mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
Use a helper function for selection group cipher for AP mode
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
0282a8c46a
commit
cf830c1c54
@ -2919,31 +2919,16 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||
|
||||
static void hostapd_set_security_params(struct hostapd_bss_config *bss)
|
||||
{
|
||||
int pairwise;
|
||||
|
||||
if (bss->individual_wep_key_len == 0) {
|
||||
/* individual keys are not use; can use key idx0 for
|
||||
* broadcast keys */
|
||||
bss->broadcast_key_idx_min = 0;
|
||||
}
|
||||
|
||||
/* Select group cipher based on the enabled pairwise cipher
|
||||
* suites */
|
||||
pairwise = 0;
|
||||
if (bss->wpa & 1)
|
||||
pairwise |= bss->wpa_pairwise;
|
||||
if (bss->wpa & 2) {
|
||||
if (bss->rsn_pairwise == 0)
|
||||
bss->rsn_pairwise = bss->wpa_pairwise;
|
||||
pairwise |= bss->rsn_pairwise;
|
||||
}
|
||||
if (pairwise & WPA_CIPHER_TKIP)
|
||||
bss->wpa_group = WPA_CIPHER_TKIP;
|
||||
else if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) ==
|
||||
WPA_CIPHER_GCMP)
|
||||
bss->wpa_group = WPA_CIPHER_GCMP;
|
||||
else
|
||||
bss->wpa_group = WPA_CIPHER_CCMP;
|
||||
if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
|
||||
bss->rsn_pairwise = bss->wpa_pairwise;
|
||||
bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise,
|
||||
bss->rsn_pairwise);
|
||||
|
||||
bss->radius->auth_server = bss->radius->auth_servers;
|
||||
bss->radius->acct_server = bss->radius->acct_servers;
|
||||
|
@ -1343,3 +1343,21 @@ int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim)
|
||||
|
||||
return pos - start;
|
||||
}
|
||||
|
||||
|
||||
int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise)
|
||||
{
|
||||
int pairwise = 0;
|
||||
|
||||
/* Select group cipher based on the enabled pairwise cipher suites */
|
||||
if (wpa & 1)
|
||||
pairwise |= wpa_pairwise;
|
||||
if (wpa & 2)
|
||||
pairwise |= rsn_pairwise;
|
||||
|
||||
if (pairwise & WPA_CIPHER_TKIP)
|
||||
return WPA_CIPHER_TKIP;
|
||||
if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP)
|
||||
return WPA_CIPHER_GCMP;
|
||||
return WPA_CIPHER_CCMP;
|
||||
}
|
||||
|
@ -400,5 +400,6 @@ int wpa_pick_pairwise_cipher(int ciphers, int none_allowed);
|
||||
int wpa_pick_group_cipher(int ciphers);
|
||||
int wpa_parse_cipher(const char *value);
|
||||
int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim);
|
||||
int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise);
|
||||
|
||||
#endif /* WPA_COMMON_H */
|
||||
|
@ -46,7 +46,6 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
|
||||
struct hostapd_config *conf)
|
||||
{
|
||||
struct hostapd_bss_config *bss = &conf->bss[0];
|
||||
int pairwise;
|
||||
|
||||
conf->driver = wpa_s->driver;
|
||||
|
||||
@ -211,22 +210,10 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
|
||||
if (ssid->dtim_period)
|
||||
bss->dtim_period = ssid->dtim_period;
|
||||
|
||||
/* Select group cipher based on the enabled pairwise cipher suites */
|
||||
pairwise = 0;
|
||||
if (bss->wpa & 1)
|
||||
pairwise |= bss->wpa_pairwise;
|
||||
if (bss->wpa & 2) {
|
||||
if (bss->rsn_pairwise == 0)
|
||||
bss->rsn_pairwise = bss->wpa_pairwise;
|
||||
pairwise |= bss->rsn_pairwise;
|
||||
}
|
||||
if (pairwise & WPA_CIPHER_TKIP)
|
||||
bss->wpa_group = WPA_CIPHER_TKIP;
|
||||
else if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) ==
|
||||
WPA_CIPHER_GCMP)
|
||||
bss->wpa_group = WPA_CIPHER_GCMP;
|
||||
else
|
||||
bss->wpa_group = WPA_CIPHER_CCMP;
|
||||
if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
|
||||
bss->rsn_pairwise = bss->wpa_pairwise;
|
||||
bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise,
|
||||
bss->rsn_pairwise);
|
||||
|
||||
if (bss->wpa && bss->ieee802_1x)
|
||||
bss->ssid.security_policy = SECURITY_WPA;
|
||||
@ -268,7 +255,7 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
|
||||
goto no_wps;
|
||||
#ifdef CONFIG_WPS2
|
||||
if (bss->ssid.security_policy == SECURITY_WPA_PSK &&
|
||||
(!(pairwise & WPA_CIPHER_CCMP) || !(bss->wpa & 2)))
|
||||
(!(bss->rsn_pairwise & WPA_CIPHER_CCMP) || !(bss->wpa & 2)))
|
||||
goto no_wps; /* WPS2 does not allow WPA/TKIP-only
|
||||
* configuration */
|
||||
#endif /* CONFIG_WPS2 */
|
||||
|
Loading…
Reference in New Issue
Block a user