jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
hostap/wpa_supplicant/wps_supplicant.c

848 lines
21 KiB
C
Raw Normal View History

WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
/*
* wpa_supplicant / WPS integration
* Copyright (c) 2008, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "ieee802_11_defs.h"
#include "wpa_common.h"
#include "config.h"
WPS: Set Request Type properly into WPS IE in ProbeReq/AssocReq
2008-11-29 12:38:03 +01:00
#include "eap_peer/eap.h"
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
#include "wpa_supplicant_i.h"
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
#include "eloop.h"
WPS: Generate UUID based on MAC address, if not set Generate a SHA1 hash -based UUID from the local MAC address if the UUID was not configured. This makes it easier to prepare for WPS since there is no need to generate an UUID.
2009-01-01 21:56:52 +01:00
#include "uuid.h"
WPS: Added control interface notification for available WPS APs Whenever new scan results include WPS AP(s) and the client is not associated, send a notification message to control interface monitors. This makes it easier for GUIs to notify the user about possible WPS availability without having to go through the scan results.
2008-12-15 19:09:57 +01:00
#include "wpa_ctrl.h"
WPS: Add configurable option for processing credentials externally The wps_cred_process option can be used to configure wpa_supplicant to send received Credential attributes for external processing over ctrl_iface and dbus. This allows external programs to update their configuration when WPS is used to provision new networks.
2009-01-18 11:27:12 +01:00
#include "ctrl_iface_dbus.h"
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
#include "eap_common/eap_wsc_common.h"
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
#include "blacklist.h"
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
#include "wps_supplicant.h"
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 20:57:38 +01:00
#include "dh_groups.h"
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
#define WPS_PIN_SCAN_IGNORE_SEL_REG 3
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx);
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
2008-12-19 21:19:41 +01:00
static void wpas_clear_wps(struct wpa_supplicant *wpa_s);
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s)
{
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
if (!wpa_s->wps_success &&
wpa_s->current_ssid &&
eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
const u8 *bssid = wpa_s->bssid;
if (is_zero_ether_addr(bssid))
bssid = wpa_s->pending_bssid;
wpa_printf(MSG_DEBUG, "WPS: PIN registration with " MACSTR
" did not succeed - continue trying to find "
"suitable AP", MAC2STR(bssid));
wpa_blacklist_add(wpa_s, bssid);
wpa_supplicant_deauthenticate(wpa_s,
WLAN_REASON_DEAUTH_LEAVING);
wpa_s->reassociate = 1;
wpa_supplicant_req_scan(wpa_s,
wpa_s->blacklist_cleared ? 5 : 0, 0);
wpa_s->blacklist_cleared = 0;
return 1;
}
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid &&
!(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - "
"try to associate with the received credential");
wpa_supplicant_deauthenticate(wpa_s,
WLAN_REASON_DEAUTH_LEAVING);
wpa_s->reassociate = 1;
wpa_supplicant_req_scan(wpa_s, 0, 0);
return 1;
}
WPS: Add configurable option for processing credentials externally The wps_cred_process option can be used to configure wpa_supplicant to send received Credential attributes for external processing over ctrl_iface and dbus. This allows external programs to update their configuration when WPS is used to provision new networks.
2009-01-18 11:27:12 +01:00
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid) {
wpa_printf(MSG_DEBUG, "WPS: Registration completed - waiting "
"for external credential processing");
wpas_clear_wps(wpa_s);
wpa_supplicant_deauthenticate(wpa_s,
WLAN_REASON_DEAUTH_LEAVING);
return 1;
}
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
return 0;
}
WPS: Merged two cred_cb variables into the same one Previously, wpa_supplicant as Enrollee case was handled using a different callback function pointer. However, now that the wps_context structure is allocated for all cases, the same variable can be used in all cases.
2008-11-28 19:02:32 +01:00
static int wpa_supplicant_wps_cred(void *ctx,
const struct wps_credential *cred)
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
{
struct wpa_supplicant *wpa_s = ctx;
struct wpa_ssid *ssid = wpa_s->current_ssid;
WPS: Fix WEP key index to use 1..4 instead of 0..3 It seems that WFA WPS spec says that default key index should be 1 (not 0). I think this meas that WEP key indexes region is not from 0 to 3, but from 1 to 4 in WPS. At least WRT610N implemented it this way.
2009-02-18 18:58:44 +01:00
u8 key_idx = 0;
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
WPS: Add configurable option for processing credentials externally The wps_cred_process option can be used to configure wpa_supplicant to send received Credential attributes for external processing over ctrl_iface and dbus. This allows external programs to update their configuration when WPS is used to provision new networks.
