2 * Wi-Fi Protected Setup - Strict protocol validation routines
3 * Copyright (c) 2010, Atheros Communications, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
16 #ifndef WPS_STRICT_ALL
17 #define WPS_STRICT_WPS2
18 #endif /* WPS_STRICT_ALL */
21 static int wps_validate_version(const u8 *version, int mandatory)
23 if (version == NULL) {
25 wpa_printf(MSG_INFO, "WPS-STRICT: Version attribute "
31 if (*version != 0x10) {
32 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Version attribute "
33 "value 0x%x", *version);
40 static int wps_validate_version2(const u8 *version2, int mandatory)
42 if (version2 == NULL) {
44 wpa_printf(MSG_INFO, "WPS-STRICT: Version2 attribute "
50 if (*version2 < 0x20) {
51 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Version2 attribute "
52 "value 0x%x", *version2);
59 static int wps_validate_request_type(const u8 *request_type, int mandatory)
61 if (request_type == NULL) {
63 wpa_printf(MSG_INFO, "WPS-STRICT: Request Type "
69 if (*request_type > 0x03) {
70 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Request Type "
71 "attribute value 0x%x", *request_type);
78 static int wps_validate_response_type(const u8 *response_type, int mandatory)
80 if (response_type == NULL) {
82 wpa_printf(MSG_INFO, "WPS-STRICT: Response Type "
88 if (*response_type > 0x03) {
89 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Response Type "
90 "attribute value 0x%x", *response_type);
97 static int valid_config_methods(u16 val, int wps2)
100 if ((val & 0x6000) && !(val & WPS_CONFIG_DISPLAY)) {
101 wpa_printf(MSG_INFO, "WPS-STRICT: Physical/Virtual "
102 "Display flag without old Display flag "
106 if (!(val & 0x6000) && (val & WPS_CONFIG_DISPLAY)) {
107 wpa_printf(MSG_INFO, "WPS-STRICT: Display flag "
108 "without Physical/Virtual Display flag");
111 if ((val & 0x0600) && !(val & WPS_CONFIG_PUSHBUTTON)) {
112 wpa_printf(MSG_INFO, "WPS-STRICT: Physical/Virtual "
113 "PushButton flag without old PushButton "
117 if (!(val & 0x0600) && (val & WPS_CONFIG_PUSHBUTTON)) {
118 wpa_printf(MSG_INFO, "WPS-STRICT: PushButton flag "
119 "without Physical/Virtual PushButton flag");
128 static int wps_validate_config_methods(const u8 *config_methods, int wps2,
133 if (config_methods == NULL) {
135 wpa_printf(MSG_INFO, "WPS-STRICT: Configuration "
136 "Methods attribute missing");
142 val = WPA_GET_BE16(config_methods);
143 if (!valid_config_methods(val, wps2)) {
144 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration "
145 "Methods attribute value 0x%04x", val);
152 static int wps_validate_ap_config_methods(const u8 *config_methods, int wps2,
157 if (wps_validate_config_methods(config_methods, wps2, mandatory) < 0)
159 if (config_methods == NULL)
161 val = WPA_GET_BE16(config_methods);
162 if (val & WPS_CONFIG_PUSHBUTTON) {
163 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration "
164 "Methods attribute value 0x%04x in AP info "
165 "(PushButton not allowed for registering new ER)",
173 static int wps_validate_uuid_e(const u8 *uuid_e, int mandatory)
175 if (uuid_e == NULL) {
177 wpa_printf(MSG_INFO, "WPS-STRICT: UUID-E "
178 "attribute missing");
187 static int wps_validate_uuid_r(const u8 *uuid_r, int mandatory)
189 if (uuid_r == NULL) {
191 wpa_printf(MSG_INFO, "WPS-STRICT: UUID-R "
192 "attribute missing");
201 static int wps_validate_primary_dev_type(const u8 *primary_dev_type,
204 if (primary_dev_type == NULL) {
206 wpa_printf(MSG_INFO, "WPS-STRICT: Primary Device Type "
207 "attribute missing");
216 static int wps_validate_rf_bands(const u8 *rf_bands, int mandatory)
218 if (rf_bands == NULL) {
220 wpa_printf(MSG_INFO, "WPS-STRICT: RF Bands "
221 "attribute missing");
226 if (*rf_bands != WPS_RF_24GHZ && *rf_bands != WPS_RF_50GHZ &&
227 *rf_bands != WPS_RF_60GHZ &&
228 *rf_bands != (WPS_RF_24GHZ | WPS_RF_50GHZ | WPS_RF_60GHZ) &&
229 *rf_bands != (WPS_RF_24GHZ | WPS_RF_50GHZ)) {
230 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Rf Bands "
231 "attribute value 0x%x", *rf_bands);
238 static int wps_validate_assoc_state(const u8 *assoc_state, int mandatory)
241 if (assoc_state == NULL) {
243 wpa_printf(MSG_INFO, "WPS-STRICT: Association State "
244 "attribute missing");
249 val = WPA_GET_BE16(assoc_state);
251 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Association State "
252 "attribute value 0x%04x", val);
259 static int wps_validate_config_error(const u8 *config_error, int mandatory)
263 if (config_error == NULL) {
265 wpa_printf(MSG_INFO, "WPS-STRICT: Configuration Error "
266 "attribute missing");
271 val = WPA_GET_BE16(config_error);
273 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration Error "
274 "attribute value 0x%04x", val);
281 static int wps_validate_dev_password_id(const u8 *dev_password_id,
286 if (dev_password_id == NULL) {
288 wpa_printf(MSG_INFO, "WPS-STRICT: Device Password ID "
289 "attribute missing");
294 val = WPA_GET_BE16(dev_password_id);
295 if (val >= 0x0008 && val <= 0x000f) {
296 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Device Password ID "
297 "attribute value 0x%04x", val);
304 static int wps_validate_manufacturer(const u8 *manufacturer, size_t len,
307 if (manufacturer == NULL) {
309 wpa_printf(MSG_INFO, "WPS-STRICT: Manufacturer "
310 "attribute missing");
315 if (len > 0 && manufacturer[len - 1] == 0) {
316 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Manufacturer "
317 "attribute value", manufacturer, len);
324 static int wps_validate_model_name(const u8 *model_name, size_t len,
327 if (model_name == NULL) {
329 wpa_printf(MSG_INFO, "WPS-STRICT: Model Name "
330 "attribute missing");
335 if (len > 0 && model_name[len - 1] == 0) {
336 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Model Name "
337 "attribute value", model_name, len);
344 static int wps_validate_model_number(const u8 *model_number, size_t len,
347 if (model_number == NULL) {
349 wpa_printf(MSG_INFO, "WPS-STRICT: Model Number "
350 "attribute missing");
355 if (len > 0 && model_number[len - 1] == 0) {
356 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Model Number "
357 "attribute value", model_number, len);
364 static int wps_validate_serial_number(const u8 *serial_number, size_t len,
367 if (serial_number == NULL) {
369 wpa_printf(MSG_INFO, "WPS-STRICT: Serial Number "
370 "attribute missing");
375 if (len > 0 && serial_number[len - 1] == 0) {
376 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Serial "
377 "Number attribute value",
385 static int wps_validate_dev_name(const u8 *dev_name, size_t len,
388 if (dev_name == NULL) {
390 wpa_printf(MSG_INFO, "WPS-STRICT: Device Name "
391 "attribute missing");
396 if (len > 0 && dev_name[len - 1] == 0) {
397 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Device Name "
398 "attribute value", dev_name, len);
405 static int wps_validate_request_to_enroll(const u8 *request_to_enroll,
408 if (request_to_enroll == NULL) {
410 wpa_printf(MSG_INFO, "WPS-STRICT: Request to Enroll "
411 "attribute missing");
416 if (*request_to_enroll > 0x01) {
417 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Request to Enroll "
418 "attribute value 0x%x", *request_to_enroll);
425 static int wps_validate_req_dev_type(const u8 *req_dev_type[], size_t num,
430 wpa_printf(MSG_INFO, "WPS-STRICT: Requested Device "
431 "Type attribute missing");
440 static int wps_validate_wps_state(const u8 *wps_state, int mandatory)
442 if (wps_state == NULL) {
444 wpa_printf(MSG_INFO, "WPS-STRICT: Wi-Fi Protected "
445 "Setup State attribute missing");
450 if (*wps_state != WPS_STATE_NOT_CONFIGURED &&
451 *wps_state != WPS_STATE_CONFIGURED) {
452 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Wi-Fi Protected "
453 "Setup State attribute value 0x%x", *wps_state);
460 static int wps_validate_ap_setup_locked(const u8 *ap_setup_locked,
463 if (ap_setup_locked == NULL) {
465 wpa_printf(MSG_INFO, "WPS-STRICT: AP Setup Locked "
466 "attribute missing");
471 if (*ap_setup_locked > 1) {
472 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid AP Setup Locked "
473 "attribute value 0x%x", *ap_setup_locked);
480 static int wps_validate_selected_registrar(const u8 *selected_registrar,
483 if (selected_registrar == NULL) {
485 wpa_printf(MSG_INFO, "WPS-STRICT: Selected Registrar "
486 "attribute missing");
491 if (*selected_registrar > 1) {
492 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Selected Registrar "
493 "attribute value 0x%x", *selected_registrar);
500 static int wps_validate_sel_reg_config_methods(const u8 *config_methods,
501 int wps2, int mandatory)
505 if (config_methods == NULL) {
507 wpa_printf(MSG_INFO, "WPS-STRICT: Selected Registrar "
508 "Configuration Methods attribute missing");
514 val = WPA_GET_BE16(config_methods);
515 if (!valid_config_methods(val, wps2)) {
516 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Selected Registrar "
517 "Configuration Methods attribute value 0x%04x",
525 static int wps_validate_authorized_macs(const u8 *authorized_macs, size_t len,
528 if (authorized_macs == NULL) {
530 wpa_printf(MSG_INFO, "WPS-STRICT: Authorized MACs "
531 "attribute missing");
536 if (len > 30 && (len % ETH_ALEN) != 0) {
537 wpa_hexdump(MSG_INFO, "WPS-STRICT: Invalid Authorized "
538 "MACs attribute value", authorized_macs, len);
545 static int wps_validate_msg_type(const u8 *msg_type, int mandatory)
547 if (msg_type == NULL) {
549 wpa_printf(MSG_INFO, "WPS-STRICT: Message Type "
550 "attribute missing");
555 if (*msg_type < WPS_Beacon || *msg_type > WPS_WSC_DONE) {
556 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Message Type "
557 "attribute value 0x%x", *msg_type);
564 static int wps_validate_mac_addr(const u8 *mac_addr, int mandatory)
566 if (mac_addr == NULL) {
568 wpa_printf(MSG_INFO, "WPS-STRICT: MAC Address "
569 "attribute missing");
574 if (mac_addr[0] & 0x01) {
575 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid MAC Address "
576 "attribute value " MACSTR, MAC2STR(mac_addr));
583 static int wps_validate_enrollee_nonce(const u8 *enrollee_nonce, int mandatory)
585 if (enrollee_nonce == NULL) {
