path: root/src/common/wpa_common.h
diff options
authorJouni Malinen <jouni@codeaurora.org>2018-03-16 11:04:15 (GMT)
committerJouni Malinen <j@w1.fi>2018-03-16 11:36:42 (GMT)
commit4bc801ab42eb9308e82bc9ac35f82c13d497c80e (patch)
tree2149fd8756a967c1728cbcbd3ffd26346e67737f /src/common/wpa_common.h
parentc63e69c3799bd7eb89c6bd4f1b0d1932b8869247 (diff)
SAE: Fix EAPOL-Key integrity and key-wrap algorithm selection
The SAE AKM 00-0F-AC:8 is supposed to use EAPOL-Key Key Descriptor Version 0 (AKM-defined) with AES-128-CMAC and NIST AES Key Wrap. However, the previous implementation ended up using Key Descriptor Version 2 (HMAC-SHA-1-128 and NIST AES Key Wrap). Fix this by using the appropriate Key Descriptor Version and integrity algorithm. Use helper functions to keep the selection clearer and more consistent between wpa_supplicant and hostapd uses. Note: This change is not backwards compatible. Both the AP and station side implementations will need to be updated at the same time to maintain functionality. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/common/wpa_common.h')
1 files changed, 3 insertions, 0 deletions
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 3b8c1fb..5c918a4 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -461,6 +461,9 @@ int wpa_parse_cipher(const char *value);
int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim);
int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise);
unsigned int wpa_mic_len(int akmp, size_t pmk_len);
+int wpa_use_akm_defined(int akmp);
+int wpa_use_cmac(int akmp);
+int wpa_use_aes_key_wrap(int akmp);
int fils_domain_name_hash(const char *domain, u8 *hash);
#endif /* WPA_COMMON_H */