From 8b97e4c3ef4be349838f002aaed529af95e73d1a Mon Sep 17 00:00:00 2001 From: Praveen babu chandran Date: Wed, 22 Jan 2020 15:02:58 -0800 Subject: [PATCH] Add WPA3 support for green tea tests --- TESTS/network/wifi/README.md | 9 +++++++ TESTS/network/wifi/get_security.cpp | 8 +++++++ TESTS/network/wifi/wifi_set_credential.cpp | 12 ++++++++++ .../interface/WhdSTAInterface.cpp | 24 ++++++++++++++++++- features/netsocket/nsapi_types.h | 2 ++ 5 files changed, 54 insertions(+), 1 deletion(-) diff --git a/TESTS/network/wifi/README.md b/TESTS/network/wifi/README.md index 1e493715ff..5f81b8af0f 100644 --- a/TESTS/network/wifi/README.md +++ b/TESTS/network/wifi/README.md @@ -37,6 +37,7 @@ The general test environment consists of DUTs, base stations, a network connecti - Time protocol, [RFC 868](https://tools.ietf.org/html/rfc868) in both TCP and UDP. Port 37. - Channels to be used must be different for both APs. For secure on channel number is later referred as `` and for unsecure on ``. - MAC addresses of Wi-Fi APs must be known. These are later referred to as `` and ``. +- WPA3 may not be supported for all target platforms, Refer to target specifications before updating security protocol to WPA3 or WPA3/WPA2 in `mbed_app.json` **NOTE:** This document refers to an echo server because it is a requirement for running Socket API tests. The test cases defined in this document do not directly use it. @@ -58,6 +59,8 @@ Please refer to the following table for priorities of test cases. Priorities are | | | NSAPI_SECURITY_WPA | SHOULD | | | | NSAPI_SECURITY_WPA2 | SHOULD | | | | NSAPI_SECURITY_WPA_WPA2 | MUST | +| | | NSAPI_SECURITY_WPA3_WPA2 | SHOULD | +| | | NSAPI_SECURITY_WPA3 | SHOULD | | 9 | WIFI_CONNECT_PARAMS_CHANNEL | | SHOULD | | 10 | WIFI_CONNECT_PARAMS_CHANNEL_FAIL | | SHOULD | | 11 | WIFI_CONNECT | | MUST | @@ -67,6 +70,8 @@ Please refer to the following table for priorities of test cases. Priorities are | | | NSAPI_SECURITY_WPA | SHOULD | | | | NSAPI_SECURITY_WPA2 | SHOULD | | | | NSAPI_SECURITY_WPA_WPA2 | MUST | +| | | NSAPI_SECURITY_WPA3_WPA2 | SHOULD | +| | | NSAPI_SECURITY_WPA3 | SHOULD | | 14 | WIFI_CONNECT_SECURE_FAIL | | MUST | | 15 | WIFI_CONNECT_DISCONNECT_REPEAT | | MUST | | 16 | WIFI_SCAN_NULL | | SHOULD | @@ -167,15 +172,19 @@ Call `set_credentials()` with various parameters described in "Expected results" |------------|---------------------------|----------------------------------|-----------------------------------------------------| | ssid=NULL | NULL | NSAPI_SECURITY_NONE | NSAPI_ERROR_PARAMETER | | ssid="OK" | NULL | NSAPI_SECURITY_WPA_WPA2 | NSAPI_ERROR_PARAMETER | +| ssid="OK" | NULL | NSAPI_SECURITY_WPA3_WPA2 | NSAPI_ERROR_PARAMETER | | ssid="OK" | NULL | NSAPI_SECURITY_WEP | NSAPI_ERROR_PARAMETER because password is missing. | | ssid="OK" | NULL | NSAPI_SECURITY_NONE | NSAPI_ERROR_OK | | ssid="OK" | [any 64 character string] | NSAPI_SECURITY_WPA2 | NSAPI_ERROR_PARAMETER because password is too long | | ssid="OK" | [any 63 character string] | NSAPI_SECURITY_WPA2 | NSAPI_ERROR_OK | | ssid="OK" | "" | NSAPI_SECURITY_WPA_WPA2 | NSAPI_ERROR_PARAMETER | +| ssid="OK" | "" | NSAPI_SECURITY_WPA3_WPA2 | NSAPI_ERROR_PARAMETER | | ssid="OK" | "" | NSAPI_SECURITY_WEP | NSAPI_ERROR_PARAMETER