2 * EAP-WSC server for Wi-Fi Protected Setup
3 * Copyright (c) 2007-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
20 #include "eap_common/eap_wsc_common.h"
25 enum { START, MSG, FRAG_ACK, WAIT_FRAG_ACK, DONE, FAIL } state;
27 struct wpabuf *in_buf;
28 struct wpabuf *out_buf;
29 enum wsc_op_code in_op_code, out_op_code;
37 static const char * eap_wsc_state_txt(int state)
47 return "WAIT_FRAG_ACK";
58 static void eap_wsc_state(struct eap_wsc_data *data, int state)
60 wpa_printf(MSG_DEBUG, "EAP-WSC: %s -> %s",
61 eap_wsc_state_txt(data->state),
62 eap_wsc_state_txt(state));
67 static void eap_wsc_ext_reg_timeout(void *eloop_ctx, void *timeout_ctx)
69 struct eap_sm *sm = eloop_ctx;
70 struct eap_wsc_data *data = timeout_ctx;
72 if (sm->method_pending != METHOD_PENDING_WAIT)
75 wpa_printf(MSG_DEBUG, "EAP-WSC: Timeout while waiting for an External "
77 data->ext_reg_timeout = 1;
78 eap_sm_pending_cb(sm);
82 static void * eap_wsc_init(struct eap_sm *sm)
84 struct eap_wsc_data *data;
86 struct wps_config cfg;
88 if (sm->identity && sm->identity_len == WSC_ID_REGISTRAR_LEN &&
89 os_memcmp(sm->identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) ==
91 registrar = 0; /* Supplicant is Registrar */
92 else if (sm->identity && sm->identity_len == WSC_ID_ENROLLEE_LEN &&
93 os_memcmp(sm->identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN)
95 registrar = 1; /* Supplicant is Enrollee */
97 wpa_hexdump_ascii(MSG_INFO, "EAP-WSC: Unexpected identity",
98 sm->identity, sm->identity_len);
102 data = os_zalloc(sizeof(*data));
105 data->state = registrar ? START : MSG;
106 data->registrar = registrar;
108 os_memset(&cfg, 0, sizeof(cfg));
110 cfg.registrar = registrar;
112 if (sm->wps == NULL || sm->wps->registrar == NULL) {
113 wpa_printf(MSG_INFO, "EAP-WSC: WPS Registrar not "
119 if (sm->user == NULL || sm->user->password == NULL) {
120 wpa_printf(MSG_INFO, "EAP-WSC: No AP PIN (password) "
121 "configured for Enrollee functionality");
125 cfg.pin = sm->user->password;
126 cfg.pin_len = sm->user->password_len;
128 cfg.assoc_wps_ie = sm->assoc_wps_ie;
129 cfg.peer_addr = sm->peer_addr;
130 if (0 /* TODO: could provide option for forcing PSK format */)
132 data->wps = wps_init(&cfg);
133 if (data->wps == NULL) {
137 data->fragment_size = WSC_FRAGMENT_SIZE;
143 static void eap_wsc_reset(struct eap_sm *sm, void *priv)
145 struct eap_wsc_data *data = priv;
146 eloop_cancel_timeout(eap_wsc_ext_reg_timeout, sm, data);
147 wpabuf_free(data->in_buf);
148 wpabuf_free(data->out_buf);
149 wps_deinit(data->wps);
154 static struct wpabuf * eap_wsc_build_start(struct eap_sm *sm,
155 struct eap_wsc_data *data, u8 id)
159 req = eap_msg_alloc(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC, 2,
160 EAP_CODE_REQUEST, id);
162 wpa_printf(MSG_ERROR, "EAP-WSC: Failed to allocate memory for "
167 wpa_printf(MSG_DEBUG, "EAP-WSC: Send WSC/Start");
168 wpabuf_put_u8(req, WSC_Start); /* Op-Code */
169 wpabuf_put_u8(req, 0); /* Flags */
175 static struct wpabuf * eap_wsc_build_msg(struct eap_wsc_data *data, u8 id)
179 size_t send_len, plen;
182 send_len = wpabuf_len(data->out_buf) - data->out_used;
183 if (2 + send_len > data->fragment_size) {
184 send_len = data->fragment_size - 2;
185 flags |= WSC_FLAGS_MF;
186 if (data->out_used == 0) {
187 flags |= WSC_FLAGS_LF;
192 if (flags & WSC_FLAGS_LF)
194 req = eap_msg_alloc(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC, plen,
195 EAP_CODE_REQUEST, id);
197 wpa_printf(MSG_ERROR, "EAP-WSC: Failed to allocate memory for "
202 wpabuf_put_u8(req, data->out_op_code); /* Op-Code */
203 wpabuf_put_u8(req, flags); /* Flags */
204 if (flags & WSC_FLAGS_LF)
205 wpabuf_put_be16(req, wpabuf_len(data->out_buf));
207 wpabuf_put_data(req, wpabuf_head_u8(data->out_buf) + data->out_used,
209 data->out_used += send_len;
211 if (data->out_used == wpabuf_len(data->out_buf)) {
212 wpa_printf(MSG_DEBUG, "EAP-WSC: Sending out %lu bytes "
213 "(message sent completely)",
214 (unsigned long) send_len);
215 wpabuf_free(data->out_buf);
216 data->out_buf = NULL;
218 eap_wsc_state(data, MSG);
220 wpa_printf(MSG_DEBUG, "EAP-WSC: Sending out %lu bytes "
221 "(%lu more to send)", (unsigned long) send_len,
222 (unsigned long) wpabuf_len(data->out_buf) -
224 eap_wsc_state(data, WAIT_FRAG_ACK);
231 static struct wpabuf * eap_wsc_buildReq(struct eap_sm *sm, void *priv, u8 id)
233 struct eap_wsc_data *data = priv;
235 switch (data->state) {
237 return eap_wsc_build_start(sm, data, id);
239 if (data->out_buf == NULL) {
240 data->out_buf = wps_get_msg(data->wps,
242 if (data->out_buf == NULL) {
243 wpa_printf(MSG_DEBUG, "EAP-WSC: Failed to "
244 "receive message from WPS");
251 return eap_wsc_build_msg(data, id);
253 return eap_wsc_build_frag_ack(id, EAP_CODE_REQUEST);
255 wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected state %d in "
256 "buildReq", data->state);
262 static Boolean eap_wsc_check(struct eap_sm *sm, void *priv,
263 struct wpabuf *respData)
268 pos = eap_hdr_validate(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC,
270 if (pos == NULL || len < 2) {
271 wpa_printf(MSG_INFO, "EAP-WSC: Invalid frame");
279 static int eap_wsc_process_cont(struct eap_wsc_data *data,
280 const u8 *buf, size_t len, u8 op_code)
282 /* Process continuation of a pending message */
283 if (op_code != data->in_op_code) {
284 wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d in "
285 "fragment (expected %d)",
286 op_code, data->in_op_code);
287 eap_wsc_state(data, FAIL);
291 if (len > wpabuf_tailroom(data->in_buf)) {
292 wpa_printf(MSG_DEBUG, "EAP-WSC: Fragment overflow");
293 eap_wsc_state(data, FAIL);
297 wpabuf_put_data(data->in_buf, buf, len);
298 wpa_printf(MSG_DEBUG, "EAP-WSC: Received %lu bytes, waiting for %lu "
299 "bytes more", (unsigned long) len,
300 (unsigned long) wpabuf_tailroom(data->in_buf));
306 static int eap_wsc_process_fragment(struct eap_wsc_data *data,
307 u8 flags, u8 op_code, u16 message_length,
308 const u8 *buf, size_t len)
310 /* Process a fragment that is not the last one of the message */
311 if (data->in_buf == NULL && !(flags & WSC_FLAGS_LF)) {
312 wpa_printf(MSG_DEBUG, "EAP-WSC: No Message Length "
313 "field in a fragmented packet");
317 if (data->in_buf == NULL) {
318 /* First fragment of the message */
319 data->in_buf = wpabuf_alloc(message_length);
320 if (data->in_buf == NULL) {
321 wpa_printf(MSG_DEBUG, "EAP-WSC: No memory for "
325 data->in_op_code = op_code;
326 wpabuf_put_data(data->in_buf, buf, len);
327 wpa_printf(MSG_DEBUG, "EAP-WSC: Received %lu bytes in "
328 "first fragment, waiting for %lu bytes more",
330 (unsigned long) wpabuf_tailroom(data->in_buf));
337 static void eap_wsc_process(struct eap_sm *sm, void *priv,
338 struct wpabuf *respData)
