Allow forcing group rekeying for testing purposes

In order to test the WoWLAN GTK rekeying KRACK mitigation, add a REKEY_GTK hostapd control interface command that can be used at certain points of the test. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-10-25 10:26:10 +02:00 · 2017-10-25 10:26:10 +02:00 · 92662fb281
commit 92662fb281
parent 7d1ebdec18
3 changed files with 13 additions and 0 deletions
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@ -2922,6 +2922,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
 	} else if (os_strncmp(buf, "RESEND_GROUP_M1 ", 16) == 0) {
 		if (hostapd_ctrl_resend_group_m1(hapd, buf + 16) < 0)
 			reply_len = -1;
+	} else if (os_strcmp(buf, "REKEY_GTK") == 0) {
+		if (wpa_auth_rekey_gtk(hapd->wpa_auth) < 0)
+			reply_len = -1;
 #endif /* CONFIG_TESTING_OPTIONS */
 	} else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
 		if (hostapd_ctrl_iface_chan_switch(hapd->iface, buf + 12))
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -4773,4 +4773,13 @@ int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
 	return 0;
 }

+
+int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth)
+{
+	if (!wpa_auth)
+		return -1;
+	eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
+	return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL);
+}
+
 #endif /* CONFIG_TESTING_OPTIONS */
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@ -437,5 +437,6 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
 int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
 			     void (*cb)(void *ctx1, void *ctx2),
 			     void *ctx1, void *ctx2);
+int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth);

 #endif /* WPA_AUTH_H */