]> git.ipfire.org Git - thirdparty/hostap.git/blob - wpa_supplicant/dpp_supplicant.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
DPP: Stop Authentication Request attempts if no response after ACK
[thirdparty/hostap.git] / wpa_supplicant / dpp_supplicant.c
1 /*
2 * wpa_supplicant - DPP
3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/dpp.h"
14 #include "common/gas.h"
15 #include "common/gas_server.h"
16 #include "rsn_supp/wpa.h"
17 #include "rsn_supp/pmksa_cache.h"
18 #include "wpa_supplicant_i.h"
19 #include "config.h"
20 #include "driver_i.h"
21 #include "offchannel.h"
22 #include "gas_query.h"
23 #include "bss.h"
24 #include "scan.h"
25 #include "notify.h"
26 #include "dpp_supplicant.h"
27
28
29 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
30 unsigned int freq);
31 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
32 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
33 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
34 unsigned int freq, const u8 *dst,
35 const u8 *src, const u8 *bssid,
36 const u8 *data, size_t data_len,
37 enum offchannel_send_action_result result);
38 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
39 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s);
40 static void
41 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
42 unsigned int freq, const u8 *dst,
43 const u8 *src, const u8 *bssid,
44 const u8 *data, size_t data_len,
45 enum offchannel_send_action_result result);
46
47 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
48
49 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
50 * a single transaction in progress at any point in time. */
51 static const u8 TRANSACTION_ID = 1;
52
53
54 static struct dpp_configurator *
55 dpp_configurator_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
56 {
57 struct dpp_configurator *conf;
58
59 dl_list_for_each(conf, &wpa_s->dpp_configurator,
60 struct dpp_configurator, list) {
61 if (conf->id == id)
62 return conf;
63 }
64 return NULL;
65 }
66
67
68 static unsigned int wpas_dpp_next_id(struct wpa_supplicant *wpa_s)
69 {
70 struct dpp_bootstrap_info *bi;
71 unsigned int max_id = 0;
72
73 dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info,
74 list) {
75 if (bi->id > max_id)
76 max_id = bi->id;
77 }
78 return max_id + 1;
79 }
80
81
82 /**
83 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
84 * @wpa_s: Pointer to wpa_supplicant data
85 * @cmd: DPP URI read from a QR Code
86 * Returns: Identifier of the stored info or -1 on failure
87 */
88 int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
89 {
90 struct dpp_bootstrap_info *bi;
91 struct dpp_authentication *auth = wpa_s->dpp_auth;
92
93 bi = dpp_parse_qr_code(cmd);
94 if (!bi)
95 return -1;
96
97 bi->id = wpas_dpp_next_id(wpa_s);
98 dl_list_add(&wpa_s->dpp_bootstrap, &bi->list);
99
100 if (auth && auth->response_pending &&
101 dpp_notify_new_qr_code(auth, bi) == 1) {
102 wpa_printf(MSG_DEBUG,
103 "DPP: Sending out pending authentication response");
104 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
105 " freq=%u type=%d",
106 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
107 DPP_PA_AUTHENTICATION_RESP);
108 offchannel_send_action(wpa_s, auth->curr_freq,
109 auth->peer_mac_addr, wpa_s->own_addr,
110 broadcast,
111 wpabuf_head(auth->resp_msg),
112 wpabuf_len(auth->resp_msg),
113 500, wpas_dpp_tx_status, 0);
114 }
115
116 return bi->id;
117 }
118
119
120 static char * get_param(const char *cmd, const char *param)
121 {
122 const char *pos, *end;
123 char *val;
124 size_t len;
125
126 pos = os_strstr(cmd, param);
127 if (!pos)
128 return NULL;
129
130 pos += os_strlen(param);
131 end = os_strchr(pos, ' ');
132 if (end)
133 len = end - pos;
134 else
135 len = os_strlen(pos);
136 val = os_malloc(len + 1);
137 if (!val)
138 return NULL;
139 os_memcpy(val, pos, len);
140 val[len] = '\0';
141 return val;
142 }
143
144
145 int wpas_dpp_bootstrap_gen(struct wpa_supplicant *wpa_s, const char *cmd)
146 {
147 char *chan = NULL, *mac = NULL, *info = NULL, *pk = NULL, *curve = NULL;
148 char *key = NULL;
149 u8 *privkey = NULL;
150 size_t privkey_len = 0;
151 size_t len;
152 int ret = -1;
153 struct dpp_bootstrap_info *bi;
154
155 bi = os_zalloc(sizeof(*bi));
156 if (!bi)
157 goto fail;
158
159 if (os_strstr(cmd, "type=qrcode"))
160 bi->type = DPP_BOOTSTRAP_QR_CODE;
161 else if (os_strstr(cmd, "type=pkex"))
162 bi->type = DPP_BOOTSTRAP_PKEX;
163 else
164 goto fail;
165
166 chan = get_param(cmd, " chan=");
167 mac = get_param(cmd, " mac=");
168 info = get_param(cmd, " info=");
169 curve = get_param(cmd, " curve=");
170 key = get_param(cmd, " key=");
171
172 if (key) {
173 privkey_len = os_strlen(key) / 2;
174 privkey = os_malloc(privkey_len);
175 if (!privkey ||
176 hexstr2bin(key, privkey, privkey_len) < 0)
177 goto fail;
178 }
179
180 pk = dpp_keygen(bi, curve, privkey, privkey_len);
181 if (!pk)
182 goto fail;
183
184 len = 4; /* "DPP:" */
185 if (chan) {
186 if (dpp_parse_uri_chan_list(bi, chan) < 0)
187 goto fail;
188 len += 3 + os_strlen(chan); /* C:...; */
189 }
190 if (mac) {
191 if (dpp_parse_uri_mac(bi, mac) < 0)
192 goto fail;
193 len += 3 + os_strlen(mac); /* M:...; */
194 }
195 if (info) {
196 if (dpp_parse_uri_info(bi, info) < 0)
197 goto fail;
198 len += 3 + os_strlen(info); /* I:...; */
199 }
200 len += 4 + os_strlen(pk);
201 bi->uri = os_malloc(len + 1);
202 if (!bi->uri)
203 goto fail;
204 os_snprintf(bi->uri, len + 1, "DPP:%s%s%s%s%s%s%s%s%sK:%s;;",
205 chan ? "C:" : "", chan ? chan : "", chan ? ";" : "",
206 mac ? "M:" : "", mac ? mac : "", mac ? ";" : "",
207 info ? "I:" : "", info ? info : "", info ? ";" : "",
208 pk);
209 bi->id = wpas_dpp_next_id(wpa_s);
210 dl_list_add(&wpa_s->dpp_bootstrap, &bi->list);
211 ret = bi->id;
212 bi = NULL;
213 fail:
214 os_free(curve);
215 os_free(pk);
216 os_free(chan);
217 os_free(mac);
218 os_free(info);
219 str_clear_free(key);
220 bin_clear_free(privkey, privkey_len);
221 dpp_bootstrap_info_free(bi);
222 return ret;
223 }
224
225
226 static struct dpp_bootstrap_info *
227 dpp_bootstrap_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
228 {
229 struct dpp_bootstrap_info *bi;
230
231 dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info,
232 list) {
233 if (bi->id == id)
234 return bi;
235 }
236 return NULL;
237 }
238
239
240 static int dpp_bootstrap_del(struct wpa_supplicant *wpa_s, unsigned int id)
241 {
242 struct dpp_bootstrap_info *bi, *tmp;
243 int found = 0;
244
245 dl_list_for_each_safe(bi, tmp, &wpa_s->dpp_bootstrap,
246 struct dpp_bootstrap_info, list) {
247 if (id && bi->id != id)
248 continue;
249 found = 1;
250 dl_list_del(&bi->list);
251 dpp_bootstrap_info_free(bi);
252 }
253
254 if (id == 0)
255 return 0; /* flush succeeds regardless of entries found */
256 return found ? 0 : -1;
257 }
258
259
260 int wpas_dpp_bootstrap_remove(struct wpa_supplicant *wpa_s, const char *id)
261 {
262 unsigned int id_val;
263
264 if (os_strcmp(id, "*") == 0) {
265 id_val = 0;
266 } else {
267 id_val = atoi(id);
268 if (id_val == 0)
269 return -1;
270 }
271
272 return dpp_bootstrap_del(wpa_s, id_val);
273 }
274
275
276 const char * wpas_dpp_bootstrap_get_uri(struct wpa_supplicant *wpa_s,
277 unsigned int id)
278 {
279 struct dpp_bootstrap_info *bi;
280
281 bi = dpp_bootstrap_get_id(wpa_s, id);
282 if (!bi)
283 return NULL;
284 return bi->uri;
285 }
286
287
288 int wpas_dpp_bootstrap_info(struct wpa_supplicant *wpa_s, int id,
289 char *reply, int reply_size)
290 {
291 struct dpp_bootstrap_info *bi;
292
293 bi = dpp_bootstrap_get_id(wpa_s, id);
294 if (!bi)
295 return -1;
296 return os_snprintf(reply, reply_size, "type=%s\n"
297 "mac_addr=" MACSTR "\n"
298 "info=%s\n"
299 "num_freq=%u\n"
300 "curve=%s\n",
301 dpp_bootstrap_type_txt(bi->type),
302 MAC2STR(bi->mac_addr),
303 bi->info ? bi->info : "",
304 bi->num_freq,
305 bi->curve->name);
306 }
307
308
309 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx)
310 {
311 struct wpa_supplicant *wpa_s = eloop_ctx;
312 struct dpp_authentication *auth = wpa_s->dpp_auth;
313
314 if (!auth || !auth->resp_msg)
315 return;
316
317 wpa_printf(MSG_DEBUG,
318 "DPP: Retry Authentication Response after timeout");
319 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
320 " freq=%u type=%d",
321 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
322 DPP_PA_AUTHENTICATION_RESP);
323 offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr,
324 wpa_s->own_addr, broadcast,
325 wpabuf_head(auth->resp_msg),
326 wpabuf_len(auth->resp_msg),
327 500, wpas_dpp_tx_status, 0);
328 }
329
330
331 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s)
332 {
333 struct dpp_authentication *auth = wpa_s->dpp_auth;
334 unsigned int wait_time, max_tries;
335
336 if (!auth || !auth->resp_msg)
337 return;
338
339 if (wpa_s->dpp_resp_max_tries)
340 max_tries = wpa_s->dpp_resp_max_tries;
341 else
342 max_tries = 5;
343 auth->auth_resp_tries++;
344 if (auth->auth_resp_tries >= max_tries) {
345 wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange");
346 offchannel_send_action_done(wpa_s);
347 dpp_auth_deinit(wpa_s->dpp_auth);
348 wpa_s->dpp_auth = NULL;
349 return;
350 }
351
352 if (wpa_s->dpp_resp_retry_time)
353 wait_time = wpa_s->dpp_resp_retry_time;
354 else
355 wait_time = 10000;
356 wpa_printf(MSG_DEBUG,
357 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
358 wait_time);
359 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
360 eloop_register_timeout(wait_time / 1000,
361 (wait_time % 1000) * 1000,
362 wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
363 }
364
365
366 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
367 unsigned int freq, const u8 *dst,
368 const u8 *src, const u8 *bssid,
369 const u8 *data, size_t data_len,
370 enum offchannel_send_action_result result)
371 {
372 const char *res_txt;
373 struct dpp_authentication *auth = wpa_s->dpp_auth;
374
375 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
376 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
377 "FAILED");
378 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
379 " result=%s", freq, MAC2STR(dst), res_txt);
380 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
381 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
382
383 if (!wpa_s->dpp_auth) {
384 wpa_printf(MSG_DEBUG,
385 "DPP: Ignore TX status since there is no ongoing authentication exchange");
386 return;
387 }
388
389 if (wpa_s->dpp_auth->remove_on_tx_status) {
390 wpa_printf(MSG_DEBUG,
391 "DPP: Terminate authentication exchange due to an earlier error");
392 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
393 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
394 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
395 NULL);
396 offchannel_send_action_done(wpa_s);
397 dpp_auth_deinit(wpa_s->dpp_auth);
398 wpa_s->dpp_auth = NULL;
399 return;
400 }
401
402 if (wpa_s->dpp_auth_ok_on_ack)
403 wpas_dpp_auth_success(wpa_s, 1);
404
405 if (!is_broadcast_ether_addr(dst) &&
406 result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
407 wpa_printf(MSG_DEBUG,
408 "DPP: Unicast DPP Action frame was not ACKed");
409 if (auth->waiting_auth_resp) {
410 /* In case of DPP Authentication Request frame, move to
411 * the next channel immediately. */
412 offchannel_send_action_done(wpa_s);
413 wpas_dpp_auth_init_next(wpa_s);
414 return;
415 }
416 if (auth->waiting_auth_conf) {
417 wpas_dpp_auth_resp_retry(wpa_s);
418 return;
419 }
420 }
421
422 if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp &&
423 result == OFFCHANNEL_SEND_ACTION_SUCCESS) {
424 /* Allow timeout handling to stop iteration if no response is
425 * received from a peer that has ACKed a request. */
426 auth->auth_req_ack = 1;
427 }
428
429 if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
430 wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
431 wpa_printf(MSG_DEBUG,
432 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
433 wpa_s->dpp_auth->curr_freq,
434 wpa_s->dpp_auth->neg_freq);
435 offchannel_send_action_done(wpa_s);
436 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->neg_freq);
437 }
438 }
439
440
441 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
442 {
443 struct wpa_supplicant *wpa_s = eloop_ctx;
444 struct dpp_authentication *auth = wpa_s->dpp_auth;
445 unsigned int freq;
446 struct os_reltime now;
447
448 if (!auth)
449 return;
450
451 if (auth->waiting_auth_resp && auth->auth_req_ack) {
452 wpa_printf(MSG_INFO,
453 "DPP: No response received from responder - stopping initiation attempt");
454 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
455 offchannel_send_action_done(wpa_s);
456 dpp_auth_deinit(auth);
457 wpa_s->dpp_auth = NULL;
458 return;
459 }
460
461 if (auth->waiting_auth_resp) {
462 unsigned int wait_time;
463
464 wait_time = wpa_s->dpp_resp_wait_time ?
465 wpa_s->dpp_resp_wait_time : 2;
466 os_get_reltime(&now);
467 if (os_reltime_expired(&now, &wpa_s->dpp_last_init,
468 wait_time)) {
469 offchannel_send_action_done(wpa_s);
470 wpas_dpp_auth_init_next(wpa_s);
471 return;
472 }
473 }
474
475 freq = auth->curr_freq;
476 if (auth->neg_freq > 0)
477 freq = auth->neg_freq;
478 wpa_printf(MSG_DEBUG, "DPP: Continue reply wait on channel %u MHz",
479 freq);
480 wpas_dpp_listen_start(wpa_s, freq);
481 }
482
483
484 static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
485 struct dpp_authentication *auth)
486 {
487 #ifdef CONFIG_TESTING_OPTIONS
488 if (wpa_s->dpp_config_obj_override)
489 auth->config_obj_override =
490 os_strdup(wpa_s->dpp_config_obj_override);
491 if (wpa_s->dpp_discovery_override)
492 auth->discovery_override =
493 os_strdup(wpa_s->dpp_discovery_override);
494 if (wpa_s->dpp_groups_override)
495 auth->groups_override =
496 os_strdup(wpa_s->dpp_groups_override);
497 auth->ignore_netaccesskey_mismatch =
498 wpa_s->dpp_ignore_netaccesskey_mismatch;
499 #endif /* CONFIG_TESTING_OPTIONS */
500 }
501
502
503 static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
504 struct dpp_authentication *auth,
505 const char *cmd)
506 {
507 const char *pos, *end;
508 struct dpp_configuration *conf_sta = NULL, *conf_ap = NULL;
509 struct dpp_configurator *conf = NULL;
510 u8 ssid[32] = { "test" };
511 size_t ssid_len = 4;
512 char pass[64] = { };
513 size_t pass_len = 0;
514 u8 psk[PMK_LEN];
515 int psk_set = 0;
516
517 if (!cmd)
518 return;
519
520 wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
521 pos = os_strstr(cmd, " ssid=");
522 if (pos) {
523 pos += 6;
524 end = os_strchr(pos, ' ');
525 ssid_len = end ? (size_t) (end - pos) : os_strlen(pos);
526 ssid_len /= 2;
527 if (ssid_len > sizeof(ssid) ||
528 hexstr2bin(pos, ssid, ssid_len) < 0)
529 goto fail;
530 }
531
532 pos = os_strstr(cmd, " pass=");
533 if (pos) {
534 pos += 6;
535 end = os_strchr(pos, ' ');
536 pass_len = end ? (size_t) (end - pos) : os_strlen(pos);
537 pass_len /= 2;
538 if (pass_len > sizeof(pass) - 1 || pass_len < 8 ||
539 hexstr2bin(pos, (u8 *) pass, pass_len) < 0)
540 goto fail;
541 }
542
543 pos = os_strstr(cmd, " psk=");
544 if (pos) {
545 pos += 5;
546 if (hexstr2bin(pos, psk, PMK_LEN) < 0)
547 goto fail;
548 psk_set = 1;
549 }
550
551 if (os_strstr(cmd, " conf=sta-")) {
552 conf_sta = os_zalloc(sizeof(struct dpp_configuration));
553 if (!conf_sta)
554 goto fail;
555 os_memcpy(conf_sta->ssid, ssid, ssid_len);
556 conf_sta->ssid_len = ssid_len;
557 if (os_strstr(cmd, " conf=sta-psk") ||
558 os_strstr(cmd, " conf=sta-sae") ||
559 os_strstr(cmd, " conf=sta-psk-sae")) {
560 if (os_strstr(cmd, " conf=sta-psk-sae"))
561 conf_sta->akm = DPP_AKM_PSK_SAE;
562 else if (os_strstr(cmd, " conf=sta-sae"))
563 conf_sta->akm = DPP_AKM_SAE;
564 else
565 conf_sta->akm = DPP_AKM_PSK;
566 if (psk_set) {
567 os_memcpy(conf_sta->psk, psk, PMK_LEN);
568 } else {
569 conf_sta->passphrase = os_strdup(pass);
570 if (!conf_sta->passphrase)
571 goto fail;
572 }
573 } else if (os_strstr(cmd, " conf=sta-dpp")) {
574 conf_sta->akm = DPP_AKM_DPP;
575 } else {
576 goto fail;
577 }
578 }
579
580 if (os_strstr(cmd, " conf=ap-")) {
581 conf_ap = os_zalloc(sizeof(struct dpp_configuration));
582 if (!conf_ap)
583 goto fail;
584 os_memcpy(conf_ap->ssid, ssid, ssid_len);
585 conf_ap->ssid_len = ssid_len;
586 if (os_strstr(cmd, " conf=ap-psk") ||
587 os_strstr(cmd, " conf=ap-sae") ||
588 os_strstr(cmd, " conf=ap-psk-sae")) {
589 if (os_strstr(cmd, " conf=ap-psk-sae"))
590 conf_ap->akm = DPP_AKM_PSK_SAE;
591 else if (os_strstr(cmd, " conf=ap-sae"))
592 conf_ap->akm = DPP_AKM_SAE;
593 else
594 conf_ap->akm = DPP_AKM_PSK;
595 if (psk_set) {
596 os_memcpy(conf_ap->psk, psk, PMK_LEN);
597 } else {
598 conf_ap->passphrase = os_strdup(pass);
599 if (!conf_ap->passphrase)
600 goto fail;
601 }
602 } else if (os_strstr(cmd, " conf=ap-dpp")) {
603 conf_ap->akm = DPP_AKM_DPP;
604 } else {
605 goto fail;
606 }
607 }
608
609 pos = os_strstr(cmd, " expiry=");
610 if (pos) {
611 long int val;
612
613 pos += 8;
614 val = strtol(pos, NULL, 0);
615 if (val <= 0)
616 goto fail;
617 if (conf_sta)
618 conf_sta->netaccesskey_expiry = val;
619 if (conf_ap)
620 conf_ap->netaccesskey_expiry = val;
621 }
622
623 pos = os_strstr(cmd, " configurator=");
624 if (pos) {
625 pos += 14;
626 conf = dpp_configurator_get_id(wpa_s, atoi(pos));
627 if (!conf) {
628 wpa_printf(MSG_INFO,
629 "DPP: Could not find the specified configurator");
630 goto fail;
631 }
632 }
633 auth->conf_sta = conf_sta;
634 auth->conf_ap = conf_ap;
635 auth->conf = conf;
636 return;
637
638 fail:
639 wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters");
640 dpp_configuration_free(conf_sta);
641 dpp_configuration_free(conf_ap);
642 }
643
644
645 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
646 {
647 struct wpa_supplicant *wpa_s = eloop_ctx;
648
649 if (!wpa_s->dpp_auth)
650 return;
651 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
652 wpas_dpp_auth_init_next(wpa_s);
653 }
654
655
656 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
657 {
658 struct dpp_authentication *auth = wpa_s->dpp_auth;
659 const u8 *dst;
660 unsigned int wait_time, freq, max_tries;
661
662 if (!auth)
663 return -1;
664 if (auth->freq_idx >= auth->num_freq) {
665 auth->num_freq_iters++;
666 if (wpa_s->dpp_init_max_tries)
667 max_tries = wpa_s->dpp_init_max_tries;
668 else
669 max_tries = 5;
670 if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
671 wpa_printf(MSG_INFO,
672 "DPP: No response received from responder - stopping initiation attempt");
673 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
674 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout,
675 wpa_s, NULL);
676 offchannel_send_action_done(wpa_s);
677 dpp_auth_deinit(wpa_s->dpp_auth);
678 wpa_s->dpp_auth = NULL;
679 return -1;
680 }
681 auth->freq_idx = 0;
682 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
683 if (wpa_s->dpp_init_retry_time)
684 wait_time = wpa_s->dpp_init_retry_time;
685 else
686 wait_time = 10000;
687 eloop_register_timeout(wait_time / 1000,
688 (wait_time % 1000) * 1000,
689 wpas_dpp_init_timeout, wpa_s,
690 NULL);
691 return 0;
692 }
693 freq = auth->freq[auth->freq_idx++];
694 auth->curr_freq = freq;
695
696 if (is_zero_ether_addr(auth->peer_bi->mac_addr))
697 dst = broadcast;
698 else
699 dst = auth->peer_bi->mac_addr;
700 wpa_s->dpp_auth_ok_on_ack = 0;
701 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
702 wait_time = wpa_s->max_remain_on_chan;
703 if (wait_time > 2000)
704 wait_time = 2000;
705 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
706 wpas_dpp_reply_wait_timeout,
707 wpa_s, NULL);
708 if (auth->neg_freq > 0 && freq != auth->neg_freq) {
709 wpa_printf(MSG_DEBUG,
710 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
711 freq, auth->neg_freq);
712 }
713 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
714 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
715 auth->auth_req_ack = 0;
716 os_get_reltime(&wpa_s->dpp_last_init);
717 return offchannel_send_action(wpa_s, freq, dst,
718 wpa_s->own_addr, broadcast,
719 wpabuf_head(auth->req_msg),
720 wpabuf_len(auth->req_msg),
721 wait_time, wpas_dpp_tx_status, 0);
722 }
723
724
725 int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
726 {
727 const char *pos;
728 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
729 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
730 unsigned int neg_freq = 0;
731
732 wpa_s->dpp_gas_client = 0;
733
734 pos = os_strstr(cmd, " peer=");
735 if (!pos)
736 return -1;
737 pos += 6;
738 peer_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos));
739 if (!peer_bi) {
740 wpa_printf(MSG_INFO,
741 "DPP: Could not find bootstrapping info for the identified peer");
742 return -1;
743 }
744
745 pos = os_strstr(cmd, " own=");
746 if (pos) {
747 pos += 5;
748 own_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos));
749 if (!own_bi) {
750 wpa_printf(MSG_INFO,
751 "DPP: Could not find bootstrapping info for the identified local entry");
752 return -1;
753 }
754
755 if (peer_bi->curve != own_bi->curve) {
756 wpa_printf(MSG_INFO,
757 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
758 peer_bi->curve->name, own_bi->curve->name);
759 return -1;
760 }
761 }
762
763 pos = os_strstr(cmd, " role=");
764 if (pos) {
765 pos += 6;
766 if (os_strncmp(pos, "configurator", 12) == 0)
767 allowed_roles = DPP_CAPAB_CONFIGURATOR;
768 else if (os_strncmp(pos, "enrollee", 8) == 0)
769 allowed_roles = DPP_CAPAB_ENROLLEE;
770 else if (os_strncmp(pos, "either", 6) == 0)
771 allowed_roles = DPP_CAPAB_CONFIGURATOR |
772 DPP_CAPAB_ENROLLEE;
773 else
774 goto fail;
775 }
776
777 pos = os_strstr(cmd, " netrole=");
778 if (pos) {
779 pos += 9;
780 wpa_s->dpp_netrole_ap = os_strncmp(pos, "ap", 2) == 0;
781 }
782
783 pos = os_strstr(cmd, " neg_freq=");
784 if (pos)
785 neg_freq = atoi(pos + 10);
786
787 if (wpa_s->dpp_auth) {
788 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
789 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
790 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
791 NULL);
792 offchannel_send_action_done(wpa_s);
793 dpp_auth_deinit(wpa_s->dpp_auth);
794 }
795 wpa_s->dpp_auth = dpp_auth_init(wpa_s, peer_bi, own_bi, allowed_roles,
796 neg_freq,
797 wpa_s->hw.modes, wpa_s->hw.num_modes);
798 if (!wpa_s->dpp_auth)
799 goto fail;
800 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
801 wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth, cmd);
802
803 wpa_s->dpp_auth->neg_freq = neg_freq;
804
805 if (!is_zero_ether_addr(peer_bi->mac_addr))
806 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, peer_bi->mac_addr,
807 ETH_ALEN);
808
809 return wpas_dpp_auth_init_next(wpa_s);
810 fail:
811 return -1;
812 }
813
814
815 struct wpas_dpp_listen_work {
816 unsigned int freq;
817 unsigned int duration;
818 struct wpabuf *probe_resp_ie;
819 };
820
821
822 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
823 {
824 if (!lwork)
825 return;
826 os_free(lwork);
827 }
828
829
830 static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
831 {
832 struct wpas_dpp_listen_work *lwork;
833
834 if (!wpa_s->dpp_listen_work)
835 return;
836
837 lwork = wpa_s->dpp_listen_work->ctx;
838 wpas_dpp_listen_work_free(lwork);
839 radio_work_done(wpa_s->dpp_listen_work);
840 wpa_s->dpp_listen_work = NULL;
841 }
842
843
844 static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
845 {
846 struct wpa_supplicant *wpa_s = work->wpa_s;
847 struct wpas_dpp_listen_work *lwork = work->ctx;
848
849 if (deinit) {
850 if (work->started) {
851 wpa_s->dpp_listen_work = NULL;
852 wpas_dpp_listen_stop(wpa_s);
853 }
854 wpas_dpp_listen_work_free(lwork);
855 return;
856 }
857
858 wpa_s->dpp_listen_work = work;
859
860 wpa_s->dpp_pending_listen_freq = lwork->freq;
861
862 if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
863 wpa_s->max_remain_on_chan) < 0) {
864 wpa_printf(MSG_DEBUG,
865 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
866 lwork->freq);
867 wpas_dpp_listen_work_done(wpa_s);
868 wpa_s->dpp_pending_listen_freq = 0;
869 return;
870 }
871 wpa_s->off_channel_freq = 0;
872 wpa_s->roc_waiting_drv_freq = lwork->freq;
873 }
874
875
876 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
877 unsigned int freq)
878 {
879 struct wpas_dpp_listen_work *lwork;
880
881 if (wpa_s->dpp_listen_work) {
882 wpa_printf(MSG_DEBUG,
883 "DPP: Reject start_listen since dpp_listen_work already exists");
884 return -1;
885 }
886
887 if (wpa_s->dpp_listen_freq)
888 wpas_dpp_listen_stop(wpa_s);
889 wpa_s->dpp_listen_freq = freq;
890
891 lwork = os_zalloc(sizeof(*lwork));
892 if (!lwork)
893 return -1;
894 lwork->freq = freq;
895
896 if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
897 lwork) < 0) {
898 wpas_dpp_listen_work_free(lwork);
899 return -1;
900 }
901
902 return 0;
903 }
904
905
906 int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
907 {
908 int freq;
909
910 freq = atoi(cmd);
911 if (freq <= 0)
912 return -1;
913
914 if (os_strstr(cmd, " role=configurator"))
915 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
916 else if (os_strstr(cmd, " role=enrollee"))
917 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
918 else
919 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
920 DPP_CAPAB_ENROLLEE;
921 wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
922 wpa_s->dpp_netrole_ap = os_strstr(cmd, " netrole=ap") != NULL;
923 if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
924 wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
925 freq);
926 return 0;
927 }
928
929 return wpas_dpp_listen_start(wpa_s, freq);
930 }
931
932
933 void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
934 {
935 if (!wpa_s->dpp_listen_freq)
936 return;
937
938 wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
939 wpa_s->dpp_listen_freq);
940 wpa_drv_cancel_remain_on_channel(wpa_s);
941 wpa_s->dpp_listen_freq = 0;
942 wpas_dpp_listen_work_done(wpa_s);
943 }
944
945
946 void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
947 unsigned int freq)
948 {
949 if (!wpa_s->dpp_listen_freq && !wpa_s->dpp_pending_listen_freq)
950 return;
951
952 wpa_printf(MSG_DEBUG,
953 "DPP: remain-on-channel callback (off_channel_freq=%u dpp_pending_listen_freq=%d roc_waiting_drv_freq=%d freq=%u)",
954 wpa_s->off_channel_freq, wpa_s->dpp_pending_listen_freq,
955 wpa_s->roc_waiting_drv_freq, freq);
956 if (wpa_s->off_channel_freq &&
957 wpa_s->off_channel_freq == wpa_s->dpp_pending_listen_freq) {
958 wpa_printf(MSG_DEBUG, "DPP: Listen on %u MHz started", freq);
959 wpa_s->dpp_pending_listen_freq = 0;
960 } else {
961 wpa_printf(MSG_DEBUG,
962 "DPP: Ignore remain-on-channel callback (off_channel_freq=%u dpp_pending_listen_freq=%d freq=%u)",
963 wpa_s->off_channel_freq,
964 wpa_s->dpp_pending_listen_freq, freq);
965 }
966 }
967
968
969 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
970 unsigned int freq)
971 {
972 wpas_dpp_listen_work_done(wpa_s);
973
974 if (wpa_s->dpp_auth && !wpa_s->dpp_gas_client) {
975 /* Continue listen with a new remain-on-channel */
976 wpa_printf(MSG_DEBUG,
