From 981086ba300e2ae90f28fc2e00266c5617cccd7c Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Thu, 3 Aug 2023 18:07:29 +0530 Subject: [PATCH 1/5] change(esp_wifi): Rename WiFi enterprise connection APIs --- components/wpa_supplicant/CMakeLists.txt | 3 +- .../esp_supplicant/include/esp_eap_client.h | 311 ++++++++++++++++++ .../esp_supplicant/include/esp_wpa2.h | 118 +++++-- .../src/{esp_wpa2.c => esp_eap_client.c} | 130 ++++---- .../src/{esp_wpa2_i.h => esp_eap_client_i.h} | 7 +- .../esp_supplicant/src/esp_wpa2_api_port.c | 115 +++++++ .../esp_supplicant/src/esp_wpa_main.c | 8 +- .../wpa_supplicant/src/eap_peer/eap_i.h | 1 - components/wpa_supplicant/src/rsn_supp/wpa.c | 4 +- .../wpa_supplicant/src/rsn_supp/wpa_i.h | 2 +- 10 files changed, 594 insertions(+), 105 deletions(-) create mode 100644 components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h rename components/wpa_supplicant/esp_supplicant/src/{esp_wpa2.c => esp_eap_client.c} (86%) rename components/wpa_supplicant/esp_supplicant/src/{esp_wpa2_i.h => esp_eap_client_i.h} (60%) create mode 100644 components/wpa_supplicant/esp_supplicant/src/esp_wpa2_api_port.c diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 2515e7954e..a5c31d8a73 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -61,7 +61,8 @@ set(srcs "port/os_xtensa.c" "src/wps/wps_dev_attr.c" "src/wps/wps_enrollee.c") -set(esp_srcs "esp_supplicant/src/esp_wpa2.c" +set(esp_srcs "esp_supplicant/src/esp_eap_client.c" + "esp_supplicant/src/esp_wpa2_api_port.c" "esp_supplicant/src/esp_wpa_main.c" "esp_supplicant/src/esp_wpas_glue.c" "esp_supplicant/src/esp_common.c" diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h b/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h new file mode 100644 index 0000000000..a6dc7d6aa5 --- /dev/null +++ b/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h @@ -0,0 +1,311 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#pragma once + +#include +#include "esp_err.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + ESP_EAP_TTLS_PHASE2_EAP, + ESP_EAP_TTLS_PHASE2_MSCHAPV2, + ESP_EAP_TTLS_PHASE2_MSCHAP, + ESP_EAP_TTLS_PHASE2_PAP, + ESP_EAP_TTLS_PHASE2_CHAP +} esp_eap_ttls_phase2_types; + +typedef struct { + int fast_provisioning; /* Enables or disables Fast Provisioning in EAP-FAST */ + int fast_max_pac_list_len; /* Maximum length of the PAC (Protected Access Credential) list */ + bool fast_pac_format_binary; /* Set to true for binary format PAC, false for ASCII format PAC */ +} esp_eap_fast_config; + + +/** + * @brief Enable EAP authentication(WiFi Enterprise) for the station mode. + * + * This function enables Extensible Authentication Protocol (EAP) authentication + * for the Wi-Fi station mode. When EAP authentication is enabled, the ESP device + * will attempt to authenticate with the configured EAP credentials when connecting + * to a secure Wi-Fi network. + * + * @note Before calling this function, ensure that the Wi-Fi configuration and EAP + * credentials (such as username and password) have been properly set using the + * appropriate configuration APIs. + * + * @return + * - ESP_OK: EAP authentication enabled successfully. + * - ESP_ERR_NO_MEM: Failed to enable EAP authentication due to memory allocation failure. + */ +esp_err_t esp_wifi_sta_enterprise_enable(void); + + +/** + * @brief Disable EAP authentication(WiFi Enterprise) for the station mode. + * + * This function disables Extensible Authentication Protocol (EAP) authentication + * for the Wi-Fi station mode. When EAP authentication is disabled, the ESP device + * will not attempt to authenticate using EAP credentials when connecting to a + * secure Wi-Fi network. + * + * @note Disabling EAP authentication may cause the device to connect to the Wi-Fi + * network using other available authentication methods, if configured using esp_wifi_set_config(). + * + * @return + * - ESP_OK: EAP authentication disabled successfully. + * - ESP_ERR_INVALID_STATE: EAP client is in an invalid state for disabling. + */ +esp_err_t esp_wifi_sta_enterprise_disable(void); + +/** + * @brief Set identity for PEAP/TTLS authentication method. + * + * This function sets the identity to be used during PEAP/TTLS authentication. + * + * @param[in] identity Pointer to the identity data. + * @param[in] len Length of the identity data (limited to 1~127 bytes). + * + * @return + * - ESP_OK: The identity was set successfully. + * - ESP_ERR_INVALID_ARG: Invalid argument (len <= 0 or len >= 128). + * - ESP_ERR_NO_MEM: Memory allocation failure. + */ +esp_err_t esp_eap_client_set_identity(const unsigned char *identity, int len); + +/** + * @brief Clear the previously set identity for PEAP/TTLS authentication. + * + * This function clears the identity that was previously set for the EAP client. + * After calling this function, the EAP client will no longer use the previously + * configured identity during the authentication process. + */ +void esp_eap_client_clear_identity(void); + +/** + * @brief Set username for PEAP/TTLS authentication method. + * + * This function sets the username to be used during PEAP/TTLS authentication. + * + * @param[in] username Pointer to the username data. + * @param[in] len Length of the username data (limited to 1~127 bytes). + * + * @return + * - ESP_OK: The username was set successfully. + * - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0 or len >= 128). + * - ESP_ERR_NO_MEM: Failed due to memory allocation failure. + */ +esp_err_t esp_eap_client_set_username(const unsigned char *username, int len); + +/** + * @brief Clear username for PEAP/TTLS method. + * + * This function clears the previously set username for the EAP client. + */ +void esp_eap_client_clear_username(void); + +/** + * @brief Set password for PEAP/TTLS authentication method. + * + * This function sets the password to be used during PEAP/TTLS authentication. + * + * @param[in] password Pointer to the password data. + * @param[in] len Length of the password data (len > 0). + * + * @return + * - ESP_OK: The password was set successfully. + * - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0). + * - ESP_ERR_NO_MEM: Failed due to memory allocation failure. + */ +esp_err_t esp_eap_client_set_password(const unsigned char *password, int len); + +/** + * @brief Clear password for PEAP/TTLS method. + * + * This function clears the previously set password for the EAP client. + */ +void esp_eap_client_clear_password(void); + +/** + * @brief Set a new password for MSCHAPv2 authentication method. + * + * This function sets the new password to be used during MSCHAPv2 authentication. + * The new password is used to substitute the old password when an eap-mschapv2 failure request + * message with error code ERROR_PASSWD_EXPIRED is received. + * + * @param[in] new_password Pointer to the new password data. + * @param[in] len Length of the new password data. + * + * @return + * - ESP_OK: The new password was set successfully. + * - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0). + * - ESP_ERR_NO_MEM: Failed due to memory allocation failure. + */ +esp_err_t esp_eap_client_set_new_password(const unsigned char *new_password, int len); + +/** + * @brief Clear new password for MSCHAPv2 method. + * + * This function clears the previously set new password for the EAP client. + */ +void esp_eap_client_clear_new_password(void); + +/** + * @brief Set CA certificate for EAP authentication. + * + * This function sets the Certificate Authority (CA) certificate to be used during EAP authentication. + * The CA certificate is passed to the EAP client module through a global pointer. + * + * @param[in] ca_cert Pointer to the CA certificate data. + * @param[in] ca_cert_len Length of the CA certificate data. + * + * @return + * - ESP_OK: The CA certificate was set successfully. + */ +esp_err_t esp_eap_client_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len); + +/** + * @brief Clear the previously set Certificate Authority (CA) certificate for EAP authentication. + * + * This function clears the CA certificate that was previously set for the EAP client. + * After calling this function, the EAP client will no longer use the previously + * configured CA certificate during the authentication process. + */ +void esp_eap_client_clear_ca_cert(void); + +/** + * @brief Set client certificate and private key for EAP authentication. + * + * This function sets the client certificate and private key to be used during authentication. + * Optionally, a private key password can be provided for encrypted private keys. + * + * @attention 1. The client certificate, private key, and private key password are provided as pointers + * to the respective data arrays. + * @attention 2. The client_cert, private_key, and private_key_password should be zero-terminated. + * + * @param[in] client_cert Pointer to the client certificate data. + * @param[in] client_cert_len Length of the client certificate data. + * @param[in] private_key Pointer to the private key data. + * @param[in] private_key_len Length of the private key data (limited to 1~4096 bytes). + * @param[in] private_key_password Pointer to the private key password data (optional). + * @param[in] private_key_passwd_len Length of the private key password data (can be 0 for no password). + * + * @return + * - ESP_OK: The certificate, private key, and password (if provided) were set successfully. + */ +esp_err_t esp_eap_client_set_certificate_and_key(const unsigned char *client_cert, int client_cert_len, + const unsigned char *private_key, int private_key_len, + const unsigned char *private_key_password, int private_key_passwd_len); + +/** + * @brief Clear the previously set client certificate and private key for EAP authentication. + * + * This function clears the client certificate and private key that were previously set + * for the EAP client. After calling this function, the EAP client will no longer use the + * previously configured certificate and private key during the authentication process. + */ +void esp_eap_client_clear_certificate_and_key(void); + +/** + * @brief Set EAP client certificates time check (disable or not). + * + * This function enables or disables the time check for EAP client certificates. + * When disabled, the certificates' expiration time will not be checked during the authentication process. + * + * @param[in] disable True to disable EAP client certificates time check, false to enable it. + * + * @return + * - ESP_OK: The EAP client certificates time check setting was updated successfully. + */ +esp_err_t esp_eap_client_set_disable_time_check(bool disable); + +/** + * @brief Get EAP client certificates time check status. + * + * This function retrieves the current status of the EAP client certificates time check. + * + * @param[out] disable Pointer to a boolean variable to store the disable status. + * + * @return + * - ESP_OK: The status of EAP client certificates time check was retrieved successfully. + */ +esp_err_t esp_eap_client_get_disable_time_check(bool *disable); + +/** + * @brief Set EAP-TTLS phase 2 method. + * + * This function sets the phase 2 method to be used during EAP-TTLS authentication. + * + * @param[in] type The type of phase 2 method to be used (e.g., EAP, MSCHAPv2, MSCHAP, PAP, CHAP). + * + * @return + * - ESP_OK: The EAP-TTLS phase 2 method was set successfully. + */ +esp_err_t esp_eap_client_set_ttls_phase2_method(esp_eap_ttls_phase2_types type); + +/** + * @brief Enable or disable Suite-B 192-bit certification checks. + * + * This function enables or disables the 192-bit Suite-B certification checks during EAP-TLS authentication. + * Suite-B is a set of cryptographic algorithms which generally are considered more secure. + * + * @param[in] enable True to enable 192-bit Suite-B certification checks, false to disable it. + * + * @return + * - ESP_OK: The 192-bit Suite-B certification checks were set successfully. + */ +esp_err_t esp_eap_client_set_suiteb_192bit_certification(bool enable); + +/** + * @brief Set the PAC (Protected Access Credential) file for EAP-FAST authentication. + * + * EAP-FAST requires a PAC file that contains the client's credentials. + * + * @attention 1. For files read from the file system, length has to be decremented by 1 byte. + * @attention 2. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST. + * + * @param[in] pac_file Pointer to the PAC file buffer. + * @param[in] pac_file_len Length of the PAC file buffer. + * + * @return + * - ESP_OK: The PAC file for EAP-FAST authentication was set successfully. + */ +esp_err_t esp_eap_client_set_pac_file(const unsigned char *pac_file, int pac_file_len); + +/** + * @brief Set the parameters for EAP-FAST Phase 1 authentication. + * + * EAP-FAST supports Fast Provisioning, where clients can be authenticated faster using precomputed keys (PAC). + * This function allows configuring parameters for Fast Provisioning. + * + * @attention 1. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST. + * + * @param[in] config Configuration structure with Fast Provisioning parameters. + * + * @return + * - ESP_OK: The parameters for EAP-FAST Phase 1 authentication were set successfully. + */ +esp_err_t esp_eap_client_set_fast_params(esp_eap_fast_config config); + +/** + * @brief Use the default certificate bundle for EAP authentication. + * + * By default, the EAP client uses a built-in certificate bundle for server verification. + * Enabling this option allows the use of the default certificate bundle. + * + * @param[in] use_default_bundle True to use the default certificate bundle, false to use a custom bundle. + * + * @return + * - ESP_OK: The option to use the default certificate bundle was set successfully. + */ +esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle); + +#ifdef __cplusplus +} +#endif diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h b/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h index 2eae53f766..3f3b78934f 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h @@ -7,31 +7,16 @@ #ifndef _ESP_WPA2_H #define _ESP_WPA2_H -#include +#pragma message("esp_wpa2.h is deprecated. Use esp_eap_client.h instead.") -#include "esp_err.h" - -typedef enum { - ESP_EAP_TTLS_PHASE2_EAP, - ESP_EAP_TTLS_PHASE2_MSCHAPV2, - ESP_EAP_TTLS_PHASE2_MSCHAP, - ESP_EAP_TTLS_PHASE2_PAP, - ESP_EAP_TTLS_PHASE2_CHAP -} esp_eap_ttls_phase2_types; - -typedef struct { - int fast_provisioning; - int fast_max_pac_list_len; - bool fast_pac_format_binary; -} esp_eap_fast_config; - -#ifdef __cplusplus -extern "C" { -#endif +#include "esp_eap_client.h" /** * @brief Enable wpa2 enterprise authentication. * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_wifi_sta_enterprise_enable()` instead. + * * @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled. * @attention 2. wpa2 enterprise authentication supports EAP-FAST, TLS, PEAP, TTLS(EAP, MSCHAPv2, MSCHAP, PAP, CHAP) methods. * @@ -39,22 +24,30 @@ extern "C" { * - ESP_OK: succeed. * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_wifi_sta_enterprise_enable' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_enable(void); /** * @brief Disable wpa2 enterprise authentication. * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_wifi_sta_enterprise_disable()` instead. + * * @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled. * @attention 2. wpa2 enterprise authentication supports EAP-FAST, TLS, PEAP, TTLS(EAP, MSCHAPv2, MSCHAP, PAP, CHAP) methods. * * @return * - ESP_OK: succeed. */ +__attribute__((deprecated("Use 'esp_wifi_sta_enterprise_disable' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_disable(void); /** * @brief Set identity for PEAP/TTLS method. * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_identity` instead. + * * @attention The API only passes the parameter identity to the global pointer variable in wpa2 enterprise module. * * @param identity: point to address where stores the identity; @@ -65,17 +58,24 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void); * - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128) * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_eap_client_set_identity' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len); /** * @brief Clear identity for PEAP/TTLS method. + * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_identity` instead. + * */ +__attribute__((deprecated("Use 'esp_eap_client_clear_identity' instead"))) void esp_wifi_sta_wpa2_ent_clear_identity(void); /** * @brief Set username for PEAP/TTLS method. * - * @attention The API only passes the parameter username to the global pointer variable in wpa2 enterprise module. + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_username` instead. * * @param username: point to address where stores the username; * @param len: length of username, limited to 1~127 @@ -85,17 +85,23 @@ void esp_wifi_sta_wpa2_ent_clear_identity(void); * - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128) * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_eap_client_set_username' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len); /** * @brief Clear username for PEAP/TTLS method. + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_username` instead. + * */ +__attribute__((deprecated("Use 'esp_eap_client_clear_username' instead"))) void esp_wifi_sta_wpa2_ent_clear_username(void); /** * @brief Set password for PEAP/TTLS method.. * - * @attention The API only passes the parameter password to the global pointer variable in wpa2 enterprise module. + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_password` instead. * * @param password: point to address where stores the password; * @param len: length of password(len > 0) @@ -105,18 +111,25 @@ void esp_wifi_sta_wpa2_ent_clear_username(void); * - ESP_ERR_INVALID_ARG: fail(len <= 0) * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_eap_client_set_password' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len); /** * @brief Clear password for PEAP/TTLS method.. + * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_password` instead. */ +__attribute__((deprecated("Use 'esp_eap_client_clear_password' instead"))) void esp_wifi_sta_wpa2_ent_clear_password(void); /** * @brief Set new password for MSCHAPv2 method.. * - * @attention 1. The API only passes the parameter password to the global pointer variable in wpa2 enterprise module. - * @attention 2. The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received. + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_new_password` instead. + * + * @attention 1. The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received. * * @param new_password: point to address where stores the password; * @param len: length of password @@ -126,17 +139,25 @@ void esp_wifi_sta_wpa2_ent_clear_password(void); * - ESP_ERR_INVALID_ARG: fail(len <= 0) * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ - +__attribute__((deprecated("Use 'esp_eap_client_set_new_password' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len); /** * @brief Clear new password for MSCHAPv2 method.. + * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_new_password` instead. + * */ +__attribute__((deprecated("Use 'esp_eap_client_clear_new_password' instead"))) void esp_wifi_sta_wpa2_ent_clear_new_password(void); /** * @brief Set CA certificate for PEAP/TTLS method. * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_ca_cert` instead. + * * @attention 1. The API only passes the parameter ca_cert to the global pointer variable in wpa2 enterprise module. * @attention 2. The ca_cert should be zero terminated. * @@ -146,16 +167,25 @@ void esp_wifi_sta_wpa2_ent_clear_new_password(void); * @return * - ESP_OK: succeed */ +__attribute__((deprecated("Use 'esp_eap_client_set_ca_cert' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len); /** * @brief Clear CA certificate for PEAP/TTLS method. + * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_ca_cert` instead. + * */ +__attribute__((deprecated("Use 'esp_eap_client_clear_ca_cert' instead"))) void esp_wifi_sta_wpa2_ent_clear_ca_cert(void); /** * @brief Set client certificate and key. * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_certificate_and_key` instead. + * * @attention 1. The API only passes the parameter client_cert, private_key and private_key_passwd to the global pointer variable in wpa2 enterprise module. * @attention 2. The client_cert, private_key and private_key_passwd should be zero terminated. * @@ -169,57 +199,84 @@ void esp_wifi_sta_wpa2_ent_clear_ca_cert(void); * @return * - ESP_OK: succeed */ -esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len); +__attribute__((deprecated("Use 'esp_eap_client_set_certificate_and_key' instead"))) +esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, + const unsigned char *private_key, int private_key_len, + const unsigned char *private_key_passwd, int private_key_passwd_len); /** * @brief Clear client certificate and key. + * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_clear_certificate_and_key` instead. + * */ +__attribute__((deprecated("Use 'esp_eap_client_clear_certificate_and_key' instead"))) void esp_wifi_sta_wpa2_ent_clear_cert_key(void); /** * @brief Set wpa2 enterprise certs time check(disable or not). * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_disable_time_check` instead. + * * @param true: disable wpa2 enterprise certs time check * @param false: enable wpa2 enterprise certs time check * * @return * - ESP_OK: succeed */ +__attribute__((deprecated("Use 'esp_eap_client_set_disable_time_check' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable); /** * @brief Get wpa2 enterprise certs time check(disable or not). * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_get_disable_time_check` instead. + * * @param disable: store disable value * * @return * - ESP_OK: succeed */ +__attribute__((deprecated("Use 'esp_eap_client_get_disable_time_check' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable); /** * @brief Set wpa2 enterprise ttls phase2 method * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_ttls_phase2_method` instead. + * * @param type: the type of phase 2 method to be used * * @return * - ESP_OK: succeed */ +__attribute__((deprecated("Use 'esp_eap_client_set_ttls_phase2_method' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type); /** * @brief enable/disable 192 bit suite b certification checks * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_suiteb_192bit_certification` instead. + * * @param enable: bool to enable/disable it. * * @return * - ESP_OK: succeed */ +__attribute__((deprecated("Use 'esp_eap_client_set_suiteb_192bit_certification' instead"))) esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable); /** * @brief Set client pac file * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_pac_file` instead. + * * @attention 1. For files read from the file system, length has to be decremented by 1 byte. * @attention 2. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST. * @@ -230,11 +287,15 @@ esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable); * - ESP_OK: succeed * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_eap_client_set_pac_file' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len); /** * @brief Set Phase 1 parameters for EAP-FAST * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_set_fast_params` instead. + * * @attention 1. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST. * * @param config: eap fast phase 1 configuration @@ -244,17 +305,22 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int * - ESP_ERR_INVALID_ARG: fail(out of bound arguments) * - ESP_ERR_NO_MEM: fail(internal memory malloc fail) */ +__attribute__((deprecated("Use 'esp_eap_client_set_fast_params' instead"))) esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config); /** * @brief Use default CA cert bundle for server validation * + * @deprecated This function is deprecated and will be removed in the future. + * Please use `esp_eap_client_use_default_cert_bundle` instead. + * * @use_default_bundle : whether to use bundle or not * * @return * - ESP_OK: succeed * - ESP_FAIL: fail */ +__attribute__((deprecated("Use 'esp_eap_client_use_default_cert_bundle' instead"))) esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle); #ifdef __cplusplus diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c similarity index 86% rename from components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c rename to components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c index 6ee4026aab..c2255e1119 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c @@ -36,7 +36,8 @@ #include "esp_crt_bundle.h" #endif #include "esp_wpas_glue.h" -#include "esp_wpa2_i.h" +#include "esp_eap_client_i.h" +#include "esp_eap_client.h" #define WPA2_VERSION "v2.0" @@ -77,7 +78,7 @@ static void wpa2_api_lock(void) if (s_wpa2_api_lock == NULL) { s_wpa2_api_lock = os_recursive_mutex_create(); if (!s_wpa2_api_lock) { - wpa_printf(MSG_ERROR, "WPA2: failed to create wpa2 api lock"); + wpa_printf(MSG_ERROR, "EAP: failed to create EAP api lock"); return; } } @@ -117,7 +118,7 @@ static void wpa2_set_eap_state(wpa2_ent_eap_state_t state) esp_wifi_set_wpa2_ent_state_internal(state); } -wpa2_ent_eap_state_t wpa2_get_eap_state(void) +wpa2_ent_eap_state_t eap_client_get_eap_state(void) { if (!gEapSm) { return WPA2_ENT_EAP_STATE_NOT_START; @@ -132,14 +133,14 @@ static inline void wpa2_task_delete(void *arg) int ret = ESP_OK; if (my_task_hdl == s_wpa2_task_hdl) { - wpa_printf(MSG_ERROR, "WPA2: should never call task delete api in wpa2 task context"); + wpa_printf(MSG_ERROR, "EAP: should never call task delete api in eap task context"); return; } ret = wpa2_post(SIG_WPA2_TASK_DEL, 0); if (ESP_OK != ret) { - wpa_printf(MSG_ERROR, "WPA2: failed to post task delete event, ret=%d", ret); + wpa_printf(MSG_ERROR, "EAP: failed to post task delete event, ret=%d", ret); return; } } @@ -241,23 +242,23 @@ void wpa2_task(void *pvParameters ) break; } else { if (s_wifi_wpa2_sync_sem) { - wpa_printf(MSG_DEBUG, "WPA2: wifi->wpa2 api completed sig(%" PRId32 ")", e->sig); + wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed sig(%" PRId32 ")", e->sig); os_semphr_give(s_wifi_wpa2_sync_sem); } else { - wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem"); + wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem"); } } } - wpa_printf(MSG_DEBUG, "WPA2: queue deleted"); + wpa_printf(MSG_DEBUG, "EAP: queue deleted"); os_queue_delete(s_wpa2_queue); - wpa_printf(MSG_DEBUG, "WPA2: task deleted"); + wpa_printf(MSG_DEBUG, "EAP: task deleted"); s_wpa2_queue = NULL; if (s_wifi_wpa2_sync_sem) { - wpa_printf(MSG_DEBUG, "WPA2: wifi->wpa2 api completed sig(%" PRId32 ")", e->sig); + wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed sig(%" PRId32 ")", e->sig); os_semphr_give(s_wifi_wpa2_sync_sem); } else { - wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem"); + wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem"); } /* At this point, we completed */ @@ -279,7 +280,7 @@ int wpa2_post(uint32_t sig, uint32_t par) } else { ETSEvent *evt = (ETSEvent *)os_malloc(sizeof(ETSEvent)); if (evt == NULL) { - wpa_printf(MSG_ERROR, "WPA2: E N M"); + wpa_printf(MSG_ERROR, "EAP: E N M"); DATA_MUTEX_GIVE(); return ESP_FAIL; } @@ -288,14 +289,14 @@ int wpa2_post(uint32_t sig, uint32_t par) evt->sig = sig; evt->par = par; if (os_queue_send(s_wpa2_queue, &evt, os_task_ms_to_tick(10)) != TRUE) { - wpa_printf(MSG_ERROR, "WPA2: Q S E"); + wpa_printf(MSG_ERROR, "EAP: Q S E"); return ESP_FAIL; } else { if (s_wifi_wpa2_sync_sem) { os_semphr_take(s_wifi_wpa2_sync_sem, OS_BLOCK); - wpa_printf(MSG_DEBUG, "WPA2: wpa2 api return, sm->state(%d)", sm->finish_state); + wpa_printf(MSG_DEBUG, "EAP: EAP api return, sm->state(%d)", sm->finish_state); } else { - wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem"); + wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem"); } } } @@ -552,20 +553,20 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss /* TODO: backwards compatibility */ } if (hdr->type != IEEE802_1X_TYPE_EAP_PACKET) { - wpa_printf(MSG_DEBUG, "WPA2: EAP frame (type %u) discarded, " + wpa_printf(MSG_DEBUG, "EAP: EAP frame (type %u) discarded, " "not a EAP PACKET frame", hdr->type); ret = -2; goto _out; } if (plen > len - sizeof(*hdr) || plen < sizeof(*ehdr)) { - wpa_printf(MSG_DEBUG, "WPA2: EAPOL frame payload size %lu " + wpa_printf(MSG_DEBUG, "EAP: EAPOL frame payload size %lu " "invalid (frame size %lu)", (unsigned long) plen, (unsigned long) len); ret = -2; goto _out; } - wpa_hexdump(MSG_MSGDUMP, "WPA2: RX EAPOL-EAP PACKET", tmp, len); + wpa_hexdump(MSG_MSGDUMP, "EAP: RX EAPOL-EAP PACKET", tmp, len); if (data_len < len) { wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE " @@ -577,7 +578,7 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss case EAP_CODE_REQUEST: /* Handle EAP-reauthentication case */ if (sm->finish_state == WPA2_ENT_EAP_STATE_SUCCESS) { - wpa_printf(MSG_INFO, ">>>>>wpa2 EAP Re-authentication in progress"); + wpa_printf(MSG_INFO, "EAP Re-authentication in progress"); wpa2_set_eap_state(WPA2_ENT_EAP_STATE_IN_PROGRESS); } @@ -592,18 +593,18 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss wpa_set_pmk(sm->eapKeyData, NULL, false); os_free(sm->eapKeyData); sm->eapKeyData = NULL; - wpa_printf(MSG_INFO, ">>>>>wpa2 FINISH"); + wpa_printf(MSG_INFO, ">>>>>EAP FINISH"); ret = WPA2_ENT_EAP_STATE_SUCCESS; wpa2_set_eap_state(WPA2_ENT_EAP_STATE_SUCCESS); eap_deinit_prev_method(sm, "EAP Success"); } else { - wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED, receive EAP_SUCCESS but pmk is empty, potential attack!"); + wpa_printf(MSG_INFO, ">>>>>EAP FAILED, receive EAP_SUCCESS but pmk is empty, potential attack!"); ret = WPA2_ENT_EAP_STATE_FAIL; wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL); } break; case EAP_CODE_FAILURE: - wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED"); + wpa_printf(MSG_INFO, ">>>>>EAP FAILED"); ret = WPA2_ENT_EAP_STATE_FAIL; wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL); break; @@ -678,7 +679,7 @@ static int eap_peer_sm_init(void) struct eap_sm *sm; if (gEapSm) { - wpa_printf(MSG_ERROR, "WPA2: wpa2 sm not null, deinit it"); + wpa_printf(MSG_ERROR, "EAP: EAP sm not null, deinit it"); eap_peer_sm_deinit(); } @@ -691,7 +692,7 @@ static int eap_peer_sm_init(void) gEapSm = sm; s_wpa2_data_lock = os_recursive_mutex_create(); if (!s_wpa2_data_lock) { - wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock"); + wpa_printf(MSG_ERROR, "EAP eap_peer_sm_init: failed to alloc data lock"); ret = ESP_ERR_NO_MEM; goto _err; } @@ -733,12 +734,12 @@ static int eap_peer_sm_init(void) } s_wifi_wpa2_sync_sem = os_semphr_create(1, 0); if (!s_wifi_wpa2_sync_sem) { - wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem"); + wpa_printf(MSG_ERROR, "EAP: failed create wifi EAP task sync sem"); ret = ESP_FAIL; goto _err; } - wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE); + wpa_printf(MSG_INFO, "wifi_task prio:%d, stack:%d", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE); #endif return ESP_OK; @@ -783,7 +784,7 @@ static void eap_peer_sm_deinit(void) if (s_wpa2_data_lock) { os_semphr_delete(s_wpa2_data_lock); s_wpa2_data_lock = NULL; - wpa_printf(MSG_DEBUG, "wpa2 eap_peer_sm_deinit: free data lock"); + wpa_printf(MSG_DEBUG, "EAP: eap_peer_sm_deinit: free data lock"); } if (s_wpa2_queue) { @@ -794,16 +795,15 @@ static void eap_peer_sm_deinit(void) gEapSm = NULL; } -esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg) +static esp_err_t esp_client_enable_fn(void *arg) { struct wpa2_funcs *wpa2_cb; - wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] enable", - WPA2_VERSION); + wpa_printf(MSG_INFO, "WiFi Enterprise enable"); wpa2_cb = (struct wpa2_funcs *)os_zalloc(sizeof(struct wpa2_funcs)); if (wpa2_cb == NULL) { - wpa_printf(MSG_ERROR, "WPA2: no mem for wpa2 cb"); + wpa_printf(MSG_ERROR, "EAP: no mem for eap cb"); return ESP_ERR_NO_MEM; } @@ -814,7 +814,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg) esp_wifi_register_wpa2_cb_internal(wpa2_cb); - wpa_printf(MSG_DEBUG, "WPA2 ENTERPRISE CRYPTO INIT.\r"); + wpa_printf(MSG_DEBUG, "WiFi Enterprise crypto init.\r"); #ifdef EAP_PEER_METHOD if (eap_peer_register_methods()) { @@ -824,7 +824,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg) return ESP_OK; } -esp_err_t esp_wifi_sta_wpa2_ent_enable(void) +esp_err_t esp_wifi_sta_enterprise_enable(void) { wifi_wpa2_param_t param; esp_err_t ret; @@ -833,21 +833,21 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void) wpa2_api_lock(); if (wpa2_is_enabled()) { - wpa_printf(MSG_INFO, "WPA2: already enabled"); + wpa_printf(MSG_INFO, "EAP: already enabled"); wpa2_api_unlock(); return ESP_OK; } - param.fn = (wifi_wpa2_fn_t)esp_wifi_sta_wpa2_ent_enable_fn; + param.fn = (wifi_wpa2_fn_t)esp_client_enable_fn; param.param = NULL; ret = esp_wifi_sta_wpa2_ent_enable_internal(¶m); if (ESP_OK == ret) { wpa2_set_state(WPA2_STATE_ENABLED); - sm->wpa_sm_wpa2_ent_disable = esp_wifi_sta_wpa2_ent_disable; + sm->wpa_sm_eap_disable = esp_wifi_sta_enterprise_disable; } else { - wpa_printf(MSG_ERROR, "failed to enable wpa2 ret=%d", ret); + wpa_printf(MSG_ERROR, "failed to enable eap ret=%d", ret); } wpa2_api_unlock(); @@ -855,10 +855,10 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void) return ret; } -esp_err_t esp_wifi_sta_wpa2_ent_disable_fn(void *param) +static esp_err_t eap_client_disable_fn(void *param) { struct wpa_sm *sm = &gWpaSm; - wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] disable", WPA2_VERSION); + wpa_printf(MSG_INFO, "WiFi enterprise disable"); esp_wifi_unregister_wpa2_cb_internal(); if (gEapSm) { @@ -869,11 +869,11 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable_fn(void *param) eap_peer_unregister_methods(); #endif - sm->wpa_sm_wpa2_ent_disable = NULL; + sm->wpa_sm_eap_disable = NULL; return ESP_OK; } -esp_err_t esp_wifi_sta_wpa2_ent_disable(void) +esp_err_t esp_wifi_sta_enterprise_disable(void) { wifi_wpa2_param_t param; esp_err_t ret; @@ -881,19 +881,19 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void) wpa2_api_lock(); if (wpa2_is_disabled()) { - wpa_printf(MSG_INFO, "WPA2: already disabled"); + wpa_printf(MSG_INFO, "EAP: already disabled"); wpa2_api_unlock(); return ESP_OK; } - param.fn = (wifi_wpa2_fn_t)esp_wifi_sta_wpa2_ent_disable_fn; + param.fn = (wifi_wpa2_fn_t)eap_client_disable_fn; param.param = 0; ret = esp_wifi_sta_wpa2_ent_disable_internal(¶m); if (ESP_OK == ret) { wpa2_set_state(WPA2_STATE_DISABLED); } else { - wpa_printf(MSG_ERROR, "failed to disable wpa2 ret=%d", ret); + wpa_printf(MSG_ERROR, "failed to disable eap ret=%d", ret); } wpa2_api_unlock(); @@ -901,7 +901,9 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void) return ret; } -esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len) +esp_err_t esp_eap_client_set_certificate_and_key(const unsigned char *client_cert, int client_cert_len, + const unsigned char *private_key, int private_key_len, + const unsigned char *private_key_passwd, int private_key_passwd_len) { if (client_cert && client_cert_len > 0) { g_wpa_client_cert = client_cert; @@ -919,10 +921,8 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, i return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_cert_key(void) +void esp_eap_client_clear_certificate_and_key(void) { - esp_wifi_unregister_wpa2_cb_internal(); - g_wpa_client_cert = NULL; g_wpa_client_cert_len = 0; g_wpa_private_key = NULL; @@ -934,7 +934,7 @@ void esp_wifi_sta_wpa2_ent_clear_cert_key(void) g_wpa_pac_file_len = 0; } -esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len) +esp_err_t esp_eap_client_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len) { if (ca_cert && ca_cert_len > 0) { g_wpa_ca_cert = ca_cert; @@ -944,14 +944,14 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_ca_cert(void) +void esp_eap_client_clear_ca_cert(void) { g_wpa_ca_cert = NULL; g_wpa_ca_cert_len = 0; } #define ANONYMOUS_ID_LEN_MAX 128 -esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len) +esp_err_t esp_eap_client_set_identity(const unsigned char *identity, int len) { if (len <= 0 || len > ANONYMOUS_ID_LEN_MAX) { return ESP_ERR_INVALID_ARG; @@ -973,7 +973,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_identity(void) +void esp_eap_client_clear_identity(void) { if (g_wpa_anonymous_identity) { os_free(g_wpa_anonymous_identity); @@ -984,7 +984,7 @@ void esp_wifi_sta_wpa2_ent_clear_identity(void) } #define USERNAME_LEN_MAX 128 -esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len) +esp_err_t esp_eap_client_set_username(const unsigned char *username, int len) { if (len <= 0 || len > USERNAME_LEN_MAX) { return ESP_ERR_INVALID_ARG; @@ -1006,7 +1006,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_username(void) +void esp_eap_client_clear_username(void) { if (g_wpa_username) { os_free(g_wpa_username); @@ -1016,7 +1016,7 @@ void esp_wifi_sta_wpa2_ent_clear_username(void) g_wpa_username_len = 0; } -esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len) +esp_err_t esp_eap_client_set_password(const unsigned char *password, int len) { if (len <= 0) { return ESP_ERR_INVALID_ARG; @@ -1038,7 +1038,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_password(void) +void esp_eap_client_clear_password(void) { if (g_wpa_password) { os_free(g_wpa_password); @@ -1047,7 +1047,7 @@ void esp_wifi_sta_wpa2_ent_clear_password(void) g_wpa_password_len = 0; } -esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len) +esp_err_t esp_eap_client_set_new_password(const unsigned char *new_password, int len) { if (len <= 0) { return ESP_ERR_INVALID_ARG; @@ -1069,7 +1069,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_passwo return ESP_OK; } -void esp_wifi_sta_wpa2_ent_clear_new_password(void) +void esp_eap_client_clear_new_password(void) { if (g_wpa_new_password) { os_free(g_wpa_new_password); @@ -1078,7 +1078,7 @@ void esp_wifi_sta_wpa2_ent_clear_new_password(void) g_wpa_new_password_len = 0; } -esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable) +esp_err_t esp_eap_client_set_disable_time_check(bool disable) { s_disable_time_check = disable; return ESP_OK; @@ -1089,13 +1089,13 @@ bool wifi_sta_get_enterprise_disable_time_check(void) return s_disable_time_check; } -esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable) +esp_err_t esp_eap_client_get_disable_time_check(bool *disable) { *disable = wifi_sta_get_enterprise_disable_time_check(); return ESP_OK; } -esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type) +esp_err_t esp_eap_client_set_ttls_phase2_method(esp_eap_ttls_phase2_types type) { switch (type) { case ESP_EAP_TTLS_PHASE2_EAP: @@ -1120,7 +1120,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types return ESP_OK; } -esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable) +esp_err_t esp_eap_client_set_suiteb_192bit_certification(bool enable) { #ifdef CONFIG_SUITEB192 g_wpa_suiteb_certification = enable; @@ -1130,7 +1130,7 @@ esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable) #endif } -esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len) +esp_err_t esp_eap_client_set_pac_file(const unsigned char *pac_file, int pac_file_len) { if (pac_file && pac_file_len > -1) { if (pac_file_len < 512) { // The file contains less than 1 pac and is to be rewritten later @@ -1154,7 +1154,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int return ESP_OK; } -esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config) +esp_err_t esp_eap_client_set_fast_params(esp_eap_fast_config config) { char config_for_supplicant[PHASE1_PARAM_STRING_LEN] = ""; if ((config.fast_provisioning > -1) && (config.fast_provisioning <= 2)) { @@ -1186,7 +1186,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config confi } -esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle) +esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle) { #ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE g_wpa_default_cert_bundle = use_default_bundle; diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2_i.h b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client_i.h similarity index 60% rename from components/wpa_supplicant/esp_supplicant/src/esp_wpa2_i.h rename to components/wpa_supplicant/esp_supplicant/src/esp_eap_client_i.h index 06f356c5ca..d0e6b30bad 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2_i.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_eap_client_i.h @@ -4,11 +4,8 @@ * SPDX-License-Identifier: Apache-2.0 */ -#ifndef ESP_WPA2_I_H -#define ESP_WPA2_I_H +#pragma once #include "esp_wifi_driver.h" -wpa2_ent_eap_state_t wpa2_get_eap_state(void); - -#endif +wpa2_ent_eap_state_t eap_client_get_eap_state(void); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa2_api_port.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa2_api_port.c new file mode 100644 index 0000000000..a61c3ca8eb --- /dev/null +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa2_api_port.c @@ -0,0 +1,115 @@ +/* + * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include "esp_eap_client.h" + +esp_err_t esp_wifi_sta_wpa2_ent_enable(void) +{ + return esp_wifi_sta_enterprise_enable(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_disable(void) +{ + return esp_wifi_sta_enterprise_disable(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len) +{ + return esp_eap_client_set_identity(identity, len); +} + +void esp_wifi_sta_wpa2_ent_clear_identity(void) +{ + esp_eap_client_clear_identity(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len) +{ + return esp_eap_client_set_username(username, len); +} + +void esp_wifi_sta_wpa2_ent_clear_username(void) +{ + esp_eap_client_clear_username(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len) +{ + return esp_eap_client_set_password(password, len); +} + +void esp_wifi_sta_wpa2_ent_clear_password(void) +{ + esp_eap_client_clear_password(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len) +{ + return esp_eap_client_set_new_password(new_password, len); +} + +void esp_wifi_sta_wpa2_ent_clear_new_password(void) +{ + esp_eap_client_clear_new_password(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len) +{ + return esp_eap_client_set_ca_cert(ca_cert, ca_cert_len); +} + +void esp_wifi_sta_wpa2_ent_clear_ca_cert(void) +{ + esp_eap_client_clear_ca_cert(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, + const unsigned char *private_key, int private_key_len, + const unsigned char *private_key_passwd, int private_key_passwd_len) +{ + return esp_eap_client_set_certificate_and_key(client_cert, client_cert_len, + private_key, private_key_len, private_key_passwd, private_key_passwd_len); +} + +void esp_wifi_sta_wpa2_ent_clear_cert_key(void) +{ + esp_eap_client_clear_certificate_and_key(); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable) +{ + return