1 /*
2 * wpa_supplicant - DPP
3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 * Copyright (c) 2018-2020, The Linux Foundation
5 * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc.
6 *
7 * This software may be distributed under the terms of the BSD license.
8 * See README for more details.
9 */
10
11 #include "utils/includes.h"
12
13 #include "utils/common.h"
14 #include "utils/eloop.h"
15 #include "utils/ip_addr.h"
16 #include "utils/base64.h"
17 #include "common/dpp.h"
18 #include "common/gas.h"
19 #include "common/gas_server.h"
20 #include "crypto/random.h"
21 #include "rsn_supp/wpa.h"
22 #include "rsn_supp/pmksa_cache.h"
23 #include "wpa_supplicant_i.h"
24 #include "config.h"
25 #include "driver_i.h"
26 #include "offchannel.h"
27 #include "gas_query.h"
28 #include "bss.h"
29 #include "scan.h"
30 #include "notify.h"
31 #include "dpp_supplicant.h"
32
33
34 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
35 unsigned int freq);
36 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
37 static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx);
38 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
39 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
40 unsigned int freq, const u8 *dst,
41 const u8 *src, const u8 *bssid,
42 const u8 *data, size_t data_len,
43 enum offchannel_send_action_result result);
44 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
45 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s);
46 static void
47 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
48 unsigned int freq, const u8 *dst,
49 const u8 *src, const u8 *bssid,
50 const u8 *data, size_t data_len,
51 enum offchannel_send_action_result result);
52 static void wpas_dpp_gas_client_timeout(void *eloop_ctx, void *timeout_ctx);
53 #ifdef CONFIG_DPP2
54 static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
55 void *timeout_ctx);
56 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s);
57 static int wpas_dpp_process_conf_obj(void *ctx,
58 struct dpp_authentication *auth);
59 static bool wpas_dpp_tcp_msg_sent(void *ctx, struct dpp_authentication *auth);
60 #endif /* CONFIG_DPP2 */
61 #ifdef CONFIG_DPP3
62 static void wpas_dpp_pb_next(void *eloop_ctx, void *timeout_ctx);
63 #endif /* CONFIG_DPP3 */
64
65 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
66
67 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
68 * a single transaction in progress at any point in time. */
69 static const u8 TRANSACTION_ID = 1;
70
71
72 /**
73 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
74 * @wpa_s: Pointer to wpa_supplicant data
75 * @cmd: DPP URI read from a QR Code
76 * Returns: Identifier of the stored info or -1 on failure
77 */
wpas_dpp_qr_code(struct wpa_supplicant * wpa_s,const char * cmd)78 int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
79 {
80 struct dpp_bootstrap_info *bi;
81 struct dpp_authentication *auth = wpa_s->dpp_auth;
82
83 bi = dpp_add_qr_code(wpa_s->dpp, cmd);
84 if (!bi)
85 return -1;
86
87 if (auth && auth->response_pending &&
88 dpp_notify_new_qr_code(auth, bi) == 1) {
89 wpa_printf(MSG_DEBUG,
90 "DPP: Sending out pending authentication response");
91 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
92 " freq=%u type=%d",
93 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
94 DPP_PA_AUTHENTICATION_RESP);
95 offchannel_send_action(wpa_s, auth->curr_freq,
96 auth->peer_mac_addr, wpa_s->own_addr,
97 broadcast,
98 wpabuf_head(auth->resp_msg),
99 wpabuf_len(auth->resp_msg),
100 500, wpas_dpp_tx_status, 0);
101 }
102
103 #ifdef CONFIG_DPP2
104 dpp_controller_new_qr_code(wpa_s->dpp, bi);
105 #endif /* CONFIG_DPP2 */
106
107 return bi->id;
108 }
109
110
111 /**
112 * wpas_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI)
113 * @wpa_s: Pointer to wpa_supplicant data
114 * @cmd: DPP URI read from a NFC Tag (URI NDEF message)
115 * Returns: Identifier of the stored info or -1 on failure
116 */
wpas_dpp_nfc_uri(struct wpa_supplicant * wpa_s,const char * cmd)117 int wpas_dpp_nfc_uri(struct wpa_supplicant *wpa_s, const char *cmd)
118 {
119 struct dpp_bootstrap_info *bi;
120
121 bi = dpp_add_nfc_uri(wpa_s->dpp, cmd);
122 if (!bi)
123 return -1;
124
125 return bi->id;
126 }
127
128
wpas_dpp_nfc_handover_req(struct wpa_supplicant * wpa_s,const char * cmd)129 int wpas_dpp_nfc_handover_req(struct wpa_supplicant *wpa_s, const char *cmd)
130 {
131 const char *pos;
132 struct dpp_bootstrap_info *peer_bi, *own_bi;
133
134 pos = os_strstr(cmd, " own=");
135 if (!pos)
136 return -1;
137 pos += 5;
138 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
139 if (!own_bi)
140 return -1;
141 own_bi->nfc_negotiated = 1;
142
143 pos = os_strstr(cmd, " uri=");
144 if (!pos)
145 return -1;
146 pos += 5;
147 peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
148 if (!peer_bi) {
149 wpa_printf(MSG_INFO,
150 "DPP: Failed to parse URI from NFC Handover Request");
151 return -1;
152 }
153
154 if (dpp_nfc_update_bi(own_bi, peer_bi) < 0)
155 return -1;
156
157 return peer_bi->id;
158 }
159
160
wpas_dpp_nfc_handover_sel(struct wpa_supplicant * wpa_s,const char * cmd)161 int wpas_dpp_nfc_handover_sel(struct wpa_supplicant *wpa_s, const char *cmd)
162 {
163 const char *pos;
164 struct dpp_bootstrap_info *peer_bi, *own_bi;
165
166 pos = os_strstr(cmd, " own=");
167 if (!pos)
168 return -1;
169 pos += 5;
170 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
171 if (!own_bi)
172 return -1;
173 own_bi->nfc_negotiated = 1;
174
175 pos = os_strstr(cmd, " uri=");
176 if (!pos)
177 return -1;
178 pos += 5;
179 peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
180 if (!peer_bi) {
181 wpa_printf(MSG_INFO,
182 "DPP: Failed to parse URI from NFC Handover Select");
183 return -1;
184 }
185
186 if (peer_bi->curve != own_bi->curve) {
187 wpa_printf(MSG_INFO,
188 "DPP: Peer (NFC Handover Selector) used different curve");
189 return -1;
190 }
191
192 return peer_bi->id;
193 }
194
195
wpas_dpp_auth_resp_retry_timeout(void * eloop_ctx,void * timeout_ctx)196 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx)
197 {
198 struct wpa_supplicant *wpa_s = eloop_ctx;
199 struct dpp_authentication *auth = wpa_s->dpp_auth;
200
201 if (!auth || !auth->resp_msg)
202 return;
203
204 wpa_printf(MSG_DEBUG,
205 "DPP: Retry Authentication Response after timeout");
206 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
207 " freq=%u type=%d",
208 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
209 DPP_PA_AUTHENTICATION_RESP);
210 offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr,
211 wpa_s->own_addr, broadcast,
212 wpabuf_head(auth->resp_msg),
213 wpabuf_len(auth->resp_msg),
214 500, wpas_dpp_tx_status, 0);
215 }
216
217
wpas_dpp_auth_resp_retry(struct wpa_supplicant * wpa_s)218 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s)
219 {
220 struct dpp_authentication *auth = wpa_s->dpp_auth;
221 unsigned int wait_time, max_tries;
222
223 if (!auth || !auth->resp_msg)
224 return;
225
226 if (wpa_s->dpp_resp_max_tries)
227 max_tries = wpa_s->dpp_resp_max_tries;
228 else
229 max_tries = 5;
230 auth->auth_resp_tries++;
231 if (auth->auth_resp_tries >= max_tries) {
232 wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange");
233 offchannel_send_action_done(wpa_s);
234 dpp_auth_deinit(wpa_s->dpp_auth);
235 wpa_s->dpp_auth = NULL;
236 return;
237 }
238
239 if (wpa_s->dpp_resp_retry_time)
240 wait_time = wpa_s->dpp_resp_retry_time;
241 else
242 wait_time = 1000;
243 if (wpa_s->dpp_tx_chan_change) {
244 wpa_s->dpp_tx_chan_change = false;
245 if (wait_time > 100)
246 wait_time = 100;
247 }
248
249 wpa_printf(MSG_DEBUG,
250 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
251 wait_time);
252 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
253 eloop_register_timeout(wait_time / 1000,
254 (wait_time % 1000) * 1000,
255 wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
256 }
257
258
wpas_dpp_try_to_connect(struct wpa_supplicant * wpa_s)259 static void wpas_dpp_try_to_connect(struct wpa_supplicant *wpa_s)
260 {
261 wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network");
262 wpa_s->suitable_network = 0;
263 wpa_s->no_suitable_network = 0;
264 wpa_s->disconnected = 0;
265 wpa_s->reassociate = 1;
266 wpa_s->scan_runs = 0;
267 wpa_s->normal_scans = 0;
268 wpa_supplicant_cancel_sched_scan(wpa_s);
269 wpa_supplicant_req_scan(wpa_s, 0, 0);
270 }
271
272
273 #ifdef CONFIG_DPP2
274
wpas_dpp_stop_listen_for_tx(struct wpa_supplicant * wpa_s,unsigned int freq,unsigned int wait_time)275 static void wpas_dpp_stop_listen_for_tx(struct wpa_supplicant *wpa_s,
276 unsigned int freq,
277 unsigned int wait_time)
278 {
279 struct os_reltime now, res;
280 unsigned int remaining;
281
282 if (!wpa_s->dpp_listen_freq)
283 return;
284
285 os_get_reltime(&now);
286 if (os_reltime_before(&now, &wpa_s->dpp_listen_end)) {
287 os_reltime_sub(&wpa_s->dpp_listen_end, &now, &res);
288 remaining = res.sec * 1000 + res.usec / 1000;
289 } else {
290 remaining = 0;
291 }
292 if (wpa_s->dpp_listen_freq == freq && remaining > wait_time)
293 return;
294
295 wpa_printf(MSG_DEBUG,
296 "DPP: Stop listen on %u MHz ending in %u ms to allow immediate TX on %u MHz for %u ms",
297 wpa_s->dpp_listen_freq, remaining, freq, wait_time);
298 wpas_dpp_listen_stop(wpa_s);
299
300 /* TODO: Restart listen in some cases after TX? */
301 }
302
303
wpas_dpp_conn_status_result_timeout(void * eloop_ctx,void * timeout_ctx)304 static void wpas_dpp_conn_status_result_timeout(void *eloop_ctx,
305 void *timeout_ctx)
306 {
307 struct wpa_supplicant *wpa_s = eloop_ctx;
308 struct dpp_authentication *auth = wpa_s->dpp_auth;
309 enum dpp_status_error result;
310
311 if ((!auth || !auth->conn_status_requested) &&
312 !dpp_tcp_conn_status_requested(wpa_s->dpp))
313 return;
314
315 wpa_printf(MSG_DEBUG,
316 "DPP: Connection timeout - report Connection Status Result");
317 if (wpa_s->suitable_network)
318 result = DPP_STATUS_AUTH_FAILURE;
319 else if (wpa_s->no_suitable_network)
320 result = DPP_STATUS_NO_AP;
321 else
322 result = 255; /* What to report here for unexpected state? */
323 if (wpa_s->wpa_state == WPA_SCANNING)
324 wpas_abort_ongoing_scan(wpa_s);
325 wpas_dpp_send_conn_status_result(wpa_s, result);
326 }
327
328
wpas_dpp_scan_channel_list(struct wpa_supplicant * wpa_s)329 static char * wpas_dpp_scan_channel_list(struct wpa_supplicant *wpa_s)
330 {
331 char *str, *end, *pos;
332 size_t len;
333 unsigned int i;
334 u8 last_op_class = 0;
335 int res;
336
337 if (!wpa_s->last_scan_freqs || !wpa_s->num_last_scan_freqs)
338 return NULL;
339
340 len = wpa_s->num_last_scan_freqs * 8;
341 str = os_zalloc(len);
342 if (!str)
343 return NULL;
344 end = str + len;
345 pos = str;
346
347 for (i = 0; i < wpa_s->num_last_scan_freqs; i++) {
348 enum hostapd_hw_mode mode;
349 u8 op_class, channel;
350
351 mode = ieee80211_freq_to_channel_ext(wpa_s->last_scan_freqs[i],
352 0, 0, &op_class, &channel);
353 if (mode == NUM_HOSTAPD_MODES)
354 continue;
355 if (op_class == last_op_class)
356 res = os_snprintf(pos, end - pos, ",%d", channel);
357 else
358 res = os_snprintf(pos, end - pos, "%s%d/%d",
359 pos == str ? "" : ",",
360 op_class, channel);
361 if (os_snprintf_error(end - pos, res)) {
362 *pos = '\0';
363 break;
364 }
365 pos += res;
366 last_op_class = op_class;
367 }
368
369 if (pos == str) {
370 os_free(str);
371 str = NULL;
372 }
373 return str;
374 }
375
376
wpas_dpp_send_conn_status_result(struct wpa_supplicant * wpa_s,enum dpp_status_error result)377 void wpas_dpp_send_conn_status_result(struct wpa_supplicant *wpa_s,
378 enum dpp_status_error result)
379 {
380 struct wpabuf *msg;
381 const char *channel_list = NULL;
382 char *channel_list_buf = NULL;
383 struct wpa_ssid *ssid = wpa_s->current_ssid;
384 struct dpp_authentication *auth = wpa_s->dpp_auth;
385
386 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
387
388 if ((!auth || !auth->conn_status_requested) &&
389 !dpp_tcp_conn_status_requested(wpa_s->dpp))
390 return;
391
392 wpa_printf(MSG_DEBUG, "DPP: Report connection status result %d",
393 result);
394
395 if (result == DPP_STATUS_NO_AP) {
396 channel_list_buf = wpas_dpp_scan_channel_list(wpa_s);
397 channel_list = channel_list_buf;
398 }
399
400 if (!auth || !auth->conn_status_requested) {
401 dpp_tcp_send_conn_status(wpa_s->dpp, result,
402 ssid ? ssid->ssid :
403 wpa_s->dpp_last_ssid,
404 ssid ? ssid->ssid_len :
405 wpa_s->dpp_last_ssid_len,
406 channel_list);
407 os_free(channel_list_buf);
408 return;
409 }
410
411 auth->conn_status_requested = 0;
412
413 msg = dpp_build_conn_status_result(auth, result,
414 ssid ? ssid->ssid :
415 wpa_s->dpp_last_ssid,
416 ssid ? ssid->ssid_len :
417 wpa_s->dpp_last_ssid_len,
418 channel_list);
419 os_free(channel_list_buf);
420 if (!msg) {
421 dpp_auth_deinit(wpa_s->dpp_auth);
422 wpa_s->dpp_auth = NULL;
423 return;
424 }
425
426 wpa_msg(wpa_s, MSG_INFO,
427 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
428 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
429 DPP_PA_CONNECTION_STATUS_RESULT);
430 offchannel_send_action(wpa_s, auth->curr_freq,
431 auth->peer_mac_addr, wpa_s->own_addr, broadcast,
432 wpabuf_head(msg), wpabuf_len(msg),
433 500, wpas_dpp_tx_status, 0);
434 wpabuf_free(msg);
435
436 /* This exchange will be terminated in the TX status handler */
437 auth->remove_on_tx_status = 1;
438
439 return;
440 }
441
442
wpas_dpp_connected_timeout(void * eloop_ctx,void * timeout_ctx)443 static void wpas_dpp_connected_timeout(void *eloop_ctx, void *timeout_ctx)
444 {
445 struct wpa_supplicant *wpa_s = eloop_ctx;
446 struct dpp_authentication *auth = wpa_s->dpp_auth;
447
448 if ((auth && auth->conn_status_requested) ||
449 dpp_tcp_conn_status_requested(wpa_s->dpp))
450 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_OK);
451 }
452
453
wpas_dpp_connected(struct wpa_supplicant * wpa_s)454 void wpas_dpp_connected(struct wpa_supplicant *wpa_s)
455 {
456 struct dpp_authentication *auth = wpa_s->dpp_auth;
457
458 if ((auth && auth->conn_status_requested) ||
459 dpp_tcp_conn_status_requested(wpa_s->dpp)) {
460 /* Report connection result from an eloop timeout to avoid delay
461 * to completing all connection completion steps since this
462 * function is called in a middle of the post 4-way handshake
463 * processing. */
464 eloop_register_timeout(0, 0, wpas_dpp_connected_timeout,
465 wpa_s, NULL);
466 }
467 }
468
469 #endif /* CONFIG_DPP2 */
470
471
wpas_dpp_drv_wait_timeout(void * eloop_ctx,void * timeout_ctx)472 static void wpas_dpp_drv_wait_timeout(void *eloop_ctx, void *timeout_ctx)
473 {
474 struct wpa_supplicant *wpa_s = eloop_ctx;
475 struct dpp_authentication *auth = wpa_s->dpp_auth;
476
477 if (auth && auth->waiting_auth_resp) {
478 wpa_printf(MSG_DEBUG,
479 "DPP: Call wpas_dpp_auth_init_next() from %s",
480 __func__);
481 wpas_dpp_auth_init_next(wpa_s);
482 } else {
483 wpa_printf(MSG_DEBUG, "DPP: %s, but no waiting_auth_resp",
484 __func__);
485 }
486 }
487
488
wpas_dpp_neg_freq_timeout(void * eloop_ctx,void * timeout_ctx)489 static void wpas_dpp_neg_freq_timeout(void *eloop_ctx, void *timeout_ctx)
490 {
491 struct wpa_supplicant *wpa_s = eloop_ctx;
492 struct dpp_authentication *auth = wpa_s->dpp_auth;
493
494 if (!wpa_s->dpp_listen_on_tx_expire || !auth || !auth->neg_freq)
495 return;
496
497 wpa_printf(MSG_DEBUG,
498 "DPP: Start listen on neg_freq %u MHz based on timeout for TX wait expiration",
499 auth->neg_freq);
500 wpas_dpp_listen_start(wpa_s, auth->neg_freq);
501 }
502
503
wpas_dpp_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)504 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
505 unsigned int freq, const u8 *dst,
506 const u8 *src, const u8 *bssid,
507 const u8 *data, size_t data_len,
508 enum offchannel_send_action_result result)
509 {
510 const char *res_txt;
511 struct dpp_authentication *auth = wpa_s->dpp_auth;
512
513 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
514 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
515 "FAILED");
516 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
517 " result=%s", freq, MAC2STR(dst), res_txt);
518 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
519 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
520
521 if (!wpa_s->dpp_auth) {
522 wpa_printf(MSG_DEBUG,
523 "DPP: Ignore TX status since there is no ongoing authentication exchange");
524 return;
525 }
526
527 #ifdef CONFIG_DPP2
528 if (auth->connect_on_tx_status) {
529 auth->connect_on_tx_status = 0;
530 wpa_printf(MSG_DEBUG,
531 "DPP: Try to connect after completed configuration result");
532 wpas_dpp_try_to_connect(wpa_s);
533 if (auth->conn_status_requested) {
534 wpa_printf(MSG_DEBUG,
535 "DPP: Start 15 second timeout for reporting connection status result");
536 eloop_cancel_timeout(
537 wpas_dpp_conn_status_result_timeout,
538 wpa_s, NULL);
539 eloop_register_timeout(
540 15, 0, wpas_dpp_conn_status_result_timeout,
541 wpa_s, NULL);
542 } else {
543 dpp_auth_deinit(wpa_s->dpp_auth);
544 wpa_s->dpp_auth = NULL;
545 }
546 return;
547 }
548 #endif /* CONFIG_DPP2 */
549
550 if (wpa_s->dpp_auth->remove_on_tx_status) {
551 wpa_printf(MSG_DEBUG,
552 "DPP: Terminate authentication exchange due to a request to do so on TX status");
553 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
554 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
555 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
556 NULL);
557 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
558 NULL);
559 #ifdef CONFIG_DPP2
560 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
561 wpa_s, NULL);
562 #endif /* CONFIG_DPP2 */
563 offchannel_send_action_done(wpa_s);
564 dpp_auth_deinit(wpa_s->dpp_auth);
565 wpa_s->dpp_auth = NULL;
566 return;
567 }
568
569 if (wpa_s->dpp_auth_ok_on_ack)
570 wpas_dpp_auth_success(wpa_s, 1);
571
572 if (!is_broadcast_ether_addr(dst) &&
573 result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
574 wpa_printf(MSG_DEBUG,
575 "DPP: Unicast DPP Action frame was not ACKed");
576 if (auth->waiting_auth_resp) {
577 /* In case of DPP Authentication Request frame, move to
578 * the next channel immediately. */
579 offchannel_send_action_done(wpa_s);
580 /* Call wpas_dpp_auth_init_next(wpa_s) from driver event
581 * notifying frame wait was completed or from eloop
582 * timeout. */
583 eloop_register_timeout(0, 10000,
584 wpas_dpp_drv_wait_timeout,
585 wpa_s, NULL);
586 return;
587 }
588 if (auth->waiting_auth_conf) {
589 wpas_dpp_auth_resp_retry(wpa_s);
590 return;
591 }
592 }
593
594 if (auth->waiting_auth_conf &&
595 auth->auth_resp_status == DPP_STATUS_OK) {
596 /* Make sure we do not get stuck waiting for Auth Confirm
597 * indefinitely after successfully transmitted Auth Response to
598 * allow new authentication exchanges to be started. */
599 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
600 NULL);
601 eloop_register_timeout(1, 0, wpas_dpp_auth_conf_wait_timeout,
602 wpa_s, NULL);
603 }
604
605 if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp &&
606 result == OFFCHANNEL_SEND_ACTION_SUCCESS) {
607 /* Allow timeout handling to stop iteration if no response is
608 * received from a peer that has ACKed a request. */
609 auth->auth_req_ack = 1;
610 }
611
612 if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
613 wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
614 wpa_printf(MSG_DEBUG,
615 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
616 wpa_s->dpp_auth->curr_freq,
617 wpa_s->dpp_auth->neg_freq);
618 offchannel_send_action_done(wpa_s);
619 wpa_s->dpp_listen_on_tx_expire = true;
620 eloop_register_timeout(0, 100000, wpas_dpp_neg_freq_timeout,
621 wpa_s, NULL);
622 }
623
624 if (wpa_s->dpp_auth_ok_on_ack)
625 wpa_s->dpp_auth_ok_on_ack = 0;
626 }
627
628
wpas_dpp_reply_wait_timeout(void * eloop_ctx,void * timeout_ctx)629 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
630 {
631 struct wpa_supplicant *wpa_s = eloop_ctx;
632 struct dpp_authentication *auth = wpa_s->dpp_auth;
633 unsigned int freq;
634 struct os_reltime now, diff;
635 unsigned int wait_time, diff_ms;
636
637 if (!auth || !auth->waiting_auth_resp)
638 return;
639
640 wait_time = wpa_s->dpp_resp_wait_time ?
641 wpa_s->dpp_resp_wait_time : 2000;
642 os_get_reltime(&now);
643 os_reltime_sub(&now, &wpa_s->dpp_last_init, &diff);
644 diff_ms = diff.sec * 1000 + diff.usec / 1000;
645 wpa_printf(MSG_DEBUG,
646 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
647 wait_time, diff_ms);
648
649 if (auth->auth_req_ack && diff_ms >= wait_time) {
650 /* Peer ACK'ed Authentication Request frame, but did not reply
651 * with Authentication Response frame within two seconds. */
652 wpa_printf(MSG_INFO,
653 "DPP: No response received from responder - stopping initiation attempt");
654 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
655 offchannel_send_action_done(wpa_s);
656 wpas_dpp_listen_stop(wpa_s);
657 dpp_auth_deinit(auth);
658 wpa_s->dpp_auth = NULL;
659 return;
660 }
661
662 if (diff_ms >= wait_time) {
663 /* Authentication Request frame was not ACK'ed and no reply
664 * was receiving within two seconds. */
665 wpa_printf(MSG_DEBUG,
666 "DPP: Continue Initiator channel iteration");
667 offchannel_send_action_done(wpa_s);
668 wpas_dpp_listen_stop(wpa_s);
669 wpas_dpp_auth_init_next(wpa_s);
670 return;
671 }
672
673 /* Driver did not support 2000 ms long wait_time with TX command, so
674 * schedule listen operation to continue waiting for the response.
675 *
676 * DPP listen operations continue until stopped, so simply schedule a
677 * new call to this function at the point when the two second reply
678 * wait has expired. */
679 wait_time -= diff_ms;
680
681 freq = auth->curr_freq;
682 if (auth->neg_freq > 0)
683 freq = auth->neg_freq;
684 wpa_printf(MSG_DEBUG,
685 "DPP: Continue reply wait on channel %u MHz for %u ms",
686 freq, wait_time);
687 wpa_s->dpp_in_response_listen = 1;
688 wpas_dpp_listen_start(wpa_s, freq);
689
690 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
691 wpas_dpp_reply_wait_timeout, wpa_s, NULL);
692 }
693
694
wpas_dpp_auth_conf_wait_timeout(void * eloop_ctx,void * timeout_ctx)695 static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx)
696 {
697 struct wpa_supplicant *wpa_s = eloop_ctx;
698 struct dpp_authentication *auth = wpa_s->dpp_auth;
699
700 if (!auth || !auth->waiting_auth_conf)
701 return;
702
703 wpa_printf(MSG_DEBUG,
704 "DPP: Terminate authentication exchange due to Auth Confirm timeout");
705 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL "No Auth Confirm received");
706 offchannel_send_action_done(wpa_s);
707 dpp_auth_deinit(auth);
708 wpa_s->dpp_auth = NULL;
709 }
710
711
wpas_dpp_set_testing_options(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth)712 static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
713 struct dpp_authentication *auth)
714 {
715 #ifdef CONFIG_TESTING_OPTIONS
716 if (wpa_s->dpp_config_obj_override)
717 auth->config_obj_override =
718 os_strdup(wpa_s->dpp_config_obj_override);
719 if (wpa_s->dpp_discovery_override)
720 auth->discovery_override =
721 os_strdup(wpa_s->dpp_discovery_override);
722 if (wpa_s->dpp_groups_override)
723 auth->groups_override =
724 os_strdup(wpa_s->dpp_groups_override);
725 auth->ignore_netaccesskey_mismatch =
726 wpa_s->dpp_ignore_netaccesskey_mismatch;
727 #endif /* CONFIG_TESTING_OPTIONS */
728 }
729
730
wpas_dpp_init_timeout(void * eloop_ctx,void * timeout_ctx)731 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
732 {
733 struct wpa_supplicant *wpa_s = eloop_ctx;
734
735 if (!wpa_s->dpp_auth)
736 return;
737 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
738 wpas_dpp_auth_init_next(wpa_s);
739 }
740
741
wpas_dpp_auth_init_next(struct wpa_supplicant * wpa_s)742 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
743 {
744 struct dpp_authentication *auth = wpa_s->dpp_auth;
745 const u8 *dst;
746 unsigned int wait_time, max_wait_time, freq, max_tries, used;
747 struct os_reltime now, diff;
748
749 eloop_cancel_timeout(wpas_dpp_drv_wait_timeout, wpa_s, NULL);
750
751 wpa_s->dpp_in_response_listen = 0;
752 if (!auth)
753 return -1;
754
755 if (auth->freq_idx == 0)
756 os_get_reltime(&wpa_s->dpp_init_iter_start);
757
758 if (auth->freq_idx >= auth->num_freq) {
759 auth->num_freq_iters++;
760 if (wpa_s->dpp_init_max_tries)
761 max_tries = wpa_s->dpp_init_max_tries;
762 else
763 max_tries = 5;
764 if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
765 wpa_printf(MSG_INFO,
766 "DPP: No response received from responder - stopping initiation attempt");
767 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
768 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout,
769 wpa_s, NULL);
770 offchannel_send_action_done(wpa_s);
771 dpp_auth_deinit(wpa_s->dpp_auth);
772 wpa_s->dpp_auth = NULL;
773 return -1;
774 }
775 auth->freq_idx = 0;
776 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
777 if (wpa_s->dpp_init_retry_time)
778 wait_time = wpa_s->dpp_init_retry_time;
779 else
780 wait_time = 10000;
781 os_get_reltime(&now);
782 os_reltime_sub(&now, &wpa_s->dpp_init_iter_start, &diff);
783 used = diff.sec * 1000 + diff.usec / 1000;
784 if (used > wait_time)
785 wait_time = 0;
786 else
787 wait_time -= used;
788 wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms",
789 wait_time);
790 eloop_register_timeout(wait_time / 1000,
791 (wait_time % 1000) * 1000,
792 wpas_dpp_init_timeout, wpa_s,
793 NULL);
794 return 0;
795 }
796 freq = auth->freq[auth->freq_idx++];
797 auth->curr_freq = freq;
798
799 if (!is_zero_ether_addr(auth->peer_mac_addr))
800 dst = auth->peer_mac_addr;
801 else if (is_zero_ether_addr(auth->peer_bi->mac_addr))
802 dst = broadcast;
803 else
804 dst = auth->peer_bi->mac_addr;
805 wpa_s->dpp_auth_ok_on_ack = 0;
806 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
807 wait_time = wpa_s->max_remain_on_chan;
808 max_wait_time = wpa_s->dpp_resp_wait_time ?
