zephyr/modules/hostap/Kconfig

575 lines
12 KiB
Plaintext

# WPA Supplicant configuration options
#
# Copyright (c) 2023 Nordic Semiconductor
#
# SPDX-License-Identifier: Apache-2.0
#
config WIFI_NM_WPA_SUPPLICANT
bool "WPA Suplicant from hostap project [EXPERIMENTAL]"
select POSIX_TIMERS
select POSIX_SIGNALS
select POSIX_API
select FILE_SYSTEM
select NET_SOCKETS
select NET_SOCKETS_PACKET
select NET_SOCKETPAIR
select NET_L2_WIFI_MGMT
select WIFI_NM
select EXPERIMENTAL
select COMMON_LIBC_MALLOC
help
WPA supplicant as a network management backend for WIFI_NM.
if WIFI_NM_WPA_SUPPLICANT
config HEAP_MEM_POOL_ADD_SIZE_HOSTAP
def_int 85000 if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE && !MBEDTLS_ENABLE_HEAP
def_int 40000 if WIFI_NM_WPA_SUPPLICANT_AP
# 8192 for MbedTLS heap
def_int 21808 if MBEDTLS_ENABLE_HEAP
# 30K is mandatory, but might need more for long duration use cases
def_int 30000
config WIFI_NM_WPA_SUPPLICANT_THREAD_STACK_SIZE
int "Stack size for wpa_supplicant thread"
default 8192
config WIFI_NM_WPA_SUPPLICANT_WQ_STACK_SIZE
int "Stack size for wpa_supplicant iface workqueue"
default 6144
config WIFI_NM_WPA_SUPPLICANT_WQ_PRIO
int "Thread priority of wpa_supplicant iface workqueue"
default 7
config WIFI_NM_WPA_SUPPLICANT_PRIO
int "Thread priority of wpa_supplicant"
default 0
# Currently we default ZVFS_OPEN_MAX to 16 in lib/posix/Kconfig
# l2_packet - 1
# ctrl_iface - 2 * socketpairs = 4(local and global)
# z_wpa_event_sock - 1 socketpair = 2
# Remaining left for the applications running in default configuration
# Supplicant API is stack heavy (buffers + snprintfs) and control interface
# uses socketpair which pushes the stack usage causing overflow for 2048 bytes.
# So we set SYSTEM_WORKQUEUE_STACK_SIZE default to 2560 in kernel/Kconfig
module = WIFI_NM_WPA_SUPPLICANT
module-str = WPA supplicant
source "subsys/logging/Kconfig.template.log_config"
config WIFI_NM_WPA_SUPPLICANT_DEBUG_LEVEL
int "Min compiled-in debug message level for WPA supplicant"
default 0 if WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_DBG # MSG_EXCESSIVE
default 3 if WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_INF # MSG_INFO
default 4 if WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_WRN # MSG_WARNING
default 5 if WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL_ERR # MSG_ERROR
default 6
help
Minimum priority level of a debug message emitted by WPA supplicant that
is compiled-in the firmware. See wpa_debug.h file of the supplicant for
available levels and functions for emitting the messages. Note that
runtime filtering can also be configured in addition to the compile-time
filtering.
# Memory optimizations
config WIFI_NM_WPA_SUPPLICANT_ADVANCED_FEATURES
bool "Advanced features"
default y
if WIFI_NM_WPA_SUPPLICANT_ADVANCED_FEATURES
config WIFI_NM_WPA_SUPPLICANT_ROBUST_AV
bool "Robust Audio Video streaming support"
default y
# Hidden as these are mandatory for WFA certification
config WIFI_NM_WPA_SUPPLICANT_WMM_AC
bool
default y
config WIFI_NM_WPA_SUPPLICANT_MBO
bool
default y
config WIFI_NM_WPA_SUPPLICANT_WNM
bool "Wireless Network Management support"
default y
config WIFI_NM_WPA_SUPPLICANT_RRM
bool "Radio Resource Management support"
default y
endif
config WIFI_NM_WPA_SUPPLICANT_WEP
bool "WEP (Legacy crypto) support"
choice WIFI_NM_WPA_SUPPLICANT_CRYPTO_BACKEND
prompt "WPA supplicant crypto implementation"
default WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT
help
Select the crypto implementation to use for WPA supplicant.
WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT supports enterprise mode
and DPP.
config WIFI_NM_WPA_SUPPLICANT_CRYPTO
bool "Crypto support for WiFi"
select MBEDTLS
select MBEDTLS_SHA1
select MBEDTLS_CIPHER
select MBEDTLS_CIPHER_MODE_CTR_ENABLED
select MBEDTLS_CIPHER_MODE_CBC_ENABLED
select MBEDTLS_CIPHER_AES_ENABLED
select MBEDTLS_ECP_C
select MBEDTLS_ECP_ALL_ENABLED
select MBEDTLS_CMAC
select MBEDTLS_PKCS5_C
select MBEDTLS_PK_WRITE_C
select MBEDTLS_ECDH_C
select MBEDTLS_ECDSA_C
select MBEDTLS_ECJPAKE_C
select MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
select MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED
config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT
bool "Crypto Mbedtls alt support for WiFi"
select MBEDTLS
select MBEDTLS_CIPHER_MODE_CTR_ENABLED
select MBEDTLS_CIPHER_MODE_CBC_ENABLED
select MBEDTLS_CIPHER_AES_ENABLED
select MBEDTLS_CIPHER_DES_ENABLED
select MBEDTLS_MD5
select MBEDTLS_SHA1
select MBEDTLS_ENTROPY_C
select MBEDTLS_CIPHER
select MBEDTLS_ECP_C
select MBEDTLS_ECP_ALL_ENABLED
select MBEDTLS_CMAC
select MBEDTLS_PKCS5_C
select MBEDTLS_PK_WRITE_C
select MBEDTLS_ECDH_C
select MBEDTLS_ECDSA_C
select MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
select MBEDTLS_NIST_KW_C
select MBEDTLS_DHM_C
select MBEDTLS_HKDF_C
select MBEDTLS_SERVER_NAME_INDICATION
select MBEDTLS_X509_CRL_PARSE_C
select MBEDTLS_TLS_VERSION_1_2
config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
bool "No Crypto support for WiFi"
endchoice
config WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
bool "Crypto Platform Secure Architecture support for WiFi"
help
Support Mbedtls 3.x to use PSA apis instead of legacy apis.
config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
bool "Enterprise Crypto support for WiFi"
select MBEDTLS_PEM_CERTIFICATE_FORMAT
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
config EAP_TLS
bool "EAP-TLS support"
config EAP_TTLS
bool "EAP-TTLS support"
config EAP_PEAP
bool "EAP-PEAP support"
config EAP_MD5
bool "EAP-MD5 support"
config EAP_GTC
bool "EAP-GTC support"
config EAP_MSCHAPV2
bool "EAP-MSCHAPv2 support"
config EAP_LEAP
bool "EAP-LEAP support"
config EAP_PSK
bool "EAP-PSK support"
config EAP_PAX
bool "EAP-PAX support"
config EAP_SAKE
bool "EAP-SAKE support"
config EAP_GPSK
bool "EAP-GPSK support"
config EAP_PWD
bool "EAP-PWD support"
config EAP_EKE
bool "EAP-EKE support"
config EAP_IKEV2
bool "EAP-IKEv2 support"
config EAP_SIM
bool "EAP-SIM support"
config EAP_AKA
bool "EAP-AKA support"
config EAP_ALL
bool "All EAP methods support"
select EAP_TLS
default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
config WIFI_NM_WPA_SUPPLICANT_WPA3
bool "WPA3 support"
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
default y
config WIFI_NM_WPA_SUPPLICANT_AP
bool "SoftAP mode support based on WPA supplicant"
config WIFI_NM_WPA_SUPPLICANT_WPS
bool "WPS support"
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
config WIFI_NM_WPA_SUPPLICANT_P2P
bool "P2P mode support"
select WIFI_NM_WPA_SUPPLICANT_AP
select WIFI_NM_WPA_SUPPLICANT_WPS
select WIFI_NM_WPA_SUPPLICANT_EAPOL
config WIFI_NM_WPA_SUPPLICANT_EAPOL
bool "EAPoL supplicant"
default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
config WIFI_NM_WPA_SUPPLICANT_CLI
bool "CLI support for wpa_supplicant"
default n
config WIFI_NM_WPA_SUPPLICANT_INF_MON
bool "Monitor the net mgmt event to add/del interface"
default y
config WIFI_NM_HOSTAPD_AP
bool "FullAP mode support based on Hostapd"
depends on !WIFI_NM_WPA_SUPPLICANT_INF_MON
config WIFI_NM_WPA_SUPPLICANT_BSS_MAX_IDLE_TIME
int "BSS max idle timeout in seconds"
range 0 64000
default 300
help
BSS max idle timeout is the period for which AP may keep a client
in associated state while there is no traffic from that particular
client. Set 0 to disable inclusion of BSS max idle time tag in
association request. If a non-zero value is set, STA can suggest a
timeout by including BSS max idle period in the association request.
AP may choose to consider or ignore the STA's preferred value.
