/*
* Wi-Fi Protected Setup - common functionality
- * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2008-2009, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
#include "includes.h"
#include "common.h"
-#include "dh_groups.h"
-#include "sha256.h"
-#include "aes_wrap.h"
-#include "crypto.h"
+#include "crypto/aes_wrap.h"
+#include "crypto/crypto.h"
+#include "crypto/dh_group5.h"
+#include "crypto/sha1.h"
+#include "crypto/sha256.h"
#include "wps_i.h"
#include "wps_dev_attr.h"
return -1;
}
- dh_shared = dh_derive_shared(pubkey, wps->dh_privkey,
- dh_groups_get(WPS_DH_GROUP));
+ wpa_hexdump_buf_key(MSG_DEBUG, "WPS: DH Private Key", wps->dh_privkey);
+ wpa_hexdump_buf(MSG_DEBUG, "WPS: DH peer Public Key", pubkey);
+ dh_shared = dh5_derive_shared(wps->dh_ctx, pubkey, wps->dh_privkey);
+ dh5_free(wps->dh_ctx);
+ wps->dh_ctx = NULL;
dh_shared = wpabuf_zeropad(dh_shared, 192);
if (dh_shared == NULL) {
wpa_printf(MSG_DEBUG, "WPS: Failed to derive DH shared key");
}
-int wps_derive_mgmt_keys(struct wps_data *wps)
-{
- u8 nonces[2 * WPS_NONCE_LEN];
- u8 keys[WPS_MGMTAUTHKEY_LEN + WPS_MGMTENCKEY_LEN];
- u8 hash[SHA256_MAC_LEN];
- const u8 *addr[2];
- size_t len[2];
- const char *auth_label = "WFA-WLAN-Management-MgmtAuthKey";
- const char *enc_label = "WFA-WLAN-Management-MgmtEncKey";
-
- /* MgmtAuthKey || MgmtEncKey =
- * kdf(EMSK, N1 || N2 || "WFA-WLAN-Management-Keys", 384) */
- os_memcpy(nonces, wps->nonce_e, WPS_NONCE_LEN);
- os_memcpy(nonces + WPS_NONCE_LEN, wps->nonce_r, WPS_NONCE_LEN);
- wps_kdf(wps->emsk, nonces, sizeof(nonces), "WFA-WLAN-Management-Keys",
- keys, sizeof(keys));
- os_memcpy(wps->mgmt_auth_key, keys, WPS_MGMTAUTHKEY_LEN);
- os_memcpy(wps->mgmt_enc_key, keys + WPS_MGMTAUTHKEY_LEN,
- WPS_MGMTENCKEY_LEN);
-
- addr[0] = nonces;
- len[0] = sizeof(nonces);
-
- /* MgmtEncKeyID = first 128 bits of
- * SHA-256(N1 || N2 || "WFA-WLAN-Management-MgmtAuthKey") */
- addr[1] = (const u8 *) auth_label;
- len[1] = os_strlen(auth_label);
- sha256_vector(2, addr, len, hash);
- os_memcpy(wps->mgmt_auth_key_id, hash, WPS_MGMT_KEY_ID_LEN);
-
- /* MgmtEncKeyID = first 128 bits of
- * SHA-256(N1 || N2 || "WFA-WLAN-Management-MgmtEncKey") */
- addr[1] = (const u8 *) enc_label;
- len[1] = os_strlen(enc_label);
- sha256_vector(2, addr, len, hash);
- os_memcpy(wps->mgmt_enc_key_id, hash, WPS_MGMT_KEY_ID_LEN);
-
- wpa_hexdump_key(MSG_DEBUG, "WPS: MgmtAuthKey",
- wps->mgmt_auth_key, WPS_MGMTAUTHKEY_LEN);
- wpa_hexdump(MSG_DEBUG, "WPS: MgmtAuthKeyID",
- wps->mgmt_auth_key_id, WPS_MGMT_KEY_ID_LEN);
- wpa_hexdump_key(MSG_DEBUG, "WPS: MgmtEncKey",
- wps->mgmt_enc_key, WPS_MGMTENCKEY_LEN);
- wpa_hexdump(MSG_DEBUG, "WPS: MgmtEncKeyID",
- wps->mgmt_enc_key_id, WPS_MGMT_KEY_ID_LEN);
-
- return 0;
-}
-
-
void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
size_t dev_passwd_len)
{
}
-void wps_fail_event(struct wps_context *wps, enum wps_msg_type msg)
+void wps_fail_event(struct wps_context *wps, enum wps_msg_type msg,
+ u16 config_error)
{
union wps_event_data data;
os_memset(&data, 0, sizeof(data));
data.fail.msg = msg;
+ data.fail.config_error = config_error;
wps->event_cb(wps->cb_ctx, WPS_EV_FAIL, &data);
}
}
+void wps_pbc_overlap_event(struct wps_context *wps)
+{
+ if (wps->event_cb == NULL)
+ return;
+
+ wps->event_cb(wps->cb_ctx, WPS_EV_PBC_OVERLAP, NULL);
+}
+
+
+void wps_pbc_timeout_event(struct wps_context *wps)
+{
+ if (wps->event_cb == NULL)
+ return;
+
+ wps->event_cb(wps->cb_ctx, WPS_EV_PBC_TIMEOUT, NULL);
+}
+
+
+#ifdef CONFIG_WPS_OOB
+
static struct wpabuf * wps_get_oob_cred(struct wps_context *wps)
{
struct wps_data data;
data.wps = wps;
data.auth_type = wps->auth_types;
data.encr_type = wps->encr_types;
- if (wps_build_version(plain) || wps_build_cred(&data, plain)) {
+ if (wps_build_version(plain) ||
+ wps_build_cred(&data, plain) ||
+ wps_build_wfa_ext(plain, 0, NULL, 0)) {
wpabuf_free(plain);
return NULL;
}
}
if (wps_build_version(data) ||
- wps_build_oob_dev_password(data, wps)) {
+ wps_build_oob_dev_password(data, wps) ||
+ wps_build_wfa_ext(data, 0, NULL, 0)) {
wpa_printf(MSG_ERROR, "WPS: Build OOB device password "
"attribute error");
wpabuf_free(data);
}
-int wps_process_oob(struct wps_context *wps, int registrar)
+int wps_process_oob(struct wps_context *wps, struct oob_device_data *oob_dev,
+ int registrar)
{
- struct oob_device_data *oob_dev = wps->oob_dev;
struct wpabuf *data;
int ret, write_f, oob_method = wps->oob_conf.oob_method;
void *oob_priv;
write_f = oob_method == OOB_METHOD_DEV_PWD_E ? !registrar : registrar;
- oob_priv = oob_dev->init_func(wps, registrar);
+ oob_priv = oob_dev->init_func(wps, oob_dev, registrar);
if (oob_priv == NULL) {
wpa_printf(MSG_ERROR, "WPS: Failed to initialize OOB device");
return -1;
data = wps_get_oob_dev_pwd(wps);
ret = 0;
- if (data == NULL ||
- wps->oob_dev->write_func(oob_priv, data) < 0)
+ if (data == NULL || oob_dev->write_func(oob_priv, data) < 0)
ret = -1;
} else {
data = oob_dev->read_func(oob_priv);
- if (data == NULL) {
- oob_dev->deinit_func(oob_priv);
- return -1;
+ if (data == NULL)
+ ret = -1;
+ else {
+ if (oob_method == OOB_METHOD_CRED)
+ ret = wps_parse_oob_cred(wps, data);
+ else
+ ret = wps_parse_oob_dev_pwd(wps, data);
}
-
- if (oob_method == OOB_METHOD_CRED)
- ret = wps_parse_oob_cred(wps, data);
- else
- ret = wps_parse_oob_dev_pwd(wps, data);
}
wpabuf_free(data);
+ oob_dev->deinit_func(oob_priv);
+
if (ret < 0) {
wpa_printf(MSG_ERROR, "WPS: Failed to process OOB data");
- oob_dev->deinit_func(oob_priv);
return -1;
}
- oob_dev->deinit_func(oob_priv);
-
return 0;
}
if (os_strstr(device_type, "ufd") != NULL)
return &oob_ufd_device_data;
#endif /* CONFIG_WPS_UFD */
+#ifdef CONFIG_WPS_NFC
+ if (os_strstr(device_type, "nfc") != NULL)
+ return &oob_nfc_device_data;
+#endif /* CONFIG_WPS_NFC */
return NULL;
}
+#ifdef CONFIG_WPS_NFC
+struct oob_nfc_device_data * wps_get_oob_nfc_device(char *device_name)
+{
+ if (device_name == NULL)
+ return NULL;
+#ifdef CONFIG_WPS_NFC_PN531
+ if (os_strstr(device_name, "pn531") != NULL)
+ return &oob_nfc_pn531_device_data;
+#endif /* CONFIG_WPS_NFC_PN531 */
+
+ return NULL;
+}
+#endif /* CONFIG_WPS_NFC */
+
+
int wps_get_oob_method(char *method)
{
if (os_strstr(method, "pin-e") != NULL)
return OOB_METHOD_CRED;
return OOB_METHOD_UNKNOWN;
}
+
+#endif /* CONFIG_WPS_OOB */
+
+
+int wps_dev_type_str2bin(const char *str, u8 dev_type[WPS_DEV_TYPE_LEN])
+{
+ const char *pos;
+
+ /* <categ>-<OUI>-<subcateg> */
+ WPA_PUT_BE16(dev_type, atoi(str));
+ pos = os_strchr(str, '-');
+ if (pos == NULL)
+ return -1;
+ pos++;
+ if (hexstr2bin(pos, &dev_type[2], 4))
+ return -1;
+ pos = os_strchr(pos, '-');
+ if (pos == NULL)
+ return -1;
+ pos++;
+ WPA_PUT_BE16(&dev_type[6], atoi(pos));
+
+
+ return 0;
+}
+
+
+char * wps_dev_type_bin2str(const u8 dev_type[WPS_DEV_TYPE_LEN], char *buf,
+ size_t buf_len)
+{
+ int ret;
+
+ ret = os_snprintf(buf, buf_len, "%u-%08X-%u",
+ WPA_GET_BE16(dev_type), WPA_GET_BE32(&dev_type[2]),
+ WPA_GET_BE16(&dev_type[6]));
+ if (ret < 0 || (unsigned int) ret >= buf_len)
+ return NULL;
+
+ return buf;
+}
+
+
+void uuid_gen_mac_addr(const u8 *mac_addr, u8 *uuid)
+{
+ const u8 *addr[2];
+ size_t len[2];
+ u8 hash[SHA1_MAC_LEN];
+ u8 nsid[16] = {
+ 0x52, 0x64, 0x80, 0xf8,
+ 0xc9, 0x9b,
+ 0x4b, 0xe5,
+ 0xa6, 0x55,
+ 0x58, 0xed, 0x5f, 0x5d, 0x60, 0x84
+ };
+
+ addr[0] = nsid;
+ len[0] = sizeof(nsid);
+ addr[1] = mac_addr;
+ len[1] = 6;
+ sha1_vector(2, addr, len, hash);
+ os_memcpy(uuid, hash, 16);
+
+ /* Version: 5 = named-based version using SHA-1 */
+ uuid[6] = (5 << 4) | (uuid[6] & 0x0f);
+
+ /* Variant specified in RFC 4122 */
+ uuid[8] = 0x80 | (uuid[8] & 0x3f);
+}
+
+
+u16 wps_config_methods_str2bin(const char *str)
+{
+ u16 methods = 0;
+
+ if (str == NULL) {
+ /* Default to enabling methods based on build configuration */
+ methods |= WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD;
+#ifdef CONFIG_WPS2
+ methods |= WPS_CONFIG_VIRT_DISPLAY;
+#endif /* CONFIG_WPS2 */
+#ifdef CONFIG_WPS_UFD
+ methods |= WPS_CONFIG_USBA;
+#endif /* CONFIG_WPS_UFD */
+#ifdef CONFIG_WPS_NFC
+ methods |= WPS_CONFIG_NFC_INTERFACE;
+#endif /* CONFIG_WPS_NFC */
+ } else {
+ if (os_strstr(str, "usba"))
+ methods |= WPS_CONFIG_USBA;
+ if (os_strstr(str, "ethernet"))
+ methods |= WPS_CONFIG_ETHERNET;
+ if (os_strstr(str, "label"))
+ methods |= WPS_CONFIG_LABEL;
+ if (os_strstr(str, "display"))
+ methods |= WPS_CONFIG_DISPLAY;
+ if (os_strstr(str, "ext_nfc_token"))
+ methods |= WPS_CONFIG_EXT_NFC_TOKEN;
+ if (os_strstr(str, "int_nfc_token"))
+ methods |= WPS_CONFIG_INT_NFC_TOKEN;
+ if (os_strstr(str, "nfc_interface"))
+ methods |= WPS_CONFIG_NFC_INTERFACE;
+ if (os_strstr(str, "push_button"))
+ methods |= WPS_CONFIG_PUSHBUTTON;
+ if (os_strstr(str, "keypad"))
+ methods |= WPS_CONFIG_KEYPAD;
+#ifdef CONFIG_WPS2
+ if (os_strstr(str, "virtual_display"))
+ methods |= WPS_CONFIG_VIRT_DISPLAY;
+ if (os_strstr(str, "physical_display"))
+ methods |= WPS_CONFIG_PHY_DISPLAY;
+ if (os_strstr(str, "virtual_push_button"))
+ methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
+ if (os_strstr(str, "physical_push_button"))
+ methods |= WPS_CONFIG_PHY_PUSHBUTTON;
+#endif /* CONFIG_WPS2 */
+ }
+
+ return methods;
+}