@@ -1216,7 +1216,8 @@ int wpa_cipher_valid_group(int cipher)
int wpa_cipher_valid_mgmt_group(int cipher)
{
- return cipher == WPA_CIPHER_AES_128_CMAC ||
+ return cipher == WPA_CIPHER_GTK_NOT_USED ||
+ cipher == WPA_CIPHER_AES_128_CMAC ||
cipher == WPA_CIPHER_BIP_GMAC_128 ||
cipher == WPA_CIPHER_BIP_GMAC_256 ||
cipher == WPA_CIPHER_BIP_CMAC_256;
@@ -1306,7 +1306,8 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
{
size_t len;
- if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
+ if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) ||
+ sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED)
return 0;
if (ie->igtk) {
@@ -1665,6 +1666,7 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
}
if (ie.igtk &&
+ sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED &&
wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) &&
ie.igtk_len != WPA_IGTK_KDE_PREFIX_LEN +
(unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
PASN authentication requires that group management cipher suite would be set to 00-0F-AC:7 in the RSN IE, so consider it as a valid group management cipher and adjust the code accordingly. Signed-off-by: Ilan Peer <ilan.peer@intel.com> --- src/common/wpa_common.c | 3 ++- src/rsn_supp/wpa.c | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-)