]> git.ipfire.org Git - thirdparty/hostap.git/blob - wpa_supplicant/dpp_supplicant.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
DPP: Abort ongoing scan if connection status needs to be sent
[thirdparty/hostap.git] / wpa_supplicant / dpp_supplicant.c
1 /*
2 * wpa_supplicant - DPP
3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 * Copyright (c) 2018-2019, The Linux Foundation
5 *
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
8 */
9
10 #include "utils/includes.h"
11
12 #include "utils/common.h"
13 #include "utils/eloop.h"
14 #include "utils/ip_addr.h"
15 #include "common/dpp.h"
16 #include "common/gas.h"
17 #include "common/gas_server.h"
18 #include "rsn_supp/wpa.h"
19 #include "rsn_supp/pmksa_cache.h"
20 #include "wpa_supplicant_i.h"
21 #include "config.h"
22 #include "driver_i.h"
23 #include "offchannel.h"
24 #include "gas_query.h"
25 #include "bss.h"
26 #include "scan.h"
27 #include "notify.h"
28 #include "dpp_supplicant.h"
29
30
31 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
32 unsigned int freq);
33 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
34 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
35 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
36 unsigned int freq, const u8 *dst,
37 const u8 *src, const u8 *bssid,
38 const u8 *data, size_t data_len,
39 enum offchannel_send_action_result result);
40 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
41 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s);
42 static void
43 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
44 unsigned int freq, const u8 *dst,
45 const u8 *src, const u8 *bssid,
46 const u8 *data, size_t data_len,
47 enum offchannel_send_action_result result);
48
49 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
50
51 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
52 * a single transaction in progress at any point in time. */
53 static const u8 TRANSACTION_ID = 1;
54
55
56 /**
57 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
58 * @wpa_s: Pointer to wpa_supplicant data
59 * @cmd: DPP URI read from a QR Code
60 * Returns: Identifier of the stored info or -1 on failure
61 */
62 int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
63 {
64 struct dpp_bootstrap_info *bi;
65 struct dpp_authentication *auth = wpa_s->dpp_auth;
66
67 bi = dpp_add_qr_code(wpa_s->dpp, cmd);
68 if (!bi)
69 return -1;
70
71 if (auth && auth->response_pending &&
72 dpp_notify_new_qr_code(auth, bi) == 1) {
73 wpa_printf(MSG_DEBUG,
74 "DPP: Sending out pending authentication response");
75 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
76 " freq=%u type=%d",
77 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
78 DPP_PA_AUTHENTICATION_RESP);
79 offchannel_send_action(wpa_s, auth->curr_freq,
80 auth->peer_mac_addr, wpa_s->own_addr,
81 broadcast,
82 wpabuf_head(auth->resp_msg),
83 wpabuf_len(auth->resp_msg),
84 500, wpas_dpp_tx_status, 0);
85 }
86
87 return bi->id;
88 }
89
90
91 /**
92 * wpas_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI)
93 * @wpa_s: Pointer to wpa_supplicant data
94 * @cmd: DPP URI read from a NFC Tag (URI NDEF message)
95 * Returns: Identifier of the stored info or -1 on failure
96 */
97 int wpas_dpp_nfc_uri(struct wpa_supplicant *wpa_s, const char *cmd)
98 {
99 struct dpp_bootstrap_info *bi;
100
101 bi = dpp_add_nfc_uri(wpa_s->dpp, cmd);
102 if (!bi)
103 return -1;
104
105 return bi->id;
106 }
107
108
109 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx)
110 {
111 struct wpa_supplicant *wpa_s = eloop_ctx;
112 struct dpp_authentication *auth = wpa_s->dpp_auth;
113
114 if (!auth || !auth->resp_msg)
115 return;
116
117 wpa_printf(MSG_DEBUG,
118 "DPP: Retry Authentication Response after timeout");
119 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
120 " freq=%u type=%d",
121 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
122 DPP_PA_AUTHENTICATION_RESP);
123 offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr,
124 wpa_s->own_addr, broadcast,
125 wpabuf_head(auth->resp_msg),
126 wpabuf_len(auth->resp_msg),
127 500, wpas_dpp_tx_status, 0);
128 }
129
130
131 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s)
132 {
133 struct dpp_authentication *auth = wpa_s->dpp_auth;
134 unsigned int wait_time, max_tries;
135
136 if (!auth || !auth->resp_msg)
137 return;
138
139 if (wpa_s->dpp_resp_max_tries)
140 max_tries = wpa_s->dpp_resp_max_tries;
141 else
142 max_tries = 5;
143 auth->auth_resp_tries++;
144 if (auth->auth_resp_tries >= max_tries) {
145 wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange");
146 offchannel_send_action_done(wpa_s);
147 dpp_auth_deinit(wpa_s->dpp_auth);
148 wpa_s->dpp_auth = NULL;
149 return;
150 }
151
152 if (wpa_s->dpp_resp_retry_time)
153 wait_time = wpa_s->dpp_resp_retry_time;
154 else
155 wait_time = 1000;
156 wpa_printf(MSG_DEBUG,
157 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
158 wait_time);
159 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
160 eloop_register_timeout(wait_time / 1000,
161 (wait_time % 1000) * 1000,
162 wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
163 }
164
165
166 static void wpas_dpp_try_to_connect(struct wpa_supplicant *wpa_s)
167 {
168 wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network");
169 wpa_s->suitable_network = 0;
170 wpa_s->no_suitable_network = 0;
171 wpa_s->disconnected = 0;
172 wpa_s->reassociate = 1;
173 wpa_s->scan_runs = 0;
174 wpa_s->normal_scans = 0;
175 wpa_supplicant_cancel_sched_scan(wpa_s);
176 wpa_supplicant_req_scan(wpa_s, 0, 0);
177 }
178
179
180 #ifdef CONFIG_DPP2
181
182 static void wpas_dpp_conn_status_result_timeout(void *eloop_ctx,
183 void *timeout_ctx)
184 {
185 struct wpa_supplicant *wpa_s = eloop_ctx;
186 struct dpp_authentication *auth = wpa_s->dpp_auth;
187 enum dpp_status_error result;
188
189 if (!auth || !auth->conn_status_requested)
190 return;
191
192 wpa_printf(MSG_DEBUG,
193 "DPP: Connection timeout - report Connection Status Result");
194 if (wpa_s->suitable_network)
195 result = DPP_STATUS_AUTH_FAILURE;
196 else if (wpa_s->no_suitable_network)
197 result = DPP_STATUS_NO_AP;
198 else
199 result = 255; /* What to report here for unexpected state? */
200 if (wpa_s->wpa_state == WPA_SCANNING)
201 wpas_abort_ongoing_scan(wpa_s);
202 wpas_dpp_send_conn_status_result(wpa_s, result);
203 }
204
205
206 static char * wpas_dpp_scan_channel_list(struct wpa_supplicant *wpa_s)
207 {
208 char *str, *end, *pos;
209 size_t len;
210 unsigned int i;
211 u8 last_op_class = 0;
212 int res;
213
214 if (!wpa_s->last_scan_freqs || !wpa_s->num_last_scan_freqs)
215 return NULL;
216
217 len = wpa_s->num_last_scan_freqs * 8;
218 str = os_zalloc(len);
219 if (!str)
220 return NULL;
221 end = str + len;
222 pos = str;
223
224 for (i = 0; i < wpa_s->num_last_scan_freqs; i++) {
225 enum hostapd_hw_mode mode;
226 u8 op_class, channel;
227
228 mode = ieee80211_freq_to_channel_ext(wpa_s->last_scan_freqs[i],
229 0, 0, &op_class, &channel);
230 if (mode == NUM_HOSTAPD_MODES)
231 continue;
232 if (op_class == last_op_class)
233 res = os_snprintf(pos, end - pos, ",%d", channel);
234 else
235 res = os_snprintf(pos, end - pos, "%s%d/%d",
236 pos == str ? "" : ",",
237 op_class, channel);
238 if (os_snprintf_error(end - pos, res)) {
239 *pos = '\0';
240 break;
241 }
242 pos += res;
243 last_op_class = op_class;
244 }
245
246 if (pos == str) {
247 os_free(str);
248 str = NULL;
249 }
250 return str;
251 }
252
253
254 void wpas_dpp_send_conn_status_result(struct wpa_supplicant *wpa_s,
255 enum dpp_status_error result)
256 {
257 struct wpabuf *msg;
258 const char *channel_list = NULL;
259 char *channel_list_buf = NULL;
260 struct wpa_ssid *ssid = wpa_s->current_ssid;
261 struct dpp_authentication *auth = wpa_s->dpp_auth;
262
263 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
264
265 if (!auth || !auth->conn_status_requested)
266 return;
267 auth->conn_status_requested = 0;
268 wpa_printf(MSG_DEBUG, "DPP: Report connection status result %d",
269 result);
270
271 if (result == DPP_STATUS_NO_AP) {
272 channel_list_buf = wpas_dpp_scan_channel_list(wpa_s);
273 channel_list = channel_list_buf;
274 }
275
276 msg = dpp_build_conn_status_result(auth, result,
277 ssid ? ssid->ssid :
278 wpa_s->dpp_last_ssid,
279 ssid ? ssid->ssid_len :
280 wpa_s->dpp_last_ssid_len,
281 channel_list);
282 os_free(channel_list_buf);
283 if (!msg) {
284 dpp_auth_deinit(wpa_s->dpp_auth);
285 wpa_s->dpp_auth = NULL;
286 return;
287 }
288
289 wpa_msg(wpa_s, MSG_INFO,
290 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
291 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
292 DPP_PA_CONNECTION_STATUS_RESULT);
293 offchannel_send_action(wpa_s, auth->curr_freq,
294 auth->peer_mac_addr, wpa_s->own_addr, broadcast,
295 wpabuf_head(msg), wpabuf_len(msg),
296 500, wpas_dpp_tx_status, 0);
297 wpabuf_free(msg);
298
