2 * Wi-Fi Protected Setup - Strict protocol validation routines
3 * Copyright (c) 2010, Atheros Communications, Inc.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
15 #include "utils/includes.h"
17 #include "utils/common.h"
22 #ifndef WPS_STRICT_ALL
23 #define WPS_STRICT_WPS2
24 #endif /* WPS_STRICT_ALL */
27 static int wps_validate_version(const u8 *version, int mandatory)
29 if (version == NULL) {
31 wpa_printf(MSG_INFO, "WPS-STRICT: Version attribute "
37 if (*version != 0x10) {
38 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Version attribute "
39 "value 0x%x", *version);
46 static int wps_validate_version2(const u8 *version2, int mandatory)
48 if (version2 == NULL) {
50 wpa_printf(MSG_INFO, "WPS-STRICT: Version2 attribute "
56 if (*version2 < 0x20) {
57 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Version2 attribute "
58 "value 0x%x", *version2);
65 static int wps_validate_request_type(const u8 *request_type, int mandatory)
67 if (request_type == NULL) {
69 wpa_printf(MSG_INFO, "WPS-STRICT: Request Type "
75 if (*request_type > 0x03) {
76 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Request Type "
77 "attribute value 0x%x", *request_type);
84 static int wps_validate_response_type(const u8 *response_type, int mandatory)
86 if (response_type == NULL) {
88 wpa_printf(MSG_INFO, "WPS-STRICT: Response Type "
94 if (*response_type > 0x03) {
95 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Response Type "
96 "attribute value 0x%x", *response_type);
103 static int valid_config_methods(u16 val, int wps2)
106 if ((val & 0x6000) && !(val & WPS_CONFIG_DISPLAY)) {
107 wpa_printf(MSG_INFO, "WPS-STRICT: Physical/Virtual "
108 "Display flag without old Display flag "
112 if (!(val & 0x6000) && (val & WPS_CONFIG_DISPLAY)) {
113 wpa_printf(MSG_INFO, "WPS-STRICT: Display flag "
114 "without Physical/Virtual Display flag");
117 if ((val & 0x0600) && !(val & WPS_CONFIG_PUSHBUTTON)) {
118 wpa_printf(MSG_INFO, "WPS-STRICT: Physical/Virtual "
119 "PushButton flag without old PushButton "
123 if (!(val & 0x0600) && (val & WPS_CONFIG_PUSHBUTTON)) {
124 wpa_printf(MSG_INFO, "WPS-STRICT: PushButton flag "
125 "without Physical/Virtual PushButton flag");
134 static int wps_validate_config_methods(const u8 *config_methods, int wps2,
139 if (config_methods == NULL) {
141 wpa_printf(MSG_INFO, "WPS-STRICT: Configuration "
142 "Methods attribute missing");
148 val = WPA_GET_BE16(config_methods);
149 if (!valid_config_methods(val, wps2)) {
150 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration "
151 "Methods attribute value 0x%04x", val);
158 static int wps_validate_ap_config_methods(const u8 *config_methods, int wps2,
163 if (wps_validate_config_methods(config_methods, wps2, mandatory) < 0)
165 if (config_methods == NULL)
167 val = WPA_GET_BE16(config_methods);
168 if (val & WPS_CONFIG_PUSHBUTTON) {
169 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration "
170 "Methods attribute value 0x%04x in AP info "
171 "(PushButton not allowed for registering new ER)",
179 static int wps_validate_uuid_e(const u8 *uuid_e, int mandatory)
181 if (uuid_e == NULL) {
183 wpa_printf(MSG_INFO, "WPS-STRICT: UUID-E "
184 "attribute missing");
193 static int wps_validate_uuid_r(const u8 *uuid_r, int mandatory)
195 if (uuid_r == NULL) {
197 wpa_printf(MSG_INFO, "WPS-STRICT: UUID-R "
198 "attribute missing");
207 static int wps_validate_primary_dev_type(const u8 *primary_dev_type,
210 if (primary_dev_type == NULL) {
212 wpa_printf(MSG_INFO, "WPS-STRICT: Primary Device Type "
213 "attribute missing");
222 static int wps_validate_rf_bands(const u8 *rf_bands, int mandatory)
224 if (rf_bands == NULL) {
226 wpa_printf(MSG_INFO, "WPS-STRICT: RF Bands "
227 "attribute missing");
232 if (*rf_bands != WPS_RF_24GHZ && *rf_bands != WPS_RF_50GHZ &&
233 *rf_bands != (WPS_RF_24GHZ | WPS_RF_50GHZ)) {
234 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Rf Bands "
235 "attribute value 0x%x", *rf_bands);
242 static int wps_validate_assoc_state(const u8 *assoc_state, int mandatory)
245 if (assoc_state == NULL) {
247 wpa_printf(MSG_INFO, "WPS-STRICT: Association State "
248 "attribute missing");
253 val = WPA_GET_BE16(assoc_state);
255 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Association State "
256 "attribute value 0x%04x", val);
263 static int wps_validate_config_error(const u8 *config_error, int mandatory)
267 if (config_error == NULL) {
269 wpa_printf(MSG_INFO, "WPS-STRICT: Configuration Error "
270 "attribute missing");
275 val = WPA_GET_BE16(config_error);
277 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration Error "
278 "attribute value 0x%04x", val);
285 static int wps_validate_dev_password_id(const u8 *dev_password_id,
290 if (dev_password_id == NULL) {
292 wpa_printf(MSG_INFO, "WPS-STRICT: Device Password ID "
293 "attribute missing");
298 val = WPA_GET_BE16(dev_password_id);
299 if (val >= 0x0006 && val <= 0x000f) {
300 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Device Password ID "
301 "attribute value 0x%04x", val);
