#ifdef CONFIG_SAE
if (flagged && ((rate_ie[j] & 0x7f) ==
BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY)) {
- if (wpa_s->conf->sae_pwe ==
+ if (wpas_get_ssid_sae_pwe(wpa_s, ssid) ==
SAE_PWE_HUNT_AND_PECK &&
!ssid->sae_password_id &&
!is_6ghz_freq(bss->freq) &&
#endif /* CONFIG_MBO */
#ifdef CONFIG_SAE
u8 rsnxe_capa = 0;
+ enum sae_pwe sae_pwe;
#endif /* CONFIG_SAE */
const u8 *ie;
#ifdef CONFIG_SAE
/* When using SAE Password Identifier and when operationg on the 6 GHz
* band, only H2E is allowed. */
- if ((wpa_s->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
+ sae_pwe = wpas_get_ssid_sae_pwe(wpa_s, ssid);
+ if ((sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
is_6ghz_freq(bss->freq) || ssid->sae_password_id) &&
- wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
+ sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
wpa_key_mgmt_sae(ssid->key_mgmt) &&
!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) {
if (debug_print)
int key_mgmt = external ? wpa_s->sme.ext_auth_key_mgmt :
wpa_s->key_mgmt;
const u8 *addr = mld_addr ? mld_addr : bssid;
+ enum sae_pwe sae_pwe;
if (ret_use_pt)
*ret_use_pt = 0;
rsnxe_capa = rsnxe[2];
}
+ sae_pwe = wpas_get_ssid_sae_pwe(wpa_s, ssid);
+
if (ssid->sae_password_id &&
- wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
+ sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
use_pt = 1;
if (wpa_key_mgmt_sae_ext_key(key_mgmt) &&
- wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
+ sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
use_pt = 1;
if (bss && is_6ghz_freq(bss->freq) &&
- wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
+ sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
use_pt = 1;
#ifdef CONFIG_SAE_PK
if ((rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) &&
}
#endif /* CONFIG_SAE_PK */
- if (use_pt || wpa_s->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
- wpa_s->conf->sae_pwe == SAE_PWE_BOTH) {
+ if (use_pt || sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
+ sae_pwe == SAE_PWE_BOTH) {
use_pt = !!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E));
- if ((wpa_s->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
+ if ((sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
ssid->sae_password_id ||
wpa_key_mgmt_sae_ext_key(key_mgmt)) &&
- wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
+ sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
!use_pt) {
wpa_printf(MSG_DEBUG,
"SAE: Cannot use H2E with the selected AP");
}
if (use_pt && !ssid->pt)
- wpa_s_setup_sae_pt(wpa_s->conf, ssid, true);
+ wpa_s_setup_sae_pt(wpa_s, ssid, true);
if (use_pt &&
sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
wpa_s->own_addr, addr,
os_memcmp(ssid_str, ssid->ssid, ssid_str_len) == 0 &&
wpa_key_mgmt_sae(ssid->key_mgmt)) {
/* Make sure PT is derived */
- wpa_s_setup_sae_pt(wpa_s->conf, ssid, false);
+ wpa_s_setup_sae_pt(wpa_s, ssid, false);
wpa_s->sme.ext_auth_wpa_ssid = ssid;
break;
}
{
int akm_count = wpa_s->max_num_akms;
u8 capab = 0;
+#ifdef CONFIG_SAE
+ enum sae_pwe sae_pwe;
+#endif /* CONFIG_SAE */
if (akm_count < 2)
return;
return;
}
- if (wpa_s->conf->sae_pwe != SAE_PWE_HUNT_AND_PECK &&
- wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
+#ifdef CONFIG_SAE
+ sae_pwe = wpas_get_ssid_sae_pwe(wpa_s, ssid);
