wifi: Add WPA2 EAP-TLS support

Add basic WPA2 EAP-TLS support.
Also, add test infrasturcture esp. the certification handling,
non-certificate credentials are take as runtime input and certificated
are build time input for testing.

A real application can set certificates at runtime too.

Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>

doc/connectivity/networking/api/wifi.rst

@@ -24,6 +24,39 @@ Currently, two types of Wi-Fi drivers are supported:
 * Networking or socket offloaded drivers
 * Native L2 Ethernet drivers
 
+Wi-Fi Enterprise test: X.509 Certificate header generation
+**********************************************************
+
+Wi-Fi enterprise security requires use of X.509 certificates, test certificates
+in PEM format are committed to the repo at :zephyr_file:`samples/net/wifi/test_certs` and the during the
+build process the certificates are converted to a `C` header file that is included by the Wi-Fi shell
+module.
+
+.. code-block:: bash
+
+    $ cp client.pem samples/net/wifi/test_certs/
+    $ cp client-key.pem samples/net/wifi/test_certs/
+    $ cp ca.pem samples/net/wifi/test_certs/
+    $ west build -p -b <board> samples/net/wifi
+
+To initiate Wi-Fi connection, the following command can be used:
+
+.. code-block:: console
+
+    uart:~$ wifi connect -s <SSID> -k 5 -a anon -K whatever
+
+Server certificate is also provided in the same directory for testing purposes.
+Any `AAA` server can be used for testing purposes, for example, `FreeRADIUS` or `hostapd`.
+
+.. important::
+
+    The passphrase for the client-key.pem and the server-key.pem is `whatever`.
+
+.. note::
+
+    The certificates are for testing purposes only and should not be used in production.
+    The certificates are generated using `FreeRADIUS raddb <https://github.com/FreeRADIUS/freeradius-server/tree/master/raddb/certs> _` scripts.
+
 API Reference
 *************
 

include/zephyr/net/wifi.h

@@ -128,6 +128,10 @@ const char *wifi_band_txt(enum wifi_frequency_bands band);
 #define WIFI_SAE_PSWD_MAX_LEN 128
 /** MAC address length */
 #define WIFI_MAC_ADDR_LEN 6
+/** Max enterprise identity length */
+#define WIFI_ENT_IDENTITY_MAX_LEN 64
+/** Max enterprise password length */
+#define WIFI_ENT_PSWD_MAX_LEN 128
 
 /** Minimum channel number */
 #define WIFI_CHANNEL_MIN 1

include/zephyr/net/wifi_mgmt.h

@@ -102,6 +102,8 @@ enum net_request_wifi_cmd {
 #endif
 	/** Flush PMKSA cache entries */
 	NET_REQUEST_WIFI_CMD_PMKSA_FLUSH,
+	/** Set enterprise mode credential */
+	NET_REQUEST_WIFI_CMD_ENTERPRISE_CREDS,
 /** @cond INTERNAL_HIDDEN */
 	NET_REQUEST_WIFI_CMD_MAX
 /** @endcond */
@@ -234,6 +236,12 @@ NET_MGMT_DEFINE_REQUEST_HANDLER(NET_REQUEST_WIFI_BTM_QUERY);
 
 NET_MGMT_DEFINE_REQUEST_HANDLER(NET_REQUEST_WIFI_PMKSA_FLUSH);
 
+/** Set Wi-Fi enterprise mode CA/client Cert and key */
+#define NET_REQUEST_WIFI_ENTERPRISE_CREDS                               \
+	(_NET_WIFI_BASE | NET_REQUEST_WIFI_CMD_ENTERPRISE_CREDS)
+
+NET_MGMT_DEFINE_REQUEST_HANDLER(NET_REQUEST_WIFI_ENTERPRISE_CREDS);
+
 /** @brief Wi-Fi management events */
 enum net_event_wifi_cmd {
 	/** Scan results available */
@@ -438,6 +446,14 @@ struct wifi_connect_req_params {
 	uint8_t bssid[WIFI_MAC_ADDR_LEN];
 	/** Connect timeout in seconds, SYS_FOREVER_MS for no timeout */
 	int timeout;
+	/** anonymous identity */
+	const uint8_t *anon_id;
+	/** anon_id length */
+	uint8_t aid_length; /* Max 64 */
+	/** Private key passwd for enterprise mode */
+	const uint8_t *key_passwd;
+	/** Private key passwd length */
+	uint8_t key_passwd_length; /* Max 128 */
 };
 
 /** @brief Wi-Fi connect result codes. To be overlaid on top of \ref wifi_status
@@ -661,6 +677,22 @@ struct wifi_twt_flow_info {
 	uint32_t twt_wake_ahead_duration;
 };
 
+/** Wi-Fi enterprise mode credentials */
+struct wifi_enterprise_creds_params {
+	/** CA certification */
+	uint8_t *ca_cert;
+	/** CA certification length */
+	uint32_t ca_cert_len;
+	/** Client certification */
+	uint8_t *client_cert;
+	/** Client certification length */
+	uint32_t client_cert_len;
+	/** Client key */
+	uint8_t *client_key;
+	/** Client key length */
+	uint32_t client_key_len;
+};
+
 /** @brief Wi-Fi power save configuration */
 struct wifi_ps_config {
 	/** Number of TWT flows */
@@ -1199,6 +1231,17 @@ struct wifi_mgmt_ops {
 	 * @return 0 if ok, < 0 if error
 	 */
 	int (*pmksa_flush)(const struct device *dev);
+	/** Set Wi-Fi enterprise mode CA/client Cert and key
+	 *
+	 * @param dev Pointer to the device structure for the driver instance.
+	 * @param creds Pointer to the CA/client Cert and key.
+	 *
+	 * @return 0 if ok, < 0 if error
+	 */
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+	int (*enterprise_creds)(const struct device *dev,
+			struct wifi_enterprise_creds_params *creds);
+#endif
 };
 
