local channel_bandwidth
local country_code="$(wireless_get_reg_domain)"
local dfs="on"
- local encryption
local environment="${WIRELESS_DEFAULT_ENVIRONMENT}"
- local key
local mfp="off"
local mode
+ local secret
local ssid
local wmm="1"
+ local wpa2_personal="off"
+ local wpa3_personal="off"
while [ $# -gt 0 ]; do
case "${1}" in
--environment=*)
environment="$(cli_get_val "${1}")"
;;
- --key=*)
- key=$(cli_get_val "${1}")
- ;;
--mfp=*)
mfp="$(cli_get_val "${1}")"
;;
return ${EXIT_ERROR}
fi
;;
+ --secret=*)
+ secret="$(cli_get_val "${1}")"
+ ;;
--ssid=*)
ssid=$(cli_get_val "${1}")
;;
wmm="0"
fi
;;
+ --wpa2-personal=*)
+ wpa2_personal="$(cli_get_bool "${1}")"
+ ;;
+ --wpa3-personal=*)
+ wpa3_personal="$(cli_get_bool "${1}")"
+ ;;
*)
warning_log "Ignoring unknown argument '${1}'."
;;
assert isset mode
assert isset ssid
- # Check if key is set when encryption is used.
- if isset encryption; then
- assert isoneof encryption WPA2
- assert isset key
- fi
-
# Check wireless environment
if ! wireless_environment_is_valid "${environment}"; then
error "Invalid wireless environment: ${environment}"
return ${EXIT_ERROR}
fi
+ # Check if secret is set for personal authentication
+ if ! isset secret && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then
+ error "Secret not set but personal authentication enabled"
+ return ${EXIT_ERROR}
+ fi
+
# 802.11ac/n flags
local ieee80211ac
local ieee80211n
print
) >> ${file}
- # Encryption settings
- if isset encryption; then
- local encryption_mode=0
- case "${encryption}" in
- WPA2)
- encryption_mode=2
- ;;
- esac
+ # Authentication Settings
+ local wpa
+ local wpa_key_mgmt
+ local wpa_passphrase
+ local sae_password
+ local wpa_strict_rekey
+
+ # WPA3 Personal
+ if enabled WPA3_PERSONAL; then
+ # Enable RSN
+ wpa="2"
+
+ # Add WPA key management
+ list_append wpa_key_mgmt "SAE"
+ sae_password="${secret}"
+ fi
+
+ # WPA2 Personal
+ if enabled WPA2_PERSONAL; then
+ # Enable RSN
+ wpa="2"
+
+ # Add WPA key management
+ list_append wpa_key_mgmt "WPA-PSK-SHA256" "WPA-PSK"
+ wpa_passphrase="${secret}"
- (
- print "# Encryption settings"
- print "wpa=${encryption_mode}"
- print "wpa_passphrase=${key}"
- print "wpa_key_mgmt=WPA-PSK-SHA256 WPA-PSK"
- print "wpa_pairwise=${pairwise_ciphers[*]}"
- print "rsn_pairwise=${pairwise_ciphers[*]}"
- print "group_cipher=${group_ciphers[*]}"
- print
- ) >> ${file}
+ # Enable WPA strict rekey
+ wpa_strict_rekey="1"
fi
+ # Enable RSN ciphers when RSN is enabled
+ local rsn_pairwise
+ local group_cipher
+ if [ "${wpa}" = "2" ]; then
+ rsn_pairwise="${pairwise_ciphers[*]}"
+ group_cipher="${group_ciphers[*]}"
+ fi
+
+ local var
+ for var in wpa wpa_key_mgmt wpa_passphrase sae_password \
+ rsn_pairwise group_cipher wpa_strict_rekey; do
+ if [ -n "${!var}" ]; then
+ print "${var}=${!var}"
+ fi
+ done >> "${file}"
+
# Log configuration file
file_to_log DEBUG "${file}"
"CHANNEL"
"CHANNEL_BANDWIDTH"
"DFS"
- "ENCRYPTION"
"ENVIRONMENT"
- "KEY"
"MFP"
"MODE"
"PHY"
+ "SECRET"
"SSID"
+ "WPA3_PERSONAL"
+ "WPA2_PERSONAL"
)
+# Disable WPA3+2 by default
+DEFAULT_WPA3_PERSONAL="off"
+DEFAULT_WPA2_PERSONAL="off"
+
# Broadcast SSID by default
DEFAULT_BROADCAST_SSID="on"
assert ismac PHY
assert isset SSID
- if isset ENCRYPTION; then
- assert isoneof ENCRYPTION WPA2
-
- assert isset KEY
- assert [ ${#KEY} -ge 8 ]
- assert [ ${#KEY} -le 63 ]
- fi
-
assert wireless_environment_is_valid "${ENVIRONMENT}"
}
return ${EXIT_ERROR}
fi
;;
- --encryption=*)
- ENCRYPTION=$(cli_get_val "${1}")
- ;;
--environment=*)
ENVIRONMENT="$(cli_get_val "${1}")"
return ${EXIT_ERROR}
fi
;;
- --key=*)
- KEY=$(cli_get_val "${1}")
- ;;
--mac=*)
ADDRESS=$(cli_get_val "${1}")
;;
--phy=*)
PHY=$(cli_get_val "${1}")
;;
+ --secret=*)
+ SECRET="$(cli_get_val "${1}")"
+ ;;
--ssid=*)
SSID=$(cli_get_val "${1}")
;;
+ --wpa2-personal=*)
+ WPA2_PERSONAL="$(cli_get_bool "${1}")"
+ ;;
+ --wpa3-personal=*)
+ WPA3_PERSONAL="$(cli_get_bool "${1}")"
+ ;;
*)
warning "Ignoring unknown argument '${1}'"
;;
return ${EXIT_ERROR}
fi
+ # Check if SECRET is set when WPA* is enabled
+ if ! isset SECRET && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then
+ error "Secret is not set when PSK authentication is enabled"
+ return ${EXIT_ERROR}
+ fi
+
# Save address of phy do identify it again
PHY=$(phy_get ${PHY})
PHY=$(phy_get_address ${PHY})