1 /* 2 * wpa_supplicant - DPP 3 * Copyright (c) 2017, Qualcomm Atheros, Inc. 4 * Copyright (c) 2018-2020, The Linux Foundation 5 * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc. 6 * 7 * This software may be distributed under the terms of the BSD license. 8 * See README for more details. 9 */ 10 11 #include "utils/includes.h" 12 13 #include "utils/common.h" 14 #include "utils/eloop.h" 15 #include "utils/ip_addr.h" 16 #include "utils/base64.h" 17 #include "common/dpp.h" 18 #include "common/gas.h" 19 #include "common/gas_server.h" 20 #include "crypto/random.h" 21 #include "rsn_supp/wpa.h" 22 #include "rsn_supp/pmksa_cache.h" 23 #include "wpa_supplicant_i.h" 24 #include "config.h" 25 #include "driver_i.h" 26 #include "offchannel.h" 27 #include "gas_query.h" 28 #include "bss.h" 29 #include "scan.h" 30 #include "notify.h" 31 #include "dpp_supplicant.h" 32 33 34 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s, 35 unsigned int freq); 36 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx); 37 static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx); 38 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator); 39 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s, 40 unsigned int freq, const u8 *dst, 41 const u8 *src, const u8 *bssid, 42 const u8 *data, size_t data_len, 43 enum offchannel_send_action_result result); 44 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx); 45 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s); 46 static void 47 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s, 48 unsigned int freq, const u8 *dst, 49 const u8 *src, const u8 *bssid, 50 const u8 *data, size_t data_len, 51 enum offchannel_send_action_result result); 52 static void wpas_dpp_gas_client_timeout(void *eloop_ctx, void *timeout_ctx); 53 #ifdef CONFIG_DPP2 54 static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx, 55 void *timeout_ctx); 56 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s); 57 static int wpas_dpp_process_conf_obj(void *ctx, 58 struct dpp_authentication *auth); 59 static bool wpas_dpp_tcp_msg_sent(void *ctx, struct dpp_authentication *auth); 60 #endif /* CONFIG_DPP2 */ 61 62 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 63 64 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only 65 * a single transaction in progress at any point in time. */ 66 static const u8 TRANSACTION_ID = 1; 67 68 69 /** 70 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code 71 * @wpa_s: Pointer to wpa_supplicant data 72 * @cmd: DPP URI read from a QR Code 73 * Returns: Identifier of the stored info or -1 on failure 74 */ 75 int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd) 76 { 77 struct dpp_bootstrap_info *bi; 78 struct dpp_authentication *auth = wpa_s->dpp_auth; 79 80 bi = dpp_add_qr_code(wpa_s->dpp, cmd); 81 if (!bi) 82 return -1; 83 84 if (auth && auth->response_pending && 85 dpp_notify_new_qr_code(auth, bi) == 1) { 86 wpa_printf(MSG_DEBUG, 87 "DPP: Sending out pending authentication response"); 88 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 89 " freq=%u type=%d", 90 MAC2STR(auth->peer_mac_addr), auth->curr_freq, 91 DPP_PA_AUTHENTICATION_RESP); 92 offchannel_send_action(wpa_s, auth->curr_freq, 93 auth->peer_mac_addr, wpa_s->own_addr, 94 broadcast, 95 wpabuf_head(auth->resp_msg), 96 wpabuf_len(auth->resp_msg), 97 500, wpas_dpp_tx_status, 0); 98 } 99 100 #ifdef CONFIG_DPP2 101 dpp_controller_new_qr_code(wpa_s->dpp, bi); 102 #endif /* CONFIG_DPP2 */ 103 104 return bi->id; 105 } 106 107 108 /** 109 * wpas_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI) 110 * @wpa_s: Pointer to wpa_supplicant data 111 * @cmd: DPP URI read from a NFC Tag (URI NDEF message) 112 * Returns: Identifier of the stored info or -1 on failure 113 */ 114 int wpas_dpp_nfc_uri(struct wpa_supplicant *wpa_s, const char *cmd) 115 { 116 struct dpp_bootstrap_info *bi; 117 118 bi = dpp_add_nfc_uri(wpa_s->dpp, cmd); 119 if (!bi) 120 return -1; 121 122 return bi->id; 123 } 124 125 126 int wpas_dpp_nfc_handover_req(struct wpa_supplicant *wpa_s, const char *cmd) 127 { 128 const char *pos; 129 struct dpp_bootstrap_info *peer_bi, *own_bi; 130 131 pos = os_strstr(cmd, " own="); 132 if (!pos) 133 return -1; 134 pos += 5; 135 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos)); 136 if (!own_bi) 137 return -1; 138 own_bi->nfc_negotiated = 1; 139 140 pos = os_strstr(cmd, " uri="); 141 if (!pos) 142 return -1; 143 pos += 5; 144 peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos); 145 if (!peer_bi) { 146 wpa_printf(MSG_INFO, 147 "DPP: Failed to parse URI from NFC Handover Request"); 148 return -1; 149 } 150 151 if (dpp_nfc_update_bi(own_bi, peer_bi) < 0) 152 return -1; 153 154 return peer_bi->id; 155 } 156 157 158 int wpas_dpp_nfc_handover_sel(struct wpa_supplicant *wpa_s, const char *cmd) 159 { 160 const char *pos; 161 struct dpp_bootstrap_info *peer_bi, *own_bi; 162 163 pos = os_strstr(cmd, " own="); 164 if (!pos) 165 return -1; 166 pos += 5; 167 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos)); 168 if (!own_bi) 169 return -1; 170 own_bi->nfc_negotiated = 1; 171 172 pos = os_strstr(cmd, " uri="); 173 if (!pos) 174 return -1; 175 pos += 5; 176 peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos); 177 if (!peer_bi) { 178 wpa_printf(MSG_INFO, 179 "DPP: Failed to parse URI from NFC Handover Select"); 180 return -1; 181 } 182 183 if (peer_bi->curve != own_bi->curve) { 184 wpa_printf(MSG_INFO, 185 "DPP: Peer (NFC Handover Selector) used different curve"); 186 return -1; 187 } 188 189 return peer_bi->id; 190 } 191 192 193 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx) 194 { 195 struct wpa_supplicant *wpa_s = eloop_ctx; 196 struct dpp_authentication *auth = wpa_s->dpp_auth; 197 198 if (!auth || !auth->resp_msg) 199 return; 200 201 wpa_printf(MSG_DEBUG, 202 "DPP: Retry Authentication Response after timeout"); 203 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 204 " freq=%u type=%d", 205 MAC2STR(auth->peer_mac_addr), auth->curr_freq, 206 DPP_PA_AUTHENTICATION_RESP); 207 offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr, 208 wpa_s->own_addr, broadcast, 209 wpabuf_head(auth->resp_msg), 210 wpabuf_len(auth->resp_msg), 211 500, wpas_dpp_tx_status, 0); 212 } 213 214 215 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s) 216 { 217 struct dpp_authentication *auth = wpa_s->dpp_auth; 218 unsigned int wait_time, max_tries; 219 220 if (!auth || !auth->resp_msg) 221 return; 222 223 if (wpa_s->dpp_resp_max_tries) 224 max_tries = wpa_s->dpp_resp_max_tries; 225 else 226 max_tries = 5; 227 auth->auth_resp_tries++; 228 if (auth->auth_resp_tries >= max_tries) { 229 wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange"); 230 offchannel_send_action_done(wpa_s); 231 dpp_auth_deinit(wpa_s->dpp_auth); 232 wpa_s->dpp_auth = NULL; 233 return; 234 } 235 236 if (wpa_s->dpp_resp_retry_time) 237 wait_time = wpa_s->dpp_resp_retry_time; 238 else 239 wait_time = 1000; 240 if (wpa_s->dpp_tx_chan_change) { 241 wpa_s->dpp_tx_chan_change = false; 242 if (wait_time > 100) 243 wait_time = 100; 244 } 245 246 wpa_printf(MSG_DEBUG, 247 "DPP: Schedule retransmission of Authentication Response frame in %u ms", 248 wait_time); 249 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL); 250 eloop_register_timeout(wait_time / 1000, 251 (wait_time % 1000) * 1000, 252 wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL); 253 } 254 255 256 static void wpas_dpp_try_to_connect(struct wpa_supplicant *wpa_s) 257 { 258 wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network"); 259 wpa_s->suitable_network = 0; 260 wpa_s->no_suitable_network = 0; 261 wpa_s->disconnected = 0; 262 wpa_s->reassociate = 1; 263 wpa_s->scan_runs = 0; 264 wpa_s->normal_scans = 0; 265 wpa_supplicant_cancel_sched_scan(wpa_s); 266 wpa_supplicant_req_scan(wpa_s, 0, 0); 267 } 268 269 270 #ifdef CONFIG_DPP2 271 272 static void wpas_dpp_stop_listen_for_tx(struct wpa_supplicant *wpa_s, 273 unsigned int freq, 274 unsigned int wait_time) 275 { 276 struct os_reltime now, res; 277 unsigned int remaining; 278 279 if (!wpa_s->dpp_listen_freq) 280 return; 281 282 os_get_reltime(&now); 283 if (os_reltime_before(&now, &wpa_s->dpp_listen_end)) { 284 os_reltime_sub(&wpa_s->dpp_listen_end, &now, &res); 285 remaining = res.sec * 1000 + res.usec / 1000; 286 } else { 287 remaining = 0; 288 } 289 if (wpa_s->dpp_listen_freq == freq && remaining > wait_time) 290 return; 291 292 wpa_printf(MSG_DEBUG, 293 "DPP: Stop listen on %u MHz ending in %u ms to allow immediate TX on %u MHz for %u ms", 294 wpa_s->dpp_listen_freq, remaining, freq, wait_time); 295 wpas_dpp_listen_stop(wpa_s); 296 297 /* TODO: Restart listen in some cases after TX? */ 298 } 299 300 301 static void wpas_dpp_conn_status_result_timeout(void *eloop_ctx, 302 void *timeout_ctx) 303 { 304 struct wpa_supplicant *wpa_s = eloop_ctx; 305 struct dpp_authentication *auth = wpa_s->dpp_auth; 306 enum dpp_status_error result; 307 308 if ((!auth || !auth->conn_status_requested) && 309 !dpp_tcp_conn_status_requested(wpa_s->dpp)) 310 return; 311 312 wpa_printf(MSG_DEBUG, 313 "DPP: Connection timeout - report Connection Status Result"); 314 if (wpa_s->suitable_network) 315 result = DPP_STATUS_AUTH_FAILURE; 316 else if (wpa_s->no_suitable_network) 317 result = DPP_STATUS_NO_AP; 318 else 319 result = 255; /* What to report here for unexpected state? */ 320 if (wpa_s->wpa_state == WPA_SCANNING) 321 wpas_abort_ongoing_scan(wpa_s); 322 wpas_dpp_send_conn_status_result(wpa_s, result); 323 } 324 325 326 static char * wpas_dpp_scan_channel_list(struct wpa_supplicant *wpa_s) 327 { 328 char *str, *end, *pos; 329 size_t len; 330 unsigned int i; 331 u8 last_op_class = 0; 332 int res; 333 334 if (!wpa_s->last_scan_freqs || !wpa_s->num_last_scan_freqs) 335 return NULL; 336 337 len = wpa_s->num_last_scan_freqs * 8; 338 str = os_zalloc(len); 339 if (!str) 340 return NULL; 341 end = str + len; 342 pos = str; 343 344 for (i = 0; i < wpa_s->num_last_scan_freqs; i++) { 345 enum hostapd_hw_mode mode; 346 u8 op_class, channel; 347 348 mode = ieee80211_freq_to_channel_ext(wpa_s->last_scan_freqs[i], 349 0, 0, &op_class, &channel); 350 if (mode == NUM_HOSTAPD_MODES) 351 continue; 352 if (op_class == last_op_class) 353 res = os_snprintf(pos, end - pos, ",%d", channel); 354 else 355 res = os_snprintf(pos, end - pos, "%s%d/%d", 356 pos == str ? "" : ",", 357 op_class, channel); 358 if (os_snprintf_error(end - pos, res)) { 359 *pos = '\0'; 360 break; 361 } 362 pos += res; 363 last_op_class = op_class; 364 } 365 366 if (pos == str) { 367 os_free(str); 368 str = NULL; 369 } 370 return str; 371 } 372 373 374 void wpas_dpp_send_conn_status_result(struct wpa_supplicant *wpa_s, 375 enum dpp_status_error result) 376 { 377 struct wpabuf *msg; 378 const char *channel_list = NULL; 379 char *channel_list_buf = NULL; 380 struct wpa_ssid *ssid = wpa_s->current_ssid; 381 struct dpp_authentication *auth = wpa_s->dpp_auth; 382 383 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL); 384 385 if ((!auth || !auth->conn_status_requested) && 386 !dpp_tcp_conn_status_requested(wpa_s->dpp)) 387 return; 388 389 wpa_printf(MSG_DEBUG, "DPP: Report connection status result %d", 390 result); 391 392 if (result == DPP_STATUS_NO_AP) { 393 channel_list_buf = wpas_dpp_scan_channel_list(wpa_s); 394 channel_list = channel_list_buf; 395 } 396 397 if (!auth || !auth->conn_status_requested) { 398 dpp_tcp_send_conn_status(wpa_s->dpp, result, 399 ssid ? ssid->ssid : 400 wpa_s->dpp_last_ssid, 401 ssid ? ssid->ssid_len : 402 wpa_s->dpp_last_ssid_len, 403 channel_list); 404 os_free(channel_list_buf); 405 return; 406 } 407 408 auth->conn_status_requested = 0; 409 410 msg = dpp_build_conn_status_result(auth, result, 411 ssid ? ssid->ssid : 412 wpa_s->dpp_last_ssid, 413 ssid ? ssid->ssid_len : 414 wpa_s->dpp_last_ssid_len, 415 channel_list); 416 os_free(channel_list_buf); 417 if (!msg) { 418 dpp_auth_deinit(wpa_s->dpp_auth); 419 wpa_s->dpp_auth = NULL; 420 return; 421 } 422 423 wpa_msg(wpa_s, MSG_INFO, 424 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 425 MAC2STR(auth->peer_mac_addr), auth->curr_freq, 426 DPP_PA_CONNECTION_STATUS_RESULT); 427 offchannel_send_action(wpa_s, auth->curr_freq, 428 auth->peer_mac_addr, wpa_s->own_addr, broadcast, 429 wpabuf_head(msg), wpabuf_len(msg), 430 500, wpas_dpp_tx_status, 0); 431 wpabuf_free(msg); 432 433 /* This exchange will be terminated in the TX status handler */ 434 auth->remove_on_tx_status = 1; 435 436 return; 437 } 438 439 440 static void wpas_dpp_connected_timeout(void *eloop_ctx, void *timeout_ctx) 441 { 442 struct wpa_supplicant *wpa_s = eloop_ctx; 443 struct dpp_authentication *auth = wpa_s->dpp_auth; 444 445 if ((auth && auth->conn_status_requested) || 446 dpp_tcp_conn_status_requested(wpa_s->dpp)) 447 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_OK); 448 } 449 450 451 void wpas_dpp_connected(struct wpa_supplicant *wpa_s) 452 { 453 struct dpp_authentication *auth = wpa_s->dpp_auth; 454 455 if ((auth && auth->conn_status_requested) || 456 dpp_tcp_conn_status_requested(wpa_s->dpp)) { 457 /* Report connection result from an eloop timeout to avoid delay 458 * to completing all connection completion steps since this 459 * function is called in a middle of the post 4-way handshake 460 * processing. */ 461 eloop_register_timeout(0, 0, wpas_dpp_connected_timeout, 462 wpa_s, NULL); 463 } 464 } 465 466 #endif /* CONFIG_DPP2 */ 467 468 469 static void wpas_dpp_drv_wait_timeout(void *eloop_ctx, void *timeout_ctx) 470 { 471 struct wpa_supplicant *wpa_s = eloop_ctx; 472 struct dpp_authentication *auth = wpa_s->dpp_auth; 473 474 if (auth && auth->waiting_auth_resp) { 475 wpa_printf(MSG_DEBUG, 476 "DPP: Call wpas_dpp_auth_init_next() from %s", 477 __func__); 478 wpas_dpp_auth_init_next(wpa_s); 479 } else { 480 wpa_printf(MSG_DEBUG, "DPP: %s, but no waiting_auth_resp", 481 __func__); 482 } 483 } 484 485 486 static void wpas_dpp_neg_freq_timeout(void *eloop_ctx, void *timeout_ctx) 487 { 488 struct wpa_supplicant *wpa_s = eloop_ctx; 489 struct dpp_authentication *auth = wpa_s->dpp_auth; 490 491 if (!wpa_s->dpp_listen_on_tx_expire || !auth || !auth->neg_freq) 492 return; 493 494 wpa_printf(MSG_DEBUG, 495 "DPP: Start listen on neg_freq %u MHz based on timeout for TX wait expiration", 496 auth->neg_freq); 497 wpas_dpp_listen_start(wpa_s, auth->neg_freq); 498 } 499 500 501 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s, 502 unsigned int freq, const u8 *dst, 503 const u8 *src, const u8 *bssid, 504 const u8 *data, size_t data_len, 505 enum offchannel_send_action_result result) 506 { 507 const char *res_txt; 508 struct dpp_authentication *auth = wpa_s->dpp_auth; 509 510 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" : 511 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" : 512 "FAILED"); 513 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR 514 " result=%s", freq, MAC2STR(dst), res_txt); 515 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR 516 " freq=%u result=%s", MAC2STR(dst), freq, res_txt); 517 518 if (!wpa_s->dpp_auth) { 519 wpa_printf(MSG_DEBUG, 520 "DPP: Ignore TX status since there is no ongoing authentication exchange"); 521 return; 522 } 523 524 #ifdef CONFIG_DPP2 525 if (auth->connect_on_tx_status) { 526 auth->connect_on_tx_status = 0; 527 wpa_printf(MSG_DEBUG, 528 "DPP: Try to connect after completed configuration result"); 529 wpas_dpp_try_to_connect(wpa_s); 530 if (auth->conn_status_requested) { 531 wpa_printf(MSG_DEBUG, 532 "DPP: Start 15 second timeout for reporting connection status result"); 533 eloop_cancel_timeout( 534 wpas_dpp_conn_status_result_timeout, 535 wpa_s, NULL); 536 eloop_register_timeout( 537 15, 0, wpas_dpp_conn_status_result_timeout, 538 wpa_s, NULL); 539 } else { 540 dpp_auth_deinit(wpa_s->dpp_auth); 541 wpa_s->dpp_auth = NULL; 542 } 543 return; 544 } 545 #endif /* CONFIG_DPP2 */ 546 547 if (wpa_s->dpp_auth->remove_on_tx_status) { 548 wpa_printf(MSG_DEBUG, 549 "DPP: Terminate authentication exchange due to a request to do so on TX status"); 550 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); 551 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); 552 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, 553 NULL); 554 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, 555 NULL); 556 #ifdef CONFIG_DPP2 557 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout, 558 wpa_s, NULL); 559 #endif /* CONFIG_DPP2 */ 560 offchannel_send_action_done(wpa_s); 561 dpp_auth_deinit(wpa_s->dpp_auth); 562 wpa_s->dpp_auth = NULL; 563 return; 564 } 565 566 if (wpa_s->dpp_auth_ok_on_ack) 567 wpas_dpp_auth_success(wpa_s, 1); 568 569 if (!is_broadcast_ether_addr(dst) && 570 result != OFFCHANNEL_SEND_ACTION_SUCCESS) { 571 wpa_printf(MSG_DEBUG, 572 "DPP: Unicast DPP Action frame was not ACKed"); 573 if (auth->waiting_auth_resp) { 574 /* In case of DPP Authentication Request frame, move to 575 * the next channel immediately. */ 576 offchannel_send_action_done(wpa_s); 577 /* Call wpas_dpp_auth_init_next(wpa_s) from driver event 578 * notifying frame wait was completed or from eloop 579 * timeout. */ 580 eloop_register_timeout(0, 10000, 581 wpas_dpp_drv_wait_timeout, 582 wpa_s, NULL); 583 return; 584 } 585 if (auth->waiting_auth_conf) { 586 wpas_dpp_auth_resp_retry(wpa_s); 587 return; 588 } 589 } 590 591 if (auth->waiting_auth_conf && 592 auth->auth_resp_status == DPP_STATUS_OK) { 593 /* Make sure we do not get stuck waiting for Auth Confirm 594 * indefinitely after successfully transmitted Auth Response to 595 * allow new authentication exchanges to be started. */ 596 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, 597 NULL); 598 eloop_register_timeout(1, 0, wpas_dpp_auth_conf_wait_timeout, 599 wpa_s, NULL); 600 } 601 602 if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp && 603 result == OFFCHANNEL_SEND_ACTION_SUCCESS) { 604 /* Allow timeout handling to stop iteration if no response is 605 * received from a peer that has ACKed a request. */ 606 auth->auth_req_ack = 1; 607 } 608 609 if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 && 610 wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) { 611 wpa_printf(MSG_DEBUG, 612 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response", 613 wpa_s->dpp_auth->curr_freq, 614 wpa_s->dpp_auth->neg_freq); 615 offchannel_send_action_done(wpa_s); 616 wpa_s->dpp_listen_on_tx_expire = true; 617 eloop_register_timeout(0, 100000, wpas_dpp_neg_freq_timeout, 618 wpa_s, NULL); 619 } 620 621 if (wpa_s->dpp_auth_ok_on_ack) 622 wpa_s->dpp_auth_ok_on_ack = 0; 623 } 624 625 626 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx) 627 { 628 struct wpa_supplicant *wpa_s = eloop_ctx; 629 struct dpp_authentication *auth = wpa_s->dpp_auth; 630 unsigned int freq; 631 struct os_reltime now, diff; 632 unsigned int wait_time, diff_ms; 633 634 if (!auth || !auth->waiting_auth_resp) 635 return; 636 637 wait_time = wpa_s->dpp_resp_wait_time ? 638 wpa_s->dpp_resp_wait_time : 2000; 639 os_get_reltime(&now); 640 os_reltime_sub(&now, &wpa_s->dpp_last_init, &diff); 641 diff_ms = diff.sec * 1000 + diff.usec / 1000; 642 wpa_printf(MSG_DEBUG, 643 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u", 644 wait_time, diff_ms); 645 646 if (auth->auth_req_ack && diff_ms >= wait_time) { 647 /* Peer ACK'ed Authentication Request frame, but did not reply 648 * with Authentication Response frame within two seconds. */ 649 wpa_printf(MSG_INFO, 650 "DPP: No response received from responder - stopping initiation attempt"); 651 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED); 652 offchannel_send_action_done(wpa_s); 653 wpas_dpp_listen_stop(wpa_s); 654 dpp_auth_deinit(auth); 655 wpa_s->dpp_auth = NULL; 656 return; 657 } 658 659 if (diff_ms >= wait_time) { 660 /* Authentication Request frame was not ACK'ed and no reply 661 * was receiving within two seconds. */ 662 wpa_printf(MSG_DEBUG, 663 "DPP: Continue Initiator channel iteration"); 664 offchannel_send_action_done(wpa_s); 665 wpas_dpp_listen_stop(wpa_s); 666 wpas_dpp_auth_init_next(wpa_s); 667 return; 668 } 669 670 /* Driver did not support 2000 ms long wait_time with TX command, so 671 * schedule listen operation to continue waiting for the response. 672 * 673 * DPP listen operations continue until stopped, so simply schedule a 674 * new call to this function at the point when the two second reply 675 * wait has expired. */ 676 wait_time -= diff_ms; 677 678 freq = auth->curr_freq; 679 if (auth->neg_freq > 0) 680 freq = auth->neg_freq; 681 wpa_printf(MSG_DEBUG, 682 "DPP: Continue reply wait on channel %u MHz for %u ms", 683 freq, wait_time); 684 wpa_s->dpp_in_response_listen = 1; 685 wpas_dpp_listen_start(wpa_s, freq); 686 687 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000, 688 wpas_dpp_reply_wait_timeout, wpa_s, NULL); 689 } 690 691 692 static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx) 693 { 694 struct wpa_supplicant *wpa_s = eloop_ctx; 695 struct dpp_authentication *auth = wpa_s->dpp_auth; 696 697 if (!auth || !auth->waiting_auth_conf) 698 return; 699 700 wpa_printf(MSG_DEBUG, 701 "DPP: Terminate authentication exchange due to Auth Confirm timeout"); 702 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL "No Auth Confirm received"); 703 offchannel_send_action_done(wpa_s); 704 dpp_auth_deinit(auth); 705 wpa_s->dpp_auth = NULL; 706 } 707 708 709 static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s, 710 struct dpp_authentication *auth) 711 { 712 #ifdef CONFIG_TESTING_OPTIONS 713 if (wpa_s->dpp_config_obj_override) 714 auth->config_obj_override = 715 os_strdup(wpa_s->dpp_config_obj_override); 716 if (wpa_s->dpp_discovery_override) 717 auth->discovery_override = 718 os_strdup(wpa_s->dpp_discovery_override); 719 if (wpa_s->dpp_groups_override) 720 auth->groups_override = 721 os_strdup(wpa_s->dpp_groups_override); 722 auth->ignore_netaccesskey_mismatch = 723 wpa_s->dpp_ignore_netaccesskey_mismatch; 724 #endif /* CONFIG_TESTING_OPTIONS */ 725 } 726 727 728 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx) 729 { 730 struct wpa_supplicant *wpa_s = eloop_ctx; 731 732 if (!wpa_s->dpp_auth) 733 return; 734 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout"); 735 wpas_dpp_auth_init_next(wpa_s); 736 } 737 738 739 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s) 740 { 741 struct dpp_authentication *auth = wpa_s->dpp_auth; 742 const u8 *dst; 743 unsigned int wait_time, max_wait_time, freq, max_tries, used; 744 struct os_reltime now, diff; 745 746 eloop_cancel_timeout(wpas_dpp_drv_wait_timeout, wpa_s, NULL); 747 748 wpa_s->dpp_in_response_listen = 0; 749 if (!auth) 750 return -1; 751 752 if (auth->freq_idx == 0) 753 os_get_reltime(&wpa_s->dpp_init_iter_start); 754 755 if (auth->freq_idx >= auth->num_freq) { 756 auth->num_freq_iters++; 757 if (wpa_s->dpp_init_max_tries) 758 max_tries = wpa_s->dpp_init_max_tries; 759 else 760 max_tries = 5; 761 if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) { 762 wpa_printf(MSG_INFO, 763 "DPP: No response received from responder - stopping initiation attempt"); 764 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED); 765 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, 766 wpa_s, NULL); 767 offchannel_send_action_done(wpa_s); 768 dpp_auth_deinit(wpa_s->dpp_auth); 769 wpa_s->dpp_auth = NULL; 770 return -1; 771 } 772 auth->freq_idx = 0; 773 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); 774 if (wpa_s->dpp_init_retry_time) 775 wait_time = wpa_s->dpp_init_retry_time; 776 else 777 wait_time = 10000; 778 os_get_reltime(&now); 779 os_reltime_sub(&now, &wpa_s->dpp_init_iter_start, &diff); 780 used = diff.sec * 1000 + diff.usec / 1000; 781 if (used > wait_time) 782 wait_time = 0; 783 else 784 wait_time -= used; 785 wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms", 786 wait_time); 787 eloop_register_timeout(wait_time / 1000, 788 (wait_time % 1000) * 1000, 789 wpas_dpp_init_timeout, wpa_s, 790 NULL); 791 return 0; 792 } 793 freq = auth->freq[auth->freq_idx++]; 794 auth->curr_freq = freq; 795 796 if (!is_zero_ether_addr(auth->peer_mac_addr)) 797 dst = auth->peer_mac_addr; 798 else if (is_zero_ether_addr(auth->peer_bi->mac_addr)) 799 dst = broadcast; 800 else 801 dst = auth->peer_bi->mac_addr; 802 wpa_s->dpp_auth_ok_on_ack = 0; 803 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); 804 wait_time = wpa_s->max_remain_on_chan; 805 max_wait_time = wpa_s->dpp_resp_wait_time ? 