hostapd: manually generate roaming keys when SAE is used

Fixes: WIFI-10570 Signed-off-by: John Crispin <john@phrozen.org>
2025-10-29 09:32:34 +00:00 · 2022-08-23 17:09:08 +02:00
parent 30c2c68579
commit a3fc407f25
2 changed files with 58 additions and 2 deletions
--- a/feeds/wifi-ax/hostapd/files/hostapd.sh
+++ b/feeds/wifi-ax/hostapd/files/hostapd.sh
@@ -888,16 +888,22 @@ hostapd_set_bss_options() {
 			set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)"
 			set_default ft_over_ds 1
 			set_default reassociation_deadline 1000
+			skip_kh_setup=0

 			case "$auth_type" in
-				psk|sae|psk-sae)
+				psk|psk-sae)
 					set_default ft_psk_generate_local 1
+					skip_kh_setup="$ft_psk_generate_local"
 				;;
 				*)
 					set_default ft_psk_generate_local 0
 				;;
 			esac

+			case "$auth_type" in
+				*sae*) skip_kh_setup=0;;
+			esac
+
 			[ -n "$network_ifname" ] && append bss_conf "ft_iface=$network_ifname" "$N"
 			append bss_conf "mobility_domain=$mobility_domain" "$N"
 			append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
@@ -905,7 +911,7 @@ hostapd_set_bss_options() {
 			append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
 			[ -n "$nasid" ] || append bss_conf "nas_identifier=${macaddr//\:}" "$N"

-			if [ "$ft_psk_generate_local" -eq "0" ]; then
+			if [ "$skip_kh_setup" -eq "0" ]; then
 				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
 				json_get_values r0kh r0kh
 				json_get_values r1kh r1kh
--- a/patches/wifi/0017-hostapd-generate-roaming-keys-in-the-script-for-SAE.patch
+++ b/patches/wifi/0017-hostapd-generate-roaming-keys-in-the-script-for-SAE.patch
@@ -0,0 +1,50 @@
+From c0af612592f14c0fe56be59818f598dff31da32f Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Tue, 23 Aug 2022 17:08:08 +0200
+Subject: [PATCH] hostapd: generate roaming keys in the script for SAE
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/network/services/hostapd/files/hostapd.sh | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
+index 6bf94f5474..ff9f197c82 100644
+--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
+@@ -886,16 +886,22 @@ hostapd_set_bss_options() {
+ 			set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)"
+ 			set_default ft_over_ds 1
+ 			set_default reassociation_deadline 1000
+			skip_kh_setup=0
+ 
+ 			case "$auth_type" in
+-				psk|sae|psk-sae)
+				psk|psk-sae)
+ 					set_default ft_psk_generate_local 1
+					skip_kh_setup="$ft_psk_generate_local"
+ 				;;
+ 				*)
+ 					set_default ft_psk_generate_local 0
+ 				;;
+ 			esac
+ 
+			case "$auth_type" in
+				*sae*) skip_kh_setup=0;;
+			esac
+
+ 			[ -n "$network_ifname" ] && append bss_conf "ft_iface=$network_ifname" "$N"
+ 			append bss_conf "mobility_domain=$mobility_domain" "$N"
+ 			append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
+@@ -903,7 +909,7 @@ hostapd_set_bss_options() {
+ 			append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
+ 			[ -n "$nasid" ] || append bss_conf "nas_identifier=${macaddr//\:}" "$N"
+ 
+-			if [ "$ft_psk_generate_local" -eq "0" ]; then
+			if [ "$skip_kh_setup" -eq "0" ]; then
+ 				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
+ 				json_get_values r0kh r0kh
+ 				json_get_values r1kh r1kh
+-- 
+2.25.1
+