Skip to content

Add WPA3 support in mbed-os for green tea tests #12472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 31, 2020
Merged

Add WPA3 support in mbed-os for green tea tests #12472

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions TESTS/network/wifi/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ The general test environment consists of DUTs, base stations, a network connecti
- Time protocol, [RFC 868](https://tools.ietf.org/html/rfc868) in both TCP and UDP. Port 37.
- Channels to be used must be different for both APs. For secure on channel number is later referred as `<ch:secure>` and for unsecure on `<ch:unsecure>`.
- MAC addresses of Wi-Fi APs must be known. These are later referred to as `<mac:secure>` and `<mac:unsecure>`.
- WPA3 may not be supported for all target platforms, Refer to target specifications before updating security protocol to WPA3 or WPA3/WPA2 in `mbed_app.json`

**NOTE:** This document refers to an echo server because it is a requirement for running Socket API tests. The test cases defined in this document do not directly use it.

Expand All @@ -58,6 +59,8 @@ Please refer to the following table for priorities of test cases. Priorities are
| | | NSAPI_SECURITY_WPA | SHOULD |
| | | NSAPI_SECURITY_WPA2 | SHOULD |
| | | NSAPI_SECURITY_WPA_WPA2 | MUST |
| | | NSAPI_SECURITY_WPA3_WPA2 | SHOULD |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer NSAPI_SECURITY_WPA2_WPA3 for consistency. But this is just my opinion and can be ignored if no one else feels the same.

| | | NSAPI_SECURITY_WPA3 | SHOULD |
| 9 | WIFI_CONNECT_PARAMS_CHANNEL | | SHOULD |
| 10 | WIFI_CONNECT_PARAMS_CHANNEL_FAIL | | SHOULD |
| 11 | WIFI_CONNECT | | MUST |
Expand All @@ -67,6 +70,8 @@ Please refer to the following table for priorities of test cases. Priorities are
| | | NSAPI_SECURITY_WPA | SHOULD |
| | | NSAPI_SECURITY_WPA2 | SHOULD |
| | | NSAPI_SECURITY_WPA_WPA2 | MUST |
| | | NSAPI_SECURITY_WPA3_WPA2 | SHOULD |
| | | NSAPI_SECURITY_WPA3 | SHOULD |
| 14 | WIFI_CONNECT_SECURE_FAIL | | MUST |
| 15 | WIFI_CONNECT_DISCONNECT_REPEAT | | MUST |
| 16 | WIFI_SCAN_NULL | | SHOULD |
Expand Down Expand Up @@ -167,15 +172,19 @@ Call `set_credentials()` with various parameters described in "Expected results"
|------------|---------------------------|----------------------------------|-----------------------------------------------------|
| ssid=NULL | NULL | NSAPI_SECURITY_NONE | NSAPI_ERROR_PARAMETER |
| ssid="OK" | NULL | NSAPI_SECURITY_WPA_WPA2 | NSAPI_ERROR_PARAMETER |
| ssid="OK" | NULL | NSAPI_SECURITY_WPA3_WPA2 | NSAPI_ERROR_PARAMETER |
| ssid="OK" | NULL | NSAPI_SECURITY_WEP | NSAPI_ERROR_PARAMETER because password is missing. |
| ssid="OK" | NULL | NSAPI_SECURITY_NONE | NSAPI_ERROR_OK |
| ssid="OK" | [any 64 character string] | NSAPI_SECURITY_WPA2 | NSAPI_ERROR_PARAMETER because password is too long |
| ssid="OK" | [any 63 character string] | NSAPI_SECURITY_WPA2 | NSAPI_ERROR_OK |
| ssid="OK" | "" | NSAPI_SECURITY_WPA_WPA2 | NSAPI_ERROR_PARAMETER |
| ssid="OK" | "" | NSAPI_SECURITY_WPA3_WPA2 | NSAPI_ERROR_PARAMETER |
| ssid="OK" | "" | NSAPI_SECURITY_WEP | NSAPI_ERROR_PARAMETER because password is missing. |
| ssid="OK" | "" | NSAPI_SECURITY_NONE | NSAPI_ERROR_OK |
| ssid="OK" | "12345678" | NSAPI_SECURITY_WPA_WPA2 | NSAPI_ERROR_OK |
| ssid="OK" | "12345678" | NSAPI_SECURITY_WPA3_WPA2 | NSAPI_ERROR_OK |
| ssid="OK" | "12345678" | NSAPI_SECURITY_WPA2 | NSAPI_ERROR_OK |
| ssid="OK" | "12345678" | NSAPI_SECURITY_WPA3 | NSAPI_ERROR_OK |
| ssid="OK" | "12345678" | NSAPI_SECURITY_WPA | NSAPI_ERROR_OK |
| ssid="OK" | "12345678" | NSAPI_SECURITY_WEP | NSAPI_ERROR_OK or NSAPI_ERROR_UNSUPPORTED |
| ssid="" | "" | NSAPI_SECURITY_NONE | NSAPI_ERROR_PARAMETER |
Expand Down
8 changes: 8 additions & 0 deletions TESTS/network/wifi/get_security.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ nsapi_security get_security()
static const char *SEC_WPA = "WPA";
static const char *SEC_WPA2 = "WPA2";
static const char *SEC_WPA_WPA2 = "WPA/WPA2";
static const char *SEC_WPA3 = "WPA3";
static const char *SEC_WPA3_WPA2 = "WPA3/WPA2";

if (strcmp(MBED_CONF_APP_WIFI_SECURE_PROTOCOL, SEC_WEP) == 0) {
return NSAPI_SECURITY_WEP;
Expand All @@ -39,6 +41,12 @@ nsapi_security get_security()
if (strcmp(MBED_CONF_APP_WIFI_SECURE_PROTOCOL, SEC_WPA_WPA2) == 0) {
return NSAPI_SECURITY_WPA_WPA2;
}
if (strcmp(MBED_CONF_APP_WIFI_SECURE_PROTOCOL, SEC_WPA3) == 0) {
return NSAPI_SECURITY_WPA3;
}
if (strcmp(MBED_CONF_APP_WIFI_SECURE_PROTOCOL, SEC_WPA3_WPA2) == 0) {
return NSAPI_SECURITY_WPA3_WPA2;
}
#endif
return NSAPI_SECURITY_NONE;
}
12 changes: 12 additions & 0 deletions TESTS/network/wifi/wifi_set_credential.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,12 @@ void wifi_set_credential(void)
error = iface->set_credentials("OK", "", NSAPI_SECURITY_WPA_WPA2);
TEST_ASSERT_EQUAL(NSAPI_ERROR_PARAMETER, error);

error = iface->set_credentials("OK", NULL, NSAPI_SECURITY_WPA3_WPA2);
TEST_ASSERT_EQUAL(NSAPI_ERROR_PARAMETER, error);

error = iface->set_credentials("OK", "", NSAPI_SECURITY_WPA3_WPA2);
TEST_ASSERT_EQUAL(NSAPI_ERROR_PARAMETER, error);

error = iface->set_credentials("OK", NULL, NSAPI_SECURITY_NONE);
TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, error);

Expand All @@ -64,9 +70,15 @@ void wifi_set_credential(void)
error = iface->set_credentials("OK", "12345678", NSAPI_SECURITY_WPA2);
TEST_ASSERT((error == NSAPI_ERROR_OK) || (error == NSAPI_ERROR_UNSUPPORTED));

error = iface->set_credentials("OK", "12345678", NSAPI_SECURITY_WPA3);
TEST_ASSERT((error == NSAPI_ERROR_OK) || (error == NSAPI_ERROR_UNSUPPORTED));

error = iface->set_credentials("OK", "12345678", NSAPI_SECURITY_WPA_WPA2);
TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, error);

error = iface->set_credentials("OK", "12345678", NSAPI_SECURITY_WPA3_WPA2);
TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, error);

error = iface->set_credentials("OK", "kUjd0PHHeAqaDoyfcDDEOvbyiVbYMpUHDukGoR6EJZnO5iLzWsfwiM9JQqOngni", get_security());
TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, error);

Expand Down
24 changes: 23 additions & 1 deletion features/netsocket/emac-drivers/TARGET_Cypress/COMPONENT_WHD/interface/WhdSTAInterface.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,10 @@ static nsapi_security_t whd_tosecurity(whd_security_t sec)
case WHD_SECURITY_WPA2_FBT_PSK:
case WHD_SECURITY_WPA2_FBT_ENT:
return NSAPI_SECURITY_WPA2;
case WHD_SECURITY_WPA3_SAE:
return NSAPI_SECURITY_WPA3;
case WHD_SECURITY_WPA3_WPA2_PSK:
return NSAPI_SECURITY_WPA3_WPA2;
default:
return NSAPI_SECURITY_UNKNOWN;
}
Expand All @@ -145,6 +149,10 @@ whd_security_t whd_fromsecurity(nsapi_security_t sec)
return WHD_SECURITY_WPA2_MIXED_PSK;
case NSAPI_SECURITY_WPA2_ENT:
return WHD_SECURITY_WPA2_MIXED_ENT;
case NSAPI_SECURITY_WPA3:
return WHD_SECURITY_WPA3_SAE;
case NSAPI_SECURITY_WPA3_WPA2:
return WHD_SECURITY_WPA3_WPA2_PSK;
default:
return WHD_SECURITY_UNKNOWN;
}
Expand Down Expand Up @@ -224,7 +232,8 @@ nsapi_error_t WhdSTAInterface::set_credentials(const char *ssid, const char *pas
(strlen(ssid) == 0) ||
(pass == NULL && (security != NSAPI_SECURITY_NONE && security != NSAPI_SECURITY_WPA2_ENT)) ||
(strlen(pass) == 0 && (security != NSAPI_SECURITY_NONE && security != NSAPI_SECURITY_WPA2_ENT)) ||
(strlen(pass) > 63 && (security == NSAPI_SECURITY_WPA2 || security == NSAPI_SECURITY_WPA || security == NSAPI_SECURITY_WPA_WPA2))
(strlen(pass) > 63 && (security == NSAPI_SECURITY_WPA2 || security == NSAPI_SECURITY_WPA ||
security == NSAPI_SECURITY_WPA_WPA2 || security == NSAPI_SECURITY_WPA3 || security == NSAPI_SECURITY_WPA3_WPA2))
) {
return NSAPI_ERROR_PARAMETER;
}
Expand Down Expand Up @@ -292,6 +301,19 @@ nsapi_error_t WhdSTAInterface::connect()
// choose network security
whd_security_t security = whd_fromsecurity(_security);

#if defined MBED_CONF_APP_WIFI_PASSWORD_WPA2PSK
/* Set PSK password for WPA3_WPA2 */
if (security == WHD_SECURITY_WPA3_WPA2_PSK) {
res = (whd_result_t)whd_wifi_enable_sup_set_passphrase( _whd_emac.ifp, (const uint8_t *)MBED_CONF_APP_WIFI_PASSWORD_WPA2PSK,
strlen(MBED_CONF_APP_WIFI_PASSWORD_WPA2PSK), WHD_SECURITY_WPA3_WPA2_PSK );
}
#else
/* Set PSK password for WPA3_WPA2 */
if (security == WHD_SECURITY_WPA3_WPA2_PSK) {
res = (whd_result_t)whd_wifi_enable_sup_set_passphrase( _whd_emac.ifp, (const uint8_t *)_pass,
strlen(_pass), WHD_SECURITY_WPA3_WPA2_PSK );
}
#endif
// join the network
for (i = 0; i < MAX_RETRY_COUNT; i++) {
res = (whd_result_t)whd_wifi_join(_whd_emac.ifp,
Expand Down
2 changes: 2 additions & 0 deletions features/netsocket/nsapi_types.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,8 @@ typedef enum nsapi_security {
NSAPI_SECURITY_EAP_TLS = 0x7, /*!< phrase conforms to EAP-TLS */
NSAPI_SECURITY_PEAP = 0x8, /*!< phrase conforms to PEAP */
NSAPI_SECURITY_WPA2_ENT = 0x9, /*!< phrase conforms to WPA2-AES and WPA-TKIP with enterprise security */
NSAPI_SECURITY_WPA3 = 0xA, /*!< phrase conforms to WPA3 */
NSAPI_SECURITY_WPA3_WPA2 = 0xB, /*!< phrase conforms to WPA3_WPA2 */
NSAPI_SECURITY_UNKNOWN = 0xFF, /*!< unknown/unsupported security in scan results */
} nsapi_security_t;

Expand Down