# Nordic WiFi driver for nRF52840 and nRF5340
#
# Copyright (c) 2022 Nordic Semiconductor
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#

menuconfig WPA_SUPP
	bool "WPA supplicant support"
	# Need full POSIX from libc, Zephyr's POSIX support is only partial
	select POSIX_CLOCK
	select POSIX_SIGNAL
	select POSIX_API
	select NET_SOCKETS
	select NET_SOCKETS_PACKET
	select NET_SOCKETPAIR
	select NET_L2_WIFI_MGMT
	select WIFI_NM
	select EXPERIMENTAL if !SOC_SERIES_NRF53X && !SOC_SERIES_NRF91X
	select COMMON_LIBC_MALLOC
	help
	  WPA supplicant implements 802.1X related functions.

if WPA_SUPP

config COMMON_LIBC_MALLOC_ARENA_SIZE
	default 40000 if WPA_SUPP_AP
	# 8192 for MbedTLS heap
	default 21808 if MBEDTLS_ENABLE_HEAP
	# 30K is mandatory, but might need more for long duration use cases
	default 30000

# Hidden as these are mandatory for WFA certification
config WPA_SUPP_WMM_AC
	bool
	default y

config WPA_SUPP_MBO
	bool
	default y

# Memory optimizations
config WPA_SUPP_ADVANCED_FEATURES
	bool "Enable advanced features"
	default y

if WPA_SUPP_ADVANCED_FEATURES

config WPA_SUPP_ROBUST_AV
	bool "Robust Audio Video streaming support"
	default y

config WPA_SUPP_WNM
	bool "Wireless Network Management support"
	default y

config WPA_SUPP_RRM
	bool "Radio Resource Management support"
	default y
endif

config WPA_SUPP_MGD_IFACES_PREFIXES
	string "WPA supplicant managed interfaces prefixes"
	default "wlan,esp,nordic_wlan"

config WPA_SUPP_THREAD_STACK_SIZE
	int "Stack size for wpa_supplicant thread"
	default 5200

config WPA_SUPP_WQ_STACK_SIZE
	int "Stack size for wpa_supplicant workqueue"
	default 4400

config WPA_SUPP_WQ_PRIORITY
	int "Priority for wpa_supplicant workqueue"
	default 7

config WPA_SUPP_CRYPTO_WEP
	bool "WEP (Legacy crypto) support"

choice WPA_SUPP_CRYPTO_BACKEND
	prompt "WPA supplicant crypto implementation"
	default WPA_SUPP_CRYPTO_PSA if BUILD_WITH_TFM
	default WPA_SUPP_CRYPTO_LEGACY if !BUILD_WITH_TFM
	help
	  Select the crypto implementation to use for WPA supplicant.

# To easily manage the crypto dependencies we separate the crypto
# implementations into two Kconfig options. One for the legacy crypto
# and one for the PSA crypto.
config WPA_SUPP_CRYPTO_PSA
	bool "PSA Crypto support for WiFi"
	select MBEDTLS
	select NRF_SECURITY
	select PSA_WANT_GENERATE_RANDOM
	# Legacy crypto, still needed
	select MBEDTLS_SHA1_C
	select MBEDTLS_LEGACY_CRYPTO_C
	select MBEDTLS_CMAC_C
	select MBEDTLS_GCM_C
	select MBEDTLS_TLS_LIBRARY
	select MBEDTLS_PK_C
	select MBEDTLS_PK_WRITE_C
	select MBEDTLS_X509_LIBRARY
	select MBEDTLS_X509_CRT_PARSE_C
	select MBEDTLS_CIPHER_C
	select MBEDTLS_CIPHER_MODE_CTR
	select MBEDTLS_CIPHER_MODE_CBC
	select MBEDTLS_SSL_TLS_C
	select MBEDTLS_ECP_C
	select MBEDTLS_CTR_DRBG_C
	select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED
	select MBEDTLS_MD_C
	select MBEDTLS_CIPHER_PADDING_PKCS7
	select MBEDTLS_PKCS5_C

config WPA_SUPP_CRYPTO_LEGACY
	bool "Legacy Crypto support for WiFi using nRF security"
	select MBEDTLS
	select NRF_SECURITY
	select MBEDTLS_CIPHER_MODE_CBC
	select MBEDTLS_CIPHER_MODE_CTR
	select MBEDTLS_LEGACY_CRYPTO_C
	select MBEDTLS_SHA1_C
	select MBEDTLS_ECP_C
	select MBEDTLS_CTR_DRBG_C
	select MBEDTLS_PK_C
	select MBEDTLS_PKCS5_C
	select MBEDTLS_CIPHER_PADDING_PKCS7
	select MBEDTLS_PK_WRITE_C
	select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED

config WPA_SUPP_CRYPTO_LEGACY_MBEDTLS
	bool "Legacy Crypto support for WiFi using vanilla MbedTLS"
	select MBEDTLS
	select MBEDTLS_CIPHER_MODE_CTR_ENABLED
	select MBEDTLS_CIPHER_MODE_CBC_ENABLED
	select MBEDTLS_ECP_C
	select MBEDTLS_ECP_ALL_ENABLED
	select MBEDTLS_MAC_CMAC_ENABLED
	select MBEDTLS_PKCS5_C
	select MBEDTLS_PK_WRITE_C
	select MBEDTLS_ECDH_C
	select MBEDTLS_ECDSA_C
	select MBEDTLS_ECJPAKE_C
	select MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
	select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
	select MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
	select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED

config WPA_SUPP_CRYPTO_NONE
	bool "No Crypto support for WiFi"

endchoice

# To fix MAC_MD5 Kconfig warning
config NET_TCP_ISN_RFC6528
	default n if !WPA_SUPP_CRYPTO_NONE

config WPA_SUPP_CRYPTO_ENTERPRISE
	bool "Enterprise Crypto support for WiFi"
	depends on !WPA_SUPP_CRYPTO_NONE

config WPA_SUPP_WPA3
	bool "WPA3 support"
	depends on !WPA_SUPP_CRYPTO_NONE
	default y

config WPA_SUPP_AP
	bool "AP mode support"

config WPA_SUPP_WPS
	bool "WPS support"
	depends on !WPA_SUPP_CRYPTO_NONE

config WPA_SUPP_P2P
	bool "P2P mode support"
	select WPA_SUPP_AP
	select WPA_SUPP_WPS

config WPA_SUPP_EAPOL
	bool "Enable EAPoL supplicant"

config WPA_CLI
	bool "CLI support for wpa_supplicant"
	default n

config NET_SOCKETPAIR_BUFFER_SIZE
	default 4096

config POSIX_MAX_FDS
	# l2_packet - 1
	# ctrl_iface - 2 * socketpairs = 4(local and global)
	# z_wpa_event_sock - 1 socketpair = 2
	# Remaining left for the applications running in default configuration
	default 16 if !POSIX_API

config BSS_MAX_IDLE_TIME
	int "BSS max idle timeout in seconds"
	range 0 64000
	default 300
	help
	  BSS max idle timeout is the period for which AP may keep a client
	  in associated state while there is no traffic from that particular
	  client. Set 0 to disable inclusion of BSS max idle time tag in
	  association request. If a non-zero value is set, STA can suggest a
	  timeout by including BSS max idle period in the association request.
	  AP may choose to consider or ignore the STA's preferred value.
	  Ref: Sec 11.21.13 of IEEE Std 802.11™-2020

# Control interface is stack heavy (buffers + snprintfs)
# Making calls to RPU from net_mgmt callbacks (status - RSSI)
config NET_MGMT_EVENT_STACK_SIZE
	default 4400

config NET_SOCKETS_POLL_MAX
	default 6

module = WPA_SUPP
module-str = WPA supplicant
source "subsys/logging/Kconfig.template.log_config"

config WPA_SUPP_DEBUG_LEVEL
	int "Min compiled-in debug message level for WPA supplicant"
	default 0 if WPA_SUPP_LOG_LEVEL_DBG # MSG_EXCESSIVE
	default 3 if WPA_SUPP_LOG_LEVEL_INF # MSG_INFO
	default 4 if WPA_SUPP_LOG_LEVEL_WRN # MSG_WARNING
	default 5 if WPA_SUPP_LOG_LEVEL_ERR # MSG_ERROR
	default 6
	help
	  Minimum priority level of a debug message emitted by WPA supplicant that
	  is compiled-in the firmware. See wpa_debug.h file of the supplicant for
	  available levels and functions for emitting the messages. Note that
	  runtime filtering can also be configured in addition to the compile-time
	  filtering.

# Debug logs need more buffer space
config LOG_BUFFER_SIZE
	default 4096 if WPA_SUPP_LOG_LEVEL_DBG
	default 2048

# Without this logs are logs independent of buffer size
if WPA_SUPP_LOG_LEVEL_DBG
	choice LOG_MODE
		default LOG_MODE_IMMEDIATE
	endchoice
endif

config WPA_SUPP_NO_DEBUG
	bool "Disable printing of debug messages, saves code size significantly"

choice WPA_SUPP_NW_SEL
	prompt "WPA supplicant Network selection criterion"
	default WPA_SUPP_NW_SEL_THROUGHPUT
	help
		Select the network selection method for the supplicant.

config WPA_SUPP_NW_SEL_THROUGHPUT
	bool "Throughput based network selection"
	help
	  Select the network based on throughput.

config WPA_SUPP_NW_SEL_RELIABILITY
	bool "Reliability based network selection"
	help
	  Select the network based on reliability.
endchoice

endif # WPA_SUPP
