[PATCH] DPP: Conditionally add cipher support based on driver capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Yan Zihan <zihan.yan10@xxxxxxxxx>

By default, wpa_supplicant sets the pairwise and group ciphers to CCMP (or CCMP+TKIP) when provisioning a network via DPP. As a result, DPP-provisioned clients are unable to connect to networks that require GCMP or GCMP-256 ciphers due to cipher mismatch. This issue does not affect manually-configured network profiles, where supported cipher suites can be explicitly specified.

This patch addresses the issue by conditionally setting the appropriate cipher suites in the DPP-generated network profile, based on driver capabilities.

Tested on various chipsets with different cipher capabilities:

| Test ID | Wi-Fi Chipset     | Cipher Support     | AP Cipher | Result    |
|---------|-------------------|--------------------|-----------|-----------|
| TC-01   | Intel AX211       | GCMP-256, CCMP-128 | GCMP-256  | Success   |
| TC-02   | Legacy chipset    |           CCMP-128 | GCMP-256  | Failure   |
| TC-03   | Intel AX211       | GCMP-256, CCMP-128 | CCMP-128  | Success   |
| TC-04   | Legacy chipset    |           CCMP-128 | CCMP-128  | Success   |

Signed-off-by: Yan Zihan <zihan.yan10@xxxxxxxxx>
---
 wpa_supplicant/dpp_supplicant.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index bdb3e2b9a..1fca882b6 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1423,6 +1423,21 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
 		return NULL;
 	wpas_notify_network_added(wpa_s, ssid);
 	wpa_config_set_network_defaults(ssid);
+	if (wpa_s->drv_capa_known &&
+		(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_GCMP)) {
+		ssid->pairwise_cipher |= WPA_CIPHER_GCMP;
+		ssid->group_cipher |= WPA_CIPHER_GCMP;
+	}
+	if (wpa_s->drv_capa_known &&
+		(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_GCMP_256)) {
+		ssid->pairwise_cipher |= WPA_CIPHER_GCMP_256;
+		ssid->group_cipher |= WPA_CIPHER_GCMP_256;
+	}
+	if (wpa_s->drv_capa_known &&
+	    (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_CCMP_256)) {
+		ssid->pairwise_cipher |= WPA_CIPHER_CCMP_256;
+		ssid->group_cipher |= WPA_CIPHER_CCMP_256;
+	}
 	ssid->disabled = 1;
 
 	ssid->ssid = os_malloc(conf->ssid_len);
-- 
2.49.0


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux