From 219e18323f4ae230ed29473a658343f28bbc53c2 Mon Sep 17 00:00:00 2001
From: James Prestwood <prestwoj@gmail.com>
Date: Tue, 12 Oct 2021 08:34:17 -0700
Subject: [PATCH] station: limit extended key IDs to CCMP ciphers

---
 src/station.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/station.c b/src/station.c
index bfd69777..c73db634 100644
--- a/src/station.c
+++ b/src/station.c
@@ -1087,8 +1087,13 @@ build_ie:
 
 	info.ocvc = !disable_ocv && bss_info.ocvc;
 
-	/* Extended Key IDs can only be used if supported by both AP and STA */
-	if (wiphy_supports_ext_key_id(wiphy) && bss_info.extended_key_id)
+	/*
+	 * IEEE 802.11-2020 9.4.2.24.4 states extended key IDs can only be used
+	 * with CCMP/GCMP cipher suites. We also only enable support if the AP
+	 * also indicates support.
+	 */
+	if (wiphy_supports_ext_key_id(wiphy) && bss_info.extended_key_id &&
+			info.pairwise_ciphers == IE_RSN_CIPHER_SUITE_CCMP)
 		info.extended_key_id = true;
 
 	/* RSN takes priority */