P2P: Enforce SAE-H2E for P2P GO in 6 GHz

Allow sae_pwe parameter to be configured per-network and enforce the
SAE hash-to-element mechanism for the P2P GO if it is started on
a 6 GHz channel.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 13015ac6f872c78a1c2f750326ac1a90d29498f6..79b904b66da8b1a2d73c53726b786a81fcd14e08 100644 (file)
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -595,7 +595,10 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
                bss->sae_passwords = pw;
        }
 
-       bss->sae_pwe = wpa_s->conf->sae_pwe;
+       if (ssid->sae_pwe != DEFAULT_SAE_PWE)
+               bss->sae_pwe = ssid->sae_pwe;
+       else
+               bss->sae_pwe = wpa_s->conf->sae_pwe;
 #endif /* CONFIG_SAE */
 
        if (wpa_s->conf->go_interworking) {

diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 6c4d67d40c37a7d4e5c026c66aa679850f488c85..bf97de698a3d27b1b6a801cab91ba8419a6c09c8 100644 (file)
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -3140,6 +3140,7 @@ void wpa_config_set_network_defaults(struct wpa_ssid *ssid)
 #endif /* CONFIG_VHT_OVERRIDES */
        ssid->proactive_key_caching = -1;
        ssid->ieee80211w = MGMT_FRAME_PROTECTION_DEFAULT;
+       ssid->sae_pwe = DEFAULT_SAE_PWE;
 #ifdef CONFIG_MACSEC
        ssid->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
 #endif /* CONFIG_MACSEC */

diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 1ad02b988a5ca04b8bd3756933ff7621a2ac0090..54fb72d8c1f7326b02267ecbddddfcaa4f533f61 100644 (file)
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -675,6 +675,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
        INT(mem_only_psk);
        STR(sae_password);
        STR(sae_password_id);
+       write_int(f, "sae_pwe", ssid->sae_pwe, DEFAULT_SAE_PWE);
        write_proto(f, ssid);
        write_key_mgmt(f, ssid);
        INT_DEF(bg_scan_period, DEFAULT_BG_SCAN_PERIOD);

diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 3f7b31480765876b1237f40e9457fe3c3169a763..339eead1c333446071b969cbd52171e3ef21cfb2 100644 (file)
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -46,6 +46,9 @@
 #define DEFAULT_USER_SELECTED_SIM 1
 #define DEFAULT_MAX_OPER_CHWIDTH -1
 
+/* Consider global sae_pwe for SAE mechanism for PWE derivation */
+#define DEFAULT_SAE_PWE 4
+
 struct psk_list_entry {
        struct dl_list list;
        u8 addr[ETH_ALEN];
@@ -1156,6 +1159,19 @@ struct wpa_ssid {
         * configuration.
         */
        bool was_recently_reconfigured;
+
+       /**
+        * sae_pwe - SAE mechanism for PWE derivation
+        *
+        * Internally, special value 4 (DEFAULT_SAE_PWE) is used to indicate
+        * that the parameter is not set and the global sae_pwe value needs to
+        * be considered.
+        *
+        * 0 = hunting-and-pecking loop only
+        * 1 = hash-to-element only
+        * 2 = both hunting-and-pecking loop and hash-to-element enabled
+        */
+       int sae_pwe;
 };
 
 #endif /* CONFIG_SSID_H */

diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index cc8db35242000d287e39700cbea2ac8a479a5149..ce44dfb9e053da44a803a6b722533f748d37dc3a 100644 (file)
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -2082,6 +2082,7 @@ static void wpas_start_wps_go(struct wpa_supplicant *wpa_s,
                ssid->auth_alg |= WPA_AUTH_ALG_SAE;
                ssid->key_mgmt = WPA_KEY_MGMT_SAE;
                ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
+               ssid->sae_pwe = 1;
                wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use SAE auth_alg and key_mgmt");
        } else {
                p2p_set_6ghz_dev_capab(wpa_s->global->p2p, false);