]>
Commit | Line | Data |
---|---|---|
be27e185 JM |
1 | /* |
2 | * wpa_supplicant - DPP | |
3 | * Copyright (c) 2017, Qualcomm Atheros, Inc. | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
30d27b04 | 12 | #include "utils/eloop.h" |
be27e185 | 13 | #include "common/dpp.h" |
461d39af JM |
14 | #include "common/gas.h" |
15 | #include "common/gas_server.h" | |
a0d5c56f JM |
16 | #include "rsn_supp/wpa.h" |
17 | #include "rsn_supp/pmksa_cache.h" | |
be27e185 | 18 | #include "wpa_supplicant_i.h" |
a0d5c56f | 19 | #include "config.h" |
30d27b04 JM |
20 | #include "driver_i.h" |
21 | #include "offchannel.h" | |
461d39af | 22 | #include "gas_query.h" |
a0d5c56f JM |
23 | #include "bss.h" |
24 | #include "scan.h" | |
8528994e | 25 | #include "notify.h" |
be27e185 JM |
26 | #include "dpp_supplicant.h" |
27 | ||
28 | ||
30d27b04 JM |
29 | static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s, |
30 | unsigned int freq); | |
461d39af JM |
31 | static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx); |
32 | static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator); | |
30d27b04 JM |
33 | static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s, |
34 | unsigned int freq, const u8 *dst, | |
35 | const u8 *src, const u8 *bssid, | |
36 | const u8 *data, size_t data_len, | |
37 | enum offchannel_send_action_result result); | |
f97ace34 JM |
38 | static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx); |
39 | static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s); | |
30d27b04 JM |
40 | |
41 | static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; | |
42 | ||
85fd8263 JM |
43 | /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only |
44 | * a single transaction in progress at any point in time. */ | |
45 | static const u8 TRANSACTION_ID = 1; | |
46 | ||
30d27b04 | 47 | |
461d39af JM |
48 | static struct dpp_configurator * |
49 | dpp_configurator_get_id(struct wpa_supplicant *wpa_s, unsigned int id) | |
50 | { | |
51 | struct dpp_configurator *conf; | |
52 | ||
53 | dl_list_for_each(conf, &wpa_s->dpp_configurator, | |
54 | struct dpp_configurator, list) { | |
55 | if (conf->id == id) | |
56 | return conf; | |
57 | } | |
58 | return NULL; | |
59 | } | |
60 | ||
61 | ||
be27e185 JM |
62 | static unsigned int wpas_dpp_next_id(struct wpa_supplicant *wpa_s) |
63 | { | |
64 | struct dpp_bootstrap_info *bi; | |
65 | unsigned int max_id = 0; | |
66 | ||
67 | dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info, | |
68 | list) { | |
69 | if (bi->id > max_id) | |
70 | max_id = bi->id; | |
71 | } | |
72 | return max_id + 1; | |
73 | } | |
74 | ||
75 | ||
76 | /** | |
77 | * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code | |
78 | * @wpa_s: Pointer to wpa_supplicant data | |
79 | * @cmd: DPP URI read from a QR Code | |
80 | * Returns: Identifier of the stored info or -1 on failure | |
81 | */ | |
82 | int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd) | |
83 | { | |
84 | struct dpp_bootstrap_info *bi; | |
30d27b04 | 85 | struct dpp_authentication *auth = wpa_s->dpp_auth; |
be27e185 JM |
86 | |
87 | bi = dpp_parse_qr_code(cmd); | |
88 | if (!bi) | |
89 | return -1; | |
90 | ||
91 | bi->id = wpas_dpp_next_id(wpa_s); | |
92 | dl_list_add(&wpa_s->dpp_bootstrap, &bi->list); | |
93 | ||
30d27b04 JM |
94 | if (auth && auth->response_pending && |
95 | dpp_notify_new_qr_code(auth, bi) == 1) { | |
30d27b04 JM |
96 | wpa_printf(MSG_DEBUG, |
97 | "DPP: Sending out pending authentication response"); | |
af48810b JM |
98 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR |
99 | " freq=%u type=%d", | |
100 | MAC2STR(auth->peer_mac_addr), auth->curr_freq, | |
101 | DPP_PA_AUTHENTICATION_RESP); | |
30d27b04 JM |
102 | offchannel_send_action(wpa_s, auth->curr_freq, |
103 | auth->peer_mac_addr, wpa_s->own_addr, | |
104 | broadcast, | |
dc4d271c JM |
105 | wpabuf_head(auth->resp_msg), |
106 | wpabuf_len(auth->resp_msg), | |
30d27b04 | 107 | 500, wpas_dpp_tx_status, 0); |
30d27b04 JM |
108 | } |
109 | ||
be27e185 JM |
110 | return bi->id; |
111 | } | |
112 | ||
113 | ||
114 | static char * get_param(const char *cmd, const char *param) | |
115 | { | |
116 | const char *pos, *end; | |
117 | char *val; | |
118 | size_t len; | |
119 | ||
120 | pos = os_strstr(cmd, param); | |
121 | if (!pos) | |
122 | return NULL; | |
123 | ||
124 | pos += os_strlen(param); | |
125 | end = os_strchr(pos, ' '); | |
126 | if (end) | |
127 | len = end - pos; | |
128 | else | |
129 | len = os_strlen(pos); | |
130 | val = os_malloc(len + 1); | |
131 | if (!val) | |
132 | return NULL; | |
133 | os_memcpy(val, pos, len); | |
134 | val[len] = '\0'; | |
135 | return val; | |
136 | } | |
137 | ||
138 | ||
139 | int wpas_dpp_bootstrap_gen(struct wpa_supplicant *wpa_s, const char *cmd) | |
140 | { | |
141 | char *chan = NULL, *mac = NULL, *info = NULL, *pk = NULL, *curve = NULL; | |
142 | char *key = NULL; | |
143 | u8 *privkey = NULL; | |
144 | size_t privkey_len = 0; | |
145 | size_t len; | |
146 | int ret = -1; | |
147 | struct dpp_bootstrap_info *bi; | |
148 | ||
149 | bi = os_zalloc(sizeof(*bi)); | |
150 | if (!bi) | |
151 | goto fail; | |
152 | ||
153 | if (os_strstr(cmd, "type=qrcode")) | |
154 | bi->type = DPP_BOOTSTRAP_QR_CODE; | |
500ed7f0 JM |
155 | else if (os_strstr(cmd, "type=pkex")) |
156 | bi->type = DPP_BOOTSTRAP_PKEX; | |
be27e185 JM |
157 | else |
158 | goto fail; | |
159 | ||
160 | chan = get_param(cmd, " chan="); | |
161 | mac = get_param(cmd, " mac="); | |
162 | info = get_param(cmd, " info="); | |
163 | curve = get_param(cmd, " curve="); | |
164 | key = get_param(cmd, " key="); | |
165 | ||
166 | if (key) { | |
167 | privkey_len = os_strlen(key) / 2; | |
168 | privkey = os_malloc(privkey_len); | |
169 | if (!privkey || | |
170 | hexstr2bin(key, privkey, privkey_len) < 0) | |
171 | goto fail; | |
172 | } | |
173 | ||
174 | pk = dpp_keygen(bi, curve, privkey, privkey_len); | |
175 | if (!pk) | |
176 | goto fail; | |
177 | ||
178 | len = 4; /* "DPP:" */ | |
179 | if (chan) { | |
180 | if (dpp_parse_uri_chan_list(bi, chan) < 0) | |
181 | goto fail; | |
182 | len += 3 + os_strlen(chan); /* C:...; */ | |
183 | } | |
184 | if (mac) { | |
185 | if (dpp_parse_uri_mac(bi, mac) < 0) | |
186 | goto fail; | |
187 | len += 3 + os_strlen(mac); /* M:...; */ | |
188 | } | |
189 | if (info) { | |
190 | if (dpp_parse_uri_info(bi, info) < 0) | |
191 | goto fail; | |
192 | len += 3 + os_strlen(info); /* I:...; */ | |
193 | } | |
194 | len += 4 + os_strlen(pk); | |
195 | bi->uri = os_malloc(len + 1); | |
196 | if (!bi->uri) | |
197 | goto fail; | |
198 | os_snprintf(bi->uri, len + 1, "DPP:%s%s%s%s%s%s%s%s%sK:%s;;", | |
199 | chan ? "C:" : "", chan ? chan : "", chan ? ";" : "", | |
200 | mac ? "M:" : "", mac ? mac : "", mac ? ";" : "", | |
201 | info ? "I:" : "", info ? info : "", info ? ";" : "", | |
202 | pk); | |
203 | bi->id = wpas_dpp_next_id(wpa_s); | |
204 | dl_list_add(&wpa_s->dpp_bootstrap, &bi->list); | |
205 | ret = bi->id; | |
206 | bi = NULL; | |
207 | fail: | |
208 | os_free(curve); | |
209 | os_free(pk); | |
210 | os_free(chan); | |
211 | os_free(mac); | |
212 | os_free(info); | |
213 | str_clear_free(key); | |
214 | bin_clear_free(privkey, privkey_len); | |
215 | dpp_bootstrap_info_free(bi); | |
216 | return ret; | |
217 | } | |
218 | ||
219 | ||
220 | static struct dpp_bootstrap_info * | |
221 | dpp_bootstrap_get_id(struct wpa_supplicant *wpa_s, unsigned int id) | |
222 | { | |
223 | struct dpp_bootstrap_info *bi; | |
224 | ||
225 | dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info, | |
226 | list) { | |
227 | if (bi->id == id) | |
228 | return bi; | |
229 | } | |
230 | return NULL; | |
231 | } | |
232 | ||
233 | ||
234 | static int dpp_bootstrap_del(struct wpa_supplicant *wpa_s, unsigned int id) | |
235 | { | |
236 | struct dpp_bootstrap_info *bi, *tmp; | |
237 | int found = 0; | |
238 | ||
239 | dl_list_for_each_safe(bi, tmp, &wpa_s->dpp_bootstrap, | |
240 | struct dpp_bootstrap_info, list) { | |
241 | if (id && bi->id != id) | |
242 | continue; | |
243 | found = 1; | |
244 | dl_list_del(&bi->list); | |
245 | dpp_bootstrap_info_free(bi); | |
246 | } | |
247 | ||
248 | if (id == 0) | |
249 | return 0; /* flush succeeds regardless of entries found */ | |
250 | return found ? 0 : -1; | |
251 | } | |
252 | ||
253 | ||
254 | int wpas_dpp_bootstrap_remove(struct wpa_supplicant *wpa_s, const char *id) | |
255 | { | |
256 | unsigned int id_val; | |
257 | ||
258 | if (os_strcmp(id, "*") == 0) { | |
259 | id_val = 0; | |
260 | } else { | |
261 | id_val = atoi(id); | |
262 | if (id_val == 0) | |
263 | return -1; | |
264 | } | |
265 | ||
266 | return dpp_bootstrap_del(wpa_s, id_val); | |
267 | } | |
268 | ||
269 | ||
270 | const char * wpas_dpp_bootstrap_get_uri(struct wpa_supplicant *wpa_s, | |
271 | unsigned int id) | |
272 | { | |
273 | struct dpp_bootstrap_info *bi; | |
274 | ||
275 | bi = dpp_bootstrap_get_id(wpa_s, id); | |
276 | if (!bi) | |
277 | return NULL; | |
278 | return bi->uri; | |
279 | } | |
280 | ||
281 | ||
6a7182a9 JM |
282 | int wpas_dpp_bootstrap_info(struct wpa_supplicant *wpa_s, int id, |
283 | char *reply, int reply_size) | |
284 | { | |
285 | struct dpp_bootstrap_info *bi; | |
286 | ||
287 | bi = dpp_bootstrap_get_id(wpa_s, id); | |
288 | if (!bi) | |
289 | return -1; | |
290 | return os_snprintf(reply, reply_size, "type=%s\n" | |
291 | "mac_addr=" MACSTR "\n" | |
292 | "info=%s\n" | |
293 | "num_freq=%u\n" | |
294 | "curve=%s\n", | |
484788b8 | 295 | dpp_bootstrap_type_txt(bi->type), |
6a7182a9 JM |
296 | MAC2STR(bi->mac_addr), |
297 | bi->info ? bi->info : "", | |
298 | bi->num_freq, | |
299 | bi->curve->name); | |
300 | } | |
301 | ||
302 | ||
95b0104a JM |
303 | static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx) |
304 | { | |
305 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
306 | struct dpp_authentication *auth = wpa_s->dpp_auth; | |
307 | ||
308 | if (!auth || !auth->resp_msg) | |
309 | return; | |
310 | ||
311 | wpa_printf(MSG_DEBUG, | |
312 | "DPP: Retry Authentication Response after timeout"); | |
313 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR | |
314 | " freq=%u type=%d", | |
315 | MAC2STR(auth->peer_mac_addr), auth->curr_freq, | |
316 | DPP_PA_AUTHENTICATION_RESP); | |
317 | offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr, | |
318 | wpa_s->own_addr, broadcast, | |
319 | wpabuf_head(auth->resp_msg), | |
320 | wpabuf_len(auth->resp_msg), | |
321 | 500, wpas_dpp_tx_status, 0); | |
322 | } | |
323 | ||
324 | ||
325 | static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s) | |
326 | { | |
327 | struct dpp_authentication *auth = wpa_s->dpp_auth; | |
328 | unsigned int wait_time, max_tries; | |
329 | ||
330 | if (!auth || !auth->resp_msg) | |
331 | return; | |
332 | ||
333 | if (wpa_s->dpp_resp_max_tries) | |
334 | max_tries = wpa_s->dpp_resp_max_tries; | |
335 | else | |
336 | max_tries = 5; | |
337 | auth->auth_resp_tries++; | |
338 | if (auth->auth_resp_tries >= max_tries) { | |
339 | wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange"); | |
340 | offchannel_send_action_done(wpa_s); | |
341 | dpp_auth_deinit(wpa_s->dpp_auth); | |
342 | wpa_s->dpp_auth = NULL; | |
343 | return; | |
344 | } | |
345 | ||
346 | if (wpa_s->dpp_resp_retry_time) | |
347 | wait_time = wpa_s->dpp_resp_retry_time; | |
348 | else | |
349 | wait_time = 10000; | |
350 | wpa_printf(MSG_DEBUG, | |
351 | "DPP: Schedule retransmission of Authentication Response frame in %u ms", | |
352 | wait_time); | |
353 | eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL); | |
354 | eloop_register_timeout(wait_time / 1000, | |
355 | (wait_time % 1000) * 1000, | |
356 | wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL); | |
357 | } | |
358 | ||
359 | ||
30d27b04 JM |
360 | static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s, |
361 | unsigned int freq, const u8 *dst, | |
362 | const u8 *src, const u8 *bssid, | |
363 | const u8 *data, size_t data_len, | |
364 | enum offchannel_send_action_result result) | |
365 | { | |
af48810b | 366 | const char *res_txt; |
f97ace34 | 367 | struct dpp_authentication *auth = wpa_s->dpp_auth; |
af48810b JM |
368 | |
369 | res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" : | |
370 | (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" : | |
371 | "FAILED"); | |
30d27b04 | 372 | wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR |
af48810b JM |
373 | " result=%s", freq, MAC2STR(dst), res_txt); |
374 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR | |
375 | " freq=%u result=%s", MAC2STR(dst), freq, res_txt); | |
30d27b04 JM |
376 | |
377 | if (!wpa_s->dpp_auth) { | |
378 | wpa_printf(MSG_DEBUG, | |
379 | "DPP: Ignore TX status since there is no ongoing authentication exchange"); | |
380 | return; | |
381 | } | |
382 | ||
383 | if (wpa_s->dpp_auth->remove_on_tx_status) { | |
384 | wpa_printf(MSG_DEBUG, | |
385 | "DPP: Terminate authentication exchange due to an earlier error"); | |
f97ace34 | 386 | eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); |
461d39af | 387 | eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); |
95b0104a JM |
388 | eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, |
389 | NULL); | |
461d39af | 390 | offchannel_send_action_done(wpa_s); |
30d27b04 JM |
391 | dpp_auth_deinit(wpa_s->dpp_auth); |
392 | wpa_s->dpp_auth = NULL; | |
393 | return; | |
394 | } | |
395 | ||
461d39af JM |
396 | if (wpa_s->dpp_auth_ok_on_ack) |
397 | wpas_dpp_auth_success(wpa_s, 1); | |
398 | ||
30d27b04 JM |
399 | if (!is_broadcast_ether_addr(dst) && |
400 | result != OFFCHANNEL_SEND_ACTION_SUCCESS) { | |
401 | wpa_printf(MSG_DEBUG, | |
402 | "DPP: Unicast DPP Action frame was not ACKed"); | |
f97ace34 JM |
403 | if (auth->waiting_auth_resp) { |
404 | /* In case of DPP Authentication Request frame, move to | |
405 | * the next channel immediately. */ | |
406 | offchannel_send_action_done(wpa_s); | |
407 | wpas_dpp_auth_init_next(wpa_s); | |
408 | return; | |
409 | } | |
95b0104a JM |
410 | if (auth->waiting_auth_conf) { |
411 | wpas_dpp_auth_resp_retry(wpa_s); | |
412 | return; | |
413 | } | |
30d27b04 | 414 | } |
d2709206 JM |
415 | |
416 | if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 && | |
417 | wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) { | |
418 | wpa_printf(MSG_DEBUG, | |
419 | "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response", | |
420 | wpa_s->dpp_auth->curr_freq, | |
421 | wpa_s->dpp_auth->neg_freq); | |
422 | offchannel_send_action_done(wpa_s); | |
423 | wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->neg_freq); | |
424 | } | |
30d27b04 JM |
425 | } |
426 | ||
427 | ||
428 | static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx) | |
429 | { | |
430 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
d2709206 | 431 | unsigned int freq; |
f97ace34 | 432 | struct os_reltime now; |
30d27b04 JM |
433 | |
434 | if (!wpa_s->dpp_auth) | |
435 | return; | |
f97ace34 JM |
436 | |
437 | if (wpa_s->dpp_auth->waiting_auth_resp) { | |
438 | unsigned int wait_time; | |
439 | ||
440 | wait_time = wpa_s->dpp_resp_wait_time ? | |
441 | wpa_s->dpp_resp_wait_time : 2; | |
442 | os_get_reltime(&now); | |
443 | if (os_reltime_expired(&now, &wpa_s->dpp_last_init, | |
444 | wait_time)) { | |
445 | offchannel_send_action_done(wpa_s); | |
446 | wpas_dpp_auth_init_next(wpa_s); | |
447 | return; | |
448 | } | |
449 | } | |
450 | ||
d2709206 JM |
451 | freq = wpa_s->dpp_auth->curr_freq; |
452 | if (wpa_s->dpp_auth->neg_freq > 0) | |
453 | freq = wpa_s->dpp_auth->neg_freq; | |
30d27b04 | 454 | wpa_printf(MSG_DEBUG, "DPP: Continue reply wait on channel %u MHz", |
d2709206 JM |
455 | freq); |
456 | wpas_dpp_listen_start(wpa_s, freq); | |
30d27b04 JM |
457 | } |
458 | ||
459 | ||
461d39af JM |
460 | static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s, |
461 | struct dpp_authentication *auth) | |
462 | { | |
463 | #ifdef CONFIG_TESTING_OPTIONS | |
464 | if (wpa_s->dpp_config_obj_override) | |
465 | auth->config_obj_override = | |
466 | os_strdup(wpa_s->dpp_config_obj_override); | |
467 | if (wpa_s->dpp_discovery_override) | |
468 | auth->discovery_override = | |
469 | os_strdup(wpa_s->dpp_discovery_override); | |
470 | if (wpa_s->dpp_groups_override) | |
471 | auth->groups_override = | |
472 | os_strdup(wpa_s->dpp_groups_override); | |
461d39af JM |
473 | auth->ignore_netaccesskey_mismatch = |
474 | wpa_s->dpp_ignore_netaccesskey_mismatch; | |
475 | #endif /* CONFIG_TESTING_OPTIONS */ | |
476 | } | |
477 | ||
478 | ||
b65b22d6 JM |
479 | static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s, |
480 | struct dpp_authentication *auth, | |
481 | const char *cmd) | |
30d27b04 | 482 | { |
68cb6dce | 483 | const char *pos, *end; |
461d39af JM |
484 | struct dpp_configuration *conf_sta = NULL, *conf_ap = NULL; |
485 | struct dpp_configurator *conf = NULL; | |
68cb6dce JM |
486 | u8 ssid[32] = { "test" }; |
487 | size_t ssid_len = 4; | |
35f06421 JM |
488 | char pass[64] = { }; |
489 | size_t pass_len = 0; | |
5030d7d9 JM |
490 | u8 psk[PMK_LEN]; |
491 | int psk_set = 0; | |
461d39af | 492 | |
b65b22d6 JM |
493 | if (!cmd) |
494 | return; | |
461d39af | 495 | |
b65b22d6 | 496 | wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd); |
68cb6dce JM |
497 | pos = os_strstr(cmd, " ssid="); |
498 | if (pos) { | |
499 | pos += 6; | |
500 | end = os_strchr(pos, ' '); | |
501 | ssid_len = end ? (size_t) (end - pos) : os_strlen(pos); | |
502 | ssid_len /= 2; | |
503 | if (ssid_len > sizeof(ssid) || | |
504 | hexstr2bin(pos, ssid, ssid_len) < 0) | |
505 | goto fail; | |
506 | } | |
507 | ||
35f06421 JM |
508 | pos = os_strstr(cmd, " pass="); |
509 | if (pos) { | |
510 | pos += 6; | |
511 | end = os_strchr(pos, ' '); | |
512 | pass_len = end ? (size_t) (end - pos) : os_strlen(pos); | |
513 | pass_len /= 2; | |
514 | if (pass_len > sizeof(pass) - 1 || pass_len < 8 || | |
515 | hexstr2bin(pos, (u8 *) pass, pass_len) < 0) | |
516 | goto fail; | |
517 | } | |
518 | ||
5030d7d9 JM |
519 | pos = os_strstr(cmd, " psk="); |
520 | if (pos) { | |
521 | pos += 5; | |
522 | if (hexstr2bin(pos, psk, PMK_LEN) < 0) | |
523 | goto fail; | |
524 | psk_set = 1; | |
525 | } | |
526 | ||
461d39af JM |
527 | if (os_strstr(cmd, " conf=sta-")) { |
528 | conf_sta = os_zalloc(sizeof(struct dpp_configuration)); | |
529 | if (!conf_sta) | |
530 | goto fail; | |
68cb6dce JM |
531 | os_memcpy(conf_sta->ssid, ssid, ssid_len); |
532 | conf_sta->ssid_len = ssid_len; | |
461d39af JM |
533 | if (os_strstr(cmd, " conf=sta-psk")) { |
534 | conf_sta->dpp = 0; | |
5030d7d9 JM |
535 | if (psk_set) { |
536 | os_memcpy(conf_sta->psk, psk, PMK_LEN); | |
537 | } else { | |
538 | conf_sta->passphrase = os_strdup(pass); | |
539 | if (!conf_sta->passphrase) | |
540 | goto fail; | |
541 | } | |
461d39af JM |
542 | } else if (os_strstr(cmd, " conf=sta-dpp")) { |
543 | conf_sta->dpp = 1; | |
544 | } else { | |
545 | goto fail; | |
546 | } | |
547 | } | |
548 | ||
549 | if (os_strstr(cmd, " conf=ap-")) { | |
550 | conf_ap = os_zalloc(sizeof(struct dpp_configuration)); | |
551 | if (!conf_ap) | |
552 | goto fail; | |
68cb6dce JM |
553 | os_memcpy(conf_ap->ssid, ssid, ssid_len); |
554 | conf_ap->ssid_len = ssid_len; | |
461d39af JM |
555 | if (os_strstr(cmd, " conf=ap-psk")) { |
556 | conf_ap->dpp = 0; | |
5030d7d9 JM |
557 | if (psk_set) { |
558 | os_memcpy(conf_ap->psk, psk, PMK_LEN); | |
559 | } else { | |
560 | conf_ap->passphrase = os_strdup(pass); | |
561 | if (!conf_ap->passphrase) | |
562 | goto fail; | |
563 | } | |
461d39af JM |
564 | } else if (os_strstr(cmd, " conf=ap-dpp")) { |
565 | conf_ap->dpp = 1; | |
566 | } else { | |
567 | goto fail; | |
568 | } | |
569 | } | |
570 | ||
571 | pos = os_strstr(cmd, " expiry="); | |
572 | if (pos) { | |
573 | long int val; | |
574 | ||
575 | pos += 8; | |
576 | val = strtol(pos, NULL, 0); | |
577 | if (val <= 0) | |
578 | goto fail; | |
579 | if (conf_sta) | |
580 | conf_sta->netaccesskey_expiry = val; | |
581 | if (conf_ap) | |
582 | conf_ap->netaccesskey_expiry = val; | |
583 | } | |
584 | ||
585 | pos = os_strstr(cmd, " configurator="); | |
586 | if (pos) { | |
587 | pos += 14; | |
588 | conf = dpp_configurator_get_id(wpa_s, atoi(pos)); | |
589 | if (!conf) { | |
590 | wpa_printf(MSG_INFO, | |
591 | "DPP: Could not find the specified configurator"); | |
592 | goto fail; | |
593 | } | |
30d27b04 | 594 | } |
b65b22d6 JM |
595 | auth->conf_sta = conf_sta; |
596 | auth->conf_ap = conf_ap; | |
597 | auth->conf = conf; | |
598 | return; | |
599 | ||
600 | fail: | |
601 | wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters"); | |
602 | dpp_configuration_free(conf_sta); | |
603 | dpp_configuration_free(conf_ap); | |
604 | } | |
605 | ||
606 | ||
f97ace34 JM |
607 | static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx) |
608 | { | |
609 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
610 | ||
611 | if (!wpa_s->dpp_auth) | |
612 | return; | |
613 | wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout"); | |
614 | wpas_dpp_auth_init_next(wpa_s); | |
615 | } | |
616 | ||
617 | ||
618 | static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s) | |
619 | { | |
620 | struct dpp_authentication *auth = wpa_s->dpp_auth; | |
621 | const u8 *dst; | |
622 | unsigned int wait_time, freq, max_tries; | |
623 | ||
624 | if (!auth) | |
625 | return -1; | |
626 | if (auth->freq_idx >= auth->num_freq) { | |
627 | auth->num_freq_iters++; | |
628 | if (wpa_s->dpp_init_max_tries) | |
629 | max_tries = wpa_s->dpp_init_max_tries; | |
630 | else | |
631 | max_tries = 5; | |
632 | if (auth->num_freq_iters >= max_tries) { | |
