WPA2 Enterprise - Explicitly set TTLS Phase 2 (#6436)

Co-authored-by: Jesse Hills <3060199+jesserockz@users.noreply.github.com>
This commit is contained in:
shxshxshxshx 2024-05-16 01:37:53 +02:00 committed by GitHub
parent 08509f7755
commit 2921831b55
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 42 additions and 0 deletions

View file

@ -33,6 +33,7 @@ from esphome.const import (
CONF_KEY,
CONF_USERNAME,
CONF_EAP,
CONF_TTLS_PHASE_2,
CONF_ON_CONNECT,
CONF_ON_DISCONNECT,
)
@ -98,6 +99,14 @@ STA_MANUAL_IP_SCHEMA = AP_MANUAL_IP_SCHEMA.extend(
}
)
TTLS_PHASE_2 = {
"pap": cg.global_ns.ESP_EAP_TTLS_PHASE2_PAP,
"chap": cg.global_ns.ESP_EAP_TTLS_PHASE2_CHAP,
"mschap": cg.global_ns.ESP_EAP_TTLS_PHASE2_MSCHAP,
"mschapv2": cg.global_ns.ESP_EAP_TTLS_PHASE2_MSCHAPV2,
"eap": cg.global_ns.ESP_EAP_TTLS_PHASE2_EAP,
}
EAP_AUTH_SCHEMA = cv.All(
cv.Schema(
{
@ -105,6 +114,9 @@ EAP_AUTH_SCHEMA = cv.All(
cv.Optional(CONF_USERNAME): cv.string_strict,
cv.Optional(CONF_PASSWORD): cv.string_strict,
cv.Optional(CONF_CERTIFICATE_AUTHORITY): wpa2_eap.validate_certificate,
cv.Optional(CONF_TTLS_PHASE_2): cv.All(
cv.enum(TTLS_PHASE_2), cv.only_with_esp_idf
),
cv.Inclusive(
CONF_CERTIFICATE, "certificate_and_key"
): wpa2_eap.validate_certificate,
@ -338,6 +350,7 @@ def eap_auth(config):
("ca_cert", ca_cert),
("client_cert", client_cert),
("client_key", key),
("ttls_phase_2", config.get(CONF_TTLS_PHASE_2, TTLS_PHASE_2["mschapv2"])),
)

View file

@ -1,5 +1,10 @@
#include "wifi_component.h"
#include <cinttypes>
#include <map>
#ifdef USE_ESP_IDF
#include <esp_wpa2.h>
#endif
#if defined(USE_ESP32) || defined(USE_ESP_IDF)
#include <esp_wifi.h>
@ -318,6 +323,16 @@ void WiFiComponent::start_connecting(const WiFiAP &ap, bool two) {
ESP_LOGV(TAG, " Identity: " LOG_SECRET("'%s'"), eap_config.identity.c_str());
ESP_LOGV(TAG, " Username: " LOG_SECRET("'%s'"), eap_config.username.c_str());
ESP_LOGV(TAG, " Password: " LOG_SECRET("'%s'"), eap_config.password.c_str());
#ifdef USE_ESP_IDF
#if ESPHOME_LOG_LEVEL >= ESPHOME_LOG_LEVEL_VERBOSE
std::map<esp_eap_ttls_phase2_types, std::string> phase2types = {{ESP_EAP_TTLS_PHASE2_PAP, "pap"},
{ESP_EAP_TTLS_PHASE2_CHAP, "chap"},
{ESP_EAP_TTLS_PHASE2_MSCHAP, "mschap"},
{ESP_EAP_TTLS_PHASE2_MSCHAPV2, "mschapv2"},
{ESP_EAP_TTLS_PHASE2_EAP, "eap"}};
ESP_LOGV(TAG, " TTLS Phase 2: " LOG_SECRET("'%s'"), phase2types[eap_config.ttls_phase_2].c_str());
#endif
#endif
bool ca_cert_present = eap_config.ca_cert != nullptr && strlen(eap_config.ca_cert);
bool client_cert_present = eap_config.client_cert != nullptr && strlen(eap_config.client_cert);
bool client_key_present = eap_config.client_key != nullptr && strlen(eap_config.client_key);

View file

@ -19,6 +19,10 @@
#include <WiFi.h>
#endif
#if defined(USE_ESP_IDF) && defined(USE_WIFI_WPA2_EAP)
#include <esp_wpa2.h>
#endif
#ifdef USE_ESP8266
#include <ESP8266WiFi.h>
#include <ESP8266WiFiType.h>
@ -102,6 +106,10 @@ struct EAPAuth {
// used for EAP-TLS
const char *client_cert;
const char *client_key;
// used for EAP-TTLS
#ifdef USE_ESP_IDF
esp_eap_ttls_phase2_types ttls_phase_2;
#endif
};
#endif // USE_WIFI_WPA2_EAP

View file

@ -396,6 +396,11 @@ bool WiFiComponent::wifi_sta_connect_(const WiFiAP &ap) {
if (err != ESP_OK) {
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_password failed! %d", err);
}
// set TTLS Phase 2, defaults to MSCHAPV2
err = esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(eap.ttls_phase_2);
if (err != ESP_OK) {
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_ttls_phase2_method failed! %d", err);
}
}
err = esp_wifi_sta_wpa2_ent_enable();
if (err != ESP_OK) {

View file

@ -856,6 +856,7 @@ CONF_TRANSFORM = "transform"
CONF_TRANSITION_LENGTH = "transition_length"
CONF_TRIGGER_ID = "trigger_id"
CONF_TRIGGER_PIN = "trigger_pin"
CONF_TTLS_PHASE_2 = "ttls_phase_2"
CONF_TUNE_ANTENNA = "tune_antenna"
CONF_TURN_OFF_ACTION = "turn_off_action"
CONF_TURN_ON_ACTION = "turn_on_action"