3 * Copyright (c) 2017, Qualcomm Atheros, Inc.
4 * Copyright (c) 2018-2019, The Linux Foundation
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
10 #include "utils/includes.h"
12 #include "utils/common.h"
13 #include "utils/eloop.h"
14 #include "common/dpp.h"
15 #include "common/gas.h"
16 #include "common/gas_server.h"
17 #include "rsn_supp/wpa.h"
18 #include "rsn_supp/pmksa_cache.h"
19 #include "wpa_supplicant_i.h"
22 #include "offchannel.h"
23 #include "gas_query.h"
27 #include "dpp_supplicant.h"
30 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
32 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
33 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
34 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
35 unsigned int freq, const u8 *dst,
36 const u8 *src, const u8 *bssid,
37 const u8 *data, size_t data_len,
38 enum offchannel_send_action_result result);
39 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
40 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s);
42 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
43 unsigned int freq, const u8 *dst,
44 const u8 *src, const u8 *bssid,
45 const u8 *data, size_t data_len,
46 enum offchannel_send_action_result result);
48 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
50 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
51 * a single transaction in progress at any point in time. */
52 static const u8 TRANSACTION_ID = 1;
56 * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
57 * @wpa_s: Pointer to wpa_supplicant data
58 * @cmd: DPP URI read from a QR Code
59 * Returns: Identifier of the stored info or -1 on failure
61 int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
63 struct dpp_bootstrap_info *bi;
64 struct dpp_authentication *auth = wpa_s->dpp_auth;
66 bi = dpp_add_qr_code(wpa_s->dpp, cmd);
70 if (auth && auth->response_pending &&
71 dpp_notify_new_qr_code(auth, bi) == 1) {
73 "DPP: Sending out pending authentication response");
74 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
76 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
77 DPP_PA_AUTHENTICATION_RESP);
78 offchannel_send_action(wpa_s, auth->curr_freq,
79 auth->peer_mac_addr, wpa_s->own_addr,
81 wpabuf_head(auth->resp_msg),
82 wpabuf_len(auth->resp_msg),
83 500, wpas_dpp_tx_status, 0);
90 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx)
92 struct wpa_supplicant *wpa_s = eloop_ctx;
93 struct dpp_authentication *auth = wpa_s->dpp_auth;
95 if (!auth || !auth->resp_msg)
99 "DPP: Retry Authentication Response after timeout");
100 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
102 MAC2STR(auth->peer_mac_addr), auth->curr_freq,
103 DPP_PA_AUTHENTICATION_RESP);
104 offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr,
105 wpa_s->own_addr, broadcast,
106 wpabuf_head(auth->resp_msg),
107 wpabuf_len(auth->resp_msg),
108 500, wpas_dpp_tx_status, 0);
112 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s)
114 struct dpp_authentication *auth = wpa_s->dpp_auth;
115 unsigned int wait_time, max_tries;
117 if (!auth || !auth->resp_msg)
120 if (wpa_s->dpp_resp_max_tries)
121 max_tries = wpa_s->dpp_resp_max_tries;
124 auth->auth_resp_tries++;
125 if (auth->auth_resp_tries >= max_tries) {
126 wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange");
127 offchannel_send_action_done(wpa_s);
128 dpp_auth_deinit(wpa_s->dpp_auth);
129 wpa_s->dpp_auth = NULL;
133 if (wpa_s->dpp_resp_retry_time)
134 wait_time = wpa_s->dpp_resp_retry_time;
137 wpa_printf(MSG_DEBUG,
138 "DPP: Schedule retransmission of Authentication Response frame in %u ms",
140 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
141 eloop_register_timeout(wait_time / 1000,
142 (wait_time % 1000) * 1000,
143 wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
147 static void wpas_dpp_try_to_connect(struct wpa_supplicant *wpa_s)
149 wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network");
150 wpa_s->disconnected = 0;
151 wpa_s->reassociate = 1;
152 wpa_s->scan_runs = 0;
153 wpa_s->normal_scans = 0;
154 wpa_supplicant_cancel_sched_scan(wpa_s);
155 wpa_supplicant_req_scan(wpa_s, 0, 0);
159 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
160 unsigned int freq, const u8 *dst,
161 const u8 *src, const u8 *bssid,
162 const u8 *data, size_t data_len,
163 enum offchannel_send_action_result result)
166 struct dpp_authentication *auth = wpa_s->dpp_auth;
168 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
169 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
171 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
172 " result=%s", freq, MAC2STR(dst), res_txt);
173 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
174 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
176 if (!wpa_s->dpp_auth) {
177 wpa_printf(MSG_DEBUG,
178 "DPP: Ignore TX status since there is no ongoing authentication exchange");
183 if (auth->connect_on_tx_status) {
184 wpa_printf(MSG_DEBUG,
185 "DPP: Try to connect after completed configuration result");
186 wpas_dpp_try_to_connect(wpa_s);
187 dpp_auth_deinit(wpa_s->dpp_auth);
188 wpa_s->dpp_auth = NULL;
191 #endif /* CONFIG_DPP2 */
193 if (wpa_s->dpp_auth->remove_on_tx_status) {
194 wpa_printf(MSG_DEBUG,
195 "DPP: Terminate authentication exchange due to an earlier error");
196 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
197 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
198 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
200 offchannel_send_action_done(wpa_s);
201 dpp_auth_deinit(wpa_s->dpp_auth);
202 wpa_s->dpp_auth = NULL;
206 if (wpa_s->dpp_auth_ok_on_ack)
207 wpas_dpp_auth_success(wpa_s, 1);
209 if (!is_broadcast_ether_addr(dst) &&
210 result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
211 wpa_printf(MSG_DEBUG,
212 "DPP: Unicast DPP Action frame was not ACKed");
213 if (auth->waiting_auth_resp) {
214 /* In case of DPP Authentication Request frame, move to
215 * the next channel immediately. */
216 offchannel_send_action_done(wpa_s);
217 wpas_dpp_auth_init_next(wpa_s);
220 if (auth->waiting_auth_conf) {
221 wpas_dpp_auth_resp_retry(wpa_s);
226 if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp &&
227 result == OFFCHANNEL_SEND_ACTION_SUCCESS) {
228 /* Allow timeout handling to stop iteration if no response is
229 * received from a peer that has ACKed a request. */
230 auth->auth_req_ack = 1;
233 if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
234 wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
235 wpa_printf(MSG_DEBUG,
236 "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
237 wpa_s->dpp_auth->curr_freq,
238 wpa_s->dpp_auth->neg_freq);
239 offchannel_send_action_done(wpa_s);
240 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_auth->neg_freq);
243 if (wpa_s->dpp_auth_ok_on_ack)
244 wpa_s->dpp_auth_ok_on_ack = 0;
248 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
250 struct wpa_supplicant *wpa_s = eloop_ctx;
251 struct dpp_authentication *auth = wpa_s->dpp_auth;
253 struct os_reltime now, diff;
254 unsigned int wait_time, diff_ms;
256 if (!auth || !auth->waiting_auth_resp)
259 wait_time = wpa_s->dpp_resp_wait_time ?
260 wpa_s->dpp_resp_wait_time : 2000;
261 os_get_reltime(&now);
262 os_reltime_sub(&now, &wpa_s->dpp_last_init, &diff);
263 diff_ms = diff.sec * 1000 + diff.usec / 1000;
264 wpa_printf(MSG_DEBUG,
265 "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
268 if (auth->auth_req_ack && diff_ms >= wait_time) {
269 /* Peer ACK'ed Authentication Request frame, but did not reply
270 * with Authentication Response frame within two seconds. */
272 "DPP: No response received from responder - stopping initiation attempt");
273 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
274 offchannel_send_action_done(wpa_s);
275 wpas_dpp_listen_stop(wpa_s);
276 dpp_auth_deinit(auth);
277 wpa_s->dpp_auth = NULL;
281 if (diff_ms >= wait_time) {
282 /* Authentication Request frame was not ACK'ed and no reply
283 * was receiving within two seconds. */
284 wpa_printf(MSG_DEBUG,
285 "DPP: Continue Initiator channel iteration");
286 offchannel_send_action_done(wpa_s);
287 wpas_dpp_listen_stop(wpa_s);
288 wpas_dpp_auth_init_next(wpa_s);
292 /* Driver did not support 2000 ms long wait_time with TX command, so
293 * schedule listen operation to continue waiting for the response.
295 * DPP listen operations continue until stopped, so simply schedule a
296 * new call to this function at the point when the two second reply
297 * wait has expired. */
298 wait_time -= diff_ms;
300 freq = auth->curr_freq;
301 if (auth->neg_freq > 0)
302 freq = auth->neg_freq;
303 wpa_printf(MSG_DEBUG,
304 "DPP: Continue reply wait on channel %u MHz for %u ms",
306 wpa_s->dpp_in_response_listen = 1;
307 wpas_dpp_listen_start(wpa_s, freq);
309 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
310 wpas_dpp_reply_wait_timeout, wpa_s, NULL);
314 static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
315 struct dpp_authentication *auth)
317 #ifdef CONFIG_TESTING_OPTIONS
318 if (wpa_s->dpp_config_obj_override)
319 auth->config_obj_override =
320 os_strdup(wpa_s->dpp_config_obj_override);
321 if (wpa_s->dpp_discovery_override)
322 auth->discovery_override =
323 os_strdup(wpa_s->dpp_discovery_override);
324 if (wpa_s->dpp_groups_override)
325 auth->groups_override =
326 os_strdup(wpa_s->dpp_groups_override);
327 auth->ignore_netaccesskey_mismatch =
328 wpa_s->dpp_ignore_netaccesskey_mismatch;
329 #endif /* CONFIG_TESTING_OPTIONS */
333 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
335 struct wpa_supplicant *wpa_s = eloop_ctx;
337 if (!wpa_s->dpp_auth)
339 wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
340 wpas_dpp_auth_init_next(wpa_s);
344 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
346 struct dpp_authentication *auth = wpa_s->dpp_auth;
348 unsigned int wait_time, max_wait_time, freq, max_tries, used;
349 struct os_reltime now, diff;
351 wpa_s->dpp_in_response_listen = 0;
355 if (auth->freq_idx == 0)
356 os_get_reltime(&wpa_s->dpp_init_iter_start);
358 if (auth->freq_idx >= auth->num_freq) {
359 auth->num_freq_iters++;
360 if (wpa_s->dpp_init_max_tries)
361 max_tries = wpa_s->dpp_init_max_tries;
364 if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
366 "DPP: No response received from responder - stopping initiation attempt");
367 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
368 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout,
370 offchannel_send_action_done(wpa_s);
371 dpp_auth_deinit(wpa_s->dpp_auth);
372 wpa_s->dpp_auth = NULL;
376 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
377 if (wpa_s->dpp_init_retry_time)
378 wait_time = wpa_s->dpp_init_retry_time;
381 os_get_reltime(&now);
382 os_reltime_sub(&now, &wpa_s->dpp_init_iter_start, &diff);
383 used = diff.sec * 1000 + diff.usec / 1000;
384 if (used > wait_time)
388 wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms",
390 eloop_register_timeout(wait_time / 1000,
391 (wait_time % 1000) * 1000,
392 wpas_dpp_init_timeout, wpa_s,
396 freq = auth->freq[auth->freq_idx++];
397 auth->curr_freq = freq;
399 if (is_zero_ether_addr(auth->peer_bi->mac_addr))
402 dst = auth->peer_bi->mac_addr;
403 wpa_s->dpp_auth_ok_on_ack = 0;
404 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
405 wait_time = wpa_s->max_remain_on_chan;
406 max_wait_time = wpa_s->dpp_resp_wait_time ?
407 wpa_s->dpp_resp_wait_time : 2000;
408 if (wait_time > max_wait_time)
409 wait_time = max_wait_time;
410 wait_time += 10; /* give the driver some extra time to complete */
411 eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
412 wpas_dpp_reply_wait_timeout,
415 if (auth->neg_freq > 0 && freq != auth->neg_freq) {
416 wpa_printf(MSG_DEBUG,
417 "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
418 freq, auth->neg_freq);
420 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
421 MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
422 auth->auth_req_ack = 0;
423 os_get_reltime(&wpa_s->dpp_last_init);
424 return offchannel_send_action(wpa_s, freq, dst,
425 wpa_s->own_addr, broadcast,
426 wpabuf_head(auth->req_msg),
427 wpabuf_len(auth->req_msg),
428 wait_time, wpas_dpp_tx_status, 0);
432 int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
435 struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
436 u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
437 unsigned int neg_freq = 0;
439 wpa_s->dpp_gas_client = 0;
441 pos = os_strstr(cmd, " peer=");
445 peer_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
448 "DPP: Could not find bootstrapping info for the identified peer");
452 pos = os_strstr(cmd, " own=");
455 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
458 "DPP: Could not find bootstrapping info for the identified local entry");
462 if (peer_bi->curve != own_bi->curve) {
464 "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
465 peer_bi->curve->name, own_bi->curve->name);
470 pos = os_strstr(cmd, " role=");
473 if (os_strncmp(pos, "configurator", 12) == 0)
474 allowed_roles = DPP_CAPAB_CONFIGURATOR;
475 else if (os_strncmp(pos, "enrollee", 8) == 0)
476 allowed_roles = DPP_CAPAB_ENROLLEE;
477 else if (os_strncmp(pos, "either", 6) == 0)
478 allowed_roles = DPP_CAPAB_CONFIGURATOR |
484 pos = os_strstr(cmd, " netrole=");
487 wpa_s->dpp_netrole_ap = os_strncmp(pos, "ap", 2) == 0;
490 pos = os_strstr(cmd, " neg_freq=");
492 neg_freq = atoi(pos + 10);
494 if (wpa_s->dpp_auth) {
495 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
496 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
497 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
499 offchannel_send_action_done(wpa_s);
500 dpp_auth_deinit(wpa_s->dpp_auth);
502 wpa_s->dpp_auth = dpp_auth_init(wpa_s, peer_bi, own_bi, allowed_roles,
504 wpa_s->hw.modes, wpa_s->hw.num_modes);
505 if (!wpa_s->dpp_auth)
507 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
508 if (dpp_set_configurator(wpa_s->dpp, wpa_s, wpa_s->dpp_auth, cmd) < 0) {
509 dpp_auth_deinit(wpa_s->dpp_auth);
510 wpa_s->dpp_auth = NULL;
514 wpa_s->dpp_auth->neg_freq = neg_freq;
516 if (!is_zero_ether_addr(peer_bi->mac_addr))
517 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, peer_bi->mac_addr,
520 return wpas_dpp_auth_init_next(wpa_s);
526 struct wpas_dpp_listen_work {
528 unsigned int duration;
529 struct wpabuf *probe_resp_ie;
