Merge branch 'feature/rename_wpa2_ent_to_eap_client' into 'master'

WiFi: Rename WPA2 enterprise APIs to EAP Client.

See merge request espressif/esp-idf!25233

components/esp_wifi/Kconfig

@@ -281,7 +281,7 @@ menu "Wi-Fi"
     config ESP_WIFI_ENABLE_WPA3_SAE
         bool "Enable WPA3-Personal"
         default y
-        depends on ESP_WIFI_MBEDTLS_CRYPTO
+        select ESP_WIFI_MBEDTLS_CRYPTO
         help
             Select this option to allow the device to establish a WPA3-Personal connection with eligible AP's.
             PMF (Protected Management Frames) is a prerequisite feature for a WPA3 connection, it needs to be
@@ -465,9 +465,16 @@ menu "Wi-Fi"
         select MBEDTLS_ECP_C
         select MBEDTLS_ECDH_C
         select MBEDTLS_ECDSA_C
-        select MBEDTLS_TLS_ENABLED
+        select MBEDTLS_CMAC_C
+        select MBEDTLS_ECP_DP_SECP256R1_ENABLED
         help
-            Select this option to use MbedTLS crypto APIs which utilize hardware acceleration.
+            Select this option to enable the use of MbedTLS crypto APIs.
+            The internal crypto support within the supplicant is limited
+            and may not suffice for all new security features, including WPA3.
+
+            It is recommended to always keep this option enabled. Additionally,
+            note that MbedTLS can leverage hardware acceleration if available,
+            resulting in significantly faster cryptographic operations.
 
     if ESP_WIFI_MBEDTLS_CRYPTO
         config ESP_WIFI_MBEDTLS_TLS_CLIENT
@@ -493,6 +500,7 @@ menu "Wi-Fi"
     config ESP_WIFI_SUITE_B_192
         bool "Enable NSA suite B support with 192 bit key"
         default n
+        depends on SOC_WIFI_GCMP_SUPPORT
         select ESP_WIFI_GCMP_SUPPORT
         select ESP_WIFI_GMAC_SUPPORT
         help

components/wpa_supplicant/CMakeLists.txt

@@ -61,7 +61,8 @@ set(srcs "port/os_xtensa.c"
     "src/wps/wps_dev_attr.c"
     "src/wps/wps_enrollee.c")
 
-set(esp_srcs "esp_supplicant/src/esp_wpa2.c"
+set(esp_srcs "esp_supplicant/src/esp_eap_client.c"
+    "esp_supplicant/src/esp_wpa2_api_port.c"
     "esp_supplicant/src/esp_wpa_main.c"
     "esp_supplicant/src/esp_wpas_glue.c"
     "esp_supplicant/src/esp_common.c"

components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h

@@ -0,0 +1,326 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#pragma once
+
+#include <stdbool.h>
+#include "esp_err.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Enumeration of phase 2 authentication types for EAP-TTLS.
+ *
+ * This enumeration defines the supported phase 2 authentication methods
+ * that can be used in the EAP-TTLS (Extensible Authentication Protocol -
+ * Tunneled Transport Layer Security) protocol for the second authentication
+ * phase.
+ */
+typedef enum {
+    ESP_EAP_TTLS_PHASE2_EAP,        /**< EAP (Extensible Authentication Protocol) */
+    ESP_EAP_TTLS_PHASE2_MSCHAPV2,   /**< MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol - Version 2) */
+    ESP_EAP_TTLS_PHASE2_MSCHAP,     /**< MS-CHAP (Microsoft Challenge Handshake Authentication Protocol) */
+    ESP_EAP_TTLS_PHASE2_PAP,        /**< PAP (Password Authentication Protocol) */
+    ESP_EAP_TTLS_PHASE2_CHAP        /**< CHAP (Challenge Handshake Authentication Protocol) */
+} esp_eap_ttls_phase2_types;
+
+/**
+ * @brief Configuration settings for EAP-FAST
+ *        (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling).
+ *
+ * This structure defines the configuration options that can be used to customize the behavior of the
+ * EAP-FAST authentication protocol, specifically for Fast Provisioning and PAC (Protected Access Credential) handling.
+ */
+typedef struct {
+    int fast_provisioning;        /**< Enable or disable Fast Provisioning in EAP-FAST (0 = disabled, 1 = enabled) */
+    int fast_max_pac_list_len;    /**< Maximum length of the PAC (Protected Access Credential) list */
+    bool fast_pac_format_binary;  /**< Set to true for binary format PAC, false for ASCII format PAC */
+} esp_eap_fast_config;
+
+
+/**
+ * @brief Enable EAP authentication(WiFi Enterprise) for the station mode.
+ *
+ * This function enables Extensible Authentication Protocol (EAP) authentication
+ * for the Wi-Fi station mode. When EAP authentication is enabled, the ESP device
+ * will attempt to authenticate with the configured EAP credentials when connecting
+ * to a secure Wi-Fi network.
+ *
+ * @note Before calling this function, ensure that the Wi-Fi configuration and EAP
+ * credentials (such as username and password) have been properly set using the
+ * appropriate configuration APIs.
+ *
+ * @return
+ *    - ESP_OK: EAP authentication enabled successfully.
+ *    - ESP_ERR_NO_MEM: Failed to enable EAP authentication due to memory allocation failure.
+ */
+esp_err_t esp_wifi_sta_enterprise_enable(void);
+
+
+/**
+ * @brief Disable EAP authentication(WiFi Enterprise) for the station mode.
+ *
+ * This function disables Extensible Authentication Protocol (EAP) authentication
+ * for the Wi-Fi station mode. When EAP authentication is disabled, the ESP device
+ * will not attempt to authenticate using EAP credentials when connecting to a
+ * secure Wi-Fi network.
+ *
+ * @note Disabling EAP authentication may cause the device to connect to the Wi-Fi
+ * network using other available authentication methods, if configured using esp_wifi_set_config().
+ *
+ * @return
+ *    - ESP_OK: EAP authentication disabled successfully.
+ *    - ESP_ERR_INVALID_STATE: EAP client is in an invalid state for disabling.
+ */
+esp_err_t esp_wifi_sta_enterprise_disable(void);
+
+/**
+ * @brief Set identity for PEAP/TTLS authentication method.
+ *
+ * This function sets the identity to be used during PEAP/TTLS authentication.
+ *
+ * @param[in] identity Pointer to the identity data.
+ * @param[in] len      Length of the identity data (limited to 1~127 bytes).
+ *
+ * @return
+ *    - ESP_OK: The identity was set successfully.
+ *    - ESP_ERR_INVALID_ARG: Invalid argument (len <= 0 or len >= 128).
+ *    - ESP_ERR_NO_MEM: Memory allocation failure.
+ */
+esp_err_t esp_eap_client_set_identity(const unsigned char *identity, int len);
+
+/**
+ * @brief Clear the previously set identity for PEAP/TTLS authentication.
+ *
+ * This function clears the identity that was previously set for the EAP client.
+ * After calling this function, the EAP client will no longer use the previously
+ * configured identity during the authentication process.
+ */
+void esp_eap_client_clear_identity(void);
+
+/**
+ * @brief Set username for PEAP/TTLS authentication method.
+ *
+ * This function sets the username to be used during PEAP/TTLS authentication.
+ *
+ * @param[in] username Pointer to the username data.
+ * @param[in] len      Length of the username data (limited to 1~127 bytes).
+ *
+ * @return
+ *    - ESP_OK: The username was set successfully.
+ *    - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0 or len >= 128).
+ *    - ESP_ERR_NO_MEM: Failed due to memory allocation failure.
+ */
+esp_err_t esp_eap_client_set_username(const unsigned char *username, int len);
+
+/**
+ * @brief Clear username for PEAP/TTLS method.
+ *
+ * This function clears the previously set username for the EAP client.
+ */
+void esp_eap_client_clear_username(void);
+
+/**
+ * @brief Set password for PEAP/TTLS authentication method.
+ *
+ * This function sets the password to be used during PEAP/TTLS authentication.
+ *
+ * @param[in] password Pointer to the password data.
+ * @param[in] len      Length of the password data (len > 0).
+ *
+ * @return
+ *    - ESP_OK: The password was set successfully.
+ *    - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0).
+ *    - ESP_ERR_NO_MEM: Failed due to memory allocation failure.
+ */
+esp_err_t esp_eap_client_set_password(const unsigned char *password, int len);
+
+/**
+ * @brief Clear password for PEAP/TTLS method.
+ *
+ * This function clears the previously set password for the EAP client.
+ */
+void esp_eap_client_clear_password(void);
+
+/**
+ * @brief Set a new password for MSCHAPv2 authentication method.
+ *
+ * This function sets the new password to be used during MSCHAPv2 authentication.
+ * The new password is used to substitute the old password when an eap-mschapv2 failure request
+ * message with error code ERROR_PASSWD_EXPIRED is received.
+ *
+ * @param[in] new_password Pointer to the new password data.
+ * @param[in] len          Length of the new password data.
+ *
+ * @return
+ *    - ESP_OK: The new password was set successfully.
+ *    - ESP_ERR_INVALID_ARG: Failed due to an invalid argument (len <= 0).
+ *    - ESP_ERR_NO_MEM: Failed due to memory allocation failure.
+ */
+esp_err_t esp_eap_client_set_new_password(const unsigned char *new_password, int len);
+
+/**
+ * @brief Clear new password for MSCHAPv2 method.
+ *
+ * This function clears the previously set new password for the EAP client.
+ */
+void esp_eap_client_clear_new_password(void);
+
+/**
+ * @brief Set CA certificate for EAP authentication.
+ *
+ * This function sets the Certificate Authority (CA) certificate to be used during EAP authentication.
+ * The CA certificate is passed to the EAP client module through a global pointer.
+ *
+ * @param[in] ca_cert     Pointer to the CA certificate data.
+ * @param[in] ca_cert_len Length of the CA certificate data.
+ *
+ * @return
+ *    - ESP_OK: The CA certificate was set successfully.
+ */
+esp_err_t esp_eap_client_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len);
+
+/**
+ * @brief Clear the previously set Certificate Authority (CA) certificate for EAP authentication.
+ *
+ * This function clears the CA certificate that was previously set for the EAP client.
+ * After calling this function, the EAP client will no longer use the previously
+ * configured CA certificate during the authentication process.
+ */
+void esp_eap_client_clear_ca_cert(void);
+
+/**
+ * @brief Set client certificate and private key for EAP authentication.
+ *
+ * This function sets the client certificate and private key to be used during authentication.
+ * Optionally, a private key password can be provided for encrypted private keys.
+ *
+ * @attention 1. The client certificate, private key, and private key password are provided as pointers
+ *              to the respective data arrays.
+ * @attention 2. The client_cert, private_key, and private_key_password should be zero-terminated.
+ *
+ * @param[in] client_cert           Pointer to the client certificate data.
+ * @param[in] client_cert_len       Length of the client certificate data.
+ * @param[in] private_key           Pointer to the private key data.
+ * @param[in] private_key_len       Length of the private key data (limited to 1~4096 bytes).
+ * @param[in] private_key_password  Pointer to the private key password data (optional).
+ * @param[in] private_key_passwd_len Length of the private key password data (can be 0 for no password).
+ *
+ * @return
+ *    - ESP_OK: The certificate, private key, and password (if provided) were set successfully.
+ */
+esp_err_t esp_eap_client_set_certificate_and_key(const unsigned char *client_cert, int client_cert_len,
+                                                 const unsigned char *private_key, int private_key_len,
+                                                 const unsigned char *private_key_password, int private_key_passwd_len);
+
+/**
+ * @brief Clear the previously set client certificate and private key for EAP authentication.
+ *
+ * This function clears the client certificate and private key that were previously set
+ * for the EAP client. After calling this function, the EAP client will no longer use the
+ * previously configured certificate and private key during the authentication process.
+ */
+void esp_eap_client_clear_certificate_and_key(void);
+
+/**
+ * @brief Set EAP client certificates time check (disable or not).
+ *
+ * This function enables or disables the time check for EAP client certificates.
+ * When disabled, the certificates' expiration time will not be checked during the authentication process.
+ *
+ * @param[in] disable True to disable EAP client certificates time check, false to enable it.
+ *
+ * @return
+ *    - ESP_OK: The EAP client certificates time check setting was updated successfully.
+ */
+esp_err_t esp_eap_client_set_disable_time_check(bool disable);
+
+/**
+ * @brief Get EAP client certificates time check status.
+ *
+ * This function retrieves the current status of the EAP client certificates time check.
+ *
+ * @param[out] disable Pointer to a boolean variable to store the disable status.
+ *
+ * @return
+ *    - ESP_OK: The status of EAP client certificates time check was retrieved successfully.
+ */
+esp_err_t esp_eap_client_get_disable_time_check(bool *disable);
+
+/**
+ * @brief Set EAP-TTLS phase 2 method.
+ *
+ * This function sets the phase 2 method to be used during EAP-TTLS authentication.
+ *
+ * @param[in] type The type of phase 2 method to be used (e.g., EAP, MSCHAPv2, MSCHAP, PAP, CHAP).
+ *
+ * @return
+ *    - ESP_OK: The EAP-TTLS phase 2 method was set successfully.
+ */
+esp_err_t esp_eap_client_set_ttls_phase2_method(esp_eap_ttls_phase2_types type);
+
+/**
+ * @brief Enable or disable Suite-B 192-bit certification checks.
+ *
+ * This function enables or disables the 192-bit Suite-B certification checks during EAP-TLS authentication.
+ * Suite-B is a set of cryptographic algorithms which generally are considered more secure.
+ *
+ * @param[in] enable True to enable 192-bit Suite-B certification checks, false to disable it.
+ *
+ * @return
+ *    - ESP_OK: The 192-bit Suite-B certification checks were set successfully.
+ */
+esp_err_t esp_eap_client_set_suiteb_192bit_certification(bool enable);
+
+/**
+ * @brief Set the PAC (Protected Access Credential) file for EAP-FAST authentication.
+ *
+ * EAP-FAST requires a PAC file that contains the client's credentials.
+ *
+ * @attention  1. For files read from the file system, length has to be decremented by 1 byte.
+ * @attention  2. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST.
+ *
+ * @param[in] pac_file     Pointer to the PAC file buffer.
+ * @param[in] pac_file_len Length of the PAC file buffer.
+ *
+ * @return
+ *    - ESP_OK: The PAC file for EAP-FAST authentication was set successfully.
+ */
+esp_err_t esp_eap_client_set_pac_file(const unsigned char *pac_file, int pac_file_len);
+
+/**
+ * @brief Set the parameters for EAP-FAST Phase 1 authentication.
+ *
+ * EAP-FAST supports Fast Provisioning, where clients can be authenticated faster using precomputed keys (PAC).
+ * This function allows configuring parameters for Fast Provisioning.
+ *
+ * @attention  1. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST.
+ *
+ * @param[in] config Configuration structure with Fast Provisioning parameters.
+ *
+ * @return
+ *    - ESP_OK: The parameters for EAP-FAST Phase 1 authentication were set successfully.
+ */
+esp_err_t esp_eap_client_set_fast_params(esp_eap_fast_config config);
+
+/**
+ * @brief Use the default certificate bundle for EAP authentication.
+ *
+ * By default, the EAP client uses a built-in certificate bundle for server verification.
+ * Enabling this option allows the use of the default certificate bundle.
+ *
+ * @param[in] use_default_bundle True to use the default certificate bundle, false to use a custom bundle.
+ *
+ * @return
+ *    - ESP_OK: The option to use the default certificate bundle was set successfully.
+ */
+esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle);
+
+#ifdef __cplusplus
+}
+#endif

