WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA should not be by default
selected when WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT is selcted. Enable
PSA APIs if desired separately.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Set WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT as the default crypto
configuration. The crypto ALT implementation contains the necessary
crypto operations and also allows the user to choose PSA or non PSA
crypto operation.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Added new flag CONFIG_WIFI_NM_HOSTAPD_AP for hostapd support. Once this
flag is enabled, softAP will be setup by hostapd. Both wpa_supplicant
and hostapd uses same task and eloop.
Included necessary hostapd files when compiling wifi samples if
CONFIG_WIFI_NM_HOSTAPD_AP is enabled. Added hostapd support for all
softAP command of L2 wifi shell commands.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
For Enterprise crypto MbedTLS needs more heap either separate pool or
libc heap, based on experiments 55000 was arrived for a successful
WPA2-EAP-TLS association.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
In order to mitigate side channel attacks, even if the PWE is found the WPA
supplicant goes through full iterations, but in some low-resource systems
this can be intensive, so, add an option to exit early.
Note that this is highly insecure and shouldn't be used in production
Signed-off-by: Gang Li <gang.li_1@nxp.com>
This should be configurable by applications in case a full CLI interface
to the WPA supplicant is needed.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Due to recent changes to hostap, the stack usage is increased, so,
increase the stack size to fix SoF.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Fixes build issues when Wi-Fi security is enabled for default
implementation, the alternative implementation is managed separately,
and doesn't need these.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Remove CONFIG_NO_PBKDF2 and CONFIG_NO_CONFIG_BLOBS definition
and let them be decided in kconfig.
CONFIG_NO_PBKDF2 is default y when crypto backend is
WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE.
CONFIG_NO_CONFIG_BLOBS is default y when both DPP and enterprise disable.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add Platform Secure Architecture support support to use
HW acceleration, which needs to be called under PSA driver wrapper
in mbedtls 3.x.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add kconfig CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT to get more mbedtls
functionality for enterprise and DPP.
Split cmake sources related to hostap SME and crypto backend.
Default backend CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO use internal crypto
and some mbedtls apis.
Backend CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT use most mbedtls apis
and PSA apis, except some apis no longer supported in mbedtls 3.x,
or called in the middle of hostap and mbedtls.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
This change deprecates CONFIG_POSIX_SIGNAL in favour of
the plural CONFIG_POSIX_SIGNALS, which maps directly to the
name of the standard POSIX Option Group POSIX_SIGNALS.
Additionally, mark signals as experimental.
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
The POSIX_MAX_FDS option does not correspond to any standard
POSIX option. It was used to define the size of the file
descriptor table, which is by no means exclusively used by
POSIX (also net, fs, ...).
POSIX_MAX_FDS is being deprecated in order to ensure that
Zephyr's POSIX Kconfig variables correspond to those defined in
the specification, as of IEEE 1003.1-2017. Namely,
POSIX_OPEN_MAX. CONFIG_POSIX_MAX_OPEN_FILES is being deprecated
for the same reason.
To mitigate any possible layering violations, that option is
not user selectable. It tracks the newly added
CONFIG_ZVFS_OPEN_MAX option, which is native to Zephyr.
With this deprecation, we introduce the following Kconfig
options that map directly to standard POSIX Option Groups by
simply removing "CONFIG_":
* CONFIG_POSIX_DEVICE_IO
Similarly, with this deprecation, we introduce the following
Kconfig options that map directly to standard POSIX Options by
simply removing "CONFIG":
* CONFIG_POSIX_OPEN_MAX
In order to maintain parity with the current feature set, we
introduce the following Kconfig options.
* CONFIG_POSIX_DEVICE_IO_ALIAS_CLOSE
* CONFIG_POSIX_DEVICE_IO_ALIAS_OPEN
* CONFIG_POSIX_DEVICE_IO_ALIAS_READ
* CONFIG_POSIX_DEVICE_IO_ALIAS_WRITE
Gate open(), close(), read(), and write() via the
CONFIG_POSIX_DEVICE_IO Kconfig option and move
implementations into device_io.c, to be conformant with the
spec.
Lastly, stage function names for upcoming ZVFS work, to be
completed as part of the LTSv3 Roadmap (e.g. zvfs_open(), ..).
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
The POSIX_CLOCK option does not correspond to any standard
option. It was used to active features of several distinct
POSIX Options and Option Groups, which complicated API and
application configuration as a result.
POSIX_CLOCK is being deprecated in order to ensure that Zephyr's
POSIX Kconfig variables correspond to those defined in the
specification, as of IEEE 1003.1-2017.
Additionally, CONFIG_TIMER is being deprecated because it does
not match the corresponding POSIX Option (_POSIX_TIMERS).
