From e419a6bb9b196726e8ca98bc7267b88515ece747 Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Wed, 27 Nov 2024 12:36:38 +0100 Subject: [PATCH 1/9] Revert "[nrf noup] hostap: Fix PSA config" This reverts commit 86bff0f8539ae0fc7154bac0ccd889b4133cc298. Signed-off-by: Robert Lubos --- modules/hostap/CMakeLists.txt | 2 +- modules/hostap/Kconfig | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/hostap/CMakeLists.txt b/modules/hostap/CMakeLists.txt index 7ad0d22bb6a..1a97360b48e 100644 --- a/modules/hostap/CMakeLists.txt +++ b/modules/hostap/CMakeLists.txt @@ -668,9 +668,9 @@ zephyr_library_sources( ${HOSTAP_SRC_BASE}/crypto/aes-internal-enc.c ${HOSTAP_SRC_BASE}/crypto/rc4.c ${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls_alt.c + ${HOSTAP_SRC_BASE}/crypto/tls_mbedtls_alt.c ${HOSTAP_SRC_BASE}/crypto/sha256-kdf.c ${HOSTAP_BASE}/port/mbedtls/supp_psa_api.c - ${HOSTAP_SRC_BASE}/crypto/tls_none.c ) endif() diff --git a/modules/hostap/Kconfig b/modules/hostap/Kconfig index 300a61e5cd6..f6c75f1a46c 100644 --- a/modules/hostap/Kconfig +++ b/modules/hostap/Kconfig @@ -257,9 +257,12 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA select MBEDTLS select NRF_SECURITY select PSA_WANT_GENERATE_RANDOM + select MBEDTLS_TLS_LIBRARY select MBEDTLS_PK_C - select MBEDTLS_MD_C select MBEDTLS_PK_WRITE_C + select MBEDTLS_X509_LIBRARY + select MBEDTLS_X509_CRT_PARSE_C + select MBEDTLS_SSL_TLS_C select MBEDTLS_ENABLE_HEAP select MBEDTLS_PSA_CRYPTO_C select MBEDTLS_USE_PSA_CRYPTO From 3cad48353239b79e989a9a726eba8b7acfc78bf7 Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Wed, 27 Nov 2024 12:36:42 +0100 Subject: [PATCH 2/9] Revert "[nrf noup] modules: hostap: Add NCS PSA for hostap crypto ALT" This reverts commit 33919fc981c12469ea96f987c23b90bfa5a8ebea. Signed-off-by: Robert Lubos --- modules/hostap/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/hostap/Kconfig b/modules/hostap/Kconfig index f6c75f1a46c..e2d3b1d3fbc 100644 --- a/modules/hostap/Kconfig +++ b/modules/hostap/Kconfig @@ -109,7 +109,6 @@ config WIFI_NM_WPA_SUPPLICANT_WEP choice WIFI_NM_WPA_SUPPLICANT_CRYPTO_BACKEND prompt "WPA supplicant crypto implementation" - default WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA if SOC_SERIES_NRF54HX default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA if SOC_SERIES_NRF54LX || BUILD_WITH_TFM default WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS help From e2d65e90173ce0bf3195a355ebd3974c0e20f293 Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Wed, 27 Nov 2024 12:36:46 +0100 Subject: [PATCH 3/9] Revert "[nrf noup] modules: hostap: Fix NS build" This reverts commit 34010be2771b5c800fefa5d09938a982b12b2088. Signed-off-by: Robert Lubos --- modules/hostap/Kconfig | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/modules/hostap/Kconfig b/modules/hostap/Kconfig index e2d3b1d3fbc..ebee7eb1908 100644 --- a/modules/hostap/Kconfig +++ b/modules/hostap/Kconfig @@ -109,7 +109,7 @@ config WIFI_NM_WPA_SUPPLICANT_WEP choice WIFI_NM_WPA_SUPPLICANT_CRYPTO_BACKEND prompt "WPA supplicant crypto implementation" - default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA if SOC_SERIES_NRF54LX || BUILD_WITH_TFM + default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA if SOC_SERIES_NRF54LX default WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS help Select the crypto implementation to use for WPA supplicant. @@ -231,26 +231,6 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS select MBEDTLS_CIPHER_PADDING_PKCS7 select MBEDTLS_PKCS5_C -config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS_PSA - bool "Legacy Crypto support for WiFi using nRF security" - select MBEDTLS - select NRF_SECURITY - select PSA_WANT_GENERATE_RANDOM - select MBEDTLS_CIPHER_MODE_CBC - select MBEDTLS_CIPHER_MODE_CTR - select MBEDTLS_LEGACY_CRYPTO_C - select MBEDTLS_SHA1_C - select MBEDTLS_ECP_C - select MBEDTLS_CTR_DRBG_C - select MBEDTLS_PK_C - select MBEDTLS_PKCS5_C - select MBEDTLS_PK_PARSE_C - select MBEDTLS_CMAC_C - select MBEDTLS_CIPHER_PADDING_PKCS7 - select MBEDTLS_PK_WRITE_C - select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED - select MBEDTLS_ENTROPY_C - config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA bool "PSA Crypto support for WiFi WPA2 using nRF security" select MBEDTLS From f8839133eeddf4457c20bb6911dbd9953de1dacc Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Wed, 27 Nov 2024 12:36:49 +0100 Subject: [PATCH 4/9] Revert "[nrf noup] modules: hostap: Fix duplicate define warning" This reverts commit 2635f7ebbdd9d1a50b6acea9ac8ebb24404790a1. Signed-off-by: Robert Lubos --- modules/hostap/CMakeLists.