Shouldn't we separate group cipher for WPA and RSN?

Jouni Malinen j
Fri Oct 16 03:44:57 PDT 2009

On Fri, Oct 16, 2009 at 12:03:41PM +0300, Andriy Tkachuk wrote:

> # Group cipher suite (encryption algorithm for broadcast and multicast 
> frames)
> # is automatically selected based on this configuration. If only CCMP is
> # allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
> # TKIP will be used as the group cipher.
> It is clear, but. Let's review following configuration:
> wpa_pairwise=TKIP
> rsn_pairwise=CCMP
> What group cipher should be selected for RSN? According to description 
> it might be CCMP, no? But today it is set to TKIP (because it is set for 
> WPA).

The description on group cipher does not distinguish wpa_pairwise from
rsn_pairwise. In other words, if you enable both TKIP and CCMP as
pairwise ciphers (either WPA or RSN), TKIP will be used as the group
cipher. Please note that the group cipher will be same for both WPA and
RSN to avoid having to send all broadcast/multicast frames twice.

> Here is the code from config.c which explains how it is set:
>                 /* Select group cipher based on the enabled pairwise cipher
>                  * suites */
>                 pairwise = 0;
>                 if (bss->wpa & 1)
>                         pairwise |= bss->wpa_pairwise;
>                 if (bss->wpa & 2) {
>                         if (bss->rsn_pairwise == 0)
>                                 bss->rsn_pairwise = bss->wpa_pairwise;
>                         pairwise |= bss->rsn_pairwise;
>                 }
>                 if (pairwise & WPA_CIPHER_TKIP)
>                         bss->wpa_group = WPA_CIPHER_TKIP;
>                 else
>                         bss->wpa_group = WPA_CIPHER_CCMP;
> Shouldn't we introduce bss->rsn_group ?

No. Both WPA and RSN will need to share the same group cipher. If you
want to be able to use CCMP as the group cipher in such a case, you will
need to use multiple BSSes, e.g., by creating another (virtual) BSS for
WPA/TKIP configuration. That will allow the group ciphers to be set
separate and it is up to your network configuration to decide whether
the broadcast/multicast frames should be in the same domain (bridge the
wlan interfaces together) or not (which would be more secure).

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list