From: Jouni Malinen Date: Sun, 28 Jan 2024 09:18:40 +0000 (+0200) Subject: Use more generic checks for Key Descriptor Version 2 and 3 X-Git-Tag: hostap_2_11~406 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fff69bba1082e250248bb26bfe25844a2f1529cd;p=thirdparty%2Fhostap.git Use more generic checks for Key Descriptor Version 2 and 3 IEEE Std 802.11-2020 describes the rule based on not-TKIP for value 2 and no pairwise cipher condition on value 3, so use that set of more generic rules here. Signed-off-by: Jouni Malinen --- diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 03fd12ee3..84cd4a4d1 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1229,25 +1229,23 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, msgtxt = "2/4 Pairwise"; } - if (sm->pairwise == WPA_CIPHER_CCMP || - sm->pairwise == WPA_CIPHER_GCMP) { - if (wpa_use_cmac(sm->wpa_key_mgmt) && - !wpa_use_akm_defined(sm->wpa_key_mgmt) && - ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { - wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), - LOGGER_WARNING, - "advertised support for AES-128-CMAC, but did not use it"); - goto out; - } + if (!wpa_use_akm_defined(sm->wpa_key_mgmt) && + wpa_use_cmac(sm->wpa_key_mgmt) && + ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { + wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), + LOGGER_WARNING, + "advertised support for AES-128-CMAC, but did not use it"); + goto out; + } - if (!wpa_use_cmac(sm->wpa_key_mgmt) && - !wpa_use_akm_defined(sm->wpa_key_mgmt) && - ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { - wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), - LOGGER_WARNING, - "did not use HMAC-SHA1-AES with CCMP/GCMP"); - goto out; - } + if (sm->pairwise != WPA_CIPHER_TKIP && + !wpa_use_akm_defined(sm->wpa_key_mgmt) && + !wpa_use_cmac(sm->wpa_key_mgmt) && + ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { + wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), + LOGGER_WARNING, + "did not use HMAC-SHA1-AES with CCMP/GCMP"); + goto out; } if (wpa_use_akm_defined(sm->wpa_key_mgmt) &&