mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-24 16:28:23 -05:00
Add group_rekey parameter for IBSS
The new network profile parameter group_rekey can now be used to specify the group rekeying internal in seconds for IBSS. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
79931efa0d
commit
6c33ca9f95
@ -2005,6 +2005,7 @@ static const struct parse_data ssid_fields[] = {
|
|||||||
{ INT(dot11MeshHoldingTimeout) },
|
{ INT(dot11MeshHoldingTimeout) },
|
||||||
#endif /* CONFIG_MESH */
|
#endif /* CONFIG_MESH */
|
||||||
{ INT(wpa_ptk_rekey) },
|
{ INT(wpa_ptk_rekey) },
|
||||||
|
{ INT(group_rekey) },
|
||||||
{ STR(bgscan) },
|
{ STR(bgscan) },
|
||||||
{ INT_RANGE(ignore_broadcast_ssid, 0, 2) },
|
{ INT_RANGE(ignore_broadcast_ssid, 0, 2) },
|
||||||
#ifdef CONFIG_P2P
|
#ifdef CONFIG_P2P
|
||||||
|
@ -785,6 +785,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
|
|||||||
INT_DEF(dot11MeshHoldingTimeout, DEFAULT_MESH_HOLDING_TIMEOUT);
|
INT_DEF(dot11MeshHoldingTimeout, DEFAULT_MESH_HOLDING_TIMEOUT);
|
||||||
#endif /* CONFIG_MESH */
|
#endif /* CONFIG_MESH */
|
||||||
INT(wpa_ptk_rekey);
|
INT(wpa_ptk_rekey);
|
||||||
|
INT(group_rekey);
|
||||||
INT(ignore_broadcast_ssid);
|
INT(ignore_broadcast_ssid);
|
||||||
#ifdef CONFIG_HT_OVERRIDES
|
#ifdef CONFIG_HT_OVERRIDES
|
||||||
INT_DEF(disable_ht, DEFAULT_DISABLE_HT);
|
INT_DEF(disable_ht, DEFAULT_DISABLE_HT);
|
||||||
|
@ -486,6 +486,14 @@ struct wpa_ssid {
|
|||||||
*/
|
*/
|
||||||
int wpa_ptk_rekey;
|
int wpa_ptk_rekey;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* group_rekey - Group rekeying time in seconds
|
||||||
|
*
|
||||||
|
* This value, if non-zero, is used as the dot11RSNAConfigGroupRekeyTime
|
||||||
|
* parameter when operating in Authenticator role in IBSS.
|
||||||
|
*/
|
||||||
|
int group_rekey;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* scan_freq - Array of frequencies to scan or %NULL for all
|
* scan_freq - Array of frequencies to scan or %NULL for all
|
||||||
*
|
*
|
||||||
|
@ -933,6 +933,7 @@ static int wpa_config_write_network(HKEY hk, struct wpa_ssid *ssid, int id)
|
|||||||
#ifdef CONFIG_HS20
|
#ifdef CONFIG_HS20
|
||||||
INT(update_identifier);
|
INT(update_identifier);
|
||||||
#endif /* CONFIG_HS20 */
|
#endif /* CONFIG_HS20 */
|
||||||
|
INT(group_rekey);
|
||||||
|
|
||||||
#undef STR
|
#undef STR
|
||||||
#undef INT
|
#undef INT
|
||||||
|
@ -2417,7 +2417,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
|
|||||||
wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
|
wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
|
||||||
wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE &&
|
wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE &&
|
||||||
wpa_s->ibss_rsn == NULL) {
|
wpa_s->ibss_rsn == NULL) {
|
||||||
wpa_s->ibss_rsn = ibss_rsn_init(wpa_s);
|
wpa_s->ibss_rsn = ibss_rsn_init(wpa_s, wpa_s->current_ssid);
|
||||||
if (!wpa_s->ibss_rsn) {
|
if (!wpa_s->ibss_rsn) {
|
||||||
wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN");
|
wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN");
|
||||||
wpa_supplicant_deauthenticate(
|
wpa_supplicant_deauthenticate(
|
||||||
|
@ -404,7 +404,7 @@ static void auth_set_eapol(void *ctx, const u8 *addr,
|
|||||||
|
|
||||||
|
|
||||||
static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn,
|
static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn,
|
||||||
const u8 *own_addr)
|
const u8 *own_addr, struct wpa_ssid *ssid)
|
||||||
{
|
{
|
||||||
struct wpa_auth_config conf;
|
struct wpa_auth_config conf;
|
||||||
struct wpa_auth_callbacks cb;
|
struct wpa_auth_callbacks cb;
|
||||||
@ -418,7 +418,7 @@ static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn,
|
|||||||
conf.rsn_pairwise = WPA_CIPHER_CCMP;
|
conf.rsn_pairwise = WPA_CIPHER_CCMP;
|
||||||
conf.wpa_group = WPA_CIPHER_CCMP;
|
conf.wpa_group = WPA_CIPHER_CCMP;
|
||||||
conf.eapol_version = 2;
|
conf.eapol_version = 2;
|
||||||
conf.wpa_group_rekey = 600;
|
conf.wpa_group_rekey = ssid->group_rekey ? ssid->group_rekey : 600;
|
||||||
|
|
||||||
os_memset(&cb, 0, sizeof(cb));
|
os_memset(&cb, 0, sizeof(cb));
|
||||||
cb.ctx = ibss_rsn;
|
cb.ctx = ibss_rsn;
|
||||||
@ -665,7 +665,8 @@ void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s)
|
struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s,
|
||||||
|
struct wpa_ssid *ssid)
|
||||||
{
|
{
|
||||||
struct ibss_rsn *ibss_rsn;
|
struct ibss_rsn *ibss_rsn;
|
||||||
|
|
||||||
@ -674,7 +675,7 @@ struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s)
|
|||||||
return NULL;
|
return NULL;
|
||||||
ibss_rsn->wpa_s = wpa_s;
|
ibss_rsn->wpa_s = wpa_s;
|
||||||
|
|
||||||
if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr) < 0) {
|
if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr, ssid) < 0) {
|
||||||
ibss_rsn_deinit(ibss_rsn);
|
ibss_rsn_deinit(ibss_rsn);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -51,7 +51,8 @@ struct ibss_rsn {
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s);
|
struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s,
|
||||||
|
struct wpa_ssid *ssid);
|
||||||
void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn);
|
void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn);
|
||||||
int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr);
|
int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr);
|
||||||
void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac);
|
void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac);
|
||||||
|
@ -896,6 +896,10 @@ fast_reauth=1
|
|||||||
# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to
|
# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to
|
||||||
# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.
|
# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.
|
||||||
#
|
#
|
||||||
|
# group_rekey: Group rekeying time in seconds. This value, if non-zero, is used
|
||||||
|
# as the dot11RSNAConfigGroupRekeyTime parameter when operating in
|
||||||
|
# Authenticator role in IBSS.
|
||||||
|
#
|
||||||
# Following fields are only used with internal EAP implementation.
|
# Following fields are only used with internal EAP implementation.
|
||||||
# eap: space-separated list of accepted EAP methods
|
# eap: space-separated list of accepted EAP methods
|
||||||
# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
|
# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
|
||||||
|
Loading…
Reference in New Issue
Block a user