jeltz
/
hostap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
vlan_per_psk_v2
vlan_per_psk
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '311091eb43'
${ noResults }
hostap/src/wps/wps_registrar.c

3796 lines
102 KiB
C
Raw Normal View History Unescape Escape

Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
/*
* Wi-Fi Protected Setup - Registrar
WPS: Do not build Credential with unsupported encr combination on AP It was possible for the Registrar code to generate a Credential with auth type WPAPSK (i.e., WPA v1) with encr type AES if the Enrollee claimed support for WPAPSK and not WPA2PSK while the AP was configured in mixed mode WPAPSK+WPA2PSK regardless of how wpa_pairwise (vs. rsn_pairwise) was set since encr type was selected from the union of wpa_pairwise and rsn_pairwise. This could result in the Enrollee receiving a Credential that it could then not use with the AP. Fix this by masking the encryption types separately on AP based on the wpa_pairwise/rsn_pairwise configuration. In the example case described above, the Credential would get auth=WPAPSK encr=TKIP instead of auth=WPAPSK encr=AES. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
* Copyright (c) 2008-2016, Jouni Malinen <j@w1.fi>
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
*
Remove the GPL notification from files contributed by Jouni Malinen Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
* This software may be distributed under the terms of the BSD license.
* See README for more details.
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
*/
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
#include "utils/includes.h"
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
#include "utils/common.h"
#include "utils/base64.h"
#include "utils/eloop.h"
#include "utils/uuid.h"
#include "utils/list.h"
Remove src/crypto from default include path In addition, start ordering header file includes to be in more consistent order: system header files, src/utils, src/*, same directory as the *.c file.
15 years ago
#include "crypto/crypto.h"
#include "crypto/sha256.h"
Annotate places depending on strong random numbers This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
14 years ago
#include "crypto/random.h"
Remove src/crypto from default include path In addition, start ordering header file includes to be in more consistent order: system header files, src/utils, src/*, same directory as the *.c file.
15 years ago
#include "common/ieee802_11_defs.h"
WPS: Use PMK_LEN instead of hardcoded 32 Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#include "common/wpa_common.h"
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
#include "wps_i.h"
#include "wps_dev_attr.h"
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
#include "wps_upnp.h"
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
#include "wps_upnp_i.h"
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS 2.0: Disable WPS workarounds if CONFIG_WPS_STRICT is defined
14 years ago
#ifndef CONFIG_WPS_STRICT
WPS: Add a workaround for auth/encr type flags mismatches Some deployed implementations seem to advertise incorrect information in this attribute. For example, Linksys WRT350N seems to have a byteorder bug that breaks this negotiation. In order to interoperate with existing implementations, assume that the Enrollee supports everything we do.
15 years ago
#define WPS_WORKAROUNDS
WPS 2.0: Disable WPS workarounds if CONFIG_WPS_STRICT is defined
14 years ago
#endif /* CONFIG_WPS_STRICT */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_WPS_NFC
struct wps_nfc_pw_token {
struct dl_list list;
u8 pubkey_hash[WPS_OOB_PUBKEY_HASH_LEN];
P2P NFC: Report connection handover as trigger for P2P "NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to report completed NFC negotiated connection handover in which the P2P alternative carrier was selected. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
unsigned int peer_pk_hash_known:1;
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
u16 pw_id;
WPS: Fix OOB Device Password use in PSK1,PSK1 derivation WSC specification 2.0 section 7.4 describes OOB password to be expressed in ASCII format (upper case hexdump) instead of raw binary. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
u8 dev_pw[WPS_OOB_DEVICE_PASSWORD_LEN * 2 + 1];
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
size_t dev_pw_len;
WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB When both the Registrar and Enrollee public key hashes are delivered out-of-band (in NFC connection handover), use abbreviated WPS handshake (skip M3-M8). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
int pk_hash_provided_oob; /* whether own PK hash was provided OOB */
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
};
static void wps_remove_nfc_pw_token(struct wps_nfc_pw_token *token)
{
dl_list_del(&token->list);
WPS: Clear keys/PINs explicitly Use an explicit memset call to clear any configuration parameter and dynamic data that contains private information like keys or identity. This brings in an additional layer of protection by reducing the length of time this type of private data is kept in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
bin_clear_free(token, sizeof(*token));
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
}
static void wps_free_nfc_pw_tokens(struct dl_list *tokens, u16 pw_id)
{
struct wps_nfc_pw_token *token, *prev;
dl_list_for_each_safe(token, prev, tokens, struct wps_nfc_pw_token,
list) {
if (pw_id == 0 || pw_id == token->pw_id)
wps_remove_nfc_pw_token(token);
}
}
static struct wps_nfc_pw_token * wps_get_nfc_pw_token(struct dl_list *tokens,
u16 pw_id)
{
struct wps_nfc_pw_token *token;
dl_list_for_each(token, tokens, struct wps_nfc_pw_token, list) {
if (pw_id == token->pw_id)
return token;
}
return NULL;
}
#else /* CONFIG_WPS_NFC */
#define wps_free_nfc_pw_tokens(t, p) do { } while (0)
#endif /* CONFIG_WPS_NFC */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
struct wps_uuid_pin {
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
struct dl_list list;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
u8 uuid[WPS_UUID_LEN];
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
int wildcard_uuid;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
u8 *pin;
size_t pin_len;
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
#define PIN_LOCKED BIT(0)
#define PIN_EXPIRES BIT(1)
int flags;
wps_registrar: Use monotonic time for PIN timeout If the PIN expires, then a timeout is given, so that monotonic time should be used. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
struct os_reltime expiration;
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
u8 enrollee_addr[ETH_ALEN];
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
};
static void wps_free_pin(struct wps_uuid_pin *pin)
{
WPS: Clear keys/PINs explicitly Use an explicit memset call to clear any configuration parameter and dynamic data that contains private information like keys or identity. This brings in an additional layer of protection by reducing the length of time this type of private data is kept in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
bin_clear_free(pin->pin, pin->pin_len);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
os_free(pin);
}
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
static void wps_remove_pin(struct wps_uuid_pin *pin)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
dl_list_del(&pin->list);
wps_free_pin(pin);
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
static void wps_free_pins(struct dl_list *pins)
{
struct wps_uuid_pin *pin, *prev;
dl_list_for_each_safe(pin, prev, pins, struct wps_uuid_pin, list)
wps_remove_pin(pin);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
struct wps_pbc_session {
struct wps_pbc_session *next;
u8 addr[ETH_ALEN];
u8 uuid_e[WPS_UUID_LEN];
wps_registrar: Use monotonic time for PBC session timeout PBC sessions are just time-stamped when activated, and eventually time out, so should use monotonic time. While at it, make the code use os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
struct os_reltime timestamp;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
};
static void wps_free_pbc_sessions(struct wps_pbc_session *pbc)
{
struct wps_pbc_session *prev;
while (pbc) {
prev = pbc;
pbc = pbc->next;
os_free(prev);
}
}
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
struct wps_registrar_device {
struct wps_registrar_device *next;
struct wps_device_data dev;
u8 uuid[WPS_UUID_LEN];
};
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
struct wps_registrar {
struct wps_context *wps;
int pbc;
int selected_registrar;
P2P: Store P2P Device Address in per-device PSK records This makes the P2P Device Address of the Enrollee available with the PSK records to allow P2P Device Address instead of P2P Interface Address to be used for finding the correct PSK. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
int (*new_psk_cb)(void *ctx, const u8 *mac_addr, const u8 *p2p_dev_addr,
const u8 *psk, size_t psk_len);
Merge driver ops set_wps_beacon_ie and set_wps_probe_resp_ie set_ap_wps_ie() is not used to set WPS IE for both Beacon and Probe Response frames with a single call. In addition, struct wpabuf is used instead of separate u8* and length fields. This avoids duplicated allocation of the IEs and simplifies code in general.
15 years ago
int (*set_ie_cb)(void *ctx, struct wpabuf *beacon_ie,
struct wpabuf *probe_resp_ie);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
void (*pin_needed_cb)(void *ctx, const u8 *uuid_e,
const struct wps_device_data *dev);
WPS: Added option to disable AP auto-config on first registration This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state.
16 years ago
void (*reg_success_cb)(void *ctx, const u8 *mac_addr,
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
const u8 *uuid_e, const u8 *dev_pw,
size_t dev_pw_len);
WPS ER: Add PIN configuration and SetSelectedRegistrar call New PINs can now be added to WPS ER. This results in the ER code using SetSelectedRegistrar to modify AP state so that Enrollees will be able to notice the actice registrar more easily.
15 years ago
void (*set_sel_reg_cb)(void *ctx, int sel_reg, u16 dev_passwd_id,
u16 sel_reg_config_methods);
WPS: Add Enrollee-seen event message and wpa_gui-qt4 Peers entry This can be used to show active Enrollees in AP mode to make it easier to provision a new device.
15 years ago
void (*enrollee_seen_cb)(void *ctx, const u8 *addr, const u8 *uuid_e,
const u8 *pri_dev_type, u16 config_methods,
u16 dev_password_id, u8 request_type,
const char *dev_name);
WPS: Make it possible to use PSKs loaded from the PSK file By default, when configuration file set wpa_psk_file, hostapd generated a random PSK for each Enrollee provisioned using WPS and appended that PSK to wpa_psk_file. Changes that behavior by adding a new step. WPS will first try to use a PSK from wpa_psk_file. It will only try PSKs with wps=1 tag. Additionally it'll try to match enrollee's MAC address (if provided). If it fails to find an appropriate PSK, it falls back to generating a new PSK. Signed-off-by: Tomasz Jankowski <tomasz.jankowski@plume.com>
4 years ago
int (*lookup_pskfile_cb)(void *ctx, const u8 *mac_addr, const u8 **psk);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
void *cb_ctx;
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
struct dl_list pins;
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
struct dl_list nfc_pw_tokens;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
struct wps_pbc_session *pbc_sessions;
Added an option to add (or override) Credential attribute(s) in M8
16 years ago
int skip_cred_build;
struct wpabuf *extra_cred;
WPS: Added option to disable AP auto-config on first registration This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state.
16 years ago
int disable_auto_conf;
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
int sel_reg_union;
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
int sel_reg_dev_password_id_override;
int sel_reg_config_methods_override;
WPS: Fix Beacon WPS IE on concurrent dualband AP in PBC mode The Beacon frame must include UUID-E and RF Bands attributes when in active PBC mode to allow stations to figure out that two BSSes in PBC mode is not a PBC session overlap.
14 years ago
int dualband;
P2P: Allow per-device PSK to be assigned "wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable use of per-device PSKs in P2P groups. This is disabled by default. When enabled, a default passphrase is still generated by the GO for legacy stations, but all P2P and non-P2P devices using WPS will get a unique PSK. This gives more protection for the P2P group by preventing clients from being able to derive the unicast keys used by other clients. This is also a step towards allowing specific clients to be removed from a group reliably without having to tear down the full group to do so. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
int force_per_enrollee_psk;
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
struct wps_registrar_device *devices;
WPS: Abort ongoing PBC protocol run if session overlap is detected If PBC session overlap is detected during an ongoing PBC protocol run, reject the run (if M8, i.e., credentials, have not yet been sent). This provides a bit longer monitoring time at the Registrar for PBC mode to catch some cases where two Enrollees in PBC mode try to enroll credentials at about the same time.
15 years ago
int force_pbc_overlap;
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
u8 authorized_macs[WPS_MAX_AUTHORIZED_MACS][ETH_ALEN];
u8 authorized_macs_union[WPS_MAX_AUTHORIZED_MACS][ETH_ALEN];
P2P: Allow WPS_PBC command on GO to select on P2P Device Address An optional parameter, p2p_dev_addr, can now be given to WPS_PBC command on P2P GO to indicate that only the P2P device with the specified P2P Device Address is allowed to connect using PBC. If any other device tries to use PBC, a session overlap is indicated and the negotiation is rejected with M2D. The command format for specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g., WPS_PBC p2p_dev_addr=02:03:04:05:06:07 In addition, show the PBC session overlap indication as a WPS failure event on an AP/GO interface. This particular new case shows up as "WPS-FAIL msg=4 config_error=12".
14 years ago
u8 p2p_dev_addr[ETH_ALEN];
WPS: Add a workaround for PBC session overlap detection Some deployed station implementations implement WPS incorrectly and end up causing PBC session overlap issues by indicating active PBC mode in a scan after the WPS provisioning step. Work around this by ignoring active PBC indication in a Probe Request from a station that completed PBC provisioning during the last five seconds. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
u8 pbc_ignore_uuid[WPS_UUID_LEN];
wps_registrar: Use monotonic time for PBC workaround The PBC ignore-start workaround just needs to check whether the time is within 5 seconds, so should use monotonic time. While at it, add a few more ifdefs to clearly separate the code and variables needed. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
#ifdef WPS_WORKAROUNDS
struct os_reltime pbc_ignore_start;
#endif /* WPS_WORKAROUNDS */
hostapd: Support Multi-AP backhaul STA onboarding with WPS The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the WPS Registrar offers a different set of credentials (backhaul credentials instead of fronthaul credentials) when the Multi-AP subelement is present in the WFA vendor extension element of the WSC M1 message. Add new configuration options to specify the backhaul credentials for the hostapd internal registrar: multi_ap_backhaul_ssid, multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or 3. When these options are set, pass the backhaul credentials instead of the normal credentials when the Multi-AP subelement is present. Ignore the Multi-AP subelement if the backhaul config options are not set. Note that for an SSID which is fronthaul and backhaul at the same time (i.e., multi_ap == 3), this results in the correct credentials being sent anyway. The security to be used for the backaul BSS is fixed to WPA2PSK. The Multi-AP Specification only allows Open and WPA2PSK networks to be configured. Although not stated explicitly, the backhaul link is intended to be always encrypted, hence WPA2PSK. To build the credentials, the credential-building code is essentially copied and simplified. Indeed, the backhaul credentials are always WPA2PSK and never use per-device PSK. All the options set for the fronthaul BSS WPS are simply ignored. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
5 years ago
/**
* multi_ap_backhaul_ssid - SSID to supply to a Multi-AP backhaul
* enrollee
*
* This SSID is used by the Registrar to fill in information for
* Credentials when the enrollee advertises it is a Multi-AP backhaul
* STA.
*/
u8 multi_ap_backhaul_ssid[SSID_MAX_LEN];
/**
* multi_ap_backhaul_ssid_len - Length of multi_ap_backhaul_ssid in
* octets
*/
size_t multi_ap_backhaul_ssid_len;
/**
* multi_ap_backhaul_network_key - The Network Key (PSK) for the
* Multi-AP backhaul enrollee.
*
* This key can be either the ASCII passphrase (8..63 characters) or the
* 32-octet PSK (64 hex characters).
*/
u8 *multi_ap_backhaul_network_key;
/**
* multi_ap_backhaul_network_key_len - Length of
* multi_ap_backhaul_network_key in octets
*/
size_t multi_ap_backhaul_network_key_len;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
};
static int wps_set_ie(struct wps_registrar *reg);
static void wps_registrar_pbc_timeout(void *eloop_ctx, void *timeout_ctx);
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
static void wps_registrar_set_selected_timeout(void *eloop_ctx,
void *timeout_ctx);
WPS: Limit number of active wildcard PINs to one Previously, WPS Registrar allowed multiple wildcard PINs to be configured. This can get confusing since these PINs get assigned to any Enrollee that does not have a specific PIN and as such, cannot really be used with different PIN values in reasonable ways. To avoid confusion with multiple enabled PINs, invalidate any previously configured wildcard PIN whenever adding a new one. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static void wps_registrar_remove_pin(struct wps_registrar *reg,
struct wps_uuid_pin *pin);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
static void wps_registrar_add_authorized_mac(struct wps_registrar *reg,
const u8 *addr)
{
int i;
WPS: Add more debug prints for authorized MACs operations
14 years ago
wpa_printf(MSG_DEBUG, "WPS: Add authorized MAC " MACSTR,
MAC2STR(addr));
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
for (i = 0; i < WPS_MAX_AUTHORIZED_MACS; i++)
WPS: Add more debug prints for authorized MACs operations
14 years ago
if (os_memcmp(reg->authorized_macs[i], addr, ETH_ALEN) == 0) {
wpa_printf(MSG_DEBUG, "WPS: Authorized MAC was "
"already in the list");
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
return; /* already in list */
WPS: Add more debug prints for authorized MACs operations
14 years ago
}
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
for (i = WPS_MAX_AUTHORIZED_MACS - 1; i > 0; i--)
os_memcpy(reg->authorized_macs[i], reg->authorized_macs[i - 1],
ETH_ALEN);
os_memcpy(reg->authorized_macs[0], addr, ETH_ALEN);
WPS: Add more debug prints for authorized MACs operations
14 years ago
wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs",
(u8 *) reg->authorized_macs, sizeof(reg->authorized_macs));
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
}
static void wps_registrar_remove_authorized_mac(struct wps_registrar *reg,
const u8 *addr)
{
int i;
WPS: Add more debug prints for authorized MACs operations
14 years ago
wpa_printf(MSG_DEBUG, "WPS: Remove authorized MAC " MACSTR,
MAC2STR(addr));
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
for (i = 0; i < WPS_MAX_AUTHORIZED_MACS; i++) {
if (os_memcmp(reg->authorized_macs, addr, ETH_ALEN) == 0)
break;
}
WPS: Add more debug prints for authorized MACs operations
14 years ago
if (i == WPS_MAX_AUTHORIZED_MACS) {
wpa_printf(MSG_DEBUG, "WPS: Authorized MAC was not in the "
"list");
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
return; /* not in the list */
WPS: Add more debug prints for authorized MACs operations
14 years ago
}
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
for (; i + 1 < WPS_MAX_AUTHORIZED_MACS; i++)
os_memcpy(reg->authorized_macs[i], reg->authorized_macs[i + 1],
ETH_ALEN);
os_memset(reg->authorized_macs[WPS_MAX_AUTHORIZED_MACS - 1], 0,
ETH_ALEN);
WPS: Add more debug prints for authorized MACs operations
14 years ago
wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs",
(u8 *) reg->authorized_macs, sizeof(reg->authorized_macs));
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
}
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
static void wps_free_devices(struct wps_registrar_device *dev)
{
struct wps_registrar_device *prev;
while (dev) {
prev = dev;
dev = dev->next;
wps_device_data_free(&prev->dev);
os_free(prev);
}
}
static struct wps_registrar_device * wps_device_get(struct wps_registrar *reg,
const u8 *addr)
{
struct wps_registrar_device *dev;
for (dev = reg->devices; dev; dev = dev->next) {
if (os_memcmp(dev->dev.mac_addr, addr, ETH_ALEN) == 0)
return dev;
}
return NULL;
}
static void wps_device_clone_data(struct wps_device_data *dst,
struct wps_device_data *src)
{
os_memcpy(dst->mac_addr, src->mac_addr, ETH_ALEN);
WPS: Clean up Primary Device Type handling Use shared functions for converting Primary Device Type between binary and string formats. In addition, use array of eight octets instead of a specific structure with multiple fields to reduce code complexity.
15 years ago
os_memcpy(dst->pri_dev_type, src->pri_dev_type, WPS_DEV_TYPE_LEN);
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
#define WPS_STRDUP(n) \
os_free(dst->n); \
dst->n = src->n ? os_strdup(src->n) : NULL
WPS_STRDUP(device_name);
WPS_STRDUP(manufacturer);
WPS_STRDUP(model_name);
WPS_STRDUP(model_number);
WPS_STRDUP(serial_number);
#undef WPS_STRDUP
}
int wps_device_store(struct wps_registrar *reg,
struct wps_device_data *dev, const u8 *uuid)
{
struct wps_registrar_device *d;
d = wps_device_get(reg, dev->mac_addr);
if (d == NULL) {
d = os_zalloc(sizeof(*d));
if (d == NULL)
return -1;
d->next = reg->devices;
reg->devices = d;
}
wps_device_clone_data(&d->dev, dev);
os_memcpy(d->uuid, uuid, WPS_UUID_LEN);
return 0;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
static void wps_registrar_add_pbc_session(struct wps_registrar *reg,
const u8 *addr, const u8 *uuid_e)
{
struct wps_pbc_session *pbc, *prev = NULL;
wps_registrar: Use monotonic time for PBC session timeout PBC sessions are just time-stamped when activated, and eventually time out, so should use monotonic time. While at it, make the code use os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
struct os_reltime now;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_registrar: Use monotonic time for PBC session timeout PBC sessions are just time-stamped when activated, and eventually time out, so should use monotonic time. While at it, make the code use os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
os_get_reltime(&now);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
pbc = reg->pbc_sessions;
while (pbc) {
if (os_memcmp(pbc->addr, addr, ETH_ALEN) == 0 &&
os_memcmp(pbc->uuid_e, uuid_e, WPS_UUID_LEN) == 0) {
if (prev)
prev->next = pbc->next;
else
reg->pbc_sessions = pbc->next;
break;
}
prev = pbc;
pbc = pbc->next;
}
if (!pbc) {
pbc = os_zalloc(sizeof(*pbc));
if (pbc == NULL)
return;
os_memcpy(pbc->addr, addr, ETH_ALEN);
if (uuid_e)
os_memcpy(pbc->uuid_e, uuid_e, WPS_UUID_LEN);
}
pbc->next = reg->pbc_sessions;
reg->pbc_sessions = pbc;
pbc->timestamp = now;
/* remove entries that have timed out */
prev = pbc;
pbc = pbc->next;
while (pbc) {
wps_registrar: Use monotonic time for PBC session timeout PBC sessions are just time-stamped when activated, and eventually time out, so should use monotonic time. While at it, make the code use os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
if (os_reltime_expired(&now, &pbc->timestamp,
WPS_PBC_WALK_TIME)) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
prev->next = NULL;
wps_free_pbc_sessions(pbc);
break;
}
prev = pbc;
pbc = pbc->next;
}
}
static void wps_registrar_remove_pbc_session(struct wps_registrar *reg,
Skip WPS PBC overlap detection if P2P address is the same WPS overlap detection can detect false overlap if a P2P peer changes UUID while authentication is ongoing. Changing UUID is of course wrong but this is what some popular devices do so we need to work around it in order to keep compatibility with these devices. There already is a mechanism in WPS registrar to skip overlap detection if P2P addresses of two sessions match but it wasn't really triggered because the address wasn't filled in in the caller function. Let's fill in this address and also clean up WPS PBC sessions on WSC process completion if UUID was changed. Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
13 years ago
const u8 *uuid_e,
const u8 *p2p_dev_addr)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
WPS: Fix active PBC session removal to ignore MAC address Use only the UUID-E to remove active PBC session(s) at the completion of successful PBC protocol run. This fixes potential issues with Enrollees that use multiple MAC addresses and as such, can get multiple entries in the PBC session list.
13 years ago
struct wps_pbc_session *pbc, *prev = NULL, *tmp;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
pbc = reg->pbc_sessions;
while (pbc) {
Skip WPS PBC overlap detection if P2P address is the same WPS overlap detection can detect false overlap if a P2P peer changes UUID while authentication is ongoing. Changing UUID is of course wrong but this is what some popular devices do so we need to work around it in order to keep compatibility with these devices. There already is a mechanism in WPS registrar to skip overlap detection if P2P addresses of two sessions match but it wasn't really triggered because the address wasn't filled in in the caller function. Let's fill in this address and also clean up WPS PBC sessions on WSC process completion if UUID was changed. Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
13 years ago
if (os_memcmp(pbc->uuid_e, uuid_e, WPS_UUID_LEN) == 0 ||
(p2p_dev_addr && !is_zero_ether_addr(reg->p2p_dev_addr) &&
os_memcmp(reg->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
0)) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (prev)
prev->next = pbc->next;
else
reg->pbc_sessions = pbc->next;
WPS: Fix active PBC session removal to ignore MAC address Use only the UUID-E to remove active PBC session(s) at the completion of successful PBC protocol run. This fixes potential issues with Enrollees that use multiple MAC addresses and as such, can get multiple entries in the PBC session list.
13 years ago
tmp = pbc;
pbc = pbc->next;
wpa_printf(MSG_DEBUG, "WPS: Removing PBC session for "
"addr=" MACSTR, MAC2STR(tmp->addr));
wpa_hexdump(MSG_DEBUG, "WPS: Removed UUID-E",
tmp->uuid_e, WPS_UUID_LEN);
os_free(tmp);
continue;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
prev = pbc;
pbc = pbc->next;
}
}
WPS ER: Use PBC overlap detection ER should follow same rules as internal Registrar in an AP for session overlap detection.
14 years ago
int wps_registrar_pbc_overlap(struct wps_registrar *reg,
const u8 *addr, const u8 *uuid_e)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
int count = 0;
struct wps_pbc_session *pbc;
WPS: Use only UUID-E in PBC session overlap detection on Registrar Ignore possible mismatches in the source address of the frame and only use UUID-E to check whether a Probe Request or M1 is from the same Enrollee when figuring out whether there is PBC session overlap. This is needed to avoid potential issues with Enrollee devices that may have multiple interfaces indicating active PBC state.
13 years ago
struct wps_pbc_session *first = NULL;
wps_registrar: Use monotonic time for PBC session timeout PBC sessions are just time-stamped when activated, and eventually time out, so should use monotonic time. While at it, make the code use os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
struct os_reltime now;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_registrar: Use monotonic time for PBC session timeout PBC sessions are just time-stamped when activated, and eventually time out, so should use monotonic time. While at it, make the code use os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
os_get_reltime(&now);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Add more debug information to PBC session overlap check
13 years ago
wpa_printf(MSG_DEBUG, "WPS: Checking active PBC sessions for overlap");
if (uuid_e) {
wpa_printf(MSG_DEBUG, "WPS: Add one for the requested UUID");
wpa_hexdump(MSG_DEBUG, "WPS: Requested UUID",
uuid_e, WPS_UUID_LEN);
count++;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
for (pbc = reg->pbc_sessions; pbc; pbc = pbc->next) {
WPS: Add more debug information to PBC session overlap check
13 years ago
wpa_printf(MSG_DEBUG, "WPS: Consider PBC session with " MACSTR,
MAC2STR(pbc->addr));
wpa_hexdump(MSG_DEBUG, "WPS: UUID-E",
pbc->uuid_e, WPS_UUID_LEN);
wps_registrar: Use monotonic time for PBC session timeout PBC sessions are just time-stamped when activated, and eventually time out, so should use monotonic time. While at it, make the code use os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
if (os_reltime_expired(&now, &pbc->timestamp,
WPS_PBC_WALK_TIME)) {
wpa_printf(MSG_DEBUG, "WPS: PBC walk time has expired");
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
break;
WPS: Add more debug information to PBC session overlap check
13 years ago
}
WPS: Use only UUID-E in PBC session overlap detection on Registrar Ignore possible mismatches in the source address of the frame and only use UUID-E to check whether a Probe Request or M1 is from the same Enrollee when figuring out whether there is PBC session overlap. This is needed to avoid potential issues with Enrollee devices that may have multiple interfaces indicating active PBC state.
13 years ago
if (first &&
WPS: Add more debug information to PBC session overlap check
13 years ago
os_memcmp(pbc->uuid_e, first->uuid_e, WPS_UUID_LEN) == 0) {
wpa_printf(MSG_DEBUG, "WPS: Same Enrollee");
WPS: Use only UUID-E in PBC session overlap detection on Registrar Ignore possible mismatches in the source address of the frame and only use UUID-E to check whether a Probe Request or M1 is from the same Enrollee when figuring out whether there is PBC session overlap. This is needed to avoid potential issues with Enrollee devices that may have multiple interfaces indicating active PBC state.
13 years ago
continue; /* same Enrollee */
WPS: Add more debug information to PBC session overlap check
13 years ago
}
WPS: Use only UUID-E in PBC session overlap detection on Registrar Ignore possible mismatches in the source address of the frame and only use UUID-E to check whether a Probe Request or M1 is from the same Enrollee when figuring out whether there is PBC session overlap. This is needed to avoid potential issues with Enrollee devices that may have multiple interfaces indicating active PBC state.
13 years ago
if (uuid_e == NULL ||
WPS: Add more debug information to PBC session overlap check
13 years ago
os_memcmp(uuid_e, pbc->uuid_e, WPS_UUID_LEN)) {
wpa_printf(MSG_DEBUG, "WPS: New Enrollee");
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
count++;
WPS: Add more debug information to PBC session overlap check
13 years ago
}
WPS: Use only UUID-E in PBC session overlap detection on Registrar Ignore possible mismatches in the source address of the frame and only use UUID-E to check whether a Probe Request or M1 is from the same Enrollee when figuring out whether there is PBC session overlap. This is needed to avoid potential issues with Enrollee devices that may have multiple interfaces indicating active PBC state.
13 years ago
if (first == NULL)
first = pbc;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS: Add more debug information to PBC session overlap check
13 years ago
wpa_printf(MSG_DEBUG, "WPS: %u active PBC session(s) found", count);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return count > 1 ? 1 : 0;
}
static int wps_build_wps_state(struct wps_context *wps, struct wpabuf *msg)
{
wpa_printf(MSG_DEBUG, "WPS: * Wi-Fi Protected Setup State (%d)",
wps->wps_state);
wpabuf_put_be16(msg, ATTR_WPS_STATE);
wpabuf_put_be16(msg, 1);
wpabuf_put_u8(msg, wps->wps_state);
return 0;
}
WPS UPnP: Added support for multiple external Registrars Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3.
16 years ago
#ifdef CONFIG_WPS_UPNP
static void wps_registrar_free_pending_m2(struct wps_context *wps)
{
struct upnp_pending_message *p, *p2, *prev = NULL;
p = wps->upnp_msgs;
while (p) {
if (p->type == WPS_M2 || p->type == WPS_M2D) {
if (prev == NULL)
wps->upnp_msgs = p->next;
else
prev->next = p->next;
wpa_printf(MSG_DEBUG, "WPS UPnP: Drop pending M2/M2D");
p2 = p;
p = p->next;
wpabuf_free(p2->msg);
os_free(p2);
continue;
}
prev = p;
p = p->next;
}
}
#endif /* CONFIG_WPS_UPNP */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
static int wps_build_ap_setup_locked(struct wps_context *wps,
struct wpabuf *msg)
{
WPS: Add special AP Setup Locked mode to allow read only ER ap_setup_locked=2 can now be used to enable a special mode where WPS ER can learn the current AP settings, but cannot change then. In other words, the protocol is allowed to continue past M2, but is stopped at M7 when AP is in this mode. WPS IE does not advertise AP Setup Locked in this case to avoid interoperability issues. In wpa_supplicant, use ap_setup_locked=2 by default. Since the AP PIN is disabled by default, this does not enable any new functionality automatically. To allow the read-only ER to go through the protocol, wps_ap_pin command needs to be used to enable the AP PIN.
14 years ago
if (wps->ap_setup_locked && wps->ap_setup_locked != 2) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: * AP Setup Locked");
wpabuf_put_be16(msg, ATTR_AP_SETUP_LOCKED);
wpabuf_put_be16(msg, 1);
wpabuf_put_u8(msg, 1);
}
return 0;
}
static int wps_build_selected_registrar(struct wps_registrar *reg,
struct wpabuf *msg)
{
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
if (!reg->sel_reg_union)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
wpa_printf(MSG_DEBUG, "WPS: * Selected Registrar");
wpabuf_put_be16(msg, ATTR_SELECTED_REGISTRAR);
wpabuf_put_be16(msg, 1);
wpabuf_put_u8(msg, 1);
return 0;
}
static int wps_build_sel_reg_dev_password_id(struct wps_registrar *reg,
struct wpabuf *msg)
{
u16 id = reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT;
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
if (!reg->sel_reg_union)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
if (reg->sel_reg_dev_password_id_override >= 0)
id = reg->sel_reg_dev_password_id_override;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: * Device Password ID (%d)", id);
wpabuf_put_be16(msg, ATTR_DEV_PASSWORD_ID);
wpabuf_put_be16(msg, 2);
wpabuf_put_be16(msg, id);
return 0;
}
WPS: Fix Beacon WPS IE on concurrent dualband AP in PBC mode The Beacon frame must include UUID-E and RF Bands attributes when in active PBC mode to allow stations to figure out that two BSSes in PBC mode is not a PBC session overlap.
14 years ago
static int wps_build_sel_pbc_reg_uuid_e(struct wps_registrar *reg,
struct wpabuf *msg)
{
u16 id = reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT;
if (!reg->sel_reg_union)
return 0;
if (reg->sel_reg_dev_password_id_override >= 0)
id = reg->sel_reg_dev_password_id_override;
if (id != DEV_PW_PUSHBUTTON || !reg->dualband)
return 0;
return wps_build_uuid_e(msg, reg->wps->uuid);
}
WPS 2.0: Make sure PHY/VIRT flag gets set for PBC
14 years ago
static void wps_set_pushbutton(u16 *methods, u16 conf_methods)
{
*methods |= WPS_CONFIG_PUSHBUTTON;
hostapd: Fix PBC config method of WSC IE in Beacon/Probe Response In AP which supports WPSv2 with only virtual push button, when PBC is called, the WSC IE should include Selected Registrar Configuration Methods attribute with the bit of the physical push button not set. Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
12 years ago
if ((conf_methods & WPS_CONFIG_VIRT_PUSHBUTTON) ==
WPS_CONFIG_VIRT_PUSHBUTTON)
WPS 2.0: Make sure PHY/VIRT flag gets set for PBC
14 years ago
*methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
hostapd: Fix PBC config method of WSC IE in Beacon/Probe Response In AP which supports WPSv2 with only virtual push button, when PBC is called, the WSC IE should include Selected Registrar Configuration Methods attribute with the bit of the physical push button not set. Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
12 years ago
if ((conf_methods & WPS_CONFIG_PHY_PUSHBUTTON) ==
WPS_CONFIG_PHY_PUSHBUTTON)
WPS 2.0: Make sure PHY/VIRT flag gets set for PBC
14 years ago
*methods |= WPS_CONFIG_PHY_PUSHBUTTON;
hostapd: Fix PBC config method of WSC IE in Beacon/Probe Response In AP which supports WPSv2 with only virtual push button, when PBC is called, the WSC IE should include Selected Registrar Configuration Methods attribute with the bit of the physical push button not set. Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
12 years ago
if ((*methods & WPS_CONFIG_VIRT_PUSHBUTTON) !=
WPS_CONFIG_VIRT_PUSHBUTTON &&
(*methods & WPS_CONFIG_PHY_PUSHBUTTON) !=
WPS_CONFIG_PHY_PUSHBUTTON) {
WPS 2.0: Make sure PHY/VIRT flag gets set for PBC
14 years ago
/*
* Required to include virtual/physical flag, but we were not
* configured with push button type, so have to default to one
* of them.
*/
*methods |= WPS_CONFIG_PHY_PUSHBUTTON;
}
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
static int wps_build_sel_reg_config_methods(struct wps_registrar *reg,
struct wpabuf *msg)
{
u16 methods;
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
if (!reg->sel_reg_union)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2) For now, the default build will only include WSC 1.0 support. CONFIG_WPS2=y can be used to add support for WSC 2.0.
14 years ago
methods = reg->wps->config_methods;
methods &= ~WPS_CONFIG_PUSHBUTTON;
methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
WPS_CONFIG_PHY_PUSHBUTTON);
WPS 2.0: Make sure PHY/VIRT flag gets set for PBC
14 years ago
if (reg->pbc)
wps_set_pushbutton(&methods, reg->wps->config_methods);
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
if (reg->sel_reg_config_methods_override >= 0)
methods = reg->sel_reg_config_methods_override;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: * Selected Registrar Config Methods (%x)",
methods);
wpabuf_put_be16(msg, ATTR_SELECTED_REGISTRAR_CONFIG_METHODS);
wpabuf_put_be16(msg, 2);
wpabuf_put_be16(msg, methods);
return 0;
}
static int wps_build_probe_config_methods(struct wps_registrar *reg,
struct wpabuf *msg)
{
u16 methods;
Fix WPS IE in Probe Response frame to include proper Config Methods values This attribute is supposed to indicate which methods the AP supports as an Enrollee for adding external Registrars. It was left to 0 when the AP code did not yet support external Registrars and was forgotten when the ER support was added.
14 years ago
/*
* These are the methods that the AP supports as an Enrollee for adding
* external Registrars.
*/
WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2) For now, the default build will only include WSC 1.0 support. CONFIG_WPS2=y can be used to add support for WSC 2.0.
14 years ago
methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
WPS_CONFIG_PHY_PUSHBUTTON);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: * Config Methods (%x)", methods);
wpabuf_put_be16(msg, ATTR_CONFIG_METHODS);
wpabuf_put_be16(msg, 2);
wpabuf_put_be16(msg, methods);
return 0;
}
WPS: Moved ProbeReq/AssocReq WPS IE building into wps_common.c This code and the related attributes are not specific to Enrollee functionality, so wps_common.c is the correct location for them.
16 years ago
static int wps_build_config_methods_r(struct wps_registrar *reg,
struct wpabuf *msg)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
WPS: Fix M2/M2D Config Methods to include PushButton even if PBC not in use The Config Methods attribute in M2 and M2D messages is supposed to indicate which configuration methods are supported by the Registrar. As such, it should not depend on whether PBC mode is currently active or not. That will only affect the Selected Registrar Config Methods and Device Password ID attributes.
13 years ago
return wps_build_config_methods(msg, reg->wps->config_methods);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS 2.0: Convert new attributes into WFA vendor extension The WSC 2.0 specification moved to use another design for the new attributes to avoid backwards compatibility issues with some deployed implementations.
14 years ago
const u8 * wps_authorized_macs(struct wps_registrar *reg, size_t *count)
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
{
WPS 2.0: Convert new attributes into WFA vendor extension The WSC 2.0 specification moved to use another design for the new attributes to avoid backwards compatibility issues with some deployed implementations.
14 years ago
*count = 0;
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
WPS 2.0: Convert new attributes into WFA vendor extension The WSC 2.0 specification moved to use another design for the new attributes to avoid backwards compatibility issues with some deployed implementations.
14 years ago
while (*count < WPS_MAX_AUTHORIZED_MACS) {
if (is_zero_ether_addr(reg->authorized_macs_union[*count]))
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
break;
WPS 2.0: Convert new attributes into WFA vendor extension The WSC 2.0 specification moved to use another design for the new attributes to avoid backwards compatibility issues with some deployed implementations.
14 years ago
(*count)++;
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
}
WPS 2.0: Convert new attributes into WFA vendor extension The WSC 2.0 specification moved to use another design for the new attributes to avoid backwards compatibility issues with some deployed implementations.
14 years ago
return (const u8 *) reg->authorized_macs_union;
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
}
Added Doxygen documentation for WPS code
16 years ago
/**
* wps_registrar_init - Initialize WPS Registrar data
* @wps: Pointer to longterm WPS context
* @cfg: Registrar configuration
* Returns: Pointer to allocated Registrar data or %NULL on failure
*
* This function is used to initialize WPS Registrar functionality. It can be
* used for a single Registrar run (e.g., when run in a supplicant) or multiple
* runs (e.g., when run as an internal Registrar in an AP). Caller is
* responsible for freeing the returned data with wps_registrar_deinit() when
* Registrar functionality is not needed anymore.
*/
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
struct wps_registrar *
wps_registrar_init(struct wps_context *wps,
const struct wps_registrar_config *cfg)
{
struct wps_registrar *reg = os_zalloc(sizeof(*reg));
if (reg == NULL)
return NULL;
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
dl_list_init(&reg->pins);
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
dl_list_init(&reg->nfc_pw_tokens);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
reg->wps = wps;
reg->new_psk_cb = cfg->new_psk_cb;
reg->set_ie_cb = cfg->set_ie_cb;
reg->pin_needed_cb = cfg->pin_needed_cb;
WPS: Added option to disable AP auto-config on first registration This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state.
16 years ago
reg->reg_success_cb = cfg->reg_success_cb;
WPS ER: Add PIN configuration and SetSelectedRegistrar call New PINs can now be added to WPS ER. This results in the ER code using SetSelectedRegistrar to modify AP state so that Enrollees will be able to notice the actice registrar more easily.
15 years ago
reg->set_sel_reg_cb = cfg->set_sel_reg_cb;
WPS: Add Enrollee-seen event message and wpa_gui-qt4 Peers entry This can be used to show active Enrollees in AP mode to make it easier to provision a new device.
15 years ago
reg->enrollee_seen_cb = cfg->enrollee_seen_cb;
WPS: Make it possible to use PSKs loaded from the PSK file By default, when configuration file set wpa_psk_file, hostapd generated a random PSK for each Enrollee provisioned using WPS and appended that PSK to wpa_psk_file. Changes that behavior by adding a new step. WPS will first try to use a PSK from wpa_psk_file. It will only try PSKs with wps=1 tag. Additionally it'll try to match enrollee's MAC address (if provided). If it fails to find an appropriate PSK, it falls back to generating a new PSK. Signed-off-by: Tomasz Jankowski <tomasz.jankowski@plume.com>
4 years ago
reg->lookup_pskfile_cb = cfg->lookup_pskfile_cb;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
reg->cb_ctx = cfg->cb_ctx;
Added an option to add (or override) Credential attribute(s) in M8
16 years ago
reg->skip_cred_build = cfg->skip_cred_build;
if (cfg->extra_cred) {
reg->extra_cred = wpabuf_alloc_copy(cfg->extra_cred,
cfg->extra_cred_len);
if (reg->extra_cred == NULL) {
os_free(reg);
return NULL;
}
}
WPS: Added option to disable AP auto-config on first registration This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state.
16 years ago
reg->disable_auto_conf = cfg->disable_auto_conf;
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
reg->sel_reg_dev_password_id_override = -1;
WPS: Set correct Selected Registrar Config Methods attribute I tried PBC with the hostapd registrar. I pushed the button with "hostap_cli WPS_PBC". But hostapd registrar always sends Selected Registrar Config Methods attribute=0x0000 in beacon/probe response.
16 years ago
reg->sel_reg_config_methods_override = -1;
WPS: Fix Beacon WPS IE on concurrent dualband AP in PBC mode The Beacon frame must include UUID-E and RF Bands attributes when in active PBC mode to allow stations to figure out that two BSSes in PBC mode is not a PBC session overlap.
14 years ago
reg->dualband = cfg->dualband;
P2P: Allow per-device PSK to be assigned "wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable use of per-device PSKs in P2P groups. This is disabled by default. When enabled, a default passphrase is still generated by the GO for legacy stations, but all P2P and non-P2P devices using WPS will get a unique PSK. This gives more protection for the P2P group by preventing clients from being able to derive the unicast keys used by other clients. This is also a step towards allowing specific clients to be removed from a group reliably without having to tear down the full group to do so. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
reg->force_per_enrollee_psk = cfg->force_per_enrollee_psk;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
Multi-AP: Avoid memcpy(ptr, NULL, 0) in WPS Registrar initialization This can result in compiler warnings due to the unexpected NULL pointer as a source memory even when the length of the copied data is 0. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
if (cfg->multi_ap_backhaul_ssid) {
os_memcpy(reg->multi_ap_backhaul_ssid,
cfg->multi_ap_backhaul_ssid,
cfg->multi_ap_backhaul_ssid_len);
reg->multi_ap_backhaul_ssid_len =
cfg->multi_ap_backhaul_ssid_len;
}
hostapd: Support Multi-AP backhaul STA onboarding with WPS The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the WPS Registrar offers a different set of credentials (backhaul credentials instead of fronthaul credentials) when the Multi-AP subelement is present in the WFA vendor extension element of the WSC M1 message. Add new configuration options to specify the backhaul credentials for the hostapd internal registrar: multi_ap_backhaul_ssid, multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or 3. When these options are set, pass the backhaul credentials instead of the normal credentials when the Multi-AP subelement is present. Ignore the Multi-AP subelement if the backhaul config options are not set. Note that for an SSID which is fronthaul and backhaul at the same time (i.e., multi_ap == 3), this results in the correct credentials being sent anyway. The security to be used for the backaul BSS is fixed to WPA2PSK. The Multi-AP Specification only allows Open and WPA2PSK networks to be configured. Although not stated explicitly, the backhaul link is intended to be always encrypted, hence WPA2PSK. To build the credentials, the credential-building code is essentially copied and simplified. Indeed, the backhaul credentials are always WPA2PSK and never use per-device PSK. All the options set for the fronthaul BSS WPS are simply ignored. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
5 years ago
if (cfg->multi_ap_backhaul_network_key) {
reg->multi_ap_backhaul_network_key =
os_memdup(cfg->multi_ap_backhaul_network_key,
cfg->multi_ap_backhaul_network_key_len);
if (reg->multi_ap_backhaul_network_key)
reg->multi_ap_backhaul_network_key_len =
cfg->multi_ap_backhaul_network_key_len;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps_set_ie(reg)) {
wps_registrar_deinit(reg);
return NULL;
}
return reg;
}
Flush WPS registrar state on wpa_supplicant FLUSH command This helps hwsim test cases by avoiding undesired state from previously executed test cases affecting following tests. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
void wps_registrar_flush(struct wps_registrar *reg)
{
if (reg == NULL)
return;
wps_free_pins(&reg->pins);
wps_free_nfc_pw_tokens(&reg->nfc_pw_tokens, 0);
wps_free_pbc_sessions(reg->pbc_sessions);
reg->pbc_sessions = NULL;
wps_free_devices(reg->devices);
reg->devices = NULL;
#ifdef WPS_WORKAROUNDS
reg->pbc_ignore_start.sec = 0;
#endif /* WPS_WORKAROUNDS */
}
Added Doxygen documentation for WPS code
16 years ago
/**
* wps_registrar_deinit - Deinitialize WPS Registrar data
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
* @reg: Registrar data from wps_registrar_init()
Added Doxygen documentation for WPS code
16 years ago
*/
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
void wps_registrar_deinit(struct wps_registrar *reg)
{
if (reg == NULL)
return;
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
Flush WPS registrar state on wpa_supplicant FLUSH command This helps hwsim test cases by avoiding undesired state from previously executed test cases affecting following tests. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
wps_registrar_flush(reg);
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(reg->extra_cred);
hostapd: Support Multi-AP backhaul STA onboarding with WPS The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the WPS Registrar offers a different set of credentials (backhaul credentials instead of fronthaul credentials) when the Multi-AP subelement is present in the WFA vendor extension element of the WSC M1 message. Add new configuration options to specify the backhaul credentials for the hostapd internal registrar: multi_ap_backhaul_ssid, multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or 3. When these options are set, pass the backhaul credentials instead of the normal credentials when the Multi-AP subelement is present. Ignore the Multi-AP subelement if the backhaul config options are not set. Note that for an SSID which is fronthaul and backhaul at the same time (i.e., multi_ap == 3), this results in the correct credentials being sent anyway. The security to be used for the backaul BSS is fixed to WPA2PSK. The Multi-AP Specification only allows Open and WPA2PSK networks to be configured. Although not stated explicitly, the backhaul link is intended to be always encrypted, hence WPA2PSK. To build the credentials, the credential-building code is essentially copied and simplified. Indeed, the backhaul credentials are always WPA2PSK and never use per-device PSK. All the options set for the fronthaul BSS WPS are simply ignored. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
5 years ago
bin_clear_free(reg->multi_ap_backhaul_network_key,
reg->multi_ap_backhaul_network_key_len);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
os_free(reg);
}
WPS: Limit number of active wildcard PINs to one Previously, WPS Registrar allowed multiple wildcard PINs to be configured. This can get confusing since these PINs get assigned to any Enrollee that does not have a specific PIN and as such, cannot really be used with different PIN values in reasonable ways. To avoid confusion with multiple enabled PINs, invalidate any previously configured wildcard PIN whenever adding a new one. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static void wps_registrar_invalidate_unused(struct wps_registrar *reg)
{
struct wps_uuid_pin *pin;
dl_list_for_each(pin, &reg->pins, struct wps_uuid_pin, list) {
if (pin->wildcard_uuid == 1 && !(pin->flags & PIN_LOCKED)) {
wpa_printf(MSG_DEBUG, "WPS: Invalidate previously "
"configured wildcard PIN");
wps_registrar_remove_pin(reg, pin);
break;
}
}
}
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
/**
* wps_registrar_add_pin - Configure a new PIN for Registrar
* @reg: Registrar data from wps_registrar_init()
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
* @addr: Enrollee MAC address or %NULL if not known
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
* @uuid: UUID-E or %NULL for wildcard (any UUID)
* @pin: PIN (Device Password)
* @pin_len: Length of pin in octets
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
* @timeout: Time (in seconds) when the PIN will be invalidated; 0 = no timeout
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
* Returns: 0 on success, -1 on failure
*/
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
int wps_registrar_add_pin(struct wps_registrar *reg, const u8 *addr,
const u8 *uuid, const u8 *pin, size_t pin_len,
int timeout)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
struct wps_uuid_pin *p;
p = os_zalloc(sizeof(*p));
if (p == NULL)
return -1;
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
if (addr)
os_memcpy(p->enrollee_addr, addr, ETH_ALEN);
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
if (uuid == NULL)
p->wildcard_uuid = 1;
else
os_memcpy(p->uuid, uuid, WPS_UUID_LEN);
Use os_memdup() This leads to cleaner code overall, and also reduces the size of the hostapd and wpa_supplicant binaries (in hwsim test build on x86_64) by about 2.5 and 3.5KiB respectively. The mechanical conversions all over the code were done with the following spatch: @@ expression SIZE, SRC; expression a; @@ -a = os_malloc(SIZE); +a = os_memdup(SRC, SIZE); <... if (!a) {...} ...> -os_memcpy(a, SRC, SIZE); Signed-off-by: Johannes Berg <johannes.berg@intel.com>
7 years ago
p->pin = os_memdup(pin, pin_len);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (p->pin == NULL) {
os_free(p);
return -1;
}
p->pin_len = pin_len;
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
if (timeout) {
p->flags |= PIN_EXPIRES;
wps_registrar: Use monotonic time for PIN timeout If the PIN expires, then a timeout is given, so that monotonic time should be used. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
os_get_reltime(&p->expiration);
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
p->expiration.sec += timeout;
}
WPS: Limit number of active wildcard PINs to one Previously, WPS Registrar allowed multiple wildcard PINs to be configured. This can get confusing since these PINs get assigned to any Enrollee that does not have a specific PIN and as such, cannot really be used with different PIN values in reasonable ways. To avoid confusion with multiple enabled PINs, invalidate any previously configured wildcard PIN whenever adding a new one. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (p->wildcard_uuid)
wps_registrar_invalidate_unused(reg);
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
dl_list_add(&reg->pins, &p->list);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: A new PIN configured (timeout=%d)",
timeout);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_hexdump(MSG_DEBUG, "WPS: UUID", uuid, WPS_UUID_LEN);
wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: PIN", pin, pin_len);
reg->selected_registrar = 1;
reg->pbc = 0;
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
if (addr)
wps_registrar_add_authorized_mac(reg, addr);
WPS 2.0: Add wildcard AuthorizedMACs if Enrollee address is not known
14 years ago
else
wps_registrar_add_authorized_mac(
reg, (u8 *) "\xff\xff\xff\xff\xff\xff");
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_registrar_selected_registrar_changed(reg, 0);
WPS: SelectedRegistrar expiration for internal PIN registrar Though we have such a timeout when handling SetSelectedRegistrar UPnP message from an external registrar, it looks like we don't have one when the internal registrar is activated for PIN connection. Thus we set the SelectedRegistrar flag when AP is activated for PIN connection but we never reset it - not by some timeout, nor when registration succeeds. This lead to situations where AP everlastingly declare that it is activated for WPS PIN connection when in reality it is not. Use the same timeout (and also success with PIN) to clear the selected registrar flag when using internal registrar, too.
15 years ago
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
eloop_register_timeout(WPS_PBC_WALK_TIME, 0,
wps_registrar_set_selected_timeout,
reg, NULL);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
static void wps_registrar_remove_pin(struct wps_registrar *reg,
struct wps_uuid_pin *pin)
{
u8 *addr;
u8 bcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
if (is_zero_ether_addr(pin->enrollee_addr))
addr = bcast;
else
addr = pin->enrollee_addr;
wps_registrar_remove_authorized_mac(reg, addr);
wps_remove_pin(pin);
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_registrar_selected_registrar_changed(reg, 0);
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
}
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
static void wps_registrar_expire_pins(struct wps_registrar *reg)
{
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
struct wps_uuid_pin *pin, *prev;
wps_registrar: Use monotonic time for PIN timeout If the PIN expires, then a timeout is given, so that monotonic time should be used. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
struct os_reltime now;
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
wps_registrar: Use monotonic time for PIN timeout If the PIN expires, then a timeout is given, so that monotonic time should be used. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
os_get_reltime(&now);
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
dl_list_for_each_safe(pin, prev, &reg->pins, struct wps_uuid_pin, list)
{
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
if ((pin->flags & PIN_EXPIRES) &&
wps_registrar: Use monotonic time for PIN timeout If the PIN expires, then a timeout is given, so that monotonic time should be used. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
os_reltime_before(&pin->expiration, &now)) {
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
wpa_hexdump(MSG_DEBUG, "WPS: Expired PIN for UUID",
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
pin->uuid, WPS_UUID_LEN);
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
wps_registrar_remove_pin(reg, pin);
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
}
}
}
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
/**
* wps_registrar_invalidate_wildcard_pin - Invalidate a wildcard PIN
* @reg: Registrar data from wps_registrar_init()
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
* @dev_pw: PIN to search for or %NULL to match any
* @dev_pw_len: Length of dev_pw in octets
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
* Returns: 0 on success, -1 if not wildcard PIN is enabled
*/
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static int wps_registrar_invalidate_wildcard_pin(struct wps_registrar *reg,
const u8 *dev_pw,
size_t dev_pw_len)
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
{
struct wps_uuid_pin *pin, *prev;
dl_list_for_each_safe(pin, prev, &reg->pins, struct wps_uuid_pin, list)
{
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (dev_pw && pin->pin &&
(dev_pw_len != pin->pin_len ||
WPS: Use os_memcmp_const() for hash/password comparisons This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
os_memcmp_const(dev_pw, pin->pin, dev_pw_len) != 0))
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
continue; /* different PIN */
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
if (pin->wildcard_uuid) {
wpa_hexdump(MSG_DEBUG, "WPS: Invalidated PIN for UUID",
pin->uuid, WPS_UUID_LEN);
wps_registrar_remove_pin(reg, pin);
return 0;
}
}
return -1;
}
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
/**
* wps_registrar_invalidate_pin - Invalidate a PIN for a specific UUID-E
* @reg: Registrar data from wps_registrar_init()
* @uuid: UUID-E
* Returns: 0 on success, -1 on failure (e.g., PIN not found)
*/
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
int wps_registrar_invalidate_pin(struct wps_registrar *reg, const u8 *uuid)
{
struct wps_uuid_pin *pin, *prev;
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
dl_list_for_each_safe(pin, prev, &reg->pins, struct wps_uuid_pin, list)
{
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
wpa_hexdump(MSG_DEBUG, "WPS: Invalidated PIN for UUID",
pin->uuid, WPS_UUID_LEN);
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
wps_registrar_remove_pin(reg, pin);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
}
return -1;
}
static const u8 * wps_registrar_get_pin(struct wps_registrar *reg,
const u8 *uuid, size_t *pin_len)
{
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
struct wps_uuid_pin *pin, *found = NULL;
WPS: Do not increment wildcard_uuid when pin is locked Commit 84751b98c151f70c322b6b7f70d967400e147852 ('WPS: Allow wildcard UUID PIN to be used twice') relaxed the constraints on how many time a wildcard PIN can be used to allow two attempts. However, it did this in a way that could result in concurrent attempts resulting in the wildcard PIN being invalidated even without the second attempt actually going as far as trying to use the PIN and a WPS protocol run. wildcard_uuid is a flag/counter set for wildcard PINs and it is incremented whenever the PIN is retrieved by wps_registrar_get_pin(). Eventually it causes the wildcard PIN to be released, effectively limiting the number of registration attempts with a wildcard PIN. With the previous implementation, when the PIN is in use and locked (PIN_LOCKED), it is not returned from wps_registrar_get_pin() but wildcard_uuid is still incremented which can cause the PIN to be released earlier and stations will have fewer registration attempts with it. Fix this scenario by only incrementing wildcard_uuid if the PIN is actually going to be returned and used. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
7 years ago
int wildcard = 0;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
wps_registrar_expire_pins(reg);
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
dl_list_for_each(pin, &reg->pins, struct wps_uuid_pin, list) {
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
if (!pin->wildcard_uuid &&
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
found = pin;
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
break;
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
}
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
}
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
if (!found) {
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
/* Check for wildcard UUIDs since none of the UUID-specific
* PINs matched */
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
dl_list_for_each(pin, &reg->pins, struct wps_uuid_pin, list) {
WPS: Allow wildcard UUID PIN to be used twice Previously, PINs that are added with a wildcard UUID were allowed to be used only by a single Enrollee. However, there may be more than one Enrollee trying to connect when an AP indicates that active Registrar is present. As a minimal workaround, allow two Enrollees to try to use the wildcard PIN. More complete extension could use timeout and allow larger set of Enrollees to try to connect (while still keeping in mind PIN disabling requirement after 10 failed attempts). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
if (pin->wildcard_uuid == 1 ||
pin->wildcard_uuid == 2) {
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Found a wildcard "
"PIN. Assigned it for this UUID-E");
WPS: Do not increment wildcard_uuid when pin is locked Commit 84751b98c151f70c322b6b7f70d967400e147852 ('WPS: Allow wildcard UUID PIN to be used twice') relaxed the constraints on how many time a wildcard PIN can be used to allow two attempts. However, it did this in a way that could result in concurrent attempts resulting in the wildcard PIN being invalidated even without the second attempt actually going as far as trying to use the PIN and a WPS protocol run. wildcard_uuid is a flag/counter set for wildcard PINs and it is incremented whenever the PIN is retrieved by wps_registrar_get_pin(). Eventually it causes the wildcard PIN to be released, effectively limiting the number of registration attempts with a wildcard PIN. With the previous implementation, when the PIN is in use and locked (PIN_LOCKED), it is not returned from wps_registrar_get_pin() but wildcard_uuid is still incremented which can cause the PIN to be released earlier and stations will have fewer registration attempts with it. Fix this scenario by only incrementing wildcard_uuid if the PIN is actually going to be returned and used. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
7 years ago
wildcard = 1;
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
os_memcpy(pin->uuid, uuid, WPS_UUID_LEN);
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
found = pin;
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
break;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
}
}
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
if (!found)
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
return NULL;
/*
* Lock the PIN to avoid attacks based on concurrent re-use of the PIN
* that could otherwise avoid PIN invalidations.