components/wpa_supplicant/esp_supplicant/include/esp_mbo.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -13,39 +13,41 @@ extern "C" {
 #endif
 
 /**
-  * enum non_pref_chan_reason: Reason for non preference of channel
-  */
+ * @brief Enumeration of reasons for a channel being non-preferred in a wireless network.
+ *
+ * This enumeration defines various reasons why a specific channel might be considered non-preferred
+ * in a wireless network configuration.
+ */
 enum non_pref_chan_reason {
-	NON_PREF_CHAN_REASON_UNSPECIFIED = 0,
-	NON_PREF_CHAN_REASON_RSSI = 1,
-	NON_PREF_CHAN_REASON_EXT_INTERFERENCE = 2,
-	NON_PREF_CHAN_REASON_INT_INTERFERENCE = 3,
+    NON_PREF_CHAN_REASON_UNSPECIFIED = 0,      /**< Unspecified reason for non-preference */
+    NON_PREF_CHAN_REASON_RSSI = 1,             /**< Non-preferred due to low RSSI (Received Signal Strength Indication) */
+    NON_PREF_CHAN_REASON_EXT_INTERFERENCE = 2, /**< Non-preferred due to external interference */
+    NON_PREF_CHAN_REASON_INT_INTERFERENCE = 3, /**< Non-preferred due to internal interference */
 };
 
 /**
-  * @brief  Channel structure for non preferred channel
-  *
-  * @param  reason: enum non_pref_chan_reason
-  * @param  oper_class: operating class for the channel
-  * @param  chan: channel number
-  * @param  preference: channel preference
-  */
+ * @brief Structure representing a non-preferred channel in a wireless network.
+ *
+ * This structure encapsulates information about a non-preferred channel
+ * including the reason for its non-preference, the operating class, channel number, and preference level.
+ */
 struct non_pref_chan {
-	enum non_pref_chan_reason reason;
-	uint8_t oper_class;
-	uint8_t chan;
-	uint8_t preference;
+    enum non_pref_chan_reason reason; /**< Reason for the channel being non-preferred */
+    uint8_t oper_class;               /**< Operating class of the channel */
+    uint8_t chan;                     /**< Channel number */
+    uint8_t preference;               /**< Preference level of the channel */
 };
 
 /**
-  * @brief  Array structure for non preferred channel struct
-  *
-  * @param  non_pref_chan_num: channel count
-  * @param  chan: array of non_pref_chan type
-  */
+ * @brief Structure representing a list of non-preferred channels in a wireless network.
+ *
+ * This structure encapsulates information about a list of non-preferred channels
+ * including the number of non-preferred channels and an array of structures
+ * representing individual non-preferred channels.
+ */
 struct non_pref_chan_s {
-	size_t non_pref_chan_num;
-	struct non_pref_chan chan[];
+    size_t non_pref_chan_num; /**< Number of non-preferred channels in the list */
+    struct non_pref_chan chan[]; /**< Array of structures representing individual non-preferred channels */
 };
 
 /**

components/wpa_supplicant/esp_supplicant/include/esp_wpa2.h

@@ -7,31 +7,16 @@
 #ifndef _ESP_WPA2_H
 #define _ESP_WPA2_H
 
-#include <stdbool.h>
+#pragma message("esp_wpa2.h is deprecated. Use esp_eap_client.h instead.")
 
-#include "esp_err.h"
-
-typedef enum {
-    ESP_EAP_TTLS_PHASE2_EAP,
-    ESP_EAP_TTLS_PHASE2_MSCHAPV2,
-    ESP_EAP_TTLS_PHASE2_MSCHAP,
-    ESP_EAP_TTLS_PHASE2_PAP,
-    ESP_EAP_TTLS_PHASE2_CHAP
-} esp_eap_ttls_phase2_types;
-
-typedef struct {
-   int fast_provisioning;
-   int fast_max_pac_list_len;
-   bool fast_pac_format_binary;
-} esp_eap_fast_config;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
+#include "esp_eap_client.h"
 
 /**
   * @brief  Enable wpa2 enterprise authentication.
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_wifi_sta_enterprise_enable()` instead.
+  *
   * @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled.
   * @attention 2. wpa2 enterprise authentication supports EAP-FAST, TLS, PEAP, TTLS(EAP, MSCHAPv2, MSCHAP, PAP, CHAP) methods.
   *
@@ -39,22 +24,30 @@ extern "C" {
   *    - ESP_OK: succeed.
   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
   */
+__attribute__((deprecated("Use 'esp_wifi_sta_enterprise_enable' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_enable(void);
 
 /**
   * @brief  Disable wpa2 enterprise authentication.
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_wifi_sta_enterprise_disable()` instead.
+  *
   * @attention 1. wpa2 enterprise authentication can only be used when station mode is enabled.
   * @attention 2. wpa2 enterprise authentication supports EAP-FAST, TLS, PEAP, TTLS(EAP, MSCHAPv2, MSCHAP, PAP, CHAP) methods.
   *
   * @return
   *    - ESP_OK: succeed.
   */
+__attribute__((deprecated("Use 'esp_wifi_sta_enterprise_disable' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_disable(void);
 
 /**
   * @brief  Set identity for PEAP/TTLS method.
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_identity` instead.
+  *
   * @attention The API only passes the parameter identity to the global pointer variable in wpa2 enterprise module.
   *
   * @param  identity: point to address where stores the identity;
@@ -65,17 +58,24 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void);
   *    - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128)
   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
   */
+__attribute__((deprecated("Use 'esp_eap_client_set_identity' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len);
 
 /**
   * @brief  Clear identity for PEAP/TTLS method.
+  *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_clear_identity` instead.
+  *
   */
+__attribute__((deprecated("Use 'esp_eap_client_clear_identity' instead")))
 void esp_wifi_sta_wpa2_ent_clear_identity(void);
 
 /**
   * @brief  Set username for PEAP/TTLS method.
   *
-  * @attention The API only passes the parameter username to the global pointer variable in wpa2 enterprise module.
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_username` instead.
   *
   * @param  username: point to address where stores the username;
   * @param  len: length of username, limited to 1~127
@@ -85,17 +85,23 @@ void esp_wifi_sta_wpa2_ent_clear_identity(void);
   *    - ESP_ERR_INVALID_ARG: fail(len <= 0 or len >= 128)
   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
   */
+__attribute__((deprecated("Use 'esp_eap_client_set_username' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len);
 
 /**
   * @brief  Clear username for PEAP/TTLS method.
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_clear_username` instead.
+  *
   */
+__attribute__((deprecated("Use 'esp_eap_client_clear_username' instead")))
 void esp_wifi_sta_wpa2_ent_clear_username(void);
 
 /**
   * @brief  Set password for PEAP/TTLS method..
   *
-  * @attention The API only passes the parameter password to the global pointer variable in wpa2 enterprise module.
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_password` instead.
   *
   * @param  password: point to address where stores the password;
   * @param  len: length of password(len > 0)
@@ -105,18 +111,25 @@ void esp_wifi_sta_wpa2_ent_clear_username(void);
   *    - ESP_ERR_INVALID_ARG: fail(len <= 0)
   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
   */
+__attribute__((deprecated("Use 'esp_eap_client_set_password' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len);
 
 /**
   * @brief  Clear password for PEAP/TTLS method..
+  *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_clear_password` instead.
   */
+__attribute__((deprecated("Use 'esp_eap_client_clear_password' instead")))
 void esp_wifi_sta_wpa2_ent_clear_password(void);
 
 /**
   * @brief  Set new password for MSCHAPv2 method..
   *
-  * @attention 1. The API only passes the parameter password to the global pointer variable in wpa2 enterprise module.
-  * @attention 2. The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received.
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_new_password` instead.
+  *
+  * @attention 1. The new password is used to substitute the old password when eap-mschapv2 failure request message with error code ERROR_PASSWD_EXPIRED is received.
   *
   * @param  new_password: point to address where stores the password;
   * @param  len: length of password
@@ -126,17 +139,25 @@ void esp_wifi_sta_wpa2_ent_clear_password(void);
   *    - ESP_ERR_INVALID_ARG: fail(len <= 0)
   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
   */
-
+__attribute__((deprecated("Use 'esp_eap_client_set_new_password' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len);
 
 /**
   * @brief  Clear new password for MSCHAPv2 method..
+  *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_clear_new_password` instead.
+  *
   */
+__attribute__((deprecated("Use 'esp_eap_client_clear_new_password' instead")))
 void esp_wifi_sta_wpa2_ent_clear_new_password(void);
 
 /**
   * @brief  Set CA certificate for PEAP/TTLS method.
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_ca_cert` instead.
+  *
   * @attention 1. The API only passes the parameter ca_cert to the global pointer variable in wpa2 enterprise module.
   * @attention 2. The ca_cert should be zero terminated.
   *
@@ -146,16 +167,25 @@ void esp_wifi_sta_wpa2_ent_clear_new_password(void);
   * @return
   *    - ESP_OK: succeed
   */
+__attribute__((deprecated("Use 'esp_eap_client_set_ca_cert' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len);
 
 /**
   * @brief  Clear CA certificate for PEAP/TTLS method.
+  *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_clear_ca_cert` instead.
+  *
   */
+__attribute__((deprecated("Use 'esp_eap_client_clear_ca_cert' instead")))
 void esp_wifi_sta_wpa2_ent_clear_ca_cert(void);
 
 /**
   * @brief  Set client certificate and key.
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_certificate_and_key` instead.
+  *
   * @attention 1. The API only passes the parameter client_cert, private_key and private_key_passwd to the global pointer variable in wpa2 enterprise module.
   * @attention 2. The client_cert, private_key and private_key_passwd should be zero terminated.
   *
@@ -169,57 +199,84 @@ void esp_wifi_sta_wpa2_ent_clear_ca_cert(void);
   * @return
   *    - ESP_OK: succeed
   */
-esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len);
+__attribute__((deprecated("Use 'esp_eap_client_set_certificate_and_key' instead")))
+esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len,
+                                    const unsigned char *private_key, int private_key_len,
+                                    const unsigned char *private_key_passwd, int private_key_passwd_len);
 
 /**
   * @brief  Clear client certificate and key.
+  *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_clear_certificate_and_key` instead.
+  *
   */
+__attribute__((deprecated("Use 'esp_eap_client_clear_certificate_and_key' instead")))
 void esp_wifi_sta_wpa2_ent_clear_cert_key(void);
 
 /**
   * @brief  Set wpa2 enterprise certs time check(disable or not).
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_disable_time_check` instead.
+  *
   * @param  true: disable wpa2 enterprise certs time check
   * @param  false: enable wpa2 enterprise certs time check
   *
   * @return
   *    - ESP_OK: succeed
   */
+__attribute__((deprecated("Use 'esp_eap_client_set_disable_time_check' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable);
 
 /**
   * @brief  Get wpa2 enterprise certs time check(disable or not).
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_get_disable_time_check` instead.
+  *
   * @param  disable: store disable value
   *
   * @return
   *    - ESP_OK: succeed
   */
+__attribute__((deprecated("Use 'esp_eap_client_get_disable_time_check' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable);
 
 /**
   * @brief  Set wpa2 enterprise ttls phase2 method
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_ttls_phase2_method` instead.
+  *
   * @param  type: the type of phase 2 method to be used
   *
   * @return
   *    - ESP_OK: succeed
   */
+__attribute__((deprecated("Use 'esp_eap_client_set_ttls_phase2_method' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type);
 
 /**
   * @brief  enable/disable 192 bit suite b certification checks
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_suiteb_192bit_certification` instead.
+  *
   * @param  enable: bool to enable/disable it.
   *
   * @return
   *    - ESP_OK: succeed
   */
+__attribute__((deprecated("Use 'esp_eap_client_set_suiteb_192bit_certification' instead")))
 esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable);
 
 /**
   * @brief  Set client pac file
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_pac_file` instead.
+  *
   * @attention  1. For files read from the file system, length has to be decremented by 1 byte.
   * @attention  2. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST.
   *
@@ -230,11 +287,15 @@ esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable);
   *    - ESP_OK: succeed
   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
   */
+__attribute__((deprecated("Use 'esp_eap_client_set_pac_file' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len);
 
 /**
   * @brief  Set Phase 1 parameters for EAP-FAST
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_set_fast_params` instead.
+  *
   * @attention  1. Disabling the ESP_WIFI_MBEDTLS_TLS_CLIENT config is required to use EAP-FAST.
   *
   * @param  config: eap fast phase 1 configuration
@@ -244,17 +305,22 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int
   *    - ESP_ERR_INVALID_ARG: fail(out of bound arguments)
   *    - ESP_ERR_NO_MEM: fail(internal memory malloc fail)
   */
+__attribute__((deprecated("Use 'esp_eap_client_set_fast_params' instead")))
 esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config);
 
 /**
   * @brief  Use default CA cert bundle for server validation
   *
+  * @deprecated This function is deprecated and will be removed in the future.
+  *             Please use `esp_eap_client_use_default_cert_bundle` instead.
+  *
   * @use_default_bundle : whether to use bundle or not
   *
   * @return
   *    - ESP_OK: succeed
   *    - ESP_FAIL: fail
   */
+__attribute__((deprecated("Use 'esp_eap_client_use_default_cert_bundle' instead")))
 esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle);
 
 #ifdef __cplusplus

components/wpa_supplicant/esp_supplicant/include/esp_wps.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -33,32 +33,60 @@ extern "C" {
 #define ESP_ERR_WIFI_WPS_TYPE    (ESP_ERR_WIFI_BASE + 52)  /*!< WPS type error */
 #define ESP_ERR_WIFI_WPS_SM      (ESP_ERR_WIFI_BASE + 53)  /*!< WPS state machine is not initialized */
 
+/**
+ * @brief Enumeration of WPS (Wi-Fi Protected Setup) types.
+ */
 typedef enum wps_type {
-    WPS_TYPE_DISABLE = 0,
-    WPS_TYPE_PBC,
-    WPS_TYPE_PIN,
-    WPS_TYPE_MAX,
+    WPS_TYPE_DISABLE = 0,   /**< WPS is disabled */
+    WPS_TYPE_PBC,           /**< WPS Push Button Configuration method */
+    WPS_TYPE_PIN,           /**< WPS PIN (Personal Identification Number) method */
+    WPS_TYPE_MAX            /**< Maximum value for WPS type enumeration */
 } wps_type_t;
 
-#define WPS_MAX_MANUFACTURER_LEN 65
-#define WPS_MAX_MODEL_NUMBER_LEN 33
-#define WPS_MAX_MODEL_NAME_LEN   33
-#define WPS_MAX_DEVICE_NAME_LEN  33
+#define WPS_MAX_MANUFACTURER_LEN 65  /**< Maximum length of the manufacturer name in WPS information */
+#define WPS_MAX_MODEL_NUMBER_LEN 33  /**< Maximum length of the model number in WPS information */
+#define WPS_MAX_MODEL_NAME_LEN   33  /**< Maximum length of the model name in WPS information */
+#define WPS_MAX_DEVICE_NAME_LEN  33  /**< Maximum length of the device name in WPS information */
 
+/**
+ * @brief Structure representing WPS factory information for ESP device.
+ *
+ * This structure holds various strings representing factory information for a device, such as the manufacturer,
+ * model number, model name, and device name. Each string is a null-terminated character array. If any of the
+ * strings are empty, the default values are used.
+ */
 typedef struct {
-    char manufacturer[WPS_MAX_MANUFACTURER_LEN]; /*!< Manufacturer, null-terminated string. The default manufcturer is used if the string is empty */
-    char model_number[WPS_MAX_MODEL_NUMBER_LEN]; /*!< Model number, null-terminated string. The default model number is used if the string is empty */
-    char model_name[WPS_MAX_MODEL_NAME_LEN];     /*!< Model name, null-terminated string. The default model name is used if the string is empty */
-    char device_name[WPS_MAX_DEVICE_NAME_LEN];   /*!< Device name, null-terminated string. The default device name is used if the string is empty */
+    char manufacturer[WPS_MAX_MANUFACTURER_LEN]; /*!< Manufacturer of the device. If empty, the default manufacturer is used. */
+    char model_number[WPS_MAX_MODEL_NUMBER_LEN]; /*!< Model number of the device. If empty, the default model number is used. */
+    char model_name[WPS_MAX_MODEL_NAME_LEN];     /*!< Model name of the device. If empty, the default model name is used. */
+    char device_name[WPS_MAX_DEVICE_NAME_LEN];   /*!< Device name. If empty, the default device name is used. */
 } wps_factory_information_t;
 
-#define PIN_LEN 9
+#define PIN_LEN 9 /*!< The length of the WPS PIN (Personal Identification Number). */
+/**
+ * @brief Structure representing configuration settings for WPS (Wi-Fi Protected Setup).
+ *
+ * This structure encapsulates various configuration settings for WPS, including the WPS type (PBC or PIN),
+ * factory information that will be shown in the WPS Information Element (IE), and a PIN if the WPS type is
+ * set to PIN.
+ */
 typedef struct {
-    wps_type_t wps_type;
-    wps_factory_information_t factory_info;
-    char pin[PIN_LEN];
+    wps_type_t wps_type;  /*!< The type of WPS to be used (PBC or PIN). */
+    wps_factory_information_t factory_info; /*!< Factory information to be shown in the WPS Information Element (IE). Vendor can choose to display their own information. */
+    char pin[PIN_LEN];   /*!< WPS PIN (Personal Identification Number) used when wps_type is set to WPS_TYPE_PIN. */
 } esp_wps_config_t;
 