299 /* This exchange will be terminated in the TX status handler */
300 auth->remove_on_tx_status = 1;
301
302 return;
303 }
304
305
306 void wpas_dpp_connected(struct wpa_supplicant *wpa_s)
307 {
308 struct dpp_authentication *auth = wpa_s->dpp_auth;
309
310 if (auth && auth->conn_status_requested)
311 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_OK);
312 }
313
314 #endif /* CONFIG_DPP2 */
315
316
317 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
318 unsigned int freq, const u8 *dst,
319 const u8 *src, const u8 *bssid,
320 const u8 *data, size_t data_len,
321 enum offchannel_send_action_result result)
322 {
323 const char *res_txt;
324 struct dpp_authentication *auth = wpa_s->dpp_auth;
325
326 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
327 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
328 "FAILED");
329 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
330 " result=%s", freq, MAC2STR(dst), res_txt);
331 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
332 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
333
334 if (!wpa_s->dpp_auth) {
335 wpa_printf(MSG_DEBUG,
336 "DPP: Ignore TX status since there is no ongoing authentication exchange");
337 return;
338 }
339
340 #ifdef CONFIG_DPP2
341 if (auth->connect_on_tx_status) {
342 auth->connect_on_tx_status = 0;
343 wpa_printf(MSG_DEBUG,
344 "DPP: Try to connect after completed configuration result");
345 wpas_dpp_try_to_connect(wpa_s);
346 if (auth->conn_status_requested) {
347 wpa_printf(MSG_DEBUG,
348 "DPP: Start 15 second timeout for reporting connection status result");
349 eloop_cancel_timeout(
350 wpas_dpp_conn_status_result_timeout,
351 wpa_s, NULL);
352 eloop_register_timeout(
353 15, 0, wpas_dpp_conn_status_result_timeout,
354 wpa_s, NULL);
355 } else {
356 dpp_auth_deinit(wpa_s->dpp_auth);
357 wpa_s->dpp_auth = NULL;
358 }
359 return;
360 }
361 #endif /* CONFIG_DPP2 */
362
363 if (wpa_s->dpp_auth->remove_on_tx_status) {
364 wpa_printf(MSG_DEBUG,
365 "DPP: Terminate authentication exchange due to a request to do so on TX status");
366 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
367 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
368 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
369 NULL);
370 offchannel_send_action_done(wpa_s);
371 dpp_auth_deinit(wpa_s->dpp_auth);
372 wpa_s->dpp_auth = NULL;
373 return;
374 }
375
376 if (wpa_s->dpp_auth_ok_on_ack)
377 wpas_dpp_auth_success(wpa_s, 1);
378
379 if (!is_broadcast_ether_addr(dst) &&
380 result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
381 wpa_printf(MSG_DEBUG,
382 "DPP: Unicast DPP Action frame was not ACKed");
383 if (auth->waiting_auth_resp) {
384 /* In case of DPP Authentication Request frame, move to
385 * the next channel immediately. */
386 offchannel_send_action_done(wpa_s);
387 wpas_dpp_auth_init_next(wpa_s);
388 return;
389 }
390 if (auth->waiting_auth_conf) {
391 wpas_dpp_auth_resp_retry(wpa_s);
392 return;
393 }
394 }
395
396 if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp &&
397 result == OFFCHANNEL_SEND_ACTION_SUCCESS) {
398 /* Allow timeout handling to stop iteration if no response is
399 * received from a peer that has ACKed a request. */
400 auth->auth_req_ack = 1;
401 }
402
403 if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
404 wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
405 wpa_printf(MSG_DEBUG,
406 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
407 wpa_s->dpp_auth->curr_freq,
408 wpa_s->dpp_auth->neg_freq);
409 offchannel_send_action_done(wpa_s);
410 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->neg_freq);
411 }
412
413 if (wpa_s->dpp_auth_ok_on_ack)
414 wpa_s->dpp_auth_ok_on_ack = 0;
415 }
416
417
418 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
419 {
420 struct wpa_supplicant *wpa_s = eloop_ctx;
421 struct dpp_authentication *auth = wpa_s->dpp_auth;
422 unsigned int freq;
423 struct os_reltime now, diff;
424 unsigned int wait_time, diff_ms;
425
426 if (!auth || !auth->waiting_auth_resp)
427 return;
428
429 wait_time = wpa_s->dpp_resp_wait_time ?
430 wpa_s->dpp_resp_wait_time : 2000;
431 os_get_reltime(&now);
432 os_reltime_sub(&now, &wpa_s->dpp_last_init, &diff);
433 diff_ms = diff.sec * 1000 + diff.usec / 1000;
434 wpa_printf(MSG_DEBUG,
435 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
436 wait_time, diff_ms);
437
438 if (auth->auth_req_ack && diff_ms >= wait_time) {
439 /* Peer ACK'ed Authentication Request frame, but did not reply
440 * with Authentication Response frame within two seconds. */
441 wpa_printf(MSG_INFO,
442 "DPP: No response received from responder - stopping initiation attempt");
443 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
444 offchannel_send_action_done(wpa_s);
445 wpas_dpp_listen_stop(wpa_s);
446 dpp_auth_deinit(auth);
447 wpa_s->dpp_auth = NULL;
448 return;
449 }
450
451 if (diff_ms >= wait_time) {
452 /* Authentication Request frame was not ACK'ed and no reply
453 * was receiving within two seconds. */
454 wpa_printf(MSG_DEBUG,
455 "DPP: Continue Initiator channel iteration");
456 offchannel_send_action_done(wpa_s);
457 wpas_dpp_listen_stop(wpa_s);
458 wpas_dpp_auth_init_next(wpa_s);
459 return;
460 }
461
462 /* Driver did not support 2000 ms long wait_time with TX command, so
463 * schedule listen operation to continue waiting for the response.
464 *
465 * DPP listen operations continue until stopped, so simply schedule a
466 * new call to this function at the point when the two second reply
467 * wait has expired. */
468 wait_time -= diff_ms;
469
470 freq = auth->curr_freq;
471 if (auth->neg_freq > 0)
472 freq = auth->neg_freq;
473 wpa_printf(MSG_DEBUG,
474 "DPP: Continue reply wait on channel %u MHz for %u ms",
475 freq, wait_time);
476 wpa_s->dpp_in_response_listen = 1;
477 wpas_dpp_listen_start(wpa_s, freq);
478
479 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
480 wpas_dpp_reply_wait_timeout, wpa_s, NULL);
481 }
482
483
484 static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
485 struct dpp_authentication *auth)
486 {
487 #ifdef CONFIG_TESTING_OPTIONS
488 if (wpa_s->dpp_config_obj_override)
489 auth->config_obj_override =
490 os_strdup(wpa_s->dpp_config_obj_override);
491 if (wpa_s->dpp_discovery_override)
492 auth->discovery_override =
493 os_strdup(wpa_s->dpp_discovery_override);
494 if (wpa_s->dpp_groups_override)
495 auth->groups_override =
496 os_strdup(wpa_s->dpp_groups_override);
497 auth->ignore_netaccesskey_mismatch =
498 wpa_s->dpp_ignore_netaccesskey_mismatch;
499 #endif /* CONFIG_TESTING_OPTIONS */
500 }
501
502
503 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
504 {
505 struct wpa_supplicant *wpa_s = eloop_ctx;
506
507 if (!wpa_s->dpp_auth)
508 return;
509 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
510 wpas_dpp_auth_init_next(wpa_s);
511 }
512
513
514 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
515 {
516 struct dpp_authentication *auth = wpa_s->dpp_auth;
517 const u8 *dst;
518 unsigned int wait_time, max_wait_time, freq, max_tries, used;
519 struct os_reltime now, diff;
520
521 wpa_s->dpp_in_response_listen = 0;
522 if (!auth)
523 return -1;
524
525 if (auth->freq_idx == 0)
526 os_get_reltime(&wpa_s->dpp_init_iter_start);
527
528 if (auth->freq_idx >= auth->num_freq) {
529 auth->num_freq_iters++;
530 if (wpa_s->dpp_init_max_tries)
531 max_tries = wpa_s->dpp_init_max_tries;
532 else
533 max_tries = 5;
534 if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
535 wpa_printf(MSG_INFO,
536 "DPP: No response received from responder - stopping initiation attempt");
537 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
538 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout,
539 wpa_s, NULL);
540 offchannel_send_action_done(wpa_s);
541 dpp_auth_deinit(wpa_s->dpp_auth);
542 wpa_s->dpp_auth = NULL;
543 return -1;
544 }
545 auth->freq_idx = 0;
546 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
547 if (wpa_s->dpp_init_retry_time)
548 wait_time = wpa_s->dpp_init_retry_time;
549 else
550 wait_time = 10000;
551 os_get_reltime(&now);
552 os_reltime_sub(&now, &wpa_s->dpp_init_iter_start, &diff);
553 used = diff.sec * 1000 + diff.usec / 1000;
554 if (used > wait_time)
555 wait_time = 0;
556 else
557 wait_time -= used;
558 wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms",
559 wait_time);
560 eloop_register_timeout(wait_time / 1000,
561 (wait_time % 1000) * 1000,
562 wpas_dpp_init_timeout, wpa_s,
563 NULL);
564 return 0;
565 }
566 freq = auth->freq[auth->freq_idx++];
567 auth->curr_freq = freq;
568
569 if (is_zero_ether_addr(auth->peer_bi->mac_addr))
570 dst = broadcast;
571 else
572 dst = auth->peer_bi->mac_addr;
573 wpa_s->dpp_auth_ok_on_ack = 0;
574 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
575 wait_time = wpa_s->max_remain_on_chan;
576 max_wait_time = wpa_s->dpp_resp_wait_time ?
577 wpa_s->dpp_resp_wait_time : 2000;
578 if (wait_time > max_wait_time)
579 wait_time = max_wait_time;
580 wait_time += 10; /* give the driver some extra time to complete */
581 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
582 wpas_dpp_reply_wait_timeout,
583 wpa_s, NULL);
584 wait_time -= 10;
585 if (auth->neg_freq > 0 && freq != auth->neg_freq) {
586 wpa_printf(MSG_DEBUG,
587 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
588 freq, auth->neg_freq);
589 }
590 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
591 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
592 auth->auth_req_ack = 0;
593 os_get_reltime(&wpa_s->dpp_last_init);
594 return offchannel_send_action(wpa_s, freq, dst,
595 wpa_s->own_addr, broadcast,
596 wpabuf_head(auth->req_msg),
597 wpabuf_len(auth->req_msg),
598 wait_time, wpas_dpp_tx_status, 0);
599 }
600
601
602 int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
603 {
604 const char *pos;
605 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
606 struct dpp_authentication *auth;
607 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
608 unsigned int neg_freq = 0;
609 int tcp = 0;
610 #ifdef CONFIG_DPP2
611 int tcp_port = DPP_TCP_PORT;
612 struct hostapd_ip_addr ipaddr;
613 char *addr;
614 #endif /* CONFIG_DPP2 */
615
616 wpa_s->dpp_gas_client = 0;
617
618 pos = os_strstr(cmd, " peer=");
619 if (!pos)
620 return -1;
621 pos += 6;
622 peer_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
623 if (!peer_bi) {
624 wpa_printf(MSG_INFO,
625 "DPP: Could not find bootstrapping info for the identified peer");
626 return -1;
627 }
628
629 #ifdef CONFIG_DPP2
630 pos = os_strstr(cmd, " tcp_port=");
631 if (pos) {
632 pos += 10;
633 tcp_port = atoi(pos);
634 }
635
636 addr = get_param(cmd, " tcp_addr=");
637 if (addr) {
638 int res;
639
640 res = hostapd_parse_ip_addr(addr, &ipaddr);
641 os_free(addr);
642 if (res)
643 return -1;
644 tcp = 1;
645 }
646 #endif /* CONFIG_DPP2 */
647
648 pos = os_strstr(cmd, " own=");
649 if (pos) {
650 pos += 5;
651 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
652 if (!own_bi) {
653 wpa_printf(MSG_INFO,
654 "DPP: Could not find bootstrapping info for the identified local entry");
655 return -1;
656 }
657
658 if (peer_bi->curve != own_bi->curve) {
659 wpa_printf(MSG_INFO,
660 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
661 peer_bi->curve->name, own_bi->curve->name);
662 return -1;
663 }
664 }
665
666 pos = os_strstr(cmd, " role=");
667 if (pos) {
668 pos += 6;
669 if (os_strncmp(pos, "configurator", 12) == 0)
670 allowed_roles = DPP_CAPAB_CONFIGURATOR;
671 else if (os_strncmp(pos, "enrollee", 8) == 0)
672 allowed_roles = DPP_CAPAB_ENROLLEE;
673 else if (os_strncmp(pos, "either", 6) == 0)
674 allowed_roles = DPP_CAPAB_CONFIGURATOR |
675 DPP_CAPAB_ENROLLEE;
676 else
677 goto fail;
678 }
679
680 pos = os_strstr(cmd, " netrole=");
681 if (pos) {
682 pos += 9;
683 if (os_strncmp(pos, "ap", 2) == 0)
684 wpa_s->dpp_netrole = DPP_NETROLE_AP;
685 else if (os_strncmp(pos, "configurator", 12) == 0)
686 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
687 else
688 wpa_s->dpp_netrole = DPP_NETROLE_STA;
689 }
690
691 pos = os_strstr(cmd, " neg_freq=");
692 if (pos)
693 neg_freq = atoi(pos + 10);
694
695 if (!tcp && wpa_s->dpp_auth) {
696 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
697 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
698 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
699 NULL);
700 offchannel_send_action_done(wpa_s);
701 dpp_auth_deinit(wpa_s->dpp_auth);
702 wpa_s->dpp_auth = NULL;
703 }
704
705 auth = dpp_auth_init(wpa_s, peer_bi, own_bi, allowed_roles, neg_freq,
706 wpa_s->hw.modes, wpa_s->hw.num_modes);
707 if (!auth)
708 goto fail;
709 wpas_dpp_set_testing_options(wpa_s, auth);
710 if (dpp_set_configurator(wpa_s->dpp, wpa_s, auth, cmd) < 0) {
711 dpp_auth_deinit(auth);
712 goto fail;
713 }
714
715 auth->neg_freq = neg_freq;
716
717 if (!is_zero_ether_addr(peer_bi->mac_addr))
718 os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN);
719
720 #ifdef CONFIG_DPP2
721 if (tcp)
722 return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port);
723 #endif /* CONFIG_DPP2 */
724
725 wpa_s->dpp_auth = auth;
726 return wpas_dpp_auth_init_next(wpa_s);
727 fail:
728 return -1;
729 }
730
731
732 struct wpas_dpp_listen_work {
733 unsigned int freq;
734 unsigned int duration;
735 struct wpabuf *probe_resp_ie;
736 };
737
738
739 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
740 {
741 if (!lwork)
742 return;
743 os_free(lwork);
744 }
745
746
747 static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
748 {
749 struct wpas_dpp_listen_work *lwork;
750
751 if (!wpa_s->dpp_listen_work)
752 return;
753
754 lwork = wpa_s->dpp_listen_work->ctx;
755 wpas_dpp_listen_work_free(lwork);
756 radio_work_done(wpa_s->dpp_listen_work);
757 wpa_s->dpp_listen_work = NULL;
758 }
759
760
761 static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
762 {
763 struct wpa_supplicant *wpa_s = work->wpa_s;
764 struct wpas_dpp_listen_work *lwork = work->ctx;
765
766 if (deinit) {
767 if (work->started) {
768 wpa_s->dpp_listen_work = NULL;
769 wpas_dpp_listen_stop(wpa_s);
770 }
771 wpas_dpp_listen_work_free(lwork);
772 return;
773 }
774
775 wpa_s->dpp_listen_work = work;
776
777 wpa_s->dpp_pending_listen_freq = lwork->freq;
778
779 if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
780 wpa_s->max_remain_on_chan) < 0) {
781 wpa_printf(MSG_DEBUG,
782 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
783 lwork->freq);
784 wpa_s->dpp_listen_freq = 0;
785 wpas_dpp_listen_work_done(wpa_s);
786 wpa_s->dpp_pending_listen_freq = 0;
787 return;
788 }
789 wpa_s->off_channel_freq = 0;
790 wpa_s->roc_waiting_drv_freq = lwork->freq;
791 }
792
793
794 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
795 unsigned int freq)
796 {
797 struct wpas_dpp_listen_work *lwork;
798
799 if (wpa_s->dpp_listen_work) {
800 wpa_printf(MSG_DEBUG,
801 "DPP: Reject start_listen since dpp_listen_work already exists");
802 return -1;
803 }
804
805 if (wpa_s->dpp_listen_freq)
806 wpas_dpp_listen_stop(wpa_s);
807 wpa_s->dpp_listen_freq = freq;
808
809 lwork = os_zalloc(sizeof(*lwork));
810 if (!lwork)
811 return -1;
812 lwork->freq = freq;
813
814 if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
815 lwork) < 0) {
816 wpas_dpp_listen_work_free(lwork);
817 return -1;
818 }
819
820 return 0;
821 }
822
823
824 int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
825 {
826 int freq;
827
828 freq = atoi(cmd);
829 if (freq <= 0)
830 return -1;
831
832 if (os_strstr(cmd, " role=configurator"))
833 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
834 else if (os_strstr(cmd, " role=enrollee"))
835 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
836 else
837 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
838 DPP_CAPAB_ENROLLEE;
839 wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
840 if (os_strstr(cmd, " netrole=ap"))
841 wpa_s->dpp_netrole = DPP_NETROLE_AP;
842 else if (os_strstr(cmd, " netrole=configurator"))
843 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
844 else
845 wpa_s->dpp_netrole = DPP_NETROLE_STA;
846 if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
847 wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
848 freq);
849 return 0;
850 }
851
852 return wpas_dpp_listen_start(wpa_s, freq);
853 }
854
855
856 void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
857 {
858 wpa_s->dpp_in_response_listen = 0;
859 if (!wpa_s->dpp_listen_freq)
860 return;
861
862 wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
863 wpa_s->dpp_listen_freq);
864 wpa_drv_cancel_remain_on_channel(wpa_s);
865 wpa_s->dpp_listen_freq = 0;
866 wpas_dpp_listen_work_done(wpa_s);
867 }
868
869
870 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
871 unsigned int freq)
872 {
873 wpas_dpp_listen_work_done(wpa_s);
874
875 if (wpa_s->dpp_auth && wpa_s->dpp_in_response_listen) {
876 unsigned int new_freq;
877
878 /* Continue listen with a new remain-on-channel */
879 if (wpa_s->dpp_auth->neg_freq > 0)
880 new_freq = wpa_s->dpp_auth->neg_freq;
881 else
882 new_freq = wpa_s->dpp_auth->curr_freq;
883 wpa_printf(MSG_DEBUG,
884 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
885 new_freq);
886 wpas_dpp_listen_start(wpa_s, new_freq);
887 return;
888 }
889
890 if (wpa_s->dpp_listen_freq) {
891 /* Continue listen with a new remain-on-channel */
892 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
893 }
894 }
895
896
897 static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
898 const u8 *hdr, const u8 *buf, size_t len,
899 unsigned int freq)
900 {
901 const u8 *r_bootstrap, *i_bootstrap;
902 u16 r_bootstrap_len, i_bootstrap_len;
903 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
904
905 if (!wpa_s->dpp)
906 return;
907
908 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
909 MAC2STR(src));
910
911 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
912 &r_bootstrap_len);
913 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
914 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
915 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
916 return;
917 }
918 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
919 r_bootstrap, r_bootstrap_len);
920
921 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
922 &i_bootstrap_len);
923 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
924 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
925 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
926 return;
927 }
928 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
929 i_bootstrap, i_bootstrap_len);
930
931 /* Try to find own and peer bootstrapping key matches based on the
932 * received hash values */
933 dpp_bootstrap_find_pair(wpa_s->dpp, i_bootstrap, r_bootstrap,
934 &own_bi, &peer_bi);
935 if (!own_bi) {
936 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
937 "No matching own bootstrapping key found - ignore message");
938 return;
939 }
940
941 if (wpa_s->dpp_auth) {
942 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
943 "Already in DPP authentication exchange - ignore new one");
944 return;
945 }
946
947 wpa_s->dpp_gas_client = 0;
948 wpa_s->dpp_auth_ok_on_ack = 0;
949 wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles,
950 wpa_s->dpp_qr_mutual,
951 peer_bi, own_bi, freq, hdr, buf, len);
952 if (!wpa_s->dpp_auth) {
953 wpa_printf(MSG_DEBUG, "DPP: No response generated");
954 return;
955 }
956 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
957 if (dpp_set_configurator(wpa_s->dpp, wpa_s, wpa_s->dpp_auth,
958 wpa_s->dpp_configurator_params) < 0) {
959 dpp_auth_deinit(wpa_s->dpp_auth);
960 wpa_s->dpp_auth = NULL;
961 return;
962 }
963 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
964
965 if (wpa_s->dpp_listen_freq &&
966 wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) {
967 wpa_printf(MSG_DEBUG,
968 "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
969 wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq);
970 wpas_dpp_listen_stop(wpa_s);
971 }
972
973 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
974 MAC2STR(src), wpa_s->dpp_auth->curr_freq,
975 DPP_PA_AUTHENTICATION_RESP);
976 offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
977 src, wpa_s->own_addr, broadcast,
978 wpabuf_head(wpa_s->dpp_auth->resp_msg),
979 wpabuf_len(wpa_s->dpp_auth->resp_msg),
980 500, wpas_dpp_tx_status, 0);
981 }
982
983
984 static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
985 {
986 /* TODO: stop wait and start ROC */
987 }
988
989
990 static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
991 struct dpp_authentication *auth,
992 struct dpp_config_obj *conf)
993 {
994 struct wpa_ssid *ssid;
995
996 #ifdef CONFIG_DPP2
997 if (conf->akm == DPP_AKM_SAE) {
998 #ifdef CONFIG_SAE
999 struct wpa_driver_capa capa;
1000 int res;
1001
1002 res = wpa_drv_get_capa(wpa_s, &capa);
1003 if (res == 0 &&
1004 !(capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SAE) &&
1005 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
1006 wpa_printf(MSG_DEBUG,
1007 "DPP: SAE not supported by the driver");
1008 return NULL;
1009 }
1010 #else /* CONFIG_SAE */
1011 wpa_printf(MSG_DEBUG, "DPP: SAE not supported in the build");
1012 return NULL;
1013 #endif /* CONFIG_SAE */
1014 }
1015 #endif /* CONFIG_DPP2 */
1016
1017 ssid = wpa_config_add_network(wpa_s->conf);
1018 if (!ssid)
1019 return NULL;
1020 wpas_notify_network_added(wpa_s, ssid);
1021 wpa_config_set_network_defaults(ssid);
1022 ssid->disabled = 1;
1023
1024 ssid->ssid = os_malloc(conf->ssid_len);
1025 if (!ssid->ssid)
1026 goto fail;
1027 os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);
1028 ssid->ssid_len = conf->ssid_len;
1029
1030 if (conf->connector) {
1031 ssid->key_mgmt = WPA_KEY_MGMT_DPP;
1032 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
1033 ssid->dpp_connector = os_strdup(conf->connector);
1034 if (!ssid->dpp_connector)
1035 goto fail;
1036 }
1037
1038 if (conf->c_sign_key) {
1039 ssid->dpp_csign = os_malloc(wpabuf_len(conf->c_sign_key));
1040 if (!ssid->dpp_csign)
1041 goto fail;
1042 os_memcpy(ssid->dpp_csign, wpabuf_head(conf->c_sign_key),
1043 wpabuf_len(conf->c_sign_key));
1044 ssid->dpp_csign_len = wpabuf_len(conf->c_sign_key);
1045 }
1046
1047 if (auth->net_access_key) {
1048 ssid->dpp_netaccesskey =
1049 os_malloc(wpabuf_len(auth->net_access_key));
1050 if (!ssid->dpp_netaccesskey)
1051 goto fail;
1052 os_memcpy(ssid->dpp_netaccesskey,
1053 wpabuf_head(auth->net_access_key),
1054 wpabuf_len(auth->net_access_key));
1055 ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key);
1056 ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry;
1057 }
1058
1059 if (!conf->connector || dpp_akm_psk(conf->akm) ||
1060 dpp_akm_sae(conf->akm)) {
1061 if (!conf->connector)
1062 ssid->key_mgmt = 0;
1063 if (dpp_akm_psk(conf->akm))
1064 ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
1065 WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK;
1066 if (dpp_akm_sae(conf->akm))
1067 ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
1068 WPA_KEY_MGMT_FT_SAE;
1069 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
1070 if (conf->passphrase[0]) {
1071 if (wpa_config_set_quoted(ssid, "psk",
1072 conf->passphrase) < 0)
1073 goto fail;
1074 wpa_config_update_psk(ssid);
1075 ssid->export_keys = 1;
1076 } else {
1077 ssid->psk_set = conf->psk_set;
1078 os_memcpy(ssid->psk, conf->psk, PMK_LEN);
1079 }
1080 }
1081
1082 os_memcpy(wpa_s->dpp_last_ssid, conf->ssid, conf->ssid_len);
1083 wpa_s->dpp_last_ssid_len = conf->ssid_len;
1084
1085 return ssid;
1086 fail:
1087 wpas_notify_network_removed(wpa_s, ssid);
1088 wpa_config_remove_network(wpa_s->conf, ssid->id);
1089 return NULL;
1090 }
1091
1092
1093 static int wpas_dpp_process_config(struct wpa_supplicant *wpa_s,
1094 struct dpp_authentication *auth,
1095 struct dpp_config_obj *conf)
1096 {
1097 struct wpa_ssid *ssid;
1098
1099 if (wpa_s->conf->dpp_config_processing < 1)
1100 return 0;
1101
1102 ssid = wpas_dpp_add_network(wpa_s, auth, conf);
1103 if (!ssid)
1104 return -1;
1105
1106 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id);
1107 if (wpa_s->conf->dpp_config_processing == 2)
1108 ssid->disabled = 0;
1109
1110 #ifndef CONFIG_NO_CONFIG_WRITE
1111 if (wpa_s->conf->update_config &&
1112 wpa_config_write(wpa_s->confname, wpa_s->conf))
1113 wpa_printf(MSG_DEBUG, "DPP: Failed to update configuration");
1114 #endif /* CONFIG_NO_CONFIG_WRITE */
1115
1116 return 0;
1117 }
1118
1119
1120 static void wpas_dpp_post_process_config(struct wpa_supplicant *wpa_s,
1121 struct dpp_authentication *auth)
1122 {
1123 if (wpa_s->conf->dpp_config_processing < 2)
1124 return;
1125
1126 #ifdef CONFIG_DPP2
1127 if (auth->peer_version >= 2) {
1128 wpa_printf(MSG_DEBUG,
1129 "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result");
1130 auth->connect_on_tx_status = 1;
1131 return;
1132 }
1133 #endif /* CONFIG_DPP2 */
1134
1135 wpas_dpp_try_to_connect(wpa_s);
1136 }
1137
1138
1139 static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
1140 struct dpp_authentication *auth,
1141 struct dpp_config_obj *conf)
1142 {
1143 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1144 if (conf->ssid_len)
1145 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
1146 wpa_ssid_txt(conf->ssid, conf->ssid_len));
1147 if (conf->ssid_charset)
1148 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID_CHARSET "%d",
1149 conf->ssid_charset);
1150 if (conf->connector) {
1151 /* TODO: Save the Connector and consider using a command
1152 * to fetch the value instead of sending an event with
1153 * it. The Connector could end up being larger than what
1154 * most clients are ready to receive as an event
1155 * message. */
1156 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
1157 conf->connector);
1158 }
1159 if (conf->c_sign_key) {
1160 char *hex;
1161 size_t hexlen;
1162
1163 hexlen = 2 * wpabuf_len(conf->c_sign_key) + 1;
1164 hex = os_malloc(hexlen);
1165 if (hex) {
1166 wpa_snprintf_hex(hex, hexlen,
1167 wpabuf_head(conf->c_sign_key),
1168 wpabuf_len(conf->c_sign_key));
1169 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
1170 hex);
1171 os_free(hex);
1172 }
1173 }
1174 if (auth->net_access_key) {
1175 char *hex;
1176 size_t hexlen;
1177
1178 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
1179 hex = os_malloc(hexlen);
1180 if (hex) {
1181 wpa_snprintf_hex(hex, hexlen,
1182 wpabuf_head(auth->net_access_key),
1183 wpabuf_len(auth->net_access_key));
1184 if (auth->net_access_key_expiry)
1185 wpa_msg(wpa_s, MSG_INFO,
1186 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
1187 (long unsigned)
1188 auth->net_access_key_expiry);
1189 else
1190 wpa_msg(wpa_s, MSG_INFO,
1191 DPP_EVENT_NET_ACCESS_KEY "%s", hex);
1192 os_free(hex);
1193 }
1194 }
1195
1196 return wpas_dpp_process_config(wpa_s, auth, conf);
1197 }
1198
1199
1200 static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
1201 enum gas_query_result result,
1202 const struct wpabuf *adv_proto,
1203 const struct wpabuf *resp, u16 status_code)
1204 {
1205 struct wpa_supplicant *wpa_s = ctx;
1206 const u8 *pos;
1207 struct dpp_authentication *auth = wpa_s->dpp_auth;
1208 int res;
1209 enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED;
1210 unsigned int i;
1211
1212 wpa_s->dpp_gas_dialog_token = -1;
1213
1214 if (!auth || !auth->auth_success) {
1215 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1216 return;
1217 }
1218 if (result != GAS_QUERY_SUCCESS ||
1219 !resp || status_code != WLAN_STATUS_SUCCESS) {
1220 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
1221 goto fail;
1222 }
1223
1224 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
1225 adv_proto);
1226 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
1227 resp);
1228
1229 if (wpabuf_len(adv_proto) != 10 ||
1230 !(pos = wpabuf_head(adv_proto)) ||
1231 pos[0] != WLAN_EID_ADV_PROTO ||
1232 pos[1] != 8 ||
1233 pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
1234 pos[4] != 5 ||
1235 WPA_GET_BE24(&pos[5]) != OUI_WFA ||
1236 pos[8] != 0x1a ||
1237 pos[9] != 1) {
1238 wpa_printf(MSG_DEBUG,
1239 "DPP: Not a DPP Advertisement Protocol ID");
1240 goto fail;
1241 }
1242
1243 if (dpp_conf_resp_rx(auth, resp) < 0) {
1244 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
1245 goto fail;
1246 }
1247
1248 for (i = 0; i < auth->num_conf_obj; i++) {
1249 res = wpas_dpp_handle_config_obj(wpa_s, auth,
1250 &auth->conf_obj[i]);
1251 if (res < 0)
1252 goto fail;
1253 }
1254 if (auth->num_conf_obj)
1255 wpas_dpp_post_process_config(wpa_s, auth);
1256
1257 status = DPP_STATUS_OK;
1258 #ifdef CONFIG_TESTING_OPTIONS
1259 if (dpp_test == DPP_TEST_REJECT_CONFIG) {
1260 wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object");
1261 status = DPP_STATUS_CONFIG_REJECTED;
1262 }
1263 #endif /* CONFIG_TESTING_OPTIONS */
1264 fail:
1265 if (status != DPP_STATUS_OK)
1266 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1267 #ifdef CONFIG_DPP2
1268 if (auth->peer_version >= 2 &&
1269 auth->conf_resp_status == DPP_STATUS_OK) {
1270 struct wpabuf *msg;
1271
1272 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
1273 msg = dpp_build_conf_result(auth, status);
1274 if (!msg)
1275 goto fail2;
1276
1277 wpa_msg(wpa_s, MSG_INFO,
1278 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1279 MAC2STR(addr), auth->curr_freq,
1280 DPP_PA_CONFIGURATION_RESULT);
1281 offchannel_send_action(wpa_s, auth->curr_freq,
1282 addr, wpa_s->own_addr, broadcast,
1283 wpabuf_head(msg),
1284 wpabuf_len(msg),
1285 500, wpas_dpp_tx_status, 0);
1286 wpabuf_free(msg);
1287
1288 /* This exchange will be terminated in the TX status handler */
1289 return;
1290 }
1291 fail2:
1292 #endif /* CONFIG_DPP2 */
1293 dpp_auth_deinit(wpa_s->dpp_auth);
1294 wpa_s->dpp_auth = NULL;
1295 }
1296
1297
1298 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
1299 {
1300 struct dpp_authentication *auth = wpa_s->dpp_auth;
1301 struct wpabuf *buf;
1302 int res;
1303 int *supp_op_classes;
1304
1305 wpa_s->dpp_gas_client = 1;
1306 offchannel_send_action_done(wpa_s);
1307 wpas_dpp_listen_stop(wpa_s);
1308
1309 supp_op_classes = wpas_supp_op_classes(wpa_s);
1310 buf = dpp_build_conf_req_helper(auth, wpa_s->conf->dpp_name,
1311 wpa_s->dpp_netrole,
1312 wpa_s->conf->dpp_mud_url,
1313 supp_op_classes);
1314 os_free(supp_op_classes);
1315 if (!buf) {
1316 wpa_printf(MSG_DEBUG,
1317 "DPP: No configuration request data available");
1318 return;
1319 }
1320
1321 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
1322 MAC2STR(auth->peer_mac_addr), auth->curr_freq);
1323
1324 res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
1325 1, buf, wpas_dpp_gas_resp_cb, wpa_s);
1326 if (res < 0) {
1327 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
1328 wpabuf_free(buf);
1329 } else {
1330 wpa_printf(MSG_DEBUG,
1331 "DPP: GAS query started with dialog token %u", res);
1332 wpa_s->dpp_gas_dialog_token = res;
1333 }
1334 }
1335
1336
1337 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
1338 {
1339 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
1340 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d", initiator);
1341 #ifdef CONFIG_TESTING_OPTIONS
1342 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
1343 wpa_printf(MSG_INFO,
1344 "DPP: TESTING - stop at Authentication Confirm");
1345 if (wpa_s->dpp_auth->configurator) {
1346 /* Prevent GAS response */
1347 wpa_s->dpp_auth->auth_success = 0;
1348 }
1349 return;
1350 }
1351 #endif /* CONFIG_TESTING_OPTIONS */
1352
1353 if (wpa_s->dpp_auth->configurator)
1354 wpas_dpp_start_gas_server(wpa_s);
1355 else
1356 wpas_dpp_start_gas_client(wpa_s);
1357 }
1358
1359
1360 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1361 const u8 *hdr, const u8 *buf, size_t len,
1362 unsigned int freq)
1363 {
1364 struct dpp_authentication *auth = wpa_s->dpp_auth;
1365 struct wpabuf *msg;
1366
1367 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR
1368 " (freq %u MHz)", MAC2STR(src), freq);
1369
1370 if (!auth) {
1371 wpa_printf(MSG_DEBUG,
1372 "DPP: No DPP Authentication in progress - drop");
1373 return;
1374 }
1375
1376 if (!is_zero_ether_addr(auth->peer_mac_addr) &&
1377 os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1378 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1379 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1380 return;
1381 }
1382
1383 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
1384
1385 if (auth->curr_freq != freq && auth->neg_freq == freq) {
1386 wpa_printf(MSG_DEBUG,
1387 "DPP: Responder accepted request for different negotiation channel");
1388 auth->curr_freq = freq;
1389 }
1390
1391 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
1392 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
1393 if (!msg) {
1394 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
1395 wpa_printf(MSG_DEBUG,
1396 "DPP: Start wait for full response");
1397 offchannel_send_action_done(wpa_s);
1398 wpas_dpp_listen_start(wpa_s, auth->curr_freq);
1399 return;
1400 }
1401 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
1402 return;
1403 }
1404 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
1405
1406 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1407 MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF);
1408 offchannel_send_action(wpa_s, auth->curr_freq,
1409 src, wpa_s->own_addr, broadcast,
1410 wpabuf_head(msg), wpabuf_len(msg),
1411 500, wpas_dpp_tx_status, 0);
1412 wpabuf_free(msg);
1413 wpa_s->dpp_auth_ok_on_ack = 1;
1414 }
1415
1416
1417 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
1418 const u8 *hdr, const u8 *buf, size_t len)
1419 {
1420 struct dpp_authentication *auth = wpa_s->dpp_auth;
1421
1422 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
1423 MAC2STR(src));
1424
1425 if (!auth) {
1426 wpa_printf(MSG_DEBUG,
1427 "DPP: No DPP Authentication in progress - drop");
1428 return;
1429 }
1430
1431 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1432 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1433 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1434 return;
1435 }
1436
1437 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
1438 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
1439 return;
1440 }
1441
1442 wpas_dpp_auth_success(wpa_s, 0);
1443 }
1444
1445
1446 #ifdef CONFIG_DPP2
1447
1448 static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx,
1449 void *timeout_ctx)
1450 {
1451 struct wpa_supplicant *wpa_s = eloop_ctx;
1452 struct dpp_authentication *auth = wpa_s->dpp_auth;
1453
1454 if (!auth || !auth->waiting_conf_result)
1455 return;
1456
1457 wpa_printf(MSG_DEBUG,
1458 "DPP: Timeout while waiting for Configuration Result");
1459 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1460 dpp_auth_deinit(auth);
1461 wpa_s->dpp_auth = NULL;
1462 }
1463
1464
1465 static void wpas_dpp_conn_status_result_wait_timeout(void *eloop_ctx,
1466 void *timeout_ctx)
1467 {
1468 struct wpa_supplicant *wpa_s = eloop_ctx;
1469 struct dpp_authentication *auth = wpa_s->dpp_auth;
1470
1471 if (!auth || !auth->waiting_conn_status_result)
1472 return;
1473
1474 wpa_printf(MSG_DEBUG,
1475 "DPP: Timeout while waiting for Connection Status Result");
1476 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT "timeout");
1477 wpas_dpp_listen_stop(wpa_s);
1478 dpp_auth_deinit(auth);
1479 wpa_s->dpp_auth = NULL;
1480 }
1481
1482
1483 static void wpas_dpp_rx_conf_result(struct wpa_supplicant *wpa_s, const u8 *src,
1484 const u8 *hdr, const u8 *buf, size_t len)
1485 {
1486 struct dpp_authentication *auth = wpa_s->dpp_auth;
1487 enum dpp_status_error status;
1488
1489 wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR,
1490 MAC2STR(src));
1491
1492 if (!auth || !auth->waiting_conf_result) {
1493 wpa_printf(MSG_DEBUG,
1494 "DPP: No DPP Configuration waiting for result - drop");
1495 return;
1496 }
1497
1498 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1499 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1500 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1501 return;
1502 }
1503
1504 status = dpp_conf_result_rx(auth, hdr, buf, len);
1505
1506 if (status == DPP_STATUS_OK && auth->send_conn_status) {
1507 wpa_msg(wpa_s, MSG_INFO,
1508 DPP_EVENT_CONF_SENT "wait_conn_status=1");
1509 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result");
1510 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
1511 wpa_s, NULL);
1512 auth->waiting_conn_status_result = 1;
1513 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
1514 wpa_s, NULL);
1515 eloop_register_timeout(16, 0,
1516 wpas_dpp_conn_status_result_wait_timeout,
1517 wpa_s, NULL);
1518 offchannel_send_action_done(wpa_s);
1519 wpas_dpp_listen_start(wpa_s, auth->neg_freq ? auth->neg_freq :
1520 auth->curr_freq);
1521 return;
1522 }
1523 offchannel_send_action_done(wpa_s);
1524 wpas_dpp_listen_stop(wpa_s);
1525 if (status == DPP_STATUS_OK)
1526 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
1527 else
1528 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1529 dpp_auth_deinit(auth);
1530 wpa_s->dpp_auth = NULL;
1531 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
1532 }
1533
1534
1535 static void wpas_dpp_rx_conn_status_result(struct wpa_supplicant *wpa_s,
1536 const u8 *src, const u8 *hdr,
1537 const u8 *buf, size_t len)
1538 {
1539 struct dpp_authentication *auth = wpa_s->dpp_auth;
1540 enum dpp_status_error status;
1541 u8 ssid[SSID_MAX_LEN];
1542 size_t ssid_len = 0;
1543 char *channel_list = NULL;
1544
1545 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result");
1546
1547 if (!auth || !auth->waiting_conn_status_result) {
1548 wpa_printf(MSG_DEBUG,
1549 "DPP: No DPP Configuration waiting for connection status result - drop");
1550 return;
1551 }
1552
1553 status = dpp_conn_status_result_rx(auth, hdr, buf, len,
1554 ssid, &ssid_len, &channel_list);
1555 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT
1556 "result=%d ssid=%s channel_list=%s",
1557 status, wpa_ssid_txt(ssid, ssid_len),
1558 channel_list ? channel_list : "N/A");
1559 os_free(channel_list);
1560 offchannel_send_action_done(wpa_s);
1561 wpas_dpp_listen_stop(wpa_s);
1562 dpp_auth_deinit(auth);
1563 wpa_s->dpp_auth = NULL;
1564 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
1565 wpa_s, NULL);
1566 }
1567
1568
1569 static int wpas_dpp_process_conf_obj(void *ctx,
1570 struct dpp_authentication *auth)
1571 {
1572 struct wpa_supplicant *wpa_s = ctx;
1573 unsigned int i;
1574 int res = -1;
1575
1576 for (i = 0; i < auth->num_conf_obj; i++) {
1577 res = wpas_dpp_handle_config_obj(wpa_s, auth,
1578 &auth->conf_obj[i]);
1579 if (res)
1580 break;
1581 }
1582 if (!res)
1583 wpas_dpp_post_process_config(wpa_s, auth);
1584
1585 return res;
1586 }
1587
1588 #endif /* CONFIG_DPP2 */
1589
1590
1591 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
1592 const u8 *src,
1593 const u8 *buf, size_t len)
1594 {
1595 struct wpa_ssid *ssid;
1596 const u8 *connector, *trans_id, *status;
1597 u16 connector_len, trans_id_len, status_len;
1598 struct dpp_introduction intro;
1599 struct rsn_pmksa_cache_entry *entry;
1600 struct os_time now;
1601 struct os_reltime rnow;
1602 os_time_t expiry;
1603 unsigned int seconds;
1604 enum dpp_status_error res;
1605
1606 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
1607 MAC2STR(src));
1608 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
1609 os_memcmp(src, wpa_s->dpp_intro_bssid, ETH_ALEN) != 0) {
1610 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
1611 MACSTR " - drop", MAC2STR(src));
1612 return;
1613 }
1614 offchannel_send_action_done(wpa_s);
1615
1616 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1617 if (ssid == wpa_s->dpp_intro_network)
1618 break;
1619 }
1620 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
1621 !ssid->dpp_csign) {
