[PATCH 1/3] AP: expose pmk outside of wpa code

Michal Kazior <kazikcz@xxxxxxxxx> · Wed, 16 Jan 2019 13:35:18 +0100

From: Michal Kazior <michal@xxxxxxxxx>

This doesn't change any behavior on its own. It's
going to be used to expose per-station keyids and
allow reloading passphrases in runtime.

Signed-off-by: Michal Kazior <michal@xxxxxxxxx>
---

Notes:
    v1:
     - introduced

 src/ap/wpa_auth.c    | 11 +++++++++++
 src/ap/wpa_auth.h    |  1 +
 src/ap/wpa_auth_ft.c |  2 ++
 3 files changed, 14 insertions(+)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 34969e79e..b7cd2d706 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -860,6 +860,8 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
 
 		if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
 				       data, data_len) == 0) {
+			os_memcpy(sm->PMK, pmk, pmk_len);
+			sm->pmk_len = pmk_len;
 			ok = 1;
 			break;
 		}
@@ -2675,6 +2677,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
 		    wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
 				       sm->last_rx_eapol_key,
 				       sm->last_rx_eapol_key_len) == 0) {
+			os_memcpy(sm->PMK, pmk, pmk_len);
+			sm->pmk_len = pmk_len;
 			ok = 1;
 			break;
 		}
@@ -3963,6 +3967,13 @@ int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
 }
 
 
+const u8 *wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len)
+{
+	*len = sm->pmk_len;
+	return sm->PMK;
+}
+
+
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
 {
 	if (sm == NULL)
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index fad5536f7..7e82068e3 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -339,6 +339,7 @@ int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
 int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+const u8 *wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len);
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
 int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index e8d46ab0d..391fe465a 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2596,6 +2596,8 @@ static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm,
 		os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
 		if (out_pairwise)
 			*out_pairwise = pairwise;
+		os_memcpy(sm->PMK, pmk, PMK_LEN);
+		sm->pmk_len = PMK_LEN;
 		if (out_vlan &&
 		    wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
 			wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "
-- 
2.20.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap






