Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

FT: Allow CCMP-256 and GCMP-256 as group ciphers

The FT-specific check for valid group cipher in wpa_ft_gen_req_ies() was
not up-to-date with the current list of supported ciphers. Fix this by
using a generic function to determine validity of the cipher. In
practice, this adds support for using CCMP-256 and GCMP-256 as the group
cipher with FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 9 years ago
parent
348bc4e0eb
commit
05a90d78dc
3 changed files with 3 additions and 4 deletions
Split View Show Diff Stats
  1. 1 1
      src/common/wpa_common.c
  2. 1 0
      src/common/wpa_common.h
  3. 1 3
      src/rsn_supp/wpa_ft.c

+ 1 - 1
src/common/wpa_common.c
View File 

@@ -492,7 +492,7 @@ static int rsn_key_mgmt_to_bitfield(const u8 *s)
 
 }
 
 
 
-static int wpa_cipher_valid_group(int cipher)
 
+int wpa_cipher_valid_group(int cipher)
 
 {
 
 	return wpa_cipher_valid_pairwise(cipher) ||
 
 		cipher == WPA_CIPHER_GTK_NOT_USED;

+ 1 - 0
src/common/wpa_common.h
View File 

@@ -435,6 +435,7 @@ int wpa_ft_parse_ies(const u8 *ies, size_t ies_len, struct wpa_ft_ies *parse);
 
 int wpa_cipher_key_len(int cipher);
 
 int wpa_cipher_rsc_len(int cipher);
 
 int wpa_cipher_to_alg(int cipher);
 
+int wpa_cipher_valid_group(int cipher);
 
 int wpa_cipher_valid_pairwise(int cipher);
 
 int wpa_cipher_valid_mgmt_group(int cipher);
 
 u32 wpa_cipher_to_suite(int proto, int cipher);

+ 1 - 3
src/rsn_supp/wpa_ft.c
View File 

@@ -168,9 +168,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
 
 	pos = (u8 *) (rsnie + 1);
 
 
 	/* Group Suite Selector */
 
-	if (sm->group_cipher != WPA_CIPHER_CCMP &&
 
-	    sm->group_cipher != WPA_CIPHER_GCMP &&
 
-	    sm->group_cipher != WPA_CIPHER_TKIP) {
 
+	if (!wpa_cipher_valid_group(sm->group_cipher)) {
 
 		wpa_printf(MSG_WARNING, "FT: Invalid group cipher (%d)",
 
 			   sm->group_cipher);
 
 		os_free(buf);