]>
Commit | Line | Data |
---|---|---|
fa201b69 JM |
1 | /* |
2 | * wpa_supplicant / WPS integration | |
6fa81a3b | 3 | * Copyright (c) 2008-2010, Jouni Malinen <j@w1.fi> |
fa201b69 JM |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License version 2 as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * Alternatively, this software may be distributed under the terms of BSD | |
10 | * license. | |
11 | * | |
12 | * See README and COPYING for more details. | |
13 | */ | |
14 | ||
15 | #include "includes.h" | |
16 | ||
17 | #include "common.h" | |
03da66bd JM |
18 | #include "eloop.h" |
19 | #include "uuid.h" | |
20 | #include "crypto/dh_group5.h" | |
90973fb2 JM |
21 | #include "common/ieee802_11_defs.h" |
22 | #include "common/ieee802_11_common.h" | |
23 | #include "common/wpa_common.h" | |
03da66bd JM |
24 | #include "common/wpa_ctrl.h" |
25 | #include "eap_common/eap_wsc_common.h" | |
b01c18a8 | 26 | #include "eap_peer/eap.h" |
03da66bd JM |
27 | #include "rsn_supp/wpa.h" |
28 | #include "config.h" | |
fa201b69 | 29 | #include "wpa_supplicant_i.h" |
2d5b792d | 30 | #include "driver_i.h" |
8bac466b | 31 | #include "notify.h" |
a6099152 | 32 | #include "blacklist.h" |
59f2caa9 | 33 | #include "bss.h" |
9ba9fa07 | 34 | #include "scan.h" |
fa201b69 JM |
35 | #include "wps_supplicant.h" |
36 | ||
f7e54365 | 37 | |
31fcea93 | 38 | #ifndef WPS_PIN_SCAN_IGNORE_SEL_REG |
a6099152 | 39 | #define WPS_PIN_SCAN_IGNORE_SEL_REG 3 |
31fcea93 | 40 | #endif /* WPS_PIN_SCAN_IGNORE_SEL_REG */ |
fa201b69 | 41 | |
fcc60db4 | 42 | static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx); |
469fc3a4 | 43 | static void wpas_clear_wps(struct wpa_supplicant *wpa_s); |
fcc60db4 JM |
44 | |
45 | ||
fa201b69 JM |
46 | int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s) |
47 | { | |
a6099152 JM |
48 | if (!wpa_s->wps_success && |
49 | wpa_s->current_ssid && | |
50 | eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) { | |
51 | const u8 *bssid = wpa_s->bssid; | |
52 | if (is_zero_ether_addr(bssid)) | |
53 | bssid = wpa_s->pending_bssid; | |
54 | ||
55 | wpa_printf(MSG_DEBUG, "WPS: PIN registration with " MACSTR | |
56 | " did not succeed - continue trying to find " | |
57 | "suitable AP", MAC2STR(bssid)); | |
58 | wpa_blacklist_add(wpa_s, bssid); | |
59 | ||
60 | wpa_supplicant_deauthenticate(wpa_s, | |
61 | WLAN_REASON_DEAUTH_LEAVING); | |
62 | wpa_s->reassociate = 1; | |
63 | wpa_supplicant_req_scan(wpa_s, | |
64 | wpa_s->blacklist_cleared ? 5 : 0, 0); | |
65 | wpa_s->blacklist_cleared = 0; | |
66 | return 1; | |
67 | } | |
68 | ||
fcc60db4 JM |
69 | eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL); |
70 | ||
fa201b69 JM |
71 | if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid && |
72 | !(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { | |
73 | wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - " | |
74 | "try to associate with the received credential"); | |
75 | wpa_supplicant_deauthenticate(wpa_s, | |
76 | WLAN_REASON_DEAUTH_LEAVING); | |
17a4734d JM |
77 | wpa_s->after_wps = 5; |
78 | wpa_s->wps_freq = wpa_s->assoc_freq; | |
fa201b69 JM |
79 | wpa_s->reassociate = 1; |
80 | wpa_supplicant_req_scan(wpa_s, 0, 0); | |
81 | return 1; | |
82 | } | |
83 | ||
47662164 JM |
84 | if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid) { |
85 | wpa_printf(MSG_DEBUG, "WPS: Registration completed - waiting " | |
86 | "for external credential processing"); | |
87 | wpas_clear_wps(wpa_s); | |
88 | wpa_supplicant_deauthenticate(wpa_s, | |
89 | WLAN_REASON_DEAUTH_LEAVING); | |
90 | return 1; | |
91 | } | |
92 | ||
fa201b69 JM |
93 | return 0; |
94 | } | |
95 | ||
96 | ||
7cc1b6c9 JM |
97 | static void wpas_wps_security_workaround(struct wpa_supplicant *wpa_s, |
98 | struct wpa_ssid *ssid, | |
99 | const struct wps_credential *cred) | |
100 | { | |
101 | struct wpa_driver_capa capa; | |
59f2caa9 | 102 | struct wpa_bss *bss; |
7cc1b6c9 JM |
103 | const u8 *ie; |
104 | struct wpa_ie_data adv; | |
105 | int wpa2 = 0, ccmp = 0; | |
106 | ||
107 | /* | |
108 | * Many existing WPS APs do not know how to negotiate WPA2 or CCMP in | |
109 | * case they are configured for mixed mode operation (WPA+WPA2 and | |
110 | * TKIP+CCMP). Try to use scan results to figure out whether the AP | |
111 | * actually supports stronger security and select that if the client | |
112 | * has support for it, too. | |
113 | */ | |
114 | ||
115 | if (wpa_drv_get_capa(wpa_s, &capa)) | |
116 | return; /* Unknown what driver supports */ | |
117 | ||
59f2caa9 JM |
118 | bss = wpa_bss_get(wpa_s, cred->mac_addr, ssid->ssid, ssid->ssid_len); |
119 | if (bss == NULL) { | |
120 | wpa_printf(MSG_DEBUG, "WPS: The AP was not found from BSS " | |
121 | "table - use credential as-is"); | |
7cc1b6c9 JM |
122 | return; |
123 | } | |
124 | ||
59f2caa9 JM |
125 | wpa_printf(MSG_DEBUG, "WPS: AP found from BSS table"); |
126 | ||
127 | ie = wpa_bss_get_ie(bss, WLAN_EID_RSN); | |
7cc1b6c9 JM |
128 | if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0) { |
129 | wpa2 = 1; | |
130 | if (adv.pairwise_cipher & WPA_CIPHER_CCMP) | |
131 | ccmp = 1; | |
132 | } else { | |
59f2caa9 | 133 | ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); |
7cc1b6c9 JM |
134 | if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0 && |
135 | adv.pairwise_cipher & WPA_CIPHER_CCMP) | |
136 | ccmp = 1; | |
137 | } | |
138 | ||
139 | if (ie == NULL && (ssid->proto & WPA_PROTO_WPA) && | |
140 | (ssid->pairwise_cipher & WPA_CIPHER_TKIP)) { | |
141 | /* | |
142 | * TODO: This could be the initial AP configuration and the | |
143 | * Beacon contents could change shortly. Should request a new | |
144 | * scan and delay addition of the network until the updated | |
145 | * scan results are available. | |
146 | */ | |
147 | wpa_printf(MSG_DEBUG, "WPS: The AP did not yet advertise WPA " | |
148 | "support - use credential as-is"); | |
149 | return; | |
150 | } | |
151 | ||
152 | if (ccmp && !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) && | |
153 | (ssid->pairwise_cipher & WPA_CIPHER_TKIP) && | |
154 | (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) { | |
155 | wpa_printf(MSG_DEBUG, "WPS: Add CCMP into the credential " | |
