1 /* 2 * DPP over TCP 3 * Copyright (c) 2019-2020, The Linux Foundation 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 #include <fcntl.h> 11 12 #include "utils/common.h" 13 #include "utils/ip_addr.h" 14 #include "utils/eloop.h" 15 #include "common/ieee802_11_common.h" 16 #include "common/wpa_ctrl.h" 17 #include "dpp.h" 18 #include "dpp_i.h" 19 20 #ifdef CONFIG_DPP2 21 22 struct dpp_connection { 23 struct dl_list list; 24 struct dpp_controller *ctrl; 25 struct dpp_relay_controller *relay; 26 struct dpp_global *global; 27 struct dpp_authentication *auth; 28 void *msg_ctx; 29 void *cb_ctx; 30 int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth); 31 int sock; 32 u8 mac_addr[ETH_ALEN]; 33 unsigned int freq; 34 u8 msg_len[4]; 35 size_t msg_len_octets; 36 struct wpabuf *msg; 37 struct wpabuf *msg_out; 38 size_t msg_out_pos; 39 unsigned int read_eloop:1; 40 unsigned int write_eloop:1; 41 unsigned int on_tcp_tx_complete_gas_done:1; 42 unsigned int on_tcp_tx_complete_remove:1; 43 unsigned int on_tcp_tx_complete_auth_ok:1; 44 unsigned int gas_comeback_in_progress:1; 45 u8 gas_dialog_token; 46 char *name; 47 enum dpp_netrole netrole; 48 }; 49 50 /* Remote Controller */ 51 struct dpp_relay_controller { 52 struct dl_list list; 53 struct dpp_global *global; 54 u8 pkhash[SHA256_MAC_LEN]; 55 struct hostapd_ip_addr ipaddr; 56 void *msg_ctx; 57 void *cb_ctx; 58 void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg, 59 size_t len); 60 void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token, 61 int prot, struct wpabuf *buf); 62 struct dl_list conn; /* struct dpp_connection */ 63 }; 64 65 /* Local Controller */ 66 struct dpp_controller { 67 struct dpp_global *global; 68 u8 allowed_roles; 69 int qr_mutual; 70 int sock; 71 struct dl_list conn; /* struct dpp_connection */ 72 char *configurator_params; 73 enum dpp_netrole netrole; 74 void *msg_ctx; 75 void *cb_ctx; 76 int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth); 77 }; 78 79 static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx); 80 static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx); 81 static void dpp_controller_auth_success(struct dpp_connection *conn, 82 int initiator); 83 static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx); 84 static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx); 85 static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx); 86 87 88 static void dpp_connection_free(struct dpp_connection *conn) 89 { 90 if (conn->sock >= 0) { 91 wpa_printf(MSG_DEBUG, "DPP: Close Controller socket %d", 92 conn->sock); 93 eloop_unregister_sock(conn->sock, EVENT_TYPE_READ); 94 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); 95 close(conn->sock); 96 } 97 eloop_cancel_timeout(dpp_controller_conn_status_result_wait_timeout, 98 conn, NULL); 99 eloop_cancel_timeout(dpp_tcp_build_csr, conn, NULL); 100 eloop_cancel_timeout(dpp_tcp_gas_query_comeback, conn, NULL); 101 eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL); 102 wpabuf_free(conn->msg); 103 wpabuf_free(conn->msg_out); 104 dpp_auth_deinit(conn->auth); 105 os_free(conn->name); 106 os_free(conn); 107 } 108 109 110 static void dpp_connection_remove(struct dpp_connection *conn) 111 { 112 dl_list_del(&conn->list); 113 dpp_connection_free(conn); 114 } 115 116 117 int dpp_relay_add_controller(struct dpp_global *dpp, 118 struct dpp_relay_config *config) 119 { 120 struct dpp_relay_controller *ctrl; 121 122 if (!dpp) 123 return -1; 124 125 ctrl = os_zalloc(sizeof(*ctrl)); 126 if (!ctrl) 127 return -1; 128 dl_list_init(&ctrl->conn); 129 ctrl->global = dpp; 130 os_memcpy(&ctrl->ipaddr, config->ipaddr, sizeof(*config->ipaddr)); 131 os_memcpy(ctrl->pkhash, config->pkhash, SHA256_MAC_LEN); 132 ctrl->msg_ctx = config->msg_ctx; 133 ctrl->cb_ctx = config->cb_ctx; 134 ctrl->tx = config->tx; 135 ctrl->gas_resp_tx = config->gas_resp_tx; 136 dl_list_add(&dpp->controllers, &ctrl->list); 137 return 0; 138 } 139 140 141 static struct dpp_relay_controller * 142 dpp_relay_controller_get(struct dpp_global *dpp, const u8 *pkhash) 143 { 144 struct dpp_relay_controller *ctrl; 145 146 if (!dpp) 147 return NULL; 148 149 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller, 150 list) { 151 if (os_memcmp(pkhash, ctrl->pkhash, SHA256_MAC_LEN) == 0) 152 return ctrl; 153 } 154 155 return NULL; 156 } 157 158 159 static struct dpp_relay_controller * 160 dpp_relay_controller_get_ctx(struct dpp_global *dpp, void *cb_ctx) 161 { 162 struct dpp_relay_controller *ctrl; 163 164 if (!dpp) 165 return NULL; 166 167 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller, 168 list) { 169 if (cb_ctx == ctrl->cb_ctx) 170 return ctrl; 171 } 172 173 return NULL; 174 } 175 176 177 static void dpp_controller_gas_done(struct dpp_connection *conn) 178 { 179 struct dpp_authentication *auth = conn->auth; 180 181 if (auth->waiting_csr) { 182 wpa_printf(MSG_DEBUG, "DPP: Waiting for CSR"); 183 conn->on_tcp_tx_complete_gas_done = 0; 184 return; 185 } 186 187 if (auth->peer_version >= 2 && 188 auth->conf_resp_status == DPP_STATUS_OK) { 189 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result"); 190 auth->waiting_conf_result = 1; 191 return; 192 } 193 194 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT); 195 dpp_connection_remove(conn); 196 } 197 198 199 static int dpp_tcp_send(struct dpp_connection *conn) 200 { 201 int res; 202 203 if (!conn->msg_out) { 204 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); 205 conn->write_eloop = 0; 206 return -1; 207 } 208 res = send(conn->sock, 209 wpabuf_head_u8(conn->msg_out) + conn->msg_out_pos, 210 wpabuf_len(conn->msg_out) - conn->msg_out_pos, 0); 211 if (res < 0) { 212 wpa_printf(MSG_DEBUG, "DPP: Failed to send buffer: %s", 213 strerror(errno)); 214 dpp_connection_remove(conn); 215 return -1; 216 } 217 218 conn->msg_out_pos += res; 219 if (wpabuf_len(conn->msg_out) > conn->msg_out_pos) { 220 wpa_printf(MSG_DEBUG, 221 "DPP: %u/%u bytes of message sent to Controller", 222 (unsigned int) conn->msg_out_pos, 223 (unsigned int) wpabuf_len(conn->msg_out)); 224 if (!conn->write_eloop && 225 eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 226 dpp_conn_tx_ready, conn, NULL) == 0) 227 conn->write_eloop = 1; 228 return 1; 229 } 230 231 wpa_printf(MSG_DEBUG, "DPP: Full message sent over TCP"); 232 wpabuf_free(conn->msg_out); 233 conn->msg_out = NULL; 234 conn->msg_out_pos = 0; 235 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); 236 conn->write_eloop = 0; 237 if (!conn->read_eloop && 238 eloop_register_sock(conn->sock, EVENT_TYPE_READ, 239 dpp_controller_rx, conn, NULL) == 0) 240 conn->read_eloop = 1; 241 if (conn->on_tcp_tx_complete_remove) { 242 dpp_connection_remove(conn); 243 } else if (conn->auth && (conn->ctrl || conn->auth->configurator) && 244 conn->on_tcp_tx_complete_gas_done) { 245 dpp_controller_gas_done(conn); 246 } else if (conn->on_tcp_tx_complete_auth_ok) { 247 conn->on_tcp_tx_complete_auth_ok = 0; 248 dpp_controller_auth_success(conn, 1); 249 } 250 251 return 0; 252 } 253 254 255 static int dpp_tcp_send_msg(struct dpp_connection *conn, 256 const struct wpabuf *msg) 257 { 258 wpabuf_free(conn->msg_out); 259 conn->msg_out_pos = 0; 260 conn->msg_out = wpabuf_alloc(4 + wpabuf_len(msg) - 1); 261 if (!conn->msg_out) 262 return -1; 263 wpabuf_put_be32(conn->msg_out, wpabuf_len(msg) - 1); 264 wpabuf_put_data(conn->msg_out, wpabuf_head_u8(msg) + 1, 265 wpabuf_len(msg) - 1); 266 267 if (dpp_tcp_send(conn) == 1) { 268 if (!conn->write_eloop) { 269 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 270 dpp_conn_tx_ready, 271 conn, NULL) < 0) 272 return -1; 273 conn->write_eloop = 1; 274 } 275 } 276 277 return 0; 278 } 279 280 281 static void dpp_controller_start_gas_client(struct dpp_connection *conn) 282 { 283 struct dpp_authentication *auth = conn->auth; 284 struct wpabuf *buf; 285 const char *dpp_name; 286 287 dpp_name = conn->name ? conn->name : "Test"; 288 buf = dpp_build_conf_req_helper(auth, dpp_name, conn->netrole, NULL, 289 NULL); 290 if (!buf) { 291 wpa_printf(MSG_DEBUG, 292 "DPP: No configuration request data available"); 293 return; 294 } 295 296 dpp_tcp_send_msg(conn, buf); 297 wpabuf_free(buf); 298 } 299 300 301 static void dpp_controller_auth_success(struct dpp_connection *conn, 302 int initiator) 303 { 304 struct dpp_authentication *auth = conn->auth; 305 306 if (!auth) 307 return; 308 309 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded"); 310 wpa_msg(conn->msg_ctx, MSG_INFO, 311 DPP_EVENT_AUTH_SUCCESS "init=%d", initiator); 312 #ifdef CONFIG_TESTING_OPTIONS 313 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) { 314 wpa_printf(MSG_INFO, 315 "DPP: TESTING - stop at Authentication Confirm"); 316 if (auth->configurator) { 317 /* Prevent GAS response */ 318 auth->auth_success = 0; 319 } 320 return; 321 } 322 #endif /* CONFIG_TESTING_OPTIONS */ 323 324 if (!auth->configurator) 325 dpp_controller_start_gas_client(conn); 326 } 327 328 329 static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx) 330 { 331 struct dpp_connection *conn = eloop_ctx; 332 333 wpa_printf(MSG_DEBUG, "DPP: TCP socket %d ready for TX", sock); 334 dpp_tcp_send(conn); 335 } 336 337 338 static int dpp_ipaddr_to_sockaddr(struct sockaddr *addr, socklen_t *addrlen, 339 const struct hostapd_ip_addr *ipaddr, 340 int port) 341 { 342 struct sockaddr_in *dst; 343 #ifdef CONFIG_IPV6 344 struct sockaddr_in6 *dst6; 345 #endif /* CONFIG_IPV6 */ 346 347 switch (ipaddr->af) { 348 case AF_INET: 349 dst = (struct sockaddr_in *) addr; 350 os_memset(dst, 0, sizeof(*dst)); 351 dst->sin_family = AF_INET; 352 dst->sin_addr.s_addr = ipaddr->u.v4.s_addr; 353 dst->sin_port = htons(port); 354 *addrlen = sizeof(*dst); 355 break; 356 #ifdef CONFIG_IPV6 357 case AF_INET6: 358 dst6 = (struct sockaddr_in6 *) addr; 359 os_memset(dst6, 0, sizeof(*dst6)); 360 dst6->sin6_family = AF_INET6; 361 os_memcpy(&dst6->sin6_addr, &ipaddr->u.v6, 362 sizeof(struct in6_addr)); 363 dst6->sin6_port = htons(port); 364 *addrlen = sizeof(*dst6); 365 break; 366 #endif /* CONFIG_IPV6 */ 367 default: 368 return -1; 369 } 370 371 return 0; 372 } 373 374 375 static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx) 376 { 377 struct dpp_connection *conn = eloop_ctx; 378 379 wpa_printf(MSG_DEBUG, 380 "DPP: Timeout while waiting for relayed connection to complete"); 381 dpp_connection_remove(conn); 382 } 383 384 385 static struct dpp_connection * 386 dpp_relay_new_conn(struct dpp_relay_controller *ctrl, const u8 *src, 387 unsigned int freq) 388 { 389 struct dpp_connection *conn; 390 struct sockaddr_storage addr; 391 socklen_t addrlen; 392 char txt[100]; 393 394 if (dl_list_len(&ctrl->conn) >= 15) { 395 wpa_printf(MSG_DEBUG, 396 "DPP: Too many ongoing Relay connections to the Controller - cannot start a new one"); 397 return NULL; 398 } 399 400 if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &addr, &addrlen, 401 &ctrl->ipaddr, DPP_TCP_PORT) < 0) 402 return NULL; 403 404 conn = os_zalloc(sizeof(*conn)); 405 if (!conn) 406 return NULL; 407 408 conn->global = ctrl->global; 409 conn->relay = ctrl; 410 conn->msg_ctx = ctrl->msg_ctx; 411 conn->cb_ctx = ctrl->global->cb_ctx; 412 os_memcpy(conn->mac_addr, src, ETH_ALEN); 413 conn->freq = freq; 414 415 conn->sock = socket(AF_INET, SOCK_STREAM, 0); 416 if (conn->sock < 0) 417 goto fail; 418 wpa_printf(MSG_DEBUG, "DPP: TCP relay socket %d connection to %s", 419 conn->sock, hostapd_ip_txt(&ctrl->ipaddr, txt, sizeof(txt))); 420 421 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 422 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 423 strerror(errno)); 424 goto fail; 425 } 426 427 if (connect(conn->sock, (struct sockaddr *) &addr, addrlen) < 0) { 428 if (errno != EINPROGRESS) { 429 wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s", 430 strerror(errno)); 431 goto fail; 432 } 433 434 /* 435 * Continue connecting in the background; eloop will call us 436 * once the connection is ready (or failed). 437 */ 438 } 439 440 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 441 dpp_conn_tx_ready, conn, NULL) < 0) 442 goto fail; 443 conn->write_eloop = 1; 444 445 eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL); 446 eloop_register_timeout(20, 0, dpp_relay_conn_timeout, conn, NULL); 447 448 dl_list_add(&ctrl->conn, &conn->list); 449 return conn; 450 fail: 451 dpp_connection_free(conn); 452 return NULL; 453 } 454 455 456 static struct wpabuf * dpp_tcp_encaps(const u8 *hdr, const u8 *buf, size_t len) 457 { 458 struct wpabuf *msg; 459 460 msg = wpabuf_alloc(4 + 1 + DPP_HDR_LEN + len); 461 if (!msg) 462 return NULL; 463 wpabuf_put_be32(msg, 1 + DPP_HDR_LEN + len); 464 wpabuf_put_u8(msg, WLAN_PA_VENDOR_SPECIFIC); 465 wpabuf_put_data(msg, hdr, DPP_HDR_LEN); 466 wpabuf_put_data(msg, buf, len); 467 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); 468 return msg; 469 } 470 471 472 static int dpp_relay_tx(struct dpp_connection *conn, const u8 *hdr, 473 const u8 *buf, size_t