1 /*
2 * wpa_supplicant - DPP
3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 * Copyright (c) 2018-2020, The Linux Foundation
5 *
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
8 */
9
10 #include "utils/includes.h"
11
12 #include "utils/common.h"
13 #include "utils/eloop.h"
14 #include "utils/ip_addr.h"
15 #include "utils/base64.h"
16 #include "common/dpp.h"
17 #include "common/gas.h"
18 #include "common/gas_server.h"
19 #include "rsn_supp/wpa.h"
20 #include "rsn_supp/pmksa_cache.h"
21 #include "wpa_supplicant_i.h"
22 #include "config.h"
23 #include "driver_i.h"
24 #include "offchannel.h"
25 #include "gas_query.h"
26 #include "bss.h"
27 #include "scan.h"
28 #include "notify.h"
29 #include "dpp_supplicant.h"
30
31
32 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
33 unsigned int freq);
34 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
35 static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx);
36 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
37 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
38 unsigned int freq, const u8 *dst,
39 const u8 *src, const u8 *bssid,
40 const u8 *data, size_t data_len,
41 enum offchannel_send_action_result result);
42 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
43 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s);
44 static void
45 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
46 unsigned int freq, const u8 *dst,
47 const u8 *src, const u8 *bssid,
48 const u8 *data, size_t data_len,
49 enum offchannel_send_action_result result);
50 #ifdef CONFIG_DPP2
51 static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
52 void *timeout_ctx);
53 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s);
54 static int wpas_dpp_process_conf_obj(void *ctx,
55 struct dpp_authentication *auth);
56 #endif /* CONFIG_DPP2 */
57
58 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
59
60 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
61 * a single transaction in progress at any point in time. */
62 static const u8 TRANSACTION_ID = 1;
63
64
65 /**
66 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
67 * @wpa_s: Pointer to wpa_supplicant data
68 * @cmd: DPP URI read from a QR Code
69 * Returns: Identifier of the stored info or -1 on failure
70 */
wpas_dpp_qr_code(struct wpa_supplicant * wpa_s,const char * cmd)71 int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
72 {
73 struct dpp_bootstrap_info *bi;
74 struct dpp_authentication *auth = wpa_s->dpp_auth;
75
76 bi = dpp_add_qr_code(wpa_s->dpp, cmd);
77 if (!bi)
78 return -1;
79
80 if (auth && auth->response_pending &&
81 dpp_notify_new_qr_code(auth, bi) == 1) {
82 wpa_printf(MSG_DEBUG,
83 "DPP: Sending out pending authentication response");
84 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
85 " freq=%u type=%d",
86 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
87 DPP_PA_AUTHENTICATION_RESP);
88 offchannel_send_action(wpa_s, auth->curr_freq,
89 auth->peer_mac_addr, wpa_s->own_addr,
90 broadcast,
91 wpabuf_head(auth->resp_msg),
92 wpabuf_len(auth->resp_msg),
93 500, wpas_dpp_tx_status, 0);
94 }
95
96 #ifdef CONFIG_DPP2
97 dpp_controller_new_qr_code(wpa_s->dpp, bi);
98 #endif /* CONFIG_DPP2 */
99
100 return bi->id;
101 }
102
103
104 /**
105 * wpas_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI)
106 * @wpa_s: Pointer to wpa_supplicant data
107 * @cmd: DPP URI read from a NFC Tag (URI NDEF message)
108 * Returns: Identifier of the stored info or -1 on failure
109 */
wpas_dpp_nfc_uri(struct wpa_supplicant * wpa_s,const char * cmd)110 int wpas_dpp_nfc_uri(struct wpa_supplicant *wpa_s, const char *cmd)
111 {
112 struct dpp_bootstrap_info *bi;
113
114 bi = dpp_add_nfc_uri(wpa_s->dpp, cmd);
115 if (!bi)
116 return -1;
117
118 return bi->id;
119 }
120
121
wpas_dpp_nfc_handover_req(struct wpa_supplicant * wpa_s,const char * cmd)122 int wpas_dpp_nfc_handover_req(struct wpa_supplicant *wpa_s, const char *cmd)
123 {
124 const char *pos;
125 struct dpp_bootstrap_info *peer_bi, *own_bi;
126
127 pos = os_strstr(cmd, " own=");
128 if (!pos)
129 return -1;
130 pos += 5;
131 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
132 if (!own_bi)
133 return -1;
134 own_bi->nfc_negotiated = 1;
135
136 pos = os_strstr(cmd, " uri=");
137 if (!pos)
138 return -1;
139 pos += 5;
140 peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
141 if (!peer_bi) {
142 wpa_printf(MSG_INFO,
143 "DPP: Failed to parse URI from NFC Handover Request");
144 return -1;
145 }
146
147 if (dpp_nfc_update_bi(own_bi, peer_bi) < 0)
148 return -1;
149
150 return peer_bi->id;
151 }
152
153
wpas_dpp_nfc_handover_sel(struct wpa_supplicant * wpa_s,const char * cmd)154 int wpas_dpp_nfc_handover_sel(struct wpa_supplicant *wpa_s, const char *cmd)
155 {
156 const char *pos;
157 struct dpp_bootstrap_info *peer_bi, *own_bi;
158
159 pos = os_strstr(cmd, " own=");
160 if (!pos)
161 return -1;
162 pos += 5;
163 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
164 if (!own_bi)
165 return -1;
166 own_bi->nfc_negotiated = 1;
167
168 pos = os_strstr(cmd, " uri=");
169 if (!pos)
170 return -1;
171 pos += 5;
172 peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
173 if (!peer_bi) {
174 wpa_printf(MSG_INFO,
175 "DPP: Failed to parse URI from NFC Handover Select");
176 return -1;
177 }
178
179 if (peer_bi->curve != own_bi->curve) {
180 wpa_printf(MSG_INFO,
181 "DPP: Peer (NFC Handover Selector) used different curve");
182 return -1;
183 }
184
185 return peer_bi->id;
186 }
187
188
wpas_dpp_auth_resp_retry_timeout(void * eloop_ctx,void * timeout_ctx)189 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx)
190 {
191 struct wpa_supplicant *wpa_s = eloop_ctx;
192 struct dpp_authentication *auth = wpa_s->dpp_auth;
193
194 if (!auth || !auth->resp_msg)
195 return;
196
197 wpa_printf(MSG_DEBUG,
198 "DPP: Retry Authentication Response after timeout");
199 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
200 " freq=%u type=%d",
201 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
202 DPP_PA_AUTHENTICATION_RESP);
203 offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr,
204 wpa_s->own_addr, broadcast,
205 wpabuf_head(auth->resp_msg),
206 wpabuf_len(auth->resp_msg),
207 500, wpas_dpp_tx_status, 0);
208 }
209
210
wpas_dpp_auth_resp_retry(struct wpa_supplicant * wpa_s)211 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s)
212 {
213 struct dpp_authentication *auth = wpa_s->dpp_auth;
214 unsigned int wait_time, max_tries;
215
216 if (!auth || !auth->resp_msg)
217 return;
218
219 if (wpa_s->dpp_resp_max_tries)
220 max_tries = wpa_s->dpp_resp_max_tries;
221 else
222 max_tries = 5;
223 auth->auth_resp_tries++;
224 if (auth->auth_resp_tries >= max_tries) {
225 wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange");
226 offchannel_send_action_done(wpa_s);
227 dpp_auth_deinit(wpa_s->dpp_auth);
228 wpa_s->dpp_auth = NULL;
229 return;
230 }
231
232 if (wpa_s->dpp_resp_retry_time)
233 wait_time = wpa_s->dpp_resp_retry_time;
234 else
235 wait_time = 1000;
236 wpa_printf(MSG_DEBUG,
237 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
238 wait_time);
239 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
240 eloop_register_timeout(wait_time / 1000,
241 (wait_time % 1000) * 1000,
242 wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
243 }
244
245
wpas_dpp_try_to_connect(struct wpa_supplicant * wpa_s)246 static void wpas_dpp_try_to_connect(struct wpa_supplicant *wpa_s)
247 {
248 wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network");
249 wpa_s->suitable_network = 0;
250 wpa_s->no_suitable_network = 0;
251 wpa_s->disconnected = 0;
252 wpa_s->reassociate = 1;
253 wpa_s->scan_runs = 0;
254 wpa_s->normal_scans = 0;
255 wpa_supplicant_cancel_sched_scan(wpa_s);
256 wpa_supplicant_req_scan(wpa_s, 0, 0);
257 }
258
259
260 #ifdef CONFIG_DPP2
261
wpas_dpp_stop_listen_for_tx(struct wpa_supplicant * wpa_s,unsigned int freq,unsigned int wait_time)262 static void wpas_dpp_stop_listen_for_tx(struct wpa_supplicant *wpa_s,
263 unsigned int freq,
264 unsigned int wait_time)
265 {
266 struct os_reltime now, res;
267 unsigned int remaining;
268
269 if (!wpa_s->dpp_listen_freq)
270 return;
271
272 os_get_reltime(&now);
273 if (os_reltime_before(&now, &wpa_s->dpp_listen_end)) {
274 os_reltime_sub(&wpa_s->dpp_listen_end, &now, &res);
275 remaining = res.sec * 1000 + res.usec / 1000;
276 } else {
277 remaining = 0;
278 }
279 if (wpa_s->dpp_listen_freq == freq && remaining > wait_time)
280 return;
281
282 wpa_printf(MSG_DEBUG,
283 "DPP: Stop listen on %u MHz ending in %u ms to allow immediate TX on %u MHz for %u ms",
284 wpa_s->dpp_listen_freq, remaining, freq, wait_time);
285 wpas_dpp_listen_stop(wpa_s);
286
287 /* TODO: Restart listen in some cases after TX? */
288 }
289
290
wpas_dpp_conn_status_result_timeout(void * eloop_ctx,void * timeout_ctx)291 static void wpas_dpp_conn_status_result_timeout(void *eloop_ctx,
292 void *timeout_ctx)
293 {
294 struct wpa_supplicant *wpa_s = eloop_ctx;
295 struct dpp_authentication *auth = wpa_s->dpp_auth;
296 enum dpp_status_error result;
297
298 if (!auth || !auth->conn_status_requested)
299 return;
300
301 wpa_printf(MSG_DEBUG,
302 "DPP: Connection timeout - report Connection Status Result");
303 if (wpa_s->suitable_network)
304 result = DPP_STATUS_AUTH_FAILURE;
305 else if (wpa_s->no_suitable_network)
306 result = DPP_STATUS_NO_AP;
307 else
308 result = 255; /* What to report here for unexpected state? */
309 if (wpa_s->wpa_state == WPA_SCANNING)
310 wpas_abort_ongoing_scan(wpa_s);
311 wpas_dpp_send_conn_status_result(wpa_s, result);
312 }
313
314
wpas_dpp_scan_channel_list(struct wpa_supplicant * wpa_s)315 static char * wpas_dpp_scan_channel_list(struct wpa_supplicant *wpa_s)
316 {
317 char *str, *end, *pos;
318 size_t len;
319 unsigned int i;
320 u8 last_op_class = 0;
321 int res;
322
323 if (!wpa_s->last_scan_freqs || !wpa_s->num_last_scan_freqs)
324 return NULL;
325
326 len = wpa_s->num_last_scan_freqs * 8;
327 str = os_zalloc(len);
328 if (!str)
329 return NULL;
330 end = str + len;
331 pos = str;
332
333 for (i = 0; i < wpa_s->num_last_scan_freqs; i++) {
334 enum hostapd_hw_mode mode;
335 u8 op_class, channel;
336
337 mode = ieee80211_freq_to_channel_ext(wpa_s->last_scan_freqs[i],
338 0, 0, &op_class, &channel);
339 if (mode == NUM_HOSTAPD_MODES)
340 continue;
341 if (op_class == last_op_class)
342 res = os_snprintf(pos, end - pos, ",%d", channel);
343 else
344 res = os_snprintf(pos, end - pos, "%s%d/%d",
345 pos == str ? "" : ",",
346 op_class, channel);
347 if (os_snprintf_error(end - pos, res)) {
348 *pos = '\0';
349 break;
350 }
351 pos += res;
352 last_op_class = op_class;
353 }
354
355 if (pos == str) {
356 os_free(str);
357 str = NULL;
358 }
359 return str;
360 }
361
362
wpas_dpp_send_conn_status_result(struct wpa_supplicant * wpa_s,enum dpp_status_error result)363 void wpas_dpp_send_conn_status_result(struct wpa_supplicant *wpa_s,
364 enum dpp_status_error result)
365 {
366 struct wpabuf *msg;
367 const char *channel_list = NULL;
368 char *channel_list_buf = NULL;
369 struct wpa_ssid *ssid = wpa_s->current_ssid;
370 struct dpp_authentication *auth = wpa_s->dpp_auth;
371
372 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
373
374 if (!auth || !auth->conn_status_requested)
375 return;
376 auth->conn_status_requested = 0;
377 wpa_printf(MSG_DEBUG, "DPP: Report connection status result %d",
378 result);
379
380 if (result == DPP_STATUS_NO_AP) {
381 channel_list_buf = wpas_dpp_scan_channel_list(wpa_s);
382 channel_list = channel_list_buf;
383 }
384
385 msg = dpp_build_conn_status_result(auth, result,
386 ssid ? ssid->ssid :
387 wpa_s->dpp_last_ssid,
388 ssid ? ssid->ssid_len :
389 wpa_s->dpp_last_ssid_len,
390 channel_list);
391 os_free(channel_list_buf);
392 if (!msg) {
393 dpp_auth_deinit(wpa_s->dpp_auth);
394 wpa_s->dpp_auth = NULL;
395 return;
396 }
397
398 wpa_msg(wpa_s, MSG_INFO,
399 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
400 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
401 DPP_PA_CONNECTION_STATUS_RESULT);
402 offchannel_send_action(wpa_s, auth->curr_freq,
403 auth->peer_mac_addr, wpa_s->own_addr, broadcast,
404 wpabuf_head(msg), wpabuf_len(msg),
405 500, wpas_dpp_tx_status, 0);
406 wpabuf_free(msg);
407
408 /* This exchange will be terminated in the TX status handler */
409 auth->remove_on_tx_status = 1;
410
411 return;
412 }
413
414
wpas_dpp_connected(struct wpa_supplicant * wpa_s)415 void wpas_dpp_connected(struct wpa_supplicant *wpa_s)
416 {
417 struct dpp_authentication *auth = wpa_s->dpp_auth;
418
419 if (auth && auth->conn_status_requested)
420 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_OK);
421 }
422
423 #endif /* CONFIG_DPP2 */
424
425
wpas_dpp_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)426 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
427 unsigned int freq, const u8 *dst,
428 const u8 *src, const u8 *bssid,
429 const u8 *data, size_t data_len,
430 enum offchannel_send_action_result result)
431 {
432 const char *res_txt;
433 struct dpp_authentication *auth = wpa_s->dpp_auth;
434
435 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
436 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
437 "FAILED");
438 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
439 " result=%s", freq, MAC2STR(dst), res_txt);
440 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
441 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
442
443 if (!wpa_s->dpp_auth) {
444 wpa_printf(MSG_DEBUG,
445 "DPP: Ignore TX status since there is no ongoing authentication exchange");
446 return;
447 }
448
449 #ifdef CONFIG_DPP2
450 if (auth->connect_on_tx_status) {
451 auth->connect_on_tx_status = 0;
452 wpa_printf(MSG_DEBUG,
453 "DPP: Try to connect after completed configuration result");
454 wpas_dpp_try_to_connect(wpa_s);
455 if (auth->conn_status_requested) {
456 wpa_printf(MSG_DEBUG,
457 "DPP: Start 15 second timeout for reporting connection status result");
458 eloop_cancel_timeout(
459 wpas_dpp_conn_status_result_timeout,
460 wpa_s, NULL);
461 eloop_register_timeout(
462 15, 0, wpas_dpp_conn_status_result_timeout,
463 wpa_s, NULL);
464 } else {
465 dpp_auth_deinit(wpa_s->dpp_auth);
466 wpa_s->dpp_auth = NULL;
467 }
468 return;
469 }
470 #endif /* CONFIG_DPP2 */
471
472 if (wpa_s->dpp_auth->remove_on_tx_status) {
473 wpa_printf(MSG_DEBUG,
474 "DPP: Terminate authentication exchange due to a request to do so on TX status");
475 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
476 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
477 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
478 NULL);
479 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
480 NULL);
481 #ifdef CONFIG_DPP2
482 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
483 wpa_s, NULL);
484 #endif /* CONFIG_DPP2 */
485 offchannel_send_action_done(wpa_s);
486 dpp_auth_deinit(wpa_s->dpp_auth);
487 wpa_s->dpp_auth = NULL;
488 return;
489 }
490
491 if (wpa_s->dpp_auth_ok_on_ack)
492 wpas_dpp_auth_success(wpa_s, 1);
493
494 if (!is_broadcast_ether_addr(dst) &&
495 result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
496 wpa_printf(MSG_DEBUG,
497 "DPP: Unicast DPP Action frame was not ACKed");
498 if (auth->waiting_auth_resp) {
499 /* In case of DPP Authentication Request frame, move to
500 * the next channel immediately. */
501 offchannel_send_action_done(wpa_s);
502 wpas_dpp_auth_init_next(wpa_s);
503 return;
504 }
505 if (auth->waiting_auth_conf) {
506 wpas_dpp_auth_resp_retry(wpa_s);
507 return;
508 }
509 }
510
511 if (auth->waiting_auth_conf &&
512 auth->auth_resp_status == DPP_STATUS_OK) {
513 /* Make sure we do not get stuck waiting for Auth Confirm
514 * indefinitely after successfully transmitted Auth Response to
515 * allow new authentication exchanges to be started. */
516 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
517 NULL);
518 eloop_register_timeout(1, 0, wpas_dpp_auth_conf_wait_timeout,
519 wpa_s, NULL);
520 }
521
522 if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp &&
523 result == OFFCHANNEL_SEND_ACTION_SUCCESS) {
524 /* Allow timeout handling to stop iteration if no response is
525 * received from a peer that has ACKed a request. */
526 auth->auth_req_ack = 1;
527 }
528
529 if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
530 wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
531 wpa_printf(MSG_DEBUG,
532 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
533 wpa_s->dpp_auth->curr_freq,
534 wpa_s->dpp_auth->neg_freq);
535 offchannel_send_action_done(wpa_s);
536 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->neg_freq);
537 }
538
539 if (wpa_s->dpp_auth_ok_on_ack)
540 wpa_s->dpp_auth_ok_on_ack = 0;
541 }
542
543
wpas_dpp_reply_wait_timeout(void * eloop_ctx,void * timeout_ctx)544 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
545 {
546 struct wpa_supplicant *wpa_s = eloop_ctx;
547 struct dpp_authentication *auth = wpa_s->dpp_auth;
548 unsigned int freq;
549 struct os_reltime now, diff;
550 unsigned int wait_time, diff_ms;
551
552 if (!auth || !auth->waiting_auth_resp)
553 return;
554
555 wait_time = wpa_s->dpp_resp_wait_time ?
