fix(nimble): Always read initial BAS level and forward HID report/control/protocol writes as HIDD events
Closes BLERP-2806
See merge request espressif/esp-idf!48598
feat(hal): add ECDSA, HMAC and Digital Signature support for esp32s31
Closes IDF-14623, IDF-14624, IDF-14621, and IDF-13062
See merge request espressif/esp-idf!48134
Enable ESP32-S31 in the USB device example build rules, supported
target tables, USB PHY pin mapping, and pytest target parametrization.
The target supports USB-OTG through its USB 2.0 PHY. Keep ESP32-S31
USB device tests marked as temporary CI skips until runners with the
usb_device tag are available.
security_cfg in wifi_nan_publish_cfg_t / wifi_nan_subscribe_cfg_t is a
large struct; pass it by pointer so callers don't bloat their cfg copy.
Driver deep-copies during publish/subscribe, so caller may free right
after the API returns. Add NULL-check when security_reqd is set.
Update both example apps to declare a local security_cfg and assign its
address. Add help text on EXAMPLE_NAN_SECURITY_ENABLED.
- Rename NAN_IPV6_ADDR_ID_LEN / IS_ZERO_NAN_ADDR_ID to ..._IPV6_IDENTIFIER
so the names no longer read like MAC-address constants; drop the
duplicate macro definition in esp_nan.h.
- Replace literal lengths with named macros: WIFI_OUI_LEN for
nan_vendor_ie_t.vendor_oui, and a new WIFI_MAC_ADDR_LEN (private)
applied to the NAN-related structs and callbacks in esp_private/wifi.h.
- Document each callback in struct nan_sync_callbacks and each helper
in struct nan_secure_dp_funcs: when fired / when invoked, what each
argument means, and the matching spec section where useful.
- Note in wifi_nan_datapath_req_t / wifi_nan_datapath_resp_t that they
cover the NCS-SK credential model only; pairing-based cipher suites
(NCS-PK-PASN) install per-peer ND-PMKs via a separate pairing API
without changing these structs. Record why per-NDP credential
injection at response time is not viable: the responder's PMKID
lookup happens at M1 receive time, before the indication event
surfaces to the host.
Replace scalar passphrase/PMK in wifi_nan_discovery_security_params_t
with wifi_nan_credential_t[N] array (cap 4) per Wi-Fi Aware v4.0
§9.5.21.4. Drop public PMKID array and service-level csid_bitmap.
Rename wifi_nan_datapath_security_params_t -> wifi_nan_security_params_t;
add wifi_nan_peer_sdf_security_t for multi-PMKID peer-RX. The
derive_security_params callback takes (svc_name, sec_cfg, out_derived[])
and runs once per credential on the WiFi task. Split nan_record_own_svc
into claim/finalize so the WiFi-task callback finds the pending slot
by name and mirrors derived material — no main-task PBKDF2.
nan_publisher / nan_subscriber demonstrate the secure NDP path:
publisher acts as the responder + UDP echo server, subscriber as the
initiator. Both support passphrase and pre-shared PMK modes via
menuconfig; PMK hex strings are decoded with the same helper on both
sides so endpoints derive matching PMKIDs.
