[PATCH 1/3] mesh: add support for SAE Hash-to-Element in mesh mode.
Jouni Malinen
j at w1.fi
Tue Oct 7 01:44:46 PDT 2025
On Thu, Sep 18, 2025 at 05:31:38PM +0200, Nicolas Cavallari wrote:
> It currently comes with the limitation that the PT is derived twice:
> one for the supplicant and one for the authenticator.
What about kernel changes (e.g., in mac80211) to allow the RSNXE to be
advertised in Beacon frames? And wpa_supplicant changes to verify that
SAE H2E is enabled in the peer's RSNXE before trying to use it?
> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> @@ -1608,6 +1609,17 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
> goto reply;
> }
> pos += sizeof(le16);
> + if (sta->sae->h2e &&
> + !(pos[0] == WLAN_EID_EXTENSION &&
> + pos[1] == end - pos - 2 &&
> + pos[2] == WLAN_EID_EXT_ANTI_CLOGGING_TOKEN)) {
> + wpa_printf(MSG_ERROR,
> + "SAE: Invalid anti-clogging token container");
> + resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
> + goto reply;
> + }
> + if (sta->sae->h2e)
> + pos += 3;
Hardcoding the location of the Anti-Clogging Token Container element in
that manner does not feel very robust since there could be other
elements between the Status Code field and the Anti-Clogging Token
Container element.
> diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
> @@ -355,14 +361,28 @@ static int mesh_rsn_build_sae_commit(struct wpa_supplicant *wpa_s,
> return -1;
> }
>
> + if (ssid->sae_password_id &&
> + wpa_s->mesh_rsn->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
> + use_pt = true;
> + if (wpa_s->mesh_rsn->sae_pwe == SAE_PWE_HASH_TO_ELEMENT)
> + use_pt = true;
> +
> + if (!use_pt)
> + return sae_prepare_commit(wpa_s->own_addr, sta->addr,
> + (u8 *) password, os_strlen(password),
> + sta->sae);
This might be one location where the condition on the peer STA support
H2E would need to be considered.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list