PASN authentication requires that group management cipher suite
would be set to 00-0F-AC:7 in the RSN IE, so consider it as a valid
group management cipher and adjust the code accordingly.
Signed-off-by: Ilan Peer <ilan.peer@xxxxxxxxx>
---
src/common/wpa_common.c | 3 ++-
src/rsn_supp/wpa.c | 4 +++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 82a5a174fe..3d04650d32 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -1216,7 +1216,8 @@ int wpa_cipher_valid_group(int cipher)
int wpa_cipher_valid_mgmt_group(int cipher)
{
- return cipher == WPA_CIPHER_AES_128_CMAC ||
+ return cipher == WPA_CIPHER_GTK_NOT_USED ||
+ cipher == WPA_CIPHER_AES_128_CMAC ||
cipher == WPA_CIPHER_BIP_GMAC_128 ||
cipher == WPA_CIPHER_BIP_GMAC_256 ||
cipher == WPA_CIPHER_BIP_CMAC_256;
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index e07527ba57..834658324e 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1306,7 +1306,8 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
{
size_t len;
- if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
+ if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) ||
+ sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED)
return 0;
if (ie->igtk) {
@@ -1665,6 +1666,7 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
}
if (ie.igtk &&
+ sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED &&
wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
(unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
--
2.17.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
