2 * hostapd / WPS integration
3 * Copyright (c) 2008-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "utils/uuid.h"
14 #include "common/wpa_ctrl.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_11_common.h"
17 #include "eapol_auth/eapol_auth_sm.h"
18 #include "eapol_auth/eapol_auth_sm_i.h"
20 #include "wps/wps_defs.h"
21 #include "wps/wps_dev_attr.h"
22 #include "wps/wps_attr_parse.h"
24 #include "ap_config.h"
25 #include "ap_drv_ops.h"
28 #include "wps_hostapd.h"
31 #ifdef CONFIG_WPS_UPNP
32 #include "wps/wps_upnp.h"
33 static int hostapd_wps_upnp_init(struct hostapd_data
*hapd
,
34 struct wps_context
*wps
);
35 static void hostapd_wps_upnp_deinit(struct hostapd_data
*hapd
);
36 #endif /* CONFIG_WPS_UPNP */
38 static int hostapd_wps_probe_req_rx(void *ctx
, const u8
*addr
, const u8
*da
,
40 const u8
*ie
, size_t ie_len
,
42 static void hostapd_wps_ap_pin_timeout(void *eloop_data
, void *user_ctx
);
43 static void hostapd_wps_nfc_clear(struct wps_context
*wps
);
46 struct wps_for_each_data
{
47 int (*func
)(struct hostapd_data
*h
, void *ctx
);
49 struct hostapd_data
*calling_hapd
;
53 static int wps_for_each(struct hostapd_iface
*iface
, void *ctx
)
55 struct wps_for_each_data
*data
= ctx
;
60 for (j
= 0; j
< iface
->num_bss
; j
++) {
61 struct hostapd_data
*hapd
= iface
->bss
[j
];
64 if (hapd
!= data
->calling_hapd
&&
65 (hapd
->conf
->wps_independent
||
66 data
->calling_hapd
->conf
->wps_independent
))
69 ret
= data
->func(hapd
, data
->ctx
);
78 static int hostapd_wps_for_each(struct hostapd_data
*hapd
,
79 int (*func
)(struct hostapd_data
*h
, void *ctx
),
82 struct hostapd_iface
*iface
= hapd
->iface
;
83 struct wps_for_each_data data
;
86 data
.calling_hapd
= hapd
;
87 if (iface
->interfaces
== NULL
||
88 iface
->interfaces
->for_each_interface
== NULL
)
89 return wps_for_each(iface
, &data
);
90 return iface
->interfaces
->for_each_interface(iface
->interfaces
,
95 static int hostapd_wps_new_psk_cb(void *ctx
, const u8
*mac_addr
,
96 const u8
*p2p_dev_addr
, const u8
*psk
,
99 struct hostapd_data
*hapd
= ctx
;
100 struct hostapd_wpa_psk
*p
;
101 struct hostapd_ssid
*ssid
= &hapd
->conf
->ssid
;
103 if (is_zero_ether_addr(p2p_dev_addr
)) {
104 wpa_printf(MSG_DEBUG
,
105 "Received new WPA/WPA2-PSK from WPS for STA " MACSTR
,
108 wpa_printf(MSG_DEBUG
,
109 "Received new WPA/WPA2-PSK from WPS for STA " MACSTR
110 " P2P Device Addr " MACSTR
,
111 MAC2STR(mac_addr
), MAC2STR(p2p_dev_addr
));
113 wpa_hexdump_key(MSG_DEBUG
, "Per-device PSK", psk
, psk_len
);
115 if (psk_len
!= PMK_LEN
) {
116 wpa_printf(MSG_DEBUG
, "Unexpected PSK length %lu",
117 (unsigned long) psk_len
);
121 /* Add the new PSK to runtime PSK list */
122 p
= os_zalloc(sizeof(*p
));
125 os_memcpy(p
->addr
, mac_addr
, ETH_ALEN
);
126 os_memcpy(p
->p2p_dev_addr
, p2p_dev_addr
, ETH_ALEN
);
127 os_memcpy(p
->psk
, psk
, PMK_LEN
);
129 if (hapd
->new_psk_cb
) {
130 hapd
->new_psk_cb(hapd
->new_psk_cb_ctx
, mac_addr
, p2p_dev_addr
,
134 p
->next
= ssid
->wpa_psk
;
137 if (ssid
->wpa_psk_file
) {
139 char hex
[PMK_LEN
* 2 + 1];
140 /* Add the new PSK to PSK list file */
141 f
= fopen(ssid
->wpa_psk_file
, "a");
143 wpa_printf(MSG_DEBUG
, "Failed to add the PSK to "
144 "'%s'", ssid
->wpa_psk_file
);
148 wpa_snprintf_hex(hex
, sizeof(hex
), psk
, psk_len
);
149 fprintf(f
, MACSTR
" %s\n", MAC2STR(mac_addr
), hex
);
157 static int hostapd_wps_set_ie_cb(void *ctx
, struct wpabuf
*beacon_ie
,
158 struct wpabuf
*probe_resp_ie
)
160 struct hostapd_data
*hapd
= ctx
;
161 wpabuf_free(hapd
->wps_beacon_ie
);
162 hapd
->wps_beacon_ie
= beacon_ie
;
163 wpabuf_free(hapd
->wps_probe_resp_ie
);
164 hapd
->wps_probe_resp_ie
= probe_resp_ie
;
165 if (hapd
->beacon_set_done
)
166 ieee802_11_set_beacon(hapd
);
167 return hostapd_set_ap_wps_ie(hapd
);
171 static void hostapd_wps_pin_needed_cb(void *ctx
, const u8
*uuid_e
,
172 const struct wps_device_data
*dev
)
174 struct hostapd_data
*hapd
= ctx
;
175 char uuid
[40], txt
[400];
177 char devtype
[WPS_DEV_TYPE_BUFSIZE
];
178 if (uuid_bin2str(uuid_e
, uuid
, sizeof(uuid
)))
180 wpa_printf(MSG_DEBUG
, "WPS: PIN needed for E-UUID %s", uuid
);
181 len
= os_snprintf(txt
, sizeof(txt
), WPS_EVENT_PIN_NEEDED
182 "%s " MACSTR
" [%s|%s|%s|%s|%s|%s]",
183 uuid
, MAC2STR(dev
->mac_addr
), dev
->device_name
,
184 dev
->manufacturer
, dev
->model_name
,
185 dev
->model_number
, dev
->serial_number
,
186 wps_dev_type_bin2str(dev
->pri_dev_type
, devtype
,
188 if (len
> 0 && len
< (int) sizeof(txt
))
189 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, "%s", txt
);
191 if (hapd
->conf
->wps_pin_requests
) {
194 f
= fopen(hapd
->conf
->wps_pin_requests
, "a");
198 fprintf(f
, "%ld\t%s\t" MACSTR
"\t%s\t%s\t%s\t%s\t%s"
200 t
.sec
, uuid
, MAC2STR(dev
->mac_addr
), dev
->device_name
,
201 dev
->manufacturer
, dev
->model_name
, dev
->model_number
,
203 wps_dev_type_bin2str(dev
->pri_dev_type
, devtype
,
210 struct wps_stop_reg_data
{
211 struct hostapd_data
*current_hapd
;
217 static int wps_stop_registrar(struct hostapd_data
*hapd
, void *ctx
)
219 struct wps_stop_reg_data
*data
= ctx
;
220 if (hapd
!= data
->current_hapd
&& hapd
->wps
!= NULL
)
221 wps_registrar_complete(hapd
->wps
->registrar
, data
->uuid_e
,
222 data
->dev_pw
, data
->dev_pw_len
);
227 static void hostapd_wps_reg_success_cb(void *ctx
, const u8
*mac_addr
,
228 const u8
*uuid_e
, const u8
*dev_pw
,
231 struct hostapd_data
*hapd
= ctx
;
233 struct wps_stop_reg_data data
;
234 if (uuid_bin2str(uuid_e
, uuid
, sizeof(uuid
)))
236 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_REG_SUCCESS MACSTR
" %s",
237 MAC2STR(mac_addr
), uuid
);
238 if (hapd
->wps_reg_success_cb
)
239 hapd
->wps_reg_success_cb(hapd
->wps_reg_success_cb_ctx
,
241 data
.current_hapd
= hapd
;
242 data
.uuid_e
= uuid_e
;
243 data
.dev_pw
= dev_pw
;
244 data
.dev_pw_len
= dev_pw_len
;
245 hostapd_wps_for_each(hapd
, wps_stop_registrar
, &data
);
249 static void hostapd_wps_enrollee_seen_cb(void *ctx
, const u8
*addr
,
251 const u8
*pri_dev_type
,
253 u16 dev_password_id
, u8 request_type
,
254 const char *dev_name
)
256 struct hostapd_data
*hapd
= ctx
;
258 char devtype
[WPS_DEV_TYPE_BUFSIZE
];
259 if (uuid_bin2str(uuid_e
, uuid
, sizeof(uuid
)))
261 if (dev_name
== NULL
)
263 wpa_msg_ctrl(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_ENROLLEE_SEEN MACSTR
264 " %s %s 0x%x %u %u [%s]",
266 wps_dev_type_bin2str(pri_dev_type
, devtype
,
268 config_methods
, dev_password_id
, request_type
, dev_name
);
272 static int str_starts(const char *str
, const char *start
)
274 return os_strncmp(str
, start
, os_strlen(start
)) == 0;
278 static void wps_reload_config(void *eloop_data
, void *user_ctx
)
280 struct hostapd_iface
*iface
= eloop_data
;
282 wpa_printf(MSG_DEBUG
, "WPS: Reload configuration data");
283 if (iface
->interfaces
== NULL
||
284 iface
->interfaces
->reload_config(iface
) < 0) {
285 wpa_printf(MSG_WARNING
, "WPS: Failed to reload the updated "
291 void hostapd_wps_eap_completed(struct hostapd_data
*hapd
)
294 * Reduce race condition of the station trying to reconnect immediately
295 * after AP reconfiguration through WPS by rescheduling the reload
296 * timeout to happen after EAP completion rather than the originally
297 * scheduled 100 ms after new configuration became known.
299 if (eloop_deplete_timeout(0, 0, wps_reload_config
, hapd
->iface
, NULL
) ==
301 wpa_printf(MSG_DEBUG
, "WPS: Reschedule immediate configuration reload");
305 static void hapd_new_ap_event(struct hostapd_data
*hapd
, const u8
*attr
,
308 size_t blen
= attr_len
* 2 + 1;
309 char *buf
= os_malloc(blen
);
311 wpa_snprintf_hex(buf
, blen
, attr
, attr_len
);
312 wpa_msg(hapd
->msg_ctx
, MSG_INFO
,
313 WPS_EVENT_NEW_AP_SETTINGS
"%s", buf
);
319 static int hapd_wps_reconfig_in_memory(struct hostapd_data
*hapd
,
320 const struct wps_credential
*cred
)
322 struct hostapd_bss_config
*bss
= hapd
->conf
;
324 wpa_printf(MSG_DEBUG
, "WPS: Updating in-memory configuration");
327 if (cred
->ssid_len
<= HOSTAPD_MAX_SSID_LEN
) {
328 os_memcpy(bss
->ssid
.ssid
, cred
->ssid
, cred
->ssid_len
);
329 bss
->ssid
.ssid_len
= cred
->ssid_len
;
330 bss
->ssid
.ssid_set
= 1;
333 if ((cred
->auth_type
& (WPS_AUTH_WPA2
| WPS_AUTH_WPA2PSK
)) &&
334 (cred
->auth_type
& (WPS_AUTH_WPA
| WPS_AUTH_WPAPSK
)))
336 else if (cred
->auth_type
& (WPS_AUTH_WPA2
| WPS_AUTH_WPA2PSK
))
338 else if (cred
->auth_type
& (WPS_AUTH_WPA
| WPS_AUTH_WPAPSK
))
344 if (cred
->auth_type
& (WPS_AUTH_WPA2
| WPS_AUTH_WPA
))
345 bss
->wpa_key_mgmt
= WPA_KEY_MGMT_IEEE8021X
;
346 if (cred
->auth_type
& (WPS_AUTH_WPA2PSK
| WPS_AUTH_WPAPSK
))
347 bss
->wpa_key_mgmt
= WPA_KEY_MGMT_PSK
;
349 bss
->wpa_pairwise
= 0;
350 if (cred
->encr_type
& WPS_ENCR_AES
)
351 bss
->wpa_pairwise
|= WPA_CIPHER_CCMP
;
352 if (cred
->encr_type
& WPS_ENCR_TKIP
)
353 bss
->wpa_pairwise
|= WPA_CIPHER_TKIP
;
354 bss
->rsn_pairwise
= bss
->wpa_pairwise
;
355 bss
->wpa_group
= wpa_select_ap_group_cipher(bss
->wpa
,
359 if (cred
->key_len
>= 8 && cred
->key_len
< 64) {
360 os_free(bss
->ssid
.wpa_passphrase
);
361 bss
->ssid
.wpa_passphrase
= os_zalloc(cred
->key_len
+ 1);
362 if (bss
->ssid
.wpa_passphrase
)
363 os_memcpy(bss
->ssid
.wpa_passphrase
, cred
->key
,
365 os_free(bss
->ssid
.wpa_psk
);
366 bss
->ssid
.wpa_psk
= NULL
;
367 } else if (cred
->key_len
== 64) {
368 os_free(bss
->ssid
.wpa_psk
);
370 os_zalloc(sizeof(struct hostapd_wpa_psk
));
371 if (bss
->ssid
.wpa_psk
&&
372 hexstr2bin((const char *) cred
->key
,
373 bss
->ssid
.wpa_psk
->psk
, PMK_LEN
) == 0) {
374 bss
->ssid
.wpa_psk
->group
= 1;
375 os_free(bss
->ssid
.wpa_passphrase
);
376 bss
->ssid
.wpa_passphrase
= NULL
;
383 * WPS 2.0 does not allow WEP to be configured, so no need to
384 * process that option here either.
387 #else /* CONFIG_WPS2 */
388 if ((cred
->auth_type
& WPS_AUTH_OPEN
) &&
389 (cred
->auth_type
& WPS_AUTH_SHARED
))
391 else if (cred
->auth_type
& WPS_AUTH_SHARED
)
395 if (cred
->encr_type
& WPS_ENCR_WEP
&& cred
->key_idx
> 0 &&
396 cred
->key_idx
<= 4) {
397 struct hostapd_wep_keys
*wep
= &bss
->ssid
.wep
;
398 int idx
= cred
->key_idx
;
402 if (cred
->key_len
== 10 || cred
->key_len
== 26) {
403 os_free(wep
->key
[idx
]);
404 wep
->key
[idx
] = os_malloc(cred
->key_len
/ 2);
405 if (wep
->key
[idx
] == NULL
||
406 hexstr2bin((const char *) cred
->key
,
410 wep
->len
[idx
] = cred
->key_len
/ 2;
412 os_free(wep
->key
[idx
]);
413 wep
->key
[idx
] = os_malloc(cred
->key_len
);
414 if (wep
->key
[idx
] == NULL
)
416 os_memcpy(wep
->key
[idx
], cred
->key
,
418 wep
->len
[idx
] = cred
->key_len
;
422 #endif /* CONFIG_WPS2 */
425 /* Schedule configuration reload after short period of time to allow
426 * EAP-WSC to be finished.
428 eloop_register_timeout(0, 100000, wps_reload_config
, hapd
->iface
,
435 static int hapd_wps_cred_cb(struct hostapd_data
*hapd
, void *ctx
)
437 const struct wps_credential
*cred
= ctx
;
445 if (hapd
->wps
== NULL
)
448 wpa_hexdump_key(MSG_DEBUG
, "WPS: Received Credential attribute",
449 cred
->cred_attr
, cred
->cred_attr_len
);
451 wpa_printf(MSG_DEBUG
, "WPS: Received new AP Settings");
452 wpa_hexdump_ascii(MSG_DEBUG
, "WPS: SSID", cred
->ssid
, cred
->ssid_len
);
453 wpa_printf(MSG_DEBUG
, "WPS: Authentication Type 0x%x",
455 wpa_printf(MSG_DEBUG
, "WPS: Encryption Type 0x%x", cred
->encr_type
);
456 wpa_printf(MSG_DEBUG
, "WPS: Network Key Index %d", cred
->key_idx
);
457 wpa_hexdump_key(MSG_DEBUG
, "WPS: Network Key",
458 cred
->key
, cred
->key_len
);
459 wpa_printf(MSG_DEBUG
, "WPS: MAC Address " MACSTR
,
460 MAC2STR(cred
->mac_addr
));
462 if ((hapd
->conf
->wps_cred_processing
== 1 ||
463 hapd
->conf
->wps_cred_processing
== 2) && cred
->cred_attr
) {
464 hapd_new_ap_event(hapd
, cred
->cred_attr
, cred
->cred_attr_len
);
465 } else if (hapd
->conf
->wps_cred_processing
== 1 ||
466 hapd
->conf
->wps_cred_processing
== 2) {
468 attr
= wpabuf_alloc(200);
469 if (attr
&& wps_build_credential_wrap(attr
, cred
) == 0)
470 hapd_new_ap_event(hapd
, wpabuf_head_u8(attr
),
474 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_NEW_AP_SETTINGS
);
476 if (hapd
->conf
->wps_cred_processing
== 1)
479 os_memcpy(hapd
->wps
->ssid
, cred
->ssid
, cred
->ssid_len
);
480 hapd
->wps
->ssid_len
= cred
->ssid_len
;
481 hapd
->wps
->encr_types
= cred
->encr_type
;
482 hapd
->wps
->auth_types
= cred
->auth_type
;
483 hapd
->wps
->ap_encr_type
= cred
->encr_type
;
484 hapd
->wps
->ap_auth_type
= cred
->auth_type
;
485 if (cred
->key_len
== 0) {
486 os_free(hapd
->wps
->network_key
);
487 hapd
->wps
->network_key
= NULL
;
488 hapd
->wps
->network_key_len
= 0;
490 if (hapd
->wps
->network_key
== NULL
||
491 hapd
->wps
->network_key_len
< cred
->key_len
) {
492 hapd
->wps
->network_key_len
= 0;
493 os_free(hapd
->wps
->network_key
);
494 hapd
->wps
->network_key
= os_malloc(cred
->key_len
);
495 if (hapd
->wps
->network_key
== NULL
)
498 hapd
->wps
->network_key_len
= cred
->key_len
;
499 os_memcpy(hapd
->wps
->network_key
, cred
->key
, cred
->key_len
);
501 hapd
->wps
->wps_state
= WPS_STATE_CONFIGURED
;
503 if (hapd
->iface
->config_fname
== NULL
)
504 return hapd_wps_reconfig_in_memory(hapd
, cred
);
505 len
= os_strlen(hapd
->iface
->config_fname
) + 5;
506 tmp_fname
= os_malloc(len
);
507 if (tmp_fname
== NULL
)
509 os_snprintf(tmp_fname
, len
, "%s-new", hapd
->iface
->config_fname
);
511 oconf
= fopen(hapd
->iface
->config_fname
, "r");
513 wpa_printf(MSG_WARNING
, "WPS: Could not open current "
514 "configuration file");
519 nconf
= fopen(tmp_fname
, "w");
521 wpa_printf(MSG_WARNING
, "WPS: Could not write updated "
522 "configuration file");
528 fprintf(nconf
, "# WPS configuration - START\n");
530 fprintf(nconf
, "wps_state=2\n");
532 if (is_hex(cred
->ssid
, cred
->ssid_len
)) {
533 fprintf(nconf
, "ssid2=");
534 for (i
= 0; i
< cred
->ssid_len
; i
++)
535 fprintf(nconf
, "%02x", cred
->ssid
[i
]);
536 fprintf(nconf
, "\n");
538 fprintf(nconf
, "ssid=");
539 for (i
= 0; i
< cred
->ssid_len
; i
++)
540 fputc(cred
->ssid
[i
], nconf
);
541 fprintf(nconf
