2 * Wi-Fi Protected Setup - Enrollee
3 * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
20 #include "wps_dev_attr.h"
23 static int wps_build_mac_addr(struct wps_data
*wps
, struct wpabuf
*msg
)
25 wpa_printf(MSG_DEBUG
, "WPS: * MAC Address");
26 wpabuf_put_be16(msg
, ATTR_MAC_ADDR
);
27 wpabuf_put_be16(msg
, ETH_ALEN
);
28 wpabuf_put_data(msg
, wps
->mac_addr_e
, ETH_ALEN
);
33 static int wps_build_wps_state(struct wps_data
*wps
, struct wpabuf
*msg
)
35 wpa_printf(MSG_DEBUG
, "WPS: * Wi-Fi Protected Setup State");
36 wpabuf_put_be16(msg
, ATTR_WPS_STATE
);
37 wpabuf_put_be16(msg
, 1);
38 wpabuf_put_u8(msg
, WPS_STATE_CONFIGURED
);
43 static int wps_build_e_hash(struct wps_data
*wps
, struct wpabuf
*msg
)
49 if (os_get_random(wps
->snonce
, 2 * WPS_SECRET_NONCE_LEN
) < 0)
51 wpa_hexdump(MSG_DEBUG
, "WPS: E-S1", wps
->snonce
, WPS_SECRET_NONCE_LEN
);
52 wpa_hexdump(MSG_DEBUG
, "WPS: E-S2",
53 wps
->snonce
+ WPS_SECRET_NONCE_LEN
, WPS_SECRET_NONCE_LEN
);
55 if (wps
->dh_pubkey_e
== NULL
|| wps
->dh_pubkey_r
== NULL
) {
56 wpa_printf(MSG_DEBUG
, "WPS: DH public keys not available for "
61 wpa_printf(MSG_DEBUG
, "WPS: * E-Hash1");
62 wpabuf_put_be16(msg
, ATTR_E_HASH1
);
63 wpabuf_put_be16(msg
, SHA256_MAC_LEN
);
64 hash
= wpabuf_put(msg
, SHA256_MAC_LEN
);
65 /* E-Hash1 = HMAC_AuthKey(E-S1 || PSK1 || PK_E || PK_R) */
66 addr
[0] = wps
->snonce
;
67 len
[0] = WPS_SECRET_NONCE_LEN
;
70 addr
[2] = wpabuf_head(wps
->dh_pubkey_e
);
71 len
[2] = wpabuf_len(wps
->dh_pubkey_e
);
72 addr
[3] = wpabuf_head(wps
->dh_pubkey_r
);
73 len
[3] = wpabuf_len(wps
->dh_pubkey_r
);
74 hmac_sha256_vector(wps
->authkey
, WPS_AUTHKEY_LEN
, 4, addr
, len
, hash
);
75 wpa_hexdump(MSG_DEBUG
, "WPS: E-Hash1", hash
, SHA256_MAC_LEN
);
77 wpa_printf(MSG_DEBUG
, "WPS: * E-Hash2");
78 wpabuf_put_be16(msg
, ATTR_E_HASH2
);
79 wpabuf_put_be16(msg
, SHA256_MAC_LEN
);
80 hash
= wpabuf_put(msg
, SHA256_MAC_LEN
);
81 /* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
82 addr
[0] = wps
->snonce
+ WPS_SECRET_NONCE_LEN
;
84 hmac_sha256_vector(wps
->authkey
, WPS_AUTHKEY_LEN
, 4, addr
, len
, hash
);
85 wpa_hexdump(MSG_DEBUG
, "WPS: E-Hash2", hash
, SHA256_MAC_LEN
);
91 static int wps_build_e_snonce1(struct wps_data
*wps
, struct wpabuf
*msg
)
93 wpa_printf(MSG_DEBUG
, "WPS: * E-SNonce1");
94 wpabuf_put_be16(msg
, ATTR_E_SNONCE1
);
95 wpabuf_put_be16(msg
, WPS_SECRET_NONCE_LEN
);
96 wpabuf_put_data(msg
, wps
->snonce
, WPS_SECRET_NONCE_LEN
);
101 static int wps_build_e_snonce2(struct wps_data
*wps
, struct wpabuf
*msg
)
103 wpa_printf(MSG_DEBUG
, "WPS: * E-SNonce2");
104 wpabuf_put_be16(msg
, ATTR_E_SNONCE2
);
105 wpabuf_put_be16(msg
, WPS_SECRET_NONCE_LEN
);
106 wpabuf_put_data(msg
, wps
->snonce
+ WPS_SECRET_NONCE_LEN
,
107 WPS_SECRET_NONCE_LEN
);
112 static struct wpabuf
* wps_build_m1(struct wps_data
*wps
)
117 if (os_get_random(wps
->nonce_e
, WPS_NONCE_LEN
) < 0)
119 wpa_hexdump(MSG_DEBUG
, "WPS: Enrollee Nonce",
120 wps
->nonce_e
, WPS_NONCE_LEN
);
122 wpa_printf(MSG_DEBUG
, "WPS: Building Message M1");
123 msg
= wpabuf_alloc(1000);
127 methods
= WPS_CONFIG_LABEL
| WPS_CONFIG_DISPLAY
| WPS_CONFIG_KEYPAD
;
129 methods
|= WPS_CONFIG_PUSHBUTTON
;
131 if (wps_build_version(msg
) ||
132 wps_build_msg_type(msg
, WPS_M1
) ||
133 wps_build_uuid_e(msg
, wps
->uuid_e
) ||
134 wps_build_mac_addr(wps
, msg
) ||
135 wps_build_enrollee_nonce(wps
, msg
) ||
136 wps_build_public_key(wps
, msg
) ||
137 wps_build_auth_type_flags(wps
, msg
) ||
138 wps_build_encr_type_flags(wps
, msg
) ||
139 wps_build_conn_type_flags(wps
, msg
) ||
140 wps_build_config_methods(msg
, methods
) ||
141 wps_build_wps_state(wps
, msg
) ||
142 wps_build_device_attrs(&wps
->wps
->dev
, msg
) ||
143 wps_build_rf_bands(&wps
->wps
->dev
, msg
) ||
144 wps_build_assoc_state(wps
, msg
) ||
145 wps_build_dev_password_id(msg
, wps
->dev_pw_id
) ||
146 wps_build_config_error(msg
, WPS_CFG_NO_ERROR
) ||
147 wps_build_os_version(&wps
->wps
->dev
, msg
)) {
152 wps
->state
= RECV_M2
;
157 static struct wpabuf
* wps_build_m3(struct wps_data
*wps
)
161 wpa_printf(MSG_DEBUG
, "WPS: Building Message M3");
163 if (wps
->dev_password
== NULL
) {
164 wpa_printf(MSG_DEBUG
, "WPS: No Device Password available");
167 wps_derive_psk(wps
, wps
->dev_password
, wps
->dev_password_len
);
169 msg
= wpabuf_alloc(1000);
173 if (wps_build_version(msg
) ||
174 wps_build_msg_type(msg
, WPS_M3
) ||
175 wps_build_registrar_nonce(wps
, msg
) ||
176 wps_build_e_hash(wps
, msg
) ||
177 wps_build_authenticator(wps
, msg
)) {
182 wps
->state
= RECV_M4
;
187 static struct wpabuf
* wps_build_m5(struct wps_data
*wps
)
189 struct wpabuf
*msg
, *plain
;
191 wpa_printf(MSG_DEBUG
, "WPS: Building Message M5");
193 plain
= wpabuf_alloc(200);
197 msg
= wpabuf_alloc(1000);
203 if (wps_build_version(msg
) ||
204 wps_build_msg_type(msg
, WPS_M5
) ||
205 wps_build_registrar_nonce(wps
, msg
) ||
206 wps_build_e_snonce1(wps
, plain
) ||
207 wps_build_key_wrap_auth(wps
, plain
) ||
208 wps_build_encr_settings(wps
, msg
, plain
) ||
209 wps_build_authenticator(wps
, msg
)) {
216 wps
->state
= RECV_M6
;
221 static int wps_build_cred_ssid(struct wps_data
*wps
, struct wpabuf
*msg
)
223 wpa_printf(MSG_DEBUG
, "WPS: * SSID");
224 wpabuf_put_be16(msg
, ATTR_SSID
);
225 wpabuf_put_be16(msg
, wps
->wps
->ssid_len
);
226 wpabuf_put_data(msg
, wps
->wps
->ssid
, wps
->wps
->ssid_len
);
231 static int wps_build_cred_auth_type(struct wps_data
*wps
, struct wpabuf
*msg
)
233 wpa_printf(MSG_DEBUG
, "WPS: * Authentication Type");
234 wpabuf_put_be16(msg
, ATTR_AUTH_TYPE
);
235 wpabuf_put_be16(msg
, 2);
236 wpabuf_put_be16(msg
, wps
->wps
->auth_types
);
241 static int wps_build_cred_encr_type(struct wps_data
*wps
, struct wpabuf
*msg
)
243 wpa_printf(MSG_DEBUG
, "WPS: * Encryption Type");
244 wpabuf_put_be16(msg
, ATTR_ENCR_TYPE
);
245 wpabuf_put_be16(msg
, 2);
246 wpabuf_put_be16(msg
, wps
->wps
->encr_types
);
251 static int wps_build_cred_network_key(struct wps_data
*wps
, struct wpabuf
*msg
)
253 wpa_printf(MSG_DEBUG
, "WPS: * Network Key");
254 wpabuf_put_be16(msg
, ATTR_NETWORK_KEY
);
255 wpabuf_put_be16(msg
, wps
->wps
->network_key_len
);
256 wpabuf_put_data(msg
, wps
->wps
->network_key
, wps
->wps
->network_key_len
);
261 static int wps_build_cred_mac_addr(struct wps_data
*wps
, struct wpabuf
*msg
)
263 wpa_printf(MSG_DEBUG
, "WPS: * MAC Address (AP BSSID)");
264 wpabuf_put_be16(msg
, ATTR_MAC_ADDR
);
265 wpabuf_put_be16(msg
, ETH_ALEN
);
266 wpabuf_put_data(msg
, wps
->wps
->dev
.mac_addr
, ETH_ALEN
);
271 static struct wpabuf
* wps_build_m7(struct wps_data
