.../WifiConnectionManagerDxe.vfr | 8 +- .../WifiConnectionMgrConfigNVDataStruct.h | 8 +- .../WifiConnectionMgrDxe.h | 18 ++++- .../WifiConnectionMgrHiiConfigAccess.c | 37 ++++++--- .../WifiConnectionMgrImpl.c | 4 +- .../WifiConnectionMgrMisc.c | 77 ++++++++++++++++--- 6 files changed, 119 insertions(+), 33 deletions(-)
https://bugzilla.tianocore.org/show_bug.cgi?id=3961
Add below Wpa3 support:
WPA3-Personal:
Ieee80211AkmSuiteSAE = 8
WPA3-Enterprise:
Ieee80211AkmSuite8021XSuiteB = 11
Ieee80211AkmSuite8021XSuiteB192 = 12
Wi-Fi CERTIFIED Enhanced Open:
Ieee80211AkmSuiteOWE = 18
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Signed-off-by: Heng Luo <heng.luo@intel.com>
---
.../WifiConnectionManagerDxe.vfr | 8 +-
.../WifiConnectionMgrConfigNVDataStruct.h | 8 +-
.../WifiConnectionMgrDxe.h | 18 ++++-
.../WifiConnectionMgrHiiConfigAccess.c | 37 ++++++---
.../WifiConnectionMgrImpl.c | 4 +-
.../WifiConnectionMgrMisc.c | 77 ++++++++++++++++---
6 files changed, 119 insertions(+), 33 deletions(-)
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr
index b0ef187535..704f2b6a54 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr
@@ -1,7 +1,7 @@
/** @file
Vfr files used in WiFi Connection Manager.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -121,7 +121,8 @@ formset
text = STRING_TOKEN(STR_SECURITY_TYPE); // TextTwo
- suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_PERSONAL;
+ suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_PERSONAL
+ AND NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA3_PERSONAL;
password varid = WIFI_MANAGER_IFR_NVDATA.Password,
prompt = STRING_TOKEN(STR_PASSWORD),
help = STRING_TOKEN(STR_PASSWORD_HELP),
@@ -132,7 +133,8 @@ formset
endpassword;
endif;
- suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE;
+ suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE
+ AND NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE;
oneof varid = WIFI_MANAGER_IFR_NVDATA.EapAuthMethod,
questionid = KEY_EAP_AUTH_METHOD_CONNECT_NETWORK,
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h
index 69878bc457..b5518a74d8 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h
@@ -1,7 +1,7 @@
/** @file
Define IFR NVData structures used by the WiFi Connection Manager.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -119,8 +119,10 @@
#define SECURITY_TYPE_WPA_PERSONAL 3
#define SECURITY_TYPE_WPA2_PERSONAL 4
#define SECURITY_TYPE_WEP 5
-#define SECURITY_TYPE_UNKNOWN 6
-#define SECURITY_TYPE_MAX 7
+#define SECURITY_TYPE_WPA3_PERSONAL 6
+#define SECURITY_TYPE_WPA3_ENTERPRISE 7
+#define SECURITY_TYPE_UNKNOWN 8
+#define SECURITY_TYPE_MAX 9
#define EAP_AUTH_METHOD_TTLS 0
#define EAP_AUTH_METHOD_PEAP 1
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h
index c3c70b2752..7b2e41e155 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h
@@ -1,7 +1,7 @@
/** @file
The miscellaneous structure definitions for WiFi connection driver.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -82,6 +82,8 @@ typedef enum {
Ieee80211PairwiseCipherSuiteCCMP = 4,
Ieee80211PairwiseCipherSuiteWEP104 = 5,
Ieee80211PairwiseCipherSuiteBIP = 6,
+ Ieee80211PairwiseCipherSuiteGCMP = 8,
+ Ieee80211PairwiseCipherSuiteGCMP256 = 9,
// ...
} IEEE_80211_PAIRWISE_CIPHER_SUITE;
@@ -91,19 +93,29 @@ typedef enum {
#define IEEE_80211_PAIRWISE_CIPHER_SUITE_CCMP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteCCMP << 24))
#define IEEE_80211_PAIRWISE_CIPHER_SUITE_WEP104 (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteWEP104 << 24))
#define IEEE_80211_PAIRWISE_CIPHER_SUITE_BIP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteBIP << 24))
+#define IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteGCMP << 24))
+#define IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP256 (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteGCMP256 << 24))
typedef enum {
Ieee80211AkmSuite8021XOrPMKSA = 1,
Ieee80211AkmSuitePSK = 2,
Ieee80211AkmSuite8021XOrPMKSASHA256 = 5,
- Ieee80211AkmSuitePSKSHA256 = 6
- // ...
+ Ieee80211AkmSuitePSKSHA256 = 6,
+ Ieee80211AkmSuiteSAE = 8,
+ Ieee80211AkmSuite8021XSuiteB = 11,
+ Ieee80211AkmSuite8021XSuiteB192 = 12,
+ Ieee80211AkmSuiteOWE = 18,
+ // ...
} IEEE_80211_AKM_SUITE;
#define IEEE_80211_AKM_SUITE_8021X_OR_PMKSA (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XOrPMKSA << 24))
#define IEEE_80211_AKM_SUITE_PSK (OUI_IEEE_80211I | (Ieee80211AkmSuitePSK << 24))
#define IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256 (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XOrPMKSASHA256 << 24))
#define IEEE_80211_AKM_SUITE_PSK_SHA256 (OUI_IEEE_80211I | (Ieee80211AkmSuitePSKSHA256 << 24))
+#define IEEE_80211_AKM_SUITE_SAE (OUI_IEEE_80211I | (Ieee80211AkmSuiteSAE << 24))
+#define IEEE_80211_AKM_SUITE_8021X_SUITE_B (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XSuiteB << 24))
+#define IEEE_80211_AKM_SUITE_8021X_SUITE_B192 (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XSuiteB192 << 24))
+#define IEEE_80211_AKM_SUITE_OWE (OUI_IEEE_80211I | (Ieee80211AkmSuiteOWE << 24))
//
// Protocol instances
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c
index 7cb2bfc281..431fcbb33a 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c
@@ -1,7 +1,7 @@
/** @file
The Hii functions for WiFi Connection Manager.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -50,6 +50,8 @@ CHAR16 *mSecurityType[] = {
L"WPA-Personal ",
L"WPA2-Personal ",
L"WEP ",
+ L"WPA3-Personal ",
+ L"WPA3-Enterprise",
L"UnKnown "
};
@@ -269,6 +271,7 @@ WifiMgrGetStrAKMList (
UINT8 Index;
UINT16 AKMSuiteCount;
CHAR16 *AKMListDisplay;
+ UINTN Length;
AKMListDisplay = NULL;
if ((Profile == NULL) || (Profile->Network.AKMSuite == NULL)) {
@@ -278,23 +281,24 @@ WifiMgrGetStrAKMList (
AKMSuiteCount = Profile->Network.AKMSuite->AKMSuiteCount;
if (AKMSuiteCount != 0) {
//
- // Current AKM Suite is between 1-9
+ // Current AKM Suite is between 1-18
//
- AKMListDisplay = (CHAR16 *)AllocateZeroPool (sizeof (CHAR16) * (AKMSuiteCount * 2 + 1));
+ AKMListDisplay = (CHAR16 *)AllocateZeroPool (sizeof (CHAR16) * (AKMSuiteCount * 3 + 1));
+ Length = 0;
if (AKMListDisplay != NULL) {
for (Index = 0; Index < AKMSuiteCount; Index++) {
//
- // The size of buffer should be 3 CHAR16 for Null-terminated Unicode string.
- // The first char is the AKM Suite number, the second char is ' ', the third char is '\0'.
+ // The size of buffer should be 4 CHAR16 for Null-terminated Unicode string.
//
UnicodeSPrint (
- AKMListDisplay + (Index * 2),
- sizeof (CHAR16) * 3,
+ AKMListDisplay + Length,
+ sizeof (CHAR16) * 4,
L"%d ",
Profile->Network.AKMSuite->AKMSuiteList[Index].SuiteType
);
+ Length = StrLen (AKMListDisplay + Length) + Length;
if (Index == AKMSuiteCount - 1) {
- *(AKMListDisplay + (Index * 2 + 1)) = L'\0';
+ *(AKMListDisplay + (Length - 1)) = L'\0';
}
}
}
@@ -1461,7 +1465,9 @@ WifiMgrDxeHiiConfigAccessCallback (
return EFI_OUT_OF_RESOURCES;
}
- if (IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) {
+ if ((IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) ||
+ (IfrNvData->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE))
+ {
IfrNvData->EapAuthMethod = Profile->EapAuthMethod;
IfrNvData->EapSecondAuthMethod = Profile->EapSecondAuthMethod;
StrCpyS (IfrNvData->EapIdentity, EAP_IDENTITY_SIZE, Profile->EapIdentity);
@@ -1529,7 +1535,9 @@ WifiMgrDxeHiiConfigAccessCallback (
//
// Restore User Config Data for Page recovery
//
- if (IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) {
+ if ((IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) ||
+ (IfrNvData->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE))
+ {
Profile->EapAuthMethod = IfrNvData->EapAuthMethod;
Profile->EapSecondAuthMethod = IfrNvData->EapSecondAuthMethod;
StrCpyS (Profile->EapIdentity, EAP_IDENTITY_SIZE, IfrNvData->EapIdentity);
@@ -1598,12 +1606,17 @@ WifiMgrDxeHiiConfigAccessCallback (
// When this network is not currently connected, pend it to connect.
