X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=src%2Fwps%2Fwps_registrar.c;h=1beea75e0d3db2fa28b2432ab81c29e5d15af9b1;hb=a9d69254e30922136829be38179c924d1a632617;hp=dc0dd87bd713f0654f90da75ce2c64ab012d41fa;hpb=6a857074f4c09932eb2b9e72ede69bc6521cd2e9;p=libeap.git diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c index dc0dd87..1beea75 100644 --- a/src/wps/wps_registrar.c +++ b/src/wps/wps_registrar.c @@ -27,7 +27,9 @@ #include "wps_upnp.h" #include "wps_upnp_i.h" +#ifndef CONFIG_WPS_STRICT #define WPS_WORKAROUNDS +#endif /* CONFIG_WPS_STRICT */ struct wps_uuid_pin { struct dl_list list; @@ -124,6 +126,7 @@ struct wps_registrar { int sel_reg_dev_password_id_override; int sel_reg_config_methods_override; int static_wep_only; + int dualband; struct wps_registrar_device *devices; @@ -144,13 +147,20 @@ static void wps_registrar_add_authorized_mac(struct wps_registrar *reg, const u8 *addr) { int i; + wpa_printf(MSG_DEBUG, "WPS: Add authorized MAC " MACSTR, + MAC2STR(addr)); for (i = 0; i < WPS_MAX_AUTHORIZED_MACS; i++) - if (os_memcmp(reg->authorized_macs[i], addr, ETH_ALEN) == 0) + if (os_memcmp(reg->authorized_macs[i], addr, ETH_ALEN) == 0) { + wpa_printf(MSG_DEBUG, "WPS: Authorized MAC was " + "already in the list"); return; /* already in list */ + } for (i = WPS_MAX_AUTHORIZED_MACS - 1; i > 0; i--) os_memcpy(reg->authorized_macs[i], reg->authorized_macs[i - 1], ETH_ALEN); os_memcpy(reg->authorized_macs[0], addr, ETH_ALEN); + wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs", + (u8 *) reg->authorized_macs, sizeof(reg->authorized_macs)); } @@ -158,17 +168,24 @@ static void wps_registrar_remove_authorized_mac(struct wps_registrar *reg, const u8 *addr) { int i; + wpa_printf(MSG_DEBUG, "WPS: Remove authorized MAC " MACSTR, + MAC2STR(addr)); for (i = 0; i < WPS_MAX_AUTHORIZED_MACS; i++) { if (os_memcmp(reg->authorized_macs, addr, ETH_ALEN) == 0) break; } - if (i == WPS_MAX_AUTHORIZED_MACS) + if (i == WPS_MAX_AUTHORIZED_MACS) { + wpa_printf(MSG_DEBUG, "WPS: Authorized MAC was not in the " + "list"); return; /* not in the list */ + } for (; i + 1 < WPS_MAX_AUTHORIZED_MACS; i++) os_memcpy(reg->authorized_macs[i], reg->authorized_macs[i + 1], ETH_ALEN); os_memset(reg->authorized_macs[WPS_MAX_AUTHORIZED_MACS - 1], 0, ETH_ALEN); + wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs", + (u8 *) reg->authorized_macs, sizeof(reg->authorized_macs)); } @@ -311,8 +328,8 @@ static void wps_registrar_remove_pbc_session(struct wps_registrar *reg, } -static int wps_registrar_pbc_overlap(struct wps_registrar *reg, - const u8 *addr, const u8 *uuid_e) +int wps_registrar_pbc_overlap(struct wps_registrar *reg, + const u8 *addr, const u8 *uuid_e) { int count = 0; struct wps_pbc_session *pbc; @@ -414,22 +431,57 @@ static int wps_build_sel_reg_dev_password_id(struct wps_registrar *reg, } +static int wps_build_sel_pbc_reg_uuid_e(struct wps_registrar *reg, + struct wpabuf *msg) +{ + u16 id = reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT; + if (!reg->sel_reg_union) + return 0; + if (reg->sel_reg_dev_password_id_override >= 0) + id = reg->sel_reg_dev_password_id_override; + if (id != DEV_PW_PUSHBUTTON || !reg->dualband) + return 0; + return wps_build_uuid_e(msg, reg->wps->uuid); +} + + +static void wps_set_pushbutton(u16 *methods, u16 conf_methods) +{ + *methods |= WPS_CONFIG_PUSHBUTTON; +#ifdef CONFIG_WPS2 + if (conf_methods & WPS_CONFIG_VIRT_PUSHBUTTON) + *methods |= WPS_CONFIG_VIRT_PUSHBUTTON; + if (conf_methods & WPS_CONFIG_PHY_PUSHBUTTON) + *methods |= WPS_CONFIG_PHY_PUSHBUTTON; + if ((*methods & WPS_CONFIG_VIRT_PUSHBUTTON) != + WPS_CONFIG_VIRT_PUSHBUTTON || + (*methods & WPS_CONFIG_PHY_PUSHBUTTON) != + WPS_CONFIG_PHY_PUSHBUTTON) { + /* + * Required to include virtual/physical flag, but we were not + * configured with push button type, so have to default to one + * of them. + */ + *methods |= WPS_CONFIG_PHY_PUSHBUTTON; + } +#endif /* CONFIG_WPS2 */ +} + + static int wps_build_sel_reg_config_methods(struct wps_registrar *reg, struct wpabuf *msg) { u16 methods; if (!reg->sel_reg_union) return 0; - methods = reg->wps->config_methods & - ~(WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON | - WPS_CONFIG_PHY_PUSHBUTTON); - if (reg->pbc) { - methods |= WPS_CONFIG_PUSHBUTTON; - if (reg->wps->config_methods & WPS_CONFIG_VIRT_PUSHBUTTON) - methods |= WPS_CONFIG_VIRT_PUSHBUTTON; - if (reg->wps->config_methods & WPS_CONFIG_PHY_PUSHBUTTON) - methods |= WPS_CONFIG_PHY_PUSHBUTTON; - } + methods = reg->wps->config_methods; + methods &= ~WPS_CONFIG_PUSHBUTTON; +#ifdef CONFIG_WPS2 + methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON | + WPS_CONFIG_PHY_PUSHBUTTON); +#endif /* CONFIG_WPS2 */ + if (reg->pbc) + wps_set_pushbutton(&methods, reg->wps->config_methods); if (reg->sel_reg_config_methods_override >= 0) methods = reg->sel_reg_config_methods_override; wpa_printf(MSG_DEBUG, "WPS: * Selected Registrar Config Methods (%x)", @@ -449,9 +501,11 @@ static int wps_build_probe_config_methods(struct wps_registrar *reg, * These are the methods that the AP supports as an Enrollee for adding * external Registrars. */ - methods = reg->wps->config_methods & - ~(WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON | - WPS_CONFIG_PHY_PUSHBUTTON); + methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON; +#ifdef CONFIG_WPS2 + methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON | + WPS_CONFIG_PHY_PUSHBUTTON); +#endif /* CONFIG_WPS2 */ wpa_printf(MSG_DEBUG, "WPS: * Config Methods (%x)", methods); wpabuf_put_be16(msg, ATTR_CONFIG_METHODS); wpabuf_put_be16(msg, 2); @@ -464,39 +518,30 @@ static int wps_build_config_methods_r(struct wps_registrar *reg, struct wpabuf *msg) { u16 methods; - methods = reg->wps->config_methods & - ~(WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON | - WPS_CONFIG_PHY_PUSHBUTTON); - if (reg->pbc) { - methods |= WPS_CONFIG_PUSHBUTTON; - if (reg->wps->config_methods & WPS_CONFIG_VIRT_PUSHBUTTON) - methods |= WPS_CONFIG_VIRT_PUSHBUTTON; - if (reg->wps->config_methods & WPS_CONFIG_PHY_PUSHBUTTON) - methods |= WPS_CONFIG_PHY_PUSHBUTTON; - } + methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON; +#ifdef CONFIG_WPS2 + methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON | + WPS_CONFIG_PHY_PUSHBUTTON); +#endif /* CONFIG_WPS2 */ + if (reg->pbc) + wps_set_pushbutton(&methods, reg->wps->config_methods); return wps_build_config_methods(msg, methods); } -int wps_build_authorized_macs(struct wps_registrar *reg, struct wpabuf *msg) +const u8 * wps_authorized_macs(struct wps_registrar *reg, size_t *count) { - int count = 0; + *count = 0; - while (count < WPS_MAX_AUTHORIZED_MACS) { - if (is_zero_ether_addr(reg->authorized_macs_union[count])) +#ifdef CONFIG_WPS2 + while (*count < WPS_MAX_AUTHORIZED_MACS) { + if (is_zero_ether_addr(reg->authorized_macs_union[*count])) break; - count++; + (*count)++; } +#endif /* CONFIG_WPS2 */ - if (count == 0) - return 0; - - wpa_printf(MSG_DEBUG, "WPS: * AuthorizedMACs (count=%d)", count); - wpabuf_put_be16(msg, ATTR_AUTHORIZED_MACS); - wpabuf_put_be16(msg, count * ETH_ALEN); - wpabuf_put_data(msg, reg->authorized_macs_union, count * ETH_ALEN); - - return 0; + return (const u8 *) reg->authorized_macs_union; } @@ -542,6 +587,7 @@ wps_registrar_init(struct wps_context *wps, reg->sel_reg_dev_password_id_override = -1; reg->sel_reg_config_methods_override = -1; reg->static_wep_only = cfg->static_wep_only; + reg->dualband = cfg->dualband; if (wps_set_ie(reg)) { wps_registrar_deinit(reg); @@ -619,6 +665,9 @@ int wps_registrar_add_pin(struct wps_registrar *reg, const u8 *addr, reg->pbc = 0; if (addr) wps_registrar_add_authorized_mac(reg, addr); + else + wps_registrar_add_authorized_mac( + reg, (u8 *) "\xff\xff\xff\xff\xff\xff"); wps_registrar_selected_registrar_changed(reg); eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL); eloop_register_timeout(WPS_PBC_WALK_TIME, 0, @@ -629,6 +678,22 @@ int wps_registrar_add_pin(struct wps_registrar *reg, const u8 *addr, } +static void wps_registrar_remove_pin(struct wps_registrar *reg, + struct wps_uuid_pin *pin) +{ + u8 *addr; + u8 bcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; + + if (is_zero_ether_addr(pin->enrollee_addr)) + addr = bcast; + else + addr = pin->enrollee_addr; + wps_registrar_remove_authorized_mac(reg, addr); + wps_remove_pin(pin); + wps_registrar_selected_registrar_changed(reg); +} + + static void wps_registrar_expire_pins(struct wps_registrar *reg) { struct wps_uuid_pin *pin, *prev; @@ -641,12 +706,32 @@ static void wps_registrar_expire_pins(struct wps_registrar *reg) os_time_before(&pin->expiration, &now)) { wpa_hexdump(MSG_DEBUG, "WPS: Expired PIN for UUID", pin->uuid, WPS_UUID_LEN); - wps_registrar_remove_authorized_mac( - reg, pin->enrollee_addr); - wps_remove_pin(pin); - wps_registrar_selected_registrar_changed(reg); + wps_registrar_remove_pin(reg, pin); + } + } +} + + +/** + * wps_registrar_invalidate_wildcard_pin - Invalidate a wildcard PIN + * @reg: Registrar data from wps_registrar_init() + * Returns: 0 on success, -1 if not wildcard PIN is enabled + */ +static int wps_registrar_invalidate_wildcard_pin(struct wps_registrar *reg) +{ + struct wps_uuid_pin *pin, *prev; + + dl_list_for_each_safe(pin, prev, ®->pins, struct wps_uuid_pin, list) + { + if (pin->wildcard_uuid) { + wpa_hexdump(MSG_DEBUG, "WPS: Invalidated PIN for UUID", + pin->uuid, WPS_UUID_LEN); + wps_registrar_remove_pin(reg, pin); + return 0; } } + + return -1; } @@ -665,10 +750,7 @@ int wps_registrar_invalidate_pin(struct wps_registrar *reg, const u8 *uuid) if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) { wpa_hexdump(MSG_DEBUG, "WPS: Invalidated PIN for UUID", pin->uuid, WPS_UUID_LEN); - wps_registrar_remove_authorized_mac( - reg, pin->enrollee_addr); - wps_remove_pin(pin); - wps_registrar_selected_registrar_changed(reg); + wps_registrar_remove_pin(reg, pin); return 0; } } @@ -796,6 +878,7 @@ int wps_registrar_button_pushed(struct wps_registrar *reg) reg->pbc = 1; wps_registrar_selected_registrar_changed(reg); + eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL); eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL); eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wps_registrar_pbc_timeout, reg, NULL); @@ -820,6 +903,23 @@ static void wps_registrar_pin_completed(struct wps_registrar *reg) } +int wps_registrar_wps_cancel(struct wps_registrar *reg) +{ + if (reg->pbc) { + wpa_printf(MSG_DEBUG, "WPS: PBC is set - cancelling it"); + wps_registrar_pbc_timeout(reg, NULL); + return 1; + } else if (reg->selected_registrar) { + /* PIN Method */ + wpa_printf(MSG_DEBUG, "WPS: PIN is set - cancelling it"); + wps_registrar_pin_completed(reg); + wps_registrar_invalidate_wildcard_pin(reg); + return 1; + } + return 0; +} + + /** * wps_registrar_probe_req_rx - Notify Registrar of Probe Request * @reg: Registrar data from wps_registrar_init() @@ -831,7 +931,8 @@ static void wps_registrar_pin_completed(struct wps_registrar *reg) * situation with other WPS APs. */ void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr, - const struct wpabuf *wps_data) + const struct wpabuf *wps_data, + int p2p_wildcard) { struct wps_parse_attr attr; @@ -855,7 +956,7 @@ void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr, } if (reg->enrollee_seen_cb && attr.uuid_e && - attr.primary_dev_type && attr.request_type) { + attr.primary_dev_type && attr.request_type && !p2p_wildcard) { char *dev_name = NULL; if (attr.dev_name) { dev_name = os_zalloc(attr.dev_name_len + 1); @@ -936,62 +1037,32 @@ static void wps_cb_set_sel_reg(struct wps_registrar *reg) return; if (reg->selected_registrar) { - methods = reg->wps->config_methods & - ~(WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON | - WPS_CONFIG_PHY_PUSHBUTTON); - if (reg->pbc) { - methods |= WPS_CONFIG_PUSHBUTTON; - if (reg->wps->config_methods & - WPS_CONFIG_VIRT_PUSHBUTTON) - methods |= WPS_CONFIG_VIRT_PUSHBUTTON; - if (reg->wps->config_methods & - WPS_CONFIG_PHY_PUSHBUTTON) - methods |= WPS_CONFIG_PHY_PUSHBUTTON; - } + methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON; +#ifdef CONFIG_WPS2 + methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON | + WPS_CONFIG_PHY_PUSHBUTTON); +#endif /* CONFIG_WPS2 */ + if (reg->pbc) + wps_set_pushbutton(&methods, reg->wps->config_methods); } + wpa_printf(MSG_DEBUG, "WPS: wps_cb_set_sel_reg: sel_reg=%d " + "config_methods=0x%x pbc=%d methods=0x%x", + reg->selected_registrar, reg->wps->config_methods, + reg->pbc, methods); + reg->set_sel_reg_cb(reg->cb_ctx, reg->selected_registrar, reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT, methods); } -/* Encapsulate WPS IE data with one (or more, if needed) IE headers */ -static struct wpabuf * wps_ie_encapsulate(struct wpabuf *data) -{ - struct wpabuf *ie; - const u8 *pos, *end; - - ie = wpabuf_alloc(wpabuf_len(data) + 100); - if (ie == NULL) { - wpabuf_free(data); - return NULL; - } - - pos = wpabuf_head(data); - end = pos + wpabuf_len(data); - - while (end > pos) { - size_t frag_len = end - pos; - if (frag_len > 251) - frag_len = 251; - wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC); - wpabuf_put_u8(ie, 4 + frag_len); - wpabuf_put_be32(ie, WPS_DEV_OUI_WFA); - wpabuf_put_data(ie, pos, frag_len); - pos += frag_len; - } - - wpabuf_free(data); - - return ie; -} - - static int wps_set_ie(struct wps_registrar *reg) { struct wpabuf *beacon; struct wpabuf *probe; + const u8 *auth_macs; + size_t count; if (reg->set_ie_cb == NULL) return 0; @@ -1005,6 +1076,8 @@ static int wps_set_ie(struct wps_registrar *reg) return -1; } + auth_macs = wps_authorized_macs(reg, &count); + wpa_printf(MSG_DEBUG, "WPS: Build Beacon IEs"); if (wps_build_version(beacon) || @@ -1013,8 +1086,9 @@ static int wps_set_ie(struct wps_registrar *reg) wps_build_selected_registrar(reg, beacon) || wps_build_sel_reg_dev_password_id(reg, beacon) || wps_build_sel_reg_config_methods(reg, beacon) || - wps_build_version2(beacon) || - wps_build_authorized_macs(reg, beacon)) { + wps_build_sel_pbc_reg_uuid_e(reg, beacon) || + (reg->dualband && wps_build_rf_bands(®->wps->dev, beacon)) || + wps_build_wfa_ext(beacon, 0, auth_macs, count)) { wpabuf_free(beacon); wpabuf_free(probe); return -1; @@ -1034,13 +1108,21 @@ static int wps_set_ie(struct wps_registrar *reg) wps_build_device_attrs(®->wps->dev, probe) || wps_build_probe_config_methods(reg, probe) || wps_build_rf_bands(®->wps->dev, probe) || - wps_build_version2(probe) || - wps_build_authorized_macs(reg, probe)) { + wps_build_wfa_ext(probe, 0, auth_macs, count)) { wpabuf_free(beacon); wpabuf_free(probe); return -1; } +#ifdef CONFIG_P2P + if (wps_build_dev_name(®->wps->dev, beacon) || + wps_build_primary_dev_type(®->wps->dev, beacon)) { + wpabuf_free(beacon); + wpabuf_free(probe); + return -1; + } +#endif /* CONFIG_P2P */ + beacon = wps_ie_encapsulate(beacon); probe = wps_ie_encapsulate(probe); @@ -1192,7 +1274,7 @@ static int wps_build_r_snonce2(struct wps_data *wps, struct wpabuf *msg) static int wps_build_cred_network_idx(struct wpabuf *msg, const struct wps_credential *cred) { - wpa_printf(MSG_DEBUG, "WPS: * Network Index"); + wpa_printf(MSG_DEBUG, "WPS: * Network Index (1)"); wpabuf_put_be16(msg, ATTR_NETWORK_INDEX); wpabuf_put_be16(msg, 1); wpabuf_put_u8(msg, 1); @@ -1204,6 +1286,8 @@ static int wps_build_cred_ssid(struct wpabuf *msg, const struct wps_credential *cred) { wpa_printf(MSG_DEBUG, "WPS: * SSID"); + wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID for Credential", + cred->ssid, cred->ssid_len); wpabuf_put_be16(msg, ATTR_SSID); wpabuf_put_be16(msg, cred->ssid_len); wpabuf_put_data(msg, cred->ssid, cred->ssid_len); @@ -1240,6 +1324,8 @@ static int wps_build_cred_network_key(struct wpabuf *msg, { wpa_printf(MSG_DEBUG, "WPS: * Network Key (len=%d)", (int) cred->key_len); + wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", + cred->key, cred->key_len); wpabuf_put_be16(msg, ATTR_NETWORK_KEY); wpabuf_put_be16(msg, cred->key_len); wpabuf_put_data(msg, cred->key, cred->key_len); @@ -1384,6 +1470,33 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg) } use_provided: +#ifdef CONFIG_WPS_TESTING + if (wps_testing_dummy_cred) + cred = wpabuf_alloc(200); + else + cred = NULL; + if (cred) { + struct wps_credential dummy; + wpa_printf(MSG_DEBUG, "WPS: Add dummy credential"); + os_memset(&dummy, 0, sizeof(dummy)); + os_memcpy(dummy.ssid, "dummy", 5); + dummy.ssid_len = 5; + dummy.auth_type = WPS_AUTH_WPA2PSK; + dummy.encr_type = WPS_ENCR_AES; + os_memcpy(dummy.key, "dummy psk", 9); + dummy.key_len = 9; + os_memcpy(dummy.mac_addr, wps->mac_addr_e, ETH_ALEN); + wps_build_credential(cred, &dummy); + wpa_hexdump_buf(MSG_DEBUG, "WPS: Dummy Credential", cred); + + wpabuf_put_be16(msg, ATTR_CRED); + wpabuf_put_be16(msg, wpabuf_len(cred)); + wpabuf_put_buf(msg, cred); + + wpabuf_free(cred); + } +#endif /* CONFIG_WPS_TESTING */ + cred = wpabuf_alloc(200); if (cred == NULL) return -1; @@ -1451,7 +1564,7 @@ static struct wpabuf * wps_build_m2(struct wps_data *wps) wps_build_config_error(msg, WPS_CFG_NO_ERROR) || wps_build_dev_password_id(msg, wps->dev_pw_id) || wps_build_os_version(&wps->wps->dev, msg) || - wps_build_version2(msg) || + wps_build_wfa_ext(msg, 