Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hostap: Security improvements #74847

Merged
merged 6 commits into from
Aug 20, 2024
Merged

hostap: Security improvements #74847

merged 6 commits into from
Aug 20, 2024

Conversation

MaochenWang1
Copy link
Contributor

@MaochenWang1 MaochenWang1 commented Jun 24, 2024
edited
Loading

hostap: Support getting Wi-Fi connection parameters recently used
hostap: Support flushing PMKSA cache entries
hostap: add WPA2 EAP_TLS support

Implements #54213 partially (only EAP-TLS).

krish2718
krish2718 requested changes Jun 24, 2024
View reviewed changes
modules/hostap/src/supp_api.c Show resolved Hide resolved
modules/hostap/src/supp_api.h Show resolved Hide resolved
include/zephyr/net/wifi_mgmt.h Outdated Show resolved Hide resolved
modules/hostap/src/supp_api.h Outdated Show resolved Hide resolved
@krish2718 krish2718 changed the title zephyr hostap related change hostap: Security improvements Jun 24, 2024
@MaochenWang1 MaochenWang1 force-pushed the main_zephyr_10 branch 4 times, most recently from 9308ab4 to 953c39e Compare July 24, 2024 09:40
@MaochenWang1
Copy link
Contributor Author

Hi @krish2718 @jukkar @rlubos please review again, thanks

krish2718
krish2718 reviewed Jul 25, 2024
View reviewed changes
modules/hostap/src/supp_api.c Outdated Show resolved Hide resolved
include/zephyr/net/wifi.h Outdated Show resolved Hide resolved
include/zephyr/net/wifi_mgmt.h Outdated Show resolved Hide resolved
modules/hostap/src/supp_api.h Outdated Show resolved Hide resolved
include/zephyr/net/wifi.h Show resolved Hide resolved
subsys/net/l2/wifi/wifi_shell.c Show resolved Hide resolved
@MaochenWang1
Copy link
Contributor Author

Hi @krish2718 @jukkar @rlubos please review again

@MaochenWang1 MaochenWang1 force-pushed the main_zephyr_10 branch 4 times, most recently from 10cc4b1 to 81b13ef Compare July 29, 2024 10:55
@MaochenWang1 MaochenWang1 force-pushed the main_zephyr_10 branch 2 times, most recently from de335e3 to 036555d Compare July 30, 2024 06:58
krish2718
krish2718 reviewed Jul 30, 2024
View reviewed changes
doc/connectivity/networking/api/wifi.rst Outdated Show resolved Hide resolved
doc/connectivity/networking/api/wifi.rst Outdated Show resolved Hide resolved
doc/connectivity/networking/api/wifi.rst Outdated Show resolved Hide resolved
doc/connectivity/networking/api/wifi.rst Outdated Show resolved Hide resolved
@MaochenWang1 MaochenWang1 force-pushed the main_zephyr_10 branch 2 times, most recently from 05b167b to 50026cb Compare July 30, 2024 08:27
krish2718
krish2718 reviewed Jul 30, 2024
View reviewed changes
doc/connectivity/networking/api/wifi.rst Outdated Show resolved Hide resolved
doc/connectivity/networking/api/wifi.rst Outdated Show resolved Hide resolved
@krish2718 krish2718 mentioned this pull request Aug 13, 2024
Open
@MaochenWang1 MaochenWang1 force-pushed the main_zephyr_10 branch 2 times, most recently from f83b253 to 13fac8e Compare August 16, 2024 10:27
@MaochenWang1 MaochenWang1 force-pushed the main_zephyr_10 branch 3 times, most recently from 819dc03 to 8ef550b Compare August 16, 2024 11:03
krish2718
krish2718 reviewed Aug 17, 2024
View reviewed changes
include/zephyr/net/wifi.h Outdated Show resolved Hide resolved
subsys/net/l2/wifi/wifi_shell.c Show resolved Hide resolved
@MaochenWang1 MaochenWang1 force-pushed the main_zephyr_10 branch 2 times, most recently from d01e31b to 0ee0f5e Compare August 19, 2024 08:08
krish2718
krish2718 previously approved these changes Aug 19, 2024
View reviewed changes
@MaochenWang1
Copy link
Contributor Author

Hi @jukkar please review, thanks

MaochenWang1 and others added 6 commits August 20, 2024 11:18
@MaochenWang1
hostap: Support getting Wi-Fi connection parameters recently used
03c4522 
Support saving and getting Wi-Fi connection parameters recently used.

Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
@MaochenWang1
hostap: Support flushing PMKSA cache entries
1e3fae4 
Support flushing PMKSA cache entries in the reconnection
failed case of WPA3 SAE.

Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
@MaochenWang1
hostap: rename WIFI_SECURITY_TYPE_EAP
aa26765 
Keep WIFI_SECURITY_TYPE_EAP, and define WIFI_SECURITY_TYPE_EAP_TLS
same value as WIFI_SECURITY_TYPE_EAP to make it backwards
compatible. Ready to support more EAP type in the comming PR.

Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
@MaochenWang1
wifi: Add WPA2 EAP-TLS support
096a406 
Add basic WPA2 EAP-TLS support.
Also, add test infrasturcture esp. the certification handling,
non-certificate credentials are take as runtime input and certificated
are build time input for testing.

A real application can set certificates at runtime too.

Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
@krish2718 @MaochenWang1
modules: hostap: Fix heap requirements for Enterprise
7ff4b73 
For Enterprise crypto MbedTLS needs more heap either separate pool or
libc heap, based on experiments 55000 was arrived for a successful
WPA2-EAP-TLS association.

Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
@krish2718 @MaochenWang1
modules: hostap: Fix MbedTLS configs
ea1077a 
For Wi-Fi Enterprise testing these configurations are necessary.

Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
@MaochenWang1
Copy link
Contributor Author

Hi @jukkar please review, this PR has pending too long, and faces conflicts several times

jukkar
jukkar approved these changes Aug 20, 2024
View reviewed changes
Copy link
Member

@jukkar jukkar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for patience, LGTM.

@henrikbrixandersen henrikbrixandersen merged commit 58b6bd6 into zephyrproject-rtos:main Aug 20, 2024
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jukkar jukkar jukkar approved these changes

@krish2718 krish2718 krish2718 approved these changes

@rlubos rlubos Awaiting requested review from rlubos

@kartben kartben Awaiting requested review from kartben

@nashif nashif Awaiting requested review from nashif

Assignees

@jukkar jukkar

Labels
area: Networking area: Samples Samples area: Wi-Fi Wi-Fi
Projects
Wi-Fi
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@MaochenWang1 @krish2718 @jukkar @henrikbrixandersen @zephyrbot