From: Shivani Baranwal <quic_shivbara@quicinc.com>
Date: Sun, 4 Aug 2024 22:12:08 +0000 (+0530)
Subject: P2P2: Enable GCMP-256 as a pairwise cipher
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d0aad0facf3c5abb9e3c785c5a7fbb2d85cba47;p=thirdparty%2Fhostap.git

P2P2: Enable GCMP-256 as a pairwise cipher

Add GCMP-256 as a pairwise cipher based on PASN type during pairing.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
---

diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index f4ba0eaa7..f9743b1a9 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -1858,6 +1858,10 @@ int p2p_go_params(struct p2p_data *p2p, struct p2p_go_neg_results *params)
 	}
 	p2p->ssid_set = 0;
 
+	params->cipher = WPA_CIPHER_CCMP;
+	if (p2p->cfg->pairing_config.pasn_type & 0xc)
+		params->cipher |= WPA_CIPHER_GCMP_256;
+
 	p2p_random(params->passphrase, p2p->cfg->passphrase_len);
 	params->passphrase[p2p->cfg->passphrase_len] = '\0';
 	return 0;
@@ -1929,6 +1933,7 @@ void p2p_go_complete(struct p2p_data *p2p, struct p2p_device *peer)
 	if (peer->p2p2 && peer->pasn) {
 		res.p2p2 = peer->p2p2;
 		res.akmp = peer->pasn->akmp;
+		res.cipher = peer->pasn->cipher;
 
 		if (res.akmp == WPA_KEY_MGMT_PASN) {
 			if (go) {
diff --git a/src/p2p/p2p.h b/src/p2p/p2p.h
index afca5a4c7..5d6f41b3c 100644
--- a/src/p2p/p2p.h
+++ b/src/p2p/p2p.h
@@ -193,6 +193,11 @@ struct p2p_go_neg_results {
 	 */
 	int akmp;
 
+	/**
+	 * cipher - Pairwise cipher(s) for the group for P2P2
+	 */
+	int cipher;
+
 	/**
 	 * pmkid - PMKID for P2P2 when PMK is derived as part of pairing
 	 */
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 1f4c2fbfe..7b00c88c1 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -1894,6 +1894,8 @@ static void wpas_start_gc(struct wpa_supplicant *wpa_s,
 	ssid->key_mgmt = WPA_KEY_MGMT_SAE;
 	ssid->pairwise_cipher = WPA_CIPHER_CCMP;
 	ssid->group_cipher = WPA_CIPHER_CCMP;
+	if (res->cipher)
+		ssid->pairwise_cipher |= res->cipher;
 	ssid->sae_pwe = SAE_PWE_HASH_TO_ELEMENT;
 	ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
 	ssid->disabled = 0;
@@ -2342,6 +2344,8 @@ static void wpas_start_go(struct wpa_supplicant *wpa_s,
 		ssid->sae_password = os_strdup(params->sae_password);
 		ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
 		ssid->sae_pwe = SAE_PWE_HASH_TO_ELEMENT;
+		if (params->cipher)
+			ssid->pairwise_cipher |= params->cipher;
 	}
 
 	wpa_s->ap_configured_cb = p2p_go_configured;