]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/wps/wps_registrar.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
WPS: Share common function for building WSC ACK/NACK
[thirdparty/hostap.git] / src / wps / wps_registrar.c
1 /*
2 * Wi-Fi Protected Setup - Registrar
3 * Copyright (c) 2008-2009, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "utils/includes.h"
16
17 #include "utils/common.h"
18 #include "utils/base64.h"
19 #include "utils/eloop.h"
20 #include "utils/uuid.h"
21 #include "utils/list.h"
22 #include "crypto/crypto.h"
23 #include "crypto/sha256.h"
24 #include "common/ieee802_11_defs.h"
25 #include "wps_i.h"
26 #include "wps_dev_attr.h"
27 #include "wps_upnp.h"
28 #include "wps_upnp_i.h"
29
30 #ifndef CONFIG_WPS_STRICT
31 #define WPS_WORKAROUNDS
32 #endif /* CONFIG_WPS_STRICT */
33
34 struct wps_uuid_pin {
35 struct dl_list list;
36 u8 uuid[WPS_UUID_LEN];
37 int wildcard_uuid;
38 u8 *pin;
39 size_t pin_len;
40 #define PIN_LOCKED BIT(0)
41 #define PIN_EXPIRES BIT(1)
42 int flags;
43 struct os_time expiration;
44 u8 enrollee_addr[ETH_ALEN];
45 };
46
47
48 static void wps_free_pin(struct wps_uuid_pin *pin)
49 {
50 os_free(pin->pin);
51 os_free(pin);
52 }
53
54
55 static void wps_remove_pin(struct wps_uuid_pin *pin)
56 {
57 dl_list_del(&pin->list);
58 wps_free_pin(pin);
59 }
60
61
62 static void wps_free_pins(struct dl_list *pins)
63 {
64 struct wps_uuid_pin *pin, *prev;
65 dl_list_for_each_safe(pin, prev, pins, struct wps_uuid_pin, list)
66 wps_remove_pin(pin);
67 }
68
69
70 struct wps_pbc_session {
71 struct wps_pbc_session *next;
72 u8 addr[ETH_ALEN];
73 u8 uuid_e[WPS_UUID_LEN];
74 struct os_time timestamp;
75 };
76
77
78 static void wps_free_pbc_sessions(struct wps_pbc_session *pbc)
79 {
80 struct wps_pbc_session *prev;
81
82 while (pbc) {
83 prev = pbc;
84 pbc = pbc->next;
85 os_free(prev);
86 }
87 }
88
89
90 struct wps_registrar_device {
91 struct wps_registrar_device *next;
92 struct wps_device_data dev;
93 u8 uuid[WPS_UUID_LEN];
94 };
95
96
97 struct wps_registrar {
98 struct wps_context *wps;
99
100 int pbc;
101 int selected_registrar;
102
103 int (*new_psk_cb)(void *ctx, const u8 *mac_addr, const u8 *psk,
104 size_t psk_len);
105 int (*set_ie_cb)(void *ctx, struct wpabuf *beacon_ie,
106 struct wpabuf *probe_resp_ie);
107 void (*pin_needed_cb)(void *ctx, const u8 *uuid_e,
108 const struct wps_device_data *dev);
109 void (*reg_success_cb)(void *ctx, const u8 *mac_addr,
110 const u8 *uuid_e);
111 void (*set_sel_reg_cb)(void *ctx, int sel_reg, u16 dev_passwd_id,
112 u16 sel_reg_config_methods);
113 void (*enrollee_seen_cb)(void *ctx, const u8 *addr, const u8 *uuid_e,
114 const u8 *pri_dev_type, u16 config_methods,
115 u16 dev_password_id, u8 request_type,
116 const char *dev_name);
117 void *cb_ctx;
118
119 struct dl_list pins;
120 struct wps_pbc_session *pbc_sessions;
121
122 int skip_cred_build;
123 struct wpabuf *extra_cred;
124 int disable_auto_conf;
125 int sel_reg_union;
126 int sel_reg_dev_password_id_override;
127 int sel_reg_config_methods_override;
128 int static_wep_only;
129 int dualband;
130
131 struct wps_registrar_device *devices;
132
133 int force_pbc_overlap;
134
135 u8 authorized_macs[WPS_MAX_AUTHORIZED_MACS][ETH_ALEN];
136 u8 authorized_macs_union[WPS_MAX_AUTHORIZED_MACS][ETH_ALEN];
137 };
138
139
140 static int wps_set_ie(struct wps_registrar *reg);
141 static void wps_registrar_pbc_timeout(void *eloop_ctx, void *timeout_ctx);
142 static void wps_registrar_set_selected_timeout(void *eloop_ctx,
143 void *timeout_ctx);
144
145
146 static void wps_registrar_add_authorized_mac(struct wps_registrar *reg,
147 const u8 *addr)
148 {
149 int i;
150 wpa_printf(MSG_DEBUG, "WPS: Add authorized MAC " MACSTR,
151 MAC2STR(addr));
152 for (i = 0; i < WPS_MAX_AUTHORIZED_MACS; i++)
153 if (os_memcmp(reg->authorized_macs[i], addr, ETH_ALEN) == 0) {
154 wpa_printf(MSG_DEBUG, "WPS: Authorized MAC was "
155 "already in the list");
156 return; /* already in list */
157 }
158 for (i = WPS_MAX_AUTHORIZED_MACS - 1; i > 0; i--)
159 os_memcpy(reg->authorized_macs[i], reg->authorized_macs[i - 1],
160 ETH_ALEN);
161 os_memcpy(reg->authorized_macs[0], addr, ETH_ALEN);
162 wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs",
163 (u8 *) reg->authorized_macs, sizeof(reg->authorized_macs));
164 }
165
166
167 static void wps_registrar_remove_authorized_mac(struct wps_registrar *reg,
168 const u8 *addr)
169 {
170 int i;
171 wpa_printf(MSG_DEBUG, "WPS: Remove authorized MAC " MACSTR,
172 MAC2STR(addr));
173 for (i = 0; i < WPS_MAX_AUTHORIZED_MACS; i++) {
174 if (os_memcmp(reg->authorized_macs, addr, ETH_ALEN) == 0)
175 break;
176 }
177 if (i == WPS_MAX_AUTHORIZED_MACS) {
178 wpa_printf(MSG_DEBUG, "WPS: Authorized MAC was not in the "
179 "list");
180 return; /* not in the list */
181 }
182 for (; i + 1 < WPS_MAX_AUTHORIZED_MACS; i++)
183 os_memcpy(reg->authorized_macs[i], reg->authorized_macs[i + 1],
184 ETH_ALEN);
185 os_memset(reg->authorized_macs[WPS_MAX_AUTHORIZED_MACS - 1], 0,
186 ETH_ALEN);
187 wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs",
188 (u8 *) reg->authorized_macs, sizeof(reg->authorized_macs));
189 }
190
191
192 static void wps_free_devices(struct wps_registrar_device *dev)
193 {
194 struct wps_registrar_device *prev;
195
196 while (dev) {
197 prev = dev;
198 dev = dev->next;
199 wps_device_data_free(&prev->dev);
200 os_free(prev);
201 }
202 }
203
204
205 static struct wps_registrar_device * wps_device_get(struct wps_registrar *reg,
206 const u8 *addr)
207 {
208 struct wps_registrar_device *dev;
209
210 for (dev = reg->devices; dev; dev = dev->next) {
211 if (os_memcmp(dev->dev.mac_addr, addr, ETH_ALEN) == 0)
212 return dev;
213 }
214 return NULL;
215 }
216
217
218 static void wps_device_clone_data(struct wps_device_data *dst,
219 struct wps_device_data *src)
220 {
221 os_memcpy(dst->mac_addr, src->mac_addr, ETH_ALEN);
222 os_memcpy(dst->pri_dev_type, src->pri_dev_type, WPS_DEV_TYPE_LEN);
223
224 #define WPS_STRDUP(n) \
225 os_free(dst->n); \
226 dst->n = src->n ? os_strdup(src->n) : NULL
227
228 WPS_STRDUP(device_name);
229 WPS_STRDUP(manufacturer);
230 WPS_STRDUP(model_name);
231 WPS_STRDUP(model_number);
232 WPS_STRDUP(serial_number);
233 #undef WPS_STRDUP
234 }
235
236
237 int wps_device_store(struct wps_registrar *reg,
238 struct wps_device_data *dev, const u8 *uuid)
239 {
240 struct wps_registrar_device *d;
241
242 d = wps_device_get(reg, dev->mac_addr);
243 if (d == NULL) {
244 d = os_zalloc(sizeof(*d));
245 if (d == NULL)
246 return -1;
247 d->next = reg->devices;
248 reg->devices = d;
249 }
250
251 wps_device_clone_data(&d->dev, dev);
252 os_memcpy(d->uuid, uuid, WPS_UUID_LEN);
253
254 return 0;
255 }
256
257
258 static void wps_registrar_add_pbc_session(struct wps_registrar *reg,
259 const u8 *addr, const u8 *uuid_e)
260 {
261 struct wps_pbc_session *pbc, *prev = NULL;
262 struct os_time now;
263
264 os_get_time(&now);
265
266 pbc = reg->pbc_sessions;
267 while (pbc) {
268 if (os_memcmp(pbc->addr, addr, ETH_ALEN) == 0 &&
269 os_memcmp(pbc->uuid_e, uuid_e, WPS_UUID_LEN) == 0) {
270 if (prev)
271 prev->next = pbc->next;
272 else
273 reg->pbc_sessions = pbc->next;
274 break;
275 }
276 prev = pbc;
277 pbc = pbc->next;
278 }
279
280 if (!pbc) {
281 pbc = os_zalloc(sizeof(*pbc));
282 if (pbc == NULL)
283 return;
284 os_memcpy(pbc->addr, addr, ETH_ALEN);
285 if (uuid_e)
286 os_memcpy(pbc->uuid_e, uuid_e, WPS_UUID_LEN);
287 }
288
289 pbc->next = reg->pbc_sessions;
290 reg->pbc_sessions = pbc;
291 pbc->timestamp = now;
292
293 /* remove entries that have timed out */
294 prev = pbc;
295 pbc = pbc->next;
296
297 while (pbc) {
298 if (now.sec > pbc->timestamp.sec + WPS_PBC_WALK_TIME) {
299 prev->next = NULL;
300 wps_free_pbc_sessions(pbc);
301 break;
302 }
303 prev = pbc;
304 pbc = pbc->next;
305 }
306 }
307
308
309 static void wps_registrar_remove_pbc_session(struct wps_registrar *reg,
310 const u8 *addr, const u8 *uuid_e)
311 {
312 struct wps_pbc_session *pbc, *prev = NULL;
313
314 pbc = reg->pbc_sessions;
315 while (pbc) {
316 if (os_memcmp(pbc->addr, addr, ETH_ALEN) == 0 &&
317 os_memcmp(pbc->uuid_e, uuid_e, WPS_UUID_LEN) == 0) {
318 if (prev)
319 prev->next = pbc->next;
320 else
321 reg->pbc_sessions = pbc->next;
322 os_free(pbc);
323 break;
324 }
325 prev = pbc;
326 pbc = pbc->next;
327 }
328 }
329
330
331 int wps_registrar_pbc_overlap(struct wps_registrar *reg,
332 const u8 *addr, const u8 *uuid_e)
333 {
334 int count = 0;
335 struct wps_pbc_session *pbc;
336 struct os_time now;
337
338 os_get_time(&now);
339
340 for (pbc = reg->pbc_sessions; pbc; pbc = pbc->next) {
341 if (now.sec > pbc->timestamp.sec + WPS_PBC_WALK_TIME)
342 break;
343 if (addr == NULL || os_memcmp(addr, pbc->addr, ETH_ALEN) ||
344 uuid_e == NULL ||
345 os_memcmp(uuid_e, pbc->uuid_e, WPS_UUID_LEN))
346 count++;
347 }
348
349 if (addr || uuid_e)
350 count++;
351
352 return count > 1 ? 1 : 0;
353 }
354
355
356 static int wps_build_wps_state(struct wps_context *wps, struct wpabuf *msg)
357 {
358 wpa_printf(MSG_DEBUG, "WPS: * Wi-Fi Protected Setup State (%d)",
359 wps->wps_state);
360 wpabuf_put_be16(msg, ATTR_WPS_STATE);
361 wpabuf_put_be16(msg, 1);
362 wpabuf_put_u8(msg, wps->wps_state);
363 return 0;
364 }
365
366
367 #ifdef CONFIG_WPS_UPNP
368 static void wps_registrar_free_pending_m2(struct wps_context *wps)
369 {
370 struct upnp_pending_message *p, *p2, *prev = NULL;
371 p = wps->upnp_msgs;
372 while (p) {
373 if (p->type == WPS_M2 || p->type == WPS_M2D) {
374 if (prev == NULL)
375 wps->upnp_msgs = p->next;
376 else
377 prev->next = p->next;
378 wpa_printf(MSG_DEBUG, "WPS UPnP: Drop pending M2/M2D");
379 p2 = p;
380 p = p->next;
381 wpabuf_free(p2->msg);
382 os_free(p2);
383 continue;
384 }
385 prev = p;
386 p = p->next;
387 }
388 }
389 #endif /* CONFIG_WPS_UPNP */
390
391
392 static int wps_build_ap_setup_locked(struct wps_context *wps,
393 struct wpabuf *msg)
394 {
395 if (wps->ap_setup_locked) {
396 wpa_printf(MSG_DEBUG, "WPS: * AP Setup Locked");
397 wpabuf_put_be16(msg, ATTR_AP_SETUP_LOCKED);
398 wpabuf_put_be16(msg, 1);
399 wpabuf_put_u8(msg, 1);
400 }
401 return 0;
402 }
403
404
405 static int wps_build_selected_registrar(struct wps_registrar *reg,
406 struct wpabuf *msg)
407 {
408 if (!reg->sel_reg_union)
409 return 0;
410 wpa_printf(MSG_DEBUG, "WPS: * Selected Registrar");
411 wpabuf_put_be16(msg, ATTR_SELECTED_REGISTRAR);
412 wpabuf_put_be16(msg, 1);
413 wpabuf_put_u8(msg, 1);
414 return 0;
415 }
416
417
418 static int wps_build_sel_reg_dev_password_id(struct wps_registrar *reg,
419 struct wpabuf *msg)
420 {
421 u16 id = reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT;
422 if (!reg->sel_reg_union)
423 return 0;
424 if (reg->sel_reg_dev_password_id_override >= 0)
425 id = reg->sel_reg_dev_password_id_override;
426 wpa_printf(MSG_DEBUG, "WPS: * Device Password ID (%d)", id);
427 wpabuf_put_be16(msg, ATTR_DEV_PASSWORD_ID);
428 wpabuf_put_be16(msg, 2);
429 wpabuf_put_be16(msg, id);
430 return 0;
431 }
432
433
434 static int wps_build_sel_pbc_reg_uuid_e(struct wps_registrar *reg,
435 struct wpabuf *msg)
436 {
437 u16 id = reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT;
438 if (!reg->sel_reg_union)
439 return 0;
440 if (reg->sel_reg_dev_password_id_override >= 0)
441 id = reg->sel_reg_dev_password_id_override;
442 if (id != DEV_PW_PUSHBUTTON || !reg->dualband)
443 return 0;
444 return wps_build_uuid_e(msg, reg->wps->uuid);
445 }
446
447
448 static void wps_set_pushbutton(u16 *methods, u16 conf_methods)
449 {
450 *methods |= WPS_CONFIG_PUSHBUTTON;
451 #ifdef CONFIG_WPS2
452 if (conf_methods & WPS_CONFIG_VIRT_PUSHBUTTON)
453 *methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
454 if (conf_methods & WPS_CONFIG_PHY_PUSHBUTTON)
455 *methods |= WPS_CONFIG_PHY_PUSHBUTTON;
456 if ((*methods & WPS_CONFIG_VIRT_PUSHBUTTON) !=
457 WPS_CONFIG_VIRT_PUSHBUTTON ||
458 (*methods & WPS_CONFIG_PHY_PUSHBUTTON) !=
459 WPS_CONFIG_PHY_PUSHBUTTON) {
460 /*
461 * Required to include virtual/physical flag, but we were not
462 * configured with push button type, so have to default to one
463 * of them.
