SAE: Add sae_pwe configuration parameter for wpa_supplicant

This parameter can be used to specify which PWE derivation mechanism(s) is enabled. This commit is only introducing the new parameter; actual use of it will be address in separate commits. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-05 12:38:32 +03:00 · 2019-09-05 12:38:32 +03:00 · 85e64e634d
commit 85e64e634d
parent a36e13a7cd
5 changed files with 22 additions and 0 deletions
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@ -434,6 +434,8 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
 		pw->next = bss->sae_passwords;
 		bss->sae_passwords = pw;
 	}
+
+	bss->sae_pwe = wpa_s->conf->sae_pwe;
 #endif /* CONFIG_SAE */

 	if (wpa_s->conf->go_interworking) {
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@ -4984,6 +4984,7 @@ static const struct global_parse_data global_fields[] = {
 	{ INT(okc), 0 },
 	{ INT(pmf), 0 },
 	{ FUNC(sae_groups), 0 },
+	{ INT_RANGE(sae_pwe, 0, 2), 0 },
 	{ INT_RANGE(sae_pmkid_in_assoc, 0, 1), 0 },
 	{ INT(dtim_period), 0 },
 	{ INT(beacon_int), 0 },
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@ -1164,6 +1164,14 @@ struct wpa_config {
 	 */
 	int *sae_groups;

+	/**
+	 * sae_pwe - SAE mechanism for PWE derivation
+	 * 0 = hunting-and-pecking loop only
+	 * 1 = hash-to-element only
+	 * 2 = both hunting-and-pecking loop and hash-to-element enabled
+	 */
+	int sae_pwe;
+
 	/**
 	 * sae_pmkid_in_assoc - Whether to include PMKID in SAE Assoc Req
 	 */
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@ -1407,6 +1407,9 @@ static void wpa_config_write_global(FILE *f, struct wpa_config *config)
 		fprintf(f, "\n");
 	}

+	if (config->sae_pwe)
+		fprintf(f, "sae_pwe=%d\n", config->sae_pwe);
+
 	if (config->sae_pmkid_in_assoc)
 		fprintf(f, "sae_pmkid_in_assoc=%d\n",
 			config->sae_pmkid_in_assoc);
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@ -425,6 +425,14 @@ fast_reauth=1
 # since all implementations are required to support group 19.
 #sae_groups=19 20 21

+# SAE mechanism for PWE derivation
+# 0 = hunting-and-pecking loop only (default)
+# 1 = hash-to-element only
+# 2 = both hunting-and-pecking loop and hash-to-element enabled
+# Note: The default value is likely to change from 0 to 2 once the new
+# hash-to-element mechanism has received more interoperability testing.
+#sae_pwe=0
+
 # Default value for DTIM period (if not overridden in network block)
 #dtim_period=2