308 static int wps_validate_manufacturer(const u8 *manufacturer, size_t len,
311 if (manufacturer == NULL) {
313 wpa_printf(MSG_INFO, "WPS-STRICT: Manufacturer "
314 "attribute missing");
319 if (len > 0 && manufacturer[len - 1] == 0) {
320 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Manufacturer "
321 "attribute value", manufacturer, len);
328 static int wps_validate_model_name(const u8 *model_name, size_t len,
331 if (model_name == NULL) {
333 wpa_printf(MSG_INFO, "WPS-STRICT: Model Name "
334 "attribute missing");
339 if (len > 0 && model_name[len - 1] == 0) {
340 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Model Name "
341 "attribute value", model_name, len);
348 static int wps_validate_model_number(const u8 *model_number, size_t len,
351 if (model_number == NULL) {
353 wpa_printf(MSG_INFO, "WPS-STRICT: Model Number "
354 "attribute missing");
359 if (len > 0 && model_number[len - 1] == 0) {
360 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Model Number "
361 "attribute value", model_number, len);
368 static int wps_validate_serial_number(const u8 *serial_number, size_t len,
371 if (serial_number == NULL) {
373 wpa_printf(MSG_INFO, "WPS-STRICT: Serial Number "
374 "attribute missing");
379 if (len > 0 && serial_number[len - 1] == 0) {
380 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Serial "
381 "Number attribute value",
389 static int wps_validate_dev_name(const u8 *dev_name, size_t len,
392 if (dev_name == NULL) {
394 wpa_printf(MSG_INFO, "WPS-STRICT: Device Name "
395 "attribute missing");
400 if (len > 0 && dev_name[len - 1] == 0) {
401 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Device Name "
402 "attribute value", dev_name, len);
409 static int wps_validate_request_to_enroll(const u8 *request_to_enroll,
412 if (request_to_enroll == NULL) {
414 wpa_printf(MSG_INFO, "WPS-STRICT: Request to Enroll "
415 "attribute missing");
420 if (*request_to_enroll > 0x01) {
421 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Request to Enroll "
422 "attribute value 0x%x", *request_to_enroll);
429 static int wps_validate_req_dev_type(const u8 *req_dev_type[], size_t num,
434 wpa_printf(MSG_INFO, "WPS-STRICT: Requested Device "
435 "Type attribute missing");
444 static int wps_validate_wps_state(const u8 *wps_state, int mandatory)
446 if (wps_state == NULL) {
448 wpa_printf(MSG_INFO, "WPS-STRICT: Wi-Fi Protected "
449 "Setup State attribute missing");
454 if (*wps_state != WPS_STATE_NOT_CONFIGURED &&
455 *wps_state != WPS_STATE_CONFIGURED) {
456 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Wi-Fi Protected "
457 "Setup State attribute value 0x%x", *wps_state);
464 static int wps_validate_ap_setup_locked(const u8 *ap_setup_locked,
467 if (ap_setup_locked == NULL) {
469 wpa_printf(MSG_INFO, "WPS-STRICT: AP Setup Locked "
470 "attribute missing");
475 if (*ap_setup_locked > 1) {
476 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid AP Setup Locked "
477 "attribute value 0x%x", *ap_setup_locked);
484 static int wps_validate_selected_registrar(const u8 *selected_registrar,
487 if (selected_registrar == NULL) {
489 wpa_printf(MSG_INFO, "WPS-STRICT: Selected Registrar "
490 "attribute missing");
495 if (*selected_registrar > 1) {
496 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Selected Registrar "
497 "attribute value 0x%x", *selected_registrar);
504 static int wps_validate_sel_reg_config_methods(const u8 *config_methods,
505 int wps2, int mandatory)
509 if (config_methods == NULL) {
511 wpa_printf(MSG_INFO, "WPS-STRICT: Selected Registrar "
512 "Configuration Methods attribute missing");
518 val = WPA_GET_BE16(config_methods);
519 if (!valid_config_methods(val, wps2)) {
520 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Selected Registrar "
521 "Configuration Methods attribute value 0x%04x",
529 static int wps_validate_authorized_macs(const u8 *authorized_macs, size_t len,
532 if (authorized_macs == NULL) {
534 wpa_printf(MSG_INFO, "WPS-STRICT: Authorized MACs "
535 "attribute missing");
540 if (len > 30 && (len % ETH_ALEN) != 0) {
541 wpa_hexdump(MSG_INFO, "WPS-STRICT: Invalid Authorized "
542 "MACs attribute value", authorized_macs, len);
549 static int wps_validate_msg_type(const u8 *msg_type, int mandatory)
551 if (msg_type == NULL) {
553 wpa_printf(MSG_INFO, "WPS-STRICT: Message Type "
554 "attribute missing");
559 if (*msg_type < WPS_Beacon || *msg_type > WPS_WSC_DONE) {
560 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Message Type "
561 "attribute value 0x%x", *msg_type);
568 static int wps_validate_mac_addr(const u8 *mac_addr, int mandatory)
570 if (mac_addr == NULL) {
572 wpa_printf(MSG_INFO, "WPS-STRICT: MAC Address "
573 "attribute missing");
578 if (mac_addr[0] & 0x01) {
579 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid MAC Address "
580 "attribute value " MACSTR, MAC2STR(mac_addr));
587 static int wps_validate_enrollee_nonce(const u8 *enrollee_nonce, int mandatory)
589 if (enrollee_nonce == NULL) {
591 wpa_printf(MSG_INFO, "WPS-STRICT: Enrollee Nonce "
