Message ID | 20220407114943.2665222-1-nico.escande@gmail.com |
---|---|
State | Changes Requested |
Headers | show |
Series | AP: SAE on 6GHz requires H2E enabled in config | expand |
On Thu, Apr 07, 2022 at 01:49:43PM +0200, Nicolas Escande wrote: > diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c > @@ -1187,6 +1187,13 @@ static bool hostapd_config_check_bss_6g(struct hostapd_bss_config *bss) > +#ifdef CONFIG_SAE > + if ((bss->wpa_key_mgmt & WPA_KEY_MGMT_SAE) && !bss->sae_pwe) { > + wpa_printf(MSG_ERROR, "SAE with H2E is mandatory on 6 GHz"); > + return false; > + } > +#endif As far as the IEEE Std 802.11ax-2021 is concerned, there is no such mandate (see 12.12.2 for security constraints in the 6 GHz band). WPA3-Personal requirements with Wi-Fi 6E are separate, but taken into account that that is what most devices will end up following, it would sound reasonable to at least enable H2E automatically whenever using SAE on the 6 GHz band.
On Mon Nov 28, 2022 at 5:51 PM CET, Jouni Malinen wrote: > On Thu, Apr 07, 2022 at 01:49:43PM +0200, Nicolas Escande wrote: > > diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c > > @@ -1187,6 +1187,13 @@ static bool hostapd_config_check_bss_6g(struct hostapd_bss_config *bss) > > > +#ifdef CONFIG_SAE > > + if ((bss->wpa_key_mgmt & WPA_KEY_MGMT_SAE) && !bss->sae_pwe) { > > + wpa_printf(MSG_ERROR, "SAE with H2E is mandatory on 6 GHz"); > > + return false; > > + } > > +#endif > > As far as the IEEE Std 802.11ax-2021 is concerned, there is no such > mandate (see 12.12.2 for security constraints in the 6 GHz band). > WPA3-Personal requirements with Wi-Fi 6E are separate, but taken into > account that that is what most devices will end up following, it would > sound reasonable to at least enable H2E automatically whenever using SAE > on the 6 GHz band. > > -- > Jouni Malinen PGP id EFC895FA Either way is fine by me, I just sent a patch doing what you proposed.
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index 051b843e9..d2b8dd244 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -1187,6 +1187,13 @@ static bool hostapd_config_check_bss_6g(struct hostapd_bss_config *bss) return false; } +#ifdef CONFIG_SAE + if ((bss->wpa_key_mgmt & WPA_KEY_MGMT_SAE) && !bss->sae_pwe) { + wpa_printf(MSG_ERROR, "SAE with H2E is mandatory on 6 GHz"); + return false; + } +#endif + if (bss->rsn_pairwise & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104 | WPA_CIPHER_TKIP)) {
Signed-off-by: Nicolas Escande <nico.escande@gmail.com> --- src/ap/ap_config.c | 7 +++++++ 1 file changed, 7 insertions(+)