In case interface is UP, the interface is added to WPA supplicant in the
iface_wq itself and the max stack size is 4264, so, increase the stack
size of the iface_wq.
If the interface is added via net_mgmt thread then it works fine.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
During experiments it was observed that workqueue uses a maximum of
3872 bytes, so, with cushion added set it to 4096.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
When connecting to a WPA3 connection, the max stack size observed was
5456, fix the SoF by increasing by 200bytes (cushion added).
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
nRF boards have a ROM crunch esp. with combined with Matter/networking
features, as the advanced features are not essential for typical Wi-Fi
operation, disable them by default. Individual samples can choose to
enable it.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Based on few tests, it was observed that WPA supplicant's maximum usage
for connection and disconnection is 4360.
This would save ~4K which is huge as we have a crunch for RAM.
This was missed when hostap was upstreamed from NCS.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Zephyr introduced postive feature flags to make advanced features
conditional but the upstream has followed a negative feature flag
for advanced features, and during upmerge these two weren't reconciled.
Fix the build in case advanced features are disabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Despite having higher log buffer sizes the log messages are being
dropped due to high rate (and longer messages) as hostap debugging is
very verbose, so, use "immediate" logging by default. As hostap is only
for control path this will not have impact on timing.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
As kernel heap is used for hostap, which replaced libc heap, then no
need to consider the MBEDTLS_ENABLE_HEAP case. For enterprise case,
mbedtls will use MBEDTLS_HEAP or libc heap to allocate memory, instead
of the kernel heap.
Modify the heap size for enterprise case to have necessary memory.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
For TFM example, MBEDTLS_PSA_CRYPTO_C has some dependencies and may not
be enabled, so use 'imply' instead of 'select' here for hostap
MBEDTLS_PSA case.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
We have now fully migrated to CRYPTO_ALT which is a superset, so, remove
unused CRYPTO module and it's related files.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add the PSA_WANT_XXX settings that might be needed for various crypto
algorithms and Keys in WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
configuration setting.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
MbedTLS Crypto ALT implementation clearly states that DPP3 isn't
supported, remove DPP3 to fix a build error related to HPKE.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
To make AP related code/config more clear and clean, use
CONFIG_WIFI_NM_WPA_SUPPLICANT_AP for supplicant based AP case,
and use CONFIG_WIFI_NM_HOSTAPD_AP for hostapd based AP case.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Add EAP-TLS, EAP-PEAP-MSCHAPv2, EAP-PEAP-GTC, EAP-TTLS-MSCHAPv2,
EAP-PEAP-TLS, EAP-TLS-SHA256 enterprise wpa2 and wpa3 suiteb
support for sap.
Signed-off-by: Rex Chen <rex.chen_1@nxp.com>
Add an option for platforms or forks to provide their own hostap
compatible crypto implementation. This may include proprietary or
platform specific stuff that may or may not be upstreamed to Zephyr.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Added new ops and events in glue layer to support roaming.
Added new flag WIFI_NM_WPA_SUPPLICANT_ROAMING to control roaming
feature.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
WPA control interface timeout is hardcoded to 10s, add a configuration
option to remove the hardcode, this is needed sometimes as a workaround
e.g., crypto taking too long to complete the request.
Work around for #79834, increase the default from 10 to 15s, in positive
case this will have no impact.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
The P2P support needs EAPOL support in order to avoid a compilation
error about missing eap field in wpa_ssid struct.
modules/lib/hostap/wpa_supplicant/wpa_supplicant.c:5102:65:
error: ‘struct wpa_ssid’ has no member named ‘eap’
5102 | eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add EAP-TLS, EAP-PEAP-MSCHAPv2, EAP-PEAP-GTC, EAP-TTLS-MSCHAPv2,
EAP-PEAP-TLS, EAP-TLS-SHA256 enterprise wpa2 and wpa3 suiteb
support for station.
Signed-off-by: Rex Chen <rex.chen_1@nxp.com>
Enabling all EAP types for enterprise mode increases
memory usage in both ROM and RAM. Provide config options for each
type to let solutions choose the methods based on their
requirements.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Now that hostap is used k_heap, it needs to reserve the kernel heap not
libc heap.
Fixes#79477.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add crypto module test kconfig option
CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_TEST,
which is default n and hidden.
It is only available by developer for crypto module test.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA should not be by default
selected when WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT is selcted. Enable
PSA APIs if desired separately.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Set WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT as the default crypto
configuration. The crypto ALT implementation contains the necessary
crypto operations and also allows the user to choose PSA or non PSA
crypto operation.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Added new flag CONFIG_WIFI_NM_HOSTAPD_AP for hostapd support. Once this
flag is enabled, softAP will be setup by hostapd. Both wpa_supplicant
and hostapd uses same task and eloop.
Included necessary hostapd files when compiling wifi samples if
CONFIG_WIFI_NM_HOSTAPD_AP is enabled. Added hostapd support for all
softAP command of L2 wifi shell commands.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
For Enterprise crypto MbedTLS needs more heap either separate pool or
libc heap, based on experiments 55000 was arrived for a successful
WPA2-EAP-TLS association.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
In order to mitigate side channel attacks, even if the PWE is found the WPA
supplicant goes through full iterations, but in some low-resource systems
this can be intensive, so, add an option to exit early.
Note that this is highly insecure and shouldn't be used in production
Signed-off-by: Gang Li <gang.li_1@nxp.com>
This should be configurable by applications in case a full CLI interface
to the WPA supplicant is needed.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Due to recent changes to hostap, the stack usage is increased, so,
increase the stack size to fix SoF.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Fixes build issues when Wi-Fi security is enabled for default
implementation, the alternative implementation is managed separately,
and doesn't need these.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Remove CONFIG_NO_PBKDF2 and CONFIG_NO_CONFIG_BLOBS definition
and let them be decided in kconfig.
CONFIG_NO_PBKDF2 is default y when crypto backend is
WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE.
CONFIG_NO_CONFIG_BLOBS is default y when both DPP and enterprise disable.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add Platform Secure Architecture support support to use
HW acceleration, which needs to be called under PSA driver wrapper
in mbedtls 3.x.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
