From 3c8e4ec0129300063aeef5a0d24940bc49d17a35 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 24 Nov 2012 22:31:17 +0200
Subject: [PATCH] Interworking: Enable key_mgmt WPA-EAP-SHA256 if PMF is
 enabled

If the global pmf=1/2 parameter is used to enable PMF for Interworking
networks, add WPA-EAP-SHA256 to the temporary network block to allow
connection to PMF required APs.

Signed-hostap: Jouni Malinen <j@w1.fi>
---
 wpa_supplicant/interworking.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 755f44d87..320807ef3 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -717,9 +717,12 @@ static int set_root_nai(struct wpa_ssid *ssid, const char *imsi, char prefix)
 #endif /* INTERWORKING_3GPP */
 
 
-static int interworking_set_hs20_params(struct wpa_ssid *ssid)
+static int interworking_set_hs20_params(struct wpa_supplicant *wpa_s,
+					struct wpa_ssid *ssid)
 {
-	if (wpa_config_set(ssid, "key_mgmt", "WPA-EAP", 0) < 0)
+	if (wpa_config_set(ssid, "key_mgmt",
+			   wpa_s->conf->pmf != NO_MGMT_FRAME_PROTECTION ?
+			   "WPA-EAP WPA-EAP-SHA256" : "WPA-EAP", 0) < 0)
 		return -1;
 	if (wpa_config_set(ssid, "proto", "RSN", 0) < 0)
 		return -1;
@@ -798,7 +801,7 @@ static int interworking_connect_3gpp(struct wpa_supplicant *wpa_s,
 	os_memcpy(ssid->ssid, ie + 2, ie[1]);
 	ssid->ssid_len = ie[1];
 
-	if (interworking_set_hs20_params(ssid) < 0)
+	if (interworking_set_hs20_params(wpa_s, ssid) < 0)
 		goto fail;
 
 	eap_type = EAP_TYPE_SIM;
@@ -1107,7 +1110,7 @@ static int interworking_connect_roaming_consortium(
 	os_memcpy(ssid->ssid, ssid_ie + 2, ssid_ie[1]);
 	ssid->ssid_len = ssid_ie[1];
 
-	if (interworking_set_hs20_params(ssid) < 0)
+	if (interworking_set_hs20_params(wpa_s, ssid) < 0)
 		goto fail;
 
 	if (cred->eap_method == NULL) {
@@ -1222,7 +1225,7 @@ int interworking_connect(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
 	os_memcpy(ssid->ssid, ie + 2, ie[1]);
 	ssid->ssid_len = ie[1];
 
-	if (interworking_set_hs20_params(ssid) < 0)
+	if (interworking_set_hs20_params(wpa_s, ssid) < 0)
 		goto fail;
 
 	if (wpa_config_set(ssid, "eap", eap_get_name(EAP_VENDOR_IETF,