0 | |
/*
|
1 | |
* Wi-Fi Protected Setup - Registrar
|
2 | |
* Copyright (c) 2008-2009, Jouni Malinen <[email protected]>
|
3 | |
*
|
4 | |
* This program is free software; you can redistribute it and/or modify
|
5 | |
* it under the terms of the GNU General Public License version 2 as
|
6 | |
* published by the Free Software Foundation.
|
7 | |
*
|
8 | |
* Alternatively, this software may be distributed under the terms of BSD
|
9 | |
* license.
|
10 | |
*
|
11 | |
* See README and COPYING for more details.
|
12 | |
*/
|
13 | |
#include "globule.h"
|
14 | |
#include "t6.h"
|
15 | |
|
16 | |
#include "utils/includes.h"
|
17 | |
|
18 | |
#include "utils/common.h"
|
19 | |
#include "utils/base64.h"
|
20 | |
#include "utils/eloop.h"
|
21 | |
#include "utils/uuid.h"
|
22 | |
#include "utils/list.h"
|
23 | |
#include "crypto/crypto.h"
|
24 | |
#include "crypto/sha256.h"
|
25 | |
#include "common/ieee802_11_defs.h"
|
26 | |
#include "wps_i.h"
|
27 | |
#include "wps_dev_attr.h"
|
28 | |
#include "../misc.h"
|
29 | |
|
30 | |
#define WPS_WORKAROUNDS
|
31 | |
|
32 | |
struct wps_uuid_pin {
|
33 | |
struct dl_list list;
|
34 | |
u8 uuid[WPS_UUID_LEN];
|
35 | |
int wildcard_uuid;
|
36 | |
u8 *pin;
|
37 | |
size_t pin_len;
|
38 | |
#define PIN_LOCKED BIT(0)
|
39 | |
#define PIN_EXPIRES BIT(1)
|
40 | |
int flags;
|
41 | |
struct os_time expiration;
|
42 | |
};
|
43 | |
|
44 | |
|
45 | |
static void wps_free_pin(struct wps_uuid_pin *pin)
|
46 | |
{
|
47 | |
os_free(pin->pin);
|
48 | |
os_free(pin);
|
49 | |
}
|
50 | |
|
51 | |
|
52 | |
static void wps_remove_pin(struct wps_uuid_pin *pin)
|
53 | |
{
|
54 | |
dl_list_del(&pin->list);
|
55 | |
wps_free_pin(pin);
|
56 | |
}
|
57 | |
|
58 | |
|
59 | |
static void wps_free_pins(struct dl_list *pins)
|
60 | |
{
|
61 | |
struct wps_uuid_pin *pin, *prev;
|
62 | |
dl_list_for_each_safe(pin, prev, pins, struct wps_uuid_pin, list)
|
63 | |
wps_remove_pin(pin);
|
64 | |
}
|
65 | |
|
66 | |
|
67 | |
struct wps_pbc_session {
|
68 | |
struct wps_pbc_session *next;
|
69 | |
u8 addr[ETH_ALEN];
|
70 | |
u8 uuid_e[WPS_UUID_LEN];
|
71 | |
struct os_time timestamp;
|
72 | |
};
|
73 | |
|
74 | |
|
75 | |
static void wps_free_pbc_sessions(struct wps_pbc_session *pbc)
|
76 | |
{
|
77 | |
struct wps_pbc_session *prev;
|
78 | |
|
79 | |
while (pbc) {
|
80 | |
prev = pbc;
|
81 | |
pbc = pbc->next;
|
82 | |
os_free(prev);
|
83 | |
}
|
84 | |
}
|
85 | |
|
86 | |
|
87 | |
struct wps_registrar_device {
|
88 | |
struct wps_registrar_device *next;
|
89 | |
struct wps_device_data dev;
|
90 | |
u8 uuid[WPS_UUID_LEN];
|
91 | |
};
|
92 | |
|
93 | |
|
94 | |
struct wps_registrar {
|
95 | |
struct wps_context *wps;
|
96 | |
|
97 | |
int pbc;
|
98 | |
int selected_registrar;
|
99 | |
|
100 | |
int (*new_psk_cb)(void *ctx, const u8 *mac_addr, const u8 *psk,
|
101 | |
size_t psk_len);
|
102 | |
int (*set_ie_cb)(void *ctx, struct wpabuf *beacon_ie,
|
103 | |
struct wpabuf *probe_resp_ie);
|
104 | |
void (*pin_needed_cb)(void *ctx, const u8 *uuid_e,
|
105 | |
const struct wps_device_data *dev);
|
106 | |
void (*reg_success_cb)(void *ctx, const u8 *mac_addr,
|
107 | |
const u8 *uuid_e);
|
108 | |
void (*set_sel_reg_cb)(void *ctx, int sel_reg, u16 dev_passwd_id,
|
109 | |
u16 sel_reg_config_methods);
|
110 | |
void (*enrollee_seen_cb)(void *ctx, const u8 *addr, const u8 *uuid_e,
|
111 | |
const u8 *pri_dev_type, u16 config_methods,
|
112 | |
u16 dev_password_id, u8 request_type,
|
113 | |
const char *dev_name);
|
114 | |
void *cb_ctx;
|
115 | |
|
116 | |
struct dl_list pins;
|
117 | |
struct wps_pbc_session *pbc_sessions;
|
118 | |
|
119 | |
int skip_cred_build;
|
120 | |
struct wpabuf *extra_cred;
|
121 | |
int disable_auto_conf;
|
122 | |
int sel_reg_union;
|
123 | |
int sel_reg_dev_password_id_override;
|
124 | |
int sel_reg_config_methods_override;
|
125 | |
int static_wep_only;
|
126 | |
|
127 | |
struct wps_registrar_device *devices;
|
128 | |
|
129 | |
int force_pbc_overlap;
|
130 | |
};
|
131 | |
|
132 | |
|
133 | |
static int wps_set_ie(struct wps_registrar *reg);
|
134 | |
static void wps_registrar_pbc_timeout(void *eloop_ctx, void *timeout_ctx);
|
135 | |
static void wps_registrar_set_selected_timeout(void *eloop_ctx,
|
136 | |
void *timeout_ctx);
|
137 | |
|
138 | |
|
139 | |
static void wps_free_devices(struct wps_registrar_device *dev)
|
140 | |
{
|
141 | |
struct wps_registrar_device *prev;
|
142 | |
|
143 | |
while (dev) {
|
144 | |
prev = dev;
|
145 | |
dev = dev->next;
|
146 | |
wps_device_data_free(&prev->dev);
|
147 | |
os_free(prev);
|
148 | |
}
|
149 | |
}
|
150 | |
|
151 | |
|
152 | |
static struct wps_registrar_device * wps_device_get(struct wps_registrar *reg,
|
153 | |
const u8 *addr)
|
154 | |
{
|
155 | |
struct wps_registrar_device *dev;
|
156 | |
|
157 | |
for (dev = reg->devices; dev; dev = dev->next) {
|
158 | |
if (os_memcmp(dev->dev.mac_addr, addr, ETH_ALEN) == 0)
|
159 | |
return dev;
|
160 | |
}
|
161 | |
return NULL;
|
162 | |
}
|
163 | |
|
164 | |
|
165 | |
static void wps_device_clone_data(struct wps_device_data *dst,
|
166 | |
struct wps_device_data *src)
|
167 | |
{
|
168 | |
os_memcpy(dst->mac_addr, src->mac_addr, ETH_ALEN);
|
169 | |
os_memcpy(dst->pri_dev_type, src->pri_dev_type, WPS_DEV_TYPE_LEN);
|
170 | |
|
171 | |
#define WPS_STRDUP(n) \
|
172 | |
os_free(dst->n); \
|
173 | |
dst->n = src->n ? os_strdup(src->n) : NULL
|
174 | |
|
175 | |
WPS_STRDUP(device_name);
|
176 | |
WPS_STRDUP(manufacturer);
|
177 | |
WPS_STRDUP(model_name);
|
178 | |
WPS_STRDUP(model_number);
|
179 | |
WPS_STRDUP(serial_number);
|
180 | |
#undef WPS_STRDUP
|
181 | |
}
|
182 | |
|
183 | |
|
184 | |
int wps_device_store(struct wps_registrar *reg,
|
185 | |
struct wps_device_data *dev, const u8 *uuid)
|
186 | |
{
|
187 | |
struct wps_registrar_device *d;
|
188 | |
|
189 | |
d = wps_device_get(reg, dev->mac_addr);
|
190 | |
if (d == NULL) {
|
191 | |
d = os_zalloc(sizeof(*d));
|
192 | |
if (d == NULL)
|
193 | |
return -1;
|
194 | |
d->next = reg->devices;
|
195 | |
reg->devices = d;
|
196 | |
}
|
197 | |
|
198 | |
wps_device_clone_data(&d->dev, dev);
|
199 | |
os_memcpy(d->uuid, uuid, WPS_UUID_LEN);
|
200 | |
|
201 | |
return 0;
|
202 | |
}
|
203 | |
|
204 | |
|
205 | |
static void wps_registrar_add_pbc_session(struct wps_registrar *reg,
|
206 | |
const u8 *addr, const u8 *uuid_e)
|
207 | |
{
|
208 | |
struct wps_pbc_session *pbc, *prev = NULL;
|
209 | |
struct os_time now;
|
210 | |
|
211 | |
os_get_time(&now);
|
212 | |
|
213 | |
pbc = reg->pbc_sessions;
|
214 | |
while (pbc) {
|
215 | |
if (os_memcmp(pbc->addr, addr, ETH_ALEN) == 0 &&
|
216 | |
os_memcmp(pbc->uuid_e, uuid_e, WPS_UUID_LEN) == 0) {
|
217 | |
if (prev)
|
218 | |
prev->next = pbc->next;
|
219 | |
else
|
220 | |
reg->pbc_sessions = pbc->next;
|
221 | |
break;
|
222 | |
}
|
223 | |
prev = pbc;
|
224 | |
pbc = pbc->next;
|
225 | |
}
|
226 | |
|
227 | |
if (!pbc) {
|
228 | |
pbc = os_zalloc(sizeof(*pbc));
|
229 | |
if (pbc == NULL)
|
230 | |
return;
|
231 | |
os_memcpy(pbc->addr, addr, ETH_ALEN);
|
232 | |
if (uuid_e)
|
233 | |
os_memcpy(pbc->uuid_e, uuid_e, WPS_UUID_LEN);
|
234 | |
}
|
235 | |
|
236 | |
pbc->next = reg->pbc_sessions;
|
237 | |
reg->pbc_sessions = pbc;
|
238 | |
pbc->timestamp = now;
|
239 | |
|
240 | |
/* remove entries that have timed out */
|
241 | |
prev = pbc;
|
242 | |
pbc = pbc->next;
|
243 | |
|
244 | |
while (pbc) {
|
245 | |
if (now.sec > pbc->timestamp.sec + WPS_PBC_WALK_TIME) {
|
246 | |
prev->next = NULL;
|
247 | |
wps_free_pbc_sessions(pbc);
|
248 | |
break;
|
249 | |
}
|
250 | |
prev = pbc;
|
251 | |
pbc = pbc->next;
|
252 | |
}
|
253 | |
}
|
254 | |
|
255 | |
|
256 | |
static void wps_registrar_remove_pbc_session(struct wps_registrar *reg,
|
257 | |
const u8 *addr, const u8 *uuid_e)
|
258 | |
{
|
259 | |
struct wps_pbc_session *pbc, *prev = NULL;
|
260 | |
|
261 | |
pbc = reg->pbc_sessions;
|
262 | |
while (pbc) {
|
263 | |
if (os_memcmp(pbc->addr, addr, ETH_ALEN) == 0 &&
|
264 | |
os_memcmp(pbc->uuid_e, uuid_e, WPS_UUID_LEN) == 0) {
|
265 | |
if (prev)
|
266 | |
prev->next = pbc->next;
|
267 | |
else
|
268 | |
reg->pbc_sessions = pbc->next;
|
269 | |
os_free(pbc);
|
270 | |
break;
|
271 | |
}
|
272 | |
prev = pbc;
|
273 | |
pbc = pbc->next;
|
274 | |
}
|
275 | |
}
|
276 | |
|
277 | |
|
278 | |
static int wps_registrar_pbc_overlap(struct wps_registrar *reg,
|
279 | |
const u8 *addr, const u8 *uuid_e)
|
280 | |
{
|
281 | |
int count = 0;
|
282 | |
struct wps_pbc_session *pbc;
|
283 | |
struct os_time now;
|
284 | |
|
285 | |
os_get_time(&now);
|
286 | |
|
287 | |
for (pbc = reg->pbc_sessions; pbc; pbc = pbc->next) {
|
288 | |
if (now.sec > pbc->timestamp.sec + WPS_PBC_WALK_TIME)
|
289 | |
break;
|
290 | |
if (addr == NULL || os_memcmp(addr, pbc->addr, ETH_ALEN) ||
|
291 | |
uuid_e == NULL ||
|
292 | |
os_memcmp(uuid_e, pbc->uuid_e, WPS_UUID_LEN))
|
293 | |
count++;
|
294 | |
}
|
295 | |
|
296 | |
if (addr || uuid_e)
|
297 | |
count++;
|
298 | |
|
299 | |
return count > 1 ? 1 : 0;
|
300 | |
}
|
301 | |
|
302 | |
|
303 | |
static int wps_build_wps_state(struct wps_context *wps, struct wpabuf *msg)
|
304 | |
{
|
305 | |
wpa_printf(MSG_DEBUG, "WPS: * Wi-Fi Protected Setup State (%d)",
|
306 | |
wps->wps_state);
|
307 | |
wpabuf_put_be16(msg, ATTR_WPS_STATE);
|
308 | |
wpabuf_put_be16(msg, 1);
|
309 | |
wpabuf_put_u8(msg, wps->wps_state);
|
310 | |
return 0;
|
311 | |
}
|
312 | |
|
313 | |
|
314 | |
#ifdef CONFIG_WPS_UPNP
|
315 | |
static void wps_registrar_free_pending_m2(struct wps_context *wps)
|
316 | |
{
|
317 | |
struct upnp_pending_message *p, *p2, *prev = NULL;
|
318 | |
p = wps->upnp_msgs;
|
319 | |
while (p) {
|
320 | |
if (p->type == WPS_M2 || p->type == WPS_M2D) {
|
321 | |
if (prev == NULL)
|
322 | |
wps->upnp_msgs = p->next;
|
323 | |
else
|
324 | |
prev->next = p->next;
|
325 | |
wpa_printf(MSG_DEBUG, "WPS UPnP: Drop pending M2/M2D");
|
326 | |
p2 = p;
|
327 | |
p = p->next;
|
328 | |
wpabuf_free(p2->msg);
|
329 | |
os_free(p2);
|
330 | |
continue;
|
331 | |
}
|
332 | |
prev = p;
|
333 | |
p = p->next;
|
334 | |
}
|
335 | |
}
|
336 | |
#endif /* CONFIG_WPS_UPNP */
|
337 | |
|
338 | |
|
339 | |
static int wps_build_ap_setup_locked(struct wps_context *wps,
|
340 | |
struct wpabuf *msg)
|
341 | |
{
|
342 | |
if (wps->ap_setup_locked) {
|
343 | |
wpa_printf(MSG_DEBUG, "WPS: * AP Setup Locked");
|
344 | |
wpabuf_put_be16(msg, ATTR_AP_SETUP_LOCKED);
|
345 | |
wpabuf_put_be16(msg, 1);
|
346 | |
wpabuf_put_u8(msg, 1);
|
347 | |
}
|
348 | |
return 0;
|
349 | |
}
|
350 | |
|
351 | |
|
352 | |
static int wps_build_selected_registrar(struct wps_registrar *reg,
|
353 | |
struct wpabuf *msg)
|
354 | |
{
|
355 | |
if (!reg->sel_reg_union)
|
356 | |
return 0;
|
357 | |
wpa_printf(MSG_DEBUG, "WPS: * Selected Registrar");
|
358 | |
wpabuf_put_be16(msg, ATTR_SELECTED_REGISTRAR);
|
359 | |
wpabuf_put_be16(msg, 1);
|
360 | |
wpabuf_put_u8(msg, 1);
|
361 | |
return 0;
|
362 | |
}
|
363 | |
|
364 | |
|
365 | |
static int wps_build_sel_reg_dev_password_id(struct wps_registrar *reg,
|
366 | |
struct wpabuf *msg)
|
367 | |
{
|
368 | |
u16 id = reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT;
|
369 | |
if (!reg->sel_reg_union)
|
370 | |
return 0;
|
371 | |
if (reg->sel_reg_dev_password_id_override >= 0)
|
372 | |
id = reg->sel_reg_dev_password_id_override;
|
373 | |
wpa_printf(MSG_DEBUG, "WPS: * Device Password ID (%d)", id);
|
374 | |
wpabuf_put_be16(msg, ATTR_DEV_PASSWORD_ID);
|
375 | |
wpabuf_put_be16(msg, 2);
|
376 | |
wpabuf_put_be16(msg, id);
|
377 | |
return 0;
|
378 | |
}
|
379 | |
|
380 | |
|
381 | |
static int wps_build_sel_reg_config_methods(struct wps_registrar *reg,
|
382 | |
struct wpabuf *msg)
|
383 | |
{
|
384 | |
u16 methods;
|
385 | |
if (!reg->sel_reg_union)
|
386 | |
return 0;
|
387 | |
methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
|
388 | |
if (reg->pbc)
|
389 | |
methods |= WPS_CONFIG_PUSHBUTTON;
|
390 | |
if (reg->sel_reg_config_methods_override >= 0)
|
391 | |
methods = reg->sel_reg_config_methods_override;
|
392 | |
wpa_printf(MSG_DEBUG, "WPS: * Selected Registrar Config Methods (%x)",
|
393 | |
methods);
|
394 | |
wpabuf_put_be16(msg, ATTR_SELECTED_REGISTRAR_CONFIG_METHODS);
|
395 | |
wpabuf_put_be16(msg, 2);
|
396 | |
wpabuf_put_be16(msg, methods);
|
397 | |
return 0;
|
398 | |
}
|
399 | |
|
400 | |
|
401 | |
static int wps_build_probe_config_methods(struct wps_registrar *reg,
|
402 | |
struct wpabuf *msg)
|
403 | |
{
|
404 | |
u16 methods;
|
405 | |
/*
|
406 | |
* These are the methods that the AP supports as an Enrollee for adding
|
407 | |
* external Registrars.
