nl80211: Allow external auth based on SAE/FT-SAE key mgmt

In the SME-in-driver case, wpa_supplicant used only the selected SAE
auth_alg value as the trigger for enabling external authentication
support for SAE. This prevented the driver from falling back to full SAE
authentication if PMKSA caching was attempted (Open auth_alg selected)
and the cached PMKID had been dropped.

Enable external auth based on SAE/FT-SAE key_mgmt, rather than doing
this based on SAE auth_alg, so that the driver can go through full SAE
authentication in cases where PMKSA caching is attempted and it fails.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Sunil Dutt 2019-07-08 19:42:12 +05:30 committed by Jouni Malinen
parent cdb5774f42
commit 1317ea2c0e

View file

@ -5762,7 +5762,8 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
nl80211_put_fils_connect_params(drv, params, msg) != 0) nl80211_put_fils_connect_params(drv, params, msg) != 0)
return -1; return -1;
if ((params->auth_alg & WPA_AUTH_ALG_SAE) && if ((params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) &&
(!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) && (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) &&
nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT)) nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
return -1; return -1;
@ -5917,7 +5918,8 @@ static int wpa_driver_nl80211_associate(
if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
return -1; return -1;
if (params->auth_alg & WPA_AUTH_ALG_SAE) { if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) {
nl_connect = bss->nl_connect; nl_connect = bss->nl_connect;
bss->use_nl_connect = 1; bss->use_nl_connect = 1;
} else { } else {