Fix WPA reconfiguration to update GTK
The group key state machine needs to be re-initialized with possible updated GTK length when restarting WPA (e.g., when WPS was used to reconfigure the AP).
This commit is contained in:
Jouni Malinen
parent
1ff733383f
commit
e6965d4e5d
1 changed files with 35 additions and 15 deletions
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* hostapd - IEEE 802.11i-2004 / WPA Authenticator
|
||||
* Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
@ -43,6 +43,8 @@ static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
|
|||
static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_group *group);
|
||||
static void wpa_request_new_ptk(struct wpa_state_machine *sm);
|
||||
static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_group *group);
|
||||
|
||||
static const u32 dot11RSNAConfigGroupUpdateCount = 4;
|
||||
static const u32 dot11RSNAConfigPairwiseUpdateCount = 4;
|
||||
|
|
@ -285,6 +287,25 @@ static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
|
|||
}
|
||||
|
||||
|
||||
static void wpa_group_set_key_len(struct wpa_group *group, int cipher)
|
||||
{
|
||||
switch (cipher) {
|
||||
case WPA_CIPHER_CCMP:
|
||||
group->GTK_len = 16;
|
||||
break;
|
||||
case WPA_CIPHER_TKIP:
|
||||
group->GTK_len = 32;
|
||||
break;
|
||||
case WPA_CIPHER_WEP104:
|
||||
group->GTK_len = 13;
|
||||
break;
|
||||
case WPA_CIPHER_WEP40:
|
||||
group->GTK_len = 5;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
|
||||
int vlan_id)
|
||||
{
|
||||
|
|
@ -299,20 +320,7 @@ static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
|
|||
group->GTKAuthenticator = TRUE;
|
||||
group->vlan_id = vlan_id;
|
||||
|
||||
switch (wpa_auth->conf.wpa_group) {
|
||||
case WPA_CIPHER_CCMP:
|
||||
group->GTK_len = 16;
|
||||
break;
|
||||
case WPA_CIPHER_TKIP:
|
||||
group->GTK_len = 32;
|
||||
break;
|
||||
case WPA_CIPHER_WEP104:
|
||||
group->GTK_len = 13;
|
||||
break;
|
||||
case WPA_CIPHER_WEP40:
|
||||
group->GTK_len = 5;
|
||||
break;
|
||||
}
|
||||
wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
|
||||
|
||||
/* Counter = PRF-256(Random number, "Init Counter",
|
||||
* Local MAC Address || Time)
|
||||
|
|
@ -451,6 +459,7 @@ void wpa_deinit(struct wpa_authenticator *wpa_auth)
|
|||
int wpa_reconfig(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_auth_config *conf)
|
||||
{
|
||||
struct wpa_group *group;
|
||||
if (wpa_auth == NULL)
|
||||
return 0;
|
||||
|
||||
|
|
@ -460,6 +469,17 @@ int wpa_reconfig(struct wpa_authenticator *wpa_auth,
|
|||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Reinitialize GTK to make sure it is suitable for the new
|
||||
* configuration.
|
||||
*/
|
||||
group = wpa_auth->group;
|
||||
wpa_group_set_key_len(group, wpa_auth->conf.wpa_group);
|
||||
group->GInit = TRUE;
|
||||
wpa_group_sm_step(wpa_auth, group);
|
||||
group->GInit = FALSE;
|
||||
wpa_group_sm_step(wpa_auth, group);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue