]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/wps/wps.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
WPS: Remove deprecated UFD config method and OOB ctrl_iface
[thirdparty/hostap.git] / src / wps / wps.c
1 /*
2 * Wi-Fi Protected Setup
3 * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/dh_group5.h"
13 #include "common/ieee802_11_defs.h"
14 #include "wps_i.h"
15 #include "wps_dev_attr.h"
16
17
18 #ifdef CONFIG_WPS_TESTING
19 int wps_version_number = 0x20;
20 int wps_testing_dummy_cred = 0;
21 #endif /* CONFIG_WPS_TESTING */
22
23
24 /**
25 * wps_init - Initialize WPS Registration protocol data
26 * @cfg: WPS configuration
27 * Returns: Pointer to allocated data or %NULL on failure
28 *
29 * This function is used to initialize WPS data for a registration protocol
30 * instance (i.e., each run of registration protocol as a Registrar of
31 * Enrollee. The caller is responsible for freeing this data after the
32 * registration run has been completed by calling wps_deinit().
33 */
34 struct wps_data * wps_init(const struct wps_config *cfg)
35 {
36 struct wps_data *data = os_zalloc(sizeof(*data));
37 if (data == NULL)
38 return NULL;
39 data->wps = cfg->wps;
40 data->registrar = cfg->registrar;
41 if (cfg->registrar) {
42 os_memcpy(data->uuid_r, cfg->wps->uuid, WPS_UUID_LEN);
43 } else {
44 os_memcpy(data->mac_addr_e, cfg->wps->dev.mac_addr, ETH_ALEN);
45 os_memcpy(data->uuid_e, cfg->wps->uuid, WPS_UUID_LEN);
46 }
47 if (cfg->pin) {
48 data->dev_pw_id = cfg->dev_pw_id;
49 data->dev_password = os_malloc(cfg->pin_len);
50 if (data->dev_password == NULL) {
51 os_free(data);
52 return NULL;
53 }
54 os_memcpy(data->dev_password, cfg->pin, cfg->pin_len);
55 data->dev_password_len = cfg->pin_len;
56 }
57
58 #ifdef CONFIG_WPS_NFC
59 if (cfg->wps->ap && !cfg->registrar && cfg->wps->ap_nfc_dev_pw_id) {
60 data->dev_pw_id = cfg->wps->ap_nfc_dev_pw_id;
61 os_free(data->dev_password);
62 data->dev_password =
63 os_malloc(wpabuf_len(cfg->wps->ap_nfc_dev_pw));
64 if (data->dev_password == NULL) {
65 os_free(data);
66 return NULL;
67 }
68 os_memcpy(data->dev_password,
69 wpabuf_head(cfg->wps->ap_nfc_dev_pw),
70 wpabuf_len(cfg->wps->ap_nfc_dev_pw));
71 data->dev_password_len = wpabuf_len(cfg->wps->ap_nfc_dev_pw);
72 }
73 #endif /* CONFIG_WPS_NFC */
74
75 data->pbc = cfg->pbc;
76 if (cfg->pbc) {
77 /* Use special PIN '00000000' for PBC */
78 data->dev_pw_id = DEV_PW_PUSHBUTTON;
79 os_free(data->dev_password);
80 data->dev_password = (u8 *) os_strdup("00000000");
81 if (data->dev_password == NULL) {
82 os_free(data);
83 return NULL;
84 }
85 data->dev_password_len = 8;
86 }
87
88 data->state = data->registrar ? RECV_M1 : SEND_M1;
89
90 if (cfg->assoc_wps_ie) {
91 struct wps_parse_attr attr;
92 wpa_hexdump_buf(MSG_DEBUG, "WPS: WPS IE from (Re)AssocReq",
93 cfg->assoc_wps_ie);
94 if (wps_parse_msg(cfg->assoc_wps_ie, &attr) < 0) {
95 wpa_printf(MSG_DEBUG, "WPS: Failed to parse WPS IE "
96 "from (Re)AssocReq");
97 } else if (attr.request_type == NULL) {
98 wpa_printf(MSG_DEBUG, "WPS: No Request Type attribute "
99 "in (Re)AssocReq WPS IE");
100 } else {
101 wpa_printf(MSG_DEBUG, "WPS: Request Type (from WPS IE "
102 "in (Re)AssocReq WPS IE): %d",
103 *attr.request_type);
104 data->request_type = *attr.request_type;
105 }
106 }
107
108 if (cfg->new_ap_settings) {
109 data->new_ap_settings =
110 os_malloc(sizeof(*data->new_ap_settings));
111 if (data->new_ap_settings == NULL) {
112 os_free(data->dev_password);
113 os_free(data);
114 return NULL;
115 }
116 os_memcpy(data->new_ap_settings, cfg->new_ap_settings,
117 sizeof(*data->new_ap_settings));
118 }
119
120 if (cfg->peer_addr)
121 os_memcpy(data->peer_dev.mac_addr, cfg->peer_addr, ETH_ALEN);
122 if (cfg->p2p_dev_addr)
123 os_memcpy(data->p2p_dev_addr, cfg->p2p_dev_addr, ETH_ALEN);
124
125 data->use_psk_key = cfg->use_psk_key;
126 data->pbc_in_m1 = cfg->pbc_in_m1;
127
128 return data;
129 }
130
131
132 /**
133 * wps_deinit - Deinitialize WPS Registration protocol data
134 * @data: WPS Registration protocol data from wps_init()
135 */
136 void wps_deinit(struct wps_data *data)
137 {
138 #ifdef CONFIG_WPS_NFC
139 if (data->registrar && data->nfc_pw_token)
140 wps_registrar_remove_nfc_pw_token(data->wps->registrar,
141 data->nfc_pw_token);
142 #endif /* CONFIG_WPS_NFC */
143
144 if (data->wps_pin_revealed) {
145 wpa_printf(MSG_DEBUG, "WPS: Full PIN information revealed and "
146 "negotiation failed");
147 if (data->registrar)
148 wps_registrar_invalidate_pin(data->wps->registrar,
149 data->uuid_e);
150 } else if (data->registrar)
151 wps_registrar_unlock_pin(data->wps->registrar, data->uuid_e);
152
153 wpabuf_free(data->dh_privkey);
154 wpabuf_free(data->dh_pubkey_e);
155 wpabuf_free(data->dh_pubkey_r);
156 wpabuf_free(data->last_msg);
157 os_free(data->dev_password);
158 os_free(data->new_psk);
159 wps_device_data_free(&data->peer_dev);
160 os_free(data->new_ap_settings);
161 dh5_free(data->dh_ctx);
162 os_free(data->nfc_pw_token);
163 os_free(data);
164 }
165
166
167 /**
168 * wps_process_msg - Process a WPS message
169 * @wps: WPS Registration protocol data from wps_init()
170 * @op_code: Message OP Code
171 * @msg: Message data
172 * Returns: Processing result
173 *
174 * This function is used to process WPS messages with OP Codes WSC_ACK,
175 * WSC_NACK, WSC_MSG, and WSC_Done. The caller (e.g., EAP server/peer) is
176 * responsible for reassembling the messages before calling this function.
177 * Response to this message is built by calling wps_get_msg().
178 */
179 enum wps_process_res wps_process_msg(struct wps_data *wps,
180 enum wsc_op_code op_code,
181 const struct wpabuf *msg)
182 {
183 if (wps->registrar)
184 return wps_registrar_process_msg(wps, op_code, msg);
185 else
186 return wps_enrollee_process_msg(wps, op_code, msg);
187 }
188
189
190 /**
191 * wps_get_msg - Build a WPS message
192 * @wps: WPS Registration protocol data from wps_init()
193 * @op_code: Buffer for returning message OP Code
194 * Returns: The generated WPS message or %NULL on failure
195 *
196 * This function is used to build a response to a message processed by calling
197 * wps_process_msg(). The caller is responsible for freeing the buffer.
198 */
199 struct wpabuf * wps_get_msg(struct wps_data *wps, enum wsc_op_code *op_code)
200 {
201 if (wps->registrar)
202 return wps_registrar_get_msg(wps, op_code);
203 else
204 return wps_enrollee_get_msg(wps, op_code);
205 }
206
207
208 /**
209 * wps_is_selected_pbc_registrar - Check whether WPS IE indicates active PBC
210 * @msg: WPS IE contents from Beacon or Probe Response frame
211 * Returns: 1 if PBC Registrar is active, 0 if not
212 */
213 int wps_is_selected_pbc_registrar(const struct wpabuf *msg)
214 {
215 struct wps_parse_attr attr;
216
217 /*
218 * In theory, this could also verify that attr.sel_reg_config_methods
219 * includes WPS_CONFIG_PUSHBUTTON, but some deployed AP implementations
220 * do not set Selected Registrar Config Methods attribute properly, so
221 * it is safer to just use Device Password ID here.
222 */
223
224 if (wps_parse_msg(msg, &attr) < 0 ||
225 !attr.selected_registrar || *attr.selected_registrar == 0 ||
226 !attr.dev_password_id ||
227 WPA_GET_BE16(attr.dev_password_id) != DEV_PW_PUSHBUTTON)
228 return 0;
229
230 #ifdef CONFIG_WPS_STRICT
231 if (!attr.sel_reg_config_methods ||
232 !(WPA_GET_BE16(attr.sel_reg_config_methods) &
233 WPS_CONFIG_PUSHBUTTON))
234 return 0;
235 #endif /* CONFIG_WPS_STRICT */
236
237 return 1;
238 }
239
240
241 static int is_selected_pin_registrar(struct wps_parse_attr *attr)
242 {
243 /*
244 * In theory, this could also verify that attr.sel_reg_config_methods
245 * includes WPS_CONFIG_LABEL, WPS_CONFIG_DISPLAY, or WPS_CONFIG_KEYPAD,
246 * but some deployed AP implementations do not set Selected Registrar
247 * Config Methods attribute properly, so it is safer to just use
248 * Device Password ID here.
249 */
250
251 if (!attr->selected_registrar || *attr->selected_registrar == 0)
252 return 0;
253
254 if (attr->dev_password_id != NULL &&
255 WPA_GET_BE16(attr->dev_password_id) == DEV_PW_PUSHBUTTON)
256 return 0;
257
258 #ifdef CONFIG_WPS_STRICT
259 if (!attr->sel_reg_config_methods ||
260 !(WPA_GET_BE16(attr->sel_reg_config_methods) &
261 (WPS_CONFIG_LABEL | WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD)))
262 return 0;
263 #endif /* CONFIG_WPS_STRICT */
264
265 return 1;
266 }
267
268
269 /**
270 * wps_is_selected_pin_registrar - Check whether WPS IE indicates active PIN
271 * @msg: WPS IE contents from Beacon or Probe Response frame
272 * Returns: 1 if PIN Registrar is active, 0 if not
273 */
274 int wps_is_selected_pin_registrar(const struct wpabuf *msg)
275 {
276 struct wps_parse_attr attr;
277
278 if (wps_parse_msg(msg, &attr) < 0)
279 return 0;
280
281 return is_selected_pin_registrar(&attr);
282 }
283
284
285 /**
286 * wps_is_addr_authorized - Check whether WPS IE authorizes MAC address
287 * @msg: WPS IE contents from Beacon or Probe Response frame
288 * @addr: MAC address to search for
289 * @ver1_compat: Whether to use version 1 compatibility mode
290 * Returns: 2 if the specified address is explicit authorized, 1 if address is
291 * authorized (broadcast), 0 if not
292 */
293 int wps_is_addr_authorized(const struct wpabuf *msg, const u8 *addr,
294 int ver1_compat)
295 {
296 struct wps_parse_attr attr;
297 unsigned int i;
298 const u8 *pos;
299 const u8 bcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
300
301 if (wps_parse_msg(msg, &attr) < 0)
302 return 0;
303
304 if (!attr.version2 && ver1_compat) {
305 /*
306 * Version 1.0 AP - AuthorizedMACs not used, so revert back to
307 * old mechanism of using SelectedRegistrar.
