AP: Expose PMK outside of wpa_auth module

This doesn't change any behavior on its own. It's going to be used to expose per-station keyids and allow reloading passphrases in runtime. Signed-off-by: Michal Kazior <michal@plume.com>
5 years ago · b08c9ad0c7
parent 1699309378
commit b08c9ad0c7
3 changed files with 16 additions and 0 deletions
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -873,6 +873,8 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,

 		if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
 				       data, data_len) == 0) {
+			os_memcpy(sm->PMK, pmk, pmk_len);
+			sm->pmk_len = pmk_len;
 			ok = 1;
 			break;
 		}
@ -2724,6 +2726,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
 		    wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
 				       sm->last_rx_eapol_key,
 				       sm->last_rx_eapol_key_len) == 0) {
+			os_memcpy(sm->PMK, pmk, pmk_len);
+			sm->pmk_len = pmk_len;
 			ok = 1;
 			break;
 		}
@ -4135,6 +4139,15 @@ int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
 }


+const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len)
+{
+	if (!sm)
+		return NULL;
+	*len = sm->pmk_len;
+	return sm->PMK;
+}
+
+
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
 {
 	if (sm == NULL)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@ -349,6 +349,7 @@ int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
 int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len);
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
 int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@ -2638,6 +2638,8 @@ static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm,
 		os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
 		if (out_pairwise)
 			*out_pairwise = pairwise;
+		os_memcpy(sm->PMK, pmk, PMK_LEN);
+		sm->pmk_len = PMK_LEN;
 		if (out_vlan &&
 		    wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
 			wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "