[PATCH] hostapd: fallback to psk when generating r0kh/r1kh

[Eneas U de Queiroz]

I have sent this a while ago.  Can anyone review this (Felix, as the
author of r0kh/r1kh generator?).

On Fri, Jan 7, 2022 at 5:19 PM Eneas U de Queiroz <cotequeiroz at gmail.com> wrote:
>
> The 80211r r0kh and r1kh defaults are generated from the md5sum of
> "$mobility_domain/$auth_secret".  auth_secret is only set when using EAP
> authentication, but the default key is used for SAE/PSK as well.  In
> this case,  auth_secret is empty, and the default value of the key can
> be computed from the SSID alone.
>
> Fallback to using $key when auth_secret is empty.  While at it, rename
> the variable holding the generated key from 'key' to 'ft_key', to avoid
> clobbering the PSK.
>
> Signed-off-by: Eneas U de Queiroz <cotequeiroz at gmail.com>
> ---
>
> This should be cherry-picked to 21.02 as well.
>
>  package/network/services/hostapd/files/hostapd.sh | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
> index d9d5f34877..e00fc21cd9 100644
> --- a/package/network/services/hostapd/files/hostapd.sh
> +++ b/package/network/services/hostapd/files/hostapd.sh
> @@ -876,10 +876,10 @@ hostapd_set_bss_options() {
>                                 set_default pmk_r1_push 0
>
>                                 [ -n "$r0kh" -a -n "$r1kh" ] || {
> -                                       key=`echo -n "$mobility_domain/$auth_secret" | md5sum | awk '{print $1}'`
> +                                       ft_key=`echo -n "$mobility_domain/${auth_secret:-${key}}" | md5sum | awk '{print $1}'`
>
> -                                       set_default r0kh "ff:ff:ff:ff:ff:ff,*,$key"
> -                                       set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key"
> +                                       set_default r0kh "ff:ff:ff:ff:ff:ff,*,$ft_key"
> +                                       set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$ft_key"
>                                 }
>
>                                 [ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"


So that one can grasp a bit better what this is about--the commit
message was under par--see this post:

https://forum.openwrt.org/t/802-11r-fast-transition-how-to-understand-that-ft-works/110920/81?u=cotequeiroz

Basically, if you have ieee80211r=1, ft_psk_generate_local=0, and have
not setup r0kh or r1kh, then hostapd.sh will generate a 128-bit key
from the 2-byte mobility domain (defaults to the first 2 byes of the
SSID md5sum) and the auth_secret.

The intention of the script originally was to support just EAP, so it
uses the auth_secret to generate a key.  However, it is possible
(ft_psk_generate_local does not work with SAE) to use generated keys
when using PSK, in which case auth_secret will not be ordinarily set,
and the default key can be trivially computed.

Cheers,

Eneas