+/**
+ * @def WPS_CONFIG_INIT_DEFAULT(type)
+ * @brief Initialize a default WPS configuration structure with specified WPS type.
+ *
+ * This macro initializes a `esp_wps_config_t` structure with default values for the specified WPS type.
+ * It sets the WPS type, factory information (including default manufacturer, model number, model name, and device name),
+ * and a default PIN value if applicable.
+ *
+ * @param type The WPS type to be used (PBC or PIN).
+ * @return An initialized `esp_wps_config_t` structure with the specified WPS type and default values.
+ */
 #define WPS_CONFIG_INIT_DEFAULT(type) { \
     .wps_type = type, \
     .factory_info = {   \
@@ -73,9 +101,7 @@ typedef struct {
 /**
   * @brief     Enable Wi-Fi WPS function.
   *
-  * @attention WPS can only be used when station is enabled.
-  *
-  * @param     wps_type_t wps_type : WPS type, so far only WPS_TYPE_PBC and WPS_TYPE_PIN is supported
+  * @param     config : WPS config to be used in connection
   *
   * @return
   *          - ESP_OK : succeed
@@ -88,8 +114,6 @@ esp_err_t esp_wifi_wps_enable(const esp_wps_config_t *config);
 /**
   * @brief  Disable Wi-Fi WPS function and release resource it taken.
   *
-  * @param  null
-  *
   * @return
   *          - ESP_OK : succeed
   *          - ESP_ERR_WIFI_WPS_MODE : wifi is not in station mode or sniffer mode is on
@@ -97,9 +121,9 @@ esp_err_t esp_wifi_wps_enable(const esp_wps_config_t *config);
 esp_err_t esp_wifi_wps_disable(void);
 
 /**
-  * @brief     WPS starts to work.
+  * @brief     Start WPS session.
   *
-  * @attention WPS can only be used when station is enabled.
+  * @attention WPS can only be used when station is enabled. WPS needs to be enabled first for using this API.
   *
   * @param     timeout_ms : deprecated: This argument's value will have not effect in functionality of API.
   *                         The argument will be removed in future.
@@ -120,7 +144,7 @@ esp_err_t esp_wifi_wps_start(int timeout_ms);
   *
   * @attention WPS can only be used when softAP is enabled.
   *
-  * @param     esp_wps_config_t config: wps configuration to be used.
+  * @param     config: wps configuration to be used.
   *
   * @return
   *          - ESP_OK : succeed
@@ -133,8 +157,6 @@ esp_err_t esp_wifi_ap_wps_enable(const esp_wps_config_t *config);
 /**
   * @brief  Disable Wi-Fi SoftAP WPS function and release resource it taken.
   *
-  * @param  null
-  *
   * @return
   *          - ESP_OK : succeed
   *          - ESP_ERR_WIFI_WPS_MODE : wifi is not in station mode or sniffer mode is on

components/wpa_supplicant/esp_supplicant/src/esp_wpa2.c → components/wpa_supplicant/esp_supplicant/src/esp_eap_client.c

@@ -36,7 +36,8 @@
 #include "esp_crt_bundle.h"
 #endif
 #include "esp_wpas_glue.h"
-#include "esp_wpa2_i.h"
+#include "esp_eap_client_i.h"
+#include "esp_eap_client.h"
 
 #define WPA2_VERSION    "v2.0"
 
@@ -77,7 +78,7 @@ static void wpa2_api_lock(void)
     if (s_wpa2_api_lock == NULL) {
         s_wpa2_api_lock = os_recursive_mutex_create();
         if (!s_wpa2_api_lock) {
-            wpa_printf(MSG_ERROR, "WPA2: failed to create wpa2 api lock");
+            wpa_printf(MSG_ERROR, "EAP: failed to create EAP api lock");
             return;
         }
     }
@@ -117,7 +118,7 @@ static void wpa2_set_eap_state(wpa2_ent_eap_state_t state)
     esp_wifi_set_wpa2_ent_state_internal(state);
 }
 
-wpa2_ent_eap_state_t wpa2_get_eap_state(void)
+wpa2_ent_eap_state_t eap_client_get_eap_state(void)
 {
     if (!gEapSm) {
         return WPA2_ENT_EAP_STATE_NOT_START;
@@ -132,14 +133,14 @@ static inline void wpa2_task_delete(void *arg)
     int ret = ESP_OK;
 
     if (my_task_hdl == s_wpa2_task_hdl) {
-        wpa_printf(MSG_ERROR, "WPA2: should never call task delete api in wpa2 task context");
+        wpa_printf(MSG_ERROR, "EAP: should never call task delete api in eap task context");
         return;
     }
 
     ret = wpa2_post(SIG_WPA2_TASK_DEL, 0);
 
     if (ESP_OK != ret) {
-        wpa_printf(MSG_ERROR, "WPA2: failed to post task delete event, ret=%d", ret);
+        wpa_printf(MSG_ERROR, "EAP: failed to post task delete event, ret=%d", ret);
         return;
     }
 }
@@ -241,23 +242,23 @@ void wpa2_task(void *pvParameters )
             break;
         } else {
             if (s_wifi_wpa2_sync_sem) {
-                wpa_printf(MSG_DEBUG, "WPA2: wifi->wpa2 api completed sig(%" PRId32 ")", e->sig);
+                wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed sig(%" PRId32 ")", e->sig);
                 os_semphr_give(s_wifi_wpa2_sync_sem);
             } else {
-                wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem");
+                wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem");
             }
         }
     }
 
-    wpa_printf(MSG_DEBUG, "WPA2: queue deleted");
+    wpa_printf(MSG_DEBUG, "EAP: queue deleted");
     os_queue_delete(s_wpa2_queue);
-    wpa_printf(MSG_DEBUG, "WPA2: task deleted");
+    wpa_printf(MSG_DEBUG, "EAP: task deleted");
     s_wpa2_queue = NULL;
     if (s_wifi_wpa2_sync_sem) {
-        wpa_printf(MSG_DEBUG, "WPA2: wifi->wpa2 api completed sig(%" PRId32 ")", e->sig);
+        wpa_printf(MSG_DEBUG, "EAP: wifi->EAP api completed sig(%" PRId32 ")", e->sig);
         os_semphr_give(s_wifi_wpa2_sync_sem);
     } else {
-        wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem");
+        wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem");
     }
 
     /* At this point, we completed */
@@ -279,7 +280,7 @@ int wpa2_post(uint32_t sig, uint32_t par)
     } else {
         ETSEvent *evt = (ETSEvent *)os_malloc(sizeof(ETSEvent));
         if (evt == NULL) {
-            wpa_printf(MSG_ERROR, "WPA2: E N M");
+            wpa_printf(MSG_ERROR, "EAP: E N M");
             DATA_MUTEX_GIVE();
             return ESP_FAIL;
         }
@@ -288,14 +289,14 @@ int wpa2_post(uint32_t sig, uint32_t par)
         evt->sig = sig;
         evt->par = par;
         if (os_queue_send(s_wpa2_queue, &evt, os_task_ms_to_tick(10)) != TRUE) {
-            wpa_printf(MSG_ERROR, "WPA2: Q S E");
+            wpa_printf(MSG_ERROR, "EAP: Q S E");
             return ESP_FAIL;
         } else {
             if (s_wifi_wpa2_sync_sem) {
                 os_semphr_take(s_wifi_wpa2_sync_sem, OS_BLOCK);
-                wpa_printf(MSG_DEBUG, "WPA2: wpa2 api return, sm->state(%d)", sm->finish_state);
+                wpa_printf(MSG_DEBUG, "EAP: EAP api return, sm->state(%d)", sm->finish_state);
             } else {
-                wpa_printf(MSG_ERROR, "WPA2: null wifi->wpa2 sync sem");
+                wpa_printf(MSG_ERROR, "EAP: null wifi->EAP sync sem");
             }
         }
     }
@@ -552,20 +553,20 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
         /* TODO: backwards compatibility */
     }
     if (hdr->type != IEEE802_1X_TYPE_EAP_PACKET) {
-        wpa_printf(MSG_DEBUG, "WPA2: EAP frame (type %u) discarded, "
+        wpa_printf(MSG_DEBUG, "EAP: EAP frame (type %u) discarded, "
                    "not a EAP PACKET frame", hdr->type);
         ret = -2;
         goto _out;
     }
     if (plen > len - sizeof(*hdr) || plen < sizeof(*ehdr)) {
-        wpa_printf(MSG_DEBUG, "WPA2: EAPOL frame payload size %lu "
+        wpa_printf(MSG_DEBUG, "EAP: EAPOL frame payload size %lu "
                    "invalid (frame size %lu)",
                    (unsigned long) plen, (unsigned long) len);
         ret = -2;
         goto _out;
     }
 
-    wpa_hexdump(MSG_MSGDUMP, "WPA2: RX EAPOL-EAP PACKET", tmp, len);
+    wpa_hexdump(MSG_MSGDUMP, "EAP: RX EAPOL-EAP PACKET", tmp, len);
 
     if (data_len < len) {
         wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
@@ -577,7 +578,7 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
     case EAP_CODE_REQUEST:
         /* Handle EAP-reauthentication case */
         if (sm->finish_state == WPA2_ENT_EAP_STATE_SUCCESS) {
-                wpa_printf(MSG_INFO, ">>>>>wpa2 EAP Re-authentication in progress");
+                wpa_printf(MSG_INFO, "EAP Re-authentication in progress");
 		wpa2_set_eap_state(WPA2_ENT_EAP_STATE_IN_PROGRESS);
 	}
 
@@ -592,18 +593,18 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
             wpa_set_pmk(sm->eapKeyData, NULL, false);
             os_free(sm->eapKeyData);
             sm->eapKeyData = NULL;
-            wpa_printf(MSG_INFO, ">>>>>wpa2 FINISH");
+            wpa_printf(MSG_INFO, ">>>>>EAP FINISH");
             ret = WPA2_ENT_EAP_STATE_SUCCESS;
             wpa2_set_eap_state(WPA2_ENT_EAP_STATE_SUCCESS);
 	    eap_deinit_prev_method(sm, "EAP Success");
         } else {
-            wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED, receive EAP_SUCCESS but pmk is empty, potential attack!");
+            wpa_printf(MSG_INFO, ">>>>>EAP FAILED, receive EAP_SUCCESS but pmk is empty, potential attack!");
             ret = WPA2_ENT_EAP_STATE_FAIL;
             wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
         }
         break;
     case EAP_CODE_FAILURE:
-        wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED");
+        wpa_printf(MSG_INFO, ">>>>>EAP FAILED");
         ret = WPA2_ENT_EAP_STATE_FAIL;
         wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
         break;
@@ -678,7 +679,7 @@ static int eap_peer_sm_init(void)
     struct eap_sm *sm;
 
     if (gEapSm) {
-        wpa_printf(MSG_ERROR, "WPA2: wpa2 sm not null, deinit it");
+        wpa_printf(MSG_ERROR, "EAP: EAP sm not null, deinit it");
         eap_peer_sm_deinit();
     }
 
@@ -691,7 +692,7 @@ static int eap_peer_sm_init(void)
     gEapSm = sm;
     s_wpa2_data_lock = os_recursive_mutex_create();
     if (!s_wpa2_data_lock) {
-        wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock");
+        wpa_printf(MSG_ERROR, "EAP eap_peer_sm_init: failed to alloc data lock");
         ret = ESP_ERR_NO_MEM;
         goto _err;
     }
@@ -733,12 +734,12 @@ static int eap_peer_sm_init(void)
     }
     s_wifi_wpa2_sync_sem = os_semphr_create(1, 0);
     if (!s_wifi_wpa2_sync_sem) {
-        wpa_printf(MSG_ERROR, "WPA2: failed create wifi wpa2 task sync sem");
+        wpa_printf(MSG_ERROR, "EAP: failed create wifi EAP task sync sem");
         ret = ESP_FAIL;
         goto _err;
     }
 
