Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

AP: Set pairwise/group cipher for non-WPA modes

This is needed to avoid confusing configuration in some nl80211
drivers that the new AP mode configuration alternatives for
setting security policy.
Jouni Malinen il y a 13 ans
Parent
633d4469e8
commit
697cd03fc2
2 fichiers modifiés avec 38 ajouts et 4 suppressions
Vue séparée Afficher les stats Diff
  1. 19 2
      hostapd/config_file.c
  2. 19 2
      wpa_supplicant/ap.c

+ 19 - 2
hostapd/config_file.c
Voir le fichier 

@@ -2099,12 +2099,29 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 
 		} else if (bss->wpa) {
 
 			bss->ssid.security_policy = SECURITY_WPA_PSK;
 
 		} else if (bss->ieee802_1x) {
 
+			int cipher = WPA_CIPHER_NONE;
 
 			bss->ssid.security_policy = SECURITY_IEEE_802_1X;
 
 			bss->ssid.wep.default_len = bss->default_wep_key_len;
 
-		} else if (bss->ssid.wep.keys_set)
 
+			if (bss->default_wep_key_len)
 
+				cipher = bss->default_wep_key_len >= 13 ?
 
+					WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
 
+			bss->wpa_group = cipher;
 
+			bss->wpa_pairwise = cipher;
 
+			bss->rsn_pairwise = cipher;
 
+		} else if (bss->ssid.wep.keys_set) {
 
+			int cipher = WPA_CIPHER_WEP40;
 
+			if (bss->ssid.wep.len[0] >= 13)
 
+				cipher = WPA_CIPHER_WEP104;
 
 			bss->ssid.security_policy = SECURITY_STATIC_WEP;
 
-		else
 
+			bss->wpa_group = cipher;
 
+			bss->wpa_pairwise = cipher;
 
+			bss->rsn_pairwise = cipher;
 
+		} else {
 
 			bss->ssid.security_policy = SECURITY_PLAINTEXT;
 
+			bss->wpa_group = WPA_CIPHER_NONE;
 
+			bss->wpa_pairwise = WPA_CIPHER_NONE;
 
+			bss->rsn_pairwise = WPA_CIPHER_NONE;
 
+		}
 
 	}
 
 
 	if (hostapd_config_check(conf))

+ 19 - 2
wpa_supplicant/ap.c
Voir le fichier 

@@ -181,12 +181,29 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
 
 	else if (bss->wpa)
 
 		bss->ssid.security_policy = SECURITY_WPA_PSK;
 
 	else if (bss->ieee802_1x) {
 
+		int cipher = WPA_CIPHER_NONE;
 
 		bss->ssid.security_policy = SECURITY_IEEE_802_1X;
 
 		bss->ssid.wep.default_len = bss->default_wep_key_len;
 
-	} else if (bss->ssid.wep.keys_set)
 
+		if (bss->default_wep_key_len)
 
+			cipher = bss->default_wep_key_len >= 13 ?
 
+				WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
 
+		bss->wpa_group = cipher;
 
+		bss->wpa_pairwise = cipher;
 
+		bss->rsn_pairwise = cipher;
 
+	} else if (bss->ssid.wep.keys_set) {
 
+		int cipher = WPA_CIPHER_WEP40;
 
+		if (bss->ssid.wep.len[0] >= 13)
 
+			cipher = WPA_CIPHER_WEP104;
 
 		bss->ssid.security_policy = SECURITY_STATIC_WEP;
 
-	else
 
+		bss->wpa_group = cipher;
 
+		bss->wpa_pairwise = cipher;
 
+		bss->rsn_pairwise = cipher;
 
+	} else {
 
 		bss->ssid.security_policy = SECURITY_PLAINTEXT;
 
+		bss->wpa_group = WPA_CIPHER_NONE;
 
+		bss->wpa_pairwise = WPA_CIPHER_NONE;
 
+		bss->rsn_pairwise = WPA_CIPHER_NONE;
 
+	}
 
 
 #ifdef CONFIG_WPS
 
 	/*