1 /* 2 * Wi-Fi Protected Setup - common functionality 3 * Copyright (c) 2008-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "common/defs.h" 13 #include "common/ieee802_11_common.h" 14 #include "crypto/aes_wrap.h" 15 #include "crypto/crypto.h" 16 #include "crypto/dh_group5.h" 17 #include "crypto/sha1.h" 18 #include "crypto/sha256.h" 19 #include "crypto/random.h" 20 #include "wps_i.h" 21 #include "wps_dev_attr.h" 22 23 wps_kdf(const u8 * key,const u8 * label_prefix,size_t label_prefix_len,const char * label,u8 * res,size_t res_len)24 void wps_kdf(const u8 *key, const u8 *label_prefix, size_t label_prefix_len, 25 const char *label, u8 *res, size_t res_len) 26 { 27 u8 i_buf[4], key_bits[4]; 28 const u8 *addr[4]; 29 size_t len[4]; 30 int i, iter; 31 u8 hash[SHA256_MAC_LEN], *opos; 32 size_t left; 33 34 WPA_PUT_BE32(key_bits, res_len * 8); 35 36 addr[0] = i_buf; 37 len[0] = sizeof(i_buf); 38 addr[1] = label_prefix; 39 len[1] = label_prefix_len; 40 addr[2] = (const u8 *) label; 41 len[2] = os_strlen(label); 42 addr[3] = key_bits; 43 len[3] = sizeof(key_bits); 44 45 iter = (res_len + SHA256_MAC_LEN - 1) / SHA256_MAC_LEN; 46 opos = res; 47 left = res_len; 48 49 for (i = 1; i <= iter; i++) { 50 WPA_PUT_BE32(i_buf, i); 51 hmac_sha256_vector(key, SHA256_MAC_LEN, 4, addr, len, hash); 52 if (i < iter) { 53 os_memcpy(opos, hash, SHA256_MAC_LEN); 54 opos += SHA256_MAC_LEN; 55 left -= SHA256_MAC_LEN; 56 } else 57 os_memcpy(opos, hash, left); 58 } 59 } 60 61 wps_derive_keys(struct wps_data * wps)62 int wps_derive_keys(struct wps_data *wps) 63 { 64 struct wpabuf *pubkey, *dh_shared; 65 u8 dhkey[SHA256_MAC_LEN], kdk[SHA256_MAC_LEN]; 66 const u8 *addr[3]; 67 size_t len[3]; 68 u8 keys[WPS_AUTHKEY_LEN + WPS_KEYWRAPKEY_LEN + WPS_EMSK_LEN]; 69 70 if (wps->dh_privkey == NULL) { 71 wpa_printf(MSG_DEBUG, "WPS: Own DH private key not available"); 72 return -1; 73 } 74 75 pubkey = wps->registrar ? wps->dh_pubkey_e : wps->dh_pubkey_r; 76 if (pubkey == NULL) { 77 wpa_printf(MSG_DEBUG, "WPS: Peer DH public key not available"); 78 return -1; 79 } 80 81 wpa_hexdump_buf_key(MSG_DEBUG, "WPS: DH Private Key", wps->dh_privkey); 82 wpa_hexdump_buf(MSG_DEBUG, "WPS: DH peer Public Key", pubkey); 83 dh_shared = dh5_derive_shared(wps->dh_ctx, pubkey, wps->dh_privkey); 84 dh5_free(wps->dh_ctx); 85 wps->dh_ctx = NULL; 86 dh_shared = wpabuf_zeropad(dh_shared, 192); 87 if (dh_shared == NULL) { 88 wpa_printf(MSG_DEBUG, "WPS: Failed to derive DH shared key"); 89 return -1; 90 } 91 92 /* Own DH private key is not needed anymore */ 93 wpabuf_clear_free(wps->dh_privkey); 94 wps->dh_privkey = NULL; 95 96 wpa_hexdump_buf_key(MSG_DEBUG, "WPS: DH shared key", dh_shared); 97 98 /* DHKey = SHA-256(g^AB mod p) */ 99 addr[0] = wpabuf_head(dh_shared); 100 len[0] = wpabuf_len(dh_shared); 101 sha256_vector(1, addr, len, dhkey); 102 wpa_hexdump_key(MSG_DEBUG, "WPS: DHKey", dhkey, sizeof(dhkey)); 103 wpabuf_clear_free(dh_shared); 104 105 /* KDK = HMAC-SHA-256_DHKey(N1 || EnrolleeMAC || N2) */ 106 addr[0] = wps->nonce_e; 107 len[0] = WPS_NONCE_LEN; 108 addr[1] = wps->mac_addr_e; 109 len[1] = ETH_ALEN; 110 addr[2] = wps->nonce_r; 111 len[2] = WPS_NONCE_LEN; 112 hmac_sha256_vector(dhkey, sizeof(dhkey), 3, addr, len, kdk); 113 wpa_hexdump_key(MSG_DEBUG, "WPS: KDK", kdk, sizeof(kdk)); 114 115 wps_kdf(kdk, NULL, 0, "Wi-Fi Easy and Secure Key Derivation", 116 keys, sizeof(keys)); 117 os_memcpy(wps->authkey, keys, WPS_AUTHKEY_LEN); 118 os_memcpy(wps->keywrapkey, keys + WPS_AUTHKEY_LEN, WPS_KEYWRAPKEY_LEN); 119 os_memcpy(wps->emsk, keys + WPS_AUTHKEY_LEN + WPS_KEYWRAPKEY_LEN, 120 WPS_EMSK_LEN); 121 122 wpa_hexdump_key(MSG_DEBUG, "WPS: AuthKey", 123 wps->authkey, WPS_AUTHKEY_LEN); 124 wpa_hexdump_key(MSG_DEBUG, "WPS: KeyWrapKey", 125 wps->keywrapkey, WPS_KEYWRAPKEY_LEN); 126 wpa_hexdump_key(MSG_DEBUG, "WPS: EMSK", wps->emsk, WPS_EMSK_LEN); 127 128 return 0; 129 } 130 131 wps_derive_psk(struct wps_data * wps,const u8 * dev_passwd,size_t dev_passwd_len)132 int wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd, 133 size_t dev_passwd_len) 134 { 135 u8 hash[SHA256_MAC_LEN]; 136 137 if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd, 138 (dev_passwd_len + 1) / 2, hash) < 0) 139 return -1; 140 os_memcpy(wps->psk1, hash, WPS_PSK_LEN); 141 if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, 142 dev_passwd + (dev_passwd_len + 1) / 2, 143 dev_passwd_len / 2, hash) < 0) 144 return -1; 145 os_memcpy(wps->psk2, hash, WPS_PSK_LEN); 146 147 wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: Device Password", 148 dev_passwd, dev_passwd_len); 149 wpa_hexdump_key(MSG_DEBUG, "WPS: PSK1", wps->psk1, WPS_PSK_LEN); 150 wpa_hexdump_key(MSG_DEBUG, "WPS: PSK2", wps->psk2, WPS_PSK_LEN); 151 return 0; 152 } 153 154 wps_decrypt_encr_settings(struct wps_data * wps,const u8 * encr,size_t encr_len)155 struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr, 156 size_t encr_len) 157 { 158 struct wpabuf *decrypted; 159 const size_t block_size = 16; 160 size_t i; 161 u8 pad; 162 const u8 *pos; 163 164 /* AES-128-CBC */ 165 if (encr == NULL || encr_len < 2 * block_size || encr_len % block_size) 166 { 167 wpa_printf(MSG_DEBUG, "WPS: No Encrypted Settings received"); 168 return NULL; 169 } 170 171 decrypted = wpabuf_alloc(encr_len - block_size); 172 if (decrypted == NULL) 173 return NULL; 174 175 wpa_hexdump(MSG_MSGDUMP, "WPS: Encrypted Settings", encr, encr_len); 176 wpabuf_put_data(decrypted, encr + block_size, encr_len - block_size); 177 if (aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted), 178 wpabuf_len(decrypted))) { 179 wpabuf_clear_free(decrypted); 180 return NULL; 181 } 182 183 wpa_hexdump_buf_key(MSG_MSGDUMP, "WPS: Decrypted Encrypted Settings", 184 decrypted); 185 186 pos = wpabuf_head_u8(decrypted) + wpabuf_len(decrypted) - 1; 187 pad = *pos; 188 if (pad > wpabuf_len(decrypted)) { 189 wpa_printf(MSG_DEBUG, "WPS: Invalid PKCS#5 v2.0 pad value"); 190 wpabuf_clear_free(decrypted); 191 return NULL; 192 } 193 for (i = 0; i < pad; i++) { 194 if (*pos-- != pad) { 195 wpa_printf(MSG_DEBUG, "WPS: Invalid PKCS#5 v2.0 pad " 196 "string"); 197 wpabuf_clear_free(decrypted); 198 return NULL; 199 } 200 } 201 decrypted->used -= pad; 202 203 return decrypted; 204 } 205 206 207 /** 208 * wps_pin_checksum - Compute PIN checksum 209 * @pin: Seven digit PIN (i.e., eight digit PIN without the checksum digit) 210 * Returns: Checksum digit 211 */ wps_pin_checksum(unsigned int pin)212 unsigned