Fix EAPOL-Key version check for a corner case with Suite B AKM

While the Suite B AKM is not really going to be used with CCMP-128 or
GCMP-128 cipher, this corner case could be fixed if it is useful for
some testing purposes. Allow that special case to skip the HMAC-SHA1
check based on CCMP/GCMP cipher and use the following AKM-defined check
instead.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index e5b66b397c389132f4585f292629b4c1ad7287b7..aca687c70b264ac3cf101a8b539e57d50e9fe3c7 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1024,6 +1024,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
                        }
 
                        if (!wpa_use_aes_cmac(sm) &&
+                           !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
                            !wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
                            sm->wpa_key_mgmt != WPA_KEY_MGMT_OWE &&
                            sm->wpa_key_mgmt != WPA_KEY_MGMT_DPP &&