xref: /freebsd/contrib/wpa/src/wps/wps.c (revision 8d59ecb214f7e078e57d35b865f33efc5d7cdf4d)
1 /*
2  * Wi-Fi Protected Setup
3  * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto/dh_group5.h"
13 #include "common/ieee802_11_defs.h"
14 #include "wps_i.h"
15 #include "wps_dev_attr.h"
16 
17 
18 #ifdef CONFIG_WPS_TESTING
19 int wps_version_number = 0x20;
20 int wps_testing_dummy_cred = 0;
21 int wps_corrupt_pkhash = 0;
22 #endif /* CONFIG_WPS_TESTING */
23 
24 
25 /**
26  * wps_init - Initialize WPS Registration protocol data
27  * @cfg: WPS configuration
28  * Returns: Pointer to allocated data or %NULL on failure
29  *
30  * This function is used to initialize WPS data for a registration protocol
31  * instance (i.e., each run of registration protocol as a Registrar of
32  * Enrollee. The caller is responsible for freeing this data after the
33  * registration run has been completed by calling wps_deinit().
34  */
35 struct wps_data * wps_init(const struct wps_config *cfg)
36 {
37 	struct wps_data *data = os_zalloc(sizeof(*data));
38 	if (data == NULL)
39 		return NULL;
40 	data->wps = cfg->wps;
41 	data->registrar = cfg->registrar;
42 	if (cfg->registrar) {
43 		os_memcpy(data->uuid_r, cfg->wps->uuid, WPS_UUID_LEN);
44 	} else {
45 		os_memcpy(data->mac_addr_e, cfg->wps->dev.mac_addr, ETH_ALEN);
46 		os_memcpy(data->uuid_e, cfg->wps->uuid, WPS_UUID_LEN);
47 	}
48 	if (cfg->pin) {
49 		data->dev_pw_id = cfg->dev_pw_id;
50 		data->dev_password = os_malloc(cfg->pin_len);
51 		if (data->dev_password == NULL) {
52 			os_free(data);
53 			return NULL;
54 		}
55 		os_memcpy(data->dev_password, cfg->pin, cfg->pin_len);
56 		data->dev_password_len = cfg->pin_len;
57 		wpa_hexdump_key(MSG_DEBUG, "WPS: AP PIN dev_password",
58 				data->dev_password, data->dev_password_len);
59 	}
60 
61 #ifdef CONFIG_WPS_NFC
62 	if (cfg->pin == NULL &&
63 	    cfg->dev_pw_id == DEV_PW_NFC_CONNECTION_HANDOVER)
64 		data->dev_pw_id = cfg->dev_pw_id;
65 
66 	if (cfg->wps->ap && !cfg->registrar && cfg->wps->ap_nfc_dev_pw_id) {
67 		/* Keep AP PIN as alternative Device Password */
68 		data->alt_dev_pw_id = data->dev_pw_id;
69 		data->alt_dev_password = data->dev_password;
70 		data->alt_dev_password_len = data->dev_password_len;
71 
72 		data->dev_pw_id = cfg->wps->ap_nfc_dev_pw_id;
73 		data->dev_password =
74 			os_malloc(wpabuf_len(cfg->wps->ap_nfc_dev_pw));
75 		if (data->dev_password == NULL) {
76 			os_free(data);
77 			return NULL;
78 		}
79 		os_memcpy(data->dev_password,
80 			  wpabuf_head(cfg->wps->ap_nfc_dev_pw),
81 			  wpabuf_len(cfg->wps->ap_nfc_dev_pw));
82 		data->dev_password_len = wpabuf_len(cfg->wps->ap_nfc_dev_pw);
83 		wpa_hexdump_key(MSG_DEBUG, "WPS: NFC dev_password",
84 			    data->dev_password, data->dev_password_len);
85 	}
86 #endif /* CONFIG_WPS_NFC */
87 
88 	data->pbc = cfg->pbc;
89 	if (cfg->pbc) {
90 		/* Use special PIN '00000000' for PBC */
91 		data->dev_pw_id = DEV_PW_PUSHBUTTON;
92 		bin_clear_free(data->dev_password, data->dev_password_len);
93 		data->dev_password = (u8 *) os_strdup("00000000");
94 		if (data->dev_password == NULL) {
95 			os_free(data);
96 			return NULL;
97 		}
98 		data->dev_password_len = 8;
99 	}
100 
101 	data->state = data->registrar ? RECV_M1 : SEND_M1;
102 
103 	if (cfg->assoc_wps_ie) {
