Skip to content

wifi: enterprise: Add support for runtime certificates #87656

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Apr 17, 2025
Merged

wifi: enterprise: Add support for runtime certificates #87656

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ee06ff1
net: l2: wifi: Add support for run-time certificates
krish2718 Mar 26, 2025
4c17ef5
net: lib: tls_credentials_shell: Add a config for heap
krish2718 Mar 25, 2025
c957c02
wifi: Move Wi-Fi enterprise configs to a snippet
krish2718 Mar 25, 2025
05b0280
snippets: wifi-enterprise: Add support for TLS credentials
krish2718 Mar 25, 2025
f3f3d80
net: lib: tls_credentials_shell: Fix crash during delete
krish2718 Mar 26, 2025
887a4a7
net: l2: wifi: Make build time certs as optional
krish2718 Mar 27, 2025
ddbb77d
samples: net: wifi: Add two variants of certs
krish2718 Mar 27, 2025
2651d66
doc: net: wifi: Fix the connect command
krish2718 Mar 27, 2025
9d1e159
tests: net: wifi: Add a test for Enterprise with run-time certs
krish2718 Apr 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 32 additions & 14 deletions doc/connectivity/networking/api/wifi.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,37 +30,55 @@ Wi-Fi PSA crypto supported build

To enable PSA crypto API supported Wi-Fi build, the :kconfig:option:`CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT` and the :kconfig:option:`CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA` need to be set.

Wi-Fi Enterprise test: X.509 Certificate header generation
**********************************************************
Wi-Fi Enterprise test: X.509 Certificate management
***************************************************

Wi-Fi enterprise security requires use of X.509 certificates, test certificates
in PEM format are committed to the repo at :zephyr_file:`samples/net/wifi/test_certs` and the during the
Wi-Fi enterprise security requires use of X.509 certificates, two methods of installing certificates are supported:

Compile time certificates
-------------------------

Test certificates in PEM format are committed to the repo at :zephyr_file:`samples/net/wifi/test_certs` and the during the
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

really not a fan of the proliferation of binary certificates in-tree. Can't we just have instructions on what steps people sjhould take to generate them? It seems to me as this would be much more useful, too.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, but for a quick testing it's useful to have a golden certs that just work. Else any mistakes in cert generation are tough to debug.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We definitely need a tested set of ready made certificates in the samples, otherwise it is difficult to verify things automated way. We certainly can/should have also instructions how the user can generate them too.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We certainly can/should have also instructions how the user can generate them too.

I have already added a link to the script that I had used to generate these certs in the wifi docs: (https://docs.zephyrproject.org/latest/connectivity/networking/api/wifi.html#wi-fi-enterprise-test-x-509-certificate-header-generation)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, but for a quick testing it's useful to have a golden certs that just work. Else any mistakes in cert generation are tough to debug.

Sorry but I still don't get why it's not possible to generate the certificates on the fly? Should be a few dozen lines of code using Python's cryptography package, I think? And this would have the merit to actually provide more guidance to the end user.

Also, where are these certificates coming from and are we even allowed to redistribute them (I wouldn't be surprised if they are part of some kind of Wi-Fi Alliance certification suite and not meant to be accessed by non-members ...)?

$ openssl x509 -in client.pem -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            97:d4:07:ec:a6:05:15:13
        Signature Algorithm: sha384WithRSAEncryption
        Issuer: C=US, L=Santa Clara, O=Wi-Fi Alliance, CN=Suite B RSA 3k Root CA
...

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do they appear to be issued by Wi-Fi Alliance then?

Sorry, I am missing something. Where is Wi-Fi alliance coming from? The issuer is Example certificate authority, no?

Not for the rsa3k certs, no, and I have concerns these can't be redistributed outside of Wi-Fi Alliance certification program. This does need to be clarified.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah thanks, I understand the confusion now, I was looking the ones that I have added in this PR. The WFA ones are existing ones already in main I have just moved them to rsa3k directory, they are submitted by NXP. + @MaochenWang1 @fengming-ye can you please respond to Ben's question about redistributing those certs in Zephyr?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kartben the Wi-Fi alliance certs are already in main and this PR is just moving them around. I suggest that we deal the cert distribution issue and possible removal from zephyr main in a separate PR.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jukka could you please create a tracking issue for this redistribution license problem, so we ensure that this is resolved ASAP?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

create a tracking issue for this redistribution license problem, so we ensure that this is resolved ASAP?

Sure, it is here #88771

build process the certificates are converted to a C header file that is included by the Wi-Fi shell
module.

If you want to use your own certificates, you can replace the existing certificates with your own certificates in the same directory.

