3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 * Copyright (c) 2018-2020, The Linux Foundation
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
10 #include "utils/includes.h"
12 #include "utils/common.h"
13 #include "utils/eloop.h"
14 #include "utils/ip_addr.h"
15 #include "common/dpp.h"
16 #include "common/gas.h"
17 #include "common/gas_server.h"
18 #include "rsn_supp/wpa.h"
19 #include "rsn_supp/pmksa_cache.h"
20 #include "wpa_supplicant_i.h"
23 #include "offchannel.h"
24 #include "gas_query.h"
28 #include "dpp_supplicant.h"
31 static int wpas_dpp_listen_start(struct wpa_supplicant
*wpa_s
,
33 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx
, void *timeout_ctx
);
34 static void wpas_dpp_auth_success(struct wpa_supplicant
*wpa_s
, int initiator
);
35 static void wpas_dpp_tx_status(struct wpa_supplicant
*wpa_s
,
36 unsigned int freq
, const u8
*dst
,
37 const u8
*src
, const u8
*bssid
,
38 const u8
*data
, size_t data_len
,
39 enum offchannel_send_action_result result
);
40 static void wpas_dpp_init_timeout(void *eloop_ctx
, void *timeout_ctx
);
41 static int wpas_dpp_auth_init_next(struct wpa_supplicant
*wpa_s
);
43 wpas_dpp_tx_pkex_status(struct wpa_supplicant
*wpa_s
,
44 unsigned int freq
, const u8
*dst
,
45 const u8
*src
, const u8
*bssid
,
46 const u8
*data
, size_t data_len
,
47 enum offchannel_send_action_result result
);
49 static const u8 broadcast
[ETH_ALEN
] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
51 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
52 * a single transaction in progress at any point in time. */
53 static const u8 TRANSACTION_ID
= 1;
57 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
58 * @wpa_s: Pointer to wpa_supplicant data
59 * @cmd: DPP URI read from a QR Code
60 * Returns: Identifier of the stored info or -1 on failure
62 int wpas_dpp_qr_code(struct wpa_supplicant
*wpa_s
, const char *cmd
)
64 struct dpp_bootstrap_info
*bi
;
65 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
67 bi
= dpp_add_qr_code(wpa_s
->dpp
, cmd
);
71 if (auth
&& auth
->response_pending
&&
72 dpp_notify_new_qr_code(auth
, bi
) == 1) {
74 "DPP: Sending out pending authentication response");
75 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
77 MAC2STR(auth
->peer_mac_addr
), auth
->curr_freq
,
78 DPP_PA_AUTHENTICATION_RESP
);
79 offchannel_send_action(wpa_s
, auth
->curr_freq
,
80 auth
->peer_mac_addr
, wpa_s
->own_addr
,
82 wpabuf_head(auth
->resp_msg
),
83 wpabuf_len(auth
->resp_msg
),
84 500, wpas_dpp_tx_status
, 0);
92 * wpas_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI)
93 * @wpa_s: Pointer to wpa_supplicant data
94 * @cmd: DPP URI read from a NFC Tag (URI NDEF message)
95 * Returns: Identifier of the stored info or -1 on failure
97 int wpas_dpp_nfc_uri(struct wpa_supplicant
*wpa_s
, const char *cmd
)
99 struct dpp_bootstrap_info
*bi
;
101 bi
= dpp_add_nfc_uri(wpa_s
->dpp
, cmd
);
109 int wpas_dpp_nfc_handover_req(struct wpa_supplicant
*wpa_s
, const char *cmd
)
112 struct dpp_bootstrap_info
*peer_bi
, *own_bi
;
114 pos
= os_strstr(cmd
, " own=");
118 own_bi
= dpp_bootstrap_get_id(wpa_s
->dpp
, atoi(pos
));
122 pos
= os_strstr(cmd
, " uri=");
126 peer_bi
= dpp_add_nfc_uri(wpa_s
->dpp
, pos
);
129 "DPP: Failed to parse URI from NFC Handover Request");
133 if (dpp_nfc_update_bi(own_bi
, peer_bi
) < 0)
140 int wpas_dpp_nfc_handover_sel(struct wpa_supplicant
*wpa_s
, const char *cmd
)
143 struct dpp_bootstrap_info
*peer_bi
, *own_bi
;
145 pos
= os_strstr(cmd
, " own=");
149 own_bi
= dpp_bootstrap_get_id(wpa_s
->dpp
, atoi(pos
));
153 pos
= os_strstr(cmd
, " uri=");
157 peer_bi
= dpp_add_nfc_uri(wpa_s
->dpp
, pos
);
160 "DPP: Failed to parse URI from NFC Handover Select");
164 if (peer_bi
->curve
!= own_bi
->curve
) {
166 "DPP: Peer (NFC Handover Selector) used different curve");
174 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx
, void *timeout_ctx
)
176 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
177 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
179 if (!auth
|| !auth
->resp_msg
)
182 wpa_printf(MSG_DEBUG
,
183 "DPP: Retry Authentication Response after timeout");
184 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
186 MAC2STR(auth
->peer_mac_addr
), auth
->curr_freq
,
187 DPP_PA_AUTHENTICATION_RESP
);
188 offchannel_send_action(wpa_s
, auth
->curr_freq
, auth
->peer_mac_addr
,
189 wpa_s
->own_addr
, broadcast
,
190 wpabuf_head(auth
->resp_msg
),
191 wpabuf_len(auth
->resp_msg
),
192 500, wpas_dpp_tx_status
, 0);
196 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant
*wpa_s
)
198 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
199 unsigned int wait_time
, max_tries
;
201 if (!auth
|| !auth
->resp_msg
)
204 if (wpa_s
->dpp_resp_max_tries
)
205 max_tries
= wpa_s
->dpp_resp_max_tries
;
208 auth
->auth_resp_tries
++;
209 if (auth
->auth_resp_tries
>= max_tries
) {
210 wpa_printf(MSG_INFO
, "DPP: No confirm received from initiator - stopping exchange");
211 offchannel_send_action_done(wpa_s
);
212 dpp_auth_deinit(wpa_s
->dpp_auth
);
213 wpa_s
->dpp_auth
= NULL
;
217 if (wpa_s
->dpp_resp_retry_time
)
218 wait_time
= wpa_s
->dpp_resp_retry_time
;
221 wpa_printf(MSG_DEBUG
,
222 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
224 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout
, wpa_s
, NULL
);
225 eloop_register_timeout(wait_time
/ 1000,
226 (wait_time
% 1000) * 1000,
227 wpas_dpp_auth_resp_retry_timeout
, wpa_s
, NULL
);
231 static void wpas_dpp_try_to_connect(struct wpa_supplicant
*wpa_s
)
233 wpa_printf(MSG_DEBUG
, "DPP: Trying to connect to the new network");
234 wpa_s
->suitable_network
= 0;
235 wpa_s
->no_suitable_network
= 0;
236 wpa_s
->disconnected
= 0;
237 wpa_s
->reassociate
= 1;
238 wpa_s
->scan_runs
= 0;
239 wpa_s
->normal_scans
= 0;
240 wpa_supplicant_cancel_sched_scan(wpa_s
);
241 wpa_supplicant_req_scan(wpa_s
, 0, 0);
247 static void wpas_dpp_conn_status_result_timeout(void *eloop_ctx
,
250 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
251 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
252 enum dpp_status_error result
;
254 if (!auth
|| !auth
->conn_status_requested
)
257 wpa_printf(MSG_DEBUG
,
258 "DPP: Connection timeout - report Connection Status Result");
259 if (wpa_s
->suitable_network
)
260 result
= DPP_STATUS_AUTH_FAILURE
;
261 else if (wpa_s
->no_suitable_network
)
262 result
= DPP_STATUS_NO_AP
;
264 result
= 255; /* What to report here for unexpected state? */
265 if (wpa_s
->wpa_state
== WPA_SCANNING
)
266 wpas_abort_ongoing_scan(wpa_s
);
267 wpas_dpp_send_conn_status_result(wpa_s
, result
);
271 static char * wpas_dpp_scan_channel_list(struct wpa_supplicant
*wpa_s
)
273 char *str
, *end
, *pos
;
276 u8 last_op_class
= 0;
279 if (!wpa_s
->last_scan_freqs
|| !wpa_s
->num_last_scan_freqs
)
282 len
= wpa_s
->num_last_scan_freqs
* 8;
283 str
= os_zalloc(len
);
289 for (i
= 0; i
< wpa_s
->num_last_scan_freqs
; i
++) {
290 enum hostapd_hw_mode mode
;
291 u8 op_class
, channel
;
293 mode
= ieee80211_freq_to_channel_ext(wpa_s
->last_scan_freqs
[i
],
294 0, 0, &op_class
, &channel
);
295 if (mode
== NUM_HOSTAPD_MODES
)
297 if (op_class
== last_op_class
)
298 res
= os_snprintf(pos
, end
- pos
, ",%d", channel
);
300 res
= os_snprintf(pos
, end
- pos
, "%s%d/%d",
301 pos
== str
? "" : ",",
303 if (os_snprintf_error(end
- pos
, res
)) {
308 last_op_class
= op_class
;
319 void wpas_dpp_send_conn_status_result(struct wpa_supplicant
*wpa_s
,
320 enum dpp_status_error result
)
323 const char *channel_list
= NULL
;
324 char *channel_list_buf
= NULL
;
325 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
326 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
328 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout
, wpa_s
, NULL
);
330 if (!auth
|| !auth
->conn_status_requested
)
332 auth
->conn_status_requested
= 0;
333 wpa_printf(MSG_DEBUG
, "DPP: Report connection status result %d",
336 if (result
== DPP_STATUS_NO_AP
) {
337 channel_list_buf
= wpas_dpp_scan_channel_list(wpa_s
);
338 channel_list
= channel_list_buf
;
341 msg
= dpp_build_conn_status_result(auth
, result
,
343 wpa_s
->dpp_last_ssid
,
344 ssid
? ssid
->ssid_len
:
345 wpa_s
->dpp_last_ssid_len
,
347 os_free(channel_list_buf
);
349 dpp_auth_deinit(wpa_s
->dpp_auth
);
350 wpa_s
->dpp_auth
= NULL
;
354 wpa_msg(wpa_s
, MSG_INFO
,
355 DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
356 MAC2STR(auth
->peer_mac_addr
), auth
->curr_freq
,
357 DPP_PA_CONNECTION_STATUS_RESULT
);
358 offchannel_send_action(wpa_s
, auth
->curr_freq
,
359 auth
->peer_mac_addr
, wpa_s
->own_addr
, broadcast
,
360 wpabuf_head(msg
), wpabuf_len(msg
),
361 500, wpas_dpp_tx_status
, 0);
364 /* This exchange will be terminated in the TX status handler */
365 auth
->remove_on_tx_status
= 1;
371 void wpas_dpp_connected(struct wpa_supplicant
*wpa_s
)
373 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
375 if (auth
&& auth
->conn_status_requested
)
376 wpas_dpp_send_conn_status_result(wpa_s
, DPP_STATUS_OK
);
379 #endif /* CONFIG_DPP2 */
382 static void wpas_dpp_tx_status(struct wpa_supplicant
*wpa_s
,
383 unsigned int freq
, const u8
*dst
,
384 const u8
*src
, const u8
*bssid
,
385 const u8
*data
, size_t data_len
,
386 enum offchannel_send_action_result result
)
389 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
391 res_txt
= result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
392 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
394 wpa_printf(MSG_DEBUG
, "DPP: TX status: freq=%u dst=" MACSTR
395 " result=%s", freq
, MAC2STR(dst
), res_txt
);
396 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX_STATUS
"dst=" MACSTR
397 " freq=%u result=%s", MAC2STR(dst
), freq
, res_txt
);
399 if (!wpa_s
->dpp_auth
) {
400 wpa_printf(MSG_DEBUG
,
401 "DPP: Ignore TX status since there is no ongoing authentication exchange");
406 if (auth
->connect_on_tx_status
) {
407 auth
->connect_on_tx_status
= 0;
408 wpa_printf(MSG_DEBUG
,
409 "DPP: Try to connect after completed configuration result");
410 wpas_dpp_try_to_connect(wpa_s
);
411 if (auth
->conn_status_requested
) {
412 wpa_printf(MSG_DEBUG
,
413 "DPP: Start 15 second timeout for reporting connection status result");
414 eloop_cancel_timeout(
415 wpas_dpp_conn_status_result_timeout
,
417 eloop_register_timeout(
418 15, 0, wpas_dpp_conn_status_result_timeout
,
421 dpp_auth_deinit(wpa_s
->dpp_auth
);
422 wpa_s
->dpp_auth
= NULL
;
426 #endif /* CONFIG_DPP2 */
428 if (wpa_s
->dpp_auth
->remove_on_tx_status
) {
429 wpa_printf(MSG_DEBUG
,
430 "DPP: Terminate authentication exchange due to a request to do so on TX status");
431 eloop_cancel_timeout(wpas_dpp_init_timeout
, wpa_s
, NULL
);
432 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
433 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout
, wpa_s
,
435 offchannel_send_action_done(wpa_s
);
436 dpp_auth_deinit(wpa_s
->dpp_auth
);
437 wpa_s
->dpp_auth
= NULL
;
441 if (wpa_s
->dpp_auth_ok_on_ack
)
442 wpas_dpp_auth_success(wpa_s
, 1);
444 if (!is_broadcast_ether_addr(dst
) &&
445 result
!= OFFCHANNEL_SEND_ACTION_SUCCESS
) {
446 wpa_printf(MSG_DEBUG
,
447 "DPP: Unicast DPP Action frame was not ACKed");
448 if (auth
->waiting_auth_resp
) {
449 /* In case of DPP Authentication Request frame, move to
450 * the next channel immediately. */
451 offchannel_send_action_done(wpa_s
);
452 wpas_dpp_auth_init_next(wpa_s
);
455 if (auth
->waiting_auth_conf
) {
456 wpas_dpp_auth_resp_retry(wpa_s
);
461 if (!is_broadcast_ether_addr(dst
) && auth
->waiting_auth_resp
&&
462 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
) {
463 /* Allow timeout handling to stop iteration if no response is
464 * received from a peer that has ACKed a request. */
465 auth
->auth_req_ack
= 1;
468 if (!wpa_s
->dpp_auth_ok_on_ack
&& wpa_s
->dpp_auth
->neg_freq
> 0 &&
469 wpa_s
->dpp_auth
->curr_freq
!= wpa_s
->dpp_auth
->neg_freq
) {
470 wpa_printf(MSG_DEBUG
,
471 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
472 wpa_s
->dpp_auth
->curr_freq
,
473 wpa_s
->dpp_auth
->neg_freq
);
474 offchannel_send_action_done(wpa_s
);
475 wpas_dpp_listen_start(wpa_s
, wpa_s
->dpp_auth
->neg_freq
);
478 if (wpa_s
->dpp_auth_ok_on_ack
)
479 wpa_s
->dpp_auth_ok_on_ack
= 0;
483 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx
, void *timeout_ctx
)
485 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
486 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
488 struct os_reltime now
, diff
;
489 unsigned int wait_time
, diff_ms
;
491 if (!auth
|| !auth
->waiting_auth_resp
)
494 wait_time
= wpa_s
->dpp_resp_wait_time
?
495 wpa_s
->dpp_resp_wait_time
: 2000;
496 os_get_reltime(&now
);
497 os_reltime_sub(&now
, &wpa_s
->dpp_last_init
, &diff
);
498 diff_ms
= diff
.sec
* 1000 + diff
.usec
/ 1000;
499 wpa_printf(MSG_DEBUG
,
500 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
503 if (auth
->auth_req_ack
&& diff_ms
>= wait_time
) {
504 /* Peer ACK'ed Authentication Request frame, but did not reply
505 * with Authentication Response frame within two seconds. */
507 "DPP: No response received from responder - stopping initiation attempt");
508 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_AUTH_INIT_FAILED
);
509 offchannel_send_action_done(wpa_s
);
510 wpas_dpp_listen_stop(wpa_s
);
511 dpp_auth_deinit(auth
);
512 wpa_s
->dpp_auth
= NULL
;
516 if (diff_ms
>= wait_time
) {
517 /* Authentication Request frame was not ACK'ed and no reply
518 * was receiving within two seconds. */
519 wpa_printf(MSG_DEBUG
,
520 "DPP: Continue Initiator channel iteration");
521 offchannel_send_action_done(wpa_s
);
522 wpas_dpp_listen_stop(wpa_s
);
523 wpas_dpp_auth_init_next(wpa_s
);
527 /* Driver did not support 2000 ms long wait_time with TX command, so
528 * schedule listen operation to continue waiting for the response.
530 * DPP listen operations continue until stopped, so simply schedule a
531 * new call to this function at the point when the two second reply
532 * wait has expired. */
533 wait_time
-= diff_ms
;
535 freq
= auth
->curr_freq
;
536 if (auth
->neg_freq
> 0)
537 freq
= auth
->neg_freq
;
538 wpa_printf(MSG_DEBUG
,
539 "DPP: Continue reply wait on channel %u MHz for %u ms",
541 wpa_s
->dpp_in_response_listen
= 1;
542 wpas_dpp_listen_start(wpa_s
, freq
);
544 eloop_register_timeout(wait_time
/ 1000, (wait_time
% 1000) * 1000,
545 wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
549 static void wpas_dpp_set_testing_options(struct wpa_supplicant
*wpa_s
,
550 struct dpp_authentication
*auth
)
552 #ifdef CONFIG_TESTING_OPTIONS
553 if (wpa_s
->dpp_config_obj_override
)
554 auth
->config_obj_override
=
555 os_strdup(wpa_s
->dpp_config_obj_override
);
556 if (wpa_s
->dpp_discovery_override
)
557 auth
->discovery_override
=
558 os_strdup(wpa_s
->dpp_discovery_override
);
559 if (wpa_s
->dpp_groups_override
)
560 auth
->groups_override
=
561 os_strdup(wpa_s
->dpp_groups_override
);
562 auth
->ignore_netaccesskey_mismatch
=
563 wpa_s
->dpp_ignore_netaccesskey_mismatch
;
564 #endif /* CONFIG_TESTING_OPTIONS */
568 static void wpas_dpp_init_timeout(void *eloop_ctx
, void *timeout_ctx
)
570 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
572 if (!wpa_s
->dpp_auth
)
574 wpa_printf(MSG_DEBUG
, "DPP: Retry initiation after timeout");
575 wpas_dpp_auth_init_next(wpa_s
);
579 static int wpas_dpp_auth_init_next(struct wpa_supplicant
*wpa_s
)
581 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
583 unsigned int wait_time
, max_wait_time
, freq
, max_tries
, used
;
584 struct os_reltime now
, diff
;
586 wpa_s
->dpp_in_response_listen
= 0;
590 if (auth
->freq_idx
== 0)
591 os_get_reltime(&wpa_s
->dpp_init_iter_start
);
593 if (auth
->freq_idx
>= auth
->num_freq
) {
594 auth
->num_freq_iters
++;
595 if (wpa_s
->dpp_init_max_tries
)
596 max_tries
= wpa_s
->dpp_init_max_tries
;
599 if (auth
->num_freq_iters
>= max_tries
|| auth
->auth_req_ack
) {
601 "DPP: No response received from responder - stopping initiation attempt");
602 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_AUTH_INIT_FAILED
);
603 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
,
605 offchannel_send_action_done(wpa_s
);
606 dpp_auth_deinit(wpa_s
->dpp_auth
);
607 wpa_s
->dpp_auth
= NULL
;
611 eloop_cancel_timeout(wpas_dpp_init_timeout
, wpa_s
, NULL
);
612 if (wpa_s
->dpp_init_retry_time
)
613 wait_time
= wpa_s
->dpp_init_retry_time
;
616 os_get_reltime(&now
);
617 os_reltime_sub(&now
, &wpa_s
->dpp_init_iter_start
, &diff
);
618 used
= diff
.sec
* 1000 + diff
.usec
/ 1000;
619 if (used
> wait_time
)
623 wpa_printf(MSG_DEBUG
, "DPP: Next init attempt in %u ms",
625 eloop_register_timeout(wait_time
/ 1000,
626 (wait_time
% 1000) * 1000,
627 wpas_dpp_init_timeout
, wpa_s
,
631 freq
= auth
->freq
[auth
->freq_idx
++];
632 auth
->curr_freq
= freq
;
634 if (is_zero_ether_addr(auth
->peer_bi
->mac_addr
))
637 dst
= auth
->peer_bi
->mac_addr
;
638 wpa_s
->dpp_auth_ok_on_ack
= 0;
639 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
640 wait_time
= wpa_s
->max_remain_on_chan
;
641 max_wait_time
= wpa_s
->dpp_resp_wait_time
?
642 wpa_s
->dpp_resp_wait_time
: 2000;
643 if (wait_time
> max_wait_time
)
644 wait_time
= max_wait_time
;
645 wait_time
+= 10; /* give the driver some extra time to complete */
646 eloop_register_timeout(wait_time
/ 1000, (wait_time
% 1000) * 1000,
647 wpas_dpp_reply_wait_timeout
,
650 if (auth
->neg_freq
> 0 && freq
!= auth
->neg_freq
) {
651 wpa_printf(MSG_DEBUG
,
652 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
653 freq
, auth
->neg_freq
);
655 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
656 MAC2STR(dst
), freq
, DPP_PA_AUTHENTICATION_REQ
);
657 auth
->auth_req_ack
= 0;
658 os_get_reltime(&wpa_s
->dpp_last_init
);
659 return offchannel_send_action(wpa_s
, freq
, dst
,
660 wpa_s
->own_addr
, broadcast
,
661 wpabuf_head(auth
->req_msg
),
662 wpabuf_len(auth
->req_msg
),
663 wait_time
, wpas_dpp_tx_status
, 0);
667 int wpas_dpp_auth_init(struct wpa_supplicant
*wpa_s
, const char *cmd
)
670 struct dpp_bootstrap_info
*peer_bi
, *own_bi
= NULL
;
671 struct dpp_authentication
*auth
;
672 u8 allowed_roles
= DPP_CAPAB_CONFIGURATOR
;
673 unsigned int neg_freq
= 0;
676 int tcp_port
= DPP_TCP_PORT
;
677 struct hostapd_ip_addr ipaddr
;
679 #endif /* CONFIG_DPP2 */
681 wpa_s
->dpp_gas_client
= 0;
683 pos
= os_strstr(cmd
, " peer=");
687 peer_bi
= dpp_bootstrap_get_id(wpa_s
->dpp
, atoi(pos
));
690 "DPP: Could not find bootstrapping info for the identified peer");
695 pos
= os_strstr(cmd
, " tcp_port=");
698 tcp_port
= atoi(pos
);
701 addr
= get_param(cmd
, " tcp_addr=");
705 res
= hostapd_parse_ip_addr(addr
, &ipaddr
);
711 #endif /* CONFIG_DPP2 */
713 pos
= os_strstr(cmd
, " own=");
716 own_bi
= dpp_bootstrap_get_id(wpa_s
->dpp
, atoi(pos
));
719 "DPP: Could not find bootstrapping info for the identified local entry");
723 if (peer_bi
->curve
!= own_bi
->curve
) {
725 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
726 peer_bi
->curve
->name
, own_bi
->curve
->name
);
731 pos
= os_strstr(cmd
, " role=");
734 if (os_strncmp(pos
, "configurator", 12) == 0)
735 allowed_roles
= DPP_CAPAB_CONFIGURATOR
;
736 else if (os_strncmp(pos
, "enrollee", 8) == 0)
737 allowed_roles
= DPP_CAPAB_ENROLLEE
;
738 else if (os_strncmp(pos
, "either", 6) == 0)
739 allowed_roles
= DPP_CAPAB_CONFIGURATOR
|
745 pos
= os_strstr(cmd
, " netrole=");
748 if (os_strncmp(pos
, "ap", 2) == 0)
749 wpa_s
->dpp_netrole
= DPP_NETROLE_AP
;
750 else if (os_strncmp(pos
, "configurator", 12) == 0)
751 wpa_s
->dpp_netrole
= DPP_NETROLE_CONFIGURATOR
;
753 wpa_s
->dpp_netrole
= DPP_NETROLE_STA
;
755 wpa_s
->dpp_netrole
= DPP_NETROLE_STA
;
758 pos
= os_strstr(cmd
, " neg_freq=");
760 neg_freq
= atoi(pos
+ 10);
762 if (!tcp
&& wpa_s
->dpp_auth
) {
763 eloop_cancel_timeout(wpas_dpp_init_timeout
, wpa_s
, NULL
);
764 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
765 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout
, wpa_s
,
767 offchannel_send_action_done(wpa_s
);
768 dpp_auth_deinit(wpa_s
->dpp_auth
);
769 wpa_s
->dpp_auth
= NULL
;
772 auth
= dpp_auth_init(wpa_s
->dpp
, wpa_s
, peer_bi
, own_bi
, allowed_roles
,
773 neg_freq
, wpa_s
->hw
.modes
, wpa_s
->hw
.num_modes
);
776 wpas_dpp_set_testing_options(wpa_s
, auth
);
777 if (dpp_set_configurator(auth
, cmd
) < 0) {
778 dpp_auth_deinit(auth
);
782 auth
->neg_freq
= neg_freq
;
784 if (!is_zero_ether_addr(peer_bi
->mac_addr
))
785 os_memcpy(auth
->peer_mac_addr
, peer_bi
->mac_addr
, ETH_ALEN
);
789 return dpp_tcp_init(wpa_s
->dpp
, auth
, &ipaddr
, tcp_port
);
790 #endif /* CONFIG_DPP2 */
792 wpa_s
->dpp_auth
= auth
;
793 return wpas_dpp_auth_init_next(wpa_s
);
799 struct wpas_dpp_listen_work
{
801 unsigned int duration
;
802 struct wpabuf
*probe_resp_ie
;
806 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work
*lwork
)
814 static void wpas_dpp_listen_work_done(struct wpa_supplicant
*wpa_s
)
816 struct wpas_dpp_listen_work
*lwork
;
818 if (!wpa_s
->dpp_listen_work
)
821 lwork
= wpa_s
->dpp_listen_work
->ctx
;
822 wpas_dpp_listen_work_free(lwork
);
823 radio_work_done(wpa_s
->dpp_listen_work
);
824 wpa_s
->dpp_listen_work
= NULL
;
828 static void dpp_start_listen_cb(struct wpa_radio_work
*work
, int deinit
)
830 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
831 struct wpas_dpp_listen_work
*lwork
= work
->ctx
;
835 wpa_s
->dpp_listen_work
= NULL
;
836 wpas_dpp_listen_stop(wpa_s
);
838 wpas_dpp_listen_work_free(lwork
);
842 wpa_s
->dpp_listen_work
= work
;
844 wpa_s
->dpp_pending_listen_freq
= lwork
->freq
;
846 if (wpa_drv_remain_on_channel(wpa_s
, lwork
->freq
,
847 wpa_s
->max_remain_on_chan
) < 0) {
848 wpa_printf(MSG_DEBUG
,
849 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
851 wpa_s
->dpp_listen_freq
= 0;
852 wpas_dpp_listen_work_done(wpa_s
);
853 wpa_s
->dpp_pending_listen_freq
= 0;
856 wpa_s
->off_channel_freq
= 0;
857 wpa_s
->roc_waiting_drv_freq
= lwork
->freq
;
861 static int wpas_dpp_listen_start(struct wpa_supplicant
*wpa_s
,
864 struct wpas_dpp_listen_work
*lwork
;
866 if (wpa_s
->dpp_listen_work
) {
867 wpa_printf(MSG_DEBUG
,
868 "DPP: Reject start_listen since dpp_listen_work already exists");
872 if (wpa_s
->dpp_listen_freq
)
873 wpas_dpp_listen_stop(wpa_s
);
874 wpa_s
->dpp_listen_freq
= freq
;
876 lwork
= os_zalloc(sizeof(*lwork
));
881 if (radio_add_work(wpa_s
, freq
, "dpp-listen", 0, dpp_start_listen_cb
,
883 wpas_dpp_listen_work_free(lwork
);
891 int wpas_dpp_listen(struct wpa_supplicant
*wpa_s
, const char *cmd
)
899 if (os_strstr(cmd
, " role=configurator"))
900 wpa_s
->dpp_allowed_roles
= DPP_CAPAB_CONFIGURATOR
;
901 else if (os_strstr(cmd
, " role=enrollee"))
902 wpa_s
->dpp_allowed_roles
= DPP_CAPAB_ENROLLEE
;
904 wpa_s
->dpp_allowed_roles
= DPP_CAPAB_CONFIGURATOR
|
906 wpa_s
->dpp_qr_mutual
= os_strstr(cmd
, " qr=mutual") != NULL
;
907 if (os_strstr(cmd
, " netrole=ap"))
908 wpa_s
->dpp_netrole
= DPP_NETROLE_AP
;
909 else if (os_strstr(cmd
, " netrole=configurator"))
910 wpa_s
->dpp_netrole
= DPP_NETROLE_CONFIGURATOR
;
912 wpa_s
->dpp_netrole
= DPP_NETROLE_STA
;
913 if (wpa_s
->dpp_listen_freq
== (unsigned int) freq
) {
914 wpa_printf(MSG_DEBUG
, "DPP: Already listening on %u MHz",
919 return wpas_dpp_listen_start(wpa_s
, freq
);
923 void wpas_dpp_listen_stop(struct wpa_supplicant
*wpa_s
)
925 wpa_s
->dpp_in_response_listen
= 0;
926 if (!wpa_s
->dpp_listen_freq
)
929 wpa_printf(MSG_DEBUG
, "DPP: Stop listen on %u MHz",
930 wpa_s
->dpp_listen_freq
);
931 wpa_drv_cancel_remain_on_channel(wpa_s
);
932 wpa_s
->dpp_listen_freq
= 0;
933 wpas_dpp_listen_work_done(wpa_s
);
937 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant
*wpa_s
,
940 wpas_dpp_listen_work_done(wpa_s
);
942 if (wpa_s
->dpp_auth
&& wpa_s
->dpp_in_response_listen
) {
943 unsigned int new_freq
;
945 /* Continue listen with a new remain-on-channel */
946 if (wpa_s
->dpp_auth
->neg_freq
> 0)
947 new_freq
= wpa_s
->dpp_auth
->neg_freq
;
949 new_freq
= wpa_s
->dpp_auth
->curr_freq
;
950 wpa_printf(MSG_DEBUG
,
951 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
953 wpas_dpp_listen_start(wpa_s
, new_freq
);
957 if (wpa_s
->dpp_listen_freq
) {
958 /* Continue listen with a new remain-on-channel */
959 wpas_dpp_listen_start(wpa_s
, wpa_s
->dpp_listen_freq
);
964 static void wpas_dpp_rx_auth_req(struct wpa_supplicant
*wpa_s
, const u8
*src
,
965 const u8
*hdr
, const u8
*buf
, size_t len
,
968 const u8
*r_bootstrap
, *i_bootstrap
;
969 u16 r_bootstrap_len
, i_bootstrap_len
;
970 struct dpp_bootstrap_info
*own_bi
= NULL
, *peer_bi
= NULL
;
975 wpa_printf(MSG_DEBUG
, "DPP: Authentication Request from " MACSTR
,
979 wpas_dpp_chirp_stop(wpa_s
);
980 #endif /* CONFIG_DPP2 */
982 r_bootstrap
= dpp_get_attr(buf
, len
, DPP_ATTR_R_BOOTSTRAP_KEY_HASH
,
984 if (!r_bootstrap
|| r_bootstrap_len
!= SHA256_MAC_LEN
) {
985 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
986 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
989 wpa_hexdump(MSG_MSGDUMP
, "DPP: Responder Bootstrapping Key Hash",
990 r_bootstrap
, r_bootstrap_len
);
992 i_bootstrap
= dpp_get_attr(buf
, len
, DPP_ATTR_I_BOOTSTRAP_KEY_HASH
,
994 if (!i_bootstrap
|| i_bootstrap_len
!= SHA256_MAC_LEN
) {
995 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
996 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
999 wpa_hexdump(MSG_MSGDUMP
, "DPP: Initiator Bootstrapping Key Hash",
1000 i_bootstrap
, i_bootstrap_len
);
1002 /* Try to find own and peer bootstrapping key matches based on the
1003 * received hash values */
1004 dpp_bootstrap_find_pair(wpa_s
->dpp
, i_bootstrap
, r_bootstrap
,
1007 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
1008 "No matching own bootstrapping key found - ignore message");
1012 if (wpa_s
->dpp_auth
) {
1013 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
1014 "Already in DPP authentication exchange - ignore new one");
1018 wpa_s
->dpp_gas_client
= 0;
1019 wpa_s
->dpp_auth_ok_on_ack
= 0;
1020 wpa_s
->dpp_auth
= dpp_auth_req_rx(wpa_s
->dpp
, wpa_s
,
1021 wpa_s
->dpp_allowed_roles
,
1022 wpa_s
->dpp_qr_mutual
,
1023 peer_bi
, own_bi
, freq
, hdr
, buf
, len
);
1024 if (!wpa_s
->dpp_auth
) {
1025 wpa_printf(MSG_DEBUG
, "DPP: No response generated");
1028 wpas_dpp_set_testing_options(wpa_s
, wpa_s
->dpp_auth
);
1029 if (dpp_set_configurator(wpa_s
->dpp_auth
,
1030 wpa_s
->dpp_configurator_params
) < 0) {
1031 dpp_auth_deinit(wpa_s
->dpp_auth
);
1032 wpa_s
->dpp_auth
= NULL
;
1035 os_memcpy(wpa_s
->dpp_auth
->peer_mac_addr
, src
, ETH_ALEN
);
1037 if (wpa_s
->dpp_listen_freq
&&
1038 wpa_s
->dpp_listen_freq
!= wpa_s
->dpp_auth
->curr_freq
) {
1039 wpa_printf(MSG_DEBUG
,
1040 "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
1041 wpa_s
->dpp_listen_freq
, wpa_s
->dpp_auth
->curr_freq
);
1042 wpas_dpp_listen_stop(wpa_s
);
1045 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
1046 MAC2STR(src
), wpa_s
->dpp_auth
->curr_freq
,
1047 DPP_PA_AUTHENTICATION_RESP
);
1048 offchannel_send_action(wpa_s
, wpa_s
->dpp_auth
->curr_freq
,
1049 src
, wpa_s
->own_addr
, broadcast
,
1050 wpabuf_head(wpa_s
->dpp_auth
->resp_msg
),
1051 wpabuf_len(wpa_s
->dpp_auth
->resp_msg
),
1052 500, wpas_dpp_tx_status
, 0);
1056 static void wpas_dpp_start_gas_server(struct wpa_supplicant
*wpa_s
)
1058 /* TODO: stop wait and start ROC */
1062 static struct wpa_ssid
* wpas_dpp_add_network(struct wpa_supplicant
*wpa_s
,
1063 struct dpp_authentication
*auth
,
1064 struct dpp_config_obj
*conf
)
1066 struct wpa_ssid
*ssid
;
1069 if (conf
->akm
== DPP_AKM_SAE
) {
1071 struct wpa_driver_capa capa
;
1074 res
= wpa_drv_get_capa(wpa_s
, &capa
);
1076 !(capa
.key_mgmt
& WPA_DRIVER_CAPA_KEY_MGMT_SAE
) &&
1077 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAE
)) {
1078 wpa_printf(MSG_DEBUG
,
1079 "DPP: SAE not supported by the driver");
1082 #else /* CONFIG_SAE */
1083 wpa_printf(MSG_DEBUG
, "DPP: SAE not supported in the build");
1085 #endif /* CONFIG_SAE */
1087 #endif /* CONFIG_DPP2 */
1089 ssid
= wpa_config_add_network(wpa_s
->conf
);
1092 wpas_notify_network_added(wpa_s
, ssid
);
1093 wpa_config_set_network_defaults(ssid
);
1096 ssid
->ssid
= os_malloc(conf
->ssid_len
);
1099 os_memcpy(ssid
->ssid
, conf
->ssid
, conf
->ssid_len
);
1100 ssid
->ssid_len
= conf
->ssid_len
;
1102 if (conf
->connector
) {
1103 if (dpp_akm_dpp(conf
->akm
)) {
1104 ssid
->key_mgmt
= WPA_KEY_MGMT_DPP
;
1105 ssid
->ieee80211w
= MGMT_FRAME_PROTECTION_REQUIRED
;
1107 ssid
->dpp_connector
= os_strdup(conf
->connector
);
1108 if (!ssid
->dpp_connector
)
1112 if (conf
->c_sign_key
) {
1113 ssid
->dpp_csign
= os_malloc(wpabuf_len(conf
->c_sign_key
));
1114 if (!ssid
->dpp_csign
)
1116 os_memcpy(ssid
->dpp_csign
, wpabuf_head(conf
->c_sign_key
),
1117 wpabuf_len(conf
->c_sign_key
));
1118 ssid
->dpp_csign_len
= wpabuf_len(conf
->c_sign_key
);
1121 if (auth
->net_access_key
) {
1122 ssid
->dpp_netaccesskey
=
1123 os_malloc(wpabuf_len(auth
->net_access_key
));
1124 if (!ssid
->dpp_netaccesskey
)
1126 os_memcpy(ssid
->dpp_netaccesskey
,
1127 wpabuf_head(auth
->net_access_key
),
1128 wpabuf_len(auth
->net_access_key
));
1129 ssid
->dpp_netaccesskey_len
= wpabuf_len(auth
->net_access_key
);
1130 ssid
->dpp_netaccesskey_expiry
= auth
->net_access_key_expiry
;
1133 if (!conf
->connector
|| dpp_akm_psk(conf
->akm
) ||
1134 dpp_akm_sae(conf
->akm
)) {
1135 if (!conf
->connector
|| !dpp_akm_dpp(conf
->akm
))
1137 if (dpp_akm_psk(conf
->akm
))
1138 ssid
->key_mgmt
|= WPA_KEY_MGMT_PSK
|
1139 WPA_KEY_MGMT_PSK_SHA256
| WPA_KEY_MGMT_FT_PSK
;
1140 if (dpp_akm_sae(conf
->akm
))
1141 ssid
->key_mgmt
|= WPA_KEY_MGMT_SAE
|
1142 WPA_KEY_MGMT_FT_SAE
;
1143 ssid
->ieee80211w
= MGMT_FRAME_PROTECTION_OPTIONAL
;
1144 if (conf
->passphrase
[0]) {
1145 if (wpa_config_set_quoted(ssid
, "psk",
1146 conf
->passphrase
) < 0)
1148 wpa_config_update_psk(ssid
);
1149 ssid
->export_keys
= 1;
1151 ssid
->psk_set
= conf
->psk_set
;
1152 os_memcpy(ssid
->psk
, conf
->psk
, PMK_LEN
);
1156 os_memcpy(wpa_s
->dpp_last_ssid
, conf
->ssid
, conf
->ssid_len
);
1157 wpa_s
->dpp_last_ssid_len
= conf
->ssid_len
;
1161 wpas_notify_network_removed(wpa_s
, ssid
);
1162 wpa_config_remove_network(wpa_s
->conf
, ssid
->id
);
1167 static int wpas_dpp_process_config(struct wpa_supplicant
*wpa_s
,
1168 struct dpp_authentication
*auth
,
1169 struct dpp_config_obj
*conf
)
1171 struct wpa_ssid
*ssid
;
1173 if (wpa_s
->conf
->dpp_config_processing
< 1)
1176 ssid
= wpas_dpp_add_network(wpa_s
, auth
, conf
);
1180 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_NETWORK_ID
"%d", ssid
->id
);
1181 if (wpa_s
->conf
->dpp_config_processing
== 2)
1184 #ifndef CONFIG_NO_CONFIG_WRITE
1185 if (wpa_s
->conf
->update_config
&&
1186 wpa_config_write(wpa_s
->confname
, wpa_s
->conf
))
1187 wpa_printf(MSG_DEBUG
, "DPP: Failed to update configuration");
1188 #endif /* CONFIG_NO_CONFIG_WRITE */
1194 static void wpas_dpp_post_process_config(struct wpa_supplicant
*wpa_s
,
1195 struct dpp_authentication
*auth
)
1197 if (wpa_s
->conf
->dpp_config_processing
< 2)
1201 if (auth
->peer_version
>= 2) {
1202 wpa_printf(MSG_DEBUG
,
1203 "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result");
1204 auth
->connect_on_tx_status
= 1;
1207 #endif /* CONFIG_DPP2 */
1209 wpas_dpp_try_to_connect(wpa_s
);
1213 static int wpas_dpp_handle_config_obj(struct wpa_supplicant
*wpa_s
,
1214 struct dpp_authentication
*auth
,
1215 struct dpp_config_obj
*conf
)
1217 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_RECEIVED
);
1219 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONFOBJ_SSID
"%s",
1220 wpa_ssid_txt(conf
->ssid
, conf
->ssid_len
));
1221 if (conf
->ssid_charset
)
1222 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONFOBJ_SSID_CHARSET
"%d",
1223 conf
->ssid_charset
);
1224 if (conf
->connector
) {
1225 /* TODO: Save the Connector and consider using a command
1226 * to fetch the value instead of sending an event with
1227 * it. The Connector could end up being larger than what
1228 * most clients are ready to receive as an event
1230 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONNECTOR
"%s",
1233 if (conf
->c_sign_key
) {
1237 hexlen
= 2 * wpabuf_len(conf
->c_sign_key
) + 1;
1238 hex
= os_malloc(hexlen
);
1240 wpa_snprintf_hex(hex
, hexlen
,
1241 wpabuf_head(conf
->c_sign_key
),
1242 wpabuf_len(conf
->c_sign_key
));
1243 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_C_SIGN_KEY
"%s",
1248 if (auth
->net_access_key
) {
1252 hexlen
= 2 * wpabuf_len(auth
->net_access_key
) + 1;
1253 hex
= os_malloc(hexlen
);
1255 wpa_snprintf_hex(hex
, hexlen
,
1256 wpabuf_head(auth
->net_access_key
),
1257 wpabuf_len(auth
->net_access_key
));
1258 if (auth
->net_access_key_expiry
)
1259 wpa_msg(wpa_s
, MSG_INFO
,
1260 DPP_EVENT_NET_ACCESS_KEY
"%s %lu", hex
,
1262 auth
->net_access_key_expiry
);
1264 wpa_msg(wpa_s
, MSG_INFO
,
1265 DPP_EVENT_NET_ACCESS_KEY
"%s", hex
);
1270 return wpas_dpp_process_config(wpa_s
, auth
, conf
);
1274 static int wpas_dpp_handle_key_pkg(struct wpa_supplicant
*wpa_s
,
1275 struct dpp_asymmetric_key
*key
)
1283 wpa_printf(MSG_DEBUG
, "DPP: Received Configurator backup");
1284 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_RECEIVED
);
1287 res
= dpp_configurator_from_backup(wpa_s
->dpp
, key
);
1290 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONFIGURATOR_ID
"%d",
1294 #endif /* CONFIG_DPP2 */
1300 static void wpas_dpp_gas_resp_cb(void *ctx
, const u8
*addr
, u8 dialog_token
,
1301 enum gas_query_result result
,
1302 const struct wpabuf
*adv_proto
,
1303 const struct wpabuf
*resp
, u16 status_code
)
1305 struct wpa_supplicant
*wpa_s
= ctx
;
1307 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1309 enum dpp_status_error status
= DPP_STATUS_CONFIG_REJECTED
;
1312 wpa_s
->dpp_gas_dialog_token
= -1;
1314 if (!auth
|| !auth
->auth_success
) {
1315 wpa_printf(MSG_DEBUG
, "DPP: No matching exchange in progress");
1318 if (result
!= GAS_QUERY_SUCCESS
||
1319 !resp
|| status_code
!= WLAN_STATUS_SUCCESS
) {
1320 wpa_printf(MSG_DEBUG
, "DPP: GAS query did not succeed");
1324 wpa_hexdump_buf(MSG_DEBUG
, "DPP: Configuration Response adv_proto",
1326 wpa_hexdump_buf(MSG_DEBUG
, "DPP: Configuration Response (GAS response)",
1329 if (wpabuf_len(adv_proto
) != 10 ||
1330 !(pos
= wpabuf_head(adv_proto
)) ||
1331 pos
[0] != WLAN_EID_ADV_PROTO
||
1333 pos
[3] != WLAN_EID_VENDOR_SPECIFIC
||
1335 WPA_GET_BE24(&pos
[5]) != OUI_WFA
||
1338 wpa_printf(MSG_DEBUG
,
1339 "DPP: Not a DPP Advertisement Protocol ID");
1343 if (dpp_conf_resp_rx(auth
, resp
) < 0) {
1344 wpa_printf(MSG_DEBUG
, "DPP: Configuration attempt failed");
1348 for (i
= 0; i
< auth
->num_conf_obj
; i
++) {
1349 res
= wpas_dpp_handle_config_obj(wpa_s
, auth
,
1350 &auth
->conf_obj
[i
]);
1354 if (auth
->num_conf_obj
)
1355 wpas_dpp_post_process_config(wpa_s
, auth
);
1356 if (wpas_dpp_handle_key_pkg(wpa_s
, auth
->conf_key_pkg
) < 0)
1359 status
= DPP_STATUS_OK
;
1360 #ifdef CONFIG_TESTING_OPTIONS
1361 if (dpp_test
== DPP_TEST_REJECT_CONFIG
) {
1362 wpa_printf(MSG_INFO
, "DPP: TESTING - Reject Config Object");
1363 status
= DPP_STATUS_CONFIG_REJECTED
;
1365 #endif /* CONFIG_TESTING_OPTIONS */
1367 if (status
!= DPP_STATUS_OK
)
1368 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_FAILED
);
1370 if (auth
->peer_version
>= 2 &&
1371 auth
->conf_resp_status
== DPP_STATUS_OK
) {
1374 wpa_printf(MSG_DEBUG
, "DPP: Send DPP Configuration Result");
1375 msg
= dpp_build_conf_result(auth
, status
);
1379 wpa_msg(wpa_s
, MSG_INFO
,
1380 DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
1381 MAC2STR(addr
), auth
->curr_freq
,
1382 DPP_PA_CONFIGURATION_RESULT
);
1383 offchannel_send_action(wpa_s
, auth
->curr_freq
,
1384 addr
, wpa_s
->own_addr
, broadcast
,
1387 500, wpas_dpp_tx_status
, 0);
1390 /* This exchange will be terminated in the TX status handler */
1394 #endif /* CONFIG_DPP2 */
1395 dpp_auth_deinit(wpa_s
->dpp_auth
);
1396 wpa_s
->dpp_auth
= NULL
;
1400 static void wpas_dpp_start_gas_client(struct wpa_supplicant
*wpa_s
)
1402 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1405 int *supp_op_classes
;
1407 wpa_s
->dpp_gas_client
= 1;
1408 offchannel_send_action_done(wpa_s
);
1409 wpas_dpp_listen_stop(wpa_s
);
1411 supp_op_classes
= wpas_supp_op_classes(wpa_s
);
1412 buf
= dpp_build_conf_req_helper(auth
, wpa_s
->conf
->dpp_name
,
1414 wpa_s
->conf
->dpp_mud_url
,
1416 os_free(supp_op_classes
);
1418 wpa_printf(MSG_DEBUG
,
1419 "DPP: No configuration request data available");
1423 wpa_printf(MSG_DEBUG
, "DPP: GAS request to " MACSTR
" (freq %u MHz)",
1424 MAC2STR(auth
->peer_mac_addr
), auth
->curr_freq
);
1426 res
= gas_query_req(wpa_s
->gas
, auth
->peer_mac_addr
, auth
->curr_freq
,
1427 1, buf
, wpas_dpp_gas_resp_cb
, wpa_s
);
1429 wpa_msg(wpa_s
, MSG_DEBUG
, "GAS: Failed to send Query Request");
1432 wpa_printf(MSG_DEBUG
,
1433 "DPP: GAS query started with dialog token %u", res
);
1434 wpa_s
->dpp_gas_dialog_token
= res
;
1439 static void wpas_dpp_auth_success(struct wpa_supplicant
*wpa_s
, int initiator
)
1441 wpa_printf(MSG_DEBUG
, "DPP: Authentication succeeded");
1442 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_AUTH_SUCCESS
"init=%d", initiator
);
1443 #ifdef CONFIG_TESTING_OPTIONS
1444 if (dpp_test
== DPP_TEST_STOP_AT_AUTH_CONF
) {
1445 wpa_printf(MSG_INFO
,
1446 "DPP: TESTING - stop at Authentication Confirm");
1447 if (wpa_s
->dpp_auth
->configurator
) {
1448 /* Prevent GAS response */
1449 wpa_s
->dpp_auth
->auth_success
= 0;
1453 #endif /* CONFIG_TESTING_OPTIONS */
1455 if (wpa_s
->dpp_auth
->configurator
)
1456 wpas_dpp_start_gas_server(wpa_s
);
1458 wpas_dpp_start_gas_client(wpa_s
);
1462 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1463 const u8
*hdr
, const u8
*buf
, size_t len
,
1466 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1469 wpa_printf(MSG_DEBUG
, "DPP: Authentication Response from " MACSTR
1470 " (freq %u MHz)", MAC2STR(src
), freq
);
1473 wpa_printf(MSG_DEBUG
,
1474 "DPP: No DPP Authentication in progress - drop");
1478 if (!is_zero_ether_addr(auth
->peer_mac_addr
) &&
1479 os_memcmp(src
, auth
->peer_mac_addr
, ETH_ALEN
) != 0) {
1480 wpa_printf(MSG_DEBUG
, "DPP: MAC address mismatch (expected "
1481 MACSTR
") - drop", MAC2STR(auth
->peer_mac_addr
));
1485 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
1487 if (auth
->curr_freq
!= freq
&& auth
->neg_freq
== freq
) {
1488 wpa_printf(MSG_DEBUG
,
1489 "DPP: Responder accepted request for different negotiation channel");
1490 auth
->curr_freq
= freq
;
1493 eloop_cancel_timeout(wpas_dpp_init_timeout
, wpa_s
, NULL
);
1494 msg
= dpp_auth_resp_rx(auth
, hdr
, buf
, len
);
1496 if (auth
->auth_resp_status
== DPP_STATUS_RESPONSE_PENDING
) {
1497 wpa_printf(MSG_DEBUG
,
1498 "DPP: Start wait for full response");
1499 offchannel_send_action_done(wpa_s
);
1500 wpas_dpp_listen_start(wpa_s
, auth
->curr_freq
);
1503 wpa_printf(MSG_DEBUG
, "DPP: No confirm generated");
1506 os_memcpy(auth
->peer_mac_addr
, src
, ETH_ALEN
);
1508 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
1509 MAC2STR(src
), auth
->curr_freq
, DPP_PA_AUTHENTICATION_CONF
);
1510 offchannel_send_action(wpa_s
, auth
->curr_freq
,
1511 src
, wpa_s
->own_addr
, broadcast
,
1512 wpabuf_head(msg
), wpabuf_len(msg
),
1513 500, wpas_dpp_tx_status
, 0);
1515 wpa_s
->dpp_auth_ok_on_ack
= 1;
1519 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1520 const u8
*hdr
, const u8
*buf
, size_t len
)
1522 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1524 wpa_printf(MSG_DEBUG
, "DPP: Authentication Confirmation from " MACSTR
,
1528 wpa_printf(MSG_DEBUG
,
1529 "DPP: No DPP Authentication in progress - drop");
1533 if (os_memcmp(src
, auth
->peer_mac_addr
, ETH_ALEN
) != 0) {
1534 wpa_printf(MSG_DEBUG
, "DPP: MAC address mismatch (expected "
1535 MACSTR
") - drop", MAC2STR(auth
->peer_mac_addr
));
1539 if (dpp_auth_conf_rx(auth
, hdr
, buf
, len
) < 0) {
1540 wpa_printf(MSG_DEBUG
, "DPP: Authentication failed");
1544 wpas_dpp_auth_success(wpa_s
, 0);
1550 static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx
,
1553 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
1554 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1556 if (!auth
|| !auth
->waiting_conf_result
)
1559 wpa_printf(MSG_DEBUG
,
1560 "DPP: Timeout while waiting for Configuration Result");
1561 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_FAILED
);
1562 dpp_auth_deinit(auth
);
1563 wpa_s
->dpp_auth
= NULL
;
1567 static void wpas_dpp_conn_status_result_wait_timeout(void *eloop_ctx
,
1570 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
1571 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1573 if (!auth
|| !auth
->waiting_conn_status_result
)
1576 wpa_printf(MSG_DEBUG
,
1577 "DPP: Timeout while waiting for Connection Status Result");
1578 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONN_STATUS_RESULT
"timeout");
1579 wpas_dpp_listen_stop(wpa_s
);
1580 dpp_auth_deinit(auth
);
1581 wpa_s
->dpp_auth
= NULL
;
1585 static void wpas_dpp_rx_conf_result(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1586 const u8
*hdr
, const u8
*buf
, size_t len
)
1588 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1589 enum dpp_status_error status
;
1591 wpa_printf(MSG_DEBUG
, "DPP: Configuration Result from " MACSTR
,
1594 if (!auth
|| !auth
->waiting_conf_result
) {
1595 wpa_printf(MSG_DEBUG
,
1596 "DPP: No DPP Configuration waiting for result - drop");
1600 if (os_memcmp(src
, auth
->peer_mac_addr
, ETH_ALEN
) != 0) {
1601 wpa_printf(MSG_DEBUG
, "DPP: MAC address mismatch (expected "
1602 MACSTR
") - drop", MAC2STR(auth
->peer_mac_addr
));
1606 status
= dpp_conf_result_rx(auth
, hdr
, buf
, len
);
1608 if (status
== DPP_STATUS_OK
&& auth
->send_conn_status
) {
1609 wpa_msg(wpa_s
, MSG_INFO
,
1610 DPP_EVENT_CONF_SENT
"wait_conn_status=1");
1611 wpa_printf(MSG_DEBUG
, "DPP: Wait for Connection Status Result");
1612 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout
,
1614 auth
->waiting_conn_status_result
= 1;
1615 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout
,
1617 eloop_register_timeout(16, 0,
1618 wpas_dpp_conn_status_result_wait_timeout
,
1620 offchannel_send_action_done(wpa_s
);
1621 wpas_dpp_listen_start(wpa_s
, auth
->neg_freq
? auth
->neg_freq
:
1625 offchannel_send_action_done(wpa_s
);
1626 wpas_dpp_listen_stop(wpa_s
);
1627 if (status
== DPP_STATUS_OK
)
1628 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_SENT
);
1630 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_FAILED
);
1631 dpp_auth_deinit(auth
);
1632 wpa_s
->dpp_auth
= NULL
;
1633 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout
, wpa_s
, NULL
);
1637 static void wpas_dpp_rx_conn_status_result(struct wpa_supplicant
*wpa_s
,
1638 const u8
*src
, const u8
*hdr
,
1639 const u8
*buf
, size_t len
)
1641 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1642 enum dpp_status_error status
;
1643 u8 ssid
[SSID_MAX_LEN
];
1644 size_t ssid_len
= 0;
1645 char *channel_list
= NULL
;
1647 wpa_printf(MSG_DEBUG
, "DPP: Connection Status Result");
1649 if (!auth
|| !auth
->waiting_conn_status_result
) {
1650 wpa_printf(MSG_DEBUG
,
1651 "DPP: No DPP Configuration waiting for connection status result - drop");
1655 status
= dpp_conn_status_result_rx(auth
, hdr
, buf
, len
,
1656 ssid
, &ssid_len
, &channel_list
);
1657 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONN_STATUS_RESULT
1658 "result=%d ssid=%s channel_list=%s",
1659 status
, wpa_ssid_txt(ssid
, ssid_len
),
1660 channel_list
? channel_list
: "N/A");
1661 os_free(channel_list
);
1662 offchannel_send_action_done(wpa_s
);
1663 wpas_dpp_listen_stop(wpa_s
);
1664 dpp_auth_deinit(auth
);
1665 wpa_s
->dpp_auth
= NULL
;
1666 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout
,
1671 static int wpas_dpp_process_conf_obj(void *ctx
,
1672 struct dpp_authentication
*auth
)
1674 struct wpa_supplicant
*wpa_s
= ctx
;
1678 for (i
= 0; i
< auth
->num_conf_obj
; i
++) {
1679 res
= wpas_dpp_handle_config_obj(wpa_s
, auth
,
1680 &auth
->conf_obj
[i
]);
1685 wpas_dpp_post_process_config(wpa_s
, auth
);
1691 static void wpas_dpp_remove_bi(void *ctx
, struct dpp_bootstrap_info
*bi
)
1693 struct wpa_supplicant
*wpa_s
= ctx
;
1695 if (bi
== wpa_s
->dpp_chirp_bi
)
1696 wpas_dpp_chirp_stop(wpa_s
);
1701 wpas_dpp_rx_presence_announcement(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1702 const u8
*hdr
, const u8
*buf
, size_t len
,
1705 const u8
*r_bootstrap
;
1706 u16 r_bootstrap_len
;
1707 struct dpp_bootstrap_info
*peer_bi
;
1708 struct dpp_authentication
*auth
;
1713 if (wpa_s
->dpp_auth
) {
1714 wpa_printf(MSG_DEBUG
,
1715 "DPP: Ignore Presence Announcement during ongoing Authentication");
1719 wpa_printf(MSG_DEBUG
, "DPP: Presence Announcement from " MACSTR
,
1722 r_bootstrap
= dpp_get_attr(buf
, len
, DPP_ATTR_R_BOOTSTRAP_KEY_HASH
,
1724 if (!r_bootstrap
|| r_bootstrap_len
!= SHA256_MAC_LEN
) {
1725 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
1726 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
1729 wpa_hexdump(MSG_MSGDUMP
, "DPP: Responder Bootstrapping Key Hash",
1730 r_bootstrap
, r_bootstrap_len
);
1731 peer_bi
= dpp_bootstrap_find_chirp(wpa_s
->dpp
, r_bootstrap
);
1733 wpa_printf(MSG_DEBUG
,
1734 "DPP: No matching bootstrapping information found");
1738 auth
= dpp_auth_init(wpa_s
->dpp
, wpa_s
, peer_bi
, NULL
,
1739 DPP_CAPAB_CONFIGURATOR
, freq
, NULL
, 0);
1742 wpas_dpp_set_testing_options(wpa_s
, auth
);
1743 if (dpp_set_configurator(auth
, wpa_s
->dpp_configurator_params
) < 0) {
1744 dpp_auth_deinit(auth
);
1748 auth
->neg_freq
= freq
;
1750 if (!is_zero_ether_addr(peer_bi
->mac_addr
))
1751 os_memcpy(auth
->peer_mac_addr
, peer_bi
->mac_addr
, ETH_ALEN
);
1753 wpa_s
->dpp_auth
= auth
;
1754 if (wpas_dpp_auth_init_next(wpa_s
) < 0) {
1755 dpp_auth_deinit(wpa_s
->dpp_auth
);
1756 wpa_s
->dpp_auth
= NULL
;
1760 #endif /* CONFIG_DPP2 */
1763 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant
*wpa_s
,
1765 const u8
*buf
, size_t len
)
1767 struct wpa_ssid
*ssid
;
1768 const u8
*connector
, *trans_id
, *status
;
1769 u16 connector_len
, trans_id_len
, status_len
;
1770 struct dpp_introduction intro
;
1771 struct rsn_pmksa_cache_entry
*entry
;
1773 struct os_reltime rnow
;
1775 unsigned int seconds
;
1776 enum dpp_status_error res
;
1778 wpa_printf(MSG_DEBUG
, "DPP: Peer Discovery Response from " MACSTR
,
1780 if (is_zero_ether_addr(wpa_s
->dpp_intro_bssid
) ||
1781 os_memcmp(src
, wpa_s
->dpp_intro_bssid
, ETH_ALEN
) != 0) {
1782 wpa_printf(MSG_DEBUG
, "DPP: Not waiting for response from "
1783 MACSTR
" - drop", MAC2STR(src
));
1786 offchannel_send_action_done(wpa_s
);
1788 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
) {
1789 if (ssid
== wpa_s
->dpp_intro_network
)
1792 if (!ssid
|| !ssid
->dpp_connector
|| !ssid
->dpp_netaccesskey
||
1794 wpa_printf(MSG_DEBUG
,
1795 "DPP: Profile not found for network introduction");
1799 trans_id
= dpp_get_attr(buf
, len
, DPP_ATTR_TRANSACTION_ID
,
1801 if (!trans_id
|| trans_id_len
!= 1) {
1802 wpa_printf(MSG_DEBUG
,
1803 "DPP: Peer did not include Transaction ID");
1804 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1805 " fail=missing_transaction_id", MAC2STR(src
));
1808 if (trans_id
[0] != TRANSACTION_ID
) {
1809 wpa_printf(MSG_DEBUG
,
1810 "DPP: Ignore frame with unexpected Transaction ID %u",
1812 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1813 " fail=transaction_id_mismatch", MAC2STR(src
));
1817 status
= dpp_get_attr(buf
, len
, DPP_ATTR_STATUS
, &status_len
);
1818 if (!status
|| status_len
!= 1) {
1819 wpa_printf(MSG_DEBUG
, "DPP: Peer did not include Status");
1820 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1821 " fail=missing_status", MAC2STR(src
));
1824 if (status
[0] != DPP_STATUS_OK
) {
1825 wpa_printf(MSG_DEBUG
,
1826 "DPP: Peer rejected network introduction: Status %u",
1828 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1829 " status=%u", MAC2STR(src
), status
[0]);
1831 wpas_dpp_send_conn_status_result(wpa_s
, status
[0]);
1832 #endif /* CONFIG_DPP2 */
1836 connector
= dpp_get_attr(buf
, len
, DPP_ATTR_CONNECTOR
, &connector_len
);
1838 wpa_printf(MSG_DEBUG
,
1839 "DPP: Peer did not include its Connector");
1840 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1841 " fail=missing_connector", MAC2STR(src
));
1845 res
= dpp_peer_intro(&intro
, ssid
->dpp_connector
,
1846 ssid
->dpp_netaccesskey
,
1847 ssid
->dpp_netaccesskey_len
,
1849 ssid
->dpp_csign_len
,
1850 connector
, connector_len
, &expiry
);
1851 if (res
!= DPP_STATUS_OK
) {
1852 wpa_printf(MSG_INFO
,
1853 "DPP: Network Introduction protocol resulted in failure");
1854 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1855 " fail=peer_connector_validation_failed", MAC2STR(src
));
1857 wpas_dpp_send_conn_status_result(wpa_s
, res
);
1858 #endif /* CONFIG_DPP2 */
1862 entry
= os_zalloc(sizeof(*entry
));
1865 os_memcpy(entry
->aa
, src
, ETH_ALEN
);
1866 os_memcpy(entry
->pmkid
, intro
.pmkid
, PMKID_LEN
);
1867 os_memcpy(entry
->pmk
, intro
.pmk
, intro
.pmk_len
);
1868 entry
->pmk_len
= intro
.pmk_len
;
1869 entry
->akmp
= WPA_KEY_MGMT_DPP
;
1872 seconds
= expiry
- now
.sec
;
1874 seconds
= 86400 * 7;
1876 os_get_reltime(&rnow
);
1877 entry
->expiration
= rnow
.sec
+ seconds
;
1878 entry
->reauth_time
= rnow
.sec
+ seconds
;
1879 entry
->network_ctx
= ssid
;
1880 wpa_sm_pmksa_cache_add_entry(wpa_s
->wpa
, entry
);
1882 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1883 " status=%u", MAC2STR(src
), status
[0]);
1885 wpa_printf(MSG_DEBUG
,
1886 "DPP: Try connection again after successful network introduction");
1887 if (wpa_supplicant_fast_associate(wpa_s
) != 1) {
1888 wpa_supplicant_cancel_sched_scan(wpa_s
);
1889 wpa_supplicant_req_scan(wpa_s
, 0, 0);
1892 os_memset(&intro
, 0, sizeof(intro
));
1896 static int wpas_dpp_allow_ir(struct wpa_supplicant
*wpa_s
, unsigned int freq
)
1900 if (!wpa_s
->hw
.modes
)
1903 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
1904 struct hostapd_hw_modes
*mode
= &wpa_s
->hw
.modes
[i
];
1906 for (j
= 0; j
< mode
->num_channels
; j
++) {
1907 struct hostapd_channel_data
*chan
= &mode
->channels
[j
];
1909 if (chan
->freq
!= (int) freq
)
1912 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
1913 HOSTAPD_CHAN_NO_IR
|
1914 HOSTAPD_CHAN_RADAR
))
1921 wpa_printf(MSG_DEBUG
,
1922 "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list",
1929 static int wpas_dpp_pkex_next_channel(struct wpa_supplicant
*wpa_s
,
1930 struct dpp_pkex
*pkex
)
1932 if (pkex
->freq
== 2437)
1934 else if (pkex
->freq
== 5745)
1936 else if (pkex
->freq
== 5220)
1939 return -1; /* no more channels to try */
1941 if (wpas_dpp_allow_ir(wpa_s
, pkex
->freq
) == 1) {
1942 wpa_printf(MSG_DEBUG
, "DPP: Try to initiate on %u MHz",
1947 /* Could not use this channel - try the next one */
1948 return wpas_dpp_pkex_next_channel(wpa_s
, pkex
);
1952 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx
, void *timeout_ctx
)
1954 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
1955 struct dpp_pkex
*pkex
= wpa_s
->dpp_pkex
;
1957 if (!pkex
|| !pkex
->exchange_req
)
1959 if (pkex
->exch_req_tries
>= 5) {
1960 if (wpas_dpp_pkex_next_channel(wpa_s
, pkex
) < 0) {
1961 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
1962 "No response from PKEX peer");
1963 dpp_pkex_free(pkex
);
1964 wpa_s
->dpp_pkex
= NULL
;
1967 pkex
->exch_req_tries
= 0;
1970 pkex
->exch_req_tries
++;
1971 wpa_printf(MSG_DEBUG
, "DPP: Retransmit PKEX Exchange Request (try %u)",
1972 pkex
->exch_req_tries
);
1973 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
1974 MAC2STR(broadcast
), pkex
->freq
, DPP_PA_PKEX_EXCHANGE_REQ
);
1975 offchannel_send_action(wpa_s
, pkex
->freq
, broadcast
,
1976 wpa_s
->own_addr
, broadcast
,
1977 wpabuf_head(pkex
->exchange_req
),
1978 wpabuf_len(pkex
->exchange_req
),
1979 pkex
->exch_req_wait_time
,
1980 wpas_dpp_tx_pkex_status
, 0);
1985 wpas_dpp_tx_pkex_status(struct wpa_supplicant
*wpa_s
,
1986 unsigned int freq
, const u8
*dst
,
