The default Max A-MPDU length is 8191 shown in the VHT Cap Info from
SAP's beacon/Assoc response, and this length is read from
hapd->iface->conf->vht_capab. It will lead to the AMPDU only contains
5 packets and the throughput is only 60Mbps for 1x1 HE case in 5GHz.
Change the default vht_capab to VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
(1048575), and the throughput can be increased to 83Mbps.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
When build with the psa_crypto_driver, it will try to include common.h
of mbedtls, but actually include the common.h from hostap, and causes
build error of undefined symbol. Use zephyr_interface_library_named
to define hostap, and other modules needs to link the library of hostap
when wants to use the header file in /utils path, such as the common.h.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA should not be by default
selected when WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT is selcted. Enable
PSA APIs if desired separately.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Set WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT as the default crypto
configuration. The crypto ALT implementation contains the necessary
crypto operations and also allows the user to choose PSA or non PSA
crypto operation.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Link mode shows unknown when legacy (A or bg only) device connects to
APUT. Set the link mode to WIFI_2 when the host freq over 4000 and set
link mode to WIFI_3 when the host freq over 2000.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
Added new flag CONFIG_WIFI_NM_HOSTAPD_AP for hostapd support. Once this
flag is enabled, softAP will be setup by hostapd. Both wpa_supplicant
and hostapd uses same task and eloop.
Included necessary hostapd files when compiling wifi samples if
CONFIG_WIFI_NM_HOSTAPD_AP is enabled. Added hostapd support for all
softAP command of L2 wifi shell commands.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
For Enterprise crypto MbedTLS needs more heap either separate pool or
libc heap, based on experiments 55000 was arrived for a successful
WPA2-EAP-TLS association.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add basic WPA2 EAP-TLS support.
Also, add test infrasturcture esp. the certification handling,
non-certificate credentials are take as runtime input and certificated
are build time input for testing.
A real application can set certificates at runtime too.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
In order to mitigate side channel attacks, even if the PWE is found the WPA
supplicant goes through full iterations, but in some low-resource systems
this can be intensive, so, add an option to exit early.
Note that this is highly insecure and shouldn't be used in production
Signed-off-by: Gang Li <gang.li_1@nxp.com>
This should be configurable by applications in case a full CLI interface
to the WPA supplicant is needed.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Wi-Fi shell now uses _sta/_ap APIs to getch specific inteface types, so,
by default register as a Station.
This needs more work to handle multiple modes and mode switching.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
WIFI_REASON_DISCONN_UNSPECIFIED is 1, when disconnect reason is 0,
wpas_to_wifi_mgmt_disconn_status return the
WIFI_REASON_DISCONN_UNSPECIFIED and print error log "Disconnection
request failed (1)"
Signed-off-by: Gaofeng Zhang <gaofeng.zhang@nxp.com>
WPA supplicant as a network manager monitors interface events and
registers to the Wi-Fi NM module, so, adding a check for NM type before
registering the interface is wrong.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
We only need the interface to be administratively up, the operationl
status is managed by the WPA supplicant.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Due to recent changes to hostap, the stack usage is increased, so,
increase the stack size to fix SoF.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Fixes build issues when Wi-Fi security is enabled for default
implementation, the alternative implementation is managed separately,
and doesn't need these.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Use select_network instead of enable_network, then can trigger sta
connection mutiple times. Also update the configuration in
add_interface().
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Split wifi interface into station mode and soft-AP mode, as there may be
station and soft-AP two interfaces that work concurrently.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Remove CONFIG_NO_PBKDF2 and CONFIG_NO_CONFIG_BLOBS definition
and let them be decided in kconfig.
CONFIG_NO_PBKDF2 is default y when crypto backend is
WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE.
CONFIG_NO_CONFIG_BLOBS is default y when both DPP and enterprise disable.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add Platform Secure Architecture support support to use
HW acceleration, which needs to be called under PSA driver wrapper
in mbedtls 3.x.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add kconfig CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT to get more mbedtls
functionality for enterprise and DPP.
Split cmake sources related to hostap SME and crypto backend.
Default backend CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO use internal crypto
and some mbedtls apis.
Backend CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT use most mbedtls apis
and PSA apis, except some apis no longer supported in mbedtls 3.x,
or called in the middle of hostap and mbedtls.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
This change deprecates CONFIG_POSIX_SIGNAL in favour of
the plural CONFIG_POSIX_SIGNALS, which maps directly to the
name of the standard POSIX Option Group POSIX_SIGNALS.
