Fix MSS Wi-Fi CoAP configuration

doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst

@@ -591,6 +591,7 @@ Cellular samples
     * An issue with a very small :kconfig:option:`CONFIG_COAP_EXTENDED_OPTIONS_LEN_VALUE` Kconfig value in the :file:`overlay-coap_nrf_provisioning.conf` file.
     * Slow Wi-Fi connectivity startup by selecting ``TFM_SFN`` instead of ``TFM_IPC``.
     * The size of TLS credentials buffer for Wi-Fi connectivity to allow installing both AWS and CoAP CA certificates.
+    * Build issues with Wi-Fi configuration using CoAP.
 
 * :ref:`lte_sensor_gateway` sample:
 

samples/cellular/nrf_cloud_multi_service/README.rst

@@ -997,14 +997,14 @@ Once your device has been flashed with this sample, you can add a credential by
 .. parsed-literal::
    :class: highlight
 
-   wifi_cred add -s *NetworkSSID* -k 1 -p *NetworkPassword*
+   wifi cred add *NetworkSSID* WPA2-PSK *NetworkPassword*
 
 Where *NetworkSSID* is replaced with the SSID of the Wi-Fi access point you want your device to connect to, and *NetworkPassword* is its password.
-Then either reboot the device or use the ``wifi_cred auto_connect`` command to manually trigger a connection attempt.
+Then either reboot the device or use the ``wifi cred auto_connect`` command to manually trigger a connection attempt.
 
 From now on, these credentials will automatically be used when the configured network is reachable.
 
-See the :ref:`Wi-Fi shell sample documentation <wifi_shell_sample>` for more details on the ``wifi_cred`` command.
+See the :ref:`Wi-Fi shell sample documentation <wifi_shell_sample>` for more details on the ``wifi`` commands.
 
 Building with nRF Cloud logging support
 =======================================

samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_coap_no_lte.conf

@@ -48,7 +48,7 @@ CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
 CONFIG_TFM_IPC=n
 CONFIG_TFM_SFN=y
 CONFIG_TFM_CRYPTO_CONC_OPER_NUM=4
-CONFIG_TFM_CRYPTO_ASYM_SIGN_MODULE_ENABLED=n
+CONFIG_TFM_CRYPTO_ASYM_SIGN_MODULE_ENABLED=y
 
 ## Configure TFM partitions
 CONFIG_PM_PARTITION_SIZE_TFM_INTERNAL_TRUSTED_STORAGE=0x2000
@@ -61,6 +61,7 @@ CONFIG_PM_PARTITION_SIZE_TFM=0x24000
 
 ## Configure credentials shells and dependencies
 CONFIG_SHELL=y
+CONFIG_NET_L2_WIFI_SHELL=y
 CONFIG_WIFI_CREDENTIALS_SHELL=y
 CONFIG_TLS_CREDENTIALS_SHELL=y
 CONFIG_TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE=y
@@ -177,7 +178,7 @@ CONFIG_NET_TX_STACK_SIZE=2048
 CONFIG_NET_RX_STACK_SIZE=2048
 CONFIG_ZVFS_OPEN_MAX=16
 CONFIG_NET_SOCKETS_POLL_MAX=8
-CONFIG_NET_MGMT_EVENT_STACK_SIZE=4000
+CONFIG_NET_MGMT_EVENT_STACK_SIZE=8000
 
 # nRF Cloud: CoAP
 CONFIG_NRF_CLOUD_MQTT=n
@@ -186,8 +187,6 @@ CONFIG_NRF_CLOUD_ALERT=y
 CONFIG_NRF_CLOUD_LOCATION=n
 CONFIG_NRF_CLOUD_JWT_SOURCE_CUSTOM=y
 CONFIG_NRF_CLOUD_CLIENT_ID_SRC_COMPILE_TIME=y
-# User must set their compile time client ID
-CONFIG_NRF_CLOUD_CLIENT_ID=""
 
 # General config
 CONFIG_FPU=y
@@ -240,3 +239,10 @@ CONFIG_AT_MONITOR=n
 
 # Disabling to prevent IPv6 error logs
 CONFIG_NET_IPV6=n
+
+# User must set their compile time client ID
+CONFIG_NRF_CLOUD_CLIENT_ID="my-device"
+
+# Enable nordic security backend and PSA APIs
+CONFIG_NRF_SECURITY=y
+CONFIG_MBEDTLS_PSA_CRYPTO_C=y

samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_mqtt_no_lte.conf

@@ -60,6 +60,7 @@ CONFIG_PM_PARTITION_SIZE_TFM=0x24000
 
 ## Configure credentials shells and dependencies
 CONFIG_SHELL=y
+CONFIG_NET_L2_WIFI_SHELL=y
 CONFIG_WIFI_CREDENTIALS_SHELL=y
 CONFIG_TLS_CREDENTIALS_SHELL=y
 CONFIG_TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE=y

samples/cellular/nrf_cloud_multi_service/sample.yaml

@@ -125,7 +125,7 @@ tests:
       - ci_build
       - sysbuild
       - ci_samples_cellular
-  sample.cellular.nrf7002dk_wifi.conn:
+  sample.cellular.nrf7002dk_wifi.conn.mqtt:
     sysbuild: true
     build_only: true
     integration_platforms:
@@ -138,3 +138,16 @@ tests:
       - ci_build
       - sysbuild
       - ci_samples_cellular
+  sample.cellular.nrf7002dk_wifi.conn.coap:
+    sysbuild: true
+    build_only: true
+    integration_platforms:
+      - nrf7002dk/nrf5340/cpuapp/ns
+    platform_allow: nrf7002dk/nrf5340/cpuapp/ns
+    extra_args:
+      - EXTRA_CONF_FILE="overlay_nrf700x_wifi_coap_no_lte.conf"
+      - SB_CONF_FILE="sysbuild_nrf700x-wifi-conn.conf"
+    tags:
+      - ci_build
+      - sysbuild
+      - ci_samples_cellular

subsys/net/lib/nrf_cloud/src/nrf_cloud_jwt.c

@@ -132,15 +132,16 @@ static int get_key_from_cred(const int sec_tag, uint8_t *const der_out)
 	return 0;
 }
 
