diff mbox series

[2/6] handshake: add FT_OVER_8021X AKM for SHA256 PMKID derivation

Message ID 20230619225746.462791-2-prestwoj@gmail.com (mailing list archive)
State New
Headers show
Series [1/6] handshake: add force_sha1 flag to handshake_state_get_pmkid() | expand

Commit Message

James Prestwood June 19, 2023, 10:57 p.m. UTC 
Hostapd commit b6d3fd05e3 changed the PMKID derivation in accordance
with 802.11-2020 which then breaks PMKID validation in IWD. This
breaks the FT-8021x AKM in IWD if the AP uses this hostapd version
since the PMKID doesn't validate during EAPoL.

This updates the PMKID derivation to use the correct SHA hash for
this AKM, and following patches will address backwards compatibility
with older hostapd versions.
---
 src/handshake.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/src/handshake.c b/src/handshake.c
index 7f749632..bbab5ab6 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -757,7 +757,8 @@  bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid,
 	 */
 
 	if (!force_sha1 && (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 |
-			IE_RSN_AKM_SUITE_PSK_SHA256)))
+			IE_RSN_AKM_SUITE_PSK_SHA256 |
+			IE_RSN_AKM_SUITE_FT_OVER_8021X)))
 		use_sha256 = true;
 	else
 		use_sha256 = false;