Add definitions for new cipher suites from IEEE Std 802.11ac-2013

This adds initial parts for supporting the new GCMP-256, CCMP-256,
BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 cipher suites.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-12-24 22:21:04 +02:00
parent 13b24a766f
commit 30675c3416
10 changed files with 273 additions and 11 deletions

View file

@ -759,7 +759,9 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
if (conf->ieee80211n && bss->wpa &&
!(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
!(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP))) {
!(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
{
bss->disable_11n = 1;
wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
"requires CCMP/GCMP to be enabled, disabling HT "
@ -792,7 +794,9 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
#ifdef CONFIG_HS20
if (bss->hs20 &&
(!(bss->wpa & 2) ||
!(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)))) {
!(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
WPA_CIPHER_CCMP_256 |
WPA_CIPHER_GCMP_256)))) {
wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
"configuration is required for Hotspot 2.0 "
"functionality");

View file

@ -28,6 +28,11 @@ typedef enum { FALSE = 0, TRUE = 1 } Boolean;
#endif /* CONFIG_IEEE80211W */
#define WPA_CIPHER_GCMP BIT(6)
#define WPA_CIPHER_SMS4 BIT(7)
#define WPA_CIPHER_GCMP_256 BIT(8)
#define WPA_CIPHER_CCMP_256 BIT(9)
#define WPA_CIPHER_BIP_GMAC_128 BIT(11)
#define WPA_CIPHER_BIP_GMAC_256 BIT(12)
#define WPA_CIPHER_BIP_CMAC_256 BIT(13)
#define WPA_KEY_MGMT_IEEE8021X BIT(0)
#define WPA_KEY_MGMT_PSK BIT(1)
@ -117,7 +122,12 @@ enum wpa_alg {
WPA_ALG_PMK,
WPA_ALG_GCMP,
WPA_ALG_SMS4,
WPA_ALG_KRK
WPA_ALG_KRK,
WPA_ALG_GCMP_256,
WPA_ALG_CCMP_256,
WPA_ALG_BIP_GMAC_128,
WPA_ALG_BIP_GMAC_256,
WPA_ALG_BIP_CMAC_256
};
/**
@ -130,7 +140,9 @@ enum wpa_cipher {
CIPHER_CCMP,
CIPHER_WEP104,
CIPHER_GCMP,
CIPHER_SMS4
CIPHER_SMS4,
CIPHER_GCMP_256,
CIPHER_CCMP_256
};
/**

View file

@ -1025,6 +1025,11 @@ enum wifi_display_subelem {
#define WLAN_CIPHER_SUITE_AES_CMAC 0x000FAC06
#define WLAN_CIPHER_SUITE_NO_GROUP_ADDR 0x000FAC07
#define WLAN_CIPHER_SUITE_GCMP 0x000FAC08
#define WLAN_CIPHER_SUITE_GCMP_256 0x000FAC09
#define WLAN_CIPHER_SUITE_CCMP_256 0x000FAC0A
#define WLAN_CIPHER_SUITE_BIP_GMAC_128 0x000FAC0B
#define WLAN_CIPHER_SUITE_BIP_GMAC_256 0x000FAC0C
#define WLAN_CIPHER_SUITE_BIP_CMAC_256 0x000FAC0D
#define WLAN_CIPHER_SUITE_SMS4 0x00147201

