]>
Commit | Line | Data |
---|---|---|
fa201b69 JM |
1 | /* |
2 | * wpa_supplicant / WPS integration | |
6fa81a3b | 3 | * Copyright (c) 2008-2010, Jouni Malinen <j@w1.fi> |
fa201b69 JM |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License version 2 as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * Alternatively, this software may be distributed under the terms of BSD | |
10 | * license. | |
11 | * | |
12 | * See README and COPYING for more details. | |
13 | */ | |
14 | ||
15 | #include "includes.h" | |
16 | ||
17 | #include "common.h" | |
03da66bd JM |
18 | #include "eloop.h" |
19 | #include "uuid.h" | |
20 | #include "crypto/dh_group5.h" | |
90973fb2 JM |
21 | #include "common/ieee802_11_defs.h" |
22 | #include "common/ieee802_11_common.h" | |
23 | #include "common/wpa_common.h" | |
03da66bd JM |
24 | #include "common/wpa_ctrl.h" |
25 | #include "eap_common/eap_wsc_common.h" | |
b01c18a8 | 26 | #include "eap_peer/eap.h" |
20a0b03d | 27 | #include "eapol_supp/eapol_supp_sm.h" |
03da66bd JM |
28 | #include "rsn_supp/wpa.h" |
29 | #include "config.h" | |
fa201b69 | 30 | #include "wpa_supplicant_i.h" |
2d5b792d | 31 | #include "driver_i.h" |
8bac466b | 32 | #include "notify.h" |
a6099152 | 33 | #include "blacklist.h" |
59f2caa9 | 34 | #include "bss.h" |
9ba9fa07 | 35 | #include "scan.h" |
2f9929ff | 36 | #include "ap.h" |
e9a7ae41 | 37 | #include "p2p/p2p.h" |
b22128ef | 38 | #include "p2p_supplicant.h" |
fa201b69 JM |
39 | #include "wps_supplicant.h" |
40 | ||
f7e54365 | 41 | |
31fcea93 | 42 | #ifndef WPS_PIN_SCAN_IGNORE_SEL_REG |
a6099152 | 43 | #define WPS_PIN_SCAN_IGNORE_SEL_REG 3 |
31fcea93 | 44 | #endif /* WPS_PIN_SCAN_IGNORE_SEL_REG */ |
fa201b69 | 45 | |
fcc60db4 | 46 | static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx); |
469fc3a4 | 47 | static void wpas_clear_wps(struct wpa_supplicant *wpa_s); |
fcc60db4 JM |
48 | |
49 | ||
fa201b69 JM |
50 | int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s) |
51 | { | |
a6099152 JM |
52 | if (!wpa_s->wps_success && |
53 | wpa_s->current_ssid && | |
54 | eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) { | |
55 | const u8 *bssid = wpa_s->bssid; | |
56 | if (is_zero_ether_addr(bssid)) | |
57 | bssid = wpa_s->pending_bssid; | |
58 | ||
59 | wpa_printf(MSG_DEBUG, "WPS: PIN registration with " MACSTR | |
60 | " did not succeed - continue trying to find " | |
61 | "suitable AP", MAC2STR(bssid)); | |
62 | wpa_blacklist_add(wpa_s, bssid); | |
63 | ||
64 | wpa_supplicant_deauthenticate(wpa_s, | |
65 | WLAN_REASON_DEAUTH_LEAVING); | |
66 | wpa_s->reassociate = 1; | |
67 | wpa_supplicant_req_scan(wpa_s, | |
68 | wpa_s->blacklist_cleared ? 5 : 0, 0); | |
69 | wpa_s->blacklist_cleared = 0; | |
70 | return 1; | |
71 | } | |
72 | ||
fcc60db4 | 73 | eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL); |
449adbac CWY |
74 | if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && !wpa_s->wps_success) |
75 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_FAIL); | |
fcc60db4 | 76 | |
fa201b69 JM |
77 | if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid && |
78 | !(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { | |
f981eabc | 79 | int disabled = wpa_s->current_ssid->disabled; |
fa201b69 JM |
80 | wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - " |
81 | "try to associate with the received credential"); | |
82 | wpa_supplicant_deauthenticate(wpa_s, | |
83 | WLAN_REASON_DEAUTH_LEAVING); | |
f981eabc JM |
84 | if (disabled) { |
85 | wpa_printf(MSG_DEBUG, "WPS: Current network is " | |
86 | "disabled - wait for user to enable"); | |
87 | return 1; | |
88 | } | |
17a4734d JM |
89 | wpa_s->after_wps = 5; |
90 | wpa_s->wps_freq = wpa_s->assoc_freq; | |
fa201b69 JM |
91 | wpa_s->reassociate = 1; |
92 | wpa_supplicant_req_scan(wpa_s, 0, 0); | |
93 | return 1; | |
94 | } | |
95 | ||
47662164 JM |
96 | if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid) { |
97 | wpa_printf(MSG_DEBUG, "WPS: Registration completed - waiting " | |
98 | "for external credential processing"); | |
99 | wpas_clear_wps(wpa_s); | |
100 | wpa_supplicant_deauthenticate(wpa_s, | |
101 | WLAN_REASON_DEAUTH_LEAVING); | |
102 | return 1; | |
103 | } | |
104 | ||
fa201b69 JM |
105 | return 0; |
106 | } | |
107 | ||
108 | ||
7cc1b6c9 JM |
109 | static void wpas_wps_security_workaround(struct wpa_supplicant *wpa_s, |
110 | struct wpa_ssid *ssid, | |
111 | const struct wps_credential *cred) | |
112 | { | |
113 | struct wpa_driver_capa capa; | |
59f2caa9 | 114 | struct wpa_bss *bss; |
7cc1b6c9 JM |
115 | const u8 *ie; |
116 | struct wpa_ie_data adv; | |
117 | int wpa2 = 0, ccmp = 0; | |
118 | ||
119 | /* | |
120 | * Many existing WPS APs do not know how to negotiate WPA2 or CCMP in | |
121 | * case they are configured for mixed mode operation (WPA+WPA2 and | |
122 | * TKIP+CCMP). Try to use scan results to figure out whether the AP | |
123 | * actually supports stronger security and select that if the client | |
124 | * has support for it, too. | |
125 | */ | |
126 | ||
127 | if (wpa_drv_get_capa(wpa_s, &capa)) | |
128 | return; /* Unknown what driver supports */ | |
129 | ||
d87e90b6 JM |
130 | if (ssid->ssid == NULL) |
131 | return; | |
59f2caa9 JM |
132 | bss = wpa_bss_get(wpa_s, cred->mac_addr, ssid->ssid, ssid->ssid_len); |
133 | if (bss == NULL) { | |
134 | wpa_printf(MSG_DEBUG, "WPS: The AP was not found from BSS " | |
135 | "table - use credential as-is"); | |
7cc1b6c9 JM |
136 | return; |
137 | } | |
138 | ||
59f2caa9 JM |
139 | wpa_printf(MSG_DEBUG, "WPS: AP found from BSS table"); |
140 | ||
141 | ie = wpa_bss_get_ie(bss, WLAN_EID_RSN); | |
7cc1b6c9 JM |
142 | if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0) { |
143 | wpa2 = 1; | |
144 | if (adv.pairwise_cipher & WPA_CIPHER_CCMP) | |
145 | ccmp = 1; | |
146 | } else { | |
59f2caa9 | 147 | ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); |
7cc1b6c9 JM |
148 | if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0 && |
149 | adv.pairwise_cipher & WPA_CIPHER_CCMP) | |
150 | ccmp = 1; | |
151 | } | |
152 | ||
153 | if (ie == NULL && (ssid->proto & WPA_PROTO_WPA) && | |
154 | (ssid->pairwise_cipher & WPA_CIPHER_TKIP)) { | |
155 | /* | |
156 | * TODO: This could be the initial AP configuration and the | |
157 | * Beacon contents could change shortly. Should request a new | |
158 | * scan and delay addition of the network until the updated | |
159 | * scan results are available. | |
160 | */ | |
161 | wpa_printf(MSG_DEBUG, "WPS: The AP did not yet advertise WPA " | |
162 | "support - use credential as-is"); | |
163 | return; | |
164 | } | |
165 | ||
166 | if (ccmp && !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) && | |
167 | (ssid->pairwise_cipher & WPA_CIPHER_TKIP) && | |
168 | (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) { | |
169 | wpa_printf(MSG_DEBUG, "WPS: Add CCMP into the credential " | |
170 | "based on scan results"); | |
171 | if (wpa_s->conf->ap_scan == 1) | |
172 | ssid->pairwise_cipher |= WPA_CIPHER_CCMP; | |
173 | else | |
174 | ssid->pairwise_cipher = WPA_CIPHER_CCMP; | |
175 | } | |
176 | ||
177 | if (wpa2 && !(ssid->proto & WPA_PROTO_RSN) && | |
178 | (ssid->proto & WPA_PROTO_WPA) && | |
179 | (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP)) { | |
180 | wpa_printf(MSG_DEBUG, "WPS: Add WPA2 into the credential " | |
181 | "based on scan results"); | |
182 | if (wpa_s->conf->ap_scan == 1) | |
183 | ssid->proto |= WPA_PROTO_RSN; | |
184 | else | |
185 | ssid->proto = WPA_PROTO_RSN; | |
186 | } | |
187 | } | |
188 | ||
189 | ||
bcbbc7af JM |
190 | static int wpa_supplicant_wps_cred(void *ctx, |
191 | const struct wps_credential *cred) | |
fa201b69 JM |
192 | { |
193 | struct wpa_supplicant *wpa_s = ctx; | |
194 | struct wpa_ssid *ssid = wpa_s->current_ssid; | |
522b5b6e | 195 | u8 key_idx = 0; |
49eba5f8 | 196 | u16 auth_type; |
f981eabc | 197 | int registrar = 0; |
fa201b69 | 198 | |
47662164 JM |
199 | if ((wpa_s->conf->wps_cred_processing == 1 || |
200 | wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) { | |
201 | size_t blen = cred->cred_attr_len * 2 + 1; | |
202 | char *buf = os_malloc(blen); | |
203 | if (buf) { | |
204 | wpa_snprintf_hex(buf, blen, | |
205 | cred->cred_attr, cred->cred_attr_len); | |
206 | wpa_msg(wpa_s, MSG_INFO, "%s%s", | |
