Add MSK dump mechanism into hostapd RADIUS server for testing

Testing code can now be enabled in the hostapd RADIUS server to dump each derived MSK into a text file (e.g., to be used as an input to wlantest). This functionality is not included in the default build and can be enabled by adding the following line to hostapd/.config: CFLAGS += -DCONFIG_RADIUS_TEST The MSK dump file is specified with dump_msk_file parameter in hostapd.conf (path to the dump file). If this variable is not set, MSK dump mechanism is not enabled at run time. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago · 505a36941e
parent 219fd441fd
commit 505a36941e
6 changed files with 52 additions and 2 deletions
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@ -2155,6 +2155,11 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 			if (parse_roaming_consortium(bss, pos, line) < 0)
 				errors++;
 #endif /* CONFIG_INTERWORKING */
+#ifdef CONFIG_RADIUS_TEST
+		} else if (os_strcmp(buf, "dump_msk_file") == 0) {
+			os_free(bss->dump_msk_file);
+			bss->dump_msk_file = os_strdup(pos);
+#endif /* CONFIG_RADIUS_TEST */
 		} else {
 			wpa_printf(MSG_ERROR, "Line %d: unknown configuration "
 				   "item '%s'", line, buf);
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@ -471,6 +471,10 @@ static void hostapd_config_free_bss(struct hostapd_bss_config *conf)
 #endif /* CONFIG_WPS */

 	os_free(conf->roaming_consortium);
+
+#ifdef CONFIG_RADIUS_TEST
+	os_free(conf->dump_msk_file);
+#endif /* CONFIG_RADIUS_TEST */
 }


--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@ -362,6 +362,10 @@ struct hostapd_bss_config {
 	struct hostapd_roaming_consortium *roaming_consortium;

 	u8 wps_rf_bands; /* RF bands for WPS (WPS_RF_*) */
+
+#ifdef CONFIG_RADIUS_TEST
+	char *dump_msk_file;
+#endif /* CONFIG_RADIUS_TEST */
 };


--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@ -117,6 +117,9 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd)
 	srv.eap_req_id_text = conf->eap_req_id_text;
 	srv.eap_req_id_text_len = conf->eap_req_id_text_len;
 	srv.pwd_group = conf->pwd_group;
+#ifdef CONFIG_RADIUS_TEST
+	srv.dump_msk_file = conf->dump_msk_file;
+#endif /* CONFIG_RADIUS_TEST */

 	hapd->radius_srv = radius_server_init(&srv);
 	if (hapd->radius_srv == NULL) {
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@ -1,6 +1,6 @@
 /*
 * RADIUS authentication server
- * Copyright (c) 2005-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2005-2009, 2011, Jouni Malinen <j@w1.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@ -292,6 +292,10 @@ struct radius_server_data {
 	 * msg_ctx - Context data for wpa_msg() calls
 	 */
 	void *msg_ctx;
+
+#ifdef CONFIG_RADIUS_TEST
+	char *dump_msk_file;
+#endif /* CONFIG_RADIUS_TEST */
 };


@ -574,6 +578,24 @@ radius_server_encapsulate_eap(struct radius_server_data *data,

 	if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->eap_if->eapKeyData) {
 		int len;
+#ifdef CONFIG_RADIUS_TEST
+		if (data->dump_msk_file) {
+			FILE *f;
+			char buf[2 * 64 + 1];
+			f = fopen(data->dump_msk_file, "a");
+			if (f) {
+				len = sess->eap_if->eapKeyDataLen;
+				if (len > 64)
+					len = 64;
+				len = wpa_snprintf_hex(
+					buf, sizeof(buf),
+					sess->eap_if->eapKeyData, len);
+				buf[len] = '\0';
+				fprintf(f, "%s\n", buf);
+				fclose(f);
+			}
+		}
+#endif /* CONFIG_RADIUS_TEST */
 		if (sess->eap_if->eapKeyDataLen > 64) {
 			len = 32;
 		} else {
@ -1277,6 +1299,11 @@ radius_server_init(struct radius_server_conf *conf)
 		}
 	}

+#ifdef CONFIG_RADIUS_TEST
+	if (conf->dump_msk_file)
+		data->dump_msk_file = os_strdup(conf->dump_msk_file);
+#endif /* CONFIG_RADIUS_TEST */
+
 	data->clients = radius_server_read_clients(conf->client_file,
 						   conf->ipv6);
 	if (data->clients == NULL) {
@ -1328,6 +1355,9 @@ void radius_server_deinit(struct radius_server_data *data)
 	os_free(data->eap_fast_a_id);
 	os_free(data->eap_fast_a_id_info);
 	os_free(data->eap_req_id_text);
+#ifdef CONFIG_RADIUS_TEST
+	os_free(data->dump_msk_file);
+#endif /* CONFIG_RADIUS_TEST */
 	os_free(data);
 }

--- a/src/radius/radius_server.h
+++ b/src/radius/radius_server.h
@ -1,6 +1,6 @@
 /*
 * RADIUS authentication server
- * Copyright (c) 2005-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2005-2009, 2011, Jouni Malinen <j@w1.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@ -201,6 +201,10 @@ struct radius_server_conf {
 	 * msg_ctx - Context data for wpa_msg() calls
 	 */
 	void *msg_ctx;
+
+#ifdef CONFIG_RADIUS_TEST
+	const char *dump_msk_file;
+#endif /* CONFIG_RADIUS_TEST */
 };