P2P: Use SAE+PMF for P2P connection in 6 GHz
Use WPA3-Personal (SAE+PMF) for P2P connections in the 6 GHz band to enable the Wi-Fi Display use case on the 6 GHz band without having to use WPA2-Personal (PSK) on that new band. Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
This commit is contained in:
Sreeramya Soratkal
Jouni Malinen
parent
f0cdacacb3
commit
311091eb43
7 changed files with 37 additions and 7 deletions
|
|
@ -1172,6 +1172,8 @@ int hostapd_init_wps(struct hostapd_data *hapd,
|
|||
wps->auth_types |= WPS_AUTH_WPA2PSK;
|
||||
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
|
||||
wps->auth_types |= WPS_AUTH_WPA2;
|
||||
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE)
|
||||
wps->auth_types |= WPS_AUTH_WPA2PSK;
|
||||
|
||||
if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
|
||||
WPA_CIPHER_CCMP_256 |
|
||||
|
|
@ -1328,6 +1330,11 @@ int hostapd_init_wps(struct hostapd_data *hapd,
|
|||
|
||||
hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd);
|
||||
|
||||
#ifdef CONFIG_P2P
|
||||
if ((hapd->conf->p2p & P2P_ENABLED) &&
|
||||
is_6ghz_op_class(hapd->iconf->op_class))
|
||||
wps->use_passphrase = true;
|
||||
#endif /* CONFIG_P2P */
|
||||
hapd->wps = wps;
|
||||
bin_clear_free(multi_ap_netw_key, 2 * PMK_LEN);
|
||||
|
||||
|
|
|
|||
|
|
@ -132,9 +132,11 @@ static void * eap_wsc_init(struct eap_sm *sm)
|
|||
cfg.peer_addr = sm->peer_addr;
|
||||
#ifdef CONFIG_P2P
|
||||
if (sm->assoc_p2p_ie) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-WSC: Prefer PSK format for P2P "
|
||||
"client");
|
||||
if (!sm->cfg->wps->use_passphrase) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-WSC: Prefer PSK format for non-6 GHz P2P client");
|
||||
cfg.use_psk_key = 1;
|
||||
}
|
||||
cfg.p2p_dev_addr = p2p_get_go_dev_addr(sm->assoc_p2p_ie);
|
||||
}
|
||||
#endif /* CONFIG_P2P */
|
||||
|
|
|
|||
|
|
@ -841,6 +841,10 @@ struct wps_context {
|
|||
struct wpabuf *ap_nfc_dh_pubkey;
|
||||
struct wpabuf *ap_nfc_dh_privkey;
|
||||
struct wpabuf *ap_nfc_dev_pw;
|
||||
|
||||
/* Whether to send WPA2-PSK passphrase as a passphrase instead of PSK
|
||||
* for WPA3-Personal transition mode needs. */
|
||||
bool use_passphrase;
|
||||
};
|
||||
|
||||
struct wps_registrar *
|
||||
|
|
|
|||
|
|
@ -1753,8 +1753,10 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
|
|||
wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, PMK_LEN);
|
||||
os_memcpy(wps->cred.key, hex, PMK_LEN * 2);
|
||||
wps->cred.key_len = PMK_LEN * 2;
|
||||
} else if (!wps->wps->registrar->force_per_enrollee_psk &&
|
||||
wps->wps->network_key) {
|
||||
} else if ((!wps->wps->registrar->force_per_enrollee_psk ||
|
||||
wps->wps->use_passphrase) && wps->wps->network_key) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"WPS: Use passphrase format for Network key");
|
||||
os_memcpy(wps->cred.key, wps->wps->network_key,
|
||||
wps->wps->network_key_len);
|
||||
wps->cred.key_len = wps->wps->network_key_len;
|
||||
|
|
|
|||
|
|
@ -892,6 +892,8 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
|
|||
params.wpa_proto = ssid->proto;
|
||||
if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
|
||||
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
|
||||
else if (ssid->key_mgmt & WPA_KEY_MGMT_SAE)
|
||||
wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
|
||||
else
|
||||
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
|
||||
params.key_mgmt_suite = wpa_s->key_mgmt;
|
||||
|
|
|
|||
|
|
@ -2065,6 +2065,14 @@ static void wpas_start_wps_go(struct wpa_supplicant *wpa_s,
|
|||
}
|
||||
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
||||
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
|
||||
if (is_6ghz_freq(ssid->frequency) &&
|
||||
is_p2p_6ghz_capable(wpa_s->global->p2p)) {
|
||||
ssid->auth_alg |= WPA_AUTH_ALG_SAE;
|
||||
ssid->key_mgmt = WPA_KEY_MGMT_SAE;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use SAE auth_alg and key_mgmt");
|
||||
} else {
|
||||
p2p_set_6ghz_dev_capab(wpa_s->global->p2p, false);
|
||||
}
|
||||
ssid->proto = WPA_PROTO_RSN;
|
||||
ssid->pairwise_cipher = WPA_CIPHER_CCMP;
|
||||
ssid->group_cipher = WPA_CIPHER_CCMP;
|
||||
|
|
|
|||
|
|
@ -372,6 +372,7 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
|||
#ifdef CONFIG_WPS_REG_DISABLE_OPEN
|
||||
int registrar = 0;
|
||||
#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
|
||||
bool add_sae;
|
||||
|
||||
if ((wpa_s->conf->wps_cred_processing == 1 ||
|
||||
wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
|
||||
|
|
@ -534,8 +535,12 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
|||
case WPS_AUTH_WPA2PSK:
|
||||
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
||||
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
|
||||
if (wpa_s->conf->wps_cred_add_sae &&
|
||||
cred->key_len != 2 * PMK_LEN) {
|
||||
add_sae = wpa_s->conf->wps_cred_add_sae;
|
||||
#ifdef CONFIG_P2P
|
||||
if (ssid->p2p_group && is_p2p_6ghz_capable(wpa_s->global->p2p))
|
||||
add_sae = true;
|
||||
#endif /* CONFIG_P2P */
|
||||
if (add_sae && cred->key_len != 2 * PMK_LEN) {
|
||||
ssid->auth_alg = 0;
|
||||
ssid->key_mgmt |= WPA_KEY_MGMT_SAE;
|
||||
ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
|
||||
|
|
|
|||
Loading…
Reference in a new issue