-    wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE);
+    wpa_printf(MSG_INFO, "wifi_task prio:%d, stack:%d", WPA2_TASK_PRIORITY, WPA2_TASK_STACK_SIZE);
 #endif
     return ESP_OK;
 
@@ -783,7 +784,7 @@ static void eap_peer_sm_deinit(void)
     if (s_wpa2_data_lock) {
         os_semphr_delete(s_wpa2_data_lock);
         s_wpa2_data_lock = NULL;
-        wpa_printf(MSG_DEBUG, "wpa2 eap_peer_sm_deinit: free data lock");
+        wpa_printf(MSG_DEBUG, "EAP: eap_peer_sm_deinit: free data lock");
     }
 
     if (s_wpa2_queue) {
@@ -794,16 +795,15 @@ static void eap_peer_sm_deinit(void)
     gEapSm = NULL;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg)
+static esp_err_t esp_client_enable_fn(void *arg)
 {
     struct wpa2_funcs *wpa2_cb;
 
-    wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] enable",
-               WPA2_VERSION);
+    wpa_printf(MSG_INFO, "WiFi Enterprise enable");
 
     wpa2_cb = (struct wpa2_funcs *)os_zalloc(sizeof(struct wpa2_funcs));
     if (wpa2_cb == NULL) {
-        wpa_printf(MSG_ERROR, "WPA2: no mem for wpa2 cb");
+        wpa_printf(MSG_ERROR, "EAP: no mem for eap cb");
         return ESP_ERR_NO_MEM;
     }
 
@@ -814,7 +814,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg)
 
     esp_wifi_register_wpa2_cb_internal(wpa2_cb);
 
-    wpa_printf(MSG_DEBUG, "WPA2 ENTERPRISE CRYPTO INIT.\r");
+    wpa_printf(MSG_DEBUG, "WiFi Enterprise crypto init.\r");
 
 #ifdef EAP_PEER_METHOD
     if (eap_peer_register_methods()) {
@@ -824,7 +824,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg)
     return ESP_OK;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_enable(void)
+esp_err_t esp_wifi_sta_enterprise_enable(void)
 {
     wifi_wpa2_param_t param;
     esp_err_t ret;
@@ -833,21 +833,21 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void)
     wpa2_api_lock();
 
     if (wpa2_is_enabled()) {
-        wpa_printf(MSG_INFO, "WPA2: already enabled");
+        wpa_printf(MSG_INFO, "EAP: already enabled");
         wpa2_api_unlock();
         return ESP_OK;
     }
 
-    param.fn = (wifi_wpa2_fn_t)esp_wifi_sta_wpa2_ent_enable_fn;
+    param.fn = (wifi_wpa2_fn_t)esp_client_enable_fn;
     param.param = NULL;
 
     ret = esp_wifi_sta_wpa2_ent_enable_internal(&param);
 
     if (ESP_OK == ret) {
         wpa2_set_state(WPA2_STATE_ENABLED);
-        sm->wpa_sm_wpa2_ent_disable = esp_wifi_sta_wpa2_ent_disable;
+        sm->wpa_sm_eap_disable = esp_wifi_sta_enterprise_disable;
     } else {
-        wpa_printf(MSG_ERROR, "failed to enable wpa2 ret=%d", ret);
+        wpa_printf(MSG_ERROR, "failed to enable eap ret=%d", ret);
     }
 
     wpa2_api_unlock();
@@ -855,10 +855,10 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void)
     return ret;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_disable_fn(void *param)
+static esp_err_t eap_client_disable_fn(void *param)
 {
     struct wpa_sm *sm = &gWpaSm;
-    wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] disable", WPA2_VERSION);
+    wpa_printf(MSG_INFO, "WiFi enterprise disable");
     esp_wifi_unregister_wpa2_cb_internal();
 
     if (gEapSm) {
@@ -869,11 +869,11 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable_fn(void *param)
     eap_peer_unregister_methods();
 #endif
 
-    sm->wpa_sm_wpa2_ent_disable = NULL;
+    sm->wpa_sm_eap_disable = NULL;
     return ESP_OK;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_disable(void)
+esp_err_t esp_wifi_sta_enterprise_disable(void)
 {
     wifi_wpa2_param_t param;
     esp_err_t ret;
@@ -881,19 +881,19 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void)
     wpa2_api_lock();
 
     if (wpa2_is_disabled()) {
-        wpa_printf(MSG_INFO, "WPA2: already disabled");
+        wpa_printf(MSG_INFO, "EAP: already disabled");
         wpa2_api_unlock();
         return ESP_OK;
     }
 
-    param.fn = (wifi_wpa2_fn_t)esp_wifi_sta_wpa2_ent_disable_fn;
+    param.fn = (wifi_wpa2_fn_t)eap_client_disable_fn;
     param.param = 0;
     ret = esp_wifi_sta_wpa2_ent_disable_internal(&param);
 
     if (ESP_OK == ret) {
         wpa2_set_state(WPA2_STATE_DISABLED);
     } else {
-        wpa_printf(MSG_ERROR, "failed to disable wpa2 ret=%d", ret);
+        wpa_printf(MSG_ERROR, "failed to disable eap ret=%d", ret);
     }
 
     wpa2_api_unlock();
@@ -901,7 +901,9 @@ esp_err_t esp_wifi_sta_wpa2_ent_disable(void)
     return ret;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len, const unsigned char *private_key, int private_key_len, const unsigned char *private_key_passwd, int private_key_passwd_len)
+esp_err_t esp_eap_client_set_certificate_and_key(const unsigned char *client_cert, int client_cert_len,
+		const unsigned char *private_key, int private_key_len,
+		const unsigned char *private_key_passwd, int private_key_passwd_len)
 {
     if (client_cert && client_cert_len > 0) {
         g_wpa_client_cert = client_cert;
@@ -919,10 +921,8 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, i
     return ESP_OK;
 }
 
-void esp_wifi_sta_wpa2_ent_clear_cert_key(void)
+void esp_eap_client_clear_certificate_and_key(void)
 {
-    esp_wifi_unregister_wpa2_cb_internal();
-
     g_wpa_client_cert = NULL;
     g_wpa_client_cert_len = 0;
     g_wpa_private_key = NULL;
@@ -934,7 +934,7 @@ void esp_wifi_sta_wpa2_ent_clear_cert_key(void)
     g_wpa_pac_file_len = 0;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len)
+esp_err_t esp_eap_client_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len)
 {
     if (ca_cert && ca_cert_len > 0) {
         g_wpa_ca_cert = ca_cert;
@@ -944,14 +944,14 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca
     return ESP_OK;
 }
 
-void esp_wifi_sta_wpa2_ent_clear_ca_cert(void)
+void esp_eap_client_clear_ca_cert(void)
 {
     g_wpa_ca_cert = NULL;
     g_wpa_ca_cert_len = 0;
 }
 
 #define ANONYMOUS_ID_LEN_MAX 128
-esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len)
+esp_err_t esp_eap_client_set_identity(const unsigned char *identity, int len)
 {
     if (len <= 0 || len > ANONYMOUS_ID_LEN_MAX) {
         return ESP_ERR_INVALID_ARG;
@@ -973,7 +973,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int
     return ESP_OK;
 }
 
-void esp_wifi_sta_wpa2_ent_clear_identity(void)
+void esp_eap_client_clear_identity(void)
 {
     if (g_wpa_anonymous_identity) {
         os_free(g_wpa_anonymous_identity);
@@ -984,7 +984,7 @@ void esp_wifi_sta_wpa2_ent_clear_identity(void)
 }
 
 #define USERNAME_LEN_MAX 128
-esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len)
+esp_err_t esp_eap_client_set_username(const unsigned char *username, int len)
 {
     if (len <= 0 || len > USERNAME_LEN_MAX) {
         return ESP_ERR_INVALID_ARG;
@@ -1006,7 +1006,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int
     return ESP_OK;
 }
 
-void esp_wifi_sta_wpa2_ent_clear_username(void)
+void esp_eap_client_clear_username(void)
 {
     if (g_wpa_username) {
         os_free(g_wpa_username);
@@ -1016,7 +1016,7 @@ void esp_wifi_sta_wpa2_ent_clear_username(void)
     g_wpa_username_len = 0;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len)
+esp_err_t esp_eap_client_set_password(const unsigned char *password, int len)
 {
     if (len <= 0) {
         return ESP_ERR_INVALID_ARG;
@@ -1038,7 +1038,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int
     return ESP_OK;
 }
 
-void esp_wifi_sta_wpa2_ent_clear_password(void)
+void esp_eap_client_clear_password(void)
 {
     if (g_wpa_password) {
         os_free(g_wpa_password);
@@ -1047,7 +1047,7 @@ void esp_wifi_sta_wpa2_ent_clear_password(void)
     g_wpa_password_len = 0;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len)
+esp_err_t esp_eap_client_set_new_password(const unsigned char *new_password, int len)
 {
     if (len <= 0) {
         return ESP_ERR_INVALID_ARG;
@@ -1069,7 +1069,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_passwo
     return ESP_OK;
 }
 
-void esp_wifi_sta_wpa2_ent_clear_new_password(void)
+void esp_eap_client_clear_new_password(void)
 {
     if (g_wpa_new_password) {
         os_free(g_wpa_new_password);
@@ -1078,7 +1078,7 @@ void esp_wifi_sta_wpa2_ent_clear_new_password(void)
     g_wpa_new_password_len = 0;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable)
+esp_err_t esp_eap_client_set_disable_time_check(bool disable)
 {
     s_disable_time_check = disable;
     return ESP_OK;
@@ -1089,13 +1089,13 @@ bool wifi_sta_get_enterprise_disable_time_check(void)
     return s_disable_time_check;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable)
+esp_err_t esp_eap_client_get_disable_time_check(bool *disable)
 {
     *disable = wifi_sta_get_enterprise_disable_time_check();
     return ESP_OK;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type)
+esp_err_t esp_eap_client_set_ttls_phase2_method(esp_eap_ttls_phase2_types type)
 {
     switch (type) {
         case ESP_EAP_TTLS_PHASE2_EAP:
@@ -1120,7 +1120,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types
     return ESP_OK;
 }
 
-esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable)
+esp_err_t esp_eap_client_set_suiteb_192bit_certification(bool enable)
 {
 #ifdef CONFIG_SUITEB192
     g_wpa_suiteb_certification = enable;
@@ -1130,7 +1130,7 @@ esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable)
 #endif
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len)
+esp_err_t esp_eap_client_set_pac_file(const unsigned char *pac_file, int pac_file_len)
 {
     if (pac_file && pac_file_len > -1) {
         if (pac_file_len < 512) { // The file contains less than 1 pac and is to be rewritten later
@@ -1154,7 +1154,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int
     return ESP_OK;
 }
 
-esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config)
+esp_err_t esp_eap_client_set_fast_params(esp_eap_fast_config config)
 {
     char config_for_supplicant[PHASE1_PARAM_STRING_LEN] = "";
     if ((config.fast_provisioning > -1) && (config.fast_provisioning <= 2)) {
@@ -1186,7 +1186,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config confi
 
