From patchwork Fri Apr 16 03:32:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jimmy Chen X-Patchwork-Id: 1468784 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=mEkl8njn; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=infradead.org header.i=@infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=FbZjN4hb; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20161025 header.b=vQbV46Zs; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FQSlG0yCkz9sTD for ; Thu, 22 Apr 2021 03:50:50 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:List-Subscribe:List-Help: List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:To:Subject: Message-ID:Date:From:MIME-Version:Reply-To:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=hOcCTMHcClL7A4YVfFtqcv6muJh/jV40wG7Y4KpudAU=; b=mEkl8njngPVdlr6gKXNQEHmdkR jMXIGz02sB/QNQJpf3IR023vjy2VkaTpA3+xZjLlde30LGgJJxmIYTVqEa1ZZBM9CQ0h3Z2ebdDXa ujZLK3BOGOcdNz0aW53CM8Fk09WufWrLutE+esIgpVpguJA6eFEdoHMSzIHUEfzkuY6tx1UDX/i4m R9xFShr+oF/cNiJwU2XPIv4X0FjH6bdu/RahCmbXw9nMCXfBFG8O0b2bCaAxqnlb0XDLCY77ghwzk ac4JIhJOkMzppyIWZKQJlhuyTnJ63QGK406Omgdg0wC/E6TUZ8OjE3BBbUBojozI/etWsX4Co0Pvx hhR6zneQ==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lZGz5-00Eunw-HM; Wed, 21 Apr 2021 17:49:55 +0000 Received: from bombadil.infradead.org ([2607:7c80:54:e::133]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lXFDV-000doE-AI for hostap@desiato.infradead.org; Fri, 16 Apr 2021 03:32:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Content-Type:To:Subject:Message-ID: Date:From:MIME-Version:Sender:Reply-To:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To:References; bh=/nfwsg/hr2CzIdCbDaxECSqbnVOAugi9hkKELsoRXIQ=; b=FbZjN4hbeXftayl3a3dDPakaoF A8J9RB9G7iJA76Yxibdcv49MHrywLfvVsJLHKtpK96HVXIfSu8+BCsNC+Jxxii+Ek31Xe0MxCjDIu rlWM+/IcGXxf6rzvED9C9W2IzkQxolJjwCmR5llUaBGrGis43DGJJzHuO/dFE7WLc8Ibw/J185tea 8LTEzmqfwtRcIz/+J9eWawhyqUPvCI9V4P2FUj5+mkEV6vWHmmWvc/Mt6je6LLJjUR7kie8WByTwc pM5aQjvYy77mpI6HsWt34tZFtdDIZT7Lq9n/443g5DrT9mwDx1nbrG4nhrcSC3VPZ1usw6XZ8E4Al uv0SaS8g==; Received: from mail-pj1-x1031.google.com ([2607:f8b0:4864:20::1031]) by bombadil.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lXFDS-0093e2-It for hostap@lists.infradead.org; Fri, 16 Apr 2021 03:32:23 +0000 Received: by mail-pj1-x1031.google.com with SMTP id q14-20020a17090a430eb02901503aaee02bso2783257pjg.3 for ; Thu, 15 Apr 2021 20:32:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=/nfwsg/hr2CzIdCbDaxECSqbnVOAugi9hkKELsoRXIQ=; b=vQbV46ZsbzhSFYuZ19g5mDYgZXfq+F54n8WqzrJw/uEL1vlhdJ2RwcvbXiY+NwLs5S fVSddSYXxPIrvam/eHNO/CHEdDriqq7BgMvVsfr/SyCGFeo9QxqyIA6z8GDWCxxWvCZu jOYefJm8U3QlBpb+kn2rCAI+R6JY1r9+gvr2Q09Xb225NkOUojuYDwxAAGsP1eR8T1gW SXMRMQmZ+kII6b5tLwMJW6blHuiMpoxCUNVidV77pPVaClfUtKGcW0YVihP3Q103z/R3 G6PFyL0sXUlLH0eZwXebkxsgav5Cgv72ZBf7Fn6/Fv7xqu7DnLB+tLU7cjVpG2eGR+5Z wfRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=/nfwsg/hr2CzIdCbDaxECSqbnVOAugi9hkKELsoRXIQ=; b=J3iquGPo9s7olKyh2YS/WM6HDCFfKqEWdLEwSzzWwPsILfzLjkDyduNhMuJWmhQ9m5 1TgJb0IC99niOKEoqF1V5yfCn+dJyZL8nwjBsIpJFT8aKVNfzP8tEhXrRjw082rClins dN4AUm50Y0gzTmNxFI9fUK2s9DhV8U6poeHHpLJ2Q+NphZIx0Rykd26nz1D/lPz4++8H jLTih2Wivqc4X4gsMMVsUuKPalqmJTKs3tzMPdTpJMK+lKWFX1xW37GQ3hyVFenEEPyi Na6QwYmmnLcZg6l/f8d2TEkO//B+rMy1pEnwxOVarPgzk0z0zjVkvwNiP4CWF3YCHjag COCQ== X-Gm-Message-State: AOAM530CCpzJOhyCtMrfevNHjsrHwHkYmz1rVxUltTbF/LIPvaFli/LP 9VFtJX88+PzMSlZwqidhEBn+fPzw52qi8SnySm9hZu6GYRahYRU9 X-Google-Smtp-Source: ABdhPJyOHnXvsUc7LvWKBnU/Da2Tuly+nHhK+HJpYnuM2NibG6zRZSGMPkqer1akqbsM36XdAAtP/qRfNg8NmWK9JoY= X-Received: by 2002:a17:90a:4d8a:: with SMTP id