define WPA_EVENT_EAP_STATUS "CTRL-EVENT-EAP-STATUS "
+/** EAP authentication completed successfully */
+#define WPA_EVENT_EAP_SUCCESS "CTRL-EVENT-EAP-SUCCESS "
+/** EAP authentication failed (EAP-Failure received) */
+#define WPA_EVENT_EAP_FAILURE "CTRL-EVENT-EAP-FAILURE "
+/** Network block temporarily disabled (e.g., due to authentication failure) */
+#define WPA_EVENT_TEMP_DISABLED "CTRL-EVENT-SSID-TEMP-DISABLED "
+/** Temporarily disabled network block re-enabled */
+#define WPA_EVENT_REENABLED "CTRL-EVENT-SSID-REENABLED "
+/** New scan results available */
+#define WPA_EVENT_SCAN_RESULTS "CTRL-EVENT-SCAN-RESULTS "
+/** wpa_supplicant state change */
+#define WPA_EVENT_STATE_CHANGE "CTRL-EVENT-STATE-CHANGE "
+/** A new BSS entry was added (followed by BSS entry id and BSSID) */
+#define WPA_EVENT_BSS_ADDED "CTRL-EVENT-BSS-ADDED "
+/** A BSS entry was removed (followed by BSS entry id and BSSID) */
+#define WPA_EVENT_BSS_REMOVED "CTRL-EVENT-BSS-REMOVED "
+#ifdef ANDROID_P2P
+/** Notify the Userspace about the freq conflict */
+#define WPA_EVENT_FREQ_CONFLICT "CTRL-EVENT-FREQ-CONFLICT "
+#endif
+
+/** RSN IBSS 4-way handshakes completed with specified peer */
+#define IBSS_RSN_COMPLETED "IBSS-RSN-COMPLETED "
+
+/** WPS overlap detected in PBC mode */
+#define WPS_EVENT_OVERLAP "WPS-OVERLAP-DETECTED "
+/** Available WPS AP with active PBC found in scan results */
+#define WPS_EVENT_AP_AVAILABLE_PBC "WPS-AP-AVAILABLE-PBC "
+/** Available WPS AP with our address as authorized in scan results */
+#define WPS_EVENT_AP_AVAILABLE_AUTH "WPS-AP-AVAILABLE-AUTH "
+/** Available WPS AP with recently selected PIN registrar found in scan results
+ */
+#define WPS_EVENT_AP_AVAILABLE_PIN "WPS-AP-AVAILABLE-PIN "
+/** Available WPS AP found in scan results */
+#define WPS_EVENT_AP_AVAILABLE "WPS-AP-AVAILABLE "
+/** A new credential received */
+#define WPS_EVENT_CRED_RECEIVED "WPS-CRED-RECEIVED "
+/** M2D received */
+#define WPS_EVENT_M2D "WPS-M2D "
+/** WPS registration failed after M2/M2D */
+#define WPS_EVENT_FAIL "WPS-FAIL "
+/** WPS registration completed successfully */
+#define WPS_EVENT_SUCCESS "WPS-SUCCESS "
+/** WPS enrollment attempt timed out and was terminated */
+#define WPS_EVENT_TIMEOUT "WPS-TIMEOUT "
+/* PBC mode was activated */
+#define WPS_EVENT_ACTIVE "WPS-PBC-ACTIVE "
+/* PBC mode was disabled */
+#define WPS_EVENT_DISABLE "WPS-PBC-DISABLE "
+
+#define WPS_EVENT_ENROLLEE_SEEN "WPS-ENROLLEE-SEEN "
+
+#define WPS_EVENT_OPEN_NETWORK "WPS-OPEN-NETWORK "
+
+/* WPS ER events */
+#define WPS_EVENT_ER_AP_ADD "WPS-ER-AP-ADD "
+#define WPS_EVENT_ER_AP_REMOVE "WPS-ER-AP-REMOVE "
+#define WPS_EVENT_ER_ENROLLEE_ADD "WPS-ER-ENROLLEE-ADD "
+#define WPS_EVENT_ER_ENROLLEE_REMOVE "WPS-ER-ENROLLEE-REMOVE "
+#define WPS_EVENT_ER_AP_SETTINGS "WPS-ER-AP-SETTINGS "
+#define WPS_EVENT_ER_SET_SEL_REG "WPS-ER-AP-SET-SEL-REG "
+
+/** P2P device found */
+#define P2P_EVENT_DEVICE_FOUND "P2P-DEVICE-FOUND "
+
+/** P2P device lost */
+#define P2P_EVENT_DEVICE_LOST "P2P-DEVICE-LOST "
+
+/** A P2P device requested GO negotiation, but we were not ready to start the
+ * negotiation */
+#define P2P_EVENT_GO_NEG_REQUEST "P2P-GO-NEG-REQUEST "
+#define P2P_EVENT_GO_NEG_SUCCESS "P2P-GO-NEG-SUCCESS "
+#define P2P_EVENT_GO_NEG_FAILURE "P2P-GO-NEG-FAILURE "
+#define P2P_EVENT_GROUP_FORMATION_SUCCESS "P2P-GROUP-FORMATION-SUCCESS "
+#define P2P_EVENT_GROUP_FORMATION_FAILURE "P2P-GROUP-FORMATION-FAILURE "
+#define P2P_EVENT_GROUP_STARTED "P2P-GROUP-STARTED "
+#define P2P_EVENT_GROUP_REMOVED "P2P-GROUP-REMOVED "
+#define P2P_EVENT_CROSS_CONNECT_ENABLE "P2P-CROSS-CONNECT-ENABLE "
+#define P2P_EVENT_CROSS_CONNECT_DISABLE "P2P-CROSS-CONNECT-DISABLE "
+/* parameters: <peer address> <PIN> */
+#define P2P_EVENT_PROV_DISC_SHOW_PIN "P2P-PROV-DISC-SHOW-PIN "
+/* parameters: <peer address> */
+#define P2P_EVENT_PROV_DISC_ENTER_PIN "P2P-PROV-DISC-ENTER-PIN "
+/* parameters: <peer address> */
+#define P2P_EVENT_PROV_DISC_PBC_REQ "P2P-PROV-DISC-PBC-REQ "
+/* parameters: <peer address> */
+#define P2P_EVENT_PROV_DISC_PBC_RESP "P2P-PROV-DISC-PBC-RESP "
+/* parameters: <peer address> <status> */
+#define P2P_EVENT_PROV_DISC_FAILURE "P2P-PROV-DISC-FAILURE"
+/* parameters: <freq> <src addr> <dialog token> <update indicator> <TLVs> */
+#define P2P_EVENT_SERV_DISC_REQ "P2P-SERV-DISC-REQ "
+/* parameters: <src addr> <update indicator> <TLVs> */
+#define P2P_EVENT_SERV_DISC_RESP "P2P-SERV-DISC-RESP "
+#define P2P_EVENT_INVITATION_RECEIVED "P2P-INVITATION-RECEIVED "
+#define P2P_EVENT_INVITATION_RESULT "P2P-INVITATION-RESULT "
+#define P2P_EVENT_FIND_STOPPED "P2P-FIND-STOPPED "
+#define P2P_EVENT_PERSISTENT_PSK_FAIL "P2P-PERSISTENT-PSK-FAIL id="
+
+/* parameters: <PMF enabled> <timeout in ms> <Session Information URL> */
+#define ESS_DISASSOC_IMMINENT "ESS-DISASSOC-IMMINENT "
+
+#define INTERWORKING_AP "INTERWORKING-AP "
+#define INTERWORKING_NO_MATCH "INTERWORKING-NO-MATCH "
+
+#define GAS_RESPONSE_INFO "GAS-RESPONSE-INFO "
+
+/* hostapd control interface - fixed message prefixes */
+#define WPS_EVENT_PIN_NEEDED "WPS-PIN-NEEDED "
+#define WPS_EVENT_NEW_AP_SETTINGS "WPS-NEW-AP-SETTINGS "
+#define WPS_EVENT_REG_SUCCESS "WPS-REG-SUCCESS "
+#define WPS_EVENT_AP_SETUP_LOCKED "WPS-AP-SETUP-LOCKED "
+#define WPS_EVENT_AP_SETUP_UNLOCKED "WPS-AP-SETUP-UNLOCKED "
+#define WPS_EVENT_AP_PIN_ENABLED "WPS-AP-PIN-ENABLED "
+#define WPS_EVENT_AP_PIN_DISABLED "WPS-AP-PIN-DISABLED "
+#define AP_STA_CONNECTED "AP-STA-CONNECTED "
+#define AP_STA_DISCONNECTED "AP-STA-DISCONNECTED "
+
+#define AP_REJECTED_MAX_STA "AP-REJECTED-MAX-STA "
+#define AP_REJECTED_BLOCKED_STA "AP-REJECTED-BLOCKED-STA "
+
+/* BSS command information masks */
+
+#define WPA_BSS_MASK_ALL		0xFFFDFFFF
+#define WPA_BSS_MASK_ID			BIT(0)
+#define WPA_BSS_MASK_BSSID		BIT(1)
+#define WPA_BSS_MASK_FREQ		BIT(2)
+#define WPA_BSS_MASK_BEACON_INT		BIT(3)
+#define WPA_BSS_MASK_CAPABILITIES	BIT(4)
+#define WPA_BSS_MASK_QUAL		BIT(5)
+#define WPA_BSS_MASK_NOISE		BIT(6)
+#define WPA_BSS_MASK_LEVEL		BIT(7)
+#define WPA_BSS_MASK_TSF		BIT(8)
+#define WPA_BSS_MASK_AGE		BIT(9)
+#define WPA_BSS_MASK_IE			BIT(10)
+#define WPA_BSS_MASK_FLAGS		BIT(11)
+#define WPA_BSS_MASK_SSID		BIT(12)
+#define WPA_BSS_MASK_WPS_SCAN		BIT(13)
+#define WPA_BSS_MASK_P2P_SCAN		BIT(14)
+#define WPA_BSS_MASK_INTERNETW		BIT(15)
+#define WPA_BSS_MASK_WIFI_DISPLAY	BIT(16)
+#define WPA_BSS_MASK_DELIM		BIT(17)
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* WPA_CTRL_H */

components/wpa_supplicant/src/crypto/aes-cbc.c

@@ -13,9 +13,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/aes.h"
 #include "crypto/aes_wrap.h"
 

components/wpa_supplicant/src/crypto/aes-internal-dec.c

@@ -21,9 +21,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 #include "crypto/aes_i.h"
 

components/wpa_supplicant/src/crypto/aes-internal-enc.c

@@ -21,8 +21,8 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
-#include "crypto/common.h"
+#include "utils/includes.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 #include "crypto/aes_i.h"
 

components/wpa_supplicant/src/crypto/aes-internal.c

@@ -21,10 +21,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-//#include "wpa/common.h"
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 #include "crypto/aes_i.h"
 

components/wpa_supplicant/src/crypto/aes-unwrap.c

@@ -13,9 +13,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/aes.h"
 #include "crypto/aes_wrap.h"
 

components/wpa_supplicant/src/crypto/aes-wrap.c

@@ -7,9 +7,9 @@
  * See README for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/aes.h"
 #include "crypto/aes_wrap.h"
 

components/wpa_supplicant/include/crypto/aes_i.h → components/wpa_supplicant/src/crypto/aes_i.h