533 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
541 static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
543 struct wpas_dpp_listen_work *lwork;
545 if (!wpa_s->dpp_listen_work)
548 lwork = wpa_s->dpp_listen_work->ctx;
549 wpas_dpp_listen_work_free(lwork);
550 radio_work_done(wpa_s->dpp_listen_work);
551 wpa_s->dpp_listen_work = NULL;
555 static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
557 struct wpa_supplicant *wpa_s = work->wpa_s;
558 struct wpas_dpp_listen_work *lwork = work->ctx;
562 wpa_s->dpp_listen_work = NULL;
563 wpas_dpp_listen_stop(wpa_s);
565 wpas_dpp_listen_work_free(lwork);
569 wpa_s->dpp_listen_work = work;
571 wpa_s->dpp_pending_listen_freq = lwork->freq;
573 if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
574 wpa_s->max_remain_on_chan) < 0) {
575 wpa_printf(MSG_DEBUG,
576 "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
578 wpa_s->dpp_listen_freq = 0;
579 wpas_dpp_listen_work_done(wpa_s);
580 wpa_s->dpp_pending_listen_freq = 0;
583 wpa_s->off_channel_freq = 0;
584 wpa_s->roc_waiting_drv_freq = lwork->freq;
588 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
591 struct wpas_dpp_listen_work *lwork;
593 if (wpa_s->dpp_listen_work) {
594 wpa_printf(MSG_DEBUG,
595 "DPP: Reject start_listen since dpp_listen_work already exists");
599 if (wpa_s->dpp_listen_freq)
600 wpas_dpp_listen_stop(wpa_s);
601 wpa_s->dpp_listen_freq = freq;
603 lwork = os_zalloc(sizeof(*lwork));
608 if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
610 wpas_dpp_listen_work_free(lwork);
618 int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
626 if (os_strstr(cmd, " role=configurator"))
627 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
628 else if (os_strstr(cmd, " role=enrollee"))
629 wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
631 wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
633 wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
634 wpa_s->dpp_netrole_ap = os_strstr(cmd, " netrole=ap") != NULL;
635 if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
636 wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
641 return wpas_dpp_listen_start(wpa_s, freq);
645 void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
647 wpa_s->dpp_in_response_listen = 0;
648 if (!wpa_s->dpp_listen_freq)
651 wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
652 wpa_s->dpp_listen_freq);
653 wpa_drv_cancel_remain_on_channel(wpa_s);
654 wpa_s->dpp_listen_freq = 0;
655 wpas_dpp_listen_work_done(wpa_s);
659 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
662 wpas_dpp_listen_work_done(wpa_s);
664 if (wpa_s->dpp_auth && wpa_s->dpp_in_response_listen) {
665 unsigned int new_freq;
667 /* Continue listen with a new remain-on-channel */
668 if (wpa_s->dpp_auth->neg_freq > 0)
669 new_freq = wpa_s->dpp_auth->neg_freq;
671 new_freq = wpa_s->dpp_auth->curr_freq;
672 wpa_printf(MSG_DEBUG,
673 "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
675 wpas_dpp_listen_start(wpa_s, new_freq);
679 if (wpa_s->dpp_listen_freq) {
680 /* Continue listen with a new remain-on-channel */
681 wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
686 static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
687 const u8 *hdr, const u8 *buf, size_t len,
690 const u8 *r_bootstrap, *i_bootstrap;
691 u16 r_bootstrap_len, i_bootstrap_len;
692 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
697 wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
700 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
702 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
703 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
704 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
707 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
708 r_bootstrap, r_bootstrap_len);
710 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
712 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
713 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
714 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
717 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
718 i_bootstrap, i_bootstrap_len);
720 /* Try to find own and peer bootstrapping key matches based on the
721 * received hash values */
722 dpp_bootstrap_find_pair(wpa_s->dpp, i_bootstrap, r_bootstrap,
725 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
726 "No matching own bootstrapping key found - ignore message");
730 if (wpa_s->dpp_auth) {
731 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
732 "Already in DPP authentication exchange - ignore new one");
736 wpa_s->dpp_gas_client = 0;
737 wpa_s->dpp_auth_ok_on_ack = 0;
738 wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles,
739 wpa_s->dpp_qr_mutual,
740 peer_bi, own_bi, freq, hdr, buf, len);
741 if (!wpa_s->dpp_auth) {
742 wpa_printf(MSG_DEBUG, "DPP: No response generated");
745 wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
746 if (dpp_set_configurator(wpa_s->dpp, wpa_s, wpa_s->dpp_auth,
747 wpa_s->dpp_configurator_params) < 0) {
748 dpp_auth_deinit(wpa_s->dpp_auth);
749 wpa_s->dpp_auth = NULL;
752 os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
754 if (wpa_s->dpp_listen_freq &&
755 wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) {
756 wpa_printf(MSG_DEBUG,
757 "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
758 wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq);
759 wpas_dpp_listen_stop(wpa_s);
762 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
763 MAC2STR(src), wpa_s->dpp_auth->curr_freq,
764 DPP_PA_AUTHENTICATION_RESP);
765 offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
766 src, wpa_s->own_addr, broadcast,
767 wpabuf_head(wpa_s->dpp_auth->resp_msg),
768 wpabuf_len(wpa_s->dpp_auth->resp_msg),
769 500, wpas_dpp_tx_status, 0);
773 static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
775 /* TODO: stop wait and start ROC */
779 static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
780 struct dpp_authentication *auth)
782 struct wpa_ssid *ssid;
785 if (auth->akm == DPP_AKM_SAE) {
787 struct wpa_driver_capa capa;
790 res = wpa_drv_get_capa(wpa_s, &capa);
792 !(capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SAE) &&
793 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
794 wpa_printf(MSG_DEBUG,
795 "DPP: SAE not supported by the driver");
798 #else /* CONFIG_SAE */
799 wpa_printf(MSG_DEBUG, "DPP: SAE not supported in the build");
801 #endif /* CONFIG_SAE */
803 #endif /* CONFIG_DPP2 */
805 ssid = wpa_config_add_network(wpa_s->conf);
808 wpas_notify_network_added(wpa_s, ssid);
809 wpa_config_set_network_defaults(ssid);
812 ssid->ssid = os_malloc(auth->ssid_len);
815 os_memcpy(ssid->ssid, auth->ssid, auth->ssid_len);
816 ssid->ssid_len = auth->ssid_len;
818 if (auth->connector) {
819 ssid->key_mgmt = WPA_KEY_MGMT_DPP;
820 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
821 ssid->dpp_connector = os_strdup(auth->connector);
822 if (!ssid->dpp_connector)
826 if (auth->c_sign_key) {
827 ssid->dpp_csign = os_malloc(wpabuf_len(auth->c_sign_key));
828 if (!ssid->dpp_csign)
830 os_memcpy(ssid->dpp_csign, wpabuf_head(auth->c_sign_key),
831 wpabuf_len(auth->c_sign_key));
832 ssid->dpp_csign_len = wpabuf_len(auth->c_sign_key);
