From bab60d20afffd351e56caad07a5a63d86e29d6d7 Mon Sep 17 00:00:00 2001
From: Hrudaynath Dhabe <hrudaynath.dhabe@espressif.com>
Date: Mon, 6 Dec 2021 16:29:35 +0530
Subject: [PATCH] esp_wifi: Add an example for EAP-FAST.

---
 examples/wifi/wifi_eap_fast/CMakeLists.txt    |   9 ++
 examples/wifi/wifi_eap_fast/Makefile          |   8 +
 examples/wifi/wifi_eap_fast/README.md         |  67 ++++++++
 .../wifi/wifi_eap_fast/main/CMakeLists.txt    |   4 +
 .../wifi/wifi_eap_fast/main/Kconfig.projbuild |  33 ++++
 examples/wifi/wifi_eap_fast/main/ca.pem       |  23 +++
 examples/wifi/wifi_eap_fast/main/component.mk |   9 ++
 examples/wifi/wifi_eap_fast/main/pac_file.pac |   0
 examples/wifi/wifi_eap_fast/main/server.crt   |  70 +++++++++
 examples/wifi/wifi_eap_fast/main/server.key   |  27 ++++
 examples/wifi/wifi_eap_fast/main/server.pem   |  57 +++++++
 .../wifi_eap_fast/main/wifi_eap_fast_main.c   | 148 ++++++++++++++++++
 .../wifi/wifi_eap_fast/sdkconfig.defaults     |   1 +
 13 files changed, 456 insertions(+)
 create mode 100644 examples/wifi/wifi_eap_fast/CMakeLists.txt
 create mode 100644 examples/wifi/wifi_eap_fast/Makefile
 create mode 100644 examples/wifi/wifi_eap_fast/README.md
 create mode 100644 examples/wifi/wifi_eap_fast/main/CMakeLists.txt
 create mode 100644 examples/wifi/wifi_eap_fast/main/Kconfig.projbuild
 create mode 100644 examples/wifi/wifi_eap_fast/main/ca.pem
 create mode 100644 examples/wifi/wifi_eap_fast/main/component.mk
 create mode 100644 examples/wifi/wifi_eap_fast/main/pac_file.pac
 create mode 100644 examples/wifi/wifi_eap_fast/main/server.crt
 create mode 100644 examples/wifi/wifi_eap_fast/main/server.key
 create mode 100644 examples/wifi/wifi_eap_fast/main/server.pem
 create mode 100644 examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c
 create mode 100644 examples/wifi/wifi_eap_fast/sdkconfig.defaults

diff --git a/examples/wifi/wifi_eap_fast/CMakeLists.txt b/examples/wifi/wifi_eap_fast/CMakeLists.txt
new file mode 100644
index 0000000000..c3da72840d
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/CMakeLists.txt
@@ -0,0 +1,9 @@
+
+# (Automatically converted from project Makefile by convert_to_cmake.py.)
+
+# The following lines of boilerplate have to be in your project's CMakeLists
+# in this exact order for cmake to work correctly
+cmake_minimum_required(VERSION 3.5)
+
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+project(wifi_eap_fast)
diff --git a/examples/wifi/wifi_eap_fast/Makefile b/examples/wifi/wifi_eap_fast/Makefile
new file mode 100644
index 0000000000..e2a68e2ca3
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/Makefile
@@ -0,0 +1,8 @@
+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+
+PROJECT_NAME := wifi_eap_fast
+
+include $(IDF_PATH)/make/project.mk
diff --git a/examples/wifi/wifi_eap_fast/README.md b/examples/wifi/wifi_eap_fast/README.md
new file mode 100644
index 0000000000..aced7cc9bc
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/README.md
@@ -0,0 +1,67 @@
+# WPA2 Enterprise Example
+
+This example shows how ESP32 connects to AP with Wi-Fi enterprise encryption using the EAP-FAST method. The example does the following steps:
+
+1. Install CA certificate which is optional.
+2. Set user name and password and identity.
+3. Set the PAC file which may be empty.
+4. Enable wpa2 enterprise.
+5. Connect to AP.
+
+*Note:* 1. EAP-FAST is not supported with `CONFIG_WPA_MBEDTLS_CRYPTO` and so is disabled by default.