.. code-block:: bash

$ export WIFI_TEST_CERTS_DIR=samples/net/wifi/test_certs/rsa3k
$ cp client.pem $WIFI_TEST_CERTS_DIR
$ cp client-key.pem $WIFI_TEST_CERTS_DIR
$ cp ca.pem $WIFI_TEST_CERTS_DIR
$ cp client2.pem $WIFI_TEST_CERTS_DIR
$ cp client-key2.pem $WIFI_TEST_CERTS_DIR
$ cp ca2.pem $WIFI_TEST_CERTS_DIR
$ west build -p -b <board> samples/net/wifi -S wifi-enterprise

or alternatively copy ``rsa2k`` certificates by changing the ``WIFI_TEST_CERTS_DIR`` environment variable.

.. code-block:: bash

$ cp client.pem samples/net/wifi/test_certs/
$ cp client-key.pem samples/net/wifi/test_certs/
$ cp ca.pem samples/net/wifi/test_certs/
$ cp client2.pem samples/net/wifi/test_certs/
$ cp client-key2.pem samples/net/wifi/test_certs/
$ cp ca2.pem samples/net/wifi/test_certs/
$ west build -p -b <board> samples/net/wifi -- -DEXTRA_CONF_FILE=overlay-enterprise.conf
$ export WIFI_TEST_CERTS_DIR=samples/net/wifi/test_certs/rsa2k

For using variable size network buffer, the following overlay file can be used:
or you can set the :envvar:`WIFI_TEST_CERTS_DIR` environment variable to point to the directory containing your certificates.

.. code-block:: bash

$ west build -p -b <board> samples/net/wifi -- -DEXTRA_CONF_FILE=overlay-enterprise-variable-bufs.conf
$ west build -p -b <board> samples/net/wifi -S wifi-enterprise -- -DWIFI_TEST_CERTS_DIR=<path_to_your_certificates>

Run time certificates
---------------------

The Wi-Fi shell module uses TLS credentials subsystem to store and manage the certificates. The certificates can be added at runtime using the shell commands, see :ref:`tls_credentials_shell` for more details.
The sample or application need to enable the :kconfig:option:`CONFIG_WIFI_SHELL_RUNTIME_CERTIFICATES` option to use this feature.


To initiate Wi-Fi connection, the following command can be used:

.. code-block:: console

uart:~$ wifi connect -s <SSID> -c 149 -k 17 -w 2 -a client1 --key1-pwd whatever --key2-pwd whatever --eap-id1 id1 --eap-pwd1 pwd1
uart:~$ wifi connect -s <SSID> -c 149 -k 7 -w 2 -a client1 --key1-pwd whatever --key2-pwd whatever

Server certificate is also provided in the same directory for testing purposes.
Any AAA server can be used for testing purposes, for example, ``FreeRADIUS`` or ``hostapd``.
Expand Down
10 changes: 0 additions & 10 deletions samples/net/wifi/shell/overlay-enterprise.conf
View file
Open in desktop

This file was deleted.

