]> git.ipfire.org Git - thirdparty/hostap.git/blame - wpa_supplicant/dpp_supplicant.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: sigma_dut DPP/QR initiator as Configurator (neg_freq)
[thirdparty/hostap.git] / wpa_supplicant / dpp_supplicant.c
CommitLineData
be27e185
JM		 1/*
2 * wpa_supplicant - DPP
3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
30d27b04 12#include "utils/eloop.h"
be27e185 13#include "common/dpp.h"
461d39af
JM		 14#include "common/gas.h"
15#include "common/gas_server.h"
a0d5c56f
JM		 16#include "rsn_supp/wpa.h"
17#include "rsn_supp/pmksa_cache.h"
be27e185 18#include "wpa_supplicant_i.h"
a0d5c56f 19#include "config.h"
30d27b04
JM		 20#include "driver_i.h"
21#include "offchannel.h"
461d39af 22#include "gas_query.h"
a0d5c56f
JM		 23#include "bss.h"
24#include "scan.h"
8528994e 25#include "notify.h"
be27e185
JM		 26#include "dpp_supplicant.h"
27
28
30d27b04
JM		 29static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
30 unsigned int freq);
461d39af
JM		 31static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
32static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
30d27b04
JM		 33static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
34 unsigned int freq, const u8 *dst,
35 const u8 *src, const u8 *bssid,
36 const u8 *data, size_t data_len,
37 enum offchannel_send_action_result result);
f97ace34
JM		 38static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
39static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s);
30d27b04
JM		 40
41static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
42
85fd8263
JM		 43/* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
44 * a single transaction in progress at any point in time. */
45static const u8 TRANSACTION_ID = 1;
46
30d27b04 47
461d39af
JM		 48static struct dpp_configurator *
49dpp_configurator_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
50{
51 struct dpp_configurator *conf;
52
53 dl_list_for_each(conf, &wpa_s->dpp_configurator,
54 struct dpp_configurator, list) {
55 if (conf->id == id)
56 return conf;
57 }
58 return NULL;
59}
60
61
be27e185
JM		 62static unsigned int wpas_dpp_next_id(struct wpa_supplicant *wpa_s)
63{
64 struct dpp_bootstrap_info *bi;
65 unsigned int max_id = 0;
66
67 dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info,
68 list) {
69 if (bi->id > max_id)
70 max_id = bi->id;
71 }
72 return max_id + 1;
73}
74
75
76/**
77 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
78 * @wpa_s: Pointer to wpa_supplicant data
79 * @cmd: DPP URI read from a QR Code
80 * Returns: Identifier of the stored info or -1 on failure
81 */
82int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
83{
84 struct dpp_bootstrap_info *bi;
30d27b04 85 struct dpp_authentication *auth = wpa_s->dpp_auth;
be27e185
JM		 86
87 bi = dpp_parse_qr_code(cmd);
88 if (!bi)
89 return -1;
90
91 bi->id = wpas_dpp_next_id(wpa_s);
92 dl_list_add(&wpa_s->dpp_bootstrap, &bi->list);
93
30d27b04
JM		 94 if (auth && auth->response_pending &&
95 dpp_notify_new_qr_code(auth, bi) == 1) {
30d27b04
JM		 96 wpa_printf(MSG_DEBUG,
97 "DPP: Sending out pending authentication response");
af48810b
JM		 98 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
99 " freq=%u type=%d",
100 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
101 DPP_PA_AUTHENTICATION_RESP);
30d27b04
JM		 102 offchannel_send_action(wpa_s, auth->curr_freq,
103 auth->peer_mac_addr, wpa_s->own_addr,
104 broadcast,
dc4d271c
JM		 105 wpabuf_head(auth->resp_msg),
106 wpabuf_len(auth->resp_msg),
30d27b04 107 500, wpas_dpp_tx_status, 0);
30d27b04
JM		 108 }
109
be27e185
JM		 110 return bi->id;
111}
112
113
114static char * get_param(const char *cmd, const char *param)
115{
116 const char *pos, *end;
117 char *val;
118 size_t len;
119
120 pos = os_strstr(cmd, param);
121 if (!pos)
122 return NULL;
123
124 pos += os_strlen(param);
125 end = os_strchr(pos, ' ');
126 if (end)
127 len = end - pos;
128 else
129 len = os_strlen(pos);
130 val = os_malloc(len + 1);
131 if (!val)
132 return NULL;
133 os_memcpy(val, pos, len);
134 val[len] = '\0';
135 return val;
136}
137
138
139int wpas_dpp_bootstrap_gen(struct wpa_supplicant *wpa_s, const char *cmd)
140{
141 char *chan = NULL, *mac = NULL, *info = NULL, *pk = NULL, *curve = NULL;
142 char *key = NULL;
143 u8 *privkey = NULL;
144 size_t privkey_len = 0;
145 size_t len;
146 int ret = -1;
147 struct dpp_bootstrap_info *bi;
148
149 bi = os_zalloc(sizeof(*bi));
150 if (!bi)
151 goto fail;
152
153 if (os_strstr(cmd, "type=qrcode"))
154 bi->type = DPP_BOOTSTRAP_QR_CODE;
500ed7f0
JM		 155 else if (os_strstr(cmd, "type=pkex"))
156 bi->type = DPP_BOOTSTRAP_PKEX;
be27e185
JM		 157 else
158 goto fail;
159
160 chan = get_param(cmd, " chan=");
161 mac = get_param(cmd, " mac=");
162 info = get_param(cmd, " info=");
163 curve = get_param(cmd, " curve=");
164 key = get_param(cmd, " key=");
165
166 if (key) {
167 privkey_len = os_strlen(key) / 2;
168 privkey = os_malloc(privkey_len);
169 if (!privkey ||
170 hexstr2bin(key, privkey, privkey_len) < 0)
171 goto fail;
172 }
173
174 pk = dpp_keygen(bi, curve, privkey, privkey_len);
175 if (!pk)
176 goto fail;
177
178 len = 4; /* "DPP:" */
179 if (chan) {
180 if (dpp_parse_uri_chan_list(bi, chan) < 0)
181 goto fail;
182 len += 3 + os_strlen(chan); /* C:...; */
183 }
184 if (mac) {
185 if (dpp_parse_uri_mac(bi, mac) < 0)
186 goto fail;
187 len += 3 + os_strlen(mac); /* M:...; */
188 }
189 if (info) {
190 if (dpp_parse_uri_info(bi, info) < 0)
191 goto fail;
192 len += 3 + os_strlen(info); /* I:...; */
193 }
194 len += 4 + os_strlen(pk);
195 bi->uri = os_malloc(len + 1);
196 if (!bi->uri)
197 goto fail;
198 os_snprintf(bi->uri, len + 1, "DPP:%s%s%s%s%s%s%s%s%sK:%s;;",
199 chan ? "C:" : "", chan ? chan : "", chan ? ";" : "",
200 mac ? "M:" : "", mac ? mac : "", mac ? ";" : "",
201 info ? "I:" : "", info ? info : "", info ? ";" : "",
202 pk);
203 bi->id = wpas_dpp_next_id(wpa_s);
204 dl_list_add(&wpa_s->dpp_bootstrap, &bi->list);
205 ret = bi->id;
206 bi = NULL;
207fail:
208 os_free(curve);
209 os_free(pk);
210 os_free(chan);
211 os_free(mac);
212 os_free(info);
213 str_clear_free(key);
214 bin_clear_free(privkey, privkey_len);
215 dpp_bootstrap_info_free(bi);
216 return ret;
217}
218
219
220static struct dpp_bootstrap_info *
221dpp_bootstrap_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
222{
223 struct dpp_bootstrap_info *bi;
224
225 dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info,
226 list) {
227 if (bi->id == id)
228 return bi;
229 }
230 return NULL;
231}
232
233
234static int dpp_bootstrap_del(struct wpa_supplicant *wpa_s, unsigned int id)
235{
236 struct dpp_bootstrap_info *bi, *tmp;
237 int found = 0;
238
239 dl_list_for_each_safe(bi, tmp, &wpa_s->dpp_bootstrap,
240 struct dpp_bootstrap_info, list) {
241 if (id && bi->id != id)
242 continue;
243 found = 1;
244 dl_list_del(&bi->list);
245 dpp_bootstrap_info_free(bi);
246 }
247
248 if (id == 0)
249 return 0; /* flush succeeds regardless of entries found */
250 return found ? 0 : -1;
251}
252
253
254int wpas_dpp_bootstrap_remove(struct wpa_supplicant *wpa_s, const char *id)
255{
256 unsigned int id_val;
257
258 if (os_strcmp(id, "*") == 0) {
259 id_val = 0;
260 } else {
261 id_val = atoi(id);
262 if (id_val == 0)
263 return -1;
264 }
265
266 return dpp_bootstrap_del(wpa_s, id_val);
267}
268
269
270const char * wpas_dpp_bootstrap_get_uri(struct wpa_supplicant *wpa_s,
271 unsigned int id)
272{
273 struct dpp_bootstrap_info *bi;
274
275 bi = dpp_bootstrap_get_id(wpa_s, id);
276 if (!bi)
277 return NULL;
278 return bi->uri;
279}
280
281
6a7182a9
JM		 282int wpas_dpp_bootstrap_info(struct wpa_supplicant *wpa_s, int id,
283 char *reply, int reply_size)
284{
285 struct dpp_bootstrap_info *bi;
286
287 bi = dpp_bootstrap_get_id(wpa_s, id);
288 if (!bi)
289 return -1;
290 return os_snprintf(reply, reply_size, "type=%s\n"
291 "mac_addr=" MACSTR "\n"
292 "info=%s\n"
293 "num_freq=%u\n"
294 "curve=%s\n",
484788b8 295 dpp_bootstrap_type_txt(bi->type),
6a7182a9
JM		 296 MAC2STR(bi->mac_addr),
297 bi->info ? bi->info : "",
298 bi->num_freq,
299 bi->curve->name);
300}
301
302
95b0104a
JM		 303static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx)
304{
305 struct wpa_supplicant *wpa_s = eloop_ctx;
306 struct dpp_authentication *auth = wpa_s->dpp_auth;
307
308 if (!auth || !auth->resp_msg)
309 return;
310
311 wpa_printf(MSG_DEBUG,
312 "DPP: Retry Authentication Response after timeout");
313 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
314 " freq=%u type=%d",
315 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
316 DPP_PA_AUTHENTICATION_RESP);
317 offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr,
318 wpa_s->own_addr, broadcast,
319 wpabuf_head(auth->resp_msg),
320 wpabuf_len(auth->resp_msg),
321 500, wpas_dpp_tx_status, 0);
322}
323
324
325static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s)
326{
327 struct dpp_authentication *auth = wpa_s->dpp_auth;
328 unsigned int wait_time, max_tries;
329
330 if (!auth || !auth->resp_msg)
331 return;
332
333 if (wpa_s->dpp_resp_max_tries)
