From 6798f156f910b227abf21b683ab3723663a9de02 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 31 Aug 2023 11:16:42 +0200 Subject: [PATCH] hostapd: support eap-eap2 and eap2 auth_type values WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256 WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP. Signed-off-by: Felix Fietkau (cherry picked from commit b63df6ce5d0639e6106967fd445c96518da52afb) --- .../network/services/hostapd/files/hostapd.sh | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 36aa6273b6..830752cd87 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -52,12 +52,20 @@ hostapd_append_wpa_key_mgmt() { ;; eap-eap192) append wpa_key_mgmt "WPA-EAP-SUITE-B-192" - append wpa_key_mgmt "WPA-EAP" + append wpa_key_mgmt "WPA-EAP-SHA256" [ "${ieee80211r:-0}" -gt 0 ] && { append wpa_key_mgmt "FT-EAP-SHA384" append wpa_key_mgmt "FT-EAP" } - [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256" + ;; + eap-eap2) + append wpa_key_mgmt "WPA-EAP" + append wpa_key_mgmt "WPA-EAP-SHA256" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP" + ;; + eap2) + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP" + append wpa_key_mgmt "WPA-EAP-SHA256" ;; sae) append wpa_key_mgmt "SAE" @@ -642,12 +650,12 @@ hostapd_set_bss_options() { [ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N" case "$auth_type" in - sae|owe|eap192|eap-eap192) + sae|owe|eap2|eap192|eap-eap192) set_default ieee80211w 2 set_default sae_require_mfp 1 set_default sae_pwe 2 ;; - psk-sae) + psk-sae|eap-eap2) set_default ieee80211w 1 set_default sae_require_mfp 1 set_default sae_pwe 2 @@ -698,7 +706,7 @@ hostapd_set_bss_options() { vlan_possible=1 wps_possible=1 ;; - eap|eap192|eap-eap192) + eap|eap2|eap-eap2|eap192|eap-eap192) json_get_vars \ auth_server auth_secret auth_port \ dae_client dae_secret dae_port \ @@ -1305,7 +1313,7 @@ wpa_supplicant_add_network() { default_disabled case "$auth_type" in - sae|owe|eap192|eap-eap192) + sae|owe|eap2|eap192|eap-eap192) set_default ieee80211w 2 ;; psk-sae) @@ -1388,7 +1396,7 @@ wpa_supplicant_add_network() { fi append network_data "$passphrase" "$N$T" ;; - eap|eap192|eap-eap192) + eap|eap2|eap192|eap-eap192) hostapd_append_wpa_key_mgmt key_mgmt="$wpa_key_mgmt" -- 2.30.2