[PATCH] Fix wrong AKM priority for FILS

Seongsu Choi seongsu.choi at samsung.com
Mon Aug 29 21:44:08 PDT 2022


According to the OCE specification, the STA shall select the AKM in priority order from the list below.

1. FT Authentication over FILS (SHA-384) 00-0F-AC:17
2. FILS (SHA-384) 00-0F-AC:15
3. FT Authentication over FILS (SHA-256) 00-0F-AC:16
4. FILS (SHA-256) 00-0F-AC:14
5. FT Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:3
6. Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:5
7. Authentication using IEEE Std 802.1X 00-0F-AC:1

Signed-off-by: Seongsu Choi <seongsu.choi at samsung.com>
---
 wpa_supplicant/wpa_supplicant.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 2dd3d8c7d..545a163e5 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1585,13 +1585,15 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
-	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
 #endif /* CONFIG_IEEE80211R */
 	} else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
+#ifdef CONFIG_IEEE80211R
+	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
+		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
+		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
+#endif /* CONFIG_IEEE80211R */
 	} else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
-- 
2.17.1




More information about the Hostap mailing list