Fix wrong AKM priority for FILS

Message ID	20220830044408.3363-1-seongsu.choi@samsung.com
State	Accepted
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Seongsu Choi <seongsu.choi@samsung.com> To: seongsu.choi@samsung.com, hostap@lists.infradead.org Subject: [PATCH] Fix wrong AKM priority for FILS Date: Tue, 30 Aug 2022 13:44:08 +0900 Message-Id: <20220830044408.3363-1-seongsu.choi@samsung.com> MIME-Version: 1.0 CMS-TYPE: 101P DLP-Filter: Pass References: <CGME20220830044413epcas1p49f1a4fce6b0b2b6f0c0e9203ad205f30@epcas1p4.samsung.com> preview: According to the OCE specification, the STA shall select the AKM in priority order from the list below. 1. FT Authentication over FILS (SHA-384) 00-0F-AC:17 2. FILS (SHA-384) 00-0F-AC:15 3. FT Authentication over FILS (SHA-256) 00-0F-AC:16 4. FILS (SHA-256) 00-0F-AC:14 5. FT Authentication using IEEE St [...] Content analysis details: (-2.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [203.254.224.25 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	Fix wrong AKM priority for FILS \| expand Fix wrong AKM priority for FILS

Message ID

20220830044408.3363-1-seongsu.choi@samsung.com

State

Accepted

Headers

From: Seongsu Choi <seongsu.choi@samsung.com>
To: seongsu.choi@samsung.com, hostap@lists.infradead.org
Subject: [PATCH] Fix wrong AKM priority for FILS
Date: Tue, 30 Aug 2022 13:44:08 +0900
Message-Id: <20220830044408.3363-1-seongsu.choi@samsung.com>
MIME-Version: 1.0
CMS-TYPE: 101P
DLP-Filter: Pass
References: 
 <CGME20220830044413epcas1p49f1a4fce6b0b2b6f0c0e9203ad205f30@epcas1p4.samsung.com>
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

Fix wrong AKM priority for FILS | expand

Commit Message

Seongsu Choi Aug. 30, 2022, 4:44 a.m. UTC

According to the OCE specification, the STA shall select the AKM in priority order from the list below.

1. FT Authentication over FILS (SHA-384) 00-0F-AC:17
2. FILS (SHA-384) 00-0F-AC:15
3. FT Authentication over FILS (SHA-256) 00-0F-AC:16
4. FILS (SHA-256) 00-0F-AC:14
5. FT Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:3
6. Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:5
7. Authentication using IEEE Std 802.1X 00-0F-AC:1

Signed-off-by: Seongsu Choi <seongsu.choi@samsung.com>
---
 wpa_supplicant/wpa_supplicant.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

Comments

Jouni Malinen Aug. 31, 2022, 3:53 p.m. UTC | #1

On Tue, Aug 30, 2022 at 01:44:08PM +0900, Seongsu Choi wrote:
> According to the OCE specification, the STA shall select the AKM in priority order from the list below.
> 
> 1. FT Authentication over FILS (SHA-384) 00-0F-AC:17
> 2. FILS (SHA-384) 00-0F-AC:15
> 3. FT Authentication over FILS (SHA-256) 00-0F-AC:16
> 4. FILS (SHA-256) 00-0F-AC:14
> 5. FT Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:3
> 6. Authentication using IEEE Std 802.1X (SHA-256) 00-0F-AC:5
> 7. Authentication using IEEE Std 802.1X 00-0F-AC:1

Thanks, applied.

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 2dd3d8c7d..545a163e5 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1585,13 +1585,15 @@  int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
-	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
-		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
-		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
 #endif /* CONFIG_IEEE80211R */
 	} else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
+#ifdef CONFIG_IEEE80211R
+	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
+		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
+		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
+#endif /* CONFIG_IEEE80211R */
 	} else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");

Fix wrong AKM priority for FILS

Commit Message

Comments

Patch