@@ -15,7 +15,7 @@
 #ifndef AES_I_H
 #define AES_I_H
 
-#include "aes.h"
+#include "crypto/aes.h"
 
 /* #define FULL_UNROLL */
 #define AES_SMALL_TABLES

components/wpa_supplicant/src/crypto/bignum.c

@@ -12,10 +12,10 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
-#include "crypto/common.h"
-#include "wpa/wpabuf.h"
-#include "wpa/wpa_debug.h"
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "utils/wpabuf.h"
+#include "utils/wpa_debug.h"
 #include "bignum.h"
 
 #define CONFIG_INTERNAL_LIBTOMMATH 

components/wpa_supplicant/src/crypto/crypto_internal-cipher.c

@@ -6,21 +6,13 @@
  * See README for more details.
  */
 
-//#include "wpa/includes.h"
-
-//#include "wpa/common.h"
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 #include "crypto/aes.h"
 #if defined(CONFIG_DES) || defined(CONFIG_DES3)
 #include "crypto/des_i.h"
 #endif
 
-#ifdef MEMLEAK_DEBUG
-static const char mem_debug_file[] ICACHE_RODATA_ATTR = __FILE__;
-#endif
-
-
 struct crypto_cipher {
 	enum crypto_cipher_alg alg;
 	union {

components/wpa_supplicant/src/crypto/crypto_internal-modexp.c

@@ -12,9 +12,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "bignum.h"
 #include "crypto/crypto.h"
 

components/wpa_supplicant/src/crypto/crypto_internal-rsa.c

@@ -6,16 +6,16 @@
  * See README for more details.
  */
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 
-#include "wpa/includes.h"
-#include "wpa/common.h"
-#include "wpa/wpa_debug.h"
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "utils/wpa_debug.h"
 
-#include "wpa2/tls/rsa.h"
-#include "wpa2/tls/pkcs1.h"
-#include "wpa2/tls/pkcs8.h"
+#include "tls/rsa.h"
+#include "tls/pkcs1.h"
+#include "tls/pkcs8.h"
 
 /* Dummy structures; these are just typecast to struct crypto_rsa_key */
 struct crypto_public_key;

components/wpa_supplicant/src/crypto/crypto_internal.c

@@ -6,19 +6,12 @@
  * See README for more details.
  */
 
-#include "crypto/includes.h"
-#include "crypto/common.h"
-//#include "wpa/common.h"
+#include "utils/includes.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
-//#include "crypto/sha256_i.h"
 #include "crypto/sha1_i.h"
 #include "crypto/md5_i.h"
 
-#ifdef MEMLEAK_DEBUG
-static const char mem_debug_file[] ICACHE_RODATA_ATTR = __FILE__;
-#endif
-
-
 struct crypto_hash {
 	enum crypto_hash_alg alg;
 	union {

components/wpa_supplicant/src/crypto/crypto_mbedtls.c

@@ -17,8 +17,8 @@
 #include "mbedtls/bignum.h"
 #endif
 
-#include "crypto/includes.h"
-#include "crypto/common.h"
+#include "utils/includes.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 
 #include "mbedtls/ecp.h"

components/wpa_supplicant/src/crypto/des-internal.c

@@ -9,9 +9,9 @@
  */
 
 
-#include "wpa/includes.h"
+#include "utils/includes.h"
 
-#include "wpa/common.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 //#include "des_i.h"
 

components/wpa_supplicant/src/crypto/des_i.h

@@ -0,0 +1,25 @@
+/*
+ * DES and 3DES-EDE ciphers
+ * Copyright (c) 2006-2009, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef DES_I_H
+#define DES_I_H
+
+struct des3_key_s {
+	u32 ek[3][32];
+	u32 dk[3][32];
+};
+
+void des_key_setup(const u8 *key, u32 *ek, u32 *dk);
+void des_block_encrypt(const u8 *plain, const u32 *ek, u8 *crypt);
+void des_block_decrypt(const u8 *crypt, const u32 *dk, u8 *plain);
+
+void des3_key_setup(const u8 *key, struct des3_key_s *dkey);
+void des3_encrypt(const u8 *plain, const struct des3_key_s *key, u8 *crypt);
+void des3_decrypt(const u8 *crypt, const struct des3_key_s *key, u8 *plain);
+
+#endif /* DES_I_H */

components/wpa_supplicant/src/crypto/dh_group5.c

@@ -12,9 +12,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/dh_groups.h"
 #include "crypto/dh_group5.h"
 

components/wpa_supplicant/src/crypto/dh_groups.c

@@ -12,18 +12,16 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 #include "crypto/random.h"
 #include "crypto/dh_groups.h"
-#include "wpa/wpabuf.h"
-#include "wpa/wpa_debug.h"
+#include "utils/wpabuf.h"
+#include "utils/wpa_debug.h"
 #include "esp_wifi_crypto_types.h"
 
-extern wps_crypto_funcs_t wps_crypto_funcs;
-
 #ifdef ALL_DH_GROUPS
 
 /* RFC 4306, B.1. Group 1 - 768 Bit MODP
@@ -588,16 +586,10 @@ dh_init(const struct dh_group *dh, struct wpabuf **priv)
 	if (pv == NULL)
 		return NULL;
 
-	if (wps_crypto_funcs.crypto_mod_exp) {
-		if (wps_crypto_funcs.crypto_mod_exp(dh->generator, dh->generator_len,
-						    wpabuf_head(*priv), wpabuf_len(*priv),
-						    dh->prime, dh->prime_len, wpabuf_mhead(pv),
-						    &pv_len)) {
-			wpabuf_free(pv);
-			wpa_printf(MSG_INFO, "DH: crypto_mod_exp failed");
-			return NULL;
-		}
-	} else {
+	if (fast_crypto_mod_exp(dh->generator, dh->generator_len,
+						wpabuf_head(*priv), wpabuf_len(*priv),
+						dh->prime, dh->prime_len, wpabuf_mhead(pv),
+						&pv_len)) {
 		wpabuf_free(pv);
 		wpa_printf(MSG_INFO, "DH: crypto_mod_exp failed");
 		return NULL;
@@ -632,16 +624,10 @@ dh_derive_shared(const struct wpabuf *peer_public,
 	if (shared == NULL)
 		return NULL;
 
-	if (wps_crypto_funcs.crypto_mod_exp) {
-		if (wps_crypto_funcs.crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public),
-						    wpabuf_head(own_private), wpabuf_len(own_private),
-						    dh->prime, dh->prime_len,
-						    wpabuf_mhead(shared), &shared_len)) {
-			wpabuf_free(shared);
-			wpa_printf(MSG_INFO, "DH: crypto_mod_exp failed");
-			return NULL;
-		}
-	} else {
+	if (fast_crypto_mod_exp(wpabuf_head(peer_public), wpabuf_len(peer_public),
+						wpabuf_head(own_private), wpabuf_len(own_private),
+						dh->prime, dh->prime_len,
+						wpabuf_mhead(shared), &shared_len)) {
 		wpabuf_free(shared);
 		wpa_printf(MSG_INFO, "DH: crypto_mod_exp failed");
 		return NULL;

components/wpa_supplicant/src/crypto/md4-internal.c

@@ -4,8 +4,8 @@
  * This software may be distributed under the terms of BSD license.
  */
 
-#include "crypto/includes.h"
-#include "crypto/common.h"
+#include "utils/includes.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 
 #define MD4_BLOCK_LENGTH	64

components/wpa_supplicant/src/crypto/md5-internal.c

@@ -12,9 +12,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/md5.h"
 #include "crypto/md5_i.h"
 #include "crypto/crypto.h"

components/wpa_supplicant/src/crypto/md5.c

@@ -12,9 +12,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/md5.h"
 #include "crypto/crypto.h"
 

components/wpa_supplicant/src/crypto/ms_funcs.c

@@ -7,9 +7,9 @@
  */
 
 
-#include "wpa/includes.h"
+#include "utils/includes.h"
 
