1.. _wifi_mgmt:
2
3Wi-Fi Management
4################
5
6Overview
7========
8
9The Wi-Fi management API is used to manage Wi-Fi networks. It supports below modes:
10
11* IEEE802.11 Station (STA)
12* IEEE802.11 Access Point (AP)
13
14Only personal mode security is supported with below types:
15
16* Open
17* WPA2-PSK
18* WPA2-PSK-256
19* WPA3-SAE
20
21The Wi-Fi management API is implemented in the ``wifi_mgmt`` module as a part of the networking L2
22stack.
23Currently, two types of Wi-Fi drivers are supported:
24
25* Networking or socket offloaded drivers
26* Native L2 Ethernet drivers
27
28Wi-Fi PSA crypto supported build
29********************************
30
31To enable PSA crypto API supported Wi-Fi build, the :kconfig:option:`CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT` and the :kconfig:option:`CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA` need to be set.
32
33Wi-Fi Enterprise test: X.509 Certificate header generation
34**********************************************************
35
36Wi-Fi enterprise security requires use of X.509 certificates, test certificates
37in PEM format are committed to the repo at :zephyr_file:`samples/net/wifi/test_certs` and the during the
38build process the certificates are converted to a C header file that is included by the Wi-Fi shell
39module.
40
41.. code-block:: bash
42
43    $ cp client.pem samples/net/wifi/test_certs/
44    $ cp client-key.pem samples/net/wifi/test_certs/
45    $ cp ca.pem samples/net/wifi/test_certs/
46    $ cp client2.pem samples/net/wifi/test_certs/
47    $ cp client-key2.pem samples/net/wifi/test_certs/
48    $ cp ca2.pem samples/net/wifi/test_certs/
49    $ west build -p -b <board> samples/net/wifi -- -DEXTRA_CONF_FILE=overlay-enterprise.conf
50
51For using variable size network buffer, the following overlay file can be used:
52
53.. code-block:: bash
54
55    $ west build -p -b <board> samples/net/wifi -- -DEXTRA_CONF_FILE=overlay-enterprise-variable-bufs.conf
56
57
58
59To initiate Wi-Fi connection, the following command can be used:
60
61.. code-block:: console
62
63    uart:~$ wifi connect -s <SSID> -c 149 -k 17 -w 2 -a client1 --key1-pwd whatever --key2-pwd whatever --eap-id1 id1 --eap-pwd1 pwd1
64
65Server certificate is also provided in the same directory for testing purposes.
66Any AAA server can be used for testing purposes, for example, ``FreeRADIUS`` or ``hostapd``.
67
68.. note::
69
70    The certificates are for testing purposes only and should not be used in production.
71    They are generated using `FreeRADIUS raddb <https://github.com/FreeRADIUS/freeradius-server/tree/master/raddb/certs>`_ scripts.
72
73API Reference
74*************
75
76.. doxygengroup:: wifi_mgmt
77