3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 * Copyright (c) 2018-2019, The Linux Foundation
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
10 #include "utils/includes.h"
12 #include "utils/common.h"
13 #include "utils/eloop.h"
14 #include "common/dpp.h"
15 #include "common/gas.h"
16 #include "common/gas_server.h"
17 #include "rsn_supp/wpa.h"
18 #include "rsn_supp/pmksa_cache.h"
19 #include "wpa_supplicant_i.h"
22 #include "offchannel.h"
23 #include "gas_query.h"
27 #include "dpp_supplicant.h"
30 static int wpas_dpp_listen_start(struct wpa_supplicant
*wpa_s
,
32 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx
, void *timeout_ctx
);
33 static void wpas_dpp_auth_success(struct wpa_supplicant
*wpa_s
, int initiator
);
34 static void wpas_dpp_tx_status(struct wpa_supplicant
*wpa_s
,
35 unsigned int freq
, const u8
*dst
,
36 const u8
*src
, const u8
*bssid
,
37 const u8
*data
, size_t data_len
,
38 enum offchannel_send_action_result result
);
39 static void wpas_dpp_init_timeout(void *eloop_ctx
, void *timeout_ctx
);
40 static int wpas_dpp_auth_init_next(struct wpa_supplicant
*wpa_s
);
42 wpas_dpp_tx_pkex_status(struct wpa_supplicant
*wpa_s
,
43 unsigned int freq
, const u8
*dst
,
44 const u8
*src
, const u8
*bssid
,
45 const u8
*data
, size_t data_len
,
46 enum offchannel_send_action_result result
);
48 static const u8 broadcast
[ETH_ALEN
] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
50 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
51 * a single transaction in progress at any point in time. */
52 static const u8 TRANSACTION_ID
= 1;
56 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
57 * @wpa_s: Pointer to wpa_supplicant data
58 * @cmd: DPP URI read from a QR Code
59 * Returns: Identifier of the stored info or -1 on failure
61 int wpas_dpp_qr_code(struct wpa_supplicant
*wpa_s
, const char *cmd
)
63 struct dpp_bootstrap_info
*bi
;
64 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
66 bi
= dpp_add_qr_code(wpa_s
->dpp
, cmd
);
70 if (auth
&& auth
->response_pending
&&
71 dpp_notify_new_qr_code(auth
, bi
) == 1) {
73 "DPP: Sending out pending authentication response");
74 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
76 MAC2STR(auth
->peer_mac_addr
), auth
->curr_freq
,
77 DPP_PA_AUTHENTICATION_RESP
);
78 offchannel_send_action(wpa_s
, auth
->curr_freq
,
79 auth
->peer_mac_addr
, wpa_s
->own_addr
,
81 wpabuf_head(auth
->resp_msg
),
82 wpabuf_len(auth
->resp_msg
),
83 500, wpas_dpp_tx_status
, 0);
90 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx
, void *timeout_ctx
)
92 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
93 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
95 if (!auth
|| !auth
->resp_msg
)
99 "DPP: Retry Authentication Response after timeout");
100 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
102 MAC2STR(auth
->peer_mac_addr
), auth
->curr_freq
,
103 DPP_PA_AUTHENTICATION_RESP
);
104 offchannel_send_action(wpa_s
, auth
->curr_freq
, auth
->peer_mac_addr
,
105 wpa_s
->own_addr
, broadcast
,
106 wpabuf_head(auth
->resp_msg
),
107 wpabuf_len(auth
->resp_msg
),
108 500, wpas_dpp_tx_status
, 0);
112 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant
*wpa_s
)
114 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
115 unsigned int wait_time
, max_tries
;
117 if (!auth
|| !auth
->resp_msg
)
120 if (wpa_s
->dpp_resp_max_tries
)
121 max_tries
= wpa_s
->dpp_resp_max_tries
;
124 auth
->auth_resp_tries
++;
125 if (auth
->auth_resp_tries
>= max_tries
) {
126 wpa_printf(MSG_INFO
, "DPP: No confirm received from initiator - stopping exchange");
127 offchannel_send_action_done(wpa_s
);
128 dpp_auth_deinit(wpa_s
->dpp_auth
);
129 wpa_s
->dpp_auth
= NULL
;
133 if (wpa_s
->dpp_resp_retry_time
)
134 wait_time
= wpa_s
->dpp_resp_retry_time
;
137 wpa_printf(MSG_DEBUG
,
138 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
140 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout
, wpa_s
, NULL
);
141 eloop_register_timeout(wait_time
/ 1000,
142 (wait_time
% 1000) * 1000,
143 wpas_dpp_auth_resp_retry_timeout
, wpa_s
, NULL
);
147 static void wpas_dpp_try_to_connect(struct wpa_supplicant
*wpa_s
)
149 wpa_printf(MSG_DEBUG
, "DPP: Trying to connect to the new network");
150 wpa_s
->disconnected
= 0;
151 wpa_s
->reassociate
= 1;
152 wpa_s
->scan_runs
= 0;
153 wpa_s
->normal_scans
= 0;
154 wpa_supplicant_cancel_sched_scan(wpa_s
);
155 wpa_supplicant_req_scan(wpa_s
, 0, 0);
159 static void wpas_dpp_tx_status(struct wpa_supplicant
*wpa_s
,
160 unsigned int freq
, const u8
*dst
,
161 const u8
*src
, const u8
*bssid
,
162 const u8
*data
, size_t data_len
,
163 enum offchannel_send_action_result result
)
166 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
168 res_txt
= result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
169 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
171 wpa_printf(MSG_DEBUG
, "DPP: TX status: freq=%u dst=" MACSTR
172 " result=%s", freq
, MAC2STR(dst
), res_txt
);
173 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX_STATUS
"dst=" MACSTR
174 " freq=%u result=%s", MAC2STR(dst
), freq
, res_txt
);
176 if (!wpa_s
->dpp_auth
) {
177 wpa_printf(MSG_DEBUG
,
178 "DPP: Ignore TX status since there is no ongoing authentication exchange");
183 if (auth
->connect_on_tx_status
) {
184 wpa_printf(MSG_DEBUG
,
185 "DPP: Try to connect after completed configuration result");
186 wpas_dpp_try_to_connect(wpa_s
);
187 dpp_auth_deinit(wpa_s
->dpp_auth
);
188 wpa_s
->dpp_auth
= NULL
;
191 #endif /* CONFIG_DPP2 */
193 if (wpa_s
->dpp_auth
->remove_on_tx_status
) {
194 wpa_printf(MSG_DEBUG
,
195 "DPP: Terminate authentication exchange due to an earlier error");
196 eloop_cancel_timeout(wpas_dpp_init_timeout
, wpa_s
, NULL
);
197 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
198 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout
, wpa_s
,
200 offchannel_send_action_done(wpa_s
);
201 dpp_auth_deinit(wpa_s
->dpp_auth
);
202 wpa_s
->dpp_auth
= NULL
;
206 if (wpa_s
->dpp_auth_ok_on_ack
)
207 wpas_dpp_auth_success(wpa_s
, 1);
209 if (!is_broadcast_ether_addr(dst
) &&
210 result
!= OFFCHANNEL_SEND_ACTION_SUCCESS
) {
211 wpa_printf(MSG_DEBUG
,
212 "DPP: Unicast DPP Action frame was not ACKed");
213 if (auth
->waiting_auth_resp
) {
214 /* In case of DPP Authentication Request frame, move to
215 * the next channel immediately. */
216 offchannel_send_action_done(wpa_s
);
217 wpas_dpp_auth_init_next(wpa_s
);
220 if (auth
->waiting_auth_conf
) {
221 wpas_dpp_auth_resp_retry(wpa_s
);
226 if (!is_broadcast_ether_addr(dst
) && auth
->waiting_auth_resp
&&
227 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
) {
228 /* Allow timeout handling to stop iteration if no response is
229 * received from a peer that has ACKed a request. */
230 auth
->auth_req_ack
= 1;
233 if (!wpa_s
->dpp_auth_ok_on_ack
&& wpa_s
->dpp_auth
->neg_freq
> 0 &&
234 wpa_s
->dpp_auth
->curr_freq
!= wpa_s
->dpp_auth
->neg_freq
) {
235 wpa_printf(MSG_DEBUG
,
236 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
237 wpa_s
->dpp_auth
->curr_freq
,
238 wpa_s
->dpp_auth
->neg_freq
);
239 offchannel_send_action_done(wpa_s
);
240 wpas_dpp_listen_start(wpa_s
, wpa_s
->dpp_auth
->neg_freq
);
243 if (wpa_s
->dpp_auth_ok_on_ack
)
244 wpa_s
->dpp_auth_ok_on_ack
= 0;
248 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx
, void *timeout_ctx
)
250 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
251 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
253 struct os_reltime now
, diff
;
254 unsigned int wait_time
, diff_ms
;
256 if (!auth
|| !auth
->waiting_auth_resp
)
259 wait_time
= wpa_s
->dpp_resp_wait_time
?
260 wpa_s
->dpp_resp_wait_time
: 2000;
261 os_get_reltime(&now
);
262 os_reltime_sub(&now
, &wpa_s
->dpp_last_init
, &diff
);
263 diff_ms
= diff
.sec
* 1000 + diff
.usec
/ 1000;
264 wpa_printf(MSG_DEBUG
,
265 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
268 if (auth
->auth_req_ack
&& diff_ms
>= wait_time
) {
269 /* Peer ACK'ed Authentication Request frame, but did not reply
270 * with Authentication Response frame within two seconds. */
272 "DPP: No response received from responder - stopping initiation attempt");
273 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_AUTH_INIT_FAILED
);
274 offchannel_send_action_done(wpa_s
);
275 wpas_dpp_listen_stop(wpa_s
);
276 dpp_auth_deinit(auth
);
277 wpa_s
->dpp_auth
= NULL
;
281 if (diff_ms
>= wait_time
) {
282 /* Authentication Request frame was not ACK'ed and no reply
283 * was receiving within two seconds. */
284 wpa_printf(MSG_DEBUG
,
285 "DPP: Continue Initiator channel iteration");
286 offchannel_send_action_done(wpa_s
);
287 wpas_dpp_listen_stop(wpa_s
);
288 wpas_dpp_auth_init_next(wpa_s
);
292 /* Driver did not support 2000 ms long wait_time with TX command, so
293 * schedule listen operation to continue waiting for the response.
295 * DPP listen operations continue until stopped, so simply schedule a
296 * new call to this function at the point when the two second reply
297 * wait has expired. */
298 wait_time
-= diff_ms
;
300 freq
= auth
->curr_freq
;
301 if (auth
->neg_freq
> 0)
302 freq
= auth
->neg_freq
;
303 wpa_printf(MSG_DEBUG
,
304 "DPP: Continue reply wait on channel %u MHz for %u ms",
306 wpa_s
->dpp_in_response_listen
= 1;
307 wpas_dpp_listen_start(wpa_s
, freq
);
309 eloop_register_timeout(wait_time
/ 1000, (wait_time
% 1000) * 1000,
310 wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
314 static void wpas_dpp_set_testing_options(struct wpa_supplicant
*wpa_s
,
315 struct dpp_authentication
*auth
)
317 #ifdef CONFIG_TESTING_OPTIONS
318 if (wpa_s
->dpp_config_obj_override
)
319 auth
->config_obj_override
=
320 os_strdup(wpa_s
->dpp_config_obj_override
);
321 if (wpa_s
->dpp_discovery_override
)
322 auth
->discovery_override
=
323 os_strdup(wpa_s
->dpp_discovery_override
);
324 if (wpa_s
->dpp_groups_override
)
325 auth
->groups_override
=
326 os_strdup(wpa_s
->dpp_groups_override
);
327 auth
->ignore_netaccesskey_mismatch
=
328 wpa_s
->dpp_ignore_netaccesskey_mismatch
;
329 #endif /* CONFIG_TESTING_OPTIONS */
333 static void wpas_dpp_init_timeout(void *eloop_ctx
, void *timeout_ctx
)
335 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
337 if (!wpa_s
->dpp_auth
)
339 wpa_printf(MSG_DEBUG
, "DPP: Retry initiation after timeout");
340 wpas_dpp_auth_init_next(wpa_s
);
344 static int wpas_dpp_auth_init_next(struct wpa_supplicant
*wpa_s
)
346 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
348 unsigned int wait_time
, max_wait_time
, freq
, max_tries
, used
;
349 struct os_reltime now
, diff
;
351 wpa_s
->dpp_in_response_listen
= 0;
355 if (auth
->freq_idx
== 0)
356 os_get_reltime(&wpa_s
->dpp_init_iter_start
);
358 if (auth
->freq_idx
>= auth
->num_freq
) {
359 auth
->num_freq_iters
++;
360 if (wpa_s
->dpp_init_max_tries
)
361 max_tries
= wpa_s
->dpp_init_max_tries
;
364 if (auth
->num_freq_iters
>= max_tries
|| auth
->auth_req_ack
) {
366 "DPP: No response received from responder - stopping initiation attempt");
367 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_AUTH_INIT_FAILED
);
368 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
,
370 offchannel_send_action_done(wpa_s
);
371 dpp_auth_deinit(wpa_s
->dpp_auth
);
372 wpa_s
->dpp_auth
= NULL
;
376 eloop_cancel_timeout(wpas_dpp_init_timeout
, wpa_s
, NULL
);
377 if (wpa_s
->dpp_init_retry_time
)
378 wait_time
= wpa_s
->dpp_init_retry_time
;
381 os_get_reltime(&now
);
382 os_reltime_sub(&now
, &wpa_s
->dpp_init_iter_start
, &diff
);
383 used
= diff
.sec
* 1000 + diff
.usec
/ 1000;
384 if (used
> wait_time
)
388 wpa_printf(MSG_DEBUG
, "DPP: Next init attempt in %u ms",
390 eloop_register_timeout(wait_time
/ 1000,
391 (wait_time
% 1000) * 1000,
392 wpas_dpp_init_timeout
, wpa_s
,
396 freq
= auth
->freq
[auth
->freq_idx
++];
397 auth
->curr_freq
= freq
;
399 if (is_zero_ether_addr(auth
->peer_bi
->mac_addr
))
402 dst
= auth
->peer_bi
->mac_addr
;
403 wpa_s
->dpp_auth_ok_on_ack
= 0;
404 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
405 wait_time
= wpa_s
->max_remain_on_chan
;
406 max_wait_time
= wpa_s
->dpp_resp_wait_time
?
407 wpa_s
->dpp_resp_wait_time
: 2000;
408 if (wait_time
> max_wait_time
)
409 wait_time
= max_wait_time
;
410 wait_time
+= 10; /* give the driver some extra time to complete */
411 eloop_register_timeout(wait_time
/ 1000, (wait_time
% 1000) * 1000,
412 wpas_dpp_reply_wait_timeout
,
415 if (auth
->neg_freq
> 0 && freq
!= auth
->neg_freq
) {
416 wpa_printf(MSG_DEBUG
,
417 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
418 freq
, auth
->neg_freq
);
420 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
421 MAC2STR(dst
), freq
, DPP_PA_AUTHENTICATION_REQ
);
422 auth
->auth_req_ack
= 0;
423 os_get_reltime(&wpa_s
->dpp_last_init
);
424 return offchannel_send_action(wpa_s
, freq
, dst
,
425 wpa_s
->own_addr
, broadcast
,
426 wpabuf_head(auth
->req_msg
),
427 wpabuf_len(auth
->req_msg
),
428 wait_time
, wpas_dpp_tx_status
, 0);
432 int wpas_dpp_auth_init(struct wpa_supplicant
*wpa_s
, const char *cmd
)
435 struct dpp_bootstrap_info
*peer_bi
, *own_bi
= NULL
;
436 u8 allowed_roles
= DPP_CAPAB_CONFIGURATOR
;
437 unsigned int neg_freq
= 0;
439 wpa_s
->dpp_gas_client
= 0;
441 pos
= os_strstr(cmd
, " peer=");
445 peer_bi
= dpp_bootstrap_get_id(wpa_s
->dpp
, atoi(pos
));
448 "DPP: Could not find bootstrapping info for the identified peer");
452 pos
= os_strstr(cmd
, " own=");
455 own_bi
= dpp_bootstrap_get_id(wpa_s
->dpp
, atoi(pos
));
458 "DPP: Could not find bootstrapping info for the identified local entry");
462 if (peer_bi
->curve
!= own_bi
->curve
) {
464 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
465 peer_bi
->curve
->name
, own_bi
->curve
->name
);
470 pos
= os_strstr(cmd
, " role=");
473 if (os_strncmp(pos
, "configurator", 12) == 0)
474 allowed_roles
= DPP_CAPAB_CONFIGURATOR
;
475 else if (os_strncmp(pos
, "enrollee", 8) == 0)
476 allowed_roles
= DPP_CAPAB_ENROLLEE
;
477 else if (os_strncmp(pos
, "either", 6) == 0)
478 allowed_roles
= DPP_CAPAB_CONFIGURATOR
|
484 pos
= os_strstr(cmd
, " netrole=");
487 wpa_s
->dpp_netrole_ap
= os_strncmp(pos
, "ap", 2) == 0;
490 pos
= os_strstr(cmd
, " neg_freq=");
492 neg_freq
= atoi(pos
+ 10);
494 if (wpa_s
->dpp_auth
) {
495 eloop_cancel_timeout(wpas_dpp_init_timeout
, wpa_s
, NULL
);
496 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
497 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout
, wpa_s
,
499 offchannel_send_action_done(wpa_s
);
500 dpp_auth_deinit(wpa_s
->dpp_auth
);
502 wpa_s
->dpp_auth
= dpp_auth_init(wpa_s
, peer_bi
, own_bi
, allowed_roles
,
504 wpa_s
->hw
.modes
, wpa_s
->hw
.num_modes
);
505 if (!wpa_s
->dpp_auth
)
507 wpas_dpp_set_testing_options(wpa_s
, wpa_s
->dpp_auth
);
508 if (dpp_set_configurator(wpa_s
->dpp
, wpa_s
, wpa_s
->dpp_auth
, cmd
) < 0) {
509 dpp_auth_deinit(wpa_s
->dpp_auth
);
510 wpa_s
->dpp_auth
= NULL
;
514 wpa_s
->dpp_auth
->neg_freq
= neg_freq
;
516 if (!is_zero_ether_addr(peer_bi
->mac_addr
))
517 os_memcpy(wpa_s
->dpp_auth
->peer_mac_addr
, peer_bi
->mac_addr
,
520 return wpas_dpp_auth_init_next(wpa_s
);
526 struct wpas_dpp_listen_work
{
528 unsigned int duration
;
529 struct wpabuf
*probe_resp_ie
;
533 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work
*lwork
)
541 static void wpas_dpp_listen_work_done(struct wpa_supplicant
*wpa_s
)
543 struct wpas_dpp_listen_work
*lwork
;
545 if (!wpa_s
->dpp_listen_work
)
548 lwork
= wpa_s
->dpp_listen_work
->ctx
;
549 wpas_dpp_listen_work_free(lwork
);
550 radio_work_done(wpa_s
->dpp_listen_work
);
551 wpa_s
->dpp_listen_work
= NULL
;
555 static void dpp_start_listen_cb(struct wpa_radio_work
*work
, int deinit
)
557 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
558 struct wpas_dpp_listen_work
*lwork
= work
->ctx
;
562 wpa_s
->dpp_listen_work
= NULL
;
563 wpas_dpp_listen_stop(wpa_s
);
565 wpas_dpp_listen_work_free(lwork
);
569 wpa_s
->dpp_listen_work
= work
;
571 wpa_s
->dpp_pending_listen_freq
= lwork
->freq
;
573 if (wpa_drv_remain_on_channel(wpa_s
, lwork
->freq
,
574 wpa_s
->max_remain_on_chan
) < 0) {
575 wpa_printf(MSG_DEBUG
,
576 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
578 wpa_s
->dpp_listen_freq
= 0;
579 wpas_dpp_listen_work_done(wpa_s
);
580 wpa_s
->dpp_pending_listen_freq
= 0;
583 wpa_s
->off_channel_freq
= 0;
584 wpa_s
->roc_waiting_drv_freq
= lwork
->freq
;
588 static int wpas_dpp_listen_start(struct wpa_supplicant
*wpa_s
,
591 struct wpas_dpp_listen_work
*lwork
;
593 if (wpa_s
->dpp_listen_work
) {
594 wpa_printf(MSG_DEBUG
,
595 "DPP: Reject start_listen since dpp_listen_work already exists");
599 if (wpa_s
->dpp_listen_freq
)
600 wpas_dpp_listen_stop(wpa_s
);
601 wpa_s
->dpp_listen_freq
= freq
;
603 lwork
= os_zalloc(sizeof(*lwork
));
608 if (radio_add_work(wpa_s
, freq
, "dpp-listen", 0, dpp_start_listen_cb
,
610 wpas_dpp_listen_work_free(lwork
);
618 int wpas_dpp_listen(struct wpa_supplicant
*wpa_s
, const char *cmd
)
626 if (os_strstr(cmd
, " role=configurator"))
627 wpa_s
->dpp_allowed_roles
= DPP_CAPAB_CONFIGURATOR
;
628 else if (os_strstr(cmd
, " role=enrollee"))
629 wpa_s
->dpp_allowed_roles
= DPP_CAPAB_ENROLLEE
;
631 wpa_s
->dpp_allowed_roles
= DPP_CAPAB_CONFIGURATOR
|
633 wpa_s
->dpp_qr_mutual
= os_strstr(cmd
, " qr=mutual") != NULL
;
634 wpa_s
->dpp_netrole_ap
= os_strstr(cmd
, " netrole=ap") != NULL
;
635 if (wpa_s
->dpp_listen_freq
== (unsigned int) freq
) {
636 wpa_printf(MSG_DEBUG
, "DPP: Already listening on %u MHz",
641 return wpas_dpp_listen_start(wpa_s
, freq
);
645 void wpas_dpp_listen_stop(struct wpa_supplicant
*wpa_s
)
647 wpa_s
->dpp_in_response_listen
= 0;
648 if (!wpa_s
->dpp_listen_freq
)
651 wpa_printf(MSG_DEBUG
, "DPP: Stop listen on %u MHz",
652 wpa_s
->dpp_listen_freq
);
653 wpa_drv_cancel_remain_on_channel(wpa_s
);
654 wpa_s
->dpp_listen_freq
= 0;
655 wpas_dpp_listen_work_done(wpa_s
);
659 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant
*wpa_s
,
662 wpas_dpp_listen_work_done(wpa_s
);
664 if (wpa_s
->dpp_auth
&& wpa_s
->dpp_in_response_listen
) {
665 unsigned int new_freq
;
667 /* Continue listen with a new remain-on-channel */
668 if (wpa_s
->dpp_auth
->neg_freq
> 0)
669 new_freq
= wpa_s
->dpp_auth
->neg_freq
;
671 new_freq
= wpa_s
->dpp_auth
->curr_freq
;
672 wpa_printf(MSG_DEBUG
,
673 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
675 wpas_dpp_listen_start(wpa_s
, new_freq
);
679 if (wpa_s
->dpp_listen_freq
) {
680 /* Continue listen with a new remain-on-channel */
681 wpas_dpp_listen_start(wpa_s
, wpa_s
->dpp_listen_freq
);
686 static void wpas_dpp_rx_auth_req(struct wpa_supplicant
*wpa_s
, const u8
*src
,
687 const u8
*hdr
, const u8
*buf
, size_t len
,
690 const u8
*r_bootstrap
, *i_bootstrap
;
691 u16 r_bootstrap_len
, i_bootstrap_len
;
692 struct dpp_bootstrap_info
*own_bi
= NULL
, *peer_bi
= NULL
;
697 wpa_printf(MSG_DEBUG
, "DPP: Authentication Request from " MACSTR
,
700 r_bootstrap
= dpp_get_attr(buf
, len
, DPP_ATTR_R_BOOTSTRAP_KEY_HASH
,
702 if (!r_bootstrap
|| r_bootstrap_len
!= SHA256_MAC_LEN
) {
703 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
704 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
707 wpa_hexdump(MSG_MSGDUMP
, "DPP: Responder Bootstrapping Key Hash",
708 r_bootstrap
, r_bootstrap_len
);
710 i_bootstrap
= dpp_get_attr(buf
, len
, DPP_ATTR_I_BOOTSTRAP_KEY_HASH
,
712 if (!i_bootstrap
|| i_bootstrap_len
!= SHA256_MAC_LEN
) {
713 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
714 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
717 wpa_hexdump(MSG_MSGDUMP
, "DPP: Initiator Bootstrapping Key Hash",
718 i_bootstrap
, i_bootstrap_len
);
720 /* Try to find own and peer bootstrapping key matches based on the
721 * received hash values */
722 dpp_bootstrap_find_pair(wpa_s
->dpp
, i_bootstrap
, r_bootstrap
,
725 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
726 "No matching own bootstrapping key found - ignore message");
730 if (wpa_s
->dpp_auth
) {
731 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
732 "Already in DPP authentication exchange - ignore new one");
736 wpa_s
->dpp_gas_client
= 0;
737 wpa_s
->dpp_auth_ok_on_ack
= 0;
738 wpa_s
->dpp_auth
= dpp_auth_req_rx(wpa_s
, wpa_s
->dpp_allowed_roles
,
739 wpa_s
->dpp_qr_mutual
,
740 peer_bi
, own_bi
, freq
, hdr
, buf
, len
);
741 if (!wpa_s
->dpp_auth
) {
742 wpa_printf(MSG_DEBUG
, "DPP: No response generated");
745 wpas_dpp_set_testing_options(wpa_s
, wpa_s
->dpp_auth
);
746 if (dpp_set_configurator(wpa_s
->dpp
, wpa_s
, wpa_s
->dpp_auth
,
747 wpa_s
->dpp_configurator_params
) < 0) {
748 dpp_auth_deinit(wpa_s
->dpp_auth
);
749 wpa_s
->dpp_auth
= NULL
;
752 os_memcpy(wpa_s
->dpp_auth
->peer_mac_addr
, src
, ETH_ALEN
);
754 if (wpa_s
->dpp_listen_freq
&&
755 wpa_s
->dpp_listen_freq
!= wpa_s
->dpp_auth
->curr_freq
) {
756 wpa_printf(MSG_DEBUG
,
757 "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
758 wpa_s
->dpp_listen_freq
, wpa_s
->dpp_auth
->curr_freq
);
759 wpas_dpp_listen_stop(wpa_s
);
762 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
763 MAC2STR(src
), wpa_s
->dpp_auth
->curr_freq
,
764 DPP_PA_AUTHENTICATION_RESP
);
765 offchannel_send_action(wpa_s
, wpa_s
->dpp_auth
->curr_freq
,
766 src
, wpa_s
->own_addr
, broadcast
,
767 wpabuf_head(wpa_s
->dpp_auth
->resp_msg
),
768 wpabuf_len(wpa_s
->dpp_auth
->resp_msg
),
769 500, wpas_dpp_tx_status
, 0);
773 static void wpas_dpp_start_gas_server(struct wpa_supplicant
*wpa_s
)
775 /* TODO: stop wait and start ROC */
779 static struct wpa_ssid
* wpas_dpp_add_network(struct wpa_supplicant
*wpa_s
,
780 struct dpp_authentication
*auth
)
782 struct wpa_ssid
*ssid
;
785 if (auth
->akm
== DPP_AKM_SAE
) {
787 struct wpa_driver_capa capa
;
790 res
= wpa_drv_get_capa(wpa_s
, &capa
);
792 !(capa
.key_mgmt
& WPA_DRIVER_CAPA_KEY_MGMT_SAE
) &&
793 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAE
)) {
794 wpa_printf(MSG_DEBUG
,
795 "DPP: SAE not supported by the driver");
798 #else /* CONFIG_SAE */
799 wpa_printf(MSG_DEBUG
, "DPP: SAE not supported in the build");
801 #endif /* CONFIG_SAE */
803 #endif /* CONFIG_DPP2 */
805 ssid
= wpa_config_add_network(wpa_s
->conf
);
808 wpas_notify_network_added(wpa_s
, ssid
);
809 wpa_config_set_network_defaults(ssid
);
812 ssid
->ssid
= os_malloc(auth
->ssid_len
);
815 os_memcpy(ssid
->ssid
, auth
->ssid
, auth
->ssid_len
);
816 ssid
->ssid_len
= auth
->ssid_len
;
818 if (auth
->connector
) {
819 ssid
->key_mgmt
= WPA_KEY_MGMT_DPP
;
820 ssid
->ieee80211w
= MGMT_FRAME_PROTECTION_REQUIRED
;
821 ssid
->dpp_connector
= os_strdup(auth
->connector
);
822 if (!ssid
->dpp_connector
)
826 if (auth
->c_sign_key
) {
827 ssid
->dpp_csign
= os_malloc(wpabuf_len(auth
->c_sign_key
));
828 if (!ssid
->dpp_csign
)
830 os_memcpy(ssid
->dpp_csign
, wpabuf_head(auth
->c_sign_key
),
831 wpabuf_len(auth
->c_sign_key
));
832 ssid
->dpp_csign_len
= wpabuf_len(auth
->c_sign_key
);
835 if (auth
->net_access_key
) {
836 ssid
->dpp_netaccesskey
=
837 os_malloc(wpabuf_len(auth
->net_access_key
));
838 if (!ssid
->dpp_netaccesskey
)
840 os_memcpy(ssid
->dpp_netaccesskey
,
841 wpabuf_head(auth
->net_access_key
),
842 wpabuf_len(auth
->net_access_key
));
843 ssid
->dpp_netaccesskey_len
= wpabuf_len(auth
->net_access_key
);
844 ssid
->dpp_netaccesskey_expiry
= auth
->net_access_key_expiry
;
847 if (!auth
->connector
|| dpp_akm_psk(auth
->akm
) ||
848 dpp_akm_sae(auth
->akm
)) {
849 if (!auth
->connector
)
851 if (dpp_akm_psk(auth
->akm
))
852 ssid
->key_mgmt
|= WPA_KEY_MGMT_PSK
|
853 WPA_KEY_MGMT_PSK_SHA256
| WPA_KEY_MGMT_FT_PSK
;
854 if (dpp_akm_sae(auth
->akm
))
855 ssid
->key_mgmt
|= WPA_KEY_MGMT_SAE
|
857 ssid
->ieee80211w
= MGMT_FRAME_PROTECTION_OPTIONAL
;
858 if (auth
->passphrase
[0]) {
859 if (wpa_config_set_quoted(ssid
, "psk",
860 auth
->passphrase
) < 0)
862 wpa_config_update_psk(ssid
);
863 ssid
->export_keys
= 1;
865 ssid
->psk_set
= auth
->psk_set
;
866 os_memcpy(ssid
->psk
, auth
->psk
, PMK_LEN
);
872 wpas_notify_network_removed(wpa_s
, ssid
);
873 wpa_config_remove_network(wpa_s
->conf
, ssid
->id
);
878 static int wpas_dpp_process_config(struct wpa_supplicant
*wpa_s
,
879 struct dpp_authentication
*auth
)
881 struct wpa_ssid
*ssid
;
883 if (wpa_s
->conf
->dpp_config_processing
< 1)
886 ssid
= wpas_dpp_add_network(wpa_s
, auth
);
890 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_NETWORK_ID
"%d", ssid
->id
);
891 if (wpa_s
->conf
->dpp_config_processing
== 2)
894 #ifndef CONFIG_NO_CONFIG_WRITE
895 if (wpa_s
->conf
->update_config
&&
896 wpa_config_write(wpa_s
->confname
, wpa_s
->conf
))
897 wpa_printf(MSG_DEBUG
, "DPP: Failed to update configuration");
898 #endif /* CONFIG_NO_CONFIG_WRITE */
900 if (wpa_s
->conf
->dpp_config_processing
< 2)
904 if (auth
->peer_version
>= 2) {
905 wpa_printf(MSG_DEBUG
,
906 "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result");
907 auth
->connect_on_tx_status
= 1;
910 #endif /* CONFIG_DPP2 */
912 wpas_dpp_try_to_connect(wpa_s
);
917 static int wpas_dpp_handle_config_obj(struct wpa_supplicant
*wpa_s
,
918 struct dpp_authentication
*auth
)
920 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_RECEIVED
);
922 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONFOBJ_SSID
"%s",
923 wpa_ssid_txt(auth
->ssid
, auth
->ssid_len
));
924 if (auth
->connector
) {
925 /* TODO: Save the Connector and consider using a command
926 * to fetch the value instead of sending an event with
927 * it. The Connector could end up being larger than what
928 * most clients are ready to receive as an event
930 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONNECTOR
"%s",
933 if (auth
->c_sign_key
) {
937 hexlen
= 2 * wpabuf_len(auth
->c_sign_key
) + 1;
938 hex
= os_malloc(hexlen
);
940 wpa_snprintf_hex(hex
, hexlen
,
941 wpabuf_head(auth
->c_sign_key
),
942 wpabuf_len(auth
->c_sign_key
));
943 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_C_SIGN_KEY
"%s",
948 if (auth
->net_access_key
) {
952 hexlen
= 2 * wpabuf_len(auth
->net_access_key
) + 1;
953 hex
= os_malloc(hexlen
);
955 wpa_snprintf_hex(hex
, hexlen
,
956 wpabuf_head(auth
->net_access_key
),
957 wpabuf_len(auth
->net_access_key
));
958 if (auth
->net_access_key_expiry
)
959 wpa_msg(wpa_s
, MSG_INFO
,
960 DPP_EVENT_NET_ACCESS_KEY
"%s %lu", hex
,
962 auth
->net_access_key_expiry
);
964 wpa_msg(wpa_s
, MSG_INFO
,
965 DPP_EVENT_NET_ACCESS_KEY
"%s", hex
);
970 return wpas_dpp_process_config(wpa_s
, auth
);
974 static void wpas_dpp_gas_resp_cb(void *ctx
, const u8
*addr
, u8 dialog_token
,
975 enum gas_query_result result
,
976 const struct wpabuf
*adv_proto
,
977 const struct wpabuf
*resp
, u16 status_code
)
979 struct wpa_supplicant
*wpa_s
= ctx
;
981 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
983 enum dpp_status_error status
= DPP_STATUS_CONFIG_REJECTED
;
985 wpa_s
->dpp_gas_dialog_token
= -1;
987 if (!auth
|| !auth
->auth_success
) {
988 wpa_printf(MSG_DEBUG
, "DPP: No matching exchange in progress");
991 if (result
!= GAS_QUERY_SUCCESS
||
992 !resp
|| status_code
!= WLAN_STATUS_SUCCESS
) {
993 wpa_printf(MSG_DEBUG
, "DPP: GAS query did not succeed");
997 wpa_hexdump_buf(MSG_DEBUG
, "DPP: Configuration Response adv_proto",
999 wpa_hexdump_buf(MSG_DEBUG
, "DPP: Configuration Response (GAS response)",
1002 if (wpabuf_len(adv_proto
) != 10 ||
1003 !(pos
= wpabuf_head(adv_proto
)) ||
1004 pos
[0] != WLAN_EID_ADV_PROTO
||
1006 pos
[3] != WLAN_EID_VENDOR_SPECIFIC
||
1008 WPA_GET_BE24(&pos
[5]) != OUI_WFA
||
1011 wpa_printf(MSG_DEBUG
,
1012 "DPP: Not a DPP Advertisement Protocol ID");
1016 if (dpp_conf_resp_rx(auth
, resp
) < 0) {
1017 wpa_printf(MSG_DEBUG
, "DPP: Configuration attempt failed");
1021 res
= wpas_dpp_handle_config_obj(wpa_s
, auth
);
1025 status
= DPP_STATUS_OK
;
1026 #ifdef CONFIG_TESTING_OPTIONS
1027 if (dpp_test
== DPP_TEST_REJECT_CONFIG
) {
1028 wpa_printf(MSG_INFO
, "DPP: TESTING - Reject Config Object");
1029 status
= DPP_STATUS_CONFIG_REJECTED
;
1031 #endif /* CONFIG_TESTING_OPTIONS */
1033 if (status
!= DPP_STATUS_OK
)
1034 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_FAILED
);
1036 if (auth
->peer_version
>= 2 &&
1037 auth
->conf_resp_status
== DPP_STATUS_OK
) {
1040 wpa_printf(MSG_DEBUG
, "DPP: Send DPP Configuration Result");
1041 msg
= dpp_build_conf_result(auth
, status
);
1045 wpa_msg(wpa_s
, MSG_INFO
,
1046 DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
1047 MAC2STR(addr
), auth
->curr_freq
,
1048 DPP_PA_CONFIGURATION_RESULT
);
1049 offchannel_send_action(wpa_s
, auth
->curr_freq
,
1050 addr
, wpa_s
->own_addr
, broadcast
,
1053 500, wpas_dpp_tx_status
, 0);
1056 /* This exchange will be terminated in the TX status handler */
1060 #endif /* CONFIG_DPP2 */
1061 dpp_auth_deinit(wpa_s
->dpp_auth
);
1062 wpa_s
->dpp_auth
= NULL
;
1066 static void wpas_dpp_start_gas_client(struct wpa_supplicant
*wpa_s
)
1068 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1073 wpa_s
->dpp_gas_client
= 1;
1074 os_snprintf(json
, sizeof(json
),
1075 "{\"name\":\"Test\","
1076 "\"wi-fi_tech\":\"infra\","
1077 "\"netRole\":\"%s\"}",
1078 wpa_s
->dpp_netrole_ap
? "ap" : "sta");
1079 #ifdef CONFIG_TESTING_OPTIONS
1080 if (dpp_test
== DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ
) {
1081 wpa_printf(MSG_INFO
, "DPP: TESTING - invalid Config Attr");
1082 json
[29] = 'k'; /* replace "infra" with "knfra" */
1084 #endif /* CONFIG_TESTING_OPTIONS */
1085 wpa_printf(MSG_DEBUG
, "DPP: GAS Config Attributes: %s", json
);
1087 offchannel_send_action_done(wpa_s
);
1088 wpas_dpp_listen_stop(wpa_s
);
1090 buf
= dpp_build_conf_req(auth
, json
);
1092 wpa_printf(MSG_DEBUG
,
1093 "DPP: No configuration request data available");
1097 wpa_printf(MSG_DEBUG
, "DPP: GAS request to " MACSTR
" (freq %u MHz)",
1098 MAC2STR(auth
->peer_mac_addr
), auth
->curr_freq
);
1100 res
= gas_query_req(wpa_s
->gas
, auth
->peer_mac_addr
, auth
->curr_freq
,
1101 1, buf
, wpas_dpp_gas_resp_cb
, wpa_s
);
1103 wpa_msg(wpa_s
, MSG_DEBUG
, "GAS: Failed to send Query Request");
1106 wpa_printf(MSG_DEBUG
,
1107 "DPP: GAS query started with dialog token %u", res
);
1108 wpa_s
->dpp_gas_dialog_token
= res
;
1113 static void wpas_dpp_auth_success(struct wpa_supplicant
*wpa_s
, int initiator
)
1115 wpa_printf(MSG_DEBUG
, "DPP: Authentication succeeded");
1116 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_AUTH_SUCCESS
"init=%d", initiator
);
1117 #ifdef CONFIG_TESTING_OPTIONS
1118 if (dpp_test
== DPP_TEST_STOP_AT_AUTH_CONF
) {
1119 wpa_printf(MSG_INFO
,
1120 "DPP: TESTING - stop at Authentication Confirm");
1121 if (wpa_s
->dpp_auth
->configurator
) {
1122 /* Prevent GAS response */
1123 wpa_s
->dpp_auth
->auth_success
= 0;
1127 #endif /* CONFIG_TESTING_OPTIONS */
1129 if (wpa_s
->dpp_auth
->configurator
)
1130 wpas_dpp_start_gas_server(wpa_s
);
1132 wpas_dpp_start_gas_client(wpa_s
);
1136 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1137 const u8
*hdr
, const u8
*buf
, size_t len
,
1140 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1143 wpa_printf(MSG_DEBUG
, "DPP: Authentication Response from " MACSTR
1144 " (freq %u MHz)", MAC2STR(src
), freq
);
1147 wpa_printf(MSG_DEBUG
,
1148 "DPP: No DPP Authentication in progress - drop");
1152 if (!is_zero_ether_addr(auth
->peer_mac_addr
) &&
1153 os_memcmp(src
, auth
->peer_mac_addr
, ETH_ALEN
) != 0) {
1154 wpa_printf(MSG_DEBUG
, "DPP: MAC address mismatch (expected "
1155 MACSTR
") - drop", MAC2STR(auth
->peer_mac_addr
));
1159 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
1161 if (auth
->curr_freq
!= freq
&& auth
->neg_freq
== freq
) {
1162 wpa_printf(MSG_DEBUG
,
1163 "DPP: Responder accepted request for different negotiation channel");
1164 auth
->curr_freq
= freq
;
1167 eloop_cancel_timeout(wpas_dpp_init_timeout
, wpa_s
, NULL
);
1168 msg
= dpp_auth_resp_rx(auth
, hdr
, buf
, len
);
1170 if (auth
->auth_resp_status
== DPP_STATUS_RESPONSE_PENDING
) {
1171 wpa_printf(MSG_DEBUG
,
1172 "DPP: Start wait for full response");
1173 offchannel_send_action_done(wpa_s
);
1174 wpas_dpp_listen_start(wpa_s
, auth
->curr_freq
);
1177 wpa_printf(MSG_DEBUG
, "DPP: No confirm generated");
1180 os_memcpy(auth
->peer_mac_addr
, src
, ETH_ALEN
);
1182 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
1183 MAC2STR(src
), auth
->curr_freq
, DPP_PA_AUTHENTICATION_CONF
);
1184 offchannel_send_action(wpa_s
, auth
->curr_freq
,
1185 src
, wpa_s
->own_addr
, broadcast
,
1186 wpabuf_head(msg
), wpabuf_len(msg
),
1187 500, wpas_dpp_tx_status
, 0);
1189 wpa_s
->dpp_auth_ok_on_ack
= 1;
1193 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1194 const u8
*hdr
, const u8
*buf
, size_t len
)
1196 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1198 wpa_printf(MSG_DEBUG
, "DPP: Authentication Confirmation from " MACSTR
,
1202 wpa_printf(MSG_DEBUG
,
1203 "DPP: No DPP Authentication in progress - drop");
1207 if (os_memcmp(src
, auth
->peer_mac_addr
, ETH_ALEN
) != 0) {
1208 wpa_printf(MSG_DEBUG
, "DPP: MAC address mismatch (expected "
1209 MACSTR
") - drop", MAC2STR(auth
->peer_mac_addr
));
1213 if (dpp_auth_conf_rx(auth
, hdr
, buf
, len
) < 0) {
1214 wpa_printf(MSG_DEBUG
, "DPP: Authentication failed");
1218 wpas_dpp_auth_success(wpa_s
, 0);
1224 static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx
,
1227 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
1228 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1230 if (!auth
|| !auth
->waiting_conf_result
)
1233 wpa_printf(MSG_DEBUG
,
1234 "DPP: Timeout while waiting for Configuration Result");
1235 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_FAILED
);
1236 dpp_auth_deinit(auth
);
1237 wpa_s
->dpp_auth
= NULL
;
1241 static void wpas_dpp_rx_conf_result(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1242 const u8
*hdr
, const u8
*buf
, size_t len
)
1244 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1245 enum dpp_status_error status
;
1247 wpa_printf(MSG_DEBUG
, "DPP: Configuration Result from " MACSTR
,
1250 if (!auth
|| !auth
->waiting_conf_result
) {
1251 wpa_printf(MSG_DEBUG
,
1252 "DPP: No DPP Configuration waiting for result - drop");
1256 if (os_memcmp(src
, auth
->peer_mac_addr
, ETH_ALEN
) != 0) {
1257 wpa_printf(MSG_DEBUG
, "DPP: MAC address mismatch (expected "
1258 MACSTR
") - drop", MAC2STR(auth
->peer_mac_addr
));
1262 status
= dpp_conf_result_rx(auth
, hdr
, buf
, len
);
1264 offchannel_send_action_done(wpa_s
);
1265 wpas_dpp_listen_stop(wpa_s
);
1266 if (status
== DPP_STATUS_OK
)
1267 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_SENT
);
1269 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_FAILED
);
1270 dpp_auth_deinit(auth
);
1271 wpa_s
->dpp_auth
= NULL
;
1272 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout
, wpa_s
, NULL
);
1275 #endif /* CONFIG_DPP2 */
1278 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant
*wpa_s
,
1280 const u8
*buf
, size_t len
)
1282 struct wpa_ssid
*ssid
;
1283 const u8
*connector
, *trans_id
, *status
;
1284 u16 connector_len
, trans_id_len
, status_len
;
1285 struct dpp_introduction intro
;
1286 struct rsn_pmksa_cache_entry
*entry
;
1288 struct os_reltime rnow
;
1290 unsigned int seconds
;
1291 enum dpp_status_error res
;
1293 wpa_printf(MSG_DEBUG
, "DPP: Peer Discovery Response from " MACSTR
,
1295 if (is_zero_ether_addr(wpa_s
->dpp_intro_bssid
) ||
1296 os_memcmp(src
, wpa_s
->dpp_intro_bssid
, ETH_ALEN
) != 0) {
1297 wpa_printf(MSG_DEBUG
, "DPP: Not waiting for response from "
1298 MACSTR
" - drop", MAC2STR(src
));
1301 offchannel_send_action_done(wpa_s
);
1303 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
) {
1304 if (ssid
== wpa_s
->dpp_intro_network
)
1307 if (!ssid
|| !ssid
->dpp_connector
|| !ssid
->dpp_netaccesskey
||
1309 wpa_printf(MSG_DEBUG
,
1310 "DPP: Profile not found for network introduction");
1314 trans_id
= dpp_get_attr(buf
, len
, DPP_ATTR_TRANSACTION_ID
,
1316 if (!trans_id
|| trans_id_len
!= 1) {
1317 wpa_printf(MSG_DEBUG
,
1318 "DPP: Peer did not include Transaction ID");
1319 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1320 " fail=missing_transaction_id", MAC2STR(src
));
1323 if (trans_id
[0] != TRANSACTION_ID
) {
1324 wpa_printf(MSG_DEBUG
,
1325 "DPP: Ignore frame with unexpected Transaction ID %u",
1327 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1328 " fail=transaction_id_mismatch", MAC2STR(src
));
1332 status
= dpp_get_attr(buf
, len
, DPP_ATTR_STATUS
, &status_len
);
1333 if (!status
|| status_len
!= 1) {
1334 wpa_printf(MSG_DEBUG
, "DPP: Peer did not include Status");
1335 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1336 " fail=missing_status", MAC2STR(src
));
1339 if (status
[0] != DPP_STATUS_OK
) {
1340 wpa_printf(MSG_DEBUG
,
1341 "DPP: Peer rejected network introduction: Status %u",
1343 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1344 " status=%u", MAC2STR(src
), status
[0]);
1348 connector
= dpp_get_attr(buf
, len
, DPP_ATTR_CONNECTOR
, &connector_len
);
1350 wpa_printf(MSG_DEBUG
,
1351 "DPP: Peer did not include its Connector");
1352 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1353 " fail=missing_connector", MAC2STR(src
));
1357 res
= dpp_peer_intro(&intro
, ssid
->dpp_connector
,
1358 ssid
->dpp_netaccesskey
,
1359 ssid
->dpp_netaccesskey_len
,
1361 ssid
->dpp_csign_len
,
1362 connector
, connector_len
, &expiry
);
1363 if (res
!= DPP_STATUS_OK
) {
1364 wpa_printf(MSG_INFO
,
1365 "DPP: Network Introduction protocol resulted in failure");
1366 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1367 " fail=peer_connector_validation_failed", MAC2STR(src
));
1371 entry
= os_zalloc(sizeof(*entry
));
1374 os_memcpy(entry
->aa
, src
, ETH_ALEN
);
1375 os_memcpy(entry
->pmkid
, intro
.pmkid
, PMKID_LEN
);
1376 os_memcpy(entry
->pmk
, intro
.pmk
, intro
.pmk_len
);
1377 entry
->pmk_len
= intro
.pmk_len
;
1378 entry
->akmp
= WPA_KEY_MGMT_DPP
;
1381 seconds
= expiry
- now
.sec
;
1383 seconds
= 86400 * 7;
1385 os_get_reltime(&rnow
);
1386 entry
->expiration
= rnow
.sec
+ seconds
;
1387 entry
->reauth_time
= rnow
.sec
+ seconds
;
1388 entry
->network_ctx
= ssid
;
1389 wpa_sm_pmksa_cache_add_entry(wpa_s
->wpa
, entry
);
1391 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_INTRO
"peer=" MACSTR
1392 " status=%u", MAC2STR(src
), status
[0]);
1394 wpa_printf(MSG_DEBUG
,
1395 "DPP: Try connection again after successful network introduction");
1396 if (wpa_supplicant_fast_associate(wpa_s
) != 1) {
1397 wpa_supplicant_cancel_sched_scan(wpa_s
);
1398 wpa_supplicant_req_scan(wpa_s
, 0, 0);
1401 os_memset(&intro
, 0, sizeof(intro
));
1405 static int wpas_dpp_allow_ir(struct wpa_supplicant
*wpa_s
, unsigned int freq
)
1409 if (!wpa_s
->hw
.modes
)
1412 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
1413 struct hostapd_hw_modes
*mode
= &wpa_s
->hw
.modes
[i
];
1415 for (j
= 0; j
< mode
->num_channels
; j
++) {
1416 struct hostapd_channel_data
*chan
= &mode
->channels
[j
];
1418 if (chan
->freq
!= (int) freq
)
1421 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
1422 HOSTAPD_CHAN_NO_IR
|
1423 HOSTAPD_CHAN_RADAR
))
1430 wpa_printf(MSG_DEBUG
,
1431 "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list",
1438 static int wpas_dpp_pkex_next_channel(struct wpa_supplicant
*wpa_s
,
1439 struct dpp_pkex
*pkex
)
1441 if (pkex
->freq
== 2437)
1443 else if (pkex
->freq
== 5745)
1445 else if (pkex
->freq
== 5220)
1448 return -1; /* no more channels to try */
1450 if (wpas_dpp_allow_ir(wpa_s
, pkex
->freq
) == 1) {
1451 wpa_printf(MSG_DEBUG
, "DPP: Try to initiate on %u MHz",
1456 /* Could not use this channel - try the next one */
1457 return wpas_dpp_pkex_next_channel(wpa_s
, pkex
);
1461 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx
, void *timeout_ctx
)
1463 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
1464 struct dpp_pkex
*pkex
= wpa_s
->dpp_pkex
;
1466 if (!pkex
|| !pkex
->exchange_req
)
1468 if (pkex
->exch_req_tries
>= 5) {
1469 if (wpas_dpp_pkex_next_channel(wpa_s
, pkex
) < 0) {
1470 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_FAIL
1471 "No response from PKEX peer");
1472 dpp_pkex_free(pkex
);
1473 wpa_s
->dpp_pkex
= NULL
;
1476 pkex
->exch_req_tries
= 0;
1479 pkex
->exch_req_tries
++;
1480 wpa_printf(MSG_DEBUG
, "DPP: Retransmit PKEX Exchange Request (try %u)",
1481 pkex
->exch_req_tries
);
1482 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
1483 MAC2STR(broadcast
), pkex
->freq
, DPP_PA_PKEX_EXCHANGE_REQ
);
1484 offchannel_send_action(wpa_s
, pkex
->freq
, broadcast
,
1485 wpa_s
->own_addr
, broadcast
,
1486 wpabuf_head(pkex
->exchange_req
),
1487 wpabuf_len(pkex
->exchange_req
),
1488 pkex
->exch_req_wait_time
,
1489 wpas_dpp_tx_pkex_status
, 0);
1494 wpas_dpp_tx_pkex_status(struct wpa_supplicant
*wpa_s
,
1495 unsigned int freq
, const u8
*dst
,
1496 const u8
*src
, const u8
*bssid
,
1497 const u8
*data
, size_t data_len
,
1498 enum offchannel_send_action_result result
)
1500 const char *res_txt
;
1501 struct dpp_pkex
*pkex
= wpa_s
->dpp_pkex
;
1503 res_txt
= result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
1504 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
1506 wpa_printf(MSG_DEBUG
, "DPP: TX status: freq=%u dst=" MACSTR
1507 " result=%s (PKEX)",
1508 freq
, MAC2STR(dst
), res_txt
);
1509 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX_STATUS
"dst=" MACSTR
1510 " freq=%u result=%s", MAC2STR(dst
), freq
, res_txt
);
1513 wpa_printf(MSG_DEBUG
,
1514 "DPP: Ignore TX status since there is no ongoing PKEX exchange");
1519 wpa_printf(MSG_DEBUG
,
1520 "DPP: Terminate PKEX exchange due to an earlier error");
1521 if (pkex
->t
> pkex
->own_bi
->pkex_t
)
1522 pkex
->own_bi
->pkex_t
= pkex
->t
;
1523 dpp_pkex_free(pkex
);
1524 wpa_s
->dpp_pkex
= NULL
;
1528 if (pkex
->exch_req_wait_time
&& pkex
->exchange_req
) {
1529 /* Wait for PKEX Exchange Response frame and retry request if
1530 * no response is seen. */
1531 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout
, wpa_s
, NULL
);
1532 eloop_register_timeout(pkex
->exch_req_wait_time
/ 1000,
1533 (pkex
->exch_req_wait_time
% 1000) * 1000,
1534 wpas_dpp_pkex_retry_timeout
, wpa_s
,
1541 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1542 const u8
*buf
, size_t len
, unsigned int freq
)
1545 unsigned int wait_time
;
1547 wpa_printf(MSG_DEBUG
, "DPP: PKEX Exchange Request from " MACSTR
,
1550 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1553 if (!wpa_s
->dpp_pkex_code
|| !wpa_s
->dpp_pkex_bi
) {
1554 wpa_printf(MSG_DEBUG
,
1555 "DPP: No PKEX code configured - ignore request");
1559 if (wpa_s
->dpp_pkex
) {
1560 /* TODO: Support parallel operations */
1561 wpa_printf(MSG_DEBUG
,
1562 "DPP: Already in PKEX session - ignore new request");
1566 wpa_s
->dpp_pkex
= dpp_pkex_rx_exchange_req(wpa_s
, wpa_s
->dpp_pkex_bi
,
1567 wpa_s
->own_addr
, src
,
1568 wpa_s
->dpp_pkex_identifier
,
1569 wpa_s
->dpp_pkex_code
,
1571 if (!wpa_s
->dpp_pkex
) {
1572 wpa_printf(MSG_DEBUG
,
1573 "DPP: Failed to process the request - ignore it");
1577 msg
= wpa_s
->dpp_pkex
->exchange_resp
;
1578 wait_time
= wpa_s
->max_remain_on_chan
;
1579 if (wait_time
> 2000)
1581 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
1582 MAC2STR(src
), freq
, DPP_PA_PKEX_EXCHANGE_RESP
);
1583 offchannel_send_action(wpa_s
, freq
, src
, wpa_s
->own_addr
,
1585 wpabuf_head(msg
), wpabuf_len(msg
),
1586 wait_time
, wpas_dpp_tx_pkex_status
, 0);
1591 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1592 const u8
*buf
, size_t len
, unsigned int freq
)
1595 unsigned int wait_time
;
1597 wpa_printf(MSG_DEBUG
, "DPP: PKEX Exchange Response from " MACSTR
,
1600 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1603 if (!wpa_s
->dpp_pkex
|| !wpa_s
->dpp_pkex
->initiator
||
1604 wpa_s
->dpp_pkex
->exchange_done
) {
1605 wpa_printf(MSG_DEBUG
, "DPP: No matching PKEX session");
1609 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout
, wpa_s
, NULL
);
1610 wpa_s
->dpp_pkex
->exch_req_wait_time
= 0;
1612 msg
= dpp_pkex_rx_exchange_resp(wpa_s
->dpp_pkex
, src
, buf
, len
);
1614 wpa_printf(MSG_DEBUG
, "DPP: Failed to process the response");
1618 wpa_printf(MSG_DEBUG
, "DPP: Send PKEX Commit-Reveal Request to " MACSTR
,
1621 wait_time
= wpa_s
->max_remain_on_chan
;
1622 if (wait_time
> 2000)
1624 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
1625 MAC2STR(src
), freq
, DPP_PA_PKEX_COMMIT_REVEAL_REQ
);
1626 offchannel_send_action(wpa_s
, freq
, src
, wpa_s
->own_addr
,
1628 wpabuf_head(msg
), wpabuf_len(msg
),
1629 wait_time
, wpas_dpp_tx_pkex_status
, 0);
1634 static struct dpp_bootstrap_info
*
1635 wpas_dpp_pkex_finish(struct wpa_supplicant
*wpa_s
, const u8
*peer
,
1638 struct dpp_bootstrap_info
*bi
;
1640 bi
= dpp_pkex_finish(wpa_s
->dpp
, wpa_s
->dpp_pkex
, peer
, freq
);
1643 wpa_s
->dpp_pkex
= NULL
;
1649 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1650 const u8
*hdr
, const u8
*buf
, size_t len
,
1654 unsigned int wait_time
;
1655 struct dpp_pkex
*pkex
= wpa_s
->dpp_pkex
;
1657 wpa_printf(MSG_DEBUG
, "DPP: PKEX Commit-Reveal Request from " MACSTR
,
1660 if (!pkex
|| pkex
->initiator
|| !pkex
->exchange_done
) {
1661 wpa_printf(MSG_DEBUG
, "DPP: No matching PKEX session");
1665 msg
= dpp_pkex_rx_commit_reveal_req(pkex
, hdr
, buf
, len
);
1667 wpa_printf(MSG_DEBUG
, "DPP: Failed to process the request");
1669 wpa_printf(MSG_DEBUG
, "DPP: Terminate PKEX exchange");
1670 if (pkex
->t
> pkex
->own_bi
->pkex_t
)
1671 pkex
->own_bi
->pkex_t
= pkex
->t
;
1672 dpp_pkex_free(wpa_s
->dpp_pkex
);
1673 wpa_s
->dpp_pkex
= NULL
;
1678 wpa_printf(MSG_DEBUG
, "DPP: Send PKEX Commit-Reveal Response to "
1679 MACSTR
, MAC2STR(src
));
1681 wait_time
= wpa_s
->max_remain_on_chan
;
1682 if (wait_time
> 2000)
1684 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
1685 MAC2STR(src
), freq
, DPP_PA_PKEX_COMMIT_REVEAL_RESP
);
1686 offchannel_send_action(wpa_s
, freq
, src
, wpa_s
->own_addr
,
1688 wpabuf_head(msg
), wpabuf_len(msg
),
1689 wait_time
, wpas_dpp_tx_pkex_status
, 0);
1692 wpas_dpp_pkex_finish(wpa_s
, src
, freq
);
1697 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1698 const u8
*hdr
, const u8
*buf
, size_t len
,
1702 struct dpp_bootstrap_info
*bi
;
1703 struct dpp_pkex
*pkex
= wpa_s
->dpp_pkex
;
1706 wpa_printf(MSG_DEBUG
, "DPP: PKEX Commit-Reveal Response from " MACSTR
,
1709 if (!pkex
|| !pkex
->initiator
|| !pkex
->exchange_done
) {
1710 wpa_printf(MSG_DEBUG
, "DPP: No matching PKEX session");
1714 res
= dpp_pkex_rx_commit_reveal_resp(pkex
, hdr
, buf
, len
);
1716 wpa_printf(MSG_DEBUG
, "DPP: Failed to process the response");
1720 bi
= wpas_dpp_pkex_finish(wpa_s
, src
, freq
);
1724 os_snprintf(cmd
, sizeof(cmd
), " peer=%u %s",
1726 wpa_s
->dpp_pkex_auth_cmd
? wpa_s
->dpp_pkex_auth_cmd
: "");
1727 wpa_printf(MSG_DEBUG
,
1728 "DPP: Start authentication after PKEX with parameters: %s",
1730 if (wpas_dpp_auth_init(wpa_s
, cmd
) < 0) {
1731 wpa_printf(MSG_DEBUG
,
1732 "DPP: Authentication initialization failed");
1738 void wpas_dpp_rx_action(struct wpa_supplicant
*wpa_s
, const u8
*src
,
1739 const u8
*buf
, size_t len
, unsigned int freq
)
1742 enum dpp_public_action_frame_type type
;
1744 unsigned int pkex_t
;
1746 if (len
< DPP_HDR_LEN
)
1748 if (WPA_GET_BE24(buf
) != OUI_WFA
|| buf
[3] != DPP_OUI_TYPE
)
1753 crypto_suite
= *buf
++;
1757 wpa_printf(MSG_DEBUG
,
1758 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
1760 crypto_suite
, type
, MAC2STR(src
), freq
);
1761 if (crypto_suite
!= 1) {
1762 wpa_printf(MSG_DEBUG
, "DPP: Unsupported crypto suite %u",
1764 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_RX
"src=" MACSTR
1765 " freq=%u type=%d ignore=unsupported-crypto-suite",
1766 MAC2STR(src
), freq
, type
);
1769 wpa_hexdump(MSG_MSGDUMP
, "DPP: Received message attributes", buf
, len
);
1770 if (dpp_check_attrs(buf
, len
) < 0) {
1771 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_RX
"src=" MACSTR
1772 " freq=%u type=%d ignore=invalid-attributes",
1773 MAC2STR(src
), freq
, type
);
1776 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_RX
"src=" MACSTR
" freq=%u type=%d",
1777 MAC2STR(src
), freq
, type
);
1780 case DPP_PA_AUTHENTICATION_REQ
:
1781 wpas_dpp_rx_auth_req(wpa_s
, src
, hdr
, buf
, len
, freq
);
1783 case DPP_PA_AUTHENTICATION_RESP
:
1784 wpas_dpp_rx_auth_resp(wpa_s
, src
, hdr
, buf
, len
, freq
);
1786 case DPP_PA_AUTHENTICATION_CONF
:
1787 wpas_dpp_rx_auth_conf(wpa_s
, src
, hdr
, buf
, len
);
1789 case DPP_PA_PEER_DISCOVERY_RESP
:
1790 wpas_dpp_rx_peer_disc_resp(wpa_s
, src
, buf
, len
);
1792 case DPP_PA_PKEX_EXCHANGE_REQ
:
1793 wpas_dpp_rx_pkex_exchange_req(wpa_s
, src
, buf
, len
, freq
);
1795 case DPP_PA_PKEX_EXCHANGE_RESP
:
1796 wpas_dpp_rx_pkex_exchange_resp(wpa_s
, src
, buf
, len
, freq
);
1798 case DPP_PA_PKEX_COMMIT_REVEAL_REQ
:
1799 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s
, src
, hdr
, buf
, len
,
1802 case DPP_PA_PKEX_COMMIT_REVEAL_RESP
:
1803 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s
, src
, hdr
, buf
, len
,
1807 case DPP_PA_CONFIGURATION_RESULT
:
1808 wpas_dpp_rx_conf_result(wpa_s
, src
, hdr
, buf
, len
);
1810 #endif /* CONFIG_DPP2 */
1812 wpa_printf(MSG_DEBUG
,
1813 "DPP: Ignored unsupported frame subtype %d", type
);
1817 if (wpa_s
->dpp_pkex
)
1818 pkex_t
= wpa_s
->dpp_pkex
->t
;
1819 else if (wpa_s
->dpp_pkex_bi
)
1820 pkex_t
= wpa_s
->dpp_pkex_bi
->pkex_t
;
1823 if (pkex_t
>= PKEX_COUNTER_T_LIMIT
) {
1824 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_PKEX_T_LIMIT
"id=0");
1825 wpas_dpp_pkex_remove(wpa_s
, "*");
1830 static struct wpabuf
*
1831 wpas_dpp_gas_req_handler(void *ctx
, const u8
*sa
, const u8
*query
,
1834 struct wpa_supplicant
*wpa_s
= ctx
;
1835 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1836 struct wpabuf
*resp
;
1838 wpa_printf(MSG_DEBUG
, "DPP: GAS request from " MACSTR
,
1840 if (!auth
|| !auth
->auth_success
||
1841 os_memcmp(sa
, auth
->peer_mac_addr
, ETH_ALEN
) != 0) {
1842 wpa_printf(MSG_DEBUG
, "DPP: No matching exchange in progress");
1845 wpa_hexdump(MSG_DEBUG
,
1846 "DPP: Received Configuration Request (GAS Query Request)",
1848 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_REQ_RX
"src=" MACSTR
,
1850 resp
= dpp_conf_req_rx(auth
, query
, query_len
);
1852 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_FAILED
);
1853 auth
->conf_resp
= resp
;
1859 wpas_dpp_gas_status_handler(void *ctx
, struct wpabuf
*resp
, int ok
)
1861 struct wpa_supplicant
*wpa_s
= ctx
;
1862 struct dpp_authentication
*auth
= wpa_s
->dpp_auth
;
1868 if (auth
->conf_resp
!= resp
) {
1869 wpa_printf(MSG_DEBUG
,
1870 "DPP: Ignore GAS status report (ok=%d) for unknown response",
1876 wpa_printf(MSG_DEBUG
, "DPP: Configuration exchange completed (ok=%d)",
1878 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
1879 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout
, wpa_s
, NULL
);
1881 if (ok
&& auth
->peer_version
>= 2 &&
1882 auth
->conf_resp_status
== DPP_STATUS_OK
) {
1883 wpa_printf(MSG_DEBUG
, "DPP: Wait for Configuration Result");
1884 auth
->waiting_conf_result
= 1;
1885 auth
->conf_resp
= NULL
;
1887 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout
,
1889 eloop_register_timeout(2, 0,
1890 wpas_dpp_config_result_wait_timeout
,
1894 #endif /* CONFIG_DPP2 */
1895 offchannel_send_action_done(wpa_s
);
1896 wpas_dpp_listen_stop(wpa_s
);
1898 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_SENT
);
1900 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_CONF_FAILED
);
1901 dpp_auth_deinit(wpa_s
->dpp_auth
);
1902 wpa_s
->dpp_auth
= NULL
;
1907 int wpas_dpp_configurator_sign(struct wpa_supplicant
*wpa_s
, const char *cmd
)
1909 struct dpp_authentication
*auth
;
1913 auth
= os_zalloc(sizeof(*auth
));
1917 curve
= get_param(cmd
, " curve=");
1918 wpas_dpp_set_testing_options(wpa_s
, auth
);
1919 if (dpp_set_configurator(wpa_s
->dpp
, wpa_s
, auth
, cmd
) == 0 &&
1920 dpp_configurator_own_config(auth
, curve
, 0) == 0)
1921 ret
= wpas_dpp_handle_config_obj(wpa_s
, auth
);
1923 dpp_auth_deinit(auth
);
1931 wpas_dpp_tx_introduction_status(struct wpa_supplicant
*wpa_s
,
1932 unsigned int freq
, const u8
*dst
,
1933 const u8
*src
, const u8
*bssid
,
1934 const u8
*data
, size_t data_len
,
1935 enum offchannel_send_action_result result
)
1937 const char *res_txt
;
1939 res_txt
= result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
1940 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
1942 wpa_printf(MSG_DEBUG
, "DPP: TX status: freq=%u dst=" MACSTR
1943 " result=%s (DPP Peer Discovery Request)",
1944 freq
, MAC2STR(dst
), res_txt
);
1945 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX_STATUS
"dst=" MACSTR
1946 " freq=%u result=%s", MAC2STR(dst
), freq
, res_txt
);
1947 /* TODO: Time out wait for response more quickly in error cases? */
1951 int wpas_dpp_check_connect(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
1952 struct wpa_bss
*bss
)
1956 unsigned int wait_time
;
1958 struct wpa_ie_data ied
;
1960 if (!(ssid
->key_mgmt
& WPA_KEY_MGMT_DPP
) || !bss
)
1961 return 0; /* Not using DPP AKM - continue */
1962 rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
1963 if (rsn
&& wpa_parse_wpa_ie(rsn
, 2 + rsn
[1], &ied
) == 0 &&
1964 !(ied
.key_mgmt
& WPA_KEY_MGMT_DPP
))
1965 return 0; /* AP does not support DPP AKM - continue */
1966 if (wpa_sm_pmksa_exists(wpa_s
->wpa
, bss
->bssid
, ssid
))
1967 return 0; /* PMKSA exists for DPP AKM - continue */
1969 if (!ssid
->dpp_connector
|| !ssid
->dpp_netaccesskey
||
1971 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_MISSING_CONNECTOR
1973 !ssid
->dpp_connector
? "Connector" :
1974 (!ssid
->dpp_netaccesskey
? "netAccessKey" :
1981 if (ssid
->dpp_netaccesskey_expiry
&&
1982 (os_time_t
) ssid
->dpp_netaccesskey_expiry
< now
.sec
) {
1983 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_MISSING_CONNECTOR
1984 "netAccessKey expired");
1988 wpa_printf(MSG_DEBUG
,
1989 "DPP: Starting network introduction protocol to derive PMKSA for "
1990 MACSTR
, MAC2STR(bss
->bssid
));
1992 msg
= dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ
,
1993 5 + 4 + os_strlen(ssid
->dpp_connector
));
1997 #ifdef CONFIG_TESTING_OPTIONS
1998 if (dpp_test
== DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ
) {
1999 wpa_printf(MSG_INFO
, "DPP: TESTING - no Transaction ID");
2002 if (dpp_test
== DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ
) {
2003 wpa_printf(MSG_INFO
, "DPP: TESTING - invalid Transaction ID");
2004 wpabuf_put_le16(msg
, DPP_ATTR_TRANSACTION_ID
);
2005 wpabuf_put_le16(msg
, 0);
2008 #endif /* CONFIG_TESTING_OPTIONS */
2010 /* Transaction ID */
2011 wpabuf_put_le16(msg
, DPP_ATTR_TRANSACTION_ID
);
2012 wpabuf_put_le16(msg
, 1);
2013 wpabuf_put_u8(msg
, TRANSACTION_ID
);
2015 #ifdef CONFIG_TESTING_OPTIONS
2017 if (dpp_test
== DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ
) {
2018 wpa_printf(MSG_INFO
, "DPP: TESTING - no Connector");
2019 goto skip_connector
;
2021 if (dpp_test
== DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ
) {
2024 wpa_printf(MSG_INFO
, "DPP: TESTING - invalid Connector");
2025 connector
= dpp_corrupt_connector_signature(
2026 ssid
->dpp_connector
);
2031 wpabuf_put_le16(msg
, DPP_ATTR_CONNECTOR
);
2032 wpabuf_put_le16(msg
, os_strlen(connector
));
2033 wpabuf_put_str(msg
, connector
);
2035 goto skip_connector
;
2037 #endif /* CONFIG_TESTING_OPTIONS */
2040 wpabuf_put_le16(msg
, DPP_ATTR_CONNECTOR
);
2041 wpabuf_put_le16(msg
, os_strlen(ssid
->dpp_connector
));
2042 wpabuf_put_str(msg
, ssid
->dpp_connector
);
2044 #ifdef CONFIG_TESTING_OPTIONS
2046 #endif /* CONFIG_TESTING_OPTIONS */
2048 /* TODO: Timeout on AP response */
2049 wait_time
= wpa_s
->max_remain_on_chan
;
2050 if (wait_time
> 2000)
2052 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
" freq=%u type=%d",
2053 MAC2STR(bss
->bssid
), bss
->freq
, DPP_PA_PEER_DISCOVERY_REQ
);
2054 offchannel_send_action(wpa_s
, bss
->freq
, bss
->bssid
, wpa_s
->own_addr
,
2056 wpabuf_head(msg
), wpabuf_len(msg
),
2057 wait_time
, wpas_dpp_tx_introduction_status
, 0);
2060 /* Request this connection attempt to terminate - new one will be
2061 * started when network introduction protocol completes */
2062 os_memcpy(wpa_s
->dpp_intro_bssid
, bss
->bssid
, ETH_ALEN
);
2063 wpa_s
->dpp_intro_network
= ssid
;
2068 int wpas_dpp_pkex_add(struct wpa_supplicant
*wpa_s
, const char *cmd
)
2070 struct dpp_bootstrap_info
*own_bi
;
2071 const char *pos
, *end
;
2072 unsigned int wait_time
;
2074 pos
= os_strstr(cmd
, " own=");
2078 own_bi
= dpp_bootstrap_get_id(wpa_s
->dpp
, atoi(pos
));
2080 wpa_printf(MSG_DEBUG
,
2081 "DPP: Identified bootstrap info not found");
2084 if (own_bi
->type
!= DPP_BOOTSTRAP_PKEX
) {
2085 wpa_printf(MSG_DEBUG
,
2086 "DPP: Identified bootstrap info not for PKEX");
2089 wpa_s
->dpp_pkex_bi
= own_bi
;
2090 own_bi
->pkex_t
= 0; /* clear pending errors on new code */
2092 os_free(wpa_s
->dpp_pkex_identifier
);
2093 wpa_s
->dpp_pkex_identifier
= NULL
;
2094 pos
= os_strstr(cmd
, " identifier=");
2097 end
= os_strchr(pos
, ' ');
2100 wpa_s
->dpp_pkex_identifier
= os_malloc(end
- pos
+ 1);
2101 if (!wpa_s
->dpp_pkex_identifier
)
2103 os_memcpy(wpa_s
->dpp_pkex_identifier
, pos
, end
- pos
);
2104 wpa_s
->dpp_pkex_identifier
[end
- pos
] = '\0';
2107 pos
= os_strstr(cmd
, " code=");
2110 os_free(wpa_s
->dpp_pkex_code
);
2111 wpa_s
->dpp_pkex_code
= os_strdup(pos
+ 6);
2112 if (!wpa_s
->dpp_pkex_code
)
2115 if (os_strstr(cmd
, " init=1")) {
2116 struct dpp_pkex
*pkex
;
2119 wpa_printf(MSG_DEBUG
, "DPP: Initiating PKEX");
2120 dpp_pkex_free(wpa_s
->dpp_pkex
);
2121 wpa_s
->dpp_pkex
= dpp_pkex_init(wpa_s
, own_bi
, wpa_s
->own_addr
,
2122 wpa_s
->dpp_pkex_identifier
,
2123 wpa_s
->dpp_pkex_code
);
2124 pkex
= wpa_s
->dpp_pkex
;
2128 msg
= pkex
->exchange_req
;
2129 wait_time
= wpa_s
->max_remain_on_chan
;
2130 if (wait_time
> 2000)
2133 wpa_msg(wpa_s
, MSG_INFO
, DPP_EVENT_TX
"dst=" MACSTR
2135 MAC2STR(broadcast
), pkex
->freq
,
2136 DPP_PA_PKEX_EXCHANGE_REQ
);
2137 offchannel_send_action(wpa_s
, pkex
->freq
, broadcast
,
2138 wpa_s
->own_addr
, broadcast
,
2139 wpabuf_head(msg
), wpabuf_len(msg
),
2140 wait_time
, wpas_dpp_tx_pkex_status
, 0);
2143 pkex
->exch_req_wait_time
= wait_time
;
2144 pkex
->exch_req_tries
= 1;
2147 /* TODO: Support multiple PKEX info entries */
2149 os_free(wpa_s
->dpp_pkex_auth_cmd
);
2150 wpa_s
->dpp_pkex_auth_cmd
= os_strdup(cmd
);
2156 int wpas_dpp_pkex_remove(struct wpa_supplicant
*wpa_s
, const char *id
)
2158 unsigned int id_val
;
2160 if (os_strcmp(id
, "*") == 0) {
2168 if ((id_val
!= 0 && id_val
!= 1) || !wpa_s
->dpp_pkex_code
)
2171 /* TODO: Support multiple PKEX entries */
2172 os_free(wpa_s
->dpp_pkex_code
);
2173 wpa_s
->dpp_pkex_code
= NULL
;
2174 os_free(wpa_s
->dpp_pkex_identifier
);
2175 wpa_s
->dpp_pkex_identifier
= NULL
;
2176 os_free(wpa_s
->dpp_pkex_auth_cmd
);
2177 wpa_s
->dpp_pkex_auth_cmd
= NULL
;
2178 wpa_s
->dpp_pkex_bi
= NULL
;
2179 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
2180 dpp_pkex_free(wpa_s
->dpp_pkex
);
2181 wpa_s
->dpp_pkex
= NULL
;
2186 void wpas_dpp_stop(struct wpa_supplicant
*wpa_s
)
2188 dpp_auth_deinit(wpa_s
->dpp_auth
);
2189 wpa_s
->dpp_auth
= NULL
;
2190 dpp_pkex_free(wpa_s
->dpp_pkex
);
2191 wpa_s
->dpp_pkex
= NULL
;
2192 if (wpa_s
->dpp_gas_client
&& wpa_s
->dpp_gas_dialog_token
>= 0)
2193 gas_query_stop(wpa_s
->gas
, wpa_s
->dpp_gas_dialog_token
);
2197 int wpas_dpp_init(struct wpa_supplicant
*wpa_s
)
2201 adv_proto_id
[0] = WLAN_EID_VENDOR_SPECIFIC
;
2202 adv_proto_id
[1] = 5;
2203 WPA_PUT_BE24(&adv_proto_id
[2], OUI_WFA
);
2204 adv_proto_id
[5] = DPP_OUI_TYPE
;
2205 adv_proto_id
[6] = 0x01;
2207 if (gas_server_register(wpa_s
->gas_server
, adv_proto_id
,
2208 sizeof(adv_proto_id
), wpas_dpp_gas_req_handler
,
2209 wpas_dpp_gas_status_handler
, wpa_s
) < 0)
2211 wpa_s
->dpp
= dpp_global_init();
2212 return wpa_s
->dpp
? 0 : -1;
2216 void wpas_dpp_deinit(struct wpa_supplicant
*wpa_s
)
2218 #ifdef CONFIG_TESTING_OPTIONS
2219 os_free(wpa_s
->dpp_config_obj_override
);
2220 wpa_s
->dpp_config_obj_override
= NULL
;
2221 os_free(wpa_s
->dpp_discovery_override
);
2222 wpa_s
->dpp_discovery_override
= NULL
;
2223 os_free(wpa_s
->dpp_groups_override
);
2224 wpa_s
->dpp_groups_override
= NULL
;
2225 wpa_s
->dpp_ignore_netaccesskey_mismatch
= 0;
2226 #endif /* CONFIG_TESTING_OPTIONS */
2229 dpp_global_clear(wpa_s
->dpp
);
2230 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout
, wpa_s
, NULL
);
2231 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout
, wpa_s
, NULL
);
2232 eloop_cancel_timeout(wpas_dpp_init_timeout
, wpa_s
, NULL
);
2233 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout
, wpa_s
, NULL
);
2235 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout
, wpa_s
, NULL
);
2236 dpp_pfs_free(wpa_s
->dpp_pfs
);
2237 wpa_s
->dpp_pfs
= NULL
;
2238 #endif /* CONFIG_DPP2 */
2239 offchannel_send_action_done(wpa_s
);
2240 wpas_dpp_listen_stop(wpa_s
);
2241 wpas_dpp_stop(wpa_s
);
2242 wpas_dpp_pkex_remove(wpa_s
, "*");
2243 os_memset(wpa_s
->dpp_intro_bssid
, 0, ETH_ALEN
);
2244 os_free(wpa_s
->dpp_configurator_params
);
2245 wpa_s
->dpp_configurator_params
= NULL
;