1622 wpa_printf(MSG_DEBUG,
1623 "DPP: Profile not found for network introduction");
1624 return;
1625 }
1626
1627 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
1628 &trans_id_len);
1629 if (!trans_id || trans_id_len != 1) {
1630 wpa_printf(MSG_DEBUG,
1631 "DPP: Peer did not include Transaction ID");
1632 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1633 " fail=missing_transaction_id", MAC2STR(src));
1634 goto fail;
1635 }
1636 if (trans_id[0] != TRANSACTION_ID) {
1637 wpa_printf(MSG_DEBUG,
1638 "DPP: Ignore frame with unexpected Transaction ID %u",
1639 trans_id[0]);
1640 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1641 " fail=transaction_id_mismatch", MAC2STR(src));
1642 goto fail;
1643 }
1644
1645 status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len);
1646 if (!status || status_len != 1) {
1647 wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status");
1648 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1649 " fail=missing_status", MAC2STR(src));
1650 goto fail;
1651 }
1652 if (status[0] != DPP_STATUS_OK) {
1653 wpa_printf(MSG_DEBUG,
1654 "DPP: Peer rejected network introduction: Status %u",
1655 status[0]);
1656 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1657 " status=%u", MAC2STR(src), status[0]);
1658 #ifdef CONFIG_DPP2
1659 wpas_dpp_send_conn_status_result(wpa_s, status[0]);
1660 #endif /* CONFIG_DPP2 */
1661 goto fail;
1662 }
1663
1664 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
1665 if (!connector) {
1666 wpa_printf(MSG_DEBUG,
1667 "DPP: Peer did not include its Connector");
1668 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1669 " fail=missing_connector", MAC2STR(src));
1670 goto fail;
1671 }
1672
1673 res = dpp_peer_intro(&intro, ssid->dpp_connector,
1674 ssid->dpp_netaccesskey,
1675 ssid->dpp_netaccesskey_len,
1676 ssid->dpp_csign,
1677 ssid->dpp_csign_len,
1678 connector, connector_len, &expiry);
1679 if (res != DPP_STATUS_OK) {
1680 wpa_printf(MSG_INFO,
1681 "DPP: Network Introduction protocol resulted in failure");
1682 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1683 " fail=peer_connector_validation_failed", MAC2STR(src));
1684 #ifdef CONFIG_DPP2
1685 wpas_dpp_send_conn_status_result(wpa_s, res);
1686 #endif /* CONFIG_DPP2 */
1687 goto fail;
1688 }
1689
1690 entry = os_zalloc(sizeof(*entry));
1691 if (!entry)
1692 goto fail;
1693 os_memcpy(entry->aa, src, ETH_ALEN);
1694 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
1695 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
1696 entry->pmk_len = intro.pmk_len;
1697 entry->akmp = WPA_KEY_MGMT_DPP;
1698 if (expiry) {
1699 os_get_time(&now);
1700 seconds = expiry - now.sec;
1701 } else {
1702 seconds = 86400 * 7;
1703 }
1704 os_get_reltime(&rnow);
1705 entry->expiration = rnow.sec + seconds;
1706 entry->reauth_time = rnow.sec + seconds;
1707 entry->network_ctx = ssid;
1708 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
1709
1710 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1711 " status=%u", MAC2STR(src), status[0]);
1712
1713 wpa_printf(MSG_DEBUG,
1714 "DPP: Try connection again after successful network introduction");
1715 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
1716 wpa_supplicant_cancel_sched_scan(wpa_s);
1717 wpa_supplicant_req_scan(wpa_s, 0, 0);
1718 }
1719 fail:
1720 os_memset(&intro, 0, sizeof(intro));
1721 }
1722
1723
1724 static int wpas_dpp_allow_ir(struct wpa_supplicant *wpa_s, unsigned int freq)
1725 {
1726 int i, j;
1727
1728 if (!wpa_s->hw.modes)
1729 return -1;
1730
1731 for (i = 0; i < wpa_s->hw.num_modes; i++) {
1732 struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
1733
1734 for (j = 0; j < mode->num_channels; j++) {
1735 struct hostapd_channel_data *chan = &mode->channels[j];
1736
1737 if (chan->freq != (int) freq)
1738 continue;
1739
1740 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
1741 HOSTAPD_CHAN_NO_IR |
1742 HOSTAPD_CHAN_RADAR))
1743 continue;
1744
1745 return 1;
1746 }
1747 }
1748
1749 wpa_printf(MSG_DEBUG,
1750 "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list",
1751 freq);
1752
1753 return 0;
1754 }
1755
1756
1757 static int wpas_dpp_pkex_next_channel(struct wpa_supplicant *wpa_s,
1758 struct dpp_pkex *pkex)
1759 {
1760 if (pkex->freq == 2437)
1761 pkex->freq = 5745;
1762 else if (pkex->freq == 5745)
1763 pkex->freq = 5220;
1764 else if (pkex->freq == 5220)
1765 pkex->freq = 60480;
1766 else
1767 return -1; /* no more channels to try */
1768
1769 if (wpas_dpp_allow_ir(wpa_s, pkex->freq) == 1) {
1770 wpa_printf(MSG_DEBUG, "DPP: Try to initiate on %u MHz",
1771 pkex->freq);
1772 return 0;
1773 }
1774
1775 /* Could not use this channel - try the next one */
1776 return wpas_dpp_pkex_next_channel(wpa_s, pkex);
1777 }
1778
1779
1780 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx)
1781 {
1782 struct wpa_supplicant *wpa_s = eloop_ctx;
1783 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1784
1785 if (!pkex || !pkex->exchange_req)
1786 return;
1787 if (pkex->exch_req_tries >= 5) {
1788 if (wpas_dpp_pkex_next_channel(wpa_s, pkex) < 0) {
1789 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1790 "No response from PKEX peer");
1791 dpp_pkex_free(pkex);
1792 wpa_s->dpp_pkex = NULL;
1793 return;
1794 }
1795 pkex->exch_req_tries = 0;
1796 }
1797
1798 pkex->exch_req_tries++;
1799 wpa_printf(MSG_DEBUG, "DPP: Retransmit PKEX Exchange Request (try %u)",
1800 pkex->exch_req_tries);
1801 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1802 MAC2STR(broadcast), pkex->freq, DPP_PA_PKEX_EXCHANGE_REQ);
1803 offchannel_send_action(wpa_s, pkex->freq, broadcast,
1804 wpa_s->own_addr, broadcast,
1805 wpabuf_head(pkex->exchange_req),
1806 wpabuf_len(pkex->exchange_req),
1807 pkex->exch_req_wait_time,
1808 wpas_dpp_tx_pkex_status, 0);
1809 }
1810
1811
1812 static void
1813 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
1814 unsigned int freq, const u8 *dst,
1815 const u8 *src, const u8 *bssid,
1816 const u8 *data, size_t data_len,
1817 enum offchannel_send_action_result result)
1818 {
1819 const char *res_txt;
1820 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1821
1822 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
1823 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
1824 "FAILED");
1825 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
1826 " result=%s (PKEX)",
1827 freq, MAC2STR(dst), res_txt);
1828 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
1829 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
1830
1831 if (!pkex) {
1832 wpa_printf(MSG_DEBUG,
1833 "DPP: Ignore TX status since there is no ongoing PKEX exchange");
1834 return;
1835 }
1836
1837 if (pkex->failed) {
1838 wpa_printf(MSG_DEBUG,
1839 "DPP: Terminate PKEX exchange due to an earlier error");
1840 if (pkex->t > pkex->own_bi->pkex_t)
1841 pkex->own_bi->pkex_t = pkex->t;
1842 dpp_pkex_free(pkex);
1843 wpa_s->dpp_pkex = NULL;
1844 return;
1845 }
1846
1847 if (pkex->exch_req_wait_time && pkex->exchange_req) {
1848 /* Wait for PKEX Exchange Response frame and retry request if
1849 * no response is seen. */
1850 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
1851 eloop_register_timeout(pkex->exch_req_wait_time / 1000,
1852 (pkex->exch_req_wait_time % 1000) * 1000,
1853 wpas_dpp_pkex_retry_timeout, wpa_s,
1854 NULL);
1855 }
1856 }
1857
1858
1859 static void
1860 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
1861 const u8 *buf, size_t len, unsigned int freq)
1862 {
1863 struct wpabuf *msg;
1864 unsigned int wait_time;
1865
1866 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
1867 MAC2STR(src));
1868
1869 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1870 * values here */
1871
1872 if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) {
1873 wpa_printf(MSG_DEBUG,
1874 "DPP: No PKEX code configured - ignore request");
1875 return;
1876 }
1877
1878 if (wpa_s->dpp_pkex) {
1879 /* TODO: Support parallel operations */
1880 wpa_printf(MSG_DEBUG,
1881 "DPP: Already in PKEX session - ignore new request");
1882 return;
1883 }
1884
1885 wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi,
1886 wpa_s->own_addr, src,
1887 wpa_s->dpp_pkex_identifier,
1888 wpa_s->dpp_pkex_code,
1889 buf, len);
1890 if (!wpa_s->dpp_pkex) {
1891 wpa_printf(MSG_DEBUG,
1892 "DPP: Failed to process the request - ignore it");
1893 return;
1894 }
1895
1896 msg = wpa_s->dpp_pkex->exchange_resp;
1897 wait_time = wpa_s->max_remain_on_chan;
1898 if (wait_time > 2000)
1899 wait_time = 2000;
1900 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1901 MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP);
1902 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1903 broadcast,
1904 wpabuf_head(msg), wpabuf_len(msg),
1905 wait_time, wpas_dpp_tx_pkex_status, 0);
1906 }
1907
1908
1909 static void
1910 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1911 const u8 *buf, size_t len, unsigned int freq)
1912 {
1913 struct wpabuf *msg;
1914 unsigned int wait_time;
1915
1916 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
1917 MAC2STR(src));
1918
1919 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1920 * values here */
1921
1922 if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator ||
1923 wpa_s->dpp_pkex->exchange_done) {
1924 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1925 return;
1926 }
1927
1928 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
1929 wpa_s->dpp_pkex->exch_req_wait_time = 0;
1930
1931 msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, src, buf, len);
1932 if (!msg) {
1933 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1934 return;
1935 }
1936
1937 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
1938 MAC2STR(src));
1939
1940 wait_time = wpa_s->max_remain_on_chan;
1941 if (wait_time > 2000)
1942 wait_time = 2000;
1943 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1944 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ);
1945 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1946 broadcast,
1947 wpabuf_head(msg), wpabuf_len(msg),
1948 wait_time, wpas_dpp_tx_pkex_status, 0);
1949 wpabuf_free(msg);
1950 }
1951
1952
1953 static struct dpp_bootstrap_info *
1954 wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer,
1955 unsigned int freq)
1956 {
1957 struct dpp_bootstrap_info *bi;
1958
1959 bi = dpp_pkex_finish(wpa_s->dpp, wpa_s->dpp_pkex, peer, freq);
1960 if (!bi)
1961 return NULL;
1962 wpa_s->dpp_pkex = NULL;
1963 return bi;
1964 }
1965
1966
1967 static void
1968 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
1969 const u8 *hdr, const u8 *buf, size_t len,
1970 unsigned int freq)
1971 {
1972 struct wpabuf *msg;
1973 unsigned int wait_time;
1974 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1975
1976 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
1977 MAC2STR(src));
1978
1979 if (!pkex || pkex->initiator || !pkex->exchange_done) {
1980 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1981 return;
1982 }
1983
1984 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
1985 if (!msg) {
1986 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
1987 if (pkex->failed) {
1988 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
1989 if (pkex->t > pkex->own_bi->pkex_t)
1990 pkex->own_bi->pkex_t = pkex->t;
1991 dpp_pkex_free(wpa_s->dpp_pkex);
1992 wpa_s->dpp_pkex = NULL;
1993 }
1994 return;
1995 }
1996
1997 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
1998 MACSTR, MAC2STR(src));
1999
2000 wait_time = wpa_s->max_remain_on_chan;
2001 if (wait_time > 2000)
2002 wait_time = 2000;
2003 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2004 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP);
2005 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
2006 broadcast,
2007 wpabuf_head(msg), wpabuf_len(msg),
2008 wait_time, wpas_dpp_tx_pkex_status, 0);
2009 wpabuf_free(msg);
2010
2011 wpas_dpp_pkex_finish(wpa_s, src, freq);
2012 }
2013
2014
2015 static void
2016 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2017 const u8 *hdr, const u8 *buf, size_t len,
2018 unsigned int freq)
2019 {
2020 int res;
2021 struct dpp_bootstrap_info *bi;
2022 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
2023 char cmd[500];
2024
2025 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
2026 MAC2STR(src));
2027
2028 if (!pkex || !pkex->initiator || !pkex->exchange_done) {
2029 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
2030 return;
2031 }
2032
2033 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
2034 if (res < 0) {
2035 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
2036 return;
2037 }
2038
2039 bi = wpas_dpp_pkex_finish(wpa_s, src, freq);
2040 if (!bi)
2041 return;
2042
2043 os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
2044 bi->id,
2045 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
2046 wpa_printf(MSG_DEBUG,
2047 "DPP: Start authentication after PKEX with parameters: %s",
2048 cmd);
2049 if (wpas_dpp_auth_init(wpa_s, cmd) < 0) {
2050 wpa_printf(MSG_DEBUG,
2051 "DPP: Authentication initialization failed");
2052 return;
2053 }
2054 }
2055
2056
2057 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
2058 const u8 *buf, size_t len, unsigned int freq)
2059 {
2060 u8 crypto_suite;
2061 enum dpp_public_action_frame_type type;
2062 const u8 *hdr;
2063 unsigned int pkex_t;
2064
2065 if (len < DPP_HDR_LEN)
2066 return;
2067 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
2068 return;
2069 hdr = buf;
2070 buf += 4;
2071 len -= 4;
2072 crypto_suite = *buf++;
2073 type = *buf++;
2074 len -= 2;
2075
2076 wpa_printf(MSG_DEBUG,
2077 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
2078 MACSTR " freq=%u",
2079 crypto_suite, type, MAC2STR(src), freq);
2080 if (crypto_suite != 1) {
2081 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
2082 crypto_suite);
2083 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
2084 " freq=%u type=%d ignore=unsupported-crypto-suite",
2085 MAC2STR(src), freq, type);
2086 return;
2087 }
2088 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
2089 if (dpp_check_attrs(buf, len) < 0) {
2090 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
2091 " freq=%u type=%d ignore=invalid-attributes",
2092 MAC2STR(src), freq, type);
2093 return;
2094 }
2095 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d",
2096 MAC2STR(src), freq, type);
2097
2098 switch (type) {
2099 case DPP_PA_AUTHENTICATION_REQ:
2100 wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
2101 break;
2102 case DPP_PA_AUTHENTICATION_RESP:
2103 wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq);
2104 break;
2105 case DPP_PA_AUTHENTICATION_CONF:
2106 wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
2107 break;
2108 case DPP_PA_PEER_DISCOVERY_RESP:
2109 wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
2110 break;
2111 case DPP_PA_PKEX_EXCHANGE_REQ:
2112 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq);
2113 break;
2114 case DPP_PA_PKEX_EXCHANGE_RESP:
2115 wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
2116 break;
2117 case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
2118 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
2119 freq);
2120 break;
2121 case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
2122 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
2123 freq);
2124 break;
2125 #ifdef CONFIG_DPP2
2126 case DPP_PA_CONFIGURATION_RESULT:
2127 wpas_dpp_rx_conf_result(wpa_s, src, hdr, buf, len);
2128 break;
2129 case DPP_PA_CONNECTION_STATUS_RESULT:
2130 wpas_dpp_rx_conn_status_result(wpa_s, src, hdr, buf, len);
2131 break;
2132 #endif /* CONFIG_DPP2 */
2133 default:
2134 wpa_printf(MSG_DEBUG,
2135 "DPP: Ignored unsupported frame subtype %d", type);
2136 break;
2137 }
2138
2139 if (wpa_s->dpp_pkex)
2140 pkex_t = wpa_s->dpp_pkex->t;
2141 else if (wpa_s->dpp_pkex_bi)
2142 pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
2143 else
2144 pkex_t = 0;
2145 if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
2146 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
2147 wpas_dpp_pkex_remove(wpa_s, "*");
2148 }
2149 }
2150
2151
2152 static struct wpabuf *
2153 wpas_dpp_gas_req_handler(void *ctx, const u8 *sa, const u8 *query,
2154 size_t query_len)
2155 {
2156 struct wpa_supplicant *wpa_s = ctx;
2157 struct dpp_authentication *auth = wpa_s->dpp_auth;
2158 struct wpabuf *resp;
2159
2160 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
2161 MAC2STR(sa));
2162 if (!auth || !auth->auth_success ||
2163 os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) {
2164 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
2165 return NULL;
2166 }
2167
2168 if (wpa_s->dpp_auth_ok_on_ack && auth->configurator) {
2169 wpa_printf(MSG_DEBUG,
2170 "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request");
2171 /* wpas_dpp_auth_success() would normally have been called from
2172 * TX status handler, but since there was no such handler call
2173 * yet, simply send out the event message and proceed with
2174 * exchange. */
2175 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=1");
2176 wpa_s->dpp_auth_ok_on_ack = 0;
2177 }
2178
2179 wpa_hexdump(MSG_DEBUG,
2180 "DPP: Received Configuration Request (GAS Query Request)",
2181 query, query_len);
2182 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR,
2183 MAC2STR(sa));
2184 resp = dpp_conf_req_rx(auth, query, query_len);
2185 if (!resp)
2186 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2187 auth->conf_resp = resp;
2188 return resp;
2189 }
2190
2191
2192 static void
2193 wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
2194 {
2195 struct wpa_supplicant *wpa_s = ctx;
2196 struct dpp_authentication *auth = wpa_s->dpp_auth;
2197
2198 if (!auth) {
2199 wpabuf_free(resp);
2200 return;
2201 }
2202 if (auth->conf_resp != resp) {
2203 wpa_printf(MSG_DEBUG,
2204 "DPP: Ignore GAS status report (ok=%d) for unknown response",
2205 ok);
2206 wpabuf_free(resp);
2207 return;
2208 }
2209
2210 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
2211 ok);
2212 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
2213 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
2214 #ifdef CONFIG_DPP2
2215 if (ok && auth->peer_version >= 2 &&
2216 auth->conf_resp_status == DPP_STATUS_OK) {
2217 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
2218 auth->waiting_conf_result = 1;
2219 auth->conf_resp = NULL;
2220 wpabuf_free(resp);
2221 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
2222 wpa_s, NULL);
2223 eloop_register_timeout(2, 0,
2224 wpas_dpp_config_result_wait_timeout,
2225 wpa_s, NULL);
2226 return;
2227 }
2228 #endif /* CONFIG_DPP2 */
2229 offchannel_send_action_done(wpa_s);
2230 wpas_dpp_listen_stop(wpa_s);
2231 if (ok)
2232 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
2233 else
2234 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2235 dpp_auth_deinit(wpa_s->dpp_auth);
2236 wpa_s->dpp_auth = NULL;
2237 wpabuf_free(resp);
2238 }
2239
2240
2241 int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
2242 {
2243 struct dpp_authentication *auth;
2244 int ret = -1;
2245 char *curve = NULL;
2246
2247 auth = os_zalloc(sizeof(*auth));
2248 if (!auth)
2249 return -1;
2250
2251 curve = get_param(cmd, " curve=");
2252 wpas_dpp_set_testing_options(wpa_s, auth);
2253 if (dpp_set_configurator(wpa_s->dpp, wpa_s, auth, cmd) == 0 &&
2254 dpp_configurator_own_config(auth, curve, 0) == 0)
2255 ret = wpas_dpp_handle_config_obj(wpa_s, auth,
2256 &auth->conf_obj[0]);
2257 if (!ret)
2258 wpas_dpp_post_process_config(wpa_s, auth);
2259
2260 dpp_auth_deinit(auth);
2261 os_free(curve);
2262
2263 return ret;
2264 }
2265
2266
2267 static void
2268 wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
2269 unsigned int freq, const u8 *dst,
2270 const u8 *src, const u8 *bssid,
2271 const u8 *data, size_t data_len,
2272 enum offchannel_send_action_result result)
2273 {
2274 const char *res_txt;
2275
2276 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
2277 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
2278 "FAILED");
2279 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
2280 " result=%s (DPP Peer Discovery Request)",
2281 freq, MAC2STR(dst), res_txt);
2282 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
2283 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
2284 /* TODO: Time out wait for response more quickly in error cases? */
2285 }
2286
2287
2288 int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
2289 struct wpa_bss *bss)
2290 {
2291 struct os_time now;
2292 struct wpabuf *msg;
2293 unsigned int wait_time;
2294 const u8 *rsn;
2295 struct wpa_ie_data ied;
2296
2297 if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
2298 return 0; /* Not using DPP AKM - continue */
2299 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
2300 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
2301 !(ied.key_mgmt & WPA_KEY_MGMT_DPP))
2302 return 0; /* AP does not support DPP AKM - continue */
2303 if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid))
2304 return 0; /* PMKSA exists for DPP AKM - continue */
2305
2306 if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2307 !ssid->dpp_csign) {
2308 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
2309 "missing %s",
2310 !ssid->dpp_connector ? "Connector" :
2311 (!ssid->dpp_netaccesskey ? "netAccessKey" :
2312 "C-sign-key"));
2313 return -1;
2314 }
2315
2316 os_get_time(&now);
2317
2318 if (ssid->dpp_netaccesskey_expiry &&
2319 (os_time_t) ssid->dpp_netaccesskey_expiry < now.sec) {
2320 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
2321 "netAccessKey expired");
2322 return -1;
2323 }
2324
2325 wpa_printf(MSG_DEBUG,
2326 "DPP: Starting network introduction protocol to derive PMKSA for "
2327 MACSTR, MAC2STR(bss->bssid));
2328
2329 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ,
2330 5 + 4 + os_strlen(ssid->dpp_connector));
2331 if (!msg)
2332 return -1;
2333
2334 #ifdef CONFIG_TESTING_OPTIONS
2335 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) {
2336 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
2337 goto skip_trans_id;
2338 }
2339 if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ) {
2340 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID");
2341 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
2342 wpabuf_put_le16(msg, 0);
2343 goto skip_trans_id;
2344 }
2345 #endif /* CONFIG_TESTING_OPTIONS */
2346
2347 /* Transaction ID */
2348 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
2349 wpabuf_put_le16(msg, 1);
2350 wpabuf_put_u8(msg, TRANSACTION_ID);
2351
2352 #ifdef CONFIG_TESTING_OPTIONS
2353 skip_trans_id:
2354 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) {
2355 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
2356 goto skip_connector;
2357 }
2358 if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
2359 char *connector;
2360
2361 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
2362 connector = dpp_corrupt_connector_signature(
2363 ssid->dpp_connector);
2364 if (!connector) {
2365 wpabuf_free(msg);
2366 return -1;
2367 }
2368 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
2369 wpabuf_put_le16(msg, os_strlen(connector));
2370 wpabuf_put_str(msg, connector);
2371 os_free(connector);
2372 goto skip_connector;
2373 }
2374 #endif /* CONFIG_TESTING_OPTIONS */
2375
2376 /* DPP Connector */
2377 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
2378 wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
2379 wpabuf_put_str(msg, ssid->dpp_connector);
2380
2381 #ifdef CONFIG_TESTING_OPTIONS
2382 skip_connector:
2383 #endif /* CONFIG_TESTING_OPTIONS */
2384
2385 /* TODO: Timeout on AP response */
2386 wait_time = wpa_s->max_remain_on_chan;
2387 if (wait_time > 2000)
2388 wait_time = 2000;
2389 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2390 MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ);
2391 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
2392 broadcast,
2393 wpabuf_head(msg), wpabuf_len(msg),
2394 wait_time, wpas_dpp_tx_introduction_status, 0);
2395 wpabuf_free(msg);
2396
2397 /* Request this connection attempt to terminate - new one will be
2398 * started when network introduction protocol completes */
2399 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
2400 wpa_s->dpp_intro_network = ssid;
2401 return 1;
2402 }
2403
2404
2405 int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
2406 {
2407 struct dpp_bootstrap_info *own_bi;
2408 const char *pos, *end;
2409 unsigned int wait_time;
2410
2411 pos = os_strstr(cmd, " own=");
2412 if (!pos)
2413 return -1;
2414 pos += 5;
2415 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
2416 if (!own_bi) {
2417 wpa_printf(MSG_DEBUG,
2418 "DPP: Identified bootstrap info not found");
2419 return -1;
2420 }
2421 if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
2422 wpa_printf(MSG_DEBUG,
2423 "DPP: Identified bootstrap info not for PKEX");
2424 return -1;
2425 }
2426 wpa_s->dpp_pkex_bi = own_bi;
2427 own_bi->pkex_t = 0; /* clear pending errors on new code */
2428
2429 os_free(wpa_s->dpp_pkex_identifier);
2430 wpa_s->dpp_pkex_identifier = NULL;
2431 pos = os_strstr(cmd, " identifier=");
2432 if (pos) {
2433 pos += 12;
2434 end = os_strchr(pos, ' ');
2435 if (!end)
2436 return -1;
2437 wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1);
2438 if (!wpa_s->dpp_pkex_identifier)
2439 return -1;
2440 os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos);
2441 wpa_s->dpp_pkex_identifier[end - pos] = '\0';
2442 }
2443
2444 pos = os_strstr(cmd, " code=");
2445 if (!pos)
2446 return -1;
2447 os_free(wpa_s->dpp_pkex_code);
2448 wpa_s->dpp_pkex_code = os_strdup(pos + 6);
2449 if (!wpa_s->dpp_pkex_code)
2450 return -1;
2451
2452 if (os_strstr(cmd, " init=1")) {
2453 struct dpp_pkex *pkex;
2454 struct wpabuf *msg;
2455
2456 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEX");
2457 dpp_pkex_free(wpa_s->dpp_pkex);
2458 wpa_s->dpp_pkex = dpp_pkex_init(wpa_s, own_bi, wpa_s->own_addr,
2459 wpa_s->dpp_pkex_identifier,
2460 wpa_s->dpp_pkex_code);
2461 pkex = wpa_s->dpp_pkex;
2462 if (!pkex)
2463 return -1;
2464
2465 msg = pkex->exchange_req;
2466 wait_time = wpa_s->max_remain_on_chan;
2467 if (wait_time > 2000)
2468 wait_time = 2000;
2469 pkex->freq = 2437;
2470 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
2471 " freq=%u type=%d",
2472 MAC2STR(broadcast), pkex->freq,
2473 DPP_PA_PKEX_EXCHANGE_REQ);
2474 offchannel_send_action(wpa_s, pkex->freq, broadcast,
2475 wpa_s->own_addr, broadcast,
2476 wpabuf_head(msg), wpabuf_len(msg),
2477 wait_time, wpas_dpp_tx_pkex_status, 0);
2478 if (wait_time == 0)
2479 wait_time = 2000;
2480 pkex->exch_req_wait_time = wait_time;
2481 pkex->exch_req_tries = 1;
2482 }
2483
2484 /* TODO: Support multiple PKEX info entries */
2485
2486 os_free(wpa_s->dpp_pkex_auth_cmd);
2487 wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd);
2488
2489 return 1;
2490 }
2491
2492
2493 int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id)
2494 {
2495 unsigned int id_val;
2496
2497 if (os_strcmp(id, "*") == 0) {
2498 id_val = 0;
2499 } else {
2500 id_val = atoi(id);
2501 if (id_val == 0)
2502 return -1;
2503 }
2504
2505 if ((id_val != 0 && id_val != 1) || !wpa_s->dpp_pkex_code)
2506 return -1;
2507
2508 /* TODO: Support multiple PKEX entries */
2509 os_free(wpa_s->dpp_pkex_code);
2510 wpa_s->dpp_pkex_code = NULL;
2511 os_free(wpa_s->dpp_pkex_identifier);
2512 wpa_s->dpp_pkex_identifier = NULL;
2513 os_free(wpa_s->dpp_pkex_auth_cmd);
2514 wpa_s->dpp_pkex_auth_cmd = NULL;
2515 wpa_s->dpp_pkex_bi = NULL;
2516 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
2517 dpp_pkex_free(wpa_s->dpp_pkex);
2518 wpa_s->dpp_pkex = NULL;
2519 return 0;
2520 }
2521
2522
2523 void wpas_dpp_stop(struct wpa_supplicant *wpa_s)
2524 {
2525 dpp_auth_deinit(wpa_s->dpp_auth);
2526 wpa_s->dpp_auth = NULL;
2527 dpp_pkex_free(wpa_s->dpp_pkex);
2528 wpa_s->dpp_pkex = NULL;
2529 if (wpa_s->dpp_gas_client && wpa_s->dpp_gas_dialog_token >= 0)
2530 gas_query_stop(wpa_s->gas, wpa_s->dpp_gas_dialog_token);
2531 }
2532
2533
2534 int wpas_dpp_init(struct wpa_supplicant *wpa_s)
2535 {
2536 struct dpp_global_config config;
2537 u8 adv_proto_id[7];
2538
2539 adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
2540 adv_proto_id[1] = 5;
2541 WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
2542 adv_proto_id[5] = DPP_OUI_TYPE;
2543 adv_proto_id[6] = 0x01;
2544
2545 if (gas_server_register(wpa_s->gas_server, adv_proto_id,
2546 sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
2547 wpas_dpp_gas_status_handler, wpa_s) < 0)
2548 return -1;
2549
2550 os_memset(&config, 0, sizeof(config));
2551 config.msg_ctx = wpa_s;
2552 config.cb_ctx = wpa_s;
2553 #ifdef CONFIG_DPP2
2554 config.process_conf_obj = wpas_dpp_process_conf_obj;
2555 #endif /* CONFIG_DPP2 */
2556 wpa_s->dpp = dpp_global_init(&config);
2557 return wpa_s->dpp ? 0 : -1;
2558 }
2559
2560
2561 void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
2562 {
2563 #ifdef CONFIG_TESTING_OPTIONS
2564 os_free(wpa_s->dpp_config_obj_override);
2565 wpa_s->dpp_config_obj_override = NULL;
2566 os_free(wpa_s->dpp_discovery_override);
2567 wpa_s->dpp_discovery_override = NULL;
2568 os_free(wpa_s->dpp_groups_override);
2569 wpa_s->dpp_groups_override = NULL;
2570 wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
2571 #endif /* CONFIG_TESTING_OPTIONS */
2572 if (!wpa_s->dpp)
2573 return;
2574 dpp_global_clear(wpa_s->dpp);
2575 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
2576 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
2577 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
2578 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
2579 #ifdef CONFIG_DPP2
2580 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
2581 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
2582 wpa_s, NULL);
2583 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
2584 dpp_pfs_free(wpa_s->dpp_pfs);
2585 wpa_s->dpp_pfs = NULL;
2586 #endif /* CONFIG_DPP2 */
2587 offchannel_send_action_done(wpa_s);
2588 wpas_dpp_listen_stop(wpa_s);
2589 wpas_dpp_stop(wpa_s);
2590 wpas_dpp_pkex_remove(wpa_s, "*");
2591 os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
2592 os_free(wpa_s->dpp_configurator_params);
2593 wpa_s->dpp_configurator_params = NULL;
2594 }
2595
2596
2597 #ifdef CONFIG_DPP2
2598 int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd)
2599 {
2600 struct dpp_controller_config config;
2601 const char *pos;
2602
2603 os_memset(&config, 0, sizeof(config));
2604 if (cmd) {
2605 pos = os_strstr(cmd, " tcp_port=");
2606 if (pos) {
2607 pos += 10;
2608 config.tcp_port = atoi(pos);
2609 }
2610 }
2611 config.configurator_params = wpa_s->dpp_configurator_params;
2612 return dpp_controller_start(wpa_s->dpp, &config);
2613 }
2614 #endif /* CONFIG_DPP2 */
Unnamed repository; edit this file 'description' to name the repository.