From b31c66b43d5a75d7749c0f10966afccec1555474 Mon Sep 17 00:00:00 2001 From: Ravi Dondaputi Date: Mon, 14 Jul 2025 17:05:09 +0530 Subject: [PATCH 1/3] snippets: wifi-enterprise: Increase MBEDTLS heap size With NRF security, higher heap requirement is seen for operating with RSA-3072 based certificates. Add a NRF SoC specific conf in snippets to handle this. Signed-off-by: Ravi Dondaputi --- snippets/wifi-enterprise/snippet.yml | 5 +++++ snippets/wifi-enterprise/wifi-enterprise-nrf.conf | 3 +++ 2 files changed, 8 insertions(+) create mode 100644 snippets/wifi-enterprise/wifi-enterprise-nrf.conf diff --git a/snippets/wifi-enterprise/snippet.yml b/snippets/wifi-enterprise/snippet.yml index 6a4f73d38b42e..f88b23ec2a4d0 100644 --- a/snippets/wifi-enterprise/snippet.yml +++ b/snippets/wifi-enterprise/snippet.yml @@ -1,3 +1,8 @@ name: wifi-enterprise append: EXTRA_CONF_FILE: wifi-enterprise.conf + +boards: + /.*/nrf.*/cpuapp/: + append: + EXTRA_CONF_FILE: wifi-enterprise-nrf.conf diff --git a/snippets/wifi-enterprise/wifi-enterprise-nrf.conf b/snippets/wifi-enterprise/wifi-enterprise-nrf.conf new file mode 100644 index 0000000000000..a52390c1687cf --- /dev/null +++ b/snippets/wifi-enterprise/wifi-enterprise-nrf.conf @@ -0,0 +1,3 @@ +# For TLS and X.509 processing MbedTLS needs large heap size and using separate heap +# for MbedTLS gives us more control over the heap size. +CONFIG_MBEDTLS_HEAP_SIZE=75000 From a90f9c938ede66751916e79a19ae58dc5ce4112e Mon Sep 17 00:00:00 2001 From: Ravi Dondaputi Date: Mon, 14 Jul 2025 17:14:29 +0530 Subject: [PATCH 2/3] samples: net: wifi: Add AES-only certificates Add AES-only cipher certificates. Useful for systems which have only AES support and DES is not enabled. Signed-off-by: Ravi Dondaputi --- .../net/wifi/test_certs/rsa2k_no_des/ca.pem | 24 +++++++++++++++ .../net/wifi/test_certs/rsa2k_no_des/ca2.pem | 24 +++++++++++++++ .../test_certs/rsa2k_no_des/client-key.pem | 30 +++++++++++++++++++ .../test_certs/rsa2k_no_des/client-key2.pem | 30 +++++++++++++++++++ .../wifi/test_certs/rsa2k_no_des/client.pem | 22 ++++++++++++++ .../wifi/test_certs/rsa2k_no_des/client2.pem | 22 ++++++++++++++ .../test_certs/rsa2k_no_des/server-key.pem | 30 +++++++++++++++++++ .../wifi/test_certs/rsa2k_no_des/server.pem | 22 ++++++++++++++ 8 files changed, 204 insertions(+) create mode 100644 samples/net/wifi/test_certs/rsa2k_no_des/ca.pem create mode 100644 