+        2. Setting the config `fast_provisioning` to methods 0 and 1 do not support saving the PAC credentials in case of a restart or loss of power.
+        3. The certificates present in the `examples/wifi/wifi_eap_fast/main` folder contain server certificates which have the corresponding CA as well. These can be used for server validation which is opptional.
+        4. The expiration date of these certificates is 2027/06/05.
+
+### Configuration
+
+```
+idf.py menuconfig
+```
+* Set SSID of Access Point to connect in Example Configuration.
+* Enter EAP-ID.
+* Enter Username and Password.
+* Enable or disable Validate Server option.
+
+### Build and Flash the project.
+
+```
+idf.py -p PORT flash monitor
+```
+
+### Example output
+
+Here is an example of wpa2 enterprise (FAST method) console output.
+```
+I (690) example: Setting WiFi configuration SSID wpa2_test...
+I (690) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07
+I (800) wifi:mode : sta (24:6f:28:80:41:78)
+I (800) wifi:enable tsf
+I (1410) wifi:new:<6,0>, old:<1,0>, ap:<255,255>, sta:<6,0>, prof:1
+I (2410) wifi:state: init -> auth (b0)
+I (2420) wifi:state: auth -> assoc (0)
+E (2420) wifi:Association refused temporarily, comeback time 3072 mSec
+I (5500) wifi:state: assoc -> assoc (0)
+I (5500) wifi:state: assoc -> init (6c0)
+I (5500) wifi:new:<6,0>, old:<6,0>, ap:<255,255>, sta:<6,0>, prof:1
+I (7560) wifi:new:<6,0>, old:<6,0>, ap:<255,255>, sta:<6,0>, prof:1
+I (7560) wifi:state: init -> auth (b0)
+I (7560) wifi:state: auth -> assoc (0)
+I (7570) wifi:state: assoc -> run (10)
+I (7770) wifi:connected with wpa2_test, aid = 1, channel 6, BW20, bssid = 24:4b:fe:ab:be:99
+I (7770) wifi:security: WPA2-ENT, phy: bg, rssi: -80
+I (7780) wifi:pm start, type: 1
+
+I (7800) example: ~~~~~~~~~~~
+I (7800) example: IP:0.0.0.0
+I (7800) example: MASK:0.0.0.0
+I (7800) example: GW:0.0.0.0
+I (7800) example: ~~~~~~~~~~~
+I (7870) wifi:AP's beacon interval = 102400 us, DTIM period = 1
+I (8580) esp_netif_handlers: sta ip: 192.168.5.3, mask: 255.255.255.0, gw: 192.168.5.1
+I (12800) example: ~~~~~~~~~~~
+I (12800) example: IP:192.168.5.3
+I (12800) example: MASK:255.255.255.0
+I (12800) example: GW:192.168.5.1
+I (12800) example: ~~~~~~~~~~~
+```
diff --git a/examples/wifi/wifi_eap_fast/main/CMakeLists.txt b/examples/wifi/wifi_eap_fast/main/CMakeLists.txt
new file mode 100644
index 0000000000..52efdcebe8
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/main/CMakeLists.txt
@@ -0,0 +1,4 @@
+# Embed CA, certificate & key directly into binary
+idf_component_register(SRCS "wifi_eap_fast_main.c"
+                    INCLUDE_DIRS "."
+                    EMBED_TXTFILES ca.pem pac_file.pac)
diff --git a/examples/wifi/wifi_eap_fast/main/Kconfig.projbuild b/examples/wifi/wifi_eap_fast/main/Kconfig.projbuild
new file mode 100644
index 0000000000..afcb77f74c
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/main/Kconfig.projbuild
@@ -0,0 +1,33 @@
+menu "Example Configuration"
+
+    config EXAMPLE_WIFI_SSID
+        string "WiFi SSID"
+        default "wpa2_test"
+        help
+            SSID (network name) for the example to connect to.
+
+    config EXAMPLE_VALIDATE_SERVER_CERT
+        bool "Validate server"
+        default y
+        help
+            Validate the servers' certificate using CA cert.
+
+    config EXAMPLE_EAP_ID
+        string "EAP ID"
+        default "example@espressif.com"
+        help
+            Identity in phase 1 of EAP procedure.
+
+    config EXAMPLE_EAP_USERNAME
+        string "EAP USERNAME"
+        default "espressif"
+        help
+            Username for EAP method.
+
+    config EXAMPLE_EAP_PASSWORD
+        string "EAP PASSWORD"
+        default "test11"
+        help
+            Password for EAP method.
+
+endmenu
diff --git a/examples/wifi/wifi_eap_fast/main/ca.pem b/examples/wifi/wifi_eap_fast/main/ca.pem
new file mode 100644
index 0000000000..1bdf23d94b
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/main/ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3DCCA0WgAwIBAgIJAMnlgL1czsmjMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD
+VQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hlcmUxFTAT
+BgNVBAoMDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBs
+ZS5jb20xJjAkBgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE3MDYwNzA4MDY0OVoXDTI3MDYwNTA4MDY0OVowgZMxCzAJBgNVBAYTAkZSMQ8w
+DQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNvbWV3aGVyZTEVMBMGA1UECgwMRXhh
+bXBsZSBJbmMuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTEmMCQG
+A1UEAwwdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBALpWR23fn/TmHxsXsHdrydzPSd17fZkc71WsaicgQR66
+1tIVYb22UWGfj9KPM8THMsV74ew4ZkaQ39qvU0iuQIRrKARFHFok+vbaecgWMeWe
+vGIqdnmyB9gJYaFOKgtSkfXsu2ddsqdvLYwcDbczrq8X9yEXpN6mnxXeCcPG4F0p
+AgMBAAGjggE0MIIBMDAdBgNVHQ4EFgQUgigpdAUpONoDq0pQ3yfxrslCSpcwgcgG
+A1UdIwSBwDCBvYAUgigpdAUpONoDq0pQ3yfxrslCSpehgZmkgZYwgZMxCzAJBgNV
+BAYTAkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNvbWV3aGVyZTEVMBMG
+A1UECgwMRXhhbXBsZSBJbmMuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxl
+LmNvbTEmMCQGA1UEAwwdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCCQDJ
+5YC9XM7JozAMBgNVHRMEBTADAQH/MDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly93
+d3cuZXhhbXBsZS5jb20vZXhhbXBsZV9jYS5jcmwwDQYJKoZIhvcNAQELBQADgYEA
+euxOBPInSJRKAIseMxPmAabtAqKNslZSmpG4He3lkKt+HM3jfznUt3psmD7j1hFW
+S4l7KXzzajvaGYybDq5N9MqrDjhGn3VXZqOLMUNDL7OQq96TzgqsTBT1dmVSbNlt
+PQgiAeKAk3tmH4lRRi9MTBSyJ6I92JYcS5H6Bs4ZwCc=
+-----END CERTIFICATE-----
diff --git a/examples/wifi/wifi_eap_fast/main/component.mk b/examples/wifi/wifi_eap_fast/main/component.mk
new file mode 100644
index 0000000000..79d840e3d4
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/main/component.mk
@@ -0,0 +1,9 @@
+#
+# "main" pseudo-component makefile.
+#
+# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
+
+# embed files from the "certs" directory as binary data symbols
+# in the app
+COMPONENT_EMBED_TXTFILES := ca.pem
+COMPONENT_EMBED_TXTFILES += pac_file.pac
diff --git a/examples/wifi/wifi_eap_fast/main/pac_file.pac b/examples/wifi/wifi_eap_fast/main/pac_file.pac
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/examples/wifi/wifi_eap_fast/main/server.crt b/examples/wifi/wifi_eap_fast/main/server.crt
new file mode 100644
index 0000000000..0af6f1741f
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/main/server.crt
@@ -0,0 +1,70 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 47 (0x2f)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FR, ST=Radius, L=Somewhere, O=Example Inc./emailAddress=admin@example.com, CN=Example Certificate Authority
+        Validity
+            Not Before: Jun  7 08:06:49 2017 GMT
+            Not After : Jun  5 08:06:49 2027 GMT
+        Subject: C=FR, ST=Radius, O=Example Inc., CN=Example Server Certificate/emailAddress=admin@example.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c9:d8:e2:e0:75:91:83:87:d8:c8:80:c6:20:4d:
+                    e9:14:24:30:98:33:53:fa:56:0e:ec:9a:43:7f:87:
+                    a9:22:94:26:06:c7:ac:b5:d9:ec:55:06:81:b7:0d:
+                    c9:24:51:49:fa:47:fb:4b:4e:fc:ed:75:8a:e1:28:
+                    32:bc:c5:e0:4c:45:c4:58:60:15:67:1e:6b:40:19:
+                    3f:f0:ab:92:61:92:2d:71:10:2e:f2:eb:bc:81:2f:
+                    5a:3b:74:ca:5f:fd:e0:ee:d1:d9:07:6a:6c:20:c0:
+                    07:88:b4:8b:0f:ad:1e:c9:4f:7c:11:98:37:89:15:
+                    de:24:b1:11:1a:7c:97:4a:cf:f3:c8:cb:79:9e:9c:
+                    c3:71:da:a6:94:97:f5:95:fd:61:06:44:e2:3f:12:
+                    43:0b:1d:33:48:91:d2:ce:4f:97:a1:ed:6a:30:c7:
+                    5d:98:b5:6e:0a:b7:4f:d9:03:ec:80:76:09:b0:40:
+                    a1:a1:af:ab:2a:59:c4:0f:56:22:bc:be:14:be:18:
+                    df:10:7d:5d:22:bf:e5:04:77:7a:75:6b:3e:eb:6d:
+                    20:a1:a7:60:d4:f1:87:9d:9f:60:b9:d3:db:2c:25:
+                    f4:91:4a:f1:d2:40:e5:a1:10:88:a0:41:5a:98:40:
+                    ca:15:d7:e3:e6:3e:c0:6a:d5:46:b2:b4:90:b4:ae:
+                    3b:e3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Extended Key Usage:
+                TLS Web Server Authentication
+            X509v3 CRL Distribution Points:
+
+                Full Name:
+                  URI:http://www.example.com/example_ca.crl
+
+    Signature Algorithm: sha1WithRSAEncryption
+         a4:25:21:51:0b:22:6c:63:8d:a9:c1:4f:04:33:69:79:34:f0:
+         36:dd:8f:6a:27:5f:07:a2:1d:ef:8b:f0:96:e6:e7:a3:b8:3b:
+         85:5e:3f:26:43:8a:8e:95:58:9c:a6:db:9c:51:bf:ea:53:16:
+         3e:c1:a8:11:1a:c6:cf:0e:a1:17:18:64:d2:05:f1:c0:9c:a6:
+         2b:16:c4:29:54:03:d2:17:bd:15:74:d6:ad:8a:8f:2d:cc:27:
+         3b:88:88:f2:ea:d0:a2:cb:e9:42:57:df:26:9f:8a:a2:02:2f:
+         35:b6:19:1d:26:43:44:af:12:4b:bc:b9:84:50:02:fd:1d:fa:
+         50:e8
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIBLzANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMCRlIx
+DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRUwEwYDVQQKDAxF
+eGFtcGxlIEluYy4xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUuY29tMSYw
+JAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNzA2MDcw
