luci-app-travelmate: enhance wireless security connection settings

* fix wpa enterprise options
* add various wpa / wep options

Signed-off-by: Dirk Brenken <dev@brenken.org>

applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_add.lua

@@ -5,7 +5,6 @@ local fs       = require("nixio.fs")
 local uci      = require("luci.model.uci").cursor()
 local http     = require("luci.http")
 local trmiface = uci.get("travelmate", "global", "trm_iface") or "trm_wwan"
-local val      = ""
 
 m = SimpleForm("add", translate("Add Wireless Uplink Configuration"))
 m.submit = translate("Save")
@@ -38,35 +37,88 @@ bssid.datatype = "macaddr"
 bssid.default = m.hidden.bssid or ""
 
 if (tonumber(m.hidden.wep) or 0) == 1 then
-	wkey = m:field(Value, "key", translate("WEP passphrase"),
+	encr = m:field(ListValue, "encryption", translate("Encryption"))
-		translate("Specify the secret encryption key here."))
+	encr:value("wep", "WEP")
+	encr:value("wep+open", "WEP Open System")
+	encr:value("wep+mixed", "WEP mixed")
+	encr:value("wep+shared", "WEP Shared Key")
+	encr.default = "wep+open"
+
+	wkey = m:field(Value, "key", translate("WEP-Passphrase"))
 	wkey.password = true
 	wkey.datatype = "wepkey"
 elseif (tonumber(m.hidden.wpa_version) or 0) > 0 then
 	if m.hidden.wpa_suites == "PSK" or m.hidden.wpa_suites == "PSK2" then
-		wkey = m:field(Value, "key", translate("WPA passphrase"),
+		encr = m:field(ListValue, "encryption", translate("Encryption"))
-			translate("Specify the secret encryption key here."))
+		encr:value("psk", "WPA PSK")
+		encr:value("psk-mixed", "WPA/WPA2 mixed")
+		encr:value("psk2", "WPA2 PSK")
+		encr.default = "psk2"
+
+		ciph = m:field(ListValue, "cipher", translate("Cipher"))
+		ciph:value("auto", translate("Automatic"))
+		ciph:value("ccmp", translate("Force CCMP (AES)"))
+		ciph:value("tkip", translate("Force TKIP"))
+		ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
+		ciph.default = "auto"
+
+		wkey = m:field(Value, "key", translate("WPA-Passphrase"))
 		wkey.password = true
 		wkey.datatype = "wpakey"
 	elseif m.hidden.wpa_suites == "802.1X" then
+		encr = m:field(ListValue, "encryption", translate("Encryption"))
+		encr:value("wpa", "WPA Enterprise")
+		encr:value("wpa-mixed", "WPA/WPA2 Enterprise mixed")
+		encr:value("wpa2", "WPA2 Enterprise")
+		encr.default = "wpa2"
+
+		ciph = m:field(ListValue, "cipher", translate("Cipher"))
+		ciph:value("auto", translate("Automatic"))
+		ciph:value("ccmp", translate("Force CCMP (AES)"))
+		ciph:value("tkip", translate("Force TKIP"))
+		ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
+		ciph.default = "auto"
+
 		eaptype = m:field(ListValue, "eap_type", translate("EAP-Method"))
-		eaptype:value("TLS")
+		eaptype:value("tls", "TLS")
-		eaptype:value("TTLS")
+		eaptype:value("ttls", "TTLS")
-		eaptype:value("PEAP")
+		eaptype:value("peap", "PEAP")
-		eaptype.default = "PEAP"
+		eaptype:value("fast", "FAST")
+		eaptype.default = "peap"
 
 		authentication = m:field(ListValue, "auth", translate("Authentication"))
 		authentication:value("PAP")
 		authentication:value("CHAP")
 		authentication:value("MSCHAP")
 		authentication:value("MSCHAPV2")
-		authentication.default = "MSCHAPV2"
+		authentication:value("EAP-GTC")
+		authentication:value("EAP-MD5")
+		authentication:value("EAP-MSCHAPV2")
+		authentication:value("EAP-TLS")
+		authentication.default = "EAP-MSCHAPV2"
 
 		ident = m:field(Value, "identity", translate("Identity"))
 