29 changes: 29 additions & 0 deletions samples/net/wifi/test_certs/rsa2k/ca.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE+TCCA+GgAwIBAgIUH614zvmCngpSc26BLLFu2loqvfgwDQYJKoZIhvcNAQEL
BQAwgZIxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNv
bWV3aGVyZTEUMBIGA1UECgwLRXhhbXBsZSBJbmMxIDAeBgkqhkiG9w0BCQEWEWFk
bWluQGV4YW1wbGUub3JnMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1
dGhvcml0eTAgFw0yNTAzMjcxMjUwNDhaGA8yMDUyMDgxMTEyNTA0OFowgZIxCzAJ
BgNVBAYTAkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNvbWV3aGVyZTEU
MBIGA1UECgwLRXhhbXBsZSBJbmMxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1w
bGUub3JnMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALljCArLJs7rdS4pJDrpbSd3
pNCo1skN3h9FSdboWnz5uvy4dUfOQcPzd1i/Kav7R+eURTIlIe24slDobYW7dS+u
U+mlw8yzd6Xs9L8BvHrE/JvHMdaCubSWJwJ+BtTZMAvwfpysw0TrYgUw10v4O6PU
0ri80I/79IKXCQjLnoqrf7OylYnSeuufMrcojZlqMD444EcJS8OAhm648D7w9xWp
YwGhhV7gLgFZfIZ3vq/VQE6//pasHZ4P2bdej4Up7Nhsqa3qLtPYlUsJB8uTp04h
YLA600hKoGKJiW1fHrmVIQiYamwkpUSmhY1mw/RJ0GbWE1BT+vLC2BMckw+cwF0C
AwEAAaOCAUEwggE9MB0GA1UdDgQWBBTgzBbVi3ycphRotu7Am6ynMwVAyTCB0gYD
VR0jBIHKMIHHgBTgzBbVi3ycphRotu7Am6ynMwVAyaGBmKSBlTCBkjELMAkGA1UE
BhMCRlIxDzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYD
VQQKDAtFeGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5v
cmcxJjAkBgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ghQfrXjO
+YKeClJzboEssW7aWiq9+DAPBgNVHRMBAf8EBTADAQH/MDYGA1UdHwQvMC0wK6Ap
oCeGJWh0dHA6Ly93d3cuZXhhbXBsZS5jb20vZXhhbXBsZV9jYS5jcmwwDQYJKoZI
hvcNAQELBQADggEBAAV8StX4zFbOqcNVzF0JaZGu7CquFR4pOjCbM9XJVcwCxc0+
DtIxy+w9KMLGgwB6LHh51tAExCR3UTktG8FqFxdjESCD8qlQoLU1uzt0kadKvQUr
wjn8ToEp1UP8UZa+SzaXVAYv09DC+VMYqBmkUtze/F5LC0LMWQBR3bn2EGdwBoMl
k2Gq6BdJZRCotyraSvG01mMyORY6UzLi25WFVg6B284VlD0cqFqmUMEmk2f76Ix3
WpUkoGZ/ArAoS6+vaFmSrhZ9W+YBfBoBgjXrGMKi2dkUUngbm4yGxrhnN1MFu2lA
xnBWRxSQjzLGzqQP/bfxAVlNyXwQNPETGVZpGzc=
-----END CERTIFICATE-----
29 changes: 29 additions & 0 deletions samples/net/wifi/test_certs/rsa2k/ca2.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE+TCCA+GgAwIBAgIUH614zvmCngpSc26BLLFu2loqvfgwDQYJKoZIhvcNAQEL
BQAwgZIxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNv
bWV3aGVyZTEUMBIGA1UECgwLRXhhbXBsZSBJbmMxIDAeBgkqhkiG9w0BCQEWEWFk
bWluQGV4YW1wbGUub3JnMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1
dGhvcml0eTAgFw0yNTAzMjcxMjUwNDhaGA8yMDUyMDgxMTEyNTA0OFowgZIxCzAJ
BgNVBAYTAkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNvbWV3aGVyZTEU
MBIGA1UECgwLRXhhbXBsZSBJbmMxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1w
bGUub3JnMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALljCArLJs7rdS4pJDrpbSd3
pNCo1skN3h9FSdboWnz5uvy4dUfOQcPzd1i/Kav7R+eURTIlIe24slDobYW7dS+u
U+mlw8yzd6Xs9L8BvHrE/JvHMdaCubSWJwJ+BtTZMAvwfpysw0TrYgUw10v4O6PU
0ri80I/79IKXCQjLnoqrf7OylYnSeuufMrcojZlqMD444EcJS8OAhm648D7w9xWp
YwGhhV7gLgFZfIZ3vq/VQE6//pasHZ4P2bdej4Up7Nhsqa3qLtPYlUsJB8uTp04h
YLA600hKoGKJiW1fHrmVIQiYamwkpUSmhY1mw/RJ0GbWE1BT+vLC2BMckw+cwF0C
AwEAAaOCAUEwggE9MB0GA1UdDgQWBBTgzBbVi3ycphRotu7Am6ynMwVAyTCB0gYD
VR0jBIHKMIHHgBTgzBbVi3ycphRotu7Am6ynMwVAyaGBmKSBlTCBkjELMAkGA1UE
BhMCRlIxDzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYD
VQQKDAtFeGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5v
cmcxJjAkBgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ghQfrXjO
