netifd: fix WPA3 enterprise ciphers
authorJoerg Werner <schreibubi@gmail.com>
Mon, 15 Aug 2022 12:10:22 +0000 (14:10 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 20 Aug 2022 15:56:51 +0000 (17:56 +0200)
WPA3 enterprise requires wpa_cipher to be GCMP-256 for good client/device
support, so if the user sets encryption to wpa3 or wpa3-mixed, then add
GCMP-256. Also allow explicit selection of GCMP-256/CCMP-256 ciphers by
adding gcmp256/ccmp256 at the end of the encryption value.

Signed-off-by: Joerg Werner <schreibubi@gmail.com>
scripts/netifd-wireless.sh

index 0e3293ce439e76f5d3dfe156b3898bfd62826c0c..5779751fe6035db9abd96467a9d7c1f69f3619cf 100644 (file)
@@ -216,10 +216,19 @@ wireless_vif_parse_encryption() {
                wpa_cipher="CCMP"
        fi
 
+       # WPA3 enterprise requires the GCMP-256 cipher (technically also CCMP and GCMP are possible
+       # but many clients/devices do not support that)
+       case "$encryption" in
+               wpa3-mixed*) wpa_cipher="${wpa_cipher} GCMP-256";;
+               wpa3*) wpa_cipher="GCMP-256";;
+       esac
+
        case "$encryption" in
                *tkip+aes|*tkip+ccmp|*aes+tkip|*ccmp+tkip) wpa_cipher="CCMP TKIP";;
+               *ccmp256) wpa_cipher="CCMP-256";;
                *aes|*ccmp) wpa_cipher="CCMP";;
                *tkip) wpa_cipher="TKIP";;
+               *gcmp256) wpa_cipher="GCMP-256";;
                *gcmp) wpa_cipher="GCMP";;
        esac