592 "attribute missing");
601 static int wps_validate_registrar_nonce(const u8 *registrar_nonce,
604 if (registrar_nonce == NULL) {
606 wpa_printf(MSG_INFO, "WPS-STRICT: Registrar Nonce "
607 "attribute missing");
616 static int wps_validate_public_key(const u8 *public_key, size_t len,
619 if (public_key == NULL) {
621 wpa_printf(MSG_INFO, "WPS-STRICT: Public Key "
622 "attribute missing");
628 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Public Key "
629 "attribute length %d", (int) len);
636 static int num_bits_set(u16 val)
639 for (c = 0; val; c++)
645 static int wps_validate_auth_type_flags(const u8 *flags, int mandatory)
651 wpa_printf(MSG_INFO, "WPS-STRICT: Authentication Type "
652 "Flags attribute missing");
657 val = WPA_GET_BE16(flags);
658 if ((val & ~WPS_AUTH_TYPES) || !(val & WPS_AUTH_WPA2PSK)) {
659 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Authentication Type "
660 "Flags attribute value 0x%04x", val);
667 static int wps_validate_auth_type(const u8 *type, int mandatory)
673 wpa_printf(MSG_INFO, "WPS-STRICT: Authentication Type "
674 "attribute missing");
679 val = WPA_GET_BE16(type);
680 if ((val & ~WPS_AUTH_TYPES) || val == 0 ||
681 (num_bits_set(val) > 1 &&
682 val != (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK))) {
683 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Authentication Type "
684 "attribute value 0x%04x", val);
691 static int wps_validate_encr_type_flags(const u8 *flags, int mandatory)
697 wpa_printf(MSG_INFO, "WPS-STRICT: Encryption Type "
698 "Flags attribute missing");
703 val = WPA_GET_BE16(flags);
704 if ((val & ~WPS_ENCR_TYPES) || !(val & WPS_ENCR_AES)) {
705 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encryption Type "
706 "Flags attribute value 0x%04x", val);
713 static int wps_validate_encr_type(const u8 *type, int mandatory)
719 wpa_printf(MSG_INFO, "WPS-STRICT: Encryption Type "
720 "attribute missing");
725 val = WPA_GET_BE16(type);
726 if ((val & ~WPS_ENCR_TYPES) || val == 0 ||
727 (num_bits_set(val) > 1 && val != (WPS_ENCR_TKIP | WPS_ENCR_AES))) {
728 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encryption Type "
729 "attribute value 0x%04x", val);
736 static int wps_validate_conn_type_flags(const u8 *flags, int mandatory)
740 wpa_printf(MSG_INFO, "WPS-STRICT: Connection Type "
741 "Flags attribute missing");
746 if ((*flags & ~(WPS_CONN_ESS | WPS_CONN_IBSS)) ||
747 !(*flags & WPS_CONN_ESS)) {
748 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Connection Type "
749 "Flags attribute value 0x%02x", *flags);
756 static int wps_validate_os_version(const u8 *os_version, int mandatory)
758 if (os_version == NULL) {
760 wpa_printf(MSG_INFO, "WPS-STRICT: OS Version "
761 "attribute missing");
770 static int wps_validate_authenticator(const u8 *authenticator, int mandatory)
772 if (authenticator == NULL) {
774 wpa_printf(MSG_INFO, "WPS-STRICT: Authenticator "
775 "attribute missing");
784 static int wps_validate_e_hash1(const u8 *hash, int mandatory)
788 wpa_printf(MSG_INFO, "WPS-STRICT: E-Hash1 "
789 "attribute missing");
798 static int wps_validate_e_hash2(const u8 *hash, int mandatory)
802 wpa_printf(MSG_INFO, "WPS-STRICT: E-Hash2 "
803 "attribute missing");
812 static int wps_validate_r_hash1(const u8 *hash, int mandatory)
816 wpa_printf(MSG_INFO, "WPS-STRICT: R-Hash1 "
817 "attribute missing");
826 static int wps_validate_r_hash2(const u8 *hash, int mandatory)
830 wpa_printf(MSG_INFO, "WPS-STRICT: R-Hash2 "
831 "attribute missing");
840 static int wps_validate_encr_settings(const u8 *encr_settings, size_t len,
843 if (encr_settings == NULL) {
845 wpa_printf(MSG_INFO, "WPS-STRICT: Encrypted Settings "
846 "attribute missing");
852 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encrypted Settings "
853 "attribute length %d", (int) len);
860 static int wps_validate_settings_delay_time(const u8 *delay, int mandatory)
864 wpa_printf(MSG_INFO, "WPS-STRICT: Settings Delay Time "
865 "attribute missing");
874 static int wps_validate_r_snonce1(const u8 *nonce, int mandatory)
878 wpa_printf(MSG_INFO, "WPS-STRICT: R-SNonce1 "
879 "attribute missing");
888 static int wps_validate_r_snonce2(const u8 *nonce, int mandatory)
892 wpa_printf(MSG_INFO, "WPS-STRICT: R-SNonce2 "
893 "attribute missing");
902 static int wps_validate_e_snonce1(const u8 *nonce, int mandatory)
906 wpa_printf(MSG_INFO, "WPS-STRICT: E-SNonce1 "
907 "attribute missing");
916 static int wps_validate_e_snonce2(const u8 *nonce, int mandatory)
920 wpa_printf(MSG_INFO, "WPS-STRICT: E-SNonce2 "
921 "attribute missing");
930 static int wps_validate_key_wrap_auth(const u8 *auth, int mandatory)
934 wpa_printf(MSG_INFO, "WPS-STRICT: Key Wrap "
935 "Authenticator attribute missing");
944 static int wps_validate_ssid(const u8 *ssid, size_t ssid_len, int mandatory)
948 wpa_printf(MSG_INFO, "WPS-STRICT: SSID "
949 "attribute missing");
954 if (ssid_len == 0 || ssid[ssid_len - 1] == 0) {
955 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid SSID "
956 "attribute value", ssid, ssid_len);
963 static int wps_validate_network_key_index(const u8 *idx, int mandatory)
967 wpa_printf(MSG_INFO, "WPS-STRICT: Network Key Index "
968 "attribute missing");
977 static int wps_validate_network_idx(const u8 *idx, int mandatory)
981 wpa_printf(MSG_INFO, "WPS-STRICT: Network Index "
982 "attribute missing");
991 static int wps_validate_network_key(const u8 *key, size_t key_len,
992 const u8 *encr_type, int mandatory)
996 wpa_printf(MSG_INFO, "WPS-STRICT: Network Key "
997 "attribute missing");
1002 if (((encr_type == NULL || WPA_GET_BE16(encr_type) != WPS_ENCR_WEP) &&
1003 key_len > 8 && key_len < 64 && key[key_len - 1] == 0) ||
1005 wpa_hexdump_ascii_key(MSG_INFO, "WPS-STRICT: Invalid Network "
1006 "Key attribute value", key, key_len);
1013 static int wps_validate_network_key_shareable(const u8 *val, int mandatory)
1017 wpa_printf(MSG_INFO, "WPS-STRICT: Network Key "
1018 "Shareable attribute missing");
1024 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Network Key "
1025 "Shareable attribute value 0x%x", *val);
1032 static int wps_validate_cred(const u8 *cred, size_t len)
1034 struct wps_parse_attr attr;
1039 wpabuf_set(&buf, cred, len);
1040 if (wps_parse_msg(&buf, &attr) < 0) {
1041 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse Credential");
1045 if (wps_validate_network_idx(attr.network_idx, 1) ||
1046 wps_validate_ssid(attr.ssid, attr.ssid_len, 1) ||
1047 wps_validate_auth_type(attr.auth_type, 1) ||
1048 wps_validate_encr_type(attr.encr_type, 1) ||
1049 wps_validate_network_key_index(attr.network_key_idx, 0) ||
1050 wps_validate_network_key(attr.network_key, attr.network_key_len,
1051 attr.encr_type, 1) ||
1052 wps_validate_mac_addr(attr.mac_addr, 1) ||
1053 wps_validate_network_key_shareable(attr.network_key_shareable, 0))
1055 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Credential");
1064 static int wps_validate_credential(const u8 *cred[], size_t len[], size_t num,
1071 wpa_printf(MSG_INFO, "WPS-STRICT: Credential "
1072 "attribute missing");
1078 for (i = 0; i < num; i++) {
1079 if (wps_validate_cred(cred[i], len[i]) < 0)
1087 int wps_validate_beacon(const struct wpabuf *wps_ie)
1089 struct wps_parse_attr attr;
1092 if (wps_ie == NULL) {
1093 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in Beacon frame");
1096 if (wps_parse_msg(wps_ie, &attr) < 0) {
1097 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1102 wps2 = attr.version2 != NULL;
1103 sel_reg = attr.selected_registrar != NULL &&
1104 *attr.selected_registrar != 0;
1105 if (wps_validate_version(attr.version, 1) ||
1106 wps_validate_wps_state(attr.wps_state, 1) ||
1107 wps_validate_ap_setup_locked(attr.ap_setup_locked, 0) ||
1108 wps_validate_selected_registrar(attr.selected_registrar, 0) ||
1109 wps_validate_dev_password_id(attr.dev_password_id, sel_reg) ||
1110 wps_validate_sel_reg_config_methods(attr.sel_reg_config_methods,
1112 wps_validate_uuid_e(attr.uuid_e, 0) ||
1113 wps_validate_rf_bands(attr.rf_bands, 0) ||
1114 wps_validate_version2(attr.version2, wps2) ||
1115 wps_validate_authorized_macs(attr.authorized_macs,
1116 attr.authorized_macs_len, 0)) {
1117 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Beacon frame");
1125 int wps_validate_beacon_probe_resp(const struct wpabuf *wps_ie, int probe)
1127 struct wps_parse_attr attr;
1130 if (wps_ie == NULL) {
1131 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1132 "%sProbe Response frame", probe ? "" : "Beacon/");
1135 if (wps_parse_msg(wps_ie, &attr) < 0) {
1136 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1137 "%sProbe Response frame", probe ? "" : "Beacon/");
1141 wps2 = attr.version2 != NULL;
1142 sel_reg = attr.selected_registrar != NULL &&
1143 *attr.selected_registrar != 0;
1144 if (wps_validate_version(attr.version, 1) ||
1145 wps_validate_wps_state(attr.wps_state, 1) ||
1146 wps_validate_ap_setup_locked(attr.ap_setup_locked, 0) ||
1147 wps_validate_selected_registrar(attr.selected_registrar, 0) ||
1148 wps_validate_dev_password_id(attr.dev_password_id, sel_reg) ||
1149 wps_validate_sel_reg_config_methods(attr.sel_reg_config_methods,
1151 wps_validate_response_type(attr.response_type, probe) ||
1152 wps_validate_uuid_e(attr.uuid_e, probe) ||
1153 wps_validate_manufacturer(attr.manufacturer, attr.manufacturer_len,
1155 wps_validate_model_name(attr.model_name, attr.model_name_len,
1157 wps_validate_model_number(attr.model_number, attr.model_number_len,
1159 wps_validate_serial_number(attr.serial_number,
1160 attr.serial_number_len, probe) ||
1161 wps_validate_primary_dev_type(attr.primary_dev_type, probe) ||
1162 wps_validate_dev_name(attr.dev_name, attr.dev_name_len, probe) ||
1163 wps_validate_ap_config_methods(attr.config_methods, wps2, probe) ||
1164 wps_validate_rf_bands(attr.rf_bands, 0) ||
1165 wps_validate_version2(attr.version2, wps2) ||
1166 wps_validate_authorized_macs(attr.authorized_macs,
1167 attr.authorized_macs_len, 0)) {
1168 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid %sProbe Response "
1169 "frame", probe ? "" : "Beacon/");
1170 #ifdef WPS_STRICT_WPS2