-static int custom_jwt_generate(struct jwt_data *const jwt)
+static int custom_jwt_generate(uint32_t exp_delta_s, char *const jwt_buf, size_t jwt_buf_sz,
+			       const char *subject, int sec_tag)
 {
 	int err = 0;
 	psa_key_id_t kid;
 	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
 	uint8_t priv_key[PRV_KEY_SZ];
 
 	/* Load private key from storage */
-	err = get_key_from_cred(jwt->sec_tag, priv_key);
+	err = get_key_from_cred(sec_tag, priv_key);
 	if (err) {
 		LOG_ERR("Failed to get private key, error: %d", err);
 		return err;
@@ -170,11 +171,10 @@ static int custom_jwt_generate(struct jwt_data *const jwt)
 		.sec_tag = kid,
 		.key_type = JWT_KEY_TYPE_CLIENT_PRIV,
 		.alg = JWT_ALG_TYPE_ES256,
-		.validity_s = jwt->exp_delta_s,
-		.jwt_buf = jwt->jwt_buf,
-		.jwt_sz = jwt->jwt_sz,
-		.subject = jwt->subject,
-		.audience = jwt->audience,
+		.validity_s = exp_delta_s,
+		.jwt_buf = jwt_buf,
+		.jwt_sz = jwt_buf_sz,
+		.subject = subject,
 	};
 
 	return app_jwt_generate(&_jwt_internal);
@@ -189,16 +189,10 @@ int nrf_cloud_jwt_generate(uint32_t time_valid_s, char *const jwt_buf, size_t jw
 
 	int err;
 	const char *id_ptr;
-	struct jwt_data jwt = {
-		.audience = NULL,
-		.key = JWT_KEY_TYPE_CLIENT_PRIV,
-		.alg = JWT_ALG_TYPE_ES256,
-		.jwt_buf = jwt_buf,
-		.jwt_sz = jwt_buf_sz
-	};
-
-	jwt.sec_tag = IS_ENABLED(CONFIG_NRF_CLOUD_COAP) ?
+	uint32_t exp_delta_s = time_valid_s;
+	int sec_tag = IS_ENABLED(CONFIG_NRF_CLOUD_COAP) ?
 		      nrf_cloud_sec_tag_coap_jwt_get() : nrf_cloud_sec_tag_get();
+	const char *subject;
 
 #if defined(CONFIG_MODEM_JWT)
 	/* Check if modem time is valid */
@@ -211,30 +205,38 @@ int nrf_cloud_jwt_generate(uint32_t time_valid_s, char *const jwt_buf, size_t jw
 	}
 #endif
 	if (time_valid_s > NRF_CLOUD_JWT_VALID_TIME_S_MAX) {
-		jwt.exp_delta_s = NRF_CLOUD_JWT_VALID_TIME_S_MAX;
+		exp_delta_s = NRF_CLOUD_JWT_VALID_TIME_S_MAX;
 	} else if (time_valid_s == 0) {
-		jwt.exp_delta_s = NRF_CLOUD_JWT_VALID_TIME_S_DEF;
-	} else {
-		jwt.exp_delta_s = time_valid_s;
+		exp_delta_s = NRF_CLOUD_JWT_VALID_TIME_S_DEF;
 	}
 
 	if (IS_ENABLED(CONFIG_NRF_CLOUD_CLIENT_ID_SRC_INTERNAL_UUID)) {
 		/* The UUID is present in the iss claim, so there is no need
 		 * to also include it in the sub claim.
 		 */
-		jwt.subject = NULL;
+		subject = NULL;
 	} else {
 		err = nrf_cloud_client_id_ptr_get(&id_ptr);
 		if (err) {
 			LOG_ERR("Failed to obtain client ID, error: %d", err);
 			return err;
 		}
-		jwt.subject = id_ptr;
+		subject = id_ptr;
 	}
 
 #if defined(CONFIG_NRF_CLOUD_JWT_SOURCE_CUSTOM)
-	return custom_jwt_generate(&jwt);
+	return custom_jwt_generate(exp_delta_s, jwt_buf, jwt_buf_sz, subject, sec_tag);
 #elif defined(CONFIG_MODEM_JWT)
+	struct jwt_data jwt = {
+		.audience = NULL,
+		.key = JWT_KEY_TYPE_CLIENT_PRIV,
+		.alg = JWT_ALG_TYPE_ES256,
+		.jwt_buf = jwt_buf,
+		.jwt_sz = jwt_buf_sz,
+		.exp_delta_s = exp_delta_s,
+		.sec_tag = sec_tag,
+		.subject = subject,
+	};
 	err = modem_jwt_generate(&jwt);
 	if (err) {
 		LOG_ERR("Failed to generate JWT, error: %d", err);