587 wpa_printf(MSG_INFO, "WPS-STRICT: Enrollee Nonce "
588 "attribute missing");
597 static int wps_validate_registrar_nonce(const u8 *registrar_nonce,
600 if (registrar_nonce == NULL) {
602 wpa_printf(MSG_INFO, "WPS-STRICT: Registrar Nonce "
603 "attribute missing");
612 static int wps_validate_public_key(const u8 *public_key, size_t len,
615 if (public_key == NULL) {
617 wpa_printf(MSG_INFO, "WPS-STRICT: Public Key "
618 "attribute missing");
624 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Public Key "
625 "attribute length %d", (int) len);
632 static int num_bits_set(u16 val)
635 for (c = 0; val; c++)
641 static int wps_validate_auth_type_flags(const u8 *flags, int mandatory)
647 wpa_printf(MSG_INFO, "WPS-STRICT: Authentication Type "
648 "Flags attribute missing");
653 val = WPA_GET_BE16(flags);
654 if ((val & ~WPS_AUTH_TYPES) || !(val & WPS_AUTH_WPA2PSK)) {
655 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Authentication Type "
656 "Flags attribute value 0x%04x", val);
663 static int wps_validate_auth_type(const u8 *type, int mandatory)
669 wpa_printf(MSG_INFO, "WPS-STRICT: Authentication Type "
670 "attribute missing");
675 val = WPA_GET_BE16(type);
676 if ((val & ~WPS_AUTH_TYPES) || val == 0 ||
677 (num_bits_set(val) > 1 &&
678 val != (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK))) {
679 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Authentication Type "
680 "attribute value 0x%04x", val);
687 static int wps_validate_encr_type_flags(const u8 *flags, int mandatory)
693 wpa_printf(MSG_INFO, "WPS-STRICT: Encryption Type "
694 "Flags attribute missing");
699 val = WPA_GET_BE16(flags);
700 if ((val & ~WPS_ENCR_TYPES) || !(val & WPS_ENCR_AES)) {
701 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encryption Type "
702 "Flags attribute value 0x%04x", val);
709 static int wps_validate_encr_type(const u8 *type, int mandatory)
715 wpa_printf(MSG_INFO, "WPS-STRICT: Encryption Type "
716 "attribute missing");
721 val = WPA_GET_BE16(type);
722 if ((val & ~WPS_ENCR_TYPES) || val == 0 ||
723 (num_bits_set(val) > 1 && val != (WPS_ENCR_TKIP | WPS_ENCR_AES))) {
724 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encryption Type "
725 "attribute value 0x%04x", val);
732 static int wps_validate_conn_type_flags(const u8 *flags, int mandatory)
736 wpa_printf(MSG_INFO, "WPS-STRICT: Connection Type "
737 "Flags attribute missing");
742 if ((*flags & ~(WPS_CONN_ESS | WPS_CONN_IBSS)) ||
743 !(*flags & WPS_CONN_ESS)) {
744 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Connection Type "
745 "Flags attribute value 0x%02x", *flags);
752 static int wps_validate_os_version(const u8 *os_version, int mandatory)
754 if (os_version == NULL) {
756 wpa_printf(MSG_INFO, "WPS-STRICT: OS Version "
757 "attribute missing");
766 static int wps_validate_authenticator(const u8 *authenticator, int mandatory)
768 if (authenticator == NULL) {
770 wpa_printf(MSG_INFO, "WPS-STRICT: Authenticator "
771 "attribute missing");
780 static int wps_validate_e_hash1(const u8 *hash, int mandatory)
784 wpa_printf(MSG_INFO, "WPS-STRICT: E-Hash1 "
785 "attribute missing");
794 static int wps_validate_e_hash2(const u8 *hash, int mandatory)
798 wpa_printf(MSG_INFO, "WPS-STRICT: E-Hash2 "
799 "attribute missing");
808 static int wps_validate_r_hash1(const u8 *hash, int mandatory)
812 wpa_printf(MSG_INFO, "WPS-STRICT: R-Hash1 "
813 "attribute missing");
822 static int wps_validate_r_hash2(const u8 *hash, int mandatory)
826 wpa_printf(MSG_INFO, "WPS-STRICT: R-Hash2 "
827 "attribute missing");
836 static int wps_validate_encr_settings(const u8 *encr_settings, size_t len,
839 if (encr_settings == NULL) {
841 wpa_printf(MSG_INFO, "WPS-STRICT: Encrypted Settings "
842 "attribute missing");
848 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encrypted Settings "
849 "attribute length %d", (int) len);
856 static int wps_validate_settings_delay_time(const u8 *delay, int mandatory)
860 wpa_printf(MSG_INFO, "WPS-STRICT: Settings Delay Time "
861 "attribute missing");
870 static int wps_validate_r_snonce1(const u8 *nonce, int mandatory)
874 wpa_printf(MSG_INFO, "WPS-STRICT: R-SNonce1 "
875 "attribute missing");
884 static int wps_validate_r_snonce2(const u8 *nonce, int mandatory)
888 wpa_printf(MSG_INFO, "WPS-STRICT: R-SNonce2 "
889 "attribute missing");
898 static int wps_validate_e_snonce1(const u8 *nonce, int mandatory)
902 wpa_printf(MSG_INFO, "WPS-STRICT: E-SNonce1 "
903 "attribute missing");
912 static int wps_validate_e_snonce2(const u8 *nonce, int mandatory)
916 wpa_printf(MSG_INFO, "WPS-STRICT: E-SNonce2 "
917 "attribute missing");
926 static int wps_validate_key_wrap_auth(const u8 *auth, int mandatory)
930 wpa_printf(MSG_INFO, "WPS-STRICT: Key Wrap "
931 "Authenticator attribute missing");
940 static int wps_validate_ssid(const u8 *ssid, size_t ssid_len, int mandatory)
944 wpa_printf(MSG_INFO, "WPS-STRICT: SSID "
945 "attribute missing");
950 if (ssid_len == 0 || ssid[ssid_len - 1] == 0) {
951 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid SSID "