809 wpa_s->dpp_resp_wait_time : 2000;
810 if (wait_time > max_wait_time)
811 wait_time = max_wait_time;
812 wait_time += 10; /* give the driver some extra time to complete */
813 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
814 wpas_dpp_reply_wait_timeout,
815 wpa_s, NULL);
816 wait_time -= 10;
817 if (auth->neg_freq > 0 && freq != auth->neg_freq) {
818 wpa_printf(MSG_DEBUG,
819 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
820 freq, auth->neg_freq);
821 }
822 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
823 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
824 auth->auth_req_ack = 0;
825 os_get_reltime(&wpa_s->dpp_last_init);
826 return offchannel_send_action(wpa_s, freq, dst,
827 wpa_s->own_addr, broadcast,
828 wpabuf_head(auth->req_msg),
829 wpabuf_len(auth->req_msg),
830 wait_time, wpas_dpp_tx_status, 0);
831 }
832
833
wpas_dpp_auth_init(struct wpa_supplicant * wpa_s,const char * cmd)834 int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
835 {
836 const char *pos;
837 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
838 struct dpp_authentication *auth;
839 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
840 unsigned int neg_freq = 0;
841 int tcp = 0;
842 #ifdef CONFIG_DPP2
843 int tcp_port = DPP_TCP_PORT;
844 struct hostapd_ip_addr ipaddr;
845 char *addr;
846 #endif /* CONFIG_DPP2 */
847
848 wpa_s->dpp_gas_client = 0;
849 wpa_s->dpp_gas_server = 0;
850
851 pos = os_strstr(cmd, " peer=");
852 if (!pos)
853 return -1;
854 pos += 6;
855 peer_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
856 if (!peer_bi) {
857 wpa_printf(MSG_INFO,
858 "DPP: Could not find bootstrapping info for the identified peer");
859 return -1;
860 }
861
862 #ifdef CONFIG_DPP2
863 pos = os_strstr(cmd, " tcp_port=");
864 if (pos) {
865 pos += 10;
866 tcp_port = atoi(pos);
867 }
868
869 addr = get_param(cmd, " tcp_addr=");
870 if (addr && os_strcmp(addr, "from-uri") == 0) {
871 os_free(addr);
872 if (!peer_bi->host) {
873 wpa_printf(MSG_INFO,
874 "DPP: TCP address not available in peer URI");
875 return -1;
876 }
877 tcp = 1;
878 os_memcpy(&ipaddr, peer_bi->host, sizeof(ipaddr));
879 tcp_port = peer_bi->port;
880 } else if (addr) {
881 int res;
882
883 res = hostapd_parse_ip_addr(addr, &ipaddr);
884 os_free(addr);
885 if (res)
886 return -1;
887 tcp = 1;
888 }
889 #endif /* CONFIG_DPP2 */
890
891 pos = os_strstr(cmd, " own=");
892 if (pos) {
893 pos += 5;
894 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
895 if (!own_bi) {
896 wpa_printf(MSG_INFO,
897 "DPP: Could not find bootstrapping info for the identified local entry");
898 return -1;
899 }
900
901 if (peer_bi->curve != own_bi->curve) {
902 wpa_printf(MSG_INFO,
903 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
904 peer_bi->curve->name, own_bi->curve->name);
905 return -1;
906 }
907 }
908
909 pos = os_strstr(cmd, " role=");
910 if (pos) {
911 pos += 6;
912 if (os_strncmp(pos, "configurator", 12) == 0)
913 allowed_roles = DPP_CAPAB_CONFIGURATOR;
914 else if (os_strncmp(pos, "enrollee", 8) == 0)
915 allowed_roles = DPP_CAPAB_ENROLLEE;
916 else if (os_strncmp(pos, "either", 6) == 0)
917 allowed_roles = DPP_CAPAB_CONFIGURATOR |
918 DPP_CAPAB_ENROLLEE;
919 else
920 goto fail;
921 }
922
923 pos = os_strstr(cmd, " netrole=");
924 if (pos) {
925 pos += 9;
926 if (os_strncmp(pos, "ap", 2) == 0)
927 wpa_s->dpp_netrole = DPP_NETROLE_AP;
928 else if (os_strncmp(pos, "configurator", 12) == 0)
929 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
930 else
931 wpa_s->dpp_netrole = DPP_NETROLE_STA;
932 } else {
933 wpa_s->dpp_netrole = DPP_NETROLE_STA;
934 }
935
936 pos = os_strstr(cmd, " neg_freq=");
937 if (pos)
938 neg_freq = atoi(pos + 10);
939
940 if (!tcp && wpa_s->dpp_auth) {
941 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
942 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
943 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
944 NULL);
945 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
946 NULL);
947 #ifdef CONFIG_DPP2
948 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
949 wpa_s, NULL);
950 #endif /* CONFIG_DPP2 */
951 offchannel_send_action_done(wpa_s);
952 dpp_auth_deinit(wpa_s->dpp_auth);
953 wpa_s->dpp_auth = NULL;
954 }
955
956 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles,
957 neg_freq, wpa_s->hw.modes, wpa_s->hw.num_modes);
958 if (!auth)
959 goto fail;
960 wpas_dpp_set_testing_options(wpa_s, auth);
961 if (dpp_set_configurator(auth, cmd) < 0) {
962 dpp_auth_deinit(auth);
963 goto fail;
964 }
965
966 auth->neg_freq = neg_freq;
967
968 if (!is_zero_ether_addr(peer_bi->mac_addr))
969 os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN);
970
971 #ifdef CONFIG_DPP2
972 if (tcp)
973 return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port,
974 wpa_s->conf->dpp_name, DPP_NETROLE_STA,
975 wpa_s->conf->dpp_mud_url,
976 wpa_s->conf->dpp_extra_conf_req_name,
977 wpa_s->conf->dpp_extra_conf_req_value,
978 wpa_s, wpa_s, wpas_dpp_process_conf_obj,
979 wpas_dpp_tcp_msg_sent);
980 #endif /* CONFIG_DPP2 */
981
982 wpa_s->dpp_auth = auth;
983 return wpas_dpp_auth_init_next(wpa_s);
984 fail:
985 return -1;
986 }
987
988
989 struct wpas_dpp_listen_work {
990 unsigned int freq;
991 unsigned int duration;
992 struct wpabuf *probe_resp_ie;
993 };
994
995
wpas_dpp_listen_work_free(struct wpas_dpp_listen_work * lwork)996 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
997 {
998 if (!lwork)
999 return;
1000 os_free(lwork);
1001 }
1002
1003
wpas_dpp_listen_work_done(struct wpa_supplicant * wpa_s)1004 static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
1005 {
1006 struct wpas_dpp_listen_work *lwork;
1007
1008 if (!wpa_s->dpp_listen_work)
1009 return;
1010
1011 lwork = wpa_s->dpp_listen_work->ctx;
1012 wpas_dpp_listen_work_free(lwork);
1013 radio_work_done(wpa_s->dpp_listen_work);
1014 wpa_s->dpp_listen_work = NULL;
1015 }
1016
1017
dpp_start_listen_cb(struct wpa_radio_work * work,int deinit)1018 static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
1019 {
1020 struct wpa_supplicant *wpa_s = work->wpa_s;
1021 struct wpas_dpp_listen_work *lwork = work->ctx;
1022
1023 if (deinit) {
1024 if (work->started) {
1025 wpa_s->dpp_listen_work = NULL;
1026 wpas_dpp_listen_stop(wpa_s);
1027 }
1028 wpas_dpp_listen_work_free(lwork);
1029 return;
1030 }
1031
1032 wpa_s->dpp_listen_work = work;
1033
1034 wpa_s->dpp_pending_listen_freq = lwork->freq;
1035
1036 if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
1037 wpa_s->max_remain_on_chan) < 0) {
1038 wpa_printf(MSG_DEBUG,
1039 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
1040 lwork->freq);
1041 wpa_s->dpp_listen_freq = 0;
1042 wpas_dpp_listen_work_done(wpa_s);
1043 wpa_s->dpp_pending_listen_freq = 0;
1044 return;
1045 }
1046 wpa_s->off_channel_freq = 0;
1047 wpa_s->roc_waiting_drv_freq = lwork->freq;
1048 wpa_drv_dpp_listen(wpa_s, true);
1049 wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1050 wpa_s->dpp_tx_chan_change = false;
1051 }
1052
1053
wpas_dpp_listen_start(struct wpa_supplicant * wpa_s,unsigned int freq)1054 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
1055 unsigned int freq)
1056 {
1057 struct wpas_dpp_listen_work *lwork;
1058
1059 if (wpa_s->dpp_listen_work) {
1060 wpa_printf(MSG_DEBUG,
1061 "DPP: Reject start_listen since dpp_listen_work already exists");
1062 return -1;
1063 }
1064
1065 if (wpa_s->dpp_listen_freq)
1066 wpas_dpp_listen_stop(wpa_s);
1067 wpa_s->dpp_listen_freq = freq;
1068
1069 lwork = os_zalloc(sizeof(*lwork));
1070 if (!lwork)
1071 return -1;
1072 lwork->freq = freq;
1073
1074 if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
1075 lwork) < 0) {
1076 wpas_dpp_listen_work_free(lwork);
1077 return -1;
1078 }
1079
1080 return 0;
1081 }
1082
1083
wpas_dpp_listen(struct wpa_supplicant * wpa_s,const char * cmd)1084 int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
1085 {
1086 int freq;
1087
1088 freq = atoi(cmd);
1089 if (freq <= 0)
1090 return -1;
1091
1092 if (os_strstr(cmd, " role=configurator"))
1093 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
1094 else if (os_strstr(cmd, " role=enrollee"))
1095 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
1096 else
1097 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
1098 DPP_CAPAB_ENROLLEE;
1099 wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
1100 if (os_strstr(cmd, " netrole=ap"))
1101 wpa_s->dpp_netrole = DPP_NETROLE_AP;
1102 else if (os_strstr(cmd, " netrole=configurator"))
1103 wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
1104 else
1105 wpa_s->dpp_netrole = DPP_NETROLE_STA;
1106 if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
1107 wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
1108 freq);
1109 return 0;
1110 }
1111
1112 return wpas_dpp_listen_start(wpa_s, freq);
1113 }
1114
1115
wpas_dpp_listen_stop(struct wpa_supplicant * wpa_s)1116 void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
1117 {
1118 wpa_s->dpp_in_response_listen = 0;
1119 if (!wpa_s->dpp_listen_freq)
1120 return;
1121
1122 wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
1123 wpa_s->dpp_listen_freq);
1124 wpa_drv_cancel_remain_on_channel(wpa_s);
1125 wpa_drv_dpp_listen(wpa_s, false);
1126 wpa_s->dpp_listen_freq = 0;
1127 wpas_dpp_listen_work_done(wpa_s);
1128 radio_remove_works(wpa_s, "dpp-listen", 0);
1129 }
1130
1131
wpas_dpp_remain_on_channel_cb(struct wpa_supplicant * wpa_s,unsigned int freq,unsigned int duration)1132 void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
1133 unsigned int freq, unsigned int duration)
1134 {
1135 if (wpa_s->dpp_listen_freq != freq)
1136 return;
1137
1138 wpa_printf(MSG_DEBUG,
1139 "DPP: Remain-on-channel started for listen on %u MHz for %u ms",
1140 freq, duration);
1141 os_get_reltime(&wpa_s->dpp_listen_end);
1142 wpa_s->dpp_listen_end.usec += duration * 1000;
1143 while (wpa_s->dpp_listen_end.usec >= 1000000) {
1144 wpa_s->dpp_listen_end.sec++;
1145 wpa_s->dpp_listen_end.usec -= 1000000;
1146 }
1147 }
1148
1149
wpas_dpp_tx_auth_resp(struct wpa_supplicant * wpa_s)1150 static void wpas_dpp_tx_auth_resp(struct wpa_supplicant *wpa_s)
1151 {
1152 struct dpp_authentication *auth = wpa_s->dpp_auth;
1153
1154 if (!auth)
1155 return;
1156
1157 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1158 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
1159 DPP_PA_AUTHENTICATION_RESP);
1160 offchannel_send_action(wpa_s, auth->curr_freq,
1161 auth->peer_mac_addr, wpa_s->own_addr, broadcast,
1162 wpabuf_head(auth->resp_msg),
1163 wpabuf_len(auth->resp_msg),
1164 500, wpas_dpp_tx_status, 0);
1165 }
1166
1167
wpas_dpp_tx_auth_resp_roc_timeout(void * eloop_ctx,void * timeout_ctx)1168 static void wpas_dpp_tx_auth_resp_roc_timeout(void *eloop_ctx,
1169 void *timeout_ctx)
1170 {
1171 struct wpa_supplicant *wpa_s = eloop_ctx;
1172 struct dpp_authentication *auth = wpa_s->dpp_auth;
1173
1174 if (!auth || !wpa_s->dpp_tx_auth_resp_on_roc_stop)
1175 return;
1176
1177 wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1178 wpa_s->dpp_tx_chan_change = true;
1179 wpa_printf(MSG_DEBUG,
1180 "DPP: Send postponed Authentication Response on remain-on-channel termination timeout");
1181 wpas_dpp_tx_auth_resp(wpa_s);
1182 }
1183
1184
wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant * wpa_s,unsigned int freq)1185 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
1186 unsigned int freq)
1187 {
1188 wpa_printf(MSG_DEBUG, "DPP: Remain on channel cancel for %u MHz", freq);
1189 wpas_dpp_listen_work_done(wpa_s);
1190
1191 if (wpa_s->dpp_auth && wpa_s->dpp_tx_auth_resp_on_roc_stop) {
1192 eloop_cancel_timeout(wpas_dpp_tx_auth_resp_roc_timeout,
1193 wpa_s, NULL);
1194 wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1195 wpa_s->dpp_tx_chan_change = true;
1196 wpa_printf(MSG_DEBUG,
1197 "DPP: Send postponed Authentication Response on remain-on-channel termination");
1198 wpas_dpp_tx_auth_resp(wpa_s);
1199 return;
1200 }
1201
1202 if (wpa_s->dpp_auth && wpa_s->dpp_in_response_listen) {
1203 unsigned int new_freq;
1204
1205 /* Continue listen with a new remain-on-channel */
1206 if (wpa_s->dpp_auth->neg_freq > 0)
1207 new_freq = wpa_s->dpp_auth->neg_freq;
1208 else
1209 new_freq = wpa_s->dpp_auth->curr_freq;
1210 wpa_printf(MSG_DEBUG,
1211 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
1212 new_freq);
1213 wpas_dpp_listen_start(wpa_s, new_freq);
1214 return;
1215 }
1216
1217 if (wpa_s->dpp_listen_freq) {
1218 /* Continue listen with a new remain-on-channel */
1219 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
1220 }
1221 }
1222
1223
wpas_dpp_rx_auth_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1224 static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
1225 const u8 *hdr, const u8 *buf, size_t len,
1226 unsigned int freq)
1227 {
1228 const u8 *r_bootstrap, *i_bootstrap;
1229 u16 r_bootstrap_len, i_bootstrap_len;
1230 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
1231
1232 if (!wpa_s->dpp)
1233 return;
1234
1235 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
1236 MAC2STR(src));
1237
1238 #ifdef CONFIG_DPP2
1239 wpas_dpp_chirp_stop(wpa_s);
1240 #endif /* CONFIG_DPP2 */
1241
1242 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
1243 &r_bootstrap_len);
1244 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
1245 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1246 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
1247 return;
1248 }
1249 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
1250 r_bootstrap, r_bootstrap_len);
1251
1252 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
1253 &i_bootstrap_len);
1254 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
1255 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1256 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
1257 return;
1258 }
1259 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
1260 i_bootstrap, i_bootstrap_len);
1261
1262 /* Try to find own and peer bootstrapping key matches based on the
1263 * received hash values */
1264 dpp_bootstrap_find_pair(wpa_s->dpp, i_bootstrap, r_bootstrap,
1265 &own_bi, &peer_bi);
1266 if (!own_bi) {
1267 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1268 "No matching own bootstrapping key found - ignore message");
1269 return;
1270 }
1271
1272 if (own_bi->type == DPP_BOOTSTRAP_PKEX) {
1273 if (!peer_bi || peer_bi->type != DPP_BOOTSTRAP_PKEX) {
1274 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1275 "No matching peer bootstrapping key found for PKEX - ignore message");
1276 return;
1277 }
1278
1279 if (os_memcmp(peer_bi->pubkey_hash, own_bi->peer_pubkey_hash,
1280 SHA256_MAC_LEN) != 0) {
1281 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1282 "Mismatching peer PKEX bootstrapping key - ignore message");
1283 return;
1284 }
1285 }
1286
1287 if (wpa_s->dpp_auth) {
1288 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1289 "Already in DPP authentication exchange - ignore new one");
1290 return;
1291 }
1292
1293 wpa_s->dpp_pkex_wait_auth_req = false;
1294 wpa_s->dpp_gas_client = 0;
1295 wpa_s->dpp_gas_server = 0;
1296 wpa_s->dpp_auth_ok_on_ack = 0;
1297 wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s->dpp, wpa_s,
1298 wpa_s->dpp_allowed_roles,
1299 wpa_s->dpp_qr_mutual,
1300 peer_bi, own_bi, freq, hdr, buf, len);
1301 if (!wpa_s->dpp_auth) {
1302 wpa_printf(MSG_DEBUG, "DPP: No response generated");
1303 return;
1304 }
1305 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
1306 if (dpp_set_configurator(wpa_s->dpp_auth,
1307 wpa_s->dpp_configurator_params) < 0) {
1308 dpp_auth_deinit(wpa_s->dpp_auth);
1309 wpa_s->dpp_auth = NULL;
1310 return;
1311 }
1312 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
1313
1314 if (wpa_s->dpp_listen_freq &&
1315 wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) {
1316 wpa_printf(MSG_DEBUG,
1317 "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
1318 wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq);
1319 wpa_s->dpp_tx_auth_resp_on_roc_stop = true;
1320 eloop_register_timeout(0, 100000,
1321 wpas_dpp_tx_auth_resp_roc_timeout,
1322 wpa_s, NULL);
1323 wpas_dpp_listen_stop(wpa_s);
1324 return;
1325 }
1326 wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1327 wpa_s->dpp_tx_chan_change = false;
1328
1329 wpas_dpp_tx_auth_resp(wpa_s);
1330 }
1331
1332
wpas_dpp_tx_wait_expire(struct wpa_supplicant * wpa_s)1333 void wpas_dpp_tx_wait_expire(struct wpa_supplicant *wpa_s)
1334 {
1335 struct dpp_authentication *auth = wpa_s->dpp_auth;
1336 int freq;
1337
1338 #ifdef CONFIG_DPP3
1339 if (wpa_s->dpp_pb_announcement && wpa_s->dpp_pb_discovery_done) {
1340 wpa_printf(MSG_DEBUG,
1341 "DPP: Failed to send push button announcement");
1342 if (eloop_register_timeout(0, 0, wpas_dpp_pb_next,
1343 wpa_s, NULL) < 0)
1344 wpas_dpp_push_button_stop(wpa_s);
1345 }
1346 #endif /* CONFIG_DPP3 */
1347
1348 if (wpa_s->dpp_listen_on_tx_expire && auth && auth->neg_freq) {
1349 wpa_printf(MSG_DEBUG,
1350 "DPP: Start listen on neg_freq %u MHz based on TX wait expiration on the previous channel",
1351 auth->neg_freq);
1352 eloop_cancel_timeout(wpas_dpp_neg_freq_timeout, wpa_s, NULL);
1353 wpas_dpp_listen_start(wpa_s, auth->neg_freq);
1354 return;
1355 }
1356
1357 if (!wpa_s->dpp_gas_server || !auth) {
1358 if (auth && auth->waiting_auth_resp &&
1359 eloop_is_timeout_registered(wpas_dpp_drv_wait_timeout,
1360 wpa_s, NULL)) {
1361 eloop_cancel_timeout(wpas_dpp_drv_wait_timeout,
1362 wpa_s, NULL);
1363 wpa_printf(MSG_DEBUG,
1364 "DPP: Call wpas_dpp_auth_init_next() from %s",
1365 __func__);
1366 wpas_dpp_auth_init_next(wpa_s);
1367 }
1368 return;
1369 }
1370
1371 freq = auth->neg_freq > 0 ? auth->neg_freq : auth->curr_freq;
1372 if (wpa_s->dpp_listen_work || (int) wpa_s->dpp_listen_freq == freq)
1373 return; /* listen state is already in progress */
1374
1375 wpa_printf(MSG_DEBUG, "DPP: Start listen on %u MHz for GAS", freq);
1376 wpa_s->dpp_in_response_listen = 1;
1377 wpas_dpp_listen_start(wpa_s, freq);
1378 }
1379
1380
wpas_dpp_start_gas_server(struct wpa_supplicant * wpa_s)1381 static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
1382 {
1383 struct dpp_authentication *auth = wpa_s->dpp_auth;
1384
1385 wpa_printf(MSG_DEBUG,
1386 "DPP: Starting GAS server (curr_freq=%d neg_freq=%d dpp_listen_freq=%d dpp_listen_work=%d)",
1387 auth->curr_freq, auth->neg_freq, wpa_s->dpp_listen_freq,
1388 !!wpa_s->dpp_listen_work);
1389 wpa_s->dpp_gas_server = 1;
1390 }
1391
1392
wpas_dpp_add_network(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1393 static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
1394 struct dpp_authentication *auth,
1395 struct dpp_config_obj *conf)
1396 {
1397 struct wpa_ssid *ssid;
1398
1399 #ifdef CONFIG_DPP2
1400 if (conf->akm == DPP_AKM_SAE) {
1401 #ifdef CONFIG_SAE
1402 struct wpa_driver_capa capa;
1403 int res;
1404
1405 res = wpa_drv_get_capa(wpa_s, &capa);
1406 if (res == 0 &&
1407 !(capa.key_mgmt_iftype[WPA_IF_STATION] &
1408 WPA_DRIVER_CAPA_KEY_MGMT_SAE) &&
1409 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
1410 wpa_printf(MSG_DEBUG,
1411 "DPP: SAE not supported by the driver");
1412 return NULL;
1413 }
1414 #else /* CONFIG_SAE */
1415 wpa_printf(MSG_DEBUG, "DPP: SAE not supported in the build");
1416 return NULL;
1417 #endif /* CONFIG_SAE */
1418 }
1419 #endif /* CONFIG_DPP2 */
1420
1421 ssid = wpa_config_add_network(wpa_s->conf);
1422 if (!ssid)
1423 return NULL;
1424 wpas_notify_network_added(wpa_s, ssid);
1425 wpa_config_set_network_defaults(ssid);
1426 ssid->disabled = 1;
1427
1428 ssid->ssid = os_malloc(conf->ssid_len);
1429 if (!ssid->ssid)
1430 goto fail;
1431 os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);
1432 ssid->ssid_len = conf->ssid_len;
1433
1434 #ifdef CONFIG_DPP3
1435 if (conf->akm == DPP_AKM_SAE && conf->password_id[0]) {
1436 size_t len = os_strlen(conf->password_id);
1437
1438 ssid->sae_password_id = os_zalloc(len + 1);
1439 if (!ssid->sae_password_id)
1440 goto fail;
1441 os_memcpy(ssid->sae_password_id, conf->password_id, len);
1442 }
1443 #endif /* CONFIG_DPP3 */
1444
1445 if (conf->connector) {
1446 if (dpp_akm_dpp(conf->akm)) {
1447 ssid->key_mgmt = WPA_KEY_MGMT_DPP;
1448 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
1449 }
1450 ssid->dpp_connector = os_strdup(conf->connector);
1451 if (!ssid->dpp_connector)
1452 goto fail;
1453
1454 ssid->dpp_connector_privacy =
1455 wpa_s->conf->dpp_connector_privacy_default;
1456 }
1457
1458 if (conf->c_sign_key) {
1459 ssid->dpp_csign = os_malloc(wpabuf_len(conf->c_sign_key));
1460 if (!ssid->dpp_csign)
1461 goto fail;
1462 os_memcpy(ssid->dpp_csign, wpabuf_head(conf->c_sign_key),
1463 wpabuf_len(conf->c_sign_key));
1464 ssid->dpp_csign_len = wpabuf_len(conf->c_sign_key);
1465 }
1466
1467 if (conf->pp_key) {
1468 ssid->dpp_pp_key = os_malloc(wpabuf_len(conf->pp_key));
1469 if (!ssid->dpp_pp_key)
1470 goto fail;
1471 os_memcpy(ssid->dpp_pp_key, wpabuf_head(conf->pp_key),
1472 wpabuf_len(conf->pp_key));
1473 ssid->dpp_pp_key_len = wpabuf_len(conf->pp_key);
1474 }
1475
1476 if (auth->net_access_key) {
1477 ssid->dpp_netaccesskey =
1478 os_malloc(wpabuf_len(auth->net_access_key));
1479 if (!ssid->dpp_netaccesskey)
1480 goto fail;
1481 os_memcpy(ssid->dpp_netaccesskey,
1482 wpabuf_head(auth->net_access_key),
1483 wpabuf_len(auth->net_access_key));
1484 ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key);
1485 ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry;
1486 }
1487
1488 if (!conf->connector || dpp_akm_psk(conf->akm) ||
1489 dpp_akm_sae(conf->akm)) {
1490 if (!conf->connector || !dpp_akm_dpp(conf->akm))
1491 ssid->key_mgmt = 0;
1492 if (dpp_akm_psk(conf->akm))
1493 ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
1494 WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK;
1495 if (dpp_akm_sae(conf->akm))
1496 ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
1497 WPA_KEY_MGMT_FT_SAE;
1498 if (dpp_akm_psk(conf->akm))
1499 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
1500 else
1501 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
1502 if (conf->passphrase[0] && dpp_akm_psk(conf->akm)) {
1503 if (wpa_config_set_quoted(ssid, "psk",
1504 conf->passphrase) < 0)
1505 goto fail;
1506 wpa_config_update_psk(ssid);
1507 ssid->export_keys = 1;
1508 } else if (conf->passphrase[0] && dpp_akm_sae(conf->akm)) {
1509 if (wpa_config_set_quoted(ssid, "sae_password",
1510 conf->passphrase) < 0)
1511 goto fail;
1512 ssid->export_keys = 1;
1513 } else {
1514 ssid->psk_set = conf->psk_set;
1515 os_memcpy(ssid->psk, conf->psk, PMK_LEN);
1516 }
1517 }
1518
1519 #if defined(CONFIG_DPP2) && defined(IEEE8021X_EAPOL)
1520 if (conf->akm == DPP_AKM_DOT1X) {
1521 int i;
1522 char name[100], blobname[128];
1523 struct wpa_config_blob *blob;
1524
1525 ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X |
1526 WPA_KEY_MGMT_IEEE8021X_SHA256 |
1527 WPA_KEY_MGMT_IEEE8021X_SHA384;
1528 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
1529
1530 if (conf->cacert) {
1531 /* caCert is DER-encoded X.509v3 certificate for the
1532 * server certificate if that is different from the
1533 * trust root included in certBag. */
1534 /* TODO: ssid->eap.cert.ca_cert */
1535 }
1536
1537 if (conf->certs) {
1538 for (i = 0; ; i++) {
1539 os_snprintf(name, sizeof(name), "dpp-certs-%d",
1540 i);
1541 if (!wpa_config_get_blob(wpa_s->conf, name))
1542 break;
1543 }
1544
1545 blob = os_zalloc(sizeof(*blob));
1546 if (!blob)
1547 goto fail;
1548 blob->len = wpabuf_len(conf->certs);
1549 blob->name = os_strdup(name);
1550 blob->data = os_malloc(blob->len);
1551 if (!blob->name || !blob->data) {
1552 wpa_config_free_blob(blob);
1553 goto fail;
1554 }
1555 os_memcpy(blob->data, wpabuf_head(conf->certs),
1556 blob->len);
1557 os_snprintf(blobname, sizeof(blobname), "blob://%s",
1558 name);
1559 wpa_config_set_blob(wpa_s->conf, blob);
1560 wpa_printf(MSG_DEBUG, "DPP: Added certificate blob %s",
1561 name);
1562 ssid->eap.cert.client_cert = os_strdup(blobname);
1563 if (!ssid->eap.cert.client_cert)
1564 goto fail;
1565
1566 /* TODO: ssid->eap.identity from own certificate */
1567 if (wpa_config_set(ssid, "identity", "\"dpp-ent\"",
1568 0) < 0)
1569 goto fail;
1570 }
1571
1572 if (auth->priv_key) {
1573 for (i = 0; ; i++) {
1574 os_snprintf(name, sizeof(name), "dpp-key-%d",
1575 i);
1576 if (!wpa_config_get_blob(wpa_s->conf, name))
1577 break;
1578 }
1579
1580 blob = os_zalloc(sizeof(*blob));
1581 if (!blob)
1582 goto fail;
1583 blob->len = wpabuf_len(auth->priv_key);
1584 blob->name = os_strdup(name);
1585 blob->data = os_malloc(blob->len);
1586 if (!blob->name || !blob->data) {
1587 wpa_config_free_blob(blob);
1588 goto fail;
1589 }
1590 os_memcpy(blob->data, wpabuf_head(auth->priv_key),
1591 blob->len);
1592 os_snprintf(blobname, sizeof(blobname), "blob://%s",
1593 name);
1594 wpa_config_set_blob(wpa_s->conf, blob);
1595 wpa_printf(MSG_DEBUG, "DPP: Added private key blob %s",
1596 name);
1597 ssid->eap.cert.private_key = os_strdup(blobname);
1598 if (!ssid->eap.cert.private_key)
1599 goto fail;
1600 }
1601
1602 if (conf->server_name) {
1603 ssid->eap.cert.domain_suffix_match =
1604 os_strdup(conf->server_name);
1605 if (!ssid->eap.cert.domain_suffix_match)
1606 goto fail;
1607 }
1608
1609 /* TODO: Use entCreds::eapMethods */
1610 if (wpa_config_set(ssid, "eap", "TLS", 0) < 0)
1611 goto fail;
1612 }
1613 #endif /* CONFIG_DPP2 && IEEE8021X_EAPOL */
1614
1615 os_memcpy(wpa_s->dpp_last_ssid, conf->ssid, conf->ssid_len);
1616 wpa_s->dpp_last_ssid_len = conf->ssid_len;
1617
1618 return ssid;
1619 fail:
1620 wpas_notify_network_removed(wpa_s, ssid);
1621 wpa_config_remove_network(wpa_s->conf, ssid->id);
1622 return NULL;
1623 }
1624
1625
wpas_dpp_process_config(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1626 static int wpas_dpp_process_config(struct wpa_supplicant *wpa_s,
1627 struct dpp_authentication *auth,
1628 struct dpp_config_obj *conf)
1629 {
1630 struct wpa_ssid *ssid;
1631
1632 if (wpa_s->conf->dpp_config_processing < 1)
1633 return 0;
1634
1635 ssid = wpas_dpp_add_network(wpa_s, auth, conf);
1636 if (!ssid)
1637 return -1;
1638
1639 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id);
1640 if (wpa_s->conf->dpp_config_processing == 2)
1641 ssid->disabled = 0;
1642
1643 #ifndef CONFIG_NO_CONFIG_WRITE
1644 if (wpa_s->conf->update_config &&
1645 wpa_config_write(wpa_s->confname, wpa_s->conf))
1646 wpa_printf(MSG_DEBUG, "DPP: Failed to update configuration");
1647 #endif /* CONFIG_NO_CONFIG_WRITE */
1648
1649 return 0;
1650 }
1651
1652
wpas_dpp_post_process_config(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth)1653 static void wpas_dpp_post_process_config(struct wpa_supplicant *wpa_s,
1654 struct dpp_authentication *auth)
1655 {
1656 #ifdef CONFIG_DPP2
1657 if (auth->reconfig && wpa_s->dpp_reconfig_ssid &&
1658 wpa_config_get_network(wpa_s->conf, wpa_s->dpp_reconfig_ssid_id) ==
1659 wpa_s->dpp_reconfig_ssid) {
1660 wpa_printf(MSG_DEBUG,
1661 "DPP: Remove reconfigured network profile");
1662 wpas_notify_network_removed(wpa_s, wpa_s->dpp_reconfig_ssid);
1663 wpa_config_remove_network(wpa_s->conf,
1664 wpa_s->dpp_reconfig_ssid_id);
1665 wpa_s->dpp_reconfig_ssid = NULL;
1666 wpa_s->dpp_reconfig_ssid_id = -1;
1667 }
1668 #endif /* CONFIG_DPP2 */
1669
1670 if (wpa_s->conf->dpp_config_processing < 2)
1671 return;
1672
1673 #ifdef CONFIG_DPP2
1674 if (auth->peer_version >= 2) {
1675 wpa_printf(MSG_DEBUG,
1676 "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result");
1677 auth->connect_on_tx_status = 1;
1678 return;
1679 }
1680 #endif /* CONFIG_DPP2 */
1681
1682 wpas_dpp_try_to_connect(wpa_s);
1683 }
1684
1685
wpas_dpp_handle_config_obj(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1686 static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
1687 struct dpp_authentication *auth,
1688 struct dpp_config_obj *conf)
1689 {
1690 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1691 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_AKM "%s",
1692 dpp_akm_str(conf->akm));
1693 if (conf->ssid_len)
1694 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
1695 wpa_ssid_txt(conf->ssid, conf->ssid_len));
1696 if (conf->ssid_charset)
1697 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID_CHARSET "%d",
1698 conf->ssid_charset);
1699 if (conf->connector) {
1700 /* TODO: Save the Connector and consider using a command
1701 * to fetch the value instead of sending an event with
1702 * it. The Connector could end up being larger than what
1703 * most clients are ready to receive as an event
1704 * message. */
1705 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
1706 conf->connector);
1707 }
1708 if (conf->passphrase[0]) {
1709 char hex[64 * 2 + 1];
1710
1711 wpa_snprintf_hex(hex, sizeof(hex),
1712 (const u8 *) conf->passphrase,
1713 os_strlen(conf->passphrase));
1714 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PASS "%s",
1715 hex);
1716 } else if (conf->psk_set) {
1717 char hex[PMK_LEN * 2 + 1];
1718
1719 wpa_snprintf_hex(hex, sizeof(hex), conf->psk, PMK_LEN);
1720 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s",
1721 hex);
1722 }
1723 #ifdef CONFIG_DPP3
1724 if (conf->password_id[0]) {
1725 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_IDPASS "%s",
1726 conf->password_id);
1727 }
1728 #endif /* CONFIG_DPP3 */
1729 if (conf->c_sign_key) {
1730 char *hex;
1731 size_t hexlen;
1732
1733 hexlen = 2 * wpabuf_len(conf->c_sign_key) + 1;
1734 hex = os_malloc(hexlen);
1735 if (hex) {
1736 wpa_snprintf_hex(hex, hexlen,
1737 wpabuf_head(conf->c_sign_key),
1738 wpabuf_len(conf->c_sign_key));
1739 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
1740 hex);
1741 os_free(hex);
1742 }
1743 }
1744 if (conf->pp_key) {
1745 char *hex;
1746 size_t hexlen;
1747
1748 hexlen = 2 * wpabuf_len(conf->pp_key) + 1;
1749 hex = os_malloc(hexlen);
1750 if (hex) {
1751 wpa_snprintf_hex(hex, hexlen,
1752 wpabuf_head(conf->pp_key),
1753 wpabuf_len(conf->pp_key));
1754 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PP_KEY "%s", hex);
1755 os_free(hex);
1756 }
1757 }
1758 if (auth->net_access_key) {
1759 char *hex;
1760 size_t hexlen;
1761
1762 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
1763 hex = os_malloc(hexlen);
1764 if (hex) {
1765 wpa_snprintf_hex(hex, hexlen,
1766 wpabuf_head(auth->net_access_key),
1767 wpabuf_len(auth->net_access_key));
1768 if (auth->net_access_key_expiry)
1769 wpa_msg(wpa_s, MSG_INFO,
1770 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
1771 (long unsigned)
1772 auth->net_access_key_expiry);
1773 else
1774 wpa_msg(wpa_s, MSG_INFO,
1775 DPP_EVENT_NET_ACCESS_KEY "%s", hex);
1776 os_free(hex);
1777 }
1778 }
1779
1780 #ifdef CONFIG_DPP2
1781 if (conf->certbag) {
1782 char *b64;
1783
1784 b64 = base64_encode_no_lf(wpabuf_head(conf->certbag),
1785 wpabuf_len(conf->certbag), NULL);
1786 if (b64)
1787 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CERTBAG "%s", b64);
1788 os_free(b64);
1789 }
1790
1791 if (conf->cacert) {
1792 char *b64;
1793
1794 b64 = base64_encode_no_lf(wpabuf_head(conf->cacert),
1795 wpabuf_len(conf->cacert), NULL);
1796 if (b64)
1797 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CACERT "%s", b64);
1798 os_free(b64);
1799 }
1800
1801 if (conf->server_name)
1802 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_SERVER_NAME "%s",
1803 conf->server_name);
1804 #endif /* CONFIG_DPP2 */
1805
1806 #ifdef CONFIG_DPP3
1807 if (!wpa_s->dpp_pb_result_indicated) {
1808 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "success");
1809 wpa_s->dpp_pb_result_indicated = true;
1810 }
1811
1812 #endif /* CONFIG_DPP3 */
1813
1814 return wpas_dpp_process_config(wpa_s, auth, conf);
1815 }
1816
1817
wpas_dpp_handle_key_pkg(struct wpa_supplicant * wpa_s,struct dpp_asymmetric_key * key)1818 static int wpas_dpp_handle_key_pkg(struct wpa_supplicant *wpa_s,
1819 struct dpp_asymmetric_key *key)
1820 {
1821 #ifdef CONFIG_DPP2
1822 int res;
1823
1824 if (!key)
1825 return 0;
1826
1827 wpa_printf(MSG_DEBUG, "DPP: Received Configurator backup");
1828 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1829 wpa_s->dpp_conf_backup_received = true;
1830
1831 while (key) {
1832 res = dpp_configurator_from_backup(wpa_s->dpp, key);
1833 if (res < 0)
1834 return -1;
1835 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFIGURATOR_ID "%d",
1836 res);
1837 key = key->next;
1838 }
1839 #endif /* CONFIG_DPP2 */
1840
1841 return 0;
1842 }
1843
1844
1845 #ifdef CONFIG_DPP2
wpas_dpp_build_csr(void * eloop_ctx,void * timeout_ctx)1846 static void wpas_dpp_build_csr(void *eloop_ctx, void *timeout_ctx)
1847 {
1848 struct wpa_supplicant *wpa_s = eloop_ctx;
1849 struct dpp_authentication *auth = wpa_s->dpp_auth;
1850
1851 if (!auth || !auth->csrattrs)
1852 return;
1853
1854 wpa_printf(MSG_DEBUG, "DPP: Build CSR");
1855 wpabuf_free(auth->csr);
1856 /* TODO: Additional information needed for CSR based on csrAttrs */
1857 auth->csr = dpp_build_csr(auth, wpa_s->conf->dpp_name ?
1858 wpa_s->conf->dpp_name : "Test");
1859 if (!auth->csr) {
1860 dpp_auth_deinit(wpa_s->dpp_auth);
1861 wpa_s->dpp_auth = NULL;
1862 return;
1863 }
1864
1865 wpas_dpp_start_gas_client(wpa_s);
1866 }
1867 #endif /* CONFIG_DPP2 */
1868
1869
1870 #ifdef CONFIG_DPP3
wpas_dpp_build_new_key(void * eloop_ctx,void * timeout_ctx)1871 static void wpas_dpp_build_new_key(void *eloop_ctx, void *timeout_ctx)
1872 {
1873 struct wpa_supplicant *wpa_s = eloop_ctx;
1874 struct dpp_authentication *auth = wpa_s->dpp_auth;
1875
1876 if (!auth || !auth->waiting_new_key)
1877 return;
1878
1879 wpa_printf(MSG_DEBUG, "DPP: Build config request with a new key");
1880 wpas_dpp_start_gas_client(wpa_s);
1881 }
1882 #endif /* CONFIG_DPP3 */
1883
1884
wpas_dpp_gas_resp_cb(void * ctx,const u8 * addr,u8 dialog_token,enum gas_query_result result,const struct wpabuf * adv_proto,const struct wpabuf * resp,u16 status_code)1885 static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
1886 enum gas_query_result result,
1887 const struct wpabuf *adv_proto,
1888 const struct wpabuf *resp, u16 status_code)
1889 {
1890 struct wpa_supplicant *wpa_s = ctx;
1891 const u8 *pos;
1892 struct dpp_authentication *auth = wpa_s->dpp_auth;
1893 int res;
1894 enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED;
1895 unsigned int i;
1896
1897 eloop_cancel_timeout(wpas_dpp_gas_client_timeout, wpa_s, NULL);
1898 wpa_s->dpp_gas_dialog_token = -1;
1899
1900 if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
1901 !ether_addr_equal(addr, auth->peer_mac_addr)) {
1902 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1903 return;
1904 }
1905 if (result != GAS_QUERY_SUCCESS ||
1906 !resp || status_code != WLAN_STATUS_SUCCESS) {
1907 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
1908 goto fail;
1909 }
1910
1911 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
1912 adv_proto);
1913 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
1914 resp);
1915
1916 if (wpabuf_len(adv_proto) != 10 ||
1917 !(pos = wpabuf_head(adv_proto)) ||
1918 pos[0] != WLAN_EID_ADV_PROTO ||
1919 pos[1] != 8 ||
1920 pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
1921 pos[4] != 5 ||
1922 WPA_GET_BE24(&pos[5]) != OUI_WFA ||
1923 pos[8] != 0x1a ||
1924 pos[9] != 1) {
1925 wpa_printf(MSG_DEBUG,
1926 "DPP: Not a DPP Advertisement Protocol ID");
1927 goto fail;
1928 }
1929
1930 res = dpp_conf_resp_rx(auth, resp);
1931 #ifdef CONFIG_DPP2
1932 if (res == -2) {
1933 wpa_printf(MSG_DEBUG, "DPP: CSR needed");
1934 eloop_register_timeout(0, 0, wpas_dpp_build_csr, wpa_s, NULL);
1935 return;
1936 }
1937 #endif /* CONFIG_DPP2 */
1938 #ifdef CONFIG_DPP3
1939 if (res == -3) {
1940 wpa_printf(MSG_DEBUG, "DPP: New protocol key needed");
1941 eloop_register_timeout(0, 0, wpas_dpp_build_new_key, wpa_s,
1942 NULL);
1943 return;
1944 }
1945 #endif /* CONFIG_DPP3 */
1946 if (res < 0) {
1947 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
1948 goto fail;
1949 }
1950
1951 wpa_s->dpp_conf_backup_received = false;
1952 for (i = 0; i < auth->num_conf_obj; i++) {
1953 res = wpas_dpp_handle_config_obj(wpa_s, auth,
1954 &auth->conf_obj[i]);
1955 if (res < 0)
1956 goto fail;
1957 }
1958 if (auth->num_conf_obj)
1959 wpas_dpp_post_process_config(wpa_s, auth);
1960 if (wpas_dpp_handle_key_pkg(wpa_s, auth->conf_key_pkg) < 0)
1961 goto fail;
1962
1963 status = DPP_STATUS_OK;
1964 #ifdef CONFIG_TESTING_OPTIONS
1965 if (dpp_test == DPP_TEST_REJECT_CONFIG) {
1966 wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object");
1967 status = DPP_STATUS_CONFIG_REJECTED;
1968 }
1969 #endif /* CONFIG_TESTING_OPTIONS */
1970 fail:
1971 if (status != DPP_STATUS_OK)
1972 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1973 #ifdef CONFIG_DPP2
1974 if (auth->peer_version >= 2 &&
1975 auth->conf_resp_status == DPP_STATUS_OK) {
1976 struct wpabuf *msg;
1977
1978 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
1979 msg = dpp_build_conf_result(auth, status);
1980 if (!msg)
1981 goto fail2;
1982
1983 wpa_msg(wpa_s, MSG_INFO,
1984 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1985 MAC2STR(addr), auth->curr_freq,
1986 DPP_PA_CONFIGURATION_RESULT);
1987 offchannel_send_action(wpa_s, auth->curr_freq,
1988 addr, wpa_s->own_addr, broadcast,
1989 wpabuf_head(msg),
1990 wpabuf_len(msg),
1991 500, wpas_dpp_tx_status, 0);
1992 wpabuf_free(msg);
1993
1994 /* This exchange will be terminated in the TX status handler */
1995 if (wpa_s->conf->dpp_config_processing < 2 ||
1996 wpa_s->dpp_conf_backup_received)
1997 auth->remove_on_tx_status = 1;
1998 return;
1999 }
2000 fail2:
2001 #endif /* CONFIG_DPP2 */
2002 dpp_auth_deinit(wpa_s->dpp_auth);
2003 wpa_s->dpp_auth = NULL;
2004 }
2005
2006
wpas_dpp_gas_client_timeout(void * eloop_ctx,void * timeout_ctx)2007 static void wpas_dpp_gas_client_timeout(void *eloop_ctx, void *timeout_ctx)
2008 {
2009 struct wpa_supplicant *wpa_s = eloop_ctx;
2010 struct dpp_authentication *auth = wpa_s->dpp_auth;
2011
2012 if (!wpa_s->dpp_gas_client || !auth ||
2013 (!auth->auth_success && !auth->reconfig_success))
2014 return;
2015
2016 wpa_printf(MSG_DEBUG, "DPP: Timeout while waiting for Config Response");
2017 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2018 dpp_auth_deinit(wpa_s->dpp_auth);
2019 wpa_s->dpp_auth = NULL;
2020 }
2021
2022
wpas_dpp_start_gas_client(struct wpa_supplicant * wpa_s)2023 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
2024 {
2025 struct dpp_authentication *auth = wpa_s->dpp_auth;
2026 struct wpabuf *buf;
2027 int res;
2028 int *supp_op_classes;
2029
2030 wpa_s->dpp_gas_client = 1;
2031 offchannel_send_action_done(wpa_s);
2032 wpas_dpp_listen_stop(wpa_s);
2033
2034 #ifdef CONFIG_NO_RRM
2035 supp_op_classes = NULL;
2036 #else /* CONFIG_NO_RRM */
2037 supp_op_classes = wpas_supp_op_classes(wpa_s);
2038 #endif /* CONFIG_NO_RRM */
2039 buf = dpp_build_conf_req_helper(auth, wpa_s->conf->dpp_name,
2040 wpa_s->dpp_netrole,
2041 wpa_s->conf->dpp_mud_url,
2042 supp_op_classes,
2043 wpa_s->conf->dpp_extra_conf_req_name,
2044 wpa_s->conf->dpp_extra_conf_req_value);
2045 os_free(supp_op_classes);
2046 if (!buf) {
2047 wpa_printf(MSG_DEBUG,
2048 "DPP: No configuration request data available");
2049 return;
2050 }
2051
2052 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
2053 MAC2STR(auth->peer_mac_addr), auth->curr_freq);
2054
2055 /* Use a 120 second timeout since the gas_query_req() operation could
2056 * remain waiting indefinitely for the response if the Configurator
2057 * keeps sending out comeback responses with additional delay. The
2058 * DPP technical specification expects the Enrollee to continue sending
2059 * out new Config Requests for 60 seconds, so this gives an extra 60
2060 * second time after the last expected new Config Request for the
2061 * Configurator to determine what kind of configuration to provide. */
2062 eloop_register_timeout(120, 0, wpas_dpp_gas_client_timeout,
2063 wpa_s, NULL);
2064
2065 res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
2066 1, 1, buf, wpas_dpp_gas_resp_cb, wpa_s);
2067 if (res < 0) {
2068 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
2069 wpabuf_free(buf);
2070 } else {
2071 wpa_printf(MSG_DEBUG,
2072 "DPP: GAS query started with dialog token %u", res);
2073 wpa_s->dpp_gas_dialog_token = res;
2074 }
2075 }
2076
2077
wpas_dpp_auth_success(struct wpa_supplicant * wpa_s,int initiator)2078 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
2079 {
2080 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
2081 dpp_notify_auth_success(wpa_s->dpp_auth, initiator);
2082 #ifdef CONFIG_TESTING_OPTIONS
2083 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
2084 wpa_printf(MSG_INFO,
2085 "DPP: TESTING - stop at Authentication Confirm");
2086 if (wpa_s->dpp_auth->configurator) {
2087 /* Prevent GAS response */
2088 wpa_s->dpp_auth->auth_success = 0;
2089 }
2090 return;
2091 }
2092 #endif /* CONFIG_TESTING_OPTIONS */
2093
2094 if (wpa_s->dpp_auth->configurator)
2095 wpas_dpp_start_gas_server(wpa_s);
2096 else
2097 wpas_dpp_start_gas_client(wpa_s);
2098 }
2099
2100
wpas_dpp_rx_auth_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2101 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2102 const u8 *hdr, const u8 *buf, size_t len,
2103 unsigned int freq)
2104 {
2105 struct dpp_authentication *auth = wpa_s->dpp_auth;
2106 struct wpabuf *msg;
2107
2108 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR
2109 " (freq %u MHz)", MAC2STR(src), freq);
2110
2111 if (!auth) {
2112 wpa_printf(MSG_DEBUG,
2113 "DPP: No DPP Authentication in progress - drop");
2114 return;
2115 }
2116
2117 if (!is_zero_ether_addr(auth->peer_mac_addr) &&
2118 !ether_addr_equal(src, auth->peer_mac_addr)) {
2119 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2120 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2121 return;
2122 }
2123
2124 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
2125
2126 if (auth->curr_freq != freq && auth->neg_freq == freq) {
2127 wpa_printf(MSG_DEBUG,
2128 "DPP: Responder accepted request for different negotiation channel");
2129 auth->curr_freq = freq;
2130 }
2131
2132 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
2133 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
2134 if (!msg) {
2135 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
2136 wpa_printf(MSG_DEBUG,
2137 "DPP: Start wait for full response");
2138 offchannel_send_action_done(wpa_s);
2139 wpas_dpp_listen_start(wpa_s, auth->curr_freq);
2140 return;
2141 }
2142 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
2143 return;
2144 }
2145 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2146
2147 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2148 MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF);
2149 offchannel_send_action(wpa_s, auth->curr_freq,
2150 src, wpa_s->own_addr, broadcast,
2151 wpabuf_head(msg), wpabuf_len(msg),
2152 500, wpas_dpp_tx_status, 0);
2153 wpabuf_free(msg);
2154 wpa_s->dpp_auth_ok_on_ack = 1;
2155 }
2156
2157
wpas_dpp_rx_auth_conf(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)2158 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
2159 const u8 *hdr, const u8 *buf, size_t len)
2160 {
2161 struct dpp_authentication *auth = wpa_s->dpp_auth;
2162
2163 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
2164 MAC2STR(src));
2165
2166 if (!auth) {
2167 wpa_printf(MSG_DEBUG,
2168 "DPP: No DPP Authentication in progress - drop");
2169 return;
2170 }
2171
2172 if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2173 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2174 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2175 return;
2176 }
2177
2178 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
2179
2180 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
2181 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
2182 return;
2183 }
2184
2185 wpas_dpp_auth_success(wpa_s, 0);
2186 }
2187
2188
2189 #ifdef CONFIG_DPP2
2190
wpas_dpp_config_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)2191 static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx,
2192 void *timeout_ctx)
2193 {
2194 struct wpa_supplicant *wpa_s = eloop_ctx;
2195 struct dpp_authentication *auth = wpa_s->dpp_auth;
2196
2197 if (!auth || !auth->waiting_conf_result)
2198 return;
2199
2200 wpa_printf(MSG_DEBUG,
2201 "DPP: Timeout while waiting for Configuration Result");
2202 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2203 dpp_auth_deinit(auth);
2204 wpa_s->dpp_auth = NULL;
2205 }
2206
2207
wpas_dpp_conn_status_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)2208 static void wpas_dpp_conn_status_result_wait_timeout(void *eloop_ctx,
2209 void *timeout_ctx)
2210 {
2211 struct wpa_supplicant *wpa_s = eloop_ctx;
2212 struct dpp_authentication *auth = wpa_s->dpp_auth;
2213
2214 if (!auth || !auth->waiting_conn_status_result)
2215 return;
2216
2217 wpa_printf(MSG_DEBUG,
2218 "DPP: Timeout while waiting for Connection Status Result");
2219 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT "timeout");
2220 wpas_dpp_listen_stop(wpa_s);
2221 dpp_auth_deinit(auth);
2222 wpa_s->dpp_auth = NULL;
2223 }
2224
2225
2226 #ifdef CONFIG_DPP3
2227
wpas_dpp_pb_active(struct wpa_supplicant * wpa_s)2228 static bool wpas_dpp_pb_active(struct wpa_supplicant *wpa_s)
2229 {
2230 return (wpa_s->dpp_pb_time.sec || wpa_s->dpp_pb_time.usec) &&
2231 wpa_s->dpp_pb_configurator;
2232 }
2233
2234
wpas_dpp_remove_pb_hash(struct wpa_supplicant * wpa_s)2235 static void wpas_dpp_remove_pb_hash(struct wpa_supplicant *wpa_s)
2236 {
2237 int i;
2238
2239 if (!wpa_s->dpp_pb_bi)
2240 return;
2241 for (i = 0; i < DPP_PB_INFO_COUNT; i++) {
2242 struct dpp_pb_info *info = &wpa_s->dpp_pb[i];
2243
2244 if (info->rx_time.sec == 0 && info->rx_time.usec == 0)
2245 continue;
2246 if (os_memcmp(info->hash, wpa_s->dpp_pb_resp_hash,
2247 SHA256_MAC_LEN) == 0) {
2248 /* Allow a new push button session to be established
2249 * immediately without the successfully completed
2250 * session triggering session overlap. */
2251 info->rx_time.sec = 0;
2252 info->rx_time.usec = 0;
2253 wpa_printf(MSG_DEBUG,
2254 "DPP: Removed PB hash from session overlap detection due to successfully completed provisioning");
2255 }
2256 }
2257 }
2258
2259 #endif /* CONFIG_DPP3 */
2260
2261
wpas_dpp_rx_conf_result(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)2262 static void wpas_dpp_rx_conf_result(struct wpa_supplicant *wpa_s, const u8 *src,
2263 const u8 *hdr, const u8 *buf, size_t len)
2264 {
2265 struct dpp_authentication *auth = wpa_s->dpp_auth;
2266 enum dpp_status_error status;
2267
2268 wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR,
2269 MAC2STR(src));
2270
2271 if (!auth || !auth->waiting_conf_result) {
2272 if (auth &&
2273 ether_addr_equal(src, auth->peer_mac_addr) &&
2274 gas_server_response_sent(wpa_s->gas_server,
2275 auth->gas_server_ctx)) {
2276 /* This could happen if the TX status event gets delayed
2277 * long enough for the Enrollee to have time to send
2278 * the next frame before the TX status gets processed
2279 * locally. */
2280 wpa_printf(MSG_DEBUG,
2281 "DPP: GAS response was sent but TX status not yet received - assume it was ACKed since the Enrollee sent the next frame in the sequence");
2282 auth->waiting_conf_result = 1;
2283 } else {
2284 wpa_printf(MSG_DEBUG,
2285 "DPP: No DPP Configuration waiting for result - drop");
2286 return;
2287 }
2288 }
2289
2290 if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2291 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2292 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2293 return;
2294 }
2295
2296 status = dpp_conf_result_rx(auth, hdr, buf, len);
2297
2298 if (status == DPP_STATUS_OK && auth->send_conn_status) {
2299 int freq;
2300
2301 wpa_msg(wpa_s, MSG_INFO,
2302 DPP_EVENT_CONF_SENT "wait_conn_status=1 conf_status=%d",
2303 auth->conf_resp_status);
2304 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result");
2305 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
2306 wpa_s, NULL);
2307 auth->waiting_conn_status_result = 1;
2308 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
2309 wpa_s, NULL);
2310 eloop_register_timeout(16, 0,
2311 wpas_dpp_conn_status_result_wait_timeout,
2312 wpa_s, NULL);
2313 offchannel_send_action_done(wpa_s);
2314 freq = auth->neg_freq ? auth->neg_freq : auth->curr_freq;
2315 if (!wpa_s->dpp_in_response_listen ||
2316 (int) wpa_s->dpp_listen_freq != freq)
2317 wpas_dpp_listen_start(wpa_s, freq);
2318 return;
2319 }
2320 offchannel_send_action_done(wpa_s);
2321 wpas_dpp_listen_stop(wpa_s);
2322 if (status == DPP_STATUS_OK)
2323 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT "conf_status=%d",
2324 auth->conf_resp_status);
2325 else
2326 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2327 dpp_auth_deinit(auth);
2328 wpa_s->dpp_auth = NULL;
2329 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
2330 #ifdef CONFIG_DPP3
2331 if (!wpa_s->dpp_pb_result_indicated && wpas_dpp_pb_active(wpa_s)) {
2332 if (status == DPP_STATUS_OK)
2333 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
2334 "success");
2335 else
2336 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
2337 "no-configuration-available");
2338 wpa_s->dpp_pb_result_indicated = true;
2339 if (status == DPP_STATUS_OK)
2340 wpas_dpp_remove_pb_hash(wpa_s);
2341 wpas_dpp_push_button_stop(wpa_s);
2342 }
2343 #endif /* CONFIG_DPP3 */
2344 }
2345
2346
wpas_dpp_rx_conn_status_result(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)2347 static void wpas_dpp_rx_conn_status_result(struct wpa_supplicant *wpa_s,
2348 const u8 *src, const u8 *hdr,
2349 const u8 *buf, size_t len)
2350 {
2351 struct dpp_authentication *auth = wpa_s->dpp_auth;
2352 enum dpp_status_error status;
2353 u8 ssid[SSID_MAX_LEN];
2354 size_t ssid_len = 0;
2355 char *channel_list = NULL;
2356
2357 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result");
2358
2359 if (!auth || !auth->waiting_conn_status_result) {
2360 wpa_printf(MSG_DEBUG,
2361 "DPP: No DPP Configuration waiting for connection status result - drop");
2362 return;
2363 }
2364
2365 status = dpp_conn_status_result_rx(auth, hdr, buf, len,
2366 ssid, &ssid_len, &channel_list);
2367 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT
2368 "result=%d ssid=%s channel_list=%s",
2369 status, wpa_ssid_txt(ssid, ssid_len),
2370 channel_list ? channel_list : "N/A");
2371 os_free(channel_list);
2372 offchannel_send_action_done(wpa_s);
2373 wpas_dpp_listen_stop(wpa_s);
2374 dpp_auth_deinit(auth);
2375 wpa_s->dpp_auth = NULL;
2376 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
2377 wpa_s, NULL);
2378 }
2379
2380
wpas_dpp_process_conf_obj(void * ctx,struct dpp_authentication * auth)2381 static int wpas_dpp_process_conf_obj(void *ctx,
2382 struct dpp_authentication *auth)
2383 {
2384 struct wpa_supplicant *wpa_s = ctx;
2385 unsigned int i;
2386 int res = -1;
2387
2388 for (i = 0; i < auth->num_conf_obj; i++) {
2389 res = wpas_dpp_handle_config_obj(wpa_s, auth,
2390 &auth->conf_obj[i]);
2391 if (res)
2392 break;
2393 }
2394 if (!res)
2395 wpas_dpp_post_process_config(wpa_s, auth);
2396
2397 return res;
2398 }
2399
2400
wpas_dpp_tcp_msg_sent(void * ctx,struct dpp_authentication * auth)2401 static bool wpas_dpp_tcp_msg_sent(void *ctx, struct dpp_authentication *auth)
2402 {
2403 struct wpa_supplicant *wpa_s = ctx;
2404
2405 wpa_printf(MSG_DEBUG, "DPP: TCP message sent callback");
2406
2407 if (auth->connect_on_tx_status) {
2408 auth->connect_on_tx_status = 0;
2409 wpa_printf(MSG_DEBUG,
2410 "DPP: Try to connect after completed configuration result");
2411 wpas_dpp_try_to_connect(wpa_s);
2412 if (auth->conn_status_requested) {
2413 wpa_printf(MSG_DEBUG,
2414 "DPP: Start 15 second timeout for reporting connection status result");
2415 eloop_cancel_timeout(
2416 wpas_dpp_conn_status_result_timeout,
2417 wpa_s, NULL);
2418 eloop_register_timeout(
2419 15, 0, wpas_dpp_conn_status_result_timeout,
2420 wpa_s, NULL);
2421 return true;
2422 }
2423 }
2424
2425 return false;
2426 }
2427
2428
wpas_dpp_remove_bi(void * ctx,struct dpp_bootstrap_info * bi)2429 static void wpas_dpp_remove_bi(void *ctx, struct dpp_bootstrap_info *bi)
2430 {
2431 struct wpa_supplicant *wpa_s = ctx;
2432
2433 if (bi == wpa_s->dpp_chirp_bi)
2434 wpas_dpp_chirp_stop(wpa_s);
2435 }
2436
2437
2438 static void
wpas_dpp_rx_presence_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2439 wpas_dpp_rx_presence_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
2440 const u8 *hdr, const u8 *buf, size_t len,
2441 unsigned int freq)
2442 {
2443 const u8 *r_bootstrap;
2444 u16 r_bootstrap_len;
2445 struct dpp_bootstrap_info *peer_bi;
2446 struct dpp_authentication *auth;
2447 unsigned int wait_time, max_wait_time;
2448
2449 if (!wpa_s->dpp)
2450 return;
2451
2452 if (wpa_s->dpp_auth) {
2453 wpa_printf(MSG_DEBUG,
2454 "DPP: Ignore Presence Announcement during ongoing Authentication");
2455 return;
2456 }
2457
2458 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement from " MACSTR,
2459 MAC2STR(src));
2460
2461 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
2462 &r_bootstrap_len);
2463 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
2464 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2465 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
2466 return;
2467 }
2468 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
2469 r_bootstrap, r_bootstrap_len);
2470 peer_bi = dpp_bootstrap_find_chirp(wpa_s->dpp, r_bootstrap);
2471 dpp_notify_chirp_received(wpa_s, peer_bi ? (int) peer_bi->id : -1, src,
2472 freq, r_bootstrap);
2473 if (!peer_bi) {
2474 wpa_printf(MSG_DEBUG,
2475 "DPP: No matching bootstrapping information found");
2476 return;
2477 }
2478
2479 wpa_printf(MSG_DEBUG, "DPP: Start Authentication exchange with " MACSTR
2480 " based on the received Presence Announcement",
2481 MAC2STR(src));
2482 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, NULL,
2483 DPP_CAPAB_CONFIGURATOR, freq, NULL, 0);
2484 if (!auth)
2485 return;
2486 wpas_dpp_set_testing_options(wpa_s, auth);
2487 if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
2488 dpp_auth_deinit(auth);
2489 return;
2490 }
2491
2492 auth->neg_freq = freq;
2493
2494 /* The source address of the Presence Announcement frame overrides any
2495 * MAC address information from the bootstrapping information. */
2496 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2497
2498 wait_time = wpa_s->max_remain_on_chan;
2499 max_wait_time = wpa_s->dpp_resp_wait_time ?
2500 wpa_s->dpp_resp_wait_time : 2000;
2501 if (wait_time > max_wait_time)
2502 wait_time = max_wait_time;
2503 wpas_dpp_stop_listen_for_tx(wpa_s, freq, wait_time);
2504
2505 wpa_s->dpp_auth = auth;
2506 if (wpas_dpp_auth_init_next(wpa_s) < 0) {
2507 dpp_auth_deinit(wpa_s->dpp_auth);
2508 wpa_s->dpp_auth = NULL;
2509 }
2510 }
2511
2512
wpas_dpp_reconfig_reply_wait_timeout(void * eloop_ctx,void * timeout_ctx)2513 static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
2514 void *timeout_ctx)
2515 {
2516 struct wpa_supplicant *wpa_s = eloop_ctx;
2517 struct dpp_authentication *auth = wpa_s->dpp_auth;
2518
2519 if (!auth)
2520 return;
2521
2522 wpa_printf(MSG_DEBUG, "DPP: Reconfig Reply wait timeout");
2523 offchannel_send_action_done(wpa_s);
2524 wpas_dpp_listen_stop(wpa_s);
2525 dpp_auth_deinit(auth);
2526 wpa_s->dpp_auth = NULL;
2527 }
2528
2529
2530 static void
wpas_dpp_rx_reconfig_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2531 wpas_dpp_rx_reconfig_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
2532 const u8 *hdr, const u8 *buf, size_t len,
2533 unsigned int freq)
2534 {
2535 const u8 *csign_hash, *fcgroup, *a_nonce, *e_id;
2536 u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len;
2537 struct dpp_configurator *conf;
2538 struct dpp_authentication *auth;
2539 unsigned int wait_time, max_wait_time;
2540 u16 group;
2541
2542 if (!wpa_s->dpp)
2543 return;
2544
2545 if (wpa_s->dpp_auth) {
2546 wpa_printf(MSG_DEBUG,
2547 "DPP: Ignore Reconfig Announcement during ongoing Authentication");
2548 return;
2549 }
2550
2551 wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement from " MACSTR,
2552 MAC2STR(src));
2553
2554 csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH,
2555 &csign_hash_len);
2556 if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) {
2557 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2558 "Missing or invalid required Configurator C-sign key Hash attribute");
2559 return;
2560 }
2561 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)",
2562 csign_hash, csign_hash_len);
2563 conf = dpp_configurator_find_kid(wpa_s->dpp, csign_hash);
2564 if (!conf) {
2565 wpa_printf(MSG_DEBUG,
2566 "DPP: No matching Configurator information found");
2567 return;
2568 }
2569
2570 fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP,
2571 &fcgroup_len);
2572 if (!fcgroup || fcgroup_len != 2) {
2573 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2574 "Missing or invalid required Finite Cyclic Group attribute");
2575 return;
2576 }
2577 group = WPA_GET_LE16(fcgroup);
2578 wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group);
2579
2580 a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len);
2581 e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len);
2582
2583 auth = dpp_reconfig_init(wpa_s->dpp, wpa_s, conf, freq, group,
2584 a_nonce, a_nonce_len, e_id, e_id_len);
2585 if (!auth)
2586 return;
2587 wpas_dpp_set_testing_options(wpa_s, auth);
2588 if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
2589 dpp_auth_deinit(auth);
2590 return;
2591 }
2592
2593 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2594 wpa_s->dpp_auth = auth;
2595
2596 wpa_s->dpp_in_response_listen = 0;
2597 wpa_s->dpp_auth_ok_on_ack = 0;
2598 wait_time = wpa_s->max_remain_on_chan;
2599 max_wait_time = wpa_s->dpp_resp_wait_time ?
2600 wpa_s->dpp_resp_wait_time : 2000;
2601 if (wait_time > max_wait_time)
2602 wait_time = max_wait_time;
2603 wait_time += 10; /* give the driver some extra time to complete */
2604 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
2605 wpas_dpp_reconfig_reply_wait_timeout,
2606 wpa_s, NULL);
2607 wait_time -= 10;
2608
2609 wpas_dpp_stop_listen_for_tx(wpa_s, freq, wait_time);
2610
2611 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2612 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_REQ);
2613 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2614 wpabuf_head(auth->reconfig_req_msg),
2615 wpabuf_len(auth->reconfig_req_msg),
2616 wait_time, wpas_dpp_tx_status, 0) < 0) {
2617 dpp_auth_deinit(wpa_s->dpp_auth);
2618 wpa_s->dpp_auth = NULL;
2619 }
2620 }
2621
2622
2623 static void
wpas_dpp_rx_reconfig_auth_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2624 wpas_dpp_rx_reconfig_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
2625 const u8 *hdr, const u8 *buf, size_t len,
2626 unsigned int freq)
2627 {
2628 struct wpa_ssid *ssid;
2629 struct dpp_authentication *auth;
2630
2631 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Request from "
2632 MACSTR, MAC2STR(src));
2633
2634 if (!wpa_s->dpp)
2635 return;
2636 if (wpa_s->dpp_auth) {
2637 wpa_printf(MSG_DEBUG,
2638 "DPP: Not ready for reconfiguration - pending authentication exchange in progress");
2639 return;
2640 }
2641 if (!wpa_s->dpp_reconfig_ssid) {
2642 wpa_printf(MSG_DEBUG,
2643 "DPP: Not ready for reconfiguration - not requested");
2644 return;
2645 }
2646 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2647 if (ssid == wpa_s->dpp_reconfig_ssid &&
2648 ssid->id == wpa_s->dpp_reconfig_ssid_id)
2649 break;
2650 }
2651 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2652 !ssid->dpp_csign) {
2653 wpa_printf(MSG_DEBUG,
2654 "DPP: Not ready for reconfiguration - no matching network profile with Connector found");
2655 return;
2656 }
2657
2658 auth = dpp_reconfig_auth_req_rx(wpa_s->dpp, wpa_s, ssid->dpp_connector,
2659 ssid->dpp_netaccesskey,
2660 ssid->dpp_netaccesskey_len,
2661 ssid->dpp_csign, ssid->dpp_csign_len,
2662 freq, hdr, buf, len);
2663 if (!auth)
2664 return;
2665 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2666 wpa_s->dpp_auth = auth;
2667
2668 wpas_dpp_chirp_stop(wpa_s);
2669
2670 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2671 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_RESP);
2672 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2673 wpabuf_head(auth->reconfig_resp_msg),
2674 wpabuf_len(auth->reconfig_resp_msg),
2675 500, wpas_dpp_tx_status, 0) < 0) {
2676 dpp_auth_deinit(wpa_s->dpp_auth);
2677 wpa_s->dpp_auth = NULL;
2678 }
2679 }
2680
2681
2682 static void
wpas_dpp_rx_reconfig_auth_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2683 wpas_dpp_rx_reconfig_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2684 const u8 *hdr, const u8 *buf, size_t len,
2685 unsigned int freq)
2686 {
2687 struct dpp_authentication *auth = wpa_s->dpp_auth;
2688 struct wpabuf *conf;
2689
2690 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response from "
2691 MACSTR, MAC2STR(src));
2692
2693 if (!auth || !auth->reconfig || !auth->configurator) {
2694 wpa_printf(MSG_DEBUG,
2695 "DPP: No DPP Reconfig Authentication in progress - drop");
2696 return;
2697 }
2698
2699 if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2700 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2701 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2702 return;
2703 }
2704
2705 conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len);
2706 if (!conf)
2707 return;
2708
2709 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout, wpa_s, NULL);
2710
2711 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2712 MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_CONF);
2713 if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2714 wpabuf_head(conf), wpabuf_len(conf),
2715 500, wpas_dpp_tx_status, 0) < 0) {
2716 wpabuf_free(conf);
2717 dpp_auth_deinit(wpa_s->dpp_auth);
2718 wpa_s->dpp_auth = NULL;
2719 return;
2720 }
2721 wpabuf_free(conf);
2722
2723 wpas_dpp_start_gas_server(wpa_s);
2724 }
2725
2726
2727 static void
wpas_dpp_rx_reconfig_auth_conf(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2728 wpas_dpp_rx_reconfig_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
2729 const u8 *hdr, const u8 *buf, size_t len,
2730 unsigned int freq)
2731 {
2732 struct dpp_authentication *auth = wpa_s->dpp_auth;
2733
2734 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Confirm from "
2735 MACSTR, MAC2STR(src));
2736
2737 if (!auth || !auth->reconfig || auth->configurator) {
2738 wpa_printf(MSG_DEBUG,
2739 "DPP: No DPP Reconfig Authentication in progress - drop");
2740 return;
2741 }
2742
2743 if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2744 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2745 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2746 return;
2747 }
2748
2749 if (dpp_reconfig_auth_conf_rx(auth, hdr, buf, len) < 0)
2750 return;
2751
2752 wpas_dpp_start_gas_client(wpa_s);
2753 }
2754
2755 #endif /* CONFIG_DPP2 */
2756
2757
wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len)2758 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
2759 const u8 *src,
2760 const u8 *buf, size_t len)
2761 {
2762 struct wpa_ssid *ssid;
2763 const u8 *connector, *trans_id, *status;
2764 u16 connector_len, trans_id_len, status_len;
2765 #ifdef CONFIG_DPP2
2766 const u8 *version;
2767 u16 version_len;
2768 #endif /* CONFIG_DPP2 */
2769 u8 peer_version = 1;
2770 struct dpp_introduction intro;
2771 struct rsn_pmksa_cache_entry *entry;
2772 struct os_time now;
2773 struct os_reltime rnow;
2774 os_time_t expiry;
2775 unsigned int seconds;
2776 enum dpp_status_error res;
2777
2778 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
2779 MAC2STR(src));
2780 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
2781 !ether_addr_equal(src, wpa_s->dpp_intro_bssid)) {
2782 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
2783 MACSTR " - drop", MAC2STR(src));
2784 return;
2785 }
2786 offchannel_send_action_done(wpa_s);
2787
2788 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2789 if (ssid == wpa_s->dpp_intro_network)
2790 break;
2791 }
2792 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2793 !ssid->dpp_csign) {
2794 wpa_printf(MSG_DEBUG,
2795 "DPP: Profile not found for network introduction");
2796 return;
2797 }
2798
2799 os_memset(&intro, 0, sizeof(intro));
2800
2801 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
2802 &trans_id_len);
2803 if (!trans_id || trans_id_len != 1) {
2804 wpa_printf(MSG_DEBUG,
2805 "DPP: Peer did not include Transaction ID");
2806 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2807 " fail=missing_transaction_id", MAC2STR(src));
2808 goto fail;
2809 }
2810 if (trans_id[0] != TRANSACTION_ID) {
2811 wpa_printf(MSG_DEBUG,
2812 "DPP: Ignore frame with unexpected Transaction ID %u",
2813 trans_id[0]);
2814 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2815 " fail=transaction_id_mismatch", MAC2STR(src));
2816 goto fail;
2817 }
2818
2819 status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len);
2820 if (!status || status_len != 1) {
2821 wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status");
2822 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2823 " fail=missing_status", MAC2STR(src));
2824 goto fail;
2825 }
2826 if (status[0] != DPP_STATUS_OK) {
2827 wpa_printf(MSG_DEBUG,
2828 "DPP: Peer rejected network introduction: Status %u",
2829 status[0]);
2830 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2831 " status=%u", MAC2STR(src), status[0]);
2832 #ifdef CONFIG_DPP2
2833 wpas_dpp_send_conn_status_result(wpa_s, status[0]);
2834 #endif /* CONFIG_DPP2 */
2835 goto fail;
2836 }
2837
2838 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
2839 if (!connector) {
2840 wpa_printf(MSG_DEBUG,
2841 "DPP: Peer did not include its Connector");
2842 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2843 " fail=missing_connector", MAC2STR(src));
2844 goto fail;
2845 }
2846
2847 res = dpp_peer_intro(&intro, ssid->dpp_connector,
2848 ssid->dpp_netaccesskey,
2849 ssid->dpp_netaccesskey_len,
2850 ssid->dpp_csign,
2851 ssid->dpp_csign_len,
2852 connector, connector_len, &expiry, NULL);
2853 if (res != DPP_STATUS_OK) {
2854 wpa_printf(MSG_INFO,
2855 "DPP: Network Introduction protocol resulted in failure");
2856 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2857 " fail=peer_connector_validation_failed", MAC2STR(src));
2858 #ifdef CONFIG_DPP2
2859 wpas_dpp_send_conn_status_result(wpa_s, res);
2860 #endif /* CONFIG_DPP2 */
2861 goto fail;
2862 }
2863
2864 entry = os_zalloc(sizeof(*entry));
2865 if (!entry)
2866 goto fail;
2867 os_memcpy(entry->aa, src, ETH_ALEN);
2868 os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN);
2869 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
2870 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
2871 entry->pmk_len = intro.pmk_len;
2872 entry->akmp = WPA_KEY_MGMT_DPP;
2873 #ifdef CONFIG_DPP2
2874 version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
2875 &version_len);
2876 if (version && version_len >= 1)
2877 peer_version = version[0];
2878 #ifdef CONFIG_DPP3
2879 if (intro.peer_version && intro.peer_version >= 2 &&
2880 peer_version != intro.peer_version) {
2881 wpa_printf(MSG_INFO,
2882 "DPP: Protocol version mismatch (Connector: %d Attribute: %d",
2883 intro.peer_version, peer_version);
2884 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
2885 goto fail;
2886 }
2887 #endif /* CONFIG_DPP3 */
2888 entry->dpp_pfs = peer_version >= 2;
2889 #endif /* CONFIG_DPP2 */
2890 if (expiry) {
2891 os_get_time(&now);
2892 seconds = expiry - now.sec;
2893 } else {
2894 seconds = 86400 * 7;
2895 }
2896 os_get_reltime(&rnow);
2897 entry->expiration = rnow.sec + seconds;
2898 entry->reauth_time = rnow.sec + seconds;
2899 entry->network_ctx = ssid;
2900 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
2901
2902 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2903 " status=%u version=%u", MAC2STR(src), status[0], peer_version);
2904
2905 wpa_printf(MSG_DEBUG,
2906 "DPP: Try connection again after successful network introduction");
2907 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
2908 wpa_supplicant_cancel_sched_scan(wpa_s);
2909 wpa_supplicant_req_scan(wpa_s, 0, 0);
2910 }
2911 fail:
2912 dpp_peer_intro_deinit(&intro);
2913 }
2914
2915
wpas_dpp_allow_ir(struct wpa_supplicant * wpa_s,unsigned int freq)2916 static int wpas_dpp_allow_ir(struct wpa_supplicant *wpa_s, unsigned int freq)
2917 {
2918 int i, j;
2919
2920 if (!wpa_s->hw.modes)
2921 return -1;
2922
2923 for (i = 0; i < wpa_s->hw.num_modes; i++) {
2924 struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
2925
2926 for (j = 0; j < mode->num_channels; j++) {
2927 struct hostapd_channel_data *chan = &mode->channels[j];
2928
2929 if (chan->freq != (int) freq)
2930 continue;
2931
2932 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2933 HOSTAPD_CHAN_NO_IR |
2934 HOSTAPD_CHAN_RADAR))
2935 continue;
2936
2937 return 1;
2938 }
2939 }
2940
2941 wpa_printf(MSG_DEBUG,
2942 "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list",
2943 freq);
2944
2945 return 0;
2946 }
2947
2948
wpas_dpp_pkex_next_channel(struct wpa_supplicant * wpa_s,struct dpp_pkex * pkex)2949 static int wpas_dpp_pkex_next_channel(struct wpa_supplicant *wpa_s,
