Turn the MBEDTLS_RSA_FULL selects into depends on.
This is how the other MBEDTLS_KEY_EXCHANGE_* Kconfig options are defined.
This is done to avoid circular dependencies.
At the same time update uses of the affected MBEDTLS_KEY_EXCHANGE_*
Kconfig options to enable/disable the dependencies which used to be
automatically handled.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
SoftAP operation needs around 5700 bytes of stack. With a
buffer of 100 bytes, set the supplicant stack size to 5800.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Created new files and relocate hostapd support code in glue layer to new
files. The new files will be compiled only if hostapd support is enabled.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
Increase stack size of supplicant thread to fix crash seen during
enterprise mode connection. Increase heap requirement of hostap
to handle TLS processing failures.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
-Mbed TLS has come up with its own naming-convention with regards
to certain Mbed TLS configurations for TLS/DTLS and X.509. This
commit fixes a couple of them by depending on MBEDTLS_BUILTIN
which is set when Kconfig.tls-generic is used
1. Make MBEDTLS_PEM_CERTIFICATE_FORMAT depend on MBEDTLS_BUILTIN
The proper name for this functionaity is MBEDTL_PEM_PARSE_C and
MBEDTLS_PEM_WRITE_C
2. Make MBEDTLS_SERVER_NAME_INDICATION depend on MBEDTLS_BUILTIN
The proper name for this is MBEDTLS_SSL_SERVER_NAME_INDICATION
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-PSA_WANT_ALG_CMAC must be set for PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
to be valid. This commit fixes this mismatch for hostap
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
Remove `select FILE_SYSTEM` from `WIFI_NM_WPA_SUPPLICANT`, originally
added in 3fc932c5. The selection is not required by any tests, and does
not appear to be used by any code in the module.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Enable MBEDTLS_SHA384 support to use of RSA3K + Suite-B, that
is required by WPA3-Enterprise.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
In case interface is UP, the interface is added to WPA supplicant in the
iface_wq itself and the max stack size is 4264, so, increase the stack
size of the iface_wq.
If the interface is added via net_mgmt thread then it works fine.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
During experiments it was observed that workqueue uses a maximum of
3872 bytes, so, with cushion added set it to 4096.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
When connecting to a WPA3 connection, the max stack size observed was
5456, fix the SoF by increasing by 200bytes (cushion added).
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
nRF boards have a ROM crunch esp. with combined with Matter/networking
features, as the advanced features are not essential for typical Wi-Fi
operation, disable them by default. Individual samples can choose to
enable it.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Based on few tests, it was observed that WPA supplicant's maximum usage
for connection and disconnection is 4360.
This would save ~4K which is huge as we have a crunch for RAM.
This was missed when hostap was upstreamed from NCS.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Zephyr introduced postive feature flags to make advanced features
conditional but the upstream has followed a negative feature flag
for advanced features, and during upmerge these two weren't reconciled.
Fix the build in case advanced features are disabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Despite having higher log buffer sizes the log messages are being
dropped due to high rate (and longer messages) as hostap debugging is
very verbose, so, use "immediate" logging by default. As hostap is only
for control path this will not have impact on timing.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
As kernel heap is used for hostap, which replaced libc heap, then no
need to consider the MBEDTLS_ENABLE_HEAP case. For enterprise case,
mbedtls will use MBEDTLS_HEAP or libc heap to allocate memory, instead
of the kernel heap.
Modify the heap size for enterprise case to have necessary memory.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
For TFM example, MBEDTLS_PSA_CRYPTO_C has some dependencies and may not
be enabled, so use 'imply' instead of 'select' here for hostap
MBEDTLS_PSA case.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
We have now fully migrated to CRYPTO_ALT which is a superset, so, remove
unused CRYPTO module and it's related files.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add the PSA_WANT_XXX settings that might be needed for various crypto
algorithms and Keys in WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
configuration setting.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
MbedTLS Crypto ALT implementation clearly states that DPP3 isn't
supported, remove DPP3 to fix a build error related to HPKE.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
To make AP related code/config more clear and clean, use
CONFIG_WIFI_NM_WPA_SUPPLICANT_AP for supplicant based AP case,
and use CONFIG_WIFI_NM_HOSTAPD_AP for hostapd based AP case.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Add EAP-TLS, EAP-PEAP-MSCHAPv2, EAP-PEAP-GTC, EAP-TTLS-MSCHAPv2,
EAP-PEAP-TLS, EAP-TLS-SHA256 enterprise wpa2 and wpa3 suiteb
support for sap.
Signed-off-by: Rex Chen <rex.chen_1@nxp.com>
Add an option for platforms or forks to provide their own hostap
compatible crypto implementation. This may include proprietary or
platform specific stuff that may or may not be upstreamed to Zephyr.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Added new ops and events in glue layer to support roaming.
Added new flag WIFI_NM_WPA_SUPPLICANT_ROAMING to control roaming
feature.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
WPA control interface timeout is hardcoded to 10s, add a configuration
option to remove the hardcode, this is needed sometimes as a workaround
e.g., crypto taking too long to complete the request.
Work around for #79834, increase the default from 10 to 15s, in positive
case this will have no impact.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
The P2P support needs EAPOL support in order to avoid a compilation
error about missing eap field in wpa_ssid struct.
modules/lib/hostap/wpa_supplicant/wpa_supplicant.c:5102:65:
error: ‘struct wpa_ssid’ has no member named ‘eap’
5102 | eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add EAP-TLS, EAP-PEAP-MSCHAPv2, EAP-PEAP-GTC, EAP-TTLS-MSCHAPv2,
EAP-PEAP-TLS, EAP-TLS-SHA256 enterprise wpa2 and wpa3 suiteb
support for station.
Signed-off-by: Rex Chen <rex.chen_1@nxp.com>
Enabling all EAP types for enterprise mode increases
memory usage in both ROM and RAM. Provide config options for each
type to let solutions choose the methods based on their
requirements.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Now that hostap is used k_heap, it needs to reserve the kernel heap not
libc heap.
Fixes#79477.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add crypto module test kconfig option
CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_TEST,
which is default n and hidden.
It is only available by developer for crypto module test.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA should not be by default
selected when WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT is selcted. Enable
PSA APIs if desired separately.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Set WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT as the default crypto
configuration. The crypto ALT implementation contains the necessary
crypto operations and also allows the user to choose PSA or non PSA
crypto operation.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Added new flag CONFIG_WIFI_NM_HOSTAPD_AP for hostapd support. Once this
flag is enabled, softAP will be setup by hostapd. Both wpa_supplicant
and hostapd uses same task and eloop.
Included necessary hostapd files when compiling wifi samples if
CONFIG_WIFI_NM_HOSTAPD_AP is enabled. Added hostapd support for all
softAP command of L2 wifi shell commands.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