104 		struct wps_parse_attr attr;
105 		wpa_hexdump_buf(MSG_DEBUG, "WPS: WPS IE from (Re)AssocReq",
106 				cfg->assoc_wps_ie);
107 		if (wps_parse_msg(cfg->assoc_wps_ie, &attr) < 0) {
108 			wpa_printf(MSG_DEBUG, "WPS: Failed to parse WPS IE "
109 				   "from (Re)AssocReq");
110 		} else if (attr.request_type == NULL) {
111 			wpa_printf(MSG_DEBUG, "WPS: No Request Type attribute "
112 				   "in (Re)AssocReq WPS IE");
113 		} else {
114 			wpa_printf(MSG_DEBUG, "WPS: Request Type (from WPS IE "
115 				   "in (Re)AssocReq WPS IE): %d",
116 				   *attr.request_type);
117 			data->request_type = *attr.request_type;
118 		}
119 	}
120 
121 	if (cfg->new_ap_settings) {
122 		data->new_ap_settings =
123 			os_malloc(sizeof(*data->new_ap_settings));
124 		if (data->new_ap_settings == NULL) {
125 			bin_clear_free(data->dev_password,
126 				       data->dev_password_len);
127 			os_free(data);
128 			return NULL;
129 		}
130 		os_memcpy(data->new_ap_settings, cfg->new_ap_settings,
131 			  sizeof(*data->new_ap_settings));
132 	}
133 
134 	if (cfg->peer_addr)
135 		os_memcpy(data->peer_dev.mac_addr, cfg->peer_addr, ETH_ALEN);
136 	if (cfg->p2p_dev_addr)
137 		os_memcpy(data->p2p_dev_addr, cfg->p2p_dev_addr, ETH_ALEN);
138 
139 	data->use_psk_key = cfg->use_psk_key;
140 	data->pbc_in_m1 = cfg->pbc_in_m1;
141 
142 	if (cfg->peer_pubkey_hash) {
143 		os_memcpy(data->peer_pubkey_hash, cfg->peer_pubkey_hash,
144 			  WPS_OOB_PUBKEY_HASH_LEN);
145 		data->peer_pubkey_hash_set = 1;
146 	}
147 
148 	return data;
149 }
150 
151 
152 /**
153  * wps_deinit - Deinitialize WPS Registration protocol data
154  * @data: WPS Registration protocol data from wps_init()
155  */
156 void wps_deinit(struct wps_data *data)
157 {
158 #ifdef CONFIG_WPS_NFC
159 	if (data->registrar && data->nfc_pw_token)
160 		wps_registrar_remove_nfc_pw_token(data->wps->registrar,
161 						  data->nfc_pw_token);
162 #endif /* CONFIG_WPS_NFC */
163 
164 	if (data->wps_pin_revealed) {
165 		wpa_printf(MSG_DEBUG, "WPS: Full PIN information revealed and "
166 			   "negotiation failed");
167 		if (data->registrar)
168 			wps_registrar_invalidate_pin(data->wps->registrar,
169 						     data->uuid_e);
170 	} else if (data->registrar)
171 		wps_registrar_unlock_pin(data->wps->registrar, data->uuid_e);
172 
173 	wpabuf_free(data->dh_privkey);
174 	wpabuf_free(data->dh_pubkey_e);
175 	wpabuf_free(data->dh_pubkey_r);
176 	wpabuf_free(data->last_msg);
177 	bin_clear_free(data->dev_password, data->dev_password_len);
178 	bin_clear_free(data->alt_dev_password, data->alt_dev_password_len);
179 	bin_clear_free(data->new_psk, data->new_psk_len);
180 	wps_device_data_free(&data->peer_dev);
181 	bin_clear_free(data->new_ap_settings, sizeof(*data->new_ap_settings));
182 	dh5_free(data->dh_ctx);
183 	os_free(data);
184 }
185 
186 
187 /**
188  * wps_process_msg - Process a WPS message
189  * @wps: WPS Registration protocol data from wps_init()
190  * @op_code: Message OP Code
191  * @msg: Message data
192  * Returns: Processing result
193  *
194  * This function is used to process WPS messages with OP Codes WSC_ACK,
195  * WSC_NACK, WSC_MSG, and WSC_Done. The caller (e.g., EAP server/peer) is
196  * responsible for reassembling the messages before calling this function.
