Message ID | 20221129160237.2471274-1-nico.escande@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | AP: enable H2E on 6GHz when SAE is used | expand |
On Tue, Nov 29, 2022 at 05:02:37PM +0100, Nicolas Escande wrote: > Even if the use of H2E isn't strictly mandatory when using SAE on 6Ghz, WPA3 > personnal pushes it on 6GHz. > So lets automatically enable it by setting sae_pwe=2. This will allow both the > hunting-and-pecking and hash-to-element to work (and be backward compatible) Thanks, applied with the code moved to the 6 GHz specific function that is called from here.
On Tue Nov 29, 2022 at 8:02 PM CET, Jouni Malinen wrote: > On Tue, Nov 29, 2022 at 05:02:37PM +0100, Nicolas Escande wrote: > > Even if the use of H2E isn't strictly mandatory when using SAE on 6Ghz, WPA3 > > personnal pushes it on 6GHz. > > So lets automatically enable it by setting sae_pwe=2. This will allow both the > > hunting-and-pecking and hash-to-element to work (and be backward compatible) > > Thanks, applied with the code moved to the 6 GHz specific function that > is called from here. > > -- > Jouni Malinen PGP id EFC895FA Perfect, thanks. That was my first instinct as well, but as all other tests in that function were for returning a config error, I thought maybe close to the other SAE related stuff was ok.
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index be2e47122..a1aa4f2fb 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -1425,6 +1425,14 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss, } #endif /* CONFIG_OCV */ +#ifdef CONFIG_SAE + if (full_config && is_6ghz_op_class(conf->op_class) && + (bss->wpa_key_mgmt & WPA_KEY_MGMT_SAE) && !bss->sae_pwe) { + wpa_printf(MSG_INFO, "Additionnaly enabling SAE H2E on 6 GHz"); + bss->sae_pwe = 2; + } +#endif + #ifdef CONFIG_SAE_PK if (full_config && hostapd_sae_pk_in_use(bss) && hostapd_sae_pk_password_without_pk(bss)) {
Even if the use of H2E isn't strictly mandatory when using SAE on 6Ghz, WPA3 personnal pushes it on 6GHz. So lets automatically enable it by setting sae_pwe=2. This will allow both the hunting-and-pecking and hash-to-element to work (and be backward compatible) Signed-off-by: Nicolas Escande <nico.escande@gmail.com> --- src/ap/ap_config.c | 8 ++++++++ 1 file changed, 8 insertions(+)