556 wpa_s->dpp_resp_wait_time : 2000;
557 os_get_reltime(&now);
558 os_reltime_sub(&now, &wpa_s->dpp_last_init, &diff);
559 diff_ms = diff.sec * 1000 + diff.usec / 1000;
560 wpa_printf(MSG_DEBUG,
561 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
562 wait_time, diff_ms);
563
564 if (auth->auth_req_ack && diff_ms >= wait_time) {
565 /* Peer ACK'ed Authentication Request frame, but did not reply
566 * with Authentication Response frame within two seconds. */
567 wpa_printf(MSG_INFO,
568 "DPP: No response received from responder - stopping initiation attempt");
569 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
570 offchannel_send_action_done(wpa_s);
571 wpas_dpp_listen_stop(wpa_s);
572 dpp_auth_deinit(auth);
573 wpa_s->dpp_auth = NULL;
574 return;
575 }
576
577 if (diff_ms >= wait_time) {
578 /* Authentication Request frame was not ACK'ed and no reply
579 * was receiving within two seconds. */
580 wpa_printf(MSG_DEBUG,
581 "DPP: Continue Initiator channel iteration");
582 offchannel_send_action_done(wpa_s);
583 wpas_dpp_listen_stop(wpa_s);
584 wpas_dpp_auth_init_next(wpa_s);
585 return;
586 }
587
588 /* Driver did not support 2000 ms long wait_time with TX command, so
589 * schedule listen operation to continue waiting for the response.
590 *
591 * DPP listen operations continue until stopped, so simply schedule a
592 * new call to this function at the point when the two second reply
593 * wait has expired. */
594 wait_time -= diff_ms;
595
596 freq = auth->curr_freq;
597 if (auth->neg_freq > 0)
598 freq = auth->neg_freq;
599 wpa_printf(MSG_DEBUG,
600 "DPP: Continue reply wait on channel %u MHz for %u ms",
601 freq, wait_time);
602 wpa_s->dpp_in_response_listen = 1;
603 wpas_dpp_listen_start(wpa_s, freq);
604
605 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
606 wpas_dpp_reply_wait_timeout, wpa_s, NULL);
607 }
608
609
wpas_dpp_auth_conf_wait_timeout(void * eloop_ctx,void * timeout_ctx)610 static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx)
611 {
612 struct wpa_supplicant *wpa_s = eloop_ctx;
613 struct dpp_authentication *auth = wpa_s->dpp_auth;
614
615 if (!auth || !auth->waiting_auth_conf)
616 return;
617
618 wpa_printf(MSG_DEBUG,
619 "DPP: Terminate authentication exchange due to Auth Confirm timeout");
620 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL "No Auth Confirm received");
621 offchannel_send_action_done(wpa_s);
622 dpp_auth_deinit(auth);
623 wpa_s->dpp_auth = NULL;
624 }
625
626
wpas_dpp_set_testing_options(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth)627 static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
628 struct dpp_authentication *auth)
629 {
630 #ifdef CONFIG_TESTING_OPTIONS
631 if (wpa_s->dpp_config_obj_override)
632 auth->config_obj_override =
633 os_strdup(wpa_s->dpp_config_obj_override);
634 if (wpa_s->dpp_discovery_override)
635 auth->discovery_override =
636 os_strdup(wpa_s->dpp_discovery_override);
637 if (wpa_s->dpp_groups_override)
638 auth->groups_override =
639 os_strdup(wpa_s->dpp_groups_override);
640 auth->ignore_netaccesskey_mismatch =
641 wpa_s->dpp_ignore_netaccesskey_mismatch;
642 #endif /* CONFIG_TESTING_OPTIONS */
643 }
644
645
wpas_dpp_init_timeout(void * eloop_ctx,void * timeout_ctx)646 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
647 {
648 struct wpa_supplicant *wpa_s = eloop_ctx;
649
650 if (!wpa_s->dpp_auth)
651 return;
652 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
653 wpas_dpp_auth_init_next(wpa_s);
654 }
655
656
wpas_dpp_auth_init_next(struct wpa_supplicant * wpa_s)657 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
658 {
659 struct dpp_authentication *auth = wpa_s->dpp_auth;
660 const u8 *dst;
661 unsigned int wait_time, max_wait_time, freq, max_tries, used;
662 struct os_reltime now, diff;
663
664 wpa_s->dpp_in_response_listen = 0;
665 if (!auth)
666 return -1;
667
668 if (auth->freq_idx == 0)
669 os_get_reltime(&wpa_s->dpp_init_iter_start);
670
671 if (auth->freq_idx >= auth->num_freq) {
672 auth->num_freq_iters++;
673 if (wpa_s->dpp_init_max_tries)
674 max_tries = wpa_s->dpp_init_max_tries;
675 else
676 max_tries = 5;
677 if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
678 wpa_printf(MSG_INFO,
679 "DPP: No response received from responder - stopping initiation attempt");
680 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
681 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout,
682 wpa_s, NULL);
683 offchannel_send_action_done(wpa_s);
684 dpp_auth_deinit(wpa_s->dpp_auth);
685 wpa_s->dpp_auth = NULL;
686 return -1;
687 }
688 auth->freq_idx = 0;
689 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
690 if (wpa_s->dpp_init_retry_time)
691 wait_time = wpa_s->dpp_init_retry_time;
692 else
693 wait_time = 10000;
694 os_get_reltime(&now);
695 os_reltime_sub(&now, &wpa_s->dpp_init_iter_start, &diff);
696 used = diff.sec * 1000 + diff.usec / 1000;
697 if (used > wait_time)
698 wait_time = 0;
699 else
700 wait_time -= used;
701 wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms",
702 wait_time);
703 eloop_register_timeout(wait_time / 1000,
704 (wait_time % 1000) * 1000,
705 wpas_dpp_init_timeout, wpa_s,
706 NULL);
707 return 0;
708 }
709 freq = auth->freq[auth->freq_idx++];
710 auth->curr_freq = freq;
711
712 if (!is_zero_ether_addr(auth->peer_mac_addr))
713 dst = auth->peer_mac_addr;
714 else if (is_zero_ether_addr(auth->peer_bi->mac_addr))
715 dst = broadcast;
716 else
717 dst = auth->peer_bi->mac_addr;
718 wpa_s->dpp_auth_ok_on_ack = 0;
719 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
720 wait_time = wpa_s->max_remain_on_chan;
721 max_wait_time = wpa_s->dpp_resp_wait_time ?
722 wpa_s->dpp_resp_wait_time : 2000;
723 if (wait_time > max_wait_time)
724 wait_time = max_wait_time;
725 wait_time += 10; /* give the driver some extra time to complete */
726 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
727 wpas_dpp_reply_wait_timeout,
728 wpa_s, NULL);
729 wait_time -= 10;
730 if (auth->neg_freq > 0 && freq != auth->neg_freq) {
731 wpa_printf(MSG_DEBUG,
732 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
733 freq, auth->neg_freq);
734 }
735 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
736 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
737 auth->auth_req_ack = 0;
738 os_get_reltime(&wpa_s->dpp_last_init);
739 return offchannel_send_action(wpa_s, freq, dst,
740 wpa_s->own_addr, broadcast,
741 wpabuf_head(auth->req_msg),
742 wpabuf_len(auth->req_msg),
743 wait_time, wpas_dpp_tx_status, 0);
744 }
745
746
wpas_dpp_auth_init(struct wpa_supplicant * wpa_s,const char * cmd)747 int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
748 {
749 const char *pos;
750 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
751 struct dpp_authentication *auth;
752 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
753 unsigned int neg_freq = 0;
754 int tcp = 0;
755 #ifdef CONFIG_DPP2
756 int tcp_port = DPP_TCP_PORT;
757 struct hostapd_ip_addr ipaddr;
758 char *addr;
759 #endif /* CONFIG_DPP2 */
760
761 wpa_s->dpp_gas_client = 0;
762
763 pos = os_strstr(cmd, " peer=");
764 if (!pos)
765 return -1;
766 pos += 6;
767 peer_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
768 if (!peer_bi) {
769 wpa_printf(MSG_INFO,
770 "DPP: Could not find bootstrapping info for the identified peer");
771 return -1;
772 }
773
774 #ifdef CONFIG_DPP2
775 pos = os_strstr(cmd, " tcp_port=");
776 if (pos) {
777 pos += 10;
778 tcp_port = atoi(pos);
779 }
780
781 addr = get_param(cmd, " tcp_addr=");
782 if (addr) {
783 int res;
784
785 res = hostapd_parse_ip_addr(addr, &ipaddr);
786 os_free(addr);
787 if (res)
788 return -1;
789 tcp = 1;
790 }
791 #endif /* CONFIG_DPP2 */
792
793 pos = os_strstr(cmd, " own=");
794 if (pos) {
795 pos += 5;
796 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
797 if (!own_bi) {
798 wpa_printf(MSG_INFO,
799 "DPP: Could not find bootstrapping info for the identified local entry");
800 return -1;
801 }
802
803 if (peer_bi->curve != own_bi->curve) {
804 wpa_printf(MSG_INFO,
805 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
806 peer_bi->curve->name, own_bi->curve->name);
807 return -1;
808 }
809 }
810
811 pos = os_strstr(cmd, " role=");
812 if (pos) {
813 pos += 6;
814 if (os_strncmp(pos, "configurator", 12) == 0)
815 allowed_roles = DPP_CAPAB_CONFIGURATOR;
816 else if (os_strncmp(pos, "enrollee", 8) == 0)
817 allowed_roles = DPP_CAPAB_ENROLLEE;
818 else if (os_strncmp(pos, "either", 6) == 0)
819 allowed_roles = DPP_CAPAB_CONFIGURATOR |
820 DPP_CAPAB_ENROLLEE;
821 else
822 goto fail;
823 }
824
825 pos = os_strstr(cmd, " netrole=");
826 if (pos) {
827 pos += 9;
828 if (os_strncmp(pos, "ap", 2) == 0)
829 wpa_s->dpp_netrole = DPP_NETROLE_AP;
830 else if (os_strncmp(pos, "configurator", 12) == 0)
831 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
832 else
833 wpa_s->dpp_netrole = DPP_NETROLE_STA;
834 } else {
835 wpa_s->dpp_netrole = DPP_NETROLE_STA;
836 }
837
838 pos = os_strstr(cmd, " neg_freq=");
839 if (pos)
840 neg_freq = atoi(pos + 10);
841
842 if (!tcp && wpa_s->dpp_auth) {
843 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
844 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
845 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
846 NULL);
847 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
848 NULL);
849 #ifdef CONFIG_DPP2
850 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
851 wpa_s, NULL);
852 #endif /* CONFIG_DPP2 */
853 offchannel_send_action_done(wpa_s);
854 dpp_auth_deinit(wpa_s->dpp_auth);
855 wpa_s->dpp_auth = NULL;
856 }
857
858 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles,
859 neg_freq, wpa_s->hw.modes, wpa_s->hw.num_modes);
860 if (!auth)
861 goto fail;
862 wpas_dpp_set_testing_options(wpa_s, auth);
863 if (dpp_set_configurator(auth, cmd) < 0) {
864 dpp_auth_deinit(auth);
865 goto fail;
866 }
867
868 auth->neg_freq = neg_freq;
869
870 if (!is_zero_ether_addr(peer_bi->mac_addr))
871 os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN);
872
873 #ifdef CONFIG_DPP2
874 if (tcp)
875 return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port,
876 wpa_s->conf->dpp_name, DPP_NETROLE_STA,
877 wpa_s, wpa_s, wpas_dpp_process_conf_obj);
878 #endif /* CONFIG_DPP2 */
879
880 wpa_s->dpp_auth = auth;
881 return wpas_dpp_auth_init_next(wpa_s);
882 fail:
883 return -1;
884 }
885
886
887 struct wpas_dpp_listen_work {
888 unsigned int freq;
889 unsigned int duration;
890 struct wpabuf *probe_resp_ie;
891 };
892
893
wpas_dpp_listen_work_free(struct wpas_dpp_listen_work * lwork)894 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
895 {
896 if (!lwork)
897 return;
898 os_free(lwork);
899 }
900
901
wpas_dpp_listen_work_done(struct wpa_supplicant * wpa_s)902 static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
903 {
904 struct wpas_dpp_listen_work *lwork;
905
906 if (!wpa_s->dpp_listen_work)
907 return;
908
909 lwork = wpa_s->dpp_listen_work->ctx;
910 wpas_dpp_listen_work_free(lwork);
911 radio_work_done(wpa_s->dpp_listen_work);
912 wpa_s->dpp_listen_work = NULL;
913 }
914
915
dpp_start_listen_cb(struct wpa_radio_work * work,int deinit)916 static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
917 {
918 struct wpa_supplicant *wpa_s = work->wpa_s;
919 struct wpas_dpp_listen_work *lwork = work->ctx;
920
921 if (deinit) {
922 if (work->started) {
923 wpa_s->dpp_listen_work = NULL;
924 wpas_dpp_listen_stop(wpa_s);
925 }
926 wpas_dpp_listen_work_free(lwork);
927 return;
928 }
929
930 wpa_s->dpp_listen_work = work;
931
932 wpa_s->dpp_pending_listen_freq = lwork->freq;
933
934 if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
935 wpa_s->max_remain_on_chan) < 0) {
936 wpa_printf(MSG_DEBUG,
937 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
938 lwork->freq);
939 wpa_s->dpp_listen_freq = 0;
940 wpas_dpp_listen_work_done(wpa_s);
941 wpa_s->dpp_pending_listen_freq = 0;
942 return;
943 }
944 wpa_s->off_channel_freq = 0;
945 wpa_s->roc_waiting_drv_freq = lwork->freq;
946 wpa_drv_dpp_listen(wpa_s, true);
947 }
948
949
wpas_dpp_listen_start(struct wpa_supplicant * wpa_s,unsigned int freq)950 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
951 unsigned int freq)
952 {
953 struct wpas_dpp_listen_work *lwork;
954
955 if (wpa_s->dpp_listen_work) {
956 wpa_printf(MSG_DEBUG,
957 "DPP: Reject start_listen since dpp_listen_work already exists");
958 return -1;
959 }
960
961 if (wpa_s->dpp_listen_freq)
962 wpas_dpp_listen_stop(wpa_s);
963 wpa_s->dpp_listen_freq = freq;
964
965 lwork = os_zalloc(sizeof(*lwork));
966 if (!lwork)
967 return -1;
968 lwork->freq = freq;
969
970 if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
971 lwork) < 0) {
972 wpas_dpp_listen_work_free(lwork);
973 return -1;
974 }
975
976 return 0;
977 }
978
979
wpas_dpp_listen(struct wpa_supplicant * wpa_s,const char * cmd)980 int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
981 {
982 int freq;
983
984 freq = atoi(cmd);
985 if (freq <= 0)
986 return -1;
987
988 if (os_strstr(cmd, " role=configurator"))
989 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
990 else if (os_strstr(cmd, " role=enrollee"))
991 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
992 else
993 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
994 DPP_CAPAB_ENROLLEE;
995 wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
996 if (os_strstr(cmd, " netrole=ap"))
997 wpa_s->dpp_netrole = DPP_NETROLE_AP;
998 else if (os_strstr(cmd, " netrole=configurator"))
999 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
1000 else
1001 wpa_s->dpp_netrole = DPP_NETROLE_STA;
1002 if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
1003 wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
1004 freq);
1005 return 0;
1006 }
1007
1008 return wpas_dpp_listen_start(wpa_s, freq);
1009 }
1010
1011
wpas_dpp_listen_stop(struct wpa_supplicant * wpa_s)1012 void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
1013 {
1014 wpa_s->dpp_in_response_listen = 0;
1015 if (!wpa_s->dpp_listen_freq)
1016 return;
1017
1018 wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
1019 wpa_s->dpp_listen_freq);
1020 wpa_drv_cancel_remain_on_channel(wpa_s);
1021 wpa_drv_dpp_listen(wpa_s, false);
1022 wpa_s->dpp_listen_freq = 0;
1023 wpas_dpp_listen_work_done(wpa_s);
1024 radio_remove_works(wpa_s, "dpp-listen", 0);
1025 }
1026
1027
wpas_dpp_remain_on_channel_cb(struct wpa_supplicant * wpa_s,unsigned int freq,unsigned int duration)1028 void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
1029 unsigned int freq, unsigned int duration)
1030 {
1031 if (wpa_s->dpp_listen_freq != freq)
1032 return;
1033
1034 wpa_printf(MSG_DEBUG,
1035 "DPP: Remain-on-channel started for listen on %u MHz for %u ms",
1036 freq, duration);
1037 os_get_reltime(&wpa_s->dpp_listen_end);
1038 wpa_s->dpp_listen_end.usec += duration * 1000;
1039 while (wpa_s->dpp_listen_end.usec >= 1000000) {
1040 wpa_s->dpp_listen_end.sec++;
1041 wpa_s->dpp_listen_end.usec -= 1000000;
1042 }
1043 }
1044
1045
wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant * wpa_s,unsigned int freq)1046 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
1047 unsigned int freq)
1048 {
1049 wpas_dpp_listen_work_done(wpa_s);
1050
1051 if (wpa_s->dpp_auth && wpa_s->dpp_in_response_listen) {
1052 unsigned int new_freq;
1053
1054 /* Continue listen with a new remain-on-channel */
1055 if (wpa_s->dpp_auth->neg_freq > 0)
1056 new_freq = wpa_s->dpp_auth->neg_freq;
1057 else
1058 new_freq = wpa_s->dpp_auth->curr_freq;
1059 wpa_printf(MSG_DEBUG,
1060 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
1061 new_freq);
1062 wpas_dpp_listen_start(wpa_s, new_freq);
1063 return;
1064 }
1065
1066 if (wpa_s->dpp_listen_freq) {
1067 /* Continue listen with a new remain-on-channel */
1068 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
1069 }
1070 }
1071
1072
wpas_dpp_rx_auth_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1073 static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
1074 const u8 *hdr, const u8 *buf, size_t len,
1075 unsigned int freq)
1076 {
1077 const u8 *r_bootstrap, *i_bootstrap;
1078 u16 r_bootstrap_len, i_bootstrap_len;
1079 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
1080
1081 if (!wpa_s->dpp)
1082 return;
1083
1084 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
