diff --git a/include/zephyr/net/wifi_mgmt.h b/include/zephyr/net/wifi_mgmt.h index b4d230abfdb..e32f8c194e0 100644 --- a/include/zephyr/net/wifi_mgmt.h +++ b/include/zephyr/net/wifi_mgmt.h @@ -512,6 +512,8 @@ struct wifi_connect_req_params { const uint8_t *eap_password; /** eap passwd length, max 128 */ uint8_t eap_passwd_length; + /** Fast BSS Transition used */ + bool ft_used; }; /** @brief Wi-Fi connect result codes. To be overlaid on top of \ref wifi_status diff --git a/modules/hostap/CMakeLists.txt b/modules/hostap/CMakeLists.txt index 9910b077e6b..a3bfdc84e14 100644 --- a/modules/hostap/CMakeLists.txt +++ b/modules/hostap/CMakeLists.txt @@ -161,6 +161,11 @@ zephyr_library_sources_ifdef(CONFIG_WPA_CLI src/wpa_cli.c ) +zephyr_library_sources_ifdef(CONFIG_IEEE80211R + ${HOSTAP_SRC_BASE}/rsn_supp/wpa_ft.c + ${HOSTAP_SRC_BASE}/ap/wpa_auth_ft.c +) + zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_AP ${WIFI_NM_WPA_SUPPLICANT_BASE}/ap.c ${HOSTAP_SRC_BASE}/ap/ap_config.c diff --git a/modules/hostap/Kconfig b/modules/hostap/Kconfig index e22059f00f0..973398abeee 100644 --- a/modules/hostap/Kconfig +++ b/modules/hostap/Kconfig @@ -508,6 +508,10 @@ config ACS config IEEE80211AC bool +config IEEE80211R + bool + depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE + config NW_SEL_RELIABILITY bool default y diff --git a/modules/hostap/src/supp_api.c b/modules/hostap/src/supp_api.c index c8674a02716..27e1be505c1 100644 --- a/modules/hostap/src/supp_api.c +++ b/modules/hostap/src/supp_api.c @@ -480,13 +480,21 @@ int process_cipher_config(struct wifi_connect_req_params *params, } else if (params->suiteb_type == WIFI_SUITEB_192) { cipher_capa = WPA_CAPA_ENC_GCMP_256; gropu_mgmt_cipher_capa = WPA_CAPA_ENC_BIP_GMAC_256; - cipher_config->key_mgmt = "WPA-EAP-SUITE-B-192"; + if (params->ft_used) { + cipher_config->key_mgmt = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"; + } else { + cipher_config->key_mgmt = "WPA-EAP-SUITE-B-192"; + } cipher_config->openssl_ciphers = "SUITEB192"; cipher_config->tls_flags = "[SUITEB]"; } else { cipher_capa = WPA_CAPA_ENC_CCMP; gropu_mgmt_cipher_capa = WPA_CAPA_ENC_BIP; - cipher_config->key_mgmt = "WPA-EAP"; + if (params->ft_used) { + cipher_config->key_mgmt = "WPA-EAP FT-EAP"; + } else { + cipher_config->key_mgmt = "WPA-EAP"; + } } if (params->security == WIFI_SECURITY_TYPE_EAP_TLS_SHA256) { @@ -678,7 +686,8 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s, } } - if (!wpa_cli_cmd_v("set_network %d key_mgmt SAE", resp.network_id)) { + if (!wpa_cli_cmd_v("set_network %d key_mgmt SAE%s", resp.network_id, + params->ft_used ? " FT-SAE" : "")) { goto out; } } else if (params->security == WIFI_SECURITY_TYPE_PSK_SHA256) { @@ -698,8 +707,8 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s, goto out; } - if (!wpa_cli_cmd_v("set_network %d key_mgmt WPA-PSK", - resp.network_id)) { + if (!wpa_cli_cmd_v("set_network %d key_mgmt WPA-PSK%s", + resp.network_id, params->ft_used ? " FT-PSK" : "")) { goto out; } diff --git a/subsys/net/l2/wifi/wifi_shell.c b/subsys/net/l2/wifi/wifi_shell.c index 6696dd9c147..1918797cd8c 100644 --- a/subsys/net/l2/wifi/wifi_shell.c +++ b/subsys/net/l2/wifi/wifi_shell.c @@ -541,6 +541,7 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv {"eap-pwd6", required_argument, 0, 'P'}, {"eap-pwd7", required_argument, 0, 'P'}, {"eap-pwd8", required_argument, 0, 'P'}, + {"ieee-80211r", no_argument, 0, 'R'}, {"help", no_argument, 0, 'h'}, {0, 0, 0, 0}}; char *endptr; @@ -565,7 +566,7 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv params->mfp = WIFI_MFP_OPTIONAL; params->eap_ver = 1; - while ((opt = getopt_long(argc, argv, "s:p:k:e:w:b:c:m:t:a:K:S:V:I:P:h", + while ((opt = getopt_long(argc, argv, "s:p:k:e:w:b:c:m:t:a:K:S:V:I:P:Rh", long_options, &opt_index)) != -1) { state = getopt_state_get(); switch (opt) { @@ -731,6 +732,9 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv return -EINVAL; } break; + case 'R': + params->ft_used = true; + break; case 'h': return -ENOEXEC; default: