OWE: Allow Diffie-Hellman Parameter element to be included with DPP

The previous OWE implementation on the AP side rejected any
(Re)Association Request frame with the Diffie-Hellman Parameter element
if AKM was not OWE. This breaks compatibility with DPP PFS, so relax
that rule to allow DPP AKM to be used as well. While this commit alone
does not add support for PFS, this allows interoperability between
non-PFS implementation on the AP and a newer PFS implementation on the
STA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 791c5a01b553a0e4a954278eebb95fe03b30226d..8580a5a69be8acc56514fe6dbf5e021c53bb1922 100644 (file)
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -835,6 +835,12 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
                           "OWE: No Diffie-Hellman Parameter element");
                return WPA_INVALID_AKMP;
        }
+#ifdef CONFIG_DPP
+       if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && owe_dh) {
+               /* Diffie-Hellman Parameter element can be used with DPP as
+                * well, so allow this to proceed. */
+       } else
+#endif /* CONFIG_DPP */
        if (sm->wpa_key_mgmt != WPA_KEY_MGMT_OWE && owe_dh) {
                wpa_printf(MSG_DEBUG,
                           "OWE: Unexpected Diffie-Hellman Parameter element with non-OWE AKM");