From 2b972a35b3b0b37d7dd75e3f7948f1bb2128b8f8 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 7 Oct 2022 19:54:30 +0300 Subject: [PATCH] DPP: Require PMF when profile is for SAE without PSK While the IEEE 802.11 standard does not require MFPR=1, WPA3-Personal requires PMF to be used with SAE. Use the stronger MFPR=1 configuration for SAE-without-PSK case, i.e., interpret that as "WPA3-Personal only" configuration. Signed-off-by: Jouni Malinen --- wpa_supplicant/dpp_supplicant.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index 4b263e49e..d01d6b7a7 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -1338,7 +1338,10 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s, if (dpp_akm_sae(conf->akm)) ssid->key_mgmt |= WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE; - ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL; + if (dpp_akm_psk(conf->akm)) + ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL; + else + ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED; if (conf->passphrase[0]) { if (wpa_config_set_quoted(ssid, "psk", conf->passphrase) < 0)