464 */
465 *methods |= WPS_CONFIG_PHY_PUSHBUTTON;
466 }
467 #endif /* CONFIG_WPS2 */
468 }
469
470
471 static int wps_build_sel_reg_config_methods(struct wps_registrar *reg,
472 struct wpabuf *msg)
473 {
474 u16 methods;
475 if (!reg->sel_reg_union)
476 return 0;
477 methods = reg->wps->config_methods;
478 methods &= ~WPS_CONFIG_PUSHBUTTON;
479 #ifdef CONFIG_WPS2
480 methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
481 WPS_CONFIG_PHY_PUSHBUTTON);
482 #endif /* CONFIG_WPS2 */
483 if (reg->pbc)
484 wps_set_pushbutton(&methods, reg->wps->config_methods);
485 if (reg->sel_reg_config_methods_override >= 0)
486 methods = reg->sel_reg_config_methods_override;
487 wpa_printf(MSG_DEBUG, "WPS: * Selected Registrar Config Methods (%x)",
488 methods);
489 wpabuf_put_be16(msg, ATTR_SELECTED_REGISTRAR_CONFIG_METHODS);
490 wpabuf_put_be16(msg, 2);
491 wpabuf_put_be16(msg, methods);
492 return 0;
493 }
494
495
496 static int wps_build_probe_config_methods(struct wps_registrar *reg,
497 struct wpabuf *msg)
498 {
499 u16 methods;
500 /*
501 * These are the methods that the AP supports as an Enrollee for adding
502 * external Registrars.
503 */
504 methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
505 #ifdef CONFIG_WPS2
506 methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
507 WPS_CONFIG_PHY_PUSHBUTTON);
508 #endif /* CONFIG_WPS2 */
509 wpa_printf(MSG_DEBUG, "WPS: * Config Methods (%x)", methods);
510 wpabuf_put_be16(msg, ATTR_CONFIG_METHODS);
511 wpabuf_put_be16(msg, 2);
512 wpabuf_put_be16(msg, methods);
513 return 0;
514 }
515
516
517 static int wps_build_config_methods_r(struct wps_registrar *reg,
518 struct wpabuf *msg)
519 {
520 u16 methods;
521 methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
522 #ifdef CONFIG_WPS2
523 methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
524 WPS_CONFIG_PHY_PUSHBUTTON);
525 #endif /* CONFIG_WPS2 */
526 if (reg->pbc)
527 wps_set_pushbutton(&methods, reg->wps->config_methods);
528 return wps_build_config_methods(msg, methods);
529 }
530
531
532 const u8 * wps_authorized_macs(struct wps_registrar *reg, size_t *count)
533 {
534 *count = 0;
535
536 #ifdef CONFIG_WPS2
537 while (*count < WPS_MAX_AUTHORIZED_MACS) {
538 if (is_zero_ether_addr(reg->authorized_macs_union[*count]))
539 break;
540 (*count)++;
541 }
542 #endif /* CONFIG_WPS2 */
543
544 return (const u8 *) reg->authorized_macs_union;
545 }
546
547
548 /**
549 * wps_registrar_init - Initialize WPS Registrar data
550 * @wps: Pointer to longterm WPS context
551 * @cfg: Registrar configuration
552 * Returns: Pointer to allocated Registrar data or %NULL on failure
553 *
554 * This function is used to initialize WPS Registrar functionality. It can be
555 * used for a single Registrar run (e.g., when run in a supplicant) or multiple
556 * runs (e.g., when run as an internal Registrar in an AP). Caller is
557 * responsible for freeing the returned data with wps_registrar_deinit() when
558 * Registrar functionality is not needed anymore.
559 */
560 struct wps_registrar *
561 wps_registrar_init(struct wps_context *wps,
562 const struct wps_registrar_config *cfg)
563 {
564 struct wps_registrar *reg = os_zalloc(sizeof(*reg));
565 if (reg == NULL)
566 return NULL;
567
568 dl_list_init(&reg->pins);
569 reg->wps = wps;
570 reg->new_psk_cb = cfg->new_psk_cb;
571 reg->set_ie_cb = cfg->set_ie_cb;
572 reg->pin_needed_cb = cfg->pin_needed_cb;
573 reg->reg_success_cb = cfg->reg_success_cb;
574 reg->set_sel_reg_cb = cfg->set_sel_reg_cb;
575 reg->enrollee_seen_cb = cfg->enrollee_seen_cb;
576 reg->cb_ctx = cfg->cb_ctx;
577 reg->skip_cred_build = cfg->skip_cred_build;
578 if (cfg->extra_cred) {
579 reg->extra_cred = wpabuf_alloc_copy(cfg->extra_cred,
580 cfg->extra_cred_len);
581 if (reg->extra_cred == NULL) {
582 os_free(reg);
583 return NULL;
584 }
585 }
586 reg->disable_auto_conf = cfg->disable_auto_conf;
587 reg->sel_reg_dev_password_id_override = -1;
588 reg->sel_reg_config_methods_override = -1;
589 reg->static_wep_only = cfg->static_wep_only;
590 reg->dualband = cfg->dualband;
591
592 if (wps_set_ie(reg)) {
593 wps_registrar_deinit(reg);
594 return NULL;
595 }
596
597 return reg;
598 }
599
600
601 /**
602 * wps_registrar_deinit - Deinitialize WPS Registrar data
603 * @reg: Registrar data from wps_registrar_init()
604 */
605 void wps_registrar_deinit(struct wps_registrar *reg)
606 {
607 if (reg == NULL)
608 return;
609 eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
610 eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
611 wps_free_pins(&reg->pins);
612 wps_free_pbc_sessions(reg->pbc_sessions);
613 wpabuf_free(reg->extra_cred);
614 wps_free_devices(reg->devices);
615 os_free(reg);
616 }
617
618
619 /**
620 * wps_registrar_add_pin - Configure a new PIN for Registrar
621 * @reg: Registrar data from wps_registrar_init()
622 * @addr: Enrollee MAC address or %NULL if not known
623 * @uuid: UUID-E or %NULL for wildcard (any UUID)
624 * @pin: PIN (Device Password)
625 * @pin_len: Length of pin in octets
626 * @timeout: Time (in seconds) when the PIN will be invalidated; 0 = no timeout
627 * Returns: 0 on success, -1 on failure
628 */
629 int wps_registrar_add_pin(struct wps_registrar *reg, const u8 *addr,
630 const u8 *uuid, const u8 *pin, size_t pin_len,
631 int timeout)
632 {
633 struct wps_uuid_pin *p;
634
635 p = os_zalloc(sizeof(*p));
636 if (p == NULL)
637 return -1;
638 if (addr)
639 os_memcpy(p->enrollee_addr, addr, ETH_ALEN);
640 if (uuid == NULL)
641 p->wildcard_uuid = 1;
642 else
643 os_memcpy(p->uuid, uuid, WPS_UUID_LEN);
644 p->pin = os_malloc(pin_len);
645 if (p->pin == NULL) {
646 os_free(p);
647 return -1;
648 }
649 os_memcpy(p->pin, pin, pin_len);
650 p->pin_len = pin_len;
651
652 if (timeout) {
653 p->flags |= PIN_EXPIRES;
654 os_get_time(&p->expiration);
655 p->expiration.sec += timeout;
656 }
657
658 dl_list_add(&reg->pins, &p->list);
659
660 wpa_printf(MSG_DEBUG, "WPS: A new PIN configured (timeout=%d)",
661 timeout);
662 wpa_hexdump(MSG_DEBUG, "WPS: UUID", uuid, WPS_UUID_LEN);
663 wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: PIN", pin, pin_len);
664 reg->selected_registrar = 1;
665 reg->pbc = 0;
666 if (addr)
667 wps_registrar_add_authorized_mac(reg, addr);
668 else
669 wps_registrar_add_authorized_mac(
670 reg, (u8 *) "\xff\xff\xff\xff\xff\xff");
671 wps_registrar_selected_registrar_changed(reg);
672 eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
673 eloop_register_timeout(WPS_PBC_WALK_TIME, 0,
674 wps_registrar_set_selected_timeout,
675 reg, NULL);
676
677 return 0;
678 }
679
680
681 static void wps_registrar_remove_pin(struct wps_registrar *reg,
682 struct wps_uuid_pin *pin)
683 {
684 u8 *addr;
685 u8 bcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
686
687 if (is_zero_ether_addr(pin->enrollee_addr))
688 addr = bcast;
689 else
690 addr = pin->enrollee_addr;
691 wps_registrar_remove_authorized_mac(reg, addr);
692 wps_remove_pin(pin);
693 wps_registrar_selected_registrar_changed(reg);
694 }
695
696
697 static void wps_registrar_expire_pins(struct wps_registrar *reg)
698 {
699 struct wps_uuid_pin *pin, *prev;
700 struct os_time now;
701
702 os_get_time(&now);
703 dl_list_for_each_safe(pin, prev, &reg->pins, struct wps_uuid_pin, list)
704 {
705 if ((pin->flags & PIN_EXPIRES) &&
706 os_time_before(&pin->expiration, &now)) {
707 wpa_hexdump(MSG_DEBUG, "WPS: Expired PIN for UUID",
708 pin->uuid, WPS_UUID_LEN);
709 wps_registrar_remove_pin(reg, pin);
710 }
711 }
712 }
713
714
715 /**
716 * wps_registrar_invalidate_wildcard_pin - Invalidate a wildcard PIN
717 * @reg: Registrar data from wps_registrar_init()
718 * Returns: 0 on success, -1 if not wildcard PIN is enabled
719 */
720 static int wps_registrar_invalidate_wildcard_pin(struct wps_registrar *reg)
721 {
722 struct wps_uuid_pin *pin, *prev;
723
724 dl_list_for_each_safe(pin, prev, &reg->pins, struct wps_uuid_pin, list)
725 {
726 if (pin->wildcard_uuid) {
727 wpa_hexdump(MSG_DEBUG, "WPS: Invalidated PIN for UUID",
728 pin->uuid, WPS_UUID_LEN);
729 wps_registrar_remove_pin(reg, pin);
730 return 0;
731 }
732 }
733
734 return -1;
735 }
736
737
738 /**
739 * wps_registrar_invalidate_pin - Invalidate a PIN for a specific UUID-E
740 * @reg: Registrar data from wps_registrar_init()
741 * @uuid: UUID-E
742 * Returns: 0 on success, -1 on failure (e.g., PIN not found)
743 */
744 int wps_registrar_invalidate_pin(struct wps_registrar *reg, const u8 *uuid)
745 {
746 struct wps_uuid_pin *pin, *prev;
747
748 dl_list_for_each_safe(pin, prev, &reg->pins, struct wps_uuid_pin, list)
749 {
750 if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
751 wpa_hexdump(MSG_DEBUG, "WPS: Invalidated PIN for UUID",
752 pin->uuid, WPS_UUID_LEN);
753 wps_registrar_remove_pin(reg, pin);
754 return 0;
755 }
756 }
757
758 return -1;
759 }
760
761
762 static const u8 * wps_registrar_get_pin(struct wps_registrar *reg,
763 const u8 *uuid, size_t *pin_len)
764 {
765 struct wps_uuid_pin *pin, *found = NULL;
766
767 wps_registrar_expire_pins(reg);
768
769 dl_list_for_each(pin, &reg->pins, struct wps_uuid_pin, list) {
770 if (!pin->wildcard_uuid &&
771 os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
772 found = pin;
773 break;
774 }
775 }
776
777 if (!found) {
778 /* Check for wildcard UUIDs since none of the UUID-specific
779 * PINs matched */
780 dl_list_for_each(pin, &reg->pins, struct wps_uuid_pin, list) {
781 if (pin->wildcard_uuid == 1) {
782 wpa_printf(MSG_DEBUG, "WPS: Found a wildcard "
783 "PIN. Assigned it for this UUID-E");
784 pin->wildcard_uuid = 2;
785 os_memcpy(pin->uuid, uuid, WPS_UUID_LEN);
786 found = pin;
787 break;
788 }
789 }
790 }
791
792 if (!found)
793 return NULL;
794
795 /*
796 * Lock the PIN to avoid attacks based on concurrent re-use of the PIN
797 * that could otherwise avoid PIN invalidations.
798 */
799 if (found->flags & PIN_LOCKED) {
800 wpa_printf(MSG_DEBUG, "WPS: Selected PIN locked - do not "
801 "allow concurrent re-use");
802 return NULL;
803 }
804 *pin_len = found->pin_len;
805 found->flags |= PIN_LOCKED;
806 return found->pin;
807 }
808
809
810 /**
811 * wps_registrar_unlock_pin - Unlock a PIN for a specific UUID-E
812 * @reg: Registrar data from wps_registrar_init()
813 * @uuid: UUID-E
814 * Returns: 0 on success, -1 on failure
815 *
816 * PINs are locked to enforce only one concurrent use. This function unlocks a
817 * PIN to allow it to be used again. If the specified PIN was configured using
818 * a wildcard UUID, it will be removed instead of allowing multiple uses.
819 */
820 int wps_registrar_unlock_pin(struct wps_registrar *reg, const u8 *uuid)
821 {
822 struct wps_uuid_pin *pin;
823
824 dl_list_for_each(pin, &reg->pins, struct wps_uuid_pin, list) {
825 if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
826 if (pin->wildcard_uuid == 2) {
827 wpa_printf(MSG_DEBUG, "WPS: Invalidating used "
828 "wildcard PIN");
829 return wps_registrar_invalidate_pin(reg, uuid);
830 }
831 pin->flags &= ~PIN_LOCKED;
832 return 0;
833 }
834 }
835
836 return -1;
837 }
838
839
840 static void wps_registrar_stop_pbc(struct wps_registrar *reg)
841 {
842 reg->selected_registrar = 0;
843 reg->pbc = 0;
844 wps_registrar_selected_registrar_changed(reg);
845 }
846
847
848 static void wps_registrar_pbc_timeout(void *eloop_ctx, void *timeout_ctx)
849 {
850 struct wps_registrar *reg = eloop_ctx;
851
852 wpa_printf(MSG_DEBUG, "WPS: PBC timed out - disable PBC mode");
853 wps_pbc_timeout_event(reg->wps);
854 wps_registrar_stop_pbc(reg);
855 }
856
857
858 /**
859 * wps_registrar_button_pushed - Notify Registrar that AP button was pushed
860 * @reg: Registrar data from wps_registrar_init()
861 * Returns: 0 on success, -1 on failure
862 *
863 * This function is called on an AP when a push button is pushed to activate
864 * PBC mode. The PBC mode will be stopped after walk time (2 minutes) timeout
865 * or when a PBC registration is completed.
