P2P support

doc/nrf/app_dev/device_guides/nrf70/wifi_advanced_security_modes.rst

@@ -220,7 +220,7 @@ This improves the security of the nRF70 device compared to the non-PSA mode.
 
 .. note::
 
-      Currently, the PSA crypto support is only applicable to the WPA2™-personal security profile.
+      Currently, the PSA crypto support is only applicable to the WPA2™ and WPA3™-personal security profiles.
 
 Enable PSA support
 ==================

doc/nrf/protocols/wifi/index.rst

@@ -33,6 +33,7 @@ If you want to go through an online training course to familiarize yourself with
    station_mode/index
    scan_mode/index
    sap_mode/index
+   wifi_direct
    advanced_modes/index
    provisioning/index
    regulatory_support

doc/nrf/protocols/wifi/wifi_direct.rst

@@ -0,0 +1,259 @@
+.. _ug_wifi_direct:
+
+Wi-Fi Direct (P2P mode)
+#######################
+
+.. contents::
+   :local:
+   :depth: 2
+
+Wi-Fi Direct® (also known as Wi-Fi P2P or peer-to-peer mode) enables direct device-to-device connections without requiring a traditional access point.
+The nRF70 Series devices support Wi-Fi Direct, allowing you to establish peer-to-peer connections with other Wi-Fi Direct-capable devices.
+
+Building with Wi-Fi Direct support
+**********************************
+
+To build an application with Wi-Fi Direct support, use the :ref:`wifi_shell_sample` sample with the ``wifi-p2p`` snippet and external flash for firmware patches.
+
+Build command
+=============
+
+To build the Wi-Fi shell sample with Wi-Fi Direct (P2P) support, run the following command:
+
+.. code-block:: console
+
+   west build --pristine --board nrf7002dk/nrf5340/cpuapp -S wifi-p2p -S nrf70-fw-patch-ext-flash
+   west flash
+
+Wi-Fi Direct commands
+*********************
+
+The following commands are available for Wi-Fi Direct operations.
+Both Wi-Fi shell commands and ``wpa_cli`` commands are provided for each operation.
+
+Finding peers
+=============
+
+To start discovering Wi-Fi Direct peers, use the following commands:
+
+.. tabs::
+
+   .. group-tab:: Wi-Fi shell command
+
+      .. code-block:: console
+
+         wifi p2p find
+
+   .. group-tab:: ``wpa_cli`` command
+
+      .. code-block:: console
+
+         wpa_cli p2p_find
+
+This command initiates the P2P discovery process.
+The device scans for other Wi-Fi Direct-capable devices in range.
+
+Listing discovered peers
+========================
+
+To view the list of discovered peers, use the following commands:
+
+.. tabs::
+
+   .. group-tab:: Wi-Fi shell command
+
+      .. code-block:: console
+
+         wifi p2p peers
+
+   .. group-tab:: ``wpa_cli`` command
+
+      .. code-block:: console
+
+         wpa_cli p2p_peers
+
+This command displays a table of discovered peers with the following information:
+
+.. code-block:: console
+
+   Num  | Device Name                      | MAC Address       | RSSI | Device Type          | Config Methods
+   1    | Galaxy S22                       | D2:39:FA:43:23:C1 | -58  | 10-0050F204-5        | 0x188
+
+The columns in the table represent the following attributes:
+
+* ``Num`` - Sequential number of the peer in the list
+* ``Device Name`` - Friendly name of the peer device
+* ``MAC Address`` - MAC address of the peer device
+* ``RSSI`` - Signal strength in dBm
+* ``Device Type`` - WPS device type identifier
+* ``Config Methods`` - Supported WPS configuration methods
+
+Getting peer details
+====================
+
+To get detailed information about a specific peer, use the following commands:
+
+.. tabs::
+
+   .. group-tab:: Wi-Fi shell command
+
+      .. code-block:: console
+
+         wifi p2p peer <mac_address>
+
+   .. group-tab:: ``wpa_cli`` command
+
+      .. code-block:: console
+
+         wpa_cli p2p_peer <mac_address>
+
+For example:
+
+.. code-block:: console
+
+   wpa_cli p2p_peer D2:39:FA:43:23:C1