|
408 | |
*/
|
409 | |
methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
|
410 | |
wpa_printf(MSG_DEBUG, "WPS: * Config Methods (%x)", methods);
|
411 | |
wpabuf_put_be16(msg, ATTR_CONFIG_METHODS);
|
412 | |
wpabuf_put_be16(msg, 2);
|
413 | |
wpabuf_put_be16(msg, methods);
|
414 | |
return 0;
|
415 | |
}
|
416 | |
|
417 | |
|
418 | |
static int wps_build_config_methods_r(struct wps_registrar *reg,
|
419 | |
struct wpabuf *msg)
|
420 | |
{
|
421 | |
u16 methods;
|
422 | |
if(reg == NULL)
|
423 | |
{
|
424 | |
return 0;
|
425 | |
}
|
426 | |
|
427 | |
methods = WPS_CONFIG_LABEL | WPS_CONFIG_DISPLAY | WPS_CONFIG_PUSHBUTTON;
|
428 | |
/*
|
429 | |
methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
|
430 | |
if (reg->pbc)
|
431 | |
methods |= WPS_CONFIG_PUSHBUTTON;
|
432 | |
*/
|
433 | |
return wps_build_config_methods(msg, methods);
|
434 | |
}
|
435 | |
|
436 | |
|
437 | |
/**
|
438 | |
* wps_registrar_init - Initialize WPS Registrar data
|
439 | |
* @wps: Pointer to longterm WPS context
|
440 | |
* @cfg: Registrar configuration
|
441 | |
* Returns: Pointer to allocated Registrar data or %NULL on failure
|
442 | |
*
|
443 | |
* This function is used to initialize WPS Registrar functionality. It can be
|
444 | |
* used for a single Registrar run (e.g., when run in a supplicant) or multiple
|
445 | |
* runs (e.g., when run as an internal Registrar in an AP). Caller is
|
446 | |
* responsible for freeing the returned data with wps_registrar_deinit() when
|
447 | |
* Registrar functionality is not needed anymore.
|
448 | |
*/
|
449 | |
struct wps_registrar *
|
450 | |
wps_registrar_init(struct wps_context *wps,
|
451 | |
const struct wps_registrar_config *cfg)
|
452 | |
{
|
453 | |
struct wps_registrar *reg = os_zalloc(sizeof(*reg));
|
454 | |
if (reg == NULL)
|
455 | |
return NULL;
|
456 | |
|
457 | |
dl_list_init(®->pins);
|
458 | |
reg->wps = wps;
|
459 | |
reg->new_psk_cb = cfg->new_psk_cb;
|
460 | |
reg->set_ie_cb = cfg->set_ie_cb;
|
461 | |
reg->pin_needed_cb = cfg->pin_needed_cb;
|
462 | |
reg->reg_success_cb = cfg->reg_success_cb;
|
463 | |
reg->set_sel_reg_cb = cfg->set_sel_reg_cb;
|
464 | |
reg->enrollee_seen_cb = cfg->enrollee_seen_cb;
|
465 | |
reg->cb_ctx = cfg->cb_ctx;
|
466 | |
reg->skip_cred_build = cfg->skip_cred_build;
|
467 | |
if (cfg->extra_cred) {
|
468 | |
reg->extra_cred = wpabuf_alloc_copy(cfg->extra_cred,
|
469 | |
cfg->extra_cred_len);
|
470 | |
if (reg->extra_cred == NULL) {
|
471 | |
os_free(reg);
|
472 | |
return NULL;
|
473 | |
}
|
474 | |
}
|
475 | |
reg->disable_auto_conf = cfg->disable_auto_conf;
|
476 | |
reg->sel_reg_dev_password_id_override = -1;
|
477 | |
reg->sel_reg_config_methods_override = -1;
|
478 | |
reg->static_wep_only = cfg->static_wep_only;
|
479 | |
|
480 | |
if (wps_set_ie(reg)) {
|
481 | |
wps_registrar_deinit(reg);
|
482 | |
return NULL;
|
483 | |
}
|
484 | |
|
485 | |
return reg;
|
486 | |
}
|
487 | |
|
488 | |
|
489 | |
/**
|
490 | |
* wps_registrar_deinit - Deinitialize WPS Registrar data
|
491 | |
* @reg: Registrar data from wps_registrar_init()
|
492 | |
*/
|
493 | |
void wps_registrar_deinit(struct wps_registrar *reg)
|
494 | |
{
|
495 | |
if (reg == NULL)
|
496 | |
return;
|
497 | |
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
|
498 | |
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
|
499 | |
wps_free_pins(®->pins);
|
500 | |
wps_free_pbc_sessions(reg->pbc_sessions);
|
501 | |
wpabuf_free(reg->extra_cred);
|
502 | |
wps_free_devices(reg->devices);
|
503 | |
os_free(reg);
|
504 | |
}
|
505 | |
|
506 | |
|
507 | |
/**
|
508 | |
* wps_registrar_add_pin - Configure a new PIN for Registrar
|
509 | |
* @reg: Registrar data from wps_registrar_init()
|
510 | |
* @uuid: UUID-E or %NULL for wildcard (any UUID)
|
511 | |
* @pin: PIN (Device Password)
|
512 | |
* @pin_len: Length of pin in octets
|
513 | |
* @timeout: Time (in seconds) when the PIN will be invalidated; 0 = no timeout
|
514 | |
* Returns: 0 on success, -1 on failure
|
515 | |
*/
|
516 | |
int wps_registrar_add_pin(struct wps_registrar *reg, const u8 *uuid,
|
517 | |
const u8 *pin, size_t pin_len, int timeout)
|
518 | |
{
|
519 | |
struct wps_uuid_pin *p;
|
520 | |
|
521 | |
if(reg == NULL)
|
522 | |
return -1;
|
523 | |
|
524 | |
p = os_zalloc(sizeof(*p));
|
525 | |
if (p == NULL)
|
526 | |
return -1;
|
527 | |
if (uuid == NULL)
|
528 | |
p->wildcard_uuid = 1;
|
529 | |
else
|
530 | |
os_memcpy(p->uuid, uuid, WPS_UUID_LEN);
|
531 | |
p->pin = os_malloc(pin_len);
|
532 | |
if (p->pin == NULL) {
|
533 | |
os_free(p);
|
534 | |
return -1;
|
535 | |
}
|
536 | |
os_memcpy(p->pin, pin, pin_len);
|
537 | |
p->pin_len = pin_len;
|
538 | |
|
539 | |
if (timeout) {
|
540 | |
p->flags |= PIN_EXPIRES;
|
541 | |
os_get_time(&p->expiration);
|
542 | |
p->expiration.sec += timeout;
|
543 | |
}
|
544 | |
|
545 | |
dl_list_add(®->pins, &p->list);
|
546 | |
|
547 | |
wpa_printf(MSG_DEBUG, "WPS: A new PIN configured (timeout=%d)",
|
548 | |
timeout);
|
549 | |
wpa_hexdump(MSG_DEBUG, "WPS: UUID", uuid, WPS_UUID_LEN);
|
550 | |
wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: PIN", pin, pin_len);
|
551 | |
reg->selected_registrar = 1;
|
552 | |
reg->pbc = 0;
|
553 | |
wps_registrar_selected_registrar_changed(reg);
|
554 | |
/* @@@ HACK: We don't use these registrar timeouts, so calling these eloop
|
555 | |
* functions causes a seg fault.
|
556 | |
*/
|
557 | |
/*eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
|
558 | |
eloop_register_timeout(WPS_PBC_WALK_TIME, 0,
|
559 | |
wps_registrar_set_selected_timeout,
|
560 | |
reg, NULL);
|
561 | |
*/
|
562 | |
return 0;
|
563 | |
}
|
564 | |
|
565 | |
|
566 | |
static void wps_registrar_expire_pins(struct wps_registrar *reg)
|
567 | |
{
|
568 | |
struct wps_uuid_pin *pin, *prev;
|
569 | |
struct os_time now;
|
570 | |
|
571 | |
if(reg != NULL)
|
572 | |
{
|
573 | |
os_get_time(&now);
|
574 | |
dl_list_for_each_safe(pin, prev, ®->pins, struct wps_uuid_pin, list)
|
575 | |
{
|
576 | |
if(pin != NULL)
|
577 | |
{
|
578 | |
if ((pin->flags & PIN_EXPIRES) &&
|
579 | |
os_time_before(&pin->expiration, &now)) {
|
580 | |
wpa_hexdump(MSG_DEBUG, "WPS: Expired PIN for UUID",
|
581 | |
pin->uuid, WPS_UUID_LEN);
|
582 | |
wps_remove_pin(pin);
|
583 | |
}
|
584 | |
}
|
585 | |
}
|
586 | |
}
|
587 | |
}
|
588 | |
|
589 | |
|
590 | |
/**
|
591 | |
* wps_registrar_invalidate_pin - Invalidate a PIN for a specific UUID-E
|
592 | |
* @reg: Registrar data from wps_registrar_init()
|
593 | |
* @uuid: UUID-E
|
594 | |
* Returns: 0 on success, -1 on failure (e.g., PIN not found)
|
595 | |
*/
|
596 | |
int wps_registrar_invalidate_pin(struct wps_registrar *reg, const u8 *uuid)
|
597 | |
{
|
598 | |
struct wps_uuid_pin *pin, *prev;
|
599 | |
|
600 | |
if(reg == NULL)
|
601 | |
return -1;
|
602 | |
|
603 | |
dl_list_for_each_safe(pin, prev, ®->pins, struct wps_uuid_pin, list)
|
604 | |
{
|
605 | |
if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
|
606 | |
wpa_hexdump(MSG_DEBUG, "WPS: Invalidated PIN for UUID",
|
607 | |
pin->uuid, WPS_UUID_LEN);
|
608 | |
wps_remove_pin(pin);
|
609 | |
return 0;
|
610 | |
}
|
611 | |
}
|
612 | |
|
613 | |
return -1;
|
614 | |
}
|
615 | |
|
616 | |
|
617 | |
static const u8 * wps_registrar_get_pin(struct wps_registrar *reg,
|
618 | |
const u8 *uuid, size_t *pin_len)
|
619 | |
{
|
620 | |
struct wps_uuid_pin *pin, *found = NULL;
|
621 | |
|
622 | |
if(reg == NULL)
|
623 | |
return NULL;
|
624 | |
|
625 | |
wps_registrar_expire_pins(reg);
|
626 | |
|
627 | |
dl_list_for_each(pin, ®->pins, struct wps_uuid_pin, list) {
|
628 | |
if (!pin->wildcard_uuid &&
|
629 | |
os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
|
630 | |
found = pin;
|
631 | |
break;
|
632 | |
}
|
633 | |
}
|
634 | |
|
635 | |
if (!found) {
|
636 | |
/* Check for wildcard UUIDs since none of the UUID-specific
|
637 | |
* PINs matched */
|
638 | |
dl_list_for_each(pin, ®->pins, struct wps_uuid_pin, list) {
|
639 | |
if (pin->wildcard_uuid == 1) {
|
640 | |
wpa_printf(MSG_DEBUG, "WPS: Found a wildcard "
|
641 | |
"PIN. Assigned it for this UUID-E");
|
642 | |
pin->wildcard_uuid = 2;
|
643 | |
os_memcpy(pin->uuid, uuid, WPS_UUID_LEN);
|
644 | |
found = pin;
|
645 | |
break;
|
646 | |
}
|
647 | |
}
|
648 | |
}
|
649 | |
|
650 | |
if (!found)
|
651 | |
return NULL;
|
652 | |
|
653 | |
/*
|
654 | |
* Lock the PIN to avoid attacks based on concurrent re-use of the PIN
|
655 | |
* that could otherwise avoid PIN invalidations.
|
656 | |
*/
|
657 | |
if (found->flags & PIN_LOCKED) {
|
658 | |
wpa_printf(MSG_DEBUG, "WPS: Selected PIN locked - do not "
|
659 | |
"allow concurrent re-use");
|
660 | |
return NULL;
|
661 | |
}
|
662 | |
*pin_len = found->pin_len;
|
663 | |
found->flags |= PIN_LOCKED;
|
664 | |
return found->pin;
|
665 | |
}
|
666 | |
|
667 | |
|
668 | |
/**
|
669 | |
* wps_registrar_unlock_pin - Unlock a PIN for a specific UUID-E
|
670 | |
* @reg: Registrar data from wps_registrar_init()
|
671 | |
* @uuid: UUID-E
|
672 | |
* Returns: 0 on success, -1 on failure
|
673 | |
*
|
674 | |
* PINs are locked to enforce only one concurrent use. This function unlocks a
|
675 | |
* PIN to allow it to be used again. If the specified PIN was configured using
|
676 | |
* a wildcard UUID, it will be removed instead of allowing multiple uses.
|
677 | |
*/
|
678 | |
int wps_registrar_unlock_pin(struct wps_registrar *reg, const u8 *uuid)
|
679 | |
{
|
680 | |
struct wps_uuid_pin *pin;
|
681 | |
|
682 | |
if(reg != NULL)
|
683 | |
{
|
684 | |
dl_list_for_each(pin, ®->pins, struct wps_uuid_pin, list) {
|
685 | |
if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
|
686 | |
if (pin->wildcard_uuid == 2) {
|
687 | |
wpa_printf(MSG_DEBUG, "WPS: Invalidating used "
|
688 | |
"wildcard PIN");
|
689 | |
return wps_registrar_invalidate_pin(reg, uuid);
|
690 | |
}
|
691 | |
pin->flags &= ~PIN_LOCKED;
|
692 | |
return 0;
|
693 | |
}
|
694 | |
}
|
695 | |
}
|
696 | |
|
697 | |
return -1;
|
698 | |
}
|
699 | |
|
700 | |
|
701 | |
static void wps_registrar_stop_pbc(struct wps_registrar *reg)
|
702 | |
{
|
703 | |
if(reg != NULL)
|
704 | |
{
|
705 | |
reg->selected_registrar = 0;
|
706 | |
reg->pbc = 0;
|
707 | |
wps_registrar_selected_registrar_changed(reg);
|
708 | |
}
|
709 | |
}
|
710 | |
|
711 | |
|
712 | |
static void wps_registrar_pbc_timeout(void *eloop_ctx, void *timeout_ctx)
|
713 | |
{
|
714 | |
struct wps_registrar *reg = eloop_ctx;
|
715 | |
|
716 | |
if(reg != NULL)
|
717 | |
{
|
718 | |
wpa_printf(MSG_DEBUG, "WPS: PBC timed out - disable PBC mode");
|
719 | |
wps_pbc_timeout_event(reg->wps);
|
720 | |
wps_registrar_stop_pbc(reg);
|
721 | |
}
|
722 | |
}
|
723 | |
|
724 | |
|
725 | |
/**
|
726 | |
* wps_registrar_button_pushed - Notify Registrar that AP button was pushed
|
727 | |
* @reg: Registrar data from wps_registrar_init()
|
728 | |
* Returns: 0 on success, -1 on failure
|
729 | |
*
|
730 | |
* This function is called on an AP when a push button is pushed to activate
|
731 | |
* PBC mode. The PBC mode will be stopped after walk time (2 minutes) timeout
|
732 | |
* or when a PBC registration is completed.
|
733 | |
*/
|
734 | |
int wps_registrar_button_pushed(struct wps_registrar *reg)
|
735 | |
{
|
736 | |
if(reg == NULL)
|
737 | |
return -1;
|
738 | |
|
739 | |
if (wps_registrar_pbc_overlap(reg, NULL, NULL)) {
|
740 | |
wpa_printf(MSG_DEBUG, "WPS: PBC overlap - do not start PBC "
|
741 | |
"mode");
|
742 | |
wps_pbc_overlap_event(reg->wps);
|
743 | |
return -1;
|
744 | |
}
|
745 | |
wpa_printf(MSG_DEBUG, "WPS: Button pushed - PBC mode started");
|
746 | |
reg->force_pbc_overlap = 0;
|
747 | |
reg->selected_registrar = 1;
|
748 | |
reg->pbc = 1;
|
749 | |
wps_registrar_selected_registrar_changed(reg);
|
750 | |
|
751 | |
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
|
752 | |
eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wps_registrar_pbc_timeout,
|
753 | |
reg, NULL);
|
754 | |
return 0;
|
755 | |
}
|
756 | |
|
757 | |
|
758 | |
static void wps_registrar_pbc_completed(struct wps_registrar *reg)
|
759 | |
{
|
760 | |
if(reg != NULL)
|
761 | |
{
|
762 | |
wpa_printf(MSG_DEBUG, "WPS: PBC completed - stopping PBC mode");
|
763 | |
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
|
764 | |
wps_registrar_stop_pbc(reg);
|
765 | |
}
|
766 | |
}
|
767 | |
|
768 | |
|
769 | |
static void wps_registrar_pin_completed(struct wps_registrar *reg)
|
770 | |
{
|
771 | |
if(reg != NULL)
|
772 | |
{
|
773 | |
wpa_printf(MSG_DEBUG, "WPS: PIN completed using internal Registrar");
|
774 | |
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
|
775 | |
reg->selected_registrar = 0;
|
776 | |
wps_registrar_selected_registrar_changed(reg);
|
777 | |
}
|
778 | |
}
|
779 | |
|
780 | |
|
781 | |
/**
|
782 | |
* wps_registrar_probe_req_rx - Notify Registrar of Probe Request
|
783 | |
* @reg: Registrar data from wps_registrar_init()
|
784 | |
* @addr: MAC address of the Probe Request sender
|
785 | |
* @wps_data: WPS IE contents
|
786 | |
*
|
787 | |
* This function is called on an AP when a Probe Request with WPS IE is
|
788 | |
* received. This is used to track PBC mode use and to detect possible overlap
|
789 | |
* situation with other WPS APs.
