9f6a7cddc4
It looks like some APs are incorrectly selecting descriptor version 3 (AES-128-CMAC) for EAPOL-Key frames when version 2 (HMAC-SHA1) was expected to be used. This is likely triggered by an attempt to negotiate PMF with SHA1-based AKM. Since AES-128-CMAC is considered stronger than HMAC-SHA1, allow the incorrect, but stronger, option to be used in these cases to avoid interoperability issues with deployed APs. This issue shows up with "WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2" in debug log. With the new workaround, this issue is ignored and "WPA: Interoperability workaround: allow incorrect (should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor version to be used" is written to the log. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> |
||
|---|---|---|
| .. | ||
| Makefile | ||
| peerkey.c | ||
| peerkey.h | ||
| pmksa_cache.c | ||
| pmksa_cache.h | ||
| preauth.c | ||
| preauth.h | ||
| tdls.c | ||
| wpa.c | ||
| wpa.h | ||
| wpa_ft.c | ||
| wpa_i.h | ||
| wpa_ie.c | ||
| wpa_ie.h | ||