int sel_reg_dev_password_id_override;
int sel_reg_config_methods_override;
int static_wep_only;
+ int dualband;
struct wps_registrar_device *devices;
const u8 *addr)
{
int i;
+ wpa_printf(MSG_DEBUG, "WPS: Add authorized MAC " MACSTR,
+ MAC2STR(addr));
for (i = 0; i < WPS_MAX_AUTHORIZED_MACS; i++)
- if (os_memcmp(reg->authorized_macs[i], addr, ETH_ALEN) == 0)
+ if (os_memcmp(reg->authorized_macs[i], addr, ETH_ALEN) == 0) {
+ wpa_printf(MSG_DEBUG, "WPS: Authorized MAC was "
+ "already in the list");
return; /* already in list */
+ }
for (i = WPS_MAX_AUTHORIZED_MACS - 1; i > 0; i--)
os_memcpy(reg->authorized_macs[i], reg->authorized_macs[i - 1],
ETH_ALEN);
os_memcpy(reg->authorized_macs[0], addr, ETH_ALEN);
+ wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs",
+ (u8 *) reg->authorized_macs, sizeof(reg->authorized_macs));
}
const u8 *addr)
{
int i;
+ wpa_printf(MSG_DEBUG, "WPS: Remove authorized MAC " MACSTR,
+ MAC2STR(addr));
for (i = 0; i < WPS_MAX_AUTHORIZED_MACS; i++) {
if (os_memcmp(reg->authorized_macs, addr, ETH_ALEN) == 0)
break;
}
- if (i == WPS_MAX_AUTHORIZED_MACS)
+ if (i == WPS_MAX_AUTHORIZED_MACS) {
+ wpa_printf(MSG_DEBUG, "WPS: Authorized MAC was not in the "
+ "list");
return; /* not in the list */
+ }
for (; i + 1 < WPS_MAX_AUTHORIZED_MACS; i++)
os_memcpy(reg->authorized_macs[i], reg->authorized_macs[i + 1],
ETH_ALEN);
os_memset(reg->authorized_macs[WPS_MAX_AUTHORIZED_MACS - 1], 0,
ETH_ALEN);
+ wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs",
+ (u8 *) reg->authorized_macs, sizeof(reg->authorized_macs));
}
}
+static int wps_build_sel_pbc_reg_uuid_e(struct wps_registrar *reg,
+ struct wpabuf *msg)
+{
+ u16 id = reg->pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT;
+ if (!reg->sel_reg_union)
+ return 0;
+ if (reg->sel_reg_dev_password_id_override >= 0)
+ id = reg->sel_reg_dev_password_id_override;
+ if (id != DEV_PW_PUSHBUTTON || !reg->dualband)
+ return 0;
+ return wps_build_uuid_e(msg, reg->wps->uuid);
+}
+
+
static void wps_set_pushbutton(u16 *methods, u16 conf_methods)
{
*methods |= WPS_CONFIG_PUSHBUTTON;
}
-int wps_build_authorized_macs(struct wps_registrar *reg, struct wpabuf *msg)
+const u8 * wps_authorized_macs(struct wps_registrar *reg, size_t *count)
{
-#ifdef CONFIG_WPS2
- int count = 0;
+ *count = 0;
- while (count < WPS_MAX_AUTHORIZED_MACS) {
- if (is_zero_ether_addr(reg->authorized_macs_union[count]))
+#ifdef CONFIG_WPS2
+ while (*count < WPS_MAX_AUTHORIZED_MACS) {
+ if (is_zero_ether_addr(reg->authorized_macs_union[*count]))
break;
- count++;
+ (*count)++;
}
-
- if (count == 0)
- return 0;
-
- wpa_printf(MSG_DEBUG, "WPS: * AuthorizedMACs (count=%d)", count);
- wpabuf_put_be16(msg, ATTR_AUTHORIZED_MACS);
- wpabuf_put_be16(msg, count * ETH_ALEN);
- wpabuf_put_data(msg, reg->authorized_macs_union, count * ETH_ALEN);
#endif /* CONFIG_WPS2 */
- return 0;
+ return (const u8 *) reg->authorized_macs_union;
}
reg->sel_reg_dev_password_id_override = -1;
reg->sel_reg_config_methods_override = -1;
reg->static_wep_only = cfg->static_wep_only;
+ reg->dualband = cfg->dualband;
if (wps_set_ie(reg)) {
wps_registrar_deinit(reg);
}
+static void wps_registrar_remove_pin(struct wps_registrar *reg,
+ struct wps_uuid_pin *pin)
+{
+ u8 *addr;
+ u8 bcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+
+ if (is_zero_ether_addr(pin->enrollee_addr))
+ addr = bcast;
+ else
+ addr = pin->enrollee_addr;
+ wps_registrar_remove_authorized_mac(reg, addr);
+ wps_remove_pin(pin);
+ wps_registrar_selected_registrar_changed(reg);
+}
+
+
static void wps_registrar_expire_pins(struct wps_registrar *reg)
{
struct wps_uuid_pin *pin, *prev;
{
if ((pin->flags & PIN_EXPIRES) &&
os_time_before(&pin->expiration, &now)) {
- u8 *addr;
- u8 bcast[ETH_ALEN] =
- { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
wpa_hexdump(MSG_DEBUG, "WPS: Expired PIN for UUID",
pin->uuid, WPS_UUID_LEN);
- if (is_zero_ether_addr(pin->enrollee_addr))
- addr = bcast;
- else
- addr = pin->enrollee_addr;
- wps_registrar_remove_authorized_mac(reg, addr);
- wps_remove_pin(pin);
- wps_registrar_selected_registrar_changed(reg);
+ wps_registrar_remove_pin(reg, pin);
+ }
+ }
+}
+
+
+/**
+ * wps_registrar_invalidate_wildcard_pin - Invalidate a wildcard PIN
+ * @reg: Registrar data from wps_registrar_init()
+ * Returns: 0 on success, -1 if not wildcard PIN is enabled
+ */
+static int wps_registrar_invalidate_wildcard_pin(struct wps_registrar *reg)
+{
+ struct wps_uuid_pin *pin, *prev;
+
+ dl_list_for_each_safe(pin, prev, ®->pins, struct wps_uuid_pin, list)
+ {
+ if (pin->wildcard_uuid) {
+ wpa_hexdump(MSG_DEBUG, "WPS: Invalidated PIN for UUID",
+ pin->uuid, WPS_UUID_LEN);
+ wps_registrar_remove_pin(reg, pin);
+ return 0;
}
}
+
+ return -1;
}
dl_list_for_each_safe(pin, prev, ®->pins, struct wps_uuid_pin, list)
{
if (os_memcmp(pin->uuid, uuid, WPS_UUID_LEN) == 0) {
- u8 *addr;
- u8 bcast[ETH_ALEN] =
- { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
wpa_hexdump(MSG_DEBUG, "WPS: Invalidated PIN for UUID",
pin->uuid, WPS_UUID_LEN);
- if (is_zero_ether_addr(pin->enrollee_addr))
- addr = bcast;
- else
- addr = pin->enrollee_addr;
- wps_registrar_remove_authorized_mac(reg, addr);
- wps_remove_pin(pin);
- wps_registrar_selected_registrar_changed(reg);
+ wps_registrar_remove_pin(reg, pin);
return 0;
}
}
reg->pbc = 1;
wps_registrar_selected_registrar_changed(reg);
+ eloop_cancel_timeout(wps_registrar_set_selected_timeout, reg, NULL);
eloop_cancel_timeout(wps_registrar_pbc_timeout, reg, NULL);
eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wps_registrar_pbc_timeout,
reg, NULL);
}
+int wps_registrar_wps_cancel(struct wps_registrar *reg)
+{
+ if (reg->pbc) {
+ wpa_printf(MSG_DEBUG, "WPS: PBC is set - cancelling it");
+ wps_registrar_pbc_timeout(reg, NULL);
+ return 1;
+ } else if (reg->selected_registrar) {
+ /* PIN Method */
+ wpa_printf(MSG_DEBUG, "WPS: PIN is set - cancelling it");
+ wps_registrar_pin_completed(reg);
+ wps_registrar_invalidate_wildcard_pin(reg);
+ return 1;
+ }
+ return 0;
+}
+
+
/**
* wps_registrar_probe_req_rx - Notify Registrar of Probe Request
* @reg: Registrar data from wps_registrar_init()
* situation with other WPS APs.
