WiFi Scan WPA2-EAP Authentication reported as WIFI_AUTH_OPEN (IDFGH-9885)

aquaticus commented 1 year ago

Answers checklist.

[X] I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
[X] I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
[X] I have searched the issue tracker for a similar issue and not found a similar issue.

IDF version.

v5.1-dev-4557-gf404fe96b1

Operating System used.

Linux

How did you build your project?

Command line with idf.py

If you are using Windows, please specify command line type.

None

Development Kit.

Custom Board

Power Supply used.

USB

What is the expected behavior?

When using WPA2-EAP authentication method is used and router enables 802.11w Management Frame Protection, WiFi scan reports network as WIFI_AUTH_WPA2_ENTERPRISE.

After call to esp_wifi_scan_get_ap_records() wifi_auth_mode_t member of wifi_ap_record_t should be set to WIFI_AUTH_WPA2_ENTERPRISE.

What is the actual behavior?

Instead WiFi scan authomode for the network is WIFI_AUTH_OPEN.

After call to esp_wifi_scan_get_ap_records() wifi_auth_mode_t member of wifi_ap_record_t is incorrectly set to WIFI_AUTH_OPEN.

Steps to reproduce.

On router set authentication method to WPA2-EAP
On router set 802.11w Management Frame Protection as Required or Optional
Compile and flash WiFi example scan (https://github.com/espressif/esp-idf/tree/master/examples/wifi/scan)
Check the output of the sample

Debug Logs.

I (3297) scan: SSID             test
I (3297) scan: RSSI             -43
I (3297) scan: Authmode         WIFI_AUTH_OPEN
I (3307) scan: Pairwise Cipher  WIFI_CIPHER_TYPE_CCMP
I (3307) scan: Group Cipher     WIFI_CIPHER_TYPE_CCMP
I (3317) scan: Channel          13

More Information.

The issue was recreated on:

IDF v4.4.4
IDF v5.0.1
IDF latest master

Chips: ESP32 and ESP32-C3

NOTES:

Using WPA3-EAP gives the same results
When WPA2-PSK is used Authmode is reported correctly with 802.11w frame protection
Other WiFi clients e.g. Linux, Windows, phones report auth mode properly for the same network
Test router used: OpenWrt 22.03.3 r20028-43d71ad93e; radio chipset: Qualcomm Atheros QCA9560 802.11bgn

Output from nmcli dev wifi on Linux for the same network (proper WPA2 802.1X)

test                           Infra  13    195 Mbit/s  100     ▂▄▆█  WPA2 802.1X

jgujarathi commented 1 year ago

Hi @aquaticus , We have tried the mentioned steps with an AP configured similarly as yours and cannot seem to reproduce the same result. Could you please provide a sniffer capture which include the beacons of the AP you are facing the issue with?

I (3420) scan: SSID jash_wpa2_ent I (3420) scan: RSSI -25 I (3420) scan: Authmode WIFI_AUTH_WPA2_ENTERPRISE I (3430) scan: Pairwise Cipher WIFI_CIPHER_TYPE_CCMP I (3430) scan: Group Cipher WIFI_CIPHER_TYPE_CCMP I (3440) scan: Channel 11

aquaticus commented 1 year ago

@jgujarathi Please find attached beacon pcap dump (unzip file). mng_frame_enabled_beacon.zip