mesh: Fix AEK derivation to use AKM suite selector

[mech_eap.git] / wpa_supplicant / mesh_rsn.c

diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index 5754f35..57e5b15 100644 (file)
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -136,7 +136,8 @@ static int auth_start_ampe(void *ctx, const u8 *addr)
 }
 
 
-static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr)
+static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr,
+                               enum mfp_options ieee80211w)
 {
        struct wpa_auth_config conf;
        struct wpa_auth_callbacks cb;
@@ -152,6 +153,11 @@ static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr)
        conf.wpa_group = WPA_CIPHER_CCMP;
        conf.eapol_version = 0;
        conf.wpa_group_rekey = -1;
+#ifdef CONFIG_IEEE80211W
+       conf.ieee80211w = ieee80211w;
+       if (ieee80211w != NO_MGMT_FRAME_PROTECTION)
+               conf.group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
+#endif /* CONFIG_IEEE80211W */
 
        os_memset(&cb, 0, sizeof(cb));
        cb.ctx = rsn;
@@ -203,7 +209,8 @@ struct mesh_rsn *mesh_rsn_auth_init(struct wpa_supplicant *wpa_s,
                return NULL;
        mesh_rsn->wpa_s = wpa_s;
 
-       if (__mesh_rsn_auth_init(mesh_rsn, wpa_s->own_addr) < 0) {
+       if (__mesh_rsn_auth_init(mesh_rsn, wpa_s->own_addr,
+                                conf->ieee80211w) < 0) {
                mesh_rsn_deinit(mesh_rsn);
                os_free(mesh_rsn);
                return NULL;
@@ -359,8 +366,8 @@ mesh_rsn_derive_aek(struct mesh_rsn *rsn, struct sta_info *sta)
        u8 *addr1 = peer, *addr2 = myaddr;
        u8 context[AES_BLOCK_SIZE];
 
-       /* SAE */
-       RSN_SELECTOR_PUT(context, wpa_cipher_to_suite(0, WPA_CIPHER_GCMP));
+       /* Selected AKM Suite: SAE */
+       RSN_SELECTOR_PUT(context, RSN_AUTH_KEY_MGMT_SAE);
 
        if (os_memcmp(myaddr, peer, ETH_ALEN) < 0) {
                addr1 = myaddr;