len) 474 { 475 u8 type = hdr[DPP_HDR_LEN - 1]; 476 477 wpa_printf(MSG_DEBUG, 478 "DPP: Continue already established Relay/Controller connection for this session"); 479 wpabuf_free(conn->msg_out); 480 conn->msg_out_pos = 0; 481 conn->msg_out = dpp_tcp_encaps(hdr, buf, len); 482 if (!conn->msg_out) { 483 dpp_connection_remove(conn); 484 return -1; 485 } 486 487 /* TODO: for proto ver 1, need to do remove connection based on GAS Resp 488 * TX status */ 489 if (type == DPP_PA_CONFIGURATION_RESULT) 490 conn->on_tcp_tx_complete_remove = 1; 491 dpp_tcp_send(conn); 492 return 0; 493 } 494 495 496 int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr, 497 const u8 *buf, size_t len, unsigned int freq, 498 const u8 *i_bootstrap, const u8 *r_bootstrap, 499 void *cb_ctx) 500 { 501 struct dpp_relay_controller *ctrl; 502 struct dpp_connection *conn; 503 u8 type = hdr[DPP_HDR_LEN - 1]; 504 505 /* Check if there is an already started session for this peer and if so, 506 * continue that session (send this over TCP) and return 0. 507 */ 508 if (type != DPP_PA_PEER_DISCOVERY_REQ && 509 type != DPP_PA_PEER_DISCOVERY_RESP && 510 type != DPP_PA_PRESENCE_ANNOUNCEMENT && 511 type != DPP_PA_RECONFIG_ANNOUNCEMENT) { 512 dl_list_for_each(ctrl, &dpp->controllers, 513 struct dpp_relay_controller, list) { 514 dl_list_for_each(conn, &ctrl->conn, 515 struct dpp_connection, list) { 516 if (os_memcmp(src, conn->mac_addr, 517 ETH_ALEN) == 0) 518 return dpp_relay_tx(conn, hdr, buf, len); 519 } 520 } 521 } 522 523 if (type == DPP_PA_PRESENCE_ANNOUNCEMENT || 524 type == DPP_PA_RECONFIG_ANNOUNCEMENT) { 525 /* TODO: Could send this to all configured Controllers. For now, 526 * only the first Controller is supported. */ 527 ctrl = dpp_relay_controller_get_ctx(dpp, cb_ctx); 528 } else { 529 if (!r_bootstrap) 530 return -1; 531 ctrl = dpp_relay_controller_get(dpp, r_bootstrap); 532 } 533 if (!ctrl) 534 return -1; 535 536 wpa_printf(MSG_DEBUG, 537 "DPP: Authentication Request for a configured Controller"); 538 conn = dpp_relay_new_conn(ctrl, src, freq); 539 if (!conn) 540 return -1; 541 542 conn->msg_out = dpp_tcp_encaps(hdr, buf, len); 543 if (!conn->msg_out) { 544 dpp_connection_remove(conn); 545 return -1; 546 } 547 /* Message will be sent in dpp_conn_tx_ready() */ 548 549 return 0; 550 } 551 552 553 int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data, 554 size_t data_len) 555 { 556 struct dpp_relay_controller *ctrl; 557 struct dpp_connection *conn, *found = NULL; 558 struct wpabuf *msg; 559 560 /* Check if there is a successfully completed authentication for this 561 * and if so, continue that session (send this over TCP) and return 0. 562 */ 563 dl_list_for_each(ctrl, &dpp->controllers, 564 struct dpp_relay_controller, list) { 565 if (found) 566 break; 567 dl_list_for_each(conn, &ctrl->conn, 568 struct dpp_connection, list) { 569 if (os_memcmp(src, conn->mac_addr, 570 ETH_ALEN) == 0) { 571 found = conn; 572 break; 573 } 574 } 575 } 576 577 if (!found) 578 return -1; 579 580 msg = wpabuf_alloc(4 + 1 + data_len); 581 if (!msg) 582 return -1; 583 wpabuf_put_be32(msg, 1 + data_len); 584 wpabuf_put_u8(msg, WLAN_PA_GAS_INITIAL_REQ); 585 wpabuf_put_data(msg, data, data_len); 586 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); 587 588 wpabuf_free(conn->msg_out); 589 conn->msg_out_pos = 0; 590 conn->msg_out = msg; 591 dpp_tcp_send(conn); 592 return 0; 593 } 594 595 596 static void dpp_controller_free(struct dpp_controller *ctrl) 597 { 598 struct dpp_connection *conn, *tmp; 599 600 if (!ctrl) 601 return; 602 603 dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection, 604 list) 605 dpp_connection_remove(conn); 606 607 if (ctrl->sock >= 0) { 608 close(ctrl->sock); 609 eloop_unregister_sock(ctrl->sock, EVENT_TYPE_READ); 610 } 611 os_free(ctrl->configurator_params); 612 os_free(ctrl); 613 } 614 615 616 static int dpp_controller_rx_auth_req(struct dpp_connection *conn, 617 const u8 *hdr, const u8 *buf, size_t len) 618 { 619 const u8 *r_bootstrap, *i_bootstrap; 620 u16 r_bootstrap_len, i_bootstrap_len; 621 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL; 622 623 if (!conn->ctrl) 624 return 0; 625 626 wpa_printf(MSG_DEBUG, "DPP: Authentication Request"); 627 628 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 629 &r_bootstrap_len); 630 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { 631 wpa_printf(MSG_INFO, 632 "Missing or invalid required Responder Bootstrapping Key Hash attribute"); 633 return -1; 634 } 635 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 636 r_bootstrap, r_bootstrap_len); 637 638 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, 639 &i_bootstrap_len); 640 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) { 641 wpa_printf(MSG_INFO, 642 "Missing or invalid required Initiator Bootstrapping Key Hash attribute"); 643 return -1; 644 } 645 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash", 646 i_bootstrap, i_bootstrap_len); 647 648 /* Try to find own and peer bootstrapping key matches based on the 649 * received hash values */ 650 dpp_bootstrap_find_pair(conn->ctrl->global, i_bootstrap, r_bootstrap, 651 &own_bi, &peer_bi); 652 if (!own_bi) { 653 wpa_printf(MSG_INFO, 654 "No matching own bootstrapping key found - ignore message"); 655 return -1; 656 } 657 658 if (conn->auth) { 659 wpa_printf(MSG_INFO, 660 "Already in DPP authentication exchange - ignore new one"); 661 return 0; 662 } 663 664 conn->auth = dpp_auth_req_rx(conn->ctrl->global, conn->msg_ctx, 665 conn->ctrl->allowed_roles, 666 conn->ctrl->qr_mutual, 667 peer_bi, own_bi, -1, hdr, buf, len); 668 if (!conn->auth) { 669 wpa_printf(MSG_DEBUG, "DPP: No response generated"); 670 return -1; 671 } 672 673 if (dpp_set_configurator(conn->auth, 674 conn->ctrl->configurator_params) < 0) 675 return -1; 676 677 return dpp_tcp_send_msg(conn, conn->auth->resp_msg); 678 } 679 680 681 static int dpp_controller_rx_auth_resp(struct dpp_connection *conn, 682 const u8 *hdr, const u8 *buf, size_t len) 683 { 684 struct dpp_authentication *auth = conn->auth; 685 struct wpabuf *msg; 686 int res; 687 688 if (!auth) 689 return -1; 690 691 wpa_printf(MSG_DEBUG, "DPP: Authentication Response"); 692 693 msg = dpp_auth_resp_rx(auth, hdr, buf, len); 694 if (!msg) { 695 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) { 696 wpa_printf(MSG_DEBUG, 697 "DPP: Start wait for full response"); 698 return 0; 699 } 700 wpa_printf(MSG_DEBUG, "DPP: No confirm generated"); 701 