[PATCH] netifd: fix WPA3 enterprise ciphers

Joerg Werner Sun, 26 Jun 2022 09:34:04 -0700

WPA3 enterprise requires wpa_cipher to be GCMP-256, so if the user set
encryption to wpa3 or wpa3-mixed, then add GCMP-256. Also allow explicit
selection of GCMP-256 by adding gcmp256 at the end of the encryption
value.


Signed-off-by: Joerg Werner <[email protected]>
---
 scripts/netifd-wireless.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh
index 0e3293c..435a707 100644
--- a/scripts/netifd-wireless.sh
+++ b/scripts/netifd-wireless.sh
@@ -221,6 +221,7 @@ wireless_vif_parse_encryption() {
                *aes|*ccmp) wpa_cipher="CCMP";;
                *tkip) wpa_cipher="TKIP";;
                *gcmp) wpa_cipher="GCMP";;
+               *gcmp256) wpa_cipher="GCMP-256";;
        esac
 
        # 802.11n requires CCMP for WPA
@@ -246,7 +247,6 @@ wireless_vif_parse_encryption() {
                        wpa_cipher=
                ;;
        esac
-       wpa_pairwise="$wpa_cipher"
 
        case "$encryption" in
                owe*)
@@ -254,9 +254,11 @@ wireless_vif_parse_encryption() {
                ;;
                wpa3-mixed*)
                        auth_type=eap-eap192
+                       wpa_cipher="${wpa_cipher} GCMP-256"
                ;;
                wpa3*)
                        auth_type=eap192
+                       wpa_cipher="GCMP-256"
                ;;
                psk3-mixed*|sae-mixed*)
                        auth_type=psk-sae
@@ -283,6 +285,7 @@ wireless_vif_parse_encryption() {
                        esac
                ;;
        esac
+       wpa_pairwise="$wpa_cipher"
 
        case "$encryption" in
                *osen*)
-- 
2.36.1


_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[PATCH] netifd: fix WPA3 enterprise ciphers

Reply via email to