View file

@ -353,6 +353,16 @@ static int rsn_selector_to_bitfield(const u8 *s)
#endif /* CONFIG_IEEE80211W */
if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP)
return WPA_CIPHER_GCMP;
if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_CCMP_256)
return WPA_CIPHER_CCMP_256;
if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_GCMP_256)
return WPA_CIPHER_GCMP_256;
if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_128)
return WPA_CIPHER_BIP_GMAC_128;
if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_GMAC_256)
return WPA_CIPHER_BIP_GMAC_256;
if (RSN_SELECTOR_GET(s) == RSN_CIPHER_SUITE_BIP_CMAC_256)
return WPA_CIPHER_BIP_CMAC_256;
return 0;
}
@ -912,6 +922,10 @@ const char * wpa_cipher_txt(int cipher)
return "CCMP+TKIP";
case WPA_CIPHER_GCMP:
return "GCMP";
case WPA_CIPHER_GCMP_256:
return "GCMP-256";
case WPA_CIPHER_CCMP_256:
return "CCMP-256";
default:
return "UNKNOWN";
}
@ -1078,6 +1092,9 @@ int wpa_insert_pmkid(u8 *ies, size_t ies_len, const u8 *pmkid)
int wpa_cipher_key_len(int cipher)
{
switch (cipher) {
case WPA_CIPHER_CCMP_256:
case WPA_CIPHER_GCMP_256:
return 32;
case WPA_CIPHER_CCMP:
case WPA_CIPHER_GCMP:
return 16;
@ -1096,6 +1113,8 @@ int wpa_cipher_key_len(int cipher)
int wpa_cipher_rsc_len(int cipher)
{
switch (cipher) {
case WPA_CIPHER_CCMP_256:
case WPA_CIPHER_GCMP_256:
case WPA_CIPHER_CCMP:
case WPA_CIPHER_GCMP:
case WPA_CIPHER_TKIP:
@ -1112,6 +1131,10 @@ int wpa_cipher_rsc_len(int cipher)
int wpa_cipher_to_alg(int cipher)
{
switch (cipher) {
case WPA_CIPHER_CCMP_256:
return WPA_ALG_CCMP_256;
case WPA_CIPHER_GCMP_256:
return WPA_ALG_GCMP_256;
case WPA_CIPHER_CCMP:
return WPA_ALG_CCMP;
case WPA_CIPHER_GCMP:
@ -1139,6 +1162,10 @@ enum wpa_cipher wpa_cipher_to_suite_driver(int cipher)
return CIPHER_CCMP;
case WPA_CIPHER_GCMP:
return CIPHER_GCMP;
case WPA_CIPHER_CCMP_256:
return CIPHER_CCMP_256;
case WPA_CIPHER_GCMP_256:
return CIPHER_GCMP_256;
case WPA_CIPHER_TKIP:
default:
return CIPHER_TKIP;
@ -1148,7 +1175,9 @@ enum wpa_cipher wpa_cipher_to_suite_driver(int cipher)
int wpa_cipher_valid_pairwise(int cipher)
{
return cipher == WPA_CIPHER_CCMP ||
return cipher == WPA_CIPHER_CCMP_256 ||
cipher == WPA_CIPHER_GCMP_256 ||
cipher == WPA_CIPHER_CCMP ||
cipher == WPA_CIPHER_GCMP ||
cipher == WPA_CIPHER_TKIP;
}
@ -1156,6 +1185,10 @@ int wpa_cipher_valid_pairwise(int cipher)
u32 wpa_cipher_to_suite(int proto, int cipher)
{
if (cipher & WPA_CIPHER_CCMP_256)
return RSN_CIPHER_SUITE_CCMP_256;
if (cipher & WPA_CIPHER_GCMP_256)
return RSN_CIPHER_SUITE_GCMP_256;
if (cipher & WPA_CIPHER_CCMP)
return (proto == WPA_PROTO_RSN ?
RSN_CIPHER_SUITE_CCMP : WPA_CIPHER_SUITE_CCMP);
@ -1181,6 +1214,16 @@ int rsn_cipher_put_suites(u8 *pos, int ciphers)
{
int num_suites = 0;
if (ciphers & WPA_CIPHER_CCMP_256) {
RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP_256);
pos += RSN_SELECTOR_LEN;
num_suites++;
}
if (ciphers & WPA_CIPHER_GCMP_256) {
RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_GCMP_256);
pos += RSN_SELECTOR_LEN;
num_suites++;
}
if (ciphers & WPA_CIPHER_CCMP) {
RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
pos += RSN_SELECTOR_LEN;
@ -1232,6 +1275,10 @@ int wpa_cipher_put_suites(u8 *pos, int ciphers)
int wpa_pick_pairwise_cipher(int ciphers, int none_allowed)
{
if (ciphers & WPA_CIPHER_CCMP_256)
return WPA_CIPHER_CCMP_256;
if (ciphers & WPA_CIPHER_GCMP_256)
return WPA_CIPHER_GCMP_256;
if (ciphers & WPA_CIPHER_CCMP)
return WPA_CIPHER_CCMP;
if (ciphers & WPA_CIPHER_GCMP)
@ -1246,6 +1293,10 @@ int wpa_pick_pairwise_cipher(int ciphers, int none_allowed)
int wpa_pick_group_cipher(int ciphers)
{
if (ciphers & WPA_CIPHER_CCMP_256)
return WPA_CIPHER_CCMP_256;
if (ciphers & WPA_CIPHER_GCMP_256)
return WPA_CIPHER_GCMP_256;
if (ciphers & WPA_CIPHER_CCMP)
return WPA_CIPHER_CCMP;
if (ciphers & WPA_CIPHER_GCMP)
@ -1280,7 +1331,11 @@ int wpa_parse_cipher(const char *value)
end++;
last = *end == '\0';
*end = '\0';
if (os_strcmp(start, "CCMP") == 0)
if (os_strcmp(start, "CCMP-256") == 0)
val |= WPA_CIPHER_CCMP_256;
else if (os_strcmp(start, "GCMP-256") == 0)
val |= WPA_CIPHER_GCMP_256;
else if (os_strcmp(start, "CCMP") == 0)
val |= WPA_CIPHER_CCMP;
else if (os_strcmp(start, "GCMP") == 0)
val |= WPA_CIPHER_GCMP;
@ -1312,6 +1367,20 @@ int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim)
char *pos = start;
int ret;
if (ciphers & WPA_CIPHER_CCMP_256) {
ret = os_snprintf(pos, end - pos, "%sCCMP-256",
pos == start ? "" : delim);
if (ret < 0 || ret >= end - pos)
return -1;
pos += ret;
}
if (ciphers & WPA_CIPHER_GCMP_256) {
ret = os_snprintf(pos, end - pos, "%sGCMP-256",
pos == start ? "" : delim);
if (ret < 0 || ret >= end - pos)
return -1;
pos += ret;
}
if (ciphers & WPA_CIPHER_CCMP) {
ret = os_snprintf(pos, end - pos, "%sCCMP",
pos == start ? "" : delim);
@ -1373,5 +1442,11 @@ int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise)
return WPA_CIPHER_TKIP;
if ((pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP)
return WPA_CIPHER_GCMP;
if ((pairwise & (WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP |
WPA_CIPHER_GCMP)) == WPA_CIPHER_GCMP_256)
return WPA_CIPHER_GCMP_256;
if ((pairwise & (WPA_CIPHER_CCMP_256 | WPA_CIPHER_CCMP |
WPA_CIPHER_GCMP)) == WPA_CIPHER_CCMP_256)
return WPA_CIPHER_CCMP_256;
return WPA_CIPHER_CCMP;
}

