Use more generic checks for Key Descriptor Version 2 and 3

IEEE Std 802.11-2020 describes the rule based on not-TKIP for value 2 and no pairwise cipher condition on value 3, so use that set of more generic rules here. Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:18:40 +02:00 · 2024-01-28 11:18:40 +02:00 · fff69bba10
commit fff69bba10
parent 74a25a6602
1 changed files with 16 additions and 18 deletions
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -1229,25 +1229,23 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
 		msgtxt = "2/4 Pairwise";
 	}
-	if (sm->pairwise == WPA_CIPHER_CCMP ||
+	if (!wpa_use_akm_defined(sm->wpa_key_mgmt) &&
-	    sm->pairwise == WPA_CIPHER_GCMP) {
+	    wpa_use_cmac(sm->wpa_key_mgmt) &&
-		if (wpa_use_cmac(sm->wpa_key_mgmt) &&
+	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
-		    !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
+		wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
-		    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
+				LOGGER_WARNING,
-			wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
+				"advertised support for AES-128-CMAC, but did not use it");
-					LOGGER_WARNING,
+		goto out;
-					"advertised support for AES-128-CMAC, but did not use it");
+	}
 			goto out;
 		}
-		if (!wpa_use_cmac(sm->wpa_key_mgmt) &&
+	if (sm->pairwise != WPA_CIPHER_TKIP &&
-		    !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
+	    !wpa_use_akm_defined(sm->wpa_key_mgmt) &&
-		    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+	    !wpa_use_cmac(sm->wpa_key_mgmt) &&
-			wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
+	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
-					LOGGER_WARNING,
+		wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
-					"did not use HMAC-SHA1-AES with CCMP/GCMP");
+				LOGGER_WARNING,
-			goto out;
+				"did not use HMAC-SHA1-AES with CCMP/GCMP");
-		}
+		goto out;
 	}
 	if (wpa_use_akm_defined(sm->wpa_key_mgmt) &&