]> git.ipfire.org Git - thirdparty/hostap.git/blob - wpa_supplicant/dpp_supplicant.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
DPP2: Add Connector and C-sign-key in psk/sae credentials for reconfig
[thirdparty/hostap.git] / wpa_supplicant / dpp_supplicant.c
1 /*
2 * wpa_supplicant - DPP
3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 * Copyright (c) 2018-2020, The Linux Foundation
5 *
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
8 */
9
10 #include "utils/includes.h"
11
12 #include "utils/common.h"
13 #include "utils/eloop.h"
14 #include "utils/ip_addr.h"
15 #include "common/dpp.h"
16 #include "common/gas.h"
17 #include "common/gas_server.h"
18 #include "rsn_supp/wpa.h"
19 #include "rsn_supp/pmksa_cache.h"
20 #include "wpa_supplicant_i.h"
21 #include "config.h"
22 #include "driver_i.h"
23 #include "offchannel.h"
24 #include "gas_query.h"
25 #include "bss.h"
26 #include "scan.h"
27 #include "notify.h"
28 #include "dpp_supplicant.h"
29
30
31 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
32 unsigned int freq);
33 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
34 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
35 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
36 unsigned int freq, const u8 *dst,
37 const u8 *src, const u8 *bssid,
38 const u8 *data, size_t data_len,
39 enum offchannel_send_action_result result);
40 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
41 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s);
42 static void
43 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
44 unsigned int freq, const u8 *dst,
45 const u8 *src, const u8 *bssid,
46 const u8 *data, size_t data_len,
47 enum offchannel_send_action_result result);
48
49 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
50
51 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
52 * a single transaction in progress at any point in time. */
53 static const u8 TRANSACTION_ID = 1;
54
55
56 /**
57 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
58 * @wpa_s: Pointer to wpa_supplicant data
59 * @cmd: DPP URI read from a QR Code
60 * Returns: Identifier of the stored info or -1 on failure
61 */
62 int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
63 {
64 struct dpp_bootstrap_info *bi;
65 struct dpp_authentication *auth = wpa_s->dpp_auth;
66
67 bi = dpp_add_qr_code(wpa_s->dpp, cmd);
68 if (!bi)
69 return -1;
70
71 if (auth && auth->response_pending &&
72 dpp_notify_new_qr_code(auth, bi) == 1) {
73 wpa_printf(MSG_DEBUG,
74 "DPP: Sending out pending authentication response");
75 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
76 " freq=%u type=%d",
77 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
78 DPP_PA_AUTHENTICATION_RESP);
79 offchannel_send_action(wpa_s, auth->curr_freq,
80 auth->peer_mac_addr, wpa_s->own_addr,
81 broadcast,
82 wpabuf_head(auth->resp_msg),
83 wpabuf_len(auth->resp_msg),
84 500, wpas_dpp_tx_status, 0);
85 }
86
87 return bi->id;
88 }
89
90
91 /**
92 * wpas_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI)
93 * @wpa_s: Pointer to wpa_supplicant data
94 * @cmd: DPP URI read from a NFC Tag (URI NDEF message)
95 * Returns: Identifier of the stored info or -1 on failure
96 */
97 int wpas_dpp_nfc_uri(struct wpa_supplicant *wpa_s, const char *cmd)
98 {
99 struct dpp_bootstrap_info *bi;
100
101 bi = dpp_add_nfc_uri(wpa_s->dpp, cmd);
102 if (!bi)
103 return -1;
104
105 return bi->id;
106 }
107
108
109 int wpas_dpp_nfc_handover_req(struct wpa_supplicant *wpa_s, const char *cmd)
110 {
111 const char *pos;
112 struct dpp_bootstrap_info *peer_bi, *own_bi;
113
114 pos = os_strstr(cmd, " own=");
115 if (!pos)
116 return -1;
117 pos += 5;
118 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
119 if (!own_bi)
120 return -1;
121
122 pos = os_strstr(cmd, " uri=");
123 if (!pos)
124 return -1;
125 pos += 5;
126 peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
127 if (!peer_bi) {
128 wpa_printf(MSG_INFO,
129 "DPP: Failed to parse URI from NFC Handover Request");
130 return -1;
131 }
132
133 if (dpp_nfc_update_bi(own_bi, peer_bi) < 0)
134 return -1;
135
136 return peer_bi->id;
137 }
138
139
140 int wpas_dpp_nfc_handover_sel(struct wpa_supplicant *wpa_s, const char *cmd)
141 {
142 const char *pos;
143 struct dpp_bootstrap_info *peer_bi, *own_bi;
144
145 pos = os_strstr(cmd, " own=");
146 if (!pos)
147 return -1;
148 pos += 5;
149 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
150 if (!own_bi)
151 return -1;
152
153 pos = os_strstr(cmd, " uri=");
154 if (!pos)
155 return -1;
156 pos += 5;
157 peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
158 if (!peer_bi) {
159 wpa_printf(MSG_INFO,
160 "DPP: Failed to parse URI from NFC Handover Select");
161 return -1;
162 }
163
164 if (peer_bi->curve != own_bi->curve) {
165 wpa_printf(MSG_INFO,
166 "DPP: Peer (NFC Handover Selector) used different curve");
167 return -1;
168 }
169
170 return peer_bi->id;
171 }
172
173
174 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx)
175 {
176 struct wpa_supplicant *wpa_s = eloop_ctx;
177 struct dpp_authentication *auth = wpa_s->dpp_auth;
178
179 if (!auth || !auth->resp_msg)
180 return;
181
182 wpa_printf(MSG_DEBUG,
183 "DPP: Retry Authentication Response after timeout");
184 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
185 " freq=%u type=%d",
186 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
187 DPP_PA_AUTHENTICATION_RESP);
188 offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr,
189 wpa_s->own_addr, broadcast,
190 wpabuf_head(auth->resp_msg),
191 wpabuf_len(auth->resp_msg),
192 500, wpas_dpp_tx_status, 0);
193 }
194
195
196 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s)
197 {
198 struct dpp_authentication *auth = wpa_s->dpp_auth;
199 unsigned int wait_time, max_tries;
200
201 if (!auth || !auth->resp_msg)
202 return;
203
204 if (wpa_s->dpp_resp_max_tries)
205 max_tries = wpa_s->dpp_resp_max_tries;
206 else
207 max_tries = 5;
208 auth->auth_resp_tries++;
209 if (auth->auth_resp_tries >= max_tries) {
210 wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange");
211 offchannel_send_action_done(wpa_s);
212 dpp_auth_deinit(wpa_s->dpp_auth);
213 wpa_s->dpp_auth = NULL;
214 return;
215 }
216
217 if (wpa_s->dpp_resp_retry_time)
218 wait_time = wpa_s->dpp_resp_retry_time;
219 else
220 wait_time = 1000;
221 wpa_printf(MSG_DEBUG,
222 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
223 wait_time);
224 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
225 eloop_register_timeout(wait_time / 1000,
226 (wait_time % 1000) * 1000,
227 wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
228 }
229
230
231 static void wpas_dpp_try_to_connect(struct wpa_supplicant *wpa_s)
232 {
233 wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network");
234 wpa_s->suitable_network = 0;
235 wpa_s->no_suitable_network = 0;
236 wpa_s->disconnected = 0;
237 wpa_s->reassociate = 1;
238 wpa_s->scan_runs = 0;
239 wpa_s->normal_scans = 0;
240 wpa_supplicant_cancel_sched_scan(wpa_s);
241 wpa_supplicant_req_scan(wpa_s, 0, 0);
242 }
243
244
245 #ifdef CONFIG_DPP2
246
247 static void wpas_dpp_conn_status_result_timeout(void *eloop_ctx,
248 void *timeout_ctx)
249 {
250 struct wpa_supplicant *wpa_s = eloop_ctx;
251 struct dpp_authentication *auth = wpa_s->dpp_auth;
252 enum dpp_status_error result;
253
254 if (!auth || !auth->conn_status_requested)
255 return;
256
257 wpa_printf(MSG_DEBUG,
258 "DPP: Connection timeout - report Connection Status Result");
259 if (wpa_s->suitable_network)
260 result = DPP_STATUS_AUTH_FAILURE;
261 else if (wpa_s->no_suitable_network)
262 result = DPP_STATUS_NO_AP;
263 else
264 result = 255; /* What to report here for unexpected state? */
265 if (wpa_s->wpa_state == WPA_SCANNING)
266 wpas_abort_ongoing_scan(wpa_s);
267 wpas_dpp_send_conn_status_result(wpa_s, result);
268 }
269
270
271 static char * wpas_dpp_scan_channel_list(struct wpa_supplicant *wpa_s)
272 {
273 char *str, *end, *pos;
274 size_t len;
275 unsigned int i;
276 u8 last_op_class = 0;
277 int res;
278
279 if (!wpa_s->last_scan_freqs || !wpa_s->num_last_scan_freqs)
280 return NULL;
281
282 len = wpa_s->num_last_scan_freqs * 8;
283 str = os_zalloc(len);
284 if (!str)
285 return NULL;
286 end = str + len;
287 pos = str;
288
289 for (i = 0; i < wpa_s->num_last_scan_freqs; i++) {
290 enum hostapd_hw_mode mode;
291 u8 op_class, channel;
292
293 mode = ieee80211_freq_to_channel_ext(wpa_s->last_scan_freqs[i],
294 0, 0, &op_class, &channel);
295 if (mode == NUM_HOSTAPD_MODES)
296 continue;
297 if (op_class == last_op_class)
298 res = os_snprintf(pos, end - pos, ",%d", channel);
299 else
300 res = os_snprintf(pos, end - pos, "%s%d/%d",
301 pos == str ? "" : ",",
302 op_class, channel);
303 if (os_snprintf_error(end - pos, res)) {
304 *pos = '\0';
305 break;
306 }
307 pos += res;
308 last_op_class = op_class;
309 }
310
311 if (pos == str) {
312 os_free(str);
313 str = NULL;
314 }
315 return str;
316 }
317
318
319 void wpas_dpp_send_conn_status_result(struct wpa_supplicant *wpa_s,
320 enum dpp_status_error result)
321 {
322 struct wpabuf *msg;
323 const char *channel_list = NULL;
324 char *channel_list_buf = NULL;
325 struct wpa_ssid *ssid = wpa_s->current_ssid;
326 struct dpp_authentication *auth = wpa_s->dpp_auth;
327
328 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
329
330 if (!auth || !auth->conn_status_requested)
331 return;
332 auth->conn_status_requested = 0;
333 wpa_printf(MSG_DEBUG, "DPP: Report connection status result %d",
334 result);
335
336 if (result == DPP_STATUS_NO_AP) {
337 channel_list_buf = wpas_dpp_scan_channel_list(wpa_s);
338 channel_list = channel_list_buf;
339 }
340
341 msg = dpp_build_conn_status_result(auth, result,
342 ssid ? ssid->ssid :
343 wpa_s->dpp_last_ssid,
344 ssid ? ssid->ssid_len :
345 wpa_s->dpp_last_ssid_len,
346 channel_list);
347 os_free(channel_list_buf);
348 if (!msg) {
349 dpp_auth_deinit(wpa_s->dpp_auth);
350 wpa_s->dpp_auth = NULL;
351 return;
352 }
353
354 wpa_msg(wpa_s, MSG_INFO,
355 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
356 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
357 DPP_PA_CONNECTION_STATUS_RESULT);
358 offchannel_send_action(wpa_s, auth->curr_freq,
359 auth->peer_mac_addr, wpa_s->own_addr, broadcast,
360 wpabuf_head(msg), wpabuf_len(msg),
361 500, wpas_dpp_tx_status, 0);
362 wpabuf_free(msg);
363
364 /* This exchange will be terminated in the TX status handler */
365 auth->remove_on_tx_status = 1;
366
367 return;
368 }
369
370
371 void wpas_dpp_connected(struct wpa_supplicant *wpa_s)
372 {
373 struct dpp_authentication *auth = wpa_s->dpp_auth;
374
375 if (auth && auth->conn_status_requested)
376 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_OK);
377 }
378
379 #endif /* CONFIG_DPP2 */
380
381
382 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
383 unsigned int freq, const u8 *dst,
384 const u8 *src, const u8 *bssid,
385 const u8 *data, size_t data_len,
386 enum offchannel_send_action_result result)
387 {
388 const char *res_txt;
389 struct dpp_authentication *auth = wpa_s->dpp_auth;
390
391 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
392 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
393 "FAILED");
394 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
395 " result=%s", freq, MAC2STR(dst), res_txt);
396 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
397 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
398
399 if (!wpa_s->dpp_auth) {
400 wpa_printf(MSG_DEBUG,
401 "DPP: Ignore TX status since there is no ongoing authentication exchange");
402 return;
403 }
404
405 #ifdef CONFIG_DPP2
406 if (auth->connect_on_tx_status) {
407 auth->connect_on_tx_status = 0;
408 wpa_printf(MSG_DEBUG,
409 "DPP: Try to connect after completed configuration result");
410 wpas_dpp_try_to_connect(wpa_s);
411 if (auth->conn_status_requested) {
412 wpa_printf(MSG_DEBUG,
413 "DPP: Start 15 second timeout for reporting connection status result");
414 eloop_cancel_timeout(
415 wpas_dpp_conn_status_result_timeout,
416 wpa_s, NULL);
417 eloop_register_timeout(
418 15, 0, wpas_dpp_conn_status_result_timeout,
419 wpa_s, NULL);
420 } else {
421 dpp_auth_deinit(wpa_s->dpp_auth);
422 wpa_s->dpp_auth = NULL;
423 }
424 return;
425 }
426 #endif /* CONFIG_DPP2 */
427
428 if (wpa_s->dpp_auth->remove_on_tx_status) {
429 wpa_printf(MSG_DEBUG,
430 "DPP: Terminate authentication exchange due to a request to do so on TX status");
431 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
432 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
433 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
434 NULL);
435 offchannel_send_action_done(wpa_s);
436 dpp_auth_deinit(wpa_s->dpp_auth);
437 wpa_s->dpp_auth = NULL;
438 return;
439 }
440
441 if (wpa_s->dpp_auth_ok_on_ack)
442 wpas_dpp_auth_success(wpa_s, 1);
443
444 if (!is_broadcast_ether_addr(dst) &&
445 result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
446 wpa_printf(MSG_DEBUG,
447 "DPP: Unicast DPP Action frame was not ACKed");
448 if (auth->waiting_auth_resp) {
449 /* In case of DPP Authentication Request frame, move to
450 * the next channel immediately. */
451 offchannel_send_action_done(wpa_s);
452 wpas_dpp_auth_init_next(wpa_s);
453 return;
454 }
455 if (auth->waiting_auth_conf) {
456 wpas_dpp_auth_resp_retry(wpa_s);
457 return;
458 }
459 }
460
461 if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp &&
462 result == OFFCHANNEL_SEND_ACTION_SUCCESS) {
463 /* Allow timeout handling to stop iteration if no response is
464 * received from a peer that has ACKed a request. */
465 auth->auth_req_ack = 1;
466 }
467
468 if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
469 wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
470 wpa_printf(MSG_DEBUG,
471 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
472 wpa_s->dpp_auth->curr_freq,
473 wpa_s->dpp_auth->neg_freq);
474 offchannel_send_action_done(wpa_s);
475 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->neg_freq);
476 }
477
478 if (wpa_s->dpp_auth_ok_on_ack)
479 wpa_s->dpp_auth_ok_on_ack = 0;
480 }
481
482
483 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
484 {
485 struct wpa_supplicant *wpa_s = eloop_ctx;
486 struct dpp_authentication *auth = wpa_s->dpp_auth;
487 unsigned int freq;
488 struct os_reltime now, diff;
489 unsigned int wait_time, diff_ms;
490
491 if (!auth || !auth->waiting_auth_resp)
492 return;
493
494 wait_time = wpa_s->dpp_resp_wait_time ?
495 wpa_s->dpp_resp_wait_time : 2000;
496 os_get_reltime(&now);
497 os_reltime_sub(&now, &wpa_s->dpp_last_init, &diff);
498 diff_ms = diff.sec * 1000 + diff.usec / 1000;
499 wpa_printf(MSG_DEBUG,
500 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
501 wait_time, diff_ms);
502
503 if (auth->auth_req_ack && diff_ms >= wait_time) {
504 /* Peer ACK'ed Authentication Request frame, but did not reply
505 * with Authentication Response frame within two seconds. */
506 wpa_printf(MSG_INFO,
507 "DPP: No response received from responder - stopping initiation attempt");
508 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
509 offchannel_send_action_done(wpa_s);
510 wpas_dpp_listen_stop(wpa_s);
511 dpp_auth_deinit(auth);
512 wpa_s->dpp_auth = NULL;
513 return;
514 }
515
516 if (diff_ms >= wait_time) {
517 /* Authentication Request frame was not ACK'ed and no reply
518 * was receiving within two seconds. */
519 wpa_printf(MSG_DEBUG,
520 "DPP: Continue Initiator channel iteration");
521 offchannel_send_action_done(wpa_s);
522 wpas_dpp_listen_stop(wpa_s);
523 wpas_dpp_auth_init_next(wpa_s);
524 return;
525 }
526
527 /* Driver did not support 2000 ms long wait_time with TX command, so
528 * schedule listen operation to continue waiting for the response.
529 *
530 * DPP listen operations continue until stopped, so simply schedule a
531 * new call to this function at the point when the two second reply
532 * wait has expired. */
533 wait_time -= diff_ms;
534
535 freq = auth->curr_freq;
536 if (auth->neg_freq > 0)
537 freq = auth->neg_freq;
538 wpa_printf(MSG_DEBUG,
539 "DPP: Continue reply wait on channel %u MHz for %u ms",
540 freq, wait_time);
541 wpa_s->dpp_in_response_listen = 1;
542 wpas_dpp_listen_start(wpa_s, freq);
543
544 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
545 wpas_dpp_reply_wait_timeout, wpa_s, NULL);
546 }
547
548
549 static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
550 struct dpp_authentication *auth)
551 {
552 #ifdef CONFIG_TESTING_OPTIONS
553 if (wpa_s->dpp_config_obj_override)
554 auth->config_obj_override =
555 os_strdup(wpa_s->dpp_config_obj_override);
556 if (wpa_s->dpp_discovery_override)
557 auth->discovery_override =
558 os_strdup(wpa_s->dpp_discovery_override);
559 if (wpa_s->dpp_groups_override)
560 auth->groups_override =
561 os_strdup(wpa_s->dpp_groups_override);
562 auth->ignore_netaccesskey_mismatch =
563 wpa_s->dpp_ignore_netaccesskey_mismatch;
564 #endif /* CONFIG_TESTING_OPTIONS */
565 }
566
567
568 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
569 {
570 struct wpa_supplicant *wpa_s = eloop_ctx;
571
572 if (!wpa_s->dpp_auth)
573 return;
574 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
575 wpas_dpp_auth_init_next(wpa_s);
576 }
577
578
579 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
580 {
581 struct dpp_authentication *auth = wpa_s->dpp_auth;
582 const u8 *dst;
583 unsigned int wait_time, max_wait_time, freq, max_tries, used;
584 struct os_reltime now, diff;
585
586 wpa_s->dpp_in_response_listen = 0;
587 if (!auth)
588 return -1;
589
590 if (auth->freq_idx == 0)
591 os_get_reltime(&wpa_s->dpp_init_iter_start);
592
593 if (auth->freq_idx >= auth->num_freq) {
594 auth->num_freq_iters++;
595 if (wpa_s->dpp_init_max_tries)
596 max_tries = wpa_s->dpp_init_max_tries;
597 else
598 max_tries = 5;
599 if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
600 wpa_printf(MSG_INFO,
601 "DPP: No response received from responder - stopping initiation attempt");
602 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
603 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout,
604 wpa_s, NULL);
605 offchannel_send_action_done(wpa_s);
606 dpp_auth_deinit(wpa_s->dpp_auth);
607 wpa_s->dpp_auth = NULL;
608 return -1;
609 }
610 auth->freq_idx = 0;
611 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
612 if (wpa_s->dpp_init_retry_time)
613 wait_time = wpa_s->dpp_init_retry_time;
614 else
615 wait_time = 10000;
616 os_get_reltime(&now);
617 os_reltime_sub(&now, &wpa_s->dpp_init_iter_start, &diff);
618 used = diff.sec * 1000 + diff.usec / 1000;
619 if (used > wait_time)
620 wait_time = 0;
621 else
622 wait_time -= used;
623 wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms",
624 wait_time);
625 eloop_register_timeout(wait_time / 1000,
626 (wait_time % 1000) * 1000,
627 wpas_dpp_init_timeout, wpa_s,
628 NULL);
629 return 0;
630 }
631 freq = auth->freq[auth->freq_idx++];
632 auth->curr_freq = freq;
633
634 if (is_zero_ether_addr(auth->peer_bi->mac_addr))
635 dst = broadcast;
636 else
637 dst = auth->peer_bi->mac_addr;
638 wpa_s->dpp_auth_ok_on_ack = 0;
639 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
640 wait_time = wpa_s->max_remain_on_chan;
641 max_wait_time = wpa_s->dpp_resp_wait_time ?
642 wpa_s->dpp_resp_wait_time : 2000;
643 if (wait_time > max_wait_time)
644 wait_time = max_wait_time;
645 wait_time += 10; /* give the driver some extra time to complete */
646 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
647 wpas_dpp_reply_wait_timeout,
648 wpa_s, NULL);
649 wait_time -= 10;
650 if (auth->neg_freq > 0 && freq != auth->neg_freq) {
651 wpa_printf(MSG_DEBUG,
652 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
653 freq, auth->neg_freq);
654 }
655 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
656 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
657 auth->auth_req_ack = 0;
658 os_get_reltime(&wpa_s->dpp_last_init);
659 return offchannel_send_action(wpa_s, freq, dst,
660 wpa_s->own_addr, broadcast,
661 wpabuf_head(auth->req_msg),
662 wpabuf_len(auth->req_msg),
663 wait_time, wpas_dpp_tx_status, 0);
664 }
665
666
667 int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
668 {
669 const char *pos;
670 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
671 struct dpp_authentication *auth;
672 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
673 unsigned int neg_freq = 0;
674 int tcp = 0;
675 #ifdef CONFIG_DPP2
676 int tcp_port = DPP_TCP_PORT;
677 struct hostapd_ip_addr ipaddr;
678 char *addr;
679 #endif /* CONFIG_DPP2 */
680
681 wpa_s->dpp_gas_client = 0;
682
683 pos = os_strstr(cmd, " peer=");
684 if (!pos)
685 return -1;
686 pos += 6;
687 peer_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
688 if (!peer_bi) {
689 wpa_printf(MSG_INFO,
690 "DPP: Could not find bootstrapping info for the identified peer");
691 return -1;
692 }
693
694 #ifdef CONFIG_DPP2
695 pos = os_strstr(cmd, " tcp_port=");
696 if (pos) {
697 pos += 10;
698 tcp_port = atoi(pos);
699 }
700
701 addr = get_param(cmd, " tcp_addr=");
702 if (addr) {
703 int res;
704
705 res = hostapd_parse_ip_addr(addr, &ipaddr);
706 os_free(addr);
707 if (res)
708 return -1;
709 tcp = 1;
710 }
711 #endif /* CONFIG_DPP2 */
712
713 pos = os_strstr(cmd, " own=");
714 if (pos) {
715 pos += 5;
716 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
717 if (!own_bi) {
718 wpa_printf(MSG_INFO,
719 "DPP: Could not find bootstrapping info for the identified local entry");
720 return -1;
721 }
722
723 if (peer_bi->curve != own_bi->curve) {
724 wpa_printf(MSG_INFO,
725 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
726 peer_bi->curve->name, own_bi->curve->name);
727 return -1;
728 }
729 }
730
731 pos = os_strstr(cmd, " role=");
732 if (pos) {
733 pos += 6;
734 if (os_strncmp(pos, "configurator", 12) == 0)
735 allowed_roles = DPP_CAPAB_CONFIGURATOR;
736 else if (os_strncmp(pos, "enrollee", 8) == 0)
737 allowed_roles = DPP_CAPAB_ENROLLEE;
738 else if (os_strncmp(pos, "either", 6) == 0)
739 allowed_roles = DPP_CAPAB_CONFIGURATOR |
740 DPP_CAPAB_ENROLLEE;
741 else
742 goto fail;
743 }
744
745 pos = os_strstr(cmd, " netrole=");
746 if (pos) {
747 pos += 9;
748 if (os_strncmp(pos, "ap", 2) == 0)
749 wpa_s->dpp_netrole = DPP_NETROLE_AP;
750 else if (os_strncmp(pos, "configurator", 12) == 0)
751 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
752 else
753 wpa_s->dpp_netrole = DPP_NETROLE_STA;
754 } else {
755 wpa_s->dpp_netrole = DPP_NETROLE_STA;
756 }
757
758 pos = os_strstr(cmd, " neg_freq=");
759 if (pos)
760 neg_freq = atoi(pos + 10);
761
762 if (!tcp && wpa_s->dpp_auth) {
763 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
764 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
765 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
766 NULL);
767 offchannel_send_action_done(wpa_s);
768 dpp_auth_deinit(wpa_s->dpp_auth);
769 wpa_s->dpp_auth = NULL;
770 }
771
772 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles,
773 neg_freq, wpa_s->hw.modes, wpa_s->hw.num_modes);
774 if (!auth)
775 goto fail;
776 wpas_dpp_set_testing_options(wpa_s, auth);
777 if (dpp_set_configurator(auth, cmd) < 0) {
778 dpp_auth_deinit(auth);
779 goto fail;
780 }
781
782 auth->neg_freq = neg_freq;
783
784 if (!is_zero_ether_addr(peer_bi->mac_addr))
785 os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN);
786
787 #ifdef CONFIG_DPP2
788 if (tcp)
789 return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port);
790 #endif /* CONFIG_DPP2 */
791
792 wpa_s->dpp_auth = auth;
793 return wpas_dpp_auth_init_next(wpa_s);
794 fail:
795 return -1;
796 }
797
798
799 struct wpas_dpp_listen_work {
800 unsigned int freq;
801 unsigned int duration;
802 struct wpabuf *probe_resp_ie;
803 };
804
805
806 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
807 {
808 if (!lwork)
809 return;
810 os_free(lwork);
811 }
812
813
814 static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
815 {
816 struct wpas_dpp_listen_work *lwork;
817
818 if (!wpa_s->dpp_listen_work)
819 return;
820
821 lwork = wpa_s->dpp_listen_work->ctx;
822 wpas_dpp_listen_work_free(lwork);
823 radio_work_done(wpa_s->dpp_listen_work);
824 wpa_s->dpp_listen_work = NULL;
825 }
826
827
828 static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
829 {
830 struct wpa_supplicant *wpa_s = work->wpa_s;
831 struct wpas_dpp_listen_work *lwork = work->ctx;
832
833 if (deinit) {
834 if (work->started) {
835 wpa_s->dpp_listen_work = NULL;
836 wpas_dpp_listen_stop(wpa_s);
837 }
838 wpas_dpp_listen_work_free(lwork);
839 return;
840 }
841
842 wpa_s->dpp_listen_work = work;
843
844 wpa_s->dpp_pending_listen_freq = lwork->freq;
845
846 if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
847 wpa_s->max_remain_on_chan) < 0) {
848 wpa_printf(MSG_DEBUG,
849 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
850 lwork->freq);
851 wpa_s->dpp_listen_freq = 0;
852 wpas_dpp_listen_work_done(wpa_s);
853 wpa_s->dpp_pending_listen_freq = 0;
854 return;
855 }
856 wpa_s->off_channel_freq = 0;
857 wpa_s->roc_waiting_drv_freq = lwork->freq;
858 }
859
860
861 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
862 unsigned int freq)
863 {
864 struct wpas_dpp_listen_work *lwork;
865
866 if (wpa_s->dpp_listen_work) {
867 wpa_printf(MSG_DEBUG,
868 "DPP: Reject start_listen since dpp_listen_work already exists");
869 return -1;
870 }
871
872 if (wpa_s->dpp_listen_freq)
873 wpas_dpp_listen_stop(wpa_s);
874 wpa_s->dpp_listen_freq = freq;
875
876 lwork = os_zalloc(sizeof(*lwork));
877 if (!lwork)
878 return -1;
879 lwork->freq = freq;
880
881 if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
882 lwork) < 0) {
883 wpas_dpp_listen_work_free(lwork);
884 return -1;
885 }
886
887 return 0;
888 }
889
890
891 int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
892 {
893 int freq;
894
895 freq = atoi(cmd);
896 if (freq <= 0)
897 return -1;
898
899 if (os_strstr(cmd, " role=configurator"))
900 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
901 else if (os_strstr(cmd, " role=enrollee"))
902 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
903 else
904 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
905 DPP_CAPAB_ENROLLEE;
906 wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
907 if (os_strstr(cmd, " netrole=ap"))
908 wpa_s->dpp_netrole = DPP_NETROLE_AP;
909 else if (os_strstr(cmd, " netrole=configurator"))
910 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
911 else
912 wpa_s->dpp_netrole = DPP_NETROLE_STA;
913 if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
914 wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
915 freq);
916 return 0;
917 }
918
919 return wpas_dpp_listen_start(wpa_s, freq);
920 }
921
922
923 void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
924 {
925 wpa_s->dpp_in_response_listen = 0;
926 if (!wpa_s->dpp_listen_freq)
927 return;
928
929 wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
930 wpa_s->dpp_listen_freq);
931 wpa_drv_cancel_remain_on_channel(wpa_s);
932 wpa_s->dpp_listen_freq = 0;
933 wpas_dpp_listen_work_done(wpa_s);
934 }
935
936
937 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
938 unsigned int freq)
939 {
940 wpas_dpp_listen_work_done(wpa_s);
941
942 if (wpa_s->dpp_auth && wpa_s->dpp_in_response_listen) {
943 unsigned int new_freq;
944
945 /* Continue listen with a new remain-on-channel */
946 if (wpa_s->dpp_auth->neg_freq > 0)
947 new_freq = wpa_s->dpp_auth->neg_freq;
948 else
949 new_freq = wpa_s->dpp_auth->curr_freq;
950 wpa_printf(MSG_DEBUG,
951 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
952 new_freq);
953 wpas_dpp_listen_start(wpa_s, new_freq);
954 return;
955 }
956
957 if (wpa_s->dpp_listen_freq) {
958 /* Continue listen with a new remain-on-channel */
959 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
960 }
961 }
962
963
964 static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
965 const u8 *hdr, const u8 *buf, size_t len,
966 unsigned int freq)
967 {
968 const u8 *r_bootstrap, *i_bootstrap;
969 u16 r_bootstrap_len, i_bootstrap_len;
970 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
971
972 if (!wpa_s->dpp)
973 return;
974
975 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
976 MAC2STR(src));
977
978 #ifdef CONFIG_DPP2
979 wpas_dpp_chirp_stop(wpa_s);
980 #endif /* CONFIG_DPP2 */
981
982 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
983 &r_bootstrap_len);
984 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
985 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
986 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
987 return;
988 }
989 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
990 r_bootstrap, r_bootstrap_len);
991
992 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
993 &i_bootstrap_len);
994 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
995 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
996 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
997 return;
998 }
999 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
1000 i_bootstrap, i_bootstrap_len);
1001
1002 /* Try to find own and peer bootstrapping key matches based on the
1003 * received hash values */
1004 dpp_bootstrap_find_pair(wpa_s->dpp, i_bootstrap, r_bootstrap,
1005 &own_bi, &peer_bi);
1006 if (!own_bi) {
1007 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1008 "No matching own bootstrapping key found - ignore message");
1009 return;
1010 }
1011
1012 if (wpa_s->dpp_auth) {
1013 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1014 "Already in DPP authentication exchange - ignore new one");
1015 return;
1016 }
1017
1018 wpa_s->dpp_gas_client = 0;
1019 wpa_s->dpp_auth_ok_on_ack = 0;
1020 wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s->dpp, wpa_s,
1021 wpa_s->dpp_allowed_roles,
1022 wpa_s->dpp_qr_mutual,
1023 peer_bi, own_bi, freq, hdr, buf, len);
1024 if (!wpa_s->dpp_auth) {
1025 wpa_printf(MSG_DEBUG, "DPP: No response generated");
1026 return;
1027 }
1028 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
1029 if (dpp_set_configurator(wpa_s->dpp_auth,
1030 wpa_s->dpp_configurator_params) < 0) {
1031 dpp_auth_deinit(wpa_s->dpp_auth);
1032 wpa_s->dpp_auth = NULL;
1033 return;
1034 }
1035 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
1036
1037 if (wpa_s->dpp_listen_freq &&
1038 wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) {
1039 wpa_printf(MSG_DEBUG,
1040 "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
1041 wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq);
1042 wpas_dpp_listen_stop(wpa_s);
1043 }
1044
1045 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1046 MAC2STR(src), wpa_s->dpp_auth->curr_freq,
1047 DPP_PA_AUTHENTICATION_RESP);
1048 offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
1049 src, wpa_s->own_addr, broadcast,
1050 wpabuf_head(wpa_s->dpp_auth->resp_msg),
1051 wpabuf_len(wpa_s->dpp_auth->resp_msg),
1052 500, wpas_dpp_tx_status, 0);
1053 }
1054
1055
1056 static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
1057 {
1058 /* TODO: stop wait and start ROC */
1059 }
1060
1061
1062 static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
1063 struct dpp_authentication *auth,
1064 struct dpp_config_obj *conf)
1065 {
1066 struct wpa_ssid *ssid;
1067
1068 #ifdef CONFIG_DPP2
1069 if (conf->akm == DPP_AKM_SAE) {
1070 #ifdef CONFIG_SAE
1071 struct wpa_driver_capa capa;
1072 int res;
1073
1074 res = wpa_drv_get_capa(wpa_s, &capa);
1075 if (res == 0 &&
1076 !(capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SAE) &&
1077 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
1078 wpa_printf(MSG_DEBUG,
1079 "DPP: SAE not supported by the driver");
1080 return NULL;
1081 }
1082 #else /* CONFIG_SAE */
1083 wpa_printf(MSG_DEBUG, "DPP: SAE not supported in the build");
1084 return NULL;
1085 #endif /* CONFIG_SAE */
1086 }
1087 #endif /* CONFIG_DPP2 */
1088
1089 ssid = wpa_config_add_network(wpa_s->conf);
1090 if (!ssid)
1091 return NULL;
1092 wpas_notify_network_added(wpa_s, ssid);
1093 wpa_config_set_network_defaults(ssid);
1094 ssid->disabled = 1;
1095
1096 ssid->ssid = os_malloc(conf->ssid_len);
1097 if (!ssid->ssid)
1098 goto fail;
1099 os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);
1100 ssid->ssid_len = conf->ssid_len;
1101
1102 if (conf->connector) {
1103 if (dpp_akm_dpp(conf->akm)) {
1104 ssid->key_mgmt = WPA_KEY_MGMT_DPP;
1105 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
1106 }
1107 ssid->dpp_connector = os_strdup(conf->connector);
1108 if (!ssid->dpp_connector)
1109 goto fail;
1110 }
1111
1112 if (conf->c_sign_key) {
1113 ssid->dpp_csign = os_malloc(wpabuf_len(conf->c_sign_key));
1114 if (!ssid->dpp_csign)
1115 goto fail;
1116 os_memcpy(ssid->dpp_csign, wpabuf_head(conf->c_sign_key),
1117 wpabuf_len(conf->c_sign_key));
1118 ssid->dpp_csign_len = wpabuf_len(conf->c_sign_key);
1119 }
1120
1121 if (auth->net_access_key) {
1122 ssid->dpp_netaccesskey =
1123 os_malloc(wpabuf_len(auth->net_access_key));
1124 if (!ssid->dpp_netaccesskey)
1125 goto fail;
1126 os_memcpy(ssid->dpp_netaccesskey,
1127 wpabuf_head(auth->net_access_key),
1128 wpabuf_len(auth->net_access_key));
1129 ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key);
1130 ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry;
1131 }
1132
1133 if (!conf->connector || dpp_akm_psk(conf->akm) ||
1134 dpp_akm_sae(conf->akm)) {
1135 if (!conf->connector || !dpp_akm_dpp(conf->akm))
1136 ssid->key_mgmt = 0;
1137 if (dpp_akm_psk(conf->akm))
1138 ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
1139 WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK;
1140 if (dpp_akm_sae(conf->akm))
1141 ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
1142 WPA_KEY_MGMT_FT_SAE;
1143 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
1144 if (conf->passphrase[0]) {
1145 if (wpa_config_set_quoted(ssid, "psk",
1146 conf->passphrase) < 0)
1147 goto fail;
1148 wpa_config_update_psk(ssid);
1149 ssid->export_keys = 1;
1150 } else {
1151 ssid->psk_set = conf->psk_set;
1152 os_memcpy(ssid->psk, conf->psk, PMK_LEN);
1153 }
1154 }
1155
1156 os_memcpy(wpa_s->dpp_last_ssid, conf->ssid, conf->ssid_len);
1157 wpa_s->dpp_last_ssid_len = conf->ssid_len;
1158
1159 return ssid;
1160 fail:
1161 wpas_notify_network_removed(wpa_s, ssid);
1162 wpa_config_remove_network(wpa_s->conf, ssid->id);
1163 return NULL;
1164 }
1165
1166
1167 static int wpas_dpp_process_config(struct wpa_supplicant *wpa_s,
1168 struct dpp_authentication *auth,
1169 struct dpp_config_obj *conf)
1170 {
1171 struct wpa_ssid *ssid;
1172
1173 if (wpa_s->conf->dpp_config_processing < 1)
1174 return 0;
1175
1176 ssid = wpas_dpp_add_network(wpa_s, auth, conf);
1177 if (!ssid)
1178 return -1;
1179
1180 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id);
1181 if (wpa_s->conf->dpp_config_processing == 2)
1182 ssid->disabled = 0;
1183
1184 #ifndef CONFIG_NO_CONFIG_WRITE
1185 if (wpa_s->conf->update_config &&
1186 wpa_config_write(wpa_s->confname, wpa_s->conf))
1187 wpa_printf(MSG_DEBUG, "DPP: Failed to update configuration");
1188 #endif /* CONFIG_NO_CONFIG_WRITE */
1189
1190 return 0;
1191 }
1192
1193
1194 static void wpas_dpp_post_process_config(struct wpa_supplicant *wpa_s,
1195 struct dpp_authentication *auth)
1196 {
1197 if (wpa_s->conf->dpp_config_processing < 2)
1198 return;
1199
1200 #ifdef CONFIG_DPP2
1201 if (auth->peer_version >= 2) {
1202 wpa_printf(MSG_DEBUG,
1203 "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result");
1204 auth->connect_on_tx_status = 1;
1205 return;
1206 }
1207 #endif /* CONFIG_DPP2 */
1208
1209 wpas_dpp_try_to_connect(wpa_s);
1210 }
1211
1212
1213 static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
1214 struct dpp_authentication *auth,
1215 struct dpp_config_obj *conf)
1216 {
1217 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1218 if (conf->ssid_len)
1219 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
1220 wpa_ssid_txt(conf->ssid, conf->ssid_len));
1221 if (conf->ssid_charset)
1222 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID_CHARSET "%d",
1223 conf->ssid_charset);
1224 if (conf->connector) {
1225 /* TODO: Save the Connector and consider using a command
1226 * to fetch the value instead of sending an event with
1227 * it. The Connector could end up being larger than what
1228 * most clients are ready to receive as an event
1229 * message. */
1230 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
1231 conf->connector);
1232 }
1233 if (conf->c_sign_key) {
1234 char *hex;
1235 size_t hexlen;
1236
1237 hexlen = 2 * wpabuf_len(conf->c_sign_key) + 1;
1238 hex = os_malloc(hexlen);
1239 if (hex) {
1240 wpa_snprintf_hex(hex, hexlen,
1241 wpabuf_head(conf->c_sign_key),
1242 wpabuf_len(conf->c_sign_key));
1243 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
