From 92662fb281833dc2eae30e2b25131efc906adbc8 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 25 Oct 2017 10:26:10 +0200 Subject: [PATCH] Allow forcing group rekeying for testing purposes In order to test the WoWLAN GTK rekeying KRACK mitigation, add a REKEY_GTK hostapd control interface command that can be used at certain points of the test. Signed-off-by: Johannes Berg --- hostapd/ctrl_iface.c | 3 +++ src/ap/wpa_auth.c | 9 +++++++++ src/ap/wpa_auth.h | 1 + 3 files changed, 13 insertions(+) diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c index af2a2821b..2e9c4c735 100644 --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c @@ -2922,6 +2922,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd, } else if (os_strncmp(buf, "RESEND_GROUP_M1 ", 16) == 0) { if (hostapd_ctrl_resend_group_m1(hapd, buf + 16) < 0) reply_len = -1; + } else if (os_strcmp(buf, "REKEY_GTK") == 0) { + if (wpa_auth_rekey_gtk(hapd->wpa_auth) < 0) + reply_len = -1; #endif /* CONFIG_TESTING_OPTIONS */ } else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) { if (hostapd_ctrl_iface_chan_switch(hapd->iface, buf + 12)) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 8265fa1ca..b0a36e42d 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -4773,4 +4773,13 @@ int wpa_auth_resend_group_m1(struct wpa_state_machine *sm, return 0; } + +int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth) +{ + if (!wpa_auth) + return -1; + eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); + return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL); +} + #endif /* CONFIG_TESTING_OPTIONS */ diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 22f33dd14..d21dd81c9 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -437,5 +437,6 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm, int wpa_auth_resend_group_m1(struct wpa_state_machine *sm, void (*cb)(void *ctx1, void *ctx2), void *ctx1, void *ctx2); +int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth); #endif /* WPA_AUTH_H */