feat: WPA3 personal support (#5586)

* Removed filter for WPA3 security Signed-off-by: pierantoniomerlino <[email protected]> * First implementation of WPA3 personal station mode Signed-off-by: pierantoniomerlino <[email protected]> * Removed OWE filtering Signed-off-by: pierantoniomerlino <[email protected]> * Added support for wpa2/wpa3 Signed-off-by: pierantoniomerlino <[email protected]> * Added tests for WPA3 configuration Signed-off-by: pierantoniomerlino <[email protected]> * Added experimetal tag to WPA3 feature Signed-off-by: pierantoniomerlino <[email protected]> * Fixed wpa2/wpa3 selection Signed-off-by: pierantoniomerlino <[email protected]> * Added experimetal tag to GwtWifiSecurity Signed-off-by: pierantoniomerlino <[email protected]> * Fixed indentation Signed-off-by: pierantoniomerlino <[email protected]> * Update kura/org.eclipse.kura.web2/src/main/resources/org/eclipse/kura/web/client/messages/Messages.properties Co-authored-by: Mattia Dal Ben <[email protected]> --------- Signed-off-by: pierantoniomerlino <[email protected]> Co-authored-by: Mattia Dal Ben <[email protected]>
eclipse-kura · Dec 5, 2024 · 27b8caa · 27b8caa
1 parent eba94ed
commit 27b8caa
Show file tree

Hide file tree

Showing 11 changed files with 185 additions and 41 deletions.
diff --git a/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/wifi/WifiSecurity.java b/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/wifi/WifiSecurity.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2011, 2020 Eurotech and/or its affiliates and others
+ * Copyright (c) 2011, 2024 Eurotech and/or its affiliates and others
  * 
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
@@ -50,7 +50,17 @@ public enum WifiSecurity {
     /** Supports WPA and WPA2 encryption. */
     SECURITY_WPA_WPA2(0x4000),
     /** Supports WPA2 WPA3 enterprise. */
-    SECURITY_WPA2_WPA3_ENTERPRISE(0x8000);
+    SECURITY_WPA2_WPA3_ENTERPRISE(0x8000),
+    /**
+     * @since 3.0
+     *        Supports WPA3 encryption.
+     */
+    SECURITY_WPA3(0x10000),
+    /**
+     * @since 3.0
+     *        Supports WPA2 and WPA3 encryption.
+     */
+    SECURITY_WPA2_WPA3(0x20000);
 
     private int code;
 

diff --git a/kura/org.eclipse.kura.nm/src/main/java/org/eclipse/kura/nm/KuraWifiSecurityType.java b/kura/org.eclipse.kura.nm/src/main/java/org/eclipse/kura/nm/KuraWifiSecurityType.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2023 Eurotech and/or its affiliates and others
+ * Copyright (c) 2023, 2024 Eurotech and/or its affiliates and others
  *
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
@@ -18,29 +18,35 @@ public enum KuraWifiSecurityType {
     SECURITY_WEP,
     SECURITY_WPA,
     SECURITY_WPA2,
+    SECURITY_WPA3,
     SECURITY_WPA2_WPA3_ENTERPRISE,
-    SECURITY_WPA_WPA2;
+    SECURITY_WPA_WPA2,
+    SECURITY_WPA2_WPA3;
 
     public static KuraWifiSecurityType fromString(String securityType) {
         if (securityType == null || securityType.isEmpty()) {
             throw new IllegalArgumentException("Invalid security type: null or empty string are not supported");
         }
 
