• State Not Answered
  • Replies 1 reply
  • Subscribers 85 subscribers
  • Views 159 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 354763
Options

How to connect to WiFi enterprise starting from the STA sample?

Giannis_Anastasopoulos

Dear All,

I am looking to connect to WiFi enterprise AP. So far I have been able to connect to the network using the nrf/samples/wifi/shell using a command that looks like this:

wifi connect -s <SSID> -k 14 --eap-id1 <ID> --eap-pwd1 <PSWD>.

EDIT: I am building the shell sample with the following command:

west build -p -b nrf7002dk/nrf5340/cpuapp -S wifi-enterprise

in this setup, the command above works, I am connecting to my network.

If I build the same project with this command:
west build -p -b nrf7002dk/nrf5340/cpuapp/ns -S wifi-enterprise

I am getting a build error about insufficient RAM, so I am reducing a bit the RAM dedicated to CONFIG_MBEDTLS_HEAP_SIZE, so that the build can complete.
Sending the same command as before I getting this:
net_wifi_certs: Failed to get credential tag: 16908289 length, err: -2

Does this mean that I need to provision some certificates to the device that are included by default in the non NS build?

I am quite confused as to what I need to add to the prj.conf and to the  in order to be able to connect to the network in the same way.

My starting prj.conf looks like this:

CONFIG_WIFI=y
CONFIG_WIFI_NRF70=y

# WPA supplicant
CONFIG_WIFI_READY_LIB=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_POSIX_API=y
CONFIG_NET_IPV4=y
CONFIG_NET_TCP=y
CONFIG_NET_DHCPV4=y

CONFIG_NET_PKT_RX_COUNT=16
CONFIG_NET_PKT_TX_COUNT=16
CONFIG_NRF70_RX_NUM_BUFS=16

# Below section is the primary contributor to SRAM and is currently
# tuned for performance, but this will be revisited in the future.
CONFIG_NET_BUF_RX_COUNT=16
CONFIG_NET_BUF_TX_COUNT=32
CONFIG_HEAP_MEM_POOL_SIZE=37000
CONFIG_HEAP_MEM_POOL_IGNORE_MIN=y
CONFIG_NRF_WIFI_CTRL_HEAP_SIZE=20000
CONFIG_NRF_WIFI_DATA_HEAP_SIZE=40000
CONFIG_NET_TC_TX_COUNT=1

CONFIG_NET_IF_UNICAST_IPV4_ADDR_COUNT=1
CONFIG_NET_MAX_CONTEXTS=6
CONFIG_NET_CONTEXT_SYNC_RECV=y

CONFIG_INIT_STACKS=y

CONFIG_NET_L2_ETHERNET=y

# Memories
CONFIG_MAIN_STACK_SIZE=5200
CONFIG_NET_TX_STACK_SIZE=4096
CONFIG_NET_RX_STACK_SIZE=4096

# TLS networking
CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=3
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y

# TLS credentials
CONFIG_TLS_CREDENTIALS=y
CONFIG_TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE=y

# mbedTLS
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=101920
CONFIG_MBEDTLS_RSA_C=y
CONFIG_MBEDTLS_DHM_C=y
CONFIG_MBEDTLS_TLS_LIBRARY=y

# Optimize T-FM
CONFIG_TFM_PROFILE_TYPE_SMALL=y
CONFIG_PM_PARTITION_SIZE_TFM_SRAM=0xc000
CONFIG_PM_PARTITION_SIZE_TFM=0x20000

#Low power
CONFIG_TFM_LOG_LEVEL_SILENCE=y
CONFIG_TFM_SECURE_UART=n
CONFIG_NRF_WIFI_LOW_POWER=y
CONFIG_NRF70_QSPI_LOW_POWER=y
# CONFIG_LOG=n
# CONFIG_UART_CONSOLE=n
CONFIG_GPIO=y
CONFIG_PM_DEVICE=y
CONFIG_PM_DEVICE_RUNTIME=y