*/
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
if (found->flags & PIN_LOCKED) {
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Selected PIN locked - do not "
"allow concurrent re-use");
return NULL;
}
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
*pin_len = found->pin_len;
found->flags |= PIN_LOCKED;
WPS: Do not increment wildcard_uuid when pin is locked Commit 84751b98c151f70c322b6b7f70d967400e147852 ('WPS: Allow wildcard UUID PIN to be used twice') relaxed the constraints on how many time a wildcard PIN can be used to allow two attempts. However, it did this in a way that could result in concurrent attempts resulting in the wildcard PIN being invalidated even without the second attempt actually going as far as trying to use the PIN and a WPS protocol run. wildcard_uuid is a flag/counter set for wildcard PINs and it is incremented whenever the PIN is retrieved by wps_registrar_get_pin(). Eventually it causes the wildcard PIN to be released, effectively limiting the number of registration attempts with a wildcard PIN. With the previous implementation, when the PIN is in use and locked (PIN_LOCKED), it is not returned from wps_registrar_get_pin() but wildcard_uuid is still incremented which can cause the PIN to be released earlier and stations will have fewer registration attempts with it. Fix this scenario by only incrementing wildcard_uuid if the PIN is actually going to be returned and used. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
7 years ago
if (wildcard)
found->wildcard_uuid++;
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
return found->pin;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
/**
* wps_registrar_unlock_pin - Unlock a PIN for a specific UUID-E
* @reg: Registrar data from wps_registrar_init()
* @uuid: UUID-E
* Returns: 0 on success, -1 on failure
*
* PINs are locked to enforce only one concurrent use. This function unlocks a
* PIN to allow it to be used again. If the specified PIN was configured using
* a wildcard UUID, it will be removed instead of allowing multiple uses.
*/
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
int wps_registrar_unlock_pin(struct wps_registrar *reg, const u8 *uuid)
{
struct wps_uuid_pin *pin;
WPS: Convert Registrar PIN list to use struct dl_list
15 years ago
dl_list_for_each(pin, &reg->pins, struct wps_uuid_pin, list) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
WPS: Allow wildcard UUID PIN to be used twice Previously, PINs that are added with a wildcard UUID were allowed to be used only by a single Enrollee. However, there may be more than one Enrollee trying to connect when an AP indicates that active Registrar is present. As a minimal workaround, allow two Enrollees to try to use the wildcard PIN. More complete extension could use timeout and allow larger set of Enrollees to try to connect (while still keeping in mind PIN disabling requirement after 10 failed attempts). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
if (pin->wildcard_uuid == 3) {
WPS: Added support for wildcard PINs that work with any UUID-E Since the Registrar may not yet know the UUID-E when a new PIN is entered, use of a wildcard PIN that works with any UUID-E can be useful. Such a PIN will be bound to the first Enrollee trying to use it and it will be invalidated after the first use.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Invalidating used "
"wildcard PIN");
return wps_registrar_invalidate_pin(reg, uuid);
}
WPS: Add support for setting timeout for PIN hostapd_cli wps_pin command can now have an optional timeout parameter that sets the PIN lifetime in seconds. This can be used to reduce the likelihood of someone else using the PIN should an active PIN be left in the Registrar.
15 years ago
pin->flags &= ~PIN_LOCKED;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
}
return -1;
}
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
static void wps_registrar_stop_pbc(struct wps_registrar *reg)
{
reg->selected_registrar = 0;
reg->pbc = 0;
P2P: Allow WPS_PBC command on GO to select on P2P Device Address An optional parameter, p2p_dev_addr, can now be given to WPS_PBC command on P2P GO to indicate that only the P2P device with the specified P2P Device Address is allowed to connect using PBC. If any other device tries to use PBC, a session overlap is indicated and the negotiation is rejected with M2D. The command format for specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g., WPS_PBC p2p_dev_addr=02:03:04:05:06:07 In addition, show the PBC session overlap indication as a WPS failure event on an AP/GO interface. This particular new case shows up as "WPS-FAIL msg=4 config_error=12".
14 years ago
os_memset(reg->p2p_dev_addr, 0, ETH_ALEN);
WPS: Add wildcard AuthorizedMACs entry for PBC
14 years ago
wps_registrar_remove_authorized_mac(reg,
(u8 *) "\xff\xff\xff\xff\xff\xff");
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_registrar_selected_registrar_changed(reg, 0);
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
static void wps_registrar_pbc_timeout(void *eloop_ctx, void *timeout_ctx)
{
struct wps_registrar *reg = eloop_ctx;
wpa_printf(MSG_DEBUG, "WPS: PBC timed out - disable PBC mode");
WPS: Add PBC overlap and timeout events from WPS module This provides information about PBC mode result from the WPS Registrar module. This could be used, e.g., to provide a user notification on the AP UI on PBC failures.
15 years ago
wps_pbc_timeout_event(reg->wps);
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
wps_registrar_stop_pbc(reg);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
/**
* wps_registrar_button_pushed - Notify Registrar that AP button was pushed
* @reg: Registrar data from wps_registrar_init()
P2P: Allow WPS_PBC command on GO to select on P2P Device Address An optional parameter, p2p_dev_addr, can now be given to WPS_PBC command on P2P GO to indicate that only the P2P device with the specified P2P Device Address is allowed to connect using PBC. If any other device tries to use PBC, a session overlap is indicated and the negotiation is rejected with M2D. The command format for specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g., WPS_PBC p2p_dev_addr=02:03:04:05:06:07 In addition, show the PBC session overlap indication as a WPS failure event on an AP/GO interface. This particular new case shows up as "WPS-FAIL msg=4 config_error=12".
14 years ago
* @p2p_dev_addr: Limit allowed PBC devices to the specified P2P device, %NULL
* indicates no such filtering
WPS: Indicate PBC session overlap in wps_pbc return value Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason for rejecting a wps_pbc command in wpa_supplicant AP mode if the PBC mode cannot be started due to PBC session overlap having been detected during monitor time.
13 years ago
* Returns: 0 on success, -1 on failure, -2 on session overlap
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
*
* This function is called on an AP when a push button is pushed to activate
* PBC mode. The PBC mode will be stopped after walk time (2 minutes) timeout
WPS: Indicate PBC session overlap in wps_pbc return value Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason for rejecting a wps_pbc command in wpa_supplicant AP mode if the PBC mode cannot be started due to PBC session overlap having been detected during monitor time.
13 years ago
* or when a PBC registration is completed. If more than one Enrollee in active
* PBC mode has been detected during the monitor time (previous 2 minutes), the
Fix typos found by codespell Signed-off-by: Pavel Roskin <proski@gnu.org>
13 years ago
* PBC mode is not activated and -2 is returned to indicate session overlap.
* This is skipped if a specific Enrollee is selected.
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
*/
P2P: Allow WPS_PBC command on GO to select on P2P Device Address An optional parameter, p2p_dev_addr, can now be given to WPS_PBC command on P2P GO to indicate that only the P2P device with the specified P2P Device Address is allowed to connect using PBC. If any other device tries to use PBC, a session overlap is indicated and the negotiation is rejected with M2D. The command format for specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g., WPS_PBC p2p_dev_addr=02:03:04:05:06:07 In addition, show the PBC session overlap indication as a WPS failure event on an AP/GO interface. This particular new case shows up as "WPS-FAIL msg=4 config_error=12".
14 years ago
int wps_registrar_button_pushed(struct wps_registrar *reg,
const u8 *p2p_dev_addr)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
WPS: Ignore PBC session overlap if a specific Enrollee is selected This allows the user to complete WPS provisioning using PBC by selected a specific Enrollee even if there are other Enrollees in active PBC mode at the same time. The other Enrollees will be rejected should they try to connect at the same time.
13 years ago
if (p2p_dev_addr == NULL &&
wps_registrar_pbc_overlap(reg, NULL, NULL)) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: PBC overlap - do not start PBC "
"mode");
WPS: Add PBC overlap and timeout events from WPS module This provides information about PBC mode result from the WPS Registrar module. This could be used, e.g., to provide a user notification on the AP UI on PBC failures.
15 years ago
wps_pbc_overlap_event(reg->wps);
WPS: Indicate PBC session overlap in wps_pbc return value Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason for rejecting a wps_pbc command in wpa_supplicant AP mode if the PBC mode cannot be started due to PBC session overlap having been detected during monitor time.
13 years ago
return -2;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
wpa_printf(MSG_DEBUG, "WPS: Button pushed - PBC mode started");
WPS: Abort ongoing PBC protocol run if session overlap is detected If PBC session overlap is detected during an ongoing PBC protocol run, reject the run (if M8, i.e., credentials, have not yet been sent). This provides a bit longer monitoring time at the Registrar for PBC mode to catch some cases where two Enrollees in PBC mode try to enroll credentials at about the same time.
15 years ago
reg->force_pbc_overlap = 0;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
reg->selected_registrar = 1;
reg->pbc = 1;
P2P: Allow WPS_PBC command on GO to select on P2P Device Address An optional parameter, p2p_dev_addr, can now be given to WPS_PBC command on P2P GO to indicate that only the P2P device with the specified P2P Device Address is allowed to connect using PBC. If any other device tries to use PBC, a session overlap is indicated and the negotiation is rejected with M2D. The command format for specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g., WPS_PBC p2p_dev_addr=02:03:04:05:06:07 In addition, show the PBC session overlap indication as a WPS failure event on an AP/GO interface. This particular new case shows up as "WPS-FAIL msg=4 config_error=12".
14 years ago
if (p2p_dev_addr)
os_memcpy(reg->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
else
os_memset(reg->p2p_dev_addr, 0, ETH_ALEN);
WPS: Add wildcard AuthorizedMACs entry for PBC
14 years ago
wps_registrar_add_authorized_mac(reg,
(u8 *) "\xff\xff\xff\xff\xff\xff");
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_registrar_selected_registrar_changed(reg, 0);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Add PBC mode activated/disabled events This makes it easier to track PBC state on the registrar. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_pbc_active_event(reg->wps);
WPS ER: Make sure PIN timeout does not interrupt PBC operation We need to clear the selected registrar timeout from wps_er_learn when stopping the protocol run at M7 (previously, this was done only when WSC_Done was being processed). In addition, we need to cancel the timeout when a new PBC operation is started.
14 years ago
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wps_registrar_pbc_timeout,
reg, NULL);
return 0;
}
static void wps_registrar_pbc_completed(struct wps_registrar *reg)
{
wpa_printf(MSG_DEBUG, "WPS: PBC completed - stopping PBC mode");
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
wps_registrar_stop_pbc(reg);
WPS: Add PBC mode activated/disabled events This makes it easier to track PBC state on the registrar. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_pbc_disable_event(reg->wps);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
WPS: SelectedRegistrar expiration for internal PIN registrar Though we have such a timeout when handling SetSelectedRegistrar UPnP message from an external registrar, it looks like we don't have one when the internal registrar is activated for PIN connection. Thus we set the SelectedRegistrar flag when AP is activated for PIN connection but we never reset it - not by some timeout, nor when registration succeeds. This lead to situations where AP everlastingly declare that it is activated for WPS PIN connection when in reality it is not. Use the same timeout (and also success with PIN) to clear the selected registrar flag when using internal registrar, too.
15 years ago
static void wps_registrar_pin_completed(struct wps_registrar *reg)
{
wpa_printf(MSG_DEBUG, "WPS: PIN completed using internal Registrar");
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
reg->selected_registrar = 0;
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_registrar_selected_registrar_changed(reg, 0);
WPS: SelectedRegistrar expiration for internal PIN registrar Though we have such a timeout when handling SetSelectedRegistrar UPnP message from an external registrar, it looks like we don't have one when the internal registrar is activated for PIN connection. Thus we set the SelectedRegistrar flag when AP is activated for PIN connection but we never reset it - not by some timeout, nor when registration succeeds. This lead to situations where AP everlastingly declare that it is activated for WPS PIN connection when in reality it is not. Use the same timeout (and also success with PIN) to clear the selected registrar flag when using internal registrar, too.
15 years ago
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
void wps_registrar_complete(struct wps_registrar *registrar, const u8 *uuid_e,
const u8 *dev_pw, size_t dev_pw_len)
WPS: Fix stopping of active WPS operation on dual concurrent AP When hostapd controls multiple radios, WPS operations are started on all interfaces. However, when the provisioning run had been completed successfully, actiove WPS mode was stopped only a single interface. Fix this to iterate through all interfaces so that this is handled consistently with the starting of WPS operation. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
{
if (registrar->pbc) {
wps_registrar_remove_pbc_session(registrar,
Skip WPS PBC overlap detection if P2P address is the same WPS overlap detection can detect false overlap if a P2P peer changes UUID while authentication is ongoing. Changing UUID is of course wrong but this is what some popular devices do so we need to work around it in order to keep compatibility with these devices. There already is a mechanism in WPS registrar to skip overlap detection if P2P addresses of two sessions match but it wasn't really triggered because the address wasn't filled in in the caller function. Let's fill in this address and also clean up WPS PBC sessions on WSC process completion if UUID was changed. Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
13 years ago
uuid_e, NULL);
WPS: Fix stopping of active WPS operation on dual concurrent AP When hostapd controls multiple radios, WPS operations are started on all interfaces. However, when the provisioning run had been completed successfully, actiove WPS mode was stopped only a single interface. Fix this to iterate through all interfaces so that this is handled consistently with the starting of WPS operation. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
wps_registrar_pbc_completed(registrar);
wps_registrar: Use monotonic time for PBC workaround The PBC ignore-start workaround just needs to check whether the time is within 5 seconds, so should use monotonic time. While at it, add a few more ifdefs to clearly separate the code and variables needed. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
#ifdef WPS_WORKAROUNDS
os_get_reltime(&registrar->pbc_ignore_start);
#endif /* WPS_WORKAROUNDS */
WPS: Add a workaround for PBC session overlap detection Some deployed station implementations implement WPS incorrectly and end up causing PBC session overlap issues by indicating active PBC mode in a scan after the WPS provisioning step. Work around this by ignoring active PBC indication in a Probe Request from a station that completed PBC provisioning during the last five seconds. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
os_memcpy(registrar->pbc_ignore_uuid, uuid_e, WPS_UUID_LEN);
WPS: Fix stopping of active WPS operation on dual concurrent AP When hostapd controls multiple radios, WPS operations are started on all interfaces. However, when the provisioning run had been completed successfully, actiove WPS mode was stopped only a single interface. Fix this to iterate through all interfaces so that this is handled consistently with the starting of WPS operation. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
} else {
wps_registrar_pin_completed(registrar);
}
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (dev_pw &&
wps_registrar_invalidate_wildcard_pin(registrar, dev_pw,
dev_pw_len) == 0) {
wpa_hexdump_key(MSG_DEBUG, "WPS: Invalidated wildcard PIN",
dev_pw, dev_pw_len);
}
WPS: Fix stopping of active WPS operation on dual concurrent AP When hostapd controls multiple radios, WPS operations are started on all interfaces. However, when the provisioning run had been completed successfully, actiove WPS mode was stopped only a single interface. Fix this to iterate through all interfaces so that this is handled consistently with the starting of WPS operation. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
}
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
int wps_registrar_wps_cancel(struct wps_registrar *reg)
{
if (reg->pbc) {
wpa_printf(MSG_DEBUG, "WPS: PBC is set - cancelling it");
wps_registrar_pbc_timeout(reg, NULL);
WPS: Cancel previous registered wps_registrar_pbc_timeout Since wps_registrar_pbc_timeout is called to stop PBC, previously registered wps_registrar_pbc_timeout must be canceled when canceling the WPS operation. Signed-off-by: Spencer Chang <jungwalk@gmail.com>
13 years ago
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
return 1;
} else if (reg->selected_registrar) {
/* PIN Method */
wpa_printf(MSG_DEBUG, "WPS: PIN is set - cancelling it");
wps_registrar_pin_completed(reg);
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
wps_registrar_invalidate_wildcard_pin(reg, NULL, 0);
WPS: Allow pending WPS operation to be cancelled A new ctrl_interface command, WPS_CANCEL, can now be used to cancel a pending or ongoing WPS operation. For now, this is only available with wpa_supplicant (either in station or AP mode). Similar functionality should be added for hostapd, too.
14 years ago
return 1;
}
return 0;
}
Completed Doxygen documentation for functions declared in wps/wps.h
16 years ago
/**
* wps_registrar_probe_req_rx - Notify Registrar of Probe Request
* @reg: Registrar data from wps_registrar_init()
* @addr: MAC address of the Probe Request sender
* @wps_data: WPS IE contents
*
* This function is called on an AP when a Probe Request with WPS IE is
* received. This is used to track PBC mode use and to detect possible overlap
* situation with other WPS APs.
*/
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr,
P2P: Do no process Probe Request with P2P wildcard SSID in WPS The Probe Request frames used in P2P Device Discovery should not be processed by the WPS implementation.
14 years ago
const struct wpabuf *wps_data,
int p2p_wildcard)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
struct wps_parse_attr attr;
WPS: Add a workaround for PBC session overlap detection Some deployed station implementations implement WPS incorrectly and end up causing PBC session overlap issues by indicating active PBC mode in a scan after the WPS provisioning step. Work around this by ignoring active PBC indication in a Probe Request from a station that completed PBC provisioning during the last five seconds. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
int skip_add = 0;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_hexdump_buf(MSG_MSGDUMP,
"WPS: Probe Request with WPS data received",
wps_data);
WPS: Moved Version attribute validation into a shared function
16 years ago
if (wps_parse_msg(wps_data, &attr) < 0)
return;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (attr.config_methods == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Config Methods attribute in "
"Probe Request");
return;
}
WPS: Fix PBC session overlap detection to use Device Password Id Active PBC mode is indicated by Device Password Id == 4, not Config Methods attribute.
14 years ago
if (attr.dev_password_id == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Device Password Id attribute "
"in Probe Request");
return;
}
if (reg->enrollee_seen_cb && attr.uuid_e &&
P2P: Do no process Probe Request with P2P wildcard SSID in WPS The Probe Request frames used in P2P Device Discovery should not be processed by the WPS implementation.
14 years ago
attr.primary_dev_type && attr.request_type && !p2p_wildcard) {
WPS: Add Enrollee-seen event message and wpa_gui-qt4 Peers entry This can be used to show active Enrollees in AP mode to make it easier to provision a new device.
15 years ago
char *dev_name = NULL;
if (attr.dev_name) {
dev_name = os_zalloc(attr.dev_name_len + 1);
if (dev_name) {
os_memcpy(dev_name, attr.dev_name,
attr.dev_name_len);
}
}
reg->enrollee_seen_cb(reg->cb_ctx, addr, attr.uuid_e,
attr.primary_dev_type,
WPA_GET_BE16(attr.config_methods),
WPA_GET_BE16(attr.dev_password_id),
*attr.request_type, dev_name);
os_free(dev_name);
}
WPS: Fix PBC session overlap detection to use Device Password Id Active PBC mode is indicated by Device Password Id == 4, not Config Methods attribute.
14 years ago
if (WPA_GET_BE16(attr.dev_password_id) != DEV_PW_PUSHBUTTON)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return; /* Not PBC */
wpa_printf(MSG_DEBUG, "WPS: Probe Request for PBC received from "
MACSTR, MAC2STR(addr));
WPS: Fix Probe Request processing to handle missing attribute WPS IE parsing for PBC mode did not check whether the UUID-E attribute was included before dereferencing the pointer. This could result in the AP crashing when processing and invalid Probe Request frame.
15 years ago
if (attr.uuid_e == NULL) {
wpa_printf(MSG_DEBUG, "WPS: Invalid Probe Request WPS IE: No "
"UUID-E included");
return;
}
WPS: Show the received UUID-E from Probe Request in debug log This makes it easier to debug PBC session overlap issues.
13 years ago
wpa_hexdump(MSG_DEBUG, "WPS: UUID-E from Probe Request", attr.uuid_e,
WPS_UUID_LEN);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Add a workaround for PBC session overlap detection Some deployed station implementations implement WPS incorrectly and end up causing PBC session overlap issues by indicating active PBC mode in a scan after the WPS provisioning step. Work around this by ignoring active PBC indication in a Probe Request from a station that completed PBC provisioning during the last five seconds. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
#ifdef WPS_WORKAROUNDS
if (reg->pbc_ignore_start.sec &&
os_memcmp(attr.uuid_e, reg->pbc_ignore_uuid, WPS_UUID_LEN) == 0) {
wps_registrar: Use monotonic time for PBC workaround The PBC ignore-start workaround just needs to check whether the time is within 5 seconds, so should use monotonic time. While at it, add a few more ifdefs to clearly separate the code and variables needed. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
struct os_reltime now, dur;
os_get_reltime(&now);
os_reltime_sub(&now, &reg->pbc_ignore_start, &dur);
WPS: Add a workaround for PBC session overlap detection Some deployed station implementations implement WPS incorrectly and end up causing PBC session overlap issues by indicating active PBC mode in a scan after the WPS provisioning step. Work around this by ignoring active PBC indication in a Probe Request from a station that completed PBC provisioning during the last five seconds. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (dur.sec >= 0 && dur.sec < 5) {
wpa_printf(MSG_DEBUG, "WPS: Ignore PBC activation "
"based on Probe Request from the Enrollee "
"that just completed PBC provisioning");
skip_add = 1;
} else
reg->pbc_ignore_start.sec = 0;
}
#endif /* WPS_WORKAROUNDS */
if (!skip_add)
wps_registrar_add_pbc_session(reg, addr, attr.uuid_e);
WPS: Abort ongoing PBC protocol run if session overlap is detected If PBC session overlap is detected during an ongoing PBC protocol run, reject the run (if M8, i.e., credentials, have not yet been sent). This provides a bit longer monitoring time at the Registrar for PBC mode to catch some cases where two Enrollees in PBC mode try to enroll credentials at about the same time.
15 years ago
if (wps_registrar_pbc_overlap(reg, addr, attr.uuid_e)) {
wpa_printf(MSG_DEBUG, "WPS: PBC session overlap detected");
reg->force_pbc_overlap = 1;
wps_pbc_overlap_event(reg->wps);
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS: Extend per-station PSK to support ER case as well When wpa_psk_file is used instead of wpa_psk/wpa_passphrase, each WPS Enrollee was given a unique PSK. This did not work for the station-as-Registrar case where ER would learn the current AP settings instead of enrolling itself (i.e., when using the AP PIN instead of station PIN). That case can be covered with a similar design, so generate a per-device PSK when building M7 as an AP in wpa_psk_file configuration. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
int wps_cb_new_psk(struct wps_registrar *reg, const u8 *mac_addr,
const u8 *p2p_dev_addr, const u8 *psk, size_t psk_len)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
if (reg->new_psk_cb == NULL)
return 0;
P2P: Store P2P Device Address in per-device PSK records This makes the P2P Device Address of the Enrollee available with the PSK records to allow P2P Device Address instead of P2P Interface Address to be used for finding the correct PSK. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
return reg->new_psk_cb(reg->cb_ctx, mac_addr, p2p_dev_addr, psk,
psk_len);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
static void wps_cb_pin_needed(struct wps_registrar *reg, const u8 *uuid_e,
const struct wps_device_data *dev)
{
if (reg->pin_needed_cb == NULL)
return;
reg->pin_needed_cb(reg->cb_ctx, uuid_e, dev);
}
WPS: Added option to disable AP auto-config on first registration This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state.
16 years ago
static void wps_cb_reg_success(struct wps_registrar *reg, const u8 *mac_addr,
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
const u8 *uuid_e, const u8 *dev_pw,
size_t dev_pw_len)
WPS: Added option to disable AP auto-config on first registration This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state.
16 years ago
{
if (reg->reg_success_cb == NULL)
return;
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
reg->reg_success_cb(reg->cb_ctx, mac_addr, uuid_e, dev_pw, dev_pw_len);
WPS: Added option to disable AP auto-config on first registration This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state.
16 years ago
}
Merge driver ops set_wps_beacon_ie and set_wps_probe_resp_ie set_ap_wps_ie() is not used to set WPS IE for both Beacon and Probe Response frames with a single call. In addition, struct wpabuf is used instead of separate u8* and length fields. This avoids duplicated allocation of the IEs and simplifies code in general.
15 years ago
static int wps_cb_set_ie(struct wps_registrar *reg, struct wpabuf *beacon_ie,
struct wpabuf *probe_resp_ie)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
Merge driver ops set_wps_beacon_ie and set_wps_probe_resp_ie set_ap_wps_ie() is not used to set WPS IE for both Beacon and Probe Response frames with a single call. In addition, struct wpabuf is used instead of separate u8* and length fields. This avoids duplicated allocation of the IEs and simplifies code in general.
15 years ago
return reg->set_ie_cb(reg->cb_ctx, beacon_ie, probe_resp_ie);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS ER: Add PIN configuration and SetSelectedRegistrar call New PINs can now be added to WPS ER. This results in the ER code using SetSelectedRegistrar to modify AP state so that Enrollees will be able to notice the actice registrar more easily.
15 years ago
static void wps_cb_set_sel_reg(struct wps_registrar *reg)
{
u16 methods = 0;
if (reg->set_sel_reg_cb == NULL)
return;
if (reg->selected_registrar) {
WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2) For now, the default build will only include WSC 1.0 support. CONFIG_WPS2=y can be used to add support for WSC 2.0.
14 years ago
methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
WPS_CONFIG_PHY_PUSHBUTTON);
WPS 2.0: Make sure PHY/VIRT flag gets set for PBC
14 years ago
if (reg->pbc)
wps_set_pushbutton(&methods, reg->wps->config_methods);
WPS ER: Add PIN configuration and SetSelectedRegistrar call New PINs can now be added to WPS ER. This results in the ER code using SetSelectedRegistrar to modify AP state so that Enrollees will be able to notice the actice registrar more easily.
15 years ago
}
WPS 2.0: Make sure PHY/VIRT flag gets set for PBC
14 years ago
wpa_printf(MSG_DEBUG, "WPS: wps_cb_set_sel_reg: sel_reg=%d "
"config_methods=0x%x pbc=%d methods=0x%x",
reg->selected_registrar, reg->wps->config_methods,
reg->pbc, methods);
WPS ER: Add PIN configuration and SetSelectedRegistrar call New PINs can now be added to WPS ER. This results in the ER code using SetSelectedRegistrar to modify AP state so that Enrollees will be able to notice the actice registrar more easily.
15 years ago
reg->set_sel_reg_cb(reg->cb_ctx, reg->selected_registrar,
reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT,
methods);
}
WPS: Make it possible to use PSKs loaded from the PSK file By default, when configuration file set wpa_psk_file, hostapd generated a random PSK for each Enrollee provisioned using WPS and appended that PSK to wpa_psk_file. Changes that behavior by adding a new step. WPS will first try to use a PSK from wpa_psk_file. It will only try PSKs with wps=1 tag. Additionally it'll try to match enrollee's MAC address (if provided). If it fails to find an appropriate PSK, it falls back to generating a new PSK. Signed-off-by: Tomasz Jankowski <tomasz.jankowski@plume.com>
4 years ago
static int wps_cp_lookup_pskfile(struct wps_registrar *reg, const u8 *mac_addr,
const u8 **psk)
{
if (!reg->lookup_pskfile_cb)
return 0;
return reg->lookup_pskfile_cb(reg->cb_ctx, mac_addr, psk);
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
static int wps_set_ie(struct wps_registrar *reg)
{
struct wpabuf *beacon;
struct wpabuf *probe;
WPS 2.0: Convert new attributes into WFA vendor extension The WSC 2.0 specification moved to use another design for the new attributes to avoid backwards compatibility issues with some deployed implementations.
14 years ago
const u8 *auth_macs;
size_t count;
WPS: Add support for adding WPS Vendor Extensions This adds the ability to add WPS vendor extensions to an AP (or GO). They will be added to the WSC IE(s) in Beacon and Probe Response frames. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
13 years ago
size_t vendor_len = 0;
int i;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Fix a memory leak if set_ie_cb() is not set Skip WPS IE building for Beacon and Probe Response frames is set_ie_cb() is not set. This fixes a memory leak and optimizes operations by not allocating memory and building the WPS IEs unnecessarily.
