/*
* EAP-WSC peer for Wi-Fi Protected Setup
- * Copyright (c) 2007-2008, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2007-2009, 2012, Jouni Malinen <j@w1.fi>
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
*/
#include "includes.h"
struct eap_wsc_data {
- enum { WAIT_START, MSG, FRAG_ACK, WAIT_FRAG_ACK, DONE, FAIL } state;
+ enum { WAIT_START, MESG, FRAG_ACK, WAIT_FRAG_ACK, DONE, FAIL } state;
int registrar;
struct wpabuf *in_buf;
struct wpabuf *out_buf;
- u8 in_op_code, out_op_code;
+ enum wsc_op_code in_op_code, out_op_code;
size_t out_used;
size_t fragment_size;
struct wps_data *wps;
switch (state) {
case WAIT_START:
return "WAIT_START";
- case MSG:
- return "MSG";
+ case MESG:
+ return "MESG";
case FRAG_ACK:
return "FRAG_ACK";
case WAIT_FRAG_ACK:
}
-static int eap_wsc_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *psk,
- size_t psk_len)
+static int eap_wsc_new_ap_settings(struct wps_credential *cred,
+ const char *params)
{
- /* struct eap_wsc_data *data = ctx; */
+ const char *pos, *end;
+ size_t len;
- wpa_printf(MSG_DEBUG, "EAP-WSC: Received new WPA/WPA2-PSK from WPS for"
- " STA " MACSTR, MAC2STR(mac_addr));
- wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
+ os_memset(cred, 0, sizeof(*cred));
- /* TODO */
+ pos = os_strstr(params, "new_ssid=");
+ if (pos == NULL)
+ return 0;
+ pos += 9;
+ end = os_strchr(pos, ' ');
+ if (end == NULL)
+ len = os_strlen(pos);
+ else
+ len = end - pos;
+ if ((len & 1) || len > 2 * sizeof(cred->ssid) ||
+ hexstr2bin(pos, cred->ssid, len / 2)) {
+ wpa_printf(MSG_DEBUG, "EAP-WSC: Invalid new_ssid");
+ return -1;
+ }
+ cred->ssid_len = len / 2;
- return 0;
-}
+ pos = os_strstr(params, "new_auth=");
+ if (pos == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-WSC: Missing new_auth");
+ return -1;
+ }
+ if (os_strncmp(pos + 9, "OPEN", 4) == 0)
+ cred->auth_type = WPS_AUTH_OPEN;
+ else if (os_strncmp(pos + 9, "WPAPSK", 6) == 0)
+ cred->auth_type = WPS_AUTH_WPAPSK;
+ else if (os_strncmp(pos + 9, "WPA2PSK", 7) == 0)
+ cred->auth_type = WPS_AUTH_WPA2PSK;
+ else {
+ wpa_printf(MSG_DEBUG, "EAP-WSC: Unknown new_auth");
+ return -1;
+ }
+ pos = os_strstr(params, "new_encr=");
+ if (pos == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP-WSC: Missing new_encr");
+ return -1;
+ }
+ if (os_strncmp(pos + 9, "NONE", 4) == 0)
+ cred->encr_type = WPS_ENCR_NONE;
+#ifdef CONFIG_TESTING_OPTIONS
+ else if (os_strncmp(pos + 9, "WEP", 3) == 0)
+ cred->encr_type = WPS_ENCR_WEP;
+#endif /* CONFIG_TESTING_OPTIONS */
+ else if (os_strncmp(pos + 9, "TKIP", 4) == 0)
+ cred->encr_type = WPS_ENCR_TKIP;
+ else if (os_strncmp(pos + 9, "CCMP", 4) == 0)
+ cred->encr_type = WPS_ENCR_AES;
+ else {
+ wpa_printf(MSG_DEBUG, "EAP-WSC: Unknown new_encr");
+ return -1;
+ }
-static void eap_wsc_pin_needed_cb(void *ctx, const u8 *uuid_e,
- const struct wps_device_data *dev)
-{
- /* struct eap_wsc_data *data = ctx; */
- char uuid[40], txt[400];
- int len;
- if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
- return;
- wpa_printf(MSG_DEBUG, "EAP-WSC: PIN needed for E-UUID %s", uuid);
- len = os_snprintf(txt, sizeof(txt), "WPS-EVENT-PIN-NEEDED "
- "%s " MACSTR " [%s|%s|%s|%s|%s|%d-%08X-%d]",
- uuid, MAC2STR(dev->mac_addr), dev->device_name,
- dev->manufacturer, dev->model_name,
- dev->model_number, dev->serial_number,
- dev->categ, dev->oui, dev->sub_categ);
- if (len > 0 && len < (int) sizeof(txt))
- wpa_printf(MSG_INFO, "%s", txt);
+ pos = os_strstr(params, "new_key=");
+ if (pos == NULL)
+ return 0;
+ pos += 8;
+ end = os_strchr(pos, ' ');
+ if (end == NULL)
+ len = os_strlen(pos);
+ else