1244 hex);
1245 os_free(hex);
1246 }
1247 }
1248 if (auth->net_access_key) {
1249 char *hex;
1250 size_t hexlen;
1251
1252 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
1253 hex = os_malloc(hexlen);
1254 if (hex) {
1255 wpa_snprintf_hex(hex, hexlen,
1256 wpabuf_head(auth->net_access_key),
1257 wpabuf_len(auth->net_access_key));
1258 if (auth->net_access_key_expiry)
1259 wpa_msg(wpa_s, MSG_INFO,
1260 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
1261 (long unsigned)
1262 auth->net_access_key_expiry);
1263 else
1264 wpa_msg(wpa_s, MSG_INFO,
1265 DPP_EVENT_NET_ACCESS_KEY "%s", hex);
1266 os_free(hex);
1267 }
1268 }
1269
1270 return wpas_dpp_process_config(wpa_s, auth, conf);
1271 }
1272
1273
1274 static int wpas_dpp_handle_key_pkg(struct wpa_supplicant *wpa_s,
1275 struct dpp_asymmetric_key *key)
1276 {
1277 #ifdef CONFIG_DPP2
1278 int res;
1279
1280 if (!key)
1281 return 0;
1282
1283 wpa_printf(MSG_DEBUG, "DPP: Received Configurator backup");
1284 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1285
1286 while (key) {
1287 res = dpp_configurator_from_backup(wpa_s->dpp, key);
1288 if (res < 0)
1289 return -1;
1290 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFIGURATOR_ID "%d",
1291 res);
1292 key = key->next;
1293 }
1294 #endif /* CONFIG_DPP2 */
1295
1296 return 0;
1297 }
1298
1299
1300 static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
1301 enum gas_query_result result,
1302 const struct wpabuf *adv_proto,
1303 const struct wpabuf *resp, u16 status_code)
1304 {
1305 struct wpa_supplicant *wpa_s = ctx;
1306 const u8 *pos;
1307 struct dpp_authentication *auth = wpa_s->dpp_auth;
1308 int res;
1309 enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED;
1310 unsigned int i;
1311
1312 wpa_s->dpp_gas_dialog_token = -1;
1313
1314 if (!auth || !auth->auth_success) {
1315 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1316 return;
1317 }
1318 if (result != GAS_QUERY_SUCCESS ||
1319 !resp || status_code != WLAN_STATUS_SUCCESS) {
1320 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
1321 goto fail;
1322 }
1323
1324 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
1325 adv_proto);
1326 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
1327 resp);
1328
1329 if (wpabuf_len(adv_proto) != 10 ||
1330 !(pos = wpabuf_head(adv_proto)) ||
1331 pos[0] != WLAN_EID_ADV_PROTO ||
1332 pos[1] != 8 ||
1333 pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
1334 pos[4] != 5 ||
1335 WPA_GET_BE24(&pos[5]) != OUI_WFA ||
1336 pos[8] != 0x1a ||
1337 pos[9] != 1) {
1338 wpa_printf(MSG_DEBUG,
1339 "DPP: Not a DPP Advertisement Protocol ID");
1340 goto fail;
1341 }
1342
1343 if (dpp_conf_resp_rx(auth, resp) < 0) {
1344 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
1345 goto fail;
1346 }
1347
1348 for (i = 0; i < auth->num_conf_obj; i++) {
1349 res = wpas_dpp_handle_config_obj(wpa_s, auth,
1350 &auth->conf_obj[i]);
1351 if (res < 0)
1352 goto fail;
1353 }
1354 if (auth->num_conf_obj)
1355 wpas_dpp_post_process_config(wpa_s, auth);
1356 if (wpas_dpp_handle_key_pkg(wpa_s, auth->conf_key_pkg) < 0)
1357 goto fail;
1358
1359 status = DPP_STATUS_OK;
1360 #ifdef CONFIG_TESTING_OPTIONS
1361 if (dpp_test == DPP_TEST_REJECT_CONFIG) {
1362 wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object");
1363 status = DPP_STATUS_CONFIG_REJECTED;
1364 }
1365 #endif /* CONFIG_TESTING_OPTIONS */
1366 fail:
1367 if (status != DPP_STATUS_OK)
1368 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1369 #ifdef CONFIG_DPP2
1370 if (auth->peer_version >= 2 &&
1371 auth->conf_resp_status == DPP_STATUS_OK) {
1372 struct wpabuf *msg;
1373
1374 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
1375 msg = dpp_build_conf_result(auth, status);
1376 if (!msg)
1377 goto fail2;
1378
1379 wpa_msg(wpa_s, MSG_INFO,
1380 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1381 MAC2STR(addr), auth->curr_freq,
1382 DPP_PA_CONFIGURATION_RESULT);
1383 offchannel_send_action(wpa_s, auth->curr_freq,
1384 addr, wpa_s->own_addr, broadcast,
1385 wpabuf_head(msg),
1386 wpabuf_len(msg),
1387 500, wpas_dpp_tx_status, 0);
1388 wpabuf_free(msg);
1389
1390 /* This exchange will be terminated in the TX status handler */
1391 return;
1392 }
1393 fail2:
1394 #endif /* CONFIG_DPP2 */
1395 dpp_auth_deinit(wpa_s->dpp_auth);
1396 wpa_s->dpp_auth = NULL;
1397 }
1398
1399
1400 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
1401 {
1402 struct dpp_authentication *auth = wpa_s->dpp_auth;
1403 struct wpabuf *buf;
1404 int res;
1405 int *supp_op_classes;
1406
1407 wpa_s->dpp_gas_client = 1;
1408 offchannel_send_action_done(wpa_s);
1409 wpas_dpp_listen_stop(wpa_s);
1410
1411 supp_op_classes = wpas_supp_op_classes(wpa_s);
1412 buf = dpp_build_conf_req_helper(auth, wpa_s->conf->dpp_name,
1413 wpa_s->dpp_netrole,
1414 wpa_s->conf->dpp_mud_url,
1415 supp_op_classes);
1416 os_free(supp_op_classes);
1417 if (!buf) {
1418 wpa_printf(MSG_DEBUG,
1419 "DPP: No configuration request data available");
1420 return;
1421 }
1422
1423 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
1424 MAC2STR(auth->peer_mac_addr), auth->curr_freq);
1425
1426 res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
1427 1, buf, wpas_dpp_gas_resp_cb, wpa_s);
1428 if (res < 0) {
1429 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
1430 wpabuf_free(buf);
1431 } else {
1432 wpa_printf(MSG_DEBUG,
1433 "DPP: GAS query started with dialog token %u", res);
1434 wpa_s->dpp_gas_dialog_token = res;
1435 }
1436 }
1437
1438
1439 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
1440 {
1441 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
1442 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d", initiator);
1443 #ifdef CONFIG_TESTING_OPTIONS
1444 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
1445 wpa_printf(MSG_INFO,
1446 "DPP: TESTING - stop at Authentication Confirm");
1447 if (wpa_s->dpp_auth->configurator) {
1448 /* Prevent GAS response */
1449 wpa_s->dpp_auth->auth_success = 0;
1450 }
1451 return;
1452 }
1453 #endif /* CONFIG_TESTING_OPTIONS */
1454
1455 if (wpa_s->dpp_auth->configurator)
1456 wpas_dpp_start_gas_server(wpa_s);
1457 else
1458 wpas_dpp_start_gas_client(wpa_s);
1459 }
1460
1461
1462 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1463 const u8 *hdr, const u8 *buf, size_t len,
1464 unsigned int freq)
1465 {
1466 struct dpp_authentication *auth = wpa_s->dpp_auth;
1467 struct wpabuf *msg;
1468
1469 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR
1470 " (freq %u MHz)", MAC2STR(src), freq);
1471
1472 if (!auth) {
1473 wpa_printf(MSG_DEBUG,
1474 "DPP: No DPP Authentication in progress - drop");
1475 return;
1476 }
1477
1478 if (!is_zero_ether_addr(auth->peer_mac_addr) &&
1479 os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1480 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1481 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1482 return;
1483 }
1484
1485 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
1486
1487 if (auth->curr_freq != freq && auth->neg_freq == freq) {
1488 wpa_printf(MSG_DEBUG,
1489 "DPP: Responder accepted request for different negotiation channel");
1490 auth->curr_freq = freq;
1491 }
1492
1493 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
1494 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
1495 if (!msg) {
1496 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
1497 wpa_printf(MSG_DEBUG,
1498 "DPP: Start wait for full response");
1499 offchannel_send_action_done(wpa_s);
1500 wpas_dpp_listen_start(wpa_s, auth->curr_freq);
1501 return;
1502 }
1503 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
1504 return;
1505 }
1506 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
1507
1508 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1509 MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF);
1510 offchannel_send_action(wpa_s, auth->curr_freq,
1511 src, wpa_s->own_addr, broadcast,
1512 wpabuf_head(msg), wpabuf_len(msg),
1513 500, wpas_dpp_tx_status, 0);
1514 wpabuf_free(msg);
1515 wpa_s->dpp_auth_ok_on_ack = 1;
1516 }
1517
1518
1519 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
1520 const u8 *hdr, const u8 *buf, size_t len)
1521 {
1522 struct dpp_authentication *auth = wpa_s->dpp_auth;
1523
1524 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
1525 MAC2STR(src));
1526
1527 if (!auth) {
1528 wpa_printf(MSG_DEBUG,
1529 "DPP: No DPP Authentication in progress - drop");
1530 return;
1531 }
1532
1533 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1534 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1535 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1536 return;
1537 }
1538
1539 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
1540 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
1541 return;
1542 }
1543
1544 wpas_dpp_auth_success(wpa_s, 0);
1545 }
1546
1547
1548 #ifdef CONFIG_DPP2
1549
1550 static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx,
1551 void *timeout_ctx)
1552 {
1553 struct wpa_supplicant *wpa_s = eloop_ctx;
1554 struct dpp_authentication *auth = wpa_s->dpp_auth;
1555
1556 if (!auth || !auth->waiting_conf_result)
1557 return;
1558
1559 wpa_printf(MSG_DEBUG,
1560 "DPP: Timeout while waiting for Configuration Result");
1561 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1562 dpp_auth_deinit(auth);
1563 wpa_s->dpp_auth = NULL;
1564 }
1565
1566
1567 static void wpas_dpp_conn_status_result_wait_timeout(void *eloop_ctx,
1568 void *timeout_ctx)
1569 {
1570 struct wpa_supplicant *wpa_s = eloop_ctx;
1571 struct dpp_authentication *auth = wpa_s->dpp_auth;
1572
1573 if (!auth || !auth->waiting_conn_status_result)
1574 return;
1575
1576 wpa_printf(MSG_DEBUG,
1577 "DPP: Timeout while waiting for Connection Status Result");
1578 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT "timeout");
1579 wpas_dpp_listen_stop(wpa_s);
1580 dpp_auth_deinit(auth);
1581 wpa_s->dpp_auth = NULL;
1582 }
1583
1584
1585 static void wpas_dpp_rx_conf_result(struct wpa_supplicant *wpa_s, const u8 *src,
1586 const u8 *hdr, const u8 *buf, size_t len)
1587 {
1588 struct dpp_authentication *auth = wpa_s->dpp_auth;
1589 enum dpp_status_error status;
1590
1591 wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR,
1592 MAC2STR(src));
1593
1594 if (!auth || !auth->waiting_conf_result) {
1595 wpa_printf(MSG_DEBUG,
1596 "DPP: No DPP Configuration waiting for result - drop");
1597 return;
1598 }
1599
1600 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1601 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1602 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1603 return;
1604 }
1605
1606 status = dpp_conf_result_rx(auth, hdr, buf, len);
1607
1608 if (status == DPP_STATUS_OK && auth->send_conn_status) {
1609 wpa_msg(wpa_s, MSG_INFO,
1610 DPP_EVENT_CONF_SENT "wait_conn_status=1");
1611 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result");
1612 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
1613 wpa_s, NULL);
1614 auth->waiting_conn_status_result = 1;
1615 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
1616 wpa_s, NULL);
1617 eloop_register_timeout(16, 0,
1618 wpas_dpp_conn_status_result_wait_timeout,
1619 wpa_s, NULL);
1620 offchannel_send_action_done(wpa_s);
1621 wpas_dpp_listen_start(wpa_s, auth->neg_freq ? auth->neg_freq :
1622 auth->curr_freq);
1623 return;
1624 }
1625 offchannel_send_action_done(wpa_s);
1626 wpas_dpp_listen_stop(wpa_s);
1627 if (status == DPP_STATUS_OK)
1628 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
1629 else
1630 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1631 dpp_auth_deinit(auth);
1632 wpa_s->dpp_auth = NULL;
1633 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
1634 }
1635
1636
1637 static void wpas_dpp_rx_conn_status_result(struct wpa_supplicant *wpa_s,
1638 const u8 *src, const u8 *hdr,
1639 const u8 *buf, size_t len)
1640 {
1641 struct dpp_authentication *auth = wpa_s->dpp_auth;
1642 enum dpp_status_error status;
1643 u8 ssid[SSID_MAX_LEN];
1644 size_t ssid_len = 0;
1645 char *channel_list = NULL;
1646
1647 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result");
1648
1649 if (!auth || !auth->waiting_conn_status_result) {
1650 wpa_printf(MSG_DEBUG,
1651 "DPP: No DPP Configuration waiting for connection status result - drop");
1652 return;
1653 }
1654
1655 status = dpp_conn_status_result_rx(auth, hdr, buf, len,
1656 ssid, &ssid_len, &channel_list);
1657 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT
1658 "result=%d ssid=%s channel_list=%s",
1659 status, wpa_ssid_txt(ssid, ssid_len),
1660 channel_list ? channel_list : "N/A");
1661 os_free(channel_list);
1662 offchannel_send_action_done(wpa_s);
1663 wpas_dpp_listen_stop(wpa_s);
1664 dpp_auth_deinit(auth);
1665 wpa_s->dpp_auth = NULL;
1666 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
1667 wpa_s, NULL);
1668 }
1669
1670
1671 static int wpas_dpp_process_conf_obj(void *ctx,
1672 struct dpp_authentication *auth)
1673 {
1674 struct wpa_supplicant *wpa_s = ctx;
1675 unsigned int i;
1676 int res = -1;
1677
1678 for (i = 0; i < auth->num_conf_obj; i++) {
1679 res = wpas_dpp_handle_config_obj(wpa_s, auth,
1680 &auth->conf_obj[i]);
1681 if (res)
1682 break;
1683 }
1684 if (!res)
1685 wpas_dpp_post_process_config(wpa_s, auth);
1686
1687 return res;
1688 }
1689
1690
1691 static void wpas_dpp_remove_bi(void *ctx, struct dpp_bootstrap_info *bi)
1692 {
1693 struct wpa_supplicant *wpa_s = ctx;
1694
1695 if (bi == wpa_s->dpp_chirp_bi)
1696 wpas_dpp_chirp_stop(wpa_s);
1697 }
1698
1699
1700 static void
1701 wpas_dpp_rx_presence_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
1702 const u8 *hdr, const u8 *buf, size_t len,
1703 unsigned int freq)
1704 {
1705 const u8 *r_bootstrap;
1706 u16 r_bootstrap_len;
1707 struct dpp_bootstrap_info *peer_bi;
1708 struct dpp_authentication *auth;
1709
1710 if (!wpa_s->dpp)
1711 return;
1712
1713 if (wpa_s->dpp_auth) {
1714 wpa_printf(MSG_DEBUG,
1715 "DPP: Ignore Presence Announcement during ongoing Authentication");
1716 return;
1717 }
1718
1719 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement from " MACSTR,
1720 MAC2STR(src));
1721
1722 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
1723 &r_bootstrap_len);
1724 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
1725 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1726 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
1727 return;
1728 }
1729 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
1730 r_bootstrap, r_bootstrap_len);
1731 peer_bi = dpp_bootstrap_find_chirp(wpa_s->dpp, r_bootstrap);
1732 if (!peer_bi) {
1733 wpa_printf(MSG_DEBUG,
1734 "DPP: No matching bootstrapping information found");
1735 return;
1736 }
1737
1738 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, NULL,
1739 DPP_CAPAB_CONFIGURATOR, freq, NULL, 0);
1740 if (!auth)
1741 return;
1742 wpas_dpp_set_testing_options(wpa_s, auth);
1743 if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
1744 dpp_auth_deinit(auth);
1745 return;
1746 }
1747
1748 auth->neg_freq = freq;
1749
1750 if (!is_zero_ether_addr(peer_bi->mac_addr))
1751 os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN);
1752
1753 wpa_s->dpp_auth = auth;
1754 if (wpas_dpp_auth_init_next(wpa_s) < 0) {
1755 dpp_auth_deinit(wpa_s->dpp_auth);
1756 wpa_s->dpp_auth = NULL;
1757 }
1758 }
1759
1760 #endif /* CONFIG_DPP2 */
1761
1762
1763 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
1764 const u8 *src,
1765 const u8 *buf, size_t len)
1766 {
1767 struct wpa_ssid *ssid;
1768 const u8 *connector, *trans_id, *status;
1769 u16 connector_len, trans_id_len, status_len;
1770 struct dpp_introduction intro;
1771 struct rsn_pmksa_cache_entry *entry;
1772 struct os_time now;
1773 struct os_reltime rnow;
1774 os_time_t expiry;
1775 unsigned int seconds;
1776 enum dpp_status_error res;
1777
1778 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
1779 MAC2STR(src));
1780 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
1781 os_memcmp(src, wpa_s->dpp_intro_bssid, ETH_ALEN) != 0) {
1782 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
1783 MACSTR " - drop", MAC2STR(src));
1784 return;
1785 }
1786 offchannel_send_action_done(wpa_s);
1787
1788 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1789 if (ssid == wpa_s->dpp_intro_network)
1790 break;
1791 }
1792 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
1793 !ssid->dpp_csign) {
1794 wpa_printf(MSG_DEBUG,
1795 "DPP: Profile not found for network introduction");
1796 return;
1797 }
1798
1799 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
1800 &trans_id_len);
1801 if (!trans_id || trans_id_len != 1) {
1802 wpa_printf(MSG_DEBUG,
1803 "DPP: Peer did not include Transaction ID");
1804 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1805 " fail=missing_transaction_id", MAC2STR(src));
1806 goto fail;
1807 }
1808 if (trans_id[0] != TRANSACTION_ID) {
1809 wpa_printf(MSG_DEBUG,
1810 "DPP: Ignore frame with unexpected Transaction ID %u",
1811 trans_id[0]);
1812 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1813 " fail=transaction_id_mismatch", MAC2STR(src));
1814 goto fail;
1815 }
1816
1817 status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len);
1818 if (!status || status_len != 1) {
1819 wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status");
1820 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1821 " fail=missing_status", MAC2STR(src));
1822 goto fail;
1823 }
1824 if (status[0] != DPP_STATUS_OK) {
1825 wpa_printf(MSG_DEBUG,
1826 "DPP: Peer rejected network introduction: Status %u",
1827 status[0]);
1828 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1829 " status=%u", MAC2STR(src), status[0]);
1830 #ifdef CONFIG_DPP2
1831 wpas_dpp_send_conn_status_result(wpa_s, status[0]);
1832 #endif /* CONFIG_DPP2 */
1833 goto fail;
1834 }
1835
1836 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
1837 if (!connector) {
1838 wpa_printf(MSG_DEBUG,
1839 "DPP: Peer did not include its Connector");
1840 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1841 " fail=missing_connector", MAC2STR(src));
1842 goto fail;
1843 }
1844
1845 res = dpp_peer_intro(&intro, ssid->dpp_connector,
1846 ssid->dpp_netaccesskey,
1847 ssid->dpp_netaccesskey_len,
1848 ssid->dpp_csign,
1849 ssid->dpp_csign_len,
1850 connector, connector_len, &expiry);
1851 if (res != DPP_STATUS_OK) {
1852 wpa_printf(MSG_INFO,
1853 "DPP: Network Introduction protocol resulted in failure");
1854 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1855 " fail=peer_connector_validation_failed", MAC2STR(src));
1856 #ifdef CONFIG_DPP2
1857 wpas_dpp_send_conn_status_result(wpa_s, res);
1858 #endif /* CONFIG_DPP2 */
1859 goto fail;
1860 }
1861
1862 entry = os_zalloc(sizeof(*entry));
1863 if (!entry)
1864 goto fail;
1865 os_memcpy(entry->aa, src, ETH_ALEN);
1866 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
1867 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
1868 entry->pmk_len = intro.pmk_len;
1869 entry->akmp = WPA_KEY_MGMT_DPP;
1870 if (expiry) {
1871 os_get_time(&now);
1872 seconds = expiry - now.sec;
1873 } else {
1874 seconds = 86400 * 7;
1875 }
1876 os_get_reltime(&rnow);
1877 entry->expiration = rnow.sec + seconds;
1878 entry->reauth_time = rnow.sec + seconds;
1879 entry->network_ctx = ssid;
1880 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
1881
1882 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1883 " status=%u", MAC2STR(src), status[0]);
1884
1885 wpa_printf(MSG_DEBUG,
1886 "DPP: Try connection again after successful network introduction");
1887 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
1888 wpa_supplicant_cancel_sched_scan(wpa_s);
1889 wpa_supplicant_req_scan(wpa_s, 0, 0);
1890 }
1891 fail:
1892 os_memset(&intro, 0, sizeof(intro));
1893 }
1894
1895
1896 static int wpas_dpp_allow_ir(struct wpa_supplicant *wpa_s, unsigned int freq)
1897 {
1898 int i, j;
1899
1900 if (!wpa_s->hw.modes)
1901 return -1;
1902
1903 for (i = 0; i < wpa_s->hw.num_modes; i++) {
1904 struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
1905
1906 for (j = 0; j < mode->num_channels; j++) {
1907 struct hostapd_channel_data *chan = &mode->channels[j];
1908
1909 if (chan->freq != (int) freq)
1910 continue;
1911
1912 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
1913 HOSTAPD_CHAN_NO_IR |
1914 HOSTAPD_CHAN_RADAR))
1915 continue;
1916
1917 return 1;
1918 }
1919 }
1920
1921 wpa_printf(MSG_DEBUG,
1922 "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list",
1923 freq);
1924
1925 return 0;
1926 }
1927
1928
1929 static int wpas_dpp_pkex_next_channel(struct wpa_supplicant *wpa_s,
1930 struct dpp_pkex *pkex)
1931 {
1932 if (pkex->freq == 2437)
1933 pkex->freq = 5745;
1934 else if (pkex->freq == 5745)
1935 pkex->freq = 5220;
1936 else if (pkex->freq == 5220)
1937 pkex->freq = 60480;
1938 else
1939 return -1; /* no more channels to try */
1940
1941 if (wpas_dpp_allow_ir(wpa_s, pkex->freq) == 1) {
1942 wpa_printf(MSG_DEBUG, "DPP: Try to initiate on %u MHz",
1943 pkex->freq);
1944 return 0;
1945 }
1946
1947 /* Could not use this channel - try the next one */
1948 return wpas_dpp_pkex_next_channel(wpa_s, pkex);
1949 }
1950
1951
1952 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx)
1953 {
1954 struct wpa_supplicant *wpa_s = eloop_ctx;
1955 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1956
1957 if (!pkex || !pkex->exchange_req)
1958 return;
1959 if (pkex->exch_req_tries >= 5) {
1960 if (wpas_dpp_pkex_next_channel(wpa_s, pkex) < 0) {
1961 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1962 "No response from PKEX peer");
1963 dpp_pkex_free(pkex);
1964 wpa_s->dpp_pkex = NULL;
1965 return;
1966 }
1967 pkex->exch_req_tries = 0;
1968 }
1969
1970 pkex->exch_req_tries++;
1971 wpa_printf(MSG_DEBUG, "DPP: Retransmit PKEX Exchange Request (try %u)",
1972 pkex->exch_req_tries);
1973 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1974 MAC2STR(broadcast), pkex->freq, DPP_PA_PKEX_EXCHANGE_REQ);
1975 offchannel_send_action(wpa_s, pkex->freq, broadcast,
1976 wpa_s->own_addr, broadcast,
1977 wpabuf_head(pkex->exchange_req),
1978 wpabuf_len(pkex->exchange_req),
1979 pkex->exch_req_wait_time,
1980 wpas_dpp_tx_pkex_status, 0);
1981 }
1982
1983
1984 static void
1985 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
1986 unsigned int freq, const u8 *dst,
1987 const u8 *src, const u8 *bssid,
1988 const u8 *data, size_t data_len,
1989 enum offchannel_send_action_result result)
1990 {
1991 const char *res_txt;
1992 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1993
1994 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
1995 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
1996 "FAILED");
1997 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
1998 " result=%s (PKEX)",
1999 freq, MAC2STR(dst), res_txt);
2000 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
2001 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
2002
2003 if (!pkex) {
2004 wpa_printf(MSG_DEBUG,
2005 "DPP: Ignore TX status since there is no ongoing PKEX exchange");
2006 return;
2007 }
2008
2009 if (pkex->failed) {
2010 wpa_printf(MSG_DEBUG,
2011 "DPP: Terminate PKEX exchange due to an earlier error");
2012 if (pkex->t > pkex->own_bi->pkex_t)
2013 pkex->own_bi->pkex_t = pkex->t;
2014 dpp_pkex_free(pkex);
2015 wpa_s->dpp_pkex = NULL;
2016 return;
2017 }
2018
2019 if (pkex->exch_req_wait_time && pkex->exchange_req) {
2020 /* Wait for PKEX Exchange Response frame and retry request if
2021 * no response is seen. */
2022 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
2023 eloop_register_timeout(pkex->exch_req_wait_time / 1000,
2024 (pkex->exch_req_wait_time % 1000) * 1000,
2025 wpas_dpp_pkex_retry_timeout, wpa_s,
2026 NULL);
2027 }
2028 }
2029
2030
2031 static void
2032 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
2033 const u8 *buf, size_t len, unsigned int freq)
2034 {
2035 struct wpabuf *msg;
2036 unsigned int wait_time;
2037
2038 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
2039 MAC2STR(src));
2040
2041 /* TODO: Support multiple PKEX codes by iterating over all the enabled
2042 * values here */
2043
2044 if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) {
2045 wpa_printf(MSG_DEBUG,
2046 "DPP: No PKEX code configured - ignore request");
2047 return;
2048 }
2049
2050 if (wpa_s->dpp_pkex) {
2051 /* TODO: Support parallel operations */
2052 wpa_printf(MSG_DEBUG,
2053 "DPP: Already in PKEX session - ignore new request");
2054 return;
2055 }
2056
2057 wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi,
2058 wpa_s->own_addr, src,
2059 wpa_s->dpp_pkex_identifier,
2060 wpa_s->dpp_pkex_code,
2061 buf, len);
2062 if (!wpa_s->dpp_pkex) {
2063 wpa_printf(MSG_DEBUG,
2064 "DPP: Failed to process the request - ignore it");
2065 return;
2066 }
2067
2068 msg = wpa_s->dpp_pkex->exchange_resp;
2069 wait_time = wpa_s->max_remain_on_chan;
2070 if (wait_time > 2000)
2071 wait_time = 2000;
2072 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2073 MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP);
2074 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
2075 broadcast,
2076 wpabuf_head(msg), wpabuf_len(msg),
2077 wait_time, wpas_dpp_tx_pkex_status, 0);
2078 }
2079
2080
2081 static void
2082 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2083 const u8 *buf, size_t len, unsigned int freq)
2084 {
2085 struct wpabuf *msg;
2086 unsigned int wait_time;
2087
2088 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
2089 MAC2STR(src));
2090
2091 /* TODO: Support multiple PKEX codes by iterating over all the enabled
2092 * values here */
2093
2094 if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator ||
2095 wpa_s->dpp_pkex->exchange_done) {
2096 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
2097 return;
2098 }
2099
2100 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
2101 wpa_s->dpp_pkex->exch_req_wait_time = 0;
2102
2103 msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, src, buf, len);
2104 if (!msg) {
2105 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
2106 return;
2107 }
2108
2109 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
2110 MAC2STR(src));
2111
2112 wait_time = wpa_s->max_remain_on_chan;
2113 if (wait_time > 2000)
2114 wait_time = 2000;
2115 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2116 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ);
2117 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
2118 broadcast,
2119 wpabuf_head(msg), wpabuf_len(msg),
2120 wait_time, wpas_dpp_tx_pkex_status, 0);
2121 wpabuf_free(msg);
2122 }
2123
2124
2125 static struct dpp_bootstrap_info *
2126 wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer,
2127 unsigned int freq)
2128 {
2129 struct dpp_bootstrap_info *bi;
2130
2131 bi = dpp_pkex_finish(wpa_s->dpp, wpa_s->dpp_pkex, peer, freq);
2132 if (!bi)
2133 return NULL;
2134 wpa_s->dpp_pkex = NULL;
2135 return bi;
2136 }
2137
2138
2139 static void
2140 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
2141 const u8 *hdr, const u8 *buf, size_t len,
2142 unsigned int freq)
2143 {
2144 struct wpabuf *msg;
2145 unsigned int wait_time;
2146 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
2147
2148 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
2149 MAC2STR(src));
2150
2151 if (!pkex || pkex->initiator || !pkex->exchange_done) {
2152 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
2153 return;
2154 }
2155
2156 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
2157 if (!msg) {
2158 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
2159 if (pkex->failed) {
2160 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
2161 if (pkex->t > pkex->own_bi->pkex_t)
2162 pkex->own_bi->pkex_t = pkex->t;
2163 dpp_pkex_free(wpa_s->dpp_pkex);
2164 wpa_s->dpp_pkex = NULL;
2165 }
2166 return;
2167 }
2168
2169 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
2170 MACSTR, MAC2STR(src));
2171
2172 wait_time = wpa_s->max_remain_on_chan;
2173 if (wait_time > 2000)
2174 wait_time = 2000;
2175 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2176 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP);
2177 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
2178 broadcast,
2179 wpabuf_head(msg), wpabuf_len(msg),
2180 wait_time, wpas_dpp_tx_pkex_status, 0);
2181 wpabuf_free(msg);
2182
2183 wpas_dpp_pkex_finish(wpa_s, src, freq);
2184 }
2185
2186
2187 static void
2188 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2189 const u8 *hdr, const u8 *buf, size_t len,
2190 unsigned int freq)
2191 {
2192 int res;
2193 struct dpp_bootstrap_info *bi;
2194 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
2195 char cmd[500];
2196
2197 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
2198 MAC2STR(src));
2199
2200 if (!pkex || !pkex->initiator || !pkex->exchange_done) {
2201 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
2202 return;
2203 }
2204
2205 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
2206 if (res < 0) {
2207 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
2208 return;
2209 }
2210
2211 bi = wpas_dpp_pkex_finish(wpa_s, src, freq);
2212 if (!bi)
2213 return;
2214
2215 os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
2216 bi->id,
2217 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
2218 wpa_printf(MSG_DEBUG,
2219 "DPP: Start authentication after PKEX with parameters: %s",
2220 cmd);
2221 if (wpas_dpp_auth_init(wpa_s, cmd) < 0) {
2222 wpa_printf(MSG_DEBUG,
2223 "DPP: Authentication initialization failed");
2224 offchannel_send_action_done(wpa_s);
2225 return;
2226 }
2227 }
2228
2229
2230 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
2231 const u8 *buf, size_t len, unsigned int freq)
2232 {
2233 u8 crypto_suite;
2234 enum dpp_public_action_frame_type type;
2235 const u8 *hdr;
2236 unsigned int pkex_t;
2237
2238 if (len < DPP_HDR_LEN)
2239 return;
2240 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
2241 return;
2242 hdr = buf;
2243 buf += 4;
2244 len -= 4;
2245 crypto_suite = *buf++;
2246 type = *buf++;
2247 len -= 2;
2248
2249 wpa_printf(MSG_DEBUG,
2250 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
2251 MACSTR " freq=%u",
2252 crypto_suite, type, MAC2STR(src), freq);
2253 if (crypto_suite != 1) {
2254 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
2255 crypto_suite);
2256 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
2257 " freq=%u type=%d ignore=unsupported-crypto-suite",
2258 MAC2STR(src), freq, type);
2259 return;
2260 }
2261 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
2262 if (dpp_check_attrs(buf, len) < 0) {
2263 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
2264 " freq=%u type=%d ignore=invalid-attributes",
2265 MAC2STR(src), freq, type);
2266 return;
2267 }
2268 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d",
2269 MAC2STR(src), freq, type);
2270
2271 switch (type) {
2272 case DPP_PA_AUTHENTICATION_REQ:
2273 wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
2274 break;
2275 case DPP_PA_AUTHENTICATION_RESP:
2276 wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq);
2277 break;
2278 case DPP_PA_AUTHENTICATION_CONF:
2279 wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
2280 break;
2281 case DPP_PA_PEER_DISCOVERY_RESP:
2282 wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
2283 break;
2284 case DPP_PA_PKEX_EXCHANGE_REQ:
2285 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq);
2286 break;
2287 case DPP_PA_PKEX_EXCHANGE_RESP:
2288 wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
2289 break;
2290 case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
2291 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
2292 freq);
2293 break;
2294 case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
2295 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
2296 freq);
2297 break;
2298 #ifdef CONFIG_DPP2
2299 case DPP_PA_CONFIGURATION_RESULT:
2300 wpas_dpp_rx_conf_result(wpa_s, src, hdr, buf, len);
2301 break;
2302 case DPP_PA_CONNECTION_STATUS_RESULT:
2303 wpas_dpp_rx_conn_status_result(wpa_s, src, hdr, buf, len);
2304 break;
2305 case DPP_PA_PRESENCE_ANNOUNCEMENT:
2306 wpas_dpp_rx_presence_announcement(wpa_s, src, hdr, buf, len,
2307 freq);
2308 break;
2309 #endif /* CONFIG_DPP2 */
2310 default:
2311 wpa_printf(MSG_DEBUG,
2312 "DPP: Ignored unsupported frame subtype %d", type);
2313 break;
2314 }
2315
2316 if (wpa_s->dpp_pkex)
2317 pkex_t = wpa_s->dpp_pkex->t;
2318 else if (wpa_s->dpp_pkex_bi)
2319 pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
2320 else
2321 pkex_t = 0;
2322 if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
2323 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
2324 wpas_dpp_pkex_remove(wpa_s, "*");
2325 }
2326 }
2327
2328
2329 static struct wpabuf *
2330 wpas_dpp_gas_req_handler(void *ctx, const u8 *sa, const u8 *query,
2331 size_t query_len)
2332 {
2333 struct wpa_supplicant *wpa_s = ctx;
2334 struct dpp_authentication *auth = wpa_s->dpp_auth;
2335 struct wpabuf *resp;
2336
2337 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
2338 MAC2STR(sa));
2339 if (!auth || !auth->auth_success ||
2340 os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) {
2341 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
2342 return NULL;
2343 }
2344
2345 if (wpa_s->dpp_auth_ok_on_ack && auth->configurator) {
2346 wpa_printf(MSG_DEBUG,
2347 "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request");
2348 /* wpas_dpp_auth_success() would normally have been called from
2349 * TX status handler, but since there was no such handler call
2350 * yet, simply send out the event message and proceed with
2351 * exchange. */
2352 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=1");
2353 wpa_s->dpp_auth_ok_on_ack = 0;
2354 }
2355
2356 wpa_hexdump(MSG_DEBUG,
2357 "DPP: Received Configuration Request (GAS Query Request)",
2358 query, query_len);
2359 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR,
2360 MAC2STR(sa));
2361 resp = dpp_conf_req_rx(auth, query, query_len);
2362 if (!resp)
2363 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2364 auth->conf_resp = resp;
2365 return resp;
2366 }
2367
2368
2369 static void
2370 wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
2371 {
2372 struct wpa_supplicant *wpa_s = ctx;
2373 struct dpp_authentication *auth = wpa_s->dpp_auth;
2374
2375 if (!auth) {
2376 wpabuf_free(resp);
2377 return;
2378 }
2379 if (auth->conf_resp != resp) {
2380 wpa_printf(MSG_DEBUG,
2381 "DPP: Ignore GAS status report (ok=%d) for unknown response",
2382 ok);
2383 wpabuf_free(resp);
2384 return;
2385 }
2386
2387 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
2388 ok);
2389 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
2390 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
2391 #ifdef CONFIG_DPP2
2392 if (ok && auth->peer_version >= 2 &&
2393 auth->conf_resp_status == DPP_STATUS_OK) {
2394 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
2395 auth->waiting_conf_result = 1;
2396 auth->conf_resp = NULL;
2397 wpabuf_free(resp);
2398 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
2399 wpa_s, NULL);
2400 eloop_register_timeout(2, 0,
2401 wpas_dpp_config_result_wait_timeout,
2402 wpa_s, NULL);
2403 return;
2404 }
2405 #endif /* CONFIG_DPP2 */
2406 offchannel_send_action_done(wpa_s);
2407 wpas_dpp_listen_stop(wpa_s);
2408 if (ok)
2409 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
2410 else
2411 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2412 dpp_auth_deinit(wpa_s->dpp_auth);
2413 wpa_s->dpp_auth = NULL;
2414 wpabuf_free(resp);
2415 }
2416
2417
2418 int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
2419 {
2420 struct dpp_authentication *auth;
2421 int ret = -1;
2422 char *curve = NULL;
2423
2424 auth = dpp_alloc_auth(wpa_s->dpp, wpa_s);
2425 if (!auth)
2426 return -1;
2427
2428 curve = get_param(cmd, " curve=");
2429 wpas_dpp_set_testing_options(wpa_s, auth);
2430 if (dpp_set_configurator(auth, cmd) == 0 &&
2431 dpp_configurator_own_config(auth, curve, 0) == 0)
2432 ret = wpas_dpp_handle_config_obj(wpa_s, auth,
2433 &auth->conf_obj[0]);
2434 if (!ret)
2435 wpas_dpp_post_process_config(wpa_s, auth);
2436
2437 dpp_auth_deinit(auth);
2438 os_free(curve);
2439
2440 return ret;
2441 }
2442
2443
2444 static void
2445 wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
2446 unsigned int freq, const u8 *dst,
2447 const u8 *src, const u8 *bssid,
2448 const u8 *data, size_t data_len,
2449 enum offchannel_send_action_result result)
2450 {
2451 const char *res_txt;
2452
2453 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
2454 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
2455 "FAILED");
2456 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
2457 " result=%s (DPP Peer Discovery Request)",
2458 freq, MAC2STR(dst), res_txt);
2459 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
2460 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
2461 /* TODO: Time out wait for response more quickly in error cases? */
2462 }
2463
2464
2465 int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2466 struct wpa_bss *bss)
2467 {
2468 struct os_time now;
2469 struct wpabuf *msg;
2470 unsigned int wait_time;
2471 const u8 *rsn;
2472 struct wpa_ie_data ied;
2473
2474 if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
2475 return 0; /* Not using DPP AKM - continue */
2476 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
2477 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
2478 !(ied.key_mgmt & WPA_KEY_MGMT_DPP))
2479 return 0; /* AP does not support DPP AKM - continue */
2480 if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid))
2481 return 0; /* PMKSA exists for DPP AKM - continue */
2482
2483 if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2484 !ssid->dpp_csign) {
2485 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
2486 "missing %s",
2487 !ssid->dpp_connector ? "Connector" :
2488 (!ssid->dpp_netaccesskey ? "netAccessKey" :
2489 "C-sign-key"));
2490 return -1;
2491 }
2492
2493 os_get_time(&now);
2494
2495 if (ssid->dpp_netaccesskey_expiry &&
2496 (os_time_t) ssid->dpp_netaccesskey_expiry < now.sec) {
2497 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
2498 "netAccessKey expired");
2499 return -1;
2500 }
2501
2502 wpa_printf(MSG_DEBUG,
2503 "DPP: Starting network introduction protocol to derive PMKSA for "
2504 MACSTR, MAC2STR(bss->bssid));
2505
2506 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ,
2507 5 + 4 + os_strlen(ssid->dpp_connector));
2508 if (!msg)
2509 return -1;
2510
2511 #ifdef CONFIG_TESTING_OPTIONS
2512 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) {
2513 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
2514 goto skip_trans_id;
2515 }
2516 if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ) {
2517 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID");
2518 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
2519 wpabuf_put_le16(msg, 0);
2520 goto skip_trans_id;
2521 }
2522 #endif /* CONFIG_TESTING_OPTIONS */
2523
2524 /* Transaction ID */
2525 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
2526 wpabuf_put_le16(msg, 1);
2527 wpabuf_put_u8(msg, TRANSACTION_ID);
2528
2529 #ifdef CONFIG_TESTING_OPTIONS
2530 skip_trans_id:
2531 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) {
2532 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
2533 goto skip_connector;
2534 }
2535 if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
2536 char *connector;
2537
2538 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
2539 connector = dpp_corrupt_connector_signature(
2540 ssid->dpp_connector);
2541 if (!connector) {
2542 wpabuf_free(msg);
2543 return -1;
2544 }
2545 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
2546 wpabuf_put_le16(msg, os_strlen(connector));
2547 wpabuf_put_str(msg, connector);
2548 os_free(connector);
2549 goto skip_connector;
2550 }
2551 #endif /* CONFIG_TESTING_OPTIONS */
2552
2553 /* DPP Connector */
2554 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
2555 wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
2556 wpabuf_put_str(msg, ssid->dpp_connector);
2557
2558 #ifdef CONFIG_TESTING_OPTIONS
2559 skip_connector:
2560 #endif /* CONFIG_TESTING_OPTIONS */
2561
2562 /* TODO: Timeout on AP response */
2563 wait_time = wpa_s->max_remain_on_chan;
2564 if (wait_time > 2000)
2565 wait_time = 2000;
2566 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2567 MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ);
2568 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
2569 broadcast,
2570 wpabuf_head(msg), wpabuf_len(msg),
2571 wait_time, wpas_dpp_tx_introduction_status, 0);
2572 wpabuf_free(msg);
2573
2574 /* Request this connection attempt to terminate - new one will be
2575 * started when network introduction protocol completes */
2576 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
2577 wpa_s->dpp_intro_network = ssid;
2578 return 1;
2579 }
2580
2581
2582 int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
2583 {
2584 struct dpp_bootstrap_info *own_bi;
2585 const char *pos, *end;
2586 unsigned int wait_time;
2587
2588 pos = os_strstr(cmd, " own=");
2589 if (!pos)
2590 return -1;
2591 pos += 5;
2592 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
2593 if (!own_bi) {
2594 wpa_printf(MSG_DEBUG,
2595 "DPP: Identified bootstrap info not found");
2596 return -1;
2597 }
2598 if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
2599 wpa_printf(MSG_DEBUG,
2600 "DPP: Identified bootstrap info not for PKEX");
2601 return -1;
2602 }
2603 wpa_s->dpp_pkex_bi = own_bi;
2604 own_bi->pkex_t = 0; /* clear pending errors on new code */
2605
2606 os_free(wpa_s->dpp_pkex_identifier);
2607 wpa_s->dpp_pkex_identifier = NULL;
2608 pos = os_strstr(cmd, " identifier=");
2609 if (pos) {
2610 pos += 12;
2611 end = os_strchr(pos, ' ');
2612 if (!end)
2613 return -1;
2614 wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1);
2615 if (!wpa_s->dpp_pkex_identifier)
2616 return -1;
2617 os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos);
2618 wpa_s->dpp_pkex_identifier[end - pos] = '\0';
2619 }
2620
2621 pos = os_strstr(cmd, " code=");
2622 if (!pos)
2623 return -1;
2624 os_free(wpa_s->dpp_pkex_code);
2625 wpa_s->dpp_pkex_code = os_strdup(pos + 6);
2626 if (!wpa_s->dpp_pkex_code)
2627 return -1;
2628
2629 if (os_strstr(cmd, " init=1")) {
2630 struct dpp_pkex *pkex;
2631 struct wpabuf *msg;
2632
2633 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEX");
2634 dpp_pkex_free(wpa_s->dpp_pkex);
2635 wpa_s->dpp_pkex = dpp_pkex_init(wpa_s, own_bi, wpa_s->own_addr,
2636 wpa_s->dpp_pkex_identifier,
2637 wpa_s->dpp_pkex_code);
2638 pkex = wpa_s->dpp_pkex;
2639 if (!pkex)
2640 return -1;
2641
2642 msg = pkex->exchange_req;
2643 wait_time = wpa_s->max_remain_on_chan;
2644 if (wait_time > 2000)
2645 wait_time = 2000;
2646 pkex->freq = 2437;
2647 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
2648 " freq=%u type=%d",
2649 MAC2STR(broadcast), pkex->freq,
2650 DPP_PA_PKEX_EXCHANGE_REQ);
2651 offchannel_send_action(wpa_s, pkex->freq, broadcast,
2652 wpa_s->own_addr, broadcast,
2653 wpabuf_head(msg), wpabuf_len(msg),
2654 wait_time, wpas_dpp_tx_pkex_status, 0);
2655 if (wait_time == 0)
2656 wait_time = 2000;
2657 pkex->exch_req_wait_time = wait_time;
2658 pkex->exch_req_tries = 1;
2659 }
2660
2661 /* TODO: Support multiple PKEX info entries */
2662
2663 os_free(wpa_s->dpp_pkex_auth_cmd);
2664 wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd);
2665
2666 return 1;
2667 }
2668
2669
2670 int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id)
2671 {
2672 unsigned int id_val;
2673
2674 if (os_strcmp(id, "*") == 0) {
2675 id_val = 0;
2676 } else {
2677 id_val = atoi(id);
2678 if (id_val == 0)
2679 return -1;
2680 }
2681
2682 if ((id_val != 0 && id_val != 1) || !wpa_s->dpp_pkex_code)
2683 return -1;
2684
2685 /* TODO: Support multiple PKEX entries */
2686 os_free(wpa_s->dpp_pkex_code);
2687 wpa_s->dpp_pkex_code = NULL;
2688 os_free(wpa_s->dpp_pkex_identifier);
2689 wpa_s->dpp_pkex_identifier = NULL;
2690 os_free(wpa_s->dpp_pkex_auth_cmd);
2691 wpa_s->dpp_pkex_auth_cmd = NULL;
2692 wpa_s->dpp_pkex_bi = NULL;
2693 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
2694 dpp_pkex_free(wpa_s->dpp_pkex);
2695 wpa_s->dpp_pkex = NULL;
2696 return 0;
2697 }
2698
2699
2700 void wpas_dpp_stop(struct wpa_supplicant *wpa_s)
2701 {
2702 if (wpa_s->dpp_auth || wpa_s->dpp_pkex)
2703 offchannel_send_action_done(wpa_s);
2704 dpp_auth_deinit(wpa_s->dpp_auth);
2705 wpa_s->dpp_auth = NULL;
2706 dpp_pkex_free(wpa_s->dpp_pkex);
2707 wpa_s->dpp_pkex = NULL;
2708 if (wpa_s->dpp_gas_client && wpa_s->dpp_gas_dialog_token >= 0)
2709 gas_query_stop(wpa_s->gas, wpa_s->dpp_gas_dialog_token);
2710 }
2711
2712
2713 int wpas_dpp_init(struct wpa_supplicant *wpa_s)
2714 {
2715 struct dpp_global_config config;
2716 u8 adv_proto_id[7];
2717
2718 adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
2719 adv_proto_id[1] = 5;
2720 WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
2721 adv_proto_id[5] = DPP_OUI_TYPE;
2722 adv_proto_id[6] = 0x01;
2723
2724 if (gas_server_register(wpa_s->gas_server, adv_proto_id,
2725 sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
2726 wpas_dpp_gas_status_handler, wpa_s) < 0)
2727 return -1;
2728
2729 os_memset(&config, 0, sizeof(config));
2730 config.msg_ctx = wpa_s;
2731 config.cb_ctx = wpa_s;
2732 #ifdef CONFIG_DPP2
2733 config.process_conf_obj = wpas_dpp_process_conf_obj;
2734 config.remove_bi = wpas_dpp_remove_bi;
2735 #endif /* CONFIG_DPP2 */
2736 wpa_s->dpp = dpp_global_init(&config);
2737 return wpa_s->dpp ? 0 : -1;
2738 }
2739
2740
2741 void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
2742 {
2743 #ifdef CONFIG_TESTING_OPTIONS
2744 os_free(wpa_s->dpp_config_obj_override);
2745 wpa_s->dpp_config_obj_override = NULL;
2746 os_free(wpa_s->dpp_discovery_override);
2747 wpa_s->dpp_discovery_override = NULL;
2748 os_free(wpa_s->dpp_groups_override);
2749 wpa_s->dpp_groups_override = NULL;
2750 wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
2751 #endif /* CONFIG_TESTING_OPTIONS */
2752 if (!wpa_s->dpp)
2753 return;
2754 dpp_global_clear(wpa_s->dpp);
2755 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
2756 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
2757 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
2758 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
2759 #ifdef CONFIG_DPP2
2760 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
2761 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
2762 wpa_s, NULL);
2763 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
2764 dpp_pfs_free(wpa_s->dpp_pfs);
2765 wpa_s->dpp_pfs = NULL;
2766 wpas_dpp_chirp_stop(wpa_s);
2767 #endif /* CONFIG_DPP2 */
2768 offchannel_send_action_done(wpa_s);
2769 wpas_dpp_listen_stop(wpa_s);
2770 wpas_dpp_stop(wpa_s);
2771 wpas_dpp_pkex_remove(wpa_s, "*");
2772 os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
2773 os_free(wpa_s->dpp_configurator_params);
2774 wpa_s->dpp_configurator_params = NULL;
2775 }
2776
2777
2778 #ifdef CONFIG_DPP2
2779
2780 int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd)
2781 {
2782 struct dpp_controller_config config;
2783 const char *pos;
2784
2785 os_memset(&config, 0, sizeof(config));
2786 if (cmd) {
2787 pos = os_strstr(cmd, " tcp_port=");
2788 if (pos) {
2789 pos += 10;
2790 config.tcp_port = atoi(pos);
2791 }
2792 }
2793 config.configurator_params = wpa_s->dpp_configurator_params;
2794 return dpp_controller_start(wpa_s->dpp, &config);
2795 }
2796
2797
2798 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx);
2799
2800 static void wpas_dpp_chirp_timeout(void *eloop_ctx, void *timeout_ctx)
2801 {
2802 struct wpa_supplicant *wpa_s = eloop_ctx;
2803
2804 wpa_printf(MSG_DEBUG, "DPP: No chirp response received");
2805 offchannel_send_action_done(wpa_s);
2806 wpas_dpp_chirp_next(wpa_s, NULL);
2807 }
2808
2809
2810 static void wpas_dpp_chirp_tx_status(struct wpa_supplicant *wpa_s,
2811 unsigned int freq, const u8 *dst,
2812 const u8 *src, const u8 *bssid,
2813 const u8 *data, size_t data_len,
2814 enum offchannel_send_action_result result)
2815 {
2816 if (result == OFFCHANNEL_SEND_ACTION_FAILED) {
2817 wpa_printf(MSG_DEBUG, "DPP: Failed to send chirp on %d MHz",
2818 wpa_s->dpp_chirp_freq);
2819 if (eloop_register_timeout(0, 0, wpas_dpp_chirp_next,
2820 wpa_s, NULL) < 0)
2821 wpas_dpp_chirp_stop(wpa_s);
2822 return;
2823 }
2824
2825 wpa_printf(MSG_DEBUG, "DPP: Chirp send completed - wait for response");
2826 if (eloop_register_timeout(2, 0, wpas_dpp_chirp_timeout,
2827 wpa_s, NULL) < 0)
2828 wpas_dpp_chirp_stop(wpa_s);
2829 }
2830
2831
2832 static void wpas_dpp_chirp_start(struct wpa_supplicant *wpa_s)
2833 {
2834 wpa_printf(MSG_DEBUG, "DPP: Chirp on %d MHz", wpa_s->dpp_chirp_freq);
2835 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2836 MAC2STR(broadcast), wpa_s->dpp_chirp_freq,
2837 DPP_PA_PRESENCE_ANNOUNCEMENT);
2838 if (offchannel_send_action(
2839 wpa_s, wpa_s->dpp_chirp_freq, broadcast,
2840 wpa_s->own_addr, broadcast,
2841 wpabuf_head(wpa_s->dpp_presence_announcement),
2842 wpabuf_len(wpa_s->dpp_presence_announcement),
2843 2000, wpas_dpp_chirp_tx_status, 0) < 0)
2844 wpas_dpp_chirp_stop(wpa_s);
2845 }
2846
2847
2848 static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s,
2849 struct wpa_scan_results *scan_res)
2850 {
2851 struct dpp_bootstrap_info *bi = wpa_s->dpp_chirp_bi;
2852 unsigned int i;
2853 struct hostapd_hw_modes *mode;
2854 int c;
2855 struct wpa_bss *bss;
2856
2857 if (!bi)
2858 return;
2859
2860 wpa_s->dpp_chirp_scan_done = 1;
2861
2862 os_free(wpa_s->dpp_chirp_freqs);
2863 wpa_s->dpp_chirp_freqs = NULL;
2864
2865 /* Channels from own bootstrapping info */
2866 for (i = 0; i < bi->num_freq; i++)
2867 int_array_add_unique(&wpa_s->dpp_chirp_freqs, bi->freq[i]);
2868
2869 /* Preferred chirping channels */
2870 int_array_add_unique(&wpa_s->dpp_chirp_freqs, 2437);
2871
2872 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
2873 HOSTAPD_MODE_IEEE80211A, 0);
2874 if (mode) {
2875 int chan44 = 0, chan149 = 0;
2876
2877 for (c = 0; c < mode->num_channels; c++) {
2878 struct hostapd_channel_data *chan = &mode->channels[c];
2879
2880 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2881 HOSTAPD_CHAN_RADAR))
2882 continue;
2883 if (chan->freq == 5220)
2884 chan44 = 1;
2885 if (chan->freq == 5745)
2886 chan149 = 1;
2887 }
2888 if (chan149)
2889 int_array_add_unique(&wpa_s->dpp_chirp_freqs, 5745);
2890 else if (chan44)
2891 int_array_add_unique(&wpa_s->dpp_chirp_freqs, 5220);
2892 }
2893
2894 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
2895 HOSTAPD_MODE_IEEE80211AD, 0);
2896 if (mode) {
2897 for (c = 0; c < mode->num_channels; c++) {
2898 struct hostapd_channel_data *chan = &mode->channels[c];
2899
2900 if ((chan->flag & (HOSTAPD_CHAN_DISABLED |
2901 HOSTAPD_CHAN_RADAR)) ||
2902 chan->freq != 60480)
2903 continue;
2904 int_array_add_unique(&wpa_s->dpp_chirp_freqs, 60480);
2905 break;
2906 }
2907 }
2908
2909 /* Add channels from scan results for APs that advertise Configurator
2910 * Connectivity element */
2911 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2912 if (wpa_bss_get_vendor_ie(bss, DPP_CC_IE_VENDOR_TYPE))
2913 int_array_add_unique(&wpa_s->dpp_chirp_freqs,
2914 bss->freq);
2915 }
2916
2917 if (!wpa_s->dpp_chirp_freqs ||
2918 eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL) < 0)
2919 wpas_dpp_chirp_stop(wpa_s);
2920 }
2921
2922
2923 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx)
2924 {
2925 struct wpa_supplicant *wpa_s = eloop_ctx;
2926 int i;
2927
2928 if (wpa_s->dpp_chirp_listen)
2929 wpas_dpp_listen_stop(wpa_s);
2930
2931 if (wpa_s->dpp_chirp_freq == 0) {
2932 if (wpa_s->dpp_chirp_round % 4 == 0 &&
2933 !wpa_s->dpp_chirp_scan_done) {
2934 wpa_printf(MSG_DEBUG,
2935 "DPP: Update channel list for chirping");
2936 wpa_s->scan_req = MANUAL_SCAN_REQ;
2937 wpa_s->scan_res_handler =
2938 wpas_dpp_chirp_scan_res_handler;
2939 wpa_supplicant_req_scan(wpa_s, 0, 0);
2940 return;
2941 }
2942 wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[0];
2943 wpa_s->dpp_chirp_round++;
2944 wpa_printf(MSG_DEBUG, "DPP: Start chirping round %d",
2945 wpa_s->dpp_chirp_round);
2946 } else {
2947 for (i = 0; wpa_s->dpp_chirp_freqs[i]; i++)
2948 if (wpa_s->dpp_chirp_freqs[i] == wpa_s->dpp_chirp_freq)
2949 break;
2950 if (!wpa_s->dpp_chirp_freqs[i]) {
2951 wpa_printf(MSG_DEBUG,
2952 "DPP: Previous chirp freq %d not found",
2953 wpa_s->dpp_chirp_freq);
2954 return;
2955 }
2956 i++;
2957 if (wpa_s->dpp_chirp_freqs[i]) {
2958 wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[i];
2959 } else {
2960 wpa_s->dpp_chirp_iter--;
2961 if (wpa_s->dpp_chirp_iter <= 0) {
2962 wpa_printf(MSG_DEBUG,
2963 "DPP: Chirping iterations completed");
2964 wpas_dpp_chirp_stop(wpa_s);
2965 return;
2966 }
2967 wpa_s->dpp_chirp_freq = 0;
2968 wpa_s->dpp_chirp_scan_done = 0;
2969 if (eloop_register_timeout(30, 0, wpas_dpp_chirp_next,
2970 wpa_s, NULL) < 0) {
2971 wpas_dpp_chirp_stop(wpa_s);
2972 return;
2973 }
2974 if (wpa_s->dpp_chirp_listen) {
2975 wpa_printf(MSG_DEBUG,
2976 "DPP: Listen on %d MHz during chirp 30 second wait",
2977 wpa_s->dpp_chirp_listen);
2978 wpas_dpp_listen_start(wpa_s,
2979 wpa_s->dpp_chirp_listen);
2980 } else {
2981 wpa_printf(MSG_DEBUG,
2982 "DPP: Wait 30 seconds before starting the next chirping round");
2983 }
2984 return;
2985 }
2986 }
2987
2988 wpas_dpp_chirp_start(wpa_s);
2989 }
2990
2991
2992 int wpas_dpp_chirp(struct wpa_supplicant *wpa_s, const char *cmd)
2993 {
2994 const char *pos;
2995 int iter = 1, listen_freq = 0;
2996 struct dpp_bootstrap_info *bi;
2997
2998 pos = os_strstr(cmd, " own=");
2999 if (!pos)
3000 return -1;
3001 pos += 5;
3002 bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
3003 if (!bi) {
3004 wpa_printf(MSG_DEBUG,
3005 "DPP: Identified bootstrap info not found");
3006 return -1;
3007 }
3008
3009 pos = os_strstr(cmd, " iter=");
3010 if (pos) {
3011 iter = atoi(pos + 6);
3012 if (iter <= 0)
3013 return -1;
3014 }
3015
3016 pos = os_strstr(cmd, " listen=");
3017 if (pos) {
3018 listen_freq = atoi(pos + 8);
3019 if (iter <= 0)
3020 return -1;
3021 }
3022
3023 wpas_dpp_chirp_stop(wpa_s);
3024 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
3025 wpa_s->dpp_qr_mutual = 0;
3026 wpa_s->dpp_chirp_bi = bi;
3027 wpa_s->dpp_presence_announcement = dpp_build_presence_announcement(bi);
3028 if (!wpa_s->dpp_presence_announcement)
3029 return -1;
3030 wpa_s->dpp_chirp_iter = iter;
3031 wpa_s->dpp_chirp_round = 0;
3032 wpa_s->dpp_chirp_scan_done = 0;
3033 wpa_s->dpp_chirp_listen = listen_freq;
3034
3035 return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
3036 }
3037
3038
3039 void wpas_dpp_chirp_stop(struct wpa_supplicant *wpa_s)
3040 {
3041 if (wpa_s->dpp_presence_announcement) {
3042 offchannel_send_action_done(wpa_s);
3043 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CHIRP_STOPPED);
3044 }
3045 wpa_s->dpp_chirp_bi = NULL;
3046 wpabuf_free(wpa_s->dpp_presence_announcement);
3047 wpa_s->dpp_presence_announcement = NULL;
3048 if (wpa_s->dpp_chirp_listen)
3049 wpas_dpp_listen_stop(wpa_s);
3050 wpa_s->dpp_chirp_listen = 0;
3051 wpa_s->dpp_chirp_freq = 0;
3052 os_free(wpa_s->dpp_chirp_freqs);
3053 wpa_s->dpp_chirp_freqs = NULL;
3054 eloop_cancel_timeout(wpas_dpp_chirp_next, wpa_s, NULL);
3055 eloop_cancel_timeout(wpas_dpp_chirp_timeout, wpa_s, NULL);
3056 if (wpa_s->scan_res_handler == wpas_dpp_chirp_scan_res_handler) {
3057 wpas_abort_ongoing_scan(wpa_s);
3058 wpa_s->scan_res_handler = NULL;
3059 }
3060 }
3061
3062 #endif /* CONFIG_DPP2 */
Unnamed repository; edit this file 'description' to name the repository.