netifd: Add WPA3 Enterprise modes

Add configuration options for: - WPA3 Enterprise Only mode - WPA3 Enterprise Transition mode Fixes: WIFI-1940 Signed-off-by: Arif Alam <arif.alam@netexperience.com>
2025-11-02 11:27:48 +00:00 · 2021-04-28 19:47:43 -04:00
parent 5613bbb6f3
commit b0a660ba31
4 changed files with 64 additions and 7 deletions
--- a/feeds/wifi-ax/hostapd/files/hostapd.sh
+++ b/feeds/wifi-ax/hostapd/files/hostapd.sh
@@ -47,6 +47,15 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
 		eap-only)
 			append wpa_key_mgmt "WPA-EAP-SHA256"
 			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
 		;;
 		eap-transition)
 			append wpa_key_mgmt "WPA-EAP"
 			append wpa_key_mgmt "WPA-EAP-SHA256"
 			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
 		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
@@ -564,11 +573,11 @@ hostapd_set_bss_options() {
 	}
 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192)
+		sae|owe|eap192|eap-eap192|eap-only)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 		;;
-		psk-sae)
+		psk-sae|eap-transition)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 		;;
@@ -610,7 +619,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192)
+		eap|eap192|eap-eap192|eap-only|eap-transition)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
--- a/feeds/wifi-trunk/hostapd/files/hostapd.sh
+++ b/feeds/wifi-trunk/hostapd/files/hostapd.sh
@@ -47,6 +47,15 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
 			[ "${ieee80211ai:-0}" -gt 0 ] && append wpa_key_mgmt "FILS-SHA256"
 		;;
 		eap-only)
 			append wpa_key_mgmt "WPA-EAP-SHA256"
 			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
 		;;
 		eap-transition)
 			append wpa_key_mgmt "WPA-EAP"
 			append wpa_key_mgmt "WPA-EAP-SHA256"
 			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
 		;;
 		eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
 			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
@@ -539,11 +548,11 @@ hostapd_set_bss_options() {
 	}
 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192)
+		sae|owe|eap192|eap-eap192|eap-only)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 		;;
-		psk-sae)
+		psk-sae|eap-transition)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 		;;
@@ -585,7 +594,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192)
+		eap|eap192|eap-eap192|eap-only|eap-transition)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
--- a/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c
+++ b/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c
@@ -317,7 +317,7 @@ static struct vif_crypto {
 	{ "wpa-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
 	{ "sae", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_WPA3, 0 },
 	{ "sae-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_MIXED, 0 },
-	{ "wpa3", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 },
+	{ "wpa3-only", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 },
 	{ "wpa3-mixed", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_MIXED, 1 },
 };
--- a/patches/0052-netifd-Add-WPA3-Enterprise-modes.patch
+++ b/patches/0052-netifd-Add-WPA3-Enterprise-modes.patch
@@ -0,0 +1,39 @@
 From dc2e1e24e5a69face7d154fea6d3ecbee6c90e45 Mon Sep 17 00:00:00 2001
 From: Arif Alam <arif.alam@netexperience.com>
 Date: Wed, 28 Apr 2021 19:29:23 -0400
 Subject: [PATCH] netifd: Add WPA3 Enterprise modes
 Add configuration options for:
 - WPA3 Enterprise Only mode
 - WPA3 Enterprise Transition mode
 Signed-off-by: Arif Alam <arif.alam@netexperience.com>
 ---
 .../patches/0105-add-wpa3-enterprise-modes.patch  | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
 diff --git a/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch b/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
 new file mode 100644
 index 0000000000..9018365807
 --- /dev/null
 +++ b/package/network/config/netifd/patches/0105-add-wpa3-enterprise-modes.patch
@@ -0,0 +1,15 @@
 +--- a/scripts/netifd-wireless.sh
 ++++ b/scripts/netifd-wireless.sh
 +@@ -244,8 +244,11 @@ wireless_vif_parse_encryption() {
 + 		owe*)
 + 			auth_type=owe
 + 		;;
 ++		wpa3-only*)
 ++			auth_type=eap-only
 ++		;;
 + 		wpa3-mixed*)
 +-			auth_type=eap-eap192
 ++			auth_type=eap-transition
 + 		;;
 + 		wpa3*)
 + 			auth_type=eap192
 -- 
 2.25.1