From 7508c2ad99cef6d0691190063ec7735b7759f836 Mon Sep 17 00:00:00 2001

Message-Id: <7508c2ad99cef6d0691190063ec7735b7759f836.1488376602.git.dcaratti@redhat.com>

From: Badrish Adiga H R <badrish.adigahr@gmail.com>

Date: Fri, 16 Dec 2016 01:40:53 +0530

Subject: [PATCH] PAE: Make KaY specific details available via control

 interface

Add KaY details to the STATUS command output.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@hpe.com>

---

 src/pae/ieee802_1x_kay.c    | 49 +++++++++++++++++++++++++++++++++++++++++++++

 src/pae/ieee802_1x_kay.h    |  3 +++

 wpa_supplicant/ctrl_iface.c |  6 ++++++

 3 files changed, 58 insertions(+)

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c

index 1d6d9a9..cf5782a 100644

--- a/src/pae/ieee802_1x_kay.c

+++ b/src/pae/ieee802_1x_kay.c

@@ -1641,6 +1641,7 @@ ieee802_1x_mka_decode_dist_sak_body(

 	ieee802_1x_cp_signal_newsak(kay->cp);

 	ieee802_1x_cp_sm_step(kay->cp);

+	kay->rcvd_keys++;

 	participant->to_use_sak = TRUE;

 	return 0;

@@ -3519,3 +3520,51 @@ ieee802_1x_kay_change_cipher_suite(struct ieee802_1x_kay *kay,

 	return 0;

 }

+

+

+#ifdef CONFIG_CTRL_IFACE

+/**

+ * ieee802_1x_kay_get_status - Get IEEE 802.1X KaY status details

+ * @sm: Pointer to KaY allocated with ieee802_1x_kay_init()

+ * @buf: Buffer for status information

+ * @buflen: Maximum buffer length

+ * @verbose: Whether to include verbose status information

+ * Returns: Number of bytes written to buf.

+ *

+ * Query KAY status information. This function fills in a text area with current

+ * status information. If the buffer (buf) is not large enough, status

+ * information will be truncated to fit the buffer.

+ */

+int ieee802_1x_kay_get_status(struct ieee802_1x_kay *kay, char *buf,

+			      size_t buflen)

+{

+	int len;

+

+	if (!kay)

+		return 0;

+

+	len = os_snprintf(buf, buflen,

+			  "PAE KaY status=%s\n"

+			  "Authenticated=%s\n"

+			  "Secured=%s\n"

+			  "Failed=%s\n"

+			  "Actor Priority=%u\n"

+			  "Key Server Priority=%u\n"

+			  "Is Key Server=%s\n"

+			  "Number of Keys Distributed=%u\n"

+			  "Number of Keys Received=%u\n",

+			  kay->active ? "Active" : "Not-Active",

+			  kay->authenticated ? "Yes" : "No",

+			  kay->secured ? "Yes" : "No",

+			  kay->failed ? "Yes" : "No",

+			  kay->actor_priority,

+			  kay->key_server_priority,

+			  kay->is_key_server ? "Yes" : "No",

+			  kay->dist_kn - 1,

+			  kay->rcvd_keys);

+	if (os_snprintf_error(buflen, len))

+		return 0;

+

+	return len;

+}

+#endif /* CONFIG_CTRL_IFACE */

diff --git a/src/pae/ieee802_1x_kay.h b/src/pae/ieee802_1x_kay.h

index 9a92d1c..b38e814 100644

--- a/src/pae/ieee802_1x_kay.h

+++ b/src/pae/ieee802_1x_kay.h

@@ -208,6 +208,7 @@ struct ieee802_1x_kay {

 	int mka_algindex;  /* MKA alg table index */

 	u32 dist_kn;

+	u32 rcvd_keys;

 	u8 dist_an;

 	time_t dist_time;

@@ -267,5 +268,7 @@ int ieee802_1x_kay_enable_tx_sas(struct ieee802_1x_kay *kay,

 int ieee802_1x_kay_enable_rx_sas(struct ieee802_1x_kay *kay,

 				 struct ieee802_1x_mka_ki *lki);

 int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay);

+int ieee802_1x_kay_get_status(struct ieee802_1x_kay *kay, char *buf,

+			      size_t buflen);

 #endif /* IEEE802_1X_KAY_H */

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c

index c943dee..624e894 100644

--- a/wpa_supplicant/ctrl_iface.c

+++ b/wpa_supplicant/ctrl_iface.c

@@ -2050,6 +2050,12 @@ static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,

 			pos += res;

 	}

+#ifdef CONFIG_MACSEC

+	res = ieee802_1x_kay_get_status(wpa_s->kay, pos, end - pos);

+	if (res > 0)

+		pos += res;

+#endif /* CONFIG_MACSEC */

+

 	sess_id = eapol_sm_get_session_id(wpa_s->eapol, &sess_id_len);

 	if (sess_id) {

 		char *start = pos;

-- 

2.7.4