From 83fe4bd3bf55d394ee7882cdbb53de9914e81a2d Mon Sep 17 00:00:00 2001 From: Michael Braun Date: Thu, 18 May 2017 15:21:50 +0200 Subject: [PATCH] FT: Convert r0_key_lifetime to seconds Add a new configuration option ft_r0_key_lifetime that deprecates r0_key_lifetime. Though, the old configuration is still accepted for backwards compatibility. This simplifies testing. All other items are in seconds as well. In addition, this makes dot11FTR0KeyLifetime comment match with what got standardized in the end in IEEE Std 802.11r-2008. Signed-off-by: Michael Braun --- hostapd/config_file.c | 3 +++ hostapd/hostapd.conf | 5 +++-- src/ap/ap_config.c | 1 + src/ap/ap_config.h | 2 +- src/ap/wpa_auth.c | 4 ++-- src/ap/wpa_auth.h | 2 +- 6 files changed, 11 insertions(+), 6 deletions(-) diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 409d6cebf..5f957a0b5 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2744,6 +2744,9 @@ static int hostapd_config_fill(struct hostapd_config *conf, return 1; } } else if (os_strcmp(buf, "r0_key_lifetime") == 0) { + /* DEPRECATED: Use ft_r0_key_lifetime instead. */ + bss->r0_key_lifetime = atoi(pos) * 60; + } else if (os_strcmp(buf, "ft_r0_key_lifetime") == 0) { bss->r0_key_lifetime = atoi(pos); } else if (os_strcmp(buf, "reassociation_deadline") == 0) { bss->reassociation_deadline = atoi(pos); diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 0843a40e3..a15d990d1 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1524,9 +1524,10 @@ own_ip_addr=127.0.0.1 # 1 to 48 octet identifier. # This is configured with nas_identifier (see RADIUS client section above). -# Default lifetime of the PMK-RO in minutes; range 1..65535 +# Default lifetime of the PMK-R0 in seconds; range 60..4294967295 +# (default: 14 days / 1209600 seconds; 0 = disable timeout) # (dot11FTR0KeyLifetime) -#r0_key_lifetime=10000 +#ft_r0_key_lifetime=1209600 # PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID) # 6-octet identifier as a hex string. diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index dcc5ca60f..ad070c3d6 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -103,6 +103,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss) bss->rkh_neg_timeout = 60; bss->rkh_pull_timeout = 1000; bss->rkh_pull_retries = 4; + bss->r0_key_lifetime = 1209600; #endif /* CONFIG_IEEE80211R_AP */ bss->radius_das_time_window = 300; diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 77812ba93..58a63f902 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -350,7 +350,7 @@ struct hostapd_bss_config { /* IEEE 802.11r - Fast BSS Transition */ u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; u8 r1_key_holder[FT_R1KH_ID_LEN]; - u32 r0_key_lifetime; + u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */ int rkh_pos_timeout; int rkh_neg_timeout; int rkh_pull_timeout; /* ms */ diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index e0eae4a71..76d4b5f80 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -3028,7 +3028,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING) *pos++ = WLAN_EID_TIMEOUT_INTERVAL; *pos++ = 5; *pos++ = WLAN_TIMEOUT_KEY_LIFETIME; - WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); + WPA_PUT_LE32(pos, conf->r0_key_lifetime); pos += 4; } #endif /* CONFIG_IEEE80211R_AP */ @@ -4727,7 +4727,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm, *pos++ = WLAN_EID_TIMEOUT_INTERVAL; *pos++ = 5; *pos++ = WLAN_TIMEOUT_KEY_LIFETIME; - WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); + WPA_PUT_LE32(pos, conf->r0_key_lifetime); pos += 4; } #endif /* CONFIG_IEEE80211R_AP */ diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 6b1887bdc..dd106f410 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -186,7 +186,7 @@ struct wpa_auth_config { u8 r0_key_holder[FT_R0KH_ID_MAX_LEN]; size_t r0_key_holder_len; u8 r1_key_holder[FT_R1KH_ID_LEN]; - u32 r0_key_lifetime; + u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */ int rkh_pos_timeout; int rkh_neg_timeout; int rkh_pull_timeout; /* ms */