DPP: Do not restrict SAE password length on Enrollee

The restriction of the passphrase length to 8..63 characters is only
applicable for WPA2-Personal (PSK). Remove this constraint when
processing a configuration object that includes SAE without PSK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index d2a027378da93a4113befe68ff4e646313f7e6fe..9aa001127da5f16a5a87237d8392693f6ebcf906 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -2565,8 +2565,12 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf,
 
                wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: Legacy passphrase",
                                      pass->string, len);
-               if (len < 8 || len > 63)
+               if (dpp_akm_psk(conf->akm) && (len < 8 || len > 63)) {
+                       wpa_printf(MSG_DEBUG,
+                                  "DPP: Unexpected pass length %zu for a config object that includes PSK",
+                                  len);
                        return -1;
+               }
                os_strlcpy(conf->passphrase, pass->string,
                           sizeof(conf->passphrase));
        } else if (psk_hex && psk_hex->type == JSON_STRING) {

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 94d7ae99017b1d3be3391bbeab649b32159ce2e6..b8bcc38c2e971169ac64fdc718f16e477c9eb08e 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1475,12 +1475,17 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
                        ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
                else
                        ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
-               if (conf->passphrase[0]) {
+               if (conf->passphrase[0] && dpp_akm_psk(conf->akm)) {
                        if (wpa_config_set_quoted(ssid, "psk",
                                                  conf->passphrase) < 0)
                                goto fail;
                        wpa_config_update_psk(ssid);
                        ssid->export_keys = 1;
+               } else if (conf->passphrase[0] && dpp_akm_sae(conf->akm)) {
+                       if (wpa_config_set_quoted(ssid, "sae_password",
+                                                 conf->passphrase) < 0)
+                               goto fail;
+                       ssid->export_keys = 1;
                } else {
                        ssid->psk_set = conf->psk_set;
                        os_memcpy(ssid->psk, conf->psk, PMK_LEN);