, "\n");
544 if ((cred
->auth_type
& (WPS_AUTH_WPA2
| WPS_AUTH_WPA2PSK
)) &&
545 (cred
->auth_type
& (WPS_AUTH_WPA
| WPS_AUTH_WPAPSK
)))
547 else if (cred
->auth_type
& (WPS_AUTH_WPA2
| WPS_AUTH_WPA2PSK
))
549 else if (cred
->auth_type
& (WPS_AUTH_WPA
| WPS_AUTH_WPAPSK
))
556 fprintf(nconf
, "wpa=%d\n", wpa
);
558 fprintf(nconf
, "wpa_key_mgmt=");
560 if (cred
->auth_type
& (WPS_AUTH_WPA2
| WPS_AUTH_WPA
)) {
561 fprintf(nconf
, "WPA-EAP");
564 if (cred
->auth_type
& (WPS_AUTH_WPA2PSK
| WPS_AUTH_WPAPSK
))
565 fprintf(nconf
, "%sWPA-PSK", prefix
);
566 fprintf(nconf
, "\n");
568 fprintf(nconf
, "wpa_pairwise=");
570 if (cred
->encr_type
& WPS_ENCR_AES
) {
571 fprintf(nconf
, "CCMP");
574 if (cred
->encr_type
& WPS_ENCR_TKIP
) {
575 fprintf(nconf
, "%sTKIP", prefix
);
577 fprintf(nconf
, "\n");
579 if (cred
->key_len
>= 8 && cred
->key_len
< 64) {
580 fprintf(nconf
, "wpa_passphrase=");
581 for (i
= 0; i
< cred
->key_len
; i
++)
582 fputc(cred
->key
[i
], nconf
);
583 fprintf(nconf
, "\n");
584 } else if (cred
->key_len
== 64) {
585 fprintf(nconf
, "wpa_psk=");
586 for (i
= 0; i
< cred
->key_len
; i
++)
587 fputc(cred
->key
[i
], nconf
);
588 fprintf(nconf
, "\n");
590 wpa_printf(MSG_WARNING
, "WPS: Invalid key length %lu "
592 (unsigned long) cred
->key_len
);
595 fprintf(nconf
, "auth_algs=1\n");
599 * WPS 2.0 does not allow WEP to be configured, so no need to
600 * process that option here either.
602 fprintf(nconf
, "auth_algs=1\n");
603 #else /* CONFIG_WPS2 */
604 if ((cred
->auth_type
& WPS_AUTH_OPEN
) &&
605 (cred
->auth_type
& WPS_AUTH_SHARED
))
606 fprintf(nconf
, "auth_algs=3\n");
607 else if (cred
->auth_type
& WPS_AUTH_SHARED
)
608 fprintf(nconf
, "auth_algs=2\n");
610 fprintf(nconf
, "auth_algs=1\n");
612 if (cred
->encr_type
& WPS_ENCR_WEP
&& cred
->key_idx
<= 4) {
613 int key_idx
= cred
->key_idx
;
616 fprintf(nconf
, "wep_default_key=%d\n", key_idx
);
617 fprintf(nconf
, "wep_key%d=", key_idx
);
618 if (cred
->key_len
== 10 || cred
->key_len
== 26) {
619 /* WEP key as a hex string */
620 for (i
= 0; i
< cred
->key_len
; i
++)
621 fputc(cred
->key
[i
], nconf
);
623 /* Raw WEP key; convert to hex */
624 for (i
= 0; i
< cred
->key_len
; i
++)
625 fprintf(nconf
, "%02x", cred
->key
[i
]);
627 fprintf(nconf
, "\n");
629 #endif /* CONFIG_WPS2 */
632 fprintf(nconf
, "# WPS configuration - END\n");
635 while (fgets(buf
, sizeof(buf
), oconf
)) {
636 if (os_strncmp(buf
, "bss=", 4) == 0)
639 (str_starts(buf
, "ssid=") ||
640 str_starts(buf
, "ssid2=") ||
641 str_starts(buf
, "auth_algs=") ||
642 str_starts(buf
, "wep_default_key=") ||
643 str_starts(buf
, "wep_key") ||
644 str_starts(buf
, "wps_state=") ||
645 str_starts(buf
, "wpa=") ||
646 str_starts(buf
, "wpa_psk=") ||
647 str_starts(buf
, "wpa_pairwise=") ||
648 str_starts(buf
, "rsn_pairwise=") ||
649 str_starts(buf
, "wpa_key_mgmt=") ||
650 str_starts(buf
, "wpa_passphrase="))) {
651 fprintf(nconf
, "#WPS# %s", buf
);
653 fprintf(nconf
, "%s", buf
);
659 if (rename(tmp_fname
, hapd
->iface
->config_fname
) < 0) {
660 wpa_printf(MSG_WARNING
, "WPS: Failed to rename the updated "
661 "configuration file: %s", strerror(errno
));
668 /* Schedule configuration reload after short period of time to allow
669 * EAP-WSC to be finished.
671 eloop_register_timeout(0, 100000, wps_reload_config
, hapd
->iface
,
674 wpa_printf(MSG_DEBUG
, "WPS: AP configuration updated");
680 static int hostapd_wps_cred_cb(void *ctx
, const struct wps_credential
*cred
)
682 struct hostapd_data
*hapd
= ctx
;
683 return hostapd_wps_for_each(hapd
, hapd_wps_cred_cb
, (void *) cred
);
687 static void hostapd_wps_reenable_ap_pin(void *eloop_data
, void *user_ctx
)
689 struct hostapd_data
*hapd
= eloop_data
;
691 if (hapd
->conf
->ap_setup_locked
)
693 if (hapd
->ap_pin_failures_consecutive
>= 10)
696 wpa_printf(MSG_DEBUG
, "WPS: Re-enable AP PIN");
697 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_AP_SETUP_UNLOCKED
);
698 hapd
->wps
->ap_setup_locked
= 0;
699 wps_registrar_update_ie(hapd
->wps
->registrar
);
703 static int wps_pwd_auth_fail(struct hostapd_data
*hapd
, void *ctx
)
705 struct wps_event_pwd_auth_fail
*data
= ctx
;
707 if (!data
->enrollee
|| hapd
->conf
->ap_pin
== NULL
|| hapd
->wps
== NULL
)
711 * Registrar failed to prove its knowledge of the AP PIN. Lock AP setup
712 * for some time if this happens multiple times to slow down brute
715 hapd
->ap_pin_failures
++;
716 hapd
->ap_pin_failures_consecutive
++;
717 wpa_printf(MSG_DEBUG
, "WPS: AP PIN authentication failure number %u "
719 hapd
->ap_pin_failures
, hapd
->ap_pin_failures_consecutive
);
720 if (hapd
->ap_pin_failures
< 3)
723 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_AP_SETUP_LOCKED
);
724 hapd
->wps
->ap_setup_locked
= 1;
726 wps_registrar_update_ie(hapd
->wps
->registrar
);
728 if (!hapd
->conf
->ap_setup_locked
&&
729 hapd
->ap_pin_failures_consecutive
>= 10) {
731 * In indefinite lockdown - disable automatic AP PIN
734 eloop_cancel_timeout(hostapd_wps_reenable_ap_pin
, hapd
, NULL
);
735 wpa_printf(MSG_DEBUG
, "WPS: AP PIN disabled indefinitely");
736 } else if (!hapd
->conf
->ap_setup_locked
) {
737 if (hapd
->ap_pin_lockout_time
== 0)
738 hapd
->ap_pin_lockout_time
= 60;
739 else if (hapd
->ap_pin_lockout_time
< 365 * 24 * 60 * 60 &&
740 (hapd
->ap_pin_failures
% 3) == 0)
741 hapd
->ap_pin_lockout_time
*= 2;
743 wpa_printf(MSG_DEBUG
, "WPS: Disable AP PIN for %u seconds",
744 hapd
->ap_pin_lockout_time
);
745 eloop_cancel_timeout(hostapd_wps_reenable_ap_pin
, hapd
, NULL
);
746 eloop_register_timeout(hapd
->ap_pin_lockout_time
, 0,
747 hostapd_wps_reenable_ap_pin
, hapd
,
755 static void hostapd_pwd_auth_fail(struct hostapd_data
*hapd
,
756 struct wps_event_pwd_auth_fail
*data
)
758 /* Update WPS Status - Authentication Failure */
759 wpa_printf(MSG_DEBUG
, "WPS: Authentication failure update");
760 hapd
->wps_stats
.status
= WPS_STATUS_FAILURE
;
761 hapd
->wps_stats
.failure_reason
= WPS_EI_AUTH_FAILURE
;
762 os_memcpy(hapd
->wps_stats
.peer_addr
, data
->peer_macaddr
, ETH_ALEN
);
764 hostapd_wps_for_each(hapd
, wps_pwd_auth_fail
, data
);
768 static int wps_ap_pin_success(struct hostapd_data
*hapd
, void *ctx
)
770 if (hapd
->conf
->ap_pin
== NULL
|| hapd
->wps
== NULL
)
773 if (hapd
->ap_pin_failures_consecutive
== 0)
776 wpa_printf(MSG_DEBUG
, "WPS: Clear consecutive AP PIN failure counter "
777 "- total validation failures %u (%u consecutive)",
778 hapd
->ap_pin_failures
, hapd
->ap_pin_failures_consecutive
);
779 hapd
->ap_pin_failures_consecutive
= 0;
785 static void hostapd_wps_ap_pin_success(struct hostapd_data
*hapd
)
787 hostapd_wps_for_each(hapd
, wps_ap_pin_success
, NULL
);
791 static void hostapd_wps_event_pbc_overlap(struct hostapd_data
*hapd
)
793 /* Update WPS Status - PBC Overlap */
794 hapd
->wps_stats
.pbc_status
= WPS_PBC_STATUS_OVERLAP
;
798 static void hostapd_wps_event_pbc_timeout(struct hostapd_data
*hapd
)
800 /* Update WPS PBC Status:PBC Timeout */
801 hapd
->wps_stats
.pbc_status
= WPS_PBC_STATUS_TIMEOUT
;
805 static void hostapd_wps_event_pbc_active(struct hostapd_data
*hapd
)
807 /* Update WPS PBC status - Active */
808 hapd
->wps_stats
.pbc_status
= WPS_PBC_STATUS_ACTIVE
;
812 static void hostapd_wps_event_pbc_disable(struct hostapd_data
*hapd
)
814 /* Update WPS PBC status - Active */
815 hapd
->wps_stats
.pbc_status
= WPS_PBC_STATUS_DISABLE
;
819 static void hostapd_wps_event_success(struct hostapd_data
*hapd
,
820 struct wps_event_success
*success
)
822 /* Update WPS status - Success */
823 hapd
->wps_stats
.pbc_status
= WPS_PBC_STATUS_DISABLE
;
824 hapd
->wps_stats
.status
= WPS_STATUS_SUCCESS
;
825 os_memcpy(hapd
->wps_stats
.peer_addr
, success
->peer_macaddr
, ETH_ALEN
);
829 static void hostapd_wps_event_fail(struct hostapd_data
*hapd
,
830 struct wps_event_fail
*fail
)
832 /* Update WPS status - Failure */
833 hapd
->wps_stats
.status
= WPS_STATUS_FAILURE
;
834 os_memcpy(hapd
->wps_stats
.peer_addr
, fail
->peer_macaddr
, ETH_ALEN
);
836 hapd
->wps_stats
.failure_reason
= fail
->error_indication
;
838 if (fail
->error_indication
> 0 &&
839 fail
->error_indication
< NUM_WPS_EI_VALUES
) {
840 wpa_msg(hapd
->msg_ctx
, MSG_INFO
,
841 WPS_EVENT_FAIL
"msg=%d config_error=%d reason=%d (%s)",
842 fail
->msg
, fail
->config_error
, fail
->error_indication
,
843 wps_ei_str(fail
->error_indication
));
845 wpa_msg(hapd
->msg_ctx
, MSG_INFO
,
846 WPS_EVENT_FAIL
"msg=%d config_error=%d",
847 fail
->msg
, fail
->config_error
);
852 static void hostapd_wps_event_cb(void *ctx
, enum wps_event event
,
853 union wps_event_data
*data
)
855 struct hostapd_data
*hapd
= ctx
;
859 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_M2D
);
862 hostapd_wps_event_fail(hapd
, &data
->fail
);
865 hostapd_wps_event_success(hapd
, &data
->success
);
866 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_SUCCESS
);
868 case WPS_EV_PWD_AUTH_FAIL
:
869 hostapd_pwd_auth_fail(hapd
, &data
->pwd_auth_fail
);
871 case WPS_EV_PBC_OVERLAP
:
872 hostapd_wps_event_pbc_overlap(hapd
);
873 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_OVERLAP
);
875 case WPS_EV_PBC_TIMEOUT
:
876 hostapd_wps_event_pbc_timeout(hapd
);
877 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_TIMEOUT
);
879 case WPS_EV_PBC_ACTIVE
:
880 hostapd_wps_event_pbc_active(hapd
);
881 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_ACTIVE
);
883 case WPS_EV_PBC_DISABLE
:
884 hostapd_wps_event_pbc_disable(hapd
);
885 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_DISABLE
);
887 case WPS_EV_ER_AP_ADD
:
889 case WPS_EV_ER_AP_REMOVE
:
891 case WPS_EV_ER_ENROLLEE_ADD
:
893 case WPS_EV_ER_ENROLLEE_REMOVE
:
895 case WPS_EV_ER_AP_SETTINGS
:
897 case WPS_EV_ER_SET_SELECTED_REGISTRAR
:
899 case WPS_EV_AP_PIN_SUCCESS
:
900 hostapd_wps_ap_pin_success(hapd
);
903 if (hapd
->wps_event_cb
)
904 hapd
->wps_event_cb(hapd
->wps_event_cb_ctx
, event
, data
);
908 static int hostapd_wps_rf_band_cb(void *ctx
)
910 struct hostapd_data
*hapd
= ctx
;
912 return hapd
->iconf
->hw_mode
== HOSTAPD_MODE_IEEE80211A
?
913 WPS_RF_50GHZ
: WPS_RF_24GHZ
; /* FIX: dualband AP */
917 static void hostapd_wps_clear_ies(struct hostapd_data
*hapd
, int deinit_only
)
919 wpabuf_free(hapd
->wps_beacon_ie
);
920 hapd
->wps_beacon_ie
= NULL
;
922 wpabuf_free(hapd
->wps_probe_resp_ie
);
923 hapd
->wps_probe_resp_ie
= NULL
;
928 hostapd_set_ap_wps_ie(hapd
);
932 static int get_uuid_cb(struct hostapd_iface
*iface
, void *ctx
)
934 const u8
**uuid
= ctx
;
939 for (j
= 0; j
< iface
->num_bss
; j
++) {
940 struct hostapd_data
*hapd
= iface
->bss
[j
];
941 if (hapd
->wps
&& !hapd
->conf
->wps_independent
&&
942 !is_nil_uuid(hapd
->wps
->uuid
)) {
943 *uuid
= hapd
->wps
->uuid
;
952 static const u8
* get_own_uuid(struct hostapd_iface
*iface
)
955 if (iface
->interfaces
== NULL
||
956 iface
->interfaces
->for_each_interface
== NULL
)
959 iface
->interfaces
->for_each_interface(iface
->interfaces
, get_uuid_cb
,
965 static int count_interface_cb(struct hostapd_iface
*iface
, void *ctx
)
973 static int interface_count(struct hostapd_iface
*iface
)
976 if (iface
->interfaces
== NULL
||
977 iface
->interfaces
->for_each_interface
== NULL
)
979 iface
->interfaces
->for_each_interface(iface
->interfaces
,
980 count_interface_cb
, &count
);
985 static int hostapd_wps_set_vendor_ext(struct hostapd_data
*hapd
,
986 struct wps_context
*wps
)
990 for (i
= 0; i
< MAX_WPS_VENDOR_EXTENSIONS
; i
++) {
991 wpabuf_free(wps
->dev
.vendor_ext
[i
]);
992 wps
->dev
.vendor_ext
[i
] = NULL
;
994 if (hapd
->conf
->wps_vendor_ext
[i
] == NULL
)
997 wps
->dev
.vendor_ext
[i
] =
998 wpabuf_dup(hapd
->conf
->wps_vendor_ext
[i
]);
999 if (wps
->dev
.vendor_ext
[i
] == NULL
) {
1001 wpabuf_free(wps
->dev
.vendor_ext
[i
]);
1010 static void hostapd_free_wps(struct wps_context
*wps
)
1014 for (i
= 0; i
< MAX_WPS_VENDOR_EXTENSIONS
; i
++)
1015 wpabuf_free(wps
->dev
.vendor_ext
[i
]);
1016 wps_device_data_free(&wps
->dev
);
1017 os_free(wps
->network_key
);
1018 hostapd_wps_nfc_clear(wps
);
1019 wpabuf_free(wps
->dh_pubkey
);
1020 wpabuf_free(wps
->dh_privkey
);
1025 int hostapd_init_wps(struct hostapd_data
*hapd
,
1026 struct hostapd_bss_config
*conf
)
1028 struct wps_context
*wps
;
1029 struct wps_registrar_config cfg
;
1031 if (conf
->wps_state
== 0) {
1032 hostapd_wps_clear_ies(hapd
, 0);
1036 wps
= os_zalloc(sizeof(*wps
));
1040 wps
->cred_cb
= hostapd_wps_cred_cb
;
1041 wps
->event_cb
= hostapd_wps_event_cb
;
1042 wps
->rf_band_cb
= hostapd_wps_rf_band_cb
;
1045 os_memset(&cfg
, 0, sizeof(cfg
));
1046 wps
->wps_state
= hapd
->conf
->wps_state
;
1047 wps
->ap_setup_locked
= hapd
->conf
->ap_setup_locked
;
1048 if (is_nil_uuid(hapd
->conf
->uuid
)) {
1050 uuid
= get_own_uuid(hapd
->iface
);
1051 if (uuid
&& !conf
->wps_independent
) {
1052 os_memcpy(wps
->uuid
, uuid
, UUID_LEN
);
1053 wpa_hexdump(MSG_DEBUG
, "WPS: Clone UUID from another "
1054 "interface", wps
->uuid
, UUID_LEN
);
1056 uuid_gen_mac_addr(hapd
->own_addr
, wps
->uuid
);
1057 wpa_hexdump(MSG_DEBUG
, "WPS: UUID based on MAC "
1058 "address", wps
->uuid
, UUID_LEN
);
1061 os_memcpy(wps
->uuid
, hapd
->conf
->uuid
, UUID_LEN
);
1062 wpa_hexdump(MSG_DEBUG
, "WPS: Use configured UUID",
1063 wps
->uuid
, UUID_LEN
);
1065 wps
->ssid_len
= hapd
->conf
->ssid
.ssid_len
;
1066 os_memcpy(wps
->ssid
, hapd
->conf
->ssid
.ssid
, wps
->ssid_len
);
1068 os_memcpy(wps
->dev
.mac_addr
, hapd
->own_addr
, ETH_ALEN
);
1069 wps
->dev
.device_name
= hapd
->conf
->device_name
?
1070 os_strdup(hapd
->conf
->device_name
) : NULL
;
1071 wps
->dev
.manufacturer
= hapd
->conf
->manufacturer
?
1072 os_strdup(hapd
->conf
->manufacturer
) : NULL
;
1073 wps
->dev
.model_name
= hapd
->conf
->model_name
?
1074 os_strdup(hapd
->conf
->model_name
) : NULL
;
1075 wps
->dev
.model_number
= hapd
->conf
->model_number
?
1076 os_strdup(hapd
->conf
->model_number
) : NULL
;
1077 wps
->dev
.serial_number
= hapd
->conf
->serial_number
?
1078 os_strdup(hapd
->conf
->serial_number
) : NULL
;
1079 wps
->config_methods
=
1080 wps_config_methods_str2bin(hapd
->conf
->config_methods
);
1082 if ((wps
->config_methods
&
1083 (WPS_CONFIG_DISPLAY
| WPS_CONFIG_VIRT_DISPLAY
|
1084 WPS_CONFIG_PHY_DISPLAY
)) == WPS_CONFIG_DISPLAY
) {
1085 wpa_printf(MSG_INFO
, "WPS: Converting display to "
1086 "virtual_display for WPS 2.0 compliance");
1087 wps
->config_methods
|= WPS_CONFIG_VIRT_DISPLAY
;
1089 if ((wps
->config_methods
&
1090 (WPS_CONFIG_PUSHBUTTON
| WPS_CONFIG_VIRT_PUSHBUTTON
|
1091 WPS_CONFIG_PHY_PUSHBUTTON
)) == WPS_CONFIG_PUSHBUTTON
) {
1092 wpa_printf(MSG_INFO
, "WPS: Converting push_button to "
1093 "virtual_push_button for WPS 2.0 compliance");
1094 wps
->config_methods
|= WPS_CONFIG_VIRT_PUSHBUTTON
;
1096 #endif /* CONFIG_WPS2 */
1097 os_memcpy(wps
->dev
.pri_dev_type
, hapd
->conf
->device_type
,
1100 if (hostapd_wps_set_vendor_ext(hapd
, wps
) < 0)
1103 wps
->dev
.os_version
= WPA_GET_BE32(hapd
->conf
->os_version
);
1105 if (conf
->wps_rf_bands
) {
1106 wps
->dev
.rf_bands
= conf
->wps_rf_bands
;
1109 hapd
->iconf
->hw_mode
== HOSTAPD_MODE_IEEE80211A
?
1110 WPS_RF_50GHZ
: WPS_RF_24GHZ
; /* FIX: dualband AP */
1113 if (conf
->wpa
& WPA_PROTO_RSN
) {
1114 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_PSK
)
1115 wps
->auth_types
|= WPS_AUTH_WPA2PSK
;
1116 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_IEEE8021X
)
1117 wps
->auth_types
|= WPS_AUTH_WPA2
;
1119 if (conf
->rsn_pairwise
& WPA_CIPHER_CCMP
)
1120 wps
->encr_types
|= WPS_ENCR_AES
;
1121 if (conf
->rsn_pairwise
& WPA_CIPHER_TKIP
)
1122 wps
->encr_types
|= WPS_ENCR_TKIP
;
1125 if (conf
->wpa
& WPA_PROTO_WPA
) {
1126 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_PSK
)
1127 wps
->auth_types
|= WPS_AUTH_WPAPSK
;
1128 if (conf
->wpa_key_mgmt
& WPA_KEY_MGMT_IEEE8021X
)
1129 wps
->auth_types
|= WPS_AUTH_WPA
;
1131 if (conf
->wpa_pairwise
& WPA_CIPHER_CCMP
)
1132 wps
->encr_types
|= WPS_ENCR_AES
;
1133 if (conf
->wpa_pairwise
& WPA_CIPHER_TKIP
)
1134 wps
->encr_types
|= WPS_ENCR_TKIP
;
1137 if (conf
->ssid
.security_policy
== SECURITY_PLAINTEXT
) {
1138 wps
->encr_types
|= WPS_ENCR_NONE
;
1139 wps
->auth_types
|= WPS_AUTH_OPEN
;
1140 } else if (conf
->ssid
.security_policy
== SECURITY_STATIC_WEP
) {
1141 wps
->encr_types
|= WPS_ENCR_WEP
;
1142 if (conf
->auth_algs
& WPA_AUTH_ALG_OPEN
)
1143 wps
->auth_types
|= WPS_AUTH_OPEN
;
1144 if (conf
->auth_algs
& WPA_AUTH_ALG_SHARED
)
1145 wps
->auth_types
|= WPS_AUTH_SHARED
;
1146 } else if (conf
->ssid
.security_policy
== SECURITY_IEEE_802_1X
) {
1147 wps
->auth_types
|= WPS_AUTH_OPEN
;
1148 if (conf
->default_wep_key_len
)
1149 wps
->encr_types
|= WPS_ENCR_WEP
;
1151 wps
->encr_types
|= WPS_ENCR_NONE
;
1154 if (conf
->ssid
.wpa_psk_file
) {
1155 /* Use per-device PSKs */
1156 } else if (conf
->ssid
.wpa_passphrase
) {
1157 wps
->network_key
= (u8
*) os_strdup(conf
->ssid
.wpa_passphrase
);
1158 wps
->network_key_len
= os_strlen(conf
->ssid
.wpa_passphrase
);
1159 } else if (conf
->ssid
.wpa_psk
) {
1160 wps
->network_key
= os_malloc(2 * PMK_LEN
+ 1);
1161 if (wps
->network_key
== NULL
)
1163 wpa_snprintf_hex((char *) wps
->network_key
, 2 * PMK_LEN
+ 1,
1164 conf
->ssid
.wpa_psk
->psk
, PMK_LEN
);
1165 wps
->network_key_len
= 2 * PMK_LEN
;
1166 } else if (conf
->ssid
.wep
.keys_set
&& conf
->ssid
.wep
.key
[0]) {
1167 wps
->network_key
= os_malloc(conf
->ssid
.wep
.len
[0]);
1168 if (wps
->network_key
== NULL
)
1170 os_memcpy(wps
->network_key
, conf
->ssid
.wep
.key
[0],
1171 conf
->ssid
.wep
.len
[0]);
1172 wps
->network_key_len
= conf
->ssid
.wep
.len
[0];
1175 if (conf
->ssid
.wpa_psk
) {
1176 os_memcpy(wps
->psk
, conf
->ssid
.wpa_psk
->psk
, PMK_LEN
);
1180 wps
->ap_auth_type
= wps
->auth_types
;
1181 wps
->ap_encr_type
= wps
->encr_types
;
1182 if (conf
->wps_state
== WPS_STATE_NOT_CONFIGURED
) {
1183 /* Override parameters to enable security by default */
1184 wps
->auth_types
= WPS_AUTH_WPA2PSK
| WPS_AUTH_WPAPSK
;
1185 wps
->encr_types
= WPS_ENCR_AES
| WPS_ENCR_TKIP
;
1188 wps
->ap_settings
= conf
->ap_settings
;
1189 wps
->ap_settings_len
= conf
->ap_settings_len
;
1191 cfg
.new_psk_cb
= hostapd_wps_new_psk_cb
;
1192 cfg
.set_ie_cb
= hostapd_wps_set_ie_cb
;
1193 cfg
.pin_needed_cb
= hostapd_wps_pin_needed_cb
;
1194 cfg
.reg_success_cb
= hostapd_wps_reg_success_cb
;
1195 cfg
.enrollee_seen_cb
= hostapd_wps_enrollee_seen_cb
;
1197 cfg
.skip_cred_build
= conf
->skip_cred_build
;
1198 cfg
.extra_cred
= conf
->extra_cred
;
1199 cfg
.extra_cred_len
= conf
->extra_cred_len
;
1200 cfg
.disable_auto_conf
= (hapd
->conf
->wps_cred_processing
== 1) &&
1201 conf
->skip_cred_build
;
1202 if (conf
->ssid
.security_policy
== SECURITY_STATIC_WEP
)
1203 cfg
.static_wep_only
= 1;
1204 cfg
.dualband
= interface_count(hapd
->iface
) > 1;
1205 if ((wps
->dev
.rf_bands
& (WPS_RF_50GHZ
| WPS_RF_24GHZ
)) ==
1206 (WPS_RF_50GHZ
| WPS_RF_24GHZ
))
1209 wpa_printf(MSG_DEBUG
, "WPS: Dualband AP");
1210 cfg
.force_per_enrollee_psk
= conf
->force_per_enrollee_psk
;
1212 wps
->registrar
= wps_registrar_init(wps
, &cfg
);
1213 if (wps
->registrar
== NULL
) {
1214 wpa_printf(MSG_ERROR
, "Failed to initialize WPS Registrar");
1218 #ifdef CONFIG_WPS_UPNP
1219 wps
->friendly_name
= hapd
->conf
->friendly_name
;
1220 wps
->manufacturer_url
= hapd
->conf
->manufacturer_url
;
1221 wps
->model_description
= hapd
->conf
->model_description
;
1222 wps
->model_url
= hapd
->conf
->model_url
;
1223 wps
->upc
= hapd
->conf
->upc
;
1224 #endif /* CONFIG_WPS_UPNP */
1226 hostapd_register_probereq_cb(hapd
, hostapd_wps_probe_req_rx
, hapd
);
1233 hostapd_free_wps(wps
);
1238 int hostapd_init_wps_complete(struct hostapd_data
*hapd
)
1240 struct wps_context
*wps
= hapd
->wps
;
1245 #ifdef CONFIG_WPS_UPNP
1246 if (hostapd_wps_upnp_init(hapd
, wps
) < 0) {
1247 wpa_printf(MSG_ERROR
, "Failed to initialize WPS UPnP");
1248 wps_registrar_deinit(wps
->registrar
);
1249 hostapd_free_wps(wps
);
1253 #endif /* CONFIG_WPS_UPNP */
1259 static void hostapd_wps_nfc_clear(struct wps_context
*wps
)
1261 #ifdef CONFIG_WPS_NFC
1262 wpa_printf(MSG_DEBUG
, "WPS: Clear NFC Tag context %p", wps
);
1263 wps
->ap_nfc_dev_pw_id
= 0;
1264 wpabuf_free(wps
->ap_nfc_dh_pubkey
);
1265 wps
->ap_nfc_dh_pubkey
= NULL
;
1266 wpabuf_free(wps
->ap_nfc_dh_privkey
);
1267 wps
->ap_nfc_dh_privkey
= NULL
;
1268 wpabuf_free(wps
->ap_nfc_dev_pw
);
1269 wps
->ap_nfc_dev_pw
= NULL
;
1270 #endif /* CONFIG_WPS_NFC */
1274 void hostapd_deinit_wps(struct hostapd_data
*hapd
)
1276 eloop_cancel_timeout(hostapd_wps_reenable_ap_pin
, hapd
, NULL
);
1277 eloop_cancel_timeout(hostapd_wps_ap_pin_timeout
, hapd
, NULL
);
1278 eloop_cancel_timeout(wps_reload_config
, hapd
->iface
, NULL
);
1279 if (hapd
->wps
== NULL
) {
1280 hostapd_wps_clear_ies(hapd
, 1);
1283 #ifdef CONFIG_WPS_UPNP
1284 hostapd_wps_upnp_deinit(hapd
);
1285 #endif /* CONFIG_WPS_UPNP */
1286 wps_registrar_deinit(hapd
->wps
->registrar
);
1287 wps_free_pending_msgs(hapd
->wps
->upnp_msgs
);
1288 hostapd_free_wps(hapd
->wps
);
1290 hostapd_wps_clear_ies(hapd
, 1);
1294 void hostapd_update_wps(struct hostapd_data
*hapd
)
1296 if (hapd
->wps
== NULL
)
1299 #ifdef CONFIG_WPS_UPNP
1300 hapd
->wps
->friendly_name
= hapd
->conf
->friendly_name
;
1301 hapd
->wps
->manufacturer_url
= hapd
->conf
->manufacturer_url
;
1302 hapd
->wps
->model_description
= hapd
->conf
->model_description
;
1303 hapd
->wps
->model_url
= hapd
->conf
->model_url
;
1304 hapd
->wps
->upc
= hapd
->conf
->upc
;
1305 #endif /* CONFIG_WPS_UPNP */
1307 hostapd_wps_set_vendor_ext(hapd
, hapd
->wps
);
1309 if (hapd
->conf
->wps_state
)
1310 wps_registrar_update_ie(hapd
->wps
->registrar
);
1312 hostapd_deinit_wps(hapd
);
1316 struct wps_add_pin_data
{
1326 static int wps_add_pin(struct hostapd_data
*hapd
, void *ctx
)
1328 struct wps_add_pin_data
*data
= ctx
;
1331 if (hapd
->wps
== NULL
)
1333 ret
= wps_registrar_add_pin(hapd
->wps
->registrar
, data
->addr
,
1334 data
->uuid
, data
->pin
, data
->pin_len
,
1342 int hostapd_wps_add_pin(struct hostapd_data
*hapd
, const u8
*addr
,
1343 const char *uuid
, const char *pin
, int timeout
)
1346 struct wps_add_pin_data data
;
1350 data
.pin
= (const u8
*) pin
;
1351 data
.pin_len
= os_strlen(pin
);
1352 data
.timeout
= timeout
;
1355 if (os_strcmp(uuid
, "any") == 0)
1358 if (uuid_str2bin(uuid
, u
))
1362 if (hostapd_wps_for_each(hapd
, wps_add_pin
, &data
) < 0)
1364 return data
.added
? 0 : -1;
1368 static int wps_button_pushed(struct hostapd_data
*hapd
, void *ctx
)
1370 const u8
*p2p_dev_addr
= ctx
;
1371 if (hapd
->wps
== NULL
)
1373 return wps_registrar_button_pushed(hapd
->wps
->registrar
, p2p_dev_addr
);
1377 int hostapd_wps_button_pushed(struct hostapd_data
*hapd
,
1378 const u8
*p2p_dev_addr
)
1380 return hostapd_wps_for_each(hapd
, wps_button_pushed
,
1381 (void *) p2p_dev_addr
);
1385 static int wps_cancel(struct hostapd_data
*hapd
, void *ctx
)
1387 if (hapd
->wps
== NULL
)
1390 wps_registrar_wps_cancel(hapd
->wps
->registrar
);
1391 ap_for_each_sta(hapd
, ap_sta_wps_cancel
, NULL
);
1397 int hostapd_wps_cancel(struct hostapd_data
*hapd
)
1399 return hostapd_wps_for_each(hapd
, wps_cancel
, NULL
);
1403 static int hostapd_wps_probe_req_rx(void *ctx
, const u8
*addr
, const u8
*da
,
1405 const u8
*ie
, size_t ie_len
,
1408 struct hostapd_data
*hapd
= ctx
;
1409 struct wpabuf
*wps_ie
;
1410 struct ieee802_11_elems elems
;
1412 if (hapd
->wps
== NULL
)
1415 if (ieee802_11_parse_elems(ie
, ie_len
, &elems
, 0) == ParseFailed
) {
1416 wpa_printf(MSG_DEBUG
, "WPS: Could not parse ProbeReq from "
1417 MACSTR
, MAC2STR(addr
));
1421 if (elems
.ssid
&& elems
.ssid_len
> 0 &&
1422 (elems
.ssid_len
!= hapd
->conf
->ssid
.ssid_len
||
1423 os_memcmp(elems
.ssid
, hapd
->conf
->ssid
.ssid
, elems
.ssid_len
) !=
1425 return 0; /* Not for us */
1427 wps_ie
= ieee802_11_vendor_ie_concat(ie
, ie_len
, WPS_DEV_OUI_WFA
);
1430 if (wps_validate_probe_req(wps_ie
, addr
) < 0) {
1431 wpabuf_free(wps_ie
);
1435 if (wpabuf_len(wps_ie
) > 0) {
1436 int p2p_wildcard
= 0;
1438 if (elems
.ssid
&& elems
.ssid_len
== P2P_WILDCARD_SSID_LEN
&&
1439 os_memcmp(elems
.ssid
, P2P_WILDCARD_SSID
,
1440 P2P_WILDCARD_SSID_LEN
) == 0)
1442 #endif /* CONFIG_P2P */
1443 wps_registrar_probe_req_rx(hapd
->wps
->registrar
, addr
, wps_ie
,
1445 #ifdef CONFIG_WPS_UPNP
1446 /* FIX: what exactly should be included in the WLANEvent?
1447 * WPS attributes? Full ProbeReq frame? */
1449 upnp_wps_device_send_wlan_event(
1450 hapd
->wps_upnp
, addr
,
1451 UPNP_WPS_WLANEVENT_TYPE_PROBE
, wps_ie
);
1452 #endif /* CONFIG_WPS_UPNP */
1455 wpabuf_free(wps_ie
);
1461 #ifdef CONFIG_WPS_UPNP
1463 static int hostapd_rx_req_put_wlan_response(
1464 void *priv
, enum upnp_wps_wlanevent_type ev_type
,
1465 const u8
*mac_addr
, const struct wpabuf
*msg
,
1466 enum wps_msg_type msg_type
)
1468 struct hostapd_data
*hapd
= priv
;
1469 struct sta_info
*sta
;
1470 struct upnp_pending_message
*p
;
1472 wpa_printf(MSG_DEBUG
, "WPS UPnP: PutWLANResponse ev_type=%d mac_addr="
1473 MACSTR
, ev_type
, MAC2STR(mac_addr
));
1474 wpa_hexdump(MSG_MSGDUMP
, "WPS UPnP: PutWLANResponse NewMessage",
1475 wpabuf_head(msg
), wpabuf_len(msg
));
1476 if (ev_type
!= UPNP_WPS_WLANEVENT_TYPE_EAP
) {
1477 wpa_printf(MSG_DEBUG
, "WPS UPnP: Ignored unexpected "
1478 "PutWLANResponse WLANEventType %d", ev_type
);
1483 * EAP response to ongoing to WPS Registration. Send it to EAP-WSC
1484 * server implementation for delivery to the peer.
1487 sta
= ap_get_sta(hapd
, mac_addr
);
1488 #ifndef CONFIG_WPS_STRICT
1491 * Workaround - Intel wsccmd uses bogus NewWLANEventMAC:
1492 * Pick STA that is in an ongoing WPS registration without
1493 * checking the MAC address.