+
+This command displays detailed information about the specified peer device.
+
+Connecting to a peer
+====================
+
+To establish a Wi-Fi Direct connection with a discovered peer:
+
+.. tabs::
+
+   .. group-tab:: Wi-Fi shell command
+
+      .. code-block:: console
+
+         wifi p2p connect <mac_address> <pin|pbc> -g <go_intent>
+
+   .. group-tab:: ``wpa_cli`` command
+
+      .. code-block:: console
+
+         wpa_cli p2p_connect <mac_address> <pin|pbc> go_intent=<go_intent>
+
+Parameters:
+
+* ``<mac_address>`` - MAC address of the peer device to connect to.
+* ``<pbc|pin>`` - WPS provisioning method:
+
+  * ``pin`` - Uses PIN-based WPS authentication.
+    The command returns a PIN (for example, ``88282282``) that must be entered on the peer device.
+  * ``pbc`` - Uses Push Button Configuration (PBC) for WPS authentication.
+
+* ``go_intent`` - Group Owner (GO) intent value ``0-15``:
+
+  * Higher values indicate a stronger preference to become the Group Owner.
+  * A value of ``15`` forces the device to become the GO.
+  * A value of ``0`` indicates the device prefers to be a client.
+
+Example connection using the PIN method:
+
+.. tabs::
+
+   .. group-tab:: Wi-Fi shell command
+
+      .. code-block:: console
+
+         wifi p2p connect D2:39:FA:43:23:C1 pin -g 0
+
+   .. group-tab:: ``wpa_cli`` command
+
+      .. code-block:: console
+
+         wpa_cli p2p_connect D2:39:FA:43:23:C1 pin go_intent=0
+
+The command outputs a PIN (for example, ``88282282``), which must be entered on the peer device to complete the connection.
+
+To disconnect from a Wi-Fi Direct connection, use the following commands:
+
+.. tabs::
+
+   .. group-tab:: Wi-Fi shell command
+
+      .. code-block:: console
+
+         wifi disconnect
+
+   .. group-tab:: ``wpa_cli`` command
+
+      .. code-block:: console
+
+         wpa_cli disconnect
+
+Creating a P2P group (GO mode)
+==============================
+
+To create a P2P group and start as the GO, use the following commands:
+
+.. tabs::
+
+   .. group-tab:: Wi-Fi shell command
+
+      .. code-block:: console
+
+         wifi p2p group_add
+
+   .. group-tab:: ``wpa_cli`` command
+
+      .. code-block:: console
+
+         wpa_cli p2p_group_add
+
+This command creates a P2P group with the device acting as the GO, allowing other devices to connect to it.
+
+Inviting a peer to a P2P group
+==============================
+
+To invite a peer to join an existing P2P group, use the following commands:
+
+.. tabs::
+
+   .. group-tab:: Wi-Fi shell command
+
+      .. code-block:: console
+
+         wifi p2p invite -g <Group interface name> -P <mac_address>
+
+   .. group-tab:: ``wpa_cli`` command
+
+      .. code-block:: console
+
+         wpa_cli p2p_invite group=<Group interface name> peer=<mac_address>
+
+Example:
+
+.. tabs::
+
+   .. group-tab:: Wi-Fi shell command
+
+      .. code-block:: console
+
+         wifi p2p invite -g wlan0 -P D2:39:FA:43:23:C1
+
+   .. group-tab:: ``wpa_cli`` command
+
+      .. code-block:: console
+
+         wpa_cli p2p_invite group=wlan0 peer=D2:39:FA:43:23:C1
+
+Setting P2P power save mode
+===========================
+
+To enable or disable P2P power save mode, use the following commands:
+
+.. tabs::
+
+   .. group-tab:: Wi-Fi shell command
+
+      .. code-block:: console
+
+         wifi p2p power_save <on|off>
+
+   .. group-tab:: ``wpa_cli`` command
+
+      .. code-block:: console
+
+         wpa_cli p2p_set ps <1|0>

doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst

@@ -299,7 +299,10 @@ Thread
 Wi-Fi®
 ------
 
-|no_changes_yet_note|
+Added:
+
+  * Support for Wi-Fi Direct (P2P) mode, see :ref:`ug_wifi_direct` for details.
+  * Support for WPA3-SAE using the Oberon PSA PAKE implementation, see :ref:`ug_nrf70_wifi_advanced_security_modes` for details.
 
