feat(wpa2): add wpa2_enterprise to esp8266

components/esp8266/CMakeLists.txt

@@ -67,7 +67,7 @@ else()
     target_link_libraries(${COMPONENT_LIB} PUBLIC "-L ${CMAKE_CURRENT_SOURCE_DIR}/lib" "-lstdc++")
 
     if(NOT CONFIG_NO_BLOBS)
-        set(blobs "gcc" "hal" "core" "net80211" "phy" "rtc" "clk" "pp" "smartconfig" "ssc" "wpa" "espnow" "wps")
+        set(blobs "gcc" "hal" "core" "net80211" "phy" "rtc" "clk" "pp" "smartconfig" "ssc" "wpa" "espnow" "wps" "wpa2")
         foreach(blob ${blobs})
             add_library(${blob} STATIC IMPORTED)
             set_property(TARGET ${blob} PROPERTY IMPORTED_LOCATION ${CMAKE_CURRENT_SOURCE_DIR}/lib/lib${blob}.a)

components/esp8266/Kconfig

@@ -568,6 +568,13 @@ config ESP8266_WIFI_DEBUG_LOG_SUBMODULE_FRAG
     help
         When this option is enabled, log for frag module will be enabled.
 
+config ESP8266_WIFI_DEBUG_LOG_SUBMODULE_WPA2
+    depends on ESP8266_WIFI_DEBUG_LOG_SUBMODULE
+    bool "wpa2_enterprise"
+    default n
+    help
+        When this option is enabled, log for wpa2_enterprise module will be enabled.
+
 endmenu
 
 menu PHY

components/esp8266/component.mk

@@ -13,10 +13,10 @@ LIBS ?=
 ifndef CONFIG_NO_BLOBS
 ifndef CONFIG_ESP8266_WIFI_DEBUG_LOG_ENABLE
 LIBS += gcc hal core net80211 \
-        phy rtc clk pp smartconfig ssc wpa espnow wps
+        phy rtc clk pp smartconfig ssc wpa espnow wps wpa2
 else
 LIBS += gcc hal core_dbg net80211_dbg \
-        phy rtc clk pp_dbg smartconfig ssc wpa_dbg espnow_dbg wps_dbg
+        phy rtc clk pp_dbg smartconfig ssc wpa_dbg espnow_dbg wps_dbg wpa2_dbg
 endif
 endif
 

components/esp8266/include/esp_wifi_crypto_types.h

@@ -748,6 +748,39 @@ typedef struct{
     esp_eap_msg_alloc_t eap_msg_alloc;
 }wps_crypto_funcs_t;
 
+/**
+  * @brief The crypto callback function structure used when do WPA enterprise connect.
+  *        The structure can be set as software crypto or the crypto optimized by ESP32
+  *        hardware.
+  */
+typedef struct {
+    uint32_t size;
+    uint32_t version;
+    esp_crypto_hash_init_t crypto_hash_init;                  /**< function used to initialize a crypto_hash structure when use TLSV1 */
+    esp_crypto_hash_update_t crypto_hash_update;              /**< function used to calculate hash data when use TLSV1 */
+    esp_crypto_hash_finish_t crypto_hash_finish;              /**< function used to finish the hash calculate when use TLSV1 */
+    esp_crypto_cipher_init_t crypto_cipher_init;              /**< function used to initialize a crypt_cipher structure when use TLSV1 */
+    esp_crypto_cipher_encrypt_t crypto_cipher_encrypt;        /**< function used to encrypt cipher when use TLSV1 */
+    esp_crypto_cipher_decrypt_t crypto_cipher_decrypt;        /**< function used to decrypt cipher when use TLSV1 */
+    esp_crypto_cipher_deinit_t crypto_cipher_deinit;          /**< function used to free context when use TLSV1 */
+    esp_crypto_mod_exp_t crypto_mod_exp;                      /**< function used to do key exchange when use TLSV1 */
+    esp_sha256_vector_t sha256_vector;                        /**< function used to do X.509v3 certificate parsing and processing */
+    esp_tls_init_t tls_init;
+    esp_tls_deinit_t tls_deinit;
+    esp_eap_peer_blob_init_t eap_peer_blob_init;
+    esp_eap_peer_blob_deinit_t eap_peer_blob_deinit;
+    esp_eap_peer_config_init_t eap_peer_config_init;
+    esp_eap_peer_config_deinit_t eap_peer_config_deinit;
+    esp_eap_peer_register_methods_t eap_peer_register_methods;
+    esp_eap_peer_unregister_methods_t eap_peer_unregister_methods;
+    esp_eap_deinit_prev_method_t eap_deinit_prev_method;
+    esp_eap_peer_get_eap_method_t eap_peer_get_eap_method;
+    esp_eap_sm_abort_t eap_sm_abort;
+    esp_eap_sm_build_nak_t eap_sm_build_nak;
+    esp_eap_sm_build_identity_resp_t eap_sm_build_identity_resp;
+    esp_eap_msg_alloc_t eap_msg_alloc;
+} wpa2_crypto_funcs_t;
+
 #ifdef __cplusplus
 }
 #endif