15 years ago
if (reg->set_ie_cb == NULL)
return 0;
WPS: Add support for adding WPS Vendor Extensions This adds the ability to add WPS vendor extensions to an AP (or GO). They will be added to the WSC IE(s) in Beacon and Probe Response frames. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
13 years ago
for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++) {
if (reg->wps->dev.vendor_ext[i]) {
vendor_len += 2 + 2;
vendor_len += wpabuf_len(reg->wps->dev.vendor_ext[i]);
}
}
beacon = wpabuf_alloc(400 + vendor_len);
probe = wpabuf_alloc(500 + vendor_len);
WPS: Share a single error handling path in wps_set_ie() Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
if (!beacon || !probe)
goto fail;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS 2.0: Convert new attributes into WFA vendor extension The WSC 2.0 specification moved to use another design for the new attributes to avoid backwards compatibility issues with some deployed implementations.
14 years ago
auth_macs = wps_authorized_macs(reg, &count);
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Build Beacon IEs");
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps_build_version(beacon) ||
wps_build_wps_state(reg->wps, beacon) ||
wps_build_ap_setup_locked(reg->wps, beacon) ||
wps_build_selected_registrar(reg, beacon) ||
wps_build_sel_reg_dev_password_id(reg, beacon) ||
wps_build_sel_reg_config_methods(reg, beacon) ||
WPS: Fix Beacon WPS IE on concurrent dualband AP in PBC mode The Beacon frame must include UUID-E and RF Bands attributes when in active PBC mode to allow stations to figure out that two BSSes in PBC mode is not a PBC session overlap.
14 years ago
wps_build_sel_pbc_reg_uuid_e(reg, beacon) ||
WPS: Set currently used RF band in RF Bands attribute According to WSC specification (Ver 2.0.2, section 8.3), RF Bands attribute should be set to the specific RF band used for the current message. Add an option to set wanted band in wps_build_rf_bands() and add a callback to get the current band from wpa_supplicant and hostapd. Signed-hostap: David Spinadel <david.spinadel@intel.com>
11 years ago
(reg->dualband && wps_build_rf_bands(&reg->wps->dev, beacon, 0)) ||
WPS: Add multi_ap_subelem to wps_build_wfa_ext() The Multi-AP specification adds a new subelement to the WFA extension element in the WPS exchange. Add an additional parameter to wps_build_wfa_ext() to add this subelement. The subelement is only added if the parameter is nonzero. Note that we don't reuse the existing MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types for WPS vendor extension remains complete. For now, all callers set the multi_ap_subelem parameter to 0. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
5 years ago
wps_build_wfa_ext(beacon, 0, auth_macs, count, 0) ||
WPS: Add application extension data to WPS IE Application Extension attribute is defined in WSC tech spec v2.07 page 104. Allow hostapd to be configured to add this extension into WPS IE in Beacon and Probe Response frames. The implementation is very similar to vendor extension. A new optional entry called "wps_application_ext" is added to hostapd config file to configure this. It enodes the payload of the Application Extension attribute in hexdump format. Signed-off-by: Veli Demirel <veli.demirel@airties.com> Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
5 years ago
wps_build_vendor_ext(&reg->wps->dev, beacon) ||
WPS: Share a single error handling path in wps_set_ie() Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
wps_build_application_ext(&reg->wps->dev, beacon))
goto fail;
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
WPS: Move P2P extension generation for WSC IE in Beacon frames This cleans up debug log by keeping the WSC IE attributes for Beacon frames before starting to build the Probe Response frame.
13 years ago
#ifdef CONFIG_P2P
if (wps_build_dev_name(&reg->wps->dev, beacon) ||
WPS: Share a single error handling path in wps_set_ie() Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
wps_build_primary_dev_type(&reg->wps->dev, beacon))
goto fail;
WPS: Move P2P extension generation for WSC IE in Beacon frames This cleans up debug log by keeping the WSC IE attributes for Beacon frames before starting to build the Probe Response frame.
13 years ago
#endif /* CONFIG_P2P */
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Build Probe Response IEs");
if (wps_build_version(probe) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_wps_state(reg->wps, probe) ||
wps_build_ap_setup_locked(reg->wps, probe) ||
wps_build_selected_registrar(reg, probe) ||
wps_build_sel_reg_dev_password_id(reg, probe) ||
wps_build_sel_reg_config_methods(reg, probe) ||
Add WPS IE into (Re)Association Response frame if WPS is used If the associating station indicates that it is intents to use WPS by including WPS IE in (Re)Association Request frame, include WPS IE in (Re)Association Response frame.
14 years ago
wps_build_resp_type(probe, reg->wps->ap ? WPS_RESP_AP :
WPS_RESP_REGISTRAR) ||
WPS: Moved ProbeReq/AssocReq WPS IE building into wps_common.c This code and the related attributes are not specific to Enrollee functionality, so wps_common.c is the correct location for them.
16 years ago
wps_build_uuid_e(probe, reg->wps->uuid) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_device_attrs(&reg->wps->dev, probe) ||
wps_build_probe_config_methods(reg, probe) ||
WPS: Set currently used RF band in RF Bands attribute According to WSC specification (Ver 2.0.2, section 8.3), RF Bands attribute should be set to the specific RF band used for the current message. Add an option to set wanted band in wps_build_rf_bands() and add a callback to get the current band from wpa_supplicant and hostapd. Signed-hostap: David Spinadel <david.spinadel@intel.com>
11 years ago
(reg->dualband && wps_build_rf_bands(&reg->wps->dev, probe, 0)) ||
WPS: Add multi_ap_subelem to wps_build_wfa_ext() The Multi-AP specification adds a new subelement to the WFA extension element in the WPS exchange. Add an additional parameter to wps_build_wfa_ext() to add this subelement. The subelement is only added if the parameter is nonzero. Note that we don't reuse the existing MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types for WPS vendor extension remains complete. For now, all callers set the multi_ap_subelem parameter to 0. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
5 years ago
wps_build_wfa_ext(probe, 0, auth_macs, count, 0) ||
WPS: Add application extension data to WPS IE Application Extension attribute is defined in WSC tech spec v2.07 page 104. Allow hostapd to be configured to add this extension into WPS IE in Beacon and Probe Response frames. The implementation is very similar to vendor extension. A new optional entry called "wps_application_ext" is added to hostapd config file to configure this. It enodes the payload of the Application Extension attribute in hexdump format. Signed-off-by: Veli Demirel <veli.demirel@airties.com> Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
5 years ago
wps_build_vendor_ext(&reg->wps->dev, probe) ||
WPS: Share a single error handling path in wps_set_ie() Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
wps_build_application_ext(&reg->wps->dev, probe))
goto fail;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
16 years ago
beacon = wps_ie_encapsulate(beacon);
probe = wps_ie_encapsulate(probe);
WPS: Share a single error handling path in wps_set_ie() Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
if (!beacon || !probe)
goto fail;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
Merge driver ops set_wps_beacon_ie and set_wps_probe_resp_ie set_ap_wps_ie() is not used to set WPS IE for both Beacon and Probe Response frames with a single call. In addition, struct wpabuf is used instead of separate u8* and length fields. This avoids duplicated allocation of the IEs and simplifies code in general.
15 years ago
return wps_cb_set_ie(reg, beacon, probe);
WPS: Share a single error handling path in wps_set_ie() Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
fail:
wpabuf_free(beacon);
wpabuf_free(probe);
return -1;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
static int wps_get_dev_password(struct wps_data *wps)
{
const u8 *pin;
Workaround number of compiler warnings with newer MinGW version
16 years ago
size_t pin_len = 0;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Clear keys/PINs explicitly Use an explicit memset call to clear any configuration parameter and dynamic data that contains private information like keys or identity. This brings in an additional layer of protection by reducing the length of time this type of private data is kept in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
bin_clear_free(wps->dev_password, wps->dev_password_len);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->dev_password = NULL;
if (wps->pbc) {
wpa_printf(MSG_DEBUG, "WPS: Use default PIN for PBC");
pin = (const u8 *) "00000000";
pin_len = 8;
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_WPS_NFC
} else if (wps->nfc_pw_token) {
WPS NFC: Update NFC connection handover design The new Device Password ID 7 is used to indicate that NFC connection handover is used with DH public key hash from both devices being exchanged over the NFC connection handover messages. This allows an abbreviated M1-M2 handshake to be used since Device Password does not need to be used when DH is authenticated with the out-of-band information (validation of the public key against the hash). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (wps->nfc_pw_token->pw_id == DEV_PW_NFC_CONNECTION_HANDOVER)
{
wpa_printf(MSG_DEBUG, "WPS: Using NFC connection "
"handover and abbreviated WPS handshake "
"without Device Password");
return 0;
}
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_printf(MSG_DEBUG, "WPS: Use OOB Device Password from NFC "
"Password Token");
pin = wps->nfc_pw_token->dev_pw;
pin_len = wps->nfc_pw_token->dev_pw_len;
P2P NFC: Enable own NFC Tag on GO Registrar When "P2P_SET nfc_tag 1" is used to enable the own NFC Tag for P2P, also enable it for any running GO interface. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
} else if (wps->dev_pw_id >= 0x10 &&
wps->wps->ap_nfc_dev_pw_id == wps->dev_pw_id &&
wps->wps->ap_nfc_dev_pw) {
wpa_printf(MSG_DEBUG, "WPS: Use OOB Device Password from own NFC Password Token");
pin = wpabuf_head(wps->wps->ap_nfc_dev_pw);
pin_len = wpabuf_len(wps->wps->ap_nfc_dev_pw);
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#endif /* CONFIG_WPS_NFC */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
} else {
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
pin = wps_registrar_get_pin(wps->wps->registrar, wps->uuid_e,
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
&pin_len);
WPS: Allow Device Password to be changed from M1 to M2 Registrar is allowed to propose another Device Password ID in M2. Make Enrollee validate Device Password ID in M2 to check if this happened. This commit adds support for changing from NFC password token to default PIN for the case where the AP is the Enrollee and has both the NFC password token and AP PIN enabled at the same time. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (pin && wps->dev_pw_id >= 0x10) {
wpa_printf(MSG_DEBUG, "WPS: No match for OOB Device "
"Password ID, but PIN found");
/*
* See whether Enrollee is willing to use PIN instead.
*/
wps->dev_pw_id = DEV_PW_DEFAULT;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
if (pin == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Device Password available for "
WPS NFC: Add more debug for NFC Password Token matching Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
"the Enrollee (context %p registrar %p)",
wps->wps, wps->wps->registrar);
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
wps_cb_pin_needed(wps->wps->registrar, wps->uuid_e,
&wps->peer_dev);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return -1;
}
Use os_memdup() This leads to cleaner code overall, and also reduces the size of the hostapd and wpa_supplicant binaries (in hwsim test build on x86_64) by about 2.5 and 3.5KiB respectively. The mechanical conversions all over the code were done with the following spatch: @@ expression SIZE, SRC; expression a; @@ -a = os_malloc(SIZE); +a = os_memdup(SRC, SIZE); <... if (!a) {...} ...> -os_memcpy(a, SRC, SIZE); Signed-off-by: Johannes Berg <johannes.berg@intel.com>
7 years ago
wps->dev_password = os_memdup(pin, pin_len);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps->dev_password == NULL)
return -1;
wps->dev_password_len = pin_len;
return 0;
}
static int wps_build_uuid_r(struct wps_data *wps, struct wpabuf *msg)
{
wpa_printf(MSG_DEBUG, "WPS: * UUID-R");
wpabuf_put_be16(msg, ATTR_UUID_R);
wpabuf_put_be16(msg, WPS_UUID_LEN);
wpabuf_put_data(msg, wps->uuid_r, WPS_UUID_LEN);
return 0;
}
static int wps_build_r_hash(struct wps_data *wps, struct wpabuf *msg)
{
u8 *hash;
const u8 *addr[4];
size_t len[4];
Annotate places depending on strong random numbers This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
14 years ago
if (random_get_bytes(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return -1;
wpa_hexdump(MSG_DEBUG, "WPS: R-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
wpa_hexdump(MSG_DEBUG, "WPS: R-S2",
wps->snonce + WPS_SECRET_NONCE_LEN, WPS_SECRET_NONCE_LEN);
if (wps->dh_pubkey_e == NULL || wps->dh_pubkey_r == NULL) {
wpa_printf(MSG_DEBUG, "WPS: DH public keys not available for "
"R-Hash derivation");
return -1;
}
wpa_printf(MSG_DEBUG, "WPS: * R-Hash1");
wpabuf_put_be16(msg, ATTR_R_HASH1);
wpabuf_put_be16(msg, SHA256_MAC_LEN);
hash = wpabuf_put(msg, SHA256_MAC_LEN);
/* R-Hash1 = HMAC_AuthKey(R-S1 || PSK1 || PK_E || PK_R) */
addr[0] = wps->snonce;
len[0] = WPS_SECRET_NONCE_LEN;
addr[1] = wps->psk1;
len[1] = WPS_PSK_LEN;
addr[2] = wpabuf_head(wps->dh_pubkey_e);
len[2] = wpabuf_len(wps->dh_pubkey_e);
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", hash, SHA256_MAC_LEN);
wpa_printf(MSG_DEBUG, "WPS: * R-Hash2");
wpabuf_put_be16(msg, ATTR_R_HASH2);
wpabuf_put_be16(msg, SHA256_MAC_LEN);
hash = wpabuf_put(msg, SHA256_MAC_LEN);
/* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
addr[1] = wps->psk2;
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", hash, SHA256_MAC_LEN);
return 0;
}
static int wps_build_r_snonce1(struct wps_data *wps, struct wpabuf *msg)
{
wpa_printf(MSG_DEBUG, "WPS: * R-SNonce1");
wpabuf_put_be16(msg, ATTR_R_SNONCE1);
wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
wpabuf_put_data(msg, wps->snonce, WPS_SECRET_NONCE_LEN);
return 0;
}
static int wps_build_r_snonce2(struct wps_data *wps, struct wpabuf *msg)
{
wpa_printf(MSG_DEBUG, "WPS: * R-SNonce2");
wpabuf_put_be16(msg, ATTR_R_SNONCE2);
wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
wpabuf_put_data(msg, wps->snonce + WPS_SECRET_NONCE_LEN,
WPS_SECRET_NONCE_LEN);
return 0;
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
static int wps_build_cred_network_idx(struct wpabuf *msg,
WPS ER: Use learnt AP settings to build credentials for an Enrollee
15 years ago
const struct wps_credential *cred)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
WPS: Add more debug details for Credential building
14 years ago
wpa_printf(MSG_DEBUG, "WPS: * Network Index (1)");
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpabuf_put_be16(msg, ATTR_NETWORK_INDEX);
wpabuf_put_be16(msg, 1);
Changed the Network Index value to 1 since that is the default value
16 years ago
wpabuf_put_u8(msg, 1);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
static int wps_build_cred_ssid(struct wpabuf *msg,
WPS ER: Use learnt AP settings to build credentials for an Enrollee
15 years ago
const struct wps_credential *cred)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
wpa_printf(MSG_DEBUG, "WPS: * SSID");
WPS: Add more debug details for Credential building
14 years ago
wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID for Credential",
cred->ssid, cred->ssid_len);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpabuf_put_be16(msg, ATTR_SSID);
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
wpabuf_put_be16(msg, cred->ssid_len);
wpabuf_put_data(msg, cred->ssid, cred->ssid_len);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
static int wps_build_cred_auth_type(struct wpabuf *msg,
WPS ER: Use learnt AP settings to build credentials for an Enrollee
15 years ago
const struct wps_credential *cred)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
wpa_printf(MSG_DEBUG, "WPS: * Authentication Type (0x%x)",
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
cred->auth_type);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpabuf_put_be16(msg, ATTR_AUTH_TYPE);
wpabuf_put_be16(msg, 2);
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
wpabuf_put_be16(msg, cred->auth_type);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
static int wps_build_cred_encr_type(struct wpabuf *msg,
WPS ER: Use learnt AP settings to build credentials for an Enrollee
15 years ago
const struct wps_credential *cred)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
wpa_printf(MSG_DEBUG, "WPS: * Encryption Type (0x%x)",
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
cred->encr_type);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpabuf_put_be16(msg, ATTR_ENCR_TYPE);
wpabuf_put_be16(msg, 2);
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
wpabuf_put_be16(msg, cred->encr_type);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
static int wps_build_cred_network_key(struct wpabuf *msg,
Resolve some sparse warnings Mainly, this is including header files to get definitions for functions which is good to verify that the parameters match. None of these are issues that would have shown as incorrect behavior of the program.
15 years ago
const struct wps_credential *cred)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
WPS: Add option for forcing Registrar to use PSK format in Credential The use_psk_key parameter can now be used to force the Registrar to use PSK format instead of ASCII passphrase when building a Credential for the Enrollee. For now, this is not enabled, but it could be enabled either based on external (to WPS) configuration or automatically set based on some WPS attribute values from the Enrollee.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: * Network Key (len=%d)",
(int) cred->key_len);
WPS: Add more debug details for Credential building
14 years ago
wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
cred->key, cred->key_len);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpabuf_put_be16(msg, ATTR_NETWORK_KEY);
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
wpabuf_put_be16(msg, cred->key_len);
wpabuf_put_data(msg, cred->key, cred->key_len);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
static int wps_build_credential(struct wpabuf *msg,
WPS ER: Use learnt AP settings to build credentials for an Enrollee
15 years ago
const struct wps_credential *cred)
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
{
if (wps_build_cred_network_idx(msg, cred) ||
wps_build_cred_ssid(msg, cred) ||
wps_build_cred_auth_type(msg, cred) ||
wps_build_cred_encr_type(msg, cred) ||
wps_build_cred_network_key(msg, cred) ||
WPS: Use generic MAC Address attribute builder Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wps_build_mac_addr(msg, cred->mac_addr))
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
return -1;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
WPS: Send AP Settings as a wrapped Credential attribute to ctrl_iface Wrap self-generated WPS credential for new AP settings and send that to control interface to provide the needed information in WPS-NEW-AP-SETTINGS for external processing.
13 years ago
int wps_build_credential_wrap(struct wpabuf *msg,
const struct wps_credential *cred)
{
struct wpabuf *wbuf;
wbuf = wpabuf_alloc(200);
if (wbuf == NULL)
return -1;
if (wps_build_credential(wbuf, cred)) {
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(wbuf);
WPS: Send AP Settings as a wrapped Credential attribute to ctrl_iface Wrap self-generated WPS credential for new AP settings and send that to control interface to provide the needed information in WPS-NEW-AP-SETTINGS for external processing.
13 years ago
return -1;
}
wpabuf_put_be16(msg, ATTR_CRED);
wpabuf_put_be16(msg, wpabuf_len(wbuf));
wpabuf_put_buf(msg, wbuf);
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(wbuf);
WPS: Send AP Settings as a wrapped Credential attribute to ctrl_iface Wrap self-generated WPS credential for new AP settings and send that to control interface to provide the needed information in WPS-NEW-AP-SETTINGS for external processing.
13 years ago
return 0;
}
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
16 years ago
int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
struct wpabuf *cred;
hostapd: Support Multi-AP backhaul STA onboarding with WPS The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the WPS Registrar offers a different set of credentials (backhaul credentials instead of fronthaul credentials) when the Multi-AP subelement is present in the WFA vendor extension element of the WSC M1 message. Add new configuration options to specify the backhaul credentials for the hostapd internal registrar: multi_ap_backhaul_ssid, multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or 3. When these options are set, pass the backhaul credentials instead of the normal credentials when the Multi-AP subelement is present. Ignore the Multi-AP subelement if the backhaul config options are not set. Note that for an SSID which is fronthaul and backhaul at the same time (i.e., multi_ap == 3), this results in the correct credentials being sent anyway. The security to be used for the backaul BSS is fixed to WPA2PSK. The Multi-AP Specification only allows Open and WPA2PSK networks to be configured. Although not stated explicitly, the backhaul link is intended to be always encrypted, hence WPA2PSK. To build the credentials, the credential-building code is essentially copied and simplified. Indeed, the backhaul credentials are always WPA2PSK and never use per-device PSK. All the options set for the fronthaul BSS WPS are simply ignored. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
5 years ago
struct wps_registrar *reg = wps->wps->registrar;
WPS: Make it possible to use PSKs loaded from the PSK file By default, when configuration file set wpa_psk_file, hostapd generated a random PSK for each Enrollee provisioned using WPS and appended that PSK to wpa_psk_file. Changes that behavior by adding a new step. WPS will first try to use a PSK from wpa_psk_file. It will only try PSKs with wps=1 tag. Additionally it'll try to match enrollee's MAC address (if provided). If it fails to find an appropriate PSK, it falls back to generating a new PSK. Signed-off-by: Tomasz Jankowski <tomasz.jankowski@plume.com>
4 years ago
const u8 *pskfile_psk;
char hex[65];
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
Added an option to add (or override) Credential attribute(s) in M8
16 years ago
if (wps->wps->registrar->skip_cred_build)
goto skip_cred_build;
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: * Credential");
WPS ER: Use learnt AP settings to build credentials for an Enrollee
15 years ago
if (wps->use_cred) {
os_memcpy(&wps->cred, wps->use_cred, sizeof(wps->cred));
goto use_provided;
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
os_memset(&wps->cred, 0, sizeof(wps->cred));
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
hostapd: Support Multi-AP backhaul STA onboarding with WPS The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the WPS Registrar offers a different set of credentials (backhaul credentials instead of fronthaul credentials) when the Multi-AP subelement is present in the WFA vendor extension element of the WSC M1 message. Add new configuration options to specify the backhaul credentials for the hostapd internal registrar: multi_ap_backhaul_ssid, multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or 3. When these options are set, pass the backhaul credentials instead of the normal credentials when the Multi-AP subelement is present. Ignore the Multi-AP subelement if the backhaul config options are not set. Note that for an SSID which is fronthaul and backhaul at the same time (i.e., multi_ap == 3), this results in the correct credentials being sent anyway. The security to be used for the backaul BSS is fixed to WPA2PSK. The Multi-AP Specification only allows Open and WPA2PSK networks to be configured. Although not stated explicitly, the backhaul link is intended to be always encrypted, hence WPA2PSK. To build the credentials, the credential-building code is essentially copied and simplified. Indeed, the backhaul credentials are always WPA2PSK and never use per-device PSK. All the options set for the fronthaul BSS WPS are simply ignored. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
5 years ago
if (wps->peer_dev.multi_ap_ext == MULTI_AP_BACKHAUL_STA &&
reg->multi_ap_backhaul_ssid_len) {
wpa_printf(MSG_DEBUG, "WPS: Use backhaul STA credentials");
os_memcpy(wps->cred.ssid, reg->multi_ap_backhaul_ssid,
reg->multi_ap_backhaul_ssid_len);
wps->cred.ssid_len = reg->multi_ap_backhaul_ssid_len;
/* Backhaul is always WPA2PSK */
wps->cred.auth_type = WPS_AUTH_WPA2PSK;
wps->cred.encr_type = WPS_ENCR_AES;
/* Set MAC address in the Credential to be the Enrollee's MAC
* address
*/
os_memcpy(wps->cred.mac_addr, wps->mac_addr_e, ETH_ALEN);
if (reg->multi_ap_backhaul_network_key) {
os_memcpy(wps->cred.key,
reg->multi_ap_backhaul_network_key,
reg->multi_ap_backhaul_network_key_len);
wps->cred.key_len =
reg->multi_ap_backhaul_network_key_len;
}
goto use_provided;
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
os_memcpy(wps->cred.ssid, wps->wps->ssid, wps->wps->ssid_len);
wps->cred.ssid_len = wps->wps->ssid_len;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
/* Select the best authentication and encryption type */
WPS: Do not build Credential with unsupported encr combination on AP It was possible for the Registrar code to generate a Credential with auth type WPAPSK (i.e., WPA v1) with encr type AES if the Enrollee claimed support for WPAPSK and not WPA2PSK while the AP was configured in mixed mode WPAPSK+WPA2PSK regardless of how wpa_pairwise (vs. rsn_pairwise) was set since encr type was selected from the union of wpa_pairwise and rsn_pairwise. This could result in the Enrollee receiving a Credential that it could then not use with the AP. Fix this by masking the encryption types separately on AP based on the wpa_pairwise/rsn_pairwise configuration. In the example case described above, the Credential would get auth=WPAPSK encr=TKIP instead of auth=WPAPSK encr=AES. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
wpa_printf(MSG_DEBUG,
"WPS: Own auth types 0x%x - masked Enrollee auth types 0x%x",
wps->wps->auth_types, wps->auth_type);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps->auth_type & WPS_AUTH_WPA2PSK)
wps->auth_type = WPS_AUTH_WPA2PSK;
Allow TKIP support to be removed from build Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from hostapd and wpa_supplicant builds. This disables use of TKIP as both the pairwise and group cipher. The end result does not interoperate with a WPA(v1)-only device or WPA+WPA2 mixed modes. Signed-off-by: Disha Das <dishad@codeaurora.org>
4 years ago
#ifndef CONFIG_NO_TKIP
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
else if (wps->auth_type & WPS_AUTH_WPAPSK)
wps->auth_type = WPS_AUTH_WPAPSK;
Allow TKIP support to be removed from build Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from hostapd and wpa_supplicant builds. This disables use of TKIP as both the pairwise and group cipher. The end result does not interoperate with a WPA(v1)-only device or WPA+WPA2 mixed modes. Signed-off-by: Disha Das <dishad@codeaurora.org>
4 years ago
#endif /* CONFIG_NO_TKIP */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
else if (wps->auth_type & WPS_AUTH_OPEN)
wps->auth_type = WPS_AUTH_OPEN;
else {
wpa_printf(MSG_DEBUG, "WPS: Unsupported auth_type 0x%x",
wps->auth_type);
return -1;
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
wps->cred.auth_type = wps->auth_type;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Do not build Credential with unsupported encr combination on AP It was possible for the Registrar code to generate a Credential with auth type WPAPSK (i.e., WPA v1) with encr type AES if the Enrollee claimed support for WPAPSK and not WPA2PSK while the AP was configured in mixed mode WPAPSK+WPA2PSK regardless of how wpa_pairwise (vs. rsn_pairwise) was set since encr type was selected from the union of wpa_pairwise and rsn_pairwise. This could result in the Enrollee receiving a Credential that it could then not use with the AP. Fix this by masking the encryption types separately on AP based on the wpa_pairwise/rsn_pairwise configuration. In the example case described above, the Credential would get auth=WPAPSK encr=TKIP instead of auth=WPAPSK encr=AES. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
wpa_printf(MSG_DEBUG,
"WPS: Own encr types 0x%x (rsn: 0x%x, wpa: 0x%x) - masked Enrollee encr types 0x%x",
wps->wps->encr_types, wps->wps->encr_types_rsn,
wps->wps->encr_types_wpa, wps->encr_type);
if (wps->wps->ap && wps->auth_type == WPS_AUTH_WPA2PSK)
wps->encr_type &= wps->wps->encr_types_rsn;
else if (wps->wps->ap && wps->auth_type == WPS_AUTH_WPAPSK)
wps->encr_type &= wps->wps->encr_types_wpa;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps->auth_type == WPS_AUTH_WPA2PSK ||
wps->auth_type == WPS_AUTH_WPAPSK) {
if (wps->encr_type & WPS_ENCR_AES)
wps->encr_type = WPS_ENCR_AES;
Allow TKIP support to be removed from build Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from hostapd and wpa_supplicant builds. This disables use of TKIP as both the pairwise and group cipher. The end result does not interoperate with a WPA(v1)-only device or WPA+WPA2 mixed modes. Signed-off-by: Disha Das <dishad@codeaurora.org>
4 years ago
#ifndef CONFIG_NO_TKIP
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
else if (wps->encr_type & WPS_ENCR_TKIP)
wps->encr_type = WPS_ENCR_TKIP;
Allow TKIP support to be removed from build Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from hostapd and wpa_supplicant builds. This disables use of TKIP as both the pairwise and group cipher. The end result does not interoperate with a WPA(v1)-only device or WPA+WPA2 mixed modes. Signed-off-by: Disha Das <dishad@codeaurora.org>
4 years ago
#endif /* CONFIG_NO_TKIP */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
else {
wpa_printf(MSG_DEBUG, "WPS: No suitable encryption "
"type for WPA/WPA2");
return -1;
}
} else {
WPS: Remove unused WEP related functionality Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth type are not allowed. This made some of the older code unused and that can now be removed to clean up the implementation. There is still one place where WEP is allowed for testing purposes: wpa_supplicant as Registrar trying to configure an AP to use WEP. That is now only allowed in CONFIG_TESTING_OPTIONS=y builds, though. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (wps->encr_type & WPS_ENCR_NONE)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->encr_type = WPS_ENCR_NONE;
WPS: Remove unused WEP related functionality Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth type are not allowed. This made some of the older code unused and that can now be removed to clean up the implementation. There is still one place where WEP is allowed for testing purposes: wpa_supplicant as Registrar trying to configure an AP to use WEP. That is now only allowed in CONFIG_TESTING_OPTIONS=y builds, though. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
#ifdef CONFIG_TESTING_OPTIONS
else if (wps->encr_type & WPS_ENCR_WEP)
wps->encr_type = WPS_ENCR_WEP;
#endif /* CONFIG_TESTING_OPTIONS */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
else {
wpa_printf(MSG_DEBUG, "WPS: No suitable encryption "
"type for non-WPA/WPA2 mode");
return -1;
}
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
wps->cred.encr_type = wps->encr_type;
WPS: Fix MAC Address inside Credential be that of Enrollee's The WPS 1.0h specification is quite unclear on what exactly should be used as the MAC Address value in the Credential and AP Settings. It looks like this should after all be the MAC Address of the Enrollee, so change Registrar implementation to use that address instead of the AP BSSID. In addition, add validation code to the Enrollee implementation to check the MAC Address value inside Credential (and also inside AP Settings) to make sure it matches with the Enrollee's own address. However, since there are deployed implementations that do not follow this interpretation of the spec, only show the mismatch in debug information to avoid breaking interoperability with existing devices.
15 years ago
/*
* Set MAC address in the Credential to be the Enrollee's MAC address
*/
os_memcpy(wps->cred.mac_addr, wps->mac_addr_e, ETH_ALEN);
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
WPS: Added option to disable AP auto-config on first registration This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state.
16 years ago
if (wps->wps->wps_state == WPS_STATE_NOT_CONFIGURED && wps->wps->ap &&
!wps->wps->registrar->disable_auto_conf) {
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
u8 r[16];
/* Generate a random passphrase */
WPS: Extend internal entropy pool help for key/snonce derivation The internal entropy pool was previously used to prevent 4-way handshake in AP mode from completing before sufficient entropy was available to allow secure keys to be generated. This commit extends that workaround for boards that do not provide secure OS level PRNG (e.g., /dev/urandom does not get enough entropy) for the most critical WPS operations by rejecting AP-as-enrollee case (use of AP PIN to learn/modify AP configuration) and new PSK/passphrase generation. This does not have any effect on devices that have an appropriately working OS level PRNG (e.g., /dev/random and /dev/urandom on Linux). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (random_pool_ready() != 1 ||
random_get_bytes(r, sizeof(r)) < 0) {
wpa_printf(MSG_INFO,
"WPS: Could not generate random PSK");
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
return -1;
WPS: Extend internal entropy pool help for key/snonce derivation The internal entropy pool was previously used to prevent 4-way handshake in AP mode from completing before sufficient entropy was available to allow secure keys to be generated. This commit extends that workaround for boards that do not provide secure OS level PRNG (e.g., /dev/urandom does not get enough entropy) for the most critical WPS operations by rejecting AP-as-enrollee case (use of AP PIN to learn/modify AP configuration) and new PSK/passphrase generation. This does not have any effect on devices that have an appropriately working OS level PRNG (e.g., /dev/random and /dev/urandom on Linux). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
os_free(wps->new_psk);
Clean up base64_{encode,decode} pointer types Allow any pointer to be used as source for encoding and use char * as the return value from encoding and input value for decoding to reduce number of type casts needed in the callers. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wps->new_psk = (u8 *) base64_encode(r, sizeof(r),
&wps->new_psk_len);
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
if (wps->new_psk == NULL)
return -1;
wps->new_psk_len--; /* remove newline */
while (wps->new_psk_len &&
wps->new_psk[wps->new_psk_len - 1] == '=')
wps->new_psk_len--;
wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: Generated passphrase",
wps->new_psk, wps->new_psk_len);
os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);
wps->cred.key_len = wps->new_psk_len;
WPS: Make it possible to use PSKs loaded from the PSK file By default, when configuration file set wpa_psk_file, hostapd generated a random PSK for each Enrollee provisioned using WPS and appended that PSK to wpa_psk_file. Changes that behavior by adding a new step. WPS will first try to use a PSK from wpa_psk_file. It will only try PSKs with wps=1 tag. Additionally it'll try to match enrollee's MAC address (if provided). If it fails to find an appropriate PSK, it falls back to generating a new PSK. Signed-off-by: Tomasz Jankowski <tomasz.jankowski@plume.com>
4 years ago
} else if (wps_cp_lookup_pskfile(reg, wps->mac_addr_e, &pskfile_psk)) {
wpa_hexdump_key(MSG_DEBUG, "WPS: Use PSK from wpa_psk_file",
pskfile_psk, PMK_LEN);
wpa_snprintf_hex(hex, sizeof(hex), pskfile_psk, PMK_LEN);
os_memcpy(wps->cred.key, hex, PMK_LEN * 2);
wps->cred.key_len = PMK_LEN * 2;
P2P: Allow per-device PSK to be assigned "wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable use of per-device PSKs in P2P groups. This is disabled by default. When enabled, a default passphrase is still generated by the GO for legacy stations, but all P2P and non-P2P devices using WPS will get a unique PSK. This gives more protection for the P2P group by preventing clients from being able to derive the unicast keys used by other clients. This is also a step towards allowing specific clients to be removed from a group reliably without having to tear down the full group to do so. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
} else if (!wps->wps->registrar->force_per_enrollee_psk &&
wps->use_psk_key && wps->wps->psk_set) {
WPS: Add option for forcing Registrar to use PSK format in Credential The use_psk_key parameter can now be used to force the Registrar to use PSK format instead of ASCII passphrase when building a Credential for the Enrollee. For now, this is not enabled, but it could be enabled either based on external (to WPS) configuration or automatically set based on some WPS attribute values from the Enrollee.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Use PSK format for Network Key");
WPS: Use PMK_LEN instead of hardcoded 32 Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, PMK_LEN);
os_memcpy(wps->cred.key, hex, PMK_LEN * 2);
wps->cred.key_len = PMK_LEN * 2;
P2P: Use SAE+PMF for P2P connection in 6 GHz Use WPA3-Personal (SAE+PMF) for P2P connections in the 6 GHz band to enable the Wi-Fi Display use case on the 6 GHz band without having to use WPA2-Personal (PSK) on that new band. Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
3 years ago
} else if ((!wps->wps->registrar->force_per_enrollee_psk ||
wps->wps->use_passphrase) && wps->wps->network_key) {
wpa_printf(MSG_DEBUG,
"WPS: Use passphrase format for Network key");
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
os_memcpy(wps->cred.key, wps->wps->network_key,
wps->wps->network_key_len);
wps->cred.key_len = wps->wps->network_key_len;
} else if (wps->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
/* Generate a random per-device PSK */
os_free(wps->new_psk);
WPS: Use PMK_LEN instead of hardcoded 32 Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
wps->new_psk_len = PMK_LEN;
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
wps->new_psk = os_malloc(wps->new_psk_len);
if (wps->new_psk == NULL)
return -1;
WPS: Extend internal entropy pool help for key/snonce derivation The internal entropy pool was previously used to prevent 4-way handshake in AP mode from completing before sufficient entropy was available to allow secure keys to be generated. This commit extends that workaround for boards that do not provide secure OS level PRNG (e.g., /dev/urandom does not get enough entropy) for the most critical WPS operations by rejecting AP-as-enrollee case (use of AP PIN to learn/modify AP configuration) and new PSK/passphrase generation. This does not have any effect on devices that have an appropriately working OS level PRNG (e.g., /dev/random and /dev/urandom on Linux). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (random_pool_ready() != 1 ||
random_get_bytes(wps->new_psk, wps->new_psk_len) < 0) {
wpa_printf(MSG_INFO,
"WPS: Could not generate random PSK");
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
os_free(wps->new_psk);
wps->new_psk = NULL;
return -1;
}
wpa_hexdump_key(MSG_DEBUG, "WPS: Generated per-device PSK",
wps->new_psk, wps->new_psk_len);
wpa_snprintf_hex(hex, sizeof(hex), wps->new_psk,
wps->new_psk_len);
os_memcpy(wps->cred.key, hex, wps->new_psk_len * 2);
wps->cred.key_len = wps->new_psk_len * 2;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS ER: Use learnt AP settings to build credentials for an Enrollee
15 years ago
use_provided:
WPS: Make testing operations configurable at runtime Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option (CONFIG_WPS_TESTING) and runtime configuration of which testing operations are enabled. This allows a single binary to be used for various tests. The runtime configuration can be done through control interface with wpa_cli/hostapd_cli commands: Enable extensibility tests: set wps_version_number 0x57 Disable extensibility tests (WPS2 build): set wps_version_number 0x20 Enable extra credential tests: set wps_testing_dummy_cred 1 Disable extra credential tests: set wps_testing_dummy_cred 0
14 years ago
#ifdef CONFIG_WPS_TESTING
if (wps_testing_dummy_cred)
cred = wpabuf_alloc(200);
else
cred = NULL;
WPS: Add a test mechanism for adding an extra credential into M8 This can be used to build a test version of ER that adds an extra Credential attribute into M8.
14 years ago
if (cred) {
struct wps_credential dummy;
wpa_printf(MSG_DEBUG, "WPS: Add dummy credential");
os_memset(&dummy, 0, sizeof(dummy));
os_memcpy(dummy.ssid, "dummy", 5);
dummy.ssid_len = 5;
dummy.auth_type = WPS_AUTH_WPA2PSK;
dummy.encr_type = WPS_ENCR_AES;
os_memcpy(dummy.key, "dummy psk", 9);
dummy.key_len = 9;
os_memcpy(dummy.mac_addr, wps->mac_addr_e, ETH_ALEN);
wps_build_credential(cred, &dummy);
wpa_hexdump_buf(MSG_DEBUG, "WPS: Dummy Credential", cred);
wpabuf_put_be16(msg, ATTR_CRED);
wpabuf_put_be16(msg, wpabuf_len(cred));
wpabuf_put_buf(msg, cred);
wpabuf_free(cred);
}
WPS: Make testing operations configurable at runtime Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option (CONFIG_WPS_TESTING) and runtime configuration of which testing operations are enabled. This allows a single binary to be used for various tests. The runtime configuration can be done through control interface with wpa_cli/hostapd_cli commands: Enable extensibility tests: set wps_version_number 0x57 Disable extensibility tests (WPS2 build): set wps_version_number 0x20 Enable extra credential tests: set wps_testing_dummy_cred 1 Disable extra credential tests: set wps_testing_dummy_cred 0
14 years ago
#endif /* CONFIG_WPS_TESTING */
WPS: Add a test mechanism for adding an extra credential into M8 This can be used to build a test version of ER that adds an extra Credential attribute into M8.
14 years ago
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
cred = wpabuf_alloc(200);
if (cred == NULL)
return -1;
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
if (wps_build_credential(cred, &wps->cred)) {
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(cred);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return -1;
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
wpabuf_put_be16(msg, ATTR_CRED);
wpabuf_put_be16(msg, wpabuf_len(cred));
wpabuf_put_buf(msg, cred);
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(cred);
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
Added an option to add (or override) Credential attribute(s) in M8
16 years ago
skip_cred_build:
if (wps->wps->registrar->extra_cred) {
wpa_printf(MSG_DEBUG, "WPS: * Credential (pre-configured)");
wpabuf_put_buf(msg, wps->wps->registrar->extra_cred);
}
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
return 0;
}
static int wps_build_ap_settings(struct wps_data *wps, struct wpabuf *msg)
{
wpa_printf(MSG_DEBUG, "WPS: * AP Settings");
if (wps_build_credential(msg, &wps->cred))
return -1;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
WPS: Send the credential when learning AP params in registrar role When the supplicant acts as a registrar to learn the access point parameters send the credentials to the wpa_cli interface after receiving the 7th message. This is needed for proper behavior with wps_cred_processing set to 1 or 2. Without this patch, after the 7th message you got the WPS-CRED-RECEIVED notification without the credentials. This was because the cred_attr and cred_attr_len were not filled in in the wps structure. Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
13 years ago
static struct wpabuf * wps_build_ap_cred(struct wps_data *wps)
{
struct wpabuf *msg, *plain;
msg = wpabuf_alloc(1000);
if (msg == NULL)
return NULL;
plain = wpabuf_alloc(200);
if (plain == NULL) {
wpabuf_free(msg);
return NULL;
}
if (wps_build_ap_settings(wps, plain)) {
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(plain);
WPS: Send the credential when learning AP params in registrar role When the supplicant acts as a registrar to learn the access point parameters send the credentials to the wpa_cli interface after receiving the 7th message. This is needed for proper behavior with wps_cred_processing set to 1 or 2. Without this patch, after the 7th message you got the WPS-CRED-RECEIVED notification without the credentials. This was because the cred_attr and cred_attr_len were not filled in in the wps structure. Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
13 years ago
wpabuf_free(msg);
return NULL;
}
wpabuf_put_be16(msg, ATTR_CRED);
wpabuf_put_be16(msg, wpabuf_len(plain));
wpabuf_put_buf(msg, plain);
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(plain);
WPS: Send the credential when learning AP params in registrar role When the supplicant acts as a registrar to learn the access point parameters send the credentials to the wpa_cli interface after receiving the 7th message. This is needed for proper behavior with wps_cred_processing set to 1 or 2. Without this patch, after the 7th message you got the WPS-CRED-RECEIVED notification without the credentials. This was because the cred_attr and cred_attr_len were not filled in in the wps structure. Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
13 years ago
return msg;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
static struct wpabuf * wps_build_m2(struct wps_data *wps)
{
struct wpabuf *msg;
WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB When both the Registrar and Enrollee public key hashes are delivered out-of-band (in NFC connection handover), use abbreviated WPS handshake (skip M3-M8). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
int config_in_m2 = 0;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
Annotate places depending on strong random numbers This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
14 years ago
if (random_get_bytes(wps->nonce_r, WPS_NONCE_LEN) < 0)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return NULL;
wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce",
wps->nonce_r, WPS_NONCE_LEN);
wpa_hexdump(MSG_DEBUG, "WPS: UUID-R", wps->uuid_r, WPS_UUID_LEN);
wpa_printf(MSG_DEBUG, "WPS: Building Message M2");
msg = wpabuf_alloc(1000);
if (msg == NULL)
return NULL;
if (wps_build_version(msg) ||
wps_build_msg_type(msg, WPS_M2) ||
wps_build_enrollee_nonce(wps, msg) ||
wps_build_registrar_nonce(wps, msg) ||
wps_build_uuid_r(wps, msg) ||
wps_build_public_key(wps, msg) ||
wps_derive_keys(wps) ||
wps_build_auth_type_flags(wps, msg) ||
wps_build_encr_type_flags(wps, msg) ||
wps_build_conn_type_flags(wps, msg) ||
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
wps_build_config_methods_r(wps->wps->registrar, msg) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_device_attrs(&wps->wps->dev, msg) ||
WPS: Set currently used RF band in RF Bands attribute According to WSC specification (Ver 2.0.2, section 8.3), RF Bands attribute should be set to the specific RF band used for the current message. Add an option to set wanted band in wps_build_rf_bands() and add a callback to get the current band from wpa_supplicant and hostapd. Signed-hostap: David Spinadel <david.spinadel@intel.com>
11 years ago
wps_build_rf_bands(&wps->wps->dev, msg,
wps->wps->rf_band_cb(wps->wps->cb_ctx)) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_assoc_state(wps, msg) ||
WPS: Moved ProbeReq/AssocReq WPS IE building into wps_common.c This code and the related attributes are not specific to Enrollee functionality, so wps_common.c is the correct location for them.
16 years ago
wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
WPS: Set correct Device Password ID in M2 It looks like we don't set correspondent Device Password ID attribute in M2 message during PBC registration. Without it TG185n STA was not able to connect to our AP in PBC mode. Attached patch fixes this.
16 years ago
wps_build_dev_password_id(msg, wps->dev_pw_id) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_os_version(&wps->wps->dev, msg) ||
WPS: Add multi_ap_subelem to wps_build_wfa_ext() The Multi-AP specification adds a new subelement to the WFA extension element in the WPS exchange. Add an additional parameter to wps_build_wfa_ext() to add this subelement. The subelement is only added if the parameter is nonzero. Note that we don't reuse the existing MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types for WPS vendor extension remains complete. For now, all callers set the multi_ap_subelem parameter to 0. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
5 years ago
wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB When both the Registrar and Enrollee public key hashes are delivered out-of-band (in NFC connection handover), use abbreviated WPS handshake (skip M3-M8). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wpabuf_free(msg);
return NULL;
}
#ifdef CONFIG_WPS_NFC
P2P NFC: Report connection handover as trigger for P2P "NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to report completed NFC negotiated connection handover in which the P2P alternative carrier was selected. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (wps->nfc_pw_token && wps->nfc_pw_token->pk_hash_provided_oob &&
wps->nfc_pw_token->pw_id == DEV_PW_NFC_CONNECTION_HANDOVER) {
WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB When both the Registrar and Enrollee public key hashes are delivered out-of-band (in NFC connection handover), use abbreviated WPS handshake (skip M3-M8). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
/*
* Use abbreviated handshake since public key hash allowed
* Enrollee to validate our public key similarly to how Enrollee
* public key was validated. There is no need to validate Device
* Password in this case.
*/
struct wpabuf *plain = wpabuf_alloc(500);
if (plain == NULL ||
wps_build_cred(wps, plain) ||
wps_build_key_wrap_auth(wps, plain) ||
wps_build_encr_settings(wps, msg, plain)) {
wpabuf_free(msg);
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(plain);
WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB When both the Registrar and Enrollee public key hashes are delivered out-of-band (in NFC connection handover), use abbreviated WPS handshake (skip M3-M8). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
return NULL;
}
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(plain);
WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB When both the Registrar and Enrollee public key hashes are delivered out-of-band (in NFC connection handover), use abbreviated WPS handshake (skip M3-M8). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
config_in_m2 = 1;
}
#endif /* CONFIG_WPS_NFC */
if (wps_build_authenticator(wps, msg)) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpabuf_free(msg);
return NULL;
}
WPS: Fix AP operation with internal Registrar when ER is also active Ignore the pending WPS message from ER (PutWLANReseponse action) if the internal Registrar has already sent out M2.
15 years ago
wps->int_reg = 1;
WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB When both the Registrar and Enrollee public key hashes are delivered out-of-band (in NFC connection handover), use abbreviated WPS handshake (skip M3-M8). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps->state = config_in_m2 ? RECV_DONE : RECV_M3;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return msg;
}
static struct wpabuf * wps_build_m2d(struct wps_data *wps)
{
struct wpabuf *msg;
WPS: Use Config Error 12 to indicate PBC overlap in M2D If PBC session overlap is detected between button press on the registrar and M1 is reception, report session overlap with the Config Error attribute in M2D to the Enrollee.
15 years ago
u16 err = wps->config_error;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Building Message M2D");
msg = wpabuf_alloc(1000);
if (msg == NULL)
return NULL;
WPS: Use Config Error 12 to indicate PBC overlap in M2D If PBC session overlap is detected between button press on the registrar and M1 is reception, report session overlap with the Config Error attribute in M2D to the Enrollee.
15 years ago
if (wps->wps->ap && wps->wps->ap_setup_locked &&
err == WPS_CFG_NO_ERROR)
WPS: Moved ProbeReq/AssocReq WPS IE building into wps_common.c This code and the related attributes are not specific to Enrollee functionality, so wps_common.c is the correct location for them.
16 years ago
err = WPS_CFG_SETUP_LOCKED;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps_build_version(msg) ||
wps_build_msg_type(msg, WPS_M2D) ||
wps_build_enrollee_nonce(wps, msg) ||
wps_build_registrar_nonce(wps, msg) ||
wps_build_uuid_r(wps, msg) ||
wps_build_auth_type_flags(wps, msg) ||
wps_build_encr_type_flags(wps, msg) ||
wps_build_conn_type_flags(wps, msg) ||
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
wps_build_config_methods_r(wps->wps->registrar, msg) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_device_attrs(&wps->wps->dev, msg) ||
WPS: Set currently used RF band in RF Bands attribute According to WSC specification (Ver 2.0.2, section 8.3), RF Bands attribute should be set to the specific RF band used for the current message. Add an option to set wanted band in wps_build_rf_bands() and add a callback to get the current band from wpa_supplicant and hostapd. Signed-hostap: David Spinadel <david.spinadel@intel.com>
11 years ago
wps_build_rf_bands(&wps->wps->dev, msg,
wps->wps->rf_band_cb(wps->wps->cb_ctx)) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_assoc_state(wps, msg) ||
WPS: Moved ProbeReq/AssocReq WPS IE building into wps_common.c This code and the related attributes are not specific to Enrollee functionality, so wps_common.c is the correct location for them.
16 years ago
wps_build_config_error(msg, err) ||
WPS 2.0: Add new attributes and update version negotiation This adds definitions and parsing of the new attributes that were added in WPS 2.0. In addition, the version negotiation is updated to use the new mechanism, i.e., accept everything received and use the new Version2 attribute in transmitted messages.
15 years ago
wps_build_os_version(&wps->wps->dev, msg) ||
WPS: Add multi_ap_subelem to wps_build_wfa_ext() The Multi-AP specification adds a new subelement to the WFA extension element in the WPS exchange. Add an additional parameter to wps_build_wfa_ext() to add this subelement. The subelement is only added if the parameter is nonzero. Note that we don't reuse the existing MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types for WPS vendor extension remains complete. For now, all callers set the multi_ap_subelem parameter to 0. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
5 years ago
wps_build_wfa_ext(msg, 0, NULL, 0, 0)) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpabuf_free(msg);
return NULL;
}
wps->state = RECV_M2D_ACK;
return msg;
}
static struct wpabuf * wps_build_m4(struct wps_data *wps)
{
struct wpabuf *msg, *plain;
wpa_printf(MSG_DEBUG, "WPS: Building Message M4");
WPS: Fix debug prints in wps_derive_psk() error case Check for hmac_sha256() failures and exit from wps_derive_psk() without printing out the derived keys if anything fails. This removes a valgrind warning on uninitialized value when running the ap_wps_m3_oom test case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
if (wps_derive_psk(wps, wps->dev_password, wps->dev_password_len) < 0)
return NULL;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
plain = wpabuf_alloc(200);
if (plain == NULL)
return NULL;
msg = wpabuf_alloc(1000);
if (msg == NULL) {
wpabuf_free(plain);
return NULL;
}
if (wps_build_version(msg) ||
wps_build_msg_type(msg, WPS_M4) ||
wps_build_enrollee_nonce(wps, msg) ||
wps_build_r_hash(wps, msg) ||
wps_build_r_snonce1(wps, plain) ||
wps_build_key_wrap_auth(wps, plain) ||
wps_build_encr_settings(wps, msg, plain) ||
WPS: Add multi_ap_subelem to wps_build_wfa_ext() The Multi-AP specification adds a new subelement to the WFA extension element in the WPS exchange. Add an additional parameter to wps_build_wfa_ext() to add this subelement. The subelement is only added if the parameter is nonzero. Note that we don't reuse the existing MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types for WPS vendor extension remains complete. For now, all callers set the multi_ap_subelem parameter to 0. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
5 years ago
wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_authenticator(wps, msg)) {
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(plain);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpabuf_free(msg);
return NULL;
}
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(plain);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->state = RECV_M5;
return msg;
}
static struct wpabuf * wps_build_m6(struct wps_data *wps)
{
struct wpabuf *msg, *plain;
wpa_printf(MSG_DEBUG, "WPS: Building Message M6");
plain = wpabuf_alloc(200);
if (plain == NULL)
return NULL;
msg = wpabuf_alloc(1000);
if (msg == NULL) {
wpabuf_free(plain);
return NULL;
}
if (wps_build_version(msg) ||
wps_build_msg_type(msg, WPS_M6) ||
wps_build_enrollee_nonce(wps, msg) ||
wps_build_r_snonce2(wps, plain) ||
wps_build_key_wrap_auth(wps, plain) ||
wps_build_encr_settings(wps, msg, plain) ||
WPS: Add multi_ap_subelem to wps_build_wfa_ext() The Multi-AP specification adds a new subelement to the WFA extension element in the WPS exchange. Add an additional parameter to wps_build_wfa_ext() to add this subelement. The subelement is only added if the parameter is nonzero. Note that we don't reuse the existing MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types for WPS vendor extension remains complete. For now, all callers set the multi_ap_subelem parameter to 0. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
5 years ago
wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_authenticator(wps, msg)) {
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(plain);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpabuf_free(msg);
return NULL;
}
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(plain);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->wps_pin_revealed = 1;
wps->state = RECV_M7;
return msg;
}
static struct wpabuf * wps_build_m8(struct wps_data *wps)
{
struct wpabuf *msg, *plain;
wpa_printf(MSG_DEBUG, "WPS: Building Message M8");
plain = wpabuf_alloc(500);
if (plain == NULL)
return NULL;
msg = wpabuf_alloc(1000);
if (msg == NULL) {
wpabuf_free(plain);
return NULL;
}
if (wps_build_version(msg) ||
wps_build_msg_type(msg, WPS_M8) ||
wps_build_enrollee_nonce(wps, msg) ||
WPS ER: Use learnt AP settings to build credentials for an Enrollee
15 years ago
((wps->wps->ap || wps->er) && wps_build_cred(wps, plain)) ||
(!wps->wps->ap && !wps->er && wps_build_ap_settings(wps, plain)) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_key_wrap_auth(wps, plain) ||
wps_build_encr_settings(wps, msg, plain) ||
WPS: Add multi_ap_subelem to wps_build_wfa_ext() The Multi-AP specification adds a new subelement to the WFA extension element in the WPS exchange. Add an additional parameter to wps_build_wfa_ext() to add this subelement. The subelement is only added if the parameter is nonzero. Note that we don't reuse the existing MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types for WPS vendor extension remains complete. For now, all callers set the multi_ap_subelem parameter to 0. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
5 years ago
wps_build_wfa_ext(msg, 0, NULL, 0, 0) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_build_authenticator(wps, msg)) {
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(plain);
wpabuf_clear_free(msg);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return NULL;
}
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(plain);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->state = RECV_DONE;
return msg;
}
Added Doxygen documentation for WPS code
16 years ago
struct wpabuf * wps_registrar_get_msg(struct wps_data *wps,
enum wsc_op_code *op_code)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
struct wpabuf *msg;
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
#ifdef CONFIG_WPS_UPNP
WPS: Fix AP operation with internal Registrar when ER is also active Ignore the pending WPS message from ER (PutWLANReseponse action) if the internal Registrar has already sent out M2.
15 years ago
if (!wps->int_reg && wps->wps->wps_upnp) {
WPS UPnP: Added support for multiple external Registrars Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3.
16 years ago
struct upnp_pending_message *p, *prev = NULL;
if (wps->ext_reg > 1)
wps_registrar_free_pending_m2(wps->wps);
p = wps->wps->upnp_msgs;
/* TODO: check pending message MAC address */
while (p && p->next) {
prev = p;
p = p->next;
}
if (p) {
wpa_printf(MSG_DEBUG, "WPS: Use pending message from "
"UPnP");
if (prev)
prev->next = NULL;
else
wps->wps->upnp_msgs = NULL;
msg = p->msg;
WPS: Fix OpCode when proxying WSC_ACK or WSC_NACK from ER Previously, WSC_MSG was hardcoded for every message from ER, but this needs to be changed based on message type to send a valid message to the Enrollee via EAP transport.
15 years ago
switch (p->type) {
case WPS_WSC_ACK:
*op_code = WSC_ACK;
break;
case WPS_WSC_NACK:
*op_code = WSC_NACK;
break;
default:
*op_code = WSC_MSG;
break;
}
WPS UPnP: Added support for multiple external Registrars Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3.
16 years ago
os_free(p);
if (wps->ext_reg == 0)
wps->ext_reg = 1;
return msg;
}
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
}
if (wps->ext_reg) {
wpa_printf(MSG_DEBUG, "WPS: Using external Registrar, but no "
"pending message available");
return NULL;
}
#endif /* CONFIG_WPS_UPNP */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
switch (wps->state) {
case SEND_M2:
if (wps_get_dev_password(wps) < 0)
msg = wps_build_m2d(wps);
else
msg = wps_build_m2(wps);
*op_code = WSC_MSG;
break;
case SEND_M2D:
msg = wps_build_m2d(wps);
*op_code = WSC_MSG;
break;
case SEND_M4:
msg = wps_build_m4(wps);
*op_code = WSC_MSG;
break;
case SEND_M6:
msg = wps_build_m6(wps);
*op_code = WSC_MSG;
break;
case SEND_M8:
msg = wps_build_m8(wps);
*op_code = WSC_MSG;
break;
case RECV_DONE:
msg = wps_build_wsc_ack(wps);
*op_code = WSC_ACK;
break;
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
case SEND_WSC_NACK:
msg = wps_build_wsc_nack(wps);
*op_code = WSC_NACK;
break;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
default:
wpa_printf(MSG_DEBUG, "WPS: Unsupported state %d for building "
"a message", wps->state);
msg = NULL;
break;
}
if (*op_code == WSC_MSG && msg) {
/* Save a copy of the last message for Authenticator derivation
*/
wpabuf_free(wps->last_msg);
wps->last_msg = wpabuf_dup(msg);
}
return msg;
}
static int wps_process_enrollee_nonce(struct wps_data *wps, const u8 *e_nonce)
{
if (e_nonce == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Enrollee Nonce received");
return -1;
}
os_memcpy(wps->nonce_e, e_nonce, WPS_NONCE_LEN);
wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce",
wps->nonce_e, WPS_NONCE_LEN);
return 0;
}
static int wps_process_registrar_nonce(struct wps_data *wps, const u8 *r_nonce)
{
if (r_nonce == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Registrar Nonce received");
return -1;
}
if (os_memcmp(wps->nonce_r, r_nonce, WPS_NONCE_LEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: Invalid Registrar Nonce received");
return -1;
}
return 0;
}
static int wps_process_uuid_e(struct wps_data *wps, const u8 *uuid_e)
{
if (uuid_e == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No UUID-E received");
return -1;
}
os_memcpy(wps->uuid_e, uuid_e, WPS_UUID_LEN);
wpa_hexdump(MSG_DEBUG, "WPS: UUID-E", wps->uuid_e, WPS_UUID_LEN);
return 0;
}
static int wps_process_dev_password_id(struct wps_data *wps, const u8 *pw_id)
{
if (pw_id == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Device Password ID received");
return -1;
}
wps->dev_pw_id = WPA_GET_BE16(pw_id);
wpa_printf(MSG_DEBUG, "WPS: Device Password ID %d", wps->dev_pw_id);
return 0;
}
static int wps_process_e_hash1(struct wps_data *wps, const u8 *e_hash1)
{
if (e_hash1 == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No E-Hash1 received");
return -1;
}
os_memcpy(wps->peer_hash1, e_hash1, WPS_HASH_LEN);
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", wps->peer_hash1, WPS_HASH_LEN);
return 0;
}
static int wps_process_e_hash2(struct wps_data *wps, const u8 *e_hash2)
{
if (e_hash2 == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No E-Hash2 received");
return -1;
}
os_memcpy(wps->peer_hash2, e_hash2, WPS_HASH_LEN);
wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", wps->peer_hash2, WPS_HASH_LEN);
return 0;
}
static int wps_process_e_snonce1(struct wps_data *wps, const u8 *e_snonce1)
{
u8 hash[SHA256_MAC_LEN];
const u8 *addr[4];
size_t len[4];
if (e_snonce1 == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No E-SNonce1 received");
return -1;
}
wpa_hexdump_key(MSG_DEBUG, "WPS: E-SNonce1", e_snonce1,
WPS_SECRET_NONCE_LEN);
/* E-Hash1 = HMAC_AuthKey(E-S1 || PSK1 || PK_E || PK_R) */
addr[0] = e_snonce1;
len[0] = WPS_SECRET_NONCE_LEN;
addr[1] = wps->psk1;
len[1] = WPS_PSK_LEN;
addr[2] = wpabuf_head(wps->dh_pubkey_e);
len[2] = wpabuf_len(wps->dh_pubkey_e);
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
WPS: Use os_memcmp_const() for hash/password comparisons This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (os_memcmp_const(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: E-Hash1 derived from E-S1 does "
"not match with the pre-committed value");
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_pwd_auth_fail_event(wps->wps, 0, 1, wps->mac_addr_e);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return -1;
}
wpa_printf(MSG_DEBUG, "WPS: Enrollee proved knowledge of the first "
"half of the device password");
return 0;
}
static int wps_process_e_snonce2(struct wps_data *wps, const u8 *e_snonce2)
{
u8 hash[SHA256_MAC_LEN];
const u8 *addr[4];
size_t len[4];
if (e_snonce2 == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No E-SNonce2 received");
return -1;
}
wpa_hexdump_key(MSG_DEBUG, "WPS: E-SNonce2", e_snonce2,
WPS_SECRET_NONCE_LEN);
/* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
addr[0] = e_snonce2;
len[0] = WPS_SECRET_NONCE_LEN;
addr[1] = wps->psk2;
len[1] = WPS_PSK_LEN;
addr[2] = wpabuf_head(wps->dh_pubkey_e);
len[2] = wpabuf_len(wps->dh_pubkey_e);
addr[3] = wpabuf_head(wps->dh_pubkey_r);
len[3] = wpabuf_len(wps->dh_pubkey_r);
hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
WPS: Use os_memcmp_const() for hash/password comparisons This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (os_memcmp_const(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: E-Hash2 derived from E-S2 does "
"not match with the pre-committed value");
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
wps_registrar_invalidate_pin(wps->wps->registrar, wps->uuid_e);
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_pwd_auth_fail_event(wps->wps, 0, 2, wps->mac_addr_e);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return -1;
}
wpa_printf(MSG_DEBUG, "WPS: Enrollee proved knowledge of the second "
"half of the device password");
wps->wps_pin_revealed = 0;
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
wps_registrar_unlock_pin(wps->wps->registrar, wps->uuid_e);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Allow wildcard UUID PIN to be used twice Previously, PINs that are added with a wildcard UUID were allowed to be used only by a single Enrollee. However, there may be more than one Enrollee trying to connect when an AP indicates that active Registrar is present. As a minimal workaround, allow two Enrollees to try to use the wildcard PIN. More complete extension could use timeout and allow larger set of Enrollees to try to connect (while still keeping in mind PIN disabling requirement after 10 failed attempts). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
/*
* In case wildcard PIN is used and WPS handshake succeeds in the first
* attempt, wps_registrar_unlock_pin() would not free the PIN, so make
* sure the PIN gets invalidated here.
*/
wps_registrar_invalidate_pin(wps->wps->registrar, wps->uuid_e);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
static int wps_process_mac_addr(struct wps_data *wps, const u8 *mac_addr)
{
if (mac_addr == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No MAC Address received");
return -1;
}
wpa_printf(MSG_DEBUG, "WPS: Enrollee MAC Address " MACSTR,
MAC2STR(mac_addr));
os_memcpy(wps->mac_addr_e, mac_addr, ETH_ALEN);
os_memcpy(wps->peer_dev.mac_addr, mac_addr, ETH_ALEN);
return 0;
}
static int wps_process_pubkey(struct wps_data *wps, const u8 *pk,
size_t pk_len)
{
if (pk == NULL || pk_len == 0) {
wpa_printf(MSG_DEBUG, "WPS: No Public Key received");
return -1;
}
wpabuf_free(wps->dh_pubkey_e);
wps->dh_pubkey_e = wpabuf_alloc_copy(pk, pk_len);
if (wps->dh_pubkey_e == NULL)
return -1;
return 0;
}
static int wps_process_auth_type_flags(struct wps_data *wps, const u8 *auth)
{
u16 auth_types;
if (auth == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Authentication Type flags "
"received");
return -1;
}
auth_types = WPA_GET_BE16(auth);
wpa_printf(MSG_DEBUG, "WPS: Enrollee Authentication Type flags 0x%x",
auth_types);
WPS: Add a workaround for WPA2PSK missing from Enrollee auth flags Some deployed implementations seem to advertise incorrect information in this attribute. A value of 0x1b (WPA2 + WPA + WPAPSK + OPEN, but no WPA2PSK) has been reported to be used. Add WPA2PSK to the list to avoid issues with building Credentials that do not use the strongest actually supported authentication option (that device does support WPA2PSK even when it does not claim it here). Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
#ifdef WPS_WORKAROUNDS
/*
* Some deployed implementations seem to advertise incorrect information
* in this attribute. A value of 0x1b (WPA2 + WPA + WPAPSK + OPEN, but
* no WPA2PSK) has been reported to be used. Add WPA2PSK to the list to
* avoid issues with building Credentials that do not use the strongest
* actually supported authentication option (that device does support
* WPA2PSK even when it does not claim it here).
*/
if ((auth_types &
(WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK)) ==
(WPS_AUTH_WPA2 | WPS_AUTH_WPAPSK)) {
wpa_printf(MSG_DEBUG,
"WPS: Workaround - assume Enrollee supports WPA2PSK based on claimed WPA2 support");
auth_types |= WPS_AUTH_WPA2PSK;
}
#endif /* WPS_WORKAROUNDS */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->auth_type = wps->wps->auth_types & auth_types;
if (wps->auth_type == 0) {
wpa_printf(MSG_DEBUG, "WPS: No match in supported "
WPS: Added more verbose debug info on authentication type mismatch
16 years ago
"authentication types (own 0x%x Enrollee 0x%x)",
wps->wps->auth_types, auth_types);
WPS: Add a workaround for auth/encr type flags mismatches Some deployed implementations seem to advertise incorrect information in this attribute. For example, Linksys WRT350N seems to have a byteorder bug that breaks this negotiation. In order to interoperate with existing implementations, assume that the Enrollee supports everything we do.
15 years ago
#ifdef WPS_WORKAROUNDS
/*
* Some deployed implementations seem to advertise incorrect
* information in this attribute. For example, Linksys WRT350N
* seems to have a byteorder bug that breaks this negotiation.
* In order to interoperate with existing implementations,
* assume that the Enrollee supports everything we do.
*/
wpa_printf(MSG_DEBUG, "WPS: Workaround - assume Enrollee "
"does not advertise supported authentication types "
"correctly");
wps->auth_type = wps->wps->auth_types;
#else /* WPS_WORKAROUNDS */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return -1;
WPS: Add a workaround for auth/encr type flags mismatches Some deployed implementations seem to advertise incorrect information in this attribute. For example, Linksys WRT350N seems to have a byteorder bug that breaks this negotiation. In order to interoperate with existing implementations, assume that the Enrollee supports everything we do.
15 years ago
#endif /* WPS_WORKAROUNDS */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
return 0;
}
static int wps_process_encr_type_flags(struct wps_data *wps, const u8 *encr)
{
u16 encr_types;
if (encr == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Encryption Type flags "
"received");
return -1;
}
encr_types = WPA_GET_BE16(encr);
wpa_printf(MSG_DEBUG, "WPS: Enrollee Encryption Type flags 0x%x",
encr_types);
wps->encr_type = wps->wps->encr_types & encr_types;
if (wps->encr_type == 0) {
wpa_printf(MSG_DEBUG, "WPS: No match in supported "
WPS: Add a workaround for auth/encr type flags mismatches Some deployed implementations seem to advertise incorrect information in this attribute. For example, Linksys WRT350N seems to have a byteorder bug that breaks this negotiation. In order to interoperate with existing implementations, assume that the Enrollee supports everything we do.
15 years ago
"encryption types (own 0x%x Enrollee 0x%x)",
wps->wps->encr_types, encr_types);
#ifdef WPS_WORKAROUNDS
/*
* Some deployed implementations seem to advertise incorrect
* information in this attribute. For example, Linksys WRT350N
* seems to have a byteorder bug that breaks this negotiation.
* In order to interoperate with existing implementations,
* assume that the Enrollee supports everything we do.
*/
wpa_printf(MSG_DEBUG, "WPS: Workaround - assume Enrollee "
"does not advertise supported encryption types "
"correctly");
wps->encr_type = wps->wps->encr_types;
#else /* WPS_WORKAROUNDS */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return -1;
WPS: Add a workaround for auth/encr type flags mismatches Some deployed implementations seem to advertise incorrect information in this attribute. For example, Linksys WRT350N seems to have a byteorder bug that breaks this negotiation. In order to interoperate with existing implementations, assume that the Enrollee supports everything we do.
15 years ago
#endif /* WPS_WORKAROUNDS */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
return 0;
}
static int wps_process_conn_type_flags(struct wps_data *wps, const u8 *conn)
{
if (conn == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Connection Type flags "
"received");
return -1;
}
wpa_printf(MSG_DEBUG, "WPS: Enrollee Connection Type flags 0x%x",
*conn);
return 0;
}
static int wps_process_config_methods(struct wps_data *wps, const u8 *methods)
{
u16 m;
if (methods == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Config Methods received");
return -1;
}
m = WPA_GET_BE16(methods);
WPS: Prefer PSK format if Enrollee does not advertise Display Since an Enrollee that does not advertise display as one of the Config Methods is unlikely to be able to show the ASCII passphrase to the user, prefer PSK format with such an Enrollee to reduce key derivation time. This can help with some low-powered devices that would take long time to derive the PSK from the passphrase.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Enrollee Config Methods 0x%x"
"%s%s%s%s%s%s%s%s%s", m,
m & WPS_CONFIG_USBA ? " [USBA]" : "",
m & WPS_CONFIG_ETHERNET ? " [Ethernet]" : "",
m & WPS_CONFIG_LABEL ? " [Label]" : "",
m & WPS_CONFIG_DISPLAY ? " [Display]" : "",
m & WPS_CONFIG_EXT_NFC_TOKEN ? " [Ext NFC Token]" : "",
m & WPS_CONFIG_INT_NFC_TOKEN ? " [Int NFC Token]" : "",
m & WPS_CONFIG_NFC_INTERFACE ? " [NFC]" : "",
m & WPS_CONFIG_PUSHBUTTON ? " [PBC]" : "",
m & WPS_CONFIG_KEYPAD ? " [Keypad]" : "");
if (!(m & WPS_CONFIG_DISPLAY) && !wps->use_psk_key) {
/*
* The Enrollee does not have a display so it is unlikely to be
* able to show the passphrase to a user and as such, could
* benefit from receiving PSK to reduce key derivation time.
*/
wpa_printf(MSG_DEBUG, "WPS: Prefer PSK format key due to "
"Enrollee not supporting display");
wps->use_psk_key = 1;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return 0;
}
static int wps_process_wps_state(struct wps_data *wps, const u8 *state)
{
if (state == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Wi-Fi Protected Setup State "
"received");
return -1;
}
wpa_printf(MSG_DEBUG, "WPS: Enrollee Wi-Fi Protected Setup State %d",
*state);
return 0;
}
static int wps_process_assoc_state(struct wps_data *wps, const u8 *assoc)
{
u16 a;
if (assoc == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Association State received");
return -1;
}
a = WPA_GET_BE16(assoc);
wpa_printf(MSG_DEBUG, "WPS: Enrollee Association State %d", a);
return 0;
}
static int wps_process_config_error(struct wps_data *wps, const u8 *err)
{
u16 e;
if (err == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Configuration Error received");
return -1;
}
e = WPA_GET_BE16(err);
wpa_printf(MSG_DEBUG, "WPS: Enrollee Configuration Error %d", e);
return 0;
}
P2P: Allow WPS_PBC command on GO to select on P2P Device Address An optional parameter, p2p_dev_addr, can now be given to WPS_PBC command on P2P GO to indicate that only the P2P device with the specified P2P Device Address is allowed to connect using PBC. If any other device tries to use PBC, a session overlap is indicated and the negotiation is rejected with M2D. The command format for specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g., WPS_PBC p2p_dev_addr=02:03:04:05:06:07 In addition, show the PBC session overlap indication as a WPS failure event on an AP/GO interface. This particular new case shows up as "WPS-FAIL msg=4 config_error=12".
14 years ago
static int wps_registrar_p2p_dev_addr_match(struct wps_data *wps)
{
#ifdef CONFIG_P2P
struct wps_registrar *reg = wps->wps->registrar;
if (is_zero_ether_addr(reg->p2p_dev_addr))
return 1; /* no filtering in use */
if (os_memcmp(reg->p2p_dev_addr, wps->p2p_dev_addr, ETH_ALEN) != 0) {
wpa_printf(MSG_DEBUG, "WPS: No match on P2P Device Address "
"filtering for PBC: expected " MACSTR " was "
MACSTR " - indicate PBC session overlap",
MAC2STR(reg->p2p_dev_addr),
MAC2STR(wps->p2p_dev_addr));
return 0;
}
#endif /* CONFIG_P2P */
return 1;
}
WPS: Ignore PBC session overlap if a specific Enrollee is selected This allows the user to complete WPS provisioning using PBC by selected a specific Enrollee even if there are other Enrollees in active PBC mode at the same time. The other Enrollees will be rejected should they try to connect at the same time.
13 years ago
static int wps_registrar_skip_overlap(struct wps_data *wps)
{
#ifdef CONFIG_P2P
struct wps_registrar *reg = wps->wps->registrar;
if (is_zero_ether_addr(reg->p2p_dev_addr))
return 0; /* no specific Enrollee selected */
if (os_memcmp(reg->p2p_dev_addr, wps->p2p_dev_addr, ETH_ALEN) == 0) {
wpa_printf(MSG_DEBUG, "WPS: Skip PBC overlap due to selected "
"Enrollee match");
return 1;
}
#endif /* CONFIG_P2P */
return 0;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
static enum wps_process_res wps_process_m1(struct wps_data *wps,
struct wps_parse_attr *attr)
{
wpa_printf(MSG_DEBUG, "WPS: Received M1");
if (wps->state != RECV_M1) {
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
"receiving M1", wps->state);
return WPS_FAILURE;
}
if (wps_process_uuid_e(wps, attr->uuid_e) ||
wps_process_mac_addr(wps, attr->mac_addr) ||
wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
wps_process_pubkey(wps, attr->public_key, attr->public_key_len) ||
wps_process_auth_type_flags(wps, attr->auth_type_flags) ||
wps_process_encr_type_flags(wps, attr->encr_type_flags) ||
wps_process_conn_type_flags(wps, attr->conn_type_flags) ||
wps_process_config_methods(wps, attr->config_methods) ||
wps_process_wps_state(wps, attr->wps_state) ||
wps_process_device_attrs(&wps->peer_dev, attr) ||
WPS: Moved RF Bands processing into wps_dev_attr.c This allows the RF Bands attribute to be configured and stored.
16 years ago
wps_process_rf_bands(&wps->peer_dev, attr->rf_bands) ||
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps_process_assoc_state(wps, attr->assoc_state) ||
wps_process_dev_password_id(wps, attr->dev_password_id) ||
wps_process_config_error(wps, attr->config_error) ||
wps_process_os_version(&wps->peer_dev, attr->os_version))
return WPS_FAILURE;
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
16 years ago
if (wps->dev_pw_id < 0x10 &&
wps->dev_pw_id != DEV_PW_DEFAULT &&
P2PS: WPS changes needed for P2PS default PIN This provides additional WPS definitions and rules for negotiating use of P2PS default PIN configuration method. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wps->dev_pw_id != DEV_PW_P2PS_DEFAULT &&
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->dev_pw_id != DEV_PW_USER_SPECIFIED &&
wps->dev_pw_id != DEV_PW_MACHINE_SPECIFIED &&
wps->dev_pw_id != DEV_PW_REGISTRAR_SPECIFIED &&
WPS NFC: Update NFC connection handover design The new Device Password ID 7 is used to indicate that NFC connection handover is used with DH public key hash from both devices being exchanged over the NFC connection handover messages. This allows an abbreviated M1-M2 handshake to be used since Device Password does not need to be used when DH is authenticated with the out-of-band information (validation of the public key against the hash). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
#ifdef CONFIG_WPS_NFC
wps->dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER &&
#endif /* CONFIG_WPS_NFC */
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
(wps->dev_pw_id != DEV_PW_PUSHBUTTON ||
!wps->wps->registrar->pbc)) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Unsupported Device Password ID %d",
wps->dev_pw_id);
wps->state = SEND_M2D;
return WPS_CONTINUE;
WPS: Add UFD support (USBA out-of-band mechanism) This patch is only for the following use case: - Enrollee = wpa_supplicant - Registrar = hostapd internal Registrar Following UFD methods can be used: - Enrollee PIN with UFD - Registrar PIN with UFD - unencrypted credential with UFD Encrypted credentials are not supported. Enrollee side operation: wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r Registrar side operation: ./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method> oob method = pin-e/pin-r/cred hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
16 years ago
}
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_WPS_NFC
WPS NFC: Update NFC connection handover design The new Device Password ID 7 is used to indicate that NFC connection handover is used with DH public key hash from both devices being exchanged over the NFC connection handover messages. This allows an abbreviated M1-M2 handshake to be used since Device Password does not need to be used when DH is authenticated with the out-of-band information (validation of the public key against the hash). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (wps->dev_pw_id >= 0x10 ||
wps->dev_pw_id == DEV_PW_NFC_CONNECTION_HANDOVER) {
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
struct wps_nfc_pw_token *token;
const u8 *addr[1];
u8 hash[WPS_HASH_LEN];
WPS NFC: Add more debug for NFC Password Token matching Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wpa_printf(MSG_DEBUG, "WPS: Searching for NFC token match for id=%d (ctx %p registrar %p)",
wps->dev_pw_id, wps->wps, wps->wps->registrar);
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
token = wps_get_nfc_pw_token(
&wps->wps->registrar->nfc_pw_tokens, wps->dev_pw_id);
P2P NFC: Report connection handover as trigger for P2P "NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to report completed NFC negotiated connection handover in which the P2P alternative carrier was selected. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (token && token->peer_pk_hash_known) {
WPS: Reduce struct wps_parse_attr size Use shorter variables for storing the attribute lengths and group these variables together to allow compiler to pack them more efficiently. This reduces the struct size from 960 bytes to 760 bytes in 64-bit builds. This reduces stack use in number of functions. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
size_t len;
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_printf(MSG_DEBUG, "WPS: Found matching NFC "
"Password Token");
dl_list_del(&token->list);
wps->nfc_pw_token = token;
addr[0] = attr->public_key;
WPS: Reduce struct wps_parse_attr size Use shorter variables for storing the attribute lengths and group these variables together to allow compiler to pack them more efficiently. This reduces the struct size from 960 bytes to 760 bytes in 64-bit builds. This reduces stack use in number of functions. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
len = attr->public_key_len;
sha256_vector(1, addr, &len, hash);
WPS: Use os_memcmp_const() for hash/password comparisons This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (os_memcmp_const(hash,
wps->nfc_pw_token->pubkey_hash,
WPS_OOB_PUBKEY_HASH_LEN) != 0) {
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_printf(MSG_ERROR, "WPS: Public Key hash "
"mismatch");
WPS NFC: Send M2D with config error 20 on pkhash mismatch Instead of terminating the WPS protocol immediately, go through an M2D exchange to notify Enrollee of the public key hash mismatch. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps->state = SEND_M2D;
wps->config_error =
WPS_CFG_PUBLIC_KEY_HASH_MISMATCH;
return WPS_CONTINUE;
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
}
P2P NFC: Report connection handover as trigger for P2P "NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to report completed NFC negotiated connection handover in which the P2P alternative carrier was selected. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
} else if (token) {
wpa_printf(MSG_DEBUG, "WPS: Found matching NFC "
"Password Token (no peer PK hash)");
wps->nfc_pw_token = token;
P2P NFC: Enable own NFC Tag on GO Registrar When "P2P_SET nfc_tag 1" is used to enable the own NFC Tag for P2P, also enable it for any running GO interface. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
} else if (wps->dev_pw_id >= 0x10 &&
wps->wps->ap_nfc_dev_pw_id == wps->dev_pw_id &&
wps->wps->ap_nfc_dev_pw) {
wpa_printf(MSG_DEBUG, "WPS: Found match with own NFC Password Token");
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
}
}
#endif /* CONFIG_WPS_NFC */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps->dev_pw_id == DEV_PW_PUSHBUTTON) {
WPS: Ignore PBC session overlap if a specific Enrollee is selected This allows the user to complete WPS provisioning using PBC by selected a specific Enrollee even if there are other Enrollees in active PBC mode at the same time. The other Enrollees will be rejected should they try to connect at the same time.
13 years ago
if ((wps->wps->registrar->force_pbc_overlap ||
wps_registrar_pbc_overlap(wps->wps->registrar,
wps->mac_addr_e, wps->uuid_e) ||
!wps_registrar_p2p_dev_addr_match(wps)) &&
!wps_registrar_skip_overlap(wps)) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: PBC overlap - deny PBC "
"negotiation");
wps->state = SEND_M2D;
WPS: Use Config Error 12 to indicate PBC overlap in M2D If PBC session overlap is detected between button press on the registrar and M1 is reception, report session overlap with the Config Error attribute in M2D to the Enrollee.
15 years ago
wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
WPS: Add PBC overlap and timeout events from WPS module This provides information about PBC mode result from the WPS Registrar module. This could be used, e.g., to provide a user notification on the AP UI on PBC failures.
15 years ago
wps_pbc_overlap_event(wps->wps);
P2P: Allow WPS_PBC command on GO to select on P2P Device Address An optional parameter, p2p_dev_addr, can now be given to WPS_PBC command on P2P GO to indicate that only the P2P device with the specified P2P Device Address is allowed to connect using PBC. If any other device tries to use PBC, a session overlap is indicated and the negotiation is rejected with M2D. The command format for specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g., WPS_PBC p2p_dev_addr=02:03:04:05:06:07 In addition, show the PBC session overlap indication as a WPS failure event on an AP/GO interface. This particular new case shows up as "WPS-FAIL msg=4 config_error=12".
14 years ago
wps_fail_event(wps->wps, WPS_M1,
WPS_CFG_MULTIPLE_PBC_DETECTED,
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
WPS_EI_NO_ERROR, wps->mac_addr_e);
WPS: Abort ongoing PBC protocol run if session overlap is detected If PBC session overlap is detected during an ongoing PBC protocol run, reject the run (if M8, i.e., credentials, have not yet been sent). This provides a bit longer monitoring time at the Registrar for PBC mode to catch some cases where two Enrollees in PBC mode try to enroll credentials at about the same time.
15 years ago
wps->wps->registrar->force_pbc_overlap = 1;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return WPS_CONTINUE;
}
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
wps_registrar_add_pbc_session(wps->wps->registrar,
wps->mac_addr_e, wps->uuid_e);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->pbc = 1;
}
WPS: Add a workaround for OS X 10.6.3 and .4 (use PSK, not passphrase) It looks like 10.6.3 and 10.6.4 do not like to receive Network Key with WPA passphrase while PSK format still works. Use peer information from M1 to figure out whether the Enrollee is likely to be OS X and if so, force PSK format to be used for Network Key.
14 years ago
#ifdef WPS_WORKAROUNDS
/*
* It looks like Mac OS X 10.6.3 and 10.6.4 do not like Network Key in
* passphrase format. To avoid interop issues, force PSK format to be
* used.
*/
if (!wps->use_psk_key &&
wps->peer_dev.manufacturer &&
os_strncmp(wps->peer_dev.manufacturer, "Apple ", 6) == 0 &&
wps->peer_dev.model_name &&
os_strcmp(wps->peer_dev.model_name, "AirPort") == 0) {
wpa_printf(MSG_DEBUG, "WPS: Workaround - Force Network Key in "
"PSK format");
wps->use_psk_key = 1;
}
#endif /* WPS_WORKAROUNDS */
hostapd: Support Multi-AP backhaul STA onboarding with WPS The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the WPS Registrar offers a different set of credentials (backhaul credentials instead of fronthaul credentials) when the Multi-AP subelement is present in the WFA vendor extension element of the WSC M1 message. Add new configuration options to specify the backhaul credentials for the hostapd internal registrar: multi_ap_backhaul_ssid, multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or 3. When these options are set, pass the backhaul credentials instead of the normal credentials when the Multi-AP subelement is present. Ignore the Multi-AP subelement if the backhaul config options are not set. Note that for an SSID which is fronthaul and backhaul at the same time (i.e., multi_ap == 3), this results in the correct credentials being sent anyway. The security to be used for the backaul BSS is fixed to WPA2PSK. The Multi-AP Specification only allows Open and WPA2PSK networks to be configured. Although not stated explicitly, the backhaul link is intended to be always encrypted, hence WPA2PSK. To build the credentials, the credential-building code is essentially copied and simplified. Indeed, the backhaul credentials are always WPA2PSK and never use per-device PSK. All the options set for the fronthaul BSS WPS are simply ignored. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
5 years ago
wps_process_vendor_ext_m1(&wps->peer_dev, attr->multi_ap_ext);
WPS: Add a workaround for OS X 10.6.3 and .4 (use PSK, not passphrase) It looks like 10.6.3 and 10.6.4 do not like to receive Network Key with WPA passphrase while PSK format still works. Use peer information from M1 to figure out whether the Enrollee is likely to be OS X and if so, force PSK format to be used for Network Key.
14 years ago
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->state = SEND_M2;
return WPS_CONTINUE;
}
static enum wps_process_res wps_process_m3(struct wps_data *wps,
const struct wpabuf *msg,
struct wps_parse_attr *attr)
{
wpa_printf(MSG_DEBUG, "WPS: Received M3");
if (wps->state != RECV_M3) {
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
"receiving M3", wps->state);
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS: Ignore PBC session overlap if a specific Enrollee is selected This allows the user to complete WPS provisioning using PBC by selected a specific Enrollee even if there are other Enrollees in active PBC mode at the same time. The other Enrollees will be rejected should they try to connect at the same time.
