hostapd: Extend RESET_PN for BIGTK

Extend the RESET_PN command to allow resetting the BIGTK PN
for testing.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index ed5100fbf79c4731d03f2857cdfe95e4c2cc94d4..edc69f4703858e2d33186f904ce273b1d4996897 100644 (file)
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -2165,6 +2165,32 @@ static int hostapd_ctrl_reset_pn(struct hostapd_data *hapd, const char *cmd)
        if (hwaddr_aton(cmd, addr))
                return -1;
 
+       if (is_broadcast_ether_addr(addr) && os_strstr(cmd, " BIGTK")) {
+               if (hapd->last_bigtk_alg == WPA_ALG_NONE)
+                       return -1;
+
+               wpa_printf(MSG_INFO, "TESTING: Reset BIPN for BIGTK");
+
+               /* First, use a zero key to avoid any possible duplicate key
+                * avoidance in the driver. */
+               if (hostapd_drv_set_key(hapd->conf->iface, hapd,
+                                       hapd->last_bigtk_alg,
+                                       broadcast_ether_addr,
+                                       hapd->last_bigtk_key_idx, 0, 1, NULL, 0,
+                                       zero, hapd->last_bigtk_len,
+                                       KEY_FLAG_GROUP_TX_DEFAULT) < 0)
+                       return -1;
+
+               /* Set the previously configured key to reset its TSC */
+               return hostapd_drv_set_key(hapd->conf->iface, hapd,
+                                          hapd->last_bigtk_alg,
+                                          broadcast_ether_addr,
+                                          hapd->last_bigtk_key_idx, 0, 1, NULL,
+                                          0, hapd->last_bigtk,
+                                          hapd->last_bigtk_len,
+                                          KEY_FLAG_GROUP_TX_DEFAULT);
+       }
+
        if (is_broadcast_ether_addr(addr) && os_strstr(cmd, "IGTK")) {
                if (hapd->last_igtk_alg == WPA_ALG_NONE)
                        return -1;

diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index 597bbb43285e41f72bfd97237e89e475dd7a5339..609c84b22bad35495ac7fa48c09a64803c6a4aea 100644 (file)
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -349,6 +349,11 @@ struct hostapd_data {
        int last_igtk_key_idx;
        u8 last_igtk[WPA_IGTK_MAX_LEN];
        size_t last_igtk_len;
+
+       enum wpa_alg last_bigtk_alg;
+       int last_bigtk_key_idx;
+       u8 last_bigtk[WPA_BIGTK_MAX_LEN];
+       size_t last_bigtk_len;
 #endif /* CONFIG_TESTING_OPTIONS */
 
 #ifdef CONFIG_MBO

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 44ab8309538862bfd20984985f6810bf36ef6545..169be37ab056f92cd267ffa30554ccb2fcb0d1fc 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -457,11 +457,19 @@ static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
                   alg == WPA_ALG_BIP_GMAC_128 ||
                   alg == WPA_ALG_BIP_GMAC_256 ||
                   alg == WPA_ALG_BIP_CMAC_256) {
-               hapd->last_igtk_alg = alg;
-               hapd->last_igtk_key_idx = idx;
-               if (key)
-                       os_memcpy(hapd->last_igtk, key, key_len);
-               hapd->last_igtk_len = key_len;
+               if (idx == 4 || idx == 5) {
+                       hapd->last_igtk_alg = alg;
+                       hapd->last_igtk_key_idx = idx;
+                       if (key)
+                               os_memcpy(hapd->last_igtk, key, key_len);
+                       hapd->last_igtk_len = key_len;
+               } else if (idx == 6 || idx == 7) {
+                       hapd->last_bigtk_alg = alg;
+                       hapd->last_bigtk_key_idx = idx;
+                       if (key)
+                               os_memcpy(hapd->last_bigtk, key, key_len);
+                       hapd->last_bigtk_len = key_len;
+               }
        } else {
                hapd->last_gtk_alg = alg;
                hapd->last_gtk_key_idx = idx;