835 if (auth->net_access_key) {
836 ssid->dpp_netaccesskey =
837 os_malloc(wpabuf_len(auth->net_access_key));
838 if (!ssid->dpp_netaccesskey)
840 os_memcpy(ssid->dpp_netaccesskey,
841 wpabuf_head(auth->net_access_key),
842 wpabuf_len(auth->net_access_key));
843 ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key);
844 ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry;
847 if (!auth->connector || dpp_akm_psk(auth->akm) ||
848 dpp_akm_sae(auth->akm)) {
849 if (!auth->connector)
851 if (dpp_akm_psk(auth->akm))
852 ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
853 WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK;
854 if (dpp_akm_sae(auth->akm))
855 ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
857 ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
858 if (auth->passphrase[0]) {
859 if (wpa_config_set_quoted(ssid, "psk",
860 auth->passphrase) < 0)
862 wpa_config_update_psk(ssid);
863 ssid->export_keys = 1;
865 ssid->psk_set = auth->psk_set;
866 os_memcpy(ssid->psk, auth->psk, PMK_LEN);
872 wpas_notify_network_removed(wpa_s, ssid);
873 wpa_config_remove_network(wpa_s->conf, ssid->id);
878 static int wpas_dpp_process_config(struct wpa_supplicant *wpa_s,
879 struct dpp_authentication *auth)
881 struct wpa_ssid *ssid;
883 if (wpa_s->conf->dpp_config_processing < 1)
886 ssid = wpas_dpp_add_network(wpa_s, auth);
890 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id);
891 if (wpa_s->conf->dpp_config_processing == 2)
894 #ifndef CONFIG_NO_CONFIG_WRITE
895 if (wpa_s->conf->update_config &&
896 wpa_config_write(wpa_s->confname, wpa_s->conf))
897 wpa_printf(MSG_DEBUG, "DPP: Failed to update configuration");
898 #endif /* CONFIG_NO_CONFIG_WRITE */
900 if (wpa_s->conf->dpp_config_processing < 2)
904 if (auth->peer_version >= 2) {
905 wpa_printf(MSG_DEBUG,
906 "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result");
907 auth->connect_on_tx_status = 1;
910 #endif /* CONFIG_DPP2 */
912 wpas_dpp_try_to_connect(wpa_s);
917 static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
918 struct dpp_authentication *auth)
920 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
922 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
923 wpa_ssid_txt(auth->ssid, auth->ssid_len));
924 if (auth->connector) {
925 /* TODO: Save the Connector and consider using a command
926 * to fetch the value instead of sending an event with
927 * it. The Connector could end up being larger than what
928 * most clients are ready to receive as an event
930 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
933 if (auth->c_sign_key) {
937 hexlen = 2 * wpabuf_len(auth->c_sign_key) + 1;
938 hex = os_malloc(hexlen);
940 wpa_snprintf_hex(hex, hexlen,
941 wpabuf_head(auth->c_sign_key),
942 wpabuf_len(auth->c_sign_key));
943 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
948 if (auth->net_access_key) {
952 hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
953 hex = os_malloc(hexlen);
955 wpa_snprintf_hex(hex, hexlen,
956 wpabuf_head(auth->net_access_key),
957 wpabuf_len(auth->net_access_key));
958 if (auth->net_access_key_expiry)
959 wpa_msg(wpa_s, MSG_INFO,
960 DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
962 auth->net_access_key_expiry);
964 wpa_msg(wpa_s, MSG_INFO,
965 DPP_EVENT_NET_ACCESS_KEY "%s", hex);
970 return wpas_dpp_process_config(wpa_s, auth);
974 static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
975 enum gas_query_result result,
976 const struct wpabuf *adv_proto,
977 const struct wpabuf *resp, u16 status_code)
979 struct wpa_supplicant *wpa_s = ctx;
981 struct dpp_authentication *auth = wpa_s->dpp_auth;
983 enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED;
985 wpa_s->dpp_gas_dialog_token = -1;
987 if (!auth || !auth->auth_success) {
988 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
991 if (result != GAS_QUERY_SUCCESS ||
992 !resp || status_code != WLAN_STATUS_SUCCESS) {
993 wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
997 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
999 wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
1002 if (wpabuf_len(adv_proto) != 10 ||
1003 !(pos = wpabuf_head(adv_proto)) ||
1004 pos[0] != WLAN_EID_ADV_PROTO ||
1006 pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
1008 WPA_GET_BE24(&pos[5]) != OUI_WFA ||
1011 wpa_printf(MSG_DEBUG,
1012 "DPP: Not a DPP Advertisement Protocol ID");
1016 if (dpp_conf_resp_rx(auth, resp) < 0) {
1017 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
1021 res = wpas_dpp_handle_config_obj(wpa_s, auth);
1025 status = DPP_STATUS_OK;
1026 #ifdef CONFIG_TESTING_OPTIONS
1027 if (dpp_test == DPP_TEST_REJECT_CONFIG) {
1028 wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object");
1029 status = DPP_STATUS_CONFIG_REJECTED;
1031 #endif /* CONFIG_TESTING_OPTIONS */
1033 if (status != DPP_STATUS_OK)
1034 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1036 if (auth->peer_version >= 2 &&
1037 auth->conf_resp_status == DPP_STATUS_OK) {
1040 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
1041 msg = dpp_build_conf_result(auth, status);
1045 wpa_msg(wpa_s, MSG_INFO,
1046 DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1047 MAC2STR(addr), auth->curr_freq,
1048 DPP_PA_CONFIGURATION_RESULT);
1049 offchannel_send_action(wpa_s, auth->curr_freq,
1050 addr, wpa_s->own_addr, broadcast,
1053 500, wpas_dpp_tx_status, 0);
1056 /* This exchange will be terminated in the TX status handler */
1060 #endif /* CONFIG_DPP2 */
1061 dpp_auth_deinit(wpa_s->dpp_auth);
1062 wpa_s->dpp_auth = NULL;
1066 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
1068 struct dpp_authentication *auth = wpa_s->dpp_auth;
1073 wpa_s->dpp_gas_client = 1;
1074 os_snprintf(json, sizeof(json),
1075 "{\"name\":\"Test\","
1076 "\"wi-fi_tech\":\"infra\","
1077 "\"netRole\":\"%s\"}",
1078 wpa_s->dpp_netrole_ap ? "ap" : "sta");
1079 #ifdef CONFIG_TESTING_OPTIONS
1080 if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) {
1081 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr");
1082 json[29] = 'k'; /* replace "infra" with "knfra" */
1084 #endif /* CONFIG_TESTING_OPTIONS */
1085 wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json);
1087 offchannel_send_action_done(wpa_s);
1088 wpas_dpp_listen_stop(wpa_s);
1090 buf = dpp_build_conf_req(auth, json);
1092 wpa_printf(MSG_DEBUG,
1093 "DPP: No configuration request data available");
1097 wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
1098 MAC2STR(auth->peer_mac_addr), auth->curr_freq);
1100 res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
1101 1, buf, wpas_dpp_gas_resp_cb, wpa_s);
1103 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
1106 wpa_printf(MSG_DEBUG,
1107 "DPP: GAS query started with dialog token %u", res);
1108 wpa_s->dpp_gas_dialog_token = res;
1113 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
1115 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
1116 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_SUCCESS "init=%d", initiator);
1117 #ifdef CONFIG_TESTING_OPTIONS
1118 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
1119 wpa_printf(MSG_INFO,
1120 "DPP: TESTING - stop at Authentication Confirm");
1121 if (wpa_s->dpp_auth->configurator) {
1122 /* Prevent GAS response */
1123 wpa_s->dpp_auth->auth_success = 0;
1127 #endif /* CONFIG_TESTING_OPTIONS */
1129 if (wpa_s->dpp_auth->configurator)
1130 wpas_dpp_start_gas_server(wpa_s);
1132 wpas_dpp_start_gas_client(wpa_s);
1136 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1137 const u8 *hdr, const u8 *buf, size_t len,
1140 struct dpp_authentication *auth = wpa_s->dpp_auth;
1143 wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR
1144 " (freq %u MHz)", MAC2STR(src), freq);
1147 wpa_printf(MSG_DEBUG,
1148 "DPP: No DPP Authentication in progress - drop");
1152 if (!is_zero_ether_addr(auth->peer_mac_addr) &&
1153 os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1154 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1155 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1159 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
1161 if (auth->curr_freq != freq && auth->neg_freq == freq) {
1162 wpa_printf(MSG_DEBUG,
1163 "DPP: Responder accepted request for different negotiation channel");
1164 auth->curr_freq = freq;
1167 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
1168 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
1170 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
1171 wpa_printf(MSG_DEBUG,
1172 "DPP: Start wait for full response");
1173 offchannel_send_action_done(wpa_s);
1174 wpas_dpp_listen_start(wpa_s, auth->curr_freq);
1177 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
1180 os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
1182 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1183 MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF);
1184 offchannel_send_action(wpa_s, auth->curr_freq,
1185 src, wpa_s->own_addr, broadcast,
1186 wpabuf_head(msg), wpabuf_len(msg),
1187 500, wpas_dpp_tx_status, 0);
1189 wpa_s->dpp_auth_ok_on_ack = 1;
1193 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
1194 const u8 *hdr, const u8 *buf, size_t len)
1196 struct dpp_authentication *auth = wpa_s->dpp_auth;
1198 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
1202 wpa_printf(MSG_DEBUG,
1203 "DPP: No DPP Authentication in progress - drop");
1207 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1208 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1209 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1213 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
1214 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
1218 wpas_dpp_auth_success(wpa_s, 0);
1224 static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx,
1227 struct wpa_supplicant *wpa_s = eloop_ctx;
1228 struct dpp_authentication *auth = wpa_s->dpp_auth;
1230 if (!auth || !auth->waiting_conf_result)
1233 wpa_printf(MSG_DEBUG,
1234 "DPP: Timeout while waiting for Configuration Result");
1235 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1236 dpp_auth_deinit(auth);
1237 wpa_s->dpp_auth = NULL;
1241 static void wpas_dpp_rx_conf_result(struct wpa_supplicant *wpa_s, const u8 *src,
1242 const u8 *hdr, const u8 *buf, size_t len)
1244 struct dpp_authentication *auth = wpa_s->dpp_auth;
1245 enum dpp_status_error status;
1247 wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR,
1250 if (!auth || !auth->waiting_conf_result) {
1251 wpa_printf(MSG_DEBUG,
1252 "DPP: No DPP Configuration waiting for result - drop");
1256 if (os_memcmp(src, auth->peer_mac_addr, ETH_ALEN) != 0) {
1257 wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
1258 MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
1262 status = dpp_conf_result_rx(auth, hdr, buf, len);
1264 offchannel_send_action_done(wpa_s);
1265 wpas_dpp_listen_stop(wpa_s);
1266 if (status == DPP_STATUS_OK)
1267 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
1269 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1270 dpp_auth_deinit(auth);
1271 wpa_s->dpp_auth = NULL;
1272 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
1275 #endif /* CONFIG_DPP2 */
1278 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
1280 const u8 *buf, size_t len)
1282 struct wpa_ssid *ssid;
1283 const u8 *connector, *trans_id, *status;
1284 u16 connector_len, trans_id_len, status_len;
1285 struct dpp_introduction intro;
1286 struct rsn_pmksa_cache_entry *entry;
1288 struct os_reltime rnow;
1290 unsigned int seconds;
1291 enum dpp_status_error res;
1293 wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
1295 if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
1296 os_memcmp(src, wpa_s->dpp_intro_bssid, ETH_ALEN) != 0) {
1297 wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
1298 MACSTR " - drop", MAC2STR(src));
1301 offchannel_send_action_done(wpa_s);
1303 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1304 if (ssid == wpa_s->dpp_intro_network)
1307 if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
1309 wpa_printf(MSG_DEBUG,
1310 "DPP: Profile not found for network introduction");
1314 trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
1316 if (!trans_id || trans_id_len != 1) {
1317 wpa_printf(MSG_DEBUG,
1318 "DPP: Peer did not include Transaction ID");
1319 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1320 " fail=missing_transaction_id", MAC2STR(src));
1323 if (trans_id[0] != TRANSACTION_ID) {
1324 wpa_printf(MSG_DEBUG,
1325 "DPP: Ignore frame with unexpected Transaction ID %u",
1327 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1328 " fail=transaction_id_mismatch", MAC2STR(src));
1332 status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len);
1333 if (!status || status_len != 1) {
1334 wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status");
1335 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1336 " fail=missing_status", MAC2STR(src));
1339 if (status[0] != DPP_STATUS_OK) {
1340 wpa_printf(MSG_DEBUG,
1341 "DPP: Peer rejected network introduction: Status %u",
1343 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1344 " status=%u", MAC2STR(src), status[0]);
1348 connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
1350 wpa_printf(MSG_DEBUG,
1351 "DPP: Peer did not include its Connector");
1352 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1353 " fail=missing_connector", MAC2STR(src));
1357 res = dpp_peer_intro(&intro, ssid->dpp_connector,
1358 ssid->dpp_netaccesskey,
1359 ssid->dpp_netaccesskey_len,
1361 ssid->dpp_csign_len,
1362 connector, connector_len, &expiry);
1363 if (res != DPP_STATUS_OK) {
1364 wpa_printf(MSG_INFO,
1365 "DPP: Network Introduction protocol resulted in failure");
1366 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1367 " fail=peer_connector_validation_failed", MAC2STR(src));
1371 entry = os_zalloc(sizeof(*entry));
1374 os_memcpy(entry->aa, src, ETH_ALEN);
1375 os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
1376 os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
1377 entry->pmk_len = intro.pmk_len;
1378 entry->akmp = WPA_KEY_MGMT_DPP;
1381 seconds = expiry - now.sec;
1383 seconds = 86400 * 7;
1385 os_get_reltime(&rnow);
1386 entry->expiration = rnow.sec + seconds;
1387 entry->reauth_time = rnow.sec + seconds;
1388 entry->network_ctx = ssid;
1389 wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
1391 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