*wps
)
273 struct wpabuf
*msg
, *plain
;
275 wpa_printf(MSG_DEBUG
, "WPS: Building Message M7");
277 plain
= wpabuf_alloc(500);
281 msg
= wpabuf_alloc(1000);
287 if (wps_build_version(msg
) ||
288 wps_build_msg_type(msg
, WPS_M7
) ||
289 wps_build_registrar_nonce(wps
, msg
) ||
290 wps_build_e_snonce2(wps
, plain
) ||
291 (wps
->authenticator
&&
292 (wps_build_cred_ssid(wps
, plain
) ||
293 wps_build_cred_mac_addr(wps
, plain
) ||
294 wps_build_cred_auth_type(wps
, plain
) ||
295 wps_build_cred_encr_type(wps
, plain
) ||
296 wps_build_cred_network_key(wps
, plain
))) ||
297 wps_build_key_wrap_auth(wps
, plain
) ||
298 wps_build_encr_settings(wps
, msg
, plain
) ||
299 wps_build_authenticator(wps
, msg
)) {
306 wps
->state
= RECV_M8
;
311 static struct wpabuf
* wps_build_wsc_done(struct wps_data
*wps
)
315 wpa_printf(MSG_DEBUG
, "WPS: Building Message WSC_Done");
317 msg
= wpabuf_alloc(1000);
321 if (wps_build_version(msg
) ||
322 wps_build_msg_type(msg
, WPS_WSC_DONE
) ||
323 wps_build_enrollee_nonce(wps
, msg
) ||
324 wps_build_registrar_nonce(wps
, msg
)) {
329 if (wps
->authenticator
)
330 wps
->state
= RECV_ACK
;
332 wps_success_event(wps
->wps
);
333 wps
->state
= WPS_FINISHED
;
339 static struct wpabuf
* wps_build_wsc_ack(struct wps_data
*wps
)
343 wpa_printf(MSG_DEBUG
, "WPS: Building Message WSC_ACK");
345 msg
= wpabuf_alloc(1000);
349 if (wps_build_version(msg
) ||
350 wps_build_msg_type(msg
, WPS_WSC_ACK
) ||
351 wps_build_enrollee_nonce(wps
, msg
) ||
352 wps_build_registrar_nonce(wps
, msg
)) {
361 static struct wpabuf
* wps_build_wsc_nack(struct wps_data
*wps
)
365 wpa_printf(MSG_DEBUG
, "WPS: Building Message WSC_NACK");
367 msg
= wpabuf_alloc(1000);
371 if (wps_build_version(msg
) ||
372 wps_build_msg_type(msg
, WPS_WSC_NACK
) ||
373 wps_build_enrollee_nonce(wps
, msg
) ||
374 wps_build_registrar_nonce(wps
, msg
) ||
375 wps_build_config_error(msg
, wps
->config_error
)) {
384 struct wpabuf
* wps_enrollee_get_msg(struct wps_data
*wps
, u8
*op_code
)
388 switch (wps
->state
) {
390 msg
= wps_build_m1(wps
);
394 msg
= wps_build_m3(wps
);
398 msg
= wps_build_m5(wps
);
402 msg
= wps_build_m7(wps
);
406 if (wps
->authenticator
) {
407 msg
= wps_build_wsc_nack(wps
);
411 msg
= wps_build_wsc_ack(wps
);
414 /* Another M2/M2D may be received */
415 wps
->state
= RECV_M2
;
419 msg
= wps_build_wsc_nack(wps
);
423 msg
= wps_build_wsc_done(wps
);
427 wpa_printf(MSG_DEBUG
, "WPS: Unsupported state %d for building "
428 "a message", wps
->state
);
433 if (*op_code
== WSC_MSG
&& msg
) {
434 /* Save a copy of the last message for Authenticator derivation
436 wpabuf_free(wps
->last_msg
);
437 wps
->last_msg
= wpabuf_dup(msg
);
444 static int wps_process_registrar_nonce(struct wps_data
*wps
, const u8
*r_nonce
)
446 if (r_nonce
== NULL
) {
447 wpa_printf(MSG_DEBUG
, "WPS: No Registrar Nonce received");
451 os_memcpy(wps
->nonce_r
, r_nonce
, WPS_NONCE_LEN
);
452 wpa_hexdump(MSG_DEBUG
, "WPS: Registrar Nonce",
453 wps
->nonce_r
, WPS_NONCE_LEN
);
459 static int wps_process_enrollee_nonce(struct wps_data
*wps
, const u8
*e_nonce
)
461 if (e_nonce
== NULL
) {
462 wpa_printf(MSG_DEBUG
, "WPS: No Enrollee Nonce received");
466 if (os_memcmp(wps
->nonce_e
, e_nonce
, WPS_NONCE_LEN
) != 0) {
467 wpa_printf(MSG_DEBUG