|
790 | |
*/
|
791 | |
void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr,
|
792 | |
const struct wpabuf *wps_data)
|
793 | |
{
|
794 | |
struct wps_parse_attr attr;
|
795 | |
|
796 | |
if(reg == NULL)
|
797 | |
return;
|
798 | |
|
799 | |
wpa_hexdump_buf(MSG_MSGDUMP,
|
800 | |
"WPS: Probe Request with WPS data received",
|
801 | |
wps_data);
|
802 | |
|
803 | |
if (wps_parse_msg(wps_data, &attr) < 0)
|
804 | |
return;
|
805 | |
if (!wps_version_supported(attr.version)) {
|
806 | |
wpa_printf(MSG_DEBUG, "WPS: Unsupported ProbeReq WPS IE "
|
807 | |
"version 0x%x", attr.version ? *attr.version : 0);
|
808 | |
return;
|
809 | |
}
|
810 | |
|
811 | |
if (attr.config_methods == NULL) {
|
812 | |
wpa_printf(MSG_DEBUG, "WPS: No Config Methods attribute in "
|
813 | |
"Probe Request");
|
814 | |
return;
|
815 | |
}
|
816 | |
|
817 | |
if (attr.dev_password_id == NULL) {
|
818 | |
wpa_printf(MSG_DEBUG, "WPS: No Device Password Id attribute "
|
819 | |
"in Probe Request");
|
820 | |
return;
|
821 | |
}
|
822 | |
|
823 | |
if (reg->enrollee_seen_cb && attr.uuid_e &&
|
824 | |
attr.primary_dev_type && attr.request_type) {
|
825 | |
char *dev_name = NULL;
|
826 | |
if (attr.dev_name) {
|
827 | |
dev_name = os_zalloc(attr.dev_name_len + 1);
|
828 | |
if (dev_name) {
|
829 | |
os_memcpy(dev_name, attr.dev_name,
|
830 | |
attr.dev_name_len);
|
831 | |
}
|
832 | |
}
|
833 | |
reg->enrollee_seen_cb(reg->cb_ctx, addr, attr.uuid_e,
|
834 | |
attr.primary_dev_type,
|
835 | |
WPA_GET_BE16(attr.config_methods),
|
836 | |
WPA_GET_BE16(attr.dev_password_id),
|
837 | |
*attr.request_type, dev_name);
|
838 | |
os_free(dev_name);
|
839 | |
}
|
840 | |
|
841 | |
if (WPA_GET_BE16(attr.dev_password_id) != DEV_PW_PUSHBUTTON)
|
842 | |
return; /* Not PBC */
|
843 | |
|
844 | |
wpa_printf(MSG_DEBUG, "WPS: Probe Request for PBC received from "
|
845 | |
MACSTR, MAC2STR(addr));
|
846 | |
if (attr.uuid_e == NULL) {
|
847 | |
wpa_printf(MSG_DEBUG, "WPS: Invalid Probe Request WPS IE: No "
|
848 | |
"UUID-E included");
|
849 | |
return;
|
850 | |
}
|
851 | |
|
852 | |
wps_registrar_add_pbc_session(reg, addr, attr.uuid_e);
|
853 | |
if (wps_registrar_pbc_overlap(reg, addr, attr.uuid_e)) {
|
854 | |
wpa_printf(MSG_DEBUG, "WPS: PBC session overlap detected");
|
855 | |
reg->force_pbc_overlap = 1;
|
856 | |
wps_pbc_overlap_event(reg->wps);
|
857 | |
}
|
858 | |
}
|
859 | |
|
860 | |
|
861 | |
static int wps_cb_new_psk(struct wps_registrar *reg, const u8 *mac_addr,
|
862 | |
const u8 *psk, size_t psk_len)
|
863 | |
{
|
864 | |
if(reg == NULL)
|
865 | |
return 0;
|
866 | |
|
867 | |
if (reg->new_psk_cb == NULL)
|
868 | |
return 0;
|
869 | |
|
870 | |
return reg->new_psk_cb(reg->cb_ctx, mac_addr, psk, psk_len);
|
871 | |
}
|
872 | |
|
873 | |
|
874 | |
static void wps_cb_pin_needed(struct wps_registrar *reg, const u8 *uuid_e,
|
875 | |
const struct wps_device_data *dev)
|
876 | |
{
|
877 | |
if(reg == NULL)
|
878 | |
return;
|
879 | |
|
880 | |
if (reg->pin_needed_cb == NULL)
|
881 | |
return;
|
882 | |
|
883 | |
reg->pin_needed_cb(reg->cb_ctx, uuid_e, dev);
|
884 | |
}
|
885 | |
|
886 | |
|
887 | |
static void wps_cb_reg_success(struct wps_registrar *reg, const u8 *mac_addr,
|
888 | |
const u8 *uuid_e)
|
889 | |
{
|
890 | |
if(reg == NULL)
|
891 | |
return;
|
892 | |
|
893 | |
if (reg->reg_success_cb == NULL)
|
894 | |
return;
|
895 | |
|
896 | |
reg->reg_success_cb(reg->cb_ctx, mac_addr, uuid_e);
|
897 | |
}
|
898 | |
|
899 | |
|
900 | |
static int wps_cb_set_ie(struct wps_registrar *reg, struct wpabuf *beacon_ie,
|
901 | |
struct wpabuf *probe_resp_ie)
|
902 | |
{
|
903 | |
if(reg == NULL)
|
904 | |
return 0;
|
905 | |
|
906 | |
return reg->set_ie_cb(reg->cb_ctx, beacon_ie, probe_resp_ie);
|
907 | |
}
|
908 | |
|
909 | |
|
910 | |
static void wps_cb_set_sel_reg(struct wps_registrar *reg)
|
911 | |
{
|
912 | |
if(reg == NULL)
|
913 | |
return;
|
914 | |
|
915 | |
wpa_printf(MSG_DEBUG, "WPS: Enter wps_cg_set_sel_reg");
|
916 | |
u16 methods = 0;
|
917 | |
if (reg->set_sel_reg_cb == NULL)
|
918 | |
{
|
919 | |
wpa_printf(MSG_DEBUG, "WPS: Leave wps_cg_set_sel_reg early");
|
920 | |
return;
|
921 | |
}
|
922 | |
|
923 | |
wpa_printf(MSG_DEBUG, "WPS: reg->selected_registrar");
|
924 | |
if (reg->selected_registrar) {
|
925 | |
methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
|
926 | |
if (reg->pbc)
|
927 | |
methods |= WPS_CONFIG_PUSHBUTTON;
|
928 | |
}
|
929 | |
|
930 | |
wpa_printf(MSG_DEBUG, "WPS: reg->set_sel_reg_cb");
|
931 | |
reg->set_sel_reg_cb(reg->cb_ctx, reg->selected_registrar,
|
932 | |
reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT,
|
933 | |
methods);
|
934 | |
|
935 | |
wpa_printf(MSG_DEBUG, "WPS: Leave wps_cg_set_sel_reg");
|
936 | |
}
|
937 | |
|
938 | |
|
939 | |
/* Encapsulate WPS IE data with one (or more, if needed) IE headers */
|
940 | |
static struct wpabuf * wps_ie_encapsulate(struct wpabuf *data)
|
941 | |
{
|
942 | |
struct wpabuf *ie;
|
943 | |
const u8 *pos, *end;
|
944 | |
|
945 | |
ie = wpabuf_alloc(wpabuf_len(data) + 100);
|
946 | |
if (ie == NULL) {
|
947 | |
wpabuf_free(data);
|
948 | |
return NULL;
|
949 | |
}
|
950 | |
|
951 | |
pos = wpabuf_head(data);
|
952 | |
end = pos + wpabuf_len(data);
|
953 | |
|
954 | |
while (end > pos) {
|
955 | |
size_t frag_len = end - pos;
|
956 | |
if (frag_len > 251)
|
957 | |
frag_len = 251;
|
958 | |
wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
|
959 | |
wpabuf_put_u8(ie, 4 + frag_len);
|
960 | |
wpabuf_put_be32(ie, WPS_DEV_OUI_WFA);
|
961 | |
wpabuf_put_data(ie, pos, frag_len);
|
962 | |
pos += frag_len;
|
963 | |
}
|
964 | |
|
965 | |
wpabuf_free(data);
|
966 | |
|
967 | |
return ie;
|
968 | |
}
|
969 | |
|
970 | |
|
971 | |
static int wps_set_ie(struct wps_registrar *reg)
|
972 | |
{
|
973 | |
struct wpabuf *beacon;
|
974 | |
struct wpabuf *probe;
|
975 | |
|
976 | |
if (reg->set_ie_cb == NULL)
|
977 | |
return 0;
|
978 | |
|
979 | |
wpa_printf(MSG_DEBUG, "WPS: Build Beacon and Probe Response IEs");
|
980 | |
|
981 | |
beacon = wpabuf_alloc(300);
|
982 | |
if (beacon == NULL)
|
983 | |
return -1;
|
984 | |
probe = wpabuf_alloc(400);
|
985 | |
if (probe == NULL) {
|
986 | |
wpabuf_free(beacon);
|
987 | |
return -1;
|
988 | |
}
|
989 | |
|
990 | |
if (wps_build_version(beacon) ||
|
991 | |
wps_build_wps_state(reg->wps, beacon) ||
|
992 | |
wps_build_ap_setup_locked(reg->wps, beacon) ||
|
993 | |
wps_build_selected_registrar(reg, beacon) ||
|
994 | |
wps_build_sel_reg_dev_password_id(reg, beacon) ||
|
995 | |
wps_build_sel_reg_config_methods(reg, beacon) ||
|
996 | |
wps_build_version(probe) ||
|
997 | |
wps_build_wps_state(reg->wps, probe) ||
|
998 | |
wps_build_ap_setup_locked(reg->wps, probe) ||
|
999 | |
wps_build_selected_registrar(reg, probe) ||
|
1000 | |
wps_build_sel_reg_dev_password_id(reg, probe) ||
|
1001 | |
wps_build_sel_reg_config_methods(reg, probe) ||
|
1002 | |
wps_build_resp_type(probe, reg->wps->ap ? WPS_RESP_AP :
|
1003 | |
WPS_RESP_REGISTRAR) ||
|
1004 | |
wps_build_uuid_e(probe, reg->wps->uuid) ||
|
1005 | |
wps_build_device_attrs(®->wps->dev, probe) ||
|
1006 | |
wps_build_probe_config_methods(reg, probe) ||
|
1007 | |
wps_build_rf_bands(®->wps->dev, probe)) {
|
1008 | |
wpabuf_free(beacon);
|
1009 | |
wpabuf_free(probe);
|
1010 | |
return -1;
|
1011 | |
}
|
1012 | |
|
1013 | |
beacon = wps_ie_encapsulate(beacon);
|
1014 | |
probe = wps_ie_encapsulate(probe);
|
1015 | |
|
1016 | |
if (!beacon || !probe) {
|
1017 | |
wpabuf_free(beacon);
|
1018 | |
wpabuf_free(probe);
|
1019 | |
return -1;
|
1020 | |
}
|
1021 | |
|
1022 | |
if (reg->static_wep_only) {
|
1023 | |
/*
|
1024 | |
* Windows XP and Vista clients can get confused about
|
1025 | |
* EAP-Identity/Request when they probe the network with
|
1026 | |
* EAPOL-Start. In such a case, they may assume the network is
|
1027 | |
* using IEEE 802.1X and prompt user for a certificate while
|
1028 | |
* the correct (non-WPS) behavior would be to ask for the
|
1029 | |
* static WEP key. As a workaround, use Microsoft Provisioning
|
1030 | |
* IE to advertise that legacy 802.1X is not supported.
|
1031 | |
*/
|
1032 | |
const u8 ms_wps[7] = {
|
1033 | |
WLAN_EID_VENDOR_SPECIFIC, 5,
|
1034 | |
/* Microsoft Provisioning IE (00:50:f2:5) */
|
1035 | |
0x00, 0x50, 0xf2, 5,
|
1036 | |
0x00 /* no legacy 802.1X or MS WPS */
|
1037 | |
};
|
1038 | |
wpa_printf(MSG_DEBUG, "WPS: Add Microsoft Provisioning IE "
|
1039 | |
"into Beacon/Probe Response frames");
|
1040 | |
wpabuf_put_data(beacon, ms_wps, sizeof(ms_wps));
|
1041 | |
wpabuf_put_data(probe, ms_wps, sizeof(ms_wps));
|
1042 | |
}
|
1043 | |
|
1044 | |
return wps_cb_set_ie(reg, beacon, probe);
|
1045 | |
}
|
1046 | |
|
1047 | |
|
1048 | |
static int wps_get_dev_password(struct wps_data *wps)
|
1049 | |
{
|
1050 | |
const u8 *pin;
|
1051 | |
size_t pin_len = 0;
|
1052 | |
|
1053 | |
os_free(wps->dev_password);
|
1054 | |
wps->dev_password = NULL;
|
1055 | |
|
1056 | |
pin = wps_registrar_get_pin(wps->wps->registrar, wps->uuid_e, &pin_len);
|
1057 | |
if (pin == NULL) {
|
1058 | |
wpa_printf(MSG_DEBUG, "WPS: No Device Password available for "
|
1059 | |
"the Enrollee");
|
1060 | |
if(wps->wps->registrar != NULL)
|
1061 | |
{
|
1062 | |
wps_cb_pin_needed(wps->wps->registrar, wps->uuid_e,
|
1063 | |
&wps->peer_dev);
|
1064 | |
}
|
1065 | |
return -1;
|
1066 | |
}
|
1067 | |
|
1068 | |
wps->dev_password = os_malloc(pin_len);
|
1069 | |
if (wps->dev_password == NULL)
|
1070 | |
return -1;
|
1071 | |
os_memcpy(wps->dev_password, pin, pin_len);
|
1072 | |
wps->dev_password_len = pin_len;
|
1073 | |
|
1074 | |
return 0;
|
1075 | |
}
|
1076 | |
|
1077 | |
|
1078 | |
static int wps_build_uuid_r(struct wps_data *wps, struct wpabuf *msg)
|
1079 | |
{
|
1080 | |
wpa_printf(MSG_DEBUG, "WPS: * UUID-R");
|
1081 | |
wpabuf_put_be16(msg, ATTR_UUID_R);
|
1082 | |
wpabuf_put_be16(msg, WPS_UUID_LEN);
|
1083 | |
wpabuf_put_data(msg, wps->uuid_r, WPS_UUID_LEN);
|
1084 | |
return 0;
|
1085 | |
}
|
1086 | |
|
1087 | |
|
1088 | |
static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg)
|
1089 | |
{
|
1090 | |
u8 *hash;
|
1091 | |
const u8 *addr[4];
|
1092 | |
size_t len[4];
|
1093 | |
|
1094 | |
if (os_get_random(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
|
1095 | |
return -1;
|
1096 | |
wpa_hexdump(MSG_DEBUG, "WPS: R-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
|
1097 | |
wpa_hexdump(MSG_DEBUG, "WPS: R-S2",
|
1098 | |
wps->snonce + WPS_SECRET_NONCE_LEN, WPS_SECRET_NONCE_LEN);
|
1099 | |
|
1100 | |
if (wps->dh_pubkey_e == NULL || wps->dh_pubkey_r == NULL) {
|
1101 | |
wpa_printf(MSG_DEBUG, "WPS: DH public keys not available for "
|
1102 | |
"R-Hash derivation");
|
1103 | |
return -1;
|
1104 | |
}
|
1105 | |
|
1106 | |
wpa_printf(MSG_DEBUG, "WPS: * R-Hash1");
|
1107 | |
wpabuf_put_be16(msg, ATTR_R_HASH1);
|
1108 | |
wpabuf_put_be16(msg, SHA256_MAC_LEN);
|
1109 | |
hash = wpabuf_put(msg, SHA256_MAC_LEN);
|
1110 | |
/* R-Hash1 = HMAC_AuthKey(R-S1 || PSK1 || PK_E || PK_R) */
|
1111 | |
addr[0] = wps->snonce;
|
1112 | |
len[0] = WPS_SECRET_NONCE_LEN;
|
1113 | |
addr[1] = wps->psk1;
|
1114 | |
len[1] = WPS_PSK_LEN;
|
1115 | |
addr[2] = wpabuf_head(wps->dh_pubkey_e);
|
1116 | |
len[2] = wpabuf_len(wps->dh_pubkey_e);
|
1117 | |
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
1118 | |
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
1119 | |
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
1120 | |
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", hash, SHA256_MAC_LEN);
|
1121 | |
|
1122 | |
wpa_printf(MSG_DEBUG, "WPS: * R-Hash2");
|
1123 | |
wpabuf_put_be16(msg, ATTR_R_HASH2);
|
1124 | |
wpabuf_put_be16(msg, SHA256_MAC_LEN);
|
1125 | |
hash = wpabuf_put(msg, SHA256_MAC_LEN);
|
1126 | |
/* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
|
1127 | |
addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
|
1128 | |
addr[1] = wps->psk2;
|
1129 | |
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
1130 | |
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", hash, SHA256_MAC_LEN);
|
1131 | |
|
1132 | |
return 0;
|
1133 | |
}
|
1134 | |
|
1135 | |
|
1136 | |
static int wps_build_r_snonce1(struct wps_data *wps, struct wpabuf *msg)
|
1137 | |
{
|
1138 | |
wpa_printf(MSG_DEBUG, "WPS: * R-SNonce1");
|
1139 | |
wpabuf_put_be16(msg, ATTR_R_SNONCE1);
|
1140 | |
wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
|
1141 | |
wpabuf_put_data(msg, wps->snonce, WPS_SECRET_NONCE_LEN);
|
1142 | |
return 0;
|
1143 | |
}
|
1144 | |
|
1145 | |
|
1146 | |