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/hostap/CMakeLists.txt b/modules/hostap/CMakeLists.txt index 1a97360b48e..9da142555e8 100644 --- a/modules/hostap/CMakeLists.txt +++ b/modules/hostap/CMakeLists.txt @@ -683,4 +683,8 @@ if(CONFIG_SAE_PWE_EARLY_EXIT) "please use it carefully and do not use it production.") endif() +zephyr_library_compile_definitions_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT + MBEDTLS_NIST_KW_C +) + endif() From 88acae693ef92fac4dd0fb731839792068a2bb10 Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Wed, 27 Nov 2024 12:36:52 +0100 Subject: [PATCH 5/9] Revert "[nrf noup] modules: hostap: Add NCS PSA for hostap crypto ALT" This reverts commit 01ba392c24d1e4da52eadd2c3f4073f738c03f3b. Signed-off-by: Robert Lubos --- modules/hostap/CMakeLists.txt | 19 ---------------- modules/hostap/Kconfig | 41 ++--------------------------------- 2 files changed, 2 insertions(+), 58 deletions(-) diff --git a/modules/hostap/CMakeLists.txt b/modules/hostap/CMakeLists.txt index 9da142555e8..5dd6319dd54 100644 --- a/modules/hostap/CMakeLists.txt +++ b/modules/hostap/CMakeLists.txt @@ -655,25 +655,6 @@ zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_TEST ) endif() -if(DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA) -zephyr_include_directories( - ${HOSTAP_BASE}/port/mbedtls -) - -zephyr_library_sources( - ${HOSTAP_SRC_BASE}/crypto/aes-wrap.c - ${HOSTAP_SRC_BASE}/crypto/aes-unwrap.c - ${HOSTAP_SRC_BASE}/crypto/aes-internal-dec.c - ${HOSTAP_SRC_BASE}/crypto/aes-internal.c - ${HOSTAP_SRC_BASE}/crypto/aes-internal-enc.c - ${HOSTAP_SRC_BASE}/crypto/rc4.c - ${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls_alt.c - ${HOSTAP_SRC_BASE}/crypto/tls_mbedtls_alt.c - ${HOSTAP_SRC_BASE}/crypto/sha256-kdf.c - ${HOSTAP_BASE}/port/mbedtls/supp_psa_api.c -) -endif() - zephyr_library_link_libraries_ifndef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE mbedTLS) diff --git a/modules/hostap/Kconfig b/modules/hostap/Kconfig index ebee7eb1908..a2d643e196d 100644 --- a/modules/hostap/Kconfig +++ b/modules/hostap/Kconfig @@ -231,42 +231,6 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS select MBEDTLS_CIPHER_PADDING_PKCS7 select MBEDTLS_PKCS5_C -config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA - bool "PSA Crypto support for WiFi WPA2 using nRF security" - select MBEDTLS - select NRF_SECURITY - select PSA_WANT_GENERATE_RANDOM - select MBEDTLS_TLS_LIBRARY - select MBEDTLS_PK_C - select MBEDTLS_PK_WRITE_C - select MBEDTLS_X509_LIBRARY - select MBEDTLS_X509_CRT_PARSE_C - select MBEDTLS_SSL_TLS_C - select MBEDTLS_ENABLE_HEAP - select MBEDTLS_PSA_CRYPTO_C - select MBEDTLS_USE_PSA_CRYPTO - select PSA_WANT_ALG_HMAC - select PSA_WANT_ALG_CMAC - select PSA_WANT_ALG_ECB_NO_PADDING - select PSA_WANT_ALG_CBC_PKCS7 - select PSA_ACCEL_CBC_MAC_AES_128 - select PSA_ACCEL_CBC_MAC_AES_192 - select PSA_ACCEL_CBC_MAC_AES_256 - select PSA_WANT_ALG_CCM - select PSA_WANT_ALG_GCM - select PSA_WANT_ALG_CTR - select PSA_WANT_ALG_MD5 - select PSA_ACCEL_MD5 - select PSA_WANT_ALG_SHA_1 - select PSA_WANT_ALG_SHA_256 - select PSA_WANT_ALG_SHA_224 - select PSA_WANT_ALG_SHA_384 - select PSA_WANT_ALG_SHA_512 - select PSA_WANT_ALG_PBKDF2_HMAC - select PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - select PSA_WANT_KEY_TYPE_AES - select PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY - config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE bool "No Crypto support for WiFi" @@ -274,7 +238,6 @@ endchoice config WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA bool "Crypto Platform Secure Architecture support for WiFi" - default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA help Support Mbedtls 3.x to use PSA apis instead of legacy apis. @@ -291,7 +254,7 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE select MBEDTLS_X509_CRL_PARSE_C select MBEDTLS_TLS_VERSION_1_2 select MBEDTLS_RSA_C - depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE && !WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA + depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE config EAP_TLS bool "EAP-TLS support" @@ -348,7 +311,7 @@ config EAP_ALL config WIFI_NM_WPA_SUPPLICANT_WPA3 bool "WPA3 support" - depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE && !WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA + depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE default y config WIFI_NM_WPA_SUPPLICANT_AP From 820eba286891e364f1bc164af7210c2497685229 Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Wed, 27 Nov 2024 12:38:11 +0100 Subject: [PATCH 6/9] Revert "[nrf noup] modules: hostap: Support Wi-Fi EAP-TLS mode" This reverts commit 371c48ba2d02527923ad92b49145f0c5ee360efb. Signed-off-by: Robert Lubos --- modules/hostap/CMakeLists.txt | 15 ++------------- modules/hostap/Kconfig | 34 ++-------------------------------- 2 files changed, 4 insertions(+), 45 deletions(-) diff --git a/modules/hostap/CMakeLists.txt b/modules/hostap/CMakeLists.txt index 5dd6319dd54..3b7dc80e210 100644 --- a/modules/hostap/CMakeLists.txt +++ b/modules/hostap/CMakeLists.txt @@ -612,20 +612,15 @@ zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE ) endif() -if(DEFINED ONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT OR - DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS) +if(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT) zephyr_include_directories( ${HOSTAP_BASE}/port/mbedtls ) zephyr_library_sources( ${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls_alt.c + ${HOSTAP_SRC_BASE}/crypto/tls_mbedtls_alt.c ${HOSTAP_SRC_BASE}/crypto/rc4.c - ${HOSTAP_SRC_BASE}/crypto/aes-wrap.c - ${HOSTAP_SRC_BASE}/crypto/aes-unwrap.c - ${HOSTAP_SRC_BASE}/crypto/aes-internal-dec.c - ${HOSTAP_SRC_BASE}/crypto/aes-internal.c - ${HOSTAP_SRC_BASE}/crypto/aes-internal-enc.c ) zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA @@ -639,14 +634,8 @@ zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE ${HOSTAP_SRC_BASE}/crypto/sha1-internal.c ${HOSTAP_SRC_BASE}/crypto/fips_prf_internal.c ${HOSTAP_SRC_BASE}/crypto/milenage.c - ${HOSTAP_SRC_BASE}/crypto/tls_mbedtls_alt.c ) -zephyr_library_sources_ifndef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE - ${HOSTAP_SRC_BASE}/crypto/tls_none.c -) - - zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_TEST ${HOSTAP_SRC_BASE}/crypto/crypto_module_tests.c ${HOSTAP_SRC_BASE}/crypto/fips_prf_internal.c diff --git a/modules/hostap/Kconfig b/modules/hostap/Kconfig index a2d643e196d..c22f418d5c7 100644 --- a/modules/hostap/Kconfig +++ b/modules/hostap/Kconfig @@ -109,8 +109,8 @@ config WIFI_NM_WPA_SUPPLICANT_WEP choice WIFI_NM_WPA_SUPPLICANT_CRYPTO_BACKEND prompt "WPA supplicant crypto implementation" + default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA if SOC_SERIES_NRF54LX - default WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS help Select the crypto implementation to use for WPA supplicant. WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT supports enterprise mode @@ -211,26 +211,6 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA select MBEDTLS_PKCS5_C select MBEDTLS_ECP_DP_SECP256R1_ENABLED -config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS - bool "Legacy Crypto support for WiFi using nRF security" - select MBEDTLS - select NRF_SECURITY - select MBEDTLS_CIPHER_MODE_CBC - select MBEDTLS_CIPHER_MODE_CTR - select MBEDTLS_LEGACY_CRYPTO_C - select MBEDTLS_ENTROPY_C - select MBEDTLS_CIPHER - select MBEDTLS_ECP_C - select MBEDTLS_CTR_DRBG_C - select MBEDTLS_PK_WRITE_C - select MBEDTLS_HKDF_C - select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED - select MBEDTLS_MD_C - select MBEDTLS_MD5_C - select MBEDTLS_ENTROPY_C - select MBEDTLS_CIPHER_PADDING_PKCS7 - select MBEDTLS_PKCS5_C - config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE bool "No Crypto support for WiFi" @@ -243,17 +223,7 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE bool "Enterprise Crypto support for WiFi" - select MBEDTLS_ECDH_C - select MBEDTLS_ECDSA_C - select MBEDTLS_DHM_C - select MBEDTLS_SSL_TLS_C - select MBEDTLS_SSL_SRV_C - select MBEDTLS_SSL_CLI_C - select MBEDTLS_X509_LIBRARY - select MBEDTLS_TLS_LIBRARY - select MBEDTLS_X509_CRL_PARSE_C - select MBEDTLS_TLS_VERSION_1_2 - select MBEDTLS_RSA_C + select MBEDTLS_PEM_CERTIFICATE_FORMAT depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE config EAP_TLS From d524d70447d8bad93aa59b4aedcc5f3f39b50f57 Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Wed, 27 Nov 2024 12:38:24 +0100 Subject: [PATCH 7/9] Revert "[nrf noup] hostap: Support legacy dependency checkup for nrf_security" This reverts commit d49b48948df10dfc90f8376ede2c248377462e00. Signed-off-by: Robert Lubos --- modules/hostap/Kconfig | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/hostap/Kconfig b/modules/hostap/Kconfig index c22f418d5c7..f55ef4da085 100644 --- a/modules/hostap/Kconfig +++ b/modules/hostap/Kconfig @@ -136,7 +136,6 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED select MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED - select MBEDTLS_ECP_DP_SECP256R1_ENABLED config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT bool "Crypto Mbedtls alt support for WiFi" @@ -163,7 +162,6 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT select MBEDTLS_SERVER_NAME_INDICATION select MBEDTLS_X509_CRL_PARSE_C select MBEDTLS_TLS_VERSION_1_2 - select MBEDTLS_ECP_DP_SECP256R1_ENABLED config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS bool "Legacy Crypto support for WiFi using nRF security" @@ -182,7 +180,6 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS select MBEDTLS_CIPHER_PADDING_PKCS7 select MBEDTLS_PK_WRITE_C select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED - select MBEDTLS_ECP_DP_SECP256R1_ENABLED config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA bool "PSA Crypto support for WiFi using nRF security" @@ -209,7 +206,6 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA select MBEDTLS_MD_C select MBEDTLS_CIPHER_PADDING_PKCS7 select MBEDTLS_PKCS5_C - select MBEDTLS_ECP_DP_SECP256R1_ENABLED config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE bool "No Crypto support for WiFi" From b83e2f3a68647f42b433c7171bb1616a4685bd7a Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Wed, 27 Nov 2024 12:38:27 +0100 Subject: [PATCH 8/9] Revert "[nrf noup] modules: hostap: Use nRF security" This reverts commit b8406ebd3e2e73dd78b8c4cd600267db2355c3a9. Signed-off-by: Robert Lubos --- modules/hostap/CMakeLists.txt | 10 ++----- modules/hostap/Kconfig | 50 +++-------------------------------- 2 files changed, 5 insertions(+), 55 deletions(-) diff --git a/modules/hostap/CMakeLists.txt b/modules/hostap/CMakeLists.txt index 3b7dc80e210..9a0fd21d2cb 100644 --- a/modules/hostap/CMakeLists.txt +++ b/modules/hostap/CMakeLists.txt @@ -564,10 +564,8 @@ zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_DPP ${HOSTAP_SRC_BASE}/tls/asn1.c ) -# crypto mbedtls related CRYPTO OR LEGACY_NCS -if(DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO OR - DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS OR - DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA) +# crypto mbedtls related +if(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO) zephyr_library_sources( ${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls-bignum.c ${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls-ec.c @@ -653,8 +651,4 @@ if(CONFIG_SAE_PWE_EARLY_EXIT) "please use it carefully and do not use it