samples/net/wifi/test_certs/rsa2k_no_des/ca2.pem create mode 100644 samples/net/wifi/test_certs/rsa2k_no_des/client-key.pem create mode 100644 samples/net/wifi/test_certs/rsa2k_no_des/client-key2.pem create mode 100644 samples/net/wifi/test_certs/rsa2k_no_des/client.pem create mode 100644 samples/net/wifi/test_certs/rsa2k_no_des/client2.pem create mode 100644 samples/net/wifi/test_certs/rsa2k_no_des/server-key.pem create mode 100644 samples/net/wifi/test_certs/rsa2k_no_des/server.pem diff --git a/samples/net/wifi/test_certs/rsa2k_no_des/ca.pem b/samples/net/wifi/test_certs/rsa2k_no_des/ca.pem new file mode 100644 index 0000000000000..2b872d2e30da3 --- /dev/null +++ b/samples/net/wifi/test_certs/rsa2k_no_des/ca.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEBzCCAu+gAwIBAgIUK8+d+8IOzeX+DP3VSvdF3lHiCdcwDQYJKoZIhvcNAQEL +BQAwgZIxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNv +bWV3aGVyZTEUMBIGA1UECgwLRXhhbXBsZSBJbmMxJjAkBgNVBAMMHUV4YW1wbGUg +Q2VydGlmaWNhdGUgQXV0aG9yaXR5MSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFt +cGxlLm9yZzAeFw0yNDEwMDgxMDI0MDZaFw0zNDEwMDYxMDI0MDZaMIGSMQswCQYD +VQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hlcmUxFDAS +BgNVBAoMC0V4YW1wbGUgSW5jMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRl +IEF1dGhvcml0eTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5vcmcwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWKIwjdRIp9IrpZELN/ZsN13Xj +qQI6n086PNJ7BZfLi0+tD164rmxFk2eukNNksFCPhvMkqUxouGhc4mJjeivvrZxR +oT3cblOQIkkdEci6iTKC2E1a20W/Ur7cTXoIsnKwjiUjXk+cujkrZu4fcHX+O4vy +wTd5tEbhmifT/4u5nN8U2vBcEZqkGHOCp30VZSxtlGwqp4lc+tVziF3uFViW9MXk +3bVt+s1E7ztwG7+WBgVlLYe3CNSWkMxfyYBafH/l7iep6AFjoTn1z3AAjYi7IUNN +0JkW8MTgafRQIu4QsV5luq/Tiar2vwAm/GNgUJdSzUKARsfQzb/XTIgnLQqtAgMB +AAGjUzBRMB0GA1UdDgQWBBSijSC03/Thi6EOdM91V33zsbQpgzAfBgNVHSMEGDAW +gBSijSC03/Thi6EOdM91V33zsbQpgzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQAvKEfmCDoMTKC6bfP6DSs+MSAGc5tCr6w6cz2AKNJ2fOMhkq55 +JF47oBBGm9SdTB6Jqo6c109Ps69/+LMtEEGwvzL0RL0WAuTYGo6sudm9hj/jDHZh +pAqi/2BQQeVgTa6oW0jtNPFe+/cobXo9TJ7wECGrhvVbmfl5ZPc0YVOIjjR0/LhL +q7lqPAlJ5vx0WvsX+QReN97we8vD0x1D3mCySJTi3Irh+grE0yJOSN2fa7cyqi9+ +vSiNUB1eUgQwrO+S8ZazYNvAZXC2Xf4WB4SOifJD73pYPAdwOejc0FA+zfEKa/6/ +vTUs8cIhlmDWO+BEoc9wygMKMmhT5s7/T5Bv +-----END CERTIFICATE----- diff --git a/samples/net/wifi/test_certs/rsa2k_no_des/ca2.pem b/samples/net/wifi/test_certs/rsa2k_no_des/ca2.pem new file mode 100644 index 0000000000000..2b872d2e30da3 --- /dev/null +++ b/samples/net/wifi/test_certs/rsa2k_no_des/ca2.