diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 91ff7ea0cb..27390397bc 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -58,7 +58,8 @@ set(srcs "port/os_xtensa.c" "src/wps/wps_dev_attr.c" "src/wps/wps_enrollee.c") -set(esp_srcs "esp_supplicant/src/esp_wpa2.c" +set(esp_srcs "esp_supplicant/src/esp_eap_client.c" + "esp_supplicant/src/esp_wpa2_api_port.c" "esp_supplicant/src/esp_wpa_main.c" "esp_supplicant/src/esp_wpas_glue.c" "esp_supplicant/src/esp_common.c" diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h b/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h new file mode 100644 index 0000000000..a6dc7d6aa5 --- /dev/null +++ b/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h @@ -0,0 +1,311 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#pragma once + +#include +#include "esp_err.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + ESP_EAP_TTLS_PHASE2_EAP, + ESP_EAP_TTLS_PHASE2_MSCHAPV2, + ESP_EAP_TTLS_PHASE2_MSCHAP, + ESP_EAP_TTLS_PHASE2_PAP, + ESP_EAP_TTLS_PHASE2_CHAP +} esp_eap_ttls_phase2_types; + +typedef struct { + int fast_provisioning; /* Enables or disables Fast Provisioning in EAP-FAST */ + int fast_max_pac_list_len; /* Maximum length of the PAC (Protected Access Credential) list */ + bool fast_pac_format_binary; /* Set to true for binary format PAC, false for ASCII format PAC */ +} esp_eap_fast_config; + + +/** + * @brief Enable EAP authentication(WiFi Enterprise) for the station mode. + * + * This function enables Extensible Authentication Protocol (EAP) authentication + * for the Wi-Fi station mode. When EAP authentication is enabled, the ESP device + * will attempt to authenticate with the configured EAP credentials when connecting + * to a secure Wi-Fi network. + * + * @note Before calling this function, ensure that the Wi-Fi configuration and EAP + * credentials (such as username and password) have been properly set using the + * appropriate configuration APIs. + * + * @return + * - ESP_OK: EAP authentication enabled successfully. + * - ESP_ERR_NO_MEM: Failed to enable EAP authentication due to memory allocation failure. + */ +esp_err_t esp_wifi_sta_enterprise_enable(void); + + +/** + * @brief Disable EAP authentication(WiFi Enterprise) for the station mode. + * + * This function disables Extensible Authentication Protocol (EAP) authentication + * for the Wi-Fi station mode. When EAP authentication is disabled, the ESP device + * will not attempt to authenticate using EAP credentials when connecting to a + * secure Wi-Fi network. + * + * @note Disabling EAP authentication may cause the device to connect to the Wi-Fi + * network using other available authentication methods, if configured using esp_wifi_set_config(). + * + * @return + * - ESP_OK: EAP authentication disabled successfully. + * - ESP_ERR_INVALID_STATE: EAP client is in an invalid state for disabling. + */ +esp_err_t esp_wifi_sta_enterprise_disable(void); + +/** + * @brief Set identity for PEAP/TTLS authentication method. + * + * This function sets the identity to be used during PEAP/TTLS authentication. + * + * @param[in] identity Pointer to the identity data. + * @param[in] len Length of the identity data (limited to 1~127 bytes). + * + * @return + * - ESP_OK: The identity was set successfully. + * - ESP_ERR_INVALID_ARG: Invalid argument (len <= 0 or len >= 128). + * - ESP_ERR_NO_MEM: Memory allocation failure. + */ +esp_err_t esp_eap_client_set_identity(const unsigned char *identity, int len); + +/** + * @brief Clear the previously set identity for PEAP/TTLS authentication. + * + * This function clears the identity that was previously set for the EAP client. + * After calling this function, the EAP client will no longer use the previously + * configured identity during the authentication process. + */ +void esp_eap_client_clear_identity(void); + +/** + * @brief Set username for PEAP/TTLS authentication method. + * + * This function sets the username to be used during PEAP/TTLS authentication. + * + * @param[in] username Pointer to the username data. + * @param[in] len Length of the username data (limited to 1~127 bytes). + * + * @return + * - ESP_OK: The username was set successfully. + * - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0 or len >= 128). + * - ESP_ERR_NO_MEM: Failed due to memory allocation failure. + */ +esp_err_t esp_eap_client_set_username(const unsigned char *username, int len); + +/** + * @brief Clear username for PEAP/TTLS method. + * + * This function clears the previously set username for the EAP client. + */ +void esp_eap_client_clear_username(void); + +/** + * @brief Set password for PEAP/TTLS authentication method. + * + * This function sets the password to be used during PEAP/TTLS authentication. + * + * @param[in] password Pointer to the password data. + * @param[in] len Length of the password data (len > 0). + * + * @return + * - ESP_OK: The password was set successfully. + * - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0). + * - ESP_ERR_NO_MEM: Failed due to memory allocation failure. + */ +esp_err_t esp_eap_client_set_password(const unsigned char *password, int len); + +/** + * @brief Clear password for PEAP/TTLS method. + * + * This function clears the previously set password for the EAP client. + */ +void esp_eap_client_clear_password(void); + +/** + * @brief Set a new password for MSCHAPv2 authentication method. + * + * This function sets the new password to be used during MSCHAPv2 authentication. + * The new password is used to substitute the old password when an eap-mschapv2 failure request + * message with error code ERROR_PASSWD_EXPIRED is received. + * + * @param[in] new_password Pointer to the new password data. + * @param[in] len Length of the new password data. + * + * @return + * - ESP_OK: The new password was set successfully. + * - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0). + * - ESP_ERR_NO_MEM: Failed due to memory allocation failure. + */ +esp_err_t esp_eap_client_set_new_password(const unsigned char *new_password, int len); + +/** + * @brief Clear new password for MSCHAPv2 method. + * + * This function clears the previously set new password for the EAP client. + */ +void esp_eap_client_clear_new_password(void); + +/** + * @brief Set CA certificate for EAP authentication. + * + * This function sets the Certificate Authority (CA) certificate to be used during EAP authentication. + * The CA certificate is passed to the EAP client module through a global pointer. + * + * @param[in] ca_cert Pointer to the CA certificate data. + * @param[in] ca_cert_len Length of the CA certificate data. + * + * @return + * - ESP_OK: The CA certificate was set successfully. + */ +esp_err_t esp_eap_client_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len); + +/** + * @brief Clear the previously set Certificate Authority (CA) certificate for EAP authentication. + * + * This function clears the CA certificate that was previously set for the EAP client. + * After calling this function, the EAP client will no longer use the previously + * configured CA certificate during the authentication process. + */ +void esp_eap_client_clear_ca_cert(void); + +/** + * @brief Set client certificate and private key for EAP authentication. + * + * This function sets the client certificate and private key to be used during authentication. + * Optionally, a private key password can be provided for encrypted private keys. + * + * @attention 1. The client certificate, private key, and private key password are provided as pointers + * to the respective data arrays. + * @attention 2. The client_cert, private_key, and private_key_password should be zero-terminated. + * + * @param[in] client_cert Pointer to the client certificate data. + * @param[in] client_cert_len Length of the client certificate data. + * @param[in] private_key Pointer to the private key data. + * @param[in] private_key_len Length of the private key data (limited to 1~4096 bytes). + * @param[in] private_key_password Pointer to the private key password data (optional). + * @param[in] private_key_passwd_len Length of the private key password data (can be 0 for no password). + * + * @return + * - ESP_OK: The certificate, private key, and password (if provided) were set successfully. + */ +esp_err_t esp_eap_client_set_certificate_and_key(const unsigned char *client_cert, int client_cert_len, + const unsigned char *private_key, int private_key_len, + const unsigned char *private_key_password, int private_key_passwd_len); + +/** + * @brief Clear the previously set client certificate and private key for EAP authentication. + * + * This function clears the client certificate and private key that were previously set + * for the EAP client. After calling this function, the EAP client will no longer use the + * previously configured certificate and private key during the authentication process. + */ +void esp_eap_client_clear_certificate_and_key(void); + +/** + * @brief Set EAP client certificates time check (disable or not). + * + * This function enables or disables the time check for EAP client certificates. + * When disabled, the certificates' expiration time will not be checked during the authentication process. + * + * @param[in] disable True to disable EAP client certificates time check, false to enable it. + * + * @return + * - ESP_OK: The EAP client certificates time check setting was updated successfully. + */ +esp_err_t esp_eap_client_set_disable_time_check(bool disable); + +/** + * @brief Get EAP client certificates time check status. + * + * This function retrieves the current status of the EAP client certificates time check. + * + * @param[out] disable Pointer to a boolean variable to store the disable status. + * + * @return + * - ESP_OK: The status of EAP client certificates time check was retrieved successfully. + */ +esp_err_t esp_eap_client_get_disable_time_check(bool *disable); + +/** + * @brief Set EAP-TTLS phase 2 method. + * + * This function sets the phase 2 method to be used during EAP-TTLS authentication. + * + * @param[in] type The type of phase 2 method to be used (e.g., EAP, MSCHAPv2, MSCHAP, PAP, CHAP). + * + * @return + * - ESP_OK: The EAP-TTLS phase 2 method was set successfully. + */ +esp_err_t esp_eap_client_set_ttls_phase2_method(esp_eap_ttls_phase2_types type); + +/** + * @brief Enable or disable Suite-B 192-bit certification checks. + * + * This function enables or disables the 192-bit Suite-B certification checks during EAP-TLS authentication. + * Suite-B is a set of cryptographic algorithms which generally are considered more secure. + * + * @param[in] enable True to enable 192-bit Suite-B certification checks, false to disable it. + * + * @return + * - ESP_OK: The 192-bit Suite-B certification checks were set successfully. + */ +esp_err_t esp_eap_client_set_suiteb_192bit_certification(bool enable); + +/** + * @brief Set the PAC (Protected Access Credential) file for EAP-FAST authentication. + * + * EAP-FAST requires a PAC file that contains the client's credentials. + * + * @attention 1. For files read from the file system, length has to be decremented by 1 byte. + * @attention 2. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST. + * + * @param[in] pac_file Pointer to the PAC file buffer. + * @param[in] pac_file_len Length of the PAC file buffer. + * + * @return + * - ESP_OK: The PAC file for EAP-FAST authentication was set successfully. + */ +esp_err_t esp_eap_client_set_pac_file(const unsigned char *pac_file, int pac_file_len); + +/** + * @brief Set the parameters for EAP-FAST Phase 1 authentication. + * + * EAP-FAST supports Fast Provisioning, where clients can be authenticated faster using precomputed keys (PAC). + * This function allows configuring parameters for Fast Provisioning. + * + * @attention 1. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST. + * + * @param[in] config Configuration structure with Fast Provisioning parameters. + * + * @return + * - ESP_OK: The parameters for EAP-FAST Phase 1 authentication were set successfully. + */ +esp_err_t esp_eap_client_set_fast_params(esp_eap_fast_config config); + +/** + * @brief Use the default certificate bundle for EAP authentication. + * + * By default, the EAP client uses a built-in certificate bundle for server verification. + * Enabling this option allows the use of the default certificate bundle. + * + * @param[in] use_default_bundle True to use the default certificate bundle, false to use a custom bundle. + * + * @return + * - ESP_OK: The option to use the default certificate bundle was set successfully. + */ +esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle); + +#ifdef __cplusplus +} +#endif diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h b/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h index f5fe1d9c1d..4a3f20e94f 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h @@ -7,31 +7,16 @@ #ifndef _ESP_WPA2_H #define _ESP_WPA2_H -#include +#pragma message("esp_wpa2.h is deprecated. Use esp_eap_client.h instead.") -#include "esp_err.h" - -typedef enum { - ESP_EAP_TTLS_PHASE2_EAP, - ESP_EAP_TTLS_PHASE2_MSCHAPV2, - ESP_EAP_TTLS_PHASE2_MSCHAP, - ESP_EAP_TTLS_PHASE2_PAP, - ESP_EAP_TTLS_PHASE2_CHAP -} esp_eap_ttls_phase2_types; - -typedef struct { - int fast_provisioning; - int fast_max_pac_list_len; - bool fast_pac_format_binary; -} esp_eap_fast_config; - -#ifdef __cplusplus -extern "C" { -#endif +#include "esp_eap_client.h" /** * @brief Enable wpa2 enterprise authentication. * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_wifi_sta_enterprise_enable()` instead. + * * @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled. * @attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method. * @@ -39,22 +24,30 @@ extern "C" { * - ESP_OK: succeed. * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_wifi_sta_enterprise_enable' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_enable(void); /** * @brief Disable wpa2 enterprise authentication. * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_wifi_sta_enterprise_disable()` instead. + * * @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled. * @attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method. * * @return * - ESP_OK: succeed. */ +__attribute__((deprecated("Use 'esp_wifi_sta_enterprise_disable' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_disable(void); /** * @brief Set identity for PEAP/TTLS method. * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_identity` instead. + * * @attention The API only passes the parameter identity to the global pointer variable in wpa2 enterprise module. * * @param identity: point to address where stores the identity; @@ -65,17 +58,24 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void); * - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128) * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_eap_client_set_identity' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len); /** * @brief Clear identity for PEAP/TTLS method. + * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_identity` instead. + * */ +__attribute__((deprecated("Use 'esp_eap_client_clear_identity' instead"))) void esp_wifi_sta_wpa2_ent_clear_identity(void); /** * @brief Set username for PEAP/TTLS method. * - * @attention The API only passes the parameter username to the global pointer variable in wpa2 enterprise module. + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_username` instead. * * @param username: point to address where stores the username; * @param len: length of username, limited to 1~127 @@ -85,17 +85,23 @@ void esp_wifi_sta_wpa2_ent_clear_identity(void); * - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128) * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_eap_client_set_username' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len); /** * @brief Clear username for PEAP/TTLS method. + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_username` instead. + * */ +__attribute__((deprecated("Use 'esp_eap_client_clear_username' instead"))) void esp_wifi_sta_wpa2_ent_clear_username(void); /** * @brief Set password for PEAP/TTLS method.. * - * @attention The API only passes the parameter password to the global pointer variable in wpa2 enterprise module. + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_password` instead. * * @param password: point to address where stores the password; * @param len: length of password(len > 0) @@ -105,18 +111,25 @@ void esp_wifi_sta_wpa2_ent_clear_username(void); * - ESP_ERR_INVALID_ARG: fail(len <= 0) * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_eap_client_set_password' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len); /** * @brief Clear password for PEAP/TTLS method.. + * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_password` instead. */ +__attribute__((deprecated("Use 'esp_eap_client_clear_password' instead"))) void esp_wifi_sta_wpa2_ent_clear_password(void); /** * @brief Set new password for MSCHAPv2 method.. * - * @attention 1. The API only passes the parameter password to the global pointer variable in wpa2 