2009-01-18 11:27:12 +01:00
if ((wpa_s->conf->wps_cred_processing == 1 ||
wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
size_t blen = cred->cred_attr_len * 2 + 1;
char *buf = os_malloc(blen);
if (buf) {
wpa_snprintf_hex(buf, blen,
cred->cred_attr, cred->cred_attr_len);
wpa_msg(wpa_s, MSG_INFO, "%s%s",
WPS_EVENT_CRED_RECEIVED, buf);
os_free(buf);
}
wpa_supplicant_dbus_notify_wps_cred(wpa_s, cred);
} else
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CRED_RECEIVED);
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
WPS: Provide the unparsed Credential attribute to cred_cb() This makes it easier to pass the credential data to external programs (e.g., Network Manager) for processing. The actual use of this data is not yet included in hostapd/wpa_supplicant.
2009-01-17 21:17:12 +01:00
wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
cred->cred_attr, cred->cred_attr_len);
WPS: Add configurable option for processing credentials externally The wps_cred_process option can be used to configure wpa_supplicant to send received Credential attributes for external processing over ctrl_iface and dbus. This allows external programs to update their configuration when WPS is used to provision new networks.
2009-01-18 11:27:12 +01:00
if (wpa_s->conf->wps_cred_processing == 1)
return 0;
WPS: Ignore credentials for unsupported authentication type The current implementation does not support WPA/WPA2-Enterprise credentials. Ignore any credential that is using unsupported authentication type to avoid potential issues with partially configured network blocks.
2009-01-17 20:45:51 +01:00
if (cred->auth_type != WPS_AUTH_OPEN &&
cred->auth_type != WPS_AUTH_SHARED &&
cred->auth_type != WPS_AUTH_WPAPSK &&
cred->auth_type != WPS_AUTH_WPA2PSK) {
wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for "
"unsupported authentication type %d",
cred->auth_type);
return 0;
}
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based "
"on the received credential");
os_free(ssid->eap.identity);
ssid->eap.identity = NULL;
ssid->eap.identity_len = 0;
os_free(ssid->eap.phase1);
ssid->eap.phase1 = NULL;
os_free(ssid->eap.eap_methods);
ssid->eap.eap_methods = NULL;
} else {
wpa_printf(MSG_DEBUG, "WPS: Create a new network based on the "
"received credential");
ssid = wpa_config_add_network(wpa_s->conf);
if (ssid == NULL)
return -1;
}
wpa_config_set_network_defaults(ssid);
os_free(ssid->ssid);
ssid->ssid = os_malloc(cred->ssid_len);
if (ssid->ssid) {
os_memcpy(ssid->ssid, cred->ssid, cred->ssid_len);
ssid->ssid_len = cred->ssid_len;
}
switch (cred->encr_type) {
case WPS_ENCR_NONE:
break;
case WPS_ENCR_WEP:
WPS: support WEP keys in hex characters format in received credentials Attached patch makes wpa_supplicant support WEP keys in hex characters format in received credentials from Registrars (tested with WRT610N).
2009-02-17 09:30:43 +01:00
if (cred->key_len <= 0)
break;
if (cred->key_len != 5 && cred->key_len != 13 &&
cred->key_len != 10 && cred->key_len != 26) {
wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key length "
"%lu", (unsigned long) cred->key_len);
return -1;
}
WPS: Fix WEP key index to use 1..4 instead of 0..3 It seems that WFA WPS spec says that default key index should be 1 (not 0). I think this meas that WEP key indexes region is not from 0 to 3, but from 1 to 4 in WPS. At least WRT610N implemented it this way.
2009-02-18 18:58:44 +01:00
if (cred->key_idx > NUM_WEP_KEYS) {
WPS: support WEP keys in hex characters format in received credentials Attached patch makes wpa_supplicant support WEP keys in hex characters format in received credentials from Registrars (tested with WRT610N).
2009-02-17 09:30:43 +01:00
wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key index %d",
cred->key_idx);
return -1;
}
WPS: Fix WEP key index to use 1..4 instead of 0..3 It seems that WFA WPS spec says that default key index should be 1 (not 0). I think this meas that WEP key indexes region is not from 0 to 3, but from 1 to 4 in WPS. At least WRT610N implemented it this way.
2009-02-18 18:58:44 +01:00
if (cred->key_idx)
key_idx = cred->key_idx - 1;
WPS: support WEP keys in hex characters format in received credentials Attached patch makes wpa_supplicant support WEP keys in hex characters format in received credentials from Registrars (tested with WRT610N).
2009-02-17 09:30:43 +01:00
if (cred->key_len == 10 || cred->key_len == 26) {
if (hexstr2bin((char *) cred->key,
ssid->wep_key[key_idx],
cred->key_len / 2) < 0) {
wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key "
"%d", key_idx);
return -1;
}
ssid->wep_key_len[key_idx] = cred->key_len / 2;
} else {
os_memcpy(ssid->wep_key[key_idx], cred->key,
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
cred->key_len);
WPS: support WEP keys in hex characters format in received credentials Attached patch makes wpa_supplicant support WEP keys in hex characters format in received credentials from Registrars (tested with WRT610N).