+YKeClJzboEssW7aWiq9+DAPBgNVHRMBAf8EBTADAQH/MDYGA1UdHwQvMC0wK6Ap
oCeGJWh0dHA6Ly93d3cuZXhhbXBsZS5jb20vZXhhbXBsZV9jYS5jcmwwDQYJKoZI
hvcNAQELBQADggEBAAV8StX4zFbOqcNVzF0JaZGu7CquFR4pOjCbM9XJVcwCxc0+
DtIxy+w9KMLGgwB6LHh51tAExCR3UTktG8FqFxdjESCD8qlQoLU1uzt0kadKvQUr
wjn8ToEp1UP8UZa+SzaXVAYv09DC+VMYqBmkUtze/F5LC0LMWQBR3bn2EGdwBoMl
k2Gq6BdJZRCotyraSvG01mMyORY6UzLi25WFVg6B284VlD0cqFqmUMEmk2f76Ix3
WpUkoGZ/ArAoS6+vaFmSrhZ9W+YBfBoBgjXrGMKi2dkUUngbm4yGxrhnN1MFu2lA
xnBWRxSQjzLGzqQP/bfxAVlNyXwQNPETGVZpGzc=
-----END CERTIFICATE-----
30 changes: 30 additions & 0 deletions samples/net/wifi/test_certs/rsa2k/client-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIcm3x/CvLYRcCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCSqbBrS+vObBIIEyPSMbzL5DvaJ
tW/lEoNvmujkYw/qADyExm4JidoemiTxMJB6TkXJE+W8glDeY+TCZUD6UyeiSx7J
HC1R2rQmpy91LT5o6P7Eyq/VHIsXVE77rS91NCKjiljdPWbzkLFo5oNwguhsvKI9
YjU8m0V6KVLx21DZFDi5OZQ8g0ULu9FR9WIr4eDUnAIjJnpqw00hZF6FVKe7lu9t
2uCiKABXpODMqQyrDrTTsQNB4MV8axVWMaYW4P6JVf40ByzA4ISNYhmFH3DWMlAH
c6LhZstT7n3lXbpsq3pTvn/07+5yuTIvOmFvOoUnXo+kIU7gf1ODma7kPHrcD62c
9ZgMh/Y90YcQamoLUXJqKBk96ybj9v4p6CTzJC8vOj8GOJqEoUgs6lNYrNQmdJka
InZJnMfCgX67g60NrQ7vb/LPXTs1gShk/fn2EdLCvhqJNQwNgLjwFtio2DObBD4b
kuIV/h83moZ/yGrW2PPjxDrzWCxgFhMXs8kGZX6119J8Ki8L+EgKXz0Vfed6XQP6
RK2anaQzmtJgM4gzzXDOPBPKYDMjqZHqZpMCl1J6TOYbVELDu+OAPGrLSXt71O+T
toPVrUNdKvYB5H4hosoqMiyeNGwEVjFlSKEInSM6IlwWK2+/xeqTued74nKgj/Je
xmLbZEurHtOctY0807gj2aNO2/iR4n+1kk9nniBcZNJ7la5GEqAp4wRSH2KI+hu0
YoJHLtRX/BccawOTvWnLXOsbBTxXtZV9m4ojLbqCzpEV5alFkO0ycP/ao6A/ZTej
52X01EoUi7Nq5uoIxx+BKj5LN4Pa0Wpe4/DryiEqjSQ2sZMnkD+DhHw/soGcJrJm
s9zV0YFfFk9Flfnq/9uteHOj+CLxE4BQCpaEBkE+2IooU2Vtw9i5YOeQB+4971XE
JFBqNknjSfFqaL9zzBliKA9bizZawBub/HUX5P+3k71761k+Li1ID+RYOhTGjqKh
ws8bke2BtAOB/vccxQGYEOdi8U6+AgK7Dz1AmMQhLlDA8S7qAwodLmnaC6WhP1rA
1koQYnAGCxOcARTZCLzlfidNf1KzYMRdSVjTh9QAGW7cxEnNEnai5nU4VXUVT3xB
LWRP98yWzOIsQLFtXzjE0P+ESYGOsQj8aVyy/QHSOg5oEHxZ/myUbr1QB58Z+VKa
T8/EE2lQazINMIxfsxjDygHX3iF3BlxpwCBk2ykdbfqQFwZ3cr1l53ixuKqd2pTV
xsEhuAvAfJ1OadUM8HefT+ijUuKPUowtcrcA8URqgy1V/vgcM0qiw7fWysKK7oWl
L7Oa3JfTE1mpZuocOvF7e5ueNzIgEgnxQEkEE3AJmS0YxMqI6ShTnUx6p79OlVZr
/Izdkwqqhene+zudNd3z0TMhkjI8LZa6x4SBfCZmCOzOgoZ9XMrf80S/9CKTLWFv
UrLOe8RJz/6SYweQTMakejC/sbHSSTrqmIf9mrVLP1sMBm8R7TPLMRt8CFNtuYB0
3nHO9kP7qT3U3sTZ9A0NQyaOfQYcWSLSGBkLSJAM3wh590hp7i6hnM3FeOYY3+lL
2a9q59B2H3HJfSUUCXtPA8wsEkZyCfz+y5YGscrhQcCbBq1FkkarluKJFonFCEKK
D4mU9Io0mhON+5ZNhwqurQ==
-----END ENCRYPTED PRIVATE KEY-----
30 changes: 30 additions & 0 deletions samples/net/wifi/test_certs/rsa2k/client-key2.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIcm3x/CvLYRcCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCSqbBrS+vObBIIEyPSMbzL5DvaJ
tW/lEoNvmujkYw/qADyExm4JidoemiTxMJB6TkXJE+W8glDeY+TCZUD6UyeiSx7J
HC1R2rQmpy91LT5o6P7Eyq/VHIsXVE77rS91NCKjiljdPWbzkLFo5oNwguhsvKI9
YjU8m0V6KVLx21DZFDi5OZQ8g0ULu9FR9WIr4eDUnAIjJnpqw00hZF6FVKe7lu9t
2uCiKABXpODMqQyrDrTTsQNB4MV8axVWMaYW4P6JVf40ByzA4ISNYhmFH3DWMlAH
c6LhZstT7n3lXbpsq3pTvn/07+5yuTIvOmFvOoUnXo+kIU7gf1ODma7kPHrcD62c
9ZgMh/Y90YcQamoLUXJqKBk96ybj9v4p6CTzJC8vOj8GOJqEoUgs6lNYrNQmdJka
InZJnMfCgX67g60NrQ7vb/LPXTs1gShk/fn2EdLCvhqJNQwNgLjwFtio2DObBD4b
kuIV/h83moZ/yGrW2PPjxDrzWCxgFhMXs8kGZX6119J8Ki8L+EgKXz0Vfed6XQP6
RK2anaQzmtJgM4gzzXDOPBPKYDMjqZHqZpMCl1J6TOYbVELDu+OAPGrLSXt71O+T
