From 73267b9ca433288c207c4e06a938eaa326c8672a Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni.malinen@atheros.com>
Date: Mon, 30 Mar 2009 19:00:55 +0300
Subject: [PATCH] WPS: Fix local configuration update after AP configuration

Update credential to only include a single authentication and
encryption type in case the AP configuration includes more than one
option. Without this, the credential would be rejected if the AP was
configured to allow more than one authentication type.
---
 src/wps/wps_registrar.c         | 13 +++++++++++++
 wpa_supplicant/wps_supplicant.c | 10 ++++++++++
 2 files changed, 23 insertions(+)

diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 89c4eab5f..9f9e0ac2d 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -2334,6 +2334,19 @@ static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
 	}
 
 	if (!wps->wps->ap) {
+		/*
+		 * Update credential to only include a single authentication
+		 * and encryption type in case the AP configuration includes
+		 * more than one option.
+		 */
+		if (wps->cred.auth_type & WPS_AUTH_WPA2PSK)
+			wps->cred.auth_type = WPS_AUTH_WPA2PSK;
+		else if (wps->cred.auth_type & WPS_AUTH_WPAPSK)
+			wps->cred.auth_type = WPS_AUTH_WPAPSK;
+		if (wps->cred.encr_type & WPS_ENCR_AES)
+			wps->cred.encr_type = WPS_ENCR_AES;
+		else if (wps->cred.encr_type & WPS_ENCR_TKIP)
+			wps->cred.encr_type = WPS_ENCR_TKIP;
 		wpa_printf(MSG_DEBUG, "WPS: Update local configuration based "
 			   "on the modified AP configuration");
 		if (wps->wps->cred_cb)
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index b6c9bc941..a4efc6ec5 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -210,6 +210,16 @@ static int wpa_supplicant_wps_cred(void *ctx,
 	if (wpa_s->conf->wps_cred_processing == 1)
 		return 0;
 
+	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
+	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
+		   cred->auth_type);
+	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
+	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
+	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
+			cred->key, cred->key_len);
+	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
+		   MAC2STR(cred->mac_addr));
+
 	if (cred->auth_type != WPS_AUTH_OPEN &&
 	    cred->auth_type != WPS_AUTH_SHARED &&
 	    cred->auth_type != WPS_AUTH_WPAPSK &&