Enterprise Security Library
Overview

Enterprise Security library provides the capability for Infineon's best-in-class Wi-Fi enabled PSoC™ 6 devices to connect to enterprise Wi-Fi networks. This library implements a collection of the most commonly used Extensible Authentication Protocols (EAP) that are commonly used in enterprise networks. This library is an embedded variant of the Wi-Fi supplicant (minimal features) that runs on an RTOS and provides the ability to securely join enterprise security networks (802.1x) using various EAP authentication protocols.

Features and Functionality

  • Supports the following EAP security protocols:
    • EAP-TLS
    • PEAPv0 with MSCHAPv2
    • EAP-TTLS with EAP-MSCHAPv2 (Phase 2 tunnel authentication supports only EAP methods)
  • Supports TLS session (session ID based) resumption
  • Supports 'PEAP Fast reconnect' (applicable only for PEAP protocol)
  • Supports roaming across APs in the enterprise network (vanilla roaming)
  • Supports TLS versions 1.0, 1.1, and 1.2

This library provides application developers an easy-to-use, unified interface for quickly enabling enterprise security in their applications. The library provides a single interface to join and leave 802.1x networks using different protocols.

Supported Frameworks

  • ModusToolbox™ environment: In this environment the Enterprise Security library uses the abstraction-rtos library that provides the RTOS abstraction API and the wcm library for network functions.
  • Mbed Framework: Mbed framework is an Mbed OS-based solution. Enterprise Security Library uses the abstraction-rtos library that provides RTOS abstraction API, and uses the Mbed socket API for implementing network functions.

Supported Platforms

ModusToolbox™

Mbed OS

Dependent Libraries

ModusToolbox™

Mbed OS

RADIUS Servers

This library has been verified with enterprise Wi-Fi networks configured using the following RADIUS server(s):

  • FreeRadius 3.0.15

Quick Start

This library is supported on both ModusToolbox™ and Mbed OS environments. The section below provides information on how to build the library in those environments.

ModusToolbox™

A set of pre-defined configuration files have been bundled with the wifi-mw-core library for FreeRTOS, lwIP, and mbed TLS. Review the configuration and make the required adjustments. See the "Quick Start" section in README.md.

  • Make the following changes to the default mbed TLS configurations in mbedtls_user_config.h:
    • Enable the following flags:
      MBEDTLS_DES_C, MBEDTLS_MD4_C, MBEDTLS_MD5_C, MBEDTLS_SHA1_C, MBEDTLS_SSL_PROTO_TLS1, MBEDTLS_SSL_PROTO_TLS1_1, and MBEDTLS_SSL_EXPORT_KEYS
    • Disable the following flags:
      MBEDTLS_POLY1305_C, MBEDTLS_CHACHAPOLY_C, and MBEDTLS_CHACHA20_C
  • Define the following COMPONENTS in the application's Makefile for the Enterprise Security library.
    COMPONENTS=FREERTOS PSOC6HAL MBEDTLS LWIP WCM
  • Enterprise Security library disables all the debug log messages by default. To enable log messages, the application must perform the following:
    • Add ENABLE_ENTERPRISE_SECURITY_LOGS macro to the DEFINES in the application's Makefile. The Makefile entry would look as follows:
      DEFINES+=ENABLE_ENTERPRISE_SECURITY_LOGS
    • Call the cy_log_init() function provided by the cy-log module. cy-log is part of the connectivity-utilities library. See connectivity-utilities library API documentation for cy-log details.
  • By default, the macro MBEDTLS_HAVE_TIME_DATE is undefined in mbedtls_user_config.h. If application wishes to perform time and date validation on the certificate, then define the MBEDTLS_HAVE_TIME_DATE flag in mbedtls_user_config.h.