1173 #else /* WPS_STRICT_WPS2 */
1175 #endif /* WPS_STRICT_WPS2 */
1182 int wps_validate_probe_req(const struct wpabuf *wps_ie)
1184 struct wps_parse_attr attr;
1187 if (wps_ie == NULL) {
1188 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1189 "Probe Request frame");
1192 if (wps_parse_msg(wps_ie, &attr) < 0) {
1193 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1194 "Probe Request frame");
1198 wps2 = attr.version2 != NULL;
1199 if (wps_validate_version(attr.version, 1) ||
1200 wps_validate_request_type(attr.request_type, 1) ||
1201 wps_validate_config_methods(attr.config_methods, wps2, 1) ||
1202 wps_validate_uuid_e(attr.uuid_e, attr.uuid_r == NULL) ||
1203 wps_validate_uuid_r(attr.uuid_r, attr.uuid_e == NULL) ||
1204 wps_validate_primary_dev_type(attr.primary_dev_type, 1) ||
1205 wps_validate_rf_bands(attr.rf_bands, 1) ||
1206 wps_validate_assoc_state(attr.assoc_state, 1) ||
1207 wps_validate_config_error(attr.config_error, 1) ||
1208 wps_validate_dev_password_id(attr.dev_password_id, 1) ||
1209 wps_validate_version2(attr.version2, wps2) ||
1210 wps_validate_manufacturer(attr.manufacturer, attr.manufacturer_len,
1212 wps_validate_model_name(attr.model_name, attr.model_name_len,
1214 wps_validate_model_number(attr.model_number, attr.model_number_len,
1216 wps_validate_dev_name(attr.dev_name, attr.dev_name_len, wps2) ||
1217 wps_validate_request_to_enroll(attr.request_to_enroll, 0) ||
1218 wps_validate_req_dev_type(attr.req_dev_type, attr.num_req_dev_type,
1220 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Probe Request "
1229 int wps_validate_assoc_req(const struct wpabuf *wps_ie)
1231 struct wps_parse_attr attr;
1234 if (wps_ie == NULL) {
1235 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1236 "(Re)Association Request frame");
1239 if (wps_parse_msg(wps_ie, &attr) < 0) {
1240 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1241 "(Re)Association Request frame");
1245 wps2 = attr.version2 != NULL;
1246 if (wps_validate_version(attr.version, 1) ||
1247 wps_validate_request_type(attr.request_type, 1) ||
1248 wps_validate_version2(attr.version2, wps2)) {
1249 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid (Re)Association "
1258 int wps_validate_assoc_resp(const struct wpabuf *wps_ie)
1260 struct wps_parse_attr attr;
1263 if (wps_ie == NULL) {
1264 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1265 "(Re)Association Response frame");
1268 if (wps_parse_msg(wps_ie, &attr) < 0) {
1269 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1270 "(Re)Association Response frame");
1274 wps2 = attr.version2 != NULL;
1275 if (wps_validate_version(attr.version, 1) ||
1276 wps_validate_request_type(attr.request_type, 1) ||
1277 wps_validate_version2(attr.version2, wps2)) {
1278 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid (Re)Association "
1287 int wps_validate_m1(const struct wpabuf *tlvs)
1289 struct wps_parse_attr attr;
1293 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M1");
1296 if (wps_parse_msg(tlvs, &attr) < 0) {
1297 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1302 wps2 = attr.version2 != NULL;
1303 if (wps_validate_version(attr.version, 1) ||
1304 wps_validate_msg_type(attr.msg_type, 1) ||
1305 wps_validate_uuid_e(attr.uuid_e, 1) ||
1306 wps_validate_mac_addr(attr.mac_addr, 1) ||
1307 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1308 wps_validate_public_key(attr.public_key, attr.public_key_len, 1) ||
1309 wps_validate_auth_type_flags(attr.auth_type_flags, 1) ||
1310 wps_validate_encr_type_flags(attr.encr_type_flags, 1) ||
1311 wps_validate_conn_type_flags(attr.conn_type_flags, 1) ||
1312 wps_validate_config_methods(attr.config_methods, wps2, 1) ||
1313 wps_validate_wps_state(attr.wps_state, 1) ||
1314 wps_validate_manufacturer(attr.manufacturer, attr.manufacturer_len,
1316 wps_validate_model_name(attr.model_name, attr.model_name_len, 1) ||
1317 wps_validate_model_number(attr.model_number, attr.model_number_len,
1319 wps_validate_serial_number(attr.serial_number,
1320 attr.serial_number_len, 1) ||
1321 wps_validate_primary_dev_type(attr.primary_dev_type, 1) ||
1322 wps_validate_dev_name(attr.dev_name, attr.dev_name_len, 1) ||
1323 wps_validate_rf_bands(attr.rf_bands, 1) ||
1324 wps_validate_assoc_state(attr.assoc_state, 1) ||
1325 wps_validate_dev_password_id(attr.dev_password_id, 1) ||
1326 wps_validate_config_error(attr.config_error, 1) ||
1327 wps_validate_os_version(attr.os_version, 1) ||
1328 wps_validate_version2(attr.version2, wps2) ||
1329 wps_validate_request_to_enroll(attr.request_to_enroll, 0)) {
1330 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M1");
1331 #ifdef WPS_STRICT_WPS2
1334 #else /* WPS_STRICT_WPS2 */
1336 #endif /* WPS_STRICT_WPS2 */
1343 int wps_validate_m2(const struct wpabuf *tlvs)
1345 struct wps_parse_attr attr;
1349 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M2");
1352 if (wps_parse_msg(tlvs, &attr) < 0) {
1353 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1358 wps2 = attr.version2 != NULL;
1359 if (wps_validate_version(attr.version, 1) ||
1360 wps_validate_msg_type(attr.msg_type, 1) ||
1361 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1362 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1363 wps_validate_uuid_r(attr.uuid_r, 1) ||
1364 wps_validate_public_key(attr.public_key, attr.public_key_len, 1) ||
1365 wps_validate_auth_type_flags(attr.auth_type_flags, 1) ||
1366 wps_validate_encr_type_flags(attr.encr_type_flags, 1) ||
1367 wps_validate_conn_type_flags(attr.conn_type_flags, 1) ||
1368 wps_validate_config_methods(attr.config_methods, wps2, 1) ||
1369 wps_validate_manufacturer(attr.manufacturer, attr.manufacturer_len,
1371 wps_validate_model_name(attr.model_name, attr.model_name_len, 1) ||
1372 wps_validate_model_number(attr.model_number, attr.model_number_len,
1374 wps_validate_serial_number(attr.serial_number,
1375 attr.serial_number_len, 1) ||
1376 wps_validate_primary_dev_type(attr.primary_dev_type, 1) ||
1377 wps_validate_dev_name(attr.dev_name, attr.dev_name_len, 1) ||
1378 wps_validate_rf_bands(attr.rf_bands, 1) ||
1379 wps_validate_assoc_state(attr.assoc_state, 1) ||
1380 wps_validate_config_error(attr.config_error, 1) ||
1381 wps_validate_dev_password_id(attr.dev_password_id, 1) ||
1382 wps_validate_os_version(attr.os_version, 1) ||
1383 wps_validate_version2(attr.version2, wps2) ||
1384 wps_validate_authenticator(attr.authenticator, 1)) {
1385 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M2");
1386 #ifdef WPS_STRICT_WPS2
1389 #else /* WPS_STRICT_WPS2 */
1391 #endif /* WPS_STRICT_WPS2 */
1398 int wps_validate_m2d(const struct wpabuf *tlvs)
1400 struct wps_parse_attr attr;
1404 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M2D");
1407 if (wps_parse_msg(tlvs, &attr) < 0) {
1408 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1413 wps2 = attr.version2 != NULL;
1414 if (wps_validate_version(attr.version, 1) ||
1415 wps_validate_msg_type(attr.msg_type, 1) ||
1416 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1417 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1418 wps_validate_uuid_r(attr.uuid_r, 1) ||
1419 wps_validate_auth_type_flags(attr.auth_type_flags, 1) ||
1420 wps_validate_encr_type_flags(attr.encr_type_flags, 1) ||
1421 wps_validate_conn_type_flags(attr.conn_type_flags, 1) ||
1422 wps_validate_config_methods(attr.config_methods, wps2, 1) ||
1423 wps_validate_manufacturer(attr.manufacturer, attr.manufacturer_len,
1425 wps_validate_model_name(attr.model_name, attr.model_name_len, 1) ||
1426 wps_validate_model_number(attr.model_number, attr.model_number_len,
1428 wps_validate_serial_number(attr.serial_number,
1429 attr.serial_number_len, 1) ||
1430 wps_validate_primary_dev_type(attr.primary_dev_type, 1) ||
1431 wps_validate_dev_name(attr.dev_name, attr.dev_name_len, 1) ||
1432 wps_validate_rf_bands(attr.rf_bands, 1) ||
1433 wps_validate_assoc_state(attr.assoc_state, 1) ||
1434 wps_validate_config_error(attr.config_error, 1) ||
1435 wps_validate_os_version(attr.os_version, 1) ||
1436 wps_validate_version2(attr.version2, wps2)) {
1437 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M2D");
1438 #ifdef WPS_STRICT_WPS2
1441 #else /* WPS_STRICT_WPS2 */
1443 #endif /* WPS_STRICT_WPS2 */
1450 int wps_validate_m3(const struct wpabuf *tlvs)
1452 struct wps_parse_attr attr;
1456 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M3");
1459 if (wps_parse_msg(tlvs, &attr) < 0) {
1460 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1465 wps2 = attr.version2 != NULL;
1466 if (wps_validate_version(attr.version, 1) ||
1467 wps_validate_msg_type(attr.msg_type, 1) ||
1468 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1469 wps_validate_e_hash1(attr.e_hash1, 1) ||
1470 wps_validate_e_hash2(attr.e_hash2, 1) ||
1471 wps_validate_version2(attr.version2, wps2) ||
1472 wps_validate_authenticator(attr.authenticator, 1)) {
1473 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M3");
1474 #ifdef WPS_STRICT_WPS2
1477 #else /* WPS_STRICT_WPS2 */
1479 #endif /* WPS_STRICT_WPS2 */
1486 int wps_validate_m4(const struct wpabuf *tlvs)
1488 struct wps_parse_attr attr;
1492 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M4");
1495 if (wps_parse_msg(tlvs, &attr) < 0) {
1496 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1501 wps2 = attr.version2 != NULL;
1502 if (wps_validate_version(attr.version, 1) ||
1503 wps_validate_msg_type(attr.msg_type, 1) ||
1504 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1505 wps_validate_r_hash1(attr.r_hash1, 1) ||
1506 wps_validate_r_hash2(attr.r_hash2, 1) ||
1507 wps_validate_encr_settings(attr.encr_settings,
1508 attr.encr_settings_len, 1) ||
1509 wps_validate_version2(attr.version2, wps2) ||
1510 wps_validate_authenticator(attr.authenticator, 1)) {
1511 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M4");
1512 #ifdef WPS_STRICT_WPS2
1515 #else /* WPS_STRICT_WPS2 */
1517 #endif /* WPS_STRICT_WPS2 */
1524 int wps_validate_m4_encr(const struct wpabuf *tlvs)
1526 struct wps_parse_attr attr;
1530 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M4 encrypted "