 }
 
-esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle)
+esp_err_t esp_eap_client_use_default_cert_bundle(bool use_default_bundle)
 {
 #ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
     g_wpa_default_cert_bundle = use_default_bundle;

components/wpa_supplicant/esp_supplicant/src/esp_wpa2_i.h → components/wpa_supplicant/esp_supplicant/src/esp_eap_client_i.h

@@ -4,11 +4,8 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-#ifndef ESP_WPA2_I_H
-#define ESP_WPA2_I_H
+#pragma once
 
 #include "esp_wifi_driver.h"
 
-wpa2_ent_eap_state_t wpa2_get_eap_state(void);
-
-#endif
+wpa2_ent_eap_state_t eap_client_get_eap_state(void);

components/wpa_supplicant/esp_supplicant/src/esp_wpa2_api_port.c

@@ -0,0 +1,115 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include "esp_eap_client.h"
+
+esp_err_t esp_wifi_sta_wpa2_ent_enable(void)
+{
+    return esp_wifi_sta_enterprise_enable();
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_disable(void)
+{
+    return esp_wifi_sta_enterprise_disable();
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_identity(const unsigned char *identity, int len)
+{
+    return esp_eap_client_set_identity(identity, len);
+}
+
+void esp_wifi_sta_wpa2_ent_clear_identity(void)
+{
+    esp_eap_client_clear_identity();
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_username(const unsigned char *username, int len)
+{
+    return esp_eap_client_set_username(username, len);
+}
+
+void esp_wifi_sta_wpa2_ent_clear_username(void)
+{
+    esp_eap_client_clear_username();
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_password(const unsigned char *password, int len)
+{
+    return esp_eap_client_set_password(password, len);
+}
+
+void esp_wifi_sta_wpa2_ent_clear_password(void)
+{
+    esp_eap_client_clear_password();
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_new_password(const unsigned char *new_password, int len)
+{
+    return esp_eap_client_set_new_password(new_password, len);
+}
+
+void esp_wifi_sta_wpa2_ent_clear_new_password(void)
+{
+    esp_eap_client_clear_new_password();
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_ca_cert(const unsigned char *ca_cert, int ca_cert_len)
+{
+    return esp_eap_client_set_ca_cert(ca_cert, ca_cert_len);
+}
+
+void esp_wifi_sta_wpa2_ent_clear_ca_cert(void)
+{
+    esp_eap_client_clear_ca_cert();
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_cert_key(const unsigned char *client_cert, int client_cert_len,
+                                             const unsigned char *private_key, int private_key_len,
+                                             const unsigned char *private_key_passwd, int private_key_passwd_len)
+{
+    return esp_eap_client_set_certificate_and_key(client_cert, client_cert_len,
+                    private_key, private_key_len, private_key_passwd, private_key_passwd_len);
+}
+
+void esp_wifi_sta_wpa2_ent_clear_cert_key(void)
+{
+    esp_eap_client_clear_certificate_and_key();
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_disable_time_check(bool disable)
+{
+    return esp_eap_client_set_disable_time_check(disable);
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_get_disable_time_check(bool *disable)
+{
+    return esp_eap_client_get_disable_time_check(disable);
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(esp_eap_ttls_phase2_types type)
+{
+    return esp_eap_client_set_ttls_phase2_method(type);
+}
+
+esp_err_t esp_wifi_sta_wpa2_set_suiteb_192bit_certification(bool enable)
+{
+    return esp_eap_client_set_suiteb_192bit_certification(enable);
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_pac_file(const unsigned char *pac_file, int pac_file_len)
+{
+    return esp_eap_client_set_pac_file(pac_file, pac_file_len);
+}
+
+esp_err_t esp_wifi_sta_wpa2_ent_set_fast_phase1_params(esp_eap_fast_config config)
+{
+    return esp_eap_client_set_fast_params(config);
+}
+
+esp_err_t esp_wifi_sta_wpa2_use_default_cert_bundle(bool use_default_bundle)
+{
+    return esp_eap_client_use_default_cert_bundle(use_default_bundle);
+}

components/wpa_supplicant/esp_supplicant/src/esp_wpa_main.c

@@ -28,7 +28,7 @@
 #include "esp_wifi_driver.h"
 #include "esp_private/wifi.h"
 #include "esp_wpa3_i.h"
-#include "esp_wpa2.h"
+#include "esp_eap_client.h"
 #include "esp_common_i.h"
 #include "esp_owe_i.h"
 
@@ -180,13 +180,13 @@ void wpa_ap_get_peer_spp_msg(void *sm_data, bool *spp_cap, bool *spp_req)
     *spp_req = sm->spp_sup.require;
 }
 
-bool  wpa_deattach(void)
+bool wpa_deattach(void)
 {
     struct wpa_sm *sm = &gWpaSm;
     esp_wpa3_free_sae_data();
 #ifdef CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT
-    if (sm->wpa_sm_wpa2_ent_disable) {
-        sm->wpa_sm_wpa2_ent_disable();
+    if (sm->wpa_sm_eap_disable) {
+        sm->wpa_sm_eap_disable();
     }
 #endif
     if (sm->wpa_sm_wps_disable) {

components/wpa_supplicant/src/eap_peer/eap_i.h

@@ -13,7 +13,6 @@
 #include "eap.h"
 #include "eap_common.h"
 #include "eap_config.h"
-#include "esp_wpa2.h"
 
 /* RFC 4137 - EAP Peer state machine */
 

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -35,7 +35,7 @@
 #include "esp_common_i.h"
 #include "esp_owe_i.h"
 #include "common/sae.h"
-#include "esp_wpa2_i.h"
+#include "esp_eap_client_i.h"
 
 /**
  * eapol_sm_notify_eap_success - Notification of external EAP success trigger
@@ -656,7 +656,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
     size_t kde_len;
 
     if (is_wpa2_enterprise_connection()) {
-        wpa2_ent_eap_state_t state = wpa2_get_eap_state();
+        wpa2_ent_eap_state_t state = eap_client_get_eap_state();
         if (state == WPA2_ENT_EAP_STATE_IN_PROGRESS) {
             wpa_printf(MSG_INFO, "EAP Success has not been processed yet."
                " Drop EAPOL message.");

components/wpa_supplicant/src/rsn_supp/wpa_i.h

@@ -117,7 +117,7 @@ struct wpa_sm {
     struct wpabuf *owe_ie;
 #endif /* CONFIG_OWE_STA */
     int (*wpa_sm_wps_disable)(void);
-    esp_err_t (*wpa_sm_wpa2_ent_disable)(void);
+    esp_err_t (*wpa_sm_eap_disable)(void);
 };
 
 /**

docs/doxygen/Doxyfile

@@ -198,6 +198,11 @@ INPUT = \
     $(PROJECT_PATH)/components/esp_wifi/include/esp_wifi_default.h \
     $(PROJECT_PATH)/components/esp_wifi/include/esp_wifi_types.h \
     $(PROJECT_PATH)/components/esp_wifi/include/esp_wifi.h \
+    $(PROJECT_PATH)/components/wpa_supplicant/esp_supplicant/include/esp_mbo.h  \
+    $(PROJECT_PATH)/components/wpa_supplicant/esp_supplicant/include/esp_eap_client.h \
+    $(PROJECT_PATH)/components/wpa_supplicant/esp_supplicant/include/esp_rrm.h \
+    $(PROJECT_PATH)/components/wpa_supplicant/esp_supplicant/include/esp_wnm.h \
+    $(PROJECT_PATH)/components/wpa_supplicant/esp_supplicant/include/esp_wps.h \
     $(PROJECT_PATH)/components/esp_wifi/wifi_apps/include/esp_nan.h \
     $(PROJECT_PATH)/components/esp-tls/esp_tls_errors.h \
     $(PROJECT_PATH)/components/esp-tls/esp_tls.h \

docs/en/api-reference/network/esp_wifi.rst

@@ -28,3 +28,8 @@ API Reference
 
 .. include-build-file:: inc/esp_wifi.inc
 .. include-build-file:: inc/esp_wifi_types.inc
+.. include-build-file:: inc/esp_eap_client.inc
+.. include-build-file:: inc/esp_wps.inc
+.. include-build-file:: inc/esp_rrm.inc
+.. include-build-file:: inc/esp_wnm.inc
+.. include-build-file:: inc/esp_mbo.inc

docs/en/migration-guides/release-5.x/5.2/index.rst

@@ -8,3 +8,4 @@ Migration from 5.1 to 5.2
 
     peripherals
     protocols
+    wifi

docs/en/migration-guides/release-5.x/5.2/wifi.rst

@@ -0,0 +1,10 @@
+WiFi
+====
+
+:link_to_translation:`zh_CN:[中文]`
+
+
+WiFi Enterprise security
+------------------------
+
+APIs defined in `esp_wpa2.h` have been deprecated. Please use newer APIs from `esp_eap_client.h`.

docs/zh_CN/migration-guides/release-5.x/5.2/index.rst

@@ -8,3 +8,4 @@
 
     peripherals
     protocols
+    wifi

docs/zh_CN/migration-guides/release-5.x/5.2/wifi.rst

@@ -0,0 +1,10 @@
+WiFi
+====
+
+:link_to_translation:`en:[English]`
+
+
+WiFi企业级安全
+------------------------
+
+在 `esp_wpa2.h` 中定义的API已被弃用，请使用来自 `esp_eap_client.h` 的新API。

examples/wifi/wifi_eap_fast/README.md

@@ -8,13 +8,14 @@ This example shows how ESP32 connects to AP with Wi-Fi enterprise encryption usi
 1. Install CA certificate which is optional.
 2. Set user name and password and identity.
 3. Set the PAC file which may be empty.
-4. Enable wpa2 enterprise.
+4. Enable WiFi enterprise mode.
 5. Connect to AP.
 
-*Note:* 1. EAP-FAST is not supported with `CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT` and so is disabled by default.
-        2. Setting the config `fast_provisioning` to methods 0 and 1 do not support saving the PAC credentials in case of a restart or loss of power.
-        3. The certificates present in the `examples/wifi/wifi_eap_fast/main` folder contain server certificates which have the corresponding CA as well. These can be used for server validation which is opptional.
-        4. The expiration date of these certificates is 2027/06/05.
+*Note:*
+1. EAP-FAST is not supported with `CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT` and so is disabled by default.
+2. Setting the config `fast_provisioning` to methods 0 and 1 do not support saving the PAC credentials in case of a restart or loss of power.
+3. The certificates present in the `examples/wifi/wifi_eap_fast/main` folder contain server certificates which have the corresponding CA as well. These can be used for server validation which is opptional.
+4. The expiration date of these certificates is 2027/06/05.
 
