diff --git a/include/zephyr/net/wifi.h b/include/zephyr/net/wifi.h index dbe643c4d02..9aee2f87853 100644 --- a/include/zephyr/net/wifi.h +++ b/include/zephyr/net/wifi.h @@ -108,12 +108,26 @@ enum wifi_eap_type { WIFI_EAP_TYPE_MSCHAPV2 = 26, }; -/** @brief Enterprise security WPA3 suiteb types. */ -enum wifi_suiteb_type { - /** suiteb. */ - WIFI_SUITEB = 1, - /** suiteb-192. */ - WIFI_SUITEB_192, +/** @brief WPA3 Enterprise security types. + * + * See Section#3 in WFA WPA3 specification v3.4: + * https://www.wi-fi.org/file/wpa3-specification for details. + */ +enum wifi_wpa3_enterprise_type { + /** No WPA3 enterprise, either WPA2 Enterprise or personal mode */ + WIFI_WPA3_ENTERPRISE_NA = 0, + /** WPA3 enterprise Suite-B (PMFR + WPA3-Suite-B). */ + WIFI_WPA3_ENTERPRISE_SUITEB = 1, + /** WPA3 enterprise Suite-B-192 (PMFR + WPA3-Suite-B-192). */ + WIFI_WPA3_ENTERPRISE_SUITEB_192, + /** WPA3 enterprise only (PMFR + WPA2-ENT disabled). */ + WIFI_WPA3_ENTERPRISE_ONLY, + + /** @cond INTERNAL_HIDDEN */ + __WIFI_WPA3_ENTERPRISE_AFTER_LAST, + WIFI_WPA3_ENTERPRISE_MAX = __WIFI_WPA3_ENTERPRISE_AFTER_LAST - 1, + WIFI_WPA3_ENTERPRISE_UNKNOWN + /** @endcond */ }; enum wifi_eap_tls_cipher_type { diff --git a/include/zephyr/net/wifi_mgmt.h b/include/zephyr/net/wifi_mgmt.h index 6dcafa8aee4..ee1d62d5520 100644 --- a/include/zephyr/net/wifi_mgmt.h +++ b/include/zephyr/net/wifi_mgmt.h @@ -553,8 +553,8 @@ struct wifi_connect_req_params { const uint8_t *key2_passwd; /** key2 passwd length, max 128 */ uint8_t key2_passwd_length; - /** suiteb or suiteb-192 */ - uint8_t suiteb_type; + /** wpa3 enterprise mode */ + enum wifi_wpa3_enterprise_type wpa3_ent_mode; /** TLS cipher */ uint8_t TLS_cipher; /** eap version */ diff --git a/modules/hostap/src/supp_api.c b/modules/hostap/src/supp_api.c index 8be2b085bdd..e0e0b44c781 100644 --- a/modules/hostap/src/supp_api.c +++ b/modules/hostap/src/supp_api.c @@ -490,13 +490,13 @@ int process_cipher_config(struct wifi_connect_req_params *params, unsigned int gropu_mgmt_cipher_capa; unsigned int index; - if (params->suiteb_type == WIFI_SUITEB) { + if (params->wpa3_ent_mode == WIFI_WPA3_ENTERPRISE_SUITEB) { cipher_capa = WPA_CAPA_ENC_GCMP; gropu_mgmt_cipher_capa = WPA_CAPA_ENC_BIP_GMAC_128; cipher_config->key_mgmt = "WPA-EAP-SUITE-B"; cipher_config->openssl_ciphers = "SUITEB128"; cipher_config->tls_flags = "[SUITEB]"; - } else if (params->suiteb_type == WIFI_SUITEB_192) { + } else if (params->wpa3_ent_mode == WIFI_WPA3_ENTERPRISE_SUITEB_192) { cipher_capa = WPA_CAPA_ENC_GCMP_256; gropu_mgmt_cipher_capa = WPA_CAPA_ENC_BIP_GMAC_256; if (params->ft_used) { @@ -506,6 +506,10 @@ int process_cipher_config(struct wifi_connect_req_params *params, } cipher_config->openssl_ciphers = "SUITEB192"; cipher_config->tls_flags = "[SUITEB]"; + } else if (params->wpa3_ent_mode == WIFI_WPA3_ENTERPRISE_ONLY) { + cipher_capa = WPA_CAPA_ENC_CCMP; + gropu_mgmt_cipher_capa = WPA_CAPA_ENC_BIP; + cipher_config->key_mgmt = "WPA-EAP-SHA256"; } else { cipher_capa = WPA_CAPA_ENC_CCMP; gropu_mgmt_cipher_capa = WPA_CAPA_ENC_BIP; @@ -1062,7 +1066,7 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s, goto out; } - if (params->suiteb_type == WIFI_SUITEB_192) { + if (params->wpa3_ent_mode == WIFI_WPA3_ENTERPRISE_SUITEB_192) { if (params->TLS_cipher == WIFI_EAP_TLS_ECC_P384) { if (!wpa_cli_cmd_v("set_network %d openssl_ciphers \"%s\"", resp.network_id, diff --git a/subsys/net/l2/wifi/wifi_shell.c b/subsys/net/l2/wifi/wifi_shell.c index 79a8f88b353..4d5a874bc41 100644 --- a/subsys/net/l2/wifi/wifi_shell.c +++ b/subsys/net/l2/wifi/wifi_shell.c @@ -580,7 +580,7 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv {"bandwidth", required_argument, 0, 'B'}, {"key1-pwd", required_argument, 0, 'K'}, {"key2-pwd", required_argument, 0, 'K'}, - {"suiteb-type", required_argument, 0, 'S'}, + {"wpa3-enterprise", required_argument, 0, 'S'}, {"TLS-cipher", required_argument, 0, 'T'}, {"eap-version", required_argument, 0, 'V'}, {"eap-id1", required_argument, 0, 'I'}, @@ -785,7 +785,7 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv key_passwd_cnt++; break; case 'S': - params->suiteb_type = atoi(state->optarg); + params->wpa3_ent_mode = atoi(state->optarg); break; case 'T': params->TLS_cipher = atoi(state->optarg); @@ -3419,7 +3419,9 @@ SHELL_STATIC_SUBCMD_SET_CREATE( "[-B, --bandwidth=]: 1:20MHz, 2:40MHz, 3:80MHz\n" "[-K, --key1-pwd for eap phase1 or --key2-pwd for eap phase2]:\n" "Private key passwd for enterprise mode. Default no password for private key.\n" - "[-S, --suiteb-type]: 1:suiteb, 2:suiteb-192. Default 0: not suiteb mode.\n" + "[-S, --wpa3-enterprise]: WPA3 enterprise mode:\n" + "Default 0: Not WPA3 enterprise mode.\n" + "1:Suite-b mode, 2:Suite-b-192-bit mode, 3:WPA3-enterprise-only mode.\n" "[-V, --eap-version]: 0 or 1. Default 1: eap version 1.\n" "[-I, --eap-id1...--eap-id8]: Client Identity. Default no eap identity.\n" "[-P, --eap-pwd1...--eap-pwd8]: Client Password.\n" @@ -3656,7 +3658,9 @@ SHELL_SUBCMD_ADD((wifi), connect, NULL, "[-a, --anon-id]: Anonymous identity for enterprise mode.\n" "[-K, --key1-pwd for eap phase1 or --key2-pwd for eap phase2]:\n" "Private key passwd for enterprise mode. Default no password for private key.\n" - "[-S, --suiteb-type]: 1:suiteb, 2:suiteb-192. Default 0: not suiteb mode.\n" + "[-S, --wpa3-enterprise]: WPA3 enterprise mode:\n" + "Default 0: Not WPA3 enterprise mode.\n" + "1:Suite-b mode, 2:Suite-b-192-bit mode, 3:WPA3-enterprise-only mode.\n" "[-T, --TLS-cipher]: 0:TLS-NONE, 1:TLS-ECC-P384, 2:TLS-RSA-3K.\n" "[-V, --eap-version]: 0 or 1. Default 1: eap version 1.\n" "[-I, --eap-id1]: Client Identity. Default no eap identity.\n"