enterprise module. - * @attention 2. The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received. + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_new_password` instead. + * + * @attention 1. The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received. * * @param new_password: point to address where stores the password; * @param len: length of password @@ -126,17 +139,25 @@ void esp_wifi_sta_wpa2_ent_clear_password(void); * - ESP_ERR_INVALID_ARG: fail(len <= 0) * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ - +__attribute__((deprecated("Use 'esp_eap_client_set_new_password' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len); /** * @brief Clear new password for MSCHAPv2 method.. + * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_new_password` instead. + * */ +__attribute__((deprecated("Use 'esp_eap_client_clear_new_password' instead"))) void esp_wifi_sta_wpa2_ent_clear_new_password(void); /** * @brief Set CA certificate for PEAP/TTLS method. * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_ca_cert` instead. + * * @attention 1. The API only passes the parameter ca_cert to the global pointer variable in wpa2 enterprise module. * @attention 2. The ca_cert should be zero terminated. * @@ -146,16 +167,25 @@ void esp_wifi_sta_wpa2_ent_clear_new_password(void); * @return * - ESP_OK: succeed */ +__attribute__((deprecated("Use 'esp_eap_client_set_ca_cert' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len); /** * @brief Clear CA certificate for PEAP/TTLS method. + * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_ca_cert` instead. + * */ +__attribute__((deprecated("Use 'esp_eap_client_clear_ca_cert' instead"))) void esp_wifi_sta_wpa2_ent_clear_ca_cert(void); /** * @brief Set client certificate and key. * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_certificate_and_key` instead. + * * @attention 1. The API only passes the parameter client_cert, private_key and private_key_passwd to the global pointer variable in wpa2 enterprise module. * @attention 2. The client_cert, private_key and private_key_passwd should be zero terminated. * @@ -169,57 +199,84 @@ void esp_wifi_sta_wpa2_ent_clear_ca_cert(void); * @return * - ESP_OK: succeed */ -esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len); +__attribute__((deprecated("Use 'esp_eap_client_set_certificate_and_key' instead"))) +esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, + const unsigned char *private_key, int private_key_len, + const unsigned char *private_key_passwd, int private_key_passwd_len); /** * @brief Clear client certificate and key. + * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_certificate_and_key` instead. + * */ +__attribute__((deprecated("Use 'esp_eap_client_clear_certificate_and_key' instead"))) void esp_wifi_sta_wpa2_ent_clear_cert_key(void); /** * @brief Set wpa2 enterprise certs time check(disable or not). * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_disable_time_check` instead. + * * @param true: disable wpa2 enterprise certs time check * @param false: enable wpa2 enterprise certs time check * * @return * - ESP_OK: succeed */ +__attribute__((deprecated("Use 'esp_eap_client_set_disable_time_check' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable); /** * @brief Get wpa2 enterprise certs time check(disable or not). * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_get_disable_time_check` instead. + * * @param disable: store disable value * * @return * - ESP_OK: succeed */ +__attribute__((deprecated("Use 'esp_eap_client_get_disable_time_check' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable); /** * @brief Set wpa2 enterprise ttls phase2 method * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_ttls_phase2_method` instead. + * * @param type: the type of phase 2 method to be used * * @return * - ESP_OK: succeed */ +__attribute__((deprecated("Use 'esp_eap_client_set_ttls_phase2_method' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type); /** * @brief enable/disable 192 bit suite b certification checks * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_suiteb_192bit_certification` instead. + * * @param enable: bool to enable/disable it. * * @return * - ESP_OK: succeed */ +__attribute__((deprecated("Use 'esp_eap_client_set_suiteb_192bit_certification' instead"))) esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable); /** * @brief Set client pac file * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_pac_file` instead. + * * @attention 1. For files read from the file system, length has to be decremented by 1 byte. * @attention 2. Disabling the WPA_MBEDTLS_CRYPTO config is required to use EAP-FAST. * @@ -230,12 +287,16 @@ esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable); * - ESP_OK: succeed * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_eap_client_set_pac_file' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len); /** * @brief Set Phase 1 parameters for EAP-FAST * - * @attention 1. Disabling the WPA_MBEDTLS_CRYPTO config is required to use EAP-FAST. + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_fast_params` instead. + * + * @attention 1. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST. * * @param config: eap fast phase 1 configuration * @@ -244,17 +305,22 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int * - ESP_ERR_INVALID_ARG: fail(out of bound arguments) * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_eap_client_set_fast_params' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config); /** * @brief Use default CA cert bundle for server validation * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_use_default_cert_bundle` instead. + * * @use_default_bundle : whether to use bundle or not * * @return * - ESP_OK: succeed * - ESP_FAIL: fail */ +__attribute__((deprecated("Use 'esp_eap_client_use_default_cert_bundle' instead"))) esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle); #ifdef __cplusplus diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c similarity index 86% rename from components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c rename to components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c index 158a5af90f..54715cfa03 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c @@ -36,7 +36,8 @@ #include "esp_crt_bundle.h" #endif #include "esp_wpas_glue.h" -#include "esp_wpa2_i.h" +#include "esp_eap_client_i.h" +#include "esp_eap_client.h" #define WPA2_VERSION "v2.0" @@ -77,7 +78,7 @@ static void wpa2_api_lock(void) if (s_wpa2_api_lock == NULL) { s_wpa2_api_lock = os_recursive_mutex_create(); if (!s_wpa2_api_lock) { - wpa_printf(MSG_ERROR, "WPA2: failed to create wpa2 api lock"); + wpa_printf(MSG_ERROR, "EAP: failed to create EAP api lock"); return; } } @@ -117,7 +118,7 @@ static void wpa2_set_eap_state(wpa2_ent_eap_state_t state) esp_wifi_set_wpa2_ent_state_internal(state); } -wpa2_ent_eap_state_t wpa2_get_eap_state(void) +wpa2_ent_eap_state_t eap_client_get_eap_state(void) { if (!gEapSm) { return WPA2_ENT_EAP_STATE_NOT_START; @@ -132,14 +133,14 @@ static inline void wpa2_task_delete(void *arg) int ret = ESP_OK; if (my_task_hdl == s_wpa2_task_hdl) { - wpa_printf(MSG_ERROR, "WPA2: should never call task delete api in wpa2 task context"); + wpa_printf(MSG_ERROR, "EAP: should never call task delete api in eap task context"); return; } ret = wpa2_post(SIG_WPA2_TASK_DEL, 0); if (ESP_OK != ret) { - wpa_printf(MSG_ERROR, "WPA2: failed to post task delete event, ret=%d", ret); + wpa_printf(MSG_ERROR, "EAP: failed to post task delete event, ret=%d", ret); return; } } @@ -241,23 +242,23 @@ void wpa2_task(void *pvParameters ) break; } else { if (s_wifi_wpa2_sync_sem) { - wpa_printf(MSG_DEBUG, "WPA2: wifi->wpa2 api completed sig(%" PRId32 ")", e->sig); + wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed sig(%" PRId32 ")", e->sig); os_semphr_give(s_wifi_wpa2_sync_sem); } else { - wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem"); + wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem"); } } } - wpa_printf(MSG_DEBUG, "WPA2: queue deleted"); + wpa_printf(MSG_DEBUG, "EAP: queue deleted"); os_queue_delete(s_wpa2_queue); - wpa_printf(MSG_DEBUG, "WPA2: task deleted"); + wpa_printf(MSG_DEBUG, "EAP: task deleted"); s_wpa2_queue = NULL; if (s_wifi_wpa2_sync_sem) { - wpa_printf(MSG_DEBUG, "WPA2: wifi->wpa2 api completed sig(%" PRId32 ")", e->sig); + wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed sig(%" PRId32 ")", e->sig); os_semphr_give(s_wifi_wpa2_sync_sem); } else { - wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem"); + wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem"); } /* At this point, we completed */ @@ -279,7 +280,7 @@ int wpa2_post(uint32_t sig, uint32_t par) } else { ETSEvent *evt = (ETSEvent *)os_malloc(sizeof(ETSEvent)); if (evt == NULL) { - wpa_printf(MSG_ERROR, "WPA2: E N M\n"); + wpa_printf(MSG_ERROR, "EAP: E N M"); DATA_MUTEX_GIVE(); return ESP_FAIL; } @@ -288,14 +289,14 @@ int wpa2_post(uint32_t sig, uint32_t par) evt->sig = sig; evt->par = par; if (os_queue_send(s_wpa2_queue, &evt, os_task_ms_to_tick(10)) != TRUE) { - wpa_printf(MSG_ERROR, "WPA2: Q S E"); + wpa_printf(MSG_ERROR, "EAP: Q S E"); return ESP_FAIL; } else { if (s_wifi_wpa2_sync_sem) { os_semphr_take(s_wifi_wpa2_sync_sem, OS_BLOCK); - wpa_printf(MSG_DEBUG, "WPA2: wpa2 api return, sm->state(%d)", sm->finish_state); + wpa_printf(MSG_DEBUG, "EAP: EAP api return, sm->state(%d)", sm->finish_state); } else { - wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem"); + wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem"); } } } @@ -532,12 +533,10 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss } if (len < sizeof(*hdr) + sizeof(*ehdr)) { -#ifdef DEBUG_PRINT wpa_printf(MSG_DEBUG, "WPA: EAPOL frame too short to be a WPA " "EAPOL-Key (len %lu, expecting at least %lu)", (unsigned long) len, (unsigned long) sizeof(*hdr) + sizeof(*ehdr)); -#endif return ESP_FAIL; } @@ -548,38 +547,30 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss plen = be_to_host16(hdr->length); data_len = plen + sizeof(*hdr); -#ifdef DEBUG_PRINT wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%" PRId32 "", hdr->version, hdr->type, plen); -#endif if (hdr->version < EAPOL_VERSION) { /* TODO: backwards compatibility */ } if (hdr->type != IEEE802_1X_TYPE_EAP_PACKET) { -#ifdef DEBUG_PRINT - wpa_printf(MSG_DEBUG, "WPA2: EAP frame (type %u) discarded, " + wpa_printf(MSG_DEBUG, "EAP: EAP frame (type %u) discarded, " "not a EAP PACKET frame", hdr->type); -#endif ret = -2; goto _out; } if (plen > len - sizeof(*hdr) || plen < sizeof(*ehdr)) { -#ifdef DEBUG_PRINT - wpa_printf(MSG_DEBUG, "WPA2: EAPOL frame payload size %lu " + wpa_printf(MSG_DEBUG, "EAP: EAPOL frame payload size %lu " "invalid (frame size %lu)", (unsigned long) plen, (unsigned long) len); -#endif ret = -2; goto _out; } - wpa_hexdump(MSG_MSGDUMP, "WPA2: RX EAPOL-EAP PACKET", tmp, len); + wpa_hexdump(MSG_MSGDUMP, "EAP: RX EAPOL-EAP PACKET", tmp, len); if (data_len < len) { -#ifdef DEBUG_PRINT wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE " "802.1X data\n", (unsigned long) len - data_len); -#endif } #ifdef EAP_PEER_METHOD @@ -587,7 +578,7 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss case EAP_CODE_REQUEST: /* Handle EAP-reauthentication case */ if (sm->finish_state == WPA2_ENT_EAP_STATE_SUCCESS) { - wpa_printf(MSG_INFO, ">>>>>wpa2 EAP Re-authentication in progress\n"); + wpa_printf(MSG_INFO, "EAP Re-authentication in progress"); wpa2_set_eap_state(WPA2_ENT_EAP_STATE_IN_PROGRESS); } @@ -602,18 +593,18 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss wpa_set_pmk(sm->eapKeyData, NULL, false); os_free(sm->eapKeyData); sm->eapKeyData = NULL; - wpa_printf(MSG_INFO, ">>>>>wpa2 FINISH\n"); + wpa_printf(MSG_INFO, ">>>>>EAP FINISH"); ret = WPA2_ENT_EAP_STATE_SUCCESS; wpa2_set_eap_state(WPA2_ENT_EAP_STATE_SUCCESS); eap_deinit_prev_method(sm, "EAP Success"); } else { - wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED, receive EAP_SUCCESS but pmk is empty, potential attack!