1 /*
2 * hostapd / DPP integration
3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 * Copyright (c) 2018-2020, The Linux Foundation
5 *
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
8 */
9
10 #include "utils/includes.h"
11
12 #include "utils/common.h"
13 #include "utils/eloop.h"
14 #include "common/dpp.h"
15 #include "common/gas.h"
16 #include "common/wpa_ctrl.h"
17 #include "hostapd.h"
18 #include "ap_drv_ops.h"
19 #include "gas_query_ap.h"
20 #include "gas_serv.h"
21 #include "wpa_auth.h"
22 #include "dpp_hostapd.h"
23
24
25 static void hostapd_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
26 static void hostapd_dpp_auth_conf_wait_timeout(void *eloop_ctx,
27 void *timeout_ctx);
28 static void hostapd_dpp_auth_success(struct hostapd_data *hapd, int initiator);
29 static void hostapd_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
30 static int hostapd_dpp_auth_init_next(struct hostapd_data *hapd);
31 #ifdef CONFIG_DPP2
32 static void hostapd_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
33 void *timeout_ctx);
34 static void hostapd_dpp_handle_config_obj(struct hostapd_data *hapd,
35 struct dpp_authentication *auth,
36 struct dpp_config_obj *conf);
37 #endif /* CONFIG_DPP2 */
38
39 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
40
41
42 /**
43 * hostapd_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
44 * @hapd: Pointer to hostapd_data
45 * @cmd: DPP URI read from a QR Code
46 * Returns: Identifier of the stored info or -1 on failure
47 */
hostapd_dpp_qr_code(struct hostapd_data * hapd,const char * cmd)48 int hostapd_dpp_qr_code(struct hostapd_data *hapd, const char *cmd)
49 {
50 struct dpp_bootstrap_info *bi;
51 struct dpp_authentication *auth = hapd->dpp_auth;
52
53 bi = dpp_add_qr_code(hapd->iface->interfaces->dpp, cmd);
54 if (!bi)
55 return -1;
56
57 if (auth && auth->response_pending &&
58 dpp_notify_new_qr_code(auth, bi) == 1) {
59 wpa_printf(MSG_DEBUG,
60 "DPP: Sending out pending authentication response");
61 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
62 " freq=%u type=%d",
63 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
64 DPP_PA_AUTHENTICATION_RESP);
65 hostapd_drv_send_action(hapd, auth->curr_freq, 0,
66 auth->peer_mac_addr,
67 wpabuf_head(hapd->dpp_auth->resp_msg),
68 wpabuf_len(hapd->dpp_auth->resp_msg));
69 }
70
71 #ifdef CONFIG_DPP2
72 dpp_controller_new_qr_code(hapd->iface->interfaces->dpp, bi);
73 #endif /* CONFIG_DPP2 */
74
75 return bi->id;
76 }
77
78
79 /**
80 * hostapd_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI)
81 * @hapd: Pointer to hostapd_data
82 * @cmd: DPP URI read from a NFC Tag (URI NDEF message)
83 * Returns: Identifier of the stored info or -1 on failure
84 */
hostapd_dpp_nfc_uri(struct hostapd_data * hapd,const char * cmd)85 int hostapd_dpp_nfc_uri(struct hostapd_data *hapd, const char *cmd)
86 {
87 struct dpp_bootstrap_info *bi;
88
89 bi = dpp_add_nfc_uri(hapd->iface->interfaces->dpp, cmd);
90 if (!bi)
91 return -1;
92
93 return bi->id;
94 }
95
96
hostapd_dpp_nfc_handover_req(struct hostapd_data * hapd,const char * cmd)97 int hostapd_dpp_nfc_handover_req(struct hostapd_data *hapd, const char *cmd)
98 {
99 const char *pos;
100 struct dpp_bootstrap_info *peer_bi, *own_bi;
101
102 pos = os_strstr(cmd, " own=");
103 if (!pos)
104 return -1;
105 pos += 5;
106 own_bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, atoi(pos));
107 if (!own_bi)
108 return -1;
109
110 pos = os_strstr(cmd, " uri=");
111 if (!pos)
112 return -1;
113 pos += 5;
114 peer_bi = dpp_add_nfc_uri(hapd->iface->interfaces->dpp, pos);
115 if (!peer_bi) {
116 wpa_printf(MSG_INFO,
117 "DPP: Failed to parse URI from NFC Handover Request");
118 return -1;
119 }
120
121 if (dpp_nfc_update_bi(own_bi, peer_bi) < 0)
122 return -1;
123
124 return peer_bi->id;
125 }
126
127
hostapd_dpp_nfc_handover_sel(struct hostapd_data * hapd,const char * cmd)128 int hostapd_dpp_nfc_handover_sel(struct hostapd_data *hapd, const char *cmd)
129 {
130 const char *pos;
131 struct dpp_bootstrap_info *peer_bi, *own_bi;
132
133 pos = os_strstr(cmd, " own=");
134 if (!pos)
135 return -1;
136 pos += 5;
137 own_bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, atoi(pos));
138 if (!own_bi)
139 return -1;
140
141 pos = os_strstr(cmd, " uri=");
142 if (!pos)
143 return -1;
144 pos += 5;
145 peer_bi = dpp_add_nfc_uri(hapd->iface->interfaces->dpp, pos);
146 if (!peer_bi) {
147 wpa_printf(MSG_INFO,
148 "DPP: Failed to parse URI from NFC Handover Select");
149 return -1;
150 }
151
152 if (peer_bi->curve != own_bi->curve) {
153 wpa_printf(MSG_INFO,
154 "DPP: Peer (NFC Handover Selector) used different curve");
155 return -1;
156 }
157
158 return peer_bi->id;
159 }
160
161
hostapd_dpp_auth_resp_retry_timeout(void * eloop_ctx,void * timeout_ctx)162 static void hostapd_dpp_auth_resp_retry_timeout(void *eloop_ctx,
163 void *timeout_ctx)
164 {
165 struct hostapd_data *hapd = eloop_ctx;
166 struct dpp_authentication *auth = hapd->dpp_auth;
167
168 if (!auth || !auth->resp_msg)
169 return;
170
171 wpa_printf(MSG_DEBUG,
172 "DPP: Retry Authentication Response after timeout");
173 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
174 " freq=%u type=%d",
175 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
176 DPP_PA_AUTHENTICATION_RESP);
177 hostapd_drv_send_action(hapd, auth->curr_freq, 500, auth->peer_mac_addr,
178 wpabuf_head(auth->resp_msg),
179 wpabuf_len(auth->resp_msg));
180 }
181
182
hostapd_dpp_auth_resp_retry(struct hostapd_data * hapd)183 static void hostapd_dpp_auth_resp_retry(struct hostapd_data *hapd)
184 {
185 struct dpp_authentication *auth = hapd->dpp_auth;
186 unsigned int wait_time, max_tries;
187
188 if (!auth || !auth->resp_msg)
189 return;
190
191 if (hapd->dpp_resp_max_tries)
192 max_tries = hapd->dpp_resp_max_tries;
193 else
194 max_tries = 5;
195 auth->auth_resp_tries++;
196 if (auth->auth_resp_tries >= max_tries) {
197 wpa_printf(MSG_INFO,
198 "DPP: No confirm received from initiator - stopping exchange");
199 hostapd_drv_send_action_cancel_wait(hapd);
200 dpp_auth_deinit(hapd->dpp_auth);
201 hapd->dpp_auth = NULL;
202 return;
203 }
204
205 if (hapd->dpp_resp_retry_time)
206 wait_time = hapd->dpp_resp_retry_time;
207 else
208 wait_time = 1000;
209 wpa_printf(MSG_DEBUG,
210 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
211 wait_time);
212 eloop_cancel_timeout(hostapd_dpp_auth_resp_retry_timeout, hapd, NULL);
213 eloop_register_timeout(wait_time / 1000,
214 (wait_time % 1000) * 1000,
215 hostapd_dpp_auth_resp_retry_timeout, hapd, NULL);
216 }
217
218
hostapd_dpp_tx_status(struct hostapd_data * hapd,const u8 * dst,const u8 * data,size_t data_len,int ok)219 void hostapd_dpp_tx_status(struct hostapd_data *hapd, const u8 *dst,
220 const u8 *data, size_t data_len, int ok)
221 {
222 struct dpp_authentication *auth = hapd->dpp_auth;
223
224 wpa_printf(MSG_DEBUG, "DPP: TX status: dst=" MACSTR " ok=%d",
225 MAC2STR(dst), ok);
226 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
227 " result=%s", MAC2STR(dst), ok ? "SUCCESS" : "FAILED");
228
229 if (!hapd->dpp_auth) {
230 wpa_printf(MSG_DEBUG,
231 "DPP: Ignore TX status since there is no ongoing authentication exchange");
232 return;
233 }
234
235 #ifdef CONFIG_DPP2
236 if (auth->connect_on_tx_status) {
237 wpa_printf(MSG_DEBUG,
238 "DPP: Complete exchange on configuration result");
239 dpp_auth_deinit(hapd->dpp_auth);
240 hapd->dpp_auth = NULL;
241 return;
242 }
243 #endif /* CONFIG_DPP2 */
244
245 if (hapd->dpp_auth->remove_on_tx_status) {
246 wpa_printf(MSG_DEBUG,
247 "DPP: Terminate authentication exchange due to an earlier error");
248 eloop_cancel_timeout(hostapd_dpp_init_timeout, hapd, NULL);
249 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout,
250 hapd, NULL);
251 eloop_cancel_timeout(hostapd_dpp_auth_conf_wait_timeout,
252 hapd, NULL);
253 eloop_cancel_timeout(hostapd_dpp_auth_resp_retry_timeout, hapd,
254 NULL);
255 #ifdef CONFIG_DPP2
256 eloop_cancel_timeout(hostapd_dpp_reconfig_reply_wait_timeout,
257 hapd, NULL);
258 #endif /* CONFIG_DPP2 */
259 hostapd_drv_send_action_cancel_wait(hapd);
260 dpp_auth_deinit(hapd->dpp_auth);
261 hapd->dpp_auth = NULL;
262 return;
263 }
264
265 if (hapd->dpp_auth_ok_on_ack)
266 hostapd_dpp_auth_success(hapd, 1);
267
268 if (!is_broadcast_ether_addr(dst) && !ok) {
269 wpa_printf(MSG_DEBUG,
270 "DPP: Unicast DPP Action frame was not ACKed");
271 if (auth->waiting_auth_resp) {
272 /* In case of DPP Authentication Request frame, move to
273 * the next channel immediately. */
274 hostapd_drv_send_action_cancel_wait(hapd);
275 hostapd_dpp_auth_init_next(hapd);
276 return;
277 }
278 if (auth->waiting_auth_conf) {
279 hostapd_dpp_auth_resp_retry(hapd);
280 return;
281 }
282 }
283
284 if (auth->waiting_auth_conf &&
285 auth->auth_resp_status == DPP_STATUS_OK) {
286 /* Make sure we do not get stuck waiting for Auth Confirm
287 * indefinitely after successfully transmitted Auth Response to
288 * allow new authentication exchanges to be started. */
289 eloop_cancel_timeout(hostapd_dpp_auth_conf_wait_timeout, hapd,
290 NULL);
291 eloop_register_timeout(1, 0, hostapd_dpp_auth_conf_wait_timeout,
292 hapd, NULL);
293 }
294
295 if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp && ok) {
296 /* Allow timeout handling to stop iteration if no response is
297 * received from a peer that has ACKed a request. */
298 auth->auth_req_ack = 1;
299 }
300
301 if (!hapd->dpp_auth_ok_on_ack && hapd->dpp_auth->neg_freq > 0 &&
302 hapd->dpp_auth->curr_freq != hapd->dpp_auth->neg_freq) {
303 wpa_printf(MSG_DEBUG,
304 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
305 hapd->dpp_auth->curr_freq,
306 hapd->dpp_auth->neg_freq);
307 hostapd_drv_send_action_cancel_wait(hapd);
308
309 if (hapd->dpp_auth->neg_freq !=
310 (unsigned int) hapd->iface->freq && hapd->iface->freq > 0) {
311 /* TODO: Listen operation on non-operating channel */
312 wpa_printf(MSG_INFO,
313 "DPP: Listen operation on non-operating channel (%d MHz) is not yet supported (operating channel: %d MHz)",
314 hapd->dpp_auth->neg_freq, hapd->iface->freq);
315 }
316 }
317
318 if (hapd->dpp_auth_ok_on_ack)
319 hapd->dpp_auth_ok_on_ack = 0;
320 }
321
322
hostapd_dpp_reply_wait_timeout(void * eloop_ctx,void * timeout_ctx)323 static void hostapd_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
324 {
325 struct hostapd_data *hapd = eloop_ctx;
326 struct dpp_authentication *auth = hapd->dpp_auth;
327 unsigned int freq;
328 struct os_reltime now, diff;
329 unsigned int wait_time, diff_ms;
330
331 if (!auth || !auth->waiting_auth_resp)
332 return;
333
334 wait_time = hapd->dpp_resp_wait_time ?
335 hapd->dpp_resp_wait_time : 2000;
336 os_get_reltime(&now);
337 os_reltime_sub(&now, &hapd->dpp_last_init, &diff);
338 diff_ms = diff.sec * 1000 + diff.usec / 1000;
339 wpa_printf(MSG_DEBUG,
340 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
341 wait_time, diff_ms);
342
343 if (auth->auth_req_ack && diff_ms >= wait_time) {
344 /* Peer ACK'ed Authentication Request frame, but did not reply
345 * with Authentication Response frame within two seconds. */
346 wpa_printf(MSG_INFO,
347 "DPP: No response received from responder - stopping initiation attempt");
348 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
349 hostapd_drv_send_action_cancel_wait(hapd);
350 hostapd_dpp_listen_stop(hapd);
351 dpp_auth_deinit(auth);
352 hapd->dpp_auth = NULL;
353 return;
354 }
355
356 if (diff_ms >= wait_time) {
357 /* Authentication Request frame was not ACK'ed and no reply
358 * was receiving within two seconds. */
359 wpa_printf(MSG_DEBUG,
360 "DPP: Continue Initiator channel iteration");
361 hostapd_drv_send_action_cancel_wait(hapd);
362 hostapd_dpp_listen_stop(hapd);
363 hostapd_dpp_auth_init_next(hapd);
364 return;
365 }
366
367 /* Driver did not support 2000 ms long wait_time with TX command, so
368 * schedule listen operation to continue waiting for the response.
369 *
370 * DPP listen operations continue until stopped, so simply schedule a
371 * new call to this function at the point when the two second reply
372 * wait has expired. */
373 wait_time -= diff_ms;
374
375 freq = auth->curr_freq;
376 if (auth->neg_freq > 0)
377 freq = auth->neg_freq;
378 wpa_printf(MSG_DEBUG,
379 "DPP: Continue reply wait on channel %u MHz for %u ms",
380 freq, wait_time);
381 hapd->dpp_in_response_listen = 1;
382
383 if (freq != (unsigned int) hapd->iface->freq && hapd->iface->freq > 0) {
384 /* TODO: Listen operation on non-operating channel */
385 wpa_printf(MSG_INFO,
386 "DPP: Listen operation on non-operating channel (%d MHz) is not yet supported (operating channel: %d MHz)",
387 freq, hapd->iface->freq);
388 }
389
390 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
391 hostapd_dpp_reply_wait_timeout, hapd, NULL);
392 }
393
394
hostapd_dpp_auth_conf_wait_timeout(void * eloop_ctx,void * timeout_ctx)395 static void hostapd_dpp_auth_conf_wait_timeout(void *eloop_ctx,
396 void *timeout_ctx)
397 {
398 struct hostapd_data *hapd = eloop_ctx;
399 struct dpp_authentication *auth = hapd->dpp_auth;
400
401 if (!auth || !auth->waiting_auth_conf)
402 return;
403
404 wpa_printf(MSG_DEBUG,
405 "DPP: Terminate authentication exchange due to Auth Confirm timeout");
406 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
407 "No Auth Confirm received");
408 hostapd_drv_send_action_cancel_wait(hapd);
409 dpp_auth_deinit(auth);
410 hapd->dpp_auth = NULL;
411 }
412
413
hostapd_dpp_set_testing_options(struct hostapd_data * hapd,struct dpp_authentication * auth)414 static void hostapd_dpp_set_testing_options(struct hostapd_data *hapd,
415 struct dpp_authentication *auth)
416 {
417 #ifdef CONFIG_TESTING_OPTIONS
418 if (hapd->dpp_config_obj_override)
419 auth->config_obj_override =
420 os_strdup(hapd->dpp_config_obj_override);
421 if (hapd->dpp_discovery_override)
422 auth->discovery_override =
423 os_strdup(hapd->dpp_discovery_override);
424 if (hapd->dpp_groups_override)
425 auth->groups_override = os_strdup(hapd->dpp_groups_override);
426 auth->ignore_netaccesskey_mismatch =
427 hapd->dpp_ignore_netaccesskey_mismatch;
428 #endif /* CONFIG_TESTING_OPTIONS */
429 }
430
431
hostapd_dpp_init_timeout(void * eloop_ctx,void * timeout_ctx)432 static void hostapd_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
433 {
434 struct hostapd_data *hapd = eloop_ctx;
435
436 if (!hapd->dpp_auth)
437 return;
438 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
439 hostapd_dpp_auth_init_next(hapd);
440 }
441
442
hostapd_dpp_auth_init_next(struct hostapd_data * hapd)443 static int hostapd_dpp_auth_init_next(struct hostapd_data *hapd)
444 {
445 struct dpp_authentication *auth = hapd->dpp_auth;
446 const u8 *dst;
447 unsigned int wait_time, max_wait_time, freq, max_tries, used;
448 struct os_reltime now, diff;
449
450 if (!auth)
451 return -1;
452
453 if (auth->freq_idx == 0)
454 os_get_reltime(&hapd->dpp_init_iter_start);
455
456 if (auth->freq_idx >= auth->num_freq) {
457 auth->num_freq_iters++;
458 if (hapd->dpp_init_max_tries)
459 max_tries = hapd->dpp_init_max_tries;
460 else
461 max_tries = 5;
462 if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
463 wpa_printf(MSG_INFO,
464 "DPP: No response received from responder - stopping initiation attempt");
465 wpa_msg(hapd->msg_ctx, MSG_INFO,
466 DPP_EVENT_AUTH_INIT_FAILED);
467 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout,
468 hapd, NULL);
469 hostapd_drv_send_action_cancel_wait(hapd);
470 dpp_auth_deinit(hapd->dpp_auth);
471 hapd->dpp_auth = NULL;
472 return -1;
473 }
474 auth->freq_idx = 0;
475 eloop_cancel_timeout(hostapd_dpp_init_timeout, hapd, NULL);
476 if (hapd->dpp_init_retry_time)
477 wait_time = hapd->dpp_init_retry_time;
478 else
479 wait_time = 10000;
480 os_get_reltime(&now);
481 os_reltime_sub(&now, &hapd->dpp_init_iter_start, &diff);
482 used = diff.sec * 1000 + diff.usec / 1000;
483 if (used > wait_time)
484 wait_time = 0;
485 else
486 wait_time -= used;
487 wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms",
488 wait_time);
489 eloop_register_timeout(wait_time / 1000,
490 (wait_time % 1000) * 1000,
491 hostapd_dpp_init_timeout, hapd,
492 NULL);
493 return 0;
494 }
495 freq = auth->freq[auth->freq_idx++];
496 auth->curr_freq = freq;
497
498 if (!is_zero_ether_addr(auth->peer_mac_addr))
499 dst = auth->peer_mac_addr;
500 else if (is_zero_ether_addr(auth->peer_bi->mac_addr))
501 dst = broadcast;
502 else
503 dst = auth->peer_bi->mac_addr;
504 hapd->dpp_auth_ok_on_ack = 0;
505 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, hapd, NULL);
506 wait_time = 2000; /* TODO: hapd->max_remain_on_chan; */
507 max_wait_time = hapd->dpp_resp_wait_time ?
508 hapd->dpp_resp_wait_time : 2000;
509 if (wait_time > max_wait_time)
510 wait_time = max_wait_time;
511 wait_time += 10; /* give the driver some extra time to complete */
512 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
513 hostapd_dpp_reply_wait_timeout, hapd, NULL);
514 wait_time -= 10;
515 if (auth->neg_freq > 0 && freq != auth->neg_freq) {
516 wpa_printf(MSG_DEBUG,
517 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
518 freq, auth->neg_freq);
519 }
520 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
521 " freq=%u type=%d",
522 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
523 auth->auth_req_ack = 0;
524 os_get_reltime(&hapd->dpp_last_init);
525 return hostapd_drv_send_action(hapd, freq, wait_time,
526 dst,
527 wpabuf_head(hapd->dpp_auth->req_msg),
528 wpabuf_len(hapd->dpp_auth->req_msg));
529 }
530
531
532 #ifdef CONFIG_DPP2
hostapd_dpp_process_conf_obj(void * ctx,struct dpp_authentication * auth)533 static int hostapd_dpp_process_conf_obj(void *ctx,
534 struct dpp_authentication *auth)
535 {
536 struct hostapd_data *hapd = ctx;
537 unsigned int i;
538
539 for (i = 0; i < auth->num_conf_obj; i++)
540 hostapd_dpp_handle_config_obj(hapd, auth,
541 &auth->conf_obj[i]);
542
543 return 0;
544 }
545 #endif /* CONFIG_DPP2 */
546
547
hostapd_dpp_auth_init(struct hostapd_data * hapd,const char * cmd)548 int hostapd_dpp_auth_init(struct hostapd_data *hapd, const char *cmd)
549 {
550 const char *pos;
551 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
552 struct dpp_authentication *auth;
553 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
554 unsigned int neg_freq = 0;
555 int tcp = 0;
556 #ifdef CONFIG_DPP2
557 int tcp_port = DPP_TCP_PORT;
558 struct hostapd_ip_addr ipaddr;
559 char *addr;
560 #endif /* CONFIG_DPP2 */
561
562 pos = os_strstr(cmd, " peer=");
563 if (!pos)
564 return -1;
565 pos += 6;
566 peer_bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, atoi(pos));
567 if (!peer_bi) {
568 wpa_printf(MSG_INFO,
569 "DPP: Could not find bootstrapping info for the identified peer");
570 return -1;
571 }
572
573 #ifdef CONFIG_DPP2
574 pos = os_strstr(cmd, " tcp_port=");
575 if (pos) {
576 pos += 10;
577 tcp_port = atoi(pos);
578 }
579
580 addr = get_param(cmd, " tcp_addr=");
581 if (addr) {
582 int res;
583
584 res = hostapd_parse_ip_addr(addr, &ipaddr);
585 os_free(addr);
586 if (res)
587 return -1;
588 tcp = 1;
589 }
590 #endif /* CONFIG_DPP2 */
591
592 pos = os_strstr(cmd, " own=");
593 if (pos) {
594 pos += 5;
595 own_bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp,
596 atoi(pos));
597 if (!own_bi) {
598 wpa_printf(MSG_INFO,
599 "DPP: Could not find bootstrapping info for the identified local entry");
600 return -1;
601 }
602
603 if (peer_bi->curve != own_bi->curve) {
604 wpa_printf(MSG_INFO,
605 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
606 peer_bi->curve->name, own_bi->curve->name);
607 return -1;
608 }
609 }
610
611 pos = os_strstr(cmd, " role=");
612 if (pos) {
613 pos += 6;
614 if (os_strncmp(pos, "configurator", 12) == 0)
615 allowed_roles = DPP_CAPAB_CONFIGURATOR;
616 else if (os_strncmp(pos, "enrollee", 8) == 0)
617 allowed_roles = DPP_CAPAB_ENROLLEE;
618 else if (os_strncmp(pos, "either", 6) == 0)
619 allowed_roles = DPP_CAPAB_CONFIGURATOR |
620 DPP_CAPAB_ENROLLEE;
621 else
622 goto fail;
623 }
624
625 pos = os_strstr(cmd, " neg_freq=");
626 if (pos)
627 neg_freq = atoi(pos + 10);
628
629 if (!tcp && hapd->dpp_auth) {
630 eloop_cancel_timeout(hostapd_dpp_init_timeout, hapd, NULL);
631 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout,
632 hapd, NULL);
633 eloop_cancel_timeout(hostapd_dpp_auth_conf_wait_timeout,
634 hapd, NULL);
635 eloop_cancel_timeout(hostapd_dpp_auth_resp_retry_timeout, hapd,
636 NULL);
637 #ifdef CONFIG_DPP2
638 eloop_cancel_timeout(hostapd_dpp_reconfig_reply_wait_timeout,
639 hapd, NULL);
640 #endif /* CONFIG_DPP2 */
641 hostapd_drv_send_action_cancel_wait(hapd);
642 dpp_auth_deinit(hapd->dpp_auth);
643 }
644
645 auth = dpp_auth_init(hapd->iface->interfaces->dpp, hapd->msg_ctx,
646 peer_bi, own_bi, allowed_roles, neg_freq,
647 hapd->iface->hw_features,
648 hapd->iface->num_hw_features);
649 if (!auth)
650 goto fail;
651 hostapd_dpp_set_testing_options(hapd, auth);
652 if (dpp_set_configurator(auth, cmd) < 0) {
653 dpp_auth_deinit(auth);
654 goto fail;
655 }
656
657 auth->neg_freq = neg_freq;
658
659 if (!is_zero_ether_addr(peer_bi->mac_addr))
660 os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN);
661
662 #ifdef CONFIG_DPP2
663 if (tcp)
664 return dpp_tcp_init(hapd->iface->interfaces->dpp, auth,
665 &ipaddr, tcp_port, hapd->conf->dpp_name,
666 DPP_NETROLE_AP, hapd->msg_ctx, hapd,
667 hostapd_dpp_process_conf_obj);
668 #endif /* CONFIG_DPP2 */
669
670 hapd->dpp_auth = auth;
671 return hostapd_dpp_auth_init_next(hapd);
672 fail:
673 return -1;
674 }
675
676
hostapd_dpp_listen(struct hostapd_data * hapd,const char * cmd)677 int hostapd_dpp_listen(struct hostapd_data *hapd, const char *cmd)
678 {
679 int freq;
680
681 freq = atoi(cmd);
682 if (freq <= 0)
683 return -1;
684
685 if (os_strstr(cmd, " role=configurator"))
686 hapd->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
687 else if (os_strstr(cmd, " role=enrollee"))
688 hapd->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
689 else
690 hapd->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
691 DPP_CAPAB_ENROLLEE;
692 hapd->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
693
694 if (freq != hapd->iface->freq && hapd->iface->freq > 0) {
695 /* TODO: Listen operation on non-operating channel */
696 wpa_printf(MSG_INFO,
697 "DPP: Listen operation on non-operating channel (%d MHz) is not yet supported (operating channel: %d MHz)",
698 freq, hapd->iface->freq);
699 return -1;
700 }
701
702 hostapd_drv_dpp_listen(hapd, true);
703 return 0;
704 }
705
706
hostapd_dpp_listen_stop(struct hostapd_data * hapd)707 void hostapd_dpp_listen_stop(struct hostapd_data *hapd)
708 {
709 hostapd_drv_dpp_listen(hapd, false);
710 /* TODO: Stop listen operation on non-operating channel */
711 }
712
713
hostapd_dpp_rx_auth_req(struct hostapd_data * hapd,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)714 static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
715 const u8 *hdr, const u8 *buf, size_t len,
716 unsigned int freq)
717 {
718 const u8 *r_bootstrap, *i_bootstrap;
719 u16 r_bootstrap_len, i_bootstrap_len;
720 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
721
722 if (!hapd->iface->interfaces->dpp)
723 return;
724
725 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
726 MAC2STR(src));
727
728 #ifdef CONFIG_DPP2
729 hostapd_dpp_chirp_stop(hapd);
730 #endif /* CONFIG_DPP2 */
731
732 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
733 &r_bootstrap_len);
734 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
735 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
736 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
737 return;
738 }
739 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
740 r_bootstrap, r_bootstrap_len);
741
742 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
743 &i_bootstrap_len);
744 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
745 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
746 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
747 return;
748 }
749 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
750 i_bootstrap, i_bootstrap_len);
751
752 /* Try to find own and peer bootstrapping key matches based on the
753 * received hash values */
754 dpp_bootstrap_find_pair(hapd->iface->interfaces->dpp, i_bootstrap,
755 r_bootstrap, &own_bi, &peer_bi);
756 #ifdef CONFIG_DPP2
757 if (!own_bi) {
758 if (dpp_relay_rx_action(hapd->iface->interfaces->dpp,
759 src, hdr, buf, len, freq, i_bootstrap,
760 r_bootstrap, hapd) == 0)
761 return;
762 }
763 #endif /* CONFIG_DPP2 */
764 if (!own_bi) {
765 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
766 "No matching own bootstrapping key found - ignore message");
767 return;
768 }
769
770 if (hapd->dpp_auth) {
771 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
772 "Already in DPP authentication exchange - ignore new one");
773 return;
774 }
775
776 hapd->dpp_auth_ok_on_ack = 0;
777 hapd->dpp_auth = dpp_auth_req_rx(hapd->iface->interfaces->dpp,
778 hapd->msg_ctx, hapd->dpp_allowed_roles,
779 hapd->dpp_qr_mutual,
780 peer_bi, own_bi, freq, hdr, buf, len);
781 if (!hapd->dpp_auth) {
782 wpa_printf(MSG_DEBUG, "DPP: No response generated");
783 return;
784 }
785 hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
786 if (dpp_set_configurator(hapd->dpp_auth,
787 hapd->dpp_configurator_params) < 0) {
788 dpp_auth_deinit(hapd->dpp_auth);
789 hapd->dpp_auth = NULL;
790 return;
791 }
792 os_memcpy(hapd->dpp_auth->peer_mac_addr, src, ETH_ALEN);
793
794 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
795 " freq=%u type=%d",
796 MAC2STR(src), hapd->dpp_auth->curr_freq,
797 DPP_PA_AUTHENTICATION_RESP);
798 hostapd_drv_send_action(hapd, hapd->dpp_auth->curr_freq, 0,
799 src, wpabuf_head(hapd->dpp_auth->resp_msg),
800 wpabuf_len(hapd->dpp_auth->resp_msg));
801 }
802
803
hostapd_dpp_handle_config_obj(struct hostapd_data * hapd,struct dpp_authentication * auth,struct dpp_config_obj * conf)804 static void hostapd_dpp_handle_config_obj(struct hostapd_data *hapd,
805 struct dpp_authentication *auth,
806 struct dpp_config_obj *conf)
807 {
808 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
809 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFOBJ_AKM "%s",
810 dpp_akm_str(conf->akm));
811 if (conf->ssid_len)
812 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
813 wpa_ssid_txt(conf->ssid, conf->ssid_len));
814 if (conf->connector) {
815 /* TODO: Save the Connector and consider using a command
816 * to fetch the value instead of sending an event with
817 * it. The Connector could end up being larger than what
818 * most clients are ready to receive as an event
819 * message. */
820 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
821 conf->connector);
822 }
823 if (conf->passphrase[0]) {
824 char hex[64 * 2 + 1];
825
826 wpa_snprintf_hex(hex, sizeof(hex),
827 (const u8 *) conf->passphrase,
828 os_strlen(conf->passphrase));
829 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFOBJ_PASS "%s",
830 hex);
831 } else if (conf->psk_set) {
832 char hex[PMK_LEN * 2 + 1];
833
834 wpa_snprintf_hex(hex, sizeof(hex), conf->psk, PMK_LEN);
835 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s",
836 hex);
837 }
838 if (conf->c_sign_key) {
839 char *hex;
840 size_t hexlen;
841
842 hexlen = 2 * wpabuf_len(conf->c_sign_key) + 1;
843 hex = os_malloc(hexlen);
844 if (hex) {
845 wpa_snprintf_hex(hex, hexlen,
846 wpabuf_head(conf->c_sign_key),
847 wpabuf_len(conf->c_sign_key));
848 wpa_msg(hapd->msg_ctx, MSG_INFO,
849 DPP_EVENT_C_SIGN_KEY "%s", hex);
850 os_free(hex);
851 }
852 }
853 if (auth->net_access_key) {
854 char *hex;
855 size_t hexlen;
856
857 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
858 hex = os_malloc(hexlen);
859 if (hex) {
860 wpa_snprintf_hex(hex, hexlen,
861 wpabuf_head(auth->net_access_key),
862 wpabuf_len(auth->net_access_key));
863 if (auth->net_access_key_expiry)
864 wpa_msg(hapd->msg_ctx, MSG_INFO,
865 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
866 (unsigned long)
867 auth->net_access_key_expiry);
868 else
869 wpa_msg(hapd->msg_ctx, MSG_INFO,
870 DPP_EVENT_NET_ACCESS_KEY "%s", hex);
871 os_free(hex);
872 }
873 }
874 }
875
876
hostapd_dpp_handle_key_pkg(struct hostapd_data * hapd,struct dpp_asymmetric_key * key)877 static int hostapd_dpp_handle_key_pkg(struct hostapd_data *hapd,
878 struct dpp_asymmetric_key *key)
879 {
880 #ifdef CONFIG_DPP2
881 int res;
882
883 if (!key)
884 return 0;
885
886 wpa_printf(MSG_DEBUG, "DPP: Received Configurator backup");
887 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
888
889 while (key) {
890 res = dpp_configurator_from_backup(
891 hapd->iface->interfaces->dpp, key);
892 if (res < 0)
893 return -1;
894 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFIGURATOR_ID "%d",
895 res);
896 key = key->next;
897 }
898 #endif /* CONFIG_DPP2 */
899
900 return 0;
901 }
902
903
hostapd_dpp_gas_resp_cb(void * ctx,const u8 * addr,u8 dialog_token,enum gas_query_ap_result result,const struct wpabuf * adv_proto,const struct wpabuf * resp,u16 status_code)904 static void hostapd_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
905 enum gas_query_ap_result result,
906 const struct wpabuf *adv_proto,
907 const struct wpabuf *resp, u16 status_code)
908 {
909 struct hostapd_data *hapd = ctx;
910 const u8 *pos;
911 struct dpp_authentication *auth = hapd->dpp_auth;
912 enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED;
913
914 if (!auth || !auth->auth_success) {
915 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
916 return;
917 }
918 if (result != GAS_QUERY_AP_SUCCESS ||
919 !resp || status_code != WLAN_STATUS_SUCCESS) {
920 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
921 goto fail;
922 }
923
924 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
925 adv_proto);
926 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
927 resp);
928
929 if (wpabuf_len(adv_proto) != 10 ||
930 !(pos = wpabuf_head(adv_proto)) ||
931 pos[0] != WLAN_EID_ADV_PROTO ||
932 pos[1] != 8 ||
933 pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
934 pos[4] != 5 ||
935 WPA_GET_BE24(&pos[5]) != OUI_WFA ||
936 pos[8] != 0x1a ||
937 pos[9] != 1) {
938 wpa_printf(MSG_DEBUG,
939 "DPP: Not a DPP Advertisement Protocol ID");
940 goto fail;
941 }
942
943 if (dpp_conf_resp_rx(auth, resp) < 0) {
944 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
945 goto fail;
946 }
947
948 hostapd_dpp_handle_config_obj(hapd, auth, &auth->conf_obj[0]);
949 if (hostapd_dpp_handle_key_pkg(hapd, auth->conf_key_pkg) < 0)
950 goto fail;
951
952 status = DPP_STATUS_OK;
953 #ifdef CONFIG_TESTING_OPTIONS
954 if (dpp_test == DPP_TEST_REJECT_CONFIG) {
955 wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object");
956 status = DPP_STATUS_CONFIG_REJECTED;
957 }
958 #endif /* CONFIG_TESTING_OPTIONS */
959 fail:
960 if (status != DPP_STATUS_OK)
961 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED);
962 #ifdef CONFIG_DPP2
963 if (auth->peer_version >= 2 &&
964 auth->conf_resp_status == DPP_STATUS_OK) {
965 struct wpabuf *msg;
966
967 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
968 msg = dpp_build_conf_result(auth, status);
969 if (!msg)
970 goto fail2;
971
972 wpa_msg(hapd->msg_ctx, MSG_INFO,
973 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
974 MAC2STR(addr), auth->curr_freq,
975 DPP_PA_CONFIGURATION_RESULT);
976 hostapd_drv_send_action(hapd, auth->curr_freq, 0,
977 addr, wpabuf_head(msg),
978 wpabuf_len(msg));
979 wpabuf_free(msg);
980
981 /* This exchange will be terminated in the TX status handler */
982 auth->connect_on_tx_status = 1;
983 return;
984 }
985 fail2:
986 #endif /* CONFIG_DPP2 */
987 dpp_auth_deinit(hapd->dpp_auth);
988 hapd->dpp_auth = NULL;
989 }
990
991
hostapd_dpp_start_gas_client(struct hostapd_data * hapd)992 static void hostapd_dpp_start_gas_client(struct hostapd_data *hapd)
993 {
994 struct dpp_authentication *auth = hapd->dpp_auth;
995 struct wpabuf *buf;
996 int res;
997
998 buf = dpp_build_conf_req_helper(auth, hapd->conf->dpp_name,
999 DPP_NETROLE_AP,
1000 hapd->conf->dpp_mud_url, NULL);
1001 if (!buf) {
1002 wpa_printf(MSG_DEBUG,
1003 "DPP: No configuration request data available");
1004 return;
1005 }
1006
1007 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
1008 MAC2STR(auth->peer_mac_addr), auth->curr_freq);
1009
1010 res = gas_query_ap_req(hapd->gas, auth->peer_mac_addr, auth->curr_freq,
1011 buf, hostapd_dpp_gas_resp_cb, hapd);
1012 if (res < 0) {
1013 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
1014 "GAS: Failed to send Query Request");
1015 wpabuf_free(buf);
1016 } else {
1017 wpa_printf(MSG_DEBUG,
1018 "DPP: GAS query started with dialog token %u", res);
1019 }
1020 }
1021
1022
hostapd_dpp_auth_success(struct hostapd_data * hapd,int initiator)1023 static void hostapd_dpp_auth_success(struct hostapd_data *hapd, int initiator)
1024 {
1025 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
1026 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d",
1027 initiator);
1028 #ifdef CONFIG_TESTING_OPTIONS
1029 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
1030 wpa_printf(MSG_INFO,
1031 "DPP: TESTING - stop at Authentication Confirm");
1032 if (hapd->dpp_auth->configurator) {
1033 /* Prevent GAS response */
1034 hapd->dpp_auth->auth_success = 0;
1035 }
1036 return;
1037 }
1038 #endif /* CONFIG_TESTING_OPTIONS */
1039
1040 if (!hapd->dpp_auth->configurator)
1041 hostapd_dpp_start_gas_client(hapd);
1042 }
1043
1044
hostapd_dpp_rx_auth_resp(struct hostapd_data * hapd,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1045 static void hostapd_dpp_rx_auth_resp(struct hostapd_data *hapd, const u8 *src,
1046 const u8 *hdr, const u8 *buf, size_t len,
1047 unsigned int freq)
1048 {
1049 struct dpp_authentication *auth = hapd->dpp_auth;
1050 struct wpabuf *msg;
1051
1052 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR,
1053 MAC2STR(src));
1054
1055 if (!auth) {
1056 wpa_printf(MSG_DEBUG,
1057 "DPP: No DPP Authentication in progress - drop");
1058 return;
1059 }
1060
1061 if (!is_zero_ether_addr(auth->peer_mac_addr) &&
1062 os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1063 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1064 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1065 return;
