Earlier we had socketpair to pass wifi event information from
wpa_supplicant side to zephyr adaption layer. This is now replaced
by k_fifo to save some RAM.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
1. When external station connects to soft ap, zephyr
hostap will fill sta_info before sending mgmt event
to l2 wifi layer.
sta_info.twt_capable should be filled with external
station capability rather than soft ap self.
2. Rename hapd_is_twt_capable to
hapd_get_sta_he_twt_capable.
Try to get twt_capa form capability of external station
rather than soft ap.
Signed-off-by: Qiankun Li <qiankun.li@nxp.com>
Add a snippet for Wi-Fi credentials support. Update the heap sizes as
required for enterprise mode.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Added kconfig for regulatory domain in hostapd. Default is set to
00 as World Wide mode.
Also added 3rd octet kconfig to set regulatory environment and set
it to 32 for all supported environments.
Signed-off-by: Abhinav Kulkarni <abhinav.kulkarni@nxp.com>
Instead of using 32 bit enum values for event numbers, convert
the code to use 64 bit long bit fields. This means that the
user API is changed to use 64 bit event values instead of 32
bit event values.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
[Description]
After DUT connects to AP through DPP,
enter 'wifi status' to check connection status.
Security shows UNKNOWN.
[Analysis]
1. DUT supplicant will add a dpp network after
receiving GAS response.
Assign ssid->key_mgmt as WPA_KEY_MGMT_DPP.
2. Call wpas_key_mgmt_to_zephyr() to convert
hostapd/supplicant security type to zephry
security type.
In this function, convert WPA_KEY_MGMT_DPP
to WIFI_SECURITY_TYPE_UNKNOWN.
[Fix]
1. Add code to convert WPA_KEY_MGMT_DPP
to WIFI_SECURITY_TYPE_DPP.
Signed-off-by: Qiankun Li <qiankun.li@nxp.com>
Add missing curly braces in if/while/for statements.
This is a style guideline we have that was not enforced in CI. All
issues fixed here were detected by sonarqube SCA.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Turn the MBEDTLS_RSA_FULL selects into depends on.
This is how the other MBEDTLS_KEY_EXCHANGE_* Kconfig options are defined.
This is done to avoid circular dependencies.
At the same time update uses of the affected MBEDTLS_KEY_EXCHANGE_*
Kconfig options to enable/disable the dependencies which used to be
automatically handled.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
SoftAP operation needs around 5700 bytes of stack. With a
buffer of 100 bytes, set the supplicant stack size to 5800.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Instead of hard coding some random value to layer code, use the
code that is registered in net_mgmt.h
This way it is easier to keep track of used layer codes in the
future, and we also allow out-of-tree components a way to avoid
allocating same layer code to in-tree-source code.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The _ is a reserved character in front of the symbols so remove
it from network management event macros. The remaining string
without the _ will identify the network API anyway so having
underscore there is not needed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Background:
In DPP hostapd will put more than 1K bytes text in multiple
wpa_msg calls in one loop. This will drain hostapd monitor
socket pair and fail. Thus DPP connection will fail.
The monitor socket pair of wpa_supplicant and hostapd are not like
ctrl_iface socket pair, which are used for sending command to
hostap from other tasks. The monitor socket pair is used by wpa_msg
to send messages to attatched ctrl_iface monitors. But in zephyr case,
the monitor is hostap task itself.
This means hostap task is both the sender and receiver task.
So it writes all the wpa_msg text into FIFO and read it in next loop.
So there is risk of draining socket pair FIFO and missing msg.
And the reading socket loop can be omitted by directly handling msg
in wpa_msg_cb.
Linux uses monitor socket pair because hostap is a process and wpa_msg
does cross-process communication.
But zephyr hostap is used as module in the same binary with
zephyr kernel.
So the usage is different and we don't need to use socket pair to
notify ctrl_iface monitors.
As long as we don't do time-consuming process in zephyr_wpa_msg_cb,
it won't affect hostap task.
So the zephyr_wpa_msg_cb will only filter and restore interesting logs,
or raise mgmt events to wifi l2 mgmt task.
Fix:
Remove socket send flow in wpa_msg.
Directly filter and handle text in zephyr_wpa_msg_cb,
coding in zephyr repo.
This will save 2K RAM in supplicant case and 4K RAM in
supplicant & hostapd coex case, in current default hostap
socket pair config.
And this will save max 50% loops of hostap task.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Created new files and relocate hostapd support code in glue layer to new
files. The new files will be compiled only if hostapd support is enabled.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
Increase stack size of supplicant thread to fix crash seen during
enterprise mode connection. Increase heap requirement of hostap
to handle TLS processing failures.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
The interface workq thread and supplicant handler thread
did not had names set to them. Set the names so that it is
easier to find them from "kernel thread stacks" list.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
-Mbed TLS has come up with its own naming-convention with regards
to certain Mbed TLS configurations for TLS/DTLS and X.509. This
commit fixes a couple of them by depending on MBEDTLS_BUILTIN
which is set when Kconfig.tls-generic is used
1. Make MBEDTLS_PEM_CERTIFICATE_FORMAT depend on MBEDTLS_BUILTIN
The proper name for this functionaity is MBEDTL_PEM_PARSE_C and
MBEDTLS_PEM_WRITE_C
2. Make MBEDTLS_SERVER_NAME_INDICATION depend on MBEDTLS_BUILTIN
The proper name for this is MBEDTLS_SSL_SERVER_NAME_INDICATION
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-PSA_WANT_ALG_CMAC must be set for PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
to be valid. This commit fixes this mismatch for hostap
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
Remove `select FILE_SYSTEM` from `WIFI_NM_WPA_SUPPLICANT`, originally
added in 3fc932c5. The selection is not required by any tests, and does
not appear to be used by any code in the module.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Enable MBEDTLS_SHA384 support to use of RSA3K + Suite-B, that
is required by WPA3-Enterprise.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
In case interface is UP, the interface is added to WPA supplicant in the
iface_wq itself and the max stack size is 4264, so, increase the stack
size of the iface_wq.
If the interface is added via net_mgmt thread then it works fine.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Added new parameter "A" in wifi connect command to support
CA certificate used or CA certificate skipped for
EAP-TTLS-MSCHAPV2 and EAP-PEAP-MSCHAPV2.
Signed-off-by: Qingling Wu <qingling.wu@nxp.com>
During experiments it was observed that workqueue uses a maximum of
3872 bytes, so, with cushion added set it to 4096.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
When connecting to a WPA3 connection, the max stack size observed was
5456, fix the SoF by increasing by 200bytes (cushion added).
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
nRF boards have a ROM crunch esp. with combined with Matter/networking
features, as the advanced features are not essential for typical Wi-Fi
operation, disable them by default. Individual samples can choose to
enable it.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Based on few tests, it was observed that WPA supplicant's maximum usage
for connection and disconnection is 4360.
This would save ~4K which is huge as we have a crunch for RAM.
This was missed when hostap was upstreamed from NCS.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Allow user to specify protocol extensions when receiving data
from Ethernet network. This means that user can register L3
protocol handler using NET_L3_REGISTER() with the desired
protocol type. Ethernet code will then call the handler if
such a protocol type packet is received. This is currently
only implemented for Ethernet. The original IPv4 and IPv6
handling is left intact even if they can be considered to
be L3 layer protocol. This could be changed in the future
if needed so that IPv4 and IPv6 handling could be made
pluggable protocols.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Zephyr introduced postive feature flags to make advanced features
conditional but the upstream has followed a negative feature flag
for advanced features, and during upmerge these two weren't reconciled.
Fix the build in case advanced features are disabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
'wifi status' CMD shows wrong security information when STA connects to
Ext-AP with WIFI_SECURITY_TYPE_SAE_HNP, after connection using
WIFI_SECURITY_TYPE_SAE_AUTO. Setting sae_pwe for all the WPA3 SAE types
can fix this issue.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
For 'wifi status' and 'wifi ap status' cmd of the hostap case,
originally only support getting 'EAP-TLS' for the enterprise
mode, which is not correct. Now support getting the specific
enterprise mode, including the WPA3 enterprise mode and
the EAP method type.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Change Wi-Fi suiteb type into WPA3 enterprise security type, it
includes suiteB, suiteB-192 and WPA3 enterprise only mode.
Support setting WPA3 enterprise only mode, which should use
cipher_config->key_mgmt as WPA-EAP-SHA256, and the AKM in RSN
IE will show 00-0F-AC:5.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Remove EAP TLS SHA256 security, as it was added to support the AKM
of 00-0F-AC:5 in RSN IE, but actually this AKM is used by WPA3
enterprise only mode.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Despite having higher log buffer sizes the log messages are being
dropped due to high rate (and longer messages) as hostap debugging is
very verbose, so, use "immediate" logging by default. As hostap is only
for control path this will not have impact on timing.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
As kernel heap is used for hostap, which replaced libc heap, then no
need to consider the MBEDTLS_ENABLE_HEAP case. For enterprise case,
mbedtls will use MBEDTLS_HEAP or libc heap to allocate memory, instead
of the kernel heap.
Modify the heap size for enterprise case to have necessary memory.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
For TFM example, MBEDTLS_PSA_CRYPTO_C has some dependencies and may not
be enabled, so use 'imply' instead of 'select' here for hostap
MBEDTLS_PSA case.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
It will be have a relative high probability to get continuous memory
for the next enterprise conenction, if free station certs memory
during disconnect, thus sys_heap need less memory for big size
EAP-TLS server cert packet, otherwise more memory space needed.
Signed-off-by: Rex Chen <rex.chen_1@nxp.com>
In Kconfig, already check both dpp and enterprise mode for enable
NO_CONFIG_BLOBS, so remove the wrong one in the cmakelist.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Jukka Rissanen
Qiankun Li
Ravi Dondaputi
Abhinav Kulkarni
Chaitanya Tata
Anas Nashif
Tomi Fontanilles
Fengming Ye
Hui Bai
Frank Audun Kvamtrø
Jordan Yates
Qingling Wu
Maochen Wang
Rex Chen