# Logging
CONFIG_LOG=y
CONFIG_LOG_BUFFER_SIZE=2048


The connection params I am setting look like this:
static int Wifi_Connect(void)
{
    struct net_if* wifi_iface = net_if_get_first_wifi();

    static struct wifi_connect_req_params connectionParameters ={0};
    connectionParameters.timeout = SYS_FOREVER_MS;
    connectionParameters.ssid = SSID;
    connectionParameters.ssid_length = strlen(SSID);
    connectionParameters.channel = WIFI_CHANNEL_ANY;
    connectionParameters.security = WIFI_SECURITY_TYPE_EAP_TTLS_MSCHAPV2;
    // connectionParameters.channel = 40;
    // connectionParameters.key_passwd = SECRET;
    connectionParameters.nusers = 1;
    connectionParameters.passwds = 1;
    connectionParameters.identities[0] = USERNAME;
    connectionParameters.passwords[0] = SECRET;
    connectionParameters.eap_identity = USERNAME;
    connectionParameters.eap_id_length = strlen(USERNAME);
    connectionParameters.eap_password = SECRET;
    connectionParameters.eap_passwd_length= strlen(SECRET);
    connectionParameters.verify_peer_cert = 0;
    connectionParameters.mfp = WIFI_MFP_DISABLE;
    // connectionParameters.key_passwd_length = strlen(SECRET);
    // connectionParameters.eap_identity = USERNAME;
    // connectionParameters.eap_id_length = strlen(USERNAME);
    int res = net_mgmt(NET_REQUEST_WIFI_CONNECT, wifi_iface, &connectionParameters, sizeof(struct wifi_connect_req_params));
    if (res) {
        LOG_ERR("Connection request failed: %d", res);
        return -ENOEXEC;
    }
    is_device_connected = false;
    LOG_INF("Connection requested");

    return 0;
}


With this setup I am getting this when trying to connect:

wpa_supp: Unsupported security type: 14

Looking into the files I see that I need to enable this
CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE.

Enabling this gives me a compile error:

fatal error: wifi_enterprise_test_certs/ca.pem.inc: No such file or directory
   41 |         #include <wifi_enterprise_test_certs/ca.pem.inc>


So, could you provide some guidance as to how to connect to my enterprise wifi AP from my code with the same configuration that I am using when running the shell sample?

I am using nRF SDK v3.1.1 and I am building using for the west build -p always -b nrf7002dk/nrf5340/cpuapp/ns device.

Thank you very much

  • 0

    Hi,

    I am getting a build error about insufficient RAM, so I am reducing a bit the RAM dedicated to CONFIG_MBEDTLS_HEAP_SIZE, so that the build can complete.
    Sending the same command as before I getting this:
    net_wifi_certs: Failed to get credential tag: 16908289 length, err: -2
    Does this mean that I need to provision some certificates to the device that are included by default in the non NS build?

    This error means that the Wi-Fi/TLS stack looked up a credential using a TLS credential tag, and it was not found in the configured backend. You must ensure that the enterprise credentials are present. You can see how to add credentials in  Wi-Fi Enterprise test: X.509 Certificate management.

    Please note that when using TLS credentials subsystem, the volatile backend is used by default (CONFIG_TLS_CREDENTIALS_BACKEND_VOLATILE). This means that the certificates will be lost upon reboot, and you will need to provide them again. If you want to store the credentials persistently, you can use the PS backend (CONFIG_TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE) to store the certificates in non-volatile storage.

    So, could you provide some guidance as to how to connect to my enterprise wifi AP from my code with the same configuration that I am using when running the shell sample?

    The shell sample uses runtime certificates (CONFIG_WIFI_SHELL_RUNTIME_CERTIFICATES). Based on the error you get, it appears that it expects the certificates to be provided at compile time, but they are not found. You can look at the link I added above to see how to add the certificates at compile time.

    Best regards,
    Marte

Related
Terms of service