toPVrUNdKvYB5H4hosoqMiyeNGwEVjFlSKEInSM6IlwWK2+/xeqTued74nKgj/Je
xmLbZEurHtOctY0807gj2aNO2/iR4n+1kk9nniBcZNJ7la5GEqAp4wRSH2KI+hu0
YoJHLtRX/BccawOTvWnLXOsbBTxXtZV9m4ojLbqCzpEV5alFkO0ycP/ao6A/ZTej
52X01EoUi7Nq5uoIxx+BKj5LN4Pa0Wpe4/DryiEqjSQ2sZMnkD+DhHw/soGcJrJm
s9zV0YFfFk9Flfnq/9uteHOj+CLxE4BQCpaEBkE+2IooU2Vtw9i5YOeQB+4971XE
JFBqNknjSfFqaL9zzBliKA9bizZawBub/HUX5P+3k71761k+Li1ID+RYOhTGjqKh
ws8bke2BtAOB/vccxQGYEOdi8U6+AgK7Dz1AmMQhLlDA8S7qAwodLmnaC6WhP1rA
1koQYnAGCxOcARTZCLzlfidNf1KzYMRdSVjTh9QAGW7cxEnNEnai5nU4VXUVT3xB
LWRP98yWzOIsQLFtXzjE0P+ESYGOsQj8aVyy/QHSOg5oEHxZ/myUbr1QB58Z+VKa
T8/EE2lQazINMIxfsxjDygHX3iF3BlxpwCBk2ykdbfqQFwZ3cr1l53ixuKqd2pTV
xsEhuAvAfJ1OadUM8HefT+ijUuKPUowtcrcA8URqgy1V/vgcM0qiw7fWysKK7oWl
L7Oa3JfTE1mpZuocOvF7e5ueNzIgEgnxQEkEE3AJmS0YxMqI6ShTnUx6p79OlVZr
/Izdkwqqhene+zudNd3z0TMhkjI8LZa6x4SBfCZmCOzOgoZ9XMrf80S/9CKTLWFv
UrLOe8RJz/6SYweQTMakejC/sbHSSTrqmIf9mrVLP1sMBm8R7TPLMRt8CFNtuYB0
3nHO9kP7qT3U3sTZ9A0NQyaOfQYcWSLSGBkLSJAM3wh590hp7i6hnM3FeOYY3+lL
2a9q59B2H3HJfSUUCXtPA8wsEkZyCfz+y5YGscrhQcCbBq1FkkarluKJFonFCEKK
D4mU9Io0mhON+5ZNhwqurQ==
-----END ENCRYPTED PRIVATE KEY-----
27 changes: 27 additions & 0 deletions samples/net/wifi/test_certs/rsa2k/client.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEgzCCA2ugAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCRlIx
DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQKDAtF
eGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5vcmcxJjAk
BgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTI1MDMyNzEy
NTA0OVoYDzIwNTIwODExMTI1MDQ5WjB0MQswCQYDVQQGEwJGUjEPMA0GA1UECAwG
UmFkaXVzMRQwEgYDVQQKDAtFeGFtcGxlIEluYzEVMBMGA1UEAwwMRXhhbXBsZSB1
c2VyMScwJQYJKoZIhvcNAQkBFhh1c2VyLmV4YW1wbGVAZXhhbXBsZS5vcmcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkyPDf2/pHiJ6Bb7JK2syekEMh
j67IpFshtBy/6WAxQfbu9i8LAtyTiEg/7FvZbtAhfPtOnXc45Lu64EHyF8o60Y0X
6+45Ja3TCrPI609uTf1wTk8cpuRbm5u5blVwECaRiUJQL+Jm6TVNHF4byrNgKmUn
KY7JFYHQCp6FTCfyex7pTkZSWdNo/EWTuAtOqmwjVLBEQCGtdpbQZmnE9b0WcoPL
TB5vw3T30UBf3ve5wj6y3BFgMnbaoGvZd07lQtKVjkf50fVwuenPJF6+5XQS68qO
qeNTq77//qtjFEukobQ5CxFUTrLTO3XTfN+to7xI1WRxDCAIO7wxPCPOcAx3AgMB
AAGjgf4wgfswCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL3d3dy5leGFtcGxlLmNvbS9l
eGFtcGxlX2NhLmNybDA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6
Ly93d3cuZXhhbXBsZS5vcmcvb2NzcDAbBgNVHREEFDASgRB1c2VyQGV4YW1wbGUu
b3JnMB0GA1UdDgQWBBReX3pn9AYI0W0cD5Qrd1PP4mNtOjAfBgNVHSMEGDAWgBTg
zBbVi3ycphRotu7Am6ynMwVAyTANBgkqhkiG9w0BAQsFAAOCAQEAbXo1Wc2a4053
jBgl/lGN7p1KNyTO92V/gNT1jM6lOfy+qK6NZGZsayLLT2qubX5t9+1FI/RbRq3i
FVCocIGRbZD+vKWTfxe4XowCwF9aE2od3xbQjWfSRGZCCYJpPkr5oh3i5qfztYos
ONclAY54yx3cpsEj5VG/TXA4BmlaoJRrBbAVCGwRHL/KXGu4Y/AlAKHQWnZp6+sl
UraELVaPeSRuZLgustDtIbMdyC6yTBTfCaRHPDmgYAxVVhzR29kitMO/hoJIAt8d
MDWMXTRNsJMGMVOy6YWZAdvW0pj9tTN1shhYBRA3Wi8W/HrvlPtQWfrJqaTHNJ32
sTKtziYlCg==
-----END CERTIFICATE-----
27 changes: 27 additions & 0 deletions samples/net/wifi/test_certs/rsa2k/client2.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEgzCCA2ugAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCRlIx
DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQKDAtF
eGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5vcmcxJjAk
BgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTI1MDMyNzEy
NTA0OVoYDzIwNTIwODExMTI1MDQ5WjB0MQswCQYDVQQGEwJGUjEPMA0GA1UECAwG