+ len = end - pos;
+ if ((len & 1) || len > 2 * sizeof(cred->key) ||
+ hexstr2bin(pos, cred->key, len / 2)) {
+ wpa_printf(MSG_DEBUG, "EAP-WSC: Invalid new_key");
+ return -1;
+ }
+ cred->key_len = len / 2;
+
+ return 1;
}
size_t identity_len;
int registrar;
struct wps_config cfg;
- const char *pos;
+ const char *pos, *end;
const char *phase1;
- struct wps_context *wps = NULL;
+ struct wps_context *wps;
+ struct wps_credential new_ap_settings;
+ int res;
+ int nfc = 0;
+ u8 pkhash[WPS_OOB_PUBKEY_HASH_LEN];
+
+ wps = sm->wps;
+ if (wps == NULL) {
+ wpa_printf(MSG_ERROR, "EAP-WSC: WPS context not available");
+ return NULL;
+ }
identity = eap_get_config_identity(sm, &identity_len);
data = os_zalloc(sizeof(*data));
if (data == NULL)
return NULL;
- data->state = registrar ? MSG : WAIT_START;
+ data->state = registrar ? MESG : WAIT_START;
data->registrar = registrar;
-
- wps = os_zalloc(sizeof(*wps));
- if (wps == NULL) {
- os_free(data);
- return NULL;
- }
-
data->wps_ctx = wps;
- wps->cb_ctx = data;
-
- /* TODO: store wps_context at higher layer and make the device data
- * configurable */
- wps->dev.device_name = "dev name";
- wps->dev.manufacturer = "manuf";
- wps->dev.model_name = "model name";
- wps->dev.model_number = "model number";
- wps->dev.serial_number = "12345";
- wps->dev.categ = WPS_DEV_COMPUTER;
- wps->dev.oui = WPS_DEV_OUI_WFA;
- wps->dev.sub_categ = WPS_DEV_COMPUTER_PC;
-
- if (registrar) {
- struct wps_registrar_config rcfg;
-
- wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
- wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
-
- os_memset(&rcfg, 0, sizeof(rcfg));
- rcfg.new_psk_cb = eap_wsc_new_psk_cb;
- rcfg.pin_needed_cb = eap_wsc_pin_needed_cb;
- rcfg.cb_ctx = data;
-
- wps->registrar = wps_registrar_init(wps, &rcfg);
- if (wps->registrar == NULL) {
- wpa_printf(MSG_DEBUG, "EAP-WSC: Failed to initialize "
- "WPS Registrar");
- os_free(wps->network_key);
- os_free(wps);
- os_free(data);
- return NULL;
- }
-
- }
os_memset(&cfg, 0, sizeof(cfg));
- cfg.authenticator = 0;
cfg.wps = wps;
- cfg.registrar = data->wps_ctx ? data->wps_ctx->registrar : NULL;
- cfg.enrollee_mac_addr = sm->mac_addr;
+ cfg.registrar = registrar;
phase1 = eap_get_config_phase1(sm);
if (phase1 == NULL) {
while (*pos != '\0' && *pos != ' ')
pos++;
cfg.pin_len = pos - (const char *) cfg.pin;
+ if (cfg.pin_len == 6 &&
+ os_strncmp((const char *) cfg.pin, "nfc-pw", 6) == 0) {
+ cfg.pin = NULL;
+ cfg.pin_len = 0;
+ nfc = 1;
+ }
} else {
pos = os_strstr(phase1, "pbc=1");
if (pos)
cfg.pbc = 1;
}
- if (cfg.pin == NULL && !cfg.pbc) {
+ pos = os_strstr(phase1, "dev_pw_id=");
+ if (pos) {
+ u16 id = atoi(pos + 10);
+ if (id == DEV_PW_NFC_CONNECTION_HANDOVER)
+ nfc = 1;
+ if (cfg.pin || id == DEV_PW_NFC_CONNECTION_HANDOVER)
+ cfg.dev_pw_id = id;
+ }
+
+ if (cfg.pin == NULL && !cfg.pbc && !nfc) {
wpa_printf(MSG_INFO, "EAP-WSC: PIN or PBC not set in phase1 "
"configuration data");
os_free(data);
return NULL;
}
- if (registrar && wps)
- os_memcpy(wps->uuid, sm->uuid, UUID_LEN);
- else
- cfg.uuid = sm->uuid;
- cfg.wps_cred_cb = sm->eapol_cb->wps_cred;
- cfg.cb_ctx = sm->eapol_ctx;
+ pos = os_strstr(phase1, " pkhash=");
+ if (pos) {
+ size_t len;
+ pos += 8;
+ end = os_strchr(pos, ' ');
+ if (end)
+ len = end - pos;
+ else
+ len = os_strlen(pos);
+ if (len != 2 * WPS_OOB_PUBKEY_HASH_LEN ||
+ hexstr2bin(pos, pkhash, WPS_OOB_PUBKEY_HASH_LEN)) {
+ wpa_printf(MSG_INFO, "EAP-WSC: Invalid pkhash");
+ os_free(data);
+ return NULL;
+ }
+ cfg.peer_pubkey_hash = pkhash;
+ }
+
+ res = eap_wsc_new_ap_settings(&new_ap_settings, phase1);
+ if (res < 0) {
+ os_free(data);
+ wpa_printf(MSG_DEBUG, "EAP-WSC: Failed to parse new AP "
+ "settings");
+ return NULL;
+ }
+ if (res == 1) {
+ wpa_printf(MSG_DEBUG, "EAP-WSC: Provide new AP settings for "
+ "WPS");
+ cfg.new_ap_settings = &new_ap_settings;
+ }
+
data->wps = wps_init(&cfg);
if (data->wps == NULL) {
os_free(data);
+ wpa_printf(MSG_DEBUG, "EAP-WSC: wps_init failed");
return NULL;
}
- data->fragment_size = WSC_FRAGMENT_SIZE;
-
+ res = eap_get_config_fragment_size(sm);
+ if (res > 0)
+ data->fragment_size = res;
+ else
+ data->fragment_size = WSC_FRAGMENT_SIZE;
+ wpa_printf(MSG_DEBUG, "EAP-WSC: Fragment size limit %u",
+ (unsigned int) data->fragment_size);
- if (registrar) {
- /* Testing */
- wpa_printf(MSG_INFO, "EAP-WSC: Registrar functionality not "
- "yet fully supported - using test values");
- u8 uuid_e[UUID_LEN];
- os_memset(uuid_e, 0, UUID_LEN);
- wps_registrar_add_pin(data->wps_ctx->registrar, uuid_e,
- (const u8 *) "12345670", 8);
+ if (registrar && cfg.pin) {
+ wps_registrar_add_pin(data->wps_ctx->registrar, NULL, NULL,
+ cfg.pin, cfg.pin_len, 0);
}
+ /* Use reduced client timeout for WPS to avoid long wait */
+ if (sm->ClientTimeout > 30)
+ sm->ClientTimeout = 30;
+
return data;
}
wpabuf_free(data->in_buf);
wpabuf_free(data->out_buf);
wps_deinit(data->wps);
- if (data->wps_ctx) {
- wps_registrar_deinit(data->wps_ctx->registrar);
- os_free(data->wps_ctx->network_key);
- os_free(data->wps_ctx);
- }
+ os_free(data->wps_ctx->network_key);
+ data->wps_ctx->network_key = NULL;
os_free(data);
}
eap_wsc_state(data, FAIL);
ret->methodState = METHOD_DONE;
} else
- eap_wsc_state(data, MSG);
+ eap_wsc_state(data, MESG);
} else {
wpa_printf(MSG_DEBUG, "EAP-WSC: Sending out %lu bytes "
"(%lu more to send)", (unsigned long) send_len,
u16 message_length = 0;
enum wps_process_res res;
struct wpabuf tmpbuf;
+ struct wpabuf *r;
pos = eap_hdr_validate(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC, reqData,
&len);
message_length = WPA_GET_BE16(pos);
pos += 2;
- if (message_length < end - pos) {
+ if (message_length < end - pos || message_length > 50000) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Invalid Message "
"Length");
ret->ignore = TRUE;
return NULL;
}
wpa_printf(MSG_DEBUG, "EAP-WSC: Fragment acknowledged");
- eap_wsc_state(data, MSG);
+ eap_wsc_state(data, MESG);
return eap_wsc_build_msg(data, ret, id);
}
return NULL;
}
wpa_printf(MSG_DEBUG, "EAP-WSC: Received start");
- eap_wsc_state(data, MSG);
+ eap_wsc_state(data, MESG);
/* Start message has empty payload, skip processing */
goto send_msg;
} else if (op_code == WSC_Start) {
eap_wsc_state(data, FAIL);
break;
case WPS_CONTINUE:
- eap_wsc_state(data, MSG);
+ eap_wsc_state(data, MESG);
break;
case WPS_FAILURE:
+ case WPS_PENDING:
wpa_printf(MSG_DEBUG, "EAP-WSC: WPS processing failed");
eap_wsc_state(data, FAIL);
break;
- case WPS_PENDING:
- wpa_printf(MSG_DEBUG, "EAP-WSC: WPS processing pending");
- ret->ignore = TRUE;
- if (data->in_buf == &tmpbuf)
- data->in_buf = NULL;
- return NULL;
}
if (data->in_buf != &tmpbuf)
if (data->out_buf == NULL) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Failed to receive "
"message from WPS");
+ eap_wsc_state(data, FAIL);
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
return NULL;
}
data->out_used = 0;
}
- eap_wsc_state(data, MSG);
- return eap_wsc_build_msg(data, ret, id);
+ eap_wsc_state(data, MESG);
+ r = eap_wsc_build_msg(data, ret, id);
+ if (data->state == FAIL && ret->methodState == METHOD_DONE) {
+ /* Use reduced client timeout for WPS to avoid long wait */
+ if (sm->ClientTimeout > 2)
+ sm->ClientTimeout = 2;
+ }
+ return r;
}