1 /* 2 * DPP over TCP 3 * Copyright (c) 2019-2020, The Linux Foundation 4 * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc. 5 * 6 * This software may be distributed under the terms of the BSD license. 7 * See README for more details. 8 */ 9 10 #include "utils/includes.h" 11 #include <fcntl.h> 12 13 #include "utils/common.h" 14 #include "utils/ip_addr.h" 15 #include "utils/eloop.h" 16 #include "common/ieee802_11_common.h" 17 #include "common/wpa_ctrl.h" 18 #include "dpp.h" 19 #include "dpp_i.h" 20 21 #ifdef CONFIG_DPP2 22 23 struct dpp_connection { 24 struct dl_list list; 25 struct dpp_controller *ctrl; 26 struct dpp_relay_controller *relay; 27 struct dpp_global *global; 28 struct dpp_pkex *pkex; 29 struct dpp_authentication *auth; 30 void *msg_ctx; 31 void *cb_ctx; 32 int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth); 33 int (*pkex_done)(void *ctx, void *conn, struct dpp_bootstrap_info *bi); 34 bool (*tcp_msg_sent)(void *ctx, struct dpp_authentication *auth); 35 int sock; 36 u8 mac_addr[ETH_ALEN]; 37 unsigned int freq; 38 u8 msg_len[4]; 39 size_t msg_len_octets; 40 struct wpabuf *msg; 41 struct wpabuf *msg_out; 42 size_t msg_out_pos; 43 unsigned int read_eloop:1; 44 unsigned int write_eloop:1; 45 unsigned int on_tcp_tx_complete_gas_done:1; 46 unsigned int on_tcp_tx_complete_remove:1; 47 unsigned int on_tcp_tx_complete_auth_ok:1; 48 unsigned int gas_comeback_in_progress:1; 49 u8 gas_dialog_token; 50 char *name; 51 char *mud_url; 52 char *extra_conf_req_name; 53 char *extra_conf_req_value; 54 enum dpp_netrole netrole; 55 }; 56 57 /* Remote Controller */ 58 struct dpp_relay_controller { 59 struct dl_list list; 60 struct dpp_global *global; 61 u8 pkhash[SHA256_MAC_LEN]; 62 struct hostapd_ip_addr ipaddr; 63 void *msg_ctx; 64 void *cb_ctx; 65 void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg, 66 size_t len); 67 void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token, 68 int prot, struct wpabuf *buf); 69 struct dl_list conn; /* struct dpp_connection */ 70 }; 71 72 /* Local Controller */ 73 struct dpp_controller { 74 struct dpp_global *global; 75 u8 allowed_roles; 76 int qr_mutual; 77 int sock; 78 struct dl_list conn; /* struct dpp_connection */ 79 char *configurator_params; 80 enum dpp_netrole netrole; 81 struct dpp_bootstrap_info *pkex_bi; 82 char *pkex_code; 83 char *pkex_identifier; 84 void *msg_ctx; 85 void *cb_ctx; 86 int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth); 87 bool (*tcp_msg_sent)(void *ctx, struct dpp_authentication *auth); 88 }; 89 90 static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx); 91 static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx); 92 static void dpp_controller_auth_success(struct dpp_connection *conn, 93 int initiator); 94 static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx); 95 #ifdef CONFIG_DPP3 96 static void dpp_tcp_build_new_key(void *eloop_ctx, void *timeout_ctx); 97 #endif /* CONFIG_DPP3 */ 98 static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx); 99 static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx); 100 101 dpp_connection_free(struct dpp_connection * conn)102 static void dpp_connection_free(struct dpp_connection *conn) 103 { 104 if (conn->sock >= 0) { 105 wpa_printf(MSG_DEBUG, "DPP: Close Controller socket %d", 106 conn->sock); 107 eloop_unregister_sock(conn->sock, EVENT_TYPE_READ); 108 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); 109 close(conn->sock); 110 } 111 eloop_cancel_timeout(dpp_controller_conn_status_result_wait_timeout, 112 conn, NULL); 113 eloop_cancel_timeout(dpp_tcp_build_csr, conn, NULL); 114 eloop_cancel_timeout(dpp_tcp_gas_query_comeback, conn, NULL); 115 eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL); 116 #ifdef CONFIG_DPP3 117 eloop_cancel_timeout(dpp_tcp_build_new_key, conn, NULL); 118 #endif /* CONFIG_DPP3 */ 119 wpabuf_free(conn->msg); 120 wpabuf_free(conn->msg_out); 121 dpp_auth_deinit(conn->auth); 122 dpp_pkex_free(conn->pkex); 123 os_free(conn->name); 124 os_free(conn->mud_url); 125 os_free(conn->extra_conf_req_name); 126 os_free(conn->extra_conf_req_value); 127 os_free(conn); 128 } 129 130 dpp_connection_remove(struct dpp_connection * conn)131 static void dpp_connection_remove(struct dpp_connection *conn) 132 { 133 dl_list_del(&conn->list); 134 dpp_connection_free(conn); 135 } 136 137 dpp_relay_add_controller(struct dpp_global * dpp,struct dpp_relay_config * config)138 int dpp_relay_add_controller(struct dpp_global *dpp, 139 struct dpp_relay_config *config) 140 { 141 struct dpp_relay_controller *ctrl; 142 char txt[100]; 143 144 if (!dpp) 145 return -1; 146 147 ctrl = os_zalloc(sizeof(*ctrl)); 148 if (!ctrl) 149 return -1; 150 dl_list_init(&ctrl->conn); 151 ctrl->global = dpp; 152 os_memcpy(&ctrl->ipaddr, config->ipaddr, sizeof(*config->ipaddr)); 153 os_memcpy(ctrl->pkhash, config->pkhash, SHA256_MAC_LEN); 154 ctrl->msg_ctx = config->msg_ctx; 155 ctrl->cb_ctx = config->cb_ctx; 156 ctrl->tx = config->tx; 157 ctrl->gas_resp_tx = config->gas_resp_tx; 158 wpa_printf(MSG_DEBUG, "DPP: Add Relay connection to Controller %s", 159 hostapd_ip_txt(&ctrl->ipaddr, txt, sizeof(txt))); 160 dl_list_add(&dpp->controllers, &ctrl->list); 161 return 0; 162 } 163 164 165 static struct dpp_relay_controller * dpp_relay_controller_get(struct dpp_global * dpp,const u8 * pkhash)166 dpp_relay_controller_get(struct dpp_global *dpp, const u8 *pkhash) 167 { 168 struct dpp_relay_controller *ctrl; 169 170 if (!dpp) 171 return NULL; 172 173 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller, 174 list) { 175 if (os_memcmp(pkhash, ctrl->pkhash, SHA256_MAC_LEN) == 0) 176 return ctrl; 177 } 178 179 return NULL; 180 } 181 182 183 static struct dpp_relay_controller * dpp_relay_controller_get_ctx(struct dpp_global * dpp,void * cb_ctx)184 dpp_relay_controller_get_ctx(struct dpp_global *dpp, void *cb_ctx) 185 { 186 struct dpp_relay_controller *ctrl; 187 188 if (!dpp) 189 return NULL; 190 191 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller, 192 list) { 193 if (cb_ctx == ctrl->cb_ctx) 194 return ctrl; 195 } 196 197 return NULL; 198 } 199 200 201 static struct dpp_relay_controller * dpp_relay_controller_get_addr(struct dpp_global * dpp,const struct sockaddr_in * addr)202 dpp_relay_controller_get_addr(struct dpp_global *dpp, 203 const struct sockaddr_in *addr) 204 { 205 struct dpp_relay_controller *ctrl; 206 207 if (!dpp) 208 return NULL; 209 210 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller, 211 list) { 212 if (ctrl->ipaddr.af == AF_INET && 213 addr->sin_addr.s_addr == ctrl->ipaddr.u.v4.s_addr) 214 return ctrl; 215 } 216 217 if (dpp->tmp_controller && 218 dpp->tmp_controller->ipaddr.af == AF_INET && 219 addr->sin_addr.s_addr == dpp->tmp_controller->ipaddr.u.v4.s_addr) 220 return dpp->tmp_controller; 221 222 return NULL; 223 } 224 225 dpp_controller_gas_done(struct dpp_connection * conn)226 static void dpp_controller_gas_done(struct dpp_connection *conn) 227 { 228 struct dpp_authentication *auth = conn->auth; 229 230 if (auth->waiting_csr) { 231 wpa_printf(MSG_DEBUG, "DPP: Waiting for CSR"); 232 conn->on_tcp_tx_complete_gas_done = 0; 233 return; 234 } 235 236 #ifdef CONFIG_DPP3 237 if (auth->waiting_new_key) { 238 wpa_printf(MSG_DEBUG, "DPP: Waiting for a new key"); 239 conn->on_tcp_tx_complete_gas_done = 0; 240 return; 241 } 242 #endif /* CONFIG_DPP3 */ 243 244 if (auth->peer_version >= 2 && 245 auth->conf_resp_status == DPP_STATUS_OK) { 246 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result"); 247 auth->waiting_conf_result = 1; 248 return; 249 } 250 251 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT "conf_status=%d", 252 auth->conf_resp_status); 253 dpp_connection_remove(conn); 254 } 255 256 dpp_tcp_send(struct dpp_connection * conn)257 static int dpp_tcp_send(struct dpp_connection *conn) 258 { 259 int res; 260 261 if (!conn->msg_out) { 262 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); 263 conn->write_eloop = 0; 264 return -1; 265 } 266 res = send(conn->sock, 267 wpabuf_head_u8(conn->msg_out) + conn->msg_out_pos, 268 wpabuf_len(conn->msg_out) - conn->msg_out_pos, 0); 269 if (res < 0) { 270 wpa_printf(MSG_DEBUG, "DPP: Failed to send buffer: %s", 271 strerror(errno)); 272 dpp_connection_remove(conn); 273 return -1; 274 } 275 276 conn->msg_out_pos += res; 277 if (wpabuf_len(conn->msg_out) > conn->msg_out_pos) { 278 wpa_printf(MSG_DEBUG, 279 "DPP: %u/%u bytes of message sent to Controller", 280 (unsigned int) conn->msg_out_pos, 281 (unsigned int) wpabuf_len(conn->msg_out)); 282 if (!conn->write_eloop && 283 eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 284 dpp_conn_tx_ready, conn, NULL) == 0) 285 conn->write_eloop = 1; 286 return 1; 287 } 288 289 wpa_printf(MSG_DEBUG, "DPP: Full message sent over TCP"); 290 wpabuf_free(conn->msg_out); 291 conn->msg_out = NULL; 292 conn->msg_out_pos = 0; 293 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE); 294 conn->write_eloop = 0; 295 if (!conn->read_eloop && 296 eloop_register_sock(conn->sock, EVENT_TYPE_READ, 297 dpp_controller_rx, conn, NULL) == 0) 298 conn->read_eloop = 1; 299 if (conn->on_tcp_tx_complete_remove) { 300 if (conn->auth && conn->auth->connect_on_tx_status && 301 conn->tcp_msg_sent && 302 conn->tcp_msg_sent(conn->cb_ctx, conn->auth)) 303 return 0; 304 dpp_connection_remove(conn); 305 } else if (conn->auth && (conn->ctrl || conn->auth->configurator) && 306 conn->on_tcp_tx_complete_gas_done) { 307 dpp_controller_gas_done(conn); 308 } else if (conn->on_tcp_tx_complete_auth_ok) { 309 conn->on_tcp_tx_complete_auth_ok = 0; 310 dpp_controller_auth_success(conn, 1); 311 } 312 313 return 0; 314 } 315 316 dpp_tcp_send_msg(struct dpp_connection * conn,const struct wpabuf * msg)317 static int dpp_tcp_send_msg(struct dpp_connection *conn, 318 const struct wpabuf *msg) 319 { 320 wpabuf_free(conn->msg_out); 321 conn->msg_out_pos = 0; 322 conn->msg_out = wpabuf_alloc(4 + wpabuf_len(msg) - 1); 323 if (!conn->msg_out) 324 return -1; 325 wpabuf_put_be32(conn->msg_out, wpabuf_len(msg) - 1); 326 wpabuf_put_data(conn->msg_out, wpabuf_head_u8(msg) + 1, 327 wpabuf_len(msg) - 1); 328 329 if (dpp_tcp_send(conn) == 1) { 330 if (!conn->write_eloop) { 331 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 332 dpp_conn_tx_ready, 333 conn, NULL) < 0) 334 return -1; 335 conn->write_eloop = 1; 336 } 337 } 338 339 return 0; 340 } 341 342 dpp_controller_start_gas_client(struct dpp_connection * conn)343 static void dpp_controller_start_gas_client(struct dpp_connection *conn) 344 { 345 struct dpp_authentication *auth = conn->auth; 346 struct wpabuf *buf; 347 const char *dpp_name; 348 349 dpp_name = conn->name ? conn->name : "Test"; 350 buf = dpp_build_conf_req_helper(auth, dpp_name, conn->netrole, 351 conn->mud_url, NULL, 352 conn->extra_conf_req_name, 353 conn->extra_conf_req_value); 354 if (!buf) { 355 wpa_printf(MSG_DEBUG, 356 "DPP: No configuration request data available"); 357 return; 358 } 359 360 dpp_tcp_send_msg(conn, buf); 361 wpabuf_free(buf); 362 } 363 364 dpp_controller_auth_success(struct dpp_connection * conn,int initiator)365 static void dpp_controller_auth_success(struct dpp_connection *conn, 366 int initiator) 367 { 368 struct dpp_authentication *auth = conn->auth; 369 370 if (!auth) 371 return; 372 373 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded"); 374 dpp_notify_auth_success(auth, initiator); 375 #ifdef CONFIG_TESTING_OPTIONS 376 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) { 377 wpa_printf(MSG_INFO, 378 "DPP: TESTING - stop at Authentication Confirm"); 379 if (auth->configurator) { 380 /* Prevent GAS response */ 381 auth->auth_success = 0; 382 } 383 return; 384 } 385 #endif /* CONFIG_TESTING_OPTIONS */ 386 387 if (!auth->configurator) 388 dpp_controller_start_gas_client(conn); 389 } 390 391 dpp_conn_tx_ready(int sock,void * eloop_ctx,void * sock_ctx)392 static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx) 393 { 394 struct dpp_connection *conn = eloop_ctx; 395 396 wpa_printf(MSG_DEBUG, "DPP: TCP socket %d ready for TX", sock); 397 dpp_tcp_send(conn); 398 } 399 400 dpp_ipaddr_to_sockaddr(struct sockaddr * addr,socklen_t * addrlen,const struct hostapd_ip_addr * ipaddr,int port)401 static int dpp_ipaddr_to_sockaddr(struct sockaddr *addr, socklen_t *addrlen, 402 const struct hostapd_ip_addr *ipaddr, 403 int port) 404 { 405 struct sockaddr_in *dst; 406 #ifdef CONFIG_IPV6 407 struct sockaddr_in6 *dst6; 408 #endif /* CONFIG_IPV6 */ 409 410 switch (ipaddr->af) { 411 case AF_INET: 412 dst = (struct sockaddr_in *) addr; 413 os_memset(dst, 0, sizeof(*dst)); 414 dst->sin_family = AF_INET; 415 dst->sin_addr.s_addr = ipaddr->u.v4.s_addr; 416 dst->sin_port = htons(port); 417 *addrlen = sizeof(*dst); 418 break; 419 #ifdef CONFIG_IPV6 420 case AF_INET6: 421 dst6 = (struct sockaddr_in6 *) addr; 422 os_memset(dst6, 0, sizeof(*dst6)); 423 dst6->sin6_family = AF_INET6; 424 os_memcpy(&dst6->sin6_addr, &ipaddr->u.v6, 425 sizeof(struct in6_addr)); 426 dst6->sin6_port = htons(port); 427 *addrlen = sizeof(*dst6); 428 break; 429 #endif /* CONFIG_IPV6 */ 430 default: 431 return -1; 432 } 433 434 return 0; 435 } 436 437 dpp_relay_conn_timeout(void * eloop_ctx,void * timeout_ctx)438 static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx) 439 { 440 struct dpp_connection *conn = eloop_ctx; 441 442 wpa_printf(MSG_DEBUG, 443 "DPP: Timeout while waiting for relayed connection to complete"); 444 dpp_connection_remove(conn); 445 } 446 447 448 static struct dpp_connection * dpp_relay_new_conn(struct dpp_relay_controller * ctrl,const u8 * src,unsigned int freq)449 dpp_relay_new_conn(struct dpp_relay_controller *ctrl, const u8 *src, 450 unsigned int freq) 451 { 452 struct dpp_connection *conn; 453 struct sockaddr_storage addr; 454 socklen_t addrlen; 455 char txt[100]; 456 457 if (dl_list_len(&ctrl->conn) >= 15) { 458 wpa_printf(MSG_DEBUG, 459 "DPP: Too many ongoing Relay connections to the Controller - cannot start a new one"); 460 return NULL; 461 } 462 463 if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &addr, &addrlen, 464 &ctrl->ipaddr, DPP_TCP_PORT) < 0) 465 return NULL; 466 467 conn = os_zalloc(sizeof(*conn)); 468 if (!conn) 469 return NULL; 470 471 conn->global = ctrl->global; 472 conn->relay = ctrl; 473 conn->msg_ctx = ctrl->msg_ctx; 474 conn->cb_ctx = ctrl->global->cb_ctx; 475 os_memcpy(conn->mac_addr, src, ETH_ALEN); 476 conn->freq = freq; 477 478 conn->sock = socket(AF_INET, SOCK_STREAM, 0); 479 if (conn->sock < 0) 480 goto fail; 481 wpa_printf(MSG_DEBUG, "DPP: TCP relay socket %d connection to %s", 482 conn->sock, hostapd_ip_txt(&ctrl->ipaddr, txt, sizeof(txt))); 483 484 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 485 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 486 strerror(errno)); 487 goto fail; 488 } 489 490 if (connect(conn->sock, (struct sockaddr *) &addr, addrlen) < 0) { 491 if (errno != EINPROGRESS) { 492 wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s", 493 strerror(errno)); 494 goto fail; 495 } 496 497 /* 498 * Continue connecting in the background; eloop will call us 499 * once the connection is ready (or failed). 500 */ 501 } 502 503 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 504 dpp_conn_tx_ready, conn, NULL) < 0) 505 goto fail; 506 conn->write_eloop = 1; 507 508 eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL); 509 eloop_register_timeout(20, 0, dpp_relay_conn_timeout, conn, NULL); 510 511 dl_list_add(&ctrl->conn, &conn->list); 512 return conn; 513 fail: 514 dpp_connection_free(conn); 515 return NULL; 516 } 517 518 dpp_tcp_encaps(const u8 * hdr,const u8 * buf,size_t len)519 static struct wpabuf * dpp_tcp_encaps(const u8 *hdr, const u8 *buf, size_t len) 520 { 521 struct wpabuf *msg; 522 523 msg = wpabuf_alloc(4 + 1 + DPP_HDR_LEN + len); 524 if (!msg) 525 return NULL; 526 wpabuf_put_be32(msg, 1 + DPP_HDR_LEN + len); 527 wpabuf_put_u8(msg, WLAN_PA_VENDOR_SPECIFIC); 528 wpabuf_put_data(msg, hdr, DPP_HDR_LEN); 529 wpabuf_put_data(msg, buf, len); 530 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); 531 return msg; 532 } 533 534 dpp_relay_tx(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)535 static int dpp_relay_tx(struct dpp_connection *conn, const u8 *hdr, 536 const u8 *buf, size_t len) 537 { 538 u8 type = hdr[DPP_HDR_LEN - 1]; 539 540 wpa_printf(MSG_DEBUG, 541 "DPP: Continue already established Relay/Controller connection for this session"); 542 wpabuf_free(conn->msg_out); 543 conn->msg_out_pos = 0; 544 conn->msg_out = dpp_tcp_encaps(hdr, buf, len); 545 if (!conn->msg_out) { 546 dpp_connection_remove(conn); 547 return -1; 548 } 549 550 /* TODO: for proto ver 1, need to do remove connection based on GAS Resp 551 * TX status */ 552 if (type == DPP_PA_CONFIGURATION_RESULT) 553 conn->on_tcp_tx_complete_remove = 1; 554 dpp_tcp_send(conn); 555 return 0; 556 } 557 558 559 static struct dpp_connection * dpp_relay_match_ctrl(struct dpp_relay_controller * ctrl,const u8 * src,unsigned int freq,u8 type)560 dpp_relay_match_ctrl(struct dpp_relay_controller *ctrl, const u8 *src, 561 unsigned int freq, u8 type) 562 { 563 struct dpp_connection *conn; 564 565 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) { 566 if (ether_addr_equal(src, conn->mac_addr)) 567 return conn; 568 if ((type == DPP_PA_PKEX_EXCHANGE_RESP || 569 type == DPP_PA_AUTHENTICATION_RESP) && 570 conn->freq == 0 && 571 is_broadcast_ether_addr(conn->mac_addr)) { 572 wpa_printf(MSG_DEBUG, 573 "DPP: Associate this peer to the new Controller initiated connection"); 574 os_memcpy(conn->mac_addr, src, ETH_ALEN); 575 conn->freq = freq; 576 return conn; 577 } 578 } 579 580 return NULL; 581 } 582 583 dpp_relay_rx_action(struct dpp_global * dpp,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq,const u8 * i_bootstrap,const u8 * r_bootstrap,void * cb_ctx)584 int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr, 585 const u8 *buf, size_t len, unsigned int freq, 586 const u8 *i_bootstrap, const u8 *r_bootstrap, 587 void *cb_ctx) 588 { 589 struct dpp_relay_controller *ctrl; 590 struct dpp_connection *conn; 591 u8 type = hdr[DPP_HDR_LEN - 1]; 592 593 /* Check if there is an already started session for this peer and if so, 594 * continue that session (send this over TCP) and return 0. 595 */ 596 if (type != DPP_PA_PEER_DISCOVERY_REQ && 597 type != DPP_PA_PEER_DISCOVERY_RESP && 598 type != DPP_PA_PRESENCE_ANNOUNCEMENT && 599 type != DPP_PA_RECONFIG_ANNOUNCEMENT) { 600 dl_list_for_each(ctrl, &dpp->controllers, 601 struct dpp_relay_controller, list) { 602 conn = dpp_relay_match_ctrl(ctrl, src, freq, type); 603 if (conn) 604 return dpp_relay_tx(conn, hdr, buf, len); 605 } 606 607 if (dpp->tmp_controller) { 608 conn = dpp_relay_match_ctrl(dpp->tmp_controller, src, 609 freq, type); 610 if (conn) 611 return dpp_relay_tx(conn, hdr, buf, len); 612 } 613 } 614 615 if (type == DPP_PA_PRESENCE_ANNOUNCEMENT || 616 type == DPP_PA_RECONFIG_ANNOUNCEMENT) { 617 /* TODO: Could send this to all configured Controllers. For now, 618 * only the first Controller is supported. */ 619 ctrl = dpp_relay_controller_get_ctx(dpp, cb_ctx); 620 } else if (type == DPP_PA_PKEX_EXCHANGE_REQ) { 621 ctrl = dpp_relay_controller_get_ctx(dpp, cb_ctx); 622 } else { 623 if (!r_bootstrap) 624 return -1; 625 ctrl = dpp_relay_controller_get(dpp, r_bootstrap); 626 } 627 if (!ctrl) 628 return -1; 629 630 if (type == DPP_PA_PRESENCE_ANNOUNCEMENT || 631 type == DPP_PA_RECONFIG_ANNOUNCEMENT) { 632 conn = dpp_relay_match_ctrl(ctrl, src, freq, type); 633 if (conn && 634 (!conn->auth || conn->auth->waiting_auth_resp)) { 635 wpa_printf(MSG_DEBUG, 636 "DPP: Use existing TCP connection to Controller since no Auth Resp seen on it yet"); 637 return dpp_relay_tx(conn, hdr, buf, len); 638 } 639 } 640 641 wpa_printf(MSG_DEBUG, 642 "DPP: Authentication Request for a configured Controller"); 643 conn = dpp_relay_new_conn(ctrl, src, freq); 644 if (!conn) 645 return -1; 646 647 conn->msg_out = dpp_tcp_encaps(hdr, buf, len); 648 if (!conn->msg_out) { 649 dpp_connection_remove(conn); 650 return -1; 651 } 652 /* Message will be sent in dpp_conn_tx_ready() */ 653 654 return 0; 655 } 656 657 658 static struct dpp_connection * dpp_relay_find_conn(struct dpp_relay_controller * ctrl,const u8 * src)659 dpp_relay_find_conn(struct dpp_relay_controller *ctrl, const u8 *src) 660 { 661 struct dpp_connection *conn; 662 663 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) { 664 if (ether_addr_equal(src, conn->mac_addr)) 665 return conn; 666 } 667 668 return NULL; 669 } 670 671 dpp_relay_rx_gas_req(struct dpp_global * dpp,const u8 * src,const u8 * data,size_t data_len)672 int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data, 673 size_t data_len) 674 { 675 struct dpp_relay_controller *ctrl; 676 struct dpp_connection *conn = NULL; 677 struct wpabuf *msg; 678 679 /* Check if there is a successfully completed authentication for this 680 * and if so, continue that session (send this over TCP) and return 0. 