[PATCH] hostapd: fallback to psk when generating r0kh/r1kh

David Bauer mail at david-bauer.net
Fri Feb 18 10:15:27 PST 2022


Hi Eneas,

On 1/7/22 21:19, Eneas U de Queiroz wrote:
> The 80211r r0kh and r1kh defaults are generated from the md5sum of
> "$mobility_domain/$auth_secret".  auth_secret is only set when using EAP
> authentication, but the default key is used for SAE/PSK as well.  In
> this case,  auth_secret is empty, and the default value of the key can
> be computed from the SSID alone.
> 
> Fallback to using $key when auth_secret is empty.  While at it, rename
> the variable holding the generated key from 'key' to 'ft_key', to avoid
> clobbering the PSK.

Just so i get this right - This means the same configuration is 
incompatible between firmware containing this commit and firmware that 
does not? In this case i would not pick it it 21.02.

Otherwise LGTM.

Best
David

> 
> Signed-off-by: Eneas U de Queiroz <cotequeiroz at gmail.com>
> ---
> 
> This should be cherry-picked to 21.02 as well.
> 
>   package/network/services/hostapd/files/hostapd.sh | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
> index d9d5f34877..e00fc21cd9 100644
> --- a/package/network/services/hostapd/files/hostapd.sh
> +++ b/package/network/services/hostapd/files/hostapd.sh
> @@ -876,10 +876,10 @@ hostapd_set_bss_options() {
>   				set_default pmk_r1_push 0
>   
>   				[ -n "$r0kh" -a -n "$r1kh" ] || {
> -					key=`echo -n "$mobility_domain/$auth_secret" | md5sum | awk '{print $1}'`
> +					ft_key=`echo -n "$mobility_domain/${auth_secret:-${key}}" | md5sum | awk '{print $1}'`
>   
> -					set_default r0kh "ff:ff:ff:ff:ff:ff,*,$key"
> -					set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key"
> +					set_default r0kh "ff:ff:ff:ff:ff:ff,*,$ft_key"
> +					set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$ft_key"
>   				}
>   
>   				[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list