866 */
867 int wps_registrar_button_pushed(struct wps_registrar *reg)
868 {
869 if (wps_registrar_pbc_overlap(reg, NULL, NULL)) {
870 wpa_printf(MSG_DEBUG, "WPS: PBC overlap - do not start PBC "
871 "mode");
872 wps_pbc_overlap_event(reg->wps);
873 return -1;
874 }
875 wpa_printf(MSG_DEBUG, "WPS: Button pushed - PBC mode started");
876 reg->force_pbc_overlap = 0;
877 reg->selected_registrar = 1;
878 reg->pbc = 1;
879 wps_registrar_selected_registrar_changed(reg);
880
881 eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
882 eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
883 eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wps_registrar_pbc_timeout,
884 reg, NULL);
885 return 0;
886 }
887
888
889 static void wps_registrar_pbc_completed(struct wps_registrar *reg)
890 {
891 wpa_printf(MSG_DEBUG, "WPS: PBC completed - stopping PBC mode");
892 eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
893 wps_registrar_stop_pbc(reg);
894 }
895
896
897 static void wps_registrar_pin_completed(struct wps_registrar *reg)
898 {
899 wpa_printf(MSG_DEBUG, "WPS: PIN completed using internal Registrar");
900 eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
901 reg->selected_registrar = 0;
902 wps_registrar_selected_registrar_changed(reg);
903 }
904
905
906 int wps_registrar_wps_cancel(struct wps_registrar *reg)
907 {
908 if (reg->pbc) {
909 wpa_printf(MSG_DEBUG, "WPS: PBC is set - cancelling it");
910 wps_registrar_pbc_timeout(reg, NULL);
911 return 1;
912 } else if (reg->selected_registrar) {
913 /* PIN Method */
914 wpa_printf(MSG_DEBUG, "WPS: PIN is set - cancelling it");
915 wps_registrar_pin_completed(reg);
916 wps_registrar_invalidate_wildcard_pin(reg);
917 return 1;
918 }
919 return 0;
920 }
921
922
923 /**
924 * wps_registrar_probe_req_rx - Notify Registrar of Probe Request
925 * @reg: Registrar data from wps_registrar_init()
926 * @addr: MAC address of the Probe Request sender
927 * @wps_data: WPS IE contents
928 *
929 * This function is called on an AP when a Probe Request with WPS IE is
930 * received. This is used to track PBC mode use and to detect possible overlap
931 * situation with other WPS APs.
932 */
933 void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr,
934 const struct wpabuf *wps_data,
935 int p2p_wildcard)
936 {
937 struct wps_parse_attr attr;
938
939 wpa_hexdump_buf(MSG_MSGDUMP,
940 "WPS: Probe Request with WPS data received",
941 wps_data);
942
943 if (wps_parse_msg(wps_data, &attr) < 0)
944 return;
945
946 if (attr.config_methods == NULL) {
947 wpa_printf(MSG_DEBUG, "WPS: No Config Methods attribute in "
948 "Probe Request");
949 return;
950 }
951
952 if (attr.dev_password_id == NULL) {
953 wpa_printf(MSG_DEBUG, "WPS: No Device Password Id attribute "
954 "in Probe Request");
955 return;
956 }
957
958 if (reg->enrollee_seen_cb && attr.uuid_e &&
959 attr.primary_dev_type && attr.request_type && !p2p_wildcard) {
960 char *dev_name = NULL;
961 if (attr.dev_name) {
962 dev_name = os_zalloc(attr.dev_name_len + 1);
963 if (dev_name) {
964 os_memcpy(dev_name, attr.dev_name,
965 attr.dev_name_len);
966 }
967 }
968 reg->enrollee_seen_cb(reg->cb_ctx, addr, attr.uuid_e,
969 attr.primary_dev_type,
970 WPA_GET_BE16(attr.config_methods),
971 WPA_GET_BE16(attr.dev_password_id),
972 *attr.request_type, dev_name);
973 os_free(dev_name);
974 }
975
976 if (WPA_GET_BE16(attr.dev_password_id) != DEV_PW_PUSHBUTTON)
977 return; /* Not PBC */
978
979 wpa_printf(MSG_DEBUG, "WPS: Probe Request for PBC received from "
980 MACSTR, MAC2STR(addr));
981 if (attr.uuid_e == NULL) {
982 wpa_printf(MSG_DEBUG, "WPS: Invalid Probe Request WPS IE: No "
983 "UUID-E included");
984 return;
985 }
986
987 wps_registrar_add_pbc_session(reg, addr, attr.uuid_e);
988 if (wps_registrar_pbc_overlap(reg, addr, attr.uuid_e)) {
989 wpa_printf(MSG_DEBUG, "WPS: PBC session overlap detected");
990 reg->force_pbc_overlap = 1;
991 wps_pbc_overlap_event(reg->wps);
992 }
993 }
994
995
996 static int wps_cb_new_psk(struct wps_registrar *reg, const u8 *mac_addr,
997 const u8 *psk, size_t psk_len)
998 {
999 if (reg->new_psk_cb == NULL)
1000 return 0;
1001
1002 return reg->new_psk_cb(reg->cb_ctx, mac_addr, psk, psk_len);
1003 }
1004
1005
1006 static void wps_cb_pin_needed(struct wps_registrar *reg, const u8 *uuid_e,
1007 const struct wps_device_data *dev)
1008 {
1009 if (reg->pin_needed_cb == NULL)
1010 return;
1011
1012 reg->pin_needed_cb(reg->cb_ctx, uuid_e, dev);
1013 }
1014
1015
1016 static void wps_cb_reg_success(struct wps_registrar *reg, const u8 *mac_addr,
1017 const u8 *uuid_e)
1018 {
1019 if (reg->reg_success_cb == NULL)
1020 return;
1021
1022 reg->reg_success_cb(reg->cb_ctx, mac_addr, uuid_e);
1023 }
1024
1025
1026 static int wps_cb_set_ie(struct wps_registrar *reg, struct wpabuf *beacon_ie,
1027 struct wpabuf *probe_resp_ie)
1028 {
1029 return reg->set_ie_cb(reg->cb_ctx, beacon_ie, probe_resp_ie);
1030 }
1031
1032
1033 static void wps_cb_set_sel_reg(struct wps_registrar *reg)
1034 {
1035 u16 methods = 0;
1036 if (reg->set_sel_reg_cb == NULL)
1037 return;
1038
1039 if (reg->selected_registrar) {
1040 methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
1041 #ifdef CONFIG_WPS2
1042 methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
1043 WPS_CONFIG_PHY_PUSHBUTTON);
1044 #endif /* CONFIG_WPS2 */
1045 if (reg->pbc)
1046 wps_set_pushbutton(&methods, reg->wps->config_methods);
1047 }
1048
1049 wpa_printf(MSG_DEBUG, "WPS: wps_cb_set_sel_reg: sel_reg=%d "
1050 "config_methods=0x%x pbc=%d methods=0x%x",
1051 reg->selected_registrar, reg->wps->config_methods,
1052 reg->pbc, methods);
1053
1054 reg->set_sel_reg_cb(reg->cb_ctx, reg->selected_registrar,
1055 reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT,
1056 methods);
1057 }
1058
1059
1060 static int wps_set_ie(struct wps_registrar *reg)
1061 {
1062 struct wpabuf *beacon;
1063 struct wpabuf *probe;
1064 const u8 *auth_macs;
1065 size_t count;
1066
1067 if (reg->set_ie_cb == NULL)
1068 return 0;
1069
1070 beacon = wpabuf_alloc(400);
1071 if (beacon == NULL)
1072 return -1;
1073 probe = wpabuf_alloc(500);
1074 if (probe == NULL) {
1075 wpabuf_free(beacon);
1076 return -1;
1077 }
1078
1079 auth_macs = wps_authorized_macs(reg, &count);
1080
1081 wpa_printf(MSG_DEBUG, "WPS: Build Beacon IEs");
1082
1083 if (wps_build_version(beacon) ||
1084 wps_build_wps_state(reg->wps, beacon) ||
1085 wps_build_ap_setup_locked(reg->wps, beacon) ||
1086 wps_build_selected_registrar(reg, beacon) ||
1087 wps_build_sel_reg_dev_password_id(reg, beacon) ||
1088 wps_build_sel_reg_config_methods(reg, beacon) ||
1089 wps_build_sel_pbc_reg_uuid_e(reg, beacon) ||
1090 (reg->dualband && wps_build_rf_bands(&reg->wps->dev, beacon)) ||
1091 wps_build_wfa_ext(beacon, 0, auth_macs, count)) {
1092 wpabuf_free(beacon);
1093 wpabuf_free(probe);
1094 return -1;
1095 }
1096
1097 wpa_printf(MSG_DEBUG, "WPS: Build Probe Response IEs");
1098
1099 if (wps_build_version(probe) ||
1100 wps_build_wps_state(reg->wps, probe) ||
1101 wps_build_ap_setup_locked(reg->wps, probe) ||
1102 wps_build_selected_registrar(reg, probe) ||
1103 wps_build_sel_reg_dev_password_id(reg, probe) ||
1104 wps_build_sel_reg_config_methods(reg, probe) ||
1105 wps_build_resp_type(probe, reg->wps->ap ? WPS_RESP_AP :
1106 WPS_RESP_REGISTRAR) ||
1107 wps_build_uuid_e(probe, reg->wps->uuid) ||
1108 wps_build_device_attrs(&reg->wps->dev, probe) ||
1109 wps_build_probe_config_methods(reg, probe) ||
1110 wps_build_rf_bands(&reg->wps->dev, probe) ||
1111 wps_build_wfa_ext(probe, 0, auth_macs, count)) {
1112 wpabuf_free(beacon);
1113 wpabuf_free(probe);
1114 return -1;
1115 }
1116
1117 #ifdef CONFIG_P2P
1118 if (wps_build_dev_name(&reg->wps->dev, beacon) ||
1119 wps_build_primary_dev_type(&reg->wps->dev, beacon)) {
1120 wpabuf_free(beacon);
1121 wpabuf_free(probe);
1122 return -1;
1123 }
1124 #endif /* CONFIG_P2P */
1125
1126 beacon = wps_ie_encapsulate(beacon);
1127 probe = wps_ie_encapsulate(probe);
1128
1129 if (!beacon || !probe) {
1130 wpabuf_free(beacon);
1131 wpabuf_free(probe);
1132 return -1;
1133 }
1134
1135 if (reg->static_wep_only) {
1136 /*
1137 * Windows XP and Vista clients can get confused about
1138 * EAP-Identity/Request when they probe the network with
1139 * EAPOL-Start. In such a case, they may assume the network is
1140 * using IEEE 802.1X and prompt user for a certificate while
1141 * the correct (non-WPS) behavior would be to ask for the
1142 * static WEP key. As a workaround, use Microsoft Provisioning
1143 * IE to advertise that legacy 802.1X is not supported.