2009-02-17 09:30:43 +01:00
ssid->wep_key_len[key_idx] = cred->key_len;
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
}
WPS: support WEP keys in hex characters format in received credentials Attached patch makes wpa_supplicant support WEP keys in hex characters format in received credentials from Registrars (tested with WRT610N).
2009-02-17 09:30:43 +01:00
ssid->wep_tx_keyidx = key_idx;
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
break;
case WPS_ENCR_TKIP:
ssid->pairwise_cipher = WPA_CIPHER_TKIP;
break;
case WPS_ENCR_AES:
ssid->pairwise_cipher = WPA_CIPHER_CCMP;
break;
}
switch (cred->auth_type) {
case WPS_AUTH_OPEN:
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
ssid->key_mgmt = WPA_KEY_MGMT_NONE;
ssid->proto = 0;
break;
case WPS_AUTH_SHARED:
ssid->auth_alg = WPA_AUTH_ALG_SHARED;
ssid->key_mgmt = WPA_KEY_MGMT_NONE;
ssid->proto = 0;
break;
case WPS_AUTH_WPAPSK:
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
ssid->proto = WPA_PROTO_WPA;
break;
case WPS_AUTH_WPA:
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
ssid->proto = WPA_PROTO_WPA;
break;
case WPS_AUTH_WPA2:
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
ssid->proto = WPA_PROTO_RSN;
break;
case WPS_AUTH_WPA2PSK:
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
ssid->proto = WPA_PROTO_RSN;
break;
}
if (ssid->key_mgmt == WPA_KEY_MGMT_PSK) {
if (cred->key_len == 2 * PMK_LEN) {
if (hexstr2bin((const char *) cred->key, ssid->psk,
PMK_LEN)) {
wpa_printf(MSG_ERROR, "WPS: Invalid Network "
"Key");
return -1;
}
ssid->psk_set = 1;
} else if (cred->key_len >= 8 && cred->key_len < 2 * PMK_LEN) {
os_free(ssid->passphrase);
ssid->passphrase = os_malloc(cred->key_len + 1);
if (ssid->passphrase == NULL)
return -1;
os_memcpy(ssid->passphrase, cred->key, cred->key_len);
ssid->passphrase[cred->key_len] = '\0';
wpa_config_update_psk(ssid);
} else {
wpa_printf(MSG_ERROR, "WPS: Invalid Network Key "
"length %lu",
(unsigned long) cred->key_len);
return -1;
}
}
#ifndef CONFIG_NO_CONFIG_WRITE
if (wpa_s->conf->update_config &&
wpa_config_write(wpa_s->confname, wpa_s->conf)) {
wpa_printf(MSG_DEBUG, "WPS: Failed to update configuration");
return -1;
}
#endif /* CONFIG_NO_CONFIG_WRITE */
return 0;
}
WPS: Added event callback and M2D notification The event callback will be used for various event messages and the M2D notification is the first such message. It is used to notify wpa_gui about Registrar not yet knowing the device password (PIN).
2008-12-18 20:58:42 +01:00
static void wpa_supplicant_wps_event_m2d(struct wpa_supplicant *wpa_s,
struct wps_event_m2d *m2d)
{
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_M2D
"dev_password_id=%d config_error=%d",
m2d->dev_password_id, m2d->config_error);
}
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
2008-12-19 21:19:41 +01:00
static void wpa_supplicant_wps_event_fail(struct wpa_supplicant *wpa_s,
struct wps_event_fail *fail)
{
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_FAIL "msg=%d", fail->msg);
wpas_clear_wps(wpa_s);
}
WPS: Added event callback for successfully completed registration
2008-12-19 21:34:18 +01:00
static void wpa_supplicant_wps_event_success(struct wpa_supplicant *wpa_s)
{
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_SUCCESS);
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
wpa_s->wps_success = 1;
WPS: Added event callback for successfully completed registration
2008-12-19 21:34:18 +01:00
}
WPS: Added event callback and M2D notification The event callback will be used for various event messages and the M2D notification is the first such message. It is used to notify wpa_gui about Registrar not yet knowing the device password (PIN).
2008-12-18 20:58:42 +01:00
static void wpa_supplicant_wps_event(void *ctx, enum wps_event event,
union wps_event_data *data)
{
struct wpa_supplicant *wpa_s = ctx;
switch (event) {
case WPS_EV_M2D:
wpa_supplicant_wps_event_m2d(wpa_s, &data->m2d);
break;
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
2008-12-19 21:19:41 +01:00
case WPS_EV_FAIL:
wpa_supplicant_wps_event_fail(wpa_s, &data->fail);
break;
WPS: Added event callback for successfully completed registration
2008-12-19 21:34:18 +01:00
case WPS_EV_SUCCESS:
wpa_supplicant_wps_event_success(wpa_s);
break;
WPS: Lock AP Setup on multiple AP PIN validation failures If a Registrar tries to configure the AP, but fails to validate the device password (AP PIN), lock the AP setup after four failures. This protects the AP PIN against brute force guessing attacks.
2009-01-23 20:57:43 +01:00
case WPS_EV_PWD_AUTH_FAIL:
break;
WPS: Added event callback and M2D notification The event callback will be used for various event messages and the M2D notification is the first such message. It is used to notify wpa_gui about Registrar not yet knowing the device password (PIN).
2008-12-18 20:58:42 +01:00
}
}
Added Doxygen documentation for WPS code
2009-01-03 18:50:49 +01:00
enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid)
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
{
WPS: Set Request Type properly into WPS IE in ProbeReq/AssocReq
2008-11-29 12:38:03 +01:00
if (eap_is_wps_pbc_enrollee(&ssid->eap) ||
eap_is_wps_pin_enrollee(&ssid->eap))
return WPS_REQ_ENROLLEE;
else
return WPS_REQ_REGISTRAR;
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
}
WPS: Moved wps_context initialization into wps_supplicant.c The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
2008-11-28 19:32:13 +01:00
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
{
int id;
struct wpa_ssid *ssid;
eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
/* Remove any existing WPS network from configuration */
ssid = wpa_s->conf->ssid;
while (ssid) {
WPS: Fixed deinit code for freeing config and registrar data We need to be a bit more careful when removing the WPS configuration block since wpa_s->current_ssid may still be pointing at it. In addition, registrar pointer in wps_context will need to be cleared since the context data is now maintained over multiple EAP-WSC runs. Without this, certain WPS operations could have used freed memory.
2008-12-18 00:06:06 +01:00
if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
if (ssid == wpa_s->current_ssid)
wpa_s->current_ssid = NULL;
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
id = ssid->id;
WPS: Fixed deinit code for freeing config and registrar data We need to be a bit more careful when removing the WPS configuration block since wpa_s->current_ssid may still be pointing at it. In addition, registrar pointer in wps_context will need to be cleared since the context data is now maintained over multiple EAP-WSC runs. Without this, certain WPS operations could have used freed memory.
2008-12-18 00:06:06 +01:00
} else
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
id = -1;
ssid = ssid->next;
if (id >= 0)
wpa_config_remove_network(wpa_s->conf, id);
}
}
static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx)
{
struct wpa_supplicant *wpa_s = eloop_ctx;
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
wpa_printf(MSG_INFO, WPS_EVENT_TIMEOUT "Requested operation timed "
"out");
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
wpas_clear_wps(wpa_s);
}
static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s,
int registrar, const u8 *bssid)
{
struct wpa_ssid *ssid;
ssid = wpa_config_add_network(wpa_s->conf);
if (ssid == NULL)
return NULL;
wpa_config_set_network_defaults(ssid);
if (wpa_config_set(ssid, "key_mgmt", "WPS", 0) < 0 ||
wpa_config_set(ssid, "eap", "WSC", 0) < 0 ||
wpa_config_set(ssid, "identity", registrar ?
"\"" WSC_ID_REGISTRAR "\"" :
"\"" WSC_ID_ENROLLEE "\"", 0) < 0) {
wpa_config_remove_network(wpa_s->conf, ssid->id);
return NULL;
}
if (bssid) {
size_t i;
struct wpa_scan_res *res;
os_memcpy(ssid->bssid, bssid, ETH_ALEN);
WPS: Added support for wildcard SSID matching in ap_scan=2 mode Change association behavior to match with ap_scan=1 when WPS is used in ap_scan=2 mode with wildcard SSID matching. In addition, allow hardcoded BSSID to be used to select AP even if selected registrar attribute is not present.
2008-12-20 21:55:02 +01:00
ssid->bssid_set = 1;
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
/* Try to get SSID from scan results */
if (wpa_s->scan_res == NULL &&
wpa_supplicant_get_scan_results(wpa_s) < 0)
return ssid; /* Could not find any scan results */
for (i = 0; i < wpa_s->scan_res->num; i++) {
const u8 *ie;
res = wpa_s->scan_res->res[i];
if (os_memcmp(bssid, res->bssid, ETH_ALEN) != 0)
continue;
ie = wpa_scan_get_ie(res, WLAN_EID_SSID);
if (ie == NULL)
break;
os_free(ssid->ssid);
ssid->ssid = os_malloc(ie[1]);
if (ssid->ssid == NULL)
break;
os_memcpy(ssid->ssid, ie + 2, ie[1]);
ssid->ssid_len = ie[1];
break;
}
}
return ssid;
}
static void wpas_wps_reassoc(struct wpa_supplicant *wpa_s,
struct wpa_ssid *selected)
{
struct wpa_ssid *ssid;
/* Mark all other networks disabled and trigger reassociation */
ssid = wpa_s->conf->ssid;
while (ssid) {
ssid->disabled = ssid != selected;
ssid = ssid->next;
}
wpa_s->disconnected = 0;
wpa_s->reassociate = 1;
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
wpa_s->scan_runs = 0;
wpa_s->wps_success = 0;
wpa_s->blacklist_cleared = 0;
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
wpa_supplicant_req_scan(wpa_s, 0, 0);
}
int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid)
{
struct wpa_ssid *ssid;
wpas_clear_wps(wpa_s);
ssid = wpas_wps_add_network(wpa_s, 0, bssid);
if (ssid == NULL)
return -1;
wpa_config_set(ssid, "phase1", "\"pbc=1\"", 0);
eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
wpa_s, NULL);
wpas_wps_reassoc(wpa_s, ssid);
return 0;
}
int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
const char *pin)
{
struct wpa_ssid *ssid;
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 20:57:38 +01:00
char val[128];
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
unsigned int rpin = 0;
wpas_clear_wps(wpa_s);
ssid = wpas_wps_add_network(wpa_s, 0, bssid);
if (ssid == NULL)
return -1;
if (pin)
os_snprintf(val, sizeof(val), "\"pin=%s\"", pin);
else {
rpin = wps_generate_pin();
os_snprintf(val, sizeof(val), "\"pin=%08d\"", rpin);
}
wpa_config_set(ssid, "phase1", val, 0);
eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
wpa_s, NULL);
wpas_wps_reassoc(wpa_s, ssid);
return rpin;
}
WPS UFD: Build OOB functionality only if UFD is enabled
2009-02-26 21:10:21 +01:00
#ifdef CONFIG_WPS_OOB
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 20:57:38 +01:00
int wpas_wps_start_oob(struct wpa_supplicant *wpa_s, char *device_type,
char *path, char *method)
{
struct wps_context *wps = wpa_s->wps;
WPS UFD: Remove oob_dev pointer from wps_context This pointer and the especially the oob_dev->device_path does not remain valid, so better not save it any longer than it is needed.
2009-02-26 21:07:55 +01:00
struct oob_device_data *oob_dev;
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 20:57:38 +01:00
WPS UFD: Remove oob_dev pointer from wps_context This pointer and the especially the oob_dev->device_path does not remain valid, so better not save it any longer than it is needed.
2009-02-26 21:07:55 +01:00
oob_dev = wps_get_oob_device(device_type);
if (oob_dev == NULL)
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 20:57:38 +01:00
return -1;
WPS UFD: Remove oob_dev pointer from wps_context This pointer and the especially the oob_dev->device_path does not remain valid, so better not save it any longer than it is needed.
2009-02-26 21:07:55 +01:00
oob_dev->device_path = path;
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 20:57:38 +01:00
wps->oob_conf.oob_method = wps_get_oob_method(method);
WPS UFD: Use pre-configured DH keys only with OOB The old behavior of generating new DH keys can be maintained for non-OOB cases and only OOB (in this case, with UFD) will use the pre-configured DH keys to allow the public key hash to be checked.
2009-02-26 21:09:35 +01:00
if (wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_E) {
/*
* Use pre-configured DH keys in order to be able to write the
* key hash into the OOB file.
*/
wpabuf_free(wps->dh_pubkey);
wpabuf_free(wps->dh_privkey);
wps->dh_privkey = NULL;
wps->dh_pubkey = dh_init(dh_groups_get(WPS_DH_GROUP),
&wps->dh_privkey);
wps->dh_pubkey = wpabuf_zeropad(wps->dh_pubkey, 192);
if (wps->dh_pubkey == NULL) {
wpa_printf(MSG_ERROR, "WPS: Failed to initialize "
"Diffie-Hellman handshake");
return -1;
}
}
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 20:57:38 +01:00
if (wps->oob_conf.oob_method == OOB_METHOD_CRED)
wpas_clear_wps(wpa_s);
WPS UFD: Remove oob_dev pointer from wps_context This pointer and the especially the oob_dev->device_path does not remain valid, so better not save it any longer than it is needed.