681 */ 682 dl_list_for_each(ctrl, &dpp->controllers, 683 struct dpp_relay_controller, list) { 684 conn = dpp_relay_find_conn(ctrl, src); 685 if (conn) 686 break; 687 } 688 689 if (!conn && dpp->tmp_controller) 690 conn = dpp_relay_find_conn(dpp->tmp_controller, src); 691 692 if (!conn) 693 return -1; 694 695 msg = wpabuf_alloc(4 + 1 + data_len); 696 if (!msg) 697 return -1; 698 wpabuf_put_be32(msg, 1 + data_len); 699 wpabuf_put_u8(msg, WLAN_PA_GAS_INITIAL_REQ); 700 wpabuf_put_data(msg, data, data_len); 701 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); 702 703 wpabuf_free(conn->msg_out); 704 conn->msg_out_pos = 0; 705 conn->msg_out = msg; 706 dpp_tcp_send(conn); 707 return 0; 708 } 709 710 dpp_relay_controller_available(struct dpp_global * dpp)711 bool dpp_relay_controller_available(struct dpp_global *dpp) 712 { 713 return dpp && dl_list_len(&dpp->controllers) > 0; 714 } 715 716 dpp_controller_free(struct dpp_controller * ctrl)717 static void dpp_controller_free(struct dpp_controller *ctrl) 718 { 719 struct dpp_connection *conn, *tmp; 720 721 if (!ctrl) 722 return; 723 724 dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection, 725 list) 726 dpp_connection_remove(conn); 727 728 if (ctrl->sock >= 0) { 729 close(ctrl->sock); 730 eloop_unregister_sock(ctrl->sock, EVENT_TYPE_READ); 731 } 732 os_free(ctrl->configurator_params); 733 os_free(ctrl->pkex_code); 734 os_free(ctrl->pkex_identifier); 735 os_free(ctrl); 736 } 737 738 dpp_controller_rx_auth_req(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)739 static int dpp_controller_rx_auth_req(struct dpp_connection *conn, 740 const u8 *hdr, const u8 *buf, size_t len) 741 { 742 const u8 *r_bootstrap, *i_bootstrap; 743 u16 r_bootstrap_len, i_bootstrap_len; 744 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL; 745 746 if (!conn->ctrl) 747 return 0; 748 749 wpa_printf(MSG_DEBUG, "DPP: Authentication Request"); 750 751 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 752 &r_bootstrap_len); 753 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { 754 wpa_printf(MSG_INFO, 755 "Missing or invalid required Responder Bootstrapping Key Hash attribute"); 756 return -1; 757 } 758 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 759 r_bootstrap, r_bootstrap_len); 760 761 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, 762 &i_bootstrap_len); 763 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) { 764 wpa_printf(MSG_INFO, 765 "Missing or invalid required Initiator Bootstrapping Key Hash attribute"); 766 return -1; 767 } 768 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash", 769 i_bootstrap, i_bootstrap_len); 770 771 /* Try to find own and peer bootstrapping key matches based on the 772 * received hash values */ 773 dpp_bootstrap_find_pair(conn->ctrl->global, i_bootstrap, r_bootstrap, 774 &own_bi, &peer_bi); 775 if (!own_bi) { 776 wpa_printf(MSG_INFO, 777 "No matching own bootstrapping key found - ignore message"); 778 return -1; 779 } 780 781 if (conn->auth) { 782 wpa_printf(MSG_INFO, 783 "Already in DPP authentication exchange - ignore new one"); 784 return 0; 785 } 786 787 conn->auth = dpp_auth_req_rx(conn->ctrl->global, conn->msg_ctx, 788 conn->ctrl->allowed_roles, 789 conn->ctrl->qr_mutual, 790 peer_bi, own_bi, -1, hdr, buf, len); 791 if (!conn->auth) { 792 wpa_printf(MSG_DEBUG, "DPP: No response generated"); 793 return -1; 794 } 795 796 if (dpp_set_configurator(conn->auth, 797 conn->ctrl->configurator_params) < 0) 798 return -1; 799 800 return dpp_tcp_send_msg(conn, conn->auth->resp_msg); 801 } 802 803 dpp_controller_rx_auth_resp(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)804 static int dpp_controller_rx_auth_resp(struct dpp_connection *conn, 805 const u8 *hdr, const u8 *buf, size_t len) 806 { 807 struct dpp_authentication *auth = conn->auth; 808 struct wpabuf *msg; 809 int res; 810 811 if (!auth) 812 return -1; 813 814 wpa_printf(MSG_DEBUG, "DPP: Authentication Response"); 815 816 msg = dpp_auth_resp_rx(auth, hdr, buf, len); 817 if (!msg) { 818 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) { 819 wpa_printf(MSG_DEBUG, 820 "DPP: Start wait for full response"); 821 return 0; 822 } 823 wpa_printf(MSG_DEBUG, "DPP: No confirm generated"); 824 return -1; 825 } 826 827 conn->on_tcp_tx_complete_auth_ok = 1; 828 res = dpp_tcp_send_msg(conn, msg); 829 wpabuf_free(msg); 830 return res; 831 } 832 833 dpp_controller_rx_auth_conf(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)834 static int dpp_controller_rx_auth_conf(struct dpp_connection *conn, 835 const u8 *hdr, const u8 *buf, size_t len) 836 { 837 struct dpp_authentication *auth = conn->auth; 838 839 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation"); 840 841 if (!auth) { 842 wpa_printf(MSG_DEBUG, 843 "DPP: No DPP Authentication in progress - drop"); 844 return -1; 845 } 846 847 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) { 848 wpa_printf(MSG_DEBUG, "DPP: Authentication failed"); 849 return -1; 850 } 851 852 dpp_controller_auth_success(conn, 0); 853 return 0; 854 } 855 856 dpp_controller_conn_status_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)857 void dpp_controller_conn_status_result_wait_timeout(void *eloop_ctx, 858 void *timeout_ctx) 859 { 860 struct dpp_connection *conn = eloop_ctx; 861 862 if (!conn->auth->waiting_conf_result) 863 return; 864 865 wpa_printf(MSG_DEBUG, 866 "DPP: Timeout while waiting for Connection Status Result"); 867 wpa_msg(conn->msg_ctx, MSG_INFO, 868 DPP_EVENT_CONN_STATUS_RESULT "timeout"); 869 dpp_connection_remove(conn); 870 } 871 872 dpp_controller_rx_conf_result(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)873 static int dpp_controller_rx_conf_result(struct dpp_connection *conn, 874 const u8 *hdr, const u8 *buf, 875 size_t len) 876 { 877 struct dpp_authentication *auth = conn->auth; 878 enum dpp_status_error status; 879 void *msg_ctx = conn->msg_ctx; 880 881 if (!conn->ctrl && (!auth || !auth->configurator)) 882 return 0; 883 884 wpa_printf(MSG_DEBUG, "DPP: Configuration Result"); 885 886 if (!auth || !auth->waiting_conf_result) { 887 wpa_printf(MSG_DEBUG, 888 "DPP: No DPP Configuration waiting for result - drop"); 889 return -1; 890 } 891 892 status = dpp_conf_result_rx(auth, hdr, buf, len); 893 if (status == DPP_STATUS_OK && auth->send_conn_status) { 894 wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT 895 "wait_conn_status=1 conf_resp_status=%d", 896 auth->conf_resp_status); 897 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result"); 898 auth->waiting_conn_status_result = 1; 899 eloop_cancel_timeout( 900 dpp_controller_conn_status_result_wait_timeout, 901 conn, NULL); 902 eloop_register_timeout( 903 16, 0, dpp_controller_conn_status_result_wait_timeout, 904 conn, NULL); 905 return 0; 906 } 907 if (status == DPP_STATUS_OK) 908 wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT 909 "conf_resp_status=%d", auth->conf_resp_status); 910 else 911 wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED); 912 return -1; /* to remove the completed connection */ 913 } 914 915 dpp_controller_rx_conn_status_result(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)916 static int dpp_controller_rx_conn_status_result(struct dpp_connection *conn, 917 const u8 *hdr, const u8 *buf, 918 size_t len) 919 { 920 struct dpp_authentication *auth = conn->auth; 921 enum dpp_status_error status; 922 u8 ssid[SSID_MAX_LEN]; 923 size_t ssid_len = 0; 924 char *channel_list = NULL; 925 926 if (!conn->ctrl) 927 return 0; 928 929 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result"); 930 931 if (!auth || !auth->waiting_conn_status_result) { 932 wpa_printf(MSG_DEBUG, 933 "DPP: No DPP Configuration waiting for connection status result - drop"); 934 return -1; 935 } 936 937 status = dpp_conn_status_result_rx(auth, hdr, buf, len, 938 ssid, &ssid_len, &channel_list); 939 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT 940 "result=%d ssid=%s channel_list=%s", 941 status, wpa_ssid_txt(ssid, ssid_len), 942 channel_list ? channel_list : "N/A"); 943 os_free(channel_list); 944 return -1; /* to remove the completed connection */ 945 } 946 947 dpp_controller_rx_presence_announcement(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)948 static int dpp_controller_rx_presence_announcement(struct dpp_connection *conn, 949 const u8 *hdr, const u8 *buf, 950 size_t len) 951 { 952 const u8 *r_bootstrap; 953 u16 r_bootstrap_len; 954 struct dpp_bootstrap_info *peer_bi; 955 struct dpp_authentication *auth; 956 struct dpp_global *dpp = conn->ctrl->global; 957 958 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement"); 959 960 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, 961 &r_bootstrap_len); 962 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { 963 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 964 "Missing or invalid required Responder Bootstrapping Key Hash attribute"); 965 return -1; 966 } 967 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash", 968 r_bootstrap, r_bootstrap_len); 969 peer_bi = dpp_bootstrap_find_chirp(dpp, r_bootstrap); 970 if (!peer_bi) { 971 wpa_printf(MSG_DEBUG, 972 "DPP: No matching bootstrapping information found"); 973 return -1; 974 } 975 976 if (conn->auth) { 977 wpa_printf(MSG_DEBUG, 978 "DPP: Ignore Presence Announcement during ongoing Authentication"); 979 return 0; 980 } 981 982 auth = dpp_auth_init(dpp, conn->msg_ctx, peer_bi, NULL, 983 DPP_CAPAB_CONFIGURATOR, -1, NULL, 0); 984 if (!auth) 985 return -1; 986 if (dpp_set_configurator(auth, conn->ctrl->configurator_params) < 0) { 987 dpp_auth_deinit(auth); 988 return -1; 989 } 990 991 conn->auth = auth; 992 return dpp_tcp_send_msg(conn, conn->auth->req_msg); 993 } 994 995 dpp_controller_rx_reconfig_announcement(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)996 static int dpp_controller_rx_reconfig_announcement(struct dpp_connection *conn, 997 const u8 *hdr, const u8 *buf, 998 size_t len) 999 { 1000 const u8 *csign_hash, *fcgroup, *a_nonce, *e_id; 1001 u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len; 1002 struct dpp_configurator *conf; 1003 struct dpp_global *dpp = conn->ctrl->global; 1004 struct dpp_authentication *auth; 1005 u16 group; 1006 1007 if (conn->auth) { 1008 wpa_printf(MSG_DEBUG, 1009 "DPP: Ignore Reconfig Announcement during ongoing Authentication"); 1010 return -1; 1011 } 1012 1013 wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement"); 1014 1015 csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH, 1016 &csign_hash_len); 1017 if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) { 1018 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 1019 "Missing or invalid required Configurator C-sign key Hash attribute"); 1020 return -1; 1021 } 1022 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)", 1023 csign_hash, csign_hash_len); 1024 conf = dpp_configurator_find_kid(dpp, csign_hash); 1025 if (!conf) { 1026 wpa_printf(MSG_DEBUG, 1027 "DPP: No matching Configurator information found"); 1028 return -1; 1029 } 1030 1031 fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP, 1032 &fcgroup_len); 1033 if (!fcgroup || fcgroup_len != 2) { 1034 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL 1035 "Missing or invalid required Finite Cyclic Group attribute"); 1036 return -1; 1037 } 1038 group = WPA_GET_LE16(fcgroup); 1039 wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group); 1040 1041 a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len); 1042 e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len); 1043 1044 auth = dpp_reconfig_init(dpp, conn->msg_ctx, conf, 0, group, 1045 a_nonce, a_nonce_len, e_id, e_id_len); 1046 if (!auth) 1047 return -1; 1048 if (dpp_set_configurator(auth, conn->ctrl->configurator_params) < 0) { 1049 dpp_auth_deinit(auth); 1050 return -1; 1051 } 1052 1053 conn->auth = auth; 1054 return dpp_tcp_send_msg(conn, auth->reconfig_req_msg); 1055 } 1056 1057 dpp_controller_rx_reconfig_auth_resp(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)1058 static int dpp_controller_rx_reconfig_auth_resp(struct dpp_connection *conn, 1059 const u8 *hdr, const u8 *buf, 1060 size_t len) 1061 { 1062 struct dpp_authentication *auth = conn->auth; 1063 struct wpabuf *conf; 1064 int res; 1065 1066 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response"); 1067 1068 if (!auth || !auth->reconfig || !auth->configurator) { 1069 wpa_printf(MSG_DEBUG, 1070 "DPP: No DPP Reconfig Authentication in progress - drop"); 1071 return -1; 1072 } 1073 1074 conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len); 1075 if (!conf) 1076 return -1; 1077 1078 res = dpp_tcp_send_msg(conn, conf); 1079 wpabuf_free(conf); 1080 return res; 1081 } 1082 1083 dpp_controller_rx_pkex_exchange_req(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)1084 static int dpp_controller_rx_pkex_exchange_req(struct dpp_connection *conn, 1085 const u8 *hdr, const u8 *buf, 1086 size_t len) 1087 { 1088 struct dpp_controller *ctrl = conn->ctrl; 1089 1090 if (!ctrl) 1091 return 0; 1092 1093 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request"); 1094 1095 /* TODO: Support multiple PKEX codes by iterating over all the enabled 1096 * values here */ 1097 1098 if (!ctrl->pkex_code || !ctrl->pkex_bi) { 1099 wpa_printf(MSG_DEBUG, 1100 "DPP: No PKEX code configured - ignore request"); 1101 return 0; 1102 } 1103 1104 if (conn->pkex || conn->auth) { 1105 wpa_printf(MSG_DEBUG, 1106 "DPP: Already in PKEX/Authentication session - ignore new PKEX request"); 1107 return 0; 1108 } 1109 1110 conn->pkex = dpp_pkex_rx_exchange_req(conn->msg_ctx, ctrl->pkex_bi, 1111 NULL, NULL, 1112 ctrl->pkex_identifier, 1113 ctrl->pkex_code, 1114 os_strlen(ctrl->pkex_code), 1115 buf, len, true); 1116 if (!conn->pkex) { 1117 wpa_printf(MSG_DEBUG, 1118 "DPP: Failed to process the request"); 1119 return -1; 1120 } 1121 1122 return dpp_tcp_send_msg(conn, conn->pkex->exchange_resp); 1123 } 1124 1125 dpp_controller_rx_pkex_exchange_resp(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)1126 static int dpp_controller_rx_pkex_exchange_resp(struct dpp_connection *conn, 1127 const u8 *hdr, const u8 *buf, 1128 size_t len) 1129 { 1130 struct dpp_pkex *pkex = conn->pkex; 1131 struct wpabuf *msg; 1132 int res; 1133 1134 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response"); 1135 1136 if (!pkex || !pkex->initiator || pkex->exchange_done) { 1137 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); 1138 return 0; 1139 } 1140 1141 msg = dpp_pkex_rx_exchange_resp(pkex, NULL, buf, len); 1142 if (!msg) { 1143 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response"); 1144 return -1; 1145 } 1146 1147 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request"); 1148 res = dpp_tcp_send_msg(conn, msg); 1149 wpabuf_free(msg); 1150 return res; 1151 } 1152 1153 dpp_controller_rx_pkex_commit_reveal_req(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)1154 static int dpp_controller_rx_pkex_commit_reveal_req(struct dpp_connection *conn, 1155 const u8 *hdr, 1156 const u8 *buf, size_t len) 1157 { 1158 struct dpp_pkex *pkex = conn->pkex; 1159 struct wpabuf *msg; 1160 int res; 1161 struct dpp_bootstrap_info *bi; 1162 1163 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request"); 1164 1165 if (!pkex || pkex->initiator || !pkex->exchange_done) { 1166 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); 1167 return 0; 1168 } 1169 1170 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len); 1171 if (!msg) { 1172 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request"); 1173 return -1; 1174 } 1175 1176 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response"); 1177 res = dpp_tcp_send_msg(conn, msg); 1178 wpabuf_free(msg); 1179 if (res < 0) 1180 return res; 1181 bi = dpp_pkex_finish(conn->global, pkex, NULL, 0); 1182 if (!bi) 1183 return -1; 1184 conn->pkex = NULL; 1185 return 0; 1186 } 1187 1188 1189 static int dpp_controller_rx_pkex_commit_reveal_resp(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)1190 dpp_controller_rx_pkex_commit_reveal_resp(struct dpp_connection *conn, 1191 const u8 *hdr, 1192 const u8 *buf, size_t len) 1193 { 1194 struct dpp_pkex *pkex = conn->pkex; 1195 int res; 1196 struct dpp_bootstrap_info *bi; 1197 1198 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response"); 1199 1200 if (!pkex || !pkex->initiator || !pkex->exchange_done) { 1201 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session"); 1202 return 0; 1203 } 1204 1205 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len); 1206 if (res < 0) { 1207 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response"); 1208 return res; 1209 } 1210 1211 bi = dpp_pkex_finish(conn->global, pkex, NULL, 0); 1212 if (!bi) 1213 return -1; 1214 conn->pkex = NULL; 1215 1216 if (!conn->pkex_done) 1217 return -1; 1218 return conn->pkex_done(conn->cb_ctx, conn, bi); 1219 } 1220 1221 dpp_controller_rx_action(struct dpp_connection * conn,const u8 * msg,size_t len)1222 static int dpp_controller_rx_action(struct dpp_connection *conn, const u8 *msg, 1223 size_t len) 1224 { 1225 const u8 *pos, *end; 1226 u8 type; 1227 1228 wpa_printf(MSG_DEBUG, "DPP: Received DPP Action frame over TCP"); 1229 pos = msg; 1230 end = msg + len; 1231 1232 if (end - pos < DPP_HDR_LEN || 1233 WPA_GET_BE24(pos) != OUI_WFA || 1234 pos[3] != DPP_OUI_TYPE) { 1235 wpa_printf(MSG_DEBUG, "DPP: Unrecognized header"); 1236 return -1; 1237 } 1238 1239 if (pos[4] != 1) { 1240 wpa_printf(MSG_DEBUG, "DPP: Unsupported Crypto Suite %u", 1241 pos[4]); 1242 return -1; 1243 } 1244 type = pos[5]; 1245 wpa_printf(MSG_DEBUG, "DPP: Received message type %u", type); 1246 pos += DPP_HDR_LEN; 1247 1248 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", 1249 pos, end - pos); 1250 if (dpp_check_attrs(pos, end - pos) < 0) 1251 return -1; 1252 1253 if (conn->relay) { 1254 wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN"); 1255 conn->relay->tx(conn->relay->cb_ctx, conn->mac_addr, 1256 conn->freq, msg, len); 1257 return 0; 1258 } 1259 1260 switch (type) { 1261 case DPP_PA_AUTHENTICATION_REQ: 1262 return dpp_controller_rx_auth_req(conn, msg, pos, end - pos); 1263 case DPP_PA_AUTHENTICATION_RESP: 1264 return dpp_controller_rx_auth_resp(conn, msg, pos, end - pos); 1265 case DPP_PA_AUTHENTICATION_CONF: 1266 return dpp_controller_rx_auth_conf(conn, msg, pos, end - pos); 1267 case DPP_PA_CONFIGURATION_RESULT: 1268 return dpp_controller_rx_conf_result(conn, msg, pos, end - pos); 1269 case DPP_PA_CONNECTION_STATUS_RESULT: 1270 return dpp_controller_rx_conn_status_result(conn, msg, pos, 1271 end - pos); 1272 case DPP_PA_PRESENCE_ANNOUNCEMENT: 1273 return dpp_controller_rx_presence_announcement(conn, msg, pos, 1274 end - pos); 1275 case DPP_PA_RECONFIG_ANNOUNCEMENT: 1276 return dpp_controller_rx_reconfig_announcement(conn, msg, pos, 1277 end - pos); 1278 case DPP_PA_RECONFIG_AUTH_RESP: 1279 return dpp_controller_rx_reconfig_auth_resp(conn, msg, pos, 1280 end - pos); 1281 case DPP_PA_PKEX_V1_EXCHANGE_REQ: 1282 wpa_printf(MSG_DEBUG, 1283 "DPP: Ignore PKEXv1 Exchange Request - not supported over TCP"); 1284 return -1; 1285 case DPP_PA_PKEX_EXCHANGE_REQ: 1286 return dpp_controller_rx_pkex_exchange_req(conn, msg, pos, 1287 end - pos); 1288 case DPP_PA_PKEX_EXCHANGE_RESP: 1289 return dpp_controller_rx_pkex_exchange_resp(conn, msg, pos, 1290 end - pos); 1291 case DPP_PA_PKEX_COMMIT_REVEAL_REQ: 1292 return dpp_controller_rx_pkex_commit_reveal_req(conn, msg, pos, 1293 end - pos); 1294 case DPP_PA_PKEX_COMMIT_REVEAL_RESP: 1295 return dpp_controller_rx_pkex_commit_reveal_resp(conn, msg, pos, 1296 end - pos); 1297 default: 1298 /* TODO: missing messages types */ 1299 wpa_printf(MSG_DEBUG, 1300 "DPP: Unsupported frame subtype %d", type); 1301 return -1; 1302 } 1303 } 1304 1305 dpp_tcp_send_comeback_delay(struct dpp_connection * conn,u8 action)1306 static int dpp_tcp_send_comeback_delay(struct dpp_connection *conn, u8 action) 1307 { 1308 struct wpabuf *buf; 1309 size_t len = 18; 1310 1311 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1312 len++; 1313 1314 buf = wpabuf_alloc(4 + len); 1315 if (!buf) 1316 return -1; 1317 1318 wpabuf_put_be32(buf, len); 1319 1320 wpabuf_put_u8(buf, action); 1321 wpabuf_put_u8(buf, conn->gas_dialog_token); 1322 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); 