nl80211: Allow external auth based on SAE/FT-SAE key mgmt

In the SME-in-driver case, wpa_supplicant used only the selected SAE
auth_alg value as the trigger for enabling external authentication
support for SAE. This prevented the driver from falling back to full SAE
authentication if PMKSA caching was attempted (Open auth_alg selected)
and the cached PMKID had been dropped.

Enable external auth based on SAE/FT-SAE key_mgmt, rather than doing
this based on SAE auth_alg, so that the driver can go through full SAE
authentication in cases where PMKSA caching is attempted and it fails.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 56810a7f13326b4f718360c94cbd6867f2e1d94f..6d88f786e289e685fd462988d496b8545ee28447 100644 (file)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -5762,7 +5762,8 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
            nl80211_put_fils_connect_params(drv, params, msg) != 0)
                return -1;
 
-       if ((params->auth_alg & WPA_AUTH_ALG_SAE) &&
+       if ((params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
+            params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) &&
            (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) &&
            nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
                return -1;
@@ -5917,7 +5918,8 @@ static int wpa_driver_nl80211_associate(
 
                if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
                        return -1;
-               if (params->auth_alg & WPA_AUTH_ALG_SAE) {
+               if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
+                   params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) {
                        nl_connect = bss->nl_connect;
                        bss->use_nl_connect = 1;
                } else {