[feature] OpenWrt: Added support for WPA3/WPA2 Enterprise Mixed #194

This patch is tested on these.
- RADIUS authentication server: FreeRadius 3.0.25
- OpenWrt: latest (4b587f25614f3f7215360f96807ce760fa4ef3aa)
- hardware: TP-Link Archer C6 v2

Related to #194

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>

Author: masap

netjsonconfig/backends/openwrt/converters/wireless.py

@@ -100,6 +100,7 @@ def __intermediate_encryption(self, wireless):
             'wpa2_enterprise': 'wpa2',
             'wpa3_enterprise': 'wpa3',
             'wpa_enterprise_mixed': 'wpa-mixed',
+            'wpa2_enterprise_mixed': 'wpa3-mixed',
             'wps': 'psk',
         }
         # if encryption disabled return empty dict
@@ -128,6 +129,7 @@ def __intermediate_encryption(self, wireless):
             protocol == 'wpa3_personal'
             or protocol == 'wpa3_enterprise'
             or protocol == 'wpa2_personal_mixed'
+            or protocol == 'wpa2_enterprise_mixed'
         ):
             cipher = 'ccmp'
         if cipher and protocol.startswith('wpa') and cipher != 'auto':
@@ -270,6 +272,7 @@ def __netjson_encryption(self, wifi):
                 'wpa2': 'wpa2_enterprise',
                 'wpa3': 'wpa3_enterprise',
                 'wpa-mixed': 'wpa_enterprise_mixed',
+                'wpa3-mixed': 'wpa2_enterprise_mixed',
             }
             settings['protocol'] = protocol_mapping[protocol]
             settings['cipher'] = cipher

netjsonconfig/schema.py

@@ -361,6 +361,7 @@
                         {"$ref": "#/definitions/encryption_wpa3_personal"},
                         {"$ref": "#/definitions/encryption_wpa3_enterprise_ap"},
                         {"$ref": "#/definitions/encryption_wpa3_2_personal"},
+                        {"$ref": "#/definitions/encryption_wpa3_2_enterprise_ap"},
                         {"$ref": "#/definitions/encryption_wpa_personal"},
                         {"$ref": "#/definitions/encryption_wpa_enterprise_ap"},
                         {"$ref": "#/definitions/encryption_wps"},
@@ -381,6 +382,7 @@
                         {"$ref": "#/definitions/encryption_wpa3_personal"},
                         {"$ref": "#/definitions/encryption_wpa3_enterprise_sta"},
                         {"$ref": "#/definitions/encryption_wpa3_2_personal"},
+                        {"$ref": "#/definitions/encryption_wpa3_2_enterprise_sta"},
                         {"$ref": "#/definitions/encryption_wpa_personal"},
                         {"$ref": "#/definitions/encryption_wpa_enterprise_sta"},
                         {"$ref": "#/definitions/encryption_wep"},
@@ -620,6 +622,17 @@
                 }
             }
         },
+        "encryption_wpa3_2_enterprise_base_settings": {
+            "properties": {
+                "protocol": {
+                    "type": "string",
+                    "title": "encryption protocol",
+                    "enum": ["wpa2_enterprise_mixed"],
+                    "options": {"enum_titles": ["WPA3/WPA2 Enterprise Mixed Mode"]},
+                    "propertyOrder": 1,
+                }
+            }
+        },
         "encryption_wpa3_enterprise_ap": {
             "title": "WPA3 only Enterprise (access point)",
             "allOf": [
@@ -630,6 +643,16 @@
                 {"$ref": "#/definitions/encryption_wpa_enterprise_ap_base_settings"},
             ],
         },
+        "encryption_wpa3_2_enterprise_ap": {
+            "title": "WPA3/WPA2 Enterprise (access point)",
+            "allOf": [
+                {"$ref": "#/definitions/encryption_base_settings"},
+                {"$ref": "#/definitions/encryption_cipher_property"},
+                {"$ref": "#/definitions/encryption_mfp_property_optional"},
+                {"$ref": "#/definitions/encryption_wpa3_2_enterprise_base_settings"},
+                {"$ref": "#/definitions/encryption_wpa_enterprise_ap_base_settings"},
+            ],
+        },
         "encryption_wpa3_enterprise_sta": {
             "title": "WPA3 only Enterprise (client)",
             "additionalProperties": True,
@@ -640,6 +663,16 @@
                 {"$ref": "#/definitions/encryption_wpa_enterprise_sta_base_settings"},
             ],
         },
+        "encryption_wpa3_2_enterprise_sta": {
+            "title": "WPA3/WPA2 Enterprise (client)",
+            "additionalProperties": True,
+            "allOf": [
+                {"$ref": "#/definitions/encryption_cipher_property"},
+                {"$ref": "#/definitions/encryption_mfp_property_optional"},
+                {"$ref": "#/definitions/encryption_wpa3_2_enterprise_base_settings"},
+                {"$ref": "#/definitions/encryption_wpa_enterprise_sta_base_settings"},
+            ],
+        },
         "encryption_wpa_enterprise_base_settings": {
             "properties": {
                 "protocol": {

tests/openwrt/test_encryption.py

@@ -240,6 +240,55 @@ def test_parse_wpa_personal(self):
         o = OpenWrt(native=self._wpa_personal_uci)
         self.assertEqual(o.config, self._wpa_personal_netjson)
 
+    _wpa2_enterprise_mixed_ap_netjson = {
+        "interfaces": [
+            {
+                "name": "wlan0",
+                "type": "wireless",
+                "wireless": {
+                    "radio": "radio0",
+                    "mode": "access_point",
+                    "ssid": "enterprise-mixed",
+                    "encryption": {
+                        "protocol": "wpa2_enterprise_mixed",
+                        "cipher": "ccmp",
+                        "key": "radius_secret",
+                        "server": "192.168.0.1",
+                        "ieee80211w": "1",
+                    },
+                },
+            }
+        ]
+    }
+    _wpa2_enterprise_mixed_ap_uci = """package network
+
+config interface 'wlan0'
+    option ifname 'wlan0'
+    option proto 'none'
+
+package wireless
+
+config wifi-iface 'wifi_wlan0'
+    option device 'radio0'
+    option encryption 'wpa3-mixed+ccmp'
+    option ieee80211w '1'
+    option ifname 'wlan0'
+    option key 'radius_secret'
+    option mode 'ap'
+    option network 'wlan0'
+    option server '192.168.0.1'
+    option ssid 'enterprise-mixed'
+"""
+
+    def test_render_wpa2_enterprise_mixed_ap(self):
+        o = OpenWrt(self._wpa2_enterprise_mixed_ap_netjson)
+        expected = self._tabs(self._wpa2_enterprise_mixed_ap_uci)
+        self.assertEqual(o.render(), expected)
+
+    def test_parse_wpa2_enterprise_mixed_ap(self):
+        o = OpenWrt(native=self._wpa2_enterprise_mixed_ap_uci)
+        self.assertEqual(o.config, self._wpa2_enterprise_mixed_ap_netjson)
+
     _wpa3_enterprise_ap_netjson = {
         "interfaces": [
             {
@@ -1012,3 +1061,59 @@ def test_render_ieee80211w(self):
             OpenWrt(_netjson_wpa2_personal_mixed_cipher_tkip).render(),
             _uci_wpa2_personal_mixed_cipher_tkip,
         )
+
+        _netjson_wpa2_enterprise_mixed_cipher_tkip = {
+            "interfaces": [
+                {
+                    "name": "wlan0",
+                    "type": "wireless",
+                    "wireless": {
+                        "radio": "radio0",
+                        "mode": "access_point",
+                        "ssid": "wpa3-enterprise",
+                        "encryption": {
+                            "protocol": "wpa2_enterprise_mixed",
+                            "cipher": "tkip",
+                            "key": "radius_secret",
+                            "server": "192.168.0.1",
+                            "port": 1812,
+                            "acct_server": "192.168.0.2",
+                            "acct_port": 1813,
+                            "nasid": "2",
+                            "wpa_group_rekey": "350",
+                            "ieee80211w": "2",
+                        },
+                    },
+                }
+            ]
+        }
+        _uci_wpa2_enterprise_mixed_cipher_tkip = self._tabs(
+            """package network
+
+config interface 'wlan0'
+    option ifname 'wlan0'
+    option proto 'none'
+
+package wireless
+
+config wifi-iface 'wifi_wlan0'
+    option acct_port '1813'
+    option acct_server '192.168.0.2'
+    option device 'radio0'
+    option encryption 'wpa3-mixed+ccmp'
+    option ieee80211w '2'
+    option ifname 'wlan0'
+    option key 'radius_secret'
+    option mode 'ap'
+    option nasid '2'
+    option network 'wlan0'
+    option port '1812'
+    option server '192.168.0.1'
+    option ssid 'wpa3-enterprise'
+    option wpa_group_rekey '350'
+"""
+        )
+        self.assertEqual(
+            OpenWrt(_netjson_wpa2_enterprise_mixed_cipher_tkip).render(),
+            _uci_wpa2_enterprise_mixed_cipher_tkip,
+        )