DPP: Require use of PMF for DPP AKM

Previously, wpa_supplicant set PMF as optional for the DPP AKM since
there was no clear statement about this requirement in the tech spec.
Now that this requirement has been added, update the implementation to
match. In addition, set ssid->ieee80211w using the actual enum
mfp_options values instead of magic constants to make this a bit more
readable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-02-06 20:54:55 +02:00 committed by Jouni Malinen
parent 3e3d634fa7
commit 70e1901371

View file

@ -1165,7 +1165,7 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
if (auth->connector) { if (auth->connector) {
ssid->key_mgmt = WPA_KEY_MGMT_DPP; ssid->key_mgmt = WPA_KEY_MGMT_DPP;
ssid->ieee80211w = 1; ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
ssid->dpp_connector = os_strdup(auth->connector); ssid->dpp_connector = os_strdup(auth->connector);
if (!ssid->dpp_connector) if (!ssid->dpp_connector)
goto fail; goto fail;
@ -1200,7 +1200,7 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
if (auth->akm == DPP_AKM_SAE || auth->akm == DPP_AKM_PSK_SAE) if (auth->akm == DPP_AKM_SAE || auth->akm == DPP_AKM_PSK_SAE)
ssid->key_mgmt |= WPA_KEY_MGMT_SAE | ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
WPA_KEY_MGMT_FT_SAE; WPA_KEY_MGMT_FT_SAE;
ssid->ieee80211w = 1; ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
if (auth->passphrase[0]) { if (auth->passphrase[0]) {
if (wpa_config_set_quoted(ssid, "psk", if (wpa_config_set_quoted(ssid, "psk",
auth->passphrase) < 0) auth->passphrase) < 0)