From a151b0e37dd2e16736a01641fe9dd6c6b0fe2fe6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 18 Jun 2016 22:21:33 +0300 Subject: [PATCH] mesh: Select pairwise and group cipher based on network profile This allows the previously hardcoded CCMP cipher to be replaced in the network profile for mesh. Signed-off-by: Jouni Malinen --- wpa_supplicant/mesh.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c index c5f089e51..bf9beb2cd 100644 --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c @@ -70,6 +70,7 @@ static struct mesh_conf * mesh_config_create(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { struct mesh_conf *conf; + int cipher; conf = os_zalloc(sizeof(struct mesh_conf)); if (!conf) @@ -90,8 +91,24 @@ static struct mesh_conf * mesh_config_create(struct wpa_supplicant *wpa_s, else conf->ieee80211w = NO_MGMT_FRAME_PROTECTION; } - conf->pairwise_cipher = WPA_CIPHER_CCMP; - conf->group_cipher = WPA_CIPHER_CCMP; + + cipher = wpa_pick_pairwise_cipher(ssid->pairwise_cipher, 0); + if (cipher < 0 || cipher == WPA_CIPHER_TKIP) { + wpa_msg(wpa_s, MSG_INFO, "mesh: Invalid pairwise cipher"); + os_free(conf); + return NULL; + } + conf->pairwise_cipher = cipher; + + cipher = wpa_pick_group_cipher(ssid->group_cipher); + if (cipher < 0 || cipher == WPA_CIPHER_TKIP || + cipher == WPA_CIPHER_GTK_NOT_USED) { + wpa_msg(wpa_s, MSG_INFO, "mesh: Invalid group cipher"); + os_free(conf); + return NULL; + } + + conf->group_cipher = cipher; if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) conf->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;