//
if (Profile->AKMSuiteSupported && Profile->CipherSuiteSupported) {
- if ((Profile->SecurityType == SECURITY_TYPE_NONE) || (Profile->SecurityType == SECURITY_TYPE_WPA2_PERSONAL)) {
+ if ((Profile->SecurityType == SECURITY_TYPE_NONE) ||
+ (Profile->SecurityType == SECURITY_TYPE_WPA2_PERSONAL) ||
+ (Profile->SecurityType == SECURITY_TYPE_WPA3_PERSONAL))
+ {
//
// For Open network, connect directly.
//
ProfileToConnect = Profile;
- } else if (Profile->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) {
+ } else if ((Profile->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) ||
+ (Profile->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE))
+ {
//
// For WPA/WPA2-Enterprise network, conduct eap configuration first.
// Only EAP-TLS, TTLS and PEAP is supported now!
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
index 7630c0695c..59bac48c42 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c
@@ -1,7 +1,7 @@
/** @file
The Mac Connection2 Protocol adapter functions for WiFi Connection Manager.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -848,6 +848,7 @@ WifiMgrPrepareConnection (
if (AKMSuiteSupported && CipherSuiteSupported) {
switch (SecurityType) {
case SECURITY_TYPE_WPA2_PERSONAL:
+ case SECURITY_TYPE_WPA3_PERSONAL:
Status = WifiMgrConfigPassword (Nic, Profile);
if (EFI_ERROR (Status)) {
@@ -863,6 +864,7 @@ WifiMgrPrepareConnection (
break;
case SECURITY_TYPE_WPA2_ENTERPRISE:
+ case SECURITY_TYPE_WPA3_ENTERPRISE:
Status = WifiMgrConfigEap (Nic, Profile);
if (EFI_ERROR (Status)) {
diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c
index 4e7c241718..4ad5643c24 100644
--- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c
+++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c
@@ -1,7 +1,7 @@
/** @file
The Miscellaneous Routines for WiFi Connection Manager.
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -9,6 +9,24 @@
#include "WifiConnectionMgrDxe.h"
+//
+// STA AKM preference order
+// REF: https://www.wi-fi.org/file/wpa3-specification
+//
+STATIC UINT32 mAKMSuitePreference[] = {
+ IEEE_80211_AKM_SUITE_8021X_SUITE_B192, // AKM Suite 12
+ IEEE_80211_AKM_SUITE_8021X_SUITE_B, // AKM Suite 11
+ IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256, // AKM Suite 5
+ IEEE_80211_AKM_SUITE_8021X_OR_PMKSA, // AKM Suite 1
+
+ IEEE_80211_AKM_SUITE_SAE, // AKM Suite 8
+ IEEE_80211_AKM_SUITE_PSK_SHA256, // AKM Suite 6
+ IEEE_80211_AKM_SUITE_PSK, // AKM Suite 2
+
+ IEEE_80211_AKM_SUITE_OWE // AKM Suite 18
+};
+#define AKM_SUITE_PREFERENCE_COUNT (sizeof (mAKMSuitePreference) / sizeof (UINT32))
+
/**
Empty function for event process function.