207 | WPS_EVENT_CRED_RECEIVED, buf); | |
208 | os_free(buf); | |
209 | } | |
8bac466b JM |
210 | |
211 | wpas_notify_wps_credential(wpa_s, cred); | |
47662164 JM |
212 | } else |
213 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CRED_RECEIVED); | |
fa201b69 | 214 | |
eca6e0a9 JM |
215 | wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute", |
216 | cred->cred_attr, cred->cred_attr_len); | |
217 | ||
47662164 JM |
218 | if (wpa_s->conf->wps_cred_processing == 1) |
219 | return 0; | |
220 | ||
73267b9c JM |
221 | wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len); |
222 | wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x", | |
223 | cred->auth_type); | |
224 | wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type); | |
225 | wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx); | |
226 | wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", | |
227 | cred->key, cred->key_len); | |
228 | wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR, | |
229 | MAC2STR(cred->mac_addr)); | |
230 | ||
49eba5f8 JM |
231 | auth_type = cred->auth_type; |
232 | if (auth_type == (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) { | |
233 | wpa_printf(MSG_DEBUG, "WPS: Workaround - convert mixed-mode " | |
234 | "auth_type into WPA2PSK"); | |
235 | auth_type = WPS_AUTH_WPA2PSK; | |
236 | } | |
237 | ||
238 | if (auth_type != WPS_AUTH_OPEN && | |
239 | auth_type != WPS_AUTH_SHARED && | |
240 | auth_type != WPS_AUTH_WPAPSK && | |
241 | auth_type != WPS_AUTH_WPA2PSK) { | |
f286077d | 242 | wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for " |
49eba5f8 JM |
243 | "unsupported authentication type 0x%x", |
244 | auth_type); | |
f286077d JM |
245 | return 0; |
246 | } | |
247 | ||
fa201b69 JM |
248 | if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { |
249 | wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based " | |
250 | "on the received credential"); | |
f981eabc JM |
251 | if (ssid->eap.identity && |
252 | ssid->eap.identity_len == WSC_ID_REGISTRAR_LEN && | |
253 | os_memcmp(ssid->eap.identity, WSC_ID_REGISTRAR, | |
254 | WSC_ID_REGISTRAR_LEN) == 0) | |
255 | registrar = 1; | |
fa201b69 JM |
256 | os_free(ssid->eap.identity); |
257 | ssid->eap.identity = NULL; | |
258 | ssid->eap.identity_len = 0; | |
259 | os_free(ssid->eap.phase1); | |
260 | ssid->eap.phase1 = NULL; | |
261 | os_free(ssid->eap.eap_methods); | |
262 | ssid->eap.eap_methods = NULL; | |
2ff99b3c JM |
263 | if (!ssid->p2p_group) |
264 | ssid->temporary = 0; | |
fa201b69 JM |
265 | } else { |
266 | wpa_printf(MSG_DEBUG, "WPS: Create a new network based on the " | |
267 | "received credential"); | |
268 | ssid = wpa_config_add_network(wpa_s->conf); | |
269 | if (ssid == NULL) | |
270 | return -1; | |
8bac466b | 271 | wpas_notify_network_added(wpa_s, ssid); |
fa201b69 JM |
272 | } |
273 | ||
274 | wpa_config_set_network_defaults(ssid); | |
275 | ||
276 | os_free(ssid->ssid); | |
277 | ssid->ssid = os_malloc(cred->ssid_len); | |
278 | if (ssid->ssid) { | |
279 | os_memcpy(ssid->ssid, cred->ssid, cred->ssid_len); | |
280 | ssid->ssid_len = cred->ssid_len; | |
281 | } | |
282 | ||
283 | switch (cred->encr_type) { | |
284 | case WPS_ENCR_NONE: | |
fa201b69 JM |
285 | break; |
286 | case WPS_ENCR_WEP: | |
4b195a1b AT |
287 | if (cred->key_len <= 0) |
288 | break; | |
289 | if (cred->key_len != 5 && cred->key_len != 13 && | |
290 | cred->key_len != 10 && cred->key_len != 26) { | |
291 | wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key length " | |
292 | "%lu", (unsigned long) cred->key_len); | |
293 | return -1; | |
294 | } | |
522b5b6e | 295 | if (cred->key_idx > NUM_WEP_KEYS) { |
4b195a1b AT |
296 | wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key index %d", |
297 | cred->key_idx); | |
298 | return -1; | |
299 | } | |
522b5b6e AT |
300 | if (cred->key_idx) |
301 | key_idx = cred->key_idx - 1; | |
4b195a1b AT |
302 | if (cred->key_len == 10 || cred->key_len == 26) { |
303 | if (hexstr2bin((char *) cred->key, | |
304 | ssid->wep_key[key_idx], | |
305 | cred->key_len / 2) < 0) { | |
306 | wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key " | |
307 | "%d", key_idx); | |
308 | return -1; | |
309 | } | |
310 | ssid->wep_key_len[key_idx] = cred->key_len / 2; | |
311 | } else { | |
312 | os_memcpy(ssid->wep_key[key_idx], cred->key, | |
fa201b69 | 313 | cred->key_len); |
4b195a1b | 314 | ssid->wep_key_len[key_idx] = cred->key_len; |
fa201b69 | 315 | } |
4b195a1b | 316 | ssid->wep_tx_keyidx = key_idx; |
fa201b69 JM |
317 | break; |
318 | case WPS_ENCR_TKIP: | |
319 | ssid->pairwise_cipher = WPA_CIPHER_TKIP; | |
fa201b69 JM |
320 | break; |
321 | case WPS_ENCR_AES: | |
322 | ssid->pairwise_cipher = WPA_CIPHER_CCMP; | |
fa201b69 JM |
323 | break; |
324 | } | |
325 | ||
49eba5f8 | 326 | switch (auth_type) { |
fa201b69 JM |
327 | case WPS_AUTH_OPEN: |
328 | ssid->auth_alg = WPA_AUTH_ALG_OPEN; | |
329 | ssid->key_mgmt = WPA_KEY_MGMT_NONE; | |
330 | ssid->proto = 0; | |
f981eabc JM |
331 | #ifdef CONFIG_WPS_REG_DISABLE_OPEN |
332 | if (registrar) { | |
333 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OPEN_NETWORK | |
334 | "id=%d - Credentials for an open " | |
335 | "network disabled by default - use " | |
336 | "'select_network %d' to enable", | |
337 | ssid->id, ssid->id); | |
338 | ssid->disabled = 1; | |
339 | } | |
340 | #endif /* CONFIG_WPS_REG_DISABLE_OPEN */ | |
fa201b69 JM |
341 | break; |
342 | case WPS_AUTH_SHARED: | |
343 | ssid->auth_alg = WPA_AUTH_ALG_SHARED; | |
344 | ssid->key_mgmt = WPA_KEY_MGMT_NONE; | |
345 | ssid->proto = 0; | |
346 | break; | |
347 | case WPS_AUTH_WPAPSK: | |
348 | ssid->auth_alg = WPA_AUTH_ALG_OPEN; | |
349 | ssid->key_mgmt = WPA_KEY_MGMT_PSK; | |
350 | ssid->proto = WPA_PROTO_WPA; | |
351 | break; | |
352 | case WPS_AUTH_WPA: | |
353 | ssid->auth_alg = WPA_AUTH_ALG_OPEN; | |
354 | ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X; | |
355 | ssid->proto = WPA_PROTO_WPA; | |
356 | break; | |
357 | case WPS_AUTH_WPA2: | |
358 | ssid->auth_alg = WPA_AUTH_ALG_OPEN; | |
359 | ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X; | |
360 | ssid->proto = WPA_PROTO_RSN; | |
361 | break; | |
362 | case WPS_AUTH_WPA2PSK: | |
363 | ssid->auth_alg = WPA_AUTH_ALG_OPEN; | |
364 | ssid->key_mgmt = WPA_KEY_MGMT_PSK; | |
365 | ssid->proto = WPA_PROTO_RSN; | |
366 | break; | |
367 | } | |
368 | ||
369 | if (ssid->key_mgmt == WPA_KEY_MGMT_PSK) { | |
370 | if (cred->key_len == 2 * PMK_LEN) { | |
371 | if (hexstr2bin((const char *) cred->key, ssid->psk, | |
372 | PMK_LEN)) { | |
373 | wpa_printf(MSG_ERROR, "WPS: Invalid Network " | |
374 | "Key"); | |
375 | return -1; | |
376 | } | |
377 | ssid->psk_set = 1; | |
d1c8ac88 | 378 | ssid->export_keys = 1; |
fa201b69 JM |
379 | } else if (cred->key_len >= 8 && cred->key_len < 2 * PMK_LEN) { |
380 | os_free(ssid->passphrase); | |
381 | ssid->passphrase = os_malloc(cred->key_len + 1); | |
382 | if (ssid->passphrase == NULL) | |
383 | return -1; | |
384 | os_memcpy(ssid->passphrase, cred->key, cred->key_len); | |
385 | ssid->passphrase[cred->key_len] = '\0'; | |
386 | wpa_config_update_psk(ssid); | |
d1c8ac88 | 387 | ssid->export_keys = 1; |
fa201b69 JM |
388 | } else { |
389 | wpa_printf(MSG_ERROR, "WPS: Invalid Network Key " | |
390 | "length %lu", | |
391 | (unsigned long) cred->key_len); | |
392 | return -1; | |
393 | } | |
394 | } | |
395 | ||
7cc1b6c9 JM |
396 | wpas_wps_security_workaround(wpa_s, ssid, cred); |
397 | ||
fa201b69 JM |
398 | #ifndef CONFIG_NO_CONFIG_WRITE |
399 | if (wpa_s->conf->update_config && | |
400 | wpa_config_write(wpa_s->confname, wpa_s->conf)) { | |
401 | wpa_printf(MSG_DEBUG, "WPS: Failed to update configuration"); | |
402 | return -1; | |
403 | } | |
404 | #endif /* CONFIG_NO_CONFIG_WRITE */ | |
405 | ||
406 | return 0; | |
407 | } | |
408 | ||
409 | ||
b89883a4 JM |
410 | #ifdef CONFIG_P2P |
411 | static void wpas_wps_pbc_overlap_cb(void *eloop_ctx, void *timeout_ctx) | |
412 | { | |
413 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
414 | wpas_p2p_notif_pbc_overlap(wpa_s); | |
415 | } | |
416 | #endif /* CONFIG_P2P */ | |
417 | ||
418 | ||
4b68290e JM |
419 | static void wpa_supplicant_wps_event_m2d(struct wpa_supplicant *wpa_s, |
420 | struct wps_event_m2d *m2d) | |
421 | { | |
