Update certificates for RSA-3072 support with NRF security #3045
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Why do we still need this |
Nordic specific directory in upstream certs then? RSA-3k certs work fine, but we may have to enable additional configs for RSA-2k certs from upstream. |
I would put a algo specific directory e.g.,
We don't want to rely on |
Let me check this. |
This reverts commit 0d44bac. Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
|
The following west manifest projects have changed revision in this Pull Request:
✅ All manifest checks OK Note: This message is automatically posted and updated by the Manifest GitHub Action. |
With NRF security, higher heap requirement is seen for operating with RSA-3072 based certificates. Add a NRF SoC specific conf in snippets to handle this. Upstream PR #: 93096 Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Add AES-only cipher certificates. Useful for systems which have only AES support and DES is not enabled. Upstream PR #: 93096 Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
This reverts commit 366f234. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add const qualifiers to the driver ops to save on RAM usage. Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org> (cherry picked from commit 8d6316c)
Swap the order, IOVDD should be powered first and then BUCKEN. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 9cd933e)
Before powering off remove co-ex GPIOs. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 2b0876c)
By default QSPI is uninitialized after every transaction, so, deinit is a no-op, but if QSPI_LOW_POWER is disabled, then we need to uninitialize the QSPI in the deinit. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 4eb7b9f)
Release the SPI during the deinit to put respective GPIOs in low-power state or disconnected. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 945ddf0)
Provide option to revert to K_HEAP instead of using dedicated heaps in Wi-Fi driver. Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no> (cherry picked from commit 11a3969)
When QSPI LPM is enabled, QSPI will already be uninitialized, and during deinit if uninitialized is being called again then it leads to a hang as it waits for mem busy check to pass which it won't. Fix by checking if the device is initialized before calling uninitialize. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 1fb2c56e86f2518b67ed56bae1736396afd791c6)
Using ms and converting to us is a bad idea as we still get ms granualrity in us units. Use the proper API to get us granularity. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 54573e2a678e607a1367438637bddc0d0ced66ee)
Defaults cannot be overidden (even with configdefault extension), they only work if the original symbol is defined after the override e.g., "drivers and then subsys/net" but for kernel symbols,the default value overrides don't work due "kernel and drivers" order, the kernel defines the original symbol with the default and then it cannot be overridden. Move the kernel symbol override to the original definition to make it affect. Else any sample that uses nRF70 but doesn't enable WPA supplicant ends up with 1024 and crashes. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 4bd1d39c67dfb4860fbd4f9ccc17e084aa32d763)
In case FMAC API fails, increment the TX drop counter, helpful in debug. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit e728f804165e9f8ceb578af2b632aabe530828d7)
…ull check Deleted a redundant check for 'rpu_ctx_zep' pointer after it was already dereferenced. Clarifies code logic in nrf_wifi_get_power_save_config function. Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com> (cherry picked from commit bac20e419eabf36625c073a366008f1384fcc272)
The new raw TX handling relies on these APIs, so, implement them for Zephyr shim. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit b8d31f10d9e7052bbcdad7f68522340d8af17399)
…de from monitor" This reverts commit 926fafb. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Fixes memory leak seen during continuous raw TX transmission. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit d5c7cb171b21049758f2907ec4b5a85ac73b43eb)
sync for coverity fix in hostap Signed-off-by: Qingling Wu <qingling.wu@nxp.com> (cherry picked from commit f089959)
Make sure to use k_fifo for IPC in hostap to save memory. Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no> (cherry picked from commit 03ad3a32a27da098fc697376e2932c36b85c3509)
Fix a warning seen during interface down. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit a869c3e3a31afa893a8c88f8761f8f206769ee27)
…port" This reverts commit e2f9c7b. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add a snippet for Wi-Fi credentials support. Update the heap sizes as required for enterprise mode. Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no> (cherry picked from commit 4c14c618f69e8ae0d5ee95a6abbc8a1d5f89afac)
Earlier we had socketpair to pass wifi event information from wpa_supplicant side to zephyr adaption layer. This is now replaced by k_fifo to save some RAM. Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no> (cherry picked from commit 96818f45a91472cb0eabd5cfe42b5b256860f6a5)
In case anyone enabled EAP_*_ALL explicitly without enabling the Enterprise then it leads to a build error. Fix by adding the dependency. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 014dee722bcd63391e4a6b95a5f82bf8bc8fa580)
If the disconnect event is raised before the network has been connected, report the connection result as `WIFI_STATUS_CONN_FAIL`, instead of as `WIFI_REASON_DISCONN_SUCCESS`, which is interpretted as `WIFI_STATUS_CONN_SUCCESS`. Signed-off-by: Jordan Yates <jordan@embeint.com> (cherry picked from commit 9245f58b4ccf32b261341fdfc09e993b7eba74f0)
Set enterprise crypto insecure because certifcate validation is disabled. Signed-off-by: Flavio Ceolin <flavio@hubblenetwork.com> (cherry picked from commit 979fcc0b6e57f0a41ee84ea89045744825c977b1)
Ensure 'params' is not NULL before accessing its fields. Prevents possible null pointer dereference when calling strlen(params->ssid). Delay access to ssid->ssid and ssid->ssid_len until after null check. Prevents potential crash if wpa_s->current_ssid is NULL. Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com> (cherry picked from commit b6a5202e55cf0f010d523f31f642dc5ebf66eeea)
Move usage of ap_ctx pointers after null checks to prevent potential crashes. Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com> (cherry picked from commit cd855104f24d06707373b70cd6fa73e645d8e4ce)
Move usage of ap_ctx pointers after null checks to prevent potential crashes. Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com> (cherry picked from commit 8a565c0a2b8c12b1ea0298367a0ff525c1ae20b8)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.