 /** Wi-Fi management offload API */

modules/hostap/src/supp_api.c

@@ -46,6 +46,10 @@ enum status_thread_state {
 
 #define DISCONNECT_TIMEOUT_MS 5000
 
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+static struct wifi_enterprise_creds_params enterprise_creds;
+#endif
+
 K_MUTEX_DEFINE(wpa_supplicant_mutex);
 
 extern struct k_work_q *get_workq(void);
@@ -324,6 +328,61 @@ static inline enum wifi_security_type wpas_key_mgmt_to_zephyr(int key_mgmt, int
 	}
 }
 
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+int supplicant_add_enterprise_creds(const struct device *dev,
+			struct wifi_enterprise_creds_params *creds)
+{
+	int ret = 0;
+
+	if (!creds) {
+		ret = -1;
+		wpa_printf(MSG_ERROR, "enterprise creds is NULL");
+		goto out;
+	}
+
+	memcpy((void *)&enterprise_creds, (void *)creds,
+			sizeof(struct wifi_enterprise_creds_params));
+
+out:
+	return ret;
+}
+
+static int wpas_config_process_blob(struct wpa_config *config, char *name, uint8_t *data,
+				uint32_t data_len)
+{
+	struct wpa_config_blob *blob;
+
+	if (!data || !data_len) {
+		return -1;
+	}
+
+	blob = os_zalloc(sizeof(*blob));
+	if (blob == NULL) {
+		return -1;
+	}
+
+	blob->data = os_zalloc(data_len);
+	if (blob->data == NULL) {
+		os_free(blob);
+		return -1;
+	}
+
+	blob->name = os_strdup(name);
+
+	if (blob->name == NULL) {
+		wpa_config_free_blob(blob);
+		return -1;
+	}
+
+	os_memcpy(blob->data, data, data_len);
+	blob->len = data_len;
+
+	wpa_config_set_blob(config, blob);
+
+	return 0;
+}
+#endif
+
 static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s,
 				       struct wifi_connect_req_params *params,
 				       bool mode_ap)
@@ -457,6 +516,66 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s,
 					goto out;
 				}
 			}
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+		} else if (params->security == WIFI_SECURITY_TYPE_EAP_TLS) {
+			if (!wpa_cli_cmd_v("set_network %d key_mgmt WPA-EAP",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d proto RSN",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d eap TLS",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d anonymous_identity \"%s\"",
+					   resp.network_id, params->anon_id)) {
+				goto out;
+			}
+
+			if (wpas_config_process_blob(wpa_s->conf, "ca_cert",
+					   enterprise_creds.ca_cert,
+					   enterprise_creds.ca_cert_len)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d ca_cert \"blob://ca_cert\"",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (wpas_config_process_blob(wpa_s->conf, "client_cert",
+					   enterprise_creds.client_cert,
+					   enterprise_creds.client_cert_len)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d client_cert \"blob://client_cert\"",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (wpas_config_process_blob(wpa_s->conf, "private_key",
+					   enterprise_creds.client_key,
+					   enterprise_creds.client_key_len)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d private_key \"blob://private_key\"",
+					   resp.network_id)) {
+				goto out;
+			}
+
+			if (!wpa_cli_cmd_v("set_network %d private_key_passwd \"%s\"",
+					   resp.network_id, params->key_passwd)) {
+				goto out;
+			}
+#endif
 		} else {
 			ret = -1;
 			wpa_printf(MSG_ERROR, "Unsupported security type: %d",

modules/hostap/src/supp_api.h

@@ -138,6 +138,18 @@ int supplicant_reg_domain(const struct device *dev, struct wifi_reg_domain *reg_
  */
 int supplicant_mode(const struct device *dev, struct wifi_mode_info *mode);
 
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+/** Set Wi-Fi enterprise mode CA/client Cert and key
+ *
+ * @param dev Pointer to the device structure for the driver instance
+ * @param file Pointer to the CA/client Cert and key.
+ *
+ * @return 0 if ok, < 0 if error
+ */
+int supplicant_add_enterprise_creds(const struct device *dev,
+		struct wifi_enterprise_creds_params *creds);
+#endif
+
 /**
  * @brief Set Wi-Fi packet filter for sniffing operation
  *

modules/hostap/src/supp_main.c

@@ -72,6 +72,9 @@ static const struct wifi_mgmt_ops mgmt_ops = {
 #endif /* CONFIG_AP */
 	.dpp_dispatch = supplicant_dpp_dispatch,
 	.pmksa_flush = supplicant_pmksa_flush,
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+	.enterprise_creds = supplicant_add_enterprise_creds,
+#endif
 };
 
 DEFINE_WIFI_NM_INSTANCE(wifi_supplicant, &mgmt_ops);

samples/net/wifi/test_certs/ca.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE9zCCA9+gAwIBAgIUNX/wAWvB0xblUUghlsoear4f6kkwDQYJKoZIhvcNAQEL
+BQAwgZIxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNv
+bWV3aGVyZTEUMBIGA1UECgwLRXhhbXBsZSBJbmMxIDAeBgkqhkiG9w0BCQEWEWFk
+bWluQGV4YW1wbGUub3JnMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1
+dGhvcml0eTAeFw0yNDA4MDcxODQzMDZaFw0yNDEwMDYxODQzMDZaMIGSMQswCQYD
+VQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hlcmUxFDAS
+BgNVBAoMC0V4YW1wbGUgSW5jMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxl
+Lm9yZzEmMCQGA1UEAwwdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzR3RL3+70yN+1Nx0bAXT60qqf
+AxCk/NXphq5cxUT5skXc97KUUnIQ1SaLAin8WHRS8Idajywlo0ULpCeoOj35aPI/
+kTUu4P2Rx5p1DYgquTGjW6fS4p5c65y75BWoukng5DQp/kVpo4OcRMUncexGxBET
+1IkpuXGlvQyEKB5I+TgYe4eEXpdn+0A2Nytw9kpSzrd26JofWOO2ZtVCgISnj7ID
+B7ErVzStuHg+rMKVI2SU966CH78lNuIIQFKrg8NoWRQI1zMMouU7hj6EL7cZcvA/
+MW9SIFpzkfC4xq0EnOMzg/D3p4k8ah6MikHf8FqDdBBfPUcYU0rG9+zpQdb3AgMB
+AAGjggFBMIIBPTAdBgNVHQ4EFgQUQl34Jn7xx5zTXckus4k09ScmfUYwgdIGA1Ud
+IwSByjCBx4AUQl34Jn7xx5zTXckus4k09ScmfUahgZikgZUwgZIxCzAJBgNVBAYT
+AkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNvbWV3aGVyZTEUMBIGA1UE
+CgwLRXhhbXBsZSBJbmMxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUub3Jn
+MSYwJAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eYIUNX/wAWvB
+0xblUUghlsoear4f6kkwDwYDVR0TAQH/BAUwAwEB/zA2BgNVHR8ELzAtMCugKaAn
+hiVodHRwOi8vd3d3LmV4YW1wbGUuY29tL2V4YW1wbGVfY2EuY3JsMA0GCSqGSIb3
+DQEBCwUAA4IBAQCP4qUyKkYD6hXaozV29opSo1sOdQ+voCe9lCTMnFEaCvCO22IX
+ViyvNyR6cDt/wa2eeXCRzhOr8vXLyxUOZg0gMDuOxhMBWhdJUNowNrk5jLw2RdFG
+OOB53m2JW2E7JNVsheRzKa+98xW7BFjkZKjrowFptZFDrtPFbGg1ETy+mPY74RVj
+T+ebESqd/Q/hQUQYfvLUgbcVUF28nXzQ3EWxSL64wpheFDbYEdE97h3Z4tJX7MYi
+nOdw+Hn8jss8xCjijk99MgI08GYqgYqCZP7Xka9tyOmD7FYFVnderU+aTCxEYbK3
+9/R7Y+PEaqamKZKXhYh8isjZz/EOiHYz2YjU
+-----END CERTIFICATE-----

samples/net/wifi/test_certs/client-key.pem

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIKh6bYnzze8sCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNtt6KHyCgBPBIIEyPOdtbZFuRkf
+NoEhloVT9ZbxSfYUOoD86w6OUgLW9I9zgH7v1lZ+Q6YnZ6lPxi+NthUvZZNd0M4f
+rEAkJMeVqCImk9C5DYUdsEyVxxbWCiBKuO+j14S8RaetKvTVlYZjdkdbwW4chwLs
+joPtKUtRMhWdQ5XF9qtVhmKjqHHTEFhOXP/VMCd6bNOkjzneuUDlLj+EOl8K1NVZ
+tpZUi6D2p0tksrMokgl3n0Esee4W6XKemJ8KyLkA34QGG/c2MQyQnBzqo+9FnLvr
+uX5DmApiichLMYDMssQjfyVUsDTz1bolTCWZcY2gz7zoHSJ3Twa4uf0D/Syi/pU5
+c4m1DvfY+BDt7GPG9S6eQHEIp/7m6jCKX90jYi297nEcJjYkXVUDe4Nx7a+oZkc4
+OIKP7VTVnhuUSjbN5h0UB1yNMA9t65IsXLPVVtn4b+eC/4RZyJAYuzJD8xpb9u4r
+bXl0qMW1bPyU2qdC5oheM2oLIvuSBKuRf2vvqKt7c5mahTWIUxNckkNeSQghJxw5
+uEgG/ji+ggL9YfPQiMt8Ps4754/mtOfzXGX3UTniuSpo7ddonqDQpHBvNiRdy6Dl
+pQTJczykNOe5HaMsfa/hyu22AVVKWQDLacFLvRqqps5JiH2A1dzBfU/GVeGYcl84
+BZUVO56tGMY64t/StqADVrW7AxTLB0tV90uNSg16oRQkRDIx5R5/Q9xlILCSPdvN
+i8qR6jY0wLgEot5hweCnbYjQ79n7H8NKAHe52TNbYts/S6jjqdWNu19JpNHV8Z7v
+aGlf5Puk4U+A8MhyjTVgWoOW+GNmyEiMXOTz66nrhtDFy3nzPjwQcMQtj3yTzHnS
+0P80cdY/k2tfBPT4BTbIoKbuuuXLXKQ0jZ0AETu1Z12Q7G6C5f0fOJ5m97qLOvbE
+dMgYPeeulbLr6Gw7CYfTE1wSj795z2d4SpbRSVNyN+iFccFD4tXhWk+lf8ym4/A2
+hsI2SS9TxBR93Fje6oTdeAlC0DIpY8117W4GhU+IZm9HqpD+DVcnLOAzRIl7urlW
+jqpEkZXce+CV9L614hdAjUHQZOj43P3Q/zXEr/ZcVP6+yuLFCf+JbRXUglUgpdQh
+McGVV09tL+Qbb/28yEygiw2m8HFAoUgMc2st4IkkO7XKX3Q8WVDSgqE4olAVE74g
+1OB8w2R96+conCWYJfLCGM5lwsGeB1z8Q/NncKToulnqTKft7Rg8SFyMxVlzygPr
+P9AMhS+wqXHbzhYb+dwD+DsbAtKl0Urp1ZjHSQrOrVtctDCnEX1Bx5ek+AgNExNp
+tv2yBnsBcCLXy5UZYw9rAH+m7t8dAjGOYV3he4GotjCjyq+VcZgpzG2iWCHOhfob
+1xtm030/Xuc4TfX76rWithXggSeKEhuqL2ERa/+OOC/JjE4omdmL9GVrr4vxt37U
+MeJpxymYEP05QfRxcbvJB1L+cGv4Tgy3XgikK8ClUQqKvPntXIoX4cga8O5FE5KB
+5H714hGK/JplhbCDDomi/hRHZHxae2MLnHgq4Rj7JWZ+iTUvLncfMdBBFdHF4qkr
+ZbhwJ3KIAbCcSvXFoYJy1oOOitYhgoAKksyVNrzOMiYMfQ3YKc+6sF6lHOFllawD
+RYTUnfN5ztaxB8OpKaPtig==
+-----END ENCRYPTED PRIVATE KEY-----