2950 struct dpp_pkex *pkex)
2951 {
2952 if (pkex->freq == 2437)
2953 pkex->freq = 5745;
2954 else if (pkex->freq == 5745)
2955 pkex->freq = 5220;
2956 else if (pkex->freq == 5220)
2957 pkex->freq = 60480;
2958 else
2959 return -1; /* no more channels to try */
2960
2961 if (wpas_dpp_allow_ir(wpa_s, pkex->freq) == 1) {
2962 wpa_printf(MSG_DEBUG, "DPP: Try to initiate on %u MHz",
2963 pkex->freq);
2964 return 0;
2965 }
2966
2967 /* Could not use this channel - try the next one */
2968 return wpas_dpp_pkex_next_channel(wpa_s, pkex);
2969 }
2970
2971
wpas_dpp_pkex_clear_code(struct wpa_supplicant * wpa_s)2972 static void wpas_dpp_pkex_clear_code(struct wpa_supplicant *wpa_s)
2973 {
2974 if (!wpa_s->dpp_pkex_code && !wpa_s->dpp_pkex_identifier)
2975 return;
2976
2977 /* Delete PKEX code and identifier on successful completion of
2978 * PKEX. We are not supposed to reuse these without being
2979 * explicitly requested to perform PKEX again. */
2980 wpa_printf(MSG_DEBUG, "DPP: Delete PKEX code/identifier");
2981 os_free(wpa_s->dpp_pkex_code);
2982 wpa_s->dpp_pkex_code = NULL;
2983 os_free(wpa_s->dpp_pkex_identifier);
2984 wpa_s->dpp_pkex_identifier = NULL;
2985
2986 }
2987
2988
2989 #ifdef CONFIG_DPP2
wpas_dpp_pkex_done(void * ctx,void * conn,struct dpp_bootstrap_info * peer_bi)2990 static int wpas_dpp_pkex_done(void *ctx, void *conn,
2991 struct dpp_bootstrap_info *peer_bi)
2992 {
2993 struct wpa_supplicant *wpa_s = ctx;
2994 char cmd[500];
2995 const char *pos;
2996 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
2997 struct dpp_bootstrap_info *own_bi = NULL;
2998 struct dpp_authentication *auth;
2999
3000 wpas_dpp_pkex_clear_code(wpa_s);
3001
3002 os_snprintf(cmd, sizeof(cmd), " peer=%u %s", peer_bi->id,
3003 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
3004 wpa_printf(MSG_DEBUG, "DPP: Start authentication after PKEX (cmd: %s)",
3005 cmd);
3006
3007 pos = os_strstr(cmd, " own=");
3008 if (pos) {
3009 pos += 5;
3010 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
3011 if (!own_bi) {
3012 wpa_printf(MSG_INFO,
3013 "DPP: Could not find bootstrapping info for the identified local entry");
3014 return -1;
3015 }
3016
3017 if (peer_bi->curve != own_bi->curve) {
3018 wpa_printf(MSG_INFO,
3019 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
3020 peer_bi->curve->name, own_bi->curve->name);
3021 return -1;
3022 }
3023 }
3024
3025 pos = os_strstr(cmd, " role=");
3026 if (pos) {
3027 pos += 6;
3028 if (os_strncmp(pos, "configurator", 12) == 0)
3029 allowed_roles = DPP_CAPAB_CONFIGURATOR;
3030 else if (os_strncmp(pos, "enrollee", 8) == 0)
3031 allowed_roles = DPP_CAPAB_ENROLLEE;
3032 else if (os_strncmp(pos, "either", 6) == 0)
3033 allowed_roles = DPP_CAPAB_CONFIGURATOR |
3034 DPP_CAPAB_ENROLLEE;
3035 else
3036 return -1;
3037 }
3038
3039 auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles,
3040 0, wpa_s->hw.modes, wpa_s->hw.num_modes);
3041 if (!auth)
3042 return -1;
3043
3044 wpas_dpp_set_testing_options(wpa_s, auth);
3045 if (dpp_set_configurator(auth, cmd) < 0) {
3046 dpp_auth_deinit(auth);
3047 return -1;
3048 }
3049
3050 return dpp_tcp_auth(wpa_s->dpp, conn, auth, wpa_s->conf->dpp_name,
3051 DPP_NETROLE_STA,
3052 wpa_s->conf->dpp_mud_url,
3053 wpa_s->conf->dpp_extra_conf_req_name,
3054 wpa_s->conf->dpp_extra_conf_req_value,
3055 wpas_dpp_process_conf_obj,
3056 wpas_dpp_tcp_msg_sent);
3057 }
3058 #endif /* CONFIG_DPP2 */
3059
3060
wpas_dpp_pkex_init(struct wpa_supplicant * wpa_s,enum dpp_pkex_ver ver,const struct hostapd_ip_addr * ipaddr,int tcp_port)3061 static int wpas_dpp_pkex_init(struct wpa_supplicant *wpa_s,
3062 enum dpp_pkex_ver ver,
3063 const struct hostapd_ip_addr *ipaddr,
3064 int tcp_port)
3065 {
3066 struct dpp_pkex *pkex;
3067 struct wpabuf *msg;
3068 unsigned int wait_time;
3069 bool v2 = ver != PKEX_VER_ONLY_1;
3070
3071 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEXv%d", v2 ? 2 : 1);
3072 dpp_pkex_free(wpa_s->dpp_pkex);
3073 wpa_s->dpp_pkex = NULL;
3074 pkex = dpp_pkex_init(wpa_s, wpa_s->dpp_pkex_bi, wpa_s->own_addr,
3075 wpa_s->dpp_pkex_identifier,
3076 wpa_s->dpp_pkex_code, wpa_s->dpp_pkex_code_len,
3077 v2);
3078 if (!pkex)
3079 return -1;
3080 pkex->forced_ver = ver != PKEX_VER_AUTO;
3081
3082 if (ipaddr) {
3083 #ifdef CONFIG_DPP2
3084 return dpp_tcp_pkex_init(wpa_s->dpp, pkex, ipaddr, tcp_port,
3085 wpa_s, wpa_s, wpas_dpp_pkex_done);
3086 #else /* CONFIG_DPP2 */
3087 return -1;
3088 #endif /* CONFIG_DPP2 */
3089 }
3090
3091 wpa_s->dpp_pkex = pkex;
3092 msg = pkex->exchange_req;
3093 wait_time = wpa_s->max_remain_on_chan;
3094 if (wait_time > 2000)
3095 wait_time = 2000;
3096 pkex->freq = 2437;
3097 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
3098 " freq=%u type=%d",
3099 MAC2STR(broadcast), pkex->freq,
3100 v2 ? DPP_PA_PKEX_EXCHANGE_REQ :
3101 DPP_PA_PKEX_V1_EXCHANGE_REQ);
3102 offchannel_send_action(wpa_s, pkex->freq, broadcast,
3103 wpa_s->own_addr, broadcast,
3104 wpabuf_head(msg), wpabuf_len(msg),
3105 wait_time, wpas_dpp_tx_pkex_status, 0);
3106 if (wait_time == 0)
3107 wait_time = 2000;
3108 pkex->exch_req_wait_time = wait_time;
3109 pkex->exch_req_tries = 1;
3110
3111 return 0;
3112 }
3113
3114
wpas_dpp_pkex_retry_timeout(void * eloop_ctx,void * timeout_ctx)3115 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx)
3116 {
3117 struct wpa_supplicant *wpa_s = eloop_ctx;
3118 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3119
3120 if (!pkex || !pkex->exchange_req)
3121 return;
3122 if (pkex->exch_req_tries >= 5) {
3123 if (wpas_dpp_pkex_next_channel(wpa_s, pkex) < 0) {
3124 #ifdef CONFIG_DPP3
3125 if (pkex->v2 && !pkex->forced_ver) {
3126 wpa_printf(MSG_DEBUG,
3127 "DPP: Fall back to PKEXv1");
3128 wpas_dpp_pkex_init(wpa_s, PKEX_VER_ONLY_1,
3129 NULL, 0);
3130 return;
3131 }
3132 #endif /* CONFIG_DPP3 */
3133 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
3134 "No response from PKEX peer");
3135 dpp_pkex_free(pkex);
3136 wpa_s->dpp_pkex = NULL;
3137 return;
3138 }
3139 pkex->exch_req_tries = 0;
3140 }
3141
3142 pkex->exch_req_tries++;
3143 wpa_printf(MSG_DEBUG, "DPP: Retransmit PKEX Exchange Request (try %u)",
3144 pkex->exch_req_tries);
3145 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3146 MAC2STR(broadcast), pkex->freq,
3147 pkex->v2 ? DPP_PA_PKEX_EXCHANGE_REQ :
3148 DPP_PA_PKEX_V1_EXCHANGE_REQ);
3149 offchannel_send_action(wpa_s, pkex->freq, broadcast,
3150 wpa_s->own_addr, broadcast,
3151 wpabuf_head(pkex->exchange_req),
3152 wpabuf_len(pkex->exchange_req),
3153 pkex->exch_req_wait_time,
3154 wpas_dpp_tx_pkex_status, 0);
3155 }
3156
3157
3158 static void
wpas_dpp_tx_pkex_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)3159 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
3160 unsigned int freq, const u8 *dst,
3161 const u8 *src, const u8 *bssid,
3162 const u8 *data, size_t data_len,
3163 enum offchannel_send_action_result result)
3164 {
3165 const char *res_txt;
3166 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3167
3168 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
3169 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
3170 "FAILED");
3171 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
3172 " result=%s (PKEX)",
3173 freq, MAC2STR(dst), res_txt);
3174 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
3175 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
3176
3177 if (!pkex) {
3178 wpa_printf(MSG_DEBUG,
3179 "DPP: Ignore TX status since there is no ongoing PKEX exchange");
3180 return;
3181 }
3182
3183 if (pkex->failed) {
3184 wpa_printf(MSG_DEBUG,
3185 "DPP: Terminate PKEX exchange due to an earlier error");
3186 if (pkex->t > pkex->own_bi->pkex_t)
3187 pkex->own_bi->pkex_t = pkex->t;
3188 dpp_pkex_free(pkex);
3189 wpa_s->dpp_pkex = NULL;
3190 return;
3191 }
3192
3193 if (pkex->exch_req_wait_time && pkex->exchange_req) {
3194 /* Wait for PKEX Exchange Response frame and retry request if
3195 * no response is seen. */
3196 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
3197 eloop_register_timeout(pkex->exch_req_wait_time / 1000,
3198 (pkex->exch_req_wait_time % 1000) * 1000,
3199 wpas_dpp_pkex_retry_timeout, wpa_s,
3200 NULL);
3201 }
3202 }
3203
3204
3205 static void
wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq,bool v2)3206 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
3207 const u8 *buf, size_t len, unsigned int freq,
3208 bool v2)
3209 {
3210 struct wpabuf *msg;
3211 unsigned int wait_time;
3212
3213 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
3214 MAC2STR(src));
3215
3216 if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_1 && v2) {
3217 wpa_printf(MSG_DEBUG,
3218 "DPP: Ignore PKEXv2 Exchange Request when configured to be PKEX v1 only");
3219 return;
3220 }
3221 if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_2 && !v2) {
3222 wpa_printf(MSG_DEBUG,
3223 "DPP: Ignore PKEXv1 Exchange Request when configured to be PKEX v2 only");
3224 return;
3225 }
3226
3227 /* TODO: Support multiple PKEX codes by iterating over all the enabled
3228 * values here */
3229
3230 if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) {
3231 wpa_printf(MSG_DEBUG,
3232 "DPP: No PKEX code configured - ignore request");
3233 return;
3234 }
3235
3236 #ifdef CONFIG_DPP2
3237 if (dpp_controller_is_own_pkex_req(wpa_s->dpp, buf, len)) {
3238 wpa_printf(MSG_DEBUG,
3239 "DPP: PKEX Exchange Request is from local Controller - ignore request");
3240 return;
3241 }
3242 #endif /* CONFIG_DPP2 */
3243
3244 if (wpa_s->dpp_pkex) {
3245 /* TODO: Support parallel operations */
3246 wpa_printf(MSG_DEBUG,
3247 "DPP: Already in PKEX session - ignore new request");
3248 return;
3249 }
3250
3251 wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi,
3252 wpa_s->own_addr, src,
3253 wpa_s->dpp_pkex_identifier,
3254 wpa_s->dpp_pkex_code,
3255 wpa_s->dpp_pkex_code_len,
3256 buf, len, v2);
3257 if (!wpa_s->dpp_pkex) {
3258 wpa_printf(MSG_DEBUG,
3259 "DPP: Failed to process the request - ignore it");
3260 return;
3261 }
3262
3263 #ifdef CONFIG_DPP3
3264 if (wpa_s->dpp_pb_bi && wpa_s->dpp_pb_announcement) {
3265 wpa_printf(MSG_DEBUG,
3266 "DPP: Started PB PKEX (no more PB announcements)");
3267 wpabuf_free(wpa_s->dpp_pb_announcement);
3268 wpa_s->dpp_pb_announcement = NULL;
3269 }
3270 #endif /* CONFIG_DPP3 */
3271 wpa_s->dpp_pkex_wait_auth_req = false;
3272 msg = wpa_s->dpp_pkex->exchange_resp;
3273 wait_time = wpa_s->max_remain_on_chan;
3274 if (wait_time > 2000)
3275 wait_time = 2000;
3276 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3277 MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP);
3278 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
3279 broadcast,
3280 wpabuf_head(msg), wpabuf_len(msg),
3281 wait_time, wpas_dpp_tx_pkex_status, 0);
3282 }
3283
3284
3285 static void
wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq)3286 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
3287 const u8 *buf, size_t len, unsigned int freq)
3288 {
3289 struct wpabuf *msg;
3290 unsigned int wait_time;
3291
3292 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
3293 MAC2STR(src));
3294
3295 /* TODO: Support multiple PKEX codes by iterating over all the enabled
3296 * values here */
3297
3298 if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator ||
3299 wpa_s->dpp_pkex->exchange_done) {
3300 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
3301 return;
3302 }
3303
3304 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
3305 wpa_s->dpp_pkex->exch_req_wait_time = 0;
3306
3307 msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, src, buf, len);
3308 if (!msg) {
3309 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
3310 return;
3311 }
3312
3313 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
3314 MAC2STR(src));
3315
3316 wait_time = wpa_s->max_remain_on_chan;
3317 if (wait_time > 2000)
3318 wait_time = 2000;
3319 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3320 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ);
3321 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
3322 broadcast,
3323 wpabuf_head(msg), wpabuf_len(msg),
3324 wait_time, wpas_dpp_tx_pkex_status, 0);
3325 wpabuf_free(msg);
3326 }
3327
3328
3329 static struct dpp_bootstrap_info *
wpas_dpp_pkex_finish(struct wpa_supplicant * wpa_s,const u8 * peer,unsigned int freq)3330 wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer,
3331 unsigned int freq)
3332 {
3333 struct dpp_bootstrap_info *bi;
3334
3335 wpas_dpp_pkex_clear_code(wpa_s);
3336 bi = dpp_pkex_finish(wpa_s->dpp, wpa_s->dpp_pkex, peer, freq);
3337 if (!bi)
3338 return NULL;
3339
3340 wpa_s->dpp_pkex = NULL;
3341
3342 #ifdef CONFIG_DPP3
3343 if (wpa_s->dpp_pb_bi && !wpa_s->dpp_pb_configurator &&
3344 os_memcmp(bi->pubkey_hash_chirp, wpa_s->dpp_pb_init_hash,
3345 SHA256_MAC_LEN) != 0) {
3346 char id[20];
3347
3348 wpa_printf(MSG_INFO,
3349 "DPP: Peer bootstrap key from PKEX does not match PB announcement response hash");
3350 wpa_hexdump(MSG_DEBUG,
3351 "DPP: Peer provided bootstrap key hash(chirp) from PB PKEX",
3352 bi->pubkey_hash_chirp, SHA256_MAC_LEN);
3353 wpa_hexdump(MSG_DEBUG,
3354 "DPP: Peer provided bootstrap key hash(chirp) from PB announcement response",
3355 wpa_s->dpp_pb_init_hash, SHA256_MAC_LEN);
3356
3357 os_snprintf(id, sizeof(id), "%u", bi->id);
3358 dpp_bootstrap_remove(wpa_s->dpp, id);
3359 wpas_dpp_push_button_stop(wpa_s);
3360 return NULL;
3361 }
3362 #endif /* CONFIG_DPP3 */
3363
3364 return bi;
3365 }
3366
3367
3368 static void
wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3369 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
3370 const u8 *hdr, const u8 *buf, size_t len,
3371 unsigned int freq)
3372 {
3373 struct wpabuf *msg;
3374 unsigned int wait_time;
3375 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3376
3377 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
3378 MAC2STR(src));
3379
3380 if (!pkex || pkex->initiator || !pkex->exchange_done) {
3381 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
3382 return;
3383 }
3384
3385 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
3386 if (!msg) {
3387 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
3388 if (pkex->failed) {
3389 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
3390 if (pkex->t > pkex->own_bi->pkex_t)
3391 pkex->own_bi->pkex_t = pkex->t;
3392 dpp_pkex_free(wpa_s->dpp_pkex);
3393 wpa_s->dpp_pkex = NULL;
3394 }
3395 return;
3396 }
3397
3398 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
3399 MACSTR, MAC2STR(src));
3400
3401 wait_time = wpa_s->max_remain_on_chan;
3402 if (wait_time > 2000)
3403 wait_time = 2000;
3404 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3405 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP);
3406 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
3407 broadcast,
3408 wpabuf_head(msg), wpabuf_len(msg),
3409 wait_time, wpas_dpp_tx_pkex_status, 0);
3410 wpabuf_free(msg);
3411
3412 wpas_dpp_pkex_finish(wpa_s, src, freq);
3413 wpa_s->dpp_pkex_wait_auth_req = true;
3414 }
3415
3416
3417 static void
wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3418 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
3419 const u8 *hdr, const u8 *buf, size_t len,
3420 unsigned int freq)
3421 {
3422 int res;
3423 struct dpp_bootstrap_info *bi;
3424 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3425 char cmd[500];
3426
3427 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
3428 MAC2STR(src));
3429
3430 if (!pkex || !pkex->initiator || !pkex->exchange_done) {
3431 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
3432 return;
3433 }
3434
3435 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
3436 if (res < 0) {
3437 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
3438 return;
3439 }
3440
3441 bi = wpas_dpp_pkex_finish(wpa_s, src, freq);
3442 if (!bi)
3443 return;
3444
3445 #ifdef CONFIG_DPP3
3446 if (wpa_s->dpp_pb_bi && wpa_s->dpp_pb_configurator &&
3447 os_memcmp(bi->pubkey_hash_chirp, wpa_s->dpp_pb_resp_hash,
3448 SHA256_MAC_LEN) != 0) {
3449 char id[20];
3450
3451 wpa_printf(MSG_INFO,
3452 "DPP: Peer bootstrap key from PKEX does not match PB announcement hash");
3453 wpa_hexdump(MSG_DEBUG,
3454 "DPP: Peer provided bootstrap key hash(chirp) from PB PKEX",
3455 bi->pubkey_hash_chirp, SHA256_MAC_LEN);
3456 wpa_hexdump(MSG_DEBUG,
3457 "DPP: Peer provided bootstrap key hash(chirp) from PB announcement",
3458 wpa_s->dpp_pb_resp_hash, SHA256_MAC_LEN);
3459
3460 os_snprintf(id, sizeof(id), "%u", bi->id);
3461 dpp_bootstrap_remove(wpa_s->dpp, id);
3462 wpas_dpp_push_button_stop(wpa_s);
3463 return;
3464 }
3465 #endif /* CONFIG_DPP3 */
3466
3467 os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
3468 bi->id,
3469 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
3470 wpa_printf(MSG_DEBUG,
3471 "DPP: Start authentication after PKEX with parameters: %s",
3472 cmd);
3473 if (wpas_dpp_auth_init(wpa_s, cmd) < 0) {
3474 wpa_printf(MSG_DEBUG,
3475 "DPP: Authentication initialization failed");
3476 offchannel_send_action_done(wpa_s);
3477 return;
3478 }
3479 }
3480
3481
3482 #ifdef CONFIG_DPP3
3483
wpas_dpp_pb_pkex_init(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * src,const u8 * r_hash)3484 static void wpas_dpp_pb_pkex_init(struct wpa_supplicant *wpa_s,
3485 unsigned int freq, const u8 *src,
3486 const u8 *r_hash)
3487 {
3488 struct dpp_pkex *pkex;
3489 struct wpabuf *msg;
3490 unsigned int wait_time;
3491 size_t len;
3492
3493 if (wpa_s->dpp_pkex) {
3494 wpa_printf(MSG_DEBUG,
3495 "DPP: Sending previously generated PKEX Exchange Request to "
3496 MACSTR, MAC2STR(src));
3497 msg = wpa_s->dpp_pkex->exchange_req;
3498 wait_time = wpa_s->max_remain_on_chan;
3499 if (wait_time > 2000)
3500 wait_time = 2000;
3501 offchannel_send_action(wpa_s, freq, src,
3502 wpa_s->own_addr, broadcast,
3503 wpabuf_head(msg), wpabuf_len(msg),
3504 wait_time, wpas_dpp_tx_pkex_status, 0);
3505 return;
3506 }
3507
3508 wpa_printf(MSG_DEBUG, "DPP: Initiate PKEX for push button with "
3509 MACSTR, MAC2STR(src));
3510
3511 if (!wpa_s->dpp_pb_cmd) {
3512 wpa_printf(MSG_INFO,
3513 "DPP: No configuration to provision as push button Configurator");
3514 wpas_dpp_push_button_stop(wpa_s);
3515 return;
3516 }
3517
3518 wpa_s->dpp_pkex_bi = wpa_s->dpp_pb_bi;
3519 os_memcpy(wpa_s->dpp_pb_resp_hash, r_hash, SHA256_MAC_LEN);
3520
3521 pkex = dpp_pkex_init(wpa_s, wpa_s->dpp_pkex_bi, wpa_s->own_addr,
3522 "PBPKEX", (const char *) wpa_s->dpp_pb_c_nonce,
3523 wpa_s->dpp_pb_bi->curve->nonce_len,
3524 true);
3525 if (!pkex) {
3526 wpas_dpp_push_button_stop(wpa_s);
3527 return;
3528 }
3529 pkex->freq = freq;
3530
3531 wpa_s->dpp_pkex = pkex;
3532 msg = wpa_s->dpp_pkex->exchange_req;
3533 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
3534 " freq=%u type=%d", MAC2STR(src), freq,
3535 DPP_PA_PKEX_EXCHANGE_REQ);
3536 wait_time = wpa_s->max_remain_on_chan;
3537 if (wait_time > 2000)
3538 wait_time = 2000;
3539 offchannel_send_action(wpa_s, pkex->freq, src,
3540 wpa_s->own_addr, broadcast,
3541 wpabuf_head(msg), wpabuf_len(msg),
3542 wait_time, wpas_dpp_tx_pkex_status, 0);
3543 pkex->exch_req_wait_time = 2000;
3544 pkex->exch_req_tries = 1;
3545
3546 /* Use the externally provided configuration */
3547 os_free(wpa_s->dpp_pkex_auth_cmd);
3548 len = 30 + os_strlen(wpa_s->dpp_pb_cmd);
3549 wpa_s->dpp_pkex_auth_cmd = os_malloc(len);
3550 if (wpa_s->dpp_pkex_auth_cmd)
3551 os_snprintf(wpa_s->dpp_pkex_auth_cmd, len, " own=%d %s",
3552 wpa_s->dpp_pkex_bi->id, wpa_s->dpp_pb_cmd);
3553 else
3554 wpas_dpp_push_button_stop(wpa_s);
3555 }
3556
3557
3558 static void
wpas_dpp_rx_pb_presence_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3559 wpas_dpp_rx_pb_presence_announcement(struct wpa_supplicant *wpa_s,
3560 const u8 *src, const u8 *hdr,
3561 const u8 *buf, size_t len,
3562 unsigned int freq)
3563 {
3564 const u8 *r_hash;
3565 u16 r_hash_len;
3566 unsigned int i;
3567 bool found = false;
3568 struct dpp_pb_info *info, *tmp;
3569 struct os_reltime now, age;
3570 struct wpabuf *msg;
3571
3572 os_get_reltime(&now);
3573 wpa_printf(MSG_DEBUG, "DPP: Push Button Presence Announcement from "
3574 MACSTR, MAC2STR(src));
3575
3576 r_hash = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
3577 &r_hash_len);
3578 if (!r_hash || r_hash_len != SHA256_MAC_LEN) {
3579 wpa_printf(MSG_DEBUG,
3580 "DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute");
3581 return;
3582 }
3583 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
3584 r_hash, r_hash_len);
3585
3586 for (i = 0; i < DPP_PB_INFO_COUNT; i++) {
3587 info = &wpa_s->dpp_pb[i];
3588 if ((info->rx_time.sec == 0 && info->rx_time.usec == 0) ||
3589 os_memcmp(r_hash, info->hash, SHA256_MAC_LEN) != 0)
3590 continue;
3591 wpa_printf(MSG_DEBUG,
3592 "DPP: Active push button Enrollee already known");
3593 found = true;
3594 info->rx_time = now;
3595 }
3596
3597 if (!found) {
3598 for (i = 0; i < DPP_PB_INFO_COUNT; i++) {
3599 tmp = &wpa_s->dpp_pb[i];
3600 if (tmp->rx_time.sec == 0 && tmp->rx_time.usec == 0)
3601 continue;
3602
3603 if (os_reltime_expired(&now, &tmp->rx_time, 120)) {
3604 wpa_hexdump(MSG_DEBUG,
3605 "DPP: Push button Enrollee hash expired",
3606 tmp->hash, SHA256_MAC_LEN);
3607 tmp->rx_time.sec = 0;
3608 tmp->rx_time.usec = 0;
3609 continue;
3610 }
3611
3612 wpa_hexdump(MSG_DEBUG,
3613 "DPP: Push button session overlap with hash",
3614 tmp->hash, SHA256_MAC_LEN);
3615 if (!wpa_s->dpp_pb_result_indicated &&
3616 wpas_dpp_pb_active(wpa_s)) {
3617 wpa_msg(wpa_s, MSG_INFO,
3618 DPP_EVENT_PB_RESULT "session-overlap");
3619 wpa_s->dpp_pb_result_indicated = true;
3620 }
3621 wpas_dpp_push_button_stop(wpa_s);
3622 return;
3623 }
3624
3625 /* Replace the oldest entry */
3626 info = &wpa_s->dpp_pb[0];
3627 for (i = 1; i < DPP_PB_INFO_COUNT; i++) {
3628 tmp = &wpa_s->dpp_pb[i];
3629 if (os_reltime_before(&tmp->rx_time, &info->rx_time))
3630 info = tmp;
3631 }
3632 wpa_printf(MSG_DEBUG, "DPP: New active push button Enrollee");
3633 os_memcpy(info->hash, r_hash, SHA256_MAC_LEN);
3634 info->rx_time = now;
3635 }
3636
3637 if (!wpas_dpp_pb_active(wpa_s)) {
3638 wpa_printf(MSG_DEBUG,
3639 "DPP: Discard message since own push button has not been pressed");
3640 return;
3641 }
3642
3643 if (wpa_s->dpp_pb_announce_time.sec == 0 &&
3644 wpa_s->dpp_pb_announce_time.usec == 0) {
3645 /* Start a wait before allowing PKEX to be initiated */
3646 wpa_s->dpp_pb_announce_time = now;
3647 }
3648
3649 if (!wpa_s->dpp_pb_bi) {
3650 int res;
3651
3652 res = dpp_bootstrap_gen(wpa_s->dpp, "type=pkex");
3653 if (res < 0)
3654 return;
3655 wpa_s->dpp_pb_bi = dpp_bootstrap_get_id(wpa_s->dpp, res);
3656 if (!wpa_s->dpp_pb_bi)
3657 return;
3658
3659 if (random_get_bytes(wpa_s->dpp_pb_c_nonce,
3660 wpa_s->dpp_pb_bi->curve->nonce_len)) {
3661 wpa_printf(MSG_ERROR,
3662 "DPP: Failed to generate C-nonce");
3663 wpas_dpp_push_button_stop(wpa_s);
3664 return;
3665 }
3666 }
3667
3668 /* Skip the response if one was sent within last 50 ms since the
3669 * Enrollee is going to send out at least three announcement messages.