1085 MAC2STR(src));
1086
1087 #ifdef CONFIG_DPP2
1088 wpas_dpp_chirp_stop(wpa_s);
1089 #endif /* CONFIG_DPP2 */
1090
1091 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
1092 &r_bootstrap_len);
1093 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
1094 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1095 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
1096 return;
1097 }
1098 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
1099 r_bootstrap, r_bootstrap_len);
1100
1101 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
1102 &i_bootstrap_len);
1103 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
1104 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1105 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
1106 return;
1107 }
1108 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
1109 i_bootstrap, i_bootstrap_len);
1110
1111 /* Try to find own and peer bootstrapping key matches based on the
1112 * received hash values */
1113 dpp_bootstrap_find_pair(wpa_s->dpp, i_bootstrap, r_bootstrap,
1114 &own_bi, &peer_bi);
1115 if (!own_bi) {
1116 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1117 "No matching own bootstrapping key found - ignore message");
1118 return;
1119 }
1120
1121 if (wpa_s->dpp_auth) {
1122 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1123 "Already in DPP authentication exchange - ignore new one");
1124 return;
1125 }
1126
1127 wpa_s->dpp_gas_client = 0;
1128 wpa_s->dpp_auth_ok_on_ack = 0;
1129 wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s->dpp, wpa_s,
1130 wpa_s->dpp_allowed_roles,
1131 wpa_s->dpp_qr_mutual,
1132 peer_bi, own_bi, freq, hdr, buf, len);
1133 if (!wpa_s->dpp_auth) {
1134 wpa_printf(MSG_DEBUG, "DPP: No response generated");
1135 return;
1136 }
1137 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
1138 if (dpp_set_configurator(wpa_s->dpp_auth,
1139 wpa_s->dpp_configurator_params) < 0) {
1140 dpp_auth_deinit(wpa_s->dpp_auth);
1141 wpa_s->dpp_auth = NULL;
1142 return;
1143 }
1144 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
1145
1146 if (wpa_s->dpp_listen_freq &&
1147 wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) {
1148 wpa_printf(MSG_DEBUG,
1149 "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
1150 wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq);
1151 wpas_dpp_listen_stop(wpa_s);
1152 }
1153
1154 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1155 MAC2STR(src), wpa_s->dpp_auth->curr_freq,
1156 DPP_PA_AUTHENTICATION_RESP);
1157 offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
1158 src, wpa_s->own_addr, broadcast,
1159 wpabuf_head(wpa_s->dpp_auth->resp_msg),
1160 wpabuf_len(wpa_s->dpp_auth->resp_msg),
1161 500, wpas_dpp_tx_status, 0);
1162 }
1163
1164
wpas_dpp_start_gas_server(struct wpa_supplicant * wpa_s)1165 static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
1166 {
1167 /* TODO: stop wait and start ROC */
1168 }
1169
1170
wpas_dpp_add_network(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1171 static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
1172 struct dpp_authentication *auth,
1173 struct dpp_config_obj *conf)
1174 {
1175 struct wpa_ssid *ssid;
1176
1177 #ifdef CONFIG_DPP2
1178 if (conf->akm == DPP_AKM_SAE) {
1179 #ifdef CONFIG_SAE
1180 struct wpa_driver_capa capa;
1181 int res;
1182
1183 res = wpa_drv_get_capa(wpa_s, &capa);
1184 if (res == 0 &&
1185 !(capa.key_mgmt_iftype[WPA_IF_STATION] &
1186 WPA_DRIVER_CAPA_KEY_MGMT_SAE) &&
1187 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
1188 wpa_printf(MSG_DEBUG,
1189 "DPP: SAE not supported by the driver");
1190 return NULL;
1191 }
1192 #else /* CONFIG_SAE */
1193 wpa_printf(MSG_DEBUG, "DPP: SAE not supported in the build");
1194 return NULL;
1195 #endif /* CONFIG_SAE */
1196 }
1197 #endif /* CONFIG_DPP2 */
1198
1199 ssid = wpa_config_add_network(wpa_s->conf);
1200 if (!ssid)
1201 return NULL;
1202 wpas_notify_network_added(wpa_s, ssid);
1203 wpa_config_set_network_defaults(ssid);
1204 ssid->disabled = 1;
1205
1206 ssid->ssid = os_malloc(conf->ssid_len);
1207 if (!ssid->ssid)
1208 goto fail;
1209 os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);
1210 ssid->ssid_len = conf->ssid_len;
1211
1212 if (conf->connector) {
1213 if (dpp_akm_dpp(conf->akm)) {
1214 ssid->key_mgmt = WPA_KEY_MGMT_DPP;
1215 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
1216 }
1217 ssid->dpp_connector = os_strdup(conf->connector);
1218 if (!ssid->dpp_connector)
1219 goto fail;
1220 }
1221
1222 if (conf->c_sign_key) {
1223 ssid->dpp_csign = os_malloc(wpabuf_len(conf->c_sign_key));
1224 if (!ssid->dpp_csign)
1225 goto fail;
1226 os_memcpy(ssid->dpp_csign, wpabuf_head(conf->c_sign_key),
1227 wpabuf_len(conf->c_sign_key));
1228 ssid->dpp_csign_len = wpabuf_len(conf->c_sign_key);
1229 }
1230
1231 if (conf->pp_key) {
1232 ssid->dpp_pp_key = os_malloc(wpabuf_len(conf->pp_key));
1233 if (!ssid->dpp_pp_key)
1234 goto fail;
1235 os_memcpy(ssid->dpp_pp_key, wpabuf_head(conf->pp_key),
1236 wpabuf_len(conf->pp_key));
1237 ssid->dpp_pp_key_len = wpabuf_len(conf->pp_key);
1238 }
1239
1240 if (auth->net_access_key) {
1241 ssid->dpp_netaccesskey =
1242 os_malloc(wpabuf_len(auth->net_access_key));
1243 if (!ssid->dpp_netaccesskey)
1244 goto fail;
1245 os_memcpy(ssid->dpp_netaccesskey,
1246 wpabuf_head(auth->net_access_key),
1247 wpabuf_len(auth->net_access_key));
1248 ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key);
1249 ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry;
1250 }
1251
1252 if (!conf->connector || dpp_akm_psk(conf->akm) ||
1253 dpp_akm_sae(conf->akm)) {
1254 if (!conf->connector || !dpp_akm_dpp(conf->akm))
1255 ssid->key_mgmt = 0;
1256 if (dpp_akm_psk(conf->akm))
1257 ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
1258 WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK;
1259 if (dpp_akm_sae(conf->akm))
1260 ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
1261 WPA_KEY_MGMT_FT_SAE;
1262 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
1263 if (conf->passphrase[0]) {
1264 if (wpa_config_set_quoted(ssid, "psk",
1265 conf->passphrase) < 0)
1266 goto fail;
1267 wpa_config_update_psk(ssid);
1268 ssid->export_keys = 1;
1269 } else {
1270 ssid->psk_set = conf->psk_set;
1271 os_memcpy(ssid->psk, conf->psk, PMK_LEN);
1272 }
1273 }
1274
1275 #if defined(CONFIG_DPP2) && defined(IEEE8021X_EAPOL)
1276 if (conf->akm == DPP_AKM_DOT1X) {
1277 int i;
1278 char name[100], blobname[128];
1279 struct wpa_config_blob *blob;
1280
1281 ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X |
1282 WPA_KEY_MGMT_IEEE8021X_SHA256 |
1283 WPA_KEY_MGMT_IEEE8021X_SHA256;
1284 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
1285
1286 if (conf->cacert) {
1287 /* caCert is DER-encoded X.509v3 certificate for the
1288 * server certificate if that is different from the
1289 * trust root included in certBag. */
1290 /* TODO: ssid->eap.cert.ca_cert */
1291 }
1292
1293 if (conf->certs) {
1294 for (i = 0; ; i++) {
1295 os_snprintf(name, sizeof(name), "dpp-certs-%d",
1296 i);
1297 if (!wpa_config_get_blob(wpa_s->conf, name))
1298 break;
1299 }
1300
1301 blob = os_zalloc(sizeof(*blob));
1302 if (!blob)
1303 goto fail;
1304 blob->len = wpabuf_len(conf->certs);
1305 blob->name = os_strdup(name);
1306 blob->data = os_malloc(blob->len);
1307 if (!blob->name || !blob->data) {
1308 wpa_config_free_blob(blob);
1309 goto fail;
1310 }
1311 os_memcpy(blob->data, wpabuf_head(conf->certs),
1312 blob->len);
1313 os_snprintf(blobname, sizeof(blobname), "blob://%s",
1314 name);
1315 wpa_config_set_blob(wpa_s->conf, blob);
1316 wpa_printf(MSG_DEBUG, "DPP: Added certificate blob %s",
1317 name);
1318 ssid->eap.cert.client_cert = os_strdup(blobname);
1319 if (!ssid->eap.cert.client_cert)
1320 goto fail;
1321
1322 /* TODO: ssid->eap.identity from own certificate */
1323 if (wpa_config_set(ssid, "identity", "\"dpp-ent\"",
1324 0) < 0)
1325 goto fail;
1326 }
1327
1328 if (auth->priv_key) {
1329 for (i = 0; ; i++) {
1330 os_snprintf(name, sizeof(name), "dpp-key-%d",
1331 i);
1332 if (!wpa_config_get_blob(wpa_s->conf, name))
1333 break;
1334 }
1335
1336 blob = os_zalloc(sizeof(*blob));
1337 if (!blob)
1338 goto fail;
1339 blob->len = wpabuf_len(auth->priv_key);
1340 blob->name = os_strdup(name);
1341 blob->data = os_malloc(blob->len);
1342 if (!blob->name || !blob->data) {
1343 wpa_config_free_blob(blob);
1344 goto fail;
1345 }
1346 os_memcpy(blob->data, wpabuf_head(auth->priv_key),
1347 blob->len);
1348 os_snprintf(blobname, sizeof(blobname), "blob://%s",
1349 name);
1350 wpa_config_set_blob(wpa_s->conf, blob);
1351 wpa_printf(MSG_DEBUG, "DPP: Added private key blob %s",
1352 name);
1353 ssid->eap.cert.private_key = os_strdup(blobname);
1354 if (!ssid->eap.cert.private_key)
1355 goto fail;
1356 }
1357
1358 if (conf->server_name) {
1359 ssid->eap.cert.domain_suffix_match =
1360 os_strdup(conf->server_name);
1361 if (!ssid->eap.cert.domain_suffix_match)
1362 goto fail;
1363 }
1364
1365 /* TODO: Use entCreds::eapMethods */
1366 if (wpa_config_set(ssid, "eap", "TLS", 0) < 0)
1367 goto fail;
1368 }
1369 #endif /* CONFIG_DPP2 && IEEE8021X_EAPOL */
1370
1371 os_memcpy(wpa_s->dpp_last_ssid, conf->ssid, conf->ssid_len);
1372 wpa_s->dpp_last_ssid_len = conf->ssid_len;
1373
1374 return ssid;
1375 fail:
1376 wpas_notify_network_removed(wpa_s, ssid);
1377 wpa_config_remove_network(wpa_s->conf, ssid->id);
1378 return NULL;
1379 }
1380
1381
wpas_dpp_process_config(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1382 static int wpas_dpp_process_config(struct wpa_supplicant *wpa_s,
1383 struct dpp_authentication *auth,
1384 struct dpp_config_obj *conf)
1385 {
1386 struct wpa_ssid *ssid;
1387
1388 if (wpa_s->conf->dpp_config_processing < 1)
1389 return 0;
1390
1391 ssid = wpas_dpp_add_network(wpa_s, auth, conf);
1392 if (!ssid)
1393 return -1;
1394
1395 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id);
1396 if (wpa_s->conf->dpp_config_processing == 2)
1397 ssid->disabled = 0;
1398
1399 #ifndef CONFIG_NO_CONFIG_WRITE
1400 if (wpa_s->conf->update_config &&
1401 wpa_config_write(wpa_s->confname, wpa_s->conf))
1402 wpa_printf(MSG_DEBUG, "DPP: Failed to update configuration");
1403 #endif /* CONFIG_NO_CONFIG_WRITE */
1404
1405 return 0;
1406 }
1407
1408
wpas_dpp_post_process_config(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth)1409 static void wpas_dpp_post_process_config(struct wpa_supplicant *wpa_s,
1410 struct dpp_authentication *auth)
1411 {
1412 #ifdef CONFIG_DPP2
1413 if (auth->reconfig && wpa_s->dpp_reconfig_ssid &&
1414 wpa_config_get_network(wpa_s->conf, wpa_s->dpp_reconfig_ssid_id) ==
1415 wpa_s->dpp_reconfig_ssid) {
1416 wpa_printf(MSG_DEBUG,
1417 "DPP: Remove reconfigured network profile");
1418 wpas_notify_network_removed(wpa_s, wpa_s->dpp_reconfig_ssid);
1419 wpa_config_remove_network(wpa_s->conf,
1420 wpa_s->dpp_reconfig_ssid_id);
1421 wpa_s->dpp_reconfig_ssid = NULL;
1422 wpa_s->dpp_reconfig_ssid_id = -1;
1423 }
1424 #endif /* CONFIG_DPP2 */
1425
1426 if (wpa_s->conf->dpp_config_processing < 2)
1427 return;
1428
1429 #ifdef CONFIG_DPP2
1430 if (auth->peer_version >= 2) {
1431 wpa_printf(MSG_DEBUG,
1432 "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result");
1433 auth->connect_on_tx_status = 1;
1434 return;
1435 }
1436 #endif /* CONFIG_DPP2 */
1437
1438 wpas_dpp_try_to_connect(wpa_s);
1439 }
1440
1441
wpas_dpp_handle_config_obj(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1442 static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
1443 struct dpp_authentication *auth,
1444 struct dpp_config_obj *conf)
1445 {
1446 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1447 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_AKM "%s",
1448 dpp_akm_str(conf->akm));
1449 if (conf->ssid_len)
1450 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
1451 wpa_ssid_txt(conf->ssid, conf->ssid_len));
1452 if (conf->ssid_charset)
1453 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID_CHARSET "%d",
1454 conf->ssid_charset);
1455 if (conf->connector) {
1456 /* TODO: Save the Connector and consider using a command
1457 * to fetch the value instead of sending an event with
1458 * it. The Connector could end up being larger than what
1459 * most clients are ready to receive as an event
1460 * message. */
1461 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
1462 conf->connector);
1463 }
1464 if (conf->passphrase[0]) {
1465 char hex[64 * 2 + 1];
1466
1467 wpa_snprintf_hex(hex, sizeof(hex),
1468 (const u8 *) conf->passphrase,
1469 os_strlen(conf->passphrase));
1470 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PASS "%s",
1471 hex);
1472 } else if (conf->psk_set) {
1473 char hex[PMK_LEN * 2 + 1];
1474
1475 wpa_snprintf_hex(hex, sizeof(hex), conf->psk, PMK_LEN);
1476 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s",
1477 hex);
1478 }
1479 if (conf->c_sign_key) {
1480 char *hex;
1481 size_t hexlen;
1482
1483 hexlen = 2 * wpabuf_len(conf->c_sign_key) + 1;
1484 hex = os_malloc(hexlen);
1485 if (hex) {
1486 wpa_snprintf_hex(hex, hexlen,
1487 wpabuf_head(conf->c_sign_key),
1488 wpabuf_len(conf->c_sign_key));
1489 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
1490 hex);
1491 os_free(hex);
1492 }
1493 }
1494 if (conf->pp_key) {
1495 char *hex;
1496 size_t hexlen;
1497
1498 hexlen = 2 * wpabuf_len(conf->pp_key) + 1;
1499 hex = os_malloc(hexlen);
1500 if (hex) {
1501 wpa_snprintf_hex(hex, hexlen,
1502 wpabuf_head(conf->pp_key),
1503 wpabuf_len(conf->pp_key));
1504 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PP_KEY "%s", hex);
1505 os_free(hex);
1506 }
1507 }
1508 if (auth->net_access_key) {
1509 char *hex;
1510 size_t hexlen;
1511
1512 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
1513 hex = os_malloc(hexlen);
1514 if (hex) {
1515 wpa_snprintf_hex(hex, hexlen,
1516 wpabuf_head(auth->net_access_key),
1517 wpabuf_len(auth->net_access_key));
1518 if (auth->net_access_key_expiry)
1519 wpa_msg(wpa_s, MSG_INFO,
1520 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
1521 (long unsigned)
1522 auth->net_access_key_expiry);
1523 else
1524 wpa_msg(wpa_s, MSG_INFO,
1525 DPP_EVENT_NET_ACCESS_KEY "%s", hex);
1526 os_free(hex);
1527 }
1528 }
1529
1530 #ifdef CONFIG_DPP2
1531 if (conf->certbag) {
1532 char *b64;
1533
1534 b64 = base64_encode_no_lf(wpabuf_head(conf->certbag),
1535 wpabuf_len(conf->certbag), NULL);
1536 if (b64)
1537 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CERTBAG "%s", b64);
1538 os_free(b64);
1539 }
1540
1541 if (conf->cacert) {
1542 char *b64;
1543
1544 b64 = base64_encode_no_lf(wpabuf_head(conf->cacert),
1545 wpabuf_len(conf->cacert), NULL);
1546 if (b64)
1547 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CACERT "%s", b64);
1548 os_free(b64);
1549 }
1550
1551 if (conf->server_name)
1552 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_SERVER_NAME "%s",
1553 conf->server_name);
1554 #endif /* CONFIG_DPP2 */
1555
1556 return wpas_dpp_process_config(wpa_s, auth, conf);
1557 }
1558
1559
wpas_dpp_handle_key_pkg(struct wpa_supplicant * wpa_s,struct dpp_asymmetric_key * key)1560 static int wpas_dpp_handle_key_pkg(struct wpa_supplicant *wpa_s,
1561 struct dpp_asymmetric_key *key)
1562 {
1563 #ifdef CONFIG_DPP2
1564 int res;
1565
1566 if (!key)
1567 return 0;
1568
1569 wpa_printf(MSG_DEBUG, "DPP: Received Configurator backup");
1570 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1571 wpa_s->dpp_conf_backup_received = true;
1572
1573 while (key) {
1574 res = dpp_configurator_from_backup(wpa_s->dpp, key);
1575 if (res < 0)
1576 return -1;
1577 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFIGURATOR_ID "%d",
1578 res);
1579 key = key->next;
1580 }
1581 #endif /* CONFIG_DPP2 */
1582
1583 return 0;
1584 }
1585
1586
1587 #ifdef CONFIG_DPP2
wpas_dpp_build_csr(void * eloop_ctx,void * timeout_ctx)1588 static void wpas_dpp_build_csr(void *eloop_ctx, void *timeout_ctx)
1589 {
1590 struct wpa_supplicant *wpa_s = eloop_ctx;
1591 struct dpp_authentication *auth = wpa_s->dpp_auth;
1592
1593 if (!auth || !auth->csrattrs)
1594 return;
1595
1596 wpa_printf(MSG_DEBUG, "DPP: Build CSR");
1597 wpabuf_free(auth->csr);
1598 /* TODO: Additional information needed for CSR based on csrAttrs */
1599 auth->csr = dpp_build_csr(auth, wpa_s->conf->dpp_name ?
