3 files changed, 17 insertions, 0 deletions

diff --git a/hostapd/ieee802_11.c b/hostapd/ieee802_11.c
index 39cc837..fe2d88f 100644
--- a/hostapd/ieee802_11.c
+++ b/hostapd/ieee802_11.c
@@ -930,6 +930,16 @@ static void handle_assoc(struct hostapd_data *hapd,
 				goto fail;
 		}
 #endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_IEEE80211N
+		if ((sta->flags & WLAN_STA_HT) &&
+		    wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
+			wpa_printf(MSG_DEBUG, "HT: " MACSTR " tried to "
+				   "use TKIP with HT association",
+				   MAC2STR(sta->addr));
+			resp = WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
+			goto fail;
+		}
+#endif /* CONFIG_IEEE80211N */
 	} else
 		wpa_auth_sta_no_wpa(sta->wpa_sm);
 
diff --git a/hostapd/wpa.c b/hostapd/wpa.c
index 0d173c0..e995562 100644
--- a/hostapd/wpa.c
+++ b/hostapd/wpa.c
@@ -2305,6 +2305,12 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm)
 }
 
 
+int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
+{
+	return sm->pairwise;
+}
+
+
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
 {
 	if (sm == NULL)
diff --git a/hostapd/wpa.h b/hostapd/wpa.h
index e347923..44cb92d 100644
--- a/hostapd/wpa.h
+++ b/hostapd/wpa.h
@@ -246,6 +246,7 @@ int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen);
 int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
 int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,