1987 const u8
*src
, const u8
*bssid
,
1988 const u8
*data
, size_t data_len
,
1989 enum offchannel_send_action_result result
)
1991 const char *res_txt
;
1992 struct dpp_pkex
*pkex
= wpa_s
->dpp_pkex
;
1994 res_txt
= result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
1995 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
1997 wpa_printf(MSG_DEBUG
, "DPP: TX status: freq=%u dst=" MACSTR
1998 " result=%s (PKEX)",
1999 freq
, MAC2STR(dst
), res_txt
);
2000 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX_STATUS
"dst=" MACSTR
2001 " freq=%u result=%s", MAC2STR(dst
), freq
, res_txt
);
2004 wpa_printf(MSG_DEBUG
,
2005 "DPP: Ignore TX status since there is no ongoing PKEX exchange");
2010 wpa_printf(MSG_DEBUG
,
2011 "DPP: Terminate PKEX exchange due to an earlier error");
2012 if (pkex
->t
> pkex
->own_bi
->pkex_t
)
2013 pkex
->own_bi
->pkex_t
= pkex
->t
;
2014 dpp_pkex_free(pkex
);
2015 wpa_s
->dpp_pkex
= NULL
;
2019 if (pkex
->exch_req_wait_time
&& pkex
->exchange_req
) {
2020 /* Wait for PKEX Exchange Response frame and retry request if
2021 * no response is seen. */
2022 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout
, wpa_s
, NULL
);
2023 eloop_register_timeout(pkex
->exch_req_wait_time
/ 1000,
2024 (pkex
->exch_req_wait_time
% 1000) * 1000,
2025 wpas_dpp_pkex_retry_timeout
, wpa_s
,
2032 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant
*wpa_s
, const u8
*src
,
2033 const u8
*buf
, size_t len
, unsigned int freq
)
2036 unsigned int wait_time
;
2038 wpa_printf(MSG_DEBUG
, "DPP: PKEX Exchange Request from " MACSTR
,
2041 /* TODO: Support multiple PKEX codes by iterating over all the enabled
2044 if (!wpa_s
->dpp_pkex_code
|| !wpa_s
->dpp_pkex_bi
) {
2045 wpa_printf(MSG_DEBUG
,
2046 "DPP: No PKEX code configured - ignore request");
2050 if (wpa_s
->dpp_pkex
) {
2051 /* TODO: Support parallel operations */
2052 wpa_printf(MSG_DEBUG
,
2053 "DPP: Already in PKEX session - ignore new request");
2057 wpa_s
->dpp_pkex
= dpp_pkex_rx_exchange_req(wpa_s
, wpa_s
->dpp_pkex_bi
,
2058 wpa_s
->own_addr
, src
,
2059 wpa_s
->dpp_pkex_identifier
,
2060 wpa_s
->dpp_pkex_code
,
2062 if (!wpa_s
->dpp_pkex
) {
2063 wpa_printf(MSG_DEBUG
,
2064 "DPP: Failed to process the request - ignore it");
2068 msg
= wpa_s
->dpp_pkex
->exchange_resp
;
2069 wait_time
= wpa_s
->max_remain_on_chan
;
2070 if (wait_time
> 2000)
2072 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
2073 MAC2STR(src
), freq
, DPP_PA_PKEX_EXCHANGE_RESP
);
2074 offchannel_send_action(wpa_s
, freq
, src
, wpa_s
->own_addr
,
2076 wpabuf_head(msg
), wpabuf_len(msg
),
2077 wait_time
, wpas_dpp_tx_pkex_status
, 0);
2082 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant
*wpa_s
, const u8
*src
,
2083 const u8
*buf
, size_t len
, unsigned int freq
)
2086 unsigned int wait_time
;
2088 wpa_printf(MSG_DEBUG
, "DPP: PKEX Exchange Response from " MACSTR
,
2091 /* TODO: Support multiple PKEX codes by iterating over all the enabled
2094 if (!wpa_s
->dpp_pkex
|| !wpa_s
->dpp_pkex
->initiator
||
2095 wpa_s
->dpp_pkex
->exchange_done
) {
2096 wpa_printf(MSG_DEBUG
, "DPP: No matching PKEX session");
2100 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout
, wpa_s
, NULL
);
2101 wpa_s
->dpp_pkex
->exch_req_wait_time
= 0;
2103 msg
= dpp_pkex_rx_exchange_resp(wpa_s
->dpp_pkex
, src
, buf
, len
);
2105 wpa_printf(MSG_DEBUG
, "DPP: Failed to process the response");
2109 wpa_printf(MSG_DEBUG
, "DPP: Send PKEX Commit-Reveal Request to " MACSTR
,
2112 wait_time
= wpa_s
->max_remain_on_chan
;
2113 if (wait_time
> 2000)
2115 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
2116 MAC2STR(src
), freq
, DPP_PA_PKEX_COMMIT_REVEAL_REQ
);
2117 offchannel_send_action(wpa_s
, freq
, src
, wpa_s
->own_addr
,
2119 wpabuf_head(msg
), wpabuf_len(msg
),
2120 wait_time
, wpas_dpp_tx_pkex_status
, 0);
2125 static struct dpp_bootstrap_info
*
2126 wpas_dpp_pkex_finish(struct wpa_supplicant
*wpa_s
, const u8
*peer
,
2129 struct dpp_bootstrap_info
*bi
;
2131 bi
= dpp_pkex_finish(wpa_s
->dpp
, wpa_s
->dpp_pkex
, peer
, freq
);
2134 wpa_s
->dpp_pkex
= NULL
;
2140 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant
*wpa_s
, const u8
*src
,
2141 const u8
*hdr
, const u8
*buf
, size_t len
,
2145 unsigned int wait_time
;
2146 struct dpp_pkex
*pkex
= wpa_s
->dpp_pkex
;
2148 wpa_printf(MSG_DEBUG
, "DPP: PKEX Commit-Reveal Request from " MACSTR
,
2151 if (!pkex
|| pkex
->initiator
|| !pkex
->exchange_done
) {
2152 wpa_printf(MSG_DEBUG
, "DPP: No matching PKEX session");
2156 msg
= dpp_pkex_rx_commit_reveal_req(pkex
, hdr
, buf
, len
);
2158 wpa_printf(MSG_DEBUG
, "DPP: Failed to process the request");
2160 wpa_printf(MSG_DEBUG
, "DPP: Terminate PKEX exchange");
2161 if (pkex
->t
> pkex
->own_bi
->pkex_t
)
2162 pkex
->own_bi
->pkex_t
= pkex
->t
;
2163 dpp_pkex_free(wpa_s
->dpp_pkex
);
2164 wpa_s
->dpp_pkex
= NULL
;
2169 wpa_printf(MSG_DEBUG
, "DPP: Send PKEX Commit-Reveal Response to "
2170 MACSTR
, MAC2STR(src
));
2172 wait_time
= wpa_s
->max_remain_on_chan
;
2173 if (wait_time
> 2000)
2175 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
2176 MAC2STR(src
), freq
, DPP_PA_PKEX_COMMIT_REVEAL_RESP
);
2177 offchannel_send_action(wpa_s
, freq
, src
, wpa_s
->own_addr
,
2179 wpabuf_head(msg
), wpabuf_len(msg
),
2180 wait_time
, wpas_dpp_tx_pkex_status
, 0);
2183 wpas_dpp_pkex_finish(wpa_s
, src
, freq
);
2188 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant
*wpa_s
, const u8
*src
,
2189 const u8
*hdr
, const u8
*buf
, size_t len
,
2193 struct dpp_bootstrap_info
*bi
;
2194 struct dpp_pkex
*pkex
= wpa_s
->dpp_pkex
;
2197 wpa_printf(MSG_DEBUG
, "DPP: PKEX Commit-Reveal Response from " MACSTR
,
2200 if (!pkex
|| !pkex
->initiator
|| !pkex
->exchange_done
) {
2201 wpa_printf(MSG_DEBUG
, "DPP: No matching PKEX session");
2205 res
= dpp_pkex_rx_commit_reveal_resp(pkex
, hdr
, buf
, len
);
2207 wpa_printf(MSG_DEBUG
, "DPP: Failed to process the response");
2211 bi
= wpas_dpp_pkex_finish(wpa_s
, src
, freq
);
2215 os_snprintf(cmd
, sizeof(cmd
), " peer=%u %s",
2217 wpa_s
->dpp_pkex_auth_cmd
? wpa_s
->dpp_pkex_auth_cmd
: "");
2218 wpa_printf(MSG_DEBUG
,
2219 "DPP: Start authentication after PKEX with parameters: %s",
2221 if (wpas_dpp_auth_init(wpa_s
, cmd
) < 0) {
2222 wpa_printf(MSG_DEBUG
,
2223 "DPP: Authentication initialization failed");
2224 offchannel_send_action_done(wpa_s
);
2230 void wpas_dpp_rx_action(struct wpa_supplicant
*wpa_s
, const u8
*src
,
2231 const u8
*buf
, size_t len
, unsigned int freq
)
2234 enum dpp_public_action_frame_type type
;
2236 unsigned int pkex_t
;
2238 if (len
< DPP_HDR_LEN
)
2240 if (WPA_GET_BE24(buf
) != OUI_WFA
|| buf
[3] != DPP_OUI_TYPE
)
2245 crypto_suite
= *buf
++;
2249 wpa_printf(MSG_DEBUG
,
2250 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
2252 crypto_suite
, type
, MAC2STR(src
), freq
);
2253 if (crypto_suite
!= 1) {
2254 wpa_printf(MSG_DEBUG
, "DPP: Unsupported crypto suite %u",
2256 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_RX
"src=" MACSTR
2257 " freq=%u type=%d ignore=unsupported-crypto-suite",
2258 MAC2STR(src
), freq
, type
);
2261 wpa_hexdump(MSG_MSGDUMP
, "DPP: Received message attributes", buf
, len
);
2262 if (dpp_check_attrs(buf
, len
) < 0) {
2263 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_RX
"src=" MACSTR
2264 " freq=%u type=%d ignore=invalid-attributes",
2265 MAC2STR(src
), freq
, type
);
2268 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_RX
"src=" MACSTR
" freq=%u type=%d",
2269 MAC2STR(src
), freq
, type
);
2272 case DPP_PA_AUTHENTICATION_REQ
:
2273 wpas_dpp_rx_auth_req(wpa_s
, src
, hdr
, buf
, len
, freq
);
2275 case DPP_PA_AUTHENTICATION_RESP
:
2276 wpas_dpp_rx_auth_resp(wpa_s
, src
, hdr
, buf
, len
, freq
);
2278 case DPP_PA_AUTHENTICATION_CONF
:
2279 wpas_dpp_rx_auth_conf(wpa_s
, src
, hdr
, buf
, len
);
2281 case DPP_PA_PEER_DISCOVERY_RESP
:
2282 wpas_dpp_rx_peer_disc_resp(wpa_s
, src
, buf
, len
);
2284 case DPP_PA_PKEX_EXCHANGE_REQ
:
2285 wpas_dpp_rx_pkex_exchange_req(wpa_s
, src
, buf
, len
, freq
);
2287 case DPP_PA_PKEX_EXCHANGE_RESP
:
2288 wpas_dpp_rx_pkex_exchange_resp(wpa_s
, src
, buf
, len
, freq
);
2290 case DPP_PA_PKEX_COMMIT_REVEAL_REQ
:
2291 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s
, src
, hdr
, buf
, len
,
2294 case DPP_PA_PKEX_COMMIT_REVEAL_RESP
:
2295 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s
, src
, hdr
, buf
, len
,
2299 case DPP_PA_CONFIGURATION_RESULT
:
2300 wpas_dpp_rx_conf_result(wpa_s
, src
, hdr
, buf
, len
);
2302 case DPP_PA_CONNECTION_STATUS_RESULT
:
2303 wpas_dpp_rx_conn_status_result(wpa_s
, src
, hdr
, buf
, len
);
2305 case DPP_PA_PRESENCE_ANNOUNCEMENT
:
2306 wpas_dpp_rx_presence_announcement(wpa_s
, src
, hdr
, buf
, len
,
2309 #endif /* CONFIG_DPP2 */
2311 wpa_printf(MSG_DEBUG
,
2312 "DPP: Ignored unsupported frame subtype %d", type
);
2316 if (wpa_s
->dpp_pkex
)
2317 pkex_t
= wpa_s
->dpp_pkex
->t
;
2318 else if (wpa_s
->dpp_pkex_bi
)
2319 pkex_t
= wpa_s
->dpp_pkex_bi
->pkex_t
;
2322 if (pkex_t
>= PKEX_COUNTER_T_LIMIT
) {
2323 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_PKEX_T_LIMIT
"id=0");
2324 wpas_dpp_pkex_remove(wpa_s
, "*");
2329 static struct wpabuf
*
2330 wpas_dpp_gas_req_handler(void *ctx
, const u8
*sa
, const u8
*query
,
2333 struct wpa_supplicant
*wpa_s
= ctx
;
2334 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
2335 struct wpabuf
*resp
;
2337 wpa_printf(MSG_DEBUG
, "DPP: GAS request from " MACSTR
,
2339 if (!auth
|| !auth
->auth_success
||
2340 os_memcmp(sa
, auth
->peer_mac_addr
, ETH_ALEN
) != 0) {
2341 wpa_printf(MSG_DEBUG
, "DPP: No matching exchange in progress");
2345 if (wpa_s
->dpp_auth_ok_on_ack
&& auth
->configurator
) {
2346 wpa_printf(MSG_DEBUG
,
2347 "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request");
2348 /* wpas_dpp_auth_success() would normally have been called from
