From 03f7f633a2511dc9200d39c89979e926f28fb53c Mon Sep 17 00:00:00 2001 From: Seongsu Choi Date: Tue, 30 Aug 2022 13:21:16 +0900 Subject: [PATCH] Fix wrong AKM priority for FILS According to the OCE specification, the STA shall select the AKM in priority order from the list below. 1. FT Authentication over FILS (SHA-384) 00-0F-AC:17 2. FILS (SHA-384) 00-0F-AC:15 3. FT Authentication over FILS (SHA-256) 00-0F-AC:16 4. FILS (SHA-256) 00-0F-AC:14 5. FT Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:3 6. Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:5 7. Authentication using IEEE Std 802.1X 00-0F-AC:1 Move the FT-FILS-SHA256 check to be after the FILS-SHA384 one to match this. Signed-off-by: Seongsu Choi --- wpa_supplicant/wpa_supplicant.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index f91609bd7..09ba7cda9 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -1691,13 +1691,15 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) { wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384; wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384"); - } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) { - wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256; - wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256"); #endif /* CONFIG_IEEE80211R */ } else if (sel & WPA_KEY_MGMT_FILS_SHA384) { wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384; wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384"); +#ifdef CONFIG_IEEE80211R + } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) { + wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256; + wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256"); +#endif /* CONFIG_IEEE80211R */ } else if (sel & WPA_KEY_MGMT_FILS_SHA256) { wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256; wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");