From 9b391715cbbde17807943605e82dd0d90d919d50 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 25 Dec 2019 23:43:35 +0200 Subject: [PATCH] mesh: Allow group management cipher to be configured This allows BIP-GMAC-128, BIP-GMAC-256, or BIP-CMAC-256 to be used instead of the previously hardcoded AES-128-CMAC as the group management cipher when using mesh with PMF. For now, this can be configured by setting a single group_mgmt value in the network block and doing that consistently through all the STAs in the mesh. Signed-off-by: Jouni Malinen --- wpa_supplicant/mesh.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c index 5c1a47d8f..b504124fa 100644 --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c @@ -114,8 +114,14 @@ static struct mesh_conf * mesh_config_create(struct wpa_supplicant *wpa_s, } conf->group_cipher = cipher; - if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) - conf->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC; + if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { + if (ssid->group_mgmt_cipher == WPA_CIPHER_BIP_GMAC_128 || + ssid->group_mgmt_cipher == WPA_CIPHER_BIP_GMAC_256 || + ssid->group_mgmt_cipher == WPA_CIPHER_BIP_CMAC_256) + conf->mgmt_group_cipher = ssid->group_mgmt_cipher; + else + conf->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC; + } /* defaults */ conf->mesh_pp_id = MESH_PATH_PROTOCOL_HWMP;