diff --git a/src/eap-aka.c b/src/eap-aka.c
index b620272e..c9c7e098 100644
--- a/src/eap-aka.c
+++ b/src/eap-aka.c
@@ -298,7 +298,7 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
 	pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC, EAP_SIM_PAD_NONE,
 			NULL, EAP_SIM_MAC_LEN);
 
-	if (!eap_sim_derive_mac(response, resp_len, aka->k_aut,
+	if (!eap_sim_derive_mac(EAP_TYPE_AKA, response, resp_len, aka->k_aut,
 			pos - EAP_SIM_MAC_LEN)) {
 		l_error("error deriving MAC");
 		goto chal_fatal;
@@ -389,8 +389,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
 		pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC,
 				EAP_SIM_PAD_NONE, NULL, EAP_SIM_MAC_LEN);
 
-		if (!eap_sim_derive_mac(response, pos - response, aka->k_aut,
-				response + 12)) {
+		if (!eap_sim_derive_mac(EAP_TYPE_AKA, response, pos - response,
+				aka->k_aut, response + 12)) {
 			l_error("could not derive MAC");
 			eap_method_error(eap);
 			aka->state = EAP_AKA_STATE_ERROR;
diff --git a/src/eap-sim.c b/src/eap-sim.c
index cfba78c9..c86a742c 100644
--- a/src/eap-sim.c
+++ b/src/eap-sim.c
@@ -415,8 +415,8 @@ static void handle_challenge(struct eap_state *eap, const uint8_t *pkt,
 	memcpy(pos, sim->sres, EAP_SIM_SRES_LEN * 3);
 	pos += EAP_SIM_SRES_LEN * 3;
 
-	if (!eap_sim_derive_mac(response, pos - response, sim->k_aut,
-			mac_pos + 4)) {
+	if (!eap_sim_derive_mac(EAP_TYPE_SIM, response, pos - response,
+			sim->k_aut, mac_pos + 4)) {
 		l_error("could not derive MAC");
 		goto chal_fatal;
 	}
@@ -513,8 +513,8 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
 		pos += eap_sim_add_attribute(pos, EAP_SIM_AT_MAC,
 				EAP_SIM_PAD_NONE, NULL, EAP_SIM_MAC_LEN);
 
-		if (!eap_sim_derive_mac(response, pos - response, sim->k_aut,
-				response + 12)) {
+		if (!eap_sim_derive_mac(EAP_TYPE_SIM, response, pos - response,
+				sim->k_aut, response + 12)) {
 			l_error("could not derive MAC");
 			eap_method_error(eap);
 			sim->state = EAP_SIM_STATE_ERROR;
diff --git a/src/simutil.c b/src/simutil.c
index 82cb61f3..ab7d15f6 100644
--- a/src/simutil.c
+++ b/src/simutil.c
@@ -431,10 +431,14 @@ bool eap_sim_get_encryption_keys(const uint8_t *buf, uint8_t *k_encr,
 	return true;
 }
 
-bool eap_sim_derive_mac(const uint8_t *buf, size_t len, const uint8_t *key,
-		uint8_t *mac)
+bool eap_sim_derive_mac(enum eap_type type, const uint8_t *buf, size_t len,
+		const uint8_t *key, uint8_t *mac)
 {
-	return hmac_sha1(key, EAP_SIM_K_AUT_LEN, buf, len, mac,
+	if (type == EAP_TYPE_AKA_PRIME)
+		return hmac_sha256(key, EAP_AKA_PRIME_K_AUT_LEN, buf, len,
+				mac, EAP_SIM_MAC_LEN);
+	else
+		return hmac_sha1(key, EAP_SIM_K_AUT_LEN, buf, len, mac,
 			EAP_SIM_MAC_LEN);
 }
 
@@ -547,7 +551,13 @@ bool eap_sim_verify_mac(struct eap_state *eap, enum eap_type type,
 	iov[3].iov_base = extra;
 	iov[3].iov_len = elen;
 
-	hmac = l_checksum_new_hmac(L_CHECKSUM_SHA1, k_aut, EAP_SIM_K_AUT_LEN);
+	if (type == EAP_TYPE_AKA_PRIME)
+		hmac = l_checksum_new_hmac(L_CHECKSUM_SHA256, k_aut,
+				EAP_AKA_PRIME_K_AUT_LEN);
+	else
+		hmac = l_checksum_new_hmac(L_CHECKSUM_SHA1, k_aut,
+				EAP_SIM_K_AUT_LEN);
+
 	l_checksum_updatev(hmac, iov, 4);
 	/* reuse zero mac array for new mac */
 	l_checksum_get_digest(hmac, zero_mac, EAP_SIM_MAC_LEN);
diff --git a/src/simutil.h b/src/simutil.h
index d8a063df..a9295333 100644
--- a/src/simutil.h
+++ b/src/simutil.h
@@ -218,8 +218,8 @@ bool eap_sim_get_encryption_keys(const uint8_t *buf, uint8_t *k_encr,
  * key - encryption key to use (e.g. K_encr)
  * mac - buffer for the 16 byte MAC
  */
-bool eap_sim_derive_mac(const uint8_t *buf, size_t len, const uint8_t *key,
-		uint8_t *mac);
+bool eap_sim_derive_mac(enum eap_type type, const uint8_t *buf, size_t len,
+		const uint8_t *key, uint8_t *mac);
 
 /*
  * Helper to build the EAP packet header