2009-02-26 21:07:55 +01:00
if (wps_process_oob(wps, oob_dev, 0) < 0)
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 20:57:38 +01:00
return -1;
if ((wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_E ||
wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_R) &&
wpas_wps_start_pin(wpa_s, NULL,
wpabuf_head(wps->oob_conf.dev_password)) < 0)
return -1;
return 0;
}
WPS UFD: Build OOB functionality only if UFD is enabled
2009-02-26 21:10:21 +01:00
#endif /* CONFIG_WPS_OOB */
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 20:57:38 +01:00
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid,
const char *pin)
{
struct wpa_ssid *ssid;
char val[30];
if (!pin)
return -1;
wpas_clear_wps(wpa_s);
ssid = wpas_wps_add_network(wpa_s, 1, bssid);
if (ssid == NULL)
return -1;
os_snprintf(val, sizeof(val), "\"pin=%s\"", pin);
wpa_config_set(ssid, "phase1", val, 0);
eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
wpa_s, NULL);
wpas_wps_reassoc(wpa_s, ssid);
return 0;
}
Moved WPS Registrar initialization from EAP peer to wps_supplicant.c This matches the style used in hostapd, i.e., Registrar is initialized only once and callbacks are now processed in wps_supplicant.c.
2009-01-03 19:18:35 +01:00
static int wpas_wps_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *psk,
size_t psk_len)
{
wpa_printf(MSG_DEBUG, "WPS: Received new WPA/WPA2-PSK from WPS for "
"STA " MACSTR, MAC2STR(mac_addr));
wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
/* TODO */
return 0;
}
static void wpas_wps_pin_needed_cb(void *ctx, const u8 *uuid_e,
const struct wps_device_data *dev)
{
char uuid[40], txt[400];
int len;
if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
return;
wpa_printf(MSG_DEBUG, "WPS: PIN needed for UUID-E %s", uuid);
len = os_snprintf(txt, sizeof(txt), "WPS-EVENT-PIN-NEEDED %s " MACSTR
" [%s|%s|%s|%s|%s|%d-%08X-%d]",
uuid, MAC2STR(dev->mac_addr), dev->device_name,
dev->manufacturer, dev->model_name,
dev->model_number, dev->serial_number,
dev->categ, dev->oui, dev->sub_categ);
if (len > 0 && len < (int) sizeof(txt))
wpa_printf(MSG_INFO, "%s", txt);
}
WPS: Moved wps_context initialization into wps_supplicant.c The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
2008-11-28 19:32:13 +01:00
int wpas_wps_init(struct wpa_supplicant *wpa_s)
{
struct wps_context *wps;
Moved WPS Registrar initialization from EAP peer to wps_supplicant.c This matches the style used in hostapd, i.e., Registrar is initialized only once and callbacks are now processed in wps_supplicant.c.
2009-01-03 19:18:35 +01:00
struct wps_registrar_config rcfg;
WPS: Moved wps_context initialization into wps_supplicant.c The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
2008-11-28 19:32:13 +01:00
wps = os_zalloc(sizeof(*wps));
if (wps == NULL)
return -1;
wps->cred_cb = wpa_supplicant_wps_cred;
WPS: Added event callback and M2D notification The event callback will be used for various event messages and the M2D notification is the first such message. It is used to notify wpa_gui about Registrar not yet knowing the device password (PIN).
2008-12-18 20:58:42 +01:00
wps->event_cb = wpa_supplicant_wps_event;
WPS: Moved wps_context initialization into wps_supplicant.c The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
2008-11-28 19:32:13 +01:00
wps->cb_ctx = wpa_s;
Added configuration of WPS device parameters for wpa_supplicant
2008-12-13 16:20:46 +01:00
wps->dev.device_name = wpa_s->conf->device_name;
wps->dev.manufacturer = wpa_s->conf->manufacturer;
wps->dev.model_name = wpa_s->conf->model_name;
wps->dev.model_number = wpa_s->conf->model_number;
wps->dev.serial_number = wpa_s->conf->serial_number;
if (wpa_s->conf->device_type) {
char *pos;
u8 oui[4];
/* <categ>-<OUI>-<subcateg> */
wps->dev.categ = atoi(wpa_s->conf->device_type);
pos = os_strchr(wpa_s->conf->device_type, '-');
if (pos == NULL) {
wpa_printf(MSG_ERROR, "WPS: Invalid device_type");
os_free(wps);
return -1;
}
pos++;
if (hexstr2bin(pos, oui, 4)) {
wpa_printf(MSG_ERROR, "WPS: Invalid device_type OUI");
os_free(wps);
return -1;
}
wps->dev.oui = WPA_GET_BE32(oui);
pos = os_strchr(pos, '-');
if (pos == NULL) {
wpa_printf(MSG_ERROR, "WPS: Invalid device_type");
os_free(wps);
return -1;
}
pos++;
wps->dev.sub_categ = atoi(pos);
}
wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version);
wps->dev.rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ; /* TODO: config */
WPS: Moved mac_addr and uuid configuration into wps_context There is no need to complicate EAPOL and EAP interfaces with WPS specific parameters now that wps_context is passed through.
2008-11-28 19:44:47 +01:00
os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN);
WPS: Generate UUID based on MAC address, if not set Generate a SHA1 hash -based UUID from the local MAC address if the UUID was not configured. This makes it easier to prepare for WPS since there is no need to generate an UUID.
2009-01-01 21:56:52 +01:00
if (is_nil_uuid(wpa_s->conf->uuid)) {
uuid_gen_mac_addr(wpa_s->own_addr, wps->uuid);
wpa_hexdump(MSG_DEBUG, "WPS: UUID based on MAC address",
wps->uuid, WPS_UUID_LEN);
} else
os_memcpy(wps->uuid, wpa_s->conf->uuid, WPS_UUID_LEN);
WPS: Moved wps_context initialization into wps_supplicant.c The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
2008-11-28 19:32:13 +01:00
Moved WPS Registrar initialization from EAP peer to wps_supplicant.c This matches the style used in hostapd, i.e., Registrar is initialized only once and callbacks are now processed in wps_supplicant.c.
2009-01-03 19:18:35 +01:00
wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
os_memset(&rcfg, 0, sizeof(rcfg));
rcfg.new_psk_cb = wpas_wps_new_psk_cb;
rcfg.pin_needed_cb = wpas_wps_pin_needed_cb;
rcfg.cb_ctx = wpa_s;
wps->registrar = wps_registrar_init(wps, &rcfg);
if (wps->registrar == NULL) {
wpa_printf(MSG_DEBUG, "Failed to initialize WPS Registrar");
os_free(wps);
return -1;
}
WPS: Moved wps_context initialization into wps_supplicant.c The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
2008-11-28 19:32:13 +01:00
wpa_s->wps = wps;
return 0;
}
void wpas_wps_deinit(struct wpa_supplicant *wpa_s)
{
WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
2008-11-29 19:59:45 +01:00
eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
WPS: Moved wps_context initialization into wps_supplicant.c The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
2008-11-28 19:32:13 +01:00
if (wpa_s->wps == NULL)
return;
Moved WPS Registrar initialization from EAP peer to wps_supplicant.c This matches the style used in hostapd, i.e., Registrar is initialized only once and callbacks are now processed in wps_supplicant.c.
2009-01-03 19:18:35 +01:00
wps_registrar_deinit(wpa_s->wps->registrar);
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 20:57:38 +01:00
wpabuf_free(wpa_s->wps->dh_pubkey);
wpabuf_free(wpa_s->wps->dh_privkey);
wpabuf_free(wpa_s->wps->oob_conf.pubkey_hash);
wpabuf_free(wpa_s->wps->oob_conf.dev_password);
WPS: Moved wps_context initialization into wps_supplicant.c The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
2008-11-28 19:32:13 +01:00
os_free(wpa_s->wps->network_key);
os_free(wpa_s->wps);
wpa_s->wps = NULL;
}
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
2008-11-29 21:06:34 +01:00
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid, struct wpa_scan_res *bss)
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
2008-11-29 21:06:34 +01:00
{
struct wpabuf *wps_ie;
if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
return -1;
wps_ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
if (eap_is_wps_pbc_enrollee(&ssid->eap)) {
if (!wps_ie) {
wpa_printf(MSG_DEBUG, " skip - non-WPS AP");
return 0;
}
if (!wps_is_selected_pbc_registrar(wps_ie)) {
wpa_printf(MSG_DEBUG, " skip - WPS AP "
"without active PBC Registrar");
wpabuf_free(wps_ie);
return 0;
}
/* TODO: overlap detection */
wpa_printf(MSG_DEBUG, " selected based on WPS IE "
"(Active PBC)");
wpabuf_free(wps_ie);
return 1;
}
if (eap_is_wps_pin_enrollee(&ssid->eap)) {
if (!wps_ie) {
wpa_printf(MSG_DEBUG, " skip - non-WPS AP");
return 0;
}
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
/*
* Start with WPS APs that advertise active PIN Registrar and
* allow any WPS AP after third scan since some APs do not set
* Selected Registrar attribute properly when using external
* Registrar.