samples/net/wifi/test_certs/client.pem

@@ -0,0 +1,64 @@
+Bag Attributes
+	localKeyID: DF 33 79 D4 52 3A 61 87 BF DD 0C BC BB 90 F5 1D 8C D0 02 1E
+subject=C = FR, ST = Radius, O = Example Inc, CN = Example user, emailAddress = user.example@example.org
+issuer=C = FR, ST = Radius, L = Somewhere, O = Example Inc, emailAddress = admin@example.org, CN = Example Certificate Authority
+-----BEGIN CERTIFICATE-----
+MIIEgTCCA2mgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCRlIx
+DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQKDAtF
+eGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5vcmcxJjAk
+BgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MDgwNzE4
+NDMwN1oXDTI0MTAwNjE4NDMwN1owdDELMAkGA1UEBhMCRlIxDzANBgNVBAgMBlJh
+ZGl1czEUMBIGA1UECgwLRXhhbXBsZSBJbmMxFTATBgNVBAMMDEV4YW1wbGUgdXNl
+cjEnMCUGCSqGSIb3DQEJARYYdXNlci5leGFtcGxlQGV4YW1wbGUub3JnMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6mI+213GsAcquAlq0/MMUDbbpjz
+PxurB+9NoQ6xNpoUzK8x8hhC8tORkXi2stCbZbIFISMdtuDzshZ7BBLA32lX5/q0
+YNCS6czcuxnkbFgunfaA6VupK/dx+9GULTMKa7TVNyIhid9NQBowz2BB8n4lHQjS
+g3fkZgR771e3xqZ8xaEKlA8+/lCRHUtjiUtzSFMbQDBA+Liu9cRpb+4xk93CNOk6
+WmHI7reGzJrC8YPc3ngFRvp1ujw0BHlp+AYfwnPPTn7mWYBgJQwfrkECzt/vTIhS
+CJgsvM2bMI/HK30EvCLJb3NheSfZFo5fzkmWk8NK8B1p/d6/SPoul8L2QQIDAQAB
+o4H+MIH7MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMBMGA1UdJQQMMAoGCCsGAQUF
+BwMCMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly93d3cuZXhhbXBsZS5jb20vZXhh
+bXBsZV9jYS5jcmwwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8v
+d3d3LmV4YW1wbGUub3JnL29jc3AwGwYDVR0RBBQwEoEQdXNlckBleGFtcGxlLm9y
+ZzAdBgNVHQ4EFgQUpBSja2rvRXhlulUyZ8ZEDLS0j4AwHwYDVR0jBBgwFoAUQl34
+Jn7xx5zTXckus4k09ScmfUYwDQYJKoZIhvcNAQELBQADggEBAENOA88x6RMfT73L
+hBQBT45qqvLK4GRGhqXDcj/E4hiZ0fX39r5PSUA+rbVbWjlJzW+gnsHWIdDASg4H
+ZlMSYCgU6PN7hhJ1gmc0736V1t1vS63x6502fzNG7TMEvyWP3iadVjkn+sH8Q83d
+AHwJjaKEq0SQYQof4QZZcxaBVLwh0buck4QLpeBYKeGpEiRK+AWireJMNFmBRHpG
+R2E0I/B/duICWoL/8E/PCK7Ys7fUcGtIekEOCToDPW39uoU79mTjXrv+F3NO6Z6p
+CwY9WqlHV0jLrfpdEMQuN2Pl0Qi8N2R0vJLrXRxbSrIkQbZtKyUG11XQBPgl5ZPz
+KbHL9JU=
+-----END CERTIFICATE-----
+Bag Attributes
+	localKeyID: DF 33 79 D4 52 3A 61 87 BF DD 0C BC BB 90 F5 1D 8C D0 02 1E
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIj62qIYenEeYCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBD+aD/Nfhvs8bsr44gG36xRBIIE
+0OA3BuJdNL3yo5SOVFXMbWeMj13B5yvQwqLRCPJmDesNSy6I2OLVQKr571IiuwBf
+xNytF8MNfZ/OAI7FcMDqf/so9s9zQZlgR5jZKzoR8c0d6NiXboW7HHlO1tk7PhwW
+T2dSFBcmfI0N4zug5vTYGVnOBtwk9F0BlFs8HZwa/5wXfdLnJVXT4l8enIU45Ssb
+MJXrLNZ8SRMSjnsatrPqPhRMtLharGhOAItj4uQ770WbjdMgPejeZOMQ6NAEl1CL
+NPeikRKZQzeBCBYnbAfOSTPNy0i2q28vKzc5e0gHPzqWg6r41/XsCGiKi/4pkwxE
+ZDhbBCLeGdlB7KX4cv6KTp5PtBKMrh4BxGsWrAALqOdt/nsNl8oPBe8j6/iSWDDw
+xJbemI8nFXAI6jAiz4RZS516eHJQT9uEpYdPUfluT17PPOotmjwkL2XuaMDjYOjD
+LOFSIX1Y8L7DPhayViY7hGyBWFDgozIl+us7H7q27SIJQAtoG4gS6w2qTE6UmDbG
+xqxluuQadfnrhtenpVJMwRQzf24txRsuHDTB/6EY3lqZhOvGZzwUV4RqJgg7G5Ix
+YUCiRrNrWGgbViTGpR87GkhBc84pXlTdIVb/bxl1myJ4QFya2oG4PjMK+wxlGJ3q
+8Ght0sz3xvDXLzoh3NYBBhqOj1zKHcUoVMLmxd+GinAy4FENc3cbZjAaTDprPbze
+1368MvGQkcwgxHmqhPIRaz+GPtLhxjPO/SDIkZdzwAGvy8AKS5HTAGcSvbcjcjXE
+3cY4DObY19MwUfsedXYcDzyEKS6OTgNSbfXPStBhijKA+joOzUKf36xEipV3J9fa
+9YtXf5MALkUcLqGKCa4OybAktvN/VBnZfieOyCM3vcTHimmyDhuyjxzJptMTjiH3
+BaBxgZpm0FJVKjTJ3+xkmIeMA8p475Aocs8F7aHqIO/MEMHDB5MuCui3h+Mzccha
+eR2e4Ldv5v8yFR+3Q+MIq8rELtIeNgG/ANldJEWt7paLsRXMXzNah1rdHb6oaDLa
+iou8ZcOKI6kBxj6GxcGN2HicWbqAXgoHAVN59siVOSUGI2rmCxxj1v38oY61IahZ
+k9nde23oAhTnO02ovRXkVNArBE3cEQPbBqwv09rrO/HQqHXRVNu/qFuA/oEopzjI
+lZFUel4IjUQJgk7+1pY/OQzJQR9wfEXMOW4fXG+tL90sIypv115CbYXiUy3tOFcs
+XX5QhDnrSo69Be4ZJQBBY9JEtOPlZCA9C+6Q0zxpNctfj091N7e8nWg2a+DHzpFz
+Vdoa+xGCUMkJZopsnjEStfSTYqgCuPRSRIf8a1i9U2QnLXOFjmu2YUfa06JuQIXK
+lpJxyMmUmd07KiTH3Da0/3V9W++zSlVpT4hHD6zvZ/OzpPKL74cGgtNFMOVkFCjr
+KUcrg7JCxrVb1zZ/Y6CIdpRMFv5/94M67D8hX7aSiPgzGXwwuUzZlygbOZa97s3U
+nKc7ZgVqiNCR6HH2Vhc2A2fuu9aErdnqr6tcbxiWTVORSQxIHCchX/+5+4XtKrHm
+EOPmhwehDEsyFqHwBd/T8xdz/wb8ct+ce1HbzRe8UXjeGsTSPQVuMF4wjHP1MvEl
+0BTRDQlqETtBvtxzZJ7cABWpZqdrZEUtrdD90jd6ZQrF
+-----END ENCRYPTED PRIVATE KEY-----

samples/net/wifi/test_certs/server-key.pem

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIU44Xbg9l+1kCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBx6SOeZLPFiBIIEyBbU4bj1/Sq0
+W5O13hWtq34nTHG+HtgOG61u8659V+0Txbd6E6gBlMTUDtczKCb2BS7D2uugSwTR
+Xj1CeLha1qfsWT3IEe38KB/r+TXA1CESblkHBeYjHYOhOoRSNjg8e+QddFim4uuN
+6eCqgia4jJjC4jT7gLhoUgMtLKxGiw/iVsLme//p1czB2sNNy441Cp2smwvP6GqC
+rymGKgmmEa3pqFm72jO77kev71gUYxPJLXg6bGJ3HBBD0iN79rlCgMTru4s/C/G6
+VoTLCxJrYNiRGsCNu1PM4DtZgQtL32il+u/thZzE6cmh6Yqzkv9G8JXRIakoZctN
+JOwOgbyQLwbAV/0OpZcX0rWKGbO2AO1RmayEJrTBp98qbOW1SrJf2HVAqzevaxOy
+ZqyLbq80x+6wH1sg200tnfwGO/2nz1U7yDTJ4tMuMeJYvAHB5luXYOBrL7AmUJjZ
+CLY/BaN90amz3h1/ZeooMslB1ldjNznLYfrmYc7E1UKWUd5CRjbh6f+k/iYp1wuw
+W2O9qW/aatQyrcWMLboJLTs9XarTFXYSA66bvhPfP/lP4BPm4eQM1xCS7qSjbJMK
+OuTX9J++ZzNIiUJjFTAWW4cIEKkJ+PpljTgdcfnwUCGUcxuqJaVbWVrPstc2tyjJ
+8Ravtr5Fp79dYsD5xSB31ATiAVehp0Zn7lorwmFZ1fhZNMOaFjDk0e3GJPrWgTGY
+DUyeN2Ec/lY76+nTKLqpCPmP/aM3uOEsKEXmtuiYONnz1ZcRSXqAfZKW0Sv9iEQA
+IK31lNuU6CULXM6aUn0lwdoYKZ1S7SPwK6UmqSimBb/5FF5zaZPgzHKhClsnd6EN
+ToMDw18YD1rY6jaAxZdXiaI70i7V9S3RkfjlYkiaLEmjO44yg6Ae7xL0KbOut8iB
+ZCyMHRjobFCLWPTdplQux0xzPD0FXrl8GgJBmiY8SkiFh9NKDNyB6SodjVKXsIhe
+BPsdmh9E66XfHkI16LkkoK5eKgtVDpXVAJBAI2wURIwfIzfzOJ6SExQd3capXqfr
+HpC+sJJjAPy0hHTkv3RnzX1NHqYK5gHq/WCSda/4cl8ZepF5eoyJ8h+9TJzlTDJX
+REyt5iUvKbFT3bQ3WYwWUW6lEei16KK9Cm8ivZsEQqbeG0kP6lO3pG+WNsAYRXlE
+aXg8wgFLJRS/7llaB8xiZHZ0mMsj9UAwZd7gUkp1EjDt7A6f1KlYEtIXtQ9TVXhS
+kegWYMvJOpzJoOTcZ2Yu/wNUEAnnOnXzCrr5EAD3aHUwaSHfj75y44uHrYtEKEyO
+Q1bhRhSC5rFcEEomHofy7PlJqoynxMxOd6VZdSpMr2fSDKO36aY8bGD7ST0hpHrs
+6NNbywy23G68YX6QREwcuT4EDzIQOQsl7GCSx8KVibubsYcGSuXSVlBMI9sLOtsA
+AwSAXOyGoVrmms79ekp4O4Pzq4vqE61KEh8K0/h5qDJ8+c2kqQl5eeDkDwtBYwjD
+oYKRlmCkKzoo7qW4uIeVy4ZeQIuzWcCWnSZumtBa2mLlo4w9njmwgPR0wtDU8daW
++0CL828/eNfIN3awo0VeAJ8nbZlKL2ioyND9KNXjJ2fJNuwyrWv9c5fz/NeWgv9O
+Z2S6ZI0xPgZJNQ6rLcPigA==
+-----END ENCRYPTED PRIVATE KEY-----

samples/net/wifi/test_certs/server.pem

@@ -0,0 +1,68 @@
+Bag Attributes
+	localKeyID: 70 E4 1E 20 0B 8A 3E 65 06 98 99 29 C2 A4 26 33 38 D8 94 23
+subject=C = FR, ST = Radius, O = Example Inc, CN = Example Server Certificate, emailAddress = admin@example.org
+issuer=C = FR, ST = Radius, L = Somewhere, O = Example Inc, emailAddress = admin@example.org, CN = Example Certificate Authority
+-----BEGIN CERTIFICATE-----
+MIIFZzCCBE+gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCRlIx
+DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQKDAtF
+eGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5vcmcxJjAk
+BgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MDgwNzE4
+NDMwNloXDTI0MTAwNjE4NDMwNlowezELMAkGA1UEBhMCRlIxDzANBgNVBAgMBlJh
+ZGl1czEUMBIGA1UECgwLRXhhbXBsZSBJbmMxIzAhBgNVBAMMGkV4YW1wbGUgU2Vy
+dmVyIENlcnRpZmljYXRlMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLm9y
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtkktsya+B8p8x5/P7t
+IDIVcc0E6PPUklUmrcAzBuLNdnHH0FCbzqqsE+28L36gyriNv+l0EOvvnV3LJJdc
+RO/6Ee4NHjO/GKcmTCDOC1KSl7yP+IaPog/f86UJ1rTOQpnpCi/uB3Gd3ZocZ+s+
+5fnPCVFdAaRfLs8fVbJ3Lt79E/FiVhXXjG4/wFMGHg/6P3fsq5B+VqUww8xUjfZ9
+MUuo+MYP5CPYJHfhuIwNHsunGKsmjMtQ4nR84huTOKy9+YVsKr+GRzGy4aC3ElCb
+HTU+axLVcVPRgpsdCaFzXLAg5L//rufgWI7NKIV16t+6q/3euFWPHYW3lqdAWMD4
+yssCAwEAAaOCAdwwggHYMB0GA1UdDgQWBBT5kdLsBRD8WBlzoAmLWRMZf6PvOjCB
+0gYDVR0jBIHKMIHHgBRCXfgmfvHHnNNdyS6ziTT1JyZ9RqGBmKSBlTCBkjELMAkG
+A1UEBhMCRlIxDzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQw
+EgYDVQQKDAtFeGFtcGxlIEluYzEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBs
+ZS5vcmcxJjAkBgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ghQ1
+f/ABa8HTFuVRSCGWyh5qvh/qSTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNV
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAw4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0
+cDovL3d3dy5leGFtcGxlLmNvbS9leGFtcGxlX2NhLmNybDA3BggrBgEFBQcBAQQr
+MCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly93d3cuZXhhbXBsZS5vcmcvb2NzcDA6BgNV
+HREEMzAxghJyYWRpdXMuZXhhbXBsZS5vcmegGwYIKwYBBQUHCAigDwwNKi5leGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAX5O3aUlupNs8C0blKzGJosqKoEP1
+D0/RUESK6443TlK2hAImSE/qz9JGQ4tMSO1bfnYUS9Mnk4hStlG4gg6F/B4nV1eZ
+qbHEFWCyhCAlUUeDF+8Lz2G6wYXrw9pPe1GpQSFdHLTV2WKVK0IaRaote8bCQHBm
+bgNbfZVXK4JJKX0Wg+ECNQv8bGA/WwZ+QKOcjemaa1kxwi9PFRNOIOdFfk1zKXHz
+D6Ex0hFzl2dt+aSpmb93Fo4wDz1rtCJ7HGo1TtUbDdDwDoZv8SKsAI7XtDmrqqP/
+MZa+lI5xVXCsSBDppGZb6BVkl3AfUIIhbCDqj1MT9vXqjtaWsyG4F3iHuw==
+-----END CERTIFICATE-----
+Bag Attributes
+	localKeyID: 70 E4 1E 20 0B 8A 3E 65 06 98 99 29 C2 A4 26 33 38 D8 94 23
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI0/IqoquZd2sCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBA3/HwadBWDheQI/8p1u6j+BIIE
+0N7R2UwLzLVPv/QR/hfYtK56iUtq0j5dqW/1Yos5IpkmUhOdXa149OGmzUkM6JQ/
+GaYQ5TbCn0+/HZx0k1nLIHL0fOUlorW/6i/pfw+KMR0bZrPUoZJyukG7iFIcD5yB
+Pq6Q/QXVIH0qzB2lTTEa6TNSzM4PtcGd24Ivt7GwX8vz/bbW+gPCnAEbFKTrn1aP
+Dr5LRIn9MOStPox/PmCEysdrdgJ8W9BD9J7iviUOmfJckl7hc10j87SvqHDYuPIP
+a5QZnGanbsdOfYRCtg6jkLPiR7f3kS+aeITGx1iKdm+wqpcp1JelYmg3b9a0mSGk
+fLgOS8z0hmdPrPT4yZtU1MvjxPpbVcpP+S5idWWD30bit2c7lqW3shXjan+voA4R
+gYbJewXiJbjFCElj/EnvX5dFaJyBdeRcaIZcKhEwsTGJ/GI6S7nFdDNao4dXUESX
+CWgVQNcdqiK/OJ8blQR6+1vxajJNLqx5GwbLJdMbN7d+o8m0O7O+lygF3BiDYpp0
+niLrB+qTM2H5jGRe2Vwhs5HxU1b0uN85xqUHRppeFmNB4mEcpT0XZ0a5kZZhuCQg
+P48ONl46i1DAAKOAQ+WSiSQUBO+AmMlzNquCNstkSrEis4szfDOT/RQmlMwLEyb9
+3aXZwsHzZREi7gojsyEHyadeKhsblBITSD79MmVpPBhym6sok8QWgk4R4+Xsckll
+cxqhsczmGv/tSz71/Soqql6KXmtk7YUAWDM1YtF1K2pb4zF9q0/mp3MgUB7sjcfm
+HMFDD3KSMFGfP9ex4MTUlEFXoBS0jM1rC+L0OtSDsBs23BOJvgi3JArZD2WPUPeR
+1dxcrtqYFy1DGkCMZ8+24GmqXbaL+iG/vgyAyhjcgWet2Xk8BHpuYPWSoGlnmJTP
+tqLC13jU0to8S8H7vsrbUP5m+XN/sVXkYE86AOsMO+/g+1fcqQOu0fSdSOvNvw5c
+/56yHA/+bJJfcQyqoEpPrpR2npazcG0cop3FOP9eTvNERRO6ayXJjrq1Tl9Ok39v
+DRQy/TLt6tQtHjiTFDgiZI+PI7FVzSudCGa2oMKTyf8qDWUN65825oSL7e7jggFM
+8VFf1MBXb1lCIFIrukNnXuXnYMWtQYjvHS/vN3jP/BGnVW+rEupj/hq4gtv1J2Pu
+B5Qn8Q+szCz8ha6ziA9+iVt57SRakK87bZ7qEIIy4XTJBnCGHTVjQOn+aMHJ/76H
+wiw8CPgKKQMwx0JyySMfZih+LgxlibPpk76zNIw0eYLM4DQEwmx9LGXZ4TIPCyAg
+GiWeKYn4zD0ub634DBFRTmX5XGQhqmKSkCIKOs4/8yzmX3649vess85RJN4DjjGN
+njzxuInblVxVg0YvzlGQHXwwCJuG48yoTa3UPvqft67kOoBLh8Kky1kMPPtPm8yR
+ZT8E8VdYSg2ssyCpyfaV3RCnxsMpnFUER+JU0g6IxTpDqxA4zK5XS6Wt/KsdnU+1
+locA7O1+lcsDXf2FyDFtwPwNZIjchV1UDXSYr/fKyn10TDoSMeRTZsC0vwm2/9bW
+peH+nk/x93j29VZVzGk6hlpLC9MBRq/qGhNqIwklxtfIKLr0l5oMcWwm4h4dAVBR
+HUC0MTfbSTrC8mAsOglVa87dF9v1gnA2FVlRZEHJCGwe
+-----END ENCRYPTED PRIVATE KEY-----

