From bfa039c414bc6613cc5361aaf5fa6baf5fa0264b Mon Sep 17 00:00:00 2001
From: Joerg Werner <schreibubi@gmail.com>
Date: Mon, 15 Aug 2022 14:10:22 +0200
Subject: [PATCH] netifd: fix WPA3 enterprise ciphers

WPA3 enterprise requires wpa_cipher to be GCMP-256 for good client/device
support, so if the user sets encryption to wpa3 or wpa3-mixed, then add
GCMP-256. Also allow explicit selection of GCMP-256/CCMP-256 ciphers by
adding gcmp256/ccmp256 at the end of the encryption value.

Signed-off-by: Joerg Werner <schreibubi@gmail.com>
---
 scripts/netifd-wireless.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh
index 0e3293c..5779751 100644
--- a/scripts/netifd-wireless.sh
+++ b/scripts/netifd-wireless.sh
@@ -216,10 +216,19 @@ wireless_vif_parse_encryption() {
 		wpa_cipher="CCMP"
 	fi
 
+	# WPA3 enterprise requires the GCMP-256 cipher (technically also CCMP and GCMP are possible
+	# but many clients/devices do not support that)
+	case "$encryption" in
+		wpa3-mixed*) wpa_cipher="${wpa_cipher} GCMP-256";;
+		wpa3*) wpa_cipher="GCMP-256";;
+	esac
+
 	case "$encryption" in
 		*tkip+aes|*tkip+ccmp|*aes+tkip|*ccmp+tkip) wpa_cipher="CCMP TKIP";;
+		*ccmp256) wpa_cipher="CCMP-256";;
 		*aes|*ccmp) wpa_cipher="CCMP";;
 		*tkip) wpa_cipher="TKIP";;
+		*gcmp256) wpa_cipher="GCMP-256";;
 		*gcmp) wpa_cipher="GCMP";;
 	esac
 
-- 
2.30.2