View file

@ -21,10 +21,11 @@
#define WPA_GTK_MAX_LEN 32
#define WPA_ALLOWED_PAIRWISE_CIPHERS \
(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | WPA_CIPHER_NONE)
(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | WPA_CIPHER_NONE | \
WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256)
#define WPA_ALLOWED_GROUP_CIPHERS \
(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | WPA_CIPHER_WEP104 | \
WPA_CIPHER_WEP40)
WPA_CIPHER_WEP40 | WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256)
#define WPA_SELECTOR_LEN 4
#define WPA_VERSION 1
@ -60,6 +61,10 @@ WPA_CIPHER_WEP40)
#define RSN_AUTH_KEY_MGMT_TPK_HANDSHAKE RSN_SELECTOR(0x00, 0x0f, 0xac, 7)
#define RSN_AUTH_KEY_MGMT_SAE RSN_SELECTOR(0x00, 0x0f, 0xac, 8)
#define RSN_AUTH_KEY_MGMT_FT_SAE RSN_SELECTOR(0x00, 0x0f, 0xac, 9)
#define RSN_AUTH_KEY_MGMT_802_1X_SUITE_B RSN_SELECTOR(0x00, 0x0f, 0xac, 11)
#define RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_384 RSN_SELECTOR(0x00, 0x0f, 0xac, 12)
#define RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384 \
RSN_SELECTOR(0x00, 0x0f, 0xac, 13)
#define RSN_AUTH_KEY_MGMT_CCKM RSN_SELECTOR(0x00, 0x40, 0x96, 0x00)
#define RSN_CIPHER_SUITE_NONE RSN_SELECTOR(0x00, 0x0f, 0xac, 0)
@ -75,6 +80,11 @@ WPA_CIPHER_WEP40)
#endif /* CONFIG_IEEE80211W */
#define RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED RSN_SELECTOR(0x00, 0x0f, 0xac, 7)
#define RSN_CIPHER_SUITE_GCMP RSN_SELECTOR(0x00, 0x0f, 0xac, 8)
#define RSN_CIPHER_SUITE_GCMP_256 RSN_SELECTOR(0x00, 0x0f, 0xac, 9)
#define RSN_CIPHER_SUITE_CCMP_256 RSN_SELECTOR(0x00, 0x0f, 0xac, 10)
#define RSN_CIPHER_SUITE_BIP_GMAC_128 RSN_SELECTOR(0x00, 0x0f, 0xac, 11)
#define RSN_CIPHER_SUITE_BIP_GMAC_256 RSN_SELECTOR(0x00, 0x0f, 0xac, 12)
#define RSN_CIPHER_SUITE_BIP_CMAC_256 RSN_SELECTOR(0x00, 0x0f, 0xac, 13)
/* EAPOL-Key Key Data Encapsulation
* GroupKey and PeerKey require encryption, otherwise, encryption is optional.

View file

@ -833,6 +833,12 @@ struct wpa_driver_capa {
#define WPA_DRIVER_CAPA_ENC_CCMP 0x00000008
#define WPA_DRIVER_CAPA_ENC_WEP128 0x00000010
#define WPA_DRIVER_CAPA_ENC_GCMP 0x00000020
#define WPA_DRIVER_CAPA_ENC_GCMP_256 0x00000040
#define WPA_DRIVER_CAPA_ENC_CCMP_256 0x00000080
#define WPA_DRIVER_CAPA_ENC_BIP 0x00000100
#define WPA_DRIVER_CAPA_ENC_BIP_GMAC_128 0x00000200
#define WPA_DRIVER_CAPA_ENC_BIP_GMAC_256 0x00000400
#define WPA_DRIVER_CAPA_ENC_BIP_CMAC_256 0x00000800
unsigned int enc;
#define WPA_DRIVER_AUTH_OPEN 0x00000001
@ -1267,7 +1273,9 @@ struct wpa_driver_ops {
* @priv: private driver interface data
* @alg: encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
* %WPA_ALG_TKIP, %WPA_ALG_CCMP, %WPA_ALG_IGTK, %WPA_ALG_PMK,
* %WPA_ALG_GCMP);
* %WPA_ALG_GCMP, %WPA_ALG_GCMP_256, %WPA_ALG_CCMP_256,
* %WPA_ALG_BIP_GMAC_128, %WPA_ALG_BIP_GMAC_256,
* %WPA_ALG_BIP_CMAC_256);
* %WPA_ALG_NONE clears the key.
* @addr: Address of the peer STA (BSSID of the current AP when setting
* pairwise key in station mode), ff:ff:ff:ff:ff:ff for