         switch (securityType) {
-        case "NONE":
-            return KuraWifiSecurityType.SECURITY_NONE;
-        case "SECURITY_WEP":
-            return KuraWifiSecurityType.SECURITY_WEP;
-        case "SECURITY_WPA":
-            return KuraWifiSecurityType.SECURITY_WPA;
-        case "SECURITY_WPA2":
-            return KuraWifiSecurityType.SECURITY_WPA2;
-        case "SECURITY_WPA2_WPA3_ENTERPRISE":
-            return KuraWifiSecurityType.SECURITY_WPA2_WPA3_ENTERPRISE;
-        case "SECURITY_WPA_WPA2":
-            return KuraWifiSecurityType.SECURITY_WPA_WPA2;
-        default:
-            throw new IllegalArgumentException("Invalid security type: " + securityType);
+            case "NONE":
+                return KuraWifiSecurityType.SECURITY_NONE;
+            case "SECURITY_WEP":
+                return KuraWifiSecurityType.SECURITY_WEP;
+            case "SECURITY_WPA":
+                return KuraWifiSecurityType.SECURITY_WPA;
+            case "SECURITY_WPA2":
+                return KuraWifiSecurityType.SECURITY_WPA2;
+            case "SECURITY_WPA3":
+                return KuraWifiSecurityType.SECURITY_WPA3;
+            case "SECURITY_WPA2_WPA3_ENTERPRISE":
+                return KuraWifiSecurityType.SECURITY_WPA2_WPA3_ENTERPRISE;
+            case "SECURITY_WPA_WPA2":
+                return KuraWifiSecurityType.SECURITY_WPA_WPA2;
+            case "SECURITY_WPA2_WPA3":
+                return KuraWifiSecurityType.SECURITY_WPA2_WPA3;
+            default:
+                throw new IllegalArgumentException("Invalid security type: " + securityType);
         }
     }
 }
diff --git a/....eclipse.kura.nm/src/main/java/org/eclipse/kura/nm/configuration/NMSettingsConverter.java b/....eclipse.kura.nm/src/main/java/org/eclipse/kura/nm/configuration/NMSettingsConverter.java
@@ -158,8 +158,7 @@ public static Map<String, Variant<?>> build8021xSettings(NetworkProperties props
                 create8021xTls(props, deviceId, settings);
                 break;
             default:
-                throw new IllegalArgumentException(
-                        String.format("Security type 802-1x EAP \"%s\" is not supported.", eap));
+                throw new IllegalArgumentException(String.format("Security type 802-1x EAP \"%s\" is not supported.", eap));
         }
 
         if (!phase2.isPresent()) {
@@ -174,7 +173,7 @@ public static Map<String, Variant<?>> build8021xSettings(NetworkProperties props
                 break;
             default:
                 throw new IllegalArgumentException(
-                        String.format("Security type 802-1x InnerAuth (Phase2) \"%s\" is not supported.", phase2));
+                    String.format("Security type 802-1x InnerAuth (Phase2) \"%s\" is not supported.", phase2));
         }
 
         return settings;
@@ -386,8 +385,7 @@ private static void configureIp6Mtu(NetworkProperties props, String deviceId, Se
     }
 
     private static void configureIp6Wan(NetworkProperties props, String deviceId, Map<String, Variant<?>> settings) {
-        Optional<List<String>> dnsServers = props.getOptStringList("net.interface.%s.config.ip6.dnsServers",
-                deviceId);
+        Optional<List<String>> dnsServers = props.getOptStringList("net.interface.%s.config.ip6.dnsServers", deviceId);
 
         dnsServers.ifPresent(value -> {
             settings.put("dns", new Variant<>(convertIp6(value), "aay"));
@@ -429,14 +427,14 @@ private static void configureIp6MethodAuto(NetworkProperties props, String devic
             Map<String, Variant<?>> settings) {
         settings.put(NM_SETTINGS_IPV6_METHOD, new Variant<>("auto"));
 
-        Optional<String> addressGenerationMode = props.getOpt(String.class,
-                "net.interface.%s.config.ip6.addr.gen.mode", deviceId);
+        Optional<String> addressGenerationMode = props.getOpt(String.class, "net.interface.%s.config.ip6.addr.gen.mode",
+                deviceId);
 
         addressGenerationMode.ifPresent(value -> {
             KuraIp6AddressGenerationMode ipv6AddressGenerationMode = KuraIp6AddressGenerationMode
                     .fromString(addressGenerationMode.get());
-            settings.put("addr-gen-mode", new Variant<>(KuraIp6AddressGenerationMode
-                    .toNMSettingIP6ConfigAddrGenMode(ipv6AddressGenerationMode).toInt32()));
+            settings.put("addr-gen-mode", new Variant<>(
+                    KuraIp6AddressGenerationMode.toNMSettingIP6ConfigAddrGenMode(ipv6AddressGenerationMode).toInt32()));
         });
 