156 | "based on scan results"); | |
157 | if (wpa_s->conf->ap_scan == 1) | |
158 | ssid->pairwise_cipher |= WPA_CIPHER_CCMP; | |
159 | else | |
160 | ssid->pairwise_cipher = WPA_CIPHER_CCMP; | |
161 | } | |
162 | ||
163 | if (wpa2 && !(ssid->proto & WPA_PROTO_RSN) && | |
164 | (ssid->proto & WPA_PROTO_WPA) && | |
165 | (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP)) { | |
166 | wpa_printf(MSG_DEBUG, "WPS: Add WPA2 into the credential " | |
167 | "based on scan results"); | |
168 | if (wpa_s->conf->ap_scan == 1) | |
169 | ssid->proto |= WPA_PROTO_RSN; | |
170 | else | |
171 | ssid->proto = WPA_PROTO_RSN; | |
172 | } | |
173 | } | |
174 | ||
175 | ||
bcbbc7af JM |
176 | static int wpa_supplicant_wps_cred(void *ctx, |
177 | const struct wps_credential *cred) | |
fa201b69 JM |
178 | { |
179 | struct wpa_supplicant *wpa_s = ctx; | |
180 | struct wpa_ssid *ssid = wpa_s->current_ssid; | |
522b5b6e | 181 | u8 key_idx = 0; |
49eba5f8 | 182 | u16 auth_type; |
fa201b69 | 183 | |
47662164 JM |
184 | if ((wpa_s->conf->wps_cred_processing == 1 || |
185 | wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) { | |
186 | size_t blen = cred->cred_attr_len * 2 + 1; | |
187 | char *buf = os_malloc(blen); | |
188 | if (buf) { | |
189 | wpa_snprintf_hex(buf, blen, | |
190 | cred->cred_attr, cred->cred_attr_len); | |
191 | wpa_msg(wpa_s, MSG_INFO, "%s%s", | |
192 | WPS_EVENT_CRED_RECEIVED, buf); | |
193 | os_free(buf); | |
194 | } | |
8bac466b JM |
195 | |
196 | wpas_notify_wps_credential(wpa_s, cred); | |
47662164 JM |
197 | } else |
198 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CRED_RECEIVED); | |
fa201b69 | 199 | |
eca6e0a9 JM |
200 | wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute", |
201 | cred->cred_attr, cred->cred_attr_len); | |
202 | ||
47662164 JM |
203 | if (wpa_s->conf->wps_cred_processing == 1) |
204 | return 0; | |
205 | ||
73267b9c JM |
206 | wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len); |
207 | wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x", | |
208 | cred->auth_type); | |
209 | wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type); | |
210 | wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx); | |
211 | wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", | |
212 | cred->key, cred->key_len); | |
213 | wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR, | |
214 | MAC2STR(cred->mac_addr)); | |
215 | ||
49eba5f8 JM |
216 | auth_type = cred->auth_type; |
217 | if (auth_type == (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) { | |
218 | wpa_printf(MSG_DEBUG, "WPS: Workaround - convert mixed-mode " | |
219 | "auth_type into WPA2PSK"); | |
220 | auth_type = WPS_AUTH_WPA2PSK; | |
221 | } | |
222 | ||
223 | if (auth_type != WPS_AUTH_OPEN && | |
224 | auth_type != WPS_AUTH_SHARED && | |
225 | auth_type != WPS_AUTH_WPAPSK && | |
226 | auth_type != WPS_AUTH_WPA2PSK) { | |
f286077d | 227 | wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for " |
49eba5f8 JM |
228 | "unsupported authentication type 0x%x", |
229 | auth_type); | |
f286077d JM |
230 | return 0; |
231 | } | |
232 | ||
fa201b69 JM |
233 | if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { |
234 | wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based " | |
235 | "on the received credential"); | |
236 | os_free(ssid->eap.identity); | |
237 | ssid->eap.identity = NULL; | |
238 | ssid->eap.identity_len = 0; | |
239 | os_free(ssid->eap.phase1); | |
240 | ssid->eap.phase1 = NULL; | |
241 | os_free(ssid->eap.eap_methods); | |
242 | ssid->eap.eap_methods = NULL; | |
243 | } else { | |
244 | wpa_printf(MSG_DEBUG, "WPS: Create a new network based on the " | |
245 | "received credential"); | |
246 | ssid = wpa_config_add_network(wpa_s->conf); | |
247 | if (ssid == NULL) | |
248 | return -1; | |
8bac466b | 249 | wpas_notify_network_added(wpa_s, ssid); |
fa201b69 JM |
250 | } |
251 | ||
252 | wpa_config_set_network_defaults(ssid); | |
253 | ||
254 | os_free(ssid->ssid); | |
255 | ssid->ssid = os_malloc(cred->ssid_len); | |
256 | if (ssid->ssid) { | |
257 | os_memcpy(ssid->ssid, cred->ssid, cred->ssid_len); | |
258 | ssid->ssid_len = cred->ssid_len; | |
259 | } | |
260 | ||
261 | switch (cred->encr_type) { | |
262 | case WPS_ENCR_NONE: | |
fa201b69 JM |
263 | break; |
264 | case WPS_ENCR_WEP: | |
4b195a1b AT |
265 | if (cred->key_len <= 0) |
266 | break; | |
267 | if (cred->key_len != 5 && cred->key_len != 13 && | |
268 | cred->key_len != 10 && cred->key_len != 26) { | |
269 | wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key length " | |
270 | "%lu", (unsigned long) cred->key_len); | |
271 | return -1; | |
272 | } | |
522b5b6e | 273 | if (cred->key_idx > NUM_WEP_KEYS) { |
4b195a1b AT |
274 | wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key index %d", |
275 | cred->key_idx); | |
276 | return -1; | |
277 | } | |
522b5b6e AT |
278 | if (cred->key_idx) |
279 | key_idx = cred->key_idx - 1; | |
4b195a1b AT |
280 | if (cred->key_len == 10 || cred->key_len == 26) { |
281 | if (hexstr2bin((char *) cred->key, | |
282 | ssid->wep_key[key_idx], | |
283 | cred->key_len / 2) < 0) { | |
284 | wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key " | |
285 | "%d", key_idx); | |
286 | return -1; | |
287 | } | |
288 | ssid->wep_key_len[key_idx] = cred->key_len / 2; | |
289 | } else { | |
290 | os_memcpy(ssid->wep_key[key_idx], cred->key, | |
fa201b69 | 291 | cred->key_len); |
4b195a1b | 292 | ssid->wep_key_len[key_idx] = cred->key_len; |
fa201b69 | 293 | } |
4b195a1b | 294 | ssid->wep_tx_keyidx = key_idx; |
fa201b69 JM |
295 | break; |
296 | case WPS_ENCR_TKIP: | |
297 | ssid->pairwise_cipher = WPA_CIPHER_TKIP; | |
fa201b69 JM |
298 | break; |
299 | case WPS_ENCR_AES: | |
300 | ssid->pairwise_cipher = WPA_CIPHER_CCMP; | |
fa201b69 JM |
301 | break; |
302 | } | |
303 | ||
49eba5f8 | 304 | switch (auth_type) { |
fa201b69 JM |
305 | case WPS_AUTH_OPEN: |
306 | ssid->auth_alg = WPA_AUTH_ALG_OPEN; | |
307 | ssid->key_mgmt = WPA_KEY_MGMT_NONE; | |
308 | ssid->proto = 0; | |
309 | break; | |
310 | case WPS_AUTH_SHARED: | |
311 | ssid->auth_alg = WPA_AUTH_ALG_SHARED; | |
312 | ssid->key_mgmt = WPA_KEY_MGMT_NONE; | |
313 | ssid->proto = 0; | |
