feat(wpa_supplicant): Add TLS v1.3 support for WiFi enterprise

* Add TLS v1.3 support for following EAP methods: - EAP-TLS (RFC 9190) - EAP-PEAP (RFC 9427) - EAP-TTLS (RFC 9427) * Add mbedtls porting for TLS v1.3 exporter (RFC 8446 Section 7.5) * Add new Kconfig flag to enable TLS v1.3 for EAP methods * Advertise TLS v1.3 signature algorithms if TLS 1.3 is enabled for EAP methods * Advertise TLS v1.3 cipher suites if CONFIG_ESP_WIFI_EAP_TLS1_3 enabled * Add support to Ack protected success indication (workaround for EAP-TLS 1.3 and 1.2 compatibilty)
2025-11-08 23:35:33 +00:00 · 2023-11-11 13:39:31 +05:30
parent b3e4aae7bb
commit ec09cdf885
6 changed files with 309 additions and 23 deletions
--- a/components/wpa_supplicant/src/eap_peer/eap_ttls.c
+++ b/components/wpa_supplicant/src/eap_peer/eap_ttls.c
@@ -22,6 +22,9 @@
 #include "eap_peer/eap_config.h"
 #include "eap_peer/eap_methods.h"

+#ifdef CONFIG_TLSV13
+#include "psa/crypto.h"
+#endif /* CONFIG_TLSV13 */

 #define EAP_TTLS_VERSION 0

@@ -72,6 +75,13 @@ static void * eap_ttls_init(struct eap_sm *sm)
 {
 	struct eap_ttls_data *data;
 	struct eap_peer_config *config = eap_get_config(sm);
+#ifdef CONFIG_TLSV13
+	psa_status_t status = psa_crypto_init();
+	if (status != PSA_SUCCESS) {
+		wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to initialize PSA crypto, returned %d", (int) status);
+		return NULL;
+	}
+#endif /* CONFIG_TLSV13 */

 	data = (struct eap_ttls_data *)os_zalloc(sizeof(*data));
 	if (data == NULL)