1066 }
1067
1068 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, hapd, NULL);
1069
1070 if (auth->curr_freq != freq && auth->neg_freq == freq) {
1071 wpa_printf(MSG_DEBUG,
1072 "DPP: Responder accepted request for different negotiation channel");
1073 auth->curr_freq = freq;
1074 }
1075
1076 eloop_cancel_timeout(hostapd_dpp_init_timeout, hapd, NULL);
1077 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
1078 if (!msg) {
1079 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
1080 wpa_printf(MSG_DEBUG, "DPP: Wait for full response");
1081 return;
1082 }
1083 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
1084 return;
1085 }
1086 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
1087
1088 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
1089 " freq=%u type=%d", MAC2STR(src), auth->curr_freq,
1090 DPP_PA_AUTHENTICATION_CONF);
1091 hostapd_drv_send_action(hapd, auth->curr_freq, 0, src,
1092 wpabuf_head(msg), wpabuf_len(msg));
1093 wpabuf_free(msg);
1094 hapd->dpp_auth_ok_on_ack = 1;
1095 }
1096
1097
hostapd_dpp_rx_auth_conf(struct hostapd_data * hapd,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)1098 static void hostapd_dpp_rx_auth_conf(struct hostapd_data *hapd, const u8 *src,
1099 const u8 *hdr, const u8 *buf, size_t len)
1100 {
1101 struct dpp_authentication *auth = hapd->dpp_auth;
1102
1103 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
1104 MAC2STR(src));
1105
1106 if (!auth) {
1107 wpa_printf(MSG_DEBUG,
1108 "DPP: No DPP Authentication in progress - drop");
1109 return;
1110 }
1111
1112 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1113 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1114 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1115 return;
1116 }
1117
1118 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
1119 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
1120 return;
1121 }
1122
1123 hostapd_dpp_auth_success(hapd, 0);
1124 }
1125
1126
1127 #ifdef CONFIG_DPP2
1128
hostapd_dpp_config_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)1129 static void hostapd_dpp_config_result_wait_timeout(void *eloop_ctx,
1130 void *timeout_ctx)
1131 {
1132 struct hostapd_data *hapd = eloop_ctx;
1133 struct dpp_authentication *auth = hapd->dpp_auth;
1134
1135 if (!auth || !auth->waiting_conf_result)
1136 return;
1137
1138 wpa_printf(MSG_DEBUG,
1139 "DPP: Timeout while waiting for Configuration Result");
1140 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED);
1141 dpp_auth_deinit(auth);
1142 hapd->dpp_auth = NULL;
1143 }
1144
1145
hostapd_dpp_conn_status_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)1146 static void hostapd_dpp_conn_status_result_wait_timeout(void *eloop_ctx,
1147 void *timeout_ctx)
1148 {
1149 struct hostapd_data *hapd = eloop_ctx;
1150 struct dpp_authentication *auth = hapd->dpp_auth;
1151
1152 if (!auth || !auth->waiting_conf_result)
1153 return;
1154
1155 wpa_printf(MSG_DEBUG,
1156 "DPP: Timeout while waiting for Connection Status Result");
1157 wpa_msg(hapd->msg_ctx, MSG_INFO,
1158 DPP_EVENT_CONN_STATUS_RESULT "timeout");
1159 dpp_auth_deinit(auth);
1160 hapd->dpp_auth = NULL;
1161 }
1162
1163
hostapd_dpp_rx_conf_result(struct hostapd_data * hapd,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)1164 static void hostapd_dpp_rx_conf_result(struct hostapd_data *hapd, const u8 *src,
1165 const u8 *hdr, const u8 *buf, size_t len)
1166 {
1167 struct dpp_authentication *auth = hapd->dpp_auth;
1168 enum dpp_status_error status;
1169
1170 wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR,
1171 MAC2STR(src));
1172
1173 if (!auth || !auth->waiting_conf_result) {
1174 wpa_printf(MSG_DEBUG,
1175 "DPP: No DPP Configuration waiting for result - drop");
1176 return;
1177 }
1178
1179 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1180 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1181 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1182 return;
1183 }
1184
1185 status = dpp_conf_result_rx(auth, hdr, buf, len);
1186
1187 if (status == DPP_STATUS_OK && auth->send_conn_status) {
1188 wpa_msg(hapd->msg_ctx, MSG_INFO,
1189 DPP_EVENT_CONF_SENT "wait_conn_status=1");
1190 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result");
1191 eloop_cancel_timeout(hostapd_dpp_config_result_wait_timeout,
1192 hapd, NULL);
1193 auth->waiting_conn_status_result = 1;
1194 eloop_cancel_timeout(
1195 hostapd_dpp_conn_status_result_wait_timeout,
1196 hapd, NULL);
1197 eloop_register_timeout(
1198 16, 0, hostapd_dpp_conn_status_result_wait_timeout,
1199 hapd, NULL);
1200 return;
1201 }
1202 hostapd_drv_send_action_cancel_wait(hapd);
1203 hostapd_dpp_listen_stop(hapd);
1204 if (status == DPP_STATUS_OK)
1205 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT);
1206 else
1207 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED);
1208 dpp_auth_deinit(auth);
1209 hapd->dpp_auth = NULL;
1210 eloop_cancel_timeout(hostapd_dpp_config_result_wait_timeout, hapd,
1211 NULL);
1212 }
1213
1214
hostapd_dpp_rx_conn_status_result(struct hostapd_data * hapd,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)1215 static void hostapd_dpp_rx_conn_status_result(struct hostapd_data *hapd,
1216 const u8 *src, const u8 *hdr,
1217 const u8 *buf, size_t len)
1218 {
1219 struct dpp_authentication *auth = hapd->dpp_auth;
1220 enum dpp_status_error status;
1221 u8 ssid[SSID_MAX_LEN];
1222 size_t ssid_len = 0;
1223 char *channel_list = NULL;
1224
1225 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result");
1226
1227 if (!auth || !auth->waiting_conn_status_result) {
1228 wpa_printf(MSG_DEBUG,
1229 "DPP: No DPP Configuration waiting for connection status result - drop");
1230 return;
1231 }
1232
1233 status = dpp_conn_status_result_rx(auth, hdr, buf, len,
1234 ssid, &ssid_len, &channel_list);
1235 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT
1236 "result=%d ssid=%s channel_list=%s",
1237 status, wpa_ssid_txt(ssid, ssid_len),
1238 channel_list ? channel_list : "N/A");
1239 os_free(channel_list);
1240 hostapd_drv_send_action_cancel_wait(hapd);
1241 hostapd_dpp_listen_stop(hapd);
1242 dpp_auth_deinit(auth);
1243 hapd->dpp_auth = NULL;
1244 eloop_cancel_timeout(hostapd_dpp_conn_status_result_wait_timeout,
1245 hapd, NULL);
1246 }
1247
1248
1249 static void
hostapd_dpp_rx_presence_announcement(struct hostapd_data * hapd,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1250 hostapd_dpp_rx_presence_announcement(struct hostapd_data *hapd, const u8 *src,
1251 const u8 *hdr, const u8 *buf, size_t len,
1252 unsigned int freq)
1253 {
1254 const u8 *r_bootstrap;
1255 u16 r_bootstrap_len;
1256 struct dpp_bootstrap_info *peer_bi;
1257 struct dpp_authentication *auth;
1258
1259 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement from " MACSTR,
1260 MAC2STR(src));
1261
1262 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
1263 &r_bootstrap_len);
1264 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
1265 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
1266 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
1267 return;
1268 }
1269 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
1270 r_bootstrap, r_bootstrap_len);
1271 peer_bi = dpp_bootstrap_find_chirp(hapd->iface->interfaces->dpp,
1272 r_bootstrap);
1273 dpp_notify_chirp_received(hapd->msg_ctx,
1274 peer_bi ? (int) peer_bi->id : -1,
1275 src, freq, r_bootstrap);
1276 if (!peer_bi) {
1277 if (dpp_relay_rx_action(hapd->iface->interfaces->dpp,
1278 src, hdr, buf, len, freq, NULL,
1279 r_bootstrap, hapd) == 0)
1280 return;
1281 wpa_printf(MSG_DEBUG,
1282 "DPP: No matching bootstrapping information found");
1283 return;
1284 }
1285
1286 if (hapd->dpp_auth) {
1287 wpa_printf(MSG_DEBUG,
1288 "DPP: Ignore Presence Announcement during ongoing Authentication");
1289 return;
1290 }
1291
1292 auth = dpp_auth_init(hapd->iface->interfaces->dpp, hapd->msg_ctx,
1293 peer_bi, NULL, DPP_CAPAB_CONFIGURATOR, freq, NULL,
1294 0);
1295 if (!auth)
1296 return;
1297 hostapd_dpp_set_testing_options(hapd, auth);
1298 if (dpp_set_configurator(auth,
1299 hapd->dpp_configurator_params) < 0) {
1300 dpp_auth_deinit(auth);
1301 return;
1302 }
1303
1304 auth->neg_freq = freq;
1305
1306 /* The source address of the Presence Announcement frame overrides any
1307 * MAC address information from the bootstrapping information. */
1308 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
1309
1310 hapd->dpp_auth = auth;
1311 if (hostapd_dpp_auth_init_next(hapd) < 0) {
1312 dpp_auth_deinit(hapd->dpp_auth);
1313 hapd->dpp_auth = NULL;
1314 }
1315 }
1316
1317
hostapd_dpp_reconfig_reply_wait_timeout(void * eloop_ctx,void * timeout_ctx)1318 static void hostapd_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
1319 void *timeout_ctx)
1320 {
1321 struct hostapd_data *hapd = eloop_ctx;
1322 struct dpp_authentication *auth = hapd->dpp_auth;
1323
1324 if (!auth)
1325 return;
1326
1327 wpa_printf(MSG_DEBUG, "DPP: Reconfig Reply wait timeout");
1328 hostapd_dpp_listen_stop(hapd);
1329 dpp_auth_deinit(auth);
1330 hapd->dpp_auth = NULL;
1331 }
1332
1333
1334 static void
hostapd_dpp_rx_reconfig_announcement(struct hostapd_data * hapd,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1335 hostapd_dpp_rx_reconfig_announcement(struct hostapd_data *hapd, const u8 *src,
1336 const u8 *hdr, const u8 *buf, size_t len,
1337 unsigned int freq)
1338 {
1339 const u8 *csign_hash, *fcgroup, *a_nonce, *e_id;
1340 u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len;
1341 struct dpp_configurator *conf;
1342 struct dpp_authentication *auth;
1343 unsigned int wait_time, max_wait_time;
1344 u16 group;
1345
1346 if (hapd->dpp_auth) {
1347 wpa_printf(MSG_DEBUG,
1348 "DPP: Ignore Reconfig Announcement during ongoing Authentication");
1349 return;
1350 }
1351
1352 wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement from " MACSTR,
1353 MAC2STR(src));
1354
1355 csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH,
1356 &csign_hash_len);
1357 if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) {
1358 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
1359 "Missing or invalid required Configurator C-sign key Hash attribute");
1360 return;
1361 }
1362 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)",
1363 csign_hash, csign_hash_len);
1364 conf = dpp_configurator_find_kid(hapd->iface->interfaces->dpp,
1365 csign_hash);
1366 if (!conf) {
1367 if (dpp_relay_rx_action(hapd->iface->interfaces->dpp,
1368 src, hdr, buf, len, freq, NULL,
1369 NULL, hapd) == 0)
1370 return;
1371 wpa_printf(MSG_DEBUG,
1372 "DPP: No matching Configurator information found");
1373 return;
1374 }
1375
1376 fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP,
1377 &fcgroup_len);
1378 if (!fcgroup || fcgroup_len != 2) {
1379 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
1380 "Missing or invalid required Finite Cyclic Group attribute");
1381 return;
1382 }
1383 group = WPA_GET_LE16(fcgroup);
1384 wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group);
1385
1386 a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len);
1387 e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len);
1388
1389 auth = dpp_reconfig_init(hapd->iface->interfaces->dpp, hapd->msg_ctx,
1390 conf, freq, group, a_nonce, a_nonce_len,
1391 e_id, e_id_len);
1392 if (!auth)
1393 return;
1394 hostapd_dpp_set_testing_options(hapd, auth);
1395 if (dpp_set_configurator(auth, hapd->dpp_configurator_params) < 0) {
1396 dpp_auth_deinit(auth);
1397 return;
1398 }
1399
1400 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
1401 hapd->dpp_auth = auth;
1402
1403 hapd->dpp_in_response_listen = 0;
1404 hapd->dpp_auth_ok_on_ack = 0;
1405 wait_time = 2000; /* TODO: hapd->max_remain_on_chan; */
1406 max_wait_time = hapd->dpp_resp_wait_time ?