314 | break; | |
315 | case WPS_AUTH_WPAPSK: | |
316 | ssid->auth_alg = WPA_AUTH_ALG_OPEN; | |
317 | ssid->key_mgmt = WPA_KEY_MGMT_PSK; | |
318 | ssid->proto = WPA_PROTO_WPA; | |
319 | break; | |
320 | case WPS_AUTH_WPA: | |
321 | ssid->auth_alg = WPA_AUTH_ALG_OPEN; | |
322 | ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X; | |
323 | ssid->proto = WPA_PROTO_WPA; | |
324 | break; | |
325 | case WPS_AUTH_WPA2: | |
326 | ssid->auth_alg = WPA_AUTH_ALG_OPEN; | |
327 | ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X; | |
328 | ssid->proto = WPA_PROTO_RSN; | |
329 | break; | |
330 | case WPS_AUTH_WPA2PSK: | |
331 | ssid->auth_alg = WPA_AUTH_ALG_OPEN; | |
332 | ssid->key_mgmt = WPA_KEY_MGMT_PSK; | |
333 | ssid->proto = WPA_PROTO_RSN; | |
334 | break; | |
335 | } | |
336 | ||
337 | if (ssid->key_mgmt == WPA_KEY_MGMT_PSK) { | |
338 | if (cred->key_len == 2 * PMK_LEN) { | |
339 | if (hexstr2bin((const char *) cred->key, ssid->psk, | |
340 | PMK_LEN)) { | |
341 | wpa_printf(MSG_ERROR, "WPS: Invalid Network " | |
342 | "Key"); | |
343 | return -1; | |
344 | } | |
345 | ssid->psk_set = 1; | |
346 | } else if (cred->key_len >= 8 && cred->key_len < 2 * PMK_LEN) { | |
347 | os_free(ssid->passphrase); | |
348 | ssid->passphrase = os_malloc(cred->key_len + 1); | |
349 | if (ssid->passphrase == NULL) | |
350 | return -1; | |
351 | os_memcpy(ssid->passphrase, cred->key, cred->key_len); | |
352 | ssid->passphrase[cred->key_len] = '\0'; | |
353 | wpa_config_update_psk(ssid); | |
354 | } else { | |
355 | wpa_printf(MSG_ERROR, "WPS: Invalid Network Key " | |
356 | "length %lu", | |
357 | (unsigned long) cred->key_len); | |
358 | return -1; | |
359 | } | |
360 | } | |
361 | ||
7cc1b6c9 JM |
362 | wpas_wps_security_workaround(wpa_s, ssid, cred); |
363 | ||
fa201b69 JM |
364 | #ifndef CONFIG_NO_CONFIG_WRITE |
365 | if (wpa_s->conf->update_config && | |
366 | wpa_config_write(wpa_s->confname, wpa_s->conf)) { | |
367 | wpa_printf(MSG_DEBUG, "WPS: Failed to update configuration"); | |
368 | return -1; | |
369 | } | |
370 | #endif /* CONFIG_NO_CONFIG_WRITE */ | |
371 | ||
372 | return 0; | |
373 | } | |
374 | ||
375 | ||
4b68290e JM |
376 | static void wpa_supplicant_wps_event_m2d(struct wpa_supplicant *wpa_s, |
377 | struct wps_event_m2d *m2d) | |
378 | { | |
379 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_M2D | |
380 | "dev_password_id=%d config_error=%d", | |
381 | m2d->dev_password_id, m2d->config_error); | |
8bac466b | 382 | wpas_notify_wps_event_m2d(wpa_s, m2d); |
4b68290e JM |
383 | } |
384 | ||
385 | ||
469fc3a4 JM |
386 | static void wpa_supplicant_wps_event_fail(struct wpa_supplicant *wpa_s, |
387 | struct wps_event_fail *fail) | |
388 | { | |
389 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_FAIL "msg=%d", fail->msg); | |
390 | wpas_clear_wps(wpa_s); | |
8bac466b | 391 | wpas_notify_wps_event_fail(wpa_s, fail); |
469fc3a4 JM |
392 | } |
393 | ||
394 | ||
ad5302a1 JM |
395 | static void wpa_supplicant_wps_event_success(struct wpa_supplicant *wpa_s) |
396 | { | |
397 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_SUCCESS); | |
a6099152 | 398 | wpa_s->wps_success = 1; |
8bac466b | 399 | wpas_notify_wps_event_success(wpa_s); |
ad5302a1 JM |
400 | } |
401 | ||
402 | ||
b78bc3a3 JM |
403 | static void wpa_supplicant_wps_event_er_ap_add(struct wpa_supplicant *wpa_s, |
404 | struct wps_event_er_ap *ap) | |
405 | { | |
406 | char uuid_str[100]; | |
ed45947e | 407 | char dev_type[WPS_DEV_TYPE_BUFSIZE]; |
e694b344 | 408 | |
b78bc3a3 | 409 | uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str)); |
e694b344 | 410 | if (ap->pri_dev_type) |
ed45947e JM |
411 | wps_dev_type_bin2str(ap->pri_dev_type, dev_type, |
412 | sizeof(dev_type)); | |
e694b344 JM |
413 | else |
414 | dev_type[0] = '\0'; | |
415 | ||
416 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_ADD "%s " MACSTR | |
417 | " pri_dev_type=%s wps_state=%d |%s|%s|%s|%s|%s|%s|", | |
418 | uuid_str, MAC2STR(ap->mac_addr), dev_type, ap->wps_state, | |
b78bc3a3 JM |
419 | ap->friendly_name ? ap->friendly_name : "", |
420 | ap->manufacturer ? ap->manufacturer : "", | |
421 | ap->model_description ? ap->model_description : "", | |
422 | ap->model_name ? ap->model_name : "", | |
423 | ap->manufacturer_url ? ap->manufacturer_url : "", | |
424 | ap->model_url ? ap->model_url : ""); | |
425 | } | |
426 | ||
427 | ||
428 | static void wpa_supplicant_wps_event_er_ap_remove(struct wpa_supplicant *wpa_s, | |
429 | struct wps_event_er_ap *ap) | |
430 | { | |
431 | char uuid_str[100]; | |
432 | uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str)); | |
433 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_REMOVE "%s", uuid_str); | |
434 | } | |
435 | ||
436 | ||
437 | static void wpa_supplicant_wps_event_er_enrollee_add( | |
438 | struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee) | |
439 | { | |
440 | char uuid_str[100]; | |
ed45947e | 441 | char dev_type[WPS_DEV_TYPE_BUFSIZE]; |
b78bc3a3 JM |
442 | |
443 | uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str)); | |
444 | if (enrollee->pri_dev_type) | |
ed45947e JM |
445 | wps_dev_type_bin2str(enrollee->pri_dev_type, dev_type, |
446 | sizeof(dev_type)); | |
b78bc3a3 JM |
447 | else |
448 | dev_type[0] = '\0'; | |
449 | ||
450 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_ADD "%s " MACSTR | |
451 | " M1=%d config_methods=0x%x dev_passwd_id=%d pri_dev_type=%s " | |
452 | "|%s|%s|%s|%s|%s|", | |
453 | uuid_str, MAC2STR(enrollee->mac_addr), enrollee->m1_received, | |
454 | enrollee->config_methods, enrollee->dev_passwd_id, dev_type, | |
455 | enrollee->dev_name ? enrollee->dev_name : "", | |
456 | enrollee->manufacturer ? enrollee->manufacturer : "", | |
457 | enrollee->model_name ? enrollee->model_name : "", | |
458 | enrollee->model_number ? enrollee->model_number : "", | |
459 | enrollee->serial_number ? enrollee->serial_number : ""); | |
460 | } | |
461 | ||
462 | ||
463 | static void wpa_supplicant_wps_event_er_enrollee_remove( | |
464 | struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee) | |
465 | { | |
466 | char uuid_str[100]; | |
467 | uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str)); | |