View file

@ -5180,10 +5180,30 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
WLAN_CIPHER_SUITE_GCMP);
break;
case WPA_ALG_CCMP_256:
NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
WLAN_CIPHER_SUITE_CCMP_256);
break;
case WPA_ALG_GCMP_256:
NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
WLAN_CIPHER_SUITE_GCMP_256);
break;
case WPA_ALG_IGTK:
NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
WLAN_CIPHER_SUITE_AES_CMAC);
break;
case WPA_ALG_BIP_GMAC_128:
NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
WLAN_CIPHER_SUITE_BIP_GMAC_128);
break;
case WPA_ALG_BIP_GMAC_256:
NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
WLAN_CIPHER_SUITE_BIP_GMAC_256);
break;
case WPA_ALG_BIP_CMAC_256:
NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
WLAN_CIPHER_SUITE_BIP_CMAC_256);
break;
case WPA_ALG_SMS4:
NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
WLAN_CIPHER_SUITE_SMS4);
@ -5320,10 +5340,30 @@ static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
case WPA_ALG_GCMP:
NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_GCMP);
break;
case WPA_ALG_CCMP_256:
NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
WLAN_CIPHER_SUITE_CCMP_256);
break;
case WPA_ALG_GCMP_256:
NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
WLAN_CIPHER_SUITE_GCMP_256);
break;
case WPA_ALG_IGTK:
NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
WLAN_CIPHER_SUITE_AES_CMAC);
break;
case WPA_ALG_BIP_GMAC_128:
NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
WLAN_CIPHER_SUITE_BIP_GMAC_128);
break;
case WPA_ALG_BIP_GMAC_256:
NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
WLAN_CIPHER_SUITE_BIP_GMAC_256);
break;
case WPA_ALG_BIP_CMAC_256:
NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
WLAN_CIPHER_SUITE_BIP_CMAC_256);
break;
default:
wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
"algorithm %d", __func__, alg);
@ -6747,6 +6787,10 @@ static int wpa_driver_nl80211_set_ap(void *priv,
wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
params->pairwise_ciphers);
num_suites = 0;
if (params->pairwise_ciphers & WPA_CIPHER_CCMP_256)
suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP_256;
if (params->pairwise_ciphers & WPA_CIPHER_GCMP_256)
suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP_256;
if (params->pairwise_ciphers & WPA_CIPHER_CCMP)
suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP;
if (params->pairwise_ciphers & WPA_CIPHER_GCMP)
@ -6765,6 +6809,14 @@ static int wpa_driver_nl80211_set_ap(void *priv,
wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x",
params->group_cipher);
switch (params->group_cipher) {
case WPA_CIPHER_CCMP_256:
NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
WLAN_CIPHER_SUITE_CCMP_256);
break;
case WPA_CIPHER_GCMP_256:
NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
WLAN_CIPHER_SUITE_GCMP_256);
break;
case WPA_CIPHER_CCMP:
NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
WLAN_CIPHER_SUITE_CCMP);
@ -8129,6 +8181,12 @@ skip_auth_type:
case CIPHER_GCMP:
cipher = WLAN_CIPHER_SUITE_GCMP;
break;
case CIPHER_CCMP_256:
cipher = WLAN_CIPHER_SUITE_CCMP_256;
break;
case CIPHER_GCMP_256:
cipher = WLAN_CIPHER_SUITE_GCMP_256;
break;
case CIPHER_TKIP:
default:
cipher = WLAN_CIPHER_SUITE_TKIP;
@ -8156,6 +8214,12 @@ skip_auth_type:
case CIPHER_GCMP:
cipher = WLAN_CIPHER_SUITE_GCMP;
break;
case CIPHER_CCMP_256:
cipher = WLAN_CIPHER_SUITE_CCMP_256;
break;
case CIPHER_GCMP_256:
cipher = WLAN_CIPHER_SUITE_GCMP_256;
break;
case CIPHER_TKIP:
default:
cipher = WLAN_CIPHER_SUITE_TKIP;
@ -8347,6 +8411,12 @@ static int wpa_driver_nl80211_associate(
case CIPHER_GCMP:
cipher = WLAN_CIPHER_SUITE_GCMP;
break;
case CIPHER_CCMP_256:
cipher = WLAN_CIPHER_SUITE_CCMP_256;
break;
case CIPHER_GCMP_256:
cipher = WLAN_CIPHER_SUITE_GCMP_256;
break;
case CIPHER_TKIP:
default:
cipher = WLAN_CIPHER_SUITE_TKIP;
@ -8372,6 +8442,12 @@ static int wpa_driver_nl80211_associate(
case CIPHER_GCMP:
cipher = WLAN_CIPHER_SUITE_GCMP;
break;
case CIPHER_CCMP_256:
cipher = WLAN_CIPHER_SUITE_CCMP_256;
break;
case CIPHER_GCMP_256:
cipher = WLAN_CIPHER_SUITE_GCMP_256;
break;
case CIPHER_TKIP:
default:
cipher = WLAN_CIPHER_SUITE_TKIP;

View file

@ -276,7 +276,9 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
if (bss->wpa_group_rekey < 86400 && (bss->wpa & 2) &&
(bss->wpa_group == WPA_CIPHER_CCMP ||
bss->wpa_group == WPA_CIPHER_GCMP)) {
bss->wpa_group == WPA_CIPHER_GCMP ||
bss->wpa_group == WPA_CIPHER_CCMP_256 ||
bss->wpa_group == WPA_CIPHER_GCMP_256)) {
/*
* Strong ciphers do not need frequent rekeying, so increase
* the default GTK rekeying period to 24 hours.