, "WPS: Invalid Enrollee Nonce received");
475 static int wps_process_uuid_r(struct wps_data
*wps
, const u8
*uuid_r
)
477 if (uuid_r
== NULL
) {
478 wpa_printf(MSG_DEBUG
, "WPS: No UUID-R received");
482 os_memcpy(wps
->uuid_r
, uuid_r
, WPS_UUID_LEN
);
483 wpa_hexdump(MSG_DEBUG
, "WPS: UUID-R", wps
->uuid_r
, WPS_UUID_LEN
);
489 static int wps_process_pubkey(struct wps_data
*wps
, const u8
*pk
,
492 if (pk
== NULL
|| pk_len
== 0) {
493 wpa_printf(MSG_DEBUG
, "WPS: No Public Key received");
497 wpabuf_free(wps
->dh_pubkey_r
);
498 wps
->dh_pubkey_r
= wpabuf_alloc_copy(pk
, pk_len
);
499 if (wps
->dh_pubkey_r
== NULL
)
502 if (wps_derive_keys(wps
) < 0)
505 if (wps
->request_type
== WPS_REQ_WLAN_MANAGER_REGISTRAR
&&
506 wps_derive_mgmt_keys(wps
) < 0)
513 static int wps_process_r_hash1(struct wps_data
*wps
, const u8
*r_hash1
)
515 if (r_hash1
== NULL
) {
516 wpa_printf(MSG_DEBUG
, "WPS: No R-Hash1 received");
520 os_memcpy(wps
->peer_hash1
, r_hash1
, WPS_HASH_LEN
);
521 wpa_hexdump(MSG_DEBUG
, "WPS: R-Hash1", wps
->peer_hash1
, WPS_HASH_LEN
);
527 static int wps_process_r_hash2(struct wps_data
*wps
, const u8
*r_hash2
)
529 if (r_hash2
== NULL
) {
530 wpa_printf(MSG_DEBUG
, "WPS: No R-Hash2 received");
534 os_memcpy(wps
->peer_hash2
, r_hash2
, WPS_HASH_LEN
);
535 wpa_hexdump(MSG_DEBUG
, "WPS: R-Hash2", wps
->peer_hash2
, WPS_HASH_LEN
);
541 static int wps_process_r_snonce1(struct wps_data
*wps
, const u8
*r_snonce1
)
543 u8 hash
[SHA256_MAC_LEN
];
547 if (r_snonce1
== NULL
) {
548 wpa_printf(MSG_DEBUG
, "WPS: No R-SNonce1 received");
552 wpa_hexdump_key(MSG_DEBUG
, "WPS: R-SNonce1", r_snonce1
,
553 WPS_SECRET_NONCE_LEN
);
555 /* R-Hash1 = HMAC_AuthKey(R-S1 || PSK1 || PK_E || PK_R) */
557 len
[0] = WPS_SECRET_NONCE_LEN
;
559 len
[1] = WPS_PSK_LEN
;
560 addr
[2] = wpabuf_head(wps
->dh_pubkey_e
);
561 len
[2] = wpabuf_len(wps
->dh_pubkey_e
);
562 addr
[3] = wpabuf_head(wps
->dh_pubkey_r
);
563 len
[3] = wpabuf_len(wps
->dh_pubkey_r
);
564 hmac_sha256_vector(wps
->authkey
, WPS_AUTHKEY_LEN
, 4, addr
, len
, hash
);
566 if (os_memcmp(wps
->peer_hash1
, hash
, WPS_HASH_LEN
) != 0) {
567 wpa_printf(MSG_DEBUG
, "WPS: R-Hash1 derived from R-S1 does "
568 "not match with the pre-committed value");
569 wps
->config_error
= WPS_CFG_DEV_PASSWORD_AUTH_FAILURE
;
573 wpa_printf(MSG_DEBUG
, "WPS: Registrar proved knowledge of the first "
574 "half of the device password");
580 static int wps_process_r_snonce2(struct wps_data
*wps
, const u8
*r_snonce2
)
582 u8 hash
[SHA256_MAC_LEN
];
586 if (r_snonce2
== NULL
) {
587 wpa_printf(MSG_DEBUG
, "WPS: No R-SNonce2 received");
591 wpa_hexdump_key(MSG_DEBUG
, "WPS: R-SNonce2", r_snonce2
,
592 WPS_SECRET_NONCE_LEN
);
594 /* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
596 len
[0] = WPS_SECRET_NONCE_LEN
;
598 len
[1] = WPS_PSK_LEN
;
599 addr
[2] = wpabuf_head(wps
->dh_pubkey_e
);
600 len
[2] = wpabuf_len(wps
->dh_pubkey_e
);
601 addr
[3] = wpabuf_head(wps
->dh_pubkey_r
);
602 len
[3] = wpabuf_len(wps
->dh_pubkey_r
);
603 hmac_sha256_vector(wps
->authkey
, WPS_AUTHKEY_LEN
, 4, addr
, len
, hash
);
605 if (os_memcmp(wps
->peer_hash2
, hash
, WPS_HASH_LEN
) != 0) {
606 wpa_printf(MSG_DEBUG
, "WPS: R-Hash2 derived from R-S2 does "
607 "not match with the pre-committed value");
608 wps
