diff --git a/doc/connectivity/networking/api/wifi.rst b/doc/connectivity/networking/api/wifi.rst index be29d9f8dda..9ae9b8cb26c 100644 --- a/doc/connectivity/networking/api/wifi.rst +++ b/doc/connectivity/networking/api/wifi.rst @@ -24,6 +24,39 @@ Currently, two types of Wi-Fi drivers are supported: * Networking or socket offloaded drivers * Native L2 Ethernet drivers +Wi-Fi Enterprise test: X.509 Certificate header generation +********************************************************** + +Wi-Fi enterprise security requires use of X.509 certificates, test certificates +in PEM format are committed to the repo at :zephyr_file:`samples/net/wifi/test_certs` and the during the +build process the certificates are converted to a `C` header file that is included by the Wi-Fi shell +module. + +.. code-block:: bash + + $ cp client.pem samples/net/wifi/test_certs/ + $ cp client-key.pem samples/net/wifi/test_certs/ + $ cp ca.pem samples/net/wifi/test_certs/ + $ west build -p -b samples/net/wifi + +To initiate Wi-Fi connection, the following command can be used: + +.. code-block:: console + + uart:~$ wifi connect -s -k 5 -a anon -K whatever + +Server certificate is also provided in the same directory for testing purposes. +Any `AAA` server can be used for testing purposes, for example, `FreeRADIUS` or `hostapd`. + +.. important:: + + The passphrase for the client-key.pem and the server-key.pem is `whatever`. + +.. note:: + + The certificates are for testing purposes only and should not be used in production. + The certificates are generated using `FreeRADIUS raddb _` scripts. + API Reference ************* diff --git a/include/zephyr/net/wifi.h b/include/zephyr/net/wifi.h index 9c13f34ae3f..f719ebf52b0 100644 --- a/include/zephyr/net/wifi.h +++ b/include/zephyr/net/wifi.h @@ -128,6 +128,10 @@ const char *wifi_band_txt(enum wifi_frequency_bands band); #define WIFI_SAE_PSWD_MAX_LEN 128 /** MAC address length */ #define WIFI_MAC_ADDR_LEN 6 +/** Max enterprise identity length */ +#define WIFI_ENT_IDENTITY_MAX_LEN 64 +/** Max enterprise password length */ +#define WIFI_ENT_PSWD_MAX_LEN 128 /** Minimum channel number */ #define WIFI_CHANNEL_MIN 1 diff --git a/include/zephyr/net/wifi_mgmt.h b/include/zephyr/net/wifi_mgmt.h index 99e3fd5a6d6..ce03e3dc857 100644 --- a/include/zephyr/net/wifi_mgmt.h +++ b/include/zephyr/net/wifi_mgmt.h @@ -102,6 +102,8 @@ enum net_request_wifi_cmd { #endif /** Flush PMKSA cache entries */ NET_REQUEST_WIFI_CMD_PMKSA_FLUSH, + /** Set enterprise mode credential */ + NET_REQUEST_WIFI_CMD_ENTERPRISE_CREDS, /** @cond INTERNAL_HIDDEN */ NET_REQUEST_WIFI_CMD_MAX /** @endcond */ @@ -234,6 +236,12 @@ NET_MGMT_DEFINE_REQUEST_HANDLER(NET_REQUEST_WIFI_BTM_QUERY); NET_MGMT_DEFINE_REQUEST_HANDLER(NET_REQUEST_WIFI_PMKSA_FLUSH); +/** Set Wi-Fi enterprise mode CA/client Cert and key */ +#define NET_REQUEST_WIFI_ENTERPRISE_CREDS \ + (_NET_WIFI_BASE | NET_REQUEST_WIFI_CMD_ENTERPRISE_CREDS) + +NET_MGMT_DEFINE_REQUEST_HANDLER(NET_REQUEST_WIFI_ENTERPRISE_CREDS); + /** @brief Wi-Fi management events */ enum net_event_wifi_cmd { /** Scan results available */ @@ -438,6 +446,14 @@ struct wifi_connect_req_params { uint8_t bssid[WIFI_MAC_ADDR_LEN]; /** Connect timeout in seconds, SYS_FOREVER_MS for no timeout */ int timeout; + /** anonymous identity */ + const uint8_t *anon_id; + /** anon_id length */ + uint8_t aid_length; /* Max 64 */ + /** Private key passwd for enterprise mode */ + const uint8_t *key_passwd; + /** Private key passwd length */ + uint8_t key_passwd_length; /* Max 128 */ }; /** @brief Wi-Fi connect result codes. To be overlaid on top of \ref wifi_status @@ -661,6 +677,22 @@ struct wifi_twt_flow_info { uint32_t twt_wake_ahead_duration; }; +/** Wi-Fi enterprise mode credentials */ +struct wifi_enterprise_creds_params { + /** CA certification */ + uint8_t *ca_cert; + /** CA certification length */ + uint32_t ca_cert_len; + /** Client certification */ + uint8_t *client_cert; + /** Client certification length */ + uint32_t client_cert_len; + /** Client key */ + uint8_t *client_key; + /** Client key length */ + uint32_t client_key_len; +}; + /** @brief Wi-Fi power save configuration */ struct wifi_ps_config { /** Number of TWT flows */ @@ -1199,6 +1231,17 @@ struct wifi_mgmt_ops { * @return 0 if ok, < 0 if error */ int (*pmksa_flush)(const struct device *dev); + /** Set Wi-Fi enterprise mode CA/client Cert and key + * + * @param dev Pointer to the device structure for the driver instance. + * @param creds Pointer to the CA/client Cert and key. + * + * @return 0 if ok, < 0 if error + */ +#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE + int (*enterprise_creds)(const struct device *dev, + struct wifi_enterprise_creds_params *creds); +#endif }; /** Wi-Fi management offload API */ diff --git a/modules/hostap/src/supp_api.c b/modules/hostap/src/supp_api.c index d9d2feb59af..69d79932706 100644 --- a/modules/hostap/src/supp_api.c +++ b/modules/hostap/src/supp_api.c @@ -46,6 +46,10 @@ enum status_thread_state { #define DISCONNECT_TIMEOUT_MS 5000 +#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE +static struct wifi_enterprise_creds_params enterprise_creds; +#endif + K_MUTEX_DEFINE(wpa_supplicant_mutex); extern struct k_work_q *get_workq(void); @@ -324,6 +328,61 @@ static inline enum wifi_security_type wpas_key_mgmt_to_zephyr(int key_mgmt, int } } +#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE +int supplicant_add_enterprise_creds(const struct device *dev, + struct wifi_enterprise_creds_params *creds) +{ + int ret = 0; + + if (!creds) { + ret = -1; + wpa_printf(MSG_ERROR, "enterprise creds is NULL"); + goto out; + } + + memcpy((void *)&enterprise_creds, (void *)creds, + sizeof(struct wifi_enterprise_creds_params)); + +out: + return ret; +} + +static int wpas_config_process_blob(struct wpa_config *config, char *name, uint8_t *data, + uint32_t data_len) +{ + struct wpa_config_blob *blob; + + if (!data || !data_len) { + return -1; + } + + blob = os_zalloc(sizeof(*blob)); + if (blob == NULL) { + return -1; + } + + blob->data = os_zalloc(data_len); + if (blob->data == NULL) { + os_free(blob); + return -1; + } + + blob->name = os_strdup(name); + + if (blob->name == NULL) { + wpa_config_free_blob(blob); + return -1; + } + + os_memcpy(blob->data, data, data_len); + blob->len = data_len; + + wpa_config_set_blob(config, blob); + + return 0; +} +#endif + static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s, struct wifi_connect_req_params *params, bool mode_ap) @@ -457,6 +516,66 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s, goto out; } } +#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE + } else if (params->security == WIFI_SECURITY_TYPE_EAP_TLS) { + if (!wpa_cli_cmd_v("set_network %d key_mgmt WPA-EAP", + resp.network_id)) { + goto out; + } + + if (!wpa_cli_cmd_v("set_network %d proto RSN", + resp.network_id)) { + goto out; + } + + if (!wpa_cli_cmd_v("set_network %d eap TLS", + resp.network_id)) { + goto out; + } + + if (!wpa_cli_cmd_v("set_network %d anonymous_identity \"%s\"", + resp.network_id, params->anon_id)) { + goto out; + } + + if (wpas_config_process_blob(wpa_s->conf, "ca_cert", + enterprise_creds.ca_cert, + enterprise_creds.ca_cert_len)) { + goto out; + } + + if (!wpa_cli_cmd_v("set_network %d ca_cert \"blob://ca_cert\"", + resp.network_id)) { + goto out; + } + + if (wpas_config_process_blob(wpa_s->conf, "client_cert", + enterprise_creds.client_cert, + enterprise_creds.client_cert_len)) { + goto out; + } + + if (!wpa_cli_cmd_v("set_network %d client_cert \"blob://client_cert\"", + resp.network_id)) { + goto out; + } + + if (wpas_config_process_blob(wpa_s->conf, "private_key", + enterprise_creds.client_key, + enterprise_creds.client_key_len)) { + goto out; + } + + if (!wpa_cli_cmd_v("set_network %d private_key \"blob://private_key\"", + resp.network_id)) { + goto out; + } + + if (!wpa_cli_cmd_v("set_network %d private_key_passwd \"%s\"", + resp.network_id, params->key_passwd)) { + goto out; + } +#endif } else { ret = -1; wpa_printf(MSG_ERROR, "Unsupported security type: %d", diff --git a/modules/hostap/src/supp_api.h b/modules/hostap/src/supp_api.h index cc2c9776264..f954e891ff2 100644 --- a/modules/hostap/src/supp_api.h +++ b/modules/hostap/src/supp_api.h @@ -138,6 +138,18 @@ int supplicant_reg_domain(const struct device *dev, struct wifi_reg_domain *reg_ */ int supplicant_mode(const struct device *dev, struct wifi_mode_info *mode); +#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE +/** Set Wi-Fi enterprise mode CA/client Cert and key + * + * @param dev Pointer to the device structure for the driver instance + * @param file Pointer to the CA/client Cert and key. + * + * @return 0 if ok, < 0 if error + */ +int supplicant_add_enterprise_creds(const struct device *dev, + struct wifi_enterprise_creds_params *creds); +#endif + /** * @brief Set Wi-Fi packet filter for sniffing operation * diff --git a/modules/hostap/src/supp_main.c b/modules/hostap/src/supp_main.c index 52fa1e0f789..c2fdef517c5 100644 --- a/modules/hostap/src/supp_main.c +++ b/modules/hostap/src/supp_main.c @@ -72,6 +72,9 @@ static const struct wifi_mgmt_ops mgmt_ops = { #endif /* CONFIG_AP */ .dpp_dispatch = supplicant_dpp_dispatch, .pmksa_flush = supplicant_pmksa_flush, +#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE + .enterprise_creds = supplicant_add_enterprise_creds, +#endif }; DEFINE_WIFI_NM_INSTANCE(wifi_supplicant, &mgmt_ops); diff --git a/samples/net/wifi/test_certs/ca.pem b/samples/net/wifi/test_certs/ca.pem new file mode 100644 index 00000000000..70a234dfdc3 --- /dev/null +++ b/samples/net/wifi/test_certs/ca.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE9zCCA9+gAwIBAgIUNX/wAWvB0xblUUghlsoear4f6kkwDQYJKoZIhvcNAQEL +BQAwgZIxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNv +bWV3aGVyZTEUMBIGA1UECgwLRXhhbXBsZSBJbmMxIDAeBgkqhkiG9w0BCQEWEWFk +bWluQGV4YW1wbGUub3JnMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1 +dGhvcml0eTAeFw0yNDA4MDcxODQzMDZaFw0yNDEwMDYxODQzMDZaMIGSMQswCQYD +VQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hlcmUxFDAS +BgNVBAoMC0V4YW1wbGUgSW5jMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxl +Lm9yZzEmMCQGA1UEAwwdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzR3RL3+70yN+1Nx0bAXT60qqf +AxCk/NXphq5cxUT5skXc97KUUnIQ1SaLAin8WHRS8Idajywlo0ULpCeoOj35aPI/ +kTUu4P2Rx5p1DYgquTGjW6fS4p5c65y75BWoukng5DQp/kVpo4OcRMUncexGxBET +1IkpuXGlvQyEKB5I+TgYe4eEXpdn+0A2Nytw9kpSzrd26JofWOO2ZtVCgISnj7ID +B7ErVzStuHg+rMKVI2SU966CH78lNuIIQFKrg8NoWRQI1zMMouU7hj6EL7cZcvA/ +MW9SIFpzkfC4xq0EnOMzg/D3p4k8ah6MikHf8FqDdBBfPUcYU0rG9+zpQdb3AgMB +AAGjggFBMIIBPTAdBgNVHQ4EFgQUQl34Jn7xx5zTXckus4k09ScmfUYwgdIGA1Ud +IwSByjCBx4AUQl34Jn7xx5zTXckus4k09ScmfUahgZikgZUwgZIxCzAJBgNVBAYT +AkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNvbWV3aGVyZTEUMBIGA1UE +CgwLRXhhbXBsZSBJbmMxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUub3Jn +MSYwJAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eYIUNX/wAWvB +0xblUUghlsoear4f6kkwDwYDVR0TAQH/BAUwAwEB/zA2BgNVHR8ELzAtMCugKaAn +hiVodHRwOi8vd3d3LmV4YW1wbGUuY29tL2V4YW1wbGVfY2EuY3JsMA0GCSqGSIb3 +DQEBCwUAA4IBAQCP4qUyKkYD6hXaozV29opSo1sOdQ+voCe9lCTMnFEaCvCO22IX +ViyvNyR6cDt/wa2eeXCRzhOr8vXLyxUOZg0gMDuOxhMBWhdJUNowNrk5jLw2RdFG +OOB53m2JW2E7JNVsheRzKa+98xW7BFjkZKjrowFptZFDrtPFbGg1ETy+mPY74RVj +T+ebESqd/Q/hQUQYfvLUgbcVUF28nXzQ3EWxSL64wpheFDbYEdE97h3Z4tJX7MYi +nOdw+Hn8jss8xCjijk99MgI08GYqgYqCZP7Xka9tyOmD7FYFVnderU+aTCxEYbK3 +9/R7Y+PEaqamKZKXhYh8isjZz/EOiHYz2YjU +-----END CERTIFICATE----- diff --git a/samples/net/wifi/test_certs/client-key.pem b/samples/net/wifi/test_certs/client-key.pem new file mode 100644 index 00000000000..20ca0796572 --- /dev/null +++ b/samples/net/wifi/test_certs/client-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIKh6bYnzze8sCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNtt6KHyCgBPBIIEyPOdtbZFuRkf +NoEhloVT9ZbxSfYUOoD86w6OUgLW9I9zgH7v1lZ+Q6YnZ6lPxi+NthUvZZNd0M4f +rEAkJMeVqCImk9C5DYUdsEyVxxbWCiBKuO+j14S8RaetKvTVlYZjdkdbwW4chwLs +joPtKUtRMhWdQ5XF9qtVhmKjqHHTEFhOXP/VMCd6bNOkjzneuUDlLj+EOl8K1NVZ +tpZUi6D2p0tksrMokgl3n0Esee4W6XKemJ8KyLkA34QGG/c2MQyQnBzqo+9FnLvr +uX5DmApiichLMYDMssQjfyVUsDTz1bolTCWZcY2gz7zoHSJ3Twa4uf0D/Syi/pU5 +c4m1DvfY+BDt7GPG9S6eQHEIp/7m6jCKX90jYi297nEcJjYkXVUDe4Nx7a+oZkc4 +OIKP7VTVnhuUSjbN5h0UB1yNMA9t65IsXLPVVtn4b+eC/4RZyJAYuzJD8xpb9u4r +bXl0qMW1bPyU2qdC5oheM2oLIvuSBKuRf2vvqKt7c5mahTWIUxNckkNeSQghJxw5 +uEgG/ji+ggL9YfPQiMt8Ps4754/mtOfzXGX3UTniuSpo7ddonqDQpHBvNiRdy6Dl +pQTJczykNOe5HaMsfa/hyu22AVVKWQDLacFLvRqqps5JiH2A1dzBfU/GVeGYcl84 +BZUVO56tGMY64t/StqADVrW7AxTLB0tV90uNSg16oRQkRDIx5R5/Q9xlILCSPdvN +i8qR6jY0wLgEot5hweCnbYjQ79n7H8NKAHe52TNbYts/S6jjqdWNu19JpNHV8Z7v +aGlf5Puk4U+A8MhyjTVgWoOW+GNmyEiMXOTz66nrhtDFy3nzPjwQcMQtj3yTzHnS +0P80cdY/k2tfBPT4BTbIoKbuuuXLXKQ0jZ0AETu1Z12Q7G6C5f0fOJ5m97qLOvbE +dMgYPeeulbLr6Gw7CYfTE1wSj795z2d4SpbRSVNyN+iFccFD4tXhWk+lf8ym4/A2 +hsI2SS9TxBR93Fje6oTdeAlC0DIpY8117W4GhU+IZm9HqpD+DVcnLOAzRIl7urlW +jqpEkZXce+CV9L614hdAjUHQZOj43P3Q/zXEr/ZcVP6+yuLFCf+JbRXUglUgpdQh +McGVV09tL+Qbb/28yEygiw2m8HFAoUgMc2st4IkkO7XKX3Q8WVDSgqE4olAVE74g +1OB8w2R96+conCWYJfLCGM5lwsGeB1z8Q/NncKToulnqTKft7Rg8SFyMxVlzygPr +P9AMhS+wqXHbzhYb+dwD+DsbAtKl0Urp1ZjHSQrOrVtctDCnEX1Bx5ek+AgNExNp +tv2yBnsBcCLXy5UZYw9rAH+m7t8dAjGOYV3he4GotjCjyq+VcZgpzG2iWCHOhfob +1xtm030/Xuc4TfX76rWithXggSeKEhuqL2ERa/+OOC/JjE4omdmL9GVrr4vxt37U +MeJpxymYEP05QfRxcbvJB1L+cGv4Tgy3XgikK8ClUQqKvPntXIoX4cga8O5FE5KB +5H714hGK/JplhbCDDomi/hRHZHxae2MLnHgq4Rj7JWZ+iTUvLncfMdBBFdHF4qkr +ZbhwJ3KIAbCcSvXFoYJy1oOOitYhgoAKksyVNrzOMiYMfQ3YKc+6sF6lHOFllawD +RYTUnfN5ztaxB8OpKaPtig== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/samples/net/wifi/test_certs/client.pem b/samples/net/wifi/test_certs/client.pem new file mode 100644 index 00000000000..0de5748bf03 --- /dev/null +++ b/samples/net/wifi/test_certs/client.pem @@ -0,0 +1,64 @@ +Bag Attributes + localKeyID: DF 33 79 D4 52 3A 61 87 BF DD 0C BC BB 90 F5 1D 8C D0 02 1E +subject=C = FR, ST = Radius, O = Example Inc, CN = Example user, emailAddress = user.example@example.org +issuer=C = FR, ST = Radius, L = Somewhere, O = Example Inc, emailAddress = admin@example.org, CN = Example Certificate Authority +-----BEGIN CERTIFICATE----- +MIIEgTCCA2mgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCRlIx +DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQKDAtF +eGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5vcmcxJjAk +BgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MDgwNzE4 +NDMwN1oXDTI0MTAwNjE4NDMwN1owdDELMAkGA1UEBhMCRlIxDzANBgNVBAgMBlJh +ZGl1czEUMBIGA1UECgwLRXhhbXBsZSBJbmMxFTATBgNVBAMMDEV4YW1wbGUgdXNl +cjEnMCUGCSqGSIb3DQEJARYYdXNlci5leGFtcGxlQGV4YW1wbGUub3JnMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6mI+213GsAcquAlq0/MMUDbbpjz +PxurB+9NoQ6xNpoUzK8x8hhC8tORkXi2stCbZbIFISMdtuDzshZ7BBLA32lX5/q0 +YNCS6czcuxnkbFgunfaA6VupK/dx+9GULTMKa7TVNyIhid9NQBowz2BB8n4lHQjS +g3fkZgR771e3xqZ8xaEKlA8+/lCRHUtjiUtzSFMbQDBA+Liu9cRpb+4xk93CNOk6 +WmHI7reGzJrC8YPc3ngFRvp1ujw0BHlp+AYfwnPPTn7mWYBgJQwfrkECzt/vTIhS +CJgsvM2bMI/HK30EvCLJb3NheSfZFo5fzkmWk8NK8B1p/d6/SPoul8L2QQIDAQAB +o4H+MIH7MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMBMGA1UdJQQMMAoGCCsGAQUF +BwMCMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly93d3cuZXhhbXBsZS5jb20vZXhh +bXBsZV9jYS5jcmwwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8v +d3d3LmV4YW1wbGUub3JnL29jc3AwGwYDVR0RBBQwEoEQdXNlckBleGFtcGxlLm9y +ZzAdBgNVHQ4EFgQUpBSja2rvRXhlulUyZ8ZEDLS0j4AwHwYDVR0jBBgwFoAUQl34 +Jn7xx5zTXckus4k09ScmfUYwDQYJKoZIhvcNAQELBQADggEBAENOA88x6RMfT73L +hBQBT45qqvLK4GRGhqXDcj/E4hiZ0fX39r5PSUA+rbVbWjlJzW+gnsHWIdDASg4H +ZlMSYCgU6PN7hhJ1gmc0736V1t1vS63x6502fzNG7TMEvyWP3iadVjkn+sH8Q83d +AHwJjaKEq0SQYQof4QZZcxaBVLwh0buck4QLpeBYKeGpEiRK+AWireJMNFmBRHpG +R2E0I/B/duICWoL/8E/PCK7Ys7fUcGtIekEOCToDPW39uoU79mTjXrv+F3NO6Z6p +CwY9WqlHV0jLrfpdEMQuN2Pl0Qi8N2R0vJLrXRxbSrIkQbZtKyUG11XQBPgl5ZPz +KbHL9JU= +-----END CERTIFICATE----- +Bag Attributes + localKeyID: DF 33 79 D4 52 3A 61 87 BF DD 0C BC BB 90 F5 1D 8C D0 02 1E +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIj62qIYenEeYCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBD+aD/Nfhvs8bsr44gG36xRBIIE +0OA3BuJdNL3yo5SOVFXMbWeMj13B5yvQwqLRCPJmDesNSy6I2OLVQKr571IiuwBf +xNytF8MNfZ/OAI7FcMDqf/so9s9zQZlgR5jZKzoR8c0d6NiXboW7HHlO1tk7PhwW +T2dSFBcmfI0N4zug5vTYGVnOBtwk9F0BlFs8HZwa/5wXfdLnJVXT4l8enIU45Ssb +MJXrLNZ8SRMSjnsatrPqPhRMtLharGhOAItj4uQ770WbjdMgPejeZOMQ6NAEl1CL +NPeikRKZQzeBCBYnbAfOSTPNy0i2q28vKzc5e0gHPzqWg6r41/XsCGiKi/4pkwxE +ZDhbBCLeGdlB7KX4cv6KTp5PtBKMrh4BxGsWrAALqOdt/nsNl8oPBe8j6/iSWDDw +xJbemI8nFXAI6jAiz4RZS516eHJQT9uEpYdPUfluT17PPOotmjwkL2XuaMDjYOjD +LOFSIX1Y8L7DPhayViY7hGyBWFDgozIl+us7H7q27SIJQAtoG4gS6w2qTE6UmDbG +xqxluuQadfnrhtenpVJMwRQzf24txRsuHDTB/6EY3lqZhOvGZzwUV4RqJgg7G5Ix +YUCiRrNrWGgbViTGpR87GkhBc84pXlTdIVb/bxl1myJ4QFya2oG4PjMK+wxlGJ3q +8Ght0sz3xvDXLzoh3NYBBhqOj1zKHcUoVMLmxd+GinAy4FENc3cbZjAaTDprPbze +1368MvGQkcwgxHmqhPIRaz+GPtLhxjPO/SDIkZdzwAGvy8AKS5HTAGcSvbcjcjXE +3cY4DObY19MwUfsedXYcDzyEKS6OTgNSbfXPStBhijKA+joOzUKf36xEipV3J9fa +9YtXf5MALkUcLqGKCa4OybAktvN/VBnZfieOyCM3vcTHimmyDhuyjxzJptMTjiH3 +BaBxgZpm0FJVKjTJ3+xkmIeMA8p475Aocs8F7aHqIO/MEMHDB5MuCui3h+Mzccha +eR2e4Ldv5v8yFR+3Q+MIq8rELtIeNgG/ANldJEWt7paLsRXMXzNah1rdHb6oaDLa +iou8ZcOKI6kBxj6GxcGN2HicWbqAXgoHAVN59siVOSUGI2rmCxxj1v38oY61IahZ +k9nde23oAhTnO02ovRXkVNArBE3cEQPbBqwv09rrO/HQqHXRVNu/qFuA/oEopzjI +lZFUel4IjUQJgk7+1pY/OQzJQR9wfEXMOW4fXG+tL90sIypv115CbYXiUy3tOFcs +XX5QhDnrSo69Be4ZJQBBY9JEtOPlZCA9C+6Q0zxpNctfj091N7e8nWg2a+DHzpFz +Vdoa+xGCUMkJZopsnjEStfSTYqgCuPRSRIf8a1i9U2QnLXOFjmu2YUfa06JuQIXK +lpJxyMmUmd07KiTH3Da0/3V9W++zSlVpT4hHD6zvZ/OzpPKL74cGgtNFMOVkFCjr +KUcrg7JCxrVb1zZ/Y6CIdpRMFv5/94M67D8hX7aSiPgzGXwwuUzZlygbOZa97s3U +nKc7ZgVqiNCR6HH2Vhc2A2fuu9aErdnqr6tcbxiWTVORSQxIHCchX/+5+4XtKrHm +EOPmhwehDEsyFqHwBd/T8xdz/wb8ct+ce1HbzRe8UXjeGsTSPQVuMF4wjHP1MvEl +0BTRDQlqETtBvtxzZJ7cABWpZqdrZEUtrdD90jd6ZQrF +-----END ENCRYPTED PRIVATE KEY----- diff --git a/samples/net/wifi/test_certs/server-key.pem b/samples/net/wifi/test_certs/server-key.pem new file mode 100644 index 00000000000..c9defa1229b --- /dev/null +++ b/samples/net/wifi/test_certs/server-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIU44Xbg9l+1kCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBx6SOeZLPFiBIIEyBbU4bj1/Sq0 +W5O13hWtq34nTHG+HtgOG61u8659V+0Txbd6E6gBlMTUDtczKCb2BS7D2uugSwTR +Xj1CeLha1qfsWT3IEe38KB/r+TXA1CESblkHBeYjHYOhOoRSNjg8e+QddFim4uuN +6eCqgia4jJjC4jT7gLhoUgMtLKxGiw/iVsLme//p1czB2sNNy441Cp2smwvP6GqC +rymGKgmmEa3pqFm72jO77kev71gUYxPJLXg6bGJ3HBBD0iN79rlCgMTru4s/C/G6 +VoTLCxJrYNiRGsCNu1PM4DtZgQtL32il+u/thZzE6cmh6Yqzkv9G8JXRIakoZctN +JOwOgbyQLwbAV/0OpZcX0rWKGbO2AO1RmayEJrTBp98qbOW1SrJf2HVAqzevaxOy +ZqyLbq80x+6wH1sg200tnfwGO/2nz1U7yDTJ4tMuMeJYvAHB5luXYOBrL7AmUJjZ +CLY/BaN90amz3h1/ZeooMslB1ldjNznLYfrmYc7E1UKWUd5CRjbh6f+k/iYp1wuw +W2O9qW/aatQyrcWMLboJLTs9XarTFXYSA66bvhPfP/lP4BPm4eQM1xCS7qSjbJMK +OuTX9J++ZzNIiUJjFTAWW4cIEKkJ+PpljTgdcfnwUCGUcxuqJaVbWVrPstc2tyjJ +8Ravtr5Fp79dYsD5xSB31ATiAVehp0Zn7lorwmFZ1fhZNMOaFjDk0e3GJPrWgTGY +DUyeN2Ec/lY76+nTKLqpCPmP/aM3uOEsKEXmtuiYONnz1ZcRSXqAfZKW0Sv9iEQA +IK31lNuU6CULXM6aUn0lwdoYKZ1S7SPwK6UmqSimBb/5FF5zaZPgzHKhClsnd6EN +ToMDw18YD1rY6jaAxZdXiaI70i7V9S3RkfjlYkiaLEmjO44yg6Ae7xL0KbOut8iB +ZCyMHRjobFCLWPTdplQux0xzPD0FXrl8GgJBmiY8SkiFh9NKDNyB6SodjVKXsIhe +BPsdmh9E66XfHkI16LkkoK5eKgtVDpXVAJBAI2wURIwfIzfzOJ6SExQd3capXqfr +HpC+sJJjAPy0hHTkv3RnzX1NHqYK5gHq/WCSda/4cl8ZepF5eoyJ8h+9TJzlTDJX +REyt5iUvKbFT3bQ3WYwWUW6lEei16KK9Cm8ivZsEQqbeG0kP6lO3pG+WNsAYRXlE +aXg8wgFLJRS/7llaB8xiZHZ0mMsj9UAwZd7gUkp1EjDt7A6f1KlYEtIXtQ9TVXhS +kegWYMvJOpzJoOTcZ2Yu/wNUEAnnOnXzCrr5EAD3aHUwaSHfj75y44uHrYtEKEyO +Q1bhRhSC5rFcEEomHofy7PlJqoynxMxOd6VZdSpMr2fSDKO36aY8bGD7ST0hpHrs +6NNbywy23G68YX6QREwcuT4EDzIQOQsl7GCSx8KVibubsYcGSuXSVlBMI9sLOtsA +AwSAXOyGoVrmms79ekp4O4Pzq4vqE61KEh8K0/h5qDJ8+c2kqQl5eeDkDwtBYwjD +oYKRlmCkKzoo7qW4uIeVy4ZeQIuzWcCWnSZumtBa2mLlo4w9njmwgPR0wtDU8daW ++0CL828/eNfIN3awo0VeAJ8nbZlKL2ioyND9KNXjJ2fJNuwyrWv9c5fz/NeWgv9O +Z2S6ZI0xPgZJNQ6rLcPigA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/samples/net/wifi/test_certs/server.pem b/samples/net/wifi/test_certs/server.pem new file mode 100644 index 00000000000..12b9a5458bd --- /dev/null +++ b/samples/net/wifi/test_certs/server.pem @@ -0,0 +1,68 @@ +Bag Attributes + localKeyID: 70 E4 1E 20 0B 8A 3E 65 06 98 99 29 C2 A4 26 33 38 D8 94 23 +subject=C = FR, ST = Radius, O = Example Inc, CN = Example Server Certificate, emailAddress = admin@example.org +issuer=C = FR, ST = Radius, L = Somewhere, O = Example Inc, emailAddress = admin@example.org, CN = Example Certificate Authority +-----BEGIN CERTIFICATE----- +MIIFZzCCBE+gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCRlIx +DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQKDAtF +eGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5vcmcxJjAk +BgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MDgwNzE4 +NDMwNloXDTI0MTAwNjE4NDMwNlowezELMAkGA1UEBhMCRlIxDzANBgNVBAgMBlJh +ZGl1czEUMBIGA1UECgwLRXhhbXBsZSBJbmMxIzAhBgNVBAMMGkV4YW1wbGUgU2Vy +dmVyIENlcnRpZmljYXRlMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLm9y +ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtkktsya+B8p8x5/P7t +IDIVcc0E6PPUklUmrcAzBuLNdnHH0FCbzqqsE+28L36gyriNv+l0EOvvnV3LJJdc +RO/6Ee4NHjO/GKcmTCDOC1KSl7yP+IaPog/f86UJ1rTOQpnpCi/uB3Gd3ZocZ+s+ +5fnPCVFdAaRfLs8fVbJ3Lt79E/FiVhXXjG4/wFMGHg/6P3fsq5B+VqUww8xUjfZ9 +MUuo+MYP5CPYJHfhuIwNHsunGKsmjMtQ4nR84huTOKy9+YVsKr+GRzGy4aC3ElCb +HTU+axLVcVPRgpsdCaFzXLAg5L//rufgWI7NKIV16t+6q/3euFWPHYW3lqdAWMD4 +yssCAwEAAaOCAdwwggHYMB0GA1UdDgQWBBT5kdLsBRD8WBlzoAmLWRMZf6PvOjCB +0gYDVR0jBIHKMIHHgBRCXfgmfvHHnNNdyS6ziTT1JyZ9RqGBmKSBlTCBkjELMAkG +A1UEBhMCRlIxDzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQw +EgYDVQQKDAtFeGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBs +ZS5vcmcxJjAkBgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ghQ1 +f/ABa8HTFuVRSCGWyh5qvh/qSTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAw4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0 +cDovL3d3dy5leGFtcGxlLmNvbS9leGFtcGxlX2NhLmNybDA3BggrBgEFBQcBAQQr +MCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly93d3cuZXhhbXBsZS5vcmcvb2NzcDA6BgNV +HREEMzAxghJyYWRpdXMuZXhhbXBsZS5vcmegGwYIKwYBBQUHCAigDwwNKi5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAX5O3aUlupNs8C0blKzGJosqKoEP1 +D0/RUESK6443TlK2hAImSE/qz9JGQ4tMSO1bfnYUS9Mnk4hStlG4gg6F/B4nV1eZ +qbHEFWCyhCAlUUeDF+8Lz2G6wYXrw9pPe1GpQSFdHLTV2WKVK0IaRaote8bCQHBm +bgNbfZVXK4JJKX0Wg+ECNQv8bGA/WwZ+QKOcjemaa1kxwi9PFRNOIOdFfk1zKXHz +D6Ex0hFzl2dt+aSpmb93Fo4wDz1rtCJ7HGo1TtUbDdDwDoZv8SKsAI7XtDmrqqP/ +MZa+lI5xVXCsSBDppGZb6BVkl3AfUIIhbCDqj1MT9vXqjtaWsyG4F3iHuw== +-----END CERTIFICATE----- +Bag Attributes + localKeyID: 70 E4 1E 20 0B 8A 3E 65 06 98 99 29 C2 A4 26 33 38 D8 94 23 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI0/IqoquZd2sCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBA3/HwadBWDheQI/8p1u6j+BIIE +0N7R2UwLzLVPv/QR/hfYtK56iUtq0j5dqW/1Yos5IpkmUhOdXa149OGmzUkM6JQ/ +GaYQ5TbCn0+/HZx0k1nLIHL0fOUlorW/6i/pfw+KMR0bZrPUoZJyukG7iFIcD5yB +Pq6Q/QXVIH0qzB2lTTEa6TNSzM4PtcGd24Ivt7GwX8vz/bbW+gPCnAEbFKTrn1aP +Dr5LRIn9MOStPox/PmCEysdrdgJ8W9BD9J7iviUOmfJckl7hc10j87SvqHDYuPIP +a5QZnGanbsdOfYRCtg6jkLPiR7f3kS+aeITGx1iKdm+wqpcp1JelYmg3b9a0mSGk +fLgOS8z0hmdPrPT4yZtU1MvjxPpbVcpP+S5idWWD30bit2c7lqW3shXjan+voA4R +gYbJewXiJbjFCElj/EnvX5dFaJyBdeRcaIZcKhEwsTGJ/GI6S7nFdDNao4dXUESX +CWgVQNcdqiK/OJ8blQR6+1vxajJNLqx5GwbLJdMbN7d+o8m0O7O+lygF3BiDYpp0 +niLrB+qTM2H5jGRe2Vwhs5HxU1b0uN85xqUHRppeFmNB4mEcpT0XZ0a5kZZhuCQg +P48ONl46i1DAAKOAQ+WSiSQUBO+AmMlzNquCNstkSrEis4szfDOT/RQmlMwLEyb9 +3aXZwsHzZREi7gojsyEHyadeKhsblBITSD79MmVpPBhym6sok8QWgk4R4+Xsckll +cxqhsczmGv/tSz71/Soqql6KXmtk7YUAWDM1YtF1K2pb4zF9q0/mp3MgUB7sjcfm +HMFDD3KSMFGfP9ex4MTUlEFXoBS0jM1rC+L0OtSDsBs23BOJvgi3JArZD2WPUPeR +1dxcrtqYFy1DGkCMZ8+24GmqXbaL+iG/vgyAyhjcgWet2Xk8BHpuYPWSoGlnmJTP +tqLC13jU0to8S8H7vsrbUP5m+XN/sVXkYE86AOsMO+/g+1fcqQOu0fSdSOvNvw5c +/56yHA/+bJJfcQyqoEpPrpR2npazcG0cop3FOP9eTvNERRO6ayXJjrq1Tl9Ok39v +DRQy/TLt6tQtHjiTFDgiZI+PI7FVzSudCGa2oMKTyf8qDWUN65825oSL7e7jggFM +8VFf1MBXb1lCIFIrukNnXuXnYMWtQYjvHS/vN3jP/BGnVW+rEupj/hq4gtv1J2Pu +B5Qn8Q+szCz8ha6ziA9+iVt57SRakK87bZ7qEIIy4XTJBnCGHTVjQOn+aMHJ/76H +wiw8CPgKKQMwx0JyySMfZih+LgxlibPpk76zNIw0eYLM4DQEwmx9LGXZ4TIPCyAg +GiWeKYn4zD0ub634DBFRTmX5XGQhqmKSkCIKOs4/8yzmX3649vess85RJN4DjjGN +njzxuInblVxVg0YvzlGQHXwwCJuG48yoTa3UPvqft67kOoBLh8Kky1kMPPtPm8yR +ZT8E8VdYSg2ssyCpyfaV3RCnxsMpnFUER+JU0g6IxTpDqxA4zK5XS6Wt/KsdnU+1 +locA7O1+lcsDXf2FyDFtwPwNZIjchV1UDXSYr/fKyn10TDoSMeRTZsC0vwm2/9bW +peH+nk/x93j29VZVzGk6hlpLC9MBRq/qGhNqIwklxtfIKLr0l5oMcWwm4h4dAVBR +HUC0MTfbSTrC8mAsOglVa87dF9v1gnA2FVlRZEHJCGwe +-----END ENCRYPTED PRIVATE KEY----- diff --git a/subsys/net/l2/wifi/CMakeLists.txt b/subsys/net/l2/wifi/CMakeLists.txt index c834c5bfc2f..6548e814bc3 100644 --- a/subsys/net/l2/wifi/CMakeLists.txt +++ b/subsys/net/l2/wifi/CMakeLists.txt @@ -8,6 +8,9 @@ zephyr_library_include_directories_ifdef( zephyr_library_compile_definitions_ifdef( CONFIG_NEWLIB_LIBC __LINUX_ERRNO_EXTENSIONS__ ) +zephyr_library_include_directories_ifdef( + CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE test_certs + ) zephyr_library_sources_ifdef(CONFIG_NET_L2_WIFI_MGMT wifi_mgmt.c) zephyr_library_sources_ifdef(CONFIG_NET_L2_WIFI_SHELL wifi_shell.c) @@ -19,3 +22,28 @@ zephyr_linker_sources_ifdef(CONFIG_WIFI_NM DATA_SECTIONS wifi_nm.ld) if (CONFIG_WIFI_NM) zephyr_iterable_section(NAME wifi_nm_instance GROUP DATA_REGION ${XIP_ALIGN_WITH_INPUT} SUBALIGN CONFIG_LINKER_ITERABLE_SUBALIGN) endif() + +# Wi-Fi Enterprise test certificates handling +set(gen_inc_dir ${ZEPHYR_BINARY_DIR}/misc/generated) +set(gen_dir ${gen_inc_dir}/wifi_enterprise_test_certs) + +# convert .pem files to array data at build time +zephyr_include_directories(${gen_inc_dir}) + +generate_inc_file_for_target( + app + ${ZEPHYR_BASE}/samples/net/wifi/test_certs/client.pem + ${gen_dir}/client.pem.inc + ) + +generate_inc_file_for_target( + app + ${ZEPHYR_BASE}/samples/net/wifi/test_certs/client-key.pem + ${gen_dir}/client-key.pem.inc + ) + +generate_inc_file_for_target( + app + ${ZEPHYR_BASE}/samples/net/wifi/test_certs/ca.pem + ${gen_dir}/ca.pem.inc + ) diff --git a/subsys/net/l2/wifi/wifi_mgmt.c b/subsys/net/l2/wifi/wifi_mgmt.c index 4e955e6f3e1..9ba9a3b8030 100644 --- a/subsys/net/l2/wifi/wifi_mgmt.c +++ b/subsys/net/l2/wifi/wifi_mgmt.c @@ -39,7 +39,7 @@ const char *wifi_security_txt(enum wifi_security_type security) return "WPA3-SAE-AUTO"; case WIFI_SECURITY_TYPE_WAPI: return "WAPI"; - case WIFI_SECURITY_TYPE_EAP: + case WIFI_SECURITY_TYPE_EAP_TLS: return "EAP"; case WIFI_SECURITY_TYPE_UNKNOWN: default: @@ -864,6 +864,24 @@ static int wifi_pmksa_flush(uint32_t mgmt_request, struct net_if *iface, NET_MGMT_REGISTER_REQUEST_HANDLER(NET_REQUEST_WIFI_PMKSA_FLUSH, wifi_pmksa_flush); +#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE +static int wifi_set_enterprise_creds(uint32_t mgmt_request, struct net_if *iface, + void *data, size_t len) +{ + const struct device *dev = net_if_get_device(iface); + const struct wifi_mgmt_ops *const wifi_mgmt_api = get_wifi_api(iface); + struct wifi_enterprise_creds_params *params = data; + + if (wifi_mgmt_api == NULL || wifi_mgmt_api->enterprise_creds == NULL) { + return -ENOTSUP; + } + + return wifi_mgmt_api->enterprise_creds(dev, params); +} + +NET_MGMT_REGISTER_REQUEST_HANDLER(NET_REQUEST_WIFI_ENTERPRISE_CREDS, wifi_set_enterprise_creds); +#endif + #ifdef CONFIG_WIFI_MGMT_RAW_SCAN_RESULTS void wifi_mgmt_raise_raw_scan_result_event(struct net_if *iface, struct wifi_raw_scan_result *raw_scan_result) diff --git a/subsys/net/l2/wifi/wifi_shell.c b/subsys/net/l2/wifi/wifi_shell.c index 3df59a2b530..ac6e2c35925 100644 --- a/subsys/net/l2/wifi/wifi_shell.c +++ b/subsys/net/l2/wifi/wifi_shell.c @@ -29,6 +29,19 @@ LOG_MODULE_REGISTER(net_wifi_shell, LOG_LEVEL_INF); #include #include "net_shell_private.h" +#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE +static const char ca_cert_test[] = { + #include +}; + +static const char client_cert_test[] = { + #include +}; + +static const char client_key_test[] = { + #include +}; +#endif #define WIFI_SHELL_MODULE "wifi" @@ -75,6 +88,28 @@ struct wifi_ap_sta_node { }; static struct wifi_ap_sta_node sta_list[CONFIG_WIFI_SHELL_MAX_AP_STA]; + +#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE +static int cmd_wifi_set_enterprise_creds(const struct shell *sh, struct net_if *iface) +{ + struct wifi_enterprise_creds_params params = {0}; + + params.ca_cert = (uint8_t *)ca_cert_test; + params.ca_cert_len = ARRAY_SIZE(ca_cert_test); + params.client_cert = (uint8_t *)client_cert_test; + params.client_cert_len = ARRAY_SIZE(client_cert_test); + params.client_key = (uint8_t *)client_key_test; + params.client_key_len = ARRAY_SIZE(client_key_test); + + if (net_mgmt(NET_REQUEST_WIFI_ENTERPRISE_CREDS, iface, ¶ms, sizeof(params))) { + PR_WARNING("Set enterprise credentials failed\n"); + return -1; + } + + return 0; +} +#endif + static bool parse_number(const struct shell *sh, long *param, char *str, char *pname, long min, long max) { @@ -464,6 +499,8 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv {"band", required_argument, 0, 'b'}, {"channel", required_argument, 0, 'c'}, {"timeout", required_argument, 0, 't'}, + {"anon-id", required_argument, 0, 'a'}, + {"key-passwd", required_argument, 0, 'K'}, {"help", no_argument, 0, 'h'}, {0, 0, 0, 0}}; char *endptr; @@ -486,7 +523,7 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv params->security = WIFI_SECURITY_TYPE_NONE; params->mfp = WIFI_MFP_OPTIONAL; - while ((opt = getopt_long(argc, argv, "s:p:k:w:b:c:m:t:h", + while ((opt = getopt_long(argc, argv, "s:p:k:w:b:c:m:t:a:K:h", long_options, &opt_index)) != -1) { state = getopt_state_get(); switch (opt) { @@ -583,6 +620,24 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv } } break; + case 'a': + params->anon_id = optarg; + params->aid_length = strlen(params->anon_id); + if (params->aid_length > WIFI_ENT_IDENTITY_MAX_LEN) { + PR_WARNING("anon_id too long (max %d characters)\n", + WIFI_ENT_IDENTITY_MAX_LEN); + return -EINVAL; + } + break; + case 'K': + params->key_passwd = optarg; + params->key_passwd_length = strlen(params->key_passwd); + if (params->key_passwd_length > WIFI_ENT_PSWD_MAX_LEN) { + PR_WARNING("key_passwd too long (max %d characters)\n", + WIFI_ENT_PSWD_MAX_LEN); + return -EINVAL; + } + break; case 'h': return -ENOEXEC; default: @@ -619,6 +674,13 @@ static int cmd_wifi_connect(const struct shell *sh, size_t argc, return -ENOEXEC; } +#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE + /* Load the enterprise credentials if needed */ + if (cnx_params.security == WIFI_SECURITY_TYPE_EAP_TLS) { + cmd_wifi_set_enterprise_creds(sh, iface); + } +#endif + context.connecting = true; ret = net_mgmt(NET_REQUEST_WIFI_CONNECT, iface, &cnx_params, sizeof(struct wifi_connect_req_params)); @@ -2421,7 +2483,8 @@ SHELL_STATIC_SUBCMD_SET_CREATE(wifi_cmd_ap, "-c --channel=\n" "-p --passphrase= (valid only for secure SSIDs)\n" "-k --key-mgmt= (valid only for secure SSIDs)\n" - "0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE, 4:WAPI, 5:EAP, 6:WEP, 7: WPA-PSK\n" + "0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE, 4:WAPI, 5:EAP-TLS, 6:WEP\n" + "7: WPA-PSK\n" "-w --ieee-80211w= (optional: needs security type to be specified)\n" "0:Disable, 1:Optional, 2:Required\n" "-b --band= (2 -2.6GHz, 5 - 5Ghz, 6 - 6GHz)\n" @@ -2539,11 +2602,13 @@ SHELL_STATIC_SUBCMD_SET_CREATE(wifi_commands, "[-p, --psk]: Passphrase (valid only for secure SSIDs)\n" "[-k, --key-mgmt]: Key Management type (valid only for secure SSIDs)\n" "0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE-HNP, 4:SAE-H2E, 5:SAE-AUTO, 6:WAPI," - " 7:EAP, 8:WEP, 9: WPA-PSK, 10: WPA-Auto-Personal\n" + " 7:EAP-TLS, 8:WEP, 9: WPA-PSK, 10: WPA-Auto-Personal\n" "[-w, --ieee-80211w]: MFP (optional: needs security type to be specified)\n" ": 0:Disable, 1:Optional, 2:Required.\n" "[-m, --bssid]: MAC address of the AP (BSSID).\n" "[-t, --timeout]: Timeout for the connection attempt (in seconds).\n" + "[-a, --anon-id]: Anonymous identity for enterprise mode.\n" + "[-K, --key-passwd]: Private key passwd for enterprise mode.\n" "[-h, --help]: Print out the help for the connect command.\n", cmd_wifi_connect, 2, 7),