alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

change(esp_wifi): Rename WiFi enterprise connection APIs

Browse Source
This commit is contained in:
Kapil Gupta 2023-08-03 18:07:29 +05:30
parent 41d8715dfe
commit 981086ba30
10 changed files with 594 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
components/wpa_supplicant/CMakeLists.txt
View File

@ -61,7 +61,8 @@ set(srcs "port/os_xtensa.c"
"src/wps/wps_dev_attr.c"
"src/wps/wps_enrollee.c")
set(esp_srcs "esp_supplicant/src/esp_wpa2.c"
set(esp_srcs "esp_supplicant/src/esp_eap_client.c"
"esp_supplicant/src/esp_wpa2_api_port.c"
"esp_supplicant/src/esp_wpa_main.c"
"esp_supplicant/src/esp_wpas_glue.c"
"esp_supplicant/src/esp_common.c"

311
components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h Normal file
View File

@ -0,0 +1,311 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include <stdbool.h>
#include "esp_err.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef enum {
ESP_EAP_TTLS_PHASE2_EAP,
ESP_EAP_TTLS_PHASE2_MSCHAPV2,
ESP_EAP_TTLS_PHASE2_MSCHAP,
ESP_EAP_TTLS_PHASE2_PAP,
ESP_EAP_TTLS_PHASE2_CHAP
} esp_eap_ttls_phase2_types;
typedef struct {
int fast_provisioning; /* Enables or disables Fast Provisioning in EAP-FAST */
int fast_max_pac_list_len; /* Maximum length of the PAC (Protected Access Credential) list */
bool fast_pac_format_binary; /* Set to true for binary format PAC, false for ASCII format PAC */
} esp_eap_fast_config;
/**
* @brief Enable EAP authentication(WiFi Enterprise) for the station mode.
*
* This function enables Extensible Authentication Protocol (EAP) authentication
* for the Wi-Fi station mode. When EAP authentication is enabled, the ESP device
* will attempt to authenticate with the configured EAP credentials when connecting
* to a secure Wi-Fi network.
*
* @note Before calling this function, ensure that the Wi-Fi configuration and EAP
* credentials (such as username and password) have been properly set using the
* appropriate configuration APIs.
*
* @return
* - ESP_OK: EAP authentication enabled successfully.
* - ESP_ERR_NO_MEM: Failed to enable EAP authentication due to memory allocation failure.
*/
esp_err_t esp_wifi_sta_enterprise_enable(void);
/**
* @brief Disable EAP authentication(WiFi Enterprise) for the station mode.
*
* This function disables Extensible Authentication Protocol (EAP) authentication
* for the Wi-Fi station mode. When EAP authentication is disabled, the ESP device
* will not attempt to authenticate using EAP credentials when connecting to a
* secure Wi-Fi network.
*
* @note Disabling EAP authentication may cause the device to connect to the Wi-Fi
* network using other available authentication methods, if configured using esp_wifi_set_config().
*
* @return
* - ESP_OK: EAP authentication disabled successfully.
* - ESP_ERR_INVALID_STATE: EAP client is in an invalid state for disabling.
*/
esp_err_t esp_wifi_sta_enterprise_disable(void);
/**
* @brief Set identity for PEAP/TTLS authentication method.
*
* This function sets the identity to be used during PEAP/TTLS authentication.
*
* @param[in] identity Pointer to the identity data.
* @param[in] len Length of the identity data (limited to 1~127 bytes).
*
* @return
* - ESP_OK: The identity was set successfully.
* - ESP_ERR_INVALID_ARG: Invalid argument (len <= 0 or len >= 128).
* - ESP_ERR_NO_MEM: Memory allocation failure.
*/
esp_err_t esp_eap_client_set_identity(const unsigned char *identity, int len);
/**
* @brief Clear the previously set identity for PEAP/TTLS authentication.
*
* This function clears the identity that was previously set for the EAP client.
* After calling this function, the EAP client will no longer use the previously
* configured identity during the authentication process.
*/
void esp_eap_client_clear_identity(void);
/**
* @brief Set username for PEAP/TTLS authentication method.
*
* This function sets the username to be used during PEAP/TTLS authentication.
*
* @param[in] username Pointer to the username data.
* @param[in] len Length of the username data (limited to 1~127 bytes).
*
* @return
* - ESP_OK: The username was set successfully.
* - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0 or len >= 128).
* - ESP_ERR_NO_MEM: Failed due to memory allocation failure.
*/
esp_err_t esp_eap_client_set_username(const unsigned char *username, int len);
/**
* @brief Clear username for PEAP/TTLS method.
*
* This function clears the previously set username for the EAP client.
*/
void esp_eap_client_clear_username(void);
/**
* @brief Set password for PEAP/TTLS authentication method.
*
* This function sets the password to be used during PEAP/TTLS authentication.
*
* @param[in] password Pointer to the password data.
* @param[in] len Length of the password data (len > 0).
*
* @return
* - ESP_OK: The password was set successfully.
* - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0).
* - ESP_ERR_NO_MEM: Failed due to memory allocation failure.
*/
esp_err_t esp_eap_client_set_password(const unsigned char *password, int len);
/**
* @brief Clear password for PEAP/TTLS method.
*
* This function clears the previously set password for the EAP client.
*/
void esp_eap_client_clear_password(void);
/**
* @brief Set a new password for MSCHAPv2 authentication method.
*
* This function sets the new password to be used during MSCHAPv2 authentication.
* The new password is used to substitute the old password when an eap-mschapv2 failure request
* message with error code ERROR_PASSWD_EXPIRED is received.
*
* @param[in] new_password Pointer to the new password data.
* @param[in] len Length of the new password data.
*
* @return
* - ESP_OK: The new password was set successfully.
* - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0).
* - ESP_ERR_NO_MEM: Failed due to memory allocation failure.
*/
esp_err_t esp_eap_client_set_new_password(const unsigned char *new_password, int len);
/**
* @brief Clear new password for MSCHAPv2 method.
*
* This function clears the previously set new password for the EAP client.
*/
void esp_eap_client_clear_new_password(void);
/**
* @brief Set CA certificate for EAP authentication.
*