806 wpa_s->dpp_resp_wait_time : 2000; 807 if (wait_time > max_wait_time) 808 wait_time = max_wait_time; 809 wait_time += 10; /* give the driver some extra time to complete */ 810 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000, 811 wpas_dpp_reply_wait_timeout, 812 wpa_s, NULL); 813 wait_time -= 10; 814 if (auth->neg_freq > 0 && freq != auth->neg_freq) { 815 wpa_printf(MSG_DEBUG, 816 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response", 817 freq, auth->neg_freq); 818 } 819 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 820 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ); 821 auth->auth_req_ack = 0; 822 os_get_reltime(&wpa_s->dpp_last_init); 823 return offchannel_send_action(wpa_s, freq, dst, 824 wpa_s->own_addr, broadcast, 825 wpabuf_head(auth->req_msg), 826 wpabuf_len(auth->req_msg), 827 wait_time, wpas_dpp_tx_status, 0); 828 } 829 830 831 int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd) 832 { 833 const char *pos; 834 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL; 835 struct dpp_authentication *auth; 836 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR; 837 unsigned int neg_freq = 0; 838 int tcp = 0; 839 #ifdef CONFIG_DPP2 840 int tcp_port = DPP_TCP_PORT; 841 struct hostapd_ip_addr ipaddr; 842 char *addr; 843 #endif /* CONFIG_DPP2 */ 844 845 wpa_s->dpp_gas_client = 0; 846 wpa_s->dpp_gas_server = 0; 847 848 pos = os_strstr(cmd, " peer="); 849 if (!pos) 850 return -1; 851 pos += 6; 852 peer_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos)); 853 if (!peer_bi) { 854 wpa_printf(MSG_INFO, 855 "DPP: Could not find bootstrapping info for the identified peer"); 856 return -1; 857 } 858 859 #ifdef CONFIG_DPP2 860 pos = os_strstr(cmd, " tcp_port="); 861 if (pos) { 862 pos += 10; 863 tcp_port = atoi(pos); 864 } 865 866 addr = get_param(cmd, " tcp_addr="); 867 if (addr && os_strcmp(addr, "from-uri") == 0) { 868 os_free(addr); 869 if (!peer_bi->host) { 870 wpa_printf(MSG_INFO, 871 "DPP: TCP address not available in peer URI"); 872 return -1; 873 } 874 tcp = 1; 875 os_memcpy(&ipaddr, peer_bi->host, sizeof(ipaddr)); 876 tcp_port = peer_bi->port; 877 } else if (addr) { 878 int res; 879 880 res = hostapd_parse_ip_addr(addr, &ipaddr); 881 os_free(addr); 882 if (res) 883 return -1; 884 tcp = 1; 885 } 886 #endif /* CONFIG_DPP2 */ 887 888 pos = os_strstr(cmd, " own="); 889 if (pos) { 890 pos += 5; 891 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos)); 892 if (!own_bi) { 893 wpa_printf(MSG_INFO, 894 "DPP: Could not find bootstrapping info for the identified local entry"); 895 return -1; 896 } 897 898 if (peer_bi->curve != own_bi->curve) { 899 wpa_printf(MSG_INFO, 900 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)", 901 peer_bi->curve->name, own_bi->curve->name); 902 return -1; 903 } 904 } 905 906 pos = os_strstr(cmd, " role="); 907 if (pos) { 908 pos += 6; 909 if (os_strncmp(pos, "configurator", 12) == 0) 910 allowed_roles = DPP_CAPAB_CONFIGURATOR; 911 else if (os_strncmp(pos, "enrollee", 8) == 0) 912 allowed_roles = DPP_CAPAB_ENROLLEE; 913 else if (os_strncmp(pos, "either", 6) == 0) 914 allowed_roles = DPP_CAPAB_CONFIGURATOR | 915 DPP_CAPAB_ENROLLEE; 916 else 917 goto fail; 918 } 919 920 pos = os_strstr(cmd, " netrole="); 921 if (pos) { 922 pos += 9; 923 if (os_strncmp(pos, "ap", 2) == 0) 924 wpa_s->dpp_netrole = DPP_NETROLE_AP; 925 else if (os_strncmp(pos, "configurator", 12) == 0) 926 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR; 927 else 928 wpa_s->dpp_netrole = DPP_NETROLE_STA; 929 } else { 930 wpa_s->dpp_netrole = DPP_NETROLE_STA; 931 } 932 933 pos = os_strstr(cmd, " neg_freq="); 934 if (pos) 935 neg_freq = atoi(pos + 10); 936 937 if (!tcp && wpa_s->dpp_auth) { 938 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); 939 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); 940 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, 941 NULL); 942 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, 943 NULL); 944 #ifdef CONFIG_DPP2 945 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout, 946 wpa_s, NULL); 947 #endif /* CONFIG_DPP2 */ 948 offchannel_send_action_done(wpa_s); 949 dpp_auth_deinit(wpa_s->dpp_auth); 950 wpa_s->dpp_auth = NULL; 951 } 952 953 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles, 954 neg_freq, wpa_s->hw.modes, wpa_s->hw.num_modes); 955 if (!auth) 956 goto fail; 957 wpas_dpp_set_testing_options(wpa_s, auth); 958 if (dpp_set_configurator(auth, cmd) < 0) { 959 dpp_auth_deinit(auth); 960 goto fail; 961 } 962 963 auth->neg_freq = neg_freq; 964 965 if (!is_zero_ether_addr(peer_bi->mac_addr)) 966 os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN); 967 968 #ifdef CONFIG_DPP2 969 if (tcp) 970 return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port, 971 wpa_s->conf->dpp_name, DPP_NETROLE_STA, 972 wpa_s->conf->dpp_mud_url, 973 wpa_s->conf->dpp_extra_conf_req_name, 974 wpa_s->conf->dpp_extra_conf_req_value, 975 wpa_s, wpa_s, wpas_dpp_process_conf_obj, 976 wpas_dpp_tcp_msg_sent); 977 #endif /* CONFIG_DPP2 */ 978 979 wpa_s->dpp_auth = auth; 980 return wpas_dpp_auth_init_next(wpa_s); 981 fail: 982 return -1; 983 } 984 985 986 struct wpas_dpp_listen_work { 987 unsigned int freq; 988 unsigned int duration; 989 struct wpabuf *probe_resp_ie; 990 }; 991 992 993 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork) 994 { 995 if (!lwork) 996 return; 997 os_free(lwork); 998 } 999 1000 1001 static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s) 1002 { 1003 struct wpas_dpp_listen_work *lwork; 1004 1005 if (!wpa_s->dpp_listen_work) 1006 return; 1007 1008 lwork = wpa_s->dpp_listen_work->ctx; 1009 wpas_dpp_listen_work_free(lwork); 1010 radio_work_done(wpa_s->dpp_listen_work); 1011 wpa_s->dpp_listen_work = NULL; 1012 } 1013 1014 1015 static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit) 1016 { 1017 struct wpa_supplicant *wpa_s = work->wpa_s; 1018 struct wpas_dpp_listen_work *lwork = work->ctx; 1019 1020 if (deinit) { 1021 if (work->started) { 1022 wpa_s->dpp_listen_work = NULL; 1023 wpas_dpp_listen_stop(wpa_s); 1024 } 1025 wpas_dpp_listen_work_free(lwork); 1026 return; 1027 } 1028 1029 wpa_s->dpp_listen_work = work; 1030 1031 wpa_s->dpp_pending_listen_freq = lwork->freq; 1032 1033 if (wpa_drv_remain_on_channel(wpa_s, lwork->freq, 1034 wpa_s->max_remain_on_chan) < 0) { 1035 wpa_printf(MSG_DEBUG, 1036 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen", 1037 lwork->freq); 1038 wpa_s->dpp_listen_freq = 0; 1039 wpas_dpp_listen_work_done(wpa_s); 1040 wpa_s->dpp_pending_listen_freq = 0; 1041 return; 1042 } 1043 wpa_s->off_channel_freq = 0; 1044 wpa_s->roc_waiting_drv_freq = lwork->freq; 1045 wpa_drv_dpp_listen(wpa_s, true); 1046 wpa_s->dpp_tx_auth_resp_on_roc_stop = false; 1047 wpa_s->dpp_tx_chan_change = false; 1048 } 1049 1050 1051 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s, 1052 unsigned int freq) 1053 { 1054 struct wpas_dpp_listen_work *lwork; 1055 1056 if (wpa_s->dpp_listen_work) { 1057 wpa_printf(MSG_DEBUG, 1058 "DPP: Reject start_listen since dpp_listen_work already exists"); 1059 return -1; 1060 } 1061 1062 if (wpa_s->dpp_listen_freq) 1063 wpas_dpp_listen_stop(wpa_s); 1064 wpa_s->dpp_listen_freq = freq; 1065 1066 lwork = os_zalloc(sizeof(*lwork)); 1067 if (!lwork) 1068 return -1; 1069 lwork->freq = freq; 1070 1071 if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb, 1072 lwork) < 0) { 1073 wpas_dpp_listen_work_free(lwork); 1074 return -1; 1075 } 1076 1077 return 0; 1078 } 1079 1080 1081 int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd) 1082 { 1083 int freq; 1084 1085 freq = atoi(cmd); 1086 if (freq <= 0) 1087 return -1; 1088 1089 if (os_strstr(cmd, " role=configurator")) 1090 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR; 1091 else if (os_strstr(cmd, " role=enrollee")) 1092 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE; 1093 else 1094 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR | 1095 DPP_CAPAB_ENROLLEE; 1096 wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL; 1097 if (os_strstr(cmd, " netrole=ap")) 1098 wpa_s->dpp_netrole = DPP_NETROLE_AP; 1099 else if (os_strstr(cmd, " netrole=configurator")) 1100 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR; 1101 else 1102 wpa_s->dpp_netrole = DPP_NETROLE_STA; 1103 if (wpa_s->dpp_listen_freq == (unsigned int) freq) { 1104 wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz", 1105 freq); 1106 return 0; 1107 } 1108 1109 return wpas_dpp_listen_start(wpa_s, freq); 1110 } 1111 1112 1113 void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s) 1114 { 1115 wpa_s->dpp_in_response_listen = 0; 1116 if (!wpa_s->dpp_listen_freq) 1117 return; 1118 1119 wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz", 1120 wpa_s->dpp_listen_freq); 1121 wpa_drv_cancel_remain_on_channel(wpa_s); 1122 wpa_drv_dpp_listen(wpa_s, false); 1123 wpa_s->dpp_listen_freq = 0; 1124 wpas_dpp_listen_work_done(wpa_s); 1125 radio_remove_works(wpa_s, "dpp-listen", 0); 1126 } 1127 1128 1129 void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s, 1130 unsigned int freq, unsigned int duration) 1131 { 1132 if (wpa_s->dpp_listen_freq != freq) 1133 return; 1134 1135 wpa_printf(MSG_DEBUG, 1136 "DPP: Remain-on-channel started for listen on %u MHz for %u ms", 1137 freq, duration); 1138 os_get_reltime(&wpa_s->dpp_listen_end); 1139 wpa_s->dpp_listen_end.usec += duration * 1000; 1140 while (wpa_s->dpp_listen_end.usec >= 1000000) { 1141 wpa_s->dpp_listen_end.sec++; 1142 wpa_s->dpp_listen_end.usec -= 1000000; 1143 } 1144 } 1145 1146 1147 static void wpas_dpp_tx_auth_resp(struct wpa_supplicant *wpa_s) 1148 { 1149 struct dpp_authentication *auth = wpa_s->dpp_auth; 1150 1151 if (!auth) 1152 return; 1153 1154 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 1155 MAC2STR(auth->peer_mac_addr), auth->curr_freq, 1156 DPP_PA_AUTHENTICATION_RESP); 1157 offchannel_send_action(wpa_s, auth->curr_freq, 1158 auth->peer_mac_addr, wpa_s->own_addr, broadcast, 1159 wpabuf_head(auth->resp_msg), 1160 wpabuf_len(auth->resp_msg), 1161 500, wpas_dpp_tx_status, 0); 1162 } 1163 1164 1165 static void wpas_dpp_tx_auth_resp_roc_timeout(void *eloop_ctx, 1166 void *timeout_ctx) 1167 { 1168 struct wpa_supplicant *wpa_s = eloop_ctx; 1169 struct dpp_authentication *auth = wpa_s->dpp_auth; 1170 1171 if (!auth || !wpa_s->dpp_tx_auth_resp_on_roc_stop) 1172 return; 1173 1174 wpa_s->dpp_tx_auth_resp_on_roc_stop = false; 1175 wpa_s->dpp_tx_chan_change = true; 1176 wpa_printf(MSG_DEBUG, 1177 "DPP: Send postponed Authentication Response on remain-on-channel termination timeout"); 1178 wpas_dpp_tx_auth_resp(wpa_s); 1179 } 1180 1181 1182 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s, 1183 unsigned int freq) 1184 { 1185 wpa_printf(MSG_DEBUG, "DPP: Remain on channel cancel for %u MHz", freq); 1186 wpas_dpp_listen_work_done(wpa_s); 1187 1188 if (wpa_s->dpp_auth && wpa_s->dpp_tx_auth_resp_on_roc_stop) { 1189 eloop_cancel_timeout(wpas_dpp_tx_auth_resp_roc_timeout, 1190 wpa_s, NULL); 1191 wpa_s->dpp_tx_auth_resp_on_roc_stop = false; 1192 wpa_s->dpp_tx_chan_change = true; 1193 wpa_printf(MSG_DEBUG, 1194 "DPP: Send postponed Authentication Response on remain-on-channel termination"); 1195 wpas_dpp_tx_auth_resp(wpa_s); 1196 return; 1197 } 1198 1199 if (wpa_s->dpp_auth && wpa_s->dpp_in_response_listen) { 1200 unsigned int new_freq; 1201 1202 /* Continue listen with a new remain-on-channel */ 1203 if (wpa_s->dpp_auth->neg_freq > 0) 1204 new_freq = wpa_s->dpp_auth->neg_freq; 1205 else 1206 new_freq = wpa_s->dpp_auth->curr_freq; 1207 wpa_printf(MSG_DEBUG, 1208 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session", 1209 new_freq); 1210 wpas_dpp_listen_start(wpa_s, new_freq); 1211 return; 1212 } 1213 1214 if (wpa_s->dpp_listen_freq) { 1215 /* Continue listen with a new remain-on-channel */ 1216 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq); 1217 } 1218 } 1219 1220 1221 static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src, 1222 const u8 *hdr, const u8 *buf, size_t len, 1223 unsigned int freq) 1224 { 1225 const u8 *r_bootstrap, *i_bootstrap; 1226 u16 r_bootstrap_len, i_bootstrap_len; 1227 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL; 1228 1229 if (!wpa_s->dpp) 1230 return; 1231 1232 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR, 1233 MAC2STR(src)); 1234 1235 #ifdef CONFIG_DPP2 1236 wpas_dpp_chirp_stop(wpa_s); 1237 #endif /* CONFIG_DPP2 */ 1238 1239 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 1240 &r_bootstrap_len); 1241 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { 1242 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL 1243 "Missing or invalid required Responder Bootstrapping Key Hash attribute"); 1244 return; 1245 } 1246 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 1247 r_bootstrap, r_bootstrap_len); 1248 1249 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, 1250 &i_bootstrap_len); 1251 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) { 1252 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL 1253 "Missing or invalid required Initiator Bootstrapping Key Hash attribute"); 1254 return; 1255 } 1256 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash", 1257 i_bootstrap, i_bootstrap_len); 1258 1259 /* Try to find own and peer bootstrapping key matches based on the 1260 * received hash values */ 1261 dpp_bootstrap_find_pair(wpa_s->dpp, i_bootstrap, r_bootstrap, 1262 &own_bi, &peer_bi); 1263 if (!own_bi) { 1264 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL 1265 "No matching own bootstrapping key found - ignore message"); 1266 return; 1267 } 1268 1269 if (own_bi->type == DPP_BOOTSTRAP_PKEX) { 1270 if (!peer_bi || peer_bi->type != DPP_BOOTSTRAP_PKEX) { 1271 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL 1272 "No matching peer bootstrapping key found for PKEX - ignore message"); 1273 return; 1274 } 1275 1276 if (os_memcmp(peer_bi->pubkey_hash, own_bi->peer_pubkey_hash, 1277 SHA256_MAC_LEN) != 0) { 1278 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL 1279 "Mismatching peer PKEX bootstrapping key - ignore message"); 1280 return; 1281 } 1282 } 1283 1284 if (wpa_s->dpp_auth) { 1285 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL 1286 "Already in DPP authentication exchange - ignore new one"); 1287 return; 1288 } 1289 1290 wpa_s->dpp_pkex_wait_auth_req = false; 1291 wpa_s->dpp_gas_client = 0; 1292 wpa_s->dpp_gas_server = 0; 1293 wpa_s->dpp_auth_ok_on_ack = 0; 1294 wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s->dpp, wpa_s, 1295 wpa_s->dpp_allowed_roles, 1296 wpa_s->dpp_qr_mutual, 1297 peer_bi, own_bi, freq, hdr, buf, len); 1298 if (!wpa_s->dpp_auth) { 1299 wpa_printf(MSG_DEBUG, "DPP: No response generated"); 1300 return; 1301 } 1302 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth); 1303 if (dpp_set_configurator(wpa_s->dpp_auth, 1304 wpa_s->dpp_configurator_params) < 0) { 1305 dpp_auth_deinit(wpa_s->dpp_auth); 1306 wpa_s->dpp_auth = NULL; 1307 return; 1308 } 1309 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN); 1310 1311 if (wpa_s->dpp_listen_freq && 1312 wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) { 1313 wpa_printf(MSG_DEBUG, 1314 "DPP: Stop listen on %u MHz to allow response on the request %u MHz", 1315 wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq); 1316 wpa_s->dpp_tx_auth_resp_on_roc_stop = true; 1317 eloop_register_timeout(0, 100000, 1318 wpas_dpp_tx_auth_resp_roc_timeout, 1319 wpa_s, NULL); 1320 wpas_dpp_listen_stop(wpa_s); 1321 return; 1322 } 1323 wpa_s->dpp_tx_auth_resp_on_roc_stop = false; 1324 wpa_s->dpp_tx_chan_change = false; 1325 1326 wpas_dpp_tx_auth_resp(wpa_s); 1327 } 1328 1329 1330 void wpas_dpp_tx_wait_expire(struct wpa_supplicant *wpa_s) 1331 { 1332 struct dpp_authentication *auth = wpa_s->dpp_auth; 1333 int freq; 1334 1335 if (wpa_s->dpp_listen_on_tx_expire && auth && auth->neg_freq) { 1336 wpa_printf(MSG_DEBUG, 1337 "DPP: Start listen on neg_freq %u MHz based on TX wait expiration on the previous channel", 1338 auth->neg_freq); 1339 eloop_cancel_timeout(wpas_dpp_neg_freq_timeout, wpa_s, NULL); 1340 wpas_dpp_listen_start(wpa_s, auth->neg_freq); 1341 return; 1342 } 1343 1344 if (!wpa_s->dpp_gas_server || !auth) { 1345 if (auth && auth->waiting_auth_resp && 1346 eloop_is_timeout_registered(wpas_dpp_drv_wait_timeout, 1347 wpa_s, NULL)) { 1348 eloop_cancel_timeout(wpas_dpp_drv_wait_timeout, 1349 wpa_s, NULL); 1350 wpa_printf(MSG_DEBUG, 1351 "DPP: Call wpas_dpp_auth_init_next() from %s", 1352 __func__); 1353 wpas_dpp_auth_init_next(wpa_s); 1354 } 1355 return; 1356 } 1357 1358 freq = auth->neg_freq > 0 ? auth->neg_freq : auth->curr_freq; 1359 if (wpa_s->dpp_listen_work || (int) wpa_s->dpp_listen_freq == freq) 1360 return; /* listen state is already in progress */ 1361 1362 wpa_printf(MSG_DEBUG, "DPP: Start listen on %u MHz for GAS", freq); 1363 wpa_s->dpp_in_response_listen = 1; 1364 wpas_dpp_listen_start(wpa_s, freq); 1365 } 1366 1367 1368 static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s) 1369 { 1370 struct dpp_authentication *auth = wpa_s->dpp_auth; 1371 1372 wpa_printf(MSG_DEBUG, 1373 "DPP: Starting GAS server (curr_freq=%d neg_freq=%d dpp_listen_freq=%d dpp_listen_work=%d)", 1374 auth->curr_freq, auth->neg_freq, wpa_s->dpp_listen_freq, 1375 !!wpa_s->dpp_listen_work); 1376 wpa_s->dpp_gas_server = 1; 1377 } 1378 1379 1380 static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s, 1381 struct dpp_authentication *auth, 1382 struct dpp_config_obj *conf) 1383 { 1384 struct wpa_ssid *ssid; 1385 1386 #ifdef CONFIG_DPP2 1387 if (conf->akm == DPP_AKM_SAE) { 1388 #ifdef CONFIG_SAE 1389 struct wpa_driver_capa capa; 1390 int res; 1391 1392 res = wpa_drv_get_capa(wpa_s, &capa); 1393 if (res == 0 && 1394 !(capa.key_mgmt_iftype[WPA_IF_STATION] & 1395 WPA_DRIVER_CAPA_KEY_MGMT_SAE) && 1396 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) { 1397 wpa_printf(MSG_DEBUG, 1398 "DPP: SAE not supported by the driver"); 1399 return NULL; 1400 } 1401 #else /* CONFIG_SAE */ 1402 wpa_printf(MSG_DEBUG, "DPP: SAE not supported in the build"); 1403 return NULL; 1404 #endif /* CONFIG_SAE */ 1405 } 1406 #endif /* CONFIG_DPP2 */ 1407 1408 ssid = wpa_config_add_network(wpa_s->conf); 1409 if (!ssid) 1410 return NULL; 1411 wpas_notify_network_added(wpa_s, ssid); 1412 wpa_config_set_network_defaults(ssid); 1413 ssid->disabled = 1; 1414 1415 ssid->ssid = os_malloc(conf->ssid_len); 1416 if (!ssid->ssid) 1417 goto fail; 1418 os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len); 1419 ssid->ssid_len = conf->ssid_len; 1420 1421 if (conf->connector) { 1422 if (dpp_akm_dpp(conf->akm)) { 1423 ssid->key_mgmt = WPA_KEY_MGMT_DPP; 1424 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED; 1425 } 1426 ssid->dpp_connector = os_strdup(conf->connector); 1427 if (!ssid->dpp_connector) 1428 goto fail; 1429 1430 ssid->dpp_connector_privacy = 1431 wpa_s->conf->dpp_connector_privacy_default; 1432 } 1433 1434 if (conf->c_sign_key) { 1435 ssid->dpp_csign = os_malloc(wpabuf_len(conf->c_sign_key)); 1436 if (!ssid->dpp_csign) 1437 goto fail; 1438 os_memcpy(ssid->dpp_csign, wpabuf_head(conf->c_sign_key), 1439 wpabuf_len(conf->c_sign_key)); 1440 ssid->dpp_csign_len = wpabuf_len(conf->c_sign_key); 1441 } 1442 1443 if (conf->pp_key) { 1444 ssid->dpp_pp_key = os_malloc(wpabuf_len(conf->pp_key)); 1445 if (!ssid->dpp_pp_key) 1446 goto fail; 1447 os_memcpy(ssid->dpp_pp_key, wpabuf_head(conf->pp_key), 1448 wpabuf_len(conf->pp_key)); 1449 ssid->dpp_pp_key_len = wpabuf_len(conf->pp_key); 1450 } 1451 1452 if (auth->net_access_key) { 1453 ssid->dpp_netaccesskey = 1454 os_malloc(wpabuf_len(auth->net_access_key)); 1455 if (!ssid->dpp_netaccesskey) 1456 goto fail; 1457 os_memcpy(ssid->dpp_netaccesskey, 1458 wpabuf_head(auth->net_access_key), 1459 wpabuf_len(auth->net_access_key)); 1460 ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key); 1461 ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry; 1462 } 1463 1464 if (!conf->connector || dpp_akm_psk(conf->akm) || 1465 dpp_akm_sae(conf->akm)) { 1466 if (!conf->connector || !dpp_akm_dpp(conf->akm)) 1467 ssid->key_mgmt = 0; 1468 if (dpp_akm_psk(conf->akm)) 1469 ssid->key_mgmt |= WPA_KEY_MGMT_PSK | 1470 WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK; 1471 if (dpp_akm_sae(conf->akm)) 1472 ssid->key_mgmt |= WPA_KEY_MGMT_SAE | 1473 WPA_KEY_MGMT_FT_SAE; 1474 if (dpp_akm_psk(conf->akm)) 1475 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL; 1476 else 1477 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED; 1478 if (conf->passphrase[0]) { 1479 if (wpa_config_set_quoted(ssid, "psk", 1480 conf->passphrase) < 0) 1481 goto fail; 1482 wpa_config_update_psk(ssid); 1483 ssid->export_keys = 1; 1484 } else { 1485 ssid->psk_set = conf->psk_set; 1486 os_memcpy(ssid->psk, conf->psk, PMK_LEN); 1487 } 1488 } 1489 1490 #if defined(CONFIG_DPP2) && defined(IEEE8021X_EAPOL) 1491 if (conf->akm == DPP_AKM_DOT1X) { 1492 int i; 1493 char name[100], blobname[128]; 1494 struct wpa_config_blob *blob; 1495 1496 ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X | 1497 WPA_KEY_MGMT_IEEE8021X_SHA256 | 1498 WPA_KEY_MGMT_IEEE8021X_SHA384; 1499 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL; 1500 1501 if (conf->cacert) { 1502 /* caCert is DER-encoded X.509v3 certificate for the 1503 * server certificate if that is different from the 1504 * trust root included in certBag. */ 1505 /* TODO: ssid->eap.cert.ca_cert */ 1506 } 1507 1508 if (conf->certs) { 1509 for (i = 0; ; i++) { 1510 os_snprintf(name, sizeof(name), "dpp-certs-%d", 1511 i); 1512 if (!wpa_config_get_blob(wpa_s->conf, name)) 1513 break; 1514 } 1515 1516 blob = os_zalloc(sizeof(*blob)); 1517 if (!blob) 1518 goto fail; 1519 blob->len = wpabuf_len(conf->certs); 1520 blob->name = os_strdup(name); 1521 blob->data = os_malloc(blob->len); 1522 if (!blob->name || !blob->data) { 1523 wpa_config_free_blob(blob); 1524 goto fail; 1525 } 1526 os_memcpy(blob->data, wpabuf_head(conf->certs), 1527 blob->len); 1528 os_snprintf(blobname, sizeof(blobname), "blob://%s", 1529 name); 1530 wpa_config_set_blob(wpa_s->conf, blob); 1531 wpa_printf(MSG_DEBUG, "DPP: Added certificate blob %s", 1532 name); 1533 ssid->eap.cert.client_cert = os_strdup(blobname); 1534 if (!ssid->eap.cert.client_cert) 1535 goto fail; 1536 1537 /* TODO: ssid->eap.identity from own certificate */ 1538 if (wpa_config_set(ssid, "identity", "\"dpp-ent\"", 1539 0) < 0) 1540 goto fail; 1541 } 1542 1543 if (auth->priv_key) { 1544 for (i = 0; ; i++) { 1545 os_snprintf(name, sizeof(name), "dpp-key-%d", 1546 i); 1547 if (!wpa_config_get_blob(wpa_s->conf, name)) 1548 break; 1549 } 1550 1551 blob = os_zalloc(sizeof(*blob)); 1552 if (!blob) 1553 goto fail; 1554 blob->len = wpabuf_len(auth->priv_key); 1555 blob->name = os_strdup(name); 1556 blob->data = os_malloc(blob->len); 1557 if (!blob->name || !blob->data) { 1558 wpa_config_free_blob(blob); 1559 goto fail; 1560 } 1561 os_memcpy(blob->data, wpabuf_head(auth->priv_key), 1562 blob->len); 1563 os_snprintf(blobname, sizeof(blobname), "blob://%s", 1564 name); 1565 wpa_config_set_blob(wpa_s->conf, blob); 1566 wpa_printf(MSG_DEBUG, "DPP: Added private key blob %s", 1567 name); 1568 ssid->eap.cert.private_key = os_strdup(blobname); 1569 if (!ssid->eap.cert.private_key) 1570 goto fail; 1571 } 1572 1573 if (conf->server_name) { 1574 ssid->eap.cert.domain_suffix_match = 1575 os_strdup(conf->server_name); 1576 if (!ssid->eap.cert.domain_suffix_match) 1577 goto fail; 1578 } 1579 1580 /* TODO: Use entCreds::eapMethods */ 1581 if (wpa_config_set(ssid, "eap", "TLS", 0) < 0) 1582 goto fail; 1583 } 1584 #endif /* CONFIG_DPP2 && IEEE8021X_EAPOL */ 1585 1586 os_memcpy(wpa_s->dpp_last_ssid, conf->ssid, conf->ssid_len); 1587 wpa_s->dpp_last_ssid_len = conf->ssid_len; 1588 1589 return ssid; 1590 fail: 1591 wpas_notify_network_removed(wpa_s, ssid); 1592 wpa_config_remove_network(wpa_s->conf, ssid->id); 1593 return NULL; 1594 } 1595 1596 1597 static int wpas_dpp_process_config(struct wpa_supplicant *wpa_s, 1598 struct dpp_authentication *auth, 1599 struct dpp_config_obj *conf) 1600 { 1601 struct wpa_ssid *ssid; 1602 1603 if (wpa_s->conf->dpp_config_processing < 1) 1604 return 0; 1605 1606 ssid = wpas_dpp_add_network(wpa_s, auth, conf); 1607 if (!ssid) 1608 return -1; 1609 1610 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id); 1611 if (wpa_s->conf->dpp_config_processing == 2) 1612 ssid->disabled = 0; 1613 1614 #ifndef CONFIG_NO_CONFIG_WRITE 1615 if (wpa_s->conf->update_config && 1616 wpa_config_write(wpa_s->confname, wpa_s->conf)) 1617 wpa_printf(MSG_DEBUG, "DPP: Failed to update configuration"); 1618 #endif /* CONFIG_NO_CONFIG_WRITE */ 1619 1620 return 0; 1621 } 1622 1623 1624 static void wpas_dpp_post_process_config(struct wpa_supplicant *wpa_s, 1625 struct dpp_authentication *auth) 1626 { 1627 #ifdef CONFIG_DPP2 1628 if (auth->reconfig && wpa_s->dpp_reconfig_ssid && 1629 wpa_config_get_network(wpa_s->conf, wpa_s->dpp_reconfig_ssid_id) == 1630 wpa_s->dpp_reconfig_ssid) { 1631 wpa_printf(MSG_DEBUG, 1632 "DPP: Remove reconfigured network profile"); 1633 wpas_notify_network_removed(wpa_s, wpa_s->dpp_reconfig_ssid); 1634 wpa_config_remove_network(wpa_s->conf, 1635 wpa_s->dpp_reconfig_ssid_id); 1636 wpa_s->dpp_reconfig_ssid = NULL; 1637 wpa_s->dpp_reconfig_ssid_id = -1; 1638 } 1639 #endif /* CONFIG_DPP2 */ 1640 1641 if (wpa_s->conf->dpp_config_processing < 2) 1642 return; 1643 1644 #ifdef CONFIG_DPP2 1645 if (auth->peer_version >= 2) { 1646 wpa_printf(MSG_DEBUG, 1647 "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result"); 1648 auth->connect_on_tx_status = 1; 1649 return; 1650 } 1651 #endif /* CONFIG_DPP2 */ 1652 1653 wpas_dpp_try_to_connect(wpa_s); 1654 } 1655 1656 1657 static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s, 1658 struct dpp_authentication *auth, 1659 struct dpp_config_obj *conf) 1660 { 1661 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED); 1662 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_AKM "%s", 1663 dpp_akm_str(conf->akm)); 1664 if (conf->ssid_len) 1665 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s", 1666 wpa_ssid_txt(conf->ssid, conf->ssid_len)); 1667 if (conf->ssid_charset) 1668 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID_CHARSET "%d", 1669 conf->ssid_charset); 1670 if (conf->connector) { 1671 /* TODO: Save the Connector and consider using a command 1672 * to fetch the value instead of sending an event with 1673 * it. The Connector could end up being larger than what 1674 * most clients are ready to receive as an event 1675 * message. */ 1676 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s", 1677 conf->connector); 1678 } 1679 if (conf->passphrase[0]) { 1680 char hex[64 * 2 + 1]; 1681 1682 wpa_snprintf_hex(hex, sizeof(hex), 1683 (const u8 *) conf->passphrase, 1684 os_strlen(conf->passphrase)); 1685 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PASS "%s", 1686 hex); 1687 } else if (conf->psk_set) { 1688 char hex[PMK_LEN * 2 + 1]; 1689 1690 wpa_snprintf_hex(hex, sizeof(hex), conf->psk, PMK_LEN); 1691 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s", 1692 hex); 1693 } 1694 if (conf->c_sign_key) { 1695 char *hex; 1696 size_t hexlen; 1697 1698 hexlen = 2 * wpabuf_len(conf->c_sign_key) + 1; 1699 hex = os_malloc(hexlen); 1700 if (hex) { 1701 wpa_snprintf_hex(hex, hexlen, 1702 wpabuf_head(conf->c_sign_key), 1703 wpabuf_len(conf->c_sign_key)); 1704 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s", 1705 hex); 1706 os_free(hex); 1707 } 1708 } 1709 if (conf->pp_key) { 1710 char *hex; 1711 size_t hexlen; 1712 1713 hexlen = 2 * wpabuf_len(conf->pp_key) + 1; 1714 hex = os_malloc(hexlen); 1715 if (hex) { 1716 wpa_snprintf_hex(hex, hexlen, 1717 wpabuf_head(conf->pp_key), 1718 wpabuf_len(conf->pp_key)); 1719 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PP_KEY "%s", hex); 1720 os_free(hex); 1721 } 1722 } 1723 if (auth->net_access_key) { 1724 char *hex; 1725 size_t hexlen; 1726 1727 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1; 1728 hex = os_malloc(hexlen); 1729 if (hex) { 1730 wpa_snprintf_hex(hex, hexlen, 1731 wpabuf_head(auth->net_access_key), 1732 wpabuf_len(auth->net_access_key)); 1733 if (auth->net_access_key_expiry) 1734 wpa_msg(wpa_s, MSG_INFO, 1735 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex, 1736 (long unsigned) 1737 auth->net_access_key_expiry); 1738 else 1739 wpa_msg(wpa_s, MSG_INFO, 1740 DPP_EVENT_NET_ACCESS_KEY "%s", hex); 1741 os_free(hex); 1742 } 1743 } 1744 1745 #ifdef CONFIG_DPP2 1746 if (conf->certbag) { 1747 char *b64; 1748 1749 b64 = base64_encode_no_lf(wpabuf_head(conf->certbag), 1750 wpabuf_len(conf->certbag), NULL); 1751 if (b64) 1752 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CERTBAG "%s", b64); 1753 os_free(b64); 1754 } 1755 1756 if (conf->cacert) { 1757 char *b64; 1758 1759 b64 = base64_encode_no_lf(wpabuf_head(conf->cacert), 1760 wpabuf_len(conf->cacert), NULL); 1761 if (b64) 1762 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CACERT "%s", b64); 1763 os_free(b64); 1764 } 1765 1766 if (conf->server_name) 1767 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_SERVER_NAME "%s", 1768 conf->server_name); 1769 #endif /* CONFIG_DPP2 */ 1770 1771 #ifdef CONFIG_DPP3 1772 if (!wpa_s->dpp_pb_result_indicated) { 1773 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "success"); 1774 wpa_s->dpp_pb_result_indicated = true; 1775 } 1776 1777 #endif /* CONFIG_DPP3 */ 1778 1779 return wpas_dpp_process_config(wpa_s, auth, conf); 1780 } 1781 1782 1783 static int wpas_dpp_handle_key_pkg(struct wpa_supplicant *wpa_s, 1784 struct dpp_asymmetric_key *key) 1785 { 1786 #ifdef CONFIG_DPP2 1787 int res; 1788 1789 if (!key) 1790 return 0; 1791 1792 wpa_printf(MSG_DEBUG, "DPP: Received Configurator backup"); 1793 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED); 1794 wpa_s->dpp_conf_backup_received = true; 1795 1796 while (key) { 1797 res = dpp_configurator_from_backup(wpa_s->dpp, key); 1798 if (res < 0) 1799 return -1; 1800 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFIGURATOR_ID "%d", 1801 res); 1802 key = key->next; 1803 } 1804 #endif /* CONFIG_DPP2 */ 1805 1806 return 0; 1807 } 1808 1809 1810 #ifdef CONFIG_DPP2 1811 static void wpas_dpp_build_csr(void *eloop_ctx, void *timeout_ctx) 1812 { 1813 struct wpa_supplicant *wpa_s = eloop_ctx; 1814 struct dpp_authentication *auth = wpa_s->dpp_auth; 1815 1816 if (!auth || !auth->csrattrs) 1817 return; 1818 1819 wpa_printf(MSG_DEBUG, "DPP: Build CSR"); 1820 wpabuf_free(auth->csr); 1821 /* TODO: Additional information needed for CSR based on csrAttrs */ 1822 auth->csr = dpp_build_csr(auth, wpa_s->conf->dpp_name ? 1823 wpa_s->conf->dpp_name : "Test"); 1824 if (!auth->csr) { 1825 dpp_auth_deinit(wpa_s->dpp_auth); 1826 wpa_s->dpp_auth = NULL; 1827 return; 1828 } 1829 1830 wpas_dpp_start_gas_client(wpa_s); 1831 } 1832 #endif /* CONFIG_DPP2 */ 1833 1834 1835 #ifdef CONFIG_DPP3 1836 static void wpas_dpp_build_new_key(void *eloop_ctx, void *timeout_ctx) 1837 { 1838 struct wpa_supplicant *wpa_s = eloop_ctx; 1839 struct dpp_authentication *auth = wpa_s->dpp_auth; 1840 1841 if (!auth || !auth->waiting_new_key) 1842 return; 1843 1844 wpa_printf(MSG_DEBUG, "DPP: Build config request with a new key"); 1845 wpas_dpp_start_gas_client(wpa_s); 1846 } 1847 #endif /* CONFIG_DPP3 */ 1848 1849 1850 static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token, 1851 enum gas_query_result result, 1852 const struct wpabuf *adv_proto, 1853 const struct wpabuf *resp, u16 status_code) 1854 { 1855 struct wpa_supplicant *wpa_s = ctx; 1856 const u8 *pos; 1857 struct dpp_authentication *auth = wpa_s->dpp_auth; 1858 int res; 1859 enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED; 1860 unsigned int i; 1861 1862 eloop_cancel_timeout(wpas_dpp_gas_client_timeout, wpa_s, NULL); 1863 wpa_s->dpp_gas_dialog_token = -1; 1864 1865 if (!auth || (!auth->auth_success && !auth->reconfig_success) || 1866 !ether_addr_equal(addr, auth->peer_mac_addr)) { 1867 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 1868 return; 1869 } 1870 if (result != GAS_QUERY_SUCCESS || 1871 !resp || status_code != WLAN_STATUS_SUCCESS) { 1872 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed"); 1873 goto fail; 1874 } 1875 1876 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto", 1877 adv_proto); 1878 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)", 1879 resp); 1880 1881 if (wpabuf_len(adv_proto) != 10 || 1882 !(pos = wpabuf_head(adv_proto)) || 1883 pos[0] != WLAN_EID_ADV_PROTO || 1884 pos[1] != 8 || 1885 pos[3] != WLAN_EID_VENDOR_SPECIFIC || 1886 pos[4] != 5 || 1887 WPA_GET_BE24(&pos[5]) != OUI_WFA || 1888 pos[8] != 0x1a || 1889 pos[9] != 1) { 1890 wpa_printf(MSG_DEBUG, 1891 "DPP: Not a DPP Advertisement Protocol ID"); 1892 goto fail; 1893 } 1894 1895 res = dpp_conf_resp_rx(auth, resp); 1896 #ifdef CONFIG_DPP2 1897 if (res == -2) { 1898 wpa_printf(MSG_DEBUG, "DPP: CSR needed"); 1899 eloop_register_timeout(0, 0, wpas_dpp_build_csr, wpa_s, NULL); 1900 return; 1901 } 1902 #endif /* CONFIG_DPP2 */ 1903 #ifdef CONFIG_DPP3 1904 if (res == -3) { 1905 wpa_printf(MSG_DEBUG, "DPP: New protocol key needed"); 1906 eloop_register_timeout(0, 0, wpas_dpp_build_new_key, wpa_s, 1907 NULL); 1908 return; 1909 } 1910 #endif /* CONFIG_DPP3 */ 1911 if (res < 0) { 1912 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed"); 1913 goto fail; 1914 } 1915 1916 wpa_s->dpp_conf_backup_received = false; 1917 for (i = 0; i < auth->num_conf_obj; i++) { 1918 res = wpas_dpp_handle_config_obj(wpa_s, auth, 1919 &auth->conf_obj[i]); 1920 if (res < 0) 1921 goto fail; 1922 } 1923 if (auth->num_conf_obj) 1924 wpas_dpp_post_process_config(wpa_s, auth); 1925 if (wpas_dpp_handle_key_pkg(wpa_s, auth->conf_key_pkg) < 0) 1926 goto fail; 1927 1928 status = DPP_STATUS_OK; 1929 #ifdef CONFIG_TESTING_OPTIONS 1930 if (dpp_test == DPP_TEST_REJECT_CONFIG) { 1931 wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object"); 1932 status = DPP_STATUS_CONFIG_REJECTED; 1933 } 1934 #endif /* CONFIG_TESTING_OPTIONS */ 1935 fail: 1936 if (status != DPP_STATUS_OK) 1937 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED); 1938 #ifdef CONFIG_DPP2 1939 if (auth->peer_version >= 2 && 1940 auth->conf_resp_status == DPP_STATUS_OK) { 1941 struct wpabuf *msg; 1942 1943 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result"); 1944 msg = dpp_build_conf_result(auth, status); 1945 if (!msg) 1946 goto fail2; 1947 1948 wpa_msg(wpa_s, MSG_INFO, 1949 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 1950 MAC2STR(addr), auth->curr_freq, 1951 DPP_PA_CONFIGURATION_RESULT); 1952 offchannel_send_action(wpa_s, auth->curr_freq, 1953 addr, wpa_s->own_addr, broadcast, 1954 wpabuf_head(msg), 1955 wpabuf_len(msg), 1956 500, wpas_dpp_tx_status, 0); 1957 wpabuf_free(msg); 1958 1959 /* This exchange will be terminated in the TX status handler */ 1960 if (wpa_s->conf->dpp_config_processing < 2 || 1961 wpa_s->dpp_conf_backup_received) 1962 auth->remove_on_tx_status = 1; 1963 return; 1964 } 1965 fail2: 1966 #endif /* CONFIG_DPP2 */ 1967 dpp_auth_deinit(wpa_s->dpp_auth); 1968 wpa_s->dpp_auth = NULL; 1969 } 1970 1971 1972 static void wpas_dpp_gas_client_timeout(void *eloop_ctx, void *timeout_ctx) 1973 { 1974 struct wpa_supplicant *wpa_s = eloop_ctx; 1975 struct dpp_authentication *auth = wpa_s->dpp_auth; 1976 1977 if (!wpa_s->dpp_gas_client || !auth || 1978 (!auth->auth_success && !auth->reconfig_success)) 1979 return; 1980 1981 wpa_printf(MSG_DEBUG, "DPP: Timeout while waiting for Config Response"); 1982 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED); 1983 dpp_auth_deinit(wpa_s->dpp_auth); 1984 wpa_s->dpp_auth = NULL; 1985 } 1986 1987 1988 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s) 1989 { 1990 struct dpp_authentication *auth = wpa_s->dpp_auth; 1991 struct wpabuf *buf; 1992 int res; 1993 int *supp_op_classes; 1994 1995 wpa_s->dpp_gas_client = 1; 1996 offchannel_send_action_done(wpa_s); 1997 wpas_dpp_listen_stop(wpa_s); 1998 1999 #ifdef CONFIG_NO_RRM 2000 supp_op_classes = NULL; 2001 #else /* CONFIG_NO_RRM */ 2002 supp_op_classes = wpas_supp_op_classes(wpa_s); 2003 #endif /* CONFIG_NO_RRM */ 2004 buf = dpp_build_conf_req_helper(auth, wpa_s->conf->dpp_name, 2005 wpa_s->dpp_netrole, 2006 wpa_s->conf->dpp_mud_url, 2007 supp_op_classes, 2008 wpa_s->conf->dpp_extra_conf_req_name, 2009 wpa_s->conf->dpp_extra_conf_req_value); 2010 os_free(supp_op_classes); 2011 if (!buf) { 2012 wpa_printf(MSG_DEBUG, 2013 "DPP: No configuration request data available"); 2014 return; 2015 } 2016 2017 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)", 2018 MAC2STR(auth->peer_mac_addr), auth->curr_freq); 2019 2020 /* Use a 120 second timeout since the gas_query_req() operation could 2021 * remain waiting indefinitely for the response if the Configurator 2022 * keeps sending out comeback responses with additional delay. The 2023 * DPP technical specification expects the Enrollee to continue sending 2024 * out new Config Requests for 60 seconds, so this gives an extra 60 2025 * second time after the last expected new Config Request for the 2026 * Configurator to determine what kind of configuration to provide. */ 2027 eloop_register_timeout(120, 0, wpas_dpp_gas_client_timeout, 2028 wpa_s, NULL); 2029 2030 res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq, 2031 1, 1, buf, wpas_dpp_gas_resp_cb, wpa_s); 2032 if (res < 0) { 2033 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request"); 2034 wpabuf_free(buf); 2035 } else { 2036 wpa_printf(MSG_DEBUG, 2037 "DPP: GAS query started with dialog token %u", res); 2038 wpa_s->dpp_gas_dialog_token = res; 2039 } 2040 } 2041 2042 2043 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator) 2044 { 2045 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded"); 2046 dpp_notify_auth_success(wpa_s->dpp_auth, initiator); 2047 #ifdef CONFIG_TESTING_OPTIONS 2048 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) { 2049 wpa_printf(MSG_INFO, 2050 "DPP: TESTING - stop at Authentication Confirm"); 2051 if (wpa_s->dpp_auth->configurator) { 2052 /* Prevent GAS response */ 2053 wpa_s->dpp_auth->auth_success = 0; 2054 } 2055 return; 2056 } 2057 #endif /* CONFIG_TESTING_OPTIONS */ 2058 2059 if (wpa_s->dpp_auth->configurator) 2060 wpas_dpp_start_gas_server(wpa_s); 2061 else 2062 wpas_dpp_start_gas_client(wpa_s); 2063 } 2064 2065 2066 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src, 2067 const u8 *hdr, const u8 *buf, size_t len, 2068 unsigned int freq) 2069 { 2070 struct dpp_authentication *auth = wpa_s->dpp_auth; 2071 struct wpabuf *msg; 2072 2073 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR 2074 " (freq %u MHz)", MAC2STR(src), freq); 2075 2076 if (!auth) { 2077 wpa_printf(MSG_DEBUG, 2078 "DPP: No DPP Authentication in progress - drop"); 2079 return; 2080 } 2081 2082 if (!is_zero_ether_addr(auth->peer_mac_addr) && 2083 !ether_addr_equal(src, auth->peer_mac_addr)) { 2084 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " 2085 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); 2086 return; 2087 } 2088 2089 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); 2090 2091 if (auth->curr_freq != freq && auth->neg_freq == freq) { 2092 wpa_printf(MSG_DEBUG, 2093 "DPP: Responder accepted request for different negotiation channel"); 2094 auth->curr_freq = freq; 2095 } 2096 2097 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); 2098 msg = dpp_auth_resp_rx(auth, hdr, buf, len); 2099 if (!msg) { 2100 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) { 2101 wpa_printf(MSG_DEBUG, 2102 "DPP: Start wait for full response"); 2103 offchannel_send_action_done(wpa_s); 2104 wpas_dpp_listen_start(wpa_s, auth->curr_freq); 2105 return; 2106 } 2107 wpa_printf(MSG_DEBUG, "DPP: No confirm generated"); 2108 return; 2109 } 2110 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN); 2111 2112 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 2113 MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF); 2114 offchannel_send_action(wpa_s, auth->curr_freq, 2115 src, wpa_s->own_addr, broadcast, 2116 wpabuf_head(msg), wpabuf_len(msg), 2117 500, wpas_dpp_tx_status, 0); 2118 wpabuf_free(msg); 2119 wpa_s->dpp_auth_ok_on_ack = 1; 2120 } 2121 2122 2123 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src, 2124 const u8 *hdr, const u8 *buf, size_t len) 2125 { 2126 struct dpp_authentication *auth = wpa_s->dpp_auth; 2127 2128 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR, 2129 MAC2STR(src)); 2130 2131 if (!auth) { 2132 wpa_printf(MSG_DEBUG, 2133 "DPP: No DPP Authentication in progress - drop"); 2134 return; 2135 } 2136 2137 if (!ether_addr_equal(src, auth->peer_mac_addr)) { 2138 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " 2139 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); 2140 return; 2141 } 2142 2143 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL); 2144 2145 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) { 2146 wpa_printf(MSG_DEBUG, "DPP: Authentication failed"); 2147 return; 2148 } 2149 2150 wpas_dpp_auth_success(wpa_s, 0); 2151 } 2152 2153 2154 #ifdef CONFIG_DPP2 2155 2156 static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx, 2157 void *timeout_ctx) 2158 { 2159 struct wpa_supplicant *wpa_s = eloop_ctx; 2160 struct dpp_authentication *auth = wpa_s->dpp_auth; 2161 2162 if (!auth || !auth->waiting_conf_result) 2163 return; 2164 2165 wpa_printf(MSG_DEBUG, 2166 "DPP: Timeout while waiting for Configuration Result"); 2167 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED); 2168 dpp_auth_deinit(auth); 2169 wpa_s->dpp_auth = NULL; 2170 } 2171 2172 2173 static void wpas_dpp_conn_status_result_wait_timeout(void *eloop_ctx, 2174 void *timeout_ctx) 2175 { 2176 struct wpa_supplicant *wpa_s = eloop_ctx; 2177 struct dpp_authentication *auth = wpa_s->dpp_auth; 2178 2179 if (!auth || !auth->waiting_conn_status_result) 2180 return; 2181 2182 wpa_printf(MSG_DEBUG, 2183 "DPP: Timeout while waiting for Connection Status Result"); 2184 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT "timeout"); 2185 wpas_dpp_listen_stop(wpa_s); 2186 dpp_auth_deinit(auth); 2187 wpa_s->dpp_auth = NULL; 2188 } 2189 2190 2191 #ifdef CONFIG_DPP3 2192 2193 static bool wpas_dpp_pb_active(struct wpa_supplicant *wpa_s) 2194 { 2195 return (wpa_s->dpp_pb_time.sec || wpa_s->dpp_pb_time.usec) && 2196 wpa_s->dpp_pb_configurator; 2197 } 2198 2199 2200 static void wpas_dpp_remove_pb_hash(struct wpa_supplicant *wpa_s) 2201 { 2202 int i; 2203 2204 if (!wpa_s->dpp_pb_bi) 2205 return; 2206 for (i = 0; i < DPP_PB_INFO_COUNT; i++) { 2207 struct dpp_pb_info *info = &wpa_s->dpp_pb[i]; 2208 2209 if (info->rx_time.sec == 0 && info->rx_time.usec == 0) 2210 continue; 2211 if (os_memcmp(info->hash, wpa_s->dpp_pb_resp_hash, 2212 SHA256_MAC_LEN) == 0) { 2213 /* Allow a new push button session to be established 2214 * immediately without the successfully completed 2215 * session triggering session overlap. */ 2216 info->rx_time.sec = 0; 2217 info->rx_time.usec = 0; 2218 wpa_printf(MSG_DEBUG, 2219 "DPP: Removed PB hash from session overlap detection due to successfully completed provisioning"); 2220 } 2221 } 2222 } 2223 2224 #endif /* CONFIG_DPP3 */ 2225 2226 2227 static void wpas_dpp_rx_conf_result(struct wpa_supplicant *wpa_s, const u8 *src, 2228 const u8 *hdr, const u8 *buf, size_t len) 2229 { 2230 struct dpp_authentication *auth = wpa_s->dpp_auth; 2231 enum dpp_status_error status; 2232 2233 wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR, 2234 MAC2STR(src)); 2235 2236 if (!auth || !auth->waiting_conf_result) { 2237 if (auth && 2238 ether_addr_equal(src, auth->peer_mac_addr) && 2239 gas_server_response_sent(wpa_s->gas_server, 2240 auth->gas_server_ctx)) { 2241 /* This could happen if the TX status event gets delayed 2242 * long enough for the Enrollee to have time to send 2243 * the next frame before the TX status gets processed 2244 * locally. */ 2245 wpa_printf(MSG_DEBUG, 2246 "DPP: GAS response was sent but TX status not yet received - assume it was ACKed since the Enrollee sent the next frame in the sequence"); 2247 auth->waiting_conf_result = 1; 2248 } else { 2249 wpa_printf(MSG_DEBUG, 2250 "DPP: No DPP Configuration waiting for result - drop"); 2251 return; 2252 } 2253 } 2254 2255 if (!ether_addr_equal(src, auth->peer_mac_addr)) { 2256 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " 2257 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); 2258 return; 2259 } 2260 2261 status = dpp_conf_result_rx(auth, hdr, buf, len); 2262 2263 if (status == DPP_STATUS_OK && auth->send_conn_status) { 2264 int freq; 2265 2266 wpa_msg(wpa_s, MSG_INFO, 2267 DPP_EVENT_CONF_SENT "wait_conn_status=1 conf_status=%d", 2268 auth->conf_resp_status); 2269 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result"); 2270 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, 2271 wpa_s, NULL); 2272 auth->waiting_conn_status_result = 1; 2273 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout, 2274 wpa_s, NULL); 2275 eloop_register_timeout(16, 0, 2276 wpas_dpp_conn_status_result_wait_timeout, 2277 wpa_s, NULL); 2278 offchannel_send_action_done(wpa_s); 2279 freq = auth->neg_freq ? auth->neg_freq : auth->curr_freq; 2280 if (!wpa_s->dpp_in_response_listen || 2281 (int) wpa_s->dpp_listen_freq != freq) 2282 wpas_dpp_listen_start(wpa_s, freq); 2283 return; 2284 } 2285 offchannel_send_action_done(wpa_s); 2286 wpas_dpp_listen_stop(wpa_s); 2287 if (status == DPP_STATUS_OK) 2288 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT "conf_status=%d", 2289 auth->conf_resp_status); 2290 else 2291 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED); 2292 dpp_auth_deinit(auth); 2293 wpa_s->dpp_auth = NULL; 2294 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL); 2295 #ifdef CONFIG_DPP3 2296 if (!wpa_s->dpp_pb_result_indicated && wpas_dpp_pb_active(wpa_s)) { 2297 if (status == DPP_STATUS_OK) 2298 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT 2299 "success"); 2300 else 2301 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT 2302 "no-configuration-available"); 2303 wpa_s->dpp_pb_result_indicated = true; 2304 if (status == DPP_STATUS_OK) 2305 wpas_dpp_remove_pb_hash(wpa_s); 2306 wpas_dpp_push_button_stop(wpa_s); 2307 } 2308 #endif /* CONFIG_DPP3 */ 2309 } 2310 2311 2312 static void wpas_dpp_rx_conn_status_result(struct wpa_supplicant *wpa_s, 2313 const u8 *src, const u8 *hdr, 2314 const u8 *buf, size_t len) 2315 { 2316 struct dpp_authentication *auth = wpa_s->dpp_auth; 2317 enum dpp_status_error status; 2318 u8 ssid[SSID_MAX_LEN]; 2319 size_t ssid_len = 0; 2320 char *channel_list = NULL; 2321 2322 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result"); 2323 2324 if (!auth || !auth->waiting_conn_status_result) { 2325 wpa_printf(MSG_DEBUG, 2326 "DPP: No DPP Configuration waiting for connection status result - drop"); 2327 return; 2328 } 2329 2330 status = dpp_conn_status_result_rx(auth, hdr, buf, len, 2331 ssid, &ssid_len, &channel_list); 2332 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT 2333 "result=%d ssid=%s channel_list=%s", 2334 status, wpa_ssid_txt(ssid, ssid_len), 2335 channel_list ? channel_list : "N/A"); 2336 os_free(channel_list); 2337 offchannel_send_action_done(wpa_s); 2338 wpas_dpp_listen_stop(wpa_s); 2339 dpp_auth_deinit(auth); 2340 wpa_s->dpp_auth = NULL; 2341 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout, 2342 wpa_s, NULL); 2343 } 2344 2345 2346 static int wpas_dpp_process_conf_obj(void *ctx, 2347 struct dpp_authentication *auth) 2348 { 2349 struct wpa_supplicant *wpa_s = ctx; 2350 unsigned int i; 2351 int res = -1; 2352 2353 for (i = 0; i < auth->num_conf_obj; i++) { 2354 res = wpas_dpp_handle_config_obj(wpa_s, auth, 2355 &auth->conf_obj[i]); 2356 if (res) 2357 break; 2358 } 2359 if (!res) 2360 wpas_dpp_post_process_config(wpa_s, auth); 2361 2362 return res; 2363 } 2364 2365 2366 static bool wpas_dpp_tcp_msg_sent(void *ctx, struct dpp_authentication *auth) 2367 { 2368 struct wpa_supplicant *wpa_s = ctx; 2369 2370 wpa_printf(MSG_DEBUG, "DPP: TCP message sent callback"); 2371 2372 if (auth->connect_on_tx_status) { 2373 auth->connect_on_tx_status = 0; 2374 wpa_printf(MSG_DEBUG, 2375 "DPP: Try to connect after completed configuration result"); 2376 wpas_dpp_try_to_connect(wpa_s); 2377 if (auth->conn_status_requested) { 2378 wpa_printf(MSG_DEBUG, 2379 "DPP: Start 15 second timeout for reporting connection status result"); 2380 eloop_cancel_timeout( 2381 wpas_dpp_conn_status_result_timeout, 2382 wpa_s, NULL); 2383 eloop_register_timeout( 2384 15, 0, wpas_dpp_conn_status_result_timeout, 2385 wpa_s, NULL); 2386 return true; 2387 } 2388 } 2389 2390 return false; 2391 } 2392 2393 2394 static void wpas_dpp_remove_bi(void *ctx, struct dpp_bootstrap_info *bi) 2395 { 2396 struct wpa_supplicant *wpa_s = ctx; 2397 2398 if (bi == wpa_s->dpp_chirp_bi) 2399 wpas_dpp_chirp_stop(wpa_s); 2400 } 2401 2402 2403 static void 2404 wpas_dpp_rx_presence_announcement(struct wpa_supplicant *wpa_s, const u8 *src, 2405 const u8 *hdr, const u8 *buf, size_t len, 2406 unsigned int freq) 2407 { 2408 const u8 *r_bootstrap; 2409 u16 r_bootstrap_len; 2410 struct dpp_bootstrap_info *peer_bi; 2411 struct dpp_authentication *auth; 2412 unsigned int wait_time, max_wait_time; 2413 2414 if (!wpa_s->dpp) 2415 return; 2416 2417 if (wpa_s->dpp_auth) { 2418 wpa_printf(MSG_DEBUG, 2419 "DPP: Ignore Presence Announcement during ongoing Authentication"); 2420 return; 2421 } 2422 2423 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement from " MACSTR, 2424 MAC2STR(src)); 2425 2426 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 2427 &r_bootstrap_len); 2428 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { 2429 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL 2430 "Missing or invalid required Responder Bootstrapping Key Hash attribute"); 2431 return; 2432 } 2433 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 2434 r_bootstrap, r_bootstrap_len); 2435 peer_bi = dpp_bootstrap_find_chirp(wpa_s->dpp, r_bootstrap); 2436 dpp_notify_chirp_received(wpa_s, peer_bi ? (int) peer_bi->id : -1, src, 2437 freq, r_bootstrap); 2438 if (!peer_bi) { 2439 wpa_printf(MSG_DEBUG, 2440 "DPP: No matching bootstrapping information found"); 2441 return; 2442 } 2443 2444 wpa_printf(MSG_DEBUG, "DPP: Start Authentication exchange with " MACSTR 2445 " based on the received Presence Announcement", 2446 MAC2STR(src)); 2447 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, NULL, 2448 DPP_CAPAB_CONFIGURATOR, freq, NULL, 0); 2449 if (!auth) 2450 return; 2451 wpas_dpp_set_testing_options(wpa_s, auth); 2452 if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) { 2453 dpp_auth_deinit(auth); 2454 return; 2455 } 2456 2457 auth->neg_freq = freq; 2458 2459 /* The source address of the Presence Announcement frame overrides any 2460 * MAC address information from the bootstrapping information. */ 2461 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN); 2462 2463 wait_time = wpa_s->max_remain_on_chan; 2464 max_wait_time = wpa_s->dpp_resp_wait_time ? 2465 wpa_s->dpp_resp_wait_time : 2000; 2466 if (wait_time > max_wait_time) 2467 wait_time = max_wait_time; 2468 wpas_dpp_stop_listen_for_tx(wpa_s, freq, wait_time); 2469 2470 wpa_s->dpp_auth = auth; 2471 if (wpas_dpp_auth_init_next(wpa_s) < 0) { 2472 dpp_auth_deinit(wpa_s->dpp_auth); 2473 wpa_s->dpp_auth = NULL; 2474 } 2475 } 2476 2477 2478 static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx, 2479 void *timeout_ctx) 2480 { 2481 struct wpa_supplicant *wpa_s = eloop_ctx; 2482 struct dpp_authentication *auth = wpa_s->dpp_auth; 2483 2484 if (!auth) 2485 return; 2486 2487 wpa_printf(MSG_DEBUG, "DPP: Reconfig Reply wait timeout"); 2488 offchannel_send_action_done(wpa_s); 2489 wpas_dpp_listen_stop(wpa_s); 2490 dpp_auth_deinit(auth); 2491 wpa_s->dpp_auth = NULL; 2492 } 2493 2494 2495 static void 2496 wpas_dpp_rx_reconfig_announcement(struct wpa_supplicant *wpa_s, const u8 *src, 2497 const u8 *hdr, const u8 *buf, size_t len, 2498 unsigned int freq) 2499 { 2500 const u8 *csign_hash, *fcgroup, *a_nonce, *e_id; 2501 u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len; 2502 struct dpp_configurator *conf; 2503 struct dpp_authentication *auth; 2504 unsigned int wait_time, max_wait_time; 2505 u16 group; 2506 2507 if (!wpa_s->dpp) 2508 return; 2509 2510 if (wpa_s->dpp_auth) { 2511 wpa_printf(MSG_DEBUG, 2512 "DPP: Ignore Reconfig Announcement during ongoing Authentication"); 2513 return; 2514 } 2515 2516 wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement from " MACSTR, 2517 MAC2STR(src)); 2518 2519 csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH, 2520 &csign_hash_len); 2521 if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) { 2522 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL 2523 "Missing or invalid required Configurator C-sign key Hash attribute"); 2524 return; 2525 } 2526 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)", 2527 csign_hash, csign_hash_len); 2528 conf = dpp_configurator_find_kid(wpa_s->dpp, csign_hash); 2529 if (!conf) { 2530 wpa_printf(MSG_DEBUG, 2531 "DPP: No matching Configurator information found"); 2532 return; 2533 } 2534 2535 fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP, 2536 &fcgroup_len); 2537 if (!fcgroup || fcgroup_len != 2) { 2538 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL 2539 "Missing or invalid required Finite Cyclic Group attribute"); 2540 return; 2541 } 2542 group = WPA_GET_LE16(fcgroup); 2543 wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group); 2544 2545 a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len); 2546 e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len); 2547 2548 auth = dpp_reconfig_init(wpa_s->dpp, wpa_s, conf, freq, group, 2549 a_nonce, a_nonce_len, e_id, e_id_len); 2550 if (!auth) 2551 return; 2552 wpas_dpp_set_testing_options(wpa_s, auth); 2553 if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) { 2554 dpp_auth_deinit(auth); 2555 return; 2556 } 2557 2558 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN); 2559 wpa_s->dpp_auth = auth; 2560 2561 wpa_s->dpp_in_response_listen = 0; 2562 wpa_s->dpp_auth_ok_on_ack = 0; 2563 wait_time = wpa_s->max_remain_on_chan; 2564 max_wait_time = wpa_s->dpp_resp_wait_time ? 2565 wpa_s->dpp_resp_wait_time : 2000; 2566 if (wait_time > max_wait_time) 2567 wait_time = max_wait_time; 2568 wait_time += 10; /* give the driver some extra time to complete */ 2569 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000, 2570 wpas_dpp_reconfig_reply_wait_timeout, 2571 wpa_s, NULL); 2572 wait_time -= 10; 2573 2574 wpas_dpp_stop_listen_for_tx(wpa_s, freq, wait_time); 2575 2576 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 2577 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_REQ); 2578 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast, 2579 wpabuf_head(auth->reconfig_req_msg), 2580 wpabuf_len(auth->reconfig_req_msg), 2581 wait_time, wpas_dpp_tx_status, 0) < 0) { 2582 dpp_auth_deinit(wpa_s->dpp_auth); 2583 wpa_s->dpp_auth = NULL; 2584 } 2585 } 2586 2587 2588 static void 2589 wpas_dpp_rx_reconfig_auth_req(struct wpa_supplicant *wpa_s, const u8 *src, 2590 const u8 *hdr, const u8 *buf, size_t len, 2591 unsigned int freq) 2592 { 2593 struct wpa_ssid *ssid; 2594 struct dpp_authentication *auth; 2595 2596 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Request from " 2597 MACSTR, MAC2STR(src)); 2598 2599 if (!wpa_s->dpp) 2600 return; 2601 if (wpa_s->dpp_auth) { 2602 wpa_printf(MSG_DEBUG, 2603 "DPP: Not ready for reconfiguration - pending authentication exchange in progress"); 2604 return; 2605 } 2606 if (!wpa_s->dpp_reconfig_ssid) { 2607 wpa_printf(MSG_DEBUG, 2608 "DPP: Not ready for reconfiguration - not requested"); 2609 return; 2610 } 2611 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 2612 if (ssid == wpa_s->dpp_reconfig_ssid && 2613 ssid->id == wpa_s->dpp_reconfig_ssid_id) 2614 break; 2615 } 2616 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey || 2617 !ssid->dpp_csign) { 2618 wpa_printf(MSG_DEBUG, 2619 "DPP: Not ready for reconfiguration - no matching network profile with Connector found"); 2620 return; 2621 } 2622 2623 auth = dpp_reconfig_auth_req_rx(wpa_s->dpp, wpa_s, ssid->dpp_connector, 2624 ssid->dpp_netaccesskey, 2625 ssid->dpp_netaccesskey_len, 2626 ssid->dpp_csign, ssid->dpp_csign_len, 2627 freq, hdr, buf, len); 2628 if (!auth) 2629 return; 2630 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN); 2631 wpa_s->dpp_auth = auth; 2632 2633 wpas_dpp_chirp_stop(wpa_s); 2634 2635 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 2636 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_RESP); 2637 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast, 2638 wpabuf_head(auth->reconfig_resp_msg), 2639 wpabuf_len(auth->reconfig_resp_msg), 2640 500, wpas_dpp_tx_status, 0) < 0) { 2641 dpp_auth_deinit(wpa_s->dpp_auth); 2642 wpa_s->dpp_auth = NULL; 2643 } 2644 } 2645 2646 2647 static void 2648 wpas_dpp_rx_reconfig_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src, 2649 const u8 *hdr, const u8 *buf, size_t len, 2650 unsigned int freq) 2651 { 2652 struct dpp_authentication *auth = wpa_s->dpp_auth; 2653 struct wpabuf *conf; 2654 2655 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response from " 2656 MACSTR, MAC2STR(src)); 2657 2658 if (!auth || !auth->reconfig || !auth->configurator) { 2659 wpa_printf(MSG_DEBUG, 2660 "DPP: No DPP Reconfig Authentication in progress - drop"); 2661 return; 2662 } 2663 2664 if (!ether_addr_equal(src, auth->peer_mac_addr)) { 2665 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " 2666 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); 2667 return; 2668 } 2669 2670 conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len); 2671 if (!conf) 2672 return; 2673 2674 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout, wpa_s, NULL); 2675 2676 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 2677 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_CONF); 2678 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast, 2679 wpabuf_head(conf), wpabuf_len(conf), 2680 500, wpas_dpp_tx_status, 0) < 0) { 2681 wpabuf_free(conf); 2682 dpp_auth_deinit(wpa_s->dpp_auth); 2683 wpa_s->dpp_auth = NULL; 2684 return; 2685 } 2686 wpabuf_free(conf); 2687 2688 wpas_dpp_start_gas_server(wpa_s); 2689 } 2690 2691 2692 static void 2693 wpas_dpp_rx_reconfig_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src, 2694 const u8 *hdr, const u8 *buf, size_t len, 2695 unsigned int freq) 2696 { 2697 struct dpp_authentication *auth = wpa_s->dpp_auth; 2698 2699 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Confirm from " 2700 MACSTR, MAC2STR(src)); 2701 2702 if (!auth || !auth->reconfig || auth->configurator) { 2703 wpa_printf(MSG_DEBUG, 2704 "DPP: No DPP Reconfig Authentication in progress - drop"); 2705 return; 2706 } 2707 2708 if (!ether_addr_equal(src, auth->peer_mac_addr)) { 2709 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected " 2710 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr)); 2711 return; 2712 } 2713 2714 if (dpp_reconfig_auth_conf_rx(auth, hdr, buf, len) < 0) 2715 return; 2716 2717 wpas_dpp_start_gas_client(wpa_s); 2718 } 2719 2720 #endif /* CONFIG_DPP2 */ 2721 2722 2723 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s, 2724 const u8 *src, 2725 const u8 *buf, size_t len) 2726 { 2727 struct wpa_ssid *ssid; 2728 const u8 *connector, *trans_id, *status; 2729 u16 connector_len, trans_id_len, status_len; 2730 #ifdef CONFIG_DPP2 2731 const u8 *version; 2732 u16 version_len; 2733 #endif /* CONFIG_DPP2 */ 2734 u8 peer_version = 1; 2735 struct dpp_introduction intro; 2736 struct rsn_pmksa_cache_entry *entry; 2737 struct os_time now; 2738 struct os_reltime rnow; 2739 os_time_t expiry; 2740 unsigned int seconds; 2741 enum dpp_status_error res; 2742 2743 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR, 2744 MAC2STR(src)); 2745 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) || 2746 !ether_addr_equal(src, wpa_s->dpp_intro_bssid)) { 2747 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from " 2748 MACSTR " - drop", MAC2STR(src)); 2749 return; 2750 } 2751 offchannel_send_action_done(wpa_s); 2752 2753 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 2754 if (ssid == wpa_s->dpp_intro_network) 2755 break; 2756 } 2757 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey || 2758 !ssid->dpp_csign) { 2759 wpa_printf(MSG_DEBUG, 2760 "DPP: Profile not found for network introduction"); 2761 return; 2762 } 2763 2764 os_memset(&intro, 0, sizeof(intro)); 2765 2766 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID, 2767 &trans_id_len); 2768 if (!trans_id || trans_id_len != 1) { 2769 wpa_printf(MSG_DEBUG, 2770 "DPP: Peer did not include Transaction ID"); 2771 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 2772 " fail=missing_transaction_id", MAC2STR(src)); 2773 goto fail; 2774 } 2775 if (trans_id[0] != TRANSACTION_ID) { 2776 wpa_printf(MSG_DEBUG, 2777 "DPP: Ignore frame with unexpected Transaction ID %u", 2778 trans_id[0]); 2779 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 2780 " fail=transaction_id_mismatch", MAC2STR(src)); 2781 goto fail; 2782 } 2783 2784 status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len); 2785 if (!status || status_len != 1) { 2786 wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status"); 2787 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 2788 " fail=missing_status", MAC2STR(src)); 2789 goto fail; 2790 } 2791 if (status[0] != DPP_STATUS_OK) { 2792 wpa_printf(MSG_DEBUG, 2793 "DPP: Peer rejected network introduction: Status %u", 2794 status[0]); 2795 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 2796 " status=%u", MAC2STR(src), status[0]); 2797 #ifdef CONFIG_DPP2 2798 wpas_dpp_send_conn_status_result(wpa_s, status[0]); 2799 #endif /* CONFIG_DPP2 */ 2800 goto fail; 2801 } 2802 2803 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len); 2804 if (!connector) { 2805 wpa_printf(MSG_DEBUG, 2806 "DPP: Peer did not include its Connector"); 2807 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 2808 " fail=missing_connector", MAC2STR(src)); 2809 goto fail; 2810 } 2811 2812 res = dpp_peer_intro(&intro, ssid->dpp_connector, 2813 ssid->dpp_netaccesskey, 2814 ssid->dpp_netaccesskey_len, 2815 ssid->dpp_csign, 2816 ssid->dpp_csign_len, 2817 connector, connector_len, &expiry, NULL); 2818 if (res != DPP_STATUS_OK) { 2819 wpa_printf(MSG_INFO, 2820 "DPP: Network Introduction protocol resulted in failure"); 2821 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 2822 " fail=peer_connector_validation_failed", MAC2STR(src)); 2823 #ifdef CONFIG_DPP2 2824 wpas_dpp_send_conn_status_result(wpa_s, res); 2825 #endif /* CONFIG_DPP2 */ 2826 goto fail; 2827 } 2828 2829 entry = os_zalloc(sizeof(*entry)); 2830 if (!entry) 2831 goto fail; 2832 os_memcpy(entry->aa, src, ETH_ALEN); 2833 os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN); 2834 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN); 2835 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len); 2836 entry->pmk_len = intro.pmk_len; 2837 entry->akmp = WPA_KEY_MGMT_DPP; 2838 #ifdef CONFIG_DPP2 2839 version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION, 2840 &version_len); 2841 if (version && version_len >= 1) 2842 peer_version = version[0]; 2843 #ifdef CONFIG_DPP3 2844 if (intro.peer_version && intro.peer_version >= 2 && 2845 peer_version != intro.peer_version) { 2846 wpa_printf(MSG_INFO, 2847 "DPP: Protocol version mismatch (Connector: %d Attribute: %d", 2848 intro.peer_version, peer_version); 2849 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH); 2850 goto fail; 2851 } 2852 #endif /* CONFIG_DPP3 */ 2853 entry->dpp_pfs = peer_version >= 2; 2854 #endif /* CONFIG_DPP2 */ 2855 if (expiry) { 2856 os_get_time(&now); 2857 seconds = expiry - now.sec; 2858 } else { 2859 seconds = 86400 * 7; 2860 } 2861 os_get_reltime(&rnow); 2862 entry->expiration = rnow.sec + seconds; 2863 entry->reauth_time = rnow.sec + seconds; 2864 entry->network_ctx = ssid; 2865 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry); 2866 2867 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 2868 " status=%u version=%u", MAC2STR(src), status[0], peer_version); 2869 2870 wpa_printf(MSG_DEBUG, 2871 "DPP: Try connection again after successful network introduction"); 2872 if (wpa_supplicant_fast_associate(wpa_s) != 1) { 2873 wpa_supplicant_cancel_sched_scan(wpa_s); 2874 wpa_supplicant_req_scan(wpa_s, 0, 0); 2875 } 2876 fail: 2877 dpp_peer_intro_deinit(&intro); 2878 } 2879 2880 2881 static int wpas_dpp_allow_ir(struct wpa_supplicant *wpa_s, unsigned int freq) 2882 { 2883 int i, j; 2884 2885 if (!wpa_s->hw.modes) 2886 return -1; 2887 2888 for (i = 0; i < wpa_s->hw.num_modes; i++) { 2889 struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i]; 2890 2891 for (j = 0; j < mode->num_channels; j++) { 2892 struct hostapd_channel_data *chan = &mode->channels[j]; 2893 2894 if (chan->freq != (int) freq) 2895 continue; 2896 2897 if (chan->flag & (HOSTAPD_CHAN_DISABLED | 2898 HOSTAPD_CHAN_NO_IR | 2899 HOSTAPD_CHAN_RADAR)) 2900 continue; 2901 2902 return 1; 2903 } 2904 } 2905 2906 wpa_printf(MSG_DEBUG, 2907 "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list", 2908 freq); 2909 2910 return 0; 2911 } 2912 2913 2914 static int wpas_dpp_pkex_next_channel(struct wpa_supplicant *wpa_s, 2915 struct dpp_pkex *pkex) 2916 { 2917 if (pkex->freq == 2437) 2918 pkex->freq = 5745; 2919 else if (pkex->freq == 5745) 2920 pkex->freq = 5220; 2921 else if (pkex->freq == 5220) 2922 pkex->freq = 60480; 2923 else 2924 return -1; /* no more channels to try */ 2925 2926 if (wpas_dpp_allow_ir(wpa_s, pkex->freq) == 1) { 2927 wpa_printf(MSG_DEBUG, "DPP: Try to initiate on %u MHz", 2928 pkex->freq); 2929 return 0; 2930 } 2931 2932 /* Could not use this channel - try the next one */ 2933 return wpas_dpp_pkex_next_channel(wpa_s, pkex); 2934 } 2935 2936 2937 static void wpas_dpp_pkex_clear_code(struct wpa_supplicant *wpa_s) 2938 { 2939 if (!wpa_s->dpp_pkex_code && !wpa_s->dpp_pkex_identifier) 2940 return; 2941 2942 /* Delete PKEX code and identifier on successful completion of 2943 * PKEX. We are not supposed to reuse these without being 2944 * explicitly requested to perform PKEX again. */ 2945 wpa_printf(MSG_DEBUG, "DPP: Delete PKEX code/identifier"); 2946 os_free(wpa_s->dpp_pkex_code); 2947 wpa_s->dpp_pkex_code = NULL; 2948 os_free(wpa_s->dpp_pkex_identifier); 2949 wpa_s->dpp_pkex_identifier = NULL; 2950 2951 } 2952 2953 2954 #ifdef CONFIG_DPP2 2955 static int wpas_dpp_pkex_done(void *ctx, void *conn, 2956 struct dpp_bootstrap_info *peer_bi) 2957 { 2958 struct wpa_supplicant *wpa_s = ctx; 2959 char cmd[500]; 2960 const char *pos; 2961 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR; 2962 struct dpp_bootstrap_info *own_bi = NULL; 2963 struct dpp_authentication *auth; 2964 2965 wpas_dpp_pkex_clear_code(wpa_s); 2966 2967 os_snprintf(cmd, sizeof(cmd), " peer=%u %s", peer_bi->id, 2968 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : ""); 2969 wpa_printf(MSG_DEBUG, "DPP: Start authentication after PKEX (cmd: %s)", 2970 cmd); 2971 2972 pos = os_strstr(cmd, " own="); 2973 if (pos) { 2974 pos += 5; 2975 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos)); 2976 if (!own_bi) { 2977 wpa_printf(MSG_INFO, 2978 "DPP: Could not find bootstrapping info for the identified local entry"); 2979 return -1; 2980 } 2981 2982 if (peer_bi->curve != own_bi->curve) { 2983 wpa_printf(MSG_INFO, 2984 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)", 2985 peer_bi->curve->name, own_bi->curve->name); 2986 return -1; 2987 } 2988 } 2989 2990 pos = os_strstr(cmd, " role="); 2991 if (pos) { 2992 pos += 6; 2993 if (os_strncmp(pos, "configurator", 12) == 0) 2994 allowed_roles = DPP_CAPAB_CONFIGURATOR; 2995 else if (os_strncmp(pos, "enrollee", 8) == 0) 2996 allowed_roles = DPP_CAPAB_ENROLLEE; 2997 else if (os_strncmp(pos, "either", 6) == 0) 2998 allowed_roles = DPP_CAPAB_CONFIGURATOR | 2999 DPP_CAPAB_ENROLLEE; 3000 else 3001 return -1; 3002 } 3003 3004 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles, 3005 0, wpa_s->hw.modes, wpa_s->hw.num_modes); 3006 if (!auth) 3007 return -1; 3008 3009 wpas_dpp_set_testing_options(wpa_s, auth); 3010 if (dpp_set_configurator(auth, cmd) < 0) { 3011 dpp_auth_deinit(auth); 3012 return -1; 3013 } 3014 3015 return dpp_tcp_auth(wpa_s->dpp, conn, auth, wpa_s->conf->dpp_name, 3016 DPP_NETROLE_STA, 3017 wpa_s->conf->dpp_mud_url, 3018 wpa_s->conf->dpp_extra_conf_req_name, 3019 wpa_s->conf->dpp_extra_conf_req_value, 3020 wpas_dpp_process_conf_obj, 3021 wpas_dpp_tcp_msg_sent); 3022 } 3023 #endif /* CONFIG_DPP2 */ 3024 3025 3026 static int wpas_dpp_pkex_init(struct wpa_supplicant *wpa_s, 3027 enum dpp_pkex_ver ver, 3028 const struct hostapd_ip_addr *ipaddr, 3029 int tcp_port) 3030 { 3031 struct dpp_pkex *pkex; 3032 struct wpabuf *msg; 3033 unsigned int wait_time; 3034 bool v2 = ver != PKEX_VER_ONLY_1; 3035 3036 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEXv%d", v2 ? 2 : 1); 3037 dpp_pkex_free(wpa_s->dpp_pkex); 3038 wpa_s->dpp_pkex = NULL; 3039 pkex = dpp_pkex_init(wpa_s, wpa_s->dpp_pkex_bi, wpa_s->own_addr, 3040 wpa_s->dpp_pkex_identifier, 3041 wpa_s->dpp_pkex_code, wpa_s->dpp_pkex_code_len, 3042 v2); 3043 if (!pkex) 3044 return -1; 3045 pkex->forced_ver = ver != PKEX_VER_AUTO; 3046 3047 if (ipaddr) { 3048 #ifdef CONFIG_DPP2 3049 return dpp_tcp_pkex_init(wpa_s->dpp, pkex, ipaddr, tcp_port, 3050 wpa_s, wpa_s, wpas_dpp_pkex_done); 3051 #else /* CONFIG_DPP2 */ 3052 return -1; 3053 #endif /* CONFIG_DPP2 */ 3054 } 3055 3056 wpa_s->dpp_pkex = pkex; 3057 msg = pkex->exchange_req; 3058 wait_time = wpa_s->max_remain_on_chan; 3059 if (wait_time > 2000) 3060 wait_time = 2000; 3061 pkex->freq = 2437; 3062 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 3063 " freq=%u type=%d", 3064 MAC2STR(broadcast), pkex->freq, 3065 v2 ? DPP_PA_PKEX_EXCHANGE_REQ : 3066 DPP_PA_PKEX_V1_EXCHANGE_REQ); 3067 offchannel_send_action(wpa_s, pkex->freq, broadcast, 3068 wpa_s->own_addr, broadcast, 3069 wpabuf_head(msg), wpabuf_len(msg), 3070 wait_time, wpas_dpp_tx_pkex_status, 0); 3071 if (wait_time == 0) 3072 wait_time = 2000; 3073 pkex->exch_req_wait_time = wait_time; 3074 pkex->exch_req_tries = 1; 3075 3076 return 0; 3077 } 3078 3079 3080 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx) 3081 { 3082 struct wpa_supplicant *wpa_s = eloop_ctx; 3083 struct dpp_pkex *pkex = wpa_s->dpp_pkex; 3084 3085 if (!pkex || !pkex->exchange_req) 3086 return; 3087 if (pkex->exch_req_tries >= 5) { 3088 if (wpas_dpp_pkex_next_channel(wpa_s, pkex) < 0) { 3089 #ifdef CONFIG_DPP3 3090 if (pkex->v2 && !pkex->forced_ver) { 3091 wpa_printf(MSG_DEBUG, 3092 "DPP: Fall back to PKEXv1"); 3093 wpas_dpp_pkex_init(wpa_s, PKEX_VER_ONLY_1, 3094 NULL, 0); 3095 return; 3096 } 3097 #endif /* CONFIG_DPP3 */ 3098 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL 3099 "No response from PKEX peer"); 3100 dpp_pkex_free(pkex); 3101 wpa_s->dpp_pkex = NULL; 3102 return; 3103 } 3104 pkex->exch_req_tries = 0; 3105 } 3106 3107 pkex->exch_req_tries++; 3108 wpa_printf(MSG_DEBUG, "DPP: Retransmit PKEX Exchange Request (try %u)", 3109 pkex->exch_req_tries); 3110 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 3111 MAC2STR(broadcast), pkex->freq, 3112 pkex->v2 ? DPP_PA_PKEX_EXCHANGE_REQ : 3113 DPP_PA_PKEX_V1_EXCHANGE_REQ); 3114 offchannel_send_action(wpa_s, pkex->freq, broadcast, 3115 wpa_s->own_addr, broadcast, 3116 wpabuf_head(pkex->exchange_req), 3117 wpabuf_len(pkex->exchange_req), 3118 pkex->exch_req_wait_time, 3119 wpas_dpp_tx_pkex_status, 0); 3120 } 3121 3122 3123 static void 3124 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s, 3125 unsigned int freq, const u8 *dst, 3126 const u8 *src, const u8 *bssid, 3127 const u8 *data, size_t data_len, 3128 enum offchannel_send_action_result result) 3129 { 3130 const char *res_txt; 3131 struct dpp_pkex *pkex = wpa_s->dpp_pkex; 3132 3133 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" : 3134 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" : 3135 "FAILED"); 3136 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR 3137 " result=%s (PKEX)", 3138 freq, MAC2STR(dst), res_txt); 3139 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR 3140 " freq=%u result=%s", MAC2STR(dst), freq, res_txt); 3141 3142 if (!pkex) { 3143 wpa_printf(MSG_DEBUG, 3144 "DPP: Ignore TX status since there is no ongoing PKEX exchange"); 3145 return; 3146 } 3147 3148 if (pkex->failed) { 3149 wpa_printf(MSG_DEBUG, 3150 "DPP: Terminate PKEX exchange due to an earlier error"); 3151 if (pkex->t > pkex->own_bi->pkex_t) 3152 pkex->own_bi->pkex_t = pkex->t; 3153 dpp_pkex_free(pkex); 3154 wpa_s->dpp_pkex = NULL; 3155 return; 3156 } 3157 3158 if (pkex->exch_req_wait_time && pkex->exchange_req) { 3159 /* Wait for PKEX Exchange Response frame and retry request if 3160 * no response is seen. */ 3161 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL); 3162 eloop_register_timeout(pkex->exch_req_wait_time / 1000, 3163 (pkex->exch_req_wait_time % 1000) * 1000, 3164 wpas_dpp_pkex_retry_timeout, wpa_s, 3165 NULL); 3166 } 3167 } 3168 3169 3170 static void 3171 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src, 3172 const u8 *buf, size_t len, unsigned int freq, 3173 bool v2) 3174 { 3175 struct wpabuf *msg; 3176 unsigned int wait_time; 3177 3178 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR, 3179 MAC2STR(src)); 3180 3181 if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_1 && v2) { 3182 wpa_printf(MSG_DEBUG, 3183 "DPP: Ignore PKEXv2 Exchange Request when configured to be PKEX v1 only"); 3184 return; 3185 } 3186 if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_2 && !v2) { 3187 wpa_printf(MSG_DEBUG, 3188 "DPP: Ignore PKEXv1 Exchange Request when configured to be PKEX v2 only"); 3189 return; 3190 } 3191 3192 /* TODO: Support multiple PKEX codes by iterating over all the enabled 3193 * values here */ 3194 3195 if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) { 3196 wpa_printf(MSG_DEBUG, 3197 "DPP: No PKEX code configured - ignore request"); 3198 return; 3199 } 3200 3201 #ifdef CONFIG_DPP2 3202 if (dpp_controller_is_own_pkex_req(wpa_s->dpp, buf, len)) { 3203 wpa_printf(MSG_DEBUG, 3204 "DPP: PKEX Exchange Request is from local Controller - ignore request"); 3205 return; 3206 } 3207 #endif /* CONFIG_DPP2 */ 3208 3209 if (wpa_s->dpp_pkex) { 3210 /* TODO: Support parallel operations */ 3211 wpa_printf(MSG_DEBUG, 3212 "DPP: Already in PKEX session - ignore new request"); 3213 return; 3214 } 3215 3216 wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi, 3217 wpa_s->own_addr, src, 3218 wpa_s->dpp_pkex_identifier, 3219 wpa_s->dpp_pkex_code, 3220 wpa_s->dpp_pkex_code_len, 3221 buf, len, v2); 3222 if (!wpa_s->dpp_pkex) { 3223 wpa_printf(MSG_DEBUG, 3224 "DPP: Failed to process the request - ignore it"); 3225 return; 3226 } 3227 3228 #ifdef CONFIG_DPP3 3229 if (wpa_s->dpp_pb_bi && wpa_s->dpp_pb_announcement) { 3230 wpa_printf(MSG_DEBUG, 3231 "DPP: Started PB PKEX (no more PB announcements)"); 3232 wpabuf_free(wpa_s->dpp_pb_announcement); 3233 wpa_s->dpp_pb_announcement = NULL; 3234 } 3235 #endif /* CONFIG_DPP3 */ 3236 wpa_s->dpp_pkex_wait_auth_req = false; 3237 msg = wpa_s->dpp_pkex->exchange_resp; 3238 wait_time = wpa_s->max_remain_on_chan; 3239 if (wait_time > 2000) 3240 wait_time = 2000; 3241 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 3242 MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP); 3243 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, 3244 broadcast, 3245 wpabuf_head(msg), wpabuf_len(msg), 3246 wait_time, wpas_dpp_tx_pkex_status, 0); 3247 } 3248 3249 3250 static void 3251 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src, 3252 const u8 *buf, size_t len, unsigned int freq) 3253 { 3254 struct wpabuf *msg; 3255 unsigned int wait_time; 3256 3257 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR, 3258 MAC2STR(src)); 3259 3260 /* TODO: Support multiple PKEX codes by iterating over all the enabled 3261 * values here */ 3262 3263 if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator || 3264 wpa_s->dpp_pkex->exchange_done) { 3265 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); 3266 return; 3267 } 3268 3269 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL); 3270 wpa_s->dpp_pkex->exch_req_wait_time = 0; 3271 3272 msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, src, buf, len); 3273 if (!msg) { 3274 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response"); 3275 return; 3276 } 3277 3278 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR, 3279 MAC2STR(src)); 3280 3281 wait_time = wpa_s->max_remain_on_chan; 3282 if (wait_time > 2000) 3283 wait_time = 2000; 3284 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 3285 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ); 3286 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, 3287 broadcast, 3288 wpabuf_head(msg), wpabuf_len(msg), 3289 wait_time, wpas_dpp_tx_pkex_status, 0); 3290 wpabuf_free(msg); 3291 } 3292 3293 3294 static struct dpp_bootstrap_info * 3295 wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer, 3296 unsigned int freq) 3297 { 3298 struct dpp_bootstrap_info *bi; 3299 3300 wpas_dpp_pkex_clear_code(wpa_s); 3301 bi = dpp_pkex_finish(wpa_s->dpp, wpa_s->dpp_pkex, peer, freq); 3302 if (!bi) 3303 return NULL; 3304 3305 wpa_s->dpp_pkex = NULL; 3306 3307 #ifdef CONFIG_DPP3 3308 if (wpa_s->dpp_pb_bi && !wpa_s->dpp_pb_configurator && 3309 os_memcmp(bi->pubkey_hash_chirp, wpa_s->dpp_pb_init_hash, 3310 SHA256_MAC_LEN) != 0) { 3311 char id[20]; 3312 3313 wpa_printf(MSG_INFO, 3314 "DPP: Peer bootstrap key from PKEX does not match PB announcement response hash"); 3315 wpa_hexdump(MSG_DEBUG, 3316 "DPP: Peer provided bootstrap key hash(chirp) from PB PKEX", 3317 bi->pubkey_hash_chirp, SHA256_MAC_LEN); 3318 wpa_hexdump(MSG_DEBUG, 3319 "DPP: Peer provided bootstrap key hash(chirp) from PB announcement response", 3320 wpa_s->dpp_pb_init_hash, SHA256_MAC_LEN); 3321 3322 os_snprintf(id, sizeof(id), "%u", bi->id); 3323 dpp_bootstrap_remove(wpa_s->dpp, id); 3324 wpas_dpp_push_button_stop(wpa_s); 3325 return NULL; 3326 } 3327 #endif /* CONFIG_DPP3 */ 3328 3329 return bi; 3330 } 3331 3332 3333 static void 3334 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src, 3335 const u8 *hdr, const u8 *buf, size_t len, 3336 unsigned int freq) 3337 { 3338 struct wpabuf *msg; 3339 unsigned int wait_time; 3340 struct dpp_pkex *pkex = wpa_s->dpp_pkex; 3341 3342 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR, 3343 MAC2STR(src)); 3344 3345 if (!pkex || pkex->initiator || !pkex->exchange_done) { 3346 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); 3347 return; 3348 } 3349 3350 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len); 3351 if (!msg) { 3352 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request"); 3353 if (pkex->failed) { 3354 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange"); 3355 if (pkex->t > pkex->own_bi->pkex_t) 3356 pkex->own_bi->pkex_t = pkex->t; 3357 dpp_pkex_free(wpa_s->dpp_pkex); 3358 wpa_s->dpp_pkex = NULL; 3359 } 3360 return; 3361 } 3362 3363 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to " 3364 MACSTR, MAC2STR(src)); 3365 3366 wait_time = wpa_s->max_remain_on_chan; 3367 if (wait_time > 2000) 3368 wait_time = 2000; 3369 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 3370 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP); 3371 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, 3372 broadcast, 3373 wpabuf_head(msg), wpabuf_len(msg), 3374 wait_time, wpas_dpp_tx_pkex_status, 0); 3375 wpabuf_free(msg); 3376 3377 wpas_dpp_pkex_finish(wpa_s, src, freq); 3378 wpa_s->dpp_pkex_wait_auth_req = true; 3379 } 3380 3381 3382 static void 3383 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src, 3384 const u8 *hdr, const u8 *buf, size_t len, 3385 unsigned int freq) 3386 { 3387 int res; 3388 struct dpp_bootstrap_info *bi; 3389 struct dpp_pkex *pkex = wpa_s->dpp_pkex; 3390 char cmd[500]; 3391 3392 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR, 3393 MAC2STR(src)); 3394 3395 if (!pkex || !pkex->initiator || !pkex->exchange_done) { 3396 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); 3397 return; 3398 } 3399 3400 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len); 3401 if (res < 0) { 3402 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response"); 3403 return; 3404 } 3405 3406 bi = wpas_dpp_pkex_finish(wpa_s, src, freq); 3407 if (!bi) 3408 return; 3409 3410 #ifdef CONFIG_DPP3 3411 if (wpa_s->dpp_pb_bi && wpa_s->dpp_pb_configurator && 3412 os_memcmp(bi->pubkey_hash_chirp, wpa_s->dpp_pb_resp_hash, 3413 SHA256_MAC_LEN) != 0) { 3414 char id[20]; 3415 3416 wpa_printf(MSG_INFO, 3417 "DPP: Peer bootstrap key from PKEX does not match PB announcement hash"); 3418 wpa_hexdump(MSG_DEBUG, 3419 "DPP: Peer provided bootstrap key hash(chirp) from PB PKEX", 3420 bi->pubkey_hash_chirp, SHA256_MAC_LEN); 3421 wpa_hexdump(MSG_DEBUG, 3422 "DPP: Peer provided bootstrap key hash(chirp) from PB announcement", 3423 wpa_s->dpp_pb_resp_hash, SHA256_MAC_LEN); 3424 3425 os_snprintf(id, sizeof(id), "%u", bi->id); 3426 dpp_bootstrap_remove(wpa_s->dpp, id); 3427 wpas_dpp_push_button_stop(wpa_s); 3428 return; 3429 } 3430 #endif /* CONFIG_DPP3 */ 3431 3432 os_snprintf(cmd, sizeof(cmd), " peer=%u %s", 3433 bi->id, 3434 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : ""); 3435 wpa_printf(MSG_DEBUG, 3436 "DPP: Start authentication after PKEX with parameters: %s", 3437 cmd); 3438 if (wpas_dpp_auth_init(wpa_s, cmd) < 0) { 3439 wpa_printf(MSG_DEBUG, 3440 "DPP: Authentication initialization failed"); 3441 offchannel_send_action_done(wpa_s); 3442 return; 3443 } 3444 } 3445 3446 3447 #ifdef CONFIG_DPP3 3448 3449 static void wpas_dpp_pb_pkex_init(struct wpa_supplicant *wpa_s, 3450 unsigned int freq, const u8 *src, 3451 const u8 *r_hash) 3452 { 3453 struct dpp_pkex *pkex; 3454 struct wpabuf *msg; 3455 unsigned int wait_time; 3456 size_t len; 3457 3458 if (wpa_s->dpp_pkex) { 3459 wpa_printf(MSG_DEBUG, 3460 "DPP: Sending previously generated PKEX Exchange Request to " 3461 MACSTR, MAC2STR(src)); 3462 msg = wpa_s->dpp_pkex->exchange_req; 3463 wait_time = wpa_s->max_remain_on_chan; 3464 if (wait_time > 2000) 3465 wait_time = 2000; 3466 offchannel_send_action(wpa_s, freq, src, 3467 wpa_s->own_addr, broadcast, 3468 wpabuf_head(msg), wpabuf_len(msg), 3469 wait_time, wpas_dpp_tx_pkex_status, 0); 3470 return; 3471 } 3472 3473 wpa_printf(MSG_DEBUG, "DPP: Initiate PKEX for push button with " 3474 MACSTR, MAC2STR(src)); 3475 3476 if (!wpa_s->dpp_pb_cmd) { 3477 wpa_printf(MSG_INFO, 3478 "DPP: No configuration to provision as push button Configurator"); 3479 wpas_dpp_push_button_stop(wpa_s); 3480 return; 3481 } 3482 3483 wpa_s->dpp_pkex_bi = wpa_s->dpp_pb_bi; 3484 os_memcpy(wpa_s->dpp_pb_resp_hash, r_hash, SHA256_MAC_LEN); 3485 3486 pkex = dpp_pkex_init(wpa_s, wpa_s->dpp_pkex_bi, wpa_s->own_addr, 3487 "PBPKEX", (const char *) wpa_s->dpp_pb_c_nonce, 3488 wpa_s->dpp_pb_bi->curve->nonce_len, 3489 true); 3490 if (!pkex) { 3491 wpas_dpp_push_button_stop(wpa_s); 3492 return; 3493 } 3494 pkex->freq = freq; 3495 3496 wpa_s->dpp_pkex = pkex; 3497 msg = wpa_s->dpp_pkex->exchange_req; 3498 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR 3499 " freq=%u type=%d", MAC2STR(src), freq, 3500 DPP_PA_PKEX_EXCHANGE_REQ); 3501 wait_time = wpa_s->max_remain_on_chan; 3502 if (wait_time > 2000) 3503 wait_time = 2000; 3504 offchannel_send_action(wpa_s, pkex->freq, src, 3505 wpa_s->own_addr, broadcast, 3506 wpabuf_head(msg), wpabuf_len(msg), 3507 wait_time, wpas_dpp_tx_pkex_status, 0); 3508 pkex->exch_req_wait_time = 2000; 3509 pkex->exch_req_tries = 1; 3510 3511 /* Use the externally provided configuration */ 3512 os_free(wpa_s->dpp_pkex_auth_cmd); 3513 len = 30 + os_strlen(wpa_s->dpp_pb_cmd); 3514 wpa_s->dpp_pkex_auth_cmd = os_malloc(len); 3515 if (wpa_s->dpp_pkex_auth_cmd) 3516 os_snprintf(wpa_s->dpp_pkex_auth_cmd, len, " own=%d %s", 3517 wpa_s->dpp_pkex_bi->id, wpa_s->dpp_pb_cmd); 3518 else 3519 wpas_dpp_push_button_stop(wpa_s); 3520 } 3521 3522 3523 static void 3524 wpas_dpp_rx_pb_presence_announcement(struct wpa_supplicant *wpa_s, 3525 const u8 *src, const u8 *hdr, 3526 const u8 *buf, size_t len, 3527 unsigned int freq) 3528 { 3529 const u8 *r_hash; 3530 u16 r_hash_len; 3531 unsigned int i; 3532 bool found = false; 3533 struct dpp_pb_info *info, *tmp; 3534 struct os_reltime now, age; 3535 struct wpabuf *msg; 3536 3537 os_get_reltime(&now); 3538 wpa_printf(MSG_DEBUG, "DPP: Push Button Presence Announcement from " 3539 MACSTR, MAC2STR(src)); 3540 3541 r_hash = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 3542 &r_hash_len); 3543 if (!r_hash || r_hash_len != SHA256_MAC_LEN) { 3544 wpa_printf(MSG_DEBUG, 3545 "DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute"); 3546 return; 3547 } 3548 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 3549 r_hash, r_hash_len); 3550 3551 for (i = 0; i < DPP_PB_INFO_COUNT; i++) { 3552 info = &wpa_s->dpp_pb[i]; 3553 if ((info->rx_time.sec == 0 && info->rx_time.usec == 0) || 3554 os_memcmp(r_hash, info->hash, SHA256_MAC_LEN) != 0) 3555 continue; 3556 wpa_printf(MSG_DEBUG, 3557 "DPP: Active push button Enrollee already known"); 3558 found = true; 3559 info->rx_time = now; 3560 } 3561 3562 if (!found) { 3563 for (i = 0; i < DPP_PB_INFO_COUNT; i++) { 3564 tmp = &wpa_s->dpp_pb[i]; 3565 if (tmp->rx_time.sec == 0 && tmp->rx_time.usec == 0) 3566 continue; 3567 3568 if (os_reltime_expired(&now, &tmp->rx_time, 120)) { 3569 wpa_hexdump(MSG_DEBUG, 3570 "DPP: Push button Enrollee hash expired", 3571 tmp->hash, SHA256_MAC_LEN); 3572 tmp->rx_time.sec = 0; 3573 tmp->rx_time.usec = 0; 3574 continue; 3575 } 3576 3577 wpa_hexdump(MSG_DEBUG, 3578 "DPP: Push button session overlap with hash", 3579 tmp->hash, SHA256_MAC_LEN); 3580 if (!wpa_s->dpp_pb_result_indicated && 3581 wpas_dpp_pb_active(wpa_s)) { 3582 wpa_msg(wpa_s, MSG_INFO, 3583 DPP_EVENT_PB_RESULT "session-overlap"); 3584 wpa_s->dpp_pb_result_indicated = true; 3585 } 3586 wpas_dpp_push_button_stop(wpa_s); 3587 return; 3588 } 3589 3590 /* Replace the oldest entry */ 3591 info = &wpa_s->dpp_pb[0]; 3592 for (i = 1; i < DPP_PB_INFO_COUNT; i++) { 3593 tmp = &wpa_s->dpp_pb[i]; 3594 if (os_reltime_before(&tmp->rx_time, &info->rx_time)) 3595 info = tmp; 3596 } 3597 wpa_printf(MSG_DEBUG, "DPP: New active push button Enrollee"); 3598 os_memcpy(info->hash, r_hash, SHA256_MAC_LEN); 3599 info->rx_time = now; 3600 } 3601 3602 if (!wpas_dpp_pb_active(wpa_s)) { 3603 wpa_printf(MSG_DEBUG, 3604 "DPP: Discard message since own push button has not been pressed"); 3605 return; 3606 } 3607 3608 if (wpa_s->dpp_pb_announce_time.sec == 0 && 3609 wpa_s->dpp_pb_announce_time.usec == 0) { 3610 /* Start a wait before allowing PKEX to be initiated */ 3611 wpa_s->dpp_pb_announce_time = now; 3612 } 3613 3614 if (!wpa_s->dpp_pb_bi) { 3615 int res; 3616 3617 res = dpp_bootstrap_gen(wpa_s->dpp, "type=pkex"); 3618 if (res < 0) 3619 return; 3620 wpa_s->dpp_pb_bi = dpp_bootstrap_get_id(wpa_s->dpp, res); 3621 if (!wpa_s->dpp_pb_bi) 3622 return; 3623 3624 if (random_get_bytes(wpa_s->dpp_pb_c_nonce, 3625 wpa_s->dpp_pb_bi->curve->nonce_len)) { 3626 wpa_printf(MSG_ERROR, 3627 "DPP: Failed to generate C-nonce"); 3628 wpas_dpp_push_button_stop(wpa_s); 3629 return; 3630 } 3631 } 3632 3633 /* Skip the response if one was sent within last 50 ms since the 3634 * Enrollee is going to send out at least three announcement messages. 