.../WifiConnectionManagerDxe.vfr | 8 +- .../WifiConnectionMgrConfigNVDataStruct.h | 8 +- .../WifiConnectionMgrDxe.h | 18 ++++- .../WifiConnectionMgrHiiConfigAccess.c | 37 ++++++--- .../WifiConnectionMgrImpl.c | 4 +- .../WifiConnectionMgrMisc.c | 77 ++++++++++++++++--- 6 files changed, 119 insertions(+), 33 deletions(-)
https://bugzilla.tianocore.org/show_bug.cgi?id=3961
Add below Wpa3 support:
WPA3-Personal:
Ieee80211AkmSuiteSAE = 8
WPA3-Enterprise:
Ieee80211AkmSuite8021XSuiteB = 11
Ieee80211AkmSuite8021XSuiteB192 = 12
Wi-Fi CERTIFIED Enhanced Open:
Ieee80211AkmSuiteOWE = 18
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Signed-off-by: Heng Luo <heng.luo@intel.com>
---
.../WifiConnectionManagerDxe.vfr | 8 +-
.../WifiConnectionMgrConfigNVDataStruct.h | 8 +-
.../WifiConnectionMgrDxe.h | 18 ++++-
.../WifiConnectionMgrHiiConfigAccess.c | 37 ++++++---
.../WifiConnectionMgrImpl.c | 4 +-
.../WifiConnectionMgrMisc.c | 77 ++++++++++++++++---
6 files changed, 119 insertions(+), 33 deletions(-)
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr
index b0ef187535..704f2b6a54 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr
@@ -1,7 +1,7 @@
/** @file
Vfr files used in WiFi Connection Manager.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -121,7 +121,8 @@ formset
text = STRING_TOKEN(STR_SECURITY_TYPE); // TextTwo
- suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_PERSONAL;
+ suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_PERSONAL
+ AND NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA3_PERSONAL;
password varid = WIFI_MANAGER_IFR_NVDATA.Password,
prompt = STRING_TOKEN(STR_PASSWORD),
help = STRING_TOKEN(STR_PASSWORD_HELP),
@@ -132,7 +133,8 @@ formset
endpassword;
endif;
- suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE;
+ suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE
+ AND NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE;
oneof varid = WIFI_MANAGER_IFR_NVDATA.EapAuthMethod,
questionid = KEY_EAP_AUTH_METHOD_CONNECT_NETWORK,
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h
index 69878bc457..b5518a74d8 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h
@@ -1,7 +1,7 @@
/** @file
Define IFR NVData structures used by the WiFi Connection Manager.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -119,8 +119,10 @@
#define SECURITY_TYPE_WPA_PERSONAL 3
#define SECURITY_TYPE_WPA2_PERSONAL 4
#define SECURITY_TYPE_WEP 5
-#define SECURITY_TYPE_UNKNOWN 6
-#define SECURITY_TYPE_MAX 7
+#define SECURITY_TYPE_WPA3_PERSONAL 6
+#define SECURITY_TYPE_WPA3_ENTERPRISE 7
+#define SECURITY_TYPE_UNKNOWN 8
+#define SECURITY_TYPE_MAX 9
#define EAP_AUTH_METHOD_TTLS 0
#define EAP_AUTH_METHOD_PEAP 1
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h
index c3c70b2752..7b2e41e155 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h
@@ -1,7 +1,7 @@
/** @file
The miscellaneous structure definitions for WiFi connection driver.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -82,6 +82,8 @@ typedef enum {
Ieee80211PairwiseCipherSuiteCCMP = 4,
Ieee80211PairwiseCipherSuiteWEP104 = 5,
Ieee80211PairwiseCipherSuiteBIP = 6,
+ Ieee80211PairwiseCipherSuiteGCMP = 8,
+ Ieee80211PairwiseCipherSuiteGCMP256 = 9,
// ...
} IEEE_80211_PAIRWISE_CIPHER_SUITE;
@@ -91,19 +93,29 @@ typedef enum {
#define IEEE_80211_PAIRWISE_CIPHER_SUITE_CCMP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteCCMP << 24))
#define IEEE_80211_PAIRWISE_CIPHER_SUITE_WEP104 (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteWEP104 << 24))
#define IEEE_80211_PAIRWISE_CIPHER_SUITE_BIP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteBIP << 24))
+#define IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteGCMP << 24))
+#define IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP256 (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteGCMP256 << 24))
typedef enum {
Ieee80211AkmSuite8021XOrPMKSA = 1,
Ieee80211AkmSuitePSK = 2,
Ieee80211AkmSuite8021XOrPMKSASHA256 = 5,
- Ieee80211AkmSuitePSKSHA256 = 6
- // ...