308 */
309 return is_selected_pin_registrar(&attr);
310 }
311
312 if (!attr.authorized_macs)
313 return 0;
314
315 pos = attr.authorized_macs;
316 for (i = 0; i < attr.authorized_macs_len / ETH_ALEN; i++) {
317 if (os_memcmp(pos, addr, ETH_ALEN) == 0)
318 return 2;
319 if (os_memcmp(pos, bcast, ETH_ALEN) == 0)
320 return 1;
321 pos += ETH_ALEN;
322 }
323
324 return 0;
325 }
326
327
328 /**
329 * wps_ap_priority_compar - Prioritize WPS IE from two APs
330 * @wps_a: WPS IE contents from Beacon or Probe Response frame
331 * @wps_b: WPS IE contents from Beacon or Probe Response frame
332 * Returns: 1 if wps_b is considered more likely selection for WPS
333 * provisioning, -1 if wps_a is considered more like, or 0 if no preference
334 */
335 int wps_ap_priority_compar(const struct wpabuf *wps_a,
336 const struct wpabuf *wps_b)
337 {
338 struct wps_parse_attr attr_a, attr_b;
339 int sel_a, sel_b;
340
341 if (wps_a == NULL || wps_parse_msg(wps_a, &attr_a) < 0)
342 return 1;
343 if (wps_b == NULL || wps_parse_msg(wps_b, &attr_b) < 0)
344 return -1;
345
346 sel_a = attr_a.selected_registrar && *attr_a.selected_registrar != 0;
347 sel_b = attr_b.selected_registrar && *attr_b.selected_registrar != 0;
348
349 if (sel_a && !sel_b)
350 return -1;
351 if (!sel_a && sel_b)
352 return 1;
353
354 return 0;
355 }
356
357
358 /**
359 * wps_get_uuid_e - Get UUID-E from WPS IE
360 * @msg: WPS IE contents from Beacon or Probe Response frame
361 * Returns: Pointer to UUID-E or %NULL if not included
362 *
363 * The returned pointer is to the msg contents and it remains valid only as
364 * long as the msg buffer is valid.
365 */
366 const u8 * wps_get_uuid_e(const struct wpabuf *msg)
367 {
368 struct wps_parse_attr attr;
369
370 if (wps_parse_msg(msg, &attr) < 0)
371 return NULL;
372 return attr.uuid_e;
373 }
374
375
376 /**
377 * wps_is_20 - Check whether WPS attributes claim support for WPS 2.0
378 */
379 int wps_is_20(const struct wpabuf *msg)
380 {
381 struct wps_parse_attr attr;
382
383 if (msg == NULL || wps_parse_msg(msg, &attr) < 0)
384 return 0;
385 return attr.version2 != NULL;
386 }
387
388
389 /**
390 * wps_build_assoc_req_ie - Build WPS IE for (Re)Association Request
391 * @req_type: Value for Request Type attribute
392 * Returns: WPS IE or %NULL on failure
393 *
394 * The caller is responsible for freeing the buffer.
