1 // Hardware crypto support Copyright 2019 Espressif Systems (Shanghai) PTE LTD
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef _ESP_WPA2_H
16 #define _ESP_WPA2_H
17 
18 #include <stdbool.h>
19 
20 #include "esp_err.h"
21 
22 typedef enum {
23     ESP_EAP_TTLS_PHASE2_EAP,
24     ESP_EAP_TTLS_PHASE2_MSCHAPV2,
25     ESP_EAP_TTLS_PHASE2_MSCHAP,
26     ESP_EAP_TTLS_PHASE2_PAP,
27     ESP_EAP_TTLS_PHASE2_CHAP
28 } esp_eap_ttls_phase2_types ;
29 
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33 
34 /**
35   * @brief  Enable wpa2 enterprise authentication.
36   *
37   * @attention 1. wpa2 enterprise authentication can only be used when ESP32 station is enabled.
38   * @attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method.
39   *
40   * @return
41   *    - ESP_OK: succeed.
42   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
43   */
44 esp_err_t esp_wifi_sta_wpa2_ent_enable(void);
45 
46 /**
47   * @brief  Disable wpa2 enterprise authentication.
48   *
49   * @attention 1. wpa2 enterprise authentication can only be used when ESP32 station is enabled.
50   * @attention 2. wpa2 enterprise authentication can only support TLS, PEAP-MSCHAPv2 and TTLS-MSCHAPv2 method.
51   *
52   * @return
53   *    - ESP_OK: succeed.
54   */
55 esp_err_t esp_wifi_sta_wpa2_ent_disable(void);
56 
57 /**
58   * @brief  Set identity for PEAP/TTLS method.
59   *
60   * @attention The API only passes the parameter identity to the global pointer variable in wpa2 enterprise module.
61   *
62   * @param  identity: point to address where stores the identity;
63   * @param  len: length of identity, limited to 1~127
64   *
65   * @return
66   *    - ESP_OK: succeed
67   *    - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128)
68   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
69   */
70 esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len);
71 
72 /**
73   * @brief  Clear identity for PEAP/TTLS method.
74   */
75 void esp_wifi_sta_wpa2_ent_clear_identity(void);
76 
77 /**
78   * @brief  Set username for PEAP/TTLS method.
79   *
80   * @attention The API only passes the parameter username to the global pointer variable in wpa2 enterprise module.
81   *
82   * @param  username: point to address where stores the username;
83   * @param  len: length of username, limited to 1~127
84   *
85   * @return
86   *    - ESP_OK: succeed
87   *    - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128)
88   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
89   */
90 esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len);
91 
92 /**
93   * @brief  Clear username for PEAP/TTLS method.
94   */
95 void esp_wifi_sta_wpa2_ent_clear_username(void);
96 
97 /**
98   * @brief  Set password for PEAP/TTLS method..
99   *
100   * @attention The API only passes the parameter password to the global pointer variable in wpa2 enterprise module.
101   *
102   * @param  password: point to address where stores the password;
103   * @param  len: length of password(len > 0)
104   *
105   * @return
106   *    - ESP_OK: succeed
107   *    - ESP_ERR_INVALID_ARG: fail(len <= 0)
108   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
109   */
110 esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len);
111 
112 /**
113   * @brief  Clear password for PEAP/TTLS method..
114   */
115 void esp_wifi_sta_wpa2_ent_clear_password(void);
116 
117 /**
118   * @brief  Set new password for MSCHAPv2 method..
119   *
120   * @attention 1. The API only passes the parameter password to the global pointer variable in wpa2 enterprise module.
121   * @attention 2. The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received.
122   *
123   * @param  new_password: point to address where stores the password;
124   * @param  len: length of password
125   *
126   * @return
127   *    - ESP_OK: succeed
128   *    - ESP_ERR_INVALID_ARG: fail(len <= 0)
129   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
130   */
131 
132 esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len);
133 
134 /**
135   * @brief  Clear new password for MSCHAPv2 method..
136   */
137 void esp_wifi_sta_wpa2_ent_clear_new_password(void);
138 
139 /**
140   * @brief  Set CA certificate for PEAP/TTLS method.
141   *
142   * @attention 1. The API only passes the parameter ca_cert to the global pointer variable in wpa2 enterprise module.
143   * @attention 2. The ca_cert should be zero terminated.
144   *
145   * @param  ca_cert: point to address where stores the CA certificate;
146   * @param  ca_cert_len: length of ca_cert
147   *
148   * @return
149   *    - ESP_OK: succeed
150   */
151 esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len);
152 
153 /**
154   * @brief  Clear CA certificate for PEAP/TTLS method.
155   */
156 void esp_wifi_sta_wpa2_ent_clear_ca_cert(void);
157 
158 /**
159   * @brief  Set client certificate and key.
160   *
161   * @attention 1. The API only passes the parameter client_cert, private_key and private_key_passwd to the global pointer variable in wpa2 enterprise module.
162   * @attention 2. The client_cert, private_key and private_key_passwd should be zero terminated.
163   *
164   * @param  client_cert: point to address where stores the client certificate;
165   * @param  client_cert_len: length of client certificate;
166   * @param  private_key: point to address where stores the private key;
167   * @param  private_key_len: length of private key, limited to 1~2048;
168   * @param  private_key_password: point to address where stores the private key password;
169   * @param  private_key_password_len: length of private key password;
170   *
171   * @return
172   *    - ESP_OK: succeed
173   */
174 esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len);
175 
176 /**
177   * @brief  Clear client certificate and key.
178   */
179 void esp_wifi_sta_wpa2_ent_clear_cert_key(void);
180 
181 /**
182   * @brief  Set wpa2 enterprise certs time check(disable or not).
183   *
184   * @param  true: disable wpa2 enterprise certs time check
185   * @param  false: enable wpa2 enterprise certs time check
186   *
187   * @return
188   *    - ESP_OK: succeed
189   */
190 esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable);
191 
192 /**
193   * @brief  Get wpa2 enterprise certs time check(disable or not).
194   *
195   * @param  disable: store disable value
196   *
197   * @return
198   *    - ESP_OK: succeed
199   */
200 esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable);
201 
202 /**
203   * @brief  Set wpa2 enterprise ttls phase2 method
204   *
205   * @param  type: the type of phase 2 method to be used
206   *
207   * @return
208   *    - ESP_OK: succeed
209   */
210 esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type);
211 
212 #ifdef __cplusplus
213 }
214 #endif
215 #endif
216