Use more generic checks for Key Descriptor Version 2 and 3

IEEE Std 802.11-2020 describes the rule based on not-TKIP for value 2
and no pairwise cipher condition on value 3, so use that set of more
generic rules here.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 03fd12ee3f87fda8f9f49c7bee7b75ab12ced6ca..84cd4a4d1c3386b80171a91af8cd09e65d16bee5 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1229,25 +1229,23 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
                msgtxt = "2/4 Pairwise";
        }
 
-       if (sm->pairwise == WPA_CIPHER_CCMP ||
-           sm->pairwise == WPA_CIPHER_GCMP) {
-               if (wpa_use_cmac(sm->wpa_key_mgmt) &&
-                   !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
-                   ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
-                       wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
-                                       LOGGER_WARNING,
-                                       "advertised support for AES-128-CMAC, but did not use it");
-                       goto out;
-               }
+       if (!wpa_use_akm_defined(sm->wpa_key_mgmt) &&
+           wpa_use_cmac(sm->wpa_key_mgmt) &&
+           ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
+               wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
+                               LOGGER_WARNING,
+                               "advertised support for AES-128-CMAC, but did not use it");
+               goto out;
+       }
 
-               if (!wpa_use_cmac(sm->wpa_key_mgmt) &&
-                   !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
-                   ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
-                       wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
-                                       LOGGER_WARNING,
-                                       "did not use HMAC-SHA1-AES with CCMP/GCMP");
-                       goto out;
-               }
+       if (sm->pairwise != WPA_CIPHER_TKIP &&
+           !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
+           !wpa_use_cmac(sm->wpa_key_mgmt) &&
+           ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+               wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
+                               LOGGER_WARNING,
+                               "did not use HMAC-SHA1-AES with CCMP/GCMP");
+               goto out;
        }
 
        if (wpa_use_akm_defined(sm->wpa_key_mgmt) &&