path: root/wpa_supplicant/config_ssid.h
diff options
authorJouni Malinen <jouni@codeaurora.org>2020-03-28 13:06:15 (GMT)
committerJouni Malinen <j@w1.fi>2020-03-28 15:23:22 (GMT)
commit5058f771d917a5683b0c9a6eca3ddc4519ff901f (patch)
treed0c494c59f76d93375edea797cf47b345e0a2a20 /wpa_supplicant/config_ssid.h
parent7c021dec3a95803fc129d8533adcaeea82910c9c (diff)
DPP2: Allow station to require or not allow PFS
The new wpa_supplicant network profile parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled (dpp_pfs=2). This is also working around an interoperability issue of DPP R2 STA with certain hostapd builds that included both OWE and DPP functionality. That issue was introduced by commit 09368515d130 ("OWE: Process Diffie-Hellman Parameter element in AP mode") and removed by commit 16a4e931f03e ("OWE: Allow Diffie-Hellman Parameter element to be included with DPP"). hostapd builds between those two commits would reject DPP association attempt with PFS. The new wpa_supplicant default (dpp_pfs=0) behavior is to automatically try to connect again with PFS disabled if that happens. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'wpa_supplicant/config_ssid.h')
1 files changed, 16 insertions, 0 deletions
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 618145e..c214b6c 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -1003,6 +1003,22 @@ struct wpa_ssid {
size_t dpp_csign_len;
+ * dpp_pfs - DPP PFS
+ * 0: allow PFS to be used or not used
+ * 1: require PFS to be used (note: not compatible with DPP R1)
+ * 2: do not allow PFS to be used
+ */
+ int dpp_pfs;
+ /**
+ * dpp_pfs_fallback - DPP PFS fallback selection
+ *
+ * This is an internally used variable (i.e., not used in external
+ * configuration) to track state of the DPP PFS fallback mechanism.
+ */
+ int dpp_pfs_fallback;
+ /**
* owe_group - OWE DH Group
* 0 = use default (19) first and then try all supported groups one by