+ if (sae_pwe != SAE_PWE_HUNT_AND_PECK &&
+ sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
#ifdef CONFIG_SAE_PK
if (ssid->sae_pk)
capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
#endif /* CONFIG_SAE_PK */
+#endif /* CONFIG_SAE */
if (!((wpa_s->allowed_key_mgmts &
(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_SAE_EXT_KEY)) && capab))
{
struct wpa_ie_data ie;
int sel, proto;
+#ifdef CONFIG_SAE
enum sae_pwe sae_pwe;
+#endif /* CONFIG_SAE */
const u8 *bss_wpa, *bss_rsn, *bss_rsnx, *bss_osen;
bool wmm;
(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV))
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
#endif /* CONFIG_OCV */
- sae_pwe = wpa_s->conf->sae_pwe;
+#ifdef CONFIG_SAE
+ sae_pwe = wpas_get_ssid_sae_pwe(wpa_s, ssid);
if ((ssid->sae_password_id ||
wpa_key_mgmt_sae_ext_key(wpa_s->key_mgmt)) &&
sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
(!ssid->sae_password && ssid->passphrase &&
sae_pk_valid_password(ssid->passphrase))));
#endif /* CONFIG_SAE_PK */
+#endif /* CONFIG_SAE */
if (bss && is_6ghz_freq(bss->freq) &&
wpas_get_ssid_pmf(wpa_s, ssid) != MGMT_FRAME_PROTECTION_REQUIRED) {
wpa_dbg(wpa_s, MSG_DEBUG, "RSN: Force MFPR=1 on 6 GHz");
}
-void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid,
+void wpa_s_setup_sae_pt(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
bool force)
{
#ifdef CONFIG_SAE
+ struct wpa_config *conf = wpa_s->conf;
int *groups = conf->sae_groups;
int default_groups[] = { 19, 20, 21, 0 };
const char *password;
+ enum sae_pwe sae_pwe;
if (!groups || groups[0] <= 0)
groups = default_groups;
if (!password)
password = ssid->passphrase;
+ sae_pwe = wpas_get_ssid_sae_pwe(wpa_s, ssid);
+
if (!password ||
!wpa_key_mgmt_sae(ssid->key_mgmt) ||
- (conf->sae_pwe == SAE_PWE_HUNT_AND_PECK && !ssid->sae_password_id &&
+ (sae_pwe == SAE_PWE_HUNT_AND_PECK && !ssid->sae_password_id &&
!wpa_key_mgmt_sae_ext_key(ssid->key_mgmt) &&
!force &&
!sae_pk_valid_password(password)) ||
- conf->sae_pwe == SAE_PWE_FORCE_HUNT_AND_PECK) {
+ sae_pwe == SAE_PWE_FORCE_HUNT_AND_PECK) {
/* PT derivation not needed */
sae_deinit_pt(ssid->pt);
ssid->pt = NULL;
wpa_s_clear_sae_rejected(wpa_s);
#ifdef CONFIG_SAE
- wpa_s_setup_sae_pt(wpa_s->conf, ssid, false);
+ wpa_s_setup_sae_pt(wpa_s, ssid, false);
#endif /* CONFIG_SAE */
if (rand_style > WPAS_MAC_ADDR_STYLE_PERMANENT) {
params.prev_bssid = prev_bssid;
#ifdef CONFIG_SAE
- params.sae_pwe = wpa_s->conf->sae_pwe;
+ params.sae_pwe = wpas_get_ssid_sae_pwe(wpa_s, ssid);
#endif /* CONFIG_SAE */
ret = wpa_drv_associate(wpa_s, ¶ms);
wpa_s->last_owe_group = 0;
if (ssid) {
ssid->owe_transition_bss_select_count = 0;
- wpa_s_setup_sae_pt(wpa_s->conf, ssid, false);
+ wpa_s_setup_sae_pt(wpa_s, ssid, false);
}
if (wpa_s->connect_without_scan || request_new_scan ||
#ifdef CONFIG_SAE
+
+enum sae_pwe wpas_get_ssid_sae_pwe(struct wpa_supplicant *wpa_s,
+ struct wpa_ssid *ssid)
+{
+ if (!ssid || ssid->sae_pwe == DEFAULT_SAE_PWE)
+ return wpa_s->conf->sae_pwe;
+ return ssid->sae_pwe;
+}
+
+
bool wpas_is_sae_avoided(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid,
const struct wpa_ie_data *ie)
(WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) ||
wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION);
}
+
#endif /* CONFIG_SAE */
projects / thirdparty / hostap.git / commitdiff