return -1; 702 } 703 704 conn->on_tcp_tx_complete_auth_ok = 1; 705 res = dpp_tcp_send_msg(conn, msg); 706 wpabuf_free(msg); 707 return res; 708 } 709 710 711 static int dpp_controller_rx_auth_conf(struct dpp_connection *conn, 712 const u8 *hdr, const u8 *buf, size_t len) 713 { 714 struct dpp_authentication *auth = conn->auth; 715 716 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation"); 717 718 if (!auth) { 719 wpa_printf(MSG_DEBUG, 720 "DPP: No DPP Authentication in progress - drop"); 721 return -1; 722 } 723 724 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) { 725 wpa_printf(MSG_DEBUG, "DPP: Authentication failed"); 726 return -1; 727 } 728 729 dpp_controller_auth_success(conn, 0); 730 return 0; 731 } 732 733 734 void dpp_controller_conn_status_result_wait_timeout(void *eloop_ctx, 735 void *timeout_ctx) 736 { 737 struct dpp_connection *conn = eloop_ctx; 738 739 if (!conn->auth->waiting_conf_result) 740 return; 741 742 wpa_printf(MSG_DEBUG, 743 "DPP: Timeout while waiting for Connection Status Result"); 744 wpa_msg(conn->msg_ctx, MSG_INFO, 745 DPP_EVENT_CONN_STATUS_RESULT "timeout"); 746 dpp_connection_remove(conn); 747 } 748 749 750 static int dpp_controller_rx_conf_result(struct dpp_connection *conn, 751 const u8 *hdr, const u8 *buf, 752 size_t len) 753 { 754 struct dpp_authentication *auth = conn->auth; 755 enum dpp_status_error status; 756 void *msg_ctx = conn->msg_ctx; 757 758 if (!conn->ctrl && (!auth || !auth->configurator)) 759 return 0; 760 761 wpa_printf(MSG_DEBUG, "DPP: Configuration Result"); 762 763 if (!auth || !auth->waiting_conf_result) { 764 wpa_printf(MSG_DEBUG, 765 "DPP: No DPP Configuration waiting for result - drop"); 766 return -1; 767 } 768 769 status = dpp_conf_result_rx(auth, hdr, buf, len); 770 if (status == DPP_STATUS_OK && auth->send_conn_status) { 771 wpa_msg(msg_ctx, MSG_INFO, 772 DPP_EVENT_CONF_SENT "wait_conn_status=1"); 773 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result"); 774 eloop_cancel_timeout( 775 dpp_controller_conn_status_result_wait_timeout, 776 conn, NULL); 777 eloop_register_timeout( 778 16, 0, dpp_controller_conn_status_result_wait_timeout, 779 conn, NULL); 780 return 0; 781 } 782 if (status == DPP_STATUS_OK) 783 wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT); 784 else 785 wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED); 786 return -1; /* to remove the completed connection */ 787 } 788 789 790 static int dpp_controller_rx_conn_status_result(struct dpp_connection *conn, 791 const u8 *hdr, const u8 *buf, 792 size_t len) 793 { 794 struct dpp_authentication *auth = conn->auth; 795 enum dpp_status_error status; 796 u8 ssid[SSID_MAX_LEN]; 797 size_t ssid_len = 0; 798 char *channel_list = NULL; 799 800 if (!conn->ctrl) 801 return 0; 802 803 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result"); 804 805 if (!auth || !auth->waiting_conn_status_result) { 806 wpa_printf(MSG_DEBUG, 807 "DPP: No DPP Configuration waiting for connection status result - drop"); 808 return -1; 809 } 810 811 status = dpp_conn_status_result_rx(auth, hdr, buf, len, 812 ssid, &ssid_len, &channel_list); 813 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT 814 "result=%d ssid=%s channel_list=%s", 815 status, wpa_ssid_txt(ssid, ssid_len), 816 channel_list ? channel_list : "N/A"); 817 os_free(channel_list); 818 return -1; /* to remove the completed connection */ 819 } 820 821 822 static int dpp_controller_rx_presence_announcement(struct dpp_connection *conn, 823 const u8 *hdr, const u8 *buf, 824 size_t len) 825 { 826 const u8 *r_bootstrap; 827 u16 r_bootstrap_len; 828 struct dpp_bootstrap_info *peer_bi; 829 struct dpp_authentication *auth; 830 struct dpp_global *dpp = conn->ctrl->global; 831 832 if (conn->auth) { 833 wpa_printf(MSG_DEBUG, 834 "DPP: Ignore Presence Announcement during ongoing Authentication"); 835 return -1; 836 } 837 838 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement"); 839 840 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 841 &r_bootstrap_len); 842 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { 843 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 844 "Missing or invalid required Responder Bootstrapping Key Hash attribute"); 845 return -1; 846 } 847 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 848 r_bootstrap, r_bootstrap_len); 849 peer_bi = dpp_bootstrap_find_chirp(dpp, r_bootstrap); 850 if (!peer_bi) { 851 wpa_printf(MSG_DEBUG, 852 "DPP: No matching bootstrapping information found"); 853 return -1; 854 } 855 856 auth = dpp_auth_init(dpp, conn->msg_ctx, peer_bi, NULL, 857 DPP_CAPAB_CONFIGURATOR, -1, NULL, 0); 858 if (!auth) 859 return -1; 860 if (dpp_set_configurator(auth, conn->ctrl->configurator_params) < 0) { 861 dpp_auth_deinit(auth); 862 return -1; 863 } 864 865 conn->auth = auth; 866 return dpp_tcp_send_msg(conn, conn->auth->req_msg); 867 } 868 869 870 static int dpp_controller_rx_reconfig_announcement(struct dpp_connection *conn, 871 const u8 *hdr, const u8 *buf, 872 size_t len) 873 { 874 const u8 *csign_hash, *fcgroup, *a_nonce, *e_id; 875 u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len; 876 struct dpp_configurator *conf; 877 struct dpp_global *dpp = conn->ctrl->global; 878 struct dpp_authentication *auth; 879 u16 group; 880 881 if (conn->auth) { 882 wpa_printf(MSG_DEBUG, 883 "DPP: Ignore Reconfig Announcement during ongoing Authentication"); 884 return -1; 885 } 886 887 wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement"); 888 889 csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH, 890 &csign_hash_len); 891 if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) { 892 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 893 "Missing or invalid required Configurator C-sign key Hash attribute"); 894 return -1; 895 } 896 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)", 897 csign_hash, csign_hash_len); 898 conf = dpp_configurator_find_kid(dpp, csign_hash); 899 if (!conf) { 900 wpa_printf(MSG_DEBUG, 901 "DPP: No matching Configurator information found"); 902 return -1; 903 } 904 905 fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP, 906 &fcgroup_len); 907 if (!fcgroup || fcgroup_len != 2) { 908 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 909 "Missing or invalid required Finite Cyclic Group attribute"); 910 return -1; 911 } 912 group = WPA_GET_LE16(fcgroup); 913 wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group); 914 915 