feat(wpa_supplicant): Add TLS v1.3 support for WiFi enterprise

* Add TLS v1.3 support for following EAP methods: - EAP-TLS (RFC 9190) - EAP-PEAP (RFC 9427) - EAP-TTLS (RFC 9427) * Add mbedtls porting for TLS v1.3 exporter (RFC 8446 Section 7.5) * Add new Kconfig flag to enable TLS v1.3 for EAP methods * Advertise TLS v1.3 signature algorithms if TLS 1.3 is enabled for EAP methods * Advertise TLS v1.3 cipher suites if CONFIG_ESP_WIFI_EAP_TLS1_3 enabled * Add support to Ack protected success indication (workaround for EAP-TLS 1.3 and 1.2 compatibilty)
2025-10-14 08:21:15 +00:00 · 2023-11-11 13:39:31 +05:30
parent b3e4aae7bb
commit ec09cdf885
6 changed files with 309 additions and 23 deletions
--- a/components/wpa_supplicant/src/eap_peer/eap_peap.c
+++ b/components/wpa_supplicant/src/eap_peer/eap_peap.c
@@ -18,6 +18,10 @@
 #include "eap_peer/eap_config.h"
 #include "eap_peer/eap_methods.h"

+#ifdef CONFIG_TLSV13
+#include "psa/crypto.h"
+#endif /* CONFIG_TLSV13 */
+
 /* Maximum supported PEAP version
 * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt
 * 1 = draft-josefsson-ppext-eap-tls-eap-05.txt
@@ -160,6 +164,13 @@ eap_peap_init(struct eap_sm *sm)
 {
 	struct eap_peap_data *data;
 	struct eap_peer_config *config = eap_get_config(sm);
+#ifdef CONFIG_TLSV13
+	psa_status_t status = psa_crypto_init();
+	if (status != PSA_SUCCESS) {
+		wpa_printf(MSG_ERROR, "EAP-PEAP: Failed to initialize PSA crypto, returned %d", (int) status);
+		return NULL;
+	}
+#endif /* CONFIG_TLSV13 */

 	data = (struct eap_peap_data *)os_zalloc(sizeof(*data));
 	if (data == NULL)