wolfIP Adds a Clean-Room Wi-Fi Supplicant: WPA2, WPA2-Enterprise, and WPA3 for Embedded Systems

wolfIP now ships an in-tree Wi-Fi supplicant (src/supplicant/) that brings WPA2-Personal, WPA2-Enterprise, and WPA3-Personal authentication to resource-constrained embedded devices, with no external proprietary supplicant and no dynamic memory allocation. It is a clean-room implementation built directly on wolfSSL/wolfCrypt, so the same crypto you already trust now drives your Wi-Fi association.

Supported authentication methods

Mode Standard Notes
WPA2-Personal (PSK) IEEE 802.11i 4-way handshake PMKSA caching skips the 4096-iteration PBKDF2 on reconnect
WPA2-Enterprise EAP-TLS RFC 5216 / RFC 9190 Uses wolfSSL native TLS 1.3 with custom IO (no OpenSSL compat layer, no BIO)
WPA2-Enterprise PEAPv0/MSCHAPv2 RFC 2759 Optional, off by default (requires legacy MD4/DES)
WPA3-Personal SAE (dragonfly) IEEE 802.11-2020 Hunt-and-Peck and RFC 9380 Hash-to-Element PWE, ECC groups 19/20/21 (P-256/P-384/P-521), with PMKSA fast reconnect that skips the dragonfly on rejoin

Ciphers: AES-CCMP-128/256 and AES-GCMP-128/256. IEEE 802.11w Management Frame Protection (MFP) is supported with configurable capable/required policy. Each method is independently selectable at build time (WOLFIP_ENABLE_EAP_TLS, WOLFIP_ENABLE_SAE, WOLFIP_ENABLE_SAE_H2E, WOLFIP_ENABLE_SAE_HNP, WOLFIP_ENABLE_PEAP_MSCHAPV2), so you compile in only what you ship.

Tested against real authenticators

Both the wired and over-the-air paths are interop-tested against hostapd, not just self-checked. The SAE and EAP-TLS radio paths run over a Linux mac80211_hwsim SoftMAC radio (the same nl80211 code path a real SoftMAC USB adapter uses), each driven to a full AUTHENTICATED association: WPA3-SAE for all six (Hunt-and-Peck + Hash-to-Element) x (P-256/P-384/P-521) combinations, WPA2-Enterprise EAP-TLS over the air, SAE PMKSA fast reconnect (rejoin with no dragonfly), and a negative test confirming a wrong password is cleanly rejected. A small host app (wolfsta) takes it end to end: join -> DHCP lease -> ICMP ping -> UDP echo. Host unit tests cover the 4-way handshake, the SAE crypto (including the RFC 9380 J.1.1 SSWU P-256 known-answer test), EAP-TLS, and MSCHAPv2 vectors.

Portability

wolfIP is written in portable C and carries no OS/RTOS or heap dependency of its own. The supplicant code can run everywhere wolfIP already runs: bare-metal/no-OS, FreeRTOS, and POSIX/Linux. Validated MCU targets like STM32H563 (Cortex-M33), STM32H753 (Cortex-M7), STM32N6 (Cortex-M55), NXP LPC54S018M (Cortex-M4), VORAGO VA416xx (Cortex-M4), Raspberry Pi Pico 2 W / RP2350 (Cortex-M33 and Hazard3 RISC-V with CYW43439), and Xilinx ZCU102 (AArch64).

Code size and memory

wolfIP is “a TCP/IP stack with no dynamic memory allocations, designed to be used in resource-constrained embedded systems.” That model extends to the supplicant: the supplicant context is caller-allocated (stack, static, or pool), so the bare-metal path never calls malloc.

The code base is compact and auditable. The core stack (src/wolfip.c) is roughly 10,000 lines of C, and the entire supplicant adds about 5,000 lines of C. As a rough estimate, a compiled supplicant of that size lands in the tens of kilobytes of flash on a typical Cortex-M target — well under 100 KB, and smaller still when unused authentication methods are compiled out. Because there is no heap, RAM use is fixed and statically sized at build time.

Built for safety-critical and certifiable systems

The design choices that make wolfIP small are the same ones that make it a fit for safety-critical and high-assurance programs: zero dynamic memory allocation, a fixed number of concurrent sockets, pre-allocated static buffers, and a deterministic footprint. The supplicant adds no heap requirement, so memory behavior is statically analyzable. The cryptography underneath is wolfSSL/wolfCrypt, which is available in FIPS 140-3 validated and DO-178C DAL A certifiable forms, giving teams a clear path to the cryptographic evidence their certification authorities expect.

Standards and RFC coverage

IEEE 802.11i (WPA2 4-way handshake), IEEE 802.11-2020 (WPA3-SAE dragonfly), RFC 5216 and RFC 9190 (EAP-TLS), RFC 9380 (Hash-to-Element, SSWU), IEEE 802.11w (Management Frame Protection), and RFC 2759 (MSCHAPv2). EAP-TLS and SAE are both interop-tested against hostapd, including the RFC 9380 J.1.1 SSWU P-256 known-answer test.

Licensing

wolfIP is open source under GPLv3 (Copyright (c) 2026 wolfSSL Inc.). Commercial licensing is available from wolfSSL for products that cannot use GPLv3.

Learn more

The wolfSupplicant pull request is here.


If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now