1 /* 2 * DPP over TCP 3 * Copyright (c) 2019-2020, The Linux Foundation 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 #include <fcntl.h> 11 12 #include "utils/common.h" 13 #include "utils/ip_addr.h" 14 #include "utils/eloop.h" 15 #include "common/ieee802_11_common.h" 16 #include "common/wpa_ctrl.h" 17 #include "dpp.h" 18 #include "dpp_i.h" 19 20 #ifdef CONFIG_DPP2 21 22 struct dpp_connection { 23 struct dl_list list; 24 struct dpp_controller *ctrl; 25 struct dpp_relay_controller *relay; 26 struct dpp_global *global; 27 struct dpp_authentication *auth; 28 void *msg_ctx; 29 void *cb_ctx; 30 int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth); 31 int sock; 32 u8 mac_addr[ETH_ALEN]; 33 unsigned int freq; 34 u8 msg_len[4]; 35 size_t msg_len_octets; 36 struct wpabuf *msg; 37 struct wpabuf *msg_out; 38 size_t msg_out_pos; 39 unsigned int read_eloop:1; 40 unsigned int write_eloop:1; 41 unsigned int on_tcp_tx_complete_gas_done:1; 42 unsigned int on_tcp_tx_complete_remove:1; 43 unsigned int on_tcp_tx_complete_auth_ok:1; 44 unsigned int gas_comeback_in_progress:1; 45 u8 gas_dialog_token; 46 char *name; 47 enum dpp_netrole netrole; 48 }; 49 50 /* Remote Controller */ 51 struct dpp_relay_controller { 52 struct dl_list list; 53 struct dpp_global *global; 54 u8 pkhash[SHA256_MAC_LEN]; 55 struct hostapd_ip_addr ipaddr; 56 void *msg_ctx; 57 void *cb_ctx; 58 void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg, 59 size_t len); 60 void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token, 61 int prot, struct wpabuf *buf); 62 struct dl_list conn; /* struct dpp_connection */ 63 }; 64 65 /* Local Controller */ 66 struct dpp_controller { 67 struct dpp_global *global; 68 u8 allowed_roles; 69 int qr_mutual; 70 int sock; 71 struct dl_list conn; /* struct dpp_connection */ 72 char *configurator_params; 73 enum dpp_netrole netrole; 74 void *msg_ctx; 75 void *cb_ctx; 76 int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth); 77 }; 78 79 static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx); 80 static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx); 81 static void dpp_controller_auth_success(struct dpp_connection *conn, 82 int initiator); 83 static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx); 84 static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx); 85 static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx); 86 87 88 static void dpp_connection_free(struct dpp_connection *conn) 89 { 90 if (conn->sock >= 0) { 91 wpa_printf(MSG_DEBUG, "DPP: Close Controller socket %d", 92 conn->sock); 93 eloop_unregister_sock(conn->sock, EVENT_TYPE_READ); 94 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); 95 close(conn->sock); 96 } 97 eloop_cancel_timeout(dpp_controller_conn_status_result_wait_timeout, 98 conn, NULL); 99 eloop_cancel_timeout(dpp_tcp_build_csr, conn, NULL); 100 eloop_cancel_timeout(dpp_tcp_gas_query_comeback, conn, NULL); 101 eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL); 102 wpabuf_free(conn->msg); 103 wpabuf_free(conn->msg_out); 104 dpp_auth_deinit(conn->auth); 105 os_free(conn->name); 106 os_free(conn); 107 } 108 109 110 static void dpp_connection_remove(struct dpp_connection *conn) 111 { 112 dl_list_del(&conn->list); 113 dpp_connection_free(conn); 114 } 115 116 117 int dpp_relay_add_controller(struct dpp_global *dpp, 118 struct dpp_relay_config *config) 119 { 120 struct dpp_relay_controller *ctrl; 121 122 if (!dpp) 123 return -1; 124 125 ctrl = os_zalloc(sizeof(*ctrl)); 126 if (!ctrl) 127 return -1; 128 dl_list_init(&ctrl->conn); 129 ctrl->global = dpp; 130 os_memcpy(&ctrl->ipaddr, config->ipaddr, sizeof(*config->ipaddr)); 131 os_memcpy(ctrl->pkhash, config->pkhash, SHA256_MAC_LEN); 132 ctrl->msg_ctx = config->msg_ctx; 133 ctrl->cb_ctx = config->cb_ctx; 134 ctrl->tx = config->tx; 135 ctrl->gas_resp_tx = config->gas_resp_tx; 136 dl_list_add(&dpp->controllers, &ctrl->list); 137 return 0; 138 } 139 140 141 static struct dpp_relay_controller * 142 dpp_relay_controller_get(struct dpp_global *dpp, const u8 *pkhash) 143 { 144 struct dpp_relay_controller *ctrl; 145 146 if (!dpp) 147 return NULL; 148 149 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller, 150 list) { 151 if (os_memcmp(pkhash, ctrl->pkhash, SHA256_MAC_LEN) == 0) 152 return ctrl; 153 } 154 155 return NULL; 156 } 157 158 159 static struct dpp_relay_controller * 160 dpp_relay_controller_get_ctx(struct dpp_global *dpp, void *cb_ctx) 161 { 162 struct dpp_relay_controller *ctrl; 163 164 if (!dpp) 165 return NULL; 166 167 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller, 168 list) { 169 if (cb_ctx == ctrl->cb_ctx) 170 return ctrl; 171 } 172 173 return NULL; 174 } 175 176 177 static void dpp_controller_gas_done(struct dpp_connection *conn) 178 { 179 struct dpp_authentication *auth = conn->auth; 180 181 if (auth->waiting_csr) { 182 wpa_printf(MSG_DEBUG, "DPP: Waiting for CSR"); 183 conn->on_tcp_tx_complete_gas_done = 0; 184 return; 185 } 186 187 if (auth->peer_version >= 2 && 188 auth->conf_resp_status == DPP_STATUS_OK) { 189 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result"); 190 auth->waiting_conf_result = 1; 191 return; 192 } 193 194 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT); 195 dpp_connection_remove(conn); 196 } 197 198 199 static int dpp_tcp_send(struct dpp_connection *conn) 200 { 201 int res; 202 203 if (!conn->msg_out) { 204 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); 205 conn->write_eloop = 0; 206 return -1; 207 } 208 res = send(conn->sock, 209 wpabuf_head_u8(conn->msg_out) + conn->msg_out_pos, 210 wpabuf_len(conn->msg_out) - conn->msg_out_pos, 0); 211 if (res < 0) { 212 wpa_printf(MSG_DEBUG, "DPP: Failed to send buffer: %s", 213 strerror(errno)); 214 dpp_connection_remove(conn); 215 return -1; 216 } 217 218 conn->msg_out_pos += res; 219 if (wpabuf_len(conn->msg_out) > conn->msg_out_pos) { 220 wpa_printf(MSG_DEBUG, 221 "DPP: %u/%u bytes of message sent to Controller", 222 (unsigned int) conn->msg_out_pos, 223 (unsigned int) wpabuf_len(conn->msg_out)); 224 if (!conn->write_eloop && 225 eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 226 dpp_conn_tx_ready, conn, NULL) == 0) 227 conn->write_eloop = 1; 228 return 1; 229 } 230 231 wpa_printf(MSG_DEBUG, "DPP: Full message sent over TCP"); 232 wpabuf_free(conn->msg_out); 233 conn->msg_out = NULL; 234 conn->msg_out_pos = 0; 235 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); 236 conn->write_eloop = 0; 237 if (!conn->read_eloop && 238 eloop_register_sock(conn->sock, EVENT_TYPE_READ, 239 dpp_controller_rx, conn, NULL) == 0) 240 conn->read_eloop = 1; 241 if (conn->on_tcp_tx_complete_remove) { 242 dpp_connection_remove(conn); 243 } else if (conn->auth && (conn->ctrl || conn->auth->configurator) && 244 conn->on_tcp_tx_complete_gas_done) { 245 dpp_controller_gas_done(conn); 246 } else if (conn->on_tcp_tx_complete_auth_ok) { 247 conn->on_tcp_tx_complete_auth_ok = 0; 248 dpp_controller_auth_success(conn, 1); 249 } 250 251 return 0; 252 } 253 254 255 static int dpp_tcp_send_msg(struct dpp_connection *conn, 256 const struct wpabuf *msg) 257 { 258 wpabuf_free(conn->msg_out); 259 conn->msg_out_pos = 0; 260 conn->msg_out = wpabuf_alloc(4 + wpabuf_len(msg) - 1); 261 if (!conn->msg_out) 262 return -1; 263 wpabuf_put_be32(conn->msg_out, wpabuf_len(msg) - 1); 264 wpabuf_put_data(conn->msg_out, wpabuf_head_u8(msg) + 1, 265 wpabuf_len(msg) - 1); 266 267 if (dpp_tcp_send(conn) == 1) { 268 if (!conn->write_eloop) { 269 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 270 dpp_conn_tx_ready, 271 conn, NULL) < 0) 272 return -1; 273 conn->write_eloop = 1; 274 } 275 } 276 277 return 0; 278 } 279 280 281 static void dpp_controller_start_gas_client(struct dpp_connection *conn) 282 { 283 struct dpp_authentication *auth = conn->auth; 284 struct wpabuf *buf; 285 const char *dpp_name; 286 287 dpp_name = conn->name ? conn->name : "Test"; 288 buf = dpp_build_conf_req_helper(auth, dpp_name, conn->netrole, NULL, 289 NULL); 290 if (!buf) { 291 wpa_printf(MSG_DEBUG, 292 "DPP: No configuration request data available"); 293 return; 294 } 295 296 dpp_tcp_send_msg(conn, buf); 297 wpabuf_free(buf); 298 } 299 300 301 static void dpp_controller_auth_success(struct dpp_connection *conn, 302 int initiator) 303 { 304 struct dpp_authentication *auth = conn->auth; 305 306 if (!auth) 307 return; 308 309 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded"); 310 wpa_msg(conn->msg_ctx, MSG_INFO, 311 DPP_EVENT_AUTH_SUCCESS "init=%d", initiator); 312 #ifdef CONFIG_TESTING_OPTIONS 313 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) { 314 wpa_printf(MSG_INFO, 315 "DPP: TESTING - stop at Authentication Confirm"); 316 if (auth->configurator) { 317 /* Prevent GAS response */ 318 auth->auth_success = 0; 319 } 320 return; 321 } 322 #endif /* CONFIG_TESTING_OPTIONS */ 323 324 if (!auth->configurator) 325 dpp_controller_start_gas_client(conn); 326 } 327 328 329 static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx) 330 { 331 struct dpp_connection *conn = eloop_ctx; 332 333 wpa_printf(MSG_DEBUG, "DPP: TCP socket %d ready for TX", sock); 334 dpp_tcp_send(conn); 335 } 336 337 338 static int dpp_ipaddr_to_sockaddr(struct sockaddr *addr, socklen_t *addrlen, 339 const struct hostapd_ip_addr *ipaddr, 340 int port) 341 { 342 struct sockaddr_in *dst; 343 #ifdef CONFIG_IPV6 344 struct sockaddr_in6 *dst6; 345 #endif /* CONFIG_IPV6 */ 346 347 switch (ipaddr->af) { 348 case AF_INET: 349 dst = (struct sockaddr_in *) addr; 350 os_memset(dst, 0, sizeof(*dst)); 351 dst->sin_family = AF_INET; 352 dst->sin_addr.s_addr = ipaddr->u.v4.s_addr; 353 dst->sin_port = htons(port); 354 *addrlen = sizeof(*dst); 355 break; 356 #ifdef CONFIG_IPV6 357 case AF_INET6: 358 dst6 = (struct sockaddr_in6 *) addr; 359 os_memset(dst6, 0, sizeof(*dst6)); 360 dst6->sin6_family = AF_INET6; 361 os_memcpy(&dst6->sin6_addr, &ipaddr->u.v6, 362 sizeof(struct in6_addr)); 363 dst6->sin6_port = htons(port); 364 *addrlen = sizeof(*dst6); 365 break; 366 #endif /* CONFIG_IPV6 */ 367 default: 368 return -1; 369 } 370 371 return 0; 372 } 373 374 375 static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx) 376 { 377 struct dpp_connection *conn = eloop_ctx; 378 379 wpa_printf(MSG_DEBUG, 380 "DPP: Timeout while waiting for relayed connection to complete"); 381 dpp_connection_remove(conn); 382 } 383 384 385 static struct dpp_connection * 386 dpp_relay_new_conn(struct dpp_relay_controller *ctrl, const u8 *src, 387 unsigned int freq) 388 { 389 struct dpp_connection *conn; 390 struct sockaddr_storage addr; 391 socklen_t addrlen; 392 char txt[100]; 393 394 if (dl_list_len(&ctrl->conn) >= 15) { 395 wpa_printf(MSG_DEBUG, 396 "DPP: Too many ongoing Relay connections to the Controller - cannot start a new one"); 397 return NULL; 398 } 399 400 if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &addr, &addrlen, 401 &ctrl->ipaddr, DPP_TCP_PORT) < 0) 402 return NULL; 403 404 conn = os_zalloc(sizeof(*conn)); 405 if (!conn) 406 return NULL; 407 408 conn->global = ctrl->global; 409 conn->relay = ctrl; 410 conn->msg_ctx = ctrl->msg_ctx; 411 conn->cb_ctx = ctrl->global->cb_ctx; 412 os_memcpy(conn->mac_addr, src, ETH_ALEN); 413 conn->freq = freq; 414 415 conn->sock = socket(AF_INET, SOCK_STREAM, 0); 416 if (conn->sock < 0) 417 goto fail; 418 wpa_printf(MSG_DEBUG, "DPP: TCP relay socket %d connection to %s", 419 conn->sock, hostapd_ip_txt(&ctrl->ipaddr, txt, sizeof(txt))); 420 421 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 422 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 423 strerror(errno)); 424 goto fail; 425 } 426 427 if (connect(conn->sock, (struct sockaddr *) &addr, addrlen) < 0) { 428 if (errno != EINPROGRESS) { 429 wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s", 430 strerror(errno)); 431 goto fail; 432 } 433 434 /* 435 * Continue connecting in the background; eloop will call us 436 * once the connection is ready (or failed). 437 */ 438 } 439 440 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 441 dpp_conn_tx_ready, conn, NULL) < 0) 442 goto fail; 443 conn->write_eloop = 1; 444 445 eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL); 446 eloop_register_timeout(20, 0, dpp_relay_conn_timeout, conn, NULL); 447 448 dl_list_add(&ctrl->conn, &conn->list); 449 return conn; 450 fail: 451 dpp_connection_free(conn); 452 return NULL; 453 } 454 455 456 static struct wpabuf * dpp_tcp_encaps(const u8 *hdr, const u8 *buf, size_t len) 457 { 458 struct wpabuf *msg; 459 460 msg = wpabuf_alloc(4 + 1 + DPP_HDR_LEN + len); 461 if (!msg) 462 return NULL; 463 wpabuf_put_be32(msg, 1 + DPP_HDR_LEN + len); 464 wpabuf_put_u8(msg, WLAN_PA_VENDOR_SPECIFIC); 465 wpabuf_put_data(msg, hdr, DPP_HDR_LEN); 466 wpabuf_put_data(msg, buf, len); 467 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); 468 return msg; 469 } 470 471 472 static int dpp_relay_tx(struct dpp_connection *conn, const u8 *hdr, 473 const u8 *buf, size_t len) 474 { 475 u8 type = hdr[DPP_HDR_LEN - 1]; 476 477 wpa_printf(MSG_DEBUG, 478 "DPP: Continue already established Relay/Controller connection for this session"); 479 wpabuf_free(conn->msg_out); 480 conn->msg_out_pos = 0; 481 conn->msg_out = dpp_tcp_encaps(hdr, buf, len); 482 if (!conn->msg_out) { 483 dpp_connection_remove(conn); 484 return -1; 485 } 486 487 /* TODO: for proto ver 1, need to do remove connection based on GAS Resp 488 * TX status */ 489 if (type == DPP_PA_CONFIGURATION_RESULT) 490 conn->on_tcp_tx_complete_remove = 1; 491 dpp_tcp_send(conn); 492 return 0; 493 } 494 495 496 int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr, 497 const u8 *buf, size_t len, unsigned int freq, 498 const u8 *i_bootstrap, const u8 *r_bootstrap, 499 void *cb_ctx) 500 { 501 struct dpp_relay_controller *ctrl; 502 struct dpp_connection *conn; 503 u8 type = hdr[DPP_HDR_LEN - 1]; 504 505 /* Check if there is an already started session for this peer and if so, 506 * continue that session (send this over TCP) and return 0. 507 */ 508 if (type != DPP_PA_PEER_DISCOVERY_REQ && 509 type != DPP_PA_PEER_DISCOVERY_RESP && 510 type != DPP_PA_PRESENCE_ANNOUNCEMENT && 511 type != DPP_PA_RECONFIG_ANNOUNCEMENT) { 512 dl_list_for_each(ctrl, &dpp->controllers, 513 struct dpp_relay_controller, list) { 514 dl_list_for_each(conn, &ctrl->conn, 515 struct dpp_connection, list) { 516 if (os_memcmp(src, conn->mac_addr, 517 ETH_ALEN) == 0) 518 return dpp_relay_tx(conn, hdr, buf, len); 519 } 520 } 521 } 522 523 if (type == DPP_PA_PRESENCE_ANNOUNCEMENT || 524 type == DPP_PA_RECONFIG_ANNOUNCEMENT) { 525 /* TODO: Could send this to all configured Controllers. For now, 526 * only the first Controller is supported. */ 527 ctrl = dpp_relay_controller_get_ctx(dpp, cb_ctx); 528 } else { 529 if (!r_bootstrap) 530 return -1; 531 ctrl = dpp_relay_controller_get(dpp, r_bootstrap); 532 } 533 if (!ctrl) 534 return -1; 535 536 wpa_printf(MSG_DEBUG, 537 "DPP: Authentication Request for a configured Controller"); 538 conn = dpp_relay_new_conn(ctrl, src, freq); 539 if (!conn) 540 return -1; 541 542 conn->msg_out = dpp_tcp_encaps(hdr, buf, len); 543 if (!conn->msg_out) { 544 dpp_connection_remove(conn); 545 return -1; 546 } 547 /* Message will be sent in dpp_conn_tx_ready() */ 548 549 return 0; 550 } 551 552 553 int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data, 554 size_t data_len) 555 { 556 struct dpp_relay_controller *ctrl; 557 struct dpp_connection *conn, *found = NULL; 558 struct wpabuf *msg; 559 560 /* Check if there is a successfully completed authentication for this 561 * and if so, continue that session (send this over TCP) and return 0. 562 */ 563 dl_list_for_each(ctrl, &dpp->controllers, 564 struct dpp_relay_controller, list) { 565 if (found) 566 break; 567 dl_list_for_each(conn, &ctrl->conn, 568 struct dpp_connection, list) { 569 if (os_memcmp(src, conn->mac_addr, 570 ETH_ALEN) == 0) { 571 found = conn; 572 break; 573 } 574 } 575 } 576 577 if (!found) 578 return -1; 579 580 msg = wpabuf_alloc(4 + 1 + data_len); 581 if (!msg) 582 return -1; 583 wpabuf_put_be32(msg, 1 + data_len); 584 wpabuf_put_u8(msg, WLAN_PA_GAS_INITIAL_REQ); 585 wpabuf_put_data(msg, data, data_len); 586 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); 587 588 wpabuf_free(conn->msg_out); 589 conn->msg_out_pos = 0; 590 conn->msg_out = msg; 591 dpp_tcp_send(conn); 592 return 0; 593 } 594 595 596 static void dpp_controller_free(struct dpp_controller *ctrl) 597 { 598 struct dpp_connection *conn, *tmp; 599 600 if (!ctrl) 601 return; 602 603 dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection, 604 list) 605 dpp_connection_remove(conn); 606 607 if (ctrl->sock >= 0) { 608 close(ctrl->sock); 609 eloop_unregister_sock(ctrl->sock, EVENT_TYPE_READ); 610 } 611 os_free(ctrl->configurator_params); 612 os_free(ctrl); 613 } 614 615 616 static int dpp_controller_rx_auth_req(struct dpp_connection *conn, 617 const u8 *hdr, const u8 *buf, size_t len) 618 { 619 const u8 *r_bootstrap, *i_bootstrap; 620 u16 r_bootstrap_len, i_bootstrap_len; 621 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL; 622 623 if (!conn->ctrl) 624 return 0; 625 626 wpa_printf(MSG_DEBUG, "DPP: Authentication Request"); 627 628 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 629 &r_bootstrap_len); 630 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { 631 wpa_printf(MSG_INFO, 632 "Missing or invalid required Responder Bootstrapping Key Hash attribute"); 633 return -1; 634 } 635 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 636 r_bootstrap, r_bootstrap_len); 637 638 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, 639 &i_bootstrap_len); 640 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) { 641 wpa_printf(MSG_INFO, 642 "Missing or invalid required Initiator Bootstrapping Key Hash attribute"); 643 return -1; 644 } 645 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash", 646 i_bootstrap, i_bootstrap_len); 647 648 /* Try to find own and peer bootstrapping key matches based on the 649 * received hash values */ 650 dpp_bootstrap_find_pair(conn->ctrl->global, i_bootstrap, r_bootstrap, 651 &own_bi, &peer_bi); 652 if (!own_bi) { 653 wpa_printf(MSG_INFO, 654 "No matching own bootstrapping key found - ignore message"); 655 return -1; 656 } 657 658 if (conn->auth) { 659 wpa_printf(MSG_INFO, 660 "Already in DPP authentication exchange - ignore new one"); 661 return 0; 662 } 663 664 conn->auth = dpp_auth_req_rx(conn->ctrl->global, conn->msg_ctx, 665 conn->ctrl->allowed_roles, 666 conn->ctrl->qr_mutual, 667 peer_bi, own_bi, -1, hdr, buf, len); 668 if (!conn->auth) { 669 wpa_printf(MSG_DEBUG, "DPP: No response generated"); 670 return -1; 671 } 672 673 if (dpp_set_configurator(conn->auth, 674 conn->ctrl->configurator_params) < 0) { 675 dpp_connection_remove(conn); 676 return -1; 677 } 678 679 return dpp_tcp_send_msg(conn, conn->auth->resp_msg); 680 } 681 682 683 static int dpp_controller_rx_auth_resp(struct dpp_connection *conn, 684 const u8 *hdr, const u8 *buf, size_t len) 685 { 686 struct dpp_authentication *auth = conn->auth; 687 struct wpabuf *msg; 688 int res; 689 690 if (!auth) 691 return -1; 692 693 wpa_printf(MSG_DEBUG, "DPP: Authentication Response"); 694 695 msg = dpp_auth_resp_rx(auth, hdr, buf, len); 696 if (!msg) { 697 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) { 698 wpa_printf(MSG_DEBUG, 699 "DPP: Start wait for full response"); 700 