The security check case statements were in frequency band
setting checks. This is totally wrong and will cause compiler
warnings. Moving the checks to correct function.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
For add_interface(), only add STA interface when hostapd enabled,
and the Soft-AP interface will be added in zephyr_hostapd_init().
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
When we have coexistence of hostapd and wpa_supplicant,
wpa_msg has different implementation.
So to let them work together, we need to have common implementation
for wpa_msg and dispatch msgs for hostapd and wpa_supplicant.
So add register zephyr_hostap_ctrl_iface_msg_cb,
and judge if ctx is hostapd by the first integer where ctx points to.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Hostapd has TODO in hostapd_dpp_handle_config_obj,
to save DPP connector using wpa_msg.
AP DPP needs to use dpp_connector, dpp_netaccesskey and dpp_csign
in DPP Peer Discovery handshake in hostapd_dpp_rx_peer_disc_req.
So add AP DPP wpa_msg event handler to store these info.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add hostapd mgmt ops, some use same api as wpa_supplicant,
and DPP use different ops.
supplicant_dpp_dispatch use wpa_cli and hapd_dpp_dispatch use hostapd_cli.
And use common DPP param parse.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add null termination of ssid and psk. If user pass ssid,
psk without null terminator it will add by default.
Signed-off-by: Kapil Bhatt <kapil.bhatt@nordicsemi.no>
The default Max A-MPDU length is 8191 shown in the VHT Cap Info from
SAP's beacon/Assoc response, and this length is read from
hapd->iface->conf->vht_capab. It will lead to the AMPDU only contains
5 packets and the throughput is only 60Mbps for 1x1 HE case in 5GHz.
Change the default vht_capab to VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
(1048575), and the throughput can be increased to 83Mbps.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
When build with the psa_crypto_driver, it will try to include common.h
of mbedtls, but actually include the common.h from hostap, and causes
build error of undefined symbol. Use zephyr_interface_library_named
to define hostap, and other modules needs to link the library of hostap
when wants to use the header file in /utils path, such as the common.h.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA should not be by default
selected when WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT is selcted. Enable
PSA APIs if desired separately.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Set WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT as the default crypto
configuration. The crypto ALT implementation contains the necessary
crypto operations and also allows the user to choose PSA or non PSA
crypto operation.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Link mode shows unknown when legacy (A or bg only) device connects to
APUT. Set the link mode to WIFI_2 when the host freq over 4000 and set
link mode to WIFI_3 when the host freq over 2000.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
Added new flag CONFIG_WIFI_NM_HOSTAPD_AP for hostapd support. Once this
flag is enabled, softAP will be setup by hostapd. Both wpa_supplicant
and hostapd uses same task and eloop.
Included necessary hostapd files when compiling wifi samples if
CONFIG_WIFI_NM_HOSTAPD_AP is enabled. Added hostapd support for all
softAP command of L2 wifi shell commands.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
For Enterprise crypto MbedTLS needs more heap either separate pool or
libc heap, based on experiments 55000 was arrived for a successful
WPA2-EAP-TLS association.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add basic WPA2 EAP-TLS support.
Also, add test infrasturcture esp. the certification handling,
non-certificate credentials are take as runtime input and certificated
are build time input for testing.
A real application can set certificates at runtime too.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
In order to mitigate side channel attacks, even if the PWE is found the WPA
supplicant goes through full iterations, but in some low-resource systems
this can be intensive, so, add an option to exit early.
Note that this is highly insecure and shouldn't be used in production
Signed-off-by: Gang Li <gang.li_1@nxp.com>
This should be configurable by applications in case a full CLI interface
to the WPA supplicant is needed.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Wi-Fi shell now uses _sta/_ap APIs to getch specific inteface types, so,
by default register as a Station.
This needs more work to handle multiple modes and mode switching.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
WIFI_REASON_DISCONN_UNSPECIFIED is 1, when disconnect reason is 0,
wpas_to_wifi_mgmt_disconn_status return the
WIFI_REASON_DISCONN_UNSPECIFIED and print error log "Disconnection
request failed (1)"
Signed-off-by: Gaofeng Zhang <gaofeng.zhang@nxp.com>
WPA supplicant as a network manager monitors interface events and
registers to the Wi-Fi NM module, so, adding a check for NM type before
registering the interface is wrong.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
We only need the interface to be administratively up, the operationl
status is managed by the WPA supplicant.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Due to recent changes to hostap, the stack usage is increased, so,
increase the stack size to fix SoF.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Fixes build issues when Wi-Fi security is enabled for default
implementation, the alternative implementation is managed separately,
and doesn't need these.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Use select_network instead of enable_network, then can trigger sta
connection mutiple times. Also update the configuration in
add_interface().
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Split wifi interface into station mode and soft-AP mode, as there may be
station and soft-AP two interfaces that work concurrently.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Remove CONFIG_NO_PBKDF2 and CONFIG_NO_CONFIG_BLOBS definition
and let them be decided in kconfig.
CONFIG_NO_PBKDF2 is default y when crypto backend is
WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE.
CONFIG_NO_CONFIG_BLOBS is default y when both DPP and enterprise disable.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