197  * Response to this message is built by calling wps_get_msg().
198  */
199 enum wps_process_res wps_process_msg(struct wps_data *wps,
200 				     enum wsc_op_code op_code,
201 				     const struct wpabuf *msg)
202 {
203 	if (wps->registrar)
204 		return wps_registrar_process_msg(wps, op_code, msg);
205 	else
206 		return wps_enrollee_process_msg(wps, op_code, msg);
207 }
208 
209 
210 /**
211  * wps_get_msg - Build a WPS message
212  * @wps: WPS Registration protocol data from wps_init()
213  * @op_code: Buffer for returning message OP Code
214  * Returns: The generated WPS message or %NULL on failure
215  *
216  * This function is used to build a response to a message processed by calling
217  * wps_process_msg(). The caller is responsible for freeing the buffer.
218  */
219 struct wpabuf * wps_get_msg(struct wps_data *wps, enum wsc_op_code *op_code)
220 {
221 	if (wps->registrar)
222 		return wps_registrar_get_msg(wps, op_code);
223 	else
224 		return wps_enrollee_get_msg(wps, op_code);
225 }
226 
227 
228 /**
229  * wps_is_selected_pbc_registrar - Check whether WPS IE indicates active PBC
230  * @msg: WPS IE contents from Beacon or Probe Response frame
231  * Returns: 1 if PBC Registrar is active, 0 if not
232  */
233 int wps_is_selected_pbc_registrar(const struct wpabuf *msg)
234 {
235 	struct wps_parse_attr attr;
236 
237 	/*
238 	 * In theory, this could also verify that attr.sel_reg_config_methods
239 	 * includes WPS_CONFIG_PUSHBUTTON, but some deployed AP implementations
240 	 * do not set Selected Registrar Config Methods attribute properly, so
241 	 * it is safer to just use Device Password ID here.
242 	 */
243 
244 	if (wps_parse_msg(msg, &attr) < 0 ||
245 	    !attr.selected_registrar || *attr.selected_registrar == 0 ||
246 	    !attr.dev_password_id ||
247 	    WPA_GET_BE16(attr.dev_password_id) != DEV_PW_PUSHBUTTON)
248 		return 0;
249 
250 #ifdef CONFIG_WPS_STRICT
251 	if (!attr.sel_reg_config_methods ||
252 	    !(WPA_GET_BE16(attr.sel_reg_config_methods) &
253 	      WPS_CONFIG_PUSHBUTTON))
254 		return 0;
255 #endif /* CONFIG_WPS_STRICT */
256 
257 	return 1;
258 }
259 
260 
261 static int is_selected_pin_registrar(struct wps_parse_attr *attr)
262 {
263 	/*
264 	 * In theory, this could also verify that attr.sel_reg_config_methods
265 	 * includes WPS_CONFIG_LABEL, WPS_CONFIG_DISPLAY, or WPS_CONFIG_KEYPAD,
266 	 * but some deployed AP implementations do not set Selected Registrar
267 	 * Config Methods attribute properly, so it is safer to just use
268 	 * Device Password ID here.
269 	 */
270 
271 	if (!attr->selected_registrar || *attr->selected_registrar == 0)
272 		return 0;
273 
274 	if (attr->dev_password_id != NULL &&
275 	    WPA_GET_BE16(attr->dev_password_id) == DEV_PW_PUSHBUTTON)
276 		return 0;
277 
278 #ifdef CONFIG_WPS_STRICT
279 	if (!attr->sel_reg_config_methods ||
280 	    !(WPA_GET_BE16(attr->sel_reg_config_methods) &
281 	      (WPS_CONFIG_LABEL | WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD)))
282 		return 0;
283 #endif /* CONFIG_WPS_STRICT */
284 
285 	return 1;
286 }
287 
288 
289 /**
290  * wps_is_selected_pin_registrar - Check whether WPS IE indicates active PIN
291  * @msg: WPS IE contents from Beacon or Probe Response frame
292  * Returns: 1 if PIN Registrar is active, 0 if not
293  */
294 int wps_is_selected_pin_registrar(const struct wpabuf *msg)
295 {
296 	struct wps_parse_attr attr;
297 
298 	if (wps_parse_msg(msg, &attr) < 0)
299 		return 0;
300 
301 	return is_selected_pin_registrar(&attr);
302 }
303 
304 
305 /**
306  * wps_is_addr_authorized - Check whether WPS IE authorizes MAC address
307  * @msg: WPS IE contents from Beacon or Probe Response frame
308  * @addr: MAC address to search for
309  * @ver1_compat: Whether to use version 1 compatibility mode
310  * Returns: 2 if the specified address is explicit authorized, 1 if address is
311  * authorized (broadcast), 0 if not
312  */
313 int wps_is_addr_authorized(const struct wpabuf *msg, const u8 *addr,
314 			   int ver1_compat)
315 {
316 	struct wps_parse_attr attr;
317 	unsigned int i;
318 	const u8 *pos;
319 	const u8 bcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
320 
321 	if (wps_parse_msg(msg, &attr) < 0)
322 		return 0;
323 
324 	if (!attr.version2 && ver1_compat) {
325 		/*
326 		 * Version 1.0 AP - AuthorizedMACs not used, so revert back to
327 		 * old mechanism of using SelectedRegistrar.