@@ -340,7 +358,7 @@ WifiMgrCheckRSN (
EFI_80211_AKM_SUITE_SELECTOR *SupportedAKMSuites;
EFI_80211_CIPHER_SUITE_SELECTOR *SupportedSwCipherSuites;
EFI_80211_CIPHER_SUITE_SELECTOR *SupportedHwCipherSuites;
- EFI_80211_SUITE_SELECTOR *AKMSuite;
+ UINT32 *AKMSuite;
EFI_80211_SUITE_SELECTOR *CipherSuite;
UINT16 AKMIndex;
UINT16 CipherIndex;
@@ -371,18 +389,29 @@ WifiMgrCheckRSN (
return EFI_SUCCESS;
}
- for (AKMIndex = 0; AKMIndex < AKMList->AKMSuiteCount; AKMIndex++) {
- AKMSuite = AKMList->AKMSuiteList + AKMIndex;
- if (WifiMgrSupportAKMSuite (
- SupportedAKMSuites->AKMSuiteCount,
- (UINT32 *)SupportedAKMSuites->AKMSuiteList,
- (UINT32 *)AKMSuite
- ))
+ for (AKMIndex = 0; AKMIndex < AKM_SUITE_PREFERENCE_COUNT; AKMIndex++) {
+ AKMSuite = mAKMSuitePreference + AKMIndex;
+ if (WifiMgrSupportAKMSuite (AKMList->AKMSuiteCount, (UINT32 *)AKMList->AKMSuiteList, AKMSuite) &&
+ WifiMgrSupportAKMSuite (SupportedAKMSuites->AKMSuiteCount, (UINT32 *)SupportedAKMSuites->AKMSuiteList, AKMSuite))
{
if ((AKMSuiteSupported != NULL) && (CipherSuiteSupported != NULL)) {
*AKMSuiteSupported = TRUE;
}
+ //
+ // OWE transition mode allow CipherSuiteCount is 0
+ //
+ if (CipherList->CipherSuiteCount == 0) {
+ *SecurityType = WifiMgrGetSecurityType ((UINT32 *)AKMSuite, NULL);
+ if (*SecurityType != SECURITY_TYPE_UNKNOWN) {
+ if ((AKMSuiteSupported != NULL) && (CipherSuiteSupported != NULL)) {
+ *CipherSuiteSupported = TRUE;
+ }
+
+ return EFI_SUCCESS;
+ }
+ }
+
for (CipherIndex = 0; CipherIndex < CipherList->CipherSuiteCount; CipherIndex++) {
CipherSuite = CipherList->CipherSuiteList + CipherIndex;
@@ -450,6 +479,10 @@ WifiMgrGetSecurityType (
IN UINT32 *CipherSuite
)
{
+ if ((AKMSuite != NULL) && (*AKMSuite == IEEE_80211_AKM_SUITE_OWE)) {
+ return SECURITY_TYPE_NONE;
+ }
+
if (CipherSuite == NULL) {
if (AKMSuite == NULL) {
return SECURITY_TYPE_NONE;
@@ -471,8 +504,10 @@ WifiMgrGetSecurityType (
return SECURITY_TYPE_UNKNOWN;
}
- if ((*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA) ||
- (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256))
+ if (*AKMSuite == IEEE_80211_AKM_SUITE_SAE) {
+ return SECURITY_TYPE_WPA3_PERSONAL;
+ } else if ((*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA) ||
+ (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256))
{
return SECURITY_TYPE_WPA2_ENTERPRISE;
} else if ((*AKMSuite == IEEE_80211_AKM_SUITE_PSK) ||
@@ -498,6 +533,26 @@ WifiMgrGetSecurityType (
} else {
return SECURITY_TYPE_UNKNOWN;
}
+ } else if (*CipherSuite == IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP) {
+ if (AKMSuite == NULL) {
+ return SECURITY_TYPE_UNKNOWN;
+ }
+
+ if (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_SUITE_B) {
+ return SECURITY_TYPE_WPA3_ENTERPRISE;
+ } else {
+ return SECURITY_TYPE_UNKNOWN;
+ }
+ } else if (*CipherSuite == IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP256) {
+ if (AKMSuite == NULL) {
+ return SECURITY_TYPE_UNKNOWN;
+ }
+
+ if (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_SUITE_B192) {
+ return SECURITY_TYPE_WPA3_ENTERPRISE;
+ } else {
+ return SECURITY_TYPE_UNKNOWN;
+ }
} else {
return SECURITY_TYPE_UNKNOWN;
}
--
2.31.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90746): https://edk2.groups.io/g/devel/message/90746