3635 */ 3636 os_reltime_sub(&now, &wpa_s->dpp_pb_last_resp, &age); 3637 if (age.sec == 0 && age.usec < 50000) { 3638 wpa_printf(MSG_DEBUG, 3639 "DPP: Skip Push Button Presence Announcement Response frame immediately after having sent one"); 3640 return; 3641 } 3642 3643 msg = dpp_build_pb_announcement_resp( 3644 wpa_s->dpp_pb_bi, r_hash, wpa_s->dpp_pb_c_nonce, 3645 wpa_s->dpp_pb_bi->curve->nonce_len); 3646 if (!msg) { 3647 wpas_dpp_push_button_stop(wpa_s); 3648 return; 3649 } 3650 3651 wpa_printf(MSG_DEBUG, 3652 "DPP: Send Push Button Presence Announcement Response to " 3653 MACSTR, MAC2STR(src)); 3654 wpa_s->dpp_pb_last_resp = now; 3655 3656 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 3657 MAC2STR(src), freq, DPP_PA_PB_PRESENCE_ANNOUNCEMENT_RESP); 3658 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast, 3659 wpabuf_head(msg), wpabuf_len(msg), 3660 0, NULL, 0); 3661 wpabuf_free(msg); 3662 3663 if (os_reltime_expired(&now, &wpa_s->dpp_pb_announce_time, 15)) 3664 wpas_dpp_pb_pkex_init(wpa_s, freq, src, r_hash); 3665 } 3666 3667 3668 static void 3669 wpas_dpp_rx_pb_presence_announcement_resp(struct wpa_supplicant *wpa_s, 3670 const u8 *src, const u8 *hdr, 3671 const u8 *buf, size_t len, 3672 unsigned int freq) 3673 { 3674 const u8 *i_hash, *r_hash, *c_nonce; 3675 u16 i_hash_len, r_hash_len, c_nonce_len; 3676 bool overlap = false; 3677 3678 if (!wpa_s->dpp_pb_announcement || !wpa_s->dpp_pb_bi || 3679 wpa_s->dpp_pb_configurator) { 3680 wpa_printf(MSG_INFO, 3681 "DPP: Not in active push button Enrollee mode - discard Push Button Presence Announcement Response from " 3682 MACSTR, MAC2STR(src)); 3683 return; 3684 } 3685 3686 wpa_printf(MSG_DEBUG, 3687 "DPP: Push Button Presence Announcement Response from " 3688 MACSTR, MAC2STR(src)); 3689 3690 i_hash = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, 3691 &i_hash_len); 3692 r_hash = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 3693 &r_hash_len); 3694 c_nonce = dpp_get_attr(buf, len, DPP_ATTR_CONFIGURATOR_NONCE, 3695 &c_nonce_len); 3696 if (!i_hash || i_hash_len != SHA256_MAC_LEN || 3697 !r_hash || r_hash_len != SHA256_MAC_LEN || 3698 !c_nonce || c_nonce_len > DPP_MAX_NONCE_LEN) { 3699 wpa_printf(MSG_DEBUG, 3700 "DPP: Missing or invalid required attribute"); 3701 return; 3702 } 3703 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash", 3704 i_hash, i_hash_len); 3705 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 3706 r_hash, r_hash_len); 3707 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator Nonce", 3708 c_nonce, c_nonce_len); 3709 3710 #ifdef CONFIG_TESTING_OPTIONS 3711 if (dpp_test == DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_PB_REQ && 3712 os_memcmp(r_hash, wpa_s->dpp_pb_bi->pubkey_hash_chirp, 3713 SHA256_MAC_LEN - 1) == 0) 3714 goto skip_hash_check; 3715 #endif /* CONFIG_TESTING_OPTIONS */ 3716 if (os_memcmp(r_hash, wpa_s->dpp_pb_bi->pubkey_hash_chirp, 3717 SHA256_MAC_LEN) != 0) { 3718 wpa_printf(MSG_INFO, 3719 "DPP: Unexpected push button Responder hash - abort"); 3720 overlap = true; 3721 } 3722 #ifdef CONFIG_TESTING_OPTIONS 3723 skip_hash_check: 3724 #endif /* CONFIG_TESTING_OPTIONS */ 3725 3726 if (wpa_s->dpp_pb_resp_freq && 3727 os_memcmp(i_hash, wpa_s->dpp_pb_init_hash, SHA256_MAC_LEN) != 0) { 3728 wpa_printf(MSG_INFO, 3729 "DPP: Push button session overlap detected - abort"); 3730 overlap = true; 3731 } 3732 3733 if (overlap) { 3734 if (!wpa_s->dpp_pb_result_indicated) { 3735 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT 3736 "session-overlap"); 3737 wpa_s->dpp_pb_result_indicated = true; 3738 } 3739 wpas_dpp_push_button_stop(wpa_s); 3740 return; 3741 } 3742 3743 if (!wpa_s->dpp_pb_resp_freq) { 3744 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS 3745 "discovered push button AP/Configurator " MACSTR, 3746 MAC2STR(src)); 3747 wpa_s->dpp_pb_resp_freq = freq; 3748 os_memcpy(wpa_s->dpp_pb_init_hash, i_hash, SHA256_MAC_LEN); 3749 os_memcpy(wpa_s->dpp_pb_c_nonce, c_nonce, c_nonce_len); 3750 wpa_s->dpp_pb_c_nonce_len = c_nonce_len; 3751 /* Stop announcement iterations after at least one more full 3752 * round and one extra round for postponed session overlap 3753 * detection. */ 3754 wpa_s->dpp_pb_stop_iter = 3; 3755 } 3756 } 3757 3758 3759 static void 3760 wpas_dpp_tx_priv_intro_status(struct wpa_supplicant *wpa_s, 3761 unsigned int freq, const u8 *dst, 3762 const u8 *src, const u8 *bssid, 3763 const u8 *data, size_t data_len, 3764 enum offchannel_send_action_result result) 3765 { 3766 const char *res_txt; 3767 3768 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" : 3769 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" : 3770 "FAILED"); 3771 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR 3772 " result=%s (DPP Private Peer Introduction Update)", 3773 freq, MAC2STR(dst), res_txt); 3774 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR 3775 " freq=%u result=%s", MAC2STR(dst), freq, res_txt); 3776 3777 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR " version=%u", 3778 MAC2STR(src), wpa_s->dpp_intro_peer_version); 3779 3780 wpa_printf(MSG_DEBUG, 3781 "DPP: Try connection again after successful network introduction"); 3782 if (wpa_supplicant_fast_associate(wpa_s) != 1) { 3783 wpa_supplicant_cancel_sched_scan(wpa_s); 3784 wpa_supplicant_req_scan(wpa_s, 0, 0); 3785 } 3786 } 3787 3788 3789 static int 3790 wpas_dpp_send_private_peer_intro_update(struct wpa_supplicant *wpa_s, 3791 struct dpp_introduction *intro, 3792 struct wpa_ssid *ssid, 3793 const u8 *dst, unsigned int freq) 3794 { 3795 struct wpabuf *pt, *msg, *enc_ct; 3796 size_t len; 3797 u8 ver = DPP_VERSION; 3798 int conn_ver; 3799 const u8 *aad; 3800 size_t aad_len; 3801 unsigned int wait_time; 3802 3803 wpa_printf(MSG_DEBUG, "HPKE(kem_id=%u kdf_id=%u aead_id=%u)", 3804 intro->kem_id, intro->kdf_id, intro->aead_id); 3805 3806 /* Plaintext for HPKE */ 3807 len = 5 + 4 + os_strlen(ssid->dpp_connector); 3808 pt = wpabuf_alloc(len); 3809 if (!pt) 3810 return -1; 3811 3812 /* Protocol Version */ 3813 conn_ver = dpp_get_connector_version(ssid->dpp_connector); 3814 if (conn_ver > 0 && ver != conn_ver) { 3815 wpa_printf(MSG_DEBUG, 3816 "DPP: Use Connector version %d instead of current protocol version %d", 3817 conn_ver, ver); 3818 ver = conn_ver; 3819 } 3820 wpabuf_put_le16(pt, DPP_ATTR_PROTOCOL_VERSION); 3821 wpabuf_put_le16(pt, 1); 3822 wpabuf_put_u8(pt, ver); 3823 3824 /* Connector */ 3825 wpabuf_put_le16(pt, DPP_ATTR_CONNECTOR); 3826 wpabuf_put_le16(pt, os_strlen(ssid->dpp_connector)); 3827 wpabuf_put_str(pt, ssid->dpp_connector); 3828 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Plaintext for HPKE", pt); 3829 3830 /* HPKE(pt) using AP's public key (from its Connector) */ 3831 msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_UPDATE, 0); 3832 if (!msg) { 3833 wpabuf_free(pt); 3834 return -1; 3835 } 3836 aad = wpabuf_head_u8(msg) + 2; /* from the OUI field (inclusive) */ 3837 aad_len = DPP_HDR_LEN; /* to the DPP Frame Type field (inclusive) */ 3838 wpa_hexdump(MSG_MSGDUMP, "DPP: AAD for HPKE", aad, aad_len); 3839 3840 enc_ct = hpke_base_seal(intro->kem_id, intro->kdf_id, intro->aead_id, 3841 intro->peer_key, NULL, 0, aad, aad_len, 3842 wpabuf_head(pt), wpabuf_len(pt)); 3843 wpabuf_free(pt); 3844 wpabuf_free(msg); 3845 if (!enc_ct) { 3846 wpa_printf(MSG_INFO, "DPP: HPKE Seal(Connector) failed"); 3847 return -1; 3848 } 3849 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: HPKE enc|ct", enc_ct); 3850 3851 /* HPKE(pt) to generate payload for Wrapped Data */ 3852 len = 5 + 4 + wpabuf_len(enc_ct); 3853 msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_UPDATE, len); 3854 if (!msg) { 3855 wpabuf_free(enc_ct); 3856 return -1; 3857 } 3858 3859 /* Transaction ID */ 3860 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID); 3861 wpabuf_put_le16(msg, 1); 3862 wpabuf_put_u8(msg, TRANSACTION_ID); 3863 3864 /* Wrapped Data */ 3865 wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA); 3866 wpabuf_put_le16(msg, wpabuf_len(enc_ct)); 3867 wpabuf_put_buf(msg, enc_ct); 3868 wpabuf_free(enc_ct); 3869 3870 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Private Peer Intro Update", msg); 3871 3872 /* TODO: Timeout on AP response */ 3873 wait_time = wpa_s->max_remain_on_chan; 3874 if (wait_time > 2000) 3875 wait_time = 2000; 3876 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 3877 MAC2STR(dst), freq, DPP_PA_PRIV_PEER_INTRO_QUERY); 3878 offchannel_send_action(wpa_s, freq, dst, wpa_s->own_addr, broadcast, 3879 wpabuf_head(msg), wpabuf_len(msg), 3880 wait_time, wpas_dpp_tx_priv_intro_status, 0); 3881 wpabuf_free(msg); 3882 3883 return 0; 3884 } 3885 3886 3887 static void 3888 wpas_dpp_rx_priv_peer_intro_notify(struct wpa_supplicant *wpa_s, 3889 const u8 *src, const u8 *hdr, 3890 const u8 *buf, size_t len, 3891 unsigned int freq) 3892 { 3893 struct wpa_ssid *ssid; 3894 const u8 *connector, *trans_id, *version; 3895 u16 connector_len, trans_id_len, version_len; 3896 u8 peer_version = 1; 3897 struct dpp_introduction intro; 3898 struct rsn_pmksa_cache_entry *entry; 3899 struct os_time now; 3900 struct os_reltime rnow; 3901 os_time_t expiry; 3902 unsigned int seconds; 3903 enum dpp_status_error res; 3904 3905 os_memset(&intro, 0, sizeof(intro)); 3906 3907 wpa_printf(MSG_DEBUG, "DPP: Private Peer Introduction Notify from " 3908 MACSTR, MAC2STR(src)); 3909 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) || 3910 !ether_addr_equal(src, wpa_s->dpp_intro_bssid)) { 3911 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from " 3912 MACSTR " - drop", MAC2STR(src)); 3913 return; 3914 } 3915 offchannel_send_action_done(wpa_s); 3916 3917 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 3918 if (ssid == wpa_s->dpp_intro_network) 3919 break; 3920 } 3921 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey || 3922 !ssid->dpp_csign) { 3923 wpa_printf(MSG_DEBUG, 3924 "DPP: Profile not found for network introduction"); 3925 return; 3926 } 3927 3928 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID, 3929 &trans_id_len); 3930 if (!trans_id || trans_id_len != 1) { 3931 wpa_printf(MSG_DEBUG, 3932 "DPP: Peer did not include Transaction ID"); 3933 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 3934 " fail=missing_transaction_id", MAC2STR(src)); 3935 goto fail; 3936 } 3937 if (trans_id[0] != TRANSACTION_ID) { 3938 wpa_printf(MSG_DEBUG, 3939 "DPP: Ignore frame with unexpected Transaction ID %u", 3940 trans_id[0]); 3941 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 3942 " fail=transaction_id_mismatch", MAC2STR(src)); 3943 goto fail; 3944 } 3945 3946 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len); 3947 if (!connector) { 3948 wpa_printf(MSG_DEBUG, 3949 "DPP: Peer did not include its Connector"); 3950 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 3951 " fail=missing_connector", MAC2STR(src)); 3952 goto fail; 3953 } 3954 3955 version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION, 3956 &version_len); 3957 if (!version || version_len < 1) { 3958 wpa_printf(MSG_DEBUG, 3959 "DPP: Peer did not include valid Version"); 3960 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 3961 " fail=missing_version", MAC2STR(src)); 3962 goto fail; 3963 } 3964 3965 res = dpp_peer_intro(&intro, ssid->dpp_connector, 3966 ssid->dpp_netaccesskey, 3967 ssid->dpp_netaccesskey_len, 3968 ssid->dpp_csign, 3969 ssid->dpp_csign_len, 3970 connector, connector_len, &expiry, NULL); 3971 if (res != DPP_STATUS_OK) { 3972 wpa_printf(MSG_INFO, 3973 "DPP: Network Introduction protocol resulted in failure"); 3974 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR 3975 " fail=peer_connector_validation_failed", MAC2STR(src)); 3976 wpas_dpp_send_conn_status_result(wpa_s, res); 3977 goto fail; 3978 } 3979 3980 peer_version = version[0]; 3981 if (intro.peer_version && intro.peer_version >= 2 && 3982 peer_version != intro.peer_version) { 3983 wpa_printf(MSG_INFO, 3984 "DPP: Protocol version mismatch (Connector: %d Attribute: %d", 3985 intro.peer_version, peer_version); 3986 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH); 3987 goto fail; 3988 } 3989 wpa_s->dpp_intro_peer_version = peer_version; 3990 3991 entry = os_zalloc(sizeof(*entry)); 3992 if (!entry) 3993 goto fail; 3994 entry->dpp_pfs = peer_version >= 2; 3995 os_memcpy(entry->aa, src, ETH_ALEN); 3996 os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN); 3997 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN); 3998 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len); 3999 entry->pmk_len = intro.pmk_len; 4000 entry->akmp = WPA_KEY_MGMT_DPP; 4001 if (expiry) { 4002 os_get_time(&now); 4003 seconds = expiry - now.sec; 4004 } else { 4005 seconds = 86400 * 7; 4006 } 4007 4008 if (wpas_dpp_send_private_peer_intro_update(wpa_s, &intro, ssid, src, 4009 freq) < 0) { 4010 os_free(entry); 4011 goto fail; 4012 } 4013 4014 os_get_reltime(&rnow); 4015 entry->expiration = rnow.sec + seconds; 4016 entry->reauth_time = rnow.sec + seconds; 4017 entry->network_ctx = ssid; 4018 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry); 4019 4020 /* Association will be initiated from TX status handler for the Private 4021 * Peer Intro Update: wpas_dpp_tx_priv_intro_status() */ 4022 4023 fail: 4024 dpp_peer_intro_deinit(&intro); 4025 } 4026 4027 #endif /* CONFIG_DPP3 */ 4028 4029 4030 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src, 4031 const u8 *buf, size_t len, unsigned int freq) 4032 { 4033 u8 crypto_suite; 4034 enum dpp_public_action_frame_type type; 4035 const u8 *hdr; 4036 unsigned int pkex_t; 4037 4038 if (len < DPP_HDR_LEN) 4039 return; 4040 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE) 4041 return; 4042 hdr = buf; 4043 buf += 4; 4044 len -= 4; 4045 crypto_suite = *buf++; 4046 type = *buf++; 4047 len -= 2; 4048 4049 wpa_printf(MSG_DEBUG, 4050 "DPP: Received DPP Public Action frame crypto suite %u type %d from " 4051 MACSTR " freq=%u", 4052 crypto_suite, type, MAC2STR(src), freq); 4053 #ifdef CONFIG_TESTING_OPTIONS 4054 if (wpa_s->dpp_discard_public_action && 4055 type != DPP_PA_PEER_DISCOVERY_RESP && 4056 type != DPP_PA_PRIV_PEER_INTRO_NOTIFY) { 4057 wpa_printf(MSG_DEBUG, 4058 "TESTING: Discard received DPP Public Action frame"); 4059 return; 4060 } 4061 #endif /* CONFIG_TESTING_OPTIONS */ 4062 if (crypto_suite != 1) { 4063 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u", 4064 crypto_suite); 4065 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR 4066 " freq=%u type=%d ignore=unsupported-crypto-suite", 4067 MAC2STR(src), freq, type); 4068 return; 4069 } 4070 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len); 4071 if (dpp_check_attrs(buf, len) < 0) { 4072 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR 4073 " freq=%u type=%d ignore=invalid-attributes", 4074 MAC2STR(src), freq, type); 4075 return; 4076 } 4077 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d", 4078 MAC2STR(src), freq, type); 4079 4080 switch (type) { 4081 case DPP_PA_AUTHENTICATION_REQ: 4082 wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq); 4083 break; 4084 case DPP_PA_AUTHENTICATION_RESP: 4085 wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq); 4086 break; 4087 case DPP_PA_AUTHENTICATION_CONF: 4088 wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len); 4089 break; 4090 case DPP_PA_PEER_DISCOVERY_RESP: 4091 wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len); 4092 break; 4093 #ifdef CONFIG_DPP3 4094 case DPP_PA_PKEX_EXCHANGE_REQ: 4095 /* This is for PKEXv2, but for now, process only with 4096 * CONFIG_DPP3 to avoid issues with a capability that has not 4097 * been tested with other implementations. */ 4098 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq, true); 4099 break; 4100 #endif /* CONFIG_DPP3 */ 4101 case DPP_PA_PKEX_V1_EXCHANGE_REQ: 4102 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq, 4103 false); 4104 break; 4105 case DPP_PA_PKEX_EXCHANGE_RESP: 4106 wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq); 4107 break; 4108 case DPP_PA_PKEX_COMMIT_REVEAL_REQ: 4109 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len, 4110 freq); 4111 break; 4112 case DPP_PA_PKEX_COMMIT_REVEAL_RESP: 4113 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len, 4114 freq); 4115 break; 4116 #ifdef CONFIG_DPP2 4117 case DPP_PA_CONFIGURATION_RESULT: 4118 wpas_dpp_rx_conf_result(wpa_s, src, hdr, buf, len); 4119 break; 4120 case DPP_PA_CONNECTION_STATUS_RESULT: 4121 wpas_dpp_rx_conn_status_result(wpa_s, src, hdr, buf, len); 4122 break; 4123 case DPP_PA_PRESENCE_ANNOUNCEMENT: 4124 wpas_dpp_rx_presence_announcement(wpa_s, src, hdr, buf, len, 4125 freq); 4126 break; 4127 case DPP_PA_RECONFIG_ANNOUNCEMENT: 4128 wpas_dpp_rx_reconfig_announcement(wpa_s, src, hdr, buf, len, 4129 freq); 4130 break; 4131 case DPP_PA_RECONFIG_AUTH_REQ: 4132 wpas_dpp_rx_reconfig_auth_req(wpa_s, src, hdr, buf, len, freq); 4133 break; 4134 case DPP_PA_RECONFIG_AUTH_RESP: 4135 wpas_dpp_rx_reconfig_auth_resp(wpa_s, src, hdr, buf, len, freq); 4136 break; 4137 case DPP_PA_RECONFIG_AUTH_CONF: 4138 wpas_dpp_rx_reconfig_auth_conf(wpa_s, src, hdr, buf, len, freq); 4139 break; 4140 #endif /* CONFIG_DPP2 */ 4141 #ifdef CONFIG_DPP3 4142 case DPP_PA_PB_PRESENCE_ANNOUNCEMENT: 4143 wpas_dpp_rx_pb_presence_announcement(wpa_s, src, hdr, 4144 buf, len, freq); 4145 break; 4146 case DPP_PA_PB_PRESENCE_ANNOUNCEMENT_RESP: 4147 wpas_dpp_rx_pb_presence_announcement_resp(wpa_s, src, hdr, 4148 buf, len, freq); 4149 break; 4150 case DPP_PA_PRIV_PEER_INTRO_NOTIFY: 4151 wpas_dpp_rx_priv_peer_intro_notify(wpa_s, src, hdr, 4152 buf, len, freq); 4153 break; 4154 #endif /* CONFIG_DPP3 */ 4155 default: 4156 wpa_printf(MSG_DEBUG, 4157 "DPP: Ignored unsupported frame subtype %d", type); 4158 break; 4159 } 4160 4161 if (wpa_s->dpp_pkex) 4162 pkex_t = wpa_s->dpp_pkex->t; 4163 else if (wpa_s->dpp_pkex_bi) 4164 pkex_t = wpa_s->dpp_pkex_bi->pkex_t; 4165 else 4166 pkex_t = 0; 4167 if (pkex_t >= PKEX_COUNTER_T_LIMIT) { 4168 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0"); 4169 wpas_dpp_pkex_remove(wpa_s, "*"); 4170 } 4171 } 4172 4173 4174 static void wpas_dpp_gas_initial_resp_timeout(void *eloop_ctx, 4175 void *timeout_ctx) 4176 { 4177 struct wpa_supplicant *wpa_s = eloop_ctx; 4178 struct dpp_authentication *auth = wpa_s->dpp_auth; 4179 4180 if (!auth || !auth->waiting_config || !auth->config_resp_ctx) 4181 return; 4182 4183 wpa_printf(MSG_DEBUG, 4184 "DPP: No configuration available from upper layers - send initial response with comeback delay"); 4185 gas_server_set_comeback_delay(wpa_s->gas_server, auth->config_resp_ctx, 4186 500); 4187 } 4188 4189 4190 static struct wpabuf * 4191 wpas_dpp_gas_req_handler(void *ctx, void *resp_ctx, const u8 *sa, 4192 const u8 *query, size_t query_len, int *comeback_delay) 4193 { 4194 struct wpa_supplicant *wpa_s = ctx; 4195 struct dpp_authentication *auth = wpa_s->dpp_auth; 4196 struct wpabuf *resp; 4197 4198 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR, 4199 MAC2STR(sa)); 4200 if (!auth || (!auth->auth_success && !auth->reconfig_success) || 4201 !ether_addr_equal(sa, auth->peer_mac_addr)) { 4202 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 4203 return NULL; 4204 } 4205 4206 if (wpa_s->dpp_auth_ok_on_ack && auth->configurator) { 4207 wpa_printf(MSG_DEBUG, 4208 "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request"); 4209 /* wpas_dpp_auth_success() would normally have been called from 4210 * TX status handler, but since there was no such handler call 4211 * yet, simply send out the event message and proceed with 4212 * exchange. */ 4213 dpp_notify_auth_success(auth, 1); 4214 wpa_s->dpp_auth_ok_on_ack = 0; 4215 #ifdef CONFIG_TESTING_OPTIONS 4216 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) { 4217 wpa_printf(MSG_INFO, 4218 "DPP: TESTING - stop at Authentication Confirm"); 4219 return NULL; 4220 } 4221 #endif /* CONFIG_TESTING_OPTIONS */ 4222 } 4223 4224 wpa_hexdump(MSG_DEBUG, 4225 "DPP: Received Configuration Request (GAS Query Request)", 4226 query, query_len); 4227 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR, 4228 MAC2STR(sa)); 4229 resp = dpp_conf_req_rx(auth, query, query_len); 4230 4231 auth->gas_server_ctx = resp_ctx; 4232 4233 #ifdef CONFIG_DPP2 4234 if (!resp && auth->waiting_cert) { 4235 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready"); 4236 auth->config_resp_ctx = resp_ctx; 4237 *comeback_delay = 500; 4238 return NULL; 4239 } 4240 #endif /* CONFIG_DPP2 */ 4241 4242 if (!resp && auth->waiting_config && 4243 (auth->peer_bi || auth->tmp_peer_bi)) { 4244 char *buf = NULL, *name = ""; 4245 char band[200], *pos, *end; 4246 int i, res, *opclass = auth->e_band_support; 4247 char *mud_url = "N/A"; 4248 4249 wpa_printf(MSG_DEBUG, "DPP: Configuration not yet ready"); 4250 auth->config_resp_ctx = resp_ctx; 4251 *comeback_delay = -1; 4252 if (auth->e_name) { 4253 size_t len = os_strlen(auth->e_name); 4254 4255 buf = os_malloc(len * 4 + 1); 4256 if (buf) { 4257 printf_encode(buf, len * 4 + 1, 4258 (const u8 *) auth->e_name, len); 4259 name = buf; 4260 } 4261 } 4262 band[0] = '\0'; 4263 pos = band; 4264 end = band + sizeof(band); 4265 for (i = 0; opclass && opclass[i]; i++) { 4266 res = os_snprintf(pos, end - pos, "%s%d", 4267 pos == band ? "" : ",", opclass[i]); 4268 if (os_snprintf_error(end - pos, res)) { 4269 *pos = '\0'; 4270 break; 4271 } 4272 pos += res; 4273 } 4274 if (auth->e_mud_url) { 4275 size_t len = os_strlen(auth->e_mud_url); 4276 4277 if (!has_ctrl_char((const u8 *) auth->e_mud_url, len)) 4278 mud_url = auth->e_mud_url; 4279 } 4280 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_NEEDED "peer=%d src=" 4281 MACSTR " net_role=%s name=\"%s\" opclass=%s mud_url=%s", 4282 auth->peer_bi ? auth->peer_bi->id : 4283 auth->tmp_peer_bi->id, MAC2STR(sa), 4284 dpp_netrole_str(auth->e_netrole), name, band, mud_url); 4285 os_free(buf); 4286 4287 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s, 4288 NULL); 4289 eloop_register_timeout(0, 50000, 4290 wpas_dpp_gas_initial_resp_timeout, wpa_s, 4291 NULL); 4292 return NULL; 4293 } 4294 4295 auth->conf_resp = resp; 4296 if (!resp) { 4297 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED); 4298 dpp_auth_deinit(wpa_s->dpp_auth); 4299 wpa_s->dpp_auth = NULL; 4300 } 4301 return resp; 4302 } 4303 4304 4305 static void 4306 wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok) 4307 { 4308 struct wpa_supplicant *wpa_s = ctx; 4309 struct dpp_authentication *auth = wpa_s->dpp_auth; 4310 4311 if (!auth) { 4312 wpabuf_free(resp); 4313 return; 4314 } 4315 if (auth->conf_resp != resp) { 4316 wpa_printf(MSG_DEBUG, 4317 "DPP: Ignore GAS status report (ok=%d) for unknown response", 4318 ok); 4319 wpabuf_free(resp); 4320 return; 4321 } 4322 4323 #ifdef CONFIG_DPP2 4324 if (auth->waiting_csr && ok) { 4325 wpa_printf(MSG_DEBUG, "DPP: Waiting for CSR"); 4326 wpabuf_free(resp); 4327 return; 4328 } 4329 #endif /* CONFIG_DPP2 */ 4330 4331 #ifdef CONFIG_DPP3 4332 if (auth->waiting_new_key && ok) { 4333 wpa_printf(MSG_DEBUG, "DPP: Waiting for a new key"); 4334 wpabuf_free(resp); 4335 return; 4336 } 4337 #endif /* CONFIG_DPP3 */ 4338 4339 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)", 4340 ok); 4341 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); 4342 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL); 4343 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL); 4344 #ifdef CONFIG_DPP2 4345 if (ok && auth->peer_version >= 2 && 4346 auth->conf_resp_status == DPP_STATUS_OK && 4347 !auth->waiting_conf_result) { 4348 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result"); 4349 auth->waiting_conf_result = 1; 4350 auth->conf_resp = NULL; 4351 wpabuf_free(resp); 4352 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, 4353 wpa_s, NULL); 4354 eloop_register_timeout(2, 0, 4355 wpas_dpp_config_result_wait_timeout, 4356 wpa_s, NULL); 4357 return; 4358 } 4359 #endif /* CONFIG_DPP2 */ 4360 offchannel_send_action_done(wpa_s); 4361 wpas_dpp_listen_stop(wpa_s); 4362 if (ok) 4363 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT "conf_status=%d", 4364 auth->conf_resp_status); 4365 else 4366 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED); 4367 dpp_auth_deinit(wpa_s->dpp_auth); 4368 wpa_s->dpp_auth = NULL; 4369 wpabuf_free(resp); 4370 #ifdef CONFIG_DPP3 4371 if (!wpa_s->dpp_pb_result_indicated && wpas_dpp_pb_active(wpa_s)) { 4372 if (ok) 4373 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT 4374 "success"); 4375 else 4376 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT 4377 "could-not-connect"); 4378 wpa_s->dpp_pb_result_indicated = true; 4379 if (ok) 4380 wpas_dpp_remove_pb_hash(wpa_s); 4381 wpas_dpp_push_button_stop(wpa_s); 4382 } 4383 #endif /* CONFIG_DPP3 */ 4384 } 4385 4386 4387 int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd) 4388 { 4389 struct dpp_authentication *auth; 4390 int ret = -1; 4391 char *curve = NULL; 4392 4393 auth = dpp_alloc_auth(wpa_s->dpp, wpa_s); 4394 if (!auth) 4395 return -1; 4396 4397 curve = get_param(cmd, " curve="); 4398 wpas_dpp_set_testing_options(wpa_s, auth); 4399 if (dpp_set_configurator(auth, cmd) == 0 && 4400 dpp_configurator_own_config(auth, curve, 0) == 0) 4401 ret = wpas_dpp_handle_config_obj(wpa_s, auth, 4402 &auth->conf_obj[0]); 4403 if (!ret) 4404 wpas_dpp_post_process_config(wpa_s, auth); 4405 4406 dpp_auth_deinit(auth); 4407 os_free(curve); 4408 4409 return ret; 4410 } 4411 4412 4413 static void 4414 wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s, 4415 unsigned int freq, const u8 *dst, 4416 const u8 *src, const u8 *bssid, 4417 const u8 *data, size_t data_len, 4418 enum offchannel_send_action_result result) 4419 { 4420 const char *res_txt; 4421 4422 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" : 4423 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" : 4424 "FAILED"); 4425 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR 4426 " result=%s (DPP Peer Discovery Request)", 4427 freq, MAC2STR(dst), res_txt); 4428 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR 4429 " freq=%u result=%s", MAC2STR(dst), freq, res_txt); 4430 /* TODO: Time out wait for response more quickly in error cases? */ 4431 } 4432 4433 4434 #ifdef CONFIG_DPP3 4435 static int wpas_dpp_start_private_peer_intro(struct wpa_supplicant *wpa_s, 4436 struct wpa_ssid *ssid, 4437 struct wpa_bss *bss) 4438 { 4439 struct wpabuf *msg; 4440 unsigned int wait_time; 4441 size_t len; 4442 u8 ver = DPP_VERSION; 4443 int conn_ver; 4444 4445 len = 5 + 5; 4446 msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_QUERY, len); 4447 if (!msg) 4448 return -1; 4449 4450 /* Transaction ID */ 4451 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID); 4452 wpabuf_put_le16(msg, 1); 4453 wpabuf_put_u8(msg, TRANSACTION_ID); 4454 4455 conn_ver = dpp_get_connector_version(ssid->dpp_connector); 4456 if (conn_ver > 0 && ver != conn_ver) { 4457 wpa_printf(MSG_DEBUG, 4458 "DPP: Use Connector version %d instead of current protocol version %d", 4459 conn_ver, ver); 4460 ver = conn_ver; 4461 } 4462 4463 /* Protocol Version */ 4464 wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION); 4465 wpabuf_put_le16(msg, 1); 4466 wpabuf_put_u8(msg, ver); 4467 4468 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Private Peer Intro Query", msg); 4469 4470 /* TODO: Timeout on AP response */ 4471 wait_time = wpa_s->max_remain_on_chan; 4472 if (wait_time > 2000) 4473 wait_time = 2000; 4474 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 4475 MAC2STR(bss->bssid), bss->freq, DPP_PA_PRIV_PEER_INTRO_QUERY); 4476 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr, 4477 broadcast, 4478 wpabuf_head(msg), wpabuf_len(msg), 4479 wait_time, wpas_dpp_tx_introduction_status, 0); 4480 wpabuf_free(msg); 4481 4482 /* Request this connection attempt to terminate - new one will be 4483 * started when network introduction protocol completes */ 4484 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN); 4485 wpa_s->dpp_intro_network = ssid; 4486 return 1; 4487 } 4488 #endif /* CONFIG_DPP3 */ 4489 4490 4491 int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, 4492 struct wpa_bss *bss) 4493 { 4494 struct os_time now; 4495 struct wpabuf *msg; 4496 unsigned int wait_time; 4497 const u8 *rsn; 4498 struct wpa_ie_data ied; 4499 size_t len; 4500 4501 if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss) 4502 return 0; /* Not using DPP AKM - continue */ 4503 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); 4504 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 && 4505 !(ied.key_mgmt & WPA_KEY_MGMT_DPP)) 4506 return 0; /* AP does not support DPP AKM - continue */ 4507 if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, wpa_s->own_addr, ssid)) 4508 return 0; /* PMKSA exists for DPP AKM - continue */ 4509 4510 if (!ssid->dpp_connector || !ssid->dpp_netaccesskey || 4511 !ssid->dpp_csign) { 4512 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR 4513 "missing %s", 4514 !ssid->dpp_connector ? "Connector" : 4515 (!ssid->dpp_netaccesskey ? "netAccessKey" : 4516 "C-sign-key")); 4517 return -1; 4518 } 4519 4520 os_get_time(&now); 4521 4522 if (ssid->dpp_netaccesskey_expiry && 4523 (os_time_t) ssid->dpp_netaccesskey_expiry < now.sec) { 4524 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR 4525 "netAccessKey expired"); 4526 return -1; 4527 } 4528 4529 wpa_printf(MSG_DEBUG, 4530 "DPP: Starting %snetwork introduction protocol to derive PMKSA for " 4531 MACSTR, 4532 ssid->dpp_connector_privacy ? "private " : "", 4533 MAC2STR(bss->bssid)); 4534 if (wpa_s->wpa_state == WPA_SCANNING) 4535 wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state); 4536 4537 #ifdef CONFIG_DPP3 4538 if (ssid->dpp_connector_privacy) 4539 return wpas_dpp_start_private_peer_intro(wpa_s, ssid, bss); 4540 #endif /* CONFIG_DPP3 */ 4541 4542 len = 5 + 4 + os_strlen(ssid->dpp_connector); 4543 #ifdef CONFIG_DPP2 4544 len += 5; 4545 #endif /* CONFIG_DPP2 */ 4546 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ, len); 4547 if (!msg) 4548 return -1; 4549 4550 #ifdef CONFIG_TESTING_OPTIONS 4551 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) { 4552 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID"); 4553 goto skip_trans_id; 4554 } 4555 if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ) { 4556 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID"); 4557 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID); 4558 wpabuf_put_le16(msg, 0); 4559 goto skip_trans_id; 4560 } 4561 #endif /* CONFIG_TESTING_OPTIONS */ 4562 4563 /* Transaction ID */ 4564 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID); 4565 wpabuf_put_le16(msg, 1); 4566 wpabuf_put_u8(msg, TRANSACTION_ID); 4567 4568 #ifdef CONFIG_TESTING_OPTIONS 4569 skip_trans_id: 4570 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) { 4571 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector"); 4572 goto skip_connector; 4573 } 4574 if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) { 4575 char *connector; 4576 4577 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector"); 4578 connector = dpp_corrupt_connector_signature( 4579 ssid->dpp_connector); 4580 if (!connector) { 4581 wpabuf_free(msg); 4582 return -1; 4583 } 4584 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR); 4585 wpabuf_put_le16(msg, os_strlen(connector)); 4586 wpabuf_put_str(msg, connector); 4587 os_free(connector); 4588 goto skip_connector; 4589 } 4590 #endif /* CONFIG_TESTING_OPTIONS */ 4591 4592 /* DPP Connector */ 4593 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR); 4594 wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector)); 4595 wpabuf_put_str(msg, ssid->dpp_connector); 4596 4597 #ifdef CONFIG_TESTING_OPTIONS 4598 skip_connector: 4599 if (dpp_test == DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_REQ) { 4600 wpa_printf(MSG_INFO, "DPP: TESTING - no Protocol Version"); 4601 goto skip_proto_ver; 4602 } 4603 #endif /* CONFIG_TESTING_OPTIONS */ 4604 4605 #ifdef CONFIG_DPP2 4606 if (DPP_VERSION > 1) { 4607 u8 ver = DPP_VERSION; 4608 #ifdef CONFIG_DPP3 4609 int conn_ver; 4610 4611 conn_ver = dpp_get_connector_version(ssid->dpp_connector); 4612 if (conn_ver > 0 && ver != conn_ver) { 4613 wpa_printf(MSG_DEBUG, 4614 "DPP: Use Connector version %d instead of current protocol version %d", 4615 conn_ver, ver); 4616 ver = conn_ver; 4617 } 4618 #endif /* CONFIG_DPP3 */ 4619 4620 #ifdef CONFIG_TESTING_OPTIONS 4621 if (dpp_test == DPP_TEST_INVALID_PROTOCOL_VERSION_PEER_DISC_REQ) { 4622 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Protocol Version"); 4623 ver = 1; 4624 } 4625 #endif /* CONFIG_TESTING_OPTIONS */ 4626 4627 /* Protocol Version */ 4628 wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION); 4629 wpabuf_put_le16(msg, 1); 4630 wpabuf_put_u8(msg, ver); 4631 } 4632 #endif /* CONFIG_DPP2 */ 4633 4634 #ifdef CONFIG_TESTING_OPTIONS 4635 skip_proto_ver: 4636 #endif /* CONFIG_TESTING_OPTIONS */ 4637 4638 /* TODO: Timeout on AP response */ 4639 wait_time = wpa_s->max_remain_on_chan; 4640 if (wait_time > 2000) 4641 wait_time = 2000; 4642 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 4643 MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ); 4644 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr, 4645 broadcast, 4646 wpabuf_head(msg), wpabuf_len(msg), 4647 wait_time, wpas_dpp_tx_introduction_status, 0); 4648 wpabuf_free(msg); 4649 4650 /* Request this connection attempt to terminate - new one will be 4651 * started when network introduction protocol completes */ 4652 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN); 4653 wpa_s->dpp_intro_network = ssid; 4654 return 1; 4655 } 4656 4657 4658 int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd) 4659 { 4660 struct dpp_bootstrap_info *own_bi; 4661 const char *pos, *end; 4662 #ifdef CONFIG_DPP3 4663 enum dpp_pkex_ver ver = PKEX_VER_AUTO; 4664 #else /* CONFIG_DPP3 */ 4665 enum dpp_pkex_ver ver = PKEX_VER_ONLY_1; 4666 #endif /* CONFIG_DPP3 */ 4667 int tcp_port = DPP_TCP_PORT; 4668 struct hostapd_ip_addr *ipaddr = NULL; 4669 #ifdef CONFIG_DPP2 4670 struct hostapd_ip_addr ipaddr_buf; 4671 char *addr; 4672 4673 pos = os_strstr(cmd, " tcp_port="); 4674 if (pos) { 4675 pos += 10; 4676 tcp_port = atoi(pos); 4677 } 4678 4679 addr = get_param(cmd, " tcp_addr="); 4680 if (addr) { 4681 int res; 4682 4683 res = hostapd_parse_ip_addr(addr, &ipaddr_buf); 4684 os_free(addr); 4685 if (res) 4686 return -1; 4687 ipaddr = &ipaddr_buf; 4688 } 4689 #endif /* CONFIG_DPP2 */ 4690 4691 pos = os_strstr(cmd, " own="); 4692 if (!pos) 4693 return -1; 4694 pos += 5; 4695 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos)); 4696 if (!own_bi) { 4697 wpa_printf(MSG_DEBUG, 4698 "DPP: Identified bootstrap info not found"); 4699 return -1; 4700 } 4701 if (own_bi->type != DPP_BOOTSTRAP_PKEX) { 4702 wpa_printf(MSG_DEBUG, 4703 "DPP: Identified bootstrap info not for PKEX"); 4704 return -1; 4705 } 4706 wpa_s->dpp_pkex_bi = own_bi; 4707 own_bi->pkex_t = 0; /* clear pending errors on new code */ 4708 4709 os_free(wpa_s->dpp_pkex_identifier); 4710 wpa_s->dpp_pkex_identifier = NULL; 4711 pos = os_strstr(cmd, " identifier="); 4712 if (pos) { 4713 pos += 12; 4714 end = os_strchr(pos, ' '); 4715 if (!end) 4716 return -1; 4717 wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1); 4718 if (!wpa_s->dpp_pkex_identifier) 4719 return -1; 4720 os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos); 4721 wpa_s->dpp_pkex_identifier[end - pos] = '\0'; 4722 } 4723 4724 pos = os_strstr(cmd, " code="); 4725 if (!pos) 4726 return -1; 4727 os_free(wpa_s->dpp_pkex_code); 4728 wpa_s->dpp_pkex_code = os_strdup(pos + 6); 4729 if (!wpa_s->dpp_pkex_code) 4730 return -1; 4731 wpa_s->dpp_pkex_code_len = os_strlen(wpa_s->dpp_pkex_code); 4732 4733 pos = os_strstr(cmd, " ver="); 4734 if (pos) { 4735 int v; 4736 4737 pos += 5; 4738 v = atoi(pos); 4739 if (v == 1) 4740 ver = PKEX_VER_ONLY_1; 4741 else if (v == 2) 4742 ver = PKEX_VER_ONLY_2; 4743 else 4744 return -1; 4745 } 4746 wpa_s->dpp_pkex_ver = ver; 4747 4748 if (os_strstr(cmd, " init=1")) { 4749 if (wpas_dpp_pkex_init(wpa_s, ver, ipaddr, tcp_port) < 0) 4750 return -1; 4751 } else { 4752 #ifdef CONFIG_DPP2 4753 dpp_controller_pkex_add(wpa_s->dpp, own_bi, 4754 wpa_s->dpp_pkex_code, 4755 wpa_s->dpp_pkex_identifier); 4756 #endif /* CONFIG_DPP2 */ 4757 } 4758 4759 /* TODO: Support multiple PKEX info entries */ 4760 4761 os_free(wpa_s->dpp_pkex_auth_cmd); 4762 wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd); 4763 4764 return 1; 4765 } 4766 4767 4768 int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id) 4769 { 4770 unsigned int id_val; 4771 4772 if (os_strcmp(id, "*") == 0) { 4773 id_val = 0; 4774 } else { 4775 id_val = atoi(id); 4776 if (id_val == 0) 4777 return -1; 4778 } 4779 4780 if ((id_val != 0 && id_val != 1)) 4781 return -1; 4782 4783 /* TODO: Support multiple PKEX entries */ 4784 os_free(wpa_s->dpp_pkex_code); 4785 wpa_s->dpp_pkex_code = NULL; 4786 os_free(wpa_s->dpp_pkex_identifier); 4787 wpa_s->dpp_pkex_identifier = NULL; 4788 os_free(wpa_s->dpp_pkex_auth_cmd); 4789 wpa_s->dpp_pkex_auth_cmd = NULL; 4790 wpa_s->dpp_pkex_bi = NULL; 4791 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */ 4792 dpp_pkex_free(wpa_s->dpp_pkex); 4793 wpa_s->dpp_pkex = NULL; 4794 return 0; 4795 } 4796 4797 4798 void wpas_dpp_stop(struct wpa_supplicant *wpa_s) 4799 { 4800 if (wpa_s->dpp_auth || wpa_s->dpp_pkex || wpa_s->dpp_pkex_wait_auth_req) 4801 offchannel_send_action_done(wpa_s); 4802 dpp_auth_deinit(wpa_s->dpp_auth); 4803 wpa_s->dpp_auth = NULL; 4804 dpp_pkex_free(wpa_s->dpp_pkex); 4805 wpa_s->dpp_pkex = NULL; 4806 wpa_s->dpp_pkex_wait_auth_req = false; 4807 if (wpa_s->dpp_gas_client && wpa_s->dpp_gas_dialog_token >= 0) 4808 gas_query_stop(wpa_s->gas, wpa_s->dpp_gas_dialog_token); 4809 #ifdef CONFIG_DPP3 4810 wpas_dpp_push_button_stop(wpa_s); 4811 #endif /* CONFIG_DPP3 */ 4812 } 4813 4814 4815 int wpas_dpp_init(struct wpa_supplicant *wpa_s) 4816 { 4817 struct dpp_global_config config; 4818 u8 adv_proto_id[7]; 4819 4820 adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC; 4821 adv_proto_id[1] = 5; 4822 WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA); 4823 adv_proto_id[5] = DPP_OUI_TYPE; 4824 adv_proto_id[6] = 0x01; 4825 4826 if (gas_server_register(wpa_s->gas_server, adv_proto_id, 4827 sizeof(adv_proto_id), wpas_dpp_gas_req_handler, 4828 wpas_dpp_gas_status_handler, wpa_s) < 0) 4829 return -1; 4830 4831 os_memset(&config, 0, sizeof(config)); 4832 config.cb_ctx = wpa_s; 4833 #ifdef CONFIG_DPP2 4834 config.remove_bi = wpas_dpp_remove_bi; 4835 #endif /* CONFIG_DPP2 */ 4836 wpa_s->dpp = dpp_global_init(&config); 4837 return wpa_s->dpp ? 0 : -1; 4838 } 4839 4840 4841 void wpas_dpp_deinit(struct wpa_supplicant *wpa_s) 4842 { 4843 #ifdef CONFIG_TESTING_OPTIONS 4844 os_free(wpa_s->dpp_config_obj_override); 4845 wpa_s->dpp_config_obj_override = NULL; 4846 os_free(wpa_s->dpp_discovery_override); 4847 wpa_s->dpp_discovery_override = NULL; 4848 os_free(wpa_s->dpp_groups_override); 4849 wpa_s->dpp_groups_override = NULL; 4850 wpa_s->dpp_ignore_netaccesskey_mismatch = 0; 4851 #endif /* CONFIG_TESTING_OPTIONS */ 4852 if (!wpa_s->dpp) 4853 return; 4854 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL); 4855 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); 4856 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL); 4857 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); 4858 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL); 4859 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s, NULL); 4860 eloop_cancel_timeout(wpas_dpp_gas_client_timeout, wpa_s, NULL); 4861 eloop_cancel_timeout(wpas_dpp_drv_wait_timeout, wpa_s, NULL); 4862 eloop_cancel_timeout(wpas_dpp_tx_auth_resp_roc_timeout, wpa_s, NULL); 4863 eloop_cancel_timeout(wpas_dpp_neg_freq_timeout, wpa_s, NULL); 4864 #ifdef CONFIG_DPP2 4865 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL); 4866 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout, 4867 wpa_s, NULL); 4868 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL); 4869 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout, 4870 wpa_s, NULL); 4871 eloop_cancel_timeout(wpas_dpp_build_csr, wpa_s, NULL); 4872 eloop_cancel_timeout(wpas_dpp_connected_timeout, wpa_s, NULL); 4873 dpp_pfs_free(wpa_s->dpp_pfs); 4874 wpa_s->dpp_pfs = NULL; 4875 wpas_dpp_chirp_stop(wpa_s); 4876 dpp_free_reconfig_id(wpa_s->dpp_reconfig_id); 4877 wpa_s->dpp_reconfig_id = NULL; 4878 #endif /* CONFIG_DPP2 */ 4879 #ifdef CONFIG_DPP3 4880 eloop_cancel_timeout(wpas_dpp_build_new_key, wpa_s, NULL); 4881 #endif /* CONFIG_DPP3 */ 4882 offchannel_send_action_done(wpa_s); 4883 wpas_dpp_listen_stop(wpa_s); 4884 wpas_dpp_stop(wpa_s); 4885 wpas_dpp_pkex_remove(wpa_s, "*"); 4886 os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN); 4887 os_free(wpa_s->dpp_configurator_params); 4888 wpa_s->dpp_configurator_params = NULL; 4889 dpp_global_clear(wpa_s->dpp); 4890 } 4891 4892 4893 static int wpas_dpp_build_conf_resp(struct wpa_supplicant *wpa_s, 4894 struct dpp_authentication *auth, bool tcp) 4895 { 4896 struct wpabuf *resp; 4897 4898 resp = dpp_build_conf_resp(auth, auth->e_nonce, auth->curve->nonce_len, 4899 auth->e_netrole, true); 4900 if (!resp) 4901 return -1; 4902 4903 if (tcp) { 4904 auth->conf_resp_tcp = resp; 4905 return 0; 4906 } 4907 4908 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s, NULL); 4909 if (gas_server_set_resp(wpa_s->gas_server, auth->config_resp_ctx, 4910 resp) < 0) { 4911 wpa_printf(MSG_DEBUG, 4912 "DPP: Could not find pending GAS response"); 4913 wpabuf_free(resp); 4914 return -1; 4915 } 4916 auth->conf_resp = resp; 4917 return 0; 4918 } 4919 4920 4921 int wpas_dpp_conf_set(struct wpa_supplicant *wpa_s, const char *cmd) 4922 { 4923 int peer; 4924 const char *pos; 4925 struct dpp_authentication *auth = wpa_s->dpp_auth; 4926 bool tcp = false; 4927 4928 pos = os_strstr(cmd, " peer="); 4929 if (!pos) 4930 return -1; 4931 peer = atoi(pos + 6); 4932 #ifdef CONFIG_DPP2 4933 if (!auth || !auth->waiting_config || 4934 (auth->peer_bi && 4935 (unsigned int) peer != auth->peer_bi->id)) { 4936 auth = dpp_controller_get_auth(wpa_s->dpp, peer); 4937 tcp = true; 4938 } 4939 #endif /* CONFIG_DPP2 */ 4940 4941 if (!auth || !auth->waiting_config) { 4942 wpa_printf(MSG_DEBUG, 4943 "DPP: No authentication exchange waiting for configuration information"); 4944 return -1; 4945 } 4946 4947 if ((!auth->peer_bi || 4948 (unsigned int) peer != auth->peer_bi->id) && 4949 (!auth->tmp_peer_bi || 4950 (unsigned int) peer != auth->tmp_peer_bi->id)) { 4951 wpa_printf(MSG_DEBUG, "DPP: Peer mismatch"); 4952 return -1; 4953 } 4954 4955 pos = os_strstr(cmd, " comeback="); 4956 if (pos) { 4957 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s, 4958 NULL); 4959 gas_server_set_comeback_delay(wpa_s->gas_server, 4960 auth->config_resp_ctx, 4961 atoi(pos + 10)); 4962 return 0; 4963 } 4964 4965 if (dpp_set_configurator(auth, cmd) < 0) 4966 return -1; 4967 4968 auth->use_config_query = false; 4969 auth->waiting_config = false; 4970 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp); 4971 } 4972 4973 4974 #ifdef CONFIG_DPP2 4975 4976 int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd) 4977 { 4978 struct dpp_controller_config config; 4979 const char *pos; 4980 4981 os_memset(&config, 0, sizeof(config)); 4982 config.allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR; 4983 config.netrole = DPP_NETROLE_STA; 4984 config.msg_ctx = wpa_s; 4985 config.cb_ctx = wpa_s; 4986 config.process_conf_obj = wpas_dpp_process_conf_obj; 4987 config.tcp_msg_sent = wpas_dpp_tcp_msg_sent; 4988 if (cmd) { 4989 pos = os_strstr(cmd, " tcp_port="); 4990 if (pos) { 4991 pos += 10; 4992 config.tcp_port = atoi(pos); 4993 } 4994 4995 pos = os_strstr(cmd, " role="); 4996 if (pos) { 4997 pos += 6; 4998 if (os_strncmp(pos, "configurator", 12) == 0) 4999 config.allowed_roles = DPP_CAPAB_CONFIGURATOR; 5000 else if (os_strncmp(pos, "enrollee", 8) == 0) 5001 config.allowed_roles = DPP_CAPAB_ENROLLEE; 5002 else if (os_strncmp(pos, "either", 6) == 0) 5003 config.allowed_roles = DPP_CAPAB_CONFIGURATOR | 5004 DPP_CAPAB_ENROLLEE; 5005 else 5006 return -1; 5007 } 5008 5009 config.qr_mutual = os_strstr(cmd, " qr=mutual") != NULL; 5010 } 5011 config.configurator_params = wpa_s->dpp_configurator_params; 5012 return dpp_controller_start(wpa_s->dpp, &config); 5013 } 5014 5015 5016 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx); 5017 5018 static void wpas_dpp_chirp_timeout(void *eloop_ctx, void *timeout_ctx) 5019 { 5020 struct wpa_supplicant *wpa_s = eloop_ctx; 5021 5022 wpa_printf(MSG_DEBUG, "DPP: No chirp response received"); 5023 offchannel_send_action_done(wpa_s); 5024 wpas_dpp_chirp_next(wpa_s, NULL); 5025 } 5026 5027 5028 static void wpas_dpp_chirp_tx_status(struct wpa_supplicant *wpa_s, 5029 unsigned int freq, const u8 *dst, 5030 const u8 *src, const u8 *bssid, 5031 const u8 *data, size_t data_len, 5032 enum offchannel_send_action_result result) 