From b08c9ad0c78d2c767d62e1d169560debe8db0ce6 Mon Sep 17 00:00:00 2001 From: Michal Kazior Date: Wed, 16 Jan 2019 13:35:18 +0100 Subject: [PATCH] AP: Expose PMK outside of wpa_auth module This doesn't change any behavior on its own. It's going to be used to expose per-station keyids and allow reloading passphrases in runtime. Signed-off-by: Michal Kazior --- src/ap/wpa_auth.c | 13 +++++++++++++ src/ap/wpa_auth.h | 1 + src/ap/wpa_auth_ft.c | 2 ++ 3 files changed, 16 insertions(+) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 543880e14..8e2b48e2d 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -873,6 +873,8 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data, if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK, data, data_len) == 0) { + os_memcpy(sm->PMK, pmk, pmk_len); + sm->pmk_len = pmk_len; ok = 1; break; } @@ -2724,6 +2726,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK, sm->last_rx_eapol_key, sm->last_rx_eapol_key_len) == 0) { + os_memcpy(sm->PMK, pmk, pmk_len); + sm->pmk_len = pmk_len; ok = 1; break; } @@ -4135,6 +4139,15 @@ int wpa_auth_get_pairwise(struct wpa_state_machine *sm) } +const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len) +{ + if (!sm) + return NULL; + *len = sm->pmk_len; + return sm->PMK; +} + + int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm) { if (sm == NULL) diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 719284502..e61648d94 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -349,6 +349,7 @@ int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen); void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth); int wpa_auth_pairwise_set(struct wpa_state_machine *sm); int wpa_auth_get_pairwise(struct wpa_state_machine *sm); +const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len); int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 60f0786a1..ac736f062 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -2638,6 +2638,8 @@ static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm, os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN); if (out_pairwise) *out_pairwise = pairwise; + os_memcpy(sm->PMK, pmk, PMK_LEN); + sm->pmk_len = PMK_LEN; if (out_vlan && wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) { wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "