From b175e7ae0649475c1461831be1ccbc47804d5e5f Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Sat, 15 Apr 2017 13:58:45 +0200 Subject: [PATCH] handshake: Add handshake_state_get_pmkid Returns the PMKID for the current PMK (configured through handshake_state_set_pmk for PSK, created through EAP or from pre-authentication) --- src/handshake.c | 25 +++++++++++++++++++++++++ src/handshake.h | 2 ++ 2 files changed, 27 insertions(+) diff --git a/src/handshake.c b/src/handshake.c index 8537009a..a0c71b97 100644 --- a/src/handshake.c +++ b/src/handshake.c @@ -360,6 +360,31 @@ void handshake_state_override_pairwise_cipher(struct handshake_state *s, s->pairwise_cipher = pairwise; } +bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid) +{ + bool use_sha256; + + if (!s->have_pmk) + return false; + + /* + * Note 802.11 section 11.6.1.3: + * "When the PMKID is calculated for the PMKSA as part of RSN + * preauthentication, the AKM has not yet been negotiated. In this + * case, the HMAC-SHA1-128 based derivation is used for the PMKID + * calculation." + */ + + if (s->akm_suite & (IE_RSN_AKM_SUITE_8021X_SHA256 | + IE_RSN_AKM_SUITE_PSK_SHA256)) + use_sha256 = true; + else + use_sha256 = false; + + return crypto_derive_pmkid(s->pmk, s->spa, s->aa, out_pmkid, + use_sha256); +} + /* * This function performs a match of the RSN/WPA IE obtained from the scan * results vs the RSN/WPA IE obtained as part of the 4-way handshake. If they diff --git a/src/handshake.h b/src/handshake.h index ff2d1ed7..ab821204 100644 --- a/src/handshake.h +++ b/src/handshake.h @@ -130,6 +130,8 @@ void handshake_state_install_igtk(struct handshake_state *s, void handshake_state_override_pairwise_cipher(struct handshake_state *s, enum ie_rsn_cipher_suite pairwise); +bool handshake_state_get_pmkid(struct handshake_state *s, uint8_t *out_pmkid); + bool handshake_decode_fte_key(struct handshake_state *s, const uint8_t *wrapped, size_t key_len, uint8_t *key_out);