[1/3] AP: expose pmk outside of wpa code

Message ID	20190116123520.17602-2-kazikcz@gmail.com
State	Accepted
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Michal Kazior <kazikcz@gmail.com> To: hostap@lists.infradead.org Subject: [PATCH 1/3] AP: expose pmk outside of wpa code Date: Wed, 16 Jan 2019 13:35:18 +0100 Message-Id: <20190116123520.17602-2-kazikcz@gmail.com> In-Reply-To: <20190116123520.17602-1-kazikcz@gmail.com> References: <20181121213836.28701-1-kazikcz@gmail.com> <20190116123520.17602-1-kazikcz@gmail.com> MIME-Version: 1.0 summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:142 listed in] [list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (kazikcz[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain Precedence: list Cc: Michal Kazior <michal@plume.com>, carlitonueno@gmail.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	AP: make wpa_psk_file more dynamic \| expand [0/3] AP: make wpa_psk_file more dynamic [1/3] AP: expose pmk outside of wpa code [2/3] AP: allow identifying which passphrase station used with wpa_psk_file [3/3] AP: add wpa_psk_file reloading in runtime

Message ID

20190116123520.17602-2-kazikcz@gmail.com

State

Accepted

Headers

From: Michal Kazior <kazikcz@gmail.com>
To: hostap@lists.infradead.org
Subject: [PATCH 1/3] AP: expose pmk outside of wpa code
Date: Wed, 16 Jan 2019 13:35:18 +0100
Message-Id: <20190116123520.17602-2-kazikcz@gmail.com>
In-Reply-To: <20190116123520.17602-1-kazikcz@gmail.com>
References: <20181121213836.28701-1-kazikcz@gmail.com>
	<20190116123520.17602-1-kazikcz@gmail.com>
MIME-Version: 1.0
Precedence: list
Cc: Michal Kazior <michal@plume.com>, carlitonueno@gmail.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

AP: make wpa_psk_file more dynamic | expand

Commit Message

Michał Kazior Jan. 16, 2019, 12:35 p.m. UTC

From: Michal Kazior <michal@plume.com>

This doesn't change any behavior on its own. It's
going to be used to expose per-station keyids and
allow reloading passphrases in runtime.

Signed-off-by: Michal Kazior <michal@plume.com>
---

Notes:
    v1:
     - introduced

 src/ap/wpa_auth.c    | 11 +++++++++++
 src/ap/wpa_auth.h    |  1 +
 src/ap/wpa_auth_ft.c |  2 ++
 3 files changed, 14 insertions(+)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 34969e79e..b7cd2d706 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -860,6 +860,8 @@  static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
 
 		if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
 				       data, data_len) == 0) {
+			os_memcpy(sm->PMK, pmk, pmk_len);
+			sm->pmk_len = pmk_len;
 			ok = 1;
 			break;
 		}
@@ -2675,6 +2677,8 @@  SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
 		    wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
 				       sm->last_rx_eapol_key,
 				       sm->last_rx_eapol_key_len) == 0) {
+			os_memcpy(sm->PMK, pmk, pmk_len);
+			sm->pmk_len = pmk_len;
 			ok = 1;
 			break;
 		}
@@ -3963,6 +3967,13 @@  int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
 }
 
 
+const u8 *wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len)
+{
+	*len = sm->pmk_len;
+	return sm->PMK;
+}
+
+
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
 {
 	if (sm == NULL)
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index fad5536f7..7e82068e3 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -339,6 +339,7 @@  int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
 int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+const u8 *wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len);
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
 int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index e8d46ab0d..391fe465a 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2596,6 +2596,8 @@  static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm,
 		os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
 		if (out_pairwise)
 			*out_pairwise = pairwise;
+		os_memcpy(sm->PMK, pmk, PMK_LEN);
+		sm->pmk_len = PMK_LEN;
 		if (out_vlan &&
 		    wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
 			wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "

[1/3] AP: expose pmk outside of wpa code

Commit Message

Patch