subsys/net/l2/wifi/CMakeLists.txt

@@ -8,6 +8,9 @@ zephyr_library_include_directories_ifdef(
 zephyr_library_compile_definitions_ifdef(
   CONFIG_NEWLIB_LIBC __LINUX_ERRNO_EXTENSIONS__
   )
+zephyr_library_include_directories_ifdef(
+  CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE test_certs
+  )
 
 zephyr_library_sources_ifdef(CONFIG_NET_L2_WIFI_MGMT wifi_mgmt.c)
 zephyr_library_sources_ifdef(CONFIG_NET_L2_WIFI_SHELL wifi_shell.c)
@@ -19,3 +22,28 @@ zephyr_linker_sources_ifdef(CONFIG_WIFI_NM DATA_SECTIONS wifi_nm.ld)
 if (CONFIG_WIFI_NM)
 zephyr_iterable_section(NAME wifi_nm_instance GROUP DATA_REGION ${XIP_ALIGN_WITH_INPUT} SUBALIGN CONFIG_LINKER_ITERABLE_SUBALIGN)
 endif()
+
+# Wi-Fi Enterprise test certificates handling
+set(gen_inc_dir ${ZEPHYR_BINARY_DIR}/misc/generated)
+set(gen_dir ${gen_inc_dir}/wifi_enterprise_test_certs)
+
+# convert .pem files to array data at build time
+zephyr_include_directories(${gen_inc_dir})
+
+generate_inc_file_for_target(
+    app
+    ${ZEPHYR_BASE}/samples/net/wifi/test_certs/client.pem
+    ${gen_dir}/client.pem.inc
+    )
+
+generate_inc_file_for_target(
+    app
+    ${ZEPHYR_BASE}/samples/net/wifi/test_certs/client-key.pem
+    ${gen_dir}/client-key.pem.inc
+    )
+
+generate_inc_file_for_target(
+    app
+    ${ZEPHYR_BASE}/samples/net/wifi/test_certs/ca.pem
+    ${gen_dir}/ca.pem.inc
+    )

subsys/net/l2/wifi/wifi_mgmt.c

@@ -39,7 +39,7 @@ const char *wifi_security_txt(enum wifi_security_type security)
 		return "WPA3-SAE-AUTO";
 	case WIFI_SECURITY_TYPE_WAPI:
 		return "WAPI";
-	case WIFI_SECURITY_TYPE_EAP:
+	case WIFI_SECURITY_TYPE_EAP_TLS:
 		return "EAP";
 	case WIFI_SECURITY_TYPE_UNKNOWN:
 	default:
@@ -864,6 +864,24 @@ static int wifi_pmksa_flush(uint32_t mgmt_request, struct net_if *iface,
 
 NET_MGMT_REGISTER_REQUEST_HANDLER(NET_REQUEST_WIFI_PMKSA_FLUSH, wifi_pmksa_flush);
 
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+static int wifi_set_enterprise_creds(uint32_t mgmt_request, struct net_if *iface,
+					   void *data, size_t len)
+{
+	const struct device *dev = net_if_get_device(iface);
+	const struct wifi_mgmt_ops *const wifi_mgmt_api = get_wifi_api(iface);
+	struct wifi_enterprise_creds_params *params = data;
+
+	if (wifi_mgmt_api == NULL || wifi_mgmt_api->enterprise_creds == NULL) {
+		return -ENOTSUP;
+	}
+
+	return wifi_mgmt_api->enterprise_creds(dev, params);
+}
+
+NET_MGMT_REGISTER_REQUEST_HANDLER(NET_REQUEST_WIFI_ENTERPRISE_CREDS, wifi_set_enterprise_creds);
+#endif
+
 #ifdef CONFIG_WIFI_MGMT_RAW_SCAN_RESULTS
 void wifi_mgmt_raise_raw_scan_result_event(struct net_if *iface,
 					   struct wifi_raw_scan_result *raw_scan_result)

subsys/net/l2/wifi/wifi_shell.c

@@ -29,6 +29,19 @@ LOG_MODULE_REGISTER(net_wifi_shell, LOG_LEVEL_INF);
 #include <zephyr/sys/slist.h>
 
 #include "net_shell_private.h"
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+static const char ca_cert_test[] = {
+	#include <wifi_enterprise_test_certs/ca.pem.inc>
+};
+
+static const char client_cert_test[] = {
+	#include <wifi_enterprise_test_certs/client.pem.inc>
+};
+
+static const char client_key_test[] = {
+	#include <wifi_enterprise_test_certs/client-key.pem.inc>
+};
+#endif
 