1495 wpa_printf(MSG_DEBUG
, "WPS UPnP: No matching STA found based "
1496 "on NewWLANEventMAC; try wildcard match");
1497 for (sta
= hapd
->sta_list
; sta
; sta
= sta
->next
) {
1498 if (sta
->eapol_sm
&& (sta
->flags
& WLAN_STA_WPS
))
1502 #endif /* CONFIG_WPS_STRICT */
1504 if (!sta
|| !(sta
->flags
& WLAN_STA_WPS
)) {
1505 wpa_printf(MSG_DEBUG
, "WPS UPnP: No matching STA found");
1509 if (!sta
->eapol_sm
) {
1511 * This can happen, e.g., if an ER sends an extra message after
1512 * the station has disassociated (but not fully
1515 wpa_printf(MSG_DEBUG
, "WPS UPnP: Matching STA did not have EAPOL state machine initialized");
1519 p
= os_zalloc(sizeof(*p
));
1522 os_memcpy(p
->addr
, sta
->addr
, ETH_ALEN
);
1523 p
->msg
= wpabuf_dup(msg
);
1525 p
->next
= hapd
->wps
->upnp_msgs
;
1526 hapd
->wps
->upnp_msgs
= p
;
1528 return eapol_auth_eap_pending_cb(sta
->eapol_sm
, sta
->eapol_sm
->eap
);
1532 static int hostapd_wps_upnp_init(struct hostapd_data
*hapd
,
1533 struct wps_context
*wps
)
1535 struct upnp_wps_device_ctx
*ctx
;
1537 if (!hapd
->conf
->upnp_iface
)
1539 ctx
= os_zalloc(sizeof(*ctx
));
1543 ctx
->rx_req_put_wlan_response
= hostapd_rx_req_put_wlan_response
;
1544 if (hapd
->conf
->ap_pin
)
1545 ctx
->ap_pin
= os_strdup(hapd
->conf
->ap_pin
);
1547 hapd
->wps_upnp
= upnp_wps_device_init(ctx
, wps
, hapd
,
1548 hapd
->conf
->upnp_iface
);
1549 if (hapd
->wps_upnp
== NULL
)
1551 wps
->wps_upnp
= hapd
->wps_upnp
;
1557 static void hostapd_wps_upnp_deinit(struct hostapd_data
*hapd
)
1559 upnp_wps_device_deinit(hapd
->wps_upnp
, hapd
);
1562 #endif /* CONFIG_WPS_UPNP */
1565 int hostapd_wps_get_mib_sta(struct hostapd_data
*hapd
, const u8
*addr
,
1566 char *buf
, size_t buflen
)
1568 if (hapd
->wps
== NULL
)
1570 return wps_registrar_get_info(hapd
->wps
->registrar
, addr
, buf
, buflen
);
1574 static void hostapd_wps_ap_pin_timeout(void *eloop_data
, void *user_ctx
)
1576 struct hostapd_data
*hapd
= eloop_data
;
1577 wpa_printf(MSG_DEBUG
, "WPS: AP PIN timed out");
1578 hostapd_wps_ap_pin_disable(hapd
);
1579 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_AP_PIN_DISABLED
);
1583 static void hostapd_wps_ap_pin_enable(struct hostapd_data
*hapd
, int timeout
)
1585 wpa_printf(MSG_DEBUG
, "WPS: Enabling AP PIN (timeout=%d)", timeout
);
1586 hapd
->ap_pin_failures
= 0;
1587 hapd
->ap_pin_failures_consecutive
= 0;
1588 hapd
->conf
->ap_setup_locked
= 0;
1589 if (hapd
->wps
->ap_setup_locked
) {
1590 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, WPS_EVENT_AP_SETUP_UNLOCKED
);
1591 hapd
->wps
->ap_setup_locked
= 0;
1592 wps_registrar_update_ie(hapd
->wps
->registrar
);
1594 eloop_cancel_timeout(hostapd_wps_ap_pin_timeout
, hapd
, NULL
);
1596 eloop_register_timeout(timeout
, 0,
1597 hostapd_wps_ap_pin_timeout
, hapd
, NULL
);
1601 static int wps_ap_pin_disable(struct hostapd_data
*hapd
, void *ctx
)
1603 os_free(hapd
->conf
->ap_pin
);
1604 hapd
->conf
->ap_pin
= NULL
;
1605 #ifdef CONFIG_WPS_UPNP
1606 upnp_wps_set_ap_pin(hapd
->wps_upnp
, NULL
);
1607 #endif /* CONFIG_WPS_UPNP */
1608 eloop_cancel_timeout(hostapd_wps_ap_pin_timeout
, hapd
, NULL
);
1613 void hostapd_wps_ap_pin_disable(struct hostapd_data
*hapd
)
1615 wpa_printf(MSG_DEBUG
, "WPS: Disabling AP PIN");
1616 hostapd_wps_for_each(hapd
, wps_ap_pin_disable
, NULL
);
1620 struct wps_ap_pin_data
{
1626 static int wps_ap_pin_set(struct hostapd_data
*hapd
, void *ctx
)
1628 struct wps_ap_pin_data
*data
= ctx
;
1629 os_free(hapd
->conf
->ap_pin
);
1630 hapd
->conf
->ap_pin
= os_strdup(data
->pin_txt
);
1631 #ifdef CONFIG_WPS_UPNP
1632 upnp_wps_set_ap_pin(hapd
->wps_upnp
, data
->pin_txt
);
1633 #endif /* CONFIG_WPS_UPNP */
1634 hostapd_wps_ap_pin_enable(hapd
, data
->timeout
);
1639 const char * hostapd_wps_ap_pin_random(struct hostapd_data
*hapd
, int timeout
)
1642 struct wps_ap_pin_data data
;
1644 pin
= wps_generate_pin();
1645 os_snprintf(data
.pin_txt
, sizeof(data
.pin_txt
), "%08u", pin
);
1646 data
.timeout
= timeout
;
1647 hostapd_wps_for_each(hapd
, wps_ap_pin_set
, &data
);
1648 return hapd
->conf
->ap_pin
;
1652 const char * hostapd_wps_ap_pin_get(struct hostapd_data
*hapd
)
1654 return hapd
->conf
->ap_pin
;
1658 int hostapd_wps_ap_pin_set(struct hostapd_data
*hapd
, const char *pin
,
1661 struct wps_ap_pin_data data
;
1664 ret
= os_snprintf(data
.pin_txt
, sizeof(data
.pin_txt
), "%s", pin
);
1665 if (ret
< 0 || ret
>= (int) sizeof(data
.pin_txt
))
1667 data
.timeout
= timeout
;
1668 return hostapd_wps_for_each(hapd
, wps_ap_pin_set
, &data
);
1672 static int wps_update_ie(struct hostapd_data
*hapd
, void *ctx
)
1675 wps_registrar_update_ie(hapd
->wps
->registrar
);
1680 void hostapd_wps_update_ie(struct hostapd_data
*hapd
)
1682 hostapd_wps_for_each(hapd
, wps_update_ie
, NULL
);
1686 int hostapd_wps_config_ap(struct hostapd_data
*hapd
, const char *ssid
,
1687 const char *auth
, const char *encr
, const char *key
)
1689 struct wps_credential cred
;
1692 os_memset(&cred
, 0, sizeof(cred
));
1694 len
= os_strlen(ssid
);
1695 if ((len
& 1) || len
> 2 * sizeof(cred
.ssid
) ||
1696 hexstr2bin(ssid
, cred
.ssid
, len
/ 2))
1698 cred
.ssid_len
= len
/ 2;
1700 if (os_strncmp(auth
, "OPEN", 4) == 0)
1701 cred
.auth_type
= WPS_AUTH_OPEN
;
1702 else if (os_strncmp(auth
, "WPAPSK", 6) == 0)
1703 cred
.auth_type
= WPS_AUTH_WPAPSK
;
1704 else if (os_strncmp(auth
, "WPA2PSK", 7) == 0)
1705 cred
.auth_type
= WPS_AUTH_WPA2PSK
;
1710 if (os_strncmp(encr
, "NONE", 4) == 0)
1711 cred
.encr_type
= WPS_ENCR_NONE
;
1712 else if (os_strncmp(encr
, "WEP", 3) == 0)
1713 cred
.encr_type
= WPS_ENCR_WEP
;
1714 else if (os_strncmp(encr
, "TKIP", 4) == 0)
1715 cred
.encr_type
= WPS_ENCR_TKIP
;
1716 else if (os_strncmp(encr
, "CCMP", 4) == 0)
1717 cred
.encr_type
= WPS_ENCR_AES
;
1721 cred
.encr_type
= WPS_ENCR_NONE
;
1724 len
= os_strlen(key
);
1725 if ((len
& 1) || len
> 2 * sizeof(cred
.key
) ||
1726 hexstr2bin(key
, cred
.key
, len
/ 2))
1728 cred
.key_len
= len
/ 2;
1731 return wps_registrar_config_ap(hapd
->wps
->registrar
, &cred
);
1735 #ifdef CONFIG_WPS_NFC
1737 struct wps_nfc_password_token_data
{
1738 const u8
*oob_dev_pw
;
1739 size_t oob_dev_pw_len
;
1744 static int wps_add_nfc_password_token(struct hostapd_data
*hapd
, void *ctx
)
1746 struct wps_nfc_password_token_data
*data
= ctx
;
1749 if (hapd
->wps
== NULL
)
1751 ret
= wps_registrar_add_nfc_password_token(hapd
->wps
->registrar
,
1753 data
->oob_dev_pw_len
);
1760 static int hostapd_wps_add_nfc_password_token(struct hostapd_data
*hapd
,
1761 struct wps_parse_attr
*attr
)