+ Ieee80211AkmSuitePSKSHA256 = 6,
+ Ieee80211AkmSuiteSAE = 8,
+ Ieee80211AkmSuite8021XSuiteB = 11,
+ Ieee80211AkmSuite8021XSuiteB192 = 12,
+ Ieee80211AkmSuiteOWE = 18,
+ // ...
} IEEE_80211_AKM_SUITE;
#define IEEE_80211_AKM_SUITE_8021X_OR_PMKSA (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XOrPMKSA << 24))
#define IEEE_80211_AKM_SUITE_PSK (OUI_IEEE_80211I | (Ieee80211AkmSuitePSK << 24))
#define IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256 (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XOrPMKSASHA256 << 24))
#define IEEE_80211_AKM_SUITE_PSK_SHA256 (OUI_IEEE_80211I | (Ieee80211AkmSuitePSKSHA256 << 24))
+#define IEEE_80211_AKM_SUITE_SAE (OUI_IEEE_80211I | (Ieee80211AkmSuiteSAE << 24))
+#define IEEE_80211_AKM_SUITE_8021X_SUITE_B (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XSuiteB << 24))
+#define IEEE_80211_AKM_SUITE_8021X_SUITE_B192 (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XSuiteB192 << 24))
+#define IEEE_80211_AKM_SUITE_OWE (OUI_IEEE_80211I | (Ieee80211AkmSuiteOWE << 24))
//
// Protocol instances
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c
index 7cb2bfc281..431fcbb33a 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c
@@ -1,7 +1,7 @@
/** @file
The Hii functions for WiFi Connection Manager.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -50,6 +50,8 @@ CHAR16 *mSecurityType[] = {
L"WPA-Personal ",
L"WPA2-Personal ",
L"WEP ",
+ L"WPA3-Personal ",
+ L"WPA3-Enterprise",
L"UnKnown "
};
@@ -269,6 +271,7 @@ WifiMgrGetStrAKMList (
UINT8 Index;
UINT16 AKMSuiteCount;
CHAR16 *AKMListDisplay;
+ UINTN Length;
AKMListDisplay = NULL;
if ((Profile == NULL) || (Profile->Network.AKMSuite == NULL)) {
@@ -278,23 +281,24 @@ WifiMgrGetStrAKMList (
AKMSuiteCount = Profile->Network.AKMSuite->AKMSuiteCount;
if (AKMSuiteCount != 0) {
//
- // Current AKM Suite is between 1-9
+ // Current AKM Suite is between 1-18
//
- AKMListDisplay = (CHAR16 *)AllocateZeroPool (sizeof (CHAR16) * (AKMSuiteCount * 2 + 1));
+ AKMListDisplay = (CHAR16 *)AllocateZeroPool (sizeof (CHAR16) * (AKMSuiteCount * 3 + 1));
+ Length = 0;
if (AKMListDisplay != NULL) {
for (Index = 0; Index < AKMSuiteCount; Index++) {
//
- // The size of buffer should be 3 CHAR16 for Null-terminated Unicode string.
- // The first char is the AKM Suite number, the second char is ' ', the third char is '\0'.
+ // The size of buffer should be 4 CHAR16 for Null-terminated Unicode string.
//
UnicodeSPrint (
- AKMListDisplay + (Index * 2),
- sizeof (CHAR16) * 3,
+ AKMListDisplay + Length,
+ sizeof (CHAR16) * 4,
L"%d ",
Profile->Network.AKMSuite->AKMSuiteList[Index].SuiteType
);
+ Length = StrLen (AKMListDisplay + Length) + Length;
if (Index == AKMSuiteCount - 1) {
- *(AKMListDisplay + (Index * 2 + 1)) = L'\0';
+ *(AKMListDisplay + (Length - 1)) = L'\0';
}
}
}
@@ -1461,7 +1465,9 @@ WifiMgrDxeHiiConfigAccessCallback (
return EFI_OUT_OF_RESOURCES;
}
- if (IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) {
+ if ((IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) ||
+ (IfrNvData->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE))
+ {
IfrNvData->EapAuthMethod = Profile->EapAuthMethod;
IfrNvData->EapSecondAuthMethod = Profile->EapSecondAuthMethod;
StrCpyS (IfrNvData->EapIdentity, EAP_IDENTITY_SIZE, Profile->EapIdentity);
@@ -1529,7 +1535,9 @@ WifiMgrDxeHiiConfigAccessCallback (
//
// Restore User Config Data for Page recovery
//
- if (IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) {
+ if ((IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) ||
+ (IfrNvData->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE))
+ {
Profile->EapAuthMethod = IfrNvData->EapAuthMethod;
Profile->EapSecondAuthMethod = IfrNvData->EapSecondAuthMethod;
StrCpyS (Profile->EapIdentity, EAP_IDENTITY_SIZE, IfrNvData->EapIdentity);
@@ -1598,12 +1606,17 @@ WifiMgrDxeHiiConfigAccessCallback (
// When this network is not currently connected, pend it to connect.
