nl80211: Support GTK rekey offload

Add support to wpa_supplicant for device-based GTK rekeying. In order to support that, pass the KEK, KCK, and replay counter to the driver, and handle rekey events that update the latter. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-12 21:22:51 +03:00 · 2011-07-12 21:22:51 +03:00 · b14a210ce2
commit b14a210ce2
parent 7aec3776b9
8 changed files with 170 additions and 1 deletions
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@ -1174,6 +1174,8 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
 		goto failed;
 	}

+	wpa_sm_set_rekey_offload(sm);
+
 	return;

 failed:
@ -1392,6 +1394,8 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
 			MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
 		wpa_sm_cancel_auth_timeout(sm);
 		wpa_sm_set_state(sm, WPA_COMPLETED);
+
+		wpa_sm_set_rekey_offload(sm);
 	} else {
 		wpa_supplicant_key_neg_complete(sm, sm->bssid,
 						key_info &
@ -2644,3 +2648,9 @@ int wpa_sm_has_ptk(struct wpa_sm *sm)
 		return 0;
 	return sm->ptk_set;
 }
+
+
+void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
+{
+	os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
+}
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@ -61,6 +61,8 @@ struct wpa_sm_ctx {
 			      u16 status_code, const u8 *buf, size_t len);
 	int (*tdls_oper)(void *ctx, int oper, const u8 *peer);
 #endif /* CONFIG_TDLS */
+	void (*set_rekey_offload)(void *ctx, const u8 *kek, const u8 *kck,
+				  const u8 *replay_ctr);
 };


@ -132,6 +134,8 @@ int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len);
 void wpa_sm_drop_sa(struct wpa_sm *sm);
 int wpa_sm_has_ptk(struct wpa_sm *sm);

+void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr);
+
 #else /* CONFIG_NO_WPA */

 static inline struct wpa_sm * wpa_sm_init(struct wpa_sm_ctx *ctx)
@ -277,6 +281,11 @@ static inline int wpa_sm_has_ptk(struct wpa_sm *sm)
 	return 0;
 }

+static inline void wpa_sm_update_replay_ctr(struct wpa_sm *sm,
+					    const u8 *replay_ctr)
+{
+}
+
 #endif /* CONFIG_NO_WPA */

 #ifdef CONFIG_PEERKEY
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@ -244,6 +244,14 @@ static inline int wpa_sm_mark_authenticated(struct wpa_sm *sm,
 	return -1;
 }

+static inline void wpa_sm_set_rekey_offload(struct wpa_sm *sm)
+{
+	if (!sm->ctx->set_rekey_offload)
+		return;
+	sm->ctx->set_rekey_offload(sm->ctx->ctx, sm->ptk.kek,
+				   sm->ptk.kck, sm->rx_replay_counter);
+}
+
 #ifdef CONFIG_TDLS
 static inline int wpa_sm_send_tdls_mgmt(struct wpa_sm *sm, const u8 *dst,
 					u8 action_code, u8 dialog_token,