Shouldn't we separate group cipher for WPA and RSN?
Andriy Tkachuk
andriy.v.tkachuk
Fri Oct 16 02:03:41 PDT 2009
Hi folks.
In hostapd.conf about group cipher configuration there is following written:
# Group cipher suite (encryption algorithm for broadcast and multicast
frames)
# is automatically selected based on this configuration. If only CCMP is
# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
# TKIP will be used as the group cipher.
It is clear, but. Let's review following configuration:
wpa_pairwise=TKIP
rsn_pairwise=CCMP
What group cipher should be selected for RSN? According to description
it might be CCMP, no? But today it is set to TKIP (because it is set for
WPA).
Here is the code from config.c which explains how it is set:
/* Select group cipher based on the enabled pairwise cipher
* suites */
pairwise = 0;
if (bss->wpa & 1)
pairwise |= bss->wpa_pairwise;
if (bss->wpa & 2) {
if (bss->rsn_pairwise == 0)
bss->rsn_pairwise = bss->wpa_pairwise;
pairwise |= bss->rsn_pairwise;
}
if (pairwise & WPA_CIPHER_TKIP)
bss->wpa_group = WPA_CIPHER_TKIP;
else
bss->wpa_group = WPA_CIPHER_CCMP;
Shouldn't we introduce bss->rsn_group ?
Thank you,
Andriy
More information about the Hostap
mailing list