//
if (Profile->AKMSuiteSupported && Profile->CipherSuiteSupported) {
- if ((Profile->SecurityType == SECURITY_TYPE_NONE) || (Profile->SecurityType == SECURITY_TYPE_WPA2_PERSONAL)) {
+ if ((Profile->SecurityType == SECURITY_TYPE_NONE) ||
+ (Profile->SecurityType == SECURITY_TYPE_WPA2_PERSONAL) ||
+ (Profile->SecurityType == SECURITY_TYPE_WPA3_PERSONAL))
+ {
//
// For Open network, connect directly.
//
ProfileToConnect = Profile;
- } else if (Profile->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) {
+ } else if ((Profile->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) ||
+ (Profile->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE))
+ {
//
// For WPA/WPA2-Enterprise network, conduct eap configuration first.
// Only EAP-TLS, TTLS and PEAP is supported now!
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
index 7630c0695c..59bac48c42 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
@@ -1,7 +1,7 @@
/** @file
The Mac Connection2 Protocol adapter functions for WiFi Connection Manager.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -848,6 +848,7 @@ WifiMgrPrepareConnection (
if (AKMSuiteSupported && CipherSuiteSupported) {
switch (SecurityType) {
case SECURITY_TYPE_WPA2_PERSONAL:
+ case SECURITY_TYPE_WPA3_PERSONAL:
Status = WifiMgrConfigPassword (Nic, Profile);
if (EFI_ERROR (Status)) {
@@ -863,6 +864,7 @@ WifiMgrPrepareConnection (
break;
case SECURITY_TYPE_WPA2_ENTERPRISE:
+ case SECURITY_TYPE_WPA3_ENTERPRISE:
Status = WifiMgrConfigEap (Nic, Profile);
if (EFI_ERROR (Status)) {
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c
index 4e7c241718..4ad5643c24 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c
@@ -1,7 +1,7 @@
/** @file
The Miscellaneous Routines for WiFi Connection Manager.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -9,6 +9,24 @@
#include "WifiConnectionMgrDxe.h"
+//
+// STA AKM preference order
+// REF: https://www.wi-fi.org/file/wpa3-specification
+//
+STATIC UINT32 mAKMSuitePreference[] = {
+ IEEE_80211_AKM_SUITE_8021X_SUITE_B192, // AKM Suite 12
+ IEEE_80211_AKM_SUITE_8021X_SUITE_B, // AKM Suite 11
+ IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256, // AKM Suite 5
+ IEEE_80211_AKM_SUITE_8021X_OR_PMKSA, // AKM Suite 1
+
+ IEEE_80211_AKM_SUITE_SAE, // AKM Suite 8
+ IEEE_80211_AKM_SUITE_PSK_SHA256, // AKM Suite 6
+ IEEE_80211_AKM_SUITE_PSK, // AKM Suite 2
+
+ IEEE_80211_AKM_SUITE_OWE // AKM Suite 18
+};
+#define AKM_SUITE_PREFERENCE_COUNT (sizeof (mAKMSuitePreference) / sizeof (UINT32))
+
/**
Empty function for event process function.