a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len); 916 e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len); 917 918 auth = dpp_reconfig_init(dpp, conn->msg_ctx, conf, 0, group, 919 a_nonce, a_nonce_len, e_id, e_id_len); 920 if (!auth) 921 return -1; 922 if (dpp_set_configurator(auth, conn->ctrl->configurator_params) < 0) { 923 dpp_auth_deinit(auth); 924 return -1; 925 } 926 927 conn->auth = auth; 928 return dpp_tcp_send_msg(conn, auth->reconfig_req_msg); 929 } 930 931 932 static int dpp_controller_rx_reconfig_auth_resp(struct dpp_connection *conn, 933 const u8 *hdr, const u8 *buf, 934 size_t len) 935 { 936 struct dpp_authentication *auth = conn->auth; 937 struct wpabuf *conf; 938 int res; 939 940 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response"); 941 942 if (!auth || !auth->reconfig || !auth->configurator) { 943 wpa_printf(MSG_DEBUG, 944 "DPP: No DPP Reconfig Authentication in progress - drop"); 945 return -1; 946 } 947 948 conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len); 949 if (!conf) 950 return -1; 951 952 res = dpp_tcp_send_msg(conn, conf); 953 wpabuf_free(conf); 954 return res; 955 } 956 957 958 static int dpp_controller_rx_action(struct dpp_connection *conn, const u8 *msg, 959 size_t len) 960 { 961 const u8 *pos, *end; 962 u8 type; 963 964 wpa_printf(MSG_DEBUG, "DPP: Received DPP Action frame over TCP"); 965 pos = msg; 966 end = msg + len; 967 968 if (end - pos < DPP_HDR_LEN || 969 WPA_GET_BE24(pos) != OUI_WFA || 970 pos[3] != DPP_OUI_TYPE) { 971 wpa_printf(MSG_DEBUG, "DPP: Unrecognized header"); 972 return -1; 973 } 974 975 if (pos[4] != 1) { 976 wpa_printf(MSG_DEBUG, "DPP: Unsupported Crypto Suite %u", 977 pos[4]); 978 return -1; 979 } 980 type = pos[5]; 981 wpa_printf(MSG_DEBUG, "DPP: Received message type %u", type); 982 pos += DPP_HDR_LEN; 983 984 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", 985 pos, end - pos); 986 if (dpp_check_attrs(pos, end - pos) < 0) 987 return -1; 988 989 if (conn->relay) { 990 wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN"); 991 conn->relay->tx(conn->relay->cb_ctx, conn->mac_addr, 992 conn->freq, msg, len); 993 return 0; 994 } 995 996 switch (type) { 997 case DPP_PA_AUTHENTICATION_REQ: 998 return dpp_controller_rx_auth_req(conn, msg, pos, end - pos); 999 case DPP_PA_AUTHENTICATION_RESP: 1000 return dpp_controller_rx_auth_resp(conn, msg, pos, end - pos); 1001 case DPP_PA_AUTHENTICATION_CONF: 1002 return dpp_controller_rx_auth_conf(conn, msg, pos, end - pos); 1003 case DPP_PA_CONFIGURATION_RESULT: 1004 return dpp_controller_rx_conf_result(conn, msg, pos, end - pos); 1005 case DPP_PA_CONNECTION_STATUS_RESULT: 1006 return dpp_controller_rx_conn_status_result(conn, msg, pos, 1007 end - pos); 1008 case DPP_PA_PRESENCE_ANNOUNCEMENT: 1009 return dpp_controller_rx_presence_announcement(conn, msg, pos, 1010 end - pos); 1011 case DPP_PA_RECONFIG_ANNOUNCEMENT: 1012 return dpp_controller_rx_reconfig_announcement(conn, msg, pos, 1013 end - pos); 1014 case DPP_PA_RECONFIG_AUTH_RESP: 1015 return dpp_controller_rx_reconfig_auth_resp(conn, msg, pos, 1016 end - pos); 1017 default: 1018 /* TODO: missing messages types */ 1019 wpa_printf(MSG_DEBUG, 1020 "DPP: Unsupported frame subtype %d", type); 1021 return -1; 1022 } 1023 } 1024 1025 1026 static int dpp_tcp_send_comeback_delay(struct dpp_connection *conn, u8 action) 1027 { 1028 struct wpabuf *buf; 1029 size_t len = 18; 1030 1031 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1032 len++; 1033 1034 buf = wpabuf_alloc(4 + len); 1035 if (!buf) 1036 return -1; 1037 1038 wpabuf_put_be32(buf, len); 1039 1040 wpabuf_put_u8(buf, action); 1041 wpabuf_put_u8(buf, conn->gas_dialog_token); 1042 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); 1043 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1044 wpabuf_put_u8(buf, 0); 1045 wpabuf_put_le16(buf, 500); /* GAS Comeback Delay */ 1046 1047 dpp_write_adv_proto(buf); 1048 wpabuf_put_le16(buf, 0); /* Query Response Length */ 1049 1050 /* Send Config Response over TCP */ 1051 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", buf); 1052 wpabuf_free(conn->msg_out); 1053 conn->msg_out_pos = 0; 1054 conn->msg_out = buf; 1055 dpp_tcp_send(conn); 1056 return 0; 1057 } 1058 1059 1060 static int dpp_tcp_send_gas_resp(struct dpp_connection *conn, u8 action, 1061 struct wpabuf *resp) 1062 { 1063 struct wpabuf *buf; 1064 size_t len; 1065 1066 if (!resp) 1067 return -1; 1068 1069 len = 18 + wpabuf_len(resp); 1070 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1071 len++; 1072 1073 buf = wpabuf_alloc(4 + len); 1074 if (!buf) { 1075 wpabuf_free(resp); 1076 return -1; 1077 } 1078 1079 wpabuf_put_be32(buf, len); 1080 1081 wpabuf_put_u8(buf, action); 1082 wpabuf_put_u8(buf, conn->gas_dialog_token); 1083 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); 1084 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1085 wpabuf_put_u8(buf, 0); 1086 wpabuf_put_le16(buf, 0); /* GAS Comeback Delay */ 1087 1088 dpp_write_adv_proto(buf); 1089 dpp_write_gas_query(buf, resp); 1090 wpabuf_free(resp); 1091 1092 /* Send Config Response over TCP; GAS fragmentation is taken care of by 1093 * the Relay */ 1094 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", buf); 1095 wpabuf_free(conn->msg_out); 1096 conn->msg_out_pos = 0; 1097 conn->msg_out = buf; 1098 conn->on_tcp_tx_complete_gas_done = 1; 1099 dpp_tcp_send(conn); 1100 return 0; 1101 } 1102 1103 1104 static int dpp_controller_rx_gas_req(struct dpp_connection *conn, const u8 *msg, 1105 size_t len) 1106 { 1107 const u8 *pos, *end, *next; 1108 const u8 *adv_proto; 1109 u16 slen; 1110 struct wpabuf *resp; 1111 struct dpp_authentication *auth = conn->auth; 1112 1113 if (len < 1 + 2) 1114 return -1; 1115 1116 wpa_printf(MSG_DEBUG, 1117 "DPP: Received DPP Configuration Request over TCP"); 1118 1119 if (!auth || (!conn->ctrl && !auth->configurator) || 1120 (!auth->auth_success && !auth->reconfig_success)) { 1121 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 1122 return -1; 1123 } 1124 1125 pos = msg; 1126 end = msg + len; 1127 1128 conn->gas_dialog_token = *pos++; 1129 adv_proto = pos++; 1130 slen = *pos++; 1131 if (*adv_proto != WLAN_EID_ADV_PROTO || 1132 slen > end - pos || slen < 2) 1133 return -1; 1134 1135 next = pos + slen; 1136 pos++; /* skip QueryRespLenLimit and PAME-BI */ 1137 1138 if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC || 1139 pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA || 1140 