1 /*
2 * wpa_supplicant / WPS integration
3 * Copyright (c) 2008-2014, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "eloop.h"
13 #include "uuid.h"
14 #include "crypto/random.h"
15 #include "crypto/dh_group5.h"
16 #include "common/ieee802_11_defs.h"
17 #include "common/ieee802_11_common.h"
18 #include "common/wpa_common.h"
19 #include "common/wpa_ctrl.h"
20 #include "eap_common/eap_wsc_common.h"
21 #include "eap_peer/eap.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "rsn_supp/wpa.h"
24 #include "wps/wps_attr_parse.h"
25 #include "config.h"
26 #include "wpa_supplicant_i.h"
27 #include "driver_i.h"
28 #include "notify.h"
29 #include "bssid_ignore.h"
30 #include "bss.h"
31 #include "scan.h"
32 #include "ap.h"
33 #include "p2p/p2p.h"
34 #include "p2p_supplicant.h"
35 #include "wps_supplicant.h"
36
37
38 #ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
39 #define WPS_PIN_SCAN_IGNORE_SEL_REG 3
40 #endif /* WPS_PIN_SCAN_IGNORE_SEL_REG */
41
42 /*
43 * The minimum time in seconds before trying to associate to a WPS PIN AP that
44 * does not have Selected Registrar TRUE.
45 */
46 #ifndef WPS_PIN_TIME_IGNORE_SEL_REG
47 #define WPS_PIN_TIME_IGNORE_SEL_REG 5
48 #endif /* WPS_PIN_TIME_IGNORE_SEL_REG */
49
50 static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx);
51 static void wpas_clear_wps(struct wpa_supplicant *wpa_s);
52
53
wpas_wps_clear_ap_info(struct wpa_supplicant * wpa_s)54 static void wpas_wps_clear_ap_info(struct wpa_supplicant *wpa_s)
55 {
56 os_free(wpa_s->wps_ap);
57 wpa_s->wps_ap = NULL;
58 wpa_s->num_wps_ap = 0;
59 wpa_s->wps_ap_iter = 0;
60 }
61
62
wpas_wps_assoc_with_cred(void * eloop_ctx,void * timeout_ctx)63 static void wpas_wps_assoc_with_cred(void *eloop_ctx, void *timeout_ctx)
64 {
65 struct wpa_supplicant *wpa_s = eloop_ctx;
66 int use_fast_assoc = timeout_ctx != NULL;
67
68 wpa_printf(MSG_DEBUG, "WPS: Continuing association after eapol_cb");
69 if (!use_fast_assoc ||
70 wpa_supplicant_fast_associate(wpa_s) != 1)
71 wpa_supplicant_req_scan(wpa_s, 0, 0);
72 }
73
74
wpas_wps_assoc_with_cred_cancel(struct wpa_supplicant * wpa_s)75 static void wpas_wps_assoc_with_cred_cancel(struct wpa_supplicant *wpa_s)
76 {
77 eloop_cancel_timeout(wpas_wps_assoc_with_cred, wpa_s, (void *) 0);
78 eloop_cancel_timeout(wpas_wps_assoc_with_cred, wpa_s, (void *) 1);
79 }
80
81
wpas_wps_get_wps_ie(struct wpa_bss * bss)82 static struct wpabuf * wpas_wps_get_wps_ie(struct wpa_bss *bss)
83 {
84 /* Return the latest receive WPS IE from the AP regardless of whether
85 * it was from a Beacon frame or Probe Response frame to avoid using
86 * stale information. */
87 if (bss->beacon_newer)
88 return wpa_bss_get_vendor_ie_multi_beacon(bss,
89 WPS_IE_VENDOR_TYPE);
90 return wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
91 }
92
93
wpas_wps_eapol_cb(struct wpa_supplicant * wpa_s)94 int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s)
95 {
96 if (wpas_p2p_wps_eapol_cb(wpa_s) > 0)
97 return 1;
98
99 if (!wpa_s->wps_success &&
100 wpa_s->current_ssid &&
101 eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
102 const u8 *bssid = wpa_s->bssid;
103 if (is_zero_ether_addr(bssid))
104 bssid = wpa_s->pending_bssid;
105
106 wpa_printf(MSG_DEBUG, "WPS: PIN registration with " MACSTR
107 " did not succeed - continue trying to find "
108 "suitable AP", MAC2STR(bssid));
109 wpa_bssid_ignore_add(wpa_s, bssid);
110
111 wpa_supplicant_deauthenticate(wpa_s,
112 WLAN_REASON_DEAUTH_LEAVING);
113 wpa_s->reassociate = 1;
114 wpa_supplicant_req_scan(wpa_s,
115 wpa_s->bssid_ignore_cleared ? 5 : 0, 0);
116 wpa_s->bssid_ignore_cleared = false;
117 return 1;
118 }
119
120 wpas_wps_clear_ap_info(wpa_s);
121 eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
122 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && !wpa_s->wps_success)
123 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_FAIL);
124
125 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid &&
126 !(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
127 int disabled = wpa_s->current_ssid->disabled;
128 unsigned int freq = wpa_s->assoc_freq;
129 struct wpa_bss *bss;
130 struct wpa_ssid *ssid = NULL;
131 int use_fast_assoc = 0;
132
133 wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - "
134 "try to associate with the received credential "
135 "(freq=%u)", freq);
136 wpa_s->own_disconnect_req = 1;
137 wpa_supplicant_deauthenticate(wpa_s,
138 WLAN_REASON_DEAUTH_LEAVING);
139 if (disabled) {
140 wpa_printf(MSG_DEBUG, "WPS: Current network is "
141 "disabled - wait for user to enable");
142 return 1;
143 }
144 wpa_s->after_wps = 5;
145 wpa_s->wps_freq = freq;
146 wpa_s->normal_scans = 0;
147 wpa_s->reassociate = 1;
148
149 wpa_printf(MSG_DEBUG, "WPS: Checking whether fast association "
150 "without a new scan can be used");
151 bss = wpa_supplicant_pick_network(wpa_s, &ssid);
152 if (bss) {
153 struct wpabuf *wps;
154 struct wps_parse_attr attr;
155
156 wps = wpas_wps_get_wps_ie(bss);
157 if (wps && wps_parse_msg(wps, &attr) == 0 &&
158 attr.wps_state &&
159 *attr.wps_state == WPS_STATE_CONFIGURED)
160 use_fast_assoc = 1;
161 wpabuf_free(wps);
162 }
163
164 /*
165 * Complete the next step from an eloop timeout to allow pending
166 * driver events related to the disconnection to be processed
167 * first. This makes it less likely for disconnection event to
168 * cause problems with the following connection.
169 */
170 wpa_printf(MSG_DEBUG, "WPS: Continue association from timeout");
171 wpas_wps_assoc_with_cred_cancel(wpa_s);
172 eloop_register_timeout(0, 10000,
173 wpas_wps_assoc_with_cred, wpa_s,
174 use_fast_assoc ? (void *) 1 :
175 (void *) 0);
176 return 1;
177 }
178
179 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid) {
180 wpa_printf(MSG_DEBUG, "WPS: Registration completed - waiting "
181 "for external credential processing");
182 wpas_clear_wps(wpa_s);
183 wpa_s->own_disconnect_req = 1;
184 wpa_supplicant_deauthenticate(wpa_s,
185 WLAN_REASON_DEAUTH_LEAVING);
186 return 1;
187 }
188
189 return 0;
190 }
191
192
wpas_wps_security_workaround(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const struct wps_credential * cred)193 static void wpas_wps_security_workaround(struct wpa_supplicant *wpa_s,
194 struct wpa_ssid *ssid,
195 const struct wps_credential *cred)
196 {
197 struct wpa_driver_capa capa;
198 struct wpa_bss *bss;
199 const u8 *ie;
200 struct wpa_ie_data adv;
201 int wpa2 = 0, ccmp = 0;
202 enum wpa_driver_if_type iftype;
203
204 /*
205 * Many existing WPS APs do not know how to negotiate WPA2 or CCMP in
206 * case they are configured for mixed mode operation (WPA+WPA2 and
207 * TKIP+CCMP). Try to use scan results to figure out whether the AP
208 * actually supports stronger security and select that if the client
209 * has support for it, too.
210 */
211
212 if (wpa_drv_get_capa(wpa_s, &capa))
213 return; /* Unknown what driver supports */
214
215 if (ssid->ssid == NULL)
216 return;
217 bss = wpa_bss_get(wpa_s, cred->mac_addr, ssid->ssid, ssid->ssid_len);
218 if (!bss)
219 bss = wpa_bss_get(wpa_s, wpa_s->bssid,
220 ssid->ssid, ssid->ssid_len);
221 if (bss == NULL) {
222 wpa_printf(MSG_DEBUG, "WPS: The AP was not found from BSS "
223 "table - use credential as-is");
224 return;
225 }
226
227 wpa_printf(MSG_DEBUG, "WPS: AP found from BSS table");
228
229 ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
230 if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0) {
231 wpa2 = 1;
232 if (adv.pairwise_cipher & WPA_CIPHER_CCMP)
233 ccmp = 1;
234 } else {
235 ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
236 if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0 &&
237 adv.pairwise_cipher & WPA_CIPHER_CCMP)
238 ccmp = 1;
239 }
240
241 if (ie == NULL && (ssid->proto & WPA_PROTO_WPA) &&
242 (ssid->pairwise_cipher & WPA_CIPHER_TKIP)) {
243 /*
244 * TODO: This could be the initial AP configuration and the
245 * Beacon contents could change shortly. Should request a new
246 * scan and delay addition of the network until the updated
247 * scan results are available.
248 */
249 wpa_printf(MSG_DEBUG, "WPS: The AP did not yet advertise WPA "
250 "support - use credential as-is");
251 return;
252 }
253
254 iftype = ssid->p2p_group ? WPA_IF_P2P_CLIENT : WPA_IF_STATION;
255
256 if (ccmp && !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) &&
257 (ssid->pairwise_cipher & WPA_CIPHER_TKIP) &&
258 (capa.key_mgmt_iftype[iftype] &
259 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
260 wpa_printf(MSG_DEBUG, "WPS: Add CCMP into the credential "
261 "based on scan results");
262 if (wpa_s->conf->ap_scan == 1)
263 ssid->pairwise_cipher |= WPA_CIPHER_CCMP;
264 else
265 ssid->pairwise_cipher = WPA_CIPHER_CCMP;
266 }
267
268 if (wpa2 && !(ssid->proto & WPA_PROTO_RSN) &&
269 (ssid->proto & WPA_PROTO_WPA) &&
270 (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP)) {
271 wpa_printf(MSG_DEBUG, "WPS: Add WPA2 into the credential "
272 "based on scan results");
273 if (wpa_s->conf->ap_scan == 1)
274 ssid->proto |= WPA_PROTO_RSN;
275 else
276 ssid->proto = WPA_PROTO_RSN;
277 }
278 }
279
280
wpas_wps_remove_dup_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * new_ssid)281 static void wpas_wps_remove_dup_network(struct wpa_supplicant *wpa_s,
282 struct wpa_ssid *new_ssid)
283 {
284 struct wpa_ssid *ssid, *next;
285
286 for (ssid = wpa_s->conf->ssid, next = ssid ? ssid->next : NULL; ssid;
287 ssid = next, next = ssid ? ssid->next : NULL) {
288 /*
289 * new_ssid has already been added to the list in
290 * wpas_wps_add_network(), so skip it.
291 */
292 if (ssid == new_ssid)
293 continue;
294
295 if (ssid->bssid_set || new_ssid->bssid_set) {
296 if (ssid->bssid_set != new_ssid->bssid_set)
297 continue;
298 if (!ether_addr_equal(ssid->bssid, new_ssid->bssid))
299 continue;
300 }
301
302 /* compare SSID */
303 if (ssid->ssid_len == 0 || ssid->ssid_len != new_ssid->ssid_len)
304 continue;
305
306 if (ssid->ssid && new_ssid->ssid) {
307 if (os_memcmp(ssid->ssid, new_ssid->ssid,
308 ssid->ssid_len) != 0)
309 continue;
310 } else if (ssid->ssid || new_ssid->ssid)
311 continue;
312
313 /* compare security parameters */
314 if (ssid->auth_alg != new_ssid->auth_alg ||
315 ssid->key_mgmt != new_ssid->key_mgmt ||
316 (ssid->group_cipher != new_ssid->group_cipher &&
317 !(ssid->group_cipher & new_ssid->group_cipher &
318 WPA_CIPHER_CCMP)))
319 continue;
320
321 /*
322 * Some existing WPS APs will send two creds in case they are
323 * configured for mixed mode operation (WPA+WPA2 and TKIP+CCMP).
324 * Try to merge these two creds if they are received in the same
325 * M8 message.
326 */
327 if (ssid->wps_run && ssid->wps_run == new_ssid->wps_run &&
328 wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
329 if (new_ssid->passphrase && ssid->passphrase &&
330 os_strcmp(new_ssid->passphrase, ssid->passphrase) !=
331 0) {
332 wpa_printf(MSG_DEBUG,
333 "WPS: M8 Creds with different passphrase - do not merge");
334 continue;
335 }
336
337 if (new_ssid->psk_set &&
338 (!ssid->psk_set ||
339 os_memcmp(new_ssid->psk, ssid->psk, 32) != 0)) {
340 wpa_printf(MSG_DEBUG,
341 "WPS: M8 Creds with different PSK - do not merge");
342 continue;
343 }
344
345 if ((new_ssid->passphrase && !ssid->passphrase) ||
346 (!new_ssid->passphrase && ssid->passphrase)) {
347 wpa_printf(MSG_DEBUG,
348 "WPS: M8 Creds with different passphrase/PSK type - do not merge");
349 continue;
350 }
351
352 wpa_printf(MSG_DEBUG,
353 "WPS: Workaround - merge likely WPA/WPA2-mixed mode creds in same M8 message");
354 new_ssid->proto |= ssid->proto;
355 new_ssid->pairwise_cipher |= ssid->pairwise_cipher;
356 } else {
357 /*
358 * proto and pairwise_cipher difference matter for
359 * non-mixed-mode creds.
360 */
361 if (ssid->proto != new_ssid->proto ||
362 ssid->pairwise_cipher != new_ssid->pairwise_cipher)
363 continue;
364 }
365
366 /* Remove the duplicated older network entry. */
367 wpa_printf(MSG_DEBUG, "Remove duplicate network %d", ssid->id);
368 wpas_notify_network_removed(wpa_s, ssid);
369 wpa_config_remove_network(wpa_s->conf, ssid->id);
370 }
371 }
372
373
wpa_supplicant_wps_cred(void * ctx,const struct wps_credential * cred)374 static int wpa_supplicant_wps_cred(void *ctx,
375 const struct wps_credential *cred)
376 {
377 struct wpa_supplicant *wpa_s = ctx;
378 struct wpa_ssid *ssid = wpa_s->current_ssid;
379 u16 auth_type;
380 #ifdef CONFIG_WPS_REG_DISABLE_OPEN
381 int registrar = 0;
382 #endif /* CONFIG_WPS_REG_DISABLE_OPEN */
383 bool add_sae;
384
385 if ((wpa_s->conf->wps_cred_processing == 1 ||
386 wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
387 size_t blen = cred->cred_attr_len * 2 + 1;
388 char *buf = os_malloc(blen);
389 if (buf) {
390 wpa_snprintf_hex(buf, blen,
391 cred->cred_attr, cred->cred_attr_len);
392 wpa_msg(wpa_s, MSG_INFO, "%s%s",
393 WPS_EVENT_CRED_RECEIVED, buf);
394 os_free(buf);
395 }
396
397 wpas_notify_wps_credential(wpa_s, cred);
398 } else
399 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CRED_RECEIVED);
400
401 wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
402 cred->cred_attr, cred->cred_attr_len);
403
404 if (wpa_s->conf->wps_cred_processing == 1)
405 return 0;
406
407 wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
408 wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
409 cred->auth_type);
410 wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
411 wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
412 wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
413 cred->key, cred->key_len);
414 wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
415 MAC2STR(cred->mac_addr));
416
417 auth_type = cred->auth_type;
418 if (auth_type == (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
419 wpa_printf(MSG_DEBUG, "WPS: Workaround - convert mixed-mode "
420 "auth_type into WPA2PSK");
421 auth_type = WPS_AUTH_WPA2PSK;
422 }
423
424 if (auth_type != WPS_AUTH_OPEN &&
425 auth_type != WPS_AUTH_WPAPSK &&
426 auth_type != WPS_AUTH_WPA2PSK) {
427 wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for "
428 "unsupported authentication type 0x%x",
429 auth_type);
430 return 0;
431 }
432
433 if (auth_type == WPS_AUTH_WPAPSK || auth_type == WPS_AUTH_WPA2PSK) {
434 if (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN) {
435 wpa_printf(MSG_ERROR, "WPS: Reject PSK credential with "
436 "invalid Network Key length %lu",
437 (unsigned long) cred->key_len);
438 return -1;
439 }
440 }
441
442 if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
443 wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based "
444 "on the received credential");
445 #ifdef CONFIG_WPS_REG_DISABLE_OPEN
446 if (ssid->eap.identity &&
447 ssid->eap.identity_len == WSC_ID_REGISTRAR_LEN &&
448 os_memcmp(ssid->eap.identity, WSC_ID_REGISTRAR,
449 WSC_ID_REGISTRAR_LEN) == 0)
450 registrar = 1;
451 #endif /* CONFIG_WPS_REG_DISABLE_OPEN */
452 os_free(ssid->eap.identity);
453 ssid->eap.identity = NULL;
454 ssid->eap.identity_len = 0;
455 os_free(ssid->eap.phase1);
456 ssid->eap.phase1 = NULL;
457 os_free(ssid->eap.eap_methods);
458 ssid->eap.eap_methods = NULL;
459 if (!ssid->p2p_group) {
460 ssid->temporary = 0;
461 ssid->bssid_set = 0;
462 }
463 ssid->disabled_until.sec = 0;
464 ssid->disabled_until.usec = 0;
465 ssid->auth_failures = 0;
466 } else {
467 wpa_printf(MSG_DEBUG, "WPS: Create a new network based on the "
468 "received credential");
469 ssid = wpa_config_add_network(wpa_s->conf);
470 if (ssid == NULL)
471 return -1;
472 if (wpa_s->current_ssid) {
473 /*
474 * Should the GO issue multiple credentials for some
475 * reason, each credential should be marked as a
476 * temporary P2P group similarly to the one that gets
477 * marked as such based on the pre-configured values
478 * used for the WPS network block.
479 */
480 ssid->p2p_group = wpa_s->current_ssid->p2p_group;
481 ssid->temporary = wpa_s->current_ssid->temporary;
482 }
483 wpas_notify_network_added(wpa_s, ssid);
484 }
485
486 wpa_config_set_network_defaults(ssid);
487 ssid->wps_run = wpa_s->wps_run;
488
489 os_free(ssid->ssid);
490 ssid->ssid = os_malloc(cred->ssid_len);
491 if (ssid->ssid) {
492 os_memcpy(ssid->ssid, cred->ssid, cred->ssid_len);
493 ssid->ssid_len = cred->ssid_len;
494 }
495
496 switch (cred->encr_type) {
497 case WPS_ENCR_NONE:
498 break;
499 case WPS_ENCR_TKIP:
500 ssid->pairwise_cipher = WPA_CIPHER_TKIP | WPA_CIPHER_CCMP;
501 break;
502 case WPS_ENCR_AES:
503 ssid->pairwise_cipher = WPA_CIPHER_CCMP;
504 if (wpa_s->drv_capa_known &&
505 (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_GCMP)) {
506 ssid->pairwise_cipher |= WPA_CIPHER_GCMP;
507 ssid->group_cipher |= WPA_CIPHER_GCMP;
508 }
509 if (wpa_s->drv_capa_known &&
510 (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_GCMP_256)) {
511 ssid->pairwise_cipher |= WPA_CIPHER_GCMP_256;
512 ssid->group_cipher |= WPA_CIPHER_GCMP_256;
513 }
514 if (wpa_s->drv_capa_known &&
515 (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_CCMP_256)) {
516 ssid->pairwise_cipher |= WPA_CIPHER_CCMP_256;
517 ssid->group_cipher |= WPA_CIPHER_CCMP_256;
518 }
519 break;
520 }
521
522 switch (auth_type) {
523 case WPS_AUTH_OPEN:
524 ssid->auth_alg = WPA_AUTH_ALG_OPEN;
525 ssid->key_mgmt = WPA_KEY_MGMT_NONE;
526 ssid->proto = 0;
527 #ifdef CONFIG_WPS_REG_DISABLE_OPEN
528 if (registrar) {
529 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OPEN_NETWORK
530 "id=%d - Credentials for an open "
531 "network disabled by default - use "
532 "'select_network %d' to enable",
533 ssid->id, ssid->id);
534 ssid->disabled = 1;
535 }
536 #endif /* CONFIG_WPS_REG_DISABLE_OPEN */
537 break;
538 case WPS_AUTH_WPAPSK:
539 ssid->auth_alg = WPA_AUTH_ALG_OPEN;
540 ssid->key_mgmt = WPA_KEY_MGMT_PSK;
541 ssid->proto = WPA_PROTO_WPA | WPA_PROTO_RSN;
542 break;
543 case WPS_AUTH_WPA2PSK:
544 ssid->auth_alg = WPA_AUTH_ALG_OPEN;
545 ssid->key_mgmt = WPA_KEY_MGMT_PSK;
546 add_sae = wpa_s->conf->wps_cred_add_sae;
547 #ifdef CONFIG_P2P
548 if (ssid->p2p_group && is_p2p_6ghz_capable(wpa_s->global->p2p))
549 add_sae = true;
550 #endif /* CONFIG_P2P */
551 if (add_sae && cred->key_len != 2 * PMK_LEN) {
552 ssid->auth_alg = 0;
553 ssid->key_mgmt |= WPA_KEY_MGMT_SAE;
554 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
555 }
556 ssid->proto = WPA_PROTO_RSN;
557 break;
558 }
559
560 if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
561 if (cred->key_len == 2 * PMK_LEN) {
562 if (hexstr2bin((const char *) cred->key, ssid->psk,
563 PMK_LEN)) {
564 wpa_printf(MSG_ERROR, "WPS: Invalid Network "
565 "Key");
566 return -1;
567 }
568 ssid->psk_set = 1;
569 ssid->export_keys = 1;
570 } else if (cred->key_len >= 8 && cred->key_len < 2 * PMK_LEN) {
571 os_free(ssid->passphrase);
572 ssid->passphrase = os_malloc(cred->key_len + 1);
573 if (ssid->passphrase == NULL)
574 return -1;
575 os_memcpy(ssid->passphrase, cred->key, cred->key_len);
576 ssid->passphrase[cred->key_len] = '\0';
577 wpa_config_update_psk(ssid);
578 ssid->export_keys = 1;
579 } else {
580 wpa_printf(MSG_ERROR, "WPS: Invalid Network Key "
581 "length %lu",
582 (unsigned long) cred->key_len);
583 return -1;
584 }
585 }
586 ssid->priority = wpa_s->conf->wps_priority;
587
588 wpas_wps_security_workaround(wpa_s, ssid, cred);
589
590 wpas_wps_remove_dup_network(wpa_s, ssid);
591
592 #ifndef CONFIG_NO_CONFIG_WRITE
593 if (wpa_s->conf->update_config &&
594 wpa_config_write(wpa_s->confname, wpa_s->conf)) {
595 wpa_printf(MSG_DEBUG, "WPS: Failed to update configuration");
596 return -1;
597 }
598 #endif /* CONFIG_NO_CONFIG_WRITE */
599
600 if (ssid->priority)
601 wpa_config_update_prio_list(wpa_s->conf);
602
603 /*
604 * Optimize the post-WPS scan based on the channel used during
605 * the provisioning in case EAP-Failure is not received.
606 */
607 wpa_s->after_wps = 5;
608 wpa_s->wps_freq = wpa_s->assoc_freq;
609
610 return 0;
611 }
612
613
wpa_supplicant_wps_event_m2d(struct wpa_supplicant * wpa_s,struct wps_event_m2d * m2d)614 static void wpa_supplicant_wps_event_m2d(struct wpa_supplicant *wpa_s,
615 struct wps_event_m2d *m2d)
616 {
617 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_M2D
618 "dev_password_id=%d config_error=%d",
619 m2d->dev_password_id, m2d->config_error);
620 wpas_notify_wps_event_m2d(wpa_s, m2d);
621 #ifdef CONFIG_P2P
622 if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s) {
623 wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_M2D
624 "dev_password_id=%d config_error=%d",
625 m2d->dev_password_id, m2d->config_error);
626 }
627 if (m2d->config_error == WPS_CFG_MULTIPLE_PBC_DETECTED) {
628 /*
629 * Notify P2P from eloop timeout to avoid issues with the
630 * interface getting removed while processing a message.
631 */
632 eloop_register_timeout(0, 0, wpas_p2p_pbc_overlap_cb, wpa_s,
633 NULL);
634 }
635 #endif /* CONFIG_P2P */
636 }
637
638
wpas_wps_clear_timeout(void * eloop_ctx,void * timeout_ctx)639 static void wpas_wps_clear_timeout(void *eloop_ctx, void *timeout_ctx)
640 {
641 struct wpa_supplicant *wpa_s = eloop_ctx;
642 wpa_printf(MSG_DEBUG, "WPS: Clear WPS network from timeout");
643 wpas_clear_wps(wpa_s);
644 }
645
646
wpa_supplicant_wps_event_fail(struct wpa_supplicant * wpa_s,struct wps_event_fail * fail)647 static void wpa_supplicant_wps_event_fail(struct wpa_supplicant *wpa_s,
648 struct wps_event_fail *fail)
649 {
650 if (fail->error_indication > 0 &&
651 fail->error_indication < NUM_WPS_EI_VALUES) {
652 wpa_msg(wpa_s, MSG_INFO,
653 WPS_EVENT_FAIL "msg=%d config_error=%d reason=%d (%s)",
654 fail->msg, fail->config_error, fail->error_indication,
655 wps_ei_str(fail->error_indication));
656 if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s)
657 wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_FAIL
658 "msg=%d config_error=%d reason=%d (%s)",
659 fail->msg, fail->config_error,
660 fail->error_indication,
661 wps_ei_str(fail->error_indication));
662 } else {
663 wpa_msg(wpa_s, MSG_INFO,
664 WPS_EVENT_FAIL "msg=%d config_error=%d",
665 fail->msg, fail->config_error);
666 if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s)
667 wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_FAIL
668 "msg=%d config_error=%d",
669 fail->msg, fail->config_error);
670 }
671
672 /*
673 * Need to allow WPS processing to complete, e.g., by sending WSC_NACK.
674 */
675 wpa_printf(MSG_DEBUG, "WPS: Register timeout to clear WPS network");
676 eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL);
677 eloop_register_timeout(0, 100000, wpas_wps_clear_timeout, wpa_s, NULL);
678
679 wpas_notify_wps_event_fail(wpa_s, fail);
680 wpas_p2p_wps_failed(wpa_s, fail);
681 }
682
683
684 static void wpas_wps_reenable_networks_cb(void *eloop_ctx, void *timeout_ctx);
685
wpas_wps_reenable_networks(struct wpa_supplicant * wpa_s)686 static void wpas_wps_reenable_networks(struct wpa_supplicant *wpa_s)
687 {
688 struct wpa_ssid *ssid;
689 int changed = 0;
690
691 eloop_cancel_timeout(wpas_wps_reenable_networks_cb, wpa_s, NULL);
692
693 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
694 if (ssid->disabled_for_connect && ssid->disabled) {
695 ssid->disabled_for_connect = 0;
696 ssid->disabled = 0;
697 wpas_notify_network_enabled_changed(wpa_s, ssid);
698 changed++;
699 }
700 }
701
702 if (changed) {
703 #ifndef CONFIG_NO_CONFIG_WRITE
704 if (wpa_s->conf->update_config &&
705 wpa_config_write(wpa_s->confname, wpa_s->conf)) {
706 wpa_printf(MSG_DEBUG, "WPS: Failed to update "
707 "configuration");
708 }
709 #endif /* CONFIG_NO_CONFIG_WRITE */
710 }
711 }
712
713
wpas_wps_reenable_networks_cb(void * eloop_ctx,void * timeout_ctx)714 static void wpas_wps_reenable_networks_cb(void *eloop_ctx, void *timeout_ctx)
715 {
716 struct wpa_supplicant *wpa_s = eloop_ctx;
717 /* Enable the networks disabled during wpas_wps_reassoc */
718 wpas_wps_reenable_networks(wpa_s);
719 }
720
721
wpas_wps_reenable_networks_pending(struct wpa_supplicant * wpa_s)722 int wpas_wps_reenable_networks_pending(struct wpa_supplicant *wpa_s)
723 {
724 return eloop_is_timeout_registered(wpas_wps_reenable_networks_cb,
725 wpa_s, NULL);
726 }
727
728
wpa_supplicant_wps_event_success(struct wpa_supplicant * wpa_s)729 static void wpa_supplicant_wps_event_success(struct wpa_supplicant *wpa_s)
730 {
731 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_SUCCESS);
732 wpa_s->wps_success = 1;
733 wpas_notify_wps_event_success(wpa_s);
734 if (wpa_s->current_ssid)
735 wpas_clear_temp_disabled(wpa_s, wpa_s->current_ssid, 1);
736 wpa_s->consecutive_conn_failures = 0;
737
738 /*
739 * Enable the networks disabled during wpas_wps_reassoc after 10
740 * seconds. The 10 seconds timer is to allow the data connection to be
741 * formed before allowing other networks to be selected.
742 */
743 eloop_register_timeout(10, 0, wpas_wps_reenable_networks_cb, wpa_s,
744 NULL);
745
746 wpas_p2p_wps_success(wpa_s, wpa_s->bssid, 0);
747 }
748
749
wpa_supplicant_wps_event_er_ap_add(struct wpa_supplicant * wpa_s,struct wps_event_er_ap * ap)750 static void wpa_supplicant_wps_event_er_ap_add(struct wpa_supplicant *wpa_s,
751 struct wps_event_er_ap *ap)
752 {
753 char uuid_str[100];
754 char dev_type[WPS_DEV_TYPE_BUFSIZE];
755
756 uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str));
757 if (ap->pri_dev_type)
758 wps_dev_type_bin2str(ap->pri_dev_type, dev_type,
759 sizeof(dev_type));
760 else
761 dev_type[0] = '\0';
762
763 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_ADD "%s " MACSTR
764 " pri_dev_type=%s wps_state=%d |%s|%s|%s|%s|%s|%s|",
765 uuid_str, MAC2STR(ap->mac_addr), dev_type, ap->wps_state,
766 ap->friendly_name ? ap->friendly_name : "",
767 ap->manufacturer ? ap->manufacturer : "",
768 ap->model_description ? ap->model_description : "",
769 ap->model_name ? ap->model_name : "",
770 ap->manufacturer_url ? ap->manufacturer_url : "",
771 ap->model_url ? ap->model_url : "");
772 }
773
774
wpa_supplicant_wps_event_er_ap_remove(struct wpa_supplicant * wpa_s,struct wps_event_er_ap * ap)775 static void wpa_supplicant_wps_event_er_ap_remove(struct wpa_supplicant *wpa_s,
776 struct wps_event_er_ap *ap)
777 {
778 char uuid_str[100];
779 uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str));
780 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_REMOVE "%s", uuid_str);
781 }
782
783
wpa_supplicant_wps_event_er_enrollee_add(struct wpa_supplicant * wpa_s,struct wps_event_er_enrollee * enrollee)784 static void wpa_supplicant_wps_event_er_enrollee_add(
785 struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee)
786 {
787 char uuid_str[100];
788 char dev_type[WPS_DEV_TYPE_BUFSIZE];
789
790 uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str));
791 if (enrollee->pri_dev_type)
792 wps_dev_type_bin2str(enrollee->pri_dev_type, dev_type,
793 sizeof(dev_type));
794 else
795 dev_type[0] = '\0';
796
797 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_ADD "%s " MACSTR
798 " M1=%d config_methods=0x%x dev_passwd_id=%d pri_dev_type=%s "
799 "|%s|%s|%s|%s|%s|",
800 uuid_str, MAC2STR(enrollee->mac_addr), enrollee->m1_received,
801 enrollee->config_methods, enrollee->dev_passwd_id, dev_type,
802 enrollee->dev_name ? enrollee->dev_name : "",
803 enrollee->manufacturer ? enrollee->manufacturer : "",
804 enrollee->model_name ? enrollee->model_name : "",
805 enrollee->model_number ? enrollee->model_number : "",
806 enrollee->serial_number ? enrollee->serial_number : "");
807 }
808
809
wpa_supplicant_wps_event_er_enrollee_remove(struct wpa_supplicant * wpa_s,struct wps_event_er_enrollee * enrollee)810 static void wpa_supplicant_wps_event_er_enrollee_remove(
811 struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee)
812 {
813 char uuid_str[100];
814 uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str));
815 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_REMOVE "%s " MACSTR,
816 uuid_str, MAC2STR(enrollee->mac_addr));
817 }
818
819
wpa_supplicant_wps_event_er_ap_settings(struct wpa_supplicant * wpa_s,struct wps_event_er_ap_settings * ap_settings)820 static void wpa_supplicant_wps_event_er_ap_settings(
821 struct wpa_supplicant *wpa_s,
822 struct wps_event_er_ap_settings *ap_settings)
823 {
824 char uuid_str[100];
825 char key_str[65];
826 const struct wps_credential *cred = ap_settings->cred;
827
828 key_str[0] = '\0';
829 if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
830 if (cred->key_len >= 8 && cred->key_len <= 64) {
831 os_memcpy(key_str, cred->key, cred->key_len);
832 key_str[cred->key_len] = '\0';
833 }
834 }
835
836 uuid_bin2str(ap_settings->uuid, uuid_str, sizeof(uuid_str));
837 /* Use wpa_msg_ctrl to avoid showing the key in debug log */
838 wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_SETTINGS
839 "uuid=%s ssid=%s auth_type=0x%04x encr_type=0x%04x "
840 "key=%s",
841 uuid_str, wpa_ssid_txt(cred->ssid, cred->ssid_len),
842 cred->auth_type, cred->encr_type, key_str);
843 }
844
845
wpa_supplicant_wps_event_er_set_sel_reg(struct wpa_supplicant * wpa_s,struct wps_event_er_set_selected_registrar * ev)846 static void wpa_supplicant_wps_event_er_set_sel_reg(
847 struct wpa_supplicant *wpa_s,
848 struct wps_event_er_set_selected_registrar *ev)
849 {
850 char uuid_str[100];
851
852 uuid_bin2str(ev->uuid, uuid_str, sizeof(uuid_str));
853 switch (ev->state) {
854 case WPS_ER_SET_SEL_REG_START:
855 wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG
856 "uuid=%s state=START sel_reg=%d dev_passwd_id=%u "
857 "sel_reg_config_methods=0x%x",
858 uuid_str, ev->sel_reg, ev->dev_passwd_id,
859 ev->sel_reg_config_methods);
860 break;
861 case WPS_ER_SET_SEL_REG_DONE:
862 wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG
863 "uuid=%s state=DONE", uuid_str);
864 break;
865 case WPS_ER_SET_SEL_REG_FAILED:
866 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_SET_SEL_REG
867 "uuid=%s state=FAILED", uuid_str);
868 break;
869 }
870 }
871
872
wpa_supplicant_wps_event(void * ctx,enum wps_event event,union wps_event_data * data)873 static void wpa_supplicant_wps_event(void *ctx, enum wps_event event,
874 union wps_event_data *data)
875 {
876 struct wpa_supplicant *wpa_s = ctx;
877 switch (event) {
878 case WPS_EV_M2D:
879 wpa_supplicant_wps_event_m2d(wpa_s, &data->m2d);
880 break;
881 case WPS_EV_FAIL:
882 wpa_supplicant_wps_event_fail(wpa_s, &data->fail);
883 break;
884 case WPS_EV_SUCCESS:
885 wpa_supplicant_wps_event_success(wpa_s);
886 break;
887 case WPS_EV_PWD_AUTH_FAIL:
888 #ifdef CONFIG_AP
889 if (wpa_s->ap_iface && data->pwd_auth_fail.enrollee)
890 wpa_supplicant_ap_pwd_auth_fail(wpa_s);
891 #endif /* CONFIG_AP */
892 break;
893 case WPS_EV_PBC_OVERLAP:
894 break;
895 case WPS_EV_PBC_TIMEOUT:
896 break;
897 case WPS_EV_PBC_ACTIVE:
898 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ACTIVE);
899 break;
900 case WPS_EV_PBC_DISABLE:
901 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_DISABLE);
902 break;
903 case WPS_EV_ER_AP_ADD:
904 wpa_supplicant_wps_event_er_ap_add(wpa_s, &data->ap);
905 break;
906 case WPS_EV_ER_AP_REMOVE:
907 wpa_supplicant_wps_event_er_ap_remove(wpa_s, &data->ap);
908 break;
909 case WPS_EV_ER_ENROLLEE_ADD:
910 wpa_supplicant_wps_event_er_enrollee_add(wpa_s,
911 &data->enrollee);
912 break;
913 case WPS_EV_ER_ENROLLEE_REMOVE:
914 wpa_supplicant_wps_event_er_enrollee_remove(wpa_s,
915 &data->enrollee);
916 break;
917 case WPS_EV_ER_AP_SETTINGS:
918 wpa_supplicant_wps_event_er_ap_settings(wpa_s,
919 &data->ap_settings);
920 break;
921 case WPS_EV_ER_SET_SELECTED_REGISTRAR:
922 wpa_supplicant_wps_event_er_set_sel_reg(wpa_s,
923 &data->set_sel_reg);
924 break;
925 case WPS_EV_AP_PIN_SUCCESS:
926 break;
927 }
928 }
929
930
wpa_supplicant_wps_rf_band(void * ctx)931 static int wpa_supplicant_wps_rf_band(void *ctx)
932 {
933 struct wpa_supplicant *wpa_s = ctx;
934
935 if (!wpa_s->current_ssid || !wpa_s->assoc_freq)
936 return 0;
937
938 return (wpa_s->assoc_freq > 50000) ? WPS_RF_60GHZ :
939 (wpa_s->assoc_freq > 2484) ? WPS_RF_50GHZ : WPS_RF_24GHZ;
940 }
941
942
wpas_wps_get_req_type(struct wpa_ssid * ssid)943 enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid)
944 {
945 if (eap_is_wps_pbc_enrollee(&ssid->eap) ||
946 eap_is_wps_pin_enrollee(&ssid->eap))
947 return WPS_REQ_ENROLLEE;
948 else
949 return WPS_REQ_REGISTRAR;
950 }
951
952
wpas_clear_wps(struct wpa_supplicant * wpa_s)953 static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
954 {
955 int id;
956 struct wpa_ssid *ssid, *remove_ssid = NULL, *prev_current;
957
958 wpa_s->after_wps = 0;
959 wpa_s->known_wps_freq = 0;
960
961 prev_current = wpa_s->current_ssid;
962
963 /* Enable the networks disabled during wpas_wps_reassoc */
964 wpas_wps_reenable_networks(wpa_s);
965
966 eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
967 eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL);
968
969 /* Remove any existing WPS network from configuration */
970 ssid = wpa_s->conf->ssid;
971 while (ssid) {
972 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
973 if (ssid == wpa_s->current_ssid) {
974 wpa_s->own_disconnect_req = 1;
975 wpa_supplicant_deauthenticate(
976 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
977 }
978 id = ssid->id;
979 remove_ssid = ssid;
980 } else
981 id = -1;
982 ssid = ssid->next;
983 if (id >= 0) {
984 if (prev_current == remove_ssid) {
985 wpa_sm_set_config(wpa_s->wpa, NULL);
986 eapol_sm_notify_config(wpa_s->eapol, NULL,
987 NULL);
988 }
989 wpas_notify_network_removed(wpa_s, remove_ssid);
990 wpa_config_remove_network(wpa_s->conf, id);
991 }
992 }
993
994 wpas_wps_clear_ap_info(wpa_s);
995 }
996
997
wpas_wps_timeout(void * eloop_ctx,void * timeout_ctx)998 static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx)
999 {
1000 struct wpa_supplicant *wpa_s = eloop_ctx;
1001 union wps_event_data data;
1002
1003 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_TIMEOUT "Requested operation timed "
1004 "out");
1005 os_memset(&data, 0, sizeof(data));
1006 data.fail.config_error = WPS_CFG_MSG_TIMEOUT;
1007 data.fail.error_indication = WPS_EI_NO_ERROR;
1008 /*
1009 * Call wpas_notify_wps_event_fail() directly instead of through
1010 * wpa_supplicant_wps_event() which would end up registering unnecessary
1011 * timeouts (those are only for the case where the failure happens
1012 * during an EAP-WSC exchange).
1013 */
1014 wpas_notify_wps_event_fail(wpa_s, &data.fail);
1015 wpa_s->supp_pbc_active = false;
1016 wpa_s->wps_overlap = false;
1017 wpas_clear_wps(wpa_s);
1018 }
1019
1020
wpas_wps_add_network(struct wpa_supplicant * wpa_s,int registrar,const u8 * dev_addr,const u8 * bssid)1021 static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s,
1022 int registrar, const u8 *dev_addr,
1023 const u8 *bssid)
1024 {
1025 struct wpa_ssid *ssid;
1026
1027 ssid = wpa_config_add_network(wpa_s->conf);
1028 if (ssid == NULL)
1029 return NULL;
1030 wpas_notify_network_added(wpa_s, ssid);
1031 wpa_config_set_network_defaults(ssid);
1032 ssid->temporary = 1;
1033 if (wpa_config_set(ssid, "key_mgmt", "WPS", 0) < 0 ||
1034 wpa_config_set(ssid, "eap", "WSC", 0) < 0 ||
1035 wpa_config_set(ssid, "identity", registrar ?
1036 "\"" WSC_ID_REGISTRAR "\"" :
1037 "\"" WSC_ID_ENROLLEE "\"", 0) < 0) {
1038 wpas_notify_network_removed(wpa_s, ssid);
1039 wpa_config_remove_network(wpa_s->conf, ssid->id);
1040 return NULL;
1041 }
1042
1043 #ifdef CONFIG_P2P
1044 if (dev_addr)
1045 os_memcpy(ssid->go_p2p_dev_addr, dev_addr, ETH_ALEN);
1046 #endif /* CONFIG_P2P */
1047
1048 if (bssid) {
1049 #ifndef CONFIG_P2P
1050 struct wpa_bss *bss;
1051 int count = 0;
1052 #endif /* CONFIG_P2P */
1053
1054 os_memcpy(ssid->bssid, bssid, ETH_ALEN);
1055 ssid->bssid_set = 1;
1056
1057 /*
1058 * Note: With P2P, the SSID may change at the time the WPS
1059 * provisioning is started, so better not filter the AP based
1060 * on the current SSID in the scan results.
1061 */
1062 #ifndef CONFIG_P2P
1063 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1064 if (!ether_addr_equal(bssid, bss->bssid))
1065 continue;
1066
1067 os_free(ssid->ssid);
1068 ssid->ssid = os_memdup(bss->ssid, bss->ssid_len);
1069 if (ssid->ssid == NULL)
1070 break;
1071 ssid->ssid_len = bss->ssid_len;
1072 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from "
1073 "scan results",
1074 ssid->ssid, ssid->ssid_len);
1075 count++;
1076 }
1077
1078 if (count > 1) {
1079 wpa_printf(MSG_DEBUG, "WPS: More than one SSID found "
1080 "for the AP; use wildcard");
1081 os_free(ssid->ssid);
1082 ssid->ssid = NULL;
1083 ssid->ssid_len = 0;
1084 }
1085 #endif /* CONFIG_P2P */
1086 }
1087
1088 return ssid;
1089 }
1090
1091
wpas_wps_temp_disable(struct wpa_supplicant * wpa_s,struct wpa_ssid * selected)1092 static void wpas_wps_temp_disable(struct wpa_supplicant *wpa_s,
1093 struct wpa_ssid *selected)
1094 {
1095 struct wpa_ssid *ssid;
1096
1097 if (wpa_s->current_ssid) {
1098 wpa_s->own_disconnect_req = 1;
1099 wpa_supplicant_deauthenticate(
1100 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1101 }
1102
1103 /* Mark all other networks disabled and trigger reassociation */
1104 ssid = wpa_s->conf->ssid;
1105 while (ssid) {
1106 int was_disabled = ssid->disabled;
1107 ssid->disabled_for_connect = 0;
1108 /*
1109 * In case the network object corresponds to a persistent group
1110 * then do not send out network disabled signal. In addition,
1111 * do not change disabled status of persistent network objects
1112 * from 2 to 1 should we connect to another network.
1113 */
1114 if (was_disabled != 2) {
1115 ssid->disabled = ssid != selected;
1116 if (was_disabled != ssid->disabled) {
1117 if (ssid->disabled)
1118 ssid->disabled_for_connect = 1;
1119 wpas_notify_network_enabled_changed(wpa_s,
1120 ssid);
1121 }
1122 }
1123 ssid = ssid->next;
1124 }
1125 }
1126
1127
wpas_wps_reassoc(struct wpa_supplicant * wpa_s,struct wpa_ssid * selected,const u8 * bssid,int freq)1128 static void wpas_wps_reassoc(struct wpa_supplicant *wpa_s,
1129 struct wpa_ssid *selected, const u8 *bssid,
1130 int freq)
1131 {
1132 struct wpa_bss *bss;
1133
1134 wpa_s->wps_run++;
1135 if (wpa_s->wps_run == 0)
1136 wpa_s->wps_run++;
1137 wpa_s->after_wps = 0;
1138 wpa_s->known_wps_freq = 0;
1139 if (freq) {
1140 wpa_s->after_wps = 5;
1141 wpa_s->wps_freq = freq;
1142 } else if (bssid) {
1143 bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
1144 if (bss && bss->freq > 0) {
1145 wpa_s->known_wps_freq = 1;
1146 wpa_s->wps_freq = bss->freq;
1147 }
1148 }
1149
1150 wpas_wps_temp_disable(wpa_s, selected);
1151
1152 wpa_s->disconnected = 0;
1153 wpa_s->reassociate = 1;
1154 wpa_s->scan_runs = 0;
1155 wpa_s->normal_scans = 0;
1156 wpa_s->wps_success = 0;
1157 wpa_s->bssid_ignore_cleared = false;
1158
1159 wpa_supplicant_cancel_sched_scan(wpa_s);
1160 wpa_supplicant_req_scan(wpa_s, 0, 0);
1161 }
1162
1163
wpas_wps_start_pbc(struct wpa_supplicant * wpa_s,const u8 * bssid,int p2p_group,int multi_ap_backhaul_sta)1164 int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
1165 int p2p_group, int multi_ap_backhaul_sta)
1166 {
1167 struct wpa_ssid *ssid;
1168 char phase1[32];
1169
1170 #ifdef CONFIG_AP
1171 if (wpa_s->ap_iface) {
1172 wpa_printf(MSG_DEBUG,
1173 "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled");
1174 return -1;
1175 }
1176 #endif /* CONFIG_AP */
1177 wpas_clear_wps(wpa_s);
1178 ssid = wpas_wps_add_network(wpa_s, 0, NULL, bssid);
1179 if (ssid == NULL)
1180 return -1;
1181 ssid->temporary = 1;
1182 ssid->p2p_group = p2p_group;
1183 /*
1184 * When starting a regular WPS process (not P2P group formation)
1185 * the registrar/final station can be either AP or PCP
1186 * so use a "don't care" value for the pbss flag.