340 struct eap_wsc_data *data = priv;
341 const u8 *start, *pos, *end;
344 u16 message_length = 0;
345 enum wps_process_res res;
346 struct wpabuf tmpbuf;
348 eloop_cancel_timeout(eap_wsc_ext_reg_timeout, sm, data);
349 if (data->ext_reg_timeout) {
350 eap_wsc_state(data, FAIL);
354 pos = eap_hdr_validate(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC,
356 if (pos == NULL || len < 2)
357 return; /* Should not happen; message already verified */
364 if (flags & WSC_FLAGS_LF) {
366 wpa_printf(MSG_DEBUG, "EAP-WSC: Message underflow");
369 message_length = WPA_GET_BE16(pos);
372 if (message_length < end - pos) {
373 wpa_printf(MSG_DEBUG, "EAP-WSC: Invalid Message "
379 wpa_printf(MSG_DEBUG, "EAP-WSC: Received packet: Op-Code %d "
380 "Flags 0x%x Message Length %d",
381 op_code, flags, message_length);
383 if (data->state == WAIT_FRAG_ACK) {
384 if (op_code != WSC_FRAG_ACK) {
385 wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d "
386 "in WAIT_FRAG_ACK state", op_code);
387 eap_wsc_state(data, FAIL);
390 wpa_printf(MSG_DEBUG, "EAP-WSC: Fragment acknowledged");
391 eap_wsc_state(data, MSG);
395 if (op_code != WSC_ACK && op_code != WSC_NACK && op_code != WSC_MSG &&
396 op_code != WSC_Done) {
397 wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d",
399 eap_wsc_state(data, FAIL);
404 eap_wsc_process_cont(data, pos, end - pos, op_code) < 0) {
405 eap_wsc_state(data, FAIL);
409 if (flags & WSC_FLAGS_MF) {
410 if (eap_wsc_process_fragment(data, flags, op_code,
411 message_length, pos, end - pos) <
413 eap_wsc_state(data, FAIL);
415 eap_wsc_state(data, FRAG_ACK);
419 if (data->in_buf == NULL) {
420 /* Wrap unfragmented messages as wpabuf without extra copy */
421 wpabuf_set(&tmpbuf, pos, end - pos);
422 data->in_buf = &tmpbuf;
425 res = wps_process_msg(data->wps, op_code, data->in_buf);
428 wpa_printf(MSG_DEBUG, "EAP-WSC: WPS processing completed "
429 "successfully - report EAP failure");
430 eap_wsc_state(data, FAIL);
433 eap_wsc_state(data, MSG);
436 wpa_printf(MSG_DEBUG, "EAP-WSC: WPS processing failed");
437 eap_wsc_state(data, FAIL);
440 eap_wsc_state(data, MSG);
441 sm->method_pending = METHOD_PENDING_WAIT;
442 eloop_cancel_timeout(eap_wsc_ext_reg_timeout, sm, data);
443 eloop_register_timeout(5, 0, eap_wsc_ext_reg_timeout,
448 if (data->in_buf != &tmpbuf)
449 wpabuf_free(data->in_buf);
454 static Boolean eap_wsc_isDone(struct eap_sm *sm, void *priv)
456 struct eap_wsc_data *data = priv;
457 return data->state == FAIL;
461 static Boolean eap_wsc_isSuccess(struct eap_sm *sm, void *priv)
463 /* EAP-WSC will always result in EAP-Failure */
468 static int eap_wsc_getTimeout(struct eap_sm *sm, void *priv)
470 /* Recommended retransmit times: retransmit timeout 5 seconds,
471 * per-message timeout 15 seconds, i.e., 3 tries. */
472 sm->MaxRetrans = 2; /* total 3 attempts */
477 int eap_server_wsc_register(void)
479 struct eap_method *eap;
482 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
483 EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC,
488 eap->init = eap_wsc_init;
489 eap->reset = eap_wsc_reset;
490 eap->buildReq = eap_wsc_buildReq;
491 eap->check = eap_wsc_check;
492 eap->process = eap_wsc_process;
493 eap->isDone = eap_wsc_isDone;
494 eap->isSuccess = eap_wsc_isSuccess;
495 eap->getTimeout = eap_wsc_getTimeout;
497 ret = eap_server_method_register(eap);
499 eap_server_method_free(eap);