mesh: Allow group management cipher to be configured

This allows BIP-GMAC-128, BIP-GMAC-256, or BIP-CMAC-256 to be used
instead of the previously hardcoded AES-128-CMAC as the group management
cipher when using mesh with PMF. For now, this can be configured by
setting a single group_mgmt value in the network block and doing that
consistently through all the STAs in the mesh.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index 5c1a47d8f554df1acf69591c82af6a88b2323331..b504124fadb062caeaa034e4e7918119483a42bc 100644 (file)
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -114,8 +114,14 @@ static struct mesh_conf * mesh_config_create(struct wpa_supplicant *wpa_s,
        }
 
        conf->group_cipher = cipher;
-       if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
-               conf->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
+       if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
+               if (ssid->group_mgmt_cipher == WPA_CIPHER_BIP_GMAC_128 ||
+                   ssid->group_mgmt_cipher == WPA_CIPHER_BIP_GMAC_256 ||
+                   ssid->group_mgmt_cipher == WPA_CIPHER_BIP_CMAC_256)
+                       conf->mgmt_group_cipher = ssid->group_mgmt_cipher;
+               else
+                       conf->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
+       }
 
        /* defaults */
        conf->mesh_pp_id = MESH_PATH_PROTOCOL_HWMP;