1144 */
1145 const u8 ms_wps[7] = {
1146 WLAN_EID_VENDOR_SPECIFIC, 5,
1147 /* Microsoft Provisioning IE (00:50:f2:5) */
1148 0x00, 0x50, 0xf2, 5,
1149 0x00 /* no legacy 802.1X or MS WPS */
1150 };
1151 wpa_printf(MSG_DEBUG, "WPS: Add Microsoft Provisioning IE "
1152 "into Beacon/Probe Response frames");
1153 wpabuf_put_data(beacon, ms_wps, sizeof(ms_wps));
1154 wpabuf_put_data(probe, ms_wps, sizeof(ms_wps));
1155 }
1156
1157 return wps_cb_set_ie(reg, beacon, probe);
1158 }
1159
1160
1161 static int wps_get_dev_password(struct wps_data *wps)
1162 {
1163 const u8 *pin;
1164 size_t pin_len = 0;
1165
1166 os_free(wps->dev_password);
1167 wps->dev_password = NULL;
1168
1169 if (wps->pbc) {
1170 wpa_printf(MSG_DEBUG, "WPS: Use default PIN for PBC");
1171 pin = (const u8 *) "00000000";
1172 pin_len = 8;
1173 } else {
1174 pin = wps_registrar_get_pin(wps->wps->registrar, wps->uuid_e,
1175 &pin_len);
1176 }
1177 if (pin == NULL) {
1178 wpa_printf(MSG_DEBUG, "WPS: No Device Password available for "
1179 "the Enrollee");
1180 wps_cb_pin_needed(wps->wps->registrar, wps->uuid_e,
1181 &wps->peer_dev);
1182 return -1;
1183 }
1184
1185 wps->dev_password = os_malloc(pin_len);
1186 if (wps->dev_password == NULL)
1187 return -1;
1188 os_memcpy(wps->dev_password, pin, pin_len);
1189 wps->dev_password_len = pin_len;
1190
1191 return 0;
1192 }
1193
1194
1195 static int wps_build_uuid_r(struct wps_data *wps, struct wpabuf *msg)
1196 {
1197 wpa_printf(MSG_DEBUG, "WPS: * UUID-R");
1198 wpabuf_put_be16(msg, ATTR_UUID_R);
1199 wpabuf_put_be16(msg, WPS_UUID_LEN);
1200 wpabuf_put_data(msg, wps->uuid_r, WPS_UUID_LEN);
1201 return 0;
1202 }
1203
1204
1205 static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg)
1206 {
1207 u8 *hash;
1208 const u8 *addr[4];
1209 size_t len[4];
1210
1211 if (os_get_random(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
1212 return -1;
1213 wpa_hexdump(MSG_DEBUG, "WPS: R-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
1214 wpa_hexdump(MSG_DEBUG, "WPS: R-S2",
1215 wps->snonce + WPS_SECRET_NONCE_LEN, WPS_SECRET_NONCE_LEN);
1216
1217 if (wps->dh_pubkey_e == NULL || wps->dh_pubkey_r == NULL) {
1218 wpa_printf(MSG_DEBUG, "WPS: DH public keys not available for "
1219 "R-Hash derivation");
1220 return -1;
1221 }
1222
1223 wpa_printf(MSG_DEBUG, "WPS: * R-Hash1");
1224 wpabuf_put_be16(msg, ATTR_R_HASH1);
1225 wpabuf_put_be16(msg, SHA256_MAC_LEN);
1226 hash = wpabuf_put(msg, SHA256_MAC_LEN);
1227 /* R-Hash1 = HMAC_AuthKey(R-S1 || PSK1 || PK_E || PK_R) */
1228 addr[0] = wps->snonce;
1229 len[0] = WPS_SECRET_NONCE_LEN;
1230 addr[1] = wps->psk1;
1231 len[1] = WPS_PSK_LEN;
1232 addr[2] = wpabuf_head(wps->dh_pubkey_e);
1233 len[2] = wpabuf_len(wps->dh_pubkey_e);
1234 addr[3] = wpabuf_head(wps->dh_pubkey_r);
1235 len[3] = wpabuf_len(wps->dh_pubkey_r);
1236 hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
1237 wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", hash, SHA256_MAC_LEN);
1238
1239 wpa_printf(MSG_DEBUG, "WPS: * R-Hash2");
1240 wpabuf_put_be16(msg, ATTR_R_HASH2);
1241 wpabuf_put_be16(msg, SHA256_MAC_LEN);
1242 hash = wpabuf_put(msg, SHA256_MAC_LEN);
1243 /* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
1244 addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
1245 addr[1] = wps->psk2;
1246 hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
1247 wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", hash, SHA256_MAC_LEN);
1248
1249 return 0;
1250 }
1251
1252
1253 static int wps_build_r_snonce1(struct wps_data *wps, struct wpabuf *msg)
1254 {
1255 wpa_printf(MSG_DEBUG, "WPS: * R-SNonce1");
1256 wpabuf_put_be16(msg, ATTR_R_SNONCE1);
1257 wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
1258 wpabuf_put_data(msg, wps->snonce, WPS_SECRET_NONCE_LEN);
1259 return 0;
1260 }
1261
1262
1263 static int wps_build_r_snonce2(struct wps_data *wps, struct wpabuf *msg)
1264 {
1265 wpa_printf(MSG_DEBUG, "WPS: * R-SNonce2");
1266 wpabuf_put_be16(msg, ATTR_R_SNONCE2);
1267 wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
1268 wpabuf_put_data(msg, wps->snonce + WPS_SECRET_NONCE_LEN,
1269 WPS_SECRET_NONCE_LEN);
1270 return 0;
1271 }
1272
1273
1274 static int wps_build_cred_network_idx(struct wpabuf *msg,
1275 const struct wps_credential *cred)
1276 {
1277 wpa_printf(MSG_DEBUG, "WPS: * Network Index (1)");
1278 wpabuf_put_be16(msg, ATTR_NETWORK_INDEX);
1279 wpabuf_put_be16(msg, 1);
1280 wpabuf_put_u8(msg, 1);
1281 return 0;
1282 }
1283
1284
1285 static int wps_build_cred_ssid(struct wpabuf *msg,
1286 const struct wps_credential *cred)
1287 {
1288 wpa_printf(MSG_DEBUG, "WPS: * SSID");
1289 wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID for Credential",
1290 cred->ssid, cred->ssid_len);
1291 wpabuf_put_be16(msg, ATTR_SSID);
1292 wpabuf_put_be16(msg, cred->ssid_len);
1293 wpabuf_put_data(msg, cred->ssid, cred->ssid_len);
1294 return 0;
1295 }
1296
1297
1298 static int wps_build_cred_auth_type(struct wpabuf *msg,
1299 const struct wps_credential *cred)
1300 {
1301 wpa_printf(MSG_DEBUG, "WPS: * Authentication Type (0x%x)",
1302 cred->auth_type);
1303 wpabuf_put_be16(msg, ATTR_AUTH_TYPE);
1304 wpabuf_put_be16(msg, 2);
1305 wpabuf_put_be16(msg, cred->auth_type);
1306 return 0;
1307 }
1308
1309
1310 static int wps_build_cred_encr_type(struct wpabuf *msg,
1311 const struct wps_credential *cred)
1312 {
1313 wpa_printf(MSG_DEBUG, "WPS: * Encryption Type (0x%x)",
1314 cred->encr_type);
1315 wpabuf_put_be16(msg, ATTR_ENCR_TYPE);
1316 wpabuf_put_be16(msg, 2);
1317 wpabuf_put_be16(msg, cred->encr_type);
1318 return 0;
1319 }
1320
1321
1322 static int wps_build_cred_network_key(struct wpabuf *msg,
1323 const struct wps_credential *cred)
1324 {
1325 wpa_printf(MSG_DEBUG, "WPS: * Network Key (len=%d)",
1326 (int) cred->key_len);
1327 wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
1328 cred->key, cred->key_len);
1329 wpabuf_put_be16(msg, ATTR_NETWORK_KEY);
1330 wpabuf_put_be16(msg, cred->key_len);
1331 wpabuf_put_data(msg, cred->key, cred->key_len);
1332 return 0;
1333 }
1334
1335
1336 static int wps_build_cred_mac_addr(struct wpabuf *msg,
1337 const struct wps_credential *cred)
1338 {
1339 wpa_printf(MSG_DEBUG, "WPS: * MAC Address (" MACSTR ")",
1340 MAC2STR(cred->mac_addr));
1341 wpabuf_put_be16(msg, ATTR_MAC_ADDR);
1342 wpabuf_put_be16(msg, ETH_ALEN);
1343 wpabuf_put_data(msg, cred->mac_addr, ETH_ALEN);
1344 return 0;
1345 }
1346
1347
1348 static int wps_build_credential(struct wpabuf *msg,
1349 const struct wps_credential *cred)
1350 {
1351 if (wps_build_cred_network_idx(msg, cred) ||
1352 wps_build_cred_ssid(msg, cred) ||
1353 wps_build_cred_auth_type(msg, cred) ||
1354 wps_build_cred_encr_type(msg, cred) ||
1355 wps_build_cred_network_key(msg, cred) ||
1356 wps_build_cred_mac_addr(msg, cred))
1357 return -1;
1358 return 0;
1359 }
1360
1361
1362 int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
1363 {
1364 struct wpabuf *cred;
1365
1366 if (wps->wps->registrar->skip_cred_build)
1367 goto skip_cred_build;
1368
1369 wpa_printf(MSG_DEBUG, "WPS: * Credential");
1370 if (wps->use_cred) {
1371 os_memcpy(&wps->cred, wps->use_cred, sizeof(wps->cred));
1372 goto use_provided;
1373 }
1374 os_memset(&wps->cred, 0, sizeof(wps->cred));
1375
1376 os_memcpy(wps->cred.ssid, wps->wps->ssid, wps->wps->ssid_len);
1377 wps->cred.ssid_len = wps->wps->ssid_len;
1378
1379 /* Select the best authentication and encryption type */
1380 if (wps->auth_type & WPS_AUTH_WPA2PSK)
1381 wps->auth_type = WPS_AUTH_WPA2PSK;
1382 else if (wps->auth_type & WPS_AUTH_WPAPSK)
1383 wps->auth_type = WPS_AUTH_WPAPSK;
1384 else if (wps->auth_type & WPS_AUTH_OPEN)
1385 wps->auth_type = WPS_AUTH_OPEN;
1386 else if (wps->auth_type & WPS_AUTH_SHARED)
1387 wps->auth_type = WPS_AUTH_SHARED;
1388 else {
1389 wpa_printf(MSG_DEBUG, "WPS: Unsupported auth_type 0x%x",
1390 wps->auth_type);
1391 return -1;
1392 }
1393 wps->cred.auth_type = wps->auth_type;
1394
1395 if (wps->auth_type == WPS_AUTH_WPA2PSK ||
1396 wps->auth_type == WPS_AUTH_WPAPSK) {
1397 if (wps->encr_type & WPS_ENCR_AES)
1398 wps->encr_type = WPS_ENCR_AES;
1399 else if (wps->encr_type & WPS_ENCR_TKIP)
1400 wps->encr_type = WPS_ENCR_TKIP;
1401 else {
1402 wpa_printf(MSG_DEBUG, "WPS: No suitable encryption "
1403 "type for WPA/WPA2");
1404 return -1;
1405 }
1406 } else {
1407 if (wps->encr_type & WPS_ENCR_WEP)
1408 wps->encr_type = WPS_ENCR_WEP;
1409 else if (wps->encr_type & WPS_ENCR_NONE)
1410 wps->encr_type = WPS_ENCR_NONE;
1411 else {
1412 wpa_printf(MSG_DEBUG, "WPS: No suitable encryption "
1413 "type for non-WPA/WPA2 mode");
1414 return -1;
1415 }
1416 }
1417 wps->cred.encr_type = wps->encr_type;
1418 /*
1419 * Set MAC address in the Credential to be the Enrollee's MAC address
1420 */
1421 os_memcpy(wps->cred.mac_addr, wps->mac_addr_e, ETH_ALEN);
1422
1423 if (wps->wps->wps_state == WPS_STATE_NOT_CONFIGURED && wps->wps->ap &&
1424 !wps->wps->registrar->disable_auto_conf) {
1425 u8 r[16];
1426 /* Generate a random passphrase */
1427 if (os_get_random(r, sizeof(r)) < 0)
1428 return -1;
1429 os_free(wps->new_psk);
1430 wps->new_psk = base64_encode(r, sizeof(r), &wps->new_psk_len);
1431 if (wps->new_psk == NULL)
1432 return -1;
1433 wps->new_psk_len--; /* remove newline */
1434 while (wps->new_psk_len &&
1435 wps->new_psk[wps->new_psk_len - 1] == '=')
1436 wps->new_psk_len--;
1437 wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: Generated passphrase",
1438 wps->new_psk, wps->new_psk_len);
1439 os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);
1440 wps->cred.key_len = wps->new_psk_len;
1441 } else if (wps->use_psk_key && wps->wps->psk_set) {
1442 char hex[65];
1443 wpa_printf(MSG_DEBUG, "WPS: Use PSK format for Network Key");
1444 wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, 32);
1445 os_memcpy(wps->cred.key, hex, 32 * 2);
1446 wps->cred.key_len = 32 * 2;
1447 } else if (wps->wps->network_key) {
1448 os_memcpy(wps->cred.key, wps->wps->network_key,
1449 wps->wps->network_key_len);
1450 wps->cred.key_len = wps->wps->network_key_len;
1451 } else if (wps->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
1452 char hex[65];
1453 /* Generate a random per-device PSK */
1454 os_free(wps->new_psk);
1455 wps->new_psk_len = 32;
1456 wps->new_psk = os_malloc(wps->new_psk_len);
1457 if (wps->new_psk == NULL)
1458 return -1;
1459 if (os_get_random(wps->new_psk, wps->new_psk_len) < 0) {
1460 os_free(wps->new_psk);
1461 wps->new_psk = NULL;
1462 return -1;
1463 }
1464 wpa_hexdump_key(MSG_DEBUG, "WPS: Generated per-device PSK",
1465 wps->new_psk, wps->new_psk_len);
1466 wpa_snprintf_hex(hex, sizeof(hex), wps->new_psk,
1467 wps->new_psk_len);
1468 os_memcpy(wps->cred.key, hex, wps->new_psk_len * 2);
1469 wps->cred.key_len = wps->new_psk_len * 2;
1470 }
1471
1472 use_provided:
1473 #ifdef CONFIG_WPS_TESTING
1474 if (wps_testing_dummy_cred)
1475 cred = wpabuf_alloc(200);
1476 else
1477 cred = NULL;
1478 if (cred) {
1479 struct wps_credential dummy;
1480 wpa_printf(MSG_DEBUG, "WPS: Add dummy credential");
1481 os_memset(&dummy, 0, sizeof(dummy));
1482 os_memcpy(dummy.ssid, "dummy", 5);
1483 dummy.ssid_len = 5;
1484 dummy.auth_type = WPS_AUTH_WPA2PSK;
1485 dummy.encr_type = WPS_ENCR_AES;
1486 os_memcpy(dummy.key, "dummy psk", 9);
1487 dummy.key_len = 9;
1488 os_memcpy(dummy.mac_addr, wps->mac_addr_e, ETH_ALEN);
1489 wps_build_credential(cred, &dummy);
1490 wpa_hexdump_buf(MSG_DEBUG, "WPS: Dummy Credential", cred);
1491
1492 wpabuf_put_be16(msg, ATTR_CRED);
1493 wpabuf_put_be16(msg, wpabuf_len(cred));
1494 wpabuf_put_buf(msg, cred);
1495
1496 wpabuf_free(cred);
1497 }
1498 #endif /* CONFIG_WPS_TESTING */
1499
1500 cred = wpabuf_alloc(200);
1501 if (cred == NULL)
1502 return -1;
1503
1504 if (wps_build_credential(cred, &wps->cred)) {
1505 wpabuf_free(cred);
1506 return -1;
1507 }
1508
1509 wpabuf_put_be16(msg, ATTR_CRED);
1510 wpabuf_put_be16(msg, wpabuf_len(cred));
1511 wpabuf_put_buf(msg, cred);
1512 wpabuf_free(cred);
1513
1514 skip_cred_build:
1515 if (wps->wps->registrar->extra_cred) {
1516 wpa_printf(MSG_DEBUG, "WPS: * Credential (pre-configured)");
1517 wpabuf_put_buf(msg, wps->wps->registrar->extra_cred);
1518 }
1519
1520 return 0;
1521 }
1522
1523
1524 static int wps_build_ap_settings(struct wps_data *wps, struct wpabuf *msg)
1525 {
1526 wpa_printf(MSG_DEBUG, "WPS: * AP Settings");
1527
1528 if (wps_build_credential(msg, &wps->cred))
1529 return -1;
1530
1531 return 0;
1532 }
1533
1534
1535 static struct wpabuf * wps_build_m2(struct wps_data *wps)
1536 {
1537 struct wpabuf *msg;
1538
1539 if (os_get_random(wps->nonce_r, WPS_NONCE_LEN) < 0)
1540 return NULL;
1541 wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce",
1542 wps->nonce_r, WPS_NONCE_LEN);
1543 wpa_hexdump(MSG_DEBUG, "WPS: UUID-R", wps->uuid_r, WPS_UUID_LEN);
1544
1545 wpa_printf(MSG_DEBUG, "WPS: Building Message M2");
1546 msg = wpabuf_alloc(1000);
1547 if (msg == NULL)
1548 return NULL;
1549
1550 if (wps_build_version(msg) ||
1551 wps_build_msg_type(msg, WPS_M2) ||
1552 wps_build_enrollee_nonce(wps, msg) ||
1553 wps_build_registrar_nonce(wps, msg) ||
1554 wps_build_uuid_r(wps, msg) ||
1555 wps_build_public_key(wps, msg) ||
1556 wps_derive_keys(wps) ||
1557 wps_build_auth_type_flags(wps, msg) ||
1558 wps_build_encr_type_flags(wps, msg) ||
1559 wps_build_conn_type_flags(wps, msg) ||
1560 wps_build_config_methods_r(wps->wps->registrar, msg) ||
1561 wps_build_device_attrs(&wps->wps->dev, msg) ||
1562 wps_build_rf_bands(&wps->wps->dev, msg) ||
1563 wps_build_assoc_state(wps, msg) ||
1564 wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
1565 wps_build_dev_password_id(msg, wps->dev_pw_id) ||
1566 wps_build_os_version(&wps->wps->dev, msg) ||