2349 * TX status handler, but since there was no such handler call
2350 * yet, simply send out the event message and proceed with
2352 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_AUTH_SUCCESS
"init=1");
2353 wpa_s
->dpp_auth_ok_on_ack
= 0;
2356 wpa_hexdump(MSG_DEBUG
,
2357 "DPP: Received Configuration Request (GAS Query Request)",
2359 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_REQ_RX
"src=" MACSTR
,
2361 resp
= dpp_conf_req_rx(auth
, query
, query_len
);
2363 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_FAILED
);
2364 auth
->conf_resp
= resp
;
2370 wpas_dpp_gas_status_handler(void *ctx
, struct wpabuf
*resp
, int ok
)
2372 struct wpa_supplicant
*wpa_s
= ctx
;
2373 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
2379 if (auth
->conf_resp
!= resp
) {
2380 wpa_printf(MSG_DEBUG
,
2381 "DPP: Ignore GAS status report (ok=%d) for unknown response",
2387 wpa_printf(MSG_DEBUG
, "DPP: Configuration exchange completed (ok=%d)",
2389 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
2390 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout
, wpa_s
, NULL
);
2392 if (ok
&& auth
->peer_version
>= 2 &&
2393 auth
->conf_resp_status
== DPP_STATUS_OK
) {
2394 wpa_printf(MSG_DEBUG
, "DPP: Wait for Configuration Result");
2395 auth
->waiting_conf_result
= 1;
2396 auth
->conf_resp
= NULL
;
2398 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout
,
2400 eloop_register_timeout(2, 0,
2401 wpas_dpp_config_result_wait_timeout
,
2405 #endif /* CONFIG_DPP2 */
2406 offchannel_send_action_done(wpa_s
);
2407 wpas_dpp_listen_stop(wpa_s
);
2409 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_SENT
);
2411 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_FAILED
);
2412 dpp_auth_deinit(wpa_s
->dpp_auth
);
2413 wpa_s
->dpp_auth
= NULL
;
2418 int wpas_dpp_configurator_sign(struct wpa_supplicant
*wpa_s
, const char *cmd
)
2420 struct dpp_authentication
*auth
;
2424 auth
= dpp_alloc_auth(wpa_s
->dpp
, wpa_s
);
2428 curve
= get_param(cmd
, " curve=");
2429 wpas_dpp_set_testing_options(wpa_s
, auth
);
2430 if (dpp_set_configurator(auth
, cmd
) == 0 &&
2431 dpp_configurator_own_config(auth
, curve
, 0) == 0)
2432 ret
= wpas_dpp_handle_config_obj(wpa_s
, auth
,
2433 &auth
->conf_obj
[0]);
2435 wpas_dpp_post_process_config(wpa_s
, auth
);
2437 dpp_auth_deinit(auth
);
2445 wpas_dpp_tx_introduction_status(struct wpa_supplicant
*wpa_s
,
2446 unsigned int freq
, const u8
*dst
,
2447 const u8
*src
, const u8
*bssid
,
2448 const u8
*data
, size_t data_len
,
2449 enum offchannel_send_action_result result
)
2451 const char *res_txt
;
2453 res_txt
= result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
2454 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
2456 wpa_printf(MSG_DEBUG
, "DPP: TX status: freq=%u dst=" MACSTR
2457 " result=%s (DPP Peer Discovery Request)",
2458 freq
, MAC2STR(dst
), res_txt
);
2459 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX_STATUS
"dst=" MACSTR
2460 " freq=%u result=%s", MAC2STR(dst
), freq
, res_txt
);
2461 /* TODO: Time out wait for response more quickly in error cases? */
2465 int wpas_dpp_check_connect(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
2466 struct wpa_bss
*bss
)
2470 unsigned int wait_time
;
2472 struct wpa_ie_data ied
;
2474 if (!(ssid
->key_mgmt
& WPA_KEY_MGMT_DPP
) || !bss
)
2475 return 0; /* Not using DPP AKM - continue */
2476 rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
2477 if (rsn
&& wpa_parse_wpa_ie(rsn
, 2 + rsn
[1], &ied
) == 0 &&
2478 !(ied
.key_mgmt
& WPA_KEY_MGMT_DPP
))
2479 return 0; /* AP does not support DPP AKM - continue */
2480 if (wpa_sm_pmksa_exists(wpa_s
->wpa
, bss
->bssid
, ssid
))
2481 return 0; /* PMKSA exists for DPP AKM - continue */
2483 if (!ssid
->dpp_connector
|| !ssid
->dpp_netaccesskey
||
2485 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_MISSING_CONNECTOR
2487 !ssid
->dpp_connector
? "Connector" :
2488 (!ssid
->dpp_netaccesskey
? "netAccessKey" :
2495 if (ssid
->dpp_netaccesskey_expiry
&&
2496 (os_time_t
) ssid
->dpp_netaccesskey_expiry
< now
.sec
) {
2497 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_MISSING_CONNECTOR
2498 "netAccessKey expired");
2502 wpa_printf(MSG_DEBUG
,
2503 "DPP: Starting network introduction protocol to derive PMKSA for "
2504 MACSTR
, MAC2STR(bss
->bssid
));
2506 msg
= dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ
,
2507 5 + 4 + os_strlen(ssid
->dpp_connector
));
2511 #ifdef CONFIG_TESTING_OPTIONS
2512 if (dpp_test
== DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ
) {
2513 wpa_printf(MSG_INFO
, "DPP: TESTING - no Transaction ID");
2516 if (dpp_test
== DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ
) {
2517 wpa_printf(MSG_INFO
, "DPP: TESTING - invalid Transaction ID");
2518 wpabuf_put_le16(msg
, DPP_ATTR_TRANSACTION_ID
);
2519 wpabuf_put_le16(msg
, 0);
2522 #endif /* CONFIG_TESTING_OPTIONS */
2524 /* Transaction ID */
2525 wpabuf_put_le16(msg
, DPP_ATTR_TRANSACTION_ID
);
2526 wpabuf_put_le16(msg
, 1);
2527 wpabuf_put_u8(msg
, TRANSACTION_ID
);
2529 #ifdef CONFIG_TESTING_OPTIONS
2531 if (dpp_test
== DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ
) {
2532 wpa_printf(MSG_INFO
, "DPP: TESTING - no Connector");
2533 goto skip_connector
;
2535 if (dpp_test
== DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ
) {
2538 wpa_printf(MSG_INFO
, "DPP: TESTING - invalid Connector");
2539 connector
= dpp_corrupt_connector_signature(
2540 ssid
->dpp_connector
);
2545 wpabuf_put_le16(msg
, DPP_ATTR_CONNECTOR
);
2546 wpabuf_put_le16(msg
, os_strlen(connector
));
2547 wpabuf_put_str(msg
, connector
);
2549 goto skip_connector
;
2551 #endif /* CONFIG_TESTING_OPTIONS */
2554 wpabuf_put_le16(msg
, DPP_ATTR_CONNECTOR
);
2555 wpabuf_put_le16(msg
, os_strlen(ssid
->dpp_connector
));
2556 wpabuf_put_str(msg
, ssid
->dpp_connector
);
2558 #ifdef CONFIG_TESTING_OPTIONS
2560 #endif /* CONFIG_TESTING_OPTIONS */
2562 /* TODO: Timeout on AP response */
2563 wait_time
= wpa_s
->max_remain_on_chan
;
2564 if (wait_time
> 2000)
2566 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
2567 MAC2STR(bss
->bssid
), bss
->freq
, DPP_PA_PEER_DISCOVERY_REQ
);
2568 offchannel_send_action(wpa_s
, bss
->freq
, bss
->bssid
, wpa_s
->own_addr
,
2570 wpabuf_head(msg
), wpabuf_len(msg
),
2571 wait_time
, wpas_dpp_tx_introduction_status
, 0);
2574 /* Request this connection attempt to terminate - new one will be
2575 * started when network introduction protocol completes */
2576 os_memcpy(wpa_s
->dpp_intro_bssid
, bss
->bssid
, ETH_ALEN
);
2577 wpa_s
->dpp_intro_network
= ssid
;
2582 int wpas_dpp_pkex_add(struct wpa_supplicant
*wpa_s
, const char *cmd
)
2584 struct dpp_bootstrap_info
*own_bi
;
2585 const char *pos
, *end
;
2586 unsigned int wait_time
;
2588 pos
= os_strstr(cmd
, " own=");
2592 own_bi
= dpp_bootstrap_get_id(wpa_s
->dpp
, atoi(pos
));
2594 wpa_printf(MSG_DEBUG
,
2595 "DPP: Identified bootstrap info not found");
2598 if (own_bi
->type
!= DPP_BOOTSTRAP_PKEX
) {
2599 wpa_printf(MSG_DEBUG
,
2600 "DPP: Identified bootstrap info not for PKEX");
2603 wpa_s
->dpp_pkex_bi
= own_bi
;
2604 own_bi
->pkex_t
= 0; /* clear pending errors on new code */
2606 os_free(wpa_s
->dpp_pkex_identifier
);
2607 wpa_s
->dpp_pkex_identifier
= NULL
;
2608 pos
= os_strstr(cmd
, " identifier=");
2611 end
= os_strchr(pos
, ' ');
2614 wpa_s
->dpp_pkex_identifier
= os_malloc(end
- pos
+ 1);
2615 if (!wpa_s
->dpp_pkex_identifier
)
2617 os_memcpy(wpa_s
->dpp_pkex_identifier
, pos
, end
- pos
);
2618 wpa_s
->dpp_pkex_identifier
[end
- pos
] = '\0';
2621 pos
= os_strstr(cmd
, " code=");
2624 os_free(wpa_s
->dpp_pkex_code
);
2625 wpa_s
->dpp_pkex_code
= os_strdup(pos
+ 6);
2626 if (!wpa_s
->dpp_pkex_code
)
2629 if (os_strstr(cmd
, " init=1")) {
2630 struct dpp_pkex
*pkex
;
2633 wpa_printf(MSG_DEBUG
, "DPP: Initiating PKEX");
2634 dpp_pkex_free(wpa_s
->dpp_pkex
);
2635 wpa_s
->dpp_pkex
= dpp_pkex_init(wpa_s
, own_bi
, wpa_s
->own_addr
,
2636 wpa_s
->dpp_pkex_identifier
,
2637 wpa_s
->dpp_pkex_code
);
2638 pkex
= wpa_s
->dpp_pkex
;
2642 msg
= pkex
->exchange_req
;
2643 wait_time
= wpa_s
->max_remain_on_chan
;
2644 if (wait_time
> 2000)
2647 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
2649 MAC2STR(broadcast
), pkex
->freq
,
2650 DPP_PA_PKEX_EXCHANGE_REQ
);
2651 offchannel_send_action(wpa_s
, pkex
->freq
, broadcast
,
2652 wpa_s
->own_addr
, broadcast
,
2653 wpabuf_head(msg
), wpabuf_len(msg
),
2654 wait_time
, wpas_dpp_tx_pkex_status
, 0);
2657 pkex
->exch_req_wait_time
= wait_time
;
2658 pkex
->exch_req_tries
= 1;
2661 /* TODO: Support multiple PKEX info entries */
2663 os_free(wpa_s
->dpp_pkex_auth_cmd
);
2664 wpa_s
->dpp_pkex_auth_cmd
= os_strdup(cmd
);
2670 int wpas_dpp_pkex_remove(struct wpa_supplicant
*wpa_s
, const char *id
)
2672 unsigned int id_val
;
2674 if (os_strcmp(id
, "*") == 0) {
2682 if ((id_val
!= 0 && id_val
!= 1) || !wpa_s
->dpp_pkex_code
)
2685 /* TODO: Support multiple PKEX entries */
2686 os_free(wpa_s
->dpp_pkex_code
);
2687 wpa_s
->dpp_pkex_code
= NULL
;
2688 os_free(wpa_s
->dpp_pkex_identifier
);
2689 wpa_s
->dpp_pkex_identifier
= NULL
;
2690 os_free(wpa_s
->dpp_pkex_auth_cmd
);
2691 wpa_s
->dpp_pkex_auth_cmd
= NULL
;
2692 wpa_s
->dpp_pkex_bi
= NULL
;
2693 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
2694 dpp_pkex_free(wpa_s
->dpp_pkex
);
2695 wpa_s
->dpp_pkex
= NULL
;
2700 void wpas_dpp_stop(struct wpa_supplicant
*wpa_s
)
2702 if (wpa_s
->dpp_auth
|| wpa_s
->dpp_pkex
)
2703 offchannel_send_action_done(wpa_s
);
2704 dpp_auth_deinit(wpa_s
->dpp_auth
);
2705 wpa_s
->dpp_auth
= NULL
;
2706 dpp_pkex_free(wpa_s
->dpp_pkex
);
2707 wpa_s
->dpp_pkex
= NULL
;
2708 if (wpa_s
->dpp_gas_client
&& wpa_s
->dpp_gas_dialog_token
>= 0)
2709 gas_query_stop(wpa_s
->gas
, wpa_s
->dpp_gas_dialog_token
);
2713 int wpas_dpp_init(struct wpa_supplicant