1763 struct wps_nfc_password_token_data data
;
1765 data
.oob_dev_pw
= attr
->oob_dev_password
;
1766 data
.oob_dev_pw_len
= attr
->oob_dev_password_len
;
1768 if (hostapd_wps_for_each(hapd
, wps_add_nfc_password_token
, &data
) < 0)
1770 return data
.added
? 0 : -1;
1774 static int hostapd_wps_nfc_tag_process(struct hostapd_data
*hapd
,
1775 const struct wpabuf
*wps
)
1777 struct wps_parse_attr attr
;
1779 wpa_hexdump_buf(MSG_DEBUG
, "WPS: Received NFC tag payload", wps
);
1781 if (wps_parse_msg(wps
, &attr
)) {
1782 wpa_printf(MSG_DEBUG
, "WPS: Ignore invalid data from NFC tag");
1786 if (attr
.oob_dev_password
)
1787 return hostapd_wps_add_nfc_password_token(hapd
, &attr
);
1789 wpa_printf(MSG_DEBUG
, "WPS: Ignore unrecognized NFC tag");
1794 int hostapd_wps_nfc_tag_read(struct hostapd_data
*hapd
,
1795 const struct wpabuf
*data
)
1797 const struct wpabuf
*wps
= data
;
1798 struct wpabuf
*tmp
= NULL
;
1801 if (wpabuf_len(data
) < 4)
1804 if (*wpabuf_head_u8(data
) != 0x10) {
1805 /* Assume this contains full NDEF record */
1806 tmp
= ndef_parse_wifi(data
);
1808 wpa_printf(MSG_DEBUG
, "WPS: Could not parse NDEF");
1814 ret
= hostapd_wps_nfc_tag_process(hapd
, wps
);
1820 struct wpabuf
* hostapd_wps_nfc_config_token(struct hostapd_data
*hapd
,
1825 if (hapd
->wps
== NULL
)
1828 ret
= wps_get_oob_cred(hapd
->wps
, hostapd_wps_rf_band_cb(hapd
),
1829 hapd
->iconf
->channel
);
1832 tmp
= ndef_build_wifi(ret
);
1843 struct wpabuf
* hostapd_wps_nfc_hs_cr(struct hostapd_data
*hapd
, int ndef
)
1847 if (hapd
->wps
== NULL
)
1850 if (hapd
->conf
->wps_nfc_dh_pubkey
== NULL
) {
1851 struct wps_context
*wps
= hapd
->wps
;
1852 if (wps_nfc_gen_dh(&hapd
->conf
->wps_nfc_dh_pubkey
,
1853 &hapd
->conf
->wps_nfc_dh_privkey
) < 0)
1855 hostapd_wps_nfc_clear(wps
);
1856 wps
->ap_nfc_dev_pw_id
= DEV_PW_NFC_CONNECTION_HANDOVER
;
1857 wps
->ap_nfc_dh_pubkey
=
1858 wpabuf_dup(hapd
->conf
->wps_nfc_dh_pubkey
);
1859 wps
->ap_nfc_dh_privkey
=
1860 wpabuf_dup(hapd
->conf
->wps_nfc_dh_privkey
);
1861 if (!wps
->ap_nfc_dh_pubkey
|| !wps
->ap_nfc_dh_privkey
) {
1862 hostapd_wps_nfc_clear(wps
);
1867 ret
= wps_build_nfc_handover_sel(hapd
->wps
,
1868 hapd
->conf
->wps_nfc_dh_pubkey
,
1869 hapd
->own_addr
, hapd
->iface
->freq
);
1873 tmp
= ndef_build_wifi(ret
);
1884 int hostapd_wps_nfc_report_handover(struct hostapd_data
*hapd
,
1885 const struct wpabuf
*req
,
1886 const struct wpabuf
*sel
)
1893 struct wps_parse_attr attr
;
1897 * Enrollee/station is always initiator of the NFC connection handover,
1898 * so use the request message here to find Enrollee public key hash.
1900 wps
= ndef_parse_wifi(req
);
1903 wpa_printf(MSG_DEBUG
, "WPS: Received application/vnd.wfa.wsc "
1904 "payload from NFC connection handover");
1905 wpa_hexdump_buf(MSG_DEBUG
, "WPS: NFC payload", wps
);
1906 if (wpabuf_len(wps
) < 2) {
1907 wpa_printf(MSG_DEBUG
, "WPS: Too short Wi-Fi Handover Request "
1911 pos
= wpabuf_head(wps
);
1912 wsc_len
= WPA_GET_BE16(pos
);
1913 if (wsc_len
> wpabuf_len(wps
) - 2) {
1914 wpa_printf(MSG_DEBUG
, "WPS: Invalid WSC attribute length (%u) "
1915 "in rt Wi-Fi Handover Request Message", wsc_len
);
1920 wpa_hexdump(MSG_DEBUG
,
1921 "WPS: WSC attributes in Wi-Fi Handover Request Message",
1923 if (wsc_len
< wpabuf_len(wps
) - 2) {
1924 wpa_hexdump(MSG_DEBUG
,
1925 "WPS: Ignore extra data after WSC attributes",
1926 pos
+ wsc_len
, wpabuf_len(wps
) - 2 - wsc_len
);
1929 wpabuf_set(&msg
, pos
, wsc_len
);
1930 ret
= wps_parse_msg(&msg
, &attr
);
1932 wpa_printf(MSG_DEBUG
, "WPS: Could not parse WSC attributes in "
1933 "Wi-Fi Handover Request Message");
1937 if (attr
.oob_dev_password
== NULL
||
1938 attr
.oob_dev_password_len
< WPS_OOB_PUBKEY_HASH_LEN
+ 2) {
1939 wpa_printf(MSG_DEBUG
, "WPS: No Out-of-Band Device Password "
1940 "included in Wi-Fi Handover Request Message");
1945 if (attr
.uuid_e
== NULL
) {
1946 wpa_printf(MSG_DEBUG
, "WPS: No UUID-E included in Wi-Fi "
1947 "Handover Request Message");
1952 wpa_hexdump(MSG_DEBUG
, "WPS: UUID-E", attr
.uuid_e
, WPS_UUID_LEN
);
1954 wpa_hexdump(MSG_DEBUG
, "WPS: Out-of-Band Device Password",
1955 attr
.oob_dev_password
, attr
.oob_dev_password_len
);
1956 dev_pw_id
= WPA_GET_BE16(attr
.oob_dev_password
+
1957 WPS_OOB_PUBKEY_HASH_LEN
);
1958 if (dev_pw_id
!= DEV_PW_NFC_CONNECTION_HANDOVER
) {
1959 wpa_printf(MSG_DEBUG
, "WPS: Unexpected OOB Device Password ID "
1960 "%u in Wi-Fi Handover Request Message", dev_pw_id
);
1964 wpa_hexdump(MSG_DEBUG
, "WPS: Enrollee Public Key hash",
1965 attr
.oob_dev_password
, WPS_OOB_PUBKEY_HASH_LEN
);
1967 ret
= wps_registrar_add_nfc_pw_token(hapd
->wps
->registrar
,
1968 attr
.oob_dev_password
,
1969 DEV_PW_NFC_CONNECTION_HANDOVER
,
1978 struct wpabuf
* hostapd_wps_nfc_token_gen(struct hostapd_data
*hapd
, int ndef
)
1980 if (hapd
->conf
->wps_nfc_pw_from_config
) {
1981 return wps_nfc_token_build(ndef
,
1982 hapd
->conf
->wps_nfc_dev_pw_id
,
1983 hapd
->conf
->wps_nfc_dh_pubkey
,
1984 hapd
->conf
->wps_nfc_dev_pw
);
1987 return wps_nfc_token_gen(ndef
, &hapd
->conf
->wps_nfc_dev_pw_id
,
1988 &hapd
->conf
->wps_nfc_dh_pubkey
,
1989 &hapd
->conf
->wps_nfc_dh_privkey
,
1990 &hapd
->conf
->wps_nfc_dev_pw
);
1994 int hostapd_wps_nfc_token_enable(struct hostapd_data
*hapd
)
1996 struct wps_context
*wps
= hapd
->wps
;
2002 if (!hapd
->conf
->wps_nfc_dh_pubkey
||
2003 !hapd
->conf
->wps_nfc_dh_privkey
||
2004 !hapd
->conf
->wps_nfc_dev_pw
||
2005 !hapd
->conf
->wps_nfc_dev_pw_id
)
2008 hostapd_wps_nfc_clear(wps
);
2009 wpa_printf(MSG_DEBUG
,
2010 "WPS: Enable NFC Tag (Dev Pw Id %u) for AP interface %s (context %p)",
2011 hapd
->conf
->wps_nfc_dev_pw_id
, hapd
->conf
->iface
, wps
);
2012 wps
->ap_nfc_dev_pw_id
= hapd
->conf
->wps_nfc_dev_pw_id
;
2013 wps
->ap_nfc_dh_pubkey
= wpabuf_dup(hapd
->conf
->wps_nfc_dh_pubkey
);
2014 wps
->ap_nfc_dh_privkey
= wpabuf_dup(hapd
->conf
->wps_nfc_dh_privkey
);
2015 pw
= hapd
->conf
->wps_nfc_dev_pw
;
2016 wps
->ap_nfc_dev_pw
= wpabuf_alloc(
2017 wpabuf_len(pw
) * 2 + 1);
2018 if (wps
->ap_nfc_dev_pw
) {
2019 wpa_snprintf_hex_uppercase(
2020 (char *) wpabuf_put(wps
->ap_nfc_dev_pw
,
2021 wpabuf_len(pw
) * 2),
2022 wpabuf_len(pw
) * 2 + 1,
2023 wpabuf_head(pw
), wpabuf_len(pw
));
2026 if (!wps
->ap_nfc_dh_pubkey
|| !wps
->ap_nfc_dh_privkey
||
2027 !wps
->ap_nfc_dev_pw
) {
2028 hostapd_wps_nfc_clear(wps
);
2036 void hostapd_wps_nfc_token_disable(struct hostapd_data
*hapd
)
2038 wpa_printf(MSG_DEBUG
, "WPS: Disable NFC token for AP interface %s",
2040 hostapd_wps_nfc_clear(hapd
->wps
);
2043 #endif /* CONFIG_WPS_NFC */