/*
* Wi-Fi Protected Setup - Registrar
- * Copyright (c) 2008-2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2008-2013, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
struct wps_nfc_pw_token {
struct dl_list list;
u8 pubkey_hash[WPS_OOB_PUBKEY_HASH_LEN];
+ unsigned int peer_pk_hash_known:1;
u16 pw_id;
u8 dev_pw[WPS_OOB_DEVICE_PASSWORD_LEN * 2 + 1];
size_t dev_pw_len;
+ int pk_hash_provided_oob; /* whether own PK hash was provided OOB */
};
#define PIN_LOCKED BIT(0)
#define PIN_EXPIRES BIT(1)
int flags;
- struct os_time expiration;
+ struct os_reltime expiration;
u8 enrollee_addr[ETH_ALEN];
};
struct wps_pbc_session *next;
u8 addr[ETH_ALEN];
u8 uuid_e[WPS_UUID_LEN];
- struct os_time timestamp;
+ struct os_reltime timestamp;
};
int pbc;
int selected_registrar;
- int (*new_psk_cb)(void *ctx, const u8 *mac_addr, const u8 *psk,
- size_t psk_len);
+ int (*new_psk_cb)(void *ctx, const u8 *mac_addr, const u8 *p2p_dev_addr,
+ const u8 *psk, size_t psk_len);
int (*set_ie_cb)(void *ctx, struct wpabuf *beacon_ie,
struct wpabuf *probe_resp_ie);
void (*pin_needed_cb)(void *ctx, const u8 *uuid_e,
int sel_reg_config_methods_override;
int static_wep_only;
int dualband;
+ int force_per_enrollee_psk;
struct wps_registrar_device *devices;
u8 p2p_dev_addr[ETH_ALEN];
u8 pbc_ignore_uuid[WPS_UUID_LEN];
- struct os_time pbc_ignore_start;
+#ifdef WPS_WORKAROUNDS
+ struct os_reltime pbc_ignore_start;
+#endif /* WPS_WORKAROUNDS */
};
const u8 *addr, const u8 *uuid_e)
{
struct wps_pbc_session *pbc, *prev = NULL;
- struct os_time now;
+ struct os_reltime now;
- os_get_time(&now);
+ os_get_reltime(&now);
pbc = reg->pbc_sessions;
while (pbc) {
pbc = pbc->next;
while (pbc) {
- if (now.sec > pbc->timestamp.sec + WPS_PBC_WALK_TIME) {
+ if (os_reltime_expired(&now, &pbc->timestamp,
+ WPS_PBC_WALK_TIME)) {
prev->next = NULL;
wps_free_pbc_sessions(pbc);
break;
int count = 0;
struct wps_pbc_session *pbc;
struct wps_pbc_session *first = NULL;
- struct os_time now;
+ struct os_reltime now;
- os_get_time(&now);
+ os_get_reltime(&now);
wpa_printf(MSG_DEBUG, "WPS: Checking active PBC sessions for overlap");
MAC2STR(pbc->addr));
wpa_hexdump(MSG_DEBUG, "WPS: UUID-E",
pbc->uuid_e, WPS_UUID_LEN);
- if (now.sec > pbc->timestamp.sec + WPS_PBC_WALK_TIME) {
- wpa_printf(MSG_DEBUG, "WPS: PBC walk time has "
- "expired");
+ if (os_reltime_expired(&now, &pbc->timestamp,
+ WPS_PBC_WALK_TIME)) {
+ wpa_printf(MSG_DEBUG, "WPS: PBC walk time has expired");
break;
}
if (first &&
reg->sel_reg_config_methods_override = -1;
reg->static_wep_only = cfg->static_wep_only;
reg->dualband = cfg->dualband;
+ reg->force_per_enrollee_psk = cfg->force_per_enrollee_psk;
if (wps_set_ie(reg)) {
wps_registrar_deinit(reg);
if (timeout) {
p->flags |= PIN_EXPIRES;
- os_get_time(&p->expiration);
+ os_get_reltime(&p->expiration);
p->expiration.sec += timeout;
}
else
wps_registrar_add_authorized_mac(
reg, (u8 *) "\xff\xff\xff\xff\xff\xff");
- wps_registrar_selected_registrar_changed(reg);
+ wps_registrar_selected_registrar_changed(reg, 0);
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
eloop_register_timeout(WPS_PBC_WALK_TIME, 0,
wps_registrar_set_selected_timeout,
addr = pin->enrollee_addr;
wps_registrar_remove_authorized_mac(reg, addr);
wps_remove_pin(pin);
- wps_registrar_selected_registrar_changed(reg);
+ wps_registrar_selected_registrar_changed(reg, 0);