1567 wps_build_wfa_ext(msg, 0, NULL, 0) ||
1568 wps_build_authenticator(wps, msg)) {
1569 wpabuf_free(msg);
1570 return NULL;
1571 }
1572
1573 wps->int_reg = 1;
1574 wps->state = RECV_M3;
1575 return msg;
1576 }
1577
1578
1579 static struct wpabuf * wps_build_m2d(struct wps_data *wps)
1580 {
1581 struct wpabuf *msg;
1582 u16 err = wps->config_error;
1583
1584 wpa_printf(MSG_DEBUG, "WPS: Building Message M2D");
1585 msg = wpabuf_alloc(1000);
1586 if (msg == NULL)
1587 return NULL;
1588
1589 if (wps->wps->ap && wps->wps->ap_setup_locked &&
1590 err == WPS_CFG_NO_ERROR)
1591 err = WPS_CFG_SETUP_LOCKED;
1592
1593 if (wps_build_version(msg) ||
1594 wps_build_msg_type(msg, WPS_M2D) ||
1595 wps_build_enrollee_nonce(wps, msg) ||
1596 wps_build_registrar_nonce(wps, msg) ||
1597 wps_build_uuid_r(wps, msg) ||
1598 wps_build_auth_type_flags(wps, msg) ||
1599 wps_build_encr_type_flags(wps, msg) ||
1600 wps_build_conn_type_flags(wps, msg) ||
1601 wps_build_config_methods_r(wps->wps->registrar, msg) ||
1602 wps_build_device_attrs(&wps->wps->dev, msg) ||
1603 wps_build_rf_bands(&wps->wps->dev, msg) ||
1604 wps_build_assoc_state(wps, msg) ||
1605 wps_build_config_error(msg, err) ||
1606 wps_build_os_version(&wps->wps->dev, msg) ||
1607 wps_build_wfa_ext(msg, 0, NULL, 0)) {
1608 wpabuf_free(msg);
1609 return NULL;
1610 }
1611
1612 wps->state = RECV_M2D_ACK;
1613 return msg;
1614 }
1615
1616
1617 static struct wpabuf * wps_build_m4(struct wps_data *wps)
1618 {
1619 struct wpabuf *msg, *plain;
1620
1621 wpa_printf(MSG_DEBUG, "WPS: Building Message M4");
1622
1623 wps_derive_psk(wps, wps->dev_password, wps->dev_password_len);
1624
1625 plain = wpabuf_alloc(200);
1626 if (plain == NULL)
1627 return NULL;
1628
1629 msg = wpabuf_alloc(1000);
1630 if (msg == NULL) {
1631 wpabuf_free(plain);
1632 return NULL;
1633 }
1634
1635 if (wps_build_version(msg) ||
1636 wps_build_msg_type(msg, WPS_M4) ||
1637 wps_build_enrollee_nonce(wps, msg) ||
1638 wps_build_r_hash(wps, msg) ||
1639 wps_build_r_snonce1(wps, plain) ||
1640 wps_build_key_wrap_auth(wps, plain) ||
1641 wps_build_encr_settings(wps, msg, plain) ||
1642 wps_build_wfa_ext(msg, 0, NULL, 0) ||
1643 wps_build_authenticator(wps, msg)) {
1644 wpabuf_free(plain);
1645 wpabuf_free(msg);
1646 return NULL;
1647 }
1648 wpabuf_free(plain);
1649
1650 wps->state = RECV_M5;
1651 return msg;
1652 }
1653
1654
1655 static struct wpabuf * wps_build_m6(struct wps_data *wps)
1656 {
1657 struct wpabuf *msg, *plain;
1658
1659 wpa_printf(MSG_DEBUG, "WPS: Building Message M6");
1660
1661 plain = wpabuf_alloc(200);
1662 if (plain == NULL)
1663 return NULL;
1664
1665 msg = wpabuf_alloc(1000);
1666 if (msg == NULL) {
1667 wpabuf_free(plain);
1668 return NULL;
1669 }
1670
1671 if (wps_build_version(msg) ||
1672 wps_build_msg_type(msg, WPS_M6) ||
1673 wps_build_enrollee_nonce(wps, msg) ||
1674 wps_build_r_snonce2(wps, plain) ||
1675 wps_build_key_wrap_auth(wps, plain) ||
1676 wps_build_encr_settings(wps, msg, plain) ||
1677 wps_build_wfa_ext(msg, 0, NULL, 0) ||
1678 wps_build_authenticator(wps, msg)) {
1679 wpabuf_free(plain);
1680 wpabuf_free(msg);
1681 return NULL;
1682 }
1683 wpabuf_free(plain);
1684
1685 wps->wps_pin_revealed = 1;
1686 wps->state = RECV_M7;
1687 return msg;
1688 }
1689
1690
1691 static struct wpabuf * wps_build_m8(struct wps_data *wps)
1692 {
1693 struct wpabuf *msg, *plain;
1694
1695 wpa_printf(MSG_DEBUG, "WPS: Building Message M8");
1696
1697 plain = wpabuf_alloc(500);
1698 if (plain == NULL)
1699 return NULL;
1700
1701 msg = wpabuf_alloc(1000);
1702 if (msg == NULL) {
1703 wpabuf_free(plain);
1704 return NULL;
1705 }
1706
1707 if (wps_build_version(msg) ||
1708 wps_build_msg_type(msg, WPS_M8) ||
1709 wps_build_enrollee_nonce(wps, msg) ||
1710 ((wps->wps->ap || wps->er) && wps_build_cred(wps, plain)) ||
1711 (!wps->wps->ap && !wps->er && wps_build_ap_settings(wps, plain)) ||
1712 wps_build_key_wrap_auth(wps, plain) ||
1713 wps_build_encr_settings(wps, msg, plain) ||
1714 wps_build_wfa_ext(msg, 0, NULL, 0) ||
1715 wps_build_authenticator(wps, msg)) {
1716 wpabuf_free(plain);
1717 wpabuf_free(msg);
1718 return NULL;
1719 }
1720 wpabuf_free(plain);
1721
1722 wps->state = RECV_DONE;
1723 return msg;
1724 }
1725
1726
1727 struct wpabuf * wps_registrar_get_msg(struct wps_data *wps,
1728 enum wsc_op_code *op_code)
1729 {
1730 struct wpabuf *msg;
1731
1732 #ifdef CONFIG_WPS_UPNP
1733 if (!wps->int_reg && wps->wps->wps_upnp) {
1734 struct upnp_pending_message *p, *prev = NULL;
1735 if (wps->ext_reg > 1)
1736 wps_registrar_free_pending_m2(wps->wps);
1737 p = wps->wps->upnp_msgs;
1738 /* TODO: check pending message MAC address */
1739 while (p && p->next) {
1740 prev = p;
1741 p = p->next;
1742 }
1743 if (p) {
1744 wpa_printf(MSG_DEBUG, "WPS: Use pending message from "
1745 "UPnP");
1746 if (prev)
1747 prev->next = NULL;
1748 else
1749 wps->wps->upnp_msgs = NULL;
1750 msg = p->msg;
1751 switch (p->type) {
1752 case WPS_WSC_ACK:
1753 *op_code = WSC_ACK;
1754 break;
1755 case WPS_WSC_NACK:
1756 *op_code = WSC_NACK;
1757 break;
1758 default:
1759 *op_code = WSC_MSG;
1760 break;
1761 }
1762 os_free(p);
1763 if (wps->ext_reg == 0)
1764 wps->ext_reg = 1;
1765 return msg;
1766 }
1767 }
1768 if (wps->ext_reg) {
1769 wpa_printf(MSG_DEBUG, "WPS: Using external Registrar, but no "
1770 "pending message available");
1771 return NULL;
1772 }
1773 #endif /* CONFIG_WPS_UPNP */
1774
1775 switch (wps->state) {
1776 case SEND_M2:
1777 if (wps_get_dev_password(wps) < 0)
1778 msg = wps_build_m2d(wps);
1779 else
1780 msg = wps_build_m2(wps);
1781 *op_code = WSC_MSG;
1782 break;
1783 case SEND_M2D:
1784 msg = wps_build_m2d(wps);
1785 *op_code = WSC_MSG;
1786 break;
1787 case SEND_M4:
1788 msg = wps_build_m4(wps);
1789 *op_code = WSC_MSG;
1790 break;
1791 case SEND_M6:
1792 msg = wps_build_m6(wps);
1793 *op_code = WSC_MSG;
1794 break;
1795 case SEND_M8:
1796 msg = wps_build_m8(wps);
1797 *op_code = WSC_MSG;
1798 break;
1799 case RECV_DONE:
1800 msg = wps_build_wsc_ack(wps);
1801 *op_code = WSC_ACK;
1802 break;
1803 case SEND_WSC_NACK:
1804 msg = wps_build_wsc_nack(wps);
1805 *op_code = WSC_NACK;
1806 break;
1807 default:
1808 wpa_printf(MSG_DEBUG, "WPS: Unsupported state %d for building "
1809 "a message", wps->state);
1810 msg = NULL;
1811 break;
1812 }
1813
1814 if (*op_code == WSC_MSG && msg) {
1815 /* Save a copy of the last message for Authenticator derivation
1816 */
1817 wpabuf_free(wps->last_msg);
1818 wps->last_msg = wpabuf_dup(msg);
1819 }
1820
1821 return msg;
1822 }
1823
1824
1825 static int wps_process_enrollee_nonce(struct wps_data *wps, const u8 *e_nonce)
1826 {
1827 if (e_nonce == NULL) {
1828 wpa_printf(MSG_DEBUG, "WPS: No Enrollee Nonce received");
1829 return -1;
1830 }
1831
1832 os_memcpy(wps->nonce_e, e_nonce, WPS_NONCE_LEN);
1833 wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce",
1834 wps->nonce_e, WPS_NONCE_LEN);
1835
1836 return 0;
1837 }
1838
1839
1840 static int wps_process_registrar_nonce(struct wps_data *wps, const u8 *r_nonce)
1841 {
1842 if (r_nonce == NULL) {
1843 wpa_printf(MSG_DEBUG, "WPS: No Registrar Nonce received");
1844 return -1;
1845 }
1846
1847 if (os_memcmp(wps->nonce_r, r_nonce, WPS_NONCE_LEN) != 0) {
1848 wpa_printf(MSG_DEBUG, "WPS: Invalid Registrar Nonce received");
1849 return -1;
1850 }
1851
1852 return 0;
1853 }
1854
1855
1856 static int wps_process_uuid_e(struct wps_data *wps, const u8 *uuid_e)
1857 {
1858 if (uuid_e == NULL) {
1859 wpa_printf(MSG_DEBUG, "WPS: No UUID-E received");
1860 return -1;
1861 }
1862
1863 os_memcpy(wps->uuid_e, uuid_e, WPS_UUID_LEN);
1864 wpa_hexdump(MSG_DEBUG, "WPS: UUID-E", wps->uuid_e, WPS_UUID_LEN);
1865
1866 return 0;
1867 }
1868
1869
1870 static int wps_process_dev_password_id(struct wps_data *wps, const u8 *pw_id)
1871 {
1872 if (pw_id == NULL) {
1873 wpa_printf(MSG_DEBUG, "WPS: No Device Password ID received");
1874 return -1;
1875 }
1876
1877 wps->dev_pw_id = WPA_GET_BE16(pw_id);
1878 wpa_printf(MSG_DEBUG, "WPS: Device Password ID %d", wps->dev_pw_id);
1879
1880 return 0;
1881 }
1882
1883
1884 static int wps_process_e_hash1(struct wps_data *wps, const u8 *e_hash1)
1885 {
1886 if (e_hash1 == NULL) {
1887 wpa_printf(MSG_DEBUG, "WPS: No E-Hash1 received");
1888 return -1;
1889 }
1890
1891 os_memcpy(wps->peer_hash1, e_hash1, WPS_HASH_LEN);
1892 wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", wps->peer_hash1, WPS_HASH_LEN);
1893
1894 return 0;
1895 }
1896
1897
1898 static int wps_process_e_hash2(struct wps_data *wps, const u8 *e_hash2)
1899 {
1900 if (e_hash2 == NULL) {
1901 wpa_printf(MSG_DEBUG, "WPS: No E-Hash2 received");
1902 return -1;
1903 }
1904
1905 os_memcpy(wps->peer_hash2, e_hash2, WPS_HASH_LEN);
1906 wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", wps->peer_hash2, WPS_HASH_LEN);
1907
1908 return 0;
1909 }
1910
1911
1912 static int wps_process_e_snonce1(struct wps_data *wps, const u8 *e_snonce1)
1913 {
1914 u8 hash[SHA256_MAC_LEN];
1915 const u8 *addr[4];
1916 size_t len[4];
1917
1918 if (e_snonce1 == NULL) {
1919 wpa_printf(MSG_DEBUG, "WPS: No E-SNonce1 received");
1920 return -1;
1921 }
1922
1923 wpa_hexdump_key(MSG_DEBUG, "WPS: E-SNonce1", e_snonce1,
1924 WPS_SECRET_NONCE_LEN);
1925
1926 /* E-Hash1 = HMAC_AuthKey(E-S1 || PSK1 || PK_E || PK_R) */
1927 addr[0] = e_snonce1;
1928 len[0] = WPS_SECRET_NONCE_LEN;
1929 addr[1] = wps->psk1;
1930 len[1] = WPS_PSK_LEN;
1931 addr[2] = wpabuf_head(wps->dh_pubkey_e);
1932 len[2] = wpabuf_len(wps->dh_pubkey_e);
1933 addr[3] = wpabuf_head(wps->dh_pubkey_r);
1934 len[3] = wpabuf_len(wps->dh_pubkey_r);
1935 hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
1936
1937 if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
1938 wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does "
1939 "not match with the pre-committed value");
1940 wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
1941 wps_pwd_auth_fail_event(wps->wps, 0, 1);
1942 return -1;
1943 }
1944
1945 wpa_printf(MSG_DEBUG, "WPS: Enrollee proved knowledge of the first "
1946 "half of the device password");
1947
1948 return 0;
1949 }
1950
1951
1952 static int wps_process_e_snonce2(struct wps_data *wps, const u8 *e_snonce2)
1953 {
1954 u8 hash[SHA256_MAC_LEN];
1955 const u8 *addr[4];
1956 size_t len[4];
1957
1958 if (e_snonce2 == NULL) {
1959 wpa_printf(MSG_DEBUG, "WPS: No E-SNonce2 received");
1960 return -1;
1961 }
1962
1963 wpa_hexdump_key(MSG_DEBUG, "WPS: E-SNonce2", e_snonce2,
1964 WPS_SECRET_NONCE_LEN);
1965
1966 /* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
1967 addr[0] = e_snonce2;
1968 len[0] = WPS_SECRET_NONCE_LEN;
1969 addr[1] = wps->psk2;
1970 len[1] = WPS_PSK_LEN;
1971 addr[2] = wpabuf_head(wps->dh_pubkey_e);
1972 len[2] = wpabuf_len(wps->dh_pubkey_e);
1973 addr[3] = wpabuf_head(wps->dh_pubkey_r);
1974 len[3] = wpabuf_len(wps->dh_pubkey_r);
1975 hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
1976
1977 if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
1978 wpa_printf(MSG_DEBUG, "WPS: E-Hash2 derived from E-S2 does "
1979 "not match with the pre-committed value");
1980 wps_registrar_invalidate_pin(wps->wps->registrar, wps->uuid_e);
1981 wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
1982 wps_pwd_auth_fail_event(wps->wps, 0, 2);
1983 return -1;
1984 }
1985
1986 wpa_printf(MSG_DEBUG, "WPS: Enrollee proved knowledge of the second "
1987 "half of the device password");
1988 wps->wps_pin_revealed = 0;
1989 wps_registrar_unlock_pin(wps->wps->registrar, wps->uuid_e);
1990
1991 return 0;
1992 }
1993
1994
1995 static int wps_process_mac_addr(struct wps_data *wps, const u8 *mac_addr)
1996 {
1997 if (mac_addr == NULL) {
1998 wpa_printf(MSG_DEBUG, "WPS: No MAC Address received");
1999 return -1;
2000 }
2001
2002 wpa_printf(MSG_DEBUG, "WPS: Enrollee MAC Address " MACSTR,
2003 MAC2STR(mac_addr));
2004 os_memcpy(wps->mac_addr_e, mac_addr, ETH_ALEN);
2005 os_memcpy(wps->peer_dev.mac_addr, mac_addr, ETH_ALEN);
2006
2007 return 0;
2008 }
2009
2010
2011 static int wps_process_pubkey(struct wps_data *wps, const u8 *pk,
2012 size_t pk_len)
2013 {
2014 if (pk == NULL || pk_len == 0) {
2015 wpa_printf(MSG_DEBUG, "WPS: No Public Key received");
2016 return -1;
2017 }
2018
2019 #ifdef CONFIG_WPS_OOB
2020 if (wps->wps->oob_conf.pubkey_hash != NULL) {
2021 const u8 *addr[1];
2022 u8 hash[WPS_HASH_LEN];
2023
2024 addr[0] = pk;
2025 sha256_vector(1, addr, &pk_len, hash);
2026 if (os_memcmp(hash,
2027 wpabuf_head(wps->wps->oob_conf.pubkey_hash),
2028 WPS_OOB_PUBKEY_HASH_LEN) != 0) {
2029 wpa_printf(MSG_ERROR, "WPS: Public Key hash error");
2030 return -1;
2031 }
2032 }
2033 #endif /* CONFIG_WPS_OOB */
2034
2035 wpabuf_free(wps->dh_pubkey_e);
2036 wps->dh_pubkey_e = wpabuf_alloc_copy(pk, pk_len);
2037 if (wps->dh_pubkey_e == NULL)
2038 return -1;
2039
2040 return 0;
2041 }
2042
2043
2044 static int wps_process_auth_type_flags(struct wps_data *wps, const u8 *auth)
2045 {
2046 u16 auth_types;
2047
2048 if (auth == NULL) {
2049 wpa_printf(MSG_DEBUG, "WPS: No Authentication Type flags "
2050 "received");
2051 return -1;
2052 }
2053
2054 auth_types = WPA_GET_BE16(auth);
2055
2056 wpa_printf(MSG_DEBUG, "WPS: Enrollee Authentication Type flags 0x%x",
2057 auth_types);
2058 wps->auth_type = wps->wps->auth_types & auth_types;
2059 if (wps->auth_type == 0) {
2060 wpa_printf(MSG_DEBUG, "WPS: No match in supported "
2061 "authentication types (own 0x%x Enrollee 0x%x)",
2062 wps->wps->auth_types, auth_types);
2063 #ifdef WPS_WORKAROUNDS
2064 /*
2065 * Some deployed implementations seem to advertise incorrect
2066 * information in this attribute. For example, Linksys WRT350N
2067 * seems to have a byteorder bug that breaks this negotiation.