Ref: Sec 11.21.13 of IEEE Std 802.11™-2020
config WIFI_NM_WPA_SUPPLICANT_NO_DEBUG
bool "Disable printing of debug messages, saves code size significantly"
config WIFI_NM_WPA_SUPPLICANT_DPP
bool "WFA Easy Connect DPP"
select DPP
select DPP2
select DPP3
select GAS
select GAS_SERVER
select OFFCHANNEL
select MBEDTLS_X509_CSR_WRITE_C
select MBEDTLS_X509_CSR_PARSE_C
config WPA_CLI
bool "WPA CLI support"
help
Enable WPA CLI support for wpa_supplicant.
if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
config MBEDTLS_SSL_MAX_CONTENT_LEN
default 16384
endif
config WIFI_NM_WPA_SUPPLICANT_ROAMING
bool "Roaming support"
imply IEEE80211R
help
Enable roaming support with wpa_supplicant. When current BSS RSSI drops,
STA will try to find an AP with better RSSI. If found, STA will reassociate
to the new AP automatically without losing connection.
config WIFI_NM_WPA_SUPPLICANT_SKIP_DHCP_ON_ROAMING
bool "Skip DHCP after roaming to new AP"
help
For L2 roaming, the original AP and new AP are in the same subnet, client
can use same IP address and skip DHCP. Enable this to skip DHCP.
For L3 roaming, the original AP and new AP are in different subnet, client
needs to get new IP address after roaming to new AP. Disable this to keep
DHCP after roaming.
# Create hidden config options that are used in hostap. This way we do not need
# to mark them as allowed for CI checks, and also someone else cannot use the
# same name options.
config SME
bool
default y
config NO_CONFIG_WRITE
bool
default y
config NO_CONFIG_BLOBS
bool
default y if !WIFI_NM_WPA_SUPPLICANT_DPP && !WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
config CTRL_IFACE
bool
default y
config CTRL_IFACE_ZEPHYR
bool
default y
config NO_RANDOM_POOL
bool
default y
config WNM
bool
config NO_WPA
bool
default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
config NO_PBKDF2
bool
default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
config SAE_PK
bool
config FST
bool
config TESTING_OPTIONS
bool
config AP
bool
depends on WIFI_NM_WPA_SUPPLICANT_AP
default y if WIFI_NM_WPA_SUPPLICANT_AP
config NO_RADIUS
bool
config NO_VLAN
bool
config NO_ACCOUNTING
bool
config NEED_AP_MLME
bool
config IEEE80211AX
bool
config EAP_SERVER
bool
config EAP_SERVER_IDENTITY
bool
config P2P
bool
config GAS
bool
config GAS_SERVER
bool
config OFFCHANNEL
bool
config WPS
bool
config WSC
bool
config EAP_TLS
bool
config IEEE8021X_EAPOL
bool
config EAP_PEAP
bool
config EAP_TTLS
bool
config EAP_MD5
bool
config EAP_MSCHAPv2
bool
config EAP_LEAP
bool
config EAP_PSK
bool
config EAP_FAST
bool
config EAP_PAX
bool
config EAP_SAKE
bool
config EAP_GPSK
bool
config EAP_PWD
bool
config EAP_EKE
bool
config EAP_IKEv2
bool
config CRYPTO_INTERNAL
bool
config ECC
bool
config MBO
bool
config NO_STDOUT_DEBUG
bool
config SAE
bool
config SHA256
bool
config SHA384
bool
config SHA512
bool
config SUITEB192
bool
config SUITEB
bool
config WEP
bool
default y if WIFI_NM_WPA_SUPPLICANT_WEP
config WPA_CRYPTO
bool
config WPA_SUPP_CRYPTO
bool
config ROBUST_AV
bool
default y
depends on WIFI_NM_WPA_SUPPLICANT_ROBUST_AV
config RRM
bool
default y
depends on WIFI_NM_WPA_SUPPLICANT_RRM
config WMM_AC
bool
config DPP
bool
config DPP2
bool
config DPP3
bool
config ACS
bool
config IEEE80211AC
bool
config IEEE80211R
bool
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
config NW_SEL_RELIABILITY
bool
default y
depends on WIFI_NM_WPA_SUPPLICANT_NW_SEL_RELIABILITY
choice WIFI_NM_WPA_SUPPLICANT_NW_SEL
prompt "WPA supplicant Network selection criterion"
default WIFI_NM_WPA_SUPPLICANT_NW_SEL_THROUGHPUT
help
Select the network selection method for the supplicant.
config WIFI_NM_WPA_SUPPLICANT_NW_SEL_THROUGHPUT
bool "Throughput based network selection"
help
Select the network based on throughput.
config WIFI_NM_WPA_SUPPLICANT_NW_SEL_RELIABILITY
bool "Reliability based network selection"
help
Select the network based on reliability.
endchoice
config SAE_PWE_EARLY_EXIT
bool "Exit early if PWE if found"
help
In order to mitigate side channel attacks, even if the PWE is found the WPA
supplicant goes through full iterations, but in some low-resource systems
this can be intensive, so, add an option to exit early.
Note that this is highly insecure and shouldn't be used in production
config WIFI_NM_WPA_SUPPLICANT_CRYPTO_TEST
bool
depends on WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
config WIFI_NM_WPA_CTRL_RESP_TIMEOUT_S
int "WPA supplicant control interface response timeout in seconds"
default 15
help
Timeout for the control interface commands to get a response from the
supplicant.
endif # WIFI_NM_WPA_SUPPLICANT