wifi-scripts: on psk-sae configurations, disable PSK support on 6 GHz

This allows sharing a wifi-iface section across bands while enforcing the no-PSK
rule for 6 GHz

Signed-off-by: Felix Fietkau <[email protected]>

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc

@@ -76,8 +76,6 @@ function iface_accounting_server(config) {
 }
 
 function iface_auth_type(config) {
-	iface.parse_encryption(config);
-
 	if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192' ]) {
 		config.ieee80211w = 2;
 		config.sae_require_mfp = 1;
@@ -432,13 +430,21 @@ function iface_interworking(config) {
 	]);
 }
 
-export function generate(interface, config, vlans, stas, phy_features) {
+export function generate(interface, data, config, vlans, stas, phy_features) {
 	config.ctrl_interface = '/var/run/hostapd';
 
 	iface_stations(config, stas);
 
 	iface_setup(config);
 
+	iface.parse_encryption(config);
+	if (data.config.band == '6g') {
+		if (config.auth_type == 'psk-sae')
+			config.auth_type = 'sae';
+		if (config.auth_type == 'eap-eap2')
+			config.auth_type = 'eap2';
+	}
+
 	iface_auth_type(config);
 
 	iface_accounting_server(config);

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc

@@ -523,11 +523,11 @@ function generate(config) {
 }
 
 let iface_idx = 0;
-function setup_interface(interface, config, vlans, stas, phy_features, fixup) {
+function setup_interface(interface, data, config, vlans, stas, phy_features, fixup) {
 	config = { ...config, fixup };
 
 	config.idx = iface_idx++;
-	ap.generate(interface, config, vlans, stas, phy_features);
+	ap.generate(interface, data, config, vlans, stas, phy_features);
 }
 
 export function setup(data) {
@@ -556,9 +556,9 @@ export function setup(data) {
 
 		let owe = interface.config.encryption == 'owe' && interface.config.owe_transition;
 
-		setup_interface(k, interface.config, interface.vlans, interface.stas, phy_features, owe ? 'owe' : null );
+		setup_interface(k, data, interface.config, interface.vlans, interface.stas, phy_features, owe ? 'owe' : null );
 		if (owe)
-			setup_interface(k, interface.config, interface.vlans, interface.stas, phy_features, 'owe-transition');
+			setup_interface(k, data, interface.config, interface.vlans, interface.stas, phy_features, 'owe-transition');
 	}
 
 	let config = dump_config(file_name);

package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh

@@ -64,9 +64,11 @@ hostapd_append_wpa_key_mgmt() {
 			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
 		;;
 		psk-sae)
-			append wpa_key_mgmt "WPA-PSK"
-			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
-			[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
+			[ "$band" = "6g" ] || {
+				append wpa_key_mgmt "WPA-PSK"
+				[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
+				[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
+			}
 			append wpa_key_mgmt "SAE"
 			[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
 		;;