aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2005-06-24 03:48:50 (GMT)
committerJouni Malinen <j@w1.fi>2005-06-24 03:48:50 (GMT)
commit848a611ab249f5432d583321bef5b70ab20db488 (patch)
tree75f8a345a6fdce0d1cfaf3062a7f50503edf3e61
parent7b8a59241a140e16307accd1378c9546407d7d64 (diff)
downloadhostap-history-848a611ab249f5432d583321bef5b70ab20db488.zip
hostap-history-848a611ab249f5432d583321bef5b70ab20db488.tar.gz
hostap-history-848a611ab249f5432d583321bef5b70ab20db488.tar.bz2
Request reauthentication if dot11RSNAConfigPMKReauthThreshold percent
of the PMK lifetime has passed.
-rw-r--r--wpa_supplicant/eapol_sm.c15
-rw-r--r--wpa_supplicant/eapol_sm.h4
-rw-r--r--wpa_supplicant/preauth.c26
-rw-r--r--wpa_supplicant/wpa.c1
-rw-r--r--wpa_supplicant/wpa_i.h2
5 files changed, 47 insertions, 1 deletions
diff --git a/wpa_supplicant/eapol_sm.c b/wpa_supplicant/eapol_sm.c
index 969d554..7651716 100644
--- a/wpa_supplicant/eapol_sm.c
+++ b/wpa_supplicant/eapol_sm.c
@@ -1428,6 +1428,21 @@ void eapol_sm_notify_ctrl_response(struct eapol_sm *sm)
}
+/**
+ * eapol_sm_request_reauth - Request reauthentication
+ * @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ *
+ * This function can be used to request EAPOL reauthentication, e.g., when the
+ * current PMKSA entry is nearing expiration.
+ */
+void eapol_sm_request_reauth(struct eapol_sm *sm)
+{
+ if (sm == NULL || sm->SUPP_PAE_state != SUPP_PAE_AUTHENTICATED)
+ return;
+ eapol_sm_txStart(sm);
+}
+
+
static struct wpa_ssid * eapol_sm_get_config(void *ctx)
{
struct eapol_sm *sm = ctx;
diff --git a/wpa_supplicant/eapol_sm.h b/wpa_supplicant/eapol_sm.h
index 7717d9b..e0fcea0 100644
--- a/wpa_supplicant/eapol_sm.h
+++ b/wpa_supplicant/eapol_sm.h
@@ -77,6 +77,7 @@ void eapol_sm_register_scard_ctx(struct eapol_sm *sm, void *ctx);
void eapol_sm_notify_portControl(struct eapol_sm *sm, PortControl portControl);
void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm);
void eapol_sm_notify_ctrl_response(struct eapol_sm *sm);
+void eapol_sm_request_reauth(struct eapol_sm *sm);
#else /* IEEE8021X_EAPOL */
static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
{
@@ -153,6 +154,9 @@ static inline void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm)
static inline void eapol_sm_notify_ctrl_response(struct eapol_sm *sm)
{
}
+static inline void eapol_sm_request_reauth(struct eapol_sm *sm)
+{
+}
#endif /* IEEE8021X_EAPOL */
#endif /* EAPOL_SM_H */
diff --git a/wpa_supplicant/preauth.c b/wpa_supplicant/preauth.c
index 796194c..c07e9bd 100644
--- a/wpa_supplicant/preauth.c
+++ b/wpa_supplicant/preauth.c
@@ -114,16 +114,36 @@ static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
}
+static void pmksa_cache_reauth(void *eloop_ctx, void *timeout_ctx)
+{
+ struct wpa_sm *sm = eloop_ctx;
+ struct wpa_supplicant *wpa_s = sm->ctx;
+ eapol_sm_request_reauth(wpa_s->eapol);
+}
+
+
static void pmksa_cache_set_expiration(struct wpa_sm *sm)
{
int sec;
+ struct rsn_pmksa_cache *entry;
+
eloop_cancel_timeout(pmksa_cache_expire, sm, NULL);
+ eloop_cancel_timeout(pmksa_cache_reauth, sm, NULL);
if (sm->pmksa == NULL)
return;
sec = sm->pmksa->expiration - time(NULL);
if (sec < 0)
sec = 0;
eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, sm, NULL);
+
+ entry = sm->cur_pmksa ? sm->cur_pmksa :
+ pmksa_cache_get(sm, sm->bssid, NULL);
+ if (entry) {
+ sec = sm->pmksa->reauth_time - time(NULL);
+ if (sec < 0)
+ sec = 0;
+ eloop_register_timeout(sec, 0, pmksa_cache_reauth, sm, NULL);
+ }
}
@@ -149,6 +169,7 @@ pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk,
{
struct rsn_pmksa_cache *entry, *pos, *prev;
struct wpa_supplicant *wpa_s = sm->ctx;
+ time_t now;
if (wpa_s->proto != WPA_PROTO_RSN || pmk_len > PMK_LEN)
return NULL;
@@ -160,7 +181,10 @@ pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk,
memcpy(entry->pmk, pmk, pmk_len);
entry->pmk_len = pmk_len;
rsn_pmkid(pmk, aa, spa, entry->pmkid);
- entry->expiration = time(NULL) + sm->dot11RSNAConfigPMKLifetime;
+ now = time(NULL);
+ entry->expiration = now + sm->dot11RSNAConfigPMKLifetime;
+ entry->reauth_time = now + sm->dot11RSNAConfigPMKLifetime *
+ sm->dot11RSNAConfigPMKReauthThreshold / 100;
entry->akmp = WPA_KEY_MGMT_IEEE8021X;
memcpy(entry->aa, aa, ETH_ALEN);
entry->ssid = ssid;
diff --git a/wpa_supplicant/wpa.c b/wpa_supplicant/wpa.c
index dec4b66..92277b1 100644
--- a/wpa_supplicant/wpa.c
+++ b/wpa_supplicant/wpa.c
@@ -2179,6 +2179,7 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
return;
wpa_printf(MSG_DEBUG, "WPA: Association event - clear replay counter");
+ memcpy(sm->bssid, bssid, ETH_ALEN);
memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
sm->rx_replay_counter_set = 0;
sm->renew_snonce = 1;
diff --git a/wpa_supplicant/wpa_i.h b/wpa_supplicant/wpa_i.h
index c282fe4..4f1eccb 100644
--- a/wpa_supplicant/wpa_i.h
+++ b/wpa_supplicant/wpa_i.h
@@ -38,6 +38,7 @@ struct rsn_pmksa_cache {
u8 pmk[PMK_LEN];
size_t pmk_len;
time_t expiration;
+ time_t reauth_time;
int akmp; /* WPA_KEY_MGMT_* */
u8 aa[ETH_ALEN];
struct wpa_ssid *ssid;
@@ -79,6 +80,7 @@ struct wpa_sm {
u8 own_addr[ETH_ALEN];
const char *ifname;
+ u8 bssid[ETH_ALEN];
unsigned int dot11RSNAConfigPMKLifetime;
unsigned int dot11RSNAConfigPMKReauthThreshold;