int wps_pin_checksum(unsigned int pin) 213 { 214 unsigned int accum = 0; 215 while (pin) { 216 accum += 3 * (pin % 10); 217 pin /= 10; 218 accum += pin % 10; 219 pin /= 10; 220 } 221 222 return (10 - accum % 10) % 10; 223 } 224 225 226 /** 227 * wps_pin_valid - Check whether a PIN has a valid checksum 228 * @pin: Eight digit PIN (i.e., including the checksum digit) 229 * Returns: 1 if checksum digit is valid, or 0 if not 230 */ wps_pin_valid(unsigned int pin)231 unsigned int wps_pin_valid(unsigned int pin) 232 { 233 return wps_pin_checksum(pin / 10) == (pin % 10); 234 } 235 236 237 /** 238 * wps_generate_pin - Generate a random PIN 239 * Returns: Eight digit PIN (i.e., including the checksum digit) 240 */ wps_generate_pin(unsigned int * pin)241 int wps_generate_pin(unsigned int *pin) 242 { 243 unsigned int val; 244 245 /* Generate seven random digits for the PIN */ 246 if (random_get_bytes((unsigned char *) &val, sizeof(val)) < 0) 247 return -1; 248 val %= 10000000; 249 250 /* Append checksum digit */ 251 *pin = val * 10 + wps_pin_checksum(val); 252 return 0; 253 } 254 255 wps_pin_str_valid(const char * pin)256 int wps_pin_str_valid(const char *pin) 257 { 258 const char *p; 259 size_t len; 260 261 p = pin; 262 while (*p >= '0' && *p <= '9') 263 p++; 264 if (*p != '\0') 265 return 0; 266 267 len = p - pin; 268 return len == 4 || len == 8; 269 } 270 271 wps_fail_event(struct wps_context * wps,enum wps_msg_type msg,u16 config_error,u16 error_indication,const u8 * mac_addr)272 void wps_fail_event(struct wps_context *wps, enum wps_msg_type msg, 273 u16 config_error, u16 error_indication, const u8 *mac_addr) 274 { 275 union wps_event_data data; 276 277 if (wps->event_cb == NULL) 278 return; 279 280 os_memset(&data, 0, sizeof(data)); 281 data.fail.msg = msg; 282 data.fail.config_error = config_error; 283 data.fail.error_indication = error_indication; 284 os_memcpy(data.fail.peer_macaddr, mac_addr, ETH_ALEN); 285 wps->event_cb(wps->cb_ctx, WPS_EV_FAIL, &data); 286 } 287 288 wps_success_event(struct wps_context * wps,const u8 * mac_addr)289 void wps_success_event(struct wps_context *wps, const u8 *mac_addr) 290 { 291 union wps_event_data data; 292 293 if (wps->event_cb == NULL) 294 return; 295 296 os_memset(&data, 0, sizeof(data)); 297 os_memcpy(data.success.peer_macaddr, mac_addr, ETH_ALEN); 298 wps->event_cb(wps->cb_ctx, WPS_EV_SUCCESS, &data); 299 } 300 301 wps_pwd_auth_fail_event(struct wps_context * wps,int enrollee,int part,const u8 * mac_addr)302 void wps_pwd_auth_fail_event(struct wps_context *wps, int enrollee, int part, 303 const u8 *mac_addr) 304 { 305 union wps_event_data data; 306 307 if (wps->event_cb == NULL) 308 return; 309 310 os_memset(&data, 0, sizeof(data)); 311 data.pwd_auth_fail.enrollee = enrollee; 312 data.pwd_auth_fail.part = part; 313 os_memcpy(data.pwd_auth_fail.peer_macaddr, mac_addr, ETH_ALEN); 314 wps->event_cb(wps->cb_ctx, WPS_EV_PWD_AUTH_FAIL, &data); 315 } 316 317 wps_pbc_overlap_event(struct wps_context * wps)318 void wps_pbc_overlap_event(struct wps_context *wps) 319 { 320 if (wps->event_cb == NULL) 321 return; 322 323 wps->event_cb(wps->cb_ctx, WPS_EV_PBC_OVERLAP, NULL); 324 } 325 326 wps_pbc_timeout_event(struct wps_context * wps)327 void wps_pbc_timeout_event(struct wps_context *wps) 328 { 329 if (wps->event_cb == NULL) 330 return; 331 332 wps->event_cb(wps->cb_ctx, WPS_EV_PBC_TIMEOUT, NULL); 333 } 334 335 wps_pbc_active_event(struct wps_context * wps)336 void wps_pbc_active_event(struct wps_context *wps) 337 { 338 if (wps->event_cb == NULL) 339 return; 340 341 wps->event_cb(wps->cb_ctx, WPS_EV_PBC_ACTIVE, NULL); 342 } 343 344 wps_pbc_disable_event(struct wps_context * wps)345 void wps_pbc_disable_event(struct wps_context *wps) 346 { 347 if (wps->event_cb == NULL) 348 return; 349 350 wps->event_cb(wps->cb_ctx, WPS_EV_PBC_DISABLE, NULL); 351 } 352 353 354 #ifdef CONFIG_WPS_OOB 355 wps_get_oob_cred(struct wps_context * wps,int rf_band,int channel)356 struct wpabuf * wps_get_oob_cred(struct wps_context *wps, int rf_band, 357 int channel) 358 { 359 struct wps_data data; 360 struct wpabuf *plain; 361 362 plain = wpabuf_alloc(500); 363 if (plain == NULL) { 364 wpa_printf(MSG_ERROR, "WPS: Failed to allocate memory for OOB " 365 "credential"); 366 return NULL; 367 } 368 369 os_memset(&data, 0, sizeof(data)); 370 data.wps = wps; 371 data.auth_type = wps->auth_types; 372 data.encr_type = wps->encr_types; 373 if (wps_build_cred(&data, plain) || 374 (rf_band && wps_build_rf_bands_attr(plain, rf_band)) || 375 (channel && wps_build_ap_channel(plain, channel)) || 376 wps_build_mac_addr(plain, wps->dev.mac_addr) || 377 wps_build_wfa_ext(plain, 0, NULL, 0, 0)) { 378 os_free(data.new_psk); 379 wpabuf_clear_free(plain); 380 return NULL; 381 } 382 383 if (wps->wps_state == WPS_STATE_NOT_CONFIGURED && data.new_psk && 384 wps->ap) { 385 struct wps_credential cred; 386 387 wpa_printf(MSG_DEBUG, "WPS: Moving to Configured state based " 388 "on credential token generation"); 389 390 os_memset(&cred, 0, sizeof(cred)); 391 os_memcpy(cred.ssid, wps->ssid, wps->ssid_len); 392 cred.ssid_len = wps->ssid_len; 393 cred.auth_type = WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK; 394 cred.encr_type = WPS_ENCR_TKIP | WPS_ENCR_AES; 395 os_memcpy(cred.key, data.new_psk, data.new_psk_len); 396 cred.key_len = data.new_psk_len; 397 398 wps->wps_state = WPS_STATE_CONFIGURED; 399 wpa_hexdump_ascii_key(MSG_DEBUG, 400 "WPS: Generated random passphrase", 401 data.new_psk, data.new_psk_len); 402 if (wps->cred_cb) 403 wps->cred_cb(wps->cb_ctx, &cred); 404 } 405 406 os_free(data.new_psk); 407 408 return plain; 409 } 410 411 wps_build_nfc_pw_token(u16 dev_pw_id,const struct wpabuf * pubkey,const struct wpabuf * dev_pw)412 struct wpabuf * wps_build_nfc_pw_token(u16 dev_pw_id, 413 const struct wpabuf *pubkey, 414 const struct wpabuf *dev_pw) 415 { 416 struct wpabuf *data; 417 418 data = wpabuf_alloc(200); 419 if (data == NULL) 420 return NULL; 421 422 if (wps_build_oob_dev_pw(data, dev_pw_id, pubkey, 423 wpabuf_head(dev_pw), wpabuf_len(dev_pw)) || 424 wps_build_wfa_ext(data, 0, NULL, 0, 0)) { 425 wpa_printf(MSG_ERROR, "WPS: Failed to build NFC password " 426 "token"); 427 wpabuf_clear_free(data); 428 return NULL; 429 } 430 431 return data; 432 } 433 434 wps_oob_use_cred(struct wps_context * wps,struct wps_parse_attr * attr)435 int wps_oob_use_cred(struct wps_context *wps, struct wps_parse_attr *attr) 436 { 437 struct wpabuf