bartoszek/zephyr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

modules: hostap: set the cipher suites for WPA2 & WPA3 SAE mode

Browse Source 
When the external AP is in WPA3 SAE mode, the group cipher uses
TKIP and the pairwise cipher uses TKIP and CCMP. Should not
connect to the AP.
For WPA2 & WPA3 SAE & WPA2/WPA3 mixed mode, set group cipher to
CCMP, pairwise cipher to CCMP.

Signed-off-by: Gang Li <gang.li_1@nxp.com>
This commit is contained in:
Gang Li 2025-07-11 12:05:36 +02:00 committed by Anas Nashif
parent 226011b8e1
commit c8fa5e5899
1 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
modules/hostap/src/supp_api.c
View File

@ -756,6 +756,14 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s,
goto out;
}
}
if (!wpa_cli_cmd_v("set_network %d group CCMP", resp.network_id)) {
goto out;
}
if (!wpa_cli_cmd_v("set_network %d pairwise CCMP", resp.network_id)) {
goto out;
}
} else if (params->security == WIFI_SECURITY_TYPE_PSK_SHA256) {
if (!wpa_cli_cmd_v("set_network %d psk \"%s\"",
resp.network_id, psk_null_terminated)) {
@ -766,6 +774,14 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s,
resp.network_id)) {
goto out;
}
if (!wpa_cli_cmd_v("set_network %d group CCMP", resp.network_id)) {
goto out;
}
if (!wpa_cli_cmd_v("set_network %d pairwise CCMP", resp.network_id)) {
goto out;
}
} else if (params->security == WIFI_SECURITY_TYPE_PSK ||
params->security == WIFI_SECURITY_TYPE_WPA_PSK) {
if (!wpa_cli_cmd_v("set_network %d psk \"%s\"",
@ -783,6 +799,15 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s,
resp.network_id)) {
goto out;
}
} else {
if (!wpa_cli_cmd_v("set_network %d group CCMP", resp.network_id)) {
goto out;
}
if (!wpa_cli_cmd_v("set_network %d pairwise CCMP",
resp.network_id)) {
goto out;
}
}
} else if (params->security == WIFI_SECURITY_TYPE_WPA_AUTO_PERSONAL) {
if (!wpa_cli_cmd_v("set_network %d psk \"%s\"", resp.network_id,
@ -810,6 +835,14 @@ static int wpas_add_and_config_network(struct wpa_supplicant *wpa_s,
resp.network_id)) {
goto out;
}
if (!wpa_cli_cmd_v("set_network %d group CCMP", resp.network_id)) {
goto out;
}
if (!wpa_cli_cmd_v("set_network %d pairwise CCMP", resp.network_id)) {
goto out;
}
#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
} else if (is_eap_valid_security(params->security)) {
if (process_cipher_config(params, &cipher_config)) {