aboutsummaryrefslogtreecommitdiffstats
path: root/src/common
diff options
context:
space:
mode:
authorAlexander Wetzel <alexander@wetzel-home.de>2020-01-10 22:19:08 (GMT)
committerJouni Malinen <j@w1.fi>2020-02-23 10:22:49 (GMT)
commit1a7963e36fa67b865fd1486ce863e612e6b6a052 (patch)
treed59c96ec051a074ac2156ba0414d6942286d8004 /src/common
parent35da7c20acec5d0c447d2f3eb219f4fb2a2683d9 (diff)
downloadhostap-1a7963e36fa67b865fd1486ce863e612e6b6a052.zip
hostap-1a7963e36fa67b865fd1486ce863e612e6b6a052.tar.gz
hostap-1a7963e36fa67b865fd1486ce863e612e6b6a052.tar.bz2
AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new hostapd configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with disconnection. This requires the station to reassociate to get connected again and as such, can result in connectivity issues as well. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Diffstat (limited to 'src/common')
-rw-r--r--src/common/defs.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/common/defs.h b/src/common/defs.h
index 5e22278..1e21ec2 100644
--- a/src/common/defs.h
+++ b/src/common/defs.h
@@ -445,4 +445,10 @@ enum key_flag {
KEY_FLAG_MODIFY,
};
+enum ptk0_rekey_handling {
+ PTK0_REKEY_ALLOW_ALWAYS,
+ PTK0_REKEY_ALLOW_LOCAL_OK,
+ PTK0_REKEY_ALLOW_NEVER
+};
+
#endif /* DEFS_H */