m10mr7053425pjh.42.1618543938435; Thu, 15 Apr 2021 20:32:18 -0700 (PDT) MIME-Version: 1.0 From: Jimmy Chen Date: Fri, 16 Apr 2021 11:32:07 +0800 Message-ID: Subject: [PATCH] Enforce SAE H2E for 6GHz BSS To: hostap@lists.infradead.org X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210415_203222_678570_A426F421 X-CRM114-Status: GOOD ( 15.20 ) X-Spam-Score: -15.7 (---------------) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, Wi-Fi 6GHz policy by WFA, H2E is enforced for SAE. As a result, it should override sae_pwe configuration if 6GHz BSS is about to be connected. Thank you for your time and consideration. Best regards, Jimmy Content analysis details: (-15.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1031 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -7.5 USER_IN_DEF_SPF_WL From: address is in the default SPF white-list -0.0 SPF_PASS SPF: sender matches SPF record -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.5 ENV_AND_HDR_SPF_MATCH Env and Hdr From used in default SPF WL Match -0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender X-Mailman-Approved-At: Wed, 21 Apr 2021 18:49:51 +0100 X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Hi, Wi-Fi 6GHz policy by WFA, H2E is enforced for SAE. As a result, it should override sae_pwe configuration if 6GHz BSS is about to be connected. Thank you for your time and consideration. Best regards, Jimmy From f0844bd17aa289c19378929ea6e9553fa21e77a2 Mon Sep 17 00:00:00 2001 From: Jimmy Chen Date: Tue, 13 Apr 2021 14:55:52 +0800 Subject: [PATCH] wifi: enfoce H2E for 6Ghz BSS Signed-off-by: Jimmy Chen --- wpa_supplicant/ctrl_iface.c | 2 ++ wpa_supplicant/wpa_supplicant.c | 10 ++++++++++ wpa_supplicant/wpa_supplicant_i.h | 1 + 3 files changed, 13 insertions(+) diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index bf83e4168..f9e97c145 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -829,6 +829,8 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s, wpa_s->sae_commit_override = wpabuf_parse_bin(value); } else if (os_strcasecmp(cmd, "driver_signal_override") == 0) { ret = wpas_ctrl_iface_set_dso(wpa_s, value); + } else if (os_strcasecmp(cmd, "force_hunting_and_pecking_pwe") == 0) { + wpa_s->force_hunting_and_pecking_pwe = (atoi(value) != 0) ? 1 : 0; #ifdef CONFIG_DPP } else if (os_strcasecmp(cmd, "dpp_config_obj_override") == 0) { os_free(wpa_s->dpp_config_obj_override); diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 835b33575..af63c8ecc 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -1663,6 +1663,16 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, sae_pwe = wpa_s->conf->sae_pwe; if (ssid->sae_password_id && sae_pwe != 3) sae_pwe = 1; + if (bss && is_6ghz_freq(bss->freq)) { + wpa_dbg(wpa_s, MSG_DEBUG, "WPA: force hash-to-element mode for 6GHz BSS."); + sae_pwe = 1; + } +#ifdef CONFIG_TESTING_OPTIONS + if (wpa_s->force_hunting_and_pecking_pwe) { + wpa_dbg(wpa_s, MSG_DEBUG, "WPA: force huting and pecking mode."); + sae_pwe = 0; + } +#endif wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe); #ifdef CONFIG_SAE_PK wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PK, diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index 49007cfc2..3d12801bc 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -1236,6 +1236,7 @@ struct wpa_supplicant { unsigned int oci_freq_override_ft_assoc; unsigned int oci_freq_override_fils_assoc; unsigned int oci_freq_override_wnm_sleep; + int force_hunting_and_pecking_pwe; #endif /* CONFIG_TESTING_OPTIONS */ struct wmm_ac_assoc_data *wmm_ac_assoc_info; -- 2.31.1.295.g9ea45b61b8-goog