wifi-scripts: introduce rxkh_file uci option

With rxkh_file, hostapd will read a list of RxKHs from a text file.
This also makes it possible for hostapd to dynamically reload RxKHs.

RxKHs defined in rxkh_file should be formated as described in hostapd.conf,
with one entry per line.

R0KH/R1KH format:
r0kh=<MAC address> <NAS Identifier> <256-bit key as hex string>
r1kh=<MAC address> <R1KH-ID> <256-bit key as hex string>

Reworked behavior of the uci options r0kh and r1kh.

When rxkh_file is not configured:
  Instead of appending the RxKHs to the hostapd bss configuration.
  They will be added to a interface specific file with name
  /var/run/hostapd-phyX-apX.rxkh.
  This file will be used as the rxkh_file in the hostapd bss configuration.

When rxkh_file is configured:
  The specified file will be used in the hostapd bss configuration,
  and will be the only source for configured RxKHs.
  All RxKHs defined with the uci options r0kh or r1kh will be ignored.

Signed-off-by: Sybil127 <sybil127@outlook.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
index 0b2241ea60ec9fa310c6a77cfc9a198f17511719..3285ee4312f37d356d06de8224e26c3d04a25ab9 100644 (file)
--- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
+++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
@@ -335,7 +335,7 @@ hostapd_common_add_bss_config() {
 
        config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
        config_add_int r0_key_lifetime reassociation_deadline
-       config_add_string mobility_domain r1_key_holder
+       config_add_string mobility_domain r1_key_holder rxkh_file
        config_add_array r0kh r1kh
 
        config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
@@ -592,7 +592,7 @@ hostapd_set_bss_options() {
 
        wireless_vif_parse_encryption
 
-       local bss_conf bss_md5sum ft_key
+       local bss_conf bss_md5sum ft_key rxkhs
        local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt
 
        json_get_vars \
@@ -981,7 +981,7 @@ hostapd_set_bss_options() {
                        append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
 
                        if [ "$ft_psk_generate_local" -eq "0" ]; then
-                               json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
+                               json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push rxkh_file
                                json_get_values r0kh r0kh
                                json_get_values r1kh r1kh
 
@@ -1003,12 +1003,20 @@ hostapd_set_bss_options() {
                                append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
                                append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
 
-                               for kh in $r0kh; do
-                                       append bss_conf "r0kh=${kh//,/ }" "$N"
-                               done
-                               for kh in $r1kh; do
-                                       append bss_conf "r1kh=${kh//,/ }" "$N"
-                               done
+                               if [ -z "$rxkh_file" ]; then
+                                       set_default rxkh_file /var/run/hostapd-$ifname.rxkh
+                                       [ -e "$rxkh_file" ] && rm -f "$rxkh_file"
+                                       touch "$rxkh_file"
+
+                                       for kh in $r0kh; do
+                                               append rxkhs "r0kh=${kh//,/ }" "$N"
+                                       done
+                                       for kh in $r1kh; do
+                                               append rxkhs "r1kh=${kh//,/ }" "$N"
+                                       done
+                                       echo "$rxkhs" > "$rxkh_file"
+                               fi
+                               append bss_conf "rxkh_file=$rxkh_file" "$N"
                        fi
                fi