13 years ago
if (wps->pbc && wps->wps->registrar->force_pbc_overlap &&
!wps_registrar_skip_overlap(wps)) {
WPS: Abort ongoing PBC protocol run if session overlap is detected If PBC session overlap is detected during an ongoing PBC protocol run, reject the run (if M8, i.e., credentials, have not yet been sent). This provides a bit longer monitoring time at the Registrar for PBC mode to catch some cases where two Enrollees in PBC mode try to enroll credentials at about the same time.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
"session overlap");
wps->state = SEND_WSC_NACK;
wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
return WPS_CONTINUE;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
wps_process_authenticator(wps, attr->authenticator, msg) ||
wps_process_e_hash1(wps, attr->e_hash1) ||
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps_process_e_hash2(wps, attr->e_hash2)) {
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->state = SEND_M4;
return WPS_CONTINUE;
}
static enum wps_process_res wps_process_m5(struct wps_data *wps,
const struct wpabuf *msg,
struct wps_parse_attr *attr)
{
struct wpabuf *decrypted;
struct wps_parse_attr eattr;
wpa_printf(MSG_DEBUG, "WPS: Received M5");
if (wps->state != RECV_M5) {
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
"receiving M5", wps->state);
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS: Ignore PBC session overlap if a specific Enrollee is selected This allows the user to complete WPS provisioning using PBC by selected a specific Enrollee even if there are other Enrollees in active PBC mode at the same time. The other Enrollees will be rejected should they try to connect at the same time.
13 years ago
if (wps->pbc && wps->wps->registrar->force_pbc_overlap &&
!wps_registrar_skip_overlap(wps)) {
WPS: Abort ongoing PBC protocol run if session overlap is detected If PBC session overlap is detected during an ongoing PBC protocol run, reject the run (if M8, i.e., credentials, have not yet been sent). This provides a bit longer monitoring time at the Registrar for PBC mode to catch some cases where two Enrollees in PBC mode try to enroll credentials at about the same time.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
"session overlap");
wps->state = SEND_WSC_NACK;
wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
return WPS_CONTINUE;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps_process_authenticator(wps, attr->authenticator, msg)) {
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
attr->encr_settings_len);
if (decrypted == NULL) {
wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
"Settings attribute");
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS: Fix strict validation of encrypted data for WSC 2.0-only case Need to figure out whether the message is from a WSC 2.0 -based device based on the unencrypted attributes, not the contents of the encrypted data since the Version2 subelement is only included in the unencrypted area.
14 years ago
if (wps_validate_m5_encr(decrypted, attr->version2 != NULL) < 0) {
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(decrypted);
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
"attribute");
if (wps_parse_msg(decrypted, &eattr) < 0 ||
wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
wps_process_e_snonce1(wps, eattr.e_snonce1)) {
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(decrypted);
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(decrypted);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->state = SEND_M6;
return WPS_CONTINUE;
}
WPS: Change wpa_supplicant wps_reg to not send out M8 Since we do not currently support changing the AP settings received from M7, there is no point in actually sending out the M8 that would likely trigger the AP to reconfigure itself and potentially reboot. For now, we just receive the AP settings in M7 and add a local network configuration block based on those, but NACK the message. This makes wps_reg work like wps_pin, but by using the AP PIN instead of a client PIN.
15 years ago
static void wps_sta_cred_cb(struct wps_data *wps)
{
/*
* Update credential to only include a single authentication and
* encryption type in case the AP configuration includes more than one
* option.
*/
if (wps->cred.auth_type & WPS_AUTH_WPA2PSK)
wps->cred.auth_type = WPS_AUTH_WPA2PSK;
else if (wps->cred.auth_type & WPS_AUTH_WPAPSK)
wps->cred.auth_type = WPS_AUTH_WPAPSK;
if (wps->cred.encr_type & WPS_ENCR_AES)
wps->cred.encr_type = WPS_ENCR_AES;
else if (wps->cred.encr_type & WPS_ENCR_TKIP)
wps->cred.encr_type = WPS_ENCR_TKIP;
wpa_printf(MSG_DEBUG, "WPS: Update local configuration based on the "
"AP configuration");
if (wps->wps->cred_cb)
wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
}
WPS: Add support for AP reconfiguration with wps_reg wpa_supplicant can now reconfigure the AP by acting as an External Registrar with the wps_reg command. Previously, this was only used to fetch the current AP settings, but now the wps_reg command has optional arguments which can be used to provide the new AP configuration. When the new parameters are set, the WPS protocol run is allowed to continue through M8 to reconfigure the AP instead of stopping at M7.
15 years ago
static void wps_cred_update(struct wps_credential *dst,
struct wps_credential *src)
{
os_memcpy(dst->ssid, src->ssid, sizeof(dst->ssid));
dst->ssid_len = src->ssid_len;
dst->auth_type = src->auth_type;
dst->encr_type = src->encr_type;
dst->key_idx = src->key_idx;
os_memcpy(dst->key, src->key, sizeof(dst->key));
dst->key_len = src->key_len;
}
WPS: Process old AP Settings in M7 when registering as external Registrar The old (i.e., currently used) AP Settings are processed. For now, they are copied as-is into M8 as new AP Settings to avoid changing configuration. This should be changed to allow external programs (e.g., GUI) to fetch the old AP settings over ctrl_iface and then allow settings to be changed before sending M8 with the new settings.
16 years ago
static int wps_process_ap_settings_r(struct wps_data *wps,
struct wps_parse_attr *attr)
{
WPS: Send the credential when learning AP params in registrar role When the supplicant acts as a registrar to learn the access point parameters send the credentials to the wpa_cli interface after receiving the 7th message. This is needed for proper behavior with wps_cred_processing set to 1 or 2. Without this patch, after the 7th message you got the WPS-CRED-RECEIVED notification without the credentials. This was because the cred_attr and cred_attr_len were not filled in in the wps structure. Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
13 years ago
struct wpabuf *msg;
WPS ER: Do not try to process AP Settings in proxied M7 to ER In this case, the Enrollee is not an AP, so do not try to process AP Settings in M7.
15 years ago
if (wps->wps->ap || wps->er)
WPS: Process old AP Settings in M7 when registering as external Registrar The old (i.e., currently used) AP Settings are processed. For now, they are copied as-is into M8 as new AP Settings to avoid changing configuration. This should be changed to allow external programs (e.g., GUI) to fetch the old AP settings over ctrl_iface and then allow settings to be changed before sending M8 with the new settings.
16 years ago
return 0;
/* AP Settings Attributes in M7 when Enrollee is an AP */
WPS: Moved Credential building to use struct wps_credential This makes it easier to store old AP settings into wps->cred (and allow them to modified and taken into use in the future). Separation between Credential and AP Settings building is also cleaner in this design.
16 years ago
if (wps_process_ap_settings(attr, &wps->cred) < 0)
WPS: Process old AP Settings in M7 when registering as external Registrar The old (i.e., currently used) AP Settings are processed. For now, they are copied as-is into M8 as new AP Settings to avoid changing configuration. This should be changed to allow external programs (e.g., GUI) to fetch the old AP settings over ctrl_iface and then allow settings to be changed before sending M8 with the new settings.
16 years ago
return -1;
wpa_printf(MSG_INFO, "WPS: Received old AP configuration from AP");
WPS: Add support for AP reconfiguration with wps_reg wpa_supplicant can now reconfigure the AP by acting as an External Registrar with the wps_reg command. Previously, this was only used to fetch the current AP settings, but now the wps_reg command has optional arguments which can be used to provide the new AP configuration. When the new parameters are set, the WPS protocol run is allowed to continue through M8 to reconfigure the AP instead of stopping at M7.
15 years ago
if (wps->new_ap_settings) {
wpa_printf(MSG_INFO, "WPS: Update AP configuration based on "
"new settings");
wps_cred_update(&wps->cred, wps->new_ap_settings);
return 0;
} else {
/*
* Use the AP PIN only to receive the current AP settings, not
* to reconfigure the AP.
*/
WPS ER: Make sure PIN timeout does not interrupt PBC operation We need to clear the selected registrar timeout from wps_er_learn when stopping the protocol run at M7 (previously, this was done only when WSC_Done was being processed). In addition, we need to cancel the timeout when a new PBC operation is started.
14 years ago
/*
* Clear selected registrar here since we do not get to
* WSC_Done in this protocol run.
*/
wps_registrar_pin_completed(wps->wps->registrar);
WPS: Send the credential when learning AP params in registrar role When the supplicant acts as a registrar to learn the access point parameters send the credentials to the wpa_cli interface after receiving the 7th message. This is needed for proper behavior with wps_cred_processing set to 1 or 2. Without this patch, after the 7th message you got the WPS-CRED-RECEIVED notification without the credentials. This was because the cred_attr and cred_attr_len were not filled in in the wps structure. Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
13 years ago
msg = wps_build_ap_cred(wps);
if (msg == NULL)
return -1;
wps->cred.cred_attr = wpabuf_head(msg);
wps->cred.cred_attr_len = wpabuf_len(msg);
WPS ER: Add command for fetching current AP settings
15 years ago
if (wps->ap_settings_cb) {
wps->ap_settings_cb(wps->ap_settings_cb_ctx,
&wps->cred);
WPS: Send the credential when learning AP params in registrar role When the supplicant acts as a registrar to learn the access point parameters send the credentials to the wpa_cli interface after receiving the 7th message. This is needed for proper behavior with wps_cred_processing set to 1 or 2. Without this patch, after the 7th message you got the WPS-CRED-RECEIVED notification without the credentials. This was because the cred_attr and cred_attr_len were not filled in in the wps structure. Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
13 years ago
wpabuf_free(msg);
WPS ER: Add command for fetching current AP settings
15 years ago
return 1;
}
WPS: Add support for AP reconfiguration with wps_reg wpa_supplicant can now reconfigure the AP by acting as an External Registrar with the wps_reg command. Previously, this was only used to fetch the current AP settings, but now the wps_reg command has optional arguments which can be used to provide the new AP configuration. When the new parameters are set, the WPS protocol run is allowed to continue through M8 to reconfigure the AP instead of stopping at M7.
15 years ago
wps_sta_cred_cb(wps);
WPS: Send the credential when learning AP params in registrar role When the supplicant acts as a registrar to learn the access point parameters send the credentials to the wpa_cli interface after receiving the 7th message. This is needed for proper behavior with wps_cred_processing set to 1 or 2. Without this patch, after the 7th message you got the WPS-CRED-RECEIVED notification without the credentials. This was because the cred_attr and cred_attr_len were not filled in in the wps structure. Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
13 years ago
wps->cred.cred_attr = NULL;
wps->cred.cred_attr_len = 0;
wpabuf_free(msg);
WPS: Add support for AP reconfiguration with wps_reg wpa_supplicant can now reconfigure the AP by acting as an External Registrar with the wps_reg command. Previously, this was only used to fetch the current AP settings, but now the wps_reg command has optional arguments which can be used to provide the new AP configuration. When the new parameters are set, the WPS protocol run is allowed to continue through M8 to reconfigure the AP instead of stopping at M7.
15 years ago
return 1;
}
WPS: Process old AP Settings in M7 when registering as external Registrar The old (i.e., currently used) AP Settings are processed. For now, they are copied as-is into M8 as new AP Settings to avoid changing configuration. This should be changed to allow external programs (e.g., GUI) to fetch the old AP settings over ctrl_iface and then allow settings to be changed before sending M8 with the new settings.
16 years ago
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
static enum wps_process_res wps_process_m7(struct wps_data *wps,
const struct wpabuf *msg,
struct wps_parse_attr *attr)
{
struct wpabuf *decrypted;
struct wps_parse_attr eattr;
wpa_printf(MSG_DEBUG, "WPS: Received M7");
if (wps->state != RECV_M7) {
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
"receiving M7", wps->state);
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS: Ignore PBC session overlap if a specific Enrollee is selected This allows the user to complete WPS provisioning using PBC by selected a specific Enrollee even if there are other Enrollees in active PBC mode at the same time. The other Enrollees will be rejected should they try to connect at the same time.
13 years ago
if (wps->pbc && wps->wps->registrar->force_pbc_overlap &&
!wps_registrar_skip_overlap(wps)) {
WPS: Abort ongoing PBC protocol run if session overlap is detected If PBC session overlap is detected during an ongoing PBC protocol run, reject the run (if M8, i.e., credentials, have not yet been sent). This provides a bit longer monitoring time at the Registrar for PBC mode to catch some cases where two Enrollees in PBC mode try to enroll credentials at about the same time.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Reject negotiation due to PBC "
"session overlap");
wps->state = SEND_WSC_NACK;
wps->config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
return WPS_CONTINUE;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps_process_authenticator(wps, attr->authenticator, msg)) {
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
attr->encr_settings_len);
if (decrypted == NULL) {
WPS ER: Do not try to process AP Settings in proxied M7 to ER In this case, the Enrollee is not an AP, so do not try to process AP Settings in M7.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Failed to decrypt Encrypted "
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
"Settings attribute");
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS: Fix strict validation of encrypted data for WSC 2.0-only case Need to figure out whether the message is from a WSC 2.0 -based device based on the unencrypted attributes, not the contents of the encrypted data since the Version2 subelement is only included in the unencrypted area.
14 years ago
if (wps_validate_m7_encr(decrypted, wps->wps->ap || wps->er,
attr->version2 != NULL) < 0) {
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(decrypted);
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
"attribute");
if (wps_parse_msg(decrypted, &eattr) < 0 ||
wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
WPS: Process old AP Settings in M7 when registering as external Registrar The old (i.e., currently used) AP Settings are processed. For now, they are copied as-is into M8 as new AP Settings to avoid changing configuration. This should be changed to allow external programs (e.g., GUI) to fetch the old AP settings over ctrl_iface and then allow settings to be changed before sending M8 with the new settings.
16 years ago
wps_process_e_snonce2(wps, eattr.e_snonce2) ||
wps_process_ap_settings_r(wps, &eattr)) {
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(decrypted);
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS: Process old AP Settings in M7 when registering as external Registrar The old (i.e., currently used) AP Settings are processed. For now, they are copied as-is into M8 as new AP Settings to avoid changing configuration. This should be changed to allow external programs (e.g., GUI) to fetch the old AP settings over ctrl_iface and then allow settings to be changed before sending M8 with the new settings.
16 years ago
WPS: Explicitly clear wpabuf memory with key information This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
wpabuf_clear_free(decrypted);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wps->state = SEND_M8;
return WPS_CONTINUE;
}
static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
const struct wpabuf *msg)
{
struct wps_parse_attr attr;
enum wps_process_res ret = WPS_CONTINUE;
wpa_printf(MSG_DEBUG, "WPS: Received WSC_MSG");
if (wps_parse_msg(msg, &attr) < 0)
return WPS_FAILURE;
if (attr.msg_type == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
WPS: Send WSC_NACK if message without Message Type is received
14 years ago
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
if (*attr.msg_type != WPS_M1 &&
(attr.registrar_nonce == NULL ||
os_memcmp(wps->nonce_r, attr.registrar_nonce,
WPS: Fix nonce comparisons Multiple memcmps of nonces were actually comparing only the first byte instead of all 16 bytes. [Bug 462] Signed-hostap: Eyal Shapira <eyal@wizery.com> intended-for: hostap-1
12 years ago
WPS_NONCE_LEN) != 0)) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
return WPS_FAILURE;
}
switch (*attr.msg_type) {
case WPS_M1:
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
if (wps_validate_m1(msg) < 0)
return WPS_FAILURE;
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
#ifdef CONFIG_WPS_UPNP
if (wps->wps->wps_upnp && attr.mac_addr) {
/* Remove old pending messages when starting new run */
WPS UPnP: Added support for multiple external Registrars Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3.
16 years ago
wps_free_pending_msgs(wps->wps->upnp_msgs);
wps->wps->upnp_msgs = NULL;
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
upnp_wps_device_send_wlan_event(
wps->wps->wps_upnp, attr.mac_addr,
UPNP_WPS_WLANEVENT_TYPE_EAP, msg);
}
#endif /* CONFIG_WPS_UPNP */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
ret = wps_process_m1(wps, &attr);
break;
case WPS_M3:
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
if (wps_validate_m3(msg) < 0)
return WPS_FAILURE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
ret = wps_process_m3(wps, msg, &attr);
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
WPS: Add mechanism for indicating non-standard WPS errors Previously, only the Configuration Error values were indicated in WPS-FAIL events. Since those values are defined in the specification it is not feasible to extend them for indicating other errors. Add a new error indication value that is internal to wpa_supplicant and hostapd to allow other errors to be indicated. Use the new mechanism to indicate if negotiation fails because of WEP or TKIP-only configurations being disallows by WPS 2.0.
14 years ago
wps_fail_event(wps->wps, WPS_M3, wps->config_error,
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps->error_indication, wps->mac_addr_e);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
break;
case WPS_M5:
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
if (wps_validate_m5(msg) < 0)
return WPS_FAILURE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
ret = wps_process_m5(wps, msg, &attr);
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
WPS: Add mechanism for indicating non-standard WPS errors Previously, only the Configuration Error values were indicated in WPS-FAIL events. Since those values are defined in the specification it is not feasible to extend them for indicating other errors. Add a new error indication value that is internal to wpa_supplicant and hostapd to allow other errors to be indicated. Use the new mechanism to indicate if negotiation fails because of WEP or TKIP-only configurations being disallows by WPS 2.0.
14 years ago
wps_fail_event(wps->wps, WPS_M5, wps->config_error,
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps->error_indication, wps->mac_addr_e);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
break;
case WPS_M7:
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
if (wps_validate_m7(msg) < 0)
return WPS_FAILURE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
ret = wps_process_m7(wps, msg, &attr);
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
WPS: Add mechanism for indicating non-standard WPS errors Previously, only the Configuration Error values were indicated in WPS-FAIL events. Since those values are defined in the specification it is not feasible to extend them for indicating other errors. Add a new error indication value that is internal to wpa_supplicant and hostapd to allow other errors to be indicated. Use the new mechanism to indicate if negotiation fails because of WEP or TKIP-only configurations being disallows by WPS 2.0.
14 years ago
wps_fail_event(wps->wps, WPS_M7, wps->config_error,
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps->error_indication, wps->mac_addr_e);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
break;
default:
wpa_printf(MSG_DEBUG, "WPS: Unsupported Message Type %d",
*attr.msg_type);
return WPS_FAILURE;
}
if (ret == WPS_CONTINUE) {
/* Save a copy of the last message for Authenticator derivation
*/
wpabuf_free(wps->last_msg);
wps->last_msg = wpabuf_dup(msg);
}
return ret;
}
static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps,
const struct wpabuf *msg)
{
struct wps_parse_attr attr;
wpa_printf(MSG_DEBUG, "WPS: Received WSC_ACK");
if (wps_parse_msg(msg, &attr) < 0)
return WPS_FAILURE;
if (attr.msg_type == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
return WPS_FAILURE;
}
if (*attr.msg_type != WPS_WSC_ACK) {
wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
*attr.msg_type);
return WPS_FAILURE;
}
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
#ifdef CONFIG_WPS_UPNP
if (wps->wps->wps_upnp && wps->ext_reg && wps->state == RECV_M2D_ACK &&
upnp_wps_subscribers(wps->wps->wps_upnp)) {
WPS UPnP: Added support for multiple external Registrars Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3.
16 years ago
if (wps->wps->upnp_msgs)
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
return WPS_CONTINUE;
wpa_printf(MSG_DEBUG, "WPS: Wait for response from an "
"external Registrar");
return WPS_PENDING;
}
#endif /* CONFIG_WPS_UPNP */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (attr.registrar_nonce == NULL ||
WPS: Fix nonce comparisons Multiple memcmps of nonces were actually comparing only the first byte instead of all 16 bytes. [Bug 462] Signed-hostap: Eyal Shapira <eyal@wizery.com> intended-for: hostap-1
12 years ago
os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
return WPS_FAILURE;
}
if (attr.enrollee_nonce == NULL ||
WPS: Fix nonce comparisons Multiple memcmps of nonces were actually comparing only the first byte instead of all 16 bytes. [Bug 462] Signed-hostap: Eyal Shapira <eyal@wizery.com> intended-for: hostap-1
12 years ago
os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
return WPS_FAILURE;
}
if (wps->state == RECV_M2D_ACK) {
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
#ifdef CONFIG_WPS_UPNP
if (wps->wps->wps_upnp &&
upnp_wps_subscribers(wps->wps->wps_upnp)) {
WPS UPnP: Added support for multiple external Registrars Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3.
16 years ago
if (wps->wps->upnp_msgs)
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
return WPS_CONTINUE;
WPS UPnP: Added support for multiple external Registrars Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3.
16 years ago
if (wps->ext_reg == 0)
wps->ext_reg = 1;
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Wait for response from an "
"external Registrar");
return WPS_PENDING;
}
#endif /* CONFIG_WPS_UPNP */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: No more registrars available - "
"terminate negotiation");
}
return WPS_FAILURE;
}
static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
const struct wpabuf *msg)
{
struct wps_parse_attr attr;
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
int old_state;
WPS: Add Config Error into WPS-FAIL events This makes it easier to figure out what could have failed in the WPS protocol and potentially provide more information for the user on how to resolve the issue.
14 years ago
u16 config_error;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Received WSC_NACK");
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
old_state = wps->state;
WPS: Improved error processing to use NACK correctly Instead of sending out EAP-Failure on errors (on AP) or stopping (on Supplicant), send a NACK message based on the allowed EAP state machine transitions for EAP-WSC.
16 years ago
wps->state = SEND_WSC_NACK;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps_parse_msg(msg, &attr) < 0)
return WPS_FAILURE;
if (attr.msg_type == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
return WPS_FAILURE;
}
if (*attr.msg_type != WPS_WSC_NACK) {
wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
*attr.msg_type);
return WPS_FAILURE;
}
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
#ifdef CONFIG_WPS_UPNP
if (wps->wps->wps_upnp && wps->ext_reg) {
wpa_printf(MSG_DEBUG, "WPS: Negotiation using external "
"Registrar terminated by the Enrollee");
return WPS_FAILURE;
}
#endif /* CONFIG_WPS_UPNP */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (attr.registrar_nonce == NULL ||
WPS: Fix nonce comparisons Multiple memcmps of nonces were actually comparing only the first byte instead of all 16 bytes. [Bug 462] Signed-hostap: Eyal Shapira <eyal@wizery.com> intended-for: hostap-1
12 years ago
os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
return WPS_FAILURE;
}
if (attr.enrollee_nonce == NULL ||
WPS: Fix nonce comparisons Multiple memcmps of nonces were actually comparing only the first byte instead of all 16 bytes. [Bug 462] Signed-hostap: Eyal Shapira <eyal@wizery.com> intended-for: hostap-1
12 years ago
os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
return WPS_FAILURE;
}
if (attr.config_error == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Configuration Error attribute "
"in WSC_NACK");
return WPS_FAILURE;
}
WPS: Add Config Error into WPS-FAIL events This makes it easier to figure out what could have failed in the WPS protocol and potentially provide more information for the user on how to resolve the issue.
14 years ago
config_error = WPA_GET_BE16(attr.config_error);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Enrollee terminated negotiation with "
WPS: Add Config Error into WPS-FAIL events This makes it easier to figure out what could have failed in the WPS protocol and potentially provide more information for the user on how to resolve the issue.
14 years ago
"Configuration Error %d", config_error);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
switch (old_state) {
case RECV_M3:
WPS: Add mechanism for indicating non-standard WPS errors Previously, only the Configuration Error values were indicated in WPS-FAIL events. Since those values are defined in the specification it is not feasible to extend them for indicating other errors. Add a new error indication value that is internal to wpa_supplicant and hostapd to allow other errors to be indicated. Use the new mechanism to indicate if negotiation fails because of WEP or TKIP-only configurations being disallows by WPS 2.0.
14 years ago
wps_fail_event(wps->wps, WPS_M2, config_error,
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps->error_indication, wps->mac_addr_e);
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
break;
case RECV_M5:
WPS: Add mechanism for indicating non-standard WPS errors Previously, only the Configuration Error values were indicated in WPS-FAIL events. Since those values are defined in the specification it is not feasible to extend them for indicating other errors. Add a new error indication value that is internal to wpa_supplicant and hostapd to allow other errors to be indicated. Use the new mechanism to indicate if negotiation fails because of WEP or TKIP-only configurations being disallows by WPS 2.0.
14 years ago
wps_fail_event(wps->wps, WPS_M4, config_error,
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps->error_indication, wps->mac_addr_e);
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
break;
case RECV_M7:
WPS: Add mechanism for indicating non-standard WPS errors Previously, only the Configuration Error values were indicated in WPS-FAIL events. Since those values are defined in the specification it is not feasible to extend them for indicating other errors. Add a new error indication value that is internal to wpa_supplicant and hostapd to allow other errors to be indicated. Use the new mechanism to indicate if negotiation fails because of WEP or TKIP-only configurations being disallows by WPS 2.0.
14 years ago
wps_fail_event(wps->wps, WPS_M6, config_error,
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps->error_indication, wps->mac_addr_e);
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
break;
case RECV_DONE:
WPS: Add mechanism for indicating non-standard WPS errors Previously, only the Configuration Error values were indicated in WPS-FAIL events. Since those values are defined in the specification it is not feasible to extend them for indicating other errors. Add a new error indication value that is internal to wpa_supplicant and hostapd to allow other errors to be indicated. Use the new mechanism to indicate if negotiation fails because of WEP or TKIP-only configurations being disallows by WPS 2.0.
14 years ago
wps_fail_event(wps->wps, WPS_M8, config_error,
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps->error_indication, wps->mac_addr_e);
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
break;
default:
break;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return WPS_FAILURE;
}
static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
const struct wpabuf *msg)
{
struct wps_parse_attr attr;
wpa_printf(MSG_DEBUG, "WPS: Received WSC_Done");
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
if (wps->state != RECV_DONE &&
(!wps->wps->wps_upnp || !wps->ext_reg)) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
"receiving WSC_Done", wps->state);
return WPS_FAILURE;
}
if (wps_parse_msg(msg, &attr) < 0)
return WPS_FAILURE;
if (attr.msg_type == NULL) {
wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
return WPS_FAILURE;
}
if (*attr.msg_type != WPS_WSC_DONE) {
wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
*attr.msg_type);
return WPS_FAILURE;
}
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
#ifdef CONFIG_WPS_UPNP
if (wps->wps->wps_upnp && wps->ext_reg) {
wpa_printf(MSG_DEBUG, "WPS: Negotiation using external "
"Registrar completed successfully");
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
wps_device_store(wps->wps->registrar, &wps->peer_dev,
wps->uuid_e);
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
return WPS_DONE;
}
#endif /* CONFIG_WPS_UPNP */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (attr.registrar_nonce == NULL ||
WPS: Fix nonce comparisons Multiple memcmps of nonces were actually comparing only the first byte instead of all 16 bytes. [Bug 462] Signed-hostap: Eyal Shapira <eyal@wizery.com> intended-for: hostap-1
12 years ago
os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
{
wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
return WPS_FAILURE;
}
if (attr.enrollee_nonce == NULL ||
WPS: Fix nonce comparisons Multiple memcmps of nonces were actually comparing only the first byte instead of all 16 bytes. [Bug 462] Signed-hostap: Eyal Shapira <eyal@wizery.com> intended-for: hostap-1
12 years ago
os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
return WPS_FAILURE;
}
wpa_printf(MSG_DEBUG, "WPS: Negotiation completed successfully");
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
wps_device_store(wps->wps->registrar, &wps->peer_dev,
wps->uuid_e);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps->wps->wps_state == WPS_STATE_NOT_CONFIGURED && wps->new_psk &&
WPS: Added option to disable AP auto-config on first registration This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state.
16 years ago
wps->wps->ap && !wps->wps->registrar->disable_auto_conf) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
struct wps_credential cred;
wpa_printf(MSG_DEBUG, "WPS: Moving to Configured state based "
"on first Enrollee connection");
os_memset(&cred, 0, sizeof(cred));
os_memcpy(cred.ssid, wps->wps->ssid, wps->wps->ssid_len);
cred.ssid_len = wps->wps->ssid_len;
WPS: Add support for 60 GHz band Handling of WPS RF band for 60 GHz was missing. Add it in all relevant places and also map "AES" as the cipher to GCMP instead of CCMP when operating on the 60 GHz band. Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
9 years ago
if (wps->wps->rf_band_cb(wps->wps->cb_ctx) == WPS_RF_60GHZ) {
cred.auth_type = WPS_AUTH_WPA2PSK;
cred.encr_type = WPS_ENCR_AES;
} else {
cred.auth_type = WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK;
cred.encr_type = WPS_ENCR_TKIP | WPS_ENCR_AES;
}
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
os_memcpy(cred.key, wps->new_psk, wps->new_psk_len);
cred.key_len = wps->new_psk_len;
wps->wps->wps_state = WPS_STATE_CONFIGURED;
wpa_hexdump_ascii_key(MSG_DEBUG,
"WPS: Generated random passphrase",
wps->new_psk, wps->new_psk_len);
if (wps->wps->cred_cb)
wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
os_free(wps->new_psk);
wps->new_psk = NULL;
}
WPS ER: Use learnt AP settings to build credentials for an Enrollee
15 years ago
if (!wps->wps->ap && !wps->er)
WPS: Change wpa_supplicant wps_reg to not send out M8 Since we do not currently support changing the AP settings received from M7, there is no point in actually sending out the M8 that would likely trigger the AP to reconfigure itself and potentially reboot. For now, we just receive the AP settings in M7 and add a local network configuration block based on those, but NACK the message. This makes wps_reg work like wps_pin, but by using the AP PIN instead of a client PIN.
