diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index ca98412dd..59ca15382 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -434,6 +434,8 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, pw->next = bss->sae_passwords; bss->sae_passwords = pw; } + + bss->sae_pwe = wpa_s->conf->sae_pwe; #endif /* CONFIG_SAE */ if (wpa_s->conf->go_interworking) { diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index 515228b78..ab668759e 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -4984,6 +4984,7 @@ static const struct global_parse_data global_fields[] = { { INT(okc), 0 }, { INT(pmf), 0 }, { FUNC(sae_groups), 0 }, + { INT_RANGE(sae_pwe, 0, 2), 0 }, { INT_RANGE(sae_pmkid_in_assoc, 0, 1), 0 }, { INT(dtim_period), 0 }, { INT(beacon_int), 0 }, diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h index 1734e0087..326ac6120 100644 --- a/wpa_supplicant/config.h +++ b/wpa_supplicant/config.h @@ -1164,6 +1164,14 @@ struct wpa_config { */ int *sae_groups; + /** + * sae_pwe - SAE mechanism for PWE derivation + * 0 = hunting-and-pecking loop only + * 1 = hash-to-element only + * 2 = both hunting-and-pecking loop and hash-to-element enabled + */ + int sae_pwe; + /** * sae_pmkid_in_assoc - Whether to include PMKID in SAE Assoc Req */ diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c index 7150ab809..cf4b7bc6e 100644 --- a/wpa_supplicant/config_file.c +++ b/wpa_supplicant/config_file.c @@ -1407,6 +1407,9 @@ static void wpa_config_write_global(FILE *f, struct wpa_config *config) fprintf(f, "\n"); } + if (config->sae_pwe) + fprintf(f, "sae_pwe=%d\n", config->sae_pwe); + if (config->sae_pmkid_in_assoc) fprintf(f, "sae_pmkid_in_assoc=%d\n", config->sae_pmkid_in_assoc); diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index 63639732f..ba511b9cb 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -425,6 +425,14 @@ fast_reauth=1 # since all implementations are required to support group 19. #sae_groups=19 20 21 +# SAE mechanism for PWE derivation +# 0 = hunting-and-pecking loop only (default) +# 1 = hash-to-element only +# 2 = both hunting-and-pecking loop and hash-to-element enabled +# Note: The default value is likely to change from 0 to 2 once the new +# hash-to-element mechanism has received more interoperability testing. +#sae_pwe=0 + # Default value for DTIM period (if not overridden in network block) #dtim_period=2