+ODA2NDlaFw0yNzA2MDUwODA2NDlaMHwxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZS
+YWRpdXMxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEjMCEGA1UEAwwaRXhhbXBsZSBT
+ZXJ2ZXIgQ2VydGlmaWNhdGUxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu
+Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydji4HWRg4fYyIDG
+IE3pFCQwmDNT+lYO7JpDf4epIpQmBsestdnsVQaBtw3JJFFJ+kf7S0787XWK4Sgy
+vMXgTEXEWGAVZx5rQBk/8KuSYZItcRAu8uu8gS9aO3TKX/3g7tHZB2psIMAHiLSL
+D60eyU98EZg3iRXeJLERGnyXSs/zyMt5npzDcdqmlJf1lf1hBkTiPxJDCx0zSJHS
+zk+Xoe1qMMddmLVuCrdP2QPsgHYJsEChoa+rKlnED1YivL4UvhjfEH1dIr/lBHd6
+dWs+620goadg1PGHnZ9gudPbLCX0kUrx0kDloRCIoEFamEDKFdfj5j7AatVGsrSQ
+tK474wIDAQABo08wTTATBgNVHSUEDDAKBggrBgEFBQcDATA2BgNVHR8ELzAtMCug
+KaAnhiVodHRwOi8vd3d3LmV4YW1wbGUuY29tL2V4YW1wbGVfY2EuY3JsMA0GCSqG
+SIb3DQEBBQUAA4GBAKQlIVELImxjjanBTwQzaXk08Dbdj2onXweiHe+L8Jbm56O4
+O4VePyZDio6VWJym25xRv+pTFj7BqBEaxs8OoRcYZNIF8cCcpisWxClUA9IXvRV0
+1q2Kjy3MJzuIiPLq0KLL6UJX3yafiqICLzW2GR0mQ0SvEku8uYRQAv0d+lDo
+-----END CERTIFICATE-----
diff --git a/examples/wifi/wifi_eap_fast/main/server.key b/examples/wifi/wifi_eap_fast/main/server.key
new file mode 100644
index 0000000000..9b3433273e
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/main/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAydji4HWRg4fYyIDGIE3pFCQwmDNT+lYO7JpDf4epIpQmBses
+tdnsVQaBtw3JJFFJ+kf7S0787XWK4SgyvMXgTEXEWGAVZx5rQBk/8KuSYZItcRAu
+8uu8gS9aO3TKX/3g7tHZB2psIMAHiLSLD60eyU98EZg3iRXeJLERGnyXSs/zyMt5
+npzDcdqmlJf1lf1hBkTiPxJDCx0zSJHSzk+Xoe1qMMddmLVuCrdP2QPsgHYJsECh
+oa+rKlnED1YivL4UvhjfEH1dIr/lBHd6dWs+620goadg1PGHnZ9gudPbLCX0kUrx
+0kDloRCIoEFamEDKFdfj5j7AatVGsrSQtK474wIDAQABAoIBAQC2kGDEPBJdMSW2
+VCLfXRiPixwYzXQLXIMrJWwfkQg9qlmqkDd6U50aWkRA2UswegW7RhfYSZ0i+cmf
+VMhvTVpOIlwwwtcY6b5/v1bBy60eaySGuuh79xQMlFO8qynQIMStvUfbGTqrdIRb
+9VBB4YeS9T12fILejtTZwv2BQ2dj1Y1SCay6Ri85UzJqSClRKgHISybvVdLNjPvP
+0TRFBr57zyjL6WE8teKiKchzQko2u86No5uBCdKGsrAkrsdcR0YqlM/pZxd3VKNm
++eny0k+dZZlvcPxzkzP4hEp9+Rw5rP9/s3s/cCwvuuC5JO32ATBWKCbTvPv/XPDb
+MdSJtOshAoGBAPzk0eswkcbFYtpnpBNmBAr1dtAdW1lfjUI2ucMMwt7Wns0P/tt+
+gq6Hi1wTaGP0l/dIECgeHwjtWj31ZJjQtFJ1y/kafxo4o9cA8vCydpdvSZaldAfg
+sbLlDTDYzEpelaDIbNQBBXFoC5U9JlBhBsIFCL5Z8ZuIeFPsb7t5wwuHAoGBAMxT
+jyWfNm1uNxp1xgCnrRsLPQPVnURrSFAqcHrECqRu3F7sozTN7q/cZViemxPvVDGQ
+p9c+9bHwaYvW4trO5qDHJ++gGwm5L52bMAY1VUfeTt67fqrey43XpdmzcTX1V9Uj
+QWawPUCSDzFjL1MjfCIejtyYf5ash53vj+T8r/vFAoGAA/OPVB1uKazr3n3AEo2F
+gqZTNO1AgCT+EArK3EFWyiSQVqPpV4SihheYFdg3yVgJB9QYbIgL9BfBUTaEW97m
+8mLkzP+c/Mvlw3ZAVYJ0V+llPPVY2saoACOUES9SAdd4fwqiqK1baGo3xB0wfBEI
+CgAKIu9E1ylKuAT5ufQtGAECgYEAtP/kU5h5N3El4QupTdU7VDSdZTMqsHw0v8cI
+gsf9AXKvRmtrnBA8u46KPHmruHoO5CVXeSZtsaXdaaH+rYQQ6yXg67WxnehtFLlv
+TmCaXiLBTS9cYvMf8FOyuGnsBLeEietEOTov2G5KhR5uwsAxa2wUc7endor5S9/2
+YQuyvV0CgYALbiFpILd5l1ip65eE6JdA3hfttUbV2j2NSW12ej69vqbeOfaSgNse