977 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
978 wpa_s->dpp_auth->curr_freq);
979 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->curr_freq);
980 return;
981 }
982
983 if (wpa_s->dpp_listen_freq) {
984 /* Continue listen with a new remain-on-channel */
985 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
986 }
987 }
988
989
990 static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
991 const u8 *hdr, const u8 *buf, size_t len,
992 unsigned int freq)
993 {
994 const u8 *r_bootstrap, *i_bootstrap;
995 u16 r_bootstrap_len, i_bootstrap_len;
996 struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
997
998 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
999 MAC2STR(src));
1000
1001 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
1002 &r_bootstrap_len);
1003 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
1004 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1005 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
1006 return;
1007 }
1008 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
1009 r_bootstrap, r_bootstrap_len);
1010
1011 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
1012 &i_bootstrap_len);
1013 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
1014 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1015 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
1016 return;
1017 }
1018 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
1019 i_bootstrap, i_bootstrap_len);
1020
1021 /* Try to find own and peer bootstrapping key matches based on the
1022 * received hash values */
1023 dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info,
1024 list) {
1025 if (!own_bi && bi->own &&
1026 os_memcmp(bi->pubkey_hash, r_bootstrap,
1027 SHA256_MAC_LEN) == 0) {
1028 wpa_printf(MSG_DEBUG,
1029 "DPP: Found matching own bootstrapping information");
1030 own_bi = bi;
1031 }
1032
1033 if (!peer_bi && !bi->own &&
1034 os_memcmp(bi->pubkey_hash, i_bootstrap,
1035 SHA256_MAC_LEN) == 0) {
1036 wpa_printf(MSG_DEBUG,
1037 "DPP: Found matching peer bootstrapping information");
1038 peer_bi = bi;
1039 }
1040
1041 if (own_bi && peer_bi)
1042 break;
1043 }
1044
1045 if (!own_bi) {
1046 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1047 "No matching own bootstrapping key found - ignore message");
1048 return;
1049 }
1050
1051 if (wpa_s->dpp_auth) {
1052 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1053 "Already in DPP authentication exchange - ignore new one");
1054 return;
1055 }
1056
1057 wpa_s->dpp_gas_client = 0;
1058 wpa_s->dpp_auth_ok_on_ack = 0;
1059 wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles,
1060 wpa_s->dpp_qr_mutual,
1061 peer_bi, own_bi, freq, hdr, buf, len);
1062 if (!wpa_s->dpp_auth) {
1063 wpa_printf(MSG_DEBUG, "DPP: No response generated");
1064 return;
1065 }
1066 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
1067 wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth,
1068 wpa_s->dpp_configurator_params);
1069 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
1070
1071 if (wpa_s->dpp_listen_freq &&
1072 wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) {
1073 wpa_printf(MSG_DEBUG,
1074 "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
1075 wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq);
1076 wpas_dpp_listen_stop(wpa_s);
1077 }
1078
1079 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1080 MAC2STR(src), wpa_s->dpp_auth->curr_freq,
1081 DPP_PA_AUTHENTICATION_RESP);
1082 offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
1083 src, wpa_s->own_addr, broadcast,
1084 wpabuf_head(wpa_s->dpp_auth->resp_msg),
1085 wpabuf_len(wpa_s->dpp_auth->resp_msg),
1086 500, wpas_dpp_tx_status, 0);
1087 }
1088
1089
1090 static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
1091 {
1092 /* TODO: stop wait and start ROC */
1093 }
1094
1095
1096 static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
1097 struct dpp_authentication *auth)
1098 {
1099 struct wpa_ssid *ssid;
1100
1101 ssid = wpa_config_add_network(wpa_s->conf);
1102 if (!ssid)
1103 return NULL;
1104 wpas_notify_network_added(wpa_s, ssid);
1105 wpa_config_set_network_defaults(ssid);
1106 ssid->disabled = 1;
1107
1108 ssid->ssid = os_malloc(auth->ssid_len);
1109 if (!ssid->ssid)
1110 goto fail;
1111 os_memcpy(ssid->ssid, auth->ssid, auth->ssid_len);
1112 ssid->ssid_len = auth->ssid_len;
1113
1114 if (auth->connector) {
1115 ssid->key_mgmt = WPA_KEY_MGMT_DPP;
1116 ssid->ieee80211w = 1;
1117 ssid->dpp_connector = os_strdup(auth->connector);
1118 if (!ssid->dpp_connector)
1119 goto fail;
1120 }
1121
1122 if (auth->c_sign_key) {
1123 ssid->dpp_csign = os_malloc(wpabuf_len(auth->c_sign_key));
1124 if (!ssid->dpp_csign)
1125 goto fail;
1126 os_memcpy(ssid->dpp_csign, wpabuf_head(auth->c_sign_key),
1127 wpabuf_len(auth->c_sign_key));
1128 ssid->dpp_csign_len = wpabuf_len(auth->c_sign_key);
1129 }
1130
1131 if (auth->net_access_key) {
1132 ssid->dpp_netaccesskey =
1133 os_malloc(wpabuf_len(auth->net_access_key));
1134 if (!ssid->dpp_netaccesskey)
1135 goto fail;
1136 os_memcpy(ssid->dpp_netaccesskey,
1137 wpabuf_head(auth->net_access_key),
1138 wpabuf_len(auth->net_access_key));
1139 ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key);
1140 ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry;
1141 }
1142
1143 if (!auth->connector) {
1144 ssid->key_mgmt = 0;
1145 if (auth->akm == DPP_AKM_PSK || auth->akm == DPP_AKM_PSK_SAE)
1146 ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
1147 WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK;
1148 if (auth->akm == DPP_AKM_SAE || auth->akm == DPP_AKM_PSK_SAE)
1149 ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
1150 WPA_KEY_MGMT_FT_SAE;
1151 ssid->ieee80211w = 1;
1152 if (auth->passphrase[0]) {
1153 if (wpa_config_set_quoted(ssid, "psk",
1154 auth->passphrase) < 0)
1155 goto fail;
1156 wpa_config_update_psk(ssid);
1157 ssid->export_keys = 1;
1158 } else {
1159 ssid->psk_set = auth->psk_set;
1160 os_memcpy(ssid->psk, auth->psk, PMK_LEN);
1161 }
1162 }
1163
1164 return ssid;
1165 fail:
1166 wpas_notify_network_removed(wpa_s, ssid);
1167 wpa_config_remove_network(wpa_s->conf, ssid->id);
1168 return NULL;
1169 }
1170
1171
1172 static void wpas_dpp_process_config(struct wpa_supplicant *wpa_s,
1173 struct dpp_authentication *auth)
1174 {
1175 struct wpa_ssid *ssid;
1176
1177 if (wpa_s->conf->dpp_config_processing < 1)
1178 return;
1179
1180 ssid = wpas_dpp_add_network(wpa_s, auth);
1181 if (!ssid)
1182 return;
1183
1184 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id);
1185 if (wpa_s->conf->dpp_config_processing < 2)
1186 return;
1187
1188 wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network");
1189 ssid->disabled = 0;
1190 wpa_s->disconnected = 0;
1191 wpa_s->reassociate = 1;
1192 wpa_s->scan_runs = 0;
1193 wpa_s->normal_scans = 0;
1194 wpa_supplicant_cancel_sched_scan(wpa_s);
1195 wpa_supplicant_req_scan(wpa_s, 0, 0);
1196 }
1197
1198
1199 static void wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
1200 struct dpp_authentication *auth)
1201 {
1202 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1203 if (auth->ssid_len)
1204 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
1205 wpa_ssid_txt(auth->ssid, auth->ssid_len));
1206 if (auth->connector) {
1207 /* TODO: Save the Connector and consider using a command
1208 * to fetch the value instead of sending an event with
1209 * it. The Connector could end up being larger than what
1210 * most clients are ready to receive as an event
1211 * message. */
1212 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
1213 auth->connector);
1214 }
1215 if (auth->c_sign_key) {
1216 char *hex;
1217 size_t hexlen;
1218
1219 hexlen = 2 * wpabuf_len(auth->c_sign_key) + 1;
1220 hex = os_malloc(hexlen);
1221 if (hex) {
1222 wpa_snprintf_hex(hex, hexlen,
1223 wpabuf_head(auth->c_sign_key),
1224 wpabuf_len(auth->c_sign_key));
1225 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
1226 hex);
1227 os_free(hex);
1228 }
1229 }
1230 if (auth->net_access_key) {
1231 char *hex;
1232 size_t hexlen;
1233
1234 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
1235 hex = os_malloc(hexlen);
1236 if (hex) {
1237 wpa_snprintf_hex(hex, hexlen,
1238 wpabuf_head(auth->net_access_key),
1239 wpabuf_len(auth->net_access_key));
1240 if (auth->net_access_key_expiry)
1241 wpa_msg(wpa_s, MSG_INFO,
1242 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
1243 (long unsigned)
1244 auth->net_access_key_expiry);
1245 else
1246 wpa_msg(wpa_s, MSG_INFO,
1247 DPP_EVENT_NET_ACCESS_KEY "%s", hex);
1248 os_free(hex);
1249 }
1250 }
1251
1252 wpas_dpp_process_config(wpa_s, auth);
1253 }
1254
1255
1256 static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
1257 enum gas_query_result result,
1258 const struct wpabuf *adv_proto,
1259 const struct wpabuf *resp, u16 status_code)
1260 {
1261 struct wpa_supplicant *wpa_s = ctx;
1262 const u8 *pos;
1263 struct dpp_authentication *auth = wpa_s->dpp_auth;
1264
1265 if (!auth || !auth->auth_success) {
1266 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1267 return;
1268 }
1269 if (!resp || status_code != WLAN_STATUS_SUCCESS) {
1270 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
1271 goto fail;
1272 }
1273
1274 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
1275 adv_proto);
1276 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
1277 resp);
1278
1279 if (wpabuf_len(adv_proto) != 10 ||
1280 !(pos = wpabuf_head(adv_proto)) ||
1281 pos[0] != WLAN_EID_ADV_PROTO ||
1282 pos[1] != 8 ||
1283 pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
1284 pos[4] != 5 ||
1285 WPA_GET_BE24(&pos[5]) != OUI_WFA ||
1286 pos[8] != 0x1a ||
1287 pos[9] != 1) {
1288 wpa_printf(MSG_DEBUG,
1289 "DPP: Not a DPP Advertisement Protocol ID");
1290 goto fail;
1291 }
1292
1293 if (dpp_conf_resp_rx(auth, resp) < 0) {
1294 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
1295 goto fail;
1296 }
1297
1298 wpas_dpp_handle_config_obj(wpa_s, auth);
1299 dpp_auth_deinit(wpa_s->dpp_auth);
1300 wpa_s->dpp_auth = NULL;
1301 return;
1302
1303 fail:
1304 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1305 dpp_auth_deinit(wpa_s->dpp_auth);
1306 wpa_s->dpp_auth = NULL;
1307 }
1308
1309
1310 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
1311 {
1312 struct dpp_authentication *auth = wpa_s->dpp_auth;
1313 struct wpabuf *buf, *conf_req;
1314 char json[100];
1315 int res;
1316
1317 wpa_s->dpp_gas_client = 1;
1318 os_snprintf(json, sizeof(json),
1319 "{\"name\":\"Test\","
1320 "\"wi-fi_tech\":\"infra\","
1321 "\"netRole\":\"%s\"}",
1322 wpa_s->dpp_netrole_ap ? "ap" : "sta");
1323 #ifdef CONFIG_TESTING_OPTIONS
1324 if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) {
1325 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr");
1326 json[29] = 'k'; /* replace "infra" with "knfra" */
1327 }
1328 #endif /* CONFIG_TESTING_OPTIONS */
1329 wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json);
1330
1331 offchannel_send_action_done(wpa_s);
1332 wpas_dpp_listen_stop(wpa_s);
1333
1334 conf_req = dpp_build_conf_req(auth, json);
1335 if (!conf_req) {
1336 wpa_printf(MSG_DEBUG,
1337 "DPP: No configuration request data available");
1338 return;
1339 }
1340
1341 buf = gas_build_initial_req(0, 10 + 2 + wpabuf_len(conf_req));
1342 if (!buf) {
1343 wpabuf_free(conf_req);
1344 return;
1345 }
1346
1347 /* Advertisement Protocol IE */
1348 wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO);
1349 wpabuf_put_u8(buf, 8); /* Length */
1350 wpabuf_put_u8(buf, 0x7f);
1351 wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
1352 wpabuf_put_u8(buf, 5);
1353 wpabuf_put_be24(buf, OUI_WFA);
1354 wpabuf_put_u8(buf, DPP_OUI_TYPE);
1355 wpabuf_put_u8(buf, 0x01);
1356
1357 /* GAS Query */
1358 wpabuf_put_le16(buf, wpabuf_len(conf_req));
1359 wpabuf_put_buf(buf, conf_req);
1360 wpabuf_free(conf_req);
1361
1362 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
1363 MAC2STR(auth->peer_mac_addr), auth->curr_freq);
1364
1365 res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
1366 buf, wpas_dpp_gas_resp_cb, wpa_s);
1367 if (res < 0) {
1368 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
1369 wpabuf_free(buf);
1370 } else {
1371 wpa_printf(MSG_DEBUG,
1372 "DPP: GAS query started with dialog token %u", res);
1373 }
1374 }
1375
1376
1377 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
1378 {
1379 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
1380 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d", initiator);
1381
1382 if (wpa_s->dpp_auth->configurator)
1383 wpas_dpp_start_gas_server(wpa_s);
1384 else
1385 wpas_dpp_start_gas_client(wpa_s);
1386 }
1387
1388
1389 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1390 const u8 *hdr, const u8 *buf, size_t len,
1391 unsigned int freq)
1392 {
1393 struct dpp_authentication *auth = wpa_s->dpp_auth;
1394 struct wpabuf *msg;
1395
1396 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR
1397 " (freq %u MHz)", MAC2STR(src), freq);
1398
1399 if (!auth) {
1400 wpa_printf(MSG_DEBUG,
1401 "DPP: No DPP Authentication in progress - drop");
1402 return;
1403 }
1404
1405 if (!is_zero_ether_addr(auth->peer_mac_addr) &&
1406 os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1407 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1408 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1409 return;
1410 }
1411
1412 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
1413
1414 if (auth->curr_freq != freq && auth->neg_freq == freq) {
1415 wpa_printf(MSG_DEBUG,
1416 "DPP: Responder accepted request for different negotiation channel");
1417 auth->curr_freq = freq;
1418 }
1419
1420 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
1421 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
1422 if (!msg) {
1423 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
1424 wpa_printf(MSG_DEBUG,
1425 "DPP: Start wait for full response");
1426 offchannel_send_action_done(wpa_s);
1427 wpas_dpp_listen_start(wpa_s, auth->curr_freq);
1428 return;
1429 }
1430 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
1431 return;
1432 }
1433 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
1434
1435 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1436 MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF);
1437 offchannel_send_action(wpa_s, auth->curr_freq,
1438 src, wpa_s->own_addr, broadcast,
1439 wpabuf_head(msg), wpabuf_len(msg),
1440 500, wpas_dpp_tx_status, 0);
1441 wpabuf_free(msg);
1442 wpa_s->dpp_auth_ok_on_ack = 1;
1443 }
1444
1445
1446 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
1447 const u8 *hdr, const u8 *buf, size_t len)
1448 {
1449 struct dpp_authentication *auth = wpa_s->dpp_auth;
1450
1451 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
1452 MAC2STR(src));
1453
1454 if (!auth) {
1455 wpa_printf(MSG_DEBUG,
1456 "DPP: No DPP Authentication in progress - drop");
1457 return;
1458 }
1459
1460 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1461 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1462 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1463 return;
1464 }
1465
1466 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
1467 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
1468 return;
1469 }
1470
1471 wpas_dpp_auth_success(wpa_s, 0);
1472 }
1473
1474
1475 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
1476 const u8 *src,
1477 const u8 *buf, size_t len)
1478 {
1479 struct wpa_ssid *ssid;
1480 const u8 *connector, *trans_id, *status;
1481 u16 connector_len, trans_id_len, status_len;
1482 struct dpp_introduction intro;
1483 struct rsn_pmksa_cache_entry *entry;
1484 struct os_time now;
1485 struct os_reltime rnow;
1486 os_time_t expiry;
1487 unsigned int seconds;
1488 enum dpp_status_error res;
1489
1490 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
1491 MAC2STR(src));
1492 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
1493 os_memcmp(src, wpa_s->dpp_intro_bssid, ETH_ALEN) != 0) {
1494 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
1495 MACSTR " - drop", MAC2STR(src));
1496 return;
1497 }
1498 offchannel_send_action_done(wpa_s);
1499
1500 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1501 if (ssid == wpa_s->dpp_intro_network)
1502 break;
1503 }
1504 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
1505 !ssid->dpp_csign) {
1506 wpa_printf(MSG_DEBUG,
1507 "DPP: Profile not found for network introduction");
1508 return;
1509 }
1510
1511 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
1512 &trans_id_len);
1513 if (!trans_id || trans_id_len != 1) {
1514 wpa_printf(MSG_DEBUG,
1515 "DPP: Peer did not include Transaction ID");
1516 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1517 " fail=missing_transaction_id", MAC2STR(src));
1518 goto fail;
1519 }
1520 if (trans_id[0] != TRANSACTION_ID) {
1521 wpa_printf(MSG_DEBUG,
1522 "DPP: Ignore frame with unexpected Transaction ID %u",
1523 trans_id[0]);
1524 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1525 " fail=transaction_id_mismatch", MAC2STR(src));
1526 goto fail;
1527 }
1528
1529 status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len);
1530 if (!status || status_len != 1) {
1531 wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status");
1532 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1533 " fail=missing_status", MAC2STR(src));
1534 goto fail;
1535 }
1536 if (status[0] != DPP_STATUS_OK) {
1537 wpa_printf(MSG_DEBUG,
1538 "DPP: Peer rejected network introduction: Status %u",
1539 status[0]);
1540 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1541 " status=%u", MAC2STR(src), status[0]);
1542 goto fail;
1543 }
1544
1545 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
1546 if (!connector) {
1547 wpa_printf(MSG_DEBUG,
1548 "DPP: Peer did not include its Connector");
1549 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1550 " fail=missing_connector", MAC2STR(src));
1551 goto fail;
1552 }
1553
1554 res = dpp_peer_intro(&intro, ssid->dpp_connector,
1555 ssid->dpp_netaccesskey,
1556 ssid->dpp_netaccesskey_len,
1557 ssid->dpp_csign,
1558 ssid->dpp_csign_len,
1559 connector, connector_len, &expiry);
1560 if (res != DPP_STATUS_OK) {
1561 wpa_printf(MSG_INFO,
1562 "DPP: Network Introduction protocol resulted in failure");
1563 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1564 " fail=peer_connector_validation_failed", MAC2STR(src));
1565 goto fail;
1566 }
1567
1568 entry = os_zalloc(sizeof(*entry));
1569 if (!entry)
1570 goto fail;
1571 os_memcpy(entry->aa, src, ETH_ALEN);
1572 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
1573 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
1574 entry->pmk_len = intro.pmk_len;
1575 entry->akmp = WPA_KEY_MGMT_DPP;
1576 if (expiry) {
1577 os_get_time(&now);
1578 seconds = expiry - now.sec;
1579 } else {
1580 seconds = 86400 * 7;
1581 }
1582 os_get_reltime(&rnow);
1583 entry->expiration = rnow.sec + seconds;
1584 entry->reauth_time = rnow.sec + seconds;
1585 entry->network_ctx = ssid;
1586 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
1587
1588 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1589 " status=%u", MAC2STR(src), status[0]);
1590
1591 wpa_printf(MSG_DEBUG,
1592 "DPP: Try connection again after successful network introduction");
1593 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
1594 wpa_supplicant_cancel_sched_scan(wpa_s);
1595 wpa_supplicant_req_scan(wpa_s, 0, 0);
1596 }
1597 fail:
1598 os_memset(&intro, 0, sizeof(intro));
1599 }
1600
1601
1602 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx)
1603 {
1604 struct wpa_supplicant *wpa_s = eloop_ctx;
1605 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1606
1607 if (!pkex || !pkex->exchange_req)
1608 return;
1609 if (pkex->exch_req_tries >= 5) {
1610 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1611 "No response from PKEX peer");
1612 dpp_pkex_free(pkex);
1613 wpa_s->dpp_pkex = NULL;
1614 return;
1615 }
1616
1617 pkex->exch_req_tries++;
1618 wpa_printf(MSG_DEBUG, "DPP: Retransmit PKEX Exchange Request (try %u)",
1619 pkex->exch_req_tries);
1620 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1621 MAC2STR(broadcast), pkex->freq, DPP_PA_PKEX_EXCHANGE_REQ);
1622 offchannel_send_action(wpa_s, pkex->freq, broadcast,
1623 wpa_s->own_addr, broadcast,
1624 wpabuf_head(pkex->exchange_req),
1625 wpabuf_len(pkex->exchange_req),
1626 pkex->exch_req_wait_time,
1627 wpas_dpp_tx_pkex_status, 0);
1628 }
1629
1630
1631 static void
1632 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
1633 unsigned int freq, const u8 *dst,
1634 const u8 *src, const u8 *bssid,
1635 const u8 *data, size_t data_len,
1636 enum offchannel_send_action_result result)
1637 {
1638 const char *res_txt;
1639 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1640
1641 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
1642 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
1643 "FAILED");
1644 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
1645 " result=%s (PKEX)",
1646 freq, MAC2STR(dst), res_txt);
1647 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
1648 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
1649
1650 if (!pkex) {
1651 wpa_printf(MSG_DEBUG,
1652 "DPP: Ignore TX status since there is no ongoing PKEX exchange");
1653 return;
1654 }
1655
1656 if (pkex->failed) {
1657 wpa_printf(MSG_DEBUG,
1658 "DPP: Terminate PKEX exchange due to an earlier error");
1659 if (pkex->t > pkex->own_bi->pkex_t)
1660 pkex->own_bi->pkex_t = pkex->t;
1661 dpp_pkex_free(pkex);
1662 wpa_s->dpp_pkex = NULL;
1663 return;
1664 }
1665
1666 if (pkex->exch_req_wait_time && pkex->exchange_req) {
1667 /* Wait for PKEX Exchange Response frame and retry request if
1668 * no response is seen. */
1669 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
1670 eloop_register_timeout(pkex->exch_req_wait_time / 1000,
1671 (pkex->exch_req_wait_time % 1000) * 1000,
1672 wpas_dpp_pkex_retry_timeout, wpa_s,
1673 NULL);
1674 }
1675 }
1676
1677
1678 static void
1679 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
1680 const u8 *buf, size_t len, unsigned int freq)
1681 {
1682 struct wpabuf *msg;
1683 unsigned int wait_time;
1684
1685 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
1686 MAC2STR(src));
1687
1688 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1689 * values here */
1690
1691 if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) {
1692 wpa_printf(MSG_DEBUG,
1693 "DPP: No PKEX code configured - ignore request");
1694 return;
1695 }
1696
1697 if (wpa_s->dpp_pkex) {
1698 /* TODO: Support parallel operations */
1699 wpa_printf(MSG_DEBUG,
1700 "DPP: Already in PKEX session - ignore new request");
1701 return;
1702 }
1703
1704 wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi,
1705 wpa_s->own_addr, src,
1706 wpa_s->dpp_pkex_identifier,
1707 wpa_s->dpp_pkex_code,
1708 buf, len);
1709 if (!wpa_s->dpp_pkex) {
1710 wpa_printf(MSG_DEBUG,
1711 "DPP: Failed to process the request - ignore it");
1712 return;
1713 }
1714
1715 msg = wpa_s->dpp_pkex->exchange_resp;
1716 wait_time = wpa_s->max_remain_on_chan;
1717 if (wait_time > 2000)
1718 wait_time = 2000;
1719 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1720 MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP);
1721 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1722 broadcast,
1723 wpabuf_head(msg), wpabuf_len(msg),
1724 wait_time, wpas_dpp_tx_pkex_status, 0);
1725 }
1726
1727
1728 static void
1729 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1730 const u8 *buf, size_t len, unsigned int freq)
1731 {
1732 struct wpabuf *msg;
1733 unsigned int wait_time;
1734
1735 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
1736 MAC2STR(src));
1737
1738 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1739 * values here */
1740
1741 if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator ||
1742 wpa_s->dpp_pkex->exchange_done) {
1743 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1744 return;
1745 }
1746
1747 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
1748 wpa_s->dpp_pkex->exch_req_wait_time = 0;
1749
1750 os_memcpy(wpa_s->dpp_pkex->peer_mac, src, ETH_ALEN);
1751 msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, buf, len);
1752 if (!msg) {
1753 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1754 return;
1755 }
1756
1757 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
1758 MAC2STR(src));
1759
1760 wait_time = wpa_s->max_remain_on_chan;
1761 if (wait_time > 2000)
1762 wait_time = 2000;
1763 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1764 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ);
1765 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1766 broadcast,
1767 wpabuf_head(msg), wpabuf_len(msg),
1768 wait_time, wpas_dpp_tx_pkex_status, 0);
1769 wpabuf_free(msg);
1770 }
1771
1772
1773 static struct dpp_bootstrap_info *
1774 wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer,
1775 unsigned int freq)
1776 {
1777 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1778 struct dpp_bootstrap_info *bi;
1779
1780 bi = os_zalloc(sizeof(*bi));
1781 if (!bi)
1782 return NULL;
1783 bi->id = wpas_dpp_next_id(wpa_s);
1784 bi->type = DPP_BOOTSTRAP_PKEX;
1785 os_memcpy(bi->mac_addr, peer, ETH_ALEN);
1786 bi->num_freq = 1;
1787 bi->freq[0] = freq;
1788 bi->curve = pkex->own_bi->curve;
1789 bi->pubkey = pkex->peer_bootstrap_key;
1790 pkex->peer_bootstrap_key = NULL;
1791 dpp_pkex_free(pkex);
1792 wpa_s->dpp_pkex = NULL;
1793 if (dpp_bootstrap_key_hash(bi) < 0) {
1794 dpp_bootstrap_info_free(bi);
1795 return NULL;
1796 }
1797 dl_list_add(&wpa_s->dpp_bootstrap, &bi->list);
1798 return bi;
1799 }
1800
1801
1802 static void
1803 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
1804 const u8 *hdr, const u8 *buf, size_t len,
1805 unsigned int freq)
1806 {
1807 struct wpabuf *msg;
1808 unsigned int wait_time;
1809 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1810
1811 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
1812 MAC2STR(src));
1813
1814 if (!pkex || pkex->initiator || !pkex->exchange_done) {
1815 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1816 return;
1817 }
1818
1819 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
1820 if (!msg) {
1821 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
1822 if (pkex->failed) {
1823 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
1824 if (pkex->t > pkex->own_bi->pkex_t)
1825 pkex->own_bi->pkex_t = pkex->t;
1826 dpp_pkex_free(wpa_s->dpp_pkex);
1827 wpa_s->dpp_pkex = NULL;
1828 }
1829 return;
1830 }
1831
1832 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
1833 MACSTR, MAC2STR(src));
1834
1835 wait_time = wpa_s->max_remain_on_chan;
1836 if (wait_time > 2000)
1837 wait_time = 2000;
1838 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1839 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP);
1840 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1841 broadcast,
1842 wpabuf_head(msg), wpabuf_len(msg),
1843 wait_time, wpas_dpp_tx_pkex_status, 0);
1844 wpabuf_free(msg);
1845
1846 wpas_dpp_pkex_finish(wpa_s, src, freq);
1847 }
1848
1849
1850 static void
1851 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1852 const u8 *hdr, const u8 *buf, size_t len,
1853 unsigned int freq)
1854 {
1855 int res;
1856 struct dpp_bootstrap_info *bi;
1857 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1858 char cmd[500];
1859
1860 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
1861 MAC2STR(src));
1862
1863 if (!pkex || !pkex->initiator || !pkex->exchange_done) {
1864 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1865 return;
1866 }
1867
1868 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
1869 if (res < 0) {
1870 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1871 return;
1872 }
1873
1874 bi = wpas_dpp_pkex_finish(wpa_s, src, freq);
1875 if (!bi)
1876 return;
1877
1878 os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
1879 bi->id,
1880 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
1881 wpa_printf(MSG_DEBUG,
1882 "DPP: Start authentication after PKEX with parameters: %s",
1883 cmd);
1884 if (wpas_dpp_auth_init(wpa_s, cmd) < 0) {
1885 wpa_printf(MSG_DEBUG,
1886 "DPP: Authentication initialization failed");
1887 return;
1888 }
1889 }
1890
1891
1892 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
1893 const u8 *buf, size_t len, unsigned int freq)
1894 {
1895 u8 crypto_suite;
1896 enum dpp_public_action_frame_type type;
1897 const u8 *hdr;
1898 unsigned int pkex_t;
1899
1900 if (len < DPP_HDR_LEN)
1901 return;
1902 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
1903 return;
1904 hdr = buf;
1905 buf += 4;
1906 len -= 4;
1907 crypto_suite = *buf++;
1908 type = *buf++;
1909 len -= 2;
1910
1911 wpa_printf(MSG_DEBUG,
1912 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
1913 MACSTR " freq=%u",
1914 crypto_suite, type, MAC2STR(src), freq);
1915 if (crypto_suite != 1) {
1916 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
1917 crypto_suite);
1918 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
1919 " freq=%u type=%d ignore=unsupported-crypto-suite",
1920 MAC2STR(src), freq, type);
1921 return;
1922 }
1923 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
1924 if (dpp_check_attrs(buf, len) < 0) {
1925 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
1926 " freq=%u type=%d ignore=invalid-attributes",
1927 MAC2STR(src), freq, type);
1928 return;
1929 }
1930 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d",
1931 MAC2STR(src), freq, type);
1932
1933 switch (type) {
1934 case DPP_PA_AUTHENTICATION_REQ:
1935 wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
1936 break;
1937 case DPP_PA_AUTHENTICATION_RESP:
1938 wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq);
1939 break;
1940 case DPP_PA_AUTHENTICATION_CONF:
1941 wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
1942 break;
1943 case DPP_PA_PEER_DISCOVERY_RESP:
1944 wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
1945 break;
1946 case DPP_PA_PKEX_EXCHANGE_REQ:
1947 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq);
1948 break;
1949 case DPP_PA_PKEX_EXCHANGE_RESP:
1950 wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
1951 break;
1952 case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
1953 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
1954 freq);
1955 break;
1956 case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
1957 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
1958 freq);
1959 break;
1960 default:
1961 wpa_printf(MSG_DEBUG,
1962 "DPP: Ignored unsupported frame subtype %d", type);
1963 break;
1964 }
1965
1966 if (wpa_s->dpp_pkex)
1967 pkex_t = wpa_s->dpp_pkex->t;
1968 else if (wpa_s->dpp_pkex_bi)
1969 pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
1970 else
1971 pkex_t = 0;
1972 if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
1973 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
1974 wpas_dpp_pkex_remove(wpa_s, "*");
1975 }
1976 }
1977
1978
1979 static struct wpabuf *
1980 wpas_dpp_gas_req_handler(void *ctx, const u8 *sa, const u8 *query,
1981 size_t query_len)
1982 {
1983 struct wpa_supplicant *wpa_s = ctx;
1984 struct dpp_authentication *auth = wpa_s->dpp_auth;
1985 struct wpabuf *resp;
1986
1987 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
1988 MAC2STR(sa));
1989 if (!auth || !auth->auth_success ||
1990 os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) {
1991 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1992 return NULL;
1993 }
1994 wpa_hexdump(MSG_DEBUG,
1995 "DPP: Received Configuration Request (GAS Query Request)",
1996 query, query_len);
1997 resp = dpp_conf_req_rx(auth, query, query_len);
1998 if (!resp)
1999 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2000 return resp;
2001 }
2002
2003
2004 static void
2005 wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
2006 {
2007 struct wpa_supplicant *wpa_s = ctx;
2008 struct dpp_authentication *auth = wpa_s->dpp_auth;
2009
2010 if (!auth) {
2011 wpabuf_free(resp);
2012 return;
2013 }
2014
2015 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
2016 ok);
2017 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
2018 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
2019 offchannel_send_action_done(wpa_s);
2020 wpas_dpp_listen_stop(wpa_s);
2021 if (ok)
2022 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
2023 else
2024 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2025 dpp_auth_deinit(wpa_s->dpp_auth);
2026 wpa_s->dpp_auth = NULL;
2027 wpabuf_free(resp);
2028 }
2029
2030
2031 static unsigned int wpas_dpp_next_configurator_id(struct wpa_supplicant *wpa_s)
2032 {
2033 struct dpp_configurator *conf;
2034 unsigned int max_id = 0;
2035
2036 dl_list_for_each(conf, &wpa_s->dpp_configurator,
2037 struct dpp_configurator, list) {
2038 if (conf->id > max_id)
2039 max_id = conf->id;
2040 }
2041 return max_id + 1;
2042 }
2043
2044
2045 int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd)
2046 {
2047 char *curve = NULL;
2048 char *key = NULL;
2049 u8 *privkey = NULL;
2050 size_t privkey_len = 0;
2051 int ret = -1;
2052 struct dpp_configurator *conf = NULL;
2053
2054 curve = get_param(cmd, " curve=");
2055 key = get_param(cmd, " key=");
2056
2057 if (key) {
2058 privkey_len = os_strlen(key) / 2;
2059 privkey = os_malloc(privkey_len);
2060 if (!privkey ||
2061 hexstr2bin(key, privkey, privkey_len) < 0)
2062 goto fail;
2063 }
2064
2065 conf = dpp_keygen_configurator(curve, privkey, privkey_len);
2066 if (!conf)
2067 goto fail;
2068
2069 conf->id = wpas_dpp_next_configurator_id(wpa_s);
2070 dl_list_add(&wpa_s->dpp_configurator, &conf->list);
2071 ret = conf->id;
2072 conf = NULL;
2073 fail:
2074 os_free(curve);
2075 str_clear_free(key);
2076 bin_clear_free(privkey, privkey_len);
2077 dpp_configurator_free(conf);
2078 return ret;
2079 }
2080
2081
2082 static int dpp_configurator_del(struct wpa_supplicant *wpa_s, unsigned int id)
2083 {
2084 struct dpp_configurator *conf, *tmp;
2085 int found = 0;
2086
2087 dl_list_for_each_safe(conf, tmp, &wpa_s->dpp_configurator,
2088 struct dpp_configurator, list) {
2089 if (id && conf->id != id)
2090 continue;
2091 found = 1;
2092 dl_list_del(&conf->list);
2093 dpp_configurator_free(conf);
2094 }
2095
2096 if (id == 0)
2097 return 0; /* flush succeeds regardless of entries found */
2098 return found ? 0 : -1;
2099 }
2100
2101
2102 int wpas_dpp_configurator_remove(struct wpa_supplicant *wpa_s, const char *id)
2103 {
2104 unsigned int id_val;
2105
2106 if (os_strcmp(id, "*") == 0) {
2107 id_val = 0;
2108 } else {
2109 id_val = atoi(id);
2110 if (id_val == 0)
2111 return -1;
2112 }
2113
2114 return dpp_configurator_del(wpa_s, id_val);
2115 }
2116
2117
2118 int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
2119 {
2120 struct dpp_authentication *auth;
2121 int ret = -1;
2122 char *curve = NULL;
2123
2124 auth = os_zalloc(sizeof(*auth));
2125 if (!auth)
2126 return -1;
2127
2128 curve = get_param(cmd, " curve=");
2129 wpas_dpp_set_configurator(wpa_s, auth, cmd);
2130
2131 if (dpp_configurator_own_config(auth, curve) == 0) {
2132 wpas_dpp_handle_config_obj(wpa_s, auth);
2133 ret = 0;
2134 }
2135
2136 dpp_auth_deinit(auth);
2137 os_free(curve);
2138
2139 return ret;
2140 }
2141
2142
2143 static void
2144 wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
2145 unsigned int freq, const u8 *dst,
2146 const u8 *src, const u8 *bssid,
2147 const u8 *data, size_t data_len,
2148 enum offchannel_send_action_result result)
2149 {
2150 const char *res_txt;
2151
2152 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
2153 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
2154 "FAILED");
2155 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
2156 " result=%s (DPP Peer Discovery Request)",
2157 freq, MAC2STR(dst), res_txt);
2158 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
2159 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
2160 /* TODO: Time out wait for response more quickly in error cases? */
2161 }
2162
2163
2164 int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2165 struct wpa_bss *bss)
2166 {
2167 struct os_time now;
2168 struct wpabuf *msg;
2169 unsigned int wait_time;
2170
2171 if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
2172 return 0; /* Not using DPP AKM - continue */
2173 if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid))
2174 return 0; /* PMKSA exists for DPP AKM - continue */
2175
2176 if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2177 !ssid->dpp_csign) {
2178 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
2179 "missing %s",
2180 !ssid->dpp_connector ? "Connector" :
2181 (!ssid->dpp_netaccesskey ? "netAccessKey" :
2182 "C-sign-key"));
2183 return -1;
2184 }
2185
2186 os_get_time(&now);
2187
2188 if (ssid->dpp_netaccesskey_expiry &&
2189 ssid->dpp_netaccesskey_expiry < now.sec) {
2190 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
2191 "netAccessKey expired");
2192 return -1;
2193 }
2194
2195 wpa_printf(MSG_DEBUG,
2196 "DPP: Starting network introduction protocol to derive PMKSA for "
2197 MACSTR, MAC2STR(bss->bssid));
2198
2199 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ,
2200 5 + 4 + os_strlen(ssid->dpp_connector));
2201 if (!msg)
2202 return -1;
2203
2204 #ifdef CONFIG_TESTING_OPTIONS
2205 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) {
2206 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
2207 goto skip_trans_id;
2208 }
2209 #endif /* CONFIG_TESTING_OPTIONS */
2210
2211 /* Transaction ID */
2212 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
2213 wpabuf_put_le16(msg, 1);
2214 wpabuf_put_u8(msg, TRANSACTION_ID);
2215
2216 #ifdef CONFIG_TESTING_OPTIONS
2217 skip_trans_id:
2218 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) {
2219 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
2220 goto skip_connector;
2221 }
2222 if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
2223 char *connector;
2224
2225 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
2226 connector = dpp_corrupt_connector_signature(
2227 ssid->dpp_connector);
2228 if (!connector) {
2229 wpabuf_free(msg);
2230 return -1;
2231 }
2232 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
2233 wpabuf_put_le16(msg, os_strlen(connector));
2234 wpabuf_put_str(msg, connector);
2235 os_free(connector);
2236 goto skip_connector;
2237 }
2238 #endif /* CONFIG_TESTING_OPTIONS */
2239
2240 /* DPP Connector */
2241 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
2242 wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
2243 wpabuf_put_str(msg, ssid->dpp_connector);
2244
2245 #ifdef CONFIG_TESTING_OPTIONS
2246 skip_connector:
2247 #endif /* CONFIG_TESTING_OPTIONS */
2248
2249 /* TODO: Timeout on AP response */
2250 wait_time = wpa_s->max_remain_on_chan;
2251 if (wait_time > 2000)
2252 wait_time = 2000;
2253 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2254 MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ);
2255 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
2256 broadcast,
2257 wpabuf_head(msg), wpabuf_len(msg),
2258 wait_time, wpas_dpp_tx_introduction_status, 0);
2259 wpabuf_free(msg);
2260
2261 /* Request this connection attempt to terminate - new one will be
2262 * started when network introduction protocol completes */
2263 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
2264 wpa_s->dpp_intro_network = ssid;
2265 return 1;
2266 }
2267
2268
2269 int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
2270 {
2271 struct dpp_bootstrap_info *own_bi;
2272 const char *pos, *end;
2273 unsigned int wait_time;
2274
2275 pos = os_strstr(cmd, " own=");
2276 if (!pos)
2277 return -1;
2278 pos += 5;
2279 own_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos));
2280 if (!own_bi) {
2281 wpa_printf(MSG_DEBUG,
2282 "DPP: Identified bootstrap info not found");
2283 return -1;
2284 }
2285 if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
2286 wpa_printf(MSG_DEBUG,
2287 "DPP: Identified bootstrap info not for PKEX");
2288 return -1;
2289 }
2290 wpa_s->dpp_pkex_bi = own_bi;
2291 own_bi->pkex_t = 0; /* clear pending errors on new code */
2292
2293 os_free(wpa_s->dpp_pkex_identifier);
2294 wpa_s->dpp_pkex_identifier = NULL;
2295 pos = os_strstr(cmd, " identifier=");
2296 if (pos) {
2297 pos += 12;
2298 end = os_strchr(pos, ' ');
2299 if (!end)
2300 return -1;
2301 wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1);
2302 if (!wpa_s->dpp_pkex_identifier)
2303 return -1;
2304 os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos);
2305 wpa_s->dpp_pkex_identifier[end - pos] = '\0';
2306 }
2307
2308 pos = os_strstr(cmd, " code=");
2309 if (!pos)
2310 return -1;
2311 os_free(wpa_s->dpp_pkex_code);
2312 wpa_s->dpp_pkex_code = os_strdup(pos + 6);
2313 if (!wpa_s->dpp_pkex_code)
2314 return -1;
2315
2316 if (os_strstr(cmd, " init=1")) {
2317 struct dpp_pkex *pkex;
2318 struct wpabuf *msg;
2319
2320 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEX");
2321 dpp_pkex_free(wpa_s->dpp_pkex);
2322 wpa_s->dpp_pkex = dpp_pkex_init(wpa_s, own_bi, wpa_s->own_addr,
2323 wpa_s->dpp_pkex_identifier,
2324 wpa_s->dpp_pkex_code);
2325 pkex = wpa_s->dpp_pkex;
2326 if (!pkex)
2327 return -1;
2328
2329 msg = pkex->exchange_req;
2330 wait_time = wpa_s->max_remain_on_chan;
2331 if (wait_time > 2000)
2332 wait_time = 2000;
2333 /* TODO: Support for 5 GHz channels */
2334 pkex->freq = 2437;
2335 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
2336 " freq=%u type=%d",
2337 MAC2STR(broadcast), pkex->freq,
2338 DPP_PA_PKEX_EXCHANGE_REQ);
2339 offchannel_send_action(wpa_s, pkex->freq, broadcast,
2340 wpa_s->own_addr, broadcast,
2341 wpabuf_head(msg), wpabuf_len(msg),
2342 wait_time, wpas_dpp_tx_pkex_status, 0);
2343 if (wait_time == 0)
2344 wait_time = 2000;
2345 pkex->exch_req_wait_time = wait_time;
2346 pkex->exch_req_tries = 1;
2347 }
2348
2349 /* TODO: Support multiple PKEX info entries */
2350
2351 os_free(wpa_s->dpp_pkex_auth_cmd);
2352 wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd);
2353
2354 return 1;
2355 }
2356
2357
2358 int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id)
2359 {
2360 unsigned int id_val;
2361
2362 if (os_strcmp(id, "*") == 0) {
2363 id_val = 0;
2364 } else {
2365 id_val = atoi(id);
2366 if (id_val == 0)
2367 return -1;
2368 }
2369
2370 if ((id_val != 0 && id_val != 1) || !wpa_s->dpp_pkex_code)
2371 return -1;
2372
2373 /* TODO: Support multiple PKEX entries */
2374 os_free(wpa_s->dpp_pkex_code);
2375 wpa_s->dpp_pkex_code = NULL;
2376 os_free(wpa_s->dpp_pkex_identifier);
2377 wpa_s->dpp_pkex_identifier = NULL;
2378 os_free(wpa_s->dpp_pkex_auth_cmd);
2379 wpa_s->dpp_pkex_auth_cmd = NULL;
2380 wpa_s->dpp_pkex_bi = NULL;
2381 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
2382 dpp_pkex_free(wpa_s->dpp_pkex);
2383 wpa_s->dpp_pkex = NULL;
2384 return 0;
2385 }
2386
2387
2388 void wpas_dpp_stop(struct wpa_supplicant *wpa_s)
2389 {
2390 dpp_auth_deinit(wpa_s->dpp_auth);
2391 wpa_s->dpp_auth = NULL;
2392 }
2393
2394
2395 int wpas_dpp_init(struct wpa_supplicant *wpa_s)
2396 {
2397 u8 adv_proto_id[7];
2398
2399 adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
2400 adv_proto_id[1] = 5;
2401 WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
2402 adv_proto_id[5] = DPP_OUI_TYPE;
2403 adv_proto_id[6] = 0x01;
2404
2405 if (gas_server_register(wpa_s->gas_server, adv_proto_id,
2406 sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
2407 wpas_dpp_gas_status_handler, wpa_s) < 0)
2408 return -1;
2409 dl_list_init(&wpa_s->dpp_bootstrap);
2410 dl_list_init(&wpa_s->dpp_configurator);
2411 wpa_s->dpp_init_done = 1;
2412 return 0;
2413 }
2414
2415
2416 void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
2417 {
2418 #ifdef CONFIG_TESTING_OPTIONS
2419 os_free(wpa_s->dpp_config_obj_override);
2420 wpa_s->dpp_config_obj_override = NULL;
2421 os_free(wpa_s->dpp_discovery_override);
2422 wpa_s->dpp_discovery_override = NULL;
2423 os_free(wpa_s->dpp_groups_override);
2424 wpa_s->dpp_groups_override = NULL;
2425 wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
2426 #endif /* CONFIG_TESTING_OPTIONS */
2427 if (!wpa_s->dpp_init_done)
2428 return;
2429 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
2430 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
2431 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
2432 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
2433 offchannel_send_action_done(wpa_s);
2434 wpas_dpp_listen_stop(wpa_s);
2435 dpp_bootstrap_del(wpa_s, 0);
2436 dpp_configurator_del(wpa_s, 0);
2437 dpp_auth_deinit(wpa_s->dpp_auth);
2438 wpa_s->dpp_auth = NULL;
2439 wpas_dpp_pkex_remove(wpa_s, "*");
2440 wpa_s->dpp_pkex = NULL;
2441 os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
2442 os_free(wpa_s->dpp_configurator_params);
2443 wpa_s->dpp_configurator_params = NULL;
2444 }
Unnamed repository; edit this file 'description' to name the repository.