952 "attribute value", ssid, ssid_len);
959 static int wps_validate_network_key_index(const u8 *idx, int mandatory)
963 wpa_printf(MSG_INFO, "WPS-STRICT: Network Key Index "
964 "attribute missing");
973 static int wps_validate_network_idx(const u8 *idx, int mandatory)
977 wpa_printf(MSG_INFO, "WPS-STRICT: Network Index "
978 "attribute missing");
987 static int wps_validate_network_key(const u8 *key, size_t key_len,
988 const u8 *encr_type, int mandatory)
992 wpa_printf(MSG_INFO, "WPS-STRICT: Network Key "
993 "attribute missing");
998 if (((encr_type == NULL || WPA_GET_BE16(encr_type) != WPS_ENCR_WEP) &&
999 key_len > 8 && key_len < 64 && key[key_len - 1] == 0) ||
1001 wpa_hexdump_ascii_key(MSG_INFO, "WPS-STRICT: Invalid Network "
1002 "Key attribute value", key, key_len);
1009 static int wps_validate_network_key_shareable(const u8 *val, int mandatory)
1013 wpa_printf(MSG_INFO, "WPS-STRICT: Network Key "
1014 "Shareable attribute missing");
1020 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Network Key "
1021 "Shareable attribute value 0x%x", *val);
1028 static int wps_validate_cred(const u8 *cred, size_t len)
1030 struct wps_parse_attr attr;
1035 wpabuf_set(&buf, cred, len);
1036 if (wps_parse_msg(&buf, &attr) < 0) {
1037 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse Credential");
1041 if (wps_validate_network_idx(attr.network_idx, 1) ||
1042 wps_validate_ssid(attr.ssid, attr.ssid_len, 1) ||
1043 wps_validate_auth_type(attr.auth_type, 1) ||
1044 wps_validate_encr_type(attr.encr_type, 1) ||
1045 wps_validate_network_key_index(attr.network_key_idx, 0) ||
1046 wps_validate_network_key(attr.network_key, attr.network_key_len,
1047 attr.encr_type, 1) ||
1048 wps_validate_mac_addr(attr.mac_addr, 1) ||
1049 wps_validate_network_key_shareable(attr.network_key_shareable, 0))
1051 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Credential");
1060 static int wps_validate_credential(const u8 *cred[], size_t len[], size_t num,
1067 wpa_printf(MSG_INFO, "WPS-STRICT: Credential "
1068 "attribute missing");
1074 for (i = 0; i < num; i++) {
1075 if (wps_validate_cred(cred[i], len[i]) < 0)
1083 int wps_validate_beacon(const struct wpabuf *wps_ie)
1085 struct wps_parse_attr attr;
1088 if (wps_ie == NULL) {
1089 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in Beacon frame");
1092 if (wps_parse_msg(wps_ie, &attr) < 0) {
1093 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1098 wps2 = attr.version2 != NULL;
1099 sel_reg = attr.selected_registrar != NULL &&
1100 *attr.selected_registrar != 0;
1101 if (wps_validate_version(attr.version, 1) ||
1102 wps_validate_wps_state(attr.wps_state, 1) ||
1103 wps_validate_ap_setup_locked(attr.ap_setup_locked, 0) ||
1104 wps_validate_selected_registrar(attr.selected_registrar, 0) ||
1105 wps_validate_dev_password_id(attr.dev_password_id, sel_reg) ||
1106 wps_validate_sel_reg_config_methods(attr.sel_reg_config_methods,
1108 wps_validate_uuid_e(attr.uuid_e, 0) ||
1109 wps_validate_rf_bands(attr.rf_bands, 0) ||
1110 wps_validate_version2(attr.version2, wps2) ||
1111 wps_validate_authorized_macs(attr.authorized_macs,
1112 attr.authorized_macs_len, 0)) {
1113 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Beacon frame");
1121 int wps_validate_beacon_probe_resp(const struct wpabuf *wps_ie, int probe,
1124 struct wps_parse_attr attr;
1127 if (wps_ie == NULL) {
1128 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1129 "%sProbe Response frame", probe ? "" : "Beacon/");
1132 if (wps_parse_msg(wps_ie, &attr) < 0) {
1133 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1134 "%sProbe Response frame", probe ? "" : "Beacon/");
1138 wps2 = attr.version2 != NULL;
1139 sel_reg = attr.selected_registrar != NULL &&
1140 *attr.selected_registrar != 0;
1141 if (wps_validate_version(attr.version, 1) ||
1142 wps_validate_wps_state(attr.wps_state, 1) ||
1143 wps_validate_ap_setup_locked(attr.ap_setup_locked, 0) ||
1144 wps_validate_selected_registrar(attr.selected_registrar, 0) ||
1145 wps_validate_dev_password_id(attr.dev_password_id, sel_reg) ||
1146 wps_validate_sel_reg_config_methods(attr.sel_reg_config_methods,
1148 wps_validate_response_type(attr.response_type, probe) ||
1149 wps_validate_uuid_e(attr.uuid_e, probe) ||
1150 wps_validate_manufacturer(attr.manufacturer, attr.manufacturer_len,
1152 wps_validate_model_name(attr.model_name, attr.model_name_len,
1154 wps_validate_model_number(attr.model_number, attr.model_number_len,
1156 wps_validate_serial_number(attr.serial_number,
1157 attr.serial_number_len, probe) ||
1158 wps_validate_primary_dev_type(attr.primary_dev_type, probe) ||
1159 wps_validate_dev_name(attr.dev_name, attr.dev_name_len, probe) ||
1160 wps_validate_ap_config_methods(attr.config_methods, wps2, probe) ||
1161 wps_validate_rf_bands(attr.rf_bands, 0) ||
1162 wps_validate_version2(attr.version2, wps2) ||
1163 wps_validate_authorized_macs(attr.authorized_macs,
1164 attr.authorized_macs_len, 0)) {
1165 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid %sProbe Response "
