Skip to content

Commit

Permalink
[nrf noup] modules: hostap: Add NCS PSA for hostap crypto ALT
Browse files Browse the repository at this point in the history 
This brings in PSA Kconfig and CMakelist.txt changes to NCS.
Currently, it contains known PSA configurations and source files
that are needed or will be needed in the future. WPA3 and
Enterprise is currently disabled with this setting.

Signed-off-by: Vivekananda Uppunda <[email protected]>
Signed-off-by: Chaitanya Tata <[email protected]>
  • Loading branch information
@krish2718
krish2718 committed Oct 21, 2024
1 parent 707253c commit 764fb58
Show file tree
Hide file tree
Showing 2 changed files with 77 additions and 2 deletions.
38 changes: 38 additions & 0 deletions modules/hostap/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -603,6 +603,44 @@ zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_TEST
)
endif()

if(DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA)
zephyr_include_directories(
${HOSTAP_BASE}/port/mbedtls
)

zephyr_library_sources(
${HOSTAP_SRC_BASE}/crypto/aes-wrap.c
${HOSTAP_SRC_BASE}/crypto/aes-unwrap.c
${HOSTAP_SRC_BASE}/crypto/aes-internal-dec.c
${HOSTAP_SRC_BASE}/crypto/aes-internal.c
${HOSTAP_SRC_BASE}/crypto/aes-internal-enc.c
${HOSTAP_SRC_BASE}/crypto/rc4.c
${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls_alt.c
${HOSTAP_SRC_BASE}/crypto/tls_mbedtls_alt.c
${HOSTAP_SRC_BASE}/crypto/sha256-kdf.c
${HOSTAP_BASE}/port/mbedtls/supp_psa_api.c
)
endif()

if(DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA)
zephyr_include_directories(
${HOSTAP_BASE}/port/mbedtls
)

zephyr_library_sources(
${HOSTAP_SRC_BASE}/crypto/aes-wrap.c
${HOSTAP_SRC_BASE}/crypto/aes-unwrap.c
${HOSTAP_SRC_BASE}/crypto/aes-internal-dec.c
${HOSTAP_SRC_BASE}/crypto/aes-internal.c
${HOSTAP_SRC_BASE}/crypto/aes-internal-enc.c
${HOSTAP_SRC_BASE}/crypto/rc4.c
${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls_alt.c
${HOSTAP_SRC_BASE}/crypto/tls_mbedtls_alt.c
${HOSTAP_SRC_BASE}/crypto/sha256-kdf.c
${HOSTAP_BASE}/port/mbedtls/supp_psa_api.c
)
endif()

zephyr_library_link_libraries_ifndef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
mbedTLS)

Expand Down
41 changes: 39 additions & 2 deletions modules/hostap/Kconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,20 +227,57 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS
select MBEDTLS_PK_WRITE_C
select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED

config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA
bool "PSA Crypto support for WiFi WPA2 using nRF security"
select MBEDTLS
select NRF_SECURITY
select PSA_WANT_GENERATE_RANDOM
select MBEDTLS_TLS_LIBRARY
select MBEDTLS_PK_C
select MBEDTLS_PK_WRITE_C
select MBEDTLS_X509_LIBRARY
select MBEDTLS_X509_CRT_PARSE_C
select MBEDTLS_SSL_TLS_C
select MBEDTLS_ENABLE_HEAP
select MBEDTLS_PSA_CRYPTO_C
select MBEDTLS_USE_PSA_CRYPTO
select PSA_WANT_ALG_HMAC
select PSA_WANT_ALG_CMAC
select PSA_WANT_ALG_ECB_NO_PADDING
select PSA_WANT_ALG_CBC_PKCS7
select PSA_ACCEL_CBC_MAC_AES_128
select PSA_ACCEL_CBC_MAC_AES_192
select PSA_ACCEL_CBC_MAC_AES_256
select PSA_WANT_ALG_CCM
select PSA_WANT_ALG_GCM
select PSA_WANT_ALG_CTR
select PSA_WANT_ALG_MD5
select PSA_ACCEL_MD5
select PSA_WANT_ALG_SHA_1
select PSA_WANT_ALG_SHA_256
select PSA_WANT_ALG_SHA_224
select PSA_WANT_ALG_SHA_384
select PSA_WANT_ALG_SHA_512
select PSA_WANT_ALG_PBKDF2_HMAC
select PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
select PSA_WANT_KEY_TYPE_AES
select PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY

config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
bool "No Crypto support for WiFi"

endchoice

config WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
bool "Crypto Platform Secure Architecture support for WiFi"
default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA
help
Support Mbedtls 3.x to use PSA apis instead of legacy apis.

config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
bool "Enterprise Crypto support for WiFi"
select MBEDTLS_PEM_CERTIFICATE_FORMAT
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE && !WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA

config EAP_TLS
bool "EAP-TLS support"
Expand Down Expand Up @@ -294,7 +331,7 @@ config EAP_ALL

config WIFI_NM_WPA_SUPPLICANT_WPA3
bool "WPA3 support"
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE && !WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA
default y

config WIFI_NM_WPA_SUPPLICANT_AP
Expand Down

0 comments on commit 764fb58

Please sign in to comment.