Added support for enforcing frequent PTK rekeying

[thirdparty/hostap.git] / hostapd / config.c

diff --git a/hostapd/config.c b/hostapd/config.c
index d92296212a0830fdb2eefc1ad8b75dce1c09e9b8..d10d64f280dfe9e88d4a7b64220bd3948a833e86 100644 (file)
--- a/hostapd/config.c
+++ b/hostapd/config.c
@@ -186,6 +186,12 @@ static void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
        bss->assoc_ping_timeout = 1000;
        bss->assoc_ping_attempts = 3;
 #endif /* CONFIG_IEEE80211W */
+#ifdef EAP_FAST
+        /* both anonymous and authenticated provisioning */
+       bss->eap_fast_prov = 3;
+       bss->pac_key_lifetime = 7 * 24 * 60 * 60;
+       bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
+#endif /* EAP_FAST */
 }
 
 
@@ -1503,8 +1509,32 @@ struct hostapd_config * hostapd_config_read(const char *fname)
                                errors++;
                        }
                } else if (os_strcmp(buf, "eap_fast_a_id") == 0) {
-                       os_free(bss->eap_fast_a_id);
-                       bss->eap_fast_a_id = os_strdup(pos);
+                       size_t idlen = os_strlen(pos);
+                       if (idlen & 1) {
+                               printf("Line %d: Invalid eap_fast_a_id\n",
+                                      line);
+                               errors++;
+                       } else {
+                               os_free(bss->eap_fast_a_id);
+                               bss->eap_fast_a_id = os_malloc(idlen / 2);
+                               if (bss->eap_fast_a_id == NULL ||
+                                   hexstr2bin(pos, bss->eap_fast_a_id,
+                                              idlen / 2)) {
+                                       printf("Line %d: Failed to parse "
+                                              "eap_fast_a_id\n", line);
+                                       errors++;
+                               } else
+                                       bss->eap_fast_a_id_len = idlen / 2;
+                       }
+               } else if (os_strcmp(buf, "eap_fast_a_id_info") == 0) {
+                       os_free(bss->eap_fast_a_id_info);
+                       bss->eap_fast_a_id_info = os_strdup(pos);
+               } else if (os_strcmp(buf, "eap_fast_prov") == 0) {
+                       bss->eap_fast_prov = atoi(pos);
+               } else if (os_strcmp(buf, "pac_key_lifetime") == 0) {
+                       bss->pac_key_lifetime = atoi(pos);
+               } else if (os_strcmp(buf, "pac_key_refresh_time") == 0) {
+                       bss->pac_key_refresh_time = atoi(pos);
 #endif /* EAP_FAST */
 #ifdef EAP_SIM
                } else if (os_strcmp(buf, "eap_sim_db") == 0) {
@@ -1667,6 +1697,8 @@ struct hostapd_config * hostapd_config_read(const char *fname)
                        bss->wpa_strict_rekey = atoi(pos);
                } else if (os_strcmp(buf, "wpa_gmk_rekey") == 0) {
                        bss->wpa_gmk_rekey = atoi(pos);
+               } else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
+                       bss->wpa_ptk_rekey = atoi(pos);
                } else if (os_strcmp(buf, "wpa_passphrase") == 0) {
                        int len = os_strlen(pos);
                        if (len < 8 || len > 63) {
@@ -2152,6 +2184,7 @@ static void hostapd_config_free_bss(struct hostapd_bss_config *conf)
        os_free(conf->dh_file);
        os_free(conf->pac_opaque_encr_key);
        os_free(conf->eap_fast_a_id);
+       os_free(conf->eap_fast_a_id_info);
        os_free(conf->eap_sim_db);
        os_free(conf->radius_server_clients);
        os_free(conf->test_socket);