UmFkaXVzMRQwEgYDVQQKDAtFeGFtcGxlIEluYzEVMBMGA1UEAwwMRXhhbXBsZSB1
c2VyMScwJQYJKoZIhvcNAQkBFhh1c2VyLmV4YW1wbGVAZXhhbXBsZS5vcmcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkyPDf2/pHiJ6Bb7JK2syekEMh
j67IpFshtBy/6WAxQfbu9i8LAtyTiEg/7FvZbtAhfPtOnXc45Lu64EHyF8o60Y0X
6+45Ja3TCrPI609uTf1wTk8cpuRbm5u5blVwECaRiUJQL+Jm6TVNHF4byrNgKmUn
KY7JFYHQCp6FTCfyex7pTkZSWdNo/EWTuAtOqmwjVLBEQCGtdpbQZmnE9b0WcoPL
TB5vw3T30UBf3ve5wj6y3BFgMnbaoGvZd07lQtKVjkf50fVwuenPJF6+5XQS68qO
qeNTq77//qtjFEukobQ5CxFUTrLTO3XTfN+to7xI1WRxDCAIO7wxPCPOcAx3AgMB
AAGjgf4wgfswCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL3d3dy5leGFtcGxlLmNvbS9l
eGFtcGxlX2NhLmNybDA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6
Ly93d3cuZXhhbXBsZS5vcmcvb2NzcDAbBgNVHREEFDASgRB1c2VyQGV4YW1wbGUu
b3JnMB0GA1UdDgQWBBReX3pn9AYI0W0cD5Qrd1PP4mNtOjAfBgNVHSMEGDAWgBTg
zBbVi3ycphRotu7Am6ynMwVAyTANBgkqhkiG9w0BAQsFAAOCAQEAbXo1Wc2a4053
jBgl/lGN7p1KNyTO92V/gNT1jM6lOfy+qK6NZGZsayLLT2qubX5t9+1FI/RbRq3i
FVCocIGRbZD+vKWTfxe4XowCwF9aE2od3xbQjWfSRGZCCYJpPkr5oh3i5qfztYos
ONclAY54yx3cpsEj5VG/TXA4BmlaoJRrBbAVCGwRHL/KXGu4Y/AlAKHQWnZp6+sl
UraELVaPeSRuZLgustDtIbMdyC6yTBTfCaRHPDmgYAxVVhzR29kitMO/hoJIAt8d
MDWMXTRNsJMGMVOy6YWZAdvW0pj9tTN1shhYBRA3Wi8W/HrvlPtQWfrJqaTHNJ32
sTKtziYlCg==
-----END CERTIFICATE-----
30 changes: 30 additions & 0 deletions samples/net/wifi/test_certs/rsa2k/server-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIZwdmrQt6RogCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHEftLym1jQkBIIEyH5UdHK2L2sR
frTjMbkJBty0NxC8ucPqmBleZPkpAOF8XazZkfiq40/Vj9D+wTgXWL9/UNQHrY1m
MbJvBaONODXnJe14rsL18NzN+LoUscE4poKBcrZ4Hbua5mS8mJ+WtPs9AfARyaEZ
t60lDQMyJ/Hj2Nr7jbUykP6OOkAy1xqcjytcIRA+3q2Jiivv8XMozBzi8t+njODZ
huMbuj13IFqLtZzTZikL+DpalNCezi7D8kttpkQul1uAtmtIAq3QZ99Ed8/XkRV1
PiKkcj9J5oOcIyH9PE5D9Mid7+As2kkz614J3zeCG2s9xtUkgoasiabTKZNYgL4K
sjuTFU4vOoGNasfH+j4tEFRozySW7z53C4jB1KZ8MmOUG+G9tlJk/jAHyFGiK0LN
CTIsY/ZiA5f7Gk6BL1MbRTsLqch+5pmh43gDwfbq22gPs/TwQKxx3YZJfuUy2L7A
T5sX3VjqQZ+rTwMEql790AnKSFsCbIH4Y7XcFY2Ux6tYzddiViLMTR29kJ0GJSEv
aw5VIDAexec2M72p+l7kMecJiJgB2cDwkGFgD8qAd/hkWj6k6R9rRdI6Dg4a3Ta3
Q50colSh0XfpPQ9jg6NjGJCUVO+uICOa5rD5tI5s/Ogd7MzgTcdDnzl7RDgOH1W+
TivRMpFwCLdrtDmq9DSA0H7XCeSvf6orROK15dkQn1nmtK4/zhG20DVNJxV9UK0u
GNCkEqqvcGXu75PKkw0bO7BFPAksP4WX+RPIEyZLasB8PxrorkDZTqNh7AJ5CuwO
xy+ekOrNkfcqHIl2vJvrAhl6i68zM9e6sDV6+J1Eia0naFpZ3cjYC+AAgxcUZT23
xLcNrNlZbcFJvCrb7JNgSbsQnHSjA1rtMXfNNTpnOGP29gv49rWiSL5QFMTSEBEZ
4CGs6fpBNQxjvRfxGTnKaZWhenVE98r35zALeD74P8WWieRj7qDPMS8VJmvN6JmN
VaQ2ysHeFlUEZxC2STHlUl0RAQU/Um4ee2kK6rzywjiZuOv3GeG7zB9P0kIpROa2
KlxLN+EDffwFytiAlCMfqHrS7iqHPzMxWxzo/Fv7KFngrCxNSPTwxkRu/VVZouOl
g6ip7VIYxuWgpUD4jZNllLKbJyQ8QABkmZIZI3nZqPX2K6OhqKPdnqF1BiuwrDRD
k1f2jQBC4cue2nIuitr+mgsw5GG3mwob6Sniv4a6vy19DJImD+bGAxduiUH0laPq
D2L5BH/Q3c+GtuQGfcemtPD3lteV4Qw/keOEBoLG0tPSVjs+uADUK3cBI4f2C3pd
gb7Ze1dOPH8Fy/hy+wGp7+gLLLTv23RRYFZZsHBCat9qTyP97vzsckvL3VQN6zWE
3W8TB2HBVKKkszv5ov0r8/mf5k6aqSw+IYHnkXehkTcRfENUdl7X/x0LM5Hi+I5F
ZhbtWEETZlcu8XWaIAvW3eV2AOlf0xzC1SmCYEuQ6V9dSxGNuVn4pIMzxfLDfPOw
gqheYFzSrKZJfB/iGI7XpN2XjWo61ZKudKRxZXSVxPM1hTOqtAFiE4mKarJUTkvC
TWKmPppA4suT1wV79CMMxWBhe4Kj4STHYSHQfUS22SqsqJbdK/1DD9u+nNANnKol
riIOT3CiCzNDQyu627UONg==
-----END ENCRYPTED PRIVATE KEY-----
31 changes: 31 additions & 0 deletions samples/net/wifi/test_certs/rsa2k/server.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCRlIx
DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQKDAtF
eGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5vcmcxJjAk
BgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTI1MDMyNzEy
NTA0OVoYDzIwNTIwODExMTI1MDQ5WjB7MQswCQYDVQQGEwJGUjEPMA0GA1UECAwG
UmFkaXVzMRQwEgYDVQQKDAtFeGFtcGxlIEluYzEjMCEGA1UEAwwaRXhhbXBsZSBT
ZXJ2ZXIgQ2VydGlmaWNhdGUxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu
b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtIpRygUsyReit9O
/15T0lf3p0ck1Sjw3ufaqaXXzEcM7i/w7UoSfNyqrjmCsZhfIDHqzWKdRUD+jE3Z
TfRzrF/nGtyG2jjjqZy/p+0uTL0cN/QdMjUEvla/eRIgMHPPNG0oFn7GkzbrrqFt
+f3RgsWV6Anw+8ipZvd8BjsummA4W4v6A86zXgORlefU4A7JOlxHXYvhFwS044nd
N1Fvi0bjyZ7ciKltVCxjLDJEzV7I3ttoO57TI85vtEIjMMwkGywx6ICyLbLrgycl
OeMmArC86MFINUor3oz+mfI8ETOIfLftqVN+oPRtDqjLlrIvtaDV6PsEoiFajpdx
faMLhwIDAQABo4IB3DCCAdgwHQYDVR0OBBYEFMGuQKFgIgEb+q+VVWotbLlNZUxu
MIHSBgNVHSMEgcowgceAFODMFtWLfJymFGi27sCbrKczBUDJoYGYpIGVMIGSMQsw
CQYDVQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hlcmUx
FDASBgNVBAoMC0V4YW1wbGUgSW5jMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFt
cGxlLm9yZzEmMCQGA1UEAwwdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmC
FB+teM75gp4KUnNugSyxbtpaKr34MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDDjA2BgNVHR8ELzAtMCugKaAnhiVo
dHRwOi8vd3d3LmV4YW1wbGUuY29tL2V4YW1wbGVfY2EuY3JsMDcGCCsGAQUFBwEB
BCswKTAnBggrBgEFBQcwAYYbaHR0cDovL3d3dy5leGFtcGxlLm9yZy9vY3NwMDoG
A1UdEQQzMDGCEnJhZGl1cy5leGFtcGxlLm9yZ6AbBggrBgEFBQcICKAPDA0qLmV4
YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQAov9HxapiYtoAUebNdGU6hFz7G
3F6Jtpg5d34/AW1ntmgxHryNn5dJp/fmc3eyndMLQRJhDIksc/6Tmp0jUs6DhxE5
5BmdAPVsAPhYfr3ylOoOP21wtmaH4MeRtBYuBsdvLgyiIXMWrliQnJa+12ovdqMX
+9KJJLWJm81IH6O2kEZ7HmoWkY6XXYpJZqw3c8FukuUoFQQk2mJ4u2yncq4oFQSn
uu5G4UL8o3blhkY1pK8WmuzUiafyJjjlwBcsBkk47BuKbyQCquOXl/O+lzteJMEZ
Z83ZANWQb7g1vhIVvse5qLZ9Osa68TJFDaHWcmIyFutbyfdAJy4XEGawf1Fq
-----END CERTIFICATE-----
0 samples/net/wifi/test_certs/ca.pem → samples/net/wifi/test_certs/rsa3k/ca.pem
View file
Open in desktop
File renamed without changes.
0 samples/net/wifi/test_certs/ca2.pem → samples/net/wifi/test_certs/rsa3k/ca2.pem
View file
Open in desktop
File renamed without changes.
0 samples/net/wifi/test_certs/client-key.pem → .../net/wifi/test_certs/rsa3k/client-key.pem
View file
Open in desktop
File renamed without changes.
0 samples/net/wifi/test_certs/client-key2.pem → ...net/wifi/test_certs/rsa3k/client-key2.pem
View file
Open in desktop
File renamed without changes.
0 samples/net/wifi/test_certs/client.pem → samples/net/wifi/test_certs/rsa3k/client.pem
View file
Open in desktop
File renamed without changes.
0 samples/net/wifi/test_certs/client2.pem → ...les/net/wifi/test_certs/rsa3k/client2.pem
View file
Open in desktop
File renamed without changes.
0 samples/net/wifi/test_certs/server-key.pem → .../net/wifi/test_certs/rsa3k/server-key.pem
View file
Open in desktop
File renamed without changes.
0 samples/net/wifi/test_certs/server.pem → samples/net/wifi/test_certs/rsa3k/server.pem
View file
Open in desktop
File renamed without changes.
31 changes: 31 additions & 0 deletions snippets/wifi-enterprise/README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
.. _snippet-wifi-enterprise:

Wi-Fi Enterprise Snippet (wifi-enterprise)
##########################################

.. code-block:: console

west build -S wifi-enterprise [...]

Can also be used along with the :ref:`snippet-wifi-ipv4` snippet.

.. code-block:: console

west build -S "wifi-enterprise,wifi-ipv4" [...]

Overview
********

This snippet enables enterprise Wi-Fi support in supported networking samples.

See :ref:`wifi_mgmt` for more information on the usage.

Requirements
************

Hardware support for:

- :kconfig:option:`CONFIG_WIFI`
- :kconfig:option:`CONFIG_WIFI_USE_NATIVE_NETWORKING`
- :kconfig:option:`CONFIG_WIFI_NM_WPA_SUPPLICANT`
- :kconfig:option:`CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE`
3 changes: 3 additions & 0 deletions snippets/wifi-enterprise/snippet.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
name: wifi-enterprise
append:
EXTRA_CONF_FILE: wifi-enterprise.conf
13 changes: 10 additions & 3 deletions ...ell/overlay-enterprise-variable-bufs.conf → ...pets/wifi-enterprise/wifi-enterprise.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
# Enable Wi-Fi enterprise mode
CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE=y
# EAP frames are ~1100 bytes, so, for efficiency, we set the data size to 1100
CONFIG_NET_BUF_DATA_SIZE=1100
# Use variable data size to reduce memory usage for small data packets
CONFIG_NET_BUF_VARIABLE_DATA_SIZE=y
# For TLS and X.509 processing MbedTLS needs large heap size and using separate heap
# for MbedTLS gives us more control over the heap size.
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=55000
CONFIG_MBEDTLS_HEAP_SIZE=70000

# For use with TLS credentials
CONFIG_TLS_CREDENTIALS_SHELL=y
CONFIG_BASE64=y
CONFIG_TLS_CREDENTIALS=y
CONFIG_TLS_CREDENTIALS_SHELL_CRED_BUF_SIZE=8192
CONFIG_TLS_MAX_CREDENTIALS_NUMBER=6
CONFIG_HEAP_MEM_POOL_ADD_SIZE_TLS_CRED_SHELL=9000
Loading