Use a helper function for selection group cipher for AP mode

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 6c04ce4800e7b93f1df362a43490b4ad64fe64cb..7b22dfd0e6f9c51cdef75e8b4af1c9518a2ec672 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2919,31 +2919,16 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 
 static void hostapd_set_security_params(struct hostapd_bss_config *bss)
 {
-       int pairwise;
-
        if (bss->individual_wep_key_len == 0) {
                /* individual keys are not use; can use key idx0 for
                 * broadcast keys */
                bss->broadcast_key_idx_min = 0;
        }
 
-       /* Select group cipher based on the enabled pairwise cipher
-        * suites */
-       pairwise = 0;
-       if (bss->wpa & 1)
-               pairwise |= bss->wpa_pairwise;
-       if (bss->wpa & 2) {
-               if (bss->rsn_pairwise == 0)
-                       bss->rsn_pairwise = bss->wpa_pairwise;
-               pairwise |= bss->rsn_pairwise;
-       }
-       if (pairwise & WPA_CIPHER_TKIP)
-               bss->wpa_group = WPA_CIPHER_TKIP;
-       else if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) ==
-                WPA_CIPHER_GCMP)
-               bss->wpa_group = WPA_CIPHER_GCMP;
-       else
-               bss->wpa_group = WPA_CIPHER_CCMP;
+       if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
+               bss->rsn_pairwise = bss->wpa_pairwise;
+       bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise,
+                                                   bss->rsn_pairwise);
 
        bss->radius->auth_server = bss->radius->auth_servers;
        bss->radius->acct_server = bss->radius->acct_servers;

diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index fdf418f449bd2a10027ad62d94a1f6c7dd62cc07..c786b0a25d33ddb5239c06c59eac04ea8d4682d9 100644 (file)
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -1343,3 +1343,21 @@ int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim)
 
        return pos - start;
 }
+
+
+int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise)
+{
+       int pairwise = 0;
+
+       /* Select group cipher based on the enabled pairwise cipher suites */
+       if (wpa & 1)
+               pairwise |= wpa_pairwise;
+       if (wpa & 2)
+               pairwise |= rsn_pairwise;
+
+       if (pairwise & WPA_CIPHER_TKIP)
+               return WPA_CIPHER_TKIP;
+       if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP)
+               return WPA_CIPHER_GCMP;
+       return WPA_CIPHER_CCMP;
+}

diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index a23038a055ac35a54134d0298616b953fd2669d7..a326950c6da4cd7021b51201afa66c5ccc2da7e6 100644 (file)
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -400,5 +400,6 @@ int wpa_pick_pairwise_cipher(int ciphers, int none_allowed);
 int wpa_pick_group_cipher(int ciphers);
 int wpa_parse_cipher(const char *value);
 int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim);
+int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise);
 
 #endif /* WPA_COMMON_H */

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index c6d98797e13157ae867e370f0182b300a2f06749..ee53c37d4e48d5a86edfb4450f8332fcd050b8ca 100644 (file)
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -46,7 +46,6 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
                                  struct hostapd_config *conf)
 {
        struct hostapd_bss_config *bss = &conf->bss[0];
-       int pairwise;
 
        conf->driver = wpa_s->driver;
 
@@ -211,22 +210,10 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
        if (ssid->dtim_period)
                bss->dtim_period = ssid->dtim_period;
 
-       /* Select group cipher based on the enabled pairwise cipher suites */
-       pairwise = 0;
-       if (bss->wpa & 1)
-               pairwise |= bss->wpa_pairwise;
-       if (bss->wpa & 2) {
-               if (bss->rsn_pairwise == 0)
-                       bss->rsn_pairwise = bss->wpa_pairwise;
-               pairwise |= bss->rsn_pairwise;
-       }
-       if (pairwise & WPA_CIPHER_TKIP)
-               bss->wpa_group = WPA_CIPHER_TKIP;
-       else if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) ==
-                WPA_CIPHER_GCMP)
-               bss->wpa_group = WPA_CIPHER_GCMP;
-       else
-               bss->wpa_group = WPA_CIPHER_CCMP;
+       if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
+               bss->rsn_pairwise = bss->wpa_pairwise;
+       bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise,
+                                                   bss->rsn_pairwise);
 
        if (bss->wpa && bss->ieee802_1x)
                bss->ssid.security_policy = SECURITY_WPA;
@@ -268,7 +255,7 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
                goto no_wps;
 #ifdef CONFIG_WPS2
        if (bss->ssid.security_policy == SECURITY_WPA_PSK &&
-           (!(pairwise & WPA_CIPHER_CCMP) || !(bss->wpa & 2)))
+           (!(bss->rsn_pairwise & WPA_CIPHER_CCMP) || !(bss->wpa & 2)))
                goto no_wps; /* WPS2 does not allow WPA/TKIP-only
                              * configuration */
 #endif /* CONFIG_WPS2 */