395 */
396 struct wpabuf * wps_build_assoc_req_ie(enum wps_request_type req_type)
397 {
398 struct wpabuf *ie;
399 u8 *len;
400
401 wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for (Re)Association "
402 "Request");
403 ie = wpabuf_alloc(100);
404 if (ie == NULL)
405 return NULL;
406
407 wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
408 len = wpabuf_put(ie, 1);
409 wpabuf_put_be32(ie, WPS_DEV_OUI_WFA);
410
411 if (wps_build_version(ie) ||
412 wps_build_req_type(ie, req_type) ||
413 wps_build_wfa_ext(ie, 0, NULL, 0)) {
414 wpabuf_free(ie);
415 return NULL;
416 }
417
418 *len = wpabuf_len(ie) - 2;
419
420 return ie;
421 }
422
423
424 /**
425 * wps_build_assoc_resp_ie - Build WPS IE for (Re)Association Response
426 * Returns: WPS IE or %NULL on failure
427 *
428 * The caller is responsible for freeing the buffer.
429 */
430 struct wpabuf * wps_build_assoc_resp_ie(void)
431 {
432 struct wpabuf *ie;
433 u8 *len;
434
435 wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for (Re)Association "
436 "Response");
437 ie = wpabuf_alloc(100);
438 if (ie == NULL)
439 return NULL;
440
441 wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
442 len = wpabuf_put(ie, 1);
443 wpabuf_put_be32(ie, WPS_DEV_OUI_WFA);
444
445 if (wps_build_version(ie) ||
446 wps_build_resp_type(ie, WPS_RESP_AP) ||
447 wps_build_wfa_ext(ie, 0, NULL, 0)) {
448 wpabuf_free(ie);
449 return NULL;
450 }
451
452 *len = wpabuf_len(ie) - 2;
453
454 return ie;
455 }
456
457
458 /**
459 * wps_build_probe_req_ie - Build WPS IE for Probe Request
460 * @pw_id: Password ID (DEV_PW_PUSHBUTTON for active PBC and DEV_PW_DEFAULT for
461 * most other use cases)
462 * @dev: Device attributes
463 * @uuid: Own UUID
464 * @req_type: Value for Request Type attribute
465 * @num_req_dev_types: Number of requested device types
466 * @req_dev_types: Requested device types (8 * num_req_dev_types octets) or
467 * %NULL if none
468 * Returns: WPS IE or %NULL on failure
469 *
470 * The caller is responsible for freeing the buffer.
471 */
472 struct wpabuf * wps_build_probe_req_ie(u16 pw_id, struct wps_device_data *dev,
473 const u8 *uuid,
474 enum wps_request_type req_type,
475 unsigned int num_req_dev_types,
476 const u8 *req_dev_types)
477 {
478 struct wpabuf *ie;
479
480 wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for Probe Request");
481
482 ie = wpabuf_alloc(500);
483 if (ie == NULL)
484 return NULL;
485
486 if (wps_build_version(ie) ||
487 wps_build_req_type(ie, req_type) ||
488 wps_build_config_methods(ie, dev->config_methods) ||
489 wps_build_uuid_e(ie, uuid) ||
490 wps_build_primary_dev_type(dev, ie) ||
491 wps_build_rf_bands(dev, ie) ||
492 wps_build_assoc_state(NULL, ie) ||
493 wps_build_config_error(ie, WPS_CFG_NO_ERROR) ||
494 wps_build_dev_password_id(ie, pw_id) ||
495 #ifdef CONFIG_WPS2
496 wps_build_manufacturer(dev, ie) ||
497 wps_build_model_name(dev, ie) ||
498 wps_build_model_number(dev, ie) ||
499 wps_build_dev_name(dev, ie) ||
500 wps_build_wfa_ext(ie, req_type == WPS_REQ_ENROLLEE, NULL, 0) ||
501 #endif /* CONFIG_WPS2 */
502 wps_build_req_dev_type(dev, ie, num_req_dev_types, req_dev_types)
503 ||