5033 { 5034 if (result == OFFCHANNEL_SEND_ACTION_FAILED) { 5035 wpa_printf(MSG_DEBUG, "DPP: Failed to send chirp on %d MHz", 5036 wpa_s->dpp_chirp_freq); 5037 if (eloop_register_timeout(0, 0, wpas_dpp_chirp_next, 5038 wpa_s, NULL) < 0) 5039 wpas_dpp_chirp_stop(wpa_s); 5040 return; 5041 } 5042 5043 wpa_printf(MSG_DEBUG, "DPP: Chirp send completed - wait for response"); 5044 if (eloop_register_timeout(2, 0, wpas_dpp_chirp_timeout, 5045 wpa_s, NULL) < 0) 5046 wpas_dpp_chirp_stop(wpa_s); 5047 } 5048 5049 5050 static void wpas_dpp_chirp_start(struct wpa_supplicant *wpa_s) 5051 { 5052 struct wpabuf *msg, *announce = NULL; 5053 int type; 5054 5055 msg = wpa_s->dpp_presence_announcement; 5056 type = DPP_PA_PRESENCE_ANNOUNCEMENT; 5057 if (!msg) { 5058 struct wpa_ssid *ssid = wpa_s->dpp_reconfig_ssid; 5059 5060 if (ssid && wpa_s->dpp_reconfig_id && 5061 wpa_config_get_network(wpa_s->conf, 5062 wpa_s->dpp_reconfig_ssid_id) == 5063 ssid) { 5064 announce = dpp_build_reconfig_announcement( 5065 ssid->dpp_csign, 5066 ssid->dpp_csign_len, 5067 ssid->dpp_netaccesskey, 5068 ssid->dpp_netaccesskey_len, 5069 wpa_s->dpp_reconfig_id); 5070 msg = announce; 5071 } 5072 if (!msg) 5073 return; 5074 type = DPP_PA_RECONFIG_ANNOUNCEMENT; 5075 } 5076 wpa_printf(MSG_DEBUG, "DPP: Chirp on %d MHz", wpa_s->dpp_chirp_freq); 5077 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 5078 MAC2STR(broadcast), wpa_s->dpp_chirp_freq, type); 5079 if (offchannel_send_action( 5080 wpa_s, wpa_s->dpp_chirp_freq, broadcast, 5081 wpa_s->own_addr, broadcast, 5082 wpabuf_head(msg), wpabuf_len(msg), 5083 2000, wpas_dpp_chirp_tx_status, 0) < 0) 5084 wpas_dpp_chirp_stop(wpa_s); 5085 5086 wpabuf_free(announce); 5087 } 5088 5089 5090 static int * wpas_dpp_presence_ann_channels(struct wpa_supplicant *wpa_s, 5091 struct dpp_bootstrap_info *bi) 5092 { 5093 unsigned int i; 5094 struct hostapd_hw_modes *mode; 5095 int c; 5096 struct wpa_bss *bss; 5097 bool chan6 = wpa_s->hw.modes == NULL; 5098 int *freqs = NULL; 5099 5100 /* Channels from own bootstrapping info */ 5101 if (bi) { 5102 for (i = 0; i < bi->num_freq; i++) 5103 int_array_add_unique(&freqs, bi->freq[i]); 5104 } 5105 5106 /* Preferred chirping channels */ 5107 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, 5108 HOSTAPD_MODE_IEEE80211G, false); 5109 if (mode) { 5110 for (c = 0; c < mode->num_channels; c++) { 5111 struct hostapd_channel_data *chan = &mode->channels[c]; 5112 5113 if ((chan->flag & HOSTAPD_CHAN_DISABLED) || 5114 chan->freq != 2437) 5115 continue; 5116 chan6 = true; 5117 break; 5118 } 5119 } 5120 if (chan6) 5121 int_array_add_unique(&freqs, 2437); 5122 5123 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, 5124 HOSTAPD_MODE_IEEE80211A, false); 5125 if (mode) { 5126 int chan44 = 0, chan149 = 0; 5127 5128 for (c = 0; c < mode->num_channels; c++) { 5129 struct hostapd_channel_data *chan = &mode->channels[c]; 5130 5131 if (chan->flag & (HOSTAPD_CHAN_DISABLED | 5132 HOSTAPD_CHAN_RADAR)) 5133 continue; 5134 if (chan->freq == 5220) 5135 chan44 = 1; 5136 if (chan->freq == 5745) 5137 chan149 = 1; 5138 } 5139 if (chan149) 5140 int_array_add_unique(&freqs, 5745); 5141 else if (chan44) 5142 int_array_add_unique(&freqs, 5220); 5143 } 5144 5145 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, 5146 HOSTAPD_MODE_IEEE80211AD, false); 5147 if (mode) { 5148 for (c = 0; c < mode->num_channels; c++) { 5149 struct hostapd_channel_data *chan = &mode->channels[c]; 5150 5151 if ((chan->flag & (HOSTAPD_CHAN_DISABLED | 5152 HOSTAPD_CHAN_RADAR)) || 5153 chan->freq != 60480) 5154 continue; 5155 int_array_add_unique(&freqs, 60480); 5156 break; 5157 } 5158 } 5159 5160 /* Add channels from scan results for APs that advertise Configurator 5161 * Connectivity element */ 5162 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 5163 if (wpa_bss_get_vendor_ie(bss, DPP_CC_IE_VENDOR_TYPE)) 5164 int_array_add_unique(&freqs, bss->freq); 5165 } 5166 5167 return freqs; 5168 } 5169 5170 5171 static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s, 5172 struct wpa_scan_results *scan_res) 5173 { 5174 struct dpp_bootstrap_info *bi = wpa_s->dpp_chirp_bi; 5175 5176 if (!bi && !wpa_s->dpp_reconfig_ssid) 5177 return; 5178 5179 wpa_s->dpp_chirp_scan_done = 1; 5180 5181 os_free(wpa_s->dpp_chirp_freqs); 5182 wpa_s->dpp_chirp_freqs = wpas_dpp_presence_ann_channels(wpa_s, bi); 5183 5184 if (!wpa_s->dpp_chirp_freqs || 5185 eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL) < 0) 5186 wpas_dpp_chirp_stop(wpa_s); 5187 } 5188 5189 5190 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx) 5191 { 5192 struct wpa_supplicant *wpa_s = eloop_ctx; 5193 int i; 5194 5195 if (wpa_s->dpp_chirp_listen) 5196 wpas_dpp_listen_stop(wpa_s); 5197 5198 if (wpa_s->dpp_chirp_freq == 0) { 5199 if (wpa_s->dpp_chirp_round % 4 == 0 && 5200 !wpa_s->dpp_chirp_scan_done) { 5201 if (wpas_scan_scheduled(wpa_s)) { 5202 wpa_printf(MSG_DEBUG, 5203 "DPP: Deferring chirp scan because another scan is planned already"); 5204 if (eloop_register_timeout(1, 0, 5205 wpas_dpp_chirp_next, 5206 wpa_s, NULL) < 0) { 5207 wpas_dpp_chirp_stop(wpa_s); 5208 return; 5209 } 5210 return; 5211 } 5212 wpa_printf(MSG_DEBUG, 5213 "DPP: Update channel list for chirping"); 5214 wpa_s->scan_req = MANUAL_SCAN_REQ; 5215 wpa_s->scan_res_handler = 5216 wpas_dpp_chirp_scan_res_handler; 5217 wpa_supplicant_req_scan(wpa_s, 0, 0); 5218 return; 5219 } 5220 wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[0]; 5221 wpa_s->dpp_chirp_round++; 5222 wpa_printf(MSG_DEBUG, "DPP: Start chirping round %d", 5223 wpa_s->dpp_chirp_round); 5224 } else { 5225 for (i = 0; wpa_s->dpp_chirp_freqs[i]; i++) 5226 if (wpa_s->dpp_chirp_freqs[i] == wpa_s->dpp_chirp_freq) 5227 break; 5228 if (!wpa_s->dpp_chirp_freqs[i]) { 5229 wpa_printf(MSG_DEBUG, 5230 "DPP: Previous chirp freq %d not found", 5231 wpa_s->dpp_chirp_freq); 5232 return; 5233 } 5234 i++; 5235 if (wpa_s->dpp_chirp_freqs[i]) { 5236 wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[i]; 5237 } else { 5238 wpa_s->dpp_chirp_iter--; 5239 if (wpa_s->dpp_chirp_iter <= 0) { 5240 wpa_printf(MSG_DEBUG, 5241 "DPP: Chirping iterations completed"); 5242 wpas_dpp_chirp_stop(wpa_s); 5243 return; 5244 } 5245 wpa_s->dpp_chirp_freq = 0; 5246 wpa_s->dpp_chirp_scan_done = 0; 5247 if (eloop_register_timeout(30, 0, wpas_dpp_chirp_next, 5248 wpa_s, NULL) < 0) { 5249 wpas_dpp_chirp_stop(wpa_s); 5250 return; 5251 } 5252 if (wpa_s->dpp_chirp_listen) { 5253 wpa_printf(MSG_DEBUG, 5254 "DPP: Listen on %d MHz during chirp 30 second wait", 5255 wpa_s->dpp_chirp_listen); 5256 wpas_dpp_listen_start(wpa_s, 5257 wpa_s->dpp_chirp_listen); 5258 } else { 5259 wpa_printf(MSG_DEBUG, 5260 "DPP: Wait 30 seconds before starting the next chirping round"); 5261 } 5262 return; 5263 } 5264 } 5265 5266 wpas_dpp_chirp_start(wpa_s); 5267 } 5268 5269 5270 int wpas_dpp_chirp(struct wpa_supplicant *wpa_s, const char *cmd) 5271 { 5272 const char *pos; 5273 int iter = 1, listen_freq = 0; 5274 struct dpp_bootstrap_info *bi; 5275 5276 pos = os_strstr(cmd, " own="); 5277 if (!pos) 5278 return -1; 5279 pos += 5; 5280 bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos)); 5281 if (!bi) { 5282 wpa_printf(MSG_DEBUG, 5283 "DPP: Identified bootstrap info not found"); 5284 return -1; 5285 } 5286 5287 pos = os_strstr(cmd, " iter="); 5288 if (pos) { 5289 iter = atoi(pos + 6); 5290 if (iter <= 0) 5291 return -1; 5292 } 5293 5294 pos = os_strstr(cmd, " listen="); 5295 if (pos) { 5296 listen_freq = atoi(pos + 8); 5297 if (listen_freq <= 0) 5298 return -1; 5299 } 5300 5301 wpas_dpp_chirp_stop(wpa_s); 5302 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE; 5303 wpa_s->dpp_netrole = DPP_NETROLE_STA; 5304 wpa_s->dpp_qr_mutual = 0; 5305 wpa_s->dpp_chirp_bi = bi; 5306 wpa_s->dpp_presence_announcement = dpp_build_presence_announcement(bi); 5307 if (!wpa_s->dpp_presence_announcement) 5308 return -1; 5309 wpa_s->dpp_chirp_iter = iter; 5310 wpa_s->dpp_chirp_round = 0; 5311 wpa_s->dpp_chirp_scan_done = 0; 5312 wpa_s->dpp_chirp_listen = listen_freq; 5313 5314 return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL); 5315 } 5316 5317 5318 void wpas_dpp_chirp_stop(struct wpa_supplicant *wpa_s) 5319 { 5320 if (wpa_s->dpp_presence_announcement || 5321 wpa_s->dpp_reconfig_ssid) { 5322 offchannel_send_action_done(wpa_s); 5323 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CHIRP_STOPPED); 5324 } 5325 wpa_s->dpp_chirp_bi = NULL; 5326 wpabuf_free(wpa_s->dpp_presence_announcement); 5327 wpa_s->dpp_presence_announcement = NULL; 5328 if (wpa_s->dpp_chirp_listen) 5329 wpas_dpp_listen_stop(wpa_s); 5330 wpa_s->dpp_chirp_listen = 0; 5331 wpa_s->dpp_chirp_freq = 0; 5332 os_free(wpa_s->dpp_chirp_freqs); 5333 wpa_s->dpp_chirp_freqs = NULL; 5334 eloop_cancel_timeout(wpas_dpp_chirp_next, wpa_s, NULL); 5335 eloop_cancel_timeout(wpas_dpp_chirp_timeout, wpa_s, NULL); 5336 if (wpa_s->scan_res_handler == wpas_dpp_chirp_scan_res_handler) { 5337 wpas_abort_ongoing_scan(wpa_s); 5338 wpa_s->scan_res_handler = NULL; 5339 } 5340 } 5341 5342 5343 int wpas_dpp_reconfig(struct wpa_supplicant *wpa_s, const char *cmd) 5344 { 5345 struct wpa_ssid *ssid; 5346 int iter = 1; 5347 const char *pos; 5348 5349 ssid = wpa_config_get_network(wpa_s->conf, atoi(cmd)); 5350 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey || 5351 !ssid->dpp_csign) { 5352 wpa_printf(MSG_DEBUG, 5353 "DPP: Not a valid network profile for reconfiguration"); 5354 return -1; 5355 } 5356 5357 pos = os_strstr(cmd, " iter="); 5358 if (pos) { 5359 iter = atoi(pos + 6); 5360 if (iter <= 0) 5361 return -1; 5362 } 5363 5364 if (wpa_s->dpp_auth) { 5365 wpa_printf(MSG_DEBUG, 5366 "DPP: Not ready to start reconfiguration - pending authentication exchange in progress"); 5367 return -1; 5368 } 5369 5370 dpp_free_reconfig_id(wpa_s->dpp_reconfig_id); 5371 wpa_s->dpp_reconfig_id = dpp_gen_reconfig_id(ssid->dpp_csign, 5372 ssid->dpp_csign_len, 5373 ssid->dpp_pp_key, 5374 ssid->dpp_pp_key_len); 5375 if (!wpa_s->dpp_reconfig_id) { 5376 wpa_printf(MSG_DEBUG, 5377 "DPP: Failed to generate E-id for reconfiguration"); 5378 return -1; 5379 } 5380 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) { 5381 wpa_printf(MSG_DEBUG, "DPP: Disconnect for reconfiguration"); 5382 wpa_s->own_disconnect_req = 1; 5383 wpa_supplicant_deauthenticate( 5384 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 5385 } 5386 wpas_dpp_chirp_stop(wpa_s); 5387 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE; 5388 wpa_s->dpp_netrole = DPP_NETROLE_STA; 5389 wpa_s->dpp_qr_mutual = 0; 5390 wpa_s->dpp_reconfig_ssid = ssid; 5391 wpa_s->dpp_reconfig_ssid_id = ssid->id; 5392 wpa_s->dpp_chirp_iter = iter; 5393 wpa_s->dpp_chirp_round = 0; 5394 wpa_s->dpp_chirp_scan_done = 0; 5395 wpa_s->dpp_chirp_listen = 0; 5396 5397 return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL); 5398 } 5399 5400 5401 int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd) 5402 { 5403 int peer = -1; 5404 const char *pos, *value; 5405 struct dpp_authentication *auth = wpa_s->dpp_auth; 5406 u8 *bin; 5407 size_t bin_len; 5408 struct wpabuf *buf; 5409 bool tcp = false; 5410 5411 pos = os_strstr(cmd, " peer="); 5412 if (pos) { 5413 peer = atoi(pos + 6); 5414 if (!auth || !auth->waiting_cert || 5415 (auth->peer_bi && 5416 (unsigned int) peer != auth->peer_bi->id)) { 5417 auth = dpp_controller_get_auth(wpa_s->dpp, peer); 5418 tcp = true; 5419 } 5420 } 5421 5422 if (!auth || !auth->waiting_cert) { 5423 wpa_printf(MSG_DEBUG, 5424 "DPP: No authentication exchange waiting for certificate information"); 5425 return -1; 5426 } 5427 5428 if (peer >= 0 && 5429 (!auth->peer_bi || 5430 (unsigned int) peer != auth->peer_bi->id) && 5431 (!auth->tmp_peer_bi || 5432 (unsigned int) peer != auth->tmp_peer_bi->id)) { 5433 wpa_printf(MSG_DEBUG, "DPP: Peer mismatch"); 5434 return -1; 5435 } 5436 5437 pos = os_strstr(cmd, " value="); 5438 if (!pos) 5439 return -1; 5440 value = pos + 7; 5441 5442 pos = os_strstr(cmd, " name="); 5443 if (!pos) 5444 return -1; 5445 pos += 6; 5446 5447 if (os_strncmp(pos, "status ", 7) == 0) { 5448 auth->force_conf_resp_status = atoi(value); 5449 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp); 5450 } 5451 5452 if (os_strncmp(pos, "trustedEapServerName ", 21) == 0) { 5453 os_free(auth->trusted_eap_server_name); 5454 auth->trusted_eap_server_name = os_strdup(value); 5455 return auth->trusted_eap_server_name ? 0 : -1; 5456 } 5457 5458 bin = base64_decode(value, os_strlen(value), &bin_len); 5459 if (!bin) 5460 return -1; 5461 buf = wpabuf_alloc_copy(bin, bin_len); 5462 os_free(bin); 5463 5464 if (os_strncmp(pos, "caCert ", 7) == 0) { 5465 wpabuf_free(auth->cacert); 5466 auth->cacert = buf; 5467 return 0; 5468 } 5469 5470 if (os_strncmp(pos, "certBag ", 8) == 0) { 5471 wpabuf_free(auth->certbag); 5472 auth->certbag = buf; 5473 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp); 5474 } 5475 5476 wpabuf_free(buf); 5477 return -1; 5478 } 5479 5480 #endif /* CONFIG_DPP2 */ 5481 5482 5483 #ifdef CONFIG_DPP3 5484 5485 #define DPP_PB_ANNOUNCE_PER_CHAN 3 5486 5487 static int wpas_dpp_pb_announce(struct wpa_supplicant *wpa_s, int freq); 5488 static void wpas_dpp_pb_next(void *eloop_ctx, void *timeout_ctx); 5489 5490 5491 static void wpas_dpp_pb_tx_status(struct wpa_supplicant *wpa_s, 5492 unsigned int freq, const u8 *dst, 5493 const u8 *src, const u8 *bssid, 5494 const u8 *data, size_t data_len, 5495 enum offchannel_send_action_result result) 5496 { 5497 if (result == OFFCHANNEL_SEND_ACTION_FAILED) { 5498 wpa_printf(MSG_DEBUG, 5499 "DPP: Failed to send push button announcement on %d MHz", 5500 freq); 5501 if (eloop_register_timeout(0, 0, wpas_dpp_pb_next, 5502 wpa_s, NULL) < 0) 5503 wpas_dpp_push_button_stop(wpa_s); 5504 return; 5505 } 5506 5507 wpa_printf(MSG_DEBUG, "DPP: Push button announcement on %d MHz sent", 5508 freq); 5509 if (wpa_s->dpp_pb_discovery_done) { 5510 wpa_s->dpp_pb_announce_count = 0; 5511 wpa_printf(MSG_DEBUG, 5512 "DPP: Wait for push button announcement response and PKEX on %d MHz", 5513 freq); 5514 if (eloop_register_timeout(0, 500000, wpas_dpp_pb_next, 5515 wpa_s, NULL) < 0) 5516 wpas_dpp_push_button_stop(wpa_s); 5517 return; 5518 } else if (wpa_s->dpp_pb_announce_count >= DPP_PB_ANNOUNCE_PER_CHAN) { 5519 wpa_printf(MSG_DEBUG, 5520 "DPP: Wait for push button announcement response on %d MHz", 5521 freq); 5522 if (eloop_register_timeout(0, 50000, wpas_dpp_pb_next, 5523 wpa_s, NULL) < 0) 5524 wpas_dpp_push_button_stop(wpa_s); 5525 return; 5526 } 5527 5528 if (wpas_dpp_pb_announce(wpa_s, freq) < 0) 5529 wpas_dpp_push_button_stop(wpa_s); 5530 } 5531 5532 5533 static int wpas_dpp_pb_announce(struct wpa_supplicant *wpa_s, int freq) 5534 { 5535 struct wpabuf *msg; 5536 int type; 5537 5538 msg = wpa_s->dpp_pb_announcement; 5539 if (!msg) 5540 return -1; 5541 5542 wpa_s->dpp_pb_announce_count++; 5543 wpa_printf(MSG_DEBUG, 5544 "DPP: Send push button announcement %d/%d (%d MHz)", 5545 wpa_s->dpp_pb_announce_count, DPP_PB_ANNOUNCE_PER_CHAN, 5546 freq); 5547 5548 type = DPP_PA_PB_PRESENCE_ANNOUNCEMENT; 5549 if (wpa_s->dpp_pb_announce_count == 1) 5550 wpa_msg(wpa_s, MSG_INFO, 5551 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d", 5552 MAC2STR(broadcast), freq, type); 5553 if (offchannel_send_action( 5554 wpa_s, freq, broadcast, wpa_s->own_addr, broadcast, 5555 wpabuf_head(msg), wpabuf_len(msg), 5556 1000, wpas_dpp_pb_tx_status, 0) < 0) 5557 return -1; 5558 5559 return 0; 5560 } 5561 5562 5563 static void wpas_dpp_pb_next(void *eloop_ctx, void *timeout_ctx) 5564 { 5565 struct wpa_supplicant *wpa_s = eloop_ctx; 5566 struct os_reltime now; 5567 int freq; 5568 5569 if (!wpa_s->dpp_pb_freqs) 5570 return; 5571 5572 os_get_reltime(&now); 5573 offchannel_send_action_done(wpa_s); 5574 5575 if (os_reltime_expired(&now, &wpa_s->dpp_pb_time, 100)) { 5576 wpa_printf(MSG_DEBUG, "DPP: Push button wait time expired"); 5577 wpas_dpp_push_button_stop(wpa_s); 5578 return; 5579 } 5580 5581 if (wpa_s->dpp_pb_freq_idx >= int_array_len(wpa_s->dpp_pb_freqs)) { 5582 wpa_printf(MSG_DEBUG, 5583 "DPP: Completed push button announcement round"); 5584 wpa_s->dpp_pb_freq_idx = 0; 5585 if (wpa_s->dpp_pb_stop_iter > 0) { 5586 wpa_s->dpp_pb_stop_iter--; 5587 5588 if (wpa_s->dpp_pb_stop_iter == 1) { 5589 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS 5590 "wait for AP/Configurator to allow PKEX to be initiated"); 5591 if (eloop_register_timeout(10, 0, 5592 wpas_dpp_pb_next, 5593 wpa_s, NULL) < 0) { 5594 wpas_dpp_push_button_stop(wpa_s); 5595 return; 5596 } 5597 return; 5598 } 5599 5600 if (wpa_s->dpp_pb_stop_iter == 0) { 5601 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS 5602 "start push button PKEX responder on the discovered channel (%d MHz)", 5603 wpa_s->dpp_pb_resp_freq); 5604 wpa_s->dpp_pb_discovery_done = true; 5605 5606 wpa_s->dpp_pkex_bi = wpa_s->dpp_pb_bi; 5607 5608 os_free(wpa_s->dpp_pkex_code); 5609 wpa_s->dpp_pkex_code = os_memdup( 5610 wpa_s->dpp_pb_c_nonce, 5611 wpa_s->dpp_pb_c_nonce_len); 5612 wpa_s->dpp_pkex_code_len = 5613 wpa_s->dpp_pb_c_nonce_len; 5614 5615 os_free(wpa_s->dpp_pkex_identifier); 5616 wpa_s->dpp_pkex_identifier = 5617 os_strdup("PBPKEX"); 5618 5619 if (!wpa_s->dpp_pkex_code || 5620 !wpa_s->dpp_pkex_identifier) { 5621 wpas_dpp_push_button_stop(wpa_s); 5622 return; 5623 } 5624 5625 wpa_s->dpp_pkex_ver = PKEX_VER_ONLY_2; 5626 5627 os_free(wpa_s->dpp_pkex_auth_cmd); 5628 wpa_s->dpp_pkex_auth_cmd = NULL; 5629 } 5630 } 5631 } 5632 5633 if (wpa_s->dpp_pb_discovery_done) 5634 freq = wpa_s->dpp_pb_resp_freq; 5635 else 5636 freq = wpa_s->dpp_pb_freqs[wpa_s->dpp_pb_freq_idx++]; 5637 wpa_s->dpp_pb_announce_count = 0; 5638 if (!wpa_s->dpp_pb_announcement) { 5639 wpa_printf(MSG_DEBUG, "DPP: Push button announcements stopped"); 5640 return; 5641 } 5642 if (wpas_dpp_pb_announce(wpa_s, freq) < 0) { 5643 wpas_dpp_push_button_stop(wpa_s); 5644 return; 5645 } 5646 } 5647 5648 5649 static void wpas_dpp_push_button_expire(void *eloop_ctx, void *timeout_ctx) 5650 { 5651 struct wpa_supplicant *wpa_s = eloop_ctx; 5652 5653 wpa_printf(MSG_DEBUG, 5654 "DPP: Active push button Configurator mode expired"); 5655 wpas_dpp_push_button_stop(wpa_s); 5656 } 5657 5658 5659 static int wpas_dpp_push_button_configurator(struct wpa_supplicant *wpa_s, 5660 const char *cmd) 5661 { 5662 wpa_s->dpp_pb_configurator = true; 5663 wpa_s->dpp_pb_announce_time.sec = 0; 5664 wpa_s->dpp_pb_announce_time.usec = 0; 5665 str_clear_free(wpa_s->dpp_pb_cmd); 5666 wpa_s->dpp_pb_cmd = NULL; 5667 if (cmd) { 5668 wpa_s->dpp_pb_cmd = os_strdup(cmd); 5669 if (!wpa_s->dpp_pb_cmd) 5670 return -1; 5671 } 5672 eloop_register_timeout(100, 0, wpas_dpp_push_button_expire, 5673 wpa_s, NULL); 5674 5675 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS "started"); 5676 return 0; 5677 } 5678 5679 5680 static void wpas_dpp_pb_scan_res_handler(struct wpa_supplicant *wpa_s, 5681 struct wpa_scan_results *scan_res) 5682 { 5683 if (!wpa_s->dpp_pb_time.sec && !wpa_s->dpp_pb_time.usec) 5684 return; 5685 5686 os_free(wpa_s->dpp_pb_freqs); 5687 wpa_s->dpp_pb_freqs = wpas_dpp_presence_ann_channels(wpa_s, NULL); 5688 5689 wpa_printf(MSG_DEBUG, "DPP: Scan completed for PB discovery"); 5690 if (!wpa_s->dpp_pb_freqs || 5691 eloop_register_timeout(0, 0, wpas_dpp_pb_next, wpa_s, NULL) < 0) 5692 wpas_dpp_push_button_stop(wpa_s); 5693 } 5694 5695 5696 int wpas_dpp_push_button(struct wpa_supplicant *wpa_s, const char *cmd) 5697 { 5698 int res; 5699 5700 if (!wpa_s->dpp) 5701 return -1; 5702 wpas_dpp_push_button_stop(wpa_s); 5703 wpas_dpp_stop(wpa_s); 5704 wpas_dpp_chirp_stop(wpa_s); 5705 5706 os_get_reltime(&wpa_s->dpp_pb_time); 5707 5708 if (cmd && 5709 (os_strstr(cmd, " role=configurator") || 5710 os_strstr(cmd, " conf="))) 5711 return wpas_dpp_push_button_configurator(wpa_s, cmd); 5712 5713 wpa_s->dpp_pb_configurator = false; 5714 5715 wpa_s->dpp_pb_freq_idx = 0; 5716 5717 res = dpp_bootstrap_gen(wpa_s->dpp, "type=pkex"); 5718 if (res < 0) 5719 return -1; 5720 wpa_s->dpp_pb_bi = dpp_bootstrap_get_id(wpa_s->dpp, res); 5721 if (!wpa_s->dpp_pb_bi) 5722 return -1; 5723 5724 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE; 5725 wpa_s->dpp_netrole = DPP_NETROLE_STA; 5726 wpa_s->dpp_qr_mutual = 0; 5727 wpa_s->dpp_pb_announcement = 5728 dpp_build_pb_announcement(wpa_s->dpp_pb_bi); 5729 if (!wpa_s->dpp_pb_announcement) 5730 return -1; 5731 5732 wpa_printf(MSG_DEBUG, 5733 "DPP: Scan to create channel list for PB discovery"); 5734 wpa_s->scan_req = MANUAL_SCAN_REQ; 5735 wpa_s->scan_res_handler = wpas_dpp_pb_scan_res_handler; 5736 wpa_supplicant_req_scan(wpa_s, 0, 0); 5737 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS "started"); 5738 return 0; 5739 } 5740 5741 5742 void wpas_dpp_push_button_stop(struct wpa_supplicant *wpa_s) 5743 { 5744 if (!wpa_s->dpp) 5745 return; 5746 os_free(wpa_s->dpp_pb_freqs); 5747 wpa_s->dpp_pb_freqs = NULL; 5748 wpabuf_free(wpa_s->dpp_pb_announcement); 5749 wpa_s->dpp_pb_announcement = NULL; 5750 if (wpa_s->dpp_pb_bi) { 5751 char id[20]; 5752 5753 if (wpa_s->dpp_pb_bi == wpa_s->dpp_pkex_bi) 5754 wpa_s->dpp_pkex_bi = NULL; 5755 os_snprintf(id, sizeof(id), "%u", wpa_s->dpp_pb_bi->id); 5756 dpp_bootstrap_remove(wpa_s->dpp, id); 5757 wpa_s->dpp_pb_bi = NULL; 5758 if (!wpa_s->dpp_pb_result_indicated) { 5759 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "failed"); 5760 wpa_s->dpp_pb_result_indicated = true; 5761 } 5762 } 5763 5764 wpa_s->dpp_pb_resp_freq = 0; 5765 wpa_s->dpp_pb_stop_iter = 0; 5766 wpa_s->dpp_pb_discovery_done = false; 5767 os_free(wpa_s->dpp_pb_cmd); 5768 wpa_s->dpp_pb_cmd = NULL; 5769 5770 eloop_cancel_timeout(wpas_dpp_pb_next, wpa_s, NULL); 5771 eloop_cancel_timeout(wpas_dpp_push_button_expire, wpa_s, NULL); 5772 if (wpas_dpp_pb_active(wpa_s)) { 5773 wpa_printf(MSG_DEBUG, "DPP: Stop active push button mode"); 5774 if (!wpa_s->dpp_pb_result_indicated) 5775 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "failed"); 5776 } 5777 wpa_s->dpp_pb_time.sec = 0; 5778 wpa_s->dpp_pb_time.usec = 0; 5779 dpp_pkex_free(wpa_s->dpp_pkex); 5780 wpa_s->dpp_pkex = NULL; 5781 os_free(wpa_s->dpp_pkex_auth_cmd); 5782 wpa_s->dpp_pkex_auth_cmd = NULL; 5783 5784 wpa_s->dpp_pb_result_indicated = false; 5785 5786 str_clear_free(wpa_s->dpp_pb_cmd); 5787 wpa_s->dpp_pb_cmd = NULL; 5788 5789 if (wpa_s->scan_res_handler == wpas_dpp_pb_scan_res_handler) { 5790 wpas_abort_ongoing_scan(wpa_s); 5791 wpa_s->scan_res_handler = NULL; 5792 } 5793 } 5794 5795 #endif /* CONFIG_DPP3 */ 5796