* This function sets the Certificate Authority (CA) certificate to be used during EAP authentication.
* The CA certificate is passed to the EAP client module through a global pointer.
*
* @param[in] ca_cert Pointer to the CA certificate data.
* @param[in] ca_cert_len Length of the CA certificate data.
*
* @return
* - ESP_OK: The CA certificate was set successfully.
*/
esp_err_t esp_eap_client_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len);
/**
* @brief Clear the previously set Certificate Authority (CA) certificate for EAP authentication.
*
* This function clears the CA certificate that was previously set for the EAP client.
* After calling this function, the EAP client will no longer use the previously
* configured CA certificate during the authentication process.
*/
void esp_eap_client_clear_ca_cert(void);
/**
* @brief Set client certificate and private key for EAP authentication.
*
* This function sets the client certificate and private key to be used during authentication.
* Optionally, a private key password can be provided for encrypted private keys.
*
* @attention 1. The client certificate, private key, and private key password are provided as pointers
* to the respective data arrays.
* @attention 2. The client_cert, private_key, and private_key_password should be zero-terminated.
*
* @param[in] client_cert Pointer to the client certificate data.
* @param[in] client_cert_len Length of the client certificate data.
* @param[in] private_key Pointer to the private key data.
* @param[in] private_key_len Length of the private key data (limited to 1~4096 bytes).
* @param[in] private_key_password Pointer to the private key password data (optional).
* @param[in] private_key_passwd_len Length of the private key password data (can be 0 for no password).
*
* @return
* - ESP_OK: The certificate, private key, and password (if provided) were set successfully.
*/
esp_err_t esp_eap_client_set_certificate_and_key(const unsigned char *client_cert, int client_cert_len,
const unsigned char *private_key, int private_key_len,
const unsigned char *private_key_password, int private_key_passwd_len);
/**
* @brief Clear the previously set client certificate and private key for EAP authentication.
*
* This function clears the client certificate and private key that were previously set
* for the EAP client. After calling this function, the EAP client will no longer use the
* previously configured certificate and private key during the authentication process.
*/
void esp_eap_client_clear_certificate_and_key(void);
/**
* @brief Set EAP client certificates time check (disable or not).
*
* This function enables or disables the time check for EAP client certificates.
* When disabled, the certificates' expiration time will not be checked during the authentication process.
*
* @param[in] disable True to disable EAP client certificates time check, false to enable it.
*
* @return
* - ESP_OK: The EAP client certificates time check setting was updated successfully.
*/
esp_err_t esp_eap_client_set_disable_time_check(bool disable);
/**
* @brief Get EAP client certificates time check status.
*
* This function retrieves the current status of the EAP client certificates time check.
*
* @param[out] disable Pointer to a boolean variable to store the disable status.
*
* @return
* - ESP_OK: The status of EAP client certificates time check was retrieved successfully.
*/
esp_err_t esp_eap_client_get_disable_time_check(bool *disable);
/**
* @brief Set EAP-TTLS phase 2 method.
*
* This function sets the phase 2 method to be used during EAP-TTLS authentication.
*
* @param[in] type The type of phase 2 method to be used (e.g., EAP, MSCHAPv2, MSCHAP, PAP, CHAP).
*
* @return
* - ESP_OK: The EAP-TTLS phase 2 method was set successfully.
*/
esp_err_t esp_eap_client_set_ttls_phase2_method(esp_eap_ttls_phase2_types type);
/**
* @brief Enable or disable Suite-B 192-bit certification checks.
*
* This function enables or disables the 192-bit Suite-B certification checks during EAP-TLS authentication.
* Suite-B is a set of cryptographic algorithms which generally are considered more secure.
*
* @param[in] enable True to enable 192-bit Suite-B certification checks, false to disable it.
*
* @return
* - ESP_OK: The 192-bit Suite-B certification checks were set successfully.
*/
esp_err_t esp_eap_client_set_suiteb_192bit_certification(bool enable);
/**
* @brief Set the PAC (Protected Access Credential) file for EAP-FAST authentication.
*
* EAP-FAST requires a PAC file that contains the client's credentials.
*
* @attention 1. For files read from the file system, length has to be decremented by 1 byte.
* @attention 2. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST.
*
* @param[in] pac_file Pointer to the PAC file buffer.
* @param[in] pac_file_len Length of the PAC file buffer.
*
* @return
* - ESP_OK: The PAC file for EAP-FAST authentication was set successfully.
*/
esp_err_t esp_eap_client_set_pac_file(const unsigned char *pac_file, int pac_file_len);
/**
* @brief Set the parameters for EAP-FAST Phase 1 authentication.
*
* EAP-FAST supports Fast Provisioning, where clients can be authenticated faster using precomputed keys (PAC).
* This function allows configuring parameters for Fast Provisioning.
*
* @attention 1. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST.
*
* @param[in] config Configuration structure with Fast Provisioning parameters.
*
* @return
* - ESP_OK: The parameters for EAP-FAST Phase 1 authentication were set successfully.
*/
esp_err_t esp_eap_client_set_fast_params(esp_eap_fast_config config);
/**
* @brief Use the default certificate bundle for EAP authentication.
*
* By default, the EAP client uses a built-in certificate bundle for server verification.
* Enabling this option allows the use of the default certificate bundle.
*
* @param[in] use_default_bundle True to use the default certificate bundle, false to use a custom bundle.
*
* @return
* - ESP_OK: The option to use the default certificate bundle was set successfully.
*/
esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle);
#ifdef __cplusplus
}
#endif

118
components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h
View File

@ -7,31 +7,16 @@
#ifndef _ESP_WPA2_H
#define _ESP_WPA2_H
#include <stdbool.h>
#pragma message("esp_wpa2.h is deprecated. Use esp_eap_client.h instead.")
#include "esp_err.h"
typedef enum {
ESP_EAP_TTLS_PHASE2_EAP,
ESP_EAP_TTLS_PHASE2_MSCHAPV2,
ESP_EAP_TTLS_PHASE2_MSCHAP,
ESP_EAP_TTLS_PHASE2_PAP,
ESP_EAP_TTLS_PHASE2_CHAP
} esp_eap_ttls_phase2_types;
typedef struct {
int fast_provisioning;
int fast_max_pac_list_len;
bool fast_pac_format_binary;
} esp_eap_fast_config;
#ifdef __cplusplus
extern "C" {
#endif
#include "esp_eap_client.h"
/**
* @brief Enable wpa2 enterprise authentication.
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_wifi_sta_enterprise_enable()` instead.
*
* @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled.
* @attention 2. wpa2 enterprise authentication supports EAP-FAST, TLS, PEAP, TTLS(EAP, MSCHAPv2, MSCHAP, PAP, CHAP) methods.
*
@ -39,22 +24,30 @@ extern "C" {
* - ESP_OK: succeed.
* - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
*/
__attribute__((deprecated("Use 'esp_wifi_sta_enterprise_enable' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_enable(void);
/**
* @brief Disable wpa2 enterprise authentication.
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_wifi_sta_enterprise_disable()` instead.
*
* @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled.
* @attention 2. wpa2 enterprise authentication supports EAP-FAST, TLS, PEAP, TTLS(EAP, MSCHAPv2, MSCHAP, PAP, CHAP) methods.
*
* @return
* - ESP_OK: succeed.
*/
__attribute__((deprecated("Use 'esp_wifi_sta_enterprise_disable' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_disable(void);
/**
* @brief Set identity for PEAP/TTLS method.
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_identity` instead.
*
* @attention The API only passes the parameter identity to the global pointer variable in wpa2 enterprise module.
*
* @param identity: point to address where stores the identity;
@ -65,17 +58,24 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void);
* - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128)
* - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
*/
__attribute__((deprecated("Use 'esp_eap_client_set_identity' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len);
/**
* @brief Clear identity for PEAP/TTLS method.
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_clear_identity` instead.
*
*/
__attribute__((deprecated("Use 'esp_eap_client_clear_identity' instead")))
void esp_wifi_sta_wpa2_ent_clear_identity(void);
/**
* @brief Set username for PEAP/TTLS method.
*
* @attention The API only passes the parameter username to the global pointer variable in wpa2 enterprise module.
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_username` instead.
*
* @param username: point to address where stores the username;
* @param len: length of username, limited to 1~127
@ -85,17 +85,23 @@ void esp_wifi_sta_wpa2_ent_clear_identity(void);
* - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128)
* - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
*/
__attribute__((deprecated("Use 'esp_eap_client_set_username' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len);
/**
* @brief Clear username for PEAP/TTLS method.
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_clear_username` instead.
*
*/
__attribute__((deprecated("Use 'esp_eap_client_clear_username' instead")))
void esp_wifi_sta_wpa2_ent_clear_username(void);
/**
* @brief Set password for PEAP/TTLS method..
*
* @attention The API only passes the parameter password to the global pointer variable in wpa2 enterprise module.
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_password` instead.
*
* @param password: point to address where stores the password;
* @param len: length of password(len > 0)
@ -105,18 +111,25 @@ void esp_wifi_sta_wpa2_ent_clear_username(void);
* - ESP_ERR_INVALID_ARG: fail(len <= 0)
* - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
*/
__attribute__((deprecated("Use 'esp_eap_client_set_password' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len);
/**
* @brief Clear password for PEAP/TTLS method..
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_clear_password` instead.
*/
__attribute__((deprecated("Use 'esp_eap_client_clear_password' instead")))
void esp_wifi_sta_wpa2_ent_clear_password(void);
/**
* @brief Set new password for MSCHAPv2 method..
*
* @attention 1. The API only passes the parameter password to the global pointer variable in wpa2 enterprise module.
* @attention 2. The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received.
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_new_password` instead.
*
* @attention 1. The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received.
*
* @param new_password: point to address where stores the password;
* @param len: length of password
@ -126,17 +139,25 @@ void esp_wifi_sta_wpa2_ent_clear_password(void);
* - ESP_ERR_INVALID_ARG: fail(len <= 0)
* - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
*/
__attribute__((deprecated("Use 'esp_eap_client_set_new_password' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len);
/**
* @brief Clear new password for MSCHAPv2 method..
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_clear_new_password` instead.
*
*/
__attribute__((deprecated("Use 'esp_eap_client_clear_new_password' instead")))
void esp_wifi_sta_wpa2_ent_clear_new_password(void);
/**
* @brief Set CA certificate for PEAP/TTLS method.
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_ca_cert` instead.
*
* @attention 1. The API only passes the parameter ca_cert to the global pointer variable in wpa2 enterprise module.
* @attention 2. The ca_cert should be zero terminated.
*
@ -146,16 +167,25 @@ void esp_wifi_sta_wpa2_ent_clear_new_password(void);
* @return
* - ESP_OK: succeed
*/
__attribute__((deprecated("Use 'esp_eap_client_set_ca_cert' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len);
/**
* @brief Clear CA certificate for PEAP/TTLS method.
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_clear_ca_cert` instead.
*
*/
__attribute__((deprecated("Use 'esp_eap_client_clear_ca_cert' instead")))
void esp_wifi_sta_wpa2_ent_clear_ca_cert(void);
/**
* @brief Set client certificate and key.
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_certificate_and_key` instead.
*
* @attention 1. The API only passes the parameter client_cert, private_key and private_key_passwd to the global pointer variable in wpa2 enterprise module.
* @attention 2. The client_cert, private_key and private_key_passwd should be zero terminated.
*
@ -169,57 +199,84 @@ void esp_wifi_sta_wpa2_ent_clear_ca_cert(void);
* @return
* - ESP_OK: succeed
*/
esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len);
__attribute__((deprecated("Use 'esp_eap_client_set_certificate_and_key' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len,
const unsigned char *private_key, int private_key_len,
const unsigned char *private_key_passwd, int private_key_passwd_len);
/**
* @brief Clear client certificate and key.
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_clear_certificate_and_key` instead.
*
*/
__attribute__((deprecated("Use 'esp_eap_client_clear_certificate_and_key' instead")))
void esp_wifi_sta_wpa2_ent_clear_cert_key(void);
/**
* @brief Set wpa2 enterprise certs time check(disable or not).
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_disable_time_check` instead.
*
* @param true: disable wpa2 enterprise certs time check
* @param false: enable wpa2 enterprise certs time check
*
* @return
* - ESP_OK: succeed
*/
__attribute__((deprecated("Use 'esp_eap_client_set_disable_time_check' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable);
/**
* @brief Get wpa2 enterprise certs time check(disable or not).
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_get_disable_time_check` instead.
*
* @param disable: store disable value
*
* @return
* - ESP_OK: succeed
*/
__attribute__((deprecated("Use 'esp_eap_client_get_disable_time_check' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable);
/**
* @brief Set wpa2 enterprise ttls phase2 method
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_ttls_phase2_method` instead.
*
* @param type: the type of phase 2 method to be used
*
* @return
* - ESP_OK: succeed
*/
__attribute__((deprecated("Use 'esp_eap_client_set_ttls_phase2_method' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type);
/**
* @brief enable/disable 192 bit suite b certification checks
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_suiteb_192bit_certification` instead.
*
* @param enable: bool to enable/disable it.
*
* @return
* - ESP_OK: succeed
*/
__attribute__((deprecated("Use 'esp_eap_client_set_suiteb_192bit_certification' instead")))
esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable);
/**
* @brief Set client pac file
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_pac_file` instead.
*
* @attention 1. For files read from the file system, length has to be decremented by 1 byte.
* @attention 2. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST.
*
@ -230,11 +287,15 @@ esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable);
* - ESP_OK: succeed
* - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
*/
__attribute__((deprecated("Use 'esp_eap_client_set_pac_file' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len);
/**
* @brief Set Phase 1 parameters for EAP-FAST
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_set_fast_params` instead.
*
* @attention 1. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST.
*
* @param config: eap fast phase 1 configuration
@ -244,17 +305,22 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int
* - ESP_ERR_INVALID_ARG: fail(out of bound arguments)
* - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
*/
__attribute__((deprecated("Use 'esp_eap_client_set_fast_params' instead")))
esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config);
/**
* @brief Use default CA cert bundle for server validation
*
* @deprecated This function is deprecated and will be removed in the future.
* Please use `esp_eap_client_use_default_cert_bundle` instead.
*
* @use_default_bundle : whether to use bundle or not
*
* @return
* - ESP_OK: succeed
* - ESP_FAIL: fail
*/
__attribute__((deprecated("Use 'esp_eap_client_use_default_cert_bundle' instead")))
esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle);
#ifdef __cplusplus

