From 2f858254ccf8f71e8cac76f07a552d57e309796e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 3 Aug 2020 15:38:30 +0300 Subject: [PATCH] Extend GET_PMK to check PMKSA cache on the AP This allows the testing command GET_PMK to return a PMK in cases where the association fails (e.g., when using SAE and getting a valid PMKSA entry added before association) or after the association has been lost. Signed-off-by: Jouni Malinen --- hostapd/ctrl_iface.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c index b470c5643..ae63acd47 100644 --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c @@ -47,6 +47,7 @@ #include "ap/ap_config.h" #include "ap/ieee802_1x.h" #include "ap/wpa_auth.h" +#include "ap/pmksa_cache_auth.h" #include "ap/ieee802_11.h" #include "ap/sta_info.h" #include "ap/wps_hostapd.h" @@ -2456,6 +2457,19 @@ static int hostapd_ctrl_resend_group_m1(struct hostapd_data *hapd, } +static int hostapd_ctrl_get_pmksa_pmk(struct hostapd_data *hapd, const u8 *addr, + char *buf, size_t buflen) +{ + struct rsn_pmksa_cache_entry *pmksa; + + pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, addr, NULL); + if (!pmksa) + return -1; + + return wpa_snprintf_hex(buf, buflen, pmksa->pmk, pmksa->pmk_len); +} + + static int hostapd_ctrl_get_pmk(struct hostapd_data *hapd, const char *cmd, char *buf, size_t buflen) { @@ -2471,13 +2485,13 @@ static int hostapd_ctrl_get_pmk(struct hostapd_data *hapd, const char *cmd, if (!sta || !sta->wpa_sm) { wpa_printf(MSG_DEBUG, "No STA WPA state machine for " MACSTR, MAC2STR(addr)); - return -1; + return hostapd_ctrl_get_pmksa_pmk(hapd, addr, buf, buflen); } pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len); - if (!pmk) { + if (!pmk || !pmk_len) { wpa_printf(MSG_DEBUG, "No PMK stored for " MACSTR, MAC2STR(addr)); - return -1; + return hostapd_ctrl_get_pmksa_pmk(hapd, addr, buf, buflen); } return wpa_snprintf_hex(buf, buflen, pmk, pmk_len);