2068 * In order to interoperate with existing implementations,
2069 * assume that the Enrollee supports everything we do.
2070 */
2071 wpa_printf(MSG_DEBUG, "WPS: Workaround - assume Enrollee "
2072 "does not advertise supported authentication types "
2073 "correctly");
2074 wps->auth_type = wps->wps->auth_types;
2075 #else /* WPS_WORKAROUNDS */
2076 return -1;
2077 #endif /* WPS_WORKAROUNDS */
2078 }
2079
2080 return 0;
2081 }
2082
2083
2084 static int wps_process_encr_type_flags(struct wps_data *wps, const u8 *encr)
2085 {
2086 u16 encr_types;
2087
2088 if (encr == NULL) {
2089 wpa_printf(MSG_DEBUG, "WPS: No Encryption Type flags "
2090 "received");
2091 return -1;
2092 }
2093
2094 encr_types = WPA_GET_BE16(encr);
2095
2096 wpa_printf(MSG_DEBUG, "WPS: Enrollee Encryption Type flags 0x%x",
2097 encr_types);
2098 wps->encr_type = wps->wps->encr_types & encr_types;
2099 if (wps->encr_type == 0) {
2100 wpa_printf(MSG_DEBUG, "WPS: No match in supported "
2101 "encryption types (own 0x%x Enrollee 0x%x)",
2102 wps->wps->encr_types, encr_types);
2103 #ifdef WPS_WORKAROUNDS
2104 /*
2105 * Some deployed implementations seem to advertise incorrect
2106 * information in this attribute. For example, Linksys WRT350N
2107 * seems to have a byteorder bug that breaks this negotiation.
2108 * In order to interoperate with existing implementations,
2109 * assume that the Enrollee supports everything we do.
2110 */
2111 wpa_printf(MSG_DEBUG, "WPS: Workaround - assume Enrollee "
2112 "does not advertise supported encryption types "
2113 "correctly");
2114 wps->encr_type = wps->wps->encr_types;
2115 #else /* WPS_WORKAROUNDS */
2116 return -1;
2117 #endif /* WPS_WORKAROUNDS */
2118 }
2119
2120 return 0;
2121 }
2122
2123
2124 static int wps_process_conn_type_flags(struct wps_data *wps, const u8 *conn)
2125 {
2126 if (conn == NULL) {
2127 wpa_printf(MSG_DEBUG, "WPS: No Connection Type flags "
2128 "received");
2129 return -1;
2130 }
2131
2132 wpa_printf(MSG_DEBUG, "WPS: Enrollee Connection Type flags 0x%x",
2133 *conn);
2134
2135 return 0;
2136 }
2137
2138
2139 static int wps_process_config_methods(struct wps_data *wps, const u8 *methods)
2140 {
2141 u16 m;
2142
2143 if (methods == NULL) {
2144 wpa_printf(MSG_DEBUG, "WPS: No Config Methods received");
2145 return -1;
2146 }
2147
2148 m = WPA_GET_BE16(methods);
2149
2150 wpa_printf(MSG_DEBUG, "WPS: Enrollee Config Methods 0x%x"
2151 "%s%s%s%s%s%s%s%s%s", m,
2152 m & WPS_CONFIG_USBA ? " [USBA]" : "",
2153 m & WPS_CONFIG_ETHERNET ? " [Ethernet]" : "",
2154 m & WPS_CONFIG_LABEL ? " [Label]" : "",
2155 m & WPS_CONFIG_DISPLAY ? " [Display]" : "",
2156 m & WPS_CONFIG_EXT_NFC_TOKEN ? " [Ext NFC Token]" : "",
2157 m & WPS_CONFIG_INT_NFC_TOKEN ? " [Int NFC Token]" : "",
2158 m & WPS_CONFIG_NFC_INTERFACE ? " [NFC]" : "",
2159 m & WPS_CONFIG_PUSHBUTTON ? " [PBC]" : "",
2160 m & WPS_CONFIG_KEYPAD ? " [Keypad]" : "");
2161
2162 if (!(m & WPS_CONFIG_DISPLAY) && !wps->use_psk_key) {
2163 /*
2164 * The Enrollee does not have a display so it is unlikely to be
2165 * able to show the passphrase to a user and as such, could
2166 * benefit from receiving PSK to reduce key derivation time.
2167 */
2168 wpa_printf(MSG_DEBUG, "WPS: Prefer PSK format key due to "
2169 "Enrollee not supporting display");
2170 wps->use_psk_key = 1;
2171 }
2172
2173 return 0;
2174 }
2175
2176
2177 static int wps_process_wps_state(struct wps_data *wps, const u8 *state)
2178 {
2179 if (state == NULL) {
2180 wpa_printf(MSG_DEBUG, "WPS: No Wi-Fi Protected Setup State "
2181 "received");
2182 return -1;
2183 }
2184
2185 wpa_printf(MSG_DEBUG, "WPS: Enrollee Wi-Fi Protected Setup State %d",
2186 *state);
2187
2188 return 0;
2189 }
2190
2191
2192 static int wps_process_assoc_state(struct wps_data *wps, const u8 *assoc)
2193 {
2194 u16 a;
2195
2196 if (assoc == NULL) {
2197 wpa_printf(MSG_DEBUG, "WPS: No Association State received");
2198 return -1;
2199 }
2200
2201 a = WPA_GET_BE16(assoc);
2202 wpa_printf(MSG_DEBUG, "WPS: Enrollee Association State %d", a);
2203
2204 return 0;
2205 }
2206
2207
2208 static int wps_process_config_error(struct wps_data *wps, const u8 *err)
2209 {
2210 u16 e;
2211
2212 if (err == NULL) {
2213 wpa_printf(MSG_DEBUG, "WPS: No Configuration Error received");
2214 return -1;
2215 }
2216
2217 e = WPA_GET_BE16(err);
2218 wpa_printf(MSG_DEBUG, "WPS: Enrollee Configuration Error %d", e);
2219
2220 return 0;
2221 }
2222
2223
2224 static enum wps_process_res wps_process_m1(struct wps_data *wps,
2225 struct wps_parse_attr *attr)
2226 {
2227 wpa_printf(MSG_DEBUG, "WPS: Received M1");
2228
2229 if (wps->state != RECV_M1) {
2230 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
2231 "receiving M1", wps->state);
2232 return WPS_FAILURE;
2233 }
2234
2235 if (wps_process_uuid_e(wps, attr->uuid_e) ||
2236 wps_process_mac_addr(wps, attr->mac_addr) ||
2237 wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
2238 wps_process_pubkey(wps, attr->public_key, attr->public_key_len) ||
2239 wps_process_auth_type_flags(wps, attr->auth_type_flags) ||
2240 wps_process_encr_type_flags(wps, attr->encr_type_flags) ||
2241 wps_process_conn_type_flags(wps, attr->conn_type_flags) ||
2242 wps_process_config_methods(wps, attr->config_methods) ||
2243 wps_process_wps_state(wps, attr->wps_state) ||
2244 wps_process_device_attrs(&wps->peer_dev, attr) ||
2245 wps_process_rf_bands(&wps->peer_dev, attr->rf_bands) ||
2246 wps_process_assoc_state(wps, attr->assoc_state) ||
2247 wps_process_dev_password_id(wps, attr->dev_password_id) ||
2248 wps_process_config_error(wps, attr->config_error) ||
2249 wps_process_os_version(&wps->peer_dev, attr->os_version))
2250 return WPS_FAILURE;
2251
2252 if (wps->dev_pw_id < 0x10 &&
2253 wps->dev_pw_id != DEV_PW_DEFAULT &&
2254 wps->dev_pw_id != DEV_PW_USER_SPECIFIED &&
2255 wps->dev_pw_id != DEV_PW_MACHINE_SPECIFIED &&
2256 wps->dev_pw_id != DEV_PW_REGISTRAR_SPECIFIED &&
2257 (wps->dev_pw_id != DEV_PW_PUSHBUTTON ||
2258 !wps->wps->registrar->pbc)) {
2259 wpa_printf(MSG_DEBUG, "WPS: Unsupported Device Password ID %d",
2260 wps->dev_pw_id);
2261 wps->state = SEND_M2D;
2262 return WPS_CONTINUE;
2263 }
2264
2265 #ifdef CONFIG_WPS_OOB
2266 if (wps->dev_pw_id >= 0x10 &&
2267 wps->dev_pw_id != wps->wps->oob_dev_pw_id) {
2268 wpa_printf(MSG_DEBUG, "WPS: OOB Device Password ID "
2269 "%d mismatch", wps->dev_pw_id);
2270 wps->state = SEND_M2D;
2271 return WPS_CONTINUE;
2272 }
2273 #endif /* CONFIG_WPS_OOB */
2274
2275 if (wps->dev_pw_id == DEV_PW_PUSHBUTTON) {
2276 if (wps->wps->registrar->force_pbc_overlap ||
2277 wps_registrar_pbc_overlap(wps->wps->registrar,
2278 wps->mac_addr_e, wps->uuid_e)) {
2279 wpa_printf(MSG_DEBUG, "WPS: PBC overlap - deny PBC "
2280 "negotiation");
2281 wps->state = SEND_M2D;
2282 wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
2283 wps_pbc_overlap_event(wps->wps);
2284 wps->wps->registrar->force_pbc_overlap = 1;
2285 return WPS_CONTINUE;
2286 }
2287 wps_registrar_add_pbc_session(wps->wps->registrar,
2288 wps->mac_addr_e, wps->uuid_e);
2289 wps->pbc = 1;
2290 }
2291
2292 #ifdef WPS_WORKAROUNDS
2293 /*
2294 * It looks like Mac OS X 10.6.3 and 10.6.4 do not like Network Key in
2295 * passphrase format. To avoid interop issues, force PSK format to be
2296 * used.
2297 */
2298 if (!wps->use_psk_key &&
2299 wps->peer_dev.manufacturer &&
2300 os_strncmp(wps->peer_dev.manufacturer, "Apple ", 6) == 0 &&
2301 wps->peer_dev.model_name &&
2302 os_strcmp(wps->peer_dev.model_name, "AirPort") == 0) {
2303 wpa_printf(MSG_DEBUG, "WPS: Workaround - Force Network Key in "
2304 "PSK format");
2305 wps->use_psk_key = 1;
2306 }
2307 #endif /* WPS_WORKAROUNDS */
2308
2309 wps->state = SEND_M2;
2310 return WPS_CONTINUE;
2311 }
2312
2313
2314 static enum wps_process_res wps_process_m3(struct wps_data *wps,
2315 const struct wpabuf *msg,
2316 struct wps_parse_attr *attr)
2317 {
2318 wpa_printf(MSG_DEBUG, "WPS: Received M3");
2319
2320 if (wps->state != RECV_M3) {
2321 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
2322 "receiving M3", wps->state);
2323 wps->state = SEND_WSC_NACK;
2324 return WPS_CONTINUE;
2325 }
2326
2327 if (wps->pbc && wps->wps->registrar->force_pbc_overlap) {
2328 wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
2329 "session overlap");
2330 wps->state = SEND_WSC_NACK;
2331 wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
2332 return WPS_CONTINUE;
2333 }
2334
2335 if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
2336 wps_process_authenticator(wps, attr->authenticator, msg) ||
2337 wps_process_e_hash1(wps, attr->e_hash1) ||
2338 wps_process_e_hash2(wps, attr->e_hash2)) {
2339 wps->state = SEND_WSC_NACK;
2340 return WPS_CONTINUE;
2341 }
2342
2343 wps->state = SEND_M4;
2344 return WPS_CONTINUE;
2345 }
2346
2347
2348 static enum wps_process_res wps_process_m5(struct wps_data *wps,
2349 const struct wpabuf *msg,
2350 struct wps_parse_attr *attr)
2351 {
2352 struct wpabuf *decrypted;
2353 struct wps_parse_attr eattr;
2354
2355 wpa_printf(MSG_DEBUG, "WPS: Received M5");
2356
2357 if (wps->state != RECV_M5) {
2358 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
2359 "receiving M5", wps->state);
2360 wps->state = SEND_WSC_NACK;
2361 return WPS_CONTINUE;
2362 }
2363
2364 if (wps->pbc && wps->wps->registrar->force_pbc_overlap) {
2365 wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
2366 "session overlap");
2367 wps->state = SEND_WSC_NACK;
2368 wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
2369 return WPS_CONTINUE;
2370 }
2371
2372 if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
2373 wps_process_authenticator(wps, attr->authenticator, msg)) {
2374 wps->state = SEND_WSC_NACK;
2375 return WPS_CONTINUE;
2376 }
2377
2378 decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
2379 attr->encr_settings_len);
2380 if (decrypted == NULL) {
2381 wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
2382 "Settings attribute");
2383 wps->state = SEND_WSC_NACK;
2384 return WPS_CONTINUE;
2385 }
2386
2387 if (wps_validate_m5_encr(decrypted, attr->version2 != NULL) < 0) {
2388 wpabuf_free(decrypted);
2389 wps->state = SEND_WSC_NACK;
2390 return WPS_CONTINUE;
2391 }
2392
2393 wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
2394 "attribute");
2395 if (wps_parse_msg(decrypted, &eattr) < 0 ||
2396 wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
2397 wps_process_e_snonce1(wps, eattr.e_snonce1)) {
2398 wpabuf_free(decrypted);
2399 wps->state = SEND_WSC_NACK;
2400 return WPS_CONTINUE;
2401 }
2402 wpabuf_free(decrypted);
2403
2404 wps->state = SEND_M6;
2405 return WPS_CONTINUE;
2406 }
2407
2408
2409 static void wps_sta_cred_cb(struct wps_data *wps)
2410 {
2411 /*
2412 * Update credential to only include a single authentication and
2413 * encryption type in case the AP configuration includes more than one
2414 * option.