         Optional<String> privacy = props.getOpt(String.class, "net.interface.%s.config.ip6.privacy", deviceId);
@@ -454,8 +452,7 @@ private static KuraIp6ConfigurationMethod getIp6ConfigMethod(NetworkProperties p
             ip6ConfigMethod = KuraIp6ConfigurationMethod
                     .fromString(props.get(String.class, "net.interface.%s.config.ip6.address.method", deviceId));
         } catch (NoSuchElementException e) {
-            logger.warn("IPv6 address method property not found. Using default value: {}",
-                    ip6ConfigMethod);
+            logger.warn("IPv6 address method property not found. Using default value: {}", ip6ConfigMethod);
         }
         return ip6ConfigMethod;
     }
@@ -502,11 +499,14 @@ public static Map<String, Variant<?>> build80211WirelessSecuritySettings(Network
             case SECURITY_WPA2:
             case SECURITY_WPA_WPA2:
                 return createWPAWPA2Settings(props, deviceId, propMode);
+            case SECURITY_WPA3:
+                return createWPA3Settings(props, deviceId, propMode);
+            case SECURITY_WPA2_WPA3:
+                return createWPA2WPA3Settings(props, deviceId, propMode);
             case SECURITY_WPA2_WPA3_ENTERPRISE:
                 return createWPA2WPA3EnterpriseSettings();
             default:
-                throw new IllegalArgumentException(
-                        String.format("Security type \"%s\" is not supported.", securityType));
+                throw new IllegalArgumentException(String.format("Security type \"%s\" is not supported.", securityType));
         }
     }
 
@@ -527,9 +527,38 @@ private static Map<String, Variant<?>> createWEPSettings(NetworkProperties props
 
     private static Map<String, Variant<?>> createWPAWPA2Settings(NetworkProperties props, String deviceId,
             String propMode) {
-        Map<String, Variant<?>> settings = new HashMap<>();
+        Map<String, Variant<?>> settings = createWifiSettings(props, deviceId, propMode);
+
+        settings.put(NM_SETTINGS_80211_KEY_MANAGEMENT, new Variant<>("wpa-psk"));
+
+        return settings;
+    }
+
+    private static Map<String, Variant<?>> createWPA3Settings(NetworkProperties props, String deviceId,
+            String propMode) {
+        Map<String, Variant<?>> settings = createWifiSettings(props, deviceId, propMode);
+
+        settings.put(NM_SETTINGS_80211_KEY_MANAGEMENT, new Variant<>("sae"));
+        // Set PMF (Protected Management Frames) as required
+        settings.put("pmf", new Variant<>(new UInt32(3)));
+
+        return settings;
+    }
+
+    private static Map<String, Variant<?>> createWPA2WPA3Settings(NetworkProperties props, String deviceId,
+            String propMode) {
+        Map<String, Variant<?>> settings = createWifiSettings(props, deviceId, propMode);
 
         settings.put(NM_SETTINGS_80211_KEY_MANAGEMENT, new Variant<>("wpa-psk"));
+        // Set PMF (Protected Management Frames) as optional
+        settings.put("pmf", new Variant<>(new UInt32(2)));
+
+        return settings;
+    }
+
+    private static Map<String, Variant<?>> createWifiSettings(NetworkProperties props, String deviceId,
+            String propMode) {
+        Map<String, Variant<?>> settings = new HashMap<>();
 
