1 /*
2 * wpa_supplicant - DPP
3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 * Copyright (c) 2018-2020, The Linux Foundation
5 * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc.
6 *
7 * This software may be distributed under the terms of the BSD license.
8 * See README for more details.
9 */
10
11 #include "utils/includes.h"
12
13 #include "utils/common.h"
14 #include "utils/eloop.h"
15 #include "utils/ip_addr.h"
16 #include "utils/base64.h"
17 #include "common/dpp.h"
18 #include "common/gas.h"
19 #include "common/gas_server.h"
20 #include "crypto/random.h"
21 #include "rsn_supp/wpa.h"
22 #include "rsn_supp/pmksa_cache.h"
23 #include "wpa_supplicant_i.h"
24 #include "config.h"
25 #include "driver_i.h"
26 #include "offchannel.h"
27 #include "gas_query.h"
28 #include "bss.h"
29 #include "scan.h"
30 #include "notify.h"
31 #include "dpp_supplicant.h"
32
33
34 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
35 unsigned int freq);
36 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
37 static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx);
38 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
39 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
40 unsigned int freq, const u8 *dst,
41 const u8 *src, const u8 *bssid,
42 const u8 *data, size_t data_len,
43 enum offchannel_send_action_result result);
44 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
45 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s);
46 static void
47 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
48 unsigned int freq, const u8 *dst,
49 const u8 *src, const u8 *bssid,
50 const u8 *data, size_t data_len,
51 enum offchannel_send_action_result result);
52 static void wpas_dpp_gas_client_timeout(void *eloop_ctx, void *timeout_ctx);
53 #ifdef CONFIG_DPP2
54 static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
55 void *timeout_ctx);
56 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s);
57 static int wpas_dpp_process_conf_obj(void *ctx,
58 struct dpp_authentication *auth);
59 static bool wpas_dpp_tcp_msg_sent(void *ctx, struct dpp_authentication *auth);
60 #endif /* CONFIG_DPP2 */
61
62 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
63
64 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
65 * a single transaction in progress at any point in time. */
66 static const u8 TRANSACTION_ID = 1;
67
68
69 /**
70 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
71 * @wpa_s: Pointer to wpa_supplicant data
72 * @cmd: DPP URI read from a QR Code
73 * Returns: Identifier of the stored info or -1 on failure
74 */
wpas_dpp_qr_code(struct wpa_supplicant * wpa_s,const char * cmd)75 int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
76 {
77 struct dpp_bootstrap_info *bi;
78 struct dpp_authentication *auth = wpa_s->dpp_auth;
79
80 bi = dpp_add_qr_code(wpa_s->dpp, cmd);
81 if (!bi)
82 return -1;
83
84 if (auth && auth->response_pending &&
85 dpp_notify_new_qr_code(auth, bi) == 1) {
86 wpa_printf(MSG_DEBUG,
87 "DPP: Sending out pending authentication response");
88 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
89 " freq=%u type=%d",
90 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
91 DPP_PA_AUTHENTICATION_RESP);
92 offchannel_send_action(wpa_s, auth->curr_freq,
93 auth->peer_mac_addr, wpa_s->own_addr,
94 broadcast,
95 wpabuf_head(auth->resp_msg),
96 wpabuf_len(auth->resp_msg),
97 500, wpas_dpp_tx_status, 0);
98 }
99
100 #ifdef CONFIG_DPP2
101 dpp_controller_new_qr_code(wpa_s->dpp, bi);
102 #endif /* CONFIG_DPP2 */
103
104 return bi->id;
105 }
106
107
108 /**
109 * wpas_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI)
110 * @wpa_s: Pointer to wpa_supplicant data
111 * @cmd: DPP URI read from a NFC Tag (URI NDEF message)
112 * Returns: Identifier of the stored info or -1 on failure
113 */
wpas_dpp_nfc_uri(struct wpa_supplicant * wpa_s,const char * cmd)114 int wpas_dpp_nfc_uri(struct wpa_supplicant *wpa_s, const char *cmd)
115 {
116 struct dpp_bootstrap_info *bi;
117
118 bi = dpp_add_nfc_uri(wpa_s->dpp, cmd);
119 if (!bi)
120 return -1;
121
122 return bi->id;
123 }
124
125
wpas_dpp_nfc_handover_req(struct wpa_supplicant * wpa_s,const char * cmd)126 int wpas_dpp_nfc_handover_req(struct wpa_supplicant *wpa_s, const char *cmd)
127 {
128 const char *pos;
129 struct dpp_bootstrap_info *peer_bi, *own_bi;
130
131 pos = os_strstr(cmd, " own=");
132 if (!pos)
133 return -1;
134 pos += 5;
135 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
136 if (!own_bi)
137 return -1;
138 own_bi->nfc_negotiated = 1;
139
140 pos = os_strstr(cmd, " uri=");
141 if (!pos)
142 return -1;
143 pos += 5;
144 peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
145 if (!peer_bi) {
146 wpa_printf(MSG_INFO,
147 "DPP: Failed to parse URI from NFC Handover Request");
148 return -1;
149 }
150
151 if (dpp_nfc_update_bi(own_bi, peer_bi) < 0)
152 return -1;
153
154 return peer_bi->id;
155 }
156
157
wpas_dpp_nfc_handover_sel(struct wpa_supplicant * wpa_s,const char * cmd)158 int wpas_dpp_nfc_handover_sel(struct wpa_supplicant *wpa_s, const char *cmd)
159 {
160 const char *pos;
161 struct dpp_bootstrap_info *peer_bi, *own_bi;
162
163 pos = os_strstr(cmd, " own=");
164 if (!pos)
165 return -1;
166 pos += 5;
167 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
168 if (!own_bi)
169 return -1;
170 own_bi->nfc_negotiated = 1;
171
172 pos = os_strstr(cmd, " uri=");
173 if (!pos)
174 return -1;
175 pos += 5;
176 peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
177 if (!peer_bi) {
178 wpa_printf(MSG_INFO,
179 "DPP: Failed to parse URI from NFC Handover Select");
180 return -1;
181 }
182
183 if (peer_bi->curve != own_bi->curve) {
184 wpa_printf(MSG_INFO,
185 "DPP: Peer (NFC Handover Selector) used different curve");
186 return -1;
187 }
188
189 return peer_bi->id;
190 }
191
192
wpas_dpp_auth_resp_retry_timeout(void * eloop_ctx,void * timeout_ctx)193 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx)
194 {
195 struct wpa_supplicant *wpa_s = eloop_ctx;
196 struct dpp_authentication *auth = wpa_s->dpp_auth;
197
198 if (!auth || !auth->resp_msg)
199 return;
200
201 wpa_printf(MSG_DEBUG,
202 "DPP: Retry Authentication Response after timeout");
203 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
204 " freq=%u type=%d",
205 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
206 DPP_PA_AUTHENTICATION_RESP);
207 offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr,
208 wpa_s->own_addr, broadcast,
209 wpabuf_head(auth->resp_msg),
210 wpabuf_len(auth->resp_msg),
211 500, wpas_dpp_tx_status, 0);
212 }
213
214
wpas_dpp_auth_resp_retry(struct wpa_supplicant * wpa_s)215 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s)
216 {
217 struct dpp_authentication *auth = wpa_s->dpp_auth;
218 unsigned int wait_time, max_tries;
219
220 if (!auth || !auth->resp_msg)
221 return;
222
223 if (wpa_s->dpp_resp_max_tries)
224 max_tries = wpa_s->dpp_resp_max_tries;
225 else
226 max_tries = 5;
227 auth->auth_resp_tries++;
228 if (auth->auth_resp_tries >= max_tries) {
229 wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange");
230 offchannel_send_action_done(wpa_s);
231 dpp_auth_deinit(wpa_s->dpp_auth);
232 wpa_s->dpp_auth = NULL;
233 return;
234 }
235
236 if (wpa_s->dpp_resp_retry_time)
237 wait_time = wpa_s->dpp_resp_retry_time;
238 else
239 wait_time = 1000;
240 if (wpa_s->dpp_tx_chan_change) {
241 wpa_s->dpp_tx_chan_change = false;
242 if (wait_time > 100)
243 wait_time = 100;
244 }
245
246 wpa_printf(MSG_DEBUG,
247 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
248 wait_time);
249 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
250 eloop_register_timeout(wait_time / 1000,
251 (wait_time % 1000) * 1000,
252 wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
253 }
254
255
wpas_dpp_try_to_connect(struct wpa_supplicant * wpa_s)256 static void wpas_dpp_try_to_connect(struct wpa_supplicant *wpa_s)
257 {
258 wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network");
259 wpa_s->suitable_network = 0;
260 wpa_s->no_suitable_network = 0;
261 wpa_s->disconnected = 0;
262 wpa_s->reassociate = 1;
263 wpa_s->scan_runs = 0;
264 wpa_s->normal_scans = 0;
265 wpa_supplicant_cancel_sched_scan(wpa_s);
266 wpa_supplicant_req_scan(wpa_s, 0, 0);
267 }
268
269
270 #ifdef CONFIG_DPP2
271
wpas_dpp_stop_listen_for_tx(struct wpa_supplicant * wpa_s,unsigned int freq,unsigned int wait_time)272 static void wpas_dpp_stop_listen_for_tx(struct wpa_supplicant *wpa_s,
273 unsigned int freq,
274 unsigned int wait_time)
275 {
276 struct os_reltime now, res;
277 unsigned int remaining;
278
279 if (!wpa_s->dpp_listen_freq)
280 return;
281
282 os_get_reltime(&now);
283 if (os_reltime_before(&now, &wpa_s->dpp_listen_end)) {
284 os_reltime_sub(&wpa_s->dpp_listen_end, &now, &res);
285 remaining = res.sec * 1000 + res.usec / 1000;
286 } else {
287 remaining = 0;
288 }
289 if (wpa_s->dpp_listen_freq == freq && remaining > wait_time)
290 return;
291
292 wpa_printf(MSG_DEBUG,
293 "DPP: Stop listen on %u MHz ending in %u ms to allow immediate TX on %u MHz for %u ms",
294 wpa_s->dpp_listen_freq, remaining, freq, wait_time);
295 wpas_dpp_listen_stop(wpa_s);
296
297 /* TODO: Restart listen in some cases after TX? */
298 }
299
300
wpas_dpp_conn_status_result_timeout(void * eloop_ctx,void * timeout_ctx)301 static void wpas_dpp_conn_status_result_timeout(void *eloop_ctx,
302 void *timeout_ctx)
303 {
304 struct wpa_supplicant *wpa_s = eloop_ctx;
305 struct dpp_authentication *auth = wpa_s->dpp_auth;
306 enum dpp_status_error result;
307
308 if ((!auth || !auth->conn_status_requested) &&
309 !dpp_tcp_conn_status_requested(wpa_s->dpp))
310 return;
311
312 wpa_printf(MSG_DEBUG,
313 "DPP: Connection timeout - report Connection Status Result");
314 if (wpa_s->suitable_network)
315 result = DPP_STATUS_AUTH_FAILURE;
316 else if (wpa_s->no_suitable_network)
317 result = DPP_STATUS_NO_AP;
318 else
319 result = 255; /* What to report here for unexpected state? */
320 if (wpa_s->wpa_state == WPA_SCANNING)
321 wpas_abort_ongoing_scan(wpa_s);
322 wpas_dpp_send_conn_status_result(wpa_s, result);
323 }
324
325
wpas_dpp_scan_channel_list(struct wpa_supplicant * wpa_s)326 static char * wpas_dpp_scan_channel_list(struct wpa_supplicant *wpa_s)
327 {
328 char *str, *end, *pos;
329 size_t len;
330 unsigned int i;
331 u8 last_op_class = 0;
332 int res;
333
334 if (!wpa_s->last_scan_freqs || !wpa_s->num_last_scan_freqs)
335 return NULL;
336
337 len = wpa_s->num_last_scan_freqs * 8;
338 str = os_zalloc(len);
339 if (!str)
340 return NULL;
341 end = str + len;
342 pos = str;
343
344 for (i = 0; i < wpa_s->num_last_scan_freqs; i++) {
345 enum hostapd_hw_mode mode;
346 u8 op_class, channel;
347
348 mode = ieee80211_freq_to_channel_ext(wpa_s->last_scan_freqs[i],
349 0, 0, &op_class, &channel);
350 if (mode == NUM_HOSTAPD_MODES)
351 continue;
352 if (op_class == last_op_class)
353 res = os_snprintf(pos, end - pos, ",%d", channel);
354 else
355 res = os_snprintf(pos, end - pos, "%s%d/%d",
356 pos == str ? "" : ",",
357 op_class, channel);
358 if (os_snprintf_error(end - pos, res)) {
359 *pos = '\0';
360 break;
361 }
362 pos += res;
363 last_op_class = op_class;
364 }
365
366 if (pos == str) {
367 os_free(str);
368 str = NULL;
369 }
370 return str;
371 }
372
373
wpas_dpp_send_conn_status_result(struct wpa_supplicant * wpa_s,enum dpp_status_error result)374 void wpas_dpp_send_conn_status_result(struct wpa_supplicant *wpa_s,
375 enum dpp_status_error result)
376 {
377 struct wpabuf *msg;
378 const char *channel_list = NULL;
379 char *channel_list_buf = NULL;
380 struct wpa_ssid *ssid = wpa_s->current_ssid;
381 struct dpp_authentication *auth = wpa_s->dpp_auth;
382
383 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
384
385 if ((!auth || !auth->conn_status_requested) &&
386 !dpp_tcp_conn_status_requested(wpa_s->dpp))
387 return;
388
389 wpa_printf(MSG_DEBUG, "DPP: Report connection status result %d",
390 result);
391
392 if (result == DPP_STATUS_NO_AP) {
393 channel_list_buf = wpas_dpp_scan_channel_list(wpa_s);
394 channel_list = channel_list_buf;
395 }
396
397 if (!auth || !auth->conn_status_requested) {
398 dpp_tcp_send_conn_status(wpa_s->dpp, result,
399 ssid ? ssid->ssid :
400 wpa_s->dpp_last_ssid,
401 ssid ? ssid->ssid_len :
402 wpa_s->dpp_last_ssid_len,
403 channel_list);
404 os_free(channel_list_buf);
405 return;
406 }
407
408 auth->conn_status_requested = 0;
409
410 msg = dpp_build_conn_status_result(auth, result,
411 ssid ? ssid->ssid :
412 wpa_s->dpp_last_ssid,
413 ssid ? ssid->ssid_len :
414 wpa_s->dpp_last_ssid_len,
415 channel_list);
416 os_free(channel_list_buf);
417 if (!msg) {
418 dpp_auth_deinit(wpa_s->dpp_auth);
419 wpa_s->dpp_auth = NULL;
420 return;
421 }
422
423 wpa_msg(wpa_s, MSG_INFO,
424 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
425 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
426 DPP_PA_CONNECTION_STATUS_RESULT);
427 offchannel_send_action(wpa_s, auth->curr_freq,
428 auth->peer_mac_addr, wpa_s->own_addr, broadcast,
429 wpabuf_head(msg), wpabuf_len(msg),
430 500, wpas_dpp_tx_status, 0);
431 wpabuf_free(msg);
432
433 /* This exchange will be terminated in the TX status handler */
434 auth->remove_on_tx_status = 1;
435
436 return;
437 }
438
439
wpas_dpp_connected_timeout(void * eloop_ctx,void * timeout_ctx)440 static void wpas_dpp_connected_timeout(void *eloop_ctx, void *timeout_ctx)
441 {
442 struct wpa_supplicant *wpa_s = eloop_ctx;
443 struct dpp_authentication *auth = wpa_s->dpp_auth;
444
445 if ((auth && auth->conn_status_requested) ||
446 dpp_tcp_conn_status_requested(wpa_s->dpp))
447 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_OK);
448 }
449
450
wpas_dpp_connected(struct wpa_supplicant * wpa_s)451 void wpas_dpp_connected(struct wpa_supplicant *wpa_s)
452 {
453 struct dpp_authentication *auth = wpa_s->dpp_auth;
454
455 if ((auth && auth->conn_status_requested) ||
456 dpp_tcp_conn_status_requested(wpa_s->dpp)) {
457 /* Report connection result from an eloop timeout to avoid delay
458 * to completing all connection completion steps since this
459 * function is called in a middle of the post 4-way handshake
460 * processing. */
461 eloop_register_timeout(0, 0, wpas_dpp_connected_timeout,
462 wpa_s, NULL);
463 }
464 }
465
466 #endif /* CONFIG_DPP2 */
467
468
wpas_dpp_drv_wait_timeout(void * eloop_ctx,void * timeout_ctx)469 static void wpas_dpp_drv_wait_timeout(void *eloop_ctx, void *timeout_ctx)
470 {
471 struct wpa_supplicant *wpa_s = eloop_ctx;
472 struct dpp_authentication *auth = wpa_s->dpp_auth;
473
474 if (auth && auth->waiting_auth_resp) {
475 wpa_printf(MSG_DEBUG,
476 "DPP: Call wpas_dpp_auth_init_next() from %s",
477 __func__);
478 wpas_dpp_auth_init_next(wpa_s);
479 } else {
480 wpa_printf(MSG_DEBUG, "DPP: %s, but no waiting_auth_resp",
481 __func__);
482 }
483 }
484
485
wpas_dpp_neg_freq_timeout(void * eloop_ctx,void * timeout_ctx)486 static void wpas_dpp_neg_freq_timeout(void *eloop_ctx, void *timeout_ctx)
487 {
488 struct wpa_supplicant *wpa_s = eloop_ctx;
489 struct dpp_authentication *auth = wpa_s->dpp_auth;
490
491 if (!wpa_s->dpp_listen_on_tx_expire || !auth || !auth->neg_freq)
492 return;
493
494 wpa_printf(MSG_DEBUG,
495 "DPP: Start listen on neg_freq %u MHz based on timeout for TX wait expiration",
496 auth->neg_freq);
497 wpas_dpp_listen_start(wpa_s, auth->neg_freq);
498 }
499
500
wpas_dpp_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)501 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
502 unsigned int freq, const u8 *dst,
503 const u8 *src, const u8 *bssid,
504 const u8 *data, size_t data_len,
505 enum offchannel_send_action_result result)
506 {
507 const char *res_txt;
508 struct dpp_authentication *auth = wpa_s->dpp_auth;
509
510 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
511 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
512 "FAILED");
513 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
514 " result=%s", freq, MAC2STR(dst), res_txt);
515 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
516 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
517
518 if (!wpa_s->dpp_auth) {
519 wpa_printf(MSG_DEBUG,
520 "DPP: Ignore TX status since there is no ongoing authentication exchange");
521 return;
522 }
523
524 #ifdef CONFIG_DPP2
525 if (auth->connect_on_tx_status) {
526 auth->connect_on_tx_status = 0;
527 wpa_printf(MSG_DEBUG,
528 "DPP: Try to connect after completed configuration result");
529 wpas_dpp_try_to_connect(wpa_s);
530 if (auth->conn_status_requested) {
531 wpa_printf(MSG_DEBUG,
532 "DPP: Start 15 second timeout for reporting connection status result");
533 eloop_cancel_timeout(
534 wpas_dpp_conn_status_result_timeout,
535 wpa_s, NULL);
536 eloop_register_timeout(
537 15, 0, wpas_dpp_conn_status_result_timeout,
538 wpa_s, NULL);
539 } else {
540 dpp_auth_deinit(wpa_s->dpp_auth);
541 wpa_s->dpp_auth = NULL;
542 }
543 return;
544 }
545 #endif /* CONFIG_DPP2 */
546
547 if (wpa_s->dpp_auth->remove_on_tx_status) {
548 wpa_printf(MSG_DEBUG,
549 "DPP: Terminate authentication exchange due to a request to do so on TX status");
550 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
551 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
552 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
553 NULL);
554 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
555 NULL);
556 #ifdef CONFIG_DPP2
557 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
558 wpa_s, NULL);
559 #endif /* CONFIG_DPP2 */
560 offchannel_send_action_done(wpa_s);
561 dpp_auth_deinit(wpa_s->dpp_auth);
562 wpa_s->dpp_auth = NULL;
563 return;
564 }
565
566 if (wpa_s->dpp_auth_ok_on_ack)
567 wpas_dpp_auth_success(wpa_s, 1);
568
569 if (!is_broadcast_ether_addr(dst) &&
570 result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
571 wpa_printf(MSG_DEBUG,
572 "DPP: Unicast DPP Action frame was not ACKed");
573 if (auth->waiting_auth_resp) {
574 /* In case of DPP Authentication Request frame, move to
575 * the next channel immediately. */
576 offchannel_send_action_done(wpa_s);
577 /* Call wpas_dpp_auth_init_next(wpa_s) from driver event
578 * notifying frame wait was completed or from eloop
579 * timeout. */
580 eloop_register_timeout(0, 10000,
581 wpas_dpp_drv_wait_timeout,
582 wpa_s, NULL);
583 return;
584 }
585 if (auth->waiting_auth_conf) {
586 wpas_dpp_auth_resp_retry(wpa_s);
587 return;
588 }
589 }
590
591 if (auth->waiting_auth_conf &&
592 auth->auth_resp_status == DPP_STATUS_OK) {
593 /* Make sure we do not get stuck waiting for Auth Confirm
594 * indefinitely after successfully transmitted Auth Response to
595 * allow new authentication exchanges to be started. */
596 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
597 NULL);
598 eloop_register_timeout(1, 0, wpas_dpp_auth_conf_wait_timeout,
599 wpa_s, NULL);
600 }
601
602 if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp &&
603 result == OFFCHANNEL_SEND_ACTION_SUCCESS) {
604 /* Allow timeout handling to stop iteration if no response is
605 * received from a peer that has ACKed a request. */
606 auth->auth_req_ack = 1;
607 }
608
609 if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
610 wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
611 wpa_printf(MSG_DEBUG,
612 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
613 wpa_s->dpp_auth->curr_freq,
614 wpa_s->dpp_auth->neg_freq);
615 offchannel_send_action_done(wpa_s);
616 wpa_s->dpp_listen_on_tx_expire = true;
617 eloop_register_timeout(0, 100000, wpas_dpp_neg_freq_timeout,
618 wpa_s, NULL);
619 }
620
621 if (wpa_s->dpp_auth_ok_on_ack)
622 wpa_s->dpp_auth_ok_on_ack = 0;
623 }
624
625
wpas_dpp_reply_wait_timeout(void * eloop_ctx,void * timeout_ctx)626 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
627 {
628 struct wpa_supplicant *wpa_s = eloop_ctx;
629 struct dpp_authentication *auth = wpa_s->dpp_auth;
630 unsigned int freq;
631 struct os_reltime now, diff;
632 unsigned int wait_time, diff_ms;
633
634 if (!auth || !auth->waiting_auth_resp)
635 return;
636
637 wait_time = wpa_s->dpp_resp_wait_time ?
638 wpa_s->dpp_resp_wait_time : 2000;
639 os_get_reltime(&now);
640 os_reltime_sub(&now, &wpa_s->dpp_last_init, &diff);
641 diff_ms = diff.sec * 1000 + diff.usec / 1000;
642 wpa_printf(MSG_DEBUG,
643 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
644 wait_time, diff_ms);
645
646 if (auth->auth_req_ack && diff_ms >= wait_time) {
647 /* Peer ACK'ed Authentication Request frame, but did not reply
648 * with Authentication Response frame within two seconds. */
649 wpa_printf(MSG_INFO,
650 "DPP: No response received from responder - stopping initiation attempt");
651 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
652 offchannel_send_action_done(wpa_s);
653 wpas_dpp_listen_stop(wpa_s);
654 dpp_auth_deinit(auth);
655 wpa_s->dpp_auth = NULL;
656 return;
657 }
658
659 if (diff_ms >= wait_time) {
660 /* Authentication Request frame was not ACK'ed and no reply
661 * was receiving within two seconds. */
662 wpa_printf(MSG_DEBUG,
663 "DPP: Continue Initiator channel iteration");
664 offchannel_send_action_done(wpa_s);
665 wpas_dpp_listen_stop(wpa_s);
666 wpas_dpp_auth_init_next(wpa_s);
667 return;
668 }
669
670 /* Driver did not support 2000 ms long wait_time with TX command, so
671 * schedule listen operation to continue waiting for the response.
672 *
673 * DPP listen operations continue until stopped, so simply schedule a
674 * new call to this function at the point when the two second reply
675 * wait has expired. */
676 wait_time -= diff_ms;
677
678 freq = auth->curr_freq;
679 if (auth->neg_freq > 0)
680 freq = auth->neg_freq;
681 wpa_printf(MSG_DEBUG,
682 "DPP: Continue reply wait on channel %u MHz for %u ms",
683 freq, wait_time);
684 wpa_s->dpp_in_response_listen = 1;
685 wpas_dpp_listen_start(wpa_s, freq);
686
687 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
688 wpas_dpp_reply_wait_timeout, wpa_s, NULL);
689 }
690
691
wpas_dpp_auth_conf_wait_timeout(void * eloop_ctx,void * timeout_ctx)692 static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx)
693 {
694 struct wpa_supplicant *wpa_s = eloop_ctx;
695 struct dpp_authentication *auth = wpa_s->dpp_auth;
696
697 if (!auth || !auth->waiting_auth_conf)
698 return;
699
700 wpa_printf(MSG_DEBUG,
701 "DPP: Terminate authentication exchange due to Auth Confirm timeout");
702 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL "No Auth Confirm received");
703 offchannel_send_action_done(wpa_s);
704 dpp_auth_deinit(auth);
705 wpa_s->dpp_auth = NULL;
706 }
707
708
wpas_dpp_set_testing_options(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth)709 static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
710 struct dpp_authentication *auth)
711 {
712 #ifdef CONFIG_TESTING_OPTIONS
713 if (wpa_s->dpp_config_obj_override)
714 auth->config_obj_override =
715 os_strdup(wpa_s->dpp_config_obj_override);
716 if (wpa_s->dpp_discovery_override)
717 auth->discovery_override =
718 os_strdup(wpa_s->dpp_discovery_override);
719 if (wpa_s->dpp_groups_override)
720 auth->groups_override =
721 os_strdup(wpa_s->dpp_groups_override);
722 auth->ignore_netaccesskey_mismatch =
723 wpa_s->dpp_ignore_netaccesskey_mismatch;
724 #endif /* CONFIG_TESTING_OPTIONS */
725 }
726
727
wpas_dpp_init_timeout(void * eloop_ctx,void * timeout_ctx)728 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
729 {
730 struct wpa_supplicant *wpa_s = eloop_ctx;
731
732 if (!wpa_s->dpp_auth)
733 return;
734 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
735 wpas_dpp_auth_init_next(wpa_s);
736 }
737
738
wpas_dpp_auth_init_next(struct wpa_supplicant * wpa_s)739 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
740 {
741 struct dpp_authentication *auth = wpa_s->dpp_auth;
742 const u8 *dst;
743 unsigned int wait_time, max_wait_time, freq, max_tries, used;
744 struct os_reltime now, diff;
745
746 eloop_cancel_timeout(wpas_dpp_drv_wait_timeout, wpa_s, NULL);
747
748 wpa_s->dpp_in_response_listen = 0;
749 if (!auth)
750 return -1;
751
752 if (auth->freq_idx == 0)
753 os_get_reltime(&wpa_s->dpp_init_iter_start);
754
755 if (auth->freq_idx >= auth->num_freq) {
756 auth->num_freq_iters++;
757 if (wpa_s->dpp_init_max_tries)
758 max_tries = wpa_s->dpp_init_max_tries;
759 else
760 max_tries = 5;
761 if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
762 wpa_printf(MSG_INFO,
763 "DPP: No response received from responder - stopping initiation attempt");
764 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
765 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout,
766 wpa_s, NULL);
767 offchannel_send_action_done(wpa_s);
768 dpp_auth_deinit(wpa_s->dpp_auth);
769 wpa_s->dpp_auth = NULL;
770 return -1;
771 }
772 auth->freq_idx = 0;
773 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
774 if (wpa_s->dpp_init_retry_time)
775 wait_time = wpa_s->dpp_init_retry_time;
776 else
777 wait_time = 10000;
778 os_get_reltime(&now);
779 os_reltime_sub(&now, &wpa_s->dpp_init_iter_start, &diff);
780 used = diff.sec * 1000 + diff.usec / 1000;
781 if (used > wait_time)
782 wait_time = 0;
783 else
784 wait_time -= used;
785 wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms",
786 wait_time);
787 eloop_register_timeout(wait_time / 1000,
788 (wait_time % 1000) * 1000,
789 wpas_dpp_init_timeout, wpa_s,
790 NULL);
791 return 0;
792 }
793 freq = auth->freq[auth->freq_idx++];
794 auth->curr_freq = freq;
795
796 if (!is_zero_ether_addr(auth->peer_mac_addr))
797 dst = auth->peer_mac_addr;
798 else if (is_zero_ether_addr(auth->peer_bi->mac_addr))
799 dst = broadcast;
800 else
801 dst = auth->peer_bi->mac_addr;
802 wpa_s->dpp_auth_ok_on_ack = 0;
803 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
804 wait_time = wpa_s->max_remain_on_chan;
805 max_wait_time = wpa_s->dpp_resp_wait_time ?
806 wpa_s->dpp_resp_wait_time : 2000;
807 if (wait_time > max_wait_time)
808 wait_time = max_wait_time;
809 wait_time += 10; /* give the driver some extra time to complete */
810 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
811 wpas_dpp_reply_wait_timeout,
812 wpa_s, NULL);
813 wait_time -= 10;
814 if (auth->neg_freq > 0 && freq != auth->neg_freq) {
815 wpa_printf(MSG_DEBUG,
816 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
817 freq, auth->neg_freq);
818 }
819 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
820 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
821 auth->auth_req_ack = 0;
822 os_get_reltime(&wpa_s->dpp_last_init);
823 return offchannel_send_action(wpa_s, freq, dst,
824 wpa_s->own_addr, broadcast,
825 wpabuf_head(auth->req_msg),
826 wpabuf_len(auth->req_msg),
827 wait_time, wpas_dpp_tx_status, 0);
828 }
829
830
wpas_dpp_auth_init(struct wpa_supplicant * wpa_s,const char * cmd)831 int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
832 {
833 const char *pos;
834 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
835 struct dpp_authentication *auth;
836 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
837 unsigned int neg_freq = 0;
838 int tcp = 0;
839 #ifdef CONFIG_DPP2
840 int tcp_port = DPP_TCP_PORT;
841 struct hostapd_ip_addr ipaddr;
842 char *addr;
843 #endif /* CONFIG_DPP2 */
844
845 wpa_s->dpp_gas_client = 0;
846 wpa_s->dpp_gas_server = 0;
847
848 pos = os_strstr(cmd, " peer=");
849 if (!pos)
850 return -1;
851 pos += 6;
852 peer_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
853 if (!peer_bi) {
854 wpa_printf(MSG_INFO,
855 "DPP: Could not find bootstrapping info for the identified peer");
856 return -1;
857 }
858
859 #ifdef CONFIG_DPP2
860 pos = os_strstr(cmd, " tcp_port=");
861 if (pos) {
862 pos += 10;
863 tcp_port = atoi(pos);
864 }
865
866 addr = get_param(cmd, " tcp_addr=");
867 if (addr && os_strcmp(addr, "from-uri") == 0) {
868 os_free(addr);
869 if (!peer_bi->host) {
870 wpa_printf(MSG_INFO,
871 "DPP: TCP address not available in peer URI");
872 return -1;
873 }
874 tcp = 1;
875 os_memcpy(&ipaddr, peer_bi->host, sizeof(ipaddr));
876 tcp_port = peer_bi->port;
877 } else if (addr) {
878 int res;
879
880 res = hostapd_parse_ip_addr(addr, &ipaddr);
881 os_free(addr);
882 if (res)
883 return -1;
884 tcp = 1;
885 }
886 #endif /* CONFIG_DPP2 */
887
888 pos = os_strstr(cmd, " own=");
889 if (pos) {
890 pos += 5;
891 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
892 if (!own_bi) {
893 wpa_printf(MSG_INFO,
894 "DPP: Could not find bootstrapping info for the identified local entry");
895 return -1;
896 }
897
898 if (peer_bi->curve != own_bi->curve) {
899 wpa_printf(MSG_INFO,
900 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
901 peer_bi->curve->name, own_bi->curve->name);
902 return -1;
903 }
904 }
905
906 pos = os_strstr(cmd, " role=");
907 if (pos) {
908 pos += 6;
909 if (os_strncmp(pos, "configurator", 12) == 0)
910 allowed_roles = DPP_CAPAB_CONFIGURATOR;
911 else if (os_strncmp(pos, "enrollee", 8) == 0)
912 allowed_roles = DPP_CAPAB_ENROLLEE;
913 else if (os_strncmp(pos, "either", 6) == 0)
914 allowed_roles = DPP_CAPAB_CONFIGURATOR |
915 DPP_CAPAB_ENROLLEE;
916 else
917 goto fail;
918 }
919
920 pos = os_strstr(cmd, " netrole=");
921 if (pos) {
922 pos += 9;
923 if (os_strncmp(pos, "ap", 2) == 0)
924 wpa_s->dpp_netrole = DPP_NETROLE_AP;
925 else if (os_strncmp(pos, "configurator", 12) == 0)
926 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
927 else
928 wpa_s->dpp_netrole = DPP_NETROLE_STA;
929 } else {
930 wpa_s->dpp_netrole = DPP_NETROLE_STA;
931 }
932
933 pos = os_strstr(cmd, " neg_freq=");
934 if (pos)
935 neg_freq = atoi(pos + 10);
936
937 if (!tcp && wpa_s->dpp_auth) {
938 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
939 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
940 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
941 NULL);
942 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
943 NULL);
944 #ifdef CONFIG_DPP2
945 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
946 wpa_s, NULL);
947 #endif /* CONFIG_DPP2 */
948 offchannel_send_action_done(wpa_s);
949 dpp_auth_deinit(wpa_s->dpp_auth);
950 wpa_s->dpp_auth = NULL;
951 }
952
953 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles,
954 neg_freq, wpa_s->hw.modes, wpa_s->hw.num_modes);
955 if (!auth)
956 goto fail;
957 wpas_dpp_set_testing_options(wpa_s, auth);
958 if (dpp_set_configurator(auth, cmd) < 0) {
959 dpp_auth_deinit(auth);
960 goto fail;
961 }
962
963 auth->neg_freq = neg_freq;
964
965 if (!is_zero_ether_addr(peer_bi->mac_addr))
966 os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN);
967
968 #ifdef CONFIG_DPP2
969 if (tcp)
970 return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port,
971 wpa_s->conf->dpp_name, DPP_NETROLE_STA,
972 wpa_s->conf->dpp_mud_url,
973 wpa_s->conf->dpp_extra_conf_req_name,
974 wpa_s->conf->dpp_extra_conf_req_value,
975 wpa_s, wpa_s, wpas_dpp_process_conf_obj,
976 wpas_dpp_tcp_msg_sent);
977 #endif /* CONFIG_DPP2 */
978
979 wpa_s->dpp_auth = auth;
980 return wpas_dpp_auth_init_next(wpa_s);
981 fail:
982 return -1;
983 }
984
985
986 struct wpas_dpp_listen_work {
987 unsigned int freq;
988 unsigned int duration;
989 struct wpabuf *probe_resp_ie;
990 };
991
992
wpas_dpp_listen_work_free(struct wpas_dpp_listen_work * lwork)993 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
994 {
995 if (!lwork)
996 return;
997 os_free(lwork);
998 }
999
1000
wpas_dpp_listen_work_done(struct wpa_supplicant * wpa_s)1001 static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
1002 {
1003 struct wpas_dpp_listen_work *lwork;
1004
1005 if (!wpa_s->dpp_listen_work)
1006 return;
1007
1008 lwork = wpa_s->dpp_listen_work->ctx;
1009 wpas_dpp_listen_work_free(lwork);
1010 radio_work_done(wpa_s->dpp_listen_work);
1011 wpa_s->dpp_listen_work = NULL;
1012 }
1013
1014
dpp_start_listen_cb(struct wpa_radio_work * work,int deinit)1015 static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
1016 {
1017 struct wpa_supplicant *wpa_s = work->wpa_s;
1018 struct wpas_dpp_listen_work *lwork = work->ctx;
1019
1020 if (deinit) {
1021 if (work->started) {
1022 wpa_s->dpp_listen_work = NULL;
1023 wpas_dpp_listen_stop(wpa_s);
1024 }
1025 wpas_dpp_listen_work_free(lwork);
1026 return;
1027 }
1028
1029 wpa_s->dpp_listen_work = work;
1030
1031 wpa_s->dpp_pending_listen_freq = lwork->freq;
1032
1033 if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
1034 wpa_s->max_remain_on_chan) < 0) {
1035 wpa_printf(MSG_DEBUG,
1036 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
1037 lwork->freq);
1038 wpa_s->dpp_listen_freq = 0;
1039 wpas_dpp_listen_work_done(wpa_s);
1040 wpa_s->dpp_pending_listen_freq = 0;
1041 return;
1042 }
1043 wpa_s->off_channel_freq = 0;
1044 wpa_s->roc_waiting_drv_freq = lwork->freq;
1045 wpa_drv_dpp_listen(wpa_s, true);
1046 wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1047 wpa_s->dpp_tx_chan_change = false;
1048 }
1049
1050
wpas_dpp_listen_start(struct wpa_supplicant * wpa_s,unsigned int freq)1051 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
1052 unsigned int freq)
1053 {
1054 struct wpas_dpp_listen_work *lwork;
1055
1056 if (wpa_s->dpp_listen_work) {
1057 wpa_printf(MSG_DEBUG,
1058 "DPP: Reject start_listen since dpp_listen_work already exists");
1059 return -1;
1060 }
1061
1062 if (wpa_s->dpp_listen_freq)
1063 wpas_dpp_listen_stop(wpa_s);
1064 wpa_s->dpp_listen_freq = freq;
1065
1066 lwork = os_zalloc(sizeof(*lwork));
1067 if (!lwork)
1068 return -1;
1069 lwork->freq = freq;
1070
1071 if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
1072 lwork) < 0) {
1073 wpas_dpp_listen_work_free(lwork);
1074 return -1;
1075 }
1076
1077 return 0;
1078 }
1079
1080
wpas_dpp_listen(struct wpa_supplicant * wpa_s,const char * cmd)1081 int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
1082 {
1083 int freq;
1084
1085 freq = atoi(cmd);
1086 if (freq <= 0)
1087 return -1;
1088
1089 if (os_strstr(cmd, " role=configurator"))
1090 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
1091 else if (os_strstr(cmd, " role=enrollee"))
1092 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
1093 else
1094 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
1095 DPP_CAPAB_ENROLLEE;
1096 wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
1097 if (os_strstr(cmd, " netrole=ap"))
1098 wpa_s->dpp_netrole = DPP_NETROLE_AP;
1099 else if (os_strstr(cmd, " netrole=configurator"))
1100 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
1101 else
1102 wpa_s->dpp_netrole = DPP_NETROLE_STA;
1103 if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
1104 wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
1105 freq);
1106 return 0;
1107 }
1108
1109 return wpas_dpp_listen_start(wpa_s, freq);
1110 }
1111
1112
wpas_dpp_listen_stop(struct wpa_supplicant * wpa_s)1113 void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
1114 {
1115 wpa_s->dpp_in_response_listen = 0;
1116 if (!wpa_s->dpp_listen_freq)
1117 return;
1118
1119 wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
1120 wpa_s->dpp_listen_freq);
1121 wpa_drv_cancel_remain_on_channel(wpa_s);
1122 wpa_drv_dpp_listen(wpa_s, false);
1123 wpa_s->dpp_listen_freq = 0;
1124 wpas_dpp_listen_work_done(wpa_s);
1125 radio_remove_works(wpa_s, "dpp-listen", 0);
1126 }
1127
1128
wpas_dpp_remain_on_channel_cb(struct wpa_supplicant * wpa_s,unsigned int freq,unsigned int duration)1129 void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
1130 unsigned int freq, unsigned int duration)
1131 {
1132 if (wpa_s->dpp_listen_freq != freq)
1133 return;
1134
1135 wpa_printf(MSG_DEBUG,
1136 "DPP: Remain-on-channel started for listen on %u MHz for %u ms",
1137 freq, duration);
1138 os_get_reltime(&wpa_s->dpp_listen_end);
1139 wpa_s->dpp_listen_end.usec += duration * 1000;
1140 while (wpa_s->dpp_listen_end.usec >= 1000000) {
1141 wpa_s->dpp_listen_end.sec++;
1142 wpa_s->dpp_listen_end.usec -= 1000000;
1143 }
1144 }
1145
1146
wpas_dpp_tx_auth_resp(struct wpa_supplicant * wpa_s)1147 static void wpas_dpp_tx_auth_resp(struct wpa_supplicant *wpa_s)
1148 {
1149 struct dpp_authentication *auth = wpa_s->dpp_auth;
1150
1151 if (!auth)
1152 return;
1153
1154 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1155 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
1156 DPP_PA_AUTHENTICATION_RESP);
1157 offchannel_send_action(wpa_s, auth->curr_freq,
1158 auth->peer_mac_addr, wpa_s->own_addr, broadcast,
1159 wpabuf_head(auth->resp_msg),
1160 wpabuf_len(auth->resp_msg),
1161 500, wpas_dpp_tx_status, 0);
1162 }
1163
1164
wpas_dpp_tx_auth_resp_roc_timeout(void * eloop_ctx,void * timeout_ctx)1165 static void wpas_dpp_tx_auth_resp_roc_timeout(void *eloop_ctx,
1166 void *timeout_ctx)
1167 {
1168 struct wpa_supplicant *wpa_s = eloop_ctx;
1169 struct dpp_authentication *auth = wpa_s->dpp_auth;
1170
1171 if (!auth || !wpa_s->dpp_tx_auth_resp_on_roc_stop)
1172 return;
1173
1174 wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1175 wpa_s->dpp_tx_chan_change = true;
1176 wpa_printf(MSG_DEBUG,
1177 "DPP: Send postponed Authentication Response on remain-on-channel termination timeout");
1178 wpas_dpp_tx_auth_resp(wpa_s);
1179 }
1180
1181
wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant * wpa_s,unsigned int freq)1182 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
1183 unsigned int freq)
1184 {
1185 wpa_printf(MSG_DEBUG, "DPP: Remain on channel cancel for %u MHz", freq);
1186 wpas_dpp_listen_work_done(wpa_s);
1187
1188 if (wpa_s->dpp_auth && wpa_s->dpp_tx_auth_resp_on_roc_stop) {
1189 eloop_cancel_timeout(wpas_dpp_tx_auth_resp_roc_timeout,
1190 wpa_s, NULL);
1191 wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1192 wpa_s->dpp_tx_chan_change = true;
1193 wpa_printf(MSG_DEBUG,
1194 "DPP: Send postponed Authentication Response on remain-on-channel termination");
1195 wpas_dpp_tx_auth_resp(wpa_s);
1196 return;
1197 }
1198
1199 if (wpa_s->dpp_auth && wpa_s->dpp_in_response_listen) {
1200 unsigned int new_freq;
1201
1202 /* Continue listen with a new remain-on-channel */
1203 if (wpa_s->dpp_auth->neg_freq > 0)
1204 new_freq = wpa_s->dpp_auth->neg_freq;
1205 else
1206 new_freq = wpa_s->dpp_auth->curr_freq;
1207 wpa_printf(MSG_DEBUG,
1208 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
1209 new_freq);
1210 wpas_dpp_listen_start(wpa_s, new_freq);
1211 return;
1212 }
1213
1214 if (wpa_s->dpp_listen_freq) {
1215 /* Continue listen with a new remain-on-channel */
1216 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
1217 }
1218 }
1219
1220
wpas_dpp_rx_auth_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1221 static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
1222 const u8 *hdr, const u8 *buf, size_t len,
1223 unsigned int freq)
1224 {
1225 const u8 *r_bootstrap, *i_bootstrap;
1226 u16 r_bootstrap_len, i_bootstrap_len;
1227 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
1228
1229 if (!wpa_s->dpp)
1230 return;
1231
1232 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
1233 MAC2STR(src));
1234
1235 #ifdef CONFIG_DPP2
1236 wpas_dpp_chirp_stop(wpa_s);
1237 #endif /* CONFIG_DPP2 */
1238
1239 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
1240 &r_bootstrap_len);
1241 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
1242 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1243 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
1244 return;
1245 }
1246 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
1247 r_bootstrap, r_bootstrap_len);
1248
1249 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
1250 &i_bootstrap_len);
1251 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
1252 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1253 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
1254 return;
1255 }
1256 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
1257 i_bootstrap, i_bootstrap_len);
1258
1259 /* Try to find own and peer bootstrapping key matches based on the
1260 * received hash values */
1261 dpp_bootstrap_find_pair(wpa_s->dpp, i_bootstrap, r_bootstrap,
1262 &own_bi, &peer_bi);
1263 if (!own_bi) {
1264 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1265 "No matching own bootstrapping key found - ignore message");
1266 return;
1267 }
1268
1269 if (own_bi->type == DPP_BOOTSTRAP_PKEX) {
1270 if (!peer_bi || peer_bi->type != DPP_BOOTSTRAP_PKEX) {
1271 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1272 "No matching peer bootstrapping key found for PKEX - ignore message");
1273 return;
1274 }
1275
1276 if (os_memcmp(peer_bi->pubkey_hash, own_bi->peer_pubkey_hash,
1277 SHA256_MAC_LEN) != 0) {
1278 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1279 "Mismatching peer PKEX bootstrapping key - ignore message");
1280 return;
1281 }
1282 }
1283
1284 if (wpa_s->dpp_auth) {
1285 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1286 "Already in DPP authentication exchange - ignore new one");
1287 return;
1288 }
1289
1290 wpa_s->dpp_pkex_wait_auth_req = false;
1291 wpa_s->dpp_gas_client = 0;
1292 wpa_s->dpp_gas_server = 0;
1293 wpa_s->dpp_auth_ok_on_ack = 0;
1294 wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s->dpp, wpa_s,
1295 wpa_s->dpp_allowed_roles,
1296 wpa_s->dpp_qr_mutual,
1297 peer_bi, own_bi, freq, hdr, buf, len);
1298 if (!wpa_s->dpp_auth) {
1299 wpa_printf(MSG_DEBUG, "DPP: No response generated");
1300 return;
1301 }
1302 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
1303 if (dpp_set_configurator(wpa_s->dpp_auth,
1304 wpa_s->dpp_configurator_params) < 0) {
1305 dpp_auth_deinit(wpa_s->dpp_auth);
1306 wpa_s->dpp_auth = NULL;
1307 return;
1308 }
1309 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
1310
1311 if (wpa_s->dpp_listen_freq &&
1312 wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) {
1313 wpa_printf(MSG_DEBUG,
1314 "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
1315 wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq);
1316 wpa_s->dpp_tx_auth_resp_on_roc_stop = true;
1317 eloop_register_timeout(0, 100000,
1318 wpas_dpp_tx_auth_resp_roc_timeout,
1319 wpa_s, NULL);
1320 wpas_dpp_listen_stop(wpa_s);
1321 return;
1322 }
1323 wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1324 wpa_s->dpp_tx_chan_change = false;
1325
1326 wpas_dpp_tx_auth_resp(wpa_s);
1327 }
1328
1329
wpas_dpp_tx_wait_expire(struct wpa_supplicant * wpa_s)1330 void wpas_dpp_tx_wait_expire(struct wpa_supplicant *wpa_s)
1331 {
1332 struct dpp_authentication *auth = wpa_s->dpp_auth;
1333 int freq;
1334
1335 if (wpa_s->dpp_listen_on_tx_expire && auth && auth->neg_freq) {
1336 wpa_printf(MSG_DEBUG,
1337 "DPP: Start listen on neg_freq %u MHz based on TX wait expiration on the previous channel",
1338 auth->neg_freq);
1339 eloop_cancel_timeout(wpas_dpp_neg_freq_timeout, wpa_s, NULL);
1340 wpas_dpp_listen_start(wpa_s, auth->neg_freq);
1341 return;
1342 }
1343
1344 if (!wpa_s->dpp_gas_server || !auth) {
1345 if (auth && auth->waiting_auth_resp &&
1346 eloop_is_timeout_registered(wpas_dpp_drv_wait_timeout,
1347 wpa_s, NULL)) {
1348 eloop_cancel_timeout(wpas_dpp_drv_wait_timeout,
1349 wpa_s, NULL);
1350 wpa_printf(MSG_DEBUG,
1351 "DPP: Call wpas_dpp_auth_init_next() from %s",
1352 __func__);
1353 wpas_dpp_auth_init_next(wpa_s);
1354 }
1355 return;
1356 }
1357
1358 freq = auth->neg_freq > 0 ? auth->neg_freq : auth->curr_freq;
1359 if (wpa_s->dpp_listen_work || (int) wpa_s->dpp_listen_freq == freq)
1360 return; /* listen state is already in progress */
1361
1362 wpa_printf(MSG_DEBUG, "DPP: Start listen on %u MHz for GAS", freq);
1363 wpa_s->dpp_in_response_listen = 1;
1364 wpas_dpp_listen_start(wpa_s, freq);
1365 }
1366
1367
wpas_dpp_start_gas_server(struct wpa_supplicant * wpa_s)1368 static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
1369 {
1370 struct dpp_authentication *auth = wpa_s->dpp_auth;
1371
1372 wpa_printf(MSG_DEBUG,
1373 "DPP: Starting GAS server (curr_freq=%d neg_freq=%d dpp_listen_freq=%d dpp_listen_work=%d)",
1374 auth->curr_freq, auth->neg_freq, wpa_s->dpp_listen_freq,
1375 !!wpa_s->dpp_listen_work);
1376 wpa_s->dpp_gas_server = 1;
1377 }
1378
1379
wpas_dpp_add_network(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1380 static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
1381 struct dpp_authentication *auth,
1382 struct dpp_config_obj *conf)
1383 {
1384 struct wpa_ssid *ssid;
1385
1386 #ifdef CONFIG_DPP2
1387 if (conf->akm == DPP_AKM_SAE) {
1388 #ifdef CONFIG_SAE
1389 struct wpa_driver_capa capa;
1390 int res;
1391
1392 res = wpa_drv_get_capa(wpa_s, &capa);
1393 if (res == 0 &&
1394 !(capa.key_mgmt_iftype[WPA_IF_STATION] &
1395 WPA_DRIVER_CAPA_KEY_MGMT_SAE) &&
1396 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
1397 wpa_printf(MSG_DEBUG,
1398 "DPP: SAE not supported by the driver");
1399 return NULL;
1400 }
1401 #else /* CONFIG_SAE */
1402 wpa_printf(MSG_DEBUG, "DPP: SAE not supported in the build");
1403 return NULL;
1404 #endif /* CONFIG_SAE */
1405 }
1406 #endif /* CONFIG_DPP2 */
1407
1408 ssid = wpa_config_add_network(wpa_s->conf);
1409 if (!ssid)
1410 return NULL;
1411 wpas_notify_network_added(wpa_s, ssid);
1412 wpa_config_set_network_defaults(ssid);
1413 ssid->disabled = 1;
1414
1415 ssid->ssid = os_malloc(conf->ssid_len);
1416 if (!ssid->ssid)
1417 goto fail;
1418 os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);
1419 ssid->ssid_len = conf->ssid_len;
1420
1421 if (conf->connector) {
1422 if (dpp_akm_dpp(conf->akm)) {
1423 ssid->key_mgmt = WPA_KEY_MGMT_DPP;
1424 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
1425 }
1426 ssid->dpp_connector = os_strdup(conf->connector);
1427 if (!ssid->dpp_connector)
1428 goto fail;
1429
1430 ssid->dpp_connector_privacy =
1431 wpa_s->conf->dpp_connector_privacy_default;
1432 }
1433
1434 if (conf->c_sign_key) {
1435 ssid->dpp_csign = os_malloc(wpabuf_len(conf->c_sign_key));
1436 if (!ssid->dpp_csign)
1437 goto fail;
1438 os_memcpy(ssid->dpp_csign, wpabuf_head(conf->c_sign_key),
1439 wpabuf_len(conf->c_sign_key));
1440 ssid->dpp_csign_len = wpabuf_len(conf->c_sign_key);
1441 }
1442
1443 if (conf->pp_key) {
1444 ssid->dpp_pp_key = os_malloc(wpabuf_len(conf->pp_key));
1445 if (!ssid->dpp_pp_key)
1446 goto fail;
1447 os_memcpy(ssid->dpp_pp_key, wpabuf_head(conf->pp_key),
1448 wpabuf_len(conf->pp_key));
1449 ssid->dpp_pp_key_len = wpabuf_len(conf->pp_key);
1450 }
1451
1452 if (auth->net_access_key) {
1453 ssid->dpp_netaccesskey =
1454 os_malloc(wpabuf_len(auth->net_access_key));
1455 if (!ssid->dpp_netaccesskey)
1456 goto fail;
1457 os_memcpy(ssid->dpp_netaccesskey,
1458 wpabuf_head(auth->net_access_key),
1459 wpabuf_len(auth->net_access_key));
1460 ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key);
1461 ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry;
1462 }
1463
1464 if (!conf->connector || dpp_akm_psk(conf->akm) ||
1465 dpp_akm_sae(conf->akm)) {
1466 if (!conf->connector || !dpp_akm_dpp(conf->akm))
1467 ssid->key_mgmt = 0;
1468 if (dpp_akm_psk(conf->akm))
1469 ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
1470 WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK;
1471 if (dpp_akm_sae(conf->akm))
1472 ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
1473 WPA_KEY_MGMT_FT_SAE;
1474 if (dpp_akm_psk(conf->akm))
1475 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
1476 else
1477 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
1478 if (conf->passphrase[0]) {
1479 if (wpa_config_set_quoted(ssid, "psk",
1480 conf->passphrase) < 0)
1481 goto fail;
1482 wpa_config_update_psk(ssid);
1483 ssid->export_keys = 1;
1484 } else {
1485 ssid->psk_set = conf->psk_set;
1486 os_memcpy(ssid->psk, conf->psk, PMK_LEN);
1487 }
1488 }
1489
1490 #if defined(CONFIG_DPP2) && defined(IEEE8021X_EAPOL)
1491 if (conf->akm == DPP_AKM_DOT1X) {
1492 int i;
1493 char name[100], blobname[128];
1494 struct wpa_config_blob *blob;
1495
1496 ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X |
1497 WPA_KEY_MGMT_IEEE8021X_SHA256 |
1498 WPA_KEY_MGMT_IEEE8021X_SHA384;
1499 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
1500
1501 if (conf->cacert) {
1502 /* caCert is DER-encoded X.509v3 certificate for the
1503 * server certificate if that is different from the
1504 * trust root included in certBag. */
1505 /* TODO: ssid->eap.cert.ca_cert */
1506 }
1507
1508 if (conf->certs) {
1509 for (i = 0; ; i++) {
1510 os_snprintf(name, sizeof(name), "dpp-certs-%d",
1511 i);
1512 if (!wpa_config_get_blob(wpa_s->conf, name))
1513 break;
1514 }
1515
1516 blob = os_zalloc(sizeof(*blob));
1517 if (!blob)
1518 goto fail;
1519 blob->len = wpabuf_len(conf->certs);
1520 blob->name = os_strdup(name);
1521 blob->data = os_malloc(blob->len);
1522 if (!blob->name || !blob->data) {
1523 wpa_config_free_blob(blob);
1524 goto fail;
1525 }
1526 os_memcpy(blob->data, wpabuf_head(conf->certs),
1527 blob->len);
1528 os_snprintf(blobname, sizeof(blobname), "blob://%s",
1529 name);
1530 wpa_config_set_blob(wpa_s->conf, blob);
1531 wpa_printf(MSG_DEBUG, "DPP: Added certificate blob %s",
1532 name);
1533 ssid->eap.cert.client_cert = os_strdup(blobname);
1534 if (!ssid->eap.cert.client_cert)
1535 goto fail;
1536
1537 /* TODO: ssid->eap.identity from own certificate */
1538 if (wpa_config_set(ssid, "identity", "\"dpp-ent\"",
1539 0) < 0)
1540 goto fail;
1541 }
1542
1543 if (auth->priv_key) {
1544 for (i = 0; ; i++) {
1545 os_snprintf(name, sizeof(name), "dpp-key-%d",
1546 i);
1547 if (!wpa_config_get_blob(wpa_s->conf, name))
1548 break;
1549 }
1550
1551 blob = os_zalloc(sizeof(*blob));
1552 if (!blob)
1553 goto fail;
1554 blob->len = wpabuf_len(auth->priv_key);
1555 blob->name = os_strdup(name);
1556 blob->data = os_malloc(blob->len);
1557 if (!blob->name || !blob->data) {
1558 wpa_config_free_blob(blob);
1559 goto fail;
1560 }
1561 os_memcpy(blob->data, wpabuf_head(auth->priv_key),
1562 blob->len);
1563 os_snprintf(blobname, sizeof(blobname), "blob://%s",
1564 name);
1565 wpa_config_set_blob(wpa_s->conf, blob);
1566 wpa_printf(MSG_DEBUG, "DPP: Added private key blob %s",
1567 name);
1568 ssid->eap.cert.private_key = os_strdup(blobname);
1569 if (!ssid->eap.cert.private_key)
1570 goto fail;
1571 }
1572
1573 if (conf->server_name) {
1574 ssid->eap.cert.domain_suffix_match =
1575 os_strdup(conf->server_name);
1576 if (!ssid->eap.cert.domain_suffix_match)
1577 goto fail;
1578 }
1579
1580 /* TODO: Use entCreds::eapMethods */
1581 if (wpa_config_set(ssid, "eap", "TLS", 0) < 0)
1582 goto fail;
1583 }
1584 #endif /* CONFIG_DPP2 && IEEE8021X_EAPOL */
1585
1586 os_memcpy(wpa_s->dpp_last_ssid, conf->ssid, conf->ssid_len);
1587 wpa_s->dpp_last_ssid_len = conf->ssid_len;
1588
1589 return ssid;
1590 fail:
1591 wpas_notify_network_removed(wpa_s, ssid);
1592 wpa_config_remove_network(wpa_s->conf, ssid->id);
1593 return NULL;
1594 }
1595
1596
wpas_dpp_process_config(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1597 static int wpas_dpp_process_config(struct wpa_supplicant *wpa_s,
1598 struct dpp_authentication *auth,
1599 struct dpp_config_obj *conf)
1600 {
1601 struct wpa_ssid *ssid;
1602
1603 if (wpa_s->conf->dpp_config_processing < 1)
1604 return 0;
1605
1606 ssid = wpas_dpp_add_network(wpa_s, auth, conf);
1607 if (!ssid)
1608 return -1;
1609
1610 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id);
1611 if (wpa_s->conf->dpp_config_processing == 2)
1612 ssid->disabled = 0;
1613
1614 #ifndef CONFIG_NO_CONFIG_WRITE
1615 if (wpa_s->conf->update_config &&
1616 wpa_config_write(wpa_s->confname, wpa_s->conf))
1617 wpa_printf(MSG_DEBUG, "DPP: Failed to update configuration");
1618 #endif /* CONFIG_NO_CONFIG_WRITE */
1619
1620 return 0;
1621 }
1622
1623
wpas_dpp_post_process_config(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth)1624 static void wpas_dpp_post_process_config(struct wpa_supplicant *wpa_s,
1625 struct dpp_authentication *auth)
1626 {
1627 #ifdef CONFIG_DPP2
1628 if (auth->reconfig && wpa_s->dpp_reconfig_ssid &&
1629 wpa_config_get_network(wpa_s->conf, wpa_s->dpp_reconfig_ssid_id) ==
1630 wpa_s->dpp_reconfig_ssid) {
1631 wpa_printf(MSG_DEBUG,
1632 "DPP: Remove reconfigured network profile");
1633 wpas_notify_network_removed(wpa_s, wpa_s->dpp_reconfig_ssid);
1634 wpa_config_remove_network(wpa_s->conf,
1635 wpa_s->dpp_reconfig_ssid_id);
1636 wpa_s->dpp_reconfig_ssid = NULL;
1637 wpa_s->dpp_reconfig_ssid_id = -1;
1638 }
1639 #endif /* CONFIG_DPP2 */
1640
1641 if (wpa_s->conf->dpp_config_processing < 2)
1642 return;
1643
1644 #ifdef CONFIG_DPP2
1645 if (auth->peer_version >= 2) {
1646 wpa_printf(MSG_DEBUG,
1647 "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result");
1648 auth->connect_on_tx_status = 1;
1649 return;
1650 }
1651 #endif /* CONFIG_DPP2 */
1652
1653 wpas_dpp_try_to_connect(wpa_s);
1654 }
1655
1656
wpas_dpp_handle_config_obj(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1657 static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
1658 struct dpp_authentication *auth,
1659 struct dpp_config_obj *conf)
1660 {
1661 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1662 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_AKM "%s",
1663 dpp_akm_str(conf->akm));
1664 if (conf->ssid_len)
1665 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
1666 wpa_ssid_txt(conf->ssid, conf->ssid_len));
1667 if (conf->ssid_charset)
1668 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID_CHARSET "%d",
1669 conf->ssid_charset);
1670 if (conf->connector) {
1671 /* TODO: Save the Connector and consider using a command
1672 * to fetch the value instead of sending an event with
1673 * it. The Connector could end up being larger than what
1674 * most clients are ready to receive as an event
1675 * message. */
1676 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
1677 conf->connector);
1678 }
1679 if (conf->passphrase[0]) {
1680 char hex[64 * 2 + 1];
1681
1682 wpa_snprintf_hex(hex, sizeof(hex),
1683 (const u8 *) conf->passphrase,
1684 os_strlen(conf->passphrase));
1685 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PASS "%s",
1686 hex);
1687 } else if (conf->psk_set) {
1688 char hex[PMK_LEN * 2 + 1];
1689
1690 wpa_snprintf_hex(hex, sizeof(hex), conf->psk, PMK_LEN);
1691 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s",
1692 hex);
1693 }
1694 if (conf->c_sign_key) {
1695 char *hex;
1696 size_t hexlen;
1697
1698 hexlen = 2 * wpabuf_len(conf->c_sign_key) + 1;
1699 hex = os_malloc(hexlen);
1700 if (hex) {
1701 wpa_snprintf_hex(hex, hexlen,
1702 wpabuf_head(conf->c_sign_key),
1703 wpabuf_len(conf->c_sign_key));
1704 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
1705 hex);
1706 os_free(hex);
1707 }
1708 }
1709 if (conf->pp_key) {
1710 char *hex;
1711 size_t hexlen;
1712
1713 hexlen = 2 * wpabuf_len(conf->pp_key) + 1;
1714 hex = os_malloc(hexlen);
1715 if (hex) {
1716 wpa_snprintf_hex(hex, hexlen,
1717 wpabuf_head(conf->pp_key),
1718 wpabuf_len(conf->pp_key));
1719 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PP_KEY "%s", hex);
1720 os_free(hex);
1721 }
1722 }
1723 if (auth->net_access_key) {
1724 char *hex;
1725 size_t hexlen;
1726
1727 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
1728 hex = os_malloc(hexlen);
1729 if (hex) {
1730 wpa_snprintf_hex(hex, hexlen,
1731 wpabuf_head(auth->net_access_key),
1732 wpabuf_len(auth->net_access_key));
1733 if (auth->net_access_key_expiry)
1734 wpa_msg(wpa_s, MSG_INFO,
1735 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
1736 (long unsigned)
1737 auth->net_access_key_expiry);
1738 else
1739 wpa_msg(wpa_s, MSG_INFO,
1740 DPP_EVENT_NET_ACCESS_KEY "%s", hex);
1741 os_free(hex);
1742 }
1743 }
1744
1745 #ifdef CONFIG_DPP2
1746 if (conf->certbag) {
1747 char *b64;
1748
1749 b64 = base64_encode_no_lf(wpabuf_head(conf->certbag),
1750 wpabuf_len(conf->certbag), NULL);
1751 if (b64)
1752 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CERTBAG "%s", b64);
1753 os_free(b64);
1754 }
1755
1756 if (conf->cacert) {
1757 char *b64;
1758
1759 b64 = base64_encode_no_lf(wpabuf_head(conf->cacert),
1760 wpabuf_len(conf->cacert), NULL);
1761 if (b64)
1762 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CACERT "%s", b64);
1763 os_free(b64);
1764 }
1765
1766 if (conf->server_name)
1767 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_SERVER_NAME "%s",
1768 conf->server_name);
1769 #endif /* CONFIG_DPP2 */
1770
1771 #ifdef CONFIG_DPP3
1772 if (!wpa_s->dpp_pb_result_indicated) {
1773 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "success");
1774 wpa_s->dpp_pb_result_indicated = true;
1775 }
1776
1777 #endif /* CONFIG_DPP3 */
1778
1779 return wpas_dpp_process_config(wpa_s, auth, conf);
1780 }
1781
1782
wpas_dpp_handle_key_pkg(struct wpa_supplicant * wpa_s,struct dpp_asymmetric_key * key)1783 static int wpas_dpp_handle_key_pkg(struct wpa_supplicant *wpa_s,
1784 struct dpp_asymmetric_key *key)
1785 {
1786 #ifdef CONFIG_DPP2
1787 int res;
1788
1789 if (!key)
1790 return 0;
1791
1792 wpa_printf(MSG_DEBUG, "DPP: Received Configurator backup");
1793 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1794 wpa_s->dpp_conf_backup_received = true;
1795
1796 while (key) {
1797 res = dpp_configurator_from_backup(wpa_s->dpp, key);
1798 if (res < 0)
1799 return -1;
1800 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFIGURATOR_ID "%d",
1801 res);
1802 key = key->next;
1803 }
1804 #endif /* CONFIG_DPP2 */
1805
1806 return 0;
1807 }
1808
1809
1810 #ifdef CONFIG_DPP2
wpas_dpp_build_csr(void * eloop_ctx,void * timeout_ctx)1811 static void wpas_dpp_build_csr(void *eloop_ctx, void *timeout_ctx)
1812 {
1813 struct wpa_supplicant *wpa_s = eloop_ctx;
1814 struct dpp_authentication *auth = wpa_s->dpp_auth;
1815
1816 if (!auth || !auth->csrattrs)
1817 return;
1818
1819 wpa_printf(MSG_DEBUG, "DPP: Build CSR");
1820 wpabuf_free(auth->csr);
1821 /* TODO: Additional information needed for CSR based on csrAttrs */
1822 auth->csr = dpp_build_csr(auth, wpa_s->conf->dpp_name ?
1823 wpa_s->conf->dpp_name : "Test");
1824 if (!auth->csr) {
1825 dpp_auth_deinit(wpa_s->dpp_auth);
1826 wpa_s->dpp_auth = NULL;
1827 return;
1828 }
1829
1830 wpas_dpp_start_gas_client(wpa_s);
1831 }
1832 #endif /* CONFIG_DPP2 */
1833
1834
1835 #ifdef CONFIG_DPP3
wpas_dpp_build_new_key(void * eloop_ctx,void * timeout_ctx)1836 static void wpas_dpp_build_new_key(void *eloop_ctx, void *timeout_ctx)
1837 {
1838 struct wpa_supplicant *wpa_s = eloop_ctx;
1839 struct dpp_authentication *auth = wpa_s->dpp_auth;
1840
1841 if (!auth || !auth->waiting_new_key)
1842 return;
1843
1844 wpa_printf(MSG_DEBUG, "DPP: Build config request with a new key");
1845 wpas_dpp_start_gas_client(wpa_s);
1846 }
1847 #endif /* CONFIG_DPP3 */
1848
1849
wpas_dpp_gas_resp_cb(void * ctx,const u8 * addr,u8 dialog_token,enum gas_query_result result,const struct wpabuf * adv_proto,const struct wpabuf * resp,u16 status_code)1850 static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
1851 enum gas_query_result result,
1852 const struct wpabuf *adv_proto,
1853 const struct wpabuf *resp, u16 status_code)
1854 {
1855 struct wpa_supplicant *wpa_s = ctx;
1856 const u8 *pos;
1857 struct dpp_authentication *auth = wpa_s->dpp_auth;
1858 int res;
1859 enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED;
1860 unsigned int i;
1861
1862 eloop_cancel_timeout(wpas_dpp_gas_client_timeout, wpa_s, NULL);
1863 wpa_s->dpp_gas_dialog_token = -1;
1864
1865 if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
1866 !ether_addr_equal(addr, auth->peer_mac_addr)) {
1867 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1868 return;
1869 }
1870 if (result != GAS_QUERY_SUCCESS ||
1871 !resp || status_code != WLAN_STATUS_SUCCESS) {
1872 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
1873 goto fail;
1874 }
1875
1876 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
1877 adv_proto);
1878 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
1879 resp);
1880
1881 if (wpabuf_len(adv_proto) != 10 ||
1882 !(pos = wpabuf_head(adv_proto)) ||
1883 pos[0] != WLAN_EID_ADV_PROTO ||
1884 pos[1] != 8 ||
1885 pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
1886 pos[4] != 5 ||
1887 WPA_GET_BE24(&pos[5]) != OUI_WFA ||
1888 pos[8] != 0x1a ||
1889 pos[9] != 1) {
1890 wpa_printf(MSG_DEBUG,
1891 "DPP: Not a DPP Advertisement Protocol ID");
1892 goto fail;
1893 }
1894
1895 res = dpp_conf_resp_rx(auth, resp);
1896 #ifdef CONFIG_DPP2
1897 if (res == -2) {
1898 wpa_printf(MSG_DEBUG, "DPP: CSR needed");
1899 eloop_register_timeout(0, 0, wpas_dpp_build_csr, wpa_s, NULL);
1900 return;
1901 }
1902 #endif /* CONFIG_DPP2 */
1903 #ifdef CONFIG_DPP3
1904 if (res == -3) {
1905 wpa_printf(MSG_DEBUG, "DPP: New protocol key needed");
1906 eloop_register_timeout(0, 0, wpas_dpp_build_new_key, wpa_s,
1907 NULL);
1908 return;
1909 }
1910 #endif /* CONFIG_DPP3 */
1911 if (res < 0) {
1912 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
1913 goto fail;
1914 }
1915
1916 wpa_s->dpp_conf_backup_received = false;
1917 for (i = 0; i < auth->num_conf_obj; i++) {
1918 res = wpas_dpp_handle_config_obj(wpa_s, auth,
1919 &auth->conf_obj[i]);
1920 if (res < 0)
1921 goto fail;
1922 }
1923 if (auth->num_conf_obj)
1924 wpas_dpp_post_process_config(wpa_s, auth);
1925 if (wpas_dpp_handle_key_pkg(wpa_s, auth->conf_key_pkg) < 0)
1926 goto fail;
1927
1928 status = DPP_STATUS_OK;
1929 #ifdef CONFIG_TESTING_OPTIONS
1930 if (dpp_test == DPP_TEST_REJECT_CONFIG) {
1931 wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object");
1932 status = DPP_STATUS_CONFIG_REJECTED;
1933 }
1934 #endif /* CONFIG_TESTING_OPTIONS */
1935 fail:
1936 if (status != DPP_STATUS_OK)
1937 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1938 #ifdef CONFIG_DPP2
1939 if (auth->peer_version >= 2 &&
1940 auth->conf_resp_status == DPP_STATUS_OK) {
1941 struct wpabuf *msg;
1942
1943 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
1944 msg = dpp_build_conf_result(auth, status);
1945 if (!msg)
1946 goto fail2;
1947
1948 wpa_msg(wpa_s, MSG_INFO,
1949 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1950 MAC2STR(addr), auth->curr_freq,
1951 DPP_PA_CONFIGURATION_RESULT);
1952 offchannel_send_action(wpa_s, auth->curr_freq,
1953 addr, wpa_s->own_addr, broadcast,
1954 wpabuf_head(msg),
1955 wpabuf_len(msg),
1956 500, wpas_dpp_tx_status, 0);
1957 wpabuf_free(msg);
1958
1959 /* This exchange will be terminated in the TX status handler */
1960 if (wpa_s->conf->dpp_config_processing < 2 ||
1961 wpa_s->dpp_conf_backup_received)
1962 auth->remove_on_tx_status = 1;
1963 return;
1964 }
1965 fail2:
1966 #endif /* CONFIG_DPP2 */
1967 dpp_auth_deinit(wpa_s->dpp_auth);
1968 wpa_s->dpp_auth = NULL;
1969 }
1970
1971
wpas_dpp_gas_client_timeout(void * eloop_ctx,void * timeout_ctx)1972 static void wpas_dpp_gas_client_timeout(void *eloop_ctx, void *timeout_ctx)
1973 {
1974 struct wpa_supplicant *wpa_s = eloop_ctx;
1975 struct dpp_authentication *auth = wpa_s->dpp_auth;
1976
1977 if (!wpa_s->dpp_gas_client || !auth ||
1978 (!auth->auth_success && !auth->reconfig_success))
1979 return;
1980
1981 wpa_printf(MSG_DEBUG, "DPP: Timeout while waiting for Config Response");
1982 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1983 dpp_auth_deinit(wpa_s->dpp_auth);
1984 wpa_s->dpp_auth = NULL;
1985 }
1986
1987
wpas_dpp_start_gas_client(struct wpa_supplicant * wpa_s)1988 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
1989 {
1990 struct dpp_authentication *auth = wpa_s->dpp_auth;
1991 struct wpabuf *buf;
1992 int res;
1993 int *supp_op_classes;
1994
1995 wpa_s->dpp_gas_client = 1;
1996 offchannel_send_action_done(wpa_s);
1997 wpas_dpp_listen_stop(wpa_s);
1998
1999 #ifdef CONFIG_NO_RRM
2000 supp_op_classes = NULL;
2001 #else /* CONFIG_NO_RRM */
2002 supp_op_classes = wpas_supp_op_classes(wpa_s);
2003 #endif /* CONFIG_NO_RRM */
2004 buf = dpp_build_conf_req_helper(auth, wpa_s->conf->dpp_name,
2005 wpa_s->dpp_netrole,
2006 wpa_s->conf->dpp_mud_url,
2007 supp_op_classes,
2008 wpa_s->conf->dpp_extra_conf_req_name,
2009 wpa_s->conf->dpp_extra_conf_req_value);
2010 os_free(supp_op_classes);
2011 if (!buf) {
2012 wpa_printf(MSG_DEBUG,
2013 "DPP: No configuration request data available");
2014 return;
2015 }
2016
2017 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
2018 MAC2STR(auth->peer_mac_addr), auth->curr_freq);
2019
2020 /* Use a 120 second timeout since the gas_query_req() operation could
2021 * remain waiting indefinitely for the response if the Configurator
2022 * keeps sending out comeback responses with additional delay. The
2023 * DPP technical specification expects the Enrollee to continue sending
2024 * out new Config Requests for 60 seconds, so this gives an extra 60
2025 * second time after the last expected new Config Request for the
2026 * Configurator to determine what kind of configuration to provide. */
2027 eloop_register_timeout(120, 0, wpas_dpp_gas_client_timeout,
2028 wpa_s, NULL);
2029
2030 res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
2031 1, 1, buf, wpas_dpp_gas_resp_cb, wpa_s);
2032 if (res < 0) {
2033 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
2034 wpabuf_free(buf);
2035 } else {
2036 wpa_printf(MSG_DEBUG,
2037 "DPP: GAS query started with dialog token %u", res);
2038 wpa_s->dpp_gas_dialog_token = res;
2039 }
2040 }
2041
2042
wpas_dpp_auth_success(struct wpa_supplicant * wpa_s,int initiator)2043 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
2044 {
2045 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
2046 dpp_notify_auth_success(wpa_s->dpp_auth, initiator);
2047 #ifdef CONFIG_TESTING_OPTIONS
2048 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
2049 wpa_printf(MSG_INFO,
2050 "DPP: TESTING - stop at Authentication Confirm");
2051 if (wpa_s->dpp_auth->configurator) {
2052 /* Prevent GAS response */
2053 wpa_s->dpp_auth->auth_success = 0;
2054 }
2055 return;
2056 }
2057 #endif /* CONFIG_TESTING_OPTIONS */
2058
2059 if (wpa_s->dpp_auth->configurator)
2060 wpas_dpp_start_gas_server(wpa_s);
2061 else
2062 wpas_dpp_start_gas_client(wpa_s);
2063 }
2064
2065
wpas_dpp_rx_auth_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2066 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2067 const u8 *hdr, const u8 *buf, size_t len,
2068 unsigned int freq)
2069 {
2070 struct dpp_authentication *auth = wpa_s->dpp_auth;
2071 struct wpabuf *msg;
2072
2073 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR
2074 " (freq %u MHz)", MAC2STR(src), freq);
2075
2076 if (!auth) {
2077 wpa_printf(MSG_DEBUG,
2078 "DPP: No DPP Authentication in progress - drop");
2079 return;
2080 }
2081
2082 if (!is_zero_ether_addr(auth->peer_mac_addr) &&
2083 !ether_addr_equal(src, auth->peer_mac_addr)) {
2084 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2085 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2086 return;
2087 }
2088
2089 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
2090
2091 if (auth->curr_freq != freq && auth->neg_freq == freq) {
2092 wpa_printf(MSG_DEBUG,
2093 "DPP: Responder accepted request for different negotiation channel");
2094 auth->curr_freq = freq;
2095 }
2096
2097 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
2098 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
2099 if (!msg) {
2100 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
2101 wpa_printf(MSG_DEBUG,
2102 "DPP: Start wait for full response");
2103 offchannel_send_action_done(wpa_s);
2104 wpas_dpp_listen_start(wpa_s, auth->curr_freq);
2105 return;
2106 }
2107 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
2108 return;
2109 }
2110 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2111
2112 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2113 MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF);
2114 offchannel_send_action(wpa_s, auth->curr_freq,
2115 src, wpa_s->own_addr, broadcast,
2116 wpabuf_head(msg), wpabuf_len(msg),
2117 500, wpas_dpp_tx_status, 0);
2118 wpabuf_free(msg);
2119 wpa_s->dpp_auth_ok_on_ack = 1;
2120 }
2121
2122
wpas_dpp_rx_auth_conf(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)2123 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
2124 const u8 *hdr, const u8 *buf, size_t len)
2125 {
2126 struct dpp_authentication *auth = wpa_s->dpp_auth;
2127
2128 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
2129 MAC2STR(src));
2130
2131 if (!auth) {
2132 wpa_printf(MSG_DEBUG,
2133 "DPP: No DPP Authentication in progress - drop");
2134 return;
2135 }
2136
2137 if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2138 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2139 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2140 return;
2141 }
2142
2143 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
2144
2145 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
2146 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
2147 return;
2148 }
2149
2150 wpas_dpp_auth_success(wpa_s, 0);
2151 }
2152
2153
2154 #ifdef CONFIG_DPP2
2155
wpas_dpp_config_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)2156 static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx,
2157 void *timeout_ctx)
2158 {
2159 struct wpa_supplicant *wpa_s = eloop_ctx;
2160 struct dpp_authentication *auth = wpa_s->dpp_auth;
2161
2162 if (!auth || !auth->waiting_conf_result)
2163 return;
2164
2165 wpa_printf(MSG_DEBUG,
2166 "DPP: Timeout while waiting for Configuration Result");
2167 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2168 dpp_auth_deinit(auth);
2169 wpa_s->dpp_auth = NULL;
2170 }
2171
2172
wpas_dpp_conn_status_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)2173 static void wpas_dpp_conn_status_result_wait_timeout(void *eloop_ctx,
2174 void *timeout_ctx)
2175 {
2176 struct wpa_supplicant *wpa_s = eloop_ctx;
2177 struct dpp_authentication *auth = wpa_s->dpp_auth;
2178
2179 if (!auth || !auth->waiting_conn_status_result)
2180 return;
2181
2182 wpa_printf(MSG_DEBUG,
2183 "DPP: Timeout while waiting for Connection Status Result");
2184 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT "timeout");
2185 wpas_dpp_listen_stop(wpa_s);
2186 dpp_auth_deinit(auth);
2187 wpa_s->dpp_auth = NULL;
2188 }
2189
2190
2191 #ifdef CONFIG_DPP3
2192
wpas_dpp_pb_active(struct wpa_supplicant * wpa_s)2193 static bool wpas_dpp_pb_active(struct wpa_supplicant *wpa_s)
2194 {
2195 return (wpa_s->dpp_pb_time.sec || wpa_s->dpp_pb_time.usec) &&
2196 wpa_s->dpp_pb_configurator;
2197 }
2198
2199
wpas_dpp_remove_pb_hash(struct wpa_supplicant * wpa_s)2200 static void wpas_dpp_remove_pb_hash(struct wpa_supplicant *wpa_s)
2201 {
2202 int i;
2203
2204 if (!wpa_s->dpp_pb_bi)
2205 return;
2206 for (i = 0; i < DPP_PB_INFO_COUNT; i++) {
2207 struct dpp_pb_info *info = &wpa_s->dpp_pb[i];
2208
2209 if (info->rx_time.sec == 0 && info->rx_time.usec == 0)
2210 continue;
2211 if (os_memcmp(info->hash, wpa_s->dpp_pb_resp_hash,
2212 SHA256_MAC_LEN) == 0) {
2213 /* Allow a new push button session to be established
2214 * immediately without the successfully completed
2215 * session triggering session overlap. */
2216 info->rx_time.sec = 0;
2217 info->rx_time.usec = 0;
2218 wpa_printf(MSG_DEBUG,
2219 "DPP: Removed PB hash from session overlap detection due to successfully completed provisioning");
2220 }
2221 }
2222 }
2223
2224 #endif /* CONFIG_DPP3 */
2225
2226
wpas_dpp_rx_conf_result(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)2227 static void wpas_dpp_rx_conf_result(struct wpa_supplicant *wpa_s, const u8 *src,
2228 const u8 *hdr, const u8 *buf, size_t len)
2229 {
2230 struct dpp_authentication *auth = wpa_s->dpp_auth;
2231 enum dpp_status_error status;
2232
2233 wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR,
2234 MAC2STR(src));
2235
2236 if (!auth || !auth->waiting_conf_result) {
2237 if (auth &&
2238 ether_addr_equal(src, auth->peer_mac_addr) &&
2239 gas_server_response_sent(wpa_s->gas_server,
2240 auth->gas_server_ctx)) {
2241 /* This could happen if the TX status event gets delayed
2242 * long enough for the Enrollee to have time to send
2243 * the next frame before the TX status gets processed
2244 * locally. */
2245 wpa_printf(MSG_DEBUG,
2246 "DPP: GAS response was sent but TX status not yet received - assume it was ACKed since the Enrollee sent the next frame in the sequence");
2247 auth->waiting_conf_result = 1;
2248 } else {
2249 wpa_printf(MSG_DEBUG,
2250 "DPP: No DPP Configuration waiting for result - drop");
2251 return;
2252 }
2253 }
2254
2255 if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2256 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2257 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2258 return;
2259 }
2260
2261 status = dpp_conf_result_rx(auth, hdr, buf, len);
2262
2263 if (status == DPP_STATUS_OK && auth->send_conn_status) {
2264 int freq;
2265
2266 wpa_msg(wpa_s, MSG_INFO,
2267 DPP_EVENT_CONF_SENT "wait_conn_status=1 conf_status=%d",
2268 auth->conf_resp_status);
2269 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result");
2270 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
2271 wpa_s, NULL);
2272 auth->waiting_conn_status_result = 1;
2273 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
2274 wpa_s, NULL);
2275 eloop_register_timeout(16, 0,
2276 wpas_dpp_conn_status_result_wait_timeout,
2277 wpa_s, NULL);
2278 offchannel_send_action_done(wpa_s);
2279 freq = auth->neg_freq ? auth->neg_freq : auth->curr_freq;
2280 if (!wpa_s->dpp_in_response_listen ||
2281 (int) wpa_s->dpp_listen_freq != freq)
2282 wpas_dpp_listen_start(wpa_s, freq);
2283 return;
2284 }
2285 offchannel_send_action_done(wpa_s);
2286 wpas_dpp_listen_stop(wpa_s);
2287 if (status == DPP_STATUS_OK)
2288 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT "conf_status=%d",
2289 auth->conf_resp_status);
2290 else
2291 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2292 dpp_auth_deinit(auth);
2293 wpa_s->dpp_auth = NULL;
2294 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
2295 #ifdef CONFIG_DPP3
2296 if (!wpa_s->dpp_pb_result_indicated && wpas_dpp_pb_active(wpa_s)) {
2297 if (status == DPP_STATUS_OK)
2298 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
2299 "success");
2300 else
2301 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
2302 "no-configuration-available");
2303 wpa_s->dpp_pb_result_indicated = true;
2304 if (status == DPP_STATUS_OK)
2305 wpas_dpp_remove_pb_hash(wpa_s);
2306 wpas_dpp_push_button_stop(wpa_s);
2307 }
2308 #endif /* CONFIG_DPP3 */
2309 }
2310
2311
wpas_dpp_rx_conn_status_result(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)2312 static void wpas_dpp_rx_conn_status_result(struct wpa_supplicant *wpa_s,
2313 const u8 *src, const u8 *hdr,
2314 const u8 *buf, size_t len)
2315 {
2316 struct dpp_authentication *auth = wpa_s->dpp_auth;
2317 enum dpp_status_error status;
2318 u8 ssid[SSID_MAX_LEN];
2319 size_t ssid_len = 0;
2320 char *channel_list = NULL;
2321
2322 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result");
2323
2324 if (!auth || !auth->waiting_conn_status_result) {
2325 wpa_printf(MSG_DEBUG,
2326 "DPP: No DPP Configuration waiting for connection status result - drop");
2327 return;
2328 }
2329
2330 status = dpp_conn_status_result_rx(auth, hdr, buf, len,
2331 ssid, &ssid_len, &channel_list);
2332 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT
2333 "result=%d ssid=%s channel_list=%s",
2334 status, wpa_ssid_txt(ssid, ssid_len),
2335 channel_list ? channel_list : "N/A");
2336 os_free(channel_list);
2337 offchannel_send_action_done(wpa_s);
2338 wpas_dpp_listen_stop(wpa_s);
2339 dpp_auth_deinit(auth);
2340 wpa_s->dpp_auth = NULL;
2341 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
2342 wpa_s, NULL);
2343 }
2344
2345
wpas_dpp_process_conf_obj(void * ctx,struct dpp_authentication * auth)2346 static int wpas_dpp_process_conf_obj(void *ctx,
2347 struct dpp_authentication *auth)
2348 {
2349 struct wpa_supplicant *wpa_s = ctx;
2350 unsigned int i;
2351 int res = -1;
2352
2353 for (i = 0; i < auth->num_conf_obj; i++) {
2354 res = wpas_dpp_handle_config_obj(wpa_s, auth,
2355 &auth->conf_obj[i]);
2356 if (res)
2357 break;
2358 }
2359 if (!res)
2360 wpas_dpp_post_process_config(wpa_s, auth);
2361
2362 return res;
2363 }
2364
2365
wpas_dpp_tcp_msg_sent(void * ctx,struct dpp_authentication * auth)2366 static bool wpas_dpp_tcp_msg_sent(void *ctx, struct dpp_authentication *auth)
2367 {
2368 struct wpa_supplicant *wpa_s = ctx;
2369
2370 wpa_printf(MSG_DEBUG, "DPP: TCP message sent callback");
2371
2372 if (auth->connect_on_tx_status) {
2373 auth->connect_on_tx_status = 0;
2374 wpa_printf(MSG_DEBUG,
2375 "DPP: Try to connect after completed configuration result");
2376 wpas_dpp_try_to_connect(wpa_s);
2377 if (auth->conn_status_requested) {
2378 wpa_printf(MSG_DEBUG,
2379 "DPP: Start 15 second timeout for reporting connection status result");
2380 eloop_cancel_timeout(
2381 wpas_dpp_conn_status_result_timeout,
2382 wpa_s, NULL);
2383 eloop_register_timeout(
2384 15, 0, wpas_dpp_conn_status_result_timeout,
2385 wpa_s, NULL);
2386 return true;
2387 }
2388 }
2389
2390 return false;
2391 }
2392
2393
wpas_dpp_remove_bi(void * ctx,struct dpp_bootstrap_info * bi)2394 static void wpas_dpp_remove_bi(void *ctx, struct dpp_bootstrap_info *bi)
2395 {
2396 struct wpa_supplicant *wpa_s = ctx;
2397
2398 if (bi == wpa_s->dpp_chirp_bi)
2399 wpas_dpp_chirp_stop(wpa_s);
2400 }
2401
2402
2403 static void
wpas_dpp_rx_presence_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2404 wpas_dpp_rx_presence_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
2405 const u8 *hdr, const u8 *buf, size_t len,
2406 unsigned int freq)
2407 {
2408 const u8 *r_bootstrap;
2409 u16 r_bootstrap_len;
2410 struct dpp_bootstrap_info *peer_bi;
2411 struct dpp_authentication *auth;
2412 unsigned int wait_time, max_wait_time;
2413
2414 if (!wpa_s->dpp)
2415 return;
2416
2417 if (wpa_s->dpp_auth) {
2418 wpa_printf(MSG_DEBUG,
2419 "DPP: Ignore Presence Announcement during ongoing Authentication");
2420 return;
2421 }
2422
2423 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement from " MACSTR,
2424 MAC2STR(src));
2425
2426 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
2427 &r_bootstrap_len);
2428 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
2429 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2430 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
2431 return;
2432 }
2433 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
2434 r_bootstrap, r_bootstrap_len);
2435 peer_bi = dpp_bootstrap_find_chirp(wpa_s->dpp, r_bootstrap);
2436 dpp_notify_chirp_received(wpa_s, peer_bi ? (int) peer_bi->id : -1, src,
2437 freq, r_bootstrap);
2438 if (!peer_bi) {
2439 wpa_printf(MSG_DEBUG,
2440 "DPP: No matching bootstrapping information found");
2441 return;
2442 }
2443
2444 wpa_printf(MSG_DEBUG, "DPP: Start Authentication exchange with " MACSTR
2445 " based on the received Presence Announcement",
2446 MAC2STR(src));
2447 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, NULL,
2448 DPP_CAPAB_CONFIGURATOR, freq, NULL, 0);
2449 if (!auth)
2450 return;
2451 wpas_dpp_set_testing_options(wpa_s, auth);
2452 if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
2453 dpp_auth_deinit(auth);
2454 return;
2455 }
2456
2457 auth->neg_freq = freq;
2458
2459 /* The source address of the Presence Announcement frame overrides any
2460 * MAC address information from the bootstrapping information. */
2461 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2462
2463 wait_time = wpa_s->max_remain_on_chan;
2464 max_wait_time = wpa_s->dpp_resp_wait_time ?
2465 wpa_s->dpp_resp_wait_time : 2000;
2466 if (wait_time > max_wait_time)
2467 wait_time = max_wait_time;
2468 wpas_dpp_stop_listen_for_tx(wpa_s, freq, wait_time);
2469
2470 wpa_s->dpp_auth = auth;
2471 if (wpas_dpp_auth_init_next(wpa_s) < 0) {
2472 dpp_auth_deinit(wpa_s->dpp_auth);
2473 wpa_s->dpp_auth = NULL;
2474 }
2475 }
2476
2477
wpas_dpp_reconfig_reply_wait_timeout(void * eloop_ctx,void * timeout_ctx)2478 static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
2479 void *timeout_ctx)
2480 {
2481 struct wpa_supplicant *wpa_s = eloop_ctx;
2482 struct dpp_authentication *auth = wpa_s->dpp_auth;
2483
2484 if (!auth)
2485 return;
2486
2487 wpa_printf(MSG_DEBUG, "DPP: Reconfig Reply wait timeout");
2488 offchannel_send_action_done(wpa_s);
2489 wpas_dpp_listen_stop(wpa_s);
2490 dpp_auth_deinit(auth);
2491 wpa_s->dpp_auth = NULL;
2492 }
2493
2494
2495 static void
wpas_dpp_rx_reconfig_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2496 wpas_dpp_rx_reconfig_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
2497 const u8 *hdr, const u8 *buf, size_t len,
2498 unsigned int freq)
2499 {
2500 const u8 *csign_hash, *fcgroup, *a_nonce, *e_id;
2501 u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len;
2502 struct dpp_configurator *conf;
2503 struct dpp_authentication *auth;
2504 unsigned int wait_time, max_wait_time;
2505 u16 group;
2506
2507 if (!wpa_s->dpp)
2508 return;
2509
2510 if (wpa_s->dpp_auth) {
2511 wpa_printf(MSG_DEBUG,
2512 "DPP: Ignore Reconfig Announcement during ongoing Authentication");
2513 return;
2514 }
2515
2516 wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement from " MACSTR,
2517 MAC2STR(src));
2518
2519 csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH,
2520 &csign_hash_len);
2521 if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) {
2522 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2523 "Missing or invalid required Configurator C-sign key Hash attribute");
2524 return;
2525 }
2526 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)",
2527 csign_hash, csign_hash_len);
2528 conf = dpp_configurator_find_kid(wpa_s->dpp, csign_hash);
2529 if (!conf) {
2530 wpa_printf(MSG_DEBUG,
2531 "DPP: No matching Configurator information found");
2532 return;
2533 }
2534
2535 fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP,
2536 &fcgroup_len);
2537 if (!fcgroup || fcgroup_len != 2) {
2538 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2539 "Missing or invalid required Finite Cyclic Group attribute");
2540 return;
2541 }
2542 group = WPA_GET_LE16(fcgroup);
2543 wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group);
2544
2545 a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len);
2546 e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len);
2547
2548 auth = dpp_reconfig_init(wpa_s->dpp, wpa_s, conf, freq, group,
2549 a_nonce, a_nonce_len, e_id, e_id_len);
2550 if (!auth)
2551 return;
2552 wpas_dpp_set_testing_options(wpa_s, auth);
2553 if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
2554 dpp_auth_deinit(auth);
2555 return;
2556 }
2557
2558 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2559 wpa_s->dpp_auth = auth;
2560
2561 wpa_s->dpp_in_response_listen = 0;
2562 wpa_s->dpp_auth_ok_on_ack = 0;
2563 wait_time = wpa_s->max_remain_on_chan;
2564 max_wait_time = wpa_s->dpp_resp_wait_time ?
2565 wpa_s->dpp_resp_wait_time : 2000;
2566 if (wait_time > max_wait_time)
2567 wait_time = max_wait_time;
2568 wait_time += 10; /* give the driver some extra time to complete */
2569 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
2570 wpas_dpp_reconfig_reply_wait_timeout,
2571 wpa_s, NULL);
2572 wait_time -= 10;
2573
2574 wpas_dpp_stop_listen_for_tx(wpa_s, freq, wait_time);
2575
2576 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2577 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_REQ);
2578 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2579 wpabuf_head(auth->reconfig_req_msg),
2580 wpabuf_len(auth->reconfig_req_msg),
2581 wait_time, wpas_dpp_tx_status, 0) < 0) {
2582 dpp_auth_deinit(wpa_s->dpp_auth);
2583 wpa_s->dpp_auth = NULL;
2584 }
2585 }
2586
2587
2588 static void
wpas_dpp_rx_reconfig_auth_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2589 wpas_dpp_rx_reconfig_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
2590 const u8 *hdr, const u8 *buf, size_t len,
2591 unsigned int freq)
2592 {
2593 struct wpa_ssid *ssid;
2594 struct dpp_authentication *auth;
2595
2596 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Request from "
2597 MACSTR, MAC2STR(src));
2598
2599 if (!wpa_s->dpp)
2600 return;
2601 if (wpa_s->dpp_auth) {
2602 wpa_printf(MSG_DEBUG,
2603 "DPP: Not ready for reconfiguration - pending authentication exchange in progress");
2604 return;
2605 }
2606 if (!wpa_s->dpp_reconfig_ssid) {
2607 wpa_printf(MSG_DEBUG,
2608 "DPP: Not ready for reconfiguration - not requested");
2609 return;
2610 }
2611 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2612 if (ssid == wpa_s->dpp_reconfig_ssid &&
2613 ssid->id == wpa_s->dpp_reconfig_ssid_id)
2614 break;
2615 }
2616 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2617 !ssid->dpp_csign) {
2618 wpa_printf(MSG_DEBUG,
2619 "DPP: Not ready for reconfiguration - no matching network profile with Connector found");
2620 return;
2621 }
2622
2623 auth = dpp_reconfig_auth_req_rx(wpa_s->dpp, wpa_s, ssid->dpp_connector,
2624 ssid->dpp_netaccesskey,
2625 ssid->dpp_netaccesskey_len,
2626 ssid->dpp_csign, ssid->dpp_csign_len,
2627 freq, hdr, buf, len);
2628 if (!auth)
2629 return;
2630 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2631 wpa_s->dpp_auth = auth;
2632
2633 wpas_dpp_chirp_stop(wpa_s);
2634
2635 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2636 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_RESP);
2637 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2638 wpabuf_head(auth->reconfig_resp_msg),
2639 wpabuf_len(auth->reconfig_resp_msg),
2640 500, wpas_dpp_tx_status, 0) < 0) {
2641 dpp_auth_deinit(wpa_s->dpp_auth);
2642 wpa_s->dpp_auth = NULL;
2643 }
2644 }
2645
2646
2647 static void
wpas_dpp_rx_reconfig_auth_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2648 wpas_dpp_rx_reconfig_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2649 const u8 *hdr, const u8 *buf, size_t len,
2650 unsigned int freq)
2651 {
2652 struct dpp_authentication *auth = wpa_s->dpp_auth;
2653 struct wpabuf *conf;
2654
2655 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response from "
2656 MACSTR, MAC2STR(src));
2657
2658 if (!auth || !auth->reconfig || !auth->configurator) {
2659 wpa_printf(MSG_DEBUG,
2660 "DPP: No DPP Reconfig Authentication in progress - drop");
2661 return;
2662 }
2663
2664 if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2665 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2666 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2667 return;
2668 }
2669
2670 conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len);
2671 if (!conf)
2672 return;
2673
2674 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout, wpa_s, NULL);
2675
2676 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2677 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_CONF);
2678 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2679 wpabuf_head(conf), wpabuf_len(conf),
2680 500, wpas_dpp_tx_status, 0) < 0) {
2681 wpabuf_free(conf);
2682 dpp_auth_deinit(wpa_s->dpp_auth);
2683 wpa_s->dpp_auth = NULL;
2684 return;
2685 }
2686 wpabuf_free(conf);
2687
2688 wpas_dpp_start_gas_server(wpa_s);
2689 }
2690
2691
2692 static void
wpas_dpp_rx_reconfig_auth_conf(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2693 wpas_dpp_rx_reconfig_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
2694 const u8 *hdr, const u8 *buf, size_t len,
2695 unsigned int freq)
2696 {
2697 struct dpp_authentication *auth = wpa_s->dpp_auth;
2698
2699 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Confirm from "
2700 MACSTR, MAC2STR(src));
2701
2702 if (!auth || !auth->reconfig || auth->configurator) {
2703 wpa_printf(MSG_DEBUG,
2704 "DPP: No DPP Reconfig Authentication in progress - drop");
2705 return;
2706 }
2707
2708 if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2709 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2710 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2711 return;
2712 }
2713
2714 if (dpp_reconfig_auth_conf_rx(auth, hdr, buf, len) < 0)
2715 return;
2716
2717 wpas_dpp_start_gas_client(wpa_s);
2718 }
2719
2720 #endif /* CONFIG_DPP2 */
2721
2722
wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len)2723 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
2724 const u8 *src,
2725 const u8 *buf, size_t len)
2726 {
2727 struct wpa_ssid *ssid;
2728 const u8 *connector, *trans_id, *status;
2729 u16 connector_len, trans_id_len, status_len;
2730 #ifdef CONFIG_DPP2
2731 const u8 *version;
2732 u16 version_len;
2733 #endif /* CONFIG_DPP2 */
2734 u8 peer_version = 1;
2735 struct dpp_introduction intro;
2736 struct rsn_pmksa_cache_entry *entry;
2737 struct os_time now;
2738 struct os_reltime rnow;
2739 os_time_t expiry;
2740 unsigned int seconds;
2741 enum dpp_status_error res;
2742
2743 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
2744 MAC2STR(src));
2745 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
2746 !ether_addr_equal(src, wpa_s->dpp_intro_bssid)) {
2747 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
2748 MACSTR " - drop", MAC2STR(src));
2749 return;
2750 }
2751 offchannel_send_action_done(wpa_s);
2752
2753 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2754 if (ssid == wpa_s->dpp_intro_network)
2755 break;
2756 }
2757 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2758 !ssid->dpp_csign) {
2759 wpa_printf(MSG_DEBUG,
2760 "DPP: Profile not found for network introduction");
2761 return;
2762 }
2763
2764 os_memset(&intro, 0, sizeof(intro));
2765
2766 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
2767 &trans_id_len);
2768 if (!trans_id || trans_id_len != 1) {
2769 wpa_printf(MSG_DEBUG,
2770 "DPP: Peer did not include Transaction ID");
2771 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2772 " fail=missing_transaction_id", MAC2STR(src));
2773 goto fail;
2774 }
2775 if (trans_id[0] != TRANSACTION_ID) {
2776 wpa_printf(MSG_DEBUG,
2777 "DPP: Ignore frame with unexpected Transaction ID %u",
2778 trans_id[0]);
2779 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2780 " fail=transaction_id_mismatch", MAC2STR(src));
2781 goto fail;
2782 }
2783
2784 status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len);
2785 if (!status || status_len != 1) {
2786 wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status");
2787 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2788 " fail=missing_status", MAC2STR(src));
2789 goto fail;
2790 }
2791 if (status[0] != DPP_STATUS_OK) {
2792 wpa_printf(MSG_DEBUG,
2793 "DPP: Peer rejected network introduction: Status %u",
2794 status[0]);
2795 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2796 " status=%u", MAC2STR(src), status[0]);
2797 #ifdef CONFIG_DPP2
2798 wpas_dpp_send_conn_status_result(wpa_s, status[0]);
2799 #endif /* CONFIG_DPP2 */
2800 goto fail;
2801 }
2802
2803 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
2804 if (!connector) {
2805 wpa_printf(MSG_DEBUG,
2806 "DPP: Peer did not include its Connector");
2807 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2808 " fail=missing_connector", MAC2STR(src));
2809 goto fail;
2810 }
2811
2812 res = dpp_peer_intro(&intro, ssid->dpp_connector,
2813 ssid->dpp_netaccesskey,
2814 ssid->dpp_netaccesskey_len,
2815 ssid->dpp_csign,
2816 ssid->dpp_csign_len,
2817 connector, connector_len, &expiry, NULL);
2818 if (res != DPP_STATUS_OK) {
2819 wpa_printf(MSG_INFO,
2820 "DPP: Network Introduction protocol resulted in failure");
2821 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2822 " fail=peer_connector_validation_failed", MAC2STR(src));
2823 #ifdef CONFIG_DPP2
2824 wpas_dpp_send_conn_status_result(wpa_s, res);
2825 #endif /* CONFIG_DPP2 */
2826 goto fail;
2827 }
2828
2829 entry = os_zalloc(sizeof(*entry));
2830 if (!entry)
2831 goto fail;
2832 os_memcpy(entry->aa, src, ETH_ALEN);
2833 os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN);
2834 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
2835 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
2836 entry->pmk_len = intro.pmk_len;
2837 entry->akmp = WPA_KEY_MGMT_DPP;
2838 #ifdef CONFIG_DPP2
2839 version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
2840 &version_len);
2841 if (version && version_len >= 1)
2842 peer_version = version[0];
2843 #ifdef CONFIG_DPP3
2844 if (intro.peer_version && intro.peer_version >= 2 &&
2845 peer_version != intro.peer_version) {
2846 wpa_printf(MSG_INFO,
2847 "DPP: Protocol version mismatch (Connector: %d Attribute: %d",
2848 intro.peer_version, peer_version);
2849 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
2850 goto fail;
2851 }
2852 #endif /* CONFIG_DPP3 */
2853 entry->dpp_pfs = peer_version >= 2;
2854 #endif /* CONFIG_DPP2 */
2855 if (expiry) {
2856 os_get_time(&now);
2857 seconds = expiry - now.sec;
2858 } else {
2859 seconds = 86400 * 7;
2860 }
2861 os_get_reltime(&rnow);
2862 entry->expiration = rnow.sec + seconds;
2863 entry->reauth_time = rnow.sec + seconds;
2864 entry->network_ctx = ssid;
2865 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
2866
2867 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2868 " status=%u version=%u", MAC2STR(src), status[0], peer_version);
2869
2870 wpa_printf(MSG_DEBUG,
2871 "DPP: Try connection again after successful network introduction");
2872 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
2873 wpa_supplicant_cancel_sched_scan(wpa_s);
2874 wpa_supplicant_req_scan(wpa_s, 0, 0);
2875 }
2876 fail:
2877 dpp_peer_intro_deinit(&intro);
2878 }
2879
2880
wpas_dpp_allow_ir(struct wpa_supplicant * wpa_s,unsigned int freq)2881 static int wpas_dpp_allow_ir(struct wpa_supplicant *wpa_s, unsigned int freq)
2882 {
2883 int i, j;
2884
2885 if (!wpa_s->hw.modes)
2886 return -1;
2887
2888 for (i = 0; i < wpa_s->hw.num_modes; i++) {
2889 struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
2890
2891 for (j = 0; j < mode->num_channels; j++) {
2892 struct hostapd_channel_data *chan = &mode->channels[j];
2893
2894 if (chan->freq != (int) freq)
2895 continue;
2896
2897 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2898 HOSTAPD_CHAN_NO_IR |
2899 HOSTAPD_CHAN_RADAR))
2900 continue;
2901
2902 return 1;
2903 }
2904 }
2905
2906 wpa_printf(MSG_DEBUG,
2907 "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list",
2908 freq);
2909
2910 return 0;
2911 }
2912
2913
wpas_dpp_pkex_next_channel(struct wpa_supplicant * wpa_s,struct dpp_pkex * pkex)2914 static int wpas_dpp_pkex_next_channel(struct wpa_supplicant *wpa_s,
2915 struct dpp_pkex *pkex)
2916 {
2917 if (pkex->freq == 2437)
2918 pkex->freq = 5745;
2919 else if (pkex->freq == 5745)
2920 pkex->freq = 5220;
2921 else if (pkex->freq == 5220)
2922 pkex->freq = 60480;
2923 else
2924 return -1; /* no more channels to try */
2925
2926 if (wpas_dpp_allow_ir(wpa_s, pkex->freq) == 1) {
2927 wpa_printf(MSG_DEBUG, "DPP: Try to initiate on %u MHz",
2928 pkex->freq);
2929 return 0;
2930 }
2931
2932 /* Could not use this channel - try the next one */
2933 return wpas_dpp_pkex_next_channel(wpa_s, pkex);
2934 }
2935
2936
wpas_dpp_pkex_clear_code(struct wpa_supplicant * wpa_s)2937 static void wpas_dpp_pkex_clear_code(struct wpa_supplicant *wpa_s)
2938 {
2939 if (!wpa_s->dpp_pkex_code && !wpa_s->dpp_pkex_identifier)
2940 return;
2941
2942 /* Delete PKEX code and identifier on successful completion of
2943 * PKEX. We are not supposed to reuse these without being
2944 * explicitly requested to perform PKEX again. */
2945 wpa_printf(MSG_DEBUG, "DPP: Delete PKEX code/identifier");
2946 os_free(wpa_s->dpp_pkex_code);
2947 wpa_s->dpp_pkex_code = NULL;
2948 os_free(wpa_s->dpp_pkex_identifier);
2949 wpa_s->dpp_pkex_identifier = NULL;
2950
2951 }
2952
2953
2954 #ifdef CONFIG_DPP2
wpas_dpp_pkex_done(void * ctx,void * conn,struct dpp_bootstrap_info * peer_bi)2955 static int wpas_dpp_pkex_done(void *ctx, void *conn,
2956 struct dpp_bootstrap_info *peer_bi)
2957 {
2958 struct wpa_supplicant *wpa_s = ctx;
2959 char cmd[500];
2960 const char *pos;
2961 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
2962 struct dpp_bootstrap_info *own_bi = NULL;
2963 struct dpp_authentication *auth;
2964
2965 wpas_dpp_pkex_clear_code(wpa_s);
2966
2967 os_snprintf(cmd, sizeof(cmd), " peer=%u %s", peer_bi->id,
2968 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
2969 wpa_printf(MSG_DEBUG, "DPP: Start authentication after PKEX (cmd: %s)",
2970 cmd);
2971
2972 pos = os_strstr(cmd, " own=");
2973 if (pos) {
2974 pos += 5;
2975 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
2976 if (!own_bi) {
2977 wpa_printf(MSG_INFO,
2978 "DPP: Could not find bootstrapping info for the identified local entry");
2979 return -1;
2980 }
2981
2982 if (peer_bi->curve != own_bi->curve) {
2983 wpa_printf(MSG_INFO,
2984 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
2985 peer_bi->curve->name, own_bi->curve->name);
2986 return -1;
2987 }
2988 }
2989
2990 pos = os_strstr(cmd, " role=");
2991 if (pos) {
2992 pos += 6;
2993 if (os_strncmp(pos, "configurator", 12) == 0)
2994 allowed_roles = DPP_CAPAB_CONFIGURATOR;
2995 else if (os_strncmp(pos, "enrollee", 8) == 0)
2996 allowed_roles = DPP_CAPAB_ENROLLEE;
2997 else if (os_strncmp(pos, "either", 6) == 0)
2998 allowed_roles = DPP_CAPAB_CONFIGURATOR |
2999 DPP_CAPAB_ENROLLEE;
3000 else
3001 return -1;
3002 }
3003
3004 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles,
3005 0, wpa_s->hw.modes, wpa_s->hw.num_modes);
3006 if (!auth)
3007 return -1;
3008
3009 wpas_dpp_set_testing_options(wpa_s, auth);
3010 if (dpp_set_configurator(auth, cmd) < 0) {
3011 dpp_auth_deinit(auth);
3012 return -1;
3013 }
3014
3015 return dpp_tcp_auth(wpa_s->dpp, conn, auth, wpa_s->conf->dpp_name,
3016 DPP_NETROLE_STA,
3017 wpa_s->conf->dpp_mud_url,
3018 wpa_s->conf->dpp_extra_conf_req_name,
3019 wpa_s->conf->dpp_extra_conf_req_value,
3020 wpas_dpp_process_conf_obj,
3021 wpas_dpp_tcp_msg_sent);
3022 }
3023 #endif /* CONFIG_DPP2 */
3024
3025
wpas_dpp_pkex_init(struct wpa_supplicant * wpa_s,enum dpp_pkex_ver ver,const struct hostapd_ip_addr * ipaddr,int tcp_port)3026 static int wpas_dpp_pkex_init(struct wpa_supplicant *wpa_s,
3027 enum dpp_pkex_ver ver,
3028 const struct hostapd_ip_addr *ipaddr,
3029 int tcp_port)
3030 {
3031 struct dpp_pkex *pkex;
3032 struct wpabuf *msg;
3033 unsigned int wait_time;
3034 bool v2 = ver != PKEX_VER_ONLY_1;
3035
3036 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEXv%d", v2 ? 2 : 1);
3037 dpp_pkex_free(wpa_s->dpp_pkex);
3038 wpa_s->dpp_pkex = NULL;
3039 pkex = dpp_pkex_init(wpa_s, wpa_s->dpp_pkex_bi, wpa_s->own_addr,
3040 wpa_s->dpp_pkex_identifier,
3041 wpa_s->dpp_pkex_code, wpa_s->dpp_pkex_code_len,
3042 v2);
3043 if (!pkex)
3044 return -1;
3045 pkex->forced_ver = ver != PKEX_VER_AUTO;
3046
3047 if (ipaddr) {
3048 #ifdef CONFIG_DPP2
3049 return dpp_tcp_pkex_init(wpa_s->dpp, pkex, ipaddr, tcp_port,
3050 wpa_s, wpa_s, wpas_dpp_pkex_done);
3051 #else /* CONFIG_DPP2 */
3052 return -1;
3053 #endif /* CONFIG_DPP2 */
3054 }
3055
3056 wpa_s->dpp_pkex = pkex;
3057 msg = pkex->exchange_req;
3058 wait_time = wpa_s->max_remain_on_chan;
3059 if (wait_time > 2000)
3060 wait_time = 2000;
3061 pkex->freq = 2437;
3062 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
3063 " freq=%u type=%d",
3064 MAC2STR(broadcast), pkex->freq,
3065 v2 ? DPP_PA_PKEX_EXCHANGE_REQ :
3066 DPP_PA_PKEX_V1_EXCHANGE_REQ);
3067 offchannel_send_action(wpa_s, pkex->freq, broadcast,
3068 wpa_s->own_addr, broadcast,
3069 wpabuf_head(msg), wpabuf_len(msg),
3070 wait_time, wpas_dpp_tx_pkex_status, 0);
3071 if (wait_time == 0)
3072 wait_time = 2000;
3073 pkex->exch_req_wait_time = wait_time;
3074 pkex->exch_req_tries = 1;
3075
3076 return 0;
3077 }
3078
3079
wpas_dpp_pkex_retry_timeout(void * eloop_ctx,void * timeout_ctx)3080 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx)
3081 {
3082 struct wpa_supplicant *wpa_s = eloop_ctx;
3083 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3084
3085 if (!pkex || !pkex->exchange_req)
3086 return;
3087 if (pkex->exch_req_tries >= 5) {
3088 if (wpas_dpp_pkex_next_channel(wpa_s, pkex) < 0) {
3089 #ifdef CONFIG_DPP3
3090 if (pkex->v2 && !pkex->forced_ver) {
3091 wpa_printf(MSG_DEBUG,
3092 "DPP: Fall back to PKEXv1");
3093 wpas_dpp_pkex_init(wpa_s, PKEX_VER_ONLY_1,
3094 NULL, 0);
3095 return;
3096 }
3097 #endif /* CONFIG_DPP3 */
3098 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
3099 "No response from PKEX peer");
3100 dpp_pkex_free(pkex);
3101 wpa_s->dpp_pkex = NULL;
3102 return;
3103 }
3104 pkex->exch_req_tries = 0;
3105 }
3106
3107 pkex->exch_req_tries++;
3108 wpa_printf(MSG_DEBUG, "DPP: Retransmit PKEX Exchange Request (try %u)",
3109 pkex->exch_req_tries);
3110 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3111 MAC2STR(broadcast), pkex->freq,
3112 pkex->v2 ? DPP_PA_PKEX_EXCHANGE_REQ :
3113 DPP_PA_PKEX_V1_EXCHANGE_REQ);
3114 offchannel_send_action(wpa_s, pkex->freq, broadcast,
3115 wpa_s->own_addr, broadcast,
3116 wpabuf_head(pkex->exchange_req),
3117 wpabuf_len(pkex->exchange_req),
3118 pkex->exch_req_wait_time,
3119 wpas_dpp_tx_pkex_status, 0);
3120 }
3121
3122
3123 static void
wpas_dpp_tx_pkex_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)3124 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
3125 unsigned int freq, const u8 *dst,
3126 const u8 *src, const u8 *bssid,
3127 const u8 *data, size_t data_len,
3128 enum offchannel_send_action_result result)
3129 {
3130 const char *res_txt;
3131 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3132
3133 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
3134 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
3135 "FAILED");
3136 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
3137 " result=%s (PKEX)",
3138 freq, MAC2STR(dst), res_txt);
3139 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
3140 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
3141
3142 if (!pkex) {
3143 wpa_printf(MSG_DEBUG,
3144 "DPP: Ignore TX status since there is no ongoing PKEX exchange");
3145 return;
3146 }
3147
3148 if (pkex->failed) {
3149 wpa_printf(MSG_DEBUG,
3150 "DPP: Terminate PKEX exchange due to an earlier error");
3151 if (pkex->t > pkex->own_bi->pkex_t)
3152 pkex->own_bi->pkex_t = pkex->t;
3153 dpp_pkex_free(pkex);
3154 wpa_s->dpp_pkex = NULL;
3155 return;
3156 }
3157
3158 if (pkex->exch_req_wait_time && pkex->exchange_req) {
3159 /* Wait for PKEX Exchange Response frame and retry request if
3160 * no response is seen. */
3161 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
3162 eloop_register_timeout(pkex->exch_req_wait_time / 1000,
3163 (pkex->exch_req_wait_time % 1000) * 1000,
3164 wpas_dpp_pkex_retry_timeout, wpa_s,
3165 NULL);
3166 }
3167 }
3168
3169
3170 static void
wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq,bool v2)3171 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
3172 const u8 *buf, size_t len, unsigned int freq,
3173 bool v2)
3174 {
3175 struct wpabuf *msg;
3176 unsigned int wait_time;
3177
3178 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
3179 MAC2STR(src));
3180
3181 if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_1 && v2) {
3182 wpa_printf(MSG_DEBUG,
3183 "DPP: Ignore PKEXv2 Exchange Request when configured to be PKEX v1 only");
3184 return;
3185 }
3186 if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_2 && !v2) {
3187 wpa_printf(MSG_DEBUG,
3188 "DPP: Ignore PKEXv1 Exchange Request when configured to be PKEX v2 only");
3189 return;
3190 }
3191
3192 /* TODO: Support multiple PKEX codes by iterating over all the enabled
3193 * values here */
3194
3195 if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) {
3196 wpa_printf(MSG_DEBUG,
3197 "DPP: No PKEX code configured - ignore request");
3198 return;
3199 }
3200
3201 #ifdef CONFIG_DPP2
3202 if (dpp_controller_is_own_pkex_req(wpa_s->dpp, buf, len)) {
3203 wpa_printf(MSG_DEBUG,
3204 "DPP: PKEX Exchange Request is from local Controller - ignore request");
3205 return;
3206 }
3207 #endif /* CONFIG_DPP2 */
3208
3209 if (wpa_s->dpp_pkex) {
3210 /* TODO: Support parallel operations */
3211 wpa_printf(MSG_DEBUG,
3212 "DPP: Already in PKEX session - ignore new request");
3213 return;
3214 }
3215
3216 wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi,
3217 wpa_s->own_addr, src,
3218 wpa_s->dpp_pkex_identifier,
3219 wpa_s->dpp_pkex_code,
3220 wpa_s->dpp_pkex_code_len,
3221 buf, len, v2);
3222 if (!wpa_s->dpp_pkex) {
3223 wpa_printf(MSG_DEBUG,
3224 "DPP: Failed to process the request - ignore it");
3225 return;
3226 }
3227
3228 #ifdef CONFIG_DPP3
3229 if (wpa_s->dpp_pb_bi && wpa_s->dpp_pb_announcement) {
3230 wpa_printf(MSG_DEBUG,
3231 "DPP: Started PB PKEX (no more PB announcements)");
3232 wpabuf_free(wpa_s->dpp_pb_announcement);
3233 wpa_s->dpp_pb_announcement = NULL;
3234 }
3235 #endif /* CONFIG_DPP3 */
3236 wpa_s->dpp_pkex_wait_auth_req = false;
3237 msg = wpa_s->dpp_pkex->exchange_resp;
3238 wait_time = wpa_s->max_remain_on_chan;
3239 if (wait_time > 2000)
3240 wait_time = 2000;
3241 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3242 MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP);
3243 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
3244 broadcast,
3245 wpabuf_head(msg), wpabuf_len(msg),
3246 wait_time, wpas_dpp_tx_pkex_status, 0);
3247 }
3248
3249
3250 static void
wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq)3251 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
3252 const u8 *buf, size_t len, unsigned int freq)
3253 {
3254 struct wpabuf *msg;
3255 unsigned int wait_time;
3256
3257 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
3258 MAC2STR(src));
3259
3260 /* TODO: Support multiple PKEX codes by iterating over all the enabled
3261 * values here */
3262
3263 if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator ||
3264 wpa_s->dpp_pkex->exchange_done) {
3265 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
3266 return;
3267 }
3268
3269 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
3270 wpa_s->dpp_pkex->exch_req_wait_time = 0;
3271
3272 msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, src, buf, len);
3273 if (!msg) {
3274 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
3275 return;
3276 }
3277
3278 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
3279 MAC2STR(src));
3280
3281 wait_time = wpa_s->max_remain_on_chan;
3282 if (wait_time > 2000)
3283 wait_time = 2000;
3284 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3285 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ);
3286 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
3287 broadcast,
3288 wpabuf_head(msg), wpabuf_len(msg),
3289 wait_time, wpas_dpp_tx_pkex_status, 0);
3290 wpabuf_free(msg);
3291 }
3292
3293
3294 static struct dpp_bootstrap_info *
wpas_dpp_pkex_finish(struct wpa_supplicant * wpa_s,const u8 * peer,unsigned int freq)3295 wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer,
3296 unsigned int freq)
3297 {
3298 struct dpp_bootstrap_info *bi;
3299
3300 wpas_dpp_pkex_clear_code(wpa_s);
3301 bi = dpp_pkex_finish(wpa_s->dpp, wpa_s->dpp_pkex, peer, freq);
3302 if (!bi)
3303 return NULL;
3304
3305 wpa_s->dpp_pkex = NULL;
3306
3307 #ifdef CONFIG_DPP3
3308 if (wpa_s->dpp_pb_bi && !wpa_s->dpp_pb_configurator &&
3309 os_memcmp(bi->pubkey_hash_chirp, wpa_s->dpp_pb_init_hash,
3310 SHA256_MAC_LEN) != 0) {
3311 char id[20];
3312
3313 wpa_printf(MSG_INFO,
3314 "DPP: Peer bootstrap key from PKEX does not match PB announcement response hash");
3315 wpa_hexdump(MSG_DEBUG,
3316 "DPP: Peer provided bootstrap key hash(chirp) from PB PKEX",
3317 bi->pubkey_hash_chirp, SHA256_MAC_LEN);
3318 wpa_hexdump(MSG_DEBUG,
3319 "DPP: Peer provided bootstrap key hash(chirp) from PB announcement response",
3320 wpa_s->dpp_pb_init_hash, SHA256_MAC_LEN);
3321
3322 os_snprintf(id, sizeof(id), "%u", bi->id);
3323 dpp_bootstrap_remove(wpa_s->dpp, id);
3324 wpas_dpp_push_button_stop(wpa_s);
3325 return NULL;
3326 }
3327 #endif /* CONFIG_DPP3 */
3328
3329 return bi;
3330 }
3331
3332
3333 static void
wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3334 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
3335 const u8 *hdr, const u8 *buf, size_t len,
3336 unsigned int freq)
3337 {
3338 struct wpabuf *msg;
3339 unsigned int wait_time;
3340 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3341
3342 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
3343 MAC2STR(src));
3344
3345 if (!pkex || pkex->initiator || !pkex->exchange_done) {
3346 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
3347 return;
3348 }
3349
3350 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
3351 if (!msg) {
3352 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
3353 if (pkex->failed) {
3354 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
3355 if (pkex->t > pkex->own_bi->pkex_t)
3356 pkex->own_bi->pkex_t = pkex->t;
3357 dpp_pkex_free(wpa_s->dpp_pkex);
3358 wpa_s->dpp_pkex = NULL;
3359 }
3360 return;
3361 }
3362
3363 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
3364 MACSTR, MAC2STR(src));
3365
3366 wait_time = wpa_s->max_remain_on_chan;
3367 if (wait_time > 2000)
3368 wait_time = 2000;
3369 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3370 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP);
3371 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
3372 broadcast,
3373 wpabuf_head(msg), wpabuf_len(msg),
3374 wait_time, wpas_dpp_tx_pkex_status, 0);
3375 wpabuf_free(msg);
3376
3377 wpas_dpp_pkex_finish(wpa_s, src, freq);
3378 wpa_s->dpp_pkex_wait_auth_req = true;
3379 }
3380
3381
3382 static void
wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3383 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
3384 const u8 *hdr, const u8 *buf, size_t len,
3385 unsigned int freq)
3386 {
3387 int res;
3388 struct dpp_bootstrap_info *bi;
3389 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3390 char cmd[500];
3391
3392 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
3393 MAC2STR(src));
3394
3395 if (!pkex || !pkex->initiator || !pkex->exchange_done) {
3396 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
3397 return;
3398 }
3399
3400 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
3401 if (res < 0) {
3402 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
3403 return;
3404 }
3405
3406 bi = wpas_dpp_pkex_finish(wpa_s, src, freq);
3407 if (!bi)
3408 return;
3409
3410 #ifdef CONFIG_DPP3
3411 if (wpa_s->dpp_pb_bi && wpa_s->dpp_pb_configurator &&
3412 os_memcmp(bi->pubkey_hash_chirp, wpa_s->dpp_pb_resp_hash,
3413 SHA256_MAC_LEN) != 0) {
3414 char id[20];
3415
3416 wpa_printf(MSG_INFO,
3417 "DPP: Peer bootstrap key from PKEX does not match PB announcement hash");
3418 wpa_hexdump(MSG_DEBUG,
3419 "DPP: Peer provided bootstrap key hash(chirp) from PB PKEX",
3420 bi->pubkey_hash_chirp, SHA256_MAC_LEN);
3421 wpa_hexdump(MSG_DEBUG,
3422 "DPP: Peer provided bootstrap key hash(chirp) from PB announcement",
3423 wpa_s->dpp_pb_resp_hash, SHA256_MAC_LEN);
3424
3425 os_snprintf(id, sizeof(id), "%u", bi->id);
3426 dpp_bootstrap_remove(wpa_s->dpp, id);
3427 wpas_dpp_push_button_stop(wpa_s);
3428 return;
3429 }
3430 #endif /* CONFIG_DPP3 */
3431
3432 os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
3433 bi->id,
3434 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
3435 wpa_printf(MSG_DEBUG,
3436 "DPP: Start authentication after PKEX with parameters: %s",
3437 cmd);
3438 if (wpas_dpp_auth_init(wpa_s, cmd) < 0) {
3439 wpa_printf(MSG_DEBUG,
3440 "DPP: Authentication initialization failed");
3441 offchannel_send_action_done(wpa_s);
3442 return;
3443 }
3444 }
3445
3446
3447 #ifdef CONFIG_DPP3
3448
wpas_dpp_pb_pkex_init(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * src,const u8 * r_hash)3449 static void wpas_dpp_pb_pkex_init(struct wpa_supplicant *wpa_s,
3450 unsigned int freq, const u8 *src,
3451 const u8 *r_hash)
3452 {
3453 struct dpp_pkex *pkex;
3454 struct wpabuf *msg;
3455 unsigned int wait_time;
3456 size_t len;
3457
3458 if (wpa_s->dpp_pkex) {
3459 wpa_printf(MSG_DEBUG,
3460 "DPP: Sending previously generated PKEX Exchange Request to "
3461 MACSTR, MAC2STR(src));
3462 msg = wpa_s->dpp_pkex->exchange_req;
3463 wait_time = wpa_s->max_remain_on_chan;
3464 if (wait_time > 2000)
3465 wait_time = 2000;
3466 offchannel_send_action(wpa_s, freq, src,
3467 wpa_s->own_addr, broadcast,
3468 wpabuf_head(msg), wpabuf_len(msg),
3469 wait_time, wpas_dpp_tx_pkex_status, 0);
3470 return;
3471 }
3472
3473 wpa_printf(MSG_DEBUG, "DPP: Initiate PKEX for push button with "
3474 MACSTR, MAC2STR(src));
3475
3476 if (!wpa_s->dpp_pb_cmd) {
3477 wpa_printf(MSG_INFO,
3478 "DPP: No configuration to provision as push button Configurator");
3479 wpas_dpp_push_button_stop(wpa_s);
3480 return;
3481 }
3482
3483 wpa_s->dpp_pkex_bi = wpa_s->dpp_pb_bi;
3484 os_memcpy(wpa_s->dpp_pb_resp_hash, r_hash, SHA256_MAC_LEN);
3485
3486 pkex = dpp_pkex_init(wpa_s, wpa_s->dpp_pkex_bi, wpa_s->own_addr,
3487 "PBPKEX", (const char *) wpa_s->dpp_pb_c_nonce,
3488 wpa_s->dpp_pb_bi->curve->nonce_len,
3489 true);
3490 if (!pkex) {
3491 wpas_dpp_push_button_stop(wpa_s);
3492 return;
3493 }
3494 pkex->freq = freq;
3495
3496 wpa_s->dpp_pkex = pkex;
3497 msg = wpa_s->dpp_pkex->exchange_req;
3498 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
3499 " freq=%u type=%d", MAC2STR(src), freq,
3500 DPP_PA_PKEX_EXCHANGE_REQ);
3501 wait_time = wpa_s->max_remain_on_chan;
3502 if (wait_time > 2000)
3503 wait_time = 2000;
3504 offchannel_send_action(wpa_s, pkex->freq, src,
3505 wpa_s->own_addr, broadcast,
3506 wpabuf_head(msg), wpabuf_len(msg),
3507 wait_time, wpas_dpp_tx_pkex_status, 0);
3508 pkex->exch_req_wait_time = 2000;
3509 pkex->exch_req_tries = 1;
3510
3511 /* Use the externally provided configuration */
3512 os_free(wpa_s->dpp_pkex_auth_cmd);
3513 len = 30 + os_strlen(wpa_s->dpp_pb_cmd);
3514 wpa_s->dpp_pkex_auth_cmd = os_malloc(len);
3515 if (wpa_s->dpp_pkex_auth_cmd)
3516 os_snprintf(wpa_s->dpp_pkex_auth_cmd, len, " own=%d %s",
3517 wpa_s->dpp_pkex_bi->id, wpa_s->dpp_pb_cmd);
3518 else
3519 wpas_dpp_push_button_stop(wpa_s);
3520 }
3521
3522
3523 static void
wpas_dpp_rx_pb_presence_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3524 wpas_dpp_rx_pb_presence_announcement(struct wpa_supplicant *wpa_s,
3525 const u8 *src, const u8 *hdr,
3526 const u8 *buf, size_t len,
3527 unsigned int freq)
3528 {
3529 const u8 *r_hash;
3530 u16 r_hash_len;
3531 unsigned int i;
3532 bool found = false;
3533 struct dpp_pb_info *info, *tmp;
3534 struct os_reltime now, age;
3535 struct wpabuf *msg;
3536
3537 os_get_reltime(&now);
3538 wpa_printf(MSG_DEBUG, "DPP: Push Button Presence Announcement from "
3539 MACSTR, MAC2STR(src));
3540
3541 r_hash = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
3542 &r_hash_len);
3543 if (!r_hash || r_hash_len != SHA256_MAC_LEN) {
3544 wpa_printf(MSG_DEBUG,
3545 "DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute");
3546 return;
3547 }
3548 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
3549 r_hash, r_hash_len);
3550
3551 for (i = 0; i < DPP_PB_INFO_COUNT; i++) {
3552 info = &wpa_s->dpp_pb[i];
3553 if ((info->rx_time.sec == 0 && info->rx_time.usec == 0) ||
3554 os_memcmp(r_hash, info->hash, SHA256_MAC_LEN) != 0)
3555 continue;
3556 wpa_printf(MSG_DEBUG,
3557 "DPP: Active push button Enrollee already known");
3558 found = true;
3559 info->rx_time = now;
3560 }
3561
3562 if (!found) {
3563 for (i = 0; i < DPP_PB_INFO_COUNT; i++) {
3564 tmp = &wpa_s->dpp_pb[i];
3565 if (tmp->rx_time.sec == 0 && tmp->rx_time.usec == 0)
3566 continue;
3567
3568 if (os_reltime_expired(&now, &tmp->rx_time, 120)) {
3569 wpa_hexdump(MSG_DEBUG,
3570 "DPP: Push button Enrollee hash expired",
3571 tmp->hash, SHA256_MAC_LEN);
3572 tmp->rx_time.sec = 0;
3573 tmp->rx_time.usec = 0;
3574 continue;
3575 }
3576
3577 wpa_hexdump(MSG_DEBUG,
3578 "DPP: Push button session overlap with hash",
3579 tmp->hash, SHA256_MAC_LEN);
3580 if (!wpa_s->dpp_pb_result_indicated &&
3581 wpas_dpp_pb_active(wpa_s)) {
3582 wpa_msg(wpa_s, MSG_INFO,
3583 DPP_EVENT_PB_RESULT "session-overlap");
3584 wpa_s->dpp_pb_result_indicated = true;
3585 }
3586 wpas_dpp_push_button_stop(wpa_s);
3587 return;
3588 }
3589
3590 /* Replace the oldest entry */
3591 info = &wpa_s->dpp_pb[0];
3592 for (i = 1; i < DPP_PB_INFO_COUNT; i++) {
3593 tmp = &wpa_s->dpp_pb[i];
3594 if (os_reltime_before(&tmp->rx_time, &info->rx_time))
3595 info = tmp;
3596 }
3597 wpa_printf(MSG_DEBUG, "DPP: New active push button Enrollee");
3598 os_memcpy(info->hash, r_hash, SHA256_MAC_LEN);
3599 info->rx_time = now;
3600 }
3601
3602 if (!wpas_dpp_pb_active(wpa_s)) {
3603 wpa_printf(MSG_DEBUG,
3604 "DPP: Discard message since own push button has not been pressed");
3605 return;
3606 }
3607
3608 if (wpa_s->dpp_pb_announce_time.sec == 0 &&
3609 wpa_s->dpp_pb_announce_time.usec == 0) {
3610 /* Start a wait before allowing PKEX to be initiated */
3611 wpa_s->dpp_pb_announce_time = now;
3612 }
3613
3614 if (!wpa_s->dpp_pb_bi) {
3615 int res;
3616
3617 res = dpp_bootstrap_gen(wpa_s->dpp, "type=pkex");
3618 if (res < 0)
3619 return;
3620 wpa_s->dpp_pb_bi = dpp_bootstrap_get_id(wpa_s->dpp, res);
3621 if (!wpa_s->dpp_pb_bi)
3622 return;
3623
3624 if (random_get_bytes(wpa_s->dpp_pb_c_nonce,
3625 wpa_s->dpp_pb_bi->curve->nonce_len)) {
3626 wpa_printf(MSG_ERROR,
3627 "DPP: Failed to generate C-nonce");
3628 wpas_dpp_push_button_stop(wpa_s);
3629 return;
3630 }
3631 }
3632
3633 /* Skip the response if one was sent within last 50 ms since the
3634 * Enrollee is going to send out at least three announcement messages.
3635 */
3636 os_reltime_sub(&now, &wpa_s->dpp_pb_last_resp, &age);
3637 if (age.sec == 0 && age.usec < 50000) {
3638 wpa_printf(MSG_DEBUG,
3639 "DPP: Skip Push Button Presence Announcement Response frame immediately after having sent one");
3640 return;
3641 }
3642
3643 msg = dpp_build_pb_announcement_resp(
3644 wpa_s->dpp_pb_bi, r_hash, wpa_s->dpp_pb_c_nonce,
3645 wpa_s->dpp_pb_bi->curve->nonce_len);
3646 if (!msg) {
3647 wpas_dpp_push_button_stop(wpa_s);
3648 return;
3649 }
3650
3651 wpa_printf(MSG_DEBUG,
3652 "DPP: Send Push Button Presence Announcement Response to "
3653 MACSTR, MAC2STR(src));
3654 wpa_s->dpp_pb_last_resp = now;
3655
3656 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3657 MAC2STR(src), freq, DPP_PA_PB_PRESENCE_ANNOUNCEMENT_RESP);
3658 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
3659 wpabuf_head(msg), wpabuf_len(msg),
3660 0, NULL, 0);
3661 wpabuf_free(msg);
3662
3663 if (os_reltime_expired(&now, &wpa_s->dpp_pb_announce_time, 15))
3664 wpas_dpp_pb_pkex_init(wpa_s, freq, src, r_hash);
3665 }
3666
3667
3668 static void
wpas_dpp_rx_pb_presence_announcement_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3669 wpas_dpp_rx_pb_presence_announcement_resp(struct wpa_supplicant *wpa_s,
3670 const u8 *src, const u8 *hdr,
3671 const u8 *buf, size_t len,
3672 unsigned int freq)
3673 {
3674 const u8 *i_hash, *r_hash, *c_nonce;
3675 u16 i_hash_len, r_hash_len, c_nonce_len;
3676 bool overlap = false;
3677
3678 if (!wpa_s->dpp_pb_announcement || !wpa_s->dpp_pb_bi ||
3679 wpa_s->dpp_pb_configurator) {
3680 wpa_printf(MSG_INFO,
3681 "DPP: Not in active push button Enrollee mode - discard Push Button Presence Announcement Response from "
3682 MACSTR, MAC2STR(src));
3683 return;
3684 }
3685
3686 wpa_printf(MSG_DEBUG,
3687 "DPP: Push Button Presence Announcement Response from "
3688 MACSTR, MAC2STR(src));
3689
3690 i_hash = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
3691 &i_hash_len);
3692 r_hash = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
3693 &r_hash_len);
3694 c_nonce = dpp_get_attr(buf, len, DPP_ATTR_CONFIGURATOR_NONCE,
3695 &c_nonce_len);
3696 if (!i_hash || i_hash_len != SHA256_MAC_LEN ||
3697 !r_hash || r_hash_len != SHA256_MAC_LEN ||
3698 !c_nonce || c_nonce_len > DPP_MAX_NONCE_LEN) {
3699 wpa_printf(MSG_DEBUG,
3700 "DPP: Missing or invalid required attribute");
3701 return;
3702 }
3703 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
3704 i_hash, i_hash_len);
3705 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
3706 r_hash, r_hash_len);
3707 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator Nonce",
3708 c_nonce, c_nonce_len);
3709
3710 #ifdef CONFIG_TESTING_OPTIONS
3711 if (dpp_test == DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_PB_REQ &&
3712 os_memcmp(r_hash, wpa_s->dpp_pb_bi->pubkey_hash_chirp,
3713 SHA256_MAC_LEN - 1) == 0)
3714 goto skip_hash_check;
3715 #endif /* CONFIG_TESTING_OPTIONS */
3716 if (os_memcmp(r_hash, wpa_s->dpp_pb_bi->pubkey_hash_chirp,
3717 SHA256_MAC_LEN) != 0) {
3718 wpa_printf(MSG_INFO,
3719 "DPP: Unexpected push button Responder hash - abort");
3720 overlap = true;
3721 }
3722 #ifdef CONFIG_TESTING_OPTIONS
3723 skip_hash_check:
3724 #endif /* CONFIG_TESTING_OPTIONS */
3725
3726 if (wpa_s->dpp_pb_resp_freq &&
3727 os_memcmp(i_hash, wpa_s->dpp_pb_init_hash, SHA256_MAC_LEN) != 0) {
3728 wpa_printf(MSG_INFO,
3729 "DPP: Push button session overlap detected - abort");
3730 overlap = true;
3731 }
3732
3733 if (overlap) {
3734 if (!wpa_s->dpp_pb_result_indicated) {
3735 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
3736 "session-overlap");
3737 wpa_s->dpp_pb_result_indicated = true;
3738 }
3739 wpas_dpp_push_button_stop(wpa_s);
3740 return;
3741 }
3742
3743 if (!wpa_s->dpp_pb_resp_freq) {
3744 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS
3745 "discovered push button AP/Configurator " MACSTR,
3746 MAC2STR(src));
3747 wpa_s->dpp_pb_resp_freq = freq;
3748 os_memcpy(wpa_s->dpp_pb_init_hash, i_hash, SHA256_MAC_LEN);
3749 os_memcpy(wpa_s->dpp_pb_c_nonce, c_nonce, c_nonce_len);
3750 wpa_s->dpp_pb_c_nonce_len = c_nonce_len;
3751 /* Stop announcement iterations after at least one more full
3752 * round and one extra round for postponed session overlap
3753 * detection. */
3754 wpa_s->dpp_pb_stop_iter = 3;
3755 }
3756 }
3757
3758
3759 static void
wpas_dpp_tx_priv_intro_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)3760 wpas_dpp_tx_priv_intro_status(struct wpa_supplicant *wpa_s,
3761 unsigned int freq, const u8 *dst,
3762 const u8 *src, const u8 *bssid,
3763 const u8 *data, size_t data_len,
3764 enum offchannel_send_action_result result)
3765 {
3766 const char *res_txt;
3767
3768 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
3769 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
3770 "FAILED");
3771 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
3772 " result=%s (DPP Private Peer Introduction Update)",
3773 freq, MAC2STR(dst), res_txt);
3774 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
3775 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
3776
3777 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR " version=%u",
3778 MAC2STR(src), wpa_s->dpp_intro_peer_version);
3779
3780 wpa_printf(MSG_DEBUG,
3781 "DPP: Try connection again after successful network introduction");
3782 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
3783 wpa_supplicant_cancel_sched_scan(wpa_s);
3784 wpa_supplicant_req_scan(wpa_s, 0, 0);
3785 }
3786 }
3787
3788
3789 static int
wpas_dpp_send_private_peer_intro_update(struct wpa_supplicant * wpa_s,struct dpp_introduction * intro,struct wpa_ssid * ssid,const u8 * dst,unsigned int freq)3790 wpas_dpp_send_private_peer_intro_update(struct wpa_supplicant *wpa_s,
3791 struct dpp_introduction *intro,
3792 struct wpa_ssid *ssid,
3793 const u8 *dst, unsigned int freq)
3794 {
3795 struct wpabuf *pt, *msg, *enc_ct;
3796 size_t len;
3797 u8 ver = DPP_VERSION;
3798 int conn_ver;
3799 const u8 *aad;
3800 size_t aad_len;
3801 unsigned int wait_time;
3802
3803 wpa_printf(MSG_DEBUG, "HPKE(kem_id=%u kdf_id=%u aead_id=%u)",
3804 intro->kem_id, intro->kdf_id, intro->aead_id);
3805
3806 /* Plaintext for HPKE */
3807 len = 5 + 4 + os_strlen(ssid->dpp_connector);
3808 pt = wpabuf_alloc(len);
3809 if (!pt)
3810 return -1;
3811
3812 /* Protocol Version */
3813 conn_ver = dpp_get_connector_version(ssid->dpp_connector);
3814 if (conn_ver > 0 && ver != conn_ver) {
3815 wpa_printf(MSG_DEBUG,
3816 "DPP: Use Connector version %d instead of current protocol version %d",
3817 conn_ver, ver);
3818 ver = conn_ver;
3819 }
3820 wpabuf_put_le16(pt, DPP_ATTR_PROTOCOL_VERSION);
3821 wpabuf_put_le16(pt, 1);
3822 wpabuf_put_u8(pt, ver);
3823
3824 /* Connector */
3825 wpabuf_put_le16(pt, DPP_ATTR_CONNECTOR);
3826 wpabuf_put_le16(pt, os_strlen(ssid->dpp_connector));
3827 wpabuf_put_str(pt, ssid->dpp_connector);
3828 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Plaintext for HPKE", pt);
3829
3830 /* HPKE(pt) using AP's public key (from its Connector) */
3831 msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_UPDATE, 0);
3832 if (!msg) {
3833 wpabuf_free(pt);
3834 return -1;
3835 }
3836 aad = wpabuf_head_u8(msg) + 2; /* from the OUI field (inclusive) */
3837 aad_len = DPP_HDR_LEN; /* to the DPP Frame Type field (inclusive) */
3838 wpa_hexdump(MSG_MSGDUMP, "DPP: AAD for HPKE", aad, aad_len);
3839
3840 enc_ct = hpke_base_seal(intro->kem_id, intro->kdf_id, intro->aead_id,
3841 intro->peer_key, NULL, 0, aad, aad_len,
3842 wpabuf_head(pt), wpabuf_len(pt));
3843 wpabuf_free(pt);
3844 wpabuf_free(msg);
3845 if (!enc_ct) {
3846 wpa_printf(MSG_INFO, "DPP: HPKE Seal(Connector) failed");
3847 return -1;
3848 }
3849 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: HPKE enc|ct", enc_ct);
3850
3851 /* HPKE(pt) to generate payload for Wrapped Data */
3852 len = 5 + 4 + wpabuf_len(enc_ct);
3853 msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_UPDATE, len);
3854 if (!msg) {
3855 wpabuf_free(enc_ct);
3856 return -1;
3857 }
3858
3859 /* Transaction ID */
3860 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
3861 wpabuf_put_le16(msg, 1);
3862 wpabuf_put_u8(msg, TRANSACTION_ID);
3863
3864 /* Wrapped Data */
3865 wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
3866 wpabuf_put_le16(msg, wpabuf_len(enc_ct));
3867 wpabuf_put_buf(msg, enc_ct);
3868 wpabuf_free(enc_ct);
3869
3870 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Private Peer Intro Update", msg);
3871
3872 /* TODO: Timeout on AP response */
3873 wait_time = wpa_s->max_remain_on_chan;
3874 if (wait_time > 2000)
3875 wait_time = 2000;
3876 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3877 MAC2STR(dst), freq, DPP_PA_PRIV_PEER_INTRO_QUERY);
3878 offchannel_send_action(wpa_s, freq, dst, wpa_s->own_addr, broadcast,
3879 wpabuf_head(msg), wpabuf_len(msg),
3880 wait_time, wpas_dpp_tx_priv_intro_status, 0);
3881 wpabuf_free(msg);
3882
3883 return 0;
3884 }
3885
3886
3887 static void
wpas_dpp_rx_priv_peer_intro_notify(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3888 wpas_dpp_rx_priv_peer_intro_notify(struct wpa_supplicant *wpa_s,
3889 const u8 *src, const u8 *hdr,
3890 const u8 *buf, size_t len,
3891 unsigned int freq)
3892 {
3893 struct wpa_ssid *ssid;
3894 const u8 *connector, *trans_id, *version;
3895 u16 connector_len, trans_id_len, version_len;
3896 u8 peer_version = 1;
3897 struct dpp_introduction intro;
3898 struct rsn_pmksa_cache_entry *entry;
3899 struct os_time now;
3900 struct os_reltime rnow;
3901 os_time_t expiry;
3902 unsigned int seconds;
3903 enum dpp_status_error res;
3904
3905 os_memset(&intro, 0, sizeof(intro));
3906
3907 wpa_printf(MSG_DEBUG, "DPP: Private Peer Introduction Notify from "
3908 MACSTR, MAC2STR(src));
3909 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
3910 !ether_addr_equal(src, wpa_s->dpp_intro_bssid)) {
3911 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
3912 MACSTR " - drop", MAC2STR(src));
3913 return;
3914 }
3915 offchannel_send_action_done(wpa_s);
3916
3917 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
3918 if (ssid == wpa_s->dpp_intro_network)
3919 break;
3920 }
3921 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
3922 !ssid->dpp_csign) {
3923 wpa_printf(MSG_DEBUG,
3924 "DPP: Profile not found for network introduction");
3925 return;
3926 }
3927
3928 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
3929 &trans_id_len);
3930 if (!trans_id || trans_id_len != 1) {
3931 wpa_printf(MSG_DEBUG,
3932 "DPP: Peer did not include Transaction ID");
3933 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
3934 " fail=missing_transaction_id", MAC2STR(src));
3935 goto fail;
3936 }
3937 if (trans_id[0] != TRANSACTION_ID) {
3938 wpa_printf(MSG_DEBUG,
3939 "DPP: Ignore frame with unexpected Transaction ID %u",
3940 trans_id[0]);
3941 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
3942 " fail=transaction_id_mismatch", MAC2STR(src));
3943 goto fail;
3944 }
3945
3946 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
3947 if (!connector) {
3948 wpa_printf(MSG_DEBUG,
3949 "DPP: Peer did not include its Connector");
3950 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
3951 " fail=missing_connector", MAC2STR(src));
3952 goto fail;
3953 }
3954
3955 version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
3956 &version_len);
3957 if (!version || version_len < 1) {
3958 wpa_printf(MSG_DEBUG,
3959 "DPP: Peer did not include valid Version");
3960 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
3961 " fail=missing_version", MAC2STR(src));
3962 goto fail;
3963 }
3964
3965 res = dpp_peer_intro(&intro, ssid->dpp_connector,
3966 ssid->dpp_netaccesskey,
3967 ssid->dpp_netaccesskey_len,
3968 ssid->dpp_csign,
3969 ssid->dpp_csign_len,
3970 connector, connector_len, &expiry, NULL);
3971 if (res != DPP_STATUS_OK) {
3972 wpa_printf(MSG_INFO,
3973 "DPP: Network Introduction protocol resulted in failure");
3974 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
3975 " fail=peer_connector_validation_failed", MAC2STR(src));
3976 wpas_dpp_send_conn_status_result(wpa_s, res);
3977 goto fail;
3978 }
3979
3980 peer_version = version[0];
3981 if (intro.peer_version && intro.peer_version >= 2 &&
3982 peer_version != intro.peer_version) {
3983 wpa_printf(MSG_INFO,
3984 "DPP: Protocol version mismatch (Connector: %d Attribute: %d",
3985 intro.peer_version, peer_version);
3986 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
3987 goto fail;
3988 }
3989 wpa_s->dpp_intro_peer_version = peer_version;
3990
3991 entry = os_zalloc(sizeof(*entry));
3992 if (!entry)
3993 goto fail;
3994 entry->dpp_pfs = peer_version >= 2;
3995 os_memcpy(entry->aa, src, ETH_ALEN);
3996 os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN);
3997 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
3998 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
3999 entry->pmk_len = intro.pmk_len;
4000 entry->akmp = WPA_KEY_MGMT_DPP;
4001 if (expiry) {
4002 os_get_time(&now);
4003 seconds = expiry - now.sec;
4004 } else {
4005 seconds = 86400 * 7;
4006 }
4007
4008 if (wpas_dpp_send_private_peer_intro_update(wpa_s, &intro, ssid, src,
4009 freq) < 0) {
4010 os_free(entry);
4011 goto fail;
4012 }
4013
4014 os_get_reltime(&rnow);
4015 entry->expiration = rnow.sec + seconds;
4016 entry->reauth_time = rnow.sec + seconds;
4017 entry->network_ctx = ssid;
4018 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
4019
4020 /* Association will be initiated from TX status handler for the Private
4021 * Peer Intro Update: wpas_dpp_tx_priv_intro_status() */
4022
4023 fail:
4024 dpp_peer_intro_deinit(&intro);
4025 }
4026
4027 #endif /* CONFIG_DPP3 */
4028
4029
wpas_dpp_rx_action(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq)4030 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
4031 const u8 *buf, size_t len, unsigned int freq)
4032 {
4033 u8 crypto_suite;
4034 enum dpp_public_action_frame_type type;
4035 const u8 *hdr;
4036 unsigned int pkex_t;
4037
4038 if (len < DPP_HDR_LEN)
4039 return;
4040 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
4041 return;
4042 hdr = buf;
4043 buf += 4;
4044 len -= 4;
4045 crypto_suite = *buf++;
4046 type = *buf++;
4047 len -= 2;
4048
4049 wpa_printf(MSG_DEBUG,
4050 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
4051 MACSTR " freq=%u",
4052 crypto_suite, type, MAC2STR(src), freq);
4053 #ifdef CONFIG_TESTING_OPTIONS
4054 if (wpa_s->dpp_discard_public_action &&
4055 type != DPP_PA_PEER_DISCOVERY_RESP &&
4056 type != DPP_PA_PRIV_PEER_INTRO_NOTIFY) {
4057 wpa_printf(MSG_DEBUG,
4058 "TESTING: Discard received DPP Public Action frame");
4059 return;
4060 }
4061 #endif /* CONFIG_TESTING_OPTIONS */
4062 if (crypto_suite != 1) {
4063 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
4064 crypto_suite);
4065 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
4066 " freq=%u type=%d ignore=unsupported-crypto-suite",
4067 MAC2STR(src), freq, type);
4068 return;
4069 }
4070 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
4071 if (dpp_check_attrs(buf, len) < 0) {
4072 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
4073 " freq=%u type=%d ignore=invalid-attributes",
4074 MAC2STR(src), freq, type);
4075 return;
4076 }
4077 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d",
4078 MAC2STR(src), freq, type);
4079
4080 switch (type) {
4081 case DPP_PA_AUTHENTICATION_REQ:
4082 wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
4083 break;
4084 case DPP_PA_AUTHENTICATION_RESP:
4085 wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq);
4086 break;
4087 case DPP_PA_AUTHENTICATION_CONF:
4088 wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
4089 break;
4090 case DPP_PA_PEER_DISCOVERY_RESP:
4091 wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
4092 break;
4093 #ifdef CONFIG_DPP3
4094 case DPP_PA_PKEX_EXCHANGE_REQ:
4095 /* This is for PKEXv2, but for now, process only with
4096 * CONFIG_DPP3 to avoid issues with a capability that has not
4097 * been tested with other implementations. */
4098 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq, true);
4099 break;
4100 #endif /* CONFIG_DPP3 */
4101 case DPP_PA_PKEX_V1_EXCHANGE_REQ:
4102 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq,
4103 false);
4104 break;
4105 case DPP_PA_PKEX_EXCHANGE_RESP:
4106 wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
4107 break;
4108 case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
4109 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
4110 freq);
4111 break;
4112 case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
4113 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
4114 freq);
4115 break;
4116 #ifdef CONFIG_DPP2
4117 case DPP_PA_CONFIGURATION_RESULT:
4118 wpas_dpp_rx_conf_result(wpa_s, src, hdr, buf, len);
4119 break;
4120 case DPP_PA_CONNECTION_STATUS_RESULT:
4121 wpas_dpp_rx_conn_status_result(wpa_s, src, hdr, buf, len);
4122 break;
4123 case DPP_PA_PRESENCE_ANNOUNCEMENT:
4124 wpas_dpp_rx_presence_announcement(wpa_s, src, hdr, buf, len,
4125 freq);
4126 break;
4127 case DPP_PA_RECONFIG_ANNOUNCEMENT:
4128 wpas_dpp_rx_reconfig_announcement(wpa_s, src, hdr, buf, len,
4129 freq);
4130 break;
4131 case DPP_PA_RECONFIG_AUTH_REQ:
4132 wpas_dpp_rx_reconfig_auth_req(wpa_s, src, hdr, buf, len, freq);
4133 break;
4134 case DPP_PA_RECONFIG_AUTH_RESP:
4135 wpas_dpp_rx_reconfig_auth_resp(wpa_s, src, hdr, buf, len, freq);
4136 break;
4137 case DPP_PA_RECONFIG_AUTH_CONF:
4138 wpas_dpp_rx_reconfig_auth_conf(wpa_s, src, hdr, buf, len, freq);
4139 break;
4140 #endif /* CONFIG_DPP2 */
4141 #ifdef CONFIG_DPP3
4142 case DPP_PA_PB_PRESENCE_ANNOUNCEMENT:
4143 wpas_dpp_rx_pb_presence_announcement(wpa_s, src, hdr,
4144 buf, len, freq);
4145 break;
4146 case DPP_PA_PB_PRESENCE_ANNOUNCEMENT_RESP:
4147 wpas_dpp_rx_pb_presence_announcement_resp(wpa_s, src, hdr,
4148 buf, len, freq);
4149 break;
4150 case DPP_PA_PRIV_PEER_INTRO_NOTIFY:
4151 wpas_dpp_rx_priv_peer_intro_notify(wpa_s, src, hdr,
4152 buf, len, freq);
4153 break;
4154 #endif /* CONFIG_DPP3 */
4155 default:
4156 wpa_printf(MSG_DEBUG,
4157 "DPP: Ignored unsupported frame subtype %d", type);
4158 break;
4159 }
4160
4161 if (wpa_s->dpp_pkex)
4162 pkex_t = wpa_s->dpp_pkex->t;
4163 else if (wpa_s->dpp_pkex_bi)
4164 pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
4165 else
4166 pkex_t = 0;
4167 if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
4168 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
4169 wpas_dpp_pkex_remove(wpa_s, "*");
4170 }
4171 }
4172
4173
wpas_dpp_gas_initial_resp_timeout(void * eloop_ctx,void * timeout_ctx)4174 static void wpas_dpp_gas_initial_resp_timeout(void *eloop_ctx,
4175 void *timeout_ctx)
4176 {
4177 struct wpa_supplicant *wpa_s = eloop_ctx;
4178 struct dpp_authentication *auth = wpa_s->dpp_auth;
4179
4180 if (!auth || !auth->waiting_config || !auth->config_resp_ctx)
4181 return;
4182
4183 wpa_printf(MSG_DEBUG,
4184 "DPP: No configuration available from upper layers - send initial response with comeback delay");
4185 gas_server_set_comeback_delay(wpa_s->gas_server, auth->config_resp_ctx,
4186 500);
4187 }
4188
4189
4190 static struct wpabuf *
wpas_dpp_gas_req_handler(void * ctx,void * resp_ctx,const u8 * sa,const u8 * query,size_t query_len,int * comeback_delay)4191 wpas_dpp_gas_req_handler(void *ctx, void *resp_ctx, const u8 *sa,
4192 const u8 *query, size_t query_len, int *comeback_delay)
4193 {
4194 struct wpa_supplicant *wpa_s = ctx;
4195 struct dpp_authentication *auth = wpa_s->dpp_auth;
4196 struct wpabuf *resp;
4197
4198 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
4199 MAC2STR(sa));
4200 if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
4201 !ether_addr_equal(sa, auth->peer_mac_addr)) {
4202 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
4203 return NULL;
4204 }
4205
4206 if (wpa_s->dpp_auth_ok_on_ack && auth->configurator) {
4207 wpa_printf(MSG_DEBUG,
4208 "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request");
4209 /* wpas_dpp_auth_success() would normally have been called from
4210 * TX status handler, but since there was no such handler call
4211 * yet, simply send out the event message and proceed with
4212 * exchange. */
4213 dpp_notify_auth_success(auth, 1);
4214 wpa_s->dpp_auth_ok_on_ack = 0;
4215 #ifdef CONFIG_TESTING_OPTIONS
4216 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
4217 wpa_printf(MSG_INFO,
4218 "DPP: TESTING - stop at Authentication Confirm");
4219 return NULL;
4220 }
4221 #endif /* CONFIG_TESTING_OPTIONS */
4222 }
4223
4224 wpa_hexdump(MSG_DEBUG,
4225 "DPP: Received Configuration Request (GAS Query Request)",
4226 query, query_len);
4227 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR,
4228 MAC2STR(sa));
4229 resp = dpp_conf_req_rx(auth, query, query_len);
4230
4231 auth->gas_server_ctx = resp_ctx;
4232
4233 #ifdef CONFIG_DPP2
4234 if (!resp && auth->waiting_cert) {
4235 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready");
4236 auth->config_resp_ctx = resp_ctx;
4237 *comeback_delay = 500;
4238 return NULL;
4239 }
4240 #endif /* CONFIG_DPP2 */
4241
4242 if (!resp && auth->waiting_config &&
4243 (auth->peer_bi || auth->tmp_peer_bi)) {
4244 char *buf = NULL, *name = "";
4245 char band[200], *pos, *end;
4246 int i, res, *opclass = auth->e_band_support;
4247 char *mud_url = "N/A";
4248
4249 wpa_printf(MSG_DEBUG, "DPP: Configuration not yet ready");
4250 auth->config_resp_ctx = resp_ctx;
4251 *comeback_delay = -1;
4252 if (auth->e_name) {
4253 size_t len = os_strlen(auth->e_name);
4254
4255 buf = os_malloc(len * 4 + 1);
4256 if (buf) {
4257 printf_encode(buf, len * 4 + 1,
4258 (const u8 *) auth->e_name, len);
4259 name = buf;
4260 }
4261 }
4262 band[0] = '\0';
4263 pos = band;
4264 end = band + sizeof(band);
4265 for (i = 0; opclass && opclass[i]; i++) {
4266 res = os_snprintf(pos, end - pos, "%s%d",
4267 pos == band ? "" : ",", opclass[i]);
4268 if (os_snprintf_error(end - pos, res)) {
4269 *pos = '\0';
4270 break;
4271 }
4272 pos += res;
4273 }
4274 if (auth->e_mud_url) {
4275 size_t len = os_strlen(auth->e_mud_url);
4276
4277 if (!has_ctrl_char((const u8 *) auth->e_mud_url, len))
4278 mud_url = auth->e_mud_url;
4279 }
4280 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_NEEDED "peer=%d src="
4281 MACSTR " net_role=%s name=\"%s\" opclass=%s mud_url=%s",
4282 auth->peer_bi ? auth->peer_bi->id :
4283 auth->tmp_peer_bi->id, MAC2STR(sa),
4284 dpp_netrole_str(auth->e_netrole), name, band, mud_url);
4285 os_free(buf);
4286
4287 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s,
4288 NULL);
4289 eloop_register_timeout(0, 50000,
4290 wpas_dpp_gas_initial_resp_timeout, wpa_s,
4291 NULL);
4292 return NULL;
4293 }
4294
4295 auth->conf_resp = resp;
4296 if (!resp) {
4297 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
4298 dpp_auth_deinit(wpa_s->dpp_auth);
4299 wpa_s->dpp_auth = NULL;
4300 }
4301 return resp;
4302 }
4303
4304
4305 static void
wpas_dpp_gas_status_handler(void * ctx,struct wpabuf * resp,int ok)4306 wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
4307 {
4308 struct wpa_supplicant *wpa_s = ctx;
4309 struct dpp_authentication *auth = wpa_s->dpp_auth;
4310
4311 if (!auth) {
4312 wpabuf_free(resp);
4313 return;
4314 }
4315 if (auth->conf_resp != resp) {
4316 wpa_printf(MSG_DEBUG,
4317 "DPP: Ignore GAS status report (ok=%d) for unknown response",
4318 ok);
4319 wpabuf_free(resp);
4320 return;
4321 }
4322
4323 #ifdef CONFIG_DPP2
4324 if (auth->waiting_csr && ok) {
4325 wpa_printf(MSG_DEBUG, "DPP: Waiting for CSR");
4326 wpabuf_free(resp);
4327 return;
4328 }
4329 #endif /* CONFIG_DPP2 */
4330
4331 #ifdef CONFIG_DPP3
4332 if (auth->waiting_new_key && ok) {
4333 wpa_printf(MSG_DEBUG, "DPP: Waiting for a new key");
4334 wpabuf_free(resp);
4335 return;
4336 }
4337 #endif /* CONFIG_DPP3 */
4338
4339 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
4340 ok);
4341 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
4342 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
4343 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
4344 #ifdef CONFIG_DPP2
4345 if (ok && auth->peer_version >= 2 &&
4346 auth->conf_resp_status == DPP_STATUS_OK &&
4347 !auth->waiting_conf_result) {
4348 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
4349 auth->waiting_conf_result = 1;
4350 auth->conf_resp = NULL;
4351 wpabuf_free(resp);
4352 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
4353 wpa_s, NULL);
4354 eloop_register_timeout(2, 0,
4355 wpas_dpp_config_result_wait_timeout,
4356 wpa_s, NULL);
4357 return;
4358 }
4359 #endif /* CONFIG_DPP2 */
4360 offchannel_send_action_done(wpa_s);
4361 wpas_dpp_listen_stop(wpa_s);
4362 if (ok)
4363 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT "conf_status=%d",
4364 auth->conf_resp_status);
4365 else
4366 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
4367 dpp_auth_deinit(wpa_s->dpp_auth);
4368 wpa_s->dpp_auth = NULL;
4369 wpabuf_free(resp);
4370 #ifdef CONFIG_DPP3
4371 if (!wpa_s->dpp_pb_result_indicated && wpas_dpp_pb_active(wpa_s)) {
4372 if (ok)
4373 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
4374 "success");
4375 else
4376 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
4377 "could-not-connect");
4378 wpa_s->dpp_pb_result_indicated = true;
4379 if (ok)
4380 wpas_dpp_remove_pb_hash(wpa_s);
4381 wpas_dpp_push_button_stop(wpa_s);
4382 }
4383 #endif /* CONFIG_DPP3 */
4384 }
4385
4386
wpas_dpp_configurator_sign(struct wpa_supplicant * wpa_s,const char * cmd)4387 int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
4388 {
4389 struct dpp_authentication *auth;
4390 int ret = -1;
4391 char *curve = NULL;
4392
4393 auth = dpp_alloc_auth(wpa_s->dpp, wpa_s);
4394 if (!auth)
4395 return -1;
4396
4397 curve = get_param(cmd, " curve=");
4398 wpas_dpp_set_testing_options(wpa_s, auth);
4399 if (dpp_set_configurator(auth, cmd) == 0 &&
4400 dpp_configurator_own_config(auth, curve, 0) == 0)
4401 ret = wpas_dpp_handle_config_obj(wpa_s, auth,
4402 &auth->conf_obj[0]);
4403 if (!ret)
4404 wpas_dpp_post_process_config(wpa_s, auth);
4405
4406 dpp_auth_deinit(auth);
4407 os_free(curve);
4408
4409 return ret;
4410 }
4411
4412
4413 static void
wpas_dpp_tx_introduction_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)4414 wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
4415 unsigned int freq, const u8 *dst,
4416 const u8 *src, const u8 *bssid,
4417 const u8 *data, size_t data_len,
4418 enum offchannel_send_action_result result)
4419 {
4420 const char *res_txt;
4421
4422 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
4423 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
4424 "FAILED");
4425 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
4426 " result=%s (DPP Peer Discovery Request)",
4427 freq, MAC2STR(dst), res_txt);
4428 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
4429 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
4430 /* TODO: Time out wait for response more quickly in error cases? */
4431 }
4432
4433
4434 #ifdef CONFIG_DPP3
wpas_dpp_start_private_peer_intro(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss)4435 static int wpas_dpp_start_private_peer_intro(struct wpa_supplicant *wpa_s,
4436 struct wpa_ssid *ssid,
4437 struct wpa_bss *bss)
4438 {
4439 struct wpabuf *msg;
4440 unsigned int wait_time;
4441 size_t len;
4442 u8 ver = DPP_VERSION;
4443 int conn_ver;
4444
4445 len = 5 + 5;
4446 msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_QUERY, len);
4447 if (!msg)
4448 return -1;
4449
4450 /* Transaction ID */
4451 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
4452 wpabuf_put_le16(msg, 1);
4453 wpabuf_put_u8(msg, TRANSACTION_ID);
4454
4455 conn_ver = dpp_get_connector_version(ssid->dpp_connector);
4456 if (conn_ver > 0 && ver != conn_ver) {
4457 wpa_printf(MSG_DEBUG,
4458 "DPP: Use Connector version %d instead of current protocol version %d",
4459 conn_ver, ver);
4460 ver = conn_ver;
4461 }
4462
4463 /* Protocol Version */
4464 wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
4465 wpabuf_put_le16(msg, 1);
4466 wpabuf_put_u8(msg, ver);
4467
4468 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Private Peer Intro Query", msg);
4469
4470 /* TODO: Timeout on AP response */
4471 wait_time = wpa_s->max_remain_on_chan;
4472 if (wait_time > 2000)
4473 wait_time = 2000;
4474 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
4475 MAC2STR(bss->bssid), bss->freq, DPP_PA_PRIV_PEER_INTRO_QUERY);
4476 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
4477 broadcast,
4478 wpabuf_head(msg), wpabuf_len(msg),
4479 wait_time, wpas_dpp_tx_introduction_status, 0);
4480 wpabuf_free(msg);
4481
4482 /* Request this connection attempt to terminate - new one will be
4483 * started when network introduction protocol completes */
4484 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
4485 wpa_s->dpp_intro_network = ssid;
4486 return 1;
4487 }
4488 #endif /* CONFIG_DPP3 */
4489
4490
wpas_dpp_check_connect(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss)4491 int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4492 struct wpa_bss *bss)
4493 {
4494 struct os_time now;
4495 struct wpabuf *msg;
4496 unsigned int wait_time;
4497 const u8 *rsn;
4498 struct wpa_ie_data ied;
4499 size_t len;
4500
4501 if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
4502 return 0; /* Not using DPP AKM - continue */
4503 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
4504 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
4505 !(ied.key_mgmt & WPA_KEY_MGMT_DPP))
4506 return 0; /* AP does not support DPP AKM - continue */
4507 if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, wpa_s->own_addr, ssid))
4508 return 0; /* PMKSA exists for DPP AKM - continue */
4509
4510 if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
4511 !ssid->dpp_csign) {
4512 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
4513 "missing %s",
4514 !ssid->dpp_connector ? "Connector" :
4515 (!ssid->dpp_netaccesskey ? "netAccessKey" :
4516 "C-sign-key"));
4517 return -1;
4518 }
4519
4520 os_get_time(&now);
4521
4522 if (ssid->dpp_netaccesskey_expiry &&
4523 (os_time_t) ssid->dpp_netaccesskey_expiry < now.sec) {
4524 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
4525 "netAccessKey expired");
4526 return -1;
4527 }
4528
4529 wpa_printf(MSG_DEBUG,
4530 "DPP: Starting %snetwork introduction protocol to derive PMKSA for "
4531 MACSTR,
4532 ssid->dpp_connector_privacy ? "private " : "",
4533 MAC2STR(bss->bssid));
4534 if (wpa_s->wpa_state == WPA_SCANNING)
4535 wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state);
4536
4537 #ifdef CONFIG_DPP3
4538 if (ssid->dpp_connector_privacy)
4539 return wpas_dpp_start_private_peer_intro(wpa_s, ssid, bss);
4540 #endif /* CONFIG_DPP3 */
4541
4542 len = 5 + 4 + os_strlen(ssid->dpp_connector);
4543 #ifdef CONFIG_DPP2
4544 len += 5;
4545 #endif /* CONFIG_DPP2 */
4546 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ, len);
4547 if (!msg)
4548 return -1;
4549
4550 #ifdef CONFIG_TESTING_OPTIONS
4551 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) {
4552 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
4553 goto skip_trans_id;
4554 }
4555 if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ) {
4556 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID");
4557 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
4558 wpabuf_put_le16(msg, 0);
4559 goto skip_trans_id;
4560 }
4561 #endif /* CONFIG_TESTING_OPTIONS */
4562
4563 /* Transaction ID */
4564 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
4565 wpabuf_put_le16(msg, 1);
4566 wpabuf_put_u8(msg, TRANSACTION_ID);
4567
4568 #ifdef CONFIG_TESTING_OPTIONS
4569 skip_trans_id:
4570 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) {
4571 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
4572 goto skip_connector;
4573 }
4574 if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
4575 char *connector;
4576
4577 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
4578 connector = dpp_corrupt_connector_signature(
4579 ssid->dpp_connector);
4580 if (!connector) {
4581 wpabuf_free(msg);
4582 return -1;
4583 }
4584 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
4585 wpabuf_put_le16(msg, os_strlen(connector));
4586 wpabuf_put_str(msg, connector);
4587 os_free(connector);
4588 goto skip_connector;
4589 }
4590 #endif /* CONFIG_TESTING_OPTIONS */
4591
4592 /* DPP Connector */
4593 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
4594 wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
4595 wpabuf_put_str(msg, ssid->dpp_connector);
4596
4597 #ifdef CONFIG_TESTING_OPTIONS
4598 skip_connector:
4599 if (dpp_test == DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_REQ) {
4600 wpa_printf(MSG_INFO, "DPP: TESTING - no Protocol Version");
4601 goto skip_proto_ver;
4602 }
4603 #endif /* CONFIG_TESTING_OPTIONS */
4604
4605 #ifdef CONFIG_DPP2
4606 if (DPP_VERSION > 1) {
4607 u8 ver = DPP_VERSION;
4608 #ifdef CONFIG_DPP3
4609 int conn_ver;
4610
4611 conn_ver = dpp_get_connector_version(ssid->dpp_connector);
4612 if (conn_ver > 0 && ver != conn_ver) {
4613 wpa_printf(MSG_DEBUG,
4614 "DPP: Use Connector version %d instead of current protocol version %d",
4615 conn_ver, ver);
4616 ver = conn_ver;
4617 }
4618 #endif /* CONFIG_DPP3 */
4619
4620 #ifdef CONFIG_TESTING_OPTIONS
4621 if (dpp_test == DPP_TEST_INVALID_PROTOCOL_VERSION_PEER_DISC_REQ) {
4622 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Protocol Version");
4623 ver = 1;
4624 }
4625 #endif /* CONFIG_TESTING_OPTIONS */
4626
4627 /* Protocol Version */
4628 wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
4629 wpabuf_put_le16(msg, 1);
4630 wpabuf_put_u8(msg, ver);
4631 }
4632 #endif /* CONFIG_DPP2 */
4633
4634 #ifdef CONFIG_TESTING_OPTIONS
4635 skip_proto_ver:
4636 #endif /* CONFIG_TESTING_OPTIONS */
4637
4638 /* TODO: Timeout on AP response */
4639 wait_time = wpa_s->max_remain_on_chan;
4640 if (wait_time > 2000)
4641 wait_time = 2000;
4642 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
4643 MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ);
4644 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
4645 broadcast,
4646 wpabuf_head(msg), wpabuf_len(msg),
4647 wait_time, wpas_dpp_tx_introduction_status, 0);
4648 wpabuf_free(msg);
4649
4650 /* Request this connection attempt to terminate - new one will be
4651 * started when network introduction protocol completes */
4652 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
4653 wpa_s->dpp_intro_network = ssid;
4654 return 1;
4655 }
4656
4657
wpas_dpp_pkex_add(struct wpa_supplicant * wpa_s,const char * cmd)4658 int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
4659 {
4660 struct dpp_bootstrap_info *own_bi;
4661 const char *pos, *end;
4662 #ifdef CONFIG_DPP3
4663 enum dpp_pkex_ver ver = PKEX_VER_AUTO;
4664 #else /* CONFIG_DPP3 */
4665 enum dpp_pkex_ver ver = PKEX_VER_ONLY_1;
4666 #endif /* CONFIG_DPP3 */
4667 int tcp_port = DPP_TCP_PORT;
4668 struct hostapd_ip_addr *ipaddr = NULL;
4669 #ifdef CONFIG_DPP2
4670 struct hostapd_ip_addr ipaddr_buf;
4671 char *addr;
4672
4673 pos = os_strstr(cmd, " tcp_port=");
4674 if (pos) {
4675 pos += 10;
4676 tcp_port = atoi(pos);
4677 }
4678
4679 addr = get_param(cmd, " tcp_addr=");
4680 if (addr) {
4681 int res;
4682
4683 res = hostapd_parse_ip_addr(addr, &ipaddr_buf);
4684 os_free(addr);
4685 if (res)
4686 return -1;
4687 ipaddr = &ipaddr_buf;
4688 }
4689 #endif /* CONFIG_DPP2 */
4690
4691 pos = os_strstr(cmd, " own=");
4692 if (!pos)
4693 return -1;
4694 pos += 5;
4695 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
4696 if (!own_bi) {
4697 wpa_printf(MSG_DEBUG,
4698 "DPP: Identified bootstrap info not found");
4699 return -1;
4700 }
4701 if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
4702 wpa_printf(MSG_DEBUG,
4703 "DPP: Identified bootstrap info not for PKEX");
4704 return -1;
4705 }
4706 wpa_s->dpp_pkex_bi = own_bi;
4707 own_bi->pkex_t = 0; /* clear pending errors on new code */
4708
4709 os_free(wpa_s->dpp_pkex_identifier);
4710 wpa_s->dpp_pkex_identifier = NULL;
4711 pos = os_strstr(cmd, " identifier=");
4712 if (pos) {
4713 pos += 12;
4714 end = os_strchr(pos, ' ');
4715 if (!end)
4716 return -1;
4717 wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1);
4718 if (!wpa_s->dpp_pkex_identifier)
4719 return -1;
4720 os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos);
4721 wpa_s->dpp_pkex_identifier[end - pos] = '\0';
4722 }
4723
4724 pos = os_strstr(cmd, " code=");
4725 if (!pos)
4726 return -1;
4727 os_free(wpa_s->dpp_pkex_code);
4728 wpa_s->dpp_pkex_code = os_strdup(pos + 6);
4729 if (!wpa_s->dpp_pkex_code)
4730 return -1;
4731 wpa_s->dpp_pkex_code_len = os_strlen(wpa_s->dpp_pkex_code);
4732
4733 pos = os_strstr(cmd, " ver=");
4734 if (pos) {
4735 int v;
4736
4737 pos += 5;
4738 v = atoi(pos);
4739 if (v == 1)
4740 ver = PKEX_VER_ONLY_1;
4741 else if (v == 2)
4742 ver = PKEX_VER_ONLY_2;
4743 else
4744 return -1;
4745 }
4746 wpa_s->dpp_pkex_ver = ver;
4747
4748 if (os_strstr(cmd, " init=1")) {
4749 if (wpas_dpp_pkex_init(wpa_s, ver, ipaddr, tcp_port) < 0)
4750 return -1;
4751 } else {
4752 #ifdef CONFIG_DPP2
4753 dpp_controller_pkex_add(wpa_s->dpp, own_bi,
4754 wpa_s->dpp_pkex_code,
4755 wpa_s->dpp_pkex_identifier);
4756 #endif /* CONFIG_DPP2 */
4757 }
4758
4759 /* TODO: Support multiple PKEX info entries */
4760
4761 os_free(wpa_s->dpp_pkex_auth_cmd);
4762 wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd);
4763
4764 return 1;
4765 }
4766
4767
wpas_dpp_pkex_remove(struct wpa_supplicant * wpa_s,const char * id)4768 int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id)
4769 {
4770 unsigned int id_val;
4771
4772 if (os_strcmp(id, "*") == 0) {
4773 id_val = 0;
4774 } else {
4775 id_val = atoi(id);
4776 if (id_val == 0)
4777 return -1;
4778 }
4779
4780 if ((id_val != 0 && id_val != 1))
4781 return -1;
4782
4783 /* TODO: Support multiple PKEX entries */
4784 os_free(wpa_s->dpp_pkex_code);
4785 wpa_s->dpp_pkex_code = NULL;
4786 os_free(wpa_s->dpp_pkex_identifier);
4787 wpa_s->dpp_pkex_identifier = NULL;
4788 os_free(wpa_s->dpp_pkex_auth_cmd);
4789 wpa_s->dpp_pkex_auth_cmd = NULL;
4790 wpa_s->dpp_pkex_bi = NULL;
4791 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
4792 dpp_pkex_free(wpa_s->dpp_pkex);
4793 wpa_s->dpp_pkex = NULL;
4794 return 0;
4795 }
4796
4797
wpas_dpp_stop(struct wpa_supplicant * wpa_s)4798 void wpas_dpp_stop(struct wpa_supplicant *wpa_s)
4799 {
4800 if (wpa_s->dpp_auth || wpa_s->dpp_pkex || wpa_s->dpp_pkex_wait_auth_req)
4801 offchannel_send_action_done(wpa_s);
4802 dpp_auth_deinit(wpa_s->dpp_auth);
4803 wpa_s->dpp_auth = NULL;
4804 dpp_pkex_free(wpa_s->dpp_pkex);
4805 wpa_s->dpp_pkex = NULL;
4806 wpa_s->dpp_pkex_wait_auth_req = false;
4807 if (wpa_s->dpp_gas_client && wpa_s->dpp_gas_dialog_token >= 0)
4808 gas_query_stop(wpa_s->gas, wpa_s->dpp_gas_dialog_token);
4809 #ifdef CONFIG_DPP3
4810 wpas_dpp_push_button_stop(wpa_s);
4811 #endif /* CONFIG_DPP3 */
4812 }
4813
4814
wpas_dpp_init(struct wpa_supplicant * wpa_s)4815 int wpas_dpp_init(struct wpa_supplicant *wpa_s)
4816 {
4817 struct dpp_global_config config;
4818 u8 adv_proto_id[7];
4819
4820 adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
4821 adv_proto_id[1] = 5;
4822 WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
4823 adv_proto_id[5] = DPP_OUI_TYPE;
4824 adv_proto_id[6] = 0x01;
4825
4826 if (gas_server_register(wpa_s->gas_server, adv_proto_id,
4827 sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
4828 wpas_dpp_gas_status_handler, wpa_s) < 0)
4829 return -1;
4830
4831 os_memset(&config, 0, sizeof(config));
4832 config.cb_ctx = wpa_s;
4833 #ifdef CONFIG_DPP2
4834 config.remove_bi = wpas_dpp_remove_bi;
4835 #endif /* CONFIG_DPP2 */
4836 wpa_s->dpp = dpp_global_init(&config);
4837 return wpa_s->dpp ? 0 : -1;
4838 }
4839
4840
wpas_dpp_deinit(struct wpa_supplicant * wpa_s)4841 void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
4842 {
4843 #ifdef CONFIG_TESTING_OPTIONS
4844 os_free(wpa_s->dpp_config_obj_override);
4845 wpa_s->dpp_config_obj_override = NULL;
4846 os_free(wpa_s->dpp_discovery_override);
4847 wpa_s->dpp_discovery_override = NULL;
4848 os_free(wpa_s->dpp_groups_override);
4849 wpa_s->dpp_groups_override = NULL;
4850 wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
4851 #endif /* CONFIG_TESTING_OPTIONS */
4852 if (!wpa_s->dpp)
4853 return;
4854 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
4855 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
4856 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
4857 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
4858 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
4859 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s, NULL);
4860 eloop_cancel_timeout(wpas_dpp_gas_client_timeout, wpa_s, NULL);
4861 eloop_cancel_timeout(wpas_dpp_drv_wait_timeout, wpa_s, NULL);
4862 eloop_cancel_timeout(wpas_dpp_tx_auth_resp_roc_timeout, wpa_s, NULL);
4863 eloop_cancel_timeout(wpas_dpp_neg_freq_timeout, wpa_s, NULL);
4864 #ifdef CONFIG_DPP2
4865 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
4866 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
4867 wpa_s, NULL);
4868 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
4869 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
4870 wpa_s, NULL);
4871 eloop_cancel_timeout(wpas_dpp_build_csr, wpa_s, NULL);
4872 eloop_cancel_timeout(wpas_dpp_connected_timeout, wpa_s, NULL);
4873 dpp_pfs_free(wpa_s->dpp_pfs);
4874 wpa_s->dpp_pfs = NULL;
4875 wpas_dpp_chirp_stop(wpa_s);
4876 dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
4877 wpa_s->dpp_reconfig_id = NULL;
4878 #endif /* CONFIG_DPP2 */
4879 #ifdef CONFIG_DPP3
4880 eloop_cancel_timeout(wpas_dpp_build_new_key, wpa_s, NULL);
4881 #endif /* CONFIG_DPP3 */
4882 offchannel_send_action_done(wpa_s);
4883 wpas_dpp_listen_stop(wpa_s);
4884 wpas_dpp_stop(wpa_s);
4885 wpas_dpp_pkex_remove(wpa_s, "*");
4886 os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
4887 os_free(wpa_s->dpp_configurator_params);
4888 wpa_s->dpp_configurator_params = NULL;
4889 dpp_global_clear(wpa_s->dpp);
4890 }
4891
4892
wpas_dpp_build_conf_resp(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,bool tcp)4893 static int wpas_dpp_build_conf_resp(struct wpa_supplicant *wpa_s,
4894 struct dpp_authentication *auth, bool tcp)
4895 {
4896 struct wpabuf *resp;
4897
4898 resp = dpp_build_conf_resp(auth, auth->e_nonce, auth->curve->nonce_len,
4899 auth->e_netrole, true);
4900 if (!resp)
4901 return -1;
4902
4903 if (tcp) {
4904 auth->conf_resp_tcp = resp;
4905 return 0;
4906 }
4907
4908 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s, NULL);
4909 if (gas_server_set_resp(wpa_s->gas_server, auth->config_resp_ctx,
4910 resp) < 0) {
4911 wpa_printf(MSG_DEBUG,
4912 "DPP: Could not find pending GAS response");
4913 wpabuf_free(resp);
4914 return -1;
4915 }
4916 auth->conf_resp = resp;
4917 return 0;
4918 }
4919
4920
wpas_dpp_conf_set(struct wpa_supplicant * wpa_s,const char * cmd)4921 int wpas_dpp_conf_set(struct wpa_supplicant *wpa_s, const char *cmd)
4922 {
4923 int peer;
4924 const char *pos;
4925 struct dpp_authentication *auth = wpa_s->dpp_auth;
4926 bool tcp = false;
4927
4928 pos = os_strstr(cmd, " peer=");
4929 if (!pos)
4930 return -1;
4931 peer = atoi(pos + 6);
4932 #ifdef CONFIG_DPP2
4933 if (!auth || !auth->waiting_config ||
4934 (auth->peer_bi &&
4935 (unsigned int) peer != auth->peer_bi->id)) {
4936 auth = dpp_controller_get_auth(wpa_s->dpp, peer);
4937 tcp = true;
4938 }
4939 #endif /* CONFIG_DPP2 */
4940
4941 if (!auth || !auth->waiting_config) {
4942 wpa_printf(MSG_DEBUG,
4943 "DPP: No authentication exchange waiting for configuration information");
4944 return -1;
4945 }
4946
4947 if ((!auth->peer_bi ||
4948 (unsigned int) peer != auth->peer_bi->id) &&
4949 (!auth->tmp_peer_bi ||
4950 (unsigned int) peer != auth->tmp_peer_bi->id)) {
4951 wpa_printf(MSG_DEBUG, "DPP: Peer mismatch");
4952 return -1;
4953 }
4954
4955 pos = os_strstr(cmd, " comeback=");
4956 if (pos) {
4957 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s,
4958 NULL);
4959 gas_server_set_comeback_delay(wpa_s->gas_server,
4960 auth->config_resp_ctx,
4961 atoi(pos + 10));
4962 return 0;
4963 }
4964
4965 if (dpp_set_configurator(auth, cmd) < 0)
4966 return -1;
4967
4968 auth->use_config_query = false;
4969 auth->waiting_config = false;
4970 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
4971 }
4972
4973
4974 #ifdef CONFIG_DPP2
4975
wpas_dpp_controller_start(struct wpa_supplicant * wpa_s,const char * cmd)4976 int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd)
4977 {
4978 struct dpp_controller_config config;
4979 const char *pos;
4980
4981 os_memset(&config, 0, sizeof(config));
4982 config.allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR;
4983 config.netrole = DPP_NETROLE_STA;
4984 config.msg_ctx = wpa_s;
4985 config.cb_ctx = wpa_s;
4986 config.process_conf_obj = wpas_dpp_process_conf_obj;
4987 config.tcp_msg_sent = wpas_dpp_tcp_msg_sent;
4988 if (cmd) {
4989 pos = os_strstr(cmd, " tcp_port=");
4990 if (pos) {
4991 pos += 10;
4992 config.tcp_port = atoi(pos);
4993 }
4994
4995 pos = os_strstr(cmd, " role=");
4996 if (pos) {
4997 pos += 6;
4998 if (os_strncmp(pos, "configurator", 12) == 0)
4999 config.allowed_roles = DPP_CAPAB_CONFIGURATOR;
5000 else if (os_strncmp(pos, "enrollee", 8) == 0)
5001 config.allowed_roles = DPP_CAPAB_ENROLLEE;
5002 else if (os_strncmp(pos, "either", 6) == 0)
5003 config.allowed_roles = DPP_CAPAB_CONFIGURATOR |
5004 DPP_CAPAB_ENROLLEE;
5005 else
5006 return -1;
5007 }
5008
5009 config.qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
5010 }
5011 config.configurator_params = wpa_s->dpp_configurator_params;
5012 return dpp_controller_start(wpa_s->dpp, &config);
5013 }
5014
5015
5016 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx);
5017
wpas_dpp_chirp_timeout(void * eloop_ctx,void * timeout_ctx)5018 static void wpas_dpp_chirp_timeout(void *eloop_ctx, void *timeout_ctx)
5019 {
5020 struct wpa_supplicant *wpa_s = eloop_ctx;
5021
5022 wpa_printf(MSG_DEBUG, "DPP: No chirp response received");
5023 offchannel_send_action_done(wpa_s);
5024 wpas_dpp_chirp_next(wpa_s, NULL);
5025 }
5026
5027
wpas_dpp_chirp_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)5028 static void wpas_dpp_chirp_tx_status(struct wpa_supplicant *wpa_s,
5029 unsigned int freq, const u8 *dst,
5030 const u8 *src, const u8 *bssid,
5031 const u8 *data, size_t data_len,
5032 enum offchannel_send_action_result result)
5033 {
5034 if (result == OFFCHANNEL_SEND_ACTION_FAILED) {
5035 wpa_printf(MSG_DEBUG, "DPP: Failed to send chirp on %d MHz",
5036 wpa_s->dpp_chirp_freq);
5037 if (eloop_register_timeout(0, 0, wpas_dpp_chirp_next,
5038 wpa_s, NULL) < 0)
5039 wpas_dpp_chirp_stop(wpa_s);
5040 return;
5041 }
5042
5043 wpa_printf(MSG_DEBUG, "DPP: Chirp send completed - wait for response");
5044 if (eloop_register_timeout(2, 0, wpas_dpp_chirp_timeout,
5045 wpa_s, NULL) < 0)
5046 wpas_dpp_chirp_stop(wpa_s);
5047 }
5048
5049
wpas_dpp_chirp_start(struct wpa_supplicant * wpa_s)5050 static void wpas_dpp_chirp_start(struct wpa_supplicant *wpa_s)
5051 {
5052 struct wpabuf *msg, *announce = NULL;
5053 int type;
5054
5055 msg = wpa_s->dpp_presence_announcement;
5056 type = DPP_PA_PRESENCE_ANNOUNCEMENT;
5057 if (!msg) {
5058 struct wpa_ssid *ssid = wpa_s->dpp_reconfig_ssid;
5059
5060 if (ssid && wpa_s->dpp_reconfig_id &&
5061 wpa_config_get_network(wpa_s->conf,
5062 wpa_s->dpp_reconfig_ssid_id) ==
5063 ssid) {
5064 announce = dpp_build_reconfig_announcement(
5065 ssid->dpp_csign,
5066 ssid->dpp_csign_len,
5067 ssid->dpp_netaccesskey,
5068 ssid->dpp_netaccesskey_len,
5069 wpa_s->dpp_reconfig_id);
5070 msg = announce;
5071 }
5072 if (!msg)
5073 return;
5074 type = DPP_PA_RECONFIG_ANNOUNCEMENT;
5075 }
5076 wpa_printf(MSG_DEBUG, "DPP: Chirp on %d MHz", wpa_s->dpp_chirp_freq);
5077 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
5078 MAC2STR(broadcast), wpa_s->dpp_chirp_freq, type);
5079 if (offchannel_send_action(
5080 wpa_s, wpa_s->dpp_chirp_freq, broadcast,
5081 wpa_s->own_addr, broadcast,
5082 wpabuf_head(msg), wpabuf_len(msg),
5083 2000, wpas_dpp_chirp_tx_status, 0) < 0)
5084 wpas_dpp_chirp_stop(wpa_s);
5085
5086 wpabuf_free(announce);
5087 }
5088
5089
wpas_dpp_presence_ann_channels(struct wpa_supplicant * wpa_s,struct dpp_bootstrap_info * bi)5090 static int * wpas_dpp_presence_ann_channels(struct wpa_supplicant *wpa_s,
5091 struct dpp_bootstrap_info *bi)
5092 {
5093 unsigned int i;
5094 struct hostapd_hw_modes *mode;
5095 int c;
5096 struct wpa_bss *bss;
5097 bool chan6 = wpa_s->hw.modes == NULL;
5098 int *freqs = NULL;
5099
5100 /* Channels from own bootstrapping info */
5101 if (bi) {
5102 for (i = 0; i < bi->num_freq; i++)
5103 int_array_add_unique(&freqs, bi->freq[i]);
5104 }
5105
5106 /* Preferred chirping channels */
5107 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
5108 HOSTAPD_MODE_IEEE80211G, false);
5109 if (mode) {
5110 for (c = 0; c < mode->num_channels; c++) {
5111 struct hostapd_channel_data *chan = &mode->channels[c];
5112
5113 if ((chan->flag & HOSTAPD_CHAN_DISABLED) ||
5114 chan->freq != 2437)
5115 continue;
5116 chan6 = true;
5117 break;
5118 }
5119 }
5120 if (chan6)
5121 int_array_add_unique(&freqs, 2437);
5122
5123 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
5124 HOSTAPD_MODE_IEEE80211A, false);
5125 if (mode) {
5126 int chan44 = 0, chan149 = 0;
5127
5128 for (c = 0; c < mode->num_channels; c++) {
5129 struct hostapd_channel_data *chan = &mode->channels[c];
5130
5131 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
5132 HOSTAPD_CHAN_RADAR))
5133 continue;
5134 if (chan->freq == 5220)
5135 chan44 = 1;
5136 if (chan->freq == 5745)
5137 chan149 = 1;
5138 }
5139 if (chan149)
5140 int_array_add_unique(&freqs, 5745);
5141 else if (chan44)
5142 int_array_add_unique(&freqs, 5220);
5143 }
5144
5145 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
5146 HOSTAPD_MODE_IEEE80211AD, false);
5147 if (mode) {
5148 for (c = 0; c < mode->num_channels; c++) {
5149 struct hostapd_channel_data *chan = &mode->channels[c];
5150
5151 if ((chan->flag & (HOSTAPD_CHAN_DISABLED |
5152 HOSTAPD_CHAN_RADAR)) ||
5153 chan->freq != 60480)
5154 continue;
5155 int_array_add_unique(&freqs, 60480);
5156 break;
5157 }
5158 }
5159
5160 /* Add channels from scan results for APs that advertise Configurator
5161 * Connectivity element */
5162 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
5163 if (wpa_bss_get_vendor_ie(bss, DPP_CC_IE_VENDOR_TYPE))
5164 int_array_add_unique(&freqs, bss->freq);
5165 }
5166
5167 return freqs;
5168 }
5169
5170
wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant * wpa_s,struct wpa_scan_results * scan_res)5171 static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s,
5172 struct wpa_scan_results *scan_res)
5173 {
5174 struct dpp_bootstrap_info *bi = wpa_s->dpp_chirp_bi;
5175
5176 if (!bi && !wpa_s->dpp_reconfig_ssid)
5177 return;
5178
5179 wpa_s->dpp_chirp_scan_done = 1;
5180
5181 os_free(wpa_s->dpp_chirp_freqs);
5182 wpa_s->dpp_chirp_freqs = wpas_dpp_presence_ann_channels(wpa_s, bi);
5183
5184 if (!wpa_s->dpp_chirp_freqs ||
5185 eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL) < 0)
5186 wpas_dpp_chirp_stop(wpa_s);
5187 }
5188
5189
wpas_dpp_chirp_next(void * eloop_ctx,void * timeout_ctx)5190 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx)
5191 {
5192 struct wpa_supplicant *wpa_s = eloop_ctx;
5193 int i;
5194
5195 if (wpa_s->dpp_chirp_listen)
5196 wpas_dpp_listen_stop(wpa_s);
5197
5198 if (wpa_s->dpp_chirp_freq == 0) {
5199 if (wpa_s->dpp_chirp_round % 4 == 0 &&
5200 !wpa_s->dpp_chirp_scan_done) {
5201 if (wpas_scan_scheduled(wpa_s)) {
5202 wpa_printf(MSG_DEBUG,
5203 "DPP: Deferring chirp scan because another scan is planned already");
5204 if (eloop_register_timeout(1, 0,
5205 wpas_dpp_chirp_next,
5206 wpa_s, NULL) < 0) {
5207 wpas_dpp_chirp_stop(wpa_s);
5208 return;
5209 }
5210 return;
5211 }
5212 wpa_printf(MSG_DEBUG,
5213 "DPP: Update channel list for chirping");
5214 wpa_s->scan_req = MANUAL_SCAN_REQ;
5215 wpa_s->scan_res_handler =
5216 wpas_dpp_chirp_scan_res_handler;
5217 wpa_supplicant_req_scan(wpa_s, 0, 0);
5218 return;
5219 }
5220 wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[0];
5221 wpa_s->dpp_chirp_round++;
5222 wpa_printf(MSG_DEBUG, "DPP: Start chirping round %d",
5223 wpa_s->dpp_chirp_round);
5224 } else {
5225 for (i = 0; wpa_s->dpp_chirp_freqs[i]; i++)
5226 if (wpa_s->dpp_chirp_freqs[i] == wpa_s->dpp_chirp_freq)
5227 break;
5228 if (!wpa_s->dpp_chirp_freqs[i]) {
5229 wpa_printf(MSG_DEBUG,
5230 "DPP: Previous chirp freq %d not found",
5231 wpa_s->dpp_chirp_freq);
5232 return;
5233 }
5234 i++;
5235 if (wpa_s->dpp_chirp_freqs[i]) {
5236 wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[i];
5237 } else {
5238 wpa_s->dpp_chirp_iter--;
5239 if (wpa_s->dpp_chirp_iter <= 0) {
5240 wpa_printf(MSG_DEBUG,
5241 "DPP: Chirping iterations completed");
5242 wpas_dpp_chirp_stop(wpa_s);
5243 return;
5244 }
5245 wpa_s->dpp_chirp_freq = 0;
5246 wpa_s->dpp_chirp_scan_done = 0;
5247 if (eloop_register_timeout(30, 0, wpas_dpp_chirp_next,
5248 wpa_s, NULL) < 0) {
5249 wpas_dpp_chirp_stop(wpa_s);
5250 return;
5251 }
5252 if (wpa_s->dpp_chirp_listen) {
5253 wpa_printf(MSG_DEBUG,
5254 "DPP: Listen on %d MHz during chirp 30 second wait",
5255 wpa_s->dpp_chirp_listen);
5256 wpas_dpp_listen_start(wpa_s,
5257 wpa_s->dpp_chirp_listen);
5258 } else {
5259 wpa_printf(MSG_DEBUG,
5260 "DPP: Wait 30 seconds before starting the next chirping round");
5261 }
5262 return;
5263 }
5264 }
5265
5266 wpas_dpp_chirp_start(wpa_s);
5267 }
5268
5269
wpas_dpp_chirp(struct wpa_supplicant * wpa_s,const char * cmd)5270 int wpas_dpp_chirp(struct wpa_supplicant *wpa_s, const char *cmd)
5271 {
5272 const char *pos;
5273 int iter = 1, listen_freq = 0;
5274 struct dpp_bootstrap_info *bi;
5275
5276 pos = os_strstr(cmd, " own=");
5277 if (!pos)
5278 return -1;
5279 pos += 5;
5280 bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
5281 if (!bi) {
5282 wpa_printf(MSG_DEBUG,
5283 "DPP: Identified bootstrap info not found");
5284 return -1;
5285 }
5286
5287 pos = os_strstr(cmd, " iter=");
5288 if (pos) {
5289 iter = atoi(pos + 6);
5290 if (iter <= 0)
5291 return -1;
5292 }
5293
5294 pos = os_strstr(cmd, " listen=");
5295 if (pos) {
5296 listen_freq = atoi(pos + 8);
5297 if (listen_freq <= 0)
5298 return -1;
5299 }
5300
5301 wpas_dpp_chirp_stop(wpa_s);
5302 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
5303 wpa_s->dpp_netrole = DPP_NETROLE_STA;
5304 wpa_s->dpp_qr_mutual = 0;
5305 wpa_s->dpp_chirp_bi = bi;
5306 wpa_s->dpp_presence_announcement = dpp_build_presence_announcement(bi);
5307 if (!wpa_s->dpp_presence_announcement)
5308 return -1;
5309 wpa_s->dpp_chirp_iter = iter;
5310 wpa_s->dpp_chirp_round = 0;
5311 wpa_s->dpp_chirp_scan_done = 0;
5312 wpa_s->dpp_chirp_listen = listen_freq;
5313
5314 return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
5315 }
5316
5317
wpas_dpp_chirp_stop(struct wpa_supplicant * wpa_s)5318 void wpas_dpp_chirp_stop(struct wpa_supplicant *wpa_s)
5319 {
5320 if (wpa_s->dpp_presence_announcement ||
5321 wpa_s->dpp_reconfig_ssid) {
5322 offchannel_send_action_done(wpa_s);
5323 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CHIRP_STOPPED);
5324 }
5325 wpa_s->dpp_chirp_bi = NULL;
5326 wpabuf_free(wpa_s->dpp_presence_announcement);
5327 wpa_s->dpp_presence_announcement = NULL;
5328 if (wpa_s->dpp_chirp_listen)
5329 wpas_dpp_listen_stop(wpa_s);
5330 wpa_s->dpp_chirp_listen = 0;
5331 wpa_s->dpp_chirp_freq = 0;
5332 os_free(wpa_s->dpp_chirp_freqs);
5333 wpa_s->dpp_chirp_freqs = NULL;
5334 eloop_cancel_timeout(wpas_dpp_chirp_next, wpa_s, NULL);
5335 eloop_cancel_timeout(wpas_dpp_chirp_timeout, wpa_s, NULL);
5336 if (wpa_s->scan_res_handler == wpas_dpp_chirp_scan_res_handler) {
5337 wpas_abort_ongoing_scan(wpa_s);
5338 wpa_s->scan_res_handler = NULL;
5339 }
5340 }
5341
5342
wpas_dpp_reconfig(struct wpa_supplicant * wpa_s,const char * cmd)5343 int wpas_dpp_reconfig(struct wpa_supplicant *wpa_s, const char *cmd)
5344 {
5345 struct wpa_ssid *ssid;
5346 int iter = 1;
5347 const char *pos;
5348
5349 ssid = wpa_config_get_network(wpa_s->conf, atoi(cmd));
5350 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
5351 !ssid->dpp_csign) {
5352 wpa_printf(MSG_DEBUG,
5353 "DPP: Not a valid network profile for reconfiguration");
5354 return -1;
5355 }
5356
5357 pos = os_strstr(cmd, " iter=");
5358 if (pos) {
5359 iter = atoi(pos + 6);
5360 if (iter <= 0)
5361 return -1;
5362 }
5363
5364 if (wpa_s->dpp_auth) {
5365 wpa_printf(MSG_DEBUG,
5366 "DPP: Not ready to start reconfiguration - pending authentication exchange in progress");
5367 return -1;
5368 }
5369
5370 dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
5371 wpa_s->dpp_reconfig_id = dpp_gen_reconfig_id(ssid->dpp_csign,
5372 ssid->dpp_csign_len,
5373 ssid->dpp_pp_key,
5374 ssid->dpp_pp_key_len);
5375 if (!wpa_s->dpp_reconfig_id) {
5376 wpa_printf(MSG_DEBUG,
5377 "DPP: Failed to generate E-id for reconfiguration");
5378 return -1;
5379 }
5380 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
5381 wpa_printf(MSG_DEBUG, "DPP: Disconnect for reconfiguration");
5382 wpa_s->own_disconnect_req = 1;
5383 wpa_supplicant_deauthenticate(
5384 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
5385 }
5386 wpas_dpp_chirp_stop(wpa_s);
5387 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
5388 wpa_s->dpp_netrole = DPP_NETROLE_STA;
5389 wpa_s->dpp_qr_mutual = 0;
5390 wpa_s->dpp_reconfig_ssid = ssid;
5391 wpa_s->dpp_reconfig_ssid_id = ssid->id;
5392 wpa_s->dpp_chirp_iter = iter;
5393 wpa_s->dpp_chirp_round = 0;
5394 wpa_s->dpp_chirp_scan_done = 0;
5395 wpa_s->dpp_chirp_listen = 0;
5396
5397 return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
5398 }
5399
5400
wpas_dpp_ca_set(struct wpa_supplicant * wpa_s,const char * cmd)5401 int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd)
5402 {
5403 int peer = -1;
5404 const char *pos, *value;
5405 struct dpp_authentication *auth = wpa_s->dpp_auth;
5406 u8 *bin;
5407 size_t bin_len;
5408 struct wpabuf *buf;
5409 bool tcp = false;
5410
5411 pos = os_strstr(cmd, " peer=");
5412 if (pos) {
5413 peer = atoi(pos + 6);
5414 if (!auth || !auth->waiting_cert ||
5415 (auth->peer_bi &&
5416 (unsigned int) peer != auth->peer_bi->id)) {
5417 auth = dpp_controller_get_auth(wpa_s->dpp, peer);
5418 tcp = true;
5419 }
5420 }
5421
5422 if (!auth || !auth->waiting_cert) {
5423 wpa_printf(MSG_DEBUG,
5424 "DPP: No authentication exchange waiting for certificate information");
5425 return -1;
5426 }
5427
5428 if (peer >= 0 &&
5429 (!auth->peer_bi ||
5430 (unsigned int) peer != auth->peer_bi->id) &&
5431 (!auth->tmp_peer_bi ||
5432 (unsigned int) peer != auth->tmp_peer_bi->id)) {
5433 wpa_printf(MSG_DEBUG, "DPP: Peer mismatch");
5434 return -1;
5435 }
5436
5437 pos = os_strstr(cmd, " value=");
5438 if (!pos)
5439 return -1;
5440 value = pos + 7;
5441
5442 pos = os_strstr(cmd, " name=");
5443 if (!pos)
5444 return -1;
5445 pos += 6;
5446
5447 if (os_strncmp(pos, "status ", 7) == 0) {
5448 auth->force_conf_resp_status = atoi(value);
5449 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
5450 }
5451
5452 if (os_strncmp(pos, "trustedEapServerName ", 21) == 0) {
5453 os_free(auth->trusted_eap_server_name);
5454 auth->trusted_eap_server_name = os_strdup(value);
5455 return auth->trusted_eap_server_name ? 0 : -1;
5456 }
5457
5458 bin = base64_decode(value, os_strlen(value), &bin_len);
5459 if (!bin)
5460 return -1;
5461 buf = wpabuf_alloc_copy(bin, bin_len);
5462 os_free(bin);
5463
5464 if (os_strncmp(pos, "caCert ", 7) == 0) {
5465 wpabuf_free(auth->cacert);
5466 auth->cacert = buf;
5467 return 0;
5468 }
5469
5470 if (os_strncmp(pos, "certBag ", 8) == 0) {
5471 wpabuf_free(auth->certbag);
5472 auth->certbag = buf;
5473 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
5474 }
5475
5476 wpabuf_free(buf);
5477 return -1;
5478 }
5479
5480 #endif /* CONFIG_DPP2 */
5481
5482
5483 #ifdef CONFIG_DPP3
5484
5485 #define DPP_PB_ANNOUNCE_PER_CHAN 3
5486
5487 static int wpas_dpp_pb_announce(struct wpa_supplicant *wpa_s, int freq);
5488 static void wpas_dpp_pb_next(void *eloop_ctx, void *timeout_ctx);
5489
5490
wpas_dpp_pb_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)5491 static void wpas_dpp_pb_tx_status(struct wpa_supplicant *wpa_s,
5492 unsigned int freq, const u8 *dst,
5493 const u8 *src, const u8 *bssid,
5494 const u8 *data, size_t data_len,
5495 enum offchannel_send_action_result result)
5496 {
5497 if (result == OFFCHANNEL_SEND_ACTION_FAILED) {
5498 wpa_printf(MSG_DEBUG,
5499 "DPP: Failed to send push button announcement on %d MHz",
5500 freq);
5501 if (eloop_register_timeout(0, 0, wpas_dpp_pb_next,
5502 wpa_s, NULL) < 0)
5503 wpas_dpp_push_button_stop(wpa_s);
5504 return;
5505 }
5506
5507 wpa_printf(MSG_DEBUG, "DPP: Push button announcement on %d MHz sent",
5508 freq);
5509 if (wpa_s->dpp_pb_discovery_done) {
5510 wpa_s->dpp_pb_announce_count = 0;
5511 wpa_printf(MSG_DEBUG,
5512 "DPP: Wait for push button announcement response and PKEX on %d MHz",
5513 freq);
5514 if (eloop_register_timeout(0, 500000, wpas_dpp_pb_next,
5515 wpa_s, NULL) < 0)
5516 wpas_dpp_push_button_stop(wpa_s);
5517 return;
5518 } else if (wpa_s->dpp_pb_announce_count >= DPP_PB_ANNOUNCE_PER_CHAN) {
5519 wpa_printf(MSG_DEBUG,
5520 "DPP: Wait for push button announcement response on %d MHz",
5521 freq);
5522 if (eloop_register_timeout(0, 50000, wpas_dpp_pb_next,
5523 wpa_s, NULL) < 0)
5524 wpas_dpp_push_button_stop(wpa_s);
5525 return;
5526 }
5527
5528 if (wpas_dpp_pb_announce(wpa_s, freq) < 0)
5529 wpas_dpp_push_button_stop(wpa_s);
5530 }
5531
5532
wpas_dpp_pb_announce(struct wpa_supplicant * wpa_s,int freq)5533 static int wpas_dpp_pb_announce(struct wpa_supplicant *wpa_s, int freq)
5534 {
5535 struct wpabuf *msg;
5536 int type;
5537
5538 msg = wpa_s->dpp_pb_announcement;
5539 if (!msg)
5540 return -1;
5541
5542 wpa_s->dpp_pb_announce_count++;
5543 wpa_printf(MSG_DEBUG,
5544 "DPP: Send push button announcement %d/%d (%d MHz)",
5545 wpa_s->dpp_pb_announce_count, DPP_PB_ANNOUNCE_PER_CHAN,
5546 freq);
5547
5548 type = DPP_PA_PB_PRESENCE_ANNOUNCEMENT;
5549 if (wpa_s->dpp_pb_announce_count == 1)
5550 wpa_msg(wpa_s, MSG_INFO,
5551 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
5552 MAC2STR(broadcast), freq, type);
5553 if (offchannel_send_action(
5554 wpa_s, freq, broadcast, wpa_s->own_addr, broadcast,
5555 wpabuf_head(msg), wpabuf_len(msg),
5556 1000, wpas_dpp_pb_tx_status, 0) < 0)
5557 return -1;
5558
5559 return 0;
5560 }
5561
5562
wpas_dpp_pb_next(void * eloop_ctx,void * timeout_ctx)5563 static void wpas_dpp_pb_next(void *eloop_ctx, void *timeout_ctx)
5564 {
5565 struct wpa_supplicant *wpa_s = eloop_ctx;
5566 struct os_reltime now;
5567 int freq;
5568
5569 if (!wpa_s->dpp_pb_freqs)
5570 return;
5571
5572 os_get_reltime(&now);
5573 offchannel_send_action_done(wpa_s);
5574
5575 if (os_reltime_expired(&now, &wpa_s->dpp_pb_time, 100)) {
5576 wpa_printf(MSG_DEBUG, "DPP: Push button wait time expired");
5577 wpas_dpp_push_button_stop(wpa_s);
5578 return;
5579 }
5580
5581 if (wpa_s->dpp_pb_freq_idx >= int_array_len(wpa_s->dpp_pb_freqs)) {
5582 wpa_printf(MSG_DEBUG,
5583 "DPP: Completed push button announcement round");
5584 wpa_s->dpp_pb_freq_idx = 0;
5585 if (wpa_s->dpp_pb_stop_iter > 0) {
5586 wpa_s->dpp_pb_stop_iter--;
5587
5588 if (wpa_s->dpp_pb_stop_iter == 1) {
5589 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS
5590 "wait for AP/Configurator to allow PKEX to be initiated");
5591 if (eloop_register_timeout(10, 0,
5592 wpas_dpp_pb_next,
5593 wpa_s, NULL) < 0) {
5594 wpas_dpp_push_button_stop(wpa_s);
5595 return;
5596 }
5597 return;
5598 }
5599
5600 if (wpa_s->dpp_pb_stop_iter == 0) {
5601 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS
5602 "start push button PKEX responder on the discovered channel (%d MHz)",
5603 wpa_s->dpp_pb_resp_freq);
5604 wpa_s->dpp_pb_discovery_done = true;
5605
5606 wpa_s->dpp_pkex_bi = wpa_s->dpp_pb_bi;
5607
5608 os_free(wpa_s->dpp_pkex_code);
5609 wpa_s->dpp_pkex_code = os_memdup(
5610 wpa_s->dpp_pb_c_nonce,
5611 wpa_s->dpp_pb_c_nonce_len);
5612 wpa_s->dpp_pkex_code_len =
5613 wpa_s->dpp_pb_c_nonce_len;
5614
5615 os_free(wpa_s->dpp_pkex_identifier);
5616 wpa_s->dpp_pkex_identifier =
5617 os_strdup("PBPKEX");
5618
5619 if (!wpa_s->dpp_pkex_code ||
5620 !wpa_s->dpp_pkex_identifier) {
5621 wpas_dpp_push_button_stop(wpa_s);
5622 return;
5623 }
5624
5625 wpa_s->dpp_pkex_ver = PKEX_VER_ONLY_2;
5626
5627 os_free(wpa_s->dpp_pkex_auth_cmd);
5628 wpa_s->dpp_pkex_auth_cmd = NULL;
5629 }
5630 }
5631 }
5632
5633 if (wpa_s->dpp_pb_discovery_done)
5634 freq = wpa_s->dpp_pb_resp_freq;
5635 else
5636 freq = wpa_s->dpp_pb_freqs[wpa_s->dpp_pb_freq_idx++];
5637 wpa_s->dpp_pb_announce_count = 0;
5638 if (!wpa_s->dpp_pb_announcement) {
5639 wpa_printf(MSG_DEBUG, "DPP: Push button announcements stopped");
5640 return;
5641 }
5642 if (wpas_dpp_pb_announce(wpa_s, freq) < 0) {
5643 wpas_dpp_push_button_stop(wpa_s);
5644 return;
5645 }
5646 }
5647
5648
wpas_dpp_push_button_expire(void * eloop_ctx,void * timeout_ctx)5649 static void wpas_dpp_push_button_expire(void *eloop_ctx, void *timeout_ctx)
5650 {
5651 struct wpa_supplicant *wpa_s = eloop_ctx;
5652
5653 wpa_printf(MSG_DEBUG,
5654 "DPP: Active push button Configurator mode expired");
5655 wpas_dpp_push_button_stop(wpa_s);
5656 }
5657
5658
wpas_dpp_push_button_configurator(struct wpa_supplicant * wpa_s,const char * cmd)5659 static int wpas_dpp_push_button_configurator(struct wpa_supplicant *wpa_s,
5660 const char *cmd)
5661 {
5662 wpa_s->dpp_pb_configurator = true;
5663 wpa_s->dpp_pb_announce_time.sec = 0;
5664 wpa_s->dpp_pb_announce_time.usec = 0;
5665 str_clear_free(wpa_s->dpp_pb_cmd);
5666 wpa_s->dpp_pb_cmd = NULL;
5667 if (cmd) {
5668 wpa_s->dpp_pb_cmd = os_strdup(cmd);
5669 if (!wpa_s->dpp_pb_cmd)
5670 return -1;
5671 }
5672 eloop_register_timeout(100, 0, wpas_dpp_push_button_expire,
5673 wpa_s, NULL);
5674
5675 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS "started");
5676 return 0;
5677 }
5678
5679
wpas_dpp_pb_scan_res_handler(struct wpa_supplicant * wpa_s,struct wpa_scan_results * scan_res)5680 static void wpas_dpp_pb_scan_res_handler(struct wpa_supplicant *wpa_s,
5681 struct wpa_scan_results *scan_res)
5682 {
5683 if (!wpa_s->dpp_pb_time.sec && !wpa_s->dpp_pb_time.usec)
5684 return;
5685
5686 os_free(wpa_s->dpp_pb_freqs);
5687 wpa_s->dpp_pb_freqs = wpas_dpp_presence_ann_channels(wpa_s, NULL);
5688
5689 wpa_printf(MSG_DEBUG, "DPP: Scan completed for PB discovery");
5690 if (!wpa_s->dpp_pb_freqs ||
5691 eloop_register_timeout(0, 0, wpas_dpp_pb_next, wpa_s, NULL) < 0)
5692 wpas_dpp_push_button_stop(wpa_s);
5693 }
5694
5695
wpas_dpp_push_button(struct wpa_supplicant * wpa_s,const char * cmd)5696 int wpas_dpp_push_button(struct wpa_supplicant *wpa_s, const char *cmd)
5697 {
5698 int res;
5699
5700 if (!wpa_s->dpp)
5701 return -1;
5702 wpas_dpp_push_button_stop(wpa_s);
5703 wpas_dpp_stop(wpa_s);
5704 wpas_dpp_chirp_stop(wpa_s);
5705
5706 os_get_reltime(&wpa_s->dpp_pb_time);
5707
5708 if (cmd &&
5709 (os_strstr(cmd, " role=configurator") ||
5710 os_strstr(cmd, " conf=")))
5711 return wpas_dpp_push_button_configurator(wpa_s, cmd);
5712
5713 wpa_s->dpp_pb_configurator = false;
5714
5715 wpa_s->dpp_pb_freq_idx = 0;
5716
5717 res = dpp_bootstrap_gen(wpa_s->dpp, "type=pkex");
5718 if (res < 0)
5719 return -1;
5720 wpa_s->dpp_pb_bi = dpp_bootstrap_get_id(wpa_s->dpp, res);
5721 if (!wpa_s->dpp_pb_bi)
5722 return -1;
5723
5724 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
5725 wpa_s->dpp_netrole = DPP_NETROLE_STA;
5726 wpa_s->dpp_qr_mutual = 0;
5727 wpa_s->dpp_pb_announcement =
5728 dpp_build_pb_announcement(wpa_s->dpp_pb_bi);
5729 if (!wpa_s->dpp_pb_announcement)
5730 return -1;
5731
5732 wpa_printf(MSG_DEBUG,
5733 "DPP: Scan to create channel list for PB discovery");
5734 wpa_s->scan_req = MANUAL_SCAN_REQ;
5735 wpa_s->scan_res_handler = wpas_dpp_pb_scan_res_handler;
5736 wpa_supplicant_req_scan(wpa_s, 0, 0);
5737 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS "started");
5738 return 0;
5739 }
5740
5741
wpas_dpp_push_button_stop(struct wpa_supplicant * wpa_s)5742 void wpas_dpp_push_button_stop(struct wpa_supplicant *wpa_s)
5743 {
5744 if (!wpa_s->dpp)
5745 return;
5746 os_free(wpa_s->dpp_pb_freqs);
5747 wpa_s->dpp_pb_freqs = NULL;
5748 wpabuf_free(wpa_s->dpp_pb_announcement);
5749 wpa_s->dpp_pb_announcement = NULL;
5750 if (wpa_s->dpp_pb_bi) {
5751 char id[20];
5752
5753 if (wpa_s->dpp_pb_bi == wpa_s->dpp_pkex_bi)
5754 wpa_s->dpp_pkex_bi = NULL;
5755 os_snprintf(id, sizeof(id), "%u", wpa_s->dpp_pb_bi->id);
5756 dpp_bootstrap_remove(wpa_s->dpp, id);
5757 wpa_s->dpp_pb_bi = NULL;
5758 if (!wpa_s->dpp_pb_result_indicated) {
5759 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "failed");
5760 wpa_s->dpp_pb_result_indicated = true;
5761 }
5762 }
5763
5764 wpa_s->dpp_pb_resp_freq = 0;
5765 wpa_s->dpp_pb_stop_iter = 0;
5766 wpa_s->dpp_pb_discovery_done = false;
5767 os_free(wpa_s->dpp_pb_cmd);
5768 wpa_s->dpp_pb_cmd = NULL;
5769
5770 eloop_cancel_timeout(wpas_dpp_pb_next, wpa_s, NULL);
5771 eloop_cancel_timeout(wpas_dpp_push_button_expire, wpa_s, NULL);
5772 if (wpas_dpp_pb_active(wpa_s)) {
5773 wpa_printf(MSG_DEBUG, "DPP: Stop active push button mode");
5774 if (!wpa_s->dpp_pb_result_indicated)
5775 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "failed");
5776 }
5777 wpa_s->dpp_pb_time.sec = 0;
5778 wpa_s->dpp_pb_time.usec = 0;
5779 dpp_pkex_free(wpa_s->dpp_pkex);
5780 wpa_s->dpp_pkex = NULL;
5781 os_free(wpa_s->dpp_pkex_auth_cmd);
5782 wpa_s->dpp_pkex_auth_cmd = NULL;
5783
5784 wpa_s->dpp_pb_result_indicated = false;
5785
5786 str_clear_free(wpa_s->dpp_pb_cmd);
5787 wpa_s->dpp_pb_cmd = NULL;
5788
5789 if (wpa_s->scan_res_handler == wpas_dpp_pb_scan_res_handler) {
5790 wpas_abort_ongoing_scan(wpa_s);
5791 wpa_s->scan_res_handler = NULL;
5792 }
5793 }
5794
5795 #endif /* CONFIG_DPP3 */
5796