504 wps_build_secondary_dev_type(dev, ie)
505 ) {
506 wpabuf_free(ie);
507 return NULL;
508 }
509
510 #ifndef CONFIG_WPS2
511 if (dev->p2p && wps_build_dev_name(dev, ie)) {
512 wpabuf_free(ie);
513 return NULL;
514 }
515 #endif /* CONFIG_WPS2 */
516
517 return wps_ie_encapsulate(ie);
518 }
519
520
521 void wps_free_pending_msgs(struct upnp_pending_message *msgs)
522 {
523 struct upnp_pending_message *p, *prev;
524 p = msgs;
525 while (p) {
526 prev = p;
527 p = p->next;
528 wpabuf_free(prev->msg);
529 os_free(prev);
530 }
531 }
532
533
534 int wps_attr_text(struct wpabuf *data, char *buf, char *end)
535 {
536 struct wps_parse_attr attr;
537 char *pos = buf;
538 int ret;
539
540 if (wps_parse_msg(data, &attr) < 0)
541 return -1;
542
543 if (attr.wps_state) {
544 if (*attr.wps_state == WPS_STATE_NOT_CONFIGURED)
545 ret = os_snprintf(pos, end - pos,
546 "wps_state=unconfigured\n");
547 else if (*attr.wps_state == WPS_STATE_CONFIGURED)
548 ret = os_snprintf(pos, end - pos,
549 "wps_state=configured\n");
550 else
551 ret = 0;
552 if (ret < 0 || ret >= end - pos)
553 return pos - buf;
554 pos += ret;
555 }
556
557 if (attr.ap_setup_locked && *attr.ap_setup_locked) {
558 ret = os_snprintf(pos, end - pos,
559 "wps_ap_setup_locked=1\n");
560 if (ret < 0 || ret >= end - pos)
561 return pos - buf;
562 pos += ret;
563 }
564
565 if (attr.selected_registrar && *attr.selected_registrar) {
566 ret = os_snprintf(pos, end - pos,
567 "wps_selected_registrar=1\n");
568 if (ret < 0 || ret >= end - pos)
569 return pos - buf;
570 pos += ret;
571 }
572
573 if (attr.dev_password_id) {
574 ret = os_snprintf(pos, end - pos,
575 "wps_device_password_id=%u\n",
576 WPA_GET_BE16(attr.dev_password_id));
577 if (ret < 0 || ret >= end - pos)
578 return pos - buf;
579 pos += ret;
580 }
581
582 if (attr.sel_reg_config_methods) {
583 ret = os_snprintf(pos, end - pos,
584 "wps_selected_registrar_config_methods="
585 "0x%04x\n",
586 WPA_GET_BE16(attr.sel_reg_config_methods));
587 if (ret < 0 || ret >= end - pos)
588 return pos - buf;
589 pos += ret;
590 }
591
592 if (attr.primary_dev_type) {
593 char devtype[WPS_DEV_TYPE_BUFSIZE];
594 ret = os_snprintf(pos, end - pos,
595 "wps_primary_device_type=%s\n",
596 wps_dev_type_bin2str(attr.primary_dev_type,
597 devtype,
598 sizeof(devtype)));
599 if (ret < 0 || ret >= end - pos)
600 return pos - buf;
601 pos += ret;
602 }
603
604 if (attr.dev_name) {
605 char *str = os_malloc(attr.dev_name_len + 1);
606 size_t i;
607 if (str == NULL)
608 return pos - buf;
609 for (i = 0; i < attr.dev_name_len; i++) {
610 if (attr.dev_name[i] < 32)
611 str[i] = '_';
612 else
613 str[i] = attr.dev_name[i];
614 }
615 str[i] = '\0';
616 ret = os_snprintf(pos, end - pos, "wps_device_name=%s\n", str);
617 os_free(str);
618 if (ret < 0 || ret >= end - pos)
619 return pos - buf;
620 pos += ret;
621 }
622
623 if (attr.config_methods) {
624 ret = os_snprintf(pos, end - pos,
625 "wps_config_methods=0x%04x\n",
626 WPA_GET_BE16(attr.config_methods));
627 if (ret < 0 || ret >= end - pos)
628 return pos - buf;
629 pos += ret;
630 }
631
632 return pos - buf;
633 }
Unnamed repository; edit this file 'description' to name the repository.