Mute This Topic: https://groups.io/mt/91960521/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> On 24 cze 2022 09:59, Heng Luo wrote: > https://bugzilla.tianocore.org/show_bug.cgi?id=3961 > > Add below Wpa3 support: > WPA3-Personal: > Ieee80211AkmSuiteSAE = 8 > WPA3-Enterprise: > Ieee80211AkmSuite8021XSuiteB = 11 > Ieee80211AkmSuite8021XSuiteB192 = 12 > Wi-Fi CERTIFIED Enhanced Open: > Ieee80211AkmSuiteOWE = 18 > > Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> > Cc: Fu Siyuan <siyuan.fu@intel.com> > Cc: Wu Jiaxin <jiaxin.wu@intel.com> > Signed-off-by: Heng Luo <heng.luo@intel.com> > --- > .../WifiConnectionManagerDxe.vfr | 8 +- > .../WifiConnectionMgrConfigNVDataStruct.h | 8 +- > .../WifiConnectionMgrDxe.h | 18 ++++- > .../WifiConnectionMgrHiiConfigAccess.c | 37 ++++++--- > .../WifiConnectionMgrImpl.c | 4 +- > .../WifiConnectionMgrMisc.c | 77 ++++++++++++++++--- > 6 files changed, 119 insertions(+), 33 deletions(-) > > diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr > index b0ef187535..704f2b6a54 100644 > --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr > +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr > @@ -1,7 +1,7 @@ > /** @file > Vfr files used in WiFi Connection Manager. > > - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > @@ -121,7 +121,8 @@ formset > text = STRING_TOKEN(STR_SECURITY_TYPE); // TextTwo > > > - suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_PERSONAL; > + suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_PERSONAL > + AND NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA3_PERSONAL; > password varid = WIFI_MANAGER_IFR_NVDATA.Password, > prompt = STRING_TOKEN(STR_PASSWORD), > help = STRING_TOKEN(STR_PASSWORD_HELP), > @@ -132,7 +133,8 @@ formset > endpassword; > endif; > > - suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE; > + suppressif NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE > + AND NOT ideqval WIFI_MANAGER_IFR_NVDATA.SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE; > > oneof varid = WIFI_MANAGER_IFR_NVDATA.EapAuthMethod, > questionid = KEY_EAP_AUTH_METHOD_CONNECT_NETWORK, > diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h > index 69878bc457..b5518a74d8 100644 > --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h > +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrConfigNVDataStruct.h > @@ -1,7 +1,7 @@ > /** @file > Define IFR NVData structures used by the WiFi Connection Manager. > > - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > @@ -119,8 +119,10 @@ > #define SECURITY_TYPE_WPA_PERSONAL 3 > #define SECURITY_TYPE_WPA2_PERSONAL 4 > #define SECURITY_TYPE_WEP 5 > -#define SECURITY_TYPE_UNKNOWN 6 > -#define SECURITY_TYPE_MAX 7 > +#define SECURITY_TYPE_WPA3_PERSONAL 6 > +#define SECURITY_TYPE_WPA3_ENTERPRISE 7 > +#define SECURITY_TYPE_UNKNOWN 8 > +#define SECURITY_TYPE_MAX 9 > > #define EAP_AUTH_METHOD_TTLS 0 > #define EAP_AUTH_METHOD_PEAP 1 > diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h > index c3c70b2752..7b2e41e155 100644 > --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h > +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrDxe.h > @@ -1,7 +1,7 @@ > /** @file > The miscellaneous structure definitions for WiFi connection driver. > > - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > @@ -82,6 +82,8 @@ typedef enum { > Ieee80211PairwiseCipherSuiteCCMP = 4, > Ieee80211PairwiseCipherSuiteWEP104 = 5, > Ieee80211PairwiseCipherSuiteBIP = 6, > + Ieee80211PairwiseCipherSuiteGCMP = 8, > + Ieee80211PairwiseCipherSuiteGCMP256 = 9, > // ... > } IEEE_80211_PAIRWISE_CIPHER_SUITE; > > @@ -91,19 +93,29 @@ typedef enum { > #define IEEE_80211_PAIRWISE_CIPHER_SUITE_CCMP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteCCMP << 24)) > #define IEEE_80211_PAIRWISE_CIPHER_SUITE_WEP104 (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteWEP104 << 24)) > #define IEEE_80211_PAIRWISE_CIPHER_SUITE_BIP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteBIP << 24)) > +#define IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteGCMP << 24)) > +#define IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP256 (OUI_IEEE_80211I | (Ieee80211PairwiseCipherSuiteGCMP256 << 24)) > > typedef enum { > Ieee80211AkmSuite8021XOrPMKSA = 1, > Ieee80211AkmSuitePSK = 2, > Ieee80211AkmSuite8021XOrPMKSASHA256 = 5, > - Ieee80211AkmSuitePSKSHA256 = 6 > - // ... > + Ieee80211AkmSuitePSKSHA256 = 6, > + Ieee80211AkmSuiteSAE = 8, > + Ieee80211AkmSuite8021XSuiteB = 11, > + Ieee80211AkmSuite8021XSuiteB192 = 12, > + Ieee80211AkmSuiteOWE = 18, > + // ... > } IEEE_80211_AKM_SUITE; > > #define IEEE_80211_AKM_SUITE_8021X_OR_PMKSA (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XOrPMKSA << 24)) > #define IEEE_80211_AKM_SUITE_PSK (OUI_IEEE_80211I | (Ieee80211AkmSuitePSK << 24)) > #define IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256 (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XOrPMKSASHA256 << 24)) > #define IEEE_80211_AKM_SUITE_PSK_SHA256 (OUI_IEEE_80211I | (Ieee80211AkmSuitePSKSHA256 << 24)) > +#define IEEE_80211_AKM_SUITE_SAE (OUI_IEEE_80211I | (Ieee80211AkmSuiteSAE << 24)) > +#define IEEE_80211_AKM_SUITE_8021X_SUITE_B (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XSuiteB << 24)) > +#define IEEE_80211_AKM_SUITE_8021X_SUITE_B192 (OUI_IEEE_80211I | (Ieee80211AkmSuite8021XSuiteB192 << 24)) > +#define IEEE_80211_AKM_SUITE_OWE (OUI_IEEE_80211I | (Ieee80211AkmSuiteOWE << 24)) > > // > // Protocol instances > diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c > index 7cb2bfc281..431fcbb33a 100644 > --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c > +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrHiiConfigAccess.c > @@ -1,7 +1,7 @@ > /** @file > The Hii functions for WiFi Connection Manager. > > - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > @@ -50,6 +50,8 @@ CHAR16 *mSecurityType[] = { > L"WPA-Personal ", > L"WPA2-Personal ", > L"WEP ", > + L"WPA3-Personal ", > + L"WPA3-Enterprise", > L"UnKnown " > }; > > @@ -269,6 +271,7 @@ WifiMgrGetStrAKMList ( > UINT8 Index; > UINT16 AKMSuiteCount; > CHAR16 *AKMListDisplay; > + UINTN Length; > > AKMListDisplay = NULL; > if ((Profile == NULL) || (Profile->Network.AKMSuite == NULL)) { > @@ -278,23 +281,24 @@ WifiMgrGetStrAKMList ( > AKMSuiteCount = Profile->Network.AKMSuite->AKMSuiteCount; > if (AKMSuiteCount != 0) { > // > - // Current AKM Suite is between 1-9 > + // Current AKM Suite is between 1-18 > // > - AKMListDisplay = (CHAR16 *)AllocateZeroPool (sizeof (CHAR16) * (AKMSuiteCount * 2 + 1)); > + AKMListDisplay = (CHAR16 *)AllocateZeroPool (sizeof (CHAR16) * (AKMSuiteCount * 3 + 1)); > + Length = 0; > if (AKMListDisplay != NULL) { > for (Index = 0; Index < AKMSuiteCount; Index++) { > // > - // The size of buffer should be 3 CHAR16 for Null-terminated Unicode string. > - // The first char is the AKM Suite number, the second char is ' ', the third char is '\0'. > + // The size of buffer should be 4 CHAR16 for Null-terminated Unicode string. > // > UnicodeSPrint ( > - AKMListDisplay + (Index * 2), > - sizeof (CHAR16) * 3, > + AKMListDisplay + Length, > + sizeof (CHAR16) * 4, > L"%d ", > Profile->Network.AKMSuite->AKMSuiteList[Index].SuiteType > ); > + Length = StrLen (AKMListDisplay + Length) + Length; > if (Index == AKMSuiteCount - 1) { > - *(AKMListDisplay + (Index * 2 + 1)) = L'\0'; > + *(AKMListDisplay + (Length - 1)) = L'\0'; > } > } > } > @@ -1461,7 +1465,9 @@ WifiMgrDxeHiiConfigAccessCallback ( > return EFI_OUT_OF_RESOURCES; > } > > - if (IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) { > + if ((IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) || > + (IfrNvData->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE)) > + { > IfrNvData->EapAuthMethod = Profile->EapAuthMethod; > IfrNvData->EapSecondAuthMethod = Profile->EapSecondAuthMethod; > StrCpyS (IfrNvData->EapIdentity, EAP_IDENTITY_SIZE, Profile->EapIdentity); > @@ -1529,7 +1535,9 @@ WifiMgrDxeHiiConfigAccessCallback ( > // > // Restore User Config Data for Page recovery > // > - if (IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) { > + if ((IfrNvData->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) || > + (IfrNvData->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE)) > + { > Profile->EapAuthMethod = IfrNvData->EapAuthMethod; > Profile->EapSecondAuthMethod = IfrNvData->EapSecondAuthMethod; > StrCpyS (Profile->EapIdentity, EAP_IDENTITY_SIZE, IfrNvData->EapIdentity); > @@ -1598,12 +1606,17 @@ WifiMgrDxeHiiConfigAccessCallback ( > // When this network is not currently connected, pend it to connect. > // > if (Profile->AKMSuiteSupported && Profile->CipherSuiteSupported) { > - if ((Profile->SecurityType == SECURITY_TYPE_NONE) || (Profile->SecurityType == SECURITY_TYPE_WPA2_PERSONAL)) { > + if ((Profile->SecurityType == SECURITY_TYPE_NONE) || > + (Profile->SecurityType == SECURITY_TYPE_WPA2_PERSONAL) || > + (Profile->SecurityType == SECURITY_TYPE_WPA3_PERSONAL)) > + { > // > // For Open network, connect directly. > // > ProfileToConnect = Profile; > - } else if (Profile->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) { > + } else if ((Profile->SecurityType == SECURITY_TYPE_WPA2_ENTERPRISE) || > + (Profile->SecurityType == SECURITY_TYPE_WPA3_ENTERPRISE)) > + { > // > // For WPA/WPA2-Enterprise network, conduct eap configuration first. > // Only EAP-TLS, TTLS and PEAP is supported now! > diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c > index 7630c0695c..59bac48c42 100644 > --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c > +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrImpl.c > @@ -1,7 +1,7 @@ > /** @file > The Mac Connection2 Protocol adapter functions for WiFi Connection Manager. > > - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > @@ -848,6 +848,7 @@ WifiMgrPrepareConnection ( > if (AKMSuiteSupported && CipherSuiteSupported) { > switch (SecurityType) { > case SECURITY_TYPE_WPA2_PERSONAL: > + case SECURITY_TYPE_WPA3_PERSONAL: > > Status = WifiMgrConfigPassword (Nic, Profile); > if (EFI_ERROR (Status)) { > @@ -863,6 +864,7 @@ WifiMgrPrepareConnection ( > break; > > case SECURITY_TYPE_WPA2_ENTERPRISE: > + case SECURITY_TYPE_WPA3_ENTERPRISE: > > Status = WifiMgrConfigEap (Nic, Profile); > if (EFI_ERROR (Status)) { > diff --git a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c > index 4e7c241718..4ad5643c24 100644 > --- a/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c > +++ b/NetworkPkg/WifiConnectionManagerDxe/WifiConnectionMgrMisc.c > @@ -1,7 +1,7 @@ > /** @file > The Miscellaneous Routines for WiFi Connection Manager. > > - Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> > + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > @@ -9,6 +9,24 @@ > > #include "WifiConnectionMgrDxe.h" > > +// > +// STA AKM preference order > +// REF: https://www.wi-fi.org/file/wpa3-specification > +// > +STATIC UINT32 mAKMSuitePreference[] = { > + IEEE_80211_AKM_SUITE_8021X_SUITE_B192, // AKM Suite 12 > + IEEE_80211_AKM_SUITE_8021X_SUITE_B, // AKM Suite 11 > + IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256, // AKM Suite 5 > + IEEE_80211_AKM_SUITE_8021X_OR_PMKSA, // AKM Suite 1 > + > + IEEE_80211_AKM_SUITE_SAE, // AKM Suite 8 > + IEEE_80211_AKM_SUITE_PSK_SHA256, // AKM Suite 6 > + IEEE_80211_AKM_SUITE_PSK, // AKM Suite 2 > + > + IEEE_80211_AKM_SUITE_OWE // AKM Suite 18 > +}; > +#define