         String psk = props
                 .get(Password.class, "net.interface.%s.config.wifi.%s.passphrase", deviceId, propMode.toLowerCase())
@@ -808,6 +837,8 @@ private static List<String> wifiProtoConvert(KuraWifiSecurityType securityType)
             case SECURITY_WPA:
                 return Arrays.asList("wpa");
             case SECURITY_WPA2:
+            case SECURITY_WPA2_WPA3:
+            case SECURITY_WPA3:
                 return Arrays.asList("rsn");
             case SECURITY_WPA_WPA2:
                 return Arrays.asList();
@@ -829,8 +860,7 @@ private static String connectionTypeConvert(NMDeviceType deviceType) {
             // ... WIP
             default:
                 throw new IllegalArgumentException(String
-                        .format("Unsupported connection type conversion from NMDeviceType \"%s\"",
-                                deviceType.toString()));
+                    .format("Unsupported connection type conversion from NMDeviceType \"%s\"", deviceType.toString()));
         }
     }
 

diff --git a/...eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/network/TabWirelessUi.java b/...eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/network/TabWirelessUi.java
@@ -96,14 +96,20 @@ public class TabWirelessUi extends Composite implements NetworkTab {
     private static final String WIFI_MODE_AP = GwtWifiWirelessMode.netWifiWirelessModeAccessPoint.name();
     private static final String WIFI_MODE_STATION_MESSAGE = MessageUtils.get(WIFI_MODE_STATION);
     private static final String WIFI_MODE_ACCESS_POINT_MESSAGE = MessageUtils.get(WIFI_MODE_AP);
+    private static final String WIFI_SECURITY_NONE_MESSAGE = MessageUtils
+            .get(GwtWifiSecurity.netWifiSecurityNONE.name());
     private static final String WIFI_SECURITY_WEP_MESSAGE = MessageUtils.get(GwtWifiSecurity.netWifiSecurityWEP.name());
     private static final String WIFI_SECURITY_WPA_MESSAGE = MessageUtils.get(GwtWifiSecurity.netWifiSecurityWPA.name());
     private static final String WIFI_SECURITY_WPA2_MESSAGE = MessageUtils
             .get(GwtWifiSecurity.netWifiSecurityWPA2.name());
+    private static final String WIFI_SECURITY_WPA3_MESSAGE = MessageUtils
+            .get(GwtWifiSecurity.netWifiSecurityWPA3.name());
     private static final String WIFI_SECURITY_WPA2_WPA3_ENTERPRISE_MESSAGE = MessageUtils
             .get(GwtWifiSecurity.netWifiSecurityWPA2WPA3Enterprise.name());
     private static final String WIFI_SECURITY_WPA_WPA2_MESSAGE = MessageUtils
             .get(GwtWifiSecurity.netWifiSecurityWPA_WPA2.name());
+    private static final String WIFI_SECURITY_WPA2_WPA3_MESSAGE = MessageUtils
+            .get(GwtWifiSecurity.netWifiSecurityWPA2_WPA3.name());
     private static final String WIFI_BGSCAN_NONE_MESSAGE = MessageUtils
             .get(GwtWifiBgscanModule.netWifiBgscanMode_NONE.name());
     private static final String WIFI_CIPHERS_CCMP_TKIP_MESSAGE = MessageUtils
@@ -121,8 +127,6 @@ public class TabWirelessUi extends Composite implements NetworkTab {
     private static final String WIFI_BAND_2GHZ_MESSAGE = MessageUtils.get("netWifiBand2Ghz");
     private static final String WIFI_BAND_BOTH_MESSAGE = MessageUtils.get("netWifiBandBoth");
 
-    private static final String WIFI_SECURITY_NONE_MESSAGE = MessageUtils
-            .get(GwtWifiSecurity.netWifiSecurityNONE.name());
     private static final String IPV4_STATUS_WAN_MESSAGE = MessageUtils
             .get(GwtNetIfStatus.netIPv4StatusEnabledWAN.name());
 
@@ -715,8 +719,11 @@ private void refreshForm() {
 
             if (this.security.getSelectedItemText().equals(WIFI_SECURITY_WPA2_MESSAGE)
                     || this.security.getSelectedItemText().equals(WIFI_SECURITY_WPA_MESSAGE)
+                    || this.security.getSelectedItemText().equals(WIFI_SECURITY_WPA3_MESSAGE)
+                    || this.security.getSelectedItemText()
+                            .equals(MessageUtils.get(GwtWifiSecurity.netWifiSecurityWPA_WPA2.name()))
                     || this.security.getSelectedItemText()
-                            .equals(MessageUtils.get(GwtWifiSecurity.netWifiSecurityWPA_WPA2.name()))) {
+                            .equals(MessageUtils.get(GwtWifiSecurity.netWifiSecurityWPA2_WPA3.name()))) {
                 if (WIFI_MODE_STATION_MESSAGE.equals(this.wireless.getSelectedItemText())) {
                     this.pairwise.setEnabled(true);
                     this.group.setEnabled(true);
@@ -1282,7 +1289,9 @@ private void setPasswordValidation() {
 
         if (this.security != null && (this.security.getSelectedItemText().equals(WIFI_SECURITY_WPA_MESSAGE)
                 || this.security.getSelectedItemText().equals(WIFI_SECURITY_WPA2_MESSAGE)
-                || this.security.getSelectedItemText().contentEquals(WIFI_SECURITY_WPA_WPA2_MESSAGE))) {
+                || this.security.getSelectedItemText().equals(WIFI_SECURITY_WPA3_MESSAGE)
+                || this.security.getSelectedItemText().contentEquals(WIFI_SECURITY_WPA_WPA2_MESSAGE)
+                || this.security.getSelectedItemText().contentEquals(WIFI_SECURITY_WPA2_WPA3_MESSAGE))) {
 
             this.password.setValidatorsFrom(configUserOptions);
             configUserOptions.setPasswordMinimumLength(Math.min(configUserOptions.getPasswordMinimumLength(), 63));

diff --git a/...b2/src/main/java/org/eclipse/kura/web/server/net2/status/NetworkStatusServiceAdapter.java b/...b2/src/main/java/org/eclipse/kura/web/server/net2/status/NetworkStatusServiceAdapter.java
@@ -393,12 +393,18 @@ private void parseAndSetWifiSecurity(GwtWifiHotspotEntry entryToModify, WifiAcce
         } else if (isSecurityWPA(rsnSecurity, wpaSecurity, flags) && isSecurityWPA2(rsnSecurity, wpaSecurity, flags)) {
             entryToModify.setSecurity(GwtWifiSecurity.netWifiSecurityWPA_WPA2.value());
             setCiphers(entryToModify, rsnSecurity);
+        } else if (isSecurityWPA2(rsnSecurity, wpaSecurity, flags) && isSecurityWPA3(rsnSecurity, wpaSecurity, flags)) {
+            entryToModify.setSecurity(GwtWifiSecurity.netWifiSecurityWPA2_WPA3.value());
+            setCiphers(entryToModify, rsnSecurity);
         } else if (isSecurityWPA(rsnSecurity, wpaSecurity, flags)) {
             entryToModify.setSecurity(GwtWifiSecurity.netWifiSecurityWPA.value());
             setCiphers(entryToModify, wpaSecurity);
         } else if (isSecurityWPA2(rsnSecurity, wpaSecurity, flags)) {
             entryToModify.setSecurity(GwtWifiSecurity.netWifiSecurityWPA2.value());
             setCiphers(entryToModify, rsnSecurity);
+        } else if (isSecurityWPA3(rsnSecurity, wpaSecurity, flags)) {
+            entryToModify.setSecurity(GwtWifiSecurity.netWifiSecurityWPA3.value());
+            setCiphers(entryToModify, rsnSecurity);
         } else if (isSecurityWPA2WPA3Enterprise(rsnSecurity, wpaSecurity, flags)) {
             entryToModify.setSecurity(GwtWifiSecurity.netWifiSecurityWPA2WPA3Enterprise.value());
             setCiphers(entryToModify, rsnSecurity);
@@ -430,6 +436,10 @@ private boolean isSecurityWPA2WPA3Enterprise(Set<WifiSecurity> rsnSecurity, Set<
         return flags.contains(WifiFlag.PRIVACY) && (rsnSecurity.contains(WifiSecurity.KEY_MGMT_802_1X));
     }
 
