net: wifi: shell: add enterprise support for sap

Add EAP-TLS, EAP-PEAP-MSCHAPv2, EAP-PEAP-GTC, EAP-TTLS-MSCHAPv2,
EAP-PEAP-TLS, EAP-TLS-SHA256 enterprise wpa2 and wpa3 suiteb
support for sap.

Signed-off-by: Rex Chen <[email protected]>

Author: Rex-Chen-NXP

include/zephyr/net/wifi_mgmt.h

@@ -51,6 +51,12 @@ extern "C" {
 #define WIFI_MGMT_SCAN_CHAN_MAX_MANUAL 1
 #endif /* CONFIG_WIFI_MGMT_SCAN_CHAN_MAX_MANUAL */
 
+#ifdef CONFIG_WIFI_ENT_IDENTITY_MAX_USERS
+#define WIFI_ENT_IDENTITY_MAX_USERS CONFIG_WIFI_ENT_IDENTITY_MAX_USERS
+#else
+#define WIFI_ENT_IDENTITY_MAX_USERS 1
+#endif /* CONFIG_WIFI_ENT_IDENTITY_MAX_USERS */
+
 #define WIFI_MGMT_BAND_STR_SIZE_MAX 8
 #define WIFI_MGMT_SCAN_MAX_BSS_CNT 65535
 
@@ -535,7 +541,7 @@ struct wifi_connect_req_params {
 	/** suiteb or suiteb-192 */
 	uint8_t suiteb_type;
 	/** eap version */
-	uint8_t eap_ver;
+	int eap_ver;
 	/** Identity for EAP */
 	const uint8_t *eap_identity;
 	/** eap identity length, max 64 */
@@ -546,6 +552,14 @@ struct wifi_connect_req_params {
 	uint8_t eap_passwd_length;
 	/** Fast BSS Transition used */
 	bool ft_used;
+	/** Number of EAP users */
+	int nusers;
+	/** Number of EAP passwds */
+	uint8_t passwds;
+	/** User Identities */
+	const uint8_t *identities[WIFI_ENT_IDENTITY_MAX_USERS];
+	/** User Passwords */
+	const uint8_t *passwords[WIFI_ENT_IDENTITY_MAX_USERS];
 };
 
 /** @brief Wi-Fi connect result codes. To be overlaid on top of \ref wifi_status
@@ -797,6 +811,18 @@ struct wifi_enterprise_creds_params {
 	uint8_t *client_key2;
 	/** Phase2 Client key length */
 	uint32_t client_key2_len;
+	/** Server certification */
+	uint8_t *server_cert;
+	/** Server certification length */
+	uint32_t server_cert_len;
+	/** Server key */
+	uint8_t *server_key;
+	/** Server key length */
+	uint32_t server_key_len;
+	/** Diffie–Hellman parameter */
+	uint8_t *dh_param;
+	/** Diffie–Hellman parameter length */
+	uint32_t dh_param_len;
 };
 
 /** @brief Wi-Fi power save configuration */

modules/hostap/CMakeLists.txt

@@ -593,6 +593,73 @@ zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_DPP
 	${HOSTAP_SRC_BASE}/tls/asn1.c
 )
 
+zephyr_library_sources_ifdef(CONFIG_WIFI_NM_HOSTAPD_CRYPTO_ENTERPRISE
+	${HOSTAP_SRC_BASE}/eap_server/eap_server_tls_common.c
+)
+
+zephyr_library_compile_definitions_ifdef(CONFIG_WIFI_NM_HOSTAPD_CRYPTO_ENTERPRISE
+	WIFI_NM_HOSTAPD_CRYPTO_ENTERPRISE
+	EAP_TLS_FUNCS
+	EAP_SERVER
+)
+
+zephyr_library_sources_ifdef(CONFIG_EAP_SERVER_IDENTITY
+	${HOSTAP_SRC_BASE}/eap_server/eap_server_identity.c
+)
+
+zephyr_library_compile_definitions_ifdef(CONFIG_EAP_SERVER_IDENTITY
+	EAP_SERVER_IDENTITY
+)
+
+
+zephyr_library_sources_ifdef(CONFIG_EAP_SERVER_TLS
+	${HOSTAP_SRC_BASE}/eap_server/eap_server_tls.c
+)
+
+zephyr_library_compile_definitions_ifdef(CONFIG_EAP_SERVER_TLS
+	EAP_SERVER_TLS
+)
+
+zephyr_library_sources_ifdef(CONFIG_EAP_SERVER_MD5
+	${HOSTAP_SRC_BASE}/eap_server/eap_server_md5.c
+)
+
+zephyr_library_compile_definitions_ifdef(CONFIG_EAP_SERVER_MD5
+	EAP_SERVER_MD5
+)
+
+zephyr_library_sources_ifdef(CONFIG_EAP_SERVER_MSCHAPV2
+	${HOSTAP_SRC_BASE}/eap_server/eap_server_mschapv2.c
+)
+
+zephyr_library_compile_definitions_ifdef(CONFIG_EAP_SERVER_MSCHAPV2
+	EAP_SERVER_MSCHAPV2
+)
+
+zephyr_library_sources_ifdef(CONFIG_EAP_SERVER_PEAP
+	${HOSTAP_SRC_BASE}/eap_server/eap_server_peap.c
+)
+
+zephyr_library_compile_definitions_ifdef(CONFIG_EAP_SERVER_PEAP
+	EAP_SERVER_PEAP
+)
+
+zephyr_library_sources_ifdef(CONFIG_EAP_SERVER_GTC
+	${HOSTAP_SRC_BASE}/eap_server/eap_server_gtc.c
+)
+
+zephyr_library_compile_definitions_ifdef(CONFIG_EAP_SERVER_GTC
+	EAP_SERVER_GTC
+)
+
+zephyr_library_sources_ifdef(CONFIG_EAP_SERVER_TTLS
+	${HOSTAP_SRC_BASE}/eap_server/eap_server_ttls.c
+)
+
+zephyr_library_compile_definitions_ifdef(CONFIGEAP_SERVER_TTLS
+	EAP_SERVER_TTLS
+)
+
 # crypto mbedtls related
 if(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO)
 zephyr_library_sources(

modules/hostap/Kconfig

@@ -278,6 +278,35 @@ config WIFI_NM_HOSTAPD_AP
 	bool "FullAP mode support based on Hostapd"
 	depends on !WIFI_NM_WPA_SUPPLICANT_INF_MON
 
+config WIFI_NM_HOSTAPD_CRYPTO_ENTERPRISE
+	bool "Hostapd crypto enterprise support"
+
+config EAP_SERVER_TLS
+	bool "EAP-TLS server support"
+
+config EAP_SERVER_IDENTITY
+	bool "EAP-IDENTITY server support"
+
+config EAP_SERVER_MD5
+	bool "EAP-MD5 server support"
+
+config EAP_SERVER_MSCHAPV2
+	bool "EAP-MSCHAPV2 server support"
+
+config EAP_SERVER_PEAP
+	bool "EAP-PEAP server support"
+
+config EAP_SERVER_GTC
+	bool "EAP-GTC server support"
+
+config EAP_SERVER_TTLS
+	bool "EAP-TTLS server support"
+
+config EAP_SERVER_ALL
+	bool "All EAP methods support"
+	select EAP_SERVER_TLS
+	default y if WIFI_NM_HOSTAPD_CRYPTO_ENTERPRISE
+
 config WIFI_NM_WPA_SUPPLICANT_BSS_MAX_IDLE_TIME
 	int "BSS max idle timeout in seconds"
 	range 0 64000