Shouldn't we separate group cipher for WPA and RSN?

Andriy Tkachuk andriy.v.tkachuk at globallogic.com
Fri Oct 16 05:03:41 EDT 2009


Hi folks.

In hostapd.conf about group cipher configuration there is following written:

# Group cipher suite (encryption algorithm for broadcast and multicast 
frames)
# is automatically selected based on this configuration. If only CCMP is
# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
# TKIP will be used as the group cipher.

It is clear, but. Let's review following configuration:

wpa_pairwise=TKIP
rsn_pairwise=CCMP

What group cipher should be selected for RSN? According to description 
it might be CCMP, no? But today it is set to TKIP (because it is set for 
WPA).

Here is the code from config.c which explains how it is set:

                /* Select group cipher based on the enabled pairwise cipher
                 * suites */
                pairwise = 0;
                if (bss->wpa & 1)
                        pairwise |= bss->wpa_pairwise;
                if (bss->wpa & 2) {
                        if (bss->rsn_pairwise == 0)
                                bss->rsn_pairwise = bss->wpa_pairwise;
                        pairwise |= bss->rsn_pairwise;
                }
                if (pairwise & WPA_CIPHER_TKIP)
                        bss->wpa_group = WPA_CIPHER_TKIP;
                else
                        bss->wpa_group = WPA_CIPHER_CCMP;

Shouldn't we introduce bss->rsn_group ?


Thank you,
    Andriy


More information about the HostAP mailing list