468 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_REMOVE "%s " MACSTR, | |
469 | uuid_str, MAC2STR(enrollee->mac_addr)); | |
470 | } | |
471 | ||
472 | ||
15dbf129 JM |
473 | static void wpa_supplicant_wps_event_er_ap_settings( |
474 | struct wpa_supplicant *wpa_s, | |
475 | struct wps_event_er_ap_settings *ap_settings) | |
476 | { | |
477 | char uuid_str[100]; | |
478 | char key_str[65]; | |
479 | const struct wps_credential *cred = ap_settings->cred; | |
480 | ||
481 | key_str[0] = '\0'; | |
482 | if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) { | |
483 | if (cred->key_len >= 8 && cred->key_len <= 64) { | |
484 | os_memcpy(key_str, cred->key, cred->key_len); | |
485 | key_str[cred->key_len] = '\0'; | |
486 | } | |
487 | } | |
488 | ||
489 | uuid_bin2str(ap_settings->uuid, uuid_str, sizeof(uuid_str)); | |
490 | /* Use wpa_msg_ctrl to avoid showing the key in debug log */ | |
491 | wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_SETTINGS | |
492 | "uuid=%s ssid=%s auth_type=0x%04x encr_type=0x%04x " | |
493 | "key=%s", | |
494 | uuid_str, wpa_ssid_txt(cred->ssid, cred->ssid_len), | |
495 | cred->auth_type, cred->encr_type, key_str); | |
496 | } | |
497 | ||
498 | ||
4b68290e JM |
499 | static void wpa_supplicant_wps_event(void *ctx, enum wps_event event, |
500 | union wps_event_data *data) | |
501 | { | |
502 | struct wpa_supplicant *wpa_s = ctx; | |
503 | switch (event) { | |
504 | case WPS_EV_M2D: | |
505 | wpa_supplicant_wps_event_m2d(wpa_s, &data->m2d); | |
506 | break; | |
469fc3a4 JM |
507 | case WPS_EV_FAIL: |
508 | wpa_supplicant_wps_event_fail(wpa_s, &data->fail); | |
509 | break; | |
ad5302a1 JM |
510 | case WPS_EV_SUCCESS: |
511 | wpa_supplicant_wps_event_success(wpa_s); | |
512 | break; | |
3b2cf800 JM |
513 | case WPS_EV_PWD_AUTH_FAIL: |
514 | break; | |
63330c68 OK |
515 | case WPS_EV_PBC_OVERLAP: |
516 | break; | |
517 | case WPS_EV_PBC_TIMEOUT: | |
518 | break; | |
b78bc3a3 JM |
519 | case WPS_EV_ER_AP_ADD: |
520 | wpa_supplicant_wps_event_er_ap_add(wpa_s, &data->ap); | |
521 | break; | |
522 | case WPS_EV_ER_AP_REMOVE: | |
523 | wpa_supplicant_wps_event_er_ap_remove(wpa_s, &data->ap); | |
524 | break; | |
525 | case WPS_EV_ER_ENROLLEE_ADD: | |
526 | wpa_supplicant_wps_event_er_enrollee_add(wpa_s, | |
527 | &data->enrollee); | |
528 | break; | |
529 | case WPS_EV_ER_ENROLLEE_REMOVE: | |
530 | wpa_supplicant_wps_event_er_enrollee_remove(wpa_s, | |
531 | &data->enrollee); | |
532 | break; | |
15dbf129 JM |
533 | case WPS_EV_ER_AP_SETTINGS: |
534 | wpa_supplicant_wps_event_er_ap_settings(wpa_s, | |
535 | &data->ap_settings); | |
536 | break; | |
4b68290e JM |
537 | } |
538 | } | |
539 | ||
540 | ||
f90c86d4 | 541 | enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid) |
fa201b69 | 542 | { |
b01c18a8 JM |
543 | if (eap_is_wps_pbc_enrollee(&ssid->eap) || |
544 | eap_is_wps_pin_enrollee(&ssid->eap)) | |
545 | return WPS_REQ_ENROLLEE; | |
546 | else | |
547 | return WPS_REQ_REGISTRAR; | |
fa201b69 | 548 | } |
116654ce JM |
549 | |
550 | ||
fcc60db4 JM |
551 | static void wpas_clear_wps(struct wpa_supplicant *wpa_s) |
552 | { | |
553 | int id; | |
8bac466b | 554 | struct wpa_ssid *ssid, *remove_ssid = NULL; |
fcc60db4 JM |
555 | |
556 | eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL); | |
557 | ||
558 | /* Remove any existing WPS network from configuration */ | |
559 | ssid = wpa_s->conf->ssid; | |
560 | while (ssid) { | |
f0477201 | 561 | if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) { |
8bac466b | 562 | if (ssid == wpa_s->current_ssid) { |
f0477201 | 563 | wpa_s->current_ssid = NULL; |
8bac466b JM |
564 | if (ssid != NULL) |
565 | wpas_notify_network_changed(wpa_s); | |
566 | } | |
fcc60db4 | 567 | id = ssid->id; |
8bac466b | 568 | remove_ssid = ssid; |
f0477201 | 569 | } else |
fcc60db4 JM |
570 | id = -1; |
571 | ssid = ssid->next; | |
8bac466b JM |
572 | if (id >= 0) { |
573 | wpas_notify_network_removed(wpa_s, remove_ssid); | |
fcc60db4 | 574 | wpa_config_remove_network(wpa_s->conf, id); |
8bac466b | 575 | } |
fcc60db4 JM |
576 | } |
577 | } | |
578 | ||
579 | ||
580 | static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx) | |
581 | { | |
582 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
a6099152 JM |
583 | wpa_printf(MSG_INFO, WPS_EVENT_TIMEOUT "Requested operation timed " |
584 | "out"); | |
fcc60db4 JM |
585 | wpas_clear_wps(wpa_s); |
586 | } | |
587 | ||
588 | ||
589 | static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s, | |
590 | int registrar, const u8 *bssid) | |
591 | { | |
592 | struct wpa_ssid *ssid; | |
593 | ||
594 | ssid = wpa_config_add_network(wpa_s->conf); | |
595 | if (ssid == NULL) | |
596 | return NULL; | |
8bac466b | 597 | wpas_notify_network_added(wpa_s, ssid); |
fcc60db4 JM |
598 | wpa_config_set_network_defaults(ssid); |
599 | if (wpa_config_set(ssid, "key_mgmt", "WPS", 0) < 0 || | |
600 | wpa_config_set(ssid, "eap", "WSC", 0) < 0 || | |
601 | wpa_config_set(ssid, "identity", registrar ? | |
602 | "\"" WSC_ID_REGISTRAR "\"" : | |
603 | "\"" WSC_ID_ENROLLEE "\"", 0) < 0) { | |
8bac466b | 604 | wpas_notify_network_removed(wpa_s, ssid); |
fcc60db4 JM |
605 | wpa_config_remove_network(wpa_s->conf, ssid->id); |
606 | return NULL; | |
607 | } | |
608 | ||
609 | if (bssid) { | |
59f2caa9 | 610 | struct wpa_bss *bss; |
f7e54365 | 611 | int count = 0; |
fcc60db4 JM |
612 | |
613 | os_memcpy(ssid->bssid, bssid, ETH_ALEN); | |
24c23d1b | 614 | ssid->bssid_set = 1; |
fcc60db4 | 615 | |
59f2caa9 JM |
616 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { |
617 | if (os_memcmp(bssid, bss->bssid, ETH_ALEN) != 0) | |
fcc60db4 JM |
618 | continue; |
619 | ||
fcc60db4 | 620 | os_free(ssid->ssid); |
59f2caa9 | 621 | ssid->ssid = os_malloc(bss->ssid_len); |
fcc60db4 JM |
622 | if (ssid->ssid == NULL) |
623 | break; | |
59f2caa9 JM |
624 | os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len); |
625 | ssid->ssid_len = bss->ssid_len; | |
f7e54365 JM |
626 | wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from " |
627 | "scan results", | |
628 | ssid->ssid, ssid->ssid_len); | |
629 | count++; | |
630 | } | |
631 | ||
632 | if (count > 1) { | |
633 | wpa_printf(MSG_DEBUG, "WPS: More than one SSID found " | |
634 | "for the AP; use wildcard"); | |
635 | os_free(ssid->ssid); | |
636 | ssid->ssid = NULL; | |
637 | ssid->ssid_len = 0; | |
fcc60db4 JM |
638 | } |
639 | } | |
640 | ||
641 | return ssid; | |
642 | } | |
643 | ||
644 | ||
645 | static void wpas_wps_reassoc(struct wpa_supplicant *wpa_s, | |
646 | struct wpa_ssid *selected) | |
647 | { | |
648 | struct wpa_ssid *ssid; | |
649 | ||
650 | /* Mark all other networks disabled and trigger reassociation */ | |
651 | ssid = wpa_s->conf->ssid; | |
652 | while (ssid) { | |
8bac466b | 653 | int was_disabled = ssid->disabled; |
fcc60db4 | 654 | ssid->disabled = ssid != selected; |
8bac466b JM |
655 | if (was_disabled != ssid->disabled) |
656 | wpas_notify_network_enabled_changed(wpa_s, ssid); | |
fcc60db4 JM |
657 | ssid = ssid->next; |
658 | } | |
659 | wpa_s->disconnected = 0; | |
660 | wpa_s->reassociate = 1; | |
a6099152 JM |
661 | wpa_s->scan_runs = 0; |
662 | wpa_s->wps_success = 0; | |
663 | wpa_s->blacklist_cleared = 0; | |
fcc60db4 JM |
664 | wpa_supplicant_req_scan(wpa_s, 0, 0); |
665 | } | |
666 | ||
667 | ||
668 | int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid) | |
669 | { | |
670 | struct wpa_ssid *ssid; | |
671 | wpas_clear_wps(wpa_s); | |
672 | ssid = wpas_wps_add_network(wpa_s, 0, bssid); | |
673 | if (ssid == NULL) | |
674 | return -1; | |
675 | wpa_config_set(ssid, "phase1", "\"pbc=1\"", 0); | |
676 | eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout, | |
677 | wpa_s, NULL); | |
678 | wpas_wps_reassoc(wpa_s, ssid); | |
679 | return 0; | |
680 | } | |
681 | ||
682 | ||
683 | int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid, | |
684 | const char *pin) | |
685 | { | |
686 | struct wpa_ssid *ssid; | |
46bdb83a | 687 | char val[128]; |
fcc60db4 JM |
688 | unsigned int rpin = 0; |
689 | ||
690 | wpas_clear_wps(wpa_s); | |
691 | ssid = wpas_wps_add_network(wpa_s, 0, bssid); | |
692 | if (ssid == NULL) | |
693 | return -1; | |
694 | if (pin) | |
695 | os_snprintf(val, sizeof(val), "\"pin=%s\"", pin); | |
696 | else { | |
697 | rpin = wps_generate_pin(); | |
698 | os_snprintf(val, sizeof(val), "\"pin=%08d\"", rpin); | |
699 | } | |
700 | wpa_config_set(ssid, "phase1", val, 0); | |
701 | eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout, | |
702 | wpa_s, NULL); | |
703 | wpas_wps_reassoc(wpa_s, ssid); | |
704 | return rpin; | |
705 | } | |
706 | ||
707 | ||
116f7bb0 | 708 | #ifdef CONFIG_WPS_OOB |
46bdb83a | 709 | int wpas_wps_start_oob(struct wpa_supplicant *wpa_s, char *device_type, |
e1ee6b60 | 710 | char *path, char *method, char *name) |
46bdb83a MH |
711 | { |
712 | struct wps_context *wps = wpa_s->wps; | |
7cbf51bb | 713 | struct oob_device_data *oob_dev; |
46bdb83a | 714 | |
7cbf51bb JM |
715 | oob_dev = wps_get_oob_device(device_type); |
716 | if (oob_dev == NULL) | |
46bdb83a | 717 | return -1; |
7cbf51bb | 718 | oob_dev->device_path = path; |
e1ee6b60 | 719 | oob_dev->device_name = name; |
46bdb83a MH |
720 | wps->oob_conf.oob_method = wps_get_oob_method(method); |
721 | ||
d5e2b2d2 JM |
722 | if (wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_E) { |
723 | /* | |
724 | * Use pre-configured DH keys in order to be able to write the | |
725 | * key hash into the OOB file. | |
726 | */ | |
727 | wpabuf_free(wps->dh_pubkey); | |
728 | wpabuf_free(wps->dh_privkey); | |
729 | wps->dh_privkey = NULL; | |
f042122a JM |
730 | wps->dh_pubkey = NULL; |
731 | dh5_free(wps->dh_ctx); | |
732 | wps->dh_ctx = dh5_init(&wps->dh_privkey, &wps->dh_pubkey); | |
d5e2b2d2 | 733 | wps->dh_pubkey = wpabuf_zeropad(wps->dh_pubkey, 192); |
f042122a | 734 | if (wps->dh_ctx == NULL || wps->dh_pubkey == NULL) { |
d5e2b2d2 JM |
735 | wpa_printf(MSG_ERROR, "WPS: Failed to initialize " |
736 | "Diffie-Hellman handshake"); | |
737 | return -1; | |
738 | } | |
739 | } | |
740 | ||
46bdb83a MH |
741 | if (wps->oob_conf.oob_method == OOB_METHOD_CRED) |
742 | wpas_clear_wps(wpa_s); | |
743 | ||
7cbf51bb | 744 | if (wps_process_oob(wps, oob_dev, 0) < 0) |
46bdb83a MH |
745 | return -1; |
746 | ||
747 | if ((wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_E || | |
748 | wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_R) && | |
749 | wpas_wps_start_pin(wpa_s, NULL, | |
750 | wpabuf_head(wps->oob_conf.dev_password)) < 0) | |
751 | return -1; | |
752 | ||
753 | return 0; | |
754 | } | |
116f7bb0 | 755 | #endif /* CONFIG_WPS_OOB */ |
46bdb83a MH |
756 | |
757 | ||
fcc60db4 | 758 | int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid, |
52eb293d | 759 | const char *pin, struct wps_new_ap_settings *settings) |
fcc60db4 JM |
760 | { |
761 | struct wpa_ssid *ssid; | |
52eb293d JM |
762 | char val[200]; |
763 | char *pos, *end; | |
764 | int res; | |
fcc60db4 JM |
765 | |
766 | if (!pin) | |
767 | return -1; | |
768 | wpas_clear_wps(wpa_s); | |
769 | ssid = wpas_wps_add_network(wpa_s, 1, bssid); | |
770 | if (ssid == NULL) | |
771 | return -1; | |
52eb293d JM |
772 | pos = val; |
773 | end = pos + sizeof(val); | |
774 | res = os_snprintf(pos, end - pos, "\"pin=%s", pin); | |
775 | if (res < 0 || res >= end - pos) | |
776 | return -1; | |
777 | pos += res; | |
778 | if (settings) { | |
779 | res = os_snprintf(pos, end - pos, " new_ssid=%s new_auth=%s " | |
780 | "new_encr=%s new_key=%s", | |
781 | settings->ssid_hex, settings->auth, | |
782 | settings->encr, settings->key_hex); | |
783 | if (res < 0 || res >= end - pos) | |
784 | return -1; | |
785 | pos += res; | |
786 | } | |
787 | res = os_snprintf(pos, end - pos, "\""); | |
788 | if (res < 0 || res >= end - pos) | |
789 | return -1; | |
fcc60db4 JM |
790 | wpa_config_set(ssid, "phase1", val, 0); |
791 | eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout, | |
792 | wpa_s, NULL); | |
793 | wpas_wps_reassoc(wpa_s, ssid); | |
794 | return 0; | |
795 | } | |
796 | ||
797 | ||
c5adf528 JM |
798 | static int wpas_wps_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *psk, |
799 | size_t psk_len) | |
800 | { | |
801 | wpa_printf(MSG_DEBUG, "WPS: Received new WPA/WPA2-PSK from WPS for " | |
802 | "STA " MACSTR, MAC2STR(mac_addr)); | |
803 | wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len); | |
804 | ||