1187 */
1188 if (!p2p_group)
1189 ssid->pbss = 2;
1190 #ifdef CONFIG_P2P
1191 if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) {
1192 ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1);
1193 if (ssid->ssid) {
1194 ssid->ssid_len = wpa_s->go_params->ssid_len;
1195 os_memcpy(ssid->ssid, wpa_s->go_params->ssid,
1196 ssid->ssid_len);
1197 if (wpa_s->go_params->freq > 56160) {
1198 /* P2P in 60 GHz uses PBSS */
1199 ssid->pbss = 1;
1200 }
1201 if (wpa_s->go_params->edmg &&
1202 wpas_p2p_try_edmg_channel(wpa_s,
1203 wpa_s->go_params) == 0)
1204 ssid->enable_edmg = 1;
1205
1206 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP "
1207 "SSID", ssid->ssid, ssid->ssid_len);
1208 }
1209 }
1210 #endif /* CONFIG_P2P */
1211 if (multi_ap_backhaul_sta)
1212 os_snprintf(phase1, sizeof(phase1), "pbc=1 multi_ap=%d",
1213 multi_ap_backhaul_sta);
1214 else
1215 os_snprintf(phase1, sizeof(phase1), "pbc=1");
1216 if (wpa_config_set_quoted(ssid, "phase1", phase1) < 0)
1217 return -1;
1218 if (wpa_s->wps_fragment_size)
1219 ssid->eap.fragment_size = wpa_s->wps_fragment_size;
1220 if (multi_ap_backhaul_sta) {
1221 ssid->multi_ap_backhaul_sta = 1;
1222 ssid->multi_ap_profile = multi_ap_backhaul_sta;
1223 }
1224 wpa_s->supp_pbc_active = true;
1225 wpa_s->wps_overlap = false;
1226 wpa_supplicant_wps_event(wpa_s, WPS_EV_PBC_ACTIVE, NULL);
1227 eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
1228 wpa_s, NULL);
1229 wpas_wps_reassoc(wpa_s, ssid, bssid, 0);
1230 return 0;
1231 }
1232
1233
wpas_wps_start_dev_pw(struct wpa_supplicant * wpa_s,const u8 * dev_addr,const u8 * bssid,const char * pin,int p2p_group,u16 dev_pw_id,const u8 * peer_pubkey_hash,const u8 * ssid_val,size_t ssid_len,int freq)1234 static int wpas_wps_start_dev_pw(struct wpa_supplicant *wpa_s,
1235 const u8 *dev_addr, const u8 *bssid,
1236 const char *pin, int p2p_group, u16 dev_pw_id,
1237 const u8 *peer_pubkey_hash,
1238 const u8 *ssid_val, size_t ssid_len, int freq)
1239 {
1240 struct wpa_ssid *ssid;
1241 char val[128 + 2 * WPS_OOB_PUBKEY_HASH_LEN];
1242 unsigned int rpin = 0;
1243 char hash[2 * WPS_OOB_PUBKEY_HASH_LEN + 10];
1244
1245 #ifdef CONFIG_AP
1246 if (wpa_s->ap_iface) {
1247 wpa_printf(MSG_DEBUG,
1248 "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled");
1249 return -1;
1250 }
1251 #endif /* CONFIG_AP */
1252 wpas_clear_wps(wpa_s);
1253 if (bssid && is_zero_ether_addr(bssid))
1254 bssid = NULL;
1255 ssid = wpas_wps_add_network(wpa_s, 0, dev_addr, bssid);
1256 if (ssid == NULL) {
1257 wpa_printf(MSG_DEBUG, "WPS: Could not add network");
1258 return -1;
1259 }
1260 ssid->temporary = 1;
1261 ssid->p2p_group = p2p_group;
1262 /*
1263 * When starting a regular WPS process (not P2P group formation)
1264 * the registrar/final station can be either AP or PCP
1265 * so use a "don't care" value for the pbss flag.
1266 */
1267 if (!p2p_group)
1268 ssid->pbss = 2;
1269 if (ssid_val) {
1270 ssid->ssid = os_malloc(ssid_len);
1271 if (ssid->ssid) {
1272 os_memcpy(ssid->ssid, ssid_val, ssid_len);
1273 ssid->ssid_len = ssid_len;
1274 }
1275 }
1276 if (peer_pubkey_hash) {
1277 os_memcpy(hash, " pkhash=", 8);
1278 wpa_snprintf_hex_uppercase(hash + 8, sizeof(hash) - 8,
1279 peer_pubkey_hash,
1280 WPS_OOB_PUBKEY_HASH_LEN);
1281 } else {
1282 hash[0] = '\0';
1283 }
1284 #ifdef CONFIG_P2P
1285 if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) {
1286 os_free(ssid->ssid);
1287 ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1);
1288 if (ssid->ssid) {
1289 ssid->ssid_len = wpa_s->go_params->ssid_len;
1290 os_memcpy(ssid->ssid, wpa_s->go_params->ssid,
1291 ssid->ssid_len);
1292 if (wpa_s->go_params->freq > 56160) {
1293 /* P2P in 60 GHz uses PBSS */
1294 ssid->pbss = 1;
1295 }
1296 if (wpa_s->go_params->edmg &&
1297 wpas_p2p_try_edmg_channel(wpa_s,
1298 wpa_s->go_params) == 0)
1299 ssid->enable_edmg = 1;
1300
1301 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP "
1302 "SSID", ssid->ssid, ssid->ssid_len);
1303 }
1304 }
1305 #endif /* CONFIG_P2P */
1306 if (pin)
1307 os_snprintf(val, sizeof(val), "\"pin=%s dev_pw_id=%u%s\"",
1308 pin, dev_pw_id, hash);
1309 else if (pin == NULL && dev_pw_id == DEV_PW_NFC_CONNECTION_HANDOVER) {
1310 os_snprintf(val, sizeof(val), "\"dev_pw_id=%u%s\"",
1311 dev_pw_id, hash);
1312 } else {
1313 if (wps_generate_pin(&rpin) < 0) {
1314 wpa_printf(MSG_DEBUG, "WPS: Could not generate PIN");
1315 return -1;
1316 }
1317 os_snprintf(val, sizeof(val), "\"pin=%08d dev_pw_id=%u%s\"",
1318 rpin, dev_pw_id, hash);
1319 }
1320 if (wpa_config_set(ssid, "phase1", val, 0) < 0) {
1321 wpa_printf(MSG_DEBUG, "WPS: Failed to set phase1 '%s'", val);
1322 return -1;
1323 }
1324
1325 if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER)
1326 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_PIN_ACTIVE);
1327
1328 if (wpa_s->wps_fragment_size)
1329 ssid->eap.fragment_size = wpa_s->wps_fragment_size;
1330 eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
1331 wpa_s, NULL);
1332 wpa_s->wps_ap_iter = 1;
1333 wpas_wps_reassoc(wpa_s, ssid, bssid, freq);
1334 return rpin;
1335 }
1336
1337
wpas_wps_start_pin(struct wpa_supplicant * wpa_s,const u8 * bssid,const char * pin,int p2p_group,u16 dev_pw_id)1338 int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
1339 const char *pin, int p2p_group, u16 dev_pw_id)
1340 {
1341 os_get_reltime(&wpa_s->wps_pin_start_time);
1342 return wpas_wps_start_dev_pw(wpa_s, NULL, bssid, pin, p2p_group,
1343 dev_pw_id, NULL, NULL, 0, 0);
1344 }
1345
1346
wpas_wps_pbc_overlap(struct wpa_supplicant * wpa_s)1347 void wpas_wps_pbc_overlap(struct wpa_supplicant *wpa_s)
1348 {
1349 union wps_event_data data;
1350
1351 os_memset(&data, 0, sizeof(data));
1352 data.fail.config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
1353 data.fail.error_indication = WPS_EI_NO_ERROR;
1354 /*
1355 * Call wpas_notify_wps_event_fail() directly instead of through
1356 * wpa_supplicant_wps_event() which would end up registering unnecessary
1357 * timeouts (those are only for the case where the failure happens
1358 * during an EAP-WSC exchange).
1359 */
1360 wpas_notify_wps_event_fail(wpa_s, &data.fail);
1361 }
1362
1363 /* Cancel the wps pbc/pin requests */
wpas_wps_cancel(struct wpa_supplicant * wpa_s)1364 int wpas_wps_cancel(struct wpa_supplicant *wpa_s)
1365 {
1366 #ifdef CONFIG_AP
1367 if (wpa_s->ap_iface) {
1368 wpa_printf(MSG_DEBUG, "WPS: Cancelling in AP mode");
1369 return wpa_supplicant_ap_wps_cancel(wpa_s);
1370 }
1371 #endif /* CONFIG_AP */
1372
1373 if (wpa_s->wpa_state == WPA_SCANNING ||
1374 wpa_s->wpa_state == WPA_DISCONNECTED) {
1375 wpa_printf(MSG_DEBUG, "WPS: Cancel operation - cancel scan");
1376 wpa_supplicant_cancel_scan(wpa_s);
1377 wpas_clear_wps(wpa_s);
1378 } else if (wpa_s->wpa_state >= WPA_ASSOCIATED) {
1379 wpa_printf(MSG_DEBUG, "WPS: Cancel operation - "
1380 "deauthenticate");
1381 wpa_s->own_disconnect_req = 1;
1382 wpa_supplicant_deauthenticate(wpa_s,
1383 WLAN_REASON_DEAUTH_LEAVING);
1384 wpas_clear_wps(wpa_s);
1385 } else {
1386 wpas_wps_reenable_networks(wpa_s);
1387 wpas_wps_clear_ap_info(wpa_s);
1388 if (eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL) >
1389 0)
1390 wpas_clear_wps(wpa_s);
1391 }
1392
1393 wpa_s->supp_pbc_active = false;
1394 wpa_s->wps_overlap = false;
1395 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CANCEL);
1396 wpa_s->after_wps = 0;
1397
1398 return 0;
1399 }
1400
1401
wpas_wps_start_reg(struct wpa_supplicant * wpa_s,const u8 * bssid,const char * pin,struct wps_new_ap_settings * settings)1402 int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid,
1403 const char *pin, struct wps_new_ap_settings *settings)
1404 {
1405 struct wpa_ssid *ssid;
1406 char val[200];
1407 char *pos, *end;
1408 int res;
1409
1410 #ifdef CONFIG_AP
1411 if (wpa_s->ap_iface) {
1412 wpa_printf(MSG_DEBUG,
1413 "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled");
1414 return -1;
1415 }
1416 #endif /* CONFIG_AP */
1417 if (!pin)
1418 return -1;
1419 wpas_clear_wps(wpa_s);
1420 ssid = wpas_wps_add_network(wpa_s, 1, NULL, bssid);
1421 if (ssid == NULL)
1422 return -1;
1423 ssid->temporary = 1;
1424 pos = val;
1425 end = pos + sizeof(val);
1426 res = os_snprintf(pos, end - pos, "\"pin=%s", pin);
1427 if (os_snprintf_error(end - pos, res))
1428 return -1;
1429 pos += res;
1430 if (settings) {
1431 res = os_snprintf(pos, end - pos, " new_ssid=%s new_auth=%s "
1432 "new_encr=%s new_key=%s",
1433 settings->ssid_hex, settings->auth,
1434 settings->encr, settings->key_hex);
1435 if (os_snprintf_error(end - pos, res))
1436 return -1;
1437 pos += res;
1438 }
1439 res = os_snprintf(pos, end - pos, "\"");
1440 if (os_snprintf_error(end - pos, res))
1441 return -1;
1442 if (wpa_config_set(ssid, "phase1", val, 0) < 0)
1443 return -1;
1444 if (wpa_s->wps_fragment_size)
1445 ssid->eap.fragment_size = wpa_s->wps_fragment_size;
1446 eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
1447 wpa_s, NULL);
1448 wpas_wps_reassoc(wpa_s, ssid, bssid, 0);
1449 return 0;
1450 }
1451
1452
wpas_wps_new_psk_cb(void * ctx,const u8 * mac_addr,const u8 * p2p_dev_addr,const u8 * psk,size_t psk_len)1453 static int wpas_wps_new_psk_cb(void *ctx, const u8 *mac_addr,
1454 const u8 *p2p_dev_addr, const u8 *psk,
1455 size_t psk_len)
1456 {
1457 if (is_zero_ether_addr(p2p_dev_addr)) {
1458 wpa_printf(MSG_DEBUG,
1459 "Received new WPA/WPA2-PSK from WPS for STA " MACSTR,
1460 MAC2STR(mac_addr));
1461 } else {
1462 wpa_printf(MSG_DEBUG,
1463 "Received new WPA/WPA2-PSK from WPS for STA " MACSTR
1464 " P2P Device Addr " MACSTR,
1465 MAC2STR(mac_addr), MAC2STR(p2p_dev_addr));
1466 }
1467 wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
1468
1469 /* TODO */
1470
1471 return 0;
1472 }
1473
1474
wpas_wps_pin_needed_cb(void * ctx,const u8 * uuid_e,const struct wps_device_data * dev)1475 static void wpas_wps_pin_needed_cb(void *ctx, const u8 *uuid_e,
1476 const struct wps_device_data *dev)
1477 {
1478 char uuid[40], txt[400];
1479 int len;
1480 char devtype[WPS_DEV_TYPE_BUFSIZE];
1481 if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
1482 return;
1483 wpa_printf(MSG_DEBUG, "WPS: PIN needed for UUID-E %s", uuid);
1484 len = os_snprintf(txt, sizeof(txt), "WPS-EVENT-PIN-NEEDED %s " MACSTR
1485 " [%s|%s|%s|%s|%s|%s]",
1486 uuid, MAC2STR(dev->mac_addr), dev->device_name,
1487 dev->manufacturer, dev->model_name,
1488 dev->model_number, dev->serial_number,
1489 wps_dev_type_bin2str(dev->pri_dev_type, devtype,
1490 sizeof(devtype)));
1491 if (!os_snprintf_error(sizeof(txt), len))
1492 wpa_printf(MSG_INFO, "%s", txt);
1493 }
1494
1495
wpas_wps_set_sel_reg_cb(void * ctx,int sel_reg,u16 dev_passwd_id,u16 sel_reg_config_methods)1496 static void wpas_wps_set_sel_reg_cb(void *ctx, int sel_reg, u16 dev_passwd_id,
1497 u16 sel_reg_config_methods)
1498 {
1499 #ifdef CONFIG_WPS_ER
1500 struct wpa_supplicant *wpa_s = ctx;
1501
1502 if (wpa_s->wps_er == NULL)
1503 return;
1504 wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar - sel_reg=%d "
1505 "dev_password_id=%u sel_reg_config_methods=0x%x",
1506 sel_reg, dev_passwd_id, sel_reg_config_methods);
1507 wps_er_set_sel_reg(wpa_s->wps_er, sel_reg, dev_passwd_id,
1508 sel_reg_config_methods);
1509 #endif /* CONFIG_WPS_ER */
1510 }
1511
1512
wps_fix_config_methods(u16 config_methods)1513 static u16 wps_fix_config_methods(u16 config_methods)
1514 {
1515 if ((config_methods &
1516 (WPS_CONFIG_DISPLAY | WPS_CONFIG_VIRT_DISPLAY |
1517 WPS_CONFIG_PHY_DISPLAY)) == WPS_CONFIG_DISPLAY) {
1518 wpa_printf(MSG_INFO, "WPS: Converting display to "
1519 "virtual_display for WPS 2.0 compliance");
1520 config_methods |= WPS_CONFIG_VIRT_DISPLAY;
1521 }
1522 if ((config_methods &
1523 (WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON |
1524 WPS_CONFIG_PHY_PUSHBUTTON)) == WPS_CONFIG_PUSHBUTTON) {
1525 wpa_printf(MSG_INFO, "WPS: Converting push_button to "
1526 "virtual_push_button for WPS 2.0 compliance");
1527 config_methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
1528 }
1529
1530 return config_methods;
1531 }
1532
1533
wpas_wps_set_uuid(struct wpa_supplicant * wpa_s,struct wps_context * wps)1534 static void wpas_wps_set_uuid(struct wpa_supplicant *wpa_s,
1535 struct wps_context *wps)
1536 {
1537 char buf[50];
1538 const char *src;
1539
1540 if (is_nil_uuid(wpa_s->conf->uuid)) {
1541 struct wpa_supplicant *first;
1542 first = wpa_s->global->ifaces;
1543 while (first && first->next)
1544 first = first->next;
1545 if (first && first != wpa_s) {
1546 if (wps != wpa_s->global->ifaces->wps)
1547 os_memcpy(wps->uuid,
1548 wpa_s->global->ifaces->wps->uuid,
1549 WPS_UUID_LEN);
1550 src = "from the first interface";
1551 } else if (wpa_s->conf->auto_uuid == 1) {
1552 uuid_random(wps->uuid);
1553 src = "based on random data";
1554 } else {
1555 uuid_gen_mac_addr(wpa_s->own_addr, wps->uuid);
1556 src = "based on MAC address";
1557 }
1558 } else {
1559 os_memcpy(wps->uuid, wpa_s->conf->uuid, WPS_UUID_LEN);
1560 src = "based on configuration";
1561 }
1562
1563 uuid_bin2str(wps->uuid, buf, sizeof(buf));
1564 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: UUID %s: %s", src, buf);
1565 }
1566
1567
wpas_wps_set_vendor_ext_m1(struct wpa_supplicant * wpa_s,struct wps_context * wps)1568 static void wpas_wps_set_vendor_ext_m1(struct wpa_supplicant *wpa_s,
1569 struct wps_context *wps)
1570 {
1571 wpabuf_free(wps->dev.vendor_ext_m1);
1572 wps->dev.vendor_ext_m1 = NULL;
1573
1574 if (wpa_s->conf->wps_vendor_ext_m1) {
1575 wps->dev.vendor_ext_m1 =
1576 wpabuf_dup(wpa_s->conf->wps_vendor_ext_m1);
1577 if (!wps->dev.vendor_ext_m1) {
1578 wpa_printf(MSG_ERROR, "WPS: Cannot "
1579 "allocate memory for vendor_ext_m1");
1580 }
1581 }
1582 }
1583
1584
wpas_wps_init(struct wpa_supplicant * wpa_s)1585 int wpas_wps_init(struct wpa_supplicant *wpa_s)
1586 {
1587 struct wps_context *wps;
1588 struct wps_registrar_config rcfg;
1589 struct hostapd_hw_modes *modes;
1590 u16 m;
1591
1592 wps = os_zalloc(sizeof(*wps));
1593 if (wps == NULL)
1594 return -1;
1595
1596 wps->cred_cb = wpa_supplicant_wps_cred;
1597 wps->event_cb = wpa_supplicant_wps_event;
1598 wps->rf_band_cb = wpa_supplicant_wps_rf_band;
1599 wps->cb_ctx = wpa_s;
1600
1601 wps->dev.device_name = wpa_s->conf->device_name;
1602 wps->dev.manufacturer = wpa_s->conf->manufacturer;
1603 wps->dev.model_name = wpa_s->conf->model_name;
1604 wps->dev.model_number = wpa_s->conf->model_number;
1605 wps->dev.serial_number = wpa_s->conf->serial_number;
1606 wps->config_methods =
1607 wps_config_methods_str2bin(wpa_s->conf->config_methods);
1608 if ((wps->config_methods & (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) ==
1609 (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) {
1610 wpa_printf(MSG_ERROR, "WPS: Both Label and Display config "
1611 "methods are not allowed at the same time");
1612 os_free(wps);
1613 return -1;
1614 }
1615 wps->config_methods = wps_fix_config_methods(wps->config_methods);
1616 wps->dev.config_methods = wps->config_methods;
1617 os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type,
1618 WPS_DEV_TYPE_LEN);
1619
1620 wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types;
1621 os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type,
1622 WPS_DEV_TYPE_LEN * wps->dev.num_sec_dev_types);
1623
1624 wpas_wps_set_vendor_ext_m1(wpa_s, wps);
1625
1626 wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version);
1627 modes = wpa_s->hw.modes;
1628 if (modes) {
1629 for (m = 0; m < wpa_s->hw.num_modes; m++) {
1630 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B ||
1631 modes[m].mode == HOSTAPD_MODE_IEEE80211G)
1632 wps->dev.rf_bands |= WPS_RF_24GHZ;
1633 else if (modes[m].mode == HOSTAPD_MODE_IEEE80211A)
1634 wps->dev.rf_bands |= WPS_RF_50GHZ;
1635 else if (modes[m].mode == HOSTAPD_MODE_IEEE80211AD)
1636 wps->dev.rf_bands |= WPS_RF_60GHZ;
1637 }
1638 }
1639 if (wps->dev.rf_bands == 0) {
1640 /*
1641 * Default to claiming support for both bands if the driver
1642 * does not provide support for fetching supported bands.
1643 */
1644 wps->dev.rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ;
1645 }
1646 os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN);
1647 wpas_wps_set_uuid(wpa_s, wps);
1648
1649 #ifdef CONFIG_NO_TKIP
1650 wps->auth_types = WPS_AUTH_WPA2PSK;
1651 wps->encr_types = WPS_ENCR_AES;
1652 #else /* CONFIG_NO_TKIP */
1653 wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
1654 wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
1655 #endif /* CONFIG_NO_TKIP */
1656
1657 os_memset(&rcfg, 0, sizeof(rcfg));
1658 rcfg.new_psk_cb = wpas_wps_new_psk_cb;
1659 rcfg.pin_needed_cb = wpas_wps_pin_needed_cb;
1660 rcfg.set_sel_reg_cb = wpas_wps_set_sel_reg_cb;
1661 rcfg.cb_ctx = wpa_s;
1662
1663 wps->registrar = wps_registrar_init(wps, &rcfg);
1664 if (wps->registrar == NULL) {
1665 wpa_printf(MSG_DEBUG, "Failed to initialize WPS Registrar");
1666 os_free(wps);
1667 return -1;
1668 }
1669
1670 wpa_s->wps = wps;
1671
1672 return 0;
1673 }
1674
1675
1676 #ifdef CONFIG_WPS_ER
wpas_wps_nfc_clear(struct wps_context * wps)1677 static void wpas_wps_nfc_clear(struct wps_context *wps)
1678 {
1679 wps->ap_nfc_dev_pw_id = 0;
1680 wpabuf_free(wps->ap_nfc_dh_pubkey);
1681 wps->ap_nfc_dh_pubkey = NULL;
1682 wpabuf_free(wps->ap_nfc_dh_privkey);
1683 wps->ap_nfc_dh_privkey = NULL;
1684 wpabuf_free(wps->ap_nfc_dev_pw);
1685 wps->ap_nfc_dev_pw = NULL;
1686 }
1687 #endif /* CONFIG_WPS_ER */
1688
1689
wpas_wps_deinit(struct wpa_supplicant * wpa_s)1690 void wpas_wps_deinit(struct wpa_supplicant *wpa_s)
1691 {
1692 wpas_wps_assoc_with_cred_cancel(wpa_s);
1693 eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
1694 eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL);
1695 eloop_cancel_timeout(wpas_wps_reenable_networks_cb, wpa_s, NULL);
1696 wpas_wps_clear_ap_info(wpa_s);
1697
1698 #ifdef CONFIG_P2P
1699 eloop_cancel_timeout(wpas_p2p_pbc_overlap_cb, wpa_s, NULL);
1700 #endif /* CONFIG_P2P */
1701
1702 if (wpa_s->wps == NULL)
1703 return;
1704
1705 #ifdef CONFIG_WPS_ER
1706 wps_er_deinit(wpa_s->wps_er, NULL, NULL);
1707 wpa_s->wps_er = NULL;
1708 wpas_wps_nfc_clear(wpa_s->wps);
1709 #endif /* CONFIG_WPS_ER */
1710
1711 wps_registrar_deinit(wpa_s->wps->registrar);
1712 wpabuf_free(wpa_s->wps->dh_pubkey);
1713 wpabuf_free(wpa_s->wps->dh_privkey);
1714 wpabuf_free(wpa_s->wps->dev.vendor_ext_m1);
1715 os_free(wpa_s->wps->network_key);
1716 os_free(wpa_s->wps);
1717 wpa_s->wps = NULL;
1718 }
1719
1720
wpas_wps_ssid_bss_match(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss)1721 int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s,
1722 struct wpa_ssid *ssid, struct wpa_bss *bss)
1723 {
1724 struct wpabuf *wps_ie;
1725
1726 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
1727 return -1;
1728
1729 wps_ie = wpas_wps_get_wps_ie(bss);
1730 if (eap_is_wps_pbc_enrollee(&ssid->eap)) {
1731 if (!wps_ie) {
1732 wpa_printf(MSG_DEBUG, " skip - non-WPS AP");
1733 return 0;
1734 }
1735
1736 if (!wps_is_selected_pbc_registrar(wps_ie)) {
1737 wpa_printf(MSG_DEBUG, " skip - WPS AP "
1738 "without active PBC Registrar");
1739 wpabuf_free(wps_ie);
1740 return 0;
1741 }
1742
1743 /* TODO: overlap detection */
1744 wpa_printf(MSG_DEBUG, " selected based on WPS IE "
1745 "(Active PBC)");
1746 wpabuf_free(wps_ie);
1747 return 1;
1748 }
1749
1750 if (eap_is_wps_pin_enrollee(&ssid->eap)) {
1751 if (!wps_ie) {
1752 wpa_printf(MSG_DEBUG, " skip - non-WPS AP");
1753 return 0;
1754 }
1755
1756 /*
1757 * Start with WPS APs that advertise our address as an
1758 * authorized MAC (v2.0) or active PIN Registrar (v1.0) and
1759 * allow any WPS AP after couple of scans since some APs do not
1760 * set Selected Registrar attribute properly when using
1761 * external Registrar.
1762 */
1763 if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) {
1764 struct os_reltime age;
1765
1766 os_reltime_age(&wpa_s->wps_pin_start_time, &age);
1767
1768 if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG ||
1769 age.sec < WPS_PIN_TIME_IGNORE_SEL_REG) {
1770 wpa_printf(MSG_DEBUG,
1771 " skip - WPS AP without active PIN Registrar (scan_runs=%d age=%d)",
1772 wpa_s->scan_runs, (int) age.sec);
1773 wpabuf_free(wps_ie);
1774 return 0;
1775 }
1776 wpa_printf(MSG_DEBUG, " selected based on WPS IE");
1777 } else {
1778 wpa_printf(MSG_DEBUG, " selected based on WPS IE "
1779 "(Authorized MAC or Active PIN)");
1780 }
1781 wpabuf_free(wps_ie);
1782 return 1;
1783 }
1784
1785 if (wps_ie) {
1786 wpa_printf(MSG_DEBUG, " selected based on WPS IE");
1787 wpabuf_free(wps_ie);
1788 return 1;
1789 }
1790
1791 return -1;
1792 }
1793
1794
wpas_wps_ssid_wildcard_ok(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss)1795 int wpas_wps_ssid_wildcard_ok(struct wpa_supplicant *wpa_s,
1796 struct wpa_ssid *ssid,
1797 struct wpa_bss *bss)
1798 {
1799 struct wpabuf *wps_ie = NULL;
1800 int ret = 0;
1801
1802 if (eap_is_wps_pbc_enrollee(&ssid->eap)) {
1803 wps_ie = wpas_wps_get_wps_ie(bss);
1804 if (wps_ie && wps_is_selected_pbc_registrar(wps_ie)) {
1805 /* allow wildcard SSID for WPS PBC */
1806 ret = 1;
1807 }
1808 } else if (eap_is_wps_pin_enrollee(&ssid->eap)) {
1809 wps_ie = wpas_wps_get_wps_ie(bss);
1810 if (wps_ie &&
1811 (wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1) ||
1812 wpa_s->scan_runs >= WPS_PIN_SCAN_IGNORE_SEL_REG)) {
1813 /* allow wildcard SSID for WPS PIN */
1814 ret = 1;
1815 }
1816 }
1817
1818 if (!ret && ssid->bssid_set &&
1819 ether_addr_equal(ssid->bssid, bss->bssid)) {
1820 /* allow wildcard SSID due to hardcoded BSSID match */
1821 ret = 1;
1822 }
1823
1824 #ifdef CONFIG_WPS_STRICT
1825 if (wps_ie) {
1826 if (wps_validate_beacon_probe_resp(wps_ie, bss->beacon_ie_len >
1827 0, bss->bssid) < 0)
1828 ret = 0;
1829 if (bss->beacon_ie_len) {
1830 struct wpabuf *bcn_wps;
1831 bcn_wps = wpa_bss_get_vendor_ie_multi_beacon(
1832 bss, WPS_IE_VENDOR_TYPE);
1833 if (bcn_wps == NULL) {
1834 wpa_printf(MSG_DEBUG, "WPS: Mandatory WPS IE "
1835 "missing from AP Beacon");
1836 ret = 0;
1837 } else {
1838 if (wps_validate_beacon(wps_ie) < 0)
1839 ret = 0;
1840 wpabuf_free(bcn_wps);
1841 }
1842 }
1843 }
1844 #endif /* CONFIG_WPS_STRICT */
1845
1846 wpabuf_free(wps_ie);
1847
1848 return ret;
1849 }
1850
1851
wpas_wps_is_pbc_overlap(struct wps_ap_info * ap,struct wpa_bss * selected,struct wpa_ssid * ssid,const u8 * sel_uuid)1852 static bool wpas_wps_is_pbc_overlap(struct wps_ap_info *ap,
1853 struct wpa_bss *selected,
1854 struct wpa_ssid *ssid,
1855 const u8 *sel_uuid)
1856 {
1857 if (!ap->pbc_active ||
1858 ether_addr_equal(selected->bssid, ap->bssid))
1859 return false;
1860
1861 if (!is_zero_ether_addr(ssid->bssid) &&
1862 !ether_addr_equal(ap->bssid, ssid->bssid)) {
1863 wpa_printf(MSG_DEBUG, "WPS: Ignore another BSS " MACSTR
1864 " in active PBC mode due to local BSSID limitation",
1865 MAC2STR(ap->bssid));
1866 return 0;
1867 }
1868
1869 wpa_printf(MSG_DEBUG, "WPS: Another BSS in active PBC mode: " MACSTR,
1870 MAC2STR(ap->bssid));
1871 wpa_hexdump(MSG_DEBUG, "WPS: UUID of the other BSS",
1872 ap->uuid, UUID_LEN);
1873 if (!sel_uuid || os_memcmp(sel_uuid, ap->uuid, UUID_LEN) != 0)
1874 return true;
1875
1876 /* TODO: verify that this is reasonable dual-band situation */
1877
1878 return false;
1879 }
1880
1881
wpas_wps_scan_pbc_overlap(struct wpa_supplicant * wpa_s,struct wpa_bss * selected,struct wpa_ssid * ssid)1882 int wpas_wps_scan_pbc_overlap(struct wpa_supplicant *wpa_s,
1883 struct wpa_bss *selected, struct wpa_ssid *ssid)
1884 {
1885 struct wpa_supplicant *iface;
1886 const u8 *sel_uuid;
1887 struct wpabuf *wps_ie;
1888 int ret = 0;
1889 size_t i;
1890
1891 if (!eap_is_wps_pbc_enrollee(&ssid->eap))
1892 return 0;
1893
1894 wpa_printf(MSG_DEBUG, "WPS: Check whether PBC session overlap is "
1895 "present in scan results; selected BSSID " MACSTR,
1896 MAC2STR(selected->bssid));
1897 if (!is_zero_ether_addr(ssid->bssid))
1898 wpa_printf(MSG_DEBUG,
1899 "WPS: Network profile limited to accept only a single BSSID " MACSTR,
1900 MAC2STR(ssid->bssid));
1901
1902 /* Make sure that only one AP is in active PBC mode */
1903 wps_ie = wpa_bss_get_vendor_ie_multi(selected, WPS_IE_VENDOR_TYPE);
1904 if (wps_ie) {
1905 sel_uuid = wps_get_uuid_e(wps_ie);
1906 wpa_hexdump(MSG_DEBUG, "WPS: UUID of the selected BSS",
1907 sel_uuid, UUID_LEN);
1908 } else {
1909 wpa_printf(MSG_DEBUG, "WPS: Selected BSS does not include "
1910 "WPS IE?!");
1911 sel_uuid = NULL;
1912 }
1913
1914 for (iface = wpa_s->global->ifaces; iface; iface = iface->next) {
1915 for (i = 0; i < iface->num_wps_ap; i++) {
1916 struct wps_ap_info *ap = &iface->wps_ap[i];
1917
1918 if (wpas_wps_is_pbc_overlap(ap, selected, ssid,
1919 sel_uuid)) {
1920 ret = 1; /* PBC overlap */
1921 wpa_msg(iface, MSG_INFO,
1922 "WPS: PBC overlap detected: "
1923 MACSTR " and " MACSTR,
1924 MAC2STR(selected->bssid),
1925 MAC2STR(ap->bssid));
1926 break;
1927 }
1928 }
1929 }
1930
1931 wpabuf_free(wps_ie);
1932
1933 return ret;
1934 }
1935
1936
wpas_wps_notify_scan_results(struct wpa_supplicant * wpa_s)1937 void wpas_wps_notify_scan_results(struct wpa_supplicant *wpa_s)
1938 {
1939 struct wpa_bss *bss;
1940 unsigned int pbc = 0, auth = 0, pin = 0, wps = 0;
1941
1942 if (wpa_s->disconnected || wpa_s->wpa_state >= WPA_ASSOCIATED)
1943 return;
1944
1945 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1946 struct wpabuf *ie;
1947
1948 ie = wpas_wps_get_wps_ie(bss);
1949 if (!ie)
1950 continue;
1951 if (wps_is_selected_pbc_registrar(ie))
1952 pbc++;
1953 else if (wps_is_addr_authorized(ie, wpa_s->own_addr, 0))
1954 auth++;
1955 else if (wps_is_selected_pin_registrar(ie))
1956 pin++;
1957 else
1958 wps++;
1959 wpabuf_free(ie);
1960 }
1961
1962 if (pbc)
1963 wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PBC);
1964 else if (auth)
1965 wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_AUTH);
1966 else if (pin)
1967 wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PIN);
1968 else if (wps)
1969 wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE);
1970 }
1971
1972
wpas_wps_searching(struct wpa_supplicant * wpa_s)1973 int wpas_wps_searching(struct wpa_supplicant *wpa_s)
1974 {
1975 struct wpa_ssid *ssid;
1976
1977 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1978 if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && !ssid->disabled)
1979 return 1;
1980 }
1981
1982 return 0;
1983 }
1984
1985
wpas_wps_scan_result_text(const u8 * ies,size_t ies_len,char * buf,char * end)1986 int wpas_wps_scan_result_text(const u8 *ies, size_t ies_len, char *buf,
1987 char *end)
1988 {
1989 struct wpabuf *wps_ie;
1990 int ret;
1991
1992 wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, WPS_DEV_OUI_WFA);
1993 if (wps_ie == NULL)
1994 return 0;
1995
1996 ret = wps_attr_text(wps_ie, buf, end);
1997 wpabuf_free(wps_ie);
1998 return ret;
1999 }
2000
2001
wpas_wps_er_start(struct wpa_supplicant * wpa_s,const char * filter)2002 int wpas_wps_er_start(struct wpa_supplicant *wpa_s, const char *filter)
2003 {
2004 #ifdef CONFIG_WPS_ER
2005 if (wpa_s->wps_er) {
2006 wps_er_refresh(wpa_s->wps_er);
2007 return 0;
2008 }
2009 wpa_s->wps_er = wps_er_init(wpa_s->wps, wpa_s->ifname, filter);
2010 if (wpa_s->wps_er == NULL)
2011 return -1;
2012 return 0;
2013 #else /* CONFIG_WPS_ER */
2014 return 0;
2015 #endif /* CONFIG_WPS_ER */
2016 }
2017
2018
wpas_wps_er_stop(struct wpa_supplicant * wpa_s)2019 void wpas_wps_er_stop(struct wpa_supplicant *wpa_s)
2020 {
2021 #ifdef CONFIG_WPS_ER
2022 wps_er_deinit(wpa_s->wps_er, NULL, NULL);
2023 wpa_s->wps_er = NULL;
2024 #endif /* CONFIG_WPS_ER */
2025 }
2026
2027
2028 #ifdef CONFIG_WPS_ER
wpas_wps_er_add_pin(struct wpa_supplicant * wpa_s,const u8 * addr,const char * uuid,const char * pin)2029 int wpas_wps_er_add_pin(struct wpa_supplicant *wpa_s, const u8 *addr,
2030 const char *uuid, const char *pin)
2031 {
2032 u8 u[UUID_LEN];
2033 const u8 *use_uuid = NULL;
2034 u8 addr_buf[ETH_ALEN];
2035
2036 if (os_strcmp(uuid, "any") == 0) {
2037 } else if (uuid_str2bin(uuid, u) == 0) {
2038 use_uuid = u;
2039 } else if (hwaddr_aton(uuid, addr_buf) == 0) {
2040 use_uuid = wps_er_get_sta_uuid(wpa_s->wps_er, addr_buf);
2041 if (use_uuid == NULL)
2042 return -1;
2043 } else
2044 return -1;
2045 return wps_registrar_add_pin(wpa_s->wps->registrar, addr,
2046 use_uuid,
2047 (const u8 *) pin, os_strlen(pin), 300);
2048 }
2049
2050
wpas_wps_er_pbc(struct wpa_supplicant * wpa_s,const char * uuid)2051 int wpas_wps_er_pbc(struct wpa_supplicant *wpa_s, const char *uuid)
2052 {
2053 u8 u[UUID_LEN], *use_uuid = NULL;
2054 u8 addr[ETH_ALEN], *use_addr = NULL;
2055
2056 if (uuid_str2bin(uuid, u) == 0)
2057 use_uuid = u;
2058 else if (hwaddr_aton(uuid, addr) == 0)
2059 use_addr = addr;
2060 else
2061 return -1;
2062 return wps_er_pbc(wpa_s->wps_er, use_uuid, use_addr);
2063 }
2064
2065
wpas_wps_er_learn(struct wpa_supplicant * wpa_s,const char * uuid,const char * pin)2066 int wpas_wps_er_learn(struct wpa_supplicant *wpa_s, const char *uuid,
2067 const char *pin)
2068 {
2069 u8 u[UUID_LEN], *use_uuid = NULL;
2070 u8 addr[ETH_ALEN], *use_addr = NULL;
2071
2072 if (uuid_str2bin(uuid, u) == 0)
2073 use_uuid = u;
2074 else if (hwaddr_aton(uuid, addr) == 0)
2075 use_addr = addr;
2076 else
2077 return -1;
2078
2079 return wps_er_learn(wpa_s->wps_er, use_uuid, use_addr, (const u8 *) pin,
2080 os_strlen(pin));
2081 }
2082
2083
wpas_wps_network_to_cred(struct wpa_ssid * ssid,struct wps_credential * cred)2084 static int wpas_wps_network_to_cred(struct wpa_ssid *ssid,
2085 struct wps_credential *cred)
2086 {
2087 os_memset(cred, 0, sizeof(*cred));
2088 if (ssid->ssid_len > SSID_MAX_LEN)
2089 return -1;
2090 os_memcpy(cred->ssid, ssid->ssid, ssid->ssid_len);
2091 cred->ssid_len = ssid->ssid_len;
2092 if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
2093 cred->auth_type = (ssid->proto & WPA_PROTO_RSN) ?
2094 WPS_AUTH_WPA2PSK : WPS_AUTH_WPAPSK;
2095 if (ssid->pairwise_cipher & WPA_CIPHER_CCMP)
2096 cred->encr_type = WPS_ENCR_AES;
2097 else
2098 cred->encr_type = WPS_ENCR_TKIP;
2099 if (ssid->passphrase) {
2100 cred->key_len = os_strlen(ssid->passphrase);
2101 if (cred->key_len >= 64)
2102 return -1;
2103 os_memcpy(cred->key, ssid->passphrase, cred->key_len);
2104 } else if (ssid->psk_set) {
2105 cred->key_len = 32;
2106 os_memcpy(cred->key, ssid->psk, 32);
2107 } else
2108 return -1;
2109 } else {
2110 cred->auth_type = WPS_AUTH_OPEN;
2111 cred->encr_type = WPS_ENCR_NONE;
2112 }
2113
2114 return 0;
2115 }
2116
2117
wpas_wps_er_set_config(struct wpa_supplicant * wpa_s,const char * uuid,int id)2118 int wpas_wps_er_set_config(struct wpa_supplicant *wpa_s, const char *uuid,
2119 int id)
2120 {
2121 u8 u[UUID_LEN], *use_uuid = NULL;
2122 u8 addr[ETH_ALEN], *use_addr = NULL;
2123 struct wpa_ssid *ssid;
2124 struct wps_credential cred;
2125 int ret;
2126
2127 if (uuid_str2bin(uuid, u) == 0)
2128 use_uuid = u;
2129 else if (hwaddr_aton(uuid, addr) == 0)
2130 use_addr = addr;
2131 else
2132 return -1;
2133 ssid = wpa_config_get_network(wpa_s->conf, id);
2134 if (ssid == NULL || ssid->ssid == NULL)
2135 return -1;
2136
2137 if (wpas_wps_network_to_cred(ssid, &cred) < 0)
2138 return -1;
2139 ret = wps_er_set_config(wpa_s->wps_er, use_uuid, use_addr, &cred);
2140 os_memset(&cred, 0, sizeof(cred));
2141 return ret;
2142 }
2143
2144
wpas_wps_er_config(struct wpa_supplicant * wpa_s,const char * uuid,const char * pin,struct wps_new_ap_settings * settings)2145 int wpas_wps_er_config(struct wpa_supplicant *wpa_s, const char *uuid,
2146 const char *pin, struct wps_new_ap_settings *settings)
2147 {
2148 u8 u[UUID_LEN], *use_uuid = NULL;
2149 u8 addr[ETH_ALEN], *use_addr = NULL;
2150 struct wps_credential cred;
2151 size_t len;
2152
2153 if (uuid_str2bin(uuid, u) == 0)
2154 use_uuid = u;
2155 else if (hwaddr_aton(uuid, addr) == 0)
2156 use_addr = addr;
2157 else
2158 return -1;
2159 if (settings->ssid_hex == NULL || settings->auth == NULL ||
2160 settings->encr == NULL || settings->key_hex == NULL)
2161 return -1;
2162
2163 os_memset(&cred, 0, sizeof(cred));
2164 len = os_strlen(settings->ssid_hex);
2165 if ((len & 1) || len > 2 * sizeof(cred.ssid) ||
2166 hexstr2bin(settings->ssid_hex, cred.ssid, len / 2))
2167 return -1;
2168 cred.ssid_len = len / 2;
2169
2170 len = os_strlen(settings->key_hex);
2171 if ((len & 1) || len > 2 * sizeof(cred.key) ||
2172 hexstr2bin(settings->key_hex, cred.key, len / 2))
2173 return -1;
2174 cred.key_len = len / 2;
2175
2176 if (os_strcmp(settings->auth, "OPEN") == 0)
2177 cred.auth_type = WPS_AUTH_OPEN;
2178 else if (os_strcmp(settings->auth, "WPAPSK") == 0)
2179 cred.auth_type = WPS_AUTH_WPAPSK;
2180 else if (os_strcmp(settings->auth, "WPA2PSK") == 0)
2181 cred.auth_type = WPS_AUTH_WPA2PSK;
2182 else
2183 return -1;
2184
2185 if (os_strcmp(settings->encr, "NONE") == 0)
2186 cred.encr_type = WPS_ENCR_NONE;
2187 #ifdef CONFIG_TESTING_OPTIONS
2188 else if (os_strcmp(settings->encr, "WEP") == 0)
2189 cred.encr_type = WPS_ENCR_WEP;
2190 #endif /* CONFIG_TESTING_OPTIONS */
2191 else if (os_strcmp(settings->encr, "TKIP") == 0)
2192 cred.encr_type = WPS_ENCR_TKIP;
2193 else if (os_strcmp(settings->encr, "CCMP") == 0)
2194 cred.encr_type = WPS_ENCR_AES;
2195 else
2196 return -1;
2197
2198 return wps_er_config(wpa_s->wps_er, use_uuid, use_addr,
2199 (const u8 *) pin, os_strlen(pin), &cred);
2200 }
2201
2202
2203 #ifdef CONFIG_WPS_NFC
wpas_wps_er_nfc_config_token(struct wpa_supplicant * wpa_s,int ndef,const char * uuid)2204 struct wpabuf * wpas_wps_er_nfc_config_token(struct wpa_supplicant *wpa_s,
2205 int ndef, const char *uuid)
2206 {
2207 struct wpabuf *ret;
2208 u8 u[UUID_LEN], *use_uuid = NULL;
2209 u8 addr[ETH_ALEN], *use_addr = NULL;
2210
2211 if (!wpa_s->wps_er)
2212 return NULL;
2213
2214 if (uuid_str2bin(uuid, u) == 0)
2215 use_uuid = u;
2216 else if (hwaddr_aton(uuid, addr) == 0)
2217 use_addr = addr;
2218 else
2219 return NULL;
2220
2221 ret = wps_er_nfc_config_token(wpa_s->wps_er, use_uuid, use_addr);
2222 if (ndef && ret) {
2223 struct wpabuf *tmp;
2224 tmp = ndef_build_wifi(ret);
2225 wpabuf_free(ret);
2226 if (tmp == NULL)
2227 return NULL;
2228 ret = tmp;
2229 }
2230
2231 return ret;
2232 }
2233 #endif /* CONFIG_WPS_NFC */
2234
2235
2236 static int callbacks_pending = 0;
2237
wpas_wps_terminate_cb(void * ctx)2238 static void wpas_wps_terminate_cb(void *ctx)
2239 {
2240 wpa_printf(MSG_DEBUG, "WPS ER: Terminated");
2241 if (--callbacks_pending <= 0)
2242 eloop_terminate();
2243 }
2244 #endif /* CONFIG_WPS_ER */
2245
2246
wpas_wps_terminate_pending(struct wpa_supplicant * wpa_s)2247 int wpas_wps_terminate_pending(struct wpa_supplicant *wpa_s)
2248 {
2249 #ifdef CONFIG_WPS_ER
2250 if (wpa_s->wps_er) {
2251 callbacks_pending++;
2252 wps_er_deinit(wpa_s->wps_er, wpas_wps_terminate_cb, wpa_s);
2253 wpa_s->wps_er = NULL;
2254 return 1;
2255 }
2256 #endif /* CONFIG_WPS_ER */
2257 return 0;
2258 }
2259
2260
wpas_wps_update_config(struct wpa_supplicant * wpa_s)2261 void wpas_wps_update_config(struct wpa_supplicant *wpa_s)
2262 {
2263 struct wps_context *wps = wpa_s->wps;
2264
2265 if (wps == NULL)
2266 return;
2267
2268 if (wpa_s->conf->changed_parameters & CFG_CHANGED_CONFIG_METHODS) {
2269 wps->config_methods = wps_config_methods_str2bin(
2270 wpa_s->conf->config_methods);
2271 if ((wps->config_methods &
2272 (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) ==
2273 (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) {
2274 wpa_printf(MSG_ERROR, "WPS: Both Label and Display "
2275 "config methods are not allowed at the "
2276 "same time");
2277 wps->config_methods &= ~WPS_CONFIG_LABEL;
2278 }
2279 }
2280 wps->config_methods = wps_fix_config_methods(wps->config_methods);
2281 wps->dev.config_methods = wps->config_methods;
2282
2283 if (wpa_s->conf->changed_parameters & CFG_CHANGED_DEVICE_TYPE)
2284 os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type,
2285 WPS_DEV_TYPE_LEN);
2286
2287 if (wpa_s->conf->changed_parameters & CFG_CHANGED_SEC_DEVICE_TYPE) {
2288 wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types;
2289 os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type,
2290 wps->dev.num_sec_dev_types * WPS_DEV_TYPE_LEN);
2291 }
2292
2293 if (wpa_s->conf->changed_parameters & CFG_CHANGED_VENDOR_EXTENSION)
2294 wpas_wps_set_vendor_ext_m1(wpa_s, wps);
2295
2296 if (wpa_s->conf->changed_parameters & CFG_CHANGED_OS_VERSION)
2297 wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version);
2298
2299 if (wpa_s->conf->changed_parameters & CFG_CHANGED_UUID)
2300 wpas_wps_set_uuid(wpa_s, wps);
2301
2302 if (wpa_s->conf->changed_parameters &
2303 (CFG_CHANGED_DEVICE_NAME | CFG_CHANGED_WPS_STRING)) {
2304 /* Update pointers to make sure they refer current values */
2305 wps->dev.device_name = wpa_s->conf->device_name;
2306 wps->dev.manufacturer = wpa_s->conf->manufacturer;
2307 wps->dev.model_name = wpa_s->conf->model_name;
2308 wps->dev.model_number = wpa_s->conf->model_number;
2309 wps->dev.serial_number = wpa_s->conf->serial_number;
2310 }
2311 }
2312
2313
wpas_wps_update_mac_addr(struct wpa_supplicant * wpa_s)2314 void wpas_wps_update_mac_addr(struct wpa_supplicant *wpa_s)
2315 {
2316 struct wps_context *wps;
2317
2318 wps = wpa_s->wps;
2319 if (wps)
2320 os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN);
2321 }
2322
2323
2324 #ifdef CONFIG_WPS_NFC
2325
2326 #ifdef CONFIG_WPS_ER
2327 static struct wpabuf *
wpas_wps_network_config_token(struct wpa_supplicant * wpa_s,int ndef,struct wpa_ssid * ssid)2328 wpas_wps_network_config_token(struct wpa_supplicant *wpa_s, int ndef,
2329 struct wpa_ssid *ssid)
2330 {
2331 struct wpabuf *ret;
2332 struct wps_credential cred;
2333
2334 if (wpas_wps_network_to_cred(ssid, &cred) < 0)
2335 return NULL;
2336
2337 ret = wps_er_config_token_from_cred(wpa_s->wps, &cred);
2338
2339 if (ndef && ret) {
2340 struct wpabuf *tmp;
2341 tmp = ndef_build_wifi(ret);
2342 wpabuf_free(ret);
2343 if (tmp == NULL)
2344 return NULL;
2345 ret = tmp;
2346 }
2347
2348 return ret;
2349 }
2350 #endif /* CONFIG_WPS_ER */
2351
2352
wpas_wps_nfc_config_token(struct wpa_supplicant * wpa_s,int ndef,const char * id_str)2353 struct wpabuf * wpas_wps_nfc_config_token(struct wpa_supplicant *wpa_s,
2354 int ndef, const char *id_str)
2355 {
2356 #ifdef CONFIG_WPS_ER
2357 if (id_str) {
2358 int id;
2359 char *end = NULL;
2360 struct wpa_ssid *ssid;
2361
2362 id = strtol(id_str, &end, 10);
2363 if (end && *end)
2364 return NULL;
2365
2366 ssid = wpa_config_get_network(wpa_s->conf, id);
2367 if (ssid == NULL)
2368 return NULL;
2369 return wpas_wps_network_config_token(wpa_s, ndef, ssid);
2370 }
2371 #endif /* CONFIG_WPS_ER */
2372 #ifdef CONFIG_AP
2373 if (wpa_s->ap_iface)
2374 return wpas_ap_wps_nfc_config_token(wpa_s, ndef);
2375 #endif /* CONFIG_AP */
2376 return NULL;
2377 }
2378
2379
wpas_wps_nfc_token(struct wpa_supplicant * wpa_s,int ndef)2380 struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
2381 {
2382 if (wpa_s->conf->wps_nfc_pw_from_config) {
2383 return wps_nfc_token_build(ndef,
2384 wpa_s->conf->wps_nfc_dev_pw_id,
2385 wpa_s->conf->wps_nfc_dh_pubkey,
2386 wpa_s->conf->wps_nfc_dev_pw);
2387 }
2388
2389 return wps_nfc_token_gen(ndef, &wpa_s->conf->wps_nfc_dev_pw_id,
2390 &wpa_s->conf->wps_nfc_dh_pubkey,
2391 &wpa_s->conf->wps_nfc_dh_privkey,
2392 &wpa_s->conf->wps_nfc_dev_pw);
2393 }
2394
2395
wpas_wps_start_nfc(struct wpa_supplicant * wpa_s,const u8 * go_dev_addr,const u8 * bssid,const struct wpabuf * dev_pw,u16 dev_pw_id,int p2p_group,const u8 * peer_pubkey_hash,const u8 * ssid,size_t ssid_len,int freq)2396 int wpas_wps_start_nfc(struct wpa_supplicant *wpa_s, const u8 *go_dev_addr,
2397 const u8 *bssid,
2398 const struct wpabuf *dev_pw, u16 dev_pw_id,
2399 int p2p_group, const u8 *peer_pubkey_hash,
2400 const u8 *ssid, size_t ssid_len, int freq)
2401 {
2402 struct wps_context *wps = wpa_s->wps;
2403 char pw[32 * 2 + 1];
2404
2405 if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER && dev_pw == NULL) {
2406 dev_pw = wpa_s->conf->wps_nfc_dev_pw;
2407 dev_pw_id = wpa_s->conf->wps_nfc_dev_pw_id;
2408 }
2409
2410 if (wpa_s->conf->wps_nfc_dh_pubkey == NULL ||
2411 wpa_s->conf->wps_nfc_dh_privkey == NULL) {
2412 wpa_printf(MSG_DEBUG, "WPS: Missing DH params - "
2413 "cannot start NFC-triggered connection");
2414 return -1;
2415 }
2416
2417 if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER && dev_pw == NULL) {
2418 wpa_printf(MSG_DEBUG, "WPS: Missing Device Password (id=%u) - "
2419 "cannot start NFC-triggered connection", dev_pw_id);
2420 return -1;
2421 }
2422
2423 dh5_free(wps->dh_ctx);
2424 wpabuf_free(wps->dh_pubkey);
2425 wpabuf_free(wps->dh_privkey);
2426 wps->dh_privkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_privkey);
2427 wps->dh_pubkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_pubkey);
2428 if (wps->dh_privkey == NULL || wps->dh_pubkey == NULL) {
2429 wps->dh_ctx = NULL;
2430 wpabuf_free(wps->dh_pubkey);
2431 wps->dh_pubkey = NULL;
2432 wpabuf_free(wps->dh_privkey);
2433 wps->dh_privkey = NULL;
2434 wpa_printf(MSG_DEBUG, "WPS: Failed to get DH priv/pub key");
2435 return -1;
2436 }
2437 wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, wps->dh_pubkey);
2438 if (wps->dh_ctx == NULL) {
2439 wpabuf_free(wps->dh_pubkey);
2440 wps->dh_pubkey = NULL;
2441 wpabuf_free(wps->dh_privkey);
2442 wps->dh_privkey = NULL;
2443 wpa_printf(MSG_DEBUG, "WPS: Failed to initialize DH context");
2444 return -1;
2445 }
2446
2447 if (dev_pw) {
2448 wpa_snprintf_hex_uppercase(pw, sizeof(pw),
2449 wpabuf_head(dev_pw),
2450 wpabuf_len(dev_pw));
2451 }
2452 return wpas_wps_start_dev_pw(wpa_s, go_dev_addr, bssid,
2453 dev_pw ? pw : NULL,
2454 p2p_group, dev_pw_id, peer_pubkey_hash,
2455 ssid, ssid_len, freq);
2456 }
2457
2458
wpas_wps_use_cred(struct wpa_supplicant * wpa_s,struct wps_parse_attr * attr)2459 static int wpas_wps_use_cred(struct wpa_supplicant *wpa_s,
2460 struct wps_parse_attr *attr)
2461 {
2462 /*
2463 * Disable existing networks temporarily to allow the newly learned
2464 * credential to be preferred. Enable the temporarily disabled networks
2465 * after 10 seconds.
2466 */
2467 wpas_wps_temp_disable(wpa_s, NULL);
2468 eloop_register_timeout(10, 0, wpas_wps_reenable_networks_cb, wpa_s,
2469 NULL);
2470
2471 if (wps_oob_use_cred(wpa_s->wps, attr) < 0)
2472 return -1;
2473
2474 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
2475 return 0;
2476
2477 if (attr->ap_channel) {
2478 u16 chan = WPA_GET_BE16(attr->ap_channel);
2479 int freq = 0;
2480
2481 if (chan >= 1 && chan <= 13)
2482 freq = 2407 + 5 * chan;
2483 else if (chan == 14)
2484 freq = 2484;
2485 else if (chan >= 30)
2486 freq = 5000 + 5 * chan;
2487
2488 if (freq) {
2489 wpa_printf(MSG_DEBUG, "WPS: Credential container indicated AP channel %u -> %u MHz",
2490 chan, freq);
2491 wpa_s->after_wps = 5;
2492 wpa_s->wps_freq = freq;
2493 }
2494 }
2495
2496 wpa_printf(MSG_DEBUG, "WPS: Request reconnection with new network "
2497 "based on the received credential added");
2498 wpa_s->normal_scans = 0;
2499 wpa_supplicant_reinit_autoscan(wpa_s);
2500 wpa_s->disconnected = 0;
2501 wpa_s->reassociate = 1;
2502
2503 wpa_supplicant_cancel_sched_scan(wpa_s);
2504 wpa_supplicant_req_scan(wpa_s, 0, 0);
2505
2506 return 0;
2507 }
2508
2509
2510 #ifdef CONFIG_WPS_ER
wpas_wps_add_nfc_password_token(struct wpa_supplicant * wpa_s,struct wps_parse_attr * attr)2511 static int wpas_wps_add_nfc_password_token(struct wpa_supplicant *wpa_s,
2512 struct wps_parse_attr *attr)
2513 {
2514 return wps_registrar_add_nfc_password_token(
2515 wpa_s->wps->registrar, attr->oob_dev_password,
2516 attr->oob_dev_password_len);
2517 }
2518 #endif /* CONFIG_WPS_ER */
2519
2520
wpas_wps_nfc_tag_process(struct wpa_supplicant * wpa_s,const struct wpabuf * wps)2521 static int wpas_wps_nfc_tag_process(struct wpa_supplicant *wpa_s,
2522 const struct wpabuf *wps)
2523 {
2524 struct wps_parse_attr attr;
2525
2526 wpa_hexdump_buf(MSG_DEBUG, "WPS: Received NFC tag payload", wps);
2527
2528 if (wps_parse_msg(wps, &attr)) {
2529 wpa_printf(MSG_DEBUG, "WPS: Ignore invalid data from NFC tag");
2530 return -1;
2531 }
2532
2533 if (attr.num_cred)
2534 return wpas_wps_use_cred(wpa_s, &attr);
2535
2536 #ifdef CONFIG_WPS_ER
2537 if (attr.oob_dev_password)
2538 return wpas_wps_add_nfc_password_token(wpa_s, &attr);
2539 #endif /* CONFIG_WPS_ER */
2540
2541 wpa_printf(MSG_DEBUG, "WPS: Ignore unrecognized NFC tag");
2542 return -1;
2543 }
2544
2545
wpas_wps_nfc_tag_read(struct wpa_supplicant * wpa_s,const struct wpabuf * data,int forced_freq)2546 int wpas_wps_nfc_tag_read(struct wpa_supplicant *wpa_s,
2547 const struct wpabuf *data, int forced_freq)
2548 {
2549 const struct wpabuf *wps = data;
2550 struct wpabuf *tmp = NULL;
2551 int ret;
2552
2553 if (wpabuf_len(data) < 4)
2554 return -1;
2555
2556 if (*wpabuf_head_u8(data) != 0x10) {
2557 /* Assume this contains full NDEF record */
2558 tmp = ndef_parse_wifi(data);
2559 if (tmp == NULL) {
2560 #ifdef CONFIG_P2P
2561 tmp = ndef_parse_p2p(data);
2562 if (tmp) {
2563 ret = wpas_p2p_nfc_tag_process(wpa_s, tmp,
2564 forced_freq);
2565 wpabuf_free(tmp);
2566 return ret;
2567 }
2568 #endif /* CONFIG_P2P */
2569 wpa_printf(MSG_DEBUG, "WPS: Could not parse NDEF");
2570 return -1;
2571 }
2572 wps = tmp;
2573 }
2574
2575 ret = wpas_wps_nfc_tag_process(wpa_s, wps);
2576 wpabuf_free(tmp);
2577 return ret;
2578 }
2579
2580
wpas_wps_nfc_handover_req(struct wpa_supplicant * wpa_s,int ndef)2581 struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s,
2582 int ndef)
2583 {
2584 struct wpabuf *ret;
2585
2586 if (wpa_s->conf->wps_nfc_dh_pubkey == NULL &&
2587 wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey,
2588 &wpa_s->conf->wps_nfc_dh_privkey) < 0)
2589 return NULL;
2590
2591 ret = wps_build_nfc_handover_req(wpa_s->wps,
2592 wpa_s->conf->wps_nfc_dh_pubkey);
2593
2594 if (ndef && ret) {
2595 struct wpabuf *tmp;
2596 tmp = ndef_build_wifi(ret);
2597 wpabuf_free(ret);
2598 if (tmp == NULL)
2599 return NULL;
2600 ret = tmp;
2601 }
2602
2603 return ret;
2604 }
2605
2606
2607 #ifdef CONFIG_WPS_NFC
2608
2609 static struct wpabuf *
wpas_wps_er_nfc_handover_sel(struct wpa_supplicant * wpa_s,int ndef,const char * uuid)2610 wpas_wps_er_nfc_handover_sel(struct wpa_supplicant *wpa_s, int ndef,
2611 const char *uuid)
2612 {
2613 #ifdef CONFIG_WPS_ER
2614 struct wpabuf *ret;
2615 u8 u[UUID_LEN], *use_uuid = NULL;
2616 u8 addr[ETH_ALEN], *use_addr = NULL;
2617 struct wps_context *wps = wpa_s->wps;
2618
2619 if (wps == NULL)
2620 return NULL;
2621
2622 if (uuid == NULL)
2623 return NULL;
2624 if (uuid_str2bin(uuid, u) == 0)
2625 use_uuid = u;
2626 else if (hwaddr_aton(uuid, addr) == 0)
2627 use_addr = addr;
2628 else
2629 return NULL;
2630
2631 if (wpa_s->conf->wps_nfc_dh_pubkey == NULL) {
2632 if (wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey,
2633 &wpa_s->conf->wps_nfc_dh_privkey) < 0)
2634 return NULL;
2635 }
2636
2637 wpas_wps_nfc_clear(wps);
2638 wps->ap_nfc_dev_pw_id = DEV_PW_NFC_CONNECTION_HANDOVER;
2639 wps->ap_nfc_dh_pubkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_pubkey);
2640 wps->ap_nfc_dh_privkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_privkey);
2641 if (!wps->ap_nfc_dh_pubkey || !wps->ap_nfc_dh_privkey) {
2642 wpas_wps_nfc_clear(wps);
2643 return NULL;
2644 }
2645
2646 ret = wps_er_nfc_handover_sel(wpa_s->wps_er, wpa_s->wps, use_uuid,
2647 use_addr, wpa_s->conf->wps_nfc_dh_pubkey);
2648 if (ndef && ret) {
2649 struct wpabuf *tmp;
2650 tmp = ndef_build_wifi(ret);
2651 wpabuf_free(ret);
2652 if (tmp == NULL)
2653 return NULL;
2654 ret = tmp;
2655 }
2656
2657 return ret;
2658 #else /* CONFIG_WPS_ER */
2659 return NULL;
2660 #endif /* CONFIG_WPS_ER */
2661 }
2662 #endif /* CONFIG_WPS_NFC */
2663
2664
wpas_wps_nfc_handover_sel(struct wpa_supplicant * wpa_s,int ndef,int cr,const char * uuid)2665 struct wpabuf * wpas_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s,
2666 int ndef, int cr, const char *uuid)
2667 {
2668 struct wpabuf *ret;
2669 if (!cr)
2670 return NULL;
2671 ret = wpas_ap_wps_nfc_handover_sel(wpa_s, ndef);
2672 if (ret)
2673 return ret;
2674 return wpas_wps_er_nfc_handover_sel(wpa_s, ndef, uuid);
2675 }
2676
2677
wpas_wps_nfc_rx_handover_sel(struct wpa_supplicant * wpa_s,const struct wpabuf * data)2678 static int wpas_wps_nfc_rx_handover_sel(struct wpa_supplicant *wpa_s,
2679 const struct wpabuf *data)
2680 {
2681 struct wpabuf *wps;
2682 int ret = -1;
2683 u16 wsc_len;
2684 const u8 *pos;
2685 struct wpabuf msg;
2686 struct wps_parse_attr attr;
2687 u16 dev_pw_id;
2688 const u8 *bssid = NULL;
2689 int freq = 0;
2690
2691 wps = ndef_parse_wifi(data);
2692 if (wps == NULL)
2693 return -1;
2694 wpa_printf(MSG_DEBUG, "WPS: Received application/vnd.wfa.wsc "
2695 "payload from NFC connection handover");
2696 wpa_hexdump_buf(MSG_DEBUG, "WPS: NFC payload", wps);
2697 if (wpabuf_len(wps) < 2) {
2698 wpa_printf(MSG_DEBUG, "WPS: Too short Wi-Fi Handover Select "
2699 "Message");
2700 goto out;
2701 }
2702 pos = wpabuf_head(wps);
2703 wsc_len = WPA_GET_BE16(pos);
2704 if (wsc_len > wpabuf_len(wps) - 2) {
2705 wpa_printf(MSG_DEBUG, "WPS: Invalid WSC attribute length (%u) "
2706 "in Wi-Fi Handover Select Message", wsc_len);
2707 goto out;
2708 }
2709 pos += 2;
2710
2711 wpa_hexdump(MSG_DEBUG,
2712 "WPS: WSC attributes in Wi-Fi Handover Select Message",
2713 pos, wsc_len);
2714 if (wsc_len < wpabuf_len(wps) - 2) {
2715 wpa_hexdump(MSG_DEBUG,
2716 "WPS: Ignore extra data after WSC attributes",
2717 pos + wsc_len, wpabuf_len(wps) - 2 - wsc_len);
2718 }
2719
2720 wpabuf_set(&msg, pos, wsc_len);
2721 ret = wps_parse_msg(&msg, &attr);
2722 if (ret < 0) {
2723 wpa_printf(MSG_DEBUG, "WPS: Could not parse WSC attributes in "
2724 "Wi-Fi Handover Select Message");
2725 goto out;
2726 }
2727
2728 if (attr.oob_dev_password == NULL ||
2729 attr.oob_dev_password_len < WPS_OOB_PUBKEY_HASH_LEN + 2) {
2730 wpa_printf(MSG_DEBUG, "WPS: No Out-of-Band Device Password "
2731 "included in Wi-Fi Handover Select Message");
2732 ret = -1;
2733 goto out;
2734 }
2735
2736 if (attr.ssid == NULL) {
2737 wpa_printf(MSG_DEBUG, "WPS: No SSID included in Wi-Fi Handover "
2738 "Select Message");
2739 ret = -1;
2740 goto out;
2741 }
2742
2743 wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", attr.ssid, attr.ssid_len);
2744
2745 if (attr.mac_addr) {
2746 bssid = attr.mac_addr;
2747 wpa_printf(MSG_DEBUG, "WPS: MAC Address (BSSID): " MACSTR,
2748 MAC2STR(bssid));
2749 }
2750
2751 if (attr.rf_bands)
2752 wpa_printf(MSG_DEBUG, "WPS: RF Bands: %d", *attr.rf_bands);
2753
2754 if (attr.ap_channel) {
2755 u16 chan = WPA_GET_BE16(attr.ap_channel);
2756
2757 wpa_printf(MSG_DEBUG, "WPS: AP Channel: %d", chan);
2758
2759 if (chan >= 1 && chan <= 13 &&
2760 (attr.rf_bands == NULL || *attr.rf_bands & WPS_RF_24GHZ))
2761 freq = 2407 + 5 * chan;
2762 else if (chan == 14 &&
2763 (attr.rf_bands == NULL ||
2764 *attr.rf_bands & WPS_RF_24GHZ))
2765 freq = 2484;
2766 else if (chan >= 30 &&
2767 (attr.rf_bands == NULL ||
2768 *attr.rf_bands & WPS_RF_50GHZ))
2769 freq = 5000 + 5 * chan;
2770 else if (chan >= 1 && chan <= 6 &&
2771 (attr.rf_bands == NULL ||
2772 *attr.rf_bands & WPS_RF_60GHZ))
2773 freq = 56160 + 2160 * chan;
2774
2775 if (freq) {
2776 wpa_printf(MSG_DEBUG,
2777 "WPS: AP indicated channel %u -> %u MHz",
2778 chan, freq);
2779 }
2780 }
2781
2782 wpa_hexdump(MSG_DEBUG, "WPS: Out-of-Band Device Password",
2783 attr.oob_dev_password, attr.oob_dev_password_len);
2784 dev_pw_id = WPA_GET_BE16(attr.oob_dev_password +
2785 WPS_OOB_PUBKEY_HASH_LEN);
2786 if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER) {
2787 wpa_printf(MSG_DEBUG, "WPS: Unexpected OOB Device Password ID "
2788 "%u in Wi-Fi Handover Select Message", dev_pw_id);
2789 ret = -1;
2790 goto out;
2791 }
2792 wpa_hexdump(MSG_DEBUG, "WPS: AP Public Key hash",
2793 attr.oob_dev_password, WPS_OOB_PUBKEY_HASH_LEN);
2794
2795 ret = wpas_wps_start_nfc(wpa_s, NULL, bssid, NULL, dev_pw_id, 0,
2796 attr.oob_dev_password,
2797 attr.ssid, attr.ssid_len, freq);
2798
2799 out:
2800 wpabuf_free(wps);
2801 return ret;
2802 }
2803
2804
wpas_wps_nfc_report_handover(struct wpa_supplicant * wpa_s,const struct wpabuf * req,const struct wpabuf * sel)2805 int wpas_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
2806 const struct wpabuf *req,
2807 const struct wpabuf *sel)
2808 {
2809 wpa_printf(MSG_DEBUG, "NFC: WPS connection handover reported");
2810 wpa_hexdump_buf_key(MSG_DEBUG, "WPS: Carrier record in request", req);
2811 wpa_hexdump_buf_key(MSG_DEBUG, "WPS: Carrier record in select", sel);
2812 return wpas_wps_nfc_rx_handover_sel(wpa_s, sel);
2813 }
2814
2815
wpas_er_wps_nfc_report_handover(struct wpa_supplicant * wpa_s,const struct wpabuf * req,const struct wpabuf * sel)2816 int wpas_er_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
2817 const struct wpabuf *req,
2818 const struct wpabuf *sel)
2819 {
2820 struct wpabuf *wps;
2821 int ret = -1;
2822 u16 wsc_len;
2823 const u8 *pos;
2824 struct wpabuf msg;
2825 struct wps_parse_attr attr;
2826 u16 dev_pw_id;
2827
2828 /*
2829 * Enrollee/station is always initiator of the NFC connection handover,
2830 * so use the request message here to find Enrollee public key hash.
2831 */
2832 wps = ndef_parse_wifi(req);
2833 if (wps == NULL)
2834 return -1;
2835 wpa_printf(MSG_DEBUG, "WPS: Received application/vnd.wfa.wsc "
2836 "payload from NFC connection handover");
2837 wpa_hexdump_buf(MSG_DEBUG, "WPS: NFC payload", wps);
2838 if (wpabuf_len(wps) < 2) {
2839 wpa_printf(MSG_DEBUG, "WPS: Too short Wi-Fi Handover Request "
2840 "Message");
2841 goto out;
2842 }
2843 pos = wpabuf_head(wps);
2844 wsc_len = WPA_GET_BE16(pos);
2845 if (wsc_len > wpabuf_len(wps) - 2) {
2846 wpa_printf(MSG_DEBUG, "WPS: Invalid WSC attribute length (%u) "
2847 "in rt Wi-Fi Handover Request Message", wsc_len);
2848 goto out;
2849 }
2850 pos += 2;
2851
2852 wpa_hexdump(MSG_DEBUG,
2853 "WPS: WSC attributes in Wi-Fi Handover Request Message",
2854 pos, wsc_len);
2855 if (wsc_len < wpabuf_len(wps) - 2) {
2856 wpa_hexdump(MSG_DEBUG,
2857 "WPS: Ignore extra data after WSC attributes",
2858 pos + wsc_len, wpabuf_len(wps) - 2 - wsc_len);
2859 }
2860
2861 wpabuf_set(&msg, pos, wsc_len);
2862 ret = wps_parse_msg(&msg, &attr);
2863 if (ret < 0) {
2864 wpa_printf(MSG_DEBUG, "WPS: Could not parse WSC attributes in "
2865 "Wi-Fi Handover Request Message");
2866 goto out;
2867 }
2868
2869 if (attr.oob_dev_password == NULL ||
2870 attr.oob_dev_password_len < WPS_OOB_PUBKEY_HASH_LEN + 2) {
2871 wpa_printf(MSG_DEBUG, "WPS: No Out-of-Band Device Password "
2872 "included in Wi-Fi Handover Request Message");
2873 ret = -1;
2874 goto out;
2875 }
2876
2877 if (attr.uuid_e == NULL) {
2878 wpa_printf(MSG_DEBUG, "WPS: No UUID-E included in Wi-Fi "
2879 "Handover Request Message");
2880 ret = -1;
2881 goto out;
2882 }
2883
2884 wpa_hexdump(MSG_DEBUG, "WPS: UUID-E", attr.uuid_e, WPS_UUID_LEN);
2885
2886 wpa_hexdump(MSG_DEBUG, "WPS: Out-of-Band Device Password",
2887 attr.oob_dev_password, attr.oob_dev_password_len);
2888 dev_pw_id = WPA_GET_BE16(attr.oob_dev_password +
2889 WPS_OOB_PUBKEY_HASH_LEN);
2890 if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER) {
2891 wpa_printf(MSG_DEBUG, "WPS: Unexpected OOB Device Password ID "
2892 "%u in Wi-Fi Handover Request Message", dev_pw_id);
2893 ret = -1;
2894 goto out;
2895 }
2896 wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Public Key hash",
2897 attr.oob_dev_password, WPS_OOB_PUBKEY_HASH_LEN);
2898
2899 ret = wps_registrar_add_nfc_pw_token(wpa_s->wps->registrar,
2900 attr.oob_dev_password,
2901 DEV_PW_NFC_CONNECTION_HANDOVER,
2902 NULL, 0, 1);
2903
2904 out:
2905 wpabuf_free(wps);
2906 return ret;
2907 }
2908
2909 #endif /* CONFIG_WPS_NFC */
2910
2911
wpas_wps_dump_ap_info(struct wpa_supplicant * wpa_s)2912 static void wpas_wps_dump_ap_info(struct wpa_supplicant *wpa_s)
2913 {
2914 size_t i;
2915 struct os_reltime now;
2916
2917 if (wpa_debug_level > MSG_DEBUG)
2918 return;
2919
2920 if (wpa_s->wps_ap == NULL)
2921 return;
2922
2923 os_get_reltime(&now);
2924
2925 for (i = 0; i < wpa_s->num_wps_ap; i++) {
2926 struct wps_ap_info *ap = &wpa_s->wps_ap[i];
2927 struct wpa_bssid_ignore *e = wpa_bssid_ignore_get(wpa_s,
2928 ap->bssid);
2929
2930 wpa_printf(MSG_DEBUG, "WPS: AP[%d] " MACSTR " type=%d "
2931 "tries=%d last_attempt=%d sec ago bssid_ignore=%d",
2932 (int) i, MAC2STR(ap->bssid), ap->type, ap->tries,
2933 ap->last_attempt.sec > 0 ?
2934 (int) now.sec - (int) ap->last_attempt.sec : -1,
2935 e ? e->count : 0);
2936 }
2937 }
2938
2939
wpas_wps_get_ap_info(struct wpa_supplicant * wpa_s,const u8 * bssid)2940 static struct wps_ap_info * wpas_wps_get_ap_info(struct wpa_supplicant *wpa_s,
2941 const u8 *bssid)
2942 {
2943 size_t i;
2944
2945 if (wpa_s->wps_ap == NULL)
2946 return NULL;
2947
2948 for (i = 0; i < wpa_s->num_wps_ap; i++) {
2949 struct wps_ap_info *ap = &wpa_s->wps_ap[i];
2950 if (ether_addr_equal(ap->bssid, bssid))
2951 return ap;
2952 }
2953
2954 return NULL;
2955 }
2956
2957
wpas_wps_update_ap_info_bss(struct wpa_supplicant * wpa_s,struct wpa_scan_res * res)2958 static void wpas_wps_update_ap_info_bss(struct wpa_supplicant *wpa_s,
2959 struct wpa_scan_res *res)
2960 {
2961 struct wpabuf *wps;
2962 enum wps_ap_info_type type;
2963 struct wps_ap_info *ap;
2964 int r, pbc_active;
2965 const u8 *uuid;
2966
2967 if (wpa_scan_get_vendor_ie(res, WPS_IE_VENDOR_TYPE) == NULL)
2968 return;
2969
2970 wps = wpa_scan_get_vendor_ie_multi(res, WPS_IE_VENDOR_TYPE);
2971 if (wps == NULL)
2972 return;
2973
2974 r = wps_is_addr_authorized(wps, wpa_s->own_addr, 1);
2975 if (r == 2)
2976 type = WPS_AP_SEL_REG_OUR;
2977 else if (r == 1)
2978 type = WPS_AP_SEL_REG;
2979 else
2980 type = WPS_AP_NOT_SEL_REG;
2981
2982 uuid = wps_get_uuid_e(wps);
2983 pbc_active = wps_is_selected_pbc_registrar(wps);
2984
2985 ap = wpas_wps_get_ap_info(wpa_s, res->bssid);
2986 if (ap) {
2987 if (ap->type != type) {
2988 wpa_printf(MSG_DEBUG, "WPS: AP " MACSTR
2989 " changed type %d -> %d",
2990 MAC2STR(res->bssid), ap->type, type);
2991 ap->type = type;
2992 if (type != WPS_AP_NOT_SEL_REG)
2993 wpa_bssid_ignore_del(wpa_s, ap->bssid);
2994 }
2995 ap->pbc_active = pbc_active;
2996 if (uuid)
2997 os_memcpy(ap->uuid, uuid, WPS_UUID_LEN);
2998 goto out;
2999 }
3000
3001 ap = os_realloc_array(wpa_s->wps_ap, wpa_s->num_wps_ap + 1,
3002 sizeof(struct wps_ap_info));
3003 if (ap == NULL)
3004 goto out;
3005
3006 wpa_s->wps_ap = ap;
3007 ap = &wpa_s->wps_ap[wpa_s->num_wps_ap];
3008 wpa_s->num_wps_ap++;
3009
3010 os_memset(ap, 0, sizeof(*ap));
3011 os_memcpy(ap->bssid, res->bssid, ETH_ALEN);
3012 ap->type = type;
3013 ap->pbc_active = pbc_active;
3014 if (uuid)
3015 os_memcpy(ap->uuid, uuid, WPS_UUID_LEN);
3016 wpa_printf(MSG_DEBUG, "WPS: AP " MACSTR " type %d added",
3017 MAC2STR(ap->bssid), ap->type);
3018
3019 out:
3020 wpabuf_free(wps);
3021 }
3022
3023
wpas_wps_update_ap_info(struct wpa_supplicant * wpa_s,struct wpa_scan_results * scan_res)3024 void wpas_wps_update_ap_info(struct wpa_supplicant *wpa_s,
3025 struct wpa_scan_results *scan_res)
3026 {
3027 size_t i;
3028
3029 for (i = 0; i < scan_res->num; i++)
3030 wpas_wps_update_ap_info_bss(wpa_s, scan_res->res[i]);
3031
3032 wpas_wps_dump_ap_info(wpa_s);
3033 }
3034
3035
wpas_wps_partner_link_scan_done(struct wpa_supplicant * wpa_s)3036 bool wpas_wps_partner_link_scan_done(struct wpa_supplicant *wpa_s)
3037 {
3038 struct wpa_global *global = wpa_s->global;
3039 struct wpa_supplicant *iface;
3040
3041 for (iface = global->ifaces; iface; iface = iface->next) {
3042 if (iface == wpa_s)
3043 continue;
3044
3045 if (!iface->supp_pbc_active)
3046 continue;
3047
3048 /* Scan results are available for both links. While the current
3049 * link will proceed for network selection, ensure the partner
3050 * link also gets an attempt at network selection and connect
3051 * with the selected BSS. */
3052 if (iface->wps_scan_done)
3053 wpa_wps_supplicant_fast_associate(iface);
3054 else
3055 return false;
3056 }
3057
3058 return true;
3059 }
3060
3061
wpas_wps_partner_link_overlap_detect(struct wpa_supplicant * wpa_s)3062 bool wpas_wps_partner_link_overlap_detect(struct wpa_supplicant *wpa_s)
3063 {
3064 struct wpa_global *global = wpa_s->global;
3065 struct wpa_supplicant *iface;
3066
3067 for (iface = global->ifaces; iface; iface = iface->next) {
3068 if (iface == wpa_s)
3069 continue;
3070 if (iface->wps_overlap)
3071 return true;
3072 }
3073
3074 return false;
3075 }
3076
3077
wpas_wps_notify_assoc(struct wpa_supplicant * wpa_s,const u8 * bssid)3078 void wpas_wps_notify_assoc(struct wpa_supplicant *wpa_s, const u8 *bssid)
3079 {
3080 struct wps_ap_info *ap;
3081
3082 wpa_s->after_wps = 0;
3083
3084 if (!wpa_s->wps_ap_iter)
3085 return;
3086 ap = wpas_wps_get_ap_info(wpa_s, bssid);
3087 if (ap == NULL)
3088 return;
3089 ap->tries++;
3090 os_get_reltime(&ap->last_attempt);
3091 }
3092