[feature] OpenWrt: Added support for WPA3/WPA2 Personal Mixed #194

masap · nemesifier · commit d74fa868f9a1 · 2022-03-19T12:47:05.000-03:00
This patch is tested on these. - OpenWrt: latest (4b587f25614f3f7215360f96807ce760fa4ef3aa) - hardware: TP-Link Archer C6 v2 Related to #194 Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
diff --git a/netjsonconfig/backends/openwrt/converters/wireless.py b/netjsonconfig/backends/openwrt/converters/wireless.py
@@ -95,6 +95,7 @@ def __intermediate_encryption(self, wireless):
             'wpa2_personal': 'psk2',
             'wpa3_personal': 'sae',
             'wpa_personal_mixed': 'psk-mixed',
+            'wpa2_personal_mixed': 'sae-mixed',
             'wpa_enterprise': 'wpa',
             'wpa2_enterprise': 'wpa2',
             'wpa3_enterprise': 'wpa3',
@@ -123,7 +124,11 @@ def __intermediate_encryption(self, wireless):
             uci['key'] = encryption['key']
         # add ciphers
         cipher = encryption.get('cipher')
-        if protocol == 'wpa3_personal' or protocol == 'wpa3_enterprise':
+        if (
+            protocol == 'wpa3_personal'
+            or protocol == 'wpa3_enterprise'
+            or protocol == 'wpa2_personal_mixed'
+        ):
             cipher = 'ccmp'
         if cipher and protocol.startswith('wpa') and cipher != 'auto':
             uci['encryption'] += '+{0}'.format(cipher)
@@ -260,6 +265,7 @@ def __netjson_encryption(self, wifi):
                 'psk2': 'wpa2_personal',
                 'sae': 'wpa3_personal',
                 'psk-mixed': 'wpa_personal_mixed',
+                'sae-mixed': 'wpa2_personal_mixed',
                 'wpa': 'wpa_enterprise',
                 'wpa2': 'wpa2_enterprise',
                 'wpa3': 'wpa3_enterprise',
diff --git a/netjsonconfig/schema.py b/netjsonconfig/schema.py
@@ -360,6 +360,7 @@
                         {"$ref": "#/definitions/encryption_none"},
                         {"$ref": "#/definitions/encryption_wpa3_personal"},
                         {"$ref": "#/definitions/encryption_wpa3_enterprise_ap"},
+                        {"$ref": "#/definitions/encryption_wpa3_2_personal"},
                         {"$ref": "#/definitions/encryption_wpa_personal"},
                         {"$ref": "#/definitions/encryption_wpa_enterprise_ap"},
                         {"$ref": "#/definitions/encryption_wps"},
@@ -379,6 +380,7 @@
                         {"$ref": "#/definitions/encryption_none"},
                         {"$ref": "#/definitions/encryption_wpa3_personal"},
                         {"$ref": "#/definitions/encryption_wpa3_enterprise_sta"},
+                        {"$ref": "#/definitions/encryption_wpa3_2_personal"},
                         {"$ref": "#/definitions/encryption_wpa_personal"},
                         {"$ref": "#/definitions/encryption_wpa_enterprise_sta"},
                         {"$ref": "#/definitions/encryption_wep"},
@@ -470,6 +472,18 @@
                 }
             },
         },
+        "encryption_mfp_property_optional": {
+            "required": ["ieee80211w"],
+            "properties": {
+                "ieee80211w": {
+                    "type": "string",
+                    "title": "management frame protection",
+                    "enum": ["1", "2"],
+                    "options": {"enum_titles": ["optional", "required"]},
+                    "propertyOrder": 4,
+                }
+            },
+        },
         "encryption_wpa3_personal": {
             "title": "WPA3 only Personal",
             "allOf": [
@@ -487,6 +501,25 @@
                 },
             ],
         },
+        "encryption_wpa3_2_personal": {
+            "title": "WPA3/WPA2 Personal",
+            "allOf": [
+                {"$ref": "#/definitions/encryption_base_settings"},
+                {"$ref": "#/definitions/encryption_cipher_property"},
+                {"$ref": "#/definitions/encryption_mfp_property_optional"},
+                {
+                    "properties": {
+                        "protocol": {
+                            "enum": ["wpa2_personal_mixed"],
+                            "options": {
+                                "enum_titles": ["WPA3/WPA2 Personal Mixed Mode"]
+                            },
+                        },
+                        "key": {"minLength": 8},
