Add group_rekey parameter for IBSS

The new network profile parameter group_rekey can now be used to specify
the group rekeying internal in seconds for IBSS.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2016-08-13 16:22:53 +03:00
parent 79931efa0d
commit 6c33ca9f95
8 changed files with 23 additions and 6 deletions

View File

@ -2005,6 +2005,7 @@ static const struct parse_data ssid_fields[] = {
{ INT(dot11MeshHoldingTimeout) }, { INT(dot11MeshHoldingTimeout) },
#endif /* CONFIG_MESH */ #endif /* CONFIG_MESH */
{ INT(wpa_ptk_rekey) }, { INT(wpa_ptk_rekey) },
{ INT(group_rekey) },
{ STR(bgscan) }, { STR(bgscan) },
{ INT_RANGE(ignore_broadcast_ssid, 0, 2) }, { INT_RANGE(ignore_broadcast_ssid, 0, 2) },
#ifdef CONFIG_P2P #ifdef CONFIG_P2P

View File

@ -785,6 +785,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
INT_DEF(dot11MeshHoldingTimeout, DEFAULT_MESH_HOLDING_TIMEOUT); INT_DEF(dot11MeshHoldingTimeout, DEFAULT_MESH_HOLDING_TIMEOUT);
#endif /* CONFIG_MESH */ #endif /* CONFIG_MESH */
INT(wpa_ptk_rekey); INT(wpa_ptk_rekey);
INT(group_rekey);
INT(ignore_broadcast_ssid); INT(ignore_broadcast_ssid);
#ifdef CONFIG_HT_OVERRIDES #ifdef CONFIG_HT_OVERRIDES
INT_DEF(disable_ht, DEFAULT_DISABLE_HT); INT_DEF(disable_ht, DEFAULT_DISABLE_HT);

View File

@ -486,6 +486,14 @@ struct wpa_ssid {
*/ */
int wpa_ptk_rekey; int wpa_ptk_rekey;
/**
* group_rekey - Group rekeying time in seconds
*
* This value, if non-zero, is used as the dot11RSNAConfigGroupRekeyTime
* parameter when operating in Authenticator role in IBSS.
*/
int group_rekey;
/** /**
* scan_freq - Array of frequencies to scan or %NULL for all * scan_freq - Array of frequencies to scan or %NULL for all
* *

View File

@ -933,6 +933,7 @@ static int wpa_config_write_network(HKEY hk, struct wpa_ssid *ssid, int id)
#ifdef CONFIG_HS20 #ifdef CONFIG_HS20
INT(update_identifier); INT(update_identifier);
#endif /* CONFIG_HS20 */ #endif /* CONFIG_HS20 */
INT(group_rekey);
#undef STR #undef STR
#undef INT #undef INT

View File

@ -2417,7 +2417,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
wpa_s->key_mgmt != WPA_KEY_MGMT_NONE && wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE && wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE &&
wpa_s->ibss_rsn == NULL) { wpa_s->ibss_rsn == NULL) {
wpa_s->ibss_rsn = ibss_rsn_init(wpa_s); wpa_s->ibss_rsn = ibss_rsn_init(wpa_s, wpa_s->current_ssid);
if (!wpa_s->ibss_rsn) { if (!wpa_s->ibss_rsn) {
wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN"); wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN");
wpa_supplicant_deauthenticate( wpa_supplicant_deauthenticate(

View File

@ -404,7 +404,7 @@ static void auth_set_eapol(void *ctx, const u8 *addr,
static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn, static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn,
const u8 *own_addr) const u8 *own_addr, struct wpa_ssid *ssid)
{ {
struct wpa_auth_config conf; struct wpa_auth_config conf;
struct wpa_auth_callbacks cb; struct wpa_auth_callbacks cb;
@ -418,7 +418,7 @@ static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn,
conf.rsn_pairwise = WPA_CIPHER_CCMP; conf.rsn_pairwise = WPA_CIPHER_CCMP;
conf.wpa_group = WPA_CIPHER_CCMP; conf.wpa_group = WPA_CIPHER_CCMP;
conf.eapol_version = 2; conf.eapol_version = 2;
conf.wpa_group_rekey = 600; conf.wpa_group_rekey = ssid->group_rekey ? ssid->group_rekey : 600;
os_memset(&cb, 0, sizeof(cb)); os_memset(&cb, 0, sizeof(cb));
cb.ctx = ibss_rsn; cb.ctx = ibss_rsn;
@ -665,7 +665,8 @@ void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac)
} }
struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s) struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{ {
struct ibss_rsn *ibss_rsn; struct ibss_rsn *ibss_rsn;
@ -674,7 +675,7 @@ struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s)
return NULL; return NULL;
ibss_rsn->wpa_s = wpa_s; ibss_rsn->wpa_s = wpa_s;
if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr) < 0) { if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr, ssid) < 0) {
ibss_rsn_deinit(ibss_rsn); ibss_rsn_deinit(ibss_rsn);
return NULL; return NULL;
} }

View File

@ -51,7 +51,8 @@ struct ibss_rsn {
}; };
struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s); struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid);
void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn); void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn);
int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr); int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr);
void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac); void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac);

View File

@ -896,6 +896,10 @@ fast_reauth=1
# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to # wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to
# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies. # enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.
# #
# group_rekey: Group rekeying time in seconds. This value, if non-zero, is used
# as the dot11RSNAConfigGroupRekeyTime parameter when operating in
# Authenticator role in IBSS.
#
# Following fields are only used with internal EAP implementation. # Following fields are only used with internal EAP implementation.
# eap: space-separated list of accepted EAP methods # eap: space-separated list of accepted EAP methods
# MD5 = EAP-MD5 (unsecure and does not generate keying material -> # MD5 = EAP-MD5 (unsecure and does not generate keying material ->