805 | /* TODO */ | |
806 | ||
807 | return 0; | |
808 | } | |
809 | ||
810 | ||
811 | static void wpas_wps_pin_needed_cb(void *ctx, const u8 *uuid_e, | |
812 | const struct wps_device_data *dev) | |
813 | { | |
814 | char uuid[40], txt[400]; | |
815 | int len; | |
96750ea5 | 816 | char devtype[WPS_DEV_TYPE_BUFSIZE]; |
c5adf528 JM |
817 | if (uuid_bin2str(uuid_e, uuid, sizeof(uuid))) |
818 | return; | |
819 | wpa_printf(MSG_DEBUG, "WPS: PIN needed for UUID-E %s", uuid); | |
820 | len = os_snprintf(txt, sizeof(txt), "WPS-EVENT-PIN-NEEDED %s " MACSTR | |
96750ea5 | 821 | " [%s|%s|%s|%s|%s|%s]", |
c5adf528 JM |
822 | uuid, MAC2STR(dev->mac_addr), dev->device_name, |
823 | dev->manufacturer, dev->model_name, | |
824 | dev->model_number, dev->serial_number, | |
96750ea5 JM |
825 | wps_dev_type_bin2str(dev->pri_dev_type, devtype, |
826 | sizeof(devtype))); | |
c5adf528 JM |
827 | if (len > 0 && len < (int) sizeof(txt)) |
828 | wpa_printf(MSG_INFO, "%s", txt); | |
829 | } | |
830 | ||
831 | ||
72df2f5f JM |
832 | static void wpas_wps_set_sel_reg_cb(void *ctx, int sel_reg, u16 dev_passwd_id, |
833 | u16 sel_reg_config_methods) | |
834 | { | |
835 | #ifdef CONFIG_WPS_ER | |
836 | struct wpa_supplicant *wpa_s = ctx; | |
837 | ||
838 | if (wpa_s->wps_er == NULL) | |
839 | return; | |
ad474118 JM |
840 | wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar - sel_reg=%d " |
841 | "dev_password_id=%u sel_reg_config_methods=0x%x", | |
842 | sel_reg, dev_passwd_id, sel_reg_config_methods); | |
72df2f5f JM |
843 | wps_er_set_sel_reg(wpa_s->wps_er, sel_reg, dev_passwd_id, |
844 | sel_reg_config_methods); | |
845 | #endif /* CONFIG_WPS_ER */ | |
846 | } | |
847 | ||
848 | ||
116654ce JM |
849 | int wpas_wps_init(struct wpa_supplicant *wpa_s) |
850 | { | |
851 | struct wps_context *wps; | |
c5adf528 | 852 | struct wps_registrar_config rcfg; |
116654ce JM |
853 | |
854 | wps = os_zalloc(sizeof(*wps)); | |
855 | if (wps == NULL) | |
856 | return -1; | |
857 | ||
858 | wps->cred_cb = wpa_supplicant_wps_cred; | |
4b68290e | 859 | wps->event_cb = wpa_supplicant_wps_event; |
116654ce JM |
860 | wps->cb_ctx = wpa_s; |
861 | ||
3c0b7aa4 JM |
862 | wps->dev.device_name = wpa_s->conf->device_name; |
863 | wps->dev.manufacturer = wpa_s->conf->manufacturer; | |
864 | wps->dev.model_name = wpa_s->conf->model_name; | |
865 | wps->dev.model_number = wpa_s->conf->model_number; | |
866 | wps->dev.serial_number = wpa_s->conf->serial_number; | |
c0e4dd9e JM |
867 | wps->config_methods = |
868 | wps_config_methods_str2bin(wpa_s->conf->config_methods); | |
979b988e JM |
869 | if ((wps->config_methods & (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) == |
870 | (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) { | |
871 | wpa_printf(MSG_ERROR, "WPS: Both Label and Display config " | |
872 | "methods are not allowed at the same time"); | |
873 | os_free(wps); | |
874 | return -1; | |
875 | } | |
96750ea5 JM |
876 | if (wpa_s->conf->device_type && |
877 | wps_dev_type_str2bin(wpa_s->conf->device_type, | |
878 | wps->dev.pri_dev_type) < 0) { | |
879 | wpa_printf(MSG_ERROR, "WPS: Invalid device_type"); | |
880 | os_free(wps); | |
881 | return -1; | |
3c0b7aa4 JM |
882 | } |
883 | wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version); | |
884 | wps->dev.rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ; /* TODO: config */ | |
398cfbf6 | 885 | os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN); |
79da74a2 JM |
886 | if (is_nil_uuid(wpa_s->conf->uuid)) { |
887 | uuid_gen_mac_addr(wpa_s->own_addr, wps->uuid); | |
888 | wpa_hexdump(MSG_DEBUG, "WPS: UUID based on MAC address", | |
889 | wps->uuid, WPS_UUID_LEN); | |
890 | } else | |
891 | os_memcpy(wps->uuid, wpa_s->conf->uuid, WPS_UUID_LEN); | |
116654ce | 892 | |
c5adf528 JM |
893 | wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK; |
894 | wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP; | |
895 | ||
896 | os_memset(&rcfg, 0, sizeof(rcfg)); | |
897 | rcfg.new_psk_cb = wpas_wps_new_psk_cb; | |
898 | rcfg.pin_needed_cb = wpas_wps_pin_needed_cb; | |
72df2f5f | 899 | rcfg.set_sel_reg_cb = wpas_wps_set_sel_reg_cb; |
c5adf528 JM |
900 | rcfg.cb_ctx = wpa_s; |
901 | ||
902 | wps->registrar = wps_registrar_init(wps, &rcfg); | |
903 | if (wps->registrar == NULL) { | |
904 | wpa_printf(MSG_DEBUG, "Failed to initialize WPS Registrar"); | |
905 | os_free(wps); | |
906 | return -1; | |
907 | } | |
908 | ||
116654ce JM |
909 | wpa_s->wps = wps; |
910 | ||
911 | return 0; | |
912 | } | |
913 | ||
914 | ||
915 | void wpas_wps_deinit(struct wpa_supplicant *wpa_s) | |
916 | { | |
fcc60db4 JM |
917 | eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL); |
918 | ||
116654ce JM |
919 | if (wpa_s->wps == NULL) |
920 | return; | |
921 | ||
a6b63078 | 922 | #ifdef CONFIG_WPS_ER |
1a1bf008 | 923 | wps_er_deinit(wpa_s->wps_er, NULL, NULL); |
a6b63078 JM |
924 | wpa_s->wps_er = NULL; |
925 | #endif /* CONFIG_WPS_ER */ | |
926 | ||
c5adf528 | 927 | wps_registrar_deinit(wpa_s->wps->registrar); |
46bdb83a MH |
928 | wpabuf_free(wpa_s->wps->dh_pubkey); |
929 | wpabuf_free(wpa_s->wps->dh_privkey); | |
930 | wpabuf_free(wpa_s->wps->oob_conf.pubkey_hash); | |
931 | wpabuf_free(wpa_s->wps->oob_conf.dev_password); | |
116654ce JM |
932 | os_free(wpa_s->wps->network_key); |
933 | os_free(wpa_s->wps); | |
934 | wpa_s->wps = NULL; | |
935 | } | |
351f09a2 JM |
936 | |
937 | ||
a6099152 JM |
938 | int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s, |
939 | struct wpa_ssid *ssid, struct wpa_scan_res *bss) | |
351f09a2 JM |
940 | { |
941 | struct wpabuf *wps_ie; | |
942 | ||
943 | if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) | |
944 | return -1; | |
945 | ||
946 | wps_ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); | |
947 | if (eap_is_wps_pbc_enrollee(&ssid->eap)) { | |
948 | if (!wps_ie) { | |
949 | wpa_printf(MSG_DEBUG, " skip - non-WPS AP"); | |
950 | return 0; | |
951 | } | |
952 | ||
953 | if (!wps_is_selected_pbc_registrar(wps_ie)) { | |
954 | wpa_printf(MSG_DEBUG, " skip - WPS AP " | |
955 | "without active PBC Registrar"); | |
956 | wpabuf_free(wps_ie); | |
957 | return 0; | |
958 | } | |
959 | ||
960 | /* TODO: overlap detection */ | |