1323 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1324 wpabuf_put_u8(buf, 0); 1325 wpabuf_put_le16(buf, 500); /* GAS Comeback Delay */ 1326 1327 dpp_write_adv_proto(buf); 1328 wpabuf_put_le16(buf, 0); /* Query Response Length */ 1329 1330 /* Send Config Response over TCP */ 1331 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", buf); 1332 wpabuf_free(conn->msg_out); 1333 conn->msg_out_pos = 0; 1334 conn->msg_out = buf; 1335 dpp_tcp_send(conn); 1336 return 0; 1337 } 1338 1339 dpp_tcp_send_gas_resp(struct dpp_connection * conn,u8 action,struct wpabuf * resp)1340 static int dpp_tcp_send_gas_resp(struct dpp_connection *conn, u8 action, 1341 struct wpabuf *resp) 1342 { 1343 struct wpabuf *buf; 1344 size_t len; 1345 1346 if (!resp) 1347 return -1; 1348 1349 len = 18 + wpabuf_len(resp); 1350 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1351 len++; 1352 1353 buf = wpabuf_alloc(4 + len); 1354 if (!buf) { 1355 wpabuf_free(resp); 1356 return -1; 1357 } 1358 1359 wpabuf_put_be32(buf, len); 1360 1361 wpabuf_put_u8(buf, action); 1362 wpabuf_put_u8(buf, conn->gas_dialog_token); 1363 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); 1364 if (action == WLAN_PA_GAS_COMEBACK_RESP) 1365 wpabuf_put_u8(buf, 0); 1366 wpabuf_put_le16(buf, 0); /* GAS Comeback Delay */ 1367 1368 dpp_write_adv_proto(buf); 1369 dpp_write_gas_query(buf, resp); 1370 wpabuf_free(resp); 1371 1372 /* Send Config Response over TCP; GAS fragmentation is taken care of by 1373 * the Relay */ 1374 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", buf); 1375 wpabuf_free(conn->msg_out); 1376 conn->msg_out_pos = 0; 1377 conn->msg_out = buf; 1378 conn->on_tcp_tx_complete_gas_done = 1; 1379 dpp_tcp_send(conn); 1380 return 0; 1381 } 1382 1383 dpp_controller_rx_gas_req(struct dpp_connection * conn,const u8 * msg,size_t len)1384 static int dpp_controller_rx_gas_req(struct dpp_connection *conn, const u8 *msg, 1385 size_t len) 1386 { 1387 const u8 *pos, *end, *next; 1388 const u8 *adv_proto; 1389 u16 slen; 1390 struct wpabuf *resp; 1391 struct dpp_authentication *auth = conn->auth; 1392 1393 if (len < 1 + 2) 1394 return -1; 1395 1396 wpa_printf(MSG_DEBUG, 1397 "DPP: Received DPP Configuration Request over TCP"); 1398 1399 if (!auth || (!conn->ctrl && !auth->configurator) || 1400 (!auth->auth_success && !auth->reconfig_success)) { 1401 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 1402 return -1; 1403 } 1404 1405 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONF_REQ_RX); 1406 1407 pos = msg; 1408 end = msg + len; 1409 1410 conn->gas_dialog_token = *pos++; 1411 adv_proto = pos++; 1412 slen = *pos++; 1413 if (*adv_proto != WLAN_EID_ADV_PROTO || 1414 slen > end - pos || slen < 2) 1415 return -1; 1416 1417 next = pos + slen; 1418 pos++; /* skip QueryRespLenLimit and PAME-BI */ 1419 1420 if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC || 1421 pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA || 1422 pos[5] != DPP_OUI_TYPE || pos[6] != 0x01) 1423 return -1; 1424 1425 pos = next; 1426 /* Query Request */ 1427 if (end - pos < 2) 1428 return -1; 1429 slen = WPA_GET_LE16(pos); 1430 pos += 2; 1431 if (slen > end - pos) 1432 return -1; 1433 1434 resp = dpp_conf_req_rx(auth, pos, slen); 1435 if (!resp && auth->waiting_cert) { 1436 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready"); 1437 conn->gas_comeback_in_progress = 1; 1438 return dpp_tcp_send_comeback_delay(conn, 1439 WLAN_PA_GAS_INITIAL_RESP); 1440 } 1441 1442 if (!resp && auth->waiting_config && auth->peer_bi) { 1443 char *buf = NULL, *name = ""; 1444 char band[200], *b_pos, *b_end; 1445 int i, res, *opclass = auth->e_band_support; 1446 char *mud_url = "N/A"; 1447 1448 wpa_printf(MSG_DEBUG, "DPP: Configuration not yet ready"); 1449 if (auth->e_name) { 1450 size_t e_len = os_strlen(auth->e_name); 1451 1452 buf = os_malloc(e_len * 4 + 1); 1453 if (buf) { 1454 printf_encode(buf, len * 4 + 1, 1455 (const u8 *) auth->e_name, e_len); 1456 name = buf; 1457 } 1458 } 1459 band[0] = '\0'; 1460 b_pos = band; 1461 b_end = band + sizeof(band); 1462 for (i = 0; opclass && opclass[i]; i++) { 1463 res = os_snprintf(b_pos, b_end - b_pos, "%s%d", 1464 b_pos == band ? "" : ",", opclass[i]); 1465 if (os_snprintf_error(b_end - b_pos, res)) { 1466 *b_pos = '\0'; 1467 break; 1468 } 1469 b_pos += res; 1470 } 1471 if (auth->e_mud_url) { 1472 size_t e_len = os_strlen(auth->e_mud_url); 1473 1474 if (!has_ctrl_char((const u8 *) auth->e_mud_url, e_len)) 1475 mud_url = auth->e_mud_url; 1476 } 1477 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONF_NEEDED 1478 "peer=%d net_role=%s name=\"%s\" opclass=%s mud_url=%s", 1479 auth->peer_bi->id, dpp_netrole_str(auth->e_netrole), 1480 name, band, mud_url); 1481 os_free(buf); 1482 1483 conn->gas_comeback_in_progress = 1; 1484 return dpp_tcp_send_comeback_delay(conn, 1485 WLAN_PA_GAS_INITIAL_RESP); 1486 } 1487 1488 return dpp_tcp_send_gas_resp(conn, WLAN_PA_GAS_INITIAL_RESP, resp); 1489 } 1490 1491 dpp_controller_rx_gas_comeback_req(struct dpp_connection * conn,const u8 * msg,size_t len)1492 static int dpp_controller_rx_gas_comeback_req(struct dpp_connection *conn, 1493 const u8 *msg, size_t len) 1494 { 1495 u8 dialog_token; 1496 struct dpp_authentication *auth = conn->auth; 1497 struct wpabuf *resp; 1498 1499 if (len < 1) 1500 return -1; 1501 1502 wpa_printf(MSG_DEBUG, 1503 "DPP: Received DPP Configuration Request over TCP (comeback)"); 1504 1505 if (!auth || (!conn->ctrl && !auth->configurator) || 1506 (!auth->auth_success && !auth->reconfig_success) || 1507 !conn->gas_comeback_in_progress) { 1508 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 1509 return -1; 1510 } 1511 1512 dialog_token = msg[0]; 1513 if (dialog_token != conn->gas_dialog_token) { 1514 wpa_printf(MSG_DEBUG, "DPP: Dialog token mismatch (%u != %u)", 1515 dialog_token, conn->gas_dialog_token); 1516 return -1; 1517 } 1518 1519 if (!auth->conf_resp_tcp) { 1520 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready"); 1521 return dpp_tcp_send_comeback_delay(conn, 1522 WLAN_PA_GAS_COMEBACK_RESP); 1523 } 1524 1525 wpa_printf(MSG_DEBUG, 1526 "DPP: Configuration response is ready to be sent out"); 1527 resp = auth->conf_resp_tcp; 1528 auth->conf_resp_tcp = NULL; 1529 return dpp_tcp_send_gas_resp(conn, WLAN_PA_GAS_COMEBACK_RESP, resp); 1530 } 1531 1532 dpp_tcp_build_csr(void * eloop_ctx,void * timeout_ctx)1533 static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx) 1534 { 1535 struct dpp_connection *conn = eloop_ctx; 1536 struct dpp_authentication *auth = conn->auth; 1537 1538 if (!auth || !auth->csrattrs) 1539 return; 1540 1541 wpa_printf(MSG_DEBUG, "DPP: Build CSR"); 1542 wpabuf_free(auth->csr); 1543 /* TODO: Additional information needed for CSR based on csrAttrs */ 1544 auth->csr = dpp_build_csr(auth, conn->name ? conn->name : "Test"); 1545 if (!auth->csr) { 1546 dpp_connection_remove(conn); 1547 return; 1548 } 1549 1550 dpp_controller_start_gas_client(conn); 1551 } 1552 1553 1554 #ifdef CONFIG_DPP3 dpp_tcp_build_new_key(void * eloop_ctx,void * timeout_ctx)1555 static void dpp_tcp_build_new_key(void *eloop_ctx, void *timeout_ctx) 1556 { 1557 struct dpp_connection *conn = eloop_ctx; 1558 struct dpp_authentication *auth = conn->auth; 1559 1560 if (!auth || !auth->waiting_new_key) 1561 return; 1562 1563 wpa_printf(MSG_DEBUG, "DPP: Build config request with a new key"); 1564 dpp_controller_start_gas_client(conn); 1565 } 1566 #endif /* CONFIG_DPP3 */ 1567 1568 dpp_tcp_rx_gas_resp(struct dpp_connection * conn,struct wpabuf * resp)1569 static int dpp_tcp_rx_gas_resp(struct dpp_connection *conn, struct wpabuf *resp) 1570 { 1571 struct dpp_authentication *auth = conn->auth; 1572 int res; 1573 struct wpabuf *msg; 1574 enum dpp_status_error status; 1575 1576 wpa_printf(MSG_DEBUG, 1577 "DPP: Configuration Response for local stack from TCP"); 1578 1579 if (auth) 1580 res = dpp_conf_resp_rx(auth, resp); 1581 else 1582 res = -1; 1583 wpabuf_free(resp); 1584 if (res == -2) { 1585 wpa_printf(MSG_DEBUG, "DPP: CSR needed"); 1586 eloop_register_timeout(0, 0, dpp_tcp_build_csr, conn, NULL); 1587 return 0; 1588 } 1589 #ifdef CONFIG_DPP3 1590 if (res == -3) { 1591 wpa_printf(MSG_DEBUG, "DPP: New protocol key needed"); 1592 eloop_register_timeout(0, 0, dpp_tcp_build_new_key, conn, 1593 NULL); 1594 return 0; 1595 } 1596 #endif /* CONFIG_DPP3 */ 1597 if (res < 0) { 1598 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed"); 1599 return -1; 1600 } 1601 1602 if (conn->process_conf_obj) 1603 res = conn->process_conf_obj(conn->cb_ctx, auth); 1604 else 1605 res = 0; 1606 1607 if (auth->peer_version < 2 || auth->conf_resp_status != DPP_STATUS_OK) 1608 return -1; 1609 1610 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result"); 1611 status = res < 0 ? DPP_STATUS_CONFIG_REJECTED : DPP_STATUS_OK; 1612 msg = dpp_build_conf_result(auth, status); 1613 if (!msg) 1614 return -1; 1615 1616 conn->on_tcp_tx_complete_remove = 1; 1617 res = dpp_tcp_send_msg(conn, msg); 1618 wpabuf_free(msg); 1619 1620 /* This exchange will be terminated in the TX status handler */ 1621 1622 return res; 1623 } 1624 1625 dpp_tcp_gas_query_comeback(void * eloop_ctx,void * timeout_ctx)1626 static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx) 1627 { 1628 struct dpp_connection *conn = eloop_ctx; 1629 struct dpp_authentication *auth = conn->auth; 1630 struct wpabuf *msg; 1631 1632 if (!auth) 1633 return; 1634 1635 wpa_printf(MSG_DEBUG, "DPP: Send GAS Comeback Request"); 1636 msg = wpabuf_alloc(4 + 2); 1637 if (!msg) 1638 return; 1639 wpabuf_put_be32(msg, 2); 1640 wpabuf_put_u8(msg, WLAN_PA_GAS_COMEBACK_REQ); 1641 wpabuf_put_u8(msg, conn->gas_dialog_token); 1642 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg); 1643 1644 wpabuf_free(conn->msg_out); 1645 conn->msg_out_pos = 0; 1646 conn->msg_out = msg; 1647 dpp_tcp_send(conn); 1648 } 1649 1650 dpp_rx_gas_resp(struct dpp_connection * conn,const u8 * msg,size_t len,bool comeback)1651 static int dpp_rx_gas_resp(struct dpp_connection *conn, const u8 *msg, 1652 size_t len, bool comeback) 1653 { 1654 struct wpabuf *buf; 1655 u8 dialog_token; 1656 const u8 *pos, *end, *next, *adv_proto; 1657 u16 status, slen, comeback_delay; 1658 1659 if (len < (size_t) (5 + 2 + (comeback ? 