From 882bd2edd576fc8ee98d7f5c523d774199e3b3ad Mon Sep 17 00:00:00 2001
From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Thu, 22 Aug 2024 11:25:54 +0300
Subject: [PATCH] DPP: Do not restrict SAE password length on Enrollee

The restriction of the passphrase length to 8..63 characters is only
applicable for WPA2-Personal (PSK). Remove this constraint when
processing a configuration object that includes SAE without PSK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
 src/common/dpp.c                | 6 +++++-
 wpa_supplicant/dpp_supplicant.c | 7 ++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/common/dpp.c b/src/common/dpp.c
index d2a027378..9aa001127 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -2565,8 +2565,12 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf,
 
 		wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: Legacy passphrase",
 				      pass->string, len);
-		if (len < 8 || len > 63)
+		if (dpp_akm_psk(conf->akm) && (len < 8 || len > 63)) {
+			wpa_printf(MSG_DEBUG,
+				   "DPP: Unexpected pass length %zu for a config object that includes PSK",
+				   len);
 			return -1;
+		}
 		os_strlcpy(conf->passphrase, pass->string,
 			   sizeof(conf->passphrase));
 	} else if (psk_hex && psk_hex->type == JSON_STRING) {
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 94d7ae990..b8bcc38c2 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1475,12 +1475,17 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
 			ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
 		else
 			ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
-		if (conf->passphrase[0]) {
+		if (conf->passphrase[0] && dpp_akm_psk(conf->akm)) {
 			if (wpa_config_set_quoted(ssid, "psk",
 						  conf->passphrase) < 0)
 				goto fail;
 			wpa_config_update_psk(ssid);
 			ssid->export_keys = 1;
+		} else if (conf->passphrase[0] && dpp_akm_sae(conf->akm)) {
+			if (wpa_config_set_quoted(ssid, "sae_password",
+						  conf->passphrase) < 0)
+				goto fail;
+			ssid->export_keys = 1;
 		} else {
 			ssid->psk_set = conf->psk_set;
 			os_memcpy(ssid->psk, conf->psk, PMK_LEN);