328 		 */
329 		return is_selected_pin_registrar(&attr);
330 	}
331 
332 	if (!attr.authorized_macs)
333 		return 0;
334 
335 	pos = attr.authorized_macs;
336 	for (i = 0; i < attr.authorized_macs_len / ETH_ALEN; i++) {
337 		if (os_memcmp(pos, addr, ETH_ALEN) == 0)
338 			return 2;
339 		if (os_memcmp(pos, bcast, ETH_ALEN) == 0)
340 			return 1;
341 		pos += ETH_ALEN;
342 	}
343 
344 	return 0;
345 }
346 
347 
348 /**
349  * wps_ap_priority_compar - Prioritize WPS IE from two APs
350  * @wps_a: WPS IE contents from Beacon or Probe Response frame
351  * @wps_b: WPS IE contents from Beacon or Probe Response frame
352  * Returns: 1 if wps_b is considered more likely selection for WPS
353  * provisioning, -1 if wps_a is considered more like, or 0 if no preference
354  */
355 int wps_ap_priority_compar(const struct wpabuf *wps_a,
356 			   const struct wpabuf *wps_b)
357 {
358 	struct wps_parse_attr attr;
359 	int sel_a, sel_b;
360 
361 	if (wps_a == NULL || wps_parse_msg(wps_a, &attr) < 0)
362 		return 1;
363 	sel_a = attr.selected_registrar && *attr.selected_registrar != 0;
364 
365 	if (wps_b == NULL || wps_parse_msg(wps_b, &attr) < 0)
366 		return -1;
367 	sel_b = attr.selected_registrar && *attr.selected_registrar != 0;
368 
369 	if (sel_a && !sel_b)
370 		return -1;
371 	if (!sel_a && sel_b)
372 		return 1;
373 
374 	return 0;
375 }
376 
377 
378 /**
379  * wps_get_uuid_e - Get UUID-E from WPS IE
380  * @msg: WPS IE contents from Beacon or Probe Response frame
381  * Returns: Pointer to UUID-E or %NULL if not included
382  *
383  * The returned pointer is to the msg contents and it remains valid only as
384  * long as the msg buffer is valid.
385  */
386 const u8 * wps_get_uuid_e(const struct wpabuf *msg)
387 {
388 	struct wps_parse_attr attr;
389 
390 	if (wps_parse_msg(msg, &attr) < 0)
391 		return NULL;
392 	return attr.uuid_e;
393 }
394 
395 
396 /**
397  * wps_is_20 - Check whether WPS attributes claim support for WPS 2.0
398  */
399 int wps_is_20(const struct wpabuf *msg)
400 {
401 	struct wps_parse_attr attr;
402 
403 	if (msg == NULL || wps_parse_msg(msg, &attr) < 0)
404 		return 0;
405 	return attr.version2 != NULL;
406 }
407 
408 
409 /**
410  * wps_build_assoc_req_ie - Build WPS IE for (Re)Association Request
411  * @req_type: Value for Request Type attribute
412  * Returns: WPS IE or %NULL on failure
413  *
414  * The caller is responsible for freeing the buffer.