1392 " status=%u", MAC2STR(src), status[0]);
1394 wpa_printf(MSG_DEBUG,
1395 "DPP: Try connection again after successful network introduction");
1396 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
1397 wpa_supplicant_cancel_sched_scan(wpa_s);
1398 wpa_supplicant_req_scan(wpa_s, 0, 0);
1401 os_memset(&intro, 0, sizeof(intro));
1405 static int wpas_dpp_allow_ir(struct wpa_supplicant *wpa_s, unsigned int freq)
1409 if (!wpa_s->hw.modes)
1412 for (i = 0; i < wpa_s->hw.num_modes; i++) {
1413 struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
1415 for (j = 0; j < mode->num_channels; j++) {
1416 struct hostapd_channel_data *chan = &mode->channels[j];
1418 if (chan->freq != (int) freq)
1421 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
1422 HOSTAPD_CHAN_NO_IR |
1423 HOSTAPD_CHAN_RADAR))
1430 wpa_printf(MSG_DEBUG,
1431 "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list",
1438 static int wpas_dpp_pkex_next_channel(struct wpa_supplicant *wpa_s,
1439 struct dpp_pkex *pkex)
1441 if (pkex->freq == 2437)
1443 else if (pkex->freq == 5745)
1445 else if (pkex->freq == 5220)
1448 return -1; /* no more channels to try */
1450 if (wpas_dpp_allow_ir(wpa_s, pkex->freq) == 1) {
1451 wpa_printf(MSG_DEBUG, "DPP: Try to initiate on %u MHz",
1456 /* Could not use this channel - try the next one */
1457 return wpas_dpp_pkex_next_channel(wpa_s, pkex);
1461 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx)
1463 struct wpa_supplicant *wpa_s = eloop_ctx;
1464 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1466 if (!pkex || !pkex->exchange_req)
1468 if (pkex->exch_req_tries >= 5) {
1469 if (wpas_dpp_pkex_next_channel(wpa_s, pkex) < 0) {
1470 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1471 "No response from PKEX peer");
1472 dpp_pkex_free(pkex);
1473 wpa_s->dpp_pkex = NULL;
1476 pkex->exch_req_tries = 0;
1479 pkex->exch_req_tries++;
1480 wpa_printf(MSG_DEBUG, "DPP: Retransmit PKEX Exchange Request (try %u)",
1481 pkex->exch_req_tries);
1482 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1483 MAC2STR(broadcast), pkex->freq, DPP_PA_PKEX_EXCHANGE_REQ);
1484 offchannel_send_action(wpa_s, pkex->freq, broadcast,
1485 wpa_s->own_addr, broadcast,
1486 wpabuf_head(pkex->exchange_req),
1487 wpabuf_len(pkex->exchange_req),
1488 pkex->exch_req_wait_time,
1489 wpas_dpp_tx_pkex_status, 0);
1494 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
1495 unsigned int freq, const u8 *dst,
1496 const u8 *src, const u8 *bssid,
1497 const u8 *data, size_t data_len,
1498 enum offchannel_send_action_result result)
1500 const char *res_txt;
1501 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1503 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
1504 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
1506 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
1507 " result=%s (PKEX)",
1508 freq, MAC2STR(dst), res_txt);
1509 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
1510 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
1513 wpa_printf(MSG_DEBUG,
1514 "DPP: Ignore TX status since there is no ongoing PKEX exchange");
1519 wpa_printf(MSG_DEBUG,
1520 "DPP: Terminate PKEX exchange due to an earlier error");
1521 if (pkex->t > pkex->own_bi->pkex_t)
1522 pkex->own_bi->pkex_t = pkex->t;
1523 dpp_pkex_free(pkex);
1524 wpa_s->dpp_pkex = NULL;
1528 if (pkex->exch_req_wait_time && pkex->exchange_req) {
1529 /* Wait for PKEX Exchange Response frame and retry request if
1530 * no response is seen. */
1531 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
1532 eloop_register_timeout(pkex->exch_req_wait_time / 1000,
1533 (pkex->exch_req_wait_time % 1000) * 1000,
1534 wpas_dpp_pkex_retry_timeout, wpa_s,
1541 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
1542 const u8 *buf, size_t len, unsigned int freq)
1545 unsigned int wait_time;
1547 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
1550 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1553 if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) {
1554 wpa_printf(MSG_DEBUG,
1555 "DPP: No PKEX code configured - ignore request");
1559 if (wpa_s->dpp_pkex) {
1560 /* TODO: Support parallel operations */
1561 wpa_printf(MSG_DEBUG,
1562 "DPP: Already in PKEX session - ignore new request");
1566 wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi,
1567 wpa_s->own_addr, src,
1568 wpa_s->dpp_pkex_identifier,
1569 wpa_s->dpp_pkex_code,
1571 if (!wpa_s->dpp_pkex) {
1572 wpa_printf(MSG_DEBUG,
1573 "DPP: Failed to process the request - ignore it");
1577 msg = wpa_s->dpp_pkex->exchange_resp;
1578 wait_time = wpa_s->max_remain_on_chan;
1579 if (wait_time > 2000)
1581 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1582 MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP);
1583 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1585 wpabuf_head(msg), wpabuf_len(msg),
1586 wait_time, wpas_dpp_tx_pkex_status, 0);
1591 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1592 const u8 *buf, size_t len, unsigned int freq)
1595 unsigned int wait_time;
1597 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
1600 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1603 if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator ||
1604 wpa_s->dpp_pkex->exchange_done) {
1605 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1609 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
1610 wpa_s->dpp_pkex->exch_req_wait_time = 0;
1612 msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, src, buf, len);
1614 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1618 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
1621 wait_time = wpa_s->max_remain_on_chan;
1622 if (wait_time > 2000)
1624 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1625 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ);
1626 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1628 wpabuf_head(msg), wpabuf_len(msg),
1629 wait_time, wpas_dpp_tx_pkex_status, 0);
1634 static struct dpp_bootstrap_info *
1635 wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer,
1638 struct dpp_bootstrap_info *bi;
1640 bi = dpp_pkex_finish(wpa_s->dpp, wpa_s->dpp_pkex, peer, freq);
1643 wpa_s->dpp_pkex = NULL;
1649 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
1650 const u8 *hdr, const u8 *buf, size_t len,
1654 unsigned int wait_time;
1655 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1657 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
1660 if (!pkex || pkex->initiator || !pkex->exchange_done) {
1661 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1665 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
1667 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
1669 wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
1670 if (pkex->t > pkex->own_bi->pkex_t)
1671 pkex->own_bi->pkex_t = pkex->t;
1672 dpp_pkex_free(wpa_s->dpp_pkex);
1673 wpa_s->dpp_pkex = NULL;
1678 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
1679 MACSTR, MAC2STR(src));
1681 wait_time = wpa_s->max_remain_on_chan;
1682 if (wait_time > 2000)
1684 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1685 MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP);
1686 offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
