aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-09-05 08:44:57 (GMT)
committerJouni Malinen <j@w1.fi>2019-10-15 12:39:22 (GMT)
commita36e13a7cd1277c8bb64b8dbcc7def5d7009d6fa (patch)
tree60bb360e005ddf2288cadd2dd42f591aa49d4c68
parentaf4487148a8c8b454d15124e3889a0f94441d156 (diff)
downloadhostap-a36e13a7cd1277c8bb64b8dbcc7def5d7009d6fa.zip
hostap-a36e13a7cd1277c8bb64b8dbcc7def5d7009d6fa.tar.gz
hostap-a36e13a7cd1277c8bb64b8dbcc7def5d7009d6fa.tar.bz2
SAE: Add sae_pwe configuration parameter for hostapd
This parameter can be used to specify which PWE derivation mechanism(s) is enabled. This commit is only introducing the new parameter; actual use of it will be address in separate commits. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--hostapd/config_file.c2
-rw-r--r--hostapd/hostapd.conf8
-rw-r--r--src/ap/ap_config.h1
-rw-r--r--src/ap/wpa_auth.h1
-rw-r--r--src/ap/wpa_auth_glue.c1
5 files changed, 13 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index e6033e7..b187ec7 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -4184,6 +4184,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->sae_require_mfp = atoi(pos);
} else if (os_strcmp(buf, "sae_confirm_immediate") == 0) {
bss->sae_confirm_immediate = atoi(pos);
+ } else if (os_strcmp(buf, "sae_pwe") == 0) {
+ bss->sae_pwe = atoi(pos);
} else if (os_strcmp(buf, "local_pwr_constraint") == 0) {
int val = atoi(pos);
if (val < 0 || val > 255) {
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 326f967..9739c61 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1750,6 +1750,14 @@ own_ip_addr=127.0.0.1
# to send its SAE Confirm message first.
#sae_confirm_immediate=0
+# SAE mechanism for PWE derivation
+# 0 = hunting-and-pecking loop only (default)
+# 1 = hash-to-element only
+# 2 = both hunting-and-pecking loop and hash-to-element enabled
+# Note: The default value is likely to change from 0 to 2 once the new
+# hash-to-element mechanism has received more interoperability testing.
+#sae_pwe=0
+
# FILS Cache Identifier (16-bit value in hexdump format)
#fils_cache_id=0011
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 346a7dd..2d09d06 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -650,6 +650,7 @@ struct hostapd_bss_config {
unsigned int sae_sync;
int sae_require_mfp;
int sae_confirm_immediate;
+ int sae_pwe;
int *sae_groups;
struct sae_password_entry *sae_passwords;
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 2f1b1de..f0f03aa 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -230,6 +230,7 @@ struct wpa_auth_config {
unsigned int fils_cache_id_set:1;
u8 fils_cache_id[FILS_CACHE_ID_LEN];
#endif /* CONFIG_FILS */
+ int sae_pwe;
};
typedef enum {
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index c0786ce..76f86d9 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -130,6 +130,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
os_memcpy(wconf->fils_cache_id, conf->fils_cache_id,
FILS_CACHE_ID_LEN);
#endif /* CONFIG_FILS */
+ wconf->sae_pwe = conf->sae_pwe;
}