1166 "frame from " MACSTR, probe ? "" : "Beacon/",
1168 #ifdef WPS_STRICT_WPS2
1171 #else /* WPS_STRICT_WPS2 */
1173 #endif /* WPS_STRICT_WPS2 */
1180 int wps_validate_probe_req(const struct wpabuf *wps_ie, const u8 *addr)
1182 struct wps_parse_attr attr;
1185 if (wps_ie == NULL) {
1186 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1187 "Probe Request frame");
1190 if (wps_parse_msg(wps_ie, &attr) < 0) {
1191 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1192 "Probe Request frame");
1196 wps2 = attr.version2 != NULL;
1197 if (wps_validate_version(attr.version, 1) ||
1198 wps_validate_request_type(attr.request_type, 1) ||
1199 wps_validate_config_methods(attr.config_methods, wps2, 1) ||
1200 wps_validate_uuid_e(attr.uuid_e, attr.uuid_r == NULL) ||
1201 wps_validate_uuid_r(attr.uuid_r, attr.uuid_e == NULL) ||
1202 wps_validate_primary_dev_type(attr.primary_dev_type, 1) ||
1203 wps_validate_rf_bands(attr.rf_bands, 1) ||
1204 wps_validate_assoc_state(attr.assoc_state, 1) ||
1205 wps_validate_config_error(attr.config_error, 1) ||
1206 wps_validate_dev_password_id(attr.dev_password_id, 1) ||
1207 wps_validate_version2(attr.version2, wps2) ||
1208 wps_validate_manufacturer(attr.manufacturer, attr.manufacturer_len,
1210 wps_validate_model_name(attr.model_name, attr.model_name_len,
1212 wps_validate_model_number(attr.model_number, attr.model_number_len,
1214 wps_validate_dev_name(attr.dev_name, attr.dev_name_len, wps2) ||
1215 wps_validate_request_to_enroll(attr.request_to_enroll, 0) ||
1216 wps_validate_req_dev_type(attr.req_dev_type, attr.num_req_dev_type,
1218 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Probe Request "
1219 "frame from " MACSTR, MAC2STR(addr));
1227 int wps_validate_assoc_req(const struct wpabuf *wps_ie)
1229 struct wps_parse_attr attr;
1232 if (wps_ie == NULL) {
1233 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1234 "(Re)Association Request frame");
1237 if (wps_parse_msg(wps_ie, &attr) < 0) {
1238 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1239 "(Re)Association Request frame");
1243 wps2 = attr.version2 != NULL;
1244 if (wps_validate_version(attr.version, 1) ||
1245 wps_validate_request_type(attr.request_type, 1) ||
1246 wps_validate_version2(attr.version2, wps2)) {
1247 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid (Re)Association "
1256 int wps_validate_assoc_resp(const struct wpabuf *wps_ie)
1258 struct wps_parse_attr attr;
1261 if (wps_ie == NULL) {
1262 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1263 "(Re)Association Response frame");
1266 if (wps_parse_msg(wps_ie, &attr) < 0) {
1267 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1268 "(Re)Association Response frame");
1272 wps2 = attr.version2 != NULL;
1273 if (wps_validate_version(attr.version, 1) ||
1274 wps_validate_response_type(attr.response_type, 1) ||
1275 wps_validate_version2(attr.version2, wps2)) {
1276 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid (Re)Association "
1285 int wps_validate_m1(const struct wpabuf *tlvs)
1287 struct wps_parse_attr attr;
1291 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M1");
1294 if (wps_parse_msg(tlvs, &attr) < 0) {
1295 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1300 wps2 = attr.version2 != NULL;
1301 if (wps_validate_version(attr.version, 1) ||
1302 wps_validate_msg_type(attr.msg_type, 1) ||
1303 wps_validate_uuid_e(attr.uuid_e, 1) ||
1304 wps_validate_mac_addr(attr.mac_addr, 1) ||
1305 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1306 wps_validate_public_key(attr.public_key, attr.public_key_len, 1) ||
1307 wps_validate_auth_type_flags(attr.auth_type_flags, 1) ||
1308 wps_validate_encr_type_flags(attr.encr_type_flags, 1) ||
1309 wps_validate_conn_type_flags(attr.conn_type_flags, 1) ||
1310 wps_validate_config_methods(attr.config_methods, wps2, 1) ||
1311 wps_validate_wps_state(attr.wps_state, 1) ||
1312 wps_validate_manufacturer(attr.manufacturer, attr.manufacturer_len,
1314 wps_validate_model_name(attr.model_name, attr.model_name_len, 1) ||
1315 wps_validate_model_number(attr.model_number, attr.model_number_len,
1317 wps_validate_serial_number(attr.serial_number,
1318 attr.serial_number_len, 1) ||
1319 wps_validate_primary_dev_type(attr.primary_dev_type, 1) ||
1320 wps_validate_dev_name(attr.dev_name, attr.dev_name_len, 1) ||
1321 wps_validate_rf_bands(attr.rf_bands, 1) ||
1322 wps_validate_assoc_state(attr.assoc_state, 1) ||
1323 wps_validate_dev_password_id(attr.dev_password_id, 1) ||
1324 wps_validate_config_error(attr.config_error, 1) ||
1325 wps_validate_os_version(attr.os_version, 1) ||
1326 wps_validate_version2(attr.version2, wps2) ||
1327 wps_validate_request_to_enroll(attr.request_to_enroll, 0)) {
1328 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M1");
1329 #ifdef WPS_STRICT_WPS2
1332 #else /* WPS_STRICT_WPS2 */
1334 #endif /* WPS_STRICT_WPS2 */
1341 int wps_validate_m2(const struct wpabuf *tlvs)
1343 struct wps_parse_attr attr;
1347 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M2");
1350 if (wps_parse_msg(tlvs, &attr) < 0) {
1351 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1356 wps2 = attr.version2 != NULL;
1357 if (wps_validate_version(attr.version, 1) ||
1358 wps_validate_msg_type(attr.msg_type, 1) ||
1359 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1360 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1361 wps_validate_uuid_r(attr.uuid_r, 1) ||
1362 wps_validate_public_key(attr.public_key, attr.public_key_len, 1) ||
1363 wps_validate_auth_type_flags(attr.auth_type_flags, 1) ||
1364 wps_validate_encr_type_flags(attr.encr_type_flags, 1) ||
1365 wps_validate_conn_type_flags(attr.conn_type_flags, 1) ||
1366 wps_validate_config_methods(attr.config_methods, wps2, 1) ||
1367 wps_validate_manufacturer(attr.manufacturer, attr.manufacturer_len,
1369 wps_validate_model_name(attr.model_name, attr.model_name_len, 1) ||
1370 wps_validate_model_number(attr.model_number, attr.model_number_len,
1372 wps_validate_serial_number(attr.serial_number,
1373 attr.serial_number_len, 1) ||
1374 wps_validate_primary_dev_type(attr.primary_dev_type, 1) ||
1375 wps_validate_dev_name(attr.dev_name, attr.dev_name_len, 1) ||
1376 wps_validate_rf_bands(attr.rf_bands, 1) ||
1377 wps_validate_assoc_state(attr.assoc_state, 1) ||
1378 wps_validate_config_error(attr.config_error, 1) ||
1379 wps_validate_dev_password_id(attr.dev_password_id, 1) ||
1380 wps_validate_os_version(attr.os_version, 1) ||
1381 wps_validate_version2(attr.version2, wps2) ||
1382 wps_validate_authenticator(attr.authenticator, 1)) {
1383 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M2");
1384 #ifdef WPS_STRICT_WPS2
1387 #else /* WPS_STRICT_WPS2 */
1389 #endif /* WPS_STRICT_WPS2 */
1396 int wps_validate_m2d(const struct wpabuf *tlvs)
1398 struct wps_parse_attr attr;
1402 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M2D");
1405 if (wps_parse_msg(tlvs, &attr) < 0) {
1406 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1411 wps2 = attr.version2 != NULL;
1412 if (wps_validate_version(attr.version, 1) ||
1413 wps_validate_msg_type(attr.msg_type, 1) ||
1414 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1415 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1416 wps_validate_uuid_r(attr.uuid_r, 1) ||
1417 wps_validate_auth_type_flags(attr.auth_type_flags, 1) ||
1418 wps_validate_encr_type_flags(attr.encr_type_flags, 1) ||
1419 wps_validate_conn_type_flags(attr.conn_type_flags, 1) ||
1420 wps_validate_config_methods(attr.config_methods, wps2, 1) ||
1421 wps_validate_manufacturer(attr.manufacturer, attr.manufacturer_len,
1423 wps_validate_model_name(attr.model_name, attr.model_name_len, 1) ||
1424 wps_validate_model_number(attr.model_number, attr.model_number_len,
1426 wps_validate_serial_number(attr.serial_number,
1427 attr.serial_number_len, 1) ||
1428 wps_validate_primary_dev_type(attr.primary_dev_type, 1) ||
1429 wps_validate_dev_name(attr.dev_name, attr.dev_name_len, 1) ||
1430 wps_validate_rf_bands(attr.rf_bands, 1) ||
1431 wps_validate_assoc_state(attr.assoc_state, 1) ||
1432 wps_validate_config_error(attr.config_error, 1) ||
1433 wps_validate_os_version(attr.os_version, 1) ||
1434 wps_validate_version2(attr.version2, wps2)) {
1435 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M2D");
1436 #ifdef WPS_STRICT_WPS2
1439 #else /* WPS_STRICT_WPS2 */
1441 #endif /* WPS_STRICT_WPS2 */
1448 int wps_validate_m3(const struct wpabuf *tlvs)
1450 struct wps_parse_attr attr;
1454 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M3");
1457 if (wps_parse_msg(tlvs, &attr) < 0) {
1458 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1463 wps2 = attr.version2 != NULL;
1464 if (wps_validate_version(attr.version, 1) ||
1465 wps_validate_msg_type(attr.msg_type, 1) ||
1466 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1467 wps_validate_e_hash1(attr.e_hash1, 1) ||
1468 wps_validate_e_hash2(attr.e_hash2, 1) ||
1469 wps_validate_version2(attr.version2, wps2) ||
1470 wps_validate_authenticator(attr.authenticator, 1)) {
1471 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M3");
1472 #ifdef WPS_STRICT_WPS2
1475 #else /* WPS_STRICT_WPS2 */
1477 #endif /* WPS_STRICT_WPS2 */
1484 int wps_validate_m4(const struct wpabuf *tlvs)
1486 struct wps_parse_attr attr;
1490 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M4");
1493 if (wps_parse_msg(tlvs, &attr) < 0) {
1494 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1499 wps2 = attr.version2 != NULL;
1500 if (wps_validate_version(attr.version, 1) ||
1501 wps_validate_msg_type(attr.msg_type, 1) ||
1502 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1503 wps_validate_r_hash1(attr.r_hash1, 1) ||
1504 wps_validate_r_hash2(attr.r_hash2, 1) ||
1505 wps_validate_encr_settings(attr.encr_settings,
1506 attr.encr_settings_len, 1) ||
1507 wps_validate_version2(attr.version2, wps2) ||
1508 wps_validate_authenticator(attr.authenticator, 1)) {
1509 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M4");
1510 #ifdef WPS_STRICT_WPS2
1513 #else /* WPS_STRICT_WPS2 */
1515 #endif /* WPS_STRICT_WPS2 */
1522 int wps_validate_m4_encr(const struct wpabuf *tlvs, int wps2)
1524 struct wps_parse_attr attr;
1527 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M4 encrypted "
1531 if (wps_parse_msg(tlvs, &attr) < 0) {
1532 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1533 "in M4 encrypted settings");
1537 if (wps_validate_r_snonce1(attr.r_snonce1, 1) ||
1538 wps_validate_key_wrap_auth(attr.key_wrap_auth, 1)) {
1539 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M4 encrypted "
1541 #ifdef WPS_STRICT_WPS2
1544 #else /* WPS_STRICT_WPS2 */
1546 #endif /* WPS_STRICT_WPS2 */
1553 int wps_validate_m5(const struct wpabuf *tlvs)
1555 struct wps_parse_attr attr;
1559 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M5");
1562 if (wps_parse_msg(tlvs, &attr) < 0) {
1563 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1568 wps2 = attr.version2 != NULL;
1569 if (wps_validate_version(attr.version, 1) ||
1570 wps_validate_msg_type(attr.msg_type, 1) ||
1571 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1572 wps_validate_encr_settings(attr.encr_settings,
1573 attr.encr_settings_len, 1) ||
1574 wps_validate_version2(attr.version2, wps2) ||
1575 wps_validate_authenticator(attr.authenticator, 1)) {
1576 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M5");
1577 #ifdef WPS_STRICT_WPS2
1580 #else /* WPS_STRICT_WPS2 */
1582 #endif /* WPS_STRICT_WPS2 */
1589 int wps_validate_m5_encr(const struct wpabuf *tlvs, int wps2)
1591 struct wps_parse_attr attr;
1594 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M5 encrypted "
1598 if (wps_parse_msg(tlvs, &attr) < 0) {
1599 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1600 "in M5 encrypted settings");
1604 if (wps_validate_e_snonce1(attr.e_snonce1, 1) ||
1605 wps_validate_key_wrap_auth(attr.key_wrap_auth, 1)) {
1606 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M5 encrypted "
1608 #ifdef WPS_STRICT_WPS2
1611 #else /* WPS_STRICT_WPS2 */
1613 #endif /* WPS_STRICT_WPS2 */
1620 int wps_validate_m6(const struct wpabuf *tlvs)
1622 struct wps_parse_attr attr;
1626 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M6");
1629 if (wps_parse_msg(tlvs, &attr) < 0) {
1630 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1635 wps2 = attr.version2 != NULL;
1636 if (wps_validate_version(attr.version, 1) ||
1637 wps_validate_msg_type(attr.msg_type, 1) ||
1638 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1639 wps_validate_encr_settings(attr.encr_settings,
1640 attr.encr_settings_len, 1) ||
1641 wps_validate_version2(attr.version2, wps2) ||
1642 wps_validate_authenticator(attr.authenticator, 1)) {
1643 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M6");
1644 #ifdef WPS_STRICT_WPS2
1647 #else /* WPS_STRICT_WPS2 */
1649 #endif /* WPS_STRICT_WPS2 */
1656 int wps_validate_m6_encr(const struct wpabuf *tlvs, int wps2)
1658 struct wps_parse_attr attr;
1661 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M6 encrypted "
1665 if (wps_parse_msg(tlvs, &attr) < 0) {
1666 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1667 "in M6 encrypted settings");
1671 if (wps_validate_r_snonce2(attr.r_snonce2, 1) ||
1672 wps_validate_key_wrap_auth(attr.key_wrap_auth, 1)) {
1673 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M6 encrypted "
1675 #ifdef WPS_STRICT_WPS2
1678 #else /* WPS_STRICT_WPS2 */
1680 #endif /* WPS_STRICT_WPS2 */
1687 int wps_validate_m7(const struct wpabuf *tlvs)
1689 struct wps_parse_attr attr;
1693 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M7");
1696 if (wps_parse_msg(tlvs, &attr) < 0) {
1697 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1702 wps2 = attr.version2 != NULL;
1703 if (wps_validate_version(attr.version, 1) ||
1704 wps_validate_msg_type(attr.msg_type, 1) ||
1705 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1706 wps_validate_encr_settings(attr.encr_settings,
1707 attr.encr_settings_len, 1) ||
1708 wps_validate_settings_delay_time(attr.settings_delay_time, 0) ||
1709 wps_validate_version2(attr.version2, wps2) ||
1710 wps_validate_authenticator(attr.authenticator, 1)) {
1711 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M7");
1712 #ifdef WPS_STRICT_WPS2
1715 #else /* WPS_STRICT_WPS2 */
1717 #endif /* WPS_STRICT_WPS2 */
1724 int wps_validate_m7_encr(const struct wpabuf *tlvs, int ap, int wps2)
1726 struct wps_parse_attr attr;
1729 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M7 encrypted "
1733 if (wps_parse_msg(tlvs, &attr) < 0) {
1734 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1735 "in M7 encrypted settings");
1739 if (wps_validate_e_snonce2(attr.e_snonce2, 1) ||
1740 wps_validate_ssid(attr.ssid, attr.ssid_len, !ap) ||
1741 wps_validate_mac_addr(attr.mac_addr, !ap) ||
1742 wps_validate_auth_type(attr.auth_type, !ap) ||
1743 wps_validate_encr_type(attr.encr_type, !ap) ||
1744 wps_validate_network_key_index(attr.network_key_idx, 0) ||
1745 wps_validate_network_key(attr.network_key, attr.network_key_len,
1746 attr.encr_type, !ap) ||
1747 wps_validate_key_wrap_auth(attr.key_wrap_auth, 1)) {
1748 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M7 encrypted "
