FT: Convert r0_key_lifetime to seconds

Add a new configuration option ft_r0_key_lifetime that deprecates
r0_key_lifetime. Though, the old configuration is still accepted for
backwards compatibility.

This simplifies testing. All other items are in seconds as well. In
addition, this makes dot11FTR0KeyLifetime comment match with what got
standardized in the end in IEEE Std 802.11r-2008.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This commit is contained in:
Michael Braun 2017-05-18 15:21:50 +02:00 committed by Jouni Malinen
parent ee2c6bb5e5
commit 83fe4bd3bf
6 changed files with 11 additions and 6 deletions

View File

@ -2744,6 +2744,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
return 1; return 1;
} }
} else if (os_strcmp(buf, "r0_key_lifetime") == 0) { } else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
/* DEPRECATED: Use ft_r0_key_lifetime instead. */
bss->r0_key_lifetime = atoi(pos) * 60;
} else if (os_strcmp(buf, "ft_r0_key_lifetime") == 0) {
bss->r0_key_lifetime = atoi(pos); bss->r0_key_lifetime = atoi(pos);
} else if (os_strcmp(buf, "reassociation_deadline") == 0) { } else if (os_strcmp(buf, "reassociation_deadline") == 0) {
bss->reassociation_deadline = atoi(pos); bss->reassociation_deadline = atoi(pos);

View File

@ -1524,9 +1524,10 @@ own_ip_addr=127.0.0.1
# 1 to 48 octet identifier. # 1 to 48 octet identifier.
# This is configured with nas_identifier (see RADIUS client section above). # This is configured with nas_identifier (see RADIUS client section above).
# Default lifetime of the PMK-RO in minutes; range 1..65535 # Default lifetime of the PMK-R0 in seconds; range 60..4294967295
# (default: 14 days / 1209600 seconds; 0 = disable timeout)
# (dot11FTR0KeyLifetime) # (dot11FTR0KeyLifetime)
#r0_key_lifetime=10000 #ft_r0_key_lifetime=1209600
# PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID) # PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID)
# 6-octet identifier as a hex string. # 6-octet identifier as a hex string.

View File

@ -103,6 +103,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
bss->rkh_neg_timeout = 60; bss->rkh_neg_timeout = 60;
bss->rkh_pull_timeout = 1000; bss->rkh_pull_timeout = 1000;
bss->rkh_pull_retries = 4; bss->rkh_pull_retries = 4;
bss->r0_key_lifetime = 1209600;
#endif /* CONFIG_IEEE80211R_AP */ #endif /* CONFIG_IEEE80211R_AP */
bss->radius_das_time_window = 300; bss->radius_das_time_window = 300;

View File

@ -350,7 +350,7 @@ struct hostapd_bss_config {
/* IEEE 802.11r - Fast BSS Transition */ /* IEEE 802.11r - Fast BSS Transition */
u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
u8 r1_key_holder[FT_R1KH_ID_LEN]; u8 r1_key_holder[FT_R1KH_ID_LEN];
u32 r0_key_lifetime; u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
int rkh_pos_timeout; int rkh_pos_timeout;
int rkh_neg_timeout; int rkh_neg_timeout;
int rkh_pull_timeout; /* ms */ int rkh_pull_timeout; /* ms */

View File

@ -3028,7 +3028,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
*pos++ = WLAN_EID_TIMEOUT_INTERVAL; *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
*pos++ = 5; *pos++ = 5;
*pos++ = WLAN_TIMEOUT_KEY_LIFETIME; *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); WPA_PUT_LE32(pos, conf->r0_key_lifetime);
pos += 4; pos += 4;
} }
#endif /* CONFIG_IEEE80211R_AP */ #endif /* CONFIG_IEEE80211R_AP */
@ -4727,7 +4727,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
*pos++ = WLAN_EID_TIMEOUT_INTERVAL; *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
*pos++ = 5; *pos++ = 5;
*pos++ = WLAN_TIMEOUT_KEY_LIFETIME; *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60); WPA_PUT_LE32(pos, conf->r0_key_lifetime);
pos += 4; pos += 4;
} }
#endif /* CONFIG_IEEE80211R_AP */ #endif /* CONFIG_IEEE80211R_AP */

View File

@ -186,7 +186,7 @@ struct wpa_auth_config {
u8 r0_key_holder[FT_R0KH_ID_MAX_LEN]; u8 r0_key_holder[FT_R0KH_ID_MAX_LEN];
size_t r0_key_holder_len; size_t r0_key_holder_len;
u8 r1_key_holder[FT_R1KH_ID_LEN]; u8 r1_key_holder[FT_R1KH_ID_LEN];
u32 r0_key_lifetime; u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
int rkh_pos_timeout; int rkh_pos_timeout;
int rkh_neg_timeout; int rkh_neg_timeout;
int rkh_pull_timeout; /* ms */ int rkh_pull_timeout; /* ms */