adafruit-mirror/zephyr
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 9

net: l2: wifi: remove EAP TLS SHA256 security

Browse source 
Remove EAP TLS SHA256 security, as it was added to support the AKM
of 00-0F-AC:5 in RSN IE, but actually this AKM is used by WPA3
enterprise only mode.

Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
This commit is contained in:
Maochen Wang 2024-12-27 15:38:46 +08:00 committed by Benjamin Cabé
parent 820f0ae15b
commit 4777dfaa28
4 changed files with 5 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/zephyr/net/wifi.h
View file

@ -76,8 +76,6 @@ enum wifi_security_type {
WIFI_SECURITY_TYPE_EAP_TTLS_MSCHAPV2,
/** EAP PEAP security - Enterprise. */
WIFI_SECURITY_TYPE_EAP_PEAP_TLS,
/** EAP TLS SHA256 security - Enterprise. */
WIFI_SECURITY_TYPE_EAP_TLS_SHA256,
/** FT-PSK security */
WIFI_SECURITY_TYPE_FT_PSK,
/** FT-SAE security */

8
modules/hostap/src/supp_api.c
View file

@ -481,7 +481,6 @@ static struct wifi_eap_config eap_config[] = {
"auth=MSCHAPV2"},
{WIFI_SECURITY_TYPE_EAP_PEAP_TLS, WIFI_EAP_TYPE_PEAP, WIFI_EAP_TYPE_TLS, "PEAP",
"auth=TLS"},
{WIFI_SECURITY_TYPE_EAP_TLS_SHA256, WIFI_EAP_TYPE_TLS, WIFI_EAP_TYPE_NONE, "TLS", NULL},
};
int process_cipher_config(struct wifi_connect_req_params *params,
@ -517,10 +516,6 @@ int process_cipher_config(struct wifi_connect_req_params *params,
}
}
if (params->security == WIFI_SECURITY_TYPE_EAP_TLS_SHA256) {
cipher_config->key_mgmt = "WPA-EAP-SHA256";
}
for (index = 0; index < ARRAY_SIZE(ciphers); index++) {
if (cipher_capa == ciphers[index].capa) {
cipher_config->group_cipher = ciphers[index].name;
@ -557,8 +552,7 @@ static int is_eap_valid_security(int security)
security == WIFI_SECURITY_TYPE_EAP_PEAP_MSCHAPV2 ||
security == WIFI_SECURITY_TYPE_EAP_PEAP_GTC ||
security == WIFI_SECURITY_TYPE_EAP_TTLS_MSCHAPV2 ||
security == WIFI_SECURITY_TYPE_EAP_PEAP_TLS ||
security == WIFI_SECURITY_TYPE_EAP_TLS_SHA256);
security == WIFI_SECURITY_TYPE_EAP_PEAP_TLS);
}
#endif

2
subsys/net/l2/wifi/wifi_mgmt.c
View file

@ -83,8 +83,6 @@ const char *wifi_security_txt(enum wifi_security_type security)
return "EAP-TTLS-MSCHAPV2";
case WIFI_SECURITY_TYPE_EAP_PEAP_TLS:
return "EAP-PEAP-TLS";
case WIFI_SECURITY_TYPE_EAP_TLS_SHA256:
return "EAP-TLS-SHA256";
case WIFI_SECURITY_TYPE_FT_PSK:
return "FT-PSK";
case WIFI_SECURITY_TYPE_FT_SAE:

10
subsys/net/l2/wifi/wifi_shell.c
View file

@ -915,8 +915,7 @@ static int cmd_wifi_connect(const struct shell *sh, size_t argc,
cnx_params.security == WIFI_SECURITY_TYPE_EAP_PEAP_MSCHAPV2 ||
cnx_params.security == WIFI_SECURITY_TYPE_EAP_PEAP_GTC ||
cnx_params.security == WIFI_SECURITY_TYPE_EAP_TTLS_MSCHAPV2 ||
cnx_params.security == WIFI_SECURITY_TYPE_EAP_PEAP_TLS ||
cnx_params.security == WIFI_SECURITY_TYPE_EAP_TLS_SHA256) {
cnx_params.security == WIFI_SECURITY_TYPE_EAP_PEAP_TLS) {
cmd_wifi_set_enterprise_creds(sh, iface);
}
#endif
@ -1924,8 +1923,7 @@ static int cmd_wifi_ap_enable(const struct shell *sh, size_t argc,
cnx_params.security == WIFI_SECURITY_TYPE_EAP_PEAP_MSCHAPV2 ||
cnx_params.security == WIFI_SECURITY_TYPE_EAP_PEAP_GTC ||
cnx_params.security == WIFI_SECURITY_TYPE_EAP_TTLS_MSCHAPV2 ||
cnx_params.security == WIFI_SECURITY_TYPE_EAP_PEAP_TLS ||
cnx_params.security == WIFI_SECURITY_TYPE_EAP_TLS_SHA256) {
cnx_params.security == WIFI_SECURITY_TYPE_EAP_PEAP_TLS) {
cmd_wifi_set_enterprise_creds(sh, iface);
}
#endif
@ -3407,7 +3405,7 @@ SHELL_STATIC_SUBCMD_SET_CREATE(
"0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE-HNP, 4:SAE-H2E, 5:SAE-AUTO, 6:WAPI,"
"7:EAP-TLS, 8:WEP, 9: WPA-PSK, 10: WPA-Auto-Personal, 11: DPP\n"
"12: EAP-PEAP-MSCHAPv2, 13: EAP-PEAP-GTC, 14: EAP-TTLS-MSCHAPv2,\n"
"15: EAP-PEAP-TLS, 16:EAP_TLS_SHA256\n"
"15: EAP-PEAP-TLS\n"
"-w --ieee-80211w=<MFP> (optional: needs security type to be specified)\n"
"0:Disable, 1:Optional, 2:Required\n"
"-b --band=<band> (2 -2.6GHz, 5 - 5Ghz, 6 - 6GHz)\n"
@ -3650,7 +3648,7 @@ SHELL_SUBCMD_ADD((wifi), connect, NULL,
"0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE-HNP, 4:SAE-H2E, 5:SAE-AUTO, 6:WAPI,"
"7:EAP-TLS, 8:WEP, 9: WPA-PSK, 10: WPA-Auto-Personal, 11: DPP\n"
"12: EAP-PEAP-MSCHAPv2, 13: EAP-PEAP-GTC, 14: EAP-TTLS-MSCHAPv2,\n"
"15: EAP-PEAP-TLS, 16:EAP_TLS_SHA256\n"
"15: EAP-PEAP-TLS\n"
"[-w, --ieee-80211w]: MFP (optional: needs security type to be specified)\n"
": 0:Disable, 1:Optional, 2:Required.\n"
"[-m, --bssid]: MAC address of the AP (BSSID).\n"