422 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_M2D | |
423 | "dev_password_id=%d config_error=%d", | |
424 | m2d->dev_password_id, m2d->config_error); | |
8bac466b | 425 | wpas_notify_wps_event_m2d(wpa_s, m2d); |
b89883a4 JM |
426 | #ifdef CONFIG_P2P |
427 | if (wpa_s->parent && wpa_s->parent != wpa_s) { | |
428 | wpa_msg(wpa_s->parent, MSG_INFO, WPS_EVENT_M2D | |
429 | "dev_password_id=%d config_error=%d", | |
430 | m2d->dev_password_id, m2d->config_error); | |
431 | } | |
432 | if (m2d->config_error == WPS_CFG_MULTIPLE_PBC_DETECTED) { | |
433 | /* | |
434 | * Notify P2P from eloop timeout to avoid issues with the | |
435 | * interface getting removed while processing a message. | |
436 | */ | |
437 | eloop_register_timeout(0, 0, wpas_wps_pbc_overlap_cb, wpa_s, | |
438 | NULL); | |
439 | } | |
440 | #endif /* CONFIG_P2P */ | |
4b68290e JM |
441 | } |
442 | ||
443 | ||
c5cf0a18 CWY |
444 | static const char * wps_event_fail_reason[NUM_WPS_EI_VALUES] = { |
445 | "No Error", /* WPS_EI_NO_ERROR */ | |
446 | "TKIP Only Prohibited", /* WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED */ | |
447 | "WEP Prohibited" /* WPS_EI_SECURITY_WEP_PROHIBITED */ | |
448 | }; | |
449 | ||
469fc3a4 JM |
450 | static void wpa_supplicant_wps_event_fail(struct wpa_supplicant *wpa_s, |
451 | struct wps_event_fail *fail) | |
452 | { | |
c5cf0a18 CWY |
453 | if (fail->error_indication > 0 && |
454 | fail->error_indication < NUM_WPS_EI_VALUES) { | |
455 | wpa_msg(wpa_s, MSG_INFO, | |
456 | WPS_EVENT_FAIL "msg=%d config_error=%d reason=%d (%s)", | |
457 | fail->msg, fail->config_error, fail->error_indication, | |
458 | wps_event_fail_reason[fail->error_indication]); | |
459 | if (wpa_s->parent && wpa_s->parent != wpa_s) | |
460 | wpa_msg(wpa_s->parent, MSG_INFO, WPS_EVENT_FAIL | |
461 | "msg=%d config_error=%d reason=%d (%s)", | |
462 | fail->msg, fail->config_error, | |
463 | fail->error_indication, | |
464 | wps_event_fail_reason[fail->error_indication]); | |
465 | } else { | |
466 | wpa_msg(wpa_s, MSG_INFO, | |
467 | WPS_EVENT_FAIL "msg=%d config_error=%d", | |
545cc6af | 468 | fail->msg, fail->config_error); |
c5cf0a18 CWY |
469 | if (wpa_s->parent && wpa_s->parent != wpa_s) |
470 | wpa_msg(wpa_s->parent, MSG_INFO, WPS_EVENT_FAIL | |
471 | "msg=%d config_error=%d", | |
472 | fail->msg, fail->config_error); | |
473 | } | |
469fc3a4 | 474 | wpas_clear_wps(wpa_s); |
8bac466b | 475 | wpas_notify_wps_event_fail(wpa_s, fail); |
3734552f JS |
476 | #ifdef CONFIG_P2P |
477 | wpas_p2p_wps_failed(wpa_s, fail); | |
478 | #endif /* CONFIG_P2P */ | |
469fc3a4 JM |
479 | } |
480 | ||
481 | ||
ad5302a1 JM |
482 | static void wpa_supplicant_wps_event_success(struct wpa_supplicant *wpa_s) |
483 | { | |
484 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_SUCCESS); | |
a6099152 | 485 | wpa_s->wps_success = 1; |
8bac466b | 486 | wpas_notify_wps_event_success(wpa_s); |
b22128ef JM |
487 | #ifdef CONFIG_P2P |
488 | wpas_p2p_wps_success(wpa_s, wpa_s->bssid, 0); | |
489 | #endif /* CONFIG_P2P */ | |
ad5302a1 JM |
490 | } |
491 | ||
492 | ||
b78bc3a3 JM |
493 | static void wpa_supplicant_wps_event_er_ap_add(struct wpa_supplicant *wpa_s, |
494 | struct wps_event_er_ap *ap) | |
495 | { | |
496 | char uuid_str[100]; | |
ed45947e | 497 | char dev_type[WPS_DEV_TYPE_BUFSIZE]; |
e694b344 | 498 | |
b78bc3a3 | 499 | uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str)); |
e694b344 | 500 | if (ap->pri_dev_type) |
ed45947e JM |
501 | wps_dev_type_bin2str(ap->pri_dev_type, dev_type, |
502 | sizeof(dev_type)); | |
e694b344 JM |
503 | else |
504 | dev_type[0] = '\0'; | |
505 | ||
506 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_ADD "%s " MACSTR | |
507 | " pri_dev_type=%s wps_state=%d |%s|%s|%s|%s|%s|%s|", | |
508 | uuid_str, MAC2STR(ap->mac_addr), dev_type, ap->wps_state, | |
b78bc3a3 JM |
509 | ap->friendly_name ? ap->friendly_name : "", |
510 | ap->manufacturer ? ap->manufacturer : "", | |
511 | ap->model_description ? ap->model_description : "", | |
512 | ap->model_name ? ap->model_name : "", | |
513 | ap->manufacturer_url ? ap->manufacturer_url : "", | |
514 | ap->model_url ? ap->model_url : ""); | |
515 | } | |
516 | ||
517 | ||
518 | static void wpa_supplicant_wps_event_er_ap_remove(struct wpa_supplicant *wpa_s, | |
519 | struct wps_event_er_ap *ap) | |
520 | { | |
521 | char uuid_str[100]; | |
522 | uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str)); | |
523 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_REMOVE "%s", uuid_str); | |
524 | } | |
525 | ||
526 | ||
527 | static void wpa_supplicant_wps_event_er_enrollee_add( | |
528 | struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee) | |
529 | { | |
530 | char uuid_str[100]; | |
ed45947e | 531 | char dev_type[WPS_DEV_TYPE_BUFSIZE]; |
b78bc3a3 JM |
532 | |
533 | uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str)); | |
534 | if (enrollee->pri_dev_type) | |
ed45947e JM |
535 | wps_dev_type_bin2str(enrollee->pri_dev_type, dev_type, |
536 | sizeof(dev_type)); | |
b78bc3a3 JM |
537 | else |
538 | dev_type[0] = '\0'; | |
539 | ||
540 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_ADD "%s " MACSTR | |
541 | " M1=%d config_methods=0x%x dev_passwd_id=%d pri_dev_type=%s " | |
542 | "|%s|%s|%s|%s|%s|", | |
543 | uuid_str, MAC2STR(enrollee->mac_addr), enrollee->m1_received, | |
544 | enrollee->config_methods, enrollee->dev_passwd_id, dev_type, | |
545 | enrollee->dev_name ? enrollee->dev_name : "", | |
546 | enrollee->manufacturer ? enrollee->manufacturer : "", | |
547 | enrollee->model_name ? enrollee->model_name : "", | |
548 | enrollee->model_number ? enrollee->model_number : "", | |
549 | enrollee->serial_number ? enrollee->serial_number : ""); | |
550 | } | |
551 | ||
552 | ||
553 | static void wpa_supplicant_wps_event_er_enrollee_remove( | |
554 | struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee) | |
555 | { | |
556 | char uuid_str[100]; | |
557 | uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str)); | |
558 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_REMOVE "%s " MACSTR, | |
559 | uuid_str, MAC2STR(enrollee->mac_addr)); | |
560 | } | |
561 | ||
562 | ||
15dbf129 JM |
563 | static void wpa_supplicant_wps_event_er_ap_settings( |
564 | struct wpa_supplicant *wpa_s, | |
565 | struct wps_event_er_ap_settings *ap_settings) | |
566 | { | |
567 | char uuid_str[100]; | |
568 | char key_str[65]; | |
569 | const struct wps_credential *cred = ap_settings->cred; | |
570 | ||
571 | key_str[0] = '\0'; | |
572 | if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) { | |
573 | if (cred->key_len >= 8 && cred->key_len <= 64) { | |
574 | os_memcpy(key_str, cred->key, cred->key_len); | |
575 | key_str[cred->key_len] = '\0'; | |
576 | } | |
577 | } | |
578 | ||
579 | uuid_bin2str(ap_settings->uuid, uuid_str, sizeof(uuid_str)); | |
580 | /* Use wpa_msg_ctrl to avoid showing the key in debug log */ | |
581 | wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_SETTINGS | |
582 | "uuid=%s ssid=%s auth_type=0x%04x encr_type=0x%04x " | |
583 | "key=%s", | |
584 | uuid_str, wpa_ssid_txt(cred->ssid, cred->ssid_len), | |
585 | cred->auth_type, cred->encr_type, key_str); | |
586 | } | |
587 | ||
588 | ||
3e7533b3 JM |
589 | static void wpa_supplicant_wps_event_er_set_sel_reg( |
590 | struct wpa_supplicant *wpa_s, | |
591 | struct wps_event_er_set_selected_registrar *ev) | |
592 | { | |
593 | char uuid_str[100]; | |
594 | ||
595 | uuid_bin2str(ev->uuid, uuid_str, sizeof(uuid_str)); | |
596 | switch (ev->state) { | |
597 | case WPS_ER_SET_SEL_REG_START: | |
598 | wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG | |
599 | "uuid=%s state=START sel_reg=%d dev_passwd_id=%u " | |
600 | "sel_reg_config_methods=0x%x", | |
601 | uuid_str, ev->sel_reg, ev->dev_passwd_id, | |
602 | ev->sel_reg_config_methods); | |
603 | break; | |
604 | case WPS_ER_SET_SEL_REG_DONE: | |
605 | wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG | |
606 | "uuid=%s state=DONE", uuid_str); | |
607 | break; | |
608 | case WPS_ER_SET_SEL_REG_FAILED: | |
609 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_SET_SEL_REG | |
610 | "uuid=%s state=FAILED", uuid_str); | |
611 | break; | |
612 | } | |
613 | } | |
614 | ||
615 | ||
4b68290e JM |
616 | static void wpa_supplicant_wps_event(void *ctx, enum wps_event event, |
617 | union wps_event_data *data) | |
618 | { | |
619 | struct wpa_supplicant *wpa_s = ctx; | |
620 | switch (event) { | |
621 | case WPS_EV_M2D: | |
622 | wpa_supplicant_wps_event_m2d(wpa_s, &data->m2d); | |
623 | break; | |
469fc3a4 JM |
624 | case WPS_EV_FAIL: |
625 | wpa_supplicant_wps_event_fail(wpa_s, &data->fail); | |
626 | break; | |
ad5302a1 JM |
627 | case WPS_EV_SUCCESS: |
628 | wpa_supplicant_wps_event_success(wpa_s); | |
629 | break; | |
3b2cf800 | 630 | case WPS_EV_PWD_AUTH_FAIL: |
70d84f11 JM |
631 | #ifdef CONFIG_AP |
632 | if (wpa_s->ap_iface && data->pwd_auth_fail.enrollee) | |
633 | wpa_supplicant_ap_pwd_auth_fail(wpa_s); | |
634 | #endif /* CONFIG_AP */ | |
3b2cf800 | 635 | break; |
63330c68 OK |
636 | case WPS_EV_PBC_OVERLAP: |
637 | break; | |
638 | case WPS_EV_PBC_TIMEOUT: | |
639 | break; | |
b78bc3a3 JM |
640 | case WPS_EV_ER_AP_ADD: |
641 | wpa_supplicant_wps_event_er_ap_add(wpa_s, &data->ap); | |
642 | break; | |
643 | case WPS_EV_ER_AP_REMOVE: | |
644 | wpa_supplicant_wps_event_er_ap_remove(wpa_s, &data->ap); | |
645 | break; | |
646 | case WPS_EV_ER_ENROLLEE_ADD: | |
647 | wpa_supplicant_wps_event_er_enrollee_add(wpa_s, | |
648 | &data->enrollee); | |
649 | break; | |
650 | case WPS_EV_ER_ENROLLEE_REMOVE: | |
651 | wpa_supplicant_wps_event_er_enrollee_remove(wpa_s, | |
652 | &data->enrollee); | |
653 | break; | |
15dbf129 JM |
654 | case WPS_EV_ER_AP_SETTINGS: |
655 | wpa_supplicant_wps_event_er_ap_settings(wpa_s, | |
656 | &data->ap_settings); | |
657 | break; | |
3e7533b3 JM |
658 | case WPS_EV_ER_SET_SELECTED_REGISTRAR: |
659 | wpa_supplicant_wps_event_er_set_sel_reg(wpa_s, | |
660 | &data->set_sel_reg); | |
661 | break; | |
4b68290e JM |
662 | } |
663 | } | |
664 | ||
665 | ||
f90c86d4 | 666 | enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid) |
fa201b69 | 667 | { |
b01c18a8 JM |
668 | if (eap_is_wps_pbc_enrollee(&ssid->eap) || |
669 | eap_is_wps_pin_enrollee(&ssid->eap)) | |
670 | return WPS_REQ_ENROLLEE; | |
671 | else | |
672 | return WPS_REQ_REGISTRAR; | |
fa201b69 | 673 | } |
116654ce JM |
674 | |
675 | ||
fcc60db4 JM |
676 | static void wpas_clear_wps(struct wpa_supplicant *wpa_s) |
677 | { | |
678 | int id; | |
20a0b03d JM |
679 | struct wpa_ssid *ssid, *remove_ssid = NULL, *prev_current; |
680 | ||
681 | prev_current = wpa_s->current_ssid; | |
fcc60db4 JM |
682 | |
683 | eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL); | |
684 | ||
685 | /* Remove any existing WPS network from configuration */ | |
686 | ssid = wpa_s->conf->ssid; | |
687 | while (ssid) { | |
f0477201 | 688 | if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) { |
8bac466b | 689 | if (ssid == wpa_s->current_ssid) { |
f0477201 | 690 | wpa_s->current_ssid = NULL; |
8bac466b JM |
691 | if (ssid != NULL) |
692 | wpas_notify_network_changed(wpa_s); | |
693 | } | |
fcc60db4 | 694 | id = ssid->id; |
8bac466b | 695 | remove_ssid = ssid; |
f0477201 | 696 | } else |
fcc60db4 JM |
697 | id = -1; |
698 | ssid = ssid->next; | |
8bac466b | 699 | if (id >= 0) { |
20a0b03d JM |
700 | if (prev_current == remove_ssid) { |
701 | wpa_sm_set_config(wpa_s->wpa, NULL); | |
702 | eapol_sm_notify_config(wpa_s->eapol, NULL, | |
703 | NULL); | |
704 | } | |
8bac466b | 705 | wpas_notify_network_removed(wpa_s, remove_ssid); |
fcc60db4 | 706 | wpa_config_remove_network(wpa_s->conf, id); |
8bac466b | 707 | } |
fcc60db4 JM |
708 | } |
709 | } | |
710 | ||
711 | ||
712 | static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx) | |
713 | { | |
714 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
014732ea AC |
715 | wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_TIMEOUT "Requested operation timed " |
716 | "out"); | |
fcc60db4 JM |
717 | wpas_clear_wps(wpa_s); |
718 | } | |
719 | ||
720 | ||
721 | static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s, | |
722 | int registrar, const u8 *bssid) | |
723 | { | |
724 | struct wpa_ssid *ssid; | |
725 | ||
726 | ssid = wpa_config_add_network(wpa_s->conf); | |
727 | if (ssid == NULL) | |
728 | return NULL; | |
8bac466b | 729 | wpas_notify_network_added(wpa_s, ssid); |
fcc60db4 | 730 | wpa_config_set_network_defaults(ssid); |
2ff99b3c | 731 | ssid->temporary = 1; |
fcc60db4 JM |
732 | if (wpa_config_set(ssid, "key_mgmt", "WPS", 0) < 0 || |
733 | wpa_config_set(ssid, "eap", "WSC", 0) < 0 || | |
734 | wpa_config_set(ssid, "identity", registrar ? | |
735 | "\"" WSC_ID_REGISTRAR "\"" : | |
736 | "\"" WSC_ID_ENROLLEE "\"", 0) < 0) { | |
8bac466b | 737 | wpas_notify_network_removed(wpa_s, ssid); |
fcc60db4 JM |
738 | wpa_config_remove_network(wpa_s->conf, ssid->id); |
739 | return NULL; | |
740 | } | |
741 | ||
742 | if (bssid) { | |
b2c5a4a3 | 743 | #ifndef CONFIG_P2P |
59f2caa9 | 744 | struct wpa_bss *bss; |
f7e54365 | 745 | int count = 0; |
b2c5a4a3 | 746 | #endif /* CONFIG_P2P */ |
fcc60db4 JM |
747 | |
748 | os_memcpy(ssid->bssid, bssid, ETH_ALEN); | |
24c23d1b | 749 | ssid->bssid_set = 1; |
fcc60db4 | 750 | |
b2c5a4a3 JM |
751 | /* |
752 | * Note: With P2P, the SSID may change at the time the WPS | |
753 | * provisioning is started, so better not filter the AP based | |
754 | * on the current SSID in the scan results. | |
755 | */ | |
756 | #ifndef CONFIG_P2P | |
59f2caa9 JM |
757 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { |
758 | if (os_memcmp(bssid, bss->bssid, ETH_ALEN) != 0) | |
fcc60db4 JM |
759 | continue; |
760 | ||
fcc60db4 | 761 | os_free(ssid->ssid); |
59f2caa9 | 762 | ssid->ssid = os_malloc(bss->ssid_len); |
fcc60db4 JM |
763 | if (ssid->ssid == NULL) |
764 | break; | |
59f2caa9 JM |
765 | os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len); |
766 | ssid->ssid_len = bss->ssid_len; | |
f7e54365 JM |
767 | wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from " |
768 | "scan results", | |
769 | ssid->ssid, ssid->ssid_len); | |
770 | count++; | |
771 | } | |
772 | ||
773 | if (count > 1) { | |
774 | wpa_printf(MSG_DEBUG, "WPS: More than one SSID found " | |
775 | "for the AP; use wildcard"); | |
776 | os_free(ssid->ssid); | |
777 | ssid->ssid = NULL; | |
778 | ssid->ssid_len = 0; | |
fcc60db4 | 779 | } |
b2c5a4a3 | 780 | #endif /* CONFIG_P2P */ |
fcc60db4 JM |
781 | } |
782 | ||
783 | return ssid; | |
784 | } | |
785 | ||
786 | ||
787 | static void wpas_wps_reassoc(struct wpa_supplicant *wpa_s, | |
788 | struct wpa_ssid *selected) | |
789 | { | |
790 | struct wpa_ssid *ssid; | |
791 | ||
792 | /* Mark all other networks disabled and trigger reassociation */ | |
793 | ssid = wpa_s->conf->ssid; | |
794 | while (ssid) { | |
8bac466b | 795 | int was_disabled = ssid->disabled; |
c2762e41 JS |
796 | /* |
797 | * In case the network object corresponds to a persistent group | |
798 | * then do not send out network disabled signal. In addition, | |
799 | * do not change disabled status of persistent network objects | |
800 | * from 2 to 1 should we connect to another network. | |
801 | */ | |
802 | if (was_disabled != 2) { | |
803 | ssid->disabled = ssid != selected; | |
804 | if (was_disabled != ssid->disabled) | |
805 | wpas_notify_network_enabled_changed(wpa_s, | |
806 | ssid); | |
807 | } | |
fcc60db4 JM |
808 | ssid = ssid->next; |
809 | } | |
810 | wpa_s->disconnected = 0; | |
811 | wpa_s->reassociate = 1; | |
a6099152 JM |
812 | wpa_s->scan_runs = 0; |
813 | wpa_s->wps_success = 0; | |
814 | wpa_s->blacklist_cleared = 0; | |
fcc60db4 JM |
815 | wpa_supplicant_req_scan(wpa_s, 0, 0); |
816 | } | |
817 | ||
818 | ||
9fa243b2 JM |
819 | int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid, |
820 | int p2p_group) | |
fcc60db4 JM |
821 | { |
822 | struct wpa_ssid *ssid; | |
823 | wpas_clear_wps(wpa_s); | |
824 | ssid = wpas_wps_add_network(wpa_s, 0, bssid); | |
825 | if (ssid == NULL) | |
826 | return -1; | |
9fa243b2 JM |
827 | ssid->temporary = 1; |
828 | ssid->p2p_group = p2p_group; | |
812bf56a | 829 | #ifdef CONFIG_P2P |
e9a7ae41 JM |
830 | if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) { |
831 | ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1); | |
832 | if (ssid->ssid) { | |
833 | ssid->ssid_len = wpa_s->go_params->ssid_len; | |
834 | os_memcpy(ssid->ssid, wpa_s->go_params->ssid, | |
835 | ssid->ssid_len); | |
836 | wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP " | |
837 | "SSID", ssid->ssid, ssid->ssid_len); | |
838 | } | |
839 | } | |
812bf56a | 840 | #endif /* CONFIG_P2P */ |
fcc60db4 | 841 | wpa_config_set(ssid, "phase1", "\"pbc=1\"", 0); |
42f50264 JM |
842 | if (wpa_s->wps_fragment_size) |
843 | ssid->eap.fragment_size = wpa_s->wps_fragment_size; | |
fcc60db4 JM |
844 | eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout, |
845 | wpa_s, NULL); | |
846 | wpas_wps_reassoc(wpa_s, ssid); | |
847 | return 0; | |
848 | } | |
849 | ||
850 | ||
851 | int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid, | |
3c5126a4 | 852 | const char *pin, int p2p_group, u16 dev_pw_id) |
fcc60db4 JM |
853 | { |
854 | struct wpa_ssid *ssid; | |
46bdb83a | 855 | char val[128]; |
fcc60db4 JM |
856 | unsigned int rpin = 0; |
857 | ||
858 | wpas_clear_wps(wpa_s); | |
859 | ssid = wpas_wps_add_network(wpa_s, 0, bssid); | |
860 | if (ssid == NULL) | |
861 | return -1; | |
9fa243b2 JM |
862 | ssid->temporary = 1; |
863 | ssid->p2p_group = p2p_group; | |
812bf56a | 864 | #ifdef CONFIG_P2P |
e9a7ae41 JM |
865 | if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) { |
866 | ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1); | |
867 | if (ssid->ssid) { | |
868 | ssid->ssid_len = wpa_s->go_params->ssid_len; | |
869 | os_memcpy(ssid->ssid, wpa_s->go_params->ssid, | |
870 | ssid->ssid_len); | |
871 | wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP " | |
872 | "SSID", ssid->ssid, ssid->ssid_len); | |
873 | } | |
874 | } | |
812bf56a | 875 | #endif /* CONFIG_P2P */ |
fcc60db4 | 876 | if (pin) |
3c5126a4 JM |
877 | os_snprintf(val, sizeof(val), "\"pin=%s dev_pw_id=%u\"", |
878 | pin, dev_pw_id); | |
fcc60db4 JM |
879 | else { |
880 | rpin = wps_generate_pin(); | |
3c5126a4 JM |
881 | os_snprintf(val, sizeof(val), "\"pin=%08d dev_pw_id=%u\"", |
882 | rpin, dev_pw_id); | |
fcc60db4 JM |
883 | } |
884 | wpa_config_set(ssid, "phase1", val, 0); | |
42f50264 JM |
885 | if (wpa_s->wps_fragment_size) |
886 | ssid->eap.fragment_size = wpa_s->wps_fragment_size; | |
fcc60db4 JM |
887 | eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout, |
888 | wpa_s, NULL); | |
889 | wpas_wps_reassoc(wpa_s, ssid); | |
890 | return rpin; | |
891 | } | |
892 | ||
893 | ||
2f9929ff AC |
894 | /* Cancel the wps pbc/pin requests */ |
895 | int wpas_wps_cancel(struct wpa_supplicant *wpa_s) | |
896 | { | |
897 | #ifdef CONFIG_AP | |
898 | if (wpa_s->ap_iface) { | |
899 | wpa_printf(MSG_DEBUG, "WPS: Cancelling in AP mode"); | |
900 | return wpa_supplicant_ap_wps_cancel(wpa_s); | |
901 | } | |
902 | #endif /* CONFIG_AP */ | |
903 | ||
904 | if (wpa_s->wpa_state == WPA_SCANNING) { | |
905 | wpa_printf(MSG_DEBUG, "WPS: Cancel operation - cancel scan"); | |
906 | wpa_supplicant_cancel_scan(wpa_s); | |
907 | wpas_clear_wps(wpa_s); | |
908 | } else if (wpa_s->wpa_state >= WPA_ASSOCIATED) { | |
909 | wpa_printf(MSG_DEBUG, "WPS: Cancel operation - " | |
910 | "deauthenticate"); | |
911 | wpa_supplicant_deauthenticate(wpa_s, | |
912 | WLAN_REASON_DEAUTH_LEAVING); | |
913 | wpas_clear_wps(wpa_s); | |
914 | } | |
915 | ||
916 | return 0; | |
917 | } | |
918 | ||
919 | ||
116f7bb0 | 920 | #ifdef CONFIG_WPS_OOB |
46bdb83a | 921 | int wpas_wps_start_oob(struct wpa_supplicant *wpa_s, char *device_type, |
e1ee6b60 | 922 | char *path, char *method, char *name) |
46bdb83a MH |
923 | { |
924 | struct wps_context *wps = wpa_s->wps; | |
7cbf51bb | 925 | struct oob_device_data *oob_dev; |
46bdb83a | 926 | |
7cbf51bb JM |
927 | oob_dev = wps_get_oob_device(device_type); |
928 | if (oob_dev == NULL) | |
46bdb83a | 929 | return -1; |
7cbf51bb | 930 | oob_dev->device_path = path; |
e1ee6b60 | 931 | oob_dev->device_name = name; |
46bdb83a MH |
932 | wps->oob_conf.oob_method = wps_get_oob_method(method); |
933 | ||
d5e2b2d2 JM |
934 | if (wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_E) { |
935 | /* | |
936 | * Use pre-configured DH keys in order to be able to write the | |
937 | * key hash into the OOB file. | |
938 | */ | |
939 | wpabuf_free(wps->dh_pubkey); | |
940 | wpabuf_free(wps->dh_privkey); | |
941 | wps->dh_privkey = NULL; | |
f042122a JM |
942 | wps->dh_pubkey = NULL; |
943 | dh5_free(wps->dh_ctx); | |
944 | wps->dh_ctx = dh5_init(&wps->dh_privkey, &wps->dh_pubkey); | |
d5e2b2d2 | 945 | wps->dh_pubkey = wpabuf_zeropad(wps->dh_pubkey, 192); |
f042122a | 946 | if (wps->dh_ctx == NULL || wps->dh_pubkey == NULL) { |
d5e2b2d2 JM |
947 | wpa_printf(MSG_ERROR, "WPS: Failed to initialize " |
948 | "Diffie-Hellman handshake"); | |
949 | return -1; | |
950 | } | |
951 | } | |
952 | ||
46bdb83a MH |
953 | if (wps->oob_conf.oob_method == OOB_METHOD_CRED) |
954 | wpas_clear_wps(wpa_s); | |
955 | ||
7cbf51bb | 956 | if (wps_process_oob(wps, oob_dev, 0) < 0) |
46bdb83a MH |
957 | return -1; |
958 | ||
959 | if ((wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_E || | |
960 | wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_R) && | |
961 | wpas_wps_start_pin(wpa_s, NULL, | |
d9c8a7c4 JM |
962 | wpabuf_head(wps->oob_conf.dev_password), 0, |
963 | DEV_PW_DEFAULT) < 0) | |
46bdb83a MH |
964 | return -1; |
965 | ||
966 | return 0; | |
967 | } | |
116f7bb0 | 968 | #endif /* CONFIG_WPS_OOB */ |
46bdb83a MH |
969 | |
970 | ||
fcc60db4 | 971 | int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid, |
52eb293d | 972 | const char *pin, struct wps_new_ap_settings *settings) |
fcc60db4 JM |
973 | { |
974 | struct wpa_ssid *ssid; | |
52eb293d JM |
975 | char val[200]; |
976 | char *pos, *end; | |
977 | int res; | |
fcc60db4 JM |
978 | |
979 | if (!pin) | |
980 | return -1; | |
981 | wpas_clear_wps(wpa_s); | |
982 | ssid = wpas_wps_add_network(wpa_s, 1, bssid); | |
983 | if (ssid == NULL) | |
984 | return -1; | |
2ff99b3c | 985 | ssid->temporary = 1; |
52eb293d JM |
986 | pos = val; |
987 | end = pos + sizeof(val); | |
988 | res = os_snprintf(pos, end - pos, "\"pin=%s", pin); | |
989 | if (res < 0 || res >= end - pos) | |
990 | return -1; | |
991 | pos += res; | |
992 | if (settings) { | |
993 | res = os_snprintf(pos, end - pos, " new_ssid=%s new_auth=%s " | |
994 | "new_encr=%s new_key=%s", | |
995 | settings->ssid_hex, settings->auth, | |
996 | settings->encr, settings->key_hex); | |
997 | if (res < 0 || res >= end - pos) | |
998 | return -1; | |
999 | pos += res; | |
1000 | } | |
1001 | res = os_snprintf(pos, end - pos, "\""); | |
1002 | if (res < 0 || res >= end - pos) | |
1003 | return -1; | |
fcc60db4 | 1004 | wpa_config_set(ssid, "phase1", val, 0); |
42f50264 JM |
1005 | if (wpa_s->wps_fragment_size) |
1006 | ssid->eap.fragment_size = wpa_s->wps_fragment_size; | |
fcc60db4 JM |
1007 | eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout, |
1008 | wpa_s, NULL); | |
1009 | wpas_wps_reassoc(wpa_s, ssid); | |
1010 | return 0; | |
1011 | } | |
1012 | ||
1013 | ||
c5adf528 JM |
1014 | static int wpas_wps_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *psk, |
1015 | size_t psk_len) | |
1016 | { | |
1017 | wpa_printf(MSG_DEBUG, "WPS: Received new WPA/WPA2-PSK from WPS for " | |
1018 | "STA " MACSTR, MAC2STR(mac_addr)); | |
1019 | wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len); | |
1020 | ||
1021 | /* TODO */ | |
1022 | ||
1023 | return 0; | |
1024 | } | |
1025 | ||
1026 | ||
1027 | static void wpas_wps_pin_needed_cb(void *ctx, const u8 *uuid_e, | |
1028 | const struct wps_device_data *dev) | |
1029 | { | |
1030 | char uuid[40], txt[400]; | |
1031 | int len; | |
96750ea5 | 1032 | char devtype[WPS_DEV_TYPE_BUFSIZE]; |
c5adf528 JM |
1033 | if (uuid_bin2str(uuid_e, uuid, sizeof(uuid))) |
1034 | return; | |
1035 | wpa_printf(MSG_DEBUG, "WPS: PIN needed for UUID-E %s", uuid); | |
1036 | len = os_snprintf(txt, sizeof(txt), "WPS-EVENT-PIN-NEEDED %s " MACSTR | |
96750ea5 | 1037 | " [%s|%s|%s|%s|%s|%s]", |
c5adf528 JM |
1038 | uuid, MAC2STR(dev->mac_addr), dev->device_name, |
1039 | dev->manufacturer, dev->model_name, | |
1040 | dev->model_number, dev->serial_number, | |
96750ea5 JM |
1041 | wps_dev_type_bin2str(dev->pri_dev_type, devtype, |
1042 | sizeof(devtype))); | |
c5adf528 JM |
1043 | if (len > 0 && len < (int) sizeof(txt)) |
1044 | wpa_printf(MSG_INFO, "%s", txt); | |
1045 | } | |
1046 | ||
1047 | ||
72df2f5f JM |
1048 | static void wpas_wps_set_sel_reg_cb(void *ctx, int sel_reg, u16 dev_passwd_id, |
1049 | u16 sel_reg_config_methods) | |
1050 | { | |
1051 | #ifdef CONFIG_WPS_ER | |
1052 | struct wpa_supplicant *wpa_s = ctx; | |
1053 | ||
1054 | if (wpa_s->wps_er == NULL) | |
1055 | return; | |
ad474118 JM |
1056 | wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar - sel_reg=%d " |
1057 | "dev_password_id=%u sel_reg_config_methods=0x%x", | |
1058 | sel_reg, dev_passwd_id, sel_reg_config_methods); | |
72df2f5f JM |
1059 | wps_er_set_sel_reg(wpa_s->wps_er, sel_reg, dev_passwd_id, |
1060 | sel_reg_config_methods); | |
1061 | #endif /* CONFIG_WPS_ER */ | |
1062 | } | |
1063 | ||
1064 | ||
092acb54 JM |
1065 | static u16 wps_fix_config_methods(u16 config_methods) |
1066 | { | |
1067 | #ifdef CONFIG_WPS2 | |
1068 | if ((config_methods & | |
1069 | (WPS_CONFIG_DISPLAY | WPS_CONFIG_VIRT_DISPLAY | | |
1070 | WPS_CONFIG_PHY_DISPLAY)) == WPS_CONFIG_DISPLAY) { | |
1071 | wpa_printf(MSG_INFO, "WPS: Converting display to " | |
1072 | "virtual_display for WPS 2.0 compliance"); | |
1073 | config_methods |= WPS_CONFIG_VIRT_DISPLAY; | |
1074 | } | |
1075 | if ((config_methods & | |
1076 | (WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON | | |
1077 | WPS_CONFIG_PHY_PUSHBUTTON)) == WPS_CONFIG_PUSHBUTTON) { | |
1078 | wpa_printf(MSG_INFO, "WPS: Converting push_button to " | |
1079 | "virtual_push_button for WPS 2.0 compliance"); | |
1080 | config_methods |= WPS_CONFIG_VIRT_PUSHBUTTON; | |
1081 | } | |
1082 | #endif /* CONFIG_WPS2 */ | |
1083 | ||
1084 | return config_methods; | |
1085 | } | |
1086 | ||
1087 | ||
85a821d6 JM |
1088 | static void wpas_wps_set_uuid(struct wpa_supplicant *wpa_s, |
1089 | struct wps_context *wps) | |
1090 | { | |
1091 | wpa_printf(MSG_DEBUG, "WPS: Set UUID for interface %s", wpa_s->ifname); | |
1092 | if (is_nil_uuid(wpa_s->conf->uuid)) { | |
1093 | struct wpa_supplicant *first; | |
1094 | first = wpa_s->global->ifaces; | |
1095 | while (first && first->next) | |
1096 | first = first->next; | |
1097 | if (first && first != wpa_s) { | |
1098 | os_memcpy(wps->uuid, wpa_s->global->ifaces->wps->uuid, | |
1099 | WPS_UUID_LEN); | |
1100 | wpa_hexdump(MSG_DEBUG, "WPS: UUID from the first " | |
1101 | "interface", wps->uuid, WPS_UUID_LEN); | |
1102 | } else { | |
1103 | uuid_gen_mac_addr(wpa_s->own_addr, wps->uuid); | |
1104 | wpa_hexdump(MSG_DEBUG, "WPS: UUID based on MAC " | |
1105 | "address", wps->uuid, WPS_UUID_LEN); | |
1106 | } | |
1107 | } else { | |
1108 | os_memcpy(wps->uuid, wpa_s->conf->uuid, WPS_UUID_LEN); | |
1109 | wpa_hexdump(MSG_DEBUG, "WPS: UUID based on configuration", | |
1110 | wps->uuid, WPS_UUID_LEN); | |
1111 | } | |
1112 | } | |
1113 | ||
1114 | ||
116654ce JM |
1115 | int wpas_wps_init(struct wpa_supplicant *wpa_s) |
1116 | { | |
1117 | struct wps_context *wps; | |
c5adf528 | 1118 | struct wps_registrar_config rcfg; |
116654ce JM |
1119 | |
1120 | wps = os_zalloc(sizeof(*wps)); | |
1121 | if (wps == NULL) | |
1122 | return -1; | |
1123 | ||
1124 | wps->cred_cb = wpa_supplicant_wps_cred; | |
4b68290e | 1125 | wps->event_cb = wpa_supplicant_wps_event; |
116654ce JM |
1126 | wps->cb_ctx = wpa_s; |
1127 | ||
3c0b7aa4 JM |
1128 | wps->dev.device_name = wpa_s->conf->device_name; |
1129 | wps->dev.manufacturer = wpa_s->conf->manufacturer; | |
1130 | wps->dev.model_name = wpa_s->conf->model_name; | |
1131 | wps->dev.model_number = wpa_s->conf->model_number; | |
1132 | wps->dev.serial_number = wpa_s->conf->serial_number; | |
c0e4dd9e JM |
1133 | wps->config_methods = |
1134 | wps_config_methods_str2bin(wpa_s->conf->config_methods); | |
979b988e JM |
1135 | if ((wps->config_methods & (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) == |
1136 | (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) { | |
1137 | wpa_printf(MSG_ERROR, "WPS: Both Label and Display config " | |
1138 | "methods are not allowed at the same time"); | |
1139 | os_free(wps); | |
1140 | return -1; | |
1141 | } | |
092acb54 | 1142 | wps->config_methods = wps_fix_config_methods(wps->config_methods); |
2f646b6e JB |
1143 | os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type, |
1144 | WPS_DEV_TYPE_LEN); | |
a9e86bfb | 1145 | |
2f646b6e JB |
1146 | wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types; |
1147 | os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type, | |
1148 | WPS_DEV_TYPE_LEN * wps->dev.num_sec_dev_types); | |
a9e86bfb | 1149 | |
3c0b7aa4 JM |
1150 | wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version); |
1151 | wps->dev.rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ; /* TODO: config */ | |
398cfbf6 | 1152 | os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN); |
85a821d6 | 1153 | wpas_wps_set_uuid(wpa_s, wps); |
116654ce | 1154 | |
c5adf528 JM |
1155 | wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK; |
1156 | wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP; | |
1157 | ||
1158 | os_memset(&rcfg, 0, sizeof(rcfg)); | |
1159 | rcfg.new_psk_cb = wpas_wps_new_psk_cb; | |
1160 | rcfg.pin_needed_cb = wpas_wps_pin_needed_cb; | |
72df2f5f | 1161 | rcfg.set_sel_reg_cb = wpas_wps_set_sel_reg_cb; |
c5adf528 JM |
1162 | rcfg.cb_ctx = wpa_s; |
1163 | ||
1164 | wps->registrar = wps_registrar_init(wps, &rcfg); | |
1165 | if (wps->registrar == NULL) { | |
1166 | wpa_printf(MSG_DEBUG, "Failed to initialize WPS Registrar"); | |
1167 | os_free(wps); | |
1168 | return -1; | |
1169 | } | |
1170 | ||
116654ce JM |
1171 | wpa_s->wps = wps; |
1172 | ||
1173 | return 0; | |
1174 | } | |
1175 | ||
1176 | ||
1177 | void wpas_wps_deinit(struct wpa_supplicant *wpa_s) | |
1178 | { | |
fcc60db4 JM |
1179 | eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL); |
1180 | ||
116654ce JM |
1181 | if (wpa_s->wps == NULL) |
1182 | return; | |
1183 | ||
a6b63078 | 1184 | #ifdef CONFIG_WPS_ER |
1a1bf008 | 1185 | wps_er_deinit(wpa_s->wps_er, NULL, NULL); |
a6b63078 JM |
1186 | wpa_s->wps_er = NULL; |
1187 | #endif /* CONFIG_WPS_ER */ | |
1188 | ||
c5adf528 | 1189 | wps_registrar_deinit(wpa_s->wps->registrar); |
46bdb83a MH |
1190 | wpabuf_free(wpa_s->wps->dh_pubkey); |
1191 | wpabuf_free(wpa_s->wps->dh_privkey); | |
1192 | wpabuf_free(wpa_s->wps->oob_conf.pubkey_hash); | |
1193 | wpabuf_free(wpa_s->wps->oob_conf.dev_password); | |
116654ce JM |
1194 | os_free(wpa_s->wps->network_key); |
1195 | os_free(wpa_s->wps); | |
1196 | wpa_s->wps = NULL; | |
1197 | } | |
351f09a2 JM |
1198 | |
1199 | ||
a6099152 JM |
1200 | int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s, |
1201 | struct wpa_ssid *ssid, struct wpa_scan_res *bss) | |
351f09a2 JM |
1202 | { |
1203 | struct wpabuf *wps_ie; | |
1204 | ||
1205 | if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) | |
1206 | return -1; | |
1207 | ||
1208 | wps_ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); | |
1209 | if (eap_is_wps_pbc_enrollee(&ssid->eap)) { | |
1210 | if (!wps_ie) { | |
1211 | wpa_printf(MSG_DEBUG, " skip - non-WPS AP"); | |
1212 | return 0; | |
1213 | } | |
1214 | ||
1215 | if (!wps_is_selected_pbc_registrar(wps_ie)) { | |
1216 | wpa_printf(MSG_DEBUG, " skip - WPS AP " | |
1217 | "without active PBC Registrar"); | |
1218 | wpabuf_free(wps_ie); | |
1219 | return 0; | |
1220 | } | |
1221 | ||
1222 | /* TODO: overlap detection */ | |
1223 | wpa_printf(MSG_DEBUG, " selected based on WPS IE " | |
1224 | "(Active PBC)"); | |
1225 | wpabuf_free(wps_ie); | |
1226 | return 1; | |
1227 | } | |
1228 | ||
1229 | if (eap_is_wps_pin_enrollee(&ssid->eap)) { | |
1230 | if (!wps_ie) { | |
1231 | wpa_printf(MSG_DEBUG, " skip - non-WPS AP"); | |
1232 | return 0; | |
1233 | } | |
1234 | ||
a6099152 | 1235 | /* |
31fcea93 JM |
1236 | * Start with WPS APs that advertise our address as an |
1237 | * authorized MAC (v2.0) or active PIN Registrar (v1.0) and | |
1238 | * allow any WPS AP after couple of scans since some APs do not | |
1239 | * set Selected Registrar attribute properly when using | |
1240 | * external Registrar. | |
a6099152 | 1241 | */ |
31fcea93 | 1242 | if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) { |
a6099152 JM |
1243 | if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG) { |
1244 | wpa_printf(MSG_DEBUG, " skip - WPS AP " | |
1245 | "without active PIN Registrar"); | |
1246 | wpabuf_free(wps_ie); | |
1247 | return 0; | |
1248 | } | |
1249 | wpa_printf(MSG_DEBUG, " selected based on WPS IE"); | |
