DPP: Require use of PMF for DPP AKM

Previously, wpa_supplicant set PMF as optional for the DPP AKM since
there was no clear statement about this requirement in the tech spec.
Now that this requirement has been added, update the implementation to
match. In addition, set ssid->ieee80211w using the actual enum
mfp_options values instead of magic constants to make this a bit more
readable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 4deb8c95aa2e624a26d9ec069b5bda8955b221bf..18404310acbd37695c6d4963cbd86989f4af28df 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1165,7 +1165,7 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
 
        if (auth->connector) {
                ssid->key_mgmt = WPA_KEY_MGMT_DPP;
-               ssid->ieee80211w = 1;
+               ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
                ssid->dpp_connector = os_strdup(auth->connector);
                if (!ssid->dpp_connector)
                        goto fail;
@@ -1200,7 +1200,7 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
                if (auth->akm == DPP_AKM_SAE || auth->akm == DPP_AKM_PSK_SAE)
                        ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
                                WPA_KEY_MGMT_FT_SAE;
-               ssid->ieee80211w = 1;
+               ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
                if (auth->passphrase[0]) {
                        if (wpa_config_set_quoted(ssid, "psk",
                                                  auth->passphrase) < 0)