From patchwork Tue Nov 29 16:02:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Escande X-Patchwork-Id: 1710185 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=IwbBHlq+; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=XwXqcYxQ; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NM6Zr5klMz23nT for ; Wed, 30 Nov 2022 03:03:48 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=yYQCJFO3mf5i2qz4iZ7craDEvf7x2rqYAUXqQxXAaVw=; b=IwbBHlq+GWQ95g g6qXDREqC2YFqzikiTnhalLSix0i/KTtvo/q78Om4nKsgooBzghyZryZdALB8L8FPEgrCqI0YRIlv vl2gu3Tb+o3pew8MCHcaFxwsSGGMWt2wB4/eQltA3iUH08n82J6vKjCJxVYFRp3rIe7ZrEkS0FvRO LcwkmlmykN9ARj4MVqazAtlw1Lfke4nT9BJSPwIKA0EN169ttoPoZCnFPpXYSq4FKv9ewVLdOk+n2 ptxCkO9jtY1TweVzipEYQBsYhhVfqF5qGEOfMNNyhDAenprG/0Wf21FyWZ6DJooaxIjmOArN0ZKXq Y30UVPLe0PCKao6VC6iw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1p034J-009vx3-8z; Tue, 29 Nov 2022 16:02:47 +0000 Received: from mail-wm1-x32e.google.com ([2a00:1450:4864:20::32e]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1p034G-009vvf-HQ for hostap@lists.infradead.org; Tue, 29 Nov 2022 16:02:45 +0000 Received: by mail-wm1-x32e.google.com with SMTP id v124-20020a1cac82000000b003cf7a4ea2caso14717879wme.5 for ; Tue, 29 Nov 2022 08:02:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=34J5mZy/PbeBRaVDYz2KP917RHl1mMBkrscbjVdynjs=; b=XwXqcYxQlsdkgZlkmPbUd4TP6uCuilrnxo6gVHu4vE7XY9nU1LEf/oiRPnHHeHgEp0 Y3Xpf/dHNGhQL+D8s1YprwxrRVDRN4Gps2OPd2jY1ll4ZBk7jJnCrJVDoAvpee1W6Cdd Jk0MyrWZEIZo5n0PQldOQ3yTiKb8ekcQbWIC3INA031FoC86BVs8VaNClD5dfMqCBBLM WsmJnbLl1PgQHXzJjfxDeUbCDE86d6r8+O8zSOlqT7zFTrjurm6ITQyuhby+F+4cehxT XvtRZRUN0rc6V1s794v+GK61EMPqxp0o3/rJVW685RVCnD4zki4RFvHLtdb6vsEgY+H6 YTDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=34J5mZy/PbeBRaVDYz2KP917RHl1mMBkrscbjVdynjs=; b=TQsRvt0AE4Lon0NsKARtdN7P8t/S62rSnElFCA+59ZHaKO9J0D7QTcu3IyC91BCSQL qSorURs+0nFyuNXfvY+DS3yWLurSk/at89c76BnEvIJ2CraL77yYy6xGnj5XFobVLot3 i/6RkERnTDvsUzJhoYIaVLG+Gr+sC3fTUcwKJLj/lc0bHvVc00ojaxPcEuGYDVCTlOqo N6fZWxiip5CyPhAAfyycZUEwCvMwT6o1+vzfdQwHPWOZI3L+p/6y9PZeVjJJmbOme8Ng ZsBC4kiUoj4SK00J4ZN0OzwxVs5CAVS/Mhd+12MOnFz1529Sr0Q1xKkO3hout6Q6M5tp Nq7g== X-Gm-Message-State: ANoB5plCcwiMX8XCGk+59YGvlflqkHYRohtVxairmO21SJLXsBTSSDMg 20zHl71aDFgo0vRbw3hrgSQlPPeMi0c= X-Google-Smtp-Source: AA0mqf7CRT2f5s5HhSTK8YovOkx38FoBrzjGg3ODrKaVzjdhI5vZvLi7U2KX13Qreehq+sgStcPOZQ== X-Received: by 2002:a05:600c:2041:b0:3d0:6b97:7968 with SMTP id p1-20020a05600c204100b003d06b977968mr1899879wmg.25.1669737763009; Tue, 29 Nov 2022 08:02:43 -0800 (PST) Received: from syracuse.iliad.local (freebox.vlq16.iliad.fr. [213.36.7.13]) by smtp.gmail.com with ESMTPSA id i17-20020adfe491000000b0022da3977ec5sm13886961wrm.113.2022.11.29.08.02.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Nov 2022 08:02:42 -0800 (PST) From: Nicolas Escande To: hostap@lists.infradead.org Cc: Nicolas Escande Subject: [PATCH] AP: enable H2E on 6GHz when SAE is used Date: Tue, 29 Nov 2022 17:02:37 +0100 Message-Id: <20221129160237.2471274-1-nico.escande@gmail.com> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221129_080244_611375_682EBAAE X-CRM114-Status: GOOD ( 11.54 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Even if the use of H2E isn't strictly mandatory when using SAE on 6Ghz, WPA3 personnal pushes it on 6GHz. So lets automatically enable it by setting sae_pwe=2. This will allow both the hunting-and-pec [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:32e listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [nico.escande[at]gmail.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Even if the use of H2E isn't strictly mandatory when using SAE on 6Ghz, WPA3 personnal pushes it on 6GHz. So lets automatically enable it by setting sae_pwe=2. This will allow both the hunting-and-pecking and hash-to-element to work (and be backward compatible) Signed-off-by: Nicolas Escande --- src/ap/ap_config.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index be2e47122..a1aa4f2fb 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -1425,6 +1425,14 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss, } #endif /* CONFIG_OCV */ +#ifdef CONFIG_SAE + if (full_config && is_6ghz_op_class(conf->op_class) && + (bss->wpa_key_mgmt & WPA_KEY_MGMT_SAE) && !bss->sae_pwe) { + wpa_printf(MSG_INFO, "Additionnaly enabling SAE H2E on 6 GHz"); + bss->sae_pwe = 2; + } +#endif + #ifdef CONFIG_SAE_PK if (full_config && hostapd_sae_pk_in_use(bss) && hostapd_sae_pk_password_without_pk(bss)) {