1 : 0))) 1660 return -1; 1661 1662 wpa_printf(MSG_DEBUG, 1663 "DPP: Received DPP Configuration Response over TCP"); 1664 1665 pos = msg; 1666 end = msg + len; 1667 1668 dialog_token = *pos++; 1669 status = WPA_GET_LE16(pos); 1670 if (status != WLAN_STATUS_SUCCESS) { 1671 wpa_printf(MSG_DEBUG, "DPP: Unexpected Status Code %u", status); 1672 return -1; 1673 } 1674 pos += 2; 1675 if (comeback) 1676 pos++; /* ignore Fragment ID */ 1677 comeback_delay = WPA_GET_LE16(pos); 1678 pos += 2; 1679 1680 adv_proto = pos++; 1681 slen = *pos++; 1682 if (*adv_proto != WLAN_EID_ADV_PROTO || 1683 slen > end - pos || slen < 2) 1684 return -1; 1685 1686 next = pos + slen; 1687 pos++; /* skip QueryRespLenLimit and PAME-BI */ 1688 1689 if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC || 1690 pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA || 1691 pos[5] != DPP_OUI_TYPE || pos[6] != 0x01) 1692 return -1; 1693 1694 pos = next; 1695 /* Query Response */ 1696 if (end - pos < 2) 1697 return -1; 1698 slen = WPA_GET_LE16(pos); 1699 pos += 2; 1700 if (slen > end - pos) 1701 return -1; 1702 1703 if (comeback_delay) { 1704 unsigned int secs, usecs; 1705 1706 conn->gas_dialog_token = dialog_token; 1707 secs = (comeback_delay * 1024) / 1000000; 1708 usecs = comeback_delay * 1024 - secs * 1000000; 1709 wpa_printf(MSG_DEBUG, "DPP: Comeback delay: %u", 1710 comeback_delay); 1711 eloop_cancel_timeout(dpp_tcp_gas_query_comeback, conn, NULL); 1712 eloop_register_timeout(secs, usecs, dpp_tcp_gas_query_comeback, 1713 conn, NULL); 1714 return 0; 1715 } 1716 1717 buf = wpabuf_alloc(slen); 1718 if (!buf) 1719 return -1; 1720 wpabuf_put_data(buf, pos, slen); 1721 1722 if (!conn->relay && 1723 (!conn->ctrl || (conn->ctrl->allowed_roles & DPP_CAPAB_ENROLLEE))) 1724 return dpp_tcp_rx_gas_resp(conn, buf); 1725 1726 if (!conn->relay) { 1727 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); 1728 wpabuf_free(buf); 1729 return -1; 1730 } 1731 wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN"); 1732 conn->relay->gas_resp_tx(conn->relay->cb_ctx, conn->mac_addr, 1733 dialog_token, 0, buf); 1734 1735 return 0; 1736 } 1737 1738 dpp_controller_rx(int sd,void * eloop_ctx,void * sock_ctx)1739 static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx) 1740 { 1741 struct dpp_connection *conn = eloop_ctx; 1742 int res; 1743 const u8 *pos; 1744 1745 wpa_printf(MSG_DEBUG, "DPP: TCP data available for reading (sock %d)", 1746 sd); 1747 1748 if (conn->msg_len_octets < 4) { 1749 u32 msglen; 1750 1751 res = recv(sd, &conn->msg_len[conn->msg_len_octets], 1752 4 - conn->msg_len_octets, 0); 1753 if (res < 0) { 1754 wpa_printf(MSG_DEBUG, "DPP: recv failed: %s", 1755 strerror(errno)); 1756 dpp_connection_remove(conn); 1757 return; 1758 } 1759 if (res == 0) { 1760 wpa_printf(MSG_DEBUG, 1761 "DPP: No more data available over TCP"); 1762 dpp_connection_remove(conn); 1763 return; 1764 } 1765 wpa_printf(MSG_DEBUG, 1766 "DPP: Received %d/%d octet(s) of message length field", 1767 res, (int) (4 - conn->msg_len_octets)); 1768 conn->msg_len_octets += res; 1769 1770 if (conn->msg_len_octets < 4) { 1771 wpa_printf(MSG_DEBUG, 1772 "DPP: Need %d more octets of message length field", 1773 (int) (4 - conn->msg_len_octets)); 1774 return; 1775 } 1776 1777 msglen = WPA_GET_BE32(conn->msg_len); 1778 wpa_printf(MSG_DEBUG, "DPP: Message length: %u", msglen); 1779 if (msglen > 65535) { 1780 wpa_printf(MSG_INFO, "DPP: Unexpectedly long message"); 1781 dpp_connection_remove(conn); 1782 return; 1783 } 1784 1785 wpabuf_free(conn->msg); 1786 conn->msg = wpabuf_alloc(msglen); 1787 } 1788 1789 if (!conn->msg) { 1790 wpa_printf(MSG_DEBUG, 1791 "DPP: No buffer available for receiving the message"); 1792 dpp_connection_remove(conn); 1793 return; 1794 } 1795 1796 wpa_printf(MSG_DEBUG, "DPP: Need %u more octets of message payload", 1797 (unsigned int) wpabuf_tailroom(conn->msg)); 1798 1799 res = recv(sd, wpabuf_put(conn->msg, 0), wpabuf_tailroom(conn->msg), 0); 1800 if (res < 0) { 1801 wpa_printf(MSG_DEBUG, "DPP: recv failed: %s", strerror(errno)); 1802 dpp_connection_remove(conn); 1803 return; 1804 } 1805 if (res == 0) { 1806 wpa_printf(MSG_DEBUG, "DPP: No more data available over TCP"); 1807 dpp_connection_remove(conn); 1808 return; 1809 } 1810 wpa_printf(MSG_DEBUG, "DPP: Received %d octets", res); 1811 wpabuf_put(conn->msg, res); 1812 1813 if (wpabuf_tailroom(conn->msg) > 0) { 1814 wpa_printf(MSG_DEBUG, 1815 "DPP: Need %u more octets of message payload", 1816 (unsigned int) wpabuf_tailroom(conn->msg)); 1817 return; 1818 } 1819 1820 conn->msg_len_octets = 0; 1821 wpa_hexdump_buf(MSG_DEBUG, "DPP: Received TCP message", conn->msg); 1822 if (wpabuf_len(conn->msg) < 1) { 1823 dpp_connection_remove(conn); 1824 return; 1825 } 1826 1827 pos = wpabuf_head(conn->msg); 1828 switch (*pos) { 1829 case WLAN_PA_VENDOR_SPECIFIC: 1830 if (dpp_controller_rx_action(conn, pos + 1, 1831 wpabuf_len(conn->msg) - 1) < 0) 1832 dpp_connection_remove(conn); 1833 break; 1834 case WLAN_PA_GAS_INITIAL_REQ: 1835 if (dpp_controller_rx_gas_req(conn, pos + 1, 1836 wpabuf_len(conn->msg) - 1) < 0) 1837 dpp_connection_remove(conn); 1838 break; 1839 case WLAN_PA_GAS_INITIAL_RESP: 1840 case WLAN_PA_GAS_COMEBACK_RESP: 1841 if (dpp_rx_gas_resp(conn, pos + 1, 1842 wpabuf_len(conn->msg) - 1, 1843 *pos == WLAN_PA_GAS_COMEBACK_RESP) < 0) 1844 dpp_connection_remove(conn); 1845 break; 1846 case WLAN_PA_GAS_COMEBACK_REQ: 1847 if (dpp_controller_rx_gas_comeback_req( 1848 conn, pos + 1, wpabuf_len(conn->msg) - 1) < 0) 1849 dpp_connection_remove(conn); 1850 break; 1851 default: 1852 wpa_printf(MSG_DEBUG, "DPP: Ignore unsupported message type %u", 1853 *pos); 1854 break; 1855 } 1856 } 1857 1858 dpp_controller_tcp_cb(int sd,void * eloop_ctx,void * sock_ctx)1859 static void dpp_controller_tcp_cb(int sd, void *eloop_ctx, void *sock_ctx) 1860 { 1861 struct dpp_controller *ctrl = eloop_ctx; 1862 struct sockaddr_in addr; 1863 socklen_t addr_len = sizeof(addr); 1864 int fd; 1865 struct dpp_connection *conn; 1866 1867 wpa_printf(MSG_DEBUG, "DPP: New TCP connection"); 1868 1869 fd = accept(ctrl->sock, (struct sockaddr *) &addr, &addr_len); 1870 if (fd < 0) { 1871 wpa_printf(MSG_DEBUG, 1872 "DPP: Failed to accept new connection: %s", 1873 strerror(errno)); 1874 return; 1875 } 1876 wpa_printf(MSG_DEBUG, "DPP: Connection from %s:%d", 1877 inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); 1878 1879 conn = os_zalloc(sizeof(*conn)); 1880 if (!conn) 1881 goto fail; 1882 1883 conn->global = ctrl->global; 1884 conn->ctrl = ctrl; 1885 conn->msg_ctx = ctrl->msg_ctx; 1886 conn->cb_ctx = ctrl->cb_ctx; 1887 conn->process_conf_obj = ctrl->process_conf_obj; 1888 conn->tcp_msg_sent = ctrl->tcp_msg_sent; 1889 conn->sock = fd; 1890 conn->netrole = ctrl->netrole; 1891 1892 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 1893 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 1894 strerror(errno)); 1895 goto fail; 1896 } 1897 1898 if (eloop_register_sock(conn->sock, EVENT_TYPE_READ, 1899 dpp_controller_rx, conn, NULL) < 0) 1900 goto fail; 1901 conn->read_eloop = 1; 1902 1903 /* TODO: eloop timeout to expire connections that do not complete in 1904 * reasonable time */ 1905 dl_list_add(&ctrl->conn, &conn->list); 1906 return; 1907 1908 fail: 1909 close(fd); 1910 os_free(conn); 1911 } 1912 1913 dpp_tcp_pkex_init(struct dpp_global * dpp,struct dpp_pkex * pkex,const struct hostapd_ip_addr * addr,int port,void * msg_ctx,void * cb_ctx,int (* pkex_done)(void * ctx,void * conn,struct dpp_bootstrap_info * bi))1914 int dpp_tcp_pkex_init(struct dpp_global *dpp, struct dpp_pkex *pkex, 1915 const struct hostapd_ip_addr *addr, int port, 1916 void *msg_ctx, void *cb_ctx, 1917 int (*pkex_done)(void *ctx, void *conn, 1918 struct dpp_bootstrap_info *bi)) 1919 { 1920 struct dpp_connection *conn; 1921 struct sockaddr_storage saddr; 1922 socklen_t addrlen; 1923 const u8 *hdr, *pos, *end; 1924 char txt[100]; 1925 1926 wpa_printf(MSG_DEBUG, "DPP: Initialize TCP connection to %s port %d", 1927 hostapd_ip_txt(addr, txt, sizeof(txt)), port); 1928 if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &saddr, &addrlen, 1929 addr, port) < 0) { 1930 dpp_pkex_free(pkex); 1931 return -1; 1932 } 1933 1934 conn = os_zalloc(sizeof(*conn)); 1935 if (!conn) { 1936 dpp_pkex_free(pkex); 1937 return -1; 1938 } 1939 1940 conn->msg_ctx = msg_ctx; 1941 conn->cb_ctx = cb_ctx; 1942 conn->pkex_done = pkex_done; 1943 conn->global = dpp; 1944 conn->pkex = pkex; 1945 conn->sock = socket(AF_INET, SOCK_STREAM, 0); 1946 if (conn->sock < 0) 1947 goto fail; 1948 1949 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 1950 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 1951 strerror(errno)); 1952 goto fail; 1953 } 1954 1955 if (connect(conn->sock, (struct sockaddr *) &saddr, addrlen) < 0) { 1956 if (errno != EINPROGRESS) { 1957 wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s", 1958 strerror(errno)); 1959 goto fail; 1960 } 1961 1962 /* 1963 * Continue connecting in the background; eloop will call us 1964 * once the connection is ready (or failed). 