Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

AP: Set pairwise/group cipher for non-WPA modes

This is needed to avoid confusing configuration in some nl80211
drivers that the new AP mode configuration alternatives for
setting security policy.
Jouni Malinen 13 years ago
parent
633d4469e8
commit
697cd03fc2
2 changed files with 38 additions and 4 deletions
Split View Show Diff Stats
  1. 19 2
      hostapd/config_file.c
  2. 19 2
      wpa_supplicant/ap.c

+ 19 - 2
hostapd/config_file.c
View File 

@@ -2099,12 +2099,29 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 
 		} else if (bss->wpa) {
 
 			bss->ssid.security_policy = SECURITY_WPA_PSK;
 
 		} else if (bss->ieee802_1x) {
 
+			int cipher = WPA_CIPHER_NONE;
 
 			bss->ssid.security_policy = SECURITY_IEEE_802_1X;
 
 			bss->ssid.wep.default_len = bss->default_wep_key_len;
 
-		} else if (bss->ssid.wep.keys_set)
 
+			if (bss->default_wep_key_len)
 
+				cipher = bss->default_wep_key_len >= 13 ?
 
+					WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
 
+			bss->wpa_group = cipher;
 
+			bss->wpa_pairwise = cipher;
 
+			bss->rsn_pairwise = cipher;
 
+		} else if (bss->ssid.wep.keys_set) {
 
+			int cipher = WPA_CIPHER_WEP40;
 
+			if (bss->ssid.wep.len[0] >= 13)
 
+				cipher = WPA_CIPHER_WEP104;
 
 			bss->ssid.security_policy = SECURITY_STATIC_WEP;
 
-		else
 
+			bss->wpa_group = cipher;
 
+			bss->wpa_pairwise = cipher;
 
+			bss->rsn_pairwise = cipher;
 
+		} else {
 
 			bss->ssid.security_policy = SECURITY_PLAINTEXT;
 
+			bss->wpa_group = WPA_CIPHER_NONE;
 
+			bss->wpa_pairwise = WPA_CIPHER_NONE;
 
+			bss->rsn_pairwise = WPA_CIPHER_NONE;
 
+		}
 
 	}
 
 
 	if (hostapd_config_check(conf))

+ 19 - 2
wpa_supplicant/ap.c
View File 

@@ -181,12 +181,29 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
 
 	else if (bss->wpa)
 
 		bss->ssid.security_policy = SECURITY_WPA_PSK;
 
 	else if (bss->ieee802_1x) {
 
+		int cipher = WPA_CIPHER_NONE;
 
 		bss->ssid.security_policy = SECURITY_IEEE_802_1X;
 
 		bss->ssid.wep.default_len = bss->default_wep_key_len;
 
-	} else if (bss->ssid.wep.keys_set)
 
+		if (bss->default_wep_key_len)
 
+			cipher = bss->default_wep_key_len >= 13 ?
 
+				WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
 
+		bss->wpa_group = cipher;
 
+		bss->wpa_pairwise = cipher;
 
+		bss->rsn_pairwise = cipher;
 
+	} else if (bss->ssid.wep.keys_set) {
 
+		int cipher = WPA_CIPHER_WEP40;
 
+		if (bss->ssid.wep.len[0] >= 13)
 
+			cipher = WPA_CIPHER_WEP104;
 
 		bss->ssid.security_policy = SECURITY_STATIC_WEP;
 
-	else
 
+		bss->wpa_group = cipher;
 
+		bss->wpa_pairwise = cipher;
 
+		bss->rsn_pairwise = cipher;
 
+	} else {
 
 		bss->ssid.security_policy = SECURITY_PLAINTEXT;
 
+		bss->wpa_group = WPA_CIPHER_NONE;
 
+		bss->wpa_pairwise = WPA_CIPHER_NONE;
 
+		bss->rsn_pairwise = WPA_CIPHER_NONE;
 
+	}
 
 
 #ifdef CONFIG_WPS
 
 	/*