hostapd: support eap-eap2 and eap2 auth_type values

WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 3033ef79ca97b2da3dfa38ec783cc8593eac6aa1..2128290aee0915ba7f4291c19fc5a6770840e126 100644 (file)
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -52,12 +52,20 @@ hostapd_append_wpa_key_mgmt() {
                ;;
                eap-eap192)
                        append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
-                       append wpa_key_mgmt "WPA-EAP"
+                       append wpa_key_mgmt "WPA-EAP-SHA256"
                        [ "${ieee80211r:-0}" -gt 0 ] && {
                                append wpa_key_mgmt "FT-EAP-SHA384"
                                append wpa_key_mgmt "FT-EAP"
                        }
-                       [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
+               ;;
+               eap-eap2)
+                       append wpa_key_mgmt "WPA-EAP"
+                       append wpa_key_mgmt "WPA-EAP-SHA256"
+                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+               ;;
+               eap2)
+                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+                       append wpa_key_mgmt "WPA-EAP-SHA256"
                ;;
                sae)
                        append wpa_key_mgmt "SAE"
@@ -643,12 +651,12 @@ hostapd_set_bss_options() {
        [ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N"
 
        case "$auth_type" in
-               sae|owe|eap192|eap-eap192)
+               sae|owe|eap2|eap192|eap-eap192)
                        set_default ieee80211w 2
                        set_default sae_require_mfp 1
                        set_default sae_pwe 2
                ;;
-               psk-sae)
+               psk-sae|eap-eap2)
                        set_default ieee80211w 1
                        set_default sae_require_mfp 1
                        set_default sae_pwe 2
@@ -699,7 +707,7 @@ hostapd_set_bss_options() {
                        vlan_possible=1
                        wps_possible=1
                ;;
-               eap|eap192|eap-eap192)
+               eap|eap2|eap-eap2|eap192|eap-eap192)
                        json_get_vars \
                                auth_server auth_secret auth_port \
                                dae_client dae_secret dae_port \
@@ -1306,7 +1314,7 @@ wpa_supplicant_add_network() {
                default_disabled
 
        case "$auth_type" in
-               sae|owe|eap192|eap-eap192)
+               sae|owe|eap2|eap192|eap-eap192)
                        set_default ieee80211w 2
                ;;
                psk-sae)
@@ -1389,7 +1397,7 @@ wpa_supplicant_add_network() {
                        fi
                        append network_data "$passphrase" "$N$T"
                ;;
-               eap|eap192|eap-eap192)
+               eap|eap2|eap192|eap-eap192)
                        hostapd_append_wpa_key_mgmt
                        key_mgmt="$wpa_key_mgmt"