[openwrt/openwrt] hostapd: support eap-eap2 and eap2 auth_type values

[LEDE Commits]

nbd pushed a commit to openwrt/openwrt.git, branch openwrt-23.05:
https://git.openwrt.org/6798f156f910b227abf21b683ab3723663a9de02

commit 6798f156f910b227abf21b683ab3723663a9de02
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Thu Aug 31 11:16:42 2023 +0200

    hostapd: support eap-eap2 and eap2 auth_type values
    
    WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
    WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.
    
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
    (cherry picked from commit b63df6ce5d0639e6106967fd445c96518da52afb)
---
 package/network/services/hostapd/files/hostapd.sh | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 36aa6273b6..830752cd87 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -52,12 +52,20 @@ hostapd_append_wpa_key_mgmt() {
 		;;
 		eap-eap192)
 			append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
-			append wpa_key_mgmt "WPA-EAP"
+			append wpa_key_mgmt "WPA-EAP-SHA256"
 			[ "${ieee80211r:-0}" -gt 0 ] && {
 				append wpa_key_mgmt "FT-EAP-SHA384"
 				append wpa_key_mgmt "FT-EAP"
 			}
-			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
+		;;
+		eap-eap2)
+			append wpa_key_mgmt "WPA-EAP"
+			append wpa_key_mgmt "WPA-EAP-SHA256"
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+		;;
+		eap2)
+			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+			append wpa_key_mgmt "WPA-EAP-SHA256"
 		;;
 		sae)
 			append wpa_key_mgmt "SAE"
@@ -642,12 +650,12 @@ hostapd_set_bss_options() {
 	[ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N"
 
 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192)
+		sae|owe|eap2|eap192|eap-eap192)
 			set_default ieee80211w 2
 			set_default sae_require_mfp 1
 			set_default sae_pwe 2
 		;;
-		psk-sae)
+		psk-sae|eap-eap2)
 			set_default ieee80211w 1
 			set_default sae_require_mfp 1
 			set_default sae_pwe 2
@@ -698,7 +706,7 @@ hostapd_set_bss_options() {
 			vlan_possible=1
 			wps_possible=1
 		;;
-		eap|eap192|eap-eap192)
+		eap|eap2|eap-eap2|eap192|eap-eap192)
 			json_get_vars \
 				auth_server auth_secret auth_port \
 				dae_client dae_secret dae_port \
@@ -1305,7 +1313,7 @@ wpa_supplicant_add_network() {
 		default_disabled
 
 	case "$auth_type" in
-		sae|owe|eap192|eap-eap192)
+		sae|owe|eap2|eap192|eap-eap192)
 			set_default ieee80211w 2
 		;;
 		psk-sae)
@@ -1388,7 +1396,7 @@ wpa_supplicant_add_network() {
 			fi
 			append network_data "$passphrase" "$N$T"
 		;;
-		eap|eap192|eap-eap192)
+		eap|eap2|eap192|eap-eap192)
 			hostapd_append_wpa_key_mgmt
 			key_mgmt="$wpa_key_mgmt"