FT: Convert r0_key_lifetime to seconds

Add a new configuration option ft_r0_key_lifetime that deprecates r0_key_lifetime. Though, the old configuration is still accepted for backwards compatibility. This simplifies testing. All other items are in seconds as well. In addition, this makes dot11FTR0KeyLifetime comment match with what got standardized in the end in IEEE Std 802.11r-2008. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
7 years ago · 83fe4bd3bf
parent ee2c6bb5e5
commit 83fe4bd3bf
6 changed files with 11 additions and 6 deletions
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@ -2744,6 +2744,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 			return 1;
 		}
 	} else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
+		/* DEPRECATED: Use ft_r0_key_lifetime instead. */
+		bss->r0_key_lifetime = atoi(pos) * 60;
+	} else if (os_strcmp(buf, "ft_r0_key_lifetime") == 0) {
 		bss->r0_key_lifetime = atoi(pos);
 	} else if (os_strcmp(buf, "reassociation_deadline") == 0) {
 		bss->reassociation_deadline = atoi(pos);
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@ -1524,9 +1524,10 @@ own_ip_addr=127.0.0.1
 # 1 to 48 octet identifier.
 # This is configured with nas_identifier (see RADIUS client section above).

-# Default lifetime of the PMK-RO in minutes; range 1..65535
+# Default lifetime of the PMK-R0 in seconds; range 60..4294967295
+# (default: 14 days / 1209600 seconds; 0 = disable timeout)
 # (dot11FTR0KeyLifetime)
-#r0_key_lifetime=10000
+#ft_r0_key_lifetime=1209600

 # PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID)
 # 6-octet identifier as a hex string.
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@ -103,6 +103,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
 	bss->rkh_neg_timeout = 60;
 	bss->rkh_pull_timeout = 1000;
 	bss->rkh_pull_retries = 4;
+	bss->r0_key_lifetime = 1209600;
 #endif /* CONFIG_IEEE80211R_AP */

 	bss->radius_das_time_window = 300;
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@ -350,7 +350,7 @@ struct hostapd_bss_config {
 	/* IEEE 802.11r - Fast BSS Transition */
 	u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
 	u8 r1_key_holder[FT_R1KH_ID_LEN];
-	u32 r0_key_lifetime;
+	u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
 	int rkh_pos_timeout;
 	int rkh_neg_timeout;
 	int rkh_pull_timeout; /* ms */
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -3028,7 +3028,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
 		*pos++ = WLAN_EID_TIMEOUT_INTERVAL;
 		*pos++ = 5;
 		*pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
-		WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
+		WPA_PUT_LE32(pos, conf->r0_key_lifetime);
 		pos += 4;
 	}
 #endif /* CONFIG_IEEE80211R_AP */
@ -4727,7 +4727,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
 		*pos++ = WLAN_EID_TIMEOUT_INTERVAL;
 		*pos++ = 5;
 		*pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
-		WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
+		WPA_PUT_LE32(pos, conf->r0_key_lifetime);
 		pos += 4;
 	}
 #endif /* CONFIG_IEEE80211R_AP */
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@ -186,7 +186,7 @@ struct wpa_auth_config {
 	u8 r0_key_holder[FT_R0KH_ID_MAX_LEN];
 	size_t r0_key_holder_len;
 	u8 r1_key_holder[FT_R1KH_ID_LEN];
-	u32 r0_key_lifetime;
+	u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
 	int rkh_pos_timeout;
 	int rkh_neg_timeout;
 	int rkh_pull_timeout; /* ms */