Skip to content

Feature: Support WPA3/SAE and PMF configuration for modern hotspots (#111) #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dfry-lhzn wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Feature: Support WPA3/SAE and PMF configuration for modern hotspots (#111) #113

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b697c0f
Add optional WPA3/PMF configuration parameters for Station mode (#111)
dfry-lhzn May 19, 2026
9713735
Add debug logging for PMF configuration
dfry-lhzn May 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion LoggerFirmware/include/Configuration.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,8 @@ class Config {
CONFIG_UPLOAD_INTERVAL_S,/* String: interval (seconds) between upload attempts */
CONFIG_UPLOAD_DURATION_S,/* String: duration (seconds) for each upload event */
CONFIG_UPLOAD_CERT_S, /* String: certificate to pass to upload server for authentication */
CONFIG_MDNS_NAME_S /* String: recognition name for mDNS responder (hostname: name.local) */
CONFIG_MDNS_NAME_S, /* String: recognition name for mDNS responder (hostname: name.local) */
CONFIG_REQUIRE_PMF_S /* String: Require PMF for WPA3 connections (true/false) */
};

/// \brief Extract a configuration string for the specified parameter
Expand Down
3 changes: 2 additions & 1 deletion LoggerFirmware/src/Configuration.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,8 @@ const String lookup[] = {
"UploadInterval", ///< Interval (seconds) between upload attempts
"UploadDuration", ///< Time (seconds) for upload activity before diverting back to other efforts
"UploadCert", ///< Certificate to pass to the upload server for TLS
"mDNSName"
"mDNSName",
"RequirePMF" ///< Require PMF for WPA3 (string)
};

/// Default constructor. This sets up for a dummy parameter store, which is configured
Expand Down
24 changes: 24 additions & 0 deletions LoggerFirmware/src/WiFiAdapter.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
#include <WiFiAP.h>
#include <ESPmDNS.h>
#include <WebServer.h>
#include <esp_wifi.h>
#include <WifiClient.h>
#include <LittleFS.h>
#include <ESP32-targz.h>
Expand Down Expand Up @@ -322,6 +323,29 @@ class ConnectionStateMachine {
Serial.print("ERR: attempting to join a WiFi network as a station without a specified SSID\n");
return false;
}

// Configure WPA3/PMF fallback & parameters for modern hotspots
WiFi.mode(WIFI_STA);
wifi_config_t conf;
esp_wifi_get_config(WIFI_IF_STA, &conf);

bool require_pmf = false;
String require_pmf_str;
if (logger::LoggerConfig.GetConfigString(logger::Config::ConfigParam::CONFIG_REQUIRE_PMF_S, require_pmf_str)) {
require_pmf = require_pmf_str.equalsIgnoreCase("true") || require_pmf_str == "1";
}

if (m_verbose) {
Serial.printf("DBG: WPA3 PMF configured as %s\n", require_pmf ? "REQUIRED" : "CAPABLE-ONLY");
}

conf.sta.pmf_cfg.capable = true;
conf.sta.pmf_cfg.required = require_pmf;
#ifdef WPA3_SAE_PWE_BOTH
conf.sta.sae_pwe_h2e = WPA3_SAE_PWE_BOTH;
#endif
esp_wifi_set_config(WIFI_IF_STA, &conf);

wl_status_t status = WiFi.begin(ssid.c_str(), password.c_str());
WiFi.setSleep(false);
m_lastConnectAttempt = millis();
Expand Down