commit 875fbb7f813a89d8bb72914a1c8f64f29e8df327
author developer <developer@mediatek.com> Wed Dec 13 15:49:01 2023 +0800
committer developer <developer@mediatek.com> Thu Dec 14 09:47:06 2023 +0800
tree 200a2a73aa1962b028a832df59b7743499cf8232
parent 9d31118694c56f66aaafab6b3b47a72f1ef66fcd

[][MAC80211][WiFi6/7][Misc][Change group mgmt cipher setting to align group cipher]

[Description]
Change group mgmt cipher setting to align group cipher. Group mgmt cipher
is independent from other cipher, here we set it more intuitively. And
remain a way to directly set group mgmt cipher.
Before align Logan:
group cipher      CMAC-128  CMAC-256  GMAC-128  GMAC-256
group mgmt cipher CMAC-128  CMAC-128  CMAC-128  GMAC-256

After this patch:
group cipher      CMAC-128  CMAC-256  GMAC-128  GMAC-256
group mgmt cipher CMAC-128 "CMAC-256  GMAC-128" GMAC-256

[Release-log]
N/A

Change-Id: I6a96cdcecb90970f0771ef4f45881ad71424ba54
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/8384026

autobuild_mac80211_release/0001-wifi6-mac80211-generate-hostapd-setting-from-ap-cap.patch

diff --git a/autobuild_mac80211_release/0001-wifi6-mac80211-generate-hostapd-setting-from-ap-cap.patch b/autobuild_mac80211_release/0001-wifi6-mac80211-generate-hostapd-setting-from-ap-cap.patch
index 9bbb5c3..4f31708 100644
--- a/autobuild_mac80211_release/0001-wifi6-mac80211-generate-hostapd-setting-from-ap-cap.patch
+++ b/autobuild_mac80211_release/0001-wifi6-mac80211-generate-hostapd-setting-from-ap-cap.patch
@@ -666,7 +666,7 @@
  	done
  }
 diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
-index 28bd210..3bdf3c0 100644
+index 28bd210..0df9a6f 100644
 --- a/package/network/services/hostapd/files/hostapd.sh
 +++ b/package/network/services/hostapd/files/hostapd.sh
 @@ -60,7 +60,14 @@ hostapd_append_wpa_key_mgmt() {
@@ -704,7 +704,7 @@
  	[ -n "$beacon_rate" ] && append base_cfg "beacon_rate=$beacon_rate" "$N"
  	[ -n "$rlist" ] && append base_cfg "supported_rates=$rlist" "$N"
  	[ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N"
-@@ -376,6 +386,24 @@ hostapd_common_add_bss_config() {
+@@ -376,6 +386,25 @@ hostapd_common_add_bss_config() {
  	config_add_string fils_dhcp
  
  	config_add_int ocv
@@ -725,11 +725,12 @@
 +	config_add_array owe_groups
 +	config_add_array pairwise
 +	config_add_string group_cipher
++	config_add_string group_mgmt_cipher
 +
  }
  
  hostapd_set_vlan_file() {
-@@ -440,11 +468,11 @@ append_iw_nai_realm() {
+@@ -440,11 +469,11 @@ append_iw_nai_realm() {
  }
  
  append_iw_venue_name() {
@@ -743,17 +744,17 @@
  }
  
  append_hs20_oper_friendly_name() {
-@@ -562,7 +590,8 @@ hostapd_set_bss_options() {
+@@ -562,7 +591,8 @@ hostapd_set_bss_options() {
  		ppsk airtime_bss_weight airtime_bss_limit airtime_sta_weight \
  		multicast_to_unicast_all proxy_arp per_sta_vif \
  		eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id \
 -		vendor_elements fils ocv
 +		vendor_elements fils ocv unsol_bcast_probe_resp_interval fils_discovery_min_interval \
-+		fils_discovery_max_interval rnr group_cipher
++		fils_discovery_max_interval rnr group_cipher group_mgmt_cipher
  
  	set_default fils 0
  	set_default isolate 0
-@@ -790,6 +819,36 @@ hostapd_set_bss_options() {
+@@ -790,6 +820,36 @@ hostapd_set_bss_options() {
  	local auth_algs="$((($auth_mode_shared << 1) | $auth_mode_open))"
  	append bss_conf "auth_algs=${auth_algs:-1}" "$N"
  	append bss_conf "wpa=$wpa" "$N"
@@ -790,7 +791,7 @@
  	[ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" "$N"
  
  	set_default wps_pushbutton 0
-@@ -841,7 +900,7 @@ hostapd_set_bss_options() {
+@@ -841,7 +901,7 @@ hostapd_set_bss_options() {
  	}
  
  	append bss_conf "ssid=$ssid" "$N"
@@ -799,7 +800,7 @@
  	[ -n "$network_ifname" ] && append bss_conf "snoop_iface=$network_ifname" "$N"
  	[ -n "$iapp_interface" ] && {
  		local ifname
-@@ -954,6 +1013,8 @@ hostapd_set_bss_options() {
+@@ -954,6 +1014,8 @@ hostapd_set_bss_options() {
  	fi
  
  	if [ "$wpa" -ge "2" ]; then
@@ -808,7 +809,7 @@
  		if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then
  			set_default auth_cache 1
  			append bss_conf "rsn_preauth=1" "$N"
-@@ -972,17 +1033,42 @@ hostapd_set_bss_options() {
+@@ -972,17 +1034,52 @@ hostapd_set_bss_options() {
  		append bss_conf "okc=$auth_cache" "$N"
  		[ "$auth_cache" = 0 -a "$fils" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N"
  
@@ -834,14 +835,24 @@
 +				json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout beacon_prot
  				append bss_conf "ieee80211w=$ieee80211w" "$N"
  				[ "$ieee80211w" -gt "0" ] && {
-+					case "$group_cipher" in
-+					CCMP*)
-+						ieee80211w_mgmt_cipher="AES-128-CMAC"
-+					;;
-+					GCMP-256)
-+						[[ "$encryption" != "*owe*" ]] && ieee80211w_mgmt_cipher="BIP-GMAC-256"
-+					;;
-+					esac
++					if [ -z "$group_mgmt_cipher" ]; then
++						case "$group_cipher" in
++						CCMP-256)
++							ieee80211w_mgmt_cipher="BIP-CMAC-256"
++						;;
++						CCMP)
++							ieee80211w_mgmt_cipher="AES-128-CMAC"
++						;;
++						GCMP-256)
++							ieee80211w_mgmt_cipher="BIP-GMAC-256"
++						;;
++						GCMP)
++							ieee80211w_mgmt_cipher="BIP-GMAC-128"
++						;;
++						esac
++					else
++						ieee80211w_mgmt_cipher="$group_mgmt_cipher"
++					fi
  					if [ "$auth_type" = "eap192" ]; then
  						append bss_conf "group_mgmt_cipher=BIP-GMAC-256" "$N"
  					else
@@ -852,7 +863,7 @@
  					[ -n "$ieee80211w_max_timeout" ] && \
  						append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
  					[ -n "$ieee80211w_retry_timeout" ] && \
-@@ -1047,9 +1133,10 @@ hostapd_set_bss_options() {
+@@ -1047,9 +1144,10 @@ hostapd_set_bss_options() {
  	json_get_vars iw_roaming_consortium iw_domain_name iw_anqp_3gpp_cell_net iw_nai_realm
  	json_get_vars iw_anqp_elem iw_qos_map_set iw_ipaddr_type_availability iw_gas_address3
  	json_get_vars iw_venue_name iw_venue_url
@@ -864,7 +875,7 @@
  		append bss_conf "interworking=1" "$N"
  		set_default iw_internet 1
  		set_default iw_asra 0
-@@ -1156,6 +1243,22 @@ hostapd_set_bss_options() {
+@@ -1156,6 +1254,22 @@ hostapd_set_bss_options() {
  		append bss_conf "$val" "$N"
  	done
  
@@ -887,7 +898,7 @@
  	bss_md5sum="$(echo $bss_conf | md5sum | cut -d" " -f1)"
  	append bss_conf "config_id=$bss_md5sum" "$N"
  
