aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-09-05 09:38:32 (GMT)
committerJouni Malinen <j@w1.fi>2019-10-15 12:39:22 (GMT)
commit85e64e634d440f03a80cfdb5aed7eb4928415ea1 (patch)
treef8ea7a43ae3da4886cf22b4d38fb757396b4b246
parenta36e13a7cd1277c8bb64b8dbcc7def5d7009d6fa (diff)
downloadhostap-85e64e634d440f03a80cfdb5aed7eb4928415ea1.zip
hostap-85e64e634d440f03a80cfdb5aed7eb4928415ea1.tar.gz
hostap-85e64e634d440f03a80cfdb5aed7eb4928415ea1.tar.bz2
SAE: Add sae_pwe configuration parameter for wpa_supplicant
This parameter can be used to specify which PWE derivation mechanism(s) is enabled. This commit is only introducing the new parameter; actual use of it will be address in separate commits. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--wpa_supplicant/ap.c2
-rw-r--r--wpa_supplicant/config.c1
-rw-r--r--wpa_supplicant/config.h8
-rw-r--r--wpa_supplicant/config_file.c3
-rw-r--r--wpa_supplicant/wpa_supplicant.conf8
5 files changed, 22 insertions, 0 deletions
diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index ca98412..59ca153 100644
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -434,6 +434,8 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
pw->next = bss->sae_passwords;
bss->sae_passwords = pw;
}
+
+ bss->sae_pwe = wpa_s->conf->sae_pwe;
#endif /* CONFIG_SAE */
if (wpa_s->conf->go_interworking) {
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 515228b..ab66875 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -4984,6 +4984,7 @@ static const struct global_parse_data global_fields[] = {
{ INT(okc), 0 },
{ INT(pmf), 0 },
{ FUNC(sae_groups), 0 },
+ { INT_RANGE(sae_pwe, 0, 2), 0 },
{ INT_RANGE(sae_pmkid_in_assoc, 0, 1), 0 },
{ INT(dtim_period), 0 },
{ INT(beacon_int), 0 },
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index 1734e00..326ac61 100644
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -1165,6 +1165,14 @@ struct wpa_config {
int *sae_groups;
/**
+ * sae_pwe - SAE mechanism for PWE derivation
+ * 0 = hunting-and-pecking loop only
+ * 1 = hash-to-element only
+ * 2 = both hunting-and-pecking loop and hash-to-element enabled
+ */
+ int sae_pwe;
+
+ /**
* sae_pmkid_in_assoc - Whether to include PMKID in SAE Assoc Req
*/
int sae_pmkid_in_assoc;
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 7150ab8..cf4b7bc 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -1407,6 +1407,9 @@ static void wpa_config_write_global(FILE *f, struct wpa_config *config)
fprintf(f, "\n");
}
+ if (config->sae_pwe)
+ fprintf(f, "sae_pwe=%d\n", config->sae_pwe);
+
if (config->sae_pmkid_in_assoc)
fprintf(f, "sae_pmkid_in_assoc=%d\n",
config->sae_pmkid_in_assoc);
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 6363973..ba511b9 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -425,6 +425,14 @@ fast_reauth=1
# since all implementations are required to support group 19.
#sae_groups=19 20 21
+# SAE mechanism for PWE derivation
+# 0 = hunting-and-pecking loop only (default)
+# 1 = hash-to-element only
+# 2 = both hunting-and-pecking loop and hash-to-element enabled
+# Note: The default value is likely to change from 0 to 2 once the new
+# hash-to-element mechanism has received more interoperability testing.
+#sae_pwe=0
+
# Default value for DTIM period (if not overridden in network block)
#dtim_period=2