130
components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c → components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c
View File

@ -36,7 +36,8 @@
#include "esp_crt_bundle.h"
#endif
#include "esp_wpas_glue.h"
#include "esp_wpa2_i.h"
#include "esp_eap_client_i.h"
#include "esp_eap_client.h"
#define WPA2_VERSION "v2.0"
@ -77,7 +78,7 @@ static void wpa2_api_lock(void)
if (s_wpa2_api_lock == NULL) {
s_wpa2_api_lock = os_recursive_mutex_create();
if (!s_wpa2_api_lock) {
wpa_printf(MSG_ERROR, "WPA2: failed to create wpa2 api lock");
wpa_printf(MSG_ERROR, "EAP: failed to create EAP api lock");
return;
}
}
@ -117,7 +118,7 @@ static void wpa2_set_eap_state(wpa2_ent_eap_state_t state)
esp_wifi_set_wpa2_ent_state_internal(state);
}
wpa2_ent_eap_state_t wpa2_get_eap_state(void)
wpa2_ent_eap_state_t eap_client_get_eap_state(void)
{
if (!gEapSm) {
return WPA2_ENT_EAP_STATE_NOT_START;
@ -132,14 +133,14 @@ static inline void wpa2_task_delete(void *arg)
int ret = ESP_OK;
if (my_task_hdl == s_wpa2_task_hdl) {
wpa_printf(MSG_ERROR, "WPA2: should never call task delete api in wpa2 task context");
wpa_printf(MSG_ERROR, "EAP: should never call task delete api in eap task context");
return;
}
ret = wpa2_post(SIG_WPA2_TASK_DEL, 0);
if (ESP_OK != ret) {
wpa_printf(MSG_ERROR, "WPA2: failed to post task delete event, ret=%d", ret);
wpa_printf(MSG_ERROR, "EAP: failed to post task delete event, ret=%d", ret);
return;
}
}
@ -241,23 +242,23 @@ void wpa2_task(void *pvParameters )
break;
} else {
if (s_wifi_wpa2_sync_sem) {
wpa_printf(MSG_DEBUG, "WPA2: wifi->wpa2 api completed sig(%" PRId32 ")", e->sig);
wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed sig(%" PRId32 ")", e->sig);
os_semphr_give(s_wifi_wpa2_sync_sem);
} else {
wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem");
wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem");
}
}
}
wpa_printf(MSG_DEBUG, "WPA2: queue deleted");
wpa_printf(MSG_DEBUG, "EAP: queue deleted");
os_queue_delete(s_wpa2_queue);
wpa_printf(MSG_DEBUG, "WPA2: task deleted");
wpa_printf(MSG_DEBUG, "EAP: task deleted");
s_wpa2_queue = NULL;
if (s_wifi_wpa2_sync_sem) {
wpa_printf(MSG_DEBUG, "WPA2: wifi->wpa2 api completed sig(%" PRId32 ")", e->sig);
wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed sig(%" PRId32 ")", e->sig);
os_semphr_give(s_wifi_wpa2_sync_sem);
} else {
wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem");
wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem");
}
/* At this point, we completed */
@ -279,7 +280,7 @@ int wpa2_post(uint32_t sig, uint32_t par)
} else {
ETSEvent *evt = (ETSEvent *)os_malloc(sizeof(ETSEvent));
if (evt == NULL) {
wpa_printf(MSG_ERROR, "WPA2: E N M");
wpa_printf(MSG_ERROR, "EAP: E N M");
DATA_MUTEX_GIVE();
return ESP_FAIL;
}
@ -288,14 +289,14 @@ int wpa2_post(uint32_t sig, uint32_t par)
evt->sig = sig;
evt->par = par;
if (os_queue_send(s_wpa2_queue, &evt, os_task_ms_to_tick(10)) != TRUE) {
wpa_printf(MSG_ERROR, "WPA2: Q S E");
wpa_printf(MSG_ERROR, "EAP: Q S E");
return ESP_FAIL;
} else {
if (s_wifi_wpa2_sync_sem) {
os_semphr_take(s_wifi_wpa2_sync_sem, OS_BLOCK);
wpa_printf(MSG_DEBUG, "WPA2: wpa2 api return, sm->state(%d)", sm->finish_state);
wpa_printf(MSG_DEBUG, "EAP: EAP api return, sm->state(%d)", sm->finish_state);
} else {
wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem");
wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem");
}
}
}
@ -552,20 +553,20 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
/* TODO: backwards compatibility */
}
if (hdr->type != IEEE802_1X_TYPE_EAP_PACKET) {
wpa_printf(MSG_DEBUG, "WPA2: EAP frame (type %u) discarded, "
wpa_printf(MSG_DEBUG, "EAP: EAP frame (type %u) discarded, "
"not a EAP PACKET frame", hdr->type);
ret = -2;
goto _out;
}
if (plen > len - sizeof(*hdr) || plen < sizeof(*ehdr)) {
wpa_printf(MSG_DEBUG, "WPA2: EAPOL frame payload size %lu "
wpa_printf(MSG_DEBUG, "EAP: EAPOL frame payload size %lu "
"invalid (frame size %lu)",
(unsigned long) plen, (unsigned long) len);
ret = -2;
goto _out;
}
wpa_hexdump(MSG_MSGDUMP, "WPA2: RX EAPOL-EAP PACKET", tmp, len);
wpa_hexdump(MSG_MSGDUMP, "EAP: RX EAPOL-EAP PACKET", tmp, len);
if (data_len < len) {
wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
@ -577,7 +578,7 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
case EAP_CODE_REQUEST:
/* Handle EAP-reauthentication case */
if (sm->finish_state == WPA2_ENT_EAP_STATE_SUCCESS) {
wpa_printf(MSG_INFO, ">>>>>wpa2 EAP Re-authentication in progress");
wpa_printf(MSG_INFO, "EAP Re-authentication in progress");
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_IN_PROGRESS);
}
@ -592,18 +593,18 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
wpa_set_pmk(sm->eapKeyData, NULL, false);
os_free(sm->eapKeyData);
sm->eapKeyData = NULL;
wpa_printf(MSG_INFO, ">>>>>wpa2 FINISH");
wpa_printf(MSG_INFO, ">>>>>EAP FINISH");
ret = WPA2_ENT_EAP_STATE_SUCCESS;
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_SUCCESS);
eap_deinit_prev_method(sm, "EAP Success");
} else {
wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED, receive EAP_SUCCESS but pmk is empty, potential attack!");
wpa_printf(MSG_INFO, ">>>>>EAP FAILED, receive EAP_SUCCESS but pmk is empty, potential attack!");
ret = WPA2_ENT_EAP_STATE_FAIL;
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
}
break;
case EAP_CODE_FAILURE:
wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED");
wpa_printf(MSG_INFO, ">>>>>EAP FAILED");
ret = WPA2_ENT_EAP_STATE_FAIL;
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
break;
@ -678,7 +679,7 @@ static int eap_peer_sm_init(void)
struct eap_sm *sm;
if (gEapSm) {
wpa_printf(MSG_ERROR, "WPA2: wpa2 sm not null, deinit it");
wpa_printf(MSG_ERROR, "EAP: EAP sm not null, deinit it");
eap_peer_sm_deinit();
}
@ -691,7 +692,7 @@ static int eap_peer_sm_init(void)
gEapSm = sm;
s_wpa2_data_lock = os_recursive_mutex_create();
if (!s_wpa2_data_lock) {
wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock");
wpa_printf(MSG_ERROR, "EAP eap_peer_sm_init: failed to alloc data lock");
ret = ESP_ERR_NO_MEM;
goto _err;
}
@ -733,12 +734,12 @@ static int eap_peer_sm_init(void)
}
s_wifi_wpa2_sync_sem = os_semphr_create(1, 0);
if (!s_wifi_wpa2_sync_sem) {
wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem");
wpa_printf(MSG_ERROR, "EAP: failed create wifi EAP task sync sem");
ret = ESP_FAIL;
goto _err;
}
wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE);
wpa_printf(MSG_INFO, "wifi_task prio:%d, stack:%d", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE);
#endif
return ESP_OK;
@ -783,7 +784,7 @@ static void eap_peer_sm_deinit(void)
if (s_wpa2_data_lock) {
os_semphr_delete(s_wpa2_data_lock);
s_wpa2_data_lock = NULL;
wpa_printf(MSG_DEBUG, "wpa2 eap_peer_sm_deinit: free data lock");
wpa_printf(MSG_DEBUG, "EAP: eap_peer_sm_deinit: free data lock");
}
if (s_wpa2_queue) {
@ -794,16 +795,15 @@ static void eap_peer_sm_deinit(void)
gEapSm = NULL;
}
esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg)
static esp_err_t esp_client_enable_fn(void *arg)
{
struct wpa2_funcs *wpa2_cb;
wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] enable",
WPA2_VERSION);
wpa_printf(MSG_INFO, "WiFi Enterprise enable");
wpa2_cb = (struct wpa2_funcs *)os_zalloc(sizeof(struct wpa2_funcs));
if (wpa2_cb == NULL) {
wpa_printf(MSG_ERROR, "WPA2: no mem for wpa2 cb");
wpa_printf(MSG_ERROR, "EAP: no mem for eap cb");
return ESP_ERR_NO_MEM;
}
@ -814,7 +814,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg)
esp_wifi_register_wpa2_cb_internal(wpa2_cb);
wpa_printf(MSG_DEBUG, "WPA2 ENTERPRISE CRYPTO INIT.\r");
wpa_printf(MSG_DEBUG, "WiFi Enterprise crypto init.\r");
#ifdef EAP_PEER_METHOD
if (eap_peer_register_methods()) {
@ -824,7 +824,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg)
return ESP_OK;
}
esp_err_t esp_wifi_sta_wpa2_ent_enable(void)
esp_err_t esp_wifi_sta_enterprise_enable(void)
{
wifi_wpa2_param_t param;
esp_err_t ret;
@ -833,21 +833,21 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void)
wpa2_api_lock();
if (wpa2_is_enabled()) {
wpa_printf(MSG_INFO, "WPA2: already enabled");
wpa_printf(MSG_INFO, "EAP: already enabled");
wpa2_api_unlock();
return ESP_OK;
}
param.fn = (wifi_wpa2_fn_t)esp_wifi_sta_wpa2_ent_enable_fn;
param.fn = (wifi_wpa2_fn_t)esp_client_enable_fn;
param.param = NULL;
ret = esp_wifi_sta_wpa2_ent_enable_internal(&param);
if (ESP_OK == ret) {
wpa2_set_state(WPA2_STATE_ENABLED);
sm->wpa_sm_wpa2_ent_disable = esp_wifi_sta_wpa2_ent_disable;
sm->wpa_sm_eap_disable = esp_wifi_sta_enterprise_disable;
} else {
wpa_printf(MSG_ERROR, "failed to enable wpa2 ret=%d", ret);
wpa_printf(MSG_ERROR, "failed to enable eap ret=%d", ret);
}
wpa2_api_unlock();
@ -855,10 +855,10 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void)
return ret;
}
esp_err_t esp_wifi_sta_wpa2_ent_disable_fn(void *param)
static esp_err_t eap_client_disable_fn(void *param)
{
struct wpa_sm *sm = &gWpaSm;
wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] disable", WPA2_VERSION);
wpa_printf(MSG_INFO, "WiFi enterprise disable");
esp_wifi_unregister_wpa2_cb_internal();
if (gEapSm) {
@ -869,11 +869,11 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable_fn(void *param)
eap_peer_unregister_methods();
#endif
sm->wpa_sm_wpa2_ent_disable = NULL;
sm->wpa_sm_eap_disable = NULL;
return ESP_OK;
}
esp_err_t esp_wifi_sta_wpa2_ent_disable(void)
esp_err_t esp_wifi_sta_enterprise_disable(void)
{
wifi_wpa2_param_t param;
esp_err_t ret;
@ -881,19 +881,19 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void)
wpa2_api_lock();
if (wpa2_is_disabled()) {
wpa_printf(MSG_INFO, "WPA2: already disabled");
wpa_printf(MSG_INFO, "EAP: already disabled");
wpa2_api_unlock();
return ESP_OK;
}
param.fn = (wifi_wpa2_fn_t)esp_wifi_sta_wpa2_ent_disable_fn;
param.fn = (wifi_wpa2_fn_t)eap_client_disable_fn;
param.param = 0;
ret = esp_wifi_sta_wpa2_ent_disable_internal(&param);
if (ESP_OK == ret) {
wpa2_set_state(WPA2_STATE_DISABLED);
} else {
wpa_printf(MSG_ERROR, "failed to disable wpa2 ret=%d", ret);
wpa_printf(MSG_ERROR, "failed to disable eap ret=%d", ret);
}
wpa2_api_unlock();
@ -901,7 +901,9 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void)
return ret;
}
esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len)
esp_err_t esp_eap_client_set_certificate_and_key(const unsigned char *client_cert, int client_cert_len,
const unsigned char *private_key, int private_key_len,
