From ec09cdf885f59af09fe315b3065c7a6aa05dfa53 Mon Sep 17 00:00:00 2001 From: Sarvesh Bodakhe Date: Sat, 11 Nov 2023 13:39:31 +0530 Subject: [PATCH] feat(wpa_supplicant): Add TLS v1.3 support for WiFi enterprise * Add TLS v1.3 support for following EAP methods: - EAP-TLS (RFC 9190) - EAP-PEAP (RFC 9427) - EAP-TTLS (RFC 9427) * Add mbedtls porting for TLS v1.3 exporter (RFC 8446 Section 7.5) * Add new Kconfig flag to enable TLS v1.3 for EAP methods * Advertise TLS v1.3 signature algorithms if TLS 1.3 is enabled for EAP methods * Advertise TLS v1.3 cipher suites if CONFIG_ESP_WIFI_EAP_TLS1_3 enabled * Add support to Ack protected success indication (workaround for EAP-TLS 1.3 and 1.2 compatibilty) --- components/esp_wifi/Kconfig | 14 + components/wpa_supplicant/CMakeLists.txt | 3 + .../esp_supplicant/src/crypto/tls_mbedtls.c | 282 ++++++++++++++++-- .../wpa_supplicant/src/eap_peer/eap_peap.c | 11 + .../wpa_supplicant/src/eap_peer/eap_tls.c | 12 +- .../wpa_supplicant/src/eap_peer/eap_ttls.c | 10 + 6 files changed, 309 insertions(+), 23 deletions(-) diff --git a/components/esp_wifi/Kconfig b/components/esp_wifi/Kconfig index cda9c5ecae..90082a1ef2 100644 --- a/components/esp_wifi/Kconfig +++ b/components/esp_wifi/Kconfig @@ -493,6 +493,20 @@ menu "Wi-Fi" TLS-v1.0, TLS-v1.1 versions. Incase your server is using one of these version, it is advisable to update your server. Please disable this option for compatibilty with older TLS versions. + + config ESP_WIFI_EAP_TLS1_3 + bool "Enable EAP-TLS v1.3 Support for WiFi Enterprise connection" + default n + select MBEDTLS_SSL_PROTO_TLS1_3 + depends on ESP_WIFI_MBEDTLS_TLS_CLIENT + help + Select this option to support EAP with TLS v1.3. + This configuration still supports compatibility with EAP-TLS v1.2. + Please note that enabling this configuration will cause every application which + uses TLS go for TLS1.3 if server supports that. TLS1.3 is still in development in mbedtls + and there may be interoperability issues with this. Please modify your application to set + max version as TLS1.2 if you want to enable TLS1.3 only for WiFi connection. + endif config ESP_WIFI_WAPI_PSK diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 9e7d1c042d..8473340026 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -304,6 +304,9 @@ endif() if(CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA) target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_OWE_STA) endif() +if(CONFIG_ESP_WIFI_EAP_TLS1_3) + target_compile_definitions(${COMPONENT_LIB} PRIVATE CONFIG_TLSV13) +endif() set_property(TARGET ${COMPONENT_LIB} APPEND PROPERTY LINK_INTERFACE_MULTIPLICITY 3) target_compile_options(${COMPONENT_LIB} PRIVATE "-Wno-format") diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c index 606af1a0e3..b2d94dd65f 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c @@ -37,10 +37,21 @@ #include "mbedtls/platform.h" #include "eap_peer/eap.h" +#ifdef CONFIG_TLSV13 +#include "psa/crypto.h" +#include "md_psa.h" +#include "ssl_tls13_keys.h" +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) +#endif /* CONFIG_TLSV13 */ + #define TLS_RANDOM_LEN 32 +#define TLS_HASH_MAX_SIZE 64 #define TLS_MASTER_SECRET_LEN 48 #define MAX_CIPHERSUITE 32 +#define MAX_EXPORTER_CONTEXT_LEN 65535 @@ -82,8 +93,10 @@ struct tls_connection { struct tls_data tls_io_data; unsigned char master_secret[TLS_MASTER_SECRET_LEN]; unsigned char randbytes[2 * TLS_RANDOM_LEN]; - mbedtls_tls_prf_types tls_prf_type; - mbedtls_md_type_t mac; + mbedtls_tls_prf_types tls_prf_type; +#ifdef CONFIG_TLSV13 + unsigned char exporter_master_secret[TLS_HASH_MAX_SIZE]; +#endif /* CONFIG_TLSV13 */ }; static void tls_mbedtls_cleanup(tls_context_t *tls) @@ -201,6 +214,43 @@ static int set_ca_cert(tls_context_t *tls, const unsigned char *cacert, size_t c #ifdef CONFIG_SUITEB192 static uint16_t tls_sig_algs_for_suiteb[] = { + +#ifdef CONFIG_TLSV13 +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ + defined(MBEDTLS_MD_CAN_SHA384) && \ + defined(PSA_WANT_ECC_SECP_R1_384) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, + // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ + defined(MBEDTLS_MD_CAN_SHA512) && \ + defined(PSA_WANT_ECC_SECP_R1_521) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, + // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512) +#endif + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ + defined(MBEDTLS_MD_CAN_SHA512) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, +#endif \ + /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_MD_CAN_SHA512 */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ + defined(MBEDTLS_MD_CAN_SHA384) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, +#endif \ + /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_MD_CAN_SHA384 */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA512) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, +#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA512 */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA384) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, +#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA384 */ +#endif /* CONFIG_TLSV13 */ + #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ), @@ -235,6 +285,60 @@ static void tls_set_suiteb_config(tls_context_t *tls) #endif static uint16_t tls_sig_algs_for_eap[] = { + +#ifdef CONFIG_TLSV13 +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ + defined(MBEDTLS_MD_CAN_SHA256) && \ + defined(PSA_WANT_ECC_SECP_R1_256) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, + // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256) +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ + defined(MBEDTLS_MD_CAN_SHA384) && \ + defined(PSA_WANT_ECC_SECP_R1_384) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, + // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ + defined(MBEDTLS_MD_CAN_SHA512) && \ + defined(PSA_WANT_ECC_SECP_R1_521) + MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, + // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512) +#endif + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ + defined(MBEDTLS_MD_CAN_SHA512) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, +#endif \ + /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_MD_CAN_SHA512 */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ + defined(MBEDTLS_MD_CAN_SHA384) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, +#endif \ + /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_MD_CAN_SHA384 */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ + defined(MBEDTLS_MD_CAN_SHA256) + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, +#endif \ + /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_MD_CAN_SHA256 */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA512) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, +#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA512 */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA384) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, +#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA384 */ + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, +#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 */ +#endif /* CONFIG_TLSV13 */ + #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_ECDSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ), @@ -300,8 +404,20 @@ static int tls_disable_key_usages(void *data, mbedtls_x509_crt *cert, int depth, } #endif /*CONFIG_ESP_WIFI_DISABLE_KEY_USAGE_CHECK*/ +#if defined(CONFIG_ESP_WIFI_EAP_TLS1_3) +#define TLS1_3_CIPHER_SUITES \ + MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, \ + MBEDTLS_TLS1_3_AES_256_GCM_SHA384, \ + MBEDTLS_TLS1_3_AES_128_GCM_SHA256, \ + MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256, \ + MBEDTLS_TLS1_3_AES_128_CCM_SHA256 +#endif /* CONFIG_ESP_WIFI_EAP_TLS1_3 */ + static const int eap_ciphersuite_preference[] = { +#if defined(CONFIG_ESP_WIFI_EAP_TLS1_3) + TLS1_3_CIPHER_SUITES, +#endif /* CONFIG_ESP_WIFI_EAP_TLS1_3 */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #if defined(MBEDTLS_CCM_C) MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, @@ -417,6 +533,9 @@ static const int eap_ciphersuite_preference[] = #ifdef CONFIG_SUITEB192 static const int suiteb_rsa_ciphersuite_preference[] = { +#if defined(CONFIG_ESP_WIFI_EAP_TLS1_3) + TLS1_3_CIPHER_SUITES, +#endif /* CONFIG_ESP_WIFI_EAP_TLS1_3 */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA512_C) MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, @@ -428,6 +547,9 @@ static const int suiteb_rsa_ciphersuite_preference[] = static const int suiteb_ecc_ciphersuite_preference[] = { +#if defined(CONFIG_ESP_WIFI_EAP_TLS1_3) + TLS1_3_CIPHER_SUITES, +#endif /* CONFIG_ESP_WIFI_EAP_TLS1_3 */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA512_C) MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, @@ -437,6 +559,9 @@ static const int suiteb_ecc_ciphersuite_preference[] = }; static const int suiteb_ciphersuite_preference[] = { +#if defined(CONFIG_ESP_WIFI_EAP_TLS1_3) + TLS1_3_CIPHER_SUITES, +#endif /* CONFIG_ESP_WIFI_EAP_TLS1_3 */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA512_C) MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, @@ -469,12 +594,23 @@ static void tls_set_ciphersuite(const struct tls_connection_params *cfg, tls_con } } else #endif +#ifdef CONFIG_TLSV13 + /* Enable TLS1.3 ciphers if TLS1.3 is enabled */ + mbedtls_ssl_conf_ciphersuites(&tls->conf, eap_ciphersuite_preference); +#else + /* Set cipher suites if User has explicitly set those + * TODO: public API to set EAP ciphers */ if (tls->ciphersuite[0]) { mbedtls_ssl_conf_ciphersuites(&tls->conf, tls->ciphersuite); } else if (mbedtls_pk_get_bitlen(&tls->clientkey) > 2048 || (tls->cacert_ptr && mbedtls_pk_get_bitlen(&tls->cacert_ptr->pk) > 2048)) { + /* Incase of big RSA keylen, ESP chips do not have sufficient processing + * power to use high computation ciphers. This code will limit the ciphers + * to less computational ones */ mbedtls_ssl_conf_ciphersuites(&tls->conf, eap_ciphersuite_preference); } + +#endif /* CONFIG_TLSV13 */ } static int set_client_config(const struct tls_connection_params *cfg, tls_context_t *tls) @@ -548,6 +684,22 @@ static int set_client_config(const struct tls_connection_params *cfg, tls_contex return 0; } +#ifdef CONFIG_TLSV13 +static void tls13_extract_exporter_master_secret(struct tls_connection *conn) +{ + mbedtls_ssl_context *ssl = &conn->tls->ssl; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + + size_t hash_len = PSA_HASH_LENGTH(hash_alg); + assert(hash_len != 0); + + mbedtls_ssl_tls13_application_secrets *app_secrets = + &ssl->session_negotiate->app_secrets; + os_memcpy(conn->exporter_master_secret, app_secrets->exporter_master_secret, hash_len); +} +#endif /* CONFIG_TLSV13 */ + static void tls_key_derivation(void *ctx, mbedtls_ssl_key_export_type secret_type, const unsigned char *secret, @@ -562,6 +714,12 @@ static void tls_key_derivation(void *ctx, os_memcpy(conn->randbytes, client_random, TLS_RANDOM_LEN); os_memcpy(conn->randbytes + 32, server_random, TLS_RANDOM_LEN); conn->tls_prf_type = tls_prf_type; + +#ifdef CONFIG_TLSV13 + if (secret_type == MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET) { + tls13_extract_exporter_master_secret(conn); + } +#endif /* CONFIG_TLSV13 */ } static int tls_create_mbedtls_handle(struct tls_connection *conn, @@ -593,6 +751,12 @@ static int tls_create_mbedtls_handle(struct tls_connection *conn, mbedtls_ssl_conf_rng(&tls->conf, mbedtls_ctr_drbg_random, &tls->ctr_drbg); +#if defined(CONFIG_MBEDTLS_SSL_PROTO_TLS1_3) && !defined(CONFIG_TLSV13) + /* Disable TLSv1.3 even when enabled in MbedTLS and not enabled in WiFi config. + * TODO: Remove Kconfig option for TLSv1.3 when it is matured enough */ + mbedtls_ssl_conf_max_tls_version(&tls->conf, MBEDTLS_SSL_VERSION_TLS1_2); +#endif /* CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 && !CONFIG_TLSV13 */ + ret = mbedtls_ssl_setup(&tls->ssl, &tls->conf); if (ret != 0) { wpa_printf(MSG_ERROR, "mbedtls_ssl_setup returned -0x%x", -ret); @@ -749,17 +913,8 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx, /* Multiple reads */ while (!mbedtls_ssl_is_handshake_over(&tls->ssl)) { cli_state = tls->ssl.MBEDTLS_PRIVATE(state); - if (cli_state == MBEDTLS_SSL_CLIENT_CERTIFICATE) { - /* Read random data before session completes, not present after handshake */ - if (tls->ssl.MBEDTLS_PRIVATE(handshake)) { - os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes, - TLS_RANDOM_LEN * 2); - conn->mac = tls->ssl.MBEDTLS_PRIVATE(handshake)->ciphersuite_info->mac; - } - } ret = mbedtls_ssl_handshake_step(&tls->ssl); - - if (ret < 0) { + if (ret < 0) break; } #ifdef CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER @@ -782,7 +937,28 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx, if (!conn->tls_io_data.out_data) { wpa_printf(MSG_INFO, "application data is null, adding one byte for ack"); u8 *dummy = os_zalloc(1); + if (dummy == NULL) { + wpa_printf(MSG_INFO, "%s: memory allocation failure. line:%d", __func__, __LINE__); + goto end; + } + +#ifdef CONFIG_TLSV13 + if (mbedtls_ssl_get_version_number(&conn->tls->ssl) == MBEDTLS_SSL_VERSION_TLS1_3) { + *appl_data = wpabuf_alloc_ext_data(dummy, 1); + if (appl_data == NULL) { + wpa_printf(MSG_INFO, "%s: memory allocation failure. line:%d", __func__, __LINE__); + os_free(dummy); + goto end; + } + return NULL; + } +#endif /* CONFIG_TLSV13 */ conn->tls_io_data.out_data = wpabuf_alloc_ext_data(dummy, 0); + if (conn->tls_io_data.out_data == NULL) { + wpa_printf(MSG_INFO, "%s: memory allocation failure. line:%d", __func__, __LINE__); + os_free(dummy); + goto end; + } } end: @@ -1006,25 +1182,26 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, size_t seed_len = 2 * TLS_RANDOM_LEN; mbedtls_ssl_context *ssl = &conn->tls->ssl; - if (context_len > 65535) + if (context_len > MAX_EXPORTER_CONTEXT_LEN) { return -1; + } - if (context) + if (context) { + // The magic value 2 represents the memory required to store the context length. seed_len += 2 + context_len; - - seed = os_malloc(seed_len); - if (!seed) { - return -1; } if (!ssl) { wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__); - os_free(seed); return -1; } if (!mbedtls_ssl_is_handshake_over(ssl)) { wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->MBEDTLS_PRIVATE(state)); - os_free(seed); + return -1; + } + + seed = os_malloc(seed_len); + if (!seed) { return -1; } @@ -1046,7 +1223,7 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN); ret = mbedtls_ssl_tls_prf(conn->tls_prf_type, conn->master_secret, TLS_MASTER_SECRET_LEN, - label, seed, 2 * TLS_RANDOM_LEN, out, out_len); + label, seed, seed_len, out, out_len); os_free(seed); if (ret < 0) { @@ -1058,11 +1235,72 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, return ret; } +#ifdef CONFIG_TLSV13 +/* RFC 8446 Section 7.5 */ +static int tls13_connection_export_key(void *tls_ctx, struct tls_connection *conn, + const char *label, const u8 *context, + size_t context_len, u8 *out, size_t out_len) +{ + int ret; + mbedtls_ssl_context *ssl = &conn->tls->ssl; + psa_algorithm_t hash_alg; + size_t hash_len; + unsigned char tmp_secret[PSA_MAC_MAX_SIZE] = { 0 }; + unsigned char hashed_context[PSA_HASH_MAX_SIZE] = { 0 }; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; + + hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); + hash_len = PSA_HASH_LENGTH(hash_alg); + + ret = mbedtls_ssl_tls13_derive_secret(hash_alg, + conn->exporter_master_secret, hash_len, + (unsigned char const *) label, (size_t) strlen(label), + NULL, 0, + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + tmp_secret, hash_len); + + if (ret != 0) { + wpa_printf(MSG_ERROR, "%s(): mbedtls_ssl_tls13_derive_secret() failed", + __func__); + return ret; + } + + status = psa_hash_compute(hash_alg, context, context_len, hashed_context, + PSA_HASH_LENGTH(hash_alg), &context_len); + if (status != PSA_SUCCESS) { + wpa_printf(MSG_ERROR, "%s(): psa_hash_compute() failed", + __func__); + ret = PSA_TO_MBEDTLS_ERR(status); + return ret; + } + + ret = mbedtls_ssl_tls13_hkdf_expand_label(hash_alg, + tmp_secret, hash_len, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), + hashed_context, context_len, + out, out_len); + + if (ret != 0) { + wpa_printf(MSG_ERROR, "%s(): psa_hash_compute() failed", + __func__); + return ret; + } + return 0; +} +#endif /* CONFIG_TLSV13 */ + int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, const char *label, const u8 *context, size_t context_len, u8 *out, size_t out_len) { - return tls_connection_prf(tls_ctx, conn, label,context, context_len, +#ifdef CONFIG_TLSV13 + if (mbedtls_ssl_get_version_number(&conn->tls->ssl) == MBEDTLS_SSL_VERSION_TLS1_3) + return tls13_connection_export_key(tls_ctx, conn, label, context, context_len, + out, out_len); +#endif /* CONFIG_TLSV13 */ + return tls_connection_prf(tls_ctx, conn, label, context, context_len, 0, out, out_len); } diff --git a/components/wpa_supplicant/src/eap_peer/eap_peap.c b/components/wpa_supplicant/src/eap_peer/eap_peap.c index 312536a880..6c8a232024 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_peap.c +++ b/components/wpa_supplicant/src/eap_peer/eap_peap.c @@ -18,6 +18,10 @@ #include "eap_peer/eap_config.h" #include "eap_peer/eap_methods.h" +#ifdef CONFIG_TLSV13 +#include "psa/crypto.h" +#endif /* CONFIG_TLSV13 */ + /* Maximum supported PEAP version * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt * 1 = draft-josefsson-ppext-eap-tls-eap-05.txt @@ -160,6 +164,13 @@ eap_peap_init(struct eap_sm *sm) { struct eap_peap_data *data; struct eap_peer_config *config = eap_get_config(sm); +#ifdef CONFIG_TLSV13 + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + wpa_printf(MSG_ERROR, "EAP-PEAP: Failed to initialize PSA crypto, returned %d", (int) status); + return NULL; + } +#endif /* CONFIG_TLSV13 */ data = (struct eap_peap_data *)os_zalloc(sizeof(*data)); if (data == NULL) diff --git a/components/wpa_supplicant/src/eap_peer/eap_tls.c b/components/wpa_supplicant/src/eap_peer/eap_tls.c index 8db2e1f417..babf6fac34 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_tls.c +++ b/components/wpa_supplicant/src/eap_peer/eap_tls.c @@ -16,6 +16,10 @@ #include "eap_peer/eap_config.h" #include "eap_peer/eap_methods.h" +#ifdef CONFIG_TLSV13 +#include "psa/crypto.h" +#endif /* CONFIG_TLSV13 */ + static void eap_tls_deinit(struct eap_sm *sm, void *priv); @@ -36,7 +40,13 @@ static void * eap_tls_init(struct eap_sm *sm) { struct eap_tls_data *data; struct eap_peer_config *config = eap_get_config(sm); - +#ifdef CONFIG_TLSV13 + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + wpa_printf(MSG_ERROR, "EAP-TLS: Failed to initialize PSA crypto, returned %d", (int) status); + return NULL; + } +#endif /* CONFIG_TLSV13 */ if (config == NULL || config->private_key == 0) { wpa_printf(MSG_INFO, "EAP-TLS: Private key not configured"); diff --git a/components/wpa_supplicant/src/eap_peer/eap_ttls.c b/components/wpa_supplicant/src/eap_peer/eap_ttls.c index e664d57eff..08f1cb504a 100644 --- a/components/wpa_supplicant/src/eap_peer/eap_ttls.c +++ b/components/wpa_supplicant/src/eap_peer/eap_ttls.c @@ -22,6 +22,9 @@ #include "eap_peer/eap_config.h" #include "eap_peer/eap_methods.h" +#ifdef CONFIG_TLSV13 +#include "psa/crypto.h" +#endif /* CONFIG_TLSV13 */ #define EAP_TTLS_VERSION 0 @@ -72,6 +75,13 @@ static void * eap_ttls_init(struct eap_sm *sm) { struct eap_ttls_data *data; struct eap_peer_config *config = eap_get_config(sm); +#ifdef CONFIG_TLSV13 + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to initialize PSA crypto, returned %d", (int) status); + return NULL; + } +#endif /* CONFIG_TLSV13 */ data = (struct eap_ttls_data *)os_zalloc(sizeof(*data)); if (data == NULL)