0, NULL, 0) || wps_build_authenticator(wps, msg)) { wpabuf_free(msg); return NULL; @@ -1491,7 +1604,7 @@ static struct wpabuf * wps_build_m2d(struct wps_data *wps) wps_build_assoc_state(wps, msg) || wps_build_config_error(msg, err) || wps_build_os_version(&wps->wps->dev, msg) || - wps_build_version2(msg)) { + wps_build_wfa_ext(msg, 0, NULL, 0)) { wpabuf_free(msg); return NULL; } @@ -1526,7 +1639,7 @@ static struct wpabuf * wps_build_m4(struct wps_data *wps) wps_build_r_snonce1(wps, plain) || wps_build_key_wrap_auth(wps, plain) || wps_build_encr_settings(wps, msg, plain) || - wps_build_version2(msg) || + wps_build_wfa_ext(msg, 0, NULL, 0) || wps_build_authenticator(wps, msg)) { wpabuf_free(plain); wpabuf_free(msg); @@ -1561,7 +1674,7 @@ static struct wpabuf * wps_build_m6(struct wps_data *wps) wps_build_r_snonce2(wps, plain) || wps_build_key_wrap_auth(wps, plain) || wps_build_encr_settings(wps, msg, plain) || - wps_build_version2(msg) || + wps_build_wfa_ext(msg, 0, NULL, 0) || wps_build_authenticator(wps, msg)) { wpabuf_free(plain); wpabuf_free(msg); @@ -1598,7 +1711,7 @@ static struct wpabuf * wps_build_m8(struct wps_data *wps) (!wps->wps->ap && !wps->er && wps_build_ap_settings(wps, plain)) || wps_build_key_wrap_auth(wps, plain) || wps_build_encr_settings(wps, msg, plain) || - wps_build_version2(msg) || + wps_build_wfa_ext(msg, 0, NULL, 0) || wps_build_authenticator(wps, msg)) { wpabuf_free(plain); wpabuf_free(msg); @@ -1625,7 +1738,7 @@ static struct wpabuf * wps_build_wsc_ack(struct wps_data *wps) wps_build_msg_type(msg, WPS_WSC_ACK) || wps_build_enrollee_nonce(wps, msg) || wps_build_registrar_nonce(wps, msg) || - wps_build_version2(msg)) { + wps_build_wfa_ext(msg, 0, NULL, 0)) { wpabuf_free(msg); return NULL; } @@ -1649,7 +1762,7 @@ static struct wpabuf * wps_build_wsc_nack(struct wps_data *wps) wps_build_enrollee_nonce(wps, msg) || wps_build_registrar_nonce(wps, msg) || wps_build_config_error(msg, wps->config_error) || - wps_build_version2(msg)) { + wps_build_wfa_ext(msg, 0, NULL, 0)) { wpabuf_free(msg); return NULL; } @@ -2318,6 +2431,12 @@ static enum wps_process_res wps_process_m5(struct wps_data *wps, return WPS_CONTINUE; } + if (wps_validate_m5_encr(decrypted, attr->version2 != NULL) < 0) { + wpabuf_free(decrypted); + wps->state = SEND_WSC_NACK; + return WPS_CONTINUE; + } + wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings " "attribute"); if (wps_parse_msg(decrypted, &eattr) < 0 || @@ -2391,6 +2510,13 @@ static int wps_process_ap_settings_r(struct wps_data *wps, * Use the AP PIN only to receive the current AP settings, not * to reconfigure the AP. */ + + /* + * Clear selected registrar here since we do not get to + * WSC_Done in this protocol run. + */ + wps_registrar_pin_completed(wps->wps->registrar); + if (wps->ap_settings_cb) { wps->ap_settings_cb(wps->ap_settings_cb_ctx, &wps->cred); @@ -2441,6 +2567,13 @@ static enum wps_process_res wps_process_m7(struct wps_data *wps, return WPS_CONTINUE; } + if (wps_validate_m7_encr(decrypted, wps->wps->ap || wps->er, + attr->version2 != NULL) < 0) { + wpabuf_free(decrypted); + wps->state = SEND_WSC_NACK; + return WPS_CONTINUE; + } + wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings " "attribute"); if (wps_parse_msg(decrypted, &eattr) < 0 || @@ -2485,6 +2618,8 @@ static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps, switch (*attr.msg_type) { case WPS_M1: + if (wps_validate_m1(msg) < 0) + return WPS_FAILURE; #ifdef CONFIG_WPS_UPNP if (wps->wps->wps_upnp && attr.mac_addr) { /* Remove old pending messages when starting new run */ @@ -2499,16 +2634,22 @@ static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps, ret = wps_process_m1(wps, &attr); break; case WPS_M3: + if (wps_validate_m3(msg) < 0) + return WPS_FAILURE; ret = wps_process_m3(wps, msg, &attr); if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK) wps_fail_event(wps->wps, WPS_M3); break; case WPS_M5: + if (wps_validate_m5(msg) < 0) + return WPS_FAILURE; ret = wps_process_m5(wps, msg, &attr); if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK) wps_fail_event(wps->wps, WPS_M5); break; case WPS_M7: + if (wps_validate_m7(msg) < 0) + return WPS_FAILURE; ret = wps_process_m7(wps, msg, &attr); if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK) wps_fail_event(wps->wps, WPS_M7); @@ -2833,10 +2974,16 @@ enum wps_process_res wps_registrar_process_msg(struct wps_data *wps, case WSC_MSG: return wps_process_wsc_msg(wps, msg); case WSC_ACK: + if (wps_validate_wsc_ack(msg) < 0) + return WPS_FAILURE; return wps_process_wsc_ack(wps, msg); case WSC_NACK: + if (wps_validate_wsc_nack(msg) < 0) + return WPS_FAILURE; return wps_process_wsc_nack(wps, msg); case WSC_Done: + if (wps_validate_wsc_done(msg) < 0) + return WPS_FAILURE; ret = wps_process_wsc_done(wps, msg); if (ret == WPS_FAILURE) { wps->state = SEND_WSC_NACK; @@ -2890,10 +3037,15 @@ static void wps_registrar_sel_reg_add(struct wps_registrar *reg, j++) { if (is_zero_ether_addr(s->authorized_macs[j])) break; + wpa_printf(MSG_DEBUG, "WPS: Add authorized MAC into union: " + MACSTR, MAC2STR(s->authorized_macs[j])); os_memcpy(reg->authorized_macs_union[i], s->authorized_macs[j], ETH_ALEN); i++; } + wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs union", + (u8 *) reg->authorized_macs_union, + sizeof(reg->authorized_macs_union)); } #endif /* CONFIG_WPS_UPNP */ @@ -2941,27 +3093,25 @@ void wps_registrar_selected_registrar_changed(struct wps_registrar *reg) reg->sel_reg_config_methods_override = -1; os_memcpy(reg->authorized_macs_union, reg->authorized_macs, WPS_MAX_AUTHORIZED_MACS * ETH_ALEN); + wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs union (start with own)", + (u8 *) reg->authorized_macs_union, + sizeof(reg->authorized_macs_union)); if (reg->selected_registrar) { - reg->sel_reg_config_methods_override = - reg->wps->config_methods & - ~(WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON | - WPS_CONFIG_PHY_PUSHBUTTON); + u16 methods; + + methods = reg->wps->config_methods & ~WPS_CONFIG_PUSHBUTTON; +#ifdef CONFIG_WPS2 + methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON | + WPS_CONFIG_PHY_PUSHBUTTON); +#endif /* CONFIG_WPS2 */ if (reg->pbc) { reg->sel_reg_dev_password_id_override = DEV_PW_PUSHBUTTON; - reg->sel_reg_config_methods_override |= - WPS_CONFIG_PUSHBUTTON; - if (reg->wps->config_methods & - WPS_CONFIG_VIRT_PUSHBUTTON) - reg->sel_reg_config_methods_override |= - WPS_CONFIG_VIRT_PUSHBUTTON; - if (reg->wps->config_methods & - WPS_CONFIG_PHY_PUSHBUTTON) - reg->sel_reg_config_methods_override |= - WPS_CONFIG_PHY_PUSHBUTTON; + wps_set_pushbutton(&methods, reg->wps->config_methods); } wpa_printf(MSG_DEBUG, "WPS: Internal Registrar selected " "(pbc=%d)", reg->pbc); + reg->sel_reg_config_methods_override = methods; } else wpa_printf(MSG_DEBUG, "WPS: Internal Registrar not selected");