because password is missing. | | ssid="OK" | "" | NSAPI_SECURITY_NONE | NSAPI_ERROR_OK | | ssid="OK" | "12345678" | NSAPI_SECURITY_WPA_WPA2 | NSAPI_ERROR_OK | +| ssid="OK" | "12345678" | NSAPI_SECURITY_WPA3_WPA2 | NSAPI_ERROR_OK | | ssid="OK" | "12345678" | NSAPI_SECURITY_WPA2 | NSAPI_ERROR_OK | +| ssid="OK" | "12345678" | NSAPI_SECURITY_WPA3 | NSAPI_ERROR_OK | | ssid="OK" | "12345678" | NSAPI_SECURITY_WPA | NSAPI_ERROR_OK | | ssid="OK" | "12345678" | NSAPI_SECURITY_WEP | NSAPI_ERROR_OK or NSAPI_ERROR_UNSUPPORTED | | ssid="" | "" | NSAPI_SECURITY_NONE | NSAPI_ERROR_PARAMETER | diff --git a/TESTS/network/wifi/get_security.cpp b/TESTS/network/wifi/get_security.cpp index ae94b656b0..ddc2771e36 100644 --- a/TESTS/network/wifi/get_security.cpp +++ b/TESTS/network/wifi/get_security.cpp @@ -26,6 +26,8 @@ nsapi_security get_security() static const char *SEC_WPA = "WPA"; static const char *SEC_WPA2 = "WPA2"; static const char *SEC_WPA_WPA2 = "WPA/WPA2"; + static const char *SEC_WPA3 = "WPA3"; + static const char *SEC_WPA3_WPA2 = "WPA3/WPA2"; if (strcmp(MBED_CONF_APP_WIFI_SECURE_PROTOCOL, SEC_WEP) == 0) { return NSAPI_SECURITY_WEP; @@ -39,6 +41,12 @@ nsapi_security get_security() if (strcmp(MBED_CONF_APP_WIFI_SECURE_PROTOCOL, SEC_WPA_WPA2) == 0) { return NSAPI_SECURITY_WPA_WPA2; } + if (strcmp(MBED_CONF_APP_WIFI_SECURE_PROTOCOL, SEC_WPA3) == 0) { + return NSAPI_SECURITY_WPA3; + } + if (strcmp(MBED_CONF_APP_WIFI_SECURE_PROTOCOL, SEC_WPA3_WPA2) == 0) { + return NSAPI_SECURITY_WPA3_WPA2; + } #endif return NSAPI_SECURITY_NONE; } diff --git a/TESTS/network/wifi/wifi_set_credential.cpp b/TESTS/network/wifi/wifi_set_credential.cpp index d2c0ba6613..733d4c3c63 100644 --- a/TESTS/network/wifi/wifi_set_credential.cpp +++ b/TESTS/network/wifi/wifi_set_credential.cpp @@ -52,6 +52,12 @@ void wifi_set_credential(void) error = iface->set_credentials("OK", "", NSAPI_SECURITY_WPA_WPA2); TEST_ASSERT_EQUAL(NSAPI_ERROR_PARAMETER, error); + error = iface->set_credentials("OK", NULL, NSAPI_SECURITY_WPA3_WPA2); + TEST_ASSERT_EQUAL(NSAPI_ERROR_PARAMETER, error); + + error = iface->set_credentials("OK", "", NSAPI_SECURITY_WPA3_WPA2); + TEST_ASSERT_EQUAL(NSAPI_ERROR_PARAMETER, error); + error = iface->set_credentials("OK", NULL, NSAPI_SECURITY_NONE); TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, error); @@ -64,9 +70,15 @@ void wifi_set_credential(void) error = iface->set_credentials("OK", "12345678", NSAPI_SECURITY_WPA2); TEST_ASSERT((error == NSAPI_ERROR_OK) || (error == NSAPI_ERROR_UNSUPPORTED)); + error = iface->set_credentials("OK", "12345678", NSAPI_SECURITY_WPA3); + TEST_ASSERT((error == NSAPI_ERROR_OK) || (error == NSAPI_ERROR_UNSUPPORTED)); + error = iface->set_credentials("OK", "12345678", NSAPI_SECURITY_WPA_WPA2); TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, error); + error = iface->set_credentials("OK", "12345678", NSAPI_SECURITY_WPA3_WPA2); + TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, error); + error = iface->set_credentials("OK", "kUjd0PHHeAqaDoyfcDDEOvbyiVbYMpUHDukGoR6EJZnO5iLzWsfwiM9JQqOngni", get_security()); TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, error); diff --git a/features/netsocket/emac-drivers/TARGET_Cypress/COMPONENT_WHD/interface/WhdSTAInterface.cpp