3670 */
3671 os_reltime_sub(&now, &wpa_s->dpp_pb_last_resp, &age);
3672 if (age.sec == 0 && age.usec < 50000) {
3673 wpa_printf(MSG_DEBUG,
3674 "DPP: Skip Push Button Presence Announcement Response frame immediately after having sent one");
3675 return;
3676 }
3677
3678 msg = dpp_build_pb_announcement_resp(
3679 wpa_s->dpp_pb_bi, r_hash, wpa_s->dpp_pb_c_nonce,
3680 wpa_s->dpp_pb_bi->curve->nonce_len);
3681 if (!msg) {
3682 wpas_dpp_push_button_stop(wpa_s);
3683 return;
3684 }
3685
3686 wpa_printf(MSG_DEBUG,
3687 "DPP: Send Push Button Presence Announcement Response to "
3688 MACSTR, MAC2STR(src));
3689 wpa_s->dpp_pb_last_resp = now;
3690
3691 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3692 MAC2STR(src), freq, DPP_PA_PB_PRESENCE_ANNOUNCEMENT_RESP);
3693 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
3694 wpabuf_head(msg), wpabuf_len(msg),
3695 0, NULL, 0);
3696 wpabuf_free(msg);
3697
3698 if (os_reltime_expired(&now, &wpa_s->dpp_pb_announce_time, 15))
3699 wpas_dpp_pb_pkex_init(wpa_s, freq, src, r_hash);
3700 }
3701
3702
3703 static void
wpas_dpp_rx_pb_presence_announcement_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3704 wpas_dpp_rx_pb_presence_announcement_resp(struct wpa_supplicant *wpa_s,
3705 const u8 *src, const u8 *hdr,
3706 const u8 *buf, size_t len,
3707 unsigned int freq)
3708 {
3709 const u8 *i_hash, *r_hash, *c_nonce;
3710 u16 i_hash_len, r_hash_len, c_nonce_len;
3711 bool overlap = false;
3712
3713 if (!wpa_s->dpp_pb_announcement || !wpa_s->dpp_pb_bi ||
3714 wpa_s->dpp_pb_configurator) {
3715 wpa_printf(MSG_INFO,
3716 "DPP: Not in active push button Enrollee mode - discard Push Button Presence Announcement Response from "
3717 MACSTR, MAC2STR(src));
3718 return;
3719 }
3720
3721 wpa_printf(MSG_DEBUG,
3722 "DPP: Push Button Presence Announcement Response from "
3723 MACSTR, MAC2STR(src));
3724
3725 i_hash = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
3726 &i_hash_len);
3727 r_hash = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
3728 &r_hash_len);
3729 c_nonce = dpp_get_attr(buf, len, DPP_ATTR_CONFIGURATOR_NONCE,
3730 &c_nonce_len);
3731 if (!i_hash || i_hash_len != SHA256_MAC_LEN ||
3732 !r_hash || r_hash_len != SHA256_MAC_LEN ||
3733 !c_nonce || c_nonce_len > DPP_MAX_NONCE_LEN) {
3734 wpa_printf(MSG_DEBUG,
3735 "DPP: Missing or invalid required attribute");
3736 return;
3737 }
3738 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
3739 i_hash, i_hash_len);
3740 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
3741 r_hash, r_hash_len);
3742 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator Nonce",
3743 c_nonce, c_nonce_len);
3744
3745 #ifdef CONFIG_TESTING_OPTIONS
3746 if (dpp_test == DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_PB_REQ &&
3747 os_memcmp(r_hash, wpa_s->dpp_pb_bi->pubkey_hash_chirp,
3748 SHA256_MAC_LEN - 1) == 0)
3749 goto skip_hash_check;
3750 #endif /* CONFIG_TESTING_OPTIONS */
3751 if (os_memcmp(r_hash, wpa_s->dpp_pb_bi->pubkey_hash_chirp,
3752 SHA256_MAC_LEN) != 0) {
3753 wpa_printf(MSG_INFO,
3754 "DPP: Unexpected push button Responder hash - abort");
3755 overlap = true;
3756 }
3757 #ifdef CONFIG_TESTING_OPTIONS
3758 skip_hash_check:
3759 #endif /* CONFIG_TESTING_OPTIONS */
3760
3761 if (wpa_s->dpp_pb_resp_freq &&
3762 os_memcmp(i_hash, wpa_s->dpp_pb_init_hash, SHA256_MAC_LEN) != 0) {
3763 wpa_printf(MSG_INFO,
3764 "DPP: Push button session overlap detected - abort");
3765 overlap = true;
3766 }
3767
3768 if (overlap) {
3769 if (!wpa_s->dpp_pb_result_indicated) {
3770 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
3771 "session-overlap");
3772 wpa_s->dpp_pb_result_indicated = true;
3773 }
3774 wpas_dpp_push_button_stop(wpa_s);
3775 return;
3776 }
3777
3778 if (!wpa_s->dpp_pb_resp_freq) {
3779 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS
3780 "discovered push button AP/Configurator " MACSTR,
3781 MAC2STR(src));
3782 wpa_s->dpp_pb_resp_freq = freq;
3783 os_memcpy(wpa_s->dpp_pb_init_hash, i_hash, SHA256_MAC_LEN);
3784 os_memcpy(wpa_s->dpp_pb_c_nonce, c_nonce, c_nonce_len);
3785 wpa_s->dpp_pb_c_nonce_len = c_nonce_len;
3786 /* Stop announcement iterations after at least one more full
3787 * round and one extra round for postponed session overlap
3788 * detection. */
3789 wpa_s->dpp_pb_stop_iter = 3;
3790 }
3791 }
3792
3793
3794 static void
wpas_dpp_tx_priv_intro_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)3795 wpas_dpp_tx_priv_intro_status(struct wpa_supplicant *wpa_s,
3796 unsigned int freq, const u8 *dst,
3797 const u8 *src, const u8 *bssid,
3798 const u8 *data, size_t data_len,
3799 enum offchannel_send_action_result result)
3800 {
3801 const char *res_txt;
3802
3803 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
3804 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
3805 "FAILED");
3806 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
3807 " result=%s (DPP Private Peer Introduction Update)",
3808 freq, MAC2STR(dst), res_txt);
3809 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
3810 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
3811
3812 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR " version=%u",
3813 MAC2STR(src), wpa_s->dpp_intro_peer_version);
3814
3815 wpa_printf(MSG_DEBUG,
3816 "DPP: Try connection again after successful network introduction");
3817 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
3818 wpa_supplicant_cancel_sched_scan(wpa_s);
3819 wpa_supplicant_req_scan(wpa_s, 0, 0);
3820 }
3821 }
3822
3823
3824 static int
wpas_dpp_send_private_peer_intro_update(struct wpa_supplicant * wpa_s,struct dpp_introduction * intro,struct wpa_ssid * ssid,const u8 * dst,unsigned int freq)3825 wpas_dpp_send_private_peer_intro_update(struct wpa_supplicant *wpa_s,
3826 struct dpp_introduction *intro,
3827 struct wpa_ssid *ssid,
3828 const u8 *dst, unsigned int freq)
3829 {
3830 struct wpabuf *pt, *msg, *enc_ct;
3831 size_t len;
3832 u8 ver = DPP_VERSION;
3833 int conn_ver;
3834 const u8 *aad;
3835 size_t aad_len;
3836 unsigned int wait_time;
3837
3838 wpa_printf(MSG_DEBUG, "HPKE(kem_id=%u kdf_id=%u aead_id=%u)",
3839 intro->kem_id, intro->kdf_id, intro->aead_id);
3840
3841 /* Plaintext for HPKE */
3842 len = 5 + 4 + os_strlen(ssid->dpp_connector);
3843 pt = wpabuf_alloc(len);
3844 if (!pt)
3845 return -1;
3846
3847 /* Protocol Version */
3848 conn_ver = dpp_get_connector_version(ssid->dpp_connector);
3849 if (conn_ver > 0 && ver != conn_ver) {
3850 wpa_printf(MSG_DEBUG,
3851 "DPP: Use Connector version %d instead of current protocol version %d",
3852 conn_ver, ver);
3853 ver = conn_ver;
3854 }
3855 wpabuf_put_le16(pt, DPP_ATTR_PROTOCOL_VERSION);
3856 wpabuf_put_le16(pt, 1);
3857 wpabuf_put_u8(pt, ver);
3858
3859 /* Connector */
3860 wpabuf_put_le16(pt, DPP_ATTR_CONNECTOR);
3861 wpabuf_put_le16(pt, os_strlen(ssid->dpp_connector));
3862 wpabuf_put_str(pt, ssid->dpp_connector);
3863 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Plaintext for HPKE", pt);
3864
3865 /* HPKE(pt) using AP's public key (from its Connector) */
3866 msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_UPDATE, 0);
3867 if (!msg) {
3868 wpabuf_free(pt);
3869 return -1;
3870 }
3871 aad = wpabuf_head_u8(msg) + 2; /* from the OUI field (inclusive) */
3872 aad_len = DPP_HDR_LEN; /* to the DPP Frame Type field (inclusive) */
3873 wpa_hexdump(MSG_MSGDUMP, "DPP: AAD for HPKE", aad, aad_len);
3874
3875 enc_ct = hpke_base_seal(intro->kem_id, intro->kdf_id, intro->aead_id,
3876 intro->peer_key, NULL, 0, aad, aad_len,
3877 wpabuf_head(pt), wpabuf_len(pt));
3878 wpabuf_free(pt);
3879 wpabuf_free(msg);
3880 if (!enc_ct) {
3881 wpa_printf(MSG_INFO, "DPP: HPKE Seal(Connector) failed");
3882 return -1;
3883 }
3884 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: HPKE enc|ct", enc_ct);
3885
3886 /* HPKE(pt) to generate payload for Wrapped Data */
3887 len = 5 + 4 + wpabuf_len(enc_ct);
3888 msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_UPDATE, len);
3889 if (!msg) {
3890 wpabuf_free(enc_ct);
3891 return -1;
3892 }
3893
3894 /* Transaction ID */
3895 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
3896 wpabuf_put_le16(msg, 1);
3897 wpabuf_put_u8(msg, TRANSACTION_ID);
3898
3899 /* Wrapped Data */
3900 wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
3901 wpabuf_put_le16(msg, wpabuf_len(enc_ct));
3902 wpabuf_put_buf(msg, enc_ct);
3903 wpabuf_free(enc_ct);
3904
3905 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Private Peer Intro Update", msg);
3906
3907 /* TODO: Timeout on AP response */
3908 wait_time = wpa_s->max_remain_on_chan;
3909 if (wait_time > 2000)
3910 wait_time = 2000;
3911 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3912 MAC2STR(dst), freq, DPP_PA_PRIV_PEER_INTRO_QUERY);
3913 offchannel_send_action(wpa_s, freq, dst, wpa_s->own_addr, broadcast,
3914 wpabuf_head(msg), wpabuf_len(msg),
3915 wait_time, wpas_dpp_tx_priv_intro_status, 0);
3916 wpabuf_free(msg);
3917
3918 return 0;
3919 }
3920
3921
3922 static void
wpas_dpp_rx_priv_peer_intro_notify(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3923 wpas_dpp_rx_priv_peer_intro_notify(struct wpa_supplicant *wpa_s,
3924 const u8 *src, const u8 *hdr,
3925 const u8 *buf, size_t len,
3926 unsigned int freq)
3927 {
3928 struct wpa_ssid *ssid;
3929 const u8 *connector, *trans_id, *version;
3930 u16 connector_len, trans_id_len, version_len;
3931 u8 peer_version = 1;
3932 struct dpp_introduction intro;
3933 struct rsn_pmksa_cache_entry *entry;
3934 struct os_time now;
3935 struct os_reltime rnow;
3936 os_time_t expiry;
3937 unsigned int seconds;
3938 enum dpp_status_error res;
3939
3940 os_memset(&intro, 0, sizeof(intro));
3941
3942 wpa_printf(MSG_DEBUG, "DPP: Private Peer Introduction Notify from "
3943 MACSTR, MAC2STR(src));
3944 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
3945 !ether_addr_equal(src, wpa_s->dpp_intro_bssid)) {
3946 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
3947 MACSTR " - drop", MAC2STR(src));
3948 return;
3949 }
3950 offchannel_send_action_done(wpa_s);
3951
3952 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
3953 if (ssid == wpa_s->dpp_intro_network)
3954 break;
3955 }
3956 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
3957 !ssid->dpp_csign) {
3958 wpa_printf(MSG_DEBUG,
3959 "DPP: Profile not found for network introduction");
3960 return;
3961 }
3962
3963 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
3964 &trans_id_len);
3965 if (!trans_id || trans_id_len != 1) {
3966 wpa_printf(MSG_DEBUG,
3967 "DPP: Peer did not include Transaction ID");
3968 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
3969 " fail=missing_transaction_id", MAC2STR(src));
3970 goto fail;
3971 }
3972 if (trans_id[0] != TRANSACTION_ID) {
3973 wpa_printf(MSG_DEBUG,
3974 "DPP: Ignore frame with unexpected Transaction ID %u",
3975 trans_id[0]);
3976 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
3977 " fail=transaction_id_mismatch", MAC2STR(src));
3978 goto fail;
3979 }
3980
3981 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
3982 if (!connector) {
3983 wpa_printf(MSG_DEBUG,
3984 "DPP: Peer did not include its Connector");
3985 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
3986 " fail=missing_connector", MAC2STR(src));
3987 goto fail;
3988 }
3989
3990 version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
3991 &version_len);
3992 if (!version || version_len < 1) {
3993 wpa_printf(MSG_DEBUG,
3994 "DPP: Peer did not include valid Version");
3995 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
3996 " fail=missing_version", MAC2STR(src));
3997 goto fail;
3998 }
3999
4000 res = dpp_peer_intro(&intro, ssid->dpp_connector,
4001 ssid->dpp_netaccesskey,
4002 ssid->dpp_netaccesskey_len,
4003 ssid->dpp_csign,
4004 ssid->dpp_csign_len,
4005 connector, connector_len, &expiry, NULL);
4006 if (res != DPP_STATUS_OK) {
4007 wpa_printf(MSG_INFO,
4008 "DPP: Network Introduction protocol resulted in failure");
4009 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
4010 " fail=peer_connector_validation_failed", MAC2STR(src));
4011 wpas_dpp_send_conn_status_result(wpa_s, res);
4012 goto fail;
4013 }
4014
4015 peer_version = version[0];
4016 if (intro.peer_version && intro.peer_version >= 2 &&
4017 peer_version != intro.peer_version) {
4018 wpa_printf(MSG_INFO,
4019 "DPP: Protocol version mismatch (Connector: %d Attribute: %d",
4020 intro.peer_version, peer_version);
4021 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
4022 goto fail;
4023 }
4024 wpa_s->dpp_intro_peer_version = peer_version;
4025
4026 entry = os_zalloc(sizeof(*entry));
4027 if (!entry)
4028 goto fail;
4029 entry->dpp_pfs = peer_version >= 2;
4030 os_memcpy(entry->aa, src, ETH_ALEN);
4031 os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN);
4032 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
4033 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
4034 entry->pmk_len = intro.pmk_len;
4035 entry->akmp = WPA_KEY_MGMT_DPP;
4036 if (expiry) {
4037 os_get_time(&now);
4038 seconds = expiry - now.sec;
4039 } else {
4040 seconds = 86400 * 7;
4041 }
4042
4043 if (wpas_dpp_send_private_peer_intro_update(wpa_s, &intro, ssid, src,
4044 freq) < 0) {
4045 os_free(entry);
4046 goto fail;
4047 }
4048
4049 os_get_reltime(&rnow);
4050 entry->expiration = rnow.sec + seconds;
4051 entry->reauth_time = rnow.sec + seconds;
4052 entry->network_ctx = ssid;
4053 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
4054
4055 /* Association will be initiated from TX status handler for the Private
4056 * Peer Intro Update: wpas_dpp_tx_priv_intro_status() */
4057
4058 fail:
4059 dpp_peer_intro_deinit(&intro);
4060 }
4061
4062 #endif /* CONFIG_DPP3 */
4063
4064
wpas_dpp_rx_action(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq)4065 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
4066 const u8 *buf, size_t len, unsigned int freq)
4067 {
4068 u8 crypto_suite;
4069 enum dpp_public_action_frame_type type;
4070 const u8 *hdr;
4071 unsigned int pkex_t;
4072
4073 if (len < DPP_HDR_LEN)
4074 return;
4075 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
4076 return;
4077 hdr = buf;
4078 buf += 4;
4079 len -= 4;
4080 crypto_suite = *buf++;
4081 type = *buf++;
4082 len -= 2;
4083
4084 wpa_printf(MSG_DEBUG,
4085 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
4086 MACSTR " freq=%u",
4087 crypto_suite, type, MAC2STR(src), freq);
4088 #ifdef CONFIG_TESTING_OPTIONS
4089 if (wpa_s->dpp_discard_public_action &&
4090 type != DPP_PA_PEER_DISCOVERY_RESP &&
4091 type != DPP_PA_PRIV_PEER_INTRO_NOTIFY) {
4092 wpa_printf(MSG_DEBUG,
4093 "TESTING: Discard received DPP Public Action frame");
4094 return;
4095 }
4096 #endif /* CONFIG_TESTING_OPTIONS */
4097 if (crypto_suite != 1) {
4098 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
4099 crypto_suite);
4100 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
4101 " freq=%u type=%d ignore=unsupported-crypto-suite",
4102 MAC2STR(src), freq, type);
4103 return;
4104 }
4105 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
4106 if (dpp_check_attrs(buf, len) < 0) {
4107 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
4108 " freq=%u type=%d ignore=invalid-attributes",
4109 MAC2STR(src), freq, type);
4110 return;
4111 }
4112 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d",
4113 MAC2STR(src), freq, type);
4114
4115 switch (type) {
4116 case DPP_PA_AUTHENTICATION_REQ:
4117 wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
4118 break;
4119 case DPP_PA_AUTHENTICATION_RESP:
4120 wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq);
4121 break;
4122 case DPP_PA_AUTHENTICATION_CONF:
4123 wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
4124 break;
4125 case DPP_PA_PEER_DISCOVERY_RESP:
4126 wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
4127 break;
4128 #ifdef CONFIG_DPP3
4129 case DPP_PA_PKEX_EXCHANGE_REQ:
4130 /* This is for PKEXv2, but for now, process only with
4131 * CONFIG_DPP3 to avoid issues with a capability that has not
4132 * been tested with other implementations. */
4133 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq, true);
4134 break;
4135 #endif /* CONFIG_DPP3 */
4136 case DPP_PA_PKEX_V1_EXCHANGE_REQ:
4137 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq,
4138 false);
4139 break;
4140 case DPP_PA_PKEX_EXCHANGE_RESP:
4141 wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
4142 break;
4143 case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
4144 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
4145 freq);
4146 break;
4147 case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
4148 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
4149 freq);
4150 break;
4151 #ifdef CONFIG_DPP2
4152 case DPP_PA_CONFIGURATION_RESULT:
4153 wpas_dpp_rx_conf_result(wpa_s, src, hdr, buf, len);
4154 break;
4155 case DPP_PA_CONNECTION_STATUS_RESULT:
4156 wpas_dpp_rx_conn_status_result(wpa_s, src, hdr, buf, len);
4157 break;
4158 case DPP_PA_PRESENCE_ANNOUNCEMENT:
4159 wpas_dpp_rx_presence_announcement(wpa_s, src, hdr, buf, len,
4160 freq);
4161 break;
4162 case DPP_PA_RECONFIG_ANNOUNCEMENT:
4163 wpas_dpp_rx_reconfig_announcement(wpa_s, src, hdr, buf, len,
4164 freq);
4165 break;
4166 case DPP_PA_RECONFIG_AUTH_REQ:
4167 wpas_dpp_rx_reconfig_auth_req(wpa_s, src, hdr, buf, len, freq);
4168 break;
4169 case DPP_PA_RECONFIG_AUTH_RESP:
4170 wpas_dpp_rx_reconfig_auth_resp(wpa_s, src, hdr, buf, len, freq);
4171 break;
4172 case DPP_PA_RECONFIG_AUTH_CONF:
4173 wpas_dpp_rx_reconfig_auth_conf(wpa_s, src, hdr, buf, len, freq);
4174 break;
4175 #endif /* CONFIG_DPP2 */
4176 #ifdef CONFIG_DPP3
4177 case DPP_PA_PB_PRESENCE_ANNOUNCEMENT:
4178 wpas_dpp_rx_pb_presence_announcement(wpa_s, src, hdr,
4179 buf, len, freq);
4180 break;
4181 case DPP_PA_PB_PRESENCE_ANNOUNCEMENT_RESP:
4182 wpas_dpp_rx_pb_presence_announcement_resp(wpa_s, src, hdr,
4183 buf, len, freq);
4184 break;
4185 case DPP_PA_PRIV_PEER_INTRO_NOTIFY:
4186 wpas_dpp_rx_priv_peer_intro_notify(wpa_s, src, hdr,
4187 buf, len, freq);
4188 break;
4189 #endif /* CONFIG_DPP3 */
4190 default:
4191 wpa_printf(MSG_DEBUG,
4192 "DPP: Ignored unsupported frame subtype %d", type);
4193 break;
4194 }
4195
4196 if (wpa_s->dpp_pkex)
4197 pkex_t = wpa_s->dpp_pkex->t;
4198 else if (wpa_s->dpp_pkex_bi)
4199 pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
4200 else
4201 pkex_t = 0;
4202 if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
4203 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
4204 wpas_dpp_pkex_remove(wpa_s, "*");
4205 }
4206 }
4207
4208
wpas_dpp_gas_initial_resp_timeout(void * eloop_ctx,void * timeout_ctx)4209 static void wpas_dpp_gas_initial_resp_timeout(void *eloop_ctx,
4210 void *timeout_ctx)
4211 {
4212 struct wpa_supplicant *wpa_s = eloop_ctx;
4213 struct dpp_authentication *auth = wpa_s->dpp_auth;
4214
4215 if (!auth || !auth->waiting_config || !auth->config_resp_ctx)
4216 return;
4217
4218 wpa_printf(MSG_DEBUG,
4219 "DPP: No configuration available from upper layers - send initial response with comeback delay");
4220 gas_server_set_comeback_delay(wpa_s->gas_server, auth->config_resp_ctx,
4221 500);
4222 }
4223
4224
4225 static struct wpabuf *
wpas_dpp_gas_req_handler(void * ctx,void * resp_ctx,const u8 * sa,const u8 * query,size_t query_len,int * comeback_delay)4226 wpas_dpp_gas_req_handler(void *ctx, void *resp_ctx, const u8 *sa,
4227 const u8 *query, size_t query_len, int *comeback_delay)
4228 {
4229 struct wpa_supplicant *wpa_s = ctx;
4230 struct dpp_authentication *auth = wpa_s->dpp_auth;
4231 struct wpabuf *resp;
4232
4233 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
4234 MAC2STR(sa));
4235 if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
4236 !ether_addr_equal(sa, auth->peer_mac_addr)) {
4237 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
4238 return NULL;
4239 }
4240
4241 if (wpa_s->dpp_auth_ok_on_ack && auth->configurator) {
4242 wpa_printf(MSG_DEBUG,
4243 "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request");
4244 /* wpas_dpp_auth_success() would normally have been called from
4245 * TX status handler, but since there was no such handler call
4246 * yet, simply send out the event message and proceed with
4247 * exchange. */
4248 dpp_notify_auth_success(auth, 1);
4249 wpa_s->dpp_auth_ok_on_ack = 0;
4250 #ifdef CONFIG_TESTING_OPTIONS
4251 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
4252 wpa_printf(MSG_INFO,
4253 "DPP: TESTING - stop at Authentication Confirm");
4254 return NULL;
4255 }
4256 #endif /* CONFIG_TESTING_OPTIONS */
4257 }
4258
4259 wpa_hexdump(MSG_DEBUG,
4260 "DPP: Received Configuration Request (GAS Query Request)",
4261 query, query_len);
4262 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR,
4263 MAC2STR(sa));
4264 resp = dpp_conf_req_rx(auth, query, query_len);
4265
4266 auth->gas_server_ctx = resp_ctx;
4267
4268 #ifdef CONFIG_DPP2
4269 if (!resp && auth->waiting_cert) {
4270 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready");
4271 auth->config_resp_ctx = resp_ctx;
4272 *comeback_delay = 500;
4273 return NULL;
4274 }
4275 #endif /* CONFIG_DPP2 */
4276
4277 if (!resp && auth->waiting_config &&
4278 (auth->peer_bi || auth->tmp_peer_bi)) {
4279 char *buf = NULL, *name = "";
4280 char band[200], *pos, *end;
4281 int i, res, *opclass = auth->e_band_support;
4282 char *mud_url = "N/A";
4283
4284 wpa_printf(MSG_DEBUG, "DPP: Configuration not yet ready");
4285 auth->config_resp_ctx = resp_ctx;
4286 *comeback_delay = -1;
4287 if (auth->e_name) {
4288 size_t len = os_strlen(auth->e_name);
4289
4290 buf = os_malloc(len * 4 + 1);
4291 if (buf) {
4292 printf_encode(buf, len * 4 + 1,
4293 (const u8 *) auth->e_name, len);
4294 name = buf;
4295 }
4296 }
4297 band[0] = '\0';
4298 pos = band;
4299 end = band + sizeof(band);
4300 for (i = 0; opclass && opclass[i]; i++) {
4301 res = os_snprintf(pos, end - pos, "%s%d",
4302 pos == band ? "" : ",", opclass[i]);
4303 if (os_snprintf_error(end - pos, res)) {
4304 *pos = '\0';
4305 break;
4306 }
4307 pos += res;
4308 }
4309 if (auth->e_mud_url) {
4310 size_t len = os_strlen(auth->e_mud_url);
4311
4312 if (!has_ctrl_char((const u8 *) auth->e_mud_url, len))
4313 mud_url = auth->e_mud_url;
4314 }
4315 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_NEEDED "peer=%d src="
4316 MACSTR " net_role=%s name=\"%s\" opclass=%s mud_url=%s",
4317 auth->peer_bi ? auth->peer_bi->id :
4318 auth->tmp_peer_bi->id, MAC2STR(sa),
4319 dpp_netrole_str(auth->e_netrole), name, band, mud_url);
4320 os_free(buf);
4321
4322 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s,
4323 NULL);
4324 eloop_register_timeout(0, 50000,
4325 wpas_dpp_gas_initial_resp_timeout, wpa_s,
4326 NULL);
4327 return NULL;
4328 }
4329
4330 auth->conf_resp = resp;
4331 if (!resp) {
4332 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
4333 dpp_auth_deinit(wpa_s->dpp_auth);
4334 wpa_s->dpp_auth = NULL;
4335 }
4336 return resp;
4337 }
4338
4339
4340 static void
wpas_dpp_gas_status_handler(void * ctx,struct wpabuf * resp,int ok)4341 wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
4342 {
4343 struct wpa_supplicant *wpa_s = ctx;
4344 struct dpp_authentication *auth = wpa_s->dpp_auth;
4345
4346 if (!auth) {
4347 wpabuf_free(resp);
4348 return;
4349 }
4350 if (auth->conf_resp != resp) {
4351 wpa_printf(MSG_DEBUG,