static int wps_build_r_snonce2(struct wps_data *wps, struct wpabuf *msg)
|
1147 | |
{
|
1148 | |
wpa_printf(MSG_DEBUG, "WPS: * R-SNonce2");
|
1149 | |
wpabuf_put_be16(msg, ATTR_R_SNONCE2);
|
1150 | |
wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
|
1151 | |
wpabuf_put_data(msg, wps->snonce + WPS_SECRET_NONCE_LEN,
|
1152 | |
WPS_SECRET_NONCE_LEN);
|
1153 | |
return 0;
|
1154 | |
}
|
1155 | |
|
1156 | |
|
1157 | |
static int wps_build_cred_network_idx(struct wpabuf *msg,
|
1158 | |
const struct wps_credential *cred)
|
1159 | |
{
|
1160 | |
wpa_printf(MSG_DEBUG, "WPS: * Network Index");
|
1161 | |
wpabuf_put_be16(msg, ATTR_NETWORK_INDEX);
|
1162 | |
wpabuf_put_be16(msg, 1);
|
1163 | |
wpabuf_put_u8(msg, 1);
|
1164 | |
return 0;
|
1165 | |
}
|
1166 | |
|
1167 | |
|
1168 | |
static int wps_build_cred_ssid(struct wpabuf *msg,
|
1169 | |
const struct wps_credential *cred)
|
1170 | |
{
|
1171 | |
wpa_printf(MSG_DEBUG, "WPS: * SSID");
|
1172 | |
wpabuf_put_be16(msg, ATTR_SSID);
|
1173 | |
wpabuf_put_be16(msg, cred->ssid_len);
|
1174 | |
wpabuf_put_data(msg, cred->ssid, cred->ssid_len);
|
1175 | |
return 0;
|
1176 | |
}
|
1177 | |
|
1178 | |
|
1179 | |
static int wps_build_cred_auth_type(struct wpabuf *msg,
|
1180 | |
const struct wps_credential *cred)
|
1181 | |
{
|
1182 | |
wpa_printf(MSG_DEBUG, "WPS: * Authentication Type (0x%x)",
|
1183 | |
cred->auth_type);
|
1184 | |
wpabuf_put_be16(msg, ATTR_AUTH_TYPE);
|
1185 | |
wpabuf_put_be16(msg, 2);
|
1186 | |
wpabuf_put_be16(msg, cred->auth_type);
|
1187 | |
return 0;
|
1188 | |
}
|
1189 | |
|
1190 | |
|
1191 | |
static int wps_build_cred_encr_type(struct wpabuf *msg,
|
1192 | |
const struct wps_credential *cred)
|
1193 | |
{
|
1194 | |
wpa_printf(MSG_DEBUG, "WPS: * Encryption Type (0x%x)",
|
1195 | |
cred->encr_type);
|
1196 | |
wpabuf_put_be16(msg, ATTR_ENCR_TYPE);
|
1197 | |
wpabuf_put_be16(msg, 2);
|
1198 | |
wpabuf_put_be16(msg, cred->encr_type);
|
1199 | |
return 0;
|
1200 | |
}
|
1201 | |
|
1202 | |
|
1203 | |
static int wps_build_cred_network_key(struct wpabuf *msg,
|
1204 | |
const struct wps_credential *cred)
|
1205 | |
{
|
1206 | |
wpa_printf(MSG_DEBUG, "WPS: * Network Key (len=%d)",
|
1207 | |
(int) cred->key_len);
|
1208 | |
wpabuf_put_be16(msg, ATTR_NETWORK_KEY);
|
1209 | |
wpabuf_put_be16(msg, cred->key_len);
|
1210 | |
wpabuf_put_data(msg, cred->key, cred->key_len);
|
1211 | |
return 0;
|
1212 | |
}
|
1213 | |
|
1214 | |
|
1215 | |
static int wps_build_cred_mac_addr(struct wpabuf *msg,
|
1216 | |
const struct wps_credential *cred)
|
1217 | |
{
|
1218 | |
wpa_printf(MSG_DEBUG, "WPS: * MAC Address (" MACSTR ")",
|
1219 | |
MAC2STR(cred->mac_addr));
|
1220 | |
wpabuf_put_be16(msg, ATTR_MAC_ADDR);
|
1221 | |
wpabuf_put_be16(msg, ETH_ALEN);
|
1222 | |
wpabuf_put_data(msg, cred->mac_addr, ETH_ALEN);
|
1223 | |
return 0;
|
1224 | |
}
|
1225 | |
|
1226 | |
|
1227 | |
static int wps_build_credential(struct wpabuf *msg,
|
1228 | |
const struct wps_credential *cred)
|
1229 | |
{
|
1230 | |
if (wps_build_cred_network_idx(msg, cred) ||
|
1231 | |
wps_build_cred_ssid(msg, cred) ||
|
1232 | |
wps_build_cred_auth_type(msg, cred) ||
|
1233 | |
wps_build_cred_encr_type(msg, cred) ||
|
1234 | |
wps_build_cred_network_key(msg, cred) ||
|
1235 | |
wps_build_cred_mac_addr(msg, cred))
|
1236 | |
return -1;
|
1237 | |
return 0;
|
1238 | |
}
|
1239 | |
|
1240 | |
|
1241 | |
int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
|
1242 | |
{
|
1243 | |
struct wpabuf *cred;
|
1244 | |
|
1245 | |
if (wps->wps->registrar->skip_cred_build)
|
1246 | |
goto skip_cred_build;
|
1247 | |
|
1248 | |
wpa_printf(MSG_DEBUG, "WPS: * Credential");
|
1249 | |
if (wps->use_cred) {
|
1250 | |
os_memcpy(&wps->cred, wps->use_cred, sizeof(wps->cred));
|
1251 | |
goto use_provided;
|
1252 | |
}
|
1253 | |
os_memset(&wps->cred, 0, sizeof(wps->cred));
|
1254 | |
|
1255 | |
os_memcpy(wps->cred.ssid, wps->wps->ssid, wps->wps->ssid_len);
|
1256 | |
wps->cred.ssid_len = wps->wps->ssid_len;
|
1257 | |
|
1258 | |
/* Select the best authentication and encryption type */
|
1259 | |
if (wps->auth_type & WPS_AUTH_WPA2PSK)
|
1260 | |
wps->auth_type = WPS_AUTH_WPA2PSK;
|
1261 | |
else if (wps->auth_type & WPS_AUTH_WPAPSK)
|
1262 | |
wps->auth_type = WPS_AUTH_WPAPSK;
|
1263 | |
else if (wps->auth_type & WPS_AUTH_OPEN)
|
1264 | |
wps->auth_type = WPS_AUTH_OPEN;
|
1265 | |
else if (wps->auth_type & WPS_AUTH_SHARED)
|
1266 | |
wps->auth_type = WPS_AUTH_SHARED;
|
1267 | |
else {
|
1268 | |
wpa_printf(MSG_DEBUG, "WPS: Unsupported auth_type 0x%x",
|
1269 | |
wps->auth_type);
|
1270 | |
return -1;
|
1271 | |
}
|
1272 | |
wps->cred.auth_type = wps->auth_type;
|
1273 | |
|
1274 | |
if (wps->auth_type == WPS_AUTH_WPA2PSK ||
|
1275 | |
wps->auth_type == WPS_AUTH_WPAPSK) {
|
1276 | |
if (wps->encr_type & WPS_ENCR_AES)
|
1277 | |
wps->encr_type = WPS_ENCR_AES;
|
1278 | |
else if (wps->encr_type & WPS_ENCR_TKIP)
|
1279 | |
wps->encr_type = WPS_ENCR_TKIP;
|
1280 | |
else {
|
1281 | |
wpa_printf(MSG_DEBUG, "WPS: No suitable encryption "
|
1282 | |
"type for WPA/WPA2");
|
1283 | |
return -1;
|
1284 | |
}
|
1285 | |
} else {
|
1286 | |
if (wps->encr_type & WPS_ENCR_WEP)
|
1287 | |
wps->encr_type = WPS_ENCR_WEP;
|
1288 | |
else if (wps->encr_type & WPS_ENCR_NONE)
|
1289 | |
wps->encr_type = WPS_ENCR_NONE;
|
1290 | |
else {
|
1291 | |
wpa_printf(MSG_DEBUG, "WPS: No suitable encryption "
|
1292 | |
"type for non-WPA/WPA2 mode");
|
1293 | |
return -1;
|
1294 | |
}
|
1295 | |
}
|
1296 | |
wps->cred.encr_type = wps->encr_type;
|
1297 | |
/*
|
1298 | |
* Set MAC address in the Credential to be the Enrollee's MAC address
|
1299 | |
*/
|
1300 | |
os_memcpy(wps->cred.mac_addr, wps->mac_addr_e, ETH_ALEN);
|
1301 | |
|
1302 | |
if (wps->wps->wps_state == WPS_STATE_NOT_CONFIGURED && wps->wps->ap &&
|
1303 | |
!wps->wps->registrar->disable_auto_conf) {
|
1304 | |
u8 r[16];
|
1305 | |
/* Generate a random passphrase */
|
1306 | |
if (os_get_random(r, sizeof(r)) < 0)
|
1307 | |
return -1;
|
1308 | |
os_free(wps->new_psk);
|
1309 | |
wps->new_psk = base64_encode(r, sizeof(r), &wps->new_psk_len);
|
1310 | |
if (wps->new_psk == NULL)
|
1311 | |
return -1;
|
1312 | |
wps->new_psk_len--; /* remove newline */
|
1313 | |
while (wps->new_psk_len &&
|
1314 | |
wps->new_psk[wps->new_psk_len - 1] == '=')
|
1315 | |
wps->new_psk_len--;
|
1316 | |
wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: Generated passphrase",
|
1317 | |
wps->new_psk, wps->new_psk_len);
|
1318 | |
os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);
|
1319 | |
wps->cred.key_len = wps->new_psk_len;
|
1320 | |
} else if (wps->use_psk_key && wps->wps->psk_set) {
|
1321 | |
char hex[65];
|
1322 | |
wpa_printf(MSG_DEBUG, "WPS: Use PSK format for Network Key");
|
1323 | |
wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, 32);
|
1324 | |
os_memcpy(wps->cred.key, hex, 32 * 2);
|
1325 | |
wps->cred.key_len = 32 * 2;
|
1326 | |
} else if (wps->wps->network_key) {
|
1327 | |
os_memcpy(wps->cred.key, wps->wps->network_key,
|
1328 | |
wps->wps->network_key_len);
|
1329 | |
wps->cred.key_len = wps->wps->network_key_len;
|
1330 | |
} else if (wps->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
|
1331 | |
char hex[65];
|
1332 | |
/* Generate a random per-device PSK */
|
1333 | |
os_free(wps->new_psk);
|
1334 | |
wps->new_psk_len = 32;
|
1335 | |
wps->new_psk = os_malloc(wps->new_psk_len);
|
1336 | |
if (wps->new_psk == NULL)
|
1337 | |
return -1;
|
1338 | |
if (os_get_random(wps->new_psk, wps->new_psk_len) < 0) {
|
1339 | |
os_free(wps->new_psk);
|
1340 | |
wps->new_psk = NULL;
|
1341 | |
return -1;
|
1342 | |
}
|
1343 | |
wpa_hexdump_key(MSG_DEBUG, "WPS: Generated per-device PSK",
|
1344 | |
wps->new_psk, wps->new_psk_len);
|
1345 | |
wpa_snprintf_hex(hex, sizeof(hex), wps->new_psk,
|
1346 | |
wps->new_psk_len);
|
1347 | |
os_memcpy(wps->cred.key, hex, wps->new_psk_len * 2);
|
1348 | |
wps->cred.key_len = wps->new_psk_len * 2;
|
1349 | |
}
|
1350 | |
|
1351 | |
use_provided:
|
1352 | |
cred = wpabuf_alloc(200);
|
1353 | |
if (cred == NULL)
|
1354 | |
return -1;
|
1355 | |
|
1356 | |
if (wps_build_credential(cred, &wps->cred)) {
|
1357 | |
wpabuf_free(cred);
|
1358 | |
return -1;
|
1359 | |
}
|
1360 | |
|
1361 | |
wpabuf_put_be16(msg, ATTR_CRED);
|
1362 | |
wpabuf_put_be16(msg, wpabuf_len(cred));
|
1363 | |
wpabuf_put_buf(msg, cred);
|
1364 | |
wpabuf_free(cred);
|
1365 | |
|
1366 | |
skip_cred_build:
|
1367 | |
if (wps->wps->registrar->extra_cred) {
|
1368 | |
wpa_printf(MSG_DEBUG, "WPS: * Credential (pre-configured)");
|
1369 | |
wpabuf_put_buf(msg, wps->wps->registrar->extra_cred);
|
1370 | |
}
|
1371 | |
|
1372 | |
return 0;
|
1373 | |
}
|
1374 | |
|
1375 | |
|
1376 | |
static int wps_build_ap_settings(struct wps_data *wps, struct wpabuf *msg)
|
1377 | |
{
|
1378 | |
wpa_printf(MSG_DEBUG, "WPS: * AP Settings");
|
1379 | |
|
1380 | |
if (wps_build_credential(msg, &wps->cred))
|
1381 | |
return -1;
|
1382 | |
|
1383 | |
return 0;
|
1384 | |
}
|
1385 | |
|
1386 | |
|
1387 | |
static struct wpabuf * wps_build_m2(struct wps_data *wps)
|
1388 | |
{
|
1389 | |
struct wpabuf *msg;
|
1390 | |
|
1391 | |
if (os_get_random(wps->nonce_r, WPS_NONCE_LEN) < 0)
|
1392 | |
return NULL;
|
1393 | |
wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce",
|
1394 | |
wps->nonce_r, WPS_NONCE_LEN);
|
1395 | |
wpa_hexdump(MSG_DEBUG, "WPS: UUID-R", wps->uuid_r, WPS_UUID_LEN);
|
1396 | |
|
1397 | |
wpa_printf(MSG_DEBUG, "WPS: Building Message M2");
|
1398 | |
msg = wpabuf_alloc(1000);
|
1399 | |
if (msg == NULL)
|
1400 | |
return NULL;
|
1401 | |
|
1402 | |
if (wps_build_version(msg) ||
|
1403 | |
wps_build_msg_type(msg, WPS_M2) ||
|
1404 | |
wps_build_enrollee_nonce(wps, msg) ||
|
1405 | |
wps_build_registrar_nonce(wps, msg) ||
|
1406 | |
wps_build_uuid_r(wps, msg) ||
|
1407 | |
wps_build_public_key(wps, msg) ||
|
1408 | |
wps_derive_keys(wps) ||
|
1409 | |
wps_build_auth_type_flags(wps, msg) ||
|
1410 | |
wps_build_encr_type_flags(wps, msg) ||
|
1411 | |
wps_build_conn_type_flags(wps, msg) ||
|
1412 | |
wps_build_config_methods_r(wps->wps->registrar, msg) ||
|
1413 | |
wps_build_device_attrs(&wps->wps->dev, msg) ||
|
1414 | |
wps_build_rf_bands(&wps->wps->dev, msg) ||
|
1415 | |
wps_build_assoc_state(wps, msg) ||
|
1416 | |
wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
|
1417 | |
wps_build_dev_password_id(msg, wps->dev_pw_id) ||
|
1418 | |
wps_build_os_version(&wps->wps->dev, msg) ||
|
1419 | |
wps_build_authenticator(wps, msg)) {
|
1420 | |
wpabuf_free(msg);
|
1421 | |
return NULL;
|
1422 | |
}
|
1423 | |
|
1424 | |
wps->int_reg = 1;
|
1425 | |
wps->state = RECV_M3;
|
1426 | |
return msg;
|
1427 | |
}
|
1428 | |
|
1429 | |
|
1430 | |
static struct wpabuf * wps_build_m2d(struct wps_data *wps)
|
1431 | |
{
|
1432 | |
struct wpabuf *msg;
|
1433 | |
u16 err = wps->config_error;
|
1434 | |
|
1435 | |
wpa_printf(MSG_DEBUG, "WPS: Building Message M2D");
|
1436 | |
msg = wpabuf_alloc(1000);
|
1437 | |
if (msg == NULL)
|
1438 | |
return NULL;
|
1439 | |
|
1440 | |
if (wps->wps->ap && wps->wps->ap_setup_locked &&
|
1441 | |
err == WPS_CFG_NO_ERROR)
|
1442 | |
err = WPS_CFG_SETUP_LOCKED;
|
1443 | |
|
1444 | |
if (wps_build_version(msg) ||
|
1445 | |
wps_build_msg_type(msg, WPS_M2D) ||
|
1446 | |
wps_build_enrollee_nonce(wps, msg) ||
|
1447 | |
wps_build_registrar_nonce(wps, msg) ||
|
1448 | |
wps_build_uuid_r(wps, msg) ||
|
1449 | |
wps_build_auth_type_flags(wps, msg) ||
|
1450 | |
wps_build_encr_type_flags(wps, msg) ||
|
1451 | |
wps_build_conn_type_flags(wps, msg) ||
|
1452 | |
wps_build_config_methods_r(wps->wps->registrar, msg) ||
|
1453 | |
wps_build_device_attrs(&wps->wps->dev, msg) ||
|
1454 | |
wps_build_rf_bands(&wps->wps->dev, msg) ||
|
1455 | |
wps_build_assoc_state(wps, msg) ||
|
1456 | |
wps_build_config_error(msg, err) ||
|
1457 | |
wps_build_os_version(&wps->wps->dev, msg)) {
|
1458 | |
wpabuf_free(msg);
|
1459 | |
return NULL;
|
1460 | |
}
|
1461 | |
|
1462 | |
wps->state = RECV_M2D_ACK;
|
1463 | |
return msg;
|
1464 | |
}
|
1465 | |
|
1466 | |
|
1467 | |
static struct wpabuf * wps_build_m4(struct wps_data *wps)
|
1468 | |
{
|
1469 | |
struct wpabuf *msg, *plain;
|
1470 | |
|
1471 | |
wpa_printf(MSG_DEBUG, "WPS: Building Message M4");
|
1472 | |
|
1473 | |
wpa_printf(MSG_DEBUG, "WPS: Dev Password Len: %d", wps->dev_password_len);
|
1474 | |
wpa_printf(MSG_DEBUG, "WPS: Dev Password: %s", wps->dev_password);
|
1475 | |
|
1476 | |
wps_derive_psk(wps, wps->dev_password, wps->dev_password_len);
|
1477 | |
|
1478 | |
plain = wpabuf_alloc(200);
|
1479 | |
if (plain == NULL)
