{ INT_RANGE(ft_eap_pmksa_caching, 0, 1) },
{ INT_RANGE(beacon_prot, 0, 1) },
{ INT_RANGE(transition_disable, 0, 255) },
- { INT_RANGE(sae_pk_only, 0, 1) },
+ { INT_RANGE(sae_pk, 0, 2) },
};
#undef OFFSET
INT(ft_eap_pmksa_caching);
INT(beacon_prot);
INT(transition_disable);
- INT(sae_pk_only);
+ INT(sae_pk);
#ifdef CONFIG_HT_OVERRIDES
INT_DEF(disable_ht, DEFAULT_DISABLE_HT);
INT_DEF(disable_ht40, DEFAULT_DISABLE_HT40);
WPAS_MODE_MESH = 5,
};
+enum sae_pk_mode {
+ SAE_PK_MODE_AUTOMATIC = 0,
+ SAE_PK_MODE_ONLY = 1,
+ SAE_PK_MODE_DISABLED = 2,
+};
+
/**
* struct wpa_ssid - Network configuration data
*
u8 transition_disable;
/**
- * sae_pk_only - SAE-PK only mode (disable transition mode)
- *
- * 0 = enable transition mode (allow SAE authentication without SAE-PK)
- * 1 = disable transition mode (allow SAE authentication only with
- * SAE-PK)
+ * sae_pk - SAE-PK mode
+ * 0 = automatic SAE/SAE-PK selection based on password; enable
+ * transition mode (allow SAE authentication without SAE-PK)
+ * 1 = SAE-PK only (disable transition mode; allow SAE authentication
+ * only with SAE-PK)
+ * 2 = disable SAE-PK (allow SAE authentication only without SAE-PK)
*/
- int sae_pk_only;
+ enum sae_pk_mode sae_pk;
};
#endif /* CONFIG_SSID_H */
#endif /* CONFIG_SAE */
#ifdef CONFIG_SAE_PK
- if (ssid->sae_pk_only &&
+ if (ssid->sae_pk == SAE_PK_MODE_ONLY &&
!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK))) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
use_pt = 1;
#ifdef CONFIG_SAE_PK
if ((rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) &&
+ ssid->sae_pk != SAE_PK_MODE_DISABLED &&
ssid->sae_password && sae_pk_valid_password(ssid->sae_password)) {
use_pt = 1;
use_pk = true;
}
- if (ssid->sae_pk_only && !use_pk) {
+ if (ssid->sae_pk == SAE_PK_MODE_ONLY && !use_pk) {
wpa_printf(MSG_DEBUG,
"SAE: Cannot use PK with the selected AP");
return NULL;
# bit 3 (0x08): Enhanced Open (disable use of open network; require
# OWE)
-# SAE-PK only mode (disable transition mode)
-# 0: enable transition mode (allow SAE authentication without SAE-PK)
-# 1: disable transition mode (allow SAE authentication only with SAE-PK)
-#sae_pk_only=0
+# SAE-PK mode
+# 0: automatic SAE/SAE-PK selection based on password; enable
+# transition mode (allow SAE authentication without SAE-PK)
+# 1: SAE-PK only (disable transition mode; allow SAE authentication
+# only with SAE-PK)
+# 2: disable SAE-PK (allow SAE authentication only without SAE-PK)
+#sae_pk=0
# MAC address policy
# 0 = use permanent MAC address
wpa_s->sme.sae.pk &&
#endif /* CONFIG_SME */
(ssid->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE)) &&
- (!ssid->sae_pk_only ||
+ (ssid->sae_pk != SAE_PK_MODE_ONLY ||
ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED ||
(ssid->group_cipher & WPA_CIPHER_TKIP))) {
wpa_printf(MSG_DEBUG,
"SAE-PK: SAE authentication without PK disabled based on AP notification");
disable_wpa_wpa2(ssid);
- ssid->sae_pk_only = 1;
+ ssid->sae_pk = SAE_PK_MODE_ONLY;
changed = 1;
}
#endif /* CONFIG_SAE */
projects / thirdparty / hostap.git / commitdiff