\n"); + wpa_printf(MSG_INFO, ">>>>>EAP FAILED, receive EAP_SUCCESS but pmk is empty, potential attack!"); ret = WPA2_ENT_EAP_STATE_FAIL; wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL); } break; case EAP_CODE_FAILURE: - wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED\n"); + wpa_printf(MSG_INFO, ">>>>>EAP FAILED"); ret = WPA2_ENT_EAP_STATE_FAIL; wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL); break; @@ -688,7 +679,7 @@ static int eap_peer_sm_init(void) struct eap_sm *sm; if (gEapSm) { - wpa_printf(MSG_ERROR, "WPA2: wpa2 sm not null, deinit it"); + wpa_printf(MSG_ERROR, "EAP: EAP sm not null, deinit it"); eap_peer_sm_deinit(); } @@ -701,7 +692,7 @@ static int eap_peer_sm_init(void) gEapSm = sm; s_wpa2_data_lock = os_recursive_mutex_create(); if (!s_wpa2_data_lock) { - wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock"); + wpa_printf(MSG_ERROR, "EAP eap_peer_sm_init: failed to alloc data lock"); ret = ESP_ERR_NO_MEM; goto _err; } @@ -743,13 +734,12 @@ static int eap_peer_sm_init(void) } s_wifi_wpa2_sync_sem = os_semphr_create(1, 0); if (!s_wifi_wpa2_sync_sem) { - wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem"); + wpa_printf(MSG_ERROR, "EAP: failed create wifi EAP task sync sem"); ret = ESP_FAIL; goto _err; } - - wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d\n", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE); #endif + wpa_printf(MSG_INFO, "wifi_task prio:%d, stack:%d", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE); return ESP_OK; _err: @@ -793,7 +783,7 @@ static void eap_peer_sm_deinit(void) if (s_wpa2_data_lock) { os_semphr_delete(s_wpa2_data_lock); s_wpa2_data_lock = NULL; - wpa_printf(MSG_DEBUG, "wpa2 eap_peer_sm_deinit: free data lock"); + wpa_printf(MSG_DEBUG, "EAP: eap_peer_sm_deinit: free data lock"); } if (s_wpa2_queue) { @@ -804,16 +794,15 @@ static void eap_peer_sm_deinit(void) gEapSm = NULL; } -esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg) +static esp_err_t esp_client_enable_fn(void *arg) { struct wpa2_funcs *wpa2_cb; - wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] enable\n", - WPA2_VERSION); + wpa_printf(MSG_INFO, "WiFi Enterprise enable"); wpa2_cb = (struct wpa2_funcs *)os_zalloc(sizeof(struct wpa2_funcs)); if (wpa2_cb == NULL) { - wpa_printf(MSG_ERROR, "WPA2: no mem for wpa2 cb\n"); + wpa_printf(MSG_ERROR, "EAP: no mem for eap cb"); return ESP_ERR_NO_MEM; } @@ -824,7 +813,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg) esp_wifi_register_wpa2_cb_internal(wpa2_cb); - wpa_printf(MSG_DEBUG, "WPA2 ENTERPRISE CRYPTO INIT.\r\n"); + wpa_printf(MSG_DEBUG, "WiFi Enterprise crypto init.\r"); #ifdef EAP_PEER_METHOD if (eap_peer_register_methods()) { @@ -834,7 +823,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg) return ESP_OK; } -esp_err_t esp_wifi_sta_wpa2_ent_enable(void) +esp_err_t esp_wifi_sta_enterprise_enable(void) { wifi_wpa2_param_t param; esp_err_t ret; @@ -843,21 +832,21 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void) wpa2_api_lock(); if (wpa2_is_enabled()) { - wpa_printf(MSG_INFO, "WPA2: already enabled"); + wpa_printf(MSG_INFO, "EAP: already enabled"); wpa2_api_unlock(); return ESP_OK; } - param.fn = (wifi_wpa2_fn_t)esp_wifi_sta_wpa2_ent_enable_fn; + param.fn = (wifi_wpa2_fn_t)esp_client_enable_fn; param.param = NULL; ret = esp_wifi_sta_wpa2_ent_enable_internal(¶m); if (ESP_OK == ret) { wpa2_set_state(WPA2_STATE_ENABLED); - sm->wpa_sm_wpa2_ent_disable = esp_wifi_sta_wpa2_ent_disable; + sm->wpa_sm_eap_disable = esp_wifi_sta_enterprise_disable; } else { - wpa_printf(MSG_ERROR, "failed to enable wpa2 ret=%d", ret); + wpa_printf(MSG_ERROR, "failed to enable eap ret=%d", ret); } wpa2_api_unlock(); @@ -865,10 +854,10 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void) return ret; } -esp_err_t esp_wifi_sta_wpa2_ent_disable_fn(void *param) +static esp_err_t eap_client_disable_fn(void *param) { struct wpa_sm *sm = &gWpaSm; - wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] disable\n", WPA2_VERSION); + wpa_printf(MSG_INFO, "WiFi enterprise disable"); esp_wifi_unregister_wpa2_cb_internal(); if (gEapSm) { @@ -879,11 +868,11 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable_fn(void *param) eap_peer_unregister_methods(); #endif - sm->wpa_sm_wpa2_ent_disable = NULL; + sm->wpa_sm_eap_disable = NULL; return ESP_OK; } -esp_err_t esp_wifi_sta_wpa2_ent_disable(void) +esp_err_t esp_wifi_sta_enterprise_disable(void) { wifi_wpa2_param_t param; esp_err_t ret; @@ -891,19 +880,19 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void) wpa2_api_lock(); if (wpa2_is_disabled()) { - wpa_printf(MSG_INFO, "WPA2: already disabled"); + wpa_printf(MSG_INFO, "EAP: already disabled"); wpa2_api_unlock(); return ESP_OK; } - param.fn = (wifi_wpa2_fn_t)esp_wifi_sta_wpa2_ent_disable_fn; + param.fn = (wifi_wpa2_fn_t)eap_client_disable_fn; param.param = 0; ret = esp_wifi_sta_wpa2_ent_disable_internal(¶m); if (ESP_OK == ret) { wpa2_set_state(WPA2_STATE_DISABLED); } else { - wpa_printf(MSG_ERROR, "failed to disable wpa2 ret=%d", ret); + wpa_printf(MSG_ERROR, "failed to disable eap ret=%d", ret); } wpa2_api_unlock(); @@ -911,7 +900,9 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void) return ret; } -esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len) +esp_err_t esp_eap_client_set_certificate_and_key(const unsigned char *client_cert, int client_cert_len, + const unsigned char *private_key, int private_key_len, + const unsigned char *private_key_passwd, int private_key_passwd_len) { if (client_cert && client_cert_len > 0) { g_wpa_client_cert = client_cert; @@ -929,10 +920,8 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, i return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_cert_key(void) +void esp_eap_client_clear_certificate_and_key(void) { - esp_wifi_unregister_wpa2_cb_internal(); - g_wpa_client_cert = NULL; g_wpa_client_cert_len = 0; g_wpa_private_key = NULL; @@ -944,7 +933,7 @@ void esp_wifi_sta_wpa2_ent_clear_cert_key(void) g_wpa_pac_file_len = 0; } -esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len) +esp_err_t esp_eap_client_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len) { if (ca_cert && ca_cert_len > 0) { g_wpa_ca_cert = ca_cert; @@ -954,14 +943,14 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_ca_cert(void) +void esp_eap_client_clear_ca_cert(void) { g_wpa_ca_cert = NULL; g_wpa_ca_cert_len = 0; } #define ANONYMOUS_ID_LEN_MAX 128 -esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len) +esp_err_t esp_eap_client_set_identity(const unsigned char *identity, int len) { if (len <= 0 || len > ANONYMOUS_ID_LEN_MAX) { return ESP_ERR_INVALID_ARG; @@ -983,7 +972,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_identity(void) +void esp_eap_client_clear_identity(void) { if (g_wpa_anonymous_identity) { os_free(g_wpa_anonymous_identity); @@ -994,7 +983,7 @@ void esp_wifi_sta_wpa2_ent_clear_identity(void) } #define USERNAME_LEN_MAX 128 -esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len) +esp_err_t esp_eap_client_set_username(const unsigned char *username, int len) { if (len <= 0 || len > USERNAME_LEN_MAX) { return ESP_ERR_INVALID_ARG; @@ -1016,7 +1005,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_username(void) +void esp_eap_client_clear_username(void) { if (g_wpa_username) { os_free(g_wpa_username); @@ -1026,7 +1015,7 @@ void esp_wifi_sta_wpa2_ent_clear_username(void) g_wpa_username_len = 0; } -esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len) +esp_err_t esp_eap_client_set_password(const unsigned char *password, int len) { if (len <= 0) { return ESP_ERR_INVALID_ARG; @@ -1048,7 +1037,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_password(void) +void esp_eap_client_clear_password(void) { if (g_wpa_password) { os_free(g_wpa_password); @@ -1057,7 +1046,7 @@ void esp_wifi_sta_wpa2_ent_clear_password(void) g_wpa_password_len = 0; } -esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len) +esp_err_t esp_eap_client_set_new_password(const unsigned char *new_password, int len) { if (len <= 0) { return ESP_ERR_INVALID_ARG; @@ -1079,7 +1068,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_passwo return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_new_password(void) +void esp_eap_client_clear_new_password(void) { if (g_wpa_new_password) { os_free(g_wpa_new_password); @@ -1088,7 +1077,7 @@ void esp_wifi_sta_wpa2_ent_clear_new_password(void) g_wpa_new_password_len = 0; } -esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable) +esp_err_t esp_eap_client_set_disable_time_check(bool disable) { s_disable_time_check = disable; return ESP_OK; @@ -1099,13 +1088,13 @@ bool wifi_sta_get_enterprise_disable_time_check(void) return s_disable_time_check; } -esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable) +esp_err_t esp_eap_client_get_disable_time_check(bool *disable) { *disable = wifi_sta_get_enterprise_disable_time_check(); return ESP_OK; } -esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type) +esp_err_t esp_eap_client_set_ttls_phase2_method(esp_eap_ttls_phase2_types type) { switch (type) { case ESP_EAP_TTLS_PHASE2_EAP: @@ -1130,7 +1119,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types return ESP_OK; } -esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable) +esp_err_t esp_eap_client_set_suiteb_192bit_certification(bool enable) { #ifdef CONFIG_SUITEB192 g_wpa_suiteb_certification = enable; @@ -1140,7 +1129,7 @@ esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable) #endif } -esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len) +esp_err_t esp_eap_client_set_pac_file(const unsigned char *pac_file, int pac_file_len) { if (pac_file && pac_file_len > -1) { if (pac_file_len < 512) { // The file contains less than 1 pac and is to be rewritten later @@ -1164,7 +1153,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int return ESP_OK; } -esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config) +esp_err_t esp_eap_client_set_fast_params(esp_eap_fast_config config) { char config_for_supplicant[PHASE1_PARAM_STRING_LEN] = ""; if ((config.fast_provisioning > -1) && (config.fast_provisioning <= 2)) { @@ -1196,7 +1185,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config confi } -esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle) +esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle) { #ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE g_wpa_default_cert_bundle = use_default_bundle; diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2_i.h b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client_i.h similarity index 60% rename from components/wpa_supplicant/esp_supplicant/src/esp_wpa2_i.h rename to components/wpa_supplicant/esp_supplicant/src/esp_eap_client_i.h index 06f356c5ca..d0e6b30bad 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2_i.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client_i.h @@ -4,11 +4,8 @@ * SPDX-License-Identifier: Apache-2.0 */ -#ifndef ESP_WPA2_I_H -#define ESP_WPA2_I_H +#pragma once #include "esp_wifi_driver.h" -wpa2_ent_eap_state_t wpa2_get_eap_state(void); - -#endif +wpa2_ent_eap_state_t eap_client_get_eap_state(void); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2_api_port.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa2_api_port.c new file mode 100644 index 0000000000..a61c3ca8eb --- /dev/null +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa2_api_port.c @@ -0,0 +1,115 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include "esp_eap_client.h" + +esp_err_t esp_wifi_sta_wpa2_ent_enable(void) +{ + return esp_wifi_sta_enterprise_enable(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_disable(void) +{ + return esp_wifi_sta_enterprise_disable(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len) +{ + return esp_eap_client_set_identity(identity, len); +} + +void esp_wifi_sta_wpa2_ent_clear_identity(void) +{ + esp_eap_client_clear_identity(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len) +{ + return esp_eap_client_set_username(username, len); +} + +void esp_wifi_sta_wpa2_ent_clear_username(void) +{ + esp_eap_client_clear_username(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len) +{ + return esp_eap_client_set_password(password, len); +} + +void esp_wifi_sta_wpa2_ent_clear_password(void) +{ + esp_eap_client_clear_password(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len) +{ + return esp_eap_client_set_new_password(new_password, len); +} + +void esp_wifi_sta_wpa2_ent_clear_new_password(void) +{ + esp_eap_client_clear_new_password(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len) +{ + return esp_eap_client_set_ca_cert(ca_cert, ca_cert_len); +} + +void esp_wifi_sta_wpa2_ent_clear_ca_cert(void) +{ + esp_eap_client_clear_ca_cert(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, + const unsigned char *private_key, int private_key_len, + const unsigned char *private_key_passwd, int private_key_passwd_len) +{ + return esp_eap_client_set_certificate_and_key(client_cert, client_cert_len, + private_key, private_key_len, private_key_passwd, private_key_passwd_len); +} + +void esp_wifi_sta_wpa2_ent_clear_cert_key(void) +{ + esp_eap_client_clear_certificate_and_key(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable) +{ + return esp_eap_client_set_disable_time_check(disable); +} + +esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable) +{ + return esp_eap_client_get_disable_time_check(disable); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type) +{ + return esp_eap_client_set_ttls_phase2_method(type); +} + +esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable) +{ + return esp_eap_client_set_suiteb_192bit_certification(enable); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len) +{ + return esp_eap_client_set_pac_file(pac_file, pac_file_len); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config) +{ + return esp_eap_client_set_fast_params(config); +} + +esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle) +{ + return esp_eap_client_use_default_cert_bundle(use_default_bundle); +} diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c index 3a03dfc8bc..546f38da4c 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c @@ -28,7 +28,7 @@ #include "esp_wifi_driver.h" #include "esp_private/wifi.h" #include "esp_wpa3_i.h" -#include "esp_wpa2.h" +#include "esp_eap_client.h" #include "esp_common_i.h" #include "esp_owe_i.h" @@ -181,12 +181,12 @@ void wpa_ap_get_peer_spp_msg(void *sm_data, bool *spp_cap, bool *spp_req) *spp_req = sm->spp_sup.require; } -bool wpa_deattach(void) +bool wpa_deattach(void) { struct wpa_sm *sm = &gWpaSm; #ifdef CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT - if (sm->wpa_sm_wpa2_ent_disable) { - sm->wpa_sm_wpa2_ent_disable(); + if (sm->wpa_sm_eap_disable) { + sm->wpa_sm_eap_disable(); } #endif if (sm->wpa_sm_wps_disable) { diff --git a/components/wpa_supplicant/src/eap_peer/eap_i.h b/components/wpa_supplicant/src/eap_peer/eap_i.h index 15cedbe1bf..fec7856714 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_i.h +++ b/components/wpa_supplicant/src/eap_peer/eap_i.h @@ -13,7 +13,6 @@ #include "eap.h" #include "eap_common.h" #include "eap_config.h" -#include "esp_wpa2.h" /* RFC 4137 - EAP Peer state machine */ diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 4c53248813..276542ee4f 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -34,7 +34,7 @@ #include "common/bss.h" #include "esp_common_i.h" #include "esp_owe_i.h" -#include "esp_wpa2_i.h" +#include "esp_eap_client_i.h" /** * eapol_sm_notify_eap_success - Notification of external EAP success trigger @@ -663,7 +663,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, size_t kde_len; if (is_wpa2_enterprise_connection()) { - wpa2_ent_eap_state_t state = wpa2_get_eap_state(); + wpa2_ent_eap_state_t state = eap_client_get_eap_state(); if (state == WPA2_ENT_EAP_STATE_IN_PROGRESS) { wpa_printf(MSG_INFO, "EAP Success has not been processed yet." " Drop EAPOL message."); diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_i.h b/components/wpa_supplicant/src/rsn_supp/wpa_i.h index 1f1d7590d5..0186393ed2 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa_i.h +++ b/components/wpa_supplicant/src/rsn_supp/wpa_i.h @@ -123,7 +123,7 @@ struct wpa_sm { struct wpabuf *owe_ie; #endif /* CONFIG_OWE_STA */ int (*wpa_sm_wps_disable)(void); - esp_err_t (*wpa_sm_wpa2_ent_disable)(void); + esp_err_t (*wpa_sm_eap_disable)(void); }; /**