return 0; 701 } 702 wpa_printf(MSG_DEBUG, "DPP: No confirm generated"); 703 dpp_connection_remove(conn); 704 return -1; 705 } 706 707 conn->on_tcp_tx_complete_auth_ok = 1; 708 res = dpp_tcp_send_msg(conn, msg); 709 wpabuf_free(msg); 710 return res; 711 } 712 713 714 static int dpp_controller_rx_auth_conf(struct dpp_connection *conn, 715 const u8 *hdr, const u8 *buf, size_t len) 716 { 717 struct dpp_authentication *auth = conn->auth; 718 719 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation"); 720 721 if (!auth) { 722 wpa_printf(MSG_DEBUG, 723 "DPP: No DPP Authentication in progress - drop"); 724 return -1; 725 } 726 727 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) { 728 wpa_printf(MSG_DEBUG, "DPP: Authentication failed"); 729 return -1; 730 } 731 732 dpp_controller_auth_success(conn, 0); 733 return 0; 734 } 735 736 737 void dpp_controller_conn_status_result_wait_timeout(void *eloop_ctx, 738 void *timeout_ctx) 739 { 740 struct dpp_connection *conn = eloop_ctx; 741 742 if (!conn->auth->waiting_conf_result) 743 return; 744 745 wpa_printf(MSG_DEBUG, 746 "DPP: Timeout while waiting for Connection Status Result"); 747 wpa_msg(conn->msg_ctx, MSG_INFO, 748 DPP_EVENT_CONN_STATUS_RESULT "timeout"); 749 dpp_connection_remove(conn); 750 } 751 752 753 static int dpp_controller_rx_conf_result(struct dpp_connection *conn, 754 const u8 *hdr, const u8 *buf, 755 size_t len) 756 { 757 struct dpp_authentication *auth = conn->auth; 758 enum dpp_status_error status; 759 void *msg_ctx = conn->msg_ctx; 760 761 if (!conn->ctrl && (!auth || !auth->configurator)) 762 return 0; 763 764 wpa_printf(MSG_DEBUG, "DPP: Configuration Result"); 765 766 if (!auth || !auth->waiting_conf_result) { 767 wpa_printf(MSG_DEBUG, 768 "DPP: No DPP Configuration waiting for result - drop"); 769 return -1; 770 } 771 772 status = dpp_conf_result_rx(auth, hdr, buf, len); 773 if (status == DPP_STATUS_OK && auth->send_conn_status) { 774 wpa_msg(msg_ctx, MSG_INFO, 775 DPP_EVENT_CONF_SENT "wait_conn_status=1"); 776 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result"); 777 eloop_cancel_timeout( 778 dpp_controller_conn_status_result_wait_timeout, 779 conn, NULL); 780 eloop_register_timeout( 781 16, 0, dpp_controller_conn_status_result_wait_timeout, 782 conn, NULL); 783 return 0; 784 } 785 if (status == DPP_STATUS_OK) 786 wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT); 787 else 788 wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED); 789 return -1; /* to remove the completed connection */ 790 } 791 792 793 static int dpp_controller_rx_conn_status_result(struct dpp_connection *conn, 794 const u8 *hdr, const u8 *buf, 795 size_t len) 796 { 797 struct dpp_authentication *auth = conn->auth; 798 enum dpp_status_error status; 799 u8 ssid[SSID_MAX_LEN]; 800 size_t ssid_len = 0; 801 char *channel_list = NULL; 802 803 if (!conn->ctrl) 804 return 0; 805 806 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result"); 807 808 if (!auth || !auth->waiting_conn_status_result) { 809 wpa_printf(MSG_DEBUG, 810 "DPP: No DPP Configuration waiting for connection status result - drop"); 811 return -1; 812 } 813 814 status = dpp_conn_status_result_rx(auth, hdr, buf, len, 815 ssid, &ssid_len, &channel_list); 816 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT 817 "result=%d ssid=%s channel_list=%s", 818 status, wpa_ssid_txt(ssid, ssid_len), 819 channel_list ? channel_list : "N/A"); 820 os_free(channel_list); 821 return -1; /* to remove the completed connection */ 822 } 823 824 825 static int dpp_controller_rx_presence_announcement(struct dpp_connection *conn, 826 const u8 *hdr, const u8 *buf, 827 size_t len) 828 { 829 const u8 *r_bootstrap; 830 u16 r_bootstrap_len; 831 struct dpp_bootstrap_info *peer_bi; 832 struct dpp_authentication *auth; 833 struct dpp_global *dpp = conn->ctrl->global; 834 835 if (conn->auth) { 836 wpa_printf(MSG_DEBUG, 837 "DPP: Ignore Presence Announcement during ongoing Authentication"); 838 return -1; 839 } 840 841 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement"); 842 843 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 844 &r_bootstrap_len); 845 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { 846 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 847 "Missing or invalid required Responder Bootstrapping Key Hash attribute"); 848 return -1; 849 } 850 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 851 r_bootstrap, r_bootstrap_len); 852 peer_bi = dpp_bootstrap_find_chirp(dpp, r_bootstrap); 853 if (!peer_bi) { 854 wpa_printf(MSG_DEBUG, 855 "DPP: No matching bootstrapping information found"); 856 return -1; 857 } 858 859 auth = dpp_auth_init(dpp, conn->msg_ctx, peer_bi, NULL, 860 DPP_CAPAB_CONFIGURATOR, -1, NULL, 0); 861 if (!auth) 862 return -1; 863 if (dpp_set_configurator(auth, conn->ctrl->configurator_params) < 0) { 864 dpp_auth_deinit(auth); 865 dpp_connection_remove(conn); 866 return -1; 867 } 868 869 conn->auth = auth; 870 return dpp_tcp_send_msg(conn, conn->auth->req_msg); 871 } 872 873 874 static int dpp_controller_rx_reconfig_announcement(struct dpp_connection *conn, 875 const u8 *hdr, const u8 *buf, 876 size_t len) 877 { 878 const u8 *csign_hash, *fcgroup, *a_nonce, *e_id; 879 u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len; 880 struct dpp_configurator *conf; 881 struct dpp_global *dpp = conn->ctrl->global; 882 struct dpp_authentication *auth; 883 u16 group; 884 885 if (conn->auth) { 886 wpa_printf(MSG_DEBUG, 887 "DPP: Ignore Reconfig Announcement during ongoing Authentication"); 888 return -1; 889 } 890 891 wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement"); 892 893 csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH, 894 &csign_hash_len); 895 if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) { 896 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 897 "Missing or invalid required Configurator C-sign key Hash attribute"); 898 return -1; 899 } 900 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)", 901 csign_hash, csign_hash_len); 902 conf = dpp_configurator_find_kid(dpp, csign_hash); 903 if (!conf) { 904 wpa_printf(MSG_DEBUG, 905 "DPP: No matching Configurator information found"); 906 return -1; 907 } 908 909 fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP, 910 &fcgroup_len); 911 if (!fcgroup || fcgroup_len != 2) { 912 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 913 "Missing or invalid required Finite Cyclic Group attribute"); 914 return -1; 915 } 916 group = WPA_GET_LE16(fcgroup); 917 wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group); 918 919 a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len); 920 e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len); 921 922 auth = dpp_reconfig_init(dpp, conn->msg_ctx, conf, 0, group, 923 a_nonce, a_nonce_len, e_id, e_id_len); 924 if (!auth) 925 return -1; 926 if (dpp_set_configurator(auth, conn->ctrl->configurator_params) < 0) { 927 dpp_auth_deinit(auth); 928 return -1; 929 } 930 931 conn->auth = auth; 932 return dpp_tcp_send_msg(conn, auth->reconfig_req_msg); 933 } 934 935 936 static int dpp_controller_rx_reconfig_auth_resp(struct dpp_connection *conn, 937 const u8 *hdr, const u8 *buf, 938 size_t len) 939 { 940 struct dpp_authentication *auth = conn->auth; 941 struct wpabuf *conf; 942 int res; 943 944 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response"); 945 946 if (!auth || !auth->reconfig || !auth->configurator) { 947 wpa_printf(MSG_DEBUG, 948 "DPP: No DPP Reconfig Authentication in progress - drop"); 949 return -1; 950 } 951 952 conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len); 953 if (!conf) 954 return -1; 955 956 res = dpp_tcp_send_msg(conn, conf); 957 wpabuf_free(conf); 958 return res; 959 } 960 961 962 static int dpp_controller_rx_action(struct dpp_connection *conn, const u8 *msg, 963 size_t len) 964 { 965 const u8 *pos, *end; 966 u8 type; 967 968 wpa_printf(MSG_DEBUG, "DPP: Received DPP Action frame over TCP"); 969 pos = msg; 970 end = msg + len; 971 972 if (end - pos < DPP_HDR_LEN || 973 WPA_GET_BE24(pos) != OUI_WFA || 974 pos[3] != DPP_OUI_TYPE) { 975 wpa_printf(MSG_DEBUG, "DPP: Unrecognized header"); 976 return -1; 977 } 978 979 if (pos[4] != 1) { 980 wpa_printf(MSG_DEBUG, "DPP: Unsupported Crypto Suite %u", 981 pos[4]); 982 return -1; 983 } 984 type = pos[5]; 985 wpa_printf(MSG_DEBUG, "DPP: Received message type %u", type); 986 pos += DPP_HDR_LEN; 987 988 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", 989 pos, end - pos); 990 if (dpp_check_attrs(pos, end - pos) < 0) 991 return -1; 992 993 if (conn->relay) { 994 wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN"); 995 conn->relay->tx(conn->relay->cb_ctx, conn->mac_addr, 996 conn->freq, msg, len); 997 return 0; 998 } 999 1000 switch (type) { 1001 case DPP_PA_AUTHENTICATION_REQ: 1002 return dpp_controller_rx_auth_req(conn, msg, pos, end - pos); 1003 case DPP_PA_AUTHENTICATION_RESP: 1004 return dpp_controller_rx_auth_resp(conn, msg, pos, end - pos); 1005 case DPP_PA_AUTHENTICATION_CONF: 1006 return dpp_controller_rx_auth_conf(conn, msg, pos, end - pos); 1007 case DPP_PA_CONFIGURATION_RESULT: 1008 return dpp_controller_rx_conf_result(conn, msg, pos, end - pos); 1009 case DPP_PA_CONNECTION_STATUS_RESULT: 1010 return dpp_controller_rx_conn_status_result(conn, msg, pos, 1011 end - pos); 1012 case DPP_PA_PRESENCE_ANNOUNCEMENT: 1013 return dpp_controller_rx_presence_announcement(conn, msg, pos, 1014 end - pos); 1015 case DPP_PA_RECONFIG_ANNOUNCEMENT: 1016 return dpp_controller_rx_reconfig_announcement(conn, msg, pos, 1017 end - pos); 1018 case DPP_PA_RECONFIG_AUTH_RESP: 1019 return dpp_controller_rx_reconfig_auth_resp(conn, msg, pos, 1020 end - pos); 1021 default: 1022 /* TODO: missing messages types */ 1023 wpa_printf(MSG_DEBUG, 1024 "DPP: Unsupported frame subtype %d", type); 1025 return -1; 1026 } 1027 } 1028 1029 1030 static int dpp_tcp_send_comeback_delay(struct dpp_connection *conn, u8 action) 1031 { 1032 struct wpabuf *buf; 1033 size_t len = 18; 1034 1035 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1036 len++; 1037 1038 buf = wpabuf_alloc(4 + len); 1039 if (!buf) 1040 return -1; 1041 1042 wpabuf_put_be32(buf, len); 1043 1044 wpabuf_put_u8(buf, action); 1045 wpabuf_put_u8(buf, conn->gas_dialog_token); 1046 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); 1047 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1048 wpabuf_put_u8(buf, 0); 1049 wpabuf_put_le16(buf, 500); /* GAS Comeback Delay */ 1050 1051 dpp_write_adv_proto(buf); 1052 wpabuf_put_le16(buf, 0); /* Query Response Length */ 1053 1054 /* Send Config Response over TCP */ 1055 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", buf); 1056 wpabuf_free(conn->msg_out); 1057 conn->msg_out_pos = 0; 1058 conn->msg_out = buf; 1059 dpp_tcp_send(conn); 1060 return 0; 1061 } 1062 1063 1064 static int dpp_tcp_send_gas_resp(struct dpp_connection *conn, u8 action, 1065 struct wpabuf *resp) 1066 { 1067 struct wpabuf *buf; 1068 size_t len; 1069 1070 if (!resp) 1071 return -1; 1072 1073 len = 18 + wpabuf_len(resp); 1074 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1075 len++; 1076 1077 buf = wpabuf_alloc(4 + len); 1078 if (!buf) { 1079 wpabuf_free(resp); 1080 return -1; 1081 } 1082 1083 wpabuf_put_be32(buf, len); 1084 1085 wpabuf_put_u8(buf, action); 1086 wpabuf_put_u8(buf, conn->gas_dialog_token); 1087 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); 1088 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1089 wpabuf_put_u8(buf, 0); 1090 wpabuf_put_le16(buf, 0); /* GAS Comeback Delay */ 1091 1092 dpp_write_adv_proto(buf); 1093 dpp_write_gas_query(buf, resp); 1094 wpabuf_free(resp); 1095 1096 /* Send Config Response over TCP; GAS fragmentation is taken care of by 1097 * the Relay */ 1098 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", buf); 1099 wpabuf_free(conn->msg_out); 1100 conn->msg_out_pos = 0; 1101 conn->msg_out = buf; 1102 conn->on_tcp_tx_complete_gas_done = 1; 1103 dpp_tcp_send(conn); 1104 return 0; 1105 } 1106 1107 1108 static int dpp_controller_rx_gas_req(struct dpp_connection *conn, const u8 *msg, 1109 size_t len) 1110 { 1111 const u8 *pos, *end, *next; 1112 const u8 *adv_proto; 1113 u16 slen; 1114 struct wpabuf *resp; 1115 struct dpp_authentication *auth = conn->auth; 1116 1117 if (len < 1 + 2) 1118 return -1; 1119 1120 wpa_printf(MSG_DEBUG, 1121 "DPP: Received DPP Configuration Request over TCP"); 1122 1123 if (!auth || (!conn->ctrl && !auth->configurator) || 1124 (!auth->auth_success && !auth->reconfig_success)) { 1125 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 1126 return -1; 1127 } 1128 1129 pos = msg; 1130 end = msg + len; 1131 1132 conn->gas_dialog_token = *pos++; 1133 adv_proto = pos++; 1134 slen = *pos++; 1135 if (*adv_proto != WLAN_EID_ADV_PROTO || 1136 slen > end - pos || slen < 2) 1137 return -1; 1138 1139 next = pos + slen; 1140 pos++; /* skip QueryRespLenLimit and PAME-BI */ 1141 1142 if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC || 1143 pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA || 1144 pos[5] != DPP_OUI_TYPE || pos[6] != 0x01) 1145 return -1; 1146 1147 pos = next; 1148 /* Query Request */ 1149 if (end - pos < 2) 1150 return -1; 1151 slen = WPA_GET_LE16(pos); 1152 pos += 2; 1153 if (slen > end - pos) 1154 return -1; 1155 1156 resp = dpp_conf_req_rx(auth, pos, slen); 1157 if (!resp && auth->waiting_cert) { 1158 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready"); 1159 conn->gas_comeback_in_progress = 1; 1160 return dpp_tcp_send_comeback_delay(conn, 1161 WLAN_PA_GAS_INITIAL_RESP); 1162 } 1163 1164 return dpp_tcp_send_gas_resp(conn, WLAN_PA_GAS_INITIAL_RESP, resp); 1165 } 1166 1167 1168 static int dpp_controller_rx_gas_comeback_req(struct dpp_connection *conn, 1169 const u8 *msg, size_t len) 1170 { 1171 u8 dialog_token; 1172 struct dpp_authentication *auth = conn->auth; 1173 struct wpabuf *resp; 1174 1175 if (len < 1) 1176 return -1; 1177 1178 wpa_printf(MSG_DEBUG, 1179 "DPP: Received DPP Configuration Request over TCP (comeback)"); 1180 1181 if (!auth || (!conn->ctrl && !auth->configurator) || 1182 (!auth->auth_success && !auth->reconfig_success) || 1183 !conn->gas_comeback_in_progress) { 1184 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 1185 return -1; 1186 } 1187 1188 dialog_token = msg[0]; 1189 if (dialog_token != conn->gas_dialog_token) { 1190 wpa_printf(MSG_DEBUG, "DPP: Dialog token mismatch (%u != %u)", 1191 dialog_token, conn->gas_dialog_token); 1192 return -1; 1193 } 1194 1195 if (!auth->conf_resp_tcp) { 1196 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready"); 1197 return dpp_tcp_send_comeback_delay(conn, 1198 WLAN_PA_GAS_COMEBACK_RESP); 1199 } 1200 1201 wpa_printf(MSG_DEBUG, 1202 "DPP: Configuration response is ready to be sent out"); 1203 resp = auth->conf_resp_tcp; 1204 auth->conf_resp_tcp = NULL; 1205 return dpp_tcp_send_gas_resp(conn, WLAN_PA_GAS_COMEBACK_RESP, resp); 1206 } 1207 1208 1209 static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx) 1210 { 1211 struct dpp_connection *conn = eloop_ctx; 1212 struct dpp_authentication *auth = conn->auth; 1213 1214 if (!auth || !auth->csrattrs) 1215 return; 1216 1217 wpa_printf(MSG_DEBUG, "DPP: Build CSR"); 1218 wpabuf_free(auth->csr); 1219 /* TODO: Additional information needed for CSR based on csrAttrs */ 1220 auth->csr = dpp_build_csr(auth, conn->name ? conn->name : "Test"); 1221 if (!auth->csr) { 1222 dpp_connection_remove(conn); 1223 return; 1224 } 1225 1226 dpp_controller_start_gas_client(conn); 1227 } 1228 1229 1230 static int dpp_tcp_rx_gas_resp(struct dpp_connection *conn, struct wpabuf *resp) 1231 { 1232 struct dpp_authentication *auth = conn->auth; 1233 int res; 1234 struct wpabuf *msg; 1235 enum dpp_status_error status; 1236 1237 wpa_printf(MSG_DEBUG, 1238 "DPP: Configuration Response for local stack from TCP"); 1239 1240 if (auth) 1241 res = dpp_conf_resp_rx(auth, resp); 1242 else 1243 res = -1; 1244 wpabuf_free(resp); 1245 if (res == -2) { 1246 wpa_printf(MSG_DEBUG, "DPP: CSR needed"); 1247 eloop_register_timeout(0, 0, dpp_tcp_build_csr, conn, NULL); 1248 return 0; 1249 } 1250 if (res < 0) { 1251 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed"); 1252 return -1; 1253 } 1254 1255 if (conn->process_conf_obj) 1256 res = conn->process_conf_obj(conn->cb_ctx, auth); 1257 else 1258 res = 0; 1259 1260 if (auth->peer_version < 2 || auth->conf_resp_status != DPP_STATUS_OK) 1261 return -1; 1262 1263 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result"); 1264 status = res < 0 ? DPP_STATUS_CONFIG_REJECTED : DPP_STATUS_OK; 1265 msg = dpp_build_conf_result(auth, status); 1266 if (!msg) 1267 return -1; 1268 1269 conn->on_tcp_tx_complete_remove = 1; 1270 res = dpp_tcp_send_msg(conn, msg); 1271 wpabuf_free(msg); 1272 1273 /* This exchange will be terminated in the TX status handler */ 1274 1275 return res; 1276 } 1277 1278 1279 static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx) 1280 { 1281 struct dpp_connection *conn = eloop_ctx; 1282 struct dpp_authentication *auth = conn->auth; 1283 struct wpabuf *msg; 1284 1285 if (!auth) 1286 return; 1287 1288 wpa_printf(MSG_DEBUG, "DPP: Send GAS Comeback Request"); 1289 msg = wpabuf_alloc(4 + 2); 1290 if (!msg) 1291 return; 1292 wpabuf_put_be32(msg, 2); 1293 wpabuf_put_u8(msg, WLAN_PA_GAS_COMEBACK_REQ); 1294 wpabuf_put_u8(msg, conn->gas_dialog_token); 1295 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); 1296 1297 wpabuf_free(conn->msg_out); 1298 conn->msg_out_pos = 0; 1299 conn->msg_out = msg; 1300 dpp_tcp_send(conn); 1301 } 1302 1303 1304 static int dpp_rx_gas_resp(struct dpp_connection *conn, const u8 *msg, 1305 size_t len, bool comeback) 1306 { 1307 struct wpabuf *buf; 1308 u8 dialog_token; 1309 const u8 *pos, *end, *next, *adv_proto; 1310 u16 status, slen, comeback_delay; 1311 1312 if (len < (size_t) (5 + 2 + (comeback ? 1 : 0))) 1313 return -1; 1314 1315 wpa_printf(MSG_DEBUG, 1316 "DPP: Received DPP Configuration Response over TCP"); 1317 1318 pos = msg; 1319 end = msg + len; 1320 1321 dialog_token = *pos++; 1322 status = WPA_GET_LE16(pos); 1323 if (status != WLAN_STATUS_SUCCESS) { 1324 wpa_printf(MSG_DEBUG, "DPP: Unexpected Status Code %u", status); 1325 return -1; 1326 } 1327 pos += 2; 1328 if (comeback) 1329 pos++; /* ignore Fragment ID */ 1330 comeback_delay = WPA_GET_LE16(pos); 1331 pos += 2; 1332 1333 adv_proto = pos++; 1334 slen = *pos++; 1335 if (*adv_proto != WLAN_EID_ADV_PROTO || 1336 slen > end - pos || slen < 2) 1337 return -1; 1338 1339 next = pos + slen; 1340 pos++; /* skip QueryRespLenLimit and PAME-BI */ 1341 1342 if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC || 1343 pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA || 1344 pos[5] != DPP_OUI_TYPE || pos[6] != 0x01) 1345 return -1; 1346 1347 pos = next; 1348 /* Query Response */ 1349 if (end - pos < 2) 1350 return -1; 1351 slen = WPA_GET_LE16(pos); 1352 pos += 2; 1353 if (slen > end - pos) 1354 return -1; 1355 1356 if (comeback_delay) { 1357 unsigned int secs, usecs; 1358 1359 conn->gas_dialog_token = dialog_token; 1360 secs = (comeback_delay * 1024) / 1000000; 1361 usecs = comeback_delay * 1024 - secs * 1000000; 1362 wpa_printf(MSG_DEBUG, "DPP: Comeback delay: %u", 1363 comeback_delay); 1364 eloop_cancel_timeout(dpp_tcp_gas_query_comeback, conn, NULL); 1365 eloop_register_timeout(secs, usecs, dpp_tcp_gas_query_comeback, 1366 conn, NULL); 1367 return 0; 1368 } 1369 1370 buf = wpabuf_alloc(slen); 1371 if (!buf) 1372 return -1; 1373 wpabuf_put_data(buf, pos, slen); 1374 1375 if (!conn->relay && 1376 (!conn->ctrl || (conn->ctrl->allowed_roles & DPP_CAPAB_ENROLLEE))) 1377 return dpp_tcp_rx_gas_resp(conn, buf); 1378 1379 if (!conn->relay) { 1380 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 1381 wpabuf_free(buf); 1382 return -1; 1383 } 1384 wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN"); 1385 conn->relay->gas_resp_tx(conn->relay->cb_ctx, conn->mac_addr, 1386 dialog_token, 0, buf); 1387 1388 return 0; 1389 } 1390 1391 1392 static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx) 1393 { 1394 struct dpp_connection *conn = eloop_ctx; 1395 int res; 1396 const u8 *pos; 1397 1398 wpa_printf(MSG_DEBUG, "DPP: TCP data available for reading (sock %d)", 1399 sd); 1400 1401 if (conn->msg_len_octets < 4) { 1402 u32 msglen; 1403 1404 res = recv(sd, &conn->msg_len[conn->msg_len_octets], 1405 4 - conn->msg_len_octets, 0); 1406 if (res < 0) { 1407 wpa_printf(MSG_DEBUG, "DPP: recv failed: %s", 1408 strerror(errno)); 1409 dpp_connection_remove(conn); 1410 return; 1411 } 1412 if (res == 0) { 1413 wpa_printf(MSG_DEBUG, 1414 "DPP: No more data available over TCP"); 1415 dpp_connection_remove(conn); 1416 return; 1417 } 1418 wpa_printf(MSG_DEBUG, 1419 "DPP: Received %d/%d octet(s) of message length field", 1420 res, (int) (4 - conn->msg_len_octets)); 1421 conn->msg_len_octets += res; 1422 1423 if (conn->msg_len_octets < 4) { 1424 wpa_printf(MSG_DEBUG, 1425 "DPP: Need %d more octets of message length field", 1426 (int) (4 - conn->msg_len_octets)); 1427 return; 1428 } 1429 1430 msglen = WPA_GET_BE32(conn->msg_len); 1431 wpa_printf(MSG_DEBUG, "DPP: Message length: %u", msglen); 1432 if (msglen > 65535) { 1433 wpa_printf(MSG_INFO, "DPP: Unexpectedly long message"); 1434 dpp_connection_remove(conn); 1435 return; 1436 } 1437 1438 wpabuf_free(conn->msg); 1439 conn->msg = wpabuf_alloc(msglen); 1440 } 1441 1442 if (!conn->msg) { 1443 wpa_printf(MSG_DEBUG, 1444 "DPP: No buffer available for receiving the message"); 1445 dpp_connection_remove(conn); 1446 return; 1447 } 1448 1449 wpa_printf(MSG_DEBUG, "DPP: Need %u more octets of message payload", 1450 (unsigned int) wpabuf_tailroom(conn->msg)); 1451 1452 res = recv(sd, wpabuf_put(conn->msg, 0), wpabuf_tailroom(conn->msg), 0); 1453 if (res < 0) { 1454 wpa_printf(MSG_DEBUG, "DPP: recv failed: %s", strerror(errno)); 1455 dpp_connection_remove(conn); 1456 return; 1457 } 1458 if (res == 0) { 1459 wpa_printf(MSG_DEBUG, "DPP: No more data available over TCP"); 1460 dpp_connection_remove(conn); 1461 return; 1462 } 1463 wpa_printf(MSG_DEBUG, "DPP: Received %d octets", res); 1464 wpabuf_put(conn->msg, res); 1465 1466 if (wpabuf_tailroom(conn->msg) > 0) { 1467 wpa_printf(MSG_DEBUG, 1468 "DPP: Need %u more octets of message payload", 1469 (unsigned int) wpabuf_tailroom(conn->msg)); 1470 return; 1471 } 1472 1473 conn->msg_len_octets = 0; 1474 wpa_hexdump_buf(MSG_DEBUG, "DPP: Received TCP message", conn->msg); 1475 if (wpabuf_len(conn->msg) < 1) { 1476 dpp_connection_remove(conn); 1477 return; 1478 } 1479 1480 pos = wpabuf_head(conn->msg); 1481 switch (*pos) { 1482 case WLAN_PA_VENDOR_SPECIFIC: 1483 if (dpp_controller_rx_action(conn, pos + 1, 1484 wpabuf_len(conn->msg) - 1) < 0) 1485 dpp_connection_remove(conn); 1486 break; 1487 case WLAN_PA_GAS_INITIAL_REQ: 1488 if (dpp_controller_rx_gas_req(conn, pos + 1, 1489 wpabuf_len(conn->msg) - 1) < 0) 1490 dpp_connection_remove(conn); 1491 break; 1492 case WLAN_PA_GAS_INITIAL_RESP: 1493 case WLAN_PA_GAS_COMEBACK_RESP: 1494 if (dpp_rx_gas_resp(conn, pos + 1, 1495 wpabuf_len(conn->msg) - 1, 1496 *pos == WLAN_PA_GAS_COMEBACK_RESP) < 0) 1497 dpp_connection_remove(conn); 1498 break; 1499 case WLAN_PA_GAS_COMEBACK_REQ: 1500 if (dpp_controller_rx_gas_comeback_req( 1501 conn, pos + 1, wpabuf_len(conn->msg) - 1) < 0) 1502 dpp_connection_remove(conn); 1503 break; 1504 default: 1505 wpa_printf(MSG_DEBUG, "DPP: Ignore unsupported message type %u", 1506 *pos); 1507 break; 1508 } 1509 } 1510 1511 1512 static void dpp_controller_tcp_cb(int sd, void *eloop_ctx, void *sock_ctx) 1513 { 1514 struct dpp_controller *ctrl = eloop_ctx; 1515 struct sockaddr_in addr; 1516 socklen_t addr_len = sizeof(addr); 1517 int fd; 1518 struct dpp_connection *conn; 1519 1520 wpa_printf(MSG_DEBUG, "DPP: New TCP connection"); 1521 1522 fd = accept(ctrl->sock, (struct sockaddr *) &addr, &addr_len); 1523 if (fd < 0) { 1524 wpa_printf(MSG_DEBUG, 1525 "DPP: Failed to accept new connection: %s", 1526 strerror(errno)); 1527 return; 1528 } 1529 wpa_printf(MSG_DEBUG, "DPP: Connection from %s:%d", 1530 inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); 1531 1532 conn = os_zalloc(sizeof(*conn)); 1533 if (!conn) 1534 goto fail; 1535 1536 conn->global = ctrl->global; 1537 conn->ctrl = ctrl; 1538 conn->msg_ctx = ctrl->msg_ctx; 1539 conn->cb_ctx = ctrl->cb_ctx; 1540 conn->process_conf_obj = ctrl->process_conf_obj; 1541 conn->sock = fd; 1542 conn->netrole = ctrl->netrole; 1543 1544 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 1545 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 1546 strerror(errno)); 1547 goto fail; 1548 } 1549 1550 if (eloop_register_sock(conn->sock, EVENT_TYPE_READ, 1551 dpp_controller_rx, conn, NULL) < 0) 1552 goto fail; 1553 conn->read_eloop = 1; 1554 1555 /* TODO: eloop timeout to expire connections that do not complete in 1556 * reasonable time */ 1557 dl_list_add(&ctrl->conn, &conn->list); 1558 return; 1559 1560 fail: 1561 close(fd); 1562 os_free(conn); 1563 } 1564 1565 1566 int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth, 1567 const struct hostapd_ip_addr *addr, int port, const char *name, 1568 enum dpp_netrole netrole, void *msg_ctx, void *cb_ctx, 1569 int (*process_conf_obj)(void *ctx, 1570 struct dpp_authentication *auth)) 1571 { 1572 struct dpp_connection *conn; 1573 struct sockaddr_storage saddr; 1574 socklen_t addrlen; 1575 const u8 *hdr, *pos, *end; 1576 char txt[100]; 1577 1578 wpa_printf(MSG_DEBUG, "DPP: Initialize TCP connection to %s port %d", 1579 hostapd_ip_txt(addr, txt, sizeof(txt)), port); 1580 if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &saddr, &addrlen, 1581 addr, port) < 0) { 1582 dpp_auth_deinit(auth); 1583 return -1; 1584 } 1585 1586 conn = os_zalloc(sizeof(*conn)); 1587 if (!conn) { 1588 dpp_auth_deinit(auth); 1589 return -1; 1590 } 1591 1592 conn->msg_ctx = msg_ctx; 1593 conn->cb_ctx = cb_ctx; 1594 conn->process_conf_obj = process_conf_obj; 1595 conn->name = os_strdup(name ? name : "Test"); 1596 conn->netrole = netrole; 1597 conn->global = dpp; 1598 conn->auth = auth; 1599 conn->sock = socket(AF_INET, SOCK_STREAM, 0); 1600 if (conn->sock < 0) 1601 goto fail; 1602 1603 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 1604 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 1605 strerror(errno)); 1606 goto fail; 1607 } 1608 1609 if (connect(conn->sock, (struct sockaddr *) &saddr, addrlen) < 0) { 1610 if (errno != EINPROGRESS) { 1611 wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s", 1612 strerror(errno)); 1613 goto fail; 1614 } 1615 1616 /* 1617 * Continue connecting in the background; eloop will call us 1618 * once the connection is ready (or failed). 