jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add REKEY_PTK to allow upper layer request to force PTK rekeying

Browse source 
"REKEY_PTK <STA MAC address>" can now be used to force rekeying of the
PTK for the specified associated STA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2021-01-29 20:17:22 +02:00 committed by Jouni Malinen
parent ced15c8ba8
commit 04283cf36b
3 changed files with 33 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
hostapd/ctrl_iface.c
View file

@ -2524,6 +2524,22 @@ static int hostapd_ctrl_resend_group_m1(struct hostapd_data *hapd,
} }
static int hostapd_ctrl_rekey_ptk(struct hostapd_data *hapd, const char *cmd)
{
struct sta_info *sta;
u8 addr[ETH_ALEN];
if (hwaddr_aton(cmd, addr))
return -1;
sta = ap_get_sta(hapd, addr);
if (!sta || !sta->wpa_sm)
return -1;
return wpa_auth_rekey_ptk(hapd->wpa_auth, sta->wpa_sm);
}
static int hostapd_ctrl_get_pmksa_pmk(struct hostapd_data *hapd, const u8 *addr, static int hostapd_ctrl_get_pmksa_pmk(struct hostapd_data *hapd, const u8 *addr,
char *buf, size_t buflen) char *buf, size_t buflen)
{ {
@ -3670,6 +3686,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
} else if (os_strncmp(buf, "RESEND_GROUP_M1 ", 16) == 0) { } else if (os_strncmp(buf, "RESEND_GROUP_M1 ", 16) == 0) {
if (hostapd_ctrl_resend_group_m1(hapd, buf + 16) < 0) if (hostapd_ctrl_resend_group_m1(hapd, buf + 16) < 0)
reply_len = -1; reply_len = -1;
} else if (os_strncmp(buf, "REKEY_PTK ", 10) == 0) {
if (hostapd_ctrl_rekey_ptk(hapd, buf + 10) < 0)
reply_len = -1;
} else if (os_strcmp(buf, "REKEY_GTK") == 0) { } else if (os_strcmp(buf, "REKEY_GTK") == 0) {
if (wpa_auth_rekey_gtk(hapd->wpa_auth) < 0) if (wpa_auth_rekey_gtk(hapd->wpa_auth) < 0)
reply_len = -1; reply_len = -1;

12
src/ap/wpa_auth.c
View file

@ -5643,6 +5643,18 @@ int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth)
} }
int wpa_auth_rekey_ptk(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm)
{
if (!wpa_auth || !sm)
return -1;
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
wpa_request_new_ptk(sm);
wpa_sm_step(sm);
return 0;
}
void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val) void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val)
{ {
if (wpa_auth) if (wpa_auth)

2
src/ap/wpa_auth.h
View file

@ -553,6 +553,8 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
int wpa_auth_resend_group_m1(struct wpa_state_machine *sm, int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
void (*cb)(void *ctx1, void *ctx2), void (*cb)(void *ctx1, void *ctx2),
void *ctx1, void *ctx2); void *ctx1, void *ctx2);
int wpa_auth_rekey_ptk(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm);
int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth); int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth);
void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm); void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm);
void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val); void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val);