[PATCH 1/3] mesh: add support for SAE Hash-to-Element in mesh mode.

Nicolas Cavallari nicolas.cavallari at green-communications.fr
Wed Oct 8 06:44:20 PDT 2025 

On 10/7/25 10:44, Jouni Malinen wrote:
> On Thu, Sep 18, 2025 at 05:31:38PM +0200, Nicolas Cavallari wrote:
>> It currently comes with the limitation that the PT is derived twice:
>> one for the supplicant and one for the authenticator.
> 
> What about kernel changes (e.g., in mac80211) to allow the RSNXE to be
> advertised in Beacon frames?

I wrongly assumed that since wpa_supplicant passes the correct IE in 
NL80211_CMD_JOIN_MESH the kernel would pick it up, but apparently it is 
silently ignored. It seems that there are no way forward but dancing 
with feature flags.

> And wpa_supplicant changes to verify that
> SAE H2E is enabled in the peer's RSNXE before trying to use it?

Right, this patch was mostly made with 6 GHz in mind, where H2E is 
mandatory.

Also in the current source code, i couldn't find where we check if the 
peer even supports encryption and SAE.

>> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
>> @@ -1608,6 +1609,17 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
>>   				goto reply;
>>   			}
>>   			pos += sizeof(le16);
>> +			if (sta->sae->h2e &&
>> +			    !(pos[0] == WLAN_EID_EXTENSION &&
>> +			      pos[1] == end - pos - 2 &&
>> +			      pos[2] == WLAN_EID_EXT_ANTI_CLOGGING_TOKEN)) {
>> +				wpa_printf(MSG_ERROR,
>> +					   "SAE: Invalid anti-clogging token container");
>> +				resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
>> +				goto reply;
>> +			}
>> +			if (sta->sae->h2e)
>> +				pos += 3;
> 
> Hardcoding the location of the Anti-Clogging Token Container element in
> that manner does not feel very robust since there could be other
> elements between the Status Code field and the Anti-Clogging Token
> Container element.

To me this seems in line with how SAE is parsed in common/sae.c. e.g. 
sae_parse_token_container() and its caller assumes a certain order which 
I couldn't find in the standard. What other elements could be present in 
a anti-clogging token request ?

More information about the Hostap mailing list