[PATCH] Allow forcing group rekeying for testing purposes

Johannes Berg johannes at sipsolutions.net
Wed Oct 25 01:26:10 PDT 2017 

From: Johannes Berg <johannes.berg at intel.com>

In order to test the WoWLAN GTK rekeying KRACK mitigation,
add a REKEY_GTK command that can be used at certain points
of the test.

Signed-off-by: Johannes Berg <johannes.berg at intel.com>
---
 hostapd/ctrl_iface.c | 10 ++++++++++
 src/ap/wpa_auth.c    |  7 +++++++
 src/ap/wpa_auth.h    |  1 +
 3 files changed, 18 insertions(+)

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index af2a2821bce0..1d181405f6fd 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -2191,6 +2191,13 @@ static int hostapd_ctrl_resend_group_m1(struct hostapd_data *hapd,
 					plain ? restore_tk : NULL, hapd, sta);
 }
 
+
+static int hostapd_ctrl_rekey_gtk(struct hostapd_data *hapd)
+{
+	wpa_auth_rekey_gtk(hapd->wpa_auth);
+	return 0;
+}
+
 #endif /* CONFIG_TESTING_OPTIONS */
 
 
@@ -2922,6 +2929,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
 	} else if (os_strncmp(buf, "RESEND_GROUP_M1 ", 16) == 0) {
 		if (hostapd_ctrl_resend_group_m1(hapd, buf + 16) < 0)
 			reply_len = -1;
+	} else if (os_strcmp(buf, "REKEY_GTK") == 0) {
+		if (hostapd_ctrl_rekey_gtk(hapd) < 0)
+			reply_len = -1;
 #endif /* CONFIG_TESTING_OPTIONS */
 	} else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
 		if (hostapd_ctrl_iface_chan_switch(hapd->iface, buf + 12))
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 713bee068ac2..378bde2887f6 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -4774,4 +4774,11 @@ int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
 	return 0;
 }
 
+
+void wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth)
+{
+	eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
+	eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL);
+}
+
 #endif /* CONFIG_TESTING_OPTIONS */
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 22f33dd14103..28abd41c0b1f 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -437,5 +437,6 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
 int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
 			     void (*cb)(void *ctx1, void *ctx2),
 			     void *ctx1, void *ctx2);
+void wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth);
 
 #endif /* WPA_AUTH_H */
-- 
2.14.2

More information about the Hostap mailing list