-#include "wpa/common.h"
+#include "utils/common.h"
 #include "crypto/sha1.h"
 #include "crypto/ms_funcs.h"
 #include "crypto/crypto.h"

components/wpa_supplicant/src/crypto/rc4.c

@@ -12,9 +12,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 
 #define S_SWAP(a,b) do { u8 t = S[a]; S[a] = S[b]; S[b] = t; } while(0)

components/wpa_supplicant/src/crypto/sha1-internal.c

@@ -12,9 +12,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/sha1.h"
 #include "crypto/sha1_i.h"
 #include "crypto/md5.h"

components/wpa_supplicant/src/crypto/sha1-pbkdf2.c

@@ -12,8 +12,8 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
-#include "crypto/common.h"
+#include "utils/includes.h"
+#include "utils/common.h"
 #include "crypto/sha1.h"
 #include "crypto/md5.h"
 #include "crypto/crypto.h"

components/wpa_supplicant/src/crypto/sha1.c

@@ -12,9 +12,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/sha1.h"
 #include "crypto/crypto.h"
 

components/wpa_supplicant/src/crypto/sha256-internal.c

@@ -12,9 +12,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/sha256.h"
 #include "crypto/crypto.h"
 

components/wpa_supplicant/src/crypto/sha256.c

@@ -12,9 +12,9 @@
  * See README and COPYING for more details.
  */
 
-#include "crypto/includes.h"
+#include "utils/includes.h"
 
-#include "crypto/common.h"
+#include "utils/common.h"
 #include "crypto/sha256.h"
 #include "crypto/crypto.h"
 

components/wpa_supplicant/src/wpa2/eap_peer/chap.c → components/wpa_supplicant/src/eap_peer/chap.c

@@ -4,8 +4,8 @@
  */
 #ifdef CHAP_MD5
 
-#include "wpa/includes.h"
-#include "wpa/common.h"
+#include "utils/includes.h"
+#include "utils/common.h"
 #include "crypto/crypto.h"
 #include "wpa2/eap_peer/chap.h"
 

components/wpa_supplicant/src/wpa2/eap_peer/eap.c → components/wpa_supplicant/src/eap_peer/eap.c

@@ -18,34 +18,34 @@
      
 #include "esp_err.h"
 
-#include "wpa/includes.h"
-#include "wpa/common.h"
-#include "wpa/wpa_debug.h"
-#include "wpa/eapol_common.h"
-#include "wpa/ieee802_11_defs.h"
-#include "wpa/state_machine.h"
-#include "wpa/wpa.h"
+#include "utils/includes.h"
+#include "utils/common.h"
+#include "utils/wpa_debug.h"
+#include "common/eapol_common.h"
+#include "common/ieee802_11_defs.h"
+#include "utils/state_machine.h"
+#include "rsn_supp/wpa.h"
 
 #include "crypto/crypto.h"
 
-#include "wpa2/utils/ext_password.h"
-#include "wpa2/tls/tls.h"
-#include "wpa2/eap_peer/eap_i.h"
-#include "wpa2/eap_peer/eap_config.h"
-#include "wpa2/eap_peer/eap.h"
-#include "wpa2/eap_peer/eap_tls.h"
+#include "utils/ext_password.h"
+#include "tls/tls.h"
+#include "eap_peer/eap_i.h"
+#include "eap_peer/eap_config.h"
+#include "eap_peer/eap.h"
+#include "eap_peer/eap_tls.h"
+#include "esp_supplicant/esp_wifi_driver.h"
 #ifdef EAP_PEER_METHOD
-#include "wpa2/eap_peer/eap_methods.h"
+#include "eap_peer/eap_methods.h"
 #endif
 
+#include "supplicant_opt.h"
+
 
-static bool gl_disable_time_check = true;
 void eap_peer_config_deinit(struct eap_sm *sm);
 void eap_peer_blob_deinit(struct eap_sm *sm);
 void eap_deinit_prev_method(struct eap_sm *sm, const char *txt);
 
-extern bool ieee80211_unregister_wpa2_cb(void);
-
 #ifdef EAP_PEER_METHOD
 static struct eap_method *eap_methods = NULL;
 
@@ -333,7 +333,7 @@ struct wpabuf * eap_sm_build_nak(struct eap_sm *sm, EapType type, u8 id)
 #endif
 
 int eap_peer_config_init(
-	struct eap_sm *sm, u8 *private_key_passwd,
+	struct eap_sm *sm, const u8 *private_key_passwd,
 	int private_key_passwd_len)
 {
 	if (!sm)
@@ -478,8 +478,6 @@ void eap_sm_abort(struct eap_sm *sm)
 {
 	wpabuf_free(sm->lastRespData);
 	sm->lastRespData = NULL;
-	//os_free(sm->eapKeyData);
-	//sm->eapKeyData = NULL;
 }
 
 /**
@@ -559,184 +557,3 @@ const struct wpa_config_blob * eap_get_config_blob(struct eap_sm *sm,
 	return NULL;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len)
-{
-	if (client_cert && client_cert_len > 0) {
-		g_wpa_client_cert = client_cert;
-		g_wpa_client_cert_len = client_cert_len;
-	}
-	if (private_key && private_key_len > 0) {
-		g_wpa_private_key = private_key;
-		g_wpa_private_key_len = private_key_len;
-	} 
-	if (private_key_passwd && private_key_passwd_len > 0) {
-		g_wpa_private_key_passwd = private_key_passwd;
-		g_wpa_private_key_passwd_len = private_key_passwd_len;
-	}
-
-	return ESP_OK;
-}
-
-void esp_wifi_sta_wpa2_ent_clear_cert_key(void)
-{
-	ieee80211_unregister_wpa2_cb();
-
-    g_wpa_client_cert = NULL;
-    g_wpa_client_cert_len = 0;
-    g_wpa_private_key = NULL;
-    g_wpa_private_key_len = 0;
-    g_wpa_private_key_passwd = NULL;
-    g_wpa_private_key_passwd_len = 0;
-}
-
-esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len)
-{
-	if (ca_cert && ca_cert_len > 0) {
-		g_wpa_ca_cert = ca_cert;
-		g_wpa_ca_cert_len = ca_cert_len;	
-	}
-
-	return ESP_OK;
-}
-
-void esp_wifi_sta_wpa2_ent_clear_ca_cert(void)
-{
-	g_wpa_ca_cert = NULL;
-	g_wpa_ca_cert_len = 0;
-}
-
-#define ANONYMOUS_ID_LEN_MAX 128
-esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len)
-{
-	if (len <= 0 || len > ANONYMOUS_ID_LEN_MAX) {
-		return ESP_ERR_INVALID_ARG;
-	}
-
-	if (g_wpa_anonymous_identity) {
-		os_free(g_wpa_anonymous_identity);
-		g_wpa_anonymous_identity = NULL;
-	}
-
-	g_wpa_anonymous_identity = (u8 *)os_zalloc(len);
-	if (g_wpa_anonymous_identity == NULL) {
-		return ESP_ERR_NO_MEM;
-	}
-
-	os_memcpy(g_wpa_anonymous_identity, identity, len);
-	g_wpa_anonymous_identity_len = len;
-
-	return ESP_OK;
-}
-
-void esp_wifi_sta_wpa2_ent_clear_identity(void)
-{
-	if (g_wpa_anonymous_identity)
-		os_free(g_wpa_anonymous_identity);
-
-	g_wpa_anonymous_identity = NULL;
-	g_wpa_anonymous_identity_len = 0;
-}
-
-#define USERNAME_LEN_MAX 128
-esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len)
-{
-	if (len <= 0 || len > USERNAME_LEN_MAX)
-		return ESP_ERR_INVALID_ARG;
-
-	if (g_wpa_username) {
-		os_free(g_wpa_username);
-		g_wpa_username = NULL;
-	}
-
-	g_wpa_username = (u8 *)os_zalloc(len);
-	if (g_wpa_username == NULL)
-		return ESP_ERR_NO_MEM;
-
-	os_memcpy(g_wpa_username, username, len);
-	g_wpa_username_len = len;
-
-	return ESP_OK;
-}
-
-void esp_wifi_sta_wpa2_ent_clear_username(void)
-{
-	if (g_wpa_username)
-		os_free(g_wpa_username);
-
-	g_wpa_username = NULL;
-	g_wpa_username_len = 0;
-}
-
-esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len)
-{
-	if (len <= 0)
-		return ESP_ERR_INVALID_ARG;
-
-	if (g_wpa_password) {
-		os_free(g_wpa_password);
-		g_wpa_password = NULL;
-	}
-
-	g_wpa_password = (u8 *)os_zalloc(len);
-	if (g_wpa_password == NULL)
-		return ESP_ERR_NO_MEM;
-
-	os_memcpy(g_wpa_password, password, len);
-	g_wpa_password_len = len;
-
-	return ESP_OK;
-}
-
-void esp_wifi_sta_wpa2_ent_clear_password(void)
-{
-	if (g_wpa_password)
-		os_free(g_wpa_password);
-	g_wpa_password = NULL;
-	g_wpa_password_len = 0;
-}
-
-esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len)
-{
-	if (len <= 0)
-		return ESP_ERR_INVALID_ARG;
-
-	if (g_wpa_new_password) {
-		os_free(g_wpa_new_password);
-		g_wpa_new_password = NULL;
-	}
-
-	g_wpa_new_password = (u8 *)os_zalloc(len);
-	if (g_wpa_new_password == NULL)
-		return ESP_ERR_NO_MEM;
-
-	os_memcpy(g_wpa_new_password, new_password, len);
-	g_wpa_password_len = len;
-
-	return ESP_OK;
-}
-
-void esp_wifi_sta_wpa2_ent_clear_new_password(void)
-{
-	if (g_wpa_new_password)
-		os_free(g_wpa_new_password);
-	g_wpa_new_password = NULL;
-	g_wpa_new_password_len = 0;
-}
-
-esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable)
-{
-	gl_disable_time_check = disable;
-	return ESP_OK;
-}
-
-bool wifi_sta_get_enterprise_disable_time_check(void)
-{
-	return gl_disable_time_check;
-}
-
-esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable)
-{
-	*disable = wifi_sta_get_enterprise_disable_time_check();
-	return ESP_OK;
-}
-

components/wpa_supplicant/include/wpa2/eap_peer/eap.h → components/wpa_supplicant/src/eap_peer/eap.h

@@ -9,8 +9,8 @@
 #ifndef EAP_H
 #define EAP_H
 
-#include "wpa/defs.h"
-#include "wpa2/eap_peer/eap_defs.h"
+#include "common/defs.h"
+#include "eap_peer/eap_defs.h"
 
 struct eap_sm;
 
@@ -45,7 +45,7 @@ struct wpabuf * eap_sm_build_nak(struct eap_sm *sm, EapType type, u8 id);
 int eap_peer_blob_init(struct eap_sm *sm);
 void eap_peer_blob_deinit(struct eap_sm *sm);
 int eap_peer_config_init(
-	struct eap_sm *sm, u8 *private_key_passwd,
+	struct eap_sm *sm, const u8 *private_key_passwd,
 	int private_key_passwd_len);
 void eap_peer_config_deinit(struct eap_sm *sm);
 void eap_sm_abort(struct eap_sm *sm);

components/wpa_supplicant/src/wpa2/eap_peer/eap_common.c → components/wpa_supplicant/src/eap_peer/eap_common.c

@@ -6,11 +6,11 @@
  * See README for more details.
  */
 
-#include "wpa/includes.h"
+#include "utils/includes.h"
 
-#include "wpa/common.h"
-#include "wpa2/eap_peer/eap_defs.h"
-#include "wpa2/eap_peer/eap_common.h"
+#include "utils/common.h"
+#include "eap_peer/eap_defs.h"
+#include "eap_peer/eap_common.h"
 
 /**
  * eap_hdr_len_valid - Validate EAP header length field

components/wpa_supplicant/include/wpa2/eap_peer/eap_common.h → components/wpa_supplicant/src/eap_peer/eap_common.h

@@ -9,7 +9,7 @@
 #ifndef EAP_COMMON_H
 #define EAP_COMMON_H
 
-#include "wpa/wpabuf.h"
+#include "utils/wpabuf.h"
 
 int eap_hdr_len_valid(const struct wpabuf *msg, size_t min_payload);
 const u8 * eap_hdr_validate(int vendor, EapType eap_type,

components/wpa_supplicant/include/wpa2/eap_peer/eap_config.h → components/wpa_supplicant/src/eap_peer/eap_config.h

@@ -141,7 +141,7 @@ struct eap_peer_config {
 	 *
 	 * If left out, this will be asked through control interface.
 	 */
-	u8 *private_key_passwd;
+	const u8 *private_key_passwd;
 
 	/**
 	 * Phase 2

components/wpa_supplicant/include/wpa2/eap_peer/eap_i.h → components/wpa_supplicant/src/eap_peer/eap_i.h

@@ -9,7 +9,7 @@
 #ifndef EAP_I_H
 #define EAP_I_H
 
-#include "wpa/wpabuf.h"
+#include "utils/wpabuf.h"
 #include "eap.h"
 #include "eap_common.h"
 #include "eap_config.h"
@@ -134,7 +134,10 @@ struct eap_sm {
 	const struct eap_method *m;
 };
 
-wpa2_crypto_funcs_t wpa2_crypto_funcs;
+typedef enum {
+    WPA2_STATE_ENABLED = 0,
+    WPA2_STATE_DISABLED,
+} wpa2_state_t;
 
 const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
 const u8 * eap_get_config_password(struct eap_sm *sm, size_t *len);

components/wpa_supplicant/include/wpa2/eap_peer/eap_methods.h → components/wpa_supplicant/src/eap_peer/eap_methods.h

@@ -27,7 +27,6 @@ int eap_peer_method_register(struct eap_method *method);
 
 void eap_peer_unregister_methods(void);
 
-//int eap_peer_md5_register(void);
 int eap_peer_tls_register(void);
 int eap_peer_peap_register(void);
 int eap_peer_ttls_register(void);

components/wpa_supplicant/src/wpa2/eap_peer/eap_mschapv2.c → components/wpa_supplicant/src/eap_peer/eap_mschapv2.c

@@ -9,18 +9,18 @@
 
 #ifdef EAP_MSCHAPv2
 
-#include "wpa/wpa.h"
-#include "wpa/includes.h"
-#include "wpa/common.h"
+#include "rsn_supp/wpa.h"
+#include "utils/includes.h"
+#include "utils/common.h"
 #include "crypto/random.h"
 #include "crypto/ms_funcs.h"
-#include "wpa2/tls/tls.h"
-#include "wpa2/eap_peer/eap_i.h"
-#include "wpa2/eap_peer/eap_defs.h"
-#include "wpa2/eap_peer/eap_tls_common.h"
-#include "wpa2/eap_peer/eap_config.h"
-#include "wpa2/eap_peer/mschapv2.h"
-#include "wpa2/eap_peer/eap_methods.h"
+#include "tls/tls.h"
+#include "eap_peer/eap_i.h"
+#include "eap_peer/eap_defs.h"
+#include "eap_peer/eap_tls_common.h"
+#include "eap_peer/eap_config.h"
+#include "eap_peer/mschapv2.h"
+#include "eap_peer/eap_methods.h"
 
 #define MSCHAPV2_OP_CHALLENGE		1
 #define MSCHAPV2_OP_RESPONSE		2
@@ -296,7 +296,6 @@ eap_mschapv2_failure_txt(struct eap_sm *sm,
 			 struct eap_mschapv2_data *data, char *txt)
 {
 	char *pos; 
-	//char *msg = "";
 	int retry = 1;
 	struct eap_peer_config *config = eap_get_config(sm);
 
@@ -345,23 +344,15 @@ eap_mschapv2_failure_txt(struct eap_sm *sm,
 
 	if (pos && os_strncmp(pos, "M=", 2) == 0) {
 		pos += 2;
-		//msg = pos;
 	}
-	#if 0
-	wpa_printf(MSG_WARNING, "EAP-MSCHAPV2: failure message: '%s' (retry %sallowed, error %d)",
-		  msg, retry == 1? "" : "not ", data->prev_error);
-	#endif
 	if (data->prev_error == ERROR_PASSWD_EXPIRED &&
 	    data->passwd_change_version == 3 && config) {
 		if (config->new_password == NULL) {
 			wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Password expired - "
 				  "password change reqired\n");
-			//eap_sm_request_new_password(sm);
 		}
 	} else if (retry == 1 && config) {
 		if (!config->mschapv2_retry)
-			//eap_sm_request_identity(sm);
-		//eap_sm_request_password(sm);
 		config->mschapv2_retry = 1;
 	} else if (config) {
 		config->mschapv2_retry = 0;
@@ -493,8 +484,6 @@ eap_mschapv2_failure(struct eap_sm *sm,
 		if (config && config->new_password)
 			return eap_mschapv2_change_password(sm, data, ret,
 							    req, id);
-		//if (config && config->pending_req_new_password)
-		//	return NULL;
 	} else if (retry && data->prev_error == ERROR_AUTHENTICATION_FAILURE) {
 		return NULL;
 	}

components/wpa_supplicant/src/wpa2/eap_peer/eap_peap.c → components/wpa_supplicant/src/eap_peer/eap_peap.c

@@ -5,20 +5,18 @@
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
  */
-#ifdef EAP_PEAP
-
-#include "wpa/includes.h"
+#include "utils/includes.h"
 
-#include "wpa/common.h"
+#ifdef EAP_PEAP
+#include "utils/common.h"
 #include "crypto/sha1.h"
-#include "wpa2/tls/tls.h"
-#include "wpa2/eap_peer/eap_tlv_common.h"
-#include "wpa2/eap_peer/eap_peap_common.h"
-#include "wpa2/eap_peer/eap_i.h"
-#include "wpa2/eap_peer/eap_tls_common.h"
-#include "wpa2/eap_peer/eap_config.h"
-#include "wpa2/eap_peer/eap_methods.h"
-//#include "tncc.h"
+#include "tls/tls.h"
+#include "eap_peer/eap_tlv_common.h"
+#include "eap_peer/eap_peap_common.h"
+#include "eap_peer/eap_i.h"
+#include "eap_peer/eap_tls_common.h"
+#include "eap_peer/eap_config.h"
+#include "eap_peer/eap_methods.h"
 
 /* Maximum supported PEAP version
  * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
@@ -629,7 +627,6 @@ static int eap_peap_phase2_request(struct eap_sm *sm,
 	size_t len = be_to_host16(hdr->length);
 	u8 *pos;
 	struct eap_method_ret iret;
-	//struct eap_peer_config *config = eap_get_config(sm);
 
 	if (len <= sizeof(struct eap_hdr)) {
 		wpa_printf(MSG_INFO, "EAP-PEAP: too short "
@@ -1111,10 +1108,8 @@ eap_peap_process(struct eap_sm *sm, void *priv,
 			 * label by default, but allow it to be configured with
 			 * phase1 parameter peaplabel=1. */
 			if (data->peap_version > 1 || data->force_new_label)
-				//label = "client PEAP encryption";
 				strcpy(label, "client PEAP encryption");
 			else
-				//label = "client EAP encryption";
 				strcpy(label, "client EAP encryption");
 			wpa_printf(MSG_DEBUG, "EAP-PEAP: using label '%s' in "
 				   "key derivation", label);

components/wpa_supplicant/src/wpa2/eap_peer/eap_peap_common.c → components/wpa_supplicant/src/eap_peer/eap_peap_common.c

@@ -6,13 +6,13 @@
  * See README for more details.
  */
 
-#ifdef EAP_PEAP
+#include "utils/includes.h"
 
-#include "wpa/includes.h"
+#ifdef EAP_PEAP
 
-#include "wpa/common.h"
+#include "utils/common.h"
 #include "crypto/sha1.h"
-#include "wpa2/eap_peer/eap_peap_common.h"
+#include "eap_peer/eap_peap_common.h"
 
 int
 peap_prfplus(int version, const u8 *key, size_t key_len,

components/wpa_supplicant/src/wpa2/eap_peer/eap_tls.c → components/wpa_supplicant/src/eap_peer/eap_tls.c

@@ -5,17 +5,16 @@
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
  */
-#ifdef EAP_TLS
-
-#include "wpa/includes.h"
+#include "utils/includes.h"
 
-#include "wpa/common.h"
-#include "wpa2/tls/tls.h"
-#include "wpa2/eap_peer/eap_i.h"
-#include "wpa2/eap_peer/eap_defs.h"
-#include "wpa2/eap_peer/eap_tls_common.h"
-#include "wpa2/eap_peer/eap_config.h"
-#include "wpa2/eap_peer/eap_methods.h"
+#ifdef EAP_TLS
+#include "utils/common.h"
+#include "tls/tls.h"
+#include "eap_peer/eap_i.h"
+#include "eap_peer/eap_defs.h"
+#include "eap_peer/eap_tls_common.h"
+#include "eap_peer/eap_config.h"
+#include "eap_peer/eap_methods.h"
 
 struct eap_tls_data {
 	struct eap_ssl_data ssl;

components/wpa_supplicant/include/wpa2/eap_peer/eap_tls.h → components/wpa_supplicant/src/eap_peer/eap_tls.h

@@ -12,7 +12,7 @@
 #include "eap_i.h"
 #include "eap_common.h" 
 #include "eap.h" 
-#include "wpa/wpabuf.h" 
+#include "utils/wpabuf.h" 
 
 void * eap_tls_init(struct eap_sm *sm);
 void eap_tls_deinit(struct eap_sm *sm, void *priv);

components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c → components/wpa_supplicant/src/eap_peer/eap_tls_common.c

@@ -6,15 +6,15 @@
  * See README for more details.
  */
 
-#include "wpa/includes.h"
+#include "utils/includes.h"
 
-#include "wpa/common.h"
+#include "utils/common.h"
 #include "crypto/sha1.h"
-#include "wpa2/tls/tls.h"
-#include "wpa2/eap_peer/eap_i.h"
-#include "wpa2/eap_peer/eap_tls_common.h"
-#include "wpa2/eap_peer/eap_config.h"
-#include "wpa2/eap_peer/eap_methods.h"
+#include "tls/tls.h"
+#include "eap_peer/eap_i.h"
+#include "eap_peer/eap_tls_common.h"
+#include "eap_peer/eap_config.h"
+#include "eap_peer/eap_methods.h"
 
 static struct wpabuf * eap_tls_msg_alloc(EapType type, size_t payload_len,
 					 u8 code, u8 identifier)

components/wpa_supplicant/src/wpa2/eap_peer/eap_ttls.c → components/wpa_supplicant/src/eap_peer/eap_ttls.c

@@ -6,23 +6,20 @@
  * See README for more details.
  */
 
-#ifdef EAP_TTLS
-
-#include "wpa/includes.h"
+#include "utils/includes.h"
 
-#include "wpa/common.h"
+#ifdef EAP_TTLS
+#include "utils/common.h"
 #include "crypto/ms_funcs.h"
 #include "crypto/sha1.h"
-#include "wpa2/tls/tls.h"
-//#include "eap_common/chap.h"
-#include "wpa2/eap_peer/eap.h"
-#include "wpa2/eap_peer/eap_ttls.h"
-#include "wpa2/eap_peer/mschapv2.h"
-//#include "wpa2/eap_peer/chap.h"
-#include "wpa2/eap_peer/eap_i.h"
-#include "wpa2/eap_peer/eap_tls_common.h"
-#include "wpa2/eap_peer/eap_config.h"
-#include "wpa2/eap_peer/eap_methods.h"
+#include "tls/tls.h"
+#include "eap_peer/eap.h"
+#include "eap_peer/eap_ttls.h"
+#include "eap_peer/mschapv2.h"
+#include "eap_peer/eap_i.h"
+#include "eap_peer/eap_tls_common.h"
+#include "eap_peer/eap_config.h"
+#include "eap_peer/eap_methods.h"
 
 
 #define EAP_TTLS_VERSION 0
@@ -73,7 +70,6 @@ static void * eap_ttls_init(struct eap_sm *sm)
 {
 	struct eap_ttls_data *data;
 	struct eap_peer_config *config = eap_get_config(sm);
-	//char *selected;
 
 	data = (struct eap_ttls_data *)os_zalloc(sizeof(*data));
 	if (data == NULL)
@@ -83,7 +79,6 @@ static void * eap_ttls_init(struct eap_sm *sm)
 	
 /*	
     selected = "MSCHAPV2";
-	//TODO: Now only support EAP-TTLS/MSCHAPV2
 	if (config && config->phase2) {
 		if (os_strstr(config->phase2, "autheap=")) {
 			selected = "EAP";
@@ -187,32 +182,6 @@ static u8 * eap_ttls_avp_add(u8 *start, u8 *avphdr, u32 avp_code,
 	return pos;
 }
 
-#if 0
-static int eap_ttls_avp_encapsulate(struct wpabuf **resp, u32 avp_code,
-			 int mandatory)
-{
-	struct wpabuf *msg;
-	u8 *avp, *pos;
-
-	msg = wpabuf_alloc(sizeof(struct ttls_avp) + wpabuf_len(*resp) + 4);
-	if (msg == NULL) {
-		wpabuf_free(*resp);
-		*resp = NULL;
-		return -1;
-	}
-
-	avp = wpabuf_mhead(msg);
-	pos = eap_ttls_avp_hdr(avp, avp_code, 0, mandatory, wpabuf_len(*resp));
-	os_memcpy(pos, wpabuf_head(*resp), wpabuf_len(*resp));
-	pos += wpabuf_len(*resp);
-	AVP_PAD(avp, pos);
-	wpabuf_free(*resp);
-	wpabuf_put(msg, pos - avp);
-	*resp = msg;
-	return 0;
-}
-#endif
-
 static int eap_ttls_v0_derive_key(struct eap_sm *sm,
 		       struct eap_ttls_data *data)
 {
@@ -244,170 +213,6 @@ static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
 	return eap_peer_tls_derive_key(sm, &data->ssl, "ttls challenge", len);
 }
 
-#if 0
-static void eap_ttls_phase2_select_eap_method(struct eap_ttls_data *data,
-					      u8 method)
-{
-	size_t i;
-	for (i = 0; i < data->num_phase2_eap_types; i++) {
-		if (data->phase2_eap_types[i].vendor != EAP_VENDOR_IETF ||
-		    data->phase2_eap_types[i].method != method)
-			continue;
-
-		data->phase2_eap_type.vendor =
-			data->phase2_eap_types[i].vendor;
-		data->phase2_eap_type.method =
-			data->phase2_eap_types[i].method;
-		wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected "
-			  "Phase 2 EAP vendor %d method %d\n",
-			  data->phase2_eap_type.vendor,
-			  data->phase2_eap_type.method);
-		break;
-	}
-}
-
-static int eap_ttls_phase2_eap_process(struct eap_sm *sm,
-				       struct eap_ttls_data *data,
-				       struct eap_method_ret *ret,
-				       struct eap_hdr *hdr, size_t len,
-				       struct wpabuf **resp)
-{
-	struct wpabuf msg;
-	struct eap_method_ret iret;
-
-	os_memset(&iret, 0, sizeof(iret));
-	wpabuf_set(&msg, hdr, len);
-	*resp = data->phase2_method->process(sm, data->phase2_priv, &iret,
-					     &msg);
-	if ((iret.methodState == METHOD_DONE ||
-	     iret.methodState == METHOD_MAY_CONT) &&
-	    (iret.decision == DECISION_UNCOND_SUCC ||
-	     iret.decision == DECISION_COND_SUCC ||
-	     iret.decision == DECISION_FAIL)) {
-		ret->methodState = iret.methodState;
-		ret->decision = iret.decision;
-	}
-
-	return 0;
-}
-
-
-static int eap_ttls_phase2_request_eap_method(struct eap_sm *sm,
-					      struct eap_ttls_data *data,
-					      struct eap_method_ret *ret,
-					      struct eap_hdr *hdr, size_t len,
-					      u8 method, struct wpabuf **resp)
-{
-#ifdef EAP_TNC
-	if (data->tnc_started && data->phase2_method &&
-	    data->phase2_priv && method == EAP_TYPE_TNC &&
-	    data->phase2_eap_type.method == EAP_TYPE_TNC)
-		return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len,
-						   resp);
-
-	if (data->ready_for_tnc && !data->tnc_started &&
-	    method == EAP_TYPE_TNC) {
-		wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed "
-			  "EAP method\n");
-		data->tnc_started = 1;
-	}
-
-	if (data->tnc_started) {
-		if (data->phase2_eap_type.vendor != EAP_VENDOR_IETF ||
-		    data->phase2_eap_type.method == EAP_TYPE_TNC) {
-			wpa_printf(MSG_ERROR, "EAP-TTLS: Unexpected EAP "
-				  "type %d for TNC\n", method);
-			return -1;
-		}
-
-		data->phase2_eap_type.vendor = EAP_VENDOR_IETF;
-		data->phase2_eap_type.method = method;
-		wpa_printf(MSG_DEBUG, "EAP-TTLS: Selected "
-			  "Phase 2 EAP vendor %d method %d (TNC)\n",
-			  data->phase2_eap_type.vendor,
-			   data->phase2_eap_type.method);
-
-		if (data->phase2_type == EAP_TTLS_PHASE2_EAP)
-			eap_ttls_phase2_eap_deinit(sm, data);
-	}
-#endif /* EAP_TNC */
-
-	if (data->phase2_eap_type.vendor == EAP_VENDOR_IETF &&
-	    data->phase2_eap_type.method == EAP_TYPE_NONE)
-		eap_ttls_phase2_select_eap_method(data, method);
-
-	if (method != data->phase2_eap_type.method || method == EAP_TYPE_NONE)
-	{
-		return -1;
-		if (eap_peer_tls_phase2_nak(data->phase2_eap_types,
-					    data->num_phase2_eap_types,
-					    hdr, resp))
-			return -1;
-		return 0;
-
-	}
-
-	if (data->phase2_priv == NULL) {
-		data->phase2_method = eap_peer_get_eap_method(
-			EAP_VENDOR_IETF, method);
-		if (data->phase2_method) {
-			sm->init_phase2 = 1;
-			data->phase2_priv = data->phase2_method->init(sm);
-			sm->init_phase2 = 0;
-		}
-	}
-	if (data->phase2_priv == NULL || data->phase2_method == NULL) {
-		wpa_printf(MSG_ERROR, "EAP-TTLS: failed to initialize "
-			  "Phase 2 EAP method %d\n", method);
-		return -1;
-	}
-
-	return eap_ttls_phase2_eap_process(sm, data, ret, hdr, len, resp);
-}
-
-#if 0
-static int eap_ttls_phase2_request_eap(struct eap_sm *sm,
-				       struct eap_ttls_data *data,
-				       struct eap_method_ret *ret,
-				       struct eap_hdr *hdr,
-				       struct wpabuf **resp)
-{
-	size_t len = be_to_host16(hdr->length);
-	u8 *pos;
-	struct eap_peer_config *config = eap_get_config(sm);
-
-	if (len <= sizeof(struct eap_hdr)) {
-		wpa_printf(MSG_ERROR, "EAP-TTLS: too short "
-			  "Phase 2 request (len=%lu)\n", (unsigned long) len);
-		return -1;
-	}
-	pos = (u8 *) (hdr + 1);
-	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 EAP Request: type=%d\n", *pos);
-	switch (*pos) {
-	case EAP_TYPE_IDENTITY:
-		*resp = eap_sm_build_identity_resp(sm, hdr->identifier, 1);
-		break;
-	default:
-		if (eap_ttls_phase2_request_eap_method(sm, data, ret, hdr, len,
-						       *pos, resp) < 0)
-			return -1;
-		break;
-	}
-
-	if (*resp == NULL &&
-	    (config->pending_req_identity || config->pending_req_password ||
-	     config->pending_req_otp)) {
-		return 0;
-	}
-
-	if (*resp == NULL)
-		return -1;
-
-	return eap_ttls_avp_encapsulate(resp, RADIUS_ATTR_EAP_MESSAGE, 1);
-}
-#endif
-#endif
-
 static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
 				 struct eap_ttls_data *data,
 				 struct eap_method_ret *ret,
@@ -507,202 +312,6 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
 #endif /* EAP_MSCHAPv2 */
 }
 