1534 if (wps_parse_msg(tlvs, &attr) < 0) {
1535 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1536 "in M4 encrypted settings");
1540 wps2 = attr.version2 != NULL;
1541 if (wps_validate_r_snonce1(attr.r_snonce1, 1) ||
1542 wps_validate_key_wrap_auth(attr.key_wrap_auth, 1)) {
1543 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M4 encrypted "
1545 #ifdef WPS_STRICT_WPS2
1548 #else /* WPS_STRICT_WPS2 */
1550 #endif /* WPS_STRICT_WPS2 */
1557 int wps_validate_m5(const struct wpabuf *tlvs)
1559 struct wps_parse_attr attr;
1563 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M5");
1566 if (wps_parse_msg(tlvs, &attr) < 0) {
1567 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1572 wps2 = attr.version2 != NULL;
1573 if (wps_validate_version(attr.version, 1) ||
1574 wps_validate_msg_type(attr.msg_type, 1) ||
1575 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1576 wps_validate_encr_settings(attr.encr_settings,
1577 attr.encr_settings_len, 1) ||
1578 wps_validate_version2(attr.version2, wps2) ||
1579 wps_validate_authenticator(attr.authenticator, 1)) {
1580 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M5");
1581 #ifdef WPS_STRICT_WPS2
1584 #else /* WPS_STRICT_WPS2 */
1586 #endif /* WPS_STRICT_WPS2 */
1593 int wps_validate_m5_encr(const struct wpabuf *tlvs)
1595 struct wps_parse_attr attr;
1599 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M5 encrypted "
1603 if (wps_parse_msg(tlvs, &attr) < 0) {
1604 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1605 "in M5 encrypted settings");
1609 wps2 = attr.version2 != NULL;
1610 if (wps_validate_e_snonce1(attr.e_snonce1, 1) ||
1611 wps_validate_key_wrap_auth(attr.key_wrap_auth, 1)) {
1612 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M5 encrypted "
1614 #ifdef WPS_STRICT_WPS2
1617 #else /* WPS_STRICT_WPS2 */
1619 #endif /* WPS_STRICT_WPS2 */
1626 int wps_validate_m6(const struct wpabuf *tlvs)
1628 struct wps_parse_attr attr;
1632 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M6");
1635 if (wps_parse_msg(tlvs, &attr) < 0) {
1636 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1641 wps2 = attr.version2 != NULL;
1642 if (wps_validate_version(attr.version, 1) ||
1643 wps_validate_msg_type(attr.msg_type, 1) ||
1644 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1645 wps_validate_encr_settings(attr.encr_settings,
1646 attr.encr_settings_len, 1) ||
1647 wps_validate_version2(attr.version2, wps2) ||
1648 wps_validate_authenticator(attr.authenticator, 1)) {
1649 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M6");
1650 #ifdef WPS_STRICT_WPS2
1653 #else /* WPS_STRICT_WPS2 */
1655 #endif /* WPS_STRICT_WPS2 */
1662 int wps_validate_m6_encr(const struct wpabuf *tlvs)
1664 struct wps_parse_attr attr;
1668 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M6 encrypted "
1672 if (wps_parse_msg(tlvs, &attr) < 0) {
1673 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1674 "in M6 encrypted settings");
1678 wps2 = attr.version2 != NULL;
1679 if (wps_validate_r_snonce2(attr.r_snonce2, 1) ||
1680 wps_validate_key_wrap_auth(attr.key_wrap_auth, 1)) {
1681 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M6 encrypted "
1683 #ifdef WPS_STRICT_WPS2
1686 #else /* WPS_STRICT_WPS2 */
1688 #endif /* WPS_STRICT_WPS2 */
1695 int wps_validate_m7(const struct wpabuf *tlvs)
1697 struct wps_parse_attr attr;
1701 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M7");
1704 if (wps_parse_msg(tlvs, &attr) < 0) {
1705 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1710 wps2 = attr.version2 != NULL;
1711 if (wps_validate_version(attr.version, 1) ||
1712 wps_validate_msg_type(attr.msg_type, 1) ||
1713 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1714 wps_validate_encr_settings(attr.encr_settings,
1715 attr.encr_settings_len, 1) ||
1716 wps_validate_settings_delay_time(attr.settings_delay_time, 0) ||
1717 wps_validate_version2(attr.version2, wps2) ||
1718 wps_validate_authenticator(attr.authenticator, 1)) {
1719 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M7");
1720 #ifdef WPS_STRICT_WPS2
1723 #else /* WPS_STRICT_WPS2 */
1725 #endif /* WPS_STRICT_WPS2 */
1732 int wps_validate_m7_encr(const struct wpabuf *tlvs, int ap)
1734 struct wps_parse_attr attr;
1738 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M7 encrypted "
1742 if (wps_parse_msg(tlvs, &attr) < 0) {
1743 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1744 "in M7 encrypted settings");
1748 wps2 = attr.version2 != NULL;
1749 if (wps_validate_e_snonce2(attr.e_snonce2, 1) ||
1750 wps_validate_ssid(attr.ssid, attr.ssid_len, !ap) ||
1751 wps_validate_mac_addr(attr.mac_addr, !ap) ||
1752 wps_validate_auth_type(attr.auth_type, !ap) ||
1753 wps_validate_encr_type(attr.encr_type, !ap) ||
1754 wps_validate_network_key_index(attr.network_key_idx, 0) ||
1755 wps_validate_network_key(attr.network_key, attr.network_key_len,
1756 attr.encr_type, !ap) ||
1757 wps_validate_key_wrap_auth(attr.key_wrap_auth, 1)) {
1758 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M7 encrypted "