const unsigned char *private_key_passwd, int private_key_passwd_len)
{
if (client_cert && client_cert_len > 0) {
g_wpa_client_cert = client_cert;
@ -919,10 +921,8 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, i
return ESP_OK;
}
void esp_wifi_sta_wpa2_ent_clear_cert_key(void)
void esp_eap_client_clear_certificate_and_key(void)
{
esp_wifi_unregister_wpa2_cb_internal();
g_wpa_client_cert = NULL;
g_wpa_client_cert_len = 0;
g_wpa_private_key = NULL;
@ -934,7 +934,7 @@ void esp_wifi_sta_wpa2_ent_clear_cert_key(void)
g_wpa_pac_file_len = 0;
}
esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len)
esp_err_t esp_eap_client_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len)
{
if (ca_cert && ca_cert_len > 0) {
g_wpa_ca_cert = ca_cert;
@ -944,14 +944,14 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca
return ESP_OK;
}
void esp_wifi_sta_wpa2_ent_clear_ca_cert(void)
void esp_eap_client_clear_ca_cert(void)
{
g_wpa_ca_cert = NULL;
g_wpa_ca_cert_len = 0;
}
#define ANONYMOUS_ID_LEN_MAX 128
esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len)
esp_err_t esp_eap_client_set_identity(const unsigned char *identity, int len)
{
if (len <= 0 || len > ANONYMOUS_ID_LEN_MAX) {
return ESP_ERR_INVALID_ARG;
@ -973,7 +973,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int
return ESP_OK;
}
void esp_wifi_sta_wpa2_ent_clear_identity(void)
void esp_eap_client_clear_identity(void)
{
if (g_wpa_anonymous_identity) {
os_free(g_wpa_anonymous_identity);
@ -984,7 +984,7 @@ void esp_wifi_sta_wpa2_ent_clear_identity(void)
}
#define USERNAME_LEN_MAX 128
esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len)
esp_err_t esp_eap_client_set_username(const unsigned char *username, int len)
{
if (len <= 0 || len > USERNAME_LEN_MAX) {
return ESP_ERR_INVALID_ARG;
@ -1006,7 +1006,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int
return ESP_OK;
}
void esp_wifi_sta_wpa2_ent_clear_username(void)
void esp_eap_client_clear_username(void)
{
if (g_wpa_username) {
os_free(g_wpa_username);
@ -1016,7 +1016,7 @@ void esp_wifi_sta_wpa2_ent_clear_username(void)
g_wpa_username_len = 0;
}
esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len)
esp_err_t esp_eap_client_set_password(const unsigned char *password, int len)
{
if (len <= 0) {
return ESP_ERR_INVALID_ARG;
@ -1038,7 +1038,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int
return ESP_OK;
}
void esp_wifi_sta_wpa2_ent_clear_password(void)
void esp_eap_client_clear_password(void)
{
if (g_wpa_password) {
os_free(g_wpa_password);
@ -1047,7 +1047,7 @@ void esp_wifi_sta_wpa2_ent_clear_password(void)
g_wpa_password_len = 0;
}
esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len)
esp_err_t esp_eap_client_set_new_password(const unsigned char *new_password, int len)
{
if (len <= 0) {
return ESP_ERR_INVALID_ARG;
@ -1069,7 +1069,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_passwo
return ESP_OK;
}
void esp_wifi_sta_wpa2_ent_clear_new_password(void)
void esp_eap_client_clear_new_password(void)
{
if (g_wpa_new_password) {
os_free(g_wpa_new_password);
@ -1078,7 +1078,7 @@ void esp_wifi_sta_wpa2_ent_clear_new_password(void)
g_wpa_new_password_len = 0;
}
esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable)
esp_err_t esp_eap_client_set_disable_time_check(bool disable)
{
s_disable_time_check = disable;
return ESP_OK;
@ -1089,13 +1089,13 @@ bool wifi_sta_get_enterprise_disable_time_check(void)
return s_disable_time_check;
}
esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable)
esp_err_t esp_eap_client_get_disable_time_check(bool *disable)
{
*disable = wifi_sta_get_enterprise_disable_time_check();
return ESP_OK;
}
esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type)
esp_err_t esp_eap_client_set_ttls_phase2_method(esp_eap_ttls_phase2_types type)
{
switch (type) {
case ESP_EAP_TTLS_PHASE2_EAP:
@ -1120,7 +1120,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types
return ESP_OK;
}
esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable)
esp_err_t esp_eap_client_set_suiteb_192bit_certification(bool enable)
{
#ifdef CONFIG_SUITEB192
g_wpa_suiteb_certification = enable;
@ -1130,7 +1130,7 @@ esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable)
#endif
}
esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len)
esp_err_t esp_eap_client_set_pac_file(const unsigned char *pac_file, int pac_file_len)
{
if (pac_file && pac_file_len > -1) {
if (pac_file_len < 512) { // The file contains less than 1 pac and is to be rewritten later
@ -1154,7 +1154,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int
return ESP_OK;
}
esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config)
esp_err_t esp_eap_client_set_fast_params(esp_eap_fast_config config)
{
char config_for_supplicant[PHASE1_PARAM_STRING_LEN] = "";
if ((config.fast_provisioning > -1) && (config.fast_provisioning <= 2)) {
@ -1186,7 +1186,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config confi
}
esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle)
esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle)
{
#ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
g_wpa_default_cert_bundle = use_default_bundle;