961 | wpa_printf(MSG_DEBUG, " selected based on WPS IE " | |
962 | "(Active PBC)"); | |
963 | wpabuf_free(wps_ie); | |
964 | return 1; | |
965 | } | |
966 | ||
967 | if (eap_is_wps_pin_enrollee(&ssid->eap)) { | |
968 | if (!wps_ie) { | |
969 | wpa_printf(MSG_DEBUG, " skip - non-WPS AP"); | |
970 | return 0; | |
971 | } | |
972 | ||
a6099152 | 973 | /* |
31fcea93 JM |
974 | * Start with WPS APs that advertise our address as an |
975 | * authorized MAC (v2.0) or active PIN Registrar (v1.0) and | |
976 | * allow any WPS AP after couple of scans since some APs do not | |
977 | * set Selected Registrar attribute properly when using | |
978 | * external Registrar. | |
a6099152 | 979 | */ |
31fcea93 | 980 | if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) { |
a6099152 JM |
981 | if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG) { |
982 | wpa_printf(MSG_DEBUG, " skip - WPS AP " | |
983 | "without active PIN Registrar"); | |
984 | wpabuf_free(wps_ie); | |
985 | return 0; | |
986 | } | |
987 | wpa_printf(MSG_DEBUG, " selected based on WPS IE"); | |
988 | } else { | |
989 | wpa_printf(MSG_DEBUG, " selected based on WPS IE " | |
31fcea93 | 990 | "(Authorized MAC or Active PIN)"); |
351f09a2 | 991 | } |
351f09a2 JM |
992 | wpabuf_free(wps_ie); |
993 | return 1; | |
994 | } | |
995 | ||
996 | if (wps_ie) { | |
997 | wpa_printf(MSG_DEBUG, " selected based on WPS IE"); | |
998 | wpabuf_free(wps_ie); | |
999 | return 1; | |
1000 | } | |
1001 | ||
1002 | return -1; | |
1003 | } | |
1004 | ||
1005 | ||
a6099152 JM |
1006 | int wpas_wps_ssid_wildcard_ok(struct wpa_supplicant *wpa_s, |
1007 | struct wpa_ssid *ssid, | |
351f09a2 JM |
1008 | struct wpa_scan_res *bss) |
1009 | { | |
1010 | struct wpabuf *wps_ie = NULL; | |
1011 | int ret = 0; | |
1012 | ||
1013 | if (eap_is_wps_pbc_enrollee(&ssid->eap)) { | |
1014 | wps_ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); | |
1015 | if (wps_ie && wps_is_selected_pbc_registrar(wps_ie)) { | |
1016 | /* allow wildcard SSID for WPS PBC */ | |
1017 | ret = 1; | |
1018 | } | |
1019 | } else if (eap_is_wps_pin_enrollee(&ssid->eap)) { | |
1020 | wps_ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); | |
a6099152 | 1021 | if (wps_ie && |
31fcea93 | 1022 | (wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1) || |
a6099152 | 1023 | wpa_s->scan_runs >= WPS_PIN_SCAN_IGNORE_SEL_REG)) { |
351f09a2 JM |
1024 | /* allow wildcard SSID for WPS PIN */ |
1025 | ret = 1; | |
1026 | } | |
1027 | } | |
1028 | ||
24c23d1b JM |
1029 | if (!ret && ssid->bssid_set && |
1030 | os_memcmp(ssid->bssid, bss->bssid, ETH_ALEN) == 0) { | |
1031 | /* allow wildcard SSID due to hardcoded BSSID match */ | |
1032 | ret = 1; | |
1033 | } | |
1034 | ||
54f489be JM |
1035 | #ifdef CONFIG_WPS_STRICT |
1036 | if (wps_ie) { | |
1037 | if (wps_validate_beacon_probe_resp(wps_ie, bss->beacon_ie_len > | |
1038 | 0) < 0) | |
1039 | ret = 0; | |
1040 | if (bss->beacon_ie_len) { | |
1041 | struct wpabuf *bcn_wps; | |
1042 | bcn_wps = wpa_scan_get_vendor_ie_multi_beacon( | |
1043 | bss, WPS_IE_VENDOR_TYPE); | |
1044 | if (bcn_wps == NULL) { | |
1045 | wpa_printf(MSG_DEBUG, "WPS: Mandatory WPS IE " | |
1046 | "missing from AP Beacon"); | |
1047 | ret = 0; | |
1048 | } else { | |
1049 | if (wps_validate_beacon(wps_ie) < 0) | |
1050 | ret = 0; | |
1051 | wpabuf_free(bcn_wps); | |
1052 | } | |
1053 | } | |
1054 | } | |
1055 | #endif /* CONFIG_WPS_STRICT */ | |
1056 | ||
351f09a2 JM |
1057 | wpabuf_free(wps_ie); |
1058 | ||
1059 | return ret; | |
1060 | } | |
1061 | ||
1062 | ||
1063 | int wpas_wps_scan_pbc_overlap(struct wpa_supplicant *wpa_s, | |
6fa81a3b | 1064 | struct wpa_bss *selected, struct wpa_ssid *ssid) |
351f09a2 JM |
1065 | { |
1066 | const u8 *sel_uuid, *uuid; | |
351f09a2 JM |
1067 | struct wpabuf *wps_ie; |
1068 | int ret = 0; | |
6fa81a3b | 1069 | struct wpa_bss *bss; |
351f09a2 JM |
1070 | |
1071 | if (!eap_is_wps_pbc_enrollee(&ssid->eap)) | |
1072 | return 0; | |
1073 | ||
1074 | /* Make sure that only one AP is in active PBC mode */ | |
6fa81a3b | 1075 | wps_ie = wpa_bss_get_vendor_ie_multi(selected, WPS_IE_VENDOR_TYPE); |
351f09a2 JM |
1076 | if (wps_ie) |
1077 | sel_uuid = wps_get_uuid_e(wps_ie); | |
1078 | else | |
1079 | sel_uuid = NULL; | |
351f09a2 | 1080 | |
6fa81a3b | 1081 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { |
351f09a2 JM |
1082 | struct wpabuf *ie; |
1083 | if (bss == selected) | |
1084 | continue; | |
6fa81a3b | 1085 | ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); |
351f09a2 JM |
1086 | if (!ie) |
1087 | continue; | |
1088 | if (!wps_is_selected_pbc_registrar(ie)) { | |
1089 | wpabuf_free(ie); | |
1090 | continue; | |
1091 | } | |
1092 | uuid = wps_get_uuid_e(ie); | |
44cd430f JM |
1093 | if (sel_uuid == NULL || uuid == NULL || |
1094 | os_memcmp(sel_uuid, uuid, 16) != 0) { | |
351f09a2 JM |
1095 | ret = 1; /* PBC overlap */ |
1096 | wpabuf_free(ie); | |
1097 | break; | |
1098 | } | |
1099 | ||
1100 | /* TODO: verify that this is reasonable dual-band situation */ | |
484957ae JM |
1101 | |
1102 | wpabuf_free(ie); | |
351f09a2 JM |
1103 | } |
1104 | ||
1105 | wpabuf_free(wps_ie); | |
1106 | ||
1107 | return ret; | |
1108 | } | |
a524f05e JM |
1109 | |
1110 | ||
1111 | void wpas_wps_notify_scan_results(struct wpa_supplicant *wpa_s) | |
1112 | { | |
6fa81a3b | 1113 | struct wpa_bss *bss; |
a524f05e JM |
1114 | |
1115 | if (wpa_s->disconnected || wpa_s->wpa_state >= WPA_ASSOCIATED) | |
1116 | return; | |
1117 | ||
6fa81a3b | 1118 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { |
a524f05e | 1119 | struct wpabuf *ie; |
6fa81a3b | 1120 | ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); |
a524f05e JM |
1121 | if (!ie) |
1122 | continue; | |
1123 | if (wps_is_selected_pbc_registrar(ie)) | |
332d630a JM |
1124 | wpa_msg_ctrl(wpa_s, MSG_INFO, |
1125 | WPS_EVENT_AP_AVAILABLE_PBC); | |
31fcea93 JM |
1126 | else if (wps_is_addr_authorized(ie, wpa_s->own_addr, 0)) |
1127 | wpa_msg_ctrl(wpa_s, MSG_INFO, | |
1128 | WPS_EVENT_AP_AVAILABLE_AUTH); | |
a524f05e | 1129 | else if (wps_is_selected_pin_registrar(ie)) |
332d630a JM |
1130 | wpa_msg_ctrl(wpa_s, MSG_INFO, |
1131 | WPS_EVENT_AP_AVAILABLE_PIN); | |