AKM_SUITE_PREFERENCE_COUNT (sizeof (mAKMSuitePreference) / sizeof (UINT32)) > + > /** > Empty function for event process function. > > @@ -340,7 +358,7 @@ WifiMgrCheckRSN ( > EFI_80211_AKM_SUITE_SELECTOR *SupportedAKMSuites; > EFI_80211_CIPHER_SUITE_SELECTOR *SupportedSwCipherSuites; > EFI_80211_CIPHER_SUITE_SELECTOR *SupportedHwCipherSuites; > - EFI_80211_SUITE_SELECTOR *AKMSuite; > + UINT32 *AKMSuite; > EFI_80211_SUITE_SELECTOR *CipherSuite; > UINT16 AKMIndex; > UINT16 CipherIndex; > @@ -371,18 +389,29 @@ WifiMgrCheckRSN ( > return EFI_SUCCESS; > } > > - for (AKMIndex = 0; AKMIndex < AKMList->AKMSuiteCount; AKMIndex++) { > - AKMSuite = AKMList->AKMSuiteList + AKMIndex; > - if (WifiMgrSupportAKMSuite ( > - SupportedAKMSuites->AKMSuiteCount, > - (UINT32 *)SupportedAKMSuites->AKMSuiteList, > - (UINT32 *)AKMSuite > - )) > + for (AKMIndex = 0; AKMIndex < AKM_SUITE_PREFERENCE_COUNT; AKMIndex++) { > + AKMSuite = mAKMSuitePreference + AKMIndex; > + if (WifiMgrSupportAKMSuite (AKMList->AKMSuiteCount, (UINT32 *)AKMList->AKMSuiteList, AKMSuite) && > + WifiMgrSupportAKMSuite (SupportedAKMSuites->AKMSuiteCount, (UINT32 *)SupportedAKMSuites->AKMSuiteList, AKMSuite)) > { > if ((AKMSuiteSupported != NULL) && (CipherSuiteSupported != NULL)) { > *AKMSuiteSupported = TRUE; > } > > + // > + // OWE transition mode allow CipherSuiteCount is 0 > + // > + if (CipherList->CipherSuiteCount == 0) { > + *SecurityType = WifiMgrGetSecurityType ((UINT32 *)AKMSuite, NULL); > + if (*SecurityType != SECURITY_TYPE_UNKNOWN) { > + if ((AKMSuiteSupported != NULL) && (CipherSuiteSupported != NULL)) { > + *CipherSuiteSupported = TRUE; > + } > + > + return EFI_SUCCESS; > + } > + } > + > for (CipherIndex = 0; CipherIndex < CipherList->CipherSuiteCount; CipherIndex++) { > CipherSuite = CipherList->CipherSuiteList + CipherIndex; > > @@ -450,6 +479,10 @@ WifiMgrGetSecurityType ( > IN UINT32 *CipherSuite > ) > { > + if ((AKMSuite != NULL) && (*AKMSuite == IEEE_80211_AKM_SUITE_OWE)) { > + return SECURITY_TYPE_NONE; > + } > + > if (CipherSuite == NULL) { > if (AKMSuite == NULL) { > return SECURITY_TYPE_NONE; > @@ -471,8 +504,10 @@ WifiMgrGetSecurityType ( > return SECURITY_TYPE_UNKNOWN; > } > > - if ((*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA) || > - (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256)) > + if (*AKMSuite == IEEE_80211_AKM_SUITE_SAE) { > + return SECURITY_TYPE_WPA3_PERSONAL; > + } else if ((*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA) || > + (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_OR_PMKSA_SHA256)) > { > return SECURITY_TYPE_WPA2_ENTERPRISE; > } else if ((*AKMSuite == IEEE_80211_AKM_SUITE_PSK) || > @@ -498,6 +533,26 @@ WifiMgrGetSecurityType ( > } else { > return SECURITY_TYPE_UNKNOWN; > } > + } else if (*CipherSuite == IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP) { > + if (AKMSuite == NULL) { > + return SECURITY_TYPE_UNKNOWN; > + } > + > + if (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_SUITE_B) { > + return SECURITY_TYPE_WPA3_ENTERPRISE; > + } else { > + return SECURITY_TYPE_UNKNOWN; > + } > + } else if (*CipherSuite == IEEE_80211_PAIRWISE_CIPHER_SUITE_GCMP256) { > + if (AKMSuite == NULL) { > + return SECURITY_TYPE_UNKNOWN; > + } > + > + if (*AKMSuite == IEEE_80211_AKM_SUITE_8021X_SUITE_B192) { > + return SECURITY_TYPE_WPA3_ENTERPRISE; > + } else { > + return SECURITY_TYPE_UNKNOWN; > + } > } else { > return SECURITY_TYPE_UNKNOWN; > } -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90987): https://edk2.groups.io/g/devel/message/90987 Mute This Topic: https://groups.io/mt/91960521/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.