FT: Allow CCMP-256 and GCMP-256 as group ciphers

The FT-specific check for valid group cipher in wpa_ft_gen_req_ies() was
not up-to-date with the current list of supported ciphers. Fix this by
using a generic function to determine validity of the cipher. In
practice, this adds support for using CCMP-256 and GCMP-256 as the group
cipher with FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-07-01 23:51:31 +03:00
parent 348bc4e0eb
commit 05a90d78dc
3 changed files with 3 additions and 4 deletions

View file

@ -492,7 +492,7 @@ static int rsn_key_mgmt_to_bitfield(const u8 *s)
}
static int wpa_cipher_valid_group(int cipher)
int wpa_cipher_valid_group(int cipher)
{
return wpa_cipher_valid_pairwise(cipher) ||
cipher == WPA_CIPHER_GTK_NOT_USED;

View file

@ -435,6 +435,7 @@ int wpa_ft_parse_ies(const u8 *ies, size_t ies_len, struct wpa_ft_ies *parse);
int wpa_cipher_key_len(int cipher);
int wpa_cipher_rsc_len(int cipher);
int wpa_cipher_to_alg(int cipher);
int wpa_cipher_valid_group(int cipher);
int wpa_cipher_valid_pairwise(int cipher);
int wpa_cipher_valid_mgmt_group(int cipher);
u32 wpa_cipher_to_suite(int proto, int cipher);

View file

@ -168,9 +168,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
pos = (u8 *) (rsnie + 1);
/* Group Suite Selector */
if (sm->group_cipher != WPA_CIPHER_CCMP &&
sm->group_cipher != WPA_CIPHER_GCMP &&
sm->group_cipher != WPA_CIPHER_TKIP) {
if (!wpa_cipher_valid_group(sm->group_cipher)) {
wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)",
sm->group_cipher);
os_free(buf);