FT: Allow CCMP-256 and GCMP-256 as group ciphers

The FT-specific check for valid group cipher in wpa_ft_gen_req_ies() was not up-to-date with the current list of supported ciphers. Fix this by using a generic function to determine validity of the cipher. In practice, this adds support for using CCMP-256 and GCMP-256 as the group cipher with FT. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-01 23:51:31 +03:00 · 2015-07-01 23:51:31 +03:00 · 05a90d78dc
parent 348bc4e0eb
commit 05a90d78dc
3 changed files with 3 additions and 4 deletions
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@ -492,7 +492,7 @@ static int rsn_key_mgmt_to_bitfield(const u8 *s)
 }


-static int wpa_cipher_valid_group(int cipher)
+int wpa_cipher_valid_group(int cipher)
 {
 	return wpa_cipher_valid_pairwise(cipher) ||
 		cipher == WPA_CIPHER_GTK_NOT_USED;
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@ -435,6 +435,7 @@ int wpa_ft_parse_ies(const u8 *ies, size_t ies_len, struct wpa_ft_ies *parse);
 int wpa_cipher_key_len(int cipher);
 int wpa_cipher_rsc_len(int cipher);
 int wpa_cipher_to_alg(int cipher);
+int wpa_cipher_valid_group(int cipher);
 int wpa_cipher_valid_pairwise(int cipher);
 int wpa_cipher_valid_mgmt_group(int cipher);
 u32 wpa_cipher_to_suite(int proto, int cipher);
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@ -168,9 +168,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
 	pos = (u8 *) (rsnie + 1);

 	/* Group Suite Selector */
-	if (sm->group_cipher != WPA_CIPHER_CCMP &&
-	    sm->group_cipher != WPA_CIPHER_GCMP &&
-	    sm->group_cipher != WPA_CIPHER_TKIP) {
+	if (!wpa_cipher_valid_group(sm->group_cipher)) {
 		wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)",
 			   sm->group_cipher);
 		os_free(buf);