+    private boolean isSecurityWPA3(Set<WifiSecurity> rsnSecurity, Set<WifiSecurity> wpaSecurity, Set<WifiFlag> flags) {
+        return flags.contains(WifiFlag.PRIVACY) && (rsnSecurity.contains(WifiSecurity.KEY_MGMT_SAE));
+    }
+
     private void setCiphers(GwtWifiHotspotEntry entryToModify, Set<WifiSecurity> wifiSecurity) {
         boolean isGroupCCMP = wifiSecurity.contains(WifiSecurity.GROUP_CCMP);
         boolean isGroupTKIP = wifiSecurity.contains(WifiSecurity.GROUP_TKIP);

diff --git a/...g.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/server/net2/utils/EnumsParser.java b/...g.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/server/net2/utils/EnumsParser.java
@@ -161,10 +161,18 @@ public static String getGwtWifiSecurity(Optional<String> wifiSecurity) {
                 return GwtWifiSecurity.netWifiSecurityWPA2.name();
             }
 
+            if (wifiSecurity.get().equals(WifiSecurity.SECURITY_WPA3.name())) {
+                return GwtWifiSecurity.netWifiSecurityWPA3.name();
+            }
+
             if (wifiSecurity.get().equals(WifiSecurity.SECURITY_WPA_WPA2.name())) {
                 return GwtWifiSecurity.netWifiSecurityWPA_WPA2.name();
             }
 
+            if (wifiSecurity.get().equals(WifiSecurity.SECURITY_WPA2_WPA3.name())) {
+                return GwtWifiSecurity.netWifiSecurityWPA2_WPA3.name();
+            }
+
             if (wifiSecurity.get().equals(WifiSecurity.SECURITY_WPA2_WPA3_ENTERPRISE.name())) {
                 return GwtWifiSecurity.netWifiSecurityWPA2WPA3Enterprise.name();
             }
@@ -191,10 +199,18 @@ public static String getWifiSecurity(Optional<String> gwtWifiSecurity) {
                 return WifiSecurity.SECURITY_WPA2.name();
             }
 
+            if (gwtWifiSecurity.get().equals(GwtWifiSecurity.netWifiSecurityWPA3.name())) {
+                return WifiSecurity.SECURITY_WPA3.name();
+            }
+
             if (gwtWifiSecurity.get().equals(GwtWifiSecurity.netWifiSecurityWPA_WPA2.name())) {
                 return WifiSecurity.SECURITY_WPA_WPA2.name();
             }
 
+            if (gwtWifiSecurity.get().equals(GwtWifiSecurity.netWifiSecurityWPA2_WPA3.name())) {
+                return WifiSecurity.SECURITY_WPA2_WPA3.name();
+            }
+
             if (gwtWifiSecurity.get().equals(GwtWifiSecurity.netWifiSecurityWPA2WPA3Enterprise.name())) {
                 return WifiSecurity.SECURITY_WPA2_WPA3_ENTERPRISE.name();
             }

diff --git a/...rg.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/shared/model/GwtWifiSecurity.java b/...rg.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/shared/model/GwtWifiSecurity.java
@@ -19,7 +19,9 @@ public enum GwtWifiSecurity {
     netWifiSecurityWPA("WPA"),
     netWifiSecurityWPA2("WPA2"),
     netWifiSecurityWPA2WPA3Enterprise("WPA2/WPA3-Enterprise"),
-    netWifiSecurityWPA_WPA2("WPA/WPA2");
+    netWifiSecurityWPA_WPA2("WPA/WPA2"),
+    netWifiSecurityWPA3("WPA3 - Experimental"),
+    netWifiSecurityWPA2_WPA3("WPA2/WPA3 - Experimental");
 
     String value;