From 280a342826d95d999065dde43b81e5cab0e2d340 Mon Sep 17 00:00:00 2001 From: "kapil.gupta" Date: Thu, 10 Sep 2020 15:39:54 +0530 Subject: [PATCH] esp_wifi: Add support for 802.1x sha256 auth key mode Closes https://github.com/espressif/esp-idf/issues/5805 --- .../src/esp_supplicant/esp_wifi_driver.h | 3 ++- components/wpa_supplicant/src/rsn_supp/wpa.c | 23 +++++++++++++++---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wifi_driver.h b/components/wpa_supplicant/src/esp_supplicant/esp_wifi_driver.h index 4415f200a8..e394658e53 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wifi_driver.h +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wifi_driver.h @@ -65,7 +65,8 @@ enum { WPA2_AUTH_CCKM = 0x07, WPA2_AUTH_PSK_SHA256= 0x08, WPA3_AUTH_PSK = 0x09, - WPA2_AUTH_INVALID = 0x0a, + WPA2_AUTH_ENT_SHA256= 0x0a, + WPA2_AUTH_INVALID = 0x0b, }; typedef enum { diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 00297d5b0b..898fdf54db 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -136,6 +136,20 @@ uint32_t cipher_type_map_public_to_supp(wifi_cipher_type_t cipher) } } +static bool is_wpa2_enterprise_connection(void) +{ + uint8_t authmode; + + if (esp_wifi_sta_prof_is_wpa2_internal()) { + authmode = esp_wifi_sta_get_prof_authmode_internal(); + if ((authmode == WPA2_AUTH_ENT) || (authmode == WPA2_AUTH_ENT_SHA256)) { + return true; + } + } + + return false; +} + /** * get_bssid - Get the current BSSID * @priv: private driver interface data @@ -587,8 +601,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, if (res) goto failed; - if (esp_wifi_sta_prof_is_wpa2_internal() && - esp_wifi_sta_get_prof_authmode_internal() == WPA2_AUTH_ENT) { + if (is_wpa2_enterprise_connection()) { pmksa_cache_set_current(sm, NULL, sm->bssid, 0, 0); } @@ -2078,6 +2091,8 @@ void wpa_set_profile(u32 wpa_proto, u8 auth_mode) sm->proto = wpa_proto; if (auth_mode == WPA2_AUTH_ENT) { sm->key_mgmt = WPA_KEY_MGMT_IEEE8021X; /* for wpa2 enterprise */ + } else if (auth_mode == WPA2_AUTH_ENT_SHA256) { + sm->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256; /* for wpa2 enterprise sha256 */ } else if (auth_mode == WPA2_AUTH_PSK_SHA256) { sm->key_mgmt = WPA_KEY_MGMT_PSK_SHA256; } else if (auth_mode == WPA3_AUTH_PSK) { @@ -2116,9 +2131,7 @@ int wpa_set_bss(char *macddr, char * bssid, u8 pairwise_cipher, u8 group_cipher, memcpy(sm->bssid, bssid, ETH_ALEN); sm->ap_notify_completed_rsne = esp_wifi_sta_is_ap_notify_completed_rsne_internal(); - if (sm->key_mgmt == WPA_KEY_MGMT_SAE || - (esp_wifi_sta_prof_is_wpa2_internal() && - esp_wifi_sta_get_prof_authmode_internal() == WPA2_AUTH_ENT)) { + if (sm->key_mgmt == WPA_KEY_MGMT_SAE || is_wpa2_enterprise_connection()) { if (!esp_wifi_skip_supp_pmkcaching()) { pmksa_cache_set_current(sm, NULL, (const u8*) bssid, 0, 0); wpa_sm_set_pmk_from_pmksa(sm);