From 05a90d78dc7218b36c6202d9096af300310bf54f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 1 Jul 2015 23:51:31 +0300 Subject: [PATCH] FT: Allow CCMP-256 and GCMP-256 as group ciphers The FT-specific check for valid group cipher in wpa_ft_gen_req_ies() was not up-to-date with the current list of supported ciphers. Fix this by using a generic function to determine validity of the cipher. In practice, this adds support for using CCMP-256 and GCMP-256 as the group cipher with FT. Signed-off-by: Jouni Malinen --- src/common/wpa_common.c | 2 +- src/common/wpa_common.h | 1 + src/rsn_supp/wpa_ft.c | 4 +--- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index e485b5bf2..3d64c98c5 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -492,7 +492,7 @@ static int rsn_key_mgmt_to_bitfield(const u8 *s) } -static int wpa_cipher_valid_group(int cipher) +int wpa_cipher_valid_group(int cipher) { return wpa_cipher_valid_pairwise(cipher) || cipher == WPA_CIPHER_GTK_NOT_USED; diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index d7a590fc4..c08f6514a 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -435,6 +435,7 @@ int wpa_ft_parse_ies(const u8 *ies, size_t ies_len, struct wpa_ft_ies *parse); int wpa_cipher_key_len(int cipher); int wpa_cipher_rsc_len(int cipher); int wpa_cipher_to_alg(int cipher); +int wpa_cipher_valid_group(int cipher); int wpa_cipher_valid_pairwise(int cipher); int wpa_cipher_valid_mgmt_group(int cipher); u32 wpa_cipher_to_suite(int proto, int cipher); diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index 06dea0550..205793e7f 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -168,9 +168,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, pos = (u8 *) (rsnie + 1); /* Group Suite Selector */ - if (sm->group_cipher != WPA_CIPHER_CCMP && - sm->group_cipher != WPA_CIPHER_GCMP && - sm->group_cipher != WPA_CIPHER_TKIP) { + if (!wpa_cipher_valid_group(sm->group_cipher)) { wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)", sm->group_cipher); os_free(buf);