DPP: Allow PMKSA cache entries to be added through hostapd ctrl_iface

This allows external programs to generate and add PMKSA cache entries
into hostapd. The main use for this is to run external DPP processing
(network introduction) and testing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

hostapd/ctrl_iface.c

@@ -2629,6 +2629,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
 							  reply_size);
 	} else if (os_strcmp(buf, "PMKSA_FLUSH") == 0) {
 		hostapd_ctrl_iface_pmksa_flush(hapd);
+	} else if (os_strncmp(buf, "PMKSA_ADD ", 10) == 0) {
+		if (hostapd_ctrl_iface_pmksa_add(hapd, buf + 10) < 0)
+			reply_len = -1;
 	} else if (os_strncmp(buf, "SET_NEIGHBOR ", 13) == 0) {
 		if (hostapd_ctrl_iface_set_neighbor(hapd, buf + 13))
 			reply_len = -1;

src/ap/ctrl_iface_ap.c

@@ -641,6 +641,54 @@ void hostapd_ctrl_iface_pmksa_flush(struct hostapd_data *hapd)
 }
 
 
+int hostapd_ctrl_iface_pmksa_add(struct hostapd_data *hapd, char *cmd)
+{
+	u8 spa[ETH_ALEN];
+	u8 pmkid[PMKID_LEN];
+	u8 pmk[PMK_LEN_MAX];
+	size_t pmk_len;
+	char *pos, *pos2;
+	int akmp = 0, expiration = 0;
+
+	/*
+	 * Entry format:
+	 * <STA addr> <PMKID> <PMK> <expiration in seconds> <akmp>
+	 */
+
+	if (hwaddr_aton(cmd, spa))
+		return -1;
+
+	pos = os_strchr(cmd, ' ');
+	if (!pos)
+		return -1;
+	pos++;
+
+	if (hexstr2bin(pos, pmkid, PMKID_LEN) < 0)
+		return -1;
+
+	pos = os_strchr(pos, ' ');
+	if (!pos)
+		return -1;
+	pos++;
+
+	pos2 = os_strchr(pos, ' ');
+	if (!pos2)
+		return -1;
+	pmk_len = (pos2 - pos) / 2;
+	if (pmk_len < PMK_LEN || pmk_len > PMK_LEN_MAX ||
+	    hexstr2bin(pos, pmk, pmk_len) < 0)
+		return -1;
+
+	pos = pos2 + 1;
+
+	if (sscanf(pos, "%d %d", &expiration, &akmp) != 2)
+		return -1;
+
+	return wpa_auth_pmksa_add2(hapd->wpa_auth, spa, pmk, pmk_len,
+				   pmkid, expiration, akmp);
+}
+
+
 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
 #ifdef CONFIG_MESH
 

src/ap/ctrl_iface_ap.h

@@ -32,6 +32,7 @@ int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd);
 int hostapd_ctrl_iface_pmksa_list(struct hostapd_data *hapd, char *buf,
 				  size_t len);
 void hostapd_ctrl_iface_pmksa_flush(struct hostapd_data *hapd);
+int hostapd_ctrl_iface_pmksa_add(struct hostapd_data *hapd, char *cmd);
 int hostapd_ctrl_iface_pmksa_list_mesh(struct hostapd_data *hapd,
 				       const u8 *addr, char *buf, size_t len);
 void * hostapd_ctrl_iface_pmksa_create_entry(const u8 *aa, char *cmd);

src/ap/wpa_auth.c

@@ -4010,6 +4010,22 @@ int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
 }
 
 
+int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr,
+			const u8 *pmk, size_t pmk_len, const u8 *pmkid,
+			int session_timeout, int akmp)
+{
+	if (wpa_auth->conf.disable_pmksa_caching)
+		return -1;
+
+	if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
+				 NULL, 0, wpa_auth->addr, addr, session_timeout,
+				 NULL, akmp))
+		return 0;
+
+	return -1;
+}
+
+
 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
 			   const u8 *sta_addr)
 {

src/ap/wpa_auth.h

@@ -329,6 +329,9 @@ int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
 			       struct eapol_state_machine *eapol);
 int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
 			   const u8 *pmk, const u8 *pmkid);
+int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr,
+			const u8 *pmk, size_t pmk_len, const u8 *pmkid,
+			int session_timeout, int akmp);
 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
 			   const u8 *sta_addr);
 int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,