production.") endif() -zephyr_library_compile_definitions_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT - MBEDTLS_NIST_KW_C -) - endif() diff --git a/modules/hostap/Kconfig b/modules/hostap/Kconfig index f55ef4da085..e22059f00f0 100644 --- a/modules/hostap/Kconfig +++ b/modules/hostap/Kconfig @@ -109,8 +109,7 @@ config WIFI_NM_WPA_SUPPLICANT_WEP choice WIFI_NM_WPA_SUPPLICANT_CRYPTO_BACKEND prompt "WPA supplicant crypto implementation" - default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS - default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA if SOC_SERIES_NRF54LX + default WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT help Select the crypto implementation to use for WPA supplicant. WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT supports enterprise mode @@ -150,63 +149,20 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT select MBEDTLS_CIPHER select MBEDTLS_ECP_C select MBEDTLS_ECP_ALL_ENABLED - select MBEDTLS_CMAC_C + select MBEDTLS_CMAC select MBEDTLS_PKCS5_C select MBEDTLS_PK_WRITE_C select MBEDTLS_ECDH_C select MBEDTLS_ECDSA_C select MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + select MBEDTLS_NIST_KW_C select MBEDTLS_DHM_C select MBEDTLS_HKDF_C select MBEDTLS_SERVER_NAME_INDICATION select MBEDTLS_X509_CRL_PARSE_C select MBEDTLS_TLS_VERSION_1_2 -config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS - bool "Legacy Crypto support for WiFi using nRF security" - select MBEDTLS - select NRF_SECURITY - select MBEDTLS_CIPHER_MODE_CBC - select MBEDTLS_CIPHER_MODE_CTR - select MBEDTLS_LEGACY_CRYPTO_C - select MBEDTLS_SHA1_C - select MBEDTLS_ECP_C - select MBEDTLS_CTR_DRBG_C - select MBEDTLS_PK_C - select MBEDTLS_PKCS5_C - select MBEDTLS_PK_PARSE_C - select MBEDTLS_CMAC_C - select MBEDTLS_CIPHER_PADDING_PKCS7 - select MBEDTLS_PK_WRITE_C - select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED - -config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA - bool "PSA Crypto support for WiFi using nRF security" - select MBEDTLS - select NRF_SECURITY - select PSA_WANT_GENERATE_RANDOM - # Legacy crypto, still needed - select MBEDTLS_SHA1_C - select MBEDTLS_LEGACY_CRYPTO_C - select MBEDTLS_CMAC_C - select MBEDTLS_GCM_C - select MBEDTLS_TLS_LIBRARY - select MBEDTLS_PK_C - select MBEDTLS_PK_WRITE_C - select MBEDTLS_X509_LIBRARY - select MBEDTLS_X509_CRT_PARSE_C - select MBEDTLS_CIPHER_C - select MBEDTLS_CIPHER_MODE_CTR - select MBEDTLS_CIPHER_MODE_CBC - select MBEDTLS_SSL_TLS_C - select MBEDTLS_ECP_C - select MBEDTLS_CTR_DRBG_C - select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED - select MBEDTLS_MD_C - select MBEDTLS_CIPHER_PADDING_PKCS7 - select MBEDTLS_PKCS5_C - config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE bool "No Crypto support for WiFi" From 90e9f11016c91f596b42f021c7c670c70cd728b1 Mon Sep 17 00:00:00 2001 From: Chaitanya Tata Date: Tue, 12 Nov 2024 00:12:59 +0530 Subject: [PATCH 9/9] [nrf fromtree] modules: hostap: Add external crypto support Add an option for platforms or forks to provide their own hostap compatible crypto implementation. This may include proprietary or platform specific stuff that may or may not be upstreamed to Zephyr. Signed-off-by: Chaitanya Tata (cherry picked from commit bbfb546e57766540c782fc116721c5dedbd6656a) --- modules/hostap/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/hostap/Kconfig b/modules/hostap/Kconfig index e22059f00f0..813a9b91ed6 100644 --- a/modules/hostap/Kconfig +++ b/modules/hostap/Kconfig @@ -166,6 +166,14 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE bool "No Crypto support for WiFi" +config WIFI_NM_WPA_SUPPLICANT_CRYPTO_EXT + bool "External Crypto support for hostap" + help + Use external crypto implementation for hostp, this is useful for + platforms where the crypto implementation is provided by the platform + and not by Zephyr. The external crypto implementation should provide + the required APIs and any other dependencies required by hostap. + endchoice config WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA