|
| 1 | +.. _lib_wifi_credentials: |
| 2 | + |
| 3 | +Wi-Fi credentials Library |
| 4 | +######################### |
| 5 | + |
| 6 | +.. contents:: |
| 7 | + :local: |
| 8 | + :depth: 2 |
| 9 | + |
| 10 | +The Wi-Fi credentials library provides means to load and store Wi-Fi® network credentials. |
| 11 | + |
| 12 | +Overview |
| 13 | +******** |
| 14 | + |
| 15 | +This library uses either Zephyr's settings subsystem or Platform Security Architecture (PSA) Internal Trusted Storage (ITS) to store credentials. |
| 16 | +It also holds a list of SSIDs in RAM to provide dictionary-like access using SSIDs as keys. |
| 17 | + |
| 18 | +Configuration |
| 19 | +************* |
| 20 | + |
| 21 | +To use the Wi-Fi credentials library, enable the :kconfig:option:`CONFIG_WIFI_CREDENTIALS` Kconfig option. |
| 22 | + |
| 23 | +You can pick the backend using the following options: |
| 24 | + |
| 25 | +* :kconfig:option:`CONFIG_WIFI_CREDENTIALS_BACKEND_PSA` - Default option for non-secure targets, which includes a TF-M partition (non-minimal TF-M profile type). |
| 26 | +* :kconfig:option:`CONFIG_WIFI_CREDENTIALS_BACKEND_SETTINGS` - Default option for secure targets. |
| 27 | + |
| 28 | +To configure the maximum number of networks, use the :kconfig:option:`CONFIG_WIFI_CREDENTIALS_MAX_ENTRIES` Kconfig option. |
| 29 | + |
| 30 | +The IEEE 802.11 standard does not specify the maximum length of SAE passwords. |
| 31 | +To change the default, use the :kconfig:option:`CONFIG_WIFI_CREDENTIALS_SAE_PASSWORD_LENGTH` Kconfig option. |
| 32 | + |
| 33 | +Adding credentials |
| 34 | +****************** |
| 35 | + |
| 36 | +You can add credentials using the :c:func:`wifi_credentials_set_personal` and :c:func:`wifi_credentials_set_personal_struct` functions. |
| 37 | +The former will build the internally used struct from given fields, while the latter takes the struct directly. |
| 38 | +If you add credentials with the same SSID twice, the older entry will be overwritten. |
| 39 | + |
| 40 | +Querying credentials |
| 41 | +******************** |
| 42 | + |
| 43 | +With an SSID, you can query credentials using the :c:func:`wifi_credentials_get_by_ssid_personal` and :c:func:`wifi_credentials_get_by_ssid_personal_struct` functions. |
| 44 | + |
| 45 | +You can iterate over all stored credentials with the :c:func:`wifi_credentials_for_each_ssid` function. |
| 46 | +Deleting or overwriting credentials while iterating is allowed, since these operations do not change internal indices. |
| 47 | + |
| 48 | +Removing credentials |
| 49 | +******************** |
| 50 | + |
| 51 | +You can remove credentials using the :c:func:`wifi_credentials_delete_by_ssid` function. |
| 52 | + |
| 53 | +Shell commands |
| 54 | +************** |
| 55 | + |
| 56 | +``wifi cred`` is an extension to the Wi-Fi command line. It adds the following subcommands to interact with the Wi-Fi credentials library: |
| 57 | + |
| 58 | +.. list-table:: Wi-Fi credentials shell subcommands |
| 59 | + :header-rows: 1 |
| 60 | + |
| 61 | + * - Subcommands |
| 62 | + - Description |
| 63 | + * - add |
| 64 | + - | Add a network to the credentials storage with following parameters: |
| 65 | + | <-s --ssid \"<SSID>\">: SSID. |
| 66 | + | [-c --channel]: Channel that needs to be scanned for connection. 0:any channel |
| 67 | + | [-b, --band] 0: any band (2:2.4GHz, 5:5GHz, 6:6GHz) |
| 68 | + | [-p, --passphrase]: Passphrase (valid only for secure SSIDs) |
| 69 | + | [-k, --key-mgmt]: Key management type. |
| 70 | + | 0:None, 1:WPA2-PSK, 2:WPA2-PSK-256, 3:SAE-HNP, 4:SAE-H2E, 5:SAE-AUTO, 6:WAPI," |
| 71 | + | " 7:EAP-TLS, 8:WEP, 9: WPA-PSK, 10: WPA-Auto-Personal, 11: DPP |
| 72 | + | [-w, --ieee-80211w]: MFP (optional: needs security type to be specified) |
| 73 | + | : 0:Disable, 1:Optional, 2:Required. |
| 74 | + | [-m, --bssid]: MAC address of the AP (BSSID). |
| 75 | + | [-t, --timeout]: Duration after which connection attempt needs to fail. |
| 76 | + | [-a, --identity]: Identity for enterprise mode. |
| 77 | + | [-K, --key-passwd]: Private key passwd for enterprise mode. |
| 78 | + | [-h, --help]: Print out the help for the connect command. |
| 79 | + * - delete <SSID> |
| 80 | + - Removes network from credentials storage. |
| 81 | + * - list |
| 82 | + - Lists networks in credential storage. |
| 83 | + * - auto_connect |
| 84 | + - Automatically connects to any stored network. |
| 85 | + |
| 86 | +Limitations |
| 87 | +*********** |
| 88 | + |
| 89 | +The library has the following limitations: |
| 90 | + |
| 91 | +* Although permitted by the IEEE 802.11 standard, this library does not support zero-length SSIDs. |
| 92 | +* Wi-Fi Protected Access (WPA) Enterprise credentials are only partially supported. |
| 93 | +* The number of networks stored is fixed compile time. |
| 94 | + |
| 95 | +API documentation |
| 96 | +***************** |
| 97 | + |
| 98 | +The following section provides an overview and reference for the Wi-Fi credentials API available in Zephyr: |
| 99 | + |
| 100 | +.. doxygengroup:: wifi_credentials |
0 commit comments