 Applications
 ============

samples/wifi/wfa_qt_app/overlay-enterprise.conf

@@ -1,3 +1,6 @@
 CONFIG_NRF_WIFI_DATA_HEAP_SIZE=80000
 CONFIG_WIFI_CREDENTIALS=n
 CONFIG_NRF70_RX_NUM_BUFS=16
+# Link-time optimizations to fix flash overflow
+CONFIG_LTO=y
+CONFIG_ISR_TABLES_LOCAL_DECLARATION=y

samples/wifi/wfa_qt_app/sample.yaml

@@ -16,7 +16,7 @@ tests:
     sysbuild: true
     build_only: true
     extra_args:
-      - EXTRA_CONF_FILE:STRING="overlay-netusb.conf;overlay-enterprise.conf"
+      - EXTRA_CONF_FILE="overlay-netusb.conf;overlay-enterprise.conf"
       - wfa_qt_app_SNIPPET="wifi-enterprise"
     integration_platforms:
       - nrf7002dk/nrf5340/cpuapp

snippets/wifi-p2p/snippet.yml

@@ -0,0 +1,3 @@
+name: wifi-p2p
+append:
+  EXTRA_CONF_FILE: wifi-p2p.conf

snippets/wifi-p2p/wifi-p2p.conf

@@ -0,0 +1,7 @@
+CONFIG_NRF70_P2P_MODE=y
+CONFIG_NRF70_AP_MODE=y
+CONFIG_WIFI_NM_WPA_SUPPLICANT_P2P=y
+CONFIG_WPA_CLI=y
+CONFIG_WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_INF=y
+CONFIG_LTO=y
+CONFIG_ISR_TABLES_LOCAL_DECLARATION=y

subsys/net/lib/hostap_crypto/CMakeLists.txt

@@ -79,4 +79,14 @@ if(DEFINED CONFIG_HOSTAP_CRYPTO_ALT_PSA)
     ${HOSTAP_BASE}/port/mbedtls/supp_psa_api.c
     ${HOSTAP_SRC_BASE}/crypto/tls_none.c
   )
+
+  if(CONFIG_HOSTAP_CRYPTO_WPA3_PSA)
+    zephyr_library_sources(
+      wpa3_psa.c
+    )
+    zephyr_library_compile_definitions(
+      CONFIG_SAE
+      CONFIG_ECC
+    )
+  endif()
 endif()

subsys/net/lib/hostap_crypto/Kconfig

@@ -97,15 +97,21 @@ config HOSTAP_CRYPTO_ENTERPRISE
 
 endif
 
-# PSA crypto is WPA2 only for now
+# PSA crypto is personal security only for now
 if HOSTAP_CRYPTO_ALT_PSA
+	# PSA doesn't work with WPA3 builtin (uses bignum)
+	config WIFI_NM_WPA_SUPPLICANT_WPA3
+		default n
+	# PSA doesn't support with enterprise mode yet
+	config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+		default n
 
-config WIFI_NM_WPA_SUPPLICANT_WPA3
-	default n
-
-config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
-	default n
-
+	config HOSTAP_CRYPTO_WPA3_PSA
+		bool "WPA3 PSA support"
+		select EXPERIMENTAL
+		select PSA_WANT_ALG_WPA3_SAE
+		select PSA_WANT_ALG_WPA3_SAE_H2E
+		select PSA_WANT_KEY_TYPE_WPA3_SAE_PT
 endif
 
 endif