[PATCH v2 03/20] common: Allow WPA_CIPHER_GTK_NOT_USED as a valid group management cipher

Ilan Peer ilan.peer at intel.com
Wed Dec 16 06:00:16 EST 2020


PASN authentication requires that group management cipher suite
would be set to 00-0F-AC:7 in the RSN IE, so consider it as a valid
group management cipher and adjust the code accordingly.

Signed-off-by: Ilan Peer <ilan.peer at intel.com>
---
 src/common/wpa_common.c | 3 ++-
 src/rsn_supp/wpa.c      | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 82a5a174fe..3d04650d32 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -1216,7 +1216,8 @@ int wpa_cipher_valid_group(int cipher)
 
 int wpa_cipher_valid_mgmt_group(int cipher)
 {
-	return cipher == WPA_CIPHER_AES_128_CMAC ||
+	return cipher == WPA_CIPHER_GTK_NOT_USED ||
+		cipher == WPA_CIPHER_AES_128_CMAC ||
 		cipher == WPA_CIPHER_BIP_GMAC_128 ||
 		cipher == WPA_CIPHER_BIP_GMAC_256 ||
 		cipher == WPA_CIPHER_BIP_CMAC_256;
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index e07527ba57..834658324e 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1306,7 +1306,8 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
 {
 	size_t len;
 
-	if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
+	if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) ||
+	    sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED)
 		return 0;
 
 	if (ie->igtk) {
@@ -1665,6 +1666,7 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
 	}
 
 	if (ie.igtk &&
+	    sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED &&
 	    wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
 	    ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
 	    (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
-- 
2.17.1




More information about the Hostap mailing list