415  */
416 struct wpabuf * wps_build_assoc_req_ie(enum wps_request_type req_type)
417 {
418 	struct wpabuf *ie;
419 	u8 *len;
420 
421 	wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for (Re)Association "
422 		   "Request");
423 	ie = wpabuf_alloc(100);
424 	if (ie == NULL)
425 		return NULL;
426 
427 	wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
428 	len = wpabuf_put(ie, 1);
429 	wpabuf_put_be32(ie, WPS_DEV_OUI_WFA);
430 
431 	if (wps_build_version(ie) ||
432 	    wps_build_req_type(ie, req_type) ||
433 	    wps_build_wfa_ext(ie, 0, NULL, 0)) {
434 		wpabuf_free(ie);
435 		return NULL;
436 	}
437 
438 	*len = wpabuf_len(ie) - 2;
439 
440 	return ie;
441 }
442 
443 
444 /**
445  * wps_build_assoc_resp_ie - Build WPS IE for (Re)Association Response
446  * Returns: WPS IE or %NULL on failure
447  *
448  * The caller is responsible for freeing the buffer.
449  */
450 struct wpabuf * wps_build_assoc_resp_ie(void)
451 {
452 	struct wpabuf *ie;
453 	u8 *len;
454 
455 	wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for (Re)Association "
456 		   "Response");
457 	ie = wpabuf_alloc(100);
458 	if (ie == NULL)
459 		return NULL;
460 
461 	wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
462 	len = wpabuf_put(ie, 1);
463 	wpabuf_put_be32(ie, WPS_DEV_OUI_WFA);
464 
465 	if (wps_build_version(ie) ||
466 	    wps_build_resp_type(ie, WPS_RESP_AP) ||
467 	    wps_build_wfa_ext(ie, 0, NULL, 0)) {
468 		wpabuf_free(ie);
469 		return NULL;
470 	}
471 
472 	*len = wpabuf_len(ie) - 2;
473 
474 	return ie;
475 }
476 
477 
478 /**
479  * wps_build_probe_req_ie - Build WPS IE for Probe Request
480  * @pw_id: Password ID (DEV_PW_PUSHBUTTON for active PBC and DEV_PW_DEFAULT for
481  * most other use cases)
482  * @dev: Device attributes
483  * @uuid: Own UUID
484  * @req_type: Value for Request Type attribute
485  * @num_req_dev_types: Number of requested device types
486  * @req_dev_types: Requested device types (8 * num_req_dev_types octets) or
487  *	%NULL if none
488  * Returns: WPS IE or %NULL on failure
489  *
490  * The caller is responsible for freeing the buffer.
491  */
492 struct wpabuf * wps_build_probe_req_ie(u16 pw_id, struct wps_device_data *dev,
493 				       const u8 *uuid,
494 				       enum wps_request_type req_type,
495 				       unsigned int num_req_dev_types,
496 				       const u8 *req_dev_types)
497 {
498 	struct wpabuf *ie;
499 
500 	wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for Probe Request");
501 
502 	ie = wpabuf_alloc(500);
503 	if (ie == NULL)
504 		return NULL;
505 
506 	if (wps_build_version(ie) ||
507 	    wps_build_req_type(ie, req_type) ||
508 	    wps_build_config_methods(ie, dev->config_methods) ||
509 	    wps_build_uuid_e(ie, uuid) ||
510 	    wps_build_primary_dev_type(dev, ie) ||
511 	    wps_build_rf_bands(dev, ie, 0) ||
512 	    wps_build_assoc_state(NULL, ie) ||
513 	    wps_build_config_error(ie, WPS_CFG_NO_ERROR) ||
514 	    wps_build_dev_password_id(ie, pw_id) ||
515 	    wps_build_manufacturer(dev, ie) ||
516 	    wps_build_model_name(dev, ie) ||
517 	    wps_build_model_number(dev, ie) ||
518 	    wps_build_dev_name(dev, ie) ||
519 	    wps_build_wfa_ext(ie, req_type == WPS_REQ_ENROLLEE, NULL, 0) ||
520 	    wps_build_req_dev_type(dev, ie, num_req_dev_types, req_dev_types)
521 	    ||
522 	    wps_build_secondary_dev_type(dev, ie)
523 		) {
524 		wpabuf_free(ie);
525 		return NULL;
526 	}
527 
528 	return wps_ie_encapsulate(ie);
529 }
530 
531 
532 void wps_free_pending_msgs(struct upnp_pending_message *msgs)
