PAE: Make KaY specific details available via control interface

Add KaY details to the STATUS command output.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@hpe.com>
This commit is contained in:
Badrish Adiga H R 2016-12-16 01:40:53 +05:30 committed by Jouni Malinen
parent bae93012cd
commit 7508c2ad99
3 changed files with 58 additions and 0 deletions

View file

@ -1641,6 +1641,7 @@ ieee802_1x_mka_decode_dist_sak_body(
ieee802_1x_cp_signal_newsak(kay->cp); ieee802_1x_cp_signal_newsak(kay->cp);
ieee802_1x_cp_sm_step(kay->cp); ieee802_1x_cp_sm_step(kay->cp);
kay->rcvd_keys++;
participant->to_use_sak = TRUE; participant->to_use_sak = TRUE;
return 0; return 0;
@ -3519,3 +3520,51 @@ ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay,
return 0; return 0;
} }
#ifdef CONFIG_CTRL_IFACE
/**
* ieee802_1x_kay_get_status - Get IEEE 802.1X KaY status details
* @sm: Pointer to KaY allocated with ieee802_1x_kay_init()
* @buf: Buffer for status information
* @buflen: Maximum buffer length
* @verbose: Whether to include verbose status information
* Returns: Number of bytes written to buf.
*
* Query KAY status information. This function fills in a text area with current
* status information. If the buffer (buf) is not large enough, status
* information will be truncated to fit the buffer.
*/
int ieee802_1x_kay_get_status(struct ieee802_1x_kay *kay, char *buf,
size_t buflen)
{
int len;
if (!kay)
return 0;
len = os_snprintf(buf, buflen,
"PAE KaY status=%s\n"
"Authenticated=%s\n"
"Secured=%s\n"
"Failed=%s\n"
"Actor Priority=%u\n"
"Key Server Priority=%u\n"
"Is Key Server=%s\n"
"Number of Keys Distributed=%u\n"
"Number of Keys Received=%u\n",
kay->active ? "Active" : "Not-Active",
kay->authenticated ? "Yes" : "No",
kay->secured ? "Yes" : "No",
kay->failed ? "Yes" : "No",
kay->actor_priority,
kay->key_server_priority,
kay->is_key_server ? "Yes" : "No",
kay->dist_kn - 1,
kay->rcvd_keys);
if (os_snprintf_error(buflen, len))
return 0;
return len;
}
#endif /* CONFIG_CTRL_IFACE */

View file

@ -208,6 +208,7 @@ struct ieee802_1x_kay {
int mka_algindex; /* MKA alg table index */ int mka_algindex; /* MKA alg table index */
u32 dist_kn; u32 dist_kn;
u32 rcvd_keys;
u8 dist_an; u8 dist_an;
time_t dist_time; time_t dist_time;
@ -267,5 +268,7 @@ int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,
int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay, int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,
struct ieee802_1x_mka_ki *lki); struct ieee802_1x_mka_ki *lki);
int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay); int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay);
int ieee802_1x_kay_get_status(struct ieee802_1x_kay *kay, char *buf,
size_t buflen);
#endif /* IEEE802_1X_KAY_H */ #endif /* IEEE802_1X_KAY_H */

View file

@ -2050,6 +2050,12 @@ static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,
pos += res; pos += res;
} }
#ifdef CONFIG_MACSEC
res = ieee802_1x_kay_get_status(wpa_s->kay, pos, end - pos);
if (res > 0)
pos += res;
#endif /* CONFIG_MACSEC */
sess_id = eapol_sm_get_session_id(wpa_s->eapol, &sess_id_len); sess_id = eapol_sm_get_session_id(wpa_s->eapol, &sess_id_len);
if (sess_id) { if (sess_id) {
char *start = pos; char *start = pos;