Reg H2E without password identifier

RAGHAVENDRA SADARAMACHANDRA (rsadaram) rsadaram at cisco.com
Thu Mar 11 18:27:02 GMT 2021 

Hi Jouni,

  Thanks for the response.
  If I use " sae_pwe=1" in wpa_supplicant.conf, I am getting below error.

 1615485670.169695: Line 14: unknown network field 'sae_pwe'.

Also tried to tweak code in wpa_supplicant.c as below and tried. Still failed to connect.
//      if (ssid->sae_password_id && sae_pwe != 3)
                sae_pwe = 1;

-Raghu

On 3/11/21, 9:34 AM, "Jouni Malinen" <j at w1.fi> wrote:

    On Wed, Mar 10, 2021 at 11:34:19PM +0000, RAGHAVENDRA SADARAMACHANDRA (rsadaram) wrote:
    >    I am running latest hostapd in H2E only mode using following hostapd.conf.
    >   ….
    >   sae_pwe=1
    >   sae_groups=19
    >   sae_password=example secret
    >   
    >    Latest Wpa_supplicant is not connecting to H2E only mode AP, if I use wpa_supplicant.conf with only “sae_password=example secret”

    Are you leaving the sae_pwe to its default value, i.e., H2E disabled, in
    wpa_supplicant configutation?

    >   Wpa_supplicant throws:
    >   1615416250.587683: wlp5s0: Selecting BSS from priority group 0
    >   1615416250.587690: wlp5s0: 0: f8:a2:d6:bc:d0:51 ssid='raghu-test-h2e' wpa_ie_len=0 rsn_ie_len=20 caps=0x411 level=-39 freq=2437
    >   1615416250.587700: wlp5s0:    selected based on RSN IE
    >   1615416250.587704: wlp5s0:    SAE H2E disabled
    > 1615416250.587708: wlp5s0:    skip - rate sets do not match 

    This indicates that wpa_supplicant has SAE H2E disabled and cannot join
    the network that mandates use of H2E.

    >  If I use password identifier then it works. Following config works.
    > Hostapd.conf:
    > sae_password=example secret|id=pw identifier
    >  
    > wpa_supplicant.conf:
    > sae_password="example secret"
    > sae_password_id="pw identifier"

    Specifying SAE Password Identifier will automatically enable H2E since
    the standard allows password identifier to be used only with H2E.

    > Is there a way to test wpa_supplicant and hostapd without using pwd identifier?

    Yes, you'll just need to enable SAE H2E in wpa_supplicant configuration
    (sae_pwe=1 or sae_pwe=2).

    -- 
    Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list