-		pass = m:field(Value, "password", translate("Password"))
+		wkey = m:field(Value, "password", translate("Password"))
-		pass.datatype = "wpakey"
+		wkey.password = true
-		pass.password = true
+		wkey.datatype = "wpakey"
+
+		cacert = m:field(Value, "ca_cert", translate("Path to CA-Certificate"))
+		cacert.rmempty = true
+
+		clientcert = m:field(Value, "client_cert", translate("Path to Client-Certificate"))
+		clientcert:depends("eap_type","tls")
+		clientcert.rmempty = true
+
+		privkey = m:field(Value, "priv_key", translate("Path to Private Key"))
+		privkey:depends("eap_type","tls")
+		privkey.rmempty = true
+
+		privkeypwd = m:field(Value, "priv_key_pwd", translate("Password of Private Key"))
+		privkeypwd:depends("eap_type","tls")
+		privkeypwd.datatype = "wpakey"
+		privkeypwd.password = true
+		privkeypwd.rmempty = true
 	end
 end
 
@@ -79,34 +131,32 @@ function wssid.write(self, section, value)
 		bssid    = bssid:formvalue(section),
 		disabled = "1"
 	})
-	if wkey ~= nil then
+	
-		val = wkey:formvalue(section)
-		if val == "" then
-			val = "changeme"
-		end
-	end
 	if (tonumber(m.hidden.wep) or 0) == 1 then
-		uci:set("wireless", newsection, "encryption", "wep-open")
+		uci:set("wireless", newsection, "encryption", encr:formvalue(section))
-		uci:set("wireless", newsection, "key", "1")
+		uci:set("wireless", newsection, "key", wkey:formvalue(section) or "")
-		uci:set("wireless", newsection, "key1", val)
 	elseif (tonumber(m.hidden.wpa_version) or 0) > 0 then
 		if m.hidden.wpa_suites == "PSK" or m.hidden.wpa_suites == "PSK2" then
-			uci:set("wireless", newsection, "encryption", "psk2")
+			if ciph:formvalue(section) ~= "auto" then
-			uci:set("wireless", newsection, "key", val)
+				uci:set("wireless", newsection, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section))
+			else
+				uci:set("wireless", newsection, "encryption", encr:formvalue(section))
+			end
+			uci:set("wireless", newsection, "key", wkey:formvalue(section) or "")
 		elseif m.hidden.wpa_suites == "802.1X" then
-			uci:set("wireless", newsection, "encryption", "wpa2")
+			if ciph:formvalue(section) ~= "auto" then
+				uci:set("wireless", newsection, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section))
+			else
+				uci:set("wireless", newsection, "encryption", encr:formvalue(section))
+			end
 			uci:set("wireless", newsection, "eap_type", eaptype:formvalue(section))
 			uci:set("wireless", newsection, "auth", authentication:formvalue(section))
-			val = ident:formvalue(section)
+			uci:set("wireless", newsection, "identity", ident:formvalue(section) or "")
-			if val == "" then
+			uci:set("wireless", newsection, "password", wkey:formvalue(section) or "")
-				val = "changeme"
+			uci:set("wireless", newsection, "ca_cert", cacert:formvalue(section) or "")
-			end
+			uci:set("wireless", newsection, "client_cert", clientcert:formvalue(section) or "")
-			uci:set("wireless", newsection, "identity", val)
+			uci:set("wireless", newsection, "priv_key", privkey:formvalue(section) or "")
-			val = pass:formvalue(section)
+			uci:set("wireless", newsection, "priv_key_pwd", privkeypwd:formvalue(section) or "")
-			if val == "" then
-				val = "changeme"
-			end
-			uci:set("wireless", newsection, "password", val)
 		end
 	else
 		uci:set("wireless", newsection, "encryption", "none")

applications/luci-app-travelmate/luasrc/model/cbi/travelmate/wifi_edit.lua

@@ -4,7 +4,6 @@
 local fs   = require("nixio.fs")
 local uci  = require("luci.model.uci").cursor()
 local http = require("luci.http")
-local val  = ""
 
 m = SimpleForm("edit", translate("Edit Wireless Uplink Configuration"))
 m.submit = translate("Save")
@@ -27,23 +26,103 @@ if s ~= nil then
 	bssid = m:field(Value, "bssid", translate("BSSID"))
 	bssid.datatype = "macaddr"
 	bssid.default = s.bssid
-	if s.identity then
+
-		ident = m:field(Value, "identity", translate("Identity"))
+	if string.match(s.encryption, '\+') and not string.match(s.encryption, '^wep') then
-		ident.default = s.identity
+		s.pos = string.find(s.encryption, '\+')
+		s.cipher = string.sub(s.encryption, s.pos + 1)
+		s.encryption = string.sub(s.encryption, 0, s.pos - 1)
+	else
+		s.cipher = "auto"
 	end
-	if s.encryption and s.key then
+
-		wkey = m:field(Value, "key", translatef("Passphrase (%s)", s.encryption))
+	if s.encryption and s.encryption ~= "none" then
-	elseif s.encryption and s.password then
+		if string.match(s.encryption, '^wep') then
-		wkey = m:field(Value, "password", translatef("Passphrase (%s)", s.encryption))
+			encr = m:field(ListValue, "encryption", translate("Encryption"))
-	end
+			encr:value("wep", "WEP")
-	if s.encryption and (s.key or s.password) then
+			encr:value("wep+open", "WEP Open System")
+			encr:value("wep+mixed", "WEP mixed")
+			encr:value("wep+shared", "WEP Shared Key")
+			encr.default = s.encryption
+
+			wkey = m:field(Value, "key", translate("Passphrase"))
+			wkey.datatype = "wepkey"
+		elseif string.match(s.encryption, '^psk') then
+			encr = m:field(ListValue, "encryption", translate("Encryption"))
+			encr:value("psk", "WPA PSK")
+			encr:value("psk-mixed", "WPA/WPA2 mixed")
+			encr:value("psk2", "WPA2 PSK")
+			encr.default = s.encryption
+
+			ciph = m:field(ListValue, "cipher", translate("Cipher"))
+			ciph:value("auto", translate("Automatic"))
+			ciph:value("ccmp", translate("Force CCMP (AES)"))
+			ciph:value("tkip", translate("Force TKIP"))
+			ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
+			ciph.default = s.cipher
+
+			wkey = m:field(Value, "key", translate("Passphrase"))
+			wkey.datatype = "wpakey"
+		elseif string.match(s.encryption, '^wpa') then
+			encr = m:field(ListValue, "encryption", translate("Encryption"))
+			encr:value("wpa", "WPA Enterprise")
+			encr:value("wpa-mixed", "WPA/WPA2 Enterprise mixed")
+			encr:value("wpa2", "WPA2 Enterprise")
+			encr.default = s.encryption
+
+			ciph = m:field(ListValue, "cipher", translate("Cipher"))
+			ciph:value("auto", translate("Automatic"))
+			ciph:value("ccmp", translate("Force CCMP (AES)"))
+			ciph:value("tkip", translate("Force TKIP"))
+			ciph:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
+			ciph.default = s.cipher
+
+			eaptype = m:field(ListValue, "eap_type", translate("EAP-Method"))
+			eaptype:value("tls", "TLS")
+			eaptype:value("ttls", "TTLS")
+			eaptype:value("peap", "PEAP")
+			eaptype:value("fast", "FAST")
+			eaptype.default = s.eap_type or "peap"
+
+			authentication = m:field(ListValue, "auth", translate("Authentication"))
+			authentication:value("PAP")
+			authentication:value("CHAP")
+			authentication:value("MSCHAP")
+			authentication:value("MSCHAPV2")
+			authentication:value("EAP-GTC")
+			authentication:value("EAP-MD5")
+			authentication:value("EAP-MSCHAPV2")
+			authentication:value("EAP-TLS")
+			authentication.default = s.auth or "EAP-MSCHAPV2"
+
+			ident = m:field(Value, "identity", translate("Identity"))
+			ident.default = s.identity or ""
+
+			wkey = m:field(Value, "password", translate("Passphrase"))
+			wkey.datatype = "wpakey"
+
+			cacert = m:field(Value, "ca_cert", translate("Path to CA-Certificate"))
+			cacert.rmempty = true
+			cacert.default = s.ca_cert or ""
+			
+			clientcert = m:field(Value, "client_cert", translate("Path to Client-Certificate"))
+			clientcert:depends("eap_type","tls")
+			clientcert.rmempty = true
+			clientcert.default = s.client_cert or ""
+
+			privkey = m:field(Value, "priv_key", translate("Path to Private Key"))
+			privkey:depends("eap_type","tls")
+			privkey.rmempty = true
+			privkey.default = s.priv_key or ""
+
+			privkeypwd = m:field(Value, "priv_key_pwd", translate("Password of Private Key"))
+			privkeypwd:depends("eap_type","tls")
+			privkeypwd.datatype = "wpakey"
+			privkeypwd.password = true
+			privkeypwd.rmempty = true
+			privkeypwd.default = s.priv_key_pwd or ""
+		end
 		wkey.password = true
 		wkey.default = s.key or s.password
-		if s.encryption == "wep" then
-			wkey.datatype = "wepkey"
-		else
-			wkey.datatype = "wpakey"
-		end
 	end
 else
 	m.on_cancel()
@@ -52,23 +131,31 @@ end
 function wssid.write(self, section, value)
 	uci:set("wireless", m.hidden.cfg, "ssid", wssid:formvalue(section))
 	uci:set("wireless", m.hidden.cfg, "bssid", bssid:formvalue(section))
-	if s.identity then
-		val = ident:formvalue(section)
-		if val == "" then
-			val = "changeme"
-		end
-		uci:set("wireless", m.hidden.cfg, "identity", val)
-	end
-
 	if s.encryption and s.encryption ~= "none" then
-		val = wkey:formvalue(section)
+		if string.match(s.encryption, '^wep') then
-		if val == "" then
+			uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section))
-			val = "changeme"
+			uci:set("wireless", m.hidden.cfg, "key", wkey:formvalue(section) or "")
-		end
+		elseif string.match(s.encryption, '^psk') then
-		if s.key then
+			if ciph:formvalue(section) ~= "auto" then
-			uci:set("wireless", m.hidden.cfg, "key", val)
+				uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section))
-		elseif s.password then
+			else
-			uci:set("wireless", m.hidden.cfg, "password", val)
+				uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section))
+			end
+			uci:set("wireless", m.hidden.cfg, "key", wkey:formvalue(section) or "")
+		elseif string.match(s.encryption, '^wpa') then
+			if ciph:formvalue(section) ~= "auto" then
+				uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section) .. "+" .. ciph:formvalue(section))
+			else
+				uci:set("wireless", m.hidden.cfg, "encryption", encr:formvalue(section))
+			end
+			uci:set("wireless", m.hidden.cfg, "eap_type", eaptype:formvalue(section))
+			uci:set("wireless", m.hidden.cfg, "auth", authentication:formvalue(section))
+			uci:set("wireless", m.hidden.cfg, "identity", ident:formvalue(section) or "")
+			uci:set("wireless", m.hidden.cfg, "password", wkey:formvalue(section) or "")
+			uci:set("wireless", m.hidden.cfg, "ca_cert", cacert:formvalue(section) or "")
+			uci:set("wireless", m.hidden.cfg, "client_cert", clientcert:formvalue(section) or "")
+			uci:set("wireless", m.hidden.cfg, "priv_key", privkey:formvalue(section) or "")
+			uci:set("wireless", m.hidden.cfg, "priv_key_pwd", privkeypwd:formvalue(section) or "")
 		end
 	end
 	uci:save("wireless")

