AP: Expose PMK outside of wpa_auth module

This doesn't change any behavior on its own. It's going to be used to
expose per-station keyids and allow reloading passphrases in runtime.

Signed-off-by: Michal Kazior <michal@plume.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 543880e14365ab9b629c3527d2bf1346d5bfe21c..8e2b48e2d06177105f197ad418469bfb6223748f 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -873,6 +873,8 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
 
                if (wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
                                       data, data_len) == 0) {
+                       os_memcpy(sm->PMK, pmk, pmk_len);
+                       sm->pmk_len = pmk_len;
                        ok = 1;
                        break;
                }
@@ -2724,6 +2726,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
                    wpa_verify_key_mic(sm->wpa_key_mgmt, pmk_len, &PTK,
                                       sm->last_rx_eapol_key,
                                       sm->last_rx_eapol_key_len) == 0) {
+                       os_memcpy(sm->PMK, pmk, pmk_len);
+                       sm->pmk_len = pmk_len;
                        ok = 1;
                        break;
                }
@@ -4135,6 +4139,15 @@ int wpa_auth_get_pairwise(struct wpa_state_machine *sm)
 }
 
 
+const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len)
+{
+       if (!sm)
+               return NULL;
+       *len = sm->pmk_len;
+       return sm->PMK;
+}
+
+
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm)
 {
        if (sm == NULL)

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 71928450209a22e639f60c3a77fc7434b7b4a775..e61648d94658320458375ab8126b951c3973b188 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -349,6 +349,7 @@ int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
 void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
 int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+const u8 * wpa_auth_get_pmk(struct wpa_state_machine *sm, int *len);
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
 int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 60f0786a1bb62ef09d4ca3eb6750f7dfebadf775..ac736f062d6b7f3e452d882dd162ec24aba96b4d 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2638,6 +2638,8 @@ static int wpa_ft_psk_pmk_r1(struct wpa_state_machine *sm,
                os_memcpy(out_pmk_r1, pmk_r1, PMK_LEN);
                if (out_pairwise)
                        *out_pairwise = pairwise;
+               os_memcpy(sm->PMK, pmk, PMK_LEN);
+               sm->pmk_len = PMK_LEN;
                if (out_vlan &&
                    wpa_ft_get_vlan(sm->wpa_auth, sm->addr, out_vlan) < 0) {
                        wpa_printf(MSG_DEBUG, "FT: vlan not available for STA "