-#if 0
-//only support MSCHAPv2
-static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
-					  struct eap_ttls_data *data,
-					  struct eap_method_ret *ret,
-					  struct wpabuf **resp)
-{
-	struct wpabuf *msg;
-	u8 *buf, *pos, *challenge;
-	const u8 *identity, *password;
-	size_t identity_len, password_len;
-	int pwhash;
-
-	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAP Request\n");
-
-	identity = eap_get_config_identity(sm, &identity_len);
-	password = eap_get_config_password2(sm, &password_len, &pwhash);
-	if (identity == NULL || password == NULL)
-		return -1;
-
-	msg = wpabuf_alloc(identity_len + 1000);
-	if (msg == NULL) {
-		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to allocate memory\n");
-		return -1;
-	}
-	pos = buf = wpabuf_mhead(msg);
-
-	// User-Name
-	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
-			       identity, identity_len);
-
-	// MS-CHAP-Challenge
-	challenge = eap_ttls_implicit_challenge(
-		sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
-	if (challenge == NULL) {
-		wpabuf_free(msg);
-		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive "
-			  "implicit challenge\n");
-		return -1;
-	}
-
-	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_MS_CHAP_CHALLENGE,
-			       RADIUS_VENDOR_ID_MICROSOFT, 1,
-			       challenge, EAP_TTLS_MSCHAP_CHALLENGE_LEN);
-
-	// MS-CHAP-Response
-	pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_RESPONSE,
-			       RADIUS_VENDOR_ID_MICROSOFT, 1,
-			       EAP_TTLS_MSCHAP_RESPONSE_LEN);
-	data->ident = challenge[EAP_TTLS_MSCHAP_CHALLENGE_LEN];
-	*pos++ = data->ident;
-	*pos++ = 1; // Flags: Use NT style passwords
-	os_memset(pos, 0, 24); // LM-Response
-	pos += 24;
-	if (pwhash) {
-		challenge_response(challenge, password, pos); // NT-Response
-	} else {
-		nt_challenge_response(challenge, password, password_len,
-				      pos); // NT-Response
-	}
-	pos += 24;
-	os_free(challenge);
-	AVP_PAD(buf, pos);
-
-	wpabuf_put(msg, pos - buf);
-	*resp = msg;
-
-	// EAP-TTLS/MSCHAP does not provide tunneled success
-	// notification, so assume that Phase2 succeeds.
-	ret->methodState = METHOD_DONE;
-	ret->decision = DECISION_COND_SUCC;
-
-	return 0;
-}
-
-
-static int eap_ttls_phase2_request_pap(struct eap_sm *sm,
-				       struct eap_ttls_data *data,
-				       struct eap_method_ret *ret,
-				       struct wpabuf **resp)
-{
-	struct wpabuf *msg;
-	u8 *buf, *pos;
-	size_t pad;
-	const u8 *identity, *password;
-	size_t identity_len, password_len;
-
-	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 PAP Request\n");
-
-	identity = eap_get_config_identity(sm, &identity_len);
-	password = eap_get_config_password(sm, &password_len);
-	if (identity == NULL || password == NULL)
-		return -1;
-
-	msg = wpabuf_alloc(identity_len + password_len + 100);
-	if (msg == NULL) {
-		wpa_printf(MSG_ERROR, "EAP-TTLS/PAP: Failed to allocate memory\n");
-		return -1;
-	}
-	pos = buf = wpabuf_mhead(msg);
-
-	// User-Name
-	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
-			       identity, identity_len);
-
-	// User-Password; in RADIUS, this is encrypted, but EAP-TTLS encrypts
-	// the data, so no separate encryption is used in the AVP itself.
-	// However, the password is padded to obfuscate its length.
-	pad = password_len == 0 ? 16 : (16 - (password_len & 15)) & 15;
-	pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_USER_PASSWORD, 0, 1,
-			       password_len + pad);
-	os_memcpy(pos, password, password_len);
-	pos += password_len;
-	os_memset(pos, 0, pad);
-	pos += pad;
-	AVP_PAD(buf, pos);
-
-	wpabuf_put(msg, pos - buf);
-	*resp = msg;
-
-	// EAP-TTLS/PAP does not provide tunneled success notification,
-	// so assume that Phase2 succeeds.
-	ret->methodState = METHOD_DONE;
-	ret->decision = DECISION_COND_SUCC;
-
-	return 0;
-}
-
-
-static int eap_ttls_phase2_request_chap(struct eap_sm *sm,
-					struct eap_ttls_data *data,
-					struct eap_method_ret *ret,
-					struct wpabuf **resp)
-{
-	struct wpabuf *msg;
-	u8 *buf, *pos, *challenge;
-	const u8 *identity, *password;
-	size_t identity_len, password_len;
-
-	wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 CHAP Request\n");
-
-	identity = eap_get_config_identity(sm, &identity_len);
-	password = eap_get_config_password(sm, &password_len);
-	if (identity == NULL || password == NULL)
-		return -1;
-
-	msg = wpabuf_alloc(identity_len + 1000);
-	if (msg == NULL) {
-		wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to allocate memory\n");
-		return -1;
-	}
-	pos = buf = wpabuf_mhead(msg);
-
-	// User-Name
-	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_USER_NAME, 0, 1,
-			       identity, identity_len);
-
-	// CHAP-Challenge
-	challenge = eap_ttls_implicit_challenge(
-		sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
-	if (challenge == NULL) {
-		wpabuf_free(msg);
-		wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive "
-			  "implicit challenge\n");
-		return -1;
-	}
-
-	pos = eap_ttls_avp_add(buf, pos, RADIUS_ATTR_CHAP_CHALLENGE, 0, 1,
-			       challenge, EAP_TTLS_CHAP_CHALLENGE_LEN);
-
-	// CHAP-Password
-	pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_CHAP_PASSWORD, 0, 1,
-			       1 + EAP_TTLS_CHAP_PASSWORD_LEN);
-	data->ident = challenge[EAP_TTLS_CHAP_CHALLENGE_LEN];
-	*pos++ = data->ident;
-
-	// MD5(Ident + Password + Challenge)
-	chap_md5(data->ident, password, password_len, challenge,
-		 EAP_TTLS_CHAP_CHALLENGE_LEN, pos);
-
-	pos += EAP_TTLS_CHAP_PASSWORD_LEN;
-	os_free(challenge);
-	AVP_PAD(buf, pos);
-
-	wpabuf_put(msg, pos - buf);
-	*resp = msg;
-
-	// EAP-TTLS/CHAP does not provide tunneled success
-	// notification, so assume that Phase2 succeeds.
-	ret->methodState = METHOD_DONE;
-	ret->decision = DECISION_COND_SUCC;
-
-	return 0;
-}
-#endif
-
 static int eap_ttls_phase2_request(struct eap_sm *sm,
 			struct eap_ttls_data *data,
 			struct eap_method_ret *ret,
@@ -745,9 +354,7 @@ static int eap_ttls_phase2_request(struct eap_sm *sm,
 	    phase2_type == EAP_TTLS_PHASE2_CHAP) {
 		if (eap_get_config_identity(sm, &len) == NULL) {
 			wpa_printf(MSG_ERROR, "EAP-TTLS: Identity not configured\n");
-			//eap_sm_request_identity(sm);
 			if (eap_get_config_password(sm, &len) == NULL);
-			//	eap_sm_request_password(sm);
             printf("[Debug] Return because no identity  EAP_TTLS_PHASE2_MSCHAPV2 EAP_TTLS_PHASE2_MSCHAP\n");
 			return 0;
 		}
@@ -755,7 +362,6 @@ static int eap_ttls_phase2_request(struct eap_sm *sm,
 		if (eap_get_config_password(sm, &len) == NULL) {
 			wpa_printf(MSG_ERROR, "EAP-TTLS: Password not configured\n"); 
 			printf("[Debug] Return because no password  EAP_TTLS_PHASE2_MSCHAPV2 EAP_TTLS_PHASE2_MSCHAP\n");
-			//eap_sm_request_password(sm);
 			return 0;
 		}
 	}
@@ -992,61 +598,6 @@ static int eap_ttls_encrypt_response(struct eap_sm *sm,
 	return 0;
 }
 