pos[5] != DPP_OUI_TYPE || pos[6] != 0x01) 1141 return -1; 1142 1143 pos = next; 1144 /* Query Request */ 1145 if (end - pos < 2) 1146 return -1; 1147 slen = WPA_GET_LE16(pos); 1148 pos += 2; 1149 if (slen > end - pos) 1150 return -1; 1151 1152 resp = dpp_conf_req_rx(auth, pos, slen); 1153 if (!resp && auth->waiting_cert) { 1154 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready"); 1155 conn->gas_comeback_in_progress = 1; 1156 return dpp_tcp_send_comeback_delay(conn, 1157 WLAN_PA_GAS_INITIAL_RESP); 1158 } 1159 1160 return dpp_tcp_send_gas_resp(conn, WLAN_PA_GAS_INITIAL_RESP, resp); 1161 } 1162 1163 1164 static int dpp_controller_rx_gas_comeback_req(struct dpp_connection *conn, 1165 const u8 *msg, size_t len) 1166 { 1167 u8 dialog_token; 1168 struct dpp_authentication *auth = conn->auth; 1169 struct wpabuf *resp; 1170 1171 if (len < 1) 1172 return -1; 1173 1174 wpa_printf(MSG_DEBUG, 1175 "DPP: Received DPP Configuration Request over TCP (comeback)"); 1176 1177 if (!auth || (!conn->ctrl && !auth->configurator) || 1178 (!auth->auth_success && !auth->reconfig_success) || 1179 !conn->gas_comeback_in_progress) { 1180 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 1181 return -1; 1182 } 1183 1184 dialog_token = msg[0]; 1185 if (dialog_token != conn->gas_dialog_token) { 1186 wpa_printf(MSG_DEBUG, "DPP: Dialog token mismatch (%u != %u)", 1187 dialog_token, conn->gas_dialog_token); 1188 return -1; 1189 } 1190 1191 if (!auth->conf_resp_tcp) { 1192 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready"); 1193 return dpp_tcp_send_comeback_delay(conn, 1194 WLAN_PA_GAS_COMEBACK_RESP); 1195 } 1196 1197 wpa_printf(MSG_DEBUG, 1198 "DPP: Configuration response is ready to be sent out"); 1199 resp = auth->conf_resp_tcp; 1200 auth->conf_resp_tcp = NULL; 1201 return dpp_tcp_send_gas_resp(conn, WLAN_PA_GAS_COMEBACK_RESP, resp); 1202 } 1203 1204 1205 static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx) 1206 { 1207 struct dpp_connection *conn = eloop_ctx; 1208 struct dpp_authentication *auth = conn->auth; 1209 1210 if (!auth || !auth->csrattrs) 1211 return; 1212 1213 wpa_printf(MSG_DEBUG, "DPP: Build CSR"); 1214 wpabuf_free(auth->csr); 1215 /* TODO: Additional information needed for CSR based on csrAttrs */ 1216 auth->csr = dpp_build_csr(auth, conn->name ? conn->name : "Test"); 1217 if (!auth->csr) { 1218 dpp_connection_remove(conn); 1219 return; 1220 } 1221 1222 dpp_controller_start_gas_client(conn); 1223 } 1224 1225 1226 static int dpp_tcp_rx_gas_resp(struct dpp_connection *conn, struct wpabuf *resp) 1227 { 1228 struct dpp_authentication *auth = conn->auth; 1229 int res; 1230 struct wpabuf *msg; 1231 enum dpp_status_error status; 1232 1233 wpa_printf(MSG_DEBUG, 1234 "DPP: Configuration Response for local stack from TCP"); 1235 1236 if (auth) 1237 res = dpp_conf_resp_rx(auth, resp); 1238 else 1239 res = -1; 1240 wpabuf_free(resp); 1241 if (res == -2) { 1242 wpa_printf(MSG_DEBUG, "DPP: CSR needed"); 1243 eloop_register_timeout(0, 0, dpp_tcp_build_csr, conn, NULL); 1244 return 0; 1245 } 1246 if (res < 0) { 1247 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed"); 1248 return -1; 1249 } 1250 1251 if (conn->process_conf_obj) 1252 res = conn->process_conf_obj(conn->cb_ctx, auth); 1253 else 1254 res = 0; 1255 1256 if (auth->peer_version < 2 || auth->conf_resp_status != DPP_STATUS_OK) 1257 return -1; 1258 1259 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result"); 1260 status = res < 0 ? DPP_STATUS_CONFIG_REJECTED : DPP_STATUS_OK; 1261 msg = dpp_build_conf_result(auth, status); 1262 if (!msg) 1263 return -1; 1264 1265 conn->on_tcp_tx_complete_remove = 1; 1266 res = dpp_tcp_send_msg(conn, msg); 1267 wpabuf_free(msg); 1268 1269 /* This exchange will be terminated in the TX status handler */ 1270 1271 return res; 1272 } 1273 1274 1275 static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx) 1276 { 1277 struct dpp_connection *conn = eloop_ctx; 1278 struct dpp_authentication *auth = conn->auth; 1279 struct wpabuf *msg; 1280 1281 if (!auth) 1282 return; 1283 1284 wpa_printf(MSG_DEBUG, "DPP: Send GAS Comeback Request"); 1285 msg = wpabuf_alloc(4 + 2); 1286 if (!msg) 1287 return; 1288 wpabuf_put_be32(msg, 2); 1289 wpabuf_put_u8(msg, WLAN_PA_GAS_COMEBACK_REQ); 1290 wpabuf_put_u8(msg, conn->gas_dialog_token); 1291 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); 1292 1293 wpabuf_free(conn->msg_out); 1294 conn->msg_out_pos = 0; 1295 conn->msg_out = msg; 1296 dpp_tcp_send(conn); 1297 } 1298 1299 1300 static int dpp_rx_gas_resp(struct dpp_connection *conn, const u8 *msg, 1301 size_t len, bool comeback) 1302 { 1303 struct wpabuf *buf; 1304 u8 dialog_token; 1305 const u8 *pos, *end, *next, *adv_proto; 1306 u16 status, slen, comeback_delay; 1307 1308 if (len < (size_t) (5 + 2 + (comeback ? 1 : 0))) 1309 return -1; 1310 1311 wpa_printf(MSG_DEBUG, 1312 "DPP: Received DPP Configuration Response over TCP"); 1313 1314 pos = msg; 1315 end = msg + len; 1316 1317 dialog_token = *pos++; 1318 status = WPA_GET_LE16(pos); 1319 if (status != WLAN_STATUS_SUCCESS) { 1320 wpa_printf(MSG_DEBUG, "DPP: Unexpected Status Code %u", status); 1321 return -1; 1322 } 1323 pos += 2; 1324 if (comeback) 1325 pos++; /* ignore Fragment ID */ 1326 comeback_delay = WPA_GET_LE16(pos); 1327 pos += 2; 1328 1329 adv_proto = pos++; 1330 slen = *pos++; 1331 if (*adv_proto != WLAN_EID_ADV_PROTO || 1332 slen > end - pos || slen < 2) 1333 return -1; 1334 1335 next = pos + slen; 1336 pos++; /* skip QueryRespLenLimit and PAME-BI */ 1337 1338 if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC || 1339 pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA || 1340 pos[5] != DPP_OUI_TYPE || pos[6] != 0x01) 1341 return -1; 1342 1343 pos = next; 1344 /* Query Response */ 1345 if (end - pos < 2) 1346 return -1; 1347 slen = WPA_GET_LE16(pos); 1348 pos += 2; 1349 if (slen > end - pos) 1350 return -1; 1351 1352 if (comeback_delay) { 1353 unsigned int secs, usecs; 1354 1355 conn->gas_dialog_token = dialog_token; 1356 secs = (comeback_delay * 1024) / 1000000; 1357 usecs = comeback_delay * 1024 - secs * 1000000; 1358 wpa_printf(MSG_DEBUG, "DPP: Comeback delay: %u", 1359 comeback_delay); 1360 eloop_cancel_timeout(dpp_tcp_gas_query_comeback, conn, NULL); 1361 eloop_register_timeout(secs, usecs, dpp_tcp_gas_query_comeback, 1362 conn, NULL); 1363 return 0; 1364 } 1365 1366 buf = wpabuf_alloc(slen); 1367 if (!buf) 1368 return -1; 1369 wpabuf_put_data(buf, pos, slen); 1370 1371 if (!conn->relay && 1372 (!conn->ctrl || (conn->ctrl->allowed_roles & DPP_CAPAB_ENROLLEE))) 1373 return dpp_tcp_rx_gas_resp(conn, buf); 1374 1375 if (!conn->relay) { 1376 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 1377 wpabuf_free(buf); 1378 return -1; 1379 } 1380 wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN"); 1381 conn->relay->gas_resp_tx(conn->relay->cb_ctx, conn->mac_addr, 1382 dialog_token, 0, buf); 1383 1384 return 0; 1385 } 1386 1387 1388 static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx) 1389 { 1390 struct dpp_connection *conn = eloop_ctx; 1391 int res; 1392 const u8 *pos; 1393 1394 wpa_printf(MSG_DEBUG, "DPP: TCP data available for reading (sock %d)", 1395 sd); 1396 1397 if (conn->msg_len_octets < 4) { 1398 u32 msglen; 1399 1400 res = recv(sd, &conn->msg_len[conn->msg_len_octets], 1401 4 - conn->msg_len_octets, 0); 1402 if (res < 0) { 1403 wpa_printf(MSG_DEBUG, "DPP: recv failed: %s", 1404 strerror(errno)); 1405 dpp_connection_remove(conn); 1406 return; 1407 } 1408 if (res == 0) { 1409 wpa_printf(MSG_DEBUG, 1410 "DPP: No more data available over TCP"); 1411 dpp_connection_remove(conn); 1412 return; 1413 } 1414 wpa_printf(MSG_DEBUG, 1415 "DPP: Received %d/%d octet(s) of message length field", 1416 res, (int) (4 - conn->msg_len_octets)); 1417 conn->msg_len_octets += res; 1418 1419 if (conn->msg_len_octets < 4) { 1420 wpa_printf(MSG_DEBUG, 1421 "DPP: Need %d more octets of message length field", 1422 (int) (4 - conn->msg_len_octets)); 1423 return; 1424 } 1425 1426 msglen = WPA_GET_BE32(conn->msg_len); 1427 wpa_printf(MSG_DEBUG, "DPP: Message length: %u", msglen); 1428 if (msglen > 65535) { 1429 wpa_printf(MSG_INFO, "DPP: Unexpectedly long message"); 1430 dpp_connection_remove(conn); 1431 return; 1432 } 1433 1434 wpabuf_free(conn->msg); 1435 conn->msg = wpabuf_alloc(msglen); 1436 } 1437 1438 if (!conn->msg) { 1439 wpa_printf(MSG_DEBUG, 1440 "DPP: No buffer available for receiving the message"); 1441 dpp_connection_remove(conn); 1442 return; 1443 } 1444 1445 wpa_printf(MSG_DEBUG, "DPP: Need %u more octets of message payload", 1446 (unsigned int) wpabuf_tailroom(conn->msg)); 1447 1448 res = recv(sd, wpabuf_put(conn->msg, 0), wpabuf_tailroom(conn->msg), 0); 1449 if (res < 0) { 1450 wpa_printf(MSG_DEBUG, "DPP: recv failed: %s", strerror(errno)); 1451 dpp_connection_remove(conn); 1452 return; 1453 } 1454 if (res == 0) { 1455 wpa_printf(MSG_DEBUG, "DPP: No more data available over TCP"); 1456 dpp_connection_remove(conn); 1457 return; 1458 } 1459 wpa_printf(MSG_DEBUG, "DPP: Received %d octets", res); 1460 wpabuf_put(conn->msg, res); 1461 1462 if (wpabuf_tailroom(conn->msg) > 0) { 1463 wpa_printf(MSG_DEBUG, 1464 "DPP: Need %u more octets of message payload", 1465 (unsigned int) wpabuf_tailroom(conn->msg)); 1466 return; 1467 } 1468 1469 conn->msg_len_octets = 0; 1470 wpa_hexdump_buf(MSG_DEBUG, "DPP: Received TCP message", conn->msg); 1471 if (wpabuf_len(conn->msg) < 1) { 1472 dpp_connection_remove(conn); 1473 return; 1474 } 1475 1476 pos = wpabuf_head(conn->msg); 1477 switch (*pos) { 1478 case WLAN_PA_VENDOR_SPECIFIC: 1479 if (dpp_controller_rx_action(conn, pos + 1, 1480 wpabuf_len(conn->msg) - 1) < 0) 1481 dpp_connection_remove(conn); 1482 break; 1483 case WLAN_PA_GAS_INITIAL_REQ: 1484 if (dpp_controller_rx_gas_req(conn, pos + 1, 1485 wpabuf_len(conn->msg) - 1) < 0) 1486 dpp_connection_remove(conn); 1487 break; 1488 case WLAN_PA_GAS_INITIAL_RESP: 1489 case WLAN_PA_GAS_COMEBACK_RESP: 1490 if (dpp_rx_gas_resp(conn, pos + 1, 1491 wpabuf_len(conn->msg) - 1, 1492 *pos == WLAN_PA_GAS_COMEBACK_RESP) < 0) 1493 dpp_connection_remove(conn); 1494 break; 1495 case WLAN_PA_GAS_COMEBACK_REQ: 1496 if (dpp_controller_rx_gas_comeback_req( 1497 conn, pos + 1, wpabuf_len(conn->msg) - 1) < 0) 1498 dpp_connection_remove(conn); 1499 break; 1500 default: 1501 wpa_printf(MSG_DEBUG, "DPP: Ignore unsupported message type %u", 1502 *pos); 1503 break; 1504 } 1505 } 1506 1507 1508 static void dpp_controller_tcp_cb(int sd, void *eloop_ctx, void *sock_ctx) 1509 { 1510 struct dpp_controller *ctrl = eloop_ctx; 1511 struct sockaddr_in addr; 1512 socklen_t addr_len = sizeof(addr); 1513 int fd; 1514 struct dpp_connection *conn; 1515 1516 wpa_printf(MSG_DEBUG, "DPP: New TCP connection"); 1517 1518 fd = accept(ctrl->sock, (struct sockaddr *) &addr, &addr_len); 1519 if (fd < 0) { 1520 wpa_printf(MSG_DEBUG, 1521 "DPP: Failed to accept new connection: %s", 1522 strerror(errno)); 1523 return; 1524 } 1525 wpa_printf(MSG_DEBUG, "DPP: Connection from %s:%d", 1526 inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); 1527 1528 conn = os_zalloc(sizeof(*conn)); 1529 if (!conn) 1530 goto fail; 1531 1532 conn->global = ctrl->global; 1533 conn->ctrl = ctrl; 1534 conn->msg_ctx = ctrl->msg_ctx; 1535 conn->cb_ctx = ctrl->cb_ctx; 1536 conn->process_conf_obj = ctrl->process_conf_obj; 1537 conn->sock = fd; 1538 conn->netrole = ctrl->netrole; 1539 1540 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 1541 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 1542 strerror(errno)); 1543 goto fail; 1544 } 1545 1546 if (eloop_register_sock(conn->sock, EVENT_TYPE_READ, 1547 dpp_controller_rx, conn, NULL) < 0) 1548 goto fail; 1549 conn->read_eloop = 1; 1550 1551 /* TODO: eloop timeout to expire connections that do not complete in 1552 * reasonable time */ 1553 dl_list_add(&ctrl->conn, &conn->list); 1554 return; 1555 1556 fail: 1557 close(fd); 1558 os_free(conn); 1559 } 1560 1561 1562 int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth, 1563 const struct hostapd_ip_addr *addr, int port, const char *name, 1564 enum dpp_netrole netrole, void *msg_ctx, void *cb_ctx, 1565 int (*process_conf_obj)(void *ctx, 1566 struct dpp_authentication *auth)) 1567 { 1568 struct dpp_connection *conn; 1569 struct sockaddr_storage saddr; 1570 socklen_t addrlen; 1571 const u8 *hdr, *pos, *end; 1572 char txt[100]; 1573 1574 wpa_printf(MSG_DEBUG, "DPP: Initialize TCP connection to %s port %d", 1575 hostapd_ip_txt(addr, txt, sizeof(txt)), port); 1576 if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &saddr, &addrlen, 1577 addr, port) < 0) { 1578 dpp_auth_deinit(auth); 1579 return -1; 1580 } 1581 1582 conn = os_zalloc(sizeof(*conn)); 1583 if (!conn) { 1584 dpp_auth_deinit(auth); 1585 return -1; 1586 } 1587 1588 conn->msg_ctx = msg_ctx; 1589 conn->cb_ctx = cb_ctx; 1590 conn->process_conf_obj = process_conf_obj; 1591 conn->name = os_strdup(name ? name : "Test"); 1592 conn->netrole = netrole; 1593 conn->global = dpp; 1594 conn->auth = auth; 1595 conn->sock = socket(AF_INET, SOCK_STREAM, 0); 1596 if (conn->sock < 0) 1597 goto fail; 1598 1599 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 1600 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 1601 strerror(errno)); 1602 goto fail; 1603 } 1604 1605 if (connect(conn->sock, (struct sockaddr *) &saddr, addrlen) < 0) { 1606 if (errno != EINPROGRESS) { 1607 wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s", 1608 strerror(errno)); 1609 goto fail; 1610 } 1611 1612 /* 1613 * Continue connecting in the background; eloop will call us 1614 * once the connection is ready (or failed). 