1619 */ 1620 } 1621 1622 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 1623 dpp_conn_tx_ready, conn, NULL) < 0) 1624 goto fail; 1625 conn->write_eloop = 1; 1626 1627 hdr = wpabuf_head(auth->req_msg); 1628 end = hdr + wpabuf_len(auth->req_msg); 1629 hdr += 2; /* skip Category and Actiom */ 1630 pos = hdr + DPP_HDR_LEN; 1631 conn->msg_out = dpp_tcp_encaps(hdr, pos, end - pos); 1632 if (!conn->msg_out) 1633 goto fail; 1634 /* Message will be sent in dpp_conn_tx_ready() */ 1635 1636 /* TODO: eloop timeout to clear a connection if it does not complete 1637 * properly */ 1638 dl_list_add(&dpp->tcp_init, &conn->list); 1639 return 0; 1640 fail: 1641 dpp_connection_free(conn); 1642 return -1; 1643 } 1644 1645 1646 int dpp_controller_start(struct dpp_global *dpp, 1647 struct dpp_controller_config *config) 1648 { 1649 struct dpp_controller *ctrl; 1650 int on = 1; 1651 struct sockaddr_in sin; 1652 int port; 1653 1654 if (!dpp || dpp->controller) 1655 return -1; 1656 1657 ctrl = os_zalloc(sizeof(*ctrl)); 1658 if (!ctrl) 1659 return -1; 1660 ctrl->global = dpp; 1661 if (config->configurator_params) 1662 ctrl->configurator_params = 1663 os_strdup(config->configurator_params); 1664 dl_list_init(&ctrl->conn); 1665 ctrl->allowed_roles = config->allowed_roles; 1666 ctrl->qr_mutual = config->qr_mutual; 1667 ctrl->netrole = config->netrole; 1668 ctrl->msg_ctx = config->msg_ctx; 1669 ctrl->cb_ctx = config->cb_ctx; 1670 ctrl->process_conf_obj = config->process_conf_obj; 1671 1672 ctrl->sock = socket(AF_INET, SOCK_STREAM, 0); 1673 if (ctrl->sock < 0) 1674 goto fail; 1675 1676 if (setsockopt(ctrl->sock, SOL_SOCKET, SO_REUSEADDR, 1677 &on, sizeof(on)) < 0) { 1678 wpa_printf(MSG_DEBUG, 1679 "DPP: setsockopt(SO_REUSEADDR) failed: %s", 1680 strerror(errno)); 1681 /* try to continue anyway */ 1682 } 1683 1684 if (fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0) { 1685 wpa_printf(MSG_INFO, "DPP: fnctl(O_NONBLOCK) failed: %s", 1686 strerror(errno)); 1687 goto fail; 1688 } 1689 1690 /* TODO: IPv6 */ 1691 os_memset(&sin, 0, sizeof(sin)); 1692 sin.sin_family = AF_INET; 1693 sin.sin_addr.s_addr = INADDR_ANY; 1694 port = config->tcp_port ? config->tcp_port : DPP_TCP_PORT; 1695 sin.sin_port = htons(port); 1696 if (bind(ctrl->sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) { 1697 wpa_printf(MSG_INFO, 1698 "DPP: Failed to bind Controller TCP port: %s", 1699 strerror(errno)); 1700 goto fail; 1701 } 1702 if (listen(ctrl->sock, 10 /* max backlog */) < 0 || 1703 fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0 || 1704 eloop_register_sock(ctrl->sock, EVENT_TYPE_READ, 1705 dpp_controller_tcp_cb, ctrl, NULL)) 1706 goto fail; 1707 1708 dpp->controller = ctrl; 1709 wpa_printf(MSG_DEBUG, "DPP: Controller started on TCP port %d", port); 1710 return 0; 1711 fail: 1712 dpp_controller_free(ctrl); 1713 return -1; 1714 } 1715 1716 1717 void dpp_controller_stop(struct dpp_global *dpp) 1718 { 1719 if (dpp) { 1720 dpp_controller_free(dpp->controller); 1721 dpp->controller = NULL; 1722 } 1723 } 1724 1725 1726 static bool dpp_tcp_peer_id_match(struct dpp_authentication *auth, 1727 unsigned int id) 1728 { 1729 return auth && 1730 ((auth->peer_bi && auth->peer_bi->id == id) || 1731 (auth->tmp_peer_bi && auth->tmp_peer_bi->id == id)); 1732 } 1733 1734 1735 static struct dpp_authentication * dpp_tcp_get_auth(struct dpp_global *dpp, 1736 unsigned int id) 1737 { 1738 struct dpp_connection *conn; 1739 1740 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) { 1741 if (dpp_tcp_peer_id_match(conn->auth, id)) 1742 return conn->auth; 1743 } 1744 1745 return NULL; 1746 } 1747 1748 1749 struct dpp_authentication * dpp_controller_get_auth(struct dpp_global *dpp, 1750 unsigned int id) 1751 { 1752 struct dpp_controller *ctrl = dpp->controller; 1753 struct dpp_connection *conn; 1754 1755 if (!ctrl) 1756 return dpp_tcp_get_auth(dpp, id); 1757 1758 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) { 1759 if (dpp_tcp_peer_id_match(conn->auth, id)) 1760 return conn->auth; 1761 } 1762 1763 return dpp_tcp_get_auth(dpp, id); 1764 } 1765 1766 1767 void dpp_controller_new_qr_code(struct dpp_global *dpp, 1768 struct dpp_bootstrap_info *bi) 1769 { 1770 struct dpp_controller *ctrl = dpp->controller; 1771 struct dpp_connection *conn; 1772 1773 if (!ctrl) 1774 return; 1775 1776 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) { 1777 struct dpp_authentication *auth = conn->auth; 1778 1779 if (!auth->response_pending || 1780 dpp_notify_new_qr_code(auth, bi) != 1) 1781 continue; 1782 wpa_printf(MSG_DEBUG, 1783 "DPP: Sending out pending authentication response"); 1784 dpp_tcp_send_msg(conn, conn->auth->resp_msg); 1785 } 1786 } 1787 1788 1789 void dpp_tcp_init_flush(struct dpp_global *dpp) 1790 { 1791 struct dpp_connection *conn, *tmp; 1792 1793 dl_list_for_each_safe(conn, tmp, &dpp->tcp_init, struct dpp_connection, 1794 list) 1795 dpp_connection_remove(conn); 1796 } 1797 1798 1799 static void dpp_relay_controller_free(struct dpp_relay_controller *ctrl) 1800 { 1801 struct dpp_connection *conn, *tmp; 1802 1803 dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection, 1804 list) 1805 dpp_connection_remove(conn); 1806 os_free(ctrl); 1807 } 1808 1809 1810 void dpp_relay_flush_controllers(struct dpp_global *dpp) 1811 { 1812 struct dpp_relay_controller *ctrl, *tmp; 1813 1814 if (!dpp) 1815 return; 1816 1817 dl_list_for_each_safe(ctrl, tmp, &dpp->controllers, 1818 struct dpp_relay_controller, list) { 1819 dl_list_del(&ctrl->list); 1820 dpp_relay_controller_free(ctrl); 1821 } 1822 } 1823 1824 #endif /* CONFIG_DPP2 */ 1825