SAE: Add sae_pwe configuration parameter for hostapd

This parameter can be used to specify which PWE derivation mechanism(s)
is enabled. This commit is only introducing the new parameter; actual
use of it will be address in separate commits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index e6033e7ab4385a75865e309355719445fe058e1f..b187ec7cb9ef046b9d5f5424e7ab0239b5212175 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -4184,6 +4184,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
                bss->sae_require_mfp = atoi(pos);
        } else if (os_strcmp(buf, "sae_confirm_immediate") == 0) {
                bss->sae_confirm_immediate = atoi(pos);
+       } else if (os_strcmp(buf, "sae_pwe") == 0) {
+               bss->sae_pwe = atoi(pos);
        } else if (os_strcmp(buf, "local_pwr_constraint") == 0) {
                int val = atoi(pos);
                if (val < 0 || val > 255) {

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 326f967a5c93f0c122f24230efab71613f63263f..9739c61a4096706cdc60b718344de512b10983bf 100644 (file)
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1750,6 +1750,14 @@ own_ip_addr=127.0.0.1
 # to send its SAE Confirm message first.
 #sae_confirm_immediate=0
 
+# SAE mechanism for PWE derivation
+# 0 = hunting-and-pecking loop only (default)
+# 1 = hash-to-element only
+# 2 = both hunting-and-pecking loop and hash-to-element enabled
+# Note: The default value is likely to change from 0 to 2 once the new
+# hash-to-element mechanism has received more interoperability testing.
+#sae_pwe=0
+
 # FILS Cache Identifier (16-bit value in hexdump format)
 #fils_cache_id=0011
 

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 346a7dd1bc6189b2d9a1b8cefee3cb10a1201c93..2d09d06147ec99a424c3fb7fc3e0ef5be0a2676d 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -650,6 +650,7 @@ struct hostapd_bss_config {
        unsigned int sae_sync;
        int sae_require_mfp;
        int sae_confirm_immediate;
+       int sae_pwe;
        int *sae_groups;
        struct sae_password_entry *sae_passwords;
 

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 2f1b1de6be7fa3c8fb57627b0647a616eb89b8dd..f0f03aa5247bcc9af848e93dc14d680d2647d498 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -230,6 +230,7 @@ struct wpa_auth_config {
        unsigned int fils_cache_id_set:1;
        u8 fils_cache_id[FILS_CACHE_ID_LEN];
 #endif /* CONFIG_FILS */
+       int sae_pwe;
 };
 
 typedef enum {

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index c0786cee5208fc9e33bb87f4231149cb5fd227be..76f86d9d52042231cc17ccd643aa7f8104eaf739 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -130,6 +130,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
        os_memcpy(wconf->fils_cache_id, conf->fils_cache_id,
                  FILS_CACHE_ID_LEN);
 #endif /* CONFIG_FILS */
+       wconf->sae_pwe = conf->sae_pwe;
 }