blob: f90ab2c0b8833c0e521264740f50a92f0b5f9397 [file] [log] [blame]
# WPA Supplicant configuration options
#
# Copyright (c) 2023 Nordic Semiconductor
#
# SPDX-License-Identifier: Apache-2.0
#
config WIFI_NM_WPA_SUPPLICANT
bool "WPA Suplicant from hostap project [EXPERIMENTAL]"
select POSIX_TIMERS
select POSIX_SIGNALS
select POSIX_API
select NET_SOCKETS
select NET_SOCKETS_PACKET
select NET_SOCKETPAIR
select NET_L2_WIFI_MGMT
select WIFI_NM
select EXPERIMENTAL
select COMMON_LIBC_MALLOC
help
WPA supplicant as a network management backend for WIFI_NM.
if WIFI_NM_WPA_SUPPLICANT
config COMMON_LIBC_MALLOC_ARENA_SIZE
default 40000 if WIFI_NM_WPA_SUPPLICANT_AP
# 8192 for MbedTLS heap
default 21808 if MBEDTLS_ENABLE_HEAP
# 30K is mandatory, but might need more for long duration use cases
default 30000
config WIFI_NM_WPA_SUPPLICANT_THREAD_STACK_SIZE
int "Stack size for wpa_supplicant thread"
default 8192
config WIFI_NM_WPA_SUPPLICANT_WQ_STACK_SIZE
int "Stack size for wpa_supplicant iface workqueue"
default 4096
config WIFI_NM_WPA_SUPPLICANT_WQ_PRIO
int "Thread priority of wpa_supplicant iface workqueue"
default 7
# Currently we default ZVFS_OPEN_MAX to 16 in lib/posix/Kconfig
# l2_packet - 1
# ctrl_iface - 2 * socketpairs = 4(local and global)
# z_wpa_event_sock - 1 socketpair = 2
# Remaining left for the applications running in default configuration
# Supplicant API is stack heavy (buffers + snprintfs) and control interface
# uses socketpair which pushes the stack usage causing overflow for 2048 bytes.
# So we set SYSTEM_WORKQUEUE_STACK_SIZE default to 2560 in kernel/Kconfig
module = WIFI_NM_WPA_SUPPLICANT
module-str = WPA supplicant
source "subsys/logging/Kconfig.template.log_config"
config WIFI_NM_WPA_SUPPLICANT_DEBUG_LEVEL
int "Min compiled-in debug message level for WPA supplicant"
default 0 if WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_DBG # MSG_EXCESSIVE
default 3 if WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_INF # MSG_INFO
default 4 if WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_WRN # MSG_WARNING
default 5 if WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_ERR # MSG_ERROR
default 6
help
Minimum priority level of a debug message emitted by WPA supplicant that
is compiled-in the firmware. See wpa_debug.h file of the supplicant for
available levels and functions for emitting the messages. Note that
runtime filtering can also be configured in addition to the compile-time
filtering.
# Memory optimizations
config WIFI_NM_WPA_SUPPLICANT_ADVANCED_FEATURES
bool "Advanced features"
default y
if WIFI_NM_WPA_SUPPLICANT_ADVANCED_FEATURES
config WIFI_NM_WPA_SUPPLICANT_ROBUST_AV
bool "Robust Audio Video streaming support"
default y
# Hidden as these are mandatory for WFA certification
config WIFI_NM_WPA_SUPPLICANT_WMM_AC
bool
default y
config WIFI_NM_WPA_SUPPLICANT_MBO
bool
default y
config WIFI_NM_WPA_SUPPLICANT_WNM
bool "Wireless Network Management support"
default y
config WIFI_NM_WPA_SUPPLICANT_RRM
bool "Radio Resource Management support"
default y
endif
config WIFI_NM_WPA_SUPPLICANT_WEP
bool "WEP (Legacy crypto) support"
choice WIFI_NM_WPA_SUPPLICANT_CRYPTO_BACKEND
prompt "WPA supplicant crypto implementation"
default WIFI_NM_WPA_SUPPLICANT_CRYPTO
help
Select the crypto implementation to use for WPA supplicant.
WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT support enterprise
and DPP. And use Mbedtls PSA apis for HW acceleration.
config WIFI_NM_WPA_SUPPLICANT_CRYPTO
bool "Crypto support for WiFi"
select MBEDTLS
select MBEDTLS_CIPHER_MODE_CTR_ENABLED
select MBEDTLS_CIPHER_MODE_CBC_ENABLED
select MBEDTLS_ECP_C
select MBEDTLS_ECP_ALL_ENABLED
select MBEDTLS_CMAC
select MBEDTLS_PKCS5_C
select MBEDTLS_PK_WRITE_C
select MBEDTLS_ECDH_C
select MBEDTLS_ECDSA_C
select MBEDTLS_ECJPAKE_C
select MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
select MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED
config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT
bool "Crypto Mbedtls alt support for WiFi"
select MBEDTLS
select MBEDTLS_CIPHER_MODE_CTR_ENABLED
select MBEDTLS_CIPHER_MODE_CBC_ENABLED
select MBEDTLS_ECP_C
select MBEDTLS_ECP_ALL_ENABLED
select MBEDTLS_CMAC
select MBEDTLS_PKCS5_C
select MBEDTLS_PK_WRITE_C
select MBEDTLS_ECDH_C
select MBEDTLS_ECDSA_C
select MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
select MBEDTLS_NIST_KW_C
select MBEDTLS_DHM_C
select MBEDTLS_HKDF_C
select MBEDTLS_SERVER_NAME_INDICATION
select MBEDTLS_X509_CRL_PARSE_C
config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
bool "No Crypto support for WiFi"
endchoice
config WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
bool "Crypto Platform Secure Architecture support for WiFi"
default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT
help
Support Mbedtls 3.x to use PSA apis instead of legacy apis.
config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
bool "Enterprise Crypto support for WiFi"
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
config WIFI_NM_WPA_SUPPLICANT_WPA3
bool "WPA3 support"
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
default y
config WIFI_NM_WPA_SUPPLICANT_AP
bool "AP mode support"
config WIFI_NM_WPA_SUPPLICANT_WPS
bool "WPS support"
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
config WIFI_NM_WPA_SUPPLICANT_P2P
bool "P2P mode support"
select WIFI_NM_WPA_SUPPLICANT_AP
select WIFI_NM_WPA_SUPPLICANT_WPS
config WIFI_NM_WPA_SUPPLICANT_EAPOL
bool "EAPoL supplicant"
config WIFI_NM_WPA_SUPPLICANT_CLI
bool "CLI support for wpa_supplicant"
default n
config WIFI_NM_WPA_SUPPLICANT_BSS_MAX_IDLE_TIME
int "BSS max idle timeout in seconds"
range 0 64000
default 300
help
BSS max idle timeout is the period for which AP may keep a client
in associated state while there is no traffic from that particular
client. Set 0 to disable inclusion of BSS max idle time tag in
association request. If a non-zero value is set, STA can suggest a
timeout by including BSS max idle period in the association request.
AP may choose to consider or ignore the STA's preferred value.
Ref: Sec 11.21.13 of IEEE Std 802.11™-2020
config WIFI_NM_WPA_SUPPLICANT_NO_DEBUG
bool "Disable printing of debug messages, saves code size significantly"
config WIFI_NM_WPA_SUPPLICANT_DPP
bool "WFA Easy Connect DPP"
select DPP
select DPP2
select DPP3
select GAS
select GAS_SERVER
select OFFCHANNEL
select MBEDTLS_X509_CSR_WRITE_C
select MBEDTLS_X509_CSR_PARSE_C
# Create hidden config options that are used in hostap. This way we do not need
# to mark them as allowed for CI checks, and also someone else cannot use the
# same name options.
config SME
bool
default y
config NO_CONFIG_WRITE
bool
default y
config NO_CONFIG_BLOBS
bool
default y if !WIFI_NM_WPA_SUPPLICANT_DPP && !WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
config CTRL_IFACE
bool
default y
config CTRL_IFACE_ZEPHYR
bool
default y
config NO_RANDOM_POOL
bool
default y
config WNM
bool
config NO_WPA
bool
default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
config NO_PBKDF2
bool
default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
config SAE_PK
bool
config FST
bool
config TESTING_OPTIONS
bool
config AP
bool
depends on WIFI_NM_WPA_SUPPLICANT_AP
default y if WIFI_NM_WPA_SUPPLICANT_AP
config NO_RADIUS
bool
config NO_VLAN
bool
config NO_ACCOUNTING
bool
config NEED_AP_MLME
bool
config IEEE80211AX
bool
config EAP_SERVER
bool
config EAP_SERVER_IDENTITY
bool
config P2P
bool
config GAS
bool
config GAS_SERVER
bool
config OFFCHANNEL
bool
config WPS
bool
config WSC
bool
config EAP_TLS
bool
config IEEE8021X_EAPOL
bool
config EAP_PEAP
bool
config EAP_TTLS
bool
config EAP_MD5
bool
config EAP_MSCHAPv2
bool
config EAP_LEAP
bool
config EAP_PSK
bool
config EAP_FAST
bool
config EAP_PAX
bool
config EAP_SAKE
bool
config EAP_GPSK
bool
config EAP_PWD
bool
config EAP_EKE
bool
config EAP_IKEv2
bool
config IEEE8021X_EAPOL
bool
config CRYPTO_INTERNAL
bool
config ECC
bool
config MBO
bool
config NO_STDOUT_DEBUG
bool
config SAE
bool
config SHA256
bool
config SUITEB192
bool
config WEP
bool
default y if WIFI_NM_WPA_SUPPLICANT_WEP
config WPA_CLI
bool
config WPA_CRYPTO
bool
config WPA_SUPP_CRYPTO
bool
config ROBUST_AV
bool
default y
depends on WIFI_NM_WPA_SUPPLICANT_ROBUST_AV
config RRM
bool
default y
depends on WIFI_NM_WPA_SUPPLICANT_RRM
config WMM_AC
bool
config DPP
bool
config DPP2
bool
config DPP3
bool
config NW_SEL_RELIABILITY
bool
default y
depends on WIFI_NM_WPA_SUPPLICANT_NW_SEL_RELIABILITY
choice WIFI_NM_WPA_SUPPLICANT_NW_SEL
prompt "WPA supplicant Network selection criterion"
default WIFI_NM_WPA_SUPPLICANT_NW_SEL_THROUGHPUT
help
Select the network selection method for the supplicant.
config WIFI_NM_WPA_SUPPLICANT_NW_SEL_THROUGHPUT
bool "Throughput based network selection"
help
Select the network based on throughput.
config WIFI_NM_WPA_SUPPLICANT_NW_SEL_RELIABILITY
bool "Reliability based network selection"
help
Select the network based on reliability.
endchoice
endif # WIFI_NM_WPA_SUPPLICANT