]> git.ipfire.org Git - thirdparty/hostap.git/blob - wpa_supplicant/dpp_supplicant.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
DPP: Network Introduction protocol for wpa_supplicant
[thirdparty/hostap.git] / wpa_supplicant / dpp_supplicant.c
1 /*
2 * wpa_supplicant - DPP
3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/dpp.h"
14 #include "common/gas.h"
15 #include "common/gas_server.h"
16 #include "rsn_supp/wpa.h"
17 #include "rsn_supp/pmksa_cache.h"
18 #include "wpa_supplicant_i.h"
19 #include "config.h"
20 #include "driver_i.h"
21 #include "offchannel.h"
22 #include "gas_query.h"
23 #include "bss.h"
24 #include "scan.h"
25 #include "dpp_supplicant.h"
26
27
28 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
29 unsigned int freq);
30 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
31 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
32 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
33 unsigned int freq, const u8 *dst,
34 const u8 *src, const u8 *bssid,
35 const u8 *data, size_t data_len,
36 enum offchannel_send_action_result result);
37
38 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
39
40
41 static struct dpp_configurator *
42 dpp_configurator_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
43 {
44 struct dpp_configurator *conf;
45
46 dl_list_for_each(conf, &wpa_s->dpp_configurator,
47 struct dpp_configurator, list) {
48 if (conf->id == id)
49 return conf;
50 }
51 return NULL;
52 }
53
54
55 static unsigned int wpas_dpp_next_id(struct wpa_supplicant *wpa_s)
56 {
57 struct dpp_bootstrap_info *bi;
58 unsigned int max_id = 0;
59
60 dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info,
61 list) {
62 if (bi->id > max_id)
63 max_id = bi->id;
64 }
65 return max_id + 1;
66 }
67
68
69 /**
70 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
71 * @wpa_s: Pointer to wpa_supplicant data
72 * @cmd: DPP URI read from a QR Code
73 * Returns: Identifier of the stored info or -1 on failure
74 */
75 int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
76 {
77 struct dpp_bootstrap_info *bi;
78 struct dpp_authentication *auth = wpa_s->dpp_auth;
79
80 bi = dpp_parse_qr_code(cmd);
81 if (!bi)
82 return -1;
83
84 bi->id = wpas_dpp_next_id(wpa_s);
85 dl_list_add(&wpa_s->dpp_bootstrap, &bi->list);
86
87 if (auth && auth->response_pending &&
88 dpp_notify_new_qr_code(auth, bi) == 1) {
89 struct wpabuf *msg;
90
91 wpa_printf(MSG_DEBUG,
92 "DPP: Sending out pending authentication response");
93 msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_RESP,
94 wpabuf_len(auth->resp_attr));
95 if (!msg)
96 goto out;
97 wpabuf_put_buf(msg, wpa_s->dpp_auth->resp_attr);
98
99 offchannel_send_action(wpa_s, auth->curr_freq,
100 auth->peer_mac_addr, wpa_s->own_addr,
101 broadcast,
102 wpabuf_head(msg), wpabuf_len(msg),
103 500, wpas_dpp_tx_status, 0);
104 wpabuf_free(msg);
105 }
106
107 out:
108 return bi->id;
109 }
110
111
112 static char * get_param(const char *cmd, const char *param)
113 {
114 const char *pos, *end;
115 char *val;
116 size_t len;
117
118 pos = os_strstr(cmd, param);
119 if (!pos)
120 return NULL;
121
122 pos += os_strlen(param);
123 end = os_strchr(pos, ' ');
124 if (end)
125 len = end - pos;
126 else
127 len = os_strlen(pos);
128 val = os_malloc(len + 1);
129 if (!val)
130 return NULL;
131 os_memcpy(val, pos, len);
132 val[len] = '\0';
133 return val;
134 }
135
136
137 int wpas_dpp_bootstrap_gen(struct wpa_supplicant *wpa_s, const char *cmd)
138 {
139 char *chan = NULL, *mac = NULL, *info = NULL, *pk = NULL, *curve = NULL;
140 char *key = NULL;
141 u8 *privkey = NULL;
142 size_t privkey_len = 0;
143 size_t len;
144 int ret = -1;
145 struct dpp_bootstrap_info *bi;
146
147 bi = os_zalloc(sizeof(*bi));
148 if (!bi)
149 goto fail;
150
151 if (os_strstr(cmd, "type=qrcode"))
152 bi->type = DPP_BOOTSTRAP_QR_CODE;
153 else
154 goto fail;
155
156 chan = get_param(cmd, " chan=");
157 mac = get_param(cmd, " mac=");
158 info = get_param(cmd, " info=");
159 curve = get_param(cmd, " curve=");
160 key = get_param(cmd, " key=");
161
162 if (key) {
163 privkey_len = os_strlen(key) / 2;
164 privkey = os_malloc(privkey_len);
165 if (!privkey ||
166 hexstr2bin(key, privkey, privkey_len) < 0)
167 goto fail;
168 }
169
170 pk = dpp_keygen(bi, curve, privkey, privkey_len);
171 if (!pk)
172 goto fail;
173
174 len = 4; /* "DPP:" */
175 if (chan) {
176 if (dpp_parse_uri_chan_list(bi, chan) < 0)
177 goto fail;
178 len += 3 + os_strlen(chan); /* C:...; */
179 }
180 if (mac) {
181 if (dpp_parse_uri_mac(bi, mac) < 0)
182 goto fail;
183 len += 3 + os_strlen(mac); /* M:...; */
184 }
185 if (info) {
186 if (dpp_parse_uri_info(bi, info) < 0)
187 goto fail;
188 len += 3 + os_strlen(info); /* I:...; */
189 }
190 len += 4 + os_strlen(pk);
191 bi->uri = os_malloc(len + 1);
192 if (!bi->uri)
193 goto fail;
194 os_snprintf(bi->uri, len + 1, "DPP:%s%s%s%s%s%s%s%s%sK:%s;;",
195 chan ? "C:" : "", chan ? chan : "", chan ? ";" : "",
196 mac ? "M:" : "", mac ? mac : "", mac ? ";" : "",
197 info ? "I:" : "", info ? info : "", info ? ";" : "",
198 pk);
199 bi->id = wpas_dpp_next_id(wpa_s);
200 dl_list_add(&wpa_s->dpp_bootstrap, &bi->list);
201 ret = bi->id;
202 bi = NULL;
203 fail:
204 os_free(curve);
205 os_free(pk);
206 os_free(chan);
207 os_free(mac);
208 os_free(info);
209 str_clear_free(key);
210 bin_clear_free(privkey, privkey_len);
211 dpp_bootstrap_info_free(bi);
212 return ret;
213 }
214
215
216 static struct dpp_bootstrap_info *
217 dpp_bootstrap_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
218 {
219 struct dpp_bootstrap_info *bi;
220
221 dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info,
222 list) {
223 if (bi->id == id)
224 return bi;
225 }
226 return NULL;
227 }
228
229
230 static int dpp_bootstrap_del(struct wpa_supplicant *wpa_s, unsigned int id)
231 {
232 struct dpp_bootstrap_info *bi, *tmp;
233 int found = 0;
234
235 dl_list_for_each_safe(bi, tmp, &wpa_s->dpp_bootstrap,
236 struct dpp_bootstrap_info, list) {
237 if (id && bi->id != id)
238 continue;
239 found = 1;
240 dl_list_del(&bi->list);
241 dpp_bootstrap_info_free(bi);
242 }
243
244 if (id == 0)
245 return 0; /* flush succeeds regardless of entries found */
246 return found ? 0 : -1;
247 }
248
249
250 int wpas_dpp_bootstrap_remove(struct wpa_supplicant *wpa_s, const char *id)
251 {
252 unsigned int id_val;
253
254 if (os_strcmp(id, "*") == 0) {
255 id_val = 0;
256 } else {
257 id_val = atoi(id);
258 if (id_val == 0)
259 return -1;
260 }
261
262 return dpp_bootstrap_del(wpa_s, id_val);
263 }
264
265
266 const char * wpas_dpp_bootstrap_get_uri(struct wpa_supplicant *wpa_s,
267 unsigned int id)
268 {
269 struct dpp_bootstrap_info *bi;
270
271 bi = dpp_bootstrap_get_id(wpa_s, id);
272 if (!bi)
273 return NULL;
274 return bi->uri;
275 }
276
277
278 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
279 unsigned int freq, const u8 *dst,
280 const u8 *src, const u8 *bssid,
281 const u8 *data, size_t data_len,
282 enum offchannel_send_action_result result)
283 {
284 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
285 " result=%s",
286 freq, MAC2STR(dst),
287 result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
288 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
289 "FAILED"));
290
291 if (!wpa_s->dpp_auth) {
292 wpa_printf(MSG_DEBUG,
293 "DPP: Ignore TX status since there is no ongoing authentication exchange");
294 return;
295 }
296
297 if (wpa_s->dpp_auth->remove_on_tx_status) {
298 wpa_printf(MSG_DEBUG,
299 "DPP: Terminate authentication exchange due to an earlier error");
300 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
301 offchannel_send_action_done(wpa_s);
302 dpp_auth_deinit(wpa_s->dpp_auth);
303 wpa_s->dpp_auth = NULL;
304 return;
305 }
306
307 if (wpa_s->dpp_auth_ok_on_ack)
308 wpas_dpp_auth_success(wpa_s, 1);
309
310 if (!is_broadcast_ether_addr(dst) &&
311 result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
312 wpa_printf(MSG_DEBUG,
313 "DPP: Unicast DPP Action frame was not ACKed");
314 /* TODO: In case of DPP Authentication Request frame, move to
315 * the next channel immediately */
316 }
317 }
318
319
320 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
321 {
322 struct wpa_supplicant *wpa_s = eloop_ctx;
323
324 if (!wpa_s->dpp_auth)
325 return;
326 wpa_printf(MSG_DEBUG, "DPP: Continue reply wait on channel %u MHz",
327 wpa_s->dpp_auth->curr_freq);
328 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->curr_freq);
329 }
330
331
332 static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
333 struct dpp_authentication *auth)
334 {
335 #ifdef CONFIG_TESTING_OPTIONS
336 if (wpa_s->dpp_config_obj_override)
337 auth->config_obj_override =
338 os_strdup(wpa_s->dpp_config_obj_override);
339 if (wpa_s->dpp_discovery_override)
340 auth->discovery_override =
341 os_strdup(wpa_s->dpp_discovery_override);
342 if (wpa_s->dpp_groups_override)
343 auth->groups_override =
344 os_strdup(wpa_s->dpp_groups_override);
345 if (wpa_s->dpp_devices_override)
346 auth->devices_override =
347 os_strdup(wpa_s->dpp_devices_override);
348 auth->ignore_netaccesskey_mismatch =
349 wpa_s->dpp_ignore_netaccesskey_mismatch;
350 #endif /* CONFIG_TESTING_OPTIONS */
351 }
352
353
354 int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
355 {
356 const char *pos;
357 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
358 struct wpabuf *msg;
359 const u8 *dst;
360 int res;
361 int configurator = 1;
362 unsigned int wait_time;
363 struct dpp_configuration *conf_sta = NULL, *conf_ap = NULL;
364 struct dpp_configurator *conf = NULL;
365
366 wpa_s->dpp_gas_client = 0;
367
368 pos = os_strstr(cmd, " peer=");
369 if (!pos)
370 return -1;
371 pos += 6;
372 peer_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos));
373 if (!peer_bi) {
374 wpa_printf(MSG_INFO,
375 "DPP: Could not find bootstrapping info for the identified peer");
376 return -1;
377 }
378
379 pos = os_strstr(cmd, " own=");
380 if (pos) {
381 pos += 5;
382 own_bi = dpp_bootstrap_get_id(wpa_s, atoi(pos));
383 if (!own_bi) {
384 wpa_printf(MSG_INFO,
385 "DPP: Could not find bootstrapping info for the identified local entry");
386 return -1;
387 }
388
389 if (peer_bi->curve != own_bi->curve) {
390 wpa_printf(MSG_INFO,
391 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
392 peer_bi->curve->name, own_bi->curve->name);
393 return -1;
394 }
395 }
396
397 pos = os_strstr(cmd, " role=");
398 if (pos) {
399 pos += 6;
400 if (os_strncmp(pos, "configurator", 12) == 0)
401 configurator = 1;
402 else if (os_strncmp(pos, "enrollee", 8) == 0)
403 configurator = 0;
404 else
405 goto fail;
406 }
407
408 pos = os_strstr(cmd, " netrole=");
409 if (pos) {
410 pos += 9;
411 wpa_s->dpp_netrole_ap = os_strncmp(pos, "ap", 2) == 0;
412 }
413
414 if (os_strstr(cmd, " conf=sta-")) {
415 conf_sta = os_zalloc(sizeof(struct dpp_configuration));
416 if (!conf_sta)
417 goto fail;
418 /* TODO: Configuration of network parameters from upper layers
419 */
420 os_memcpy(conf_sta->ssid, "test", 4);
421 conf_sta->ssid_len = 4;
422 if (os_strstr(cmd, " conf=sta-psk")) {
423 conf_sta->dpp = 0;
424 conf_sta->passphrase = os_strdup("secret passphrase");
425 if (!conf_sta->passphrase)
426 goto fail;
427 } else if (os_strstr(cmd, " conf=sta-dpp")) {
428 conf_sta->dpp = 1;
429 } else {
430 goto fail;
431 }
432 }
433
434 if (os_strstr(cmd, " conf=ap-")) {
435 conf_ap = os_zalloc(sizeof(struct dpp_configuration));
436 if (!conf_ap)
437 goto fail;
438 /* TODO: Configuration of network parameters from upper layers
439 */
440 os_memcpy(conf_ap->ssid, "test", 4);
441 conf_ap->ssid_len = 4;
442 if (os_strstr(cmd, " conf=ap-psk")) {
443 conf_ap->dpp = 0;
444 conf_ap->passphrase = os_strdup("secret passphrase");
445 if (!conf_ap->passphrase)
446 goto fail;
447 } else if (os_strstr(cmd, " conf=ap-dpp")) {
448 conf_ap->dpp = 1;
449 } else {
450 goto fail;
451 }
452 }
453
454 pos = os_strstr(cmd, " expiry=");
455 if (pos) {
456 long int val;
457
458 pos += 8;
459 val = strtol(pos, NULL, 0);
460 if (val <= 0)
461 goto fail;
462 if (conf_sta)
463 conf_sta->netaccesskey_expiry = val;
464 if (conf_ap)
465 conf_ap->netaccesskey_expiry = val;
466 }
467
468 pos = os_strstr(cmd, " configurator=");
469 if (pos) {
470 pos += 14;
471 conf = dpp_configurator_get_id(wpa_s, atoi(pos));
472 if (!conf) {
473 wpa_printf(MSG_INFO,
474 "DPP: Could not find the specified configurator");
475 goto fail;
476 }
477 }
478
479 if (wpa_s->dpp_auth) {
480 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
481 offchannel_send_action_done(wpa_s);
482 dpp_auth_deinit(wpa_s->dpp_auth);
483 }
484 wpa_s->dpp_auth = dpp_auth_init(wpa_s, peer_bi, own_bi, configurator);
485 if (!wpa_s->dpp_auth)
486 goto fail;
487 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
488 wpa_s->dpp_auth->conf_sta = conf_sta;
489 wpa_s->dpp_auth->conf_ap = conf_ap;
490 wpa_s->dpp_auth->conf = conf;
491
492 /* TODO: Support iteration over all frequencies and filtering of
493 * frequencies based on locally enabled channels that allow initiation
494 * of transmission. */
495 if (peer_bi->num_freq > 0)
496 wpa_s->dpp_auth->curr_freq = peer_bi->freq[0];
497 else
498 wpa_s->dpp_auth->curr_freq = 2412;
499
500 msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_REQ,
501 wpabuf_len(wpa_s->dpp_auth->req_attr));
502 if (!msg)
503 return -1;
504 wpabuf_put_buf(msg, wpa_s->dpp_auth->req_attr);
505
506 if (is_zero_ether_addr(peer_bi->mac_addr)) {
507 dst = broadcast;
508 } else {
509 dst = peer_bi->mac_addr;
510 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, peer_bi->mac_addr,
511 ETH_ALEN);
512 }
513 wpa_s->dpp_auth_ok_on_ack = 0;
514 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
515 wait_time = wpa_s->max_remain_on_chan;
516 if (wait_time > 2000)
517 wait_time = 2000;
518 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
519 wpas_dpp_reply_wait_timeout,
520 wpa_s, NULL);
521 res = offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
522 dst, wpa_s->own_addr, broadcast,
523 wpabuf_head(msg), wpabuf_len(msg),
524 wait_time, wpas_dpp_tx_status, 0);
525 wpabuf_free(msg);
526
527 return res;
528 fail:
529 dpp_configuration_free(conf_sta);
530 dpp_configuration_free(conf_ap);
531 return -1;
532 }
533
534
535 struct wpas_dpp_listen_work {
536 unsigned int freq;
537 unsigned int duration;
538 struct wpabuf *probe_resp_ie;
539 };
540
541
542 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
543 {
544 if (!lwork)
545 return;
546 os_free(lwork);
547 }
548
549
550 static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
551 {
552 struct wpas_dpp_listen_work *lwork;
553
554 if (!wpa_s->dpp_listen_work)
555 return;
556
557 lwork = wpa_s->dpp_listen_work->ctx;
558 wpas_dpp_listen_work_free(lwork);
559 radio_work_done(wpa_s->dpp_listen_work);
560 wpa_s->dpp_listen_work = NULL;
561 }
562
563
564 static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
565 {
566 struct wpa_supplicant *wpa_s = work->wpa_s;
567 struct wpas_dpp_listen_work *lwork = work->ctx;
568
569 if (deinit) {
570 if (work->started) {
571 wpa_s->dpp_listen_work = NULL;
572 wpas_dpp_listen_stop(wpa_s);
573 }
574 wpas_dpp_listen_work_free(lwork);
575 return;
576 }
577
578 wpa_s->dpp_listen_work = work;
579
580 wpa_s->dpp_pending_listen_freq = lwork->freq;
581
582 if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
583 wpa_s->max_remain_on_chan) < 0) {
584 wpa_printf(MSG_DEBUG,
585 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
586 lwork->freq);
587 wpas_dpp_listen_work_done(wpa_s);
588 wpa_s->dpp_pending_listen_freq = 0;
589 return;
590 }
591 wpa_s->off_channel_freq = 0;
592 wpa_s->roc_waiting_drv_freq = lwork->freq;
593 }
594
595
596 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
597 unsigned int freq)
598 {
599 struct wpas_dpp_listen_work *lwork;
600
601 if (wpa_s->dpp_listen_work) {
602 wpa_printf(MSG_DEBUG,
603 "DPP: Reject start_listen since dpp_listen_work already exists");
604 return -1;
605 }
606
607 if (wpa_s->dpp_listen_freq)
608 wpas_dpp_listen_stop(wpa_s);
609 wpa_s->dpp_listen_freq = freq;
610
611 lwork = os_zalloc(sizeof(*lwork));
612 if (!lwork)
613 return -1;
614 lwork->freq = freq;
615
616 if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
617 lwork) < 0) {
618 wpas_dpp_listen_work_free(lwork);
619 return -1;
620 }
621
622 return 0;
623 }
624
625
626 int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
627 {
628 int freq;
629
630 freq = atoi(cmd);
631 if (freq <= 0)
632 return -1;
633
634 if (os_strstr(cmd, " role=configurator"))
635 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
636 else if (os_strstr(cmd, " role=enrollee"))
637 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
638 else
639 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
640 DPP_CAPAB_ENROLLEE;
641 wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
642 wpa_s->dpp_netrole_ap = os_strstr(cmd, " netrole=ap") != NULL;
643 if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
644 wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
645 freq);
646 return 0;
647 }
648
649 return wpas_dpp_listen_start(wpa_s, freq);
650 }
651
652
653 void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
654 {
655 if (!wpa_s->dpp_listen_freq)
656 return;
657
658 wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
659 wpa_s->dpp_listen_freq);
660 wpa_drv_cancel_remain_on_channel(wpa_s);
661 wpa_s->dpp_listen_freq = 0;
662 wpas_dpp_listen_work_done(wpa_s);
663 }
664
665
666 void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
667 unsigned int freq)
668 {
669 if (!wpa_s->dpp_listen_freq && !wpa_s->dpp_pending_listen_freq)
670 return;
671
672 wpa_printf(MSG_DEBUG,
673 "DPP: remain-on-channel callback (off_channel_freq=%u dpp_pending_listen_freq=%d roc_waiting_drv_freq=%d freq=%u)",
674 wpa_s->off_channel_freq, wpa_s->dpp_pending_listen_freq,
675 wpa_s->roc_waiting_drv_freq, freq);
676 if (wpa_s->off_channel_freq &&
677 wpa_s->off_channel_freq == wpa_s->dpp_pending_listen_freq) {
678 wpa_printf(MSG_DEBUG, "DPP: Listen on %u MHz started", freq);
679 wpa_s->dpp_pending_listen_freq = 0;
680 } else {
681 wpa_printf(MSG_DEBUG,
682 "DPP: Ignore remain-on-channel callback (off_channel_freq=%u dpp_pending_listen_freq=%d freq=%u)",
683 wpa_s->off_channel_freq,
684 wpa_s->dpp_pending_listen_freq, freq);
685 }
686 }
687
688
689 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
690 unsigned int freq)
691 {
692 wpas_dpp_listen_work_done(wpa_s);
693
694 if (wpa_s->dpp_auth && !wpa_s->dpp_gas_client) {
695 /* Continue listen with a new remain-on-channel */
696 wpa_printf(MSG_DEBUG,
697 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
698 wpa_s->dpp_auth->curr_freq);
699 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->curr_freq);
700 return;
701 }
702
703 if (wpa_s->dpp_listen_freq) {
704 /* Continue listen with a new remain-on-channel */
705 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
706 }
707 }
708
709
710 static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
711 const u8 *buf, size_t len, unsigned int freq)
712 {
713 const u8 *r_bootstrap, *i_bootstrap, *wrapped_data;
714 u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len;
715 struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
716 struct wpabuf *msg;
717
718 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
719 MAC2STR(src));
720
721 wrapped_data = dpp_get_attr(buf, len, DPP_ATTR_WRAPPED_DATA,
722 &wrapped_data_len);
723 if (!wrapped_data) {
724 wpa_printf(MSG_DEBUG,
725 "DPP: Missing required Wrapped data attribute");
726 return;
727 }
728 wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped data",
729 wrapped_data, wrapped_data_len);
730
731 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
732 &r_bootstrap_len);
733 if (!r_bootstrap || r_bootstrap > wrapped_data ||
734 r_bootstrap_len != SHA256_MAC_LEN) {
735 wpa_printf(MSG_DEBUG,
736 "DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute");
737 return;
738 }
739 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
740 r_bootstrap, r_bootstrap_len);
741
742 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
743 &i_bootstrap_len);
744 if (!i_bootstrap || i_bootstrap > wrapped_data ||
745 i_bootstrap_len != SHA256_MAC_LEN) {
746 wpa_printf(MSG_DEBUG,
747 "DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute");
748 return;
749 }
750 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
751 i_bootstrap, i_bootstrap_len);
752
753 /* Try to find own and peer bootstrapping key matches based on the
754 * received hash values */
755 dl_list_for_each(bi, &wpa_s->dpp_bootstrap, struct dpp_bootstrap_info,
756 list) {
757 if (!own_bi && bi->own &&
758 os_memcmp(bi->pubkey_hash, r_bootstrap,
759 SHA256_MAC_LEN) == 0) {
760 wpa_printf(MSG_DEBUG,
761 "DPP: Found matching own bootstrapping information");
762 own_bi = bi;
763 }
764
765 if (!peer_bi && !bi->own &&
766 os_memcmp(bi->pubkey_hash, i_bootstrap,
767 SHA256_MAC_LEN) == 0) {
768 wpa_printf(MSG_DEBUG,
769 "DPP: Found matching peer bootstrapping information");
770 peer_bi = bi;
771 }
772
773 if (own_bi && peer_bi)
774 break;
775 }
776
777 if (!own_bi) {
778 wpa_printf(MSG_DEBUG,
779 "DPP: No matching own bootstrapping key found - ignore message");
780 return;
781 }
782
783 if (wpa_s->dpp_auth) {
784 wpa_printf(MSG_DEBUG,
785 "DPP: Already in DPP authentication exchange - ignore new one");
786 return;
787 }
788
789 wpa_s->dpp_gas_client = 0;
790 wpa_s->dpp_auth_ok_on_ack = 0;
791 wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles,
792 wpa_s->dpp_qr_mutual,
793 peer_bi, own_bi, freq, buf,
794 wrapped_data, wrapped_data_len);
795 if (!wpa_s->dpp_auth) {
796 wpa_printf(MSG_DEBUG, "DPP: No response generated");
797 return;
798 }
799 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
800 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
801
802 msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_RESP,
803 wpabuf_len(wpa_s->dpp_auth->resp_attr));
804 if (!msg)
805 return;
806 wpabuf_put_buf(msg, wpa_s->dpp_auth->resp_attr);
807
808 offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
809 src, wpa_s->own_addr, broadcast,
810 wpabuf_head(msg), wpabuf_len(msg),
811 500, wpas_dpp_tx_status, 0);
812 wpabuf_free(msg);
813 }
814
815
816 static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
817 {
818 /* TODO: stop wait and start ROC */
819 }
820
821
822 static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
823 enum gas_query_result result,
824 const struct wpabuf *adv_proto,
825 const struct wpabuf *resp, u16 status_code)
826 {
827 struct wpa_supplicant *wpa_s = ctx;
828 const u8 *pos;
829 struct dpp_authentication *auth = wpa_s->dpp_auth;
830
831 if (!auth || !auth->auth_success) {
832 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
833 return;
834 }
835 if (!resp || status_code != WLAN_STATUS_SUCCESS) {
836 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
837 goto fail;
838 }
839
840 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
841 adv_proto);
842 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
843 resp);
844
845 if (wpabuf_len(adv_proto) != 10 ||
846 !(pos = wpabuf_head(adv_proto)) ||
847 pos[0] != WLAN_EID_ADV_PROTO ||
848 pos[1] != 8 ||
849 pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
850 pos[4] != 5 ||
851 WPA_GET_BE24(&pos[5]) != OUI_WFA ||
852 pos[8] != 0x1a ||
853 pos[9] != 1) {
854 wpa_printf(MSG_DEBUG,
855 "DPP: Not a DPP Advertisement Protocol ID");
856 goto fail;
857 }
858
859 if (dpp_conf_resp_rx(auth, resp) < 0) {
860 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
861 goto fail;
862 }
863
864 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
865 if (auth->ssid_len)
866 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
867 wpa_ssid_txt(auth->ssid, auth->ssid_len));
868 if (auth->connector) {
869 /* TODO: Save the Connector and consider using a command
870 * to fetch the value instead of sending an event with
871 * it. The Connector could end up being larger than what
872 * most clients are ready to receive as an event
873 * message. */
874 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
875 auth->connector);
876 }
877 if (auth->c_sign_key) {
878 char *hex;
879 size_t hexlen;
880
881 hexlen = 2 * wpabuf_len(auth->c_sign_key) + 1;
882 hex = os_malloc(hexlen);
883 if (hex) {
884 wpa_snprintf_hex(hex, hexlen,
885 wpabuf_head(auth->c_sign_key),
886 wpabuf_len(auth->c_sign_key));
887 if (auth->c_sign_key_expiry)
888 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY
889 "%s %lu", hex,
890 (long unsigned)
891 auth->c_sign_key_expiry);
892 else
893 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY
894 "%s", hex);
895 os_free(hex);
896 }
897 }
898 if (auth->net_access_key) {
899 char *hex;
900 size_t hexlen;
901
902 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
903 hex = os_malloc(hexlen);
904 if (hex) {
905 wpa_snprintf_hex(hex, hexlen,
906 wpabuf_head(auth->net_access_key),
907 wpabuf_len(auth->net_access_key));
908 if (auth->net_access_key_expiry)
909 wpa_msg(wpa_s, MSG_INFO,
910 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
911 (long unsigned)
912 auth->net_access_key_expiry);
913 else
914 wpa_msg(wpa_s, MSG_INFO,
915 DPP_EVENT_NET_ACCESS_KEY "%s", hex);
916 os_free(hex);
917 }
918 }
919 dpp_auth_deinit(wpa_s->dpp_auth);
920 wpa_s->dpp_auth = NULL;
921 return;
922
923 fail:
924 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
925 dpp_auth_deinit(wpa_s->dpp_auth);
926 wpa_s->dpp_auth = NULL;
927 }
928
929
930 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
931 {
932 struct dpp_authentication *auth = wpa_s->dpp_auth;
933 struct wpabuf *buf, *conf_req;
934 char json[100];
935 int res;
936
937 wpa_s->dpp_gas_client = 1;
938 os_snprintf(json, sizeof(json),
939 "{\"name\":\"Test\","
940 "\"wi-fi_tech\":\"infra\","
941 "\"netRole\":\"%s\"}",
942 wpa_s->dpp_netrole_ap ? "ap" : "sta");
943 wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json);
944
945 offchannel_send_action_done(wpa_s);
946 wpas_dpp_listen_stop(wpa_s);
947
948 conf_req = dpp_build_conf_req(auth, json);
949 if (!conf_req) {
950 wpa_printf(MSG_DEBUG,
951 "DPP: No configuration request data available");
952 return;
953 }
954
955 buf = gas_build_initial_req(0, 10 + 2 + wpabuf_len(conf_req));
956 if (!buf) {
957 wpabuf_free(conf_req);
958 return;
959 }
960
961 /* Advertisement Protocol IE */
962 wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO);
963 wpabuf_put_u8(buf, 8); /* Length */
964 wpabuf_put_u8(buf, 0x7f);
965 wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
966 wpabuf_put_u8(buf, 5);
967 wpabuf_put_be24(buf, OUI_WFA);
968 wpabuf_put_u8(buf, DPP_OUI_TYPE);
969 wpabuf_put_u8(buf, 0x01);
970
971 /* GAS Query */
972 wpabuf_put_le16(buf, wpabuf_len(conf_req));
973 wpabuf_put_buf(buf, conf_req);
974 wpabuf_free(conf_req);
975
976 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
977 MAC2STR(auth->peer_mac_addr), auth->curr_freq);
978
979 res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
980 buf, wpas_dpp_gas_resp_cb, wpa_s);
981 if (res < 0) {
982 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
983 wpabuf_free(buf);
984 } else {
985 wpa_printf(MSG_DEBUG,
986 "DPP: GAS query started with dialog token %u", res);
987 }
988 }
989
990
991 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
992 {
993 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
994 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d", initiator);
995
996 if (wpa_s->dpp_auth->configurator)
997 wpas_dpp_start_gas_server(wpa_s);
998 else
999 wpas_dpp_start_gas_client(wpa_s);
1000 }
1001
1002
1003 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1004 const u8 *buf, size_t len)
1005 {
1006 struct dpp_authentication *auth = wpa_s->dpp_auth;
1007 struct wpabuf *msg, *attr;
1008
1009 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR,
1010 MAC2STR(src));
1011
1012 if (!auth) {
1013 wpa_printf(MSG_DEBUG,
1014 "DPP: No DPP Authentication in progress - drop");
1015 return;
1016 }
1017
1018 if (!is_zero_ether_addr(auth->peer_mac_addr) &&
1019 os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1020 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1021 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1022 return;
1023 }
1024
1025 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
1026
1027 attr = dpp_auth_resp_rx(auth, buf, len);
1028 if (!attr) {
1029 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
1030 wpa_printf(MSG_DEBUG,
1031 "DPP: Start wait for full response");
1032 offchannel_send_action_done(wpa_s);
1033 wpas_dpp_listen_start(wpa_s, auth->curr_freq);
1034 return;
1035 }
1036 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
1037 return;
1038 }
1039 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
1040
1041 msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_CONF, wpabuf_len(attr));
1042 if (!msg) {
1043 wpabuf_free(attr);
1044 return;
1045 }
1046 wpabuf_put_buf(msg, attr);
1047 wpabuf_free(attr);
1048
1049 offchannel_send_action(wpa_s, auth->curr_freq,
1050 src, wpa_s->own_addr, broadcast,
1051 wpabuf_head(msg), wpabuf_len(msg),
1052 500, wpas_dpp_tx_status, 0);
1053 wpabuf_free(msg);
1054 wpa_s->dpp_auth_ok_on_ack = 1;
1055 }
1056
1057
1058 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
1059 const u8 *buf, size_t len)
1060 {
1061 struct dpp_authentication *auth = wpa_s->dpp_auth;
1062
1063 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
1064 MAC2STR(src));
1065
1066 if (!auth) {
1067 wpa_printf(MSG_DEBUG,
1068 "DPP: No DPP Authentication in progress - drop");
1069 return;
1070 }
1071
1072 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1073 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1074 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1075 return;
1076 }
1077
1078 if (dpp_auth_conf_rx(auth, buf, len) < 0) {
1079 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
1080 return;
1081 }
1082
1083 wpas_dpp_auth_success(wpa_s, 0);
1084 }
1085
1086
1087 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
1088 const u8 *src,
1089 const u8 *buf, size_t len)
1090 {
1091 struct wpa_ssid *ssid;
1092 const u8 *connector, *pk_hash, *nk_hash;
1093 u16 connector_len, pk_hash_len, nk_hash_len;
1094 struct dpp_introduction intro;
1095 struct rsn_pmksa_cache_entry *entry;
1096
1097 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
1098 MAC2STR(src));
1099 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
1100 os_memcmp(src, wpa_s->dpp_intro_bssid, ETH_ALEN) != 0) {
1101 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
1102 MACSTR " - drop", MAC2STR(src));
1103 return;
1104 }
1105 offchannel_send_action_done(wpa_s);
1106
1107 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1108 if (ssid == wpa_s->dpp_intro_network)
1109 break;
1110 }
1111 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
1112 !ssid->dpp_csign) {
1113 wpa_printf(MSG_DEBUG,
1114 "DPP: Profile not found for network introduction");
1115 return;
1116 }
1117
1118 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
1119 if (!connector) {
1120 wpa_printf(MSG_DEBUG,
1121 "DPP: Peer did not include its Connector");
1122 return;
1123 }
1124
1125 if (dpp_peer_intro(&intro, ssid->dpp_connector,
1126 ssid->dpp_netaccesskey,
1127 ssid->dpp_netaccesskey_len,
1128 ssid->dpp_csign,
1129 ssid->dpp_csign_len,
1130 connector, connector_len) < 0) {
1131 wpa_printf(MSG_INFO,
1132 "DPP: Network Introduction protocol resulted in failure");
1133 goto fail;
1134 }
1135
1136 pk_hash = dpp_get_attr(buf, len, DPP_ATTR_PEER_NET_PK_HASH,
1137 &pk_hash_len);
1138 if (!pk_hash || pk_hash_len != SHA256_MAC_LEN) {
1139 wpa_printf(MSG_DEBUG, "DPP: Peer did not include SHA256(PK)");
1140 goto fail;
1141 }
1142 if (os_memcmp(pk_hash, intro.nk_hash, SHA256_MAC_LEN) != 0) {
1143 wpa_printf(MSG_DEBUG, "DPP: SHA256(PK) mismatch");
1144 wpa_hexdump(MSG_DEBUG, "DPP: Received SHA256(PK)",
1145 pk_hash, pk_hash_len);
1146 wpa_hexdump(MSG_DEBUG, "DPP: Calculated SHA256(PK)",
1147 intro.nk_hash, SHA256_MAC_LEN);
1148 goto fail;
1149 }
1150
1151 nk_hash = dpp_get_attr(buf, len, DPP_ATTR_OWN_NET_NK_HASH,
1152 &nk_hash_len);
1153 if (!nk_hash || nk_hash_len != SHA256_MAC_LEN) {
1154 wpa_printf(MSG_DEBUG, "DPP: Peer did not include SHA256(NK)");
1155 goto fail;
1156 }
1157 if (os_memcmp(nk_hash, intro.pk_hash, SHA256_MAC_LEN) != 0) {
1158 wpa_printf(MSG_DEBUG, "DPP: SHA256(NK) mismatch");
1159 wpa_hexdump(MSG_DEBUG, "DPP: Received SHA256(NK)",
1160 nk_hash, nk_hash_len);
1161 wpa_hexdump(MSG_DEBUG, "DPP: Calculated SHA256(NK)",
1162 intro.pk_hash, SHA256_MAC_LEN);
1163 goto fail;
1164 }
1165
1166 entry = os_zalloc(sizeof(*entry));
1167 if (!entry)
1168 goto fail;
1169 os_memcpy(entry->aa, src, ETH_ALEN);
1170 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
1171 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
1172 entry->pmk_len = intro.pmk_len;
1173 entry->akmp = WPA_KEY_MGMT_DPP;
1174 /* TODO: expiration */
1175 entry->network_ctx = ssid;
1176 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
1177
1178 wpa_printf(MSG_DEBUG,
1179 "DPP: Try connection again after successful network introduction");
1180 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
1181 wpa_supplicant_cancel_sched_scan(wpa_s);
1182 wpa_supplicant_req_scan(wpa_s, 0, 0);
1183 }
1184 fail:
1185 os_memset(&intro, 0, sizeof(intro));
1186 }
1187
1188
1189 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
1190 const u8 *buf, size_t len, unsigned int freq)
1191 {
1192 enum dpp_public_action_frame_type type;
1193
1194 if (len < 1)
1195 return;
1196 type = buf[0];
1197 buf++;
1198 len--;
1199
1200 wpa_printf(MSG_DEBUG,
1201 "DPP: Received DPP Public Action frame type %d from "
1202 MACSTR " freq=%u",
1203 type, MAC2STR(src), freq);
1204 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
1205 if (dpp_check_attrs(buf, len) < 0)
1206 return;
1207
1208 switch (type) {
1209 case DPP_PA_AUTHENTICATION_REQ:
1210 wpas_dpp_rx_auth_req(wpa_s, src, buf, len, freq);
1211 break;
1212 case DPP_PA_AUTHENTICATION_RESP:
1213 wpas_dpp_rx_auth_resp(wpa_s, src, buf, len);
1214 break;
1215 case DPP_PA_AUTHENTICATION_CONF:
1216 wpas_dpp_rx_auth_conf(wpa_s, src, buf, len);
1217 break;
1218 case DPP_PA_PEER_DISCOVERY_RESP:
1219 wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
1220 break;
1221 default:
1222 wpa_printf(MSG_DEBUG,
1223 "DPP: Ignored unsupported frame subtype %d", type);
1224 break;
1225 }
1226 }
1227
1228
1229 static struct wpabuf *
1230 wpas_dpp_gas_req_handler(void *ctx, const u8 *sa, const u8 *query,
1231 size_t query_len)
1232 {
1233 struct wpa_supplicant *wpa_s = ctx;
1234 struct dpp_authentication *auth = wpa_s->dpp_auth;
1235 struct wpabuf *resp;
1236
1237 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
1238 MAC2STR(sa));
1239 if (!auth || !auth->auth_success ||
1240 os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) {
1241 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1242 return NULL;
1243 }
1244 wpa_hexdump(MSG_DEBUG,
1245 "DPP: Received Configuration Request (GAS Query Request)",
1246 query, query_len);
1247 resp = dpp_conf_req_rx(auth, query, query_len);
1248 if (!resp)
1249 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1250 return resp;
1251 }
1252
1253
1254 static void
1255 wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
1256 {
1257 struct wpa_supplicant *wpa_s = ctx;
1258 struct dpp_authentication *auth = wpa_s->dpp_auth;
1259
1260 if (!auth) {
1261 wpabuf_free(resp);
1262 return;
1263 }
1264
1265 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
1266 ok);
1267 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
1268 offchannel_send_action_done(wpa_s);
1269 wpas_dpp_listen_stop(wpa_s);
1270 if (ok)
1271 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
1272 else
1273 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1274 dpp_auth_deinit(wpa_s->dpp_auth);
1275 wpa_s->dpp_auth = NULL;
1276 wpabuf_free(resp);
1277 }
1278
1279
1280 static unsigned int wpas_dpp_next_configurator_id(struct wpa_supplicant *wpa_s)
1281 {
1282 struct dpp_configurator *conf;
1283 unsigned int max_id = 0;
1284
1285 dl_list_for_each(conf, &wpa_s->dpp_configurator,
1286 struct dpp_configurator, list) {
1287 if (conf->id > max_id)
1288 max_id = conf->id;
1289 }
1290 return max_id + 1;
1291 }
1292
1293
1294 int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd)
1295 {
1296 char *expiry = NULL, *curve = NULL;
1297 char *key = NULL;
1298 u8 *privkey = NULL;
1299 size_t privkey_len = 0;
1300 int ret = -1;
1301 struct dpp_configurator *conf = NULL;
1302
1303 expiry = get_param(cmd, " expiry=");
1304 curve = get_param(cmd, " curve=");
1305 key = get_param(cmd, " key=");
1306
1307 if (key) {
1308 privkey_len = os_strlen(key) / 2;
1309 privkey = os_malloc(privkey_len);
1310 if (!privkey ||
1311 hexstr2bin(key, privkey, privkey_len) < 0)
1312 goto fail;
1313 }
1314
1315 conf = dpp_keygen_configurator(curve, privkey, privkey_len);
1316 if (!conf)
1317 goto fail;
1318
1319 if (expiry) {
1320 long int val;
1321
1322 val = strtol(expiry, NULL, 0);
1323 if (val <= 0)
1324 goto fail;
1325 conf->csign_expiry = val;
1326 }
1327
1328 conf->id = wpas_dpp_next_configurator_id(wpa_s);
1329 dl_list_add(&wpa_s->dpp_configurator, &conf->list);
1330 ret = conf->id;
1331 conf = NULL;
1332 fail:
1333 os_free(curve);
1334 os_free(expiry);
1335 str_clear_free(key);
1336 bin_clear_free(privkey, privkey_len);
1337 dpp_configurator_free(conf);
1338 return ret;
1339 }
1340
1341
1342 static int dpp_configurator_del(struct wpa_supplicant *wpa_s, unsigned int id)
1343 {
1344 struct dpp_configurator *conf, *tmp;
1345 int found = 0;
1346
1347 dl_list_for_each_safe(conf, tmp, &wpa_s->dpp_configurator,
1348 struct dpp_configurator, list) {
1349 if (id && conf->id != id)
1350 continue;
1351 found = 1;
1352 dl_list_del(&conf->list);
1353 dpp_configurator_free(conf);
1354 }
1355
1356 if (id == 0)
1357 return 0; /* flush succeeds regardless of entries found */
1358 return found ? 0 : -1;
1359 }
1360
1361
1362 int wpas_dpp_configurator_remove(struct wpa_supplicant *wpa_s, const char *id)
1363 {
1364 unsigned int id_val;
1365
1366 if (os_strcmp(id, "*") == 0) {
1367 id_val = 0;
1368 } else {
1369 id_val = atoi(id);
1370 if (id_val == 0)
1371 return -1;
1372 }
1373
1374 return dpp_configurator_del(wpa_s, id_val);
1375 }
1376
1377
1378 static void
1379 wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
1380 unsigned int freq, const u8 *dst,
1381 const u8 *src, const u8 *bssid,
1382 const u8 *data, size_t data_len,
1383 enum offchannel_send_action_result result)
1384 {
1385 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
1386 " result=%s (DPP Peer Discovery Request)",
1387 freq, MAC2STR(dst),
1388 result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
1389 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
1390 "FAILED"));
1391 /* TODO: Time out wait for response more quickly in error cases? */
1392 }
1393
1394
1395 int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
1396 struct wpa_bss *bss)
1397 {
1398 struct os_time now;
1399 struct wpabuf *msg;
1400 unsigned int wait_time;
1401
1402 if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
1403 return 0; /* Not using DPP AKM - continue */
1404 if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid))
1405 return 0; /* PMKSA exists for DPP AKM - continue */
1406
1407 if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
1408 !ssid->dpp_csign) {
1409 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
1410 "missing %s",
1411 !ssid->dpp_connector ? "Connector" :
1412 (!ssid->dpp_netaccesskey ? "netAccessKey" :
1413 "C-sign-key"));
1414 return -1;
1415 }
1416
1417 os_get_time(&now);
1418
1419 if (ssid->dpp_csign_expiry && ssid->dpp_csign_expiry < now.sec) {
1420 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
1421 "C-sign-key expired");
1422 return -1;
1423 }
1424
1425 if (ssid->dpp_netaccesskey_expiry &&
1426 ssid->dpp_netaccesskey_expiry < now.sec) {
1427 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
1428 "netAccessKey expired");
1429 return -1;
1430 }
1431
1432 wpa_printf(MSG_DEBUG,
1433 "DPP: Starting network introduction protocol to derive PMKSA for "
1434 MACSTR, MAC2STR(bss->bssid));
1435
1436 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ,
1437 4 + os_strlen(ssid->dpp_connector));
1438 if (!msg)
1439 return -1;
1440
1441 /* DPP Connector */
1442 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
1443 wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
1444 wpabuf_put_str(msg, ssid->dpp_connector);
1445
1446 /* TODO: Timeout on AP response */
1447 wait_time = wpa_s->max_remain_on_chan;
1448 if (wait_time > 2000)
1449 wait_time = 2000;
1450 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
1451 broadcast,
1452 wpabuf_head(msg), wpabuf_len(msg),
1453 wait_time, wpas_dpp_tx_introduction_status, 0);
1454 wpabuf_free(msg);
1455
1456 /* Request this connection attempt to terminate - new one will be
1457 * started when network introduction protocol completes */
1458 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
1459 wpa_s->dpp_intro_network = ssid;
1460 return 1;
1461 }
1462
1463
1464 int wpas_dpp_init(struct wpa_supplicant *wpa_s)
1465 {
1466 u8 adv_proto_id[7];
1467
1468 adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
1469 adv_proto_id[1] = 5;
1470 WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
1471 adv_proto_id[5] = DPP_OUI_TYPE;
1472 adv_proto_id[6] = 0x01;
1473
1474 if (gas_server_register(wpa_s->gas_server, adv_proto_id,
1475 sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
1476 wpas_dpp_gas_status_handler, wpa_s) < 0)
1477 return -1;
1478 dl_list_init(&wpa_s->dpp_bootstrap);
1479 dl_list_init(&wpa_s->dpp_configurator);
1480 wpa_s->dpp_init_done = 1;
1481 return 0;
1482 }
1483
1484
1485 void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
1486 {
1487 #ifdef CONFIG_TESTING_OPTIONS
1488 os_free(wpa_s->dpp_config_obj_override);
1489 wpa_s->dpp_config_obj_override = NULL;
1490 os_free(wpa_s->dpp_discovery_override);
1491 wpa_s->dpp_discovery_override = NULL;
1492 os_free(wpa_s->dpp_groups_override);
1493 wpa_s->dpp_groups_override = NULL;
1494 os_free(wpa_s->dpp_devices_override);
1495 wpa_s->dpp_devices_override = NULL;
1496 wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
1497 #endif /* CONFIG_TESTING_OPTIONS */
1498 if (!wpa_s->dpp_init_done)
1499 return;
1500 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
1501 offchannel_send_action_done(wpa_s);
1502 wpas_dpp_listen_stop(wpa_s);
1503 dpp_bootstrap_del(wpa_s, 0);
1504 dpp_configurator_del(wpa_s, 0);
1505 dpp_auth_deinit(wpa_s->dpp_auth);
1506 wpa_s->dpp_auth = NULL;
1507 os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
1508 }
Unnamed repository; edit this file 'description' to name the repository.