334 max_tries = wpa_s->dpp_resp_max_tries;
335 else
336 max_tries = 5;
337 auth->auth_resp_tries++;
338 if (auth->auth_resp_tries >= max_tries) {
339 wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange");
340 offchannel_send_action_done(wpa_s);
341 dpp_auth_deinit(wpa_s->dpp_auth);
342 wpa_s->dpp_auth = NULL;
343 return;
344 }
345
346 if (wpa_s->dpp_resp_retry_time)
347 wait_time = wpa_s->dpp_resp_retry_time;
348 else
349 wait_time = 10000;
350 wpa_printf(MSG_DEBUG,
351 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
352 wait_time);
353 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
354 eloop_register_timeout(wait_time / 1000,
355 (wait_time % 1000) * 1000,
356 wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
357}
358
359
30d27b04
JM		 360static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
361 unsigned int freq, const u8 *dst,
362 const u8 *src, const u8 *bssid,
363 const u8 *data, size_t data_len,
364 enum offchannel_send_action_result result)
365{
af48810b 366 const char *res_txt;
f97ace34 367 struct dpp_authentication *auth = wpa_s->dpp_auth;
af48810b
JM		 368
369 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
370 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
371 "FAILED");
30d27b04 372 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
af48810b
JM		 373 " result=%s", freq, MAC2STR(dst), res_txt);
374 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
375 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
30d27b04
JM		 376
377 if (!wpa_s->dpp_auth) {
378 wpa_printf(MSG_DEBUG,
379 "DPP: Ignore TX status since there is no ongoing authentication exchange");
380 return;
381 }
382
383 if (wpa_s->dpp_auth->remove_on_tx_status) {
384 wpa_printf(MSG_DEBUG,
385 "DPP: Terminate authentication exchange due to an earlier error");
f97ace34 386 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
461d39af 387 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
95b0104a
JM		 388 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
389 NULL);
461d39af 390 offchannel_send_action_done(wpa_s);
30d27b04
JM		 391 dpp_auth_deinit(wpa_s->dpp_auth);
392 wpa_s->dpp_auth = NULL;
393 return;
394 }
395
461d39af
JM		 396 if (wpa_s->dpp_auth_ok_on_ack)
397 wpas_dpp_auth_success(wpa_s, 1);
398
30d27b04
JM		 399 if (!is_broadcast_ether_addr(dst) &&
400 result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
401 wpa_printf(MSG_DEBUG,
402 "DPP: Unicast DPP Action frame was not ACKed");
f97ace34
JM		 403 if (auth->waiting_auth_resp) {
404 /* In case of DPP Authentication Request frame, move to
405 * the next channel immediately. */
406 offchannel_send_action_done(wpa_s);
407 wpas_dpp_auth_init_next(wpa_s);
408 return;
409 }
95b0104a
JM		 410 if (auth->waiting_auth_conf) {
411 wpas_dpp_auth_resp_retry(wpa_s);
412 return;
413 }
30d27b04 414 }
d2709206
JM		 415
416 if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
417 wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
418 wpa_printf(MSG_DEBUG,
419 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
420 wpa_s->dpp_auth->curr_freq,
421 wpa_s->dpp_auth->neg_freq);
422 offchannel_send_action_done(wpa_s);
423 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->neg_freq);
424 }
30d27b04
JM		 425}
426
427
428static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
429{
430 struct wpa_supplicant *wpa_s = eloop_ctx;
d2709206 431 unsigned int freq;
f97ace34 432 struct os_reltime now;
30d27b04
JM		 433
434 if (!wpa_s->dpp_auth)
435 return;
f97ace34
JM		 436
437 if (wpa_s->dpp_auth->waiting_auth_resp) {
438 unsigned int wait_time;
439
440 wait_time = wpa_s->dpp_resp_wait_time ?
441 wpa_s->dpp_resp_wait_time : 2;
442 os_get_reltime(&now);
443 if (os_reltime_expired(&now, &wpa_s->dpp_last_init,
444 wait_time)) {
445 offchannel_send_action_done(wpa_s);
446 wpas_dpp_auth_init_next(wpa_s);
447 return;
448 }
449 }
450
d2709206
JM		 451 freq = wpa_s->dpp_auth->curr_freq;
452 if (wpa_s->dpp_auth->neg_freq > 0)
453 freq = wpa_s->dpp_auth->neg_freq;
30d27b04 454 wpa_printf(MSG_DEBUG, "DPP: Continue reply wait on channel %u MHz",
d2709206
JM		 455 freq);
456 wpas_dpp_listen_start(wpa_s, freq);
30d27b04
JM		 457}
458
459
461d39af
JM		 460static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
461 struct dpp_authentication *auth)
462{
463#ifdef CONFIG_TESTING_OPTIONS
464 if (wpa_s->dpp_config_obj_override)
465 auth->config_obj_override =
466 os_strdup(wpa_s->dpp_config_obj_override);
467 if (wpa_s->dpp_discovery_override)
468 auth->discovery_override =
469 os_strdup(wpa_s->dpp_discovery_override);
470 if (wpa_s->dpp_groups_override)
471 auth->groups_override =
472 os_strdup(wpa_s->dpp_groups_override);
461d39af
JM		 473 auth->ignore_netaccesskey_mismatch =
474 wpa_s->dpp_ignore_netaccesskey_mismatch;
475#endif /* CONFIG_TESTING_OPTIONS */
476}
477
478
b65b22d6
JM		 479static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
480 struct dpp_authentication *auth,
481 const char *cmd)
30d27b04 482{
68cb6dce 483 const char *pos, *end;
461d39af
JM		 484 struct dpp_configuration *conf_sta = NULL, *conf_ap = NULL;
485 struct dpp_configurator *conf = NULL;
68cb6dce
JM		 486 u8 ssid[32] = { "test" };
487 size_t ssid_len = 4;
35f06421
JM		 488 char pass[64] = { };
489 size_t pass_len = 0;
5030d7d9
JM		 490 u8 psk[PMK_LEN];
491 int psk_set = 0;
461d39af 492
b65b22d6
JM		 493 if (!cmd)
494 return;
461d39af 495
b65b22d6 496 wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
68cb6dce
JM		 497 pos = os_strstr(cmd, " ssid=");
498 if (pos) {
499 pos += 6;
500 end = os_strchr(pos, ' ');
501 ssid_len = end ? (size_t) (end - pos) : os_strlen(pos);
502 ssid_len /= 2;
503 if (ssid_len > sizeof(ssid) ||
504 hexstr2bin(pos, ssid, ssid_len) < 0)
505 goto fail;
506 }
507
35f06421
JM		 508 pos = os_strstr(cmd, " pass=");
509 if (pos) {
510 pos += 6;
511 end = os_strchr(pos, ' ');
512 pass_len = end ? (size_t) (end - pos) : os_strlen(pos);
513 pass_len /= 2;
514 if (pass_len > sizeof(pass) - 1 || pass_len < 8 ||
515 hexstr2bin(pos, (u8 *) pass, pass_len) < 0)
516 goto fail;
517 }
518
5030d7d9
JM		 519 pos = os_strstr(cmd, " psk=");
520 if (pos) {
521 pos += 5;
522 if (hexstr2bin(pos, psk, PMK_LEN) < 0)
523 goto fail;
524 psk_set = 1;
525 }
526
461d39af
JM		 527 if (os_strstr(cmd, " conf=sta-")) {
528 conf_sta = os_zalloc(sizeof(struct dpp_configuration));
529 if (!conf_sta)
530 goto fail;
68cb6dce
JM		 531 os_memcpy(conf_sta->ssid, ssid, ssid_len);
532 conf_sta->ssid_len = ssid_len;
461d39af
JM		 533 if (os_strstr(cmd, " conf=sta-psk")) {
534 conf_sta->dpp = 0;
5030d7d9
JM		 535 if (psk_set) {
536 os_memcpy(conf_sta->psk, psk, PMK_LEN);
537 } else {
538 conf_sta->passphrase = os_strdup(pass);
539 if (!conf_sta->passphrase)
540 goto fail;
541 }
461d39af
JM		 542 } else if (os_strstr(cmd, " conf=sta-dpp")) {
543 conf_sta->dpp = 1;
544 } else {
545 goto fail;
546 }
547 }
548
549 if (os_strstr(cmd, " conf=ap-")) {
550 conf_ap = os_zalloc(sizeof(struct dpp_configuration));
551 if (!conf_ap)
552 goto fail;
68cb6dce
JM		 553 os_memcpy(conf_ap->ssid, ssid, ssid_len);
554 conf_ap->ssid_len = ssid_len;
461d39af
JM		 555 if (os_strstr(cmd, " conf=ap-psk")) {
556 conf_ap->dpp = 0;
5030d7d9
JM		 557 if (psk_set) {
558 os_memcpy(conf_ap->psk, psk, PMK_LEN);
559 } else {
560 conf_ap->passphrase = os_strdup(pass);
561 if (!conf_ap->passphrase)
562 goto fail;
563 }
461d39af
JM		 564 } else if (os_strstr(cmd, " conf=ap-dpp")) {
565 conf_ap->dpp = 1;
566 } else {
567 goto fail;
568 }
569 }
570
571 pos = os_strstr(cmd, " expiry=");
572 if (pos) {
573 long int val;
574
575 pos += 8;
576 val = strtol(pos, NULL, 0);
577 if (val <= 0)
578 goto fail;
579 if (conf_sta)
580 conf_sta->netaccesskey_expiry = val;
581 if (conf_ap)
582 conf_ap->netaccesskey_expiry = val;
583 }
584
585 pos = os_strstr(cmd, " configurator=");
586 if (pos) {
587 pos += 14;
588 conf = dpp_configurator_get_id(wpa_s, atoi(pos));
589 if (!conf) {
590 wpa_printf(MSG_INFO,
591 "DPP: Could not find the specified configurator");
592 goto fail;
593 }
30d27b04 594 }
b65b22d6
JM		 595 auth->conf_sta = conf_sta;
596 auth->conf_ap = conf_ap;
597 auth->conf = conf;
598 return;
599
600fail:
601 wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters");
602 dpp_configuration_free(conf_sta);
603 dpp_configuration_free(conf_ap);
604}
605
606
f97ace34
JM		 607static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
608{
609 struct wpa_supplicant *wpa_s = eloop_ctx;
610
611 if (!wpa_s->dpp_auth)
612 return;
613 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
614 wpas_dpp_auth_init_next(wpa_s);
615}
616
617
618static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
619{
620 struct dpp_authentication *auth = wpa_s->dpp_auth;
621 const u8 *dst;
622 unsigned int wait_time, freq, max_tries;
623
624 if (!auth)
625 return -1;
626 if (auth->freq_idx >= auth->num_freq) {
627 auth->num_freq_iters++;
628 if (wpa_s->dpp_init_max_tries)
629 max_tries = wpa_s->dpp_init_max_tries;
630 else
631 max_tries = 5;
632 if (auth->num_freq_iters >= max_tries) {
633 wpa_printf(MSG_INFO,
634 "DPP: No response received from responder - stopping initiation attempt");