|
1480 | |
return NULL;
|
1481 | |
|
1482 | |
msg = wpabuf_alloc(1000);
|
1483 | |
if (msg == NULL) {
|
1484 | |
wpabuf_free(plain);
|
1485 | |
return NULL;
|
1486 | |
}
|
1487 | |
|
1488 | |
wpa_printf(MSG_DEBUG, "Allocs OK, building M4 packet");
|
1489 | |
|
1490 | |
if (wps_build_version(msg) ||
|
1491 | |
wps_build_msg_type(msg, WPS_M4) ||
|
1492 | |
wps_build_enrollee_nonce(wps, msg) ||
|
1493 | |
wps_build_r_hash(wps, msg) ||
|
1494 | |
wps_build_r_snonce1(wps, plain) ||
|
1495 | |
wps_build_key_wrap_auth(wps, plain) ||
|
1496 | |
wps_build_encr_settings(wps, msg, plain) ||
|
1497 | |
wps_build_authenticator(wps, msg)) {
|
1498 | |
wpabuf_free(plain);
|
1499 | |
wpabuf_free(msg);
|
1500 | |
return NULL;
|
1501 | |
}
|
1502 | |
wpabuf_free(plain);
|
1503 | |
|
1504 | |
wps->state = RECV_M5;
|
1505 | |
return msg;
|
1506 | |
}
|
1507 | |
|
1508 | |
|
1509 | |
static struct wpabuf * wps_build_m6(struct wps_data *wps)
|
1510 | |
{
|
1511 | |
struct wpabuf *msg, *plain;
|
1512 | |
|
1513 | |
wpa_printf(MSG_DEBUG, "WPS: Building Message M6");
|
1514 | |
|
1515 | |
plain = wpabuf_alloc(200);
|
1516 | |
if (plain == NULL)
|
1517 | |
return NULL;
|
1518 | |
|
1519 | |
msg = wpabuf_alloc(1000);
|
1520 | |
if (msg == NULL) {
|
1521 | |
wpabuf_free(plain);
|
1522 | |
return NULL;
|
1523 | |
}
|
1524 | |
|
1525 | |
if (wps_build_version(msg) ||
|
1526 | |
wps_build_msg_type(msg, WPS_M6) ||
|
1527 | |
wps_build_enrollee_nonce(wps, msg) ||
|
1528 | |
wps_build_r_snonce2(wps, plain) ||
|
1529 | |
wps_build_key_wrap_auth(wps, plain) ||
|
1530 | |
wps_build_encr_settings(wps, msg, plain) ||
|
1531 | |
wps_build_authenticator(wps, msg)) {
|
1532 | |
wpabuf_free(plain);
|
1533 | |
wpabuf_free(msg);
|
1534 | |
return NULL;
|
1535 | |
}
|
1536 | |
wpabuf_free(plain);
|
1537 | |
|
1538 | |
wps->wps_pin_revealed = 1;
|
1539 | |
wps->state = RECV_M7;
|
1540 | |
return msg;
|
1541 | |
}
|
1542 | |
|
1543 | |
|
1544 | |
static struct wpabuf * wps_build_m8(struct wps_data *wps)
|
1545 | |
{
|
1546 | |
struct wpabuf *msg, *plain;
|
1547 | |
|
1548 | |
wpa_printf(MSG_DEBUG, "WPS: Building Message M8");
|
1549 | |
|
1550 | |
plain = wpabuf_alloc(500);
|
1551 | |
if (plain == NULL)
|
1552 | |
return NULL;
|
1553 | |
|
1554 | |
msg = wpabuf_alloc(1000);
|
1555 | |
if (msg == NULL) {
|
1556 | |
wpabuf_free(plain);
|
1557 | |
return NULL;
|
1558 | |
}
|
1559 | |
|
1560 | |
if (wps_build_version(msg) ||
|
1561 | |
wps_build_msg_type(msg, WPS_M8) ||
|
1562 | |
wps_build_enrollee_nonce(wps, msg) ||
|
1563 | |
((wps->wps->ap || wps->er) && wps_build_cred(wps, plain)) ||
|
1564 | |
(!wps->wps->ap && !wps->er && wps_build_ap_settings(wps, plain)) ||
|
1565 | |
wps_build_key_wrap_auth(wps, plain) ||
|
1566 | |
wps_build_encr_settings(wps, msg, plain) ||
|
1567 | |
wps_build_authenticator(wps, msg)) {
|
1568 | |
wpabuf_free(plain);
|
1569 | |
wpabuf_free(msg);
|
1570 | |
return NULL;
|
1571 | |
}
|
1572 | |
wpabuf_free(plain);
|
1573 | |
|
1574 | |
wps->state = RECV_DONE;
|
1575 | |
return msg;
|
1576 | |
}
|
1577 | |
|
1578 | |
|
1579 | |
static struct wpabuf * wps_build_wsc_ack(struct wps_data *wps)
|
1580 | |
{
|
1581 | |
struct wpabuf *msg;
|
1582 | |
|
1583 | |
wpa_printf(MSG_DEBUG, "WPS: Building Message WSC_ACK");
|
1584 | |
|
1585 | |
msg = wpabuf_alloc(1000);
|
1586 | |
if (msg == NULL)
|
1587 | |
return NULL;
|
1588 | |
|
1589 | |
if (wps_build_version(msg) ||
|
1590 | |
wps_build_msg_type(msg, WPS_WSC_ACK) ||
|
1591 | |
wps_build_enrollee_nonce(wps, msg) ||
|
1592 | |
wps_build_registrar_nonce(wps, msg)) {
|
1593 | |
wpabuf_free(msg);
|
1594 | |
return NULL;
|
1595 | |
}
|
1596 | |
|
1597 | |
return msg;
|
1598 | |
}
|
1599 | |
|
1600 | |
|
1601 | |
static struct wpabuf * wps_build_wsc_nack(struct wps_data *wps)
|
1602 | |
{
|
1603 | |
struct wpabuf *msg;
|
1604 | |
|
1605 | |
wpa_printf(MSG_DEBUG, "WPS: Building Message WSC_NACK");
|
1606 | |
|
1607 | |
msg = wpabuf_alloc(1000);
|
1608 | |
if (msg == NULL)
|
1609 | |
return NULL;
|
1610 | |
|
1611 | |
if (wps_build_version(msg) ||
|
1612 | |
wps_build_msg_type(msg, WPS_WSC_NACK) ||
|
1613 | |
wps_build_enrollee_nonce(wps, msg) ||
|
1614 | |
wps_build_registrar_nonce(wps, msg) ||
|
1615 | |
wps_build_config_error(msg, wps->config_error)) {
|
1616 | |
wpabuf_free(msg);
|
1617 | |
return NULL;
|
1618 | |
}
|
1619 | |
|
1620 | |
return msg;
|
1621 | |
}
|
1622 | |
|
1623 | |
|
1624 | |
struct wpabuf * wps_registrar_get_msg(struct wps_data *wps,
|
1625 | |
enum wsc_op_code *op_code,
|
1626 | |
int type)
|
1627 | |
{
|
1628 | |
struct wpabuf *msg = NULL;
|
1629 | |
|
1630 | |
if(wps->wps->registrar != NULL)
|
1631 | |
{
|
1632 | |
switch (type)
|
1633 | |
{
|
1634 | |
case SEND_M2:
|
1635 | |
if(wps_get_dev_password(wps) >= 0)
|
1636 | |
{
|
1637 | |
msg = wps_build_m2(wps);
|
1638 | |
cprintf(VERBOSE, "[+] Sending M2 message\n");
|
1639 | |
*op_code = WSC_MSG;
|
1640 | |
break;
|
1641 | |
}
|
1642 | |
/* Fall through */
|
1643 | |
case SEND_WSC_NACK:
|
1644 | |
msg = wps_build_wsc_nack(wps);
|
1645 | |
cprintf(VERBOSE, "[+] Sending WSC NACK\n");
|
1646 | |
*op_code = WSC_NACK;
|
1647 | |
break;
|
1648 | |
case SEND_M4:
|
1649 | |
msg = wps_build_m4(wps);
|
1650 | |
cprintf(VERBOSE, "[+] Sending M4 message\n");
|
1651 | |
*op_code = WSC_MSG;
|
1652 | |
break;
|
1653 | |
case SEND_M6:
|
1654 | |
msg = wps_build_m6(wps);
|
1655 | |
cprintf(VERBOSE, "[+] Sending M6 message\n");
|
1656 | |
*op_code = WSC_MSG;
|
1657 | |
break;
|
1658 | |
case SEND_M8:
|
1659 | |
msg = wps_build_m8(wps);
|
1660 | |
cprintf(VERBOSE, "[+] Sending M8 message\n");
|
1661 | |
*op_code = WSC_MSG;
|
1662 | |
break;
|
1663 | |
case RECV_DONE:
|
1664 | |
msg = wps_build_wsc_ack(wps);
|
1665 | |
cprintf(VERBOSE, "[+] Sending WSC ACK\n");
|
1666 | |
*op_code = WSC_ACK;
|
1667 | |
break;
|
1668 | |
default:
|
1669 | |
wpa_printf(MSG_DEBUG, "WPS: Unsupported state %d for building "
|
1670 | |
"a message", wps->state);
|
1671 | |
msg = NULL;
|
1672 | |
break;
|
1673 | |
}
|
1674 | |
}
|
1675 | |
|
1676 | |
if (*op_code == WSC_MSG && msg)
|
1677 | |
{
|
1678 | |
/* Save a copy of the last message for Authenticator derivation
|
1679 | |
*/
|
1680 | |
wpabuf_free(wps->last_msg);
|
1681 | |
wps->last_msg = wpabuf_dup(msg);
|
1682 | |
}
|
1683 | |
|
1684 | |
return msg;
|
1685 | |
}
|
1686 | |
|
1687 | |
|
1688 | |
static int wps_process_enrollee_nonce(struct wps_data *wps, const u8 *e_nonce)
|
1689 | |
{
|
1690 | |
if (e_nonce == NULL) {
|
1691 | |
wpa_printf(MSG_DEBUG, "WPS: No Enrollee Nonce received");
|
1692 | |
return -1;
|
1693 | |
}
|
1694 | |
|
1695 | |
os_memcpy(wps->nonce_e, e_nonce, WPS_NONCE_LEN);
|
1696 | |
wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce",
|
1697 | |
wps->nonce_e, WPS_NONCE_LEN);
|
1698 | |
|
1699 | |
/****** ADD THIS PART ******/
|
1700 | |
memset(cmd_pixie,0,sizeof(cmd_pixie));
|
1701 | |
memset(cmd_pixie_aux,0,sizeof(cmd_pixie_aux));
|
1702 | |
strcat(cmd_pixie,"pixiewps ");
|
1703 | |
|
1704 | |
if(globule->op_pixie==2)
|
1705 | |
{
|
1706 | |
strcat(cmd_pixie," -n ");
|
1707 | |
}
|
1708 | |
printf("[P] E-Nonce: ");
|
1709 | |
int pixiecnt = 0;
|
1710 | |
for (; pixiecnt < WPS_NONCE_LEN; pixiecnt++) {
|
1711 | |
printf("%02x", wps->nonce_e[pixiecnt]);
|
1712 | |
if(globule->op_pixie==2)
|
1713 | |
{
|
1714 | |
sprintf(cmd_pixie_aux, "%02x", wps->nonce_e[pixiecnt]);
|
1715 | |
strcat(cmd_pixie,cmd_pixie_aux);
|
1716 | |
}
|
1717 | |
if (pixiecnt != WPS_NONCE_LEN - 1) {
|
1718 | |
printf(":");
|
1719 | |
if(globule->op_pixie==2)
|
1720 | |
{
|
1721 | |
strcat(cmd_pixie,":");
|
1722 | |
}
|
1723 | |
}
|
1724 | |
}
|
1725 | |
printf("\n");
|
1726 | |
/******/
|
1727 | |
|
1728 | |
|
1729 | |
return 0;
|
1730 | |
}
|
1731 | |
|
1732 | |
|
1733 | |
static int wps_process_registrar_nonce(struct wps_data *wps, const u8 *r_nonce)
|
1734 | |
{
|
1735 | |
if (r_nonce == NULL) {
|
1736 | |
wpa_printf(MSG_DEBUG, "WPS: No Registrar Nonce received");
|
1737 | |
return -1;
|
1738 | |
}
|
1739 | |
|
1740 | |
if (os_memcmp(wps->nonce_r, r_nonce, WPS_NONCE_LEN) != 0) {
|
1741 | |
wpa_printf(MSG_DEBUG, "WPS: Invalid Registrar Nonce received");
|
1742 | |
return -1;
|
1743 | |
}
|
1744 | |
|
1745 | |
return 0;
|
1746 | |
}
|
1747 | |
|
1748 | |
|
1749 | |
static int wps_process_uuid_e(struct wps_data *wps, const u8 *uuid_e)
|
1750 | |
{
|
1751 | |
if (uuid_e == NULL) {
|
1752 | |
wpa_printf(MSG_DEBUG, "WPS: No UUID-E received");
|
1753 | |
return -1;
|
1754 | |
}
|
1755 | |
|
1756 | |
os_memcpy(wps->uuid_e, uuid_e, WPS_UUID_LEN);
|
1757 | |
wpa_hexdump(MSG_DEBUG, "WPS: UUID-E", wps->uuid_e, WPS_UUID_LEN);
|
1758 | |
|
1759 | |
return 0;
|
1760 | |
}
|
1761 | |
|
1762 | |
|
1763 | |
static int wps_process_dev_password_id(struct wps_data *wps, const u8 *pw_id)
|
1764 | |
{
|
1765 | |
if (pw_id == NULL) {
|
1766 | |
wpa_printf(MSG_DEBUG, "WPS: No Device Password ID received");
|
1767 | |
return -1;
|
1768 | |
}
|
1769 | |
|
1770 | |
wps->dev_pw_id = WPA_GET_BE16(pw_id);
|
1771 | |
wpa_printf(MSG_DEBUG, "WPS: Device Password ID %d", wps->dev_pw_id);
|
1772 | |
|
1773 | |
return 0;
|
1774 | |
}
|
1775 | |
|
1776 | |
|
1777 | |
static int wps_process_e_hash1(struct wps_data *wps, const u8 *e_hash1)
|
1778 | |
{
|
1779 | |
if (e_hash1 == NULL) {
|
1780 | |
wpa_printf(MSG_DEBUG, "WPS: No E-Hash1 received");
|
1781 | |
return -1;
|
1782 | |
}
|
1783 | |
|
1784 | |
os_memcpy(wps->peer_hash1, e_hash1, WPS_HASH_LEN);
|
1785 | |
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", wps->peer_hash1, WPS_HASH_LEN);
|
1786 | |
|
1787 | |
/****** ADD THIS PART ******/
|
1788 | |
strcat(cmd_pixie," -s ");
|
1789 | |
printf("[P] E-Hash1: ");
|
1790 | |
int pixiecnt = 0;
|
1791 | |
for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) {
|
1792 | |
printf("%02x", wps->peer_hash1[pixiecnt]);
|
1793 | |
sprintf(cmd_pixie_aux, "%02x", wps->peer_hash1[pixiecnt]);
|
1794 | |
strcat(cmd_pixie,cmd_pixie_aux);
|
1795 | |
if (pixiecnt != WPS_HASH_LEN - 1) {
|
1796 | |
printf(":");
|
1797 | |
strcat(cmd_pixie,":");
|
1798 | |
}
|
1799 | |
}
|
1800 | |
printf("\n");
|
1801 | |
/******/
|
1802 | |
|
1803 | |
|
1804 | |
return 0;
|
1805 | |
}
|
1806 | |
|
1807 | |
|
1808 | |
static int wps_process_e_hash2(struct wps_data *wps, const u8 *e_hash2)
|
1809 | |
{
|
1810 | |
if (e_hash2 == NULL) {
|
1811 | |
wpa_printf(MSG_DEBUG, "WPS: No E-Hash2 received");
|
1812 | |
return -1;
|
1813 | |
}
|
1814 | |
|
1815 | |
os_memcpy(wps->peer_hash2, e_hash2, WPS_HASH_LEN);
|
1816 | |
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", wps->peer_hash2, WPS_HASH_LEN);
|
1817 | |
|
1818 | |
/****** ADD THIS PART ******/
|
1819 | |
strcat(cmd_pixie," -z ");
|
1820 | |
printf("[P] E-Hash2: ");
|
1821 | |
int pixiecnt = 0;
|
1822 | |
for (; pixiecnt < WPS_HASH_LEN; pixiecnt++) {
|
1823 | |
printf("%02x", wps->peer_hash2[pixiecnt]);
|
1824 | |
sprintf(cmd_pixie_aux, "%02x", wps->peer_hash2[pixiecnt]);
|
1825 | |
strcat(cmd_pixie,cmd_pixie_aux);
|
1826 | |
if (pixiecnt != WPS_HASH_LEN - 1) {
|
1827 | |
printf(":");
|
1828 | |
strcat(cmd_pixie,":");
|
1829 | |
}
|
1830 | |
}
|
1831 | |
printf("\n");
|
1832 | |
/******/
|
1833 | |
|
1834 | |
if(globule->op_pixie==1 || globule->op_pixie==2){
|
1835 | |
strcat(cmd_pixie," -S ");
|
1836 | |
}
|
1837 | |
//sprintf(cmd_pixie,"%s -S",cmd_pixie);
|
1838 | |
|
1839 | |
|
1840 | |
if(globule->op_pixie==1 || globule->op_pixie==2 || globule->op_pixie==3)
|
1841 | |
{
|
1842 | |
|
1843 | |
FILE *fpixe;
|
1844 | |
|
1845 | |
if ((fpixe = popen(cmd_pixie, "r")) == NULL) {
|
1846 | |
printf("Error opening pipe!\n");
|
1847 | |
//return -1;
|
1848 | |
}
|
1849 | |
|
1850 | |
int pixie_test=0;
|
1851 | |
char pixie_pin[16];
|
1852 | |
char *aux_pixie_pin;
|
1853 | |
|
1854 | |
memset(pixie_pin, 0, sizeof(pixie_pin));
|
1855 | |
|
1856 | |
while (fgets(pixie_buf_aux, 4000, fpixe) != NULL) {
|
1857 | |
|
1858 | |
printf("[Pixie-Dust] %s", pixie_buf_aux);
|
1859 | |
|
1860 | |
aux_pixie_pin = strstr(pixie_buf_aux,"WPS pin not found");
|
1861 | |
if( aux_pixie_pin != NULL)
|
1862 | |
{
|
1863 | |
pixie_test = 0;
|
1864 | |
//exit(0);
|
1865 | |
}
|
1866 | |
else
|
1867 | |
{
|
1868 | |
//output pixiewps change?
|
1869 | |
exit(0);
|
1870 | |
}
|
1871 | |
|
1872 | |
aux_pixie_pin = strstr(pixie_buf_aux,,"WPS pin:");
|
1873 | |
if(aux_pixie_pin)!= NULL)
|
1874 | |
{
|
1875 | |
pixie_test = 1;
|
1876 | |
//exit(0);
|
1877 | |
//here will get the pin
|
1878 | |
strncpy(pixie_pin, aux_pixie_pin+9, 8);
|
1879 | |
}
|
1880 | |
else
|
1881 | |
{
|
1882 | |
//output pixiewps is change?