633 | wpa_printf(MSG_INFO, | |
634 | "DPP: No response received from responder - stopping initiation attempt"); | |
635 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED); | |
636 | eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, | |
637 | wpa_s, NULL); | |
638 | offchannel_send_action_done(wpa_s); | |
639 | dpp_auth_deinit(wpa_s->dpp_auth); | |
640 | wpa_s->dpp_auth = NULL; | |
641 | return -1; | |
642 | } | |
643 | auth->freq_idx = 0; | |
644 | eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); | |
645 | if (wpa_s->dpp_init_retry_time) | |
646 | wait_time = wpa_s->dpp_init_retry_time; | |
647 | else | |
648 | wait_time = 10000; | |
649 | eloop_register_timeout(wait_time / 1000, | |
650 | (wait_time % 1000) * 1000, | |
651 | wpas_dpp_init_timeout, wpa_s, | |
652 | NULL); | |
653 | return 0; | |
654 | } | |
655 | freq = auth->freq[auth->freq_idx++]; | |
656 | auth->curr_freq = freq; | |
657 | ||
658 | if (is_zero_ether_addr(auth->peer_bi->mac_addr)) | |
659 | dst = broadcast; | |
660 | else | |
661 | dst = auth->peer_bi->mac_addr; | |
662 | wpa_s->dpp_auth_ok_on_ack = 0; | |
663 | eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); | |
664 | wait_time = wpa_s->max_remain_on_chan; | |
665 | if (wait_time > 2000) | |
666 | wait_time = 2000; | |
667 | eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000, | |
668 | wpas_dpp_reply_wait_timeout, | |
669 | wpa_s, NULL); | |
670 | if (auth->neg_freq > 0 && freq != auth->neg_freq) { | |
671 | wpa_printf(MSG_DEBUG, | |
672 | "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response", | |
673 | freq, auth->neg_freq); | |
674 | } | |
675 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", | |
676 | MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ); | |
677 | os_get_reltime(&wpa_s->dpp_last_init); | |
678 | return offchannel_send_action(wpa_s, freq, dst, | |
679 | wpa_s->own_addr, broadcast, | |
680 | wpabuf_head(auth->req_msg), | |
681 | wpabuf_len(auth->req_msg), | |
682 | wait_time, wpas_dpp_tx_status, 0); | |
683 | } | |
684 | ||
685 | ||
b65b22d6 JM |
686 | int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd) |
687 | { | |
688 | const char *pos; | |
689 | struct dpp_bootstrap_info *peer_bi, *own_bi = NULL; | |
d1f08264 | 690 | u8 allowed_roles = DPP_CAPAB_CONFIGURATOR; |
d2709206 | 691 | unsigned int neg_freq = 0; |
b65b22d6 JM |
692 | |
693 | wpa_s->dpp_gas_client = 0; | |
694 | ||
695 | pos = os_strstr(cmd, " peer="); | |
696 | if (!pos) | |
697 | return -1; | |
698 | pos += 6; | |
699 | peer_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos)); | |
700 | if (!peer_bi) { | |
701 | wpa_printf(MSG_INFO, | |
702 | "DPP: Could not find bootstrapping info for the identified peer"); | |
703 | return -1; | |
704 | } | |
705 | ||
706 | pos = os_strstr(cmd, " own="); | |
707 | if (pos) { | |
708 | pos += 5; | |
709 | own_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos)); | |
710 | if (!own_bi) { | |
711 | wpa_printf(MSG_INFO, | |
712 | "DPP: Could not find bootstrapping info for the identified local entry"); | |
713 | return -1; | |
714 | } | |
715 | ||
716 | if (peer_bi->curve != own_bi->curve) { | |
717 | wpa_printf(MSG_INFO, | |
718 | "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)", | |
719 | peer_bi->curve->name, own_bi->curve->name); | |
720 | return -1; | |
721 | } | |
722 | } | |
723 | ||
724 | pos = os_strstr(cmd, " role="); | |
725 | if (pos) { | |
726 | pos += 6; | |
727 | if (os_strncmp(pos, "configurator", 12) == 0) | |
d1f08264 | 728 | allowed_roles = DPP_CAPAB_CONFIGURATOR; |
b65b22d6 | 729 | else if (os_strncmp(pos, "enrollee", 8) == 0) |
d1f08264 JM |
730 | allowed_roles = DPP_CAPAB_ENROLLEE; |
731 | else if (os_strncmp(pos, "either", 6) == 0) | |
732 | allowed_roles = DPP_CAPAB_CONFIGURATOR | | |
733 | DPP_CAPAB_ENROLLEE; | |
b65b22d6 JM |
734 | else |
735 | goto fail; | |
736 | } | |
737 | ||
738 | pos = os_strstr(cmd, " netrole="); | |
739 | if (pos) { | |
740 | pos += 9; | |
741 | wpa_s->dpp_netrole_ap = os_strncmp(pos, "ap", 2) == 0; | |
742 | } | |
30d27b04 | 743 | |
d2709206 JM |
744 | pos = os_strstr(cmd, " neg_freq="); |
745 | if (pos) | |
746 | neg_freq = atoi(pos + 10); | |
747 | ||
30d27b04 | 748 | if (wpa_s->dpp_auth) { |
f97ace34 | 749 | eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); |
30d27b04 | 750 | eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); |
95b0104a JM |
751 | eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, |
752 | NULL); | |
30d27b04 JM |
753 | offchannel_send_action_done(wpa_s); |
754 | dpp_auth_deinit(wpa_s->dpp_auth); | |
755 | } | |
d1f08264 | 756 | wpa_s->dpp_auth = dpp_auth_init(wpa_s, peer_bi, own_bi, allowed_roles, |
f97ace34 JM |
757 | neg_freq, |
758 | wpa_s->hw.modes, wpa_s->hw.num_modes); | |
30d27b04 | 759 | if (!wpa_s->dpp_auth) |
461d39af JM |
760 | goto fail; |
761 | wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth); | |
b65b22d6 | 762 | wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth, cmd); |
30d27b04 | 763 | |
d2709206 | 764 | wpa_s->dpp_auth->neg_freq = neg_freq; |
30d27b04 | 765 | |
f97ace34 | 766 | if (!is_zero_ether_addr(peer_bi->mac_addr)) |
30d27b04 JM |
767 | os_memcpy(wpa_s->dpp_auth->peer_mac_addr, peer_bi->mac_addr, |
768 | ETH_ALEN); | |
f97ace34 JM |
769 | |
770 | return wpas_dpp_auth_init_next(wpa_s); | |
461d39af | 771 | fail: |
461d39af | 772 | return -1; |
30d27b04 JM |
773 | } |
774 | ||
775 | ||
776 | struct wpas_dpp_listen_work { | |
777 | unsigned int freq; | |
778 | unsigned int duration; | |
779 | struct wpabuf *probe_resp_ie; | |
780 | }; | |
781 | ||
782 | ||
783 | static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork) | |
784 | { | |
785 | if (!lwork) | |
786 | return; | |
787 | os_free(lwork); | |
788 | } | |
789 | ||
790 | ||
791 | static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s) | |
792 | { | |
793 | struct wpas_dpp_listen_work *lwork; | |
794 | ||
795 | if (!wpa_s->dpp_listen_work) | |
796 | return; | |
797 | ||
798 | lwork = wpa_s->dpp_listen_work->ctx; | |
799 | wpas_dpp_listen_work_free(lwork); | |
800 | radio_work_done(wpa_s->dpp_listen_work); | |
801 | wpa_s->dpp_listen_work = NULL; | |
802 | } | |
803 | ||
804 | ||
805 | static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit) | |
806 | { | |
807 | struct wpa_supplicant *wpa_s = work->wpa_s; | |
808 | struct wpas_dpp_listen_work *lwork = work->ctx; | |
809 | ||
810 | if (deinit) { | |
811 | if (work->started) { | |
812 | wpa_s->dpp_listen_work = NULL; | |
813 | wpas_dpp_listen_stop(wpa_s); | |
814 | } | |
815 | wpas_dpp_listen_work_free(lwork); | |
816 | return; | |
817 | } | |
818 | ||
819 | wpa_s->dpp_listen_work = work; | |
820 | ||
821 | wpa_s->dpp_pending_listen_freq = lwork->freq; | |
822 | ||
823 | if (wpa_drv_remain_on_channel(wpa_s, lwork->freq, | |
824 | wpa_s->max_remain_on_chan) < 0) { | |
825 | wpa_printf(MSG_DEBUG, | |
826 | "DPP: Failed to request the driver to remain on channel (%u MHz) for listen", | |
827 | lwork->freq); | |
828 | wpas_dpp_listen_work_done(wpa_s); | |
829 | wpa_s->dpp_pending_listen_freq = 0; | |
830 | return; | |
831 | } | |
832 | wpa_s->off_channel_freq = 0; | |
833 | wpa_s->roc_waiting_drv_freq = lwork->freq; | |
834 | } | |
835 | ||
836 | ||
837 | static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s, | |
838 | unsigned int freq) | |
839 | { | |
840 | struct wpas_dpp_listen_work *lwork; | |
841 | ||
842 | if (wpa_s->dpp_listen_work) { | |
843 | wpa_printf(MSG_DEBUG, | |
844 | "DPP: Reject start_listen since dpp_listen_work already exists"); | |
845 | return -1; | |
846 | } | |
847 | ||
848 | if (wpa_s->dpp_listen_freq) | |
849 | wpas_dpp_listen_stop(wpa_s); | |
850 | wpa_s->dpp_listen_freq = freq; | |
851 | ||
852 | lwork = os_zalloc(sizeof(*lwork)); | |
853 | if (!lwork) | |
854 | return -1; | |
855 | lwork->freq = freq; | |
856 | ||
857 | if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb, | |
858 | lwork) < 0) { | |
859 | wpas_dpp_listen_work_free(lwork); | |
860 | return -1; | |
861 | } | |
862 | ||
863 | return 0; | |
864 | } | |
865 | ||
866 | ||
867 | int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd) | |
868 | { | |
869 | int freq; | |
870 | ||
871 | freq = atoi(cmd); | |
872 | if (freq <= 0) | |
873 | return -1; | |
874 | ||
875 | if (os_strstr(cmd, " role=configurator")) | |
876 | wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR; | |
877 | else if (os_strstr(cmd, " role=enrollee")) | |
878 | wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE; | |
879 | else | |
880 | wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR | | |
881 | DPP_CAPAB_ENROLLEE; | |
882 | wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL; | |
461d39af | 883 | wpa_s->dpp_netrole_ap = os_strstr(cmd, " netrole=ap") != NULL; |
30d27b04 JM |
884 | if (wpa_s->dpp_listen_freq == (unsigned int) freq) { |
885 | wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz", | |
886 | freq); | |
887 | return 0; | |
888 | } | |
889 | ||
890 | return wpas_dpp_listen_start(wpa_s, freq); | |
891 | } | |
892 | ||
893 | ||
894 | void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s) | |
895 | { | |
896 | if (!wpa_s->dpp_listen_freq) | |
897 | return; | |
898 | ||
899 | wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz", | |
900 | wpa_s->dpp_listen_freq); | |
901 | wpa_drv_cancel_remain_on_channel(wpa_s); | |
902 | wpa_s->dpp_listen_freq = 0; | |
903 | wpas_dpp_listen_work_done(wpa_s); | |
904 | } | |
905 | ||
906 | ||
907 | void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s, | |
908 | unsigned int freq) | |
909 | { | |
910 | if (!wpa_s->dpp_listen_freq && !wpa_s->dpp_pending_listen_freq) | |
911 | return; | |
912 | ||
913 | wpa_printf(MSG_DEBUG, | |
914 | "DPP: remain-on-channel callback (off_channel_freq=%u dpp_pending_listen_freq=%d roc_waiting_drv_freq=%d freq=%u)", | |
915 | wpa_s->off_channel_freq, wpa_s->dpp_pending_listen_freq, | |
916 | wpa_s->roc_waiting_drv_freq, freq); | |
917 | if (wpa_s->off_channel_freq && | |
918 | wpa_s->off_channel_freq == wpa_s->dpp_pending_listen_freq) { | |
919 | wpa_printf(MSG_DEBUG, "DPP: Listen on %u MHz started", freq); | |
920 | wpa_s->dpp_pending_listen_freq = 0; | |
921 | } else { | |
922 | wpa_printf(MSG_DEBUG, | |
923 | "DPP: Ignore remain-on-channel callback (off_channel_freq=%u dpp_pending_listen_freq=%d freq=%u)", | |
924 | wpa_s->off_channel_freq, | |
925 | wpa_s->dpp_pending_listen_freq, freq); | |
926 | } | |
927 | } | |
928 | ||
929 | ||
930 | void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s, | |
931 | unsigned int freq) | |
932 | { | |
933 | wpas_dpp_listen_work_done(wpa_s); | |
934 | ||
461d39af | 935 | if (wpa_s->dpp_auth && !wpa_s->dpp_gas_client) { |
30d27b04 JM |
936 | /* Continue listen with a new remain-on-channel */ |
937 | wpa_printf(MSG_DEBUG, | |
