Dear There,
Mesh was hardcoded to use BIP-CMAC-128 if PMF was enabled.
We hope to extend that to allow the other BIP algorithms to be used.
1) Assign the WPA_CIPHER_BIT_* by the ssid->group_mgmt cipher
2) The maximum size of AMPE IE is 160 bytes, not 96 bytes, plus the
two bytes of the IE header.
The 64 bytes added are MGTK [variable] and IGTK [variable] at the
256 bits crypto.
Please help to confirm that. Thank you.
diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index 7354c1b79..7dcd6f96c 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -116,8 +116,26 @@ static struct mesh_conf *
mesh_config_create(struct wpa_supplicant *wpa_s,
}
conf->group_cipher = cipher;
- if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
- conf->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
+
+#ifdef CONFIG_IEEE80211W
+ if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
+ if (ssid->group_mgmt_cipher &
+ WPA_CIPHER_BIP_GMAC_256)
+ conf->mgmt_group_cipher =
+ WPA_CIPHER_BIP_GMAC_256;
+ else if (ssid->group_mgmt_cipher &
+ WPA_CIPHER_BIP_CMAC_256)
+ conf->mgmt_group_cipher =
+ WPA_CIPHER_BIP_CMAC_256;
+ else if (ssid->group_mgmt_cipher &
+ WPA_CIPHER_BIP_GMAC_128)
+ conf->mgmt_group_cipher =
+ WPA_CIPHER_BIP_GMAC_128;
+ else
+ conf->mgmt_group_cipher =
+ WPA_CIPHER_AES_128_CMAC;
+ }
+#endif /* CONFIG_IEEE80211W */
/* defaults */
conf->mesh_pp_id = MESH_PATH_PROTOCOL_HWMP;
diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c
index 4a163b6eb..01b970715 100644
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -231,7 +231,7 @@ static void mesh_mpm_send_plink_action(struct
wpa_supplicant *wpa_s,
2 + 32 + /* mesh ID */
2 + 7 + /* mesh config */
2 + 24 + /* peering management */
- 2 + 96 + /* AMPE */
+ 2 + 160 + /* AMPE */
2 + 16; /* MIC */
#ifdef CONFIG_IEEE80211N
if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) {
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