View file

@ -2678,6 +2678,24 @@ static int ctrl_iface_get_capability_pairwise(int res, char *strict,
return len;
}
if (capa->enc & WPA_DRIVER_CAPA_ENC_CCMP_256) {
ret = os_snprintf(pos, end - pos, "%sCCMP-256",
first ? "" : " ");
if (ret < 0 || ret >= end - pos)
return pos - buf;
pos += ret;
first = 0;
}
if (capa->enc & WPA_DRIVER_CAPA_ENC_GCMP_256) {
ret = os_snprintf(pos, end - pos, "%sGCMP-256",
first ? "" : " ");
if (ret < 0 || ret >= end - pos)
return pos - buf;
pos += ret;
first = 0;
}
if (capa->enc & WPA_DRIVER_CAPA_ENC_CCMP) {
ret = os_snprintf(pos, end - pos, "%sCCMP", first ? "" : " ");
if (ret < 0 || ret >= end - pos)
@ -2734,6 +2752,24 @@ static int ctrl_iface_get_capability_group(int res, char *strict,
return len;
}
if (capa->enc & WPA_DRIVER_CAPA_ENC_CCMP_256) {
ret = os_snprintf(pos, end - pos, "%sCCMP-256",
first ? "" : " ");
if (ret < 0 || ret >= end - pos)
return pos - buf;
pos += ret;
first = 0;
}
if (capa->enc & WPA_DRIVER_CAPA_ENC_GCMP_256) {
ret = os_snprintf(pos, end - pos, "%sGCMP-256",
first ? "" : " ");
if (ret < 0 || ret >= end - pos)
return pos - buf;
pos += ret;
first = 0;
}
if (capa->enc & WPA_DRIVER_CAPA_ENC_CCMP) {
ret = os_snprintf(pos, end - pos, "%sCCMP", first ? "" : " ");
if (ret < 0 || ret >= end - pos)

View file

@ -2260,6 +2260,18 @@ dbus_bool_t wpas_dbus_getter_capabilities(DBusMessageIter *iter,
&iter_array))
goto nomem;
if (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP_256) {
if (!wpa_dbus_dict_string_array_add_element(
&iter_array, "ccmp-256"))
goto nomem;
}
if (capa.enc & WPA_DRIVER_CAPA_ENC_GCMP_256) {
if (!wpa_dbus_dict_string_array_add_element(
&iter_array, "gcmp-256"))
goto nomem;
}
if (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP) {
if (!wpa_dbus_dict_string_array_add_element(
&iter_array, "ccmp"))
@ -2307,6 +2319,18 @@ dbus_bool_t wpas_dbus_getter_capabilities(DBusMessageIter *iter,
&iter_array))
goto nomem;
if (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP_256) {
if (!wpa_dbus_dict_string_array_add_element(
&iter_array, "ccmp-256"))
goto nomem;
}
if (capa.enc & WPA_DRIVER_CAPA_ENC_GCMP_256) {
if (!wpa_dbus_dict_string_array_add_element(
&iter_array, "gcmp-256"))
goto nomem;
}
if (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP) {
if (!wpa_dbus_dict_string_array_add_element(
&iter_array, "ccmp"))
@ -3601,7 +3625,7 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(DBusMessageIter *iter,
{
DBusMessageIter iter_dict, variant_iter;
const char *group;
const char *pairwise[3]; /* max 3 pairwise ciphers is supported */
const char *pairwise[5]; /* max 5 pairwise ciphers is supported */
const char *key_mgmt[7]; /* max 7 key managements may be supported */
int n;
@ -3650,6 +3674,12 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(DBusMessageIter *iter,
case WPA_CIPHER_WEP104:
group = "wep104";
break;
case WPA_CIPHER_CCMP_256:
group = "ccmp-256";
break;
case WPA_CIPHER_GCMP_256:
group = "gcmp-256";
break;
default:
group = "";
break;
@ -3666,6 +3696,10 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop(DBusMessageIter *iter,
pairwise[n++] = "ccmp";
if (ie_data->pairwise_cipher & WPA_CIPHER_GCMP)
pairwise[n++] = "gcmp";
if (ie_data->pairwise_cipher & WPA_CIPHER_CCMP_256)
pairwise[n++] = "ccmp-256";
if (ie_data->pairwise_cipher & WPA_CIPHER_GCMP_256)
pairwise[n++] = "gcmp-256";
if (!wpa_dbus_dict_append_string_array(&iter_dict, "Pairwise",
pairwise, n))