From: Jouni Malinen <j@w1.fi>
Date: Wed, 25 Dec 2019 21:43:35 +0000 (+0200)
Subject: mesh: Allow group management cipher to be configured
X-Git-Tag: hostap_2_10~2109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b391715cbbde17807943605e82dd0d90d919d50;p=thirdparty%2Fhostap.git

mesh: Allow group management cipher to be configured

This allows BIP-GMAC-128, BIP-GMAC-256, or BIP-CMAC-256 to be used
instead of the previously hardcoded AES-128-CMAC as the group management
cipher when using mesh with PMF. For now, this can be configured by
setting a single group_mgmt value in the network block and doing that
consistently through all the STAs in the mesh.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index 5c1a47d8f..b504124fa 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -114,8 +114,14 @@ static struct mesh_conf * mesh_config_create(struct wpa_supplicant *wpa_s,
 	}
 
 	conf->group_cipher = cipher;
-	if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
-		conf->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
+	if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
+		if (ssid->group_mgmt_cipher == WPA_CIPHER_BIP_GMAC_128 ||
+		    ssid->group_mgmt_cipher == WPA_CIPHER_BIP_GMAC_256 ||
+		    ssid->group_mgmt_cipher == WPA_CIPHER_BIP_CMAC_256)
+			conf->mgmt_group_cipher = ssid->group_mgmt_cipher;
+		else
+			conf->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
+	}
 
 	/* defaults */
 	conf->mesh_pp_id = MESH_PATH_PROTOCOL_HWMP;