 ### Configuration
 

examples/wifi/wifi_eap_fast/main/Kconfig.projbuild

@@ -1,25 +1,21 @@
 menu "Example Configuration"
 
+    config EXAMPLE_WIFI_SSID
+        string "WiFi SSID"
+        default "ESP_EAP_FAST_AP"
+        help
+            SSID (network name) for the example to connect to.
+
     choice
         prompt "Enterprise configuration to be used"
-        default EXAMPLE_WPA_WPA2_ENTERPRISE
-        config EXAMPLE_WPA_WPA2_ENTERPRISE
-            bool "WPA_WPA2_ENT"
+        default EXAMPLE_WPA3_ENTERPRISE
+        config EXAMPLE_WPA2_ENTERPRISE
+            bool "WPA2_ENT"
         config EXAMPLE_WPA3_ENTERPRISE
             bool "WPA3_ENT"
-            depends on IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S3
-            select ESP_WIFI_GCMP_SUPPORT
-            select ESP_WIFI_GMAC_SUPPORT
-            select ESP_WIFI_SUITE_B_192
     endchoice
 
-    config EXAMPLE_WIFI_SSID
-        string "WiFi SSID"
-        default "wpa2_test"
-        help
-            SSID (network name) for the example to connect to.
-
-    if EXAMPLE_WPA_WPA2_ENTERPRISE
+    if EXAMPLE_WPA2_ENTERPRISE
         config EXAMPLE_VALIDATE_SERVER_CERT
             bool "Validate server"
             default y
@@ -27,7 +23,7 @@ menu "Example Configuration"
                 Validate the servers' certificate using CA cert.
     endif
 
-    if !EXAMPLE_WPA_WPA2_ENTERPRISE
+    if !EXAMPLE_WPA2_ENTERPRISE
         config EXAMPLE_VALIDATE_SERVER_CERT
             default y
     endif

examples/wifi/wifi_eap_fast/main/wifi_eap_fast_main.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: CC0-1.0
  */
@@ -10,7 +10,7 @@
 #include "freertos/task.h"
 #include "freertos/event_groups.h"
 #include "esp_wifi.h"
-#include "esp_wpa2.h"
+#include "esp_eap_client.h"
 #include "esp_event.h"
 #include "esp_log.h"
 #include "esp_system.h"
@@ -89,33 +89,38 @@ static void initialise_wifi(void)
     wifi_config_t wifi_config = {
         .sta = {
             .ssid = EXAMPLE_WIFI_SSID,
+#if defined (CONFIG_EXAMPLE_WPA3_ENTERPRISE)
+            .pmf_cfg = {
+                .required = true
+            },
+#endif
         },
     };
     ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
-    ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
-    ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) );
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA));
+    ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config));
+    ESP_ERROR_CHECK(esp_eap_client_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)));
 
 #if defined(CONFIG_EXAMPLE_VALIDATE_SERVER_CERT) || \
     defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE)
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ca_cert(ca_pem_start, ca_pem_bytes) );
+    ESP_ERROR_CHECK(esp_eap_client_set_ca_cert(ca_pem_start, ca_pem_bytes) );
 #endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */ /* EXAMPLE_WPA3_ENTERPRISE */
 
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)) );
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)) );
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_pac_file(pac_file_pac_start, pac_file_bytes - 1) );
+    ESP_ERROR_CHECK(esp_eap_client_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)));
+    ESP_ERROR_CHECK(esp_eap_client_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)));
+    ESP_ERROR_CHECK(esp_eap_client_set_pac_file(pac_file_pac_start, pac_file_bytes - 1) );
     esp_eap_fast_config eap_fast_config = {
         .fast_provisioning = 2,
         .fast_max_pac_list_len = 0,
         .fast_pac_format_binary = false
     };
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_fast_phase1_params(eap_fast_config) );
+    ESP_ERROR_CHECK(esp_eap_client_set_fast_params(eap_fast_config));
 
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_enable() );
-    ESP_ERROR_CHECK( esp_wifi_start() );
+    ESP_ERROR_CHECK(esp_wifi_sta_enterprise_enable());
+    ESP_ERROR_CHECK(esp_wifi_start());
 }
 
-static void wpa2_enterprise_example_task(void *pvParameters)
+static void wifi_enterprise_example_task(void *pvParameters)
 {
     esp_netif_ip_info_t ip;
     memset(&ip, 0, sizeof(esp_netif_ip_info_t));
@@ -138,5 +143,5 @@ void app_main(void)
 {
     ESP_ERROR_CHECK( nvs_flash_init() );
     initialise_wifi();
-    xTaskCreate(&wpa2_enterprise_example_task, "wpa2_enterprise_example_task", 4096, NULL, 5, NULL);
+    xTaskCreate(&wifi_enterprise_example_task, "wifi_enterprise_example_task", 4096, NULL, 5, NULL);
 }

examples/wifi/wifi_enterprise/README.md

@@ -1,7 +1,16 @@
 | Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C6 | ESP32-S2 | ESP32-S3 |
 | ----------------- | ----- | -------- | -------- | -------- | -------- | -------- |
 
-# WPA2 Enterprise Example
+
+# Understanding different WiFi enterprise modes:
+
+**WPA2 Enterprise**: WPA2-Enterprise is an advanced Wi-Fi security mode primarily used in business environments. It employs a RADIUS server for user-based authentication, supporting various EAP methods like EAP-TLS and EAP-PEAP. This mode enhances security by requiring individual user credentials, establishes secure encryption keys, and allows for efficient user management. It's a scalable and robust solution ideal for large-scale networks seeking strong protection against unauthorized access.
+
+**WPA3 Enterprise**: WPA2-Enterprise + PMF mandatory + CA certificate validaion(required)
+
+**WPA3 Enterprise(192 bit)**: WPA3 Enterprise + AES256 Keys(GCMP256/CCMP256) + BIP256 + RSA3096/EC certs + NSA SuiteB ciphers in EAP authentication.
+
+# WiFi Enterprise Example
 
 This example shows how ESP32 connects to AP with Wi-Fi enterprise encryption. The example does the following steps:
 
@@ -9,8 +18,8 @@ This example shows how ESP32 connects to AP with Wi-Fi enterprise encryption. Th
 2. Install client certificate and client key which is required in TLS method and optional in PEAP and TTLS methods.
 3. Set identity of phase 1 which is optional.
 4. Set user name and password of phase 2 which is required in PEAP and TTLS methods.
-5. Enable wpa2 enterprise.
-6. Connect to AP.
+5. Enable WiFi enterprise mode.
+6. Connect to AP using esp_wifi_connect().
 
 *Note:* 
 1. The certificates currently are generated and are present in examples/wifi/wifi_enterprise/main folder.
@@ -93,25 +102,100 @@ idf.py -p PORT flash monitor
 
 ### Example output
 
-Here is an example of wpa2 enterprise(PEAP method) console output.
-```
-I (1352) example: Setting WiFi configuration SSID wpa2_test...
-I (1362) wpa: WPA2 ENTERPRISE VERSION: [v2.0] enable
-
-I (1362) wifi: rx_ba=1 tx_ba=1
-
-I (1372) wifi: mode : sta (24:0a:c4:03:b8:dc)
-I (3002) wifi: n:11 0, o:1 0, ap:255 255, sta:11 0, prof:11
-I (3642) wifi: state: init -> auth (b0)
-I (3642) wifi: state: auth -> assoc (0)
-I (3652) wifi: state: assoc -> run (10)
-I (3652) wpa: wpa2_task prio:24, stack:6144
-
-I (3972) wpa: >>>>>wpa2 FINISH
-
-I (3982) wpa: wpa2 task delete
+I (31) boot: ESP-IDF v5.2-dev-2787-g40cf6433be-dirty 2nd stage bootloader
+I (31) boot: compile time Sep 12 2023 13:39:03
+I (33) boot: Multicore bootloader
+I (38) boot: chip revision: v3.0
+I (41) boot.esp32: SPI Speed      : 40MHz
+I (46) boot.esp32: SPI Mode       : DIO
+I (51) boot.esp32: SPI Flash Size : 2MB
+I (55) boot: Enabling RNG early entropy source...
+I (61) boot: Partition Table:
+I (64) boot: ## Label            Usage          Type ST Offset   Length
+I (71) boot:  0 nvs              WiFi data        01 02 00009000 00006000
+I (79) boot:  1 phy_init         RF data          01 01 0000f000 00001000
+I (86) boot:  2 factory          factory app      00 00 00010000 00100000
+I (94) boot: End of partition table
+I (98) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=2aa0ch (174604) map
+I (170) esp_image: segment 1: paddr=0003aa34 vaddr=3ffb0000 size=037a0h ( 14240) load
+I (175) esp_image: segment 2: paddr=0003e1dc vaddr=40080000 size=01e3ch (  7740) load
+I (179) esp_image: segment 3: paddr=00040020 vaddr=400d0020 size=954c8h (611528) map
+I (405) esp_image: segment 4: paddr=000d54f0 vaddr=40081e3c size=13de0h ( 81376) load
+I (449) boot: Loaded app from partition at offset 0x10000
+I (450) boot: Disabling RNG early entropy source...
+I (461) cpu_start: Multicore app
+I (461) cpu_start: Pro cpu up.
+I (462) cpu_start: Starting app cpu, entry point is 0x400811e0
+I (0) cpu_start: App cpu up.
+I (479) cpu_start: Pro cpu start user code
+I (479) cpu_start: cpu freq: 160000000 Hz
+I (479) cpu_start: Application information:
+I (484) cpu_start: Project name:     wifi_enterprise
+I (490) cpu_start: App version:      c6_h2_rng_final_tests-2032-g40c
+I (497) cpu_start: Compile time:     Sep 12 2023 13:38:55
+I (503) cpu_start: ELF file SHA256:  8d1ba00d3...
+I (508) cpu_start: ESP-IDF:          v5.2-dev-2787-g40cf6433be-dirty
+I (515) cpu_start: Min chip rev:     v0.0
+I (520) cpu_start: Max chip rev:     v3.99 
+I (525) cpu_start: Chip rev:         v3.0
+I (530) heap_init: Initializing. RAM available for dynamic allocation:
+I (537) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
+I (543) heap_init: At 3FFB7A20 len 000285E0 (161 KiB): DRAM
+I (549) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
+I (555) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
+I (562) heap_init: At 40095C1C len 0000A3E4 (40 KiB): IRAM
+I (570) spi_flash: detected chip: generic
+I (573) spi_flash: flash io: dio
+W (577) spi_flash: Detected size(8192k) larger than the size in the binary image header(2048k). Using the size in the binary image header.
+I (591) app_start: Starting scheduler on CPU0
+I (595) app_start: Starting scheduler on CPU1
+I (595) main_task: Started on CPU0
+I (605) main_task: Calling app_main()
+I (635) wifi:wifi driver task: 3ffbf930, prio:23, stack:6656, core=0
+I (635) wifi:wifi firmware version: e03c1ca
+I (635) wifi:wifi certification version: v7.0
+I (635) wifi:config NVS flash: enabled
+I (635) wifi:config nano formating: disabled
+I (645) wifi:Init data frame dynamic rx buffer num: 32
+I (645) wifi:Init management frame dynamic rx buffer num: 32
+I (655) wifi:Init management short buffer num: 32
+I (655) wifi:Init dynamic tx buffer num: 32
+I (665) wifi:Init static rx buffer size: 1600
+I (665) wifi:Init static rx buffer num: 10
+I (665) wifi:Init dynamic rx buffer num: 32
+I (675) wifi_init: rx ba win: 6
+I (675) wifi_init: tcpip mbox: 32
+I (675) wifi_init: udp mbox: 6
+I (685) wifi_init: tcp mbox: 6
+I (685) wifi_init: tcp tx win: 5744
+I (695) wifi_init: tcp rx win: 5744
+I (695) wifi_init: tcp mss: 1440
+I (695) wifi_init: WiFi IRAM OP enabled
+I (705) wifi_init: WiFi RX IRAM OP enabled
+I (705) example: Setting WiFi configuration SSID ESP_ENTERPRISE_AP...
+I (715) wpa: WiFi Enterprise enable
+I (725) phy_init: phy_version 4771,450c73b,Aug 16 2023,11:03:10
+I (835) wifi:mode : sta (e0:e2:e6:6a:7c:20)
+I (845) wifi:enable tsf
+I (845) main_task: Returned from app_main()
+I (1465) wpa: BSS: Add new id 0 BSSID 38:94:ed:34:07:66 SSID 'ESP_ENTERPRISE_AP' chan 6
+I (1465) wifi:new:<6,0>, old:<1,0>, ap:<255,255>, sta:<6,0>, prof:1
+I (7385) wifi:state: init -> auth (b0)
+I (7395) wifi:state: auth -> assoc (0)
+I (7405) wifi:state: assoc -> run (10)
+I (7405) wpa: wifi_task prio:7, stack:6656
+I (7495) wpa: len=5 not available in input
+I (7555) wpa: SSL: Need 1595 bytes more input data
+I (7605) wpa: SSL: Need 601 bytes more input data
+I (8575) wpa: len=5 not available in input
+I (8695) wpa: application data is null, adding one byte for ack
+I (8725) wpa: >>>>>EAP FINISH
+I (8785) wifi:connected with ESP_ENTERPRISE_AP, aid = 1, channel 6, BW20, bssid = 38:94:ed:34:07:66
+I (8785) wifi:security: WPA2-ENT, phy: bgn, rssi: -22
+I (8785) wifi:pm start, type: 1
+
+I (8795) wifi:AP's beacon interval = 102400 us, DTIM period = 3
 
