AP: Reorder WPA/Beacon initialization

Split WPA initialization into two parts so that the Beacon frames can be
configured fully before the initial keys (GTK/IGTK) are configured. This
makes it easier for drivers that depend on the AP security mode being
fully set before the keys are configured.

diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index f00a5446e0a6912eaf1435a71d7ddb58dcfe988d..4dad78a3c7635e9aa6f22f5bd5fba6629972908f 100644 (file)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -61,9 +61,11 @@ static void hostapd_reload_bss(struct hostapd_data *hapd)
        else
                hostapd_set_drv_ieee8021x(hapd, hapd->conf->iface, 0);
 
-       if (hapd->conf->wpa && hapd->wpa_auth == NULL)
+       if (hapd->conf->wpa && hapd->wpa_auth == NULL) {
                hostapd_setup_wpa(hapd);
-       else if (hapd->conf->wpa) {
+               if (hapd->wpa_auth)
+                       wpa_init_keys(hapd->wpa_auth);
+       } else if (hapd->conf->wpa) {
                const u8 *wpa_ie;
                size_t wpa_ie_len;
                hostapd_reconfig_wpa(hapd);
@@ -639,6 +641,9 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
 
        ieee802_11_set_beacon(hapd);
 
+       if (hapd->wpa_auth && wpa_init_keys(hapd->wpa_auth) < 0)
+               return -1;
+
        if (hapd->driver && hapd->driver->set_operstate)
                hapd->driver->set_operstate(hapd->drv_priv, 1);
 

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 3fbb88b93544de008e0d02330f65694ed205202d..e63ee906fb5992e76b6c1f2e12970a18928aca7d 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -332,7 +332,7 @@ static int wpa_group_init_gmk_and_counter(struct wpa_authenticator *wpa_auth,
 
 
 static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
-                                        int vlan_id)
+                                        int vlan_id, int delay_init)
 {
        struct wpa_group *group;
 
@@ -365,9 +365,15 @@ static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
        }
 
        group->GInit = TRUE;
-       wpa_group_sm_step(wpa_auth, group);
-       group->GInit = FALSE;
-       wpa_group_sm_step(wpa_auth, group);
+       if (delay_init) {
+               wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start "
+                          "until Beacon frames have been configured");
+               /* Initialization is completed in wpa_init_keys(). */
+       } else {
+               wpa_group_sm_step(wpa_auth, group);
+               group->GInit = FALSE;
+               wpa_group_sm_step(wpa_auth, group);
+       }
 
        return group;
 }
@@ -399,7 +405,7 @@ struct wpa_authenticator * wpa_init(const u8 *addr,
                return NULL;
        }
 
-       wpa_auth->group = wpa_group_init(wpa_auth, 0);
+       wpa_auth->group = wpa_group_init(wpa_auth, 0, 1);
        if (wpa_auth->group == NULL) {
                os_free(wpa_auth->wpa_ie);
                os_free(wpa_auth);
@@ -440,6 +446,19 @@ struct wpa_authenticator * wpa_init(const u8 *addr,
 }
 
 
+int wpa_init_keys(struct wpa_authenticator *wpa_auth)
+{
+       struct wpa_group *group = wpa_auth->group;
+
+       wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial "
+                  "keys");
+       wpa_group_sm_step(wpa_auth, group);
+       group->GInit = FALSE;
+       wpa_group_sm_step(wpa_auth, group);
+       return 0;
+}
+
+
 /**
  * wpa_deinit - Deinitialize WPA authenticator
  * @wpa_auth: Pointer to WPA authenticator data from wpa_init()
@@ -2767,7 +2786,7 @@ wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id)
 
        wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d",
                   vlan_id);
-       group = wpa_group_init(wpa_auth, vlan_id);
+       group = wpa_group_init(wpa_auth, vlan_id, 0);
        if (group == NULL)
                return NULL;
 

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index e533a140a4e60b617e4beef9b9b357955929ea2b..ce2751e63c93cb759d76eb1f7148bf8059af332b 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -208,6 +208,7 @@ struct wpa_auth_callbacks {
 struct wpa_authenticator * wpa_init(const u8 *addr,
                                    struct wpa_auth_config *conf,
                                    struct wpa_auth_callbacks *cb);
+int wpa_init_keys(struct wpa_authenticator *wpa_auth);
 void wpa_deinit(struct wpa_authenticator *wpa_auth);
 int wpa_reconfig(struct wpa_authenticator *wpa_auth,
                 struct wpa_auth_config *conf);