7
components/wpa_supplicant/esp_supplicant/src/esp_wpa2_i.h → components/wpa_supplicant/esp_supplicant/src/esp_eap_client_i.h
View File

@ -4,11 +4,8 @@
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef ESP_WPA2_I_H
#define ESP_WPA2_I_H
#pragma once
#include "esp_wifi_driver.h"
wpa2_ent_eap_state_t wpa2_get_eap_state(void);
#endif
wpa2_ent_eap_state_t eap_client_get_eap_state(void);

115
components/wpa_supplicant/esp_supplicant/src/esp_wpa2_api_port.c Normal file
View File

@ -0,0 +1,115 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "esp_eap_client.h"
esp_err_t esp_wifi_sta_wpa2_ent_enable(void)
{
return esp_wifi_sta_enterprise_enable();
}
esp_err_t esp_wifi_sta_wpa2_ent_disable(void)
{
return esp_wifi_sta_enterprise_disable();
}
esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len)
{
return esp_eap_client_set_identity(identity, len);
}
void esp_wifi_sta_wpa2_ent_clear_identity(void)
{
esp_eap_client_clear_identity();
}
esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len)
{
return esp_eap_client_set_username(username, len);
}
void esp_wifi_sta_wpa2_ent_clear_username(void)
{
esp_eap_client_clear_username();
}
esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len)
{
return esp_eap_client_set_password(password, len);
}
void esp_wifi_sta_wpa2_ent_clear_password(void)
{
esp_eap_client_clear_password();
}
esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len)
{
return esp_eap_client_set_new_password(new_password, len);
}
void esp_wifi_sta_wpa2_ent_clear_new_password(void)
{
esp_eap_client_clear_new_password();
}
esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len)
{
return esp_eap_client_set_ca_cert(ca_cert, ca_cert_len);
}
void esp_wifi_sta_wpa2_ent_clear_ca_cert(void)
{
esp_eap_client_clear_ca_cert();
}
esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len,
const unsigned char *private_key, int private_key_len,
const unsigned char *private_key_passwd, int private_key_passwd_len)
{
return esp_eap_client_set_certificate_and_key(client_cert, client_cert_len,
private_key, private_key_len, private_key_passwd, private_key_passwd_len);
}
void esp_wifi_sta_wpa2_ent_clear_cert_key(void)
{
esp_eap_client_clear_certificate_and_key();
}
esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable)
{
return esp_eap_client_set_disable_time_check(disable);
}
esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable)
{
return esp_eap_client_get_disable_time_check(disable);
}
esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type)
{
return esp_eap_client_set_ttls_phase2_method(type);
}
esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable)
{
return esp_eap_client_set_suiteb_192bit_certification(enable);
}
esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len)
{
return esp_eap_client_set_pac_file(pac_file, pac_file_len);
}
esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config)
{
return esp_eap_client_set_fast_params(config);
}
esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle)
{
return esp_eap_client_use_default_cert_bundle(use_default_bundle);
}

6
components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c
View File

@ -28,7 +28,7 @@
#include "esp_wifi_driver.h"
#include "esp_private/wifi.h"
#include "esp_wpa3_i.h"
#include "esp_wpa2.h"
#include "esp_eap_client.h"
#include "esp_common_i.h"
#include "esp_owe_i.h"
@ -185,8 +185,8 @@ bool wpa_deattach(void)
struct wpa_sm *sm = &gWpaSm;
esp_wpa3_free_sae_data();
#ifdef CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT
if (sm->wpa_sm_wpa2_ent_disable) {
sm->wpa_sm_wpa2_ent_disable();
if (sm->wpa_sm_eap_disable) {
sm->wpa_sm_eap_disable();
}
#endif
if (sm->wpa_sm_wps_disable) {

1
components/wpa_supplicant/src/eap_peer/eap_i.h
View File

@ -13,7 +13,6 @@
#include "eap.h"
#include "eap_common.h"
#include "eap_config.h"
#include "esp_wpa2.h"
/* RFC 4137 - EAP Peer state machine */

4
components/wpa_supplicant/src/rsn_supp/wpa.c
View File

@ -35,7 +35,7 @@
#include "esp_common_i.h"
#include "esp_owe_i.h"
#include "common/sae.h"
#include "esp_wpa2_i.h"
#include "esp_eap_client_i.h"
/**
* eapol_sm_notify_eap_success - Notification of external EAP success trigger
@ -656,7 +656,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
size_t kde_len;
if (is_wpa2_enterprise_connection()) {
wpa2_ent_eap_state_t state = wpa2_get_eap_state();
wpa2_ent_eap_state_t state = eap_client_get_eap_state();
if (state == WPA2_ENT_EAP_STATE_IN_PROGRESS) {
wpa_printf(MSG_INFO, "EAP Success has not been processed yet."
" Drop EAPOL message.");

2
components/wpa_supplicant/src/rsn_supp/wpa_i.h
View File

@ -117,7 +117,7 @@ struct wpa_sm {
struct wpabuf *owe_ie;
#endif /* CONFIG_OWE_STA */
int (*wpa_sm_wps_disable)(void);
esp_err_t (*wpa_sm_wpa2_ent_disable)(void);
esp_err_t (*wpa_sm_eap_disable)(void);
};
/**