From patchwork Thu Oct 12 09:29:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinayak Yadawad X-Patchwork-Id: 1847342 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=ZQRLCuZe; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=broadcom.com header.i=@broadcom.com header.a=rsa-sha256 header.s=google header.b=AANhpgm+; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4S5krt5Czsz1yqj for ; Thu, 12 Oct 2023 20:30:36 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: MIME-Version:Message-Id:Date:Subject:Cc:To:From:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=k3vVChrybydphGwWAsm8uCDOpBVTC0AYV1C8kqZO59c=; b=ZQR LCuZeBdcb2ALtiRXd8+IkJQTChTW0734496OH6FSleTDzeyMtSZCI3xuddapt1FuRQKv+pWLPyYkl N17WiVbaXDW2jV7iaTEeYFTrLMDTpBplf4SfpTm3i6EZDGV07ZTY2JkSTLbBk22rcFr0l86/y49E6 cICaxxa8DEIUbrTo6lFboMFulIbgwOsK/lznXutfYGcPiD1ANwLIxt8TKJMPnYbYqxm4ehwzNaCTh cOZB1mUBtThynH8REA9tOCq2LqBe5VZnS5zPW4gXBfi3kKul9OTMLLzKfaezeLltcr1d+5QL7q7dx CTETnkp2Z5bQvTY5DQ3Cld7nBpqCuvA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qqs0k-000OKD-2a; Thu, 12 Oct 2023 09:29:42 +0000 Received: from mail-oi1-x232.google.com ([2607:f8b0:4864:20::232]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qqs0h-000OIN-2l for hostap@lists.infradead.org; Thu, 12 Oct 2023 09:29:42 +0000 Received: by mail-oi1-x232.google.com with SMTP id 5614622812f47-3ae5ee80c0dso417386b6e.3 for ; Thu, 12 Oct 2023 02:29:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1697102977; x=1697707777; darn=lists.infradead.org; h=mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=5S3HCES7jBSaYYf5oFup3oItYhooTCj3TLNgiy2+lXg=; b=AANhpgm+XhbmdAexE1oMa0LOYlrnLLtST6P19ahD7fNaQrzINjKIXLeFBV3Gr4jIjX tRvlgM4Rn9ivY5u2e7Vi9Hsu7KpWHYjFreYNncF0pYh1UpW4fC1FPO3lhoDYol6CbXM7 3abtEU40u7r7Qz9ExbcnrPl21Ev4Gt+VqMsYA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697102977; x=1697707777; h=mime-version:message-id:date:subject:cc:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=5S3HCES7jBSaYYf5oFup3oItYhooTCj3TLNgiy2+lXg=; b=m34cna73ke/Lhi5NRk9pTaQWQpUqObC1Octtc/zoTvl5goERbfpXszOqGTIvpT9uN4 Wodffs+efQIS5tkUXa473pEg+MuT9SuJt1DfwQl6C2IA0sQKgghF+toegrdunX1t2L65 UFyHyjIAisuAQlXeqJBO6MsSAq5kk6Gig6vHTC/rw4LlEsR/+n1vt3t7zjPDq9qgVpTF eOGj1DuckjAdidM5Qm/9M+s1MEas9xHH/7tx0FJLUwOqJMA5yt4zwXTzkScotujHUeca 6XZuS/c7Ei75AKFh6kxcPjz3spK+1xw4JCW2M0zLDO4LPJlr0CZSEKFSltyOe2pgwYWv 9k3g== X-Gm-Message-State: AOJu0YyEL+9Vixa17dcoZGi0hXX/SMs3xlscaE6vRKXkCcAOXwnwHyoq hnmFKC3dPxGLrGSiRPWWxgGHvrwNcNU8zV3eH9CcwTHa6hvvpYv4mYsZC4YhZVXym2fw1rcIcgU GNqHMH80qmgmt9F0RqCXAYkDAWcG2Vc5L4F0opuYsPEBXttmgT77pXWFy4QlGlkwTsyNu/BtFkg 8wuEzQOBErJrJTww== X-Google-Smtp-Source: AGHT+IGeBDli004/vNpgNvGyjSMfonGK1a2q57xgET5sp1INDR4LiTDqbA6f8XG4P5X60FtlkwiRAg== X-Received: by 2002:a05:6808:15a8:b0:3ae:2b43:dd21 with SMTP id t40-20020a05680815a800b003ae2b43dd21mr32671585oiw.25.1697102976609; Thu, 12 Oct 2023 02:29:36 -0700 (PDT) Received: from ibnvda0196.ibn.broadcom.net ([192.19.252.250]) by smtp.gmail.com with ESMTPSA id z22-20020a637e16000000b0058953d93cdesm1266549pgc.19.2023.10.12.02.29.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Oct 2023 02:29:36 -0700 (PDT) From: Vinayak Yadawad To: hostap@lists.infradead.org Cc: jithu.jance@broadcom.com, Vinayak Yadawad Subject: [PATCH 1/1] hostapd: Add support for SAE offload for STA/AP interface Date: Thu, 12 Oct 2023 14:59:29 +0530 Message-Id: X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231012_022939_961379_8675B3F5 X-CRM114-Status: GOOD ( 23.99 ) X-Spam-Score: 0.6 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: In the current change we enable support for SAE offload by 1. Adding support of 4-way HS offload for AP interface 2. Adding support for SAE authentication offload The changes basically involve handlin [...] Content analysis details: (0.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:232 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 1.0 MIME_NO_TEXT No (properly identified) text body parts -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org In the current change we enable support for SAE offload by 1. Adding support of 4-way HS offload for AP interface 2. Adding support for SAE authentication offload The changes basically involve handling of necessary parameter plumbing to the driver in the connect path for STA interface. Also the changes involve AP parameter plumbing in AP bringup path and Port authorized event handling. Signed-off-by: Vinayak Yadawad --- src/ap/beacon.c | 31 ++++++++++++++++++++++++++++++ src/ap/drv_callbacks.c | 6 ++++++ src/ap/hostapd.c | 7 +++++-- src/ap/wpa_auth_glue.c | 6 ++++++ src/ap/wpa_auth_glue.h | 1 + src/ap/wpa_auth_ie.c | 6 ++++-- src/drivers/driver.h | 24 +++++++++++++++++++++++ src/drivers/driver_nl80211.c | 22 +++++++++++++++++++++ src/drivers/driver_nl80211_capa.c | 12 ++++++++++++ src/drivers/driver_nl80211_event.c | 9 ++++++++- wpa_supplicant/wpa_supplicant.c | 15 +++++++++++++++ 11 files changed, 134 insertions(+), 5 deletions(-) diff --git a/src/ap/beacon.c b/src/ap/beacon.c index 1d3b96ac7..a844f4169 100644 --- a/src/ap/beacon.c +++ b/src/ap/beacon.c @@ -32,6 +32,7 @@ #include "dfs.h" #include "taxonomy.h" #include "ieee802_11_auth.h" +#include "crypto/sha1.h" #ifdef NEED_AP_MLME @@ -2011,6 +2012,36 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd, resp = hostapd_probe_resp_offloads(hapd, &resp_len); #endif /* NEED_AP_MLME */ + /* If SAE offload is enabled, provide passphrase to lower layer for + * PMK generation + */ + if ((wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt)) && + (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP)) { + if (hapd->conf->ssid.wpa_passphrase) { + params->sae_passphrase_len = + os_strlen(hapd->conf->ssid.wpa_passphrase); + if (params->sae_passphrase_len) { + os_memcpy(params->sae_passphrase, + hapd->conf->ssid.wpa_passphrase, + params->sae_passphrase_len); + } + } + if (hapd->conf->sae_pwe) { + params->sae_pwe = hapd->conf->sae_pwe; + } + } + + /* If key mgmt offload is enabled, configure PSK */ + if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) && + (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK)) { + if (hapd->conf->ssid.wpa_psk && hapd->conf->ssid.wpa_psk_set) { + os_memcpy(params->psk, hapd->conf->ssid.wpa_psk->psk, PMK_LEN); + } else if (hapd->conf->ssid.wpa_passphrase) { + pbkdf2_sha1(hapd->conf->ssid.wpa_passphrase, hapd->conf->ssid.ssid, + hapd->conf->ssid.ssid_len, 4096, params->psk, PMK_LEN); + } + } + params->head = (u8 *) head; params->head_len = head_len; params->tail = tail; diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index 0516213f4..42419f523 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -2188,6 +2188,8 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event, union wpa_event_data *data) { struct hostapd_data *hapd = ctx; + struct sta_info *sta = NULL; + #ifndef CONFIG_NO_STDOUT_DEBUG int level = MSG_DEBUG; @@ -2482,6 +2484,10 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event, hostapd_cleanup_cca_params(hapd); break; #endif /* CONFIG_IEEE80211AX */ + case EVENT_PORT_AUTHORIZED: + sta = ap_get_sta(hapd, data->port_authorized.sta_addr); + ap_sta_set_authorized(hapd, sta, 1); + break; default: wpa_printf(MSG_DEBUG, "Unknown event %d", event); break; diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index 966030d57..961524b31 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -3573,8 +3573,11 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta, sta->auth_alg != WLAN_AUTH_FILS_PK && !(sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS))) wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH); - } else - wpa_auth_sta_associated(hapd->wpa_auth, sta->wpa_sm); + } else { + if (!(hapd->iface->drv_flags2 & + WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK)) + wpa_auth_sta_associated(hapd->wpa_auth, sta->wpa_sm); + } if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_WIRED) { if (eloop_cancel_timeout(ap_handle_timer, hapd, sta) > 0) { diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index 30a72b126..35b56b9df 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -1757,6 +1757,12 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) } +bool hostapd_wpa_auth_is_sae_offload_enabled(void *ctx) +{ + struct hostapd_data *hapd = ctx; + + return !!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP); +} void hostapd_reconfig_wpa(struct hostapd_data *hapd) { diff --git a/src/ap/wpa_auth_glue.h b/src/ap/wpa_auth_glue.h index 1b13ae7be..7a7cb966b 100644 --- a/src/ap/wpa_auth_glue.h +++ b/src/ap/wpa_auth_glue.h @@ -12,5 +12,6 @@ int hostapd_setup_wpa(struct hostapd_data *hapd); void hostapd_reconfig_wpa(struct hostapd_data *hapd); void hostapd_deinit_wpa(struct hostapd_data *hapd); +bool hostapd_wpa_auth_is_sae_offload_enabled(void *ctx); #endif /* WPA_AUTH_GLUE_H */ diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 43ccec9be..3d33ac934 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -17,6 +17,7 @@ #include "pmksa_cache_auth.h" #include "wpa_auth_ie.h" #include "wpa_auth_i.h" +#include "wpa_auth_glue.h" #ifdef CONFIG_RSN_TESTING @@ -998,8 +999,9 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, } #ifdef CONFIG_SAE - if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid && - !sm->pmksa) { + if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && + !(hostapd_wpa_auth_is_sae_offload_enabled(wpa_auth->cb_ctx)) && + data.num_pmkid && !sm->pmksa) { wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, "No PMKSA cache entry found for SAE"); return WPA_INVALID_PMKID; diff --git a/src/drivers/driver.h b/src/drivers/driver.h index dbe2ad5e4..96fe56787 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -69,6 +69,8 @@ enum hostapd_chan_width_attr { #define HOSTAPD_DFS_REGION_ETSI 2 #define HOSTAPD_DFS_REGION_JP 3 +#define MAX_PASSPHRASE_LEN 63 + /** * enum reg_change_initiator - Regulatory change initiator */ @@ -1785,6 +1787,21 @@ struct wpa_driver_ap_params { * mld_link_id - Link id for MLD BSS's */ u8 mld_link_id; + + /** + * sae_passphrase - sae passphrase for SAE offload + */ + u8 sae_passphrase[MAX_PASSPHRASE_LEN]; + + /** + * sae_passphrase_len - sae passphrase length for SAE offload + */ + u8 sae_passphrase_len; + + /** + * psk - PSK passed to driver for 4-way HS offload + */ + u8 psk[PMK_LEN]; }; struct wpa_driver_mesh_bss_params { @@ -2253,6 +2270,12 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA 0x0000000000002000ULL /** Driver supports MLO in station/AP mode */ #define WPA_DRIVER_FLAGS2_MLO 0x0000000000004000ULL +/** Driver support AP_PSK authentication offload */ +#define WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK 0x0000000000008000ULL +/** Driver support SAE STA authentication offload */ +#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD 0x0000000000010000ULL +/** Driver support SAE AP authentication offload */ +#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP 0x0000000000020000ULL u64 flags2; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ @@ -6645,6 +6668,7 @@ union wpa_event_data { struct port_authorized { const u8 *td_bitmap; size_t td_bitmap_len; + u8 sta_addr[ETH_ALEN]; } port_authorized; /** diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 9bd6a58e0..817bc084f 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -5109,6 +5109,17 @@ static int wpa_driver_nl80211_set_ap(void *priv, suites)) goto fail; + if ((params->key_mgmt_suites & WPA_KEY_MGMT_PSK) && + (drv->capa.flags & WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK) && + (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk))) + goto fail; + + if (wpa_key_mgmt_sae(params->key_mgmt_suites) && + (drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP) && + (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, params->sae_passphrase_len, + params->sae_passphrase))) + goto fail; + if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X_NO_WPA && (!params->pairwise_ciphers || params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) && @@ -6926,6 +6937,17 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, return -1; } + /* Add SAE passphrase in case of SAE offload */ + if (wpa_key_mgmt_sae(params->key_mgmt_suite) && + (drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD) && + params->passphrase) { + wpa_hexdump_key(MSG_DEBUG, " * SAE passphrase", + params->passphrase, os_strlen(params->passphrase)); + if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, + os_strlen(params->passphrase), params->passphrase)) + return -1; + } + if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT)) return -1; diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index 5e6406885..c17957381 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -697,6 +697,18 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, capa->flags2 |= WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA; capa->flags2 |= WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_AP; } + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK)) + capa->flags2 |= WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK; + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_SAE_OFFLOAD_AP)) + capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP; + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_SAE_OFFLOAD)) + capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD; } diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index 9d39703e0..d1473e8f9 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -3505,7 +3505,14 @@ static void nl80211_port_authorized(struct wpa_driver_nl80211_data *drv, } addr = nla_data(tb[NL80211_ATTR_MAC]); - if (os_memcmp(addr, drv->bssid, ETH_ALEN) != 0) { + if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { + /* Update STA assoc address */ + os_memcpy(event.port_authorized.sta_addr, addr, ETH_ALEN); + wpa_printf(MSG_DEBUG, + "nl80211: Port authorized for STA BSSID " MACSTR, + MAC2STR(addr)); + } else if (is_sta_interface(drv->nlmode) && + os_memcmp(addr, drv->bssid, ETH_ALEN) != 0) { wpa_printf(MSG_DEBUG, "nl80211: Ignore port authorized event for " MACSTR " (not the currently connected BSSID " MACSTR ")", diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 69f228919..961411596 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -4269,6 +4269,21 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit) params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)) params.req_handshake_offload = 1; + params.sae_pwe = wpa_s->conf->sae_pwe; + if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE) && + (wpa_key_mgmt_sae(params.key_mgmt_suite))) { + if (ssid->sae_password) { + wpa_printf(MSG_DEBUG, "sae enabled join..Using sae_password"); + params.passphrase = ssid->sae_password; + } else if (ssid->passphrase) { + wpa_printf(MSG_DEBUG, "sae enabled join..Using passphrase"); + params.passphrase = ssid->passphrase; + } else { + wpa_printf(MSG_ERROR, "sae enabled join.." + "But neither sae_password nor passphrase set"); + } + } + if (wpa_s->conf->key_mgmt_offload) { if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||