1760 #ifdef WPS_STRICT_WPS2
1763 #else /* WPS_STRICT_WPS2 */
1765 #endif /* WPS_STRICT_WPS2 */
1772 int wps_validate_m8(const struct wpabuf *tlvs)
1774 struct wps_parse_attr attr;
1778 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M8");
1781 if (wps_parse_msg(tlvs, &attr) < 0) {
1782 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1787 wps2 = attr.version2 != NULL;
1788 if (wps_validate_version(attr.version, 1) ||
1789 wps_validate_msg_type(attr.msg_type, 1) ||
1790 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1791 wps_validate_encr_settings(attr.encr_settings,
1792 attr.encr_settings_len, 1) ||
1793 wps_validate_version2(attr.version2, wps2) ||
1794 wps_validate_authenticator(attr.authenticator, 1)) {
1795 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M8");
1796 #ifdef WPS_STRICT_WPS2
1799 #else /* WPS_STRICT_WPS2 */
1801 #endif /* WPS_STRICT_WPS2 */
1808 int wps_validate_m8_encr(const struct wpabuf *tlvs, int ap)
1810 struct wps_parse_attr attr;
1814 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M8 encrypted "
1818 if (wps_parse_msg(tlvs, &attr) < 0) {
1819 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1820 "in M8 encrypted settings");
1824 wps2 = attr.version2 != NULL;
1825 if (wps_validate_ssid(attr.ssid, attr.ssid_len, ap) ||
1826 wps_validate_auth_type(attr.auth_type, ap) ||
1827 wps_validate_encr_type(attr.encr_type, ap) ||
1828 wps_validate_network_key_index(attr.network_key_idx, 0) ||
1829 wps_validate_mac_addr(attr.mac_addr, ap) ||
1830 wps_validate_credential(attr.cred, attr.cred_len, attr.num_cred,
1832 wps_validate_key_wrap_auth(attr.key_wrap_auth, 1)) {
1833 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M8 encrypted "
1835 #ifdef WPS_STRICT_WPS2
1838 #else /* WPS_STRICT_WPS2 */
1840 #endif /* WPS_STRICT_WPS2 */
1847 int wps_validate_wsc_ack(const struct wpabuf *tlvs)
1849 struct wps_parse_attr attr;
1853 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_ACK");
1856 if (wps_parse_msg(tlvs, &attr) < 0) {
1857 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1862 wps2 = attr.version2 != NULL;
1863 if (wps_validate_version(attr.version, 1) ||
1864 wps_validate_msg_type(attr.msg_type, 1) ||
1865 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1866 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1867 wps_validate_version2(attr.version2, wps2)) {
1868 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_ACK");
1869 #ifdef WPS_STRICT_WPS2
1872 #else /* WPS_STRICT_WPS2 */
1874 #endif /* WPS_STRICT_WPS2 */
1881 int wps_validate_wsc_nack(const struct wpabuf *tlvs)
1883 struct wps_parse_attr attr;
1887 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_NACK");
1890 if (wps_parse_msg(tlvs, &attr) < 0) {
1891 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1896 wps2 = attr.version2 != NULL;
1897 if (wps_validate_version(attr.version, 1) ||
1898 wps_validate_msg_type(attr.msg_type, 1) ||
1899 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1900 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1901 wps_validate_config_error(attr.config_error, 1) ||
1902 wps_validate_version2(attr.version2, wps2)) {
1903 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_NACK");
1904 #ifdef WPS_STRICT_WPS2
1907 #else /* WPS_STRICT_WPS2 */
1909 #endif /* WPS_STRICT_WPS2 */
1916 int wps_validate_wsc_done(const struct wpabuf *tlvs)
1918 struct wps_parse_attr attr;
1922 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_Done");
1925 if (wps_parse_msg(tlvs, &attr) < 0) {
1926 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1931 wps2 = attr.version2 != NULL;
1932 if (wps_validate_version(attr.version, 1) ||
1933 wps_validate_msg_type(attr.msg_type, 1) ||
1934 wps_validate_enrollee_nonce(attr.enrollee_nonce, 1) ||
1935 wps_validate_registrar_nonce(attr.registrar_nonce, 1) ||
1936 wps_validate_version2(attr.version2, wps2)) {
1937 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_Done");
1938 #ifdef WPS_STRICT_WPS2
1941 #else /* WPS_STRICT_WPS2 */
1943 #endif /* WPS_STRICT_WPS2 */
1950 int wps_validate_upnp_set_selected_registrar(const struct wpabuf *tlvs)
1952 struct wps_parse_attr attr;
1957 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in "
1958 "SetSelectedRegistrar");
1961 if (wps_parse_msg(tlvs, &attr) < 0) {
1962 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1963 "in SetSelectedRegistrar");
1967 wps2 = attr.version2 != NULL;
1968 sel_reg = attr.selected_registrar != NULL &&
1969 *attr.selected_registrar != 0;
1970 if (wps_validate_version(attr.version, 1) ||
1971 wps_validate_dev_password_id(attr.dev_password_id, sel_reg) ||
1972 wps_validate_sel_reg_config_methods(attr.sel_reg_config_methods,
1974 wps_validate_version2(attr.version2, wps2) ||
1975 wps_validate_authorized_macs(attr.authorized_macs,
1976 attr.authorized_macs_len, wps2) ||
1977 wps_validate_uuid_r(attr.uuid_r, wps2)) {
1978 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid "
1979 "SetSelectedRegistrar");
1980 #ifdef WPS_STRICT_WPS2
1983 #else /* WPS_STRICT_WPS2 */
1985 #endif /* WPS_STRICT_WPS2 */