hi! I'm adding GCMP support to FreeBSD. I've got the crypto support in net80211 working and all the driver caps / cipher caps / etc all setup. And yes I'm doing this on 11n/11ac NICs as net80211 don't currently support WPA3/MFP, 11ad, 11ax, etc in the stack (but yes, this is all along the trajectory for WPA3/MFP.) Anyway! I've noticed that while yes I can add GCMP to hostapd and wpa_supplicant configs, wpa_supplicant REALLY only wants to negotiate GCMP if it's the only cipher listed. If there's GCMP and CCMP available, wpa_supplicant reliably chooses CCMP. I think i've traced down where in the source this is happening, as it's choosing CCMP for default for non-11ad, and GCMP default for 11ad. My questions however are with how the 802.11 specification could/should allow for cipher choices / priorities. * I haven't found anything in 802.11-2020 section 12 (security) that indicates a formal cipher priority. Is there a formal cipher priority? Is there anything stopping wpa_supplicant from choosing GCMP over CCMP if an AP advertises both? * Is it legal to have GCMP as a pairwise key and CCMP as a group key? * Has anyone else tried this, and found weird interoperability issues? Thanks! -adrian (adrian@xxxxxxxxxxx) _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
