DPP: Support DPP and SAE in the same network profile

Make both DPP and SAE code aware of the cases where the same network
profile is configured to enable both DPP and SAE. Prefer DPP over SAE in
such cases and start DPP/SAE exchanges based on what both the station
and the AP support.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-03-16 17:15:09 +02:00 committed by Jouni Malinen
parent 9305c2332b
commit dd6c598007
3 changed files with 24 additions and 6 deletions

View file

@ -2356,9 +2356,15 @@ int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
struct os_time now; struct os_time now;
struct wpabuf *msg; struct wpabuf *msg;
unsigned int wait_time; unsigned int wait_time;
const u8 *rsn;
struct wpa_ie_data ied;
if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss) if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
return 0; /* Not using DPP AKM - continue */ return 0; /* Not using DPP AKM - continue */
rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
!(ied.key_mgmt & WPA_KEY_MGMT_DPP))
return 0; /* AP does not support DPP AKM - continue */
if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid)) if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid))
return 0; /* PMKSA exists for DPP AKM - continue */ return 0; /* PMKSA exists for DPP AKM - continue */

View file

@ -313,6 +313,12 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
if (!rsn) { if (!rsn) {
wpa_dbg(wpa_s, MSG_DEBUG, wpa_dbg(wpa_s, MSG_DEBUG,
"SAE enabled, but target BSS does not advertise RSN"); "SAE enabled, but target BSS does not advertise RSN");
#ifdef CONFIG_DPP
} else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
(ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
(ied.key_mgmt & WPA_KEY_MGMT_DPP)) {
wpa_dbg(wpa_s, MSG_DEBUG, "Prefer DPP over SAE when both are enabled");
#endif /* CONFIG_DPP */
} else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 && } else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
wpa_key_mgmt_sae(ied.key_mgmt)) { wpa_key_mgmt_sae(ied.key_mgmt)) {
wpa_dbg(wpa_s, MSG_DEBUG, "Using SAE auth_alg"); wpa_dbg(wpa_s, MSG_DEBUG, "Using SAE auth_alg");

View file

@ -1454,6 +1454,11 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK; wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK"); wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
#endif /* CONFIG_IEEE80211R */ #endif /* CONFIG_IEEE80211R */
#ifdef CONFIG_DPP
} else if (sel & WPA_KEY_MGMT_DPP) {
wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
#endif /* CONFIG_DPP */
#ifdef CONFIG_SAE #ifdef CONFIG_SAE
} else if (sel & WPA_KEY_MGMT_SAE) { } else if (sel & WPA_KEY_MGMT_SAE) {
wpa_s->key_mgmt = WPA_KEY_MGMT_SAE; wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
@ -1491,11 +1496,6 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
wpa_s->key_mgmt = WPA_KEY_MGMT_OWE; wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE"); wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
#endif /* CONFIG_OWE */ #endif /* CONFIG_OWE */
#ifdef CONFIG_DPP
} else if (sel & WPA_KEY_MGMT_DPP) {
wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
#endif /* CONFIG_DPP */
} else { } else {
wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select " wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
"authenticated key management type"); "authenticated key management type");
@ -1548,7 +1548,13 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
return -1; return -1;
} }
if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) { if (0) {
#ifdef CONFIG_DPP
} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
/* Use PMK from DPP network introduction (PMKSA entry) */
wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
#endif /* CONFIG_DPP */
} else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
int psk_set = 0; int psk_set = 0;
int sae_only; int sae_only;