Difuse/difos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wifi-scripts: enable GCMP-256 by default on WPA3/OWE configurations with HE or EHT

Browse source 
GCMP-256 support is mandatory with EHT, but HE hardware can already be expected
to support it.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2025-06-11 11:28:12 +02:00
parent a17c3be409
commit 254dd7d7d9
3 changed files with 68 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
View file

@ -437,7 +437,7 @@ export function generate(interface, data, config, vlans, stas, phy_features) {
iface_setup(config);
iface.parse_encryption(config);
iface.parse_encryption(config, data.config);
if (data.config.band == '6g') {
if (config.auth_type == 'psk-sae')
config.auth_type = 'sae';

106
package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc
View file

@ -3,10 +3,67 @@
import { append_value, log } from 'wifi.common';
import * as fs from 'fs';
export function parse_encryption(config) {
export function parse_encryption(config, dev_config) {
let encryption = split(config.encryption, '+', 2);
config.wpa = 0;
for (let k, v in { 'wpa2*': 2, 'wpa3*': 2, '*psk2*': 2, 'psk3*': 2, 'sae*': 2,
'owe*': 2, 'wpa*mixed*': 3, '*psk*mixed*': 3, 'wpa*': 1, '*psk*': 1, })
if (wildcard(config.encryption, k)) {
config.wpa = v;
break;
}
if (!config.wpa)
config.wpa_pairwise = null;
config.wpa_pairwise = (config.hw_mode == 'ad') ? 'GCMP' : 'CCMP';
config.auth_type = encryption[0] ?? 'none';
let wpa3_pairwise = config.wpa_pairwise;
if (wildcard(dev_config?.htmode, 'EHT*') || wildcard(dev_config?.htmode, 'HE*'))
wpa3_pairwise = 'GCMP-256 ' + wpa3_pairwise;
switch(config.auth_type) {
case 'owe':
config.auth_type = 'owe';
config.wpa_pairwise = wpa3_pairwise;
break;
case 'wpa3-192':
config.auth_type = 'eap192';
break;
case 'wpa3-mixed':
config.auth_type = 'eap-eap2';
config.wpa_pairwise = wpa3_pairwise;
break;
case 'wpa3':
config.auth_type = 'eap2';
config.wpa_pairwise = wpa3_pairwise;
break;
case 'psk-mixed':
config.auth_type = "psk";
break;
case 'psk3':
config.auth_type = 'sae';
config.wpa_pairwise = wpa3_pairwise;
break;
case 'psk3-mixed':
case 'sae-mixed':
config.auth_type = 'psk-sae';
config.wpa_pairwise = wpa3_pairwise;
break;
case 'wpa':
case 'wpa2':
case 'wpa-mixed':
config.auth_type = 'eap';
break;
}
switch(encryption[1]){
case 'tkip+aes':
@ -43,53 +100,6 @@ export function parse_encryption(config) {
break;
}
config.wpa = 0;
for (let k, v in { 'wpa2*': 2, 'wpa3*': 2, '*psk2*': 2, 'psk3*': 2, 'sae*': 2,
'owe*': 2, 'wpa*mixed*': 3, '*psk*mixed*': 3, 'wpa*': 1, '*psk*': 1, })
if (wildcard(config.encryption, k)) {
config.wpa = v;
break;
}
if (!config.wpa)
config.wpa_pairwise = null;
config.auth_type = encryption[0] ?? 'none';
switch(config.auth_type) {
case 'owe':
config.auth_type = 'owe';
break;
case 'wpa3-192':
config.auth_type = 'eap192';
break;
case 'wpa3-mixed':
config.auth_type = 'eap-eap2';
break;
case 'wpa3':
config.auth_type = 'eap2';
break;
case 'psk-mixed':
config.auth_type = "psk";
break;
case 'psk3':
config.auth_type = 'sae';
break;
case 'psk3-mixed':
case 'sae-mixed':
config.auth_type = 'psk-sae';
break;
case 'wpa':
case 'wpa2':
case 'wpa-mixed':
config.auth_type = 'eap';
break;
}
};
export function wpa_key_mgmt(config) {

11
package/network/config/wifi-scripts/files/lib/netifd/netifd-wireless.sh
View file

@ -39,11 +39,10 @@ prepare_key_wep() {
}
_wdev_prepare_channel() {
json_get_vars channel band hwmode
json_get_vars channel band hwmode htmode
auto_channel=0
enable_ht=0
htmode=
hwmode="${hwmode##11}"
case "$channel" in
@ -80,6 +79,11 @@ _wdev_prepare_channel() {
esac
;;
esac
case "$htmode" in
HE*|EHT*) wpa3_cipher="GCMP-256 ";;
*) wpa3_cipher="";;
esac
}
_wdev_handler() {
@ -216,6 +220,9 @@ wireless_vif_parse_encryption() {
wpa_cipher="GCMP"
else
wpa_cipher="CCMP"
case "$encryption" in
sae*|wpa3*|psk3*|owe) wpa_cipher="${wpa3_cipher}$wpa_cipher";;
esac
fi
case "$encryption" in