From c706c31d86f8368f15781694b895238add864dee Mon Sep 17 00:00:00 2001 From: Ramasamy Kaliappan Date: Fri, 24 Nov 2023 16:04:29 +0530 Subject: [PATCH] hostapd: Enable PMF as default when use OWE encryption The Opportunistic Wireless Encryption (OWE) Wi-Fi Alliance Specification (Section 2) mandates that when OWE is used by an AP, Protected Management Frame (PMF) shall be set to required (MFPR bit in the RSN Capabilities field shall be set to 1 in the RSNE transmitted by the AP) Signed-off-by: Ramasamy Kaliappan --- hostapd/config_file.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2888,6 +2888,10 @@ static int hostapd_config_fill(struct ho bss->wpa_key_mgmt = hostapd_config_parse_key_mgmt(line, pos); if (bss->wpa_key_mgmt == -1) return 1; +#ifdef CONFIG_OWE + if (bss->wpa_key_mgmt & WPA_KEY_MGMT_OWE) + bss->ieee80211w = 2; +#endif } else if (os_strcmp(buf, "wpa_psk_radius") == 0) { bss->wpa_psk_radius = atoi(pos); if (bss->wpa_psk_radius != PSK_RADIUS_IGNORED && @@ -3375,6 +3379,12 @@ static int hostapd_config_fill(struct ho conf->use_driver_iface_addr = atoi(pos); } else if (os_strcmp(buf, "ieee80211w") == 0) { bss->ieee80211w = atoi(pos); +#ifdef CONFIG_OWE + if (bss->wpa_key_mgmt & WPA_KEY_MGMT_OWE) { + bss->ieee80211w = 2; + wpa_printf(MSG_DEBUG, "MFP set required for OWE\n"); + } +#endif } else if (os_strcmp(buf, "group_mgmt_cipher") == 0) { if (os_strcmp(pos, "AES-128-CMAC") == 0) { bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;