1965 */ 1966 } 1967 1968 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 1969 dpp_conn_tx_ready, conn, NULL) < 0) 1970 goto fail; 1971 conn->write_eloop = 1; 1972 1973 hdr = wpabuf_head(pkex->exchange_req); 1974 end = hdr + wpabuf_len(pkex->exchange_req); 1975 hdr += 2; /* skip Category and Actiom */ 1976 pos = hdr + DPP_HDR_LEN; 1977 conn->msg_out = dpp_tcp_encaps(hdr, pos, end - pos); 1978 if (!conn->msg_out) 1979 goto fail; 1980 /* Message will be sent in dpp_conn_tx_ready() */ 1981 1982 /* TODO: eloop timeout to clear a connection if it does not complete 1983 * properly */ 1984 dl_list_add(&dpp->tcp_init, &conn->list); 1985 return 0; 1986 fail: 1987 dpp_connection_free(conn); 1988 return -1; 1989 } 1990 1991 dpp_tcp_auth_start(struct dpp_connection * conn,struct dpp_authentication * auth)1992 static int dpp_tcp_auth_start(struct dpp_connection *conn, 1993 struct dpp_authentication *auth) 1994 { 1995 const u8 *hdr, *pos, *end; 1996 1997 hdr = wpabuf_head(auth->req_msg); 1998 end = hdr + wpabuf_len(auth->req_msg); 1999 hdr += 2; /* skip Category and Actiom */ 2000 pos = hdr + DPP_HDR_LEN; 2001 conn->msg_out = dpp_tcp_encaps(hdr, pos, end - pos); 2002 if (!conn->msg_out) 2003 return -1; 2004 /* Message will be sent in dpp_conn_tx_ready() */ 2005 return 0; 2006 } 2007 2008 dpp_tcp_init(struct dpp_global * dpp,struct dpp_authentication * auth,const struct hostapd_ip_addr * addr,int port,const char * name,enum dpp_netrole netrole,const char * mud_url,const char * extra_conf_req_name,const char * extra_conf_req_value,void * msg_ctx,void * cb_ctx,int (* process_conf_obj)(void * ctx,struct dpp_authentication * auth),bool (* tcp_msg_sent)(void * ctx,struct dpp_authentication * auth))2009 int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth, 2010 const struct hostapd_ip_addr *addr, int port, const char *name, 2011 enum dpp_netrole netrole, const char *mud_url, 2012 const char *extra_conf_req_name, 2013 const char *extra_conf_req_value, 2014 void *msg_ctx, void *cb_ctx, 2015 int (*process_conf_obj)(void *ctx, 2016 struct dpp_authentication *auth), 2017 bool (*tcp_msg_sent)(void *ctx, 2018 struct dpp_authentication *auth)) 2019 { 2020 struct dpp_connection *conn; 2021 struct sockaddr_storage saddr; 2022 socklen_t addrlen; 2023 char txt[100]; 2024 2025 wpa_printf(MSG_DEBUG, "DPP: Initialize TCP connection to %s port %d", 2026 hostapd_ip_txt(addr, txt, sizeof(txt)), port); 2027 if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &saddr, &addrlen, 2028 addr, port) < 0) { 2029 dpp_auth_deinit(auth); 2030 return -1; 2031 } 2032 2033 conn = os_zalloc(sizeof(*conn)); 2034 if (!conn) { 2035 dpp_auth_deinit(auth); 2036 return -1; 2037 } 2038 2039 conn->msg_ctx = msg_ctx; 2040 conn->cb_ctx = cb_ctx; 2041 conn->process_conf_obj = process_conf_obj; 2042 conn->tcp_msg_sent = tcp_msg_sent; 2043 conn->name = os_strdup(name ? name : "Test"); 2044 if (mud_url) 2045 conn->mud_url = os_strdup(mud_url); 2046 if (extra_conf_req_name) 2047 conn->extra_conf_req_name = os_strdup(extra_conf_req_name); 2048 if (extra_conf_req_value) 2049 conn->extra_conf_req_value = os_strdup(extra_conf_req_value); 2050 conn->netrole = netrole; 2051 conn->global = dpp; 2052 conn->auth = auth; 2053 conn->sock = socket(AF_INET, SOCK_STREAM, 0); 2054 if (conn->sock < 0) 2055 goto fail; 2056 2057 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 2058 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 2059 strerror(errno)); 2060 goto fail; 2061 } 2062 2063 if (connect(conn->sock, (struct sockaddr *) &saddr, addrlen) < 0) { 2064 if (errno != EINPROGRESS) { 2065 wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s", 2066 strerror(errno)); 2067 goto fail; 2068 } 2069 2070 /* 2071 * Continue connecting in the background; eloop will call us 2072 * once the connection is ready (or failed). 2073 */ 2074 } 2075 2076 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE, 2077 dpp_conn_tx_ready, conn, NULL) < 0) 2078 goto fail; 2079 conn->write_eloop = 1; 2080 2081 if (dpp_tcp_auth_start(conn, auth) < 0) 2082 goto fail; 2083 2084 /* TODO: eloop timeout to clear a connection if it does not complete 2085 * properly */ 2086 dl_list_add(&dpp->tcp_init, &conn->list); 2087 return 0; 2088 fail: 2089 dpp_connection_free(conn); 2090 return -1; 2091 } 2092 2093 dpp_tcp_auth(struct dpp_global * dpp,void * _conn,struct dpp_authentication * auth,const char * name,enum dpp_netrole netrole,const char * mud_url,const char * extra_conf_req_name,const char * extra_conf_req_value,int (* process_conf_obj)(void * ctx,struct dpp_authentication * auth),bool (* tcp_msg_sent)(void * ctx,struct dpp_authentication * auth))2094 int dpp_tcp_auth(struct dpp_global *dpp, void *_conn, 2095 struct dpp_authentication *auth, const char *name, 2096 enum dpp_netrole netrole, const char *mud_url, 2097 const char *extra_conf_req_name, 2098 const char *extra_conf_req_value, 2099 int (*process_conf_obj)(void *ctx, 2100 struct dpp_authentication *auth), 2101 bool (*tcp_msg_sent)(void *ctx, 2102 struct dpp_authentication *auth)) 2103 { 2104 struct dpp_connection *conn = _conn; 2105 2106 /* Continue with Authentication exchange on an existing TCP connection. 2107 */ 2108 conn->process_conf_obj = process_conf_obj; 2109 conn->tcp_msg_sent = tcp_msg_sent; 2110 os_free(conn->name); 2111 conn->name = os_strdup(name ? name : "Test"); 2112 os_free(conn->mud_url); 2113 conn->mud_url = mud_url ? os_strdup(mud_url) : NULL; 2114 os_free(conn->extra_conf_req_name); 2115 conn->extra_conf_req_name = extra_conf_req_name ? 2116 os_strdup(extra_conf_req_name) : NULL; 2117 conn->extra_conf_req_value = extra_conf_req_value ? 2118 os_strdup(extra_conf_req_value) : NULL; 2119 conn->netrole = netrole; 2120 conn->auth = auth; 2121 2122 if (dpp_tcp_auth_start(conn, auth) < 0) 2123 return -1; 2124 2125 dpp_conn_tx_ready(conn->sock, conn, NULL); 2126 return 0; 2127 } 2128 2129 dpp_controller_start(struct dpp_global * dpp,struct dpp_controller_config * config)2130 int dpp_controller_start(struct dpp_global *dpp, 2131 struct dpp_controller_config *config) 2132 { 2133 struct dpp_controller *ctrl; 2134 int on = 1; 2135 struct sockaddr_in sin; 2136 int port; 2137 2138 if (!dpp || dpp->controller) 2139 return -1; 2140 2141 ctrl = os_zalloc(sizeof(*ctrl)); 2142 if (!ctrl) 2143 return -1; 2144 ctrl->global = dpp; 2145 if (config->configurator_params) 2146 ctrl->configurator_params = 2147 os_strdup(config->configurator_params); 2148 dl_list_init(&ctrl->conn); 2149 ctrl->allowed_roles = config->allowed_roles; 2150 ctrl->qr_mutual = config->qr_mutual; 2151 ctrl->netrole = config->netrole; 2152 ctrl->msg_ctx = config->msg_ctx; 2153 ctrl->cb_ctx = config->cb_ctx; 2154 ctrl->process_conf_obj = config->process_conf_obj; 2155 ctrl->tcp_msg_sent = config->tcp_msg_sent; 2156 2157 ctrl->sock = socket(AF_INET, SOCK_STREAM, 0); 2158 if (ctrl->sock < 0) 2159 goto fail; 2160 2161 if (setsockopt(ctrl->sock, SOL_SOCKET, SO_REUSEADDR, 2162 &on, sizeof(on)) < 0) { 2163 wpa_printf(MSG_DEBUG, 2164 "DPP: setsockopt(SO_REUSEADDR) failed: %s", 2165 strerror(errno)); 2166 /* try to continue anyway */ 2167 } 2168 2169 if (fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0) { 2170 wpa_printf(MSG_INFO, "DPP: fnctl(O_NONBLOCK) failed: %s", 2171 strerror(errno)); 2172 goto fail; 2173 } 2174 2175 /* TODO: IPv6 */ 2176 os_memset(&sin, 0, sizeof(sin)); 2177 sin.sin_family = AF_INET; 2178 sin.sin_addr.s_addr = INADDR_ANY; 2179 port = config->tcp_port ? config->tcp_port : DPP_TCP_PORT; 2180 sin.sin_port = htons(port); 2181 if (bind(ctrl->sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) { 2182 wpa_printf(MSG_INFO, 2183 "DPP: Failed to bind Controller TCP port: %s", 2184 strerror(errno)); 2185 goto fail; 2186 } 2187 if (listen(ctrl->sock, 10 /* max backlog */) < 0 || 2188 fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0 || 2189 eloop_register_sock(ctrl->sock, EVENT_TYPE_READ, 2190 dpp_controller_tcp_cb, ctrl, NULL)) 2191 goto fail; 2192 2193 dpp->controller = ctrl; 2194 wpa_printf(MSG_DEBUG, "DPP: Controller started on TCP port %d", port); 2195 return 0; 2196 fail: 2197 dpp_controller_free(ctrl); 2198 return -1; 2199 } 2200 2201 dpp_controller_set_params(struct dpp_global * dpp,const char * configurator_params)2202 int dpp_controller_set_params(struct dpp_global *dpp, 2203 const char *configurator_params) 2204 { 2205 2206 if (!dpp || !dpp->controller) 2207 return -1; 2208 2209 if (configurator_params) { 2210 char *val = os_strdup(configurator_params); 2211 2212 if (!val) 2213 return -1; 2214 os_free(dpp->controller->configurator_params); 2215 dpp->controller->configurator_params = val; 2216 } else { 2217 os_free(dpp->controller->configurator_params); 2218 dpp->controller->configurator_params = NULL; 2219 } 2220 2221 return 0; 2222 } 2223 2224 dpp_controller_stop(struct dpp_global * dpp)2225 void dpp_controller_stop(struct dpp_global *dpp) 2226 { 2227 if (dpp) { 2228 dpp_controller_free(dpp->controller); 2229 dpp->controller = NULL; 2230 } 2231 } 2232 2233 dpp_controller_stop_for_ctx(struct dpp_global * dpp,void * cb_ctx)2234 void dpp_controller_stop_for_ctx(struct dpp_global *dpp, void *cb_ctx) 2235 { 2236 if (dpp && dpp->controller && dpp->controller->cb_ctx == cb_ctx) 2237 dpp_controller_stop(dpp); 2238 } 2239 2240 dpp_tcp_peer_id_match(struct dpp_authentication * auth,unsigned int id)2241 static bool dpp_tcp_peer_id_match(struct dpp_authentication *auth, 2242 unsigned int id) 2243 { 2244 return auth && 2245 ((auth->peer_bi && auth->peer_bi->id == id) || 2246 (auth->tmp_peer_bi && auth->tmp_peer_bi->id == id)); 2247 } 2248 2249 dpp_tcp_get_auth(struct dpp_global * dpp,unsigned int id)2250 static struct dpp_authentication * dpp_tcp_get_auth(struct dpp_global *dpp, 2251 unsigned int id) 2252 { 2253 struct dpp_connection *conn; 2254 2255 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) { 2256 if (dpp_tcp_peer_id_match(conn->auth, id)) 2257 return conn->auth; 2258 } 2259 2260 return NULL; 2261 } 2262 2263 dpp_controller_get_auth(struct dpp_global * dpp,unsigned int id)2264 struct dpp_authentication * dpp_controller_get_auth(struct dpp_global *dpp, 2265 unsigned int id) 2266 { 2267 struct dpp_controller *ctrl = dpp->controller; 2268 struct dpp_connection *conn; 2269 2270 if (!ctrl) 2271 return dpp_tcp_get_auth(dpp, id); 2272 2273 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) { 2274 if (dpp_tcp_peer_id_match(conn->auth, id)) 2275 return conn->auth; 2276 } 2277 2278 return dpp_tcp_get_auth(dpp, id); 2279 } 2280 2281 dpp_controller_new_qr_code(struct dpp_global * dpp,struct dpp_bootstrap_info * bi)2282 void dpp_controller_new_qr_code(struct dpp_global *dpp, 2283 struct dpp_bootstrap_info *bi) 2284 { 2285 struct dpp_controller *ctrl = dpp->controller; 2286 struct dpp_connection *conn; 2287 2288 if (!ctrl) 2289 return; 2290 2291 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) { 2292 struct dpp_authentication *auth = conn->auth; 2293 2294 if (!auth->response_pending || 2295 dpp_notify_new_qr_code(auth, bi) != 1) 2296 continue; 2297 wpa_printf(MSG_DEBUG, 2298 "DPP: Sending out pending authentication response"); 2299 dpp_tcp_send_msg(conn, conn->auth->resp_msg); 2300 } 2301 } 2302 2303 dpp_controller_pkex_add(struct dpp_global * dpp,struct dpp_bootstrap_info * bi,const char * code,const char * identifier)2304 void dpp_controller_pkex_add(struct dpp_global *dpp, 2305 struct dpp_bootstrap_info *bi, 2306 const char *code, const char *identifier) 2307 { 2308 struct dpp_controller *ctrl = dpp->controller; 2309 2310 if (!ctrl) 2311 return; 2312 2313 