With this deprecation, we introduce the following Kconfig
options that map directly to standard POSIX Option Groups by
simply removing "CONFIG_":
* CONFIG_POSIX_TIMERS
Similarly, we introduce the following Kconfig options that
map directly to standard POSIX Options by simply removing
"CONFIG":
* CONFIG_POSIX_CLOCK_SELECTION
* CONFIG_POSIX_CPUTIME
* CONFIG_POSIX_DELAYTIMER_MAX
* CONFIG_POSIX_MONOTONIC_CLOCK
* CONFIG_POSIX_TIMEOUTS
* CONFIG_POSIX_TIMER_MAX
In order to maintain parity with the current feature set, we
introduce the following Kconfig options that map directly to
standard POSIX Option Groups by simply removing "CONFIG_":
* CONFIG_POSIX_MULTI_PROCESS - sleep()
Similarly, in order to maintain parity with the current feature
set, we introduce the following additional Kconfig options that
map directly to standard POSIX Options by simply removing
"CONFIG":
* CONFIG_XSI_SINGLE_PROCESS - gettimeofday()
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Remove the `_MAC` part because those Kconfig options enable only hash
algorithms, nothing MAC-related, and the `_ENABLED` part to align the
naming to the Mbed TLS defines (plus we don't need such a part).
As a bonus, enabling SHA-256 does not automatically enable SHA-224
anymore.
See the migration guide entries for more details on the practical
changes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Comment out mbedtls symbols that do not have a proper Kconfig
setting. Future commits will need to add relevant support in mbedtls
side to provided needed symbols so that they can be used in hostap
and uncomment these.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
To cater for different needs add an configuration options for WPA
supplicant network selection (scan results sorting). The default is
still left unchanged.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If MbedTLS uses its own heap which is a static heap (not libc heap),
then WPA supplicant heap usage will come down, so, reduce 8K (minimum
MbedTLS heap for Wi-Fi) from the libc heap size.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
SAP mode adds more functionality that increases the heap usage, based on
experiments, 40000 works well to avoid startup failures.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
For WPA_SUPP_CRYPTO_LEGACY, MBEDTLS_PKCS5_C is needed.
Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add missing MBEDTLS_PK_C dependcy for legacy crypto.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
By default (-1) libc uses all the available heap, this is good to
efficiently use the RAM, but for scenarios which there isn't enough RAM
the build will be success, but we see runtime failures.
Reserved the necessary RAM based on tests ahead to catch such scenarios,
of course this would mean that we might be no using full RAM in case
more is left, but that's never the case the with Wi-Fi :).
And this also adds the constant evaluation and fine tuneing like we do
for kernel heap and other parameters.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The PSA is referring to Kconfig symbols that are only found
in Nordic downstream repo so we cannot use it anyway atm.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This avoid compliance warning
Found pointless 'menuconfig' symbols without children. Use regular 'config'
symbols instead. See
https://docs.zephyrproject.org/latest/build/kconfig/tips.html#menuconfig-symbols.
WIFI_NM_WPA_SUPPLICANT modules/hostap/Kconfig:8
WIFI_NM_WPA_SUPPLICANT modules/hostap/Kconfig:8
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If user enables AP mode, make sure CONFIG_AP symbol
is enabled so that access point sources get compiled etc.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
MBO and WMM-AC are mandatory for WFA certification, so cannot be
disabled for memory saving.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
wpa_supplicant has a lot of entries, and it appears in the top-level menu.
Let it be a menuconfig, so that it gets its own menu page with
all the options, instead of expanding in the top-level menu when
selected.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This allows the WPA supplicant to build using the builtin MbedTLS.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
For a memory constrained system, basic Wi-Fi is enough, so, add a
configuration option to compiled out advanced Wi-Fi features.
This also supports choosing individual features if needed.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Due to a bug in Kconfig, both legacy and PSA crypto were enabled
earlier, so, the dependencies for PSA were missed as they were provided
by legacy.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Enable the PSA key type which enables AES block cipher support.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Fix PSA dependency on random number support.
Random number generated is wanted, instead of a specific PRNG algorithm.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
We need to use PSA MbedTLS template to get entropy working.
Rather than having a single set of options which makes dependency
management tough, have a separate entry for PSA based MbedTLS which
is enabled by for NS variants only.
Also, don't use MbedTLS APIs for entropy, instead use the Zephyr APIs
that can work for both NS and S builds.
Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The following commits will re-introduce functionality that
the earlier commit removed, so revert the earlier commit.
This reverts commit 64423e269e.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Some crypto Kconfig options were commented out, so remove them.
These will be re-introduced later when adding crypto support
properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Compliance checker does not allow compile definitions without
a Kconfig option. So add dummy values for time being. These should
be removed at some point and replaced with properly namespaced
options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Changed the names of the API functions between wpa_supplicant
and Zephyr upper layers. For example replaced the z_ prefix
by zephyr_ as the z_ is only meant for internal kernel
functions.
Changed the wpa_supplicant startup so that we do not poll
but wait the network interface add event which then adds
the network interfaces to the supplicant.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add new files from hostap to Zephyr build.
Add wifi mgmt thread that communicates with supplicant.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Moving the Zephyr specific config options from
modules/hostap/Kconfig to corresponding Kconfig where the
option is specified.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Only adds basic build support using Zephyr. Crypto support is disabled
till the MbedTLS integration is complete.
Signed-off-by: Sridhar Nuvusetty <sridhar.nuvusetty@nordicsemi.no>
Signed-off-by: Sachin Kulkarni <sachin.kulkarni@nordicsemi.no>
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