1250 | } else { | |
1251 | wpa_printf(MSG_DEBUG, " selected based on WPS IE " | |
31fcea93 | 1252 | "(Authorized MAC or Active PIN)"); |
351f09a2 | 1253 | } |
351f09a2 JM |
1254 | wpabuf_free(wps_ie); |
1255 | return 1; | |
1256 | } | |
1257 | ||
1258 | if (wps_ie) { | |
1259 | wpa_printf(MSG_DEBUG, " selected based on WPS IE"); | |
1260 | wpabuf_free(wps_ie); | |
1261 | return 1; | |
1262 | } | |
1263 | ||
1264 | return -1; | |
1265 | } | |
1266 | ||
1267 | ||
a6099152 JM |
1268 | int wpas_wps_ssid_wildcard_ok(struct wpa_supplicant *wpa_s, |
1269 | struct wpa_ssid *ssid, | |
351f09a2 JM |
1270 | struct wpa_scan_res *bss) |
1271 | { | |
1272 | struct wpabuf *wps_ie = NULL; | |
1273 | int ret = 0; | |
1274 | ||
1275 | if (eap_is_wps_pbc_enrollee(&ssid->eap)) { | |
1276 | wps_ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); | |
1277 | if (wps_ie && wps_is_selected_pbc_registrar(wps_ie)) { | |
1278 | /* allow wildcard SSID for WPS PBC */ | |
1279 | ret = 1; | |
1280 | } | |
1281 | } else if (eap_is_wps_pin_enrollee(&ssid->eap)) { | |
1282 | wps_ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); | |
a6099152 | 1283 | if (wps_ie && |
31fcea93 | 1284 | (wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1) || |
a6099152 | 1285 | wpa_s->scan_runs >= WPS_PIN_SCAN_IGNORE_SEL_REG)) { |
351f09a2 JM |
1286 | /* allow wildcard SSID for WPS PIN */ |
1287 | ret = 1; | |
1288 | } | |
1289 | } | |
1290 | ||
24c23d1b JM |
1291 | if (!ret && ssid->bssid_set && |
1292 | os_memcmp(ssid->bssid, bss->bssid, ETH_ALEN) == 0) { | |
1293 | /* allow wildcard SSID due to hardcoded BSSID match */ | |
1294 | ret = 1; | |
1295 | } | |
1296 | ||
54f489be JM |
1297 | #ifdef CONFIG_WPS_STRICT |
1298 | if (wps_ie) { | |
1299 | if (wps_validate_beacon_probe_resp(wps_ie, bss->beacon_ie_len > | |
ff28ccaf | 1300 | 0, bss->bssid) < 0) |
54f489be JM |
1301 | ret = 0; |
1302 | if (bss->beacon_ie_len) { | |
1303 | struct wpabuf *bcn_wps; | |
1304 | bcn_wps = wpa_scan_get_vendor_ie_multi_beacon( | |
1305 | bss, WPS_IE_VENDOR_TYPE); | |
1306 | if (bcn_wps == NULL) { | |
1307 | wpa_printf(MSG_DEBUG, "WPS: Mandatory WPS IE " | |
1308 | "missing from AP Beacon"); | |
1309 | ret = 0; | |
1310 | } else { | |
1311 | if (wps_validate_beacon(wps_ie) < 0) | |
1312 | ret = 0; | |
1313 | wpabuf_free(bcn_wps); | |
1314 | } | |
1315 | } | |
1316 | } | |
1317 | #endif /* CONFIG_WPS_STRICT */ | |
1318 | ||
351f09a2 JM |
1319 | wpabuf_free(wps_ie); |
1320 | ||
1321 | return ret; | |
1322 | } | |
1323 | ||
1324 | ||
1325 | int wpas_wps_scan_pbc_overlap(struct wpa_supplicant *wpa_s, | |
6fa81a3b | 1326 | struct wpa_bss *selected, struct wpa_ssid *ssid) |
351f09a2 JM |
1327 | { |
1328 | const u8 *sel_uuid, *uuid; | |
351f09a2 JM |
1329 | struct wpabuf *wps_ie; |
1330 | int ret = 0; | |
6fa81a3b | 1331 | struct wpa_bss *bss; |
351f09a2 JM |
1332 | |
1333 | if (!eap_is_wps_pbc_enrollee(&ssid->eap)) | |
1334 | return 0; | |
1335 | ||
9647120b JM |
1336 | wpa_printf(MSG_DEBUG, "WPS: Check whether PBC session overlap is " |
1337 | "present in scan results; selected BSSID " MACSTR, | |
1338 | MAC2STR(selected->bssid)); | |
1339 | ||
351f09a2 | 1340 | /* Make sure that only one AP is in active PBC mode */ |
6fa81a3b | 1341 | wps_ie = wpa_bss_get_vendor_ie_multi(selected, WPS_IE_VENDOR_TYPE); |
9647120b | 1342 | if (wps_ie) { |
351f09a2 | 1343 | sel_uuid = wps_get_uuid_e(wps_ie); |
9647120b JM |
1344 | wpa_hexdump(MSG_DEBUG, "WPS: UUID of the selected BSS", |
1345 | sel_uuid, UUID_LEN); | |
1346 | } else { | |
1347 | wpa_printf(MSG_DEBUG, "WPS: Selected BSS does not include " | |
1348 | "WPS IE?!"); | |
351f09a2 | 1349 | sel_uuid = NULL; |
9647120b | 1350 | } |
351f09a2 | 1351 | |
6fa81a3b | 1352 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { |
351f09a2 JM |
1353 | struct wpabuf *ie; |
1354 | if (bss == selected) | |
1355 | continue; | |
6fa81a3b | 1356 | ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); |
351f09a2 JM |
1357 | if (!ie) |
1358 | continue; | |
1359 | if (!wps_is_selected_pbc_registrar(ie)) { | |
1360 | wpabuf_free(ie); | |
1361 | continue; | |
1362 | } | |
9647120b JM |
1363 | wpa_printf(MSG_DEBUG, "WPS: Another BSS in active PBC mode: " |
1364 | MACSTR, MAC2STR(bss->bssid)); | |
351f09a2 | 1365 | uuid = wps_get_uuid_e(ie); |
9647120b JM |
1366 | wpa_hexdump(MSG_DEBUG, "WPS: UUID of the other BSS", |
1367 | uuid, UUID_LEN); | |
44cd430f | 1368 | if (sel_uuid == NULL || uuid == NULL || |
9647120b | 1369 | os_memcmp(sel_uuid, uuid, UUID_LEN) != 0) { |
351f09a2 | 1370 | ret = 1; /* PBC overlap */ |
9647120b JM |
1371 | wpa_msg(wpa_s, MSG_INFO, "WPS: PBC overlap detected: " |
1372 | MACSTR " and " MACSTR, | |
1373 | MAC2STR(selected->bssid), | |
1374 | MAC2STR(bss->bssid)); | |
351f09a2 JM |
1375 | wpabuf_free(ie); |
1376 | break; | |
1377 | } | |
1378 | ||
1379 | /* TODO: verify that this is reasonable dual-band situation */ | |
484957ae JM |
1380 | |
1381 | wpabuf_free(ie); | |
351f09a2 JM |
1382 | } |
1383 | ||
1384 | wpabuf_free(wps_ie); | |
1385 | ||
1386 | return ret; | |
1387 | } | |
a524f05e JM |
1388 | |
1389 | ||
1390 | void wpas_wps_notify_scan_results(struct wpa_supplicant *wpa_s) | |
1391 | { | |
6fa81a3b | 1392 | struct wpa_bss *bss; |
6c6ad81f | 1393 | unsigned int pbc = 0, auth = 0, pin = 0, wps = 0; |
a524f05e JM |
1394 | |
1395 | if (wpa_s->disconnected || wpa_s->wpa_state >= WPA_ASSOCIATED) | |
1396 | return; | |
1397 | ||
6fa81a3b | 1398 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { |
a524f05e | 1399 | struct wpabuf *ie; |
6fa81a3b | 1400 | ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); |
a524f05e JM |
1401 | if (!ie) |
1402 | continue; | |
1403 | if (wps_is_selected_pbc_registrar(ie)) | |
6c6ad81f | 1404 | pbc++; |
31fcea93 | 1405 | else if (wps_is_addr_authorized(ie, wpa_s->own_addr, 0)) |
6c6ad81f | 1406 | auth++; |
a524f05e | 1407 | else if (wps_is_selected_pin_registrar(ie)) |
6c6ad81f | 1408 | pin++; |
a524f05e | 1409 | else |
6c6ad81f | 1410 | wps++; |
a524f05e | 1411 | wpabuf_free(ie); |
a524f05e | 1412 | } |
6c6ad81f JM |
1413 | |
1414 | if (pbc) | |
1415 | wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PBC); | |
1416 | else if (auth) | |
1417 | wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_AUTH); | |
1418 | else if (pin) | |
1419 | wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PIN); | |
1420 | else if (wps) | |
1421 | wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE); | |
a524f05e | 1422 | } |
24c23d1b JM |
1423 | |
1424 | ||
1425 | int wpas_wps_searching(struct wpa_supplicant *wpa_s) | |
1426 | { | |
1427 | struct wpa_ssid *ssid; | |
1428 | ||
1429 | for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { | |
1430 | if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && !ssid->disabled) | |
1431 | return 1; | |
1432 | } | |
1433 | ||
1434 | return 0; | |
1435 | } | |
611ed491 JM |
1436 | |
1437 | ||
1438 | int wpas_wps_scan_result_text(const u8 *ies, size_t ies_len, char *buf, | |
1439 | char *end) | |
1440 | { | |
1441 | struct wpabuf *wps_ie; | |
1442 | int ret; | |
1443 | ||
1444 | wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, WPS_DEV_OUI_WFA); | |
1445 | if (wps_ie == NULL) | |
1446 | return 0; | |
1447 | ||
1448 | ret = wps_attr_text(wps_ie, buf, end); | |
1449 | wpabuf_free(wps_ie); | |
1450 | return ret; | |
1451 | } | |
e9bcfebf JM |
1452 | |
1453 | ||
08486685 | 1454 | int wpas_wps_er_start(struct wpa_supplicant *wpa_s, const char *filter) |
e9bcfebf JM |
1455 | { |
1456 | #ifdef CONFIG_WPS_ER | |
1457 | if (wpa_s->wps_er) { | |
b3f371ca | 1458 | wps_er_refresh(wpa_s->wps_er); |
e9bcfebf JM |
1459 | return 0; |
1460 | } | |
08486685 | 1461 | wpa_s->wps_er = wps_er_init(wpa_s->wps, wpa_s->ifname, filter); |
e9bcfebf JM |
1462 | if (wpa_s->wps_er == NULL) |
1463 | return -1; | |
1464 | return 0; | |
1465 | #else /* CONFIG_WPS_ER */ | |
1466 | return 0; | |
1467 | #endif /* CONFIG_WPS_ER */ | |
1468 | } | |
1469 | ||
1470 | ||
1471 | int wpas_wps_er_stop(struct wpa_supplicant *wpa_s) | |
1472 | { | |
1473 | #ifdef CONFIG_WPS_ER | |
1a1bf008 | 1474 | wps_er_deinit(wpa_s->wps_er, NULL, NULL); |
e9bcfebf JM |
1475 | wpa_s->wps_er = NULL; |
1476 | #endif /* CONFIG_WPS_ER */ | |
1477 | return 0; | |
1478 | } | |
72df2f5f JM |
1479 | |
1480 | ||