esp_eap_client_set_disable_time_check(disable); +} + +esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable) +{ + return esp_eap_client_get_disable_time_check(disable); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type) +{ + return esp_eap_client_set_ttls_phase2_method(type); +} + +esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable) +{ + return esp_eap_client_set_suiteb_192bit_certification(enable); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len) +{ + return esp_eap_client_set_pac_file(pac_file, pac_file_len); +} + +esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config) +{ + return esp_eap_client_set_fast_params(config); +} + +esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle) +{ + return esp_eap_client_use_default_cert_bundle(use_default_bundle); +} diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c index ac378c2a9f..8d80783654 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c @@ -28,7 +28,7 @@ #include "esp_wifi_driver.h" #include "esp_private/wifi.h" #include "esp_wpa3_i.h" -#include "esp_wpa2.h" +#include "esp_eap_client.h" #include "esp_common_i.h" #include "esp_owe_i.h" @@ -180,13 +180,13 @@ void wpa_ap_get_peer_spp_msg(void *sm_data, bool *spp_cap, bool *spp_req) *spp_req = sm->spp_sup.require; } -bool wpa_deattach(void) +bool wpa_deattach(void) { struct wpa_sm *sm = &gWpaSm; esp_wpa3_free_sae_data(); #ifdef CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT - if (sm->wpa_sm_wpa2_ent_disable) { - sm->wpa_sm_wpa2_ent_disable(); + if (sm->wpa_sm_eap_disable) { + sm->wpa_sm_eap_disable(); } #endif if (sm->wpa_sm_wps_disable) { diff --git a/components/wpa_supplicant/src/eap_peer/eap_i.h b/components/wpa_supplicant/src/eap_peer/eap_i.h index 15cedbe1bf..fec7856714 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_i.h +++ b/components/wpa_supplicant/src/eap_peer/eap_i.h @@ -13,7 +13,6 @@ #include "eap.h" #include "eap_common.h" #include "eap_config.h" -#include "esp_wpa2.h" /* RFC 4137 - EAP Peer state machine */ diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 59c7cf717f..e581538990 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -35,7 +35,7 @@ #include "esp_common_i.h" #include "esp_owe_i.h" #include "common/sae.h" -#include "esp_wpa2_i.h" +#include "esp_eap_client_i.h" /** * eapol_sm_notify_eap_success - Notification of external EAP success trigger @@ -656,7 +656,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, size_t kde_len; if (is_wpa2_enterprise_connection()) { - wpa2_ent_eap_state_t state = wpa2_get_eap_state(); + wpa2_ent_eap_state_t state = eap_client_get_eap_state(); if (state == WPA2_ENT_EAP_STATE_IN_PROGRESS) { wpa_printf(MSG_INFO, "EAP Success has not been processed yet." " Drop EAPOL message."); diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_i.h b/components/wpa_supplicant/src/rsn_supp/wpa_i.h index c3a7afd438..03cca337a5 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa_i.h +++ b/components/wpa_supplicant/src/rsn_supp/wpa_i.h @@ -117,7 +117,7 @@ struct wpa_sm { struct wpabuf *owe_ie; #endif /* CONFIG_OWE_STA */ int (*wpa_sm_wps_disable)(void); - esp_err_t (*wpa_sm_wpa2_ent_disable)(void); + esp_err_t (*wpa_sm_eap_disable)(void); }; /** From d490e99f741711fcf866e6cca8bc2c9e3cba18bc Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Mon, 7 Aug 2023 15:41:55 +0530 Subject: [PATCH 2/5] change(example): Update wifi enterprise example --- examples/wifi/wifi_enterprise/README.md | 124 +++++++++++++++--- .../wifi_enterprise/main/Kconfig.projbuild | 31 +++-- .../main/wifi_enterprise_main.c | 71 +++++----- tools/ci/check_copyright_ignore.txt | 1 - 4 files changed, 150 insertions(+), 77 deletions(-) diff --git a/examples/wifi/wifi_enterprise/README.md b/examples/wifi/wifi_enterprise/README.md index e13410cd53..17a91e0b63 100644 --- a/examples/wifi/wifi_enterprise/README.md +++ b/examples/wifi/wifi_enterprise/README.md @@ -1,7 +1,16 @@ | Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C6 | ESP32-S2 | ESP32-S3 | | ----------------- | ----- | -------- | -------- | -------- | -------- | -------- | -# WPA2 Enterprise Example + +# Understanding different WiFi enterprise modes: + +**WPA2 Enterprise**: WPA2-Enterprise is an advanced Wi-Fi security mode primarily used in business environments. It employs a RADIUS server for user-based authentication, supporting various EAP methods like EAP-TLS and EAP-PEAP. This mode enhances security by requiring individual user credentials, establishes secure encryption keys, and allows for efficient user management. It's a scalable and robust solution ideal for large-scale networks seeking strong protection against unauthorized access. + +**WPA3 Enterprise**: WPA2-Enterprise + PMF mandatory + CA certificate validaion(required) + +**WPA3 Enterprise(192 bit)**: WPA3 Enterprise + AES256 Keys(GCMP256/CCMP256) + BIP256 + RSA3096/EC certs + NSA SuiteB ciphers in EAP authentication. + +# WiFi Enterprise Example This example shows how ESP32 connects to AP with Wi-Fi enterprise encryption. The example does the following steps: @@ -9,8 +18,8 @@ This example shows how ESP32 connects to AP with Wi-Fi enterprise encryption. Th 2. Install client certificate and client key which is required in TLS method and optional in PEAP and TTLS methods. 3. Set identity of phase 1 which is optional. 4. Set user name and password of phase 2 which is required in PEAP and TTLS methods. -5. Enable wpa2 enterprise. -6. Connect to AP. +5. Enable WiFi enterprise mode. +6. Connect to AP using esp_wifi_connect(). *Note:* 1. The certificates currently are generated and are present in examples/wifi/wifi_enterprise/main folder. 2. The expiration date of the certificates is 2027/06/05. @@ -86,25 +95,100 @@ idf.py -p PORT flash monitor ### Example output -Here is an example of wpa2 enterprise(PEAP method) console output. -``` -I (1352) example: Setting WiFi configuration SSID wpa2_test... -I (1362) wpa: WPA2 ENTERPRISE VERSION: [v2.0] enable +I (31) boot: ESP-IDF v5.2-dev-2787-g40cf6433be-dirty 2nd stage bootloader +I (31) boot: compile time Sep 12 2023 13:39:03 +I (33) boot: Multicore bootloader +I (38) boot: chip revision: v3.0 +I (41) boot.esp32: SPI Speed : 40MHz +I (46) boot.esp32: SPI Mode : DIO +I (51) boot.esp32: SPI Flash Size : 2MB +I (55) boot: Enabling RNG early entropy source... +I (61) boot: Partition Table: +I (64) boot: ## Label Usage Type ST Offset Length +I (71) boot: 0 nvs WiFi data 01 02 00009000 00006000 +I (79) boot: 1 phy_init RF data 01 01 0000f000 00001000 +I (86) boot: 2 factory factory app 00 00 00010000 00100000 +I (94) boot: End of partition table +I (98) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=2aa0ch (174604) map +I (170) esp_image: segment 1: paddr=0003aa34 vaddr=3ffb0000 size=037a0h ( 14240) load +I (175) esp_image: segment 2: paddr=0003e1dc vaddr=40080000 size=01e3ch ( 7740) load +I (179) esp_image: segment 3: paddr=00040020 vaddr=400d0020 size=954c8h (611528) map +I (405) esp_image: segment 4: paddr=000d54f0 vaddr=40081e3c size=13de0h ( 81376) load +I (449) boot: Loaded app from partition at offset 0x10000 +I (450) boot: Disabling RNG early entropy source... +I (461) cpu_start: Multicore app +I (461) cpu_start: Pro cpu up. +I (462) cpu_start: Starting app cpu, entry point is 0x400811e0 +I (0) cpu_start: App cpu up. +I (479) cpu_start: Pro cpu start user code +I (479) cpu_start: cpu freq: 160000000 Hz +I (479) cpu_start: Application information: +I (484) cpu_start: Project name: wifi_enterprise +I (490) cpu_start: App version: c6_h2_rng_final_tests-2032-g40c +I (497) cpu_start: Compile time: Sep 12 2023 13:38:55 +I (503) cpu_start: ELF file SHA256: 8d1ba00d3... +I (508) cpu_start: ESP-IDF: v5.2-dev-2787-g40cf6433be-dirty +I (515) cpu_start: Min chip rev: v0.0 +I (520) cpu_start: Max chip rev: v3.99 +I (525) cpu_start: Chip rev: v3.0 +I (530) heap_init: Initializing. RAM available for dynamic allocation: +I (537) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM +I (543) heap_init: At 3FFB7A20 len 000285E0 (161 KiB): DRAM +I (549) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM +I (555) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM +I (562) heap_init: At 40095C1C len 0000A3E4 (40 KiB): IRAM +I (570) spi_flash: detected chip: generic +I (573) spi_flash: flash io: dio +W (577) spi_flash: Detected size(8192k) larger than the size in the binary image header(2048k). Using the size in the binary image header. +I (591) app_start: Starting scheduler on CPU0 +I (595) app_start: Starting scheduler on CPU1 +I (595) main_task: Started on CPU0 +I (605) main_task: Calling app_main() +I (635) wifi:wifi driver task: 3ffbf930, prio:23, stack:6656, core=0 +I (635) wifi:wifi firmware version: e03c1ca +I (635) wifi:wifi certification version: v7.0 +I (635) wifi:config NVS flash: enabled +I (635) wifi:config nano formating: disabled +I (645) wifi:Init data frame dynamic rx buffer num: 32 +I (645) wifi:Init management frame dynamic rx buffer num: 32 +I (655) wifi:Init management short buffer num: 32 +I (655) wifi:Init dynamic tx buffer num: 32 +I (665) wifi:Init static rx buffer size: 1600 +I (665) wifi:Init static rx buffer num: 10 +I (665) wifi:Init dynamic rx buffer num: 32 +I (675) wifi_init: rx ba win: 6 +I (675) wifi_init: tcpip mbox: 32 +I (675) wifi_init: udp mbox: 6 +I (685) wifi_init: tcp mbox: 6 +I (685) wifi_init: tcp tx win: 5744 +I (695) wifi_init: tcp rx win: 5744 +I (695) wifi_init: tcp mss: 1440 +I (695) wifi_init: WiFi IRAM OP enabled +I (705) wifi_init: WiFi RX IRAM OP enabled +I (705) example: Setting WiFi configuration SSID ESP_ENTERPRISE_AP... +I (715) wpa: WiFi Enterprise enable +I (725) phy_init: phy_version 4771,450c73b,Aug 16 2023,11:03:10 +I (835) wifi:mode : sta (e0:e2:e6:6a:7c:20) +I (845) wifi:enable tsf +I (845) main_task: Returned from app_main() +I (1465) wpa: BSS: Add new id 0 BSSID 38:94:ed:34:07:66 SSID 'ESP_ENTERPRISE_AP' chan 6 +I (1465) wifi:new:<6,0>, old:<1,0>, ap:<255,255>, sta:<6,0>, prof:1 +I (7385) wifi:state: init -> auth (b0) +I (7395) wifi:state: auth -> assoc (0) +I (7405) wifi:state: assoc -> run (10) +I (7405) wpa: wifi_task prio:7, stack:6656 +I (7495) wpa: len=5 not available in input +I (7555) wpa: SSL: Need 1595 bytes more input data +I (7605) wpa: SSL: Need 601 bytes more input data +I (8575) wpa: len=5 not available in input +I (8695) wpa: application data is null, adding one byte for ack +I (8725) wpa: >>>>>EAP FINISH +I (8785) wifi:connected with ESP_ENTERPRISE_AP, aid = 1, channel 6, BW20, bssid = 38:94:ed:34:07:66 +I (8785) wifi:security: WPA2-ENT, phy: bgn, rssi: -22 +I (8785) wifi:pm start, type: 1 -I (1362) wifi: rx_ba=1 tx_ba=1 +I (8795) wifi:AP's beacon interval = 102400 us, DTIM period = 3 -I (1372) wifi: mode : sta (24:0a:c4:03:b8:dc) -I (3002) wifi: n:11 0, o:1 0, ap:255 255, sta:11 0, prof:11 -I (3642) wifi: state: init -> auth (b0) -I (3642) wifi: state: auth -> assoc (0) -I (3652) wifi: state: assoc -> run (10) -I (3652) wpa: wpa2_task prio:24, stack:6144 - -I (3972) wpa: >>>>>wpa2 FINISH - -I (3982) wpa: wpa2 task delete - -I (3992) wifi: connected with wpa2_test, channel 11 I (5372) example: ~~~~~~~~~~~ I (5372) example: IP:0.0.0.0 I (5372) example: MASK:0.0.0.0 diff --git a/examples/wifi/wifi_enterprise/main/Kconfig.projbuild b/examples/wifi/wifi_enterprise/main/Kconfig.projbuild index e1a5f2146a..9b68237e4c 100644 --- a/examples/wifi/wifi_enterprise/main/Kconfig.projbuild +++ b/examples/wifi/wifi_enterprise/main/Kconfig.projbuild @@ -2,15 +2,15 @@ menu "Example Configuration" config EXAMPLE_WIFI_SSID string "WiFi SSID" - default "wpa2_test" + default "ESP_ENTERPRISE_AP" help SSID (network name) for the example to connect to. choice prompt "Enterprise configuration to be used" - default EXAMPLE_WPA_WPA2_ENTERPRISE - config EXAMPLE_WPA_WPA2_ENTERPRISE - bool "WPA_WPA2_ENT" + default EXAMPLE_WPA3_ENTERPRISE + config EXAMPLE_WPA2_ENTERPRISE + bool "WPA2_ENT" config EXAMPLE_WPA3_ENTERPRISE bool "WPA3_ENT" config EXAMPLE_WPA3_192BIT_ENTERPRISE @@ -21,7 +21,7 @@ menu "Example Configuration" select ESP_WIFI_SUITE_B_192 endchoice - if EXAMPLE_WPA_WPA2_ENTERPRISE + if EXAMPLE_WPA2_ENTERPRISE config EXAMPLE_VALIDATE_SERVER_CERT bool "Validate server" default y @@ -29,21 +29,14 @@ menu "Example Configuration" Validate the servers' certificate using CA cert. endif - if !EXAMPLE_WPA_WPA2_ENTERPRISE + if !EXAMPLE_WPA2_ENTERPRISE config EXAMPLE_VALIDATE_SERVER_CERT default y endif - config EXAMPLE_USE_DEFAULT_CERT_BUNDLE - bool "Use default cert bundle" - depends on EXAMPLE_VALIDATE_SERVER_CERT - default n - help - Use default CA certificate bundle for WPA enterprise connection - choice prompt "EAP method for the example to use" - default EXAMPLE_EAP_METHOD_PEAP + default EXAMPLE_EAP_METHOD_TLS config EXAMPLE_EAP_METHOD_TLS bool "TLS" config EXAMPLE_EAP_METHOD_PEAP @@ -90,13 +83,19 @@ menu "Example Configuration" depends on EXAMPLE_EAP_METHOD_PEAP || EXAMPLE_EAP_METHOD_TTLS default "espressif" help - Username for EAP method (PEAP and TTLS). + Username for EAP method (valid for PEAP and TTLS). config EXAMPLE_EAP_PASSWORD string "EAP PASSWORD" depends on EXAMPLE_EAP_METHOD_PEAP || EXAMPLE_EAP_METHOD_TTLS default "test11" help - Password for EAP method (PEAP and TTLS). + Password for EAP method (valid for PEAP and TTLS). + config EXAMPLE_USE_DEFAULT_CERT_BUNDLE + bool "Use default cert bundle" + depends on EXAMPLE_VALIDATE_SERVER_CERT + default n + help + Use default CA certificate bundle for WiFi enterprise connection endmenu diff --git a/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c b/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c index 4c9aab4829..b511c7c20a 100644 --- a/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c +++ b/examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c @@ -1,28 +1,17 @@ -/* WiFi Connection Example using WPA2 Enterprise +/* + * SPDX-FileCopyrightText: 2006-2016 ARM Limited + * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD * - * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License. - * Additions Copyright (C) Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License. - * - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 */ + #include #include #include "freertos/FreeRTOS.h" #include "freertos/task.h" #include "freertos/event_groups.h" #include "esp_wifi.h" -#include "esp_wpa2.h" +#include "esp_eap_client.h" #include "esp_event.h" #include "esp_log.h" #include "esp_system.h" @@ -63,7 +52,7 @@ static const char *TAG = "example"; Client key, taken from client.key The PEM, CRT and KEY file were provided by the person or organization - who configured the AP with wpa2 enterprise. + who configured the AP with wifi enterprise. To embed it in the app binary, the PEM, CRT and KEY file is named in the component.mk COMPONENT_EMBED_TXTFILES variable. @@ -115,14 +104,14 @@ static void initialise_wifi(void) assert(sta_netif); wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); - ESP_ERROR_CHECK( esp_wifi_init(&cfg) ); - ESP_ERROR_CHECK( esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL) ); - ESP_ERROR_CHECK( esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL) ); - ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) ); + ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL)); + ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL)); + ESP_ERROR_CHECK(esp_wifi_set_storage(WIFI_STORAGE_RAM)); wifi_config_t wifi_config = { .sta = { .ssid = EXAMPLE_WIFI_SSID, -#if defined (CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE) +#if defined (CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE) || defined (CONFIG_EXAMPLE_WPA3_ENTERPRISE) .pmf_cfg = { .required = true }, @@ -130,41 +119,43 @@ static void initialise_wifi(void) }, }; ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid); - ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) ); - ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) ); + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); + ESP_ERROR_CHECK(esp_eap_client_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) ); #if defined(CONFIG_EXAMPLE_VALIDATE_SERVER_CERT) || \ defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE) || \ defined(CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE) - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ca_cert(ca_pem_start, ca_pem_bytes) ); + ESP_ERROR_CHECK(esp_eap_client_set_ca_cert(ca_pem_start, ca_pem_bytes) ); #endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */ /* EXAMPLE_WPA3_ENTERPRISE */ #ifdef CONFIG_EXAMPLE_EAP_METHOD_TLS - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_cert_key(client_crt_start, client_crt_bytes,\ - client_key_start, client_key_bytes, NULL, 0) ); + ESP_ERROR_CHECK(esp_eap_client_set_certificate_and_key(client_crt_start, client_crt_bytes, + client_key_start, client_key_bytes, NULL, 0) ); #endif /* CONFIG_EXAMPLE_EAP_METHOD_TLS */ -#if defined CONFIG_EXAMPLE_EAP_METHOD_PEAP || CONFIG_EXAMPLE_EAP_METHOD_TTLS - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)) ); - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)) ); +#if defined (CONFIG_EXAMPLE_EAP_METHOD_PEAP) || \ + defined (CONFIG_EXAMPLE_EAP_METHOD_TTLS) + ESP_ERROR_CHECK(esp_eap_client_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)) ); + ESP_ERROR_CHECK(esp_eap_client_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)) ); #endif /* CONFIG_EXAMPLE_EAP_METHOD_PEAP || CONFIG_EXAMPLE_EAP_METHOD_TTLS */ #if defined CONFIG_EXAMPLE_EAP_METHOD_TTLS - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(TTLS_PHASE2_METHOD) ); + ESP_ERROR_CHECK(esp_eap_client_set_ttls_phase2_method(TTLS_PHASE2_METHOD) ); #endif /* CONFIG_EXAMPLE_EAP_METHOD_TTLS */ + #if defined (CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE) ESP_LOGI(TAG, "Enabling 192 bit certification"); - ESP_ERROR_CHECK(esp_wifi_sta_wpa2_set_suiteb_192bit_certification(true)); + ESP_ERROR_CHECK(esp_eap_client_set_suiteb_192bit_certification(true)); #endif #ifdef CONFIG_EXAMPLE_USE_DEFAULT_CERT_BUNDLE - ESP_ERROR_CHECK(esp_wifi_sta_wpa2_use_default_cert_bundle(true)); + ESP_ERROR_CHECK(esp_eap_client_use_default_cert_bundle(true)); #endif - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_enable() ); - ESP_ERROR_CHECK( esp_wifi_start() ); + ESP_ERROR_CHECK(esp_wifi_sta_enterprise_enable()); + ESP_ERROR_CHECK(esp_wifi_start()); } -static void wpa2_enterprise_example_task(void *pvParameters) +static void wifi_enterprise_example_task(void *pvParameters) { esp_netif_ip_info_t ip; memset(&ip, 0, sizeof(esp_netif_ip_info_t)); @@ -185,7 +176,7 @@ static void wpa2_enterprise_example_task(void *pvParameters) void app_main(void) { - ESP_ERROR_CHECK( nvs_flash_init() ); + ESP_ERROR_CHECK(nvs_flash_init()); initialise_wifi(); - xTaskCreate(&wpa2_enterprise_example_task, "wpa2_enterprise_example_task", 4096, NULL, 5, NULL); + xTaskCreate(&wifi_enterprise_example_task, "wifi_enterprise_example_task", 4096, NULL, 5, NULL); } diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index 6af8c689d8..d57bcd40d1 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -1628,7 +1628,6 @@ examples/wifi/roaming/main/roaming_example.c examples/wifi/scan/main/scan.c examples/wifi/smart_config/main/smartconfig_main.c examples/wifi/wifi_easy_connect/dpp-enrollee/main/dpp_enrollee_main.c -examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c examples/wifi/wps/main/wps.c tools/ble/lib_ble_client.py tools/ble/lib_gap.py From 6c9692ecef6d5212937d21a39a66362068ff3e03 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Mon, 7 Aug 2023 15:43:43 +0530 Subject: [PATCH 3/5] change(example): Update eap-fast example --- examples/wifi/wifi_eap_fast/README.md | 11 ++++--- .../wifi/wifi_eap_fast/main/Kconfig.projbuild | 28 +++++++--------- .../wifi_eap_fast/main/wifi_eap_fast_main.c | 33 +++++++++++-------- 3 files changed, 37 insertions(+), 35 deletions(-) diff --git a/examples/wifi/wifi_eap_fast/README.md b/examples/wifi/wifi_eap_fast/README.md index 669f0dcdc3..b79953bbcd 100644 --- a/examples/wifi/wifi_eap_fast/README.md +++ b/examples/wifi/wifi_eap_fast/README.md @@ -8,13 +8,14 @@ This example shows how ESP32 connects to AP with Wi-Fi enterprise encryption usi 1. Install CA certificate which is optional. 2. Set user name and password and identity. 