}
static void wps_registrar_expire_pins(struct wps_registrar *reg)
{
struct wps_uuid_pin *pin, *prev;
- struct os_time now;
+ struct os_reltime now;
- os_get_time(&now);
+ os_get_reltime(&now);
dl_list_for_each_safe(pin, prev, ®->pins, struct wps_uuid_pin, list)
{
if ((pin->flags & PIN_EXPIRES) &&
- os_time_before(&pin->expiration, &now)) {
+ os_reltime_before(&pin->expiration, &now)) {
wpa_hexdump(MSG_DEBUG, "WPS: Expired PIN for UUID",
pin->uuid, WPS_UUID_LEN);
wps_registrar_remove_pin(reg, pin);
os_memset(reg->p2p_dev_addr, 0, ETH_ALEN);
wps_registrar_remove_authorized_mac(reg,
(u8 *) "\xff\xff\xff\xff\xff\xff");
- wps_registrar_selected_registrar_changed(reg);
+ wps_registrar_selected_registrar_changed(reg, 0);
}
os_memset(reg->p2p_dev_addr, 0, ETH_ALEN);
wps_registrar_add_authorized_mac(reg,
(u8 *) "\xff\xff\xff\xff\xff\xff");
- wps_registrar_selected_registrar_changed(reg);
+ wps_registrar_selected_registrar_changed(reg, 0);
+ wps_pbc_active_event(reg->wps);
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wps_registrar_pbc_timeout,
wpa_printf(MSG_DEBUG, "WPS: PBC completed - stopping PBC mode");
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
wps_registrar_stop_pbc(reg);
+ wps_pbc_disable_event(reg->wps);
}
wpa_printf(MSG_DEBUG, "WPS: PIN completed using internal Registrar");
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
reg->selected_registrar = 0;
- wps_registrar_selected_registrar_changed(reg);
+ wps_registrar_selected_registrar_changed(reg, 0);
}
wps_registrar_remove_pbc_session(registrar,
uuid_e, NULL);
wps_registrar_pbc_completed(registrar);
- os_get_time(®istrar->pbc_ignore_start);
+#ifdef WPS_WORKAROUNDS
+ os_get_reltime(®istrar->pbc_ignore_start);
+#endif /* WPS_WORKAROUNDS */
os_memcpy(registrar->pbc_ignore_uuid, uuid_e, WPS_UUID_LEN);
} else {
wps_registrar_pin_completed(registrar);
#ifdef WPS_WORKAROUNDS
if (reg->pbc_ignore_start.sec &&
os_memcmp(attr.uuid_e, reg->pbc_ignore_uuid, WPS_UUID_LEN) == 0) {
- struct os_time now, dur;
- os_get_time(&now);
- os_time_sub(&now, ®->pbc_ignore_start, &dur);
+ struct os_reltime now, dur;
+ os_get_reltime(&now);
+ os_reltime_sub(&now, ®->pbc_ignore_start, &dur);
if (dur.sec >= 0 && dur.sec < 5) {
wpa_printf(MSG_DEBUG, "WPS: Ignore PBC activation "
"based on Probe Request from the Enrollee "
static int wps_cb_new_psk(struct wps_registrar *reg, const u8 *mac_addr,
- const u8 *psk, size_t psk_len)
+ const u8 *p2p_dev_addr, const u8 *psk, size_t psk_len)
{
if (reg->new_psk_cb == NULL)
return 0;
- return reg->new_psk_cb(reg->cb_ctx, mac_addr, psk, psk_len);
+ return reg->new_psk_cb(reg->cb_ctx, mac_addr, p2p_dev_addr, psk,
+ psk_len);
}
wps_build_sel_reg_dev_password_id(reg, beacon) ||
wps_build_sel_reg_config_methods(reg, beacon) ||
wps_build_sel_pbc_reg_uuid_e(reg, beacon) ||
- (reg->dualband && wps_build_rf_bands(®->wps->dev, beacon)) ||
+ (reg->dualband && wps_build_rf_bands(®->wps->dev, beacon, 0)) ||
wps_build_wfa_ext(beacon, 0, auth_macs, count) ||
wps_build_vendor_ext(®->wps->dev, beacon)) {
wpabuf_free(beacon);
wps_build_uuid_e(probe, reg->wps->uuid) ||
wps_build_device_attrs(®->wps->dev, probe) ||
wps_build_probe_config_methods(reg, probe) ||
- (reg->dualband && wps_build_rf_bands(®->wps->dev, probe)) ||
+ (reg->dualband && wps_build_rf_bands(®->wps->dev, probe, 0)) ||