components/esp8266/include/esp_wpa2.h

@@ -0,0 +1,206 @@
+// Hardware crypto support Copyright 2017 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef ESP_WPA2_H
+#define ESP_WPA2_H
+
+#include <stdbool.h>
+#include "esp_wifi_crypto_types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern const wpa2_crypto_funcs_t g_wifi_default_wpa2_crypto_funcs;
+
+typedef struct {
+    const wpa2_crypto_funcs_t *crypto_funcs;
+}esp_wpa2_config_t;
+
+#define WPA2_CONFIG_INIT_DEFAULT() { \
+    .crypto_funcs = &g_wifi_default_wpa2_crypto_funcs \
+}
+
+/**
+  * @brief  Enable wpa2 enterprise authentication.
+  *
+  * @attention 1. wpa2 enterprise authentication can only be used when ESP32 station is enabled.
+  * @attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method.
+  *
+  * @return
+  *    - ESP_OK: succeed.
+  *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
+  */
+esp_err_t esp_wifi_sta_wpa2_ent_enable(const esp_wpa2_config_t *config);
+
+/**
+  * @brief  Disable wpa2 enterprise authentication.
+  *
+  * @attention 1. wpa2 enterprise authentication can only be used when ESP32 station is enabled.
+  * @attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method.
+  *
+  * @return
+  *    - ESP_OK: succeed.
+  */
+esp_err_t esp_wifi_sta_wpa2_ent_disable(void);
+
+/**
+  * @brief  Set identity for PEAP/TTLS method.
+  *
+  * @attention The API only passes the parameter identity to the global pointer variable in wpa2 enterprise module.
+  *
+  * @param  identity: point to address where stores the identity;
+  * @param  len: length of identity, limited to 1~127
+  *
+  * @return
+  *    - ESP_OK: succeed
+  *    - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128)
+  *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
+  */
+esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len);
+
+/**
+  * @brief  Clear identity for PEAP/TTLS method.
+  */
+void esp_wifi_sta_wpa2_ent_clear_identity(void);
+
+/**
+  * @brief  Set username for PEAP/TTLS method.
+  *
+  * @attention The API only passes the parameter username to the global pointer variable in wpa2 enterprise module.
+  *
+  * @param  username: point to address where stores the username;
+  * @param  len: length of username, limited to 1~127
+  *
+  * @return
+  *    - ESP_OK: succeed
+  *    - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128)
+  *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
+  */
+esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len);
+
+/**
+  * @brief  Clear username for PEAP/TTLS method.
+  */
+void esp_wifi_sta_wpa2_ent_clear_username(void);
+
+/**
+  * @brief  Set password for PEAP/TTLS method..
+  *
+  * @attention The API only passes the parameter password to the global pointer variable in wpa2 enterprise module.
+  *
+  * @param  password: point to address where stores the password;
+  * @param  len: length of password(len > 0)
+  *
+  * @return
+  *    - ESP_OK: succeed
+  *    - ESP_ERR_INVALID_ARG: fail(len <= 0)
+  *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
+  */
+esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len);
+
+/**
+  * @brief  Clear password for PEAP/TTLS method..
+  */
+void esp_wifi_sta_wpa2_ent_clear_password(void);
+
+/**
+  * @brief  Set new password for MSCHAPv2 method..
+  *
+  * @attention 1. The API only passes the parameter password to the global pointer variable in wpa2 enterprise module.
+  * @attention 2. The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received.
+  *
+  * @param  new_password: point to address where stores the password;
+  * @param  len: length of password
+  *
+  * @return
+  *    - ESP_OK: succeed
+  *    - ESP_ERR_INVALID_ARG: fail(len <= 0)
+  *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
+  */
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len);
+
+/**
+  * @brief  Clear new password for MSCHAPv2 method..
+  */
+void esp_wifi_sta_wpa2_ent_clear_new_password(void);
+
+/**
+  * @brief  Set CA certificate for PEAP/TTLS method.
+  *
+  * @attention 1. The API only passes the parameter ca_cert to the global pointer variable in wpa2 enterprise module.
+  * @attention 2. The ca_cert should be zero terminated.
+  *
+  * @param  ca_cert: point to address where stores the CA certificate;
+  * @param  ca_cert_len: length of ca_cert
+  *
+  * @return
+  *    - ESP_OK: succeed
+  */
+esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len);
+
+/**
+  * @brief  Clear CA certificate for PEAP/TTLS method.
+  */
+void esp_wifi_sta_wpa2_ent_clear_ca_cert(void);
+
+/**
+  * @brief  Set client certificate and key.
+  *
+  * @attention 1. The API only passes the parameter client_cert, private_key and private_key_passwd to the global pointer variable in wpa2 enterprise module.
+  * @attention 2. The client_cert, private_key and private_key_passwd should be zero terminated.
+  *
+  * @param  client_cert: point to address where stores the client certificate;
+  * @param  client_cert_len: length of client certificate;
+  * @param  private_key: point to address where stores the private key;
+  * @param  private_key_len: length of private key, limited to 1~2048;
+  * @param  private_key_password: point to address where stores the private key password;
+  * @param  private_key_password_len: length of private key password;
+  *
+  * @return
+  *    - ESP_OK: succeed
+  */
+esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len);
+
+/**
+  * @brief  Clear client certificate and key.
+  */
+void esp_wifi_sta_wpa2_ent_clear_cert_key(void);
+
+/**
+  * @brief  Set wpa2 enterprise certs time check(disable or not).
+  *
+  * @param  true: disable wpa2 enterprise certs time check
+  * @param  false: enable wpa2 enterprise certs time check
+  *
+  * @return
+  *    - ESP_OK: succeed
+  */
+esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable);
+
+/**
+  * @brief  Get wpa2 enterprise certs time check(disable or not).
+  *
+  * @param  disable: store disable value
+  *
+  * @return
+  *    - ESP_OK: succeed
+  */
+esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable);
+
+#ifdef __cplusplus
+}
+#endif
+#endif

components/esp8266/include/internal/esp_wifi_internal.h

@@ -56,6 +56,8 @@ typedef enum {
 #define WIFI_LOG_SUBMODULE_AMPDU     (1<<12)
 #define WIFI_LOG_SUBMODULE_AMSDU     (1<<13)
 #define WIFI_LOG_SUBMODULE_FRAG      (1<<14)
+#define WIFI_LOG_SUBMODULE_WPA2      (1<<15)
+
 /**
   * @brief     Set WIFI received TCP/IP data cache ram type
   *

components/esp8266/lib/VERSION

@@ -1,10 +1,11 @@
 gwen:
-    core:       158ee68
-    net80211:   72ecd98
-    pp:         dedbcf0
-    wpa:        743c778
-    espnow:     743c778
-    wps:        6a32b9b
+    core:       a021d6d
+    net80211:   a021d6d
+    pp:         a021d6d
+    wpa:        a021d6d
+    espnow:     a021d6d
+    wps:        a021d6d
+    wpa2:       a021d6d
 
     smartconfig:  2.8.2
     phy:          1155.0

components/esp8266/source/esp_wifi.c

@@ -86,6 +86,9 @@ static void esp_wifi_set_debug_log()
 #endif
 #if CONFIG_ESP8266_WIFI_DEBUG_LOG_SUBMODULE_FRAG
     wifi_log_submodule |= WIFI_LOG_SUBMODULE_FRAG;
+#endif
+#if CONFIG_ESP8266_WIFI_DEBUG_LOG_SUBMODULE_WPA2
+    wifi_log_submodule |= WIFI_LOG_SUBMODULE_WPA2;
 #endif
     esp_wifi_internal_set_log_level(wifi_log_level);
     esp_wifi_internal_set_log_mod(wifi_log_submodule);

components/esp8266/source/esp_wifi_os_adapter.c

@@ -145,3 +145,27 @@ void *__wifi_task_top_sp(void)
 
     return pxCurrentTCB[0];
 }
+
+void* __wifi_semphr_create(uint32_t max, uint32_t init)
+{
+    return (void*)xSemaphoreCreateCounting(max, init);
+}
+
+void __wifi_semphr_delete(void* semphr)
+{
+    vSemaphoreDelete(semphr);
+}
+
+int32_t __wifi_semphr_take(void* semphr, uint32_t block_time_tick)
+{
+    if (block_time_tick == OSI_FUNCS_TIME_BLOCKING) {
+        return (int32_t)xSemaphoreTake(semphr, portMAX_DELAY);
+    } else {
+        return (int32_t)xSemaphoreTake(semphr, block_time_tick);
+    }
+}
+
+int32_t __wifi_semphr_give(void* semphr)
+{
+    return (int32_t)xSemaphoreGive(semphr);
+}