From: Ainy Kumari <ainy.kumari@oss.qualcomm.com>
Date: Fri, 3 Oct 2025 06:28:36 +0000 (+0530)
Subject: PASN: SAE-EXT-KEY AKM support for PASN Authentication in Initiator mode
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=184121a86cc836f92ebd37a45df8bf3ff98b1037;p=thirdparty%2Fhostap.git

PASN: SAE-EXT-KEY AKM support for PASN Authentication in Initiator mode

Add support for WPA_KEY_MGMT_SAE_EXT_KEY in PASN authentication in
initiator mode. Update PASN logic to treat SAE-EXT-KEY as a valid base
AKM alongside SAE, enabling PASN operations with the extended SAE key
management suite. This aligns with IEEE Std 802.11-2024 updates to PASN
with SAE.

Signed-off-by: Ainy Kumari <ainy.kumari@oss.qualcomm.com>
---

diff --git a/src/pasn/pasn_initiator.c b/src/pasn/pasn_initiator.c
index 3e16b77b1..8669839d5 100644
--- a/src/pasn/pasn_initiator.c
+++ b/src/pasn/pasn_initiator.c
@@ -518,6 +518,7 @@ static struct wpabuf * wpas_pasn_get_wrapped_data(struct pasn_data *pasn)
 		/* no wrapped data */
 		return NULL;
 	case WPA_KEY_MGMT_SAE:
+	case WPA_KEY_MGMT_SAE_EXT_KEY:
 #ifdef CONFIG_SAE
 		if (pasn->trans_seq == 0)
 			return wpas_pasn_wd_sae_commit(pasn);
@@ -558,6 +559,7 @@ static u8 wpas_pasn_get_wrapped_data_format(struct pasn_data *pasn)
 	/* Note: Valid AKMP is expected to already be validated */
 	switch (pasn->akmp) {
 	case WPA_KEY_MGMT_SAE:
+	case WPA_KEY_MGMT_SAE_EXT_KEY:
 		return WPA_PASN_WRAPPED_DATA_SAE;
 	case WPA_KEY_MGMT_FILS_SHA256:
 	case WPA_KEY_MGMT_FILS_SHA384:
@@ -895,7 +897,8 @@ static int wpas_pasn_set_pmk(struct pasn_data *pasn,
 	}
 
 #ifdef CONFIG_SAE
-	if (pasn->akmp == WPA_KEY_MGMT_SAE) {
+	if (pasn->akmp == WPA_KEY_MGMT_SAE ||
+	    pasn->akmp == WPA_KEY_MGMT_SAE_EXT_KEY) {
 		int ret;
 
 		ret = wpas_pasn_wd_sae_rx(pasn, wrapped_data);
@@ -1037,6 +1040,7 @@ int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr,
 		break;
 #ifdef CONFIG_SAE
 	case WPA_KEY_MGMT_SAE:
+	case WPA_KEY_MGMT_SAE_EXT_KEY:
 
 		if (beacon_rsnxe &&
 		    !ieee802_11_rsnx_capab(beacon_rsnxe,
diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c
index fb15d0849..6a0abe76b 100644
--- a/wpa_supplicant/pasn_supplicant.c
+++ b/wpa_supplicant/pasn_supplicant.c
@@ -717,7 +717,8 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
 	ssid = wpa_config_get_network(wpa_s->conf, awork->network_id);
 
 #ifdef CONFIG_SAE
-	if (awork->akmp == WPA_KEY_MGMT_SAE) {
+	if (awork->akmp == WPA_KEY_MGMT_SAE ||
+	    awork->akmp == WPA_KEY_MGMT_SAE_EXT_KEY) {
 		if (!ssid) {
 			wpa_printf(MSG_DEBUG,
 				   "PASN: No network profile found for SAE");