4352 "DPP: Ignore GAS status report (ok=%d) for unknown response",
4353 ok);
4354 wpabuf_free(resp);
4355 return;
4356 }
4357
4358 #ifdef CONFIG_DPP2
4359 if (auth->waiting_csr && ok) {
4360 wpa_printf(MSG_DEBUG, "DPP: Waiting for CSR");
4361 wpabuf_free(resp);
4362 return;
4363 }
4364 #endif /* CONFIG_DPP2 */
4365
4366 #ifdef CONFIG_DPP3
4367 if (auth->waiting_new_key && ok) {
4368 wpa_printf(MSG_DEBUG, "DPP: Waiting for a new key");
4369 wpabuf_free(resp);
4370 return;
4371 }
4372 #endif /* CONFIG_DPP3 */
4373
4374 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
4375 ok);
4376 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
4377 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
4378 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
4379 #ifdef CONFIG_DPP2
4380 if (ok && auth->peer_version >= 2 &&
4381 auth->conf_resp_status == DPP_STATUS_OK &&
4382 !auth->waiting_conf_result) {
4383 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
4384 auth->waiting_conf_result = 1;
4385 auth->conf_resp = NULL;
4386 wpabuf_free(resp);
4387 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
4388 wpa_s, NULL);
4389 eloop_register_timeout(2, 0,
4390 wpas_dpp_config_result_wait_timeout,
4391 wpa_s, NULL);
4392 return;
4393 }
4394 #endif /* CONFIG_DPP2 */
4395 offchannel_send_action_done(wpa_s);
4396 wpas_dpp_listen_stop(wpa_s);
4397 if (ok)
4398 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT "conf_status=%d",
4399 auth->conf_resp_status);
4400 else
4401 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
4402 dpp_auth_deinit(wpa_s->dpp_auth);
4403 wpa_s->dpp_auth = NULL;
4404 wpabuf_free(resp);
4405 #ifdef CONFIG_DPP3
4406 if (!wpa_s->dpp_pb_result_indicated && wpas_dpp_pb_active(wpa_s)) {
4407 if (ok)
4408 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
4409 "success");
4410 else
4411 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
4412 "could-not-connect");
4413 wpa_s->dpp_pb_result_indicated = true;
4414 if (ok)
4415 wpas_dpp_remove_pb_hash(wpa_s);
4416 wpas_dpp_push_button_stop(wpa_s);
4417 }
4418 #endif /* CONFIG_DPP3 */
4419 }
4420
4421
wpas_dpp_configurator_sign(struct wpa_supplicant * wpa_s,const char * cmd)4422 int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
4423 {
4424 struct dpp_authentication *auth;
4425 int ret = -1;
4426 char *curve = NULL;
4427
4428 auth = dpp_alloc_auth(wpa_s->dpp, wpa_s);
4429 if (!auth)
4430 return -1;
4431
4432 curve = get_param(cmd, " curve=");
4433 wpas_dpp_set_testing_options(wpa_s, auth);
4434 if (dpp_set_configurator(auth, cmd) == 0 &&
4435 dpp_configurator_own_config(auth, curve, 0) == 0)
4436 ret = wpas_dpp_handle_config_obj(wpa_s, auth,
4437 &auth->conf_obj[0]);
4438 if (!ret)
4439 wpas_dpp_post_process_config(wpa_s, auth);
4440
4441 dpp_auth_deinit(auth);
4442 os_free(curve);
4443
4444 return ret;
4445 }
4446
4447
4448 static void
wpas_dpp_tx_introduction_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)4449 wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
4450 unsigned int freq, const u8 *dst,
4451 const u8 *src, const u8 *bssid,
4452 const u8 *data, size_t data_len,
4453 enum offchannel_send_action_result result)
4454 {
4455 const char *res_txt;
4456
4457 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
4458 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
4459 "FAILED");
4460 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
4461 " result=%s (DPP Peer Discovery Request)",
4462 freq, MAC2STR(dst), res_txt);
4463 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
4464 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
4465 /* TODO: Time out wait for response more quickly in error cases? */
4466 }
4467
4468
4469 #ifdef CONFIG_DPP3
wpas_dpp_start_private_peer_intro(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss)4470 static int wpas_dpp_start_private_peer_intro(struct wpa_supplicant *wpa_s,
4471 struct wpa_ssid *ssid,
4472 struct wpa_bss *bss)
4473 {
4474 struct wpabuf *msg;
4475 unsigned int wait_time;
4476 size_t len;
4477 u8 ver = DPP_VERSION;
4478 int conn_ver;
4479
4480 len = 5 + 5;
4481 msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_QUERY, len);
4482 if (!msg)
4483 return -1;
4484
4485 /* Transaction ID */
4486 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
4487 wpabuf_put_le16(msg, 1);
4488 wpabuf_put_u8(msg, TRANSACTION_ID);
4489
4490 conn_ver = dpp_get_connector_version(ssid->dpp_connector);
4491 if (conn_ver > 0 && ver != conn_ver) {
4492 wpa_printf(MSG_DEBUG,
4493 "DPP: Use Connector version %d instead of current protocol version %d",
4494 conn_ver, ver);
4495 ver = conn_ver;
4496 }
4497
4498 /* Protocol Version */
4499 wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
4500 wpabuf_put_le16(msg, 1);
4501 wpabuf_put_u8(msg, ver);
4502
4503 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Private Peer Intro Query", msg);
4504
4505 /* TODO: Timeout on AP response */
4506 wait_time = wpa_s->max_remain_on_chan;
4507 if (wait_time > 2000)
4508 wait_time = 2000;
4509 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
4510 MAC2STR(bss->bssid), bss->freq, DPP_PA_PRIV_PEER_INTRO_QUERY);
4511 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
4512 broadcast,
4513 wpabuf_head(msg), wpabuf_len(msg),
4514 wait_time, wpas_dpp_tx_introduction_status, 0);
4515 wpabuf_free(msg);
4516
4517 /* Request this connection attempt to terminate - new one will be
4518 * started when network introduction protocol completes */
4519 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
4520 wpa_s->dpp_intro_network = ssid;
4521 return 1;
4522 }
4523 #endif /* CONFIG_DPP3 */
4524
4525
wpas_dpp_check_connect(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss)4526 int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4527 struct wpa_bss *bss)
4528 {
4529 struct os_time now;
4530 struct wpabuf *msg;
4531 unsigned int wait_time;
4532 const u8 *rsn;
4533 struct wpa_ie_data ied;
4534 size_t len;
4535
4536 if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
4537 return 0; /* Not using DPP AKM - continue */
4538 rsn = wpa_bss_get_rsne(wpa_s, bss, ssid, false);
4539 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
4540 !(ied.key_mgmt & WPA_KEY_MGMT_DPP))
4541 return 0; /* AP does not support DPP AKM - continue */
4542 if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, wpa_s->own_addr, ssid))
4543 return 0; /* PMKSA exists for DPP AKM - continue */
4544
4545 if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
4546 !ssid->dpp_csign) {
4547 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
4548 "missing %s",
4549 !ssid->dpp_connector ? "Connector" :
4550 (!ssid->dpp_netaccesskey ? "netAccessKey" :
4551 "C-sign-key"));
4552 return -1;
4553 }
4554
4555 os_get_time(&now);
4556
4557 if (ssid->dpp_netaccesskey_expiry &&
4558 (os_time_t) ssid->dpp_netaccesskey_expiry < now.sec) {
4559 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
4560 "netAccessKey expired");
4561 return -1;
4562 }
4563
4564 wpa_printf(MSG_DEBUG,
4565 "DPP: Starting %snetwork introduction protocol to derive PMKSA for "
4566 MACSTR,
4567 ssid->dpp_connector_privacy ? "private " : "",
4568 MAC2STR(bss->bssid));
4569 if (wpa_s->wpa_state == WPA_SCANNING)
4570 wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state);
4571
4572 #ifdef CONFIG_DPP3
4573 if (ssid->dpp_connector_privacy)
4574 return wpas_dpp_start_private_peer_intro(wpa_s, ssid, bss);
4575 #endif /* CONFIG_DPP3 */
4576
4577 len = 5 + 4 + os_strlen(ssid->dpp_connector);
4578 #ifdef CONFIG_DPP2
4579 len += 5;
4580 #endif /* CONFIG_DPP2 */
4581 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ, len);
4582 if (!msg)
4583 return -1;
4584
4585 #ifdef CONFIG_TESTING_OPTIONS
4586 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) {
4587 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
4588 goto skip_trans_id;
4589 }
4590 if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ) {
4591 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID");
4592 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
4593 wpabuf_put_le16(msg, 0);
4594 goto skip_trans_id;
4595 }
4596 #endif /* CONFIG_TESTING_OPTIONS */
4597
4598 /* Transaction ID */
4599 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
4600 wpabuf_put_le16(msg, 1);
4601 wpabuf_put_u8(msg, TRANSACTION_ID);
4602
4603 #ifdef CONFIG_TESTING_OPTIONS
4604 skip_trans_id:
4605 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) {
4606 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
4607 goto skip_connector;
4608 }
4609 if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
4610 char *connector;
4611
4612 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
4613 connector = dpp_corrupt_connector_signature(
4614 ssid->dpp_connector);
4615 if (!connector) {
4616 wpabuf_free(msg);
4617 return -1;
4618 }
4619 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
4620 wpabuf_put_le16(msg, os_strlen(connector));
4621 wpabuf_put_str(msg, connector);
4622 os_free(connector);
4623 goto skip_connector;
4624 }
4625 #endif /* CONFIG_TESTING_OPTIONS */
4626
4627 /* DPP Connector */
4628 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
4629 wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
4630 wpabuf_put_str(msg, ssid->dpp_connector);
4631
4632 #ifdef CONFIG_TESTING_OPTIONS
4633 skip_connector:
4634 if (dpp_test == DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_REQ) {
4635 wpa_printf(MSG_INFO, "DPP: TESTING - no Protocol Version");
4636 goto skip_proto_ver;
4637 }
4638 #endif /* CONFIG_TESTING_OPTIONS */
4639
4640 #ifdef CONFIG_DPP2
4641 if (DPP_VERSION > 1) {
4642 u8 ver = DPP_VERSION;
4643 #ifdef CONFIG_DPP3
4644 int conn_ver;
4645
4646 conn_ver = dpp_get_connector_version(ssid->dpp_connector);
4647 if (conn_ver > 0 && ver != conn_ver) {
4648 wpa_printf(MSG_DEBUG,
4649 "DPP: Use Connector version %d instead of current protocol version %d",
4650 conn_ver, ver);
4651 ver = conn_ver;
4652 }
4653 #endif /* CONFIG_DPP3 */
4654
4655 #ifdef CONFIG_TESTING_OPTIONS
4656 if (dpp_test == DPP_TEST_INVALID_PROTOCOL_VERSION_PEER_DISC_REQ) {
4657 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Protocol Version");
4658 ver = 1;
4659 }
4660 #endif /* CONFIG_TESTING_OPTIONS */
4661
4662 /* Protocol Version */
4663 wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
4664 wpabuf_put_le16(msg, 1);
4665 wpabuf_put_u8(msg, ver);
4666 }
4667 #endif /* CONFIG_DPP2 */
4668
4669 #ifdef CONFIG_TESTING_OPTIONS
4670 skip_proto_ver:
4671 #endif /* CONFIG_TESTING_OPTIONS */
4672
4673 /* TODO: Timeout on AP response */
4674 wait_time = wpa_s->max_remain_on_chan;
4675 if (wait_time > 2000)
4676 wait_time = 2000;
4677 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
4678 MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ);
4679 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
4680 broadcast,
4681 wpabuf_head(msg), wpabuf_len(msg),
4682 wait_time, wpas_dpp_tx_introduction_status, 0);
4683 wpabuf_free(msg);
4684
4685 /* Request this connection attempt to terminate - new one will be
4686 * started when network introduction protocol completes */
4687 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
4688 wpa_s->dpp_intro_network = ssid;
4689 return 1;
4690 }
4691
4692
wpas_dpp_pkex_add(struct wpa_supplicant * wpa_s,const char * cmd)4693 int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
4694 {
4695 struct dpp_bootstrap_info *own_bi;
4696 const char *pos, *end;
4697 #ifdef CONFIG_DPP3
4698 enum dpp_pkex_ver ver = PKEX_VER_AUTO;
4699 #else /* CONFIG_DPP3 */
4700 enum dpp_pkex_ver ver = PKEX_VER_ONLY_1;
4701 #endif /* CONFIG_DPP3 */
4702 int tcp_port = DPP_TCP_PORT;
4703 struct hostapd_ip_addr *ipaddr = NULL;
4704 #ifdef CONFIG_DPP2
4705 struct hostapd_ip_addr ipaddr_buf;
4706 char *addr;
4707
4708 pos = os_strstr(cmd, " tcp_port=");
4709 if (pos) {
4710 pos += 10;
4711 tcp_port = atoi(pos);
4712 }
4713
4714 addr = get_param(cmd, " tcp_addr=");
4715 if (addr) {
4716 int res;
4717
4718 res = hostapd_parse_ip_addr(addr, &ipaddr_buf);
4719 os_free(addr);
4720 if (res)
4721 return -1;
4722 ipaddr = &ipaddr_buf;
4723 }
4724 #endif /* CONFIG_DPP2 */
4725
4726 pos = os_strstr(cmd, " own=");
4727 if (!pos)
4728 return -1;
4729 pos += 5;
4730 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
4731 if (!own_bi) {
4732 wpa_printf(MSG_DEBUG,
4733 "DPP: Identified bootstrap info not found");
4734 return -1;
4735 }
4736 if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
4737 wpa_printf(MSG_DEBUG,
4738 "DPP: Identified bootstrap info not for PKEX");
4739 return -1;
4740 }
4741 wpa_s->dpp_pkex_bi = own_bi;
4742 own_bi->pkex_t = 0; /* clear pending errors on new code */
4743
4744 os_free(wpa_s->dpp_pkex_identifier);
4745 wpa_s->dpp_pkex_identifier = NULL;
4746 pos = os_strstr(cmd, " identifier=");
4747 if (pos) {
4748 pos += 12;
4749 end = os_strchr(pos, ' ');
4750 if (!end)
4751 return -1;
4752 wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1);
4753 if (!wpa_s->dpp_pkex_identifier)
4754 return -1;
4755 os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos);
4756 wpa_s->dpp_pkex_identifier[end - pos] = '\0';
4757 }
4758
4759 pos = os_strstr(cmd, " code=");
4760 if (!pos)
4761 return -1;
4762 os_free(wpa_s->dpp_pkex_code);
4763 wpa_s->dpp_pkex_code = os_strdup(pos + 6);
4764 if (!wpa_s->dpp_pkex_code)
4765 return -1;
4766 wpa_s->dpp_pkex_code_len = os_strlen(wpa_s->dpp_pkex_code);
4767
4768 pos = os_strstr(cmd, " ver=");
4769 if (pos) {
4770 int v;
4771
4772 pos += 5;
4773 v = atoi(pos);
4774 if (v == 1)
4775 ver = PKEX_VER_ONLY_1;
4776 else if (v == 2)
4777 ver = PKEX_VER_ONLY_2;
4778 else
4779 return -1;
4780 }
4781 wpa_s->dpp_pkex_ver = ver;
4782
4783 if (os_strstr(cmd, " init=1")) {
4784 if (wpas_dpp_pkex_init(wpa_s, ver, ipaddr, tcp_port) < 0)
4785 return -1;
4786 } else {
4787 #ifdef CONFIG_DPP2
4788 dpp_controller_pkex_add(wpa_s->dpp, own_bi,
4789 wpa_s->dpp_pkex_code,
4790 wpa_s->dpp_pkex_identifier);
4791 #endif /* CONFIG_DPP2 */
4792 }
4793
4794 /* TODO: Support multiple PKEX info entries */
4795
4796 os_free(wpa_s->dpp_pkex_auth_cmd);
4797 wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd);
4798
4799 return 1;
4800 }
4801
4802
wpas_dpp_pkex_remove(struct wpa_supplicant * wpa_s,const char * id)4803 int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id)
4804 {
4805 unsigned int id_val;
4806
4807 if (os_strcmp(id, "*") == 0) {
4808 id_val = 0;
4809 } else {
4810 id_val = atoi(id);
4811 if (id_val == 0)
4812 return -1;
4813 }
4814
4815 if ((id_val != 0 && id_val != 1))
4816 return -1;
4817
4818 /* TODO: Support multiple PKEX entries */
4819 os_free(wpa_s->dpp_pkex_code);
4820 wpa_s->dpp_pkex_code = NULL;
4821 os_free(wpa_s->dpp_pkex_identifier);
4822 wpa_s->dpp_pkex_identifier = NULL;
4823 os_free(wpa_s->dpp_pkex_auth_cmd);
4824 wpa_s->dpp_pkex_auth_cmd = NULL;
4825 wpa_s->dpp_pkex_bi = NULL;
4826 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
4827 dpp_pkex_free(wpa_s->dpp_pkex);
4828 wpa_s->dpp_pkex = NULL;
4829 return 0;
4830 }
4831
4832
wpas_dpp_stop(struct wpa_supplicant * wpa_s)4833 void wpas_dpp_stop(struct wpa_supplicant *wpa_s)
4834 {
4835 if (wpa_s->dpp_auth || wpa_s->dpp_pkex || wpa_s->dpp_pkex_wait_auth_req)
4836 offchannel_send_action_done(wpa_s);
4837 dpp_auth_deinit(wpa_s->dpp_auth);
4838 wpa_s->dpp_auth = NULL;
4839 dpp_pkex_free(wpa_s->dpp_pkex);
4840 wpa_s->dpp_pkex = NULL;
4841 wpa_s->dpp_pkex_wait_auth_req = false;
4842 if (wpa_s->dpp_gas_client && wpa_s->dpp_gas_dialog_token >= 0)
4843 gas_query_stop(wpa_s->gas, wpa_s->dpp_gas_dialog_token);
4844 #ifdef CONFIG_DPP3
4845 wpas_dpp_push_button_stop(wpa_s);
4846 #endif /* CONFIG_DPP3 */
4847 }
4848
4849
wpas_dpp_init(struct wpa_supplicant * wpa_s)4850 int wpas_dpp_init(struct wpa_supplicant *wpa_s)
4851 {
4852 struct dpp_global_config config;
4853 u8 adv_proto_id[7];
4854
4855 adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
4856 adv_proto_id[1] = 5;
4857 WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
4858 adv_proto_id[5] = DPP_OUI_TYPE;
4859 adv_proto_id[6] = 0x01;
4860
4861 if (gas_server_register(wpa_s->gas_server, adv_proto_id,
4862 sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
4863 wpas_dpp_gas_status_handler, wpa_s) < 0)
4864 return -1;
4865
4866 os_memset(&config, 0, sizeof(config));
4867 config.cb_ctx = wpa_s;
4868 #ifdef CONFIG_DPP2
4869 config.remove_bi = wpas_dpp_remove_bi;
4870 #endif /* CONFIG_DPP2 */
4871 wpa_s->dpp = dpp_global_init(&config);
4872 return wpa_s->dpp ? 0 : -1;
4873 }
4874
4875
wpas_dpp_deinit(struct wpa_supplicant * wpa_s)4876 void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
4877 {
4878 #ifdef CONFIG_TESTING_OPTIONS
4879 os_free(wpa_s->dpp_config_obj_override);
4880 wpa_s->dpp_config_obj_override = NULL;
4881 os_free(wpa_s->dpp_discovery_override);
4882 wpa_s->dpp_discovery_override = NULL;
4883 os_free(wpa_s->dpp_groups_override);
4884 wpa_s->dpp_groups_override = NULL;
4885 wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
4886 #endif /* CONFIG_TESTING_OPTIONS */
4887 if (!wpa_s->dpp)
4888 return;
4889 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
4890 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
4891 eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
4892 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
4893 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
4894 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s, NULL);
4895 eloop_cancel_timeout(wpas_dpp_gas_client_timeout, wpa_s, NULL);
4896 eloop_cancel_timeout(wpas_dpp_drv_wait_timeout, wpa_s, NULL);
4897 eloop_cancel_timeout(wpas_dpp_tx_auth_resp_roc_timeout, wpa_s, NULL);
4898 eloop_cancel_timeout(wpas_dpp_neg_freq_timeout, wpa_s, NULL);
4899 #ifdef CONFIG_DPP2
4900 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
4901 eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
4902 wpa_s, NULL);
4903 eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
4904 eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
4905 wpa_s, NULL);
4906 eloop_cancel_timeout(wpas_dpp_build_csr, wpa_s, NULL);
4907 eloop_cancel_timeout(wpas_dpp_connected_timeout, wpa_s, NULL);
4908 dpp_pfs_free(wpa_s->dpp_pfs);
4909 wpa_s->dpp_pfs = NULL;
4910 wpas_dpp_chirp_stop(wpa_s);
4911 dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
4912 wpa_s->dpp_reconfig_id = NULL;
4913 #endif /* CONFIG_DPP2 */
4914 #ifdef CONFIG_DPP3
4915 eloop_cancel_timeout(wpas_dpp_build_new_key, wpa_s, NULL);
4916 #endif /* CONFIG_DPP3 */
4917 offchannel_send_action_done(wpa_s);
4918 wpas_dpp_listen_stop(wpa_s);
4919 wpas_dpp_stop(wpa_s);
4920 wpas_dpp_pkex_remove(wpa_s, "*");
4921 os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
4922 os_free(wpa_s->dpp_configurator_params);
4923 wpa_s->dpp_configurator_params = NULL;
4924 dpp_global_clear(wpa_s->dpp);
4925 }
4926
4927
wpas_dpp_build_conf_resp(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,bool tcp)4928 static int wpas_dpp_build_conf_resp(struct wpa_supplicant *wpa_s,
4929 struct dpp_authentication *auth, bool tcp)
4930 {
4931 struct wpabuf *resp;
4932
4933 resp = dpp_build_conf_resp(auth, auth->e_nonce, auth->curve->nonce_len,
4934 auth->e_netrole, true);
4935 if (!resp)
4936 return -1;
4937
4938 if (tcp) {
4939 auth->conf_resp_tcp = resp;
4940 return 0;
4941 }
4942
4943 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s, NULL);
4944 if (gas_server_set_resp(wpa_s->gas_server, auth->config_resp_ctx,
4945 resp) < 0) {
4946 wpa_printf(MSG_DEBUG,
4947 "DPP: Could not find pending GAS response");
4948 wpabuf_free(resp);
4949 return -1;
4950 }
4951 auth->conf_resp = resp;
4952 return 0;
4953 }
4954
4955
wpas_dpp_conf_set(struct wpa_supplicant * wpa_s,const char * cmd)4956 int wpas_dpp_conf_set(struct wpa_supplicant *wpa_s, const char *cmd)
4957 {
4958 int peer;
4959 const char *pos;
4960 struct dpp_authentication *auth = wpa_s->dpp_auth;
4961 bool tcp = false;
4962
4963 pos = os_strstr(cmd, " peer=");
4964 if (!pos)
4965 return -1;
4966 peer = atoi(pos + 6);
4967 #ifdef CONFIG_DPP2
4968 if (!auth || !auth->waiting_config ||
4969 (auth->peer_bi &&
4970 (unsigned int) peer != auth->peer_bi->id)) {
4971 auth = dpp_controller_get_auth(wpa_s->dpp, peer);
4972 tcp = true;
4973 }
4974 #endif /* CONFIG_DPP2 */
4975
4976 if (!auth || !auth->waiting_config) {
4977 wpa_printf(MSG_DEBUG,
4978 "DPP: No authentication exchange waiting for configuration information");
4979 return -1;
4980 }
4981
4982 if ((!auth->peer_bi ||
4983 (unsigned int) peer != auth->peer_bi->id) &&
4984 (!auth->tmp_peer_bi ||
4985 (unsigned int) peer != auth->tmp_peer_bi->id)) {
4986 wpa_printf(MSG_DEBUG, "DPP: Peer mismatch");
4987 return -1;
4988 }
4989
4990 pos = os_strstr(cmd, " comeback=");
4991 if (pos) {
4992 eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s,
4993 NULL);
4994 gas_server_set_comeback_delay(wpa_s->gas_server,
4995 auth->config_resp_ctx,
4996 atoi(pos + 10));
4997 return 0;
4998 }
4999
5000 if (dpp_set_configurator(auth, cmd) < 0)
5001 return -1;
5002
5003 auth->use_config_query = false;
5004 auth->waiting_config = false;
5005 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
5006 }
5007
5008
5009 #ifdef CONFIG_DPP2
5010
wpas_dpp_controller_start(struct wpa_supplicant * wpa_s,const char * cmd)5011 int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd)
5012 {
5013 struct dpp_controller_config config;
5014 const char *pos;
5015
5016 os_memset(&config, 0, sizeof(config));
5017 config.allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR;
5018 config.netrole = DPP_NETROLE_STA;
5019 config.msg_ctx = wpa_s;
5020 config.cb_ctx = wpa_s;
5021 config.process_conf_obj = wpas_dpp_process_conf_obj;
5022 config.tcp_msg_sent = wpas_dpp_tcp_msg_sent;
5023 if (cmd) {
5024 pos = os_strstr(cmd, " tcp_port=");
5025 if (pos) {
5026 pos += 10;
5027 config.tcp_port = atoi(pos);
5028 }
5029
5030 pos = os_strstr(cmd, " role=");
5031 if (pos) {
5032 pos += 6;
5033 if (os_strncmp(pos, "configurator", 12) == 0)
5034 config.allowed_roles = DPP_CAPAB_CONFIGURATOR;
5035 else if (os_strncmp(pos, "enrollee", 8) == 0)
5036 config.allowed_roles = DPP_CAPAB_ENROLLEE;
5037 else if (os_strncmp(pos, "either", 6) == 0)
5038 config.allowed_roles = DPP_CAPAB_CONFIGURATOR |
5039 DPP_CAPAB_ENROLLEE;
5040 else
5041 return -1;
5042 }
5043
5044 config.qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
5045 }
5046 config.configurator_params = wpa_s->dpp_configurator_params;
5047 return dpp_controller_start(wpa_s->dpp, &config);
5048 }
5049
5050
5051 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx);
5052
wpas_dpp_chirp_timeout(void * eloop_ctx,void * timeout_ctx)5053 static void wpas_dpp_chirp_timeout(void *eloop_ctx, void *timeout_ctx)
5054 {
5055 struct wpa_supplicant *wpa_s = eloop_ctx;
5056
5057 wpa_printf(MSG_DEBUG, "DPP: No chirp response received");
5058 offchannel_send_action_done(wpa_s);
5059 wpas_dpp_chirp_next(wpa_s, NULL);
5060 }
5061
5062
wpas_dpp_chirp_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)5063 static void wpas_dpp_chirp_tx_status(struct wpa_supplicant *wpa_s,
5064 unsigned int freq, const u8 *dst,
5065 const u8 *src, const u8 *bssid,
5066 const u8 *data, size_t data_len,
5067 enum offchannel_send_action_result result)
5068 {
5069 if (result == OFFCHANNEL_SEND_ACTION_FAILED) {
5070 wpa_printf(MSG_DEBUG, "DPP: Failed to send chirp on %d MHz",