533 {
534 	struct upnp_pending_message *p, *prev;
535 	p = msgs;
536 	while (p) {
537 		prev = p;
538 		p = p->next;
539 		wpabuf_free(prev->msg);
540 		os_free(prev);
541 	}
542 }
543 
544 
545 int wps_attr_text(struct wpabuf *data, char *buf, char *end)
546 {
547 	struct wps_parse_attr attr;
548 	char *pos = buf;
549 	int ret;
550 
551 	if (wps_parse_msg(data, &attr) < 0)
552 		return -1;
553 
554 	if (attr.wps_state) {
555 		if (*attr.wps_state == WPS_STATE_NOT_CONFIGURED)
556 			ret = os_snprintf(pos, end - pos,
557 					  "wps_state=unconfigured\n");
558 		else if (*attr.wps_state == WPS_STATE_CONFIGURED)
559 			ret = os_snprintf(pos, end - pos,
560 					  "wps_state=configured\n");
561 		else
562 			ret = 0;
563 		if (os_snprintf_error(end - pos, ret))
564 			return pos - buf;
565 		pos += ret;
566 	}
567 
568 	if (attr.ap_setup_locked && *attr.ap_setup_locked) {
569 		ret = os_snprintf(pos, end - pos,
570 				  "wps_ap_setup_locked=1\n");
571 		if (os_snprintf_error(end - pos, ret))
572 			return pos - buf;
573 		pos += ret;
574 	}
575 
576 	if (attr.selected_registrar && *attr.selected_registrar) {
577 		ret = os_snprintf(pos, end - pos,
578 				  "wps_selected_registrar=1\n");
579 		if (os_snprintf_error(end - pos, ret))
580 			return pos - buf;
581 		pos += ret;
582 	}
583 
584 	if (attr.dev_password_id) {
585 		ret = os_snprintf(pos, end - pos,
586 				  "wps_device_password_id=%u\n",
587 				  WPA_GET_BE16(attr.dev_password_id));
588 		if (os_snprintf_error(end - pos, ret))
589 			return pos - buf;
590 		pos += ret;
591 	}
592 
593 	if (attr.sel_reg_config_methods) {
594 		ret = os_snprintf(pos, end - pos,
595 				  "wps_selected_registrar_config_methods="
596 				  "0x%04x\n",
597 				  WPA_GET_BE16(attr.sel_reg_config_methods));
598 		if (os_snprintf_error(end - pos, ret))
599 			return pos - buf;
600 		pos += ret;
601 	}
602 
603 	if (attr.primary_dev_type) {
604 		char devtype[WPS_DEV_TYPE_BUFSIZE];
605 		ret = os_snprintf(pos, end - pos,
606 				  "wps_primary_device_type=%s\n",
607 				  wps_dev_type_bin2str(attr.primary_dev_type,
608 						       devtype,
609 						       sizeof(devtype)));
610 		if (os_snprintf_error(end - pos, ret))
611 			return pos - buf;
612 		pos += ret;
613 	}
614 
615 	if (attr.dev_name) {
616 		char *str = os_malloc(attr.dev_name_len + 1);
617 		size_t i;
618 		if (str == NULL)
619 			return pos - buf;
620 		for (i = 0; i < attr.dev_name_len; i++) {
621 			if (attr.dev_name[i] == 0 ||
622 			    is_ctrl_char(attr.dev_name[i]))
623 				str[i] = '_';
624 			else
625 				str[i] = attr.dev_name[i];
626 		}
627 		str[i] = '\0';
628 		ret = os_snprintf(pos, end - pos, "wps_device_name=%s\n", str);
629 		os_free(str);
630 		if (os_snprintf_error(end - pos, ret))
631 			return pos - buf;
632 		pos += ret;
633 	}
634 
635 	if (attr.config_methods) {
636 		ret = os_snprintf(pos, end - pos,
637 				  "wps_config_methods=0x%04x\n",
638 				  WPA_GET_BE16(attr.config_methods));
639 		if (os_snprintf_error(end - pos, ret))
640 			return pos - buf;
641 		pos += ret;
642 	}
643 
644 	return pos - buf;
645 }
646 
647 
648 const char * wps_ei_str(enum wps_error_indication ei)
649 {
650 	switch (ei) {
651 	case WPS_EI_NO_ERROR:
652 		return "No Error";
653 	case WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED:
654 		return "TKIP Only Prohibited";
655 	case WPS_EI_SECURITY_WEP_PROHIBITED:
656 		return "WEP Prohibited";
657 	case WPS_EI_AUTH_FAILURE:
658 		return "Authentication Failure";
659 	default:
660 		return "Unknown";
661 	}
662 }
663