1750 #ifdef WPS_STRICT_WPS2
1753 #else /* WPS_STRICT_WPS2 */
1755 #endif /* WPS_STRICT_WPS2 */
1762 int wps_validate_m8(const struct wpabuf *tlvs)
1764 struct wps_parse_attr attr;
1768 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M8");
1771 if (wps_parse_msg(tlvs, &attr) < 0) {
1772 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1777 wps2 = attr.version2 != NULL;
1778 if (wps_validate_version(attr.version, 1) ||
1779 wps_validate_msg_type(attr.msg_type, 1) ||
1780 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1781 wps_validate_encr_settings(attr.encr_settings,
1782 attr.encr_settings_len, 1) ||
1783 wps_validate_version2(attr.version2, wps2) ||
1784 wps_validate_authenticator(attr.authenticator, 1)) {
1785 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M8");
1786 #ifdef WPS_STRICT_WPS2
1789 #else /* WPS_STRICT_WPS2 */
1791 #endif /* WPS_STRICT_WPS2 */
1798 int wps_validate_m8_encr(const struct wpabuf *tlvs, int ap, int wps2)
1800 struct wps_parse_attr attr;
1803 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M8 encrypted "
1807 if (wps_parse_msg(tlvs, &attr) < 0) {
1808 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1809 "in M8 encrypted settings");
1813 if (wps_validate_ssid(attr.ssid, attr.ssid_len, ap) ||
1814 wps_validate_auth_type(attr.auth_type, ap) ||
1815 wps_validate_encr_type(attr.encr_type, ap) ||
1816 wps_validate_network_key_index(attr.network_key_idx, 0) ||
1817 wps_validate_mac_addr(attr.mac_addr, ap) ||
1818 wps_validate_credential(attr.cred, attr.cred_len, attr.num_cred,
1820 wps_validate_key_wrap_auth(attr.key_wrap_auth, 1)) {
1821 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M8 encrypted "
1823 #ifdef WPS_STRICT_WPS2
1826 #else /* WPS_STRICT_WPS2 */
1828 #endif /* WPS_STRICT_WPS2 */
1835 int wps_validate_wsc_ack(const struct wpabuf *tlvs)
1837 struct wps_parse_attr attr;
1841 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_ACK");
1844 if (wps_parse_msg(tlvs, &attr) < 0) {
1845 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1850 wps2 = attr.version2 != NULL;
1851 if (wps_validate_version(attr.version, 1) ||
1852 wps_validate_msg_type(attr.msg_type, 1) ||
1853 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1854 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1855 wps_validate_version2(attr.version2, wps2)) {
1856 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_ACK");
1857 #ifdef WPS_STRICT_WPS2
1860 #else /* WPS_STRICT_WPS2 */
1862 #endif /* WPS_STRICT_WPS2 */
1869 int wps_validate_wsc_nack(const struct wpabuf *tlvs)
1871 struct wps_parse_attr attr;
1875 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_NACK");
1878 if (wps_parse_msg(tlvs, &attr) < 0) {
1879 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1884 wps2 = attr.version2 != NULL;
1885 if (wps_validate_version(attr.version, 1) ||
1886 wps_validate_msg_type(attr.msg_type, 1) ||
1887 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1888 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1889 wps_validate_config_error(attr.config_error, 1) ||
1890 wps_validate_version2(attr.version2, wps2)) {
1891 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_NACK");
1892 #ifdef WPS_STRICT_WPS2
1895 #else /* WPS_STRICT_WPS2 */
1897 #endif /* WPS_STRICT_WPS2 */
1904 int wps_validate_wsc_done(const struct wpabuf *tlvs)
1906 struct wps_parse_attr attr;
1910 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_Done");
1913 if (wps_parse_msg(tlvs, &attr) < 0) {
1914 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1919 wps2 = attr.version2 != NULL;
1920 if (wps_validate_version(attr.version, 1) ||
1921 wps_validate_msg_type(attr.msg_type, 1) ||
1922 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1923 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1924 wps_validate_version2(attr.version2, wps2)) {
1925 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_Done");
1926 #ifdef WPS_STRICT_WPS2
1929 #else /* WPS_STRICT_WPS2 */
1931 #endif /* WPS_STRICT_WPS2 */
1938 int wps_validate_upnp_set_selected_registrar(const struct wpabuf *tlvs)
1940 struct wps_parse_attr attr;
1945 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in "
1946 "SetSelectedRegistrar");
1949 if (wps_parse_msg(tlvs, &attr) < 0) {
1950 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1951 "in SetSelectedRegistrar");
1955 wps2 = attr.version2 != NULL;
1956 sel_reg = attr.selected_registrar != NULL &&
1957 *attr.selected_registrar != 0;
1958 if (wps_validate_version(attr.version, 1) ||
1959 wps_validate_dev_password_id(attr.dev_password_id, sel_reg) ||
1960 wps_validate_sel_reg_config_methods(attr.sel_reg_config_methods,
1962 wps_validate_version2(attr.version2, wps2) ||
1963 wps_validate_authorized_macs(attr.authorized_macs,
1964 attr.authorized_macs_len, wps2) ||
1965 wps_validate_uuid_r(attr.uuid_r, wps2)) {
1966 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid "
1967 "SetSelectedRegistrar");
1968 #ifdef WPS_STRICT_WPS2
1971 #else /* WPS_STRICT_WPS2 */
1973 #endif /* WPS_STRICT_WPS2 */