applications/luci-app-travelmate/luasrc/view/travelmate/wifi_scan.htm

@@ -17,7 +17,7 @@ This is free software, licensed under the Apache License, Version 2.0
         if info.wep == true then
             return translate("WEP")
         elseif info.wpa > 0 then
-            return translate("WPA/WPA2 - " .. table.concat(info.auth_suites))
+            return translatef("%s (%s/%s)", (info.wpa == 3) and translate("WPA/WPA2") or (info.wpa == 2 and "WPA2" or "WPA"), table.concat(info.auth_suites), table.concat(info.group_ciphers))
         elseif info.enabled then
             return translate("Unknown")
         else
@@ -70,9 +70,9 @@ This is free software, licensed under the Apache License, Version 2.0
                         <input type="hidden" name="bssid" value="<%=utl.pcdata(net.bssid)%>"/>
                         <input type="hidden" name="wep" value="<%=net.encryption.wep and 1 or 0%>"/>
                         <% if net.encryption.wpa then %>
-                        <input type="hidden" name="wpa_version" value="<%=net.encryption.wpa%>"/>
+                            <input type="hidden" name="wpa_version" value="<%=net.encryption.wpa%>"/>
-                        <% for _, v in ipairs(net.encryption.auth_suites) do %><input type="hidden" name="wpa_suites" value="<%=v%>"/>
+                            <% for _, v in ipairs(net.encryption.auth_suites) do %><input type="hidden" name="wpa_suites" value="<%=v%>"/><% end %>
-                        <% end; end %>
+                        <% end %>
                         <input class="cbi-button cbi-button-apply" type="submit" value="<%:Add Uplink%>"/>
                     </form>
                 </td>