1407 hapd->dpp_resp_wait_time : 2000;
1408 if (wait_time > max_wait_time)
1409 wait_time = max_wait_time;
1410 wait_time += 10; /* give the driver some extra time to complete */
1411 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
1412 hostapd_dpp_reconfig_reply_wait_timeout,
1413 hapd, NULL);
1414 wait_time -= 10;
1415
1416 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
1417 " freq=%u type=%d",
1418 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_REQ);
1419 if (hostapd_drv_send_action(hapd, freq, wait_time, src,
1420 wpabuf_head(auth->reconfig_req_msg),
1421 wpabuf_len(auth->reconfig_req_msg)) < 0) {
1422 dpp_auth_deinit(hapd->dpp_auth);
1423 hapd->dpp_auth = NULL;
1424 }
1425 }
1426
1427
1428 static void
hostapd_dpp_rx_reconfig_auth_resp(struct hostapd_data * hapd,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1429 hostapd_dpp_rx_reconfig_auth_resp(struct hostapd_data *hapd, const u8 *src,
1430 const u8 *hdr, const u8 *buf, size_t len,
1431 unsigned int freq)
1432 {
1433 struct dpp_authentication *auth = hapd->dpp_auth;
1434 struct wpabuf *conf;
1435
1436 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response from "
1437 MACSTR, MAC2STR(src));
1438
1439 if (!auth || !auth->reconfig || !auth->configurator) {
1440 wpa_printf(MSG_DEBUG,
1441 "DPP: No DPP Reconfig Authentication in progress - drop");
1442 return;
1443 }
1444
1445 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1446 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1447 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1448 return;
1449 }
1450
1451 conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len);
1452 if (!conf)
1453 return;
1454
1455 eloop_cancel_timeout(hostapd_dpp_reconfig_reply_wait_timeout,
1456 hapd, NULL);
1457
1458 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
1459 " freq=%u type=%d",
1460 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_CONF);
1461 if (hostapd_drv_send_action(hapd, freq, 500, src,
1462 wpabuf_head(conf), wpabuf_len(conf)) < 0) {
1463 wpabuf_free(conf);
1464 dpp_auth_deinit(hapd->dpp_auth);
1465 hapd->dpp_auth = NULL;
1466 return;
1467 }
1468 wpabuf_free(conf);
1469 }
1470
1471 #endif /* CONFIG_DPP2 */
1472
1473
hostapd_dpp_send_peer_disc_resp(struct hostapd_data * hapd,const u8 * src,unsigned int freq,u8 trans_id,enum dpp_status_error status)1474 static void hostapd_dpp_send_peer_disc_resp(struct hostapd_data *hapd,
1475 const u8 *src, unsigned int freq,
1476 u8 trans_id,
1477 enum dpp_status_error status)
1478 {
1479 struct wpabuf *msg;
1480 size_t len;
1481
1482 len = 5 + 5 + 4 + os_strlen(hapd->conf->dpp_connector);
1483 #ifdef CONFIG_DPP2
1484 len += 5;
1485 #endif /* CONFIG_DPP2 */
1486 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_RESP, len);
1487 if (!msg)
1488 return;
1489
1490 #ifdef CONFIG_TESTING_OPTIONS
1491 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_RESP) {
1492 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
1493 goto skip_trans_id;
1494 }
1495 if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_RESP) {
1496 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID");
1497 trans_id ^= 0x01;
1498 }
1499 #endif /* CONFIG_TESTING_OPTIONS */
1500
1501 /* Transaction ID */
1502 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
1503 wpabuf_put_le16(msg, 1);
1504 wpabuf_put_u8(msg, trans_id);
1505
1506 #ifdef CONFIG_TESTING_OPTIONS
1507 skip_trans_id:
1508 if (dpp_test == DPP_TEST_NO_STATUS_PEER_DISC_RESP) {
1509 wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
1510 goto skip_status;
1511 }
1512 if (dpp_test == DPP_TEST_INVALID_STATUS_PEER_DISC_RESP) {
1513 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status");
1514 status = 254;
1515 }
1516 #endif /* CONFIG_TESTING_OPTIONS */
1517
1518 /* DPP Status */
1519 wpabuf_put_le16(msg, DPP_ATTR_STATUS);
1520 wpabuf_put_le16(msg, 1);
1521 wpabuf_put_u8(msg, status);
1522
1523 #ifdef CONFIG_TESTING_OPTIONS
1524 skip_status:
1525 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_RESP) {
1526 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
1527 goto skip_connector;
1528 }
1529 if (status == DPP_STATUS_OK &&
1530 dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_RESP) {
1531 char *connector;
1532
1533 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
1534 connector = dpp_corrupt_connector_signature(
1535 hapd->conf->dpp_connector);
1536 if (!connector) {
1537 wpabuf_free(msg);
1538 return;
1539 }
1540 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
1541 wpabuf_put_le16(msg, os_strlen(connector));
1542 wpabuf_put_str(msg, connector);
1543 os_free(connector);
1544 goto skip_connector;
1545 }
1546 #endif /* CONFIG_TESTING_OPTIONS */
1547
1548 /* DPP Connector */
1549 if (status == DPP_STATUS_OK) {
1550 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
1551 wpabuf_put_le16(msg, os_strlen(hapd->conf->dpp_connector));
1552 wpabuf_put_str(msg, hapd->conf->dpp_connector);
1553 }
1554
1555 #ifdef CONFIG_TESTING_OPTIONS
1556 skip_connector:
1557 #endif /* CONFIG_TESTING_OPTIONS */
1558
1559 #ifdef CONFIG_DPP2
1560 if (DPP_VERSION > 1) {
1561 /* Protocol Version */
1562 wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
1563 wpabuf_put_le16(msg, 1);
1564 wpabuf_put_u8(msg, DPP_VERSION);
1565 }
1566 #endif /* CONFIG_DPP2 */
1567
1568 wpa_printf(MSG_DEBUG, "DPP: Send Peer Discovery Response to " MACSTR
1569 " status=%d", MAC2STR(src), status);
1570 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
1571 " freq=%u type=%d status=%d", MAC2STR(src), freq,
1572 DPP_PA_PEER_DISCOVERY_RESP, status);
1573 hostapd_drv_send_action(hapd, freq, 0, src,
1574 wpabuf_head(msg), wpabuf_len(msg));
1575 wpabuf_free(msg);
1576 }
1577
1578
hostapd_dpp_rx_peer_disc_req(struct hostapd_data * hapd,const u8 * src,const u8 * buf,size_t len,unsigned int freq)1579 static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
1580 const u8 *src,
1581 const u8 *buf, size_t len,
1582 unsigned int freq)
1583 {
1584 const u8 *connector, *trans_id;
1585 u16 connector_len, trans_id_len;
1586 struct os_time now;
1587 struct dpp_introduction intro;
1588 os_time_t expire;
1589 int expiration;
1590 enum dpp_status_error res;
1591
1592 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Request from " MACSTR,
1593 MAC2STR(src));
1594 if (!hapd->wpa_auth ||
1595 !(hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) ||
1596 !(hapd->conf->wpa & WPA_PROTO_RSN)) {
1597 wpa_printf(MSG_DEBUG, "DPP: DPP AKM not in use");
1598 return;
1599 }
1600
1601 if (!hapd->conf->dpp_connector || !hapd->conf->dpp_netaccesskey ||
1602 !hapd->conf->dpp_csign) {
1603 wpa_printf(MSG_DEBUG, "DPP: No own Connector/keys set");
1604 return;
1605 }
1606
1607 os_get_time(&now);
1608
1609 if (hapd->conf->dpp_netaccesskey_expiry &&
1610 (os_time_t) hapd->conf->dpp_netaccesskey_expiry < now.sec) {
1611 wpa_printf(MSG_INFO, "DPP: Own netAccessKey expired");
1612 return;
1613 }
1614
1615 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
1616 &trans_id_len);
1617 if (!trans_id || trans_id_len != 1) {
1618 wpa_printf(MSG_DEBUG,
1619 "DPP: Peer did not include Transaction ID");
1620 return;
1621 }
1622
1623 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
1624 if (!connector) {
1625 wpa_printf(MSG_DEBUG,
1626 "DPP: Peer did not include its Connector");
1627 return;
1628 }
1629
1630 res = dpp_peer_intro(&intro, hapd->conf->dpp_connector,
1631 wpabuf_head(hapd->conf->dpp_netaccesskey),
1632 wpabuf_len(hapd->conf->dpp_netaccesskey),
1633 wpabuf_head(hapd->conf->dpp_csign),
1634 wpabuf_len(hapd->conf->dpp_csign),
1635 connector, connector_len, &expire);
1636 if (res == 255) {
1637 wpa_printf(MSG_INFO,
1638 "DPP: Network Introduction protocol resulted in internal failure (peer "
1639 MACSTR ")", MAC2STR(src));
1640 return;
1641 }
1642 if (res != DPP_STATUS_OK) {
1643 wpa_printf(MSG_INFO,
1644 "DPP: Network Introduction protocol resulted in failure (peer "
1645 MACSTR " status %d)", MAC2STR(src), res);
1646 hostapd_dpp_send_peer_disc_resp(hapd, src, freq, trans_id[0],
1647 res);
1648 return;
1649 }
1650
1651 if (!expire || (os_time_t) hapd->conf->dpp_netaccesskey_expiry < expire)
1652 expire = hapd->conf->dpp_netaccesskey_expiry;
1653 if (expire)
1654 expiration = expire - now.sec;
1655 else
1656 expiration = 0;
1657
1658 if (wpa_auth_pmksa_add2(hapd->wpa_auth, src, intro.pmk, intro.pmk_len,
1659 intro.pmkid, expiration,
1660 WPA_KEY_MGMT_DPP) < 0) {
1661 wpa_printf(MSG_ERROR, "DPP: Failed to add PMKSA cache entry");
1662 return;
1663 }
1664
1665 hostapd_dpp_send_peer_disc_resp(hapd, src, freq, trans_id[0],
1666 DPP_STATUS_OK);
1667 }
1668
1669
1670 static void
hostapd_dpp_rx_pkex_exchange_req(struct hostapd_data * hapd,const u8 * src,const u8 * buf,size_t len,unsigned int freq)1671 hostapd_dpp_rx_pkex_exchange_req(struct hostapd_data *hapd, const u8 *src,
1672 const u8 *buf, size_t len,
1673 unsigned int freq)
1674 {
1675 struct wpabuf *msg;
1676
1677 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
1678 MAC2STR(src));
1679
1680 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1681 * values here */
1682
1683 if (!hapd->dpp_pkex_code || !hapd->dpp_pkex_bi) {
1684 wpa_printf(MSG_DEBUG,
1685 "DPP: No PKEX code configured - ignore request");
1686 return;
1687 }
1688
1689 if (hapd->dpp_pkex) {
1690 /* TODO: Support parallel operations */
1691 wpa_printf(MSG_DEBUG,
1692 "DPP: Already in PKEX session - ignore new request");
1693 return;
1694 }
1695
1696 hapd->dpp_pkex = dpp_pkex_rx_exchange_req(hapd->msg_ctx,
1697 hapd->dpp_pkex_bi,
1698 hapd->own_addr, src,
1699 hapd->dpp_pkex_identifier,
1700 hapd->dpp_pkex_code,
1701 buf, len);
1702 if (!hapd->dpp_pkex) {
1703 wpa_printf(MSG_DEBUG,
1704 "DPP: Failed to process the request - ignore it");
1705 return;
1706 }
1707
1708 msg = hapd->dpp_pkex->exchange_resp;
1709 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
1710 " freq=%u type=%d", MAC2STR(src), freq,
1711 DPP_PA_PKEX_EXCHANGE_RESP);
1712 hostapd_drv_send_action(hapd, freq, 0, src,
1713 wpabuf_head(msg), wpabuf_len(msg));
1714 if (hapd->dpp_pkex->failed) {
1715 wpa_printf(MSG_DEBUG,
1716 "DPP: Terminate PKEX exchange due to an earlier error");
1717 if (hapd->dpp_pkex->t > hapd->dpp_pkex->own_bi->pkex_t)
1718 hapd->dpp_pkex->own_bi->pkex_t = hapd->dpp_pkex->t;
1719 dpp_pkex_free(hapd->dpp_pkex);
1720 hapd->dpp_pkex = NULL;
1721 }
1722 }
1723
1724
1725 static void
hostapd_dpp_rx_pkex_exchange_resp(struct hostapd_data * hapd,const u8 * src,const u8 * buf,size_t len,unsigned int freq)1726 hostapd_dpp_rx_pkex_exchange_resp(struct hostapd_data *hapd, const u8 *src,
1727 const u8 *buf, size_t len, unsigned int freq)
1728 {
1729 struct wpabuf *msg;
1730
1731 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
1732 MAC2STR(src));
1733
1734 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1735 * values here */
1736
1737 if (!hapd->dpp_pkex || !hapd->dpp_pkex->initiator ||
1738 hapd->dpp_pkex->exchange_done) {
1739 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1740 return;
1741 }
1742
1743 msg = dpp_pkex_rx_exchange_resp(hapd->dpp_pkex, src, buf, len);
1744 if (!msg) {
1745 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1746 return;
1747 }
1748
1749 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
1750 MAC2STR(src));
1751
1752 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
1753 " freq=%u type=%d", MAC2STR(src), freq,
1754 DPP_PA_PKEX_COMMIT_REVEAL_REQ);
1755 hostapd_drv_send_action(hapd, freq, 0, src,
1756 wpabuf_head(msg), wpabuf_len(msg));
1757 wpabuf_free(msg);
1758 }
1759
1760
1761 static void
hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data * hapd,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1762 hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src,
1763 const u8 *hdr, const u8 *buf, size_t len,
1764 unsigned int freq)
1765 {
1766 struct wpabuf *msg;
1767 struct dpp_pkex *pkex = hapd->dpp_pkex;
1768 struct dpp_bootstrap_info *bi;
1769
1770 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
1771 MAC2STR(src));
1772
1773 if (!pkex || pkex->initiator || !pkex->exchange_done) {
1774 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1775 return;
1776 }
1777
1778 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
1779 if (!msg) {
1780 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
1781 if (hapd->dpp_pkex->failed) {
1782 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
1783 if (hapd->dpp_pkex->t > hapd->dpp_pkex->own_bi->pkex_t)
1784 hapd->dpp_pkex->own_bi->pkex_t =
1785 hapd->dpp_pkex->t;
1786 dpp_pkex_free(hapd->dpp_pkex);
1787 hapd->dpp_pkex = NULL;
1788 }
1789 return;
1790 }
1791
1792 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
1793 MACSTR, MAC2STR(src));
1794
1795 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
1796 " freq=%u type=%d", MAC2STR(src), freq,
1797 DPP_PA_PKEX_COMMIT_REVEAL_RESP);
1798 hostapd_drv_send_action(hapd, freq, 0, src,
1799 wpabuf_head(msg), wpabuf_len(msg));
1800 wpabuf_free(msg);
1801
1802 bi = dpp_pkex_finish(hapd->iface->interfaces->dpp, pkex, src, freq);
1803 if (!bi)
1804 return;
1805 hapd->dpp_pkex = NULL;
1806 }
1807
1808
1809 static void
hostapd_dpp_rx_pkex_commit_reveal_resp(struct hostapd_data * hapd,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1810 hostapd_dpp_rx_pkex_commit_reveal_resp(struct hostapd_data *hapd, const u8 *src,
1811 const u8 *hdr, const u8 *buf, size_t len,
1812 unsigned int freq)
1813 {
1814 int res;
1815 struct dpp_bootstrap_info *bi;
1816 struct dpp_pkex *pkex = hapd->dpp_pkex;
1817 char cmd[500];
1818
1819 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
1820 MAC2STR(src));
1821
1822 if (!pkex || !pkex->initiator || !pkex->exchange_done) {
1823 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1824 return;
1825 }
1826
1827 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
1828 if (res < 0) {
1829 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1830 return;
1831 }
1832
1833 bi = dpp_pkex_finish(hapd->iface->interfaces->dpp, pkex, src, freq);
1834 if (!bi)
1835 return;
1836 hapd->dpp_pkex = NULL;
1837
1838 os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
1839 bi->id,
1840 hapd->dpp_pkex_auth_cmd ? hapd->dpp_pkex_auth_cmd : "");
1841 wpa_printf(MSG_DEBUG,
1842 "DPP: Start authentication after PKEX with parameters: %s",
1843 cmd);
1844 if (hostapd_dpp_auth_init(hapd, cmd) < 0) {
1845 wpa_printf(MSG_DEBUG,
1846 "DPP: Authentication initialization failed");
1847 return;
1848 }
1849 }
1850
1851
hostapd_dpp_rx_action(struct hostapd_data * hapd,const u8 * src,const u8 * buf,size_t len,unsigned int freq)1852 void hostapd_dpp_rx_action(struct hostapd_data *hapd, const u8 *src,
1853 const u8 *buf, size_t len, unsigned int freq)
1854 {
1855 u8 crypto_suite;
1856 enum dpp_public_action_frame_type type;
1857 const u8 *hdr;
1858 unsigned int pkex_t;
1859
1860 if (len < DPP_HDR_LEN)
1861 return;
1862 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
1863 return;
1864 hdr = buf;
1865 buf += 4;
1866 len -= 4;
1867 crypto_suite = *buf++;
1868 type = *buf++;
1869 len -= 2;
1870
1871 wpa_printf(MSG_DEBUG,
1872 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
1873 MACSTR " freq=%u",
1874 crypto_suite, type, MAC2STR(src), freq);
1875 if (crypto_suite != 1) {
1876 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
1877 crypto_suite);
1878 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
1879 " freq=%u type=%d ignore=unsupported-crypto-suite",
1880 MAC2STR(src), freq, type);
1881 return;
1882 }
1883 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
1884 if (dpp_check_attrs(buf, len) < 0) {
1885 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
1886 " freq=%u type=%d ignore=invalid-attributes",
1887 MAC2STR(src), freq, type);
1888 return;
1889 }
1890 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
1891 " freq=%u type=%d", MAC2STR(src), freq, type);
1892
1893 #ifdef CONFIG_DPP2
1894 if (dpp_relay_rx_action(hapd->iface->interfaces->dpp,
1895 src, hdr, buf, len, freq, NULL, NULL,
1896 hapd) == 0)
1897 return;
1898 #endif /* CONFIG_DPP2 */
1899
1900 switch (type) {
1901 case DPP_PA_AUTHENTICATION_REQ:
1902 hostapd_dpp_rx_auth_req(hapd, src, hdr, buf, len, freq);
1903 break;
1904 case DPP_PA_AUTHENTICATION_RESP:
1905 hostapd_dpp_rx_auth_resp(hapd, src, hdr, buf, len, freq);
1906 break;
1907 case DPP_PA_AUTHENTICATION_CONF:
1908 hostapd_dpp_rx_auth_conf(hapd, src, hdr, buf, len);
1909 break;
1910 case DPP_PA_PEER_DISCOVERY_REQ:
1911 hostapd_dpp_rx_peer_disc_req(hapd, src, buf, len, freq);
1912 break;
1913 case DPP_PA_PKEX_EXCHANGE_REQ:
1914 hostapd_dpp_rx_pkex_exchange_req(hapd, src, buf, len, freq);
1915 break;
1916 case DPP_PA_PKEX_EXCHANGE_RESP:
1917 hostapd_dpp_rx_pkex_exchange_resp(hapd, src, buf, len, freq);
1918 break;
1919 case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
1920 hostapd_dpp_rx_pkex_commit_reveal_req(hapd, src, hdr, buf, len,
1921 freq);
1922 break;
1923 case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
1924 hostapd_dpp_rx_pkex_commit_reveal_resp(hapd, src, hdr, buf, len,
1925 freq);
1926 break;
1927 #ifdef CONFIG_DPP2
1928 case DPP_PA_CONFIGURATION_RESULT:
1929 hostapd_dpp_rx_conf_result(hapd, src, hdr, buf, len);
1930 break;
1931 case DPP_PA_CONNECTION_STATUS_RESULT:
1932 hostapd_dpp_rx_conn_status_result(hapd, src, hdr, buf, len);
1933 break;
1934 case DPP_PA_PRESENCE_ANNOUNCEMENT:
1935 hostapd_dpp_rx_presence_announcement(hapd, src, hdr, buf, len,
1936 freq);
1937 break;
1938 case DPP_PA_RECONFIG_ANNOUNCEMENT:
1939 hostapd_dpp_rx_reconfig_announcement(hapd, src, hdr, buf, len,
1940 freq);
1941 break;
1942 case DPP_PA_RECONFIG_AUTH_RESP:
1943 hostapd_dpp_rx_reconfig_auth_resp(hapd, src, hdr, buf, len,
1944 freq);
1945 break;
1946 #endif /* CONFIG_DPP2 */
1947 default:
1948 wpa_printf(MSG_DEBUG,
1949 "DPP: Ignored unsupported frame subtype %d", type);
1950 break;
1951 }
1952
1953 if (hapd->dpp_pkex)
1954 pkex_t = hapd->dpp_pkex->t;
1955 else if (hapd->dpp_pkex_bi)
1956 pkex_t = hapd->dpp_pkex_bi->pkex_t;
1957 else
1958 pkex_t = 0;
1959 if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
1960 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
1961 hostapd_dpp_pkex_remove(hapd, "*");
1962 }
1963 }
1964
1965
1966 struct wpabuf *
hostapd_dpp_gas_req_handler(struct hostapd_data * hapd,const u8 * sa,const u8 * query,size_t query_len,const u8 * data,size_t data_len)1967 hostapd_dpp_gas_req_handler(struct hostapd_data *hapd, const u8 *sa,
1968 const u8 *query, size_t query_len,
1969 const u8 *data, size_t data_len)
1970 {
1971 struct dpp_authentication *auth = hapd->dpp_auth;
1972 struct wpabuf *resp;
1973
1974 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR, MAC2STR(sa));
1975 if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
1976 os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) {
1977 #ifdef CONFIG_DPP2
1978 if (dpp_relay_rx_gas_req(hapd->iface->interfaces->dpp, sa, data,
1979 data_len) == 0) {
1980 /* Response will be forwarded once received over TCP */
1981 return NULL;
1982 }
1983 #endif /* CONFIG_DPP2 */
1984 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1985 return NULL;
1986 }
1987
1988 if (hapd->dpp_auth_ok_on_ack && auth->configurator) {
1989 wpa_printf(MSG_DEBUG,
1990 "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request");
1991 /* hostapd_dpp_auth_success() would normally have been called
1992 * from TX status handler, but since there was no such handler
1993 * call yet, simply send out the event message and proceed with
1994 * exchange. */
1995 wpa_msg(hapd->msg_ctx, MSG_INFO,
1996 DPP_EVENT_AUTH_SUCCESS "init=1");
1997 hapd->dpp_auth_ok_on_ack = 0;
1998 }
1999
2000 wpa_hexdump(MSG_DEBUG,
2001 "DPP: Received Configuration Request (GAS Query Request)",
2002 query, query_len);
2003 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR,
2004 MAC2STR(sa));
2005 resp = dpp_conf_req_rx(auth, query, query_len);
2006 if (!resp)
2007 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED);
2008 return resp;
2009 }
2010
2011
hostapd_dpp_gas_status_handler(struct hostapd_data * hapd,int ok)2012 void hostapd_dpp_gas_status_handler(struct hostapd_data *hapd, int ok)
2013 {
2014 struct dpp_authentication *auth = hapd->dpp_auth;
2015
2016 if (!auth)
2017 return;
2018
2019 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
2020 ok);
2021 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, hapd, NULL);
2022 eloop_cancel_timeout(hostapd_dpp_auth_conf_wait_timeout, hapd, NULL);
2023 eloop_cancel_timeout(hostapd_dpp_auth_resp_retry_timeout, hapd, NULL);
2024 #ifdef CONFIG_DPP2
2025 eloop_cancel_timeout(hostapd_dpp_reconfig_reply_wait_timeout,
2026 hapd, NULL);
2027 if (ok && auth->peer_version >= 2 &&
2028 auth->conf_resp_status == DPP_STATUS_OK) {
2029 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
2030 auth->waiting_conf_result = 1;
2031 eloop_cancel_timeout(hostapd_dpp_config_result_wait_timeout,
2032 hapd, NULL);
2033 eloop_register_timeout(2, 0,
2034 hostapd_dpp_config_result_wait_timeout,
2035 hapd, NULL);
2036 return;
2037 }
2038 #endif /* CONFIG_DPP2 */
2039 hostapd_drv_send_action_cancel_wait(hapd);
2040
2041 if (ok)
2042 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT);
2043 else
2044 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED);
2045 dpp_auth_deinit(hapd->dpp_auth);
2046 hapd->dpp_auth = NULL;
2047 }
2048
2049
hostapd_dpp_configurator_sign(struct hostapd_data * hapd,const char * cmd)2050 int hostapd_dpp_configurator_sign(struct hostapd_data *hapd, const char *cmd)
2051 {
2052 struct dpp_authentication *auth;
2053 int ret = -1;
2054 char *curve = NULL;
2055
2056 auth = dpp_alloc_auth(hapd->iface->interfaces->dpp, hapd->msg_ctx);
2057 if (!auth)
2058 return -1;
2059
2060 curve = get_param(cmd, " curve=");
2061 hostapd_dpp_set_testing_options(hapd, auth);
2062 if (dpp_set_configurator(auth, cmd) == 0 &&
2063 dpp_configurator_own_config(auth, curve, 1) == 0) {
2064 hostapd_dpp_handle_config_obj(hapd, auth, &auth->conf_obj[0]);
2065 ret = 0;
2066 }
2067
2068 dpp_auth_deinit(auth);
2069 os_free(curve);
2070
2071 return ret;
2072 }
2073
2074
hostapd_dpp_pkex_add(struct hostapd_data * hapd,const char * cmd)2075 int hostapd_dpp_pkex_add(struct hostapd_data *hapd, const char *cmd)
2076 {
2077 struct dpp_bootstrap_info *own_bi;
2078 const char *pos, *end;
2079
2080 pos = os_strstr(cmd, " own=");
2081 if (!pos)
2082 return -1;
2083 pos += 5;
2084 own_bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, atoi(pos));
2085 if (!own_bi) {
2086 wpa_printf(MSG_DEBUG,
2087 "DPP: Identified bootstrap info not found");
2088 return -1;
2089 }
2090 if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
2091 wpa_printf(MSG_DEBUG,
2092 "DPP: Identified bootstrap info not for PKEX");
2093 return -1;
2094 }
2095 hapd->dpp_pkex_bi = own_bi;
2096 own_bi->pkex_t = 0; /* clear pending errors on new code */
2097
2098 os_free(hapd->dpp_pkex_identifier);
2099 hapd->dpp_pkex_identifier = NULL;
2100 pos = os_strstr(cmd, " identifier=");
2101 if (pos) {
2102 pos += 12;
2103 end = os_strchr(pos, ' ');
2104 if (!end)
2105 return -1;
2106 hapd->dpp_pkex_identifier = os_malloc(end - pos + 1);
2107 if (!hapd->dpp_pkex_identifier)
2108 return -1;
2109 os_memcpy(hapd->dpp_pkex_identifier, pos, end - pos);
2110 hapd->dpp_pkex_identifier[end - pos] = '\0';
2111 }
2112
2113 pos = os_strstr(cmd, " code=");
2114 if (!pos)
2115 return -1;
2116 os_free(hapd->dpp_pkex_code);
2117 hapd->dpp_pkex_code = os_strdup(pos + 6);
2118 if (!hapd->dpp_pkex_code)
2119 return -1;
2120
2121 if (os_strstr(cmd, " init=1")) {
2122 struct wpabuf *msg;
2123
2124 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEX");
2125 dpp_pkex_free(hapd->dpp_pkex);
2126 hapd->dpp_pkex = dpp_pkex_init(hapd->msg_ctx, own_bi,
2127 hapd->own_addr,
2128 hapd->dpp_pkex_identifier,
2129 hapd->dpp_pkex_code);
2130 if (!hapd->dpp_pkex)
2131 return -1;
2132
2133 msg = hapd->dpp_pkex->exchange_req;
2134 /* TODO: Which channel to use? */
2135 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
2136 " freq=%u type=%d", MAC2STR(broadcast), 2437,
2137 DPP_PA_PKEX_EXCHANGE_REQ);
2138 hostapd_drv_send_action(hapd, 2437, 0, broadcast,
2139 wpabuf_head(msg), wpabuf_len(msg));
2140 }
2141
2142 /* TODO: Support multiple PKEX info entries */
2143
2144 os_free(hapd->dpp_pkex_auth_cmd);
2145 hapd->dpp_pkex_auth_cmd = os_strdup(cmd);
2146
2147 return 1;
2148 }
2149
2150
hostapd_dpp_pkex_remove(struct hostapd_data * hapd,const char * id)2151 int hostapd_dpp_pkex_remove(struct hostapd_data *hapd, const char *id)
2152 {
2153 unsigned int id_val;
2154
2155 if (os_strcmp(id, "*") == 0) {
2156 id_val = 0;
2157 } else {
2158 id_val = atoi(id);
2159 if (id_val == 0)
2160 return -1;
2161 }
2162
2163 if ((id_val != 0 && id_val != 1) || !hapd->dpp_pkex_code)
2164 return -1;
2165
2166 /* TODO: Support multiple PKEX entries */
2167 os_free(hapd->dpp_pkex_code);
2168 hapd->dpp_pkex_code = NULL;
2169 os_free(hapd->dpp_pkex_identifier);
2170 hapd->dpp_pkex_identifier = NULL;
2171 os_free(hapd->dpp_pkex_auth_cmd);
2172 hapd->dpp_pkex_auth_cmd = NULL;
2173 hapd->dpp_pkex_bi = NULL;
2174 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
2175 dpp_pkex_free(hapd->dpp_pkex);
2176 hapd->dpp_pkex = NULL;
2177 return 0;
2178 }
2179
2180
hostapd_dpp_stop(struct hostapd_data * hapd)2181 void hostapd_dpp_stop(struct hostapd_data *hapd)
2182 {
2183 dpp_auth_deinit(hapd->dpp_auth);
2184 hapd->dpp_auth = NULL;
2185 dpp_pkex_free(hapd->dpp_pkex);
2186 hapd->dpp_pkex = NULL;
2187 }
2188
2189
2190 #ifdef CONFIG_DPP2
2191
hostapd_dpp_relay_tx(void * ctx,const u8 * addr,unsigned int freq,const u8 * msg,size_t len)2192 static void hostapd_dpp_relay_tx(void *ctx, const u8 *addr, unsigned int freq,
2193 const u8 *msg, size_t len)
2194 {
2195 struct hostapd_data *hapd = ctx;
2196 u8 *buf;
2197
2198 wpa_printf(MSG_DEBUG, "DPP: Send action frame dst=" MACSTR " freq=%u",
2199 MAC2STR(addr), freq);
2200 buf = os_malloc(2 + len);
2201 if (!buf)
2202 return;
2203 buf[0] = WLAN_ACTION_PUBLIC;
2204 buf[1] = WLAN_PA_VENDOR_SPECIFIC;
2205 os_memcpy(buf + 2, msg, len);
2206 hostapd_drv_send_action(hapd, freq, 0, addr, buf, 2 + len);
2207 os_free(buf);
2208 }
2209
2210
hostapd_dpp_relay_gas_resp_tx(void * ctx,const u8 * addr,u8 dialog_token,int prot,struct wpabuf * buf)2211 static void hostapd_dpp_relay_gas_resp_tx(void *ctx, const u8 *addr,
2212 u8 dialog_token, int prot,
2213 struct wpabuf *buf)
2214 {
2215 struct hostapd_data *hapd = ctx;
2216
2217 gas_serv_req_dpp_processing(hapd, addr, dialog_token, prot, buf);
2218 }
2219
2220 #endif /* CONFIG_DPP2 */
2221
2222
hostapd_dpp_add_controllers(struct hostapd_data * hapd)2223 static int hostapd_dpp_add_controllers(struct hostapd_data *hapd)
2224 {
2225 #ifdef CONFIG_DPP2
2226 struct dpp_controller_conf *ctrl;
2227 struct dpp_relay_config config;
2228
2229 os_memset(&config, 0, sizeof(config));
2230 config.cb_ctx = hapd;
2231 config.tx = hostapd_dpp_relay_tx;
2232 config.gas_resp_tx = hostapd_dpp_relay_gas_resp_tx;
2233 for (ctrl = hapd->conf->dpp_controller; ctrl; ctrl = ctrl->next) {
2234 config.ipaddr = &ctrl->ipaddr;
2235 config.pkhash = ctrl->pkhash;
2236 if (dpp_relay_add_controller(hapd->iface->interfaces->dpp,
2237 &config) < 0)
2238 return -1;
2239 }
2240 #endif /* CONFIG_DPP2 */
2241
2242 return 0;
2243 }
2244
2245
hostapd_dpp_init(struct hostapd_data * hapd)2246 int hostapd_dpp_init(struct hostapd_data *hapd)
2247 {
2248 hapd->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR | DPP_CAPAB_ENROLLEE;
2249 hapd->dpp_init_done = 1;
2250 return hostapd_dpp_add_controllers(hapd);
2251 }
2252
2253
hostapd_dpp_deinit(struct hostapd_data * hapd)2254 void hostapd_dpp_deinit(struct hostapd_data *hapd)
2255 {
2256 #ifdef CONFIG_TESTING_OPTIONS
2257 os_free(hapd->dpp_config_obj_override);
2258 hapd->dpp_config_obj_override = NULL;
2259 os_free(hapd->dpp_discovery_override);
2260 hapd->dpp_discovery_override = NULL;
2261 os_free(hapd->dpp_groups_override);
2262 hapd->dpp_groups_override = NULL;
2263 hapd->dpp_ignore_netaccesskey_mismatch = 0;
2264 #endif /* CONFIG_TESTING_OPTIONS */
2265 if (!hapd->dpp_init_done)
2266 return;
2267 eloop_cancel_timeout(hostapd_dpp_reply_wait_timeout, hapd, NULL);
2268 eloop_cancel_timeout(hostapd_dpp_auth_conf_wait_timeout, hapd, NULL);
2269 eloop_cancel_timeout(hostapd_dpp_init_timeout, hapd, NULL);
2270 eloop_cancel_timeout(hostapd_dpp_auth_resp_retry_timeout, hapd, NULL);
2271 #ifdef CONFIG_DPP2
2272 eloop_cancel_timeout(hostapd_dpp_reconfig_reply_wait_timeout,
2273 hapd, NULL);
2274 eloop_cancel_timeout(hostapd_dpp_config_result_wait_timeout, hapd,
2275 NULL);
2276 eloop_cancel_timeout(hostapd_dpp_conn_status_result_wait_timeout, hapd,
2277 NULL);
2278 hostapd_dpp_chirp_stop(hapd);
2279 if (hapd->iface->interfaces)
2280 dpp_controller_stop_for_ctx(hapd->iface->interfaces->dpp, hapd);
2281 #endif /* CONFIG_DPP2 */
2282 dpp_auth_deinit(hapd->dpp_auth);
2283 hapd->dpp_auth = NULL;
2284 hostapd_dpp_pkex_remove(hapd, "*");
2285 hapd->dpp_pkex = NULL;
2286 os_free(hapd->dpp_configurator_params);
2287 hapd->dpp_configurator_params = NULL;
2288 }
2289
2290
2291 #ifdef CONFIG_DPP2
2292
hostapd_dpp_controller_start(struct hostapd_data * hapd,const char * cmd)2293 int hostapd_dpp_controller_start(struct hostapd_data *hapd, const char *cmd)
2294 {
2295 struct dpp_controller_config config;
2296 const char *pos;
2297
2298 os_memset(&config, 0, sizeof(config));
2299 config.allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR;
2300 config.netrole = DPP_NETROLE_AP;
2301 config.msg_ctx = hapd->msg_ctx;
2302 config.cb_ctx = hapd;
2303 config.process_conf_obj = hostapd_dpp_process_conf_obj;
2304 if (cmd) {
2305 pos = os_strstr(cmd, " tcp_port=");
2306 if (pos) {
2307 pos += 10;
2308 config.tcp_port = atoi(pos);
2309 }
2310
2311 pos = os_strstr(cmd, " role=");
2312 if (pos) {
2313 pos += 6;
2314 if (os_strncmp(pos, "configurator", 12) == 0)
2315 config.allowed_roles = DPP_CAPAB_CONFIGURATOR;
2316 else if (os_strncmp(pos, "enrollee", 8) == 0)
2317 config.allowed_roles = DPP_CAPAB_ENROLLEE;
2318 else if (os_strncmp(pos, "either", 6) == 0)
2319 config.allowed_roles = DPP_CAPAB_CONFIGURATOR |
2320 DPP_CAPAB_ENROLLEE;
2321 else
2322 return -1;
2323 }
2324
2325 config.qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
2326 }
2327 config.configurator_params = hapd->dpp_configurator_params;
2328 return dpp_controller_start(hapd->iface->interfaces->dpp, &config);
2329 }
2330
2331
2332 static void hostapd_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx);
2333
hostapd_dpp_chirp_timeout(void * eloop_ctx,void * timeout_ctx)2334 static void hostapd_dpp_chirp_timeout(void *eloop_ctx, void *timeout_ctx)
2335 {
2336 struct hostapd_data *hapd = eloop_ctx;
2337
2338 wpa_printf(MSG_DEBUG, "DPP: No chirp response received");
2339 hostapd_drv_send_action_cancel_wait(hapd);
2340 hostapd_dpp_chirp_next(hapd, NULL);
2341 }
2342
2343
hostapd_dpp_chirp_start(struct hostapd_data * hapd)2344 static void hostapd_dpp_chirp_start(struct hostapd_data *hapd)
2345 {
2346 struct wpabuf *msg;
2347 int type;
2348
2349 msg = hapd->dpp_presence_announcement;
2350 type = DPP_PA_PRESENCE_ANNOUNCEMENT;
2351 wpa_printf(MSG_DEBUG, "DPP: Chirp on %d MHz", hapd->dpp_chirp_freq);
2352 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
2353 " freq=%u type=%d",
2354 MAC2STR(broadcast), hapd->dpp_chirp_freq, type);
2355 if (hostapd_drv_send_action(
2356 hapd, hapd->dpp_chirp_freq, 2000, broadcast,
2357 wpabuf_head(msg), wpabuf_len(msg)) < 0 ||
2358 eloop_register_timeout(2, 0, hostapd_dpp_chirp_timeout,
2359 hapd, NULL) < 0)
2360 hostapd_dpp_chirp_stop(hapd);
2361 }
2362
2363
2364 static struct hostapd_hw_modes *
dpp_get_mode(struct hostapd_data * hapd,enum hostapd_hw_mode mode)2365 dpp_get_mode(struct hostapd_data *hapd,
2366 enum hostapd_hw_mode mode)
2367 {
2368 struct hostapd_hw_modes *modes = hapd->iface->hw_features;
2369 u16 num_modes = hapd->iface->num_hw_features;
2370 u16 i;
2371
2372 for (i = 0; i < num_modes; i++) {
2373 if (modes[i].mode != mode ||
2374 !modes[i].num_channels || !modes[i].channels)
2375 continue;
2376 return &modes[i];
2377 }
2378
2379 return NULL;
2380 }
2381
2382
2383 static void
hostapd_dpp_chirp_scan_res_handler(struct hostapd_iface * iface)2384 hostapd_dpp_chirp_scan_res_handler(struct hostapd_iface *iface)
2385 {
2386 struct hostapd_data *hapd = iface->bss[0];
2387 struct wpa_scan_results *scan_res;
2388 struct dpp_bootstrap_info *bi = hapd->dpp_chirp_bi;
2389 unsigned int i;
2390 struct hostapd_hw_modes *mode;
2391 int c;
2392 bool chan6 = hapd->iface->hw_features == NULL;
2393
2394 if (!bi)
2395 return;
2396
2397 hapd->dpp_chirp_scan_done = 1;
2398
2399 scan_res = hostapd_driver_get_scan_results(hapd);
2400
2401 os_free(hapd->dpp_chirp_freqs);
2402 hapd->dpp_chirp_freqs = NULL;
2403
2404 /* Channels from own bootstrapping info */
2405 if (bi) {
2406 for (i = 0; i < bi->num_freq; i++)
2407 int_array_add_unique(&hapd->dpp_chirp_freqs,
2408 bi->freq[i]);
2409 }
2410
2411 /* Preferred chirping channels */
2412 mode = dpp_get_mode(hapd, HOSTAPD_MODE_IEEE80211G);
2413 if (mode) {
2414 for (c = 0; c < mode->num_channels; c++) {
2415 struct hostapd_channel_data *chan = &mode->channels[c];
2416
2417 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2418 HOSTAPD_CHAN_RADAR) ||
2419 chan->freq != 2437)
2420 continue;
2421 chan6 = true;
2422 break;
2423 }
2424 }
2425 if (chan6)
2426 int_array_add_unique(&hapd->dpp_chirp_freqs, 2437);
2427
2428 mode = dpp_get_mode(hapd, HOSTAPD_MODE_IEEE80211A);
2429 if (mode) {
2430 int chan44 = 0, chan149 = 0;
2431
2432 for (c = 0; c < mode->num_channels; c++) {
2433 struct hostapd_channel_data *chan = &mode->channels[c];
2434
2435 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2436 HOSTAPD_CHAN_RADAR))
2437 continue;
2438 if (chan->freq == 5220)
2439 chan44 = 1;
2440 if (chan->freq == 5745)
2441 chan149 = 1;
2442 }
2443 if (chan149)
2444 int_array_add_unique(&hapd->dpp_chirp_freqs, 5745);
2445 else if (chan44)
2446 int_array_add_unique(&hapd->dpp_chirp_freqs, 5220);
2447 }
2448
2449 mode = dpp_get_mode(hapd, HOSTAPD_MODE_IEEE80211AD);
2450 if (mode) {
2451 for (c = 0; c < mode->num_channels; c++) {
2452 struct hostapd_channel_data *chan = &mode->channels[c];
2453
2454 if ((chan->flag & (HOSTAPD_CHAN_DISABLED |
2455 HOSTAPD_CHAN_RADAR)) ||
2456 chan->freq != 60480)
2457 continue;
2458 int_array_add_unique(&hapd->dpp_chirp_freqs, 60480);
2459 break;
2460 }
2461 }
2462
2463 /* Add channels from scan results for APs that advertise Configurator
2464 * Connectivity element */
2465 for (i = 0; scan_res && i < scan_res->num; i++) {
2466 struct wpa_scan_res *bss = scan_res->res[i];
2467 size_t ie_len = bss->ie_len;
2468
2469 if (!ie_len)
2470 ie_len = bss->beacon_ie_len;
2471 if (get_vendor_ie((const u8 *) (bss + 1), ie_len,
2472 DPP_CC_IE_VENDOR_TYPE))
2473 int_array_add_unique(&hapd->dpp_chirp_freqs,
2474 bss->freq);
2475 }
2476
2477 if (!hapd->dpp_chirp_freqs ||
2478 eloop_register_timeout(0, 0, hostapd_dpp_chirp_next,
2479 hapd, NULL) < 0)
2480 hostapd_dpp_chirp_stop(hapd);
2481
2482 wpa_scan_results_free(scan_res);
2483 }
2484
2485
hostapd_dpp_chirp_next(void * eloop_ctx,void * timeout_ctx)2486 static void hostapd_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx)
2487 {
2488 struct hostapd_data *hapd = eloop_ctx;
2489 int i;
2490
2491 if (hapd->dpp_chirp_listen)
2492 hostapd_dpp_listen_stop(hapd);
2493
2494 if (hapd->dpp_chirp_freq == 0) {
2495 if (hapd->dpp_chirp_round % 4 == 0 &&
2496 !hapd->dpp_chirp_scan_done) {
2497 struct wpa_driver_scan_params params;
2498 int ret;
2499
2500 wpa_printf(MSG_DEBUG,
2501 "DPP: Update channel list for chirping");
2502 os_memset(¶ms, 0, sizeof(params));
2503 ret = hostapd_driver_scan(hapd, ¶ms);
2504 if (ret < 0) {
2505 wpa_printf(MSG_DEBUG,
2506 "DPP: Failed to request a scan ret=%d (%s)",
2507 ret, strerror(-ret));
2508 hostapd_dpp_chirp_scan_res_handler(hapd->iface);
2509 } else {
2510 hapd->iface->scan_cb =
2511 hostapd_dpp_chirp_scan_res_handler;
2512 }
2513 return;
2514 }
2515 hapd->dpp_chirp_freq = hapd->dpp_chirp_freqs[0];
2516 hapd->dpp_chirp_round++;
2517 wpa_printf(MSG_DEBUG, "DPP: Start chirping round %d",
2518 hapd->dpp_chirp_round);
2519 } else {
2520 for (i = 0; hapd->dpp_chirp_freqs[i]; i++)
2521 if (hapd->dpp_chirp_freqs[i] == hapd->dpp_chirp_freq)
2522 break;
2523 if (!hapd->dpp_chirp_freqs[i]) {
2524 wpa_printf(MSG_DEBUG,
2525 "DPP: Previous chirp freq %d not found",
2526 hapd->dpp_chirp_freq);
2527 return;
2528 }
2529 i++;
2530 if (hapd->dpp_chirp_freqs[i]) {
2531 hapd->dpp_chirp_freq = hapd->dpp_chirp_freqs[i];
2532 } else {
2533 hapd->dpp_chirp_iter--;
2534 if (hapd->dpp_chirp_iter <= 0) {
2535 wpa_printf(MSG_DEBUG,
2536 "DPP: Chirping iterations completed");
2537 hostapd_dpp_chirp_stop(hapd);
2538 return;
2539 }
2540 hapd->dpp_chirp_freq = 0;
2541 hapd->dpp_chirp_scan_done = 0;
2542 if (eloop_register_timeout(30, 0,
2543 hostapd_dpp_chirp_next,
2544 hapd, NULL) < 0) {
2545 hostapd_dpp_chirp_stop(hapd);
2546 return;
2547 }
2548 if (hapd->dpp_chirp_listen) {
2549 wpa_printf(MSG_DEBUG,
2550 "DPP: Listen on %d MHz during chirp 30 second wait",
2551 hapd->dpp_chirp_listen);
2552 /* TODO: start listen on the channel */
2553 } else {
2554 wpa_printf(MSG_DEBUG,
2555 "DPP: Wait 30 seconds before starting the next chirping round");
2556 }
2557 return;
2558 }
2559 }
2560
2561 hostapd_dpp_chirp_start(hapd);
2562 }
2563
2564
hostapd_dpp_chirp(struct hostapd_data * hapd,const char * cmd)2565 int hostapd_dpp_chirp(struct hostapd_data *hapd, const char *cmd)
2566 {
2567 const char *pos;
2568 int iter = 1, listen_freq = 0;
2569 struct dpp_bootstrap_info *bi;
2570
2571 pos = os_strstr(cmd, " own=");
2572 if (!pos)
2573 return -1;
2574 pos += 5;
2575 bi = dpp_bootstrap_get_id(hapd->iface->interfaces->dpp, atoi(pos));
2576 if (!bi) {
2577 wpa_printf(MSG_DEBUG,
2578 "DPP: Identified bootstrap info not found");
2579 return -1;
2580 }
2581
2582 pos = os_strstr(cmd, " iter=");
2583 if (pos) {
2584 iter = atoi(pos + 6);
2585 if (iter <= 0)
2586 return -1;
2587 }
2588
2589 pos = os_strstr(cmd, " listen=");
2590 if (pos) {
2591 listen_freq = atoi(pos + 8);
2592 if (listen_freq <= 0)
2593 return -1;
2594 }
2595
2596 hostapd_dpp_chirp_stop(hapd);
2597 hapd->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
2598 hapd->dpp_qr_mutual = 0;
2599 hapd->dpp_chirp_bi = bi;
2600 hapd->dpp_presence_announcement = dpp_build_presence_announcement(bi);
2601 if (!hapd->dpp_presence_announcement)
2602 return -1;
2603 hapd->dpp_chirp_iter = iter;
2604 hapd->dpp_chirp_round = 0;
2605 hapd->dpp_chirp_scan_done = 0;
2606 hapd->dpp_chirp_listen = listen_freq;
2607
2608 return eloop_register_timeout(0, 0, hostapd_dpp_chirp_next, hapd, NULL);
2609 }
2610
2611
hostapd_dpp_chirp_stop(struct hostapd_data * hapd)2612 void hostapd_dpp_chirp_stop(struct hostapd_data *hapd)
2613 {
2614 if (hapd->dpp_presence_announcement) {
2615 hostapd_drv_send_action_cancel_wait(hapd);
2616 wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CHIRP_STOPPED);
2617 }
2618 hapd->dpp_chirp_bi = NULL;
2619 wpabuf_free(hapd->dpp_presence_announcement);
2620 hapd->dpp_presence_announcement = NULL;
2621 if (hapd->dpp_chirp_listen)
2622 hostapd_dpp_listen_stop(hapd);
2623 hapd->dpp_chirp_listen = 0;
2624 hapd->dpp_chirp_freq = 0;
2625 os_free(hapd->dpp_chirp_freqs);
2626 hapd->dpp_chirp_freqs = NULL;
2627 eloop_cancel_timeout(hostapd_dpp_chirp_next, hapd, NULL);
2628 eloop_cancel_timeout(hostapd_dpp_chirp_timeout, hapd, NULL);
2629 if (hapd->iface->scan_cb == hostapd_dpp_chirp_scan_res_handler) {
2630 /* TODO: abort ongoing scan */
2631 hapd->iface->scan_cb = NULL;
2632 }
2633 }
2634
2635
handle_dpp_remove_bi(struct hostapd_iface * iface,void * ctx)2636 static int handle_dpp_remove_bi(struct hostapd_iface *iface, void *ctx)
2637 {
2638 struct dpp_bootstrap_info *bi = ctx;
2639 size_t i;
2640
2641 for (i = 0; i < iface->num_bss; i++) {
2642 struct hostapd_data *hapd = iface->bss[i];
2643
2644 if (bi == hapd->dpp_chirp_bi)
2645 hostapd_dpp_chirp_stop(hapd);
2646 }
2647
2648 return 0;
2649 }
2650
2651
hostapd_dpp_remove_bi(void * ctx,struct dpp_bootstrap_info * bi)2652 void hostapd_dpp_remove_bi(void *ctx, struct dpp_bootstrap_info *bi)
2653 {
2654 struct hapd_interfaces *interfaces = ctx;
2655
2656 hostapd_for_each_interface(interfaces, handle_dpp_remove_bi, bi);
2657 }
2658
2659 #endif /* CONFIG_DPP2 */
2660