wps_build_wfa_ext(probe, 0, auth_macs, count) ||
wps_build_vendor_ext(®->wps->dev, probe)) {
wpabuf_free(beacon);
pin_len = 8;
#ifdef CONFIG_WPS_NFC
} else if (wps->nfc_pw_token) {
+ if (wps->nfc_pw_token->pw_id == DEV_PW_NFC_CONNECTION_HANDOVER)
+ {
+ wpa_printf(MSG_DEBUG, "WPS: Using NFC connection "
+ "handover and abbreviated WPS handshake "
+ "without Device Password");
+ return 0;
+ }
wpa_printf(MSG_DEBUG, "WPS: Use OOB Device Password from NFC "
"Password Token");
pin = wps->nfc_pw_token->dev_pw;
}
if (pin == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Device Password available for "
- "the Enrollee");
+ "the Enrollee (context %p registrar %p)",
+ wps->wps, wps->wps->registrar);
wps_cb_pin_needed(wps->wps->registrar, wps->uuid_e,
&wps->peer_dev);
return -1;
}
-static int wps_build_cred_mac_addr(struct wpabuf *msg,
- const struct wps_credential *cred)
-{
- wpa_printf(MSG_DEBUG, "WPS: * MAC Address (" MACSTR ")",
- MAC2STR(cred->mac_addr));
- wpabuf_put_be16(msg, ATTR_MAC_ADDR);
- wpabuf_put_be16(msg, ETH_ALEN);
- wpabuf_put_data(msg, cred->mac_addr, ETH_ALEN);
- return 0;
-}
-
-
static int wps_build_credential(struct wpabuf *msg,
const struct wps_credential *cred)
{
wps_build_cred_auth_type(msg, cred) ||
wps_build_cred_encr_type(msg, cred) ||
wps_build_cred_network_key(msg, cred) ||
- wps_build_cred_mac_addr(msg, cred))
+ wps_build_mac_addr(msg, cred->mac_addr))
return -1;
return 0;
}
wps->new_psk, wps->new_psk_len);
os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);
wps->cred.key_len = wps->new_psk_len;
- } else if (wps->use_psk_key && wps->wps->psk_set) {
+ } else if (!wps->wps->registrar->force_per_enrollee_psk &&
+ wps->use_psk_key && wps->wps->psk_set) {
char hex[65];
wpa_printf(MSG_DEBUG, "WPS: Use PSK format for Network Key");
wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, 32);
os_memcpy(wps->cred.key, hex, 32 * 2);
wps->cred.key_len = 32 * 2;
- } else if (wps->wps->network_key) {
+ } else if (!wps->wps->registrar->force_per_enrollee_psk &&
+ wps->wps->network_key) {
os_memcpy(wps->cred.key, wps->wps->network_key,
wps->wps->network_key_len);
wps->cred.key_len = wps->wps->network_key_len;
static struct wpabuf * wps_build_m2(struct wps_data *wps)
{
struct wpabuf *msg;
+ int config_in_m2 = 0;
if (random_get_bytes(wps->nonce_r, WPS_NONCE_LEN) < 0)
return NULL;
wps_build_conn_type_flags(wps, msg) ||
wps_build_config_methods_r(wps->wps->registrar, msg) ||
wps_build_device_attrs(&wps->wps->dev, msg) ||
- wps_build_rf_bands(&wps->wps->dev, msg) ||
+ wps_build_rf_bands(&wps->wps->dev, msg,
+ wps->wps->rf_band_cb(wps->wps->cb_ctx)) ||
wps_build_assoc_state(wps, msg) ||
wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
wps_build_dev_password_id(msg, wps->dev_pw_id) ||
wps_build_os_version(&wps->wps->dev, msg) ||
- wps_build_wfa_ext(msg, 0, NULL, 0) ||
- wps_build_authenticator(wps, msg)) {
+ wps_build_wfa_ext(msg, 0, NULL, 0)) {
+ wpabuf_free(msg);
+ return NULL;
+ }
+
+#ifdef CONFIG_WPS_NFC
+ if (wps->nfc_pw_token && wps->nfc_pw_token->pk_hash_provided_oob &&
+ wps->nfc_pw_token->pw_id == DEV_PW_NFC_CONNECTION_HANDOVER) {
+ /*
+ * Use abbreviated handshake since public key hash allowed
+ * Enrollee to validate our public key similarly to how Enrollee
+ * public key was validated. There is no need to validate Device
+ * Password in this case.