2415 */
2416 if (wps->cred.auth_type & WPS_AUTH_WPA2PSK)
2417 wps->cred.auth_type = WPS_AUTH_WPA2PSK;
2418 else if (wps->cred.auth_type & WPS_AUTH_WPAPSK)
2419 wps->cred.auth_type = WPS_AUTH_WPAPSK;
2420 if (wps->cred.encr_type & WPS_ENCR_AES)
2421 wps->cred.encr_type = WPS_ENCR_AES;
2422 else if (wps->cred.encr_type & WPS_ENCR_TKIP)
2423 wps->cred.encr_type = WPS_ENCR_TKIP;
2424 wpa_printf(MSG_DEBUG, "WPS: Update local configuration based on the "
2425 "AP configuration");
2426 if (wps->wps->cred_cb)
2427 wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
2428 }
2429
2430
2431 static void wps_cred_update(struct wps_credential *dst,
2432 struct wps_credential *src)
2433 {
2434 os_memcpy(dst->ssid, src->ssid, sizeof(dst->ssid));
2435 dst->ssid_len = src->ssid_len;
2436 dst->auth_type = src->auth_type;
2437 dst->encr_type = src->encr_type;
2438 dst->key_idx = src->key_idx;
2439 os_memcpy(dst->key, src->key, sizeof(dst->key));
2440 dst->key_len = src->key_len;
2441 }
2442
2443
2444 static int wps_process_ap_settings_r(struct wps_data *wps,
2445 struct wps_parse_attr *attr)
2446 {
2447 if (wps->wps->ap || wps->er)
2448 return 0;
2449
2450 /* AP Settings Attributes in M7 when Enrollee is an AP */
2451 if (wps_process_ap_settings(attr, &wps->cred) < 0)
2452 return -1;
2453
2454 wpa_printf(MSG_INFO, "WPS: Received old AP configuration from AP");
2455
2456 if (wps->new_ap_settings) {
2457 wpa_printf(MSG_INFO, "WPS: Update AP configuration based on "
2458 "new settings");
2459 wps_cred_update(&wps->cred, wps->new_ap_settings);
2460 return 0;
2461 } else {
2462 /*
2463 * Use the AP PIN only to receive the current AP settings, not
2464 * to reconfigure the AP.
2465 */
2466
2467 /*
2468 * Clear selected registrar here since we do not get to
2469 * WSC_Done in this protocol run.
2470 */
2471 wps_registrar_pin_completed(wps->wps->registrar);
2472
2473 if (wps->ap_settings_cb) {
2474 wps->ap_settings_cb(wps->ap_settings_cb_ctx,
2475 &wps->cred);
2476 return 1;
2477 }
2478 wps_sta_cred_cb(wps);
2479 return 1;
2480 }
2481 }
2482
2483
2484 static enum wps_process_res wps_process_m7(struct wps_data *wps,
2485 const struct wpabuf *msg,
2486 struct wps_parse_attr *attr)
2487 {
2488 struct wpabuf *decrypted;
2489 struct wps_parse_attr eattr;
2490
2491 wpa_printf(MSG_DEBUG, "WPS: Received M7");
2492
2493 if (wps->state != RECV_M7) {
2494 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
2495 "receiving M7", wps->state);
2496 wps->state = SEND_WSC_NACK;
2497 return WPS_CONTINUE;
2498 }
2499
2500 if (wps->pbc && wps->wps->registrar->force_pbc_overlap) {
2501 wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
2502 "session overlap");
2503 wps->state = SEND_WSC_NACK;
2504 wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
2505 return WPS_CONTINUE;
2506 }
2507
2508 if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
2509 wps_process_authenticator(wps, attr->authenticator, msg)) {
2510 wps->state = SEND_WSC_NACK;
2511 return WPS_CONTINUE;
2512 }
2513
2514 decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
2515 attr->encr_settings_len);
2516 if (decrypted == NULL) {
2517 wpa_printf(MSG_DEBUG, "WPS: Failed to decrypt Encrypted "
2518 "Settings attribute");
2519 wps->state = SEND_WSC_NACK;
2520 return WPS_CONTINUE;
2521 }
2522
2523 if (wps_validate_m7_encr(decrypted, wps->wps->ap || wps->er,
2524 attr->version2 != NULL) < 0) {
2525 wpabuf_free(decrypted);
2526 wps->state = SEND_WSC_NACK;
2527 return WPS_CONTINUE;
2528 }
2529
2530 wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
2531 "attribute");
2532 if (wps_parse_msg(decrypted, &eattr) < 0 ||
2533 wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
2534 wps_process_e_snonce2(wps, eattr.e_snonce2) ||
2535 wps_process_ap_settings_r(wps, &eattr)) {
2536 wpabuf_free(decrypted);
2537 wps->state = SEND_WSC_NACK;
2538 return WPS_CONTINUE;
2539 }
2540
2541 wpabuf_free(decrypted);
2542
2543 wps->state = SEND_M8;
2544 return WPS_CONTINUE;
2545 }
2546
2547
2548 static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
2549 const struct wpabuf *msg)
2550 {
2551 struct wps_parse_attr attr;
2552 enum wps_process_res ret = WPS_CONTINUE;
2553
2554 wpa_printf(MSG_DEBUG, "WPS: Received WSC_MSG");
2555
2556 if (wps_parse_msg(msg, &attr) < 0)
2557 return WPS_FAILURE;
2558
2559 if (attr.msg_type == NULL) {
2560 wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
2561 return WPS_FAILURE;
2562 }
2563
2564 if (*attr.msg_type != WPS_M1 &&
2565 (attr.registrar_nonce == NULL ||
2566 os_memcmp(wps->nonce_r, attr.registrar_nonce,
2567 WPS_NONCE_LEN != 0))) {
2568 wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
2569 return WPS_FAILURE;
2570 }
2571
2572 switch (*attr.msg_type) {
2573 case WPS_M1:
2574 if (wps_validate_m1(msg) < 0)
2575 return WPS_FAILURE;
2576 #ifdef CONFIG_WPS_UPNP
2577 if (wps->wps->wps_upnp && attr.mac_addr) {
2578 /* Remove old pending messages when starting new run */
2579 wps_free_pending_msgs(wps->wps->upnp_msgs);
2580 wps->wps->upnp_msgs = NULL;
2581
2582 upnp_wps_device_send_wlan_event(
2583 wps->wps->wps_upnp, attr.mac_addr,
2584 UPNP_WPS_WLANEVENT_TYPE_EAP, msg);
2585 }
2586 #endif /* CONFIG_WPS_UPNP */
2587 ret = wps_process_m1(wps, &attr);
2588 break;
2589 case WPS_M3:
2590 if (wps_validate_m3(msg) < 0)
2591 return WPS_FAILURE;
2592 ret = wps_process_m3(wps, msg, &attr);
2593 if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
2594 wps_fail_event(wps->wps, WPS_M3, wps->config_error);
2595 break;
2596 case WPS_M5:
2597 if (wps_validate_m5(msg) < 0)
2598 return WPS_FAILURE;
2599 ret = wps_process_m5(wps, msg, &attr);
2600 if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
2601 wps_fail_event(wps->wps, WPS_M5, wps->config_error);
2602 break;
2603 case WPS_M7:
2604 if (wps_validate_m7(msg) < 0)
2605 return WPS_FAILURE;
2606 ret = wps_process_m7(wps, msg, &attr);
2607 if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
2608 wps_fail_event(wps->wps, WPS_M7, wps->config_error);
2609 break;
2610 default:
2611 wpa_printf(MSG_DEBUG, "WPS: Unsupported Message Type %d",
2612 *attr.msg_type);
2613 return WPS_FAILURE;
2614 }
2615
2616 if (ret == WPS_CONTINUE) {
2617 /* Save a copy of the last message for Authenticator derivation
2618 */
2619 wpabuf_free(wps->last_msg);
2620 wps->last_msg = wpabuf_dup(msg);
2621 }
2622
2623 return ret;
2624 }
2625
2626
2627 static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps,
2628 const struct wpabuf *msg)
2629 {
2630 struct wps_parse_attr attr;
2631
2632 wpa_printf(MSG_DEBUG, "WPS: Received WSC_ACK");
2633
2634 if (wps_parse_msg(msg, &attr) < 0)
2635 return WPS_FAILURE;
2636
2637 if (attr.msg_type == NULL) {
2638 wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
2639 return WPS_FAILURE;
2640 }
2641
2642 if (*attr.msg_type != WPS_WSC_ACK) {
2643 wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
2644 *attr.msg_type);
2645 return WPS_FAILURE;
2646 }
2647
2648 #ifdef CONFIG_WPS_UPNP
2649 if (wps->wps->wps_upnp && wps->ext_reg && wps->state == RECV_M2D_ACK &&
2650 upnp_wps_subscribers(wps->wps->wps_upnp)) {
2651 if (wps->wps->upnp_msgs)
2652 return WPS_CONTINUE;
2653 wpa_printf(MSG_DEBUG, "WPS: Wait for response from an "
2654 "external Registrar");
2655 return WPS_PENDING;
2656 }
2657 #endif /* CONFIG_WPS_UPNP */
2658
2659 if (attr.registrar_nonce == NULL ||
2660 os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
2661 {
2662 wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
2663 return WPS_FAILURE;
2664 }
2665
2666 if (attr.enrollee_nonce == NULL ||
2667 os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
2668 wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
2669 return WPS_FAILURE;
2670 }
2671
2672 if (wps->state == RECV_M2D_ACK) {
2673 #ifdef CONFIG_WPS_UPNP
2674 if (wps->wps->wps_upnp &&
2675 upnp_wps_subscribers(wps->wps->wps_upnp)) {
2676 if (wps->wps->upnp_msgs)
2677 return WPS_CONTINUE;
2678 if (wps->ext_reg == 0)
2679 wps->ext_reg = 1;
2680 wpa_printf(MSG_DEBUG, "WPS: Wait for response from an "
2681 "external Registrar");
2682 return WPS_PENDING;
2683 }
2684 #endif /* CONFIG_WPS_UPNP */
2685
2686 wpa_printf(MSG_DEBUG, "WPS: No more registrars available - "
2687 "terminate negotiation");
2688 }
2689
2690 return WPS_FAILURE;
2691 }
2692
2693
2694 static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
2695 const struct wpabuf *msg)
2696 {
2697 struct wps_parse_attr attr;
2698 int old_state;
2699 u16 config_error;
2700
2701 wpa_printf(MSG_DEBUG, "WPS: Received WSC_NACK");
2702
2703 old_state = wps->state;
2704 wps->state = SEND_WSC_NACK;
2705
2706 if (wps_parse_msg(msg, &attr) < 0)
2707 return WPS_FAILURE;
2708
2709 if (attr.msg_type == NULL) {
2710 wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
2711 return WPS_FAILURE;
2712 }
2713
2714 if (*attr.msg_type != WPS_WSC_NACK) {
2715 wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
2716 *attr.msg_type);
2717 return WPS_FAILURE;
2718 }
2719
2720 #ifdef CONFIG_WPS_UPNP
2721 if (wps->wps->wps_upnp && wps->ext_reg) {
2722 wpa_printf(MSG_DEBUG, "WPS: Negotiation using external "
2723 "Registrar terminated by the Enrollee");
2724 return WPS_FAILURE;
2725 }
2726 #endif /* CONFIG_WPS_UPNP */
2727
2728 if (attr.registrar_nonce == NULL ||
2729 os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
2730 {
2731 wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
2732 return WPS_FAILURE;
2733 }
2734
2735 if (attr.enrollee_nonce == NULL ||
2736 os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
2737 wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
2738 return WPS_FAILURE;
2739 }
2740
2741 if (attr.config_error == NULL) {
2742 wpa_printf(MSG_DEBUG, "WPS: No Configuration Error attribute "
2743 "in WSC_NACK");
2744 return WPS_FAILURE;
2745 }
2746
2747 config_error = WPA_GET_BE16(attr.config_error);
2748 wpa_printf(MSG_DEBUG, "WPS: Enrollee terminated negotiation with "
2749 "Configuration Error %d", config_error);
2750
2751 switch (old_state) {
2752 case RECV_M3:
2753 wps_fail_event(wps->wps, WPS_M2, config_error);
2754 break;
2755 case RECV_M5:
2756 wps_fail_event(wps->wps, WPS_M4, config_error);
2757 break;
2758 case RECV_M7:
2759 wps_fail_event(wps->wps, WPS_M6, config_error);
2760 break;
2761 case RECV_DONE:
2762 wps_fail_event(wps->wps, WPS_M8, config_error);
2763 break;
2764 default:
2765 break;
2766 }
2767
2768 return WPS_FAILURE;
2769 }
2770
2771
2772 static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
2773 const struct wpabuf *msg)
2774 {
2775 struct wps_parse_attr attr;
2776
2777 wpa_printf(MSG_DEBUG, "WPS: Received WSC_Done");
2778
2779 if (wps->state != RECV_DONE &&
2780 (!wps->wps->wps_upnp || !wps->ext_reg)) {
2781 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
2782 "receiving WSC_Done", wps->state);
2783 return WPS_FAILURE;
2784 }
2785
2786 if (wps_parse_msg(msg, &attr) < 0)
2787 return WPS_FAILURE;
2788
2789 if (attr.msg_type == NULL) {
2790 wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
2791 return WPS_FAILURE;
2792 }
2793
2794 if (*attr.msg_type != WPS_WSC_DONE) {
2795 wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
2796 *attr.msg_type);
2797 return WPS_FAILURE;
2798 }
2799
2800 #ifdef CONFIG_WPS_UPNP
2801 if (wps->wps->wps_upnp && wps->ext_reg) {
2802 wpa_printf(MSG_DEBUG, "WPS: Negotiation using external "
2803 "Registrar completed successfully");
2804 wps_device_store(wps->wps->registrar, &wps->peer_dev,
