P2P: Enforce SAE-H2E for P2P GO in 6 GHz

Allow sae_pwe parameter to be configured per-network and enforce the SAE hash-to-element mechanism for the P2P GO if it is started on a 6 GHz channel. Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-08-12 16:08:48 +05:30 · 2021-08-12 16:08:48 +05:30 · 891bb1305b
commit 891bb1305b
parent afcadbbf4e
5 changed files with 23 additions and 1 deletions
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@ -595,7 +595,10 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
 		bss->sae_passwords = pw;
 	}

-	bss->sae_pwe = wpa_s->conf->sae_pwe;
+	if (ssid->sae_pwe != DEFAULT_SAE_PWE)
+		bss->sae_pwe = ssid->sae_pwe;
+	else
+		bss->sae_pwe = wpa_s->conf->sae_pwe;
 #endif /* CONFIG_SAE */

 	if (wpa_s->conf->go_interworking) {
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@ -3140,6 +3140,7 @@ void wpa_config_set_network_defaults(struct wpa_ssid *ssid)
 #endif /* CONFIG_VHT_OVERRIDES */
 	ssid->proactive_key_caching = -1;
 	ssid->ieee80211w = MGMT_FRAME_PROTECTION_DEFAULT;
+	ssid->sae_pwe = DEFAULT_SAE_PWE;
 #ifdef CONFIG_MACSEC
 	ssid->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
 #endif /* CONFIG_MACSEC */
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@ -675,6 +675,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
 	INT(mem_only_psk);
 	STR(sae_password);
 	STR(sae_password_id);
+	write_int(f, "sae_pwe", ssid->sae_pwe, DEFAULT_SAE_PWE);
 	write_proto(f, ssid);
 	write_key_mgmt(f, ssid);
 	INT_DEF(bg_scan_period, DEFAULT_BG_SCAN_PERIOD);
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@ -46,6 +46,9 @@
 #define DEFAULT_USER_SELECTED_SIM 1
 #define DEFAULT_MAX_OPER_CHWIDTH -1

+/* Consider global sae_pwe for SAE mechanism for PWE derivation */
+#define DEFAULT_SAE_PWE 4
+
 struct psk_list_entry {
 	struct dl_list list;
 	u8 addr[ETH_ALEN];
@ -1156,6 +1159,19 @@ struct wpa_ssid {
 	 * configuration.
 	 */
 	bool was_recently_reconfigured;
+
+	/**
+	 * sae_pwe - SAE mechanism for PWE derivation
+	 *
+	 * Internally, special value 4 (DEFAULT_SAE_PWE) is used to indicate
+	 * that the parameter is not set and the global sae_pwe value needs to
+	 * be considered.
+	 *
+	 * 0 = hunting-and-pecking loop only
+	 * 1 = hash-to-element only
+	 * 2 = both hunting-and-pecking loop and hash-to-element enabled
+	 */
+	int sae_pwe;
 };

 #endif /* CONFIG_SSID_H */
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@ -2082,6 +2082,7 @@ static void wpas_start_wps_go(struct wpa_supplicant *wpa_s,
 		ssid->auth_alg |= WPA_AUTH_ALG_SAE;
 		ssid->key_mgmt = WPA_KEY_MGMT_SAE;
 		ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
+		ssid->sae_pwe = 1;
 		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use SAE auth_alg and key_mgmt");
 	} else {
 		p2p_set_6ghz_dev_capab(wpa_s->global->p2p, false);