FT: Convert r0_key_lifetime to seconds

Add a new configuration option ft_r0_key_lifetime that deprecates
r0_key_lifetime. Though, the old configuration is still accepted for
backwards compatibility.

This simplifies testing. All other items are in seconds as well. In
addition, this makes dot11FTR0KeyLifetime comment match with what got
standardized in the end in IEEE Std 802.11r-2008.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 409d6cebf651e9be1bc119a2e1235f89388f8866..5f957a0b5258a3fd8b73f0889fd7ae072256f3a5 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2744,6 +2744,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
                        return 1;
                }
        } else if (os_strcmp(buf, "r0_key_lifetime") == 0) {
+               /* DEPRECATED: Use ft_r0_key_lifetime instead. */
+               bss->r0_key_lifetime = atoi(pos) * 60;
+       } else if (os_strcmp(buf, "ft_r0_key_lifetime") == 0) {
                bss->r0_key_lifetime = atoi(pos);
        } else if (os_strcmp(buf, "reassociation_deadline") == 0) {
                bss->reassociation_deadline = atoi(pos);

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 0843a40e380b9d67a5ab3ac9a9055d326a02bf82..a15d990d16c997a2dca28a886ac3a09e8290e856 100644 (file)
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1524,9 +1524,10 @@ own_ip_addr=127.0.0.1
 # 1 to 48 octet identifier.
 # This is configured with nas_identifier (see RADIUS client section above).
 
-# Default lifetime of the PMK-RO in minutes; range 1..65535
+# Default lifetime of the PMK-R0 in seconds; range 60..4294967295
+# (default: 14 days / 1209600 seconds; 0 = disable timeout)
 # (dot11FTR0KeyLifetime)
-#r0_key_lifetime=10000
+#ft_r0_key_lifetime=1209600
 
 # PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID)
 # 6-octet identifier as a hex string.

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index dcc5ca60fb831b70916f9cf38e0ac9e9a8e96cd0..ad070c3d6bf614ba58d92678e68e901b7cb9dbda 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -103,6 +103,7 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
        bss->rkh_neg_timeout = 60;
        bss->rkh_pull_timeout = 1000;
        bss->rkh_pull_retries = 4;
+       bss->r0_key_lifetime = 1209600;
 #endif /* CONFIG_IEEE80211R_AP */
 
        bss->radius_das_time_window = 300;

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 77812ba93c12ad794912fa4c72dae0432bfd9f62..58a63f902dfadd8f2a05ca5fd4e5a01a4ef24ce0 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -350,7 +350,7 @@ struct hostapd_bss_config {
        /* IEEE 802.11r - Fast BSS Transition */
        u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
        u8 r1_key_holder[FT_R1KH_ID_LEN];
-       u32 r0_key_lifetime;
+       u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
        int rkh_pos_timeout;
        int rkh_neg_timeout;
        int rkh_pull_timeout; /* ms */

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index e0eae4a7124346538e8e3882fd802039bbb4c287..76d4b5f80a982ff2235d73cbb93145fd1e564158 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -3028,7 +3028,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
                *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
                *pos++ = 5;
                *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
-               WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
+               WPA_PUT_LE32(pos, conf->r0_key_lifetime);
                pos += 4;
        }
 #endif /* CONFIG_IEEE80211R_AP */
@@ -4727,7 +4727,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
                *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
                *pos++ = 5;
                *pos++ = WLAN_TIMEOUT_KEY_LIFETIME;
-               WPA_PUT_LE32(pos, conf->r0_key_lifetime * 60);
+               WPA_PUT_LE32(pos, conf->r0_key_lifetime);
                pos += 4;
        }
 #endif /* CONFIG_IEEE80211R_AP */

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 6b1887bdc0a79945f218d017f0a1e5896e249ae0..dd106f410993510c875371df6d3140c9e403c2d7 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -186,7 +186,7 @@ struct wpa_auth_config {
        u8 r0_key_holder[FT_R0KH_ID_MAX_LEN];
        size_t r0_key_holder_len;
        u8 r1_key_holder[FT_R1KH_ID_LEN];
-       u32 r0_key_lifetime;
+       u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
        int rkh_pos_timeout;
        int rkh_neg_timeout;
        int rkh_pull_timeout; /* ms */