diff --git a/components/esp_wifi/Kconfig b/components/esp_wifi/Kconfig index 5815c7411b8..46efd65416b 100644 --- a/components/esp_wifi/Kconfig +++ b/components/esp_wifi/Kconfig @@ -925,19 +925,21 @@ menu "Wi-Fi" Select this option to enable/disable support for station connections to hidden APs using passive scan when the country policy is set to auto. - config ESP_WIFI_STA_RANDOM_MAC_ENABLED - bool "Station Mac-Randomization enabled" - default y + config ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED + bool "WiFi Privacy Enhancements enabled" + default n help - Select this option to enable Mac Randomization for Station + Select this option to enable WiFi Privacy Enhancements (enables random mac, + seq number, dialogue token number, vendor seq number cnt). + Supported on station interface only; softAP may be added in future. - config ESP_WIFI_STA_RANDOM_MAC_AUTO_RESET_INTERVAL - int "Station Mac-Randomization Auto-Reset Interval time" - depends on ESP_WIFI_STA_RANDOM_MAC_ENABLED + config ESP_WIFI_RMAC_AUTO_RESET_INTERVAL + int "Random MAC Auto-Reset Interval time" + depends on ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED range 1 24 default 12 help - Interval in hours to rotate the STA random MAC while not connected to an AP. + Interval in hours to rotate the random MAC while not connected to an AP. Values below 1 or above 24 are not allowed. endif # wifi enabled diff --git a/components/esp_wifi/include/esp_wifi.h b/components/esp_wifi/include/esp_wifi.h index a41baa55d43..5272a9b968b 100644 --- a/components/esp_wifi/include/esp_wifi.h +++ b/components/esp_wifi/include/esp_wifi.h @@ -120,8 +120,8 @@ typedef struct { int espnow_max_encrypt_num; /**< Maximum encrypt number of peers supported by espnow */ int tx_hetb_queue_num; /**< WiFi TX HE TB QUEUE number for STA HE TB PPDU transmission */ bool dump_hesigb_enable; /**< enable dump sigb field */ - bool sta_random_mac; /**< STA MAC randomization. Supported on station interface only; softAP may be added in future */ - uint8_t sta_rmac_auto_reset_int;/**< STA random MAC auto-reset interval in hours (1-24) while not connected */ + bool privacy_enhancements; /**< WiFi privacy enhancements (enables random mac, seq number, dialogue token number, vendor seq number cnt). Supported on station interface only; softAP may be added in future */ + uint8_t rmac_auto_reset_int; /**< Random MAC auto-reset interval in hours (1-24) while not connected */ int magic; /**< WiFi init magic number, it should be the last field */ } wifi_init_config_t; @@ -323,6 +323,18 @@ extern wifi_osi_funcs_t g_wifi_osi_funcs; WIFI_ENABLE_PASSIVE_HIDDEN_AP | \ WIFI_ENABLE_OWE_SOFTAP) +#if CONFIG_ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED +#define WIFI_PRIVACY_ENHANCEMENTS_ENABLED true +#else +#define WIFI_PRIVACY_ENHANCEMENTS_ENABLED false +#endif + +#ifdef CONFIG_ESP_WIFI_RMAC_AUTO_RESET_INTERVAL +#define WIFI_RMAC_AUTO_RESET_INTERVAL CONFIG_ESP_WIFI_RMAC_AUTO_RESET_INTERVAL +#else +#define WIFI_RMAC_AUTO_RESET_INTERVAL 0 +#endif + #define WIFI_INIT_CONFIG_DEFAULT() { \ .osi_funcs = &g_wifi_osi_funcs, \ .wpa_crypto_funcs = g_wifi_default_wpa_crypto_funcs, \ @@ -349,8 +361,8 @@ extern wifi_osi_funcs_t g_wifi_osi_funcs; .espnow_max_encrypt_num = CONFIG_ESP_WIFI_ESPNOW_MAX_ENCRYPT_NUM, \ .tx_hetb_queue_num = WIFI_TX_HETB_QUEUE_NUM, \ .dump_hesigb_enable = WIFI_DUMP_HESIGB_ENABLED, \ - .sta_random_mac = CONFIG_ESP_WIFI_STA_RANDOM_MAC_ENABLED, \ - .sta_rmac_auto_reset_int = CONFIG_ESP_WIFI_STA_RANDOM_MAC_AUTO_RESET_INTERVAL, \ + .privacy_enhancements = WIFI_PRIVACY_ENHANCEMENTS_ENABLED, \ + .rmac_auto_reset_int = WIFI_RMAC_AUTO_RESET_INTERVAL, \ .magic = WIFI_INIT_CONFIG_MAGIC\ } diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index b83b04d03d5..55636e0b8b4 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit b83b04d03d5645fcf063ef8a6101bf48cc2c38e6 +Subproject commit 55636e0b8b47f456d8e43ed8d027ccd1fa2e7af6 diff --git a/components/esp_wifi/remote/Kconfig.wifi.in b/components/esp_wifi/remote/Kconfig.wifi.in index 9b673b111e2..7a346c28072 100644 --- a/components/esp_wifi/remote/Kconfig.wifi.in +++ b/components/esp_wifi/remote/Kconfig.wifi.in @@ -904,19 +904,21 @@ config WIFI_RMT_PASSIVE_HIDDEN_AP_SUPPORT Select this option to enable/disable support for station connections to hidden APs using passive scan when the country policy is set to auto. -config WIFI_RMT_STA_RANDOM_MAC_ENABLED - bool "Station Mac-Randomization enabled" - default y +config WIFI_RMT_PRIVACY_ENHANCEMENTS_ENABLED + bool "WiFi Privacy Enhancements enabled" + default n help - Select this option to enable Mac Randomization for Station + Select this option to enable WiFi Privacy Enhancements (enables random mac, + seq number, dialogue token number, vendor seq number cnt). + Supported on station interface only; softAP may be added in future. -config WIFI_RMT_STA_RANDOM_MAC_AUTO_RESET_INTERVAL - int "Station Mac-Randomization Auto-Reset Interval time" - depends on WIFI_RMT_STA_RANDOM_MAC_ENABLED +config WIFI_RMT_RMAC_AUTO_RESET_INTERVAL + int "Random MAC Auto-Reset Interval time" + depends on WIFI_RMT_PRIVACY_ENHANCEMENTS_ENABLED range 1 24 default 12 help - Interval in hours to rotate the STA random MAC while not connected to an AP. + Interval in hours to rotate the random MAC while not connected to an AP. Values below 1 or above 24 are not allowed. if !ESP_WIFI_ENABLED diff --git a/components/esp_wifi/remote/Kconfig.wifi_is_remote.in b/components/esp_wifi/remote/Kconfig.wifi_is_remote.in index 2cf67211300..776101d1cd9 100644 --- a/components/esp_wifi/remote/Kconfig.wifi_is_remote.in +++ b/components/esp_wifi/remote/Kconfig.wifi_is_remote.in @@ -513,13 +513,13 @@ if WIFI_RMT_PASSIVE_HIDDEN_AP_SUPPORT default WIFI_RMT_PASSIVE_HIDDEN_AP_SUPPORT endif -if WIFI_RMT_STA_RANDOM_MAC_ENABLED - config ESP_WIFI_STA_RANDOM_MAC_ENABLED # ignore: multiple-definition +if WIFI_RMT_PRIVACY_ENHANCEMENTS_ENABLED + config ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED # ignore: multiple-definition bool - default WIFI_RMT_STA_RANDOM_MAC_ENABLED + default WIFI_RMT_PRIVACY_ENHANCEMENTS_ENABLED endif -config ESP_WIFI_STA_RANDOM_MAC_AUTO_RESET_INTERVAL # ignore: multiple-definition +config ESP_WIFI_RMAC_AUTO_RESET_INTERVAL # ignore: multiple-definition int - depends on WIFI_RMT_STA_RANDOM_MAC_ENABLED - default WIFI_RMT_STA_RANDOM_MAC_AUTO_RESET_INTERVAL + depends on WIFI_RMT_PRIVACY_ENHANCEMENTS_ENABLED + default WIFI_RMT_RMAC_AUTO_RESET_INTERVAL diff --git a/components/esp_wifi/remote/include/injected/esp_wifi.h b/components/esp_wifi/remote/include/injected/esp_wifi.h index 31d9d4212a3..cde9c975f96 100644 --- a/components/esp_wifi/remote/include/injected/esp_wifi.h +++ b/components/esp_wifi/remote/include/injected/esp_wifi.h @@ -120,8 +120,8 @@ typedef struct { int espnow_max_encrypt_num; /**< Maximum encrypt number of peers supported by espnow */ int tx_hetb_queue_num; /**< WiFi TX HE TB QUEUE number for STA HE TB PPDU transmission */ bool dump_hesigb_enable; /**< enable dump sigb field */ - bool sta_random_mac; /**< STA MAC randomization. Supported on station interface only; softAP may be added in future */ - uint8_t sta_rmac_auto_reset_int;/**< STA random MAC auto-reset interval in hours (1-24) while not connected */ + bool privacy_enhancements; /**< WiFi privacy enhancements (enables random mac, seq number, dialogue token number, vendor seq number cnt). Supported on station interface only; softAP may be added in future */ + uint8_t rmac_auto_reset_int; /**< Random MAC auto-reset interval in hours (1-24) while not connected */ int magic; /**< WiFi init magic number, it should be the last field */ } wifi_init_config_t; @@ -323,6 +323,18 @@ extern wifi_osi_funcs_t g_wifi_osi_funcs; WIFI_ENABLE_PASSIVE_HIDDEN_AP | \ WIFI_ENABLE_OWE_SOFTAP) +#if CONFIG_WIFI_RMT_PRIVACY_ENHANCEMENTS_ENABLED +#define WIFI_PRIVACY_ENHANCEMENTS_ENABLED true +#else +#define WIFI_PRIVACY_ENHANCEMENTS_ENABLED false +#endif + +#ifdef CONFIG_WIFI_RMT_RMAC_AUTO_RESET_INTERVAL +#define WIFI_RMAC_AUTO_RESET_INTERVAL CONFIG_WIFI_RMT_RMAC_AUTO_RESET_INTERVAL +#else +#define WIFI_RMAC_AUTO_RESET_INTERVAL 0 +#endif + #define WIFI_INIT_CONFIG_DEFAULT() { \ .osi_funcs = &g_wifi_osi_funcs, \ .wpa_crypto_funcs = g_wifi_default_wpa_crypto_funcs, \ @@ -349,8 +361,8 @@ extern wifi_osi_funcs_t g_wifi_osi_funcs; .espnow_max_encrypt_num = CONFIG_WIFI_RMT_ESPNOW_MAX_ENCRYPT_NUM, \ .tx_hetb_queue_num = WIFI_TX_HETB_QUEUE_NUM, \ .dump_hesigb_enable = WIFI_DUMP_HESIGB_ENABLED, \ - .sta_random_mac = CONFIG_WIFI_RMT_STA_RANDOM_MAC_ENABLED, \ - .sta_rmac_auto_reset_int = CONFIG_WIFI_RMT_STA_RANDOM_MAC_AUTO_RESET_INTERVAL, \ + .privacy_enhancements = WIFI_PRIVACY_ENHANCEMENTS_ENABLED, \ + .rmac_auto_reset_int = WIFI_RMAC_AUTO_RESET_INTERVAL, \ .magic = WIFI_INIT_CONFIG_MAGIC\ } diff --git a/components/esp_wifi/src/wifi_default.c b/components/esp_wifi/src/wifi_default.c index 6e711c256bc..66ed536ac8a 100644 --- a/components/esp_wifi/src/wifi_default.c +++ b/components/esp_wifi/src/wifi_default.c @@ -8,6 +8,7 @@ #include "esp_wifi.h" #include "esp_netif.h" #include "esp_log.h" +#include "esp_mac.h" #include "esp_private/wifi.h" #include "esp_wifi_netif.h" #include @@ -119,8 +120,8 @@ static void wifi_default_action_sta_connected(void *arg, esp_event_base_t base, } } -#if CONFIG_ESP_WIFI_STA_RANDOM_MAC_ENABLED - /* Sync netif MAC when STA random MAC was set internally by the Wi-Fi driver */ +#if CONFIG_ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED + /* Sync netif MAC when STA privacy-enhanced MAC was set internally by the Wi-Fi driver */ uint8_t mac[WIFI_MAC_ADDR_LEN]; esp_wifi_get_mac(WIFI_IF_STA, mac); esp_netif_set_mac(esp_netif, mac); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c index fbe510a7354..ab7c3449a71 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_dpp.c @@ -621,9 +621,9 @@ static void esp_dpp_rx_action(void *data, void *user_ctx) public_action->v.pa_gas_resp.status_code == 0) { if (!s_dpp_ctx.dpp_auth || - s_dpp_ctx.dpp_auth->gas_dialog_token < 0 || - public_action->v.pa_gas_resp.diag_token != - s_dpp_ctx.dpp_auth->gas_dialog_token) { + s_dpp_ctx.dpp_auth->gas_dialog_token < 0 || + public_action->v.pa_gas_resp.diag_token != + s_dpp_ctx.dpp_auth->gas_dialog_token) { wpa_printf(MSG_DEBUG, "DPP: GAS dialog token mismatch (rx=%u exp=%d) - drop", public_action->v.pa_gas_resp.diag_token, diff --git a/docs/en/api-guides/wifi-security.rst b/docs/en/api-guides/wifi-security.rst index b7a601957c8..ad3e3484391 100644 --- a/docs/en/api-guides/wifi-security.rst +++ b/docs/en/api-guides/wifi-security.rst @@ -172,35 +172,31 @@ For SoftAP mode: A configuration option :ref:`CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_SOFTAP` from menuconfig should be enabled and configuration parameter `authmode` from :cpp:type:`wifi_ap_config_t` should be set to ``WIFI_AUTH_OWE``. SoftAP does not support OWE Transition Mode; configure ``WIFI_AUTH_OWE`` only. -MAC Address Randomization +WiFi Privacy Enhancements -------------------------- -MAC addresses, used by devices to connect to Wi-Fi networks, can be captured and tracked because they are transmitted without encryption and due to their unique and static nature. {IDF_TARGET_NAME} supports the MAC randomization feature which enhances privacy by using a randomized MAC address, preventing devices from being consistently tracked when scanning or connecting to networks. +MAC addresses, used by devices to connect to Wi-Fi networks, can be captured and tracked because they are transmitted without encryption and due to their unique and static nature. {IDF_TARGET_NAME} supports the WiFi Privacy Enhancements feature which includes MAC randomization, sequence number randomization, diversity in GAS dialogue tokens and vendor sequence numbers. This prevents devices from being consistently tracked when scanning or connecting to networks. -To use this feature, enable configuration option :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_ENABLED` from menuconfig. +To use this feature, enable configuration option :ref:`CONFIG_ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED` from menuconfig. -{IDF_TARGET_NAME} also rotates the STA random MAC periodically while not connected, using menuconfig option :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_AUTO_RESET_INTERVAL` (valid range: 1 to 24 hours, default 12). +{IDF_TARGET_NAME} also rotates the STA random MAC periodically while not connected, using menuconfig option :ref:`CONFIG_ESP_WIFI_RMAC_AUTO_RESET_INTERVAL` (valid range: 1 to 24 hours, default 12). .. note:: - The :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_AUTO_RESET_INTERVAL` will only generate and set new random mac address when station is not connected to any AP. If the station is connected to any AP, the connection will not be interrupted and same random mac will be used. If the periodic auto-reset timer expires while the station is in the connected state, the timer will be armed/triggered at the next disconnect. + The :ref:`CONFIG_ESP_WIFI_RMAC_AUTO_RESET_INTERVAL` will only generate and set new random mac address when station is not connected to any AP. If the station is connected to any AP, the connection will not be interrupted and same random mac will be used. If the periodic auto-reset timer expires while the station is in the connected state, the timer will be armed/triggered at the next disconnect. - For every new connection request, new random mac will be generated and auto reset time interval will be reset if :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_ENABLED` is enabled. - - PMK caching is not supported when MAC randomization is enabled, as the device's identity changes with each connection attempt. - - MAC address randomization is not supported and will not work when Wi-Fi Mesh or ESP-NOW is enabled. + WiFi privacy enhancements are not supported and will not work when Wi-Fi Mesh or ESP-NOW is enabled. -{IDF_TARGET_NAME} supports MAC randomization while scanning when +{IDF_TARGET_NAME} supports privacy enhancements while scanning when - - enable configuration option :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_ENABLED` from menuconfig + - enable configuration option :ref:`CONFIG_ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED` from menuconfig - scan_type is :cpp:enumerator:`WIFI_SCAN_TYPE_ACTIVE` - station is not connected to any Access Point -{IDF_TARGET_NAME} supports MAC randomization while connecting when +{IDF_TARGET_NAME} supports privacy enhancements while connecting when - - enable configuration option :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_ENABLED` from menuconfig + - enable configuration option :ref:`CONFIG_ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED` from menuconfig - new wifi configuration is set using :cpp:func:`esp_wifi_set_config` diff --git a/docs/zh_CN/api-guides/wifi-security.rst b/docs/zh_CN/api-guides/wifi-security.rst index 54f4de881d7..0440986e3f9 100644 --- a/docs/zh_CN/api-guides/wifi-security.rst +++ b/docs/zh_CN/api-guides/wifi-security.rst @@ -172,35 +172,31 @@ SoftAP 模式: 需通过 menuconfig 启用配置选项 :ref:`CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_SOFTAP`,并将 :cpp:type:`wifi_ap_config_t` 中的配置参数 `authmode` 设置为 ``WIFI_AUTH_OWE``。SoftAP 不支持 OWE 过渡模式,请仅配置 ``WIFI_AUTH_OWE``。 -MAC 地址随机化 +Wi-Fi 隐私增强 -------------------------- -MAC 地址用于设备连接 Wi-Fi 网络。由于 MAC 地址具有唯一且静态的特点,并且在传输时未加密,因此可能会被捕获和追踪。{IDF_TARGET_NAME} 支持 MAC 地址随机化功能,通过使用随机 MAC 地址增强隐私保护,避免设备在扫描或连接网络时被持续追踪。 +MAC 地址用于设备连接 Wi-Fi 网络。由于 MAC 地址具有唯一且静态的特点,并且在传输时未加密,因此可能会被捕获和追踪。{IDF_TARGET_NAME} 支持 Wi-Fi 隐私增强功能,包括 MAC 地址随机化、序列号随机化、GAS 对话令牌多样化和厂商自定义序列号管理。这些功能通过增强隐私保护,避免设备在扫描或连接网络时被持续追踪。 -要使用此功能,请在 menuconfig 中启用配置选项 :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_ENABLED`。 +要使用此功能,请在 menuconfig 中启用配置选项 :ref:`CONFIG_ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED`。 -{IDF_TARGET_NAME} 还会在未连接网络时,定期自动重置 station 的随机 MAC 地址。重置周期通过 menuconfig 中的 :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_AUTO_RESET_INTERVAL` 选项配置(有效范围:1 至 24 小时,默认值为 12 小时)。 +{IDF_TARGET_NAME} 还会在未连接网络时,定期自动重置随机 MAC 地址。重置周期通过 menuconfig 中的 :ref:`CONFIG_ESP_WIFI_RMAC_AUTO_RESET_INTERVAL` 选项配置(有效范围:1 至 24 小时,默认值为 12 小时)。 .. note:: - 仅当 station 未连接到任何 AP 时,:ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_AUTO_RESET_INTERVAL` 才会生成并设置新的随机 MAC 地址。如果 station 已连接到 AP,则不会中断连接,并会继续使用相同的随机 MAC 地址。如果定期自动重置定时器在 station 处于连接状态时超时,定时器将在下一次断开连接时被重新装载或触发。 + 仅当 station 未连接到任何 AP 时,:ref:`CONFIG_ESP_WIFI_RMAC_AUTO_RESET_INTERVAL` 才会生成并设置新的随机 MAC 地址。如果 station 已连接到 AP,则不会中断连接,并会继续使用相同的随机 MAC 地址。如果定期自动重置定时器在 station 处于连接状态时超时,定时器将在下一次断开连接时被重新装载或触发。 - 如果启用了 :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_ENABLED`,每次发起新的连接请求时都会生成新的随机 MAC 地址,并重置自动重置时间间隔。 - - 启用 MAC 地址随机化后,不支持 PMK 缓存,因为设备身份会随每次连接尝试而变化。 - - 在启用 Wi-Fi Mesh 或 ESP-NOW 时,不支持且无法使用 MAC 地址随机化功能。 + 在启用 Wi-Fi Mesh 或 ESP-NOW 时,不支持且无法使用 Wi-Fi 隐私增强功能。 -{IDF_TARGET_NAME} 在满足以下条件时支持扫描过程中的 MAC 地址随机化: +{IDF_TARGET_NAME} 在满足以下条件时支持扫描过程中的隐私增强: - - 在 menuconfig 中启用配置选项 :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_ENABLED` + - 在 menuconfig 中启用配置选项 :ref:`CONFIG_ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED` - 扫描类型为 :cpp:enumerator:`WIFI_SCAN_TYPE_ACTIVE` - station 未连接到任何 AP -{IDF_TARGET_NAME} 在满足以下条件时支持连接过程中的 MAC 地址随机化: +{IDF_TARGET_NAME} 在满足以下条件时支持连接过程中的隐私增强: - - 在 menuconfig 中启用配置选项 :ref:`CONFIG_ESP_WIFI_STA_RANDOM_MAC_ENABLED` + - 在 menuconfig 中启用配置选项 :ref:`CONFIG_ESP_WIFI_PRIVACY_ENHANCEMENTS_ENABLED` - 使用 :cpp:func:`esp_wifi_set_config` 设置新的 Wi-Fi 配置