net: wifi: add SAE extended key security type support

Add WPA3 SAE extended key security type support in
L2 wifi mgmt and hostap.

Signed-off-by: Fengming Ye <frank.ye@nxp.com>
This commit is contained in:
Fengming Ye 2025-02-06 18:14:44 +09:00 committed by Benjamin Cabé
commit 54ef1b54d1
4 changed files with 24 additions and 10 deletions

View file

@ -84,6 +84,8 @@ enum wifi_security_type {
WIFI_SECURITY_TYPE_FT_EAP,
/** FT-EAP-SHA384 security */
WIFI_SECURITY_TYPE_FT_EAP_SHA384,
/** SAE Extended key (uses group-dependent hashing) */
WIFI_SECURITY_TYPE_SAE_EXT_KEY,
/** @cond INTERNAL_HIDDEN */
__WIFI_SECURITY_TYPE_AFTER_LAST,

View file

@ -464,6 +464,8 @@ static inline enum wifi_security_type wpas_key_mgmt_to_zephyr(bool is_hapd,
return WIFI_SECURITY_TYPE_FT_EAP;
case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
return WIFI_SECURITY_TYPE_FT_EAP_SHA384;
case WPA_KEY_MGMT_SAE_EXT_KEY:
return WIFI_SECURITY_TYPE_SAE_EXT_KEY;
default:
return WIFI_SECURITY_TYPE_UNKNOWN;
}
@ -1022,7 +1024,8 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s,
if (params->security == WIFI_SECURITY_TYPE_SAE_HNP ||
params->security == WIFI_SECURITY_TYPE_SAE_H2E ||
params->security == WIFI_SECURITY_TYPE_SAE_AUTO) {
params->security == WIFI_SECURITY_TYPE_SAE_AUTO ||
params->security == WIFI_SECURITY_TYPE_SAE_EXT_KEY) {
if (params->sae_password) {
if ((params->sae_password_length < WIFI_PSK_MIN_LEN) ||
(params->sae_password_length > WIFI_SAE_PSWD_MAX_LEN)) {
@ -1045,19 +1048,26 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s,
}
}
if (!wpa_cli_cmd_v("set sae_pwe %d",
(params->security == WIFI_SECURITY_TYPE_SAE_H2E)
? 1
: ((params->security == WIFI_SECURITY_TYPE_SAE_AUTO)
? 2
: 0))) {
: ((params->security == WIFI_SECURITY_TYPE_SAE_HNP)
? 0
: 2))) {
goto out;
}
if (!wpa_cli_cmd_v("set_network %d key_mgmt SAE%s", resp.network_id,
params->ft_used ? " FT-SAE" : "")) {
goto out;
if (params->security != WIFI_SECURITY_TYPE_SAE_EXT_KEY) {
if (!wpa_cli_cmd_v("set_network %d key_mgmt SAE%s", resp.network_id,
params->ft_used ? " FT-SAE" : "")) {
goto out;
}
} else {
if (!wpa_cli_cmd_v("set_network %d key_mgmt SAE-EXT-KEY%s",
resp.network_id,
params->ft_used ? " FT-SAE-EXT-KEY" : "")) {
goto out;
}
}
} else if (params->security == WIFI_SECURITY_TYPE_PSK_SHA256) {
if (!wpa_cli_cmd_v("set_network %d psk \"%s\"",

View file

@ -91,6 +91,8 @@ const char *wifi_security_txt(enum wifi_security_type security)
return "FT-EAP";
case WIFI_SECURITY_TYPE_FT_EAP_SHA384:
return "FT-EAP-SHA384";
case WIFI_SECURITY_TYPE_SAE_EXT_KEY:
return "WPA3-SAE-EXT-KEY";
case WIFI_SECURITY_TYPE_UNKNOWN:
default:
return "UNKNOWN";

View file

@ -3436,7 +3436,7 @@ SHELL_STATIC_SUBCMD_SET_CREATE(
"0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE-HNP, 4:SAE-H2E, 5:SAE-AUTO, 6:WAPI,"
"7:EAP-TLS, 8:WEP, 9: WPA-PSK, 10: WPA-Auto-Personal, 11: DPP\n"
"12: EAP-PEAP-MSCHAPv2, 13: EAP-PEAP-GTC, 14: EAP-TTLS-MSCHAPv2,\n"
"15: EAP-PEAP-TLS\n"
"15: EAP-PEAP-TLS, 20: SAE-EXT-KEY\n"
"-w --ieee-80211w=<MFP> (optional: needs security type to be specified)\n"
"0:Disable, 1:Optional, 2:Required\n"
"-b --band=<band> (2 -2.6GHz, 5 - 5Ghz, 6 - 6GHz)\n"
@ -3681,7 +3681,7 @@ SHELL_SUBCMD_ADD((wifi), connect, NULL,
"0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE-HNP, 4:SAE-H2E, 5:SAE-AUTO, 6:WAPI,"
"7:EAP-TLS, 8:WEP, 9: WPA-PSK, 10: WPA-Auto-Personal, 11: DPP\n"
"12: EAP-PEAP-MSCHAPv2, 13: EAP-PEAP-GTC, 14: EAP-TTLS-MSCHAPv2,\n"
"15: EAP-PEAP-TLS\n"
"15: EAP-PEAP-TLS, 20: SAE-EXT-KEY\n"
"[-w, --ieee-80211w]: MFP (optional: needs security type to be specified)\n"
": 0:Disable, 1:Optional, 2:Required.\n"
"[-m, --bssid]: MAC address of the AP (BSSID).\n"