Merge branch 'fix/config_param_gtk_rekeying' into 'master'

Jiang Jiang Jian · Jiang Jiang Jian · commit 4b6b9c0ec829 · 2025-05-21T15:52:44.000+08:00
Add config param for gtk rekeying on softAP side

Closes WIFI-4897

See merge request espressif/esp-idf!38383
diff --git a/components/esp_wifi/include/esp_wifi_types_generic.h b/components/esp_wifi/include/esp_wifi_types_generic.h
@@ -539,6 +539,7 @@ typedef struct {
     uint8_t transition_disable;               /**< Whether to enable transition disable feature */
     uint8_t sae_ext;                          /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */
     wifi_bss_max_idle_config_t bss_max_idle_cfg;  /**< Configuration for bss max idle, effective if CONFIG_WIFI_BSS_MAX_IDLE_SUPPORT is enabled */
+    uint16_t gtk_rekey_interval;              /**< GTK rekeying interval in seconds. If set to 0, GTK rekeying is disabled. Range: 60 ~ 65535 including 0. */
 } wifi_ap_config_t;
 
 #define SAE_H2E_IDENTIFIER_LEN 32    /**< Length of the password identifier for H2E */
diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib
@@ -1 +1 @@
-Subproject commit 0a6b4ae17b00566fd45aae10696e2f728e63e245
+Subproject commit 265486dd52fa72c9dbb2ebf60091f81d4b4f783d
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c
@@ -84,6 +84,12 @@ void *hostap_init(void)
 
     hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP);
     auth_conf->sae_pwe = hapd->conf->sae_pwe;
+    auth_conf->wpa_group_rekey = esp_wifi_ap_get_gtk_rekeying_config_internal();
+#define MIN_GTK_REKEYING_INTERVAL 60
+    if (auth_conf->wpa_group_rekey && auth_conf->wpa_group_rekey < MIN_GTK_REKEYING_INTERVAL) {
+        auth_conf->wpa_group_rekey = MIN_GTK_REKEYING_INTERVAL;
+    }
+#undef MIN_GTK_REKEYING_INTERVAL
 
     authmode = esp_wifi_ap_get_prof_authmode_internal();
     if (authmode_has_wpa(authmode)) {
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h
@@ -285,6 +285,7 @@ esp_err_t esp_wifi_register_mgmt_frame_internal(uint32_t type, uint32_t subtype)
 esp_err_t esp_wifi_send_mgmt_frm_internal(const wifi_mgmt_frm_req_t *req);
 uint8_t esp_wifi_ap_get_prof_pairwise_cipher_internal(void);
 uint8_t esp_wifi_ap_get_sae_ext_config_internal(void);
+uint16_t esp_wifi_ap_get_gtk_rekeying_config_internal(void);
 bool esp_wifi_is_mbo_enabled_internal(uint8_t if_index);
 void esp_wifi_get_pmf_config_internal(wifi_pmf_config_t *pmf_cfg, uint8_t ifx);
 bool esp_wifi_is_ft_enabled_internal(uint8_t if_index);
diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c
@@ -211,6 +211,16 @@ int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
               int (*cb)(struct wpa_state_machine *sm, void *ctx),
               void *cb_ctx)
 {
+    struct hostapd_data *hapd = hostapd_get_hapd_data();
+    struct sta_info *sta;
+
+    if (hapd == NULL)
+        return 1;
+
+    for (sta = hapd->sta_list; sta; sta = sta->next) {
+         if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
+             return 1;
+    }
     return 0;
 }
 
@@ -397,6 +407,11 @@ struct wpa_authenticator * wpa_init(const u8 *addr,
         return NULL;
     }
 
+    if (wpa_auth->conf.wpa_group_rekey) {
+        eloop_register_timeout(wpa_auth->conf.wpa_group_rekey,
+                       0, wpa_rekey_gtk, wpa_auth, NULL);
+    }
+
 #ifdef CONFIG_IEEE80211R_AP
     wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init();
     if (wpa_auth->ft_pmk_cache == NULL) {
@@ -2565,6 +2580,7 @@ static int wpa_sm_step(struct wpa_state_machine *sm)
 void wpa_deinit(struct wpa_authenticator *wpa_auth)
 {
     struct wpa_group *group, *prev;
+    eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
 	pmksa_cache_auth_deinit(wpa_auth->pmksa);
     if (wpa_auth->wpa_ie != NULL) {
         os_free(wpa_auth->wpa_ie);
diff --git a/examples/wifi/getting_started/softAP/main/Kconfig.projbuild b/examples/wifi/getting_started/softAP/main/Kconfig.projbuild
@@ -23,4 +23,18 @@ menu "Example Configuration"
         default 4
         help
             Max number of the STA connects to AP.
+
+    config ESP_GTK_REKEYING_ENABLE
+        bool "Enable GTK Rekeying"
+        default y
+        help
+            Flag to enable GTK rekeying.
+
+    config ESP_GTK_REKEY_INTERVAL
+        int "GTK rekey interval"
+        depends on ESP_GTK_REKEYING_ENABLE
+        range 60 65535
+        default 600
+        help
+            GTK rekeying interval in seconds.
 endmenu
diff --git a/examples/wifi/getting_started/softAP/main/softap_example_main.c b/examples/wifi/getting_started/softAP/main/softap_example_main.c
@@ -28,6 +28,12 @@
 #define EXAMPLE_ESP_WIFI_CHANNEL   CONFIG_ESP_WIFI_CHANNEL
 #define EXAMPLE_MAX_STA_CONN       CONFIG_ESP_MAX_STA_CONN
 
+#if CONFIG_ESP_GTK_REKEYING_ENABLE
+#define EXAMPLE_GTK_REKEY_INTERVAL CONFIG_ESP_GTK_REKEY_INTERVAL
+#else
+#define EXAMPLE_GTK_REKEY_INTERVAL 0
+#endif
+
 static const char *TAG = "wifi softAP";
 
 static void wifi_event_handler(void* arg, esp_event_base_t event_base,
@@ -81,6 +87,7 @@ void wifi_init_softap(void)
                 .protected_keep_alive = 1,
             },
 #endif
+            .gtk_rekey_interval = EXAMPLE_GTK_REKEY_INTERVAL,
         },
     };
     if (strlen(EXAMPLE_ESP_WIFI_PASS) == 0) {
