diff --git a/components/esp_wifi/include/esp_wifi_types_generic.h b/components/esp_wifi/include/esp_wifi_types_generic.h index 8cf8d0de49..cabb434a39 100644 --- a/components/esp_wifi/include/esp_wifi_types_generic.h +++ b/components/esp_wifi/include/esp_wifi_types_generic.h @@ -539,6 +539,7 @@ typedef struct { uint8_t transition_disable; /**< Whether to enable transition disable feature */ uint8_t sae_ext; /**< Enable SAE EXT feature. SOC_GCMP_SUPPORT is required for this feature. */ wifi_bss_max_idle_config_t bss_max_idle_cfg; /**< Configuration for bss max idle, effective if CONFIG_WIFI_BSS_MAX_IDLE_SUPPORT is enabled */ + uint16_t gtk_rekey_interval; /**< GTK rekeying interval in seconds. If set to 0, GTK rekeying is disabled. Range: 60 ~ 65535 including 0. */ } wifi_ap_config_t; #define SAE_H2E_IDENTIFIER_LEN 32 /**< Length of the password identifier for H2E */ diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c index ccf7d81337..ab488f2155 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_hostap.c @@ -84,6 +84,12 @@ void *hostap_init(void) hapd->conf->sae_pwe = esp_wifi_get_config_sae_pwe_h2e_internal(WIFI_IF_AP); auth_conf->sae_pwe = hapd->conf->sae_pwe; + auth_conf->wpa_group_rekey = esp_wifi_ap_get_gtk_rekeying_config_internal(); +#define MIN_GTK_REKEYING_INTERVAL 60 + if (auth_conf->wpa_group_rekey && auth_conf->wpa_group_rekey < MIN_GTK_REKEYING_INTERVAL) { + auth_conf->wpa_group_rekey = MIN_GTK_REKEYING_INTERVAL; + } +#undef MIN_GTK_REKEYING_INTERVAL authmode = esp_wifi_ap_get_prof_authmode_internal(); if (authmode_has_wpa(authmode)) { diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h index df068bba20..0419b884bd 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wifi_driver.h @@ -285,6 +285,7 @@ esp_err_t esp_wifi_register_mgmt_frame_internal(uint32_t type, uint32_t subtype) esp_err_t esp_wifi_send_mgmt_frm_internal(const wifi_mgmt_frm_req_t *req); uint8_t esp_wifi_ap_get_prof_pairwise_cipher_internal(void); uint8_t esp_wifi_ap_get_sae_ext_config_internal(void); +uint16_t esp_wifi_ap_get_gtk_rekeying_config_internal(void); bool esp_wifi_is_mbo_enabled_internal(uint8_t if_index); void esp_wifi_get_pmf_config_internal(wifi_pmf_config_t *pmf_cfg, uint8_t ifx); bool esp_wifi_is_ft_enabled_internal(uint8_t if_index); diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c index f5715611a8..a3c67cd136 100644 --- a/components/wpa_supplicant/src/ap/wpa_auth.c +++ b/components/wpa_supplicant/src/ap/wpa_auth.c @@ -211,6 +211,16 @@ int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth, int (*cb)(struct wpa_state_machine *sm, void *ctx), void *cb_ctx) { + struct hostapd_data *hapd = hostapd_get_hapd_data(); + struct sta_info *sta; + + if (hapd == NULL) + return 1; + + for (sta = hapd->sta_list; sta; sta = sta->next) { + if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx)) + return 1; + } return 0; } @@ -397,6 +407,11 @@ struct wpa_authenticator * wpa_init(const u8 *addr, return NULL; } + if (wpa_auth->conf.wpa_group_rekey) { + eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, + 0, wpa_rekey_gtk, wpa_auth, NULL); + } + #ifdef CONFIG_IEEE80211R_AP wpa_auth->ft_pmk_cache = wpa_ft_pmk_cache_init(); if (wpa_auth->ft_pmk_cache == NULL) { @@ -2565,6 +2580,7 @@ static int wpa_sm_step(struct wpa_state_machine *sm) void wpa_deinit(struct wpa_authenticator *wpa_auth) { struct wpa_group *group, *prev; + eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); pmksa_cache_auth_deinit(wpa_auth->pmksa); if (wpa_auth->wpa_ie != NULL) { os_free(wpa_auth->wpa_ie);