From ff36ff00b8f5a3a8c0f06a5155476af349cb2c4d Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 22 Dec 2008 14:05:53 +0200 Subject: [PATCH] Reject association if HT STA tries to use TKIP as pairwise cipher --- hostapd/ieee802_11.c | 10 ++++++++++ hostapd/wpa.c | 6 ++++++ hostapd/wpa.h | 1 + 3 files changed, 17 insertions(+) diff --git a/hostapd/ieee802_11.c b/hostapd/ieee802_11.c index 39cc83701..fe2d88fa7 100644 --- a/hostapd/ieee802_11.c +++ b/hostapd/ieee802_11.c @@ -930,6 +930,16 @@ static void handle_assoc(struct hostapd_data *hapd, goto fail; } #endif /* CONFIG_IEEE80211R */ +#ifdef CONFIG_IEEE80211N + if ((sta->flags & WLAN_STA_HT) && + wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { + wpa_printf(MSG_DEBUG, "HT: " MACSTR " tried to " + "use TKIP with HT association", + MAC2STR(sta->addr)); + resp = WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; + goto fail; + } +#endif /* CONFIG_IEEE80211N */ } else wpa_auth_sta_no_wpa(sta->wpa_sm); diff --git a/hostapd/wpa.c b/hostapd/wpa.c index 0d173c063..e995562b1 100644 --- a/hostapd/wpa.c +++ b/hostapd/wpa.c @@ -2305,6 +2305,12 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm) } +int wpa_auth_get_pairwise(struct wpa_state_machine *sm) +{ + return sm->pairwise; +} + + int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm) { if (sm == NULL) diff --git a/hostapd/wpa.h b/hostapd/wpa.h index e347923cd..44cb92d58 100644 --- a/hostapd/wpa.h +++ b/hostapd/wpa.h @@ -246,6 +246,7 @@ int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen); int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen); void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth); int wpa_auth_pairwise_set(struct wpa_state_machine *sm); +int wpa_auth_get_pairwise(struct wpa_state_machine *sm); int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,