1481 | #ifdef CONFIG_WPS_ER | |
31fcea93 JM |
1482 | int wpas_wps_er_add_pin(struct wpa_supplicant *wpa_s, const u8 *addr, |
1483 | const char *uuid, const char *pin) | |
72df2f5f JM |
1484 | { |
1485 | u8 u[UUID_LEN]; | |
1486 | int any = 0; | |
1487 | ||
1488 | if (os_strcmp(uuid, "any") == 0) | |
1489 | any = 1; | |
1490 | else if (uuid_str2bin(uuid, u)) | |
1491 | return -1; | |
31fcea93 JM |
1492 | return wps_registrar_add_pin(wpa_s->wps->registrar, addr, |
1493 | any ? NULL : u, | |
72df2f5f JM |
1494 | (const u8 *) pin, os_strlen(pin), 300); |
1495 | } | |
564cd7fa JM |
1496 | |
1497 | ||
1498 | int wpas_wps_er_pbc(struct wpa_supplicant *wpa_s, const char *uuid) | |
1499 | { | |
1500 | u8 u[UUID_LEN]; | |
1501 | ||
1502 | if (uuid_str2bin(uuid, u)) | |
1503 | return -1; | |
1504 | return wps_er_pbc(wpa_s->wps_er, u); | |
1505 | } | |
e64dcfd5 JM |
1506 | |
1507 | ||
1508 | int wpas_wps_er_learn(struct wpa_supplicant *wpa_s, const char *uuid, | |
1509 | const char *pin) | |
1510 | { | |
1511 | u8 u[UUID_LEN]; | |
1512 | ||
1513 | if (uuid_str2bin(uuid, u)) | |
1514 | return -1; | |
1515 | return wps_er_learn(wpa_s->wps_er, u, (const u8 *) pin, | |
1516 | os_strlen(pin)); | |
1517 | } | |
1a1bf008 JM |
1518 | |
1519 | ||
ef10f473 JM |
1520 | int wpas_wps_er_set_config(struct wpa_supplicant *wpa_s, const char *uuid, |
1521 | int id) | |
1522 | { | |
1523 | u8 u[UUID_LEN]; | |
1524 | struct wpa_ssid *ssid; | |
1525 | struct wps_credential cred; | |
1526 | ||
1527 | if (uuid_str2bin(uuid, u)) | |
1528 | return -1; | |
1529 | ssid = wpa_config_get_network(wpa_s->conf, id); | |
1530 | if (ssid == NULL || ssid->ssid == NULL) | |
1531 | return -1; | |
1532 | ||
1533 | os_memset(&cred, 0, sizeof(cred)); | |
1534 | if (ssid->ssid_len > 32) | |
1535 | return -1; | |
1536 | os_memcpy(cred.ssid, ssid->ssid, ssid->ssid_len); | |
1537 | cred.ssid_len = ssid->ssid_len; | |
1538 | if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) { | |
1539 | cred.auth_type = (ssid->proto & WPA_PROTO_RSN) ? | |
1540 | WPS_AUTH_WPA2PSK : WPS_AUTH_WPAPSK; | |
1541 | if (ssid->pairwise_cipher & WPA_CIPHER_CCMP) | |
1542 | cred.encr_type = WPS_ENCR_AES; | |
1543 | else | |
1544 | cred.encr_type = WPS_ENCR_TKIP; | |
1545 | if (ssid->passphrase) { | |
1546 | cred.key_len = os_strlen(ssid->passphrase); | |
1547 | if (cred.key_len >= 64) | |
1548 | return -1; | |
1549 | os_memcpy(cred.key, ssid->passphrase, cred.key_len); | |
1550 | } else if (ssid->psk_set) { | |
1551 | cred.key_len = 32; | |
1552 | os_memcpy(cred.key, ssid->psk, 32); | |
1553 | } else | |
1554 | return -1; | |
1555 | } else { | |
1556 | cred.auth_type = WPS_AUTH_OPEN; | |
1557 | cred.encr_type = WPS_ENCR_NONE; | |
1558 | } | |
1559 | return wps_er_set_config(wpa_s->wps_er, u, &cred); | |
1560 | } | |
1561 | ||
1562 | ||
7d6640a6 JM |
1563 | int wpas_wps_er_config(struct wpa_supplicant *wpa_s, const char *uuid, |
1564 | const char *pin, struct wps_new_ap_settings *settings) | |
1565 | { | |
1566 | u8 u[UUID_LEN]; | |
1567 | struct wps_credential cred; | |
1568 | size_t len; | |
1569 | ||
1570 | if (uuid_str2bin(uuid, u)) | |
1571 | return -1; | |
1572 | if (settings->ssid_hex == NULL || settings->auth == NULL || | |
1573 | settings->encr == NULL || settings->key_hex == NULL) | |
1574 | return -1; | |
1575 | ||
1576 | os_memset(&cred, 0, sizeof(cred)); | |
1577 | len = os_strlen(settings->ssid_hex); | |
1578 | if ((len & 1) || len > 2 * sizeof(cred.ssid) || | |
1579 | hexstr2bin(settings->ssid_hex, cred.ssid, len / 2)) | |
1580 | return -1; | |
1581 | cred.ssid_len = len / 2; | |
1582 | ||
1583 | len = os_strlen(settings->key_hex); | |
1584 | if ((len & 1) || len > 2 * sizeof(cred.key) || | |
1585 | hexstr2bin(settings->key_hex, cred.key, len / 2)) | |
1586 | return -1; | |
1587 | cred.key_len = len / 2; | |
1588 | ||
1589 | if (os_strcmp(settings->auth, "OPEN") == 0) | |
1590 | cred.auth_type = WPS_AUTH_OPEN; | |
1591 | else if (os_strcmp(settings->auth, "WPAPSK") == 0) | |
1592 | cred.auth_type = WPS_AUTH_WPAPSK; | |
1593 | else if (os_strcmp(settings->auth, "WPA2PSK") == 0) | |
1594 | cred.auth_type = WPS_AUTH_WPA2PSK; | |
1595 | else | |
1596 | return -1; | |
1597 | ||
1598 | if (os_strcmp(settings->encr, "NONE") == 0) | |
1599 | cred.encr_type = WPS_ENCR_NONE; | |
1600 | else if (os_strcmp(settings->encr, "WEP") == 0) | |
1601 | cred.encr_type = WPS_ENCR_WEP; | |
1602 | else if (os_strcmp(settings->encr, "TKIP") == 0) | |
1603 | cred.encr_type = WPS_ENCR_TKIP; | |
1604 | else if (os_strcmp(settings->encr, "CCMP") == 0) | |
1605 | cred.encr_type = WPS_ENCR_AES; | |
1606 | else | |
1607 | return -1; | |
1608 | ||
1609 | return wps_er_config(wpa_s->wps_er, u, (const u8 *) pin, | |
1610 | os_strlen(pin), &cred); | |
1611 | } | |
1612 | ||
1613 | ||
4c9695be BG |
1614 | static int callbacks_pending = 0; |
1615 | ||
1a1bf008 JM |
1616 | static void wpas_wps_terminate_cb(void *ctx) |
1617 | { | |
1618 | wpa_printf(MSG_DEBUG, "WPS ER: Terminated"); | |
4c9695be BG |
1619 | if (--callbacks_pending <= 0) |
1620 | eloop_terminate(); | |
1a1bf008 JM |
1621 | } |
1622 | #endif /* CONFIG_WPS_ER */ | |
1623 | ||
1624 | ||
1625 | int wpas_wps_terminate_pending(struct wpa_supplicant *wpa_s) | |
1626 | { | |
1627 | #ifdef CONFIG_WPS_ER | |
1628 | if (wpa_s->wps_er) { | |
4c9695be | 1629 | callbacks_pending++; |
1a1bf008 JM |
1630 | wps_er_deinit(wpa_s->wps_er, wpas_wps_terminate_cb, wpa_s); |
1631 | wpa_s->wps_er = NULL; | |
1632 | return 1; | |
1633 | } | |
72df2f5f | 1634 | #endif /* CONFIG_WPS_ER */ |
1a1bf008 JM |
1635 | return 0; |
1636 | } | |
41e650ae JM |
1637 | |
1638 | ||
1639 | int wpas_wps_in_progress(struct wpa_supplicant *wpa_s) | |
1640 | { | |
1641 | struct wpa_ssid *ssid; | |
1642 | ||
1643 | for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { | |
1644 | if (!ssid->disabled && ssid->key_mgmt == WPA_KEY_MGMT_WPS) | |
1645 | return 1; | |
1646 | } | |
1647 | ||
1648 | return 0; | |
1649 | } | |
611aea7d JM |
1650 | |
1651 | ||
1652 | void wpas_wps_update_config(struct wpa_supplicant *wpa_s) | |
1653 | { | |
1654 | struct wps_context *wps = wpa_s->wps; | |
1655 | ||
1656 | if (wps == NULL) | |
1657 | return; | |
1658 | ||
1659 | if (wpa_s->conf->changed_parameters & CFG_CHANGED_CONFIG_METHODS) { | |
1660 | wps->config_methods = wps_config_methods_str2bin( | |
1661 | wpa_s->conf->config_methods); | |
1662 | if ((wps->config_methods & | |
1663 | (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) == | |
1664 | (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) { | |
1665 | wpa_printf(MSG_ERROR, "WPS: Both Label and Display " | |
1666 | "config methods are not allowed at the " | |
1667 | "same time"); | |
1668 | wps->config_methods &= ~WPS_CONFIG_LABEL; | |
1669 | } | |
1670 | } | |
092acb54 | 1671 | wps->config_methods = wps_fix_config_methods(wps->config_methods); |
611aea7d | 1672 | |
2f646b6e JB |
1673 | if (wpa_s->conf->changed_parameters & CFG_CHANGED_DEVICE_TYPE) |
1674 | os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type, | |
1675 | WPS_DEV_TYPE_LEN); | |
611aea7d | 1676 | |
a9e86bfb | 1677 | if (wpa_s->conf->changed_parameters & CFG_CHANGED_SEC_DEVICE_TYPE) { |
2f646b6e JB |
1678 | wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types; |
1679 | os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type, | |
1680 | wps->dev.num_sec_dev_types * WPS_DEV_TYPE_LEN); | |
a9e86bfb JMB |
1681 | } |
1682 | ||
611aea7d JM |
1683 | if (wpa_s->conf->changed_parameters & CFG_CHANGED_OS_VERSION) |
1684 | wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version); | |
1685 | ||
85a821d6 JM |
1686 | if (wpa_s->conf->changed_parameters & CFG_CHANGED_UUID) |
1687 | wpas_wps_set_uuid(wpa_s, wps); | |
dcf788d1 | 1688 | |
1c9cb49f JM |
1689 | if (wpa_s->conf->changed_parameters & |
1690 | (CFG_CHANGED_DEVICE_NAME | CFG_CHANGED_WPS_STRING)) { | |
dcf788d1 JM |
1691 | /* Update pointers to make sure they refer current values */ |
1692 | wps->dev.device_name = wpa_s->conf->device_name; | |
1693 | wps->dev.manufacturer = wpa_s->conf->manufacturer; | |
1694 | wps->dev.model_name = wpa_s->conf->model_name; | |
1695 | wps->dev.model_number = wpa_s->conf->model_number; | |
1696 | wps->dev.serial_number = wpa_s->conf->serial_number; | |
1697 | } | |
611aea7d | 1698 | } |