1 /* 2 * wpa_supplicant / WPS integration 3 * Copyright (c) 2008-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "eloop.h" 13 #include "uuid.h" 14 #include "crypto/random.h" 15 #include "crypto/dh_group5.h" 16 #include "common/ieee802_11_defs.h" 17 #include "common/ieee802_11_common.h" 18 #include "common/wpa_common.h" 19 #include "common/wpa_ctrl.h" 20 #include "eap_common/eap_wsc_common.h" 21 #include "eap_peer/eap.h" 22 #include "eapol_supp/eapol_supp_sm.h" 23 #include "rsn_supp/wpa.h" 24 #include "wps/wps_attr_parse.h" 25 #include "config.h" 26 #include "wpa_supplicant_i.h" 27 #include "driver_i.h" 28 #include "notify.h" 29 #include "bssid_ignore.h" 30 #include "bss.h" 31 #include "scan.h" 32 #include "ap.h" 33 #include "p2p/p2p.h" 34 #include "p2p_supplicant.h" 35 #include "wps_supplicant.h" 36 37 38 #ifndef WPS_PIN_SCAN_IGNORE_SEL_REG 39 #define WPS_PIN_SCAN_IGNORE_SEL_REG 3 40 #endif /* WPS_PIN_SCAN_IGNORE_SEL_REG */ 41 42 /* 43 * The minimum time in seconds before trying to associate to a WPS PIN AP that 44 * does not have Selected Registrar TRUE. 45 */ 46 #ifndef WPS_PIN_TIME_IGNORE_SEL_REG 47 #define WPS_PIN_TIME_IGNORE_SEL_REG 5 48 #endif /* WPS_PIN_TIME_IGNORE_SEL_REG */ 49 50 static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx); 51 static void wpas_clear_wps(struct wpa_supplicant *wpa_s); 52 53 54 static void wpas_wps_clear_ap_info(struct wpa_supplicant *wpa_s) 55 { 56 os_free(wpa_s->wps_ap); 57 wpa_s->wps_ap = NULL; 58 wpa_s->num_wps_ap = 0; 59 wpa_s->wps_ap_iter = 0; 60 } 61 62 63 static void wpas_wps_assoc_with_cred(void *eloop_ctx, void *timeout_ctx) 64 { 65 struct wpa_supplicant *wpa_s = eloop_ctx; 66 int use_fast_assoc = timeout_ctx != NULL; 67 68 wpa_printf(MSG_DEBUG, "WPS: Continuing association after eapol_cb"); 69 if (!use_fast_assoc || 70 wpa_supplicant_fast_associate(wpa_s) != 1) 71 wpa_supplicant_req_scan(wpa_s, 0, 0); 72 } 73 74 75 static void wpas_wps_assoc_with_cred_cancel(struct wpa_supplicant *wpa_s) 76 { 77 eloop_cancel_timeout(wpas_wps_assoc_with_cred, wpa_s, (void *) 0); 78 eloop_cancel_timeout(wpas_wps_assoc_with_cred, wpa_s, (void *) 1); 79 } 80 81 82 static struct wpabuf * wpas_wps_get_wps_ie(struct wpa_bss *bss) 83 { 84 /* Return the latest receive WPS IE from the AP regardless of whether 85 * it was from a Beacon frame or Probe Response frame to avoid using 86 * stale information. */ 87 if (bss->beacon_newer) 88 return wpa_bss_get_vendor_ie_multi_beacon(bss, 89 WPS_IE_VENDOR_TYPE); 90 return wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); 91 } 92 93 94 int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s) 95 { 96 if (wpas_p2p_wps_eapol_cb(wpa_s) > 0) 97 return 1; 98 99 if (!wpa_s->wps_success && 100 wpa_s->current_ssid && 101 eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) { 102 const u8 *bssid = wpa_s->bssid; 103 if (is_zero_ether_addr(bssid)) 104 bssid = wpa_s->pending_bssid; 105 106 wpa_printf(MSG_DEBUG, "WPS: PIN registration with " MACSTR 107 " did not succeed - continue trying to find " 108 "suitable AP", MAC2STR(bssid)); 109 wpa_bssid_ignore_add(wpa_s, bssid); 110 111 wpa_supplicant_deauthenticate(wpa_s, 112 WLAN_REASON_DEAUTH_LEAVING); 113 wpa_s->reassociate = 1; 114 wpa_supplicant_req_scan(wpa_s, 115 wpa_s->bssid_ignore_cleared ? 5 : 0, 0); 116 wpa_s->bssid_ignore_cleared = false; 117 return 1; 118 } 119 120 wpas_wps_clear_ap_info(wpa_s); 121 eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL); 122 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && !wpa_s->wps_success) 123 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_FAIL); 124 125 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid && 126 !(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { 127 int disabled = wpa_s->current_ssid->disabled; 128 unsigned int freq = wpa_s->assoc_freq; 129 struct wpa_bss *bss; 130 struct wpa_ssid *ssid = NULL; 131 int use_fast_assoc = 0; 132 133 wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - " 134 "try to associate with the received credential " 135 "(freq=%u)", freq); 136 wpa_s->own_disconnect_req = 1; 137 wpa_supplicant_deauthenticate(wpa_s, 138 WLAN_REASON_DEAUTH_LEAVING); 139 if (disabled) { 140 wpa_printf(MSG_DEBUG, "WPS: Current network is " 141 "disabled - wait for user to enable"); 142 return 1; 143 } 144 wpa_s->after_wps = 5; 145 wpa_s->wps_freq = freq; 146 wpa_s->normal_scans = 0; 147 wpa_s->reassociate = 1; 148 149 wpa_printf(MSG_DEBUG, "WPS: Checking whether fast association " 150 "without a new scan can be used"); 151 bss = wpa_supplicant_pick_network(wpa_s, &ssid); 152 if (bss) { 153 struct wpabuf *wps; 154 struct wps_parse_attr attr; 155 156 wps = wpas_wps_get_wps_ie(bss); 157 if (wps && wps_parse_msg(wps, &attr) == 0 && 158 attr.wps_state && 159 *attr.wps_state == WPS_STATE_CONFIGURED) 160 use_fast_assoc = 1; 161 wpabuf_free(wps); 162 } 163 164 /* 165 * Complete the next step from an eloop timeout to allow pending 166 * driver events related to the disconnection to be processed 167 * first. This makes it less likely for disconnection event to 168 * cause problems with the following connection. 169 */ 170 wpa_printf(MSG_DEBUG, "WPS: Continue association from timeout"); 171 wpas_wps_assoc_with_cred_cancel(wpa_s); 172 eloop_register_timeout(0, 10000, 173 wpas_wps_assoc_with_cred, wpa_s, 174 use_fast_assoc ? (void *) 1 : 175 (void *) 0); 176 return 1; 177 } 178 179 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid) { 180 wpa_printf(MSG_DEBUG, "WPS: Registration completed - waiting " 181 "for external credential processing"); 182 wpas_clear_wps(wpa_s); 183 wpa_s->own_disconnect_req = 1; 184 wpa_supplicant_deauthenticate(wpa_s, 185 WLAN_REASON_DEAUTH_LEAVING); 186 return 1; 187 } 188 189 return 0; 190 } 191 192 193 static void wpas_wps_security_workaround(struct wpa_supplicant *wpa_s, 194 struct wpa_ssid *ssid, 195 const struct wps_credential *cred) 196 { 197 struct wpa_driver_capa capa; 198 struct wpa_bss *bss; 199 const u8 *ie; 200 struct wpa_ie_data adv; 201 int wpa2 = 0, ccmp = 0; 202 enum wpa_driver_if_type iftype; 203 204 /* 205 * Many existing WPS APs do not know how to negotiate WPA2 or CCMP in 206 * case they are configured for mixed mode operation (WPA+WPA2 and 207 * TKIP+CCMP). Try to use scan results to figure out whether the AP 208 * actually supports stronger security and select that if the client 209 * has support for it, too. 210 */ 211 212 if (wpa_drv_get_capa(wpa_s, &capa)) 213 return; /* Unknown what driver supports */ 214 215 if (ssid->ssid == NULL) 216 return; 217 bss = wpa_bss_get(wpa_s, cred->mac_addr, ssid->ssid, ssid->ssid_len); 218 if (!bss) 219 bss = wpa_bss_get(wpa_s, wpa_s->bssid, 220 ssid->ssid, ssid->ssid_len); 221 if (bss == NULL) { 222 wpa_printf(MSG_DEBUG, "WPS: The AP was not found from BSS " 223 "table - use credential as-is"); 224 return; 225 } 226 227 wpa_printf(MSG_DEBUG, "WPS: AP found from BSS table"); 228 229 ie = wpa_bss_get_ie(bss, WLAN_EID_RSN); 230 if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0) { 231 wpa2 = 1; 232 if (adv.pairwise_cipher & WPA_CIPHER_CCMP) 233 ccmp = 1; 234 } else { 235 ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 236 if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0 && 237 adv.pairwise_cipher & WPA_CIPHER_CCMP) 238 ccmp = 1; 239 } 240 241 if (ie == NULL && (ssid->proto & WPA_PROTO_WPA) && 242 (ssid->pairwise_cipher & WPA_CIPHER_TKIP)) { 243 /* 244 * TODO: This could be the initial AP configuration and the 245 * Beacon contents could change shortly. Should request a new 246 * scan and delay addition of the network until the updated 247 * scan results are available. 248 */ 249 wpa_printf(MSG_DEBUG, "WPS: The AP did not yet advertise WPA " 250 "support - use credential as-is"); 251 return; 252 } 253 254 iftype = ssid->p2p_group ? WPA_IF_P2P_CLIENT : WPA_IF_STATION; 255 256 if (ccmp && !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) && 257 (ssid->pairwise_cipher & WPA_CIPHER_TKIP) && 258 (capa.key_mgmt_iftype[iftype] & 259 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) { 260 wpa_printf(MSG_DEBUG, "WPS: Add CCMP into the credential " 261 "based on scan results"); 262 if (wpa_s->conf->ap_scan == 1) 263 ssid->pairwise_cipher |= WPA_CIPHER_CCMP; 264 else 265 ssid->pairwise_cipher = WPA_CIPHER_CCMP; 266 } 267 268 if (wpa2 && !(ssid->proto & WPA_PROTO_RSN) && 269 (ssid->proto & WPA_PROTO_WPA) && 270 (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP)) { 271 wpa_printf(MSG_DEBUG, "WPS: Add WPA2 into the credential " 272 "based on scan results"); 273 if (wpa_s->conf->ap_scan == 1) 274 ssid->proto |= WPA_PROTO_RSN; 275 else 276 ssid->proto = WPA_PROTO_RSN; 277 } 278 } 279 280 281 static void wpas_wps_remove_dup_network(struct wpa_supplicant *wpa_s, 282 struct wpa_ssid *new_ssid) 283 { 284 struct wpa_ssid *ssid, *next; 285 286 for (ssid = wpa_s->conf->ssid, next = ssid ? ssid->next : NULL; ssid; 287 ssid = next, next = ssid ? ssid->next : NULL) { 288 /* 289 * new_ssid has already been added to the list in 290 * wpas_wps_add_network(), so skip it. 291 */ 292 if (ssid == new_ssid) 293 continue; 294 295 if (ssid->bssid_set || new_ssid->bssid_set) { 296 if (ssid->bssid_set != new_ssid->bssid_set) 297 continue; 298 if (!ether_addr_equal(ssid->bssid, new_ssid->bssid)) 299 continue; 300 } 301 302 /* compare SSID */ 303 if (ssid->ssid_len == 0 || ssid->ssid_len != new_ssid->ssid_len) 304 continue; 305 306 if (ssid->ssid && new_ssid->ssid) { 307 if (os_memcmp(ssid->ssid, new_ssid->ssid, 308 ssid->ssid_len) != 0) 309 continue; 310 } else if (ssid->ssid || new_ssid->ssid) 311 continue; 312 313 /* compare security parameters */ 314 if (ssid->auth_alg != new_ssid->auth_alg || 315 ssid->key_mgmt != new_ssid->key_mgmt || 316 (ssid->group_cipher != new_ssid->group_cipher && 317 !(ssid->group_cipher & new_ssid->group_cipher & 318 WPA_CIPHER_CCMP))) 319 continue; 320 321 /* 322 * Some existing WPS APs will send two creds in case they are 323 * configured for mixed mode operation (WPA+WPA2 and TKIP+CCMP). 324 * Try to merge these two creds if they are received in the same 325 * M8 message. 326 */ 327 if (ssid->wps_run && ssid->wps_run == new_ssid->wps_run && 328 wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) { 329 if (new_ssid->passphrase && ssid->passphrase && 330 os_strcmp(new_ssid->passphrase, ssid->passphrase) != 331 0) { 332 wpa_printf(MSG_DEBUG, 333 "WPS: M8 Creds with different passphrase - do not merge"); 334 continue; 335 } 336 337 if (new_ssid->psk_set && 338 (!ssid->psk_set || 339 os_memcmp(new_ssid->psk, ssid->psk, 32) != 0)) { 340 wpa_printf(MSG_DEBUG, 341 "WPS: M8 Creds with different PSK - do not merge"); 342 continue; 343 } 344 345 if ((new_ssid->passphrase && !ssid->passphrase) || 346 (!new_ssid->passphrase && ssid->passphrase)) { 347 wpa_printf(MSG_DEBUG, 348 "WPS: M8 Creds with different passphrase/PSK type - do not merge"); 349 continue; 350 } 351 352 wpa_printf(MSG_DEBUG, 353 "WPS: Workaround - merge likely WPA/WPA2-mixed mode creds in same M8 message"); 354 new_ssid->proto |= ssid->proto; 355 new_ssid->pairwise_cipher |= ssid->pairwise_cipher; 356 } else { 357 /* 358 * proto and pairwise_cipher difference matter for 359 * non-mixed-mode creds. 360 */ 361 if (ssid->proto != new_ssid->proto || 362 ssid->pairwise_cipher != new_ssid->pairwise_cipher) 363 continue; 364 } 365 366 /* Remove the duplicated older network entry. */ 367 wpa_printf(MSG_DEBUG, "Remove duplicate network %d", ssid->id); 368 wpas_notify_network_removed(wpa_s, ssid); 369 wpa_config_remove_network(wpa_s->conf, ssid->id); 370 } 371 } 372 373 374 static int wpa_supplicant_wps_cred(void *ctx, 375 const struct wps_credential *cred) 376 { 377 struct wpa_supplicant *wpa_s = ctx; 378 struct wpa_ssid *ssid = wpa_s->current_ssid; 379 u16 auth_type; 380 #ifdef CONFIG_WPS_REG_DISABLE_OPEN 381 int registrar = 0; 382 #endif /* CONFIG_WPS_REG_DISABLE_OPEN */ 383 bool add_sae; 384 385 if ((wpa_s->conf->wps_cred_processing == 1 || 386 wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) { 387 size_t blen = cred->cred_attr_len * 2 + 1; 388 char *buf = os_malloc(blen); 389 if (buf) { 390 wpa_snprintf_hex(buf, blen, 391 cred->cred_attr, cred->cred_attr_len); 392 wpa_msg(wpa_s, MSG_INFO, "%s%s", 393 WPS_EVENT_CRED_RECEIVED, buf); 394 os_free(buf); 395 } 396 397 wpas_notify_wps_credential(wpa_s, cred); 398 } else 399 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CRED_RECEIVED); 400 401 wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute", 402 cred->cred_attr, cred->cred_attr_len); 403 404 if (wpa_s->conf->wps_cred_processing == 1) 405 return 0; 406 407 wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len); 408 wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x", 409 cred->auth_type); 410 wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type); 411 wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx); 412 wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", 413 cred->key, cred->key_len); 414 wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR, 415 MAC2STR(cred->mac_addr)); 416 417 auth_type = cred->auth_type; 418 if (auth_type == (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) { 419 wpa_printf(MSG_DEBUG, "WPS: Workaround - convert mixed-mode " 420 "auth_type into WPA2PSK"); 421 auth_type = WPS_AUTH_WPA2PSK; 422 } 423 424 if (auth_type != WPS_AUTH_OPEN && 425 auth_type != WPS_AUTH_WPAPSK && 426 auth_type != WPS_AUTH_WPA2PSK) { 427 wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for " 428 "unsupported authentication type 0x%x", 429 auth_type); 430 return 0; 431 } 432 433 if (auth_type == WPS_AUTH_WPAPSK || auth_type == WPS_AUTH_WPA2PSK) { 434 if (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN) { 435 wpa_printf(MSG_ERROR, "WPS: Reject PSK credential with " 436 "invalid Network Key length %lu", 437 (unsigned long) cred->key_len); 438 return -1; 439 } 440 } 441 442 if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { 443 wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based " 444 "on the received credential"); 445 #ifdef CONFIG_WPS_REG_DISABLE_OPEN 446 if (ssid->eap.identity && 447 ssid->eap.identity_len == WSC_ID_REGISTRAR_LEN && 448 os_memcmp(ssid->eap.identity, WSC_ID_REGISTRAR, 449 WSC_ID_REGISTRAR_LEN) == 0) 450 registrar = 1; 451 #endif /* CONFIG_WPS_REG_DISABLE_OPEN */ 452 os_free(ssid->eap.identity); 453 ssid->eap.identity = NULL; 454 ssid->eap.identity_len = 0; 455 os_free(ssid->eap.phase1); 456 ssid->eap.phase1 = NULL; 457 os_free(ssid->eap.eap_methods); 458 ssid->eap.eap_methods = NULL; 459 if (!ssid->p2p_group) { 460 ssid->temporary = 0; 461 ssid->bssid_set = 0; 462 } 463 ssid->disabled_until.sec = 0; 464 ssid->disabled_until.usec = 0; 465 ssid->auth_failures = 0; 466 } else { 467 wpa_printf(MSG_DEBUG, "WPS: Create a new network based on the " 468 "received credential"); 469 ssid = wpa_config_add_network(wpa_s->conf); 470 if (ssid == NULL) 471 return -1; 472 if (wpa_s->current_ssid) { 473 /* 474 * Should the GO issue multiple credentials for some 475 * reason, each credential should be marked as a 476 * temporary P2P group similarly to the one that gets 477 * marked as such based on the pre-configured values 478 * used for the WPS network block. 479 */ 480 ssid->p2p_group = wpa_s->current_ssid->p2p_group; 481 ssid->temporary = wpa_s->current_ssid->temporary; 482 } 483 wpas_notify_network_added(wpa_s, ssid); 484 } 485 486 wpa_config_set_network_defaults(ssid); 487 ssid->wps_run = wpa_s->wps_run; 488 489 os_free(ssid->ssid); 490 ssid->ssid = os_malloc(cred->ssid_len); 491 if (ssid->ssid) { 492 os_memcpy(ssid->ssid, cred->ssid, cred->ssid_len); 493 ssid->ssid_len = cred->ssid_len; 494 } 495 496 switch (cred->encr_type) { 497 case WPS_ENCR_NONE: 498 break; 499 case WPS_ENCR_TKIP: 500 ssid->pairwise_cipher = WPA_CIPHER_TKIP | WPA_CIPHER_CCMP; 501 break; 502 case WPS_ENCR_AES: 503 ssid->pairwise_cipher = WPA_CIPHER_CCMP; 504 if (wpa_s->drv_capa_known && 505 (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_GCMP)) { 506 ssid->pairwise_cipher |= WPA_CIPHER_GCMP; 507 ssid->group_cipher |= WPA_CIPHER_GCMP; 508 } 509 if (wpa_s->drv_capa_known && 510 (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_GCMP_256)) { 511 ssid->pairwise_cipher |= WPA_CIPHER_GCMP_256; 512 ssid->group_cipher |= WPA_CIPHER_GCMP_256; 513 } 514 if (wpa_s->drv_capa_known && 515 (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_CCMP_256)) { 516 ssid->pairwise_cipher |= WPA_CIPHER_CCMP_256; 517 ssid->group_cipher |= WPA_CIPHER_CCMP_256; 518 } 519 break; 520 } 521 522 switch (auth_type) { 523 case WPS_AUTH_OPEN: 524 ssid->auth_alg = WPA_AUTH_ALG_OPEN; 525 ssid->key_mgmt = WPA_KEY_MGMT_NONE; 526 ssid->proto = 0; 527 #ifdef CONFIG_WPS_REG_DISABLE_OPEN 528 if (registrar) { 529 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OPEN_NETWORK 530 "id=%d - Credentials for an open " 531 "network disabled by default - use " 532 "'select_network %d' to enable", 533 ssid->id, ssid->id); 534 ssid->disabled = 1; 535 } 536 #endif /* CONFIG_WPS_REG_DISABLE_OPEN */ 537 break; 538 case WPS_AUTH_WPAPSK: 539 ssid->auth_alg = WPA_AUTH_ALG_OPEN; 540 ssid->key_mgmt = WPA_KEY_MGMT_PSK; 541 ssid->proto = WPA_PROTO_WPA | WPA_PROTO_RSN; 542 break; 543 case WPS_AUTH_WPA2PSK: 544 ssid->auth_alg = WPA_AUTH_ALG_OPEN; 545 ssid->key_mgmt = WPA_KEY_MGMT_PSK; 546 add_sae = wpa_s->conf->wps_cred_add_sae; 547 #ifdef CONFIG_P2P 548 if (ssid->p2p_group && is_p2p_6ghz_capable(wpa_s->global->p2p)) 549 add_sae = true; 550 #endif /* CONFIG_P2P */ 551 if (add_sae && cred->key_len != 2 * PMK_LEN) { 552 ssid->auth_alg = 0; 553 ssid->key_mgmt |= WPA_KEY_MGMT_SAE; 554 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL; 555 } 556 ssid->proto = WPA_PROTO_RSN; 557 break; 558 } 559 560 if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) { 561 if (cred->key_len == 2 * PMK_LEN) { 562 if (hexstr2bin((const char *) cred->key, ssid->psk, 563 PMK_LEN)) { 564 wpa_printf(MSG_ERROR, "WPS: Invalid Network " 565 "Key"); 566 return -1; 567 } 568 ssid->psk_set = 1; 569 ssid->export_keys = 1; 570 } else if (cred->key_len >= 8 && cred->key_len < 2 * PMK_LEN) { 571 os_free(ssid->passphrase); 572 ssid->passphrase = os_malloc(cred->key_len + 1); 573 if (ssid->passphrase == NULL) 574 return -1; 575 os_memcpy(ssid->passphrase, cred->key, cred->key_len); 576 ssid->passphrase[cred->key_len] = '\0'; 577 wpa_config_update_psk(ssid); 578 ssid->export_keys = 1; 579 } else { 580 wpa_printf(MSG_ERROR, "WPS: Invalid Network Key " 581 "length %lu", 582 (unsigned long) cred->key_len); 583 return -1; 584 } 585 } 586 ssid->priority = wpa_s->conf->wps_priority; 587 588 wpas_wps_security_workaround(wpa_s, ssid, cred); 589 590 wpas_wps_remove_dup_network(wpa_s, ssid); 591 592 #ifndef CONFIG_NO_CONFIG_WRITE 593 if (wpa_s->conf->update_config && 594 wpa_config_write(wpa_s->confname, wpa_s->conf)) { 595 wpa_printf(MSG_DEBUG, "WPS: Failed to update configuration"); 596 return -1; 597 } 598 #endif /* CONFIG_NO_CONFIG_WRITE */ 599 600 if (ssid->priority) 601 wpa_config_update_prio_list(wpa_s->conf); 602 603 /* 604 * Optimize the post-WPS scan based on the channel used during 605 * the provisioning in case EAP-Failure is not received. 606 */ 607 wpa_s->after_wps = 5; 608 wpa_s->wps_freq = wpa_s->assoc_freq; 609 610 return 0; 611 } 612 613 614 static void wpa_supplicant_wps_event_m2d(struct wpa_supplicant *wpa_s, 615 struct wps_event_m2d *m2d) 616 { 617 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_M2D 618 "dev_password_id=%d config_error=%d", 619 m2d->dev_password_id, m2d->config_error); 620 wpas_notify_wps_event_m2d(wpa_s, m2d); 621 #ifdef CONFIG_P2P 622 if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s) { 623 wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_M2D 624 "dev_password_id=%d config_error=%d", 625 m2d->dev_password_id, m2d->config_error); 626 } 627 if (m2d->config_error == WPS_CFG_MULTIPLE_PBC_DETECTED) { 628 /* 629 * Notify P2P from eloop timeout to avoid issues with the 630 * interface getting removed while processing a message. 631 */ 632 eloop_register_timeout(0, 0, wpas_p2p_pbc_overlap_cb, wpa_s, 633 NULL); 634 } 635 #endif /* CONFIG_P2P */ 636 } 637 638 639 static void wpas_wps_clear_timeout(void *eloop_ctx, void *timeout_ctx) 640 { 641 struct wpa_supplicant *wpa_s = eloop_ctx; 642 wpa_printf(MSG_DEBUG, "WPS: Clear WPS network from timeout"); 643 wpas_clear_wps(wpa_s); 644 } 645 646 647 static void wpa_supplicant_wps_event_fail(struct wpa_supplicant *wpa_s, 648 struct wps_event_fail *fail) 649 { 650 if (fail->error_indication > 0 && 651 fail->error_indication < NUM_WPS_EI_VALUES) { 652 wpa_msg(wpa_s, MSG_INFO, 653 WPS_EVENT_FAIL "msg=%d config_error=%d reason=%d (%s)", 654 fail->msg, fail->config_error, fail->error_indication, 655 wps_ei_str(fail->error_indication)); 656 if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s) 657 wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_FAIL 658 "msg=%d config_error=%d reason=%d (%s)", 659 fail->msg, fail->config_error, 660 fail->error_indication, 661 wps_ei_str(fail->error_indication)); 662 } else { 663 wpa_msg(wpa_s, MSG_INFO, 664 WPS_EVENT_FAIL "msg=%d config_error=%d", 665 fail->msg, fail->config_error); 666 if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s) 667 wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_FAIL 668 "msg=%d config_error=%d", 669 fail->msg, fail->config_error); 670 } 671 672 /* 673 * Need to allow WPS processing to complete, e.g., by sending WSC_NACK. 674 */ 675 wpa_printf(MSG_DEBUG, "WPS: Register timeout to clear WPS network"); 676 eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL); 677 eloop_register_timeout(0, 100000, wpas_wps_clear_timeout, wpa_s, NULL); 678 679 wpas_notify_wps_event_fail(wpa_s, fail); 680 wpas_p2p_wps_failed(wpa_s, fail); 681 } 682 683 684 static void wpas_wps_reenable_networks_cb(void *eloop_ctx, void *timeout_ctx); 685 686 static void wpas_wps_reenable_networks(struct wpa_supplicant *wpa_s) 687 { 688 struct wpa_ssid *ssid; 689 int changed = 0; 690 691 eloop_cancel_timeout(wpas_wps_reenable_networks_cb, wpa_s, NULL); 692 693 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 694 if (ssid->disabled_for_connect && ssid->disabled) { 695 ssid->disabled_for_connect = 0; 696 ssid->disabled = 0; 697 wpas_notify_network_enabled_changed(wpa_s, ssid); 698 changed++; 699 } 700 } 701 702 if (changed) { 703 #ifndef CONFIG_NO_CONFIG_WRITE 704 if (wpa_s->conf->update_config && 705 wpa_config_write(wpa_s->confname, wpa_s->conf)) { 706 wpa_printf(MSG_DEBUG, "WPS: Failed to update " 707 "configuration"); 708 } 709 #endif /* CONFIG_NO_CONFIG_WRITE */ 710 } 711 } 712 713 714 static void wpas_wps_reenable_networks_cb(void *eloop_ctx, void *timeout_ctx) 715 { 716 struct wpa_supplicant *wpa_s = eloop_ctx; 717 /* Enable the networks disabled during wpas_wps_reassoc */ 718 wpas_wps_reenable_networks(wpa_s); 719 } 720 721 722 int wpas_wps_reenable_networks_pending(struct wpa_supplicant *wpa_s) 723 { 724 return eloop_is_timeout_registered(wpas_wps_reenable_networks_cb, 725 wpa_s, NULL); 726 } 727 728 729 static void wpa_supplicant_wps_event_success(struct wpa_supplicant *wpa_s) 730 { 731 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_SUCCESS); 732 wpa_s->wps_success = 1; 733 wpas_notify_wps_event_success(wpa_s); 734 if (wpa_s->current_ssid) 735 wpas_clear_temp_disabled(wpa_s, wpa_s->current_ssid, 1); 736 wpa_s->consecutive_conn_failures = 0; 737 738 /* 739 * Enable the networks disabled during wpas_wps_reassoc after 10 740 * seconds. The 10 seconds timer is to allow the data connection to be 741 * formed before allowing other networks to be selected. 742 */ 743 eloop_register_timeout(10, 0, wpas_wps_reenable_networks_cb, wpa_s, 744 NULL); 745 746 wpas_p2p_wps_success(wpa_s, wpa_s->bssid, 0); 747 } 748 749 750 static void wpa_supplicant_wps_event_er_ap_add(struct wpa_supplicant *wpa_s, 751 struct wps_event_er_ap *ap) 752 { 753 char uuid_str[100]; 754 char dev_type[WPS_DEV_TYPE_BUFSIZE]; 755 756 uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str)); 757 if (ap->pri_dev_type) 758 wps_dev_type_bin2str(ap->pri_dev_type, dev_type, 759 sizeof(dev_type)); 760 else 761 dev_type[0] = '\0'; 762 763 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_ADD "%s " MACSTR 764 " pri_dev_type=%s wps_state=%d |%s|%s|%s|%s|%s|%s|", 765 uuid_str, MAC2STR(ap->mac_addr), dev_type, ap->wps_state, 766 ap->friendly_name ? ap->friendly_name : "", 767 ap->manufacturer ? ap->manufacturer : "", 768 ap->model_description ? ap->model_description : "", 769 ap->model_name ? ap->model_name : "", 770 ap->manufacturer_url ? ap->manufacturer_url : "", 771 ap->model_url ? ap->model_url : ""); 772 } 773 774 775 static void wpa_supplicant_wps_event_er_ap_remove(struct wpa_supplicant *wpa_s, 776 struct wps_event_er_ap *ap) 777 { 778 char uuid_str[100]; 779 uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str)); 780 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_REMOVE "%s", uuid_str); 781 } 782 783 784 static void wpa_supplicant_wps_event_er_enrollee_add( 785 struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee) 786 { 787 char uuid_str[100]; 788 char dev_type[WPS_DEV_TYPE_BUFSIZE]; 789 790 uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str)); 791 if (enrollee->pri_dev_type) 792 wps_dev_type_bin2str(enrollee->pri_dev_type, dev_type, 793 sizeof(dev_type)); 794 else 795 dev_type[0] = '\0'; 796 797 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_ADD "%s " MACSTR 798 " M1=%d config_methods=0x%x dev_passwd_id=%d pri_dev_type=%s " 799 "|%s|%s|%s|%s|%s|", 800 uuid_str, MAC2STR(enrollee->mac_addr), enrollee->m1_received, 801 enrollee->config_methods, enrollee->dev_passwd_id, dev_type, 802 enrollee->dev_name ? enrollee->dev_name : "", 803 enrollee->manufacturer ? enrollee->manufacturer : "", 804 enrollee->model_name ? enrollee->model_name : "", 805 enrollee->model_number ? enrollee->model_number : "", 806 enrollee->serial_number ? enrollee->serial_number : ""); 807 } 808 809 810 static void wpa_supplicant_wps_event_er_enrollee_remove( 811 struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee) 812 { 813 char uuid_str[100]; 814 uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str)); 815 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_REMOVE "%s " MACSTR, 816 uuid_str, MAC2STR(enrollee->mac_addr)); 817 } 818 819 820 static void wpa_supplicant_wps_event_er_ap_settings( 821 struct wpa_supplicant *wpa_s, 822 struct wps_event_er_ap_settings *ap_settings) 823 { 824 char uuid_str[100]; 825 char key_str[65]; 826 const struct wps_credential *cred = ap_settings->cred; 827 828 key_str[0] = '\0'; 829 if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) { 830 if (cred->key_len >= 8 && cred->key_len <= 64) { 831 os_memcpy(key_str, cred->key, cred->key_len); 832 key_str[cred->key_len] = '\0'; 833 } 834 } 835 836 uuid_bin2str(ap_settings->uuid, uuid_str, sizeof(uuid_str)); 837 /* Use wpa_msg_ctrl to avoid showing the key in debug log */ 838 wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_SETTINGS 839 "uuid=%s ssid=%s auth_type=0x%04x encr_type=0x%04x " 840 "key=%s", 841 uuid_str, wpa_ssid_txt(cred->ssid, cred->ssid_len), 842 cred->auth_type, cred->encr_type, key_str); 843 } 844 845 846 static void wpa_supplicant_wps_event_er_set_sel_reg( 847 struct wpa_supplicant *wpa_s, 848 struct wps_event_er_set_selected_registrar *ev) 849 { 850 char uuid_str[100]; 851 852 uuid_bin2str(ev->uuid, uuid_str, sizeof(uuid_str)); 853 switch (ev->state) { 854 case WPS_ER_SET_SEL_REG_START: 855 wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG 856 "uuid=%s state=START sel_reg=%d dev_passwd_id=%u " 857 "sel_reg_config_methods=0x%x", 858 uuid_str, ev->sel_reg, ev->dev_passwd_id, 859 ev->sel_reg_config_methods); 860 break; 861 case WPS_ER_SET_SEL_REG_DONE: 862 wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG 863 "uuid=%s state=DONE", uuid_str); 864 break; 865 case WPS_ER_SET_SEL_REG_FAILED: 866 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_SET_SEL_REG 867 "uuid=%s state=FAILED", uuid_str); 868 break; 869 } 870 } 871 872 873 static void wpa_supplicant_wps_event(void *ctx, enum wps_event event, 874 union wps_event_data *data) 875 { 876 struct wpa_supplicant *wpa_s = ctx; 877 switch (event) { 878 case WPS_EV_M2D: 879 wpa_supplicant_wps_event_m2d(wpa_s, &data->m2d); 880 break; 881 case WPS_EV_FAIL: 882 wpa_supplicant_wps_event_fail(wpa_s, &data->fail); 883 break; 884 case WPS_EV_SUCCESS: 885 wpa_supplicant_wps_event_success(wpa_s); 886 break; 887 case WPS_EV_PWD_AUTH_FAIL: 888 #ifdef CONFIG_AP 889 if (wpa_s->ap_iface && data->pwd_auth_fail.enrollee) 890 wpa_supplicant_ap_pwd_auth_fail(wpa_s); 891 #endif /* CONFIG_AP */ 892 break; 893 case WPS_EV_PBC_OVERLAP: 894 break; 895 case WPS_EV_PBC_TIMEOUT: 896 break; 897 case WPS_EV_PBC_ACTIVE: 898 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ACTIVE); 899 break; 900 case WPS_EV_PBC_DISABLE: 901 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_DISABLE); 902 break; 903 case WPS_EV_ER_AP_ADD: 904 wpa_supplicant_wps_event_er_ap_add(wpa_s, &data->ap); 905 break; 906 case WPS_EV_ER_AP_REMOVE: 907 wpa_supplicant_wps_event_er_ap_remove(wpa_s, &data->ap); 908 break; 909 case WPS_EV_ER_ENROLLEE_ADD: 910 wpa_supplicant_wps_event_er_enrollee_add(wpa_s, 911 &data->enrollee); 912 break; 913 case WPS_EV_ER_ENROLLEE_REMOVE: 914 wpa_supplicant_wps_event_er_enrollee_remove(wpa_s, 915 &data->enrollee); 916 break; 917 case WPS_EV_ER_AP_SETTINGS: 918 wpa_supplicant_wps_event_er_ap_settings(wpa_s, 919 &data->ap_settings); 920 break; 921 case WPS_EV_ER_SET_SELECTED_REGISTRAR: 922 wpa_supplicant_wps_event_er_set_sel_reg(wpa_s, 923 &data->set_sel_reg); 924 break; 925 case WPS_EV_AP_PIN_SUCCESS: 926 break; 927 } 928 } 929 930 931 static int wpa_supplicant_wps_rf_band(void *ctx) 932 { 933 struct wpa_supplicant *wpa_s = ctx; 934 935 if (!wpa_s->current_ssid || !wpa_s->assoc_freq) 936 return 0; 937 938 return (wpa_s->assoc_freq > 50000) ? WPS_RF_60GHZ : 939 (wpa_s->assoc_freq > 2484) ? WPS_RF_50GHZ : WPS_RF_24GHZ; 940 } 941 942 943 enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid) 944 { 945 if (eap_is_wps_pbc_enrollee(&ssid->eap) || 946 eap_is_wps_pin_enrollee(&ssid->eap)) 947 return WPS_REQ_ENROLLEE; 948 else 949 return WPS_REQ_REGISTRAR; 950 } 951 952 953 static void wpas_clear_wps(struct wpa_supplicant *wpa_s) 954 { 955 int id; 956 struct wpa_ssid *ssid, *remove_ssid = NULL, *prev_current; 957 958 wpa_s->after_wps = 0; 959 wpa_s->known_wps_freq = 0; 960 961 prev_current = wpa_s->current_ssid; 962 963 /* Enable the networks disabled during wpas_wps_reassoc */ 964 wpas_wps_reenable_networks(wpa_s); 965 966 eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL); 967 eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL); 968 969 /* Remove any existing WPS network from configuration */ 970 ssid = wpa_s->conf->ssid; 971 while (ssid) { 972 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) { 973 if (ssid == wpa_s->current_ssid) { 974 wpa_s->own_disconnect_req = 1; 975 wpa_supplicant_deauthenticate( 976 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 977 } 978 id = ssid->id; 979 remove_ssid = ssid; 980 } else 981 id = -1; 982 ssid = ssid->next; 983 if (id >= 0) { 984 if (prev_current == remove_ssid) { 985 wpa_sm_set_config(wpa_s->wpa, NULL); 986 eapol_sm_notify_config(wpa_s->eapol, NULL, 987 NULL); 988 } 989 wpas_notify_network_removed(wpa_s, remove_ssid); 990 wpa_config_remove_network(wpa_s->conf, id); 991 } 992 } 993 994 wpas_wps_clear_ap_info(wpa_s); 995 } 996 997 998 static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx) 999 { 1000 struct wpa_supplicant *wpa_s = eloop_ctx; 1001 union wps_event_data data; 1002 1003 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_TIMEOUT "Requested operation timed " 1004 "out"); 1005 os_memset(&data, 0, sizeof(data)); 1006 data.fail.config_error = WPS_CFG_MSG_TIMEOUT; 1007 data.fail.error_indication = WPS_EI_NO_ERROR; 1008 /* 1009 * Call wpas_notify_wps_event_fail() directly instead of through 1010 * wpa_supplicant_wps_event() which would end up registering unnecessary 1011 * timeouts (those are only for the case where the failure happens 1012 * during an EAP-WSC exchange). 1013 */ 1014 wpas_notify_wps_event_fail(wpa_s, &data.fail); 1015 wpa_s->supp_pbc_active = false; 1016 wpa_s->wps_overlap = false; 1017 wpas_clear_wps(wpa_s); 1018 } 1019 1020 1021 static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s, 1022 int registrar, const u8 *dev_addr, 1023 const u8 *bssid) 1024 { 1025 struct wpa_ssid *ssid; 1026 1027 ssid = wpa_config_add_network(wpa_s->conf); 1028 if (ssid == NULL) 1029 return NULL; 1030 wpas_notify_network_added(wpa_s, ssid); 1031 wpa_config_set_network_defaults(ssid); 1032 ssid->temporary = 1; 1033 if (wpa_config_set(ssid, "key_mgmt", "WPS", 0) < 0 || 1034 wpa_config_set(ssid, "eap", "WSC", 0) < 0 || 1035 wpa_config_set(ssid, "identity", registrar ? 1036 "\"" WSC_ID_REGISTRAR "\"" : 1037 "\"" WSC_ID_ENROLLEE "\"", 0) < 0) { 1038 wpas_notify_network_removed(wpa_s, ssid); 1039 wpa_config_remove_network(wpa_s->conf, ssid->id); 1040 return NULL; 1041 } 1042 1043 #ifdef CONFIG_P2P 1044 if (dev_addr) 1045 os_memcpy(ssid->go_p2p_dev_addr, dev_addr, ETH_ALEN); 1046 #endif /* CONFIG_P2P */ 1047 1048 if (bssid) { 1049 #ifndef CONFIG_P2P 1050 struct wpa_bss *bss; 1051 int count = 0; 1052 #endif /* CONFIG_P2P */ 1053 1054 os_memcpy(ssid->bssid, bssid, ETH_ALEN); 1055 ssid->bssid_set = 1; 1056 1057 /* 1058 * Note: With P2P, the SSID may change at the time the WPS 1059 * provisioning is started, so better not filter the AP based 1060 * on the current SSID in the scan results. 1061 */ 1062 #ifndef CONFIG_P2P 1063 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 1064 if (!ether_addr_equal(bssid, bss->bssid)) 1065 continue; 1066 1067 os_free(ssid->ssid); 1068 ssid->ssid = os_memdup(bss->ssid, bss->ssid_len); 1069 if (ssid->ssid == NULL) 1070 break; 1071 ssid->ssid_len = bss->ssid_len; 1072 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from " 1073 "scan results", 1074 ssid->ssid, ssid->ssid_len); 1075 count++; 1076 } 1077 1078 if (count > 1) { 1079 wpa_printf(MSG_DEBUG, "WPS: More than one SSID found " 1080 "for the AP; use wildcard"); 1081 os_free(ssid->ssid); 1082 ssid->ssid = NULL; 1083 ssid->ssid_len = 0; 1084 } 1085 #endif /* CONFIG_P2P */ 1086 } 1087 1088 return ssid; 1089 } 1090 1091 1092 static void wpas_wps_temp_disable(struct wpa_supplicant *wpa_s, 1093 struct wpa_ssid *selected) 1094 { 1095 struct wpa_ssid *ssid; 1096 1097 if (wpa_s->current_ssid) { 1098 wpa_s->own_disconnect_req = 1; 1099 wpa_supplicant_deauthenticate( 1100 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 1101 } 1102 1103 /* Mark all other networks disabled and trigger reassociation */ 1104 ssid = wpa_s->conf->ssid; 1105 while (ssid) { 1106 int was_disabled = ssid->disabled; 1107 ssid->disabled_for_connect = 0; 1108 /* 1109 * In case the network object corresponds to a persistent group 1110 * then do not send out network disabled signal. In addition, 1111 * do not change disabled status of persistent network objects 1112 * from 2 to 1 should we connect to another network. 1113 */ 1114 if (was_disabled != 2) { 1115 ssid->disabled = ssid != selected; 1116 if (was_disabled != ssid->disabled) { 1117 if (ssid->disabled) 1118 ssid->disabled_for_connect = 1; 1119 wpas_notify_network_enabled_changed(wpa_s, 1120 ssid); 1121 } 1122 } 1123 ssid = ssid->next; 1124 } 1125 } 1126 1127 1128 static void wpas_wps_reassoc(struct wpa_supplicant *wpa_s, 1129 struct wpa_ssid *selected, const u8 *bssid, 1130 int freq) 1131 { 1132 struct wpa_bss *bss; 1133 1134 wpa_s->wps_run++; 1135 if (wpa_s->wps_run == 0) 1136 wpa_s->wps_run++; 1137 wpa_s->after_wps = 0; 1138 wpa_s->known_wps_freq = 0; 1139 if (freq) { 1140 wpa_s->after_wps = 5; 1141 wpa_s->wps_freq = freq; 1142 } else if (bssid) { 1143 bss = wpa_bss_get_bssid_latest(wpa_s, bssid); 1144 if (bss && bss->freq > 0) { 1145 wpa_s->known_wps_freq = 1; 1146 wpa_s->wps_freq = bss->freq; 1147 } 1148 } 1149 1150 wpas_wps_temp_disable(wpa_s, selected); 1151 1152 wpa_s->disconnected = 0; 1153 wpa_s->reassociate = 1; 1154 wpa_s->scan_runs = 0; 1155 wpa_s->normal_scans = 0; 1156 wpa_s->wps_success = 0; 1157 wpa_s->bssid_ignore_cleared = false; 1158 1159 wpa_supplicant_cancel_sched_scan(wpa_s); 1160 wpa_supplicant_req_scan(wpa_s, 0, 0); 1161 } 1162 1163 1164 int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid, 1165 int p2p_group, int multi_ap_backhaul_sta) 1166 { 1167 struct wpa_ssid *ssid; 1168 char phase1[32]; 1169 1170 #ifdef CONFIG_AP 1171 if (wpa_s->ap_iface) { 1172 wpa_printf(MSG_DEBUG, 1173 "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled"); 1174 return -1; 1175 } 1176 #endif /* CONFIG_AP */ 1177 wpas_clear_wps(wpa_s); 1178 ssid = wpas_wps_add_network(wpa_s, 0, NULL, bssid); 1179 if (ssid == NULL) 1180 return -1; 1181 ssid->temporary = 1; 1182 ssid->p2p_group = p2p_group; 1183 /* 1184 * When starting a regular WPS process (not P2P group formation) 1185 * the registrar/final station can be either AP or PCP 1186 * so use a "don't care" value for the pbss flag. 1187 */ 1188 if (!p2p_group) 1189 ssid->pbss = 2; 1190 #ifdef CONFIG_P2P 1191 if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) { 1192 ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1); 1193 if (ssid->ssid) { 1194 ssid->ssid_len = wpa_s->go_params->ssid_len; 1195 os_memcpy(ssid->ssid, wpa_s->go_params->ssid, 1196 ssid->ssid_len); 1197 if (wpa_s->go_params->freq > 56160) { 1198 /* P2P in 60 GHz uses PBSS */ 1199 ssid->pbss = 1; 1200 } 1201 if (wpa_s->go_params->edmg && 1202 wpas_p2p_try_edmg_channel(wpa_s, 1203 wpa_s->go_params) == 0) 1204 ssid->enable_edmg = 1; 1205 1206 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP " 1207 "SSID", ssid->ssid, ssid->ssid_len); 1208 } 1209 } 1210 #endif /* CONFIG_P2P */ 1211 if (multi_ap_backhaul_sta) 1212 os_snprintf(phase1, sizeof(phase1), "pbc=1 multi_ap=%d", 1213 multi_ap_backhaul_sta); 1214 else 1215 os_snprintf(phase1, sizeof(phase1), "pbc=1"); 1216 if (wpa_config_set_quoted(ssid, "phase1", phase1) < 0) 1217 return -1; 1218 if (wpa_s->wps_fragment_size) 1219 ssid->eap.fragment_size = wpa_s->wps_fragment_size; 1220 if (multi_ap_backhaul_sta) { 1221 ssid->multi_ap_backhaul_sta = 1; 1222 ssid->multi_ap_profile = multi_ap_backhaul_sta; 1223 } 1224 wpa_s->supp_pbc_active = true; 1225 wpa_s->wps_overlap = false; 1226 wpa_supplicant_wps_event(wpa_s, WPS_EV_PBC_ACTIVE, NULL); 1227 eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout, 1228 wpa_s, NULL); 1229 wpas_wps_reassoc(wpa_s, ssid, bssid, 0); 1230 return 0; 1231 } 1232 1233 1234 static int wpas_wps_start_dev_pw(struct wpa_supplicant *wpa_s, 1235 const u8 *dev_addr, const u8 *bssid, 1236 const char *pin, int p2p_group, u16 dev_pw_id, 1237 const u8 *peer_pubkey_hash, 1238 const u8 *ssid_val, size_t ssid_len, int freq) 1239 { 1240 struct wpa_ssid *ssid; 1241 char val[128 + 2 * WPS_OOB_PUBKEY_HASH_LEN]; 1242 unsigned int rpin = 0; 1243 char hash[2 * WPS_OOB_PUBKEY_HASH_LEN + 10]; 1244 1245 #ifdef CONFIG_AP 1246 if (wpa_s->ap_iface) { 1247 wpa_printf(MSG_DEBUG, 1248 "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled"); 1249 return -1; 1250 } 1251 #endif /* CONFIG_AP */ 1252 wpas_clear_wps(wpa_s); 1253 if (bssid && is_zero_ether_addr(bssid)) 1254 bssid = NULL; 1255 ssid = wpas_wps_add_network(wpa_s, 0, dev_addr, bssid); 1256 if (ssid == NULL) { 1257 wpa_printf(MSG_DEBUG, "WPS: Could not add network"); 1258 return -1; 1259 } 1260 ssid->temporary = 1; 1261 ssid->p2p_group = p2p_group; 1262 /* 1263 * When starting a regular WPS process (not P2P group formation) 1264 * the registrar/final station can be either AP or PCP 1265 * so use a "don't care" value for the pbss flag. 1266 */ 1267 if (!p2p_group) 1268 ssid->pbss = 2; 1269 if (ssid_val) { 1270 ssid->ssid = os_malloc(ssid_len); 1271 if (ssid->ssid) { 1272 os_memcpy(ssid->ssid, ssid_val, ssid_len); 1273 ssid->ssid_len = ssid_len; 1274 } 1275 } 1276 if (peer_pubkey_hash) { 1277 os_memcpy(hash, " pkhash=", 8); 1278 wpa_snprintf_hex_uppercase(hash + 8, sizeof(hash) - 8, 1279 peer_pubkey_hash, 1280 WPS_OOB_PUBKEY_HASH_LEN); 1281 } else { 1282 hash[0] = '\0'; 1283 } 1284 #ifdef CONFIG_P2P 1285 if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) { 1286 os_free(ssid->ssid); 1287 ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1); 1288 if (ssid->ssid) { 1289 ssid->ssid_len = wpa_s->go_params->ssid_len; 1290 os_memcpy(ssid->ssid, wpa_s->go_params->ssid, 1291 ssid->ssid_len); 1292 if (wpa_s->go_params->freq > 56160) { 1293 /* P2P in 60 GHz uses PBSS */ 1294 ssid->pbss = 1; 1295 } 1296 if (wpa_s->go_params->edmg && 1297 wpas_p2p_try_edmg_channel(wpa_s, 1298 wpa_s->go_params) == 0) 1299 ssid->enable_edmg = 1; 1300 1301 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP " 1302 "SSID", ssid->ssid, ssid->ssid_len); 1303 } 1304 } 1305 #endif /* CONFIG_P2P */ 1306 if (pin) 1307 os_snprintf(val, sizeof(val), "\"pin=%s dev_pw_id=%u%s\"", 1308 pin, dev_pw_id, hash); 1309 else if (pin == NULL && dev_pw_id == DEV_PW_NFC_CONNECTION_HANDOVER) { 1310 os_snprintf(val, sizeof(val), "\"dev_pw_id=%u%s\"", 1311 dev_pw_id, hash); 1312 } else { 1313 if (wps_generate_pin(&rpin) < 0) { 1314 wpa_printf(MSG_DEBUG, "WPS: Could not generate PIN"); 1315 return -1; 1316 } 1317 os_snprintf(val, sizeof(val), "\"pin=%08d dev_pw_id=%u%s\"", 1318 rpin, dev_pw_id, hash); 1319 } 1320 if (wpa_config_set(ssid, "phase1", val, 0) < 0) { 1321 wpa_printf(MSG_DEBUG, "WPS: Failed to set phase1 '%s'", val); 1322 return -1; 1323 } 1324 1325 if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER) 1326 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_PIN_ACTIVE); 1327 1328 if (wpa_s->wps_fragment_size) 1329 ssid->eap.fragment_size = wpa_s->wps_fragment_size; 1330 eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout, 1331 wpa_s, NULL); 1332 wpa_s->wps_ap_iter = 1; 1333 wpas_wps_reassoc(wpa_s, ssid, bssid, freq); 1334 return rpin; 1335 } 1336 1337 1338 int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid, 1339 const char *pin, int p2p_group, u16 dev_pw_id) 1340 { 1341 os_get_reltime(&wpa_s->wps_pin_start_time); 1342 return wpas_wps_start_dev_pw(wpa_s, NULL, bssid, pin, p2p_group, 1343 dev_pw_id, NULL, NULL, 0, 0); 1344 } 1345 1346 1347 void wpas_wps_pbc_overlap(struct wpa_supplicant *wpa_s) 1348 { 1349 union wps_event_data data; 1350 1351 os_memset(&data, 0, sizeof(data)); 1352 data.fail.config_error = WPS_CFG_MULTIPLE_PBC_DETECTED; 1353 data.fail.error_indication = WPS_EI_NO_ERROR; 1354 /* 1355 * Call wpas_notify_wps_event_fail() directly instead of through 1356 * wpa_supplicant_wps_event() which would end up registering unnecessary 1357 * timeouts (those are only for the case where the failure happens 1358 * during an EAP-WSC exchange). 1359 */ 1360 wpas_notify_wps_event_fail(wpa_s, &data.fail); 1361 } 1362 1363 /* Cancel the wps pbc/pin requests */ 1364 int wpas_wps_cancel(struct wpa_supplicant *wpa_s) 1365 { 1366 #ifdef CONFIG_AP 1367 if (wpa_s->ap_iface) { 1368 wpa_printf(MSG_DEBUG, "WPS: Cancelling in AP mode"); 1369 return wpa_supplicant_ap_wps_cancel(wpa_s); 1370 } 1371 #endif /* CONFIG_AP */ 1372 1373 if (wpa_s->wpa_state == WPA_SCANNING || 1374 wpa_s->wpa_state == WPA_DISCONNECTED) { 1375 wpa_printf(MSG_DEBUG, "WPS: Cancel operation - cancel scan"); 1376 wpa_supplicant_cancel_scan(wpa_s); 1377 wpas_clear_wps(wpa_s); 1378 } else if (wpa_s->wpa_state >= WPA_ASSOCIATED) { 1379 wpa_printf(MSG_DEBUG, "WPS: Cancel operation - " 1380 "deauthenticate"); 1381 wpa_s->own_disconnect_req = 1; 1382 wpa_supplicant_deauthenticate(wpa_s, 1383 WLAN_REASON_DEAUTH_LEAVING); 1384 wpas_clear_wps(wpa_s); 1385 } else { 1386 wpas_wps_reenable_networks(wpa_s); 1387 wpas_wps_clear_ap_info(wpa_s); 1388 if (eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL) > 1389 0) 1390 wpas_clear_wps(wpa_s); 1391 } 1392 1393 wpa_s->supp_pbc_active = false; 1394 wpa_s->wps_overlap = false; 1395 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CANCEL); 1396 wpa_s->after_wps = 0; 1397 1398 return 0; 1399 } 1400 1401 1402 int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid, 1403 const char *pin, struct wps_new_ap_settings *settings) 1404 { 1405 struct wpa_ssid *ssid; 1406 char val[200]; 1407 char *pos, *end; 1408 int res; 1409 1410 #ifdef CONFIG_AP 1411 if (wpa_s->ap_iface) { 1412 wpa_printf(MSG_DEBUG, 1413 "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled"); 1414 return -1; 1415 } 1416 #endif /* CONFIG_AP */ 1417 if (!pin) 1418 return -1; 1419 wpas_clear_wps(wpa_s); 1420 ssid = wpas_wps_add_network(wpa_s, 1, NULL, bssid); 1421 if (ssid == NULL) 1422 return -1; 1423 ssid->temporary = 1; 1424 pos = val; 1425 end = pos + sizeof(val); 1426 res = os_snprintf(pos, end - pos, "\"pin=%s", pin); 1427 if (os_snprintf_error(end - pos, res)) 1428 return -1; 1429 pos += res; 1430 if (settings) { 1431 res = os_snprintf(pos, end - pos, " new_ssid=%s new_auth=%s " 1432 "new_encr=%s new_key=%s", 1433 settings->ssid_hex, settings->auth, 1434 settings->encr, settings->key_hex); 1435 if (os_snprintf_error(end - pos, res)) 1436 return -1; 1437 pos += res; 1438 } 1439 res = os_snprintf(pos, end - pos, "\""); 1440 if (os_snprintf_error(end - pos, res)) 1441 return -1; 1442 if (wpa_config_set(ssid, "phase1", val, 0) < 0) 1443 return -1; 1444 if (wpa_s->wps_fragment_size) 1445 ssid->eap.fragment_size = wpa_s->wps_fragment_size; 1446 eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout, 1447 wpa_s, NULL); 1448 wpas_wps_reassoc(wpa_s, ssid, bssid, 0); 1449 return 0; 1450 } 1451 1452 1453 static int wpas_wps_new_psk_cb(void *ctx, const u8 *mac_addr, 1454 const u8 *p2p_dev_addr, const u8 *psk, 1455 size_t psk_len) 1456 { 1457 if (is_zero_ether_addr(p2p_dev_addr)) { 1458 wpa_printf(MSG_DEBUG, 1459 "Received new WPA/WPA2-PSK from WPS for STA " MACSTR, 1460 MAC2STR(mac_addr)); 1461 } else { 1462 wpa_printf(MSG_DEBUG, 1463 "Received new WPA/WPA2-PSK from WPS for STA " MACSTR 1464 " P2P Device Addr " MACSTR, 1465 MAC2STR(mac_addr), MAC2STR(p2p_dev_addr)); 1466 } 1467 wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len); 1468 1469 /* TODO */ 1470 1471 return 0; 1472 } 1473 1474 1475 static void wpas_wps_pin_needed_cb(void *ctx, const u8 *uuid_e, 1476 const struct wps_device_data *dev) 1477 { 1478 char uuid[40], txt[400]; 1479 int len; 1480 char devtype[WPS_DEV_TYPE_BUFSIZE]; 1481 if (uuid_bin2str(uuid_e, uuid, sizeof(uuid))) 1482 return; 1483 wpa_printf(MSG_DEBUG, "WPS: PIN needed for UUID-E %s", uuid); 1484 len = os_snprintf(txt, sizeof(txt), "WPS-EVENT-PIN-NEEDED %s " MACSTR 1485 " [%s|%s|%s|%s|%s|%s]", 1486 uuid, MAC2STR(dev->mac_addr), dev->device_name, 1487 dev->manufacturer, dev->model_name, 1488 dev->model_number, dev->serial_number, 1489 wps_dev_type_bin2str(dev->pri_dev_type, devtype, 1490 sizeof(devtype))); 1491 if (!os_snprintf_error(sizeof(txt), len)) 1492 wpa_printf(MSG_INFO, "%s", txt); 1493 } 1494 1495 1496 static void wpas_wps_set_sel_reg_cb(void *ctx, int sel_reg, u16 dev_passwd_id, 1497 u16 sel_reg_config_methods) 1498 { 1499 #ifdef CONFIG_WPS_ER 1500 struct wpa_supplicant *wpa_s = ctx; 1501 1502 if (wpa_s->wps_er == NULL) 1503 return; 1504 wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar - sel_reg=%d " 1505 "dev_password_id=%u sel_reg_config_methods=0x%x", 1506 sel_reg, dev_passwd_id, sel_reg_config_methods); 1507 wps_er_set_sel_reg(wpa_s->wps_er, sel_reg, dev_passwd_id, 1508 sel_reg_config_methods); 1509 #endif /* CONFIG_WPS_ER */ 1510 } 1511 1512 1513 static u16 wps_fix_config_methods(u16 config_methods) 1514 { 1515 if ((config_methods & 1516 (WPS_CONFIG_DISPLAY | WPS_CONFIG_VIRT_DISPLAY | 1517 WPS_CONFIG_PHY_DISPLAY)) == WPS_CONFIG_DISPLAY) { 1518 wpa_printf(MSG_INFO, "WPS: Converting display to " 1519 "virtual_display for WPS 2.0 compliance"); 1520 config_methods |= WPS_CONFIG_VIRT_DISPLAY; 1521 } 1522 if ((config_methods & 1523 (WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON | 1524 WPS_CONFIG_PHY_PUSHBUTTON)) == WPS_CONFIG_PUSHBUTTON) { 1525 wpa_printf(MSG_INFO, "WPS: Converting push_button to " 1526 "virtual_push_button for WPS 2.0 compliance"); 1527 config_methods |= WPS_CONFIG_VIRT_PUSHBUTTON; 1528 } 1529 1530 return config_methods; 1531 } 1532 1533 1534 static void wpas_wps_set_uuid(struct wpa_supplicant *wpa_s, 1535 struct wps_context *wps) 1536 { 1537 char buf[50]; 1538 const char *src; 1539 1540 if (is_nil_uuid(wpa_s->conf->uuid)) { 1541 struct wpa_supplicant *first; 1542 first = wpa_s->global->ifaces; 1543 while (first && first->next) 1544 first = first->next; 1545 if (first && first != wpa_s) { 1546 if (wps != wpa_s->global->ifaces->wps) 1547 os_memcpy(wps->uuid, 1548 wpa_s->global->ifaces->wps->uuid, 1549 WPS_UUID_LEN); 1550 src = "from the first interface"; 1551 } else if (wpa_s->conf->auto_uuid == 1) { 1552 uuid_random(wps->uuid); 1553 src = "based on random data"; 1554 } else { 1555 uuid_gen_mac_addr(wpa_s->own_addr, wps->uuid); 1556 src = "based on MAC address"; 1557 } 1558 } else { 1559 os_memcpy(wps->uuid, wpa_s->conf->uuid, WPS_UUID_LEN); 1560 src = "based on configuration"; 1561 } 1562 1563 uuid_bin2str(wps->uuid, buf, sizeof(buf)); 1564 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: UUID %s: %s", src, buf); 1565 } 1566 1567 1568 static void wpas_wps_set_vendor_ext_m1(struct wpa_supplicant *wpa_s, 1569 struct wps_context *wps) 1570 { 1571 wpabuf_free(wps->dev.vendor_ext_m1); 1572 wps->dev.vendor_ext_m1 = NULL; 1573 1574 if (wpa_s->conf->wps_vendor_ext_m1) { 1575 wps->dev.vendor_ext_m1 = 1576 wpabuf_dup(wpa_s->conf->wps_vendor_ext_m1); 1577 if (!wps->dev.vendor_ext_m1) { 1578 wpa_printf(MSG_ERROR, "WPS: Cannot " 1579 "allocate memory for vendor_ext_m1"); 1580 } 1581 } 1582 } 1583 1584 1585 int wpas_wps_init(struct wpa_supplicant *wpa_s) 1586 { 1587 struct wps_context *wps; 1588 struct wps_registrar_config rcfg; 1589 struct hostapd_hw_modes *modes; 1590 u16 m; 1591 1592 wps = os_zalloc(sizeof(*wps)); 1593 if (wps == NULL) 1594 return -1; 1595 1596 wps->cred_cb = wpa_supplicant_wps_cred; 1597 wps->event_cb = wpa_supplicant_wps_event; 1598 wps->rf_band_cb = wpa_supplicant_wps_rf_band; 1599 wps->cb_ctx = wpa_s; 1600 1601 wps->dev.device_name = wpa_s->conf->device_name; 1602 wps->dev.manufacturer = wpa_s->conf->manufacturer; 1603 wps->dev.model_name = wpa_s->conf->model_name; 1604 wps->dev.model_number = wpa_s->conf->model_number; 1605 wps->dev.serial_number = wpa_s->conf->serial_number; 1606 wps->config_methods = 1607 wps_config_methods_str2bin(wpa_s->conf->config_methods); 1608 if ((wps->config_methods & (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) == 1609 (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) { 1610 wpa_printf(MSG_ERROR, "WPS: Both Label and Display config " 1611 "methods are not allowed at the same time"); 1612 os_free(wps); 1613 return -1; 1614 } 1615 wps->config_methods = wps_fix_config_methods(wps->config_methods); 1616 wps->dev.config_methods = wps->config_methods; 1617 os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type, 1618 WPS_DEV_TYPE_LEN); 1619 1620 wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types; 1621 os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type, 1622 WPS_DEV_TYPE_LEN * wps->dev.num_sec_dev_types); 1623 1624 wpas_wps_set_vendor_ext_m1(wpa_s, wps); 1625 1626 wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version); 1627 modes = wpa_s->hw.modes; 1628 if (modes) { 1629 for (m = 0; m < wpa_s->hw.num_modes; m++) { 1630 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B || 1631 modes[m].mode == HOSTAPD_MODE_IEEE80211G) 1632 wps->dev.rf_bands |= WPS_RF_24GHZ; 1633 else if (modes[m].mode == HOSTAPD_MODE_IEEE80211A) 1634 wps->dev.rf_bands |= WPS_RF_50GHZ; 1635 else if (modes[m].mode == HOSTAPD_MODE_IEEE80211AD) 1636 wps->dev.rf_bands |= WPS_RF_60GHZ; 1637 } 1638 } 1639 if (wps->dev.rf_bands == 0) { 1640 /* 1641 * Default to claiming support for both bands if the driver 1642 * does not provide support for fetching supported bands. 1643 */ 1644 wps->dev.rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ; 1645 } 1646 os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN); 1647 wpas_wps_set_uuid(wpa_s, wps); 1648 1649 #ifdef CONFIG_NO_TKIP 1650 wps->auth_types = WPS_AUTH_WPA2PSK; 1651 wps->encr_types = WPS_ENCR_AES; 1652 #else /* CONFIG_NO_TKIP */ 1653 wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK; 1654 wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP; 1655 #endif /* CONFIG_NO_TKIP */ 1656 1657 os_memset(&rcfg, 0, sizeof(rcfg)); 1658 rcfg.new_psk_cb = wpas_wps_new_psk_cb; 1659 rcfg.pin_needed_cb = wpas_wps_pin_needed_cb; 1660 rcfg.set_sel_reg_cb = wpas_wps_set_sel_reg_cb; 1661 rcfg.cb_ctx = wpa_s; 1662 1663 wps->registrar = wps_registrar_init(wps, &rcfg); 1664 if (wps->registrar == NULL) { 1665 wpa_printf(MSG_DEBUG, "Failed to initialize WPS Registrar"); 1666 os_free(wps); 1667 return -1; 1668 } 1669 1670 wpa_s->wps = wps; 1671 1672 return 0; 1673 } 1674 1675 1676 #ifdef CONFIG_WPS_ER 1677 static void wpas_wps_nfc_clear(struct wps_context *wps) 1678 { 1679 wps->ap_nfc_dev_pw_id = 0; 1680 wpabuf_free(wps->ap_nfc_dh_pubkey); 1681 wps->ap_nfc_dh_pubkey = NULL; 1682 wpabuf_free(wps->ap_nfc_dh_privkey); 1683 wps->ap_nfc_dh_privkey = NULL; 1684 wpabuf_free(wps->ap_nfc_dev_pw); 1685 wps->ap_nfc_dev_pw = NULL; 1686 } 1687 #endif /* CONFIG_WPS_ER */ 1688 1689 1690 void wpas_wps_deinit(struct wpa_supplicant *wpa_s) 1691 { 1692 wpas_wps_assoc_with_cred_cancel(wpa_s); 1693 eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL); 1694 eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL); 1695 eloop_cancel_timeout(wpas_wps_reenable_networks_cb, wpa_s, NULL); 1696 wpas_wps_clear_ap_info(wpa_s); 1697 1698 #ifdef CONFIG_P2P 1699 eloop_cancel_timeout(wpas_p2p_pbc_overlap_cb, wpa_s, NULL); 1700 #endif /* CONFIG_P2P */ 1701 1702 if (wpa_s->wps == NULL) 1703 return; 1704 1705 #ifdef CONFIG_WPS_ER 1706 wps_er_deinit(wpa_s->wps_er, NULL, NULL); 1707 wpa_s->wps_er = NULL; 1708 wpas_wps_nfc_clear(wpa_s->wps); 1709 #endif /* CONFIG_WPS_ER */ 1710 1711 wps_registrar_deinit(wpa_s->wps->registrar); 1712 wpabuf_free(wpa_s->wps->dh_pubkey); 1713 wpabuf_free(wpa_s->wps->dh_privkey); 1714 wpabuf_free(wpa_s->wps->dev.vendor_ext_m1); 1715 os_free(wpa_s->wps->network_key); 1716 os_free(wpa_s->wps); 1717 wpa_s->wps = NULL; 1718 } 1719 1720 1721 int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s, 1722 struct wpa_ssid *ssid, struct wpa_bss *bss) 1723 { 1724 struct wpabuf *wps_ie; 1725 1726 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 1727 return -1; 1728 1729 wps_ie = wpas_wps_get_wps_ie(bss); 1730 if (eap_is_wps_pbc_enrollee(&ssid->eap)) { 1731 if (!wps_ie) { 1732 wpa_printf(MSG_DEBUG, " skip - non-WPS AP"); 1733 return 0; 1734 } 1735 1736 if (!wps_is_selected_pbc_registrar(wps_ie)) { 1737 wpa_printf(MSG_DEBUG, " skip - WPS AP " 1738 "without active PBC Registrar"); 1739 wpabuf_free(wps_ie); 1740 return 0; 1741 } 1742 1743 /* TODO: overlap detection */ 1744 wpa_printf(MSG_DEBUG, " selected based on WPS IE " 1745 "(Active PBC)"); 1746 wpabuf_free(wps_ie); 1747 return 1; 1748 } 1749 1750 if (eap_is_wps_pin_enrollee(&ssid->eap)) { 1751 if (!wps_ie) { 1752 wpa_printf(MSG_DEBUG, " skip - non-WPS AP"); 1753 return 0; 1754 } 1755 1756 /* 1757 * Start with WPS APs that advertise our address as an 1758 * authorized MAC (v2.0) or active PIN Registrar (v1.0) and 1759 * allow any WPS AP after couple of scans since some APs do not 1760 * set Selected Registrar attribute properly when using 1761 * external Registrar. 1762 */ 1763 if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) { 1764 struct os_reltime age; 1765 1766 os_reltime_age(&wpa_s->wps_pin_start_time, &age); 1767 1768 if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG || 1769 age.sec < WPS_PIN_TIME_IGNORE_SEL_REG) { 1770 wpa_printf(MSG_DEBUG, 1771 " skip - WPS AP without active PIN Registrar (scan_runs=%d age=%d)", 1772 wpa_s->scan_runs, (int) age.sec); 1773 wpabuf_free(wps_ie); 1774 return 0; 1775 } 1776 wpa_printf(MSG_DEBUG, " selected based on WPS IE"); 1777 } else { 1778 wpa_printf(MSG_DEBUG, " selected based on WPS IE " 1779 "(Authorized MAC or Active PIN)"); 1780 } 1781 wpabuf_free(wps_ie); 1782 return 1; 1783 } 1784 1785 if (wps_ie) { 1786 wpa_printf(MSG_DEBUG, " selected based on WPS IE"); 1787 wpabuf_free(wps_ie); 1788 return 1; 1789 } 1790 1791 return -1; 1792 } 1793 1794 1795 int wpas_wps_ssid_wildcard_ok(struct wpa_supplicant *wpa_s, 1796 struct wpa_ssid *ssid, 1797 struct wpa_bss *bss) 1798 { 1799 struct wpabuf *wps_ie = NULL; 1800 int ret = 0; 1801 1802 if (eap_is_wps_pbc_enrollee(&ssid->eap)) { 1803 wps_ie = wpas_wps_get_wps_ie(bss); 1804 if (wps_ie && wps_is_selected_pbc_registrar(wps_ie)) { 1805 /* allow wildcard SSID for WPS PBC */ 1806 ret = 1; 1807 } 1808 } else if (eap_is_wps_pin_enrollee(&ssid->eap)) { 1809 wps_ie = wpas_wps_get_wps_ie(bss); 1810 if (wps_ie && 1811 (wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1) || 1812 wpa_s->scan_runs >= WPS_PIN_SCAN_IGNORE_SEL_REG)) { 1813 /* allow wildcard SSID for WPS PIN */ 1814 ret = 1; 1815 } 1816 } 1817 1818 if (!ret && ssid->bssid_set && 1819 ether_addr_equal(ssid->bssid, bss->bssid)) { 1820 /* allow wildcard SSID due to hardcoded BSSID match */ 1821 ret = 1; 1822 } 1823 1824 #ifdef CONFIG_WPS_STRICT 1825 if (wps_ie) { 1826 if (wps_validate_beacon_probe_resp(wps_ie, bss->beacon_ie_len > 1827 0, bss->bssid) < 0) 1828 ret = 0; 1829 if (bss->beacon_ie_len) { 1830 struct wpabuf *bcn_wps; 1831 bcn_wps = wpa_bss_get_vendor_ie_multi_beacon( 1832 bss, WPS_IE_VENDOR_TYPE); 1833 if (bcn_wps == NULL) { 1834 wpa_printf(MSG_DEBUG, "WPS: Mandatory WPS IE " 1835 "missing from AP Beacon"); 1836 ret = 0; 1837 } else { 1838 if (wps_validate_beacon(wps_ie) < 0) 1839 ret = 0; 1840 wpabuf_free(bcn_wps); 1841 } 1842 } 1843 } 1844 #endif /* CONFIG_WPS_STRICT */ 1845 1846 wpabuf_free(wps_ie); 1847 1848 return ret; 1849 } 1850 1851 1852 static bool wpas_wps_is_pbc_overlap(struct wps_ap_info *ap, 1853 struct wpa_bss *selected, 1854 struct wpa_ssid *ssid, 1855 const u8 *sel_uuid) 1856 { 1857 if (!ap->pbc_active || 1858 ether_addr_equal(selected->bssid, ap->bssid)) 1859 return false; 1860 1861 if (!is_zero_ether_addr(ssid->bssid) && 1862 !ether_addr_equal(ap->bssid, ssid->bssid)) { 1863 wpa_printf(MSG_DEBUG, "WPS: Ignore another BSS " MACSTR 1864 " in active PBC mode due to local BSSID limitation", 1865 MAC2STR(ap->bssid)); 1866 return 0; 1867 } 1868 1869 wpa_printf(MSG_DEBUG, "WPS: Another BSS in active PBC mode: " MACSTR, 1870 MAC2STR(ap->bssid)); 1871 wpa_hexdump(MSG_DEBUG, "WPS: UUID of the other BSS", 1872 ap->uuid, UUID_LEN); 1873 if (!sel_uuid || os_memcmp(sel_uuid, ap->uuid, UUID_LEN) != 0) 1874 return true; 1875 1876 /* TODO: verify that this is reasonable dual-band situation */ 1877 1878 return false; 1879 } 1880 1881 1882 int wpas_wps_scan_pbc_overlap(struct wpa_supplicant *wpa_s, 1883 struct wpa_bss *selected, struct wpa_ssid *ssid) 1884 { 1885 struct wpa_supplicant *iface; 1886 const u8 *sel_uuid; 1887 struct wpabuf *wps_ie; 1888 int ret = 0; 1889 size_t i; 1890 1891 if (!eap_is_wps_pbc_enrollee(&ssid->eap)) 1892 return 0; 1893 1894 wpa_printf(MSG_DEBUG, "WPS: Check whether PBC session overlap is " 1895 "present in scan results; selected BSSID " MACSTR, 1896 MAC2STR(selected->bssid)); 1897 if (!is_zero_ether_addr(ssid->bssid)) 1898 wpa_printf(MSG_DEBUG, 1899 "WPS: Network profile limited to accept only a single BSSID " MACSTR, 1900 MAC2STR(ssid->bssid)); 1901 1902 /* Make sure that only one AP is in active PBC mode */ 1903 wps_ie = wpa_bss_get_vendor_ie_multi(selected, WPS_IE_VENDOR_TYPE); 1904 if (wps_ie) { 1905 sel_uuid = wps_get_uuid_e(wps_ie); 1906 wpa_hexdump(MSG_DEBUG, "WPS: UUID of the selected BSS", 1907 sel_uuid, UUID_LEN); 1908 } else { 1909 wpa_printf(MSG_DEBUG, "WPS: Selected BSS does not include " 1910 "WPS IE?!"); 1911 sel_uuid = NULL; 1912 } 1913 1914 for (iface = wpa_s->global->ifaces; iface; iface = iface->next) { 1915 for (i = 0; i < iface->num_wps_ap; i++) { 1916 struct wps_ap_info *ap = &iface->wps_ap[i]; 1917 1918 if (wpas_wps_is_pbc_overlap(ap, selected, ssid, 1919 sel_uuid)) { 1920 ret = 1; /* PBC overlap */ 1921 wpa_msg(iface, MSG_INFO, 1922 "WPS: PBC overlap detected: " 1923 MACSTR " and " MACSTR, 1924 MAC2STR(selected->bssid), 1925 MAC2STR(ap->bssid)); 1926 break; 1927 } 1928 } 1929 } 1930 1931 wpabuf_free(wps_ie); 1932 1933 return ret; 1934 } 1935 1936 1937 void wpas_wps_notify_scan_results(struct wpa_supplicant *wpa_s) 1938 { 1939 struct wpa_bss *bss; 1940 unsigned int pbc = 0, auth = 0, pin = 0, wps = 0; 1941 1942 if (wpa_s->disconnected || wpa_s->wpa_state >= WPA_ASSOCIATED) 1943 return; 1944 1945 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 1946 struct wpabuf *ie; 1947 1948 ie = wpas_wps_get_wps_ie(bss); 1949 if (!ie) 1950 continue; 1951 if (wps_is_selected_pbc_registrar(ie)) 1952 pbc++; 1953 else if (wps_is_addr_authorized(ie, wpa_s->own_addr, 0)) 1954 auth++; 1955 else if (wps_is_selected_pin_registrar(ie)) 1956 pin++; 1957 else 1958 wps++; 1959 wpabuf_free(ie); 1960 } 1961 1962 if (pbc) 1963 wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PBC); 1964 else if (auth) 1965 wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_AUTH); 1966 else if (pin) 1967 wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PIN); 1968 else if (wps) 1969 wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE); 1970 } 1971 1972 1973 int wpas_wps_searching(struct wpa_supplicant *wpa_s) 1974 { 1975 struct wpa_ssid *ssid; 1976 1977 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1978 if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && !ssid->disabled) 1979 return 1; 1980 } 1981 1982 return 0; 1983 } 1984 1985 1986 int wpas_wps_scan_result_text(const u8 *ies, size_t ies_len, char *buf, 1987 char *end) 1988 { 1989 struct wpabuf *wps_ie; 1990 int ret; 1991 1992 wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, WPS_DEV_OUI_WFA); 1993 if (wps_ie == NULL) 1994 return 0; 1995 1996 ret = wps_attr_text(wps_ie, buf, end); 1997 wpabuf_free(wps_ie); 1998 return ret; 1999 } 2000 2001 2002 int wpas_wps_er_start(struct wpa_supplicant *wpa_s, const char *filter) 2003 { 2004 #ifdef CONFIG_WPS_ER 2005 if (wpa_s->wps_er) { 2006 wps_er_refresh(wpa_s->wps_er); 2007 return 0; 2008 } 2009 wpa_s->wps_er = wps_er_init(wpa_s->wps, wpa_s->ifname, filter); 2010 if (wpa_s->wps_er == NULL) 2011 return -1; 2012 return 0; 2013 #else /* CONFIG_WPS_ER */ 2014 return 0; 2015 #endif /* CONFIG_WPS_ER */ 2016 } 2017 2018 2019 void wpas_wps_er_stop(struct wpa_supplicant *wpa_s) 2020 { 2021 #ifdef CONFIG_WPS_ER 2022 wps_er_deinit(wpa_s->wps_er, NULL, NULL); 2023 wpa_s->wps_er = NULL; 2024 #endif /* CONFIG_WPS_ER */ 2025 } 2026 2027 2028 #ifdef CONFIG_WPS_ER 2029 int wpas_wps_er_add_pin(struct wpa_supplicant *wpa_s, const u8 *addr, 2030 const char *uuid, const char *pin) 2031 { 2032 u8 u[UUID_LEN]; 2033 const u8 *use_uuid = NULL; 2034 u8 addr_buf[ETH_ALEN]; 2035 2036 if (os_strcmp(uuid, "any") == 0) { 2037 } else if (uuid_str2bin(uuid, u) == 0) { 2038 use_uuid = u; 2039 } else if (hwaddr_aton(uuid, addr_buf) == 0) { 2040 use_uuid = wps_er_get_sta_uuid(wpa_s->wps_er, addr_buf); 2041 if (use_uuid == NULL) 2042 return -1; 2043 } else 2044 return -1; 2045 return wps_registrar_add_pin(wpa_s->wps->registrar, addr, 2046 use_uuid, 2047 (const u8 *) pin, os_strlen(pin), 300); 2048 } 2049 2050 2051 int wpas_wps_er_pbc(struct wpa_supplicant *wpa_s, const char *uuid) 2052 { 2053 u8 u[UUID_LEN], *use_uuid = NULL; 2054 u8 addr[ETH_ALEN], *use_addr = NULL; 2055 2056 if (uuid_str2bin(uuid, u) == 0) 2057 use_uuid = u; 2058 else if (hwaddr_aton(uuid, addr) == 0) 2059 use_addr = addr; 2060 else 2061 return -1; 2062 return wps_er_pbc(wpa_s->wps_er, use_uuid, use_addr); 2063 } 2064 2065 2066 int wpas_wps_er_learn(struct wpa_supplicant *wpa_s, const char *uuid, 2067 const char *pin) 2068 { 2069 u8 u[UUID_LEN], *use_uuid = NULL; 2070 u8 addr[ETH_ALEN], *use_addr = NULL; 2071 2072 if (uuid_str2bin(uuid, u) == 0) 2073 use_uuid = u; 2074 else if (hwaddr_aton(uuid, addr) == 0) 2075 use_addr = addr; 2076 else 2077 return -1; 2078 2079 return wps_er_learn(wpa_s->wps_er, use_uuid, use_addr, (const u8 *) pin, 2080 os_strlen(pin)); 2081 } 2082 2083 2084 static int wpas_wps_network_to_cred(struct wpa_ssid *ssid, 2085 struct wps_credential *cred) 2086 { 2087 os_memset(cred, 0, sizeof(*cred)); 2088 if (ssid->ssid_len > SSID_MAX_LEN) 2089 return -1; 2090 os_memcpy(cred->ssid, ssid->ssid, ssid->ssid_len); 2091 cred->ssid_len = ssid->ssid_len; 2092 if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) { 2093 cred->auth_type = (ssid->proto & WPA_PROTO_RSN) ? 2094 WPS_AUTH_WPA2PSK : WPS_AUTH_WPAPSK; 2095 if (ssid->pairwise_cipher & WPA_CIPHER_CCMP) 2096 cred->encr_type = WPS_ENCR_AES; 2097 else 2098 cred->encr_type = WPS_ENCR_TKIP; 2099 if (ssid->passphrase) { 2100 cred->key_len = os_strlen(ssid->passphrase); 2101 if (cred->key_len >= 64) 2102 return -1; 2103 os_memcpy(cred->key, ssid->passphrase, cred->key_len); 2104 } else if (ssid->psk_set) { 2105 cred->key_len = 32; 2106 os_memcpy(cred->key, ssid->psk, 32); 2107 } else 2108 return -1; 2109 } else { 2110 cred->auth_type = WPS_AUTH_OPEN; 2111 cred->encr_type = WPS_ENCR_NONE; 2112 } 2113 2114 return 0; 2115 } 2116 2117 2118 int wpas_wps_er_set_config(struct wpa_supplicant *wpa_s, const char *uuid, 2119 int id) 2120 { 2121 u8 u[UUID_LEN], *use_uuid = NULL; 2122 u8 addr[ETH_ALEN], *use_addr = NULL; 2123 struct wpa_ssid *ssid; 2124 struct wps_credential cred; 2125 int ret; 2126 2127 if (uuid_str2bin(uuid, u) == 0) 2128 use_uuid = u; 2129 else if (hwaddr_aton(uuid, addr) == 0) 2130 use_addr = addr; 2131 else 2132 return -1; 2133 ssid = wpa_config_get_network(wpa_s->conf, id); 2134 if (ssid == NULL || ssid->ssid == NULL) 2135 return -1; 2136 2137 if (wpas_wps_network_to_cred(ssid, &cred) < 0) 2138 return -1; 2139 ret = wps_er_set_config(wpa_s->wps_er, use_uuid, use_addr, &cred); 2140 os_memset(&cred, 0, sizeof(cred)); 2141 return ret; 2142 } 2143 2144 2145 int wpas_wps_er_config(struct wpa_supplicant *wpa_s, const char *uuid, 2146 const char *pin, struct wps_new_ap_settings *settings) 2147 { 2148 u8 u[UUID_LEN], *use_uuid = NULL; 2149 u8 addr[ETH_ALEN], *use_addr = NULL; 2150 struct wps_credential cred; 2151 size_t len; 2152 2153 if (uuid_str2bin(uuid, u) == 0) 2154 use_uuid = u; 2155 else if (hwaddr_aton(uuid, addr) == 0) 2156 use_addr = addr; 2157 else 2158 return -1; 2159 if (settings->ssid_hex == NULL || settings->auth == NULL || 2160 settings->encr == NULL || settings->key_hex == NULL) 2161 return -1; 2162 2163 os_memset(&cred, 0, sizeof(cred)); 2164 len = os_strlen(settings->ssid_hex); 2165 if ((len & 1) || len > 2 * sizeof(cred.ssid) || 2166 hexstr2bin(settings->ssid_hex, cred.ssid, len / 2)) 2167 return -1; 2168 cred.ssid_len = len / 2; 2169 2170 len = os_strlen(settings->key_hex); 2171 if ((len & 1) || len > 2 * sizeof(cred.key) || 2172 hexstr2bin(settings->key_hex, cred.key, len / 2)) 2173 return -1; 2174 cred.key_len = len / 2; 2175 2176 if (os_strcmp(settings->auth, "OPEN") == 0) 2177 cred.auth_type = WPS_AUTH_OPEN; 2178 else if (os_strcmp(settings->auth, "WPAPSK") == 0) 2179 cred.auth_type = WPS_AUTH_WPAPSK; 2180 else if (os_strcmp(settings->auth, "WPA2PSK") == 0) 2181 cred.auth_type = WPS_AUTH_WPA2PSK; 2182 else 2183 return -1; 2184 2185 if (os_strcmp(settings->encr, "NONE") == 0) 2186 cred.encr_type = WPS_ENCR_NONE; 2187 #ifdef CONFIG_TESTING_OPTIONS 2188 else if (os_strcmp(settings->encr, "WEP") == 0) 2189 cred.encr_type = WPS_ENCR_WEP; 2190 #endif /* CONFIG_TESTING_OPTIONS */ 2191 else if (os_strcmp(settings->encr, "TKIP") == 0) 2192 cred.encr_type = WPS_ENCR_TKIP; 2193 else if (os_strcmp(settings->encr, "CCMP") == 0) 2194 cred.encr_type = WPS_ENCR_AES; 2195 else 2196 return -1; 2197 2198 return wps_er_config(wpa_s->wps_er, use_uuid, use_addr, 2199 (const u8 *) pin, os_strlen(pin), &cred); 2200 } 2201 2202 2203 #ifdef CONFIG_WPS_NFC 2204 struct wpabuf * wpas_wps_er_nfc_config_token(struct wpa_supplicant *wpa_s, 2205 int ndef, const char *uuid) 2206 { 2207 struct wpabuf *ret; 2208 u8 u[UUID_LEN], *use_uuid = NULL; 2209 u8 addr[ETH_ALEN], *use_addr = NULL; 2210 2211 if (!wpa_s->wps_er) 2212 return NULL; 2213 2214 if (uuid_str2bin(uuid, u) == 0) 2215 use_uuid = u; 2216 else if (hwaddr_aton(uuid, addr) == 0) 2217 use_addr = addr; 2218 else 2219 return NULL; 2220 2221 ret = wps_er_nfc_config_token(wpa_s->wps_er, use_uuid, use_addr); 2222 if (ndef && ret) { 2223 struct wpabuf *tmp; 2224 tmp = ndef_build_wifi(ret); 2225 wpabuf_free(ret); 2226 if (tmp == NULL) 2227 return NULL; 2228 ret = tmp; 2229 } 2230 2231 return ret; 2232 } 2233 #endif /* CONFIG_WPS_NFC */ 2234 2235 2236 static int callbacks_pending = 0; 2237 2238 static void wpas_wps_terminate_cb(void *ctx) 2239 { 2240 wpa_printf(MSG_DEBUG, "WPS ER: Terminated"); 2241 if (--callbacks_pending <= 0) 2242 eloop_terminate(); 2243 } 2244 #endif /* CONFIG_WPS_ER */ 2245 2246 2247 int wpas_wps_terminate_pending(struct wpa_supplicant *wpa_s) 2248 { 2249 #ifdef CONFIG_WPS_ER 2250 if (wpa_s->wps_er) { 2251 callbacks_pending++; 2252 wps_er_deinit(wpa_s->wps_er, wpas_wps_terminate_cb, wpa_s); 2253 wpa_s->wps_er = NULL; 2254 return 1; 2255 } 2256 #endif /* CONFIG_WPS_ER */ 2257 return 0; 2258 } 2259 2260 2261 void wpas_wps_update_config(struct wpa_supplicant *wpa_s) 2262 { 2263 struct wps_context *wps = wpa_s->wps; 2264 2265 if (wps == NULL) 2266 return; 2267 2268 if (wpa_s->conf->changed_parameters & CFG_CHANGED_CONFIG_METHODS) { 2269 wps->config_methods = wps_config_methods_str2bin( 2270 wpa_s->conf->config_methods); 2271 if ((wps->config_methods & 2272 (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) == 2273 (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) { 2274 wpa_printf(MSG_ERROR, "WPS: Both Label and Display " 2275 "config methods are not allowed at the " 2276 "same time"); 2277 wps->config_methods &= ~WPS_CONFIG_LABEL; 2278 } 2279 } 2280 wps->config_methods = wps_fix_config_methods(wps->config_methods); 2281 wps->dev.config_methods = wps->config_methods; 2282 2283 if (wpa_s->conf->changed_parameters & CFG_CHANGED_DEVICE_TYPE) 2284 os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type, 2285 WPS_DEV_TYPE_LEN); 2286 2287 if (wpa_s->conf->changed_parameters & CFG_CHANGED_SEC_DEVICE_TYPE) { 2288 wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types; 2289 os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type, 2290 wps->dev.num_sec_dev_types * WPS_DEV_TYPE_LEN); 2291 } 2292 2293 if (wpa_s->conf->changed_parameters & CFG_CHANGED_VENDOR_EXTENSION) 2294 wpas_wps_set_vendor_ext_m1(wpa_s, wps); 2295 2296 if (wpa_s->conf->changed_parameters & CFG_CHANGED_OS_VERSION) 2297 wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version); 2298 2299 if (wpa_s->conf->changed_parameters & CFG_CHANGED_UUID) 2300 wpas_wps_set_uuid(wpa_s, wps); 2301 2302 if (wpa_s->conf->changed_parameters & 2303 (CFG_CHANGED_DEVICE_NAME | CFG_CHANGED_WPS_STRING)) { 2304 /* Update pointers to make sure they refer current values */ 2305 wps->dev.device_name = wpa_s->conf->device_name; 2306 wps->dev.manufacturer = wpa_s->conf->manufacturer; 2307 wps->dev.model_name = wpa_s->conf->model_name; 2308 wps->dev.model_number = wpa_s->conf->model_number; 2309 wps->dev.serial_number = wpa_s->conf->serial_number; 2310 } 2311 } 2312 2313 2314 void wpas_wps_update_mac_addr(struct wpa_supplicant *wpa_s) 2315 { 2316 struct wps_context *wps; 2317 2318 wps = wpa_s->wps; 2319 if (wps) 2320 os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN); 2321 } 2322 2323 2324 #ifdef CONFIG_WPS_NFC 2325 2326 #ifdef CONFIG_WPS_ER 2327 static struct wpabuf * 2328 wpas_wps_network_config_token(struct wpa_supplicant *wpa_s, int ndef, 2329 struct wpa_ssid *ssid) 2330 { 2331 struct wpabuf *ret; 2332 struct wps_credential cred; 2333 2334 if (wpas_wps_network_to_cred(ssid, &cred) < 0) 2335 return NULL; 2336 2337 ret = wps_er_config_token_from_cred(wpa_s->wps, &cred); 2338 2339 if (ndef && ret) { 2340 struct wpabuf *tmp; 2341 tmp = ndef_build_wifi(ret); 2342 wpabuf_free(ret); 2343 if (tmp == NULL) 2344 return NULL; 2345 ret = tmp; 2346 } 2347 2348 return ret; 2349 } 2350 #endif /* CONFIG_WPS_ER */ 2351 2352 2353 struct wpabuf * wpas_wps_nfc_config_token(struct wpa_supplicant *wpa_s, 2354 int ndef, const char *id_str) 2355 { 2356 #ifdef CONFIG_WPS_ER 2357 if (id_str) { 2358 int id; 2359 char *end = NULL; 2360 struct wpa_ssid *ssid; 2361 2362 id = strtol(id_str, &end, 10); 2363 if (end && *end) 2364 return NULL; 2365 2366 ssid = wpa_config_get_network(wpa_s->conf, id); 2367 if (ssid == NULL) 2368 return NULL; 2369 return wpas_wps_network_config_token(wpa_s, ndef, ssid); 2370 } 2371 #endif /* CONFIG_WPS_ER */ 2372 #ifdef CONFIG_AP 2373 if (wpa_s->ap_iface) 2374 return wpas_ap_wps_nfc_config_token(wpa_s, ndef); 2375 #endif /* CONFIG_AP */ 2376 return NULL; 2377 } 2378 2379 2380 struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef) 2381 { 2382 if (wpa_s->conf->wps_nfc_pw_from_config) { 2383 return wps_nfc_token_build(ndef, 2384 wpa_s->conf->wps_nfc_dev_pw_id, 2385 wpa_s->conf->wps_nfc_dh_pubkey, 2386 wpa_s->conf->wps_nfc_dev_pw); 2387 } 2388 2389 return wps_nfc_token_gen(ndef, &wpa_s->conf->wps_nfc_dev_pw_id, 2390 &wpa_s->conf->wps_nfc_dh_pubkey, 2391 &wpa_s->conf->wps_nfc_dh_privkey, 2392 &wpa_s->conf->wps_nfc_dev_pw); 2393 } 2394 2395 2396 int wpas_wps_start_nfc(struct wpa_supplicant *wpa_s, const u8 *go_dev_addr, 2397 const u8 *bssid, 2398 const struct wpabuf *dev_pw, u16 dev_pw_id, 2399 int p2p_group, const u8 *peer_pubkey_hash, 2400 const u8 *ssid, size_t ssid_len, int freq) 2401 { 2402 struct wps_context *wps = wpa_s->wps; 2403 char pw[32 * 2 + 1]; 2404 2405 if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER && dev_pw == NULL) { 2406 dev_pw = wpa_s->conf->wps_nfc_dev_pw; 2407 dev_pw_id = wpa_s->conf->wps_nfc_dev_pw_id; 2408 } 2409 2410 if (wpa_s->conf->wps_nfc_dh_pubkey == NULL || 2411 wpa_s->conf->wps_nfc_dh_privkey == NULL) { 2412 wpa_printf(MSG_DEBUG, "WPS: Missing DH params - " 2413 "cannot start NFC-triggered connection"); 2414 return -1; 2415 } 2416 2417 if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER && dev_pw == NULL) { 2418 wpa_printf(MSG_DEBUG, "WPS: Missing Device Password (id=%u) - " 2419 "cannot start NFC-triggered connection", dev_pw_id); 2420 return -1; 2421 } 2422 2423 dh5_free(wps->dh_ctx); 2424 wpabuf_free(wps->dh_pubkey); 2425 wpabuf_free(wps->dh_privkey); 2426 wps->dh_privkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_privkey); 2427 wps->dh_pubkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_pubkey); 2428 if (wps->dh_privkey == NULL || wps->dh_pubkey == NULL) { 2429 wps->dh_ctx = NULL; 2430 wpabuf_free(wps->dh_pubkey); 2431 wps->dh_pubkey = NULL; 2432 wpabuf_free(wps->dh_privkey); 2433 wps->dh_privkey = NULL; 2434 wpa_printf(MSG_DEBUG, "WPS: Failed to get DH priv/pub key"); 2435 return -1; 2436 } 2437 wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, wps->dh_pubkey); 2438 if (wps->dh_ctx == NULL) { 2439 wpabuf_free(wps->dh_pubkey); 2440 wps->dh_pubkey = NULL; 2441 wpabuf_free(wps->dh_privkey); 2442 wps->dh_privkey = NULL; 2443 wpa_printf(MSG_DEBUG, "WPS: Failed to initialize DH context"); 2444 return -1; 2445 } 2446 2447 if (dev_pw) { 2448 wpa_snprintf_hex_uppercase(pw, sizeof(pw), 2449 wpabuf_head(dev_pw), 2450 wpabuf_len(dev_pw)); 2451 } 2452 return wpas_wps_start_dev_pw(wpa_s, go_dev_addr, bssid, 2453 dev_pw ? pw : NULL, 2454 p2p_group, dev_pw_id, peer_pubkey_hash, 2455 ssid, ssid_len, freq); 2456 } 2457 2458 2459 static int wpas_wps_use_cred(struct wpa_supplicant *wpa_s, 2460 struct wps_parse_attr *attr) 2461 { 2462 /* 2463 * Disable existing networks temporarily to allow the newly learned 2464 * credential to be preferred. Enable the temporarily disabled networks 2465 * after 10 seconds. 2466 */ 2467 wpas_wps_temp_disable(wpa_s, NULL); 2468 eloop_register_timeout(10, 0, wpas_wps_reenable_networks_cb, wpa_s, 2469 NULL); 2470 2471 if (wps_oob_use_cred(wpa_s->wps, attr) < 0) 2472 return -1; 2473 2474 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) 2475 return 0; 2476 2477 if (attr->ap_channel) { 2478 u16 chan = WPA_GET_BE16(attr->ap_channel); 2479 int freq = 0; 2480 2481 if (chan >= 1 && chan <= 13) 2482 freq = 2407 + 5 * chan; 2483 else if (chan == 14) 2484 freq = 2484; 2485 else if (chan >= 30) 2486 freq = 5000 + 5 * chan; 2487 2488 if (freq) { 2489 wpa_printf(MSG_DEBUG, "WPS: Credential container indicated AP channel %u -> %u MHz", 2490 chan, freq); 2491 wpa_s->after_wps = 5; 2492 wpa_s->wps_freq = freq; 2493 } 2494 } 2495 2496 wpa_printf(MSG_DEBUG, "WPS: Request reconnection with new network " 2497 "based on the received credential added"); 2498 wpa_s->normal_scans = 0; 2499 wpa_supplicant_reinit_autoscan(wpa_s); 2500 wpa_s->disconnected = 0; 2501 wpa_s->reassociate = 1; 2502 2503 wpa_supplicant_cancel_sched_scan(wpa_s); 2504 wpa_supplicant_req_scan(wpa_s, 0, 0); 2505 2506 return 0; 2507 } 2508 2509 2510 #ifdef CONFIG_WPS_ER 2511 static int wpas_wps_add_nfc_password_token(struct wpa_supplicant *wpa_s, 2512 struct wps_parse_attr *attr) 2513 { 2514 return wps_registrar_add_nfc_password_token( 2515 wpa_s->wps->registrar, attr->oob_dev_password, 2516 attr->oob_dev_password_len); 2517 } 2518 #endif /* CONFIG_WPS_ER */ 2519 2520 2521 static int wpas_wps_nfc_tag_process(struct wpa_supplicant *wpa_s, 2522 const struct wpabuf *wps) 2523 { 2524 struct wps_parse_attr attr; 2525 2526 wpa_hexdump_buf(MSG_DEBUG, "WPS: Received NFC tag payload", wps); 2527 2528 if (wps_parse_msg(wps, &attr)) { 2529 wpa_printf(MSG_DEBUG, "WPS: Ignore invalid data from NFC tag"); 2530 return -1; 2531 } 2532 2533 if (attr.num_cred) 2534 return wpas_wps_use_cred(wpa_s, &attr); 2535 2536 #ifdef CONFIG_WPS_ER 2537 if (attr.oob_dev_password) 2538 return wpas_wps_add_nfc_password_token(wpa_s, &attr); 2539 #endif /* CONFIG_WPS_ER */ 2540 2541 wpa_printf(MSG_DEBUG, "WPS: Ignore unrecognized NFC tag"); 2542 return -1; 2543 } 2544 2545 2546 int wpas_wps_nfc_tag_read(struct wpa_supplicant *wpa_s, 2547 const struct wpabuf *data, int forced_freq) 2548 { 2549 const struct wpabuf *wps = data; 2550 struct wpabuf *tmp = NULL; 2551 int ret; 2552 2553 if (wpabuf_len(data) < 4) 2554 return -1; 2555 2556 if (*wpabuf_head_u8(data) != 0x10) { 2557 /* Assume this contains full NDEF record */ 2558 tmp = ndef_parse_wifi(data); 2559 if (tmp == NULL) { 2560 #ifdef CONFIG_P2P 2561 tmp = ndef_parse_p2p(data); 2562 if (tmp) { 2563 ret = wpas_p2p_nfc_tag_process(wpa_s, tmp, 2564 forced_freq); 2565 wpabuf_free(tmp); 2566 return ret; 2567 } 2568 #endif /* CONFIG_P2P */ 2569 wpa_printf(MSG_DEBUG, "WPS: Could not parse NDEF"); 2570 return -1; 2571 } 2572 wps = tmp; 2573 } 2574 2575 ret = wpas_wps_nfc_tag_process(wpa_s, wps); 2576 wpabuf_free(tmp); 2577 return ret; 2578 } 2579 2580 2581 struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s, 2582 int ndef) 2583 { 2584 struct wpabuf *ret; 2585 2586 if (wpa_s->conf->wps_nfc_dh_pubkey == NULL && 2587 wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey, 2588 &wpa_s->conf->wps_nfc_dh_privkey) < 0) 2589 return NULL; 2590 2591 ret = wps_build_nfc_handover_req(wpa_s->wps, 2592 wpa_s->conf->wps_nfc_dh_pubkey); 2593 2594 if (ndef && ret) { 2595 struct wpabuf *tmp; 2596 tmp = ndef_build_wifi(ret); 2597 wpabuf_free(ret); 2598 if (tmp == NULL) 2599 return NULL; 2600 ret = tmp; 2601 } 2602 2603 return ret; 2604 } 2605 2606 2607 #ifdef CONFIG_WPS_NFC 2608 2609 static struct wpabuf * 2610 wpas_wps_er_nfc_handover_sel(struct wpa_supplicant *wpa_s, int ndef, 2611 const char *uuid) 2612 { 2613 #ifdef CONFIG_WPS_ER 2614 struct wpabuf *ret; 2615 u8 u[UUID_LEN], *use_uuid = NULL; 2616 u8 addr[ETH_ALEN], *use_addr = NULL; 2617 struct wps_context *wps = wpa_s->wps; 2618 2619 if (wps == NULL) 2620 return NULL; 2621 2622 if (uuid == NULL) 2623 return NULL; 2624 if (uuid_str2bin(uuid, u) == 0) 2625 use_uuid = u; 2626 else if (hwaddr_aton(uuid, addr) == 0) 2627 use_addr = addr; 2628 else 2629 return NULL; 2630 2631 if (wpa_s->conf->wps_nfc_dh_pubkey == NULL) { 2632 if (wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey, 2633 &wpa_s->conf->wps_nfc_dh_privkey) < 0) 2634 return NULL; 2635 } 2636 2637 wpas_wps_nfc_clear(wps); 2638 wps->ap_nfc_dev_pw_id = DEV_PW_NFC_CONNECTION_HANDOVER; 2639 wps->ap_nfc_dh_pubkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_pubkey); 2640 wps->ap_nfc_dh_privkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_privkey); 2641 if (!wps->ap_nfc_dh_pubkey || !wps->ap_nfc_dh_privkey) { 2642 wpas_wps_nfc_clear(wps); 2643 return NULL; 2644 } 2645 2646 ret = wps_er_nfc_handover_sel(wpa_s->wps_er, wpa_s->wps, use_uuid, 2647 use_addr, wpa_s->conf->wps_nfc_dh_pubkey); 2648 if (ndef && ret) { 2649 struct wpabuf *tmp; 2650 tmp = ndef_build_wifi(ret); 2651 wpabuf_free(ret); 2652 if (tmp == NULL) 2653 return NULL; 2654 ret = tmp; 2655 } 2656 2657 return ret; 2658 #else /* CONFIG_WPS_ER */ 2659 return NULL; 2660 #endif /* CONFIG_WPS_ER */ 2661 } 2662 #endif /* CONFIG_WPS_NFC */ 2663 2664 2665 struct wpabuf * wpas_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s, 2666 int ndef, int cr, const char *uuid) 2667 { 2668 struct wpabuf *ret; 2669 if (!cr) 2670 return NULL; 2671 ret = wpas_ap_wps_nfc_handover_sel(wpa_s, ndef); 2672 if (ret) 2673 return ret; 2674 return wpas_wps_er_nfc_handover_sel(wpa_s, ndef, uuid); 2675 } 2676 2677 2678 static int wpas_wps_nfc_rx_handover_sel(struct wpa_supplicant *wpa_s, 2679 const struct wpabuf *data) 2680 { 2681 struct wpabuf *wps; 2682 int ret = -1; 2683 u16 wsc_len; 2684 const u8 *pos; 2685 struct wpabuf msg; 2686 struct wps_parse_attr attr; 2687 u16 dev_pw_id; 2688 const u8 *bssid = NULL; 2689 int freq = 0; 2690 2691 wps = ndef_parse_wifi(data); 2692 if (wps == NULL) 2693 return -1; 2694 wpa_printf(MSG_DEBUG, "WPS: Received application/vnd.wfa.wsc " 2695 "payload from NFC connection handover"); 2696 wpa_hexdump_buf(MSG_DEBUG, "WPS: NFC payload", wps); 2697 if (wpabuf_len(wps) < 2) { 2698 wpa_printf(MSG_DEBUG, "WPS: Too short Wi-Fi Handover Select " 2699 "Message"); 2700 goto out; 2701 } 2702 pos = wpabuf_head(wps); 2703 wsc_len = WPA_GET_BE16(pos); 2704 if (wsc_len > wpabuf_len(wps) - 2) { 2705 wpa_printf(MSG_DEBUG, "WPS: Invalid WSC attribute length (%u) " 2706 "in Wi-Fi Handover Select Message", wsc_len); 2707 goto out; 2708 } 2709 pos += 2; 2710 2711 wpa_hexdump(MSG_DEBUG, 2712 "WPS: WSC attributes in Wi-Fi Handover Select Message", 2713 pos, wsc_len); 2714 if (wsc_len < wpabuf_len(wps) - 2) { 2715 wpa_hexdump(MSG_DEBUG, 2716 "WPS: Ignore extra data after WSC attributes", 2717 pos + wsc_len, wpabuf_len(wps) - 2 - wsc_len); 2718 } 2719 2720 wpabuf_set(&msg, pos, wsc_len); 2721 ret = wps_parse_msg(&msg, &attr); 2722 if (ret < 0) { 2723 wpa_printf(MSG_DEBUG, "WPS: Could not parse WSC attributes in " 2724 "Wi-Fi Handover Select Message"); 2725 goto out; 2726 } 2727 2728 if (attr.oob_dev_password == NULL || 2729 attr.oob_dev_password_len < WPS_OOB_PUBKEY_HASH_LEN + 2) { 2730 wpa_printf(MSG_DEBUG, "WPS: No Out-of-Band Device Password " 2731 "included in Wi-Fi Handover Select Message"); 2732 ret = -1; 2733 goto out; 2734 } 2735 2736 if (attr.ssid == NULL) { 2737 wpa_printf(MSG_DEBUG, "WPS: No SSID included in Wi-Fi Handover " 2738 "Select Message"); 2739 ret = -1; 2740 goto out; 2741 } 2742 2743 wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", attr.ssid, attr.ssid_len); 2744 2745 if (attr.mac_addr) { 2746 bssid = attr.mac_addr; 2747 wpa_printf(MSG_DEBUG, "WPS: MAC Address (BSSID): " MACSTR, 2748 MAC2STR(bssid)); 2749 } 2750 2751 if (attr.rf_bands) 2752 wpa_printf(MSG_DEBUG, "WPS: RF Bands: %d", *attr.rf_bands); 2753 2754 if (attr.ap_channel) { 2755 u16 chan = WPA_GET_BE16(attr.ap_channel); 2756 2757 wpa_printf(MSG_DEBUG, "WPS: AP Channel: %d", chan); 2758 2759 if (chan >= 1 && chan <= 13 && 2760 (attr.rf_bands == NULL || *attr.rf_bands & WPS_RF_24GHZ)) 2761 freq = 2407 + 5 * chan; 2762 else if (chan == 14 && 2763 (attr.rf_bands == NULL || 2764 *attr.rf_bands & WPS_RF_24GHZ)) 2765 freq = 2484; 2766 else if (chan >= 30 && 2767 (attr.rf_bands == NULL || 2768 *attr.rf_bands & WPS_RF_50GHZ)) 2769 freq = 5000 + 5 * chan; 2770 else if (chan >= 1 && chan <= 6 && 2771 (attr.rf_bands == NULL || 2772 *attr.rf_bands & WPS_RF_60GHZ)) 2773 freq = 56160 + 2160 * chan; 2774 2775 if (freq) { 2776 wpa_printf(MSG_DEBUG, 2777 "WPS: AP indicated channel %u -> %u MHz", 2778 chan, freq); 2779 } 2780 } 2781 2782 wpa_hexdump(MSG_DEBUG, "WPS: Out-of-Band Device Password", 2783 attr.oob_dev_password, attr.oob_dev_password_len); 2784 dev_pw_id = WPA_GET_BE16(attr.oob_dev_password + 2785 WPS_OOB_PUBKEY_HASH_LEN); 2786 if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER) { 2787 wpa_printf(MSG_DEBUG, "WPS: Unexpected OOB Device Password ID " 2788 "%u in Wi-Fi Handover Select Message", dev_pw_id); 2789 ret = -1; 2790 goto out; 2791 } 2792 wpa_hexdump(MSG_DEBUG, "WPS: AP Public Key hash", 2793 attr.oob_dev_password, WPS_OOB_PUBKEY_HASH_LEN); 2794 2795 ret = wpas_wps_start_nfc(wpa_s, NULL, bssid, NULL, dev_pw_id, 0, 2796 attr.oob_dev_password, 2797 attr.ssid, attr.ssid_len, freq); 2798 2799 out: 2800 wpabuf_free(wps); 2801 return ret; 2802 } 2803 2804 2805 int wpas_wps_nfc_report_handover(struct wpa_supplicant *wpa_s, 2806 const struct wpabuf *req, 2807 const struct wpabuf *sel) 2808 { 2809 wpa_printf(MSG_DEBUG, "NFC: WPS connection handover reported"); 2810 wpa_hexdump_buf_key(MSG_DEBUG, "WPS: Carrier record in request", req); 2811 wpa_hexdump_buf_key(MSG_DEBUG, "WPS: Carrier record in select", sel); 2812 return wpas_wps_nfc_rx_handover_sel(wpa_s, sel); 2813 } 2814 2815 2816 int wpas_er_wps_nfc_report_handover(struct wpa_supplicant *wpa_s, 2817 const struct wpabuf *req, 2818 const struct wpabuf *sel) 2819 { 2820 struct wpabuf *wps; 2821 int ret = -1; 2822 u16 wsc_len; 2823 const u8 *pos; 2824 struct wpabuf msg; 2825 struct wps_parse_attr attr; 2826 u16 dev_pw_id; 2827 2828 /* 2829 * Enrollee/station is always initiator of the NFC connection handover, 2830 * so use the request message here to find Enrollee public key hash. 2831 */ 2832 wps = ndef_parse_wifi(req); 2833 if (wps == NULL) 2834 return -1; 2835 wpa_printf(MSG_DEBUG, "WPS: Received application/vnd.wfa.wsc " 2836 "payload from NFC connection handover"); 2837 wpa_hexdump_buf(MSG_DEBUG, "WPS: NFC payload", wps); 2838 if (wpabuf_len(wps) < 2) { 2839 wpa_printf(MSG_DEBUG, "WPS: Too short Wi-Fi Handover Request " 2840 "Message"); 2841 goto out; 2842 } 2843 pos = wpabuf_head(wps); 2844 wsc_len = WPA_GET_BE16(pos); 2845 if (wsc_len > wpabuf_len(wps) - 2) { 2846 wpa_printf(MSG_DEBUG, "WPS: Invalid WSC attribute length (%u) " 2847 "in rt Wi-Fi Handover Request Message", wsc_len); 2848 goto out; 2849 } 2850 pos += 2; 2851 2852 wpa_hexdump(MSG_DEBUG, 2853 "WPS: WSC attributes in Wi-Fi Handover Request Message", 2854 pos, wsc_len); 2855 if (wsc_len < wpabuf_len(wps) - 2) { 2856 wpa_hexdump(MSG_DEBUG, 2857 "WPS: Ignore extra data after WSC attributes", 2858 pos + wsc_len, wpabuf_len(wps) - 2 - wsc_len); 2859 } 2860 2861 wpabuf_set(&msg, pos, wsc_len); 2862 ret = wps_parse_msg(&msg, &attr); 2863 if (ret < 0) { 2864 wpa_printf(MSG_DEBUG, "WPS: Could not parse WSC attributes in " 2865 "Wi-Fi Handover Request Message"); 2866 goto out; 2867 } 2868 2869 if (attr.oob_dev_password == NULL || 2870 attr.oob_dev_password_len < WPS_OOB_PUBKEY_HASH_LEN + 2) { 2871 wpa_printf(MSG_DEBUG, "WPS: No Out-of-Band Device Password " 2872 "included in Wi-Fi Handover Request Message"); 2873 ret = -1; 2874 goto out; 2875 } 2876 2877 if (attr.uuid_e == NULL) { 2878 wpa_printf(MSG_DEBUG, "WPS: No UUID-E included in Wi-Fi " 2879 "Handover Request Message"); 2880 ret = -1; 2881 goto out; 2882 } 2883 2884 wpa_hexdump(MSG_DEBUG, "WPS: UUID-E", attr.uuid_e, WPS_UUID_LEN); 2885 2886 wpa_hexdump(MSG_DEBUG, "WPS: Out-of-Band Device Password", 2887 attr.oob_dev_password, attr.oob_dev_password_len); 2888 dev_pw_id = WPA_GET_BE16(attr.oob_dev_password + 2889 WPS_OOB_PUBKEY_HASH_LEN); 2890 if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER) { 2891 wpa_printf(MSG_DEBUG, "WPS: Unexpected OOB Device Password ID " 2892 "%u in Wi-Fi Handover Request Message", dev_pw_id); 2893 ret = -1; 2894 goto out; 2895 } 2896 wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Public Key hash", 2897 attr.oob_dev_password, WPS_OOB_PUBKEY_HASH_LEN); 2898 2899 ret = wps_registrar_add_nfc_pw_token(wpa_s->wps->registrar, 2900 attr.oob_dev_password, 2901 DEV_PW_NFC_CONNECTION_HANDOVER, 2902 NULL, 0, 1); 2903 2904 out: 2905 wpabuf_free(wps); 2906 return ret; 2907 } 2908 2909 #endif /* CONFIG_WPS_NFC */ 2910 2911 2912 static void wpas_wps_dump_ap_info(struct wpa_supplicant *wpa_s) 2913 { 2914 size_t i; 2915 struct os_reltime now; 2916 2917 if (wpa_debug_level > MSG_DEBUG) 2918 return; 2919 2920 if (wpa_s->wps_ap == NULL) 2921 return; 2922 2923 os_get_reltime(&now); 2924 2925 for (i = 0; i < wpa_s->num_wps_ap; i++) { 2926 struct wps_ap_info *ap = &wpa_s->wps_ap[i]; 2927 struct wpa_bssid_ignore *e = wpa_bssid_ignore_get(wpa_s, 2928 ap->bssid); 2929 2930 wpa_printf(MSG_DEBUG, "WPS: AP[%d] " MACSTR " type=%d " 2931 "tries=%d last_attempt=%d sec ago bssid_ignore=%d", 2932 (int) i, MAC2STR(ap->bssid), ap->type, ap->tries, 2933 ap->last_attempt.sec > 0 ? 2934 (int) now.sec - (int) ap->last_attempt.sec : -1, 2935 e ? e->count : 0); 2936 } 2937 } 2938 2939 2940 static struct wps_ap_info * wpas_wps_get_ap_info(struct wpa_supplicant *wpa_s, 2941 const u8 *bssid) 2942 { 2943 size_t i; 2944 2945 if (wpa_s->wps_ap == NULL) 2946 return NULL; 2947 2948 for (i = 0; i < wpa_s->num_wps_ap; i++) { 2949 struct wps_ap_info *ap = &wpa_s->wps_ap[i]; 2950 if (ether_addr_equal(ap->bssid, bssid)) 2951 return ap; 2952 } 2953 2954 return NULL; 2955 } 2956 2957 2958 static void wpas_wps_update_ap_info_bss(struct wpa_supplicant *wpa_s, 2959 struct wpa_scan_res *res) 2960 { 2961 struct wpabuf *wps; 2962 enum wps_ap_info_type type; 2963 struct wps_ap_info *ap; 2964 int r, pbc_active; 2965 const u8 *uuid; 2966 2967 if (wpa_scan_get_vendor_ie(res, WPS_IE_VENDOR_TYPE) == NULL) 2968 return; 2969 2970 wps = wpa_scan_get_vendor_ie_multi(res, WPS_IE_VENDOR_TYPE); 2971 if (wps == NULL) 2972 return; 2973 2974 r = wps_is_addr_authorized(wps, wpa_s->own_addr, 1); 2975 if (r == 2) 2976 type = WPS_AP_SEL_REG_OUR; 2977 else if (r == 1) 2978 type = WPS_AP_SEL_REG; 2979 else 2980 type = WPS_AP_NOT_SEL_REG; 2981 2982 uuid = wps_get_uuid_e(wps); 2983 pbc_active = wps_is_selected_pbc_registrar(wps); 2984 2985 ap = wpas_wps_get_ap_info(wpa_s, res->bssid); 2986 if (ap) { 2987 if (ap->type != type) { 2988 wpa_printf(MSG_DEBUG, "WPS: AP " MACSTR 2989 " changed type %d -> %d", 2990 MAC2STR(res->bssid), ap->type, type); 2991 ap->type = type; 2992 if (type != WPS_AP_NOT_SEL_REG) 2993 wpa_bssid_ignore_del(wpa_s, ap->bssid); 2994 } 2995 ap->pbc_active = pbc_active; 2996 if (uuid) 2997 os_memcpy(ap->uuid, uuid, WPS_UUID_LEN); 2998 goto out; 2999 } 3000 3001 ap = os_realloc_array(wpa_s->wps_ap, wpa_s->num_wps_ap + 1, 3002 sizeof(struct wps_ap_info)); 3003 if (ap == NULL) 3004 goto out; 3005 3006 wpa_s->wps_ap = ap; 3007 ap = &wpa_s->wps_ap[wpa_s->num_wps_ap]; 3008 wpa_s->num_wps_ap++; 3009 3010 os_memset(ap, 0, sizeof(*ap)); 3011 os_memcpy(ap->bssid, res->bssid, ETH_ALEN); 3012 ap->type = type; 3013 ap->pbc_active = pbc_active; 3014 if (uuid) 3015 os_memcpy(ap->uuid, uuid, WPS_UUID_LEN); 3016 wpa_printf(MSG_DEBUG, "WPS: AP " MACSTR " type %d added", 3017 MAC2STR(ap->bssid), ap->type); 3018 3019 out: 3020 wpabuf_free(wps); 3021 } 3022 3023 3024 void wpas_wps_update_ap_info(struct wpa_supplicant *wpa_s, 3025 struct wpa_scan_results *scan_res) 3026 { 3027 size_t i; 3028 3029 for (i = 0; i < scan_res->num; i++) 3030 wpas_wps_update_ap_info_bss(wpa_s, scan_res->res[i]); 3031 3032 wpas_wps_dump_ap_info(wpa_s); 3033 } 3034 3035 3036 bool wpas_wps_partner_link_scan_done(struct wpa_supplicant *wpa_s) 3037 { 3038 struct wpa_global *global = wpa_s->global; 3039 struct wpa_supplicant *iface; 3040 3041 for (iface = global->ifaces; iface; iface = iface->next) { 3042 if (iface == wpa_s) 3043 continue; 3044 3045 if (!iface->supp_pbc_active) 3046 continue; 3047 3048 /* Scan results are available for both links. While the current 3049 * link will proceed for network selection, ensure the partner 3050 * link also gets an attempt at network selection and connect 3051 * with the selected BSS. */ 3052 if (iface->wps_scan_done) 3053 wpa_wps_supplicant_fast_associate(iface); 3054 else 3055 return false; 3056 } 3057 3058 return true; 3059 } 3060 3061 3062 bool wpas_wps_partner_link_overlap_detect(struct wpa_supplicant *wpa_s) 3063 { 3064 struct wpa_global *global = wpa_s->global; 3065 struct wpa_supplicant *iface; 3066 3067 for (iface = global->ifaces; iface; iface = iface->next) { 3068 if (iface == wpa_s) 3069 continue; 3070 if (iface->wps_overlap) 3071 return true; 3072 } 3073 3074 return false; 3075 } 3076 3077 3078 void wpas_wps_notify_assoc(struct wpa_supplicant *wpa_s, const u8 *bssid) 3079 { 3080 struct wps_ap_info *ap; 3081 3082 wpa_s->after_wps = 0; 3083 3084 if (!wpa_s->wps_ap_iter) 3085 return; 3086 ap = wpas_wps_get_ap_info(wpa_s, bssid); 3087 if (ap == NULL) 3088 return; 3089 ap->tries++; 3090 os_get_reltime(&ap->last_attempt); 3091 } 3092