netifd: fix WPA3 enterprise ciphers

WPA3 enterprise requires wpa_cipher to be GCMP-256 for good client/device support, so if the user sets encryption to wpa3 or wpa3-mixed, then add GCMP-256. Also allow explicit selection of GCMP-256/CCMP-256 ciphers by adding gcmp256/ccmp256 at the end of the encryption value. Signed-off-by: Joerg Werner <schreibubi@gmail.com>
author: Joerg Werner <schreibubi@gmail.com> 2022-08-15 14:10:22 +0200
committer: Hauke Mehrtens <hauke@hauke-m.de> 2022-08-20 17:56:51 +0200
commit: bfa039c414bc6613cc5361aaf5fa6baf5fa0264b (patch)
tree: baf113981559c80ee2279724d6bcd95c261563ef
parent: 87fbefd95043c24ccd3d5639a90721a5ed0b8267 (diff)
download: netifd-bfa039c414bc6613cc5361aaf5fa6baf5fa0264b.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh
index 0e3293c..5779751 100644
--- a/scripts/netifd-wireless.sh
+++ b/scripts/netifd-wireless.sh
@@ -216,10 +216,19 @@ wireless_vif_parse_encryption() {
 		wpa_cipher="CCMP"
 	fi
 
+	# WPA3 enterprise requires the GCMP-256 cipher (technically also CCMP and GCMP are possible
+	# but many clients/devices do not support that)
+	case "$encryption" in
+		wpa3-mixed*) wpa_cipher="${wpa_cipher} GCMP-256";;
+		wpa3*) wpa_cipher="GCMP-256";;
+	esac
+
 	case "$encryption" in
 		*tkip+aes|*tkip+ccmp|*aes+tkip|*ccmp+tkip) wpa_cipher="CCMP TKIP";;
+		*ccmp256) wpa_cipher="CCMP-256";;
 		*aes|*ccmp) wpa_cipher="CCMP";;
 		*tkip) wpa_cipher="TKIP";;
+		*gcmp256) wpa_cipher="GCMP-256";;
 		*gcmp) wpa_cipher="GCMP";;
 	esac
author	Joerg Werner <schreibubi@gmail.com>	2022-08-15 14:10:22 +0200
committer	Hauke Mehrtens <hauke@hauke-m.de>	2022-08-20 17:56:51 +0200
commit	bfa039c414bc6613cc5361aaf5fa6baf5fa0264b (patch)
tree	baf113981559c80ee2279724d6bcd95c261563ef
parent	87fbefd95043c24ccd3d5639a90721a5ed0b8267 (diff)
download	netifd-bfa039c414bc6613cc5361aaf5fa6baf5fa0264b.tar.gz