From 0c52953b0fe598e045182fb983decc3c673c4d6d Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 18 Jun 2017 14:14:18 +0300 Subject: [PATCH] DPP: Allow PMKSA cache entries to be added through hostapd ctrl_iface This allows external programs to generate and add PMKSA cache entries into hostapd. The main use for this is to run external DPP processing (network introduction) and testing. Signed-off-by: Jouni Malinen --- hostapd/ctrl_iface.c | 3 +++ src/ap/ctrl_iface_ap.c | 48 ++++++++++++++++++++++++++++++++++++++++++ src/ap/ctrl_iface_ap.h | 1 + src/ap/wpa_auth.c | 16 ++++++++++++++ src/ap/wpa_auth.h | 3 +++ 5 files changed, 71 insertions(+) diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c index 4f49b5c4f..42c6500c1 100644 --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c @@ -2629,6 +2629,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd, reply_size); } else if (os_strcmp(buf, "PMKSA_FLUSH") == 0) { hostapd_ctrl_iface_pmksa_flush(hapd); + } else if (os_strncmp(buf, "PMKSA_ADD ", 10) == 0) { + if (hostapd_ctrl_iface_pmksa_add(hapd, buf + 10) < 0) + reply_len = -1; } else if (os_strncmp(buf, "SET_NEIGHBOR ", 13) == 0) { if (hostapd_ctrl_iface_set_neighbor(hapd, buf + 13)) reply_len = -1; diff --git a/src/ap/ctrl_iface_ap.c b/src/ap/ctrl_iface_ap.c index a760e3a00..6356e17c3 100644 --- a/src/ap/ctrl_iface_ap.c +++ b/src/ap/ctrl_iface_ap.c @@ -641,6 +641,54 @@ void hostapd_ctrl_iface_pmksa_flush(struct hostapd_data *hapd) } +int hostapd_ctrl_iface_pmksa_add(struct hostapd_data *hapd, char *cmd) +{ + u8 spa[ETH_ALEN]; + u8 pmkid[PMKID_LEN]; + u8 pmk[PMK_LEN_MAX]; + size_t pmk_len; + char *pos, *pos2; + int akmp = 0, expiration = 0; + + /* + * Entry format: + * + */ + + if (hwaddr_aton(cmd, spa)) + return -1; + + pos = os_strchr(cmd, ' '); + if (!pos) + return -1; + pos++; + + if (hexstr2bin(pos, pmkid, PMKID_LEN) < 0) + return -1; + + pos = os_strchr(pos, ' '); + if (!pos) + return -1; + pos++; + + pos2 = os_strchr(pos, ' '); + if (!pos2) + return -1; + pmk_len = (pos2 - pos) / 2; + if (pmk_len < PMK_LEN || pmk_len > PMK_LEN_MAX || + hexstr2bin(pos, pmk, pmk_len) < 0) + return -1; + + pos = pos2 + 1; + + if (sscanf(pos, "%d %d", &expiration, &akmp) != 2) + return -1; + + return wpa_auth_pmksa_add2(hapd->wpa_auth, spa, pmk, pmk_len, + pmkid, expiration, akmp); +} + + #ifdef CONFIG_PMKSA_CACHE_EXTERNAL #ifdef CONFIG_MESH diff --git a/src/ap/ctrl_iface_ap.h b/src/ap/ctrl_iface_ap.h index 3b61cac35..d1dcebfb9 100644 --- a/src/ap/ctrl_iface_ap.h +++ b/src/ap/ctrl_iface_ap.h @@ -32,6 +32,7 @@ int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd); int hostapd_ctrl_iface_pmksa_list(struct hostapd_data *hapd, char *buf, size_t len); void hostapd_ctrl_iface_pmksa_flush(struct hostapd_data *hapd); +int hostapd_ctrl_iface_pmksa_add(struct hostapd_data *hapd, char *cmd); int hostapd_ctrl_iface_pmksa_list_mesh(struct hostapd_data *hapd, const u8 *addr, char *buf, size_t len); void * hostapd_ctrl_iface_pmksa_create_entry(const u8 *aa, char *cmd); diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 07da33ffc..bb86a92c4 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -4010,6 +4010,22 @@ int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr, } +int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr, + const u8 *pmk, size_t pmk_len, const u8 *pmkid, + int session_timeout, int akmp) +{ + if (wpa_auth->conf.disable_pmksa_caching) + return -1; + + if (pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid, + NULL, 0, wpa_auth->addr, addr, session_timeout, + NULL, akmp)) + return 0; + + return -1; +} + + void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, const u8 *sta_addr) { diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 7d6e01594..3b69789a1 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -329,6 +329,9 @@ int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, struct eapol_state_machine *eapol); int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr, const u8 *pmk, const u8 *pmkid); +int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr, + const u8 *pmk, size_t pmk_len, const u8 *pmkid, + int session_timeout, int akmp); void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth, const u8 *sta_addr); int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,