 #define WIFI_SHELL_MODULE "wifi"
 
@@ -75,6 +88,28 @@ struct wifi_ap_sta_node {
 };
 static struct wifi_ap_sta_node sta_list[CONFIG_WIFI_SHELL_MAX_AP_STA];
 
+
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+static int cmd_wifi_set_enterprise_creds(const struct shell *sh, struct net_if *iface)
+{
+	struct wifi_enterprise_creds_params params = {0};
+
+	params.ca_cert = (uint8_t *)ca_cert_test;
+	params.ca_cert_len = ARRAY_SIZE(ca_cert_test);
+	params.client_cert = (uint8_t *)client_cert_test;
+	params.client_cert_len = ARRAY_SIZE(client_cert_test);
+	params.client_key = (uint8_t *)client_key_test;
+	params.client_key_len = ARRAY_SIZE(client_key_test);
+
+	if (net_mgmt(NET_REQUEST_WIFI_ENTERPRISE_CREDS, iface, &params, sizeof(params))) {
+		PR_WARNING("Set enterprise credentials failed\n");
+		return -1;
+	}
+
+	return 0;
+}
+#endif
+
 static bool parse_number(const struct shell *sh, long *param, char *str,
 			 char *pname, long min, long max)
 {
@@ -464,6 +499,8 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv
 		{"band", required_argument, 0, 'b'},
 		{"channel", required_argument, 0, 'c'},
 		{"timeout", required_argument, 0, 't'},
+		{"anon-id", required_argument, 0, 'a'},
+		{"key-passwd", required_argument, 0, 'K'},
 		{"help", no_argument, 0, 'h'},
 		{0, 0, 0, 0}};
 	char *endptr;
@@ -486,7 +523,7 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv
 	params->security = WIFI_SECURITY_TYPE_NONE;
 	params->mfp = WIFI_MFP_OPTIONAL;
 
-	while ((opt = getopt_long(argc, argv, "s:p:k:w:b:c:m:t:h",
+	while ((opt = getopt_long(argc, argv, "s:p:k:w:b:c:m:t:a:K:h",
 				  long_options, &opt_index)) != -1) {
 		state = getopt_state_get();
 		switch (opt) {
@@ -583,6 +620,24 @@ static int __wifi_args_to_params(const struct shell *sh, size_t argc, char *argv
 				}
 			}
 			break;
+		case 'a':
+			params->anon_id = optarg;
+			params->aid_length = strlen(params->anon_id);
+			if (params->aid_length > WIFI_ENT_IDENTITY_MAX_LEN) {
+				PR_WARNING("anon_id too long (max %d characters)\n",
+					    WIFI_ENT_IDENTITY_MAX_LEN);
+				return -EINVAL;
+			}
+			break;
+		case 'K':
+			params->key_passwd = optarg;
+			params->key_passwd_length = strlen(params->key_passwd);
+			if (params->key_passwd_length > WIFI_ENT_PSWD_MAX_LEN) {
+				PR_WARNING("key_passwd too long (max %d characters)\n",
+					    WIFI_ENT_PSWD_MAX_LEN);
+				return -EINVAL;
+			}
+			break;
 		case 'h':
 			return -ENOEXEC;
 		default:
@@ -619,6 +674,13 @@ static int cmd_wifi_connect(const struct shell *sh, size_t argc,
 		return -ENOEXEC;
 	}
 
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+	/* Load the enterprise credentials if needed */
+	if (cnx_params.security == WIFI_SECURITY_TYPE_EAP_TLS) {
+		cmd_wifi_set_enterprise_creds(sh, iface);
+	}
+#endif
+
 	context.connecting = true;
 	ret = net_mgmt(NET_REQUEST_WIFI_CONNECT, iface,
 		       &cnx_params, sizeof(struct wifi_connect_req_params));
@@ -2421,7 +2483,8 @@ SHELL_STATIC_SUBCMD_SET_CREATE(wifi_cmd_ap,
 		  "-c --channel=<channel number>\n"
 		  "-p --passphrase=<PSK> (valid only for secure SSIDs)\n"
 		  "-k --key-mgmt=<Security type> (valid only for secure SSIDs)\n"
-		  "0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE, 4:WAPI, 5:EAP, 6:WEP, 7: WPA-PSK\n"
+		  "0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE, 4:WAPI, 5:EAP-TLS, 6:WEP\n"
+		  "7: WPA-PSK\n"
 		  "-w --ieee-80211w=<MFP> (optional: needs security type to be specified)\n"
 		  "0:Disable, 1:Optional, 2:Required\n"
 		  "-b --band=<band> (2 -2.6GHz, 5 - 5Ghz, 6 - 6GHz)\n"
@@ -2539,11 +2602,13 @@ SHELL_STATIC_SUBCMD_SET_CREATE(wifi_commands,
 		  "[-p, --psk]: Passphrase (valid only for secure SSIDs)\n"
 		  "[-k, --key-mgmt]: Key Management type (valid only for secure SSIDs)\n"
 		  "0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE-HNP, 4:SAE-H2E, 5:SAE-AUTO, 6:WAPI,"
-		  " 7:EAP, 8:WEP, 9: WPA-PSK, 10: WPA-Auto-Personal\n"
+		  " 7:EAP-TLS, 8:WEP, 9: WPA-PSK, 10: WPA-Auto-Personal\n"
 		  "[-w, --ieee-80211w]: MFP (optional: needs security type to be specified)\n"
 		  ": 0:Disable, 1:Optional, 2:Required.\n"
 		  "[-m, --bssid]: MAC address of the AP (BSSID).\n"
 		  "[-t, --timeout]: Timeout for the connection attempt (in seconds).\n"
+		  "[-a, --anon-id]: Anonymous identity for enterprise mode.\n"
+		  "[-K, --key-passwd]: Private key passwd for enterprise mode.\n"
 		  "[-h, --help]: Print out the help for the connect command.\n",
 		  cmd_wifi_connect,
 		  2, 7),