+uYCcXFsBbQPhNPwA+4d1oCe8SyXZg1f7gE812z2Tyr/3vdVnNZlitoxhsHmGiyS7
+gZdaTYCb78l9z0EBdaCVvA16owEle4SR6f9eCwzSI0WPOUra+x/hrA==
+-----END RSA PRIVATE KEY-----
diff --git a/examples/wifi/wifi_eap_fast/main/server.pem b/examples/wifi/wifi_eap_fast/main/server.pem
new file mode 100644
index 0000000000..b6e3c0d16d
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/main/server.pem
@@ -0,0 +1,57 @@
+Bag Attributes
+    localKeyID: 63 3B C1 EE 3A 4A 9B 3E FF 9E E7 BC 17 50 D7 F7 B7 7E 3B C0
+subject=/C=FR/ST=Radius/O=Example Inc./CN=Example Server Certificate/emailAddress=admin@example.com
+issuer=/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin@example.com/CN=Example Certificate Authority
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAsKgAwIBAgIBLzANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMCRlIx
+DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRUwEwYDVQQKDAxF
+eGFtcGxlIEluYy4xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUuY29tMSYw
+JAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNzA2MDcw
+ODA2NDlaFw0yNzA2MDUwODA2NDlaMHwxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZS
+YWRpdXMxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEjMCEGA1UEAwwaRXhhbXBsZSBT
+ZXJ2ZXIgQ2VydGlmaWNhdGUxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu
+Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydji4HWRg4fYyIDG
+IE3pFCQwmDNT+lYO7JpDf4epIpQmBsestdnsVQaBtw3JJFFJ+kf7S0787XWK4Sgy
+vMXgTEXEWGAVZx5rQBk/8KuSYZItcRAu8uu8gS9aO3TKX/3g7tHZB2psIMAHiLSL
+D60eyU98EZg3iRXeJLERGnyXSs/zyMt5npzDcdqmlJf1lf1hBkTiPxJDCx0zSJHS
+zk+Xoe1qMMddmLVuCrdP2QPsgHYJsEChoa+rKlnED1YivL4UvhjfEH1dIr/lBHd6
+dWs+620goadg1PGHnZ9gudPbLCX0kUrx0kDloRCIoEFamEDKFdfj5j7AatVGsrSQ
+tK474wIDAQABo08wTTATBgNVHSUEDDAKBggrBgEFBQcDATA2BgNVHR8ELzAtMCug
+KaAnhiVodHRwOi8vd3d3LmV4YW1wbGUuY29tL2V4YW1wbGVfY2EuY3JsMA0GCSqG
+SIb3DQEBBQUAA4GBAKQlIVELImxjjanBTwQzaXk08Dbdj2onXweiHe+L8Jbm56O4
+O4VePyZDio6VWJym25xRv+pTFj7BqBEaxs8OoRcYZNIF8cCcpisWxClUA9IXvRV0
+1q2Kjy3MJzuIiPLq0KLL6UJX3yafiqICLzW2GR0mQ0SvEku8uYRQAv0d+lDo
+-----END CERTIFICATE-----
+Bag Attributes
+    localKeyID: 63 3B C1 EE 3A 4A 9B 3E FF 9E E7 BC 17 50 D7 F7 B7 7E 3B C0
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIzOJcU8NzjKACAggA
+MBQGCCqGSIb3DQMHBAjdK4dY0QgcrgSCBMgCv4euS7bxaRTMSXYliVA+UrAI0iJL
+oQgZ6cGFqXqasKu7K6BltLXaKJLX321gV2ofHHAxa1CWFwIgrv/bhci10cJr6BaL
+a3+5L5e/EO0eRKVzoplput9mTP27pcJSu8jN5jOu054oamzFKtgGcBuL9mRCAfVq
+JSCwbSUHPrwZX6jVDsLggrvE78SIXEYAQDfUrbvBY1kGNNV+U9v410SREYXI3q+8
+a4Paotf2HN5G0nvr0BSJUbY0NUe4AP1NfOM1VE8UiLL3LfZE3ZbOm6XsM8Mxf8rV
+BkDOzhErF/dXOE65b5xG4KfoXy78WN7OeJpjNgNUDUl1/3+bc++8f7ZBzOtVAjP7
+diDYU/UrQeLUrLVxTLD6C9J9HvbW5JCEa1FN+pKQKxeaQ9j/dDhJ7XI4ctaIIQui
+zrOTLEhBqC10TaNabLNVsLFCgFQMREBVYZoBYbFIZLT4FuRk5yaAYRDCrRKgqlu6
+61E0jOD/hDZIbBO/Vf94d+VaypeFonoz6SdrWgf4heN530d5fd5nOxElRl8LmUcH