*wpa_s
)
2715 struct dpp_global_config config
;
2718 adv_proto_id
[0] = WLAN_EID_VENDOR_SPECIFIC
;
2719 adv_proto_id
[1] = 5;
2720 WPA_PUT_BE24(&adv_proto_id
[2], OUI_WFA
);
2721 adv_proto_id
[5] = DPP_OUI_TYPE
;
2722 adv_proto_id
[6] = 0x01;
2724 if (gas_server_register(wpa_s
->gas_server
, adv_proto_id
,
2725 sizeof(adv_proto_id
), wpas_dpp_gas_req_handler
,
2726 wpas_dpp_gas_status_handler
, wpa_s
) < 0)
2729 os_memset(&config
, 0, sizeof(config
));
2730 config
.msg_ctx
= wpa_s
;
2731 config
.cb_ctx
= wpa_s
;
2733 config
.process_conf_obj
= wpas_dpp_process_conf_obj
;
2734 config
.remove_bi
= wpas_dpp_remove_bi
;
2735 #endif /* CONFIG_DPP2 */
2736 wpa_s
->dpp
= dpp_global_init(&config
);
2737 return wpa_s
->dpp
? 0 : -1;
2741 void wpas_dpp_deinit(struct wpa_supplicant
*wpa_s
)
2743 #ifdef CONFIG_TESTING_OPTIONS
2744 os_free(wpa_s
->dpp_config_obj_override
);
2745 wpa_s
->dpp_config_obj_override
= NULL
;
2746 os_free(wpa_s
->dpp_discovery_override
);
2747 wpa_s
->dpp_discovery_override
= NULL
;
2748 os_free(wpa_s
->dpp_groups_override
);
2749 wpa_s
->dpp_groups_override
= NULL
;
2750 wpa_s
->dpp_ignore_netaccesskey_mismatch
= 0;
2751 #endif /* CONFIG_TESTING_OPTIONS */
2754 dpp_global_clear(wpa_s
->dpp
);
2755 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout
, wpa_s
, NULL
);
2756 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
2757 eloop_cancel_timeout(wpas_dpp_init_timeout
, wpa_s
, NULL
);
2758 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout
, wpa_s
, NULL
);
2760 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout
, wpa_s
, NULL
);
2761 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout
,
2763 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout
, wpa_s
, NULL
);
2764 dpp_pfs_free(wpa_s
->dpp_pfs
);
2765 wpa_s
->dpp_pfs
= NULL
;
2766 wpas_dpp_chirp_stop(wpa_s
);
2767 #endif /* CONFIG_DPP2 */
2768 offchannel_send_action_done(wpa_s
);
2769 wpas_dpp_listen_stop(wpa_s
);
2770 wpas_dpp_stop(wpa_s
);
2771 wpas_dpp_pkex_remove(wpa_s
, "*");
2772 os_memset(wpa_s
->dpp_intro_bssid
, 0, ETH_ALEN
);
2773 os_free(wpa_s
->dpp_configurator_params
);
2774 wpa_s
->dpp_configurator_params
= NULL
;
2780 int wpas_dpp_controller_start(struct wpa_supplicant
*wpa_s
, const char *cmd
)
2782 struct dpp_controller_config config
;
2785 os_memset(&config
, 0, sizeof(config
));
2787 pos
= os_strstr(cmd
, " tcp_port=");
2790 config
.tcp_port
= atoi(pos
);
2793 config
.configurator_params
= wpa_s
->dpp_configurator_params
;
2794 return dpp_controller_start(wpa_s
->dpp
, &config
);
2798 static void wpas_dpp_chirp_next(void *eloop_ctx
, void *timeout_ctx
);
2800 static void wpas_dpp_chirp_timeout(void *eloop_ctx
, void *timeout_ctx
)
2802 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
2804 wpa_printf(MSG_DEBUG
, "DPP: No chirp response received");
2805 offchannel_send_action_done(wpa_s
);
2806 wpas_dpp_chirp_next(wpa_s
, NULL
);
2810 static void wpas_dpp_chirp_tx_status(struct wpa_supplicant
*wpa_s
,
2811 unsigned int freq
, const u8
*dst
,
2812 const u8
*src
, const u8
*bssid
,
2813 const u8
*data
, size_t data_len
,
2814 enum offchannel_send_action_result result
)
2816 if (result
== OFFCHANNEL_SEND_ACTION_FAILED
) {
2817 wpa_printf(MSG_DEBUG
, "DPP: Failed to send chirp on %d MHz",
2818 wpa_s
->dpp_chirp_freq
);
2819 if (eloop_register_timeout(0, 0, wpas_dpp_chirp_next
,
2821 wpas_dpp_chirp_stop(wpa_s
);
2825 wpa_printf(MSG_DEBUG
, "DPP: Chirp send completed - wait for response");
2826 if (eloop_register_timeout(2, 0, wpas_dpp_chirp_timeout
,
2828 wpas_dpp_chirp_stop(wpa_s
);
2832 static void wpas_dpp_chirp_start(struct wpa_supplicant
*wpa_s
)
2834 wpa_printf(MSG_DEBUG
, "DPP: Chirp on %d MHz", wpa_s
->dpp_chirp_freq
);
2835 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
2836 MAC2STR(broadcast
), wpa_s
->dpp_chirp_freq
,
2837 DPP_PA_PRESENCE_ANNOUNCEMENT
);
2838 if (offchannel_send_action(
2839 wpa_s
, wpa_s
->dpp_chirp_freq
, broadcast
,
2840 wpa_s
->own_addr
, broadcast
,
2841 wpabuf_head(wpa_s
->dpp_presence_announcement
),
2842 wpabuf_len(wpa_s
->dpp_presence_announcement
),
2843 2000, wpas_dpp_chirp_tx_status
, 0) < 0)
2844 wpas_dpp_chirp_stop(wpa_s
);
2848 static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant
*wpa_s
,
2849 struct wpa_scan_results
*scan_res
)
2851 struct dpp_bootstrap_info
*bi
= wpa_s
->dpp_chirp_bi
;
2853 struct hostapd_hw_modes
*mode
;
2855 struct wpa_bss
*bss
;
2860 wpa_s
->dpp_chirp_scan_done
= 1;
2862 os_free(wpa_s
->dpp_chirp_freqs
);
2863 wpa_s
->dpp_chirp_freqs
= NULL
;
2865 /* Channels from own bootstrapping info */
2866 for (i
= 0; i
< bi
->num_freq
; i
++)
2867 int_array_add_unique(&wpa_s
->dpp_chirp_freqs
, bi
->freq
[i
]);
2869 /* Preferred chirping channels */
2870 int_array_add_unique(&wpa_s
->dpp_chirp_freqs
, 2437);
2872 mode
= get_mode(wpa_s
->hw
.modes
, wpa_s
->hw
.num_modes
,
2873 HOSTAPD_MODE_IEEE80211A
, 0);
2875 int chan44
= 0, chan149
= 0;
2877 for (c
= 0; c
< mode
->num_channels
; c
++) {
2878 struct hostapd_channel_data
*chan
= &mode
->channels
[c
];
2880 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
2881 HOSTAPD_CHAN_RADAR
))
2883 if (chan
->freq
== 5220)
2885 if (chan
->freq
== 5745)
2889 int_array_add_unique(&wpa_s
->dpp_chirp_freqs
, 5745);
2891 int_array_add_unique(&wpa_s
->dpp_chirp_freqs
, 5220);
2894 mode
= get_mode(wpa_s
->hw
.modes
, wpa_s
->hw
.num_modes
,
2895 HOSTAPD_MODE_IEEE80211AD
, 0);
2897 for (c
= 0; c
< mode
->num_channels
; c
++) {
2898 struct hostapd_channel_data
*chan
= &mode
->channels
[c
];
2900 if ((chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
2901 HOSTAPD_CHAN_RADAR
)) ||
2902 chan
->freq
!= 60480)
2904 int_array_add_unique(&wpa_s
->dpp_chirp_freqs
, 60480);
2909 /* Add channels from scan results for APs that advertise Configurator
2910 * Connectivity element */
2911 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
2912 if (wpa_bss_get_vendor_ie(bss
, DPP_CC_IE_VENDOR_TYPE
))
2913 int_array_add_unique(&wpa_s
->dpp_chirp_freqs
,
2917 if (!wpa_s
->dpp_chirp_freqs
||
2918 eloop_register_timeout(0, 0, wpas_dpp_chirp_next
, wpa_s
, NULL
) < 0)
2919 wpas_dpp_chirp_stop(wpa_s
);
2923 static void wpas_dpp_chirp_next(void *eloop_ctx
, void *timeout_ctx
)
2925 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
2928 if (wpa_s
->dpp_chirp_listen
)
2929 wpas_dpp_listen_stop(wpa_s
);
2931 if (wpa_s
->dpp_chirp_freq
== 0) {
2932 if (wpa_s
->dpp_chirp_round
% 4 == 0 &&
2933 !wpa_s
->dpp_chirp_scan_done
) {
2934 wpa_printf(MSG_DEBUG
,
2935 "DPP: Update channel list for chirping");
2936 wpa_s
->scan_req
= MANUAL_SCAN_REQ
;
2937 wpa_s
->scan_res_handler
=
2938 wpas_dpp_chirp_scan_res_handler
;
2939 wpa_supplicant_req_scan(wpa_s
, 0, 0);
2942 wpa_s
->dpp_chirp_freq
= wpa_s
->dpp_chirp_freqs
[0];
2943 wpa_s
->dpp_chirp_round
++;
2944 wpa_printf(MSG_DEBUG
, "DPP: Start chirping round %d",
2945 wpa_s
->dpp_chirp_round
);
2947 for (i
= 0; wpa_s
->dpp_chirp_freqs
[i
]; i
++)
2948 if (wpa_s
->dpp_chirp_freqs
[i
] == wpa_s
->dpp_chirp_freq
)
2950 if (!wpa_s
->dpp_chirp_freqs
[i
]) {
2951 wpa_printf(MSG_DEBUG
,
2952 "DPP: Previous chirp freq %d not found",
2953 wpa_s
->dpp_chirp_freq
);
2957 if (wpa_s
->dpp_chirp_freqs
[i
]) {
2958 wpa_s
->dpp_chirp_freq
= wpa_s
->dpp_chirp_freqs
[i
];
2960 wpa_s
->dpp_chirp_iter
--;
2961 if (wpa_s
->dpp_chirp_iter
<= 0) {
2962 wpa_printf(MSG_DEBUG
,
2963 "DPP: Chirping iterations completed");
2964 wpas_dpp_chirp_stop(wpa_s
);
2967 wpa_s
->dpp_chirp_freq
= 0;
2968 wpa_s
->dpp_chirp_scan_done
= 0;
2969 if (eloop_register_timeout(30, 0, wpas_dpp_chirp_next
,
2971 wpas_dpp_chirp_stop(wpa_s
);
2974 if (wpa_s
->dpp_chirp_listen
) {
2975 wpa_printf(MSG_DEBUG
,
2976 "DPP: Listen on %d MHz during chirp 30 second wait",
2977 wpa_s
->dpp_chirp_listen
);
2978 wpas_dpp_listen_start(wpa_s
,
2979 wpa_s
->dpp_chirp_listen
);
2981 wpa_printf(MSG_DEBUG
,
2982 "DPP: Wait 30 seconds before starting the next chirping round");
2988 wpas_dpp_chirp_start(wpa_s
);
2992 int wpas_dpp_chirp(struct wpa_supplicant
*wpa_s
, const char *cmd
)
2995 int iter
= 1, listen_freq
= 0;
2996 struct dpp_bootstrap_info
*bi
;
2998 pos
= os_strstr(cmd
, " own=");
3002 bi
= dpp_bootstrap_get_id(wpa_s
->dpp
, atoi(pos
));
3004 wpa_printf(MSG_DEBUG
,
3005 "DPP: Identified bootstrap info not found");
3009 pos
= os_strstr(cmd
, " iter=");
3011 iter
= atoi(pos
+ 6);
3016 pos
= os_strstr(cmd
, " listen=");
3018 listen_freq
= atoi(pos
+ 8);
3023 wpas_dpp_chirp_stop(wpa_s
);
3024 wpa_s
->dpp_allowed_roles
= DPP_CAPAB_ENROLLEE
;
3025 wpa_s
->dpp_qr_mutual
= 0;
3026 wpa_s
->dpp_chirp_bi
= bi
;
3027 wpa_s
->dpp_presence_announcement
= dpp_build_presence_announcement(bi
);
3028 if (!wpa_s
->dpp_presence_announcement
)
3030 wpa_s
->dpp_chirp_iter
= iter
;
3031 wpa_s
->dpp_chirp_round
= 0;
3032 wpa_s
->dpp_chirp_scan_done
= 0;
3033 wpa_s
->dpp_chirp_listen
= listen_freq
;
3035 return eloop_register_timeout(0, 0, wpas_dpp_chirp_next
, wpa_s
, NULL
);
3039 void wpas_dpp_chirp_stop(struct wpa_supplicant
*wpa_s
)
3041 if (wpa_s
->dpp_presence_announcement
) {
3042 offchannel_send_action_done(wpa_s
);
3043 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CHIRP_STOPPED
);
3045 wpa_s
->dpp_chirp_bi
= NULL
;
3046 wpabuf_free(wpa_s
->dpp_presence_announcement
);
3047 wpa_s
->dpp_presence_announcement
= NULL
;
3048 if (wpa_s
->dpp_chirp_listen
)
3049 wpas_dpp_listen_stop(wpa_s
);
3050 wpa_s
->dpp_chirp_listen
= 0;
3051 wpa_s
->dpp_chirp_freq
= 0;
3052 os_free(wpa_s
->dpp_chirp_freqs
);
3053 wpa_s
->dpp_chirp_freqs
= NULL
;
3054 eloop_cancel_timeout(wpas_dpp_chirp_next
, wpa_s
, NULL
);
3055 eloop_cancel_timeout(wpas_dpp_chirp_timeout
, wpa_s
, NULL
);
3056 if (wpa_s
->scan_res_handler
== wpas_dpp_chirp_scan_res_handler
) {
3057 wpas_abort_ongoing_scan(wpa_s
);
3058 wpa_s
->scan_res_handler
= NULL
;
3062 #endif /* CONFIG_DPP2 */