-@@ -1246,6 +1349,7 @@ wpa_supplicant_prepare_interface() {
+@@ -1246,6 +1360,7 @@ wpa_supplicant_prepare_interface() {
  		country_str="country=$country"
  	}
  
@@ -895,7 +906,7 @@
  	multiap_flag_file="${_config}.is_multiap"
  	if [ "$multi_ap" = "1" ]; then
  		touch "$multiap_flag_file"
-@@ -1257,6 +1361,7 @@ wpa_supplicant_prepare_interface() {
+@@ -1257,6 +1372,7 @@ wpa_supplicant_prepare_interface() {
  ${scan_list:+freq_list=$scan_list}
  $ap_scan
  $country_str
@@ -903,7 +914,7 @@
  EOF
  	return 0
  }
-@@ -1528,12 +1633,39 @@ wpa_supplicant_add_network() {
+@@ -1528,12 +1644,39 @@ wpa_supplicant_add_network() {
  		;;
  	esac
  
@@ -912,7 +923,7 @@
 -		append network_data "group=GCMP" "$N$T"
 -	}
 +	json_get_values pairwise pairwise
-+	json_get_vars group_cipher
++	json_get_vars group_cipher group_mgmt_cipher
 +	if [ -n "$pairwise" ]; then
 +		case "$pairwise" in
 +			*tkip+aes|*tkip+ccmp|*aes+tkip|*ccmp+tkip)
@@ -947,7 +958,7 @@
  		case "$wpa" in
  			1)
  				append network_data "proto=WPA" "$N$T"
-@@ -1543,12 +1675,48 @@ wpa_supplicant_add_network() {
+@@ -1543,12 +1686,58 @@ wpa_supplicant_add_network() {
  			;;
  		esac
  
@@ -974,14 +985,24 @@
 +				json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout beacon_prot
 +				append network_data "ieee80211w=$ieee80211w" "$N$T"
 +				[ "$ieee80211w" -gt "0" ] && {
-+					case "$group_cipher" in
-+					CCMP*)
-+						ieee80211w_mgmt_cipher="AES-128-CMAC"
-+					;;
-+					GCMP-256)
-+						[[ "$encryption" != "*owe*" ]] && ieee80211w_mgmt_cipher="BIP-GMAC-256"
-+					;;
-+					esac
++					if [ -z "$group_mgmt_cipher" ]; then
++						case "$group_cipher" in
++						CCMP-256)
++							ieee80211w_mgmt_cipher="BIP-CMAC-256"
++						;;
++						CCMP)
++							ieee80211w_mgmt_cipher="AES-128-CMAC"
++						;;
++						GCMP-256)
++							ieee80211w_mgmt_cipher="BIP-GMAC-256"
++						;;
++						GCMP)
++							ieee80211w_mgmt_cipher="BIP-GMAC-128"
++						;;
++						esac
++					else
++						ieee80211w_mgmt_cipher="$group_mgmt_cipher"
++					fi
 +					if [ "$auth_type" = "eap192" ]; then
 +						append network_data "group_mgmt=BIP-GMAC-256" "$N$T"
 +					else
@@ -997,7 +1018,7 @@
  	[ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T"
  	[ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int" "$N$T"
  
-@@ -1559,6 +1727,20 @@ wpa_supplicant_add_network() {
+@@ -1559,6 +1748,20 @@ wpa_supplicant_add_network() {
  	[ -n "$bssid_blacklist" ] && append network_data "bssid_blacklist=$bssid_blacklist" "$N$T"
  	[ -n "$bssid_whitelist" ] && append network_data "bssid_whitelist=$bssid_whitelist" "$N$T"
  
@@ -1018,7 +1039,7 @@
  	[ -n "$basic_rate" ] && {
  		local br rate_list=
  		for br in $basic_rate; do
-@@ -1573,6 +1755,11 @@ wpa_supplicant_add_network() {
+@@ -1573,6 +1776,11 @@ wpa_supplicant_add_network() {
  		append network_data "mcast_rate=$mc_rate" "$N$T"
  	}