-#if 0
-static int eap_ttls_process_phase2_eap(struct eap_sm *sm,
-				       struct eap_ttls_data *data,
-				       struct eap_method_ret *ret,
-				       struct ttls_parse_avp *parse,
-				       struct wpabuf **resp)
-{
-	struct eap_hdr *hdr;
-	size_t len;
-
-	if (parse->eapdata == NULL) {
-		wpa_printf(MSG_ERROR, "EAP-TTLS: No EAP Message in the "
-			  "packet - dropped\n");
-		return -1;
-	}
-
-	hdr = (struct eap_hdr *) parse->eapdata;
-
-	if (parse->eap_len < sizeof(*hdr)) {
-		wpa_printf(MSG_ERROR, "EAP-TTLS: Too short Phase 2 EAP "
-			  "frame (len=%lu, expected %lu or more) - dropped\n",
-			  (unsigned long) parse->eap_len,
-			  (unsigned long) sizeof(*hdr));
-		return -1;
-	}
-	len = be_to_host16(hdr->length);
-	if (len > parse->eap_len) {
-		wpa_printf(MSG_ERROR, "EAP-TTLS: Length mismatch in Phase 2 "
-			  "EAP frame (EAP hdr len=%lu, EAP data len in "
-			  "AVP=%lu)\n",
-			  (unsigned long) len,
-			  (unsigned long) parse->eap_len);
-		return -1;
-	}
-	wpa_printf(MSG_DEBUG, "EAP-TTLS: received Phase 2: code=%d "
-		  "identifier=%d length=%lu\n",
-		  hdr->code, hdr->identifier, (unsigned long) len);
-	switch (hdr->code) {
-	case EAP_CODE_REQUEST:
-		if (eap_ttls_phase2_request(sm, data, ret, hdr, resp)) {
-			wpa_printf(MSG_ERROR, "EAP-TTLS: Phase2 Request "
-				  "processing failed\n");
-			return -1;
-		}
-		break;
-	default:
-		wpa_printf(MSG_ERROR, "EAP-TTLS: Unexpected code=%d in "
-			  "Phase 2 EAP header\n", hdr->code);
-		return -1;
-	}
-
-	return 0;
-}
-#endif
-
 static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
 				 struct eap_ttls_data *data,
 				 struct eap_method_ret *ret,
@@ -1149,7 +700,6 @@ static int eap_ttls_process_decrypted(struct eap_sm *sm,
 			   struct wpabuf **out_data)
 {
 	struct wpabuf *resp = NULL;
-	//struct eap_peer_config *config = eap_get_config(sm);
 	int res;
 	enum phase2_types phase2_type = data->phase2_type;
 
@@ -1242,7 +792,6 @@ static int eap_ttls_implicit_identity_request(struct eap_sm *sm,
 			  "processing failed\n");
 		retval = -1;
 	} else {
-		//struct eap_peer_config *config = eap_get_config(sm);
 		if (resp == NULL) {/* &&
 		    (config->pending_req_identity ||
 		     config->pending_req_password ||

components/wpa_supplicant/src/wpa2/eap_peer/mschapv2.c → components/wpa_supplicant/src/eap_peer/mschapv2.c

@@ -4,10 +4,10 @@
 
 #ifdef EAP_MSCHAPv2
 
-#include "wpa/includes.h"
-#include "wpa/common.h"
+#include "utils/includes.h"
+#include "utils/common.h"
 #include "crypto/ms_funcs.h"
-#include "wpa2/eap_peer/mschapv2.h"
+#include "eap_peer/mschapv2.h"
 
 const u8 * mschapv2_remove_domain(const u8 *username, size_t *len)
 {

components/wpa_supplicant/src/esp_supplicant/esp_hostap.c

@@ -0,0 +1,134 @@
+// Copyright 2019 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "crypto/sha1.h"
+#include "common/ieee802_11_defs.h"
+#include "common/eapol_common.h"
+#include "ap/wpa_auth.h"
+#include "ap/ap_config.h"
+#include "utils/wpa_debug.h"
+#include "ap/hostapd.h"
+#include "ap/wpa_auth_i.h"
+#include "esp_wifi_driver.h"
+#include "esp_wifi_types.h"
+
+void *hostap_init(void)
+{
+    struct wifi_ssid *ssid = esp_wifi_ap_get_prof_ap_ssid_internal();
+    struct hostapd_data *hapd = NULL;
+    struct wpa_auth_config *auth_conf;
+    u8 mac[6];
+
+    hapd = (struct hostapd_data *)os_zalloc(sizeof(struct hostapd_data));
+
+    if (hapd == NULL) {
+        return NULL;
+    }
+
+    hapd->conf = (struct hostapd_bss_config *)os_zalloc(sizeof(struct hostapd_bss_config));
+
+    if (hapd->conf == NULL) {
+        os_free(hapd);
+        return NULL;
+    }
+
+    auth_conf = (struct wpa_auth_config *)os_zalloc(sizeof(struct  wpa_auth_config));
+
+    if (auth_conf == NULL) {
+        os_free(hapd->conf);
+        os_free(hapd);
+        hapd = NULL;
+        return NULL;
+    }
+    if (esp_wifi_ap_get_prof_authmode_internal() == WIFI_AUTH_WPA_PSK) {
+        auth_conf->wpa = WPA_PROTO_WPA;
+    }
+    if (esp_wifi_ap_get_prof_authmode_internal() == WIFI_AUTH_WPA2_PSK) {
+        auth_conf->wpa = WPA_PROTO_RSN;
+    }
+    if (esp_wifi_ap_get_prof_authmode_internal() == WIFI_AUTH_WPA_WPA2_PSK) {
+        auth_conf->wpa = WPA_PROTO_RSN | WPA_PROTO_WPA;
+    }
+
+    auth_conf->wpa_group = WPA_CIPHER_TKIP;
+    auth_conf->wpa_pairwise = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP;
+    auth_conf->rsn_pairwise = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP;
+    auth_conf->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
+    auth_conf->eapol_version = EAPOL_VERSION;
+
+    memcpy(hapd->conf->ssid.ssid, ssid->ssid, ssid->len);
+    hapd->conf->ssid.ssid_len = ssid->len;
+    hapd->conf->ssid.wpa_passphrase = (char *)os_zalloc(64);
+    if (hapd->conf->ssid.wpa_passphrase == NULL) {
+        os_free(auth_conf);
+        os_free(hapd->conf);
+        os_free(hapd);
+        hapd = NULL;
+        return NULL;
+    }
+    memcpy(hapd->conf->ssid.wpa_passphrase, esp_wifi_ap_get_prof_password_internal(), strlen((char *)esp_wifi_ap_get_prof_password_internal()));
+
+    hapd->conf->ap_max_inactivity = 5 * 60;
+    hostapd_setup_wpa_psk(hapd->conf);
+
+    esp_wifi_get_macaddr_internal(WIFI_IF_AP, mac);
+
+    hapd->wpa_auth = wpa_init(mac, auth_conf, NULL);
+    esp_wifi_set_appie_internal(WIFI_APPIE_WPA, hapd->wpa_auth->wpa_ie, (uint16_t)hapd->wpa_auth->wpa_ie_len, 0); //michael ML
+    os_free(auth_conf);
+
+    return (void *)hapd;
+}
+
+bool hostap_deinit(void *data)
+{
+    struct hostapd_data *hapd = (struct hostapd_data *)data;
+
+    if (hapd == NULL) {
+        return true;
+    }
+
+    if (hapd->wpa_auth->wpa_ie != NULL) {
+        os_free(hapd->wpa_auth->wpa_ie);
+    }
+
+    if (hapd->wpa_auth->group != NULL) {
+        os_free(hapd->wpa_auth->group);
+    }
+
+    if (hapd->wpa_auth != NULL) {
+        os_free(hapd->wpa_auth);
+    }
+
+    if (hapd->conf->ssid.wpa_psk != NULL) {
+        os_free(hapd->conf->ssid.wpa_psk);
+    }
+
+    if (hapd->conf->ssid.wpa_passphrase != NULL) {
+        os_free(hapd->conf->ssid.wpa_passphrase);
+    }
+
+    if (hapd->conf != NULL) {
+        os_free(hapd->conf);
+    }
+
+    if (hapd != NULL) {
+        os_free(hapd);
+    }
+
+    return true;
+}

components/wpa_supplicant/src/esp_supplicant/esp_hostap.h

@@ -0,0 +1,21 @@
+// Copyright 2019 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef ESP_HOSTAP_H
+#define ESP_HOSTAP_H
+
+void *hostap_init(void);
+bool hostap_deinit(void *data);
+
+#endif /* ESP_HOSTAP_H */

components/wpa_supplicant/src/esp_supplicant/esp_wifi_driver.h

@@ -0,0 +1,220 @@
+// Copyright 2019 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef _ESP_WIFI_DRIVER_H_
+#define _ESP_WIFI_DRIVER_H_
+
+#include "esp_err.h"
+#include "esp_wifi.h"
+
+#if CONFIG_NEWLIB_NANO_FORMAT
+#define TASK_STACK_SIZE_ADD 0
+#else
+#define TASK_STACK_SIZE_ADD 512
+#endif
+
+#define WPA2_TASK_STACK_SIZE  (6144 + TASK_STACK_SIZE_ADD)
+#define WPS_TASK_STACK_SIZE  (12288 + TASK_STACK_SIZE_ADD)
+
+enum {
+    WIFI_WPA_ALG_NONE = 0,
+    WIFI_WPA_ALG_WEP40 = 1,
+    WIFI_WPA_ALG_TKIP = 2,
+    WIFI_WPA_ALG_CCMP = 3,
+    WIFI_WPA_ALG_WAPI = 4,
+    WIFI_WPA_ALG_WEP104 = 5,
+    WIFI_WPA_ALG_WEP,
+    WIFI_WPA_ALG_IGTK,
+    WIFI_WPA_ALG_PMK,
+    WIFI_WPA_ALG_GCMP
+};
+
+enum {
+    WIFI_APPIE_PROBEREQ = 0,
+    WIFI_APPIE_ASSOC_REQ,
+    WIFI_APPIE_ASSOC_RESP,
+    WIFI_APPIE_WPA,
+    WIFI_APPIE_RSN,
+    WIFI_APPIE_WPS_PR,
+    WIFI_APPIE_WPS_AR,
+    WIFI_APPIE_MESH_QUICK,
+    WIFI_APPIE_FREQ_ERROR,
+    WIFI_APPIE_ESP_MANUFACTOR,
+    WIFI_APPIE_COUNTRY,
+    WIFI_APPIE_MAX,
+};
+
+enum {
+    NONE_AUTH           = 0x01,
+    WPA_AUTH_UNSPEC     = 0x02,
+    WPA_AUTH_PSK        = 0x03,
+    WPA2_AUTH_ENT       = 0x04,
+    WPA2_AUTH_PSK       = 0x05,
+    WPA_AUTH_CCKM       = 0x06,
+    WPA2_AUTH_CCKM      = 0x07,
+    WPA2_AUTH_INVALID   = 0x08,
+};
+
+typedef enum {
+    WPA2_ENT_EAP_STATE_NOT_START,
+    WPA2_ENT_EAP_STATE_IN_PROGRESS,
+    WPA2_ENT_EAP_STATE_SUCCESS,
+    WPA2_ENT_EAP_STATE_FAIL,
+} wpa2_ent_eap_state_t;
+
+struct wifi_appie {
+    uint16_t   ie_len;
+    uint8_t    ie_data[];
+};
+
+struct wifi_ssid {
+    int len;
+    uint8_t ssid[32];
+};
+
+struct wps_scan_ie {
+    uint8_t    *bssid;
+    uint8_t    chan;
+    uint16_t   capinfo;
+    uint8_t    *ssid;
+    uint8_t    *wpa;
+    uint8_t    *rsn;
+    uint8_t    *wps;
+};
+
+typedef struct {
+    int proto;
+    int pairwise_cipher;
+    int group_cipher;
+    int key_mgmt;
+    int capabilities;
+    size_t num_pmkid;
+    const u8 *pmkid;
+    int mgmt_group_cipher;
+} wifi_wpa_ie_t;
+
+struct wpa_funcs {
+    void (*wpa_sta_init)(void);
+    bool (*wpa_sta_deinit)(void);
+    void (*wpa_sta_connect)(uint8_t *bssid);
+    int (*wpa_sta_rx_eapol)(u8 *src_addr, u8 *buf, u32 len);
+    bool (*wpa_sta_in_4way_handshake)(void);
+    void *(*wpa_ap_init)(void);
+    bool (*wpa_ap_deinit)(void *data);
+    bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len);
+    bool (*wpa_ap_remove)(void *sm);
+    uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len);
+    bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len);
+    char *(*wpa_config_parse_string)(const char *value, size_t *len);
+    int (*wpa_parse_wpa_ie)(const u8 *wpa_ie, size_t wpa_ie_len, wifi_wpa_ie_t *data);
+    int (*wpa_config_bss)(u8 *bssid);
+    int (*wpa_michael_mic_failure)(u16 is_unicast);
+};
+
+struct wpa2_funcs {
+    int  (*wpa2_sm_rx_eapol)(u8 *src_addr, u8 *buf, u32 len, u8 *bssid);
+    int  (*wpa2_start)(void);
+    u8   (*wpa2_get_state)(void);
+    int  (*wpa2_init)(void);
+    void (*wpa2_deinit)(void);
+};
+
+struct wps_funcs {
+    bool (*wps_parse_scan_result)(struct wps_scan_ie *scan);
+    int  (*wifi_station_wps_start)(void);
+    int  (*wps_sm_rx_eapol)(u8 *src_addr, u8 *buf, u32 len);
+    int  (*wps_start_pending)(void);
+};
+
+typedef esp_err_t (*wifi_wpa2_fn_t)(void *);
+typedef struct {
+    wifi_wpa2_fn_t   fn;
+    void    *param;
+} wifi_wpa2_param_t;
+
+#define IS_WPS_REGISTRAR(type) (((type)>WPS_TYPE_MAX)?(((type)<WPS_TYPE_MAX)?true:false):false)
+#define IS_WPS_ENROLLEE(type)  (((type)>WPS_TYPE_DISABLE)?(((type)<WPS_TYPE_MAX)?true:false):false)
+
+typedef enum wps_status {
+    WPS_STATUS_DISABLE = 0,
+    WPS_STATUS_SCANNING,
+    WPS_STATUS_PENDING,
+    WPS_STATUS_SUCCESS,
+    WPS_STATUS_MAX,
+} WPS_STATUS_t;
+
+#define WIFI_TXCB_EAPOL_ID  3
+typedef void(*wifi_tx_cb_t)(void *);
+typedef int (*wifi_ipc_fn_t)(void *);
+typedef struct {
+    wifi_ipc_fn_t fn;
+    void *arg;
+    uint32_t arg_size;
+} wifi_ipc_config_t;
+
+uint8_t *esp_wifi_ap_get_prof_pmk_internal(void);
+struct wifi_ssid *esp_wifi_ap_get_prof_ap_ssid_internal(void);
+uint8_t esp_wifi_ap_get_prof_authmode_internal(void);
+uint8_t esp_wifi_sta_get_prof_authmode_internal(void);
+uint8_t *esp_wifi_ap_get_prof_password_internal(void);
+uint8_t *esp_wifi_sta_get_prof_pmk_internal(void);
+struct wifi_ssid *esp_wifi_sta_get_prof_ssid_internal(void);
+uint8_t esp_wifi_sta_get_reset_param_internal(void);
+uint8_t esp_wifi_sta_get_pairwise_cipher_internal(void);
+uint8_t esp_wifi_sta_get_group_cipher_internal(void);
+bool esp_wifi_sta_prof_is_wpa_internal(void);
+int esp_wifi_get_macaddr_internal(uint8_t if_index, uint8_t *macaddr);
+int esp_wifi_set_appie_internal(uint8_t type, uint8_t *ie, uint16_t len, uint8_t flag);
+int esp_wifi_unset_appie_internal(uint8_t type);
+struct wifi_appie *esp_wifi_get_appie_internal(uint8_t type);
+void *esp_wifi_get_hostap_private_internal(void); //1
+uint8_t *esp_wifi_sta_get_prof_password_internal(void);
+void esp_wifi_deauthenticate_internal(u8 reason_code);
+bool esp_wifi_sta_is_running_internal(void);
+bool esp_wifi_auth_done_internal(void);
+int esp_wifi_set_ap_key_internal(int alg, const u8 *addr, int idx, u8 *key, size_t key_len);
+int esp_wifi_set_sta_key_internal(int alg, u8 *addr, int key_idx, int set_tx,
+                                  u8 *seq, size_t seq_len, u8 *key, size_t key_len, int key_entry_valid);
+int  esp_wifi_get_sta_key_internal(uint8_t *ifx, int *alg, u8 *addr, int *key_idx,
+                                   u8 *key, size_t key_len, int key_entry_valid);
+bool esp_wifi_wpa_ptk_init_done_internal(uint8_t *mac);
+uint8_t esp_wifi_sta_set_reset_param_internal(uint8_t reset_flag);
+uint8_t esp_wifi_get_sta_gtk_index_internal(void);
+void esp_wifi_set_sta_gtk_index_internal(u8 valid, u8 index);
+int esp_wifi_register_tx_cb_internal(wifi_tx_cb_t fn, u8 id);
+int esp_wifi_register_wpa_cb_internal(struct wpa_funcs *cb);
+int esp_wifi_unregister_wpa_cb_internal(void);
+int esp_wifi_get_assoc_bssid_internal(uint8_t *bssid);
+bool esp_wifi_sta_is_ap_notify_completed_rsne_internal(void);
+int esp_wifi_ap_deauth_internal(uint8_t *mac, uint32_t reason);
+int esp_wifi_ipc_internal(wifi_ipc_config_t *cfg, bool sync);
+int esp_wifi_register_wpa2_cb_internal(struct wpa2_funcs *cb);
+int esp_wifi_unregister_wpa2_cb_internal(void);
+bool esp_wifi_sta_prof_is_wpa2_internal(void);
+esp_err_t esp_wifi_sta_wpa2_ent_disable_internal(wifi_wpa2_param_t *param);
+esp_err_t esp_wifi_sta_wpa2_ent_enable_internal(wifi_wpa2_param_t *param);
+esp_err_t esp_wifi_set_wpa2_ent_state_internal(wpa2_ent_eap_state_t state);
+int esp_wifi_get_wps_type_internal(void);
+int esp_wifi_set_wps_type_internal(uint32_t type);
+int esp_wifi_get_wps_status_internal(void);
+int esp_wifi_set_wps_status_internal(uint32_t status);
+int esp_wifi_disarm_sta_connection_timer_internal(void);
+bool esp_wifi_get_sniffer_internal(void);
+int esp_wifi_set_wps_cb_internal(struct wps_funcs *wps_cb);
+bool esp_wifi_enable_sta_privacy_internal(void);
+uint8_t esp_wifi_get_user_init_flag_internal(void);
+esp_err_t esp_wifi_send_event_internal(system_event_t *evt);
+esp_err_t esp_wifi_internal_supplicant_header_md5_check(const char *md5);
+
+#endif /* _ESP_WIFI_DRIVER_H_ */