5071 wpa_s->dpp_chirp_freq);
5072 if (eloop_register_timeout(0, 0, wpas_dpp_chirp_next,
5073 wpa_s, NULL) < 0)
5074 wpas_dpp_chirp_stop(wpa_s);
5075 return;
5076 }
5077
5078 wpa_printf(MSG_DEBUG, "DPP: Chirp send completed - wait for response");
5079 if (eloop_register_timeout(2, 0, wpas_dpp_chirp_timeout,
5080 wpa_s, NULL) < 0)
5081 wpas_dpp_chirp_stop(wpa_s);
5082 }
5083
5084
wpas_dpp_chirp_start(struct wpa_supplicant * wpa_s)5085 static void wpas_dpp_chirp_start(struct wpa_supplicant *wpa_s)
5086 {
5087 struct wpabuf *msg, *announce = NULL;
5088 int type;
5089
5090 msg = wpa_s->dpp_presence_announcement;
5091 type = DPP_PA_PRESENCE_ANNOUNCEMENT;
5092 if (!msg) {
5093 struct wpa_ssid *ssid = wpa_s->dpp_reconfig_ssid;
5094
5095 if (ssid && wpa_s->dpp_reconfig_id &&
5096 wpa_config_get_network(wpa_s->conf,
5097 wpa_s->dpp_reconfig_ssid_id) ==
5098 ssid) {
5099 announce = dpp_build_reconfig_announcement(
5100 ssid->dpp_csign,
5101 ssid->dpp_csign_len,
5102 ssid->dpp_netaccesskey,
5103 ssid->dpp_netaccesskey_len,
5104 wpa_s->dpp_reconfig_id);
5105 msg = announce;
5106 }
5107 if (!msg)
5108 return;
5109 type = DPP_PA_RECONFIG_ANNOUNCEMENT;
5110 }
5111 wpa_printf(MSG_DEBUG, "DPP: Chirp on %d MHz", wpa_s->dpp_chirp_freq);
5112 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
5113 MAC2STR(broadcast), wpa_s->dpp_chirp_freq, type);
5114 if (offchannel_send_action(
5115 wpa_s, wpa_s->dpp_chirp_freq, broadcast,
5116 wpa_s->own_addr, broadcast,
5117 wpabuf_head(msg), wpabuf_len(msg),
5118 2000, wpas_dpp_chirp_tx_status, 0) < 0)
5119 wpas_dpp_chirp_stop(wpa_s);
5120
5121 wpabuf_free(announce);
5122 }
5123
5124
wpas_dpp_presence_ann_channels(struct wpa_supplicant * wpa_s,struct dpp_bootstrap_info * bi)5125 static int * wpas_dpp_presence_ann_channels(struct wpa_supplicant *wpa_s,
5126 struct dpp_bootstrap_info *bi)
5127 {
5128 unsigned int i;
5129 struct hostapd_hw_modes *mode;
5130 int c;
5131 struct wpa_bss *bss;
5132 bool chan6 = wpa_s->hw.modes == NULL;
5133 int *freqs = NULL;
5134
5135 /* Channels from own bootstrapping info */
5136 if (bi) {
5137 for (i = 0; i < bi->num_freq; i++)
5138 int_array_add_unique(&freqs, bi->freq[i]);
5139 }
5140
5141 /* Preferred chirping channels */
5142 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
5143 HOSTAPD_MODE_IEEE80211G, false);
5144 if (mode) {
5145 for (c = 0; c < mode->num_channels; c++) {
5146 struct hostapd_channel_data *chan = &mode->channels[c];
5147
5148 if ((chan->flag & HOSTAPD_CHAN_DISABLED) ||
5149 chan->freq != 2437)
5150 continue;
5151 chan6 = true;
5152 break;
5153 }
5154 }
5155 if (chan6)
5156 int_array_add_unique(&freqs, 2437);
5157
5158 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
5159 HOSTAPD_MODE_IEEE80211A, false);
5160 if (mode) {
5161 int chan44 = 0, chan149 = 0;
5162
5163 for (c = 0; c < mode->num_channels; c++) {
5164 struct hostapd_channel_data *chan = &mode->channels[c];
5165
5166 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
5167 HOSTAPD_CHAN_RADAR))
5168 continue;
5169 if (chan->freq == 5220)
5170 chan44 = 1;
5171 if (chan->freq == 5745)
5172 chan149 = 1;
5173 }
5174 if (chan149)
5175 int_array_add_unique(&freqs, 5745);
5176 else if (chan44)
5177 int_array_add_unique(&freqs, 5220);
5178 }
5179
5180 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
5181 HOSTAPD_MODE_IEEE80211AD, false);
5182 if (mode) {
5183 for (c = 0; c < mode->num_channels; c++) {
5184 struct hostapd_channel_data *chan = &mode->channels[c];
5185
5186 if ((chan->flag & (HOSTAPD_CHAN_DISABLED |
5187 HOSTAPD_CHAN_RADAR)) ||
5188 chan->freq != 60480)
5189 continue;
5190 int_array_add_unique(&freqs, 60480);
5191 break;
5192 }
5193 }
5194
5195 /* Add channels from scan results for APs that advertise Configurator
5196 * Connectivity element */
5197 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
5198 if (wpa_bss_get_vendor_ie(bss, DPP_CC_IE_VENDOR_TYPE))
5199 int_array_add_unique(&freqs, bss->freq);
5200 }
5201
5202 return freqs;
5203 }
5204
5205
wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant * wpa_s,struct wpa_scan_results * scan_res)5206 static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s,
5207 struct wpa_scan_results *scan_res)
5208 {
5209 struct dpp_bootstrap_info *bi = wpa_s->dpp_chirp_bi;
5210
5211 if (!bi && !wpa_s->dpp_reconfig_ssid)
5212 return;
5213
5214 wpa_s->dpp_chirp_scan_done = 1;
5215
5216 os_free(wpa_s->dpp_chirp_freqs);
5217 wpa_s->dpp_chirp_freqs = wpas_dpp_presence_ann_channels(wpa_s, bi);
5218
5219 if (!wpa_s->dpp_chirp_freqs ||
5220 eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL) < 0)
5221 wpas_dpp_chirp_stop(wpa_s);
5222 }
5223
5224
wpas_dpp_chirp_next(void * eloop_ctx,void * timeout_ctx)5225 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx)
5226 {
5227 struct wpa_supplicant *wpa_s = eloop_ctx;
5228 int i;
5229
5230 if (wpa_s->dpp_chirp_listen)
5231 wpas_dpp_listen_stop(wpa_s);
5232
5233 if (wpa_s->dpp_chirp_freq == 0) {
5234 if (wpa_s->dpp_chirp_round % 4 == 0 &&
5235 !wpa_s->dpp_chirp_scan_done) {
5236 if (wpas_scan_scheduled(wpa_s)) {
5237 wpa_printf(MSG_DEBUG,
5238 "DPP: Deferring chirp scan because another scan is planned already");
5239 if (eloop_register_timeout(1, 0,
5240 wpas_dpp_chirp_next,
5241 wpa_s, NULL) < 0) {
5242 wpas_dpp_chirp_stop(wpa_s);
5243 return;
5244 }
5245 return;
5246 }
5247 wpa_printf(MSG_DEBUG,
5248 "DPP: Update channel list for chirping");
5249 wpa_s->scan_req = MANUAL_SCAN_REQ;
5250 wpa_s->scan_res_handler =
5251 wpas_dpp_chirp_scan_res_handler;
5252 wpa_supplicant_req_scan(wpa_s, 0, 0);
5253 return;
5254 }
5255 wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[0];
5256 wpa_s->dpp_chirp_round++;
5257 wpa_printf(MSG_DEBUG, "DPP: Start chirping round %d",
5258 wpa_s->dpp_chirp_round);
5259 } else {
5260 for (i = 0; wpa_s->dpp_chirp_freqs[i]; i++)
5261 if (wpa_s->dpp_chirp_freqs[i] == wpa_s->dpp_chirp_freq)
5262 break;
5263 if (!wpa_s->dpp_chirp_freqs[i]) {
5264 wpa_printf(MSG_DEBUG,
5265 "DPP: Previous chirp freq %d not found",
5266 wpa_s->dpp_chirp_freq);
5267 return;
5268 }
5269 i++;
5270 if (wpa_s->dpp_chirp_freqs[i]) {
5271 wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[i];
5272 } else {
5273 wpa_s->dpp_chirp_iter--;
5274 if (wpa_s->dpp_chirp_iter <= 0) {
5275 wpa_printf(MSG_DEBUG,
5276 "DPP: Chirping iterations completed");
5277 wpas_dpp_chirp_stop(wpa_s);
5278 return;
5279 }
5280 wpa_s->dpp_chirp_freq = 0;
5281 wpa_s->dpp_chirp_scan_done = 0;
5282 if (eloop_register_timeout(30, 0, wpas_dpp_chirp_next,
5283 wpa_s, NULL) < 0) {
5284 wpas_dpp_chirp_stop(wpa_s);
5285 return;
5286 }
5287 if (wpa_s->dpp_chirp_listen) {
5288 wpa_printf(MSG_DEBUG,
5289 "DPP: Listen on %d MHz during chirp 30 second wait",
5290 wpa_s->dpp_chirp_listen);
5291 wpas_dpp_listen_start(wpa_s,
5292 wpa_s->dpp_chirp_listen);
5293 } else {
5294 wpa_printf(MSG_DEBUG,
5295 "DPP: Wait 30 seconds before starting the next chirping round");
5296 }
5297 return;
5298 }
5299 }
5300
5301 wpas_dpp_chirp_start(wpa_s);
5302 }
5303
5304
wpas_dpp_chirp(struct wpa_supplicant * wpa_s,const char * cmd)5305 int wpas_dpp_chirp(struct wpa_supplicant *wpa_s, const char *cmd)
5306 {
5307 const char *pos;
5308 int iter = 1, listen_freq = 0;
5309 struct dpp_bootstrap_info *bi;
5310
5311 pos = os_strstr(cmd, " own=");
5312 if (!pos)
5313 return -1;
5314 pos += 5;
5315 bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
5316 if (!bi) {
5317 wpa_printf(MSG_DEBUG,
5318 "DPP: Identified bootstrap info not found");
5319 return -1;
5320 }
5321
5322 pos = os_strstr(cmd, " iter=");
5323 if (pos) {
5324 iter = atoi(pos + 6);
5325 if (iter <= 0)
5326 return -1;
5327 }
5328
5329 pos = os_strstr(cmd, " listen=");
5330 if (pos) {
5331 listen_freq = atoi(pos + 8);
5332 if (listen_freq <= 0)
5333 return -1;
5334 }
5335
5336 wpas_dpp_chirp_stop(wpa_s);
5337 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
5338 wpa_s->dpp_netrole = DPP_NETROLE_STA;
5339 wpa_s->dpp_qr_mutual = 0;
5340 wpa_s->dpp_chirp_bi = bi;
5341 wpa_s->dpp_presence_announcement = dpp_build_presence_announcement(bi);
5342 if (!wpa_s->dpp_presence_announcement)
5343 return -1;
5344 wpa_s->dpp_chirp_iter = iter;
5345 wpa_s->dpp_chirp_round = 0;
5346 wpa_s->dpp_chirp_scan_done = 0;
5347 wpa_s->dpp_chirp_listen = listen_freq;
5348
5349 return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
5350 }
5351
5352
wpas_dpp_chirp_stop(struct wpa_supplicant * wpa_s)5353 void wpas_dpp_chirp_stop(struct wpa_supplicant *wpa_s)
5354 {
5355 if (wpa_s->dpp_presence_announcement ||
5356 wpa_s->dpp_reconfig_ssid) {
5357 offchannel_send_action_done(wpa_s);
5358 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CHIRP_STOPPED);
5359 }
5360 wpa_s->dpp_chirp_bi = NULL;
5361 wpabuf_free(wpa_s->dpp_presence_announcement);
5362 wpa_s->dpp_presence_announcement = NULL;
5363 if (wpa_s->dpp_chirp_listen)
5364 wpas_dpp_listen_stop(wpa_s);
5365 wpa_s->dpp_chirp_listen = 0;
5366 wpa_s->dpp_chirp_freq = 0;
5367 os_free(wpa_s->dpp_chirp_freqs);
5368 wpa_s->dpp_chirp_freqs = NULL;
5369 eloop_cancel_timeout(wpas_dpp_chirp_next, wpa_s, NULL);
5370 eloop_cancel_timeout(wpas_dpp_chirp_timeout, wpa_s, NULL);
5371 if (wpa_s->scan_res_handler == wpas_dpp_chirp_scan_res_handler) {
5372 wpas_abort_ongoing_scan(wpa_s);
5373 wpa_s->scan_res_handler = NULL;
5374 }
5375 }
5376
5377
wpas_dpp_reconfig(struct wpa_supplicant * wpa_s,const char * cmd)5378 int wpas_dpp_reconfig(struct wpa_supplicant *wpa_s, const char *cmd)
5379 {
5380 struct wpa_ssid *ssid;
5381 int iter = 1;
5382 const char *pos;
5383
5384 ssid = wpa_config_get_network(wpa_s->conf, atoi(cmd));
5385 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
5386 !ssid->dpp_csign) {
5387 wpa_printf(MSG_DEBUG,
5388 "DPP: Not a valid network profile for reconfiguration");
5389 return -1;
5390 }
5391
5392 pos = os_strstr(cmd, " iter=");
5393 if (pos) {
5394 iter = atoi(pos + 6);
5395 if (iter <= 0)
5396 return -1;
5397 }
5398
5399 if (wpa_s->dpp_auth) {
5400 wpa_printf(MSG_DEBUG,
5401 "DPP: Not ready to start reconfiguration - pending authentication exchange in progress");
5402 return -1;
5403 }
5404
5405 dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
5406 wpa_s->dpp_reconfig_id = dpp_gen_reconfig_id(ssid->dpp_csign,
5407 ssid->dpp_csign_len,
5408 ssid->dpp_pp_key,
5409 ssid->dpp_pp_key_len);
5410 if (!wpa_s->dpp_reconfig_id) {
5411 wpa_printf(MSG_DEBUG,
5412 "DPP: Failed to generate E-id for reconfiguration");
5413 return -1;
5414 }
5415 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
5416 wpa_printf(MSG_DEBUG, "DPP: Disconnect for reconfiguration");
5417 wpa_s->own_disconnect_req = 1;
5418 wpa_supplicant_deauthenticate(
5419 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
5420 }
5421 wpas_dpp_chirp_stop(wpa_s);
5422 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
5423 wpa_s->dpp_netrole = DPP_NETROLE_STA;
5424 wpa_s->dpp_qr_mutual = 0;
5425 wpa_s->dpp_reconfig_ssid = ssid;
5426 wpa_s->dpp_reconfig_ssid_id = ssid->id;
5427 wpa_s->dpp_chirp_iter = iter;
5428 wpa_s->dpp_chirp_round = 0;
5429 wpa_s->dpp_chirp_scan_done = 0;
5430 wpa_s->dpp_chirp_listen = 0;
5431
5432 return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
5433 }
5434
5435
wpas_dpp_ca_set(struct wpa_supplicant * wpa_s,const char * cmd)5436 int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd)
5437 {
5438 int peer = -1;
5439 const char *pos, *value;
5440 struct dpp_authentication *auth = wpa_s->dpp_auth;
5441 u8 *bin;
5442 size_t bin_len;
5443 struct wpabuf *buf;
5444 bool tcp = false;
5445
5446 pos = os_strstr(cmd, " peer=");
5447 if (pos) {
5448 peer = atoi(pos + 6);
5449 if (!auth || !auth->waiting_cert ||
5450 (auth->peer_bi &&
5451 (unsigned int) peer != auth->peer_bi->id)) {
5452 auth = dpp_controller_get_auth(wpa_s->dpp, peer);
5453 tcp = true;
5454 }
5455 }
5456
5457 if (!auth || !auth->waiting_cert) {
5458 wpa_printf(MSG_DEBUG,
5459 "DPP: No authentication exchange waiting for certificate information");
5460 return -1;
5461 }
5462
5463 if (peer >= 0 &&
5464 (!auth->peer_bi ||
5465 (unsigned int) peer != auth->peer_bi->id) &&
5466 (!auth->tmp_peer_bi ||
5467 (unsigned int) peer != auth->tmp_peer_bi->id)) {
5468 wpa_printf(MSG_DEBUG, "DPP: Peer mismatch");
5469 return -1;
5470 }
5471
5472 pos = os_strstr(cmd, " value=");
5473 if (!pos)
5474 return -1;
5475 value = pos + 7;
5476
5477 pos = os_strstr(cmd, " name=");
5478 if (!pos)
5479 return -1;
5480 pos += 6;
5481
5482 if (os_strncmp(pos, "status ", 7) == 0) {
5483 auth->force_conf_resp_status = atoi(value);
5484 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
5485 }
5486
5487 if (os_strncmp(pos, "trustedEapServerName ", 21) == 0) {
5488 os_free(auth->trusted_eap_server_name);
5489 auth->trusted_eap_server_name = os_strdup(value);
5490 return auth->trusted_eap_server_name ? 0 : -1;
5491 }
5492
5493 bin = base64_decode(value, os_strlen(value), &bin_len);
5494 if (!bin)
5495 return -1;
5496 buf = wpabuf_alloc_copy(bin, bin_len);
5497 os_free(bin);
5498
5499 if (os_strncmp(pos, "caCert ", 7) == 0) {
5500 wpabuf_free(auth->cacert);
5501 auth->cacert = buf;
5502 return 0;
5503 }
5504
5505 if (os_strncmp(pos, "certBag ", 8) == 0) {
5506 wpabuf_free(auth->certbag);
5507 auth->certbag = buf;
5508 return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
5509 }
5510
5511 wpabuf_free(buf);
5512 return -1;
5513 }
5514
5515 #endif /* CONFIG_DPP2 */
5516
5517
5518 #ifdef CONFIG_DPP3
5519
5520 #define DPP_PB_ANNOUNCE_PER_CHAN 3
5521
5522 static int wpas_dpp_pb_announce(struct wpa_supplicant *wpa_s, int freq);
5523
5524
wpas_dpp_pb_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)5525 static void wpas_dpp_pb_tx_status(struct wpa_supplicant *wpa_s,
5526 unsigned int freq, const u8 *dst,
5527 const u8 *src, const u8 *bssid,
5528 const u8 *data, size_t data_len,
5529 enum offchannel_send_action_result result)
5530 {
5531 if (result == OFFCHANNEL_SEND_ACTION_FAILED) {
5532 wpa_printf(MSG_DEBUG,
5533 "DPP: Failed to send push button announcement on %d MHz",
5534 freq);
5535 if (eloop_register_timeout(0, 0, wpas_dpp_pb_next,
5536 wpa_s, NULL) < 0)
5537 wpas_dpp_push_button_stop(wpa_s);
5538 return;
5539 }
5540
5541 wpa_printf(MSG_DEBUG, "DPP: Push button announcement on %d MHz sent",
5542 freq);
5543 if (wpa_s->dpp_pb_discovery_done) {
5544 wpa_s->dpp_pb_announce_count = 0;
5545 wpa_printf(MSG_DEBUG,
5546 "DPP: Wait for push button announcement response and PKEX on %d MHz",
5547 freq);
5548 if (eloop_register_timeout(0, 500000, wpas_dpp_pb_next,
5549 wpa_s, NULL) < 0)
5550 wpas_dpp_push_button_stop(wpa_s);
5551 return;
5552 } else if (wpa_s->dpp_pb_announce_count >= DPP_PB_ANNOUNCE_PER_CHAN) {
5553 wpa_printf(MSG_DEBUG,
5554 "DPP: Wait for push button announcement response on %d MHz",
5555 freq);
5556 if (eloop_register_timeout(0, 50000, wpas_dpp_pb_next,
5557 wpa_s, NULL) < 0)
5558 wpas_dpp_push_button_stop(wpa_s);
5559 return;
5560 }
5561
5562 if (wpas_dpp_pb_announce(wpa_s, freq) < 0)
5563 wpas_dpp_push_button_stop(wpa_s);
5564 }
5565
5566
wpas_dpp_pb_announce(struct wpa_supplicant * wpa_s,int freq)5567 static int wpas_dpp_pb_announce(struct wpa_supplicant *wpa_s, int freq)
5568 {
5569 struct wpabuf *msg;
5570 int type;
5571
5572 msg = wpa_s->dpp_pb_announcement;
5573 if (!msg)
5574 return -1;
5575
5576 wpa_s->dpp_pb_announce_count++;
5577 wpa_printf(MSG_DEBUG,
5578 "DPP: Send push button announcement %d/%d (%d MHz)",
5579 wpa_s->dpp_pb_announce_count, DPP_PB_ANNOUNCE_PER_CHAN,
5580 freq);
5581
5582 type = DPP_PA_PB_PRESENCE_ANNOUNCEMENT;
5583 if (wpa_s->dpp_pb_announce_count == 1)
5584 wpa_msg(wpa_s, MSG_INFO,
5585 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
5586 MAC2STR(broadcast), freq, type);
5587 if (offchannel_send_action(
5588 wpa_s, freq, broadcast, wpa_s->own_addr, broadcast,
5589 wpabuf_head(msg), wpabuf_len(msg),
5590 1000, wpas_dpp_pb_tx_status, 0) < 0)
5591 return -1;
5592
5593 return 0;
5594 }
5595
5596
wpas_dpp_pb_next(void * eloop_ctx,void * timeout_ctx)5597 static void wpas_dpp_pb_next(void *eloop_ctx, void *timeout_ctx)
5598 {
5599 struct wpa_supplicant *wpa_s = eloop_ctx;
5600 struct os_reltime now;
5601 int freq;
5602
5603 if (!wpa_s->dpp_pb_freqs)
5604 return;
5605
5606 os_get_reltime(&now);
5607 offchannel_send_action_done(wpa_s);
5608
5609 if (os_reltime_expired(&now, &wpa_s->dpp_pb_time, 100)) {
5610 wpa_printf(MSG_DEBUG, "DPP: Push button wait time expired");
5611 wpas_dpp_push_button_stop(wpa_s);
5612 return;
5613 }
5614
5615 if (wpa_s->dpp_pb_freq_idx >= int_array_len(wpa_s->dpp_pb_freqs)) {
5616 wpa_printf(MSG_DEBUG,
5617 "DPP: Completed push button announcement round");
5618 wpa_s->dpp_pb_freq_idx = 0;
5619 if (wpa_s->dpp_pb_stop_iter > 0) {
5620 wpa_s->dpp_pb_stop_iter--;
5621
5622 if (wpa_s->dpp_pb_stop_iter == 1) {
5623 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS
5624 "wait for AP/Configurator to allow PKEX to be initiated");
5625 if (eloop_register_timeout(10, 0,
5626 wpas_dpp_pb_next,
5627 wpa_s, NULL) < 0) {
5628 wpas_dpp_push_button_stop(wpa_s);
5629 return;
5630 }
5631 return;
5632 }
5633
5634 if (wpa_s->dpp_pb_stop_iter == 0) {
5635 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS
5636 "start push button PKEX responder on the discovered channel (%d MHz)",
5637 wpa_s->dpp_pb_resp_freq);
5638 wpa_s->dpp_pb_discovery_done = true;
5639
5640 wpa_s->dpp_pkex_bi = wpa_s->dpp_pb_bi;
5641
5642 os_free(wpa_s->dpp_pkex_code);
5643 wpa_s->dpp_pkex_code = os_memdup(
5644 wpa_s->dpp_pb_c_nonce,
5645 wpa_s->dpp_pb_c_nonce_len);
5646 wpa_s->dpp_pkex_code_len =
5647 wpa_s->dpp_pb_c_nonce_len;
5648
5649 os_free(wpa_s->dpp_pkex_identifier);
5650 wpa_s->dpp_pkex_identifier =
5651 os_strdup("PBPKEX");
5652
5653 if (!wpa_s->dpp_pkex_code ||
5654 !wpa_s->dpp_pkex_identifier) {
5655 wpas_dpp_push_button_stop(wpa_s);
5656 return;
5657 }
5658
5659 wpa_s->dpp_pkex_ver = PKEX_VER_ONLY_2;
5660
5661 os_free(wpa_s->dpp_pkex_auth_cmd);
5662 wpa_s->dpp_pkex_auth_cmd = NULL;
5663 }
5664 }
5665 }
5666
5667 if (wpa_s->dpp_pb_discovery_done)
5668 freq = wpa_s->dpp_pb_resp_freq;
5669 else
5670 freq = wpa_s->dpp_pb_freqs[wpa_s->dpp_pb_freq_idx++];
5671 wpa_s->dpp_pb_announce_count = 0;
5672 if (!wpa_s->dpp_pb_announcement) {
5673 wpa_printf(MSG_DEBUG, "DPP: Push button announcements stopped");
5674 return;
5675 }
5676 if (wpas_dpp_pb_announce(wpa_s, freq) < 0) {
5677 wpas_dpp_push_button_stop(wpa_s);
5678 return;
5679 }
5680 }
5681
5682
wpas_dpp_push_button_expire(void * eloop_ctx,void * timeout_ctx)5683 static void wpas_dpp_push_button_expire(void *eloop_ctx, void *timeout_ctx)
5684 {
5685 struct wpa_supplicant *wpa_s = eloop_ctx;
5686
5687 wpa_printf(MSG_DEBUG,
5688 "DPP: Active push button Configurator mode expired");
5689 wpas_dpp_push_button_stop(wpa_s);
5690 }
5691
5692
wpas_dpp_push_button_configurator(struct wpa_supplicant * wpa_s,const char * cmd)5693 static int wpas_dpp_push_button_configurator(struct wpa_supplicant *wpa_s,
5694 const char *cmd)
5695 {
5696 wpa_s->dpp_pb_configurator = true;
5697 wpa_s->dpp_pb_announce_time.sec = 0;
5698 wpa_s->dpp_pb_announce_time.usec = 0;
5699 str_clear_free(wpa_s->dpp_pb_cmd);
5700 wpa_s->dpp_pb_cmd = NULL;
5701 if (cmd) {
5702 wpa_s->dpp_pb_cmd = os_strdup(cmd);
5703 if (!wpa_s->dpp_pb_cmd)
5704 return -1;
5705 }
5706 eloop_register_timeout(100, 0, wpas_dpp_push_button_expire,
5707 wpa_s, NULL);
5708
5709 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS "started");
5710 return 0;
5711 }
5712
5713
wpas_dpp_pb_scan_res_handler(struct wpa_supplicant * wpa_s,struct wpa_scan_results * scan_res)5714 static void wpas_dpp_pb_scan_res_handler(struct wpa_supplicant *wpa_s,
5715 struct wpa_scan_results *scan_res)
5716 {
5717 if (!wpa_s->dpp_pb_time.sec && !wpa_s->dpp_pb_time.usec)
5718 return;
5719
5720 os_free(wpa_s->dpp_pb_freqs);
5721 wpa_s->dpp_pb_freqs = wpas_dpp_presence_ann_channels(wpa_s, NULL);
5722
5723 wpa_printf(MSG_DEBUG, "DPP: Scan completed for PB discovery");
5724 if (!wpa_s->dpp_pb_freqs ||
5725 eloop_register_timeout(0, 0, wpas_dpp_pb_next, wpa_s, NULL) < 0)
5726 wpas_dpp_push_button_stop(wpa_s);
5727 }
5728
5729
wpas_dpp_push_button(struct wpa_supplicant * wpa_s,const char * cmd)5730 int wpas_dpp_push_button(struct wpa_supplicant *wpa_s, const char *cmd)
5731 {
5732 int res;
5733
5734 if (!wpa_s->dpp)
5735 return -1;
5736 wpas_dpp_push_button_stop(wpa_s);
5737 wpas_dpp_stop(wpa_s);
5738 wpas_dpp_chirp_stop(wpa_s);
5739
5740 os_get_reltime(&wpa_s->dpp_pb_time);
5741
5742 if (cmd &&
5743 (os_strstr(cmd, " role=configurator") ||
5744 os_strstr(cmd, " conf=")))
5745 return wpas_dpp_push_button_configurator(wpa_s, cmd);
5746
5747 wpa_s->dpp_pb_configurator = false;
5748
5749 wpa_s->dpp_pb_freq_idx = 0;
5750
5751 res = dpp_bootstrap_gen(wpa_s->dpp, "type=pkex");
5752 if (res < 0)
5753 return -1;
5754 wpa_s->dpp_pb_bi = dpp_bootstrap_get_id(wpa_s->dpp, res);
5755 if (!wpa_s->dpp_pb_bi)
5756 return -1;
5757
5758 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
5759 wpa_s->dpp_netrole = DPP_NETROLE_STA;
5760 wpa_s->dpp_qr_mutual = 0;
5761 wpa_s->dpp_pb_announcement =
5762 dpp_build_pb_announcement(wpa_s->dpp_pb_bi);
5763 if (!wpa_s->dpp_pb_announcement)
5764 return -1;
5765
5766 wpa_printf(MSG_DEBUG,
5767 "DPP: Scan to create channel list for PB discovery");
5768 wpa_s->scan_req = MANUAL_SCAN_REQ;
5769 wpa_s->scan_res_handler = wpas_dpp_pb_scan_res_handler;
5770 wpa_supplicant_req_scan(wpa_s, 0, 0);
5771 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS "started");
5772 return 0;
5773 }
5774
5775
wpas_dpp_push_button_stop(struct wpa_supplicant * wpa_s)5776 void wpas_dpp_push_button_stop(struct wpa_supplicant *wpa_s)
5777 {
5778 if (!wpa_s->dpp)
5779 return;
5780 os_free(wpa_s->dpp_pb_freqs);
5781 wpa_s->dpp_pb_freqs = NULL;
5782 wpabuf_free(wpa_s->dpp_pb_announcement);
5783 wpa_s->dpp_pb_announcement = NULL;
5784 if (wpa_s->dpp_pb_bi) {
5785 char id[20];
5786
5787 if (wpa_s->dpp_pb_bi == wpa_s->dpp_pkex_bi)
5788 wpa_s->dpp_pkex_bi = NULL;
5789 os_snprintf(id, sizeof(id), "%u", wpa_s->dpp_pb_bi->id);
5790 dpp_bootstrap_remove(wpa_s->dpp, id);
5791 wpa_s->dpp_pb_bi = NULL;
5792 if (!wpa_s->dpp_pb_result_indicated) {
5793 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "failed");
5794 wpa_s->dpp_pb_result_indicated = true;
5795 }
5796 }
5797
5798 wpa_s->dpp_pb_resp_freq = 0;
5799 wpa_s->dpp_pb_stop_iter = 0;
5800 wpa_s->dpp_pb_discovery_done = false;
5801 os_free(wpa_s->dpp_pb_cmd);
5802 wpa_s->dpp_pb_cmd = NULL;
5803
5804 eloop_cancel_timeout(wpas_dpp_pb_next, wpa_s, NULL);
5805 eloop_cancel_timeout(wpas_dpp_push_button_expire, wpa_s, NULL);
5806 if (wpas_dpp_pb_active(wpa_s)) {
5807 wpa_printf(MSG_DEBUG, "DPP: Stop active push button mode");
5808 if (!wpa_s->dpp_pb_result_indicated)
5809 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "failed");
5810 }
5811 wpa_s->dpp_pb_time.sec = 0;
5812 wpa_s->dpp_pb_time.usec = 0;
5813 dpp_pkex_free(wpa_s->dpp_pkex);
5814 wpa_s->dpp_pkex = NULL;
5815 os_free(wpa_s->dpp_pkex_auth_cmd);
5816 wpa_s->dpp_pkex_auth_cmd = NULL;
5817
5818 wpa_s->dpp_pb_result_indicated = false;
5819
5820 str_clear_free(wpa_s->dpp_pb_cmd);
5821 wpa_s->dpp_pb_cmd = NULL;
5822
5823 if (wpa_s->scan_res_handler == wpas_dpp_pb_scan_res_handler) {
5824 wpas_abort_ongoing_scan(wpa_s);
5825 wpa_s->scan_res_handler = NULL;
5826 }
5827 }
5828
5829 #endif /* CONFIG_DPP3 */
5830