15 years ago
wps_sta_cred_cb(wps);
WPS: Update supplicant configuration when acting as an external Registrar This allows the network to be used after the Registrar configuration step. The local WPS network is replaced with a new network block similarly to the case of acting as an Enrollee.
16 years ago
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps->new_psk) {
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
if (wps_cb_new_psk(wps->wps->registrar, wps->mac_addr_e,
P2P: Store P2P Device Address in per-device PSK records This makes the P2P Device Address of the Enrollee available with the PSK records to allow P2P Device Address instead of P2P Interface Address to be used for finding the correct PSK. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wps->p2p_dev_addr, wps->new_psk,
wps->new_psk_len)) {
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Failed to configure the "
"new PSK");
}
os_free(wps->new_psk);
wps->new_psk = NULL;
}
WPS: Invalidate wildcard PIN on other radios after successful use If a wildcard PIN is used on any of the radios that hostapd is controlling, invalidate the matching PIN on all the other radios to avoid multiple uses of the same PIN. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
wps_cb_reg_success(wps->wps->registrar, wps->mac_addr_e, wps->uuid_e,
wps->dev_password, wps->dev_password_len);
WPS: Added option to disable AP auto-config on first registration This operation can now be moved into an external program by configuring hostapd with wps_cred_processing=1 and skip_cred_build=1. A new ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will be used to notify external programs of each successful registration and that can be used as a tricker to move from unconfigured to configured state.
16 years ago
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
if (wps->pbc) {
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
wps_registrar_remove_pbc_session(wps->wps->registrar,
Skip WPS PBC overlap detection if P2P address is the same WPS overlap detection can detect false overlap if a P2P peer changes UUID while authentication is ongoing. Changing UUID is of course wrong but this is what some popular devices do so we need to work around it in order to keep compatibility with these devices. There already is a mechanism in WPS registrar to skip overlap detection if P2P addresses of two sessions match but it wasn't really triggered because the address wasn't filled in in the caller function. Let's fill in this address and also clean up WPS PBC sessions on WSC process completion if UUID was changed. Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
13 years ago
wps->uuid_e,
wps->p2p_dev_addr);
Removed registrar pointer from wps_config and wps_data wps_context::registrar can be used as the only location for this pointer.
16 years ago
wps_registrar_pbc_completed(wps->wps->registrar);
wps_registrar: Use monotonic time for PBC workaround The PBC ignore-start workaround just needs to check whether the time is within 5 seconds, so should use monotonic time. While at it, add a few more ifdefs to clearly separate the code and variables needed. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
#ifdef WPS_WORKAROUNDS
os_get_reltime(&wps->wps->registrar->pbc_ignore_start);
#endif /* WPS_WORKAROUNDS */
WPS: Add a workaround for PBC session overlap detection Some deployed station implementations implement WPS incorrectly and end up causing PBC session overlap issues by indicating active PBC mode in a scan after the WPS provisioning step. Work around this by ignoring active PBC indication in a Probe Request from a station that completed PBC provisioning during the last five seconds. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
os_memcpy(wps->wps->registrar->pbc_ignore_uuid, wps->uuid_e,
WPS_UUID_LEN);
WPS: SelectedRegistrar expiration for internal PIN registrar Though we have such a timeout when handling SetSelectedRegistrar UPnP message from an external registrar, it looks like we don't have one when the internal registrar is activated for PIN connection. Thus we set the SelectedRegistrar flag when AP is activated for PIN connection but we never reset it - not by some timeout, nor when registration succeeds. This lead to situations where AP everlastingly declare that it is activated for WPS PIN connection when in reality it is not. Use the same timeout (and also success with PIN) to clear the selected registrar flag when using internal registrar, too.
15 years ago
} else {
wps_registrar_pin_completed(wps->wps->registrar);
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
}
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
/* TODO: maintain AuthorizedMACs somewhere separately for each ER and
* merge them into APs own list.. */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_success_event(wps->wps, wps->mac_addr_e);
WPS: Added event callback for successfully completed registration
16 years ago
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return WPS_DONE;
}
enum wps_process_res wps_registrar_process_msg(struct wps_data *wps,
Added Doxygen documentation for WPS code
16 years ago
enum wsc_op_code op_code,
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
const struct wpabuf *msg)
{
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
enum wps_process_res ret;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
wpa_printf(MSG_DEBUG, "WPS: Processing received message (len=%lu "
"op_code=%d)",
(unsigned long) wpabuf_len(msg), op_code);
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
#ifdef CONFIG_WPS_UPNP
WPS UPnP: Added support for multiple external Registrars Allow more than one pending PutWLANMessage data to be stored (M2/M2D from multiple external Registrars) and drop pending M2/M2D messages when the Enrollee replies with M3.
16 years ago
if (wps->wps->wps_upnp && op_code == WSC_MSG && wps->ext_reg == 1) {
struct wps_parse_attr attr;
if (wps_parse_msg(msg, &attr) == 0 && attr.msg_type &&
*attr.msg_type == WPS_M3)
wps->ext_reg = 2; /* past M2/M2D phase */
}
if (wps->ext_reg > 1)
wps_registrar_free_pending_m2(wps->wps);
if (wps->wps->wps_upnp && wps->ext_reg &&
wps->wps->upnp_msgs == NULL &&
WPS: Fix AP to proxy WSC_NACK to ER
15 years ago
(op_code == WSC_MSG || op_code == WSC_Done || op_code == WSC_NACK))
{
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
struct wps_parse_attr attr;
int type;
if (wps_parse_msg(msg, &attr) < 0 || attr.msg_type == NULL)
type = -1;
else
type = *attr.msg_type;
wpa_printf(MSG_DEBUG, "WPS: Sending received message (type %d)"
" to external Registrar for processing", type);
upnp_wps_device_send_wlan_event(wps->wps->wps_upnp,
wps->mac_addr_e,
UPNP_WPS_WLANEVENT_TYPE_EAP,
msg);
if (op_code == WSC_MSG)
return WPS_PENDING;
} else if (wps->wps->wps_upnp && wps->ext_reg && op_code == WSC_MSG) {
wpa_printf(MSG_DEBUG, "WPS: Skip internal processing - using "
"external Registrar");
return WPS_CONTINUE;
}
#endif /* CONFIG_WPS_UPNP */
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
switch (op_code) {
case WSC_MSG:
return wps_process_wsc_msg(wps, msg);
case WSC_ACK:
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
if (wps_validate_wsc_ack(msg) < 0)
return WPS_FAILURE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return wps_process_wsc_ack(wps, msg);
case WSC_NACK:
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
if (wps_validate_wsc_nack(msg) < 0)
return WPS_FAILURE;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
return wps_process_wsc_nack(wps, msg);
case WSC_Done:
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
if (wps_validate_wsc_done(msg) < 0)
return WPS_FAILURE;
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
ret = wps_process_wsc_done(wps, msg);
if (ret == WPS_FAILURE) {
wps->state = SEND_WSC_NACK;
WPS: Add Config Error into WPS-FAIL events This makes it easier to figure out what could have failed in the WPS protocol and potentially provide more information for the user on how to resolve the issue.
14 years ago
wps_fail_event(wps->wps, WPS_WSC_DONE,
WPS: Add mechanism for indicating non-standard WPS errors Previously, only the Configuration Error values were indicated in WPS-FAIL events. Since those values are defined in the specification it is not feasible to extend them for indicating other errors. Add a new error indication value that is internal to wpa_supplicant and hostapd to allow other errors to be indicated. Use the new mechanism to indicate if negotiation fails because of WEP or TKIP-only configurations being disallows by WPS 2.0.
14 years ago
wps->config_error,
WPS: Track peer MAC address from the last operations Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps->error_indication, wps->mac_addr_e);
WPS: Added callback for failure-after-M2/M2D This callback is now used to stop wpa_supplicant from trying to continue using parameters (most likely, device password) that do not work in a loop. In addition, wpa_gui can now notify user of failed registration.
16 years ago
}
return ret;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
default:
wpa_printf(MSG_DEBUG, "WPS: Unsupported op_code %d", op_code);
return WPS_FAILURE;
}
}
WPS: Lock AP Setup on multiple AP PIN validation failures If a Registrar tries to configure the AP, but fails to validate the device password (AP PIN), lock the AP setup after four failures. This protects the AP PIN against brute force guessing attacks.
16 years ago
int wps_registrar_update_ie(struct wps_registrar *reg)
{
return wps_set_ie(reg);
}
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
static void wps_registrar_set_selected_timeout(void *eloop_ctx,
void *timeout_ctx)
{
struct wps_registrar *reg = eloop_ctx;
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Selected Registrar timeout - "
"unselect internal Registrar");
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
reg->selected_registrar = 0;
reg->pbc = 0;
WPS: Remove expired PINs on Selected Registrar timeout This clears the AuthorizedMACs advertisement immediately when the Selected Registrar timeout is hit and no more active PINs are present. Previously, the AuthorizedMACs advertisement could remain in place indefinitely since expired PINs were removed only when actually trying to find a PIN for a new WPS exchange. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
wps_registrar_expire_pins(reg);
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_registrar_selected_registrar_changed(reg, 0);
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
}
#ifdef CONFIG_WPS_UPNP
static void wps_registrar_sel_reg_add(struct wps_registrar *reg,
struct subscription *s)
{
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
int i, j;
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: External Registrar selected (dev_pw_id=%d "
"config_methods=0x%x)",
s->dev_password_id, s->config_methods);
reg->sel_reg_union = 1;
if (reg->sel_reg_dev_password_id_override != DEV_PW_PUSHBUTTON)
reg->sel_reg_dev_password_id_override = s->dev_password_id;
if (reg->sel_reg_config_methods_override == -1)
reg->sel_reg_config_methods_override = 0;
reg->sel_reg_config_methods_override |= s->config_methods;
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
for (i = 0; i < WPS_MAX_AUTHORIZED_MACS; i++)
if (is_zero_ether_addr(reg->authorized_macs_union[i]))
break;
for (j = 0; i < WPS_MAX_AUTHORIZED_MACS && j < WPS_MAX_AUTHORIZED_MACS;
j++) {
if (is_zero_ether_addr(s->authorized_macs[j]))
break;
WPS: Add more debug prints for authorized MACs operations
14 years ago
wpa_printf(MSG_DEBUG, "WPS: Add authorized MAC into union: "
MACSTR, MAC2STR(s->authorized_macs[j]));
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
os_memcpy(reg->authorized_macs_union[i],
s->authorized_macs[j], ETH_ALEN);
i++;
}
WPS: Add more debug prints for authorized MACs operations
14 years ago
wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs union",
(u8 *) reg->authorized_macs_union,
sizeof(reg->authorized_macs_union));
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
}
#endif /* CONFIG_WPS_UPNP */
static void wps_registrar_sel_reg_union(struct wps_registrar *reg)
{
#ifdef CONFIG_WPS_UPNP
struct subscription *s;
if (reg->wps->wps_upnp == NULL)
return;
WPS: Convert struct subscription to use struct dl_list
15 years ago
dl_list_for_each(s, &reg->wps->wps_upnp->subscriptions,
struct subscription, list) {
WPS: Convert struct subscr_addr to use dl_list
15 years ago
struct subscr_addr *sa;
sa = dl_list_first(&s->addr_list, struct subscr_addr, list);
if (sa) {
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: External Registrar %s:%d",
WPS: Convert struct subscr_addr to use dl_list
15 years ago
inet_ntoa(sa->saddr.sin_addr),
ntohs(sa->saddr.sin_port));
}
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
if (s->selected_registrar)
wps_registrar_sel_reg_add(reg, s);
else
wpa_printf(MSG_DEBUG, "WPS: External Registrar not "
"selected");
}
#endif /* CONFIG_WPS_UPNP */
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
}
/**
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
* wps_registrar_selected_registrar_changed - SetSelectedRegistrar change
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
* @reg: Registrar data from wps_registrar_init()
*
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
* This function is called when selected registrar state changes, e.g., when an
* AP receives a SetSelectedRegistrar UPnP message.
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
*/
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
void wps_registrar_selected_registrar_changed(struct wps_registrar *reg,
u16 dev_pw_id)
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
{
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Selected registrar information changed");
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
reg->sel_reg_union = reg->selected_registrar;
reg->sel_reg_dev_password_id_override = -1;
reg->sel_reg_config_methods_override = -1;
WPS 2.0: Add support for AuthorizedMACs attribute Advertize list of authorized enrollee MAC addresses in Beacon and Probe Response frames and use these when selecting the AP. In order to provide the list, the enrollee MAC address should be specified whenever adding a new PIN. In addition, add UUID-R into SetSelectedRegistrar action to make it potentially easier for an AP to figure out which ER sent the action should there be multiple ERs using the same IP address.
15 years ago
os_memcpy(reg->authorized_macs_union, reg->authorized_macs,
WPS_MAX_AUTHORIZED_MACS * ETH_ALEN);
WPS: Add more debug prints for authorized MACs operations
14 years ago
wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs union (start with own)",
(u8 *) reg->authorized_macs_union,
sizeof(reg->authorized_macs_union));
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
if (reg->selected_registrar) {
WPS 2.0: Make sure PHY/VIRT flag gets set for PBC
14 years ago
u16 methods;
methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON;
methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
WPS_CONFIG_PHY_PUSHBUTTON);
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
if (reg->pbc) {
reg->sel_reg_dev_password_id_override =
DEV_PW_PUSHBUTTON;
WPS 2.0: Make sure PHY/VIRT flag gets set for PBC
14 years ago
wps_set_pushbutton(&methods, reg->wps->config_methods);
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
} else if (dev_pw_id)
reg->sel_reg_dev_password_id_override = dev_pw_id;
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
wpa_printf(MSG_DEBUG, "WPS: Internal Registrar selected "
"(pbc=%d)", reg->pbc);
WPS 2.0: Make sure PHY/VIRT flag gets set for PBC
14 years ago
reg->sel_reg_config_methods_override = methods;
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
} else
wpa_printf(MSG_DEBUG, "WPS: Internal Registrar not selected");
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
wps_registrar_sel_reg_union(reg);
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
wps_set_ie(reg);
WPS: Handle Selected Registrar as a union of info from all Registrars Instead of using the latest selected registrar change, collect selected registrar information separately from all registrars and use the union of this information when building the WPS IE for Beacon and Probe Response frames. Note: SetSelectedRegistrar UPnP action does not include a unique identifier, so the ER matching routine is based only on the IP address of the ER. In theory, there could be multiple ERs using the same IP address (but different port or URL), so there may be some corner cases that would not always match the correct ER entry at the AP. Anyway, this is not really expected to occur in normal use cases and even if it did happen, the selected registrar information is not any worse than it was before when only the last change from any registrar for being advertized.
15 years ago
wps_cb_set_sel_reg(reg);
WPS: Add support for external Registrars using UPnP transport This adds mostly feature complete external Registrar support with the main missing part being proper support for multiple external Registrars working at the same time and processing of concurrent registrations when using an external Registrar. This code is based on Sony/Saice implementation (https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill (Atheros) to make it more suitable for hostapd design and embedded systems. Some of the UPnP code is based on Intel's libupnp. Copyrights and licensing are explained in src/wps/wps_upnp.c in more detail.
16 years ago
}
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
int wps_registrar_get_info(struct wps_registrar *reg, const u8 *addr,
char *buf, size_t buflen)
{
struct wps_registrar_device *d;
int len = 0, ret;
char uuid[40];
WPS: Clean up Primary Device Type handling Use shared functions for converting Primary Device Type between binary and string formats. In addition, use array of eight octets instead of a specific structure with multiple fields to reduce code complexity.
15 years ago
char devtype[WPS_DEV_TYPE_BUFSIZE];
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
d = wps_device_get(reg, addr);
if (d == NULL)
return 0;
if (uuid_bin2str(d->uuid, uuid, sizeof(uuid)))
return 0;
ret = os_snprintf(buf + len, buflen - len,
"wpsUuid=%s\n"
WPS: Clean up Primary Device Type handling Use shared functions for converting Primary Device Type between binary and string formats. In addition, use array of eight octets instead of a specific structure with multiple fields to reduce code complexity.
15 years ago
"wpsPrimaryDeviceType=%s\n"
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
"wpsDeviceName=%s\n"
"wpsManufacturer=%s\n"
"wpsModelName=%s\n"
"wpsModelNumber=%s\n"
"wpsSerialNumber=%s\n",
uuid,
WPS: Clean up Primary Device Type handling Use shared functions for converting Primary Device Type between binary and string formats. In addition, use array of eight octets instead of a specific structure with multiple fields to reduce code complexity.
15 years ago
wps_dev_type_bin2str(d->dev.pri_dev_type, devtype,
sizeof(devtype)),
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
d->dev.device_name ? d->dev.device_name : "",
d->dev.manufacturer ? d->dev.manufacturer : "",
d->dev.model_name ? d->dev.model_name : "",
d->dev.model_number ? d->dev.model_number : "",
d->dev.serial_number ? d->dev.serial_number : "");
Check os_snprintf() result more consistently - automatic 1 This converts os_snprintf() result validation cases to use os_snprintf_error() where the exact rule used in os_snprintf_error() was used. These changes were done automatically with spatch using the following semantic patch: @@ identifier E1; expression E2,E3,E4,E5,E6; statement S1; @@ ( E1 = os_snprintf(E2, E3, ...); | int E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else if (E6) E1 = os_snprintf(E2, E3, ...); else E1 = 0; | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else if (E6) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... E1 = os_snprintf(E2, E3, ...); } ) ? os_free(E4); - if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \)) + if (os_snprintf_error(E3, E1)) ( S1 | { ... } ) Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (os_snprintf_error(buflen - len, ret))
WPS: Store device info and make it available through AP ctrl_iface Store a copy of device attributes during WPS protocol run and make it available for external programs via the control interface STA MIB command for associated stations. This gives access to device name and type which can be useful when showing user information about associated stations.
15 years ago
return len;
len += ret;
return len;
}
hostapd: Add wps_config ctrl_interface command for configuring AP This command can be used to configure the AP using the internal WPS registrar. It works in the same way as new AP settings received from an ER.
14 years ago
int wps_registrar_config_ap(struct wps_registrar *reg,
struct wps_credential *cred)
{
WPS: Convert printf() debug print to use wpa_printf() Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpa_printf(MSG_DEBUG, "WPS: encr_type=0x%x", cred->encr_type);
hostapd: Add wps_config ctrl_interface command for configuring AP This command can be used to configure the AP using the internal WPS registrar. It works in the same way as new AP settings received from an ER.
14 years ago
if (!(cred->encr_type & (WPS_ENCR_NONE | WPS_ENCR_TKIP |
WPS_ENCR_AES))) {
if (cred->encr_type & WPS_ENCR_WEP) {
wpa_printf(MSG_INFO, "WPS: Reject new AP settings "
"due to WEP configuration");
return -1;
}
wpa_printf(MSG_INFO, "WPS: Reject new AP settings due to "
"invalid encr_type 0x%x", cred->encr_type);
return -1;
}
if ((cred->encr_type & (WPS_ENCR_TKIP | WPS_ENCR_AES)) ==
WPS_ENCR_TKIP) {
wpa_printf(MSG_DEBUG, "WPS: Upgrade encr_type TKIP -> "
"TKIP+AES");
cred->encr_type |= WPS_ENCR_AES;
}
if ((cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) ==
WPS_AUTH_WPAPSK) {
wpa_printf(MSG_DEBUG, "WPS: Upgrade auth_type WPAPSK -> "
"WPAPSK+WPA2PSK");
cred->auth_type |= WPS_AUTH_WPA2PSK;
}
if (reg->wps->cred_cb)
return reg->wps->cred_cb(reg->wps->cb_ctx, cred);
return -1;
}
WPS: Add new mechanism for communicating NFC tag read events hostapd ctrl_iface can now be used to deliver payload from read operation of an NFC tag. This allows operations without having to have low-level NFC code within hostapd. For now, the new wps_nfc_tag_read command can be used with NFC password tokens for the case where the AP has an NFC device that is used to read an NFC tag from the station Enrollee. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
WPS: Reconfigure credentials on hostapd config reload When new credentials are configured and hostapd is reconfigured using SIGHUP (or RELOAD on the ctrl_iface), also update the WPS credentials. Before these changes, when WPS is triggered the Registar always serves the credentials that were configured when hostapd started. Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
3 years ago
int wps_registrar_update_multi_ap(struct wps_registrar *reg,
const u8 *multi_ap_backhaul_ssid,
size_t multi_ap_backhaul_ssid_len,
const u8 *multi_ap_backhaul_network_key,
size_t multi_ap_backhaul_network_key_len)
{
if (multi_ap_backhaul_ssid) {
os_memcpy(reg->multi_ap_backhaul_ssid,
multi_ap_backhaul_ssid, multi_ap_backhaul_ssid_len);
reg->multi_ap_backhaul_ssid_len = multi_ap_backhaul_ssid_len;
}
os_free(reg->multi_ap_backhaul_network_key);
reg->multi_ap_backhaul_network_key = NULL;
reg->multi_ap_backhaul_network_key_len = 0;
if (multi_ap_backhaul_network_key) {
reg->multi_ap_backhaul_network_key =
os_memdup(multi_ap_backhaul_network_key,
multi_ap_backhaul_network_key_len);
if (!reg->multi_ap_backhaul_network_key)
return -1;
reg->multi_ap_backhaul_network_key_len =
multi_ap_backhaul_network_key_len;
}
return 0;
}
WPS: Add new mechanism for communicating NFC tag read events hostapd ctrl_iface can now be used to deliver payload from read operation of an NFC tag. This allows operations without having to have low-level NFC code within hostapd. For now, the new wps_nfc_tag_read command can be used with NFC password tokens for the case where the AP has an NFC device that is used to read an NFC tag from the station Enrollee. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_WPS_NFC
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
int wps_registrar_add_nfc_pw_token(struct wps_registrar *reg,
const u8 *pubkey_hash, u16 pw_id,
WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB When both the Registrar and Enrollee public key hashes are delivered out-of-band (in NFC connection handover), use abbreviated WPS handshake (skip M3-M8). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
const u8 *dev_pw, size_t dev_pw_len,
int pk_hash_provided_oob)
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
{
struct wps_nfc_pw_token *token;
if (dev_pw_len > WPS_OOB_DEVICE_PASSWORD_LEN)
return -1;
P2P NFC: Report connection handover as trigger for P2P "NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to report completed NFC negotiated connection handover in which the P2P alternative carrier was selected. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (pw_id == DEV_PW_NFC_CONNECTION_HANDOVER &&
(pubkey_hash == NULL || !pk_hash_provided_oob)) {
wpa_printf(MSG_DEBUG, "WPS: Unexpected NFC Password Token "
"addition - missing public key hash");
return -1;
}
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wps_free_nfc_pw_tokens(&reg->nfc_pw_tokens, pw_id);
token = os_zalloc(sizeof(*token));
if (token == NULL)
return -1;
P2P NFC: Report connection handover as trigger for P2P "NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to report completed NFC negotiated connection handover in which the P2P alternative carrier was selected. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
token->peer_pk_hash_known = pubkey_hash != NULL;
if (pubkey_hash)
os_memcpy(token->pubkey_hash, pubkey_hash,
WPS_OOB_PUBKEY_HASH_LEN);
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
token->pw_id = pw_id;
WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB When both the Registrar and Enrollee public key hashes are delivered out-of-band (in NFC connection handover), use abbreviated WPS handshake (skip M3-M8). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
token->pk_hash_provided_oob = pk_hash_provided_oob;
WPS NFC: Update NFC connection handover design The new Device Password ID 7 is used to indicate that NFC connection handover is used with DH public key hash from both devices being exchanged over the NFC connection handover messages. This allows an abbreviated M1-M2 handshake to be used since Device Password does not need to be used when DH is authenticated with the out-of-band information (validation of the public key against the hash). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (dev_pw) {
wpa_snprintf_hex_uppercase((char *) token->dev_pw,
sizeof(token->dev_pw),
dev_pw, dev_pw_len);
token->dev_pw_len = dev_pw_len * 2;
}
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
dl_list_add(&reg->nfc_pw_tokens, &token->list);
reg->selected_registrar = 1;
reg->pbc = 0;
wps_registrar_add_authorized_mac(reg,
(u8 *) "\xff\xff\xff\xff\xff\xff");
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_registrar_selected_registrar_changed(reg, pw_id);
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
eloop_register_timeout(WPS_PBC_WALK_TIME, 0,
wps_registrar_set_selected_timeout,
reg, NULL);
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wpa_printf(MSG_DEBUG, "WPS: Added NFC Device Password %u to Registrar",
pw_id);
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
return 0;
}
WPS: Add new mechanism for communicating NFC tag read events hostapd ctrl_iface can now be used to deliver payload from read operation of an NFC tag. This allows operations without having to have low-level NFC code within hostapd. For now, the new wps_nfc_tag_read command can be used with NFC password tokens for the case where the AP has an NFC device that is used to read an NFC tag from the station Enrollee. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
int wps_registrar_add_nfc_password_token(struct wps_registrar *reg,
const u8 *oob_dev_pw,
size_t oob_dev_pw_len)
{
const u8 *pos, *hash, *dev_pw;
u16 id;
size_t dev_pw_len;
WPS NFC: Update NFC connection handover design The new Device Password ID 7 is used to indicate that NFC connection handover is used with DH public key hash from both devices being exchanged over the NFC connection handover messages. This allows an abbreviated M1-M2 handshake to be used since Device Password does not need to be used when DH is authenticated with the out-of-band information (validation of the public key against the hash). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (oob_dev_pw_len < WPS_OOB_PUBKEY_HASH_LEN + 2 ||
WPS: Add new mechanism for communicating NFC tag read events hostapd ctrl_iface can now be used to deliver payload from read operation of an NFC tag. This allows operations without having to have low-level NFC code within hostapd. For now, the new wps_nfc_tag_read command can be used with NFC password tokens for the case where the AP has an NFC device that is used to read an NFC tag from the station Enrollee. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
oob_dev_pw_len > WPS_OOB_PUBKEY_HASH_LEN + 2 +
WPS_OOB_DEVICE_PASSWORD_LEN)
return -1;
hash = oob_dev_pw;
pos = oob_dev_pw + WPS_OOB_PUBKEY_HASH_LEN;
id = WPA_GET_BE16(pos);
dev_pw = pos + 2;
dev_pw_len = oob_dev_pw + oob_dev_pw_len - dev_pw;
wpa_printf(MSG_DEBUG, "WPS: Add NFC Password Token for Password ID %u",
id);
wpa_hexdump(MSG_DEBUG, "WPS: Public Key Hash",
hash, WPS_OOB_PUBKEY_HASH_LEN);
wpa_hexdump_key(MSG_DEBUG, "WPS: Device Password", dev_pw, dev_pw_len);
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
return wps_registrar_add_nfc_pw_token(reg, hash, id, dev_pw,
WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB When both the Registrar and Enrollee public key hashes are delivered out-of-band (in NFC connection handover), use abbreviated WPS handshake (skip M3-M8). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
dev_pw_len, 0);
WPS: Add new mechanism for communicating NFC tag read events hostapd ctrl_iface can now be used to deliver payload from read operation of an NFC tag. This allows operations without having to have low-level NFC code within hostapd. For now, the new wps_nfc_tag_read command can be used with NFC password tokens for the case where the AP has an NFC device that is used to read an NFC tag from the station Enrollee. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
}
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
void wps_registrar_remove_nfc_pw_token(struct wps_registrar *reg,
struct wps_nfc_pw_token *token)
{
wps_registrar_remove_authorized_mac(reg,
(u8 *) "\xff\xff\xff\xff\xff\xff");
WPS NFC: Allow Device Password ID override for selected registrar When a specific out-of-band Device Password is enabled, it can be useful to be able to advertise that in the selected registrar information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wps_registrar_selected_registrar_changed(reg, 0);
P2P NFC: Report connection handover as trigger for P2P "NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to report completed NFC negotiated connection handover in which the P2P alternative carrier was selected. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
/*
* Free the NFC password token if it was used only for a single protocol
* run. The static handover case uses the same password token multiple
* times, so do not free that case here.
*/
if (token->peer_pk_hash_known)
os_free(token);
WPS: Use separate list of NFC Password Tokens in the Registrar This adds a cleaner mechanism for handling NFC Password Tokens in the WPS Registrar. There could be more than one active NFC Password Token in use and as such, a list of tokens needs to be maintained. The old WPS_OOB interface is still using the old mechanism that supports only a single active NFC Password Token. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
}
WPS: Add new mechanism for communicating NFC tag read events hostapd ctrl_iface can now be used to deliver payload from read operation of an NFC tag. This allows operations without having to have low-level NFC code within hostapd. For now, the new wps_nfc_tag_read command can be used with NFC password tokens for the case where the AP has an NFC device that is used to read an NFC tag from the station Enrollee. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#endif /* CONFIG_WPS_NFC */