2805 wps->uuid_e);
2806 return WPS_DONE;
2807 }
2808 #endif /* CONFIG_WPS_UPNP */
2809
2810 if (attr.registrar_nonce == NULL ||
2811 os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
2812 {
2813 wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
2814 return WPS_FAILURE;
2815 }
2816
2817 if (attr.enrollee_nonce == NULL ||
2818 os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
2819 wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
2820 return WPS_FAILURE;
2821 }
2822
2823 wpa_printf(MSG_DEBUG, "WPS: Negotiation completed successfully");
2824 wps_device_store(wps->wps->registrar, &wps->peer_dev,
2825 wps->uuid_e);
2826
2827 if (wps->wps->wps_state == WPS_STATE_NOT_CONFIGURED && wps->new_psk &&
2828 wps->wps->ap && !wps->wps->registrar->disable_auto_conf) {
2829 struct wps_credential cred;
2830
2831 wpa_printf(MSG_DEBUG, "WPS: Moving to Configured state based "
2832 "on first Enrollee connection");
2833
2834 os_memset(&cred, 0, sizeof(cred));
2835 os_memcpy(cred.ssid, wps->wps->ssid, wps->wps->ssid_len);
2836 cred.ssid_len = wps->wps->ssid_len;
2837 cred.auth_type = WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK;
2838 cred.encr_type = WPS_ENCR_TKIP | WPS_ENCR_AES;
2839 os_memcpy(cred.key, wps->new_psk, wps->new_psk_len);
2840 cred.key_len = wps->new_psk_len;
2841
2842 wps->wps->wps_state = WPS_STATE_CONFIGURED;
2843 wpa_hexdump_ascii_key(MSG_DEBUG,
2844 "WPS: Generated random passphrase",
2845 wps->new_psk, wps->new_psk_len);
2846 if (wps->wps->cred_cb)
2847 wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
2848
2849 os_free(wps->new_psk);
2850 wps->new_psk = NULL;
2851 }
2852
2853 if (!wps->wps->ap && !wps->er)
2854 wps_sta_cred_cb(wps);
2855
2856 if (wps->new_psk) {
2857 if (wps_cb_new_psk(wps->wps->registrar, wps->mac_addr_e,
2858 wps->new_psk, wps->new_psk_len)) {
2859 wpa_printf(MSG_DEBUG, "WPS: Failed to configure the "
2860 "new PSK");
2861 }
2862 os_free(wps->new_psk);
2863 wps->new_psk = NULL;
2864 }
2865
2866 wps_cb_reg_success(wps->wps->registrar, wps->mac_addr_e, wps->uuid_e);
2867
2868 if (wps->pbc) {
2869 wps_registrar_remove_pbc_session(wps->wps->registrar,
2870 wps->mac_addr_e, wps->uuid_e);
2871 wps_registrar_pbc_completed(wps->wps->registrar);
2872 } else {
2873 wps_registrar_pin_completed(wps->wps->registrar);
2874 }
2875 /* TODO: maintain AuthorizedMACs somewhere separately for each ER and
2876 * merge them into APs own list.. */
2877
2878 wps_success_event(wps->wps);
2879
2880 return WPS_DONE;
2881 }
2882
2883
2884 enum wps_process_res wps_registrar_process_msg(struct wps_data *wps,
2885 enum wsc_op_code op_code,
2886 const struct wpabuf *msg)
2887 {
2888 enum wps_process_res ret;
2889
2890 wpa_printf(MSG_DEBUG, "WPS: Processing received message (len=%lu "
2891 "op_code=%d)",
2892 (unsigned long) wpabuf_len(msg), op_code);
2893
2894 #ifdef CONFIG_WPS_UPNP
2895 if (wps->wps->wps_upnp && op_code == WSC_MSG && wps->ext_reg == 1) {
2896 struct wps_parse_attr attr;
2897 if (wps_parse_msg(msg, &attr) == 0 && attr.msg_type &&
2898 *attr.msg_type == WPS_M3)
2899 wps->ext_reg = 2; /* past M2/M2D phase */
2900 }
2901 if (wps->ext_reg > 1)
2902 wps_registrar_free_pending_m2(wps->wps);
2903 if (wps->wps->wps_upnp && wps->ext_reg &&
2904 wps->wps->upnp_msgs == NULL &&
2905 (op_code == WSC_MSG || op_code == WSC_Done || op_code == WSC_NACK))
2906 {
2907 struct wps_parse_attr attr;
2908 int type;
2909 if (wps_parse_msg(msg, &attr) < 0 || attr.msg_type == NULL)
2910 type = -1;
2911 else
2912 type = *attr.msg_type;
2913 wpa_printf(MSG_DEBUG, "WPS: Sending received message (type %d)"
2914 " to external Registrar for processing", type);
2915 upnp_wps_device_send_wlan_event(wps->wps->wps_upnp,
2916 wps->mac_addr_e,
2917 UPNP_WPS_WLANEVENT_TYPE_EAP,
2918 msg);
2919 if (op_code == WSC_MSG)
2920 return WPS_PENDING;
2921 } else if (wps->wps->wps_upnp && wps->ext_reg && op_code == WSC_MSG) {
2922 wpa_printf(MSG_DEBUG, "WPS: Skip internal processing - using "
2923 "external Registrar");
2924 return WPS_CONTINUE;
2925 }
2926 #endif /* CONFIG_WPS_UPNP */
2927
2928 switch (op_code) {
2929 case WSC_MSG:
2930 return wps_process_wsc_msg(wps, msg);
2931 case WSC_ACK:
2932 if (wps_validate_wsc_ack(msg) < 0)
2933 return WPS_FAILURE;
2934 return wps_process_wsc_ack(wps, msg);
2935 case WSC_NACK:
2936 if (wps_validate_wsc_nack(msg) < 0)
2937 return WPS_FAILURE;
2938 return wps_process_wsc_nack(wps, msg);
2939 case WSC_Done:
2940 if (wps_validate_wsc_done(msg) < 0)
2941 return WPS_FAILURE;
2942 ret = wps_process_wsc_done(wps, msg);
2943 if (ret == WPS_FAILURE) {
2944 wps->state = SEND_WSC_NACK;
2945 wps_fail_event(wps->wps, WPS_WSC_DONE,
2946 wps->config_error);
2947 }
2948 return ret;
2949 default:
2950 wpa_printf(MSG_DEBUG, "WPS: Unsupported op_code %d", op_code);
2951 return WPS_FAILURE;
2952 }
2953 }
2954
2955
2956 int wps_registrar_update_ie(struct wps_registrar *reg)
2957 {
2958 return wps_set_ie(reg);
2959 }
2960
2961
2962 static void wps_registrar_set_selected_timeout(void *eloop_ctx,
2963 void *timeout_ctx)
2964 {
2965 struct wps_registrar *reg = eloop_ctx;
2966
2967 wpa_printf(MSG_DEBUG, "WPS: Selected Registrar timeout - "
2968 "unselect internal Registrar");
2969 reg->selected_registrar = 0;
2970 reg->pbc = 0;
2971 wps_registrar_selected_registrar_changed(reg);
2972 }
2973
2974
2975 #ifdef CONFIG_WPS_UPNP
2976 static void wps_registrar_sel_reg_add(struct wps_registrar *reg,
2977 struct subscription *s)
2978 {
2979 int i, j;
2980 wpa_printf(MSG_DEBUG, "WPS: External Registrar selected (dev_pw_id=%d "
2981 "config_methods=0x%x)",
2982 s->dev_password_id, s->config_methods);
2983 reg->sel_reg_union = 1;
2984 if (reg->sel_reg_dev_password_id_override != DEV_PW_PUSHBUTTON)
2985 reg->sel_reg_dev_password_id_override = s->dev_password_id;
2986 if (reg->sel_reg_config_methods_override == -1)
2987 reg->sel_reg_config_methods_override = 0;
2988 reg->sel_reg_config_methods_override |= s->config_methods;
2989 for (i = 0; i < WPS_MAX_AUTHORIZED_MACS; i++)
2990 if (is_zero_ether_addr(reg->authorized_macs_union[i]))
2991 break;
2992 for (j = 0; i < WPS_MAX_AUTHORIZED_MACS && j < WPS_MAX_AUTHORIZED_MACS;
2993 j++) {
2994 if (is_zero_ether_addr(s->authorized_macs[j]))
2995 break;
2996 wpa_printf(MSG_DEBUG, "WPS: Add authorized MAC into union: "
2997 MACSTR, MAC2STR(s->authorized_macs[j]));
2998 os_memcpy(reg->authorized_macs_union[i],
2999 s->authorized_macs[j], ETH_ALEN);
3000 i++;
3001 }
3002 wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs union",
3003 (u8 *) reg->authorized_macs_union,
3004 sizeof(reg->authorized_macs_union));
3005 }
3006 #endif /* CONFIG_WPS_UPNP */
3007
3008
3009 static void wps_registrar_sel_reg_union(struct wps_registrar *reg)
3010 {
3011 #ifdef CONFIG_WPS_UPNP
3012 struct subscription *s;
3013
3014 if (reg->wps->wps_upnp == NULL)
3015 return;
3016
3017 dl_list_for_each(s, &reg->wps->wps_upnp->subscriptions,
3018 struct subscription, list) {
3019 struct subscr_addr *sa;
3020 sa = dl_list_first(&s->addr_list, struct subscr_addr, list);
3021 if (sa) {
3022 wpa_printf(MSG_DEBUG, "WPS: External Registrar %s:%d",
3023 inet_ntoa(sa->saddr.sin_addr),
3024 ntohs(sa->saddr.sin_port));
3025 }
3026 if (s->selected_registrar)
3027 wps_registrar_sel_reg_add(reg, s);
3028 else
3029 wpa_printf(MSG_DEBUG, "WPS: External Registrar not "
3030 "selected");
3031 }
3032 #endif /* CONFIG_WPS_UPNP */
3033 }
3034
3035
3036 /**
3037 * wps_registrar_selected_registrar_changed - SetSelectedRegistrar change
3038 * @reg: Registrar data from wps_registrar_init()
3039 *
3040 * This function is called when selected registrar state changes, e.g., when an
3041 * AP receives a SetSelectedRegistrar UPnP message.
3042 */
3043 void wps_registrar_selected_registrar_changed(struct wps_registrar *reg)
3044 {
3045 wpa_printf(MSG_DEBUG, "WPS: Selected registrar information changed");
3046
3047 reg->sel_reg_union = reg->selected_registrar;
3048 reg->sel_reg_dev_password_id_override = -1;
3049 reg->sel_reg_config_methods_override = -1;
3050 os_memcpy(reg->authorized_macs_union, reg->authorized_macs,
3051 WPS_MAX_AUTHORIZED_MACS * ETH_ALEN);
3052 wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs union (start with own)",
3053 (u8 *) reg->authorized_macs_union,
3054 sizeof(reg->authorized_macs_union));
3055 if (reg->selected_registrar) {
3056 u16 methods;
3057
3058 methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
3059 #ifdef CONFIG_WPS2
3060 methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
3061 WPS_CONFIG_PHY_PUSHBUTTON);
3062 #endif /* CONFIG_WPS2 */
3063 if (reg->pbc) {
3064 reg->sel_reg_dev_password_id_override =
3065 DEV_PW_PUSHBUTTON;
3066 wps_set_pushbutton(&methods, reg->wps->config_methods);
3067 }
3068 wpa_printf(MSG_DEBUG, "WPS: Internal Registrar selected "
3069 "(pbc=%d)", reg->pbc);
3070 reg->sel_reg_config_methods_override = methods;
3071 } else
3072 wpa_printf(MSG_DEBUG, "WPS: Internal Registrar not selected");
3073
3074 wps_registrar_sel_reg_union(reg);
3075
3076 wps_set_ie(reg);
3077 wps_cb_set_sel_reg(reg);
3078 }
3079
3080
3081 int wps_registrar_get_info(struct wps_registrar *reg, const u8 *addr,
3082 char *buf, size_t buflen)
3083 {
3084 struct wps_registrar_device *d;
3085 int len = 0, ret;
3086 char uuid[40];
3087 char devtype[WPS_DEV_TYPE_BUFSIZE];
3088
3089 d = wps_device_get(reg, addr);
3090 if (d == NULL)
3091 return 0;
3092 if (uuid_bin2str(d->uuid, uuid, sizeof(uuid)))
3093 return 0;
3094
3095 ret = os_snprintf(buf + len, buflen - len,
3096 "wpsUuid=%s\n"
3097 "wpsPrimaryDeviceType=%s\n"
3098 "wpsDeviceName=%s\n"
3099 "wpsManufacturer=%s\n"
3100 "wpsModelName=%s\n"
3101 "wpsModelNumber=%s\n"
3102 "wpsSerialNumber=%s\n",
3103 uuid,
3104 wps_dev_type_bin2str(d->dev.pri_dev_type, devtype,
3105 sizeof(devtype)),
3106 d->dev.device_name ? d->dev.device_name : "",
3107 d->dev.manufacturer ? d->dev.manufacturer : "",
3108 d->dev.model_name ? d->dev.model_name : "",
3109 d->dev.model_number ? d->dev.model_number : "",
3110 d->dev.serial_number ? d->dev.serial_number : "");
3111 if (ret < 0 || (size_t) ret >= buflen - len)
3112 return len;
3113 len += ret;
3114
3115 return len;
3116 }
3117
3118
3119 int wps_registrar_config_ap(struct wps_registrar *reg,
3120 struct wps_credential *cred)
3121 {
3122 #ifdef CONFIG_WPS2
3123 printf("encr_type=0x%x\n", cred->encr_type);
3124 if (!(cred->encr_type & (WPS_ENCR_NONE | WPS_ENCR_TKIP |
3125 WPS_ENCR_AES))) {
3126 if (cred->encr_type & WPS_ENCR_WEP) {
3127 wpa_printf(MSG_INFO, "WPS: Reject new AP settings "
3128 "due to WEP configuration");
3129 return -1;
3130 }
3131
3132 wpa_printf(MSG_INFO, "WPS: Reject new AP settings due to "
3133 "invalid encr_type 0x%x", cred->encr_type);
3134 return -1;
3135 }
3136
3137 if ((cred->encr_type & (WPS_ENCR_TKIP | WPS_ENCR_AES)) ==
3138 WPS_ENCR_TKIP) {
3139 wpa_printf(MSG_DEBUG, "WPS: Upgrade encr_type TKIP -> "
3140 "TKIP+AES");
3141 cred->encr_type |= WPS_ENCR_AES;
3142 }
3143
3144 if ((cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) ==
3145 WPS_AUTH_WPAPSK) {
3146 wpa_printf(MSG_DEBUG, "WPS: Upgrade auth_type WPAPSK -> "
3147 "WPAPSK+WPA2PSK");
3148 cred->auth_type |= WPS_AUTH_WPA2PSK;
3149 }
3150 #endif /* CONFIG_WPS2 */
3151
3152 if (reg->wps->cred_cb)
3153 return reg->wps->cred_cb(reg->wps->cb_ctx, cred);
3154
3155 return -1;
3156 }
Unnamed repository; edit this file 'description' to name the repository.