mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
7ed8fdac59
While using esp_wifi_set_config, flag pmf_capable defaults to 0. Users may not bother to enable it, which prevents connection to a WPA3 AP. Or the AP may reset into WPA3 mode failing the re-connection. To ensure better security, deprecate the pmf_capable flag and set it to true internally.
189 lines
7.3 KiB
C
189 lines
7.3 KiB
C
/* WiFi Connection Example using WPA2 Enterprise
|
|
*
|
|
* Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
|
|
* Additions Copyright (C) Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
|
|
*
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include "freertos/FreeRTOS.h"
|
|
#include "freertos/task.h"
|
|
#include "freertos/event_groups.h"
|
|
#include "esp_wifi.h"
|
|
#include "esp_wpa2.h"
|
|
#include "esp_event.h"
|
|
#include "esp_log.h"
|
|
#include "esp_system.h"
|
|
#include "nvs_flash.h"
|
|
#include "esp_netif.h"
|
|
|
|
/* The examples use simple WiFi configuration that you can set via
|
|
project configuration menu.
|
|
|
|
If you'd rather not, just change the below entries to strings with
|
|
the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
|
|
|
|
You can choose EAP method via project configuration according to the
|
|
configuration of AP.
|
|
*/
|
|
#define EXAMPLE_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
|
|
#define EXAMPLE_EAP_METHOD CONFIG_EXAMPLE_EAP_METHOD
|
|
|
|
#define EXAMPLE_EAP_ID CONFIG_EXAMPLE_EAP_ID
|
|
#define EXAMPLE_EAP_USERNAME CONFIG_EXAMPLE_EAP_USERNAME
|
|
#define EXAMPLE_EAP_PASSWORD CONFIG_EXAMPLE_EAP_PASSWORD
|
|
|
|
/* FreeRTOS event group to signal when we are connected & ready to make a request */
|
|
static EventGroupHandle_t wifi_event_group;
|
|
|
|
/* esp netif object representing the WIFI station */
|
|
static esp_netif_t *sta_netif = NULL;
|
|
|
|
/* The event group allows multiple bits for each event,
|
|
but we only care about one event - are we connected
|
|
to the AP with an IP? */
|
|
const int CONNECTED_BIT = BIT0;
|
|
|
|
static const char *TAG = "example";
|
|
|
|
/* CA cert, taken from ca.pem
|
|
Client cert, taken from client.crt
|
|
Client key, taken from client.key
|
|
|
|
The PEM, CRT and KEY file were provided by the person or organization
|
|
who configured the AP with wpa2 enterprise.
|
|
|
|
To embed it in the app binary, the PEM, CRT and KEY file is named
|
|
in the component.mk COMPONENT_EMBED_TXTFILES variable.
|
|
*/
|
|
#ifdef CONFIG_EXAMPLE_VALIDATE_SERVER_CERT
|
|
extern uint8_t ca_pem_start[] asm("_binary_ca_pem_start");
|
|
extern uint8_t ca_pem_end[] asm("_binary_ca_pem_end");
|
|
#endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */
|
|
|
|
#ifdef CONFIG_EXAMPLE_EAP_METHOD_TLS
|
|
extern uint8_t client_crt_start[] asm("_binary_client_crt_start");
|
|
extern uint8_t client_crt_end[] asm("_binary_client_crt_end");
|
|
extern uint8_t client_key_start[] asm("_binary_client_key_start");
|
|
extern uint8_t client_key_end[] asm("_binary_client_key_end");
|
|
#endif /* CONFIG_EXAMPLE_EAP_METHOD_TLS */
|
|
|
|
#if defined CONFIG_EXAMPLE_EAP_METHOD_TTLS
|
|
esp_eap_ttls_phase2_types TTLS_PHASE2_METHOD = CONFIG_EXAMPLE_EAP_METHOD_TTLS_PHASE_2;
|
|
#endif /* CONFIG_EXAMPLE_EAP_METHOD_TTLS */
|
|
|
|
static void event_handler(void* arg, esp_event_base_t event_base,
|
|
int32_t event_id, void* event_data)
|
|
{
|
|
if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
|
|
esp_wifi_connect();
|
|
} else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) {
|
|
esp_wifi_connect();
|
|
xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
|
|
} else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
|
|
xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
|
|
}
|
|
}
|
|
|
|
static void initialise_wifi(void)
|
|
{
|
|
#ifdef CONFIG_EXAMPLE_VALIDATE_SERVER_CERT
|
|
unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start;
|
|
#endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */
|
|
|
|
#ifdef CONFIG_EXAMPLE_EAP_METHOD_TLS
|
|
unsigned int client_crt_bytes = client_crt_end - client_crt_start;
|
|
unsigned int client_key_bytes = client_key_end - client_key_start;
|
|
#endif /* CONFIG_EXAMPLE_EAP_METHOD_TLS */
|
|
|
|
ESP_ERROR_CHECK(esp_netif_init());
|
|
wifi_event_group = xEventGroupCreate();
|
|
ESP_ERROR_CHECK(esp_event_loop_create_default());
|
|
sta_netif = esp_netif_create_default_wifi_sta();
|
|
assert(sta_netif);
|
|
|
|
wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
|
|
ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
|
|
ESP_ERROR_CHECK( esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL) );
|
|
ESP_ERROR_CHECK( esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL) );
|
|
ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
|
|
wifi_config_t wifi_config = {
|
|
.sta = {
|
|
.ssid = EXAMPLE_WIFI_SSID,
|
|
#if defined (CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE)
|
|
.pmf_cfg = {
|
|
.required = true
|
|
},
|
|
#endif
|
|
},
|
|
};
|
|
ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
|
|
ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
|
|
ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
|
|
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) );
|
|
|
|
#if defined(CONFIG_EXAMPLE_VALIDATE_SERVER_CERT) || \
|
|
defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE) || \
|
|
defined(CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE)
|
|
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ca_cert(ca_pem_start, ca_pem_bytes) );
|
|
#endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */ /* EXAMPLE_WPA3_ENTERPRISE */
|
|
|
|
#ifdef CONFIG_EXAMPLE_EAP_METHOD_TLS
|
|
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_cert_key(client_crt_start, client_crt_bytes,\
|
|
client_key_start, client_key_bytes, NULL, 0) );
|
|
#endif /* CONFIG_EXAMPLE_EAP_METHOD_TLS */
|
|
|
|
#if defined CONFIG_EXAMPLE_EAP_METHOD_PEAP || CONFIG_EXAMPLE_EAP_METHOD_TTLS
|
|
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)) );
|
|
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)) );
|
|
#endif /* CONFIG_EXAMPLE_EAP_METHOD_PEAP || CONFIG_EXAMPLE_EAP_METHOD_TTLS */
|
|
|
|
#if defined CONFIG_EXAMPLE_EAP_METHOD_TTLS
|
|
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(TTLS_PHASE2_METHOD) );
|
|
#endif /* CONFIG_EXAMPLE_EAP_METHOD_TTLS */
|
|
#if defined (CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE)
|
|
ESP_LOGI(TAG, "Enabling 192 bit certification");
|
|
ESP_ERROR_CHECK(esp_wifi_sta_wpa2_set_suiteb_192bit_certification(true));
|
|
#endif
|
|
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_enable() );
|
|
ESP_ERROR_CHECK( esp_wifi_start() );
|
|
}
|
|
|
|
static void wpa2_enterprise_example_task(void *pvParameters)
|
|
{
|
|
esp_netif_ip_info_t ip;
|
|
memset(&ip, 0, sizeof(esp_netif_ip_info_t));
|
|
vTaskDelay(2000 / portTICK_PERIOD_MS);
|
|
|
|
while (1) {
|
|
vTaskDelay(2000 / portTICK_PERIOD_MS);
|
|
|
|
if (esp_netif_get_ip_info(sta_netif, &ip) == 0) {
|
|
ESP_LOGI(TAG, "~~~~~~~~~~~");
|
|
ESP_LOGI(TAG, "IP:"IPSTR, IP2STR(&ip.ip));
|
|
ESP_LOGI(TAG, "MASK:"IPSTR, IP2STR(&ip.netmask));
|
|
ESP_LOGI(TAG, "GW:"IPSTR, IP2STR(&ip.gw));
|
|
ESP_LOGI(TAG, "~~~~~~~~~~~");
|
|
}
|
|
}
|
|
}
|
|
|
|
void app_main(void)
|
|
{
|
|
ESP_ERROR_CHECK( nvs_flash_init() );
|
|
initialise_wifi();
|
|
xTaskCreate(&wpa2_enterprise_example_task, "wpa2_enterprise_example_task", 4096, NULL, 5, NULL);
|
|
}
|