Mbed OS

  • Add the .lib file(s) for dependent libraries.
    • Create a folder named deps.
    • Create a file with name mbed-os.lib and add the following line to this file:
      https://github.com/ARMmbed/mbed-os/#a2ada74770f043aff3e61e29d164a8e78274fcd4
    • Create a file with name connectivity-utilities.lib and add the following line to this file:
      https://github.com/infineon/connectivity-utilities/#<commit-SHA-for-latest-release-v3.X>
    • Replace <commit-SHA-for-latest-release-v3.X> in the above line with commit SHA of 'latest-v3.X' tag available in the GitHub repository.
      • Example: For tag release-v3.0.1
        https://github.com/infineon/connectivity-utilities/#68bd1bc9883a0ab424eb6daf1e726f0aba2c54a6
  • Add MBED and MBEDTLS to the components_add section in the application's JSON file. The JSON file entry would look as follows:
    "target.components_add": ["MBED", "MBEDTLS"]
  • Enterprise Security library disables all the debug log messages by default. To enable log messages, the application must perform the following:
    • Add ENABLE_ENTERPRISE_SECURITY_LOGS macro to the macros section in the application's JSON file. The JSON file entry would look as follows:
      "macros": ["ENABLE_ENTERPRISE_SECURITY_LOGS"]
    • Call the cy_log_init() function provided by the cy-log module. cy-log is part of the connectivity-utilities library. See connectivity-utilities library API documentation for cy-log details.
  • Add an mbed TLS user config file (for e.g. mbedtls_user_config.h) with the following changes to the default mbed TLS configuration:
    • Enable the following flags:
      MBEDTLS_DES_C, MBEDTLS_MD4_C, MBEDTLS_MD5_C, `MBEDTLS_SHA1_C, MBEDTLS_SSL_PROTO_TLS1, MBEDTLS_SSL_PROTO_TLS1_1, and MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
    • Disable the following flags:
      MBEDTLS_POLY1305_C, MBEDTLS_CHACHAPOLY_C, and MBEDTLS_CHACHA20_C
  • If the application wishes to perform time and date validation on the certificate, then enable the MBEDTLS_HAVE_TIME_DATE flag in the mbed TLS user config file created in the step above.
  • Provide the path to the mbed TLS user config file in the application's JSON file. The JSON file entry would look as follows:
    "macros": ["MBEDTLS_USER_CONFIG_FILE=\"mbedtls_user_config.h\""]

Code Snippets

This section provides code snippets for this library on ModusToolbox™ and Mbed OS environements. The code snippets given under the ModusToolbox™ section uses C APIs, whereas the snippets given under Mbed OS use C++ Class to demonstrate the library usage. In general, the library features are tested on Mbed OS using C++ Class interface, and tested on ModusToolbox™ using C APIs.

  • ModusToolbox™ - Snippets for HTTP Server create, start, stop, and delete (C implementation).
  • Mbed OS - Snippets for HTTP server create, start, stop, and delete (C++ implementation).

ModusToolbox™

Code Snippet 1: Enterprise Security Join and Leave (EAP-TLS)

Creates an Enterprise Security instance and performs join and leave using cy_enterprise_security_join and cy_enterprise_security_leave APIs respectively with EAP-TLS.

#include <stdio.h>
#include "cy_enterprise_security.h"
#include "certificate.h"
/******************************************************
* Macros
******************************************************/
#define RADIUS_SERVER_IDENTITY "svtuser"
#define RADIUS_SERVER_PASSWORD "hnd@123"
#define ENTERPRISE_SECURITY_NW_SSID "ENT_SEC_NW_2G"
#define APP_INFO( x ) printf x
/************************************************************
* Global Variables *
************************************************************/
/* Enterprise Security parameters */
static cy_enterprise_security_parameters_t ent_parameters;
/* Enterprise Security instance handle */
static cy_enterprise_security_t handle;
cy_rslt_t ent_sec_join_leave_eap_tls()
{
cy_rslt_t result = CY_RSLT_SUCCESS;
/* Set the Enterprise Security parameters. */
ent_parameters.ca_cert = (char*) WIFI_ROOT_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_cert = (char*) WIFI_USER_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_key = (char*) WIFI_USER_PRIVATE_KEY_STRING; /* Defined in certificate.h */
memcpy(ent_parameters.ssid, (char *)ENTERPRISE_SECURITY_NW_SSID, strlen(ENTERPRISE_SECURITY_NW_SSID) + 1);
memcpy(ent_parameters.outer_eap_identity, (char *)RADIUS_SERVER_IDENTITY, strlen(RADIUS_SERVER_IDENTITY) + 1);
ent_parameters.eap_type = CY_ENTERPRISE_SECURITY_EAP_TYPE_TLS;
ent_parameters.auth_type = CY_ENTERPRISE_SECURITY_AUTH_TYPE_WPA2_MIXED;
/* Create the Enterprise Security instance and get the handle. */
result = cy_enterprise_security_create(&handle, &ent_parameters);
if( result != CY_RSLT_SUCCESS )
{
APP_INFO(("Failed to create Enterprise Security instance with error %u\n", (unsigned int)result));
return CY_RSLT_ERROR;
}
/* Join the enterprise security network. */
result = cy_enterprise_security_join(handle);
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Joining an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Joining an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
/* Enterprise Security join is successful. Insert other logic here. */
/* Leave the enterprise security network. */
result = cy_enterprise_security_leave(handle);
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Leaving an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Leaving an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
cleanup:
/* Dispose the Enterprise Security instance. */
cy_enterprise_security_delete(&handle);
if( result != CY_RSLT_SUCCESS )
{
APP_INFO(("Failed to delete Enterprise Security instance with error %u\n", (unsigned int)result));
return CY_RSLT_ERROR;
}
return result;
}

Code Snippet 2: Enterprise Security Join and Leave (PEAP)

Creates an Enterprise Security instance and performs join and leave using cy_enterprise_security_join and cy_enterprise_security_leave APIs respectively with PEAP.

#include <stdio.h>
#include "cy_enterprise_security.h"
#include "certificate.h"
/******************************************************
* Macros
******************************************************/
#define RADIUS_SERVER_IDENTITY "svtuser"
#define RADIUS_SERVER_PASSWORD "hnd@123"
#define ENTERPRISE_SECURITY_NW_SSID "ENT_SEC_NW_2G"
#define APP_INFO( x ) printf x
/************************************************************
* Global Variables *
************************************************************/
/* Enterprise Security parameters */
static cy_enterprise_security_parameters_t ent_parameters;
/* Enterprise Security instance handle */
static cy_enterprise_security_t handle;
cy_rslt_t ent_sec_join_leave_peap()
{
cy_rslt_t result = CY_RSLT_SUCCESS;
/* Set the Enterprise Security parameters. */
ent_parameters.ca_cert = (char*) WIFI_ROOT_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_cert = (char*) WIFI_USER_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_key = (char*) WIFI_USER_PRIVATE_KEY_STRING; /* Defined in certificate.h */
memcpy(ent_parameters.ssid, (char *)ENTERPRISE_SECURITY_NW_SSID, strlen(ENTERPRISE_SECURITY_NW_SSID) + 1);
memcpy(ent_parameters.outer_eap_identity, (char *)RADIUS_SERVER_IDENTITY, strlen(RADIUS_SERVER_IDENTITY) + 1);
ent_parameters.eap_type = CY_ENTERPRISE_SECURITY_EAP_TYPE_PEAP;
ent_parameters.auth_type = CY_ENTERPRISE_SECURITY_AUTH_TYPE_WPA2_MIXED;
memcpy(ent_parameters.phase2.inner_identity, (char *)RADIUS_SERVER_IDENTITY, strlen(RADIUS_SERVER_IDENTITY) + 1);
memcpy(ent_parameters.phase2.inner_password, (char *)RADIUS_SERVER_PASSWORD, strlen(RADIUS_SERVER_PASSWORD) + 1);
ent_parameters.phase2.inner_eap_type = CY_ENTERPRISE_SECURITY_EAP_TYPE_MSCHAPV2;
ent_parameters.phase2.tunnel_auth_type = CY_ENTERPRISE_SECURITY_TUNNEL_TYPE_MSCHAPV2;
/* Create the Enterprise Security instance and get the handle. */
result = cy_enterprise_security_create(&handle, &ent_parameters);
if( result != CY_RSLT_SUCCESS )
{
APP_INFO(("Failed to create Enterprise Security instance with error %u\n", (unsigned int)result));
return CY_RSLT_ERROR;
}
/* Join the enterprise security network. */
result = cy_enterprise_security_join(handle);
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Joining an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Joining an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
/* Enterprise Security join is successful. Insert other logic here. */
/* Leave the enterprise security network. */
result = cy_enterprise_security_leave(handle);
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Leaving an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Leaving an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
cleanup:
/* Dispose the Enterprise Security instance. */
cy_enterprise_security_delete(&handle);
if( result != CY_RSLT_SUCCESS )
{
APP_INFO(("Failed to delete Enterprise Security instance with error %u\n", (unsigned int)result));
return CY_RSLT_ERROR;
}
return result;
}

Code Snippet 3: Enterprise Security Join and Leave (EAP-TTLS)

Creates an Enterprise Security instance and performs join and leave using cy_enterprise_security_join and cy_enterprise_security_leave APIs respectively with EAP-TTLS.

#include <stdio.h>
#include "cy_enterprise_security.h"
#include "certificate.h"
/******************************************************
* Macros
******************************************************/
#define RADIUS_SERVER_IDENTITY "svtuser"
#define RADIUS_SERVER_PASSWORD "hnd@123"
#define ENTERPRISE_SECURITY_NW_SSID "ENT_SEC_NW_2G"
#define APP_INFO( x ) printf x
/************************************************************
* Global Variables *
************************************************************/
/* Enterprise Security parameters */
static cy_enterprise_security_parameters_t ent_parameters;
/* Enterprise Security instance handle */
static cy_enterprise_security_t handle;
cy_rslt_t ent_sec_join_leave_eap_ttls()
{
cy_rslt_t result = CY_RSLT_SUCCESS;
/* Set the Enterprise Security parameters. */
ent_parameters.ca_cert = (char*) WIFI_ROOT_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_cert = (char*) WIFI_USER_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_key = (char*) WIFI_USER_PRIVATE_KEY_STRING; /* Defined in certificate.h */
memcpy(ent_parameters.ssid, (char *)ENTERPRISE_SECURITY_NW_SSID, strlen(ENTERPRISE_SECURITY_NW_SSID) + 1);
memcpy(ent_parameters.outer_eap_identity, (char *)RADIUS_SERVER_IDENTITY, strlen(RADIUS_SERVER_IDENTITY) + 1);
ent_parameters.eap_type = CY_ENTERPRISE_SECURITY_EAP_TYPE_TTLS;
ent_parameters.auth_type = CY_ENTERPRISE_SECURITY_AUTH_TYPE_WPA2_MIXED;
memcpy(ent_parameters.phase2.inner_identity, (char *)RADIUS_SERVER_IDENTITY, strlen(RADIUS_SERVER_IDENTITY) + 1);
memcpy(ent_parameters.phase2.inner_password, (char *)RADIUS_SERVER_PASSWORD, strlen(RADIUS_SERVER_PASSWORD) + 1);
ent_parameters.phase2.inner_eap_type = CY_ENTERPRISE_SECURITY_EAP_TYPE_MSCHAPV2;
ent_parameters.phase2.tunnel_auth_type = CY_ENTERPRISE_SECURITY_TUNNEL_TYPE_EAP;
/* Create the Enterprise Security instance and get the handle. */
result = cy_enterprise_security_create(&handle, &ent_parameters);
if( result != CY_RSLT_SUCCESS )
{
APP_INFO(("Failed to create Enterprise Security instance with error %u\n", (unsigned int)result));
return CY_RSLT_ERROR;
}
/* Join the enterprise security network. */
result = cy_enterprise_security_join(handle);
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Joining an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Joining an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
/* Enterprise Security join is successful. Insert other logic here. */
/* Leave the enterprise security network. */
result = cy_enterprise_security_leave(handle);
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Leaving an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Leaving an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
cleanup:
/* Dispose the Enterprise Security instance. */
cy_enterprise_security_delete(&handle);
if( result != CY_RSLT_SUCCESS )
{
APP_INFO(("Failed to delete Enterprise Security instance with error %u\n", (unsigned int)result));
return CY_RSLT_ERROR;
}
return result;
}

Mbed OS

Code Snippet 1: Enterprise Security Join and Leave (EAP-TLS)

Creates an EnterpriseSecurity instance and performs join and leave using the class methods with EAP-TLS.

#include <stdio.h>
#include "mbed.h"
#include "cy_enterprise_security.hpp"
#include "certificate.h"
/******************************************************
* Macros
******************************************************/
#define RADIUS_SERVER_IDENTITY "svtuser"
#define RADIUS_SERVER_PASSWORD "hnd@123"
#define ENTERPRISE_SECURITY_NW_SSID "ENT_SEC_NW_2G"
#define APP_INFO( x ) printf x
/************************************************************
* Global Variables *
************************************************************/
/* Enterprise Security parameters */
static cy_enterprise_security_parameters_t ent_parameters;
/* Enterprise Security instance */
static EnterpriseSecurity *ent_sec_obj = NULL;
cy_rslt_t ent_sec_join_leave_eap_tls()
{
cy_rslt_t result = CY_RSLT_SUCCESS;
/* Set the Enterprise Security parameters. */
ent_parameters.ca_cert = (char*) WIFI_ROOT_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_cert = (char*) WIFI_USER_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_key = (char*) WIFI_USER_PRIVATE_KEY_STRING; /* Defined in certificate.h */
memcpy(ent_parameters.ssid, (char *)ENTERPRISE_SECURITY_NW_SSID, strlen(ENTERPRISE_SECURITY_NW_SSID) + 1);
memcpy(ent_parameters.outer_eap_identity, (char *)RADIUS_SERVER_IDENTITY, strlen(RADIUS_SERVER_IDENTITY) + 1);
ent_parameters.eap_type = CY_ENTERPRISE_SECURITY_EAP_TYPE_TLS;
ent_parameters.auth_type = CY_ENTERPRISE_SECURITY_AUTH_TYPE_WPA2_MIXED;
/* Create the Enterprise Security instance. */
ent_sec_obj = new EnterpriseSecurity(&ent_parameters);
if( ent_sec_obj == NULL )
{
APP_INFO( ( "Failed to allocate memory for EnterpriseSecurity object.\n" ) );
return CY_RSLT_ERROR;
}
/* Join the enterprise security network. */
result = ent_sec_obj->join();
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Joining an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Joining an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
/* Enterprise Security join is successful. Insert other logic here. */
/* Leave the enterprise security network. */
result = ent_sec_obj->leave();
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Leaving an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Leaving an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
cleanup:
/* Dispose the Enterprise Security instance. */
delete ent_sec_obj;
ent_sec_obj = NULL;
return result;
}

Code Snippet 2: Enterprise Security Join and Leave (PEAP)

Creates an EnterpriseSecurity instance and performs join and leave using the class methods with PEAP.

/******************************************************
* Macros
******************************************************/
#define RADIUS_SERVER_IDENTITY "svtuser"
#define RADIUS_SERVER_PASSWORD "hnd@123"
#define ENTERPRISE_SECURITY_NW_SSID "ENT_SEC_NW_2G"
#define APP_INFO( x ) printf x
/************************************************************
* Global Variables *
************************************************************/
/* Enterprise Security parameters */
static cy_enterprise_security_parameters_t ent_parameters;
/* Enterprise Security instance */
static EnterpriseSecurity *ent_sec_obj = NULL;
cy_rslt_t ent_sec_join_leave_peap()
{
cy_rslt_t result = CY_RSLT_SUCCESS;
/* Set the Enterprise Security parameters. */
ent_parameters.ca_cert = (char*) WIFI_ROOT_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_cert = (char*) WIFI_USER_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_key = (char*) WIFI_USER_PRIVATE_KEY_STRING; /* Defined in certificate.h */
memcpy(ent_parameters.ssid, (char *)ENTERPRISE_SECURITY_NW_SSID, strlen(ENTERPRISE_SECURITY_NW_SSID) + 1);
memcpy(ent_parameters.outer_eap_identity, (char *)RADIUS_SERVER_IDENTITY, strlen(RADIUS_SERVER_IDENTITY) + 1);
ent_parameters.eap_type = CY_ENTERPRISE_SECURITY_EAP_TYPE_PEAP;
ent_parameters.auth_type = CY_ENTERPRISE_SECURITY_AUTH_TYPE_WPA2_MIXED;
memcpy(ent_parameters.phase2.inner_identity, (char *)RADIUS_SERVER_IDENTITY, strlen(RADIUS_SERVER_IDENTITY) + 1);
memcpy(ent_parameters.phase2.inner_password, (char *)RADIUS_SERVER_PASSWORD, strlen(RADIUS_SERVER_PASSWORD) + 1);
ent_parameters.phase2.inner_eap_type = CY_ENTERPRISE_SECURITY_EAP_TYPE_MSCHAPV2;
ent_parameters.phase2.tunnel_auth_type = CY_ENTERPRISE_SECURITY_TUNNEL_TYPE_MSCHAPV2;
/* Create the Enterprise Security instance. */
ent_sec_obj = new EnterpriseSecurity(&ent_parameters);
if( ent_sec_obj == NULL )
{
APP_INFO( ( "Failed to allocate memory for EnterpriseSecurity object.\n" ) );
return CY_RSLT_ERROR;
}
/* Join the enterprise security network. */
result = ent_sec_obj->join();
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Joining an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Joining an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
/* Enterprise Security join is successful. Insert other logic here. */
/* Leave the enterprise security network. */
result = ent_sec_obj->leave();
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Leaving an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Leaving an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
cleanup:
/* Dispose the Enterprise Security instance. */
delete ent_sec_obj;
ent_sec_obj = NULL;
return result;
}

