aboutsummaryrefslogtreecommitdiffstats
path: root/src/wps
diff options
context:
space:
mode:
authorTomasz Jankowski <tomasz.jankowski@plume.com>2020-02-10 11:49:33 (GMT)
committerJouni Malinen <j@w1.fi>2020-02-15 15:28:00 (GMT)
commitfde8e7946304569292c5d520d76371291cc4f88c (patch)
tree6ef6fa5fdab9c7969d59e17ece33762866a10bba /src/wps
parentb1977a652dffa4e4f6f01e93dac59f8f29f17b14 (diff)
downloadhostap-fde8e7946304569292c5d520d76371291cc4f88c.zip
hostap-fde8e7946304569292c5d520d76371291cc4f88c.tar.gz
hostap-fde8e7946304569292c5d520d76371291cc4f88c.tar.bz2
WPS: Make it possible to use PSKs loaded from the PSK file
By default, when configuration file set wpa_psk_file, hostapd generated a random PSK for each Enrollee provisioned using WPS and appended that PSK to wpa_psk_file. Changes that behavior by adding a new step. WPS will first try to use a PSK from wpa_psk_file. It will only try PSKs with wps=1 tag. Additionally it'll try to match enrollee's MAC address (if provided). If it fails to find an appropriate PSK, it falls back to generating a new PSK. Signed-off-by: Tomasz Jankowski <tomasz.jankowski@plume.com>
Diffstat (limited to 'src/wps')
-rw-r--r--src/wps/wps.h8
-rw-r--r--src/wps/wps_registrar.c21
2 files changed, 27 insertions, 2 deletions
diff --git a/src/wps/wps.h b/src/wps/wps.h
index f42045e..3b56da7 100644
--- a/src/wps/wps.h
+++ b/src/wps/wps.h
@@ -345,6 +345,14 @@ struct wps_registrar_config {
const char *dev_name);
/**
+ * lookup_pskfile_cb - Callback for searching for PSK in wpa_psk_file
+ * @ctx: Higher layer context data (cb_ctx)
+ * @addr: Enrollee's MAC address
+ * @psk: Pointer to found PSK (output arg)
+ */
+ int (*lookup_pskfile_cb)(void *ctx, const u8 *mac_addr, const u8 **psk);
+
+ /**
* cb_ctx: Higher layer context data for Registrar callbacks
*/
void *cb_ctx;
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index c07d42b..fb6c71d 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -160,6 +160,7 @@ struct wps_registrar {
const u8 *pri_dev_type, u16 config_methods,
u16 dev_password_id, u8 request_type,
const char *dev_name);
+ int (*lookup_pskfile_cb)(void *ctx, const u8 *mac_addr, const u8 **psk);
void *cb_ctx;
struct dl_list pins;
@@ -682,6 +683,7 @@ wps_registrar_init(struct wps_context *wps,
reg->reg_success_cb = cfg->reg_success_cb;
reg->set_sel_reg_cb = cfg->set_sel_reg_cb;
reg->enrollee_seen_cb = cfg->enrollee_seen_cb;
+ reg->lookup_pskfile_cb = cfg->lookup_pskfile_cb;
reg->cb_ctx = cfg->cb_ctx;
reg->skip_cred_build = cfg->skip_cred_build;
if (cfg->extra_cred) {
@@ -1291,6 +1293,15 @@ static void wps_cb_set_sel_reg(struct wps_registrar *reg)
}
+static int wps_cp_lookup_pskfile(struct wps_registrar *reg, const u8 *mac_addr,
+ const u8 **psk)
+{
+ if (!reg->lookup_pskfile_cb)
+ return 0;
+ return reg->lookup_pskfile_cb(reg->cb_ctx, mac_addr, psk);
+}
+
+
static int wps_set_ie(struct wps_registrar *reg)
{
struct wpabuf *beacon;
@@ -1645,6 +1656,8 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
{
struct wpabuf *cred;
struct wps_registrar *reg = wps->wps->registrar;
+ const u8 *pskfile_psk;
+ char hex[65];
if (wps->wps->registrar->skip_cred_build)
goto skip_cred_build;
@@ -1760,9 +1773,14 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
wps->new_psk, wps->new_psk_len);
os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);
wps->cred.key_len = wps->new_psk_len;
+ } else if (wps_cp_lookup_pskfile(reg, wps->mac_addr_e, &pskfile_psk)) {
+ wpa_hexdump_key(MSG_DEBUG, "WPS: Use PSK from wpa_psk_file",
+ pskfile_psk, PMK_LEN);
+ wpa_snprintf_hex(hex, sizeof(hex), pskfile_psk, PMK_LEN);
+ os_memcpy(wps->cred.key, hex, PMK_LEN * 2);
+ wps->cred.key_len = PMK_LEN * 2;
} else if (!wps->wps->registrar->force_per_enrollee_psk &&
wps->use_psk_key && wps->wps->psk_set) {
- char hex[65];
wpa_printf(MSG_DEBUG, "WPS: Use PSK format for Network Key");
wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, PMK_LEN);
os_memcpy(wps->cred.key, hex, PMK_LEN * 2);
@@ -1773,7 +1791,6 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
wps->wps->network_key_len);
wps->cred.key_len = wps->wps->network_key_len;
} else if (wps->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
- char hex[65];
/* Generate a random per-device PSK */
os_free(wps->new_psk);
wps->new_psk_len = PMK_LEN;