Additionally, mark signals as experimental.
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
The POSIX_MAX_FDS option does not correspond to any standard
POSIX option. It was used to define the size of the file
descriptor table, which is by no means exclusively used by
POSIX (also net, fs, ...).
POSIX_MAX_FDS is being deprecated in order to ensure that
Zephyr's POSIX Kconfig variables correspond to those defined in
the specification, as of IEEE 1003.1-2017. Namely,
POSIX_OPEN_MAX. CONFIG_POSIX_MAX_OPEN_FILES is being deprecated
for the same reason.
To mitigate any possible layering violations, that option is
not user selectable. It tracks the newly added
CONFIG_ZVFS_OPEN_MAX option, which is native to Zephyr.
With this deprecation, we introduce the following Kconfig
options that map directly to standard POSIX Option Groups by
simply removing "CONFIG_":
* CONFIG_POSIX_DEVICE_IO
Similarly, with this deprecation, we introduce the following
Kconfig options that map directly to standard POSIX Options by
simply removing "CONFIG":
* CONFIG_POSIX_OPEN_MAX
In order to maintain parity with the current feature set, we
introduce the following Kconfig options.
* CONFIG_POSIX_DEVICE_IO_ALIAS_CLOSE
* CONFIG_POSIX_DEVICE_IO_ALIAS_OPEN
* CONFIG_POSIX_DEVICE_IO_ALIAS_READ
* CONFIG_POSIX_DEVICE_IO_ALIAS_WRITE
Gate open(), close(), read(), and write() via the
CONFIG_POSIX_DEVICE_IO Kconfig option and move
implementations into device_io.c, to be conformant with the
spec.
Lastly, stage function names for upcoming ZVFS work, to be
completed as part of the LTSv3 Roadmap (e.g. zvfs_open(), ..).
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
The POSIX_CLOCK option does not correspond to any standard
option. It was used to active features of several distinct
POSIX Options and Option Groups, which complicated API and
application configuration as a result.
POSIX_CLOCK is being deprecated in order to ensure that Zephyr's
POSIX Kconfig variables correspond to those defined in the
specification, as of IEEE 1003.1-2017.
Additionally, CONFIG_TIMER is being deprecated because it does
not match the corresponding POSIX Option (_POSIX_TIMERS).
With this deprecation, we introduce the following Kconfig
options that map directly to standard POSIX Option Groups by
simply removing "CONFIG_":
* CONFIG_POSIX_TIMERS
Similarly, we introduce the following Kconfig options that
map directly to standard POSIX Options by simply removing
"CONFIG":
* CONFIG_POSIX_CLOCK_SELECTION
* CONFIG_POSIX_CPUTIME
* CONFIG_POSIX_DELAYTIMER_MAX
* CONFIG_POSIX_MONOTONIC_CLOCK
* CONFIG_POSIX_TIMEOUTS
* CONFIG_POSIX_TIMER_MAX
In order to maintain parity with the current feature set, we
introduce the following Kconfig options that map directly to
standard POSIX Option Groups by simply removing "CONFIG_":
* CONFIG_POSIX_MULTI_PROCESS - sleep()
Similarly, in order to maintain parity with the current feature
set, we introduce the following additional Kconfig options that
map directly to standard POSIX Options by simply removing
"CONFIG":
* CONFIG_XSI_SINGLE_PROCESS - gettimeofday()
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Remove the `_MAC` part because those Kconfig options enable only hash
algorithms, nothing MAC-related, and the `_ENABLED` part to align the
naming to the Mbed TLS defines (plus we don't need such a part).
As a bonus, enabling SHA-256 does not automatically enable SHA-224
anymore.
See the migration guide entries for more details on the practical
changes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
The wpas_to_wifi_mgmt_diconn_status() was missing "s" char,
so name it to wpas_to_wifi_mgmt_disconn_status() as that is
more descriptive.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Handle scan results event in order to avoid warning print
for unhandled event. The event is not used for anything atm,
this just prevents unknown event printout.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Support BSSID configuration while setting up the network information
as part of the connect command processing.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Channel 14 in JP is still allowed (though OFDM is disabled), this wasn't
handled by operating class 81, so, add 82 to the list.
We still need to full implement regulatory support in the WPA
supplicant but that is handled in separate fix.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This makes it readable and also scalable for upcoming extension of
operating classes.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Comment out mbedtls symbols that do not have a proper Kconfig
setting. Future commits will need to add relevant support in mbedtls
side to provided needed symbols so that they can be used in hostap
and uncomment these.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