+LriwJIXB7XCfwgjREceRQpjiqmWPl8hcfe9E2NzwldbE+eLN0mlXgRyLlU+eXova
+3r1u60Hb9ocLux3kHUXpZ+MomwkwqIn9qFC0U3KBGt7SmhUWypmoNUPiXP0U4Lno
+tynPBODzhDeRv2T0qxULc6OznDE3WOuy88B94/JXhB5D56bRb9FkkpHpmn8MP8SW
+fIV3cK/cBoGxgyk+IaL0aQbojFtyeyKbkrz1W3WnPtB3/kqd8USzpCvUBMBVG83D
+XzHcU/mRYO61BgyGv0VBXdBtPbmW1CK73eX7gc/uOtqhxUQc3g5hNZDL2rxPCpID
+alyGlSQxY8cPWJbYMPq2RHoJNDxnTbFhDm3mdOoTg5qK4+cUZMBqfq1kswXM9Z4p
+LSnIviRjpL4a7hhDVAJYOo29rBP+QNdt5CkyLNwjnDv+l8jHOMTP4t1RPvoQx6hc
+aOQOcSQnIqDgzot3//dnC2mBTQ66jsOnRPMMs9MQ4up6Wrc5PEt5avBi3B4AQC2Q
+TUjL6QAcMR5cJbkecp+5h7W5pUw3OYcYpg6G+unJVGSgZkye2lySGgNuRLmcYjVA
+gXfA9a8+HN/TFGHP668pZvHQrfV470ETnHhrh+NLN5AIDR+UFG8is7Xj7Ly2/5bN
+M3Q3AYSCb8P8/ZrV3Dfm3qoCoxuNYax0PYt/JBWXTtPG1SClUQg+yo8VMiNw877h
+IEdkg1QBxKWY5x+ThK79y+Cwub795ym9bYTwAtH8kpLmamoBT8UvgJumh0i8NGg3
+04B/oyg1P8/TxfbD0uaTPC+tmbIKVyHybTQL6/E0bs2knPp2Zyxno3yE3AI70msZ
+mGNuK9mkxITIUbijiRZyeQvZz/x/daYwQ0WuaXXpPQvKcFu7LyIEad8QpIqtSCax
+VS9Mtwe7zTCp0jmQDBGltlk1B2rUlQ5rxsFN6kJtBULdQc1TTj0NUp3ESeAE3A/l
+wE8fPzBht1OKghJqVndGoh01XhKJfpfaQ85CES0HzA6Nll8SQO0bn6u4SBZGEvBT
+pFarRrtS6KbulTDB3yBPrKgd1ZoBQv5/ScW8fPcLi55U6nhR28uu+zKy4yZFgOFR
+2KU=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c b/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c
new file mode 100644
index 0000000000..477c08cd29
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c
@@ -0,0 +1,148 @@
+/*
+ * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: CC0-1.0
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/event_groups.h"
+#include "esp_wifi.h"
+#include "esp_wpa2.h"
+#include "esp_event.h"
+#include "esp_log.h"
+#include "esp_system.h"
+#include "nvs_flash.h"
+#include "esp_netif.h"
+
+/* The examples use simple WiFi configuration that you can set via
+   project configuration menu.
+
+   If you'd rather not, just change the below entries to strings with
+   the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
+
+*/
+#define EXAMPLE_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
+
+#define EXAMPLE_EAP_ID CONFIG_EXAMPLE_EAP_ID
+#define EXAMPLE_EAP_USERNAME CONFIG_EXAMPLE_EAP_USERNAME
+#define EXAMPLE_EAP_PASSWORD CONFIG_EXAMPLE_EAP_PASSWORD
+
+/* FreeRTOS event group to signal when we are connected & ready to make a request */
+static EventGroupHandle_t wifi_event_group;
+
+/* esp netif object representing the WIFI station */
+static esp_netif_t *sta_netif = NULL;
+
+/* The event group allows multiple bits for each event,
+   but we only care about one event - are we connected
+   to the AP with an IP? */
+const int CONNECTED_BIT = BIT0;
+
+static const char *TAG = "example";
+
+/* CA cert, taken from ca.pem
+
+   To embed it in the app binary, the PEM, CRT and KEY file is named
+   in the component.mk COMPONENT_EMBED_TXTFILES variable.