635 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
636 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout,
637 wpa_s, NULL);
638 offchannel_send_action_done(wpa_s);
639 dpp_auth_deinit(wpa_s->dpp_auth);
640 wpa_s->dpp_auth = NULL;
641 return -1;
642 }
643 auth->freq_idx = 0;
644 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
645 if (wpa_s->dpp_init_retry_time)
646 wait_time = wpa_s->dpp_init_retry_time;
647 else
648 wait_time = 10000;
649 eloop_register_timeout(wait_time / 1000,
650 (wait_time % 1000) * 1000,
651 wpas_dpp_init_timeout, wpa_s,
652 NULL);
653 return 0;
654 }
655 freq = auth->freq[auth->freq_idx++];
656 auth->curr_freq = freq;
657
658 if (is_zero_ether_addr(auth->peer_bi->mac_addr))
659 dst = broadcast;
660 else
661 dst = auth->peer_bi->mac_addr;
662 wpa_s->dpp_auth_ok_on_ack = 0;
663 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
664 wait_time = wpa_s->max_remain_on_chan;
665 if (wait_time > 2000)
666 wait_time = 2000;
667 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
668 wpas_dpp_reply_wait_timeout,
669 wpa_s, NULL);
670 if (auth->neg_freq > 0 && freq != auth->neg_freq) {
671 wpa_printf(MSG_DEBUG,
672 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
673 freq, auth->neg_freq);
674 }
675 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
676 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
677 os_get_reltime(&wpa_s->dpp_last_init);
678 return offchannel_send_action(wpa_s, freq, dst,
679 wpa_s->own_addr, broadcast,
680 wpabuf_head(auth->req_msg),
681 wpabuf_len(auth->req_msg),
682 wait_time, wpas_dpp_tx_status, 0);
683}
684
685
b65b22d6
JM		 686int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
687{
688 const char *pos;
689 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
d1f08264 690 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
d2709206 691 unsigned int neg_freq = 0;
b65b22d6
JM		 692
693 wpa_s->dpp_gas_client = 0;
694
695 pos = os_strstr(cmd, " peer=");
696 if (!pos)
697 return -1;
698 pos += 6;
699 peer_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos));
700 if (!peer_bi) {
701 wpa_printf(MSG_INFO,
702 "DPP: Could not find bootstrapping info for the identified peer");
703 return -1;
704 }
705
706 pos = os_strstr(cmd, " own=");
707 if (pos) {
708 pos += 5;
709 own_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos));
710 if (!own_bi) {
711 wpa_printf(MSG_INFO,
712 "DPP: Could not find bootstrapping info for the identified local entry");
713 return -1;
714 }
715
716 if (peer_bi->curve != own_bi->curve) {
717 wpa_printf(MSG_INFO,
718 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
719 peer_bi->curve->name, own_bi->curve->name);
720 return -1;
721 }
722 }
723
724 pos = os_strstr(cmd, " role=");
725 if (pos) {
726 pos += 6;
727 if (os_strncmp(pos, "configurator", 12) == 0)
d1f08264 728 allowed_roles = DPP_CAPAB_CONFIGURATOR;
b65b22d6 729 else if (os_strncmp(pos, "enrollee", 8) == 0)
d1f08264
JM		 730 allowed_roles = DPP_CAPAB_ENROLLEE;
731 else if (os_strncmp(pos, "either", 6) == 0)
732 allowed_roles = DPP_CAPAB_CONFIGURATOR |
733 DPP_CAPAB_ENROLLEE;
b65b22d6
JM		 734 else
735 goto fail;
736 }
737
738 pos = os_strstr(cmd, " netrole=");
739 if (pos) {
740 pos += 9;
741 wpa_s->dpp_netrole_ap = os_strncmp(pos, "ap", 2) == 0;
742 }
30d27b04 743
d2709206
JM		 744 pos = os_strstr(cmd, " neg_freq=");
745 if (pos)
746 neg_freq = atoi(pos + 10);
747
30d27b04 748 if (wpa_s->dpp_auth) {
f97ace34 749 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
30d27b04 750 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
95b0104a
JM		 751 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
752 NULL);
30d27b04
JM		 753 offchannel_send_action_done(wpa_s);
754 dpp_auth_deinit(wpa_s->dpp_auth);
755 }
d1f08264 756 wpa_s->dpp_auth = dpp_auth_init(wpa_s, peer_bi, own_bi, allowed_roles,
f97ace34
JM		 757 neg_freq,
758 wpa_s->hw.modes, wpa_s->hw.num_modes);
30d27b04 759 if (!wpa_s->dpp_auth)
461d39af
JM		 760 goto fail;
761 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
b65b22d6 762 wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth, cmd);
30d27b04 763
d2709206 764 wpa_s->dpp_auth->neg_freq = neg_freq;
30d27b04 765
f97ace34 766 if (!is_zero_ether_addr(peer_bi->mac_addr))
30d27b04
JM		 767 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, peer_bi->mac_addr,
768 ETH_ALEN);
f97ace34
JM		 769
770 return wpas_dpp_auth_init_next(wpa_s);
461d39af 771fail:
461d39af 772 return -1;
30d27b04
JM		 773}
774
775
776struct wpas_dpp_listen_work {
777 unsigned int freq;
778 unsigned int duration;
779 struct wpabuf *probe_resp_ie;
780};
781
782
783static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
784{
785 if (!lwork)
786 return;
787 os_free(lwork);
788}
789
790
791static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
792{
793 struct wpas_dpp_listen_work *lwork;
794
795 if (!wpa_s->dpp_listen_work)
796 return;
797
798 lwork = wpa_s->dpp_listen_work->ctx;
799 wpas_dpp_listen_work_free(lwork);
800 radio_work_done(wpa_s->dpp_listen_work);
801 wpa_s->dpp_listen_work = NULL;
802}
803
804
805static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
806{
807 struct wpa_supplicant *wpa_s = work->wpa_s;
808 struct wpas_dpp_listen_work *lwork = work->ctx;
809
810 if (deinit) {
811 if (work->started) {
812 wpa_s->dpp_listen_work = NULL;
813 wpas_dpp_listen_stop(wpa_s);
814 }
815 wpas_dpp_listen_work_free(lwork);
816 return;
817 }
818
819 wpa_s->dpp_listen_work = work;
820
821 wpa_s->dpp_pending_listen_freq = lwork->freq;
822
823 if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
824 wpa_s->max_remain_on_chan) < 0) {
825 wpa_printf(MSG_DEBUG,
826 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
827 lwork->freq);
828 wpas_dpp_listen_work_done(wpa_s);
829 wpa_s->dpp_pending_listen_freq = 0;
830 return;
831 }
832 wpa_s->off_channel_freq = 0;
833 wpa_s->roc_waiting_drv_freq = lwork->freq;
834}
835
836
837static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
838 unsigned int freq)
839{
840 struct wpas_dpp_listen_work *lwork;
841
842 if (wpa_s->dpp_listen_work) {
843 wpa_printf(MSG_DEBUG,
844 "DPP: Reject start_listen since dpp_listen_work already exists");
845 return -1;
846 }
847
848 if (wpa_s->dpp_listen_freq)
849 wpas_dpp_listen_stop(wpa_s);
850 wpa_s->dpp_listen_freq = freq;
851
852 lwork = os_zalloc(sizeof(*lwork));
853 if (!lwork)
854 return -1;
855 lwork->freq = freq;
856
857 if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
858 lwork) < 0) {
859 wpas_dpp_listen_work_free(lwork);
860 return -1;
861 }
862
863 return 0;
864}
865
866
867int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
868{
869 int freq;
870
871 freq = atoi(cmd);
872 if (freq <= 0)
873 return -1;
874
875 if (os_strstr(cmd, " role=configurator"))
876 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
877 else if (os_strstr(cmd, " role=enrollee"))
878 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
879 else
880 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
881 DPP_CAPAB_ENROLLEE;
882 wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
461d39af 883 wpa_s->dpp_netrole_ap = os_strstr(cmd, " netrole=ap") != NULL;
30d27b04
JM		 884 if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
885 wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
886 freq);
887 return 0;
888 }
889
890 return wpas_dpp_listen_start(wpa_s, freq);
891}
892
893
894void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
895{
896 if (!wpa_s->dpp_listen_freq)
897 return;
898
899 wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
900 wpa_s->dpp_listen_freq);
901 wpa_drv_cancel_remain_on_channel(wpa_s);
902 wpa_s->dpp_listen_freq = 0;
903 wpas_dpp_listen_work_done(wpa_s);
904}
905
906
907void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
908 unsigned int freq)
909{
910 if (!wpa_s->dpp_listen_freq && !wpa_s->dpp_pending_listen_freq)
911 return;
912
913 wpa_printf(MSG_DEBUG,
914 "DPP: remain-on-channel callback (off_channel_freq=%u dpp_pending_listen_freq=%d roc_waiting_drv_freq=%d freq=%u)",
915 wpa_s->off_channel_freq, wpa_s->dpp_pending_listen_freq,
916 wpa_s->roc_waiting_drv_freq, freq);
917 if (wpa_s->off_channel_freq &&
918 wpa_s->off_channel_freq == wpa_s->dpp_pending_listen_freq) {
919 wpa_printf(MSG_DEBUG, "DPP: Listen on %u MHz started", freq);
920 wpa_s->dpp_pending_listen_freq = 0;
921 } else {
922 wpa_printf(MSG_DEBUG,
923 "DPP: Ignore remain-on-channel callback (off_channel_freq=%u dpp_pending_listen_freq=%d freq=%u)",
924 wpa_s->off_channel_freq,
925 wpa_s->dpp_pending_listen_freq, freq);
926 }
927}
928
929
930void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
931 unsigned int freq)
932{
933 wpas_dpp_listen_work_done(wpa_s);
934
461d39af 935 if (wpa_s->dpp_auth && !wpa_s->dpp_gas_client) {
30d27b04
JM		 936 /* Continue listen with a new remain-on-channel */
937 wpa_printf(MSG_DEBUG,
938 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
939 wpa_s->dpp_auth->curr_freq);
940 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->curr_freq);
941 return;
942 }
943
944 if (wpa_s->dpp_listen_freq) {
945 /* Continue listen with a new remain-on-channel */
946 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
947 }
948}
949
950
951static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
dc4d271c
JM		 952 const u8 *hdr, const u8 *buf, size_t len,
953 unsigned int freq)
30d27b04 954{
27fefbbb
JM		 955 const u8 *r_bootstrap, *i_bootstrap;
956 u16 r_bootstrap_len, i_bootstrap_len;
30d27b04 957 struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
30d27b04
JM		 958
959 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
960 MAC2STR(src));
961
30d27b04
JM		 962 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
963 &r_bootstrap_len);
27fefbbb 964 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
26806abe
JM		 965 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
966 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
30d27b04
JM		 967 return;
968 }
969 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
970 r_bootstrap, r_bootstrap_len);
971
972 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
973 &i_bootstrap_len);
27fefbbb 974 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
26806abe
JM		 975 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
976 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
30d27b04
JM		 977 return;
978 }
979 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
980 i_bootstrap, i_bootstrap_len);
981
982 /* Try to find own and peer bootstrapping key matches based on the
983 * received hash values */
984 dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info,
985 list) {
986 if (!own_bi && bi->own &&
987 os_memcmp(bi->pubkey_hash, r_bootstrap,
988 SHA256_MAC_LEN) == 0) {
989 wpa_printf(MSG_DEBUG,
990 "DPP: Found matching own bootstrapping information");
991 own_bi = bi;
992 }
993
994 if (!peer_bi && !bi->own &&
995 os_memcmp(bi->pubkey_hash, i_bootstrap,
996 SHA256_MAC_LEN) == 0) {
997 wpa_printf(MSG_DEBUG,
998 "DPP: Found matching peer bootstrapping information");
999 peer_bi = bi;
1000 }
1001
1002 if (own_bi && peer_bi)
1003 break;
1004 }
1005
1006 if (!own_bi) {
26806abe
JM		 1007 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1008 "No matching own bootstrapping key found - ignore message");
30d27b04
JM		 1009 return;
1010 }
1011
1012 if (wpa_s->dpp_auth) {
26806abe
JM		 1013 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1014 "Already in DPP authentication exchange - ignore new one");
30d27b04
JM		 1015 return;
1016 }
1017
461d39af
JM		 1018 wpa_s->dpp_gas_client = 0;
1019 wpa_s->dpp_auth_ok_on_ack = 0;
30d27b04
JM		 1020 wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles,
1021 wpa_s->dpp_qr_mutual,
27fefbbb 1022 peer_bi, own_bi, freq, hdr, buf, len);
30d27b04
JM		 1023 if (!wpa_s->dpp_auth) {
1024 wpa_printf(MSG_DEBUG, "DPP: No response generated");
1025 return;
1026 }
461d39af 1027 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
b65b22d6
JM		 1028 wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth,
1029 wpa_s->dpp_configurator_params);
30d27b04
JM		 1030 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
1031
d2709206
JM		 1032 if (wpa_s->dpp_listen_freq &&
1033 wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) {
1034 wpa_printf(MSG_DEBUG,
1035 "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
1036 wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq);
1037 wpas_dpp_listen_stop(wpa_s);
1038 }
1039
af48810b
JM		 1040 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1041 MAC2STR(src), wpa_s->dpp_auth->curr_freq,
1042 DPP_PA_AUTHENTICATION_RESP);
30d27b04
JM		 1043 offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
1044 src, wpa_s->own_addr, broadcast,
dc4d271c
JM		 1045 wpabuf_head(wpa_s->dpp_auth->resp_msg),
1046 wpabuf_len(wpa_s->dpp_auth->resp_msg),
30d27b04 1047 500, wpas_dpp_tx_status, 0);
30d27b04
JM		 1048}
1049
1050
461d39af
JM		 1051static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
1052{
1053 /* TODO: stop wait and start ROC */
1054}
1055
1056
8528994e
JM		 1057static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
1058 struct dpp_authentication *auth)
1059{
1060 struct wpa_ssid *ssid;
1061
1062 ssid = wpa_config_add_network(wpa_s->conf);
1063 if (!ssid)
1064 return NULL;
1065 wpas_notify_network_added(wpa_s, ssid);
1066 wpa_config_set_network_defaults(ssid);
1067 ssid->disabled = 1;
1068
1069 ssid->ssid = os_malloc(auth->ssid_len);
1070 if (!ssid->ssid)
1071 goto fail;
1072 os_memcpy(ssid->ssid, auth->ssid, auth->ssid_len);
1073 ssid->ssid_len = auth->ssid_len;
1074
1075 if (auth->connector) {
1076 ssid->key_mgmt = WPA_KEY_MGMT_DPP;
69d8d029 1077 ssid->ieee80211w = 1;
8528994e
JM		 1078 ssid->dpp_connector = os_strdup(auth->connector);
1079 if (!ssid->dpp_connector)
1080 goto fail;
1081 }
1082
1083 if (auth->c_sign_key) {
1084 ssid->dpp_csign = os_malloc(wpabuf_len(auth->c_sign_key));
1085 if (!ssid->dpp_csign)
1086 goto fail;
1087 os_memcpy(ssid->dpp_csign, wpabuf_head(auth->c_sign_key),
1088 wpabuf_len(auth->c_sign_key));
1089 ssid->dpp_csign_len = wpabuf_len(auth->c_sign_key);
8528994e
JM		 1090 }
1091
1092 if (auth->net_access_key) {
1093 ssid->dpp_netaccesskey =
1094 os_malloc(wpabuf_len(auth->net_access_key));
1095 if (!ssid->dpp_netaccesskey)
1096 goto fail;
1097 os_memcpy(ssid->dpp_netaccesskey,
1098 wpabuf_head(auth->net_access_key),
1099 wpabuf_len(auth->net_access_key));
1100 ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key);
1101 ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry;
1102 }
1103
1104 if (!auth->connector) {
69d8d029
JM		 1105 ssid->key_mgmt = WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_PSK_SHA256;
1106 ssid->ieee80211w = 1;
8528994e
JM		 1107 if (auth->passphrase[0]) {
1108 if (wpa_config_set_quoted(ssid, "psk",
1109 auth->passphrase) < 0)
1110 goto fail;
1111 wpa_config_update_psk(ssid);
1112 ssid->export_keys = 1;
1113 } else {
1114 ssid->psk_set = auth->psk_set;
1115 os_memcpy(ssid->psk, auth->psk, PMK_LEN);
1116 }
1117 }
1118
1119 return ssid;
1120fail:
1121 wpas_notify_network_removed(wpa_s, ssid);
1122 wpa_config_remove_network(wpa_s->conf, ssid->id);
1123 return NULL;
1124}
1125
1126
1127static void wpas_dpp_process_config(struct wpa_supplicant *wpa_s,
1128 struct dpp_authentication *auth)
1129{
1130 struct wpa_ssid *ssid;
1131
1132 if (wpa_s->conf->dpp_config_processing < 1)
1133 return;
1134
1135 ssid = wpas_dpp_add_network(wpa_s, auth);
1136 if (!ssid)
1137 return;
1138
1139 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id);
1140 if (wpa_s->conf->dpp_config_processing < 2)
1141 return;
1142
1143 wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network");
1144 ssid->disabled = 0;
1145 wpa_s->disconnected = 0;
1146 wpa_s->reassociate = 1;
1147 wpa_s->scan_runs = 0;
1148 wpa_s->normal_scans = 0;
1149 wpa_supplicant_cancel_sched_scan(wpa_s);
1150 wpa_supplicant_req_scan(wpa_s, 0, 0);
1151}
1152
1153
f522bb23
JM		 1154static void wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
1155 struct dpp_authentication *auth)
461d39af 1156{
461d39af
JM		 1157 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1158 if (auth->ssid_len)
1159 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
1160 wpa_ssid_txt(auth->ssid, auth->ssid_len));
1161 if (auth->connector) {
1162 /* TODO: Save the Connector and consider using a command
1163 * to fetch the value instead of sending an event with
1164 * it. The Connector could end up being larger than what
1165 * most clients are ready to receive as an event
1166 * message. */
1167 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
1168 auth->connector);
1169 }
1170 if (auth->c_sign_key) {
1171 char *hex;
1172 size_t hexlen;
1173
1174 hexlen = 2 * wpabuf_len(auth->c_sign_key) + 1;
1175 hex = os_malloc(hexlen);
1176 if (hex) {
1177 wpa_snprintf_hex(hex, hexlen,
1178 wpabuf_head(auth->c_sign_key),
1179 wpabuf_len(auth->c_sign_key));
c77e2ff0
JM		 1180 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
1181 hex);
461d39af
JM		 1182 os_free(hex);
1183 }
1184 }
1185 if (auth->net_access_key) {
1186 char *hex;
1187 size_t hexlen;
1188
1189 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
1190 hex = os_malloc(hexlen);
1191 if (hex) {
1192 wpa_snprintf_hex(hex, hexlen,
1193 wpabuf_head(auth->net_access_key),
1194 wpabuf_len(auth->net_access_key));
1195 if (auth->net_access_key_expiry)
1196 wpa_msg(wpa_s, MSG_INFO,
1197 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
1198 (long unsigned)
1199 auth->net_access_key_expiry);
1200 else
1201 wpa_msg(wpa_s, MSG_INFO,
1202 DPP_EVENT_NET_ACCESS_KEY "%s", hex);
1203 os_free(hex);
1204 }
1205 }
8528994e
JM		 1206
1207 wpas_dpp_process_config(wpa_s, auth);
f522bb23
JM		 1208}
1209
1210
1211static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
1212 enum gas_query_result result,
1213 const struct wpabuf *adv_proto,
1214 const struct wpabuf *resp, u16 status_code)
1215{
1216 struct wpa_supplicant *wpa_s = ctx;
1217 const u8 *pos;
1218 struct dpp_authentication *auth = wpa_s->dpp_auth;
1219
1220 if (!auth || !auth->auth_success) {
1221 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1222 return;
1223 }
1224 if (!resp || status_code != WLAN_STATUS_SUCCESS) {
1225 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
1226 goto fail;
1227 }
1228
1229 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
1230 adv_proto);
1231 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
1232 resp);
1233
1234 if (wpabuf_len(adv_proto) != 10 ||
1235 !(pos = wpabuf_head(adv_proto)) ||
1236 pos[0] != WLAN_EID_ADV_PROTO ||
1237 pos[1] != 8 ||
1238 pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
1239 pos[4] != 5 ||
1240 WPA_GET_BE24(&pos[5]) != OUI_WFA ||
1241 pos[8] != 0x1a ||
1242 pos[9] != 1) {
1243 wpa_printf(MSG_DEBUG,
1244 "DPP: Not a DPP Advertisement Protocol ID");
1245 goto fail;
1246 }
8528994e 1247
f522bb23
JM		 1248 if (dpp_conf_resp_rx(auth, resp) < 0) {
1249 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
1250 goto fail;
1251 }
1252
1253 wpas_dpp_handle_config_obj(wpa_s, auth);
461d39af
JM		 1254 dpp_auth_deinit(wpa_s->dpp_auth);
1255 wpa_s->dpp_auth = NULL;
1256 return;
1257
1258fail:
1259 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1260 dpp_auth_deinit(wpa_s->dpp_auth);
1261 wpa_s->dpp_auth = NULL;
1262}
1263
1264
1265static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
1266{
1267 struct dpp_authentication *auth = wpa_s->dpp_auth;
1268 struct wpabuf *buf, *conf_req;
1269 char json[100];
1270 int res;
1271
1272 wpa_s->dpp_gas_client = 1;
1273 os_snprintf(json, sizeof(json),
1274 "{\"name\":\"Test\","
1275 "\"wi-fi_tech\":\"infra\","
1276 "\"netRole\":\"%s\"}",
1277 wpa_s->dpp_netrole_ap ? "ap" : "sta");
f9cf7d03
JM		 1278#ifdef CONFIG_TESTING_OPTIONS
1279 if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) {
1280 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr");
1281 json[29] = 'k'; /* replace "infra" with "knfra" */
1282 }
1283#endif /* CONFIG_TESTING_OPTIONS */
461d39af
JM		 1284 wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json);
1285
1286 offchannel_send_action_done(wpa_s);
1287 wpas_dpp_listen_stop(wpa_s);
1288
1289 conf_req = dpp_build_conf_req(auth, json);
1290 if (!conf_req) {
1291 wpa_printf(MSG_DEBUG,
1292 "DPP: No configuration request data available");
1293 return;
1294 }
1295
1296 buf = gas_build_initial_req(0, 10 + 2 + wpabuf_len(conf_req));
1297 if (!buf) {
1298 wpabuf_free(conf_req);
1299 return;
1300 }
1301
1302 /* Advertisement Protocol IE */
1303 wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO);
1304 wpabuf_put_u8(buf, 8); /* Length */
1305 wpabuf_put_u8(buf, 0x7f);
1306 wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
1307 wpabuf_put_u8(buf, 5);
1308 wpabuf_put_be24(buf, OUI_WFA);
1309 wpabuf_put_u8(buf, DPP_OUI_TYPE);
1310 wpabuf_put_u8(buf, 0x01);
1311
1312 /* GAS Query */
1313 wpabuf_put_le16(buf, wpabuf_len(conf_req));
1314 wpabuf_put_buf(buf, conf_req);
1315 wpabuf_free(conf_req);
1316
1317 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
1318 MAC2STR(auth->peer_mac_addr), auth->curr_freq);
1319
1320 res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
1321 buf, wpas_dpp_gas_resp_cb, wpa_s);
1322 if (res < 0) {
1323 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
1324 wpabuf_free(buf);
1325 } else {
1326 wpa_printf(MSG_DEBUG,
1327 "DPP: GAS query started with dialog token %u", res);
1328 }
1329}
1330
1331
1332static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
1333{
1334 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
1335 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d", initiator);
1336
1337 if (wpa_s->dpp_auth->configurator)
1338 wpas_dpp_start_gas_server(wpa_s);
1339 else
1340 wpas_dpp_start_gas_client(wpa_s);
1341}
1342
1343
30d27b04 1344static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
d2709206
JM		 1345 const u8 *hdr, const u8 *buf, size_t len,
1346 unsigned int freq)
30d27b04
JM		 1347{
1348 struct dpp_authentication *auth = wpa_s->dpp_auth;
dc4d271c 1349 struct wpabuf *msg;
30d27b04 1350
d2709206
JM		 1351 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR
1352 " (freq %u MHz)", MAC2STR(src), freq);
30d27b04
JM		 1353
1354 if (!auth) {
1355 wpa_printf(MSG_DEBUG,
1356 "DPP: No DPP Authentication in progress - drop");
1357 return;
1358 }
1359
1360 if (!is_zero_ether_addr(auth->peer_mac_addr) &&
1361 os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1362 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1363 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1364 return;
1365 }
1366
1367 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
1368
d2709206
JM		 1369 if (auth->curr_freq != freq && auth->neg_freq == freq) {
1370 wpa_printf(MSG_DEBUG,
1371 "DPP: Responder accepted request for different negotiation channel");
1372 auth->curr_freq = freq;
1373 }
1374
f97ace34 1375 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
dc4d271c
JM		 1376 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
1377 if (!msg) {
30d27b04
JM		 1378 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
1379 wpa_printf(MSG_DEBUG,
1380 "DPP: Start wait for full response");
1381 offchannel_send_action_done(wpa_s);
1382 wpas_dpp_listen_start(wpa_s, auth->curr_freq);
1383 return;
1384 }
1385 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
1386 return;
1387 }
1388 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
1389
af48810b
JM		 1390 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1391 MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF);
30d27b04
JM		 1392 offchannel_send_action(wpa_s, auth->curr_freq,
1393 src, wpa_s->own_addr, broadcast,
1394 wpabuf_head(msg), wpabuf_len(msg),
1395 500, wpas_dpp_tx_status, 0);
1396 wpabuf_free(msg);
461d39af 1397 wpa_s->dpp_auth_ok_on_ack = 1;
30d27b04
JM		 1398}
1399
1400
1401static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
dc4d271c 1402 const u8 *hdr, const u8 *buf, size_t len)
30d27b04
JM		 1403{
1404 struct dpp_authentication *auth = wpa_s->dpp_auth;
1405
1406 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
1407 MAC2STR(src));
1408
1409 if (!auth) {
1410 wpa_printf(MSG_DEBUG,
1411 "DPP: No DPP Authentication in progress - drop");
1412 return;
1413 }
1414
1415 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1416 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1417 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1418 return;
1419 }
1420
dc4d271c 1421 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
30d27b04
JM		 1422 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
1423 return;
1424 }
1425
461d39af 1426 wpas_dpp_auth_success(wpa_s, 0);
30d27b04
JM		 1427}
1428
1429
a0d5c56f
JM		 1430static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
1431 const u8 *src,
1432 const u8 *buf, size_t len)
1433{
1434 struct wpa_ssid *ssid;
e85b6601
JM		 1435 const u8 *connector, *trans_id, *status;
1436 u16 connector_len, trans_id_len, status_len;
a0d5c56f
JM		 1437 struct dpp_introduction intro;
1438 struct rsn_pmksa_cache_entry *entry;
787615b3
JM		 1439 struct os_time now;
1440 struct os_reltime rnow;
1441 os_time_t expiry;
1442 unsigned int seconds;
e85b6601 1443 enum dpp_status_error res;
a0d5c56f
JM		 1444
1445 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
1446 MAC2STR(src));
1447 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
1448 os_memcmp(src, wpa_s->dpp_intro_bssid, ETH_ALEN) != 0) {
1449 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
1450 MACSTR " - drop", MAC2STR(src));
1451 return;
1452 }
1453 offchannel_send_action_done(wpa_s);
1454
1455 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1456 if (ssid == wpa_s->dpp_intro_network)
1457 break;
1458 }
1459 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
1460 !ssid->dpp_csign) {
1461 wpa_printf(MSG_DEBUG,
1462 "DPP: Profile not found for network introduction");
1463 return;
1464 }
1465
85fd8263
JM		 1466 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
1467 &trans_id_len);
1468 if (!trans_id || trans_id_len != 1) {
1469 wpa_printf(MSG_DEBUG,
1470 "DPP: Peer did not include Transaction ID");
e85b6601
JM		 1471 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1472 " fail=missing_transaction_id", MAC2STR(src));
85fd8263
JM		 1473 goto fail;
1474 }
1475 if (trans_id[0] != TRANSACTION_ID) {
1476 wpa_printf(MSG_DEBUG,
1477 "DPP: Ignore frame with unexpected Transaction ID %u",
1478 trans_id[0]);
e85b6601
JM		 1479 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1480 " fail=transaction_id_mismatch", MAC2STR(src));
1481 goto fail;
1482 }
1483
1484 status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len);
1485 if (!status || status_len != 1) {
1486 wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status");
1487 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1488 " fail=missing_status", MAC2STR(src));
1489 goto fail;
1490 }
1491 if (status[0] != DPP_STATUS_OK) {
1492 wpa_printf(MSG_DEBUG,
1493 "DPP: Peer rejected network introduction: Status %u",
1494 status[0]);
1495 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1496 " status=%u", MAC2STR(src), status[0]);
85fd8263
JM		 1497 goto fail;
1498 }
1499
a0d5c56f
JM		 1500 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
1501 if (!connector) {
1502 wpa_printf(MSG_DEBUG,
1503 "DPP: Peer did not include its Connector");
e85b6601
JM		 1504 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1505 " fail=missing_connector", MAC2STR(src));
1506 goto fail;
a0d5c56f
JM		 1507 }
1508
e85b6601
JM		 1509 res = dpp_peer_intro(&intro, ssid->dpp_connector,
1510 ssid->dpp_netaccesskey,
1511 ssid->dpp_netaccesskey_len,
1512 ssid->dpp_csign,
1513 ssid->dpp_csign_len,
1514 connector, connector_len, &expiry);
1515 if (res != DPP_STATUS_OK) {
a0d5c56f
JM		 1516 wpa_printf(MSG_INFO,
1517 "DPP: Network Introduction protocol resulted in failure");
e85b6601
JM		 1518 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1519 " fail=peer_connector_validation_failed", MAC2STR(src));
a0d5c56f
JM		 1520 goto fail;
1521 }
1522
a0d5c56f
JM		 1523 entry = os_zalloc(sizeof(*entry));
1524 if (!entry)
1525 goto fail;
1526 os_memcpy(entry->aa, src, ETH_ALEN);
1527 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
1528 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
1529 entry->pmk_len = intro.pmk_len;
1530 entry->akmp = WPA_KEY_MGMT_DPP;
787615b3
JM		 1531 if (expiry) {
1532 os_get_time(&now);
1533 seconds = expiry - now.sec;
1534 } else {
1535 seconds = 86400 * 7;
1536 }
1537 os_get_reltime(&rnow);
1538 entry->expiration = rnow.sec + seconds;
1539 entry->reauth_time = rnow.sec + seconds;
a0d5c56f
JM		 1540 entry->network_ctx = ssid;
1541 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
1542
e85b6601
JM		 1543 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1544 " status=%u", MAC2STR(src), status[0]);
1545
a0d5c56f
JM		 1546 wpa_printf(MSG_DEBUG,
1547 "DPP: Try connection again after successful network introduction");
1548 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
1549 wpa_supplicant_cancel_sched_scan(wpa_s);
1550 wpa_supplicant_req_scan(wpa_s, 0, 0);
1551 }
1552fail:
1553 os_memset(&intro, 0, sizeof(intro));
1554}
1555
1556
500ed7f0
JM		 1557static void
1558wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
1559 unsigned int freq, const u8 *dst,
1560 const u8 *src, const u8 *bssid,
1561 const u8 *data, size_t data_len,
1562 enum offchannel_send_action_result result)
1563{
af48810b
JM		 1564 const char *res_txt;
1565
1566 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
1567 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
1568 "FAILED");
500ed7f0
JM		 1569 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
1570 " result=%s (PKEX)",
af48810b
JM		 1571 freq, MAC2STR(dst), res_txt);
1572 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
1573 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
500ed7f0 1574 /* TODO: Time out wait for response more quickly in error cases? */
e0247e79
JM		 1575
1576 if (!wpa_s->dpp_pkex) {
1577 wpa_printf(MSG_DEBUG,
1578 "DPP: Ignore TX status since there is no ongoing PKEX exchange");
1579 return;
1580 }
1581
1582 if (wpa_s->dpp_pkex->failed) {
1583 wpa_printf(MSG_DEBUG,
1584 "DPP: Terminate PKEX exchange due to an earlier error");
29ab69e4
JM		 1585 if (wpa_s->dpp_pkex->t > wpa_s->dpp_pkex->own_bi->pkex_t)
1586 wpa_s->dpp_pkex->own_bi->pkex_t = wpa_s->dpp_pkex->t;
e0247e79
JM		 1587 dpp_pkex_free(wpa_s->dpp_pkex);
1588 wpa_s->dpp_pkex = NULL;
1589 }
500ed7f0
JM		 1590}
1591
1592
1593static void
1594wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
1595 const u8 *buf, size_t len, unsigned int freq)
1596{
1597 struct wpabuf *msg;
1598 unsigned int wait_time;
1599
1600 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
1601 MAC2STR(src));
1602
1603 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1604 * values here */
1605
1606 if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) {
1607 wpa_printf(MSG_DEBUG,
1608 "DPP: No PKEX code configured - ignore request");
1609 return;
1610 }
1611
1612 if (wpa_s->dpp_pkex) {
1613 /* TODO: Support parallel operations */
1614 wpa_printf(MSG_DEBUG,
1615 "DPP: Already in PKEX session - ignore new request");
1616 return;
1617 }
1618
219d4c9f 1619 wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi,
500ed7f0
JM		 1620 wpa_s->own_addr, src,
1621 wpa_s->dpp_pkex_identifier,
1622 wpa_s->dpp_pkex_code,
1623 buf, len);
1624 if (!wpa_s->dpp_pkex) {
1625 wpa_printf(MSG_DEBUG,
1626 "DPP: Failed to process the request - ignore it");
1627 return;
1628 }
1629
1630 msg = wpa_s->dpp_pkex->exchange_resp;
1631 wait_time = wpa_s->max_remain_on_chan;
1632 if (wait_time > 2000)
1633 wait_time = 2000;
af48810b
JM		 1634 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1635 MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP);
500ed7f0
JM		 1636 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1637 broadcast,
1638 wpabuf_head(msg), wpabuf_len(msg),
1639 wait_time, wpas_dpp_tx_pkex_status, 0);
1640}
1641
1642
1643static void
1644wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1645 const u8 *buf, size_t len, unsigned int freq)
1646{
1647 struct wpabuf *msg;
1648 unsigned int wait_time;
1649
1650 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
1651 MAC2STR(src));
1652
1653 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1654 * values here */
1655
1656 if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator ||
1657 wpa_s->dpp_pkex->exchange_done) {
1658 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1659 return;
1660 }
1661
1662 os_memcpy(wpa_s->dpp_pkex->peer_mac, src, ETH_ALEN);
1663 msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, buf, len);
1664 if (!msg) {
1665 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1666 return;
1667 }
1668
1669 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
1670 MAC2STR(src));
1671
1672 wait_time = wpa_s->max_remain_on_chan;
1673 if (wait_time > 2000)
1674 wait_time = 2000;
af48810b
JM		 1675 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1676 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ);
500ed7f0
JM		 1677 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1678 broadcast,
1679 wpabuf_head(msg), wpabuf_len(msg),
1680 wait_time, wpas_dpp_tx_pkex_status, 0);
1681 wpabuf_free(msg);
1682}
1683
1684
de029861
JM		 1685static struct dpp_bootstrap_info *
1686wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer,
1687 unsigned int freq)
1688{
1689 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1690 struct dpp_bootstrap_info *bi;
1691
1692 bi = os_zalloc(sizeof(*bi));
1693 if (!bi)
1694 return NULL;
1695 bi->id = wpas_dpp_next_id(wpa_s);
1696 bi->type = DPP_BOOTSTRAP_PKEX;
1697 os_memcpy(bi->mac_addr, peer, ETH_ALEN);
1698 bi->num_freq = 1;
1699 bi->freq[0] = freq;
1700 bi->curve = pkex->own_bi->curve;
1701 bi->pubkey = pkex->peer_bootstrap_key;
1702 pkex->peer_bootstrap_key = NULL;
1703 dpp_pkex_free(pkex);
1704 wpa_s->dpp_pkex = NULL;
1705 if (dpp_bootstrap_key_hash(bi) < 0) {
1706 dpp_bootstrap_info_free(bi);
1707 return NULL;
1708 }
1709 dl_list_add(&wpa_s->dpp_bootstrap, &bi->list);
1710 return bi;
1711}
1712
1713
500ed7f0
JM		 1714static void
1715wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
4be5bc98
JM		 1716 const u8 *hdr, const u8 *buf, size_t len,
1717 unsigned int freq)
500ed7f0
JM		 1718{
1719 struct wpabuf *msg;
1720 unsigned int wait_time;
1721 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
500ed7f0
JM		 1722
1723 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
1724 MAC2STR(src));
1725
1726 if (!pkex || pkex->initiator || !pkex->exchange_done) {
1727 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1728 return;
1729 }
1730
4be5bc98 1731 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
500ed7f0
JM		 1732 if (!msg) {
1733 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
039b8e73
JM		 1734 if (pkex->failed) {
1735 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
29ab69e4
JM		 1736 if (pkex->t > pkex->own_bi->pkex_t)
1737 pkex->own_bi->pkex_t = pkex->t;
039b8e73
JM		 1738 dpp_pkex_free(wpa_s->dpp_pkex);
1739 wpa_s->dpp_pkex = NULL;
1740 }
500ed7f0
JM		 1741 return;
1742 }
1743
1744 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
1745 MACSTR, MAC2STR(src));
1746
1747 wait_time = wpa_s->max_remain_on_chan;
1748 if (wait_time > 2000)
1749 wait_time = 2000;
af48810b
JM		 1750 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1751 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP);
500ed7f0
JM		 1752 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1753 broadcast,
1754 wpabuf_head(msg), wpabuf_len(msg),
1755 wait_time, wpas_dpp_tx_pkex_status, 0);
1756 wpabuf_free(msg);
1757
de029861 1758 wpas_dpp_pkex_finish(wpa_s, src, freq);
500ed7f0
JM		 1759}
1760
1761
1762static void
1763wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
4be5bc98 1764 const u8 *hdr, const u8 *buf, size_t len,
500ed7f0
JM		 1765 unsigned int freq)
1766{
1767 int res;
de029861 1768 struct dpp_bootstrap_info *bi;
500ed7f0
JM		 1769 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1770 char cmd[500];
1771
1772 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
1773 MAC2STR(src));
1774
1775 if (!pkex || !pkex->initiator || !pkex->exchange_done) {
1776 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1777 return;
1778 }
1779
4be5bc98 1780 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
500ed7f0
JM		 1781 if (res < 0) {
1782 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1783 return;
1784 }
1785
de029861 1786 bi = wpas_dpp_pkex_finish(wpa_s, src, freq);
500ed7f0
JM		 1787 if (!bi)
1788 return;
500ed7f0
JM		 1789
1790 os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
1791 bi->id,
1792 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
1793 wpa_printf(MSG_DEBUG,
1794 "DPP: Start authentication after PKEX with parameters: %s",
1795 cmd);
1796 if (wpas_dpp_auth_init(wpa_s, cmd) < 0) {
1797 wpa_printf(MSG_DEBUG,
1798 "DPP: Authentication initialization failed");
1799 return;
1800 }
1801}
1802
1803
30d27b04
JM		 1804void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
1805 const u8 *buf, size_t len, unsigned int freq)
1806{
8c19ea3f 1807 u8 crypto_suite;
30d27b04 1808 enum dpp_public_action_frame_type type;
dc4d271c 1809 const u8 *hdr;
29ab69e4 1810 unsigned int pkex_t;
30d27b04 1811
dc4d271c
JM		 1812 if (len < DPP_HDR_LEN)
1813 return;
1814 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
30d27b04 1815 return;
dc4d271c
JM		 1816 hdr = buf;
1817 buf += 4;
1818 len -= 4;
8c19ea3f
JM		 1819 crypto_suite = *buf++;
1820 type = *buf++;
1821 len -= 2;
30d27b04
JM		 1822
1823 wpa_printf(MSG_DEBUG,
8c19ea3f 1824 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
30d27b04 1825 MACSTR " freq=%u",
8c19ea3f
JM		 1826 crypto_suite, type, MAC2STR(src), freq);
1827 if (crypto_suite != 1) {
1828 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
1829 crypto_suite);
a7073934
JM		 1830 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
1831 " freq=%u type=%d ignore=unsupported-crypto-suite",
1832 MAC2STR(src), freq, type);
8c19ea3f
JM		 1833 return;
1834 }
30d27b04 1835 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
a7073934
JM		 1836 if (dpp_check_attrs(buf, len) < 0) {
1837 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
1838 " freq=%u type=%d ignore=invalid-attributes",
1839 MAC2STR(src), freq, type);
30d27b04 1840 return;
a7073934
JM		 1841 }
1842 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d",
1843 MAC2STR(src), freq, type);
30d27b04
JM		 1844
1845 switch (type) {
1846 case DPP_PA_AUTHENTICATION_REQ:
dc4d271c 1847 wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
30d27b04
JM		 1848 break;
1849 case DPP_PA_AUTHENTICATION_RESP:
d2709206 1850 wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq);
30d27b04
JM		 1851 break;
1852 case DPP_PA_AUTHENTICATION_CONF:
dc4d271c 1853 wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
30d27b04 1854 break;
a0d5c56f
JM		 1855 case DPP_PA_PEER_DISCOVERY_RESP:
1856 wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
1857 break;
500ed7f0
JM		 1858 case DPP_PA_PKEX_EXCHANGE_REQ:
1859 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq);
1860 break;
1861 case DPP_PA_PKEX_EXCHANGE_RESP:
1862 wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
1863 break;
1864 case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
4be5bc98
JM		 1865 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
1866 freq);
500ed7f0
JM		 1867 break;
1868 case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
4be5bc98
JM		 1869 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
1870 freq);
500ed7f0 1871 break;
30d27b04
JM		 1872 default:
1873 wpa_printf(MSG_DEBUG,
1874 "DPP: Ignored unsupported frame subtype %d", type);
1875 break;
1876 }
29ab69e4
JM		 1877
1878 if (wpa_s->dpp_pkex)
1879 pkex_t = wpa_s->dpp_pkex->t;
1880 else if (wpa_s->dpp_pkex_bi)
1881 pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
1882 else
1883 pkex_t = 0;
1884 if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
1885 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
1886 wpas_dpp_pkex_remove(wpa_s, "*");
1887 }
30d27b04
JM		 1888}
1889
1890
461d39af
JM		 1891static struct wpabuf *
1892wpas_dpp_gas_req_handler(void *ctx, const u8 *sa, const u8 *query,
1893 size_t query_len)
1894{
1895 struct wpa_supplicant *wpa_s = ctx;
1896 struct dpp_authentication *auth = wpa_s->dpp_auth;
1897 struct wpabuf *resp;
1898
1899 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
1900 MAC2STR(sa));
1901 if (!auth || !auth->auth_success ||
1902 os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) {
1903 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1904 return NULL;
1905 }
1906 wpa_hexdump(MSG_DEBUG,
1907 "DPP: Received Configuration Request (GAS Query Request)",
1908 query, query_len);
1909 resp = dpp_conf_req_rx(auth, query, query_len);
1910 if (!resp)
1911 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1912 return resp;
1913}
1914
1915
1916static void
1917wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
1918{
1919 struct wpa_supplicant *wpa_s = ctx;
1920 struct dpp_authentication *auth = wpa_s->dpp_auth;
1921
1922 if (!auth) {
1923 wpabuf_free(resp);
1924 return;
1925 }
1926
1927 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
1928 ok);
1929 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
95b0104a 1930 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
461d39af
JM		 1931 offchannel_send_action_done(wpa_s);
1932 wpas_dpp_listen_stop(wpa_s);
1933 if (ok)
1934 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
1935 else
1936 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1937 dpp_auth_deinit(wpa_s->dpp_auth);
1938 wpa_s->dpp_auth = NULL;
1939 wpabuf_free(resp);
1940}
1941
1942
1943static unsigned int wpas_dpp_next_configurator_id(struct wpa_supplicant *wpa_s)
1944{
1945 struct dpp_configurator *conf;
1946 unsigned int max_id = 0;
1947
1948 dl_list_for_each(conf, &wpa_s->dpp_configurator,
1949 struct dpp_configurator, list) {
1950 if (conf->id > max_id)
1951 max_id = conf->id;
1952 }
1953 return max_id + 1;
1954}
1955
1956
1957int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd)
1958{
c77e2ff0 1959 char *curve = NULL;
461d39af
JM		 1960 char *key = NULL;
1961 u8 *privkey = NULL;
1962 size_t privkey_len = 0;
1963 int ret = -1;
1964 struct dpp_configurator *conf = NULL;
1965
461d39af
JM		 1966 curve = get_param(cmd, " curve=");
1967 key = get_param(cmd, " key=");
1968
1969 if (key) {
1970 privkey_len = os_strlen(key) / 2;
1971 privkey = os_malloc(privkey_len);
1972 if (!privkey ||
1973 hexstr2bin(key, privkey, privkey_len) < 0)
1974 goto fail;
1975 }
1976
1977 conf = dpp_keygen_configurator(curve, privkey, privkey_len);
1978 if (!conf)
1979 goto fail;
1980
461d39af
JM		 1981 conf->id = wpas_dpp_next_configurator_id(wpa_s);
1982 dl_list_add(&wpa_s->dpp_configurator, &conf->list);
1983 ret = conf->id;
1984 conf = NULL;
1985fail:
1986 os_free(curve);
461d39af
JM		 1987 str_clear_free(key);
1988 bin_clear_free(privkey, privkey_len);
1989 dpp_configurator_free(conf);
1990 return ret;
1991}
1992
1993
1994static int dpp_configurator_del(struct wpa_supplicant *wpa_s, unsigned int id)
1995{
1996 struct dpp_configurator *conf, *tmp;
1997 int found = 0;
1998
1999 dl_list_for_each_safe(conf, tmp, &wpa_s->dpp_configurator,
2000 struct dpp_configurator, list) {
2001 if (id && conf->id != id)
2002 continue;
2003 found = 1;
2004 dl_list_del(&conf->list);
2005 dpp_configurator_free(conf);
2006 }
2007
2008 if (id == 0)
2009 return 0; /* flush succeeds regardless of entries found */
2010 return found ? 0 : -1;
2011}
2012
2013
2014int wpas_dpp_configurator_remove(struct wpa_supplicant *wpa_s, const char *id)
2015{
2016 unsigned int id_val;
2017
2018 if (os_strcmp(id, "*") == 0) {
2019 id_val = 0;
2020 } else {
2021 id_val = atoi(id);
2022 if (id_val == 0)
2023 return -1;
2024 }
2025
2026 return dpp_configurator_del(wpa_s, id_val);
2027}
2028
2029
f522bb23
JM		 2030int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
2031{
2032 struct dpp_authentication *auth;
2033 int ret = -1;
2034 char *curve = NULL;
2035
2036 auth = os_zalloc(sizeof(*auth));
2037 if (!auth)
2038 return -1;
2039
2040 curve = get_param(cmd, " curve=");
2041 wpas_dpp_set_configurator(wpa_s, auth, cmd);
2042
2043 if (dpp_configurator_own_config(auth, curve) == 0) {
2044 wpas_dpp_handle_config_obj(wpa_s, auth);
2045 ret = 0;
2046 }
2047
2048 dpp_auth_deinit(auth);
2049 os_free(curve);
2050
2051 return ret;
2052}
2053
2054
a0d5c56f
JM		 2055static void
2056wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
2057 unsigned int freq, const u8 *dst,
2058 const u8 *src, const u8 *bssid,
2059 const u8 *data, size_t data_len,
2060 enum offchannel_send_action_result result)
2061{
af48810b
JM		 2062 const char *res_txt;
2063
2064 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
2065 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
2066 "FAILED");
a0d5c56f
JM		 2067 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
2068 " result=%s (DPP Peer Discovery Request)",
af48810b
JM		 2069 freq, MAC2STR(dst), res_txt);
2070 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
2071 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
a0d5c56f
JM		 2072 /* TODO: Time out wait for response more quickly in error cases? */
2073}
2074
2075
2076int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2077 struct wpa_bss *bss)
2078{
2079 struct os_time now;
2080 struct wpabuf *msg;
2081 unsigned int wait_time;
2082
2083 if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
2084 return 0; /* Not using DPP AKM - continue */
2085 if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid))
2086 return 0; /* PMKSA exists for DPP AKM - continue */
2087
2088 if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2089 !ssid->dpp_csign) {
2090 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
2091 "missing %s",
2092 !ssid->dpp_connector ? "Connector" :
2093 (!ssid->dpp_netaccesskey ? "netAccessKey" :
2094 "C-sign-key"));
2095 return -1;
2096 }
2097
2098 os_get_time(&now);
2099
a0d5c56f
JM		 2100 if (ssid->dpp_netaccesskey_expiry &&
2101 ssid->dpp_netaccesskey_expiry < now.sec) {
2102 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
2103 "netAccessKey expired");
2104 return -1;
2105 }
2106
2107 wpa_printf(MSG_DEBUG,
2108 "DPP: Starting network introduction protocol to derive PMKSA for "
2109 MACSTR, MAC2STR(bss->bssid));
2110
2111 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ,
85fd8263 2112 5 + 4 + os_strlen(ssid->dpp_connector));
a0d5c56f
JM		 2113 if (!msg)
2114 return -1;
2115
a306ed5a
JM		 2116#ifdef CONFIG_TESTING_OPTIONS
2117 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) {
2118 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
2119 goto skip_trans_id;
2120 }
2121#endif /* CONFIG_TESTING_OPTIONS */
2122
85fd8263
JM		 2123 /* Transaction ID */
2124 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
2125 wpabuf_put_le16(msg, 1);
2126 wpabuf_put_u8(msg, TRANSACTION_ID);
2127
a306ed5a
JM		 2128#ifdef CONFIG_TESTING_OPTIONS
2129skip_trans_id:
2130 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) {
2131 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
2132 goto skip_connector;
2133 }
4b8de0c9
JM		 2134 if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
2135 char *connector;
2136
2137 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
2138 connector = dpp_corrupt_connector_signature(
2139 ssid->dpp_connector);
2140 if (!connector) {
2141 wpabuf_free(msg);
2142 return -1;
2143 }
2144 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
2145 wpabuf_put_le16(msg, os_strlen(connector));
2146 wpabuf_put_str(msg, connector);
2147 os_free(connector);
2148 goto skip_connector;
2149 }
a306ed5a
JM		 2150#endif /* CONFIG_TESTING_OPTIONS */
2151
a0d5c56f
JM		 2152 /* DPP Connector */
2153 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
2154 wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
2155 wpabuf_put_str(msg, ssid->dpp_connector);
2156
a306ed5a
JM		 2157#ifdef CONFIG_TESTING_OPTIONS
2158skip_connector:
2159#endif /* CONFIG_TESTING_OPTIONS */
2160
a0d5c56f
JM		 2161 /* TODO: Timeout on AP response */
2162 wait_time = wpa_s->max_remain_on_chan;
2163 if (wait_time > 2000)
2164 wait_time = 2000;
af48810b
JM		 2165 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2166 MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ);
a0d5c56f
JM		 2167 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
2168 broadcast,
2169 wpabuf_head(msg), wpabuf_len(msg),
2170 wait_time, wpas_dpp_tx_introduction_status, 0);
2171 wpabuf_free(msg);
2172
2173 /* Request this connection attempt to terminate - new one will be
2174 * started when network introduction protocol completes */
2175 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
2176 wpa_s->dpp_intro_network = ssid;
2177 return 1;
2178}
2179
2180
500ed7f0
JM		 2181int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
2182{
2183 struct dpp_bootstrap_info *own_bi;
2184 const char *pos, *end;
2185 unsigned int wait_time;
2186
2187 pos = os_strstr(cmd, " own=");
2188 if (!pos)
2189 return -1;
2190 pos += 5;
2191 own_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos));
2192 if (!own_bi) {
2193 wpa_printf(MSG_DEBUG,
2194 "DPP: Identified bootstrap info not found");
2195 return -1;
2196 }
2197 if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
2198 wpa_printf(MSG_DEBUG,
2199 "DPP: Identified bootstrap info not for PKEX");
2200 return -1;
2201 }
2202 wpa_s->dpp_pkex_bi = own_bi;
29ab69e4 2203 own_bi->pkex_t = 0; /* clear pending errors on new code */
500ed7f0
JM		 2204
2205 os_free(wpa_s->dpp_pkex_identifier);
2206 wpa_s->dpp_pkex_identifier = NULL;
2207 pos = os_strstr(cmd, " identifier=");
2208 if (pos) {
2209 pos += 12;
2210 end = os_strchr(pos, ' ');
2211 if (!end)
2212 return -1;
2213 wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1);
2214 if (!wpa_s->dpp_pkex_identifier)
2215 return -1;
2216 os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos);
2217 wpa_s->dpp_pkex_identifier[end - pos] = '\0';
2218 }
2219
2220 pos = os_strstr(cmd, " code=");
2221 if (!pos)
2222 return -1;
2223 os_free(wpa_s->dpp_pkex_code);
2224 wpa_s->dpp_pkex_code = os_strdup(pos + 6);
2225 if (!wpa_s->dpp_pkex_code)
2226 return -1;
2227
2228 if (os_strstr(cmd, " init=1")) {
2229 struct wpabuf *msg;
2230
2231 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEX");
2232 dpp_pkex_free(wpa_s->dpp_pkex);
219d4c9f 2233 wpa_s->dpp_pkex = dpp_pkex_init(wpa_s, own_bi, wpa_s->own_addr,
500ed7f0
JM		 2234 wpa_s->dpp_pkex_identifier,
2235 wpa_s->dpp_pkex_code);
2236 if (!wpa_s->dpp_pkex)
2237 return -1;
2238
2239 msg = wpa_s->dpp_pkex->exchange_req;
2240 wait_time = wpa_s->max_remain_on_chan;
2241 if (wait_time > 2000)
2242 wait_time = 2000;
2243 /* TODO: Which channel to use? */
af48810b
JM		 2244 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
2245 " freq=%u type=%d",
2246 MAC2STR(broadcast), 2437, DPP_PA_PKEX_EXCHANGE_REQ);
500ed7f0
JM		 2247 offchannel_send_action(wpa_s, 2437, broadcast, wpa_s->own_addr,
2248 broadcast,
2249 wpabuf_head(msg), wpabuf_len(msg),
2250 wait_time, wpas_dpp_tx_pkex_status, 0);
2251 }
2252
2253 /* TODO: Support multiple PKEX info entries */
2254
2255 os_free(wpa_s->dpp_pkex_auth_cmd);
2256 wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd);
2257
2258 return 1;
2259}
2260
2261
2262int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id)
2263{
2264 unsigned int id_val;
2265
2266 if (os_strcmp(id, "*") == 0) {
2267 id_val = 0;
2268 } else {
2269 id_val = atoi(id);
2270 if (id_val == 0)
2271 return -1;
2272 }
2273
2274 if ((id_val != 0 && id_val != 1) || !wpa_s->dpp_pkex_code)
2275 return -1;
2276
2277 /* TODO: Support multiple PKEX entries */
2278 os_free(wpa_s->dpp_pkex_code);
2279 wpa_s->dpp_pkex_code = NULL;
2280 os_free(wpa_s->dpp_pkex_identifier);
2281 wpa_s->dpp_pkex_identifier = NULL;
2282 os_free(wpa_s->dpp_pkex_auth_cmd);
2283 wpa_s->dpp_pkex_auth_cmd = NULL;
2284 wpa_s->dpp_pkex_bi = NULL;
2285 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
2286 dpp_pkex_free(wpa_s->dpp_pkex);
2287 wpa_s->dpp_pkex = NULL;
2288 return 0;
2289}
2290
2291
c1d37739
JM		 2292void wpas_dpp_stop(struct wpa_supplicant *wpa_s)
2293{
2294 dpp_auth_deinit(wpa_s->dpp_auth);
2295 wpa_s->dpp_auth = NULL;
2296}
2297
2298
be27e185
JM		 2299int wpas_dpp_init(struct wpa_supplicant *wpa_s)
2300{
461d39af
JM		 2301 u8 adv_proto_id[7];
2302
2303 adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
2304 adv_proto_id[1] = 5;
2305 WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
2306 adv_proto_id[5] = DPP_OUI_TYPE;
2307 adv_proto_id[6] = 0x01;
2308
2309 if (gas_server_register(wpa_s->gas_server, adv_proto_id,
2310 sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
2311 wpas_dpp_gas_status_handler, wpa_s) < 0)
2312 return -1;
be27e185 2313 dl_list_init(&wpa_s->dpp_bootstrap);
461d39af 2314 dl_list_init(&wpa_s->dpp_configurator);
be27e185
JM		 2315 wpa_s->dpp_init_done = 1;
2316 return 0;
2317}
2318
2319
2320void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
2321{
461d39af
JM		 2322#ifdef CONFIG_TESTING_OPTIONS
2323 os_free(wpa_s->dpp_config_obj_override);
2324 wpa_s->dpp_config_obj_override = NULL;
2325 os_free(wpa_s->dpp_discovery_override);
2326 wpa_s->dpp_discovery_override = NULL;
2327 os_free(wpa_s->dpp_groups_override);
2328 wpa_s->dpp_groups_override = NULL;
461d39af
JM		 2329 wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
2330#endif /* CONFIG_TESTING_OPTIONS */
be27e185
JM		 2331 if (!wpa_s->dpp_init_done)
2332 return;
30d27b04 2333 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
f97ace34 2334 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
95b0104a 2335 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
30d27b04
JM		 2336 offchannel_send_action_done(wpa_s);
2337 wpas_dpp_listen_stop(wpa_s);
be27e185 2338 dpp_bootstrap_del(wpa_s, 0);
461d39af 2339 dpp_configurator_del(wpa_s, 0);
30d27b04
JM		 2340 dpp_auth_deinit(wpa_s->dpp_auth);
2341 wpa_s->dpp_auth = NULL;
500ed7f0
JM		 2342 wpas_dpp_pkex_remove(wpa_s, "*");
2343 wpa_s->dpp_pkex = NULL;
a0d5c56f 2344 os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
b65b22d6
JM		 2345 os_free(wpa_s->dpp_configurator_params);
2346 wpa_s->dpp_configurator_params = NULL;
be27e185 2347}
Unnamed repository; edit this file 'description' to name the repository.