a524f05e | 1132 | else |
332d630a JM |
1133 | wpa_msg_ctrl(wpa_s, MSG_INFO, |
1134 | WPS_EVENT_AP_AVAILABLE); | |
a524f05e JM |
1135 | wpabuf_free(ie); |
1136 | break; | |
1137 | } | |
1138 | } | |
24c23d1b JM |
1139 | |
1140 | ||
1141 | int wpas_wps_searching(struct wpa_supplicant *wpa_s) | |
1142 | { | |
1143 | struct wpa_ssid *ssid; | |
1144 | ||
1145 | for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { | |
1146 | if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && !ssid->disabled) | |
1147 | return 1; | |
1148 | } | |
1149 | ||
1150 | return 0; | |
1151 | } | |
611ed491 JM |
1152 | |
1153 | ||
1154 | int wpas_wps_scan_result_text(const u8 *ies, size_t ies_len, char *buf, | |
1155 | char *end) | |
1156 | { | |
1157 | struct wpabuf *wps_ie; | |
1158 | int ret; | |
1159 | ||
1160 | wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, WPS_DEV_OUI_WFA); | |
1161 | if (wps_ie == NULL) | |
1162 | return 0; | |
1163 | ||
1164 | ret = wps_attr_text(wps_ie, buf, end); | |
1165 | wpabuf_free(wps_ie); | |
1166 | return ret; | |
1167 | } | |
e9bcfebf JM |
1168 | |
1169 | ||
08486685 | 1170 | int wpas_wps_er_start(struct wpa_supplicant *wpa_s, const char *filter) |
e9bcfebf JM |
1171 | { |
1172 | #ifdef CONFIG_WPS_ER | |
1173 | if (wpa_s->wps_er) { | |
b3f371ca | 1174 | wps_er_refresh(wpa_s->wps_er); |
e9bcfebf JM |
1175 | return 0; |
1176 | } | |
08486685 | 1177 | wpa_s->wps_er = wps_er_init(wpa_s->wps, wpa_s->ifname, filter); |
e9bcfebf JM |
1178 | if (wpa_s->wps_er == NULL) |
1179 | return -1; | |
1180 | return 0; | |
1181 | #else /* CONFIG_WPS_ER */ | |
1182 | return 0; | |
1183 | #endif /* CONFIG_WPS_ER */ | |
1184 | } | |
1185 | ||
1186 | ||
1187 | int wpas_wps_er_stop(struct wpa_supplicant *wpa_s) | |
1188 | { | |
1189 | #ifdef CONFIG_WPS_ER | |
1a1bf008 | 1190 | wps_er_deinit(wpa_s->wps_er, NULL, NULL); |
e9bcfebf JM |
1191 | wpa_s->wps_er = NULL; |
1192 | #endif /* CONFIG_WPS_ER */ | |
1193 | return 0; | |
1194 | } | |
72df2f5f JM |
1195 | |
1196 | ||
1197 | #ifdef CONFIG_WPS_ER | |
31fcea93 JM |
1198 | int wpas_wps_er_add_pin(struct wpa_supplicant *wpa_s, const u8 *addr, |
1199 | const char *uuid, const char *pin) | |
72df2f5f JM |
1200 | { |
1201 | u8 u[UUID_LEN]; | |
1202 | int any = 0; | |
1203 | ||
1204 | if (os_strcmp(uuid, "any") == 0) | |
1205 | any = 1; | |
1206 | else if (uuid_str2bin(uuid, u)) | |
1207 | return -1; | |
31fcea93 JM |
1208 | return wps_registrar_add_pin(wpa_s->wps->registrar, addr, |
1209 | any ? NULL : u, | |
72df2f5f JM |
1210 | (const u8 *) pin, os_strlen(pin), 300); |
1211 | } | |
564cd7fa JM |
1212 | |
1213 | ||
1214 | int wpas_wps_er_pbc(struct wpa_supplicant *wpa_s, const char *uuid) | |
1215 | { | |
1216 | u8 u[UUID_LEN]; | |
1217 | ||
1218 | if (uuid_str2bin(uuid, u)) | |
1219 | return -1; | |
1220 | return wps_er_pbc(wpa_s->wps_er, u); | |
1221 | } | |
e64dcfd5 JM |
1222 | |
1223 | ||
1224 | int wpas_wps_er_learn(struct wpa_supplicant *wpa_s, const char *uuid, | |
1225 | const char *pin) | |
1226 | { | |
1227 | u8 u[UUID_LEN]; | |
1228 | ||
1229 | if (uuid_str2bin(uuid, u)) | |
1230 | return -1; | |
1231 | return wps_er_learn(wpa_s->wps_er, u, (const u8 *) pin, | |
1232 | os_strlen(pin)); | |
1233 | } | |
1a1bf008 JM |
1234 | |
1235 | ||
7d6640a6 JM |
1236 | int wpas_wps_er_config(struct wpa_supplicant *wpa_s, const char *uuid, |
1237 | const char *pin, struct wps_new_ap_settings *settings) | |
1238 | { | |
1239 | u8 u[UUID_LEN]; | |
1240 | struct wps_credential cred; | |
1241 | size_t len; | |
1242 | ||
1243 | if (uuid_str2bin(uuid, u)) | |
1244 | return -1; | |
1245 | if (settings->ssid_hex == NULL || settings->auth == NULL || | |
1246 | settings->encr == NULL || settings->key_hex == NULL) | |
1247 | return -1; | |
1248 | ||
1249 | os_memset(&cred, 0, sizeof(cred)); | |
1250 | len = os_strlen(settings->ssid_hex); | |
1251 | if ((len & 1) || len > 2 * sizeof(cred.ssid) || | |
1252 | hexstr2bin(settings->ssid_hex, cred.ssid, len / 2)) | |
1253 | return -1; | |
1254 | cred.ssid_len = len / 2; | |
1255 | ||
1256 | len = os_strlen(settings->key_hex); | |
1257 | if ((len & 1) || len > 2 * sizeof(cred.key) || | |
1258 | hexstr2bin(settings->key_hex, cred.key, len / 2)) | |
1259 | return -1; | |
1260 | cred.key_len = len / 2; | |
1261 | ||
1262 | if (os_strcmp(settings->auth, "OPEN") == 0) | |
1263 | cred.auth_type = WPS_AUTH_OPEN; | |
1264 | else if (os_strcmp(settings->auth, "WPAPSK") == 0) | |
1265 | cred.auth_type = WPS_AUTH_WPAPSK; | |
1266 | else if (os_strcmp(settings->auth, "WPA2PSK") == 0) | |
1267 | cred.auth_type = WPS_AUTH_WPA2PSK; | |
1268 | else | |
1269 | return -1; | |
1270 | ||
1271 | if (os_strcmp(settings->encr, "NONE") == 0) | |
1272 | cred.encr_type = WPS_ENCR_NONE; | |
1273 | else if (os_strcmp(settings->encr, "WEP") == 0) | |
1274 | cred.encr_type = WPS_ENCR_WEP; | |
1275 | else if (os_strcmp(settings->encr, "TKIP") == 0) | |
1276 | cred.encr_type = WPS_ENCR_TKIP; | |
1277 | else if (os_strcmp(settings->encr, "CCMP") == 0) | |
1278 | cred.encr_type = WPS_ENCR_AES; | |
1279 | else | |
1280 | return -1; | |
1281 | ||
1282 | return wps_er_config(wpa_s->wps_er, u, (const u8 *) pin, | |
1283 | os_strlen(pin), &cred); | |
1284 | } | |
1285 | ||
1286 | ||
1a1bf008 JM |
1287 | static void wpas_wps_terminate_cb(void *ctx) |
1288 | { | |
1289 | wpa_printf(MSG_DEBUG, "WPS ER: Terminated"); | |
1290 | eloop_terminate(); | |
1291 | } | |
1292 | #endif /* CONFIG_WPS_ER */ | |
1293 | ||
1294 | ||
1295 | int wpas_wps_terminate_pending(struct wpa_supplicant *wpa_s) | |
1296 | { | |
1297 | #ifdef CONFIG_WPS_ER | |
1298 | if (wpa_s->wps_er) { | |
1299 | wps_er_deinit(wpa_s->wps_er, wpas_wps_terminate_cb, wpa_s); | |
1300 | wpa_s->wps_er = NULL; | |
1301 | return 1; | |
1302 | } | |
72df2f5f | 1303 | #endif /* CONFIG_WPS_ER */ |
1a1bf008 JM |
1304 | return 0; |
1305 | } | |
41e650ae JM |
1306 | |
1307 | ||
1308 | int wpas_wps_in_progress(struct wpa_supplicant *wpa_s) | |
1309 | { | |
1310 | struct wpa_ssid *ssid; | |
1311 | ||
1312 | for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { | |
1313 | if (!ssid->disabled && ssid->key_mgmt == WPA_KEY_MGMT_WPS) | |
1314 | return 1; | |
1315 | } | |
1316 | ||
1317 | return 0; | |
1318 | } |