diff options
| author | Felix Fietkau <nbd@nbd.name> | 2023-08-31 11:16:42 +0200 |
|---|---|---|
| committer | Felix Fietkau <nbd@nbd.name> | 2023-09-18 16:52:25 +0200 |
| commit | 6798f156f910b227abf21b683ab3723663a9de02 (patch) | |
| tree | 26fd278dd9669e4cfff7b0c20d0d70ddb4928501 | |
| parent | 98d0ee9dbf7a578093b5e97363e5a07dd28ea99a (diff) | |
| download | upstream-6798f156f910b227abf21b683ab3723663a9de02.tar.gz upstream-6798f156f910b227abf21b683ab3723663a9de02.tar.bz2 upstream-6798f156f910b227abf21b683ab3723663a9de02.zip | |
hostapd: support eap-eap2 and eap2 auth_type values
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b63df6ce5d0639e6106967fd445c96518da52afb)
| -rw-r--r-- | package/network/services/hostapd/files/hostapd.sh | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 36aa6273b6..830752cd87 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -52,12 +52,20 @@ hostapd_append_wpa_key_mgmt() { ;; eap-eap192) append wpa_key_mgmt "WPA-EAP-SUITE-B-192" - append wpa_key_mgmt "WPA-EAP" + append wpa_key_mgmt "WPA-EAP-SHA256" [ "${ieee80211r:-0}" -gt 0 ] && { append wpa_key_mgmt "FT-EAP-SHA384" append wpa_key_mgmt "FT-EAP" } - [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256" + ;; + eap-eap2) + append wpa_key_mgmt "WPA-EAP" + append wpa_key_mgmt "WPA-EAP-SHA256" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP" + ;; + eap2) + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP" + append wpa_key_mgmt "WPA-EAP-SHA256" ;; sae) append wpa_key_mgmt "SAE" @@ -642,12 +650,12 @@ hostapd_set_bss_options() { [ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N" case "$auth_type" in - sae|owe|eap192|eap-eap192) + sae|owe|eap2|eap192|eap-eap192) set_default ieee80211w 2 set_default sae_require_mfp 1 set_default sae_pwe 2 ;; - psk-sae) + psk-sae|eap-eap2) set_default ieee80211w 1 set_default sae_require_mfp 1 set_default sae_pwe 2 @@ -698,7 +706,7 @@ hostapd_set_bss_options() { vlan_possible=1 wps_possible=1 ;; - eap|eap192|eap-eap192) + eap|eap2|eap-eap2|eap192|eap-eap192) json_get_vars \ auth_server auth_secret auth_port \ dae_client dae_secret dae_port \ @@ -1305,7 +1313,7 @@ wpa_supplicant_add_network() { default_disabled case "$auth_type" in - sae|owe|eap192|eap-eap192) + sae|owe|eap2|eap192|eap-eap192) set_default ieee80211w 2 ;; psk-sae) @@ -1388,7 +1396,7 @@ wpa_supplicant_add_network() { fi append network_data "$passphrase" "$N$T" ;; - eap|eap192|eap-eap192) + eap|eap2|eap192|eap-eap192) hostapd_append_wpa_key_mgmt key_mgmt="$wpa_key_mgmt" |