diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 409d6cebf..5f957a0b5 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2744,6 +2744,9 @@ static int hostapd_config_fill(struct hostapd_config *conf, return 1; } } else if (os_strcmp(buf, "r0_key_lifetime") == 0) { + /* DEPRECATED: Use ft_r0_key_lifetime instead. */ + bss->r0_key_lifetime = atoi(pos) * 60; + } else if (os_strcmp(buf, "ft_r0_key_lifetime") == 0) { bss->r0_key_lifetime = atoi(pos); } else if (os_strcmp(buf, "reassociation_deadline") == 0) { bss->reassociation_deadline = atoi(pos); diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 0843a40e3..a15d990d1 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1524,9 +1524,10 @@ own_ip_addr=127.0.0.1 # 1 to 48 octet identifier. # This is configured with nas_identifier (see RADIUS client section above). -# Default lifetime of the PMK-RO in minutes; range 1..65535 +# Default lifetime of the PMK-R0 in seconds; range 60..4294967295 +# (default: 14 days / 1209600 seconds; 0 = disable timeout) # (dot11FTR0KeyLifetime) -#r0_key_lifetime=10000 +#ft_r0_key_lifetime=1209600 # PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID) # 6-octet identifier as a hex string. diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index dcc5ca60f..ad070c3d6 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -103,6 +103,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss) bss->rkh_neg_timeout = 60; bss->rkh_pull_timeout = 1000; bss->rkh_pull_retries = 4; + bss->r0_key_lifetime = 1209600; #endif /* CONFIG_IEEE80211R_AP */ bss->radius_das_time_window = 300; diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 77812ba93..58a63f902 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -350,7 +350,7 @@ struct hostapd_bss_config { /* IEEE 802.11r - Fast BSS Transition */ u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; u8 r1_key_holder[FT_R1KH_ID_LEN]; - u32 r0_key_lifetime; + u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */ int rkh_pos_timeout; int rkh_neg_timeout; int rkh_pull_timeout; /* ms */ diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index e0eae4a71..76d4b5f80 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -3028,7 +3028,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING) *pos++ = WLAN_EID_TIMEOUT_INTERVAL; *pos++ = 5; *pos++ = WLAN_TIMEOUT_KEY_LIFETIME; - WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); + WPA_PUT_LE32(pos, conf->r0_key_lifetime); pos += 4; } #endif /* CONFIG_IEEE80211R_AP */ @@ -4727,7 +4727,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm, *pos++ = WLAN_EID_TIMEOUT_INTERVAL; *pos++ = 5; *pos++ = WLAN_TIMEOUT_KEY_LIFETIME; - WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); + WPA_PUT_LE32(pos, conf->r0_key_lifetime); pos += 4; } #endif /* CONFIG_IEEE80211R_AP */ diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 6b1887bdc..dd106f410 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -186,7 +186,7 @@ struct wpa_auth_config { u8 r0_key_holder[FT_R0KH_ID_MAX_LEN]; size_t r0_key_holder_len; u8 r1_key_holder[FT_R1KH_ID_LEN]; - u32 r0_key_lifetime; + u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */ int rkh_pos_timeout; int rkh_neg_timeout; int rkh_pull_timeout; /* ms */