From ebc0b42c75a58ea456c064abd5ffd6c85006b5ec Mon Sep 17 00:00:00 2001 From: "kapil.gupta" Date: Thu, 10 Sep 2020 15:39:54 +0530 Subject: [PATCH] esp_wifi: Add support for 802.1x sha256 auth key mode Closes https://github.com/espressif/esp-idf/issues/5805 --- components/esp_wifi/lib | 2 +- .../src/esp_supplicant/esp_wifi_driver.h | 3 ++- components/wpa_supplicant/src/rsn_supp/wpa.c | 22 +++++++++++++++---- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/components/esp_wifi/lib b/components/esp_wifi/lib index 04203355fe..977bd355ec 160000 --- a/components/esp_wifi/lib +++ b/components/esp_wifi/lib @@ -1 +1 @@ -Subproject commit 04203355fe888091c3d97db16833a4cf7a99c96e +Subproject commit 977bd355ec7f794fefecf03ba64a64860abcb753 diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wifi_driver.h b/components/wpa_supplicant/src/esp_supplicant/esp_wifi_driver.h index 140d6d1e8a..7e5cf1423f 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wifi_driver.h +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wifi_driver.h @@ -65,7 +65,8 @@ enum { WPA2_AUTH_CCKM = 0x07, WPA2_AUTH_PSK_SHA256= 0x08, WPA3_AUTH_PSK = 0x09, - WPA2_AUTH_INVALID = 0x0a, + WPA2_AUTH_ENT_SHA256= 0x0a, + WPA2_AUTH_INVALID = 0x0b, }; typedef enum { diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index deafceac15..d08704d19d 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -138,6 +138,20 @@ uint32_t cipher_type_map_public_to_supp(wifi_cipher_type_t cipher) } } +static bool is_wpa2_enterprise_connection(void) +{ + uint8_t authmode; + + if (esp_wifi_sta_prof_is_wpa2_internal()) { + authmode = esp_wifi_sta_get_prof_authmode_internal(); + if ((authmode == WPA2_AUTH_ENT) || (authmode == WPA2_AUTH_ENT_SHA256)) { + return true; + } + } + + return false; +} + /** * get_bssid - Get the current BSSID * @priv: private driver interface data @@ -589,8 +603,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, if (res) goto failed; - if (esp_wifi_sta_prof_is_wpa2_internal() && - esp_wifi_sta_get_prof_authmode_internal() == WPA2_AUTH_ENT) { + if (is_wpa2_enterprise_connection()) { pmksa_cache_set_current(sm, NULL, sm->bssid, 0, 0); } @@ -2088,6 +2101,8 @@ void wpa_set_profile(u32 wpa_proto, u8 auth_mode) sm->proto = wpa_proto; if (auth_mode == WPA2_AUTH_ENT) { sm->key_mgmt = WPA_KEY_MGMT_IEEE8021X; /* for wpa2 enterprise */ + } else if (auth_mode == WPA2_AUTH_ENT_SHA256) { + sm->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256; /* for wpa2 enterprise sha256 */ } else if (auth_mode == WPA2_AUTH_PSK_SHA256) { sm->key_mgmt = WPA_KEY_MGMT_PSK_SHA256; } else if (auth_mode == WPA3_AUTH_PSK) { @@ -2127,8 +2142,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, sm->ap_notify_completed_rsne = esp_wifi_sta_is_ap_notify_completed_rsne_internal(); if (sm->key_mgmt == WPA_KEY_MGMT_SAE || - (esp_wifi_sta_prof_is_wpa2_internal() && - esp_wifi_sta_get_prof_authmode_internal() == WPA2_AUTH_ENT)) { + is_wpa2_enterprise_connection()) { pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0); wpa_sm_set_pmk_from_pmksa(sm); }