Code Snippet 3: Enterprise Security Join and Leave (EAP-TTLS)

Creates an EnterpriseSecurity instance and performs join and leave using the class methods with EAP-TTLS.

/******************************************************
* Macros
******************************************************/
#define RADIUS_SERVER_IDENTITY "svtuser"
#define RADIUS_SERVER_PASSWORD "hnd@123"
#define ENTERPRISE_SECURITY_NW_SSID "ENT_SEC_NW_2G"
#define APP_INFO( x ) printf x
/************************************************************
* Global Variables *
************************************************************/
/* Enterprise Security parameters */
static cy_enterprise_security_parameters_t ent_parameters;
/* Enterprise Security instance */
static EnterpriseSecurity *ent_sec_obj = NULL;
cy_rslt_t ent_sec_join_leave_eap_ttls()
{
cy_rslt_t result = CY_RSLT_SUCCESS;
/* Set the Enterprise Security parameters. */
ent_parameters.ca_cert = (char*) WIFI_ROOT_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_cert = (char*) WIFI_USER_CERTIFICATE_STRING; /* Defined in certificate.h */
ent_parameters.client_key = (char*) WIFI_USER_PRIVATE_KEY_STRING; /* Defined in certificate.h */
memcpy(ent_parameters.ssid, (char *)ENTERPRISE_SECURITY_NW_SSID, strlen(ENTERPRISE_SECURITY_NW_SSID) + 1);
memcpy(ent_parameters.outer_eap_identity, (char *)RADIUS_SERVER_IDENTITY, strlen(RADIUS_SERVER_IDENTITY) + 1);
ent_parameters.eap_type = CY_ENTERPRISE_SECURITY_EAP_TYPE_TTLS;
ent_parameters.auth_type = CY_ENTERPRISE_SECURITY_AUTH_TYPE_WPA2_MIXED;
memcpy(ent_parameters.phase2.inner_identity, (char *)RADIUS_SERVER_IDENTITY, strlen(RADIUS_SERVER_IDENTITY) + 1);
memcpy(ent_parameters.phase2.inner_password, (char *)RADIUS_SERVER_PASSWORD, strlen(RADIUS_SERVER_PASSWORD) + 1);
ent_parameters.phase2.inner_eap_type = CY_ENTERPRISE_SECURITY_EAP_TYPE_MSCHAPV2;
ent_parameters.phase2.tunnel_auth_type = CY_ENTERPRISE_SECURITY_TUNNEL_TYPE_EAP;
/* Create the Enterprise Security instance. */
ent_sec_obj = new EnterpriseSecurity(&ent_parameters);
if( ent_sec_obj == NULL )
{
APP_INFO( ( "Failed to allocate memory for EnterpriseSecurity object.\n" ) );
return CY_RSLT_ERROR;
}
/* Join the enterprise security network. */
result = ent_sec_obj->join();
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Joining an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Joining an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
/* Enterprise Security join is successful. Insert other logic here. */
/* Leave the enterprise security network. */
result = ent_sec_obj->leave();
if( result == CY_RSLT_SUCCESS )
{
APP_INFO(("Leaving an Enterprise Security network is successful.\n"));
}
else
{
APP_INFO(("Leaving an Enterprise Security network failed with error %u\n", (unsigned int)result));
goto cleanup;
}
cleanup:
/* Dispose the Enterprise Security instance. */
delete ent_sec_obj;
ent_sec_obj = NULL;
return result;
}