*/
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
2008-11-29 21:06:34 +01:00
if (!wps_is_selected_pin_registrar(wps_ie)) {
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG) {
wpa_printf(MSG_DEBUG, " skip - WPS AP "
"without active PIN Registrar");
wpabuf_free(wps_ie);
return 0;
}
wpa_printf(MSG_DEBUG, " selected based on WPS IE");
} else {
wpa_printf(MSG_DEBUG, " selected based on WPS IE "
"(Active PIN)");
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
2008-11-29 21:06:34 +01:00
}
wpabuf_free(wps_ie);
return 1;
}
if (wps_ie) {
wpa_printf(MSG_DEBUG, " selected based on WPS IE");
wpabuf_free(wps_ie);
return 1;
}
return -1;
}
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
int wpas_wps_ssid_wildcard_ok(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid,
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
2008-11-29 21:06:34 +01:00
struct wpa_scan_res *bss)
{
struct wpabuf *wps_ie = NULL;
int ret = 0;
if (eap_is_wps_pbc_enrollee(&ssid->eap)) {
wps_ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
if (wps_ie && wps_is_selected_pbc_registrar(wps_ie)) {
/* allow wildcard SSID for WPS PBC */
ret = 1;
}
} else if (eap_is_wps_pin_enrollee(&ssid->eap)) {
wps_ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
2009-01-23 12:10:58 +01:00
if (wps_ie &&
(wps_is_selected_pin_registrar(wps_ie) ||
wpa_s->scan_runs >= WPS_PIN_SCAN_IGNORE_SEL_REG)) {
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
2008-11-29 21:06:34 +01:00
/* allow wildcard SSID for WPS PIN */
ret = 1;
}
}
WPS: Added support for wildcard SSID matching in ap_scan=2 mode Change association behavior to match with ap_scan=1 when WPS is used in ap_scan=2 mode with wildcard SSID matching. In addition, allow hardcoded BSSID to be used to select AP even if selected registrar attribute is not present.
2008-12-20 21:55:02 +01:00
if (!ret && ssid->bssid_set &&
os_memcmp(ssid->bssid, bss->bssid, ETH_ALEN) == 0) {
/* allow wildcard SSID due to hardcoded BSSID match */
ret = 1;
}
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
2008-11-29 21:06:34 +01:00
wpabuf_free(wps_ie);
return ret;
}
int wpas_wps_scan_pbc_overlap(struct wpa_supplicant *wpa_s,
struct wpa_scan_res *selected,
struct wpa_ssid *ssid)
{
const u8 *sel_uuid, *uuid;
size_t i;
struct wpabuf *wps_ie;
int ret = 0;
if (!eap_is_wps_pbc_enrollee(&ssid->eap))
return 0;
/* Make sure that only one AP is in active PBC mode */
wps_ie = wpa_scan_get_vendor_ie_multi(selected, WPS_IE_VENDOR_TYPE);
if (wps_ie)
sel_uuid = wps_get_uuid_e(wps_ie);
else
sel_uuid = NULL;
for (i = 0; i < wpa_s->scan_res->num; i++) {
struct wpa_scan_res *bss = wpa_s->scan_res->res[i];
struct wpabuf *ie;
if (bss == selected)
continue;
ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
if (!ie)
continue;
if (!wps_is_selected_pbc_registrar(ie)) {
wpabuf_free(ie);
continue;
}
uuid = wps_get_uuid_e(ie);
Fixed PBC overlap detection to handle case of missing UUID-E UUID-E is not required to be present in Beacon frame, so we need to accept scan results that do not have UUID-E as a valid PBC situation as long as not more than one AP is in active PBC mode.
2008-12-21 16:28:01 +01:00
if (sel_uuid == NULL || uuid == NULL ||
os_memcmp(sel_uuid, uuid, 16) != 0) {
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
2008-11-29 21:06:34 +01:00
ret = 1; /* PBC overlap */
wpabuf_free(ie);
break;
}
/* TODO: verify that this is reasonable dual-band situation */
Fixed memory leak in WPS PBC overlap detection
2008-12-15 18:50:53 +01:00
wpabuf_free(ie);
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
2008-11-29 21:06:34 +01:00
}
wpabuf_free(wps_ie);
return ret;
}
WPS: Added control interface notification for available WPS APs Whenever new scan results include WPS AP(s) and the client is not associated, send a notification message to control interface monitors. This makes it easier for GUIs to notify the user about possible WPS availability without having to go through the scan results.
2008-12-15 19:09:57 +01:00
void wpas_wps_notify_scan_results(struct wpa_supplicant *wpa_s)
{
size_t i;
if (wpa_s->disconnected || wpa_s->wpa_state >= WPA_ASSOCIATED)
return;
for (i = 0; i < wpa_s->scan_res->num; i++) {
struct wpa_scan_res *bss = wpa_s->scan_res->res[i];
struct wpabuf *ie;
ie = wpa_scan_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
if (!ie)
continue;
if (wps_is_selected_pbc_registrar(ie))
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PBC);
else if (wps_is_selected_pin_registrar(ie))
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PIN);
else
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE);
wpabuf_free(ie);
break;
}
}
WPS: Added support for wildcard SSID matching in ap_scan=2 mode Change association behavior to match with ap_scan=1 when WPS is used in ap_scan=2 mode with wildcard SSID matching. In addition, allow hardcoded BSSID to be used to select AP even if selected registrar attribute is not present.
2008-12-20 21:55:02 +01:00
int wpas_wps_searching(struct wpa_supplicant *wpa_s)
{
struct wpa_ssid *ssid;
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && !ssid->disabled)
return 1;
}
return 0;
}
Reference in a new issue Copy permalink