Fw: 11w and WPA_CIPHER_AES_128_CMAC
Jouni Malinen
j at w1.fi
Sat Feb 25 00:39:07 PST 2017
On Wed, Feb 22, 2017 at 02:04:21AM +0000, rosect190 at yahoo.com wrote:
> Starting from hostapd 2.5, in src/ap/wpa_auth_ie.c, wpa_write_rsn_ie(..), this condition is added at line 265:
>
> conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC
This was added to remove the optional fields from RSNE as a workaround
for some interoperability issues. The commit log has more details:
http://w1.fi/cgit/hostap/commit/?id=44fa5e747b7aca39285e2511d5c94684e0723b6b
> However, in the following switch statement, this condition is actually evaluated:
> switch (conf->group_mgmt_cipher) {
> case WPA_CIPHER_AES_128_CMAC:
> RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
> break;
>
>
> I do not quite understand this seemingly contradictory situation. Could someone explain? Thanks in advance.
It looks safer to leave the full set of management group cipher suites
in the switch statement even though this WPA_CIPHER_AES_128_CMAC case is
currently unreachable. Otherwise, this code might accidentally be copied
somewhere else and or re-enabled without realizing that one of the
options was missing.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list