1615 */ 1616 } 1617 1618 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 1619 dpp_conn_tx_ready, conn, NULL) < 0) 1620 goto fail; 1621 conn->write_eloop = 1; 1622 1623 hdr = wpabuf_head(auth->req_msg); 1624 end = hdr + wpabuf_len(auth->req_msg); 1625 hdr += 2; /* skip Category and Actiom */ 1626 pos = hdr + DPP_HDR_LEN; 1627 conn->msg_out = dpp_tcp_encaps(hdr, pos, end - pos); 1628 if (!conn->msg_out) 1629 goto fail; 1630 /* Message will be sent in dpp_conn_tx_ready() */ 1631 1632 /* TODO: eloop timeout to clear a connection if it does not complete 1633 * properly */ 1634 dl_list_add(&dpp->tcp_init, &conn->list); 1635 return 0; 1636 fail: 1637 dpp_connection_free(conn); 1638 return -1; 1639 } 1640 1641 1642 int dpp_controller_start(struct dpp_global *dpp, 1643 struct dpp_controller_config *config) 1644 { 1645 struct dpp_controller *ctrl; 1646 int on = 1; 1647 struct sockaddr_in sin; 1648 int port; 1649 1650 if (!dpp || dpp->controller) 1651 return -1; 1652 1653 ctrl = os_zalloc(sizeof(*ctrl)); 1654 if (!ctrl) 1655 return -1; 1656 ctrl->global = dpp; 1657 if (config->configurator_params) 1658 ctrl->configurator_params = 1659 os_strdup(config->configurator_params); 1660 dl_list_init(&ctrl->conn); 1661 ctrl->allowed_roles = config->allowed_roles; 1662 ctrl->qr_mutual = config->qr_mutual; 1663 ctrl->netrole = config->netrole; 1664 ctrl->msg_ctx = config->msg_ctx; 1665 ctrl->cb_ctx = config->cb_ctx; 1666 ctrl->process_conf_obj = config->process_conf_obj; 1667 1668 ctrl->sock = socket(AF_INET, SOCK_STREAM, 0); 1669 if (ctrl->sock < 0) 1670 goto fail; 1671 1672 if (setsockopt(ctrl->sock, SOL_SOCKET, SO_REUSEADDR, 1673 &on, sizeof(on)) < 0) { 1674 wpa_printf(MSG_DEBUG, 1675 "DPP: setsockopt(SO_REUSEADDR) failed: %s", 1676 strerror(errno)); 1677 /* try to continue anyway */ 1678 } 1679 1680 if (fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0) { 1681 wpa_printf(MSG_INFO, "DPP: fnctl(O_NONBLOCK) failed: %s", 1682 strerror(errno)); 1683 goto fail; 1684 } 1685 1686 /* TODO: IPv6 */ 1687 os_memset(&sin, 0, sizeof(sin)); 1688 sin.sin_family = AF_INET; 1689 sin.sin_addr.s_addr = INADDR_ANY; 1690 port = config->tcp_port ? config->tcp_port : DPP_TCP_PORT; 1691 sin.sin_port = htons(port); 1692 if (bind(ctrl->sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) { 1693 wpa_printf(MSG_INFO, 1694 "DPP: Failed to bind Controller TCP port: %s", 1695 strerror(errno)); 1696 goto fail; 1697 } 1698 if (listen(ctrl->sock, 10 /* max backlog */) < 0 || 1699 fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0 || 1700 eloop_register_sock(ctrl->sock, EVENT_TYPE_READ, 1701 dpp_controller_tcp_cb, ctrl, NULL)) 1702 goto fail; 1703 1704 dpp->controller = ctrl; 1705 wpa_printf(MSG_DEBUG, "DPP: Controller started on TCP port %d", port); 1706 return 0; 1707 fail: 1708 dpp_controller_free(ctrl); 1709 return -1; 1710 } 1711 1712 1713 void dpp_controller_stop(struct dpp_global *dpp) 1714 { 1715 if (dpp) { 1716 dpp_controller_free(dpp->controller); 1717 dpp->controller = NULL; 1718 } 1719 } 1720 1721 1722 void dpp_controller_stop_for_ctx(struct dpp_global *dpp, void *cb_ctx) 1723 { 1724 if (dpp && dpp->controller && dpp->controller->cb_ctx == cb_ctx) 1725 dpp_controller_stop(dpp); 1726 } 1727 1728 1729 static bool dpp_tcp_peer_id_match(struct dpp_authentication *auth, 1730 unsigned int id) 1731 { 1732 return auth && 1733 ((auth->peer_bi && auth->peer_bi->id == id) || 1734 (auth->tmp_peer_bi && auth->tmp_peer_bi->id == id)); 1735 } 1736 1737 1738 static struct dpp_authentication * dpp_tcp_get_auth(struct dpp_global *dpp, 1739 unsigned int id) 1740 { 1741 struct dpp_connection *conn; 1742 1743 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) { 1744 if (dpp_tcp_peer_id_match(conn->auth, id)) 1745 return conn->auth; 1746 } 1747 1748 return NULL; 1749 } 1750 1751 1752 struct dpp_authentication * dpp_controller_get_auth(struct dpp_global *dpp, 1753 unsigned int id) 1754 { 1755 struct dpp_controller *ctrl = dpp->controller; 1756 struct dpp_connection *conn; 1757 1758 if (!ctrl) 1759 return dpp_tcp_get_auth(dpp, id); 1760 1761 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) { 1762 if (dpp_tcp_peer_id_match(conn->auth, id)) 1763 return conn->auth; 1764 } 1765 1766 return dpp_tcp_get_auth(dpp, id); 1767 } 1768 1769 1770 void dpp_controller_new_qr_code(struct dpp_global *dpp, 1771 struct dpp_bootstrap_info *bi) 1772 { 1773 struct dpp_controller *ctrl = dpp->controller; 1774 struct dpp_connection *conn; 1775 1776 if (!ctrl) 1777 return; 1778 1779 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) { 1780 struct dpp_authentication *auth = conn->auth; 1781 1782 if (!auth->response_pending || 1783 dpp_notify_new_qr_code(auth, bi) != 1) 1784 continue; 1785 wpa_printf(MSG_DEBUG, 1786 "DPP: Sending out pending authentication response"); 1787 dpp_tcp_send_msg(conn, conn->auth->resp_msg); 1788 } 1789 } 1790 1791 1792 void dpp_tcp_init_flush(struct dpp_global *dpp) 1793 { 1794 struct dpp_connection *conn, *tmp; 1795 1796 dl_list_for_each_safe(conn, tmp, &dpp->tcp_init, struct dpp_connection, 1797 list) 1798 dpp_connection_remove(conn); 1799 } 1800 1801 1802 static void dpp_relay_controller_free(struct dpp_relay_controller *ctrl) 1803 { 1804 struct dpp_connection *conn, *tmp; 1805 1806 dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection, 1807 list) 1808 dpp_connection_remove(conn); 1809 os_free(ctrl); 1810 } 1811 1812 1813 void dpp_relay_flush_controllers(struct dpp_global *dpp) 1814 { 1815 struct dpp_relay_controller *ctrl, *tmp; 1816 1817 if (!dpp) 1818 return; 1819 1820 dl_list_for_each_safe(ctrl, tmp, &dpp->controllers, 1821 struct dpp_relay_controller, list) { 1822 dl_list_del(&ctrl->list); 1823 dpp_relay_controller_free(ctrl); 1824 } 1825 } 1826 1827 #endif /* CONFIG_DPP2 */ 1828