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEBzCCAu+gAwIBAgIUK8+d+8IOzeX+DP3VSvdF3lHiCdcwDQYJKoZIhvcNAQEL +BQAwgZIxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNv +bWV3aGVyZTEUMBIGA1UECgwLRXhhbXBsZSBJbmMxJjAkBgNVBAMMHUV4YW1wbGUg +Q2VydGlmaWNhdGUgQXV0aG9yaXR5MSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFt +cGxlLm9yZzAeFw0yNDEwMDgxMDI0MDZaFw0zNDEwMDYxMDI0MDZaMIGSMQswCQYD +VQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hlcmUxFDAS +BgNVBAoMC0V4YW1wbGUgSW5jMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRl +IEF1dGhvcml0eTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5vcmcwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWKIwjdRIp9IrpZELN/ZsN13Xj +qQI6n086PNJ7BZfLi0+tD164rmxFk2eukNNksFCPhvMkqUxouGhc4mJjeivvrZxR +oT3cblOQIkkdEci6iTKC2E1a20W/Ur7cTXoIsnKwjiUjXk+cujkrZu4fcHX+O4vy +wTd5tEbhmifT/4u5nN8U2vBcEZqkGHOCp30VZSxtlGwqp4lc+tVziF3uFViW9MXk +3bVt+s1E7ztwG7+WBgVlLYe3CNSWkMxfyYBafH/l7iep6AFjoTn1z3AAjYi7IUNN +0JkW8MTgafRQIu4QsV5luq/Tiar2vwAm/GNgUJdSzUKARsfQzb/XTIgnLQqtAgMB +AAGjUzBRMB0GA1UdDgQWBBSijSC03/Thi6EOdM91V33zsbQpgzAfBgNVHSMEGDAW +gBSijSC03/Thi6EOdM91V33zsbQpgzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQAvKEfmCDoMTKC6bfP6DSs+MSAGc5tCr6w6cz2AKNJ2fOMhkq55 +JF47oBBGm9SdTB6Jqo6c109Ps69/+LMtEEGwvzL0RL0WAuTYGo6sudm9hj/jDHZh +pAqi/2BQQeVgTa6oW0jtNPFe+/cobXo9TJ7wECGrhvVbmfl5ZPc0YVOIjjR0/LhL +q7lqPAlJ5vx0WvsX+QReN97we8vD0x1D3mCySJTi3Irh+grE0yJOSN2fa7cyqi9+ +vSiNUB1eUgQwrO+S8ZazYNvAZXC2Xf4WB4SOifJD73pYPAdwOejc0FA+zfEKa/6/ +vTUs8cIhlmDWO+BEoc9wygMKMmhT5s7/T5Bv +-----END CERTIFICATE----- diff --git a/samples/net/wifi/test_certs/rsa2k_no_des/client-key.pem b/samples/net/wifi/test_certs/rsa2k_no_des/client-key.pem new file mode 100644 index 0000000000000..6ab70da245241 --- /dev/null +++ b/samples/net/wifi/test_certs/rsa2k_no_des/client-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQILVdWyEWhWU0CAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDMFReIusCg7gSkoUQZV2flBIIE +0BIFQH7+0dc7wHIQQ1y0ao90rrK3ExtCABH6xp4OAHUNPR1549zSEak/9Ba6WLBp +YE0m/lpLz4oUJE4Kd3rg4ekSZk4mapZoW7g5ax4qAEblmM6rqmyjiU0Q6tsAb8n1 +x+RyjUILlgTH1HDmeNA53QNMCw++xIMIJPN29SvFN6vkU2Fd2f74/TuZRSaCEPLO +LKtNMwWCMTrlv0UewEryOvZegPQuEF/Ewmmw/9l5VfkPp6zAtZKzWsfk4jUo5tv2 +5dPoHR+RKjNNVwetnCq59QYMS2My6KLqX4Vzqnbu8K1nlbm85ZHnvLGi8cDn8EB7 +QtRL+Ev5IwcwYJgV5AMojouJLQdR655jeITWI1Gsohz28YG8c1qYX4ZN6albSd1G +fd1tMOWkeu4uEzJ7ijLDfnCzrklnLuAZx8yLzyrOa7i9AwwJmdgUEdbWWsru3L6C +zDJ45rpA0FobdlTem4kpoE9yiyHkIhf3wmI3X+0aodC11pdbHP260KIC8E1K9FUh +s/IoEQCYrBp8UltNTlezwq/E5uOuIu4EpfjEgH1Z3+hSDbnmMAXNX4DbL234x7iy +3Y256DtOeHSElnRz3kDnZVNtM1Kd5fgEYJ1ptYRPYaWyJka7/hC/0UObuM9w+QeO +OlG0QgumQFloyhDa9anPBK4sYJp4g1fK8golUDW4AdpFPNOJvvgOvQUzhPpHjr+N +lpZ75Y6I3JSSKJ/UMlSCOqjak8oZtMtJNMfbx1lgwwDtgjDSJvSdl735gI9VmXXH +qnlGEtyiQ7k1Z1a4HxiY2/CiDHvkymClir/Ik8gt+wmyT9c/9BcehLRf6PxMsDVy +PCkty1LlzN+5tSZJtJnOiTlgsRn/w49Ohp74ITheSdb30/6PnFI+o8rcJHmrjN4d +t3z/bCyWAeC8mS7m0wtXlyBeG9xvdyT8dDHAFOnqxX30dEwEbjNj58kWGAgRf9i3 +HlOAP8yRy7LAV7A4HEPnEzXBxYpsROUw/8d3Jtmr2nAp2hfKP339DYZPHZpRLjJr +WQlJasHHLxHKKjSsuM06WsCO+Tt2FTSgGJuU6nFVK75fssmmJYzj9qMHVM6YSjfY +sT0ZIWRgO9NLFx5O3QxY1wgMLhhv1FREy9NVnMU0W3A1u0F7dwHywZGha2IqEXgu ++UyWIJnePMvluV/s66AN/OpIxKU48c0B4l7XzXkHHd43tDUG3ztfRuPbWCHipuRO +eo+vHGD01iBLSE1ZhrYLHKQhJvIKx/PIEaqJHP/Vy35AD/2/GH09TiIBHzX9aXie +TiKFs30FQv7SpLNHNE7jUxsYGNUbYa70S/Vgn3wkKATcXpCc749XQV4OUbFoqkDm +vuZOjkIOlm/OtZkUuDWmk96mgoVG/gWSEJPynJHUpmWdu/BCdYOgxBk/bmPa1leS +Z5NbO0fGMnNhDMXYA5rqmVzABcNSYhgYw5aciWpBlgYHEYrPxZvCxWftIyb24oEk +wdHEaFbIYbOoVZqo7Ym2hrvVrJb8Qdukf1BmUgfSSSc7BFoSrBUO4SNFtZI55NOB +OM4rnkqfoYR0IpnxzPIpxpsWljG9QsgnTaffStDgIGXiAtBWJFy+44f1IS4EoC6B ++we1Q6atPwYSyPtG8mn4Ce0BNxLDUoFDLMQ7Bt8QBMeX +-----END ENCRYPTED PRIVATE KEY----- diff --git a/samples/net/wifi/test_certs/rsa2k_no_des/client-key2.pem b/samples/net/wifi/test_certs/rsa2k_no_des/client-key2.pem new file mode 100644 index 0000000000000..6ab70da245241 --- /dev/null +++ b/samples/net/wifi/test_certs/rsa2k_no_des/client-key2.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQILVdWyEWhWU0CAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDMFReIusCg7gSkoUQZV2flBIIE +0BIFQH7+0dc7wHIQQ1y0ao90rrK3ExtCABH6xp4OAHUNPR1549zSEak/9Ba6WLBp +YE0m/lpLz4oUJE4Kd3rg4ekSZk4mapZoW7g5ax4qAEblmM6rqmyjiU0Q6tsAb8n1 +x+RyjUILlgTH1HDmeNA53QNMCw++xIMIJPN29SvFN6vkU2Fd2f74/TuZRSaCEPLO +LKtNMwWCMTrlv0UewEryOvZegPQuEF/Ewmmw/9l5VfkPp6zAtZKzWsfk4jUo5tv2 +5dPoHR+RKjNNVwetnCq59QYMS2My6KLqX4Vzqnbu8K1nlbm85ZHnvLGi8cDn8EB7 +QtRL+Ev5IwcwYJgV5AMojouJLQdR655jeITWI1Gsohz28YG8c1qYX4ZN6albSd1G +fd1tMOWkeu4uEzJ7ijLDfnCzrklnLuAZx8yLzyrOa7i9AwwJmdgUEdbWWsru3L6C +zDJ45rpA0FobdlTem4kpoE9yiyHkIhf3wmI3X+0aodC11pdbHP260KIC8E1K9FUh +s/IoEQCYrBp8UltNTlezwq/E5uOuIu4EpfjEgH1Z3+hSDbnmMAXNX4DbL234x7iy +3Y256DtOeHSElnRz3kDnZVNtM1Kd5fgEYJ1ptYRPYaWyJka7/hC/0UObuM9w+QeO +OlG0QgumQFloyhDa9anPBK4sYJp4g1fK8golUDW4AdpFPNOJvvgOvQUzhPpHjr+N +lpZ75Y6I3JSSKJ/UMlSCOqjak8oZtMtJNMfbx1lgwwDtgjDSJvSdl735gI9VmXXH +qnlGEtyiQ7k1Z1a4HxiY2/CiDHvkymClir/Ik8gt+wmyT9c/9BcehLRf6PxMsDVy +PCkty1LlzN+5tSZJtJnOiTlgsRn/w49Ohp74ITheSdb30/6PnFI+o8rcJHmrjN4d +t3z/bCyWAeC8mS7m0wtXlyBeG9xvdyT8dDHAFOnqxX30dEwEbjNj58kWGAgRf9i3 +HlOAP8yRy7LAV7A4HEPnEzXBxYpsROUw/8d3Jtmr2nAp2hfKP339DYZPHZpRLjJr +WQlJasHHLxHKKjSsuM06WsCO+Tt2FTSgGJuU6nFVK75fssmmJYzj9qMHVM6YSjfY +sT0ZIWRgO9NLFx5O3QxY1wgMLhhv1FREy9NVnMU0W3A1u0F7dwHywZGha2IqEXgu ++UyWIJnePMvluV/s66AN/OpIxKU48c0B4l7XzXkHHd43tDUG3ztfRuPbWCHipuRO +eo+vHGD01iBLSE1ZhrYLHKQhJvIKx/PIEaqJHP/Vy35AD/2/GH09TiIBHzX9aXie +TiKFs30FQv7SpLNHNE7jUxsYGNUbYa70S/Vgn3wkKATcXpCc749XQV4OUbFoqkDm +vuZOjkIOlm/OtZkUuDWmk96mgoVG/gWSEJPynJHUpmWdu/BCdYOgxBk/bmPa1leS +Z5NbO0fGMnNhDMXYA5rqmVzABcNSYhgYw5aciWpBlgYHEYrPxZvCxWftIyb24oEk +wdHEaFbIYbOoVZqo7Ym2hrvVrJb8Qdukf1BmUgfSSSc7BFoSrBUO4SNFtZI55NOB +OM4rnkqfoYR0IpnxzPIpxpsWljG9QsgnTaffStDgIGXiAtBWJFy+44f1IS4EoC6B ++we1Q6atPwYSyPtG8mn4Ce0BNxLDUoFDLMQ7Bt8QBMeX +-----END ENCRYPTED PRIVATE KEY----- diff --git a/samples/net/wifi/test_certs/rsa2k_no_des/client.pem b/samples/net/wifi/test_certs/rsa2k_no_des/client.pem new file mode 100644 index 0000000000000..9e815474cd8de --- /dev/null +++ b/samples/net/wifi/test_certs/rsa2k_no_des/client.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDojCCAooCFGZ4UJXBKG70aewILFtsy4mbvaYZMA0GCSqGSIb3DQEBCwUAMIGS +MQswCQYDVQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hl +cmUxFDASBgNVBAoMC0V4YW1wbGUgSW5jMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRp +ZmljYXRlIEF1dGhvcml0eTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5v +cmcwHhcNMjQxMDA4MTAyNjI1WhcNMzQxMDA2MTAyNjI1WjCBhzELMAkGA1UEBhMC +RlIxDzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQK +DAtFeGFtcGxlIEluYzEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMSAwHgYJ +KoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMu3HXJvi2Q4hQnLL4v/sCyEr5x+ZtBcSi2yETMViaf2EStW +UOs1A1pmCQbO7nadLQcWaX4tzefQCRrs1X4hIQuDIqRPNi6h6G1g5HEtqBWZhvwu +hDbmFiX8/Vtw/P0/9sox2DzyLG0mjJUAYAbKtyC1kQalybVBtrSaazyyAyh6oOuU +chAb7SmmNDsRB959TWM/mp+6yCcFGzCDKNBwlwthB6Uw92d3SfOyXEnZm8rPf0hV +4ICL5iB+xEYBv1LKmznFK/4UAyKpxAygc5fxKVWwlSsq8MrES5ak0n6H71wViaXK +BrH5yh9jEkK9XSeaUwg8C9eOOexyx/5JDY3TTE8CAwEAATANBgkqhkiG9w0BAQsF +AAOCAQEAUNddNiRUlJH0acJJv8ztXNWjNewd17tAk1BBHp6yyGAD8b52p6QbDAdS +xO3WsSc2bqSy599jp4GshO27TMQsBRMfoggCG21Aj6sIs0Hd4shTE4T0GUBEBxC2 +/HReuD+cGIzzKMYlvK8RPSaGLPvPw5SryvmOnjD368V0KCHwT04Z14i4sMxlkd5q +wB7fxTkVla9MR4uWObX62mJykmqT86chScJpldtBpRh8wrEa3Gt9FZoi/eqP0De8 +oCxmCZDrozGTZ4IIaNzchx3Ensh1RQwvvxd6ATerYdUjq4V2TlTksDRdCXtj+uNJ +FnB32sUHiIouxudAsqDf8UL9/99RCw== +-----END CERTIFICATE----- diff --git a/samples/net/wifi/test_certs/rsa2k_no_des/client2.pem b/samples/net/wifi/test_certs/rsa2k_no_des/client2.pem new file mode 100644 index 0000000000000..9e815474cd8de --- /dev/null +++ b/samples/net/wifi/test_certs/rsa2k_no_des/client2.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDojCCAooCFGZ4UJXBKG70aewILFtsy4mbvaYZMA0GCSqGSIb3DQEBCwUAMIGS +MQswCQYDVQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hl +cmUxFDASBgNVBAoMC0V4YW1wbGUgSW5jMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRp +ZmljYXRlIEF1dGhvcml0eTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5v +cmcwHhcNMjQxMDA4MTAyNjI1WhcNMzQxMDA2MTAyNjI1WjCBhzELMAkGA1UEBhMC +RlIxDzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQK +DAtFeGFtcGxlIEluYzEbMBkGA1UEAwwSY2xpZW50LmV4YW1wbGUub3JnMSAwHgYJ +KoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMu3HXJvi2Q4hQnLL4v/sCyEr5x+ZtBcSi2yETMViaf2EStW +UOs1A1pmCQbO7nadLQcWaX4tzefQCRrs1X4hIQuDIqRPNi6h6G1g5HEtqBWZhvwu +hDbmFiX8/Vtw/P0/9sox2DzyLG0mjJUAYAbKtyC1kQalybVBtrSaazyyAyh6oOuU +chAb7SmmNDsRB959TWM/mp+6yCcFGzCDKNBwlwthB6Uw92d3SfOyXEnZm8rPf0hV +4ICL5iB+xEYBv1LKmznFK/4UAyKpxAygc5fxKVWwlSsq8MrES5ak0n6H71wViaXK +BrH5yh9jEkK9XSeaUwg8C9eOOexyx/5JDY3TTE8CAwEAATANBgkqhkiG9w0BAQsF +AAOCAQEAUNddNiRUlJH0acJJv8ztXNWjNewd17tAk1BBHp6yyGAD8b52p6QbDAdS +xO3WsSc2bqSy599jp4GshO27TMQsBRMfoggCG21Aj6sIs0Hd4shTE4T0GUBEBxC2 +/HReuD+cGIzzKMYlvK8RPSaGLPvPw5SryvmOnjD368V0KCHwT04Z14i4sMxlkd5q +wB7fxTkVla9MR4uWObX62mJykmqT86chScJpldtBpRh8wrEa3Gt9FZoi/eqP0De8 +oCxmCZDrozGTZ4IIaNzchx3Ensh1RQwvvxd6ATerYdUjq4V2TlTksDRdCXtj+uNJ +FnB32sUHiIouxudAsqDf8UL9/99RCw== +-----END CERTIFICATE----- diff --git a/samples/net/wifi/test_certs/rsa2k_no_des/server-key.pem b/samples/net/wifi/test_certs/rsa2k_no_des/server-key.pem new file mode 100644 index 0000000000000..5f032cad701d3 --- /dev/null +++ b/samples/net/wifi/test_certs/rsa2k_no_des/server-key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIjI78fcZSH7oCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDfF676hRrL290F0MgMDZiuBIIE +0Hkz7skRV8Ox0SoX5N8GsOPfN4PS1cLyHgokY6dUhJPU5vUzOn9iSiGQSEzSguQ7 +11mssjRC2T45wB/95VK2EPtRw1f/6VOUR6RJnnGb0PV1Rydp/x5TZ6vzcXpakqly +eljJR/20fIJClsZzhw0iu5la9fkF6G8WYFEkqex5jALSiN4qVLvkiqcTnh5+amem +8+OCKgvgooKD2ids4/0GGfJRQSC6DFf3kuxNl+MMvmDXmz/vrD85ONnyXzKXDA3N +3vRgL/YT6GzwIXb+7/c/tIMpnacxPAdbNOs3DY5ss4xcK68L5PwpM2BljzBa5dGw +Smgf2VRaYRVzmrte5j280QjfrlHRU2cHaxm0GCu2AOTGwMXcSNYMXfDNuxc57oQJ +vHXMeZD4K5lACbhYdZ5lJNFvv29YI7dZ7QOGu6nXlAuhZfbdc/cgT0som7eG8xpT +pERllhQ5ych9sP9nAccN6VUsWgmlF73lbSptBek1ccYkp9LIYCteJUPl2qPcz6zl +A7zrZ54f3Lg0fOm2pCtg+qKBiw1nd3MR/YbRCgyvudyZE2cCN/ZspWqxsavbGYOz +JOfIFNnyAcOYtEv1n1BGLfMa1THW2bDV8XmHVHUtM0k4z250QAmLygWLY2166iUF +qotBkvctKKdulzGdT4nVer1UEKTqcxhDf0dRiHN5spZtFrOee0uGIoQWHt2oecaK +pJovW+i0qO/1DG5spfU2m1bz6jR2u6nxi340oRrMSoe1ELVg3l1/wmM8yzh07GuK +pshzxwqAG/FnaKCvcKGUG2EfnAvOcbMgSa2w3GvyRkcDPn00arvX9nuXj0gkRDBi +eoVMkKKTeeYSGQ4ik+ja3xkgHcxh5W8aoezLvBbmUq206cmhLwfnYMhnvFTs6EBK +E0ENpCHwF/qoVBIzRCijG/eeCuf3a1YkJsWlvEeVrPeOmDFeDft3SSGOzHxE2A/7 +HWmHbWTm7dPOfgsU4zf+HglnBjN3kYU7StyM0EGxmB4lfB2BiWiL/3R13ERHQZfa +oOqa4/hOFXOXfTQk6ufXtBx8L9BemBqh36zbs2xVvIizJKeRMruoRblWZkHhUKR8 +K5GA7FYkU9ZPPP0UPKsO94xzwfbevi+7nWeUZoqcqAUy8Jt5aD2QpvFVbPBBOz17 +PGaubeVn/Ry8swPvkpddtmJ4mgF+3SVctmzY+EE/oN1XS8wa+XeuaThzk89Lvrfa +606nRWrNw3PSKjYoEEtRLhPeJCi9uOVenbOjtclio9mV5Sugwurolczvq8DAGpMG +W4WgALgOWDjQAudiNH5dtcMGkBONbYywkJc7cT2OZFmzkCbchPPWlKGopuaFGAoU +SPj7C9SenHmOWAFRX5jJrOZAuVqkdKN3ShWZUL+cDkOCCQlZ0E31u0m9yozY1MeO +Sx42GtZaSGff37FGYeMZM2ztlutw2zmv2B1g52SBHTjCqQU/ud2Q6/U0kUzjbsdF +/0KQY9wgZRdOvbnA2lBirN1rXzLWPdduOZ5QImfHfvToN+oOlEqVvvWG12DdA4e5 +y4Dumx00lfKEsGutjF3oKgE6jsjwqAwCoYEAFHTtsvA0hKPisQwNHZmpjGARvR56 +yMEmXynKvgyVGvVP2a9VdqBXSpstL24HfDIu+nlyEWGQ +-----END ENCRYPTED PRIVATE KEY----- diff --git a/samples/net/wifi/test_certs/rsa2k_no_des/server.pem b/samples/net/wifi/test_certs/rsa2k_no_des/server.pem new file mode 100644 index 0000000000000..d8f82faf6dd3c --- /dev/null +++ b/samples/net/wifi/test_certs/rsa2k_no_des/server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDojCCAooCFCPQcj7ej5jhr6/mLlAoLYgfgsYcMA0GCSqGSIb3DQEBCwUAMIGS +MQswCQYDVQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hl +cmUxFDASBgNVBAoMC0V4YW1wbGUgSW5jMSYwJAYDVQQDDB1FeGFtcGxlIENlcnRp +ZmljYXRlIEF1dGhvcml0eTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5v +cmcwHhcNMjQxMDA4MTAyNTI5WhcNMzQxMDA2MTAyNTI5WjCBhzELMAkGA1UEBhMC +RlIxDzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRQwEgYDVQQK +DAtFeGFtcGxlIEluYzEbMBkGA1UEAwwSc2VydmVyLmV4YW1wbGUub3JnMSAwHgYJ +KoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANcE/OPHQK/y1b6UsIktNK7WIZB528HECY7Bz18EGba0uHod +91RbzHSJ1qI3iQyldI1UW/kY5oYjBW3lhLH0BkD/EsqvNYCV+3YzAM3ITtdOdEU9 +CqjgXttehQHfXvc7jQlF8Q2gYPUz2dDLo/gcTkz1d+mCr6nQUjT8Kq/nG54T0NnD +k8udchjUlNaQsvx/WVs3TUYxMbWzQRtpJIbv99rAWq7YgQbkNZnSYC1VgrU/BiuQ +0KrP6rfkxvBCGwIh2JXIL3FV4N8AsgGZvjXQ3zXKXwuPhxWdSmjKWlioVM3mha2A +/1e1gX6nFY/uk46D60XWxcJ6tHGHoafU7EtN3zMCAwEAATANBgkqhkiG9w0BAQsF +AAOCAQEAWwdTMphD0jxLtYO0iq/+fMtq2R96ZUN9wprZ7qg1evUNQjqLR4jKX306 +ZJX5uw+6r5Ve/k368qvcSF/sSfvBm8yd3JcegTl5t8T2/Aks8o3sfyuS0uyJC1rS +zTrd7FmJG9YMosU1BqYobda64MXq7g+6MyrQoZ6fVdPvC6Sox3+a4fl9xjdm4CTY +MsWqBJMe26LptvRIJ01/B6PjVTvsn/fxxj7rHmnJ/j63AIiBntm0vV/85cwYy/4o +HlPH/Qjvn3hZjUlBcveiYat998F+s9gH2usvCkG3kly/n1/667LLCymmCHxtH8ka +7tF3siO1EANureFY8qj6ZvlKeTkZ6g== +-----END CERTIFICATE----- From 8612182fe49b96623af01ccdbff7fc60b809cced Mon Sep 17 00:00:00 2001 From: Ravi Dondaputi Date: Wed, 16 Jul 2025 15:50:15 +0530 Subject: [PATCH 3/3] snippets: wifi-enterprise: Store certificates in Protected storage Add config options required for storing certificates in protected storage, and to free up space of ROM to accommodate the additional features that are enabled for TFM. Signed-off-by: Ravi Dondaputi --- snippets/wifi-enterprise/snippet.yml | 3 +++ snippets/wifi-enterprise/wifi-enterprise-nrf-ns.conf | 8 ++++++++ 2 files changed, 11 insertions(+) create mode 100644 snippets/wifi-enterprise/wifi-enterprise-nrf-ns.conf diff --git a/snippets/wifi-enterprise/snippet.yml b/snippets/wifi-enterprise/snippet.yml index f88b23ec2a4d0..ae2fbd2953b58 100644 --- a/snippets/wifi-enterprise/snippet.yml +++ b/snippets/wifi-enterprise/snippet.yml @@ -6,3 +6,6 @@ boards: /.*/nrf.*/cpuapp/: append: EXTRA_CONF_FILE: wifi-enterprise-nrf.conf + /.*/nrf.*/cpuapp/ns/: + append: + EXTRA_CONF_FILE: wifi-enterprise-nrf-ns.conf diff --git a/snippets/wifi-enterprise/wifi-enterprise-nrf-ns.conf b/snippets/wifi-enterprise/wifi-enterprise-nrf-ns.conf new file mode 100644 index 0000000000000..dd33192d180d7 --- /dev/null +++ b/snippets/wifi-enterprise/wifi-enterprise-nrf-ns.conf @@ -0,0 +1,8 @@ +# For TLS and X.509 processing MbedTLS needs large heap size and using separate heap +# for MbedTLS gives us more control over the heap size. +CONFIG_MBEDTLS_HEAP_SIZE=75000 +CONFIG_LTO=y +CONFIG_ISR_TABLES_LOCAL_DECLARATION=y +CONFIG_WIFI_CREDENTIALS_RUNTIME_CERTIFICATES=y +CONFIG_WIFI_SHELL_RUNTIME_CERTIFICATES=y +CONFIG_TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE=y