+ */
+ struct wpabuf *plain = wpabuf_alloc(500);
+ if (plain == NULL ||
+ wps_build_cred(wps, plain) ||
+ wps_build_key_wrap_auth(wps, plain) ||
+ wps_build_encr_settings(wps, msg, plain)) {
+ wpabuf_free(msg);
+ wpabuf_free(plain);
+ return NULL;
+ }
+ wpabuf_free(plain);
+ config_in_m2 = 1;
+ }
+#endif /* CONFIG_WPS_NFC */
+
+ if (wps_build_authenticator(wps, msg)) {
wpabuf_free(msg);
return NULL;
}
wps->int_reg = 1;
- wps->state = RECV_M3;
+ wps->state = config_in_m2 ? RECV_DONE : RECV_M3;
return msg;
}
wps_build_conn_type_flags(wps, msg) ||
wps_build_config_methods_r(wps->wps->registrar, msg) ||
wps_build_device_attrs(&wps->wps->dev, msg) ||
- wps_build_rf_bands(&wps->wps->dev, msg) ||
+ wps_build_rf_bands(&wps->wps->dev, msg,
+ wps->wps->rf_band_cb(wps->wps->cb_ctx)) ||
wps_build_assoc_state(wps, msg) ||
wps_build_config_error(msg, err) ||
wps_build_os_version(&wps->wps->dev, msg) ||
wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does "
"not match with the pre-committed value");
wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
- wps_pwd_auth_fail_event(wps->wps, 0, 1);
+ wps_pwd_auth_fail_event(wps->wps, 0, 1, wps->mac_addr_e);
return -1;
}
"not match with the pre-committed value");
wps_registrar_invalidate_pin(wps->wps->registrar, wps->uuid_e);
wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
- wps_pwd_auth_fail_event(wps->wps, 0, 2);
+ wps_pwd_auth_fail_event(wps->wps, 0, 2, wps->mac_addr_e);
return -1;
}
wps->dev_pw_id != DEV_PW_USER_SPECIFIED &&
wps->dev_pw_id != DEV_PW_MACHINE_SPECIFIED &&
wps->dev_pw_id != DEV_PW_REGISTRAR_SPECIFIED &&
+#ifdef CONFIG_WPS_NFC
+ wps->dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER &&
+#endif /* CONFIG_WPS_NFC */
(wps->dev_pw_id != DEV_PW_PUSHBUTTON ||
!wps->wps->registrar->pbc)) {
wpa_printf(MSG_DEBUG, "WPS: Unsupported Device Password ID %d",
}
#ifdef CONFIG_WPS_NFC
- if (wps->dev_pw_id >= 0x10) {
+ if (wps->dev_pw_id >= 0x10 ||
+ wps->dev_pw_id == DEV_PW_NFC_CONNECTION_HANDOVER) {
struct wps_nfc_pw_token *token;
const u8 *addr[1];
u8 hash[WPS_HASH_LEN];
+ wpa_printf(MSG_DEBUG, "WPS: Searching for NFC token match for id=%d (ctx %p registrar %p)",
+ wps->dev_pw_id, wps->wps, wps->wps->registrar);
token = wps_get_nfc_pw_token(
&wps->wps->registrar->nfc_pw_tokens, wps->dev_pw_id);
- if (token) {
+ if (token && token->peer_pk_hash_known) {
wpa_printf(MSG_DEBUG, "WPS: Found matching NFC "
"Password Token");
dl_list_del(&token->list);
WPS_OOB_PUBKEY_HASH_LEN) != 0) {
wpa_printf(MSG_ERROR, "WPS: Public Key hash "
"mismatch");
- return WPS_FAILURE;
+ wps->state = SEND_M2D;
+ wps->config_error =
+ WPS_CFG_PUBLIC_KEY_HASH_MISMATCH;
+ return WPS_CONTINUE;
}
+ } else if (token) {
+ wpa_printf(MSG_DEBUG, "WPS: Found matching NFC "
+ "Password Token (no peer PK hash)");
+ wps->nfc_pw_token = token;
}
}
#endif /* CONFIG_WPS_NFC */
wps_pbc_overlap_event(wps->wps);
wps_fail_event(wps->wps, WPS_M1,
WPS_CFG_MULTIPLE_PBC_DETECTED,
- WPS_EI_NO_ERROR);
+ WPS_EI_NO_ERROR, wps->mac_addr_e);
wps->wps->registrar->force_pbc_overlap = 1;
return WPS_CONTINUE;
}
ret = wps_process_m3(wps, msg, &attr);
if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
wps_fail_event(wps->wps, WPS_M3, wps->config_error,
- wps->error_indication);
+ wps->error_indication, wps->mac_addr_e);
break;
case WPS_M5:
if (wps_validate_m5(msg) < 0)
ret = wps_process_m5(wps, msg, &attr);
if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
wps_fail_event(wps->wps, WPS_M5, wps->config_error,
- wps->error_indication);
+ wps->error_indication, wps->mac_addr_e);
break;
case WPS_M7:
if (wps_validate_m7(msg) < 0)
ret = wps_process_m7(wps, msg, &attr);
if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
wps_fail_event(wps->wps, WPS_M7, wps->config_error,
- wps->error_indication);
+ wps->error_indication, wps->mac_addr_e);
break;
default:
wpa_printf(MSG_DEBUG, "WPS: Unsupported Message Type %d",
switch (old_state) {
case RECV_M3:
wps_fail_event(wps->wps, WPS_M2, config_error,
- wps->error_indication);
+ wps->error_indication, wps->mac_addr_e);
break;
case RECV_M5:
wps_fail_event(wps->wps, WPS_M4, config_error,
- wps->error_indication);
+ wps->error_indication, wps->mac_addr_e);
break;
case RECV_M7:
wps_fail_event(wps->wps, WPS_M6, config_error,
- wps->error_indication);
+ wps->error_indication, wps->mac_addr_e);
break;
case RECV_DONE:
wps_fail_event(wps->wps, WPS_M8, config_error,
- wps->error_indication);
+ wps->error_indication, wps->mac_addr_e);
break;
default:
break;
if (wps->new_psk) {
if (wps_cb_new_psk(wps->wps->registrar, wps->mac_addr_e,
- wps->new_psk, wps->new_psk_len)) {
+ wps->p2p_dev_addr, wps->new_psk,
+ wps->new_psk_len)) {
wpa_printf(MSG_DEBUG, "WPS: Failed to configure the "
"new PSK");
}
wps->uuid_e,
wps->p2p_dev_addr);
wps_registrar_pbc_completed(wps->wps->registrar);
- os_get_time(&wps->wps->registrar->pbc_ignore_start);
+#ifdef WPS_WORKAROUNDS
+ os_get_reltime(&wps->wps->registrar->pbc_ignore_start);
+#endif /* WPS_WORKAROUNDS */
os_memcpy(wps->wps->registrar->pbc_ignore_uuid, wps->uuid_e,
WPS_UUID_LEN);
} else {
/* TODO: maintain AuthorizedMACs somewhere separately for each ER and
* merge them into APs own list.. */
- wps_success_event(wps->wps);
+ wps_success_event(wps->wps, wps->mac_addr_e);
return WPS_DONE;
}
wps->state = SEND_WSC_NACK;
wps_fail_event(wps->wps, WPS_WSC_DONE,
wps->config_error,
- wps->error_indication);
+ wps->error_indication, wps->mac_addr_e);
}
return ret;
default:
"unselect internal Registrar");
reg->selected_registrar = 0;
reg->pbc = 0;
- wps_registrar_selected_registrar_changed(reg);
+ wps_registrar_selected_registrar_changed(reg, 0);
}
* This function is called when selected registrar state changes, e.g., when an
* AP receives a SetSelectedRegistrar UPnP message.
