[openwrt/openwrt] hostapd: fallback to psk when generating r0kh/r1kh

LEDE Commits lede-commits at lists.infradead.org
Sat Feb 19 07:15:19 PST 2022 

blocktrron pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/e6df13d0e16dd394ca26a80feeb013234948e875

commit e6df13d0e16dd394ca26a80feeb013234948e875
Author: Eneas U de Queiroz <cotequeiroz at gmail.com>
AuthorDate: Fri Jan 7 17:19:36 2022 -0300

    hostapd: fallback to psk when generating r0kh/r1kh
    
    The 80211r r0kh and r1kh defaults are generated from the md5sum of
    "$mobility_domain/$auth_secret".  auth_secret is only set when using EAP
    authentication, but the default key is used for SAE/PSK as well.  In
    this case,  auth_secret is empty, and the default value of the key can
    be computed from the SSID alone.
    
    Fallback to using $key when auth_secret is empty.  While at it, rename
    the variable holding the generated key from 'key' to 'ft_key', to avoid
    clobbering the PSK.
    
    Signed-off-by: Eneas U de Queiroz <cotequeiroz at gmail.com>
    [make ft_key local]
    Signed-off-by: David Bauer <mail at david-bauer.net>
---
 package/network/services/hostapd/files/hostapd.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index d9d5f34877..157a7ad3e0 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -526,7 +526,7 @@ hostapd_set_bss_options() {
 
 	wireless_vif_parse_encryption
 
-	local bss_conf bss_md5sum
+	local bss_conf bss_md5sum ft_key
 	local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt
 
 	json_get_vars \
@@ -876,10 +876,10 @@ hostapd_set_bss_options() {
 				set_default pmk_r1_push 0
 
 				[ -n "$r0kh" -a -n "$r1kh" ] || {
-					key=`echo -n "$mobility_domain/$auth_secret" | md5sum | awk '{print $1}'`
+					ft_key=`echo -n "$mobility_domain/${auth_secret:-${key}}" | md5sum | awk '{print $1}'`
 
-					set_default r0kh "ff:ff:ff:ff:ff:ff,*,$key"
-					set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key"
+					set_default r0kh "ff:ff:ff:ff:ff:ff,*,$ft_key"
+					set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$ft_key"
 				}
 
 				[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"

More information about the lede-commits mailing list