+*/
+#if defined(CONFIG_EXAMPLE_VALIDATE_SERVER_CERT)
+extern uint8_t ca_pem_start[] asm("_binary_ca_pem_start");
+extern uint8_t ca_pem_end[]   asm("_binary_ca_pem_end");
+#endif
+extern uint8_t pac_file_pac_start[] asm("_binary_pac_file_pac_start");
+extern uint8_t pac_file_pac_end[] asm("_binary_pac_file_pac_end");
+
+static void event_handler(void* arg, esp_event_base_t event_base,
+                                int32_t event_id, void* event_data)
+{
+    if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) {
+        esp_wifi_connect();
+    } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) {
+        esp_wifi_connect();
+        xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
+    } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) {
+        xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
+    }
+}
+
+static void initialise_wifi(void)
+{
+#if defined(CONFIG_EXAMPLE_VALIDATE_SERVER_CERT)
+    unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start;
+#endif
+    unsigned int pac_file_bytes = pac_file_pac_end - pac_file_pac_start;
+
+    ESP_ERROR_CHECK(esp_netif_init());
+    wifi_event_group = xEventGroupCreate();
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+    sta_netif = esp_netif_create_default_wifi_sta();
+    assert(sta_netif);
+
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
+    ESP_ERROR_CHECK( esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL) );
+    ESP_ERROR_CHECK( esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL) );
+    ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
+    wifi_config_t wifi_config = {
+        .sta = {
+            .ssid = EXAMPLE_WIFI_SSID,
+#if defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE)
+            .pmf_cfg = {
+                .capable = true,
+                .required = false
+            },
+#endif
+        },
+    };
+    ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
+    ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
+    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) );
+
+#if defined(CONFIG_EXAMPLE_VALIDATE_SERVER_CERT) || \
+    defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE)
+    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ca_cert(ca_pem_start, ca_pem_bytes) );
+#endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */ /* EXAMPLE_WPA3_ENTERPRISE */
+
+    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)) );
+    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)) );
+    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_pac_file(pac_file_pac_start, pac_file_bytes - 1) );
+    esp_eap_fast_config eap_fast_config = {
+        .fast_provisioning = 2,
+        .fast_max_pac_list_len = 0,
+        .fast_pac_format_binary = false
+    };
+    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_fast_phase1_params(eap_fast_config) );
+
+    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_enable() );
+    ESP_ERROR_CHECK( esp_wifi_start() );
+}
+
+static void wpa2_enterprise_example_task(void *pvParameters)
+{
+    esp_netif_ip_info_t ip;
+    memset(&ip, 0, sizeof(esp_netif_ip_info_t));
+    vTaskDelay(2000 / portTICK_PERIOD_MS);
+
+    while (1) {
+        vTaskDelay(5000 / portTICK_PERIOD_MS);
+
+        if (esp_netif_get_ip_info(sta_netif, &ip) == 0) {
+            ESP_LOGI(TAG, "~~~~~~~~~~~");
+            ESP_LOGI(TAG, "IP:"IPSTR, IP2STR(&ip.ip));
+            ESP_LOGI(TAG, "MASK:"IPSTR, IP2STR(&ip.netmask));
+            ESP_LOGI(TAG, "GW:"IPSTR, IP2STR(&ip.gw));
+            ESP_LOGI(TAG, "~~~~~~~~~~~");
+        }
+    }
+}
+
+void app_main(void)
+{
+    ESP_ERROR_CHECK( nvs_flash_init() );
+    initialise_wifi();
+    xTaskCreate(&wpa2_enterprise_example_task, "wpa2_enterprise_example_task", 4096, NULL, 5, NULL);
+}
diff --git a/examples/wifi/wifi_eap_fast/sdkconfig.defaults b/examples/wifi/wifi_eap_fast/sdkconfig.defaults
new file mode 100644
index 0000000000..be56c7c496
--- /dev/null
+++ b/examples/wifi/wifi_eap_fast/sdkconfig.defaults
@@ -0,0 +1 @@
+CONFIG_WPA_MBEDTLS_CRYPTO=n