|
1883 | |
exit(0);
|
1884 | |
}
|
1885 | |
|
1886 | |
|
1887 | |
|
1888 | |
}
|
1889 | |
|
1890 | |
if(pixie_test == 1)
|
1891 | |
{
|
1892 | |
//here will make the test to get pass
|
1893 | |
|
1894 | |
FILE *fpixe_test;
|
1895 | |
|
1896 | |
|
1897 | |
|
1898 | |
if ((fpixe_test = popen(cmd_pixie, "r")) == NULL) {
|
1899 | |
printf("Error opening pipe!\n");
|
1900 | |
//return -1;
|
1901 | |
}
|
1902 | |
|
1903 | |
|
1904 | |
|
1905 | |
|
1906 | |
exit(0);
|
1907 | |
}
|
1908 | |
else
|
1909 | |
{
|
1910 | |
exit(0);
|
1911 | |
}
|
1912 | |
|
1913 | |
|
1914 | |
if(pclose(fpixe)) {
|
1915 | |
//printf("Command not found or exited with error status\n");
|
1916 | |
//return -1;
|
1917 | |
}
|
1918 | |
|
1919 | |
}
|
1920 | |
|
1921 | |
//printf(" %s ",cmd_pixie);
|
1922 | |
|
1923 | |
|
1924 | |
return 0;
|
1925 | |
}
|
1926 | |
|
1927 | |
|
1928 | |
static int wps_process_e_snonce1(struct wps_data *wps, const u8 *e_snonce1)
|
1929 | |
{
|
1930 | |
u8 hash[SHA256_MAC_LEN];
|
1931 | |
const u8 *addr[4];
|
1932 | |
size_t len[4];
|
1933 | |
|
1934 | |
if (e_snonce1 == NULL) {
|
1935 | |
wpa_printf(MSG_DEBUG, "WPS: No E-SNonce1 received");
|
1936 | |
return -1;
|
1937 | |
}
|
1938 | |
|
1939 | |
wpa_hexdump_key(MSG_DEBUG, "WPS: E-SNonce1", e_snonce1,
|
1940 | |
WPS_SECRET_NONCE_LEN);
|
1941 | |
|
1942 | |
/* E-Hash1 = HMAC_AuthKey(E-S1 || PSK1 || PK_E || PK_R) */
|
1943 | |
addr[0] = e_snonce1;
|
1944 | |
len[0] = WPS_SECRET_NONCE_LEN;
|
1945 | |
addr[1] = wps->psk1;
|
1946 | |
len[1] = WPS_PSK_LEN;
|
1947 | |
addr[2] = wpabuf_head(wps->dh_pubkey_e);
|
1948 | |
len[2] = wpabuf_len(wps->dh_pubkey_e);
|
1949 | |
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
1950 | |
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
1951 | |
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
1952 | |
|
1953 | |
if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
|
1954 | |
wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does "
|
1955 | |
"not match with the pre-committed value");
|
1956 | |
wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
|
1957 | |
wps_pwd_auth_fail_event(wps->wps, 0, 1);
|
1958 | |
return -1;
|
1959 | |
}
|
1960 | |
|
1961 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee proved knowledge of the first "
|
1962 | |
"half of the device password");
|
1963 | |
|
1964 | |
return 0;
|
1965 | |
}
|
1966 | |
|
1967 | |
|
1968 | |
static int wps_process_e_snonce2(struct wps_data *wps, const u8 *e_snonce2)
|
1969 | |
{
|
1970 | |
u8 hash[SHA256_MAC_LEN];
|
1971 | |
const u8 *addr[4];
|
1972 | |
size_t len[4];
|
1973 | |
|
1974 | |
if (e_snonce2 == NULL) {
|
1975 | |
wpa_printf(MSG_DEBUG, "WPS: No E-SNonce2 received");
|
1976 | |
return -1;
|
1977 | |
}
|
1978 | |
|
1979 | |
wpa_hexdump_key(MSG_DEBUG, "WPS: E-SNonce2", e_snonce2,
|
1980 | |
WPS_SECRET_NONCE_LEN);
|
1981 | |
|
1982 | |
/* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
|
1983 | |
addr[0] = e_snonce2;
|
1984 | |
len[0] = WPS_SECRET_NONCE_LEN;
|
1985 | |
addr[1] = wps->psk2;
|
1986 | |
len[1] = WPS_PSK_LEN;
|
1987 | |
addr[2] = wpabuf_head(wps->dh_pubkey_e);
|
1988 | |
len[2] = wpabuf_len(wps->dh_pubkey_e);
|
1989 | |
addr[3] = wpabuf_head(wps->dh_pubkey_r);
|
1990 | |
len[3] = wpabuf_len(wps->dh_pubkey_r);
|
1991 | |
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
|
1992 | |
|
1993 | |
if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
|
1994 | |
wpa_printf(MSG_DEBUG, "WPS: E-Hash2 derived from E-S2 does "
|
1995 | |
"not match with the pre-committed value");
|
1996 | |
wps_registrar_invalidate_pin(wps->wps->registrar, wps->uuid_e);
|
1997 | |
wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
|
1998 | |
wps_pwd_auth_fail_event(wps->wps, 0, 2);
|
1999 | |
return -1;
|
2000 | |
}
|
2001 | |
|
2002 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee proved knowledge of the second "
|
2003 | |
"half of the device password");
|
2004 | |
wps->wps_pin_revealed = 0;
|
2005 | |
wps_registrar_unlock_pin(wps->wps->registrar, wps->uuid_e);
|
2006 | |
|
2007 | |
return 0;
|
2008 | |
}
|
2009 | |
|
2010 | |
|
2011 | |
static int wps_process_mac_addr(struct wps_data *wps, const u8 *mac_addr)
|
2012 | |
{
|
2013 | |
if (mac_addr == NULL) {
|
2014 | |
wpa_printf(MSG_DEBUG, "WPS: No MAC Address received");
|
2015 | |
return -1;
|
2016 | |
}
|
2017 | |
|
2018 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee MAC Address " MACSTR,
|
2019 | |
MAC2STR(mac_addr));
|
2020 | |
os_memcpy(wps->mac_addr_e, mac_addr, ETH_ALEN);
|
2021 | |
os_memcpy(wps->peer_dev.mac_addr, mac_addr, ETH_ALEN);
|
2022 | |
|
2023 | |
return 0;
|
2024 | |
}
|
2025 | |
|
2026 | |
|
2027 | |
static int wps_process_pubkey(struct wps_data *wps, const u8 *pk,
|
2028 | |
size_t pk_len)
|
2029 | |
{
|
2030 | |
if (pk == NULL || pk_len == 0) {
|
2031 | |
wpa_printf(MSG_DEBUG, "WPS: No Public Key received");
|
2032 | |
return -1;
|
2033 | |
}
|
2034 | |
|
2035 | |
#ifdef CONFIG_WPS_OOB
|
2036 | |
if (wps->wps->oob_conf.pubkey_hash != NULL) {
|
2037 | |
const u8 *addr[1];
|
2038 | |
u8 hash[WPS_HASH_LEN];
|
2039 | |
|
2040 | |
addr[0] = pk;
|
2041 | |
sha256_vector(1, addr, &pk_len, hash);
|
2042 | |
if (os_memcmp(hash,
|
2043 | |
wpabuf_head(wps->wps->oob_conf.pubkey_hash),
|
2044 | |
WPS_OOB_PUBKEY_HASH_LEN) != 0) {
|
2045 | |
wpa_printf(MSG_ERROR, "WPS: Public Key hash error");
|
2046 | |
return -1;
|
2047 | |
}
|
2048 | |
}
|
2049 | |
#endif /* CONFIG_WPS_OOB */
|
2050 | |
|
2051 | |
wpabuf_free(wps->dh_pubkey_e);
|
2052 | |
wps->dh_pubkey_e = wpabuf_alloc_copy(pk, pk_len);
|
2053 | |
if (wps->dh_pubkey_e == NULL)
|
2054 | |
return -1;
|
2055 | |
|
2056 | |
/****** ADD THIS PART ******/
|
2057 | |
// memset (cmd_pixie,0,sizeof(cmd_pixie));
|
2058 | |
strcat(cmd_pixie," -e ");
|
2059 | |
//sprintf( cmd_pixie, "", cmd_pixie, str2);
|
2060 | |
|
2061 | |
printf("[P] PKE: ");
|
2062 | |
int pixiecnt = 0;
|
2063 | |
for (; pixiecnt < 192; pixiecnt++) {
|
2064 | |
printf("%02x", pk[pixiecnt]);
|
2065 | |
sprintf(cmd_pixie_aux, "%02x", pk[pixiecnt]);
|
2066 | |
strcat(cmd_pixie,cmd_pixie_aux);
|
2067 | |
if (pixiecnt != 191) {
|
2068 | |
printf(":");
|
2069 | |
strcat(cmd_pixie,":");
|
2070 | |
}
|
2071 | |
}
|
2072 | |
printf("\n");
|
2073 | |
/******/
|
2074 | |
|
2075 | |
return 0;
|
2076 | |
}
|
2077 | |
|
2078 | |
|
2079 | |
static int wps_process_auth_type_flags(struct wps_data *wps, const u8 *auth)
|
2080 | |
{
|
2081 | |
u16 auth_types;
|
2082 | |
|
2083 | |
if (auth == NULL) {
|
2084 | |
wpa_printf(MSG_DEBUG, "WPS: No Authentication Type flags "
|
2085 | |
"received");
|
2086 | |
return -1;
|
2087 | |
}
|
2088 | |
|
2089 | |
auth_types = WPA_GET_BE16(auth);
|
2090 | |
|
2091 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee Authentication Type flags 0x%x",
|
2092 | |
auth_types);
|
2093 | |
wps->auth_type = wps->wps->auth_types & auth_types;
|
2094 | |
if (wps->auth_type == 0) {
|
2095 | |
wpa_printf(MSG_DEBUG, "WPS: No match in supported "
|
2096 | |
"authentication types (own 0x%x Enrollee 0x%x)",
|
2097 | |
wps->wps->auth_types, auth_types);
|
2098 | |
#ifdef WPS_WORKAROUNDS
|
2099 | |
/*
|
2100 | |
* Some deployed implementations seem to advertise incorrect
|
2101 | |
* information in this attribute. For example, Linksys WRT350N
|
2102 | |
* seems to have a byteorder bug that breaks this negotiation.
|
2103 | |
* In order to interoperate with existing implementations,
|
2104 | |
* assume that the Enrollee supports everything we do.
|
2105 | |
*/
|
2106 | |
wpa_printf(MSG_DEBUG, "WPS: Workaround - assume Enrollee "
|
2107 | |
"does not advertise supported authentication types "
|
2108 | |
"correctly");
|
2109 | |
wps->auth_type = wps->wps->auth_types;
|
2110 | |
#else /* WPS_WORKAROUNDS */
|
2111 | |
return -1;
|
2112 | |
#endif /* WPS_WORKAROUNDS */
|
2113 | |
}
|
2114 | |
|
2115 | |
return 0;
|
2116 | |
}
|
2117 | |
|
2118 | |
|
2119 | |
static int wps_process_encr_type_flags(struct wps_data *wps, const u8 *encr)
|
2120 | |
{
|
2121 | |
u16 encr_types;
|
2122 | |
|
2123 | |
if (encr == NULL) {
|
2124 | |
wpa_printf(MSG_DEBUG, "WPS: No Encryption Type flags "
|
2125 | |
"received");
|
2126 | |
return -1;
|
2127 | |
}
|
2128 | |
|
2129 | |
encr_types = WPA_GET_BE16(encr);
|
2130 | |
|
2131 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee Encryption Type flags 0x%x",
|
2132 | |
encr_types);
|
2133 | |
wps->encr_type = wps->wps->encr_types & encr_types;
|
2134 | |
if (wps->encr_type == 0) {
|
2135 | |
wpa_printf(MSG_DEBUG, "WPS: No match in supported "
|
2136 | |
"encryption types (own 0x%x Enrollee 0x%x)",
|
2137 | |
wps->wps->encr_types, encr_types);
|
2138 | |
#ifdef WPS_WORKAROUNDS
|
2139 | |
/*
|
2140 | |
* Some deployed implementations seem to advertise incorrect
|
2141 | |
* information in this attribute. For example, Linksys WRT350N
|
2142 | |
* seems to have a byteorder bug that breaks this negotiation.
|
2143 | |
* In order to interoperate with existing implementations,
|
2144 | |
* assume that the Enrollee supports everything we do.
|
2145 | |
*/
|
2146 | |
wpa_printf(MSG_DEBUG, "WPS: Workaround - assume Enrollee "
|
2147 | |
"does not advertise supported encryption types "
|
2148 | |
"correctly");
|
2149 | |
wps->encr_type = wps->wps->encr_types;
|
2150 | |
#else /* WPS_WORKAROUNDS */
|
2151 | |
return -1;
|
2152 | |
#endif /* WPS_WORKAROUNDS */
|
2153 | |
}
|
2154 | |
|
2155 | |
return 0;
|
2156 | |
}
|
2157 | |
|
2158 | |
|
2159 | |
static int wps_process_conn_type_flags(struct wps_data *wps, const u8 *conn)
|
2160 | |
{
|
2161 | |
if (conn == NULL) {
|
2162 | |
wpa_printf(MSG_DEBUG, "WPS: No Connection Type flags "
|
2163 | |
"received");
|
2164 | |
return -1;
|
2165 | |
}
|
2166 | |
|
2167 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee Connection Type flags 0x%x",
|
2168 | |
*conn);
|
2169 | |
|
2170 | |
return 0;
|
2171 | |
}
|
2172 | |
|
2173 | |
|
2174 | |
static int wps_process_config_methods(struct wps_data *wps, const u8 *methods)
|
2175 | |
{
|
2176 | |
u16 m;
|
2177 | |
|
2178 | |
if (methods == NULL) {
|
2179 | |
wpa_printf(MSG_DEBUG, "WPS: No Config Methods received");
|
2180 | |
return -1;
|
2181 | |
}
|
2182 | |
|
2183 | |
m = WPA_GET_BE16(methods);
|
2184 | |
|
2185 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee Config Methods 0x%x"
|
2186 | |
"%s%s%s%s%s%s%s%s%s", m,
|
2187 | |
m & WPS_CONFIG_USBA ? " [USBA]" : "",
|
2188 | |
m & WPS_CONFIG_ETHERNET ? " [Ethernet]" : "",
|
2189 | |
m & WPS_CONFIG_LABEL ? " [Label]" : "",
|
2190 | |
m & WPS_CONFIG_DISPLAY ? " [Display]" : "",
|
2191 | |
m & WPS_CONFIG_EXT_NFC_TOKEN ? " [Ext NFC Token]" : "",
|
2192 | |
m & WPS_CONFIG_INT_NFC_TOKEN ? " [Int NFC Token]" : "",
|
2193 | |
m & WPS_CONFIG_NFC_INTERFACE ? " [NFC]" : "",
|
2194 | |
m & WPS_CONFIG_PUSHBUTTON ? " [PBC]" : "",
|
2195 | |
m & WPS_CONFIG_KEYPAD ? " [Keypad]" : "");
|
2196 | |
|
2197 | |
if (!(m & WPS_CONFIG_DISPLAY) && !wps->use_psk_key) {
|
2198 | |
/*
|
2199 | |
* The Enrollee does not have a display so it is unlikely to be
|
2200 | |
* able to show the passphrase to a user and as such, could
|
2201 | |
* benefit from receiving PSK to reduce key derivation time.
|
2202 | |
*/
|
2203 | |
wpa_printf(MSG_DEBUG, "WPS: Prefer PSK format key due to "
|
2204 | |
"Enrollee not supporting display");
|
2205 | |
wps->use_psk_key = 1;
|
2206 | |
}
|
2207 | |
|
2208 | |
return 0;
|
2209 | |
}
|
2210 | |
|
2211 | |
|
2212 | |
static int wps_process_wps_state(struct wps_data *wps, const u8 *state)
|
2213 | |
{
|
2214 | |
if (state == NULL) {
|
2215 | |
wpa_printf(MSG_DEBUG, "WPS: No Wi-Fi Protected Setup State "
|
2216 | |
"received");
|
2217 | |
return -1;
|
2218 | |
}
|
2219 | |
|
2220 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee Wi-Fi Protected Setup State %d",
|
2221 | |
*state);
|
2222 | |
|
2223 | |
return 0;
|
2224 | |
}
|
2225 | |
|
2226 | |
|
2227 | |
static int wps_process_assoc_state(struct wps_data *wps, const u8 *assoc)
|
2228 | |
{
|
2229 | |
u16 a;
|
2230 | |
|
2231 | |
if (assoc == NULL) {
|
2232 | |
wpa_printf(MSG_DEBUG, "WPS: No Association State received");
|
2233 | |
return -1;
|
2234 | |
}
|
2235 | |
|
2236 | |
a = WPA_GET_BE16(assoc);
|
2237 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee Association State %d", a);
|
2238 | |
|
2239 | |
return 0;
|
2240 | |
}
|
2241 | |
|
2242 | |
|
2243 | |
static int wps_process_config_error(struct wps_data *wps, const u8 *err)
|
2244 | |
{
|
2245 | |
u16 e;
|
2246 | |
|
2247 | |
if (err == NULL) {
|
2248 | |
wpa_printf(MSG_DEBUG, "WPS: No Configuration Error received");
|
2249 | |
return -1;
|
2250 | |
}
|
2251 | |
|
2252 | |
e = WPA_GET_BE16(err);
|
2253 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee Configuration Error %d", e);
|
2254 | |
|
2255 | |
return 0;
|
2256 | |
}
|
2257 | |
|
2258 | |
|
2259 | |
static enum wps_process_res wps_process_m1(struct wps_data *wps,
|
2260 | |
struct wps_parse_attr *attr)
|
2261 | |
{
|
2262 | |
wpa_printf(MSG_DEBUG, "WPS: Received M1");
|
2263 | |
|
2264 | |
if (wps->state != RECV_M1) {
|
2265 | |
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
|
2266 | |
"receiving M1", wps->state);
|
2267 | |
return WPS_FAILURE;
|
2268 | |
}
|
2269 | |
|
2270 | |
if (wps_process_uuid_e(wps, attr->uuid_e) ||
|
2271 | |
wps_process_mac_addr(wps, attr->mac_addr) ||
|
2272 | |
wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
|
2273 | |
wps_process_pubkey(wps, attr->public_key, attr->public_key_len) ||
|
2274 | |
wps_process_auth_type_flags(wps, attr->auth_type_flags) ||
|
2275 | |
wps_process_encr_type_flags(wps, attr->encr_type_flags) ||
|
2276 | |
wps_process_conn_type_flags(wps, attr->conn_type_flags) ||
|
2277 | |
wps_process_config_methods(wps, attr->config_methods) ||
|
2278 | |
wps_process_wps_state(wps, attr->wps_state) ||
|
2279 | |
wps_process_device_attrs(&wps->peer_dev, attr) ||
|
2280 | |
wps_process_rf_bands(&wps->peer_dev, attr->rf_bands) ||
|
2281 | |
wps_process_assoc_state(wps, attr->assoc_state) ||
|
2282 | |
wps_process_dev_password_id(wps, attr->dev_password_id) ||
|
2283 | |
wps_process_config_error(wps, attr->config_error) ||
|
2284 | |
wps_process_os_version(&wps->peer_dev, attr->os_version))
|
2285 | |
return WPS_FAILURE;
|
2286 | |
|
2287 | |
wpa_printf(MSG_DEBUG, "WPS: M1 Processed");
|
2288 | |
|
2289 | |
if (wps->dev_pw_id < 0x10 &&
|
2290 | |
wps->dev_pw_id != DEV_PW_DEFAULT &&
|
2291 | |
wps->dev_pw_id != DEV_PW_USER_SPECIFIED &&
|
2292 | |
wps->dev_pw_id != DEV_PW_MACHINE_SPECIFIED &&
|
2293 | |
wps->dev_pw_id != DEV_PW_REGISTRAR_SPECIFIED &&
|
2294 | |
(wps->dev_pw_id != DEV_PW_PUSHBUTTON ||
|
2295 | |
!wps->wps->registrar->pbc)) {
|
2296 | |
wpa_printf(MSG_DEBUG, "WPS: Unsupported Device Password ID %d",
|
2297 | |
wps->dev_pw_id);
|
2298 | |
wps->state = SEND_M2D;
|
2299 | |
return WPS_CONTINUE;
|
2300 | |
}
|
2301 | |
|
2302 | |
wpa_printf(MSG_DEBUG, "WPS: dev_pw_id checked");
|
2303 | |
|
2304 | |
#ifdef CONFIG_WPS_OOB
|
2305 | |
if (wps->dev_pw_id >= 0x10 &&
|
2306 | |
wps->dev_pw_id != wps->wps->oob_dev_pw_id) {
|
2307 | |
wpa_printf(MSG_DEBUG, "WPS: OOB Device Password ID "
|
2308 | |
"%d mismatch", wps->dev_pw_id);
|
2309 | |
wps->state = SEND_M2D;
|
2310 | |
return WPS_CONTINUE;
|
2311 | |
}
|
2312 | |
#endif /* CONFIG_WPS_OOB */
|
2313 | |
|
2314 | |
if (wps->dev_pw_id == DEV_PW_PUSHBUTTON) {
|
2315 | |
if (wps->wps->registrar->force_pbc_overlap ||
|
2316 | |
wps_registrar_pbc_overlap(wps->wps->registrar,
|
2317 | |
wps->mac_addr_e, wps->uuid_e)) {
|
2318 | |
wpa_printf(MSG_DEBUG, "WPS: PBC overlap - deny PBC "
|
2319 | |
"negotiation");
|
2320 | |
wps->state = SEND_M2D;
|
2321 | |
wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
|
2322 | |
wps_pbc_overlap_event(wps->wps);
|
2323 | |
wps->wps->registrar->force_pbc_overlap = 1;
|
2324 | |
return WPS_CONTINUE;
|
2325 | |
}
|
2326 | |
wps_registrar_add_pbc_session(wps->wps->registrar,
|
2327 | |
wps->mac_addr_e, wps->uuid_e);
|
2328 | |
wps->pbc = 1;
|
2329 | |
}
|
2330 | |
|
2331 | |
wpa_printf(MSG_DEBUG, "WPS: PBC Checked");
|
2332 | |
|
2333 | |
#ifdef WPS_WORKAROUNDS
|
2334 | |
/*
|
2335 | |
* It looks like Mac OS X 10.6.3 and 10.6.4 do not like Network Key in
|
2336 | |
* passphrase format. To avoid interop issues, force PSK format to be
|
2337 | |
* used.
|
2338 | |
*/
|
2339 | |
if (!wps->use_psk_key &&
|
2340 | |
wps->peer_dev.manufacturer &&
|
2341 | |
os_strncmp(wps->peer_dev.manufacturer, "Apple ", 6) == 0 &&
|
2342 | |
wps->peer_dev.model_name &&
|
2343 | |
os_strcmp(wps->peer_dev.model_name, "AirPort") == 0) {
|
2344 | |
wpa_printf(MSG_DEBUG, "WPS: Workaround - Force Network Key in "
|
2345 | |
"PSK format");
|
2346 | |
wps->use_psk_key = 1;
|
2347 | |
}
|
2348 | |
#endif /* WPS_WORKAROUNDS */
|
2349 | |
wpa_printf(MSG_DEBUG, "WPS: Entering State SEND_M2");
|
2350 | |
|
2351 | |
wps->state = SEND_M2;
|
2352 | |
return WPS_CONTINUE;
|
2353 | |
}
|
2354 | |
|
2355 | |
|
2356 | |
static enum wps_process_res wps_process_m3(struct wps_data *wps,
|
2357 | |
const struct wpabuf *msg,
|
2358 | |
struct wps_parse_attr *attr)
|
2359 | |
{
|
2360 | |
wpa_printf(MSG_DEBUG, "WPS: Received M3");
|
2361 | |
|
2362 | |
if (wps->state != RECV_M3) {
|
2363 | |
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
|
2364 | |
"receiving M3", wps->state);
|
2365 | |
wps->state = SEND_WSC_NACK;
|
2366 | |
return WPS_CONTINUE;
|
2367 | |
}
|
2368 | |
|
2369 | |
if (wps->pbc && wps->wps->registrar->force_pbc_overlap) {
|
2370 | |
wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
|
2371 | |
"session overlap");
|
2372 | |
wps->state = SEND_WSC_NACK;
|
2373 | |
wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
|
2374 | |
return WPS_CONTINUE;
|
2375 | |
}
|
2376 | |
|
2377 | |
if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
|
2378 | |
wps_process_authenticator(wps, attr->authenticator, msg) ||
|
2379 | |
wps_process_e_hash1(wps, attr->e_hash1) ||
|
2380 | |
wps_process_e_hash2(wps, attr->e_hash2)) {
|
2381 | |
wps->state = SEND_WSC_NACK;
|
2382 | |
return WPS_CONTINUE;
|
2383 | |
}
|
2384 | |
|
2385 | |
wps->state = SEND_M4;
|
2386 | |
return WPS_CONTINUE;
|
2387 | |
}
|
2388 | |
|
2389 | |
|
2390 | |
static enum wps_process_res wps_process_m5(struct wps_data *wps,
|
2391 | |
const struct wpabuf *msg,
|
2392 | |
struct wps_parse_attr *attr)
|
2393 | |
{
|
2394 | |
struct wpabuf *decrypted;
|
2395 | |
struct wps_parse_attr eattr;
|
2396 | |
|
2397 | |
wpa_printf(MSG_DEBUG, "WPS: Received M5");
|
2398 | |
|
2399 | |
if (wps->state != RECV_M5) {
|
2400 | |
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
|
2401 | |
"receiving M5", wps->state);
|
2402 | |
wps->state = SEND_WSC_NACK;
|
2403 | |
return WPS_CONTINUE;
|
2404 | |
}
|
2405 | |
|
2406 | |
if (wps->pbc && wps->wps->registrar->force_pbc_overlap) {
|
2407 | |
wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
|
2408 | |
"session overlap");
|
2409 | |
wps->state = SEND_WSC_NACK;
|
2410 | |
wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
|
2411 | |
return WPS_CONTINUE;
|
2412 | |
}
|
2413 | |
|
2414 | |
if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
|
2415 | |
wps_process_authenticator(wps, attr->authenticator, msg)) {
|
2416 | |
wps->state = SEND_WSC_NACK;
|
2417 | |
return WPS_CONTINUE;
|
2418 | |
}
|
2419 | |
|
2420 | |
decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
|
2421 | |
attr->encr_settings_len);
|
2422 | |
if (decrypted == NULL) {
|
2423 | |
wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
|
2424 | |
"Settings attribute");
|
2425 | |
wps->state = SEND_WSC_NACK;
|
2426 | |
return WPS_CONTINUE;
|
2427 | |
}
|
2428 | |
|
2429 | |
wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
|
2430 | |
"attribute");
|
2431 | |
if (wps_parse_msg(decrypted, &eattr) < 0 ||
|
2432 | |
wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
|
2433 | |
wps_process_e_snonce1(wps, eattr.e_snonce1)) {
|
2434 | |
wpabuf_free(decrypted);
|
2435 | |
wps->state = SEND_WSC_NACK;
|
2436 | |
return WPS_CONTINUE;
|
2437 | |
}
|
2438 | |
wpabuf_free(decrypted);
|
2439 | |
|
2440 | |
wps->state = SEND_M6;
|
2441 | |
return WPS_CONTINUE;
|
2442 | |
}
|
2443 | |
|
2444 | |
|
2445 | |
static void wps_sta_cred_cb(struct wps_data *wps)
|
2446 | |
{
|
2447 | |
/*
|
2448 | |
* Update credential to only include a single authentication and
|
2449 | |
* encryption type in case the AP configuration includes more than one
|
2450 | |
* option.
|
2451 | |
*/
|
2452 | |
if (wps->cred.auth_type & WPS_AUTH_WPA2PSK)
|
2453 | |
wps->cred.auth_type = WPS_AUTH_WPA2PSK;
|
2454 | |
else if (wps->cred.auth_type & WPS_AUTH_WPAPSK)
|
2455 | |
wps->cred.auth_type = WPS_AUTH_WPAPSK;
|
2456 | |
if (wps->cred.encr_type & WPS_ENCR_AES)
|
2457 | |
wps->cred.encr_type = WPS_ENCR_AES;
|
2458 | |
else if (wps->cred.encr_type & WPS_ENCR_TKIP)
|
2459 | |
wps->cred.encr_type = WPS_ENCR_TKIP;
|
2460 | |
wpa_printf(MSG_DEBUG, "WPS: Update local configuration based on the "
|
2461 | |
"AP configuration");
|
2462 | |
if (wps->wps->cred_cb)
|
2463 | |
wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
|
2464 | |
}
|
2465 | |
|
2466 | |
|
2467 | |
static void wps_cred_update(struct wps_credential *dst,
|
2468 | |
struct wps_credential *src)
|
2469 | |
{
|
2470 | |
os_memcpy(dst->ssid, src->ssid, sizeof(dst->ssid));
|
2471 | |
dst->ssid_len = src->ssid_len;
|
2472 | |
dst->auth_type = src->auth_type;
|
2473 | |
dst->encr_type = src->encr_type;
|
2474 | |
dst->key_idx = src->key_idx;
|
2475 | |
os_memcpy(dst->key, src->key, sizeof(dst->key));
|
2476 | |
dst->key_len = src->key_len;
|
2477 | |
}
|
2478 | |
|
2479 | |
|
2480 | |
static int wps_process_ap_settings_r(struct wps_data *wps,
|
2481 | |
struct wps_parse_attr *attr)
|
2482 | |
{
|
2483 | |
if (wps->wps->ap || wps->er)
|
2484 | |
return 0;
|
2485 | |
|
2486 | |
/* AP Settings Attributes in M7 when Enrollee is an AP */
|
2487 | |
if (wps_process_ap_settings(attr, &wps->cred) < 0)
|
2488 | |
return -1;
|
2489 | |
|
2490 | |
/* @@@ Save a copy of the network key and ssid directly to the wps_data structure @@@ */
|
2491 | |
if(wps->cred.key_len > 0)
|
2492 | |
{
|
2493 | |
wps->key = strdup(wps->cred.key);
|
2494 | |
}
|
2495 | |
if(wps->cred.ssid_len > 0)
|
2496 | |
{
|
2497 | |
wps->essid = strdup(wps->cred.ssid);
|
2498 | |
}
|
2499 | |
|
2500 | |
if (wps->new_ap_settings) {
|
2501 | |
wpa_printf(MSG_INFO, "WPS: Update AP configuration based on "
|
2502 | |
"new settings");
|
2503 | |
wps_cred_update(&wps->cred, wps->new_ap_settings);
|
2504 | |
return 0;
|
2505 | |
} else {
|
2506 | |
/*
|
2507 | |
* Use the AP PIN only to receive the current AP settings, not
|
2508 | |
* to reconfigure the AP.
|
2509 | |
*/
|
2510 | |
if (wps->ap_settings_cb) {
|
2511 | |
wps->ap_settings_cb(wps->ap_settings_cb_ctx,
|
2512 | |
&wps->cred);
|
2513 | |
return 1;
|
2514 | |
}
|
2515 | |
wps_sta_cred_cb(wps);
|
2516 | |
return 1;
|
2517 | |
}
|
2518 | |
}
|
2519 | |
|
2520 | |
|
2521 | |
static enum wps_process_res wps_process_m7(struct wps_data *wps,
|
2522 | |
const struct wpabuf *msg,
|
2523 | |
struct wps_parse_attr *attr)
|
2524 | |
{
|
2525 | |
struct wpabuf *decrypted;
|
2526 | |
struct wps_parse_attr eattr;
|
2527 | |
|
2528 | |
wpa_printf(MSG_DEBUG, "WPS: Received M7");
|
2529 | |
|
2530 | |
if (wps->state != RECV_M7) {
|
2531 | |
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
|
2532 | |
"receiving M7", wps->state);
|
2533 | |
wps->state = SEND_WSC_NACK;
|
2534 | |
return WPS_CONTINUE;
|
2535 | |
}
|
2536 | |
|
2537 | |
if (wps->pbc && wps->wps->registrar->force_pbc_overlap) {
|
2538 | |
wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
|
2539 | |
"session overlap");
|
2540 | |
wps->state = SEND_WSC_NACK;
|
2541 | |
wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
|
2542 | |
return WPS_CONTINUE;
|
2543 | |
}
|
2544 | |
|
2545 | |
if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
|
2546 | |
wps_process_authenticator(wps, attr->authenticator, msg)) {
|
2547 | |
wps->state = SEND_WSC_NACK;
|
2548 | |
return WPS_CONTINUE;
|
2549 | |
}
|
2550 | |
|
2551 | |
decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
|
2552 | |
attr->encr_settings_len);
|
2553 | |
if (decrypted == NULL) {
|
2554 | |
wpa_printf(MSG_DEBUG, "WPS: Failed to decrypt Encrypted "
|
2555 | |
"Settings attribute");
|
2556 | |
wps->state = SEND_WSC_NACK;
|
2557 | |
return WPS_CONTINUE;
|
2558 | |
}
|
2559 | |
|
2560 | |
wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
|
2561 | |
"attribute");
|
2562 | |
|
2563 | |
/* @@@ One of these fails, but we don't really care. We just want the ap settings */
|
2564 | |
/*
|
2565 | |
if (wps_parse_msg(decrypted, &eattr) < 0 ||
|
2566 | |
wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
|
2567 | |
wps_process_e_snonce2(wps, eattr.e_snonce2) ||
|
2568 | |
wps_process_ap_settings_r(wps, &eattr)) {
|
2569 | |
wpabuf_free(decrypted);
|
2570 | |
wps->state = SEND_WSC_NACK;
|
2571 | |
return WPS_CONTINUE;
|
2572 | |
}
|
2573 | |
*/
|
2574 | |
|
2575 | |
if(wps_parse_msg(decrypted, &eattr) >= 0)
|
2576 | |
{
|
2577 | |
wps_process_ap_settings_r(wps, &eattr);
|
2578 | |
}
|
2579 | |
|
2580 | |
wpabuf_free(decrypted);
|
2581 | |
|
2582 | |
wps->state = SEND_M8;
|
2583 | |
return WPS_CONTINUE;
|
2584 | |
}
|
2585 | |
|
2586 | |
|
2587 | |
static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
|
2588 | |
const struct wpabuf *msg)
|
2589 | |
{
|
2590 | |
struct wps_parse_attr attr;
|
2591 | |
enum wps_process_res ret = WPS_CONTINUE;
|
2592 | |
|
2593 | |
wpa_printf(MSG_DEBUG, "WPS: Received WSC_MSG");
|
2594 | |
|
2595 | |
if (wps_parse_msg(msg, &attr) < 0)
|
2596 | |
return WPS_FAILURE;
|
2597 | |
|
2598 | |
wpa_printf(MSG_DEBUG, "WPS: Parsed WSC_MSG");
|
2599 | |
|
2600 | |
if (!wps_version_supported(attr.version)) {
|
2601 | |
wpa_printf(MSG_DEBUG, "WPS: Unsupported message version 0x%x",
|
2602 | |
attr.version ? *attr.version : 0);
|
2603 | |
return WPS_FAILURE;
|
2604 | |
}
|
2605 | |
|
2606 | |
if (attr.msg_type == NULL) {
|
2607 | |
wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
|
2608 | |
return WPS_FAILURE;
|
2609 | |
}
|
2610 | |
|
2611 | |
if (*attr.msg_type != WPS_M1 &&
|
2612 | |
(attr.registrar_nonce == NULL ||
|
2613 | |
os_memcmp(wps->nonce_r, attr.registrar_nonce,
|
2614 | |
WPS_NONCE_LEN != 0))) {
|
2615 | |
wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
|
2616 | |
return WPS_FAILURE;
|
2617 | |
}
|
2618 | |
|
2619 | |
switch (*attr.msg_type) {
|
2620 | |
case WPS_M1:
|
2621 | |
#ifdef CONFIG_WPS_UPNP
|
2622 | |
if (wps->wps->wps_upnp && attr.mac_addr) {
|
2623 | |
/* Remove old pending messages when starting new run */
|
2624 | |
wps_free_pending_msgs(wps->wps->upnp_msgs);
|
2625 | |
wps->wps->upnp_msgs = NULL;
|
2626 | |
|
2627 | |
upnp_wps_device_send_wlan_event(
|
2628 | |
wps->wps->wps_upnp, attr.mac_addr,
|
2629 | |
UPNP_WPS_WLANEVENT_TYPE_EAP, msg);
|
2630 | |
}
|
2631 | |
#endif /* CONFIG_WPS_UPNP */
|
2632 | |
ret = wps_process_m1(wps, &attr);
|
2633 | |
break;
|
2634 | |
case WPS_M3:
|
2635 | |
ret = wps_process_m3(wps, msg, &attr);
|
2636 | |
if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
|
2637 | |
wps_fail_event(wps->wps, WPS_M3);
|
2638 | |
break;
|
2639 | |
case WPS_M5:
|
2640 | |
ret = wps_process_m5(wps, msg, &attr);
|
2641 | |
if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
|
2642 | |
wps_fail_event(wps->wps, WPS_M5);
|
2643 | |
break;
|
2644 | |
case WPS_M7:
|
2645 | |
ret = wps_process_m7(wps, msg, &attr);
|
2646 | |
if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
|
2647 | |
wps_fail_event(wps->wps, WPS_M7);
|
2648 | |
break;
|
2649 | |
default:
|
2650 | |
wpa_printf(MSG_DEBUG, "WPS: Unsupported Message Type %d",
|
2651 | |
*attr.msg_type);
|
2652 | |
return WPS_FAILURE;
|
2653 | |
}
|
2654 | |
|
2655 | |
if (ret == WPS_CONTINUE) {
|
2656 | |
/* Save a copy of the last message for Authenticator derivation
|
2657 | |
*/
|
2658 | |
|
2659 | |
wpa_printf(MSG_DEBUG, "WPS: WPS_CONTINUE, Freeing Last Message");
|
2660 | |
wpabuf_free(wps->last_msg);
|
2661 | |
wpa_printf(MSG_DEBUG, "WPS: WPS_CONTINUE, Saving Last Message");
|
2662 | |
wps->last_msg = wpabuf_dup(msg);
|
2663 | |
}
|
2664 | |
|
2665 | |
wpa_printf(MSG_DEBUG, "WPS: returning");
|
2666 | |
return ret;
|
2667 | |
}
|
2668 | |
|
2669 | |
|
2670 | |
static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps,
|
2671 | |
const struct wpabuf *msg)
|
2672 | |
{
|
2673 | |
struct wps_parse_attr attr;
|
2674 | |
|
2675 | |
wpa_printf(MSG_DEBUG, "WPS: Received WSC_ACK");
|
2676 | |
|
2677 | |
if (wps_parse_msg(msg, &attr) < 0)
|
2678 | |
return WPS_FAILURE;
|
2679 | |
|
2680 | |
if (!wps_version_supported(attr.version)) {
|
2681 | |
wpa_printf(MSG_DEBUG, "WPS: Unsupported message version 0x%x",
|
2682 | |
attr.version ? *attr.version : 0);
|
2683 | |
return WPS_FAILURE;
|
2684 | |
}
|
2685 | |
|
2686 | |
if (attr.msg_type == NULL) {
|
2687 | |
wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
|
2688 | |
return WPS_FAILURE;
|
2689 | |
}
|
2690 | |
|
2691 | |
if (*attr.msg_type != WPS_WSC_ACK) {
|
2692 | |
wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
|
2693 | |
*attr.msg_type);
|
2694 | |
return WPS_FAILURE;
|
2695 | |
}
|
2696 | |
|
2697 | |
#ifdef CONFIG_WPS_UPNP
|
2698 | |
if (wps->wps->wps_upnp && wps->ext_reg && wps->state == RECV_M2D_ACK &&
|
2699 | |
upnp_wps_subscribers(wps->wps->wps_upnp)) {
|
2700 | |
if (wps->wps->upnp_msgs)
|
2701 | |
return WPS_CONTINUE;
|
2702 | |
wpa_printf(MSG_DEBUG, "WPS: Wait for response from an "
|
2703 | |
"external Registrar");
|
2704 | |
return WPS_PENDING;
|
2705 | |
}
|
2706 | |
#endif /* CONFIG_WPS_UPNP */
|
2707 | |
|
2708 | |
if (attr.registrar_nonce == NULL ||
|
2709 | |
os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
|
2710 | |
{
|
2711 | |
wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
|
2712 | |
return WPS_FAILURE;
|
2713 | |
}
|
2714 | |
|
2715 | |
if (attr.enrollee_nonce == NULL ||
|
2716 | |
os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
|
2717 | |
wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
|
2718 | |
return WPS_FAILURE;
|
2719 | |
}
|
2720 | |
|
2721 | |
if (wps->state == RECV_M2D_ACK) {
|
2722 | |
#ifdef CONFIG_WPS_UPNP
|
2723 | |
if (wps->wps->wps_upnp &&
|
2724 | |
upnp_wps_subscribers(wps->wps->wps_upnp)) {
|
2725 | |
if (wps->wps->upnp_msgs)
|
2726 | |
return WPS_CONTINUE;
|
2727 | |
if (wps->ext_reg == 0)
|
2728 | |
wps->ext_reg = 1;
|
2729 | |
wpa_printf(MSG_DEBUG, "WPS: Wait for response from an "
|
2730 | |
"external Registrar");
|
2731 | |
return WPS_PENDING;
|
2732 | |
}
|
2733 | |
#endif /* CONFIG_WPS_UPNP */
|
2734 | |
|
2735 | |
wpa_printf(MSG_DEBUG, "WPS: No more registrars available - "
|
2736 | |
"terminate negotiation");
|
2737 | |
}
|
2738 | |
|
2739 | |
return WPS_FAILURE;
|
2740 | |
}
|
2741 | |
|
2742 | |
|
2743 | |
static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
|
2744 | |
const struct wpabuf *msg)
|
2745 | |
{
|
2746 | |
struct wps_parse_attr attr;
|
2747 | |
int old_state;
