From a59c5e9235f1f5c9b786fde80b0355e1ef74a61a Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 18 Jun 2016 14:17:34 +0300 Subject: [PATCH] mesh: Fix AEK derivation to use AKM suite selector mesh_rsn_derive_aek() was hardcoded to use GCMP (even though CCMP was hardcoded elsewhere) cipher suite selector instead of the selected AKM suite selector. This resulted in incorrect AEK getting derived. Fix this by used the SAE AKM suite selector in the input to the KDF. Signed-off-by: Jouni Malinen --- wpa_supplicant/mesh_rsn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c index 4dadc4049..57e5b159d 100644 --- a/wpa_supplicant/mesh_rsn.c +++ b/wpa_supplicant/mesh_rsn.c @@ -366,8 +366,8 @@ mesh_rsn_derive_aek(struct mesh_rsn *rsn, struct sta_info *sta) u8 *addr1 = peer, *addr2 = myaddr; u8 context[AES_BLOCK_SIZE]; - /* SAE */ - RSN_SELECTOR_PUT(context, wpa_cipher_to_suite(0, WPA_CIPHER_GCMP)); + /* Selected AKM Suite: SAE */ + RSN_SELECTOR_PUT(context, RSN_AUTH_KEY_MGMT_SAE); if (os_memcmp(myaddr, peer, ETH_ALEN) < 0) { addr1 = myaddr;