*/
void wps_registrar_probe_req_rx(struct wps_registrar *reg, const u8 *addr,
- const struct wpabuf *wps_data)
+ const struct wpabuf *wps_data,
+ int p2p_wildcard)
{
struct wps_parse_attr attr;
}
if (reg->enrollee_seen_cb && attr.uuid_e &&
- attr.primary_dev_type && attr.request_type) {
+ attr.primary_dev_type && attr.request_type && !p2p_wildcard) {
char *dev_name = NULL;
if (attr.dev_name) {
dev_name = os_zalloc(attr.dev_name_len + 1);
{
struct wpabuf *beacon;
struct wpabuf *probe;
+ const u8 *auth_macs;
+ size_t count;
if (reg->set_ie_cb == NULL)
return 0;
return -1;
}
+ auth_macs = wps_authorized_macs(reg, &count);
+
wpa_printf(MSG_DEBUG, "WPS: Build Beacon IEs");
if (wps_build_version(beacon) ||
wps_build_selected_registrar(reg, beacon) ||
wps_build_sel_reg_dev_password_id(reg, beacon) ||
wps_build_sel_reg_config_methods(reg, beacon) ||
- wps_build_version2(beacon) ||
- wps_build_authorized_macs(reg, beacon)) {
+ wps_build_sel_pbc_reg_uuid_e(reg, beacon) ||
+ (reg->dualband && wps_build_rf_bands(®->wps->dev, beacon)) ||
+ wps_build_wfa_ext(beacon, 0, auth_macs, count)) {
wpabuf_free(beacon);
wpabuf_free(probe);
return -1;
wps_build_device_attrs(®->wps->dev, probe) ||
wps_build_probe_config_methods(reg, probe) ||
wps_build_rf_bands(®->wps->dev, probe) ||
- wps_build_version2(probe) ||
- wps_build_authorized_macs(reg, probe)) {
+ wps_build_wfa_ext(probe, 0, auth_macs, count)) {
wpabuf_free(beacon);
wpabuf_free(probe);
return -1;
}
+#ifdef CONFIG_P2P
+ if (wps_build_dev_name(®->wps->dev, beacon) ||
+ wps_build_primary_dev_type(®->wps->dev, beacon)) {
+ wpabuf_free(beacon);
+ wpabuf_free(probe);
+ return -1;
+ }
+#endif /* CONFIG_P2P */
+
beacon = wps_ie_encapsulate(beacon);
probe = wps_ie_encapsulate(probe);
static int wps_build_cred_network_idx(struct wpabuf *msg,
const struct wps_credential *cred)
{
- wpa_printf(MSG_DEBUG, "WPS: * Network Index");
+ wpa_printf(MSG_DEBUG, "WPS: * Network Index (1)");
wpabuf_put_be16(msg, ATTR_NETWORK_INDEX);
wpabuf_put_be16(msg, 1);
wpabuf_put_u8(msg, 1);
const struct wps_credential *cred)
{
wpa_printf(MSG_DEBUG, "WPS: * SSID");
+ wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID for Credential",
+ cred->ssid, cred->ssid_len);
wpabuf_put_be16(msg, ATTR_SSID);
wpabuf_put_be16(msg, cred->ssid_len);
wpabuf_put_data(msg, cred->ssid, cred->ssid_len);
{
wpa_printf(MSG_DEBUG, "WPS: * Network Key (len=%d)",
(int) cred->key_len);
+ wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
+ cred->key, cred->key_len);
wpabuf_put_be16(msg, ATTR_NETWORK_KEY);
wpabuf_put_be16(msg, cred->key_len);
wpabuf_put_data(msg, cred->key, cred->key_len);
}
use_provided:
-#ifdef CONFIG_WPS_TESTING_EXTRA_CRED
- cred = wpabuf_alloc(200);
+#ifdef CONFIG_WPS_TESTING
+ if (wps_testing_dummy_cred)
+ cred = wpabuf_alloc(200);
+ else
+ cred = NULL;
if (cred) {
struct wps_credential dummy;
wpa_printf(MSG_DEBUG, "WPS: Add dummy credential");
wpabuf_free(cred);
}
-#endif /* CONFIG_WPS_TESTING_EXTRA_CRED */
+#endif /* CONFIG_WPS_TESTING */
cred = wpabuf_alloc(200);
if (cred == NULL)
wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
wps_build_dev_password_id(msg, wps->dev_pw_id) ||
wps_build_os_version(&wps->wps->dev, msg) ||
- wps_build_version2(msg) ||
+ wps_build_wfa_ext(msg, 0, NULL, 0) ||
wps_build_authenticator(wps, msg)) {
wpabuf_free(msg);
return NULL;
wps_build_assoc_state(wps, msg) ||
wps_build_config_error(msg, err) ||
wps_build_os_version(&wps->wps->dev, msg) ||
- wps_build_version2(msg)) {
+ wps_build_wfa_ext(msg, 0, NULL, 0)) {
wpabuf_free(msg);
return NULL;
}
wps_build_r_snonce1(wps, plain) ||
wps_build_key_wrap_auth(wps, plain) ||
wps_build_encr_settings(wps, msg, plain) ||
- wps_build_version2(msg) ||
+ wps_build_wfa_ext(msg, 0, NULL, 0) ||
wps_build_authenticator(wps, msg)) {
wpabuf_free(plain);
wpabuf_free(msg);
wps_build_r_snonce2(wps, plain) ||
wps_build_key_wrap_auth(wps, plain) ||
wps_build_encr_settings(wps, msg, plain) ||
- wps_build_version2(msg) ||
+ wps_build_wfa_ext(msg, 0, NULL, 0) ||
wps_build_authenticator(wps, msg)) {
wpabuf_free(plain);
wpabuf_free(msg);
(!wps->wps->ap && !wps->er && wps_build_ap_settings(wps, plain)) ||
wps_build_key_wrap_auth(wps, plain) ||
wps_build_encr_settings(wps, msg, plain) ||
- wps_build_version2(msg) ||
+ wps_build_wfa_ext(msg, 0, NULL, 0) ||
wps_build_authenticator(wps, msg)) {
wpabuf_free(plain);
wpabuf_free(msg);
wps_build_msg_type(msg, WPS_WSC_ACK) ||
wps_build_enrollee_nonce(wps, msg) ||
wps_build_registrar_nonce(wps, msg) ||
- wps_build_version2(msg)) {
+ wps_build_wfa_ext(msg, 0, NULL, 0)) {
wpabuf_free(msg);
return NULL;
}
wps_build_enrollee_nonce(wps, msg) ||
wps_build_registrar_nonce(wps, msg) ||
wps_build_config_error(msg, wps->config_error) ||
- wps_build_version2(msg)) {
+ wps_build_wfa_ext(msg, 0, NULL, 0)) {
wpabuf_free(msg);
return NULL;
}
return WPS_CONTINUE;
}
- if (wps_validate_m5_encr(decrypted) < 0) {
+ if (wps_validate_m5_encr(decrypted, attr->version2 != NULL) < 0) {
wpabuf_free(decrypted);
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
* Use the AP PIN only to receive the current AP settings, not
* to reconfigure the AP.
*/
+
+ /*
+ * Clear selected registrar here since we do not get to
+ * WSC_Done in this protocol run.
+ */
+ wps_registrar_pin_completed(wps->wps->registrar);
+
if (wps->ap_settings_cb) {
wps->ap_settings_cb(wps->ap_settings_cb_ctx,
&wps->cred);
return WPS_CONTINUE;
}
- if (wps_validate_m7_encr(decrypted, wps->wps->ap || wps->er) < 0) {
+ if (wps_validate_m7_encr(decrypted, wps->wps->ap || wps->er,
+ attr->version2 != NULL) < 0) {
wpabuf_free(decrypted);
wps->state = SEND_WSC_NACK;
return WPS_CONTINUE;
j++) {
if (is_zero_ether_addr(s->authorized_macs[j]))
break;
+ wpa_printf(MSG_DEBUG, "WPS: Add authorized MAC into union: "
+ MACSTR, MAC2STR(s->authorized_macs[j]));
os_memcpy(reg->authorized_macs_union[i],
s->authorized_macs[j], ETH_ALEN);
i++;
}
+ wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs union",
+ (u8 *) reg->authorized_macs_union,
+ sizeof(reg->authorized_macs_union));
}
#endif /* CONFIG_WPS_UPNP */
reg->sel_reg_config_methods_override = -1;
os_memcpy(reg->authorized_macs_union, reg->authorized_macs,
WPS_MAX_AUTHORIZED_MACS * ETH_ALEN);
+ wpa_hexdump(MSG_DEBUG, "WPS: Authorized MACs union (start with own)",
+ (u8 *) reg->authorized_macs_union,
+ sizeof(reg->authorized_macs_union));
if (reg->selected_registrar) {
u16 methods;