Increase stack size of supplicant thread to fix crash seen during
enterprise mode connection. Increase heap requirement of hostap
to handle TLS processing failures.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
The interface workq thread and supplicant handler thread
did not had names set to them. Set the names so that it is
easier to find them from "kernel thread stacks" list.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
-Mbed TLS has come up with its own naming-convention with regards
to certain Mbed TLS configurations for TLS/DTLS and X.509. This
commit fixes a couple of them by depending on MBEDTLS_BUILTIN
which is set when Kconfig.tls-generic is used
1. Make MBEDTLS_PEM_CERTIFICATE_FORMAT depend on MBEDTLS_BUILTIN
The proper name for this functionaity is MBEDTL_PEM_PARSE_C and
MBEDTLS_PEM_WRITE_C
2. Make MBEDTLS_SERVER_NAME_INDICATION depend on MBEDTLS_BUILTIN
The proper name for this is MBEDTLS_SSL_SERVER_NAME_INDICATION
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-PSA_WANT_ALG_CMAC must be set for PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
to be valid. This commit fixes this mismatch for hostap
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
Remove `select FILE_SYSTEM` from `WIFI_NM_WPA_SUPPLICANT`, originally
added in 3fc932c5. The selection is not required by any tests, and does
not appear to be used by any code in the module.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Enable MBEDTLS_SHA384 support to use of RSA3K + Suite-B, that
is required by WPA3-Enterprise.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
In case interface is UP, the interface is added to WPA supplicant in the
iface_wq itself and the max stack size is 4264, so, increase the stack
size of the iface_wq.
If the interface is added via net_mgmt thread then it works fine.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Added new parameter "A" in wifi connect command to support
CA certificate used or CA certificate skipped for
EAP-TTLS-MSCHAPV2 and EAP-PEAP-MSCHAPV2.
Signed-off-by: Qingling Wu <qingling.wu@nxp.com>
During experiments it was observed that workqueue uses a maximum of
3872 bytes, so, with cushion added set it to 4096.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
When connecting to a WPA3 connection, the max stack size observed was
5456, fix the SoF by increasing by 200bytes (cushion added).
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
nRF boards have a ROM crunch esp. with combined with Matter/networking
features, as the advanced features are not essential for typical Wi-Fi
operation, disable them by default. Individual samples can choose to
enable it.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Based on few tests, it was observed that WPA supplicant's maximum usage
for connection and disconnection is 4360.
This would save ~4K which is huge as we have a crunch for RAM.
This was missed when hostap was upstreamed from NCS.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Allow user to specify protocol extensions when receiving data
from Ethernet network. This means that user can register L3
protocol handler using NET_L3_REGISTER() with the desired
protocol type. Ethernet code will then call the handler if
such a protocol type packet is received. This is currently
only implemented for Ethernet. The original IPv4 and IPv6
handling is left intact even if they can be considered to
be L3 layer protocol. This could be changed in the future
if needed so that IPv4 and IPv6 handling could be made
pluggable protocols.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Zephyr introduced postive feature flags to make advanced features
conditional but the upstream has followed a negative feature flag
for advanced features, and during upmerge these two weren't reconciled.
Fix the build in case advanced features are disabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
'wifi status' CMD shows wrong security information when STA connects to
Ext-AP with WIFI_SECURITY_TYPE_SAE_HNP, after connection using
WIFI_SECURITY_TYPE_SAE_AUTO. Setting sae_pwe for all the WPA3 SAE types
can fix this issue.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
For 'wifi status' and 'wifi ap status' cmd of the hostap case,
originally only support getting 'EAP-TLS' for the enterprise
mode, which is not correct. Now support getting the specific
enterprise mode, including the WPA3 enterprise mode and
the EAP method type.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Change Wi-Fi suiteb type into WPA3 enterprise security type, it
includes suiteB, suiteB-192 and WPA3 enterprise only mode.
Support setting WPA3 enterprise only mode, which should use
cipher_config->key_mgmt as WPA-EAP-SHA256, and the AKM in RSN
IE will show 00-0F-AC:5.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Remove EAP TLS SHA256 security, as it was added to support the AKM
of 00-0F-AC:5 in RSN IE, but actually this AKM is used by WPA3
enterprise only mode.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Despite having higher log buffer sizes the log messages are being
dropped due to high rate (and longer messages) as hostap debugging is
very verbose, so, use "immediate" logging by default. As hostap is only
for control path this will not have impact on timing.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
As kernel heap is used for hostap, which replaced libc heap, then no
need to consider the MBEDTLS_ENABLE_HEAP case. For enterprise case,
mbedtls will use MBEDTLS_HEAP or libc heap to allocate memory, instead
of the kernel heap.
Modify the heap size for enterprise case to have necessary memory.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
For TFM example, MBEDTLS_PSA_CRYPTO_C has some dependencies and may not
be enabled, so use 'imply' instead of 'select' here for hostap
MBEDTLS_PSA case.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
It will be have a relative high probability to get continuous memory
for the next enterprise conenction, if free station certs memory
during disconnect, thus sys_heap need less memory for big size
EAP-TLS server cert packet, otherwise more memory space needed.
Signed-off-by: Rex Chen <rex.chen_1@nxp.com>
In Kconfig, already check both dpp and enterprise mode for enable
NO_CONFIG_BLOBS, so remove the wrong one in the cmakelist.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
In zephyr_hostapd_init, calls net_if_get_wifi_sap to get the SAP iface,
it means mgd iface of SAP type is registered before zephyr_hostapd_init.
Actually the mgd iface of SAP should be called in iface_api.init phase.
Therefore, remove unnecessary register of mgd iface in hostapd init.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
There are currently four types of roaming, 11r roaming, 11v roaming, 11k
roaming and legacy roaming, The priority of the roaming mode is
11r-->11v-->11k-->legacy roaming. If the ap does not support 11r/11v/11k
roaming, we will use legacy roaming. legecy roaming needs to do
full channel scan, which is the same as the general scan connection
process, so the legacy roaming time will be longer.
Signed-off-by: Gaofeng Zhang <gaofeng.zhang@nxp.com>
We have now fully migrated to CRYPTO_ALT which is a superset, so, remove
unused CRYPTO module and it's related files.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add the PSA_WANT_XXX settings that might be needed for various crypto
algorithms and Keys in WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
configuration setting.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
1.everytime ap wpa3 sae enable command will increase the sae_passpharse
list of config_bss, and sae_derive_pt will derive all sae pt in the
sae_passpharse list, every sae derive pt spend 100ms.
2.with the time going, the sae_passpharse list has more sae, and the
time to derive pt for sae will become long, sae_derive_pt will held
cpu and doesn't sleep.
3.hostapd task prio is 3, and imu task is 3, hostapd task run before
imu task, when the imu interrupt arrive and wake up the imu task, imu
task can't run,
4.hostapd task is deriving pt for every sae in the sae_passpharse
list. imu task can't run and sleep rwlock can't be release, sleep
rwlock timeout is 3s, when derive pt spend over 3s, wlcmgr task
waiting command resp on sleep rwlock will assert and hang.
Signed-off-by: Gaofeng Zhang <gaofeng.zhang@nxp.com>
Enable WPS PIN expire timeout parameter, this helps us in cleanup of
the Authorized MAC IE in the beacon in case no peer is connected
within the timeout.
Without this parameter the IE is not removed from the beacon.
Signed-off-by: Gaofeng Zhang <gaofeng.zhang@nxp.com>
1) Unless ACS is being used, both "channel" and
"vht_oper_centr_freq_seg0_idx" parameters must be set.
Fixed "channel center segment 0" not being set in VHT Operation IE.
2) Set HT capabilities and VHT capabilities via the wifi ap config command.
3) Set AP bandwidth to wifi driver via the wifi_mgmt_api->ap_config_params.
Signed-off-by: Gang Li <gang.li_1@nxp.com>
The signature of callback and the callback function is now changed, so,
add a wrapper to convert b/w them.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
MbedTLS Crypto ALT implementation clearly states that DPP3 isn't
supported, remove DPP3 to fix a build error related to HPKE.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
