Add REKEY_PTK to allow upper layer request to force PTK rekeying
"REKEY_PTK <STA MAC address>" can now be used to force rekeying of the PTK for the specified associated STA. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
ced15c8ba8
commit
04283cf36b
3 changed files with 33 additions and 0 deletions
|
|
@ -2524,6 +2524,22 @@ static int hostapd_ctrl_resend_group_m1(struct hostapd_data *hapd,
|
|||
}
|
||||
|
||||
|
||||
static int hostapd_ctrl_rekey_ptk(struct hostapd_data *hapd, const char *cmd)
|
||||
{
|
||||
struct sta_info *sta;
|
||||
u8 addr[ETH_ALEN];
|
||||
|
||||
if (hwaddr_aton(cmd, addr))
|
||||
return -1;
|
||||
|
||||
sta = ap_get_sta(hapd, addr);
|
||||
if (!sta || !sta->wpa_sm)
|
||||
return -1;
|
||||
|
||||
return wpa_auth_rekey_ptk(hapd->wpa_auth, sta->wpa_sm);
|
||||
}
|
||||
|
||||
|
||||
static int hostapd_ctrl_get_pmksa_pmk(struct hostapd_data *hapd, const u8 *addr,
|
||||
char *buf, size_t buflen)
|
||||
{
|
||||
|
|
@ -3670,6 +3686,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
|
|||
} else if (os_strncmp(buf, "RESEND_GROUP_M1 ", 16) == 0) {
|
||||
if (hostapd_ctrl_resend_group_m1(hapd, buf + 16) < 0)
|
||||
reply_len = -1;
|
||||
} else if (os_strncmp(buf, "REKEY_PTK ", 10) == 0) {
|
||||
if (hostapd_ctrl_rekey_ptk(hapd, buf + 10) < 0)
|
||||
reply_len = -1;
|
||||
} else if (os_strcmp(buf, "REKEY_GTK") == 0) {
|
||||
if (wpa_auth_rekey_gtk(hapd->wpa_auth) < 0)
|
||||
reply_len = -1;
|
||||
|
|
|
|||
|
|
@ -5643,6 +5643,18 @@ int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth)
|
|||
}
|
||||
|
||||
|
||||
int wpa_auth_rekey_ptk(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm)
|
||||
{
|
||||
if (!wpa_auth || !sm)
|
||||
return -1;
|
||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
|
||||
wpa_request_new_ptk(sm);
|
||||
wpa_sm_step(sm);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val)
|
||||
{
|
||||
if (wpa_auth)
|
||||
|
|
|
|||
|
|
@ -553,6 +553,8 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
|
|||
int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
|
||||
void (*cb)(void *ctx1, void *ctx2),
|
||||
void *ctx1, void *ctx2);
|
||||
int wpa_auth_rekey_ptk(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm);
|
||||
int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth);
|
||||
void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm);
|
||||
void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val);
|
||||
|
|
|
|||
Loading…
Reference in a new issue