1 /* 2 * hostapd / DPP integration 3 * Copyright (c) 2017, Qualcomm Atheros, Inc. 4 * Copyright (c) 2018-2020, The Linux Foundation 5 * 6 * This software may be distributed under the terms of the BSD license. 7 * See README for more details. 8 */ 9 10 #include "utils/includes.h" 11 12 #include "utils/common.h" 13 #include "utils/eloop.h" 14 #include "common/dpp.h" 15 #include "common/gas.h" 16 #include "common/wpa_ctrl.h" 17 #include "hostapd.h" 18 #include "ap_drv_ops.h" 19 #include "gas_query_ap.h" 20 #include "gas_serv.h" 21 #include "wpa_auth.h" 22 #include "dpp_hostapd.h" 23 24 25 static void hostapd_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx); 26 static void hostapd_dpp_auth_conf_wait_timeout(void *eloop_ctx, 27 void *timeout_ctx); 28 static void hostapd_dpp_auth_success(struct hostapd_data *hapd, int initiator); 29 static void hostapd_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx); 30 static int hostapd_dpp_auth_init_next(struct hostapd_data *hapd); 31 #ifdef CONFIG_DPP2 32 static void hostapd_dpp_reconfig_reply_wait_timeout(void *eloop_ctx, 33 void *timeout_ctx); 34 static void hostapd_dpp_handle_config_obj(struct hostapd_data *hapd, 35 struct dpp_authentication *auth, 36 struct dpp_config_obj *conf); 37 #endif /* CONFIG_DPP2 */ 38 39 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 40 41 42 /** 43 * hostapd_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code 44 * @hapd: Pointer to hostapd_data 45 * @cmd: DPP URI read from a QR Code 46 * Returns: Identifier of the stored info or -1 on failure 47 */ 48 int hostapd_dpp_qr_code(struct hostapd_data *hapd, const char *cmd) 49 { 50 struct dpp_bootstrap_info *bi; 51 struct dpp_authentication *auth = hapd->dpp_auth; 52 53 bi = dpp_add_qr_code(hapd->iface->interfaces->dpp, cmd); 54 if (!bi) 55 return -1; 56 57 if (auth && auth->response_pending && 58 dpp_notify_new_qr_code(auth, bi) == 1) { 59 wpa_printf(MSG_DEBUG, 60 "DPP: Sending out pending authentication response"); 61 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 62 " freq=%u type=%d", 63 MAC2STR(auth->peer_mac_addr), auth->curr_freq, 64 DPP_PA_AUTHENTICATION_RESP); 65 hostapd_drv_send_action(hapd, auth->curr_freq, 0, 66 auth->peer_mac_addr, 67 wpabuf_head(hapd->dpp_auth->resp_msg), 68 wpabuf_len(hapd->dpp_auth->resp_msg)); 69 } 70 71 #ifdef CONFIG_DPP2 72 dpp_controller_new_qr_code(hapd->iface->interfaces->dpp, bi); 73 #endif /* CONFIG_DPP2 */ 74 75 return bi->id; 76 } 77 78 79 /** 80 * hostapd_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI) 81 * @hapd: Pointer to hostapd_data 82 * @cmd: DPP URI read from a NFC Tag (URI NDEF message) 83 * Returns: Identifier of the stored info or -1 on failure 84 */ 85 int hostapd_dpp_nfc_uri(struct hostapd_data *hapd, const char *cmd) 86 { 87 struct dpp_bootstrap_info *bi; 88 89 bi = dpp_add_nfc_uri(hapd->iface->interfaces->dpp, cmd); 90 if (!bi) 91 return -1; 92 93 return bi->id; 94 } 95 96 97 int hostapd_dpp_nfc_handover_req(struct hostapd_data *hapd, const char *cmd) 98 { 99 const char *pos; 100 struct dpp_bootstrap_info *peer_bi, *own_bi; 101 102 pos = os_strstr(cmd, " own="); 103 if (!pos) 104 return -1; 105 pos += 5; 106 own_bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, atoi(pos)); 107 if (!own_bi) 108 return -1; 109 110 pos = os_strstr(cmd, " uri="); 111 if (!pos) 112 return -1; 113 pos += 5; 114 peer_bi = dpp_add_nfc_uri(hapd->iface->interfaces->dpp, pos); 115 if (!peer_bi) { 116 wpa_printf(MSG_INFO, 117 "DPP: Failed to parse URI from NFC Handover Request"); 118 return -1; 119 } 120 121 if (dpp_nfc_update_bi(own_bi, peer_bi) < 0) 122 return -1; 123 124 return peer_bi->id; 125 } 126 127 128 int hostapd_dpp_nfc_handover_sel(struct hostapd_data *hapd, const char *cmd) 129 { 130 const char *pos; 131 struct dpp_bootstrap_info *peer_bi, *own_bi; 132 133 pos = os_strstr(cmd, " own="); 134 if (!pos) 135 return -1; 136 pos += 5; 137 own_bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, atoi(pos)); 138 if (!own_bi) 139 return -1; 140 141 pos = os_strstr(cmd, " uri="); 142 if (!pos) 143 return -1; 144 pos += 5; 145 peer_bi = dpp_add_nfc_uri(hapd->iface->interfaces->dpp, pos); 146 if (!peer_bi) { 147 wpa_printf(MSG_INFO, 148 "DPP: Failed to parse URI from NFC Handover Select"); 149 return -1; 150 } 151 152 if (peer_bi->curve != own_bi->curve) { 153 wpa_printf(MSG_INFO, 154 "DPP: Peer (NFC Handover Selector) used different curve"); 155 return -1; 156 } 157 158 return peer_bi->id; 159 } 160 161 162 static void hostapd_dpp_auth_resp_retry_timeout(void *eloop_ctx, 163 void *timeout_ctx) 164 { 165 struct hostapd_data *hapd = eloop_ctx; 166 struct dpp_authentication *auth = hapd->dpp_auth; 167 168 if (!auth || !auth->resp_msg) 169 return; 170 171 wpa_printf(MSG_DEBUG, 172 "DPP: Retry Authentication Response after timeout"); 173 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 174 " freq=%u type=%d", 175 MAC2STR(auth->peer_mac_addr), auth->curr_freq, 176 DPP_PA_AUTHENTICATION_RESP); 177 hostapd_drv_send_action(hapd, auth->curr_freq, 500, auth->peer_mac_addr, 178 wpabuf_head(auth->resp_msg), 179 wpabuf_len(auth->resp_msg)); 180 } 181 182 183 static void hostapd_dpp_auth_resp_retry(struct hostapd_data *hapd) 184 { 185 struct dpp_authentication *auth = hapd->dpp_auth; 186 unsigned int wait_time, max_tries; 187 188 if (!auth || !auth->resp_msg) 189 return; 190 191 if (hapd->dpp_resp_max_tries) 192 max_tries = hapd->dpp_resp_max_tries; 193 else 194 max_tries = 5; 195 auth->auth_resp_tries++; 196 if (auth->auth_resp_tries >= max_tries) { 197 wpa_printf(MSG_INFO, 198 "DPP: No confirm received from initiator - stopping exchange"); 199 hostapd_drv_send_action_cancel_wait(hapd); 200 dpp_auth_deinit(hapd->dpp_auth); 201 hapd->dpp_auth = NULL; 202 return; 203 } 204 205 if (hapd->dpp_resp_retry_time) 206 wait_time = hapd->dpp_resp_retry_time; 207 else 208 wait_time = 1000; 209 wpa_printf(MSG_DEBUG, 210 "DPP: Schedule retransmission of Authentication Response frame in %u ms", 211 wait_time); 212 eloop_cancel_timeout(hostapd_dpp_auth_resp_retry_timeout, hapd, NULL); 213 eloop_register_timeout(wait_time / 1000, 214 (wait_time % 1000) * 1000, 215 hostapd_dpp_auth_resp_retry_timeout, hapd, NULL); 216 } 217 218 219 void hostapd_dpp_tx_status(struct hostapd_data *hapd, const u8 *dst, 220 const u8 *data, size_t data_len, int ok) 221 { 222 struct dpp_authentication *auth = hapd->dpp_auth; 223 224 wpa_printf(MSG_DEBUG, "DPP: TX status: dst=" MACSTR " ok=%d", 225 MAC2STR(dst), ok); 226 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR 227 " result=%s", MAC2STR(dst), ok ? "SUCCESS" : "FAILED"); 228 229 if (!hapd->dpp_auth) { 230 wpa_printf(MSG_DEBUG, 231 "DPP: Ignore TX status since there is no ongoing authentication exchange"); 232 return; 233 } 234 235 #ifdef CONFIG_DPP2 236 if (auth->connect_on_tx_status) { 237 wpa_printf(MSG_DEBUG, 238 "DPP: Complete exchange on configuration result"); 239 dpp_auth_deinit(hapd->dpp_auth); 240 hapd->dpp_auth = NULL; 241 return; 242 } 243 #endif /* CONFIG_DPP2 */ 244 245 if (hapd->dpp_auth->remove_on_tx_status) { 246 wpa_printf(MSG_DEBUG, 247 "DPP: Terminate authentication exchange due to an earlier error"); 248 eloop_cancel_timeout(hostapd_dpp_init_timeout, hapd, NULL); 249 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, 250 hapd, NULL); 251 eloop_cancel_timeout(hostapd_dpp_auth_conf_wait_timeout, 252 hapd, NULL); 253 eloop_cancel_timeout(hostapd_dpp_auth_resp_retry_timeout, hapd, 254 NULL); 255 #ifdef CONFIG_DPP2 256 eloop_cancel_timeout(hostapd_dpp_reconfig_reply_wait_timeout, 257 hapd, NULL); 258 #endif /* CONFIG_DPP2 */ 259 hostapd_drv_send_action_cancel_wait(hapd); 260 dpp_auth_deinit(hapd->dpp_auth); 261 hapd->dpp_auth = NULL; 262 return; 263 } 264 265 if (hapd->dpp_auth_ok_on_ack) 266 hostapd_dpp_auth_success(hapd, 1); 267 268 if (!is_broadcast_ether_addr(dst) && !ok) { 269 wpa_printf(MSG_DEBUG, 270 "DPP: Unicast DPP Action frame was not ACKed"); 271 if (auth->waiting_auth_resp) { 272 /* In case of DPP Authentication Request frame, move to 273 * the next channel immediately. */ 274 hostapd_drv_send_action_cancel_wait(hapd); 275 hostapd_dpp_auth_init_next(hapd); 276 return; 277 } 278 if (auth->waiting_auth_conf) { 279 hostapd_dpp_auth_resp_retry(hapd); 280 return; 281 } 282 } 283 284 if (auth->waiting_auth_conf && 285 auth->auth_resp_status == DPP_STATUS_OK) { 286 /* Make sure we do not get stuck waiting for Auth Confirm 287 * indefinitely after successfully transmitted Auth Response to 288 * allow new authentication exchanges to be started. */ 289 eloop_cancel_timeout(hostapd_dpp_auth_conf_wait_timeout, hapd, 290 NULL); 291 eloop_register_timeout(1, 0, hostapd_dpp_auth_conf_wait_timeout, 292 hapd, NULL); 293 } 294 295 if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp && ok) { 296 /* Allow timeout handling to stop iteration if no response is 297 * received from a peer that has ACKed a request. */ 298 auth->auth_req_ack = 1; 299 } 300 301 if (!hapd->dpp_auth_ok_on_ack && hapd->dpp_auth->neg_freq > 0 && 302 hapd->dpp_auth->curr_freq != hapd->dpp_auth->neg_freq) { 303 wpa_printf(MSG_DEBUG, 304 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response", 305 hapd->dpp_auth->curr_freq, 306 hapd->dpp_auth->neg_freq); 307 hostapd_drv_send_action_cancel_wait(hapd); 308 309 if (hapd->dpp_auth->neg_freq != 310 (unsigned int) hapd->iface->freq && hapd->iface->freq > 0) { 311 /* TODO: Listen operation on non-operating channel */ 312 wpa_printf(MSG_INFO, 313 "DPP: Listen operation on non-operating channel (%d MHz) is not yet supported (operating channel: %d MHz)", 314 hapd->dpp_auth->neg_freq, hapd->iface->freq); 315 } 316 } 317 318 if (hapd->dpp_auth_ok_on_ack) 319 hapd->dpp_auth_ok_on_ack = 0; 320 } 321 322 323 static void hostapd_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx) 324 { 325 struct hostapd_data *hapd = eloop_ctx; 326 struct dpp_authentication *auth = hapd->dpp_auth; 327 unsigned int freq; 328 struct os_reltime now, diff; 329 unsigned int wait_time, diff_ms; 330 331 if (!auth || !auth->waiting_auth_resp) 332 return; 333 334 wait_time = hapd->dpp_resp_wait_time ? 335 hapd->dpp_resp_wait_time : 2000; 336 os_get_reltime(&now); 337 os_reltime_sub(&now, &hapd->dpp_last_init, &diff); 338 diff_ms = diff.sec * 1000 + diff.usec / 1000; 339 wpa_printf(MSG_DEBUG, 340 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u", 341 wait_time, diff_ms); 342 343 if (auth->auth_req_ack && diff_ms >= wait_time) { 344 /* Peer ACK'ed Authentication Request frame, but did not reply 345 * with Authentication Response frame within two seconds. */ 346 wpa_printf(MSG_INFO, 347 "DPP: No response received from responder - stopping initiation attempt"); 348 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED); 349 hostapd_drv_send_action_cancel_wait(hapd); 350 hostapd_dpp_listen_stop(hapd); 351 dpp_auth_deinit(auth); 352 hapd->dpp_auth = NULL; 353 return; 354 } 355 356 if (diff_ms >= wait_time) { 357 /* Authentication Request frame was not ACK'ed and no reply 358 * was receiving within two seconds. */ 359 wpa_printf(MSG_DEBUG, 360 "DPP: Continue Initiator channel iteration"); 361 hostapd_drv_send_action_cancel_wait(hapd); 362 hostapd_dpp_listen_stop(hapd); 363 hostapd_dpp_auth_init_next(hapd); 364 return; 365 } 366 367 /* Driver did not support 2000 ms long wait_time with TX command, so 368 * schedule listen operation to continue waiting for the response. 369 * 370 * DPP listen operations continue until stopped, so simply schedule a 371 * new call to this function at the point when the two second reply 372 * wait has expired. */ 373 wait_time -= diff_ms; 374 375 freq = auth->curr_freq; 376 if (auth->neg_freq > 0) 377 freq = auth->neg_freq; 378 wpa_printf(MSG_DEBUG, 379 "DPP: Continue reply wait on channel %u MHz for %u ms", 380 freq, wait_time); 381 hapd->dpp_in_response_listen = 1; 382 383 if (freq != (unsigned int) hapd->iface->freq && hapd->iface->freq > 0) { 384 /* TODO: Listen operation on non-operating channel */ 385 wpa_printf(MSG_INFO, 386 "DPP: Listen operation on non-operating channel (%d MHz) is not yet supported (operating channel: %d MHz)", 387 freq, hapd->iface->freq); 388 } 389 390 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000, 391 hostapd_dpp_reply_wait_timeout, hapd, NULL); 392 } 393 394 395 static void hostapd_dpp_auth_conf_wait_timeout(void *eloop_ctx, 396 void *timeout_ctx) 397 { 398 struct hostapd_data *hapd = eloop_ctx; 399 struct dpp_authentication *auth = hapd->dpp_auth; 400 401 if (!auth || !auth->waiting_auth_conf) 402 return; 403 404 wpa_printf(MSG_DEBUG, 405 "DPP: Terminate authentication exchange due to Auth Confirm timeout"); 406 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 407 "No Auth Confirm received"); 408 hostapd_drv_send_action_cancel_wait(hapd); 409 dpp_auth_deinit(auth); 410 hapd->dpp_auth = NULL; 411 } 412 413 414 static void hostapd_dpp_set_testing_options(struct hostapd_data *hapd, 415 struct dpp_authentication *auth) 416 { 417 #ifdef CONFIG_TESTING_OPTIONS 418 if (hapd->dpp_config_obj_override) 419 auth->config_obj_override = 420 os_strdup(hapd->dpp_config_obj_override); 421 if (hapd->dpp_discovery_override) 422 auth->discovery_override = 423 os_strdup(hapd->dpp_discovery_override); 424 if (hapd->dpp_groups_override) 425 auth->groups_override = os_strdup(hapd->dpp_groups_override); 426 auth->ignore_netaccesskey_mismatch = 427 hapd->dpp_ignore_netaccesskey_mismatch; 428 #endif /* CONFIG_TESTING_OPTIONS */ 429 } 430 431 432 static void hostapd_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx) 433 { 434 struct hostapd_data *hapd = eloop_ctx; 435 436 if (!hapd->dpp_auth) 437 return; 438 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout"); 439 hostapd_dpp_auth_init_next(hapd); 440 } 441 442 443 static int hostapd_dpp_auth_init_next(struct hostapd_data *hapd) 444 { 445 struct dpp_authentication *auth = hapd->dpp_auth; 446 const u8 *dst; 447 unsigned int wait_time, max_wait_time, freq, max_tries, used; 448 struct os_reltime now, diff; 449 450 if (!auth) 451 return -1; 452 453 if (auth->freq_idx == 0) 454 os_get_reltime(&hapd->dpp_init_iter_start); 455 456 if (auth->freq_idx >= auth->num_freq) { 457 auth->num_freq_iters++; 458 if (hapd->dpp_init_max_tries) 459 max_tries = hapd->dpp_init_max_tries; 460 else 461 max_tries = 5; 462 if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) { 463 wpa_printf(MSG_INFO, 464 "DPP: No response received from responder - stopping initiation attempt"); 465 wpa_msg(hapd->msg_ctx, MSG_INFO, 466 DPP_EVENT_AUTH_INIT_FAILED); 467 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, 468 hapd, NULL); 469 hostapd_drv_send_action_cancel_wait(hapd); 470 dpp_auth_deinit(hapd->dpp_auth); 471 hapd->dpp_auth = NULL; 472 return -1; 473 } 474 auth->freq_idx = 0; 475 eloop_cancel_timeout(hostapd_dpp_init_timeout, hapd, NULL); 476 if (hapd->dpp_init_retry_time) 477 wait_time = hapd->dpp_init_retry_time; 478 else 479 wait_time = 10000; 480 os_get_reltime(&now); 481 os_reltime_sub(&now, &hapd->dpp_init_iter_start, &diff); 482 used = diff.sec * 1000 + diff.usec / 1000; 483 if (used > wait_time) 484 wait_time = 0; 485 else 486 wait_time -= used; 487 wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms", 488 wait_time); 489 eloop_register_timeout(wait_time / 1000, 490 (wait_time % 1000) * 1000, 491 hostapd_dpp_init_timeout, hapd, 492 NULL); 493 return 0; 494 } 495 freq = auth->freq[auth->freq_idx++]; 496 auth->curr_freq = freq; 497 498 if (!is_zero_ether_addr(auth->peer_mac_addr)) 499 dst = auth->peer_mac_addr; 500 else if (is_zero_ether_addr(auth->peer_bi->mac_addr)) 501 dst = broadcast; 502 else 503 dst = auth->peer_bi->mac_addr; 504 hapd->dpp_auth_ok_on_ack = 0; 505 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, hapd, NULL); 506 wait_time = 2000; /* TODO: hapd->max_remain_on_chan; */ 507 max_wait_time = hapd->dpp_resp_wait_time ? 508 hapd->dpp_resp_wait_time : 2000; 509 if (wait_time > max_wait_time) 510 wait_time = max_wait_time; 511 wait_time += 10; /* give the driver some extra time to complete */ 512 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000, 513 hostapd_dpp_reply_wait_timeout, hapd, NULL); 514 wait_time -= 10; 515 if (auth->neg_freq > 0 && freq != auth->neg_freq) { 516 wpa_printf(MSG_DEBUG, 517 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response", 518 freq, auth->neg_freq); 519 } 520 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 521 " freq=%u type=%d", 522 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ); 523 auth->auth_req_ack = 0; 524 os_get_reltime(&hapd->dpp_last_init); 525 return hostapd_drv_send_action(hapd, freq, wait_time, 526 dst, 527 wpabuf_head(hapd->dpp_auth->req_msg), 528 wpabuf_len(hapd->dpp_auth->req_msg)); 529 } 530 531 532 #ifdef CONFIG_DPP2 533 static int hostapd_dpp_process_conf_obj(void *ctx, 534 struct dpp_authentication *auth) 535 { 536 struct hostapd_data *hapd = ctx; 537 unsigned int i; 538 539 for (i = 0; i < auth->num_conf_obj; i++) 540 hostapd_dpp_handle_config_obj(hapd, auth, 541 &auth->conf_obj[i]); 542 543 return 0; 544 } 545 #endif /* CONFIG_DPP2 */ 546 547 548 int hostapd_dpp_auth_init(struct hostapd_data *hapd, const char *cmd) 549 { 550 const char *pos; 551 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL; 552 struct dpp_authentication *auth; 553 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR; 554 unsigned int neg_freq = 0; 555 int tcp = 0; 556 #ifdef CONFIG_DPP2 557 int tcp_port = DPP_TCP_PORT; 558 struct hostapd_ip_addr ipaddr; 559 char *addr; 560 #endif /* CONFIG_DPP2 */ 561 562 pos = os_strstr(cmd, " peer="); 563 if (!pos) 564 return -1; 565 pos += 6; 566 peer_bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, atoi(pos)); 567 if (!peer_bi) { 568 wpa_printf(MSG_INFO, 569 "DPP: Could not find bootstrapping info for the identified peer"); 570 return -1; 571 } 572 573 #ifdef CONFIG_DPP2 574 pos = os_strstr(cmd, " tcp_port="); 575 if (pos) { 576 pos += 10; 577 tcp_port = atoi(pos); 578 } 579 580 addr = get_param(cmd, " tcp_addr="); 581 if (addr) { 582 int res; 583 584 res = hostapd_parse_ip_addr(addr, &ipaddr); 585 os_free(addr); 586 if (res) 587 return -1; 588 tcp = 1; 589 } 590 #endif /* CONFIG_DPP2 */ 591 592 pos = os_strstr(cmd, " own="); 593 if (pos) { 594 pos += 5; 595 own_bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, 596 atoi(pos)); 597 if (!own_bi) { 598 wpa_printf(MSG_INFO, 599 "DPP: Could not find bootstrapping info for the identified local entry"); 600 return -1; 601 } 602 603 if (peer_bi->curve != own_bi->curve) { 604 wpa_printf(MSG_INFO, 605 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)", 606 peer_bi->curve->name, own_bi->curve->name); 607 return -1; 608 } 609 } 610 611 pos = os_strstr(cmd, " role="); 612 if (pos) { 613 pos += 6; 614 if (os_strncmp(pos, "configurator", 12) == 0) 615 allowed_roles = DPP_CAPAB_CONFIGURATOR; 616 else if (os_strncmp(pos, "enrollee", 8) == 0) 617 allowed_roles = DPP_CAPAB_ENROLLEE; 618 else if (os_strncmp(pos, "either", 6) == 0) 619 allowed_roles = DPP_CAPAB_CONFIGURATOR | 620 DPP_CAPAB_ENROLLEE; 621 else 622 goto fail; 623 } 624 625 pos = os_strstr(cmd, " neg_freq="); 626 if (pos) 627 neg_freq = atoi(pos + 10); 628 629 if (!tcp && hapd->dpp_auth) { 630 eloop_cancel_timeout(hostapd_dpp_init_timeout, hapd, NULL); 631 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, 632 hapd, NULL); 633 eloop_cancel_timeout(hostapd_dpp_auth_conf_wait_timeout, 634 hapd, NULL); 635 eloop_cancel_timeout(hostapd_dpp_auth_resp_retry_timeout, hapd, 636 NULL); 637 #ifdef CONFIG_DPP2 638 eloop_cancel_timeout(hostapd_dpp_reconfig_reply_wait_timeout, 639 hapd, NULL); 640 #endif /* CONFIG_DPP2 */ 641 hostapd_drv_send_action_cancel_wait(hapd); 642 dpp_auth_deinit(hapd->dpp_auth); 643 } 644 645 auth = dpp_auth_init(hapd->iface->interfaces->dpp, hapd->msg_ctx, 646 peer_bi, own_bi, allowed_roles, neg_freq, 647 hapd->iface->hw_features, 648 hapd->iface->num_hw_features); 649 if (!auth) 650 goto fail; 651 hostapd_dpp_set_testing_options(hapd, auth); 652 if (dpp_set_configurator(auth, cmd) < 0) { 653 dpp_auth_deinit(auth); 654 goto fail; 655 } 656 657 auth->neg_freq = neg_freq; 658 659 if (!is_zero_ether_addr(peer_bi->mac_addr)) 660 os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN); 661 662 #ifdef CONFIG_DPP2 663 if (tcp) 664 return dpp_tcp_init(hapd->iface->interfaces->dpp, auth, 665 &ipaddr, tcp_port, hapd->conf->dpp_name, 666 DPP_NETROLE_AP, hapd->msg_ctx, hapd, 667 hostapd_dpp_process_conf_obj); 668 #endif /* CONFIG_DPP2 */ 669 670 hapd->dpp_auth = auth; 671 return hostapd_dpp_auth_init_next(hapd); 672 fail: 673 return -1; 674 } 675 676 677 int hostapd_dpp_listen(struct hostapd_data *hapd, const char *cmd) 678 { 679 int freq; 680 681 freq = atoi(cmd); 682 if (freq <= 0) 683 return -1; 684 685 if (os_strstr(cmd, " role=configurator")) 686 hapd->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR; 687 else if (os_strstr(cmd, " role=enrollee")) 688 hapd->dpp_allowed_roles = DPP_CAPAB_ENROLLEE; 689 else 690 hapd->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR | 691 DPP_CAPAB_ENROLLEE; 692 hapd->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL; 693 694 if (freq != hapd->iface->freq && hapd->iface->freq > 0) { 695 /* TODO: Listen operation on non-operating channel */ 696 wpa_printf(MSG_INFO, 697 "DPP: Listen operation on non-operating channel (%d MHz) is not yet supported (operating channel: %d MHz)", 698 freq, hapd->iface->freq); 699 return -1; 700 } 701 702 hostapd_drv_dpp_listen(hapd, true); 703 return 0; 704 } 705 706 707 void hostapd_dpp_listen_stop(struct hostapd_data *hapd) 708 { 709 hostapd_drv_dpp_listen(hapd, false); 710 /* TODO: Stop listen operation on non-operating channel */ 711 } 712 713 714 static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src, 715 const u8 *hdr, const u8 *buf, size_t len, 716 unsigned int freq) 717 { 718 const u8 *r_bootstrap, *i_bootstrap; 719 u16 r_bootstrap_len, i_bootstrap_len; 720 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL; 721 722 if (!hapd->iface->interfaces->dpp) 723 return; 724 725 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR, 726 MAC2STR(src)); 727 728 #ifdef CONFIG_DPP2 729 hostapd_dpp_chirp_stop(hapd); 730 #endif /* CONFIG_DPP2 */ 731 732 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 733 &r_bootstrap_len); 734 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { 735 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 736 "Missing or invalid required Responder Bootstrapping Key Hash attribute"); 737 return; 738 } 739 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 740 r_bootstrap, r_bootstrap_len); 741 742 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, 743 &i_bootstrap_len); 744 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) { 745 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 746 "Missing or invalid required Initiator Bootstrapping Key Hash attribute"); 747 return; 748 } 749 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash", 750 i_bootstrap, i_bootstrap_len); 751 752 /* Try to find own and peer bootstrapping key matches based on the 753 * received hash values */ 754 dpp_bootstrap_find_pair(hapd->iface->interfaces->dpp, i_bootstrap, 755 r_bootstrap, &own_bi, &peer_bi); 756 #ifdef CONFIG_DPP2 757 if (!own_bi) { 758 if (dpp_relay_rx_action(hapd->iface->interfaces->dpp, 759 src, hdr, buf, len, freq, i_bootstrap, 760 r_bootstrap, hapd) == 0) 761 return; 762 } 763 #endif /* CONFIG_DPP2 */ 764 if (!own_bi) { 765 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 766 "No matching own bootstrapping key found - ignore message"); 767 return; 768 } 769 770 if (hapd->dpp_auth) { 771 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 772 "Already in DPP authentication exchange - ignore new one"); 773 return; 774 } 775 776 hapd->dpp_auth_ok_on_ack = 0; 777 hapd->dpp_auth = dpp_auth_req_rx(hapd->iface->interfaces->dpp, 778 hapd->msg_ctx, hapd->dpp_allowed_roles, 779 hapd->dpp_qr_mutual, 780 peer_bi, own_bi, freq, hdr, buf, len); 781 if (!hapd->dpp_auth) { 782 wpa_printf(MSG_DEBUG, "DPP: No response generated"); 783 return; 784 } 785 hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth); 786 if (dpp_set_configurator(hapd->dpp_auth, 787 hapd->dpp_configurator_params) < 0) { 788 dpp_auth_deinit(hapd->dpp_auth); 789 hapd->dpp_auth = NULL; 790 return; 791 } 792 os_memcpy(hapd->dpp_auth->peer_mac_addr, src, ETH_ALEN); 793 794 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 795 " freq=%u type=%d", 796 MAC2STR(src), hapd->dpp_auth->curr_freq, 797 DPP_PA_AUTHENTICATION_RESP); 798 hostapd_drv_send_action(hapd, hapd->dpp_auth->curr_freq, 0, 799 src, wpabuf_head(hapd->dpp_auth->resp_msg), 800 wpabuf_len(hapd->dpp_auth->resp_msg)); 801 } 802 803 804 static void hostapd_dpp_handle_config_obj(struct hostapd_data *hapd, 805 struct dpp_authentication *auth, 806 struct dpp_config_obj *conf) 807 { 808 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_RECEIVED); 809 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFOBJ_AKM "%s", 810 dpp_akm_str(conf->akm)); 811 if (conf->ssid_len) 812 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s", 813 wpa_ssid_txt(conf->ssid, conf->ssid_len)); 814 if (conf->connector) { 815 /* TODO: Save the Connector and consider using a command 816 * to fetch the value instead of sending an event with 817 * it. The Connector could end up being larger than what 818 * most clients are ready to receive as an event 819 * message. */ 820 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONNECTOR "%s", 821 conf->connector); 822 } 823 if (conf->passphrase[0]) { 824 char hex[64 * 2 + 1]; 825 826 wpa_snprintf_hex(hex, sizeof(hex), 827 (const u8 *) conf->passphrase, 828 os_strlen(conf->passphrase)); 829 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFOBJ_PASS "%s", 830 hex); 831 } else if (conf->psk_set) { 832 char hex[PMK_LEN * 2 + 1]; 833 834 wpa_snprintf_hex(hex, sizeof(hex), conf->psk, PMK_LEN); 835 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s", 836 hex); 837 } 838 if (conf->c_sign_key) { 839 char *hex; 840 size_t hexlen; 841 842 hexlen = 2 * wpabuf_len(conf->c_sign_key) + 1; 843 hex = os_malloc(hexlen); 844 if (hex) { 845 wpa_snprintf_hex(hex, hexlen, 846 wpabuf_head(conf->c_sign_key), 847 wpabuf_len(conf->c_sign_key)); 848 wpa_msg(hapd->msg_ctx, MSG_INFO, 849 DPP_EVENT_C_SIGN_KEY "%s", hex); 850 os_free(hex); 851 } 852 } 853 if (auth->net_access_key) { 854 char *hex; 855 size_t hexlen; 856 857 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1; 858 hex = os_malloc(hexlen); 859 if (hex) { 860 wpa_snprintf_hex(hex, hexlen, 861 wpabuf_head(auth->net_access_key), 862 wpabuf_len(auth->net_access_key)); 863 if (auth->net_access_key_expiry) 864 wpa_msg(hapd->msg_ctx, MSG_INFO, 865 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex, 866 (unsigned long) 867 auth->net_access_key_expiry); 868 else 869 wpa_msg(hapd->msg_ctx, MSG_INFO, 870 DPP_EVENT_NET_ACCESS_KEY "%s", hex); 871 os_free(hex); 872 } 873 } 874 } 875 876 877 static int hostapd_dpp_handle_key_pkg(struct hostapd_data *hapd, 878 struct dpp_asymmetric_key *key) 879 { 880 #ifdef CONFIG_DPP2 881 int res; 882 883 if (!key) 884 return 0; 885 886 wpa_printf(MSG_DEBUG, "DPP: Received Configurator backup"); 887 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_RECEIVED); 888 889 while (key) { 890 res = dpp_configurator_from_backup( 891 hapd->iface->interfaces->dpp, key); 892 if (res < 0) 893 return -1; 894 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFIGURATOR_ID "%d", 895 res); 896 key = key->next; 897 } 898 #endif /* CONFIG_DPP2 */ 899 900 return 0; 901 } 902 903 904 static void hostapd_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token, 905 enum gas_query_ap_result result, 906 const struct wpabuf *adv_proto, 907 const struct wpabuf *resp, u16 status_code) 908 { 909 struct hostapd_data *hapd = ctx; 910 const u8 *pos; 911 struct dpp_authentication *auth = hapd->dpp_auth; 912 enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED; 913 914 if (!auth || !auth->auth_success) { 915 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 916 return; 917 } 918 if (result != GAS_QUERY_AP_SUCCESS || 919 !resp || status_code != WLAN_STATUS_SUCCESS) { 920 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed"); 921 goto fail; 922 } 923 924 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto", 925 adv_proto); 926 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)", 927 resp); 928 929 if (wpabuf_len(adv_proto) != 10 || 930 !(pos = wpabuf_head(adv_proto)) || 931 pos[0] != WLAN_EID_ADV_PROTO || 932 pos[1] != 8 || 933 pos[3] != WLAN_EID_VENDOR_SPECIFIC || 934 pos[4] != 5 || 935 WPA_GET_BE24(&pos[5]) != OUI_WFA || 936 pos[8] != 0x1a || 937 pos[9] != 1) { 938 wpa_printf(MSG_DEBUG, 939 "DPP: Not a DPP Advertisement Protocol ID"); 940 goto fail; 941 } 942 943 if (dpp_conf_resp_rx(auth, resp) < 0) { 944 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed"); 945 goto fail; 946 } 947 948 hostapd_dpp_handle_config_obj(hapd, auth, &auth->conf_obj[0]); 949 if (hostapd_dpp_handle_key_pkg(hapd, auth->conf_key_pkg) < 0) 950 goto fail; 951 952 status = DPP_STATUS_OK; 953 #ifdef CONFIG_TESTING_OPTIONS 954 if (dpp_test == DPP_TEST_REJECT_CONFIG) { 955 wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object"); 956 status = DPP_STATUS_CONFIG_REJECTED; 957 } 958 #endif /* CONFIG_TESTING_OPTIONS */ 959 fail: 960 if (status != DPP_STATUS_OK) 961 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED); 962 #ifdef CONFIG_DPP2 963 if (auth->peer_version >= 2 && 964 auth->conf_resp_status == DPP_STATUS_OK) { 965 struct wpabuf *msg; 966 967 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result"); 968 msg = dpp_build_conf_result(auth, status); 969 if (!msg) 970 goto fail2; 971 972 wpa_msg(hapd->msg_ctx, MSG_INFO, 973 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 974 MAC2STR(addr), auth->curr_freq, 975 DPP_PA_CONFIGURATION_RESULT); 976 hostapd_drv_send_action(hapd, auth->curr_freq, 0, 977 addr, wpabuf_head(msg), 978 wpabuf_len(msg)); 979 wpabuf_free(msg); 980 981 /* This exchange will be terminated in the TX status handler */ 982 auth->connect_on_tx_status = 1; 983 return; 984 } 985 fail2: 986 #endif /* CONFIG_DPP2 */ 987 dpp_auth_deinit(hapd->dpp_auth); 988 hapd->dpp_auth = NULL; 989 } 990 991 992 static void hostapd_dpp_start_gas_client(struct hostapd_data *hapd) 993 { 994 struct dpp_authentication *auth = hapd->dpp_auth; 995 struct wpabuf *buf; 996 int res; 997 998 buf = dpp_build_conf_req_helper(auth, hapd->conf->dpp_name, 999 DPP_NETROLE_AP, 1000 hapd->conf->dpp_mud_url, NULL); 1001 if (!buf) { 1002 wpa_printf(MSG_DEBUG, 1003 "DPP: No configuration request data available"); 1004 return; 1005 } 1006 1007 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)", 1008 MAC2STR(auth->peer_mac_addr), auth->curr_freq); 1009 1010 res = gas_query_ap_req(hapd->gas, auth->peer_mac_addr, auth->curr_freq, 1011 buf, hostapd_dpp_gas_resp_cb, hapd); 1012 if (res < 0) { 1013 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 1014 "GAS: Failed to send Query Request"); 1015 wpabuf_free(buf); 1016 } else { 1017 wpa_printf(MSG_DEBUG, 1018 "DPP: GAS query started with dialog token %u", res); 1019 } 1020 } 1021 1022 1023 static void hostapd_dpp_auth_success(struct hostapd_data *hapd, int initiator) 1024 { 1025 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded"); 1026 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d", 1027 initiator); 1028 #ifdef CONFIG_TESTING_OPTIONS 1029 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) { 1030 wpa_printf(MSG_INFO, 1031 "DPP: TESTING - stop at Authentication Confirm"); 1032 if (hapd->dpp_auth->configurator) { 1033 /* Prevent GAS response */ 1034 hapd->dpp_auth->auth_success = 0; 1035 } 1036 return; 1037 } 1038 #endif /* CONFIG_TESTING_OPTIONS */ 1039 1040 if (!hapd->dpp_auth->configurator) 1041 hostapd_dpp_start_gas_client(hapd); 1042 } 1043 1044 1045 static void hostapd_dpp_rx_auth_resp(struct hostapd_data *hapd, const u8 *src, 1046 const u8 *hdr, const u8 *buf, size_t len, 1047 unsigned int freq) 1048 { 1049 struct dpp_authentication *auth = hapd->dpp_auth; 1050 struct wpabuf *msg; 1051 1052 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR, 1053 MAC2STR(src)); 1054 1055 if (!auth) { 1056 wpa_printf(MSG_DEBUG, 1057 "DPP: No DPP Authentication in progress - drop"); 1058 return; 1059 } 1060 1061 if (!is_zero_ether_addr(auth->peer_mac_addr) && 1062 os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) { 1063 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " 1064 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); 1065 return; 1066 } 1067 1068 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, hapd, NULL); 1069 1070 if (auth->curr_freq != freq && auth->neg_freq == freq) { 1071 wpa_printf(MSG_DEBUG, 1072 "DPP: Responder accepted request for different negotiation channel"); 1073 auth->curr_freq = freq; 1074 } 1075 1076 eloop_cancel_timeout(hostapd_dpp_init_timeout, hapd, NULL); 1077 msg = dpp_auth_resp_rx(auth, hdr, buf, len); 1078 if (!msg) { 1079 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) { 1080 wpa_printf(MSG_DEBUG, "DPP: Wait for full response"); 1081 return; 1082 } 1083 wpa_printf(MSG_DEBUG, "DPP: No confirm generated"); 1084 return; 1085 } 1086 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN); 1087 1088 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 1089 " freq=%u type=%d", MAC2STR(src), auth->curr_freq, 1090 DPP_PA_AUTHENTICATION_CONF); 1091 hostapd_drv_send_action(hapd, auth->curr_freq, 0, src, 1092 wpabuf_head(msg), wpabuf_len(msg)); 1093 wpabuf_free(msg); 1094 hapd->dpp_auth_ok_on_ack = 1; 1095 } 1096 1097 1098 static void hostapd_dpp_rx_auth_conf(struct hostapd_data *hapd, const u8 *src, 1099 const u8 *hdr, const u8 *buf, size_t len) 1100 { 1101 struct dpp_authentication *auth = hapd->dpp_auth; 1102 1103 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR, 1104 MAC2STR(src)); 1105 1106 if (!auth) { 1107 wpa_printf(MSG_DEBUG, 1108 "DPP: No DPP Authentication in progress - drop"); 1109 return; 1110 } 1111 1112 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) { 1113 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " 1114 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); 1115 return; 1116 } 1117 1118 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) { 1119 wpa_printf(MSG_DEBUG, "DPP: Authentication failed"); 1120 return; 1121 } 1122 1123 hostapd_dpp_auth_success(hapd, 0); 1124 } 1125 1126 1127 #ifdef CONFIG_DPP2 1128 1129 static void hostapd_dpp_config_result_wait_timeout(void *eloop_ctx, 1130 void *timeout_ctx) 1131 { 1132 struct hostapd_data *hapd = eloop_ctx; 1133 struct dpp_authentication *auth = hapd->dpp_auth; 1134 1135 if (!auth || !auth->waiting_conf_result) 1136 return; 1137 1138 wpa_printf(MSG_DEBUG, 1139 "DPP: Timeout while waiting for Configuration Result"); 1140 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED); 1141 dpp_auth_deinit(auth); 1142 hapd->dpp_auth = NULL; 1143 } 1144 1145 1146 static void hostapd_dpp_conn_status_result_wait_timeout(void *eloop_ctx, 1147 void *timeout_ctx) 1148 { 1149 struct hostapd_data *hapd = eloop_ctx; 1150 struct dpp_authentication *auth = hapd->dpp_auth; 1151 1152 if (!auth || !auth->waiting_conf_result) 1153 return; 1154 1155 wpa_printf(MSG_DEBUG, 1156 "DPP: Timeout while waiting for Connection Status Result"); 1157 wpa_msg(hapd->msg_ctx, MSG_INFO, 1158 DPP_EVENT_CONN_STATUS_RESULT "timeout"); 1159 dpp_auth_deinit(auth); 1160 hapd->dpp_auth = NULL; 1161 } 1162 1163 1164 static void hostapd_dpp_rx_conf_result(struct hostapd_data *hapd, const u8 *src, 1165 const u8 *hdr, const u8 *buf, size_t len) 1166 { 1167 struct dpp_authentication *auth = hapd->dpp_auth; 1168 enum dpp_status_error status; 1169 1170 wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR, 1171 MAC2STR(src)); 1172 1173 if (!auth || !auth->waiting_conf_result) { 1174 wpa_printf(MSG_DEBUG, 1175 "DPP: No DPP Configuration waiting for result - drop"); 1176 return; 1177 } 1178 1179 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) { 1180 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " 1181 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); 1182 return; 1183 } 1184 1185 status = dpp_conf_result_rx(auth, hdr, buf, len); 1186 1187 if (status == DPP_STATUS_OK && auth->send_conn_status) { 1188 wpa_msg(hapd->msg_ctx, MSG_INFO, 1189 DPP_EVENT_CONF_SENT "wait_conn_status=1"); 1190 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result"); 1191 eloop_cancel_timeout(hostapd_dpp_config_result_wait_timeout, 1192 hapd, NULL); 1193 auth->waiting_conn_status_result = 1; 1194 eloop_cancel_timeout( 1195 hostapd_dpp_conn_status_result_wait_timeout, 1196 hapd, NULL); 1197 eloop_register_timeout( 1198 16, 0, hostapd_dpp_conn_status_result_wait_timeout, 1199 hapd, NULL); 1200 return; 1201 } 1202 hostapd_drv_send_action_cancel_wait(hapd); 1203 hostapd_dpp_listen_stop(hapd); 1204 if (status == DPP_STATUS_OK) 1205 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT); 1206 else 1207 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED); 1208 dpp_auth_deinit(auth); 1209 hapd->dpp_auth = NULL; 1210 eloop_cancel_timeout(hostapd_dpp_config_result_wait_timeout, hapd, 1211 NULL); 1212 } 1213 1214 1215 static void hostapd_dpp_rx_conn_status_result(struct hostapd_data *hapd, 1216 const u8 *src, const u8 *hdr, 1217 const u8 *buf, size_t len) 1218 { 1219 struct dpp_authentication *auth = hapd->dpp_auth; 1220 enum dpp_status_error status; 1221 u8 ssid[SSID_MAX_LEN]; 1222 size_t ssid_len = 0; 1223 char *channel_list = NULL; 1224 1225 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result"); 1226 1227 if (!auth || !auth->waiting_conn_status_result) { 1228 wpa_printf(MSG_DEBUG, 1229 "DPP: No DPP Configuration waiting for connection status result - drop"); 1230 return; 1231 } 1232 1233 status = dpp_conn_status_result_rx(auth, hdr, buf, len, 1234 ssid, &ssid_len, &channel_list); 1235 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT 1236 "result=%d ssid=%s channel_list=%s", 1237 status, wpa_ssid_txt(ssid, ssid_len), 1238 channel_list ? channel_list : "N/A"); 1239 os_free(channel_list); 1240 hostapd_drv_send_action_cancel_wait(hapd); 1241 hostapd_dpp_listen_stop(hapd); 1242 dpp_auth_deinit(auth); 1243 hapd->dpp_auth = NULL; 1244 eloop_cancel_timeout(hostapd_dpp_conn_status_result_wait_timeout, 1245 hapd, NULL); 1246 } 1247 1248 1249 static void 1250 hostapd_dpp_rx_presence_announcement(struct hostapd_data *hapd, const u8 *src, 1251 const u8 *hdr, const u8 *buf, size_t len, 1252 unsigned int freq) 1253 { 1254 const u8 *r_bootstrap; 1255 u16 r_bootstrap_len; 1256 struct dpp_bootstrap_info *peer_bi; 1257 struct dpp_authentication *auth; 1258 1259 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement from " MACSTR, 1260 MAC2STR(src)); 1261 1262 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 1263 &r_bootstrap_len); 1264 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { 1265 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 1266 "Missing or invalid required Responder Bootstrapping Key Hash attribute"); 1267 return; 1268 } 1269 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 1270 r_bootstrap, r_bootstrap_len); 1271 peer_bi = dpp_bootstrap_find_chirp(hapd->iface->interfaces->dpp, 1272 r_bootstrap); 1273 dpp_notify_chirp_received(hapd->msg_ctx, 1274 peer_bi ? (int) peer_bi->id : -1, 1275 src, freq, r_bootstrap); 1276 if (!peer_bi) { 1277 if (dpp_relay_rx_action(hapd->iface->interfaces->dpp, 1278 src, hdr, buf, len, freq, NULL, 1279 r_bootstrap, hapd) == 0) 1280 return; 1281 wpa_printf(MSG_DEBUG, 1282 "DPP: No matching bootstrapping information found"); 1283 return; 1284 } 1285 1286 if (hapd->dpp_auth) { 1287 wpa_printf(MSG_DEBUG, 1288 "DPP: Ignore Presence Announcement during ongoing Authentication"); 1289 return; 1290 } 1291 1292 auth = dpp_auth_init(hapd->iface->interfaces->dpp, hapd->msg_ctx, 1293 peer_bi, NULL, DPP_CAPAB_CONFIGURATOR, freq, NULL, 1294 0); 1295 if (!auth) 1296 return; 1297 hostapd_dpp_set_testing_options(hapd, auth); 1298 if (dpp_set_configurator(auth, 1299 hapd->dpp_configurator_params) < 0) { 1300 dpp_auth_deinit(auth); 1301 return; 1302 } 1303 1304 auth->neg_freq = freq; 1305 1306 /* The source address of the Presence Announcement frame overrides any 1307 * MAC address information from the bootstrapping information. */ 1308 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN); 1309 1310 hapd->dpp_auth = auth; 1311 if (hostapd_dpp_auth_init_next(hapd) < 0) { 1312 dpp_auth_deinit(hapd->dpp_auth); 1313 hapd->dpp_auth = NULL; 1314 } 1315 } 1316 1317 1318 static void hostapd_dpp_reconfig_reply_wait_timeout(void *eloop_ctx, 1319 void *timeout_ctx) 1320 { 1321 struct hostapd_data *hapd = eloop_ctx; 1322 struct dpp_authentication *auth = hapd->dpp_auth; 1323 1324 if (!auth) 1325 return; 1326 1327 wpa_printf(MSG_DEBUG, "DPP: Reconfig Reply wait timeout"); 1328 hostapd_dpp_listen_stop(hapd); 1329 dpp_auth_deinit(auth); 1330 hapd->dpp_auth = NULL; 1331 } 1332 1333 1334 static void 1335 hostapd_dpp_rx_reconfig_announcement(struct hostapd_data *hapd, const u8 *src, 1336 const u8 *hdr, const u8 *buf, size_t len, 1337 unsigned int freq) 1338 { 1339 const u8 *csign_hash, *fcgroup, *a_nonce, *e_id; 1340 u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len; 1341 struct dpp_configurator *conf; 1342 struct dpp_authentication *auth; 1343 unsigned int wait_time, max_wait_time; 1344 u16 group; 1345 1346 if (hapd->dpp_auth) { 1347 wpa_printf(MSG_DEBUG, 1348 "DPP: Ignore Reconfig Announcement during ongoing Authentication"); 1349 return; 1350 } 1351 1352 wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement from " MACSTR, 1353 MAC2STR(src)); 1354 1355 csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH, 1356 &csign_hash_len); 1357 if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) { 1358 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 1359 "Missing or invalid required Configurator C-sign key Hash attribute"); 1360 return; 1361 } 1362 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)", 1363 csign_hash, csign_hash_len); 1364 conf = dpp_configurator_find_kid(hapd->iface->interfaces->dpp, 1365 csign_hash); 1366 if (!conf) { 1367 if (dpp_relay_rx_action(hapd->iface->interfaces->dpp, 1368 src, hdr, buf, len, freq, NULL, 1369 NULL, hapd) == 0) 1370 return; 1371 wpa_printf(MSG_DEBUG, 1372 "DPP: No matching Configurator information found"); 1373 return; 1374 } 1375 1376 fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP, 1377 &fcgroup_len); 1378 if (!fcgroup || fcgroup_len != 2) { 1379 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 1380 "Missing or invalid required Finite Cyclic Group attribute"); 1381 return; 1382 } 1383 group = WPA_GET_LE16(fcgroup); 1384 wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group); 1385 1386 a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len); 1387 e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len); 1388 1389 auth = dpp_reconfig_init(hapd->iface->interfaces->dpp, hapd->msg_ctx, 1390 conf, freq, group, a_nonce, a_nonce_len, 1391 e_id, e_id_len); 1392 if (!auth) 1393 return; 1394 hostapd_dpp_set_testing_options(hapd, auth); 1395 if (dpp_set_configurator(auth, hapd->dpp_configurator_params) < 0) { 1396 dpp_auth_deinit(auth); 1397 return; 1398 } 1399 1400 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN); 1401 hapd->dpp_auth = auth; 1402 1403 hapd->dpp_in_response_listen = 0; 1404 hapd->dpp_auth_ok_on_ack = 0; 1405 wait_time = 2000; /* TODO: hapd->max_remain_on_chan; */ 1406 max_wait_time = hapd->dpp_resp_wait_time ? 1407 hapd->dpp_resp_wait_time : 2000; 1408 if (wait_time > max_wait_time) 1409 wait_time = max_wait_time; 1410 wait_time += 10; /* give the driver some extra time to complete */ 1411 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000, 1412 hostapd_dpp_reconfig_reply_wait_timeout, 1413 hapd, NULL); 1414 wait_time -= 10; 1415 1416 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 1417 " freq=%u type=%d", 1418 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_REQ); 1419 if (hostapd_drv_send_action(hapd, freq, wait_time, src, 1420 wpabuf_head(auth->reconfig_req_msg), 1421 wpabuf_len(auth->reconfig_req_msg)) < 0) { 1422 dpp_auth_deinit(hapd->dpp_auth); 1423 hapd->dpp_auth = NULL; 1424 } 1425 } 1426 1427 1428 static void 1429 hostapd_dpp_rx_reconfig_auth_resp(struct hostapd_data *hapd, const u8 *src, 1430 const u8 *hdr, const u8 *buf, size_t len, 1431 unsigned int freq) 1432 { 1433 struct dpp_authentication *auth = hapd->dpp_auth; 1434 struct wpabuf *conf; 1435 1436 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response from " 1437 MACSTR, MAC2STR(src)); 1438 1439 if (!auth || !auth->reconfig || !auth->configurator) { 1440 wpa_printf(MSG_DEBUG, 1441 "DPP: No DPP Reconfig Authentication in progress - drop"); 1442 return; 1443 } 1444 1445 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) { 1446 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " 1447 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); 1448 return; 1449 } 1450 1451 conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len); 1452 if (!conf) 1453 return; 1454 1455 eloop_cancel_timeout(hostapd_dpp_reconfig_reply_wait_timeout, 1456 hapd, NULL); 1457 1458 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 1459 " freq=%u type=%d", 1460 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_CONF); 1461 if (hostapd_drv_send_action(hapd, freq, 500, src, 1462 wpabuf_head(conf), wpabuf_len(conf)) < 0) { 1463 wpabuf_free(conf); 1464 dpp_auth_deinit(hapd->dpp_auth); 1465 hapd->dpp_auth = NULL; 1466 return; 1467 } 1468 wpabuf_free(conf); 1469 } 1470 1471 #endif /* CONFIG_DPP2 */ 1472 1473 1474 static void hostapd_dpp_send_peer_disc_resp(struct hostapd_data *hapd, 1475 const u8 *src, unsigned int freq, 1476 u8 trans_id, 1477 enum dpp_status_error status) 1478 { 1479 struct wpabuf *msg; 1480 size_t len; 1481 1482 len = 5 + 5 + 4 + os_strlen(hapd->conf->dpp_connector); 1483 #ifdef CONFIG_DPP2 1484 len += 5; 1485 #endif /* CONFIG_DPP2 */ 1486 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_RESP, len); 1487 if (!msg) 1488 return; 1489 1490 #ifdef CONFIG_TESTING_OPTIONS 1491 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_RESP) { 1492 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID"); 1493 goto skip_trans_id; 1494 } 1495 if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_RESP) { 1496 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID"); 1497 trans_id ^= 0x01; 1498 } 1499 #endif /* CONFIG_TESTING_OPTIONS */ 1500 1501 /* Transaction ID */ 1502 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID); 1503 wpabuf_put_le16(msg, 1); 1504 wpabuf_put_u8(msg, trans_id); 1505 1506 #ifdef CONFIG_TESTING_OPTIONS 1507 skip_trans_id: 1508 if (dpp_test == DPP_TEST_NO_STATUS_PEER_DISC_RESP) { 1509 wpa_printf(MSG_INFO, "DPP: TESTING - no Status"); 1510 goto skip_status; 1511 } 1512 if (dpp_test == DPP_TEST_INVALID_STATUS_PEER_DISC_RESP) { 1513 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status"); 1514 status = 254; 1515 } 1516 #endif /* CONFIG_TESTING_OPTIONS */ 1517 1518 /* DPP Status */ 1519 wpabuf_put_le16(msg, DPP_ATTR_STATUS); 1520 wpabuf_put_le16(msg, 1); 1521 wpabuf_put_u8(msg, status); 1522 1523 #ifdef CONFIG_TESTING_OPTIONS 1524 skip_status: 1525 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_RESP) { 1526 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector"); 1527 goto skip_connector; 1528 } 1529 if (status == DPP_STATUS_OK && 1530 dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_RESP) { 1531 char *connector; 1532 1533 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector"); 1534 connector = dpp_corrupt_connector_signature( 1535 hapd->conf->dpp_connector); 1536 if (!connector) { 1537 wpabuf_free(msg); 1538 return; 1539 } 1540 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR); 1541 wpabuf_put_le16(msg, os_strlen(connector)); 1542 wpabuf_put_str(msg, connector); 1543 os_free(connector); 1544 goto skip_connector; 1545 } 1546 #endif /* CONFIG_TESTING_OPTIONS */ 1547 1548 /* DPP Connector */ 1549 if (status == DPP_STATUS_OK) { 1550 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR); 1551 wpabuf_put_le16(msg, os_strlen(hapd->conf->dpp_connector)); 1552 wpabuf_put_str(msg, hapd->conf->dpp_connector); 1553 } 1554 1555 #ifdef CONFIG_TESTING_OPTIONS 1556 skip_connector: 1557 if (dpp_test == DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_RESP) { 1558 wpa_printf(MSG_INFO, "DPP: TESTING - no Protocol Version"); 1559 goto skip_proto_ver; 1560 } 1561 #endif /* CONFIG_TESTING_OPTIONS */ 1562 1563 #ifdef CONFIG_DPP2 1564 if (DPP_VERSION > 1) { 1565 u8 ver = DPP_VERSION; 1566 #ifdef CONFIG_DPP3 1567 int conn_ver; 1568 1569 conn_ver = dpp_get_connector_version(hapd->conf->dpp_connector); 1570 if (conn_ver > 0 && ver != conn_ver) { 1571 wpa_printf(MSG_DEBUG, 1572 "DPP: Use Connector version %d instead of current protocol version %d", 1573 conn_ver, ver); 1574 ver = conn_ver; 1575 } 1576 #endif /* CONFIG_DPP3 */ 1577 1578 /* Protocol Version */ 1579 wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION); 1580 wpabuf_put_le16(msg, 1); 1581 wpabuf_put_u8(msg, ver); 1582 } 1583 #endif /* CONFIG_DPP2 */ 1584 1585 #ifdef CONFIG_TESTING_OPTIONS 1586 skip_proto_ver: 1587 #endif /* CONFIG_TESTING_OPTIONS */ 1588 1589 wpa_printf(MSG_DEBUG, "DPP: Send Peer Discovery Response to " MACSTR 1590 " status=%d", MAC2STR(src), status); 1591 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 1592 " freq=%u type=%d status=%d", MAC2STR(src), freq, 1593 DPP_PA_PEER_DISCOVERY_RESP, status); 1594 hostapd_drv_send_action(hapd, freq, 0, src, 1595 wpabuf_head(msg), wpabuf_len(msg)); 1596 wpabuf_free(msg); 1597 } 1598 1599 1600 static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd, 1601 const u8 *src, 1602 const u8 *buf, size_t len, 1603 unsigned int freq) 1604 { 1605 const u8 *connector, *trans_id; 1606 u16 connector_len, trans_id_len; 1607 struct os_time now; 1608 struct dpp_introduction intro; 1609 os_time_t expire; 1610 int expiration; 1611 enum dpp_status_error res; 1612 1613 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Request from " MACSTR, 1614 MAC2STR(src)); 1615 if (!hapd->wpa_auth || 1616 !(hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) || 1617 !(hapd->conf->wpa & WPA_PROTO_RSN)) { 1618 wpa_printf(MSG_DEBUG, "DPP: DPP AKM not in use"); 1619 return; 1620 } 1621 1622 if (!hapd->conf->dpp_connector || !hapd->conf->dpp_netaccesskey || 1623 !hapd->conf->dpp_csign) { 1624 wpa_printf(MSG_DEBUG, "DPP: No own Connector/keys set"); 1625 return; 1626 } 1627 1628 os_get_time(&now); 1629 1630 if (hapd->conf->dpp_netaccesskey_expiry && 1631 (os_time_t) hapd->conf->dpp_netaccesskey_expiry < now.sec) { 1632 wpa_printf(MSG_INFO, "DPP: Own netAccessKey expired"); 1633 return; 1634 } 1635 1636 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID, 1637 &trans_id_len); 1638 if (!trans_id || trans_id_len != 1) { 1639 wpa_printf(MSG_DEBUG, 1640 "DPP: Peer did not include Transaction ID"); 1641 return; 1642 } 1643 1644 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len); 1645 if (!connector) { 1646 wpa_printf(MSG_DEBUG, 1647 "DPP: Peer did not include its Connector"); 1648 return; 1649 } 1650 1651 res = dpp_peer_intro(&intro, hapd->conf->dpp_connector, 1652 wpabuf_head(hapd->conf->dpp_netaccesskey), 1653 wpabuf_len(hapd->conf->dpp_netaccesskey), 1654 wpabuf_head(hapd->conf->dpp_csign), 1655 wpabuf_len(hapd->conf->dpp_csign), 1656 connector, connector_len, &expire); 1657 if (res == 255) { 1658 wpa_printf(MSG_INFO, 1659 "DPP: Network Introduction protocol resulted in internal failure (peer " 1660 MACSTR ")", MAC2STR(src)); 1661 return; 1662 } 1663 if (res != DPP_STATUS_OK) { 1664 wpa_printf(MSG_INFO, 1665 "DPP: Network Introduction protocol resulted in failure (peer " 1666 MACSTR " status %d)", MAC2STR(src), res); 1667 hostapd_dpp_send_peer_disc_resp(hapd, src, freq, trans_id[0], 1668 res); 1669 return; 1670 } 1671 1672 #ifdef CONFIG_DPP3 1673 if (intro.peer_version && intro.peer_version >= 2) { 1674 const u8 *version; 1675 u16 version_len; 1676 u8 attr_version = 1; 1677 1678 version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION, 1679 &version_len); 1680 if (version && version_len >= 1) 1681 attr_version = version[0]; 1682 if (attr_version != intro.peer_version) { 1683 wpa_printf(MSG_INFO, 1684 "DPP: Protocol version mismatch (Connector: %d Attribute: %d", 1685 intro.peer_version, attr_version); 1686 hostapd_dpp_send_peer_disc_resp(hapd, src, freq, 1687 trans_id[0], 1688 DPP_STATUS_NO_MATCH); 1689 return; 1690 } 1691 } 1692 #endif /* CONFIG_DPP3 */ 1693 1694 if (!expire || (os_time_t) hapd->conf->dpp_netaccesskey_expiry < expire) 1695 expire = hapd->conf->dpp_netaccesskey_expiry; 1696 if (expire) 1697 expiration = expire - now.sec; 1698 else 1699 expiration = 0; 1700 1701 if (wpa_auth_pmksa_add2(hapd->wpa_auth, src, intro.pmk, intro.pmk_len, 1702 intro.pmkid, expiration, 1703 WPA_KEY_MGMT_DPP) < 0) { 1704 wpa_printf(MSG_ERROR, "DPP: Failed to add PMKSA cache entry"); 1705 return; 1706 } 1707 1708 hostapd_dpp_send_peer_disc_resp(hapd, src, freq, trans_id[0], 1709 DPP_STATUS_OK); 1710 } 1711 1712 1713 static void 1714 hostapd_dpp_rx_pkex_exchange_req(struct hostapd_data *hapd, const u8 *src, 1715 const u8 *buf, size_t len, 1716 unsigned int freq, bool v2) 1717 { 1718 struct wpabuf *msg; 1719 1720 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR, 1721 MAC2STR(src)); 1722 1723 /* TODO: Support multiple PKEX codes by iterating over all the enabled 1724 * values here */ 1725 1726 if (!hapd->dpp_pkex_code || !hapd->dpp_pkex_bi) { 1727 wpa_printf(MSG_DEBUG, 1728 "DPP: No PKEX code configured - ignore request"); 1729 return; 1730 } 1731 1732 if (hapd->dpp_pkex) { 1733 /* TODO: Support parallel operations */ 1734 wpa_printf(MSG_DEBUG, 1735 "DPP: Already in PKEX session - ignore new request"); 1736 return; 1737 } 1738 1739 hapd->dpp_pkex = dpp_pkex_rx_exchange_req(hapd->msg_ctx, 1740 hapd->dpp_pkex_bi, 1741 hapd->own_addr, src, 1742 hapd->dpp_pkex_identifier, 1743 hapd->dpp_pkex_code, 1744 buf, len, v2); 1745 if (!hapd->dpp_pkex) { 1746 wpa_printf(MSG_DEBUG, 1747 "DPP: Failed to process the request - ignore it"); 1748 return; 1749 } 1750 1751 msg = hapd->dpp_pkex->exchange_resp; 1752 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 1753 " freq=%u type=%d", MAC2STR(src), freq, 1754 DPP_PA_PKEX_EXCHANGE_RESP); 1755 hostapd_drv_send_action(hapd, freq, 0, src, 1756 wpabuf_head(msg), wpabuf_len(msg)); 1757 if (hapd->dpp_pkex->failed) { 1758 wpa_printf(MSG_DEBUG, 1759 "DPP: Terminate PKEX exchange due to an earlier error"); 1760 if (hapd->dpp_pkex->t > hapd->dpp_pkex->own_bi->pkex_t) 1761 hapd->dpp_pkex->own_bi->pkex_t = hapd->dpp_pkex->t; 1762 dpp_pkex_free(hapd->dpp_pkex); 1763 hapd->dpp_pkex = NULL; 1764 } 1765 } 1766 1767 1768 static void 1769 hostapd_dpp_rx_pkex_exchange_resp(struct hostapd_data *hapd, const u8 *src, 1770 const u8 *buf, size_t len, unsigned int freq) 1771 { 1772 struct wpabuf *msg; 1773 1774 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR, 1775 MAC2STR(src)); 1776 1777 /* TODO: Support multiple PKEX codes by iterating over all the enabled 1778 * values here */ 1779 1780 if (!hapd->dpp_pkex || !hapd->dpp_pkex->initiator || 1781 hapd->dpp_pkex->exchange_done) { 1782 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); 1783 return; 1784 } 1785 1786 msg = dpp_pkex_rx_exchange_resp(hapd->dpp_pkex, src, buf, len); 1787 if (!msg) { 1788 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response"); 1789 return; 1790 } 1791 1792 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR, 1793 MAC2STR(src)); 1794 1795 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 1796 " freq=%u type=%d", MAC2STR(src), freq, 1797 DPP_PA_PKEX_COMMIT_REVEAL_REQ); 1798 hostapd_drv_send_action(hapd, freq, 0, src, 1799 wpabuf_head(msg), wpabuf_len(msg)); 1800 wpabuf_free(msg); 1801 } 1802 1803 1804 static void 1805 hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src, 1806 const u8 *hdr, const u8 *buf, size_t len, 1807 unsigned int freq) 1808 { 1809 struct wpabuf *msg; 1810 struct dpp_pkex *pkex = hapd->dpp_pkex; 1811 struct dpp_bootstrap_info *bi; 1812 1813 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR, 1814 MAC2STR(src)); 1815 1816 if (!pkex || pkex->initiator || !pkex->exchange_done) { 1817 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); 1818 return; 1819 } 1820 1821 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len); 1822 if (!msg) { 1823 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request"); 1824 if (hapd->dpp_pkex->failed) { 1825 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange"); 1826 if (hapd->dpp_pkex->t > hapd->dpp_pkex->own_bi->pkex_t) 1827 hapd->dpp_pkex->own_bi->pkex_t = 1828 hapd->dpp_pkex->t; 1829 dpp_pkex_free(hapd->dpp_pkex); 1830 hapd->dpp_pkex = NULL; 1831 } 1832 return; 1833 } 1834 1835 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to " 1836 MACSTR, MAC2STR(src)); 1837 1838 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 1839 " freq=%u type=%d", MAC2STR(src), freq, 1840 DPP_PA_PKEX_COMMIT_REVEAL_RESP); 1841 hostapd_drv_send_action(hapd, freq, 0, src, 1842 wpabuf_head(msg), wpabuf_len(msg)); 1843 wpabuf_free(msg); 1844 1845 bi = dpp_pkex_finish(hapd->iface->interfaces->dpp, pkex, src, freq); 1846 if (!bi) 1847 return; 1848 hapd->dpp_pkex = NULL; 1849 } 1850 1851 1852 static void 1853 hostapd_dpp_rx_pkex_commit_reveal_resp(struct hostapd_data *hapd, const u8 *src, 1854 const u8 *hdr, const u8 *buf, size_t len, 1855 unsigned int freq) 1856 { 1857 int res; 1858 struct dpp_bootstrap_info *bi; 1859 struct dpp_pkex *pkex = hapd->dpp_pkex; 1860 char cmd[500]; 1861 1862 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR, 1863 MAC2STR(src)); 1864 1865 if (!pkex || !pkex->initiator || !pkex->exchange_done) { 1866 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); 1867 return; 1868 } 1869 1870 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len); 1871 if (res < 0) { 1872 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response"); 1873 return; 1874 } 1875 1876 bi = dpp_pkex_finish(hapd->iface->interfaces->dpp, pkex, src, freq); 1877 if (!bi) 1878 return; 1879 hapd->dpp_pkex = NULL; 1880 1881 os_snprintf(cmd, sizeof(cmd), " peer=%u %s", 1882 bi->id, 1883 hapd->dpp_pkex_auth_cmd ? hapd->dpp_pkex_auth_cmd : ""); 1884 wpa_printf(MSG_DEBUG, 1885 "DPP: Start authentication after PKEX with parameters: %s", 1886 cmd); 1887 if (hostapd_dpp_auth_init(hapd, cmd) < 0) { 1888 wpa_printf(MSG_DEBUG, 1889 "DPP: Authentication initialization failed"); 1890 return; 1891 } 1892 } 1893 1894 1895 void hostapd_dpp_rx_action(struct hostapd_data *hapd, const u8 *src, 1896 const u8 *buf, size_t len, unsigned int freq) 1897 { 1898 u8 crypto_suite; 1899 enum dpp_public_action_frame_type type; 1900 const u8 *hdr; 1901 unsigned int pkex_t; 1902 1903 if (len < DPP_HDR_LEN) 1904 return; 1905 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE) 1906 return; 1907 hdr = buf; 1908 buf += 4; 1909 len -= 4; 1910 crypto_suite = *buf++; 1911 type = *buf++; 1912 len -= 2; 1913 1914 wpa_printf(MSG_DEBUG, 1915 "DPP: Received DPP Public Action frame crypto suite %u type %d from " 1916 MACSTR " freq=%u", 1917 crypto_suite, type, MAC2STR(src), freq); 1918 if (crypto_suite != 1) { 1919 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u", 1920 crypto_suite); 1921 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_RX "src=" MACSTR 1922 " freq=%u type=%d ignore=unsupported-crypto-suite", 1923 MAC2STR(src), freq, type); 1924 return; 1925 } 1926 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len); 1927 if (dpp_check_attrs(buf, len) < 0) { 1928 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_RX "src=" MACSTR 1929 " freq=%u type=%d ignore=invalid-attributes", 1930 MAC2STR(src), freq, type); 1931 return; 1932 } 1933 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_RX "src=" MACSTR 1934 " freq=%u type=%d", MAC2STR(src), freq, type); 1935 1936 #ifdef CONFIG_DPP2 1937 if (dpp_relay_rx_action(hapd->iface->interfaces->dpp, 1938 src, hdr, buf, len, freq, NULL, NULL, 1939 hapd) == 0) 1940 return; 1941 #endif /* CONFIG_DPP2 */ 1942 1943 switch (type) { 1944 case DPP_PA_AUTHENTICATION_REQ: 1945 hostapd_dpp_rx_auth_req(hapd, src, hdr, buf, len, freq); 1946 break; 1947 case DPP_PA_AUTHENTICATION_RESP: 1948 hostapd_dpp_rx_auth_resp(hapd, src, hdr, buf, len, freq); 1949 break; 1950 case DPP_PA_AUTHENTICATION_CONF: 1951 hostapd_dpp_rx_auth_conf(hapd, src, hdr, buf, len); 1952 break; 1953 case DPP_PA_PEER_DISCOVERY_REQ: 1954 hostapd_dpp_rx_peer_disc_req(hapd, src, buf, len, freq); 1955 break; 1956 #ifdef CONFIG_DPP3 1957 case DPP_PA_PKEX_EXCHANGE_REQ: 1958 /* This is for PKEXv2, but for now, process only with 1959 * CONFIG_DPP3 to avoid issues with a capability that has not 1960 * been tested with other implementations. */ 1961 hostapd_dpp_rx_pkex_exchange_req(hapd, src, buf, len, freq, 1962 true); 1963 break; 1964 #endif /* CONFIG_DPP3 */ 1965 case DPP_PA_PKEX_V1_EXCHANGE_REQ: 1966 hostapd_dpp_rx_pkex_exchange_req(hapd, src, buf, len, freq, 1967 false); 1968 break; 1969 case DPP_PA_PKEX_EXCHANGE_RESP: 1970 hostapd_dpp_rx_pkex_exchange_resp(hapd, src, buf, len, freq); 1971 break; 1972 case DPP_PA_PKEX_COMMIT_REVEAL_REQ: 1973 hostapd_dpp_rx_pkex_commit_reveal_req(hapd, src, hdr, buf, len, 1974 freq); 1975 break; 1976 case DPP_PA_PKEX_COMMIT_REVEAL_RESP: 1977 hostapd_dpp_rx_pkex_commit_reveal_resp(hapd, src, hdr, buf, len, 1978 freq); 1979 break; 1980 #ifdef CONFIG_DPP2 1981 case DPP_PA_CONFIGURATION_RESULT: 1982 hostapd_dpp_rx_conf_result(hapd, src, hdr, buf, len); 1983 break; 1984 case DPP_PA_CONNECTION_STATUS_RESULT: 1985 hostapd_dpp_rx_conn_status_result(hapd, src, hdr, buf, len); 1986 break; 1987 case DPP_PA_PRESENCE_ANNOUNCEMENT: 1988 hostapd_dpp_rx_presence_announcement(hapd, src, hdr, buf, len, 1989 freq); 1990 break; 1991 case DPP_PA_RECONFIG_ANNOUNCEMENT: 1992 hostapd_dpp_rx_reconfig_announcement(hapd, src, hdr, buf, len, 1993 freq); 1994 break; 1995 case DPP_PA_RECONFIG_AUTH_RESP: 1996 hostapd_dpp_rx_reconfig_auth_resp(hapd, src, hdr, buf, len, 1997 freq); 1998 break; 1999 #endif /* CONFIG_DPP2 */ 2000 default: 2001 wpa_printf(MSG_DEBUG, 2002 "DPP: Ignored unsupported frame subtype %d", type); 2003 break; 2004 } 2005 2006 if (hapd->dpp_pkex) 2007 pkex_t = hapd->dpp_pkex->t; 2008 else if (hapd->dpp_pkex_bi) 2009 pkex_t = hapd->dpp_pkex_bi->pkex_t; 2010 else 2011 pkex_t = 0; 2012 if (pkex_t >= PKEX_COUNTER_T_LIMIT) { 2013 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0"); 2014 hostapd_dpp_pkex_remove(hapd, "*"); 2015 } 2016 } 2017 2018 2019 struct wpabuf * 2020 hostapd_dpp_gas_req_handler(struct hostapd_data *hapd, const u8 *sa, 2021 const u8 *query, size_t query_len, 2022 const u8 *data, size_t data_len) 2023 { 2024 struct dpp_authentication *auth = hapd->dpp_auth; 2025 struct wpabuf *resp; 2026 2027 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR, MAC2STR(sa)); 2028 if (!auth || (!auth->auth_success && !auth->reconfig_success) || 2029 os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) { 2030 #ifdef CONFIG_DPP2 2031 if (dpp_relay_rx_gas_req(hapd->iface->interfaces->dpp, sa, data, 2032 data_len) == 0) { 2033 /* Response will be forwarded once received over TCP */ 2034 return NULL; 2035 } 2036 #endif /* CONFIG_DPP2 */ 2037 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 2038 return NULL; 2039 } 2040 2041 if (hapd->dpp_auth_ok_on_ack && auth->configurator) { 2042 wpa_printf(MSG_DEBUG, 2043 "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request"); 2044 /* hostapd_dpp_auth_success() would normally have been called 2045 * from TX status handler, but since there was no such handler 2046 * call yet, simply send out the event message and proceed with 2047 * exchange. */ 2048 wpa_msg(hapd->msg_ctx, MSG_INFO, 2049 DPP_EVENT_AUTH_SUCCESS "init=1"); 2050 hapd->dpp_auth_ok_on_ack = 0; 2051 } 2052 2053 wpa_hexdump(MSG_DEBUG, 2054 "DPP: Received Configuration Request (GAS Query Request)", 2055 query, query_len); 2056 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR, 2057 MAC2STR(sa)); 2058 resp = dpp_conf_req_rx(auth, query, query_len); 2059 if (!resp) 2060 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED); 2061 return resp; 2062 } 2063 2064 2065 void hostapd_dpp_gas_status_handler(struct hostapd_data *hapd, int ok) 2066 { 2067 struct dpp_authentication *auth = hapd->dpp_auth; 2068 2069 if (!auth) 2070 return; 2071 2072 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)", 2073 ok); 2074 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, hapd, NULL); 2075 eloop_cancel_timeout(hostapd_dpp_auth_conf_wait_timeout, hapd, NULL); 2076 eloop_cancel_timeout(hostapd_dpp_auth_resp_retry_timeout, hapd, NULL); 2077 #ifdef CONFIG_DPP2 2078 eloop_cancel_timeout(hostapd_dpp_reconfig_reply_wait_timeout, 2079 hapd, NULL); 2080 if (ok && auth->peer_version >= 2 && 2081 auth->conf_resp_status == DPP_STATUS_OK) { 2082 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result"); 2083 auth->waiting_conf_result = 1; 2084 eloop_cancel_timeout(hostapd_dpp_config_result_wait_timeout, 2085 hapd, NULL); 2086 eloop_register_timeout(2, 0, 2087 hostapd_dpp_config_result_wait_timeout, 2088 hapd, NULL); 2089 return; 2090 } 2091 #endif /* CONFIG_DPP2 */ 2092 hostapd_drv_send_action_cancel_wait(hapd); 2093 2094 if (ok) 2095 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT); 2096 else 2097 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED); 2098 dpp_auth_deinit(hapd->dpp_auth); 2099 hapd->dpp_auth = NULL; 2100 } 2101 2102 2103 int hostapd_dpp_configurator_sign(struct hostapd_data *hapd, const char *cmd) 2104 { 2105 struct dpp_authentication *auth; 2106 int ret = -1; 2107 char *curve = NULL; 2108 2109 auth = dpp_alloc_auth(hapd->iface->interfaces->dpp, hapd->msg_ctx); 2110 if (!auth) 2111 return -1; 2112 2113 curve = get_param(cmd, " curve="); 2114 hostapd_dpp_set_testing_options(hapd, auth); 2115 if (dpp_set_configurator(auth, cmd) == 0 && 2116 dpp_configurator_own_config(auth, curve, 1) == 0) { 2117 hostapd_dpp_handle_config_obj(hapd, auth, &auth->conf_obj[0]); 2118 ret = 0; 2119 } 2120 2121 dpp_auth_deinit(auth); 2122 os_free(curve); 2123 2124 return ret; 2125 } 2126 2127 2128 int hostapd_dpp_pkex_add(struct hostapd_data *hapd, const char *cmd) 2129 { 2130 struct dpp_bootstrap_info *own_bi; 2131 const char *pos, *end; 2132 2133 pos = os_strstr(cmd, " own="); 2134 if (!pos) 2135 return -1; 2136 pos += 5; 2137 own_bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, atoi(pos)); 2138 if (!own_bi) { 2139 wpa_printf(MSG_DEBUG, 2140 "DPP: Identified bootstrap info not found"); 2141 return -1; 2142 } 2143 if (own_bi->type != DPP_BOOTSTRAP_PKEX) { 2144 wpa_printf(MSG_DEBUG, 2145 "DPP: Identified bootstrap info not for PKEX"); 2146 return -1; 2147 } 2148 hapd->dpp_pkex_bi = own_bi; 2149 own_bi->pkex_t = 0; /* clear pending errors on new code */ 2150 2151 os_free(hapd->dpp_pkex_identifier); 2152 hapd->dpp_pkex_identifier = NULL; 2153 pos = os_strstr(cmd, " identifier="); 2154 if (pos) { 2155 pos += 12; 2156 end = os_strchr(pos, ' '); 2157 if (!end) 2158 return -1; 2159 hapd->dpp_pkex_identifier = os_malloc(end - pos + 1); 2160 if (!hapd->dpp_pkex_identifier) 2161 return -1; 2162 os_memcpy(hapd->dpp_pkex_identifier, pos, end - pos); 2163 hapd->dpp_pkex_identifier[end - pos] = '\0'; 2164 } 2165 2166 pos = os_strstr(cmd, " code="); 2167 if (!pos) 2168 return -1; 2169 os_free(hapd->dpp_pkex_code); 2170 hapd->dpp_pkex_code = os_strdup(pos + 6); 2171 if (!hapd->dpp_pkex_code) 2172 return -1; 2173 2174 if (os_strstr(cmd, " init=1") || os_strstr(cmd, " init=2")) { 2175 struct wpabuf *msg; 2176 bool v2 = os_strstr(cmd, " init=2") != NULL; 2177 2178 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEX"); 2179 dpp_pkex_free(hapd->dpp_pkex); 2180 hapd->dpp_pkex = dpp_pkex_init(hapd->msg_ctx, own_bi, 2181 hapd->own_addr, 2182 hapd->dpp_pkex_identifier, 2183 hapd->dpp_pkex_code, v2); 2184 if (!hapd->dpp_pkex) 2185 return -1; 2186 2187 msg = hapd->dpp_pkex->exchange_req; 2188 /* TODO: Which channel to use? */ 2189 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 2190 " freq=%u type=%d", MAC2STR(broadcast), 2437, 2191 v2 ? DPP_PA_PKEX_EXCHANGE_REQ : 2192 DPP_PA_PKEX_V1_EXCHANGE_REQ); 2193 hostapd_drv_send_action(hapd, 2437, 0, broadcast, 2194 wpabuf_head(msg), wpabuf_len(msg)); 2195 } 2196 2197 /* TODO: Support multiple PKEX info entries */ 2198 2199 os_free(hapd->dpp_pkex_auth_cmd); 2200 hapd->dpp_pkex_auth_cmd = os_strdup(cmd); 2201 2202 return 1; 2203 } 2204 2205 2206 int hostapd_dpp_pkex_remove(struct hostapd_data *hapd, const char *id) 2207 { 2208 unsigned int id_val; 2209 2210 if (os_strcmp(id, "*") == 0) { 2211 id_val = 0; 2212 } else { 2213 id_val = atoi(id); 2214 if (id_val == 0) 2215 return -1; 2216 } 2217 2218 if ((id_val != 0 && id_val != 1) || !hapd->dpp_pkex_code) 2219 return -1; 2220 2221 /* TODO: Support multiple PKEX entries */ 2222 os_free(hapd->dpp_pkex_code); 2223 hapd->dpp_pkex_code = NULL; 2224 os_free(hapd->dpp_pkex_identifier); 2225 hapd->dpp_pkex_identifier = NULL; 2226 os_free(hapd->dpp_pkex_auth_cmd); 2227 hapd->dpp_pkex_auth_cmd = NULL; 2228 hapd->dpp_pkex_bi = NULL; 2229 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */ 2230 dpp_pkex_free(hapd->dpp_pkex); 2231 hapd->dpp_pkex = NULL; 2232 return 0; 2233 } 2234 2235 2236 void hostapd_dpp_stop(struct hostapd_data *hapd) 2237 { 2238 dpp_auth_deinit(hapd->dpp_auth); 2239 hapd->dpp_auth = NULL; 2240 dpp_pkex_free(hapd->dpp_pkex); 2241 hapd->dpp_pkex = NULL; 2242 } 2243 2244 2245 #ifdef CONFIG_DPP2 2246 2247 static void hostapd_dpp_relay_tx(void *ctx, const u8 *addr, unsigned int freq, 2248 const u8 *msg, size_t len) 2249 { 2250 struct hostapd_data *hapd = ctx; 2251 u8 *buf; 2252 2253 wpa_printf(MSG_DEBUG, "DPP: Send action frame dst=" MACSTR " freq=%u", 2254 MAC2STR(addr), freq); 2255 buf = os_malloc(2 + len); 2256 if (!buf) 2257 return; 2258 buf[0] = WLAN_ACTION_PUBLIC; 2259 buf[1] = WLAN_PA_VENDOR_SPECIFIC; 2260 os_memcpy(buf + 2, msg, len); 2261 hostapd_drv_send_action(hapd, freq, 0, addr, buf, 2 + len); 2262 os_free(buf); 2263 } 2264 2265 2266 static void hostapd_dpp_relay_gas_resp_tx(void *ctx, const u8 *addr, 2267 u8 dialog_token, int prot, 2268 struct wpabuf *buf) 2269 { 2270 struct hostapd_data *hapd = ctx; 2271 2272 gas_serv_req_dpp_processing(hapd, addr, dialog_token, prot, buf); 2273 } 2274 2275 #endif /* CONFIG_DPP2 */ 2276 2277 2278 static int hostapd_dpp_add_controllers(struct hostapd_data *hapd) 2279 { 2280 #ifdef CONFIG_DPP2 2281 struct dpp_controller_conf *ctrl; 2282 struct dpp_relay_config config; 2283 2284 os_memset(&config, 0, sizeof(config)); 2285 config.cb_ctx = hapd; 2286 config.tx = hostapd_dpp_relay_tx; 2287 config.gas_resp_tx = hostapd_dpp_relay_gas_resp_tx; 2288 for (ctrl = hapd->conf->dpp_controller; ctrl; ctrl = ctrl->next) { 2289 config.ipaddr = &ctrl->ipaddr; 2290 config.pkhash = ctrl->pkhash; 2291 if (dpp_relay_add_controller(hapd->iface->interfaces->dpp, 2292 &config) < 0) 2293 return -1; 2294 } 2295 #endif /* CONFIG_DPP2 */ 2296 2297 return 0; 2298 } 2299 2300 2301 int hostapd_dpp_init(struct hostapd_data *hapd) 2302 { 2303 hapd->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR | DPP_CAPAB_ENROLLEE; 2304 hapd->dpp_init_done = 1; 2305 return hostapd_dpp_add_controllers(hapd); 2306 } 2307 2308 2309 void hostapd_dpp_deinit(struct hostapd_data *hapd) 2310 { 2311 #ifdef CONFIG_TESTING_OPTIONS 2312 os_free(hapd->dpp_config_obj_override); 2313 hapd->dpp_config_obj_override = NULL; 2314 os_free(hapd->dpp_discovery_override); 2315 hapd->dpp_discovery_override = NULL; 2316 os_free(hapd->dpp_groups_override); 2317 hapd->dpp_groups_override = NULL; 2318 hapd->dpp_ignore_netaccesskey_mismatch = 0; 2319 #endif /* CONFIG_TESTING_OPTIONS */ 2320 if (!hapd->dpp_init_done) 2321 return; 2322 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, hapd, NULL); 2323 eloop_cancel_timeout(hostapd_dpp_auth_conf_wait_timeout, hapd, NULL); 2324 eloop_cancel_timeout(hostapd_dpp_init_timeout, hapd, NULL); 2325 eloop_cancel_timeout(hostapd_dpp_auth_resp_retry_timeout, hapd, NULL); 2326 #ifdef CONFIG_DPP2 2327 eloop_cancel_timeout(hostapd_dpp_reconfig_reply_wait_timeout, 2328 hapd, NULL); 2329 eloop_cancel_timeout(hostapd_dpp_config_result_wait_timeout, hapd, 2330 NULL); 2331 eloop_cancel_timeout(hostapd_dpp_conn_status_result_wait_timeout, hapd, 2332 NULL); 2333 hostapd_dpp_chirp_stop(hapd); 2334 if (hapd->iface->interfaces) 2335 dpp_controller_stop_for_ctx(hapd->iface->interfaces->dpp, hapd); 2336 #endif /* CONFIG_DPP2 */ 2337 dpp_auth_deinit(hapd->dpp_auth); 2338 hapd->dpp_auth = NULL; 2339 hostapd_dpp_pkex_remove(hapd, "*"); 2340 hapd->dpp_pkex = NULL; 2341 os_free(hapd->dpp_configurator_params); 2342 hapd->dpp_configurator_params = NULL; 2343 } 2344 2345 2346 #ifdef CONFIG_DPP2 2347 2348 int hostapd_dpp_controller_start(struct hostapd_data *hapd, const char *cmd) 2349 { 2350 struct dpp_controller_config config; 2351 const char *pos; 2352 2353 os_memset(&config, 0, sizeof(config)); 2354 config.allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR; 2355 config.netrole = DPP_NETROLE_AP; 2356 config.msg_ctx = hapd->msg_ctx; 2357 config.cb_ctx = hapd; 2358 config.process_conf_obj = hostapd_dpp_process_conf_obj; 2359 if (cmd) { 2360 pos = os_strstr(cmd, " tcp_port="); 2361 if (pos) { 2362 pos += 10; 2363 config.tcp_port = atoi(pos); 2364 } 2365 2366 pos = os_strstr(cmd, " role="); 2367 if (pos) { 2368 pos += 6; 2369 if (os_strncmp(pos, "configurator", 12) == 0) 2370 config.allowed_roles = DPP_CAPAB_CONFIGURATOR; 2371 else if (os_strncmp(pos, "enrollee", 8) == 0) 2372 config.allowed_roles = DPP_CAPAB_ENROLLEE; 2373 else if (os_strncmp(pos, "either", 6) == 0) 2374 config.allowed_roles = DPP_CAPAB_CONFIGURATOR | 2375 DPP_CAPAB_ENROLLEE; 2376 else 2377 return -1; 2378 } 2379 2380 config.qr_mutual = os_strstr(cmd, " qr=mutual") != NULL; 2381 } 2382 config.configurator_params = hapd->dpp_configurator_params; 2383 return dpp_controller_start(hapd->iface->interfaces->dpp, &config); 2384 } 2385 2386 2387 static void hostapd_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx); 2388 2389 static void hostapd_dpp_chirp_timeout(void *eloop_ctx, void *timeout_ctx) 2390 { 2391 struct hostapd_data *hapd = eloop_ctx; 2392 2393 wpa_printf(MSG_DEBUG, "DPP: No chirp response received"); 2394 hostapd_drv_send_action_cancel_wait(hapd); 2395 hostapd_dpp_chirp_next(hapd, NULL); 2396 } 2397 2398 2399 static void hostapd_dpp_chirp_start(struct hostapd_data *hapd) 2400 { 2401 struct wpabuf *msg; 2402 int type; 2403 2404 msg = hapd->dpp_presence_announcement; 2405 type = DPP_PA_PRESENCE_ANNOUNCEMENT; 2406 wpa_printf(MSG_DEBUG, "DPP: Chirp on %d MHz", hapd->dpp_chirp_freq); 2407 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 2408 " freq=%u type=%d", 2409 MAC2STR(broadcast), hapd->dpp_chirp_freq, type); 2410 if (hostapd_drv_send_action( 2411 hapd, hapd->dpp_chirp_freq, 2000, broadcast, 2412 wpabuf_head(msg), wpabuf_len(msg)) < 0 || 2413 eloop_register_timeout(2, 0, hostapd_dpp_chirp_timeout, 2414 hapd, NULL) < 0) 2415 hostapd_dpp_chirp_stop(hapd); 2416 } 2417 2418 2419 static struct hostapd_hw_modes * 2420 dpp_get_mode(struct hostapd_data *hapd, 2421 enum hostapd_hw_mode mode) 2422 { 2423 struct hostapd_hw_modes *modes = hapd->iface->hw_features; 2424 u16 num_modes = hapd->iface->num_hw_features; 2425 u16 i; 2426 2427 for (i = 0; i < num_modes; i++) { 2428 if (modes[i].mode != mode || 2429 !modes[i].num_channels || !modes[i].channels) 2430 continue; 2431 return &modes[i]; 2432 } 2433 2434 return NULL; 2435 } 2436 2437 2438 static void 2439 hostapd_dpp_chirp_scan_res_handler(struct hostapd_iface *iface) 2440 { 2441 struct hostapd_data *hapd = iface->bss[0]; 2442 struct wpa_scan_results *scan_res; 2443 struct dpp_bootstrap_info *bi = hapd->dpp_chirp_bi; 2444 unsigned int i; 2445 struct hostapd_hw_modes *mode; 2446 int c; 2447 bool chan6 = hapd->iface->hw_features == NULL; 2448 2449 if (!bi) 2450 return; 2451 2452 hapd->dpp_chirp_scan_done = 1; 2453 2454 scan_res = hostapd_driver_get_scan_results(hapd); 2455 2456 os_free(hapd->dpp_chirp_freqs); 2457 hapd->dpp_chirp_freqs = NULL; 2458 2459 /* Channels from own bootstrapping info */ 2460 if (bi) { 2461 for (i = 0; i < bi->num_freq; i++) 2462 int_array_add_unique(&hapd->dpp_chirp_freqs, 2463 bi->freq[i]); 2464 } 2465 2466 /* Preferred chirping channels */ 2467 mode = dpp_get_mode(hapd, HOSTAPD_MODE_IEEE80211G); 2468 if (mode) { 2469 for (c = 0; c < mode->num_channels; c++) { 2470 struct hostapd_channel_data *chan = &mode->channels[c]; 2471 2472 if (chan->flag & (HOSTAPD_CHAN_DISABLED | 2473 HOSTAPD_CHAN_RADAR) || 2474 chan->freq != 2437) 2475 continue; 2476 chan6 = true; 2477 break; 2478 } 2479 } 2480 if (chan6) 2481 int_array_add_unique(&hapd->dpp_chirp_freqs, 2437); 2482 2483 mode = dpp_get_mode(hapd, HOSTAPD_MODE_IEEE80211A); 2484 if (mode) { 2485 int chan44 = 0, chan149 = 0; 2486 2487 for (c = 0; c < mode->num_channels; c++) { 2488 struct hostapd_channel_data *chan = &mode->channels[c]; 2489 2490 if (chan->flag & (HOSTAPD_CHAN_DISABLED | 2491 HOSTAPD_CHAN_RADAR)) 2492 continue; 2493 if (chan->freq == 5220) 2494 chan44 = 1; 2495 if (chan->freq == 5745) 2496 chan149 = 1; 2497 } 2498 if (chan149) 2499 int_array_add_unique(&hapd->dpp_chirp_freqs, 5745); 2500 else if (chan44) 2501 int_array_add_unique(&hapd->dpp_chirp_freqs, 5220); 2502 } 2503 2504 mode = dpp_get_mode(hapd, HOSTAPD_MODE_IEEE80211AD); 2505 if (mode) { 2506 for (c = 0; c < mode->num_channels; c++) { 2507 struct hostapd_channel_data *chan = &mode->channels[c]; 2508 2509 if ((chan->flag & (HOSTAPD_CHAN_DISABLED | 2510 HOSTAPD_CHAN_RADAR)) || 2511 chan->freq != 60480) 2512 continue; 2513 int_array_add_unique(&hapd->dpp_chirp_freqs, 60480); 2514 break; 2515 } 2516 } 2517 2518 /* Add channels from scan results for APs that advertise Configurator 2519 * Connectivity element */ 2520 for (i = 0; scan_res && i < scan_res->num; i++) { 2521 struct wpa_scan_res *bss = scan_res->res[i]; 2522 size_t ie_len = bss->ie_len; 2523 2524 if (!ie_len) 2525 ie_len = bss->beacon_ie_len; 2526 if (get_vendor_ie((const u8 *) (bss + 1), ie_len, 2527 DPP_CC_IE_VENDOR_TYPE)) 2528 int_array_add_unique(&hapd->dpp_chirp_freqs, 2529 bss->freq); 2530 } 2531 2532 if (!hapd->dpp_chirp_freqs || 2533 eloop_register_timeout(0, 0, hostapd_dpp_chirp_next, 2534 hapd, NULL) < 0) 2535 hostapd_dpp_chirp_stop(hapd); 2536 2537 wpa_scan_results_free(scan_res); 2538 } 2539 2540 2541 static void hostapd_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx) 2542 { 2543 struct hostapd_data *hapd = eloop_ctx; 2544 int i; 2545 2546 if (hapd->dpp_chirp_listen) 2547 hostapd_dpp_listen_stop(hapd); 2548 2549 if (hapd->dpp_chirp_freq == 0) { 2550 if (hapd->dpp_chirp_round % 4 == 0 && 2551 !hapd->dpp_chirp_scan_done) { 2552 struct wpa_driver_scan_params params; 2553 int ret; 2554 2555 wpa_printf(MSG_DEBUG, 2556 "DPP: Update channel list for chirping"); 2557 os_memset(¶ms, 0, sizeof(params)); 2558 ret = hostapd_driver_scan(hapd, ¶ms); 2559 if (ret < 0) { 2560 wpa_printf(MSG_DEBUG, 2561 "DPP: Failed to request a scan ret=%d (%s)", 2562 ret, strerror(-ret)); 2563 hostapd_dpp_chirp_scan_res_handler(hapd->iface); 2564 } else { 2565 hapd->iface->scan_cb = 2566 hostapd_dpp_chirp_scan_res_handler; 2567 } 2568 return; 2569 } 2570 hapd->dpp_chirp_freq = hapd->dpp_chirp_freqs[0]; 2571 hapd->dpp_chirp_round++; 2572 wpa_printf(MSG_DEBUG, "DPP: Start chirping round %d", 2573 hapd->dpp_chirp_round); 2574 } else { 2575 for (i = 0; hapd->dpp_chirp_freqs[i]; i++) 2576 if (hapd->dpp_chirp_freqs[i] == hapd->dpp_chirp_freq) 2577 break; 2578 if (!hapd->dpp_chirp_freqs[i]) { 2579 wpa_printf(MSG_DEBUG, 2580 "DPP: Previous chirp freq %d not found", 2581 hapd->dpp_chirp_freq); 2582 return; 2583 } 2584 i++; 2585 if (hapd->dpp_chirp_freqs[i]) { 2586 hapd->dpp_chirp_freq = hapd->dpp_chirp_freqs[i]; 2587 } else { 2588 hapd->dpp_chirp_iter--; 2589 if (hapd->dpp_chirp_iter <= 0) { 2590 wpa_printf(MSG_DEBUG, 2591 "DPP: Chirping iterations completed"); 2592 hostapd_dpp_chirp_stop(hapd); 2593 return; 2594 } 2595 hapd->dpp_chirp_freq = 0; 2596 hapd->dpp_chirp_scan_done = 0; 2597 if (eloop_register_timeout(30, 0, 2598 hostapd_dpp_chirp_next, 2599 hapd, NULL) < 0) { 2600 hostapd_dpp_chirp_stop(hapd); 2601 return; 2602 } 2603 if (hapd->dpp_chirp_listen) { 2604 wpa_printf(MSG_DEBUG, 2605 "DPP: Listen on %d MHz during chirp 30 second wait", 2606 hapd->dpp_chirp_listen); 2607 /* TODO: start listen on the channel */ 2608 } else { 2609 wpa_printf(MSG_DEBUG, 2610 "DPP: Wait 30 seconds before starting the next chirping round"); 2611 } 2612 return; 2613 } 2614 } 2615 2616 hostapd_dpp_chirp_start(hapd); 2617 } 2618 2619 2620 int hostapd_dpp_chirp(struct hostapd_data *hapd, const char *cmd) 2621 { 2622 const char *pos; 2623 int iter = 1, listen_freq = 0; 2624 struct dpp_bootstrap_info *bi; 2625 2626 pos = os_strstr(cmd, " own="); 2627 if (!pos) 2628 return -1; 2629 pos += 5; 2630 bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, atoi(pos)); 2631 if (!bi) { 2632 wpa_printf(MSG_DEBUG, 2633 "DPP: Identified bootstrap info not found"); 2634 return -1; 2635 } 2636 2637 pos = os_strstr(cmd, " iter="); 2638 if (pos) { 2639 iter = atoi(pos + 6); 2640 if (iter <= 0) 2641 return -1; 2642 } 2643 2644 pos = os_strstr(cmd, " listen="); 2645 if (pos) { 2646 listen_freq = atoi(pos + 8); 2647 if (listen_freq <= 0) 2648 return -1; 2649 } 2650 2651 hostapd_dpp_chirp_stop(hapd); 2652 hapd->dpp_allowed_roles = DPP_CAPAB_ENROLLEE; 2653 hapd->dpp_qr_mutual = 0; 2654 hapd->dpp_chirp_bi = bi; 2655 hapd->dpp_presence_announcement = dpp_build_presence_announcement(bi); 2656 if (!hapd->dpp_presence_announcement) 2657 return -1; 2658 hapd->dpp_chirp_iter = iter; 2659 hapd->dpp_chirp_round = 0; 2660 hapd->dpp_chirp_scan_done = 0; 2661 hapd->dpp_chirp_listen = listen_freq; 2662 2663 return eloop_register_timeout(0, 0, hostapd_dpp_chirp_next, hapd, NULL); 2664 } 2665 2666 2667 void hostapd_dpp_chirp_stop(struct hostapd_data *hapd) 2668 { 2669 if (hapd->dpp_presence_announcement) { 2670 hostapd_drv_send_action_cancel_wait(hapd); 2671 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CHIRP_STOPPED); 2672 } 2673 hapd->dpp_chirp_bi = NULL; 2674 wpabuf_free(hapd->dpp_presence_announcement); 2675 hapd->dpp_presence_announcement = NULL; 2676 if (hapd->dpp_chirp_listen) 2677 hostapd_dpp_listen_stop(hapd); 2678 hapd->dpp_chirp_listen = 0; 2679 hapd->dpp_chirp_freq = 0; 2680 os_free(hapd->dpp_chirp_freqs); 2681 hapd->dpp_chirp_freqs = NULL; 2682 eloop_cancel_timeout(hostapd_dpp_chirp_next, hapd, NULL); 2683 eloop_cancel_timeout(hostapd_dpp_chirp_timeout, hapd, NULL); 2684 if (hapd->iface->scan_cb == hostapd_dpp_chirp_scan_res_handler) { 2685 /* TODO: abort ongoing scan */ 2686 hapd->iface->scan_cb = NULL; 2687 } 2688 } 2689 2690 2691 static int handle_dpp_remove_bi(struct hostapd_iface *iface, void *ctx) 2692 { 2693 struct dpp_bootstrap_info *bi = ctx; 2694 size_t i; 2695 2696 for (i = 0; i < iface->num_bss; i++) { 2697 struct hostapd_data *hapd = iface->bss[i]; 2698 2699 if (bi == hapd->dpp_chirp_bi) 2700 hostapd_dpp_chirp_stop(hapd); 2701 } 2702 2703 return 0; 2704 } 2705 2706 2707 void hostapd_dpp_remove_bi(void *ctx, struct dpp_bootstrap_info *bi) 2708 { 2709 struct hapd_interfaces *interfaces = ctx; 2710 2711 hostapd_for_each_interface(interfaces, handle_dpp_remove_bi, bi); 2712 } 2713 2714 #endif /* CONFIG_DPP2 */ 2715