DPP: Require PMF when profile is for SAE without PSK

While the IEEE 802.11 standard does not require MFPR=1, WPA3-Personal
requires PMF to be used with SAE. Use the stronger MFPR=1 configuration
for SAE-without-PSK case, i.e., interpret that as "WPA3-Personal only"
configuration.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-10-07 19:54:30 +03:00 committed by Jouni Malinen
parent db46138de4
commit 2b972a35b3

View file

@ -1338,7 +1338,10 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
if (dpp_akm_sae(conf->akm)) if (dpp_akm_sae(conf->akm))
ssid->key_mgmt |= WPA_KEY_MGMT_SAE | ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
WPA_KEY_MGMT_FT_SAE; WPA_KEY_MGMT_FT_SAE;
ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL; if (dpp_akm_psk(conf->akm))
ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
else
ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
if (conf->passphrase[0]) { if (conf->passphrase[0]) {
if (wpa_config_set_quoted(ssid, "psk", if (wpa_config_set_quoted(ssid, "psk",
conf->passphrase) < 0) conf->passphrase) < 0)