|
2748 | |
|
2749 | |
wpa_printf(MSG_DEBUG, "WPS: Received WSC_NACK");
|
2750 | |
|
2751 | |
old_state = wps->state;
|
2752 | |
wps->state = SEND_WSC_NACK;
|
2753 | |
|
2754 | |
if (wps_parse_msg(msg, &attr) < 0)
|
2755 | |
return WPS_FAILURE;
|
2756 | |
|
2757 | |
if (!wps_version_supported(attr.version)) {
|
2758 | |
wpa_printf(MSG_DEBUG, "WPS: Unsupported message version 0x%x",
|
2759 | |
attr.version ? *attr.version : 0);
|
2760 | |
return WPS_FAILURE;
|
2761 | |
}
|
2762 | |
|
2763 | |
if (attr.msg_type == NULL) {
|
2764 | |
wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
|
2765 | |
return WPS_FAILURE;
|
2766 | |
}
|
2767 | |
|
2768 | |
if (*attr.msg_type != WPS_WSC_NACK) {
|
2769 | |
wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
|
2770 | |
*attr.msg_type);
|
2771 | |
return WPS_FAILURE;
|
2772 | |
}
|
2773 | |
|
2774 | |
#ifdef CONFIG_WPS_UPNP
|
2775 | |
if (wps->wps->wps_upnp && wps->ext_reg) {
|
2776 | |
wpa_printf(MSG_DEBUG, "WPS: Negotiation using external "
|
2777 | |
"Registrar terminated by the Enrollee");
|
2778 | |
return WPS_FAILURE;
|
2779 | |
}
|
2780 | |
#endif /* CONFIG_WPS_UPNP */
|
2781 | |
|
2782 | |
if (attr.registrar_nonce == NULL ||
|
2783 | |
os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
|
2784 | |
{
|
2785 | |
wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
|
2786 | |
return WPS_FAILURE;
|
2787 | |
}
|
2788 | |
|
2789 | |
if (attr.enrollee_nonce == NULL ||
|
2790 | |
os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
|
2791 | |
wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
|
2792 | |
return WPS_FAILURE;
|
2793 | |
}
|
2794 | |
|
2795 | |
if (attr.config_error == NULL) {
|
2796 | |
wpa_printf(MSG_DEBUG, "WPS: No Configuration Error attribute "
|
2797 | |
"in WSC_NACK");
|
2798 | |
return WPS_FAILURE;
|
2799 | |
}
|
2800 | |
|
2801 | |
wpa_printf(MSG_DEBUG, "WPS: Enrollee terminated negotiation with "
|
2802 | |
"Configuration Error %d", WPA_GET_BE16(attr.config_error));
|
2803 | |
|
2804 | |
switch (old_state) {
|
2805 | |
case RECV_M3:
|
2806 | |
wps_fail_event(wps->wps, WPS_M2);
|
2807 | |
break;
|
2808 | |
case RECV_M5:
|
2809 | |
wps_fail_event(wps->wps, WPS_M4);
|
2810 | |
break;
|
2811 | |
case RECV_M7:
|
2812 | |
wps_fail_event(wps->wps, WPS_M6);
|
2813 | |
break;
|
2814 | |
case RECV_DONE:
|
2815 | |
wps_fail_event(wps->wps, WPS_M8);
|
2816 | |
break;
|
2817 | |
default:
|
2818 | |
break;
|
2819 | |
}
|
2820 | |
|
2821 | |
return WPS_FAILURE;
|
2822 | |
}
|
2823 | |
|
2824 | |
|
2825 | |
static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
|
2826 | |
const struct wpabuf *msg)
|
2827 | |
{
|
2828 | |
struct wps_parse_attr attr;
|
2829 | |
|
2830 | |
wpa_printf(MSG_DEBUG, "WPS: Received WSC_Done");
|
2831 | |
|
2832 | |
if (wps->state != RECV_DONE &&
|
2833 | |
(!wps->wps->wps_upnp || !wps->ext_reg)) {
|
2834 | |
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
|
2835 | |
"receiving WSC_Done", wps->state);
|
2836 | |
return WPS_FAILURE;
|
2837 | |
}
|
2838 | |
|
2839 | |
if (wps_parse_msg(msg, &attr) < 0)
|
2840 | |
return WPS_FAILURE;
|
2841 | |
|
2842 | |
if (!wps_version_supported(attr.version)) {
|
2843 | |
wpa_printf(MSG_DEBUG, "WPS: Unsupported message version 0x%x",
|
2844 | |
attr.version ? *attr.version : 0);
|
2845 | |
return WPS_FAILURE;
|
2846 | |
}
|
2847 | |
|
2848 | |
if (attr.msg_type == NULL) {
|
2849 | |
wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
|
2850 | |
return WPS_FAILURE;
|
2851 | |
}
|
2852 | |
|
2853 | |
if (*attr.msg_type != WPS_WSC_DONE) {
|
2854 | |
wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
|
2855 | |
*attr.msg_type);
|
2856 | |
return WPS_FAILURE;
|
2857 | |
}
|
2858 | |
|
2859 | |
#ifdef CONFIG_WPS_UPNP
|
2860 | |
if (wps->wps->wps_upnp && wps->ext_reg) {
|
2861 | |
wpa_printf(MSG_DEBUG, "WPS: Negotiation using external "
|
2862 | |
"Registrar completed successfully");
|
2863 | |
wps_device_store(wps->wps->registrar, &wps->peer_dev,
|
2864 | |
wps->uuid_e);
|
2865 | |
return WPS_DONE;
|
2866 | |
}
|
2867 | |
#endif /* CONFIG_WPS_UPNP */
|
2868 | |
|
2869 | |
if (attr.registrar_nonce == NULL ||
|
2870 | |
os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN != 0))
|
2871 | |
{
|
2872 | |
wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
|
2873 | |
return WPS_FAILURE;
|
2874 | |
}
|
2875 | |
|
2876 | |
if (attr.enrollee_nonce == NULL ||
|
2877 | |
os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN != 0)) {
|
2878 | |
wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
|
2879 | |
return WPS_FAILURE;
|
2880 | |
}
|
2881 | |
|
2882 | |
wpa_printf(MSG_DEBUG, "WPS: Negotiation completed successfully");
|
2883 | |
/* @@@ We don't need any of this, since we're just cracking keys
|
2884 | |
*
|
2885 | |
wps_device_store(wps->wps->registrar, &wps->peer_dev,
|
2886 | |
wps->uuid_e);
|
2887 | |
|
2888 | |
if (wps->wps->wps_state == WPS_STATE_NOT_CONFIGURED && wps->new_psk &&
|
2889 | |
wps->wps->ap && !wps->wps->registrar->disable_auto_conf) {
|
2890 | |
struct wps_credential cred;
|
2891 | |
|
2892 | |
wpa_printf(MSG_DEBUG, "WPS: Moving to Configured state based "
|
2893 | |
"on first Enrollee connection");
|
2894 | |
|
2895 | |
os_memset(&cred, 0, sizeof(cred));
|
2896 | |
os_memcpy(cred.ssid, wps->wps->ssid, wps->wps->ssid_len);
|
2897 | |
cred.ssid_len = wps->wps->ssid_len;
|
2898 | |
cred.auth_type = WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK;
|
2899 | |
cred.encr_type = WPS_ENCR_TKIP | WPS_ENCR_AES;
|
2900 | |
os_memcpy(cred.key, wps->new_psk, wps->new_psk_len);
|
2901 | |
cred.key_len = wps->new_psk_len;
|
2902 | |
|
2903 | |
wps->wps->wps_state = WPS_STATE_CONFIGURED;
|
2904 | |
wpa_hexdump_ascii_key(MSG_DEBUG,
|
2905 | |
"WPS: Generated random passphrase",
|
2906 | |
wps->new_psk, wps->new_psk_len);
|
2907 | |
if (wps->wps->cred_cb)
|
2908 | |
wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
|
2909 | |
|
2910 | |
os_free(wps->new_psk);
|
2911 | |
wps->new_psk = NULL;
|
2912 | |
}
|
2913 | |
|
2914 | |
if (!wps->wps->ap && !wps->er)
|
2915 | |
wps_sta_cred_cb(wps);
|
2916 | |
|
2917 | |
if (wps->new_psk) {
|
2918 | |
if (wps_cb_new_psk(wps->wps->registrar, wps->mac_addr_e,
|
2919 | |
wps->new_psk, wps->new_psk_len)) {
|
2920 | |
wpa_printf(MSG_DEBUG, "WPS: Failed to configure the "
|
2921 | |
"new PSK");
|
2922 | |
}
|
2923 | |
os_free(wps->new_psk);
|
2924 | |
wps->new_psk = NULL;
|
2925 | |
}
|
2926 | |
|
2927 | |
wps_cb_reg_success(wps->wps->registrar, wps->mac_addr_e, wps->uuid_e);
|
2928 | |
|
2929 | |
if (wps->pbc) {
|
2930 | |
wps_registrar_remove_pbc_session(wps->wps->registrar,
|
2931 | |
wps->mac_addr_e, wps->uuid_e);
|
2932 | |
wps_registrar_pbc_completed(wps->wps->registrar);
|
2933 | |
} else {
|
2934 | |
wps_registrar_pin_completed(wps->wps->registrar);
|
2935 | |
}
|
2936 | |
*
|
2937 | |
*/
|
2938 | |
|
2939 | |
wps_success_event(wps->wps);
|
2940 | |
|
2941 | |
return WPS_DONE;
|
2942 | |
}
|
2943 | |
|
2944 | |
|
2945 | |
enum wps_process_res wps_registrar_process_msg(struct wps_data *wps,
|
2946 | |
enum wsc_op_code op_code,
|
2947 | |
const struct wpabuf *msg)
|
2948 | |
{
|
2949 | |
enum wps_process_res ret;
|
2950 | |
|
2951 | |
wpa_printf(MSG_DEBUG, "WPS: Processing received message (len=%lu "
|
2952 | |
"op_code=%d)",
|
2953 | |
(unsigned long) wpabuf_len(msg), op_code);
|
2954 | |
|
2955 | |
#ifdef CONFIG_WPS_UPNP
|
2956 | |
if (wps->wps->wps_upnp && op_code == WSC_MSG && wps->ext_reg == 1) {
|
2957 | |
struct wps_parse_attr attr;
|
2958 | |
if (wps_parse_msg(msg, &attr) == 0 && attr.msg_type &&
|
2959 | |
*attr.msg_type == WPS_M3)
|
2960 | |
wps->ext_reg = 2; /* past M2/M2D phase */
|
2961 | |
}
|
2962 | |
if (wps->ext_reg > 1)
|
2963 | |
wps_registrar_free_pending_m2(wps->wps);
|
2964 | |
if (wps->wps->wps_upnp && wps->ext_reg &&
|
2965 | |
wps->wps->upnp_msgs == NULL &&
|
2966 | |
(op_code == WSC_MSG || op_code == WSC_Done || op_code == WSC_NACK))
|
2967 | |
{
|
2968 | |
struct wps_parse_attr attr;
|
2969 | |
int type;
|
2970 | |
if (wps_parse_msg(msg, &attr) < 0 || attr.msg_type == NULL)
|
2971 | |
type = -1;
|
2972 | |
else
|
2973 | |
type = *attr.msg_type;
|
2974 | |
wpa_printf(MSG_DEBUG, "WPS: Sending received message (type %d)"
|
2975 | |
" to external Registrar for processing", type);
|
2976 | |
upnp_wps_device_send_wlan_event(wps->wps->wps_upnp,
|
2977 | |
wps->mac_addr_e,
|
2978 | |
UPNP_WPS_WLANEVENT_TYPE_EAP,
|
2979 | |
msg);
|
2980 | |
if (op_code == WSC_MSG)
|
2981 | |
return WPS_PENDING;
|
2982 | |
} else if (wps->wps->wps_upnp && wps->ext_reg && op_code == WSC_MSG) {
|
2983 | |
wpa_printf(MSG_DEBUG, "WPS: Skip internal processing - using "
|
2984 | |
"external Registrar");
|
2985 | |
return WPS_CONTINUE;
|
2986 | |
}
|
2987 | |
#endif /* CONFIG_WPS_UPNP */
|
2988 | |
|
2989 | |
switch (op_code) {
|
2990 | |
case WSC_MSG:
|
2991 | |
return wps_process_wsc_msg(wps, msg);
|
2992 | |
case WSC_ACK:
|
2993 | |
return wps_process_wsc_ack(wps, msg);
|
2994 | |
case WSC_NACK:
|
2995 | |
return wps_process_wsc_nack(wps, msg);
|
2996 | |
case WSC_Done:
|
2997 | |
ret = wps_process_wsc_done(wps, msg);
|
2998 | |
if (ret == WPS_FAILURE) {
|
2999 | |
wps->state = SEND_WSC_NACK;
|
3000 | |
wps_fail_event(wps->wps, WPS_WSC_DONE);
|
3001 | |
}
|
3002 | |
return ret;
|
3003 | |
default:
|
3004 | |
wpa_printf(MSG_DEBUG, "WPS: Unsupported op_code %d", op_code);
|
3005 | |
return WPS_FAILURE;
|
3006 | |
}
|
3007 | |
}
|
3008 | |
|
3009 | |
|
3010 | |
int wps_registrar_update_ie(struct wps_registrar *reg)
|
3011 | |
{
|
3012 | |
return wps_set_ie(reg);
|
3013 | |
}
|
3014 | |
|
3015 | |
|
3016 | |
static void wps_registrar_set_selected_timeout(void *eloop_ctx,
|
3017 | |
void *timeout_ctx)
|
3018 | |
{
|
3019 | |
struct wps_registrar *reg = eloop_ctx;
|
3020 | |
|
3021 | |
wpa_printf(MSG_DEBUG, "WPS: Selected Registrar timeout - "
|
3022 | |
"unselect internal Registrar");
|
3023 | |
reg->selected_registrar = 0;
|
3024 | |
reg->pbc = 0;
|
3025 | |
wps_registrar_selected_registrar_changed(reg);
|
3026 | |
}
|
3027 | |
|
3028 | |
|
3029 | |
#ifdef CONFIG_WPS_UPNP
|
3030 | |
static void wps_registrar_sel_reg_add(struct wps_registrar *reg,
|
3031 | |
struct subscription *s)
|
3032 | |
{
|
3033 | |
wpa_printf(MSG_DEBUG, "WPS: External Registrar selected (dev_pw_id=%d "
|
3034 | |
"config_methods=0x%x)",
|
3035 | |
s->dev_password_id, s->config_methods);
|
3036 | |
reg->sel_reg_union = 1;
|
3037 | |
if (reg->sel_reg_dev_password_id_override != DEV_PW_PUSHBUTTON)
|
3038 | |
reg->sel_reg_dev_password_id_override = s->dev_password_id;
|
3039 | |
if (reg->sel_reg_config_methods_override == -1)
|
3040 | |
reg->sel_reg_config_methods_override = 0;
|
3041 | |
reg->sel_reg_config_methods_override |= s->config_methods;
|
3042 | |
}
|
3043 | |
#endif /* CONFIG_WPS_UPNP */
|
3044 | |
|
3045 | |
|
3046 | |
static void wps_registrar_sel_reg_union(struct wps_registrar *reg)
|
3047 | |
{
|
3048 | |
#ifdef CONFIG_WPS_UPNP
|
3049 | |
struct subscription *s;
|
3050 | |
|
3051 | |
if (reg->wps->wps_upnp == NULL)
|
3052 | |
return;
|
3053 | |
|
3054 | |
dl_list_for_each(s, ®->wps->wps_upnp->subscriptions,
|
3055 | |
struct subscription, list) {
|
3056 | |
struct subscr_addr *sa;
|
3057 | |
sa = dl_list_first(&s->addr_list, struct subscr_addr, list);
|
3058 | |
if (sa) {
|
3059 | |
wpa_printf(MSG_DEBUG, "WPS: External Registrar %s:%d",
|
3060 | |
inet_ntoa(sa->saddr.sin_addr),
|
3061 | |
ntohs(sa->saddr.sin_port));
|
3062 | |
}
|
3063 | |
if (s->selected_registrar)
|
3064 | |
wps_registrar_sel_reg_add(reg, s);
|
3065 | |
else
|
3066 | |
wpa_printf(MSG_DEBUG, "WPS: External Registrar not "
|
3067 | |
"selected");
|
3068 | |
}
|
3069 | |
#endif /* CONFIG_WPS_UPNP */
|
3070 | |
}
|
3071 | |
|
3072 | |
|
3073 | |
/**
|
3074 | |
* wps_registrar_selected_registrar_changed - SetSelectedRegistrar change
|
3075 | |
* @reg: Registrar data from wps_registrar_init()
|
3076 | |
*
|
3077 | |
* This function is called when selected registrar state changes, e.g., when an
|
3078 | |
* AP receives a SetSelectedRegistrar UPnP message.
|
3079 | |
*/
|
3080 | |
void wps_registrar_selected_registrar_changed(struct wps_registrar *reg)
|
3081 | |
{
|
3082 | |
wpa_printf(MSG_DEBUG, "WPS: Selected registrar information changed");
|
3083 | |
|
3084 | |
reg->sel_reg_union = reg->selected_registrar;
|
3085 | |
reg->sel_reg_dev_password_id_override = -1;
|
3086 | |
reg->sel_reg_config_methods_override = -1;
|
3087 | |
if (reg->selected_registrar) {
|
3088 | |
reg->sel_reg_config_methods_override =
|
3089 | |
reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
|
3090 | |
if (reg->pbc) {
|
3091 | |
reg->sel_reg_dev_password_id_override =
|
3092 | |
DEV_PW_PUSHBUTTON;
|
3093 | |
reg->sel_reg_config_methods_override |=
|
3094 | |
WPS_CONFIG_PUSHBUTTON;
|
3095 | |
}
|
3096 | |
wpa_printf(MSG_DEBUG, "WPS: Internal Registrar selected "
|
3097 | |
"(pbc=%d)", reg->pbc);
|
3098 | |
} else
|
3099 | |
wpa_printf(MSG_DEBUG, "WPS: Internal Registrar not selected");
|
3100 | |
|
3101 | |
wpa_printf(MSG_DEBUG, "WPS: sel_reg_union");
|
3102 | |
|
3103 | |
wps_registrar_sel_reg_union(reg);
|
3104 | |
|
3105 | |
wpa_printf(MSG_DEBUG, "WPS: set_ie");
|
3106 | |
wps_set_ie(reg);
|
3107 | |
wpa_printf(MSG_DEBUG, "WPS: cb_set_sel_reg");
|
3108 | |
wps_cb_set_sel_reg(reg);
|
3109 | |
wpa_printf(MSG_DEBUG, "WPS: return from wps_selected_registrar_changed");
|
3110 | |
}
|
3111 | |
|
3112 | |
|
3113 | |
int wps_registrar_get_info(struct wps_registrar *reg, const u8 *addr,
|
3114 | |
char *buf, size_t buflen)
|
3115 | |
{
|
3116 | |
struct wps_registrar_device *d;
|
3117 | |
int len = 0, ret;
|
3118 | |
char uuid[40];
|
3119 | |
char devtype[WPS_DEV_TYPE_BUFSIZE];
|
3120 | |
|
3121 | |
d = wps_device_get(reg, addr);
|
3122 | |
if (d == NULL)
|
3123 | |
return 0;
|
3124 | |
if (uuid_bin2str(d->uuid, uuid, sizeof(uuid)))
|
3125 | |
return 0;
|
3126 | |
|
3127 | |
ret = os_snprintf(buf + len, buflen - len,
|
3128 | |
"wpsUuid=%s\n"
|
3129 | |
"wpsPrimaryDeviceType=%s\n"
|
3130 | |
"wpsDeviceName=%s\n"
|
3131 | |
"wpsManufacturer=%s\n"
|
3132 | |
"wpsModelName=%s\n"
|
3133 | |
"wpsModelNumber=%s\n"
|
3134 | |
"wpsSerialNumber=%s\n",
|
3135 | |
uuid,
|
3136 | |
wps_dev_type_bin2str(d->dev.pri_dev_type, devtype,
|
3137 | |
sizeof(devtype)),
|
3138 | |
d->dev.device_name ? d->dev.device_name : "",
|
3139 | |
d->dev.manufacturer ? d->dev.manufacturer : "",
|
3140 | |
d->dev.model_name ? d->dev.model_name : "",
|
3141 | |
d->dev.model_number ? d->dev.model_number : "",
|
3142 | |
d->dev.serial_number ? d->dev.serial_number : "");
|
3143 | |
if (ret < 0 || (size_t) ret >= buflen - len)
|
3144 | |
return len;
|
3145 | |
len += ret;
|
3146 | |
|
3147 | |
return len;
|
3148 | |
}
|