1600 wpa_s->conf->dpp_name : "Test");
1601 if (!auth->csr) {
1602 dpp_auth_deinit(wpa_s->dpp_auth);
1603 wpa_s->dpp_auth = NULL;
1604 return;
1605 }
1606
1607 wpas_dpp_start_gas_client(wpa_s);
1608 }
1609 #endif /* CONFIG_DPP2 */
1610
1611
wpas_dpp_gas_resp_cb(void * ctx,const u8 * addr,u8 dialog_token,enum gas_query_result result,const struct wpabuf * adv_proto,const struct wpabuf * resp,u16 status_code)1612 static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
1613 enum gas_query_result result,
1614 const struct wpabuf *adv_proto,
1615 const struct wpabuf *resp, u16 status_code)
1616 {
1617 struct wpa_supplicant *wpa_s = ctx;
1618 const u8 *pos;
1619 struct dpp_authentication *auth = wpa_s->dpp_auth;
1620 int res;
1621 enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED;
1622 unsigned int i;
1623
1624 wpa_s->dpp_gas_dialog_token = -1;
1625
1626 if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
1627 os_memcmp(addr, auth->peer_mac_addr, ETH_ALEN) != 0) {
1628 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1629 return;
1630 }
1631 if (result != GAS_QUERY_SUCCESS ||
1632 !resp || status_code != WLAN_STATUS_SUCCESS) {
1633 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
1634 goto fail;
1635 }
1636
1637 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
1638 adv_proto);
1639 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
1640 resp);
1641
1642 if (wpabuf_len(adv_proto) != 10 ||
1643 !(pos = wpabuf_head(adv_proto)) ||
1644 pos[0] != WLAN_EID_ADV_PROTO ||
1645 pos[1] != 8 ||
1646 pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
1647 pos[4] != 5 ||
1648 WPA_GET_BE24(&pos[5]) != OUI_WFA ||
1649 pos[8] != 0x1a ||
1650 pos[9] != 1) {
1651 wpa_printf(MSG_DEBUG,
1652 "DPP: Not a DPP Advertisement Protocol ID");
1653 goto fail;
1654 }
1655
1656 res = dpp_conf_resp_rx(auth, resp);
1657 #ifdef CONFIG_DPP2
1658 if (res == -2) {
1659 wpa_printf(MSG_DEBUG, "DPP: CSR needed");
1660 eloop_register_timeout(0, 0, wpas_dpp_build_csr, wpa_s, NULL);
1661 return;
1662 }
1663 #endif /* CONFIG_DPP2 */
1664 if (res < 0) {
1665 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
1666 goto fail;
1667 }
1668
1669 wpa_s->dpp_conf_backup_received = false;
1670 for (i = 0; i < auth->num_conf_obj; i++) {
1671 res = wpas_dpp_handle_config_obj(wpa_s, auth,
1672 &auth->conf_obj[i]);
1673 if (res < 0)
1674 goto fail;
1675 }
1676 if (auth->num_conf_obj)
1677 wpas_dpp_post_process_config(wpa_s, auth);
1678 if (wpas_dpp_handle_key_pkg(wpa_s, auth->conf_key_pkg) < 0)
1679 goto fail;
1680
1681 status = DPP_STATUS_OK;
1682 #ifdef CONFIG_TESTING_OPTIONS
1683 if (dpp_test == DPP_TEST_REJECT_CONFIG) {
1684 wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object");
1685 status = DPP_STATUS_CONFIG_REJECTED;
1686 }
1687 #endif /* CONFIG_TESTING_OPTIONS */
1688 fail:
1689 if (status != DPP_STATUS_OK)
1690 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1691 #ifdef CONFIG_DPP2
1692 if (auth->peer_version >= 2 &&
1693 auth->conf_resp_status == DPP_STATUS_OK) {
1694 struct wpabuf *msg;
1695
1696 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
1697 msg = dpp_build_conf_result(auth, status);
1698 if (!msg)
1699 goto fail2;
1700
1701 wpa_msg(wpa_s, MSG_INFO,
1702 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1703 MAC2STR(addr), auth->curr_freq,
1704 DPP_PA_CONFIGURATION_RESULT);
1705 offchannel_send_action(wpa_s, auth->curr_freq,
1706 addr, wpa_s->own_addr, broadcast,
1707 wpabuf_head(msg),
1708 wpabuf_len(msg),
1709 500, wpas_dpp_tx_status, 0);
1710 wpabuf_free(msg);
1711
1712 /* This exchange will be terminated in the TX status handler */
1713 if (wpa_s->conf->dpp_config_processing < 2 ||
1714 wpa_s->dpp_conf_backup_received)
1715 auth->remove_on_tx_status = 1;
1716 return;
1717 }
1718 fail2:
1719 #endif /* CONFIG_DPP2 */
1720 dpp_auth_deinit(wpa_s->dpp_auth);
1721 wpa_s->dpp_auth = NULL;
1722 }
1723
1724
wpas_dpp_start_gas_client(struct wpa_supplicant * wpa_s)1725 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
1726 {
1727 struct dpp_authentication *auth = wpa_s->dpp_auth;
1728 struct wpabuf *buf;
1729 int res;
1730 int *supp_op_classes;
1731
1732 wpa_s->dpp_gas_client = 1;
1733 offchannel_send_action_done(wpa_s);
1734 wpas_dpp_listen_stop(wpa_s);
1735
1736 supp_op_classes = wpas_supp_op_classes(wpa_s);
1737 buf = dpp_build_conf_req_helper(auth, wpa_s->conf->dpp_name,
1738 wpa_s->dpp_netrole,
1739 wpa_s->conf->dpp_mud_url,
1740 supp_op_classes);
1741 os_free(supp_op_classes);
1742 if (!buf) {
1743 wpa_printf(MSG_DEBUG,
1744 "DPP: No configuration request data available");
1745 return;
1746 }
1747
1748 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
1749 MAC2STR(auth->peer_mac_addr), auth->curr_freq);
1750
1751 res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
1752 1, 1, buf, wpas_dpp_gas_resp_cb, wpa_s);
1753 if (res < 0) {
1754 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
1755 wpabuf_free(buf);
1756 } else {
1757 wpa_printf(MSG_DEBUG,
1758 "DPP: GAS query started with dialog token %u", res);
1759 wpa_s->dpp_gas_dialog_token = res;
1760 }
1761 }
1762
1763
wpas_dpp_auth_success(struct wpa_supplicant * wpa_s,int initiator)1764 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
1765 {
1766 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
1767 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d", initiator);
1768 #ifdef CONFIG_TESTING_OPTIONS
1769 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
1770 wpa_printf(MSG_INFO,
1771 "DPP: TESTING - stop at Authentication Confirm");
1772 if (wpa_s->dpp_auth->configurator) {
1773 /* Prevent GAS response */
1774 wpa_s->dpp_auth->auth_success = 0;
1775 }
1776 return;
1777 }
1778 #endif /* CONFIG_TESTING_OPTIONS */
1779
1780 if (wpa_s->dpp_auth->configurator)
1781 wpas_dpp_start_gas_server(wpa_s);
1782 else
1783 wpas_dpp_start_gas_client(wpa_s);
1784 }
1785
1786
wpas_dpp_rx_auth_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1787 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1788 const u8 *hdr, const u8 *buf, size_t len,
1789 unsigned int freq)
1790 {
1791 struct dpp_authentication *auth = wpa_s->dpp_auth;
1792 struct wpabuf *msg;
1793
1794 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR
1795 " (freq %u MHz)", MAC2STR(src), freq);
1796
1797 if (!auth) {
1798 wpa_printf(MSG_DEBUG,
1799 "DPP: No DPP Authentication in progress - drop");
1800 return;
1801 }
1802
1803 if (!is_zero_ether_addr(auth->peer_mac_addr) &&
1804 os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1805 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1806 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1807 return;
1808 }
1809
1810 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
1811
1812 if (auth->curr_freq != freq && auth->neg_freq == freq) {
1813 wpa_printf(MSG_DEBUG,
1814 "DPP: Responder accepted request for different negotiation channel");
1815 auth->curr_freq = freq;
1816 }
1817
1818 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
1819 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
1820 if (!msg) {
1821 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
1822 wpa_printf(MSG_DEBUG,
1823 "DPP: Start wait for full response");
1824 offchannel_send_action_done(wpa_s);
1825 wpas_dpp_listen_start(wpa_s, auth->curr_freq);
1826 return;
1827 }
1828 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
1829 return;
1830 }
1831 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
1832
1833 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1834 MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF);
1835 offchannel_send_action(wpa_s, auth->curr_freq,
1836 src, wpa_s->own_addr, broadcast,
1837 wpabuf_head(msg), wpabuf_len(msg),
1838 500, wpas_dpp_tx_status, 0);
1839 wpabuf_free(msg);
1840 wpa_s->dpp_auth_ok_on_ack = 1;
1841 }
1842
1843
wpas_dpp_rx_auth_conf(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)1844 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
1845 const u8 *hdr, const u8 *buf, size_t len)
1846 {
1847 struct dpp_authentication *auth = wpa_s->dpp_auth;
1848
1849 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
1850 MAC2STR(src));
1851
1852 if (!auth) {
1853 wpa_printf(MSG_DEBUG,
1854 "DPP: No DPP Authentication in progress - drop");
1855 return;
1856 }
1857
1858 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1859 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1860 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1861 return;
1862 }
1863
1864 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
1865
1866 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
1867 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
1868 return;
1869 }
1870
1871 wpas_dpp_auth_success(wpa_s, 0);
1872 }
1873
1874
1875 #ifdef CONFIG_DPP2
1876
wpas_dpp_config_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)1877 static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx,
1878 void *timeout_ctx)
1879 {
1880 struct wpa_supplicant *wpa_s = eloop_ctx;
1881 struct dpp_authentication *auth = wpa_s->dpp_auth;
1882
1883 if (!auth || !auth->waiting_conf_result)
1884 return;
1885
1886 wpa_printf(MSG_DEBUG,
1887 "DPP: Timeout while waiting for Configuration Result");
1888 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1889 dpp_auth_deinit(auth);
1890 wpa_s->dpp_auth = NULL;
1891 }
1892
1893
wpas_dpp_conn_status_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)1894 static void wpas_dpp_conn_status_result_wait_timeout(void *eloop_ctx,
1895 void *timeout_ctx)
1896 {
1897 struct wpa_supplicant *wpa_s = eloop_ctx;
1898 struct dpp_authentication *auth = wpa_s->dpp_auth;
1899
1900 if (!auth || !auth->waiting_conn_status_result)
1901 return;
1902
1903 wpa_printf(MSG_DEBUG,
1904 "DPP: Timeout while waiting for Connection Status Result");
1905 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT "timeout");
1906 wpas_dpp_listen_stop(wpa_s);
1907 dpp_auth_deinit(auth);
1908 wpa_s->dpp_auth = NULL;
1909 }
1910
1911
wpas_dpp_rx_conf_result(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)1912 static void wpas_dpp_rx_conf_result(struct wpa_supplicant *wpa_s, const u8 *src,
1913 const u8 *hdr, const u8 *buf, size_t len)
1914 {
1915 struct dpp_authentication *auth = wpa_s->dpp_auth;
1916 enum dpp_status_error status;
1917
1918 wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR,
1919 MAC2STR(src));
1920
1921 if (!auth || !auth->waiting_conf_result) {
1922 if (auth &&
1923 os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) == 0 &&
1924 gas_server_response_sent(wpa_s->gas_server,
1925 auth->gas_server_ctx)) {
1926 /* This could happen if the TX status event gets delayed
1927 * long enough for the Enrollee to have time to send
1928 * the next frame before the TX status gets processed
1929 * locally. */
1930 wpa_printf(MSG_DEBUG,
1931 "DPP: GAS response was sent but TX status not yet received - assume it was ACKed since the Enrollee sent the next frame in the sequence");
1932 auth->waiting_conf_result = 1;
1933 } else {
1934 wpa_printf(MSG_DEBUG,
1935 "DPP: No DPP Configuration waiting for result - drop");
1936 return;
1937 }
1938 }
1939
1940 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1941 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1942 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1943 return;
1944 }
1945
1946 status = dpp_conf_result_rx(auth, hdr, buf, len);
1947
1948 if (status == DPP_STATUS_OK && auth->send_conn_status) {
1949 wpa_msg(wpa_s, MSG_INFO,
1950 DPP_EVENT_CONF_SENT "wait_conn_status=1");
1951 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result");
1952 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
1953 wpa_s, NULL);
1954 auth->waiting_conn_status_result = 1;
1955 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
1956 wpa_s, NULL);
1957 eloop_register_timeout(16, 0,
1958 wpas_dpp_conn_status_result_wait_timeout,
1959 wpa_s, NULL);
1960 offchannel_send_action_done(wpa_s);
1961 wpas_dpp_listen_start(wpa_s, auth->neg_freq ? auth->neg_freq :
1962 auth->curr_freq);
1963 return;
1964 }
1965 offchannel_send_action_done(wpa_s);
1966 wpas_dpp_listen_stop(wpa_s);
1967 if (status == DPP_STATUS_OK)
1968 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
1969 else
1970 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1971 dpp_auth_deinit(auth);
1972 wpa_s->dpp_auth = NULL;
1973 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
1974 }
1975
1976
wpas_dpp_rx_conn_status_result(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)1977 static void wpas_dpp_rx_conn_status_result(struct wpa_supplicant *wpa_s,
1978 const u8 *src, const u8 *hdr,
1979 const u8 *buf, size_t len)
1980 {
1981 struct dpp_authentication *auth = wpa_s->dpp_auth;
1982 enum dpp_status_error status;
1983 u8 ssid[SSID_MAX_LEN];
1984 size_t ssid_len = 0;
1985 char *channel_list = NULL;
1986
1987 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result");
1988
1989 if (!auth || !auth->waiting_conn_status_result) {
1990 wpa_printf(MSG_DEBUG,
1991 "DPP: No DPP Configuration waiting for connection status result - drop");
1992 return;
1993 }
1994
1995 status = dpp_conn_status_result_rx(auth, hdr, buf, len,
1996 ssid, &ssid_len, &channel_list);
1997 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT
1998 "result=%d ssid=%s channel_list=%s",
1999 status, wpa_ssid_txt(ssid, ssid_len),
2000 channel_list ? channel_list : "N/A");
2001 os_free(channel_list);
2002 offchannel_send_action_done(wpa_s);
2003 wpas_dpp_listen_stop(wpa_s);
2004 dpp_auth_deinit(auth);
2005 wpa_s->dpp_auth = NULL;
2006 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
2007 wpa_s, NULL);
2008 }
2009
2010
wpas_dpp_process_conf_obj(void * ctx,struct dpp_authentication * auth)2011 static int wpas_dpp_process_conf_obj(void *ctx,
2012 struct dpp_authentication *auth)
2013 {
2014 struct wpa_supplicant *wpa_s = ctx;
2015 unsigned int i;
2016 int res = -1;
2017
2018 for (i = 0; i < auth->num_conf_obj; i++) {
2019 res = wpas_dpp_handle_config_obj(wpa_s, auth,
2020 &auth->conf_obj[i]);
2021 if (res)
2022 break;
2023 }
2024 if (!res)
2025 wpas_dpp_post_process_config(wpa_s, auth);
2026
2027 return res;
2028 }
2029
2030
wpas_dpp_remove_bi(void * ctx,struct dpp_bootstrap_info * bi)2031 static void wpas_dpp_remove_bi(void *ctx, struct dpp_bootstrap_info *bi)
2032 {
2033 struct wpa_supplicant *wpa_s = ctx;
2034
2035 if (bi == wpa_s->dpp_chirp_bi)
2036 wpas_dpp_chirp_stop(wpa_s);
2037 }
2038
2039
2040 static void
wpas_dpp_rx_presence_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2041 wpas_dpp_rx_presence_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
2042 const u8 *hdr, const u8 *buf, size_t len,
2043 unsigned int freq)
2044 {
2045 const u8 *r_bootstrap;
2046 u16 r_bootstrap_len;
2047 struct dpp_bootstrap_info *peer_bi;
2048 struct dpp_authentication *auth;
2049
2050 if (!wpa_s->dpp)
2051 return;
2052
2053 if (wpa_s->dpp_auth) {
2054 wpa_printf(MSG_DEBUG,
2055 "DPP: Ignore Presence Announcement during ongoing Authentication");
2056 return;
2057 }
2058
2059 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement from " MACSTR,
2060 MAC2STR(src));
2061
2062 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
2063 &r_bootstrap_len);
2064 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
2065 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2066 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
2067 return;
2068 }
2069 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
2070 r_bootstrap, r_bootstrap_len);
2071 peer_bi = dpp_bootstrap_find_chirp(wpa_s->dpp, r_bootstrap);
2072 dpp_notify_chirp_received(wpa_s, peer_bi ? (int) peer_bi->id : -1, src,
2073 freq, r_bootstrap);
2074 if (!peer_bi) {
2075 wpa_printf(MSG_DEBUG,
2076 "DPP: No matching bootstrapping information found");
2077 return;
2078 }
2079
2080 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, NULL,
2081 DPP_CAPAB_CONFIGURATOR, freq, NULL, 0);
2082 if (!auth)
2083 return;
2084 wpas_dpp_set_testing_options(wpa_s, auth);
2085 if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
2086 dpp_auth_deinit(auth);
2087 return;
2088 }
2089
2090 auth->neg_freq = freq;
2091
2092 /* The source address of the Presence Announcement frame overrides any
2093 * MAC address information from the bootstrapping information. */
2094 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2095
2096 wpa_s->dpp_auth = auth;
2097 if (wpas_dpp_auth_init_next(wpa_s) < 0) {
2098 dpp_auth_deinit(wpa_s->dpp_auth);
2099 wpa_s->dpp_auth = NULL;
2100 }
2101 }
2102
2103
wpas_dpp_reconfig_reply_wait_timeout(void * eloop_ctx,void * timeout_ctx)2104 static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
2105 void *timeout_ctx)
2106 {
2107 struct wpa_supplicant *wpa_s = eloop_ctx;
2108 struct dpp_authentication *auth = wpa_s->dpp_auth;
2109
2110 if (!auth)
2111 return;
2112
2113 wpa_printf(MSG_DEBUG, "DPP: Reconfig Reply wait timeout");
2114 offchannel_send_action_done(wpa_s);
2115 wpas_dpp_listen_stop(wpa_s);
2116 dpp_auth_deinit(auth);
2117 wpa_s->dpp_auth = NULL;
2118 }
2119
2120
2121 static void
wpas_dpp_rx_reconfig_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2122 wpas_dpp_rx_reconfig_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
2123 const u8 *hdr, const u8 *buf, size_t len,
2124 unsigned int freq)
2125 {
2126 const u8 *csign_hash, *fcgroup, *a_nonce, *e_id;
2127 u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len;
2128 struct dpp_configurator *conf;
2129 struct dpp_authentication *auth;
2130 unsigned int wait_time, max_wait_time;
2131 u16 group;
2132
2133 if (!wpa_s->dpp)
2134 return;
2135
2136 if (wpa_s->dpp_auth) {
2137 wpa_printf(MSG_DEBUG,
2138 "DPP: Ignore Reconfig Announcement during ongoing Authentication");
2139 return;
2140 }
2141
2142 wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement from " MACSTR,
2143 MAC2STR(src));
2144
2145 csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH,
2146 &csign_hash_len);
2147 if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) {
2148 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2149 "Missing or invalid required Configurator C-sign key Hash attribute");
2150 return;
2151 }
2152 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)",
2153 csign_hash, csign_hash_len);
2154 conf = dpp_configurator_find_kid(wpa_s->dpp, csign_hash);
2155 if (!conf) {
2156 wpa_printf(MSG_DEBUG,
2157 "DPP: No matching Configurator information found");
2158 return;
2159 }
2160
2161 fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP,
2162 &fcgroup_len);
2163 if (!fcgroup || fcgroup_len != 2) {
2164 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2165 "Missing or invalid required Finite Cyclic Group attribute");
2166 return;
2167 }
2168 group = WPA_GET_LE16(fcgroup);
2169 wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group);
2170
2171 a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len);
2172 e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len);
2173
2174 auth = dpp_reconfig_init(wpa_s->dpp, wpa_s, conf, freq, group,
2175 a_nonce, a_nonce_len, e_id, e_id_len);
2176 if (!auth)
2177 return;
2178 wpas_dpp_set_testing_options(wpa_s, auth);
2179 if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
2180 dpp_auth_deinit(auth);
2181 return;
2182 }
2183
2184 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2185 wpa_s->dpp_auth = auth;
2186
2187 wpa_s->dpp_in_response_listen = 0;
2188 wpa_s->dpp_auth_ok_on_ack = 0;
2189 wait_time = wpa_s->max_remain_on_chan;
2190 max_wait_time = wpa_s->dpp_resp_wait_time ?
2191 wpa_s->dpp_resp_wait_time : 2000;
2192 if (wait_time > max_wait_time)
2193 wait_time = max_wait_time;
2194 wait_time += 10; /* give the driver some extra time to complete */
2195 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
2196 wpas_dpp_reconfig_reply_wait_timeout,
2197 wpa_s, NULL);
2198 wait_time -= 10;
2199
2200 wpas_dpp_stop_listen_for_tx(wpa_s, freq, wait_time);
2201
2202 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2203 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_REQ);
2204 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2205 wpabuf_head(auth->reconfig_req_msg),
2206 wpabuf_len(auth->reconfig_req_msg),
2207 wait_time, wpas_dpp_tx_status, 0) < 0) {
2208 dpp_auth_deinit(wpa_s->dpp_auth);
2209 wpa_s->dpp_auth = NULL;
2210 }
2211 }
2212
2213
2214 static void
wpas_dpp_rx_reconfig_auth_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2215 wpas_dpp_rx_reconfig_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
2216 const u8 *hdr, const u8 *buf, size_t len,
2217 unsigned int freq)
2218 {
2219 struct wpa_ssid *ssid;
2220 struct dpp_authentication *auth;
2221
2222 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Request from "
2223 MACSTR, MAC2STR(src));
2224
2225 if (!wpa_s->dpp)
2226 return;
2227 if (wpa_s->dpp_auth) {
2228 wpa_printf(MSG_DEBUG,
2229 "DPP: Not ready for reconfiguration - pending authentication exchange in progress");
2230 return;
2231 }
2232 if (!wpa_s->dpp_reconfig_ssid) {
2233 wpa_printf(MSG_DEBUG,
2234 "DPP: Not ready for reconfiguration - not requested");
2235 return;
2236 }
2237 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2238 if (ssid == wpa_s->dpp_reconfig_ssid &&
2239 ssid->id == wpa_s->dpp_reconfig_ssid_id)
2240 break;
2241 }
2242 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2243 !ssid->dpp_csign) {
2244 wpa_printf(MSG_DEBUG,
2245 "DPP: Not ready for reconfiguration - no matching network profile with Connector found");
2246 return;
2247 }
2248
2249 auth = dpp_reconfig_auth_req_rx(wpa_s->dpp, wpa_s, ssid->dpp_connector,
2250 ssid->dpp_netaccesskey,
2251 ssid->dpp_netaccesskey_len,
2252 ssid->dpp_csign, ssid->dpp_csign_len,
2253 freq, hdr, buf, len);
2254 if (!auth)
2255 return;
2256 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2257 wpa_s->dpp_auth = auth;
2258
2259 wpas_dpp_chirp_stop(wpa_s);
2260
2261 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2262 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_RESP);
2263 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2264 wpabuf_head(auth->reconfig_resp_msg),
2265 wpabuf_len(auth->reconfig_resp_msg),
2266 500, wpas_dpp_tx_status, 0) < 0) {
2267 dpp_auth_deinit(wpa_s->dpp_auth);
2268 wpa_s->dpp_auth = NULL;
2269 }
2270 }
2271
2272
2273 static void
wpas_dpp_rx_reconfig_auth_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2274 wpas_dpp_rx_reconfig_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2275 const u8 *hdr, const u8 *buf, size_t len,
2276 unsigned int freq)
2277 {
2278 struct dpp_authentication *auth = wpa_s->dpp_auth;
2279 struct wpabuf *conf;
2280
2281 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response from "
2282 MACSTR, MAC2STR(src));
2283
2284 if (!auth || !auth->reconfig || !auth->configurator) {
2285 wpa_printf(MSG_DEBUG,
2286 "DPP: No DPP Reconfig Authentication in progress - drop");
2287 return;
2288 }
2289
2290 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
2291 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2292 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2293 return;
2294 }
2295
2296 conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len);
2297 if (!conf)
2298 return;
2299
2300 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout, wpa_s, NULL);
2301
2302 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2303 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_CONF);
2304 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2305 wpabuf_head(conf), wpabuf_len(conf),
2306 500, wpas_dpp_tx_status, 0) < 0) {
2307 wpabuf_free(conf);
2308 dpp_auth_deinit(wpa_s->dpp_auth);
2309 wpa_s->dpp_auth = NULL;
2310 return;
2311 }
2312 wpabuf_free(conf);
2313
2314 wpas_dpp_start_gas_server(wpa_s);
2315 }
2316
2317
2318 static void
wpas_dpp_rx_reconfig_auth_conf(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2319 wpas_dpp_rx_reconfig_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
2320 const u8 *hdr, const u8 *buf, size_t len,
2321 unsigned int freq)
2322 {
2323 struct dpp_authentication *auth = wpa_s->dpp_auth;
2324
2325 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Confirm from "
2326 MACSTR, MAC2STR(src));
2327
2328 if (!auth || !auth->reconfig || auth->configurator) {
2329 wpa_printf(MSG_DEBUG,
2330 "DPP: No DPP Reconfig Authentication in progress - drop");
2331 return;
2332 }
2333
2334 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
2335 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2336 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2337 return;
2338 }
2339
2340 if (dpp_reconfig_auth_conf_rx(auth, hdr, buf, len) < 0)
2341 return;
2342
2343 wpas_dpp_start_gas_client(wpa_s);
2344 }
2345
2346 #endif /* CONFIG_DPP2 */
2347
2348
wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len)2349 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
2350 const u8 *src,
2351 const u8 *buf, size_t len)
2352 {
2353 struct wpa_ssid *ssid;
2354 const u8 *connector, *trans_id, *status;
2355 u16 connector_len, trans_id_len, status_len;
2356 #ifdef CONFIG_DPP2
2357 const u8 *version;
2358 u16 version_len;
2359 #endif /* CONFIG_DPP2 */
2360 u8 peer_version = 1;
2361 struct dpp_introduction intro;
2362 struct rsn_pmksa_cache_entry *entry;
2363 struct os_time now;
2364 struct os_reltime rnow;
2365 os_time_t expiry;
2366 unsigned int seconds;
2367 enum dpp_status_error res;
2368
2369 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
2370 MAC2STR(src));
2371 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
2372 os_memcmp(src, wpa_s->dpp_intro_bssid, ETH_ALEN) != 0) {
2373 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
2374 MACSTR " - drop", MAC2STR(src));
2375 return;
2376 }
2377 offchannel_send_action_done(wpa_s);
2378
2379 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2380 if (ssid == wpa_s->dpp_intro_network)
2381 break;
2382 }
2383 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2384 !ssid->dpp_csign) {
2385 wpa_printf(MSG_DEBUG,
2386 "DPP: Profile not found for network introduction");
2387 return;
2388 }
2389
2390 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
2391 &trans_id_len);
2392 if (!trans_id || trans_id_len != 1) {
2393 wpa_printf(MSG_DEBUG,
2394 "DPP: Peer did not include Transaction ID");
2395 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2396 " fail=missing_transaction_id", MAC2STR(src));
2397 goto fail;
2398 }
2399 if (trans_id[0] != TRANSACTION_ID) {
2400 wpa_printf(MSG_DEBUG,
2401 "DPP: Ignore frame with unexpected Transaction ID %u",
2402 trans_id[0]);
2403 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2404 " fail=transaction_id_mismatch", MAC2STR(src));
2405 goto fail;
2406 }
2407
2408 status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len);
2409 if (!status || status_len != 1) {
2410 wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status");
2411 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2412 " fail=missing_status", MAC2STR(src));
2413 goto fail;
2414 }
2415 if (status[0] != DPP_STATUS_OK) {
2416 wpa_printf(MSG_DEBUG,
2417 "DPP: Peer rejected network introduction: Status %u",
2418 status[0]);
2419 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2420 " status=%u", MAC2STR(src), status[0]);
2421 #ifdef CONFIG_DPP2
2422 wpas_dpp_send_conn_status_result(wpa_s, status[0]);
2423 #endif /* CONFIG_DPP2 */
2424 goto fail;
2425 }
2426
2427 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
2428 if (!connector) {
2429 wpa_printf(MSG_DEBUG,
2430 "DPP: Peer did not include its Connector");
2431 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2432 " fail=missing_connector", MAC2STR(src));
2433 goto fail;
2434 }
2435
2436 res = dpp_peer_intro(&intro, ssid->dpp_connector,
2437 ssid->dpp_netaccesskey,
2438 ssid->dpp_netaccesskey_len,
2439 ssid->dpp_csign,
2440 ssid->dpp_csign_len,
2441 connector, connector_len, &expiry);
2442 if (res != DPP_STATUS_OK) {
2443 wpa_printf(MSG_INFO,
2444 "DPP: Network Introduction protocol resulted in failure");
2445 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2446 " fail=peer_connector_validation_failed", MAC2STR(src));
2447 #ifdef CONFIG_DPP2
2448 wpas_dpp_send_conn_status_result(wpa_s, res);
2449 #endif /* CONFIG_DPP2 */
2450 goto fail;
2451 }
2452
2453 entry = os_zalloc(sizeof(*entry));
2454 if (!entry)
2455 goto fail;
2456 os_memcpy(entry->aa, src, ETH_ALEN);
2457 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
2458 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
2459 entry->pmk_len = intro.pmk_len;
2460 entry->akmp = WPA_KEY_MGMT_DPP;
2461 #ifdef CONFIG_DPP2
2462 version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
2463 &version_len);
2464 if (version && version_len >= 1)
2465 peer_version = version[0];
2466 #ifdef CONFIG_DPP3
2467 if (intro.peer_version && intro.peer_version >= 2 &&
2468 peer_version != intro.peer_version) {
2469 wpa_printf(MSG_INFO,
2470 "DPP: Protocol version mismatch (Connector: %d Attribute: %d",
2471 intro.peer_version, peer_version);
2472 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
2473 goto fail;
2474 }
2475 #endif /* CONFIG_DPP3 */
2476 entry->dpp_pfs = peer_version >= 2;
2477 #endif /* CONFIG_DPP2 */
2478 if (expiry) {
2479 os_get_time(&now);
2480 seconds = expiry - now.sec;
2481 } else {
2482 seconds = 86400 * 7;
2483 }
2484 os_get_reltime(&rnow);
2485 entry->expiration = rnow.sec + seconds;
2486 entry->reauth_time = rnow.sec + seconds;
2487 entry->network_ctx = ssid;
2488 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
2489
2490 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2491 " status=%u version=%u", MAC2STR(src), status[0], peer_version);
2492
2493 wpa_printf(MSG_DEBUG,
2494 "DPP: Try connection again after successful network introduction");
2495 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
2496 wpa_supplicant_cancel_sched_scan(wpa_s);
2497 wpa_supplicant_req_scan(wpa_s, 0, 0);
2498 }
2499 fail:
2500 os_memset(&intro, 0, sizeof(intro));
2501 }
2502
2503
wpas_dpp_allow_ir(struct wpa_supplicant * wpa_s,unsigned int freq)2504 static int wpas_dpp_allow_ir(struct wpa_supplicant *wpa_s, unsigned int freq)
2505 {
2506 int i, j;
2507
2508 if (!wpa_s->hw.modes)
2509 return -1;
2510
2511 for (i = 0; i < wpa_s->hw.num_modes; i++) {
2512 struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
2513
2514 for (j = 0; j < mode->num_channels; j++) {
2515 struct hostapd_channel_data *chan = &mode->channels[j];
2516
2517 if (chan->freq != (int) freq)
2518 continue;
2519
2520 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2521 HOSTAPD_CHAN_NO_IR |
2522 HOSTAPD_CHAN_RADAR))
2523 continue;
2524
2525 return 1;
2526 }
2527 }
2528
2529 wpa_printf(MSG_DEBUG,
2530 "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list",
2531 freq);
2532
2533 return 0;
2534 }
2535
2536
wpas_dpp_pkex_next_channel(struct wpa_supplicant * wpa_s,struct dpp_pkex * pkex)2537 static int wpas_dpp_pkex_next_channel(struct wpa_supplicant *wpa_s,
2538 struct dpp_pkex *pkex)
2539 {
2540 if (pkex->freq == 2437)
2541 pkex->freq = 5745;
2542 else if (pkex->freq == 5745)
2543 pkex->freq = 5220;
2544 else if (pkex->freq == 5220)
2545 pkex->freq = 60480;
2546 else
2547 return -1; /* no more channels to try */
2548
2549 if (wpas_dpp_allow_ir(wpa_s, pkex->freq) == 1) {
2550 wpa_printf(MSG_DEBUG, "DPP: Try to initiate on %u MHz",
2551 pkex->freq);
2552 return 0;
2553 }
2554
2555 /* Could not use this channel - try the next one */
2556 return wpas_dpp_pkex_next_channel(wpa_s, pkex);
2557 }
2558
2559
wpas_dpp_pkex_retry_timeout(void * eloop_ctx,void * timeout_ctx)2560 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx)
2561 {
2562 struct wpa_supplicant *wpa_s = eloop_ctx;
2563 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
2564
2565 if (!pkex || !pkex->exchange_req)
2566 return;
2567 if (pkex->exch_req_tries >= 5) {
2568 if (wpas_dpp_pkex_next_channel(wpa_s, pkex) < 0) {
2569 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2570 "No response from PKEX peer");
2571 dpp_pkex_free(pkex);
2572 wpa_s->dpp_pkex = NULL;
2573 return;
2574 }
2575 pkex->exch_req_tries = 0;
2576 }
2577
2578 pkex->exch_req_tries++;
2579 wpa_printf(MSG_DEBUG, "DPP: Retransmit PKEX Exchange Request (try %u)",
2580 pkex->exch_req_tries);
2581 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2582 MAC2STR(broadcast), pkex->freq,
2583 pkex->v2 ? DPP_PA_PKEX_EXCHANGE_REQ :
2584 DPP_PA_PKEX_V1_EXCHANGE_REQ);
2585 offchannel_send_action(wpa_s, pkex->freq, broadcast,
2586 wpa_s->own_addr, broadcast,
2587 wpabuf_head(pkex->exchange_req),
2588 wpabuf_len(pkex->exchange_req),
2589 pkex->exch_req_wait_time,
2590 wpas_dpp_tx_pkex_status, 0);
2591 }
2592
2593
2594 static void
wpas_dpp_tx_pkex_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)2595 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
2596 unsigned int freq, const u8 *dst,
2597 const u8 *src, const u8 *bssid,
2598 const u8 *data, size_t data_len,
2599 enum offchannel_send_action_result result)
2600 {
2601 const char *res_txt;
2602 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
2603
2604 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
2605 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
2606 "FAILED");
2607 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
2608 " result=%s (PKEX)",
2609 freq, MAC2STR(dst), res_txt);
2610 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
2611 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
2612
2613 if (!pkex) {
2614 wpa_printf(MSG_DEBUG,
2615 "DPP: Ignore TX status since there is no ongoing PKEX exchange");
2616 return;
2617 }
2618
2619 if (pkex->failed) {
2620 wpa_printf(MSG_DEBUG,
2621 "DPP: Terminate PKEX exchange due to an earlier error");
2622 if (pkex->t > pkex->own_bi->pkex_t)
2623 pkex->own_bi->pkex_t = pkex->t;
2624 dpp_pkex_free(pkex);
2625 wpa_s->dpp_pkex = NULL;
2626 return;
2627 }
2628
2629 if (pkex->exch_req_wait_time && pkex->exchange_req) {
2630 /* Wait for PKEX Exchange Response frame and retry request if
2631 * no response is seen. */
2632 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
2633 eloop_register_timeout(pkex->exch_req_wait_time / 1000,
2634 (pkex->exch_req_wait_time % 1000) * 1000,
2635 wpas_dpp_pkex_retry_timeout, wpa_s,
2636 NULL);
2637 }
2638 }
2639
2640
2641 static void
wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq,bool v2)2642 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
2643 const u8 *buf, size_t len, unsigned int freq,
2644 bool v2)
2645 {
2646 struct wpabuf *msg;
2647 unsigned int wait_time;
2648
2649 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
2650 MAC2STR(src));
2651
2652 /* TODO: Support multiple PKEX codes by iterating over all the enabled
2653 * values here */
2654
2655 if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) {
2656 wpa_printf(MSG_DEBUG,
2657 "DPP: No PKEX code configured - ignore request");
2658 return;
2659 }
2660
2661 if (wpa_s->dpp_pkex) {
2662 /* TODO: Support parallel operations */
2663 wpa_printf(MSG_DEBUG,
2664 "DPP: Already in PKEX session - ignore new request");
2665 return;
2666 }
2667
2668 wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi,
2669 wpa_s->own_addr, src,
2670 wpa_s->dpp_pkex_identifier,
2671 wpa_s->dpp_pkex_code,
2672 buf, len, v2);
2673 if (!wpa_s->dpp_pkex) {
2674 wpa_printf(MSG_DEBUG,
2675 "DPP: Failed to process the request - ignore it");
2676 return;
2677 }
2678
2679 msg = wpa_s->dpp_pkex->exchange_resp;
2680 wait_time = wpa_s->max_remain_on_chan;
2681 if (wait_time > 2000)
2682 wait_time = 2000;
2683 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2684 MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP);
2685 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
2686 broadcast,
2687 wpabuf_head(msg), wpabuf_len(msg),
2688 wait_time, wpas_dpp_tx_pkex_status, 0);
2689 }
2690
2691
2692 static void
wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq)2693 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2694 const u8 *buf, size_t len, unsigned int freq)
2695 {
2696 struct wpabuf *msg;
2697 unsigned int wait_time;
2698
2699 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
2700 MAC2STR(src));
2701
2702 /* TODO: Support multiple PKEX codes by iterating over all the enabled
2703 * values here */
2704
2705 if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator ||
2706 wpa_s->dpp_pkex->exchange_done) {
2707 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
2708 return;
2709 }
2710
2711 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
2712 wpa_s->dpp_pkex->exch_req_wait_time = 0;
2713
2714 msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, src, buf, len);
2715 if (!msg) {
2716 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
2717 return;
2718 }
2719
2720 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
2721 MAC2STR(src));
2722
2723 wait_time = wpa_s->max_remain_on_chan;
2724 if (wait_time > 2000)
2725 wait_time = 2000;
2726 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2727 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ);
2728 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
2729 broadcast,
2730 wpabuf_head(msg), wpabuf_len(msg),
2731 wait_time, wpas_dpp_tx_pkex_status, 0);
2732 wpabuf_free(msg);
2733 }
2734
2735
2736 static struct dpp_bootstrap_info *
wpas_dpp_pkex_finish(struct wpa_supplicant * wpa_s,const u8 * peer,unsigned int freq)2737 wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer,
2738 unsigned int freq)
2739 {
2740 struct dpp_bootstrap_info *bi;
2741
2742 bi = dpp_pkex_finish(wpa_s->dpp, wpa_s->dpp_pkex, peer, freq);
2743 if (!bi)
2744 return NULL;
2745 wpa_s->dpp_pkex = NULL;
2746 return bi;
2747 }
2748
2749
2750 static void
wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2751 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
2752 const u8 *hdr, const u8 *buf, size_t len,
2753 unsigned int freq)
2754 {
2755 struct wpabuf *msg;
2756 unsigned int wait_time;
2757 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
2758
2759 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
2760 MAC2STR(src));
2761
2762 if (!pkex || pkex->initiator || !pkex->exchange_done) {
2763 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
2764 return;
2765 }
2766
2767 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
2768 if (!msg) {
2769 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
2770 if (pkex->failed) {
2771 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
2772 if (pkex->t > pkex->own_bi->pkex_t)
2773 pkex->own_bi->pkex_t = pkex->t;
2774 dpp_pkex_free(wpa_s->dpp_pkex);
2775 wpa_s->dpp_pkex = NULL;
2776 }
2777 return;
2778 }
2779
2780 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
2781 MACSTR, MAC2STR(src));
2782
2783 wait_time = wpa_s->max_remain_on_chan;
2784 if (wait_time > 2000)
2785 wait_time = 2000;
2786 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2787 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP);
2788 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
2789 broadcast,
2790 wpabuf_head(msg), wpabuf_len(msg),
2791 wait_time, wpas_dpp_tx_pkex_status, 0);
2792 wpabuf_free(msg);
2793
2794 wpas_dpp_pkex_finish(wpa_s, src, freq);
2795 }
2796
2797
2798 static void
wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2799 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2800 const u8 *hdr, const u8 *buf, size_t len,
2801 unsigned int freq)
2802 {
2803 int res;
2804 struct dpp_bootstrap_info *bi;
2805 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
2806 char cmd[500];
2807
2808 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
2809 MAC2STR(src));
2810
2811 if (!pkex || !pkex->initiator || !pkex->exchange_done) {
2812 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
2813 return;
2814 }
2815
2816 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
2817 if (res < 0) {
2818 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
2819 return;
2820 }
2821
2822 bi = wpas_dpp_pkex_finish(wpa_s, src, freq);
2823 if (!bi)
2824 return;
2825
2826 os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
2827 bi->id,
2828 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
2829 wpa_printf(MSG_DEBUG,
2830 "DPP: Start authentication after PKEX with parameters: %s",
2831 cmd);
2832 if (wpas_dpp_auth_init(wpa_s, cmd) < 0) {
2833 wpa_printf(MSG_DEBUG,
2834 "DPP: Authentication initialization failed");
2835 offchannel_send_action_done(wpa_s);
2836 return;
2837 }
2838 }
2839
2840
wpas_dpp_rx_action(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq)2841 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
2842 const u8 *buf, size_t len, unsigned int freq)
2843 {
2844 u8 crypto_suite;
2845 enum dpp_public_action_frame_type type;
2846 const u8 *hdr;
2847 unsigned int pkex_t;
2848
2849 if (len < DPP_HDR_LEN)
2850 return;
2851 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
2852 return;
2853 hdr = buf;
2854 buf += 4;
2855 len -= 4;
2856 crypto_suite = *buf++;
2857 type = *buf++;
2858 len -= 2;
2859
2860 wpa_printf(MSG_DEBUG,
2861 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
2862 MACSTR " freq=%u",
2863 crypto_suite, type, MAC2STR(src), freq);
2864 if (crypto_suite != 1) {
2865 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
2866 crypto_suite);
2867 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
2868 " freq=%u type=%d ignore=unsupported-crypto-suite",
2869 MAC2STR(src), freq, type);
2870 return;
2871 }
2872 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
2873 if (dpp_check_attrs(buf, len) < 0) {
2874 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
2875 " freq=%u type=%d ignore=invalid-attributes",
2876 MAC2STR(src), freq, type);
2877 return;
2878 }
2879 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d",
2880 MAC2STR(src), freq, type);
2881
2882 switch (type) {
2883 case DPP_PA_AUTHENTICATION_REQ:
2884 wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
2885 break;
2886 case DPP_PA_AUTHENTICATION_RESP:
2887 wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq);
2888 break;
2889 case DPP_PA_AUTHENTICATION_CONF:
2890 wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
2891 break;
2892 case DPP_PA_PEER_DISCOVERY_RESP:
2893 wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
2894 break;
2895 #ifdef CONFIG_DPP3
2896 case DPP_PA_PKEX_EXCHANGE_REQ:
2897 /* This is for PKEXv2, but for now, process only with
2898 * CONFIG_DPP3 to avoid issues with a capability that has not
2899 * been tested with other implementations. */
2900 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq, true);
2901 break;
2902 #endif /* CONFIG_DPP3 */
2903 case DPP_PA_PKEX_V1_EXCHANGE_REQ:
2904 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq,
2905 false);
2906 break;
2907 case DPP_PA_PKEX_EXCHANGE_RESP:
2908 wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
2909 break;
2910 case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
2911 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
2912 freq);
2913 break;
2914 case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
2915 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
2916 freq);
2917 break;
2918 #ifdef CONFIG_DPP2
2919 case DPP_PA_CONFIGURATION_RESULT:
2920 wpas_dpp_rx_conf_result(wpa_s, src, hdr, buf, len);
2921 break;
2922 case DPP_PA_CONNECTION_STATUS_RESULT:
2923 wpas_dpp_rx_conn_status_result(wpa_s, src, hdr, buf, len);
2924 break;
2925 case DPP_PA_PRESENCE_ANNOUNCEMENT:
2926 wpas_dpp_rx_presence_announcement(wpa_s, src, hdr, buf, len,
2927 freq);
2928 break;
2929 case DPP_PA_RECONFIG_ANNOUNCEMENT:
2930 wpas_dpp_rx_reconfig_announcement(wpa_s, src, hdr, buf, len,
2931 freq);
2932 break;
2933 case DPP_PA_RECONFIG_AUTH_REQ:
2934 wpas_dpp_rx_reconfig_auth_req(wpa_s, src, hdr, buf, len, freq);
2935 break;
2936 case DPP_PA_RECONFIG_AUTH_RESP:
2937 wpas_dpp_rx_reconfig_auth_resp(wpa_s, src, hdr, buf, len, freq);
2938 break;
2939 case DPP_PA_RECONFIG_AUTH_CONF:
2940 wpas_dpp_rx_reconfig_auth_conf(wpa_s, src, hdr, buf, len, freq);
2941 break;
2942 #endif /* CONFIG_DPP2 */
2943 default:
2944 wpa_printf(MSG_DEBUG,
2945 "DPP: Ignored unsupported frame subtype %d", type);
2946 break;
2947 }
2948
2949 if (wpa_s->dpp_pkex)
2950 pkex_t = wpa_s->dpp_pkex->t;
2951 else if (wpa_s->dpp_pkex_bi)
2952 pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
2953 else
2954 pkex_t = 0;
2955 if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
2956 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
2957 wpas_dpp_pkex_remove(wpa_s, "*");
2958 }
2959 }
2960
2961
2962 static struct wpabuf *
wpas_dpp_gas_req_handler(void * ctx,void * resp_ctx,const u8 * sa,const u8 * query,size_t query_len,u16 * comeback_delay)2963 wpas_dpp_gas_req_handler(void *ctx, void *resp_ctx, const u8 *sa,
2964 const u8 *query, size_t query_len, u16 *comeback_delay)
2965 {
2966 struct wpa_supplicant *wpa_s = ctx;
2967 struct dpp_authentication *auth = wpa_s->dpp_auth;
2968 struct wpabuf *resp;
2969
2970 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
2971 MAC2STR(sa));
2972 if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
2973 os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) {
2974 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
2975 return NULL;
2976 }
2977
2978 if (wpa_s->dpp_auth_ok_on_ack && auth->configurator) {
2979 wpa_printf(MSG_DEBUG,
2980 "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request");
2981 /* wpas_dpp_auth_success() would normally have been called from
2982 * TX status handler, but since there was no such handler call
2983 * yet, simply send out the event message and proceed with
2984 * exchange. */
2985 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=1");
2986 wpa_s->dpp_auth_ok_on_ack = 0;
2987 }
2988
2989 wpa_hexdump(MSG_DEBUG,
2990 "DPP: Received Configuration Request (GAS Query Request)",
2991 query, query_len);
2992 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR,
2993 MAC2STR(sa));
2994 resp = dpp_conf_req_rx(auth, query, query_len);
2995
2996 #ifdef CONFIG_DPP2
2997 if (!resp && auth->waiting_cert) {
2998 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready");
2999 auth->cert_resp_ctx = resp_ctx;
3000 *comeback_delay = 500;
3001 return NULL;
3002 }
3003 #endif /* CONFIG_DPP2 */
3004
3005 if (!resp)
3006 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
3007 auth->conf_resp = resp;
3008 auth->gas_server_ctx = resp_ctx;
3009 return resp;
3010 }
3011
3012
3013 static void
wpas_dpp_gas_status_handler(void * ctx,struct wpabuf * resp,int ok)3014 wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
3015 {
3016 struct wpa_supplicant *wpa_s = ctx;
3017 struct dpp_authentication *auth = wpa_s->dpp_auth;
3018
3019 if (!auth) {
3020 wpabuf_free(resp);
3021 return;
3022 }
3023 if (auth->conf_resp != resp) {
3024 wpa_printf(MSG_DEBUG,
3025 "DPP: Ignore GAS status report (ok=%d) for unknown response",
3026 ok);
3027 wpabuf_free(resp);
3028 return;
3029 }
3030
3031 #ifdef CONFIG_DPP2
3032 if (auth->waiting_csr && ok) {
3033 wpa_printf(MSG_DEBUG, "DPP: Waiting for CSR");
3034 wpabuf_free(resp);
3035 return;
3036 }
3037 #endif /* CONFIG_DPP2 */
3038
3039 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
3040 ok);
3041 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
3042 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
3043 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
3044 #ifdef CONFIG_DPP2
3045 if (ok && auth->peer_version >= 2 &&
3046 auth->conf_resp_status == DPP_STATUS_OK &&
3047 !auth->waiting_conf_result) {
3048 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
3049 auth->waiting_conf_result = 1;
3050 auth->conf_resp = NULL;
3051 wpabuf_free(resp);
3052 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
3053 wpa_s, NULL);
3054 eloop_register_timeout(2, 0,
3055 wpas_dpp_config_result_wait_timeout,
3056 wpa_s, NULL);
3057 return;
3058 }
3059 #endif /* CONFIG_DPP2 */
3060 offchannel_send_action_done(wpa_s);
3061 wpas_dpp_listen_stop(wpa_s);
3062 if (ok)
3063 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
3064 else
3065 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
3066 dpp_auth_deinit(wpa_s->dpp_auth);
3067 wpa_s->dpp_auth = NULL;
3068 wpabuf_free(resp);
3069 }
3070
3071
wpas_dpp_configurator_sign(struct wpa_supplicant * wpa_s,const char * cmd)3072 int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
3073 {
3074 struct dpp_authentication *auth;
3075 int ret = -1;
3076 char *curve = NULL;
3077
3078 auth = dpp_alloc_auth(wpa_s->dpp, wpa_s);
3079 if (!auth)
3080 return -1;
3081
3082 curve = get_param(cmd, " curve=");
3083 wpas_dpp_set_testing_options(wpa_s, auth);
3084 if (dpp_set_configurator(auth, cmd) == 0 &&
3085 dpp_configurator_own_config(auth, curve, 0) == 0)
3086 ret = wpas_dpp_handle_config_obj(wpa_s, auth,
3087 &auth->conf_obj[0]);
3088 if (!ret)
3089 wpas_dpp_post_process_config(wpa_s, auth);
3090
3091 dpp_auth_deinit(auth);
3092 os_free(curve);
3093
3094 return ret;
3095 }
3096
3097
3098 static void
wpas_dpp_tx_introduction_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)3099 wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
3100 unsigned int freq, const u8 *dst,
3101 const u8 *src, const u8 *bssid,
3102 const u8 *data, size_t data_len,
3103 enum offchannel_send_action_result result)
3104 {
3105 const char *res_txt;
3106
3107 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
3108 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
3109 "FAILED");
3110 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
3111 " result=%s (DPP Peer Discovery Request)",
3112 freq, MAC2STR(dst), res_txt);
3113 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
3114 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
3115 /* TODO: Time out wait for response more quickly in error cases? */
3116 }
3117
3118
wpas_dpp_check_connect(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss)3119 int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
3120 struct wpa_bss *bss)
3121 {
3122 struct os_time now;
3123 struct wpabuf *msg;
3124 unsigned int wait_time;
3125 const u8 *rsn;
3126 struct wpa_ie_data ied;
3127 size_t len;
3128
3129 if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
3130 return 0; /* Not using DPP AKM - continue */
3131 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3132 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
3133 !(ied.key_mgmt & WPA_KEY_MGMT_DPP))
3134 return 0; /* AP does not support DPP AKM - continue */
3135 if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid))
3136 return 0; /* PMKSA exists for DPP AKM - continue */
3137
3138 if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
3139 !ssid->dpp_csign) {
3140 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
3141 "missing %s",
3142 !ssid->dpp_connector ? "Connector" :
3143 (!ssid->dpp_netaccesskey ? "netAccessKey" :
3144 "C-sign-key"));
3145 return -1;
3146 }
3147
3148 os_get_time(&now);
3149
3150 if (ssid->dpp_netaccesskey_expiry &&
3151 (os_time_t) ssid->dpp_netaccesskey_expiry < now.sec) {
3152 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
3153 "netAccessKey expired");
3154 return -1;
3155 }
3156
3157 wpa_printf(MSG_DEBUG,
3158 "DPP: Starting network introduction protocol to derive PMKSA for "
3159 MACSTR, MAC2STR(bss->bssid));
3160
3161 len = 5 + 4 + os_strlen(ssid->dpp_connector);
3162 #ifdef CONFIG_DPP2
3163 len += 5;
3164 #endif /* CONFIG_DPP2 */
3165 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ, len);
3166 if (!msg)
3167 return -1;
3168
3169 #ifdef CONFIG_TESTING_OPTIONS
3170 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) {
3171 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
3172 goto skip_trans_id;
3173 }
3174 if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ) {
3175 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID");
3176 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
3177 wpabuf_put_le16(msg, 0);
3178 goto skip_trans_id;
3179 }
3180 #endif /* CONFIG_TESTING_OPTIONS */
3181
3182 /* Transaction ID */
3183 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
3184 wpabuf_put_le16(msg, 1);
3185 wpabuf_put_u8(msg, TRANSACTION_ID);
3186
3187 #ifdef CONFIG_TESTING_OPTIONS
3188 skip_trans_id:
3189 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) {
3190 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
3191 goto skip_connector;
3192 }
3193 if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
3194 char *connector;
3195
3196 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
3197 connector = dpp_corrupt_connector_signature(
3198 ssid->dpp_connector);
3199 if (!connector) {
3200 wpabuf_free(msg);
3201 return -1;
3202 }
3203 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
3204 wpabuf_put_le16(msg, os_strlen(connector));
3205 wpabuf_put_str(msg, connector);
3206 os_free(connector);
3207 goto skip_connector;
3208 }
3209 #endif /* CONFIG_TESTING_OPTIONS */
3210
3211 /* DPP Connector */
3212 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
3213 wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
3214 wpabuf_put_str(msg, ssid->dpp_connector);
3215
3216 #ifdef CONFIG_TESTING_OPTIONS
3217 skip_connector:
3218 if (dpp_test == DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_REQ) {
3219 wpa_printf(MSG_INFO, "DPP: TESTING - no Protocol Version");
3220 goto skip_proto_ver;
3221 }
3222 #endif /* CONFIG_TESTING_OPTIONS */
3223
3224 #ifdef CONFIG_DPP2
3225 if (DPP_VERSION > 1) {
3226 u8 ver = DPP_VERSION;
3227 #ifdef CONFIG_DPP3
3228 int conn_ver;
3229
3230 conn_ver = dpp_get_connector_version(ssid->dpp_connector);
3231 if (conn_ver > 0 && ver != conn_ver) {
3232 wpa_printf(MSG_DEBUG,
3233 "DPP: Use Connector version %d instead of current protocol version %d",
3234 conn_ver, ver);
3235 ver = conn_ver;
3236 }
3237 #endif /* CONFIG_DPP3 */
3238
3239 /* Protocol Version */
3240 wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
3241 wpabuf_put_le16(msg, 1);
3242 wpabuf_put_u8(msg, ver);
3243 }
3244 #endif /* CONFIG_DPP2 */
3245
3246 #ifdef CONFIG_TESTING_OPTIONS
3247 skip_proto_ver:
3248 #endif /* CONFIG_TESTING_OPTIONS */
3249
3250 /* TODO: Timeout on AP response */
3251 wait_time = wpa_s->max_remain_on_chan;
3252 if (wait_time > 2000)
3253 wait_time = 2000;
3254 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3255 MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ);
3256 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
3257 broadcast,
3258 wpabuf_head(msg), wpabuf_len(msg),
3259 wait_time, wpas_dpp_tx_introduction_status, 0);
3260 wpabuf_free(msg);
3261
3262 /* Request this connection attempt to terminate - new one will be
3263 * started when network introduction protocol completes */
3264 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
3265 wpa_s->dpp_intro_network = ssid;
3266 return 1;
3267 }
3268
3269
wpas_dpp_pkex_add(struct wpa_supplicant * wpa_s,const char * cmd)3270 int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
3271 {
3272 struct dpp_bootstrap_info *own_bi;
3273 const char *pos, *end;
3274 unsigned int wait_time;
3275
3276 pos = os_strstr(cmd, " own=");
3277 if (!pos)
3278 return -1;
3279 pos += 5;
3280 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
3281 if (!own_bi) {
3282 wpa_printf(MSG_DEBUG,
3283 "DPP: Identified bootstrap info not found");
3284 return -1;
3285 }
3286 if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
3287 wpa_printf(MSG_DEBUG,
3288 "DPP: Identified bootstrap info not for PKEX");
3289 return -1;
3290 }
3291 wpa_s->dpp_pkex_bi = own_bi;
3292 own_bi->pkex_t = 0; /* clear pending errors on new code */
3293
3294 os_free(wpa_s->dpp_pkex_identifier);
3295 wpa_s->dpp_pkex_identifier = NULL;
3296 pos = os_strstr(cmd, " identifier=");
3297 if (pos) {
3298 pos += 12;
3299 end = os_strchr(pos, ' ');
3300 if (!end)
3301 return -1;
3302 wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1);
3303 if (!wpa_s->dpp_pkex_identifier)
3304 return -1;
3305 os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos);
3306 wpa_s->dpp_pkex_identifier[end - pos] = '\0';
3307 }
3308
3309 pos = os_strstr(cmd, " code=");
3310 if (!pos)
3311 return -1;
3312 os_free(wpa_s->dpp_pkex_code);
3313 wpa_s->dpp_pkex_code = os_strdup(pos + 6);
3314 if (!wpa_s->dpp_pkex_code)
3315 return -1;
3316
3317 if (os_strstr(cmd, " init=1") || os_strstr(cmd, " init=2")) {
3318 struct dpp_pkex *pkex;
3319 struct wpabuf *msg;
3320 bool v2 = os_strstr(cmd, " init=2") != NULL;
3321
3322 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEX");
3323 dpp_pkex_free(wpa_s->dpp_pkex);
3324 wpa_s->dpp_pkex = dpp_pkex_init(wpa_s, own_bi, wpa_s->own_addr,
3325 wpa_s->dpp_pkex_identifier,
3326 wpa_s->dpp_pkex_code, v2);
3327 pkex = wpa_s->dpp_pkex;
3328 if (!pkex)
3329 return -1;
3330
3331 msg = pkex->exchange_req;
3332 wait_time = wpa_s->max_remain_on_chan;
3333 if (wait_time > 2000)
3334 wait_time = 2000;
3335 pkex->freq = 2437;
3336 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
3337 " freq=%u type=%d",
3338 MAC2STR(broadcast), pkex->freq,
3339 v2 ? DPP_PA_PKEX_EXCHANGE_REQ :
3340 DPP_PA_PKEX_V1_EXCHANGE_REQ);
3341 offchannel_send_action(wpa_s, pkex->freq, broadcast,
3342 wpa_s->own_addr, broadcast,
3343 wpabuf_head(msg), wpabuf_len(msg),
3344 wait_time, wpas_dpp_tx_pkex_status, 0);
3345 if (wait_time == 0)
3346 wait_time = 2000;
3347 pkex->exch_req_wait_time = wait_time;
3348 pkex->exch_req_tries = 1;
3349 }
3350
3351 /* TODO: Support multiple PKEX info entries */
3352
3353 os_free(wpa_s->dpp_pkex_auth_cmd);
3354 wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd);
3355
3356 return 1;
3357 }
3358
3359
wpas_dpp_pkex_remove(struct wpa_supplicant * wpa_s,const char * id)3360 int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id)
3361 {
3362 unsigned int id_val;
3363
3364 if (os_strcmp(id, "*") == 0) {
3365 id_val = 0;
3366 } else {
3367 id_val = atoi(id);
3368 if (id_val == 0)
3369 return -1;
3370 }
3371
3372 if ((id_val != 0 && id_val != 1) || !wpa_s->dpp_pkex_code)
3373 return -1;
3374
3375 /* TODO: Support multiple PKEX entries */
3376 os_free(wpa_s->dpp_pkex_code);
3377 wpa_s->dpp_pkex_code = NULL;
3378 os_free(wpa_s->dpp_pkex_identifier);
3379 wpa_s->dpp_pkex_identifier = NULL;
3380 os_free(wpa_s->dpp_pkex_auth_cmd);
3381 wpa_s->dpp_pkex_auth_cmd = NULL;
3382 wpa_s->dpp_pkex_bi = NULL;
3383 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
3384 dpp_pkex_free(wpa_s->dpp_pkex);
3385 wpa_s->dpp_pkex = NULL;
3386 return 0;
3387 }
3388
3389
wpas_dpp_stop(struct wpa_supplicant * wpa_s)3390 void wpas_dpp_stop(struct wpa_supplicant *wpa_s)
3391 {
3392 if (wpa_s->dpp_auth || wpa_s->dpp_pkex)
3393 offchannel_send_action_done(wpa_s);
3394 dpp_auth_deinit(wpa_s->dpp_auth);
3395 wpa_s->dpp_auth = NULL;
3396 dpp_pkex_free(wpa_s->dpp_pkex);
3397 wpa_s->dpp_pkex = NULL;
3398 if (wpa_s->dpp_gas_client && wpa_s->dpp_gas_dialog_token >= 0)
3399 gas_query_stop(wpa_s->gas, wpa_s->dpp_gas_dialog_token);
3400 }
3401
3402
wpas_dpp_init(struct wpa_supplicant * wpa_s)3403 int wpas_dpp_init(struct wpa_supplicant *wpa_s)
3404 {
3405 struct dpp_global_config config;
3406 u8 adv_proto_id[7];
3407
3408 adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
3409 adv_proto_id[1] = 5;
3410 WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
3411 adv_proto_id[5] = DPP_OUI_TYPE;
3412 adv_proto_id[6] = 0x01;
3413
3414 if (gas_server_register(wpa_s->gas_server, adv_proto_id,
3415 sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
3416 wpas_dpp_gas_status_handler, wpa_s) < 0)
3417 return -1;
3418
3419 os_memset(&config, 0, sizeof(config));
3420 config.cb_ctx = wpa_s;
3421 #ifdef CONFIG_DPP2
3422 config.remove_bi = wpas_dpp_remove_bi;
3423 #endif /* CONFIG_DPP2 */
3424 wpa_s->dpp = dpp_global_init(&config);
3425 return wpa_s->dpp ? 0 : -1;
3426 }
3427
3428
wpas_dpp_deinit(struct wpa_supplicant * wpa_s)3429 void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
3430 {
3431 #ifdef CONFIG_TESTING_OPTIONS
3432 os_free(wpa_s->dpp_config_obj_override);
3433 wpa_s->dpp_config_obj_override = NULL;
3434 os_free(wpa_s->dpp_discovery_override);
3435 wpa_s->dpp_discovery_override = NULL;
3436 os_free(wpa_s->dpp_groups_override);
3437 wpa_s->dpp_groups_override = NULL;
3438 wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
3439 #endif /* CONFIG_TESTING_OPTIONS */
3440 if (!wpa_s->dpp)
3441 return;
3442 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
3443 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
3444 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
3445 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
3446 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
3447 #ifdef CONFIG_DPP2
3448 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
3449 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
3450 wpa_s, NULL);
3451 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
3452 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
3453 wpa_s, NULL);
3454 eloop_cancel_timeout(wpas_dpp_build_csr, wpa_s, NULL);
3455 dpp_pfs_free(wpa_s->dpp_pfs);
3456 wpa_s->dpp_pfs = NULL;
3457 wpas_dpp_chirp_stop(wpa_s);
3458 dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
3459 wpa_s->dpp_reconfig_id = NULL;
3460 #endif /* CONFIG_DPP2 */
3461 offchannel_send_action_done(wpa_s);
3462 wpas_dpp_listen_stop(wpa_s);
3463 wpas_dpp_stop(wpa_s);
3464 wpas_dpp_pkex_remove(wpa_s, "*");
3465 os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
3466 os_free(wpa_s->dpp_configurator_params);
3467 wpa_s->dpp_configurator_params = NULL;
3468 dpp_global_clear(wpa_s->dpp);
3469 }
3470
3471
3472 #ifdef CONFIG_DPP2
3473
wpas_dpp_controller_start(struct wpa_supplicant * wpa_s,const char * cmd)3474 int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd)
3475 {
3476 struct dpp_controller_config config;
3477 const char *pos;
3478
3479 os_memset(&config, 0, sizeof(config));
3480 config.allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR;
3481 config.netrole = DPP_NETROLE_STA;
3482 config.msg_ctx = wpa_s;
3483 config.cb_ctx = wpa_s;
