diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index 13015ac6f..79b904b66 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -595,7 +595,10 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, bss->sae_passwords = pw; } - bss->sae_pwe = wpa_s->conf->sae_pwe; + if (ssid->sae_pwe != DEFAULT_SAE_PWE) + bss->sae_pwe = ssid->sae_pwe; + else + bss->sae_pwe = wpa_s->conf->sae_pwe; #endif /* CONFIG_SAE */ if (wpa_s->conf->go_interworking) { diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index 6c4d67d40..bf97de698 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -3140,6 +3140,7 @@ void wpa_config_set_network_defaults(struct wpa_ssid *ssid) #endif /* CONFIG_VHT_OVERRIDES */ ssid->proactive_key_caching = -1; ssid->ieee80211w = MGMT_FRAME_PROTECTION_DEFAULT; + ssid->sae_pwe = DEFAULT_SAE_PWE; #ifdef CONFIG_MACSEC ssid->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER; #endif /* CONFIG_MACSEC */ diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c index 1ad02b988..54fb72d8c 100644 --- a/wpa_supplicant/config_file.c +++ b/wpa_supplicant/config_file.c @@ -675,6 +675,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid) INT(mem_only_psk); STR(sae_password); STR(sae_password_id); + write_int(f, "sae_pwe", ssid->sae_pwe, DEFAULT_SAE_PWE); write_proto(f, ssid); write_key_mgmt(f, ssid); INT_DEF(bg_scan_period, DEFAULT_BG_SCAN_PERIOD); diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h index 3f7b31480..339eead1c 100644 --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h @@ -46,6 +46,9 @@ #define DEFAULT_USER_SELECTED_SIM 1 #define DEFAULT_MAX_OPER_CHWIDTH -1 +/* Consider global sae_pwe for SAE mechanism for PWE derivation */ +#define DEFAULT_SAE_PWE 4 + struct psk_list_entry { struct dl_list list; u8 addr[ETH_ALEN]; @@ -1156,6 +1159,19 @@ struct wpa_ssid { * configuration. */ bool was_recently_reconfigured; + + /** + * sae_pwe - SAE mechanism for PWE derivation + * + * Internally, special value 4 (DEFAULT_SAE_PWE) is used to indicate + * that the parameter is not set and the global sae_pwe value needs to + * be considered. + * + * 0 = hunting-and-pecking loop only + * 1 = hash-to-element only + * 2 = both hunting-and-pecking loop and hash-to-element enabled + */ + int sae_pwe; }; #endif /* CONFIG_SSID_H */ diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c index cc8db3524..ce44dfb9e 100644 --- a/wpa_supplicant/p2p_supplicant.c +++ b/wpa_supplicant/p2p_supplicant.c @@ -2082,6 +2082,7 @@ static void wpas_start_wps_go(struct wpa_supplicant *wpa_s, ssid->auth_alg |= WPA_AUTH_ALG_SAE; ssid->key_mgmt = WPA_KEY_MGMT_SAE; ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED; + ssid->sae_pwe = 1; wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use SAE auth_alg and key_mgmt"); } else { p2p_set_6ghz_dev_capab(wpa_s->global->p2p, false);