hostapd: support eap-eap2 and eap2 auth_type values
authorFelix Fietkau <nbd@nbd.name>
Thu, 31 Aug 2023 09:16:42 +0000 (11:16 +0200)
committerFelix Fietkau <nbd@nbd.name>
Mon, 18 Sep 2023 14:52:25 +0000 (16:52 +0200)
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b63df6ce5d0639e6106967fd445c96518da52afb)

package/network/services/hostapd/files/hostapd.sh

index 36aa6273b6ab7f29ba5f0c869be44a185626e3c5..830752cd87c28c84cbf928912279329ba44c7544 100644 (file)
@@ -52,12 +52,20 @@ hostapd_append_wpa_key_mgmt() {
                ;;
                eap-eap192)
                        append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
-                       append wpa_key_mgmt "WPA-EAP"
+                       append wpa_key_mgmt "WPA-EAP-SHA256"
                        [ "${ieee80211r:-0}" -gt 0 ] && {
                                append wpa_key_mgmt "FT-EAP-SHA384"
                                append wpa_key_mgmt "FT-EAP"
                        }
-                       [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
+               ;;
+               eap-eap2)
+                       append wpa_key_mgmt "WPA-EAP"
+                       append wpa_key_mgmt "WPA-EAP-SHA256"
+                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+               ;;
+               eap2)
+                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+                       append wpa_key_mgmt "WPA-EAP-SHA256"
                ;;
                sae)
                        append wpa_key_mgmt "SAE"
@@ -642,12 +650,12 @@ hostapd_set_bss_options() {
        [ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N"
 
        case "$auth_type" in
-               sae|owe|eap192|eap-eap192)
+               sae|owe|eap2|eap192|eap-eap192)
                        set_default ieee80211w 2
                        set_default sae_require_mfp 1
                        set_default sae_pwe 2
                ;;
-               psk-sae)
+               psk-sae|eap-eap2)
                        set_default ieee80211w 1
                        set_default sae_require_mfp 1
                        set_default sae_pwe 2
@@ -698,7 +706,7 @@ hostapd_set_bss_options() {
                        vlan_possible=1
                        wps_possible=1
                ;;
-               eap|eap192|eap-eap192)
+               eap|eap2|eap-eap2|eap192|eap-eap192)
                        json_get_vars \
                                auth_server auth_secret auth_port \
                                dae_client dae_secret dae_port \
@@ -1305,7 +1313,7 @@ wpa_supplicant_add_network() {
                default_disabled
 
        case "$auth_type" in
-               sae|owe|eap192|eap-eap192)
+               sae|owe|eap2|eap192|eap-eap192)
                        set_default ieee80211w 2
                ;;
                psk-sae)
@@ -1388,7 +1396,7 @@ wpa_supplicant_add_network() {
                        fi
                        append network_data "$passphrase" "$N$T"
                ;;
-               eap|eap192|eap-eap192)
+               eap|eap2|eap192|eap-eap192)
                        hostapd_append_wpa_key_mgmt
                        key_mgmt="$wpa_key_mgmt"