+                    }
+                },
+            ],
+        },
         "encryption_wpa_personal": {
             "title": "WPA2/WPA Personal",
             "allOf": [
@@ -504,7 +537,7 @@
                             "options": {
                                 "enum_titles": [
                                     "WPA2 Personal",
-                                    "WPA Personal Mixed Mode",
+                                    "WPA2/WPA Personal Mixed Mode",
                                     "WPA Personal",
                                 ]
                             },
@@ -620,7 +653,7 @@
                     "options": {
                         "enum_titles": [
                             "WPA2 Enterprise",
-                            "WPA Enterprise Mixed Mode",
+                            "WPA2/WPA Enterprise Mixed Mode",
                             "WPA Enterprise",
                         ]
                     },
diff --git a/tests/openwrt/test_encryption.py b/tests/openwrt/test_encryption.py
@@ -54,6 +54,53 @@ def test_parse_wpa3_personal(self):
         o = OpenWrt(native=self._wpa3_personal_uci)
         self.assertEqual(o.config, self._wpa3_personal_netjson)
 
+    _wpa2_personal_mixed_netjson = {
+        "interfaces": [
+            {
+                "name": "wlan0",
+                "type": "wireless",
+                "wireless": {
+                    "radio": "radio0",
+                    "mode": "access_point",
+                    "ssid": "wpa2-3-personal-mixed",
+                    "encryption": {
+                        "protocol": "wpa2_personal_mixed",
+                        "cipher": "ccmp",
+                        "key": "passphrase012345",
+                        "ieee80211w": "1",
+                    },
+                },
+            }
+        ]
+    }
+    _wpa2_personal_mixed_uci = """package network
+
+config interface 'wlan0'
+    option ifname 'wlan0'
+    option proto 'none'
+
+package wireless
+
+config wifi-iface 'wifi_wlan0'
+    option device 'radio0'
+    option encryption 'sae-mixed+ccmp'
+    option ieee80211w '1'
+    option ifname 'wlan0'
+    option key 'passphrase012345'
+    option mode 'ap'
+    option network 'wlan0'
+    option ssid 'wpa2-3-personal-mixed'
+"""
+
+    def test_render_wpa2_personal_mixed(self):
+        o = OpenWrt(self._wpa2_personal_mixed_netjson)
+        expected = self._tabs(self._wpa2_personal_mixed_uci)
+        self.assertEqual(o.render(), expected)
+
+    def test_parse_wpa2_personal_mixed(self):
+        o = OpenWrt(native=self._wpa2_personal_mixed_uci)
+        self.assertEqual(o.config, self._wpa2_personal_mixed_netjson)
+
     _wpa2_personal_netjson = {
         "interfaces": [
             {
@@ -921,3 +968,47 @@ def test_render_ieee80211w(self):
             OpenWrt(_netjson_wpa3_enterprise_cipher_tkip).render(),
             _uci_wpa3_enterprise_cipher_tkip,
         )
+
+        _netjson_wpa2_personal_mixed_cipher_tkip = {
+            "interfaces": [
+                {
+                    "name": "wlan0",
+                    "type": "wireless",
+                    "wireless": {
+                        "radio": "radio0",
+                        "mode": "access_point",
+                        "ssid": "wpa2-3-personal-mixed",
+                        "encryption": {
+                            "protocol": "wpa2_personal_mixed",
+                            "cipher": "tkip",
+                            "key": "passphrase012345",
+                            "ieee80211w": "2",
+                        },
+                    },
+                }
+            ]
+        }
+        _uci_wpa2_personal_mixed_cipher_tkip = self._tabs(
+            """package network
+
+config interface 'wlan0'
+    option ifname 'wlan0'
+    option proto 'none'
+
+package wireless
+
+config wifi-iface 'wifi_wlan0'
+    option device 'radio0'
+    option encryption 'sae-mixed+ccmp'
+    option ieee80211w '2'
+    option ifname 'wlan0'
+    option key 'passphrase012345'
+    option mode 'ap'
+    option network 'wlan0'
+    option ssid 'wpa2-3-personal-mixed'
+"""
+        )
+        self.assertEqual(
+            OpenWrt(_netjson_wpa2_personal_mixed_cipher_tkip).render(),
+            _uci_wpa2_personal_mixed_cipher_tkip,
+        )