b/features/netsocket/emac-drivers/TARGET_Cypress/COMPONENT_WHD/interface/WhdSTAInterface.cpp index 7f4db2b2f9..e813d93805 100644 --- a/features/netsocket/emac-drivers/TARGET_Cypress/COMPONENT_WHD/interface/WhdSTAInterface.cpp +++ b/features/netsocket/emac-drivers/TARGET_Cypress/COMPONENT_WHD/interface/WhdSTAInterface.cpp @@ -125,6 +125,10 @@ static nsapi_security_t whd_tosecurity(whd_security_t sec) case WHD_SECURITY_WPA2_FBT_PSK: case WHD_SECURITY_WPA2_FBT_ENT: return NSAPI_SECURITY_WPA2; + case WHD_SECURITY_WPA3_SAE: + return NSAPI_SECURITY_WPA3; + case WHD_SECURITY_WPA3_WPA2_PSK: + return NSAPI_SECURITY_WPA3_WPA2; default: return NSAPI_SECURITY_UNKNOWN; } @@ -145,6 +149,10 @@ whd_security_t whd_fromsecurity(nsapi_security_t sec) return WHD_SECURITY_WPA2_MIXED_PSK; case NSAPI_SECURITY_WPA2_ENT: return WHD_SECURITY_WPA2_MIXED_ENT; + case NSAPI_SECURITY_WPA3: + return WHD_SECURITY_WPA3_SAE; + case NSAPI_SECURITY_WPA3_WPA2: + return WHD_SECURITY_WPA3_WPA2_PSK; default: return WHD_SECURITY_UNKNOWN; } @@ -224,7 +232,8 @@ nsapi_error_t WhdSTAInterface::set_credentials(const char *ssid, const char *pas (strlen(ssid) == 0) || (pass == NULL && (security != NSAPI_SECURITY_NONE && security != NSAPI_SECURITY_WPA2_ENT)) || (strlen(pass) == 0 && (security != NSAPI_SECURITY_NONE && security != NSAPI_SECURITY_WPA2_ENT)) || - (strlen(pass) > 63 && (security == NSAPI_SECURITY_WPA2 || security == NSAPI_SECURITY_WPA || security == NSAPI_SECURITY_WPA_WPA2)) + (strlen(pass) > 63 && (security == NSAPI_SECURITY_WPA2 || security == NSAPI_SECURITY_WPA || + security == NSAPI_SECURITY_WPA_WPA2 || security == NSAPI_SECURITY_WPA3 || security == NSAPI_SECURITY_WPA3_WPA2)) ) { return NSAPI_ERROR_PARAMETER; } @@ -292,6 +301,19 @@ nsapi_error_t WhdSTAInterface::connect() // choose network security whd_security_t security = whd_fromsecurity(_security); +#if defined MBED_CONF_APP_WIFI_PASSWORD_WPA2PSK + /* Set PSK password for WPA3_WPA2 */ + if (security == WHD_SECURITY_WPA3_WPA2_PSK) { + res = (whd_result_t)whd_wifi_enable_sup_set_passphrase( _whd_emac.ifp, (const uint8_t *)MBED_CONF_APP_WIFI_PASSWORD_WPA2PSK, + strlen(MBED_CONF_APP_WIFI_PASSWORD_WPA2PSK), WHD_SECURITY_WPA3_WPA2_PSK ); + } +#else + /* Set PSK password for WPA3_WPA2 */ + if (security == WHD_SECURITY_WPA3_WPA2_PSK) { + res = (whd_result_t)whd_wifi_enable_sup_set_passphrase( _whd_emac.ifp, (const uint8_t *)_pass, + strlen(_pass), WHD_SECURITY_WPA3_WPA2_PSK ); + } +#endif // join the network for (i = 0; i < MAX_RETRY_COUNT; i++) { res = (whd_result_t)whd_wifi_join(_whd_emac.ifp, diff --git a/features/netsocket/nsapi_types.h b/features/netsocket/nsapi_types.h index fa0ef691da..8de8cf4fcf 100644 --- a/features/netsocket/nsapi_types.h +++ b/features/netsocket/nsapi_types.h @@ -128,6 +128,8 @@ typedef enum nsapi_security { NSAPI_SECURITY_EAP_TLS = 0x7, /*!< phrase conforms to EAP-TLS */ NSAPI_SECURITY_PEAP = 0x8, /*!< phrase conforms to PEAP */ NSAPI_SECURITY_WPA2_ENT = 0x9, /*!< phrase conforms to WPA2-AES and WPA-TKIP with enterprise security */ + NSAPI_SECURITY_WPA3 = 0xA, /*!< phrase conforms to WPA3 */ + NSAPI_SECURITY_WPA3_WPA2 = 0xB, /*!< phrase conforms to WPA3_WPA2 */ NSAPI_SECURITY_UNKNOWN = 0xFF, /*!< unknown/unsupported security in scan results */ } nsapi_security_t;