3484 config.process_conf_obj = wpas_dpp_process_conf_obj;
3485 if (cmd) {
3486 pos = os_strstr(cmd, " tcp_port=");
3487 if (pos) {
3488 pos += 10;
3489 config.tcp_port = atoi(pos);
3490 }
3491
3492 pos = os_strstr(cmd, " role=");
3493 if (pos) {
3494 pos += 6;
3495 if (os_strncmp(pos, "configurator", 12) == 0)
3496 config.allowed_roles = DPP_CAPAB_CONFIGURATOR;
3497 else if (os_strncmp(pos, "enrollee", 8) == 0)
3498 config.allowed_roles = DPP_CAPAB_ENROLLEE;
3499 else if (os_strncmp(pos, "either", 6) == 0)
3500 config.allowed_roles = DPP_CAPAB_CONFIGURATOR |
3501 DPP_CAPAB_ENROLLEE;
3502 else
3503 return -1;
3504 }
3505
3506 config.qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
3507 }
3508 config.configurator_params = wpa_s->dpp_configurator_params;
3509 return dpp_controller_start(wpa_s->dpp, &config);
3510 }
3511
3512
3513 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx);
3514
wpas_dpp_chirp_timeout(void * eloop_ctx,void * timeout_ctx)3515 static void wpas_dpp_chirp_timeout(void *eloop_ctx, void *timeout_ctx)
3516 {
3517 struct wpa_supplicant *wpa_s = eloop_ctx;
3518
3519 wpa_printf(MSG_DEBUG, "DPP: No chirp response received");
3520 offchannel_send_action_done(wpa_s);
3521 wpas_dpp_chirp_next(wpa_s, NULL);
3522 }
3523
3524
wpas_dpp_chirp_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)3525 static void wpas_dpp_chirp_tx_status(struct wpa_supplicant *wpa_s,
3526 unsigned int freq, const u8 *dst,
3527 const u8 *src, const u8 *bssid,
3528 const u8 *data, size_t data_len,
3529 enum offchannel_send_action_result result)
3530 {
3531 if (result == OFFCHANNEL_SEND_ACTION_FAILED) {
3532 wpa_printf(MSG_DEBUG, "DPP: Failed to send chirp on %d MHz",
3533 wpa_s->dpp_chirp_freq);
3534 if (eloop_register_timeout(0, 0, wpas_dpp_chirp_next,
3535 wpa_s, NULL) < 0)
3536 wpas_dpp_chirp_stop(wpa_s);
3537 return;
3538 }
3539
3540 wpa_printf(MSG_DEBUG, "DPP: Chirp send completed - wait for response");
3541 if (eloop_register_timeout(2, 0, wpas_dpp_chirp_timeout,
3542 wpa_s, NULL) < 0)
3543 wpas_dpp_chirp_stop(wpa_s);
3544 }
3545
3546
wpas_dpp_chirp_start(struct wpa_supplicant * wpa_s)3547 static void wpas_dpp_chirp_start(struct wpa_supplicant *wpa_s)
3548 {
3549 struct wpabuf *msg, *announce = NULL;
3550 int type;
3551
3552 msg = wpa_s->dpp_presence_announcement;
3553 type = DPP_PA_PRESENCE_ANNOUNCEMENT;
3554 if (!msg) {
3555 struct wpa_ssid *ssid = wpa_s->dpp_reconfig_ssid;
3556
3557 if (ssid && wpa_s->dpp_reconfig_id &&
3558 wpa_config_get_network(wpa_s->conf,
3559 wpa_s->dpp_reconfig_ssid_id) ==
3560 ssid) {
3561 announce = dpp_build_reconfig_announcement(
3562 ssid->dpp_csign,
3563 ssid->dpp_csign_len,
3564 ssid->dpp_netaccesskey,
3565 ssid->dpp_netaccesskey_len,
3566 wpa_s->dpp_reconfig_id);
3567 msg = announce;
3568 }
3569 if (!msg)
3570 return;
3571 type = DPP_PA_RECONFIG_ANNOUNCEMENT;
3572 }
3573 wpa_printf(MSG_DEBUG, "DPP: Chirp on %d MHz", wpa_s->dpp_chirp_freq);
3574 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3575 MAC2STR(broadcast), wpa_s->dpp_chirp_freq, type);
3576 if (offchannel_send_action(
3577 wpa_s, wpa_s->dpp_chirp_freq, broadcast,
3578 wpa_s->own_addr, broadcast,
3579 wpabuf_head(msg), wpabuf_len(msg),
3580 2000, wpas_dpp_chirp_tx_status, 0) < 0)
3581 wpas_dpp_chirp_stop(wpa_s);
3582
3583 wpabuf_free(announce);
3584 }
3585
3586
wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant * wpa_s,struct wpa_scan_results * scan_res)3587 static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s,
3588 struct wpa_scan_results *scan_res)
3589 {
3590 struct dpp_bootstrap_info *bi = wpa_s->dpp_chirp_bi;
3591 unsigned int i;
3592 struct hostapd_hw_modes *mode;
3593 int c;
3594 struct wpa_bss *bss;
3595 bool chan6 = wpa_s->hw.modes == NULL;
3596
3597 if (!bi && !wpa_s->dpp_reconfig_ssid)
3598 return;
3599
3600 wpa_s->dpp_chirp_scan_done = 1;
3601
3602 os_free(wpa_s->dpp_chirp_freqs);
3603 wpa_s->dpp_chirp_freqs = NULL;
3604
3605 /* Channels from own bootstrapping info */
3606 if (bi) {
3607 for (i = 0; i < bi->num_freq; i++)
3608 int_array_add_unique(&wpa_s->dpp_chirp_freqs,
3609 bi->freq[i]);
3610 }
3611
3612 /* Preferred chirping channels */
3613 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
3614 HOSTAPD_MODE_IEEE80211G, false);
3615 if (mode) {
3616 for (c = 0; c < mode->num_channels; c++) {
3617 struct hostapd_channel_data *chan = &mode->channels[c];
3618
3619 if ((chan->flag & HOSTAPD_CHAN_DISABLED) ||
3620 chan->freq != 2437)
3621 continue;
3622 chan6 = true;
3623 break;
3624 }
3625 }
3626 if (chan6)
3627 int_array_add_unique(&wpa_s->dpp_chirp_freqs, 2437);
3628
3629 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
3630 HOSTAPD_MODE_IEEE80211A, false);
3631 if (mode) {
3632 int chan44 = 0, chan149 = 0;
3633
3634 for (c = 0; c < mode->num_channels; c++) {
3635 struct hostapd_channel_data *chan = &mode->channels[c];
3636
3637 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
3638 HOSTAPD_CHAN_RADAR))
3639 continue;
3640 if (chan->freq == 5220)
3641 chan44 = 1;
3642 if (chan->freq == 5745)
3643 chan149 = 1;
3644 }
3645 if (chan149)
3646 int_array_add_unique(&wpa_s->dpp_chirp_freqs, 5745);
3647 else if (chan44)
3648 int_array_add_unique(&wpa_s->dpp_chirp_freqs, 5220);
3649 }
3650
3651 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
3652 HOSTAPD_MODE_IEEE80211AD, false);
3653 if (mode) {
3654 for (c = 0; c < mode->num_channels; c++) {
3655 struct hostapd_channel_data *chan = &mode->channels[c];
3656
3657 if ((chan->flag & (HOSTAPD_CHAN_DISABLED |
3658 HOSTAPD_CHAN_RADAR)) ||
3659 chan->freq != 60480)
3660 continue;
3661 int_array_add_unique(&wpa_s->dpp_chirp_freqs, 60480);
3662 break;
3663 }
3664 }
3665
3666 /* Add channels from scan results for APs that advertise Configurator
3667 * Connectivity element */
3668 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
3669 if (wpa_bss_get_vendor_ie(bss, DPP_CC_IE_VENDOR_TYPE))
3670 int_array_add_unique(&wpa_s->dpp_chirp_freqs,
3671 bss->freq);
3672 }
3673
3674 if (!wpa_s->dpp_chirp_freqs ||
3675 eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL) < 0)
3676 wpas_dpp_chirp_stop(wpa_s);
3677 }
3678
3679
wpas_dpp_chirp_next(void * eloop_ctx,void * timeout_ctx)3680 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx)
3681 {
3682 struct wpa_supplicant *wpa_s = eloop_ctx;
3683 int i;
3684
3685 if (wpa_s->dpp_chirp_listen)
3686 wpas_dpp_listen_stop(wpa_s);
3687
3688 if (wpa_s->dpp_chirp_freq == 0) {
3689 if (wpa_s->dpp_chirp_round % 4 == 0 &&
3690 !wpa_s->dpp_chirp_scan_done) {
3691 if (wpas_scan_scheduled(wpa_s)) {
3692 wpa_printf(MSG_DEBUG,
3693 "DPP: Deferring chirp scan because another scan is planned already");
3694 if (eloop_register_timeout(1, 0,
3695 wpas_dpp_chirp_next,
3696 wpa_s, NULL) < 0) {
3697 wpas_dpp_chirp_stop(wpa_s);
3698 return;
3699 }
3700 return;
3701 }
3702 wpa_printf(MSG_DEBUG,
3703 "DPP: Update channel list for chirping");
3704 wpa_s->scan_req = MANUAL_SCAN_REQ;
3705 wpa_s->scan_res_handler =
3706 wpas_dpp_chirp_scan_res_handler;
3707 wpa_supplicant_req_scan(wpa_s, 0, 0);
3708 return;
3709 }
3710 wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[0];
3711 wpa_s->dpp_chirp_round++;
3712 wpa_printf(MSG_DEBUG, "DPP: Start chirping round %d",
3713 wpa_s->dpp_chirp_round);
3714 } else {
3715 for (i = 0; wpa_s->dpp_chirp_freqs[i]; i++)
3716 if (wpa_s->dpp_chirp_freqs[i] == wpa_s->dpp_chirp_freq)
3717 break;
3718 if (!wpa_s->dpp_chirp_freqs[i]) {
3719 wpa_printf(MSG_DEBUG,
3720 "DPP: Previous chirp freq %d not found",
3721 wpa_s->dpp_chirp_freq);
3722 return;
3723 }
3724 i++;
3725 if (wpa_s->dpp_chirp_freqs[i]) {
3726 wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[i];
3727 } else {
3728 wpa_s->dpp_chirp_iter--;
3729 if (wpa_s->dpp_chirp_iter <= 0) {
3730 wpa_printf(MSG_DEBUG,
3731 "DPP: Chirping iterations completed");
3732 wpas_dpp_chirp_stop(wpa_s);
3733 return;
3734 }
3735 wpa_s->dpp_chirp_freq = 0;
3736 wpa_s->dpp_chirp_scan_done = 0;
3737 if (eloop_register_timeout(30, 0, wpas_dpp_chirp_next,
3738 wpa_s, NULL) < 0) {
3739 wpas_dpp_chirp_stop(wpa_s);
3740 return;
3741 }
3742 if (wpa_s->dpp_chirp_listen) {
3743 wpa_printf(MSG_DEBUG,
3744 "DPP: Listen on %d MHz during chirp 30 second wait",
3745 wpa_s->dpp_chirp_listen);
3746 wpas_dpp_listen_start(wpa_s,
3747 wpa_s->dpp_chirp_listen);
3748 } else {
3749 wpa_printf(MSG_DEBUG,
3750 "DPP: Wait 30 seconds before starting the next chirping round");
3751 }
3752 return;
3753 }
3754 }
3755
3756 wpas_dpp_chirp_start(wpa_s);
3757 }
3758
3759
wpas_dpp_chirp(struct wpa_supplicant * wpa_s,const char * cmd)3760 int wpas_dpp_chirp(struct wpa_supplicant *wpa_s, const char *cmd)
3761 {
3762 const char *pos;
3763 int iter = 1, listen_freq = 0;
3764 struct dpp_bootstrap_info *bi;
3765
3766 pos = os_strstr(cmd, " own=");
3767 if (!pos)
3768 return -1;
3769 pos += 5;
3770 bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
3771 if (!bi) {
3772 wpa_printf(MSG_DEBUG,
3773 "DPP: Identified bootstrap info not found");
3774 return -1;
3775 }
3776
3777 pos = os_strstr(cmd, " iter=");
3778 if (pos) {
3779 iter = atoi(pos + 6);
3780 if (iter <= 0)
3781 return -1;
3782 }
3783
3784 pos = os_strstr(cmd, " listen=");
3785 if (pos) {
3786 listen_freq = atoi(pos + 8);
3787 if (listen_freq <= 0)
3788 return -1;
3789 }
3790
3791 wpas_dpp_chirp_stop(wpa_s);
3792 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
3793 wpa_s->dpp_qr_mutual = 0;
3794 wpa_s->dpp_chirp_bi = bi;
3795 wpa_s->dpp_presence_announcement = dpp_build_presence_announcement(bi);
3796 if (!wpa_s->dpp_presence_announcement)
3797 return -1;
3798 wpa_s->dpp_chirp_iter = iter;
3799 wpa_s->dpp_chirp_round = 0;
3800 wpa_s->dpp_chirp_scan_done = 0;
3801 wpa_s->dpp_chirp_listen = listen_freq;
3802
3803 return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
3804 }
3805
3806
wpas_dpp_chirp_stop(struct wpa_supplicant * wpa_s)3807 void wpas_dpp_chirp_stop(struct wpa_supplicant *wpa_s)
3808 {
3809 if (wpa_s->dpp_presence_announcement ||
3810 wpa_s->dpp_reconfig_ssid) {
3811 offchannel_send_action_done(wpa_s);
3812 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CHIRP_STOPPED);
3813 }
3814 wpa_s->dpp_chirp_bi = NULL;
3815 wpabuf_free(wpa_s->dpp_presence_announcement);
3816 wpa_s->dpp_presence_announcement = NULL;
3817 if (wpa_s->dpp_chirp_listen)
3818 wpas_dpp_listen_stop(wpa_s);
3819 wpa_s->dpp_chirp_listen = 0;
3820 wpa_s->dpp_chirp_freq = 0;
3821 os_free(wpa_s->dpp_chirp_freqs);
3822 wpa_s->dpp_chirp_freqs = NULL;
3823 eloop_cancel_timeout(wpas_dpp_chirp_next, wpa_s, NULL);
3824 eloop_cancel_timeout(wpas_dpp_chirp_timeout, wpa_s, NULL);
3825 if (wpa_s->scan_res_handler == wpas_dpp_chirp_scan_res_handler) {
3826 wpas_abort_ongoing_scan(wpa_s);
3827 wpa_s->scan_res_handler = NULL;
3828 }
3829 }
3830
3831
wpas_dpp_reconfig(struct wpa_supplicant * wpa_s,const char * cmd)3832 int wpas_dpp_reconfig(struct wpa_supplicant *wpa_s, const char *cmd)
3833 {
3834 struct wpa_ssid *ssid;
3835 int iter = 1;
3836 const char *pos;
3837
3838 ssid = wpa_config_get_network(wpa_s->conf, atoi(cmd));
3839 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
3840 !ssid->dpp_csign) {
3841 wpa_printf(MSG_DEBUG,
3842 "DPP: Not a valid network profile for reconfiguration");
3843 return -1;
3844 }
3845
3846 pos = os_strstr(cmd, " iter=");
3847 if (pos) {
3848 iter = atoi(pos + 6);
3849 if (iter <= 0)
3850 return -1;
3851 }
3852
3853 if (wpa_s->dpp_auth) {
3854 wpa_printf(MSG_DEBUG,
3855 "DPP: Not ready to start reconfiguration - pending authentication exchange in progress");
3856 return -1;
3857 }
3858
3859 dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
3860 wpa_s->dpp_reconfig_id = dpp_gen_reconfig_id(ssid->dpp_csign,
3861 ssid->dpp_csign_len,
3862 ssid->dpp_pp_key,
3863 ssid->dpp_pp_key_len);
3864 if (!wpa_s->dpp_reconfig_id) {
3865 wpa_printf(MSG_DEBUG,
3866 "DPP: Failed to generate E-id for reconfiguration");
3867 return -1;
3868 }
3869 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
3870 wpa_printf(MSG_DEBUG, "DPP: Disconnect for reconfiguration");
3871 wpa_s->own_disconnect_req = 1;
3872 wpa_supplicant_deauthenticate(
3873 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3874 }
3875 wpas_dpp_chirp_stop(wpa_s);
3876 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
3877 wpa_s->dpp_qr_mutual = 0;
3878 wpa_s->dpp_reconfig_ssid = ssid;
3879 wpa_s->dpp_reconfig_ssid_id = ssid->id;
3880 wpa_s->dpp_chirp_iter = iter;
3881 wpa_s->dpp_chirp_round = 0;
3882 wpa_s->dpp_chirp_scan_done = 0;
3883 wpa_s->dpp_chirp_listen = 0;
3884
3885 return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
3886 }
3887
3888
wpas_dpp_build_conf_resp(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,bool tcp)3889 static int wpas_dpp_build_conf_resp(struct wpa_supplicant *wpa_s,
3890 struct dpp_authentication *auth, bool tcp)
3891 {
3892 struct wpabuf *resp;
3893
3894 resp = dpp_build_conf_resp(auth, auth->e_nonce, auth->curve->nonce_len,
3895 auth->e_netrole, true);
3896 if (!resp)
3897 return -1;
3898
3899 if (tcp) {
3900 auth->conf_resp_tcp = resp;
3901 return 0;
3902 }
3903
3904 if (gas_server_set_resp(wpa_s->gas_server, auth->cert_resp_ctx,
3905 resp) < 0) {
3906 wpa_printf(MSG_DEBUG,
3907 "DPP: Could not find pending GAS response");
3908 wpabuf_free(resp);
3909 return -1;
3910 }
3911 auth->conf_resp = resp;
3912 return 0;
3913 }
3914
3915
wpas_dpp_ca_set(struct wpa_supplicant * wpa_s,const char * cmd)3916 int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd)
3917 {
3918 int peer = -1;
3919 const char *pos, *value;
3920 struct dpp_authentication *auth = wpa_s->dpp_auth;
3921 u8 *bin;
3922 size_t bin_len;
3923 struct wpabuf *buf;
3924 bool tcp = false;
3925
3926 pos = os_strstr(cmd, " peer=");
3927 if (pos) {
3928 peer = atoi(pos + 6);
3929 if (!auth || !auth->waiting_cert ||
3930 (auth->peer_bi &&
3931 (unsigned int) peer != auth->peer_bi->id)) {
3932 auth = dpp_controller_get_auth(wpa_s->dpp, peer);
3933 tcp = true;
3934 }
3935 }
3936
3937 if (!auth || !auth->waiting_cert) {
3938 wpa_printf(MSG_DEBUG,
3939 "DPP: No authentication exchange waiting for certificate information");
3940 return -1;
3941 }
3942
3943 if (peer >= 0 &&
3944 (!auth->peer_bi ||
3945 (unsigned int) peer != auth->peer_bi->id) &&
3946 (!auth->tmp_peer_bi ||
3947 (unsigned int) peer != auth->tmp_peer_bi->id)) {
3948 wpa_printf(MSG_DEBUG, "DPP: Peer mismatch");
3949 return -1;
3950 }
3951
3952 pos = os_strstr(cmd, " value=");
3953 if (!pos)
3954 return -1;
3955 value = pos + 7;
3956
3957 pos = os_strstr(cmd, " name=");
3958 if (!pos)
3959 return -1;
3960 pos += 6;
3961
3962 if (os_strncmp(pos, "status ", 7) == 0) {
3963 auth->force_conf_resp_status = atoi(value);
3964 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
3965 }
3966
3967 if (os_strncmp(pos, "trustedEapServerName ", 21) == 0) {
3968 os_free(auth->trusted_eap_server_name);
3969 auth->trusted_eap_server_name = os_strdup(value);
3970 return auth->trusted_eap_server_name ? 0 : -1;
3971 }
3972
3973 bin = base64_decode(value, os_strlen(value), &bin_len);
3974 if (!bin)
3975 return -1;
3976 buf = wpabuf_alloc_copy(bin, bin_len);
3977 os_free(bin);
3978
3979 if (os_strncmp(pos, "caCert ", 7) == 0) {
3980 wpabuf_free(auth->cacert);
3981 auth->cacert = buf;
3982 return 0;
3983 }
3984
3985 if (os_strncmp(pos, "certBag ", 8) == 0) {
3986 wpabuf_free(auth->certbag);
3987 auth->certbag = buf;
3988 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
3989 }
3990
3991 wpabuf_free(buf);
3992 return -1;
3993 }
3994
3995 #endif /* CONFIG_DPP2 */
3996