SAE: Add sae_pwe configuration parameter for wpa_supplicant

This parameter can be used to specify which PWE derivation mechanism(s)
is enabled. This commit is only introducing the new parameter; actual
use of it will be address in separate commits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index ca98412ddc85d88e06c270726c361b3c815eb9fd..59ca153820e5d818e97547ef98b0cfeb90a9a361 100644 (file)
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -434,6 +434,8 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
                pw->next = bss->sae_passwords;
                bss->sae_passwords = pw;
        }
+
+       bss->sae_pwe = wpa_s->conf->sae_pwe;
 #endif /* CONFIG_SAE */
 
        if (wpa_s->conf->go_interworking) {

diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 515228b7836d54af0b7911074de0020c42537350..ab668759ec35ea79b9db3f79f1226d48b24c7ca1 100644 (file)
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -4984,6 +4984,7 @@ static const struct global_parse_data global_fields[] = {
        { INT(okc), 0 },
        { INT(pmf), 0 },
        { FUNC(sae_groups), 0 },
+       { INT_RANGE(sae_pwe, 0, 2), 0 },
        { INT_RANGE(sae_pmkid_in_assoc, 0, 1), 0 },
        { INT(dtim_period), 0 },
        { INT(beacon_int), 0 },

diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index 1734e00876ace855022fc6533817b944724568c4..326ac61202cdba05963cdac2d88555eb50772982 100644 (file)
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -1164,6 +1164,14 @@ struct wpa_config {
         */
        int *sae_groups;
 
+       /**
+        * sae_pwe - SAE mechanism for PWE derivation
+        * 0 = hunting-and-pecking loop only
+        * 1 = hash-to-element only
+        * 2 = both hunting-and-pecking loop and hash-to-element enabled
+        */
+       int sae_pwe;
+
        /**
         * sae_pmkid_in_assoc - Whether to include PMKID in SAE Assoc Req
         */

diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 7150ab8095691ba44f6a2f736642fac3f9fc0398..cf4b7bc6e6ab2cabdc5c3c28532e80ecd31f9d4a 100644 (file)
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -1407,6 +1407,9 @@ static void wpa_config_write_global(FILE *f, struct wpa_config *config)
                fprintf(f, "\n");
        }
 
+       if (config->sae_pwe)
+               fprintf(f, "sae_pwe=%d\n", config->sae_pwe);
+
        if (config->sae_pmkid_in_assoc)
                fprintf(f, "sae_pmkid_in_assoc=%d\n",
                        config->sae_pmkid_in_assoc);

diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 63639732f376713f07ba5a633651005a8f5d5790..ba511b9cb60d3941c786de8c78e5f6870d6226f7 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -425,6 +425,14 @@ fast_reauth=1
 # since all implementations are required to support group 19.
 #sae_groups=19 20 21
 
+# SAE mechanism for PWE derivation
+# 0 = hunting-and-pecking loop only (default)
+# 1 = hash-to-element only
+# 2 = both hunting-and-pecking loop and hash-to-element enabled
+# Note: The default value is likely to change from 0 to 2 once the new
+# hash-to-element mechanism has received more interoperability testing.
+#sae_pwe=0
+
 # Default value for DTIM period (if not overridden in network block)
 #dtim_period=2