netifd: Add WPA3 Enterprise modes

Add configuration options for: - WPA3 Enterprise Only mode - WPA3 Enterprise Transition mode Fixes: WIFI-1940 Signed-off-by: Arif Alam <arif.alam@netexperience.com>
2025-10-30 01:52:51 +00:00 · 2021-04-28 19:47:43 -04:00
parent 5613bbb6f3
commit b0a660ba31
4 changed files with 64 additions and 7 deletions
--- a/feeds/wifi-ax/hostapd/files/hostapd.sh
+++ b/feeds/wifi-ax/hostapd/files/hostapd.sh
@@ -47,6 +47,15 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
+		eap-only)
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
+		eap-transition)
+			append wpa_key_mgmt "WPA-EAP"
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
@@ -564,11 +573,11 @@ hostapd_set_bss_options() {
 	}

 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192)
+		sae|owe|eap192|eap-eap192|eap-only)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 		;;
-		psk-sae)
+		psk-sae|eap-transition)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 		;;
@@ -610,7 +619,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192)
+		eap|eap192|eap-eap192|eap-only|eap-transition)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
--- a/feeds/wifi-trunk/hostapd/files/hostapd.sh
+++ b/feeds/wifi-trunk/hostapd/files/hostapd.sh
@@ -47,6 +47,15 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
+		eap-only)
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
+		eap-transition)
+			append wpa_key_mgmt "WPA-EAP"
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
@@ -539,11 +548,11 @@ hostapd_set_bss_options() {
 	}

 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192)
+		sae|owe|eap192|eap-eap192|eap-only)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 		;;
-		psk-sae)
+		psk-sae|eap-transition)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 		;;
@@ -585,7 +594,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192)
+		eap|eap192|eap-eap192|eap-only|eap-transition)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
--- a/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c
+++ b/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c
@@ -317,7 +317,7 @@ static struct vif_crypto {
 	{ "wpa-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
 	{ "sae", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_WPA3, 0 },
 	{ "sae-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_MIXED, 0 },
-	{ "wpa3", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 },
+	{ "wpa3-only", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 },
 	{ "wpa3-mixed", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
 };

--- a/patches/0052-netifd-Add-WPA3-Enterprise-modes.patch
+++ b/patches/0052-netifd-Add-WPA3-Enterprise-modes.patch
@@ -0,0 +1,39 @@
+From dc2e1e24e5a69face7d154fea6d3ecbee6c90e45 Mon Sep 17 00:00:00 2001
+From: Arif Alam <arif.alam@netexperience.com>
+Date: Wed, 28 Apr 2021 19:29:23 -0400
+Subject: [PATCH] netifd: Add WPA3 Enterprise modes
+
+Add configuration options for:
+- WPA3 Enterprise Only mode
+- WPA3 Enterprise Transition mode
+
+Signed-off-by: Arif Alam <arif.alam@netexperience.com>
+---
+ .../patches/0105-add-wpa3-enterprise-modes.patch  | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+ create mode 100644 package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
+
+diff --git a/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch b/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
+new file mode 100644
+index 0000000000..9018365807
+--- /dev/null
+++ b/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
+@@ -0,0 +1,15 @@
+--- a/scripts/netifd-wireless.sh
++++ b/scripts/netifd-wireless.sh
+@@ -244,8 +244,11 @@ wireless_vif_parse_encryption() {
+ 		owe*)
+ 			auth_type=owe
+ 		;;
++		wpa3-only*)
++			auth_type=eap-only
++		;;
+ 		wpa3-mixed*)
+-			auth_type=eap-eap192
++			auth_type=eap-transition
+ 		;;
+ 		wpa3*)
+ 			auth_type=eap192
+-- 
+2.25.1
+