msg; 438 size_t i; 439 440 for (i = 0; i < attr->num_cred; i++) { 441 struct wps_credential local_cred; 442 struct wps_parse_attr cattr; 443 444 os_memset(&local_cred, 0, sizeof(local_cred)); 445 wpabuf_set(&msg, attr->cred[i], attr->cred_len[i]); 446 if (wps_parse_msg(&msg, &cattr) < 0 || 447 wps_process_cred(&cattr, &local_cred)) { 448 wpa_printf(MSG_ERROR, "WPS: Failed to parse OOB " 449 "credential"); 450 return -1; 451 } 452 wps->cred_cb(wps->cb_ctx, &local_cred); 453 } 454 455 return 0; 456 } 457 458 459 #endif /* CONFIG_WPS_OOB */ 460 461 wps_dev_type_str2bin(const char * str,u8 dev_type[WPS_DEV_TYPE_LEN])462 int wps_dev_type_str2bin(const char *str, u8 dev_type[WPS_DEV_TYPE_LEN]) 463 { 464 const char *pos; 465 466 /* <categ>-<OUI>-<subcateg> */ 467 WPA_PUT_BE16(dev_type, atoi(str)); 468 pos = os_strchr(str, '-'); 469 if (pos == NULL) 470 return -1; 471 pos++; 472 if (hexstr2bin(pos, &dev_type[2], 4)) 473 return -1; 474 pos = os_strchr(pos, '-'); 475 if (pos == NULL) 476 return -1; 477 pos++; 478 WPA_PUT_BE16(&dev_type[6], atoi(pos)); 479 480 481 return 0; 482 } 483 484 wps_dev_type_bin2str(const u8 dev_type[WPS_DEV_TYPE_LEN],char * buf,size_t buf_len)485 char * wps_dev_type_bin2str(const u8 dev_type[WPS_DEV_TYPE_LEN], char *buf, 486 size_t buf_len) 487 { 488 int ret; 489 490 ret = os_snprintf(buf, buf_len, "%u-%08X-%u", 491 WPA_GET_BE16(dev_type), WPA_GET_BE32(&dev_type[2]), 492 WPA_GET_BE16(&dev_type[6])); 493 if (os_snprintf_error(buf_len, ret)) 494 return NULL; 495 496 return buf; 497 } 498 499 uuid_gen_mac_addr(const u8 * mac_addr,u8 * uuid)500 void uuid_gen_mac_addr(const u8 *mac_addr, u8 *uuid) 501 { 502 const u8 *addr[2]; 503 size_t len[2]; 504 u8 hash[SHA1_MAC_LEN]; 505 u8 nsid[16] = { 506 0x52, 0x64, 0x80, 0xf8, 507 0xc9, 0x9b, 508 0x4b, 0xe5, 509 0xa6, 0x55, 510 0x58, 0xed, 0x5f, 0x5d, 0x60, 0x84 511 }; 512 513 addr[0] = nsid; 514 len[0] = sizeof(nsid); 515 addr[1] = mac_addr; 516 len[1] = 6; 517 sha1_vector(2, addr, len, hash); 518 os_memcpy(uuid, hash, 16); 519 520 /* Version: 5 = named-based version using SHA-1 */ 521 uuid[6] = (5 << 4) | (uuid[6] & 0x0f); 522 523 /* Variant specified in RFC 4122 */ 524 uuid[8] = 0x80 | (uuid[8] & 0x3f); 525 } 526 527 wps_config_methods_str2bin(const char * str)528 u16 wps_config_methods_str2bin(const char *str) 529 { 530 u16 methods = 0; 531 532 if (str == NULL || str[0] == '\0') { 533 /* Default to enabling methods based on build configuration */ 534 methods |= WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD; 535 methods |= WPS_CONFIG_VIRT_DISPLAY; 536 #ifdef CONFIG_WPS_NFC 537 methods |= WPS_CONFIG_NFC_INTERFACE; 538 #endif /* CONFIG_WPS_NFC */ 539 #ifdef CONFIG_P2P 540 methods |= WPS_CONFIG_P2PS; 541 #endif /* CONFIG_P2P */ 542 } else { 543 if (os_strstr(str, "ethernet")) 544 methods |= WPS_CONFIG_ETHERNET; 545 if (os_strstr(str, "label")) 546 methods |= WPS_CONFIG_LABEL; 547 if (os_strstr(str, "display")) 548 methods |= WPS_CONFIG_DISPLAY; 549 if (os_strstr(str, "ext_nfc_token")) 550 methods |= WPS_CONFIG_EXT_NFC_TOKEN; 551 if (os_strstr(str, "int_nfc_token")) 552 methods |= WPS_CONFIG_INT_NFC_TOKEN; 553 if (os_strstr(str, "nfc_interface")) 554 methods |= WPS_CONFIG_NFC_INTERFACE; 555 if (os_strstr(str, "push_button")) 556 methods |= WPS_CONFIG_PUSHBUTTON; 557 if (os_strstr(str, "keypad")) 558 methods |= WPS_CONFIG_KEYPAD; 559 if (os_strstr(str, "virtual_display")) 560 methods |= WPS_CONFIG_VIRT_DISPLAY; 561 if (os_strstr(str, "physical_display")) 562 methods |= WPS_CONFIG_PHY_DISPLAY; 563 if (os_strstr(str, "virtual_push_button")) 564 methods |= WPS_CONFIG_VIRT_PUSHBUTTON; 565 if (os_strstr(str, "physical_push_button")) 566 methods |= WPS_CONFIG_PHY_PUSHBUTTON; 567 if (os_strstr(str, "p2ps")) 568 methods |= WPS_CONFIG_P2PS; 569 } 570 571 return methods; 572 } 573 574 wps_build_wsc_ack(struct wps_data * wps)575 struct wpabuf * wps_build_wsc_ack(struct wps_data *wps) 576 { 577 struct wpabuf *msg; 578 579 wpa_printf(MSG_DEBUG, "WPS: Building Message WSC_ACK"); 580 581 msg = wpabuf_alloc(1000); 582 if (msg == NULL) 583 return NULL; 584 585 if (wps_build_version(msg) || 586 wps_build_msg_type(msg, WPS_WSC_ACK) || 587 wps_build_enrollee_nonce(wps, msg) || 588 wps_build_registrar_nonce(wps, msg) || 589 wps_build_wfa_ext(msg, 0, NULL, 0, 0)) { 590 wpabuf_free(msg); 591 return NULL; 592 } 593 594 return msg; 595 } 596 597 wps_build_wsc_nack(struct wps_data * wps)598 struct wpabuf * wps_build_wsc_nack(struct wps_data *wps) 599 { 600 struct wpabuf *msg; 601 602 wpa_printf(MSG_DEBUG, "WPS: Building Message WSC_NACK"); 603 604 msg = wpabuf_alloc(1000); 605 if (msg == NULL) 606 return NULL; 607 608 if (wps_build_version(msg) || 609 wps_build_msg_type(msg, WPS_WSC_NACK) || 610 wps_build_enrollee_nonce(wps, msg) || 611 wps_build_registrar_nonce(wps, msg) || 612 wps_build_config_error(msg, wps->config_error) || 613 wps_build_wfa_ext(msg, 0, NULL, 0, 0)) { 614 wpabuf_free(msg); 615 return NULL; 616 } 617 618 return msg; 619 } 620 621 622 #ifdef CONFIG_WPS_NFC 623 wps_nfc_token_build(int ndef,int id,struct wpabuf * pubkey,struct wpabuf * dev_pw)624 struct wpabuf * wps_nfc_token_build(int ndef, int id, struct wpabuf *pubkey, 625 struct wpabuf *dev_pw) 626 { 627 struct wpabuf *ret; 628 629 if (pubkey == NULL || dev_pw == NULL) 630 return NULL; 631 632 ret = wps_build_nfc_pw_token(id, pubkey, dev_pw); 633 if (ndef && ret) { 634 struct wpabuf *tmp; 635 tmp = ndef_build_wifi(ret); 636 wpabuf_free(ret); 637 if (tmp == NULL) 638 return NULL; 639 ret = tmp; 640 } 641 642 return ret; 643 } 644 645 wps_nfc_gen_dh(struct wpabuf ** pubkey,struct wpabuf ** privkey)646 int wps_nfc_gen_dh(struct wpabuf **pubkey, struct wpabuf **privkey) 647 { 648 struct wpabuf *priv = NULL, *pub = NULL; 649 void *dh_ctx; 650 651 dh_ctx = dh5_init(&priv, &pub); 652 if (dh_ctx == NULL) 653 return -1; 654 pub = wpabuf_zeropad(pub, 192); 655 if (pub == NULL) { 656 wpabuf_free(priv); 657 dh5_free(dh_ctx); 658 return -1; 659 } 660 wpa_hexdump_buf(MSG_DEBUG, "WPS: Generated new DH pubkey", pub); 661 dh5_free(dh_ctx); 662 663 wpabuf_free(*pubkey); 664 *pubkey = pub; 665 wpabuf_clear_free(*privkey); 666 *privkey = priv; 667 668 return 0; 669 } 670 671 wps_nfc_token_gen(int ndef,int * id,struct wpabuf ** pubkey,struct wpabuf ** privkey,struct wpabuf ** dev_pw)672 struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey, 673 struct wpabuf **privkey, 674 struct wpabuf **dev_pw) 675 { 676 struct wpabuf *pw; 677 u16 val; 678 679 pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN); 680 if (pw == NULL) 681 return NULL; 682 683 if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN), 684 WPS_OOB_DEVICE_PASSWORD_LEN) || 685 random_get_bytes((u8 *) &val, sizeof(val))) { 686 wpabuf_free(pw); 687 return NULL; 688 } 689 690 if (wps_nfc_gen_dh(pubkey, privkey) < 0) { 691 wpabuf_free(pw); 692 return NULL; 693 } 694 695 *id = 0x10 + val % 0xfff0; 696 wpabuf_clear_free(*dev_pw); 697 *dev_pw = pw; 698 699 return wps_nfc_token_build(ndef, *id, *pubkey, *dev_pw); 700 } 701 702 wps_build_nfc_handover_req(struct wps_context * ctx,struct wpabuf * nfc_dh_pubkey)703 struct wpabuf * wps_build_nfc_handover_req(struct wps_context *ctx, 704 struct wpabuf *nfc_dh_pubkey) 705 { 706 struct wpabuf *msg; 707 void *len; 708 709 if (ctx == NULL) 710 return NULL; 711 712 wpa_printf(MSG_DEBUG, "WPS: Building attributes for NFC connection " 713 "handover request"); 714 715 if (nfc_dh_pubkey == NULL) { 716 wpa_printf(MSG_DEBUG, "WPS: No NFC OOB Device Password " 717 "configured"); 718 return NULL; 719 } 720 721 msg = wpabuf_alloc(1000); 722 if (msg == NULL) 723 return msg; 724 len = wpabuf_put(msg, 2); 725 726 if (wps_build_oob_dev_pw(msg, DEV_PW_NFC_CONNECTION_HANDOVER, 727 nfc_dh_pubkey, NULL, 0) || 728 wps_build_uuid_e(msg, ctx->uuid) || 729 wps_build_wfa_ext(msg, 0, NULL, 0, 0)) { 730 wpabuf_free(msg); 731 return NULL; 732 } 733 734 WPA_PUT_BE16(len, wpabuf_len(msg) - 2); 735 736 return msg; 737 } 738 739 wps_build_ssid(struct wpabuf * msg,struct wps_context * wps)740 static int wps_build_ssid(struct wpabuf *msg, struct wps_context *wps) 741 { 742 wpa_printf(MSG_DEBUG, "WPS: * SSID"); 743 wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID in Connection Handover Select", 744 wps->ssid, wps->ssid_len); 745 wpabuf_put_be16(msg, ATTR_SSID); 746 wpabuf_put_be16(msg, wps->ssid_len); 747 wpabuf_put_data(msg, wps->ssid, wps->ssid_len); 748 return 0; 749 } 750 751 wps_build_ap_freq(struct wpabuf * msg,int freq)752 static int wps_build_ap_freq(struct wpabuf *msg, int freq) 753 { 754 enum hostapd_hw_mode mode; 755 u8 channel, rf_band; 756 u16 ap_channel; 757 758 if (freq <= 0) 759 return 0; 760 761 mode = ieee80211_freq_to_chan(freq, &channel); 762 if (mode == NUM_HOSTAPD_MODES) 763 return 0; /* Unknown channel */ 764 765 if (mode == HOSTAPD_MODE_IEEE80211G || mode == HOSTAPD_MODE_IEEE80211B) 766 rf_band = WPS_RF_24GHZ; 767 else if (mode == HOSTAPD_MODE_IEEE80211A) 768 rf_band = WPS_RF_50GHZ; 769 else if (mode == HOSTAPD_MODE_IEEE80211AD) 770 rf_band = WPS_RF_60GHZ; 771 else 772 return 0; /* Unknown band */ 773 ap_channel = channel; 774 775 if (wps_build_rf_bands_attr(msg, rf_band) || 776 wps_build_ap_channel(msg, ap_channel)) 777 return -1; 778 779 return 0; 780 } 781 782 wps_build_nfc_handover_sel(struct wps_context * ctx,struct wpabuf * nfc_dh_pubkey,const u8 * bssid,int freq)783 struct wpabuf * wps_build_nfc_handover_sel(struct wps_context *ctx, 784 struct wpabuf *nfc_dh_pubkey, 785 const u8 *bssid, int freq) 786 { 787 struct wpabuf *msg; 788 void *len; 789 790 if (ctx == NULL) 791 return NULL; 792 793 wpa_printf(MSG_DEBUG, "WPS: Building attributes for NFC connection " 794 "handover select"); 795 796 if (nfc_dh_pubkey == NULL) { 797 wpa_printf(MSG_DEBUG, "WPS: No NFC OOB Device Password " 798 "configured"); 799 return NULL; 800 } 801 802 msg = wpabuf_alloc(1000); 803 if (msg == NULL) 804 return msg; 805 len = wpabuf_put(msg, 2); 806 807 if (wps_build_oob_dev_pw(msg, DEV_PW_NFC_CONNECTION_HANDOVER, 808 nfc_dh_pubkey, NULL, 0) || 809 wps_build_ssid(msg, ctx) || 810 wps_build_ap_freq(msg, freq) || 811 (bssid && wps_build_mac_addr(msg, bssid)) || 812 wps_build_wfa_ext(msg, 0, NULL, 0, 0)) { 813 wpabuf_free(msg); 814 return NULL; 815 } 816 817 WPA_PUT_BE16(len, wpabuf_len(msg) - 2); 818 819 return msg; 820 } 821 822 wps_build_nfc_handover_req_p2p(struct wps_context * ctx,struct wpabuf * nfc_dh_pubkey)823 struct wpabuf * wps_build_nfc_handover_req_p2p(struct wps_context *ctx, 824 struct wpabuf *nfc_dh_pubkey) 825 { 826 struct wpabuf *msg; 827 828 if (ctx == NULL) 829 return NULL; 830 831 wpa_printf(MSG_DEBUG, "WPS: Building attributes for NFC connection " 832 "handover request (P2P)"); 833 834 if (nfc_dh_pubkey == NULL) { 835 wpa_printf(MSG_DEBUG, "WPS: No NFC DH Public Key configured"); 836 return NULL; 837 } 838 839 msg = wpabuf_alloc(1000); 840 if (msg == NULL) 841 return msg; 842 843 if (wps_build_manufacturer(&ctx->dev, msg) || 844 wps_build_model_name(&ctx->dev, msg) || 845 wps_build_model_number(&ctx->dev, msg) || 846 wps_build_oob_dev_pw(msg, DEV_PW_NFC_CONNECTION_HANDOVER, 847 nfc_dh_pubkey, NULL, 0) || 848 wps_build_rf_bands(&ctx->dev, msg, 0) || 849 wps_build_serial_number(&ctx->dev, msg) || 850 wps_build_uuid_e(msg, ctx->uuid) || 851 wps_build_wfa_ext(msg, 0, NULL, 0, 0)) { 852 wpabuf_free(msg); 853 return NULL; 854 } 855 856 return msg; 857 } 858 859 wps_build_nfc_handover_sel_p2p(struct wps_context * ctx,int nfc_dev_pw_id,struct wpabuf * nfc_dh_pubkey,struct wpabuf * nfc_dev_pw)860 struct wpabuf * wps_build_nfc_handover_sel_p2p(struct wps_context *ctx, 861 int nfc_dev_pw_id, 862 struct wpabuf *nfc_dh_pubkey, 863 struct wpabuf *nfc_dev_pw) 864 { 865 struct wpabuf *msg; 866 const u8 *dev_pw; 867 size_t dev_pw_len; 868 869 if (ctx == NULL) 870 return NULL; 871 872 wpa_printf(MSG_DEBUG, "WPS: Building attributes for NFC connection " 873 "handover select (P2P)"); 874 875 if (nfc_dh_pubkey == NULL || 876 (nfc_dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER && 877 nfc_dev_pw == NULL)) { 878 wpa_printf(MSG_DEBUG, "WPS: No NFC OOB Device Password " 879 "configured"); 880 return NULL; 881 } 882 883 msg = wpabuf_alloc(1000); 884 if (msg == NULL) 885 return msg; 886 887 if (nfc_dev_pw) { 888 dev_pw = wpabuf_head(nfc_dev_pw); 889 dev_pw_len = wpabuf_len(nfc_dev_pw); 890 } else { 891 dev_pw = NULL; 892 dev_pw_len = 0; 893 } 894 895 if (wps_build_manufacturer(&ctx->dev, msg) || 896 wps_build_model_name(&ctx->dev, msg) || 897 wps_build_model_number(&ctx->dev, msg) || 898 wps_build_oob_dev_pw(msg, nfc_dev_pw_id, nfc_dh_pubkey, 899 dev_pw, dev_pw_len) || 900 wps_build_rf_bands(&ctx->dev, msg, 0) || 901 wps_build_serial_number(&ctx->dev, msg) || 902 wps_build_uuid_e(msg, ctx->uuid) || 903 wps_build_wfa_ext(msg, 0, NULL, 0, 0)) { 904 wpabuf_free(msg); 905 return NULL; 906 } 907 908 return msg; 909 } 910 911 #endif /* CONFIG_WPS_NFC */ 912