Currently SUITE_B_192 capability is indicated for all devices using
the nl80211 driver. However some devices can't handle Suite B 192 due
to insufficient ciphers supported. Add a check for GCMP-256 cipher
support and only indicate SUITE_B_192 capability when supported.
This allows compiling with CONFIG_SUITEB192 and still get proper
response to the 'GET_CAPABILITY key_mgmt' command. Under Android
it can also serve as a dynamic way for HAL to query platform
for WPA3 enterprise support.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@xxxxxxxx>
---
src/drivers/driver_nl80211_capa.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 8318b10ab..f60fe77ca 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -1202,10 +1202,13 @@ int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK |
WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B |
- WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B_192 |
WPA_DRIVER_CAPA_KEY_MGMT_OWE |
WPA_DRIVER_CAPA_KEY_MGMT_DPP;
+ if (drv->capa.enc & WPA_DRIVER_CAPA_ENC_GCMP_256) {
+ drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B_192;
+ }
+
if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA256 |
WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA384 |
--
2.17.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