3. Set the PAC file which may be empty. -4. Enable wpa2 enterprise. +4. Enable WiFi enterprise mode. 5. Connect to AP. -*Note:* 1. EAP-FAST is not supported with `CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT` and so is disabled by default. - 2. Setting the config `fast_provisioning` to methods 0 and 1 do not support saving the PAC credentials in case of a restart or loss of power. - 3. The certificates present in the `examples/wifi/wifi_eap_fast/main` folder contain server certificates which have the corresponding CA as well. These can be used for server validation which is opptional. - 4. The expiration date of these certificates is 2027/06/05. +*Note:* +1. EAP-FAST is not supported with `CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT` and so is disabled by default. +2. Setting the config `fast_provisioning` to methods 0 and 1 do not support saving the PAC credentials in case of a restart or loss of power. +3. The certificates present in the `examples/wifi/wifi_eap_fast/main` folder contain server certificates which have the corresponding CA as well. These can be used for server validation which is opptional. +4. The expiration date of these certificates is 2027/06/05. ### Configuration diff --git a/examples/wifi/wifi_eap_fast/main/Kconfig.projbuild b/examples/wifi/wifi_eap_fast/main/Kconfig.projbuild index 5185de217e..6290be4287 100644 --- a/examples/wifi/wifi_eap_fast/main/Kconfig.projbuild +++ b/examples/wifi/wifi_eap_fast/main/Kconfig.projbuild @@ -1,25 +1,21 @@ menu "Example Configuration" - choice - prompt "Enterprise configuration to be used" - default EXAMPLE_WPA_WPA2_ENTERPRISE - config EXAMPLE_WPA_WPA2_ENTERPRISE - bool "WPA_WPA2_ENT" - config EXAMPLE_WPA3_ENTERPRISE - bool "WPA3_ENT" - depends on IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S3 - select ESP_WIFI_GCMP_SUPPORT - select ESP_WIFI_GMAC_SUPPORT - select ESP_WIFI_SUITE_B_192 - endchoice - config EXAMPLE_WIFI_SSID string "WiFi SSID" - default "wpa2_test" + default "ESP_EAP_FAST_AP" help SSID (network name) for the example to connect to. - if EXAMPLE_WPA_WPA2_ENTERPRISE + choice + prompt "Enterprise configuration to be used" + default EXAMPLE_WPA3_ENTERPRISE + config EXAMPLE_WPA2_ENTERPRISE + bool "WPA2_ENT" + config EXAMPLE_WPA3_ENTERPRISE + bool "WPA3_ENT" + endchoice + + if EXAMPLE_WPA2_ENTERPRISE config EXAMPLE_VALIDATE_SERVER_CERT bool "Validate server" default y @@ -27,7 +23,7 @@ menu "Example Configuration" Validate the servers' certificate using CA cert. endif - if !EXAMPLE_WPA_WPA2_ENTERPRISE + if !EXAMPLE_WPA2_ENTERPRISE config EXAMPLE_VALIDATE_SERVER_CERT default y endif diff --git a/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c b/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c index 8588feef36..4f8b8152bc 100644 --- a/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c +++ b/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: CC0-1.0 */ @@ -10,7 +10,7 @@ #include "freertos/task.h" #include "freertos/event_groups.h" #include "esp_wifi.h" -#include "esp_wpa2.h" +#include "esp_eap_client.h" #include "esp_event.h" #include "esp_log.h" #include "esp_system.h" @@ -89,33 +89,38 @@ static void initialise_wifi(void) wifi_config_t wifi_config = { .sta = { .ssid = EXAMPLE_WIFI_SSID, +#if defined (CONFIG_EXAMPLE_WPA3_ENTERPRISE) + .pmf_cfg = { + .required = true + }, +#endif }, }; ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid); - ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) ); - ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) ); - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) ); + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA)); + ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config)); + ESP_ERROR_CHECK(esp_eap_client_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID))); #if defined(CONFIG_EXAMPLE_VALIDATE_SERVER_CERT) || \ defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE) - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ca_cert(ca_pem_start, ca_pem_bytes) ); + ESP_ERROR_CHECK(esp_eap_client_set_ca_cert(ca_pem_start, ca_pem_bytes) ); #endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */ /* EXAMPLE_WPA3_ENTERPRISE */ - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)) ); - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)) ); - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_pac_file(pac_file_pac_start, pac_file_bytes - 1) ); + ESP_ERROR_CHECK(esp_eap_client_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME))); + ESP_ERROR_CHECK(esp_eap_client_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD))); + ESP_ERROR_CHECK(esp_eap_client_set_pac_file(pac_file_pac_start, pac_file_bytes - 1) ); esp_eap_fast_config eap_fast_config = { .fast_provisioning = 2, .fast_max_pac_list_len = 0, .fast_pac_format_binary = false }; - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_fast_phase1_params(eap_fast_config) ); + ESP_ERROR_CHECK(esp_eap_client_set_fast_params(eap_fast_config)); - ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_enable() ); - ESP_ERROR_CHECK( esp_wifi_start() ); + ESP_ERROR_CHECK(esp_wifi_sta_enterprise_enable()); + ESP_ERROR_CHECK(esp_wifi_start()); } -static void wpa2_enterprise_example_task(void *pvParameters) +static void wifi_enterprise_example_task(void *pvParameters) { esp_netif_ip_info_t ip; memset(&ip, 0, sizeof(esp_netif_ip_info_t)); @@ -138,5 +143,5 @@ void app_main(void) { ESP_ERROR_CHECK( nvs_flash_init() ); initialise_wifi(); - xTaskCreate(&wpa2_enterprise_example_task, "wpa2_enterprise_example_task", 4096, NULL, 5, NULL); + xTaskCreate(&wifi_enterprise_example_task, "wifi_enterprise_example_task", 4096, NULL, 5, NULL); } From 52120cde26a6875d1e87e126c7bac742e8724aa0 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Tue, 12 Sep 2023 14:16:44 +0530 Subject: [PATCH 4/5] change(wifi): Add supplicant's public API header files to doc --- .../esp_supplicant/include/esp_eap_client.h | 31 ++++++-- .../esp_supplicant/include/esp_mbo.h | 52 +++++++------ .../esp_supplicant/include/esp_wps.h | 76 ++++++++++++------- docs/doxygen/Doxyfile | 5 ++ docs/en/api-reference/network/esp_wifi.rst | 5 ++ .../release-5.x/5.1/index.rst | 1 + .../migration-guides/release-5.x/5.1/wifi.rst | 10 +++ .../release-5.x/5.1/index.rst | 1 + .../migration-guides/release-5.x/5.1/wifi.rst | 10 +++ 9 files changed, 131 insertions(+), 60 deletions(-) create mode 100644 docs/en/migration-guides/release-5.x/5.1/wifi.rst create mode 100644 docs/zh_CN/migration-guides/release-5.x/5.1/wifi.rst diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h b/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h index a6dc7d6aa5..1cbfac781e 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h @@ -13,18 +13,33 @@ extern "C" { #endif +/** + * @brief Enumeration of phase 2 authentication types for EAP-TTLS. + * + * This enumeration defines the supported phase 2 authentication methods + * that can be used in the EAP-TTLS (Extensible Authentication Protocol - + * Tunneled Transport Layer Security) protocol for the second authentication + * phase. + */ typedef enum { - ESP_EAP_TTLS_PHASE2_EAP, - ESP_EAP_TTLS_PHASE2_MSCHAPV2, - ESP_EAP_TTLS_PHASE2_MSCHAP, - ESP_EAP_TTLS_PHASE2_PAP, - ESP_EAP_TTLS_PHASE2_CHAP + ESP_EAP_TTLS_PHASE2_EAP, /**< EAP (Extensible Authentication Protocol) */ + ESP_EAP_TTLS_PHASE2_MSCHAPV2, /**< MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol - Version 2) */ + ESP_EAP_TTLS_PHASE2_MSCHAP, /**< MS-CHAP (Microsoft Challenge Handshake Authentication Protocol) */ + ESP_EAP_TTLS_PHASE2_PAP, /**< PAP (Password Authentication Protocol) */ + ESP_EAP_TTLS_PHASE2_CHAP /**< CHAP (Challenge Handshake Authentication Protocol) */ } esp_eap_ttls_phase2_types; +/** + * @brief Configuration settings for EAP-FAST + * (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling). + * + * This structure defines the configuration options that can be used to customize the behavior of the + * EAP-FAST authentication protocol, specifically for Fast Provisioning and PAC (Protected Access Credential) handling. + */ typedef struct { - int fast_provisioning; /* Enables or disables Fast Provisioning in EAP-FAST */ - int fast_max_pac_list_len; /* Maximum length of the PAC (Protected Access Credential) list */ - bool fast_pac_format_binary; /* Set to true for binary format PAC, false for ASCII format PAC */ + int fast_provisioning; /**< Enable or disable Fast Provisioning in EAP-FAST (0 = disabled, 1 = enabled) */ + int fast_max_pac_list_len; /**< Maximum length of the PAC (Protected Access Credential) list */ + bool fast_pac_format_binary; /**< Set to true for binary format PAC, false for ASCII format PAC */ } esp_eap_fast_config; diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_mbo.h b/components/wpa_supplicant/esp_supplicant/include/esp_mbo.h index 4292213943..4319ecc000 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_mbo.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_mbo.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -13,39 +13,41 @@ extern "C" { #endif /** - * enum non_pref_chan_reason: Reason for non preference of channel - */ + * @brief Enumeration of reasons for a channel being non-preferred in a wireless network. + * + * This enumeration defines various reasons why a specific channel might be considered non-preferred + * in a wireless network configuration. + */ enum non_pref_chan_reason { - NON_PREF_CHAN_REASON_UNSPECIFIED = 0, - NON_PREF_CHAN_REASON_RSSI = 1, - NON_PREF_CHAN_REASON_EXT_INTERFERENCE = 2, - NON_PREF_CHAN_REASON_INT_INTERFERENCE = 3, + NON_PREF_CHAN_REASON_UNSPECIFIED = 0, /**< Unspecified reason for non-preference */ + NON_PREF_CHAN_REASON_RSSI = 1, /**< Non-preferred due to low RSSI (Received Signal Strength Indication) */ + NON_PREF_CHAN_REASON_EXT_INTERFERENCE = 2, /**< Non-preferred due to external interference */ + NON_PREF_CHAN_REASON_INT_INTERFERENCE = 3, /**< Non-preferred due to internal interference */ }; /** - * @brief Channel structure for non preferred channel - * - * @param reason: enum non_pref_chan_reason - * @param oper_class: operating class for the channel - * @param chan: channel number - * @param preference: channel preference - */ + * @brief Structure representing a non-preferred channel in a wireless network. + * + * This structure encapsulates information about a non-preferred channel + * including the reason for its non-preference, the operating class, channel number, and preference level. + */ struct non_pref_chan { - enum non_pref_chan_reason reason; - uint8_t oper_class; - uint8_t chan; - uint8_t preference; + enum non_pref_chan_reason reason; /**< Reason for the channel being non-preferred */ + uint8_t oper_class; /**< Operating class of the channel */ + uint8_t chan; /**< Channel number */ + uint8_t preference; /**< Preference level of the channel */ }; /** - * @brief Array structure for non preferred channel struct - * - * @param non_pref_chan_num: channel count - * @param chan: array of non_pref_chan type - */ + * @brief Structure representing a list of non-preferred channels in a wireless network. + * + * This structure encapsulates information about a list of non-preferred channels + * including the number of non-preferred channels and an array of structures + * representing individual non-preferred channels. + */ struct non_pref_chan_s { - size_t non_pref_chan_num; - struct non_pref_chan chan[]; + size_t non_pref_chan_num; /**< Number of non-preferred channels in the list */ + struct non_pref_chan chan[]; /**< Array of structures representing individual non-preferred channels */ }; /** diff --git a/components/wpa_supplicant/esp_supplicant/include/esp_wps.h b/components/wpa_supplicant/esp_supplicant/include/esp_wps.h index c9d60ecb8d..148bc81da7 100644 --- a/components/wpa_supplicant/esp_supplicant/include/esp_wps.h +++ b/components/wpa_supplicant/esp_supplicant/include/esp_wps.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -33,32 +33,60 @@ extern "C" { #define ESP_ERR_WIFI_WPS_TYPE (ESP_ERR_WIFI_BASE + 52) /*!< WPS type error */ #define ESP_ERR_WIFI_WPS_SM (ESP_ERR_WIFI_BASE + 53) /*!< WPS state machine is not initialized */ +/** + * @brief Enumeration of WPS (Wi-Fi Protected Setup) types. + */ typedef enum wps_type { - WPS_TYPE_DISABLE = 0, - WPS_TYPE_PBC, - WPS_TYPE_PIN, - WPS_TYPE_MAX, + WPS_TYPE_DISABLE = 0, /**< WPS is disabled */ + WPS_TYPE_PBC, /**< WPS Push Button Configuration method */ + WPS_TYPE_PIN, /**< WPS PIN (Personal Identification Number) method */ + WPS_TYPE_MAX /**< Maximum value for WPS type enumeration */ } wps_type_t; -#define WPS_MAX_MANUFACTURER_LEN 65 -#define WPS_MAX_MODEL_NUMBER_LEN 33 -#define WPS_MAX_MODEL_NAME_LEN 33 -#define WPS_MAX_DEVICE_NAME_LEN 33 +#define WPS_MAX_MANUFACTURER_LEN 65 /**< Maximum length of the manufacturer name in WPS information */ +#define WPS_MAX_MODEL_NUMBER_LEN 33 /**< Maximum length of the model number in WPS information */ +#define WPS_MAX_MODEL_NAME_LEN 33 /**< Maximum length of the model name in WPS information */ +#define WPS_MAX_DEVICE_NAME_LEN 33 /**< Maximum length of the device name in WPS information */ +/** + * @brief Structure representing WPS factory information for ESP device. + * + * This structure holds various strings representing factory information for a device, such as the manufacturer, + * model number, model name, and device name. Each string is a null-terminated character array. If any of the + * strings are empty, the default values are used. + */ typedef struct { - char manufacturer[WPS_MAX_MANUFACTURER_LEN]; /*!< Manufacturer, null-terminated string. The default manufcturer is used if the string is empty */ - char model_number[WPS_MAX_MODEL_NUMBER_LEN]; /*!< Model number, null-terminated string. The default model number is used if the string is empty */ - char model_name[WPS_MAX_MODEL_NAME_LEN]; /*!< Model name, null-terminated string. The default model name is used if the string is empty */ - char device_name[WPS_MAX_DEVICE_NAME_LEN]; /*!< Device name, null-terminated string. The default device name is used if the string is empty */ + char manufacturer[WPS_MAX_MANUFACTURER_LEN]; /*!< Manufacturer of the device. If empty, the default manufacturer is used. */ + char model_number[WPS_MAX_MODEL_NUMBER_LEN]; /*!< Model number of the device. If empty, the default model number is used. */ + char model_name[WPS_MAX_MODEL_NAME_LEN]; /*!< Model name of the device. If empty, the default model name is used. */ + char device_name[WPS_MAX_DEVICE_NAME_LEN]; /*!< Device name. If empty, the default device name is used. */ } wps_factory_information_t; -#define PIN_LEN 9 +#define PIN_LEN 9 /*!< The length of the WPS PIN (Personal Identification Number). */ +/** + * @brief Structure representing configuration settings for WPS (Wi-Fi Protected Setup). + * + * This structure encapsulates various configuration settings for WPS, including the WPS type (PBC or PIN), + * factory information that will be shown in the WPS Information Element (IE), and a PIN if the WPS type is + * set to PIN. + */ typedef struct { - wps_type_t wps_type; - wps_factory_information_t factory_info; - char pin[PIN_LEN]; + wps_type_t wps_type; /*!< The type of WPS to be used (PBC or PIN). */ + wps_factory_information_t factory_info; /*!< Factory information to be shown in the WPS Information Element (IE). Vendor can choose to display their own information. */ + char pin[PIN_LEN]; /*!< WPS PIN (Personal Identification Number) used when wps_type is set to WPS_TYPE_PIN. */ } esp_wps_config_t; +/** + * @def WPS_CONFIG_INIT_DEFAULT(type) + * @brief Initialize a default WPS configuration structure with specified WPS type. + * + * This macro initializes a `esp_wps_config_t` structure with default values for the specified WPS type. + * It sets the WPS type, factory information (including default manufacturer, model number, model name, and device name), + * and a default PIN value if applicable. + * + * @param type The WPS type to be used (PBC or PIN). + * @return An initialized `esp_wps_config_t` structure with the specified WPS type and default values. + */ #define WPS_CONFIG_INIT_DEFAULT(type) { \ .wps_type = type, \ .factory_info = { \ @@ -73,9 +101,7 @@ typedef struct { /** * @brief Enable Wi-Fi WPS function. * - * @attention WPS can only be used when station is enabled. - * - * @param wps_type_t wps_type : WPS type, so far only WPS_TYPE_PBC and WPS_TYPE_PIN is supported + * @param config : WPS config to be used in connection * * @return * - ESP_OK : succeed @@ -88,8 +114,6 @@ esp_err_t esp_wifi_wps_enable(const esp_wps_config_t *config); /** * @brief Disable Wi-Fi WPS function and release resource it taken. * - * @param null - * * @return * - ESP_OK : succeed * - ESP_ERR_WIFI_WPS_MODE : wifi is not in station mode or sniffer mode is on @@ -97,9 +121,9 @@ esp_err_t esp_wifi_wps_enable(const esp_wps_config_t *config); esp_err_t esp_wifi_wps_disable(void); /** - * @brief WPS starts to work. + * @brief Start WPS session. * - * @attention WPS can only be used when station is enabled. + * @attention WPS can only be used when station is enabled. WPS needs to be enabled first for using this API. * * @param timeout_ms : deprecated: This argument's value will have not effect in functionality of API. * The argument will be removed in future. @@ -120,7 +144,7 @@ esp_err_t esp_wifi_wps_start(int timeout_ms); * * @attention WPS can only be used when softAP is enabled. * - * @param esp_wps_config_t config: wps configuration to be used. + * @param config: wps configuration to be used. * * @return * - ESP_OK : succeed @@ -133,8 +157,6 @@ esp_err_t esp_wifi_ap_wps_enable(const esp_wps_config_t *config); /** * @brief Disable Wi-Fi SoftAP WPS function and release resource it taken. * - * @param null - * * @return * - ESP_OK : succeed * - ESP_ERR_WIFI_WPS_MODE : wifi is not in station mode or sniffer mode is on diff --git a/docs/doxygen/Doxyfile b/docs/doxygen/Doxyfile index 255c7f685d..4f70bd75d2 100644 --- a/docs/doxygen/Doxyfile +++ b/docs/doxygen/Doxyfile @@ -185,6 +185,11 @@ INPUT = \ $(PROJECT_PATH)/components/esp_wifi/include/esp_wifi_default.h \ $(PROJECT_PATH)/components/esp_wifi/include/esp_wifi_types.h \ $(PROJECT_PATH)/components/esp_wifi/include/esp_wifi.h \ + $(PROJECT_PATH)/components/wpa_supplicant/esp_supplicant/include/esp_mbo.h \ + $(PROJECT_PATH)/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h \ + $(PROJECT_PATH)/components/wpa_supplicant/esp_supplicant/include/esp_rrm.h \ + $(PROJECT_PATH)/components/wpa_supplicant/esp_supplicant/include/esp_wnm.h \ + $(PROJECT_PATH)/components/wpa_supplicant/esp_supplicant/include/esp_wps.h \ $(PROJECT_PATH)/components/esp_wifi/wifi_apps/include/esp_nan.h \ $(PROJECT_PATH)/components/esp-tls/esp_tls_errors.h \ $(PROJECT_PATH)/components/esp-tls/esp_tls.h \ diff --git a/docs/en/api-reference/network/esp_wifi.rst b/docs/en/api-reference/network/esp_wifi.rst index 647f515118..2fc5e14890 100644 --- a/docs/en/api-reference/network/esp_wifi.rst +++ b/docs/en/api-reference/network/esp_wifi.rst @@ -28,3 +28,8 @@ API Reference .. include-build-file:: inc/esp_wifi.inc .. include-build-file:: inc/esp_wifi_types.inc +.. include-build-file:: inc/esp_eap_client.inc +.. include-build-file:: inc/esp_wps.inc +.. include-build-file:: inc/esp_rrm.inc +.. include-build-file:: inc/esp_wnm.inc +.. include-build-file:: inc/esp_mbo.inc diff --git a/docs/en/migration-guides/release-5.x/5.1/index.rst b/docs/en/migration-guides/release-5.x/5.1/index.rst index 4a3c4b65d7..b8689821db 100644 --- a/docs/en/migration-guides/release-5.x/5.1/index.rst +++ b/docs/en/migration-guides/release-5.x/5.1/index.rst @@ -11,3 +11,4 @@ Migration from 5.0 to 5.1 storage networking system + wifi diff --git a/docs/en/migration-guides/release-5.x/5.1/wifi.rst b/docs/en/migration-guides/release-5.x/5.1/wifi.rst new file mode 100644 index 0000000000..69ad9d00c2 --- /dev/null +++ b/docs/en/migration-guides/release-5.x/5.1/wifi.rst @@ -0,0 +1,10 @@ +WiFi +==== + +:link_to_translation:`zh_CN:[中文]` + + +WiFi Enterprise security +------------------------ + +APIs defined in `esp_wpa2.h` have been deprecated. Please use newer APIs from `esp_eap_client.h`. diff --git a/docs/zh_CN/migration-guides/release-5.x/5.1/index.rst b/docs/zh_CN/migration-guides/release-5.x/5.1/index.rst index c95cac366c..be372ff26a 100644 --- a/docs/zh_CN/migration-guides/release-5.x/5.1/index.rst +++ b/docs/zh_CN/migration-guides/release-5.x/5.1/index.rst @@ -11,3 +11,4 @@ storage networking system + wifi diff --git a/docs/zh_CN/migration-guides/release-5.x/5.1/wifi.rst b/docs/zh_CN/migration-guides/release-5.x/5.1/wifi.rst new file mode 100644 index 0000000000..dcc40433d9 --- /dev/null +++ b/docs/zh_CN/migration-guides/release-5.x/5.1/wifi.rst @@ -0,0 +1,10 @@ +WiFi +==== + +:link_to_translation:`en:[English]` + + +WiFi企业级安全 +------------------------ + +在 `esp_wpa2.h` 中定义的API已被弃用,请使用来自 `esp_eap_client.h` 的新API。 From a9714ebe117e328c3b527a07844c4de895dbbcbf Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Thu, 14 Sep 2023 13:07:57 +0530 Subject: [PATCH 5/5] change(wifi): Add dependency of group 19 for MbedTLS crypto --- components/esp_wifi/Kconfig | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/components/esp_wifi/Kconfig b/components/esp_wifi/Kconfig index 8698af9555..b37356141e 100644 --- a/components/esp_wifi/Kconfig +++ b/components/esp_wifi/Kconfig @@ -247,7 +247,7 @@ menu "Wi-Fi" config ESP_WIFI_ENABLE_WPA3_SAE bool "Enable WPA3-Personal" default y - depends on ESP_WIFI_MBEDTLS_CRYPTO + select ESP_WIFI_MBEDTLS_CRYPTO help Select this option to allow the device to establish a WPA3-Personal connection with eligible AP's. PMF (Protected Management Frames) is a prerequisite feature for a WPA3 connection, it needs to be @@ -431,9 +431,16 @@ menu "Wi-Fi" select MBEDTLS_ECP_C select MBEDTLS_ECDH_C select MBEDTLS_ECDSA_C - select MBEDTLS_TLS_ENABLED + select MBEDTLS_CMAC_C + select MBEDTLS_ECP_DP_SECP256R1_ENABLED help - Select this option to use MbedTLS crypto APIs which utilize hardware acceleration. + Select this option to enable the use of MbedTLS crypto APIs. + The internal crypto support within the supplicant is limited + and may not suffice for all new security features, including WPA3. + + It is recommended to always keep this option enabled. Additionally, + note that MbedTLS can leverage hardware acceleration if available, + resulting in significantly faster cryptographic operations. if ESP_WIFI_MBEDTLS_CRYPTO config ESP_WIFI_MBEDTLS_TLS_CLIENT @@ -459,6 +466,7 @@ menu "Wi-Fi" config ESP_WIFI_SUITE_B_192 bool "Enable NSA suite B support with 192 bit key" default n + depends on SOC_WIFI_GCMP_SUPPORT select ESP_WIFI_GCMP_SUPPORT select ESP_WIFI_GMAC_SUPPORT help