Add a new configuration option ft_r0_key_lifetime that
deprecates ft_key_lifetime.
Though, the old configuration is still accepted.
This simplifies testing. All other items are seconds as well.
Signed-off-by: Michael Braun <michael-dev@xxxxxxxxxxxxx>
---
hostapd/config_file.c | 2 ++
hostapd/hostapd.conf | 6 +++---
src/ap/ap_config.c | 2 +-
src/ap/wpa_auth.c | 2 +-
src/ap/wpa_auth_ft.c | 4 ++--
5 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 1b491b4..5ce57cf 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2638,6 +2638,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
return 1;
}
} else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
+ bss->r0_key_lifetime = atoi(pos) * 60;
+ } else if (os_strcmp(buf, "ft_r0_key_lifetime") == 0) {
bss->r0_key_lifetime = atoi(pos);
} else if (os_strcmp(buf, "r1_max_key_lifetime") == 0) {
bss->r1_max_key_lifetime = atoi(pos);
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index e4568e4..c4911c8 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1438,10 +1438,10 @@ own_ip_addr=127.0.0.1
# 1 to 48 octet identifier.
# This is configured with nas_identifier (see RADIUS client section above).
-# Default lifetime of the PMK-RO in minutes; range 1..65535
-# (default: 60 minutes; 0 = disable timeout)
+# Default lifetime of the PMK-RO in seconds; range 60..4294967295
+# (default: 14 days / 1209600 seconds; 0 = disable timeout)
# (dot11FTR0KeyLifetime)
-#r0_key_lifetime=10000
+#ft_r0_key_lifetime=10000
# maximum lifetime for PMK-R1; applied only if != 0
# PMK-R1 is removed at least after this limit.
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index d9e87ec..3ef655d 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -97,7 +97,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
bss->rkh_neg_timeout = 60;
bss->rkh_pull_timeout = 1000;
bss->rkh_pull_retries = 4;
- bss->r0_key_lifetime = 60; /* same as eap_reauth_period */
+ bss->r0_key_lifetime = 1209600;
#endif /* CONFIG_IEEE80211R_AP */
bss->radius_das_time_window = 300;
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index d409fe7..601a6d5 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2984,7 +2984,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
*pos++ = WLAN_EID_TIMEOUT_INTERVAL;
*pos++ = 5;
*pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
- WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
+ WPA_PUT_LE32(pos, conf->r0_key_lifetime);
pos += 4;
}
#endif /* CONFIG_IEEE80211R_AP */
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index dea60e8..90587d0 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -1959,7 +1959,7 @@ static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm,
int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm,
const u8 *pmk_r0, const u8 *pmk_r0_name)
{
- int expires_in = sm->wpa_auth->conf.r0_key_lifetime * 60;
+ int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
struct vlan_description vlan;
const u8 *identity, *radius_cui;
int identity_len, radius_cui_len;
@@ -1995,7 +1995,7 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, const u8 *pmk,
const u8 *ssid = sm->wpa_auth->conf.ssid;
size_t ssid_len = sm->wpa_auth->conf.ssid_len;
int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
- int expires_in = sm->wpa_auth->conf.r0_key_lifetime * 60;
+ int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
struct vlan_description vlan;
const u8 *identity, *radius_cui;
int identity_len, radius_cui_len;
--
2.1.4
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
