DPP: Require PMF when profile is for SAE without PSK

While the IEEE 802.11 standard does not require MFPR=1, WPA3-Personal
requires PMF to be used with SAE. Use the stronger MFPR=1 configuration
for SAE-without-PSK case, i.e., interpret that as "WPA3-Personal only"
configuration.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 4b263e49ef1658b8489e3a2cd43630f4e2377aeb..d01d6b7a7202bbf94a1e3b005e6883afa91dc162 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1338,7 +1338,10 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
                if (dpp_akm_sae(conf->akm))
                        ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
                                WPA_KEY_MGMT_FT_SAE;
-               ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
+               if (dpp_akm_psk(conf->akm))
+                       ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
+               else
+                       ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
                if (conf->passphrase[0]) {
                        if (wpa_config_set_quoted(ssid, "psk",
                                                  conf->passphrase) < 0)