->config_error
= WPS_CFG_DEV_PASSWORD_AUTH_FAILURE
;
612 wpa_printf(MSG_DEBUG
, "WPS: Registrar proved knowledge of the second "
613 "half of the device password");
619 static int wps_process_cred_e(struct wps_data
*wps
, const u8
*cred
,
622 struct wps_parse_attr attr
;
625 wpa_printf(MSG_DEBUG
, "WPS: Received Credential");
626 os_memset(&wps
->cred
, 0, sizeof(wps
->cred
));
627 wpabuf_set(&msg
, cred
, cred_len
);
628 if (wps_parse_msg(&msg
, &attr
) < 0 ||
629 wps_process_cred(&attr
, &wps
->cred
))
632 if (wps
->wps
->cred_cb
)
633 wps
->wps
->cred_cb(wps
->wps
->cb_ctx
, &wps
->cred
);
639 static int wps_process_creds(struct wps_data
*wps
, const u8
*cred
[],
640 size_t cred_len
[], size_t num_cred
)
644 if (wps
->authenticator
)
648 wpa_printf(MSG_DEBUG
, "WPS: No Credential attributes "
653 for (i
= 0; i
< num_cred
; i
++) {
654 if (wps_process_cred_e(wps
, cred
[i
], cred_len
[i
]))
662 static int wps_process_ap_settings_e(struct wps_data
*wps
,
663 struct wps_parse_attr
*attr
)
665 struct wps_credential cred
;
667 if (!wps
->authenticator
)
670 if (wps_process_ap_settings(attr
, &cred
) < 0)
673 wpa_printf(MSG_INFO
, "WPS: Received new AP configuration from "
676 if (wps
->wps
->cred_cb
)
677 wps
->wps
->cred_cb(wps
->wps
->cb_ctx
, &cred
);
683 static enum wps_process_res
wps_process_m2(struct wps_data
*wps
,
684 const struct wpabuf
*msg
,
685 struct wps_parse_attr
*attr
)
687 wpa_printf(MSG_DEBUG
, "WPS: Received M2");
689 if (wps
->state
!= RECV_M2
) {
690 wpa_printf(MSG_DEBUG
, "WPS: Unexpected state (%d) for "
691 "receiving M2", wps
->state
);
692 wps
->state
= SEND_WSC_NACK
;
696 if (wps_process_registrar_nonce(wps
, attr
->registrar_nonce
) ||
697 wps_process_enrollee_nonce(wps
, attr
->enrollee_nonce
) ||
698 wps_process_uuid_r(wps
, attr
->uuid_r
) ||
699 wps_process_pubkey(wps
, attr
->public_key
, attr
->public_key_len
) ||
700 wps_process_authenticator(wps
, attr
->authenticator
, msg
)) {
701 wps
->state
= SEND_WSC_NACK
;
705 if (wps
->authenticator
&& wps
->wps
->ap_setup_locked
) {
706 wpa_printf(MSG_DEBUG
, "WPS: AP Setup is locked - refuse "
707 "registration of a new Registrar");
708 wps
->config_error
= WPS_CFG_SETUP_LOCKED
;
709 wps
->state
= SEND_WSC_NACK
;
713 wps
->state
= SEND_M3
;
718 static enum wps_process_res
wps_process_m2d(struct wps_data
*wps
,
719 struct wps_parse_attr
*attr
)
721 wpa_printf(MSG_DEBUG
, "WPS: Received M2D");
723 if (wps
->state
!= RECV_M2
) {
724 wpa_printf(MSG_DEBUG
, "WPS: Unexpected state (%d) for "
725 "receiving M2D", wps
->state
);
726 wps
->state
= SEND_WSC_NACK
;
730 wpa_hexdump_ascii(MSG_DEBUG
, "WPS: Manufacturer",
731 attr
->manufacturer
, attr
->manufacturer_len
);
732 wpa_hexdump_ascii(MSG_DEBUG
, "WPS: Model Name",
733 attr
->model_name
, attr
->model_name_len
);
734 wpa_hexdump_ascii(MSG_DEBUG
, "WPS: Model Number",
735 attr
->model_number
, attr
->model_number_len
);
736 wpa_hexdump_ascii(MSG_DEBUG
, "WPS: Serial Number",
737 attr
->serial_number
, attr
->serial_number_len
);
738 wpa_hexdump_ascii(MSG_DEBUG
, "WPS: Device Name",
739 attr
->dev_name
, attr
->dev_name_len
);
741 if (wps
->wps
->event_cb
) {
742 union wps_event_data data
;
743 struct wps_event_m2d
*m2d
= &data
.m2d
;
744 os_memset(&data
, 0, sizeof(data
));
745 if (attr
->config_methods
)
746 m2d
->config_methods
=
747 WPA_GET_BE16(attr
->config_methods
);
748 m2d
->manufacturer
= attr
->manufacturer
;
749 m2d
->manufacturer_len
= attr
->manufacturer_len
;
750 m2d
->model_name
= attr
->model_name
;
751 m2d
->model_name_len
= attr
->model_name_len
;
752 m2d
->model_number
= attr
->model_number
;
753 m2d
->model_number_len
= attr
->model_number_len
;
754 m2d
->serial_number
= attr
->serial_number
;
755 m2d
->serial_number_len
= attr
->serial_number_len
;
756 m2d
->dev_name
= attr
->dev_name
;
757 m2d
->dev_name_len
= attr
->dev_name_len
;
758 m2d
->primary_dev_type
= attr
->primary_dev_type
;
759 if (attr
->config_error
)
761 WPA_GET_BE16(attr
->config_error
);
762 if (attr
->dev_password_id
)
763 m2d
->dev_password_id
=
764 WPA_GET_BE16(attr
->dev_password_id
);
765 wps
->wps
->event_cb(wps
->wps
->cb_ctx
, WPS_EV_M2D
, &data
);
768 wps
->state
= RECEIVED_M2D
;
773 static enum wps_process_res
wps_process_m4(struct wps_data
*wps
,
774 const struct wpabuf
*msg
,
775 struct wps_parse_attr
*attr
)
777 struct wpabuf
*decrypted
;
778 struct wps_parse_attr eattr
;
780 wpa_printf(MSG_DEBUG
, "WPS: Received M4");
782 if (wps
->state
!= RECV_M4
) {
783 wpa_printf(MSG_DEBUG
, "WPS: Unexpected state (%d) for "
784 "receiving M4", wps
->state
);
785 wps
->state
= SEND_WSC_NACK
;
789 if (wps_process_enrollee_nonce(wps
, attr
->enrollee_nonce
) ||
790 wps_process_authenticator(wps
, attr
->authenticator
, msg
) ||
791 wps_process_r_hash1(wps
, attr
->r_hash1
) ||
792 wps_process_r_hash2(wps
, attr
->r_hash2
)) {
793 wps
->state
= SEND_WSC_NACK
;
797 decrypted
= wps_decrypt_encr_settings(wps
, attr
->encr_settings
,
798 attr
->encr_settings_len
);
799 if (decrypted
== NULL
) {
800 wpa_printf(MSG_DEBUG
, "WPS: Failed to decrypted Encrypted "
801 "Settings attribute");
802 wps
->state
= SEND_WSC_NACK
;
806 wpa_printf(MSG_DEBUG
, "WPS: Processing decrypted Encrypted Settings "
808 if (wps_parse_msg(decrypted
, &eattr
) < 0 ||
809 wps_process_key_wrap_auth(wps
, decrypted
, eattr
.key_wrap_auth
) ||
810 wps_process_r_snonce1(wps
, eattr
.r_snonce1
)) {
811 wpabuf_free(decrypted
);
812 wps
->state
= SEND_WSC_NACK
;
815 wpabuf_free(decrypted
);
817 wps
->state
= SEND_M5
;
822 static enum wps_process_res
wps_process_m6(struct wps_data
*wps
,
823 const struct wpabuf
*msg
,
824 struct wps_parse_attr
*attr
)
826 struct wpabuf
*decrypted
;
827 struct wps_parse_attr eattr
;
829 wpa_printf(MSG_DEBUG
, "WPS: Received M6");
831 if (wps
->state
!= RECV_M6
) {
832 wpa_printf(MSG_DEBUG
, "WPS: Unexpected state (%d) for "
833 "receiving M6", wps
->state
);
834 wps
->state
= SEND_WSC_NACK
;
838 if (wps_process_enrollee_nonce(wps
, attr
->enrollee_nonce
) ||
839 wps_process_authenticator(wps
, attr
->authenticator
, msg
)) {
840 wps
->state
= SEND_WSC_NACK
;
844 decrypted
= wps_decrypt_encr_settings(wps
, attr
->encr_settings
,
845 attr
->encr_settings_len
);
846 if (decrypted
== NULL
) {
847 wpa_printf(MSG_DEBUG
, "WPS: Failed to decrypted Encrypted "
848 "Settings attribute");
849 wps
->state
= SEND_WSC_NACK
;
853 wpa_printf(MSG_DEBUG
, "WPS: Processing decrypted Encrypted Settings "
855 if (wps_parse_msg(decrypted
, &eattr
) < 0 ||
856 wps_process_key_wrap_auth(wps
, decrypted
, eattr
.key_wrap_auth
) ||
857 wps_process_r_snonce2(wps
, eattr
.r_snonce2
)) {
858 wpabuf_free(decrypted
);
859 wps
->state
= SEND_WSC_NACK
;
862 wpabuf_free(decrypted
);
864 wps
->state
= SEND_M7
;
869 static enum wps_process_res
wps_process_m8(struct wps_data
*wps
,
870 const struct wpabuf
*msg
,
871 struct wps_parse_attr
*attr
)
873 struct wpabuf
*decrypted
;
874 struct wps_parse_attr eattr
;
876 wpa_printf(MSG_DEBUG
, "WPS: Received M8");
878 if (wps
->state
!= RECV_M8
) {
879 wpa_printf(MSG_DEBUG
, "WPS: Unexpected state (%d) for "
880 "receiving M8", wps
->state
);
881 wps
->state
= SEND_WSC_NACK
;
885 if (wps_process_enrollee_nonce(wps
, attr
->enrollee_nonce
) ||
886 wps_process_authenticator(wps
, attr
->authenticator
, msg
)) {
887 wps
->state
= SEND_WSC_NACK
;
891 decrypted
= wps_decrypt_encr_settings(wps
, attr
->encr_settings
,
892 attr
->encr_settings_len
);
893 if (decrypted
== NULL
) {
894 wpa_printf(MSG_DEBUG
, "WPS: Failed to decrypted Encrypted "
895 "Settings attribute");
896 wps
->state
= SEND_WSC_NACK
;
900 wpa_printf(MSG_DEBUG
, "WPS: Processing decrypted Encrypted Settings "
902 if (wps_parse_msg(decrypted
, &eattr
) < 0 ||
903 wps_process_key_wrap_auth(wps
, decrypted
, eattr
.key_wrap_auth
) ||
904 wps_process_creds(wps
, eattr
.cred
, eattr
.cred_len
,
906 wps_process_ap_settings_e(wps
, &eattr
)) {
907 wpabuf_free(decrypted
);
908 wps
->state
= SEND_WSC_NACK
;
911 wpabuf_free(decrypted
);
913 wps
->state
= WPS_MSG_DONE
;
918 static enum wps_process_res
wps_process_wsc_msg(struct wps_data
*wps
,
919 const struct wpabuf
*msg
)
921 struct wps_parse_attr attr
;
922 enum wps_process_res ret
= WPS_CONTINUE
;
924 wpa_printf(MSG_DEBUG
, "WPS: Received WSC_MSG");
926 if (wps_parse_msg(msg
, &attr
) < 0)
929 if (attr
.version
== NULL
|| *attr
.version
!= WPS_VERSION
) {
930 wpa_printf(MSG_DEBUG
, "WPS: Unsupported message version 0x%x",
931 attr
.version
? *attr
.version
: 0);
935 if (attr
.enrollee_nonce
== NULL
||
936 os_memcmp(wps
->nonce_e
, attr
.enrollee_nonce
, WPS_NONCE_LEN
!= 0)) {
937 wpa_printf(MSG_DEBUG
, "WPS: Mismatch in enrollee nonce");
941 if (attr
.msg_type
== NULL
) {
942 wpa_printf(MSG_DEBUG
, "WPS: No Message Type attribute");
946 switch (*attr
.msg_type
) {
948 ret
= wps_process_m2(wps
, msg
, &attr
);
951 ret
= wps_process_m2d(wps
, &attr
);
954 ret
= wps_process_m4(wps
, msg
, &attr
);
955 if (ret
== WPS_FAILURE
|| wps
->state
== SEND_WSC_NACK
)
956 wps_fail_event(wps
->wps
, WPS_M4
);
959 ret
= wps_process_m6(wps
, msg
, &attr
);
960 if (ret
== WPS_FAILURE
|| wps
->state
== SEND_WSC_NACK
)
961 wps_fail_event(wps
->wps
, WPS_M6
);
964 ret
= wps_process_m8(wps
, msg
, &attr
);
965 if (ret
== WPS_FAILURE
|| wps
->state
== SEND_WSC_NACK
)
966 wps_fail_event(wps
->wps
, WPS_M8
);
969 wpa_printf(MSG_DEBUG
, "WPS: Unsupported Message Type %d",
974 if (ret
== WPS_CONTINUE
) {
975 /* Save a copy of the last message for Authenticator derivation
977 wpabuf_free(wps
->last_msg
);
978 wps
->last_msg
= wpabuf_dup(msg
);
985 static enum wps_process_res
wps_process_wsc_ack(struct wps_data
*wps
,
986 const struct wpabuf
*msg
)
988 struct wps_parse_attr attr
;
990 wpa_printf(MSG_DEBUG
, "WPS: Received WSC_ACK");
992 if (wps_parse_msg(msg
, &attr
) < 0)
995 if (attr
.version
== NULL
|| *attr
.version
!= WPS_VERSION
) {
996 wpa_printf(MSG_DEBUG
, "WPS: Unsupported message version 0x%x",
997 attr
.version
? *attr
.version
: 0);
1001 if (attr
.msg_type
== NULL
) {
1002 wpa_printf(MSG_DEBUG
, "WPS: No Message Type attribute");
1006 if (*attr
.msg_type
!= WPS_WSC_ACK
) {
1007 wpa_printf(MSG_DEBUG
, "WPS: Invalid Message Type %d",
1012 if (attr
.registrar_nonce
== NULL
||
1013 os_memcmp(wps
->nonce_r
, attr
.registrar_nonce
, WPS_NONCE_LEN
!= 0))
1015 wpa_printf(MSG_DEBUG
, "WPS: Mismatch in registrar nonce");
1019 if (attr
.enrollee_nonce
== NULL
||
1020 os_memcmp(wps
->nonce_e
, attr
.enrollee_nonce
, WPS_NONCE_LEN
!= 0)) {
1021 wpa_printf(MSG_DEBUG
, "WPS: Mismatch in enrollee nonce");
1025 if (wps
->state
== RECV_ACK
&& wps
->authenticator
) {
1026 wpa_printf(MSG_DEBUG
, "WPS: External Registrar registration "
1027 "completed successfully");
1028 wps_success_event(wps
->wps
);
1029 wps
->state
= WPS_FINISHED
;
1037 static enum wps_process_res
wps_process_wsc_nack(struct wps_data
*wps
,
1038 const struct wpabuf
*msg
)
1040 struct wps_parse_attr attr
;
1042 wpa_printf(MSG_DEBUG
, "WPS: Received WSC_NACK");
1044 if (wps_parse_msg(msg
, &attr
) < 0)
1047 if (attr
.version
== NULL
|| *attr
.version
!= WPS_VERSION
) {
1048 wpa_printf(MSG_DEBUG
, "WPS: Unsupported message version 0x%x",
1049 attr
.version
? *attr
.version
: 0);
1053 if (attr
.msg_type
== NULL
) {
1054 wpa_printf(MSG_DEBUG
, "WPS: No Message Type attribute");
1058 if (*attr
.msg_type
!= WPS_WSC_NACK
) {
1059 wpa_printf(MSG_DEBUG
, "WPS: Invalid Message Type %d",
1064 if (attr
.registrar_nonce
== NULL
||
1065 os_memcmp(wps
->nonce_r
, attr
.registrar_nonce
, WPS_NONCE_LEN
!= 0))
1067 wpa_printf(MSG_DEBUG
, "WPS: Mismatch in registrar nonce");
1068 wpa_hexdump(MSG_DEBUG
, "WPS: Received Registrar Nonce",
1069 attr
.registrar_nonce
, WPS_NONCE_LEN
);
1070 wpa_hexdump(MSG_DEBUG
, "WPS: Expected Registrar Nonce",
1071 wps
->nonce_r
, WPS_NONCE_LEN
);
1075 if (attr
.enrollee_nonce
== NULL
||
1076 os_memcmp(wps
->nonce_e
, attr
.enrollee_nonce
, WPS_NONCE_LEN
!= 0)) {
1077 wpa_printf(MSG_DEBUG
, "WPS: Mismatch in enrollee nonce");
1078 wpa_hexdump(MSG_DEBUG
, "WPS: Received Enrollee Nonce",
1079 attr
.enrollee_nonce
, WPS_NONCE_LEN
);
1080 wpa_hexdump(MSG_DEBUG
, "WPS: Expected Enrollee Nonce",
1081 wps
->nonce_e
, WPS_NONCE_LEN
);
1085 if (attr
.config_error
== NULL
) {
1086 wpa_printf(MSG_DEBUG
, "WPS: No Configuration Error attribute "
1091 wpa_printf(MSG_DEBUG
, "WPS: Registrar terminated negotiation with "
1092 "Configuration Error %d", WPA_GET_BE16(attr
.config_error
));
1094 switch (wps
->state
) {
1096 wps_fail_event(wps
->wps
, WPS_M3
);
1099 wps_fail_event(wps
->wps
, WPS_M5
);
1102 wps_fail_event(wps
->wps
, WPS_M7
);
1108 /* Followed by NACK if Enrollee is Supplicant or EAP-Failure if
1109 * Enrollee is Authenticator */
1110 wps
->state
= SEND_WSC_NACK
;
1116 enum wps_process_res
wps_enrollee_process_msg(struct wps_data
*wps
, u8 op_code
,
1117 const struct wpabuf
*msg
)
1120 wpa_printf(MSG_DEBUG
, "WPS: Processing received message (len=%lu "
1122 (unsigned long) wpabuf_len(msg
), op_code
);
1126 return wps_process_wsc_msg(wps
, msg
);
1128 return wps_process_wsc_ack(wps
, msg
);
1130 return wps_process_wsc_nack(wps
, msg
);
1132 wpa_printf(MSG_DEBUG
, "WPS: Unsupported op_code %d", op_code
);