ctrl->pkex_bi = bi; 2314 os_free(ctrl->pkex_code); 2315 ctrl->pkex_code = code ? os_strdup(code) : NULL; 2316 os_free(ctrl->pkex_identifier); 2317 ctrl->pkex_identifier = identifier ? os_strdup(identifier) : NULL; 2318 } 2319 2320 dpp_controller_is_own_pkex_req(struct dpp_global * dpp,const u8 * buf,size_t len)2321 bool dpp_controller_is_own_pkex_req(struct dpp_global *dpp, 2322 const u8 *buf, size_t len) 2323 { 2324 struct dpp_connection *conn; 2325 const u8 *attr_key = NULL; 2326 u16 attr_key_len = 0; 2327 2328 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) { 2329 if (!conn->pkex || !conn->pkex->enc_key) 2330 continue; 2331 2332 if (!attr_key) { 2333 attr_key = dpp_get_attr(buf, len, 2334 DPP_ATTR_ENCRYPTED_KEY, 2335 &attr_key_len); 2336 if (!attr_key) 2337 return false; 2338 } 2339 2340 if (attr_key_len == wpabuf_len(conn->pkex->enc_key) && 2341 os_memcmp(attr_key, wpabuf_head(conn->pkex->enc_key), 2342 attr_key_len) == 0) 2343 return true; 2344 } 2345 2346 return false; 2347 } 2348 2349 dpp_tcp_init_flush(struct dpp_global * dpp)2350 void dpp_tcp_init_flush(struct dpp_global *dpp) 2351 { 2352 struct dpp_connection *conn, *tmp; 2353 2354 dl_list_for_each_safe(conn, tmp, &dpp->tcp_init, struct dpp_connection, 2355 list) 2356 dpp_connection_remove(conn); 2357 } 2358 2359 dpp_relay_controller_free(struct dpp_relay_controller * ctrl)2360 static void dpp_relay_controller_free(struct dpp_relay_controller *ctrl) 2361 { 2362 struct dpp_connection *conn, *tmp; 2363 char txt[100]; 2364 2365 wpa_printf(MSG_DEBUG, "DPP: Remove Relay connection to Controller %s", 2366 hostapd_ip_txt(&ctrl->ipaddr, txt, sizeof(txt))); 2367 2368 dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection, 2369 list) 2370 dpp_connection_remove(conn); 2371 os_free(ctrl); 2372 } 2373 2374 dpp_relay_flush_controllers(struct dpp_global * dpp)2375 void dpp_relay_flush_controllers(struct dpp_global *dpp) 2376 { 2377 struct dpp_relay_controller *ctrl, *tmp; 2378 2379 if (!dpp) 2380 return; 2381 2382 dl_list_for_each_safe(ctrl, tmp, &dpp->controllers, 2383 struct dpp_relay_controller, list) { 2384 dl_list_del(&ctrl->list); 2385 dpp_relay_controller_free(ctrl); 2386 } 2387 2388 if (dpp->tmp_controller) { 2389 dpp_relay_controller_free(dpp->tmp_controller); 2390 dpp->tmp_controller = NULL; 2391 } 2392 } 2393 2394 dpp_relay_remove_controller(struct dpp_global * dpp,const struct hostapd_ip_addr * addr)2395 void dpp_relay_remove_controller(struct dpp_global *dpp, 2396 const struct hostapd_ip_addr *addr) 2397 { 2398 struct dpp_relay_controller *ctrl; 2399 2400 if (!dpp) 2401 return; 2402 2403 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller, 2404 list) { 2405 if (hostapd_ip_equal(&ctrl->ipaddr, addr)) { 2406 dl_list_del(&ctrl->list); 2407 dpp_relay_controller_free(ctrl); 2408 return; 2409 } 2410 } 2411 2412 if (dpp->tmp_controller && 2413 hostapd_ip_equal(&dpp->tmp_controller->ipaddr, addr)) { 2414 dpp_relay_controller_free(dpp->tmp_controller); 2415 dpp->tmp_controller = NULL; 2416 } 2417 } 2418 2419 dpp_relay_tcp_cb(int sd,void * eloop_ctx,void * sock_ctx)2420 static void dpp_relay_tcp_cb(int sd, void *eloop_ctx, void *sock_ctx) 2421 { 2422 struct dpp_global *dpp = eloop_ctx; 2423 struct sockaddr_in addr; 2424 socklen_t addr_len = sizeof(addr); 2425 int fd; 2426 struct dpp_relay_controller *ctrl; 2427 struct dpp_connection *conn = NULL; 2428 2429 wpa_printf(MSG_DEBUG, "DPP: New TCP connection (Relay)"); 2430 2431 fd = accept(dpp->relay_sock, (struct sockaddr *) &addr, &addr_len); 2432 if (fd < 0) { 2433 wpa_printf(MSG_DEBUG, 2434 "DPP: Failed to accept new connection: %s", 2435 strerror(errno)); 2436 return; 2437 } 2438 wpa_printf(MSG_DEBUG, "DPP: Connection from %s:%d", 2439 inet_ntoa(addr.sin_addr), ntohs(addr.sin_port)); 2440 2441 ctrl = dpp_relay_controller_get_addr(dpp, &addr); 2442 if (!ctrl && dpp->tmp_controller && 2443 dl_list_len(&dpp->tmp_controller->conn)) { 2444 char txt[100]; 2445 2446 wpa_printf(MSG_DEBUG, 2447 "DPP: Remove a temporaty Controller entry for %s", 2448 hostapd_ip_txt(&dpp->tmp_controller->ipaddr, 2449 txt, sizeof(txt))); 2450 dpp_relay_controller_free(dpp->tmp_controller); 2451 dpp->tmp_controller = NULL; 2452 } 2453 if (!ctrl && !dpp->tmp_controller) { 2454 wpa_printf(MSG_DEBUG, "DPP: Add a temporary Controller entry"); 2455 ctrl = os_zalloc(sizeof(*ctrl)); 2456 if (!ctrl) 2457 goto fail; 2458 dl_list_init(&ctrl->conn); 2459 ctrl->global = dpp; 2460 ctrl->ipaddr.af = AF_INET; 2461 ctrl->ipaddr.u.v4.s_addr = addr.sin_addr.s_addr; 2462 ctrl->msg_ctx = dpp->relay_msg_ctx; 2463 ctrl->cb_ctx = dpp->relay_cb_ctx; 2464 ctrl->tx = dpp->relay_tx; 2465 ctrl->gas_resp_tx = dpp->relay_gas_resp_tx; 2466 dpp->tmp_controller = ctrl; 2467 } 2468 if (!ctrl) { 2469 wpa_printf(MSG_DEBUG, 2470 "DPP: No Controller found for that address"); 2471 goto fail; 2472 } 2473 2474 if (dl_list_len(&ctrl->conn) >= 15) { 2475 wpa_printf(MSG_DEBUG, 2476 "DPP: Too many ongoing Relay connections to the Controller - cannot start a new one"); 2477 goto fail; 2478 } 2479 2480 conn = os_zalloc(sizeof(*conn)); 2481 if (!conn) 2482 goto fail; 2483 2484 conn->global = ctrl->global; 2485 conn->relay = ctrl; 2486 conn->msg_ctx = ctrl->msg_ctx; 2487 conn->cb_ctx = ctrl->global->cb_ctx; 2488 os_memset(conn->mac_addr, 0xff, ETH_ALEN); 2489 conn->sock = fd; 2490 2491 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) { 2492 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s", 2493 strerror(errno)); 2494 goto fail; 2495 } 2496 2497 if (eloop_register_sock(conn->sock, EVENT_TYPE_READ, 2498 dpp_controller_rx, conn, NULL) < 0) 2499 goto fail; 2500 conn->read_eloop = 1; 2501 2502 /* TODO: eloop timeout to expire connections that do not complete in 2503 * reasonable time */ 2504 dl_list_add(&ctrl->conn, &conn->list); 2505 return; 2506 2507 fail: 2508 close(fd); 2509 os_free(conn); 2510 } 2511 2512 dpp_relay_listen(struct dpp_global * dpp,int port,struct dpp_relay_config * config)2513 int dpp_relay_listen(struct dpp_global *dpp, int port, 2514 struct dpp_relay_config *config) 2515 { 2516 int s; 2517 int on = 1; 2518 struct sockaddr_in sin; 2519 2520 if (dpp->relay_sock >= 0) { 2521 wpa_printf(MSG_INFO, "DPP: %s(%d) - relay port already opened", 2522 __func__, port); 2523 return -1; 2524 } 2525 2526 s = socket(AF_INET, SOCK_STREAM, 0); 2527 if (s < 0) { 2528 wpa_printf(MSG_INFO, 2529 "DPP: socket(SOCK_STREAM) failed: %s", 2530 strerror(errno)); 2531 return -1; 2532 } 2533 2534 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) { 2535 wpa_printf(MSG_DEBUG, 2536 "DPP: setsockopt(SO_REUSEADDR) failed: %s", 2537 strerror(errno)); 2538 /* try to continue anyway */ 2539 } 2540 2541 if (fcntl(s, F_SETFL, O_NONBLOCK) < 0) { 2542 wpa_printf(MSG_INFO, "DPP: fnctl(O_NONBLOCK) failed: %s", 2543 strerror(errno)); 2544 close(s); 2545 return -1; 2546 } 2547 2548 /* TODO: IPv6 */ 2549 os_memset(&sin, 0, sizeof(sin)); 2550 sin.sin_family = AF_INET; 2551 sin.sin_addr.s_addr = INADDR_ANY; 2552 sin.sin_port = htons(port); 2553 if (bind(s, (struct sockaddr *) &sin, sizeof(sin)) < 0) { 2554 wpa_printf(MSG_INFO, 2555 "DPP: Failed to bind Relay TCP port: %s", 2556 strerror(errno)); 2557 close(s); 2558 return -1; 2559 } 2560 if (listen(s, 10 /* max backlog */) < 0 || 2561 fcntl(s, F_SETFL, O_NONBLOCK) < 0 || 2562 eloop_register_sock(s, EVENT_TYPE_READ, dpp_relay_tcp_cb, dpp, 2563 NULL)) { 2564 close(s); 2565 return -1; 2566 } 2567 2568 dpp->relay_sock = s; 2569 dpp->relay_msg_ctx = config->msg_ctx; 2570 dpp->relay_cb_ctx = config->cb_ctx; 2571 dpp->relay_tx = config->tx; 2572 dpp->relay_gas_resp_tx = config->gas_resp_tx; 2573 wpa_printf(MSG_DEBUG, "DPP: Relay started on TCP port %d", port); 2574 return 0; 2575 } 2576 2577 dpp_relay_stop_listen(struct dpp_global * dpp)2578 void dpp_relay_stop_listen(struct dpp_global *dpp) 2579 { 2580 if (!dpp || dpp->relay_sock < 0) 2581 return; 2582 eloop_unregister_sock(dpp->relay_sock, EVENT_TYPE_READ); 2583 close(dpp->relay_sock); 2584 dpp->relay_sock = -1; 2585 } 2586 2587 dpp_tcp_conn_status_requested(struct dpp_global * dpp)2588 bool dpp_tcp_conn_status_requested(struct dpp_global *dpp) 2589 { 2590 struct dpp_connection *conn; 2591 2592 if (!dpp) 2593 return false; 2594 2595 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) { 2596 if (conn->auth && conn->auth->conn_status_requested) 2597 return true; 2598 } 2599 2600 return false; 2601 } 2602 2603 dpp_tcp_send_conn_status_msg(struct dpp_global * dpp,struct dpp_connection * conn,enum dpp_status_error result,const u8 * ssid,size_t ssid_len,const char * channel_list)2604 static void dpp_tcp_send_conn_status_msg(struct dpp_global *dpp, 2605 struct dpp_connection *conn, 2606 enum dpp_status_error result, 2607 const u8 *ssid, size_t ssid_len, 2608 const char *channel_list) 2609 { 2610 struct dpp_authentication *auth = conn->auth; 2611 int res; 2612 struct wpabuf *msg; 2613 struct dpp_connection *c; 2614 2615 auth->conn_status_requested = 0; 2616 2617 msg = dpp_build_conn_status_result(auth, result, ssid, ssid_len, 2618 channel_list); 2619 if (!msg) { 2620 dpp_connection_remove(conn); 2621 return; 2622 } 2623 2624 res = dpp_tcp_send_msg(conn, msg); 2625 wpabuf_free(msg); 2626 2627 if (res < 0) { 2628 dpp_connection_remove(conn); 2629 return; 2630 } 2631 2632 /* conn might have been removed during the dpp_tcp_send_msg() call, so 2633 * need to check that it is still present before modifying it. */ 2634 dl_list_for_each(c, &dpp->tcp_init, struct dpp_connection, list) { 2635 if (conn == c) { 2636 /* This exchange will be terminated in the TX status 2637 * handler */ 2638 conn->on_tcp_tx_complete_remove = 1; 2639 break; 2640 } 2641 } 2642 } 2643 2644 dpp_tcp_send_conn_status(struct dpp_global * dpp,enum dpp_status_error result,const u8 * ssid,size_t ssid_len,const char * channel_list)2645 void dpp_tcp_send_conn_status(struct dpp_global *dpp, 2646 enum dpp_status_error result, 2647 const u8 *ssid, size_t ssid_len, 2648 const char *channel_list) 2649 { 2650 struct dpp_connection *conn; 2651 2652 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) { 2653 if (conn->auth && conn->auth->conn_status_requested) { 2654 dpp_tcp_send_conn_status_msg(dpp, conn, result, ssid, 2655 ssid_len, channel_list); 2656 break; 2657 } 2658 } 2659 } 2660 2661 #endif /* CONFIG_DPP2 */ 2662