DPP: Support DPP and SAE in the same network profile

Make both DPP and SAE code aware of the cases where the same network
profile is configured to enable both DPP and SAE. Prefer DPP over SAE in
such cases and start DPP/SAE exchanges based on what both the station
and the AP support.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 71ba667ad07ee1ff62700cf4d7b2af97acfe9850..a3fdd69c04b0a596b6c3e69c5b7a409c05ea7423 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -2356,9 +2356,15 @@ int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
        struct os_time now;
        struct wpabuf *msg;
        unsigned int wait_time;
+       const u8 *rsn;
+       struct wpa_ie_data ied;
 
        if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
                return 0; /* Not using DPP AKM - continue */
+       rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
+       if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
+           !(ied.key_mgmt & WPA_KEY_MGMT_DPP))
+               return 0; /* AP does not support DPP AKM - continue */
        if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid))
                return 0; /* PMKSA exists for DPP AKM - continue */
 

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 925cfa0550ed99e4815dd5c41852bc83613946e4..213bf0d61a1fb2b754418efc8dc84ffd27c7d398 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -313,6 +313,12 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
                if (!rsn) {
                        wpa_dbg(wpa_s, MSG_DEBUG,
                                "SAE enabled, but target BSS does not advertise RSN");
+#ifdef CONFIG_DPP
+               } else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
+                          (ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
+                          (ied.key_mgmt & WPA_KEY_MGMT_DPP)) {
+                       wpa_dbg(wpa_s, MSG_DEBUG, "Prefer DPP over SAE when both are enabled");
+#endif /* CONFIG_DPP */
                } else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
                           wpa_key_mgmt_sae(ied.key_mgmt)) {
                        wpa_dbg(wpa_s, MSG_DEBUG, "Using SAE auth_alg");

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 0b269225fb9b89afe9b6155cb588d9c92d3c8a01..58140bc35bb2e7f1cea652771b48e1223a4f67db 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1454,6 +1454,11 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
                wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
                wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
 #endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_DPP
+       } else if (sel & WPA_KEY_MGMT_DPP) {
+               wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
+               wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
+#endif /* CONFIG_DPP */
 #ifdef CONFIG_SAE
        } else if (sel & WPA_KEY_MGMT_SAE) {
                wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
@@ -1491,11 +1496,6 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
                wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
                wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
 #endif /* CONFIG_OWE */
-#ifdef CONFIG_DPP
-       } else if (sel & WPA_KEY_MGMT_DPP) {
-               wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
-               wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
-#endif /* CONFIG_DPP */
        } else {
                wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
                        "authenticated key management type");
@@ -1548,7 +1548,13 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
                return -1;
        }
 
-       if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
+       if (0) {
+#ifdef CONFIG_DPP
+       } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
+               /* Use PMK from DPP network introduction (PMKSA entry) */
+               wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
+#endif /* CONFIG_DPP */
+       } else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
                int psk_set = 0;
                int sae_only;