938 | "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session", | |
939 | wpa_s->dpp_auth->curr_freq); | |
940 | wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->curr_freq); | |
941 | return; | |
942 | } | |
943 | ||
944 | if (wpa_s->dpp_listen_freq) { | |
945 | /* Continue listen with a new remain-on-channel */ | |
946 | wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq); | |
947 | } | |
948 | } | |
949 | ||
950 | ||
951 | static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src, | |
dc4d271c JM |
952 | const u8 *hdr, const u8 *buf, size_t len, |
953 | unsigned int freq) | |
30d27b04 | 954 | { |
27fefbbb JM |
955 | const u8 *r_bootstrap, *i_bootstrap; |
956 | u16 r_bootstrap_len, i_bootstrap_len; | |
30d27b04 | 957 | struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL; |
30d27b04 JM |
958 | |
959 | wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR, | |
960 | MAC2STR(src)); | |
961 | ||
30d27b04 JM |
962 | r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, |
963 | &r_bootstrap_len); | |
27fefbbb | 964 | if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { |
26806abe JM |
965 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL |
966 | "Missing or invalid required Responder Bootstrapping Key Hash attribute"); | |
30d27b04 JM |
967 | return; |
968 | } | |
969 | wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", | |
970 | r_bootstrap, r_bootstrap_len); | |
971 | ||
972 | i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, | |
973 | &i_bootstrap_len); | |
27fefbbb | 974 | if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) { |
26806abe JM |
975 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL |
976 | "Missing or invalid required Initiator Bootstrapping Key Hash attribute"); | |
30d27b04 JM |
977 | return; |
978 | } | |
979 | wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash", | |
980 | i_bootstrap, i_bootstrap_len); | |
981 | ||
982 | /* Try to find own and peer bootstrapping key matches based on the | |
983 | * received hash values */ | |
984 | dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info, | |
985 | list) { | |
986 | if (!own_bi && bi->own && | |
987 | os_memcmp(bi->pubkey_hash, r_bootstrap, | |
988 | SHA256_MAC_LEN) == 0) { | |
989 | wpa_printf(MSG_DEBUG, | |
990 | "DPP: Found matching own bootstrapping information"); | |
991 | own_bi = bi; | |
992 | } | |
993 | ||
994 | if (!peer_bi && !bi->own && | |
995 | os_memcmp(bi->pubkey_hash, i_bootstrap, | |
996 | SHA256_MAC_LEN) == 0) { | |
997 | wpa_printf(MSG_DEBUG, | |
998 | "DPP: Found matching peer bootstrapping information"); | |
999 | peer_bi = bi; | |
1000 | } | |
1001 | ||
1002 | if (own_bi && peer_bi) | |
1003 | break; | |
1004 | } | |
1005 | ||
1006 | if (!own_bi) { | |
26806abe JM |
1007 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL |
1008 | "No matching own bootstrapping key found - ignore message"); | |
30d27b04 JM |
1009 | return; |
1010 | } | |
1011 | ||
1012 | if (wpa_s->dpp_auth) { | |
26806abe JM |
1013 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL |
1014 | "Already in DPP authentication exchange - ignore new one"); | |
30d27b04 JM |
1015 | return; |
1016 | } | |
1017 | ||
461d39af JM |
1018 | wpa_s->dpp_gas_client = 0; |
1019 | wpa_s->dpp_auth_ok_on_ack = 0; | |
30d27b04 JM |
1020 | wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles, |
1021 | wpa_s->dpp_qr_mutual, | |
27fefbbb | 1022 | peer_bi, own_bi, freq, hdr, buf, len); |
30d27b04 JM |
1023 | if (!wpa_s->dpp_auth) { |
1024 | wpa_printf(MSG_DEBUG, "DPP: No response generated"); | |
1025 | return; | |
1026 | } | |
461d39af | 1027 | wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth); |
b65b22d6 JM |
1028 | wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth, |
1029 | wpa_s->dpp_configurator_params); | |
30d27b04 JM |
1030 | os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN); |
1031 | ||
d2709206 JM |
1032 | if (wpa_s->dpp_listen_freq && |
1033 | wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) { | |
1034 | wpa_printf(MSG_DEBUG, | |
1035 | "DPP: Stop listen on %u MHz to allow response on the request %u MHz", | |
1036 | wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq); | |
1037 | wpas_dpp_listen_stop(wpa_s); | |
1038 | } | |
1039 | ||
af48810b JM |
1040 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", |
1041 | MAC2STR(src), wpa_s->dpp_auth->curr_freq, | |
1042 | DPP_PA_AUTHENTICATION_RESP); | |
30d27b04 JM |
1043 | offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq, |
1044 | src, wpa_s->own_addr, broadcast, | |
dc4d271c JM |
1045 | wpabuf_head(wpa_s->dpp_auth->resp_msg), |
1046 | wpabuf_len(wpa_s->dpp_auth->resp_msg), | |
30d27b04 | 1047 | 500, wpas_dpp_tx_status, 0); |
30d27b04 JM |
1048 | } |
1049 | ||
1050 | ||
461d39af JM |
1051 | static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s) |
1052 | { | |
1053 | /* TODO: stop wait and start ROC */ | |
1054 | } | |
1055 | ||
1056 | ||
8528994e JM |
1057 | static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s, |
1058 | struct dpp_authentication *auth) | |
1059 | { | |
1060 | struct wpa_ssid *ssid; | |
1061 | ||
1062 | ssid = wpa_config_add_network(wpa_s->conf); | |
1063 | if (!ssid) | |
1064 | return NULL; | |
1065 | wpas_notify_network_added(wpa_s, ssid); | |
1066 | wpa_config_set_network_defaults(ssid); | |
1067 | ssid->disabled = 1; | |
1068 | ||
1069 | ssid->ssid = os_malloc(auth->ssid_len); | |
1070 | if (!ssid->ssid) | |
1071 | goto fail; | |
1072 | os_memcpy(ssid->ssid, auth->ssid, auth->ssid_len); | |
1073 | ssid->ssid_len = auth->ssid_len; | |
1074 | ||
1075 | if (auth->connector) { | |
1076 | ssid->key_mgmt = WPA_KEY_MGMT_DPP; | |
69d8d029 | 1077 | ssid->ieee80211w = 1; |
8528994e JM |
1078 | ssid->dpp_connector = os_strdup(auth->connector); |
1079 | if (!ssid->dpp_connector) | |
1080 | goto fail; | |
1081 | } | |
1082 | ||
1083 | if (auth->c_sign_key) { | |
1084 | ssid->dpp_csign = os_malloc(wpabuf_len(auth->c_sign_key)); | |
1085 | if (!ssid->dpp_csign) | |
1086 | goto fail; | |
1087 | os_memcpy(ssid->dpp_csign, wpabuf_head(auth->c_sign_key), | |
1088 | wpabuf_len(auth->c_sign_key)); | |
1089 | ssid->dpp_csign_len = wpabuf_len(auth->c_sign_key); | |
8528994e JM |
1090 | } |
1091 | ||
1092 | if (auth->net_access_key) { | |
1093 | ssid->dpp_netaccesskey = | |
1094 | os_malloc(wpabuf_len(auth->net_access_key)); | |
1095 | if (!ssid->dpp_netaccesskey) | |
1096 | goto fail; | |
1097 | os_memcpy(ssid->dpp_netaccesskey, | |
1098 | wpabuf_head(auth->net_access_key), | |
1099 | wpabuf_len(auth->net_access_key)); | |
1100 | ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key); | |
1101 | ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry; | |
1102 | } | |
1103 | ||
1104 | if (!auth->connector) { | |
69d8d029 JM |
1105 | ssid->key_mgmt = WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_PSK_SHA256; |
1106 | ssid->ieee80211w = 1; | |
8528994e JM |
1107 | if (auth->passphrase[0]) { |
1108 | if (wpa_config_set_quoted(ssid, "psk", | |
1109 | auth->passphrase) < 0) | |
1110 | goto fail; | |
1111 | wpa_config_update_psk(ssid); | |
1112 | ssid->export_keys = 1; | |
1113 | } else { | |
1114 | ssid->psk_set = auth->psk_set; | |
1115 | os_memcpy(ssid->psk, auth->psk, PMK_LEN); | |
1116 | } | |
1117 | } | |
1118 | ||
1119 | return ssid; | |
1120 | fail: | |
1121 | wpas_notify_network_removed(wpa_s, ssid); | |
1122 | wpa_config_remove_network(wpa_s->conf, ssid->id); | |
1123 | return NULL; | |
1124 | } | |
1125 | ||
1126 | ||
1127 | static void wpas_dpp_process_config(struct wpa_supplicant *wpa_s, | |
1128 | struct dpp_authentication *auth) | |
1129 | { | |
1130 | struct wpa_ssid *ssid; | |
1131 | ||
1132 | if (wpa_s->conf->dpp_config_processing < 1) | |
1133 | return; | |
1134 | ||
1135 | ssid = wpas_dpp_add_network(wpa_s, auth); | |
1136 | if (!ssid) | |
1137 | return; | |
1138 | ||
1139 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id); | |
1140 | if (wpa_s->conf->dpp_config_processing < 2) | |
1141 | return; | |
1142 | ||
1143 | wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network"); | |
1144 | ssid->disabled = 0; | |
1145 | wpa_s->disconnected = 0; | |
1146 | wpa_s->reassociate = 1; | |
1147 | wpa_s->scan_runs = 0; | |
1148 | wpa_s->normal_scans = 0; | |
1149 | wpa_supplicant_cancel_sched_scan(wpa_s); | |
1150 | wpa_supplicant_req_scan(wpa_s, 0, 0); | |
1151 | } | |
1152 | ||
1153 | ||
f522bb23 JM |
1154 | static void wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s, |
1155 | struct dpp_authentication *auth) | |
461d39af | 1156 | { |
461d39af JM |
1157 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED); |
1158 | if (auth->ssid_len) | |
1159 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s", | |
1160 | wpa_ssid_txt(auth->ssid, auth->ssid_len)); | |
1161 | if (auth->connector) { | |
1162 | /* TODO: Save the Connector and consider using a command | |
1163 | * to fetch the value instead of sending an event with | |
1164 | * it. The Connector could end up being larger than what | |
1165 | * most clients are ready to receive as an event | |
1166 | * message. */ | |
1167 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s", | |
1168 | auth->connector); | |
1169 | } | |
1170 | if (auth->c_sign_key) { | |
1171 | char *hex; | |
1172 | size_t hexlen; | |
1173 | ||
1174 | hexlen = 2 * wpabuf_len(auth->c_sign_key) + 1; | |
1175 | hex = os_malloc(hexlen); | |
1176 | if (hex) { | |
1177 | wpa_snprintf_hex(hex, hexlen, | |
1178 | wpabuf_head(auth->c_sign_key), | |
1179 | wpabuf_len(auth->c_sign_key)); | |
c77e2ff0 JM |
1180 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s", |
1181 | hex); | |
461d39af JM |
1182 | os_free(hex); |
1183 | } | |
1184 | } | |
1185 | if (auth->net_access_key) { | |
1186 | char *hex; | |
1187 | size_t hexlen; | |
1188 | ||
1189 | hexlen = 2 * wpabuf_len(auth->net_access_key) + 1; | |
1190 | hex = os_malloc(hexlen); | |
1191 | if (hex) { | |
1192 | wpa_snprintf_hex(hex, hexlen, | |
1193 | wpabuf_head(auth->net_access_key), | |
1194 | wpabuf_len(auth->net_access_key)); | |
1195 | if (auth->net_access_key_expiry) | |
1196 | wpa_msg(wpa_s, MSG_INFO, | |
1197 | DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex, | |
1198 | (long unsigned) | |
1199 | auth->net_access_key_expiry); | |
1200 | else | |
1201 | wpa_msg(wpa_s, MSG_INFO, | |
1202 | DPP_EVENT_NET_ACCESS_KEY "%s", hex); | |
1203 | os_free(hex); | |
1204 | } | |
1205 | } | |
8528994e JM |
1206 | |
1207 | wpas_dpp_process_config(wpa_s, auth); | |
f522bb23 JM |
1208 | } |
1209 | ||
1210 | ||
1211 | static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token, | |
1212 | enum gas_query_result result, | |
1213 | const struct wpabuf *adv_proto, | |
1214 | const struct wpabuf *resp, u16 status_code) | |
1215 | { | |
1216 | struct wpa_supplicant *wpa_s = ctx; | |
1217 | const u8 *pos; | |
1218 | struct dpp_authentication *auth = wpa_s->dpp_auth; | |
1219 | ||
1220 | if (!auth || !auth->auth_success) { | |
1221 | wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); | |
1222 | return; | |
1223 | } | |
1224 | if (!resp || status_code != WLAN_STATUS_SUCCESS) { | |
1225 | wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed"); | |
1226 | goto fail; | |
1227 | } | |
1228 | ||
1229 | wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto", | |
1230 | adv_proto); | |
1231 | wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)", | |
1232 | resp); | |
1233 | ||
1234 | if (wpabuf_len(adv_proto) != 10 || | |
1235 | !(pos = wpabuf_head(adv_proto)) || | |
1236 | pos[0] != WLAN_EID_ADV_PROTO || | |
1237 | pos[1] != 8 || | |
1238 | pos[3] != WLAN_EID_VENDOR_SPECIFIC || | |
1239 | pos[4] != 5 || | |
1240 | WPA_GET_BE24(&pos[5]) != OUI_WFA || | |
1241 | pos[8] != 0x1a || | |
1242 | pos[9] != 1) { | |
1243 | wpa_printf(MSG_DEBUG, | |
1244 | "DPP: Not a DPP Advertisement Protocol ID"); | |
1245 | goto fail; | |
1246 | } | |
8528994e | 1247 | |
f522bb23 JM |
1248 | if (dpp_conf_resp_rx(auth, resp) < 0) { |
1249 | wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed"); | |
1250 | goto fail; | |
1251 | } | |
1252 | ||
1253 | wpas_dpp_handle_config_obj(wpa_s, auth); | |
461d39af JM |
1254 | dpp_auth_deinit(wpa_s->dpp_auth); |
1255 | wpa_s->dpp_auth = NULL; | |
1256 | return; | |
1257 | ||
1258 | fail: | |
1259 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED); | |
1260 | dpp_auth_deinit(wpa_s->dpp_auth); | |
1261 | wpa_s->dpp_auth = NULL; | |
1262 | } | |
1263 | ||
1264 | ||
1265 | static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s) | |
1266 | { | |
1267 | struct dpp_authentication *auth = wpa_s->dpp_auth; | |
1268 | struct wpabuf *buf, *conf_req; | |
1269 | char json[100]; | |
1270 | int res; | |
1271 | ||
1272 | wpa_s->dpp_gas_client = 1; | |
1273 | os_snprintf(json, sizeof(json), | |
1274 | "{\"name\":\"Test\"," | |
1275 | "\"wi-fi_tech\":\"infra\"," | |
1276 | "\"netRole\":\"%s\"}", | |
1277 | wpa_s->dpp_netrole_ap ? "ap" : "sta"); | |
f9cf7d03 JM |
1278 | #ifdef CONFIG_TESTING_OPTIONS |
1279 | if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) { | |
1280 | wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr"); | |
1281 | json[29] = 'k'; /* replace "infra" with "knfra" */ | |
1282 | } | |
1283 | #endif /* CONFIG_TESTING_OPTIONS */ | |
461d39af JM |
1284 | wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json); |
1285 | ||
1286 | offchannel_send_action_done(wpa_s); | |
1287 | wpas_dpp_listen_stop(wpa_s); | |
1288 | ||
1289 | conf_req = dpp_build_conf_req(auth, json); | |
1290 | if (!conf_req) { | |
1291 | wpa_printf(MSG_DEBUG, | |
1292 | "DPP: No configuration request data available"); | |
1293 | return; | |
1294 | } | |
1295 | ||
1296 | buf = gas_build_initial_req(0, 10 + 2 + wpabuf_len(conf_req)); | |
1297 | if (!buf) { | |
1298 | wpabuf_free(conf_req); | |
1299 | return; | |
1300 | } | |
1301 | ||
1302 | /* Advertisement Protocol IE */ | |
1303 | wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO); | |
1304 | wpabuf_put_u8(buf, 8); /* Length */ | |
1305 | wpabuf_put_u8(buf, 0x7f); | |
1306 | wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); | |
1307 | wpabuf_put_u8(buf, 5); | |
1308 | wpabuf_put_be24(buf, OUI_WFA); | |
1309 | wpabuf_put_u8(buf, DPP_OUI_TYPE); | |
1310 | wpabuf_put_u8(buf, 0x01); | |
1311 | ||
1312 | /* GAS Query */ | |
1313 | wpabuf_put_le16(buf, wpabuf_len(conf_req)); | |
1314 | wpabuf_put_buf(buf, conf_req); | |
1315 | wpabuf_free(conf_req); | |
1316 | ||
1317 | wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)", | |
1318 | MAC2STR(auth->peer_mac_addr), auth->curr_freq); | |
1319 | ||
1320 | res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq, | |
1321 | buf, wpas_dpp_gas_resp_cb, wpa_s); | |
1322 | if (res < 0) { | |
1323 | wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request"); | |
1324 | wpabuf_free(buf); | |
1325 | } else { | |
1326 | wpa_printf(MSG_DEBUG, | |
1327 | "DPP: GAS query started with dialog token %u", res); | |
1328 | } | |
1329 | } | |
1330 | ||
1331 | ||
1332 | static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator) | |
1333 | { | |
1334 | wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded"); | |
1335 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d", initiator); | |
1336 | ||
1337 | if (wpa_s->dpp_auth->configurator) | |
1338 | wpas_dpp_start_gas_server(wpa_s); | |
1339 | else | |
1340 | wpas_dpp_start_gas_client(wpa_s); | |
1341 | } | |
1342 | ||
1343 | ||
30d27b04 | 1344 | static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src, |
d2709206 JM |
1345 | const u8 *hdr, const u8 *buf, size_t len, |
1346 | unsigned int freq) | |
30d27b04 JM |
1347 | { |
1348 | struct dpp_authentication *auth = wpa_s->dpp_auth; | |
dc4d271c | 1349 | struct wpabuf *msg; |
30d27b04 | 1350 | |
d2709206 JM |
1351 | wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR |
1352 | " (freq %u MHz)", MAC2STR(src), freq); | |
30d27b04 JM |
1353 | |
1354 | if (!auth) { | |
1355 | wpa_printf(MSG_DEBUG, | |
1356 | "DPP: No DPP Authentication in progress - drop"); | |
1357 | return; | |
1358 | } | |
1359 | ||
1360 | if (!is_zero_ether_addr(auth->peer_mac_addr) && | |
1361 | os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) { | |
1362 | wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " | |
1363 | MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); | |
1364 | return; | |
1365 | } | |
1366 | ||
1367 | eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); | |
1368 | ||
d2709206 JM |
1369 | if (auth->curr_freq != freq && auth->neg_freq == freq) { |
1370 | wpa_printf(MSG_DEBUG, | |
1371 | "DPP: Responder accepted request for different negotiation channel"); | |
1372 | auth->curr_freq = freq; | |
1373 | } | |
1374 | ||
f97ace34 | 1375 | eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); |
dc4d271c JM |
1376 | msg = dpp_auth_resp_rx(auth, hdr, buf, len); |
1377 | if (!msg) { | |
30d27b04 JM |
1378 | if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) { |
1379 | wpa_printf(MSG_DEBUG, | |
1380 | "DPP: Start wait for full response"); | |
1381 | offchannel_send_action_done(wpa_s); | |
1382 | wpas_dpp_listen_start(wpa_s, auth->curr_freq); | |
1383 | return; | |
1384 | } | |
1385 | wpa_printf(MSG_DEBUG, "DPP: No confirm generated"); | |
1386 | return; | |
1387 | } | |
1388 | os_memcpy(auth->peer_mac_addr, src, ETH_ALEN); | |
1389 | ||
af48810b JM |
1390 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", |
1391 | MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF); | |
30d27b04 JM |
1392 | offchannel_send_action(wpa_s, auth->curr_freq, |
1393 | src, wpa_s->own_addr, broadcast, | |
1394 | wpabuf_head(msg), wpabuf_len(msg), | |
1395 | 500, wpas_dpp_tx_status, 0); | |
1396 | wpabuf_free(msg); | |
461d39af | 1397 | wpa_s->dpp_auth_ok_on_ack = 1; |
30d27b04 JM |
1398 | } |
1399 | ||
1400 | ||
1401 | static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src, | |
dc4d271c | 1402 | const u8 *hdr, const u8 *buf, size_t len) |
30d27b04 JM |
1403 | { |
1404 | struct dpp_authentication *auth = wpa_s->dpp_auth; | |
1405 | ||
1406 | wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR, | |
1407 | MAC2STR(src)); | |
1408 | ||
1409 | if (!auth) { | |
1410 | wpa_printf(MSG_DEBUG, | |
1411 | "DPP: No DPP Authentication in progress - drop"); | |
1412 | return; | |
1413 | } | |
1414 | ||
1415 | if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) { | |
1416 | wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " | |
1417 | MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); | |
1418 | return; | |
1419 | } | |
1420 | ||
dc4d271c | 1421 | if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) { |
30d27b04 JM |
1422 | wpa_printf(MSG_DEBUG, "DPP: Authentication failed"); |
1423 | return; | |
1424 | } | |
1425 | ||
461d39af | 1426 | wpas_dpp_auth_success(wpa_s, 0); |
30d27b04 JM |
1427 | } |
1428 | ||
1429 | ||
a0d5c56f JM |
1430 | static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s, |
1431 | const u8 *src, | |
1432 | const u8 *buf, size_t len) | |
1433 | { | |
1434 | struct wpa_ssid *ssid; | |
e85b6601 JM |
1435 | const u8 *connector, *trans_id, *status; |
1436 | u16 connector_len, trans_id_len, status_len; | |
a0d5c56f JM |
1437 | struct dpp_introduction intro; |
1438 | struct rsn_pmksa_cache_entry *entry; | |
787615b3 JM |
1439 | struct os_time now; |
1440 | struct os_reltime rnow; | |
1441 | os_time_t expiry; | |
1442 | unsigned int seconds; | |
e85b6601 | 1443 | enum dpp_status_error res; |
a0d5c56f JM |
1444 | |
1445 | wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR, | |
1446 | MAC2STR(src)); | |
1447 | if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) || | |
1448 | os_memcmp(src, wpa_s->dpp_intro_bssid, ETH_ALEN) != 0) { | |
1449 | wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from " | |
1450 | MACSTR " - drop", MAC2STR(src)); | |
1451 | return; | |
1452 | } | |
1453 | offchannel_send_action_done(wpa_s); | |
1454 | ||
1455 | for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { | |
1456 | if (ssid == wpa_s->dpp_intro_network) | |
1457 | break; | |
1458 | } | |
1459 | if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey || | |
1460 | !ssid->dpp_csign) { | |
1461 | wpa_printf(MSG_DEBUG, | |
1462 | "DPP: Profile not found for network introduction"); | |
1463 | return; | |
1464 | } | |
1465 | ||
85fd8263 JM |
1466 | trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID, |
1467 | &trans_id_len); | |
1468 | if (!trans_id || trans_id_len != 1) { | |
1469 | wpa_printf(MSG_DEBUG, | |
1470 | "DPP: Peer did not include Transaction ID"); | |
e85b6601 JM |
1471 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR |
1472 | " fail=missing_transaction_id", MAC2STR(src)); | |
85fd8263 JM |
1473 | goto fail; |
1474 | } | |
1475 | if (trans_id[0] != TRANSACTION_ID) { | |
1476 | wpa_printf(MSG_DEBUG, | |
1477 | "DPP: Ignore frame with unexpected Transaction ID %u", | |
1478 | trans_id[0]); | |
e85b6601 JM |
1479 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR |
1480 | " fail=transaction_id_mismatch", MAC2STR(src)); | |
1481 | goto fail; | |
1482 | } | |
1483 | ||
1484 | status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len); | |
1485 | if (!status || status_len != 1) { | |
1486 | wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status"); | |
1487 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR | |
1488 | " fail=missing_status", MAC2STR(src)); | |
1489 | goto fail; | |
1490 | } | |
1491 | if (status[0] != DPP_STATUS_OK) { | |
1492 | wpa_printf(MSG_DEBUG, | |
1493 | "DPP: Peer rejected network introduction: Status %u", | |
1494 | status[0]); | |
1495 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR | |
1496 | " status=%u", MAC2STR(src), status[0]); | |
85fd8263 JM |
1497 | goto fail; |
1498 | } | |
1499 | ||
a0d5c56f JM |
1500 | connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len); |
1501 | if (!connector) { | |
1502 | wpa_printf(MSG_DEBUG, | |
1503 | "DPP: Peer did not include its Connector"); | |
e85b6601 JM |
1504 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR |
1505 | " fail=missing_connector", MAC2STR(src)); | |
1506 | goto fail; | |
a0d5c56f JM |
1507 | } |
1508 | ||
e85b6601 JM |
1509 | res = dpp_peer_intro(&intro, ssid->dpp_connector, |
1510 | ssid->dpp_netaccesskey, | |
1511 | ssid->dpp_netaccesskey_len, | |
1512 | ssid->dpp_csign, | |
1513 | ssid->dpp_csign_len, | |
1514 | connector, connector_len, &expiry); | |
1515 | if (res != DPP_STATUS_OK) { | |
a0d5c56f JM |
1516 | wpa_printf(MSG_INFO, |
1517 | "DPP: Network Introduction protocol resulted in failure"); | |
e85b6601 JM |
1518 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR |
1519 | " fail=peer_connector_validation_failed", MAC2STR(src)); | |
a0d5c56f JM |
1520 | goto fail; |
1521 | } | |
1522 | ||
a0d5c56f JM |
1523 | entry = os_zalloc(sizeof(*entry)); |
1524 | if (!entry) | |
1525 | goto fail; | |
1526 | os_memcpy(entry->aa, src, ETH_ALEN); | |
1527 | os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN); | |
1528 | os_memcpy(entry->pmk, intro.pmk, intro.pmk_len); | |
1529 | entry->pmk_len = intro.pmk_len; | |
1530 | entry->akmp = WPA_KEY_MGMT_DPP; | |
787615b3 JM |
1531 | if (expiry) { |
1532 | os_get_time(&now); | |
1533 | seconds = expiry - now.sec; | |
1534 | } else { | |
1535 | seconds = 86400 * 7; | |
1536 | } | |
1537 | os_get_reltime(&rnow); | |
1538 | entry->expiration = rnow.sec + seconds; | |
1539 | entry->reauth_time = rnow.sec + seconds; | |
a0d5c56f JM |
1540 | entry->network_ctx = ssid; |
1541 | wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry); | |
1542 | ||
e85b6601 JM |
1543 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR |
1544 | " status=%u", MAC2STR(src), status[0]); | |
1545 | ||
a0d5c56f JM |
1546 | wpa_printf(MSG_DEBUG, |
1547 | "DPP: Try connection again after successful network introduction"); | |
1548 | if (wpa_supplicant_fast_associate(wpa_s) != 1) { | |
1549 | wpa_supplicant_cancel_sched_scan(wpa_s); | |
1550 | wpa_supplicant_req_scan(wpa_s, 0, 0); | |
1551 | } | |
1552 | fail: | |
1553 | os_memset(&intro, 0, sizeof(intro)); | |
1554 | } | |
1555 | ||
1556 | ||
500ed7f0 JM |
1557 | static void |
1558 | wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s, | |
1559 | unsigned int freq, const u8 *dst, | |
1560 | const u8 *src, const u8 *bssid, | |
1561 | const u8 *data, size_t data_len, | |
1562 | enum offchannel_send_action_result result) | |
1563 | { | |
af48810b JM |
1564 | const char *res_txt; |
1565 | ||
1566 | res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" : | |
1567 | (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" : | |
1568 | "FAILED"); | |
500ed7f0 JM |
1569 | wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR |
1570 | " result=%s (PKEX)", | |
af48810b JM |
1571 | freq, MAC2STR(dst), res_txt); |
1572 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR | |
1573 | " freq=%u result=%s", MAC2STR(dst), freq, res_txt); | |
500ed7f0 | 1574 | /* TODO: Time out wait for response more quickly in error cases? */ |
e0247e79 JM |
1575 | |
1576 | if (!wpa_s->dpp_pkex) { | |
1577 | wpa_printf(MSG_DEBUG, | |
1578 | "DPP: Ignore TX status since there is no ongoing PKEX exchange"); | |
1579 | return; | |
1580 | } | |
1581 | ||
1582 | if (wpa_s->dpp_pkex->failed) { | |
1583 | wpa_printf(MSG_DEBUG, | |
1584 | "DPP: Terminate PKEX exchange due to an earlier error"); | |
29ab69e4 JM |
1585 | if (wpa_s->dpp_pkex->t > wpa_s->dpp_pkex->own_bi->pkex_t) |
1586 | wpa_s->dpp_pkex->own_bi->pkex_t = wpa_s->dpp_pkex->t; | |
e0247e79 JM |
1587 | dpp_pkex_free(wpa_s->dpp_pkex); |
1588 | wpa_s->dpp_pkex = NULL; | |
1589 | } | |
500ed7f0 JM |
1590 | } |
1591 | ||
1592 | ||
1593 | static void | |
1594 | wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src, | |
1595 | const u8 *buf, size_t len, unsigned int freq) | |
1596 | { | |
1597 | struct wpabuf *msg; | |
1598 | unsigned int wait_time; | |
1599 | ||
1600 | wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR, | |
1601 | MAC2STR(src)); | |
1602 | ||
1603 | /* TODO: Support multiple PKEX codes by iterating over all the enabled | |
1604 | * values here */ | |
1605 | ||
1606 | if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) { | |
1607 | wpa_printf(MSG_DEBUG, | |
1608 | "DPP: No PKEX code configured - ignore request"); | |
1609 | return; | |
1610 | } | |
1611 | ||
1612 | if (wpa_s->dpp_pkex) { | |
1613 | /* TODO: Support parallel operations */ | |
1614 | wpa_printf(MSG_DEBUG, | |
1615 | "DPP: Already in PKEX session - ignore new request"); | |
1616 | return; | |
1617 | } | |
1618 | ||
219d4c9f | 1619 | wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi, |
500ed7f0 JM |
1620 | wpa_s->own_addr, src, |
1621 | wpa_s->dpp_pkex_identifier, | |
1622 | wpa_s->dpp_pkex_code, | |
1623 | buf, len); | |
1624 | if (!wpa_s->dpp_pkex) { | |
1625 | wpa_printf(MSG_DEBUG, | |
1626 | "DPP: Failed to process the request - ignore it"); | |
1627 | return; | |
1628 | } | |
1629 | ||
1630 | msg = wpa_s->dpp_pkex->exchange_resp; | |
1631 | wait_time = wpa_s->max_remain_on_chan; | |
1632 | if (wait_time > 2000) | |
1633 | wait_time = 2000; | |
af48810b JM |
1634 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", |
1635 | MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP); | |
500ed7f0 JM |
1636 | offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, |
1637 | broadcast, | |
1638 | wpabuf_head(msg), wpabuf_len(msg), | |
1639 | wait_time, wpas_dpp_tx_pkex_status, 0); | |
1640 | } | |
1641 | ||
1642 | ||
1643 | static void | |
1644 | wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src, | |
1645 | const u8 *buf, size_t len, unsigned int freq) | |
1646 | { | |
1647 | struct wpabuf *msg; | |
1648 | unsigned int wait_time; | |
1649 | ||
1650 | wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR, | |
1651 | MAC2STR(src)); | |
1652 | ||
1653 | /* TODO: Support multiple PKEX codes by iterating over all the enabled | |
1654 | * values here */ | |
1655 | ||
1656 | if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator || | |
1657 | wpa_s->dpp_pkex->exchange_done) { | |
1658 | wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); | |
1659 | return; | |
1660 | } | |
1661 | ||
1662 | os_memcpy(wpa_s->dpp_pkex->peer_mac, src, ETH_ALEN); | |
1663 | msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, buf, len); | |
1664 | if (!msg) { | |
1665 | wpa_printf(MSG_DEBUG, "DPP: Failed to process the response"); | |
1666 | return; | |
1667 | } | |
1668 | ||
1669 | wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR, | |
1670 | MAC2STR(src)); | |
1671 | ||
1672 | wait_time = wpa_s->max_remain_on_chan; | |
1673 | if (wait_time > 2000) | |
1674 | wait_time = 2000; | |
af48810b JM |
1675 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", |
1676 | MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ); | |
500ed7f0 JM |
1677 | offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, |
1678 | broadcast, | |
1679 | wpabuf_head(msg), wpabuf_len(msg), | |
1680 | wait_time, wpas_dpp_tx_pkex_status, 0); | |
1681 | wpabuf_free(msg); | |
1682 | } | |
1683 | ||
1684 | ||
de029861 JM |
1685 | static struct dpp_bootstrap_info * |
1686 | wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer, | |
1687 | unsigned int freq) | |
1688 | { | |
1689 | struct dpp_pkex *pkex = wpa_s->dpp_pkex; | |
1690 | struct dpp_bootstrap_info *bi; | |
1691 | ||
1692 | bi = os_zalloc(sizeof(*bi)); | |
1693 | if (!bi) | |
1694 | return NULL; | |
1695 | bi->id = wpas_dpp_next_id(wpa_s); | |
1696 | bi->type = DPP_BOOTSTRAP_PKEX; | |
1697 | os_memcpy(bi->mac_addr, peer, ETH_ALEN); | |
1698 | bi->num_freq = 1; | |
1699 | bi->freq[0] = freq; | |
1700 | bi->curve = pkex->own_bi->curve; | |
1701 | bi->pubkey = pkex->peer_bootstrap_key; | |
1702 | pkex->peer_bootstrap_key = NULL; | |
1703 | dpp_pkex_free(pkex); | |
1704 | wpa_s->dpp_pkex = NULL; | |
1705 | if (dpp_bootstrap_key_hash(bi) < 0) { | |
1706 | dpp_bootstrap_info_free(bi); | |
1707 | return NULL; | |
1708 | } | |
1709 | dl_list_add(&wpa_s->dpp_bootstrap, &bi->list); | |
1710 | return bi; | |
1711 | } | |
1712 | ||
1713 | ||
500ed7f0 JM |
1714 | static void |
1715 | wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src, | |
4be5bc98 JM |
1716 | const u8 *hdr, const u8 *buf, size_t len, |
1717 | unsigned int freq) | |
500ed7f0 JM |
1718 | { |
1719 | struct wpabuf *msg; | |
1720 | unsigned int wait_time; | |
1721 | struct dpp_pkex *pkex = wpa_s->dpp_pkex; | |
500ed7f0 JM |
1722 | |
1723 | wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR, | |
1724 | MAC2STR(src)); | |
1725 | ||
1726 | if (!pkex || pkex->initiator || !pkex->exchange_done) { | |
1727 | wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); | |
1728 | return; | |
1729 | } | |
1730 | ||
4be5bc98 | 1731 | msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len); |
500ed7f0 JM |
1732 | if (!msg) { |
1733 | wpa_printf(MSG_DEBUG, "DPP: Failed to process the request"); | |
039b8e73 JM |
1734 | if (pkex->failed) { |
1735 | wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange"); | |
29ab69e4 JM |
1736 | if (pkex->t > pkex->own_bi->pkex_t) |
1737 | pkex->own_bi->pkex_t = pkex->t; | |
039b8e73 JM |
1738 | dpp_pkex_free(wpa_s->dpp_pkex); |
1739 | wpa_s->dpp_pkex = NULL; | |
1740 | } | |
500ed7f0 JM |
1741 | return; |
1742 | } | |
1743 | ||
1744 | wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to " | |
1745 | MACSTR, MAC2STR(src)); | |
1746 | ||
1747 | wait_time = wpa_s->max_remain_on_chan; | |
1748 | if (wait_time > 2000) | |
1749 | wait_time = 2000; | |
af48810b JM |
1750 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", |
1751 | MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP); | |
500ed7f0 JM |
1752 | offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, |
1753 | broadcast, | |
1754 | wpabuf_head(msg), wpabuf_len(msg), | |
1755 | wait_time, wpas_dpp_tx_pkex_status, 0); | |
1756 | wpabuf_free(msg); | |
1757 | ||
de029861 | 1758 | wpas_dpp_pkex_finish(wpa_s, src, freq); |
500ed7f0 JM |
1759 | } |
1760 | ||
1761 | ||
1762 | static void | |
1763 | wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src, | |
4be5bc98 | 1764 | const u8 *hdr, const u8 *buf, size_t len, |
500ed7f0 JM |
1765 | unsigned int freq) |
1766 | { | |
1767 | int res; | |
de029861 | 1768 | struct dpp_bootstrap_info *bi; |
500ed7f0 JM |
1769 | struct dpp_pkex *pkex = wpa_s->dpp_pkex; |
1770 | char cmd[500]; | |
1771 | ||
1772 | wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR, | |
1773 | MAC2STR(src)); | |
1774 | ||
1775 | if (!pkex || !pkex->initiator || !pkex->exchange_done) { | |
1776 | wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); | |
1777 | return; | |
1778 | } | |
1779 | ||
4be5bc98 | 1780 | res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len); |
500ed7f0 JM |
1781 | if (res < 0) { |
1782 | wpa_printf(MSG_DEBUG, "DPP: Failed to process the response"); | |
1783 | return; | |
1784 | } | |
1785 | ||
de029861 | 1786 | bi = wpas_dpp_pkex_finish(wpa_s, src, freq); |
500ed7f0 JM |
1787 | if (!bi) |
1788 | return; | |
500ed7f0 JM |
1789 | |
1790 | os_snprintf(cmd, sizeof(cmd), " peer=%u %s", | |
1791 | bi->id, | |
1792 | wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : ""); | |
1793 | wpa_printf(MSG_DEBUG, | |
1794 | "DPP: Start authentication after PKEX with parameters: %s", | |
1795 | cmd); | |
1796 | if (wpas_dpp_auth_init(wpa_s, cmd) < 0) { | |
1797 | wpa_printf(MSG_DEBUG, | |
1798 | "DPP: Authentication initialization failed"); | |
1799 | return; | |
1800 | } | |
1801 | } | |
1802 | ||
1803 | ||
30d27b04 JM |
1804 | void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src, |
1805 | const u8 *buf, size_t len, unsigned int freq) | |
1806 | { | |
8c19ea3f | 1807 | u8 crypto_suite; |
30d27b04 | 1808 | enum dpp_public_action_frame_type type; |
dc4d271c | 1809 | const u8 *hdr; |
29ab69e4 | 1810 | unsigned int pkex_t; |
30d27b04 | 1811 | |
dc4d271c JM |
1812 | if (len < DPP_HDR_LEN) |
1813 | return; | |
1814 | if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE) | |
30d27b04 | 1815 | return; |
dc4d271c JM |
1816 | hdr = buf; |
1817 | buf += 4; | |
1818 | len -= 4; | |
8c19ea3f JM |
1819 | crypto_suite = *buf++; |
1820 | type = *buf++; | |
1821 | len -= 2; | |
30d27b04 JM |
1822 | |
1823 | wpa_printf(MSG_DEBUG, | |
8c19ea3f | 1824 | "DPP: Received DPP Public Action frame crypto suite %u type %d from " |
30d27b04 | 1825 | MACSTR " freq=%u", |
8c19ea3f JM |
1826 | crypto_suite, type, MAC2STR(src), freq); |
1827 | if (crypto_suite != 1) { | |
1828 | wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u", | |
1829 | crypto_suite); | |
a7073934 JM |
1830 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR |
1831 | " freq=%u type=%d ignore=unsupported-crypto-suite", | |
1832 | MAC2STR(src), freq, type); | |
8c19ea3f JM |
1833 | return; |
1834 | } | |
30d27b04 | 1835 | wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len); |
a7073934 JM |
1836 | if (dpp_check_attrs(buf, len) < 0) { |
1837 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR | |
1838 | " freq=%u type=%d ignore=invalid-attributes", | |
1839 | MAC2STR(src), freq, type); | |
30d27b04 | 1840 | return; |
a7073934 JM |
1841 | } |
1842 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d", | |
1843 | MAC2STR(src), freq, type); | |
30d27b04 JM |
1844 | |
1845 | switch (type) { | |
1846 | case DPP_PA_AUTHENTICATION_REQ: | |
dc4d271c | 1847 | wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq); |
30d27b04 JM |
1848 | break; |
1849 | case DPP_PA_AUTHENTICATION_RESP: | |
d2709206 | 1850 | wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq); |
30d27b04 JM |
1851 | break; |
1852 | case DPP_PA_AUTHENTICATION_CONF: | |
dc4d271c | 1853 | wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len); |
30d27b04 | 1854 | break; |
a0d5c56f JM |
1855 | case DPP_PA_PEER_DISCOVERY_RESP: |
1856 | wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len); | |
1857 | break; | |
500ed7f0 JM |
1858 | case DPP_PA_PKEX_EXCHANGE_REQ: |
1859 | wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq); | |
1860 | break; | |
1861 | case DPP_PA_PKEX_EXCHANGE_RESP: | |
1862 | wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq); | |
1863 | break; | |
1864 | case DPP_PA_PKEX_COMMIT_REVEAL_REQ: | |
4be5bc98 JM |
1865 | wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len, |
1866 | freq); | |
500ed7f0 JM |
1867 | break; |
1868 | case DPP_PA_PKEX_COMMIT_REVEAL_RESP: | |
4be5bc98 JM |
1869 | wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len, |
1870 | freq); | |
500ed7f0 | 1871 | break; |
30d27b04 JM |
1872 | default: |
1873 | wpa_printf(MSG_DEBUG, | |
1874 | "DPP: Ignored unsupported frame subtype %d", type); | |
1875 | break; | |
1876 | } | |
29ab69e4 JM |
1877 | |
1878 | if (wpa_s->dpp_pkex) | |
1879 | pkex_t = wpa_s->dpp_pkex->t; | |
1880 | else if (wpa_s->dpp_pkex_bi) | |
1881 | pkex_t = wpa_s->dpp_pkex_bi->pkex_t; | |
1882 | else | |
1883 | pkex_t = 0; | |
1884 | if (pkex_t >= PKEX_COUNTER_T_LIMIT) { | |
1885 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0"); | |
1886 | wpas_dpp_pkex_remove(wpa_s, "*"); | |
1887 | } | |
30d27b04 JM |
1888 | } |
1889 | ||
1890 | ||
461d39af JM |
1891 | static struct wpabuf * |
1892 | wpas_dpp_gas_req_handler(void *ctx, const u8 *sa, const u8 *query, | |
1893 | size_t query_len) | |
1894 | { | |
1895 | struct wpa_supplicant *wpa_s = ctx; | |
1896 | struct dpp_authentication *auth = wpa_s->dpp_auth; | |
1897 | struct wpabuf *resp; | |
1898 | ||
1899 | wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR, | |
1900 | MAC2STR(sa)); | |
1901 | if (!auth || !auth->auth_success || | |
1902 | os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) { | |
1903 | wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); | |
1904 | return NULL; | |
1905 | } | |
1906 | wpa_hexdump(MSG_DEBUG, | |
1907 | "DPP: Received Configuration Request (GAS Query Request)", | |
1908 | query, query_len); | |
1909 | resp = dpp_conf_req_rx(auth, query, query_len); | |
1910 | if (!resp) | |
1911 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED); | |
1912 | return resp; | |
1913 | } | |
1914 | ||
1915 | ||
1916 | static void | |
1917 | wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok) | |
1918 | { | |
1919 | struct wpa_supplicant *wpa_s = ctx; | |
1920 | struct dpp_authentication *auth = wpa_s->dpp_auth; | |
1921 | ||
1922 | if (!auth) { | |
1923 | wpabuf_free(resp); | |
1924 | return; | |
1925 | } | |
1926 | ||
1927 | wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)", | |
1928 | ok); | |
1929 | eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); | |
95b0104a | 1930 | eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL); |
461d39af JM |
1931 | offchannel_send_action_done(wpa_s); |
1932 | wpas_dpp_listen_stop(wpa_s); | |
1933 | if (ok) | |
1934 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT); | |
1935 | else | |
1936 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED); | |
1937 | dpp_auth_deinit(wpa_s->dpp_auth); | |
1938 | wpa_s->dpp_auth = NULL; | |
1939 | wpabuf_free(resp); | |
1940 | } | |
1941 | ||
1942 | ||
1943 | static unsigned int wpas_dpp_next_configurator_id(struct wpa_supplicant *wpa_s) | |
1944 | { | |
1945 | struct dpp_configurator *conf; | |
1946 | unsigned int max_id = 0; | |
1947 | ||
1948 | dl_list_for_each(conf, &wpa_s->dpp_configurator, | |
1949 | struct dpp_configurator, list) { | |
1950 | if (conf->id > max_id) | |
1951 | max_id = conf->id; | |
1952 | } | |
1953 | return max_id + 1; | |
1954 | } | |
1955 | ||
1956 | ||
1957 | int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd) | |
1958 | { | |
c77e2ff0 | 1959 | char *curve = NULL; |
461d39af JM |
1960 | char *key = NULL; |
1961 | u8 *privkey = NULL; | |
1962 | size_t privkey_len = 0; | |
1963 | int ret = -1; | |
1964 | struct dpp_configurator *conf = NULL; | |
1965 | ||
461d39af JM |
1966 | curve = get_param(cmd, " curve="); |
1967 | key = get_param(cmd, " key="); | |
1968 | ||
1969 | if (key) { | |
1970 | privkey_len = os_strlen(key) / 2; | |
1971 | privkey = os_malloc(privkey_len); | |
1972 | if (!privkey || | |
1973 | hexstr2bin(key, privkey, privkey_len) < 0) | |
1974 | goto fail; | |
1975 | } | |
1976 | ||
1977 | conf = dpp_keygen_configurator(curve, privkey, privkey_len); | |
1978 | if (!conf) | |
1979 | goto fail; | |
1980 | ||
461d39af JM |
1981 | conf->id = wpas_dpp_next_configurator_id(wpa_s); |
1982 | dl_list_add(&wpa_s->dpp_configurator, &conf->list); | |
1983 | ret = conf->id; | |
1984 | conf = NULL; | |
1985 | fail: | |
1986 | os_free(curve); | |
461d39af JM |
1987 | str_clear_free(key); |
1988 | bin_clear_free(privkey, privkey_len); | |
1989 | dpp_configurator_free(conf); | |
1990 | return ret; | |
1991 | } | |
1992 | ||
1993 | ||
1994 | static int dpp_configurator_del(struct wpa_supplicant *wpa_s, unsigned int id) | |
1995 | { | |
1996 | struct dpp_configurator *conf, *tmp; | |
1997 | int found = 0; | |
1998 | ||
1999 | dl_list_for_each_safe(conf, tmp, &wpa_s->dpp_configurator, | |
2000 | struct dpp_configurator, list) { | |
2001 | if (id && conf->id != id) | |
2002 | continue; | |
2003 | found = 1; | |
2004 | dl_list_del(&conf->list); | |
2005 | dpp_configurator_free(conf); | |
2006 | } | |
2007 | ||
2008 | if (id == 0) | |
2009 | return 0; /* flush succeeds regardless of entries found */ | |
2010 | return found ? 0 : -1; | |
2011 | } | |
2012 | ||
2013 | ||
2014 | int wpas_dpp_configurator_remove(struct wpa_supplicant *wpa_s, const char *id) | |
2015 | { | |
2016 | unsigned int id_val; | |
2017 | ||
2018 | if (os_strcmp(id, "*") == 0) { | |
2019 | id_val = 0; | |
2020 | } else { | |
2021 | id_val = atoi(id); | |
2022 | if (id_val == 0) | |
2023 | return -1; | |
2024 | } | |
2025 | ||
2026 | return dpp_configurator_del(wpa_s, id_val); | |
2027 | } | |
2028 | ||
2029 | ||
f522bb23 JM |
2030 | int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd) |
2031 | { | |
2032 | struct dpp_authentication *auth; | |
2033 | int ret = -1; | |
2034 | char *curve = NULL; | |
2035 | ||
2036 | auth = os_zalloc(sizeof(*auth)); | |
2037 | if (!auth) | |
2038 | return -1; | |
2039 | ||
2040 | curve = get_param(cmd, " curve="); | |
2041 | wpas_dpp_set_configurator(wpa_s, auth, cmd); | |
2042 | ||
2043 | if (dpp_configurator_own_config(auth, curve) == 0) { | |
2044 | wpas_dpp_handle_config_obj(wpa_s, auth); | |
2045 | ret = 0; | |
2046 | } | |
2047 | ||
2048 | dpp_auth_deinit(auth); | |
2049 | os_free(curve); | |
2050 | ||
2051 | return ret; | |
2052 | } | |
2053 | ||
2054 | ||
a0d5c56f JM |
2055 | static void |
2056 | wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s, | |
2057 | unsigned int freq, const u8 *dst, | |
2058 | const u8 *src, const u8 *bssid, | |
2059 | const u8 *data, size_t data_len, | |
2060 | enum offchannel_send_action_result result) | |
2061 | { | |
af48810b JM |
2062 | const char *res_txt; |
2063 | ||
2064 | res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" : | |
2065 | (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" : | |
2066 | "FAILED"); | |
a0d5c56f JM |
2067 | wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR |
2068 | " result=%s (DPP Peer Discovery Request)", | |
af48810b JM |
2069 | freq, MAC2STR(dst), res_txt); |
2070 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR | |
2071 | " freq=%u result=%s", MAC2STR(dst), freq, res_txt); | |
a0d5c56f JM |
2072 | /* TODO: Time out wait for response more quickly in error cases? */ |
2073 | } | |
2074 | ||
2075 | ||
2076 | int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, | |
2077 | struct wpa_bss *bss) | |
2078 | { | |
2079 | struct os_time now; | |
2080 | struct wpabuf *msg; | |
2081 | unsigned int wait_time; | |
2082 | ||
2083 | if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss) | |
2084 | return 0; /* Not using DPP AKM - continue */ | |
2085 | if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid)) | |
2086 | return 0; /* PMKSA exists for DPP AKM - continue */ | |
2087 | ||
2088 | if (!ssid->dpp_connector || !ssid->dpp_netaccesskey || | |
2089 | !ssid->dpp_csign) { | |
2090 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR | |
2091 | "missing %s", | |
2092 | !ssid->dpp_connector ? "Connector" : | |
2093 | (!ssid->dpp_netaccesskey ? "netAccessKey" : | |
2094 | "C-sign-key")); | |
2095 | return -1; | |
2096 | } | |
2097 | ||
2098 | os_get_time(&now); | |
2099 | ||
a0d5c56f JM |
2100 | if (ssid->dpp_netaccesskey_expiry && |
2101 | ssid->dpp_netaccesskey_expiry < now.sec) { | |
2102 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR | |
2103 | "netAccessKey expired"); | |
2104 | return -1; | |
2105 | } | |
2106 | ||
2107 | wpa_printf(MSG_DEBUG, | |
2108 | "DPP: Starting network introduction protocol to derive PMKSA for " | |
2109 | MACSTR, MAC2STR(bss->bssid)); | |
2110 | ||
2111 | msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ, | |
85fd8263 | 2112 | 5 + 4 + os_strlen(ssid->dpp_connector)); |
a0d5c56f JM |
2113 | if (!msg) |
2114 | return -1; | |
2115 | ||
a306ed5a JM |
2116 | #ifdef CONFIG_TESTING_OPTIONS |
2117 | if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) { | |
2118 | wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID"); | |
2119 | goto skip_trans_id; | |
2120 | } | |
2121 | #endif /* CONFIG_TESTING_OPTIONS */ | |
2122 | ||
85fd8263 JM |
2123 | /* Transaction ID */ |
2124 | wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID); | |
2125 | wpabuf_put_le16(msg, 1); | |
2126 | wpabuf_put_u8(msg, TRANSACTION_ID); | |
2127 | ||
a306ed5a JM |
2128 | #ifdef CONFIG_TESTING_OPTIONS |
2129 | skip_trans_id: | |
2130 | if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) { | |
2131 | wpa_printf(MSG_INFO, "DPP: TESTING - no Connector"); | |
2132 | goto skip_connector; | |
2133 | } | |
4b8de0c9 JM |
2134 | if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) { |
2135 | char *connector; | |
2136 | ||
2137 | wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector"); | |
2138 | connector = dpp_corrupt_connector_signature( | |
2139 | ssid->dpp_connector); | |
2140 | if (!connector) { | |
2141 | wpabuf_free(msg); | |
2142 | return -1; | |
2143 | } | |
2144 | wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR); | |
2145 | wpabuf_put_le16(msg, os_strlen(connector)); | |
2146 | wpabuf_put_str(msg, connector); | |
2147 | os_free(connector); | |
2148 | goto skip_connector; | |
2149 | } | |
a306ed5a JM |
2150 | #endif /* CONFIG_TESTING_OPTIONS */ |
2151 | ||
a0d5c56f JM |
2152 | /* DPP Connector */ |
2153 | wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR); | |
2154 | wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector)); | |
2155 | wpabuf_put_str(msg, ssid->dpp_connector); | |
2156 | ||
a306ed5a JM |
2157 | #ifdef CONFIG_TESTING_OPTIONS |
2158 | skip_connector: | |
2159 | #endif /* CONFIG_TESTING_OPTIONS */ | |
2160 | ||
a0d5c56f JM |
2161 | /* TODO: Timeout on AP response */ |
2162 | wait_time = wpa_s->max_remain_on_chan; | |
2163 | if (wait_time > 2000) | |
2164 | wait_time = 2000; | |
af48810b JM |
2165 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", |
2166 | MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ); | |
a0d5c56f JM |
2167 | offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr, |
2168 | broadcast, | |
2169 | wpabuf_head(msg), wpabuf_len(msg), | |
2170 | wait_time, wpas_dpp_tx_introduction_status, 0); | |
2171 | wpabuf_free(msg); | |
2172 | ||
2173 | /* Request this connection attempt to terminate - new one will be | |
2174 | * started when network introduction protocol completes */ | |
2175 | os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN); | |
2176 | wpa_s->dpp_intro_network = ssid; | |
2177 | return 1; | |
2178 | } | |
2179 | ||
2180 | ||
500ed7f0 JM |
2181 | int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd) |
2182 | { | |
2183 | struct dpp_bootstrap_info *own_bi; | |
2184 | const char *pos, *end; | |
2185 | unsigned int wait_time; | |
2186 | ||
2187 | pos = os_strstr(cmd, " own="); | |
2188 | if (!pos) | |
2189 | return -1; | |
2190 | pos += 5; | |
2191 | own_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos)); | |
2192 | if (!own_bi) { | |
2193 | wpa_printf(MSG_DEBUG, | |
2194 | "DPP: Identified bootstrap info not found"); | |
2195 | return -1; | |
2196 | } | |
2197 | if (own_bi->type != DPP_BOOTSTRAP_PKEX) { | |
2198 | wpa_printf(MSG_DEBUG, | |
2199 | "DPP: Identified bootstrap info not for PKEX"); | |
2200 | return -1; | |
2201 | } | |
2202 | wpa_s->dpp_pkex_bi = own_bi; | |
29ab69e4 | 2203 | own_bi->pkex_t = 0; /* clear pending errors on new code */ |
500ed7f0 JM |
2204 | |
2205 | os_free(wpa_s->dpp_pkex_identifier); | |
2206 | wpa_s->dpp_pkex_identifier = NULL; | |
2207 | pos = os_strstr(cmd, " identifier="); | |
2208 | if (pos) { | |
2209 | pos += 12; | |
2210 | end = os_strchr(pos, ' '); | |
2211 | if (!end) | |
2212 | return -1; | |
2213 | wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1); | |
2214 | if (!wpa_s->dpp_pkex_identifier) | |
2215 | return -1; | |
2216 | os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos); | |
2217 | wpa_s->dpp_pkex_identifier[end - pos] = '\0'; | |
2218 | } | |
2219 | ||
2220 | pos = os_strstr(cmd, " code="); | |
2221 | if (!pos) | |
2222 | return -1; | |
2223 | os_free(wpa_s->dpp_pkex_code); | |
2224 | wpa_s->dpp_pkex_code = os_strdup(pos + 6); | |
2225 | if (!wpa_s->dpp_pkex_code) | |
2226 | return -1; | |
2227 | ||
2228 | if (os_strstr(cmd, " init=1")) { | |
2229 | struct wpabuf *msg; | |
2230 | ||
2231 | wpa_printf(MSG_DEBUG, "DPP: Initiating PKEX"); | |
2232 | dpp_pkex_free(wpa_s->dpp_pkex); | |
219d4c9f | 2233 | wpa_s->dpp_pkex = dpp_pkex_init(wpa_s, own_bi, wpa_s->own_addr, |
500ed7f0 JM |
2234 | wpa_s->dpp_pkex_identifier, |
2235 | wpa_s->dpp_pkex_code); | |
2236 | if (!wpa_s->dpp_pkex) | |
2237 | return -1; | |
2238 | ||
2239 | msg = wpa_s->dpp_pkex->exchange_req; | |
2240 | wait_time = wpa_s->max_remain_on_chan; | |
2241 | if (wait_time > 2000) | |
2242 | wait_time = 2000; | |
2243 | /* TODO: Which channel to use? */ | |
af48810b JM |
2244 | wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR |
2245 | " freq=%u type=%d", | |
2246 | MAC2STR(broadcast), 2437, DPP_PA_PKEX_EXCHANGE_REQ); | |
500ed7f0 JM |
2247 | offchannel_send_action(wpa_s, 2437, broadcast, wpa_s->own_addr, |
2248 | broadcast, | |
2249 | wpabuf_head(msg), wpabuf_len(msg), | |
2250 | wait_time, wpas_dpp_tx_pkex_status, 0); | |
2251 | } | |
2252 | ||
2253 | /* TODO: Support multiple PKEX info entries */ | |
2254 | ||
2255 | os_free(wpa_s->dpp_pkex_auth_cmd); | |
2256 | wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd); | |
2257 | ||
2258 | return 1; | |
2259 | } | |
2260 | ||
2261 | ||
2262 | int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id) | |
2263 | { | |
2264 | unsigned int id_val; | |
2265 | ||
2266 | if (os_strcmp(id, "*") == 0) { | |
2267 | id_val = 0; | |
2268 | } else { | |
2269 | id_val = atoi(id); | |
2270 | if (id_val == 0) | |
2271 | return -1; | |
2272 | } | |
2273 | ||
2274 | if ((id_val != 0 && id_val != 1) || !wpa_s->dpp_pkex_code) | |
2275 | return -1; | |
2276 | ||
2277 | /* TODO: Support multiple PKEX entries */ | |
2278 | os_free(wpa_s->dpp_pkex_code); | |
2279 | wpa_s->dpp_pkex_code = NULL; | |
2280 | os_free(wpa_s->dpp_pkex_identifier); | |
2281 | wpa_s->dpp_pkex_identifier = NULL; | |
2282 | os_free(wpa_s->dpp_pkex_auth_cmd); | |
2283 | wpa_s->dpp_pkex_auth_cmd = NULL; | |
2284 | wpa_s->dpp_pkex_bi = NULL; | |
2285 | /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */ | |
2286 | dpp_pkex_free(wpa_s->dpp_pkex); | |
2287 | wpa_s->dpp_pkex = NULL; | |
2288 | return 0; | |
2289 | } | |
2290 | ||
2291 | ||
c1d37739 JM |
2292 | void wpas_dpp_stop(struct wpa_supplicant *wpa_s) |
2293 | { | |
2294 | dpp_auth_deinit(wpa_s->dpp_auth); | |
2295 | wpa_s->dpp_auth = NULL; | |
2296 | } | |
2297 | ||
2298 | ||
be27e185 JM |
2299 | int wpas_dpp_init(struct wpa_supplicant *wpa_s) |
2300 | { | |
461d39af JM |
2301 | u8 adv_proto_id[7]; |
2302 | ||
2303 | adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC; | |
2304 | adv_proto_id[1] = 5; | |
2305 | WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA); | |
2306 | adv_proto_id[5] = DPP_OUI_TYPE; | |
2307 | adv_proto_id[6] = 0x01; | |
2308 | ||
2309 | if (gas_server_register(wpa_s->gas_server, adv_proto_id, | |
2310 | sizeof(adv_proto_id), wpas_dpp_gas_req_handler, | |
2311 | wpas_dpp_gas_status_handler, wpa_s) < 0) | |
2312 | return -1; | |
be27e185 | 2313 | dl_list_init(&wpa_s->dpp_bootstrap); |
461d39af | 2314 | dl_list_init(&wpa_s->dpp_configurator); |
be27e185 JM |
2315 | wpa_s->dpp_init_done = 1; |
2316 | return 0; | |
2317 | } | |
2318 | ||
2319 | ||
2320 | void wpas_dpp_deinit(struct wpa_supplicant *wpa_s) | |
2321 | { | |
461d39af JM |
2322 | #ifdef CONFIG_TESTING_OPTIONS |
2323 | os_free(wpa_s->dpp_config_obj_override); | |
2324 | wpa_s->dpp_config_obj_override = NULL; | |
2325 | os_free(wpa_s->dpp_discovery_override); | |
2326 | wpa_s->dpp_discovery_override = NULL; | |
2327 | os_free(wpa_s->dpp_groups_override); | |
2328 | wpa_s->dpp_groups_override = NULL; | |
461d39af JM |
2329 | wpa_s->dpp_ignore_netaccesskey_mismatch = 0; |
2330 | #endif /* CONFIG_TESTING_OPTIONS */ | |
be27e185 JM |
2331 | if (!wpa_s->dpp_init_done) |
2332 | return; | |
30d27b04 | 2333 | eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); |
f97ace34 | 2334 | eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); |
95b0104a | 2335 | eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL); |
30d27b04 JM |
2336 | offchannel_send_action_done(wpa_s); |
2337 | wpas_dpp_listen_stop(wpa_s); | |
be27e185 | 2338 | dpp_bootstrap_del(wpa_s, 0); |
461d39af | 2339 | dpp_configurator_del(wpa_s, 0); |
30d27b04 JM |
2340 | dpp_auth_deinit(wpa_s->dpp_auth); |
2341 | wpa_s->dpp_auth = NULL; | |
500ed7f0 JM |
2342 | wpas_dpp_pkex_remove(wpa_s, "*"); |
2343 | wpa_s->dpp_pkex = NULL; | |
a0d5c56f | 2344 | os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN); |
b65b22d6 JM |
2345 | os_free(wpa_s->dpp_configurator_params); |
2346 | wpa_s->dpp_configurator_params = NULL; | |
be27e185 | 2347 | } |