*/
-void wps_registrar_selected_registrar_changed(struct wps_registrar *reg)
+void wps_registrar_selected_registrar_changed(struct wps_registrar *reg,
+ u16 dev_pw_id)
{
wpa_printf(MSG_DEBUG, "WPS: Selected registrar information changed");
reg->sel_reg_dev_password_id_override =
DEV_PW_PUSHBUTTON;
wps_set_pushbutton(&methods, reg->wps->config_methods);
- }
+ } else if (dev_pw_id)
+ reg->sel_reg_dev_password_id_override = dev_pw_id;
wpa_printf(MSG_DEBUG, "WPS: Internal Registrar selected "
"(pbc=%d)", reg->pbc);
reg->sel_reg_config_methods_override = methods;
struct wps_credential *cred)
{
#ifdef CONFIG_WPS2
- printf("encr_type=0x%x\n", cred->encr_type);
+ wpa_printf(MSG_DEBUG, "WPS: encr_type=0x%x", cred->encr_type);
if (!(cred->encr_type & (WPS_ENCR_NONE | WPS_ENCR_TKIP |
WPS_ENCR_AES))) {
if (cred->encr_type & WPS_ENCR_WEP) {
int wps_registrar_add_nfc_pw_token(struct wps_registrar *reg,
const u8 *pubkey_hash, u16 pw_id,
- const u8 *dev_pw, size_t dev_pw_len)
+ const u8 *dev_pw, size_t dev_pw_len,
+ int pk_hash_provided_oob)
{
struct wps_nfc_pw_token *token;
if (dev_pw_len > WPS_OOB_DEVICE_PASSWORD_LEN)
return -1;
+ if (pw_id == DEV_PW_NFC_CONNECTION_HANDOVER &&
+ (pubkey_hash == NULL || !pk_hash_provided_oob)) {
+ wpa_printf(MSG_DEBUG, "WPS: Unexpected NFC Password Token "
+ "addition - missing public key hash");
+ return -1;
+ }
+
wps_free_nfc_pw_tokens(®->nfc_pw_tokens, pw_id);
token = os_zalloc(sizeof(*token));
if (token == NULL)
return -1;
- os_memcpy(token->pubkey_hash, pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN);
+ token->peer_pk_hash_known = pubkey_hash != NULL;
+ if (pubkey_hash)
+ os_memcpy(token->pubkey_hash, pubkey_hash,
+ WPS_OOB_PUBKEY_HASH_LEN);
token->pw_id = pw_id;
- wpa_snprintf_hex_uppercase((char *) token->dev_pw,
- sizeof(token->dev_pw),
- dev_pw, dev_pw_len);
- token->dev_pw_len = dev_pw_len * 2;
+ token->pk_hash_provided_oob = pk_hash_provided_oob;
+ if (dev_pw) {
+ wpa_snprintf_hex_uppercase((char *) token->dev_pw,
+ sizeof(token->dev_pw),
+ dev_pw, dev_pw_len);
+ token->dev_pw_len = dev_pw_len * 2;
+ }
dl_list_add(®->nfc_pw_tokens, &token->list);
reg->pbc = 0;
wps_registrar_add_authorized_mac(reg,
(u8 *) "\xff\xff\xff\xff\xff\xff");
- wps_registrar_selected_registrar_changed(reg);
+ wps_registrar_selected_registrar_changed(reg, pw_id);
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
eloop_register_timeout(WPS_PBC_WALK_TIME, 0,
wps_registrar_set_selected_timeout,
reg, NULL);
+ wpa_printf(MSG_DEBUG, "WPS: Added NFC Device Password %u to Registrar",
+ pw_id);
+
return 0;
}
u16 id;
size_t dev_pw_len;
- if (oob_dev_pw_len < WPS_OOB_PUBKEY_HASH_LEN + 2 +
- WPS_OOB_DEVICE_PASSWORD_MIN_LEN ||
+ if (oob_dev_pw_len < WPS_OOB_PUBKEY_HASH_LEN + 2 ||
oob_dev_pw_len > WPS_OOB_PUBKEY_HASH_LEN + 2 +
WPS_OOB_DEVICE_PASSWORD_LEN)
return -1;
wpa_hexdump_key(MSG_DEBUG, "WPS: Device Password", dev_pw, dev_pw_len);
return wps_registrar_add_nfc_pw_token(reg, hash, id, dev_pw,
- dev_pw_len);
+ dev_pw_len, 0);
}
{
wps_registrar_remove_authorized_mac(reg,
(u8 *) "\xff\xff\xff\xff\xff\xff");
- wps_registrar_selected_registrar_changed(reg);
+ wps_registrar_selected_registrar_changed(reg, 0);
+
+ /*
+ * Free the NFC password token if it was used only for a single protocol
+ * run. The static handover case uses the same password token multiple
+ * times, so do not free that case here.
+ */
+ if (token->peer_pk_hash_known)
+ os_free(token);
}
#endif /* CONFIG_WPS_NFC */