-I (3992) wifi: connected with wpa2_test, channel 11
 I (5372) example: ~~~~~~~~~~~
 I (5372) example: IP:0.0.0.0
 I (5372) example: MASK:0.0.0.0

examples/wifi/wifi_enterprise/main/Kconfig.projbuild

@@ -2,15 +2,15 @@ menu "Example Configuration"
 
     config EXAMPLE_WIFI_SSID
         string "WiFi SSID"
-        default "wpa2_test"
+        default "ESP_ENTERPRISE_AP"
         help
             SSID (network name) for the example to connect to.
 
     choice
         prompt "Enterprise configuration to be used"
-        default EXAMPLE_WPA_WPA2_ENTERPRISE
-        config EXAMPLE_WPA_WPA2_ENTERPRISE
-            bool "WPA_WPA2_ENT"
+        default EXAMPLE_WPA3_ENTERPRISE
+        config EXAMPLE_WPA2_ENTERPRISE
+            bool "WPA2_ENT"
         config EXAMPLE_WPA3_ENTERPRISE
             bool "WPA3_ENT"
         config EXAMPLE_WPA3_192BIT_ENTERPRISE
@@ -21,7 +21,7 @@ menu "Example Configuration"
             select ESP_WIFI_SUITE_B_192
     endchoice
 
-    if EXAMPLE_WPA_WPA2_ENTERPRISE
+    if EXAMPLE_WPA2_ENTERPRISE
         config EXAMPLE_VALIDATE_SERVER_CERT
             bool "Validate server"
             default y
@@ -29,21 +29,14 @@ menu "Example Configuration"
                 Validate the servers' certificate using CA cert.
     endif
 
-    if !EXAMPLE_WPA_WPA2_ENTERPRISE
+    if !EXAMPLE_WPA2_ENTERPRISE
         config EXAMPLE_VALIDATE_SERVER_CERT
             default y
     endif
 
-    config EXAMPLE_USE_DEFAULT_CERT_BUNDLE
-        bool "Use default cert bundle"
-        depends on EXAMPLE_VALIDATE_SERVER_CERT
-        default n
-        help
-            Use default CA certificate bundle for WPA enterprise connection
-
     choice
         prompt "EAP method for the example to use"
-        default EXAMPLE_EAP_METHOD_PEAP
+        default EXAMPLE_EAP_METHOD_TLS
         config EXAMPLE_EAP_METHOD_TLS
             bool "TLS"
         config EXAMPLE_EAP_METHOD_PEAP
@@ -90,13 +83,19 @@ menu "Example Configuration"
         depends on EXAMPLE_EAP_METHOD_PEAP || EXAMPLE_EAP_METHOD_TTLS
         default "espressif"
         help
-            Username for EAP method (PEAP and TTLS).
+            Username for EAP method (valid for PEAP and TTLS).
 
     config EXAMPLE_EAP_PASSWORD
         string "EAP PASSWORD"
         depends on EXAMPLE_EAP_METHOD_PEAP || EXAMPLE_EAP_METHOD_TTLS
         default "test11"
         help
-            Password for EAP method (PEAP and TTLS).
+            Password for EAP method (valid for PEAP and TTLS).
 
+    config EXAMPLE_USE_DEFAULT_CERT_BUNDLE
+        bool "Use default cert bundle"
+        depends on EXAMPLE_VALIDATE_SERVER_CERT
+        default n
+        help
+            Use default CA certificate bundle for WiFi enterprise connection
 endmenu

examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c

@@ -1,28 +1,17 @@
-/* WiFi Connection Example using WPA2 Enterprise
+/*
+ * SPDX-FileCopyrightText: 2006-2016 ARM Limited
+ * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
  *
- * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
- * Additions Copyright (C) Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
- *
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * SPDX-License-Identifier: Apache-2.0
  */
+
 #include <string.h>
 #include <stdlib.h>
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"
 #include "freertos/event_groups.h"
 #include "esp_wifi.h"
-#include "esp_wpa2.h"
+#include "esp_eap_client.h"
 #include "esp_event.h"
 #include "esp_log.h"
 #include "esp_system.h"
@@ -63,7 +52,7 @@ static const char *TAG = "example";
    Client key, taken from client.key
 
    The PEM, CRT and KEY file were provided by the person or organization
-   who configured the AP with wpa2 enterprise.
+   who configured the AP with wifi enterprise.
 
    To embed it in the app binary, the PEM, CRT and KEY file is named
    in the component.mk COMPONENT_EMBED_TXTFILES variable.
@@ -115,14 +104,14 @@ static void initialise_wifi(void)
     assert(sta_netif);
 
     wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
-    ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
-    ESP_ERROR_CHECK( esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL) );
-    ESP_ERROR_CHECK( esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL) );
-    ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+    ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL));
+    ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL));
+    ESP_ERROR_CHECK(esp_wifi_set_storage(WIFI_STORAGE_RAM));
     wifi_config_t wifi_config = {
         .sta = {
             .ssid = EXAMPLE_WIFI_SSID,
-#if defined (CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE)
+#if defined (CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE) || defined (CONFIG_EXAMPLE_WPA3_ENTERPRISE)
             .pmf_cfg = {
                 .required = true
             },
@@ -130,41 +119,43 @@ static void initialise_wifi(void)
         },
     };
     ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
-    ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
-    ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) );
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) );
+    ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config) );
+    ESP_ERROR_CHECK(esp_eap_client_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) );
 
 #if defined(CONFIG_EXAMPLE_VALIDATE_SERVER_CERT) || \
     defined(CONFIG_EXAMPLE_WPA3_ENTERPRISE) || \
     defined(CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE)
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ca_cert(ca_pem_start, ca_pem_bytes) );
+    ESP_ERROR_CHECK(esp_eap_client_set_ca_cert(ca_pem_start, ca_pem_bytes) );
 #endif /* CONFIG_EXAMPLE_VALIDATE_SERVER_CERT */ /* EXAMPLE_WPA3_ENTERPRISE */
 
 #ifdef CONFIG_EXAMPLE_EAP_METHOD_TLS
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_cert_key(client_crt_start, client_crt_bytes,\
-    		client_key_start, client_key_bytes, NULL, 0) );
+    ESP_ERROR_CHECK(esp_eap_client_set_certificate_and_key(client_crt_start, client_crt_bytes,
+                                      client_key_start, client_key_bytes, NULL, 0) );
 #endif /* CONFIG_EXAMPLE_EAP_METHOD_TLS */
 
-#if defined CONFIG_EXAMPLE_EAP_METHOD_PEAP || CONFIG_EXAMPLE_EAP_METHOD_TTLS
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)) );
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)) );
+#if defined (CONFIG_EXAMPLE_EAP_METHOD_PEAP) || \
+    defined (CONFIG_EXAMPLE_EAP_METHOD_TTLS)
+    ESP_ERROR_CHECK(esp_eap_client_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)) );
+    ESP_ERROR_CHECK(esp_eap_client_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)) );
 #endif /* CONFIG_EXAMPLE_EAP_METHOD_PEAP || CONFIG_EXAMPLE_EAP_METHOD_TTLS */
 
 #if defined CONFIG_EXAMPLE_EAP_METHOD_TTLS
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ttls_phase2_method(TTLS_PHASE2_METHOD) );
+    ESP_ERROR_CHECK(esp_eap_client_set_ttls_phase2_method(TTLS_PHASE2_METHOD) );
 #endif /* CONFIG_EXAMPLE_EAP_METHOD_TTLS */
+
 #if defined (CONFIG_EXAMPLE_WPA3_192BIT_ENTERPRISE)
     ESP_LOGI(TAG, "Enabling 192 bit certification");
-    ESP_ERROR_CHECK(esp_wifi_sta_wpa2_set_suiteb_192bit_certification(true));
+    ESP_ERROR_CHECK(esp_eap_client_set_suiteb_192bit_certification(true));
 #endif
 #ifdef CONFIG_EXAMPLE_USE_DEFAULT_CERT_BUNDLE
-    ESP_ERROR_CHECK(esp_wifi_sta_wpa2_use_default_cert_bundle(true));
+    ESP_ERROR_CHECK(esp_eap_client_use_default_cert_bundle(true));
 #endif
-    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_enable() );
-    ESP_ERROR_CHECK( esp_wifi_start() );
+    ESP_ERROR_CHECK(esp_wifi_sta_enterprise_enable());
+    ESP_ERROR_CHECK(esp_wifi_start());
 }
 
-static void wpa2_enterprise_example_task(void *pvParameters)
+static void wifi_enterprise_example_task(void *pvParameters)
 {
     esp_netif_ip_info_t ip;
     memset(&ip, 0, sizeof(esp_netif_ip_info_t));
@@ -185,7 +176,7 @@ static void wpa2_enterprise_example_task(void *pvParameters)
 
 void app_main(void)
 {
-    ESP_ERROR_CHECK( nvs_flash_init() );
+    ESP_ERROR_CHECK(nvs_flash_init());
     initialise_wifi();
-    xTaskCreate(&wpa2_enterprise_example_task, "wpa2_enterprise_example_task", 4096, NULL, 5, NULL);
+    xTaskCreate(&wifi_enterprise_example_task, "wifi_enterprise_example_task", 4096, NULL, 5, NULL);
 }

tools/ci/check_copyright_ignore.txt

@@ -1304,7 +1304,6 @@ examples/wifi/roaming/main/roaming_example.c
 examples/wifi/scan/main/scan.c
 examples/wifi/smart_config/main/smartconfig_main.c
 examples/wifi/wifi_easy_connect/dpp-enrollee/main/dpp_enrollee_main.c
-examples/wifi/wifi_enterprise/main/wifi_enterprise_main.c
 examples/wifi/wps/main/wps.c
 tools/ble/lib_ble_client.py
 tools/ble/lib_gap.py