esp-mdf
esp-mdf copied to clipboard
espressif
Mwifi uses WPA instead of WPA2
Environment
- Development Kit: custom
- Core: ESP32S2 WROVER
- MDF version: cf50274
- Development Env: Visual Studio Code
- Operating System: Ubuntu
- Power Supply: external 5V
Problem Description
The component mwifi does not use WPA2 as AP authentication mode. It uses deprecated and insecure WPA as authentication mode. I do not know if this behavior is intended but I think it should use WPA2. mwifi_start() sets the mode automatically (see below). And you can't even set the authentication mode with mwifi_set_config(const mwifi_config_t *config).
Lines 518 - 523 of mwifi_start() in mwifi.c
...
if (strlen(ap_config->mesh_password)) {
memcpy(mesh_config.mesh_ap.password, ap_config->mesh_password, sizeof(mesh_config.mesh_ap.password));
ESP_ERROR_CHECK(esp_mesh_set_ap_authmode(WIFI_AUTH_WPA_PSK));
} else {
ESP_ERROR_CHECK(esp_mesh_set_ap_authmode(WIFI_AUTH_OPEN));
}
...
Code to reproduce this issue
This example shows that mwifi initializes esp_mesh with WPA and not WPA2. The MDF_LOG only prints "AP authmode is WPA"
static mdf_err_t event_loop_cb(mdf_event_loop_t event, void *ctx)
{
...
case MDF_EVENT_MWIFI_ROOT_GOT_IP: {
if(esp_mesh_get_ap_authmode() == WIFI_AUTH_WPA_PSK){
MDF_LOGW("AP authmode is WPA");
}
else if(esp_mesh_get_ap_authmode() == WIFI_AUTH_WPA2_PSK){
MDF_LOGI("AP authmode is WPA2");
}
break;
}
...
}
void app_main()
{
...
MDF_ERROR_ASSERT(mdf_event_loop_init(event_loop_cb));
...
mwifi_start();
...
}
Debug Logs
...
W (1161) [wpa_test, 42]: AP authmode is WPA
...
@IH303 Thank you very much for your feedback, the bottom layer of wifi mesh supports WIFI_AUTH_WPA2_PSK encryption. It's just that mdf currently has this definition dead. You can directly modify it as follows: ESP_ERROR_CHECK(esp_mesh_set_ap_authmode(WIFI_AUTH_WPA2_PSK));
It will be fixed later to configure the default, allowing users to choose the default.
