From 10e7abb579f136017921e962247a36c899f3953d Mon Sep 17 00:00:00 2001 From: Tom Price Date: Sun, 1 Nov 2020 07:40:18 +0000 Subject: [PATCH] Add support for WPA2-EAP enterprise WiFi to ESP8266s. (#1332) * Add support for WPA2-EAP enterprise WiFi to ESP8266s. This is fundamentally the same as on ESP32s only with different function names. Update config checker to remove requirement for ESP32 for EAP authentication. * Fix indent for clang --- esphome/components/wifi/__init__.py | 2 +- .../wifi/wifi_component_esp8266.cpp | 49 +++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/esphome/components/wifi/__init__.py b/esphome/components/wifi/__init__.py index 7e7ab468ff..4fe6929d75 100644 --- a/esphome/components/wifi/__init__.py +++ b/esphome/components/wifi/__init__.py @@ -60,7 +60,7 @@ STA_MANUAL_IP_SCHEMA = AP_MANUAL_IP_SCHEMA.extend({ cv.Optional(CONF_DNS2, default="0.0.0.0"): cv.ipv4, }) -EAP_AUTH_SCHEMA = cv.All(cv.only_on_esp32, cv.Schema({ +EAP_AUTH_SCHEMA = cv.All(cv.Schema({ cv.Optional(CONF_IDENTITY): cv.string_strict, cv.Optional(CONF_USERNAME): cv.string_strict, cv.Optional(CONF_PASSWORD): cv.string_strict, diff --git a/esphome/components/wifi/wifi_component_esp8266.cpp b/esphome/components/wifi/wifi_component_esp8266.cpp index efffff0abc..dee3d5a4a5 100644 --- a/esphome/components/wifi/wifi_component_esp8266.cpp +++ b/esphome/components/wifi/wifi_component_esp8266.cpp @@ -6,6 +6,9 @@ #include #include +#ifdef ESPHOME_WIFI_WPA2_EAP +#include +#endif extern "C" { #include "lwip/err.h" @@ -239,6 +242,52 @@ bool WiFiComponent::wifi_sta_connect_(WiFiAP ap) { return false; } + // setup enterprise authentication if required +#ifdef ESPHOME_WIFI_WPA2_EAP + if (ap.get_eap().has_value()) { + // note: all certificates and keys have to be null terminated. Lengths are appended by +1 to include \0. + EAPAuth eap = ap.get_eap().value(); + ret = wifi_station_set_enterprise_identity((uint8_t *) eap.identity.c_str(), eap.identity.length()); + if (ret) { + ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_identity failed! %d", ret); + } + int ca_cert_len = strlen(eap.ca_cert); + int client_cert_len = strlen(eap.client_cert); + int client_key_len = strlen(eap.client_key); + if (ca_cert_len) { + ret = wifi_station_set_enterprise_ca_cert((uint8_t *) eap.ca_cert, ca_cert_len + 1); + if (ret) { + ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_ca_cert failed! %d", ret); + } + } + // workout what type of EAP this is + // validation is not required as the config tool has already validated it + if (client_cert_len && client_key_len) { + // if we have certs, this must be EAP-TLS + ret = wifi_station_set_enterprise_cert_key((uint8_t *) eap.client_cert, client_cert_len + 1, + (uint8_t *) eap.client_key, client_key_len + 1, + (uint8_t *) eap.password.c_str(), strlen(eap.password.c_str())); + if (ret) { + ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_cert_key failed! %d", ret); + } + } else { + // in the absence of certs, assume this is username/password based + ret = wifi_station_set_enterprise_username((uint8_t *) eap.username.c_str(), eap.username.length()); + if (ret) { + ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_username failed! %d", ret); + } + ret = wifi_station_set_enterprise_password((uint8_t *) eap.password.c_str(), eap.password.length()); + if (ret) { + ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_password failed! %d", ret); + } + } + ret = wifi_station_set_wpa2_enterprise_auth(true); + if (ret) { + ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_enable failed! %d", ret); + } + } +#endif // ESPHOME_WIFI_WPA2_EAP + this->wifi_apply_hostname_(); ETS_UART_INTR_DISABLE();