1688 wpabuf_head(msg), wpabuf_len(msg),
1689 wait_time, wpas_dpp_tx_pkex_status, 0);
1692 wpas_dpp_pkex_finish(wpa_s, src, freq);
1697 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
1698 const u8 *hdr, const u8 *buf, size_t len,
1702 struct dpp_bootstrap_info *bi;
1703 struct dpp_pkex *pkex = wpa_s->dpp_pkex;
1706 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
1709 if (!pkex || !pkex->initiator || !pkex->exchange_done) {
1710 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1714 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
1716 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1720 bi = wpas_dpp_pkex_finish(wpa_s, src, freq);
1724 os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
1726 wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
1727 wpa_printf(MSG_DEBUG,
1728 "DPP: Start authentication after PKEX with parameters: %s",
1730 if (wpas_dpp_auth_init(wpa_s, cmd) < 0) {
1731 wpa_printf(MSG_DEBUG,
1732 "DPP: Authentication initialization failed");
1738 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
1739 const u8 *buf, size_t len, unsigned int freq)
1742 enum dpp_public_action_frame_type type;
1744 unsigned int pkex_t;
1746 if (len < DPP_HDR_LEN)
1748 if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
1753 crypto_suite = *buf++;
1757 wpa_printf(MSG_DEBUG,
1758 "DPP: Received DPP Public Action frame crypto suite %u type %d from "
1760 crypto_suite, type, MAC2STR(src), freq);
1761 if (crypto_suite != 1) {
1762 wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
1764 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
1765 " freq=%u type=%d ignore=unsupported-crypto-suite",
1766 MAC2STR(src), freq, type);
1769 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
1770 if (dpp_check_attrs(buf, len) < 0) {
1771 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
1772 " freq=%u type=%d ignore=invalid-attributes",
1773 MAC2STR(src), freq, type);
1776 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d",
1777 MAC2STR(src), freq, type);
1780 case DPP_PA_AUTHENTICATION_REQ:
1781 wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
1783 case DPP_PA_AUTHENTICATION_RESP:
1784 wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq);
1786 case DPP_PA_AUTHENTICATION_CONF:
1787 wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
1789 case DPP_PA_PEER_DISCOVERY_RESP:
1790 wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
1792 case DPP_PA_PKEX_EXCHANGE_REQ:
1793 wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq);
1795 case DPP_PA_PKEX_EXCHANGE_RESP:
1796 wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
1798 case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
1799 wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
1802 case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
1803 wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
1807 case DPP_PA_CONFIGURATION_RESULT:
1808 wpas_dpp_rx_conf_result(wpa_s, src, hdr, buf, len);
1810 #endif /* CONFIG_DPP2 */
1812 wpa_printf(MSG_DEBUG,
1813 "DPP: Ignored unsupported frame subtype %d", type);
1817 if (wpa_s->dpp_pkex)
1818 pkex_t = wpa_s->dpp_pkex->t;
1819 else if (wpa_s->dpp_pkex_bi)
1820 pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
1823 if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
1824 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
1825 wpas_dpp_pkex_remove(wpa_s, "*");
1830 static struct wpabuf *
1831 wpas_dpp_gas_req_handler(void *ctx, const u8 *sa, const u8 *query,
1834 struct wpa_supplicant *wpa_s = ctx;
1835 struct dpp_authentication *auth = wpa_s->dpp_auth;
1836 struct wpabuf *resp;
1838 wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
1840 if (!auth || !auth->auth_success ||
1841 os_memcmp(sa, auth->peer_mac_addr, ETH_ALEN) != 0) {
1842 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1845 wpa_hexdump(MSG_DEBUG,
1846 "DPP: Received Configuration Request (GAS Query Request)",
1848 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR,
1850 resp = dpp_conf_req_rx(auth, query, query_len);
1852 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1853 auth->conf_resp = resp;
1859 wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
1861 struct wpa_supplicant *wpa_s = ctx;
1862 struct dpp_authentication *auth = wpa_s->dpp_auth;
1868 if (auth->conf_resp != resp) {
1869 wpa_printf(MSG_DEBUG,
1870 "DPP: Ignore GAS status report (ok=%d) for unknown response",
1876 wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
1878 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
1879 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
1881 if (ok && auth->peer_version >= 2 &&
1882 auth->conf_resp_status == DPP_STATUS_OK) {
1883 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
1884 auth->waiting_conf_result = 1;
1885 auth->conf_resp = NULL;
1887 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
1889 eloop_register_timeout(2, 0,
1890 wpas_dpp_config_result_wait_timeout,
1894 #endif /* CONFIG_DPP2 */
1895 offchannel_send_action_done(wpa_s);
1896 wpas_dpp_listen_stop(wpa_s);
1898 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT);
1900 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1901 dpp_auth_deinit(wpa_s->dpp_auth);
1902 wpa_s->dpp_auth = NULL;
1907 int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
1909 struct dpp_authentication *auth;
1913 auth = os_zalloc(sizeof(*auth));
1917 curve = get_param(cmd, " curve=");
1918 wpas_dpp_set_testing_options(wpa_s, auth);
1919 if (dpp_set_configurator(wpa_s->dpp, wpa_s, auth, cmd) == 0 &&
1920 dpp_configurator_own_config(auth, curve, 0) == 0)
1921 ret = wpas_dpp_handle_config_obj(wpa_s, auth);
1923 dpp_auth_deinit(auth);
1931 wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
1932 unsigned int freq, const u8 *dst,
1933 const u8 *src, const u8 *bssid,
1934 const u8 *data, size_t data_len,
1935 enum offchannel_send_action_result result)
1937 const char *res_txt;
1939 res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
1940 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
1942 wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
1943 " result=%s (DPP Peer Discovery Request)",
1944 freq, MAC2STR(dst), res_txt);
1945 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
1946 " freq=%u result=%s", MAC2STR(dst), freq, res_txt);
1947 /* TODO: Time out wait for response more quickly in error cases? */
1951 int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
1952 struct wpa_bss *bss)
1956 unsigned int wait_time;
1958 struct wpa_ie_data ied;
1960 if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
1961 return 0; /* Not using DPP AKM - continue */
1962 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1963 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
1964 !(ied.key_mgmt & WPA_KEY_MGMT_DPP))
1965 return 0; /* AP does not support DPP AKM - continue */
1966 if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid))
1967 return 0; /* PMKSA exists for DPP AKM - continue */
1969 if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
1971 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
1973 !ssid->dpp_connector ? "Connector" :
1974 (!ssid->dpp_netaccesskey ? "netAccessKey" :
1981 if (ssid->dpp_netaccesskey_expiry &&
1982 (os_time_t) ssid->dpp_netaccesskey_expiry < now.sec) {
1983 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
1984 "netAccessKey expired");
1988 wpa_printf(MSG_DEBUG,
1989 "DPP: Starting network introduction protocol to derive PMKSA for "
1990 MACSTR, MAC2STR(bss->bssid));
1992 msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ,
1993 5 + 4 + os_strlen(ssid->dpp_connector));
1997 #ifdef CONFIG_TESTING_OPTIONS
1998 if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) {
1999 wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
2002 if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ) {
2003 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID");
2004 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
2005 wpabuf_put_le16(msg, 0);
2008 #endif /* CONFIG_TESTING_OPTIONS */
2010 /* Transaction ID */
2011 wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
2012 wpabuf_put_le16(msg, 1);
2013 wpabuf_put_u8(msg, TRANSACTION_ID);
2015 #ifdef CONFIG_TESTING_OPTIONS
2017 if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) {
2018 wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
2019 goto skip_connector;
2021 if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
2024 wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
2025 connector = dpp_corrupt_connector_signature(
2026 ssid->dpp_connector);
2031 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
2032 wpabuf_put_le16(msg, os_strlen(connector));
2033 wpabuf_put_str(msg, connector);
2035 goto skip_connector;
2037 #endif /* CONFIG_TESTING_OPTIONS */
2040 wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
2041 wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
2042 wpabuf_put_str(msg, ssid->dpp_connector);
2044 #ifdef CONFIG_TESTING_OPTIONS
2046 #endif /* CONFIG_TESTING_OPTIONS */
2048 /* TODO: Timeout on AP response */
2049 wait_time = wpa_s->max_remain_on_chan;
2050 if (wait_time > 2000)
2052 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2053 MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ);
2054 offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
2056 wpabuf_head(msg), wpabuf_len(msg),
2057 wait_time, wpas_dpp_tx_introduction_status, 0);
2060 /* Request this connection attempt to terminate - new one will be
2061 * started when network introduction protocol completes */
2062 os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
2063 wpa_s->dpp_intro_network = ssid;
2068 int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
2070 struct dpp_bootstrap_info *own_bi;
2071 const char *pos, *end;
2072 unsigned int wait_time;
2074 pos = os_strstr(cmd, " own=");
2078 own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
2080 wpa_printf(MSG_DEBUG,
2081 "DPP: Identified bootstrap info not found");
2084 if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
2085 wpa_printf(MSG_DEBUG,
2086 "DPP: Identified bootstrap info not for PKEX");
2089 wpa_s->dpp_pkex_bi = own_bi;
2090 own_bi->pkex_t = 0; /* clear pending errors on new code */
2092 os_free(wpa_s->dpp_pkex_identifier);
2093 wpa_s->dpp_pkex_identifier = NULL;
2094 pos = os_strstr(cmd, " identifier=");
2097 end = os_strchr(pos, ' ');
2100 wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1);
2101 if (!wpa_s->dpp_pkex_identifier)
2103 os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos);
2104 wpa_s->dpp_pkex_identifier[end - pos] = '\0';
2107 pos = os_strstr(cmd, " code=");
2110 os_free(wpa_s->dpp_pkex_code);
2111 wpa_s->dpp_pkex_code = os_strdup(pos + 6);
2112 if (!wpa_s->dpp_pkex_code)
2115 if (os_strstr(cmd, " init=1")) {
2116 struct dpp_pkex *pkex;
2119 wpa_printf(MSG_DEBUG, "DPP: Initiating PKEX");
2120 dpp_pkex_free(wpa_s->dpp_pkex);
2121 wpa_s->dpp_pkex = dpp_pkex_init(wpa_s, own_bi, wpa_s->own_addr,
2122 wpa_s->dpp_pkex_identifier,
2123 wpa_s->dpp_pkex_code);
2124 pkex = wpa_s->dpp_pkex;
2128 msg = pkex->exchange_req;
2129 wait_time = wpa_s->max_remain_on_chan;
2130 if (wait_time > 2000)
2133 wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
2135 MAC2STR(broadcast), pkex->freq,
2136 DPP_PA_PKEX_EXCHANGE_REQ);
2137 offchannel_send_action(wpa_s, pkex->freq, broadcast,
2138 wpa_s->own_addr, broadcast,
2139 wpabuf_head(msg), wpabuf_len(msg),
2140 wait_time, wpas_dpp_tx_pkex_status, 0);
2143 pkex->exch_req_wait_time = wait_time;
2144 pkex->exch_req_tries = 1;
2147 /* TODO: Support multiple PKEX info entries */
2149 os_free(wpa_s->dpp_pkex_auth_cmd);
2150 wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd);
2156 int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id)
2158 unsigned int id_val;
2160 if (os_strcmp(id, "*") == 0) {
2168 if ((id_val != 0 && id_val != 1) || !wpa_s->dpp_pkex_code)
2171 /* TODO: Support multiple PKEX entries */
2172 os_free(wpa_s->dpp_pkex_code);
2173 wpa_s->dpp_pkex_code = NULL;
2174 os_free(wpa_s->dpp_pkex_identifier);
2175 wpa_s->dpp_pkex_identifier = NULL;
2176 os_free(wpa_s->dpp_pkex_auth_cmd);
2177 wpa_s->dpp_pkex_auth_cmd = NULL;
2178 wpa_s->dpp_pkex_bi = NULL;
2179 /* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
2180 dpp_pkex_free(wpa_s->dpp_pkex);
2181 wpa_s->dpp_pkex = NULL;
2186 void wpas_dpp_stop(struct wpa_supplicant *wpa_s)
2188 dpp_auth_deinit(wpa_s->dpp_auth);
2189 wpa_s->dpp_auth = NULL;
2190 dpp_pkex_free(wpa_s->dpp_pkex);
2191 wpa_s->dpp_pkex = NULL;
2192 if (wpa_s->dpp_gas_client && wpa_s->dpp_gas_dialog_token >= 0)
2193 gas_query_stop(wpa_s->gas, wpa_s->dpp_gas_dialog_token);
2197 int wpas_dpp_init(struct wpa_supplicant *wpa_s)
2201 adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
2202 adv_proto_id[1] = 5;
2203 WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
2204 adv_proto_id[5] = DPP_OUI_TYPE;
2205 adv_proto_id[6] = 0x01;
2207 if (gas_server_register(wpa_s->gas_server, adv_proto_id,
2208 sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
2209 wpas_dpp_gas_status_handler, wpa_s) < 0)
2211 wpa_s->dpp = dpp_global_init();
2212 return wpa_s->dpp ? 0 : -1;
2216 void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
2218 #ifdef CONFIG_TESTING_OPTIONS
2219 os_free(wpa_s->dpp_config_obj_override);
2220 wpa_s->dpp_config_obj_override = NULL;
2221 os_free(wpa_s->dpp_discovery_override);
2222 wpa_s->dpp_discovery_override = NULL;
2223 os_free(wpa_s->dpp_groups_override);
2224 wpa_s->dpp_groups_override = NULL;
2225 wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
2226 #endif /* CONFIG_TESTING_OPTIONS */
2229 dpp_global_clear(wpa_s->dpp);
2230 eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
2231 eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
2232 eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
2233 eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
2235 eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
2236 dpp_pfs_free(wpa_s->dpp_pfs);
2237 wpa_s->dpp_pfs = NULL;
2238 #endif /* CONFIG_DPP2 */
2239 offchannel_send_action_done(wpa_s);
2240 wpas_dpp_listen_stop(wpa_s);
2241 wpas_dpp_stop(wpa_s);
2242 wpas_dpp_pkex_remove(wpa_s, "*");
2243 os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
2244 os_free(wpa_s->dpp_configurator_params);
2245 wpa_s->dpp_configurator_params = NULL;
projects / FreeBSD / FreeBSD.git / blob