sascha/esphome
1
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2025-10-31 15:12:06 +00:00
Code Issues Releases Wiki Activity

Add support for WPA2-EAP enterprise WiFi to ESP8266s. (#1332)

Browse Source 
* Add support for WPA2-EAP enterprise WiFi to ESP8266s.

This is fundamentally the same as on ESP32s only with different function names.

Update config checker to remove requirement for ESP32 for EAP authentication.

* Fix indent for clang
This commit is contained in:
Tom Price
2020-11-01 07:40:18 +00:00
committed by GitHub
parent d3f03b7acb
commit 10e7abb579
2 changed files with 50 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
esphome/components/wifi/__init__.py
View File

@@ -60,7 +60,7 @@ STA_MANUAL_IP_SCHEMA = AP_MANUAL_IP_SCHEMA.extend({
cv.Optional(CONF_DNS2, default="0.0.0.0"): cv.ipv4, cv.Optional(CONF_DNS2, default="0.0.0.0"): cv.ipv4,
}) })
EAP_AUTH_SCHEMA = cv.All(cv.only_on_esp32, cv.Schema({ EAP_AUTH_SCHEMA = cv.All(cv.Schema({
cv.Optional(CONF_IDENTITY): cv.string_strict, cv.Optional(CONF_IDENTITY): cv.string_strict,
cv.Optional(CONF_USERNAME): cv.string_strict, cv.Optional(CONF_USERNAME): cv.string_strict,
cv.Optional(CONF_PASSWORD): cv.string_strict, cv.Optional(CONF_PASSWORD): cv.string_strict,

49
esphome/components/wifi/wifi_component_esp8266.cpp
View File

@@ -6,6 +6,9 @@
#include <utility> #include <utility>
#include <algorithm> #include <algorithm>
#ifdef ESPHOME_WIFI_WPA2_EAP
#include <wpa2_enterprise.h>
#endif
extern "C" { extern "C" {
#include "lwip/err.h" #include "lwip/err.h"
@@ -239,6 +242,52 @@ bool WiFiComponent::wifi_sta_connect_(WiFiAP ap) {
return false; return false;
} }
// setup enterprise authentication if required
#ifdef ESPHOME_WIFI_WPA2_EAP
if (ap.get_eap().has_value()) {
// note: all certificates and keys have to be null terminated. Lengths are appended by +1 to include \0.
EAPAuth eap = ap.get_eap().value();
ret = wifi_station_set_enterprise_identity((uint8_t *) eap.identity.c_str(), eap.identity.length());
if (ret) {
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_identity failed! %d", ret);
}
int ca_cert_len = strlen(eap.ca_cert);
int client_cert_len = strlen(eap.client_cert);
int client_key_len = strlen(eap.client_key);
if (ca_cert_len) {
ret = wifi_station_set_enterprise_ca_cert((uint8_t *) eap.ca_cert, ca_cert_len + 1);
if (ret) {
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_ca_cert failed! %d", ret);
}
}
// workout what type of EAP this is
// validation is not required as the config tool has already validated it
if (client_cert_len && client_key_len) {
// if we have certs, this must be EAP-TLS
ret = wifi_station_set_enterprise_cert_key((uint8_t *) eap.client_cert, client_cert_len + 1,
(uint8_t *) eap.client_key, client_key_len + 1,
(uint8_t *) eap.password.c_str(), strlen(eap.password.c_str()));
if (ret) {
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_cert_key failed! %d", ret);
}
} else {
// in the absence of certs, assume this is username/password based
ret = wifi_station_set_enterprise_username((uint8_t *) eap.username.c_str(), eap.username.length());
if (ret) {
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_username failed! %d", ret);
}
ret = wifi_station_set_enterprise_password((uint8_t *) eap.password.c_str(), eap.password.length());
if (ret) {
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_set_password failed! %d", ret);
}
}
ret = wifi_station_set_wpa2_enterprise_auth(true);
if (ret) {
ESP_LOGV(TAG, "esp_wifi_sta_wpa2_ent_enable failed! %d", ret);
}
}
#endif // ESPHOME_WIFI_WPA2_EAP
this->wifi_apply_hostname_(); this->wifi_apply_hostname_();
ETS_UART_INTR_DISABLE(); ETS_UART_INTR_DISABLE();