@@ -340,7 +358,7 @@ WifiMgrCheckRSN (
EFI_80211_AKM_SUITE_SELECTOR *SupportedAKMSuites;
EFI_80211_CIPHER_SUITE_SELECTOR *SupportedSwCipherSuites;
EFI_80211_CIPHER_SUITE_SELECTOR *SupportedHwCipherSuites;
- EFI_80211_SUITE_SELECTOR *AKMSuite;
+ UINT32 *AKMSuite;
EFI_80211_SUITE_SELECTOR *CipherSuite;
UINT16 AKMIndex;
UINT16 CipherIndex;
@@ -371,18 +389,29 @@ WifiMgrCheckRSN (
return EFI_SUCCESS;
}
- for (AKMIndex = 0; AKMIndex < AKMList->AKMSuiteCount; AKMIndex++) {
- AKMSuite = AKMList->AKMSuiteList + AKMIndex;
- if (WifiMgrSupportAKMSuite (
- SupportedAKMSuites->AKMSuiteCount,
- (UINT32 *)SupportedAKMSuites->AKMSuiteList,
- (UINT32 *)AKMSuite
- ))
+ for (AKMIndex = 0; AKMIndex < AKM_SUITE_PREFERENCE_COUNT; AKMIndex++) {
+ AKMSuite = mAKMSuitePreference + AKMIndex;
+ if (WifiMgrSupportAKMSuite (AKMList->AKMSuiteCount, (UINT32 *)AKMList->AKMSuiteList, AKMSuite) &&
+ WifiMgrSupportAKMSuite (SupportedAKMSuites->AKMSuiteCount, (UINT32 *)SupportedAKMSuites->AKMSuiteList, AKMSuite))
{
if ((AKMSuiteSupported != NULL) && (CipherSuiteSupported != NULL)) {
*AKMSuiteSupported = TRUE;
}
+ //
+ // OWE transition mode allow CipherSuiteCount is 0
+ //
+ if (CipherList->CipherSuiteCount == 0) {
+ *SecurityType = WifiMgrGetSecurityType ((UINT32 *)AKMSuite, NULL);
+ if (*SecurityType != SECURITY_TYPE_UNKNOWN) {
+ if ((AKMSuiteSupported != NULL) && (CipherSuiteSupported != NULL)) {
+ *CipherSuiteSupported = TRUE;
+ }
+
+ return EFI_SUCCESS;
+ }
+ }
+
for (CipherIndex = 0; CipherIndex < CipherList->CipherSuiteCount; CipherIndex++) {
CipherSuite = CipherList->CipherSuiteList + CipherIndex;
@@ -450,6 +479,10 @@ WifiMgrGetSecurityType (
IN UINT32 *CipherSuite
)
{
+ if ((AKMSuite != NULL) && (*AKMSuite == IEEE_80211_AKM_SUITE_OWE)) {
+ return SECURITY_TYPE_NONE;
+ }
+
if (CipherSuite == NULL) {
if (AKMSuite == NULL) {
return SECURITY_TYPE_NONE;
@@ -471,8 +504,10 @@ WifiMgrGetSecurityType (
return SECURITY_TYPE_UNKNOWN;
}
- if ((*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA) ||
- (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256))
+ if (*AKMSuite == IEEE_80211_AKM_SUITE_SAE) {
+ return SECURITY_TYPE_WPA3_PERSONAL;
+ } else if ((*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA) ||
+ (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256))
{
return SECURITY_TYPE_WPA2_ENTERPRISE;
} else if ((*AKMSuite == IEEE_80211_AKM_SUITE_PSK) ||
@@ -498,6 +533,26 @@ WifiMgrGetSecurityType (
} else {
return SECURITY_TYPE_UNKNOWN;
}
+ } else if (*CipherSuite == IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP) {
+ if (AKMSuite == NULL) {
+ return SECURITY_TYPE_UNKNOWN;
+ }
+
+ if (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_SUITE_B) {
+ return SECURITY_TYPE_WPA3_ENTERPRISE;
+ } else {
+ return SECURITY_TYPE_UNKNOWN;
+ }
+ } else if (*CipherSuite == IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP256) {
+ if (AKMSuite == NULL) {
+ return SECURITY_TYPE_UNKNOWN;
+ }
+
+ if (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_SUITE_B192) {
+ return SECURITY_TYPE_WPA3_ENTERPRISE;
+ } else {
+ return SECURITY_TYPE_UNKNOWN;
+ }
} else {
return SECURITY_TYPE_UNKNOWN;
}
--
2.31.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90746): https://edk2.groups.io/g/devel/message/90746
Mute This Topic: https://groups.io/mt/91960521/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
On 24 cze 2022 09:59, Heng Luo wrote:
> https://bugzilla.tianocore.org/show_bug.cgi?id=3961
>
> Add below Wpa3 support:
> WPA3-Personal:
> Ieee80211AkmSuiteSAE = 8
> WPA3-Enterprise:
> Ieee80211AkmSuite8021XSuiteB = 11
> Ieee80211AkmSuite8021XSuiteB192 = 12
> Wi-Fi CERTIFIED Enhanced Open:
> Ieee80211AkmSuiteOWE = 18
>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Fu Siyuan <siyuan.fu@intel.com>
> Cc: Wu Jiaxin <jiaxin.wu@intel.com>
> Signed-off-by: Heng Luo <heng.luo@intel.com>
> ---
> .../WifiConnectionManagerDxe.vfr | 8 +-
> .../WifiConnectionMgrConfigNVDataStruct.h | 8 +-
> .../WifiConnectionMgrDxe.h | 18 ++++-
> .../WifiConnectionMgrHiiConfigAccess.c | 37 ++++++---
> .../WifiConnectionMgrImpl.c | 4 +-
> .../WifiConnectionMgrMisc.c | 77 ++++++++++++++++---
> 6 files changed, 119 insertions(+), 33 deletions(-)
>
> diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr
> index b0ef187535..704f2b6a54 100644
> --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr
> +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr
> @@ -1,7 +1,7 @@
> /** @file
> Vfr files used in WiFi Connection Manager.
>
> - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -121,7 +121,8 @@ formset
> text = STRING_TOKEN(STR_SECURITY_TYPE); // TextTwo
>
>
> - suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_PERSONAL;
> + suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_PERSONAL
> + AND NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA3_PERSONAL;
> password varid = WIFI_MANAGER_IFR_NVDATA.Password,
> prompt = STRING_TOKEN(STR_PASSWORD),
> help = STRING_TOKEN(STR_PASSWORD_HELP),
> @@ -132,7 +133,8 @@ formset
> endpassword;
> endif;
>
> - suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE;
> + suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE
> + AND NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE;
>
> oneof varid = WIFI_MANAGER_IFR_NVDATA.EapAuthMethod,
> questionid = KEY_EAP_AUTH_METHOD_CONNECT_NETWORK,
> diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h
> index 69878bc457..b5518a74d8 100644
> --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h
> +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h
> @@ -1,7 +1,7 @@
> /** @file
> Define IFR NVData structures used by the WiFi Connection Manager.
>
> - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -119,8 +119,10 @@
> #define SECURITY_TYPE_WPA_PERSONAL 3
> #define SECURITY_TYPE_WPA2_PERSONAL 4
> #define SECURITY_TYPE_WEP 5
> -#define SECURITY_TYPE_UNKNOWN 6
> -#define SECURITY_TYPE_MAX 7
> +#define SECURITY_TYPE_WPA3_PERSONAL 6
> +#define SECURITY_TYPE_WPA3_ENTERPRISE 7
> +#define SECURITY_TYPE_UNKNOWN 8
> +#define SECURITY_TYPE_MAX 9
>
> #define EAP_AUTH_METHOD_TTLS 0
> #define EAP_AUTH_METHOD_PEAP 1
> diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h
> index c3c70b2752..7b2e41e155 100644
> --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h
> +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h
> @@ -1,7 +1,7 @@
> /** @file
> The miscellaneous structure definitions for WiFi connection driver.
>
> - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -82,6 +82,8 @@ typedef enum {
> Ieee80211PairwiseCipherSuiteCCMP = 4,
> Ieee80211PairwiseCipherSuiteWEP104 = 5,
> Ieee80211PairwiseCipherSuiteBIP = 6,
> + Ieee80211PairwiseCipherSuiteGCMP = 8,
> + Ieee80211PairwiseCipherSuiteGCMP256 = 9,
> // ...
> } IEEE_80211_PAIRWISE_CIPHER_SUITE;
>
> @@ -91,19 +93,29 @@ typedef enum {
> #define IEEE_80211_PAIRWISE_CIPHER_SUITE_CCMP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteCCMP << 24))
> #define IEEE_80211_PAIRWISE_CIPHER_SUITE_WEP104 (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteWEP104 << 24))
> #define IEEE_80211_PAIRWISE_CIPHER_SUITE_BIP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteBIP << 24))
> +#define IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteGCMP << 24))
> +#define IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP256 (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteGCMP256 << 24))
>
> typedef enum {
> Ieee80211AkmSuite8021XOrPMKSA = 1,
> Ieee80211AkmSuitePSK = 2,
> Ieee80211AkmSuite8021XOrPMKSASHA256 = 5,
> - Ieee80211AkmSuitePSKSHA256 = 6
> - // ...
> + Ieee80211AkmSuitePSKSHA256 = 6,
> + Ieee80211AkmSuiteSAE = 8,
> + Ieee80211AkmSuite8021XSuiteB = 11,
> + Ieee80211AkmSuite8021XSuiteB192 = 12,
> + Ieee80211AkmSuiteOWE = 18,
> + // ...
> } IEEE_80211_AKM_SUITE;
>
> #define IEEE_80211_AKM_SUITE_8021X_OR_PMKSA (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XOrPMKSA << 24))
> #define IEEE_80211_AKM_SUITE_PSK (OUI_IEEE_80211I | (Ieee80211AkmSuitePSK << 24))
> #define IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256 (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XOrPMKSASHA256 << 24))
> #define IEEE_80211_AKM_SUITE_PSK_SHA256 (OUI_IEEE_80211I | (Ieee80211AkmSuitePSKSHA256 << 24))
> +#define IEEE_80211_AKM_SUITE_SAE (OUI_IEEE_80211I | (Ieee80211AkmSuiteSAE << 24))
> +#define IEEE_80211_AKM_SUITE_8021X_SUITE_B (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XSuiteB << 24))
> +#define IEEE_80211_AKM_SUITE_8021X_SUITE_B192 (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XSuiteB192 << 24))
> +#define IEEE_80211_AKM_SUITE_OWE (OUI_IEEE_80211I | (Ieee80211AkmSuiteOWE << 24))
>
> //
> // Protocol instances
> diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c
> index 7cb2bfc281..431fcbb33a 100644
> --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c
> +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c
> @@ -1,7 +1,7 @@
> /** @file
> The Hii functions for WiFi Connection Manager.
>
> - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -50,6 +50,8 @@ CHAR16 *mSecurityType[] = {
> L"WPA-Personal ",
> L"WPA2-Personal ",
> L"WEP ",
> + L"WPA3-Personal ",
> + L"WPA3-Enterprise",
> L"UnKnown "
> };
>
> @@ -269,6 +271,7 @@ WifiMgrGetStrAKMList (
> UINT8 Index;
> UINT16 AKMSuiteCount;
> CHAR16 *AKMListDisplay;
> + UINTN Length;
>
> AKMListDisplay = NULL;
> if ((Profile == NULL) || (Profile->Network.AKMSuite == NULL)) {
> @@ -278,23 +281,24 @@ WifiMgrGetStrAKMList (
> AKMSuiteCount = Profile->Network.AKMSuite->AKMSuiteCount;
> if (AKMSuiteCount != 0) {
> //
> - // Current AKM Suite is between 1-9
> + // Current AKM Suite is between 1-18
> //
> - AKMListDisplay = (CHAR16 *)AllocateZeroPool (sizeof (CHAR16) * (AKMSuiteCount * 2 + 1));
> + AKMListDisplay = (CHAR16 *)AllocateZeroPool (sizeof (CHAR16) * (AKMSuiteCount * 3 + 1));
> + Length = 0;
> if (AKMListDisplay != NULL) {
> for (Index = 0; Index < AKMSuiteCount; Index++) {
> //
> - // The size of buffer should be 3 CHAR16 for Null-terminated Unicode string.
> - // The first char is the AKM Suite number, the second char is ' ', the third char is '\0'.
> + // The size of buffer should be 4 CHAR16 for Null-terminated Unicode string.
> //
> UnicodeSPrint (
> - AKMListDisplay + (Index * 2),
> - sizeof (CHAR16) * 3,
> + AKMListDisplay + Length,
> + sizeof (CHAR16) * 4,
> L"%d ",
> Profile->Network.AKMSuite->AKMSuiteList[Index].SuiteType
> );
> + Length = StrLen (AKMListDisplay + Length) + Length;
> if (Index == AKMSuiteCount - 1) {
> - *(AKMListDisplay + (Index * 2 + 1)) = L'\0';
> + *(AKMListDisplay + (Length - 1)) = L'\0';
> }
> }
> }
> @@ -1461,7 +1465,9 @@ WifiMgrDxeHiiConfigAccessCallback (
> return EFI_OUT_OF_RESOURCES;
> }
>
> - if (IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) {
> + if ((IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) ||
> + (IfrNvData->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE))
> + {
> IfrNvData->EapAuthMethod = Profile->EapAuthMethod;
> IfrNvData->EapSecondAuthMethod = Profile->EapSecondAuthMethod;
> StrCpyS (IfrNvData->EapIdentity, EAP_IDENTITY_SIZE, Profile->EapIdentity);
> @@ -1529,7 +1535,9 @@ WifiMgrDxeHiiConfigAccessCallback (
> //
> // Restore User Config Data for Page recovery
> //
> - if (IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) {
> + if ((IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) ||
> + (IfrNvData->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE))
> + {
> Profile->EapAuthMethod = IfrNvData->EapAuthMethod;
> Profile->EapSecondAuthMethod = IfrNvData->EapSecondAuthMethod;
> StrCpyS (Profile->EapIdentity, EAP_IDENTITY_SIZE, IfrNvData->EapIdentity);
> @@ -1598,12 +1606,17 @@ WifiMgrDxeHiiConfigAccessCallback (
> // When this network is not currently connected, pend it to connect.
> //
> if (Profile->AKMSuiteSupported && Profile->CipherSuiteSupported) {
> - if ((Profile->SecurityType == SECURITY_TYPE_NONE) || (Profile->SecurityType == SECURITY_TYPE_WPA2_PERSONAL)) {
> + if ((Profile->SecurityType == SECURITY_TYPE_NONE) ||
> + (Profile->SecurityType == SECURITY_TYPE_WPA2_PERSONAL) ||
> + (Profile->SecurityType == SECURITY_TYPE_WPA3_PERSONAL))
> + {
> //
> // For Open network, connect directly.
> //
> ProfileToConnect = Profile;
> - } else if (Profile->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) {
> + } else if ((Profile->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) ||
> + (Profile->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE))
> + {
> //
> // For WPA/WPA2-Enterprise network, conduct eap configuration first.
> // Only EAP-TLS, TTLS and PEAP is supported now!
> diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
> index 7630c0695c..59bac48c42 100644
> --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
> +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
> @@ -1,7 +1,7 @@
> /** @file
> The Mac Connection2 Protocol adapter functions for WiFi Connection Manager.
>
> - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -848,6 +848,7 @@ WifiMgrPrepareConnection (
> if (AKMSuiteSupported && CipherSuiteSupported) {
> switch (SecurityType) {
> case SECURITY_TYPE_WPA2_PERSONAL:
> + case SECURITY_TYPE_WPA3_PERSONAL:
>
> Status = WifiMgrConfigPassword (Nic, Profile);
> if (EFI_ERROR (Status)) {
> @@ -863,6 +864,7 @@ WifiMgrPrepareConnection (
> break;
>
> case SECURITY_TYPE_WPA2_ENTERPRISE:
> + case SECURITY_TYPE_WPA3_ENTERPRISE:
>
> Status = WifiMgrConfigEap (Nic, Profile);
> if (EFI_ERROR (Status)) {
> diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c
> index 4e7c241718..4ad5643c24 100644
> --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c
> +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c
> @@ -1,7 +1,7 @@
> /** @file
> The Miscellaneous Routines for WiFi Connection Manager.
>
> - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -9,6 +9,24 @@
>
> #include "WifiConnectionMgrDxe.h"
>
> +//
> +// STA AKM preference order
> +// REF: https://www.wi-fi.org/file/wpa3-specification
> +//
> +STATIC UINT32 mAKMSuitePreference[] = {
> + IEEE_80211_AKM_SUITE_8021X_SUITE_B192, // AKM Suite 12
> + IEEE_80211_AKM_SUITE_8021X_SUITE_B, // AKM Suite 11
> + IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256, // AKM Suite 5
> + IEEE_80211_AKM_SUITE_8021X_OR_PMKSA, // AKM Suite 1
> +
> + IEEE_80211_AKM_SUITE_SAE, // AKM Suite 8
> + IEEE_80211_AKM_SUITE_PSK_SHA256, // AKM Suite 6
> + IEEE_80211_AKM_SUITE_PSK, // AKM Suite 2
> +
> + IEEE_80211_AKM_SUITE_OWE // AKM Suite 18
> +};
> +#define AKM_SUITE_PREFERENCE_COUNT (sizeof (mAKMSuitePreference) / sizeof (UINT32))
> +
> /**
> Empty function for event process function.
>
> @@ -340,7 +358,7 @@ WifiMgrCheckRSN (
> EFI_80211_AKM_SUITE_SELECTOR *SupportedAKMSuites;
> EFI_80211_CIPHER_SUITE_SELECTOR *SupportedSwCipherSuites;
> EFI_80211_CIPHER_SUITE_SELECTOR *SupportedHwCipherSuites;
> - EFI_80211_SUITE_SELECTOR *AKMSuite;
> + UINT32 *AKMSuite;
> EFI_80211_SUITE_SELECTOR *CipherSuite;
> UINT16 AKMIndex;
> UINT16 CipherIndex;
> @@ -371,18 +389,29 @@ WifiMgrCheckRSN (
> return EFI_SUCCESS;
> }
>
> - for (AKMIndex = 0; AKMIndex < AKMList->AKMSuiteCount; AKMIndex++) {
> - AKMSuite = AKMList->AKMSuiteList + AKMIndex;
> - if (WifiMgrSupportAKMSuite (
> - SupportedAKMSuites->AKMSuiteCount,
> - (UINT32 *)SupportedAKMSuites->AKMSuiteList,
> - (UINT32 *)AKMSuite
> - ))
> + for (AKMIndex = 0; AKMIndex < AKM_SUITE_PREFERENCE_COUNT; AKMIndex++) {
> + AKMSuite = mAKMSuitePreference + AKMIndex;
> + if (WifiMgrSupportAKMSuite (AKMList->AKMSuiteCount, (UINT32 *)AKMList->AKMSuiteList, AKMSuite) &&
> + WifiMgrSupportAKMSuite (SupportedAKMSuites->AKMSuiteCount, (UINT32 *)SupportedAKMSuites->AKMSuiteList, AKMSuite))
> {
> if ((AKMSuiteSupported != NULL) && (CipherSuiteSupported != NULL)) {
> *AKMSuiteSupported = TRUE;
> }
>
> + //
> + // OWE transition mode allow CipherSuiteCount is 0
> + //
> + if (CipherList->CipherSuiteCount == 0) {
> + *SecurityType = WifiMgrGetSecurityType ((UINT32 *)AKMSuite, NULL);
> + if (*SecurityType != SECURITY_TYPE_UNKNOWN) {
> + if ((AKMSuiteSupported != NULL) && (CipherSuiteSupported != NULL)) {
> + *CipherSuiteSupported = TRUE;
> + }
> +
> + return EFI_SUCCESS;
> + }
> + }
> +
> for (CipherIndex = 0; CipherIndex < CipherList->CipherSuiteCount; CipherIndex++) {
> CipherSuite = CipherList->CipherSuiteList + CipherIndex;
>
> @@ -450,6 +479,10 @@ WifiMgrGetSecurityType (
> IN UINT32 *CipherSuite
> )
> {
> + if ((AKMSuite != NULL) && (*AKMSuite == IEEE_80211_AKM_SUITE_OWE)) {
> + return SECURITY_TYPE_NONE;
> + }
> +
> if (CipherSuite == NULL) {
> if (AKMSuite == NULL) {
> return SECURITY_TYPE_NONE;
> @@ -471,8 +504,10 @@ WifiMgrGetSecurityType (
> return SECURITY_TYPE_UNKNOWN;
> }
>
> - if ((*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA) ||
> - (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256))
> + if (*AKMSuite == IEEE_80211_AKM_SUITE_SAE) {
> + return SECURITY_TYPE_WPA3_PERSONAL;
> + } else if ((*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA) ||
> + (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256))
> {
> return SECURITY_TYPE_WPA2_ENTERPRISE;
> } else if ((*AKMSuite == IEEE_80211_AKM_SUITE_PSK) ||
> @@ -498,6 +533,26 @@ WifiMgrGetSecurityType (
> } else {
> return SECURITY_TYPE_UNKNOWN;
> }
> + } else if (*CipherSuite == IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP) {
> + if (AKMSuite == NULL) {
> + return SECURITY_TYPE_UNKNOWN;
> + }
> +
> + if (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_SUITE_B) {
> + return SECURITY_TYPE_WPA3_ENTERPRISE;
> + } else {
> + return SECURITY_TYPE_UNKNOWN;
> + }
> + } else if (*CipherSuite == IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP256) {
> + if (AKMSuite == NULL) {
> + return SECURITY_TYPE_UNKNOWN;
> + }
> +
> + if (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_SUITE_B192) {
> + return SECURITY_TYPE_WPA3_ENTERPRISE;
> + } else {
> + return SECURITY_TYPE_UNKNOWN;
> + }
> } else {
> return SECURITY_TYPE_UNKNOWN;
> }
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90987): https://edk2.groups.io/g/devel/message/90987
Mute This Topic: https://groups.io/mt/91960521/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2026 Red Hat, Inc.