net: l2: wifi: Refactor certificates processing code into common file

Refactor certificate processing code to eliminate duplication and
enable reuse across modules that require enterprise support.

Signed-off-by: Triveni Danda <[email protected]>

Author: D-Triveni

include/zephyr/net/wifi_certs.h

@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef WIFI_CERTS_H__
+#define WIFI_CERTS_H__
+
+#include <stdbool.h>
+#include <zephyr/kernel.h>
+#include <zephyr/net/wifi_mgmt.h>
+
+/**
+ * Set Wi-Fi Enterprise credentials.
+ *
+ * Sets up the required credentials for Enterprise mode in both
+ * Access Point and Station modes.
+ *
+ * Certificates typically used:
+ * - CA certificate
+ * - Client certificate
+ * - Client private key
+ * - Server certificate and server key (for AP mode)
+ *
+ * @param iface Network interface
+ * @param is_ap AP or Station mode
+ *
+ * @return 0 if ok, < 0 if error
+ */
+int wifi_set_enterprise_credentials(struct net_if *iface, bool is_ap);
+
+/**
+ * Clear Wi-Fi enterprise credentials
+ */
+void wifi_clear_enterprise_credentials(void);
+
+#endif /* WIFI_CERTS_H__ */

modules/hostap/Kconfig

@@ -221,6 +221,7 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
 	select MBEDTLS_X509_CRL_PARSE_C
 	select MBEDTLS_TLS_VERSION_1_2
 	select NOT_SECURE
+	select WIFI_CERTIFICATE_LIB
 	depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
 	help
 	  Enable Enterprise Crypto support for WiFi. This feature
@@ -329,6 +330,7 @@ config WIFI_NM_HOSTAPD_AP
 
 config WIFI_NM_HOSTAPD_CRYPTO_ENTERPRISE
 	bool "Hostapd crypto enterprise support"
+	select WIFI_CERTIFICATE_LIB
 	depends on WIFI_NM_HOSTAPD_AP
 
 if WIFI_NM_HOSTAPD_CRYPTO_ENTERPRISE

subsys/net/l2/wifi/CMakeLists.txt

@@ -13,6 +13,7 @@ zephyr_library_include_directories_ifdef(
   )
 
 zephyr_library_sources_ifdef(CONFIG_NET_L2_WIFI_MGMT wifi_mgmt.c)
+zephyr_library_sources_ifdef(CONFIG_WIFI_CERTIFICATE_LIB wifi_certs.c)
 zephyr_library_sources_ifdef(CONFIG_NET_L2_WIFI_SHELL wifi_shell.c)
 zephyr_library_sources_ifdef(CONFIG_WIFI_NM wifi_nm.c)
 zephyr_library_sources_ifdef(CONFIG_NET_L2_WIFI_UTILS wifi_utils.c)

subsys/net/l2/wifi/Kconfig

@@ -126,6 +126,11 @@ config WIFI_ENT_IDENTITY_MAX_USERS
 	help
 	  This option defines